sub_outside(): MSVCRT.memset MSVCRT.memcpy WS2_32.recv WS2_32.socket WS2_32.gethostname WS2_32.gethostbyname WS2_32.bind WS2_32.WSAIoctl WS2_32.inet_addr MSVCRT.atoi MSVCRT.strlen WS2_32.htons WS2_32.inet_ntoa MSVCRT.sprintf KERNEL32.Sleep WS2_32.closesocket WS2_32.WSACleanup MSVCRT.exit |
sub_4035FB(0028): MSVCRT.malloc MSVCRT.memset WS2_32.getaddrinfo WS2_32.socket WS2_32.setsockopt WS2_32.bind WS2_32.listen WS2_32.freeaddrinfo MSVCRT.free |
sub_404143(0067): MSVCRT.memcpy MSVCRT.free KERNEL32.Sleep |
sub_4058D7(006a): MSVCRT.memcpy MSVCRT.free KERNEL32.GlobalMemoryStatus ADVAPI32.GetUserNameA KERNEL32.GetComputerNameA KERNEL32.GetVersionExA ADVAPI32.RegOpenKeyExA ADVAPI32.RegQueryValueExA ADVAPI32.RegCloseKey MSVCRT._snprintf "?" "no SP" "95" "NT" "98" "ME" "2000" "XP" "2003" "Yes" "No" "HARDWARE\\DESCRIPTION\\System\\CentralProc"... "ProcessorNameString" |
sub_401621(00b9): MSVCRT.memcpy MSVCRT.free MSVCRT.clock KERNEL32.SearchPathA KERNEL32.CreatePipe KERNEL32.GetCurrentProcess KERNEL32.DuplicateHandle MSVCRT.memset KERNEL32.CreateProcessA KERNEL32.CloseHandle KERNEL32.PeekNamedPipe KERNEL32.GetExitCodeProcess KERNEL32.Sleep KERNEL32.ReadFile "cmd.exe" "Could not read data from process." "Cmd.exe process has terminated." |
sub_408E60(027e): MSVCRT._vsnprintf MSVCRT._mbscat MSVCRT.strlen "\r\n" |
sub_40E18A(046a): MSVCRT.memcpy MSVCRT.free MSVCRT.memset MSVCRT._mbscpy MSVCRT._strcmpi MSVCRT.sprintf KERNEL32.Sleep MSVCRT.clock MSVCRT.strcmp MSVCRT.malloc |
sub_401FA3(076b): MSVCRT.malloc MSVCRT.strncpy MSVCRT.memcpy |
sub_406993(0883): MSVCRT.memcpy MSVCRT.free KERNEL32.Sleep |
sub_40EA8E(0962): MSVCRT.memcpy MSVCRT.free MSVCRT._mbscpy MSVCRT._mbscat MSVCRT.strlen MSVCRT.sprintf "Exploit statistics - " |
sub_4052F1(0a88): MSVCRT.strlen MSVCRT._strnicmp |
sub_40C9A5(0b03): MSVCRT.fopen MSVCRT.fread MSVCRT.fclose "rb" |
sub_40AA05(0d43): MSVCRT.clock |
sub_40849F(0ede): MSVCRT.strstr MSVCRT.sscanf MSVCRT.atoi MSVCRT._strcmpi ")" "&&" "%32s %16s %32s" "$uptime" "$version" "$free" "$latency" "$firewall" "$ipv6" "$uptime" "$version" "$free" "$latency" "$firewall" "$ipv6" "==" "!=" ">" ">=" "<=" |
sub_40D09D(0fc2): MSVCRT.memcpy MSVCRT.free MSVCRT._itoa "127.0.0.1" |
sub_4018D5(0fd9): MSVCRT.malloc MSVCRT._mbscat "open" "Remote cmd thread" "\r\n" "Error while executing command." |
sub_4014B0(1095): MSVCRT.strlen MSVCRT.malloc MSVCRT.strncpy "Listing" "Killing" |
sub_4104C3(1251): MSVCRT.fopen MSVCRT.fseek MSVCRT.ftell MSVCRT.fclose "rb" |
sub_410510(1423): KERNEL32.DeleteFileA |
sub_409F51(150d): MSVCRT.memcpy |
sub_4098BB(159a): MSVCRT._strcmpi MSVCRT.strcmp "302" "PRIVMSG" "NOTICE" |
