sub_outside():
KERNEL32.WaitForSingleObject
KERNEL32.ReleaseMutex
KERNEL32.CloseHandle
WS2_32.WSAWaitForMultipleEvents
KERNEL32.Sleep
KERNEL32.GetTickCount
USER32.GetForegroundWindow
KERNEL32.GetFileAttributesA
USER32.GetAsyncKeyState
USER32.GetWindowTextA
KERNEL32.GetFileSize
KERNEL32.ReadFile
ADVAPI32.RegQueryValueExA
WS2_32.inet_ntoa
ADVAPI32.RegSetValueExA
KERNEL32.GetTempPathA
KERNEL32.GetTempFileNameA
WS2_32.inet_addr
USER32.PostThreadMessageA
USER32.PeekMessageA
KERNEL32.ResetEvent
WS2_32.WSAGetLastError
WS2_32.shutdown
KERNEL32.SetEndOfFile
KERNEL32.LocalFree
NTDLL.RtlDeleteCriticalSection
NTDLL.RtlFreeHeap
KERNEL32.GetVersionExA
KERNEL32.GetModuleHandleA
KERNEL32.GetCommandLineA
KERNEL32.GetStartupInfoA
KERNEL32.ExitProcess
NTDLL.RtlReAllocateHeap
KERNEL32.LoadLibraryA
KERNEL32.GetProcAddress
KERNEL32.VirtualProtect
|
sub_42392D(0126):
KERNEL32.SetUnhandledExceptionFilter
|
sub_414BF7(0126):
WS2_32.WSAResetEvent
|
sub_41BBA7(0243):
KERNEL32.GetVersionExA
|
sub_416362(02ae):
USER32.GetClassNameA
USER32.SendMessageA
"Ate32Class"
|
sub_404B8D(03d7):
"SOFTWARE\\GNU"
"skst"
"skvr"
"skpt"
"skus"
"skps"
|
sub_40F8F8(0590):
"HTTPEXEC"
"NONE"
|
sub_42391A(088b):
KERNEL32.SetUnhandledExceptionFilter
|
sub_40F990(0a54):
"SetExploit"
|
sub_40ED01(0a54):
"TCPTunnel"
|
sub_40EED1(0a54):
"GetVersion"
|
sub_40FC2C(0a54):
"Flood"
|
sub_40E0A0(0a54):
"asn1smbnt"
|
sub_40FE1E(0a54):
"Clear"
|
sub_40F40A(0a54):
"New"
|
sub_40F1E3(0a54):
"Execute"
|
sub_40E084(0a54):
"asn1smb"
|
sub_40F059(0a54):
"Send"
|
sub_40F3CE(0a54):
"QuitAll"
|
sub_40FCAB(0a54):
"Set"
|
sub_40FD17(0a54):
"Get"
|
sub_40EDF5(0a54):
"GetUUID"
|
sub_40F38E(0a54):
"NotifyAll"
|
sub_40F5F5(0a54):
"SendIM"
|
sub_40EE26(0a54):
"GetUptime"
|
sub_40EE5F(0a54):
"GetIP"
|
sub_40F0D0(0a54):
"Search"
|
sub_40F4E3(0a54):
"Spread"
|
sub_40F8B1(0a54):
"Pause"
|
sub_40F327(0a54):
"HostChildImage"
|
sub_40EF4C(0a54):
"GetMode"
|
sub_40EC1D(0a54):
"MessageBox"
|
sub_40F024(0a54):
"Links"
|
sub_40EFEF(0a54):
"Controls"
|
sub_40F55F(0a54):
"SendIM"
|
sub_40FAB5(0a54):
"Current"
|
sub_40F794(0a54):
"OpenPort"
|
sub_40F8DF(0a54):
"SetPayload"
|
sub_40F19D(0a54):
"Download"
|
sub_40F2DD(0a54):
"SpeedTest"
|
sub_40F9E7(0a54):
"Add"
|
sub_40FB15(0a54):
"AbortAll"
|
