pinksawtooth pinksawtooth
pinksawtooth
/ Get-IntegrityLevel.ps1
Created
May 11, 2023 05:54
— forked from jsecurity101/Get-IntegrityLevel.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if (-not ('TokenInformation.ProcessNativeMethods' -as [type])){ | |
| $TypeDef = @' | |
| using System; | |
| using System.Runtime.InteropServices; | |
| namespace TokenInformation { | |
| [Flags] | |
| public enum ProcessAccess { | |
| All = 0x001FFFFF, | |
| Terminate = 0x00000001, |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 84fef099ce23dc8bff13baa279e3ecb66131f255f0e5590c8eee8afb86d51da5 Backdoor.Win64.LILITH.B | |
| 80ffaea12a5ffb502d6ce110e251024e7ac517025bf95daa49e6ea6ddd0c7d5b Trojan.Win32.BROLER.F | |
| 901210a6fb308926bb5b4374aaa0f662dbd235d829068a854606126f276dc2fa TROJ_AVNGR.ZLGI | |
| fb0d86dd4ed621b67dced1665b5db576247a10d43b40752c1236be783ac11049 Trojan.Win32.DLOADR.AUSUPV | |
| cf035b3ddf1072ab414d82b6540ec8d06703d281a2f606d1e42c771d9391dfac HKTL_SCRENCAP.ZYGD | |
| 2411d1810ac1a146a366b109e4c55afe9ef2a297afd04d38bc71589ce8d9aee3 Trojan.Win32.DOWNNW.AA | |
| 5e4a190f8f4fc8800cf348cdc0e1ddc674215b02d1ef9b9a9e12605a3e0315cf Backdoor.Win64.LILITH.B | |
| 7924cb540d8fd0bcad6207e9386f60b1b1091a2ced52c127cac1a0f5465b42df Backdoor.Win32.LILITH.A | |
| 1fdd9bd494776e72837b76da13021ad4c1b3a47c8a49ca06b41dab0982a47c7e TrojanSpy.Win32.BROLER.A | |
| f3ff180ec14ddcd38f438ea3a968c1558d5eabac596fb920d2eddd043c5a4122 Backdoor.Win32.LILITH.A |
pinksawtooth
/ sub_401090.c
Created
May 20, 2019 06:01
sub_401090@<eax>(const char *a1@<ecx>, _DWORD *a2@<edi>)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| int __usercall sub_401090@<eax>(const char *a1@<ecx>, _DWORD *a2@<edi>) | |
| { | |
| const char *v2; // esi | |
| int v3; // edx | |
| signed int v4; // esi | |
| unsigned int v5; // eax | |
| double v6; // st7 | |
| double v7; // st7 | |
| void *v8; // eax | |
| void *v9; // ebx |
pinksawtooth
/ ameday_functions.txt
Created
April 28, 2019 02:04
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| _Z10aBypassUACv | |
| _Z10aCharToIntPc | |
| _Z10aGetOsArchv | |
| _Z10aIntToChari | |
| _Z11aAutoRunSetPc | |
| _Z11aCheckAdminv | |
| _Z11aCreateFilePc | |
| _Z11aFileExistsPKc | |
| _Z11aGetTempDirv | |
| _Z11aProcessDllPcS_ |
pinksawtooth
/ 2019-03-12-TrickBot_string_decode.txt
Last active
March 13, 2019 01:13
https://app.any.run/tasks/e4580ead-ea0e-47f2-8c68-d394e9870414
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| checkip.amazonaws.com | |
| ipecho.net | |
| ipinfo.io | |
| api.ipify.org | |
| icanhazip.com | |
| myexternalip.com | |
| wtfismyip.com | |
| ip.anysrc.net | |
| api.ipify.org | |
| api.ip.sb |
pinksawtooth
/ GlobeImposter_pptx_READ_ME.txt
Created
November 12, 2018 15:07
GlobeImposter_pptx_READ_ME.txt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Your files are Encrypted! | |
| For data recovery needs decryptor. | |
| How to buy decryptor: | |
| 1. Download "Tor Browser" from https://www.torproject.org/ and install it. | |
| 2. Open this link In the "Tor Browser" | |
| http://huhighwfn4jihtlz.onion/sdlsgdewwbhr |
pinksawtooth
/ Nocturnal_Stealer_information.txt
Last active
November 12, 2018 14:36
Nocturnal_Stealer_information.txt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Date: Sat Nov 10 14:59:11 2018 | |
| MachineID: 90059c37-1320-41a4-b58d-2b75a9850d2f | |
| GUID: {e29ac6c0-7037-11de-816d-806e6f6e6963} | |
| Path: C:\Users\admin\AppData\Local\Temp\2018-11-10_23-45-01.exe | |
| Work Dir: C:\ProgramData\BEJ9QK4EIV6EK30NDC91 | |
| Windows: Windows 7 Professional [x86] | |
| Computer Name: PC | |
| User Name: admin |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import struct | |
| key="APyfhCxJ" | |
| decoded_payload=b"" | |
| with open("encoded_payload.bin", 'rb') as f: | |
| encoded_payload = f.read() | |
| for i in range(len(encoded_payload)): | |
| decoded_payload+=struct.pack('B',(encoded_payload[i] ^ ord(key[i%len(key)]))) |
pinksawtooth
/ ShellcodeHash.txt
Created
September 1, 2018 06:06
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ShellcodeHashSearcher: 0x00000043: hash_ror13AddUpperDllnameHash32:0x4b6f1152 kernel32.dll!lstrlenA | |
| ShellcodeHashSearcher: 0x00000083: hash_ror13AddUpperDllnameHash32:0x399f1068 kernel32.dll!lstrcatW | |
| ShellcodeHashSearcher: 0x00000091: hash_ror13AddUpperDllnameHash32:0x7e296212 kernel32.dll!CloseHandle | |
| ShellcodeHashSearcher: 0x0000009f: hash_ror13AddUpperDllnameHash32:0x7131fdc3 kernel32.dll!VirtualFree | |
| ShellcodeHashSearcher: 0x000000ad: hash_ror13AddUpperDllnameHash32:0xffdb946b kernel32.dll!VirtualAlloc | |
| ShellcodeHashSearcher: 0x000000bb: hash_ror13AddUpperDllnameHash32:0xe7729032 kernel32.dll!VirtualProtect | |
| ShellcodeHashSearcher: 0x000000c9: hash_ror13AddUpperDllnameHash32:0x5a3a18a5 kernel32.dll!LoadLibraryA | |
| ShellcodeHashSearcher: 0x000000d9: hash_ror13AddUpperDllnameHash32:0x415e131b kernel32.dll!GetModuleHandleA | |
| ShellcodeHashSearcher: 0x000000e7: hash_ror13AddUpperDllnameHash32:0xea39c6c1 kernel32.dll!GetProcAddress | |
| ShellcodeHashSearcher: 0x000000f5: hash_ror13AddUpperDllnameHash32:0x163ab6c5 kernel32.dll |
pinksawtooth
/ ror13AddUpperDllnameHash32.go
Created
September 1, 2018 05:51
ror13AddUpperDllnameHash32
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| acc := 0 | |
| dllhash := 0 | |
| for i in dllname { | |
| dllhash := ROR(acc, 13); | |
| dllhash := dllhash + toupper(c); | |
| } | |
| for i in input_string { | |
| acc := ROR(acc, 13); | |
| acc := acc + toupper(c); | |
| } |
NewerOlder