sub_40C794(1756): WS2_32.socket MSVCRT.memset WS2_32.htons WS2_32.inet_addr WS2_32.connect WS2_32.send WS2_32.recv WS2_32.closesocket "5000" |
sub_40D700(1bbc): MSVCRT.memcpy |
sub_40708B(1d88): MSVCRT.memcpy MSVCRT.free |
sub_4033B0(1fd6): MSVCRT._mbscpy "80" |
sub_4047C0(20a7): ADVAPI32.RegCreateKeyExA KERNEL32.GetSystemDirectoryA MSVCRT._mbscat KERNEL32.lstrlen ADVAPI32.RegSetValueExA ADVAPI32.RegDeleteValueA ADVAPI32.RegCloseKey "Software\\Microsoft\\Windows\\CurrentVersi"... |
sub_403A6C(21e0): WS2_32.__WSAFDIsSet |
sub_40D88A(221c): MSVCRT.strcmp MSVCRT.fopen MSVCRT.fread MSVCRT.fclose "rb" |
sub_40AADE(22b6): MSVCRT.clock |
sub_40EF0E(25cf): MSVCRT.atoi MSVCRT.malloc MSVCRT.strncpy MSVCRT.memcpy |
sub_4039D2(25f7): WS2_32.select |
sub_406A80(291c): MSVCRT.malloc MSVCRT.free |
sub_40D7FD(2937): MSVCRT._mbscpy MSVCRT.memcpy |
sub_40F21F(2938): MSVCRT.memcpy MSVCRT.free MSVCRT.fopen MSVCRT.fseek MSVCRT.ftell MSVCRT.malloc MSVCRT.fclose MSVCRT.fread MSVCRT.strstr MSVCRT.sscanf KERNEL32.Sleep "rb" "\r\n\r\n[" "\r\nIP=" "\r\nPort=" "\r\nUser=" "\r\nPass=" "[%[^]]]\r\n" "\r\nIP=%127s\r\n" "\r\nPort=%127s\r\n" "\r\nUser=%127s\r\n" "\r\nPass=%127s\r\n" |
sub_40488C(2a2f): KERNEL32.GetModuleHandleA KERNEL32.GetModuleFileNameA KERNEL32.SetCurrentDirectoryA |
sub_406B1B(339a): MSVCRT.printf MSVCRT.memset NTDLL.RtlGetLastWin32Error "Could not get a valid ICMP handle\n" |
sub_4018A7(344a): MSVCRT.strlen KERNEL32.WriteFile |
sub_4064A0(34a5): MSVCRT.free KERNEL32.IsBadCodePtr USER32.wsprintfA "btg" "thread" |
sub_403BBB(34ad): MSVCRT.memset WS2_32.getaddrinfo WS2_32.socket WS2_32.connect WS2_32.WSAGetLastError WS2_32.select WS2_32.freeaddrinfo |
sub_408EC8(3571): KERNEL32.CreateFileMappingA KERNEL32.MapViewOfFile MSVCRT.sprintf USER32.SendMessageA KERNEL32.UnmapViewOfFile KERNEL32.CloseHandle "mIRC" |
sub_40639B(36b2): KERNEL32.QueryPerformanceCounter KERNEL32.QueryPerformanceFrequency MSVCRT.ceil MSVCRT._ftol KERNEL32.GetTickCount |
sub_40D981(37d6): WS2_32.recv |
sub_40EC6F(3831): MSVCRT.atoi MSVCRT.malloc "80" |
sub_40DC48(3bbf): WS2_32.shutdown KERNEL32.Sleep |
sub_402018(3bcd): MSVCRT._snprintf MSVCRT.strlen MSVCRT.strstr MSVCRT.sscanf MSVCRT.fopen MSVCRT.fwrite MSVCRT.fclose KERNEL32.DeleteFileA "GET /%s HTTP/1.0\r\nHost: %s\r\n\r\n" "\r\n\r\n" "Content-Length: %u\r\n" |
sub_409FF0(3bef): MSVCRT.memset |
sub_4043B3(3f4e): MSVCRT._strnicmp MSVCRT.strlen MSVCRT._mbscpy MSVCRT.memcpy ADVAPI32.RegOpenKeyExA MSVCRT.malloc ADVAPI32.RegQueryValueExA MSVCRT.sprintf MSVCRT._mbscat MSVCRT.free ADVAPI32.RegCloseKey "HKCR" "HKCU" "HKLM" "HKUS" |
