Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # MalwareMustDie!
- # BossaBot v2 - Multiple Arc Exploit Attack Flow
- :
- .text:0804A09E push offset aX86_64 ; Set mode to "x86_64"
- .text:0804A0A3 lea eax, [ebp+buff] ; Load Effective Address
- .text:0804A0A9 push eax ; char *
- .text:0804A0A9 ; Push exploit strings..
- .text:0804A0AA call _strstr ; Call Procedure
- .text:0804A0AF add esp, 10h ; nukes.w/int 10h
- .text:0804A0B2 test eax, eax ; exec!!!
- .text:0804A0B4 jz short loc_804A0D2 ; Jump if Zero (ZF=1) // go to i686...
- .text:0804A0B6 push [ebp+size]
- .text:0804A0B9 push ds:dword_8051B08 ; char
- .text:0804A0BF push offset aNoticeSTfTcitf ; "NOTICE %s : [EXPLOiTiNG-x86_64:-%s-]
- .text:0804A0C4 push ds:fd ; fildes
- .text:0804A0CA call sub_804941C ; Call Procedure
- .text:0804A0CF add esp, 10h ; Add
- .text:0804A0D2
- .text:0804A0D2 sub esp, 8 ; Integer Subtraction
- .text:0804A0D5 push offset aI686 ; "i686"
- .text:0804A0DA lea eax, [ebp+buff] ; Load Effective Address
- .text:0804A0E0 push eax ; char *
- .text:0804A0E0 ; Push exploit strings
- .text:0804A0E1 call _strstr ; strings op..
- .text:0804A0E6 add esp, 10h ; Add
- .text:0804A0E9 test eax, eax ; Exec!!
- .text:0804A0EB jz short loc_804A109 ; Jump if Zero (ZF=1) // goto i586...
- .text:0804A0ED push [ebp+size]
- .text:0804A0F0 push ds:dword_8051B08 ; char
- .text:0804A0F6 push offset aNoticeSTfTci_0 ; "NOTICE %s : [EXPLOiTiNG-i686:-%s-]
- .text:0804A0FB push ds:fd ; fildes
- .text:0804A101 call sub_804941C ; Call Procedure
- .text:0804A106 add esp, 10h ; Add
- .text:0804A109
- .text:0804A109 sub esp, 8 ; Integer Subtraction
- .text:0804A10C push offset aI586 ; "i586"
- .text:0804A111 lea edx, [ebp+buff] ; Load Effective Address
- .text:0804A117 push edx ; char *
- .text:0804A118 call _strstr ; Call Procedure
- .text:0804A11D add esp, 10h ; Add
- .text:0804A120 test eax, eax ; Logical Compare
- .text:0804A122 jz short loc_804A140 ; Jump if Zero (ZF=1) // goto i486
- .text:0804A124 push [ebp+size]
- .text:0804A127 push ds:dword_8051B08 ; char
- .text:0804A12D push offset aNoticeSTfTci_1 ; "NOTICE %s : [EXPLOiTiNG-i586:-%s-]
- .text:0804A132 push ds:fd ; fildes
- .text:0804A138 call sub_804941C ; Call Procedure
- .text:0804A13D add esp, 10h ; Add
- .text:0804A140
- .text:0804A140 sub esp, 8 ; Integer Subtraction
- .text:0804A143 push offset aI486 ; "i486"
- .text:0804A148 lea esi, [ebp+buff] ; Load Effective Address
- .text:0804A14E push esi ; char *
- .text:0804A14F call _strstr ; Call Procedure
- .text:0804A154 add esp, 10h ; Add
- .text:0804A157 test eax, eax ; Logical Compare
- .text:0804A159 jz short loc_804A177 ; Jump if Zero (ZF=1) // goto i386...
- .text:0804A15B push [ebp+size]
- .text:0804A15E push ds:dword_8051B08 ; char
- .text:0804A164 push offset aNoticeSTfTci_2 ; "NOTICE %s : [EXPLOiTiNG-i486:-%s-]
- .text:0804A169 push ds:fd ; fildes
- .text:0804A16F call sub_804941C ; Call Procedure
- .text:0804A174 add esp, 10h ; Add
- .text:0804A177
- .text:0804A177 sub esp, 8 ; Integer Subtraction
- .text:0804A17A push offset aI386 ; "i386"
- .text:0804A17F lea ecx, [ebp+buff] ; Load Effective Address
- .text:0804A185 push ecx ; char *
- .text:0804A186 call _strstr ; Call Procedure
- .text:0804A18B add esp, 10h ; Add
- .text:0804A18E test eax, eax ; Logical Compare
- .text:0804A190 jz short loc_804A1AE ; Jump if Zero (ZF=1)
- .text:0804A192 push [ebp+size]
- .text:0804A195 push ds:dword_8051B08 ; char
- .text:0804A19B push offset aNoticeSTfTci_3 ; "NOTICE %s : [EXPLOiTiNG-i386:-%s-]
- .text:0804A1A0 push ds:fd ; fildes
- .text:0804A1A6 call sub_804941C ; Call Procedure
- .text:0804A1AB add esp, 10h ; Add
- :
- ;; #MalwareMustDie!
- @unixfreaxjp /malware/ELF]$ date
- Tue Sep 9 10:02:23 JST 2014
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement