sub_outside(): MSVCRT.memcmp MSVCRT.strcmp MSVCRT.memset MSVCRT.memcpy MSVCRT.strlen WS2_32.recv KERNEL32.Sleep KERNEL32.SetErrorMode MSVCRT.sprintf KERNEL32.CreateMutexA NTDLL.RtlGetLastWin32Error KERNEL32.GetModuleHandleA KERNEL32.GetModuleFileNameA MSVCRT._mbscpy WS2_32.WSAStartup WS2_32.WSACleanup MSVCRT.exit |
sub_403644(0028): MSVCRT.malloc MSVCRT.memset WS2_32.getaddrinfo WS2_32.socket WS2_32.setsockopt WS2_32.bind WS2_32.listen WS2_32.freeaddrinfo MSVCRT.free |
sub_40485F(0067): MSVCRT.memcpy MSVCRT.free KERNEL32.Sleep |
sub_405FF3(006a): MSVCRT.memcpy MSVCRT.free KERNEL32.GlobalMemoryStatus ADVAPI32.GetUserNameA KERNEL32.GetComputerNameA KERNEL32.GetVersionExA ADVAPI32.RegOpenKeyExA ADVAPI32.RegQueryValueExA ADVAPI32.RegCloseKey MSVCRT._snprintf "?" "no SP" "95" "NT" "98" "ME" "2000" "XP" "2003" "Yes" "No" "HARDWARE\\DESCRIPTION\\System\\CentralProc"... "ProcessorNameString" |
sub_401621(00b9): MSVCRT.memcpy MSVCRT.free MSVCRT.clock KERNEL32.SearchPathA KERNEL32.CreatePipe KERNEL32.GetCurrentProcess KERNEL32.DuplicateHandle MSVCRT.memset KERNEL32.CreateProcessA KERNEL32.CloseHandle KERNEL32.PeekNamedPipe KERNEL32.GetExitCodeProcess KERNEL32.Sleep KERNEL32.ReadFile "cmd.exe" "Could not read data from process." "Cmd.exe process has terminated." |
sub_4097DB(027e): MSVCRT._vsnprintf MSVCRT._mbscat MSVCRT.strlen "\r\n" |
sub_40EE23(046a): MSVCRT.memcpy MSVCRT.free MSVCRT.memset MSVCRT._mbscpy MSVCRT._strcmpi MSVCRT.sprintf KERNEL32.Sleep MSVCRT.clock MSVCRT.strcmp MSVCRT.malloc |
sub_401FA3(076b): MSVCRT.malloc MSVCRT.strncpy MSVCRT.memcpy |
sub_40F727(0962): MSVCRT.memcpy MSVCRT.free MSVCRT._mbscpy MSVCRT._mbscat MSVCRT.strlen MSVCRT.sprintf "Exploit statistics - " |
sub_405A0D(0a88): MSVCRT.strlen MSVCRT._strnicmp |
sub_40D63E(0b03): MSVCRT.fopen MSVCRT.fread MSVCRT.fclose "rb" |
sub_407A76(0b7a): MSVCRT._mbscpy MSVCRT.memcpy USER32.GetForegroundWindow USER32.GetWindowTextA MSVCRT.strlen MSVCRT.strcmp ADVAPI32.RegOpenKeyExA ADVAPI32.RegQueryValueExA ADVAPI32.RegCloseKey MSVCRT.malloc MSVCRT.free MSVCRT.clock MSVCRT.atoi KERNEL32.Sleep MSVCRT._strcmpi KERNEL32.GetModuleHandleA KERNEL32.GetModuleFileNameA KERNEL32.ExitProcess WS2_32.getaddrinfo WS2_32.getnameinfo WS2_32.freeaddrinfo MSVCRT.memcmp MSVCRT.memset WS2_32.htons WS2_32.socket WS2_32.connect WS2_32.send WS2_32.closesocket MSVCRT._strnicmp "This build is fully functional" "This build is broken and will not funct"... "It took me %ums." "on" "off" "on" "open" "QUIT :restarting" "2002" "9252" "id" "username" "QUIT :changing server" "QUIT :exitting" |
sub_40B380(0d43): MSVCRT.clock |
sub_40C135(0db0): MSVCRT.wcslen MSVCRT.memcpy WS2_32.recv MSVCRT.memset |
sub_408E1A(0ede): MSVCRT.strstr MSVCRT.sscanf MSVCRT.atoi MSVCRT._strcmpi ")" "&&" "%32s %16s %32s" "$uptime" "$version" "$free" "$latency" "$firewall" "$ipv6" "$uptime" "$version" "$free" "$latency" "$firewall" "$ipv6" "==" "!=" ">" ">=" "<=" |
sub_40DD36(0fc2): MSVCRT.memcpy MSVCRT.free MSVCRT._itoa "127.0.0.1" |
sub_4018D5(0fd9): MSVCRT.malloc MSVCRT._mbscat "open" "Remote cmd thread" "\r\n" "Error while executing command." |
sub_4014B0(1095): MSVCRT.strlen MSVCRT.malloc MSVCRT.strncpy "Listing" "Killing" |
sub_41115C(1251): MSVCRT.fopen MSVCRT.fseek MSVCRT.ftell MSVCRT.fclose "rb" |
sub_4111A9(1423): KERNEL32.DeleteFileA |
sub_40A8CC(150d): MSVCRT.memcpy |
sub_40A236(159a): MSVCRT._strcmpi MSVCRT.strcmp "302" "PRIVMSG" "NOTICE" |
sub_40D42D(1756): WS2_32.socket MSVCRT.memset WS2_32.htons WS2_32.inet_addr WS2_32.connect WS2_32.send WS2_32.recv WS2_32.closesocket "5000" |
sub_40E399(1bbc): MSVCRT.memcpy |
sub_4077A7(1d88): MSVCRT.memcpy MSVCRT.free |
sub_4033F9(1fd6): MSVCRT._mbscpy "80" |
sub_404EDC(20a7): ADVAPI32.RegCreateKeyExA KERNEL32.GetSystemDirectoryA MSVCRT._mbscat KERNEL32.lstrlen ADVAPI32.RegSetValueExA ADVAPI32.RegDeleteValueA ADVAPI32.RegCloseKey "Software\\Microsoft\\Windows\\CurrentVersi"... |
sub_403AB5(21e0): WS2_32.__WSAFDIsSet |
sub_40E523(221c): MSVCRT.strcmp MSVCRT.fopen MSVCRT.fread MSVCRT.fclose "rb" |
sub_40B459(22b6): MSVCRT.clock |
sub_40FBA7(25cf): MSVCRT.atoi MSVCRT.malloc MSVCRT.strncpy MSVCRT.memcpy |
sub_403A1B(25f7): WS2_32.select |
sub_40FEB8(27ea): MSVCRT.memcpy MSVCRT.free MSVCRT.fopen MSVCRT.fseek MSVCRT.ftell MSVCRT.malloc MSVCRT.fclose MSVCRT.fread MSVCRT.strstr MSVCRT.sscanf KERNEL32.Sleep "rb" "\r\n\r\n[" "\r\nIP=" "\r\nPort=" "\r\nUser=" "\r\nPass=" "[%[^]]]\r\n" "\r\nIP=%127s\r\n" "\r\nPort=%127s\r\n" "\r\nUser=%127s\r\n" "\r\nPass=%127s\r\n" |
sub_40719C(291c): MSVCRT.malloc MSVCRT.free |
sub_40E496(2937): MSVCRT._mbscpy MSVCRT.memcpy |
sub_404FA8(2a2f): KERNEL32.GetModuleHandleA KERNEL32.GetModuleFileNameA KERNEL32.SetCurrentDirectoryA |
sub_4044AA(2e27): MSVCRT.malloc MSVCRT.atoi "LG flooder" |
sub_407237(339a): MSVCRT.printf MSVCRT.memset NTDLL.RtlGetLastWin32Error "Could not get a valid ICMP handle\n" |
sub_4018A7(344a): MSVCRT.strlen KERNEL32.WriteFile |
sub_406BBC(34a5): MSVCRT.free KERNEL32.IsBadCodePtr USER32.wsprintfA "btg" "thread" |
sub_403C04(34ad): MSVCRT.memset WS2_32.getaddrinfo WS2_32.socket WS2_32.connect WS2_32.WSAGetLastError WS2_32.select WS2_32.freeaddrinfo |
sub_409843(3571): KERNEL32.CreateFileMappingA KERNEL32.MapViewOfFile MSVCRT.sprintf USER32.SendMessageA KERNEL32.UnmapViewOfFile KERNEL32.CloseHandle "mIRC" |
