|
Èí¼þÐÅÏ¢
========
Èí¼þÃû³Æ:Internet Download Manager
Èí¼þ°æ±¾:3.15
ÏÂÔصØÖ· http://www.internetdownloadmanager.com/idman315.exe
ÌîÈë×¢²áÂ벿·ÖµÄËã·¨±È½Ï¼òµ¥£¬¿¼ÂÇƪ·ùÕâÀï¾Í²»ËµÁË£¬Ö»ËµËüµÄÖØÆôºÍRC¼ÓÃÜËã·¨
1¡¢
[HKEY_CURRENT_USER\Software\DownloadManager]
"idmvers"="3.16 Trial" <===ÌåÑé°æ£¬Òâ˼ÊÇ˵²»ÊÇÕýʽ°æÁË
"Serial"="ABCDE-GHIJK-MNOPQ-STUVW"
2¡¢Èí¼þÒ»¼ûµ½×¢²á±íÀïµÄSerial¼üÖµ£¬Á¢Âí¾Í±¨ÊÇ60ÌìÊÔÓð棬¿Ï¶¨ÓÐÎÊÌâ(¹À¼ÆÖ»ÊÇÔÚÌåÑé°æÀï¼ÓµÄ)
"Serial"="ABCDE-GHIJK-MNOPQ-STUVW"
3¡¢µ«ÊÇ£¬³ÌÐòÀïÒÀÈ»ÓкËÐÄУÑ鲿·Ö(¶øÇÒÓõÄÊÇRCµÄ¼ÓÃÜËã·¨)
0041249F . 68 A0674C00 PUSH IDMAN.004C67A0 ; |valueName = "Serial"
004124A4 . 897D FC MOV DWORD PTR SS:[EBP-4],EDI ; |
004124A7 . 52 PUSH EDX ; |hKey => 0
004124A8 . 897D EC MOV DWORD PTR SS:[EBP-14],EDI ; |
004124AB . C645 FC 01 MOV BYTE PTR SS:[EBP-4],1 ; |
004124AF . C685 5CFFFFFF >MOV BYTE PTR SS:[EBP-A4],0 ; |
004124B6 . C645 B0 00 MOV BYTE PTR SS:[EBP-50],0 ; |
004124BA . 895D E8 MOV DWORD PTR SS:[EBP-18],EBX ; |
004124BD . FFD6 CALL ESI ; \RegQueryvalueExA
004124BF . 85C0 TEST EAX,EAX
004124C1 . 75 1D JNZ SHORT IDMAN.004124E0
004124C3 . 8D85 5CFFFFFF LEA EAX,DWORD PTR SS:[EBP-A4]
¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡ <===ÔÚÕâÀï¿ÉÒÔ¿´µ½×¢²áÂë
004124C9 . 50 PUSH EAX ; /Arg1
004124CA . E8 21050000 CALL IDMAN.004129F0 <===¸ú½ø ; \IDMAN.004129F0
004124CF . 83C4 04 ADD ESP,4
004124D2 . 84C0 TEST AL,AL <===ÒªÏë³É¹¦£¬ÔòAL±ØÐëΪ0
004124D4 . 75 0A JNZ SHORT IDMAN.004124E0
004124D6 . C745 EC 010000>MOV DWORD PTR SS:[EBP-14],1
004124DD . 8B7D EC MOV EDI,DWORD PTR SS:[EBP-14]
004124E0 > A1 9CB74D00 MOV EAX,DWORD PTR DS:[4DB79C]
---------------004124CA CALL IDMAN.004129F0 ¸ú½ø----------------
004129F0 /$ 55 PUSH EBP
004129F1 |. 8BEC MOV EBP,ESP
004129F3 |. 6A FF PUSH -1
004129F5 |. 68 F8CD4900 PUSH IDMAN.0049CDF8 ; SE handler installation
004129FA |. 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]
00412A00 |. 50 PUSH EAX
00412A01 |. 64:8925 000000>MOV DWORD PTR FS:[0],ESP
00412A08 |. 83EC 58 SUB ESP,58
00412A0B |. 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
00412A0E |. 53 PUSH EBX
00412A0F |. 56 PUSH ESI
00412A10 |. 57 PUSH EDI
00412A11 |. 8BFA MOV EDI,EDX
00412A13 |. 83C9 FF OR ECX,FFFFFFFF
00412A16 |. 33C0 XOR EAX,EAX
00412A18 |. 33DB XOR EBX,EBX
00412A1A |. F2:AE REPNE SCAS BYTE PTR ES:[EDI]
00412A1C |. F7D1 NOT ECX
00412A1E |. 49 DEC ECX
00412A1F |. 8965 F0 MOV DWORD PTR SS:[EBP-10],ESP
00412A22 |. 83F9 32 CMP ECX,32
00412A25 |. 895D FC MOV DWORD PTR SS:[EBP-4],EBX
00412A28 |. 0F87 B0010000 JA IDMAN.00412BDE
00412A2E |. B9 0D000000 MOV ECX,0D
00412A33 |. 8D7D 9C LEA EDI,DWORD PTR SS:[EBP-64]
00412A36 |. F3:AB REP STOS DWORD PTR ES:[EDI]
00412A38 |. 8BFA MOV EDI,EDX
00412A3A |. 83C9 FF OR ECX,FFFFFFFF
00412A3D |. F2:AE REPNE SCAS BYTE PTR ES:[EDI]
00412A3F |. F7D1 NOT ECX
00412A41 |. 8D75 9C LEA ESI,DWORD PTR SS:[EBP-64]
00412A44 |. 2BF9 SUB EDI,ECX
