sub_outside():
KERNEL32.GetSystemDirectoryA
WS2_32.inet_ntoa
KERNEL32.CreateFileA
KERNEL32.WriteFile
KERNEL32.GetTickCount
NTDLL.RtlGetLastWin32Error
KERNEL32.CloseHandle
NTDLL.RtlFreeHeap
KERNEL32.GetProcessHeap
NTDLL.RtlAllocateHeap
KERNEL32.GetVersionExA
KERNEL32.GetModuleHandleA
KERNEL32.GetCPInfo
KERNEL32.ExitProcess
KERNEL32.LoadLibraryA
KERNEL32.GetProcAddress
|
sub_404954(004a):
KERNEL32.GetSystemDirectoryA
KERNEL32.GetModuleHandleA
KERNEL32.GetModuleFileNameA
KERNEL32.GetVersionExA
WS2_32.WSAStartup
WS2_32.WSACleanup
"MessageBoxA"
"user32.dll"
"--fu "
"%s\\%s"
"%s %s%s"
"%s"
"RM"
|
sub_41A36B(0130):
KERNEL32.GetCPInfo
KERNEL32.MultiByteToWideChar
KERNEL32.WideCharToMultiByte
|
sub_404614(0505):
" "
"-s"
"/s"
|
sub_41917B(0635):
NTDLL.RtlGetLastWin32Error
|
sub_41B49B(08d2):
KERNEL32.CreateFileA
"CONOUT$"
|
sub_410344(08e4):
NTDLL.RtlAllocateHeap
NTDLL.RtlFreeHeap
|
sub_40F747(090a):
KERNEL32.GetModuleHandleA
KERNEL32.GetProcessHeap
KERNEL32.InterlockedIncrement
"KERNEL32.DLL"
|
sub_402592(0947):
KERNEL32.GetModuleHandleA
KERNEL32.GetModuleFileNameA
KERNEL32.GetSystemDirectoryA
"@echo off\r\n:1\r\ndel \"%s\"\r\nif exist \"%s\" "...
"%s\\tmp-%i%i%i-%c%c%c.bat"
"w"
"%s"
|
sub_41A617(0c06):
KERNEL32.GetProcessHeap
NTDLL.RtlAllocateHeap
NTDLL.RtlFreeHeap
NTDLL.RtlGetLastWin32Error
|
sub_4091D2(0c3d):
"ncacn_ip_tcp"
"50abc2a4-574d-40b3-9d66-ee4fd5fba076"
"["
"]"
|
sub_408DE0(0d57):
ADVAPI32.RegCloseKey
"HARDWARE\\DESCRIPTION\\System\\CentralProc"...
"~MHz"
"ProcessorNameString"
"%s"
"%s%c"
"Unknown"
"HARDWARE\\DESCRIPTION\\System\\CentralProc"...
|
sub_403186(11a6):
WS2_32.recv
WS2_32.send
KERNEL32.CreateFileA
WS2_32.getpeername
WS2_32.gethostbyaddr
WS2_32.closesocket
"GET"
"Que?"
"HTTP/1.1 501 Not Implemented\r\nContent-L"...
"%s\\%s\\%s"
"%s\\%s\\%s%s"
"%s\\%s"
"Que?"
"HTTP/1.1 200 ok\r\nContent-Length: %d\r\nCo"...
"²²ÉÇÉ"
"HTTP: Transfer: %d.%d.%d.%d (N/A). %d T"...
"HTTP: Transfer: %d.%d.%d.%d (%s). %d To"...
|
sub_419654(1716):
KERNEL32.MultiByteToWideChar
"USER32.DLL"
"MessageBoxA"
"GetActiveWindow"
"GetLastActivePopup"
"GetUserObjectInformationA"
"GetProcessWindowStation"
|
sub_402966(1946):
KERNEL32.GetVersionExA
"VIS"
"2K3"
"XP"
"2K"
"ME"
"98"
"NT"
"95"
"UNK"
"[OS: Microsoft Windows %s %s (%i.%i bui"...
