Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ;; Server's sensitive information taken...
- ;; #MalwareMustDie - @unixfreaxjp /malware/Iptablex]$ date
- ;; Mon Jun 16 14:08:27 JST 2014
- ;;
- .text:0804D760 sendLoginInfoa
- .text:0804D760 var_1A8 = dword ptr -1A8h
- .text:0804D760 var_1A4 = dword ptr -1A4h
- .text:0804D760 var_1A0 = dword ptr -1A0h
- .text:0804D760 var_19C = dword ptr -19Ch
- .text:0804D760 var_198 = dword ptr -198h
- .text:0804D760 var_18A = dword ptr -18Ah
- .text:0804D760 var_108 = dword ptr -108h
- .text:0804D760 var_86 = dword ptr -86h
- .text:0804D760 arg_0 = dword ptr 8
- .text:0804D760
- .text:0804D760 push ebp
- .text:0804D761 mov ebp, esp
- .text:0804D763 push ebx
- .text:0804D764 sub esp, 1A4h ; utsbuf
- .text:0804D76A mov eax, dword ptr ds:g_mainsrvinfo+124h
- .text:0804D76F movzx ebx, word ptr [eax+2]
- .text:0804D773 mov [esp+1A8h+var_1A0], 9Ch
- .text:0804D77B mov [esp+1A8h+var_1A4], 0
- .text:0804D783 mov [esp+1A8h+var_1A8], 81334DCh
- .text:0804D78A call memset
- .text:0804D78F lea eax, [ebp+var_18A]
- .text:0804D795 mov [esp+1A8h+var_1A8], eax
- .text:0804D798 call uname
- .text:0804D79D test eax, eax
- .text:0804D79F js short loc_804D7CF
- .text:0804D7A1 lea eax, [ebp+var_108]
- .text:0804D7A7 mov [esp+1A8h+var_198], 81334F0h
- .text:0804D7AF mov [esp+1A8h+var_19C], 81334ECh
- .text:0804D7B7 mov [esp+1A8h+var_1A0], 81334E8h
- .text:0804D7BF mov [esp+1A8h+var_1A4], offset aD_D_D ; "%d.%d.%d"
- .text:0804D7C7 mov [esp+1A8h+var_1A8], eax
- .text:0804D7CA call sscanf
- .text:0804D7CF
- .text:0804D7CF loc_804D7CF:
- .text:0804D7CF mov eax, [ebp+arg_0]
- .text:0804D7D2 shl ebx, 10h
- .text:0804D7D5 mov [esp+1A8h+var_1A4], 6Eh
- .text:0804D7DD mov [esp+1A8h+var_1A8], 81334F8h
- .text:0804D7E4 mov dword ptr ds:g_mainsrvinfo+144h, eax
- .text:0804D7E9 call getcpuinfcmd
- .text:0804D7EE call getmeminfcmd
- .text:0804D7F3 mov [esp+1A8h+var_1A4], (offset aLp64_off64+8)
- .text:0804D7FB mov dword ptr ds:g_mainsrvinfo+154h, eax
- .text:0804D800 mov eax, dword ptr ds:g_mainsrvinfo
- .text:0804D805 mov dword ptr ds:g_mainsrvinfo+140h, eax
- .text:0804D80A mov eax, ebx
- .text:0804D80C or eax, 1
- .text:0804D80F mov dword ptr ds:g_mainsrvinfo+13Ch, eax
- .text:0804D814 lea eax, [ebp+var_86]
- .text:0804D81A mov [esp+1A8h+var_1A8], eax
- .text:0804D81D call strstr
- .text:0804D822 test eax, eax
- .text:0804D824 jz short loc_804D82F
- .text:0804D826 or ebx, 3
- .text:0804D829 mov dword ptr ds:g_mainsrvinfo+13Ch, ebx
- .text:0804D82F
- .text:0804D82F loc_804D82F:
- .text:0804D82F mov dword ptr ds:g_mainsrvinfo+20h, 1
- .text:0804D839 add esp, 1A4h
- .text:0804D83F xor eax, eax
- .text:0804D841 pop ebx
- .text:0804D842 pop ebp
- .text:0804D843 retn
- .text:0804D843 sendLoginInfoa endp
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement