API tools faq
paste
Advertisement
MalwareMustDie

#MalwareMustDie - JDB Exploit Kit - Nayrabot IRC Malware Pld

MalwareMustDie
Feb 1st, 2013
1,486
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.16 KB | None | 0 0
raw download clone embed print report
  1. ================================
  2. # MalwareMustDie!
  3. Case: JDB Exploit Kit Dropped
  4. A Nayrabot IRC Malware with:
  5. 1) USB worm autorunner;
  6. 2) UDP flood;
  7. 3) Bot Killer;
  8. 4) Downloader;
  9. 5) Can update itself.
  10. ================================
  11. 0x00004D !This program cannot be run in DOS mode.
  12. 0x0001C8 .data
  13. 0x0001F0 .idata
  14. 0x000218 .rsrc
  15. 0x00023F @.reloc
  16. 0x000768 Botkiller
  17. 0x000774 Successfully Killed And Removed Malicious File: "%s"
  18. 0x000800 Usage: %s IP PORT DELAY LENGTH
  19. 0x000828 Failed To Start Thread: "%d"
  20. 0x00084C Failed: Mis Parameter
  21. 0x000868 WinINet
  22. 0x000874 Failed: "%d"
  23. 0x000884 Visit
  24. 0x00088C Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
  25. 0x0008D4 Filed To Visit: "%s"
  26. 0x0008F0 Successfully Visited: "%s"
  27. 0x000920 %s #%s
  28. 0x00092C %s %s
  29. 0x000940 Terminated WGet Thread
  30. 0x000964 Running From: "%s"
  31. 0x00097C [%s][%s] - "%s"
  32. 0x000990 hh':'mm':'ss
  33. 0x0009E8 {%s}: %s
  34. 0x000A18 Update Complete, Uninstalling
  35. 0x000A3C Successfully Executed Process: "%s"
  36. 0x000A68 Failed To Create Process: "%s", Reason: "%d"
  37. 0x000AA0 Successfully Replaced AryaN File With Newly Download File, Update Will Take Affect On Next Reboot
  38. 0x000B48 Successfully Downloaded File To: "%s"
  39. 0x000B78 Downloading File: "%s"
  40. 0x000B94 Download
  41. 0x000C40 IsWow64Process
  42. 0x000C84 h00p://api.wipmania.com/
  43. 0x0013D4 PRIVMSG
  44. 0x00145C Config
  45. 0x001464 Failed to load config
  46. 0x00152C AryaN{%s-%s-x%d}%s
  47. 0x001544 New{%s-%s-x%d}%s
  48. 0x001558 %s "" "%s" :%s
  49. 0x00156C %s %s
  50. 0x001574 %s %s :[AryaN]: %s
  51. 0x001590 %s %s %s
  52. 0x0015A4 Finished Flooding "%s:%d"
  53. 0x0015C4 Terminated UDP Flood Thread
  54. 0x0015E8 %d%d%d%d%d%d%d%d
  55. 0x001600 Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
  56. 0x0017A4 LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
  57. 0x0019B4 AutoRun Infected Removable Device: "%s\"
  58. 0x001C57 4 RAS_e
  59. 0x001C77 4 RAS
  60. 0x001EC9 z)ze'
  61. 0x00217D /4*&{
  62. 0x00219D O(hHj
  63. 0x002FBB OWShX
  64. 0x003213 D$0Pht
  65. 0x0038DA SSPhZ
  66. 0x003FB9 j[YPSSh
  67. 0x004026 SSSSh
  68. 0x00405F t)SSj
  69. 0x004609 Yt3Pj
  70. 0x004702 QQSVj
  71. 0x0049C9 Yt}Vh
  72. 0x0049FA tF@Pj
  73. 0x004B20 SUVWh
  74. 0x004C22 VVVVh
  75. 0x004C3C SVVVVh
  76. 0x004D27 tDVWWh$
  77. 0x004EF9 tUWSV
  78. 0x004F31 WWWPWW
  79. 0x005033 +Y4;YPw2
  80. 0x0050B0 Yt8Pj
  81. 0x005314 SUVWh
  82. 0x005498 QSUVWj
  83. 0x0057A7 YYVVVhx
  84. 0x005899 VVVhF
  85. 0x005A50 UUUVUU
  86. 0x005B0F PVVj(WVVV
  87. 0x005D20 VPVh?