00412A46 |. 8BD6 MOV EDX,ESI
00412A48 |. 8BC1 MOV EAX,ECX
00412A4A |. 8BF7 MOV ESI,EDI
00412A4C |. 8BFA MOV EDI,EDX
00412A4E |. C1E9 02 SHR ECX,2
00412A51 |. F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI]
00412A53 |. 8BC8 MOV ECX,EAX
00412A55 |. 83E1 03 AND ECX,3
00412A58 |. F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI]
00412A5A |. 8D4D EC LEA ECX,DWORD PTR SS:[EBP-14]
00412A5D |. E8 AE9B0200 CALL IDMAN.0043C610
00412A62 |. BF 64734C00 MOV EDI,IDMAN.004C7364 ; ASCII "506938841"
00412A67 |. 83C9 FF OR ECX,FFFFFFFF
00412A6A |. 33C0 XOR EAX,EAX
00412A6C |. C645 FC 01 MOV BYTE PTR SS:[EBP-4],1
00412A70 |. F2:AE REPNE SCAS BYTE PTR ES:[EDI]
00412A72 |. 8B7D 08 MOV EDI,DWORD PTR SS:[EBP+8]
00412A75 |. F7D1 NOT ECX
00412A77 |. 49 DEC ECX
00412A78 |. 51 PUSH ECX
00412A79 |. 83C9 FF OR ECX,FFFFFFFF
00412A7C |. F2:AE REPNE SCAS BYTE PTR ES:[EDI]
00412A7E |. F7D1 NOT ECX
00412A80 |. 49 DEC ECX
00412A81 |. 68 64734C00 PUSH IDMAN.004C7364
¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡ ; ASCII "506938841"(¹À¼Æ¾ÍÊÇÃÜÔ¿)
00412A86 |. 8D45 9C LEA EAX,DWORD PTR SS:[EBP-64]
00412A89 |. 51 PUSH ECX
00412A8A |. 50 PUSH EAX
¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡<===EAX="ABCDE-GHIJK-MNOPQ-STUVW"(¼Ù×¢²áÂë)
00412A8B |. 8D4D EC LEA ECX,DWORD PTR SS:[EBP-14]
00412A8E |. E8 0D9F0200 CALL IDMAN.0043C9A0
¡¡¡¡¡¡¡¡¡¡¡¡<===Ò»¸öºÜ¹Ø¼üµÄCALL£¬¶ÔÊý¾Ý¼ÓÃܵÄCALL(ÓõÄRC2µÄ¼ÓÃÜ·½Ê½)
00412A93 |. B2 C6 MOV DL,0C6
00412A95 |. B9 11000000 MOV ECX,11
00412A9A |. 8D7D D8 LEA EDI,DWORD PTR SS:[EBP-28]
00412A9D |. 8D75 9C LEA ESI,DWORD PTR SS:[EBP-64]
¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡
<===ESIΪ¼ÓÃܺóµÄÊý¾Ý
00412AA0 |. 33C0 XOR EAX,EAX
00412AA2 |. C645 D8 2B MOV BYTE PTR SS:[EBP-28],2B
00412AA6 |. C645 D9 52 MOV BYTE PTR SS:[EBP-27],52
00412AAA |. C645 DA D1 MOV BYTE PTR SS:[EBP-26],0D1
00412AAE |. C645 DB 9E MOV BYTE PTR SS:[EBP-25],9E
00412AB2 |. C645 DC 8A MOV BYTE PTR SS:[EBP-24],8A
00412AB6 |. C645 DD 82 MOV BYTE PTR SS:[EBP-23],82
00412ABA |. C645 DE DE MOV BYTE PTR SS:[EBP-22],0DE
00412ABE |. C645 DF EB MOV BYTE PTR SS:[EBP-21],0EB
00412AC2 |. C645 E0 EE MOV BYTE PTR SS:[EBP-20],0EE
00412AC6 |. C645 E1 62 MOV BYTE PTR SS:[EBP-1F],62
00412ACA |. C645 E2 A4 MOV BYTE PTR SS:[EBP-1E],0A4
00412ACE |. 8855 E3 MOV BYTE PTR SS:[EBP-1D],DL
00412AD1 |. C645 E4 84 MOV BYTE PTR SS:[EBP-1C],84
00412AD5 |. C645 E5 99 MOV BYTE PTR SS:[EBP-1B],99
00412AD9 |. C645 E6 8F MOV BYTE PTR SS:[EBP-1A],8F
00412ADD |. C645 E7 1F MOV BYTE PTR SS:[EBP-19],1F
00412AE1 |. 885D E8 MOV BYTE PTR SS:[EBP-18],BL
00412AE4 |. F3:A6 REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI]
<===ESIΪÎÒÃÇ×¢²áÂë¼ÓÃܺóµÄ½á¹û£¬EDI¾ÍÊÇÉÏÃæµÄÄÚ¶¨ÁÐ±í£º(Á½ÕßÒªÏàµÈ)
********************************************
0074DDD4 2B 52 D1 9E 8A 82 DE EB +RÑžŠ‚Þë
0074DDDC EE 62 A4 C6 84 99 8F 1F îb¤Æ„™?
