sub_outside(): KERNEL32.GetModuleHandleA KERNEL32.DeleteFileA NTDLL.RtlGetLastWin32Error KERNEL32.ExitProcess |
sub_31002B40(09ff): MSVCRT.memset KERNEL32.CreateProcessA KERNEL32.CloseHandle |
sub_3100347E(12a2): ADVAPI32.RegCreateKeyExA ADVAPI32.RegSetValueExA ADVAPI32.RegCloseKey |
sub_31002AEF(1a20): KERNEL32.CreateThread KERNEL32.CloseHandle |
sub_31003589(1eff): "Windows Security Manager" "Disk Defragmenter" "System Restore Service" "Bot Loader" "WinUpdate" "Windows Update Service" "avserve.exe" "avserve2.exeUpdate Service" "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"... |
sub_310033F0(2057): ADVAPI32.RegOpenKeyExA ADVAPI32.RegDeleteValueA ADVAPI32.RegCloseKey |
sub_31002AD5(336c): KERNEL32.CreateThread |
sub_310037D2(3cd5): KERNEL32.VirtualAlloc |
sub_3100314A(436f): MSVCRT.rand KERNEL32.Sleep |
sub_31002FC0(4795): MSVCRT.strlen |
sub_31001BB8(4891): KERNEL32.LoadLibraryA KERNEL32.GetProcAddress KERNEL32.GetCurrentProcess "advapi32" "OpenProcessToken" "LookupPrivilegeValueA" "AdjustTokenPrivileges" "SeDebugPrivilege" |
sub_31001D4B(48f8): MSVCRT.strchr "ABCDEFGHIJKLMNOPQRSTUVWXYZ" "abcdefghijklmnopqrstuvwxyz" |
sub_31002B96(518e): WS2_32.inet_addr WS2_32.gethostbyname |
sub_31002C8E(52a4): KERNEL32.CreateFileA KERNEL32.ExitThread KERNEL32.GetFileSize KERNEL32.ReadFile KERNEL32.CloseHandle WS2_32.socket MSVCRT.memset MSVCRT.rand WS2_32.htons WS2_32.bind WS2_32.listen WS2_32.accept "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"... |
sub_31002663(531a): WININET.InternetOpenA KERNEL32.GetSystemDirectoryA KERNEL32.lstrcat KERNEL32.lstrlen KERNEL32.CreateFileA WININET.InternetOpenUrlA KERNEL32.CloseHandle WININET.InternetReadFile KERNEL32.WriteFile "Mozilla/4.0 (compatible; MSIE 6.0; Wind"... "\\" ".exe" |
sub_31003630(6099): KERNEL32.DeleteFileA KERNEL32.GetSystemDirectoryA MSVCRT.rand KERNEL32.lstrcat KERNEL32.CopyFileA KERNEL32.lstrlen KERNEL32.CloseHandle KERNEL32.WinExec KERNEL32.Sleep KERNEL32.ExitProcess ".exe" "\\" "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"... |
sub_3100238E(6253): KERNEL32.lstrlen USER32.wsprintfA KERNEL32.Sleep WS2_32.send "PRIVMSG %s %s\r\n" |
sub_31002C40(649d): WS2_32.send KERNEL32.Sleep KERNEL32.InterlockedIncrement WS2_32.shutdown WS2_32.closesocket KERNEL32.ExitThread |
sub_31003425(75ba): ADVAPI32.RegOpenKeyExA ADVAPI32.RegQueryValueExA ADVAPI32.RegCloseKey |
sub_310031AE(7a74): MSVCRT.rand KERNEL32.InterlockedIncrement KERNEL32.Sleep |
sub_31002217(7aa2): MSVCRT.rand USER32.wsprintfA KERNEL32.lstrlen WS2_32.send WS2_32.closesocket "QUIT %s\r\n" |
sub_310014E6(7ddc): KERNEL32.SetEvent WS2_32.recv WS2_32.closesocket KERNEL32.ExitThread |
sub_31001C40(7e12): KERNEL32.GetModuleHandleA KERNEL32.GetProcAddress USER32.FindWindowA USER32.GetForegroundWindow USER32.GetWindowThreadProcessId KERNEL32.OpenProcess KERNEL32.WriteProcessMemory KERNEL32.CloseHandle "kernel32" "VirtualAllocEx" "CreateRemoteThread" "uterm12" |
sub_31001361(81ab): KERNEL32.GetSystemDirectoryA KERNEL32.SetCurrentDirectoryA KERNEL32.lstrcpyn KERNEL32.CreateFileA WS2_32.send WS2_32.recv KERNEL32.WriteFile KERNEL32.CloseHandle |
sub_31002C10(81da): WININET.InternetGetConnectedState |
sub_31002E68(82c5): KERNEL32.WaitForSingleObject |
sub_31001248(8398): KERNEL32.GetSystemTime KERNEL32.SystemTimeToFileTime WS2_32.recv MSVCRT.memcpy ADVAPI32.CryptCreateHash ADVAPI32.CryptHashData ADVAPI32.CryptVerifySignatureA NTDLL.RtlGetLastWin32Error ADVAPI32.CryptDestroyHash MSVCRT.rand WS2_32.send |
sub_310034D1(87a6): KERNEL32.lstrlen KERNEL32.CreateToolhelp32Snapshot MSVCRT.memset KERNEL32.Process32First MSVCRT.strstr KERNEL32.OpenProcess KERNEL32.TerminateProcess KERNEL32.Process32Next |
sub_31002C26(917c): KERNEL32.OpenEventA KERNEL32.SetEvent |
sub_3100122D(9445): ADVAPI32.CryptDestroyKey ADVAPI32.CryptReleaseContext |
sub_3100277D(97b3): MSVCRT.strstr KERNEL32.GetTickCount USER32.wsprintfA KERNEL32.lstrlen MSVCRT.strchr KERNEL32.lstrcmp KERNEL32.lstrcpy MSVCRT.atoi MSVCRT.rand KERNEL32.lstrcat "-1,%d" "e" "|" "i" "%d,%d,12%s,%d" "q" "JOIN" |
sub_310032FD(99bb): KERNEL32.Sleep WININET.InternetGetConnectedState WS2_32.htons MSVCRT.memcpy |
sub_310037E6(a71a): KERNEL32.VirtualFree |
sub_31002AC6(a71a): KERNEL32.CreateMutexA |
sub_31001651(abb0): WS2_32.socket WS2_32.inet_ntoa KERNEL32.lstrcpyn USER32.wsprintfA MSVCRT.memcpy MSVCRT.strlen MSVCRT.memset WS2_32.htons WS2_32.connect KERNEL32.Sleep WS2_32.send WS2_32.recv KERNEL32.lstrlen WS2_32.shutdown WS2_32.closesocket |
sub_31002BD1(b95f): WS2_32.gethostname WS2_32.WSAGetLastError WS2_32.gethostbyname |
sub_31002A98(bc62): KERNEL32.GetTickCount MSVCRT.srand |
sub_31001E4A(bca3): KERNEL32.lstrcpyn |
sub_31002463(beb3): MSVCRT.rand KERNEL32.lstrcat KERNEL32.Sleep KERNEL32.lstrlen KERNEL32.lstrcpy "_" "12" "#taty" |
sub_310020C2(bf8d): MSVCRT.strstr KERNEL32.lstrlen KERNEL32.lstrcpyn USER32.wsprintfA WS2_32.send "PING" "PONG%s\r\n" |
sub_31002E7C(bf8f): KERNEL32.CreateEventA KERNEL32.LoadLibraryA KERNEL32.Sleep ADVAPI32.AbortSystemShutdownA "u12x" "u10x" "u11x" "u8" "u9" "u10" "u11" "ws2_32" "wininet" "msvcrt" "advapi32" "user32" "uterm12" |
sub_310036FC(c316): KERNEL32.GetModuleFileNameA KERNEL32.lstrcmpi "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"... "1" "Client" "Software\\Microsoft\\Wireless" "Client" "Software\\Microsoft\\Wireless" |
sub_310011D9(d285): ADVAPI32.CryptAcquireContextA ADVAPI32.CryptImportKey |
sub_31002145(d435): USER32.wsprintfA KERNEL32.Sleep KERNEL32.lstrlen WS2_32.send WS2_32.recv MSVCRT.strstr KERNEL32.lstrcpyn "JOIN %s\r\n" "451" "PING" |
sub_31001E80(e24b): WS2_32.socket WS2_32.htons WS2_32.connect WS2_32.recv USER32.wsprintfA KERNEL32.Sleep KERNEL32.lstrlen WS2_32.send MSVCRT.strstr WS2_32.closesocket "PASS %s\r\n" "NICK %s\r\n" "already" "NICK %s\r\n" "USER %s 8 * :%s\r\n" |
sub_31001582(e562): WS2_32.socket MSVCRT.memset WS2_32.htons WS2_32.bind WS2_32.listen WS2_32.accept KERNEL32.CreateEventA KERNEL32.CreateThread KERNEL32.CloseHandle KERNEL32.WaitForSingleObject |
sub_31002B10(e56c): MSVCRT.rand |
sub_31002405(e63f): KERNEL32.GetSystemTime MSVCRT.srand MSVCRT.rand |
sub_31002DD2(e965): WS2_32.WSAStartup |
sub_31003236(ed82): MSVCRT.rand KERNEL32.InterlockedIncrement KERNEL32.Sleep KERNEL32.ExitThread |
sub_31002280(f228): KERNEL32.GetTickCount WS2_32.select KERNEL32.ExitThread WS2_32.recv KERNEL32.Sleep WS2_32.closesocket |
sub_310011C0(fa42): KERNEL32.lstrcpy "cont" |
sub_31002FF1(fda7): MSVCRT.rand MSVCRT._mbscpy WS2_32.socket WS2_32.htonl WS2_32.htons WS2_32.bind WS2_32.listen WS2_32.accept KERNEL32.Sleep WS2_32.recv WS2_32.closesocket MSVCRT._mbscat MSVCRT.strlen WS2_32.send " : USERID : UNIX : " "\r\n" |