sub_40E03D(3f4f): MSVCRT.memcpy MSVCRT.free MSVCRT._itoa MSVCRT._mbscpy |
sub_405CC8(3fcf): MSVCRT._mbscpy MSVCRT._snprintf MSVCRT.strlen MSVCRT.clock MSVCRT._ftol "80" "GET /%s HTTP/1.0\r\nHost: %s\r\n\r\n" |
sub_409AD3(3feb): MSVCRT.strlen |
sub_40BCAB(413a): MSVCRT.memcpy MSVCRT.memset "CCCC" "3333" |
sub_40587E(4220): KERNEL32.GetLocaleInfoA MSVCRT._strcmpi |
sub_410C6E(4529): KERNEL32.LocalFree |
sub_408F4C(4531): MSVCRT.strlen |
sub_40FD00(45f6): MSVCRT.memcpy MSVCRT.free USER32.GetWindowTextA MSVCRT._strnicmp MSVCRT.strcmp ADVAPI32.RegOpenKeyExA ADVAPI32.RegCloseKey "Unreal3" "World Of Warcraft" "[Conquer]" "SOFTWARE\\Microsoft\\VisualStudio\\6.0\\Set"... "Software\\Valve\\Steam" "No" "Yes" |
sub_40AB05(47f4): MSVCRT.clock |
sub_410BCF(4878): MSVCRT._CxxThrowException |
sub_402D7B(4879): KERNEL32.LoadLibraryA KERNEL32.GetProcAddress "kernel32.dll" "InitializeCriticalSectionAndSpinCount" "netapi32.dll" "NetUseAdd" "NetUseDel" "NetUserEnum" "NetShareEnum" "NetRemoteTOD" "NetApiBufferFree" "NetScheduleJobAdd" "NetAddAlternateComputerName" "mpr.dll" "WNetAddConnection2A" "WNetAddConnection2W" "WNetCancelConnection2A" "WNetCancelConnection2W" "ws2_32.dll" "getaddrinfo" "getnameinfo" "freeaddrinfo" "pstorec.dll" "PStoreCreateInstance" "wininet.dll" "InternetGetConnectedStateExA" |
sub_40663C(48c8): MSVCRT.free MSVCRT.vsprintf MSVCRT._beginthreadex MSVCRT.memset |
sub_40287C(491f): KERNEL32.GetModuleHandleA KERNEL32.GetModuleFileNameA KERNEL32.ExitProcess "EXCEPTION_OTHER" "EXCEPTION_ILLEGAL_INSTRUCTION" "EXCEPTION_ACCESS_VIOLATION" "EXCEPTION_BREAKPOINT" "EXCEPTION_NONCONTINUABLE_EXCEPTION" "EXCEPTION_STACK_OVERFLOW" "EXCEPTION_INT_DIVIDE_BY_ZERO" "EXCEPTION_FLT" "Restarting" "Continuing" "open" "QUIT :exitting" "QUIT :restarting" |
sub_403925(4a83): MSVCRT.malloc |
sub_404691(4b5b): KERNEL32.GetSystemDirectoryA MSVCRT._mbscat MSVCRT._mbscpy MSVCRT.fopen MSVCRT.fclose "rb" |
sub_40C225(4e19): MSVCRT.memset MSVCRT.memcpy MSVCRT.strlen MSVCRT._snprintf MSVCRT.mbstowcs MSVCRT._strcmpi MSVCRT.strncat KERNEL32.CreateFileA KERNEL32.WriteFile MSVCRT.wcslen MSVCRT.malloc KERNEL32.CloseHandle MSVCRT.wcscpy MSVCRT.free |
sub_405BEB(4f25): MSVCRT._mbscpy MSVCRT.clock "80" |
sub_40AE3D(5191): MSVCRT.memset MSVCRT.memcpy MSVCRT.strlen WS2_32.recv "\r\n" "rxbot" "rxbot was here" "12/12/04 13:13:13" "rxbot_paradise" "131.131.131.131" |
sub_40110A(5491): KERNEL32.SetFileAttributesA KERNEL32.DeleteFileA MSVCRT.strlen |
sub_4034E7(5495): WS2_32.getsockname WS2_32.htons MSVCRT._itoa |
sub_403536(5495): WS2_32.getpeername WS2_32.htons MSVCRT._itoa |
