API tools faq
paste
Kafeine

malfind_580

Kafeine
Aug 29th, 2014
577
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.27 KB | None | 0 0
raw download clone embed print report
  1. Process: iexplore.exe Pid: 580 Address: 0x1e40000
  2. Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
  3. Flags: CommitCharge: 2, MemCommit: 1, PrivateMemory: 1, Protection: 6
  4.  
  5. 0x01e40000 b0 00 eb 70 b0 01 eb 6c b0 02 eb 68 b0 03 eb 64 ...p...l...h...d
  6. 0x01e40010 b0 04 eb 60 b0 05 eb 5c b0 06 eb 58 b0 07 eb 54 ...`...\...X...T
  7. 0x01e40020 b0 08 eb 50 b0 09 eb 4c b0 0a eb 48 b0 0b eb 44 ...P...L...H...D
  8. 0x01e40030 b0 0c eb 40 b0 0d eb 3c b0 0e eb 38 b0 0f eb 34 ...@...<...8...4
  9.  
  10. 0x1e40000 b000 MOV AL, 0x0
  11. 0x1e40002 eb70 JMP 0x1e40074
  12. 0x1e40004 b001 MOV AL, 0x1
  13. 0x1e40006 eb6c JMP 0x1e40074
  14. 0x1e40008 b002 MOV AL, 0x2
  15. 0x1e4000a eb68 JMP 0x1e40074
  16. 0x1e4000c b003 MOV AL, 0x3
  17. 0x1e4000e eb64 JMP 0x1e40074
  18. 0x1e40010 b004 MOV AL, 0x4
  19. 0x1e40012 eb60 JMP 0x1e40074
  20. 0x1e40014 b005 MOV AL, 0x5
  21. 0x1e40016 eb5c JMP 0x1e40074
  22. 0x1e40018 b006 MOV AL, 0x6
  23. 0x1e4001a eb58 JMP 0x1e40074
  24. 0x1e4001c b007 MOV AL, 0x7
  25. 0x1e4001e eb54 JMP 0x1e40074
  26. 0x1e40020 b008 MOV AL, 0x8
  27. 0x1e40022 eb50 JMP 0x1e40074
  28. 0x1e40024 b009 MOV AL, 0x9
  29. 0x1e40026 eb4c JMP 0x1e40074
  30. 0x1e40028 b00a MOV AL, 0xa
  31. 0x1e4002a eb48 JMP 0x1e40074
  32. 0x1e4002c b00b MOV AL, 0xb
  33. 0x1e4002e eb44 JMP 0x1e40074
  34. 0x1e40030 b00c MOV AL, 0xc
  35. 0x1e40032 eb40 JMP 0x1e40074
  36. 0x1e40034 b00d MOV AL, 0xd
  37. 0x1e40036 eb3c JMP 0x1e40074
  38. 0x1e40038 b00e MOV AL, 0xe
  39. 0x1e4003a eb38 JMP 0x1e40074
  40. 0x1e4003c b00f MOV AL, 0xf
  41. 0x1e4003e eb34 JMP 0x1e40074
  42.  
  43. Process: iexplore.exe Pid: 580 Address: 0x3970000
  44. Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
  45. Flags: CommitCharge: 1, MemCommit: 1, PrivateMemory: 1, Protection: 6
  46.  
  47. 0x03970000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
  48. 0x03970010 00 00 97 03 00 00 00 00 00 00 00 00 00 00 00 00 ................
  49. 0x03970020 10 00 97 03 00 00 00 00 00 00 00 00 00 00 00 00 ................
  50. 0x03970030 20 00 97 03 00 00 00 00 00 00 00 00 00 00 00 00 ................
  51.  
