打印

熊猫病毒里面藏的隐藏文字

煙頭(り厷耔

厷耔

初级会员

Rank: 2 Rank: 2

帖子: 317
精华: 0
性别: 男
来自: 湖南

发短消息
加为好友
当前离线

1^# 大中小发表于 07-4-9 22:47 只看该作者

熊猫病毒里面藏的隐藏文字

本文来自：湖南论坛转载请注明出自【www.hunanbbs.net】作者：煙頭(り厷耔您是第763个浏览者

Ultra String Reference
Address Disassembly Text String
004031C0 push _UnPacke.00403240 SOFTWARE\Borland\Delphi\RTL
004031F4 push _UnPacke.0040325C FPUMaskValue
004039C3 mov esi,_UnPacke.0040E080 Runtime error at 00000000
00403A7E push _UnPacke.0040E080 Runtime error at 00000000
00403A99 push _UnPacke.00403AD4 \n\n
00403AB8 push _UnPacke.0040E078 Error
00403ABD push _UnPacke.0040E080 Runtime error at 00000000
00404DBB push _UnPacke.00404F08 kernel32.dll
00404DD0 push _UnPacke.00404F18 CreateToolhelp32Snapshot
00404DE2 push _UnPacke.00404F34 Heap32ListFirst
00404DF4 push _UnPacke.00404F44 Heap32ListNext
00404E06 push _UnPacke.00404F54 Heap32First
00404E18 push _UnPacke.00404F60 Heap32Next
00404E2A push _UnPacke.00404F6C Toolhelp32ReadProcessMemory
00404E3C push _UnPacke.00404F88 Process32First
00404E4E push _UnPacke.00404F98 Process32Next
00404E60 push _UnPacke.00404FA8 Process32FirstW
00404E72 push _UnPacke.00404FB8 Process32NextW
00404E84 push _UnPacke.00404FC8 Thread32First
00404E96 push _UnPacke.00404FD8 Thread32Next
00404EA8 push _UnPacke.00404FE8 Module32First
00404EBA push _UnPacke.00404FF8 Module32Next
00404ECC push _UnPacke.00405008 Module32FirstW
00404EDE push _UnPacke.00405018 Module32NextW
00405172 push _UnPacke.004051F0 \n
00405177 push _UnPacke.004051FC \n
00405461 mov eax,_UnPacke.004054B8 .
004054F4 mov edx,_UnPacke.00405510 00405548 mov edx,_UnPacke.00405564 00405E60 push _UnPacke.00405F38 advapi32.dll
00405E7F push _UnPacke.00405F38 advapi32.dll
00405EA2 push _UnPacke.00405F48 QueryServiceConfig2A
00405EB7 push _UnPacke.00405F60 QueryServiceConfig2W
00405ED6 push _UnPacke.00405F78 ChangeServiceConfig2A
00405EEB push _UnPacke.00405F90 ChangeServiceConfig2W
00406233 push _UnPacke.004062B4 SeDebugPrivilege
00406322 mov eax,_UnPacke.00406AC8 防火墙
0040634E mov eax,_UnPacke.00406AD8 进程
0040637A mov eax,_UnPacke.00406AE8 VirusScan
004063A6 mov eax,_UnPacke.00406AFC NOD32
004063D2 mov eax,_UnPacke.00406B0C 网镖
004063FE mov eax,_UnPacke.00406B1C 杀毒
00406430 mov eax,_UnPacke.00406B2C 毒霸
00406462 mov eax,_UnPacke.00406B3C 瑞星
00406494 mov eax,_UnPacke.00406B4C 江民
004064C6 mov eax,_UnPacke.00406B5C 超级兔子
004064F8 mov eax,_UnPacke.00406B70 优化大师
0040652A mov eax,_UnPacke.00406B84 木马清道夫
0040658E mov eax,_UnPacke.00406BAC 卡巴斯基反病毒
004065C0 mov eax,_UnPacke.00406BC4 Symantec AntiVirus
004065F2 mov eax,_UnPacke.00406BE0 Duba
00406624 mov eax,_UnPacke.00406BF0 esteem procs
00406656 mov eax,_UnPacke.00406C08 绿鹰PC
00406688 mov eax,_UnPacke.00406C18 密码防盗
004066BA mov eax,_UnPacke.00406C2C 噬菌体
004066EC mov eax,_UnPacke.00406C3C 木马辅助查找器
0040671E mov eax,_UnPacke.00406C54 System Safety Monitor
00406750 mov eax,_UnPacke.00406C74 Wrapped gift Killer