sub_408F9D(55f9): MSVCRT._strcmpi MSVCRT.strlen MSVCRT._mbscpy MSVCRT.memset MSVCRT.atoi MSVCRT.sprintf MSVCRT.strcmp KERNEL32.lstrcmp KERNEL32.GetVersionExA MSVCRT.strncpy MSVCRT.strstr MSVCRT._snprintf "PING" "PONG %s" "PONG" "MODE" "PRIVMSG" "SEND" "eggdrop v1.6.16" "433" "UNK" "B" "A" "G" "%c%s%c%c%u%c%u%s%c%c%c" "ERROR" "JOIN" "MODE %s +smntu" "001" "MODE %s +xi" "USERHOST %s" "451" "302" "@" "NICK" "332" "][" "link!link@link PRIVMSG %s :%s" "PRIVMSG" "NOTICE" "*" |
sub_40D5AA(569e): MSVCRT.malloc "TFTP wormride thread" |
sub_40B27D(5a2b): WS2_32.recv |
sub_40EB9C(5f54): MSVCRT.memcpy MSVCRT.free MSVCRT.clock |
sub_40AB30(6018): MSVCRT.clock |
sub_40AB18(6018): MSVCRT.clock |
sub_40CA47(610e): MSVCRT._snprintf MSVCRT.strlen MSVCRT.sscanf MSVCRT.fopen MSVCRT.fseek MSVCRT.ftell MSVCRT.fclose KERNEL32.Sleep "%u,%u,%u,%u,%u,%u" "rb" "150 -\r\n" "rb" "-x 3 2000 fh 1024 Jan 1 0:00 .\r\ndrwxr-x"... "150 -\r\n" "ftp" "221 -\r\n" "231 -\r\n" |
sub_406324(643e): KERNEL32.QueryPerformanceCounter KERNEL32.QueryPerformanceFrequency MSVCRT.ceil MSVCRT._ftol KERNEL32.GetTickCount |
sub_406110(656c): MSVCRT.memcpy MSVCRT.free KERNEL32.GetDriveTypeA MSVCRT.memset MSVCRT._mbscat KERNEL32.GetDiskFreeSpaceExA USER32.wsprintfA "Drive information - " "removable" ". " "fixed" "remote" "cd-rom" "ramdisk" "unknown" ". " |
sub_40B00A(65c0): WS2_32.recv MSVCRT.atoi |
sub_40AD2B(65c0): WS2_32.recv MSVCRT.atoi |
sub_401EA8(65da): MSVCRT.atoi MSVCRT.malloc MSVCRT.strncpy MSVCRT.memcpy |
sub_404138(66cf): MSVCRT.free |
sub_405E4E(6779): MSVCRT.memcpy MSVCRT.free MSVCRT._mbscpy WS2_32.getaddrinfo WS2_32.getnameinfo WS2_32.freeaddrinfo WININET.InternetGetConnectedStateEx MSVCRT._snprintf "Unknown" "Modem" "LAN" "Yes" "No" "Bad" "Avarage" "Good" |
sub_403402(6912): WS2_32.ioctlsocket |
sub_404863(6aa0): MSVCRT.strlen |
sub_40325E(6abb): MSVCRT.atoi |
sub_408406(6bf1): MSVCRT.memcpy MSVCRT.free MSVCRT._snprintf ";" "link!link@link PRIVMSG %s :%s" |
sub_404202(6d82): MSVCRT.malloc MSVCRT.memcpy |
sub_40D628(6e75): MSVCRT.memcpy WS2_32.inet_addr MSVCRT.atoi WS2_32.htons |
sub_4087CE(6f93): MSVCRT.malloc "Executing command(s): %s" |
sub_40DB90(7054): WS2_32.select WS2_32.shutdown KERNEL32.Sleep |
sub_403D54(7070): WS2_32.send |
sub_40EA34(75c4): MSVCRT.malloc MSVCRT.memcpy "Attempting to exploit IP's in list." |
sub_401000(764f): MSVCRT._mbscpy ADVAPI32.RegOpenKeyExA ADVAPI32.RegEnumValueA ADVAPI32.RegDeleteValueA ADVAPI32.RegCloseKey |
sub_402D67(767e): MSVCRT.free |
sub_404240(76f0): MSVCRT.atoi MSVCRT.malloc KERNEL32.OpenProcess MSVCRT.free KERNEL32.ReadProcessMemory KERNEL32.CloseHandle |
sub_40C75B(775b): MSVCRT.memcmp |
sub_401534(78c2): KERNEL32.CloseHandle |
