SHARE
TWEET

#MalwareMustDie - JDB Exploit Kit - Nayrabot IRC Malware Pld

MalwareMustDie Feb 1st, 2013 190 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ================================
  2. # MalwareMustDie!
  3. Case: JDB Exploit Kit Dropped
  4. A Nayrabot IRC Malware with:
  5. 1) USB worm autorunner;
  6. 2) UDP flood;
  7. 3) Bot Killer;
  8. 4) Downloader;
  9. 5) Can update itself.
  10. ================================
  11. 0x00004D   !This program cannot be run in DOS mode.
  12. 0x0001C8   .data
  13. 0x0001F0   .idata
  14. 0x000218   .rsrc
  15. 0x00023F   @.reloc
  16. 0x000768   Botkiller
  17. 0x000774   Successfully Killed And Removed Malicious File: "%s"
  18. 0x000800   Usage: %s IP PORT DELAY LENGTH
  19. 0x000828   Failed To Start Thread: "%d"
  20. 0x00084C   Failed: Mis Parameter
  21. 0x000868   WinINet
  22. 0x000874   Failed: "%d"
  23. 0x000884   Visit
  24. 0x00088C   Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
  25. 0x0008D4   Filed To Visit: "%s"
  26. 0x0008F0   Successfully Visited: "%s"
  27. 0x000920   %s #%s
  28. 0x00092C   %s %s
  29. 0x000940   Terminated WGet Thread
  30. 0x000964   Running From: "%s"
  31. 0x00097C   [%s][%s] - "%s"
  32. 0x000990   hh':'mm':'ss
  33. 0x0009E8   {%s}: %s
  34. 0x000A18   Update Complete, Uninstalling
  35. 0x000A3C   Successfully Executed Process: "%s"
  36. 0x000A68   Failed To Create Process: "%s", Reason: "%d"
  37. 0x000AA0   Successfully Replaced AryaN File With Newly Download File, Update Will Take Affect On Next Reboot
  38. 0x000B48   Successfully Downloaded File To: "%s"
  39. 0x000B78   Downloading File: "%s"
  40. 0x000B94   Download
  41. 0x000C40   IsWow64Process
  42. 0x000C84   h00p://api.wipmania.com/
  43. 0x0013D4   PRIVMSG
  44. 0x00145C   Config
  45. 0x001464   Failed to load config
  46. 0x00152C   AryaN{%s-%s-x%d}%s
  47. 0x001544   New{%s-%s-x%d}%s
  48. 0x001558   %s "" "%s" :%s
  49. 0x00156C   %s %s
  50. 0x001574   %s %s :[AryaN]: %s
  51. 0x001590   %s %s %s
  52. 0x0015A4   Finished Flooding "%s:%d"
  53. 0x0015C4   Terminated UDP Flood Thread
  54. 0x0015E8   %d%d%d%d%d%d%d%d
  55. 0x001600   Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
  56. 0x0017A4   LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
  57. 0x0019B4   AutoRun Infected Removable Device: "%s\"
  58. 0x001C57   4 RAS_e
  59. 0x001C77   4 RAS
  60. 0x001EC9   z)ze'
  61. 0x00217D   /4*&{
  62. 0x00219D   O(hHj
  63. 0x002FBB   OWShX
  64. 0x003213   D$0Pht
  65. 0x0038DA   SSPhZ
  66. 0x003FB9   j[YPSSh
  67. 0x004026   SSSSh
  68. 0x00405F   t)SSj
  69. 0x004609   Yt3Pj
  70. 0x004702   QQSVj
  71. 0x0049C9   Yt}Vh
  72. 0x0049FA   tF@Pj
  73. 0x004B20   SUVWh
  74. 0x004C22   VVVVh
  75. 0x004C3C   SVVVVh
  76. 0x004D27   tDVWWh$
  77. 0x004EF9   tUWSV
  78. 0x004F31   WWWPWW
  79. 0x005033   +Y4;YPw2
  80. 0x0050B0   Yt8Pj
  81. 0x005314   SUVWh
  82. 0x005498   QSUVWj
  83. 0x0057A7   YYVVVhx
  84. 0x005899   VVVhF
  85. 0x005A50   UUUVUU
  86. 0x005B0F   PVVj(WVVV
  87. 0x005D20   VPVh?
  88. 0x005E30   VPVh?
