[spam][crazy] bomb malware

[Karl]

param_2 is edx which is 0
that's the first three pushed values
then the function pointers, two of them
ecx here is 0xffffc944.  I type `p *$ecx` into gdb and see it's a
valid dereferencable pointer.  wonder where this came from.

glancing up at the entrypoint assembly

        08048167 89 e1           MOV        ECX,ESP
        08048169 83 e4 f0        AND        ESP,0xfffffff0

$ecx is $esp before being aligned to 16 bytes.