sub_406096(7986): KERNEL32.GetDriveTypeA KERNEL32.GetDiskFreeSpaceExA MSVCRT.memset |
sub_40B7A2(7b41): MSVCRT.wcslen MSVCRT.memcpy WS2_32.recv MSVCRT.memset |
sub_40371E(7c39): WS2_32.__WSAFDIsSet WS2_32.accept WS2_32.select |
sub_404BC3(7f2a): KERNEL32.GetModuleHandleA KERNEL32.GetModuleFileNameA KERNEL32.GetSystemDirectoryA MSVCRT._mbscat MSVCRT._strcmpi WS2_32.WSACleanup KERNEL32.ExitProcess "Windows DLL Loader" "QUIT :%s uninstalled." "QUIT :%s uninstalled." |
sub_403D69(81e8): WS2_32.recv WS2_32.WSASetLastError |
sub_40640D(84c2): KERNEL32.QueryPerformanceCounter KERNEL32.QueryPerformanceFrequency MSVCRT.ceil MSVCRT._ftol KERNEL32.GetTickCount |
sub_40A9A3(858c): ADVAPI32.CryptAcquireContextA ADVAPI32.CryptGenRandom ADVAPI32.CryptReleaseContext |
sub_406753(85ac): KERNEL32.CloseHandle MSVCRT.memset |
sub_408EBA(8667): USER32.FindWindowA "mIRC" |
sub_40D1B3(8713): MSVCRT.malloc "FTP wormride thread" |
sub_403DD6(878a): WS2_32.select WS2_32.__WSAFDIsSet |
sub_4048CF(891f): MSVCRT._mbscpy MSVCRT.strlen MSVCRT.malloc KERNEL32.DeleteFileA KERNEL32.CreateFileA USER32.wsprintfA KERNEL32.WriteFile KERNEL32.CloseHandle ".bat" "@echo off\r\n:deleteagain\r\ndel /A:H /F %s"... "open" |
sub_403495(8bc6): WS2_32.getpeername WS2_32.getnameinfo |
sub_403443(8bc6): WS2_32.getsockname WS2_32.getnameinfo |
sub_401985(8bea): MSVCRT.memcpy MSVCRT.free KERNEL32.DeleteFileA MSVCRT.fopen MSVCRT.fclose MSVCRT.clock WS2_32.recv WS2_32.htonl MSVCRT.fwrite MSVCRT.ftell |
sub_40F089(8d67): MSVCRT.sscanf "yA36zA48dEhfrvghGRg57h5UlDv3" "yA36zA48dEhfrvghGRg57h5UlDv3" |
sub_408BA7(8e36): KERNEL32.Sleep |
sub_40BE08(8f23): MSVCRT.memcpy MSVCRT.memset |
sub_403D27(95cd): WS2_32.shutdown KERNEL32.Sleep |
sub_409C55(9708): MSVCRT.strlen |
sub_40519C(9940): MSVCRT.strlen |
sub_409E49(9ae7): MSVCRT.memcpy MSVCRT._lrotl |
sub_404715(9b52): KERNEL32.GetWindowsDirectoryA MSVCRT._mbscat KERNEL32.CreateFileA KERNEL32.GetFileTime KERNEL32.CloseHandle KERNEL32.SetFileTime |
sub_4088FC(9baa): MSVCRT._mbscpy KERNEL32.GetVersionExA MSVCRT.sprintf "PASS %s" "USER %s %s %s :%s" "UNK" "B" "A" "G" "%c%s%c%c%u%c%u%s%c%c%c" |
sub_40DA6E(9c33): MSVCRT.memcpy MSVCRT.memset WS2_32.shutdown KERNEL32.Sleep |
sub_4070F0(9df7): MSVCRT.malloc MSVCRT._mbscpy MSVCRT.memcpy |
sub_406AEF(9fab): NTDLL.RtlLeaveCriticalSection |
sub_406AE4(9fab): NTDLL.RtlEnterCriticalSection |
sub_403D49(9fab): WS2_32.closesocket |
sub_406F40(a0f6): USER32.wsprintfA MSVCRT.strlen MSVCRT.strcmp KERNEL32.Sleep |
sub_40678D(a1a0): MSVCRT.atoi MSVCRT._snprintf "*%s*" |
sub_402C11(a581): WS2_32.inet_ntoa WS2_32.gethostbyaddr MSVCRT.strlen WS2_32.WSAGetLastError WS2_32.htons MSVCRT._itoa WS2_32.WSASetLastError MSVCRT._mbscpy |