  89. 0x005F14   QSVW3
  90. 0x006020   YtPhL
  91. 0x006131   VVVhY
  92. 0x006235   QQSVWj,
  93. 0x0062F7   VSSSh
  94. 0x00675A   PWhD!@
  95. 0x006770   PWh,!@
  96. 0x006814   YPhX!@
  97. 0x0069A2   trSWh,
  98. 0x006D5B   Vh@"@
  99. 0x006E8E   Rh|5@
  100. 0x0071B2   PVVh%
  101. 0x0075A8   Ph0%@
  102. 0x00848A   wcsstr
  103. 0x008494   memset
  104. 0x00849E   _snwprintf
  105. 0x0084AC   wcscmp
  106. 0x0084BE   strncmp
  107. 0x0084C8   strstr
  108. 0x0084D2   _snprintf
  109. 0x0084DE   strcmp
  110. 0x0084E8   strncpy
  111. 0x0084FA   printf
  112. 0x008504   _vsnprintf
  113. 0x008512   wprintf
  114. 0x00851C   _vsnwprintf
  115. 0x00852A   srand
  116. 0x008532   strlen
  117. 0x00853C   wcstombs
  118. 0x008548   mbstowcs
  119. 0x008554   strcpy
  120. 0x00855E   memcpy
  121. 0x008568   _wcsicmp
  122. 0x008574   malloc
  123. 0x008586   wcscpy
  124. 0x008590   realloc
  125. 0x00859A   strtok
  126. 0x0085A4   fclose
  127. 0x0085AE   fwprintf
  128. 0x0085BA   _wfopen
  129. 0x0085C2   MSVCRT.dll
  130. 0x0085D0   HeapFree
  131. 0x0085DC   ExpandEnvironmentStringsW
  132. 0x0085F8   HeapAlloc
  133. 0x008604   CloseHandle
  134. 0x008612   Process32NextW
  135. 0x008624   DeleteFileW
  136. 0x008632   MoveFileW
  137. 0x00863E   SetFileAttributesW
  138. 0x008654   Sleep
  139. 0x00865C   Process32FirstW
  140. 0x00866E   CreateToolhelp32Snapshot
  141. 0x00868A   lstrlenA
  142. 0x008696   SetThreadPriority
  143. 0x0086AA   GetLastError
  144. 0x0086BA   CreateThread
  145. 0x0086CA   GetLocaleInfoA
  146. 0x0086DC   TerminateThread
  147. 0x0086EE   GetModuleFileNameA
  148. 0x008704   GetModuleHandleA
  149. 0x008718   GetTimeFormatA
  150. 0x00872A   GetTimeFormatW
  151. 0x00873C   OutputDebugStringA
  152. 0x008752   OutputDebugStringW
  153. 0x008768   ReleaseMutex
  154. 0x008778   WaitForSingleObject
  155. 0x00878E   WriteFile
  156. 0x00879A   CreateFileW
  157. 0x0087A8   GetTickCount
  158. 0x0087B8   SetLastError
  159. 0x0087C8   FindNextFileW
  160. 0x0087D8   FindNextFileA
  161. 0x0087E8   OpenProcess
  162. 0x0087F6   GetProcAddress
  163. 0x008808   LoadLibraryW
  164. 0x008818   GetFileAttributesW
  165. 0x00882E   GetVersionExA
  166. 0x00883E   ReadFile
  167. 0x00884A   GetFileSize
  168. 0x008858   CreateMutexW
  169. 0x008868   OpenMutexW
  170. 0x008876   GetProcessHeap
  171. 0x008888   CreateRemoteThread
  172. 0x00889E   WriteProcessMemory
  173. 0x0088B4   VirtualProtectEx
  174. 0x0088C8   VirtualAllocEx
  175. 0x0088DA   ReadProcessMemory
  176. 0x0088EE   GetCurrentProcess
  177. 0x008902   VirtualAlloc
  178. 0x008912   GetCurrentProcessId
  179. 0x008928   LockResource
  180. 0x008938   LoadResource
  181. 0x008948   SizeofResource
  182. 0x00895A   FindResourceW
  183. 0x00896A   ExitProcess
  184. 0x008978   ExitThread
  185. 0x008986   GetDriveTypeW
  186. 0x008996   GetModuleFileNameW
  187. 0x0089AC   GetModuleHandleW
  188. 0x0089C0   SetErrorMode
  189. 0x0089D0   CreateProcessW