  88. 0x005E30 VPVh?
  89. 0x005F14 QSVW3
  90. 0x006020 YtPhL
  91. 0x006131 VVVhY
  92. 0x006235 QQSVWj,
  93. 0x0062F7 VSSSh
  94. 0x00675A PWhD!@
  95. 0x006770 PWh,!@
  96. 0x006814 YPhX!@
  97. 0x0069A2 trSWh,
  98. 0x006D5B Vh@"@
  99. 0x006E8E Rh|5@
  100. 0x0071B2 PVVh%
  101. 0x0075A8 Ph0%@
  102. 0x00848A wcsstr
  103. 0x008494 memset
  104. 0x00849E _snwprintf
  105. 0x0084AC wcscmp
  106. 0x0084BE strncmp
  107. 0x0084C8 strstr
  108. 0x0084D2 _snprintf
  109. 0x0084DE strcmp
  110. 0x0084E8 strncpy
  111. 0x0084FA printf
  112. 0x008504 _vsnprintf
  113. 0x008512 wprintf
  114. 0x00851C _vsnwprintf
  115. 0x00852A srand
  116. 0x008532 strlen
  117. 0x00853C wcstombs
  118. 0x008548 mbstowcs
  119. 0x008554 strcpy
  120. 0x00855E memcpy
  121. 0x008568 _wcsicmp
  122. 0x008574 malloc
  123. 0x008586 wcscpy
  124. 0x008590 realloc
  125. 0x00859A strtok
  126. 0x0085A4 fclose
  127. 0x0085AE fwprintf
  128. 0x0085BA _wfopen
  129. 0x0085C2 MSVCRT.dll
  130. 0x0085D0 HeapFree
  131. 0x0085DC ExpandEnvironmentStringsW
  132. 0x0085F8 HeapAlloc
  133. 0x008604 CloseHandle
  134. 0x008612 Process32NextW
  135. 0x008624 DeleteFileW
  136. 0x008632 MoveFileW
  137. 0x00863E SetFileAttributesW
  138. 0x008654 Sleep
  139. 0x00865C Process32FirstW
  140. 0x00866E CreateToolhelp32Snapshot
  141. 0x00868A lstrlenA
  142. 0x008696 SetThreadPriority
  143. 0x0086AA GetLastError
  144. 0x0086BA CreateThread
  145. 0x0086CA GetLocaleInfoA
  146. 0x0086DC TerminateThread
  147. 0x0086EE GetModuleFileNameA
  148. 0x008704 GetModuleHandleA
  149. 0x008718 GetTimeFormatA
  150. 0x00872A GetTimeFormatW
  151. 0x00873C OutputDebugStringA
  152. 0x008752 OutputDebugStringW
  153. 0x008768 ReleaseMutex
  154. 0x008778 WaitForSingleObject
  155. 0x00878E WriteFile
  156. 0x00879A CreateFileW
  157. 0x0087A8 GetTickCount
  158. 0x0087B8 SetLastError
  159. 0x0087C8 FindNextFileW
  160. 0x0087D8 FindNextFileA
  161. 0x0087E8 OpenProcess
  162. 0x0087F6 GetProcAddress
  163. 0x008808 LoadLibraryW
  164. 0x008818 GetFileAttributesW
  165. 0x00882E GetVersionExA
  166. 0x00883E ReadFile
  167. 0x00884A GetFileSize
  168. 0x008858 CreateMutexW
  169. 0x008868 OpenMutexW
  170. 0x008876 GetProcessHeap
  171. 0x008888 CreateRemoteThread
  172. 0x00889E WriteProcessMemory
  173. 0x0088B4 VirtualProtectEx
  174. 0x0088C8 VirtualAllocEx
  175. 0x0088DA ReadProcessMemory
  176. 0x0088EE GetCurrentProcess
  177. 0x008902 VirtualAlloc
  178. 0x008912 GetCurrentProcessId
  179. 0x008928 LockResource
  180. 0x008938 LoadResource
  181. 0x008948 SizeofResource
  182. 0x00895A FindResourceW
  183. 0x00896A ExitProcess
  184. 0x008978 ExitThread
  185. 0x008986 GetDriveTypeW
  186. 0x008996 GetModuleFileNameW
  187. 0x0089AC GetModuleHandleW
  188. 0x0089C0 SetErrorMode
  189. 0x0089D0 CreateProcessW
  190. 0x0089E2 TerminateProcess
  191. 0x0089F6 lstrlenW
  192. 0x008A02 CreateEventW
  193. 0x008A12 CreateDirectoryW
  194. 0x008A26 CopyFileW
  195. 0x008A32 FindFirstFileW
  196. 0x008A44 GetLogicalDriveStringsW
  197. 0x008A5C KERNEL32.dll
  198. 0x008A6A WS2_32.dll
  199. 0x008A78 PathAppendW
  200. 0x008A84 SHLWAPI.dll
  201. 0x008A92 InternetReadFile
  202. 0x008AA6 InternetOpenUrlA
  203. 0x008ABA InternetCloseHandle
  204. 0x008AD0 InternetOpenW
  205. 0x008ADE WININET.dll
  206. 0x008AEC CoCreateInstance
  207. 0x008B00 CoUninitialize
  208. 0x008B12 CoInitialize
  209. 0x008B20 ole32.dll
  210. 0x008B2C GetModuleFileNameExW
  211. 0x008B42 PSAPI.DLL
  212. 0x008B4E ShellExecuteA
  213. 0x008B5E SHGetFolderPathW
  214. 0x008B70 SHELL32.dll
  215. 0x008B7E RegCloseKey
  216. 0x008B8C RegDeleteValueW
  217. 0x008B9E RegCreateKeyExW
  218. 0x008BB0 RegQueryValueExW
  219. 0x008BC4 RegOpenKeyExW
  220. 0x008BD4 RegSetValueExW
  221. 0x008BE6 RegNotifyChangeKeyValue
  222. 0x008C00 GetUserNameW
  223. 0x008C0E ADVAPI32.dll
  224. 0x008E88 vnKA7LAG9gOBFXnAYVnhjJUrmhdgXrPA
  225. 0x008EC7 lixay~d
  226. 0x008ECF n#cb d}#b
  227. 0x008EE5 .~|xd
  228. 0x008EF9 nxcy~
  229. 0x008F0A ?>9dbg>9db;fazf>
  230. 0x008F1D Zdcxi}
  231. 0x008F3A {d~dy
  232. 0x008F4D hnbcchny
  233. 0x008F56 ibzcabli
  234. 0x008F5F ibzcabli~yb}
  235. 0x008F6C obyfdaa
  236. 0x008F74 xi}kabbi
  237. 0x008F7D xi}kabbi~yb}
  238. 0x008F8A PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPAD
  239. 0x00071D %userprofile%
  240. 0x000740 %appdata%
  241. 0x000758 %temp%
  242. 0x0007B4 %s\removethis_%d%d%d.exe
  243. 0x0009C8 hh':'mm':'ss
  244. 0x0009F4 {%s}: %s
  245. 0x000B18 %temp%\oldfile.exe
  246. 0x000BA0 Mozilla/5.0 (compatible)
  247. 0x000BDC %s\%d%d%d.exe
  248. 0x000C00 explorer.exe
  249. 0x000C20 Kernel32.dll
  250. 0x000C60 %s-deadlock
  251. 0x000CA4 %s\SysWOW64
  252. 0x001170 advapi32.dll
  253. 0x001190 comsupp.dll
  254. 0x0011AC shell32.dll
  255. 0x0011C8 wininet.dll
  256. 0x0011E4 shlwapi.dll
  257. 0x001200 dnsapi.dll
  258. 0x00121C user32.dll
  259. 0x001238 ws2_32.dll
  260. 0x001254 psapi.dll
  261. 0x00126C Ole32.dll
  262. 0x001284 kernel32.dll
  263. 0x0012A4 msvcrt.dll
  264. 0x0012C0 dwm.exe
  265. 0x0012D4 alg.exe
  266. 0x0012E8 csrss.exe
  267. 0x001300 SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  268. 0x001370 %s-readfile
  269. 0x001448 cmd.exe
  270. 0x0014BC Software\Microsoft\Windows\CurrentVersion\Run
  271. 0x001640 %temp%\deletethis.exe
  272. 0x001674 Removable_Drive.exe
  273. 0x0016BC %s\{%s-%s}
  274. 0x0016D8 /k "%s" Open %s
  275. 0x001700 %windir%\System32\cmd.exe
  276. 0x001740 %s\Removable_Drive.exe
  277. 0x001778 %s\%s
  278. 0x001788 %s\%s.lnk
  279. 0x001990 %s\autorun.inf
  280. 0x00004D !This program cannot be run in DOS mode.