00406782 mov eax,_UnPacke.00406C90 Winsock Expert
004067B4 mov eax,_UnPacke.00406CA8 游戏木马检测大师
004067E6 mov eax,_UnPacke.00406CC4 超级巡警
0040681E push _UnPacke.00406CD0 msctls_statusbar32
00406858 mov eax,_UnPacke.00406CEC pjf(ustc)
004068F4 push _UnPacke.00406CF8 IceSword
00406936 mov eax,_UnPacke.00406D0C Mcshield.exe
00406940 mov eax,_UnPacke.00406D24 VsTskMgr.exe
0040694A mov eax,_UnPacke.00406D3C naPrdMgr.exe
00406954 mov eax,_UnPacke.00406D54 UpdaterUI.exe
0040695E mov eax,_UnPacke.00406D6C TBMon.exe
00406968 mov eax,_UnPacke.00406D80 scan32.exe
00406972 mov eax,_UnPacke.00406D94 Ravmond.exe
0040697C mov eax,_UnPacke.00406DA8 CCenter.exe
00406986 mov eax,_UnPacke.00406DBC RavTask.exe
00406990 mov eax,_UnPacke.00406DD0 Rav.exe
0040699A mov eax,_UnPacke.00406DE0 Ravmon.exe
004069A4 mov eax,_UnPacke.00406DF4 RavmonD.exe
004069AE mov eax,_UnPacke.00406E08 RavStub.exe
004069B8 mov eax,_UnPacke.00406E1C KVXP.kxp
004069C2 mov eax,_UnPacke.00406E30 KvMonXP.kxp
004069CC mov eax,_UnPacke.00406E44 KVCenter.kxp
004069D6 mov eax,_UnPacke.00406E5C KVSrvXP.exe
004069E0 mov eax,_UnPacke.00406E70 KRegEx.exe
004069EA mov eax,_UnPacke.00406E84 UIHost.exe
004069F4 mov eax,_UnPacke.00406E98 TrojDie.kxp
004069FE mov eax,_UnPacke.00406EAC FrogAgent.exe
00406A08 mov eax,_UnPacke.00406E1C KVXP.kxp
00406A12 mov eax,_UnPacke.00406E30 KvMonXP.kxp
00406A1C mov eax,_UnPacke.00406E44 KVCenter.kxp
00406A26 mov eax,_UnPacke.00406E5C KVSrvXP.exe
00406A30 mov eax,_UnPacke.00406E70 KRegEx.exe
00406A3A mov eax,_UnPacke.00406E84 UIHost.exe
00406A44 mov eax,_UnPacke.00406E98 TrojDie.kxp
00406A4E mov eax,_UnPacke.00406EAC FrogAgent.exe
00406A58 mov eax,_UnPacke.00406EC4 Logo1_.exe
00406A62 mov eax,_UnPacke.00406ED8 Logo_1.exe
00406A6C mov eax,_UnPacke.00406EEC Rundl132.exe
00406A76 mov eax,_UnPacke.00406F04 regedit.exe
00406A80 mov eax,_UnPacke.00406F18 msconfig.exe
00406A8A mov eax,_UnPacke.00406F30 taskmgr.exe
00406F54 mov eax,_UnPacke.00407124 Schedule
00406F5E mov eax,_UnPacke.00407138 sharedaccess
00406F68 mov eax,_UnPacke.00407150 RsCCenter
00406F72 mov eax,_UnPacke.00407164 RsRavMon
00406F7C mov eax,_UnPacke.00407170 RsCCenter
00406F86 mov eax,_UnPacke.0040717C RsRavMon
00406F90 mov edx,_UnPacke.00407190 SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RavTask
00406F9F mov eax,_UnPacke.004071D0 KVWSC
00406FA9 mov eax,_UnPacke.004071E0 KVSrvXP
00406FB3 mov eax,_UnPacke.004071E8 KVWSC
00406FBD mov eax,_UnPacke.004071F0 KVSrvXP
00406FC7 mov edx,_UnPacke.00407200 SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KvMonXP
00406FD6 mov eax,_UnPacke.00407240 kavsvc
00406FE0 mov eax,_UnPacke.00407250 AVP
00406FEA mov eax,_UnPacke.00407254 AVP
00406FF4 mov eax,_UnPacke.00407258 kavsvc
00406FFE mov edx,_UnPacke.00407268 SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kav