  190. 0x0089E2   TerminateProcess
  191. 0x0089F6   lstrlenW
  192. 0x008A02   CreateEventW
  193. 0x008A12   CreateDirectoryW
  194. 0x008A26   CopyFileW
  195. 0x008A32   FindFirstFileW
  196. 0x008A44   GetLogicalDriveStringsW
  197. 0x008A5C   KERNEL32.dll
  198. 0x008A6A   WS2_32.dll
  199. 0x008A78   PathAppendW
  200. 0x008A84   SHLWAPI.dll
  201. 0x008A92   InternetReadFile
  202. 0x008AA6   InternetOpenUrlA
  203. 0x008ABA   InternetCloseHandle
  204. 0x008AD0   InternetOpenW
  205. 0x008ADE   WININET.dll
  206. 0x008AEC   CoCreateInstance
  207. 0x008B00   CoUninitialize
  208. 0x008B12   CoInitialize
  209. 0x008B20   ole32.dll
  210. 0x008B2C   GetModuleFileNameExW
  211. 0x008B42   PSAPI.DLL
  212. 0x008B4E   ShellExecuteA
  213. 0x008B5E   SHGetFolderPathW
  214. 0x008B70   SHELL32.dll
  215. 0x008B7E   RegCloseKey
  216. 0x008B8C   RegDeleteValueW
  217. 0x008B9E   RegCreateKeyExW
  218. 0x008BB0   RegQueryValueExW
  219. 0x008BC4   RegOpenKeyExW
  220. 0x008BD4   RegSetValueExW
  221. 0x008BE6   RegNotifyChangeKeyValue
  222. 0x008C00   GetUserNameW
  223. 0x008C0E   ADVAPI32.dll
  224. 0x008E88   vnKA7LAG9gOBFXnAYVnhjJUrmhdgXrPA
  225. 0x008EC7   lixay~d
  226. 0x008ECF   n#cb d}#b
  227. 0x008EE5   .~|xd
  228. 0x008EF9   nxcy~
  229. 0x008F0A   ?>9dbg>9db;fazf>
  230. 0x008F1D   Zdcxi}
  231. 0x008F3A   {d~dy
  232. 0x008F4D   hnbcchny
  233. 0x008F56   ibzcabli
  234. 0x008F5F   ibzcabli~yb}
  235. 0x008F6C   obyfdaa
  236. 0x008F74   xi}kabbi
  237. 0x008F7D   xi}kabbi~yb}
  238. 0x008F8A   PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPAD
  239. 0x00071D   %userprofile%
  240. 0x000740   %appdata%
  241. 0x000758   %temp%
  242. 0x0007B4   %s\removethis_%d%d%d.exe
  243. 0x0009C8   hh':'mm':'ss
  244. 0x0009F4   {%s}: %s
  245. 0x000B18   %temp%\oldfile.exe
  246. 0x000BA0   Mozilla/5.0 (compatible)
  247. 0x000BDC   %s\%d%d%d.exe
  248. 0x000C00   explorer.exe
  249. 0x000C20   Kernel32.dll
  250. 0x000C60   %s-deadlock
  251. 0x000CA4   %s\SysWOW64
  252. 0x001170   advapi32.dll
  253. 0x001190   comsupp.dll
  254. 0x0011AC   shell32.dll
  255. 0x0011C8   wininet.dll
  256. 0x0011E4   shlwapi.dll
  257. 0x001200   dnsapi.dll
  258. 0x00121C   user32.dll
  259. 0x001238   ws2_32.dll
  260. 0x001254   psapi.dll
  261. 0x00126C   Ole32.dll
  262. 0x001284   kernel32.dll
  263. 0x0012A4   msvcrt.dll
  264. 0x0012C0   dwm.exe
  265. 0x0012D4   alg.exe
  266. 0x0012E8   csrss.exe
  267. 0x001300   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  268. 0x001370   %s-readfile
  269. 0x001448   cmd.exe
  270. 0x0014BC   Software\Microsoft\Windows\CurrentVersion\Run
  271. 0x001640   %temp%\deletethis.exe
  272. 0x001674   Removable_Drive.exe
  273. 0x0016BC   %s\{%s-%s}
  274. 0x0016D8   /k "%s" Open %s
  275. 0x001700   %windir%\System32\cmd.exe
  276. 0x001740   %s\Removable_Drive.exe
  277. 0x001778   %s\%s
  278. 0x001788   %s\%s.lnk
  279. 0x001990   %s\autorun.inf
  280. 0x00004D   !This program cannot be run in DOS mode.
