是个病毒,但没加载到任何一个程序上,应该是一个生成病毒的
查不到壳。无法SHIFT+F9 。。。头昏脑大的。
疑似ASProtect 几年没上网了。
研究了半天,摸不到点头绪。
004025A5 >/$ 55 push ebp
004025A6 |. 8BEC mov ebp, esp
004025A8 |. 6A FF push -1
004025AA |. 68 00314000 push 00403100
004025AF |. 68 26274000 push <jmp.&MSVCRT._except_handler3>
004025B4 |. 90 nop
004025B5 |. 64:A1 00000000 mov eax, dword ptr fs:[0]
004025BB |. 50 push eax
004025BC |. 64:8925 00000000 mov dword ptr fs:[0], esp
004025C3 |. 83EC 68 sub esp, 68
004025C6 |. 53 push ebx
004025C7 |. 56 push esi
004025C8 |. 57 push edi
004025C9 |. 8965 E8 mov dword ptr [ebp-18], esp
004025CC |. 33DB xor ebx, ebx
004025CE |. 895D FC mov dword ptr [ebp-4], ebx
004025D1 |. 6A 02 push 2
004025D3 |. FF15 8C304000 call dword ptr [<&MSVCRT.__set_app_ty>; msvcrt.__set_app_type
004025D9 |. 59 pop ecx
004025DA |. 830D 4C514000 FF or dword ptr [40514C], FFFFFFFF
004025E1 |. 830D 50514000 FF or dword ptr [405150], FFFFFFFF
004025E8 |. FF15 88304000 call dword ptr [<&MSVCRT.__p__fmode>] ; msvcrt.__p__fmode
004025EE |. 8B0D 48514000 mov ecx, dword ptr [405148]
004025F4 |. 8908 mov dword ptr [eax], ecx
004025F6 |. FF15 84304000 call dword ptr [<&MSVCRT.__p__commode>; msvcrt.__p__commode
004025FC |. 8B0D 44514000 mov ecx, dword ptr [405144]
00402602 |. 8908 mov dword ptr [eax], ecx
00402604 |. A1 80304000 mov eax, dword ptr [<&MSVCRT._adjust>
00402609 |. 8B00 mov eax, dword ptr [eax]
0040260B |. A3 54514000 mov dword ptr [405154], eax
00402610 |. E8 10010000 call 00402725
00402615 |. 391D B0404000 cmp dword ptr [4040B0], ebx
0040261B |. 75 0C jnz short 00402629
0040261D |. 68 22274000 push 00402722
00402622 |. FF15 98304000 call dword ptr [<&MSVCRT.__setusermat>; msvcrt.__setusermatherr
00402628 |. 59 pop ecx
00402629 |> E8 E2000000 call 00402710
0040262E |. 68 0C404000 push 0040400C
00402633 |. 68 08404000 push 00404008
00402638 |. E8 CD000000 call <jmp.&MSVCRT._initterm>
EAX 00000000
ECX 00010101
EDX FFFFFFFF
EBX 7FFDF000
ESP 0012FFC4
ESB 0012FFF0
ESI 00000000
EDI 00000000
EIP 001025A5
高手帮忙看下。。
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课