  281. 0x0001C8 .data
  282. 0x0001F0 .idata
  283. 0x000218 .rsrc
  284. 0x00023F @.reloc
  285. 0x000768 Botkiller
  286. 0x000774 Successfully Killed And Removed Malicious File: "%s"
  287. 0x000800 Usage: %s IP PORT DELAY LENGTH
  288. 0x000828 Failed To Start Thread: "%d"
  289. 0x00084C Failed: Mis Parameter
  290. 0x000868 WinINet
  291. 0x000874 Failed: "%d"
  292. 0x000884 Visit
  293. 0x00088C Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
  294. 0x0008D4 Filed To Visit: "%s"
  295. 0x0008F0 Successfully Visited: "%s"
  296. 0x000920 %s #%s
  297. 0x00092C %s %s
  298. 0x000940 Terminated WGet Thread
  299. 0x000964 Running From: "%s"
  300. 0x00097C [%s][%s] - "%s"
  301. 0x000990 hh':'mm':'ss
  302. 0x0009E8 {%s}: %s
  303. 0x000A18 Update Complete, Uninstalling
  304. 0x000A3C Successfully Executed Process: "%s"
  305. 0x000A68 Failed To Create Process: "%s", Reason: "%d"
  306. 0x000AA0 Successfully Replaced AryaN File With Newly Download File, Update Will Take Affect On Next Reboot
  307. 0x000B48 Successfully Downloaded File To: "%s"
  308. 0x000B78 Downloading File: "%s"
  309. 0x000B94 Download
  310. 0x000C40 IsWow64Process
  311. 0x000C84 http://api.wipmania.com/
  312. 0x0013D4 PRIVMSG
  313. 0x00145C Config
  314. 0x001464 Failed to load config
  315. 0x00152C AryaN{%s-%s-x%d}%s
  316. 0x001544 New{%s-%s-x%d}%s
  317.  
  318. 0x001558 %s "" "%s" :%s
  319. 0x00156C %s %s
  320. 0x001574 %s %s :[AryaN]: %s
  321. 0x001590 %s %s %s
  322. 0x0015A4 Finished Flooding "%s:%d"
  323. 0x0015C4 Terminated UDP Flood Thread
  324. 0x0015E8 %d%d%d%d%d%d%d%d
  325. 0x001600 Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
  326. 0x0017A4 LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
  327. 0x0019B4 AutoRun Infected Removable Device: "%s\"
  328. 0x001C57 4 RAS_e
  329. 0x001C77 4 RAS
  330. 0x001EC9 z)ze'
  331. 0x00217D /4*&{
  332. 0x00219D O(hHj
  333. 0x002FBB OWShX
  334. 0x003213 D$0Pht
  335. 0x0038DA SSPhZ
  336. 0x003FB9 j[YPSSh
  337. 0x004026 SSSSh
  338. 0x00405F t)SSj
  339. 0x004609 Yt3Pj
  340. 0x004702 QQSVj
  341. 0x0049C9 Yt}Vh
  342. 0x0049FA tF@Pj
  343. 0x004B20 SUVWh
  344. 0x004C22 VVVVh
  345. 0x004C3C SVVVVh
  346. 0x004D27 tDVWWh$
  347. 0x004EF9 tUWSV
  348. 0x004F31 WWWPWW
  349. 0x005033 +Y4;YPw2
  350. 0x0050B0 Yt8Pj
  351. 0x005314 SUVWh
  352. 0x005498 QSUVWj
  353. 0x0057A7 YYVVVhx
  354. 0x005899 VVVhF
  355. 0x005A50 UUUVUU
  356. 0x005B0F PVVj(WVVV
  357. 0x005D20 VPVh?
  358. 0x005E30 VPVh?