sub_41041B(a5b4): MSVCRT.malloc MSVCRT.atoi MSVCRT.memcpy |
sub_40BB6E(a7e9): WS2_32.recv |
sub_4050D1(a9eb): MSVCRT._itoa MSVCRT.malloc MSVCRT._mbscpy MSVCRT.memcpy |
sub_401B81(aeb7): MSVCRT.memcpy MSVCRT.free MSVCRT.strlen MSVCRT._mbscpy WS2_32.getsockname WS2_32.getnameinfo MSVCRT._itoa MSVCRT.fopen MSVCRT.fseek MSVCRT.ftell WS2_32.inet_addr WS2_32.htonl MSVCRT.clock MSVCRT.fread MSVCRT.fclose "rb" "DCC Send %s (%s)" |
sub_404317(af3e): MSVCRT.atoi KERNEL32.GetCurrentProcessId KERNEL32.OpenProcess KERNEL32.TerminateProcess KERNEL32.CloseHandle |
sub_40B32A(afe1): MSVCRT.memcpy MSVCRT.memset "FXNBFXFXNBFXFXFXFX" "\\C$\\123456111111111111111.doc" |
sub_40311D(b09f): MSVCRT._snprintf KERNEL32.MultiByteToWideChar |
sub_4057B0(b0d0): KERNEL32.Sleep |
sub_40FCB2(b0e3): MSVCRT.malloc "Internet explorer password stealer" |
sub_40F11A(b137): ADVAPI32.RegOpenKeyExA ADVAPI32.RegQueryValueExA ADVAPI32.RegCloseKey MSVCRT._mbscpy KERNEL32.GetEnvironmentVariableA MSVCRT._mbscat MSVCRT.fopen KERNEL32.GetDriveTypeA MSVCRT.sprintf "SOFTWARE\\Classes\\Applications\\FlashFXP."... "sites.dat" "ProgramFiles" "\\FlashFXP\\sites.dat" "rb" "%sFlashFXP\\sites.dat" |
sub_40DE7D(b368): WS2_32.recv MSVCRT.strstr MSVCRT._strnicmp MSVCRT.sscanf "OPTIONS / HTTP/1.0\r\n\r\n" "Server:" "Microsoft-IIS" "Microsoft-IIS/%u.%u" "Apache" |
sub_408832(b4b6): MSVCRT._mbscpy "6667" |
sub_4045E4(b525): KERNEL32.GetSystemDirectoryA MSVCRT._mbscat MSVCRT._mbscpy KERNEL32.DeleteFileA MSVCRT.fopen MSVCRT.fwrite MSVCRT.fclose |
sub_404D33(b6e7): MSVCRT.memcpy MSVCRT.free WS2_32.recv MSVCRT.strncmp MSVCRT.memset WS2_32.htons MSVCRT._itoa WS2_32.inet_ntoa KERNEL32.Sleep |
sub_401571(b877): KERNEL32.Sleep MSVCRT.clock MSVCRT.sprintf |
sub_406541(bab1): MSVCRT.malloc MSVCRT._beginthreadex KERNEL32.CloseHandle MSVCRT.free |
sub_40AC87(bab3): MSVCRT.memcmp MSVCRT.strcmp "\r\n\r\nUser Access Verification\r\n\r\nPasswor"... "telnet" |
sub_4104A1(bcbe): MSVCRT.fopen MSVCRT.fclose "rb" |
sub_40735A(be1d): MSVCRT._mbscpy MSVCRT.memcpy USER32.GetForegroundWindow USER32.GetWindowTextA MSVCRT.strlen MSVCRT.strcmp MSVCRT.malloc MSVCRT.free MSVCRT.clock MSVCRT.atoi KERNEL32.Sleep MSVCRT._strcmpi KERNEL32.GetModuleHandleA KERNEL32.GetModuleFileNameA KERNEL32.ExitProcess WS2_32.getaddrinfo WS2_32.getnameinfo WS2_32.freeaddrinfo MSVCRT.memcmp MSVCRT.memset WS2_32.htons WS2_32.socket WS2_32.connect WS2_32.send WS2_32.closesocket MSVCRT._strnicmp "It took me %ums." "on" "off" "on" "open" "QUIT :restarting" "2002" "9252" "id" "username" "QUIT :changing server" "QUIT :exitting" |