sub_406AB7(36b2): KERNEL32.QueryPerformanceCounter KERNEL32.QueryPerformanceFrequency MSVCRT.ceil MSVCRT._ftol KERNEL32.GetTickCount |
sub_40E61A(37d6): WS2_32.recv |
sub_40F908(3831): MSVCRT.atoi MSVCRT.malloc "80" |
sub_40BAAF(39aa): MSVCRT.memset MSVCRT.memcpy WS2_32.recv "\r\n" |
sub_40E8E1(3bbf): WS2_32.shutdown KERNEL32.Sleep |
sub_402018(3bcd): MSVCRT._snprintf MSVCRT.strlen MSVCRT.strstr MSVCRT.sscanf MSVCRT.fopen MSVCRT.fwrite MSVCRT.fclose KERNEL32.DeleteFileA "GET /%s HTTP/1.0\r\nHost: %s\r\n\r\n" "\r\n\r\n" "Content-Length: %u\r\n" |
sub_40A96B(3bef): MSVCRT.memset |
sub_404ACF(3f4e): MSVCRT._strnicmp MSVCRT.strlen MSVCRT._mbscpy MSVCRT.memcpy ADVAPI32.RegOpenKeyExA MSVCRT.malloc ADVAPI32.RegQueryValueExA MSVCRT.sprintf MSVCRT._mbscat MSVCRT.free ADVAPI32.RegCloseKey "HKCR" "HKCU" "HKLM" "HKUS" |
sub_40ECD6(3f4f): MSVCRT.memcpy MSVCRT.free MSVCRT._itoa MSVCRT._mbscpy |
sub_4063E4(3fcf): MSVCRT._mbscpy MSVCRT._snprintf MSVCRT.strlen MSVCRT.clock MSVCRT._ftol "80" "GET /%s HTTP/1.0\r\nHost: %s\r\n\r\n" |
sub_40A44E(3feb): MSVCRT.strlen |
sub_405F9A(4220): KERNEL32.GetLocaleInfoA MSVCRT._strcmpi |
sub_4118FE(4529): KERNEL32.LocalFree |
sub_4098C7(4531): MSVCRT.strlen |
sub_410999(45f6): MSVCRT.memcpy MSVCRT.free USER32.GetWindowTextA MSVCRT._strnicmp MSVCRT.strcmp ADVAPI32.RegOpenKeyExA ADVAPI32.RegCloseKey "Unreal3" "World Of Warcraft" "[Conquer]" "SOFTWARE\\Microsoft\\VisualStudio\\6.0\\Set"... "Software\\Valve\\Steam" "No" "Yes" |
sub_40B480(47f4): MSVCRT.clock |
sub_41185F(4878): MSVCRT._CxxThrowException |
sub_402D7B(4879): KERNEL32.LoadLibraryA KERNEL32.GetProcAddress "kernel32.dll" "InitializeCriticalSectionAndSpinCount" "netapi32.dll" "NetUseAdd" "NetUseDel" "NetUserEnum" "NetShareEnum" "NetRemoteTOD" "NetApiBufferFree" "NetScheduleJobAdd" "NetAddAlternateComputerName" "mpr.dll" "WNetAddConnection2A" "WNetAddConnection2W" "WNetCancelConnection2A" "WNetCancelConnection2W" "ws2_32.dll" "getaddrinfo" "getnameinfo" "freeaddrinfo" "pstorec.dll" "PStoreCreateInstance" "wininet.dll" "InternetGetConnectedStateExA" |
sub_406D58(48c8): MSVCRT.free MSVCRT.vsprintf MSVCRT._beginthreadex MSVCRT.memset |
sub_40287C(491f): KERNEL32.GetModuleHandleA KERNEL32.GetModuleFileNameA KERNEL32.ExitProcess "EXCEPTION_OTHER" "EXCEPTION_ILLEGAL_INSTRUCTION" "EXCEPTION_ACCESS_VIOLATION" "EXCEPTION_BREAKPOINT" "EXCEPTION_NONCONTINUABLE_EXCEPTION" "EXCEPTION_STACK_OVERFLOW" "EXCEPTION_INT_DIVIDE_BY_ZERO" "EXCEPTION_FLT" "Restarting" "Continuing" "open" "QUIT :exitting" "QUIT :restarting" |
sub_410C55(4963): MSVCRT.memcpy MSVCRT.free WS2_32.socket WS2_32.gethostname WS2_32.gethostbyname MSVCRT.memset WS2_32.bind WS2_32.WSAIoctl WS2_32.inet_addr MSVCRT.atoi WS2_32.recv MSVCRT.strlen WS2_32.htons WS2_32.inet_ntoa MSVCRT.sprintf KERNEL32.Sleep WS2_32.closesocket |