sub_40E063(0a54):
"lsass"
|
sub_40ECA6(0a54):
"Rand"
|
sub_40F261(0a54):
"Visit"
|
sub_40FB41(0a54):
"Flood"
|
sub_40F648(0a54):
"Spam"
|
sub_40EFBA(0a54):
"Clients"
|
sub_40F5B2(0a54):
"Spam"
|
sub_40FA88(0a54):
"Clear"
|
sub_40ED70(0a54):
"GetIdleTime"
|
sub_40F820(0a54):
"Start"
|
sub_40F222(0a54):
"Update"
|
sub_40EF81(0a54):
"GetLinkedIP"
|
sub_40F29A(0a54):
"Post"
|
sub_40EC70(0a54):
"Sleep"
|
sub_40EF10(0a54):
"GetPort"
|
sub_40FD97(0a54):
"IsSet"
|
sub_40EDAE(0a54):
"GetCountry"
|
sub_40F68B(0a54):
"Start"
|
sub_41484D(0ed5):
WS2_32.inet_addr
WS2_32.gethostbyname
|
sub_414997(0f6d):
WS2_32.bind
|
sub_409431(0f95):
KERNEL32.GetSystemTimeAsFileTime
|
sub_40E577(0f9f):
KERNEL32.WaitForSingleObject
KERNEL32.SetEvent
KERNEL32.ReleaseMutex
|
sub_425845(10cf):
NTDLL.RtlLeaveCriticalSection
|
sub_414B09(10d7):
WS2_32.getpeername
|
sub_414BB6(10d7):
WS2_32.getsockname
|
sub_40FCC4(116e):
"SOFTWARE\\GNU\\Version"
|
sub_41EDF6(128c):
KERNEL32.VirtualAlloc
|
sub_423FFD(1387):
KERNEL32.SetFilePointer
NTDLL.RtlGetLastWin32Error
|
sub_4228FB(13fb):
KERNEL32.GetModuleFileNameA
"C:\\m_unpacker\\packed.exe"
|
sub_408012(14c4):
KERNEL32.WaitForSingleObject
KERNEL32.ReleaseMutex
|
sub_42056E(14f5):
KERNEL32.TlsGetValue
KERNEL32.TlsSetValue
|
sub_41602D(1538):
KERNEL32.CloseHandle
KERNEL32.CreateEventA
KERNEL32.WaitForSingleObject
|
sub_40E5EC(1586):
KERNEL32.WaitForSingleObject
KERNEL32.ReleaseMutex
KERNEL32.ResetEvent
WS2_32.inet_ntoa
KERNEL32.Sleep
|
sub_4047DC(1606):
ADVAPI32.RegSetValueExA
ADVAPI32.RegQueryValueExA
"SOFTWARE\\GNU"
"uuid"
|
sub_4280CC(1688):
KERNEL32.CloseHandle
|
sub_4011D1(1aa7):
USER32.SendMessageA
USER32.FindWindowExA
USER32.IsWindow
"#32770"
"_AimAd"
|
sub_421B59(1ade):
KERNEL32.GetFileAttributesA
NTDLL.RtlGetLastWin32Error
|
sub_424BB3(219a):
KERNEL32.GetOEMCP
KERNEL32.GetACP
|
sub_4138D7(21cd):
KERNEL32.WaitForSingleObject
KERNEL32.ReleaseMutex
|
sub_41ED3F(2299):
NTDLL.RtlReAllocateHeap
NTDLL.RtlAllocateHeap
KERNEL32.VirtualAlloc
NTDLL.RtlFreeHeap
|
sub_405615(22c3):
WS2_32.send
|
sub_407FC9(22d6):
KERNEL32.WaitForSingleObject
KERNEL32.ReleaseMutex
|
sub_423E1A(2463):
KERNEL32.GetModuleFileNameA
KERNEL32.InitializeCriticalSection
"Unknown security failure detected!"
"Buffer overrun detected!"
""
"..."
