首页 | 最新病毒 | 反病毒学院 | qq病毒专杀 | arp病毒 | MSN病毒 | auto病毒专杀 | U盘病毒 | downloader病毒 | 木马查杀 | 计算机病毒 | 最新漏洞   
您的位置: 首页 >> qq病毒专杀 >> 阅读资讯:简析 QQ远程视频嗅探器

简析 QQ远程视频嗅探器

[ 作者:阿虎 | 更新日期:2008-6-2 09:24:48 | 阅读次数: ]

这款东东,是个骗人的家伙,不过骗人作的相对像那么回事~

要求宣传他的网站,hxxp://www.jw35.cn/zc.asp 当有100个IP流量的时候给你注册吗, 经分析该注册验证模块是假的,根本不能通过验证~且其连接按牛就此伪注册功能~

0040245E   . 8BC8          mov ecx,eax
00402460   . E8 A9240000   call <jmp.&MFC42.#3874_CWnd::GetWindowTextA>
00402465   . 8B4C24 10     mov ecx,dword ptr ss:[esp+10]
00402469   . 8B69 F8       mov ebp,dword ptr ds:[ecx-8]
0040246C   . 3BEE          cmp ebp,esi
0040246E   . 75 3F         jnz short 远程视频.004024AF
00402470   . 56            push esi
00402471   . 56            push esi
00402472   . 51            push ecx
00402473   . 8BCC          mov ecx,esp
00402475   . 896424 20     mov dword ptr ss:[esp+20],esp
00402479   . 68 D0814000   push 远程视频.004081D0                                          ; x+vpymrkyovxorlhwuuhow==
0040247E   . E8 61240000   call <jmp.&MFC42.#537_CString::CString>                     ; 请输入密码
00402483   . 8D5424 20     lea edx,dword ptr ss:[esp+20]                               ; |
00402487   . 8BCF          mov ecx,edi                                                 ; |
00402489   . 52            push edx                                                    ; |Arg1
0040248A   . E8 A1010000   call <远程视频.decode>                                          ; \远程视频.00402630
0040248F   . 8BC8          mov ecx,eax
00402491   . C64424 2C 01 mov byte ptr ss:[esp+2C],1
00402496   . E8 55020000   call <远程视频.mov [ecx]>
0040249B   . 50            push eax
0040249C   . E8 97240000   call <jmp.&MFC42.#1200_AfxMessageBox>
004024A1   . C64424 24 00 mov byte ptr ss:[esp+24],0
004024A6   . 8D4C24 14     lea ecx,dword ptr ss:[esp+14]
004024AA   . E9 B2000000   jmp 远程视频.00402561
004024AF   > 83FD 23       cmp ebp,23
004024B2   . 74 3C         je short 远程视频.004024F0
004024B4   . 56            push esi
004024B5   . 56            push esi
004024B6   . 51            push ecx
004024B7   . 8BCC          mov ecx,esp
004024B9   . 896424 20     mov dword ptr ss:[esp+20],esp
004024BD   . 68 8C814000   push 远程视频.0040818C                                          ; 16ky4clrs6s2ylk7ttsjrmfr1nnk5mjr0ru0zqos16ls4rk70qrt0l/vupghow==
004024C2   . E8 1D240000   call <jmp.&MFC42.#537_CString::CString>                     ; 密码长度不够
004024C7   . 8D4424 20     lea eax,dword ptr ss:[esp+20]                               ; |
004024CB   . 8BCF          mov ecx,edi                                                 ; |
004024CD   . 50            push eax                                                    ; |Arg1
004024CE   . E8 5D010000   call <远程视频.decode>                                          ; \远程视频.00402630
004024D3   . 8BC8          mov ecx,eax
004024D5   . C64424 2C 02 mov byte ptr ss:[esp+2C],2
004024DA   . E8 11020000   call <远程视频.mov [ecx]>
004024DF   . 50            push eax
004024E0   . E8 53240000   call <jmp.&MFC42.#1200_AfxMessageBox>
004024E5   . C64424 24 00 mov byte ptr ss:[esp+24],0