********************************************
00412AE6 |. 0F84 E7000000 JE IDMAN.00412BD3
00412AEC |. B0 BE MOV AL,0BE
00412AEE |. 8855 E1 MOV BYTE PTR SS:[EBP-1F],DL
00412AF1 |. B9 19000000 MOV ECX,19
00412AF6 |. 8D7D D0 LEA EDI,DWORD PTR SS:[EBP-30]
00412AF9 |. 8D75 9C LEA ESI,DWORD PTR SS:[EBP-64]
00412AFC |. 33D2 XOR EDX,EDX
00412AFE |. C645 D0 92 MOV BYTE PTR SS:[EBP-30],92
00412B02 |. C645 D1 F5 MOV BYTE PTR SS:[EBP-2F],0F5
00412B06 |. C645 D2 25 MOV BYTE PTR SS:[EBP-2E],25
00412B0A |. C645 D3 CD MOV BYTE PTR SS:[EBP-2D],0CD
00412B0E |. C645 D4 78 MOV BYTE PTR SS:[EBP-2C],78
00412B12 |. 8845 D5 MOV BYTE PTR SS:[EBP-2B],AL
00412B15 |. C645 D6 4A MOV BYTE PTR SS:[EBP-2A],4A
00412B19 |. C645 D7 04 MOV BYTE PTR SS:[EBP-29],4
00412B1D |. C645 D8 6A MOV BYTE PTR SS:[EBP-28],6A
00412B21 |. C645 D9 FF MOV BYTE PTR SS:[EBP-27],0FF
00412B25 |. C645 DA A3 MOV BYTE PTR SS:[EBP-26],0A3
00412B29 |. C645 DB 2C MOV BYTE PTR SS:[EBP-25],2C
00412B2D |. C645 DC 9C MOV BYTE PTR SS:[EBP-24],9C
00412B31 |. C645 DD 96 MOV BYTE PTR SS:[EBP-23],96
00412B35 |. C645 DE 28 MOV BYTE PTR SS:[EBP-22],28
00412B39 |. C645 DF B0 MOV BYTE PTR SS:[EBP-21],0B0
00412B3D |. C645 E0 26 MOV BYTE PTR SS:[EBP-20],26
00412B41 |. C645 E2 A6 MOV BYTE PTR SS:[EBP-1E],0A6
00412B45 |. C645 E3 D5 MOV BYTE PTR SS:[EBP-1D],0D5
00412B49 |. C645 E4 D8 MOV BYTE PTR SS:[EBP-1C],0D8
00412B4D |. C645 E5 E3 MOV BYTE PTR SS:[EBP-1B],0E3
00412B51 |. C645 E6 EF MOV BYTE PTR SS:[EBP-1A],0EF
00412B55 |. C645 E7 07 MOV BYTE PTR SS:[EBP-19],7
00412B59 |. 885D E8 MOV BYTE PTR SS:[EBP-18],BL
00412B5C |. F3:A6 REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI]
<===ESIΪÎÒÃÇ×¢²áÂë¼ÓÃܺóµÄ½á¹û£¬EDI¾ÍÊÇÉÏÃæµÄÄÚ¶¨ÁÐ±í£º(Á½ÕßÒªÏàµÈ)
********************************************
0074DDCC 92 F5 25 CD 78 BE 4A 04 ’õ%Íx¾J�
0074DDD4 6A FF A3 2C 9C 96 28 B0 jÿ?œ–(
0074DDDC 26 C6 A6 D5 D8 E3 EF 07 &ƦÕØãï
********************************************
00412B5E |. 74 73 JE SHORT IDMAN.00412BD3
00412B60 |. B1 58 MOV CL,58
00412B62 |. 8845 DB MOV BYTE PTR SS:[EBP-25],AL
00412B65 |. 884D DE MOV BYTE PTR SS:[EBP-22],CL
00412B68 |. B2 9D MOV DL,9D
00412B6A |. 8845 E0 MOV BYTE PTR SS:[EBP-20],AL