  359. 0x005F14 QSVW3
  360. 0x006020 YtPhL
  361. 0x006131 VVVhY
  362. 0x006235 QQSVWj,
  363. 0x0062F7 VSSSh
  364. 0x00675A PWhD!@
  365. 0x006770 PWh,!@
  366. 0x006814 YPhX!@
  367. 0x0069A2 trSWh,
  368. 0x006D5B Vh@"@
  369. 0x006E8E Rh|5@
  370. 0x0071B2 PVVh%
  371. 0x0075A8 Ph0%@
  372. 0x00848A wcsstr
  373. 0x008494 memset
  374. 0x00849E _snwprintf
  375. 0x0084AC wcscmp
  376. 0x0084BE strncmp
  377. 0x0084C8 strstr
  378. 0x0084D2 _snprintf
  379. 0x0084DE strcmp
  380. 0x0084E8 strncpy
  381. 0x0084FA printf
  382. 0x008504 _vsnprintf
  383. 0x008512 wprintf
  384. 0x00851C _vsnwprintf
  385. 0x00852A srand
  386. 0x008532 strlen
  387. 0x00853C wcstombs
  388. 0x008548 mbstowcs
  389. 0x008554 strcpy
  390. 0x00855E memcpy
  391. 0x008568 _wcsicmp
  392. 0x008574 malloc
  393. 0x008586 wcscpy
  394. 0x008590 realloc
  395. 0x00859A strtok
  396. 0x0085A4 fclose
  397. 0x0085AE fwprintf
  398. 0x0085BA _wfopen
  399. 0x0085C2 MSVCRT.dll
  400. 0x0085D0 HeapFree
  401. 0x0085DC ExpandEnvironmentStringsW
  402. 0x0085F8 HeapAlloc
  403. 0x008604 CloseHandle
  404. 0x008612 Process32NextW
  405. 0x008624 DeleteFileW
  406. 0x008632 MoveFileW
  407. 0x00863E SetFileAttributesW
  408. 0x008654 Sleep
  409. 0x00865C Process32FirstW
  410. 0x00866E CreateToolhelp32Snapshot
  411. 0x00868A lstrlenA
  412. 0x008696 SetThreadPriority
  413. 0x0086AA GetLastError
  414. 0x0086BA CreateThread
  415. 0x0086CA GetLocaleInfoA
  416. 0x0086DC TerminateThread
  417. 0x0086EE GetModuleFileNameA
  418. 0x008704 GetModuleHandleA
  419. 0x008718 GetTimeFormatA
  420. 0x00872A GetTimeFormatW
  421. 0x00873C OutputDebugStringA
  422. 0x008752 OutputDebugStringW
  423. 0x008768 ReleaseMutex
  424. 0x008778 WaitForSingleObject
  425. 0x00878E WriteFile
  426. 0x00879A CreateFileW
  427. 0x0087A8 GetTickCount
  428. 0x0087B8 SetLastError
  429. 0x0087C8 FindNextFileW
  430. 0x0087D8 FindNextFileA
  431. 0x0087E8 OpenProcess
  432. 0x0087F6 GetProcAddress
  433. 0x008808 LoadLibraryW
  434. 0x008818 GetFileAttributesW
  435. 0x00882E GetVersionExA
  436. 0x00883E ReadFile
  437. 0x00884A GetFileSize
  438. 0x008858 CreateMutexW
  439. 0x008868 OpenMutexW
  440. 0x008876 GetProcessHeap
  441. 0x008888 CreateRemoteThread
  442. 0x00889E WriteProcessMemory
  443. 0x0088B4 VirtualProtectEx
  444. 0x0088C8 VirtualAllocEx
  445. 0x0088DA ReadProcessMemory
  446. 0x0088EE GetCurrentProcess
  447. 0x008902 VirtualAlloc
  448. 0x008912 GetCurrentProcessId
  449. 0x008928 LockResource
  450. 0x008938 LoadResource
  451. 0x008948 SizeofResource
  452. 0x00895A FindResourceW
  453. 0x00896A ExitProcess
  454. 0x008978 ExitThread
  455. 0x008986 GetDriveTypeW
  456. 0x008996 GetModuleFileNameW
  457. 0x0089AC GetModuleHandleW
  458. 0x0089C0 SetErrorMode
  459. 0x0089D0 CreateProcessW
  460. 0x0089E2 TerminateProcess
