Shellphish targetted CSDS running NRFIN_00059 in round 49.


Type 2 POV

Reading from protected address: 0x4347c000

0x804a948 : mov dl,byte ptr [ecx+eax]

Tracing data from eip: 0x804a948 tracing source of register: ecx (value: 0x4347c000)

0x804ac4a : cgc loader
0x8049374 : mov esi,dword ptr [0x804b000]
0x804937a : add esi,edx
0x804937f : mov dword ptr [esp+0x4],esi
0x804a8fa : mov ecx,dword ptr [ebp+0xc]
0x804a908 : mov dword ptr [ebp-0x10],ecx
0x804a914 : mov eax,dword ptr [ebp-0x10]
0x804a917 : mov dword ptr [ebp-0x1c],eax
0x804a945 : mov ecx,dword ptr [ebp-0x1c]
0x804a948: mov dl,byte ptr [ecx+eax] // address: ecx value: 0x4347c000

Curated by Lunge Technology, LLC. Questions or comments? Send us email