sub_4027CB(c630): MSVCRT.malloc MSVCRT._mbscat |
sub_40CF3E(c65d): MSVCRT.strcmp MSVCRT.sprintf MSVCRT.strlen |
sub_40ED30(c844): MSVCRT.memcpy MSVCRT.free KERNEL32.Sleep MSVCRT.clock MSVCRT._itoa |
sub_406AB6(c866): MSVCRT.memset KERNEL32.InitializeCriticalSectionAndSpinCount KERNEL32.InitializeCriticalSection |
sub_406BE0(c872): MSVCRT.memcpy MSVCRT.free KERNEL32.LoadLibraryA KERNEL32.GetProcAddress WS2_32.inet_addr WS2_32.gethostbyname MSVCRT.printf WS2_32.gethostbyaddr "ICMP.DLL" "IcmpCreateFile" "IcmpSendEcho" "IcmpCloseHandle" "Could not resolve name" |
sub_402EFD(caf6): MSVCRT.memcpy MSVCRT.free MSVCRT.strlen MSVCRT._mbscpy MSVCRT._mbscat " : USERID : UNIX : " "\r\n" |
sub_402A12(cbb6): WS2_32.WSASetLastError MSVCRT.malloc MSVCRT.memset MSVCRT.atoi WS2_32.htons MSVCRT.memcpy WS2_32.gethostbyname |
sub_403E60(cc3d): MSVCRT.memset MSVCRT.memcpy |
sub_40C146(cddc): MSVCRT.malloc MSVCRT.memcpy KERNEL32.WriteFile MSVCRT.free |
sub_40331D(cded): WS2_32.socket |
sub_406868(d145): MSVCRT.atoi MSVCRT.memset KERNEL32.TerminateThread KERNEL32.CloseHandle MSVCRT._snprintf "*%s*" |
sub_403E9B(d14f): KERNEL32.LoadLibraryA KERNEL32.GetProcAddress "psapi.dll" "EnumProcessModules" "GetModuleFileNameExA" "GetModuleInformation" |
sub_403AFB(d523): MSVCRT.memset WS2_32.getaddrinfo WS2_32.socket WS2_32.connect WS2_32.WSAGetLastError WS2_32.freeaddrinfo |
sub_406596(d53b): MSVCRT._mbscpy "thread" |
sub_408D50(d604): MSVCRT.sprintf MSVCRT._mbscat MSVCRT._vsnprintf MSVCRT.strlen "NOTICE %s :" "PRIVMSG %s :" "\r\n" |
sub_40397D(d6d9): MSVCRT.memcpy |
sub_403F1D(d775): MSVCRT.malloc MSVCRT.realloc MSVCRT.free MSVCRT.memset MSVCRT._mbscpy KERNEL32.OpenProcess MSVCRT.strncpy MSVCRT.strlen KERNEL32.CloseHandle "system" |
sub_409EB3(d7ce): MSVCRT.memmove MSVCRT._lrotr |
sub_40D201(d7ec): MSVCRT.memcpy MSVCRT.free WS2_32.socket MSVCRT.memset WS2_32.htons WS2_32.inet_addr WS2_32.setsockopt WS2_32.bind MSVCRT.fopen MSVCRT.fseek MSVCRT.ftell WS2_32.select WS2_32.recvfrom MSVCRT.strlen MSVCRT.strncmp MSVCRT.fread WS2_32.sendto WS2_32.inet_ntoa MSVCRT.fclose WS2_32.closesocket "rb" "octet" "wormride" |
sub_403424(d87b): WS2_32.ioctlsocket |
sub_4038E1(d94c): MSVCRT.free |
sub_402230(d9a0): MSVCRT.memcpy MSVCRT.free MSVCRT._mbscpy MSVCRT._strnicmp KERNEL32.CopyFileA NTDLL.RtlGetLastWin32Error MSVCRT.strlen MSVCRT.strstr MSVCRT.clock KERNEL32.DeleteFileA "http://" "80" "ftp://" "21" "anonymous" "tftp://" "69" ":" "/" "open" |
sub_405580(dea4): MSVCRT.sprintf |
sub_403201(e072): MSVCRT.strncmp |
sub_403585(e0c9): WS2_32.getaddrinfo WS2_32.getnameinfo MSVCRT._mbscpy WS2_32.freeaddrinfo |