"\n\n"
"Program: "
"Microsoft Visual C++ Runtime Library"
|
sub_40D9DE(2484):
ADVAPI32.RegSetValueExA
|
sub_41E9B4(2585):
NTDLL.RtlAllocateHeap
|
sub_415FFF(2911):
KERNEL32.CloseHandle
|
sub_40E553(2965):
KERNEL32.CloseHandle
|
sub_4203B6(2998):
NTDLL.RtlGetLastWin32Error
KERNEL32.TlsGetValue
KERNEL32.TlsSetValue
KERNEL32.GetCurrentThreadId
NTDLL.RtlRestoreLastWin32Error
|
sub_42068C(29c5):
"exp"
"exp"
"log10"
"log10"
"log"
"log"
"pow"
"pow"
"pow"
"log10"
"log"
"log2"
"log2"
"exp10"
"exp2"
"exp"
"modf"
"pow"
"floor"
"ceil"
"atan"
|
sub_404E2C(29e0):
KERNEL32.CloseHandle
KERNEL32.CreateProcessA
KERNEL32.ExitProcess
"%X %X %X"
|
sub_40F7AD(2ad4):
"null"
|
sub_401162(2e26):
KERNEL32.InitializeCriticalSection
|
sub_407331(2ea7):
KERNEL32.WaitForSingleObject
KERNEL32.ReleaseMutex
|
sub_425867(3072):
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
|
sub_414AE0(3189):
WS2_32.WSAEventSelect
|
sub_4026BD(334e):
KERNEL32.HeapCreate
NTDLL.RtlAllocateHeap
|
sub_414D44(33a8):
WS2_32.closesocket
WS2_32.WSACloseEvent
|
sub_407779(342e):
"http://"
"/"
|
sub_4046C9(3478):
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
KERNEL32.GetTickCount
|
sub_40FDB0(37ec):
"SOFTWARE\\GNU\\Version"
|
sub_420E8C(3814):
NTDLL.RtlEnterCriticalSection
|
sub_422ABF(3c57):
KERNEL32.GetStartupInfoA
KERNEL32.GetFileType
KERNEL32.GetStdHandle
KERNEL32.LockResource
|
sub_406A96(3c7e):
KERNEL32.LoadLibraryA
KERNEL32.GetProcAddress
USER32.RegisterClipboardFormatA
USER32.TranslateMessage
USER32.DispatchMessageA
USER32.EnumWindows
USER32.GetMessageA
"OLEACC.DLL"
"ObjectFromLresult"
"WM_HTML_GETOBJECT"
|
sub_426724(3cd4):
KERNEL32.LoadLibraryA
KERNEL32.GetProcAddress
"user32.dll"
"MessageBoxA"
"GetActiveWindow"
"GetLastActivePopup"
"GetUserObjectInformationA"
"GetProcessWindowStation"
|
sub_414CEA(3d32):
WS2_32.sendto
|
sub_414C2D(3ecf):
WS2_32.send
WS2_32.WSAGetLastError
|
sub_41F59B(4141):
KERNEL32.GetCurrentProcess
KERNEL32.TerminateProcess
|
sub_425669(428c):
KERNEL32.SetStdHandle
|
sub_40F23B(43a1):
"TEMP"
|
sub_406B3F(43f7):
USER32.GetClassNameA
USER32.EnumChildWindows
USER32.SendMessageTimeoutA
"IEFrame"
"TabWindowClass"
"Shell DocObject View"
"Internet Explorer_Server"
"submit"
"image"
|
sub_40BDE3(4407):
KERNEL32.GetTickCount
"SOFTWARE\\GNU"
"pkys"
"pkys"
|
sub_40BF38(44c9):
KERNEL32.WaitForSingleObject
KERNEL32.ReleaseMutex
"%d|%X|%d|%s|%d|0|1\r\n"
"%d|%X|%d|%s|%d|0|0\r\n"
"%d|%X|%d|%s|%d|0|0\r\n"
|
sub_40892A(4565):
KERNEL32.GetLocaleInfoA
"cn"
|
sub_42059D(45fd):
KERNEL32.GetModuleHandleA
KERNEL32.GetProcAddress
KERNEL32.TlsSetValue
KERNEL32.GetCurrentThreadId
"kernel32.dll"
"FlsAlloc"
"FlsGetValue"
"FlsSetValue"
"FlsFree"
|
sub_408E9D(460d):
"SOFTWARE\\GNU\\Data"
"null"
|
sub_423D8B(4634):
KERNEL32.GetModuleHandleA
KERNEL32.GetProcAddress
"KERNEL32"
"IsProcessorFeaturePresent"
|
sub_4151B4(4646):
USER32.PostThreadMessageA
KERNEL32.SetEvent
|
sub_41B760(473e):
KERNEL32.WideCharToMultiByte
NTDLL.RtlGetLastWin32Error
|
sub_4011B2(47b4):
USER32.FindWindowA
USER32.IsWindow
"_Oscar_StatusNotify"
|
sub_416071(4914):
USER32.GetWindowTextA
ADVAPI32.RegCreateKeyExA
USER32.GetWindowPlacement
KERNEL32.WaitForSingleObject
USER32.RegisterClipboardFormatA
KERNEL32.ReleaseMutex
USER32.CloseClipboard
USER32.EnumChildWindows
USER32.OpenClipboard
USER32.EmptyClipboard
KERNEL32.Sleep
"Direct Instant Message"
":"
"SOFTWARE\\GNU\\Contact"
"\\"
"\\"
"AOLMAIL"
"DSC1060193.scr"
"my pic.scr"
"self nude.scr"
"(right clic"...
