This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"fmt" | |
"syscall" | |
"unsafe" | |
) | |
var ( | |
peSieveDll = syscall.NewLazyDLL("pe-sieve64.dll") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <iostream> | |
#include <Windows.h> | |
#pragma comment(lib,"LZ32.lib") | |
bool decompress(LPSTR infile, LPSTR outfile) | |
{ | |
INT hin, hout = 0; | |
OFSTRUCT ofin = { 0 }; | |
OFSTRUCT ofout = { 0 }; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rem USE AT OWN RISK AS IS WITHOUT WARRANTY OF ANY KIND !!!!! | |
rem https://technet.microsoft.com/en-us/itpro/powershell/windows/defender/set-mppreference | |
rem To also disable Windows Defender Security Center include this | |
rem reg add "HKLM\System\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f | |
rem 1 - Disable Real-time protection | |
reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f | |
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f | |
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f | |
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f | |
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
import sys, os, subprocess | |
import pefile | |
from pathlib import Path | |
def mal_unp_res_to_str(returncode): | |
if returncode == (-1): | |
return "ERROR" | |
if returncode == 0: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<mcconf> | |
<ver>1000028</ver> | |
<gtag>mac1</gtag> | |
<servs> | |
<srv>186.103.161.204:443</srv> | |
<srv>163.53.206.187:443</srv> | |
<srv>191.7.30.30:443</srv> | |
<srv>46.160.165.31:443</srv> | |
<srv>93.99.68.140:443</srv> | |
<srv>190.34.158.250:443</srv> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
void TestCopy() | |
{ | |
BOOL cond = FALSE; | |
IFileOperation *FileOperation1 = NULL; | |
IShellItem *isrc = NULL, *idst = NULL; | |
BIND_OPTS3 bop; | |
SHELLEXECUTEINFOW shexec; | |
HRESULT r; | |
do { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <windows.h> | |
#include "peconv.h" | |
/* | |
Requires a path to the original trick bot module: 0a7da84873f2a4fe0fcc58c88bbbe39d | |
*/ | |
#define OFFSET_DECODE_LIST 0x10ab0 //decode_from_the_list |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python3 | |
__author__ = 'Francisco Santos' | |
# URL: https://code.activestate.com/recipes/491264-mini-fake-dns-server/ | |
import socket | |
class DNSQuery: | |
def __init__(self, data): | |
self.data=data |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
71941;kernel32.LoadLibraryA | |
Arg[0] = ptr 0x000000d19111f670 -> "kernel32.dll" | |
cdb3d;kernel32.GetModuleFileNameW | |
cdb3d;kernel32.CreateFileW | |
Arg[0] = ptr 0x000000d19111f280 -> L"C:\Users\tester\Desktop\winupdate64.dll" | |
Arg[1] = 0x0000000080000000 = 2147483648 | |
Arg[2] = 0x0000000000000003 = 3 | |
Arg[3] = 0 | |
Arg[4] = 0x0000000000000003 = 3 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Windows Registry Editor Version 5.00 | |
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] | |
"LoadAppInit_DLLs"=dword:00000001 | |
"AppInit_DLLs"="C:\\dlls\\demo64.dll" | |
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows] | |
"LoadAppInit_DLLs"=dword:00000001 | |
"AppInit_DLLs"="C:\\dlls\\demo32.dll" |