0040700D mov edx,_UnPacke.004072A4 SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KAVPersonal50
0040701C mov eax,_UnPacke.004072E8 McAfeeFramework
00407026 mov eax,_UnPacke.00407300 McShield
00407030 mov eax,_UnPacke.00407314 McTaskManager
0040703A mov eax,_UnPacke.00407324 McAfeeFramework
00407044 mov eax,_UnPacke.00407334 McShield
0040704E mov eax,_UnPacke.00407340 McTaskManager
00407058 mov edx,_UnPacke.00407358 SOFTWARE\Microsoft\Windows\CurrentVersion\Run\McAfeeUpdaterUI
00407067 mov edx,_UnPacke.004073A0 SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Network Associates Error Reporting Service
00407076 mov edx,_UnPacke.00407404 SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ShStatEXE
00407085 mov eax,_UnPacke.0040743C navapsvc
0040708F mov eax,_UnPacke.00407448 wscsvc
00407099 mov eax,_UnPacke.00407450 KPfwSvc
004070A3 mov eax,_UnPacke.00407458 SNDSrvc
004070AD mov eax,_UnPacke.00407460 ccProxy
004070B7 mov eax,_UnPacke.00407468 ccEvtMgr
004070C1 mov eax,_UnPacke.00407474 ccSetMgr
004070CB mov eax,_UnPacke.00407480 SPBBCSvc
004070D5 mov eax,_UnPacke.0040748C Symantec Core LC
004070DF mov eax,_UnPacke.004074A0 NPFMntor
004070E9 mov eax,_UnPacke.004074AC MskService
004070F3 mov eax,_UnPacke.004074B8 FireSvc
004070FD mov edx,_UnPacke.004074C8 SOFTWARE\Microsoft\Windows\CurrentVersion\Run\YLive.exe
0040710C mov edx,_UnPacke.00407508 SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yassistse
004076E5 mov ecx,_UnPacke.0040775C :00407B0F mov edx,_UnPacke.00407C04 Search
00407B14 mov eax,_UnPacke.00407C14 =nb{end'w{g>ispy>,.ps~*hsqo{*`nj+~kql)l}i#vn`}l>1'llmdis99:?.nb{end9
00407B86 push _UnPacke.00407C64 \n
00407B8B push _UnPacke.00407C70 \n
00407CC2 push _UnPacke.00407F50 $$.bat
00407CFA mov edx,_UnPacke.00407F60 :try1
00407D14 push _UnPacke.00407F70 del "
00407D2C push _UnPacke.00407F80 "
00407D5C push _UnPacke.00407F8C if exist "
00407D74 push _UnPacke.00407F80 "
00407D79 push _UnPacke.00407FA0 goto try1
00407DA9 push _UnPacke.00407FB4 ren "
00407DC1 push _UnPacke.00407FC4 .exe
00407DC6 push _UnPacke.00407F80 "
00407DCB push _UnPacke.00407FD4
00407DD0 push _UnPacke.00407F80 "
00407DF9 push _UnPacke.00407F80 "
00407E29 push _UnPacke.00407F8C if exist "
00407E41 push _UnPacke.00407FC4 .exe
00407E46 push _UnPacke.00407F80 "
00407E4B push _UnPacke.00407FE0 goto try2
00407E7B push _UnPacke.00407F80 "
00407E93 push _UnPacke.00407F80 "
00407EC3 mov edx,_UnPacke.00407FF4 :try2
00407EDD mov edx,_UnPacke.00408004 del %0
00408077 mov edx,_UnPacke.00408290 开始感染:
00408087 mov edx,_UnPacke.004082A4 c:\test.txt
00408113 mov eax,_UnPacke.004082B8 WhBoy
00408195 push _UnPacke.004082D8 .exe
0040833D mov edx,_UnPacke.004088F4 Desktop_.ini
00408383 mov edx,_UnPacke.004088F4 Desktop_.ini
004083C9 mov edx,_UnPacke.004088F4 Desktop_.ini
00408485 push _UnPacke.0040890C drivers0040848A push _UnPacke.00408920 spcolsv.exe
004084C2 mov eax,_UnPacke.00408920 spcolsv.exe