sub_40396E(4a83): MSVCRT.malloc |
sub_404DAD(4b5b): KERNEL32.GetSystemDirectoryA MSVCRT._mbscat MSVCRT._mbscpy MSVCRT.fopen MSVCRT.fclose "rb" |
sub_40CEBE(4e19): MSVCRT.memset MSVCRT.memcpy MSVCRT.strlen MSVCRT._snprintf MSVCRT.mbstowcs MSVCRT._strcmpi MSVCRT.strncat KERNEL32.CreateFileA KERNEL32.WriteFile MSVCRT.wcslen MSVCRT.malloc KERNEL32.CloseHandle MSVCRT.wcscpy MSVCRT.free |
sub_406307(4f25): MSVCRT._mbscpy MSVCRT.clock "80" |
sub_40A82E(5193): MSVCRT.memmove MSVCRT._lrotr |
sub_40110A(5491): KERNEL32.SetFileAttributesA KERNEL32.DeleteFileA MSVCRT.strlen |
sub_40357F(5495): WS2_32.getpeername WS2_32.htons MSVCRT._itoa |
sub_403530(5495): WS2_32.getsockname WS2_32.htons MSVCRT._itoa |
sub_409918(55f9): MSVCRT._strcmpi MSVCRT.strlen MSVCRT._mbscpy MSVCRT.memset MSVCRT.atoi MSVCRT.sprintf MSVCRT.strcmp KERNEL32.lstrcmp KERNEL32.GetVersionExA MSVCRT.strncpy MSVCRT.strstr MSVCRT._snprintf "PING" "PONG %s" "PONG" "MODE" "PRIVMSG" "SEND" "eggdrop v1.6.16" "433" "UNK" "B" "A" "G" "%c%s%c%c%u%c%u%s%c%c%c" "ERROR" "JOIN" "MODE %s +smntu" "001" "MODE %s +xi" "USERHOST %s" "451" "302" "@" "NICK" "332" "][" "link!link@link PRIVMSG %s :%s" "PRIVMSG" "NOTICE" "*" |
sub_40E243(569e): MSVCRT.malloc "TFTP wormride thread" |
sub_40BC10(5a2b): WS2_32.recv |
sub_406F84(5d69): MSVCRT.atoi MSVCRT.memset KERNEL32.TerminateThread KERNEL32.CloseHandle MSVCRT._snprintf "*%s*" |
sub_40F835(5f54): MSVCRT.memcpy MSVCRT.free MSVCRT.clock |
sub_40B4C3(6018): MSVCRT.clock |
sub_40B4AB(6018): MSVCRT.clock |
sub_40B493(6018): MSVCRT.clock |
sub_40D6E0(610e): MSVCRT._snprintf MSVCRT.strlen MSVCRT.sscanf MSVCRT.fopen MSVCRT.fseek MSVCRT.ftell MSVCRT.fclose KERNEL32.Sleep "%u,%u,%u,%u,%u,%u" "%u" "rb" "150 -\r\n" "rb" "-x 3 2000 fh 1024 Jan 1 0:00 .\r\ndrwxr-x"... "150 -\r\n" "ftp" "221 -\r\n" "231 -\r\n" |
sub_406A40(643e): KERNEL32.QueryPerformanceCounter KERNEL32.QueryPerformanceFrequency MSVCRT.ceil MSVCRT._ftol KERNEL32.GetTickCount |
sub_40682C(656c): MSVCRT.memcpy MSVCRT.free KERNEL32.GetDriveTypeA MSVCRT.memset MSVCRT._mbscat KERNEL32.GetDiskFreeSpaceExA USER32.wsprintfA "Drive information - " "removable" ". " "fixed" "remote" "cd-rom" "ramdisk" "unknown" ". " |
sub_40B99D(65c0): WS2_32.recv MSVCRT.atoi |
sub_40B6BE(65c0): WS2_32.recv MSVCRT.atoi |
sub_401EA8(65da): MSVCRT.atoi MSVCRT.malloc MSVCRT.strncpy MSVCRT.memcpy |
sub_404854(66cf): MSVCRT.free |
sub_40656A(6779): MSVCRT.memcpy MSVCRT.free MSVCRT._mbscpy WS2_32.getaddrinfo WS2_32.getnameinfo WS2_32.freeaddrinfo WININET.InternetGetConnectedStateEx MSVCRT._snprintf "Unknown" "Modem" "LAN" "Yes" "No" "Bad" "Avarage" "Good" |