sub_40E7C8(e10a): MSVCRT.memcpy MSVCRT.free MSVCRT.malloc |
sub_4051D2(e1c2): MSVCRT.memset MSVCRT._mbscpy |
sub_405670(e39f): MSVCRT._mbscpy MSVCRT.sprintf |
sub_406E50(e5a3): MSVCRT.malloc MSVCRT.memcpy MSVCRT._mbscpy MSVCRT.atoi KERNEL32.CreateThread MSVCRT.free KERNEL32.CloseHandle |
sub_4031E0(e5e3): MSVCRT._itoa |
sub_4054C3(e720): MSVCRT._itoa MSVCRT.atoi MSVCRT._mbscpy |
sub_40DD96(e74b): MSVCRT.malloc MSVCRT.atoi MSVCRT._itoa |
sub_40647C(e967): MSVCRT.malloc |
sub_4030A7(e9b9): MSVCRT.malloc |
sub_40FFBC(e9b9): MSVCRT.memcpy MSVCRT.free |
sub_404F90(ea71): MSVCRT.memcpy MSVCRT.free MSVCRT.malloc MSVCRT._mbscpy |
sub_40D9B4(eb14): MSVCRT.memcpy |
sub_40FEA2(ebd6): MSVCRT.malloc "Listing interesting processes" |
sub_40605E(ebd6): MSVCRT.malloc |
sub_40EB64(ebd6): MSVCRT.malloc "Listing exploit statistics" |
sub_405BB3(ebd6): MSVCRT.malloc |
sub_40F515(ebd6): MSVCRT.malloc "FlashFXP password stealer" |
sub_4062EC(ebd6): MSVCRT.malloc "Driveinfo thread" |
sub_40DCB8(efbe): MSVCRT.memcpy MSVCRT.free MSVCRT._mbscpy |
sub_40DA07(f061): MSVCRT._mbscpy "unknown" |
sub_41054F(f0f6): KERNEL32.SetErrorMode MSVCRT.sprintf KERNEL32.Sleep KERNEL32.CreateMutexA NTDLL.RtlGetLastWin32Error KERNEL32.GetModuleHandleA KERNEL32.GetModuleFileNameA MSVCRT._mbscpy MSVCRT.strlen WS2_32.WSAStartup "%08x%x%08x%3x%08x%08x" "PING :%08X" "loop" "main" |
sub_408C6C(f124): MSVCRT.sprintf MSVCRT._vsnprintf MSVCRT._mbscat MSVCRT.strlen "NOTICE %s :" "\r\n" |
sub_408CDE(f124): MSVCRT.sprintf MSVCRT._vsnprintf MSVCRT._mbscat MSVCRT.strlen "PRIVMSG %s :" "\r\n" |
sub_403AE6(f208): MSVCRT.free |
sub_40B4D5(f3e7): WS2_32.recv MSVCRT.memcpy MSVCRT.memset |
sub_4049B5(f5d2): KERNEL32.GetModuleHandleA KERNEL32.GetModuleFileNameA KERNEL32.GetSystemDirectoryA MSVCRT._mbscat MSVCRT._strcmpi KERNEL32.DeleteFileA KERNEL32.CopyFileA KERNEL32.SetFileAttributesA MSVCRT.memset KERNEL32.CreateProcessA WS2_32.WSACleanup MSVCRT.exit "Windows DLL Loader" |
sub_40F54D(f9b7): MSVCRT.memcpy MSVCRT.free USER32.wsprintfA MSVCRT.strlen KERNEL32.lstrcpy KERNEL32.lstrcmp MSVCRT.strstr KERNEL32.Sleep USER32.IsCharAlphaNumericA KERNEL32.lstrlen KERNEL32.lstrcpyn MSVCRT.memset "%x" "%ws" "220d5cc1" "5e7e8100" ":" "b9819c52" "e161255a" "StringIndex" |
sub_40E629(fa96): MSVCRT.atoi MSVCRT._mbscpy MSVCRT._strcmpi MSVCRT.malloc MSVCRT.memcpy |
sub_407290(fc09): MSVCRT.strlen MSVCRT.tolower "abcdef" |
sub_4011C4(fee6): MSVCRT.memcpy MSVCRT.free MSVCRT.malloc KERNEL32.GetCurrentProcessId KERNEL32.GetModuleHandleA KERNEL32.GetModuleFileNameA MSVCRT._strcmpi KERNEL32.OpenProcess KERNEL32.ReadProcessMemory KERNEL32.Sleep KERNEL32.TerminateProcess KERNEL32.CloseHandle |