  281. 0x0001C8   .data
  282. 0x0001F0   .idata
  283. 0x000218   .rsrc
  284. 0x00023F   @.reloc
  285. 0x000768   Botkiller
  286. 0x000774   Successfully Killed And Removed Malicious File: "%s"
  287. 0x000800   Usage: %s IP PORT DELAY LENGTH
  288. 0x000828   Failed To Start Thread: "%d"
  289. 0x00084C   Failed: Mis Parameter
  290. 0x000868   WinINet
  291. 0x000874   Failed: "%d"
  292. 0x000884   Visit
  293. 0x00088C   Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
  294. 0x0008D4   Filed To Visit: "%s"
  295. 0x0008F0   Successfully Visited: "%s"
  296. 0x000920   %s #%s
  297. 0x00092C   %s %s
  298. 0x000940   Terminated WGet Thread
  299. 0x000964   Running From: "%s"
  300. 0x00097C   [%s][%s] - "%s"
  301. 0x000990   hh':'mm':'ss
  302. 0x0009E8   {%s}: %s
  303. 0x000A18   Update Complete, Uninstalling
  304. 0x000A3C   Successfully Executed Process: "%s"
  305. 0x000A68   Failed To Create Process: "%s", Reason: "%d"
  306. 0x000AA0   Successfully Replaced AryaN File With Newly Download File, Update Will Take Affect On Next Reboot
  307. 0x000B48   Successfully Downloaded File To: "%s"
  308. 0x000B78   Downloading File: "%s"
  309. 0x000B94   Download
  310. 0x000C40   IsWow64Process
  311. 0x000C84   http://api.wipmania.com/
  312. 0x0013D4   PRIVMSG
  313. 0x00145C   Config
  314. 0x001464   Failed to load config
  315. 0x00152C   AryaN{%s-%s-x%d}%s
  316. 0x001544   New{%s-%s-x%d}%s
  317.  
  318. 0x001558   %s "" "%s" :%s
  319. 0x00156C   %s %s
  320. 0x001574   %s %s :[AryaN]: %s
  321. 0x001590   %s %s %s
  322. 0x0015A4   Finished Flooding "%s:%d"
  323. 0x0015C4   Terminated UDP Flood Thread
  324. 0x0015E8   %d%d%d%d%d%d%d%d
  325. 0x001600   Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
  326. 0x0017A4   LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
  327. 0x0019B4   AutoRun Infected Removable Device: "%s\"
  328. 0x001C57   4 RAS_e
  329. 0x001C77   4 RAS
  330. 0x001EC9   z)ze'
  331. 0x00217D   /4*&{
  332. 0x00219D   O(hHj
  333. 0x002FBB   OWShX
  334. 0x003213   D$0Pht
  335. 0x0038DA   SSPhZ
  336. 0x003FB9   j[YPSSh
  337. 0x004026   SSSSh
  338. 0x00405F   t)SSj
  339. 0x004609   Yt3Pj
  340. 0x004702   QQSVj
  341. 0x0049C9   Yt}Vh
  342. 0x0049FA   tF@Pj
  343. 0x004B20   SUVWh
  344. 0x004C22   VVVVh
  345. 0x004C3C   SVVVVh
  346. 0x004D27   tDVWWh$
  347. 0x004EF9   tUWSV
  348. 0x004F31   WWWPWW
  349. 0x005033   +Y4;YPw2
  350. 0x0050B0   Yt8Pj
  351. 0x005314   SUVWh
  352. 0x005498   QSUVWj
  353. 0x0057A7   YYVVVhx
  354. 0x005899   VVVhF
  355. 0x005A50   UUUVUU
  356. 0x005B0F   PVVj(WVVV
  357. 0x005D20   VPVh?
  358. 0x005E30   VPVh?