"%s"
|
sub_40EF9F(1b24):
KERNEL32.GetCPInfo
|
sub_40D222(1c1d):
KERNEL32.SetUnhandledExceptionFilter
KERNEL32.GetCurrentProcess
|
sub_403BD5(1da2):
WS2_32.recv
WS2_32.closesocket
"\r\n"
"%s"
|
sub_417893(240f):
KERNEL32.WideCharToMultiByte
NTDLL.RtlGetLastWin32Error
|
sub_40FFBD(2585):
NTDLL.RtlAllocateHeap
|
sub_41819F(2989):
KERNEL32.CreateFileA
NTDLL.RtlGetLastWin32Error
KERNEL32.GetFileType
KERNEL32.CloseHandle
|
sub_40CA3B(2daa):
NTDLL.RtlSizeHeap
|
sub_411FD1(3150):
KERNEL32.GetModuleHandleA
"mscoree.dll"
"CorExitProcess"
|
sub_418FBA(34be):
NTDLL.RtlLeaveCriticalSection
|
sub_4194E9(364e):
KERNEL32.MultiByteToWideChar
|
sub_40140A(3672):
ADVAPI32.RegCloseKey
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
|
sub_401871(3770):
KERNEL32.CloseHandle
|
sub_401800(3770):
KERNEL32.CloseHandle
|
sub_41407D(3aac):
NTDLL.RtlGetLastWin32Error
KERNEL32.MultiByteToWideChar
|
sub_475EA9(3f76):
USER32.MessageBoxA
KERNEL32.ExitProcess
|
sub_4028E8(42b3):
WS2_32.getsockname
"%d.%d.%d.%d"
|
sub_41B440(4634):
KERNEL32.GetModuleHandleA
"KERNEL32"
"IsProcessorFeaturePresent"
|
sub_41AAC4(4658):
"e+000"
|
sub_403655(478a):
"\r\n"
" "
"\r\n\r\n"
|
sub_4165FC(4d78):
KERNEL32.GetStringTypeW
NTDLL.RtlGetLastWin32Error
KERNEL32.MultiByteToWideChar
|
sub_4124B1(4f5e):
NTDLL.RtlLeaveCriticalSection
|
sub_41245F(4f5e):
NTDLL.RtlEnterCriticalSection
|
sub_409EBD(5358):
KERNEL32.CloseHandle
"http://%s:%d/%s"
|
sub_404E45(5558):
KERNEL32.GetSystemDirectoryA
"%s\\%s"
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
|
sub_40F442(5886):
KERNEL32.InterlockedIncrement
|
sub_41494F(58d9):
"pow"
"exp"
"exp"
"log10"
"log10"
"log"
"log"
"pow"
"pow"
"exp10"
|
sub_403805(59a3):
"ßØÒÚ"
"%s %s\r\n"
|
sub_40FDAA(5be9):
KERNEL32.GetProcessHeap
|
sub_40A186(62e3):
WS2_32.htons
WS2_32.socket
WS2_32.connect
WS2_32.closesocket
WS2_32.send
|
sub_408ADE(64a5):
WININET.InternetOpenA
WININET.InternetOpenUrlA
KERNEL32.CreateFileA
KERNEL32.GetTickCount
WININET.InternetReadFile
KERNEL32.WriteFile
KERNEL32.CloseHandle
KERNEL32.GetCurrentThreadId
"Mozilla/5.0"
"DL: Downloading %s to %s"
"DL: Download %s (%i Bytes) finished in "...
"Main: Uninstalling Drone"
"DL: Failed; Bad Location."
"DL: Failed To Update"
"DL: Error Executing File."
