This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<mcconf> | |
<ver>1000064</ver> | |
<gtag>tt0002</gtag> | |
<servs> | |
<srv>91.83.88.51:451</srv> | |
<srv>46.237.117.193:449</srv> | |
<srv>85.221.243.6:449</srv> | |
<srv>79.170.7.139:449</srv> | |
<srv>41.57.103.218:449</srv> | |
<srv>196.202.194.202:449</srv> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<mcconf> | |
<ver>1000059</ver> | |
<gtag>tt0002</gtag> | |
<servs> | |
<srv>91.83.88.51:449</srv> | |
<srv>89.231.13.38:449</srv> | |
<srv>94.75.77.162:449</srv> | |
<srv>75.107.84.190:449</srv> | |
<srv>187.232.150.175:449</srv> | |
<srv>46.237.117.193:449</srv> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<mcconf> | |
<ver>1000048</ver> | |
<gtag>tt0002</gtag> | |
<servs> | |
<srv>91.83.88.51:449</srv> | |
<srv>147.135.196.128:443</srv> | |
<srv>195.133.147.135:443</srv> | |
<srv>185.158.113.62:443</srv> | |
<srv>194.87.146.180:443</srv> | |
<srv>194.87.99.220:443</srv> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<mcconf> | |
<ver>1000044</ver> | |
<gtag>tt0002</gtag> | |
<servs> | |
<srv>84.238.198.166:449</srv> | |
<srv>91.139.236.92:449</srv> | |
<srv>84.40.65.85:449</srv> | |
<srv>51.254.164.249:443</srv> | |
<srv>188.165.62.15:443</srv> | |
<srv>67.21.84.23:443</srv> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-------------------- | |
Main conf : | |
-------------------- | |
<mcconf> | |
<ver>1000042</ver> | |
<gtag>tt0002</gtag> | |
<servs> | |
<srv>84.238.198.166:449</srv> | |
<srv>91.139.236.92:449</srv> | |
<srv>84.40.65.85:449</srv> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-------------------- | |
Main conf : | |
-------------------- | |
<mcconf> | |
<ver>1000041</ver> | |
<gtag>tt0002</gtag> | |
<servs> | |
<srv>84.238.198.166:449</srv> | |
<srv>91.139.236.92:449</srv> | |
<srv>84.40.65.85:449</srv> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-------------------- | |
Main conf : | |
-------------------- | |
<mcconf> | |
<ver>1000040</ver> | |
<gtag>tt0002</gtag> | |
<servs> | |
<srv>84.238.198.166:449</srv> | |
<srv>91.139.236.92:449</srv> | |
<srv>84.40.65.85:449</srv> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# coding: utf-8 | |
# ====================================================== # | |
# # | |
# FLOKIBOT BOT32 DEOBFUSCATION IDA SCRIPT # | |
# # | |
# http://adelmas.com/blog/flokibot.php # | |
# # | |
# ====================================================== # |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# coding: utf-8 | |
RunPlugin("python", 3) | |
AttachProcess(2892, -1) # PID | |
off_ssl_read = LocByName("_ssl3_read") | |
off_ssl_write = LocByName("_ssl3_write") | |
# - Hooks on _ssl3_write, _ssl3_read --------------------------------------- | |
cond_read = """ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
; Reflective Loader shellcode loading a DLL | |
; =============================================== | |
; Posted on http://adelmas.com/blog/fileless_malwares.php by @ArnaudDlms | |
; | |
; Written in x86 ASM with Flat Assembler | |
; No junk code added so executable might be detected as malicious by AVs | |
; Host process must be 32-bit | |
; | |
; Inspired by the following C code by Stephen Fewer : | |
; https://github.com/stephenfewer/ReflectiveDLLInjection/blob/master/dll/src/ReflectiveLoader.c |
NewerOlder