  359. 0x005F14   QSVW3
  360. 0x006020   YtPhL
  361. 0x006131   VVVhY
  362. 0x006235   QQSVWj,
  363. 0x0062F7   VSSSh
  364. 0x00675A   PWhD!@
  365. 0x006770   PWh,!@
  366. 0x006814   YPhX!@
  367. 0x0069A2   trSWh,
  368. 0x006D5B   Vh@"@
  369. 0x006E8E   Rh|5@
  370. 0x0071B2   PVVh%
  371. 0x0075A8   Ph0%@
  372. 0x00848A   wcsstr
  373. 0x008494   memset
  374. 0x00849E   _snwprintf
  375. 0x0084AC   wcscmp
  376. 0x0084BE   strncmp
  377. 0x0084C8   strstr
  378. 0x0084D2   _snprintf
  379. 0x0084DE   strcmp
  380. 0x0084E8   strncpy
  381. 0x0084FA   printf
  382. 0x008504   _vsnprintf
  383. 0x008512   wprintf
  384. 0x00851C   _vsnwprintf
  385. 0x00852A   srand
  386. 0x008532   strlen
  387. 0x00853C   wcstombs
  388. 0x008548   mbstowcs
  389. 0x008554   strcpy
  390. 0x00855E   memcpy
  391. 0x008568   _wcsicmp
  392. 0x008574   malloc
  393. 0x008586   wcscpy
  394. 0x008590   realloc
  395. 0x00859A   strtok
  396. 0x0085A4   fclose
  397. 0x0085AE   fwprintf
  398. 0x0085BA   _wfopen
  399. 0x0085C2   MSVCRT.dll
  400. 0x0085D0   HeapFree
  401. 0x0085DC   ExpandEnvironmentStringsW
  402. 0x0085F8   HeapAlloc
  403. 0x008604   CloseHandle
  404. 0x008612   Process32NextW
  405. 0x008624   DeleteFileW
  406. 0x008632   MoveFileW
  407. 0x00863E   SetFileAttributesW
  408. 0x008654   Sleep
  409. 0x00865C   Process32FirstW
  410. 0x00866E   CreateToolhelp32Snapshot
  411. 0x00868A   lstrlenA
  412. 0x008696   SetThreadPriority
  413. 0x0086AA   GetLastError
  414. 0x0086BA   CreateThread
  415. 0x0086CA   GetLocaleInfoA
  416. 0x0086DC   TerminateThread
  417. 0x0086EE   GetModuleFileNameA
  418. 0x008704   GetModuleHandleA
  419. 0x008718   GetTimeFormatA
  420. 0x00872A   GetTimeFormatW
  421. 0x00873C   OutputDebugStringA
  422. 0x008752   OutputDebugStringW
  423. 0x008768   ReleaseMutex
  424. 0x008778   WaitForSingleObject
  425. 0x00878E   WriteFile
  426. 0x00879A   CreateFileW
  427. 0x0087A8   GetTickCount
  428. 0x0087B8   SetLastError
  429. 0x0087C8   FindNextFileW
  430. 0x0087D8   FindNextFileA
  431. 0x0087E8   OpenProcess
  432. 0x0087F6   GetProcAddress
  433. 0x008808   LoadLibraryW
  434. 0x008818   GetFileAttributesW
  435. 0x00882E   GetVersionExA
  436. 0x00883E   ReadFile
  437. 0x00884A   GetFileSize
  438. 0x008858   CreateMutexW
  439. 0x008868   OpenMutexW
  440. 0x008876   GetProcessHeap
  441. 0x008888   CreateRemoteThread
  442. 0x00889E   WriteProcessMemory
  443. 0x0088B4   VirtualProtectEx
  444. 0x0088C8   VirtualAllocEx
  445. 0x0088DA   ReadProcessMemory
  446. 0x0088EE   GetCurrentProcess
  447. 0x008902   VirtualAlloc
  448. 0x008912   GetCurrentProcessId
  449. 0x008928   LockResource
  450. 0x008938   LoadResource
  451. 0x008948   SizeofResource
  452. 0x00895A   FindResourceW
  453. 0x00896A   ExitProcess
  454. 0x008978   ExitThread
  455. 0x008986   GetDriveTypeW
  456. 0x008996   GetModuleFileNameW
  457. 0x0089AC   GetModuleHandleW
  458. 0x0089C0   SetErrorMode
  459. 0x0089D0   CreateProcessW
