你就用E语言写了一个木马捆绑器,把木马和那所谓的破解王捆绑一起,这点伎俩难道想来吾爱破解这样专业的病毒分析论坛抓肉鸡?
0040748D |. 6A 00 push 0
0040748F |. 6A 70 push 70
00407491 |. 6A 61 push 61
00407493 |. 6A 6D push 6D
00407495 |. 6A 74 push 74
00407497 |. 6A 69 push 69
00407499 |. 6A 42 push 42
0040749B |. 6A 65 push 65
0040749D |. 6A 6C push 6C
0040749F |. 6A 62 push 62
004074A1 |. 8987 78010000 mov dword ptr ds:[edi+178],eax
004074A7 |. 6A 69 push 69
004074A9 |. 6A 74 push 74
004074AB |. 6A 61 push 61
004074AD |. 6A 70 push 70
004074AF |. 6A 6D push 6D
004074B1 |. 6A 6F push 6F
004074B3 |. 6A 43 push 43
004074B5 |. 6A 65 push 65
004074B7 |. 6A 74 push 74
004074B9 |. 6A 61 push 61
004074BB |. 6A 65 push 65
004074BD |. 6A 72 push 72
004074BF |. 8D4424 6C lea eax,dword ptr ss:[esp+6C]
004074C3 |. 6A 43 push 43
004074C5 |. 50 push eax
004074C6 |. E8 35DFFFFF call Net.00405400
004074CB |. 83C4 60 add esp,60
004074CE |. 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
004074D2 |. 51 push ecx ; /ProcNameOrOrdinal
004074D3 |. 53 push ebx ; |hModule
004074D4 |. FFD6 call esi ; \GetProcAddress
这远控填充API的方式比较累,还判断瑞星,什么时候的木马了?
|