This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
__int64 __fastcall sub_1400014F0(int a1) | |
{ | |
__int64 result; // rax | |
if ( !(unsigned int)sub_1400012F0() ) | |
return 0xFFFFFFFFi64; | |
result = 0i64; | |
if ( !dword_14000C7C0 ) | |
return 0xFFFFFFFFi64; | |
while ( a1 != dword_14000C7C4[2 * result] ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
__int64 __fastcall sub_140004430(int a1) | |
{ | |
unsigned int v1; // edi | |
int v2; // er12 | |
unsigned int v3; // er13 | |
int v5; // eax | |
unsigned int v6; // edx | |
bool v7; // bl | |
unsigned __int8 v8; // cl | |
bool v9; // dl |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
0x351048: InternetOpenA | |
0x351258: InternetConnectA | |
0x3512ad: InternetConnectA | |
0x351310: InternetCloseHandle | |
0x351407: HttpOpenRequestA | |
0x3516fd: GetTickCount | |
0x351743: GetTickCount | |
0x352b64: HttpSendRequestA | |
0x352c7f: HttpQueryInfoA | |
0x352d78: InternetCloseHandle |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package arm; | |
... | |
public class StubApp extends Application { | |
public static final String MAIN_APPLICATION = "com.e4a.runtime.android.E4Aapplication"; | |
static { | |
System.loadLibrary("arm_protect"); | |
} | |
static void loadDex(List list, Context context) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="utf-8" standalone="no"?><manifest xmlns:android="http://schemas.android.com/apk/res/android" android:compileSdkVersion="23" android:compileSdkVersionCodename="6.0-2438415" package="com.fDEjydykk" platformBuildVersionCode="23" platformBuildVersionName="6.0-2438415"> | |
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/> | |
<uses-permission android:name="com.android.launcher.permission.INSTALL_SHORTCUT"/> | |
<uses-permission android:name="android.permission.GET_TASKS"/> | |
<uses-permission android:name="android.permission.REQUEST_INSTALL_PACKAGES"/> | |
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/> | |
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE"/> | |
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION"/> | |
<uses-permission android:name="android.permission.READ_PHONE_STATE"/> | |
<uses-permission android:name="android.permission.MOUNT_UNMOUNT_FILESYSTEMS"/> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// https://wikileaks.org/ciav7p1/cms/page_11628909.html | |
#include <iostream> | |
#include <WbemCli.h> | |
#pragma comment(lib, "wbemuuid.lib") | |
int wmain(int argc, wchar_t* argv[]) | |
{ | |
if (argc != 2) { | |
printf("Usage: binary.exe <command>"); | |
return 0; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
void FUN_140001070(int param_1,longlong param_2,undefined8 param_3,undefined8 param_4) | |
{ | |
u_short uVar1; | |
HRESULT HVar2; | |
int iVar3; | |
basic_ostream<char,struct_std::char_traits<char>_> *this; | |
longlong *plVar4; | |
undefined8 uVar5; | |
wchar_t *pwVar6; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Conti Ransomware | |
''' | |
"OleAut32.dll", | |
"Iphlpapi.dll", | |
"Kernel32.dll", | |
"Shell32.dll", | |
"Rstrtmgr.dll", | |
"Netapi32.dll", | |
"Advapi32.dll", | |
"Shlwapi.dll", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Conti Ransomware | |
import json | |
import pefile | |
from qiling import * | |
# Hashes collected from the malware | |
sample_hashes =["0xd52132a3", "0xf701962c", "0x6a095e21", "0xdf1af05e", "0x5d48fbaf", "0xbe3d21a8", "0xbe3d21a8", "0xbe3d21a8", "0xbe3d21a8", "0xbe3d21a8", "0xbe3d21a8", "0xbe3d21a8", "0xbe3d21a8", "0xbe3d21a8", "0xbe3d21a8", "0xbe3d21a8", "0xbe3d21a8", "0x5fa07416", "0xf06e87ca", "0x1b1acbcc", "0x269e9ef4", "0xb9072e66", "0x92f9234b", "0xf955c4d0", "0xf955c4d0", "0xa5eb6e47", "0xa5eb6e47", "0x2bdbdf4e", "0xcc12507f", "0xd3a7a468", "0xb32feeec", "0xdf1af05e", "0xb32feeec", "0xe6bc0210", "0x5243a16a", "0xeedec24b", "0xe6bc0210", "0xde5dbfdc", "0xd3a7a468", "0xe6bc0210", "0xe6bc0210", "0x1972bf90", "0x78ee4dfa", "0xeedec24b", "0xd3a7a468", "0x4d9702d0", "0x7324a0a2", "0x6a095e21", "0xa5eb6e47", "0xa5eb6e47", "0x1b99344d", "0x1b99344d", "0x2ffbe59f", "0x2ffbe59f", "0xc88071b1", "0x21cca665", "0xc45f4a8c", "0xc45f4a8c", "0xc45f4a8c", "0xf99eabb9", "0xc7dfa7fc", "0xd72e57a9", "0xd72e57a9", "0xd72e57a9", "0xd72e57 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Qakbot string decode script for GHIDRA | |
#@author ChiamYJ | |
#@category [Malware Analysis] Qakbot | |
# The address might be different in your machine. | |
dec_routine = toAddr(0x10010eff) | |
enc_strings = toAddr(0x10028a50) | |
bytes_arr = toAddr(0x1002f188) | |
comm_addr = 0 |
NewerOlder