  460. 0x0089E2   TerminateProcess
  461. 0x0089F6   lstrlenW
  462. 0x008A02   CreateEventW
  463. 0x008A12   CreateDirectoryW
  464. 0x008A26   CopyFileW
  465. 0x008A32   FindFirstFileW
  466. 0x008A44   GetLogicalDriveStringsW
  467. 0x008A5C   KERNEL32.dll
  468. 0x008A6A   WS2_32.dll
  469. 0x008A78   PathAppendW
  470. 0x008A84   SHLWAPI.dll
  471. 0x008A92   InternetReadFile
  472. 0x008AA6   InternetOpenUrlA
  473. 0x008ABA   InternetCloseHandle
  474. 0x008AD0   InternetOpenW
  475. 0x008ADE   WININET.dll
  476. 0x008AEC   CoCreateInstance
  477. 0x008B00   CoUninitialize
  478. 0x008B12   CoInitialize
  479. 0x008B20   ole32.dll
  480. 0x008B2C   GetModuleFileNameExW
  481. 0x008B42   PSAPI.DLL
  482. 0x008B4E   ShellExecuteA
  483. 0x008B5E   SHGetFolderPathW
  484. 0x008B70   SHELL32.dll
  485. 0x008B7E   RegCloseKey
  486. 0x008B8C   RegDeleteValueW
  487. 0x008B9E   RegCreateKeyExW
  488. 0x008BB0   RegQueryValueExW
  489. 0x008BC4   RegOpenKeyExW
  490. 0x008BD4   RegSetValueExW
  491. 0x008BE6   RegNotifyChangeKeyValue
  492. 0x008C00   GetUserNameW
  493. 0x008C0E   ADVAPI32.dll
  494. 0x008E88   vnKA7LAG9gOBFXnAYVnhjJUrmhdgXrPA
  495. 0x008EC7   lixay~d
  496. 0x008ECF   n#cb d}#b
  497. 0x008EE5   .~|xd
  498. 0x008EF9   nxcy~
  499. 0x008F0A   ?>9dbg>9db;fazf>
  500. 0x008F1D   Zdcxi}
  501. 0x008F3A   {d~dy
  502. 0x008F4D   hnbcchny
  503. 0x008F56   ibzcabli
  504. 0x008F5F   ibzcabli~yb}
  505. 0x008F6C   obyfdaa
  506. 0x008F74   xi}kabbi
  507. 0x008F7D   xi}kabbi~yb}
  508. 0x008F8A   PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPAD
  509. 0x00071D   %userprofile%
  510. 0x000740   %appdata%
  511. 0x000758   %temp%
  512. 0x0007B4   %s\removethis_%d%d%d.exe
  513. 0x0009C8   hh':'mm':'ss
  514. 0x0009F4   {%s}: %s
  515. 0x000B18   %temp%\oldfile.exe
  516. 0x000BA0   Mozilla/5.0 (compatible)
  517. 0x000BDC   %s\%d%d%d.exe
  518. 0x000C00   explorer.exe
  519. 0x000C20   Kernel32.dll
  520. 0x000C60   %s-deadlock
  521. 0x000CA4   %s\SysWOW64
  522. 0x001170   advapi32.dll
  523. 0x001190   comsupp.dll
  524. 0x0011AC   shell32.dll
  525. 0x0011C8   wininet.dll
  526. 0x0011E4   shlwapi.dll
  527. 0x001200   dnsapi.dll
  528. 0x00121C   user32.dll
  529. 0x001238   ws2_32.dll
  530. 0x001254   psapi.dll
  531. 0x00126C   Ole32.dll
  532. 0x001284   kernel32.dll
  533. 0x0012A4   msvcrt.dll
  534. 0x0012C0   dwm.exe
  535. 0x0012D4   alg.exe
  536. 0x0012E8   csrss.exe
  537. 0x001300   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  538. 0x001370   %s-readfile
  539. 0x001448   cmd.exe
  540. 0x0014BC   Software\Microsoft\Windows\CurrentVersion\Run
  541. 0x001640   %temp%\deletethis.exe
  542. 0x001674   Removable_Drive.exe
  543. 0x0016BC   %s\{%s-%s}
  544. 0x0016D8   /k "%s" Open %s
  545. 0x001700   %windir%\System32\cmd.exe
  546. 0x001740   %s\Removable_Drive.exe
  547. 0x001778   %s\%s
  548. 0x001788   %s\%s.lnk
  549. 0x001990   %s\autorun.inf
  550. ---
  551. #MalwareMustDie!
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top