ȫ(dll-EXE)[:ˡ] 
2009-11-08  07:32

е:  
EXEDLLͨ----------ˡ 


ΪʵּɵʽĲͨ,Щü,ش˸л
ѩxfish:Anti Virusר⡿ϵ!!!


밴в:

1:LoadPEļ,Ŀ¼,RVAַ
2:OD,ڿհ״,ѸռµRVAַԭڵַá.
3:ڵΪ˴뿪ʼ(Ǳ,ȷúǰд˴)
4:ԭRVAַ0ԸΪд



:

10074280 > $  E8 01000000   CALL 1291SS.10074286
10074285      00            DB 00
10074286   .  58            POP EAX
10074287   .  8038 00       CMP BYTE PTR DS:[EAX],0
1007428A   .  0F85 F5000000 JNZ 1291SS.10074385
10074290   .  FE00          INC BYTE PTR DS:[EAX]
10074292      64:A1 3000000>MOV EAX,DWORD PTR FS:[30]
10074298      8B40 0C       MOV EAX,DWORD PTR DS:[EAX+C]
1007429B      8B40 1C       MOV EAX,DWORD PTR DS:[EAX+1C]
1007429E      8B00          MOV EAX,DWORD PTR DS:[EAX]
100742A0      8B40 08       MOV EAX,DWORD PTR DS:[EAX+8]
100742A3   .  8BD8          MOV EBX,EAX
100742A5   .  E8 0F000000   CALL 1291SS.100742B9
100742AA   .  47            INC EDI
100742AB   .  65:74 50      JE SHORT 1291SS.100742FE
100742AE   .  72 6F         JB SHORT 1291SS.1007431F
100742B0   .  6341 64       ARPL WORD PTR DS:[ECX+64],AX
100742B3   .  64:72 65      JB SHORT 1291SS.1007431B
100742B6   .  73 73         JNB SHORT 1291SS.1007432B
100742B8      00            DB 00
100742B9   .  59            POP ECX
100742BA   .  60            PUSHAD
100742BB   .  89C3          MOV EBX,EAX
100742BD   .  89CF          MOV EDI,ECX
100742BF   .  30C0          XOR AL,AL
100742C1   >  AE            SCAS BYTE PTR ES:[EDI]
100742C2   .^ 75 FD         JNZ SHORT 1291SS.100742C1
100742C4   .  4F            DEC EDI
100742C5   .  29CF          SUB EDI,ECX
100742C7   .  87F9          XCHG ECX,EDI
100742C9   .  8B43 3C       MOV EAX,DWORD PTR DS:[EBX+3C]
100742CC   .  8B7403 78     MOV ESI,DWORD PTR DS:[EBX+EAX+78]
100742D0   .  8D741E 18     LEA ESI,DWORD PTR DS:[ESI+EBX+18]
100742D4   .  AD            LODS DWORD PTR DS:[ESI]
100742D5   .  92            XCHG EAX,EDX
100742D6   .  AD            LODS DWORD PTR DS:[ESI]
100742D7   .  50            PUSH EAX
100742D8   .  AD            LODS DWORD PTR DS:[ESI]
100742D9   .  95            XCHG EAX,EBP
100742DA   .  AD            LODS DWORD PTR DS:[ESI]
100742DB   .  95            XCHG EAX,EBP
100742DC   .  01D8          ADD EAX,EBX
100742DE   .  897C24 18     MOV DWORD PTR SS:[ESP+18],EDI
100742E2   .  894C24 14     MOV DWORD PTR SS:[ESP+14],ECX
100742E6   >  4A            DEC EDX
100742E7   .  74 27         JE SHORT 1291SS.10074310
100742E9   .  8B3490        MOV ESI,DWORD PTR DS:[EAX+EDX*4]
100742EC   .  01DE          ADD ESI,EBX
100742EE   .  F3:A6         REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:>
100742F0   .  74 0A         JE SHORT 1291SS.100742FC
100742F2   .  8B7C24 18     MOV EDI,DWORD PTR SS:[ESP+18]
100742F6   .  8B4C24 14     MOV ECX,DWORD PTR SS:[ESP+14]
100742FA   .^ EB EA         JMP SHORT 1291SS.100742E6
100742FC   >  D1E2          SHL EDX,1
100742FE   >  01D5          ADD EBP,EDX
10074300   .  0FB7441D 00   MOVZX EAX,WORD PTR SS:[EBP+EBX]
10074305   .  C1E0 02       SHL EAX,2
10074308   .  030424        ADD EAX,DWORD PTR SS:[ESP]
1007430B   .  8B0403        MOV EAX,DWORD PTR DS:[EBX+EAX]
1007430E   .  01D8          ADD EAX,EBX
10074310   >  59            POP ECX
10074311   .  894424 1C     MOV DWORD PTR SS:[ESP+1C],EAX
10074315   .  895C24 18     MOV DWORD PTR SS:[ESP+18],EBX
10074319      E8            DB E8
1007431A      12            DB 12
1007431B   .  0000          ADD BYTE PTR DS:[EAX],AL
1007431D   .  0000          ADD BYTE PTR DS:[EAX],AL
1007431F   .  0000          ADD BYTE PTR DS:[EAX],AL
10074321   .  004C6F 61     ADD BYTE PTR DS:[EDI+EBP*2+61],CL
10074325   .  64:4C         DEC ESP
10074327      69            DB 69
10074328   .  6272 61       BOUND ESI,QWORD PTR DS:[EDX+61]
1007432B   .  72 79         JB SHORT 1291SS.100743A6
1007432D   .  41            INC ECX
1007432E   .  0000          ADD BYTE PTR DS:[EAX],AL
10074330   $  59            POP ECX
10074331   .  83C1 04       ADD ECX,4
10074334   .  51            PUSH ECX
10074335   .  53            PUSH EBX
10074336   .  FFD0          CALL EAX
10074338   .  894424 14     MOV DWORD PTR SS:[ESP+14],EAX
1007433C   .  E8 00000000   CALL 1291SS.10074341
10074341   $  5D            POP EBP
10074342   .  81E5 0000FFFF AND EBP,FFFF0000
10074348   .  33C0          XOR EAX,EAX
1007434A   .  EB 06         JMP SHORT 1291SS.10074352
1007434C   >  81ED 00100000 SUB EBP,1000
10074352   >  66:8B45 00    MOV AX,WORD PTR SS:[EBP]
10074356   .  66:3D 4D5A    CMP AX,5A4D
1007435A   .  90            NOP
1007435B   .^ 75 EF         JNZ SHORT 1291SS.1007434C
1007435D   .  8B45 3C       MOV EAX,DWORD PTR SS:[EBP+3C]
10074360   .  8B0428        MOV EAX,DWORD PTR DS:[EAX+EBP]
10074363   .  3D 50450000   CMP EAX,4550
10074368   .^ 75 E2         JNZ SHORT 1291SS.1007434C
1007436A   .  B8 48611100   MOV EAX,116148                      //LoadPEʾRVAַ
1007436F   .  36:8D1C28     LEA EBX,DWORD PTR SS:[EAX+EBP]
10074373   >  8B43 0C       MOV EAX,DWORD PTR DS:[EBX+C]
10074376   .  85C0          TEST EAX,EAX
10074378   .  74 0A         JE SHORT 1291SS.10074384
1007437A   .  E8 0D000000   CALL 1291SS.1007438C
1007437F   .  83C3 14       ADD EBX,14
10074382   .^ EB EF         JMP SHORT 1291SS.10074373
10074384   >  61            POPAD
10074385   >^ E9 828FF9FF   JMP 1291SS.1000D30C                 //,ԭڵ
1007438A      90            NOP
1007438B      90            NOP
1007438C   $  53            PUSH EBX
1007438D   .  8D1428        LEA EDX,DWORD PTR DS:[EAX+EBP]
10074390   .  52            PUSH EDX
10074391   .  FF5424 20     CALL DWORD PTR SS:[ESP+20]
10074395   .  8BD0          MOV EDX,EAX
10074397   .  8B5B 10       MOV EBX,DWORD PTR DS:[EBX+10]
1007439A   .  8D1C2B        LEA EBX,DWORD PTR DS:[EBX+EBP]
1007439D   >  8B03          MOV EAX,DWORD PTR DS:[EBX]
1007439F   .  85C0          TEST EAX,EAX
100743A1   .  74 23         JE SHORT 1291SS.100743C6
100743A3   .  3D 00000080   CMP EAX,80000000
100743A8   .  72 07         JB SHORT 1291SS.100743B1
100743AA   .  2D 00000080   SUB EAX,80000000
100743AF   .  EB 06         JMP SHORT 1291SS.100743B7
100743B1   >  8D0428        LEA EAX,DWORD PTR DS:[EAX+EBP]
100743B4   .  83C0 02       ADD EAX,2
100743B7   >  52            PUSH EDX
100743B8   .  50            PUSH EAX
100743B9   .  52            PUSH EDX
100743BA   .  FF5424 30     CALL DWORD PTR SS:[ESP+30]
100743BE   .  8903          MOV DWORD PTR DS:[EBX],EAX
100743C0   .  83C3 04       ADD EBX,4
100743C3   .  5A            POP EDX
100743C4   .^ EB D7         JMP SHORT 1291SS.1007439D
100743C6   >  5B            POP EBX
100743C7   .  C3            RETN

