API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 3rd, 2012
2,056
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.88 KB | None | 0 0
raw download clone embed print report
  1. original code:
  2.  
  3. VIRTUALIZER_START
  4.  
  5. bar:
  6. xor eax, 1111h
  7. xor ebx, 2222h
  8. xor ecx, 3333h
  9. xor edx, 4444h
  10. xor ebp, 5555h
  11. xor esi, 6666h
  12. xor edi, 7777h
  13. mov edx, offset x
  14. mov dword ptr [edx+eax], 1
  15.  
  16. VIRTUALIZER_END
  17.  
  18. --------------------
  19. DeCV 1.0b by p_k / twitter.com/pa_kt
  20. --------------------
  21. normalizing operands... done
  22. search fmj: 0x403556
  23. delta_call: 0x4034ef
  24. handlers_tab: 0x40324c
  25. magic_lodsb: 0x403556
  26. magic_jmp: 0x403d71
  27. find_stuff time: 0.203999996185
  28. convert_bbs_to_dbbs time: 1.22499990463
  29. cut_and_clean time: 1.31399989128
  30. deobfuscate_handlers time: 1.76799988747
  31. elapsed time: 1.76999998093
  32. deobfu handlers count: 168
  33. vmi count: 171
  34. vms found: 1
  35. 0x40740e
  36. vm: 0
  37. 0x00000000 000[07] load ptr eflags
  38. 0x00000002 001 store addr
  39. 0x00000003 018 store dword [addr]
  40. 0x00000004 000[03] load ptr edi
  41. 0x00000006 001 store addr
  42. 0x00000007 018 store dword [addr]
  43. 0x00000008 000[04] load ptr esi
  44. 0x0000000a 001 store addr
  45. 0x0000000b 018 store dword [addr]
  46. 0x0000000c 000[00] load ptr ebp
  47. 0x0000000e 001 store addr
  48. 0x0000000f 018 store dword [addr]
  49. 0x00000010 000[01] load ptr ebx
  50. 0x00000012 001 store addr
  51. 0x00000013 018 store dword [addr]
  52. 0x00000014 157[02] 157 param: 0x02
  53. 0x00000016 000[01] load ptr ebx
  54. 0x00000018 001 store addr
  55. 0x00000019 018 store dword [addr]
  56. 0x0000001a 000[05] load ptr edx
  57. 0x0000001c 001 store addr
  58. 0x0000001d 018 store dword [addr]
  59. 0x0000001e 000[02] load ptr ecx
  60. 0x00000020 001 store addr
  61. 0x00000021 018 store dword [addr]
  62. 0x00000022 000[06] load ptr eax
  63. 0x00000024 001 store addr
  64. 0x00000025 018 store dword [addr]
  65. 0x00000026 14e move addr, STACK
  66. 0x00000027 009 load addr
  67. 0x00000028 004[00000004] load dword 0x4L
  68. 0x0000002d 006 add. dword
  69. 0x0000002e 208 move STACK, [STACK]
  70. 0x0000002f 009 load addr
  71. 0x00000030 000[03] load ptr edi
  72. 0x00000032 001 store addr
  73. 0x00000033 00c load dword [addr]
  74. 0x00000034 001 store addr
  75. 0x00000035 001 store addr
  76. 0x00000036 000[06] load ptr eax
  77. 0x00000038 001 store addr
  78. 0x00000039 00c load dword [addr]
  79. 0x0000003a 004[00001111] load dword 0x1111L
  80. 0x0000003f 03d xor dword
  81. 0x00000040 01c[07] store dword eflags
  82. 0x00000042 000[06] load ptr eax
  83. 0x00000044 001 store addr
  84. 0x00000045 018 store dword [addr]
  85. 0x00000046 000[01] load ptr ebx
  86. 0x00000048 001 store addr
  87. 0x00000049 00c load dword [addr]
  88. 0x0000004a 004[00002222] load dword 0x2222L
  89. 0x0000004f 03d xor dword
  90. 0x00000050 009 load addr
  91. 0x00000051 009 load addr
  92. 0x00000052 004[00000004] load dword 0x4L
  93. 0x00000057 006 add. dword
  94. 0x00000058 001 store addr
  95. 0x00000059 001 store addr
  96. 0x0000005a 01c[07] store dword eflags
  97. 0x0000005c 009 load addr
  98. 0x0000005d 000[01] load ptr ebx
  99. 0x0000005f 001 store addr
  100. 0x00000060 001 store addr
  101. 0x00000061 000[01] load ptr ebx
  102. 0x00000063 001 store addr
  103. 0x00000064 018 store dword [addr]
  104. 0x00000065 000[02] load ptr ecx
  105. 0x00000067 001 store addr
  106. 0x00000068 00c load dword [addr]
  107. 0x00000069 004[00003333] load dword 0x3333L
  108. 0x0000006e 03d xor dword
  109. 0x0000006f 01c[07] store dword eflags
  110. 0x00000071 000[02] load ptr ecx
  111. 0x00000073 001 store addr
  112. 0x00000074 018 store dword [addr]
  113. 0x00000075 009 load addr
  114. 0x00000076 000[06] load ptr eax
  115. 0x00000078 001 store addr
  116. 0x00000079 001 store addr
  117. 0x0000007a 000[05] load ptr edx