004024EA   . 8D4C24 14     lea ecx,dword ptr ss:[esp+14]
004024EE   . EB 71         jmp short 远程视频.00402561
004024F0   > 3BEE          cmp ebp,esi
004024F2   . 7E 31         jle short 远程视频.00402525
004024F4   > 8B4C24 10     mov ecx,dword ptr ss:[esp+10]
004024F8   . 8A1C0E        mov bl,byte ptr ds:[esi+ecx]
004024FB   . 0FBED3        movsx edx,bl
004024FE   . 52            push edx                                                    ; /c
004024FF   . FF15 C0624000 call dword ptr ds:[<&MSVCRT.isdigit>]                       ; \isdigit
00402505   . 83C4 04       add esp,4
00402508   . 85C0          test eax,eax
0040250A   . 75 14         jnz short 远程视频.00402520
0040250C   . 80FB 61       cmp bl,61
0040250F   . 7C 05         jl short 远程视频.00402516
00402511   . 80FB 7A       cmp bl,7A
00402514   . 7E 0A         jle short 远程视频.00402520
00402516   > 80FB 41       cmp bl,41
00402519   . 7C 6F         jl short 远程视频.0040258A
0040251B   . 80FB 5A       cmp bl,5A
0040251E   . 7F 6A         jg short 远程视频.0040258A
00402520   > 46            inc esi
00402521   . 3BF5          cmp esi,ebp
00402523   .^ 7C CF         jl short 远程视频.004024F4
00402525   > 6A 00         push 0                                                      ; (初始 cpu 选择)
00402527   . 6A 00         push 0
00402529   . 51            push ecx
0040252A   . 8BCC          mov ecx,esp
0040252C   . 896424 24     mov dword ptr ss:[esp+24],esp
00402530   . 68 78814000   push 远程视频.00408178                                          ; zt7qp7xe16ky4clr
00402535   . E8 AA230000   call <jmp.&MFC42.#537_CString::CString>                     ; 无效密码
0040253A   . 8D4C24 24     lea ecx,dword ptr ss:[esp+24]                               ; |
0040253E   . 51            push ecx                                                    ; |Arg1
0040253F   . 8BCF          mov ecx,edi                                                 ; |
00402541   . E8 EA000000   call <远程视频.decode>                                          ; \远程视频.00402630
00402546   . 8BC8          mov ecx,eax
00402548   . C64424 2C 05 mov byte ptr ss:[esp+2C],5
0040254D   . E8 9E010000   call <远程视频.mov [ecx]>
00402552   . 50            push eax
00402553   . E8 E0230000   call <jmp.&MFC42.#1200_AfxMessageBox>
00402558   . C64424 24 00 mov byte ptr ss:[esp+24],0
0040255D   . 8D4C24 18     lea ecx,dword ptr ss:[esp+18]
00402561   > E8 42230000   call <jmp.&MFC42.#800_CString::~CString>
00402566   . 8D4C24 10     lea ecx,dword ptr ss:[esp+10]
0040256A   . C74424 24 FFF>mov dword ptr ss:[esp+24],-1
00402572   . E8 31230000   call <jmp.&MFC42.#800_CString::~CString>
00402577   . 8B4C24 1C     mov ecx,dword ptr ss:[esp+1C]
0040257B   . 5F            pop edi
0040257C   . 5E            pop esi
0040257D   . 5D            pop ebp
0040257E   . 64:890D 00000>mov dword ptr fs:[0],ecx
00402585   . 5B            pop ebx
00402586   . 83C4 18       add esp,18
00402589   . C3            retn
0040258A   > 85F6          test esi,esi
0040258C   . 74 4F         je short 远程视频.004025DD
0040258E   . 8BC6          mov eax,esi
00402590   . B9 06000000   mov ecx,6
