Skip to content

Instantly share code, notes, and snippets.

View lazydaemon's full-sized avatar

Robert Giczewski lazydaemon

7 followers · 0 following
  • Germany
View GitHub Profile
@lazydaemon
lazydaemon / str_decrypt.py
Created April 9, 2023 19:58
TA505 Loader & HVNC String Decryption
from malduck.ints import UInt8
def str_decrypt(str_list: list, param: int):
for s in str_list:
x = UInt8(ord(s[1]) - 0x61)
y = UInt8((ord(s[0]) - 1) << 4)
z = x | y
i = 3
result = ''
@lazydaemon
lazydaemon / keybase.md
Created December 23, 2020 10:12

Keybase proof

I hereby claim:

  • I am lazydaemon on github.
  • I am rgiczewski (https://keybase.io/rgiczewski) on keybase.
  • I have a public key ASDjQR0iK38cTX_JahZKS2qaMUY8ZvIx6FIkndT2dIk9hwo

To claim this, I am signing this object:

@lazydaemon
lazydaemon / deob_final.vbs
Last active November 25, 2020 14:24
deobfuscated_final
Function VQxeeK()
qufoW = ((67 + 60.0) - (129 - (65 + (-63.0))))
Josephus460 = (((61 + 1717.0) - 777.0) - (55 + (-54.0)))
Do While qufoW < (((43 + 5.0) - (102 - 100.0)) + 99999954.0)
If (qufoW = ((100000006 - (72 + (-69.0))) - (98 + (-95.0))))
Then
WScript.Quit
End If
If (qufoW = ((((211 - 170.0) + 5002526.0) - 2489.0) - 78.0)) Then
@lazydaemon
lazydaemon / gist:d2030a6ef6083dcdc87248822594c255
Created November 19, 2020 09:52
4ee11bd54d2f1dc61467de3f71bb6b9f01bfdd35df8fe586fa556f2383c96b21
<mcconf>
<ver>100003</ver>
<gtag>rob6</gtag>
<servs>
<srv>102.164.206.129:449</srv>
<srv>103.131.156.21:449</srv>
<srv>103.131.157.102:449</srv>
<srv>103.131.157.161:449</srv>
<srva>24.122.127.151:1190</srva>