sub_40344B(6912): WS2_32.ioctlsocket |
sub_404F7F(6aa0): MSVCRT.strlen |
sub_4032A7(6abb): MSVCRT.atoi |
sub_408D81(6bf1): MSVCRT.memcpy MSVCRT.free MSVCRT._snprintf ";" "link!link@link PRIVMSG %s :%s" |
sub_40491E(6d82): MSVCRT.malloc MSVCRT.memcpy |
sub_40E2C1(6e75): MSVCRT.memcpy WS2_32.inet_addr MSVCRT.atoi WS2_32.htons |
sub_409149(6f93): MSVCRT.malloc "Executing command(s): %s" |
sub_40E829(7054): WS2_32.select WS2_32.shutdown KERNEL32.Sleep |
sub_403D9D(7070): WS2_32.send |
sub_40F6CD(75c4): MSVCRT.malloc MSVCRT.memcpy "Attempting to exploit IP's in list." |
sub_401000(764f): MSVCRT._mbscpy ADVAPI32.RegOpenKeyExA ADVAPI32.RegEnumValueA ADVAPI32.RegDeleteValueA ADVAPI32.RegCloseKey |
sub_402D67(767e): MSVCRT.free |
sub_40495C(76f0): MSVCRT.atoi MSVCRT.malloc KERNEL32.OpenProcess MSVCRT.free KERNEL32.ReadProcessMemory KERNEL32.CloseHandle |
sub_40D3F4(775b): MSVCRT.memcmp |
sub_401534(78c2): KERNEL32.CloseHandle |
sub_4067B2(7986): KERNEL32.GetDriveTypeA KERNEL32.GetDiskFreeSpaceExA MSVCRT.memset |
sub_403767(7c39): WS2_32.__WSAFDIsSet WS2_32.accept WS2_32.select |
sub_4052DF(7f2a): KERNEL32.GetModuleHandleA KERNEL32.GetModuleFileNameA KERNEL32.GetSystemDirectoryA MSVCRT._mbscat MSVCRT._strcmpi WS2_32.WSACleanup KERNEL32.ExitProcess "Windows DLL Loader" "QUIT :%s uninstalled." "QUIT :%s uninstalled." |
sub_403DB2(81e8): WS2_32.recv WS2_32.WSASetLastError |
sub_406B29(84c2): KERNEL32.QueryPerformanceCounter KERNEL32.QueryPerformanceFrequency MSVCRT.ceil MSVCRT._ftol KERNEL32.GetTickCount |
sub_40B31E(858c): ADVAPI32.CryptAcquireContextA ADVAPI32.CryptGenRandom ADVAPI32.CryptReleaseContext |
sub_406E6F(85ac): KERNEL32.CloseHandle MSVCRT.memset |
sub_409835(8667): USER32.FindWindowA "mIRC" |
sub_40DE4C(8713): MSVCRT.malloc "FTP wormride thread" |
sub_403E1F(878a): WS2_32.select WS2_32.__WSAFDIsSet |
sub_404FEB(891f): MSVCRT._mbscpy MSVCRT.strlen MSVCRT.malloc KERNEL32.DeleteFileA KERNEL32.CreateFileA USER32.wsprintfA KERNEL32.WriteFile KERNEL32.CloseHandle ".bat" "@echo off\r\n:deleteagain\r\ndel /A:H /F %s"... "open" |
sub_40348C(8bc6): WS2_32.getsockname WS2_32.getnameinfo |
sub_4034DE(8bc6): WS2_32.getpeername WS2_32.getnameinfo |
sub_401985(8bea): MSVCRT.memcpy MSVCRT.free KERNEL32.DeleteFileA MSVCRT.fopen MSVCRT.fclose MSVCRT.clock WS2_32.recv WS2_32.htonl MSVCRT.fwrite MSVCRT.ftell |
sub_40FD22(8d67): MSVCRT.sscanf "yA36zA48dEhfrvghGRg57h5UlDv3" "yA36zA48dEhfrvghGRg57h5UlDv3" |
sub_409522(8e36): KERNEL32.Sleep |
sub_40CAA1(8f23): MSVCRT.memcpy |
sub_403D70(95cd): WS2_32.shutdown KERNEL32.Sleep |
sub_40A5D0(9708): MSVCRT.strlen |