004084CC mov eax,_UnPacke.00408920 spcolsv.exe
004084EC push _UnPacke.0040890C drivers004084F1 push _UnPacke.00408920 spcolsv.exe
00408531 push _UnPacke.0040890C drivers00408536 push _UnPacke.00408920 spcolsv.exe
00408588 push _UnPacke.0040890C drivers0040858D push _UnPacke.00408920 spcolsv.exe
004086E5 mov eax,_UnPacke.00408920 spcolsv.exe
0040870D push _UnPacke.0040890C drivers00408712 push _UnPacke.00408920 spcolsv.exe
00408750 push _UnPacke.0040890C drivers00408755 push _UnPacke.00408920 spcolsv.exe
004087D9 push _UnPacke.0040890C drivers004087DE push _UnPacke.00408920 spcolsv.exe
00408857 push _UnPacke.0040890C drivers0040885C push _UnPacke.00408920 spcolsv.exe
004089A4 mov edx,_UnPacke.00409280 004089B4 mov ecx,_UnPacke.0040928C *.*
00408A06 mov eax,_UnPacke.00409298 WINDOWS
00408A40 mov eax,_UnPacke.004092A8 WINNT
00408A7A mov eax,_UnPacke.004092B8 system32
00408AB4 mov eax,_UnPacke.004092CC Documents and Settings
00408AEE mov eax,_UnPacke.004092EC System Volume Information
00408B28 mov eax,_UnPacke.00409310 Recycled
00408B62 mov eax,_UnPacke.00409324 Windows NT
00408B9C mov eax,_UnPacke.00409338 WindowsUpdate
00408BD6 mov eax,_UnPacke.00409350 Windows Media Player
00408C10 mov eax,_UnPacke.00409370 Outlook Express
00408C4A mov eax,_UnPacke.00409388 Internet Explorer
00408C84 mov eax,_UnPacke.004093A4 NetMeeting
00408CBE mov eax,_UnPacke.004093B8 Common Files
00408CF8 mov eax,_UnPacke.004093D0 ComPlus Applications
00408D32 mov eax,_UnPacke.004093B8 Common Files
00408D6C mov eax,_UnPacke.004093F0 Messenger
00408DA6 mov eax,_UnPacke.00409404 InstallShield Installation Information
00408DE0 mov eax,_UnPacke.00409434 MSN
00408E1A mov eax,_UnPacke.00409440 Microsoft Frontpage
00408E54 mov eax,_UnPacke.0040945C Movie Maker
00408E8E mov eax,_UnPacke.00409470 MSN Gamin Zone
00408ECB push _UnPacke.00409488 \Desktop_.ini
00408EFC push _UnPacke.00409488 \Desktop_.ini
00408F43 push _UnPacke.004094A0 -
00408F60 push _UnPacke.004094A0 -
00408FC9 push _UnPacke.00409488 \Desktop_.ini
0040901A push _UnPacke.004094A0 -
00409037 push _UnPacke.004094A0 -
0040906A push _UnPacke.00409488 \Desktop_.ini
00409098 push _UnPacke.00409488 \Desktop_.ini
004090D8 push _UnPacke.00409488 \Desktop_.ini
00409129 push _UnPacke.004094A0 -
00409146 push _UnPacke.004094A0 -
00409179 push _UnPacke.00409488 \Desktop_.ini
004091A7 push _UnPacke.00409488 \Desktop_.ini
00409504 mov edx,_UnPacke.0040A378 00409514 mov ecx,_UnPacke.0040A384 *.*
00409566 mov eax,_UnPacke.0040A390 WINDOWS
004095A0 mov eax,_UnPacke.0040A3A0 WINNT
004095DA mov eax,_UnPacke.0040A3B0 system32
00409614 mov eax,_UnPacke.0040A3C4 Documents and Settings
0040964E mov eax,_UnPacke.0040A3E4 System Volume Information
00409688 mov eax,_UnPacke.0040A408 Recycled
004096C2 mov eax,_UnPacke.0040A41C Windows NT
004096FC mov eax,_UnPacke.0040A430 WindowsUpdate