""
"AOLMAIL"
|
sub_4016AD(4b3e):
KERNEL32.Sleep
USER32.IsWindow
USER32.ShowWindow
USER32.DestroyWindow
|
sub_409BDA(4c74):
"Test4"
"%d\r\n"
"\r\n"
"\r\n"
"%d\r\n"
"Test4"
"Test4"
"%d\r\n"
|
sub_409351(4d87):
"SOFTWARE\\GNU\\Data"
|
sub_4148F1(4dff):
WS2_32.socket
|
sub_404B0D(4e0a):
KERNEL32.GetSystemDirectoryA
NTDLL.RtlGetLastWin32Error
"C:\\WINDOWS\\System32\\mvwatvx.exe"
"\\"
"mvwatvx.exe"
|
sub_4077BF(4ed9):
KERNEL32.GetTempPathA
KERNEL32.GetTempFileNameA
KERNEL32.CreateProcessA
KERNEL32.DeleteFileA
"TEMP"
|
sub_40DAD4(4f29):
ADVAPI32.RegOpenKeyExA
|
sub_420D01(4f5e):
NTDLL.RtlLeaveCriticalSection
|
sub_420CAF(4f5e):
NTDLL.RtlEnterCriticalSection
|
sub_405CF2(4fa2):
KERNEL32.CloseHandle
|
sub_414767(4fcf):
USER32.DefWindowProcA
USER32.PostQuitMessage
|
sub_407466(5235):
KERNEL32.SetEndOfFile
"Content-Length: %d\r\nContent-Type: appli"...
"GET"
"POST"
"%s /%s HTTP/1.1\r\nHost: %s\r\nUser-Agent: "...
":"
"Transfer-Encoding"
"chunked"
"\r\n"
|
sub_4149DD(527e):
WS2_32.ioctlsocket
|
sub_4256E5(52a1):
KERNEL32.SetStdHandle
|
sub_405DBE(535f):
KERNEL32.SetFilePointer
|
sub_40F839(5565):
KERNEL32.SetEvent
|
sub_40F9A9(5590):
"NONE"
|
sub_425CAB(55d4):
KERNEL32.VirtualQuery
KERNEL32.GetSystemInfo
KERNEL32.VirtualAlloc
KERNEL32.VirtualProtect
|
sub_42418A(5651):
KERNEL32.WideCharToMultiByte
|
sub_424D24(573a):
KERNEL32.RaiseException
|
sub_41E7DF(5769):
KERNEL32.HeapCreate
KERNEL32.HeapDestroy
|
sub_421909(58c9):
NTDLL.RtlAllocateHeap
|
sub_4094D4(591f):
":"
|
sub_404A16(5976):
WS2_32.gethostname
IPHLPAPI.GetIpAddrTable
|
sub_40FEFE(5a0e):
"(null)"
|
sub_416B0E(5a0e):
KERNEL32.GetTickCount
|
sub_40E415(5a10):
KERNEL32.WaitForSingleObject
KERNEL32.ReleaseMutex
|
sub_40B543(5a64):
KERNEL32.WaitForSingleObject
KERNEL32.ReleaseMutex
|
sub_40FACE(5b63):
WS2_32.inet_ntoa
"%s:%d"
|
sub_416AA6(5b99):
KERNEL32.CloseHandle
|
sub_41E879(5be9):
NTDLL.RtlDeleteCriticalSection
|
sub_42687D(5cb8):
KERNEL32.IsBadWritePtr
|
sub_426861(5cb8):
KERNEL32.IsBadReadPtr
|
sub_40D580(5cc3):
WS2_32.inet_addr
":"
|
sub_41395A(5cfb):
KERNEL32.WaitForSingleObject
KERNEL32.ReleaseMutex
|
sub_405CAD(5d25):
KERNEL32.CreateFileA
|
sub_40F4FC(5db2):
KERNEL32.SetEvent
|
sub_4217A5(63d5):
KERNEL32.UnhandledExceptionFilter
|
sub_42299D(6487):
KERNEL32.GetEnvironmentStringsW
NTDLL.RtlGetLastWin32Error
KERNEL32.WideCharToMultiByte
KERNEL32.FreeEnvironmentStringsW
KERNEL32.GetEnvironmentStrings
KERNEL32.FreeEnvironmentStringsA
|
sub_422D45(64e8):
KERNEL32.VirtualQuery
KERNEL32.InterlockedExchange
|
sub_40C14B(64ee):
"127.*"
"localhost"
"null"
|
sub_414C04(65da):
WS2_32.WSAEnumNetworkEvents
|
sub_41646A(660d):
"."