sub_4058B8(9940): MSVCRT.strlen |
sub_40A7C4(9ae7): MSVCRT.memcpy MSVCRT._lrotl |
sub_404E31(9b52): KERNEL32.GetWindowsDirectoryA MSVCRT._mbscat KERNEL32.CreateFileA KERNEL32.GetFileTime KERNEL32.CloseHandle KERNEL32.SetFileTime |
sub_409277(9baa): MSVCRT._mbscpy KERNEL32.GetVersionExA MSVCRT.sprintf "PASS %s" "USER %s %s %s :%s" "UNK" "B" "A" "G" "%c%s%c%c%u%c%u%s%c%c%c" |
sub_40E707(9c33): MSVCRT.memcpy MSVCRT.memset WS2_32.shutdown KERNEL32.Sleep |
sub_40780C(9df7): MSVCRT.malloc MSVCRT._mbscpy MSVCRT.memcpy |
sub_403D92(9fab): WS2_32.closesocket |
sub_40720B(9fab): NTDLL.RtlLeaveCriticalSection |
sub_407200(9fab): NTDLL.RtlEnterCriticalSection |
sub_40765C(a0f6): USER32.wsprintfA MSVCRT.strlen MSVCRT.strcmp KERNEL32.Sleep |
sub_406EA9(a1a0): MSVCRT.atoi MSVCRT._snprintf "*%s*" |
sub_402C11(a581): WS2_32.inet_ntoa WS2_32.gethostbyaddr MSVCRT.strlen WS2_32.WSAGetLastError WS2_32.htons MSVCRT._itoa WS2_32.WSASetLastError MSVCRT._mbscpy |
sub_4110B4(a5b4): MSVCRT.malloc MSVCRT.atoi MSVCRT.memcpy |
sub_403EA9(a7ad): MSVCRT.memcpy MSVCRT.free WS2_32.socket WS2_32.setsockopt MSVCRT.memset MSVCRT.atoi WS2_32.htons WS2_32.inet_addr WS2_32.gethostbyname MSVCRT.sprintf MSVCRT.strlen WS2_32.sendto KERNEL32.Sleep "%u" "%u\r\n" "%u.%u.%u.%u:%u\r\n" "%u\r\n" "%u.%u.%u.%u:%u\r\n" "%u\r\n" "%u.%u.%u.%u:%u\r\n" "%u\r\n" "%u.%u.%u.%u:%u\r\n" |
sub_40C501(a7e9): WS2_32.recv |
sub_406373(a970): "ա̅ː" |
sub_4057ED(a9eb): MSVCRT._itoa MSVCRT.malloc MSVCRT._mbscpy MSVCRT.memcpy |
sub_401B81(aeb7): MSVCRT.memcpy MSVCRT.free MSVCRT.strlen MSVCRT._mbscpy WS2_32.getsockname WS2_32.getnameinfo MSVCRT._itoa MSVCRT.fopen MSVCRT.fseek MSVCRT.ftell WS2_32.inet_addr WS2_32.htonl MSVCRT.clock MSVCRT.fread MSVCRT.fclose "rb" "DCC Send %s (%s)" |
sub_404A33(af3e): MSVCRT.atoi KERNEL32.GetCurrentProcessId KERNEL32.OpenProcess KERNEL32.TerminateProcess KERNEL32.CloseHandle |
sub_40BCBD(afe1): MSVCRT.memcpy "FXNBFXFXNBFXFXFXFX" "\\C$\\123456111111111111111.doc" |
sub_40311D(b09f): MSVCRT._snprintf KERNEL32.MultiByteToWideChar |
sub_405ECC(b0d0): KERNEL32.Sleep |
sub_41094B(b0e3): MSVCRT.malloc "Internet explorer password stealer" |
sub_40FDB3(b137): ADVAPI32.RegOpenKeyExA ADVAPI32.RegQueryValueExA ADVAPI32.RegCloseKey MSVCRT._mbscpy KERNEL32.GetEnvironmentVariableA MSVCRT._mbscat MSVCRT.fopen KERNEL32.GetDriveTypeA MSVCRT.sprintf "SOFTWARE\\Classes\\Applications\\FlashFXP."... "sites.dat" "ProgramFiles" "\\FlashFXP\\sites.dat" "rb" "%sFlashFXP\\sites.dat" |
sub_4056AC(b303): MSVCRT.memcpy MSVCRT.free MSVCRT.malloc MSVCRT._mbscpy |
sub_40EB16(b368): WS2_32.recv MSVCRT.strstr MSVCRT._strnicmp MSVCRT.sscanf "OPTIONS / HTTP/1.0\r\n\r\n" "Server:" "Microsoft-IIS" "Microsoft-IIS/%u.%u" "Apache" |
