I found this post: [Only registered and activated users can see links. ] then realized I had the MocroGunZ client somewhere on my hard drive.
Took me exactly 15 seconds to reverse the decryption and encryption algorithm, another 30 seconds to put it in the mrs.exe. Thumbs up to whoever made that!
If you don't trust it, feel free to run some random virusscan, I say it's safe, believe it or not.
For the interested guys/girls/shemales/whatever
Decryption:
Code:
CPU Disasm
Address Hex dump Command Comments
004010F0 /$ 57 PUSH EDI ; mrs.004010F0(guessed Arg1,Arg2)
004010F1 |. 8B7C24 0C MOV EDI,DWORD PTR SS:[ARG.2]
004010F5 |. 33C9 XOR ECX,ECX
004010F7 |. 85FF TEST EDI,EDI
004010F9 |. 76 14 JBE SHORT 0040110F
004010FB |. 56 PUSH ESI
004010FC |. 8B7424 0C MOV ESI,DWORD PTR SS:[ARG.1]
00401100 |> 8A0431 /MOV AL,BYTE PTR DS:[ESI+ECX]
00401103 |. 2C 06 |SUB AL,6
00401105 |. 41 |INC ECX
00401106 |. 884431 FF |MOV BYTE PTR DS:[ESI+ECX-1],AL
0040110A |. 3BCF |CMP ECX,EDI
0040110C |.^ 72 F2 \JB SHORT 00401100
0040110E |. 5E POP ESI
0040110F |> 5F POP EDI
00401110 \. C3 RETN
Encryption:
Code:
CPU Disasm
Address Hex dump Command Comments
00401120 /$ 57 PUSH EDI ; mrs.00401120(guessed Arg1,Arg2)
00401121 |. 8B7C24 0C MOV EDI,DWORD PTR SS:[ARG.2]
00401125 |. 33C9 XOR ECX,ECX
00401127 |. 85FF TEST EDI,EDI
00401129 |. 76 14 JBE SHORT 0040113F
0040112B |. 56 PUSH ESI
0040112C |. 8B7424 0C MOV ESI,DWORD PTR SS:[ARG.1]
00401130 |> 8A0431 /MOV AL,BYTE PTR DS:[ESI+ECX]
00401133 |. 04 06 |ADD AL,6
00401135 |. 41 |INC ECX
00401136 |. 884431 FF |MOV BYTE PTR DS:[ESI+ECX-1],AL
0040113A |. 3BCF |CMP ECX,EDI
0040113C |.^ 72 F2 \JB SHORT 00401130
0040113E |. 5E POP ESI
0040113F |> 5F POP EDI
00401140 \. C3 RETN
Hybrid Mode