"."
|
sub_4142D6(66cb):
KERNEL32.SetUnhandledExceptionFilter
KERNEL32.DeleteFileA
KERNEL32.CreateToolhelp32Snapshot
KERNEL32.Process32First
KERNEL32.GetCurrentProcessId
KERNEL32.OpenProcess
KERNEL32.TerminateProcess
KERNEL32.WaitForSingleObject
KERNEL32.CloseHandle
KERNEL32.Process32Next
KERNEL32.Sleep
USER32.RegisterClassExA
USER32.CreateWindowExA
WS2_32.WSAStartup
KERNEL32.GetTickCount
KERNEL32.CreateMutexA
NTDLL.RtlGetLastWin32Error
KERNEL32.GetModuleFileNameA
KERNEL32.CopyFileA
KERNEL32.GetSystemDirectoryA
KERNEL32.GetFileTime
KERNEL32.SetFileTime
KERNEL32.CreateProcessA
USER32.TranslateMessage
USER32.DispatchMessageA
USER32.GetMessageA
"-c "
"-k "
"-s "
"main"
"null"
"d3kb5sujs50lq2mr"
"mvwatvx.exe"
"\\calc.exe"
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
"mvwatvx"
"Software\\Microsoft\\Windows\\CurrentVersi"...
|
sub_40EC36(670e):
USER32.MessageBoxA
|
sub_4013EC(67ae):
USER32.GetWindowTextA
USER32.FindWindowExA
USER32.IsWindow
USER32.SendMessageA
"#32770"
"_Oscar_Tree"
"Moviefone"
"SmarterChild"
|
sub_425A9F(6848):
KERNEL32.GetLocaleInfoA
|
sub_414A0C(6879):
WS2_32.listen
|
sub_414DBA(6879):
WS2_32.shutdown
|
sub_40C38F(689f):
KERNEL32.WaitForSingleObject
KERNEL32.ReleaseMutex
"vector too long"
|
sub_414A1F(6a57):
WS2_32.accept
WS2_32.htons
|
sub_40FA00(6a57):
KERNEL32.WaitForSingleObject
KERNEL32.ResetEvent
|
sub_4095D4(6c43):
USER32.GetWindowTextA
USER32.FindWindowExA
USER32.SendMessageA
"RichEdit20W"
|
sub_404706(6d6e):
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
|
sub_4046F4(6d6e):
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
|
sub_408A3E(6f78):
"PRIVMSG %s :%s\r\n"
|
sub_405771(6f9f):
WS2_32.inet_ntoa
KERNEL32.WaitForSingleObject
KERNEL32.ReleaseMutex
|
sub_40EC89(6fb7):
KERNEL32.Sleep
|
sub_405D36(707f):
KERNEL32.WriteFile
|
sub_405D04(707f):
KERNEL32.ReadFile
|
sub_404683(717f):
NTDLL.RtlDeleteCriticalSection
|
sub_404869(7256):
"%.2X"
|
sub_421354(72cc):
KERNEL32.LCMapStringW
NTDLL.RtlGetLastWin32Error
KERNEL32.MultiByteToWideChar
KERNEL32.WideCharToMultiByte
KERNEL32.LCMapStringA
|
sub_41D01D(736f):
NTDLL.RtlAllocateHeap
|
sub_40C5D0(73db):
KERNEL32.CloseHandle
|
sub_41520F(74a2):
KERNEL32.WaitForSingleObject
KERNEL32.SetEvent
KERNEL32.ReleaseMutex
|
sub_41EA27(76df):
KERNEL32.VirtualFree
NTDLL.RtlFreeHeap
|
sub_40B78B(7792):
WS2_32.shutdown
KERNEL32.GetTickCount
WS2_32.WSAWaitForMultipleEvents