sub_4091AD(b4b6): MSVCRT._mbscpy "6667" |
sub_404D00(b525): KERNEL32.GetSystemDirectoryA MSVCRT._mbscat MSVCRT._mbscpy KERNEL32.DeleteFileA MSVCRT.fopen MSVCRT.fwrite MSVCRT.fclose |
sub_40544F(b6e7): MSVCRT.memcpy MSVCRT.free WS2_32.recv MSVCRT.strncmp MSVCRT.memset WS2_32.htons MSVCRT._itoa WS2_32.inet_ntoa KERNEL32.Sleep |
sub_401571(b877): KERNEL32.Sleep MSVCRT.clock MSVCRT.sprintf |
sub_406C5D(bab1): MSVCRT.malloc MSVCRT._beginthreadex KERNEL32.CloseHandle MSVCRT.free |
sub_40EA2F(bcb5): MSVCRT.malloc MSVCRT.atoi MSVCRT._itoa |
sub_41113A(bcbe): MSVCRT.fopen MSVCRT.fclose "rb" |
sub_4027CB(c630): MSVCRT.malloc MSVCRT._mbscat |
sub_40DBD7(c65d): MSVCRT.strcmp MSVCRT.sprintf MSVCRT.strlen |
sub_40F9C9(c844): MSVCRT.memcpy MSVCRT.free KERNEL32.Sleep MSVCRT.clock MSVCRT._itoa |
sub_4071D2(c866): MSVCRT.memset KERNEL32.InitializeCriticalSectionAndSpinCount KERNEL32.InitializeCriticalSection |
sub_4072FC(c872): MSVCRT.memcpy MSVCRT.free KERNEL32.LoadLibraryA KERNEL32.GetProcAddress WS2_32.inet_addr WS2_32.gethostbyname MSVCRT.printf WS2_32.gethostbyaddr "ICMP.DLL" "IcmpCreateFile" "IcmpSendEcho" "IcmpCloseHandle" "Could not resolve name" |
sub_402EFD(caf6): MSVCRT.memcpy MSVCRT.free MSVCRT.strlen MSVCRT._mbscpy MSVCRT._mbscat " : USERID : UNIX : " "\r\n" |
sub_402A12(cbb6): WS2_32.WSASetLastError MSVCRT.malloc MSVCRT.memset MSVCRT.atoi WS2_32.htons MSVCRT.memcpy WS2_32.gethostbyname |
sub_40457C(cc3d): MSVCRT.memset MSVCRT.memcpy |
sub_40CDDF(cddc): MSVCRT.malloc MSVCRT.memcpy KERNEL32.WriteFile MSVCRT.free |
sub_403366(cded): WS2_32.socket |
sub_4045B7(d14f): KERNEL32.LoadLibraryA KERNEL32.GetProcAddress "psapi.dll" "EnumProcessModules" "GetModuleFileNameExA" "GetModuleInformation" |
sub_403B44(d523): MSVCRT.memset WS2_32.getaddrinfo WS2_32.socket WS2_32.connect WS2_32.WSAGetLastError WS2_32.freeaddrinfo |
sub_406CB2(d53b): MSVCRT._mbscpy "thread" |
sub_4096CB(d604): MSVCRT.sprintf MSVCRT._mbscat MSVCRT._vsnprintf MSVCRT.strlen "NOTICE %s :" "PRIVMSG %s :" "\r\n" |
sub_4039C6(d6d9): MSVCRT.memcpy |
sub_404639(d775): MSVCRT.malloc MSVCRT.realloc MSVCRT.free MSVCRT.memset MSVCRT._mbscpy KERNEL32.OpenProcess MSVCRT.strncpy MSVCRT.strlen KERNEL32.CloseHandle "system" |
sub_40DE9A(d7ec): MSVCRT.memcpy MSVCRT.free WS2_32.socket MSVCRT.memset WS2_32.htons WS2_32.inet_addr WS2_32.setsockopt WS2_32.bind MSVCRT.fopen MSVCRT.fseek MSVCRT.ftell WS2_32.select WS2_32.recvfrom MSVCRT.strlen MSVCRT.strncmp MSVCRT.fread WS2_32.sendto WS2_32.inet_ntoa MSVCRT.fclose WS2_32.closesocket "rb" "octet" "wormride" |
sub_40346D(d87b): WS2_32.ioctlsocket |
sub_40392A(d94c): MSVCRT.free |