00409736 mov eax,_UnPacke.0040A448 Windows Media Player
00409770 mov eax,_UnPacke.0040A468 Outlook Express
004097AA mov eax,_UnPacke.0040A480 Internet Explorer
004097E4 mov eax,_UnPacke.0040A49C NetMeeting
0040981E mov eax,_UnPacke.0040A4B0 Common Files
00409858 mov eax,_UnPacke.0040A4C8 ComPlus Applications
00409892 mov eax,_UnPacke.0040A4B0 Common Files
004098CC mov eax,_UnPacke.0040A4E8 Messenger
00409906 mov eax,_UnPacke.0040A4FC InstallShield Installation Information
00409940 mov eax,_UnPacke.0040A52C MSN
0040997A mov eax,_UnPacke.0040A538 Microsoft Frontpage
004099B4 mov eax,_UnPacke.0040A554 Movie Maker
004099EE mov eax,_UnPacke.0040A568 MSN Gamin Zone
00409A2B push _UnPacke.0040A580 \Desktop_.ini
00409A5C push _UnPacke.0040A580 \Desktop_.ini
00409AA3 push _UnPacke.0040A598 -
00409AC0 push _UnPacke.0040A598 -
00409B00 push _UnPacke.0040A5A4 感染过,跳过!
00409B1B mov edx,_UnPacke.0040A5BC c:\test.txt
00409B57 push _UnPacke.0040A580 \Desktop_.ini
00409BA8 push _UnPacke.0040A598 -
00409BC5 push _UnPacke.0040A598 -
00409BF8 push _UnPacke.0040A580 \Desktop_.ini
00409C1B mov edx,_UnPacke.0040A5BC c:\test.txt
00409C20 mov eax,_UnPacke.0040A5D0 时间不对,建立一个!
00409C35 push _UnPacke.0040A580 \Desktop_.ini
00409C75 push _UnPacke.0040A580 \Desktop_.ini
00409CC6 push _UnPacke.0040A598 -
00409CE3 push _UnPacke.0040A598 -
00409D16 push _UnPacke.0040A580 \Desktop_.ini
00409D42 push _UnPacke.0040A5EC \Desktop_.ini 没有找到,建立一个!
00409D5D mov edx,_UnPacke.0040A5BC c:\test.txt
00409D72 push _UnPacke.0040A580 \Desktop_.ini
00409DFA mov edx,_UnPacke.0040A618 GHO
00409E5B mov eax,_UnPacke.0040A624 setup.exe
00409E95 mov eax,_UnPacke.0040A638 NTDETECT.COM
00409EF8 mov eax,_UnPacke.0040A650 EXE
00409F5E mov eax,_UnPacke.0040A65C SCR
00409FC4 mov eax,_UnPacke.0040A668 PIF
0040A02A mov eax,_UnPacke.0040A674 COM
0040A090 mov eax,_UnPacke.0040A680 htm
0040A0F6 mov eax,_UnPacke.0040A68C html
0040A15C mov eax,_UnPacke.0040A69C asp
0040A1C2 mov eax,_UnPacke.0040A6A8 php
0040A228 mov eax,_UnPacke.0040A6B4 jsp
0040A28E mov eax,_UnPacke.0040A6C0 aspx
0040A71F mov eax,_UnPacke.0040A7D0 a
0040A757 mov eax,_UnPacke.0040A7DC b
0040A780 mov edx,_UnPacke.0040A7E8 :0040AC65 push _UnPacke.0040AF94 0040ACA2 push _UnPacke.0040AF94 0040ACAF push _UnPacke.0040AFA0 GameSetup.exe
0040ACD5 push _UnPacke.0040AFB8 drivers0040ACDA push _UnPacke.0040AFCC spcolsv.exe
0040AD73 push _UnPacke.0040AF94 0040AD80 push _UnPacke.0040AFA0 GameSetup.exe
0040AEA7 mov eax,_UnPacke.0040AFE0 admin$
0040AEC3 push _UnPacke.0040AF94 0040B7AF mov eax,_UnPacke.0040BA9C .
0040B7E4 mov eax,_UnPacke.0040BA9C .
0040B7F6 mov eax,_UnPacke.0040BA9C .
0040B80F mov eax,_UnPacke.0040BA9C .
0040B822 mov eax,_UnPacke.0040BA9C .
0040B834 mov eax,_UnPacke.0040BA9C .
0040B873 mov eax,_UnPacke.0040BA9C .
0040B885 mov eax,_UnPacke.0040BA9C .
0040B8AF mov eax,_UnPacke.0040BA9C .
0040B8C1 mov eax,_UnPacke.0040BA9C .