00412B6D |. 884D E5 MOV BYTE PTR SS:[EBP-1B],CL
00412B70 |. B9 19000000 MOV ECX,19
00412B75 |. 8D7D D0 LEA EDI,DWORD PTR SS:[EBP-30]
00412B78 |. 8D75 9C LEA ESI,DWORD PTR SS:[EBP-64]
00412B7B |. 33C0 XOR EAX,EAX
00412B7D |. C645 D0 7B MOV BYTE PTR SS:[EBP-30],7B
00412B81 |. C645 D1 B3 MOV BYTE PTR SS:[EBP-2F],0B3
00412B85 |. C645 D2 42 MOV BYTE PTR SS:[EBP-2E],42
00412B89 |. C645 D3 79 MOV BYTE PTR SS:[EBP-2D],79
00412B8D |. C645 D4 65 MOV BYTE PTR SS:[EBP-2C],65
00412B91 |. C645 D5 CE MOV BYTE PTR SS:[EBP-2B],0CE
00412B95 |. C645 D6 2D MOV BYTE PTR SS:[EBP-2A],2D
00412B99 |. C645 D7 B8 MOV BYTE PTR SS:[EBP-29],0B8
00412B9D |. C645 D8 5E MOV BYTE PTR SS:[EBP-28],5E
00412BA1 |. C645 D9 13 MOV BYTE PTR SS:[EBP-27],13
00412BA5 |. C645 DA DF MOV BYTE PTR SS:[EBP-26],0DF
00412BA9 |. C645 DC F0 MOV BYTE PTR SS:[EBP-24],0F0
00412BAD |. C645 DD 61 MOV BYTE PTR SS:[EBP-23],61
00412BB1 |. 8855 DF MOV BYTE PTR SS:[EBP-21],DL
00412BB4 |. C645 E1 66 MOV BYTE PTR SS:[EBP-1F],66
00412BB8 |. C645 E2 52 MOV BYTE PTR SS:[EBP-1E],52
00412BBC |. C645 E3 75 MOV BYTE PTR SS:[EBP-1D],75
00412BC0 |. C645 E4 C9 MOV BYTE PTR SS:[EBP-1C],0C9
00412BC4 |. C645 E6 B6 MOV BYTE PTR SS:[EBP-1A],0B6
00412BC8 |. C645 E7 C8 MOV BYTE PTR SS:[EBP-19],0C8
00412BCC |. 885D E8 MOV BYTE PTR SS:[EBP-18],BL
00412BCF |. F3:A6 REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI]
<===ESIΪÎÒÃÇ×¢²áÂë¼ÓÃܺóµÄ½á¹û£¬EDI¾ÍÊÇÉÏÃæµÄÄÚ¶¨ÁÐ±í£º(Á½ÕßÒªÏàµÈ)£¬ÕâÀïÊǵÚ3´Î»ú»á
********************************************
0074DDCC 7B B3 42 79 65 CE 2D B8 {³Bye
0074DDD4 5E 13 DF BE F0 61 58 9D ^�ß¾ðaX
0074DDDC BE 66 52 75 C9 58 B6 C8 ¾fRuÉX¶È
********************************************
00412BD1 | 74 1E JNZ SHORT IDMAN.00412BF1
00412BD3 |> 8D4D EC LEA ECX,DWORD PTR SS:[EBP-14]
00412BD6 |. 885D FC MOV BYTE PTR SS:[EBP-4],BL
00412BD9 |. E8 629A0200 CALL IDMAN.0043C640
00412BDE |> 32C0 XOR AL,AL
00412BE0 |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
00412BE3 |. 64:890D 000000>MOV DWORD PTR FS:[0],ECX
00412BEA |. 5F POP EDI
00412BEB |. 5E POP ESI
00412BEC |. 5B POP EBX
00412BED |. 8BE5 MOV ESP,EBP
00412BEF |. 5D POP EBP
00412BF0 |. C3 RETN
|
|
ÉèΪÊ×Ò³
¼ÓÈëÊÕ²Ø
×ܱàÐÅÏä
Ͷ¸å»òÉêÇëרÀ¸ÇëÏÈ [µÇ ½]