  461. 0x0089F6 lstrlenW
  462. 0x008A02 CreateEventW
  463. 0x008A12 CreateDirectoryW
  464. 0x008A26 CopyFileW
  465. 0x008A32 FindFirstFileW
  466. 0x008A44 GetLogicalDriveStringsW
  467. 0x008A5C KERNEL32.dll
  468. 0x008A6A WS2_32.dll
  469. 0x008A78 PathAppendW
  470. 0x008A84 SHLWAPI.dll
  471. 0x008A92 InternetReadFile
  472. 0x008AA6 InternetOpenUrlA
  473. 0x008ABA InternetCloseHandle
  474. 0x008AD0 InternetOpenW
  475. 0x008ADE WININET.dll
  476. 0x008AEC CoCreateInstance
  477. 0x008B00 CoUninitialize
  478. 0x008B12 CoInitialize
  479. 0x008B20 ole32.dll
  480. 0x008B2C GetModuleFileNameExW
  481. 0x008B42 PSAPI.DLL
  482. 0x008B4E ShellExecuteA
  483. 0x008B5E SHGetFolderPathW
  484. 0x008B70 SHELL32.dll
  485. 0x008B7E RegCloseKey
  486. 0x008B8C RegDeleteValueW
  487. 0x008B9E RegCreateKeyExW
  488. 0x008BB0 RegQueryValueExW
  489. 0x008BC4 RegOpenKeyExW
  490. 0x008BD4 RegSetValueExW
  491. 0x008BE6 RegNotifyChangeKeyValue
  492. 0x008C00 GetUserNameW
  493. 0x008C0E ADVAPI32.dll
  494. 0x008E88 vnKA7LAG9gOBFXnAYVnhjJUrmhdgXrPA
  495. 0x008EC7 lixay~d
  496. 0x008ECF n#cb d}#b
  497. 0x008EE5 .~|xd
  498. 0x008EF9 nxcy~
  499. 0x008F0A ?>9dbg>9db;fazf>
  500. 0x008F1D Zdcxi}
  501. 0x008F3A {d~dy
  502. 0x008F4D hnbcchny
  503. 0x008F56 ibzcabli
  504. 0x008F5F ibzcabli~yb}
  505. 0x008F6C obyfdaa
  506. 0x008F74 xi}kabbi
  507. 0x008F7D xi}kabbi~yb}
  508. 0x008F8A PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPAD
  509. 0x00071D %userprofile%
  510. 0x000740 %appdata%
  511. 0x000758 %temp%
  512. 0x0007B4 %s\removethis_%d%d%d.exe
  513. 0x0009C8 hh':'mm':'ss
  514. 0x0009F4 {%s}: %s
  515. 0x000B18 %temp%\oldfile.exe
  516. 0x000BA0 Mozilla/5.0 (compatible)
  517. 0x000BDC %s\%d%d%d.exe
  518. 0x000C00 explorer.exe
  519. 0x000C20 Kernel32.dll
  520. 0x000C60 %s-deadlock
  521. 0x000CA4 %s\SysWOW64
  522. 0x001170 advapi32.dll
  523. 0x001190 comsupp.dll
  524. 0x0011AC shell32.dll
  525. 0x0011C8 wininet.dll
  526. 0x0011E4 shlwapi.dll
  527. 0x001200 dnsapi.dll
  528. 0x00121C user32.dll
  529. 0x001238 ws2_32.dll
  530. 0x001254 psapi.dll
  531. 0x00126C Ole32.dll
  532. 0x001284 kernel32.dll
  533. 0x0012A4 msvcrt.dll
  534. 0x0012C0 dwm.exe
  535. 0x0012D4 alg.exe
  536. 0x0012E8 csrss.exe
  537. 0x001300 SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  538. 0x001370 %s-readfile
  539. 0x001448 cmd.exe
  540. 0x0014BC Software\Microsoft\Windows\CurrentVersion\Run
  541. 0x001640 %temp%\deletethis.exe
  542. 0x001674 Removable_Drive.exe
  543. 0x0016BC %s\{%s-%s}
  544. 0x0016D8 /k "%s" Open %s
  545. 0x001700 %windir%\System32\cmd.exe
  546. 0x001740 %s\Removable_Drive.exe
  547. 0x001778 %s\%s
  548. 0x001788 %s\%s.lnk
  549. 0x001990 %s\autorun.inf
  550. ---
  551. #MalwareMustDie!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!