ƴ:
E8 01 00 00 00 00 58 80 38 00 0F 85 F5 00 00 00 FE 00 64 A1 30 00 00 00 8B 40 0C 8B 40 1C 8B 00
8B 40 08 8B D8 E8 0F 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 59 60 89 C3 89 CF 30
C0 AE 75 FD 4F 29 CF 87 F9 8B 43 3C 8B 74 03 78 8D 74 1E 18 AD 92 AD 50 AD 95 AD 95 01 D8 89 7C
24 18 89 4C 24 14 4A 74 27 8B 34 90 01 DE F3 A6 74 0A 8B 7C 24 18 8B 4C 24 14 EB EA D1 E2 01 D5
0F B7 44 1D 00 C1 E0 02 03 04 24 8B 04 03 01 D8 59 89 44 24 1C 89 5C 24 18 E8 12 00 00 00 00 00
00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 59 83 C1 04 51 53 FF D0 89 44 24 14 E8 00 00 00
00 5D 81 E5 00 00 FF FF 33 C0 EB 06 81 ED 00 10 00 00 66 8B 45 00 66 3D 4D 5A 90 75 EF 8B 45 3C
8B 04 28 3D 50 45 00 00 75 E2 B8 48 61 11 00 36 8D 1C 28 8B 43 0C 85 C0 74 0A E8 0D 00 00 00 83
C3 14 EB EF 61 E9 82 8F F9 FF 90 90 53 8D 14 28 52 FF 54 24 20 8B D0 8B 5B 10 8D 1C 2B 8B 03 85
C0 74 23 3D 00 00 00 80 72 07 2D 00 00 00 80 EB 06 8D 04 28 83 C0 02 52 50 52 FF 54 24 30 89 03
83 C3 04 5A EB D7 5B C3