"DL: Executed File: %s"
"DL: Failed; Bad URL"
"DL: Failed; WinINET Error"
|
sub_41A7CB(65eb):
NTDLL.RtlGetLastWin32Error
|
sub_418FDC(68c8):
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
|
sub_402B71(69dd):
"192*"
"10.*"
"111.*"
"15.*"
"16.*"
"101*"
"110*"
"112*"
"11.*"
"172*"
|
sub_4124D4(6a78):
"ccs="
"UTF-8"
"UTF-16LE"
"UNICODE"
|
sub_4084E5(6c31):
"list too long"
|
sub_401E7B(6c31):
"list too long"
|
sub_40EF25(705a):
KERNEL32.GetACP
|
sub_41A54C(71e5):
NTDLL.RtlGetLastWin32Error
KERNEL32.WideCharToMultiByte
|
sub_416DD4(7249):
KERNEL32.GetModuleHandleA
KERNEL32.MultiByteToWideChar
NTDLL.RtlRestoreLastWin32Error
"kernel32.dll"
"InitializeCriticalSectionAndSpinCount"
|
sub_403EAD(748c):
"%s"
" :"
" "
"ÁØßÖ"
"ÚØÒÚ"
"ÁÃØÇÜÂÖ"
"ÁÞßÖ"
"%s %s\r\n"
"²²ÉÇÉ"
"ÛÞØß"
"%s %s %s\r\n"
"001"
"ÛÞØß"
"ÜÞÕÔ"
"²²ÉÇÉ"
"%s %s %s\r\n%s %s %s\r\n"
"332"
" :"
"%s"
"!"
"332"
";"
|
sub_401000(76c4):
KERNEL32.GetCurrentProcessId
KERNEL32.GetModuleHandleA
NTDLL.RtlGetLastWin32Error
KERNEL32.CloseHandle
KERNEL32.GetCurrentThreadId
"OpenThread"
"kernel32.dll"
"OpenProcess"
"CreateToolhelp32Snapshot"
"Process32First"
"Module32Next"
"Thread32Next"
"ReadProcessMemory"
"GetModuleFileNameExA"
"psapi.dll"
"SeDebugPrivilege"
"SeDebugPrivilege"
"System"
"²²ÉÇÉ"
"Bot Killed: %s"
|
sub_40EB6F(7a5e):
KERNEL32.SetUnhandledExceptionFilter
KERNEL32.GetCurrentProcess
|
sub_40AF97(7f6b):
"invalid string position"
|
sub_402AF2(824c):
KERNEL32.QueryPerformanceCounter
|
sub_416F7E(83d5):
NTDLL.RtlGetLastWin32Error
|
sub_401B47(851b):
KERNEL32.GetCurrentProcess
KERNEL32.VirtualAllocEx
KERNEL32.VirtualProtectEx
KERNEL32.CloseHandle
KERNEL32.VirtualFreeEx
|
sub_40ECF7(87b5):
KERNEL32.GetCPInfo
|
sub_40A913(8861):
WS2_32.socket
WS2_32.htons
WS2_32.ioctlsocket
WS2_32.connect
WS2_32.select
WS2_32.closesocket
|
sub_4085A6(8bf7):
"C:\\zzzz.exe"
|
sub_4026EE(8f8b):
"RM"
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
"QUIT :%s YOU KILLED ME :< --UPDATED\r\n"
|
sub_40158F(900b):
ADVAPI32.RegCloseKey
"SYSTEM\\ControlSet001\\Services\\Eventlog\\"...
"%s\\%s"
"EventMessageFile"
|
sub_40F4C8(9237):
KERNEL32.InterlockedDecrement
|
sub_4051EF(9909):
ADVAPI32.RegCloseKey
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
|
sub_40A9C4(9a73):
"%d.%d.%d.%d"
"%s"
"%s"
"%s"
"%s"
|
sub_40518A(9e8f):
ADVAPI32.RegCloseKey
|
sub_4019FC(a203):
KERNEL32.GetTickCount
KERNEL32.CloseHandle
NTDLL.RtlGetLastWin32Error
|
sub_40301F(a2bf):
WS2_32.accept
|
sub_403E22(a60e):
WS2_32.send
|
sub_402DAA(a74d):
"%s"
"%s%X"
|
sub_41711A(a83e):
KERNEL32.WideCharToMultiByte
KERNEL32.WriteFile
NTDLL.RtlGetLastWin32Error
|
sub_40F9B7(a9bf):
KERNEL32.GetModuleHandleA
KERNEL32.TlsGetValue
KERNEL32.TlsAlloc
KERNEL32.TlsSetValue
KERNEL32.GetCurrentThreadId
"KERNEL32.DLL"
"FlsGetValue"
"FlsSetValue"
"FlsFree"
|
sub_40DC83(ad53):
NTDLL.RtlAllocateHeap
|
sub_415445(add8):
KERNEL32.SetUnhandledExceptionFilter
|
sub_41510F(b143):
KERNEL32.GetModuleFileNameA
"C:\\m_unpacker\\packed.exe"
|
sub_403879(b21a):
WS2_32.socket
WS2_32.closesocket
WS2_32.gethostbyname
WS2_32.htons
WS2_32.connect
"ÁÐÂÂ"
"%s %s\r\n"
"%s-%s"
"ßØÒÚ"
"ÄÂÔÃ"
"%s %s\r\n%s %s 0 0 :%s\r\n"
|
sub_415466(b21e):
KERNEL32.SetUnhandledExceptionFilter
|
sub_40306A(c0d5):
KERNEL32.GetSystemDirectoryA
WS2_32.socket
WS2_32.closesocket
WS2_32.htons
WS2_32.bind
WS2_32.WSAAsyncSelect
WS2_32.listen
"%s\\%s"
|
sub_40FED7(c36e):
NTDLL.RtlEnterCriticalSection
|
sub_415345(c391):
KERNEL32.GetCurrentProcessId
KERNEL32.GetCurrentThreadId
KERNEL32.GetTickCount
KERNEL32.QueryPerformanceCounter
|
sub_401AD1(c47f):
"lVrYcaDShccnkEfF"
"lVrYcaDShccnkEfF"
"%s%c"
|
sub_402F48(c642):
NTDLL.RtlGetLastWin32Error
KERNEL32.GetTickCount
" "
|
sub_40FDFF(c70d):
NTDLL.RtlLeaveCriticalSection
|
sub_412AB4(ca1e):
KERNEL32.GetFileType
KERNEL32.GetStdHandle
KERNEL32.LockResource
|
sub_40819D(ca6e):
WS2_32.socket
WS2_32.setsockopt
WS2_32.htons
WS2_32.bind
WS2_32.closesocket
WS2_32.select
WS2_32.recvfrom
|
sub_4022A6(cd19):
WS2_32.socket
WS2_32.htons
WS2_32.inet_addr
WS2_32.connect
WS2_32.send
WS2_32.recv
WS2_32.closesocket
"NT LAN Manager *.*"
"Windows 2000 LAN Manager*"
"Windows 5.0"
"Windows 5.1"
"Windows Server 2003 *"
|
sub_413D84(cd6e):
KERNEL32.GetModuleFileNameA
KERNEL32.GetStdHandle
KERNEL32.WriteFile
"Runtime Error!\n\nProgram: "
""
"..."
"\n\n"
"Microsoft Visual C++ Runtime Library"
|
sub_4151C8(ced3):
KERNEL32.GetEnvironmentStringsW
NTDLL.RtlGetLastWin32Error
KERNEL32.WideCharToMultiByte
KERNEL32.FreeEnvironmentStringsW
|
sub_40EE81(d02f):
KERNEL32.InterlockedDecrement
KERNEL32.InterlockedIncrement
|
sub_417B62(d327):
NTDLL.RtlAllocateHeap
|
sub_412430(d432):
NTDLL.RtlEnterCriticalSection
|
sub_412482(d432):
NTDLL.RtlLeaveCriticalSection
|
sub_416217(d5b0):
KERNEL32.LCMapStringW
NTDLL.RtlGetLastWin32Error
KERNEL32.MultiByteToWideChar
KERNEL32.WideCharToMultiByte
|
sub_40479C(d71b):
KERNEL32.GetTickCount
"qwertyuiopasdfghjklzxcvbnmQWERTYUIOPLKJ"...
"["
"%s%s|"
"%sP|"
"%s0%I64u|"
"%s%I64u|"
"%s%c"
"%s]"
|
sub_40F14A(d858):
KERNEL32.InterlockedDecrement
KERNEL32.InterlockedIncrement
|
sub_407F20(dd03):
KERNEL32.GetModuleHandleA
KERNEL32.GetModuleFileNameA
|
sub_4036E9(df11):
"%x"
|
sub_418F1A(e051):
NTDLL.RtlEnterCriticalSection
|
sub_40F896(e07f):
KERNEL32.InterlockedDecrement
|
sub_41B4BA(e22c):
KERNEL32.CloseHandle
|
sub_403D0C(e37d):
WS2_32.send
"ÁÃØÇÜÂÖ"
"%s %s %s\r\n"
|
sub_417C80(e37e):
NTDLL.RtlAllocateHeap
|
sub_41CB21(e396):
"1#SNAN"
"1#IND"
"1#INF"
"1#QNAN"
|
sub_40F608(e3a2):
KERNEL32.TlsGetValue
KERNEL32.GetModuleHandleA
"KERNEL32.DLL"
|
sub_40F674(e3a2):
KERNEL32.TlsGetValue
KERNEL32.GetModuleHandleA
"KERNEL32.DLL"
|
sub_401970(e436):
NTDLL.RtlGetLastWin32Error
|
sub_40FF63(e479):
KERNEL32.HeapCreate
|
sub_412776(e48e):
NTDLL.RtlEnterCriticalSection
|
sub_401771(e5e3):
KERNEL32.CloseHandle
|
sub_40F6E0(e671):
KERNEL32.TlsGetValue
KERNEL32.TlsSetValue
|
sub_404FAC(e673):
KERNEL32.GetSystemDirectoryA
"%s\\%s"
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
|
sub_41A231(e6d5):
KERNEL32.SetUnhandledExceptionFilter
|
sub_40A812(ee43):
"Statistics: Exploits:"
"%s %s: %d"
"%s; Daemons:"
"%s TFTP: %d"
"%s HTTP: %d"
"%s"
|
sub_40F6D7(ef17):
KERNEL32.TlsAlloc
|
sub_40F7FB(efa1):
NTDLL.RtlGetLastWin32Error
KERNEL32.TlsGetValue
KERNEL32.GetCurrentThreadId
NTDLL.RtlRestoreLastWin32Error
|
sub_405136(f3a8):
ADVAPI32.RegCloseKey
ADVAPI32.RegDeleteValueA
|
sub_405257(f44a):
KERNEL32.WriteFile
|
sub_407FA4(f6f0):
WS2_32.socket
WS2_32.htons
WS2_32.sendto
WS2_32.recvfrom
WS2_32.inet_ntoa
WS2_32.closesocket
"²²ÉÇÉ"
"TFTP: Send Complete To %s. %d Total Sen"...
|
sub_410030(f7b2):
KERNEL32.TlsSetValue
NTDLL.RtlFreeHeap
|
sub_412D21(fb55):
KERNEL32.CloseHandle
NTDLL.RtlGetLastWin32Error
|
sub_40936F(fdf1):
WS2_32.inet_ntoa
WS2_32.htons
WS2_32.socket
WS2_32.connect
WS2_32.send
WS2_32.recv
WS2_32.closesocket
"http://%s:%d/%s"
"\\)\\L\\á\\w"
"\\8\\\a\\Ò\\w"
|