The shellcode is stored with an alphabetic encoding; each payload byte is stored in the low nibble of two encoded bytes.
The shellcode resolves the following functions:
The shellcode downloads this URL:
The shellcode writes %SystemRoot%\System32\1.exe and executes it.
The shellcode downloads a file from a URL stored within the encoded payload, writes it to disk, and executes it.
You can perform dynamic analysis with the shellcode_launcher.exe utility with the following command line:
shellcode_launcher.exe –i Lab19-01.bin -bp
–bp option causes the program ...