[spam][crazy] bomb malware

Tue Dec 14 03:45:01 PST 2021

// call EDX as a function.  EDX is the 4th 32-bit register, i.e. cpu
working-memory.
        080480d9 ff d2           CALL       EDX

// this is where the jump statement from 080480cd ends up.  So, this
is the start of the while loop, and the code immediately above isn't
executed until this is.
                             LAB_080480db
      XREF[1]:     080480cd(j)
// copy PTR_DAT_0804e024 into EAX.
        080480db a1 24 e0        MOV        EAX,[PTR_DAT_0804e024]
                      = 0804e00c
                 04 08

I'm a little confused on whether [ADDR] dereferences the data pointed
to by the address or not, in this notation.  I think I'll look it up.