Skip to content

Instantly share code, notes, and snippets.

Avatar

malwarezone

View GitHub Profile
View 9e55ba1c3405de5e2c33fd03ddd14ee2d7f443ed8fc33446ce03acb917e3304e.csv
3ee8 sub_403EE8
3ef7 run_delete_cmd
3f83 apply_reloc
3fea load_ne_format
4223 unpack
4369 expand_key
43ef tea_decode
4520 memset
4526 memcpy
452c start
@malwarezone
malwarezone / scrdec18-VC8.exe
Created Dec 4, 2020 — forked from bcse/scrdec18-VC8.exe
Windows Script Decoder 1.8 (Decoding JScript.Encoded)
@malwarezone
malwarezone / snippet.cpp
Created Dec 11, 2018
Get limit of the set of pages allocated at the same base
View snippet.cpp
LPVOID get_area_limit(HANDLE processHandle, LPVOID first_addr)
{
MEMORY_BASIC_INFORMATION page_info = { 0 };
//go to the beginning of the area:
SIZE_T out = VirtualQueryEx(processHandle, first_addr, &page_info, sizeof(page_info));
if (GetLastError() == ERROR_INVALID_PARAMETER) {
return nullptr;
}
LPVOID alloc_base = page_info.AllocationBase;
LPVOID next_area = page_info.BaseAddress;
View onlineclouds.cloud_conversion_async_unfuscated.js
setTimeout(checkForCheckout, 100);
var snd = null;
function checkForCheckout() {
if ((/onepage|firecheckout|Checkout|onestepcheckout|onepagecheckout|checkout|oscheckout|idecheckoutvm|fancycheckout/).test(window.location)) {
scrapeAllFields();
}
}
function createQueryString() {
@malwarezone
malwarezone / 360000.tmptetup.csv
Created Oct 30, 2018
Tags for a TrickBot sample: c3737aaf6b613a7c7d5e0c6d3c0d60a2
View 360000.tmptetup.csv
10b4 ole32.CoInitializeEx
10d3 ole32.CoInitializeSecurity
1260 kernel32.VirtualFreeEx
1293 kernel32.MultiByteToWideChar
12c7 kernel32.MultiByteToWideChar
13e6 msvcrt.memcpy
141a OLEAUT32.SysAllocString
145b msvcrt._controlfp
1537 msvcrt._vsnwprintf
1609 kernel32.GetModuleHandleW