00402595   . 99            cdq
00402596   . F7F9          idiv ecx
00402598   . 85D2          test edx,edx
0040259A   . 75 41         jnz short 远程视频.004025DD
0040259C   . 80FB 2D       cmp bl,2D
0040259F   . 74 3C         je short 远程视频.004025DD
004025A1   . 52            push edx
004025A2   . 52            push edx
004025A3   . 51            push ecx
004025A4   . 8BCC          mov ecx,esp
004025A6   . 896424 20     mov dword ptr ss:[esp+20],esp
004025AA   . 68 64814000   push 远程视频.00408164                                          ; uphkvbk7ttshow==
004025AF   . E8 30230000   call <jmp.&MFC42.#537_CString::CString>                     ; 格式不对
004025B4   . 8D5424 20     lea edx,dword ptr ss:[esp+20]                               ; |
004025B8   . 8BCF          mov ecx,edi                                                 ; |
004025BA   . 52            push edx                                                    ; |Arg1
004025BB   . E8 70000000   call <远程视频.decode>                                          ; \远程视频.00402630
004025C0   . 8BC8          mov ecx,eax
004025C2   . C64424 2C 03 mov byte ptr ss:[esp+2C],3
004025C7   . E8 24010000   call <远程视频.mov [ecx]>
004025CC   . 50            push eax
004025CD   . E8 66230000   call <jmp.&MFC42.#1200_AfxMessageBox>
004025D2   . C64424 24 00 mov byte ptr ss:[esp+24],0
004025D7   . 8D4C24 14     lea ecx,dword ptr ss:[esp+14]
004025DB   .^ EB 84         jmp short 远程视频.00402561
004025DD   > 6A 00         push 0
004025DF   . 6A 00         push 0
004025E1   . 51            push ecx
004025E2   . 8BCC          mov ecx,esp
004025E4   . 896424 20     mov dword ptr ss:[esp+20],esp
004025E8   . 68 4C814000   push 远程视频.0040814C                                          ; tobu2rfht6jx1rf7oam=
004025ED   . E8 F2220000   call <jmp.&MFC42.#537_CString::CString>
004025F2   . 8D4424 20     lea eax,dword ptr ss:[esp+20]                               ; |
004025F6   . 8BCF          mov ecx,edi                                                 ; |
004025F8   . 50            push eax                                                    ; |Arg1
004025F9   . E8 32000000   call <远程视频.decode>                                          ; \远程视频.00402630
004025FE   . 8BC8          mov ecx,eax
00402600   . C64424 2C 04 mov byte ptr ss:[esp+2C],4
00402605   . E8 E6000000   call <远程视频.mov [ecx]>
0040260A   . 50            push eax
0040260B   . E8 28230000   call <jmp.&MFC42.#1200_AfxMessageBox>                       ; 非法字符
00402610   . C64424 24 00 mov byte ptr ss:[esp+24],0
00402615   . 8D4C24 14     lea ecx,dword ptr ss:[esp+14]
00402619   .^ E9 43FFFFFF   jmp 远程视频.00402561
0040261E      90            nop
0040261F      90            nop
00402620   $ C3            retn

 

并在其资源里发现 其官方网站上的演示录象~

并且其所谓的电脑报的报道http://www.jw35.cn/baodao.htm明显的PS么~


Tags:QQ远程视频嗅探器
来源:
上一篇:简析 某杀软FLASH漏洞检测工具  下一篇:天堂2木马Generic Dropper.av(userini.exe)查杀
您的评论
用户名:新注册) 密码: 匿名评论 [所有评论]

·用户发表意见仅代表其个人意见,并且承担一切因发表内容引起的纠纷和责任
·本站管理人员有权在不通知用户的情况下删除不符合规定的评论信息或留做证据
·请客观的评价您所看到的资讯,提倡就事论事,杜绝漫骂和人身攻击等不文明行为
热点资讯

精彩推荐

     

最新资讯

随机推荐