KERNEL32.WaitForSingleObject
KERNEL32.ReleaseMutex
"%d|%s\r\n"
|
sub_424828(7906):
KERNEL32.GetCPInfo
|
sub_40E2F1(7950):
KERNEL32.CloseHandle
|
sub_40D453(7979):
WS2_32.inet_ntoa
|
sub_40B45D(7a33):
"%d|%d\r\n"
|
sub_40D606(7a91):
WS2_32.htons
|
sub_4072DE(7ae2):
KERNEL32.WaitForSingleObject
KERNEL32.ReleaseMutex
|
sub_404694(7b00):
NTDLL.RtlEnterCriticalSection
KERNEL32.GetTickCount
NTDLL.RtlLeaveCriticalSection
|
sub_40DB56(7b18):
KERNEL32.LoadLibraryA
KERNEL32.GetProcAddress
KERNEL32.OpenProcess
KERNEL32.ReadProcessMemory
KERNEL32.VirtualProtectEx
KERNEL32.WriteProcessMemory
KERNEL32.VirtualAllocEx
KERNEL32.CloseHandle
KERNEL32.Sleep
"psapi.dll"
"EnumProcessModules"
"GetModuleFileNameExA"
"GetProcessImageFileNameA"
"taskmgr.exe"
"ntdll.dll"
"NtQuerySystemInformation"
|
sub_40B9E3(7caf):
KERNEL32.CloseHandle
|
sub_414A81(7d95):
WS2_32.connect
|
sub_423F72(7dab):
KERNEL32.GetModuleHandleA
KERNEL32.GetProcAddress
KERNEL32.InitializeCriticalSectionAndSpinCount
NTDLL.RtlRestoreLastWin32Error
"kernel32.dll"
"InitializeCriticalSectionAndSpinCount"
|
sub_40F1FC(812c):
"TEMP"
|
sub_4259E3(814f):
KERNEL32.FlushFileBuffers
NTDLL.RtlGetLastWin32Error
|
sub_414BCD(8160):
WS2_32.htons
|
sub_414B68(8160):
WS2_32.htons
|
sub_407F83(81d9):
KERNEL32.WaitForSingleObject
KERNEL32.ReleaseMutex
|
sub_4099E5(824b):
KERNEL32.CreateMutexA
|
sub_4060B7(82fb):
USER32.PostThreadMessageA
KERNEL32.Sleep
|
sub_408CB7(8556):
ADVAPI32.RegQueryValueExA
"null"
"SOFTWARE\\GNU\\Data"
"\\"
"S"
|
sub_401236(8653):
USER32.SendMessageA
USER32.FindWindowExA
USER32.IsWindow
USER32.RegisterClipboardFormatA
USER32.CloseClipboard
USER32.OpenClipboard
USER32.EmptyClipboard
"AIM_IMessage"
"_Oscar_PersistantCombo"
"CBClass"
"Ate32Class"
"AOLMAIL"
"AOLMAIL"
|
sub_404AA9(8655):
"\\"
"FNTCACHE.BIN"
|
sub_404ADB(8655):
"\\"
"perfc012.dat"
|
sub_40B8C8(8667):
KERNEL32.InterlockedExchange
|
sub_40FE37(8724):
ADVAPI32.RegDeleteValueA
"SOFTWARE\\GNU\\Version"
|
sub_4163F9(8737):
KERNEL32.SetEvent
|
sub_41D7F8(87b2):
KERNEL32.CreateThread
NTDLL.RtlGetLastWin32Error
|
sub_40B64D(8aa9):
KERNEL32.WaitForSingleObject
KERNEL32.ReleaseMutex
"%d\r\n"
|
sub_41DE8C(8af0):
NTDLL.RtlUnwind
|
sub_40738E(8b23):
KERNEL32.WaitForSingleObject
KERNEL32.ReleaseMutex
|
sub_4093AD(8d71):
"SOFTWARE\\GNU\\Data"
"\\"
|
sub_4224BB(8f02):
KERNEL32.GetModuleFileNameA
KERNEL32.GetStdHandle
KERNEL32.WriteFile
""
"..."
