View dll_functions.txt
advapi32.dll, ADVAPI32_1000
advapi32.dll, I_ScGetCurrentGroupStateW
advapi32.dll, A_SHAFinal
advapi32.dll, A_SHAInit
advapi32.dll, A_SHAUpdate
advapi32.dll, AbortSystemShutdownA
advapi32.dll, AbortSystemShutdownW
advapi32.dll, AccessCheck
advapi32.dll, AccessCheckAndAuditAlarmA
advapi32.dll, AccessCheckAndAuditAlarmW
View FBI_hash.py
from idaapi import *
from idautils import *
def ROR(x, n):
return ((x >> n) | (x << (32 - n))) & 0xFFFFFFFF
def calc_FBI_hash(dllname, function):
dll_hash = 0
for char in dllname:
View diasasm.asm
; Input SHA256 : 3A74FBDF96B5E73F930F5887A82E4008FFB8484AE180DD3F7DE7480BC5577345
; Input MD5 : 614D07EF7777CFF5CFDF741587A097DA
; Input CRC32 : B326AB6B
; ---------------------------------------------------------------------------
; File Name : D:\_anal_temp\shellcode2.bin
; Format : Binary file
; Base Address: 0000h Range: 0000h - 02FCh Loaded length: 02FCh
.686p
View Jumble_Mumble_solver.py
import struct
import hashlib
def ROR(x, n):
return ((x >> n) | (x << (32 - n))) & 0xFFFFFFFF
def ROL(x, n):
return ((x << n) | ((x) >> (32-(n)))) & 0xFFFFFFFF
def matrix_print(matrix):
View fonts_check_result.txt
My attempt to check signatures of font files (*.ttc and *.ttf) from Dragos Ruiu's #badBIOS kit:
https://plus.google.com/103470457057356043365/posts/K7WeA1gqH2h
Used tools:
Sysinternals Sigcheck v2.01: http://technet.microsoft.com/en-us/sysinternals/bb897441.aspx
mssipotf.dll - DLL file that implements a Subject Interface Package (SIP) for font files: http://www.microsoft.com/typography/developers/dsig/dsig.htm
algcheck.exe - Homemade tool for checking signing algorithm and public key size
Following files don't have digital signature: