[spam][crazy] bomb malware
Karl
gmkarl at gmail.com
Tue Dec 14 02:59:41 PST 2021
fork situation resolved
i've loaded the mirai binary into the ghidra analyser.
Here's how ghidra displays the mirai entrypoint. Comments from me are
preceded by "//" inline.
**************************************************************
*
*
* FUNCTION
*
**************************************************************
undefined __regparm3 entry(undefined4
param_1, undefined...
undefined AL:1 <RETURN>
undefined4 EAX:4 param_1
undefined4 EDX:4 param_2
undefined4 Stack[-0x8]:4 local_8
XREF[1]: 0804816d(*)
entry
XREF[2]: Entry Point(*), 08048018(*)
08048164 31 ed XOR EBP,EBP
08048166 5e POP ESI
08048167 89 e1 MOV ECX,ESP
08048169 83 e4 f0 AND ESP,0xfffffff0
0804816c 50 PUSH param_1
0804816d 54 PUSH ESP=>local_8
0804816e 52 PUSH param_2
0804816f 68 d6 db PUSH LAB_0804dbd6
04 08
08048174 68 94 80 PUSH LAB_08048094
04 08
08048179 51 PUSH ECX
0804817a 56 PUSH ESI
0804817b 68 40 a5 PUSH FUN_0804a540
04 08
08048180 e8 ba 50 CALL FUN_0804d23f
int FUN_0804d23f(undefined * par
00 00
08048185 f4 HLT
08048186 90 90 90 align align(10)
90 90 90
90 90 90 90
More information about the cypherpunks
mailing list