TA的每日心情 | 衰 2016-2-16 15:26 |
---|
签到天数: 1 天 [LV.1]初来乍到
|
本帖最后由 h4shce 于 2014-6-22 12:21 编辑
1.这是骗子的暴利洗劫支付宝项目介绍
以上就是骗子团队的新型作案手法,
以下是软件的部分反汇编代码:
地址 反汇编 文本字符串
004010F9 mov eax,1.004BA764 骗子名字
00401118 mov eax,1.004BA768 骗子支付宝账户
00401148 push 1.004BA77B C:\1.htm
004011FF push 1.004BA784 www.baidu.com
004013C8 push 1.004BA793 http://shenghuo.alipay.com/send/payment/fill.htm?_pdType=
004014CA mov eax,1.004BA7CE 订单详情
00401510 mov eax,1.004BA7D7 J-moneyFund
0040158B mov eax,1.004BA7E3 realPayAmount
004015D9 mov eax,1.004BA7F1 </STRONG> 元
004015E5 mov eax,1.004BA7FE ">
00401642 push 1.004BA801 9
00401663 push 1.004BA803 0.5
00401752 mov eax,1.004BA7E3 realPayAmount
00401AED push 1.004BA80F http://shenghuo.alipay.com/send/result.htm
00401B80 mov eax,1.004BA83B content-main result-content
00401C3B push 1.004BA857 转账成功
00401CA2 push 1.004BA860 http://my.alipay.com/portal/i.htm
00401DC2 push 1.004BA883 http://shenghuo.alipay.com/send/confirm
00401E20 push 1.004BA77B C:\1.htm
00401FC1 push 1.004BA860 http://my.alipay.com/portal/i.htm
0040201A mov eax,1.004BA8AC i-assets-balance-amount fn-left
0040204B mov eax,1.004BA8CC </span></strong>
00402057 mov eax,1.004BA8DD <strong class="amount">
004020E5 push 1.004BA8F5 <span class="fen">
0040215A mov eax,1.004BA8AC i-assets-balance-amount fn-left
0040218B mov eax,1.004BA908 </SPAN></STRONG>
00402197 mov eax,1.004BA919 <STRONG class=amount>
00402225 push 1.004BA92F <SPAN class=fen>
0040229A mov eax,1.004BA8AC i-assets-balance-amount fn-left
004022CB mov eax,1.004BA8CC </span></strong>
004022D7 mov eax,1.004BA8DD <strong class="amount">
00402365 push 1.004BA8F5 <span class="fen">
004023DA mov eax,1.004BA8AC i-assets-balance-amount fn-left
0040240B mov eax,1.004BA908 </SPAN></STRONG>
00402417 mov eax,1.004BA919 <STRONG class=amount>
004024A5 push 1.004BA92F <SPAN class=fen>
0040267C mov eax,1.004BA940 optEmail
00402702 mov eax,1.004BA949 )
0040270E mov eax,1.004BA94C (
00402775 mov eax,1.004BA94F payAmount
004027CF mov eax,1.004BA959 title
00402871 mov eax,1.004BA940 optEmail
00402909 mov eax,1.004BA94F payAmount
00402958 mov eax,1.004BA959 title
004029B5 mov eax,1.004BA95F tip-form
00402A3A mov eax,1.004BA968 %服务费
00402A46 mov eax,1.004BA970 在电脑上支付收取
00402CCE mov eax,1.004BA94F payAmount
00402D18 mov eax,1.004BA991 1
00402E11 mov eax,1.004BA940 optEmail
00402EA9 mov eax,1.004BA94F payAmount
00402EF8 mov eax,1.004BA959 title
00402F37 mov eax,1.004BA940 optEmail
00402F9F mov eax,1.004BA94F payAmount
00403024 mov eax,1.004BA991 1
0040305E mov eax,1.004BA991 1
004030C6 mov eax,1.004BA993 )
004030D2 mov eax,1.004BA995 (
004031C2 push 1.004BA997 (
00403238 push 1.004BA993 )
004032F0 push 1.004BA99A 提示
00403308 push 1.004BA99F 操作提示:未填写转账金额!
004033BC push 1.004BA99A 提示
004033D4 push 1.004BA9C1 操作提示:转账金额超出当前帐号余额,请考虑要收手续费的哦!
00403440 push 1.004BA99A 提示
00403458 push 1.004BA9FC 操作提示:转账金额数值格式填写错误!
0040346F push 1.004BAA20 邮箱地址/手机号码
00403492 push 1.004BA99A 提示
004034AA push 1.004BAA32 操作提示:未填写收款人帐号!
00403553 push 1.004BA883 http://shenghuo.alipay.com/send/confirm
004035CD push 1.004BAA4E http://cashier.alipay.com/standard/payment/submit.htm
0040364E push 1.004BA991 1
004036F8 push 1.004BA883 http://shenghuo.alipay.com/send/confirm
00403772 push 1.004BAA4E http://cashier.alipay.com/standard/payment/submit.htm
004037F3 push 1.004BAA85 2
0040386D push 1.004BAA87 0
00403996 mov eax,1.004BAA91 元服务费
004039A2 mov eax,1.004BAA9B 包含
00403A43 push 1.004BA77B C:\1.htm
00403A7B push 1.004BA77B C:\1.htm
00403BA7 mov eax,1.004BAAA0 </em>元
00403BB3 mov eax,1.004BAAA8 <em>
00403C09 mov eax,1.004BAAA0 </em>元
00403C15 mov eax,1.004BAAA8 <em>
00403F1D mov eax,1.004BAAAD accountInfo-balanceInfo fn-left
00403F4E mov eax,1.004BAACD </STRONG>元
00403F5A mov eax,1.004BAADB <STRONG class=accountInfo-balance>
00403FCB mov eax,1.004BAAAD accountInfo-balanceInfo fn-left
00404116 mov eax,1.004BAAAD accountInfo-balanceInfo fn-left
00404160 mov eax,1.004BAAFE amount-pay-out
00404209 push 1.004BAB0D -
0040430E push 1.004BAB0F http://cashier.alipay.com/standard/payment/cashier.htm
004046C2 push 1.004BAB47 \r\n
0040484E push 1.004BAB47 \r\n
00404928 push 1.004BA7CE 订单详情
00404A1E push 1.004BAB4A 余额宝
00404ADC push 1.004BAB47 \r\n
00404D03 push 1.004BAB47 \r\n
00405379 push 1.004BAB47 \r\n
00405505 push 1.004BAB47 \r\n
004055DF push 1.004BA7CE 订单详情
004056D5 push 1.004BAB4A 余额宝
00405793 push 1.004BAB47 \r\n
004059BA push 1.004BAB47 \r\n
004064F7 push 1.004BAEE5 Internet Explorer_Server
00406574 mov ebx,1.0042F980 j
0040669C push 1.004BAEE5 Internet Explorer_Server
004066DF push 1.004BAEFE WM_HTML_GETOBJECT
在C盘目录下存了一个假页面,但是功能都存在,而且保留支付宝的COOKIES
晴雪深入的了解下软件的设计原理,把骗子的支付宝改成了晴雪自己的账户做测试,发现洗劫支付宝内的全部余额确实可行,哪怕付款时候填的是0.1元,填的别人账户,都会把全部余额打到骗子的账户上。选择用手机支付则会暴露打款金额,希望广大网友支付时千万小心。 |
评分
-
查看全部评分
|