0040B8DA mov eax,_UnPacke.0040BA9C .
0040B8ED mov eax,_UnPacke.0040BA9C .
0040B8FF mov eax,_UnPacke.0040BA9C .
0040B933 mov eax,_UnPacke.0040BA9C .
0040B943 mov eax,_UnPacke.0040BA9C .
0040B96A mov eax,_UnPacke.0040BA9C .
0040BA08 push _UnPacke.0040BA9C .
0040BA1D push _UnPacke.0040BA9C .
0040BA32 push _UnPacke.0040BA9C .
0040BB4F mov edx,_UnPacke.0040BC50 \0040BBE7 mov edx,_UnPacke.0040BC50 \0040BC61 push _UnPacke.0040BCA4 NetShareEnum
0040BC71 push _UnPacke.0040BCB4 NetApiBufferFree
0040BC81 push _UnPacke.0040BCA4 NetShareEnum
0040BEF5 mov ecx,_UnPacke.0040BF6C :0040C154 mov eax,_UnPacke.0040C518 a
0040C1A2 mov eax,_UnPacke.0040C524 b
0040C1DB mov ecx,_UnPacke.0040C530 :\setup.exe
0040C200 mov ecx,_UnPacke.0040C544 :\autorun.inf
0040C297 mov edx,_UnPacke.0040C530 :\setup.exe
0040C2F6 mov edx,_UnPacke.0040C530 :\setup.exe
0040C359 mov edx,_UnPacke.0040C55C [AutoRun]\n\nOPEN=setup.exe\n\nshellexecute=setup.exe\n\nshell\Auto\command=setup.exe\n\n
0040C3D6 mov edx,_UnPacke.0040C55C [AutoRun]\n\nOPEN=setup.exe\n\nshellexecute=setup.exe\n\nshell\Auto\command=setup.exe\n\n
0040C44B mov edx,_UnPacke.0040C55C [AutoRun]\n\nOPEN=setup.exe\n\nshellexecute=setup.exe\n\nshell\Auto\command=setup.exe\n\n
0040C48F mov edx,_UnPacke.0040C530 :\setup.exe
0040C63C mov edx,_UnPacke.0040C658 0040C681 mov eax,_UnPacke.0040C710 0040C69D mov eax,_UnPacke.0040C710 0040C6B0 mov eax,_UnPacke.0040C71C / 0040C6CC mov eax,_UnPacke.0040C71C / 0040C764 mov edx,_UnPacke.0040C814 xboy
0040C848 mov edx,_UnPacke.0040C95C QQ
0040C861 push _UnPacke.0040C960 QQ
0040C996 mov eax,_UnPacke.0040CBB0 `uup2..wiofmi/89>7/ozf.dgvo.|yu
0040C9B3 mov edx,_UnPacke.0040CBD8 QQ
0040C9CF mov eax,_UnPacke.0040CBE4 \n\n
0040C9E8 mov eax,_UnPacke.0040CBE4 \n\n
0040CA09 mov eax,_UnPacke.0040CBE4 \n\n
0040CC69 push _UnPacke.0040CCE0 cmd.exe /c net share
0040CC80 push _UnPacke.0040CD00 $ /del /y
0040CCA7 push _UnPacke.0040CD0C cmd.exe /c net share admin$ /del /y
0040CD55 push _UnPacke.0040CDC8 drivers0040CD5A push _UnPacke.0040CDDC spcolsv.exe
0040CD75 mov ecx,_UnPacke.0040CDE8 svcshare
0040CD7A mov edx,_UnPacke.0040CDF4 Software\Microsoft\Windows\CurrentVersion\Run
0040CD8B mov edx,_UnPacke.0040CE2C SOFTWARE\Microsoft\Windows\CurrentVersiOn\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue
0040CE9A push _UnPacke.0040CBE8 QTj
0040CF12 push _UnPacke.0040CE94 Qj
0040CF2A push _UnPacke.00407540 QTj
0040D0F7 mov edx,_UnPacke.0040D1D8 ***武*汉*男*生*感*染*下*载*者***
0040D106 mov edx,_UnPacke.0040D204 感谢艾玛,mopery,海色の月,对此木马的关注!~
0040D115 mov edx,_UnPacke.0040D238 PS：服了。。。艾玛。。。 =,=
0040D122 mov edx,_UnPacke.0040D260 xboy
0040D127 mov eax,_UnPacke.0040D270 "++戊+缓"叛*聋+肛+删"蚊*苜+兆++*
0040D14C mov edx,_UnPacke.0040D29C whboy
0040D151 mov eax,_UnPacke.0040D2AC d}tq;*&tyld|l.lboy'blt.vj{l'|}|
0040D15B mov eax,_UnPacke.0040D2D8 `uup2..uxe`tm/vhjnx.fdu/nsm&uyt
0040D305 push ebp (Initial CPU selection)