sub_402230(d9a0): MSVCRT.memcpy MSVCRT.free MSVCRT._mbscpy MSVCRT._strnicmp KERNEL32.CopyFileA NTDLL.RtlGetLastWin32Error MSVCRT.strlen MSVCRT.strstr MSVCRT.clock KERNEL32.DeleteFileA "http://" "80" "ftp://" "21" "anonymous" "tftp://" "69" ":" "/" "open" |
sub_4070AF(dbf2): MSVCRT.memcpy MSVCRT.free KERNEL32.Sleep |
sub_405C9C(dea4): MSVCRT.sprintf |
sub_40324A(e072): MSVCRT.strncmp |
sub_4035CE(e0c9): WS2_32.getaddrinfo WS2_32.getnameinfo MSVCRT._mbscpy WS2_32.freeaddrinfo |
sub_40F461(e10a): MSVCRT.memcpy MSVCRT.free MSVCRT.malloc |
sub_4058EE(e1c2): MSVCRT.memset MSVCRT._mbscpy |
sub_405D8C(e39f): MSVCRT._mbscpy MSVCRT.sprintf |
sub_40756C(e5a3): MSVCRT.malloc MSVCRT.memcpy MSVCRT._mbscpy MSVCRT.atoi KERNEL32.CreateThread MSVCRT.free KERNEL32.CloseHandle |
sub_403229(e5e3): MSVCRT._itoa |
sub_405BDF(e720): MSVCRT._itoa MSVCRT.atoi MSVCRT._mbscpy |
sub_406B98(e967): MSVCRT.malloc |
sub_4030A7(e9b9): MSVCRT.malloc |
sub_40E64D(eb14): MSVCRT.memcpy |
sub_40677A(ebd6): MSVCRT.malloc |
sub_40F7FD(ebd6): MSVCRT.malloc "Listing exploit statistics" |
sub_4062CF(ebd6): MSVCRT.malloc |
sub_4101AE(ebd6): MSVCRT.malloc "FlashFXP password stealer" |
sub_410B3B(ebd6): MSVCRT.malloc "Listing interesting processes" |
sub_406A08(ebd6): MSVCRT.malloc "Driveinfo thread" |
sub_40E951(efbe): MSVCRT.memcpy MSVCRT.free MSVCRT._mbscpy |
sub_40E6A0(f061): MSVCRT._mbscpy "unknown" |
sub_4095E7(f124): MSVCRT.sprintf MSVCRT._vsnprintf MSVCRT._mbscat MSVCRT.strlen "NOTICE %s :" "\r\n" |
sub_409659(f124): MSVCRT.sprintf MSVCRT._vsnprintf MSVCRT._mbscat MSVCRT.strlen "PRIVMSG %s :" "\r\n" |
sub_403B2F(f208): MSVCRT.free |
sub_40BE68(f3e7): WS2_32.recv MSVCRT.memcpy MSVCRT.memset |
sub_4050D1(f5d2): KERNEL32.GetModuleHandleA KERNEL32.GetModuleFileNameA KERNEL32.GetSystemDirectoryA MSVCRT._mbscat MSVCRT._strcmpi KERNEL32.DeleteFileA KERNEL32.CopyFileA KERNEL32.SetFileAttributesA MSVCRT.memset KERNEL32.CreateProcessA WS2_32.WSACleanup MSVCRT.exit "Windows DLL Loader" |
sub_4101E6(f9b7): MSVCRT.memcpy MSVCRT.free USER32.wsprintfA MSVCRT.strlen KERNEL32.lstrcpy KERNEL32.lstrcmp MSVCRT.strstr KERNEL32.Sleep USER32.IsCharAlphaNumericA KERNEL32.lstrlen KERNEL32.lstrcpyn MSVCRT.memset "%x" "%ws" "220d5cc1" "5e7e8100" ":" "b9819c52" "e161255a" "StringIndex" |
sub_40F2C2(fa96): MSVCRT.atoi MSVCRT._mbscpy MSVCRT._strcmpi MSVCRT.malloc MSVCRT.memcpy |
sub_4079AC(fc09): MSVCRT.strlen MSVCRT.tolower "abcdef" |
sub_4011C4(fee6): MSVCRT.memcpy MSVCRT.free MSVCRT.malloc KERNEL32.GetCurrentProcessId KERNEL32.GetModuleHandleA KERNEL32.GetModuleFileNameA MSVCRT._strcmpi KERNEL32.OpenProcess KERNEL32.ReadProcessMemory KERNEL32.Sleep KERNEL32.TerminateProcess KERNEL32.CloseHandle |