alpha2 shellcode解密的vbs脚本

author:lcx
from:http://hi.baidu.com/myvbscript/blog/item/bf7ce603b9a3e8733812bb44.html
说明：只针对alpha2的TYIIIIIIIIIIIIIIII这样的加密来解密，没有做更多的容错处理，只是解出下载url的exe地址。一般情况下该url的加密字符串是RHptd4之后的字符（去掉最后4个字符）。
Dim enTmp,enstr,a,bb
enstr=Str2Hex("RHptd4RPFZVOdoVQTrvWTnTp4n6PVN6QTop1tnau1hsU")
For i = 1 To Len(enStr) step 6
  enTmp =Array(Mid(enStr,i,6)&"00")
  sz =Split(enTmp(0), ",", -1, 1)
a= right(sz(0), 1) Xor left(sz(1), 1)
bb=bb& a&right(sz(1), 1)
Next
 
Function Str2Hex(ByVal strHex)
Dim sHex
For i = 1 To Len(strHex) step 1
sHex = sHex & Hex(Asc(Mid(strHex,i,1)))&","
Next
Str2Hex = sHex
End Function
Function Hex2Str(hexStr)
Dim sstr,hextmp
For i = 1 To Len(hexStr) step 2
  hexTmp = Mid(hexStr,i,2)
  If hexTmp <> "00" Then
   sstr = sstr & ChrW("&h" & hexTmp)
  End If
Next
Hex2Str = sstr
End Function
wscript.echo Hex2Str(bb)

补充：综合编程 , 安全编程 ,

上一个：SC添加IPSEC Services服务
下一个：编程制作管理员登陆报警器