"Runtime Error!\n\nProgram: "
"\n\n"
"Microsoft Visual C++ Runtime Library"
|
sub_4099FE(918e):
KERNEL32.InitializeCriticalSection
|
sub_40472B(918e):
USER32.OpenClipboard
|
sub_416917(92aa):
WS2_32.WSAWaitForMultipleEvents
WS2_32.shutdown
|
sub_407DB9(9471):
KERNEL32.WaitForSingleObject
KERNEL32.ReleaseMutex
|
sub_41226A(952e):
"local"
"if"
"while"
|
sub_40DB1B(95d4):
ADVAPI32.RegEnumKeyExA
|
sub_404C05(96f2):
ADVAPI32.RegQueryValueExA
"SOFTWARE\\GNU"
"skst"
"skvr"
"skpt"
"skus"
"skps"
|
sub_40925E(97bf):
ADVAPI32.RegSetValueExA
"SOFTWARE\\GNU\\Data"
"\\"
"S"
|
sub_407949(97c0):
KERNEL32.GetTickCount
"POST / HTTP/1.0\r\nHost: %s\r\nContent-Leng"...
|
sub_4151DB(9dba):
KERNEL32.WaitForSingleObject
KERNEL32.SetEvent
KERNEL32.ReleaseMutex
|
sub_404793(9dea):
KERNEL32.GlobalAlloc
KERNEL32.GlobalLock
KERNEL32.GlobalUnlock
USER32.SetClipboardData
|
sub_414D0B(9dee):
WS2_32.recv
|
sub_4266A1(a160):
KERNEL32.SetFilePointer
NTDLL.RtlGetLastWin32Error
|
sub_40DA05(a295):
ADVAPI32.RegQueryValueExA
|
sub_420386(a417):
KERNEL32.TlsFree
|
sub_40DA68(a8bf):
ADVAPI32.RegQueryValueExA
|
sub_40DEBF(a950):
KERNEL32.GetCurrentProcessId
KERNEL32.WriteProcessMemory
|
sub_41494C(a97d):
WS2_32.htons
|
sub_421060(ae67):
KERNEL32.CloseHandle
NTDLL.RtlGetLastWin32Error
|
sub_41E4BE(aeff):
KERNEL32.RaiseException
|
sub_41643A(b296):
USER32.EnumWindows
KERNEL32.Sleep
|
sub_41F69E(b2ae):
NTDLL.RtlSizeHeap
|
sub_404740(b320):
USER32.GetClipboardData
KERNEL32.GlobalLock
KERNEL32.GlobalUnlock
|
sub_4054F8(b392):
WS2_32.htonl
WS2_32.send
|
sub_41288D(b432):
"else"
|
sub_426560(b4cc):
KERNEL32.SetEndOfFile
NTDLL.RtlGetLastWin32Error
|
sub_40C987(b502):
WS2_32.WSAWaitForMultipleEvents
KERNEL32.SetEvent
|
sub_41B9F9(b73f):
"invalid string position"
|
sub_4010AA(b91b):
KERNEL32.GetThreadLocale
KERNEL32.GetLocaleInfoA
KERNEL32.GetACP
|
sub_414ACD(b9c1):
WS2_32.WSACreateEvent
|
sub_4060DC(ba43):
USER32.GetClassNameA
USER32.SendMessageTimeoutA
"Internet Explorer_Server"
"(null)"
"(null)"
"a"
" [%S]\r\n<%S>\r\n"
"submit"
"image"
"reset"
" %S = (too long)\r\n"
" %S = %S\r\n"
" %S = (too long)\r\n"
" %S = %S\r\n"
"\r\n"
|
sub_40EEEA(badc):
"21"
|
sub_405DE6(bba1):
KERNEL32.GetFileSize
KERNEL32.ReadFile
|
sub_40D93E(bbdd):
ADVAPI32.RegEnumValueA
|
sub_4150A5(bc08):
WS2_32.WSACreateEvent
|
sub_41E618(bec6):
NTDLL.RtlAllocateHeap
NTDLL.RtlReAllocateHeap
|
sub_4242B5(bf7b):
KERNEL32.GetStringTypeW
NTDLL.RtlGetLastWin32Error
KERNEL32.MultiByteToWideChar
KERNEL32.GetStringTypeA
|
sub_41D883(bf7e):
KERNEL32.GetCurrentProcessId
"\\"
"."
|
sub_4091F9(c10b):
ADVAPI32.RegDeleteKeyA
"SOFTWARE\\GNU\\Data"
"\\"
|
sub_4257A5(c136):
NTDLL.RtlEnterCriticalSection
|
