vau_HI писал(а):
12 антивирусов показали подозрение на наличие в файле вредоносного кодаВ файле hook.dll от 12 мая - исполняемых кодов всего 132 байта
Вот их дизасм
.10001000: 55 push ebp
.10001001: 8BEC mov ebp,esp
.10001003: 837D0800 cmp d,[ebp][08],000000000
.10001007: FF7510 push d,[ebp][10]
.1000100A: FF750C push d,[ebp][0C]
.1000100D: 7D11 jge .010001020
.1000100F: FF7508 push d,[ebp][08]
.10001012: FF3500300010 push d,[10003000]
.10001018: FF1500200010 call CallNextHookEx ;USER32
.1000101E: EB20 jmps .010001040
.10001020: 6821040000 push 000000421
.10001025: FF3500400010 push d,[10004000]
.1000102B: FF150C200010 call SendMessageA ;USER32
.10001031: 85C0 test eax,eax
.10001033: 7408 je .01000103D
.10001035: FF7510 push d,[ebp][10]
.10001038: FF750C push d,[ebp][0C]
.1000103B: EBD2 jmps .01000100F
.1000103D: 33C0 xor eax,eax
.1000103F: 40 inc eax
.10001040: 5D pop ebp
.10001041: C20C00 retn 0000C ;" "
.10001044: 6A00 push 000
.10001046: FF3508300010 push d,[10003008]
.1000104C: 6800100010 push 010001000
.10001051: 6A02 push 002
.10001053: FF1504200010 call SetWindowsHookExA ;USER32
.10001059: A300300010 mov [10003000],eax
.1000105E: 8B442404 mov eax,[esp][04]
.10001062: A300400010 mov [10004000],eax
.10001067: C3 retn
.10001068: FF3500300010 push d,[10003000]
.1000106E: FF1508200010 call UnhookWindowsHookEx ;USER32
.10001074: C3 retn
.10001075: 8B442404 mov eax,[esp][04]
.10001079: A308300010 mov [10003008],eax
.1000107E: 33C0 xor eax,eax
.10001080: 40 inc eax
.10001081: C20C00 retn 0000C ;" "
Поиск
Друзья
Администрация