  52. 0x3970000 0000 ADD [EAX], AL
  53. 0x3970002 0000 ADD [EAX], AL
  54. 0x3970004 0000 ADD [EAX], AL
  55. 0x3970006 0000 ADD [EAX], AL
  56. 0x3970008 0000 ADD [EAX], AL
  57. 0x397000a 0000 ADD [EAX], AL
  58. 0x397000c 0000 ADD [EAX], AL
  59. 0x397000e 0000 ADD [EAX], AL
  60. 0x3970010 0000 ADD [EAX], AL
  61. 0x3970012 97 XCHG EDI, EAX
  62. 0x3970013 0300 ADD EAX, [EAX]
  63. 0x3970015 0000 ADD [EAX], AL
  64. 0x3970017 0000 ADD [EAX], AL
  65. 0x3970019 0000 ADD [EAX], AL
  66. 0x397001b 0000 ADD [EAX], AL
  67. 0x397001d 0000 ADD [EAX], AL
  68. 0x397001f 0010 ADD [EAX], DL
  69. 0x3970021 009703000000 ADD [EDI+0x3], DL
  70. 0x3970027 0000 ADD [EAX], AL
  71. 0x3970029 0000 ADD [EAX], AL
  72. 0x397002b 0000 ADD [EAX], AL
  73. 0x397002d 0000 ADD [EAX], AL
  74. 0x397002f 0020 ADD [EAX], AH
  75. 0x3970031 009703000000 ADD [EDI+0x3], DL
  76. 0x3970037 0000 ADD [EAX], AL
  77. 0x3970039 0000 ADD [EAX], AL
  78. 0x397003b 0000 ADD [EAX], AL
  79. 0x397003d 0000 ADD [EAX], AL
  80. 0x397003f 00 DB 0x0
  81.  
  82. Process: iexplore.exe Pid: 580 Address: 0x5fff0000
  83. Vad Tag: VadS Protection: PAGE_EXECUTE_READWRITE
  84. Flags: CommitCharge: 16, MemCommit: 1, PrivateMemory: 1, Protection: 6
  85.  
  86. 0x5fff0000 64 74 72 52 00 00 00 00 00 02 ff 5f 00 00 00 00 dtrR......._....
  87. 0x5fff0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
  88. 0x5fff0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
  89. 0x5fff0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
  90.  
  91. 0x5fff0000 647472 JZ 0x5fff0075
  92. 0x5fff0003 52 PUSH EDX
  93. 0x5fff0004 0000 ADD [EAX], AL
  94. 0x5fff0006 0000 ADD [EAX], AL
  95. 0x5fff0008 0002 ADD [EDX], AL
  96. 0x5fff000a ff5f00 CALL FAR DWORD [EDI+0x0]
  97. 0x5fff000d 0000 ADD [EAX], AL
  98. 0x5fff000f 0000 ADD [EAX], AL
  99. 0x5fff0011 0000 ADD [EAX], AL
  100. 0x5fff0013 0000 ADD [EAX], AL
  101. 0x5fff0015 0000 ADD [EAX], AL
  102. 0x5fff0017 0000 ADD [EAX], AL
  103. 0x5fff0019 0000 ADD [EAX], AL
  104. 0x5fff001b 0000 ADD [EAX], AL
  105. 0x5fff001d 0000 ADD [EAX], AL
  106. 0x5fff001f 0000 ADD [EAX], AL
  107. 0x5fff0021 0000 ADD [EAX], AL
  108. 0x5fff0023 0000 ADD [EAX], AL
  109. 0x5fff0025 0000 ADD [EAX], AL
  110. 0x5fff0027 0000 ADD [EAX], AL
  111. 0x5fff0029 0000 ADD [EAX], AL
  112. 0x5fff002b 0000 ADD [EAX], AL
  113. 0x5fff002d 0000 ADD [EAX], AL
  114. 0x5fff002f 0000 ADD [EAX], AL
  115. 0x5fff0031 0000 ADD [EAX], AL
  116. 0x5fff0033 0000 ADD [EAX], AL
  117. 0x5fff0035 0000 ADD [EAX], AL
  118. 0x5fff0037 0000 ADD [EAX], AL
  119. 0x5fff0039 0000 ADD [EAX], AL
  120. 0x5fff003b 0000 ADD [EAX], AL
  121. 0x5fff003d 0000 ADD [EAX], AL
  122. 0x5fff003f 00 DB 0x0
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!