  118. 0x0000007c 001 store addr
  119. 0x0000007d 00c load dword [addr]
  120. 0x0000007e 004[00004444] load dword 0x4444L
  121. 0x00000083 03d xor dword
  122. 0x00000084 01c[07] store dword eflags
  123. 0x00000086 000[05] load ptr edx
  124. 0x00000088 001 store addr
  125. 0x00000089 009 load addr
  126. 0x0000008a 009 load addr
  127. 0x0000008b 004[00000004] load dword 0x4L
  128. 0x00000090 006 add. dword
  129. 0x00000091 001 store addr
  130. 0x00000092 001 store addr
  131. 0x00000093 018 store dword [addr]
  132. 0x00000094 000[00] load ptr ebp
  133. 0x00000096 001 store addr
  134. 0x00000097 00c load dword [addr]
  135. 0x00000098 004[00005555] load dword 0x5555L
  136. 0x0000009d 000[02] load ptr ecx
  137. 0x0000009f 001 store addr
  138. 0x000000a0 00c load dword [addr]
  139. 0x000000a1 000[02] load ptr ecx
  140. 0x000000a3 001 store addr
  141. 0x000000a4 00c load dword [addr]
  142. 0x000000a5 024 add dword
  143. 0x000000a6 01c[07] store dword eflags
  144. 0x000000a8 001 store addr
  145. 0x000000a9 03d xor dword
  146. 0x000000aa 01c[07] store dword eflags
  147. 0x000000ac 000[00] load ptr ebp
  148. 0x000000ae 001 store addr
  149. 0x000000af 018 store dword [addr]
  150. 0x000000b0 000[04] load ptr esi
  151. 0x000000b2 001 store addr
  152. 0x000000b3 00c load dword [addr]
  153. 0x000000b4 004[00006666] load dword 0x6666L
  154. 0x000000b9 03d xor dword
  155. 0x000000ba 01c[07] store dword eflags
  156. 0x000000bc 000[04] load ptr esi
  157. 0x000000be 001 store addr
  158. 0x000000bf 018 store dword [addr]
  159. 0x000000c0 000[03] load ptr edi
  160. 0x000000c2 001 store addr
  161. 0x000000c3 00c load dword [addr]
  162. 0x000000c4 004[00007777] load dword 0x7777L
  163. 0x000000c9 03d xor dword
  164. 0x000000ca 01c[07] store dword eflags
  165. 0x000000cc 000[03] load ptr edi
  166. 0x000000ce 001 store addr
  167. 0x000000cf 009 load addr
  168. 0x000000d0 000[04] load ptr esi
  169. 0x000000d2 001 store addr
  170. 0x000000d3 001 store addr
  171. 0x000000d4 018 store dword [addr]
  172. 0x000000d5 004[00403000] load dword 0x403000L
  173. 0x000000da 009 load addr
  174. 0x000000db 003[53a5] load word 0x53a5L
  175. 0x000000de 003[1b62] load word 0x1b62L
  176. 0x000000e1 001 store addr
  177. 0x000000e2 001 store addr
  178. 0x000000e3 000[05] load ptr edx
  179. 0x000000e5 001 store addr
  180. 0x000000e6 018 store dword [addr]
  181. 0x000000e7 009 load addr
  182. 0x000000e8 003[e92b] load word 0xe92bL
  183. 0x000000eb 003[7882] load word 0x7882L
  184. 0x000000ee 001 store addr
  185. 0x000000ef 001 store addr
  186. 0x000000f0 004[00000001] load dword 0x1L
  187. 0x000000f5 007[06] load dword eax
  188. 0x000000f7 001 store addr
  189. 0x000000f8 211[05] add_reg_to_addr edx
  190. 0x000000fa 018 store dword [addr]
  191. 0x000000fb 004[0040105b] load dword 0x40105bL
  192. 0x00000100 15d 15d
  193. 0x00000101 154[00000001] jmp $+0x1
  194. 0x00000107 000[07] load ptr eflags
  195. 0x00000109 001 store addr
  196. 0x0000010a 00c load dword [addr]
  197. 0x0000010b 000[06] load ptr eax
  198. 0x0000010d 001 store addr
  199. 0x0000010e 00c load dword [addr]
  200. 0x0000010f 000[02] load ptr ecx
  201. 0x00000111 001 store addr
  202. 0x00000112 00c load dword [addr]
  203. 0x00000113 000[05] load ptr edx
  204. 0x00000115 001 store addr
  205. 0x00000116 00c load dword [addr]
  206. 0x00000117 000[01] load ptr ebx
  207. 0x00000119 001 store addr
  208. 0x0000011a 00c load dword [addr]
  209. 0x0000011b 000[01] load ptr ebx
  210. 0x0000011d 001 store addr
  211. 0x0000011e 00c load dword [addr]
  212. 0x0000011f 000[00] load ptr ebp
  213. 0x00000121 001 store addr
  214. 0x00000122 00c load dword [addr]
  215. 0x00000123 000[04] load ptr esi
  216. 0x00000125 001 store addr
  217. 0x00000126 00c load dword [addr]
  218. 0x00000127 000[03] load ptr edi
  219. 0x00000129 001 store addr
  220. 0x0000012a 00c load dword [addr]
  221. 0x0000012b 212 gtfo
  222. -----
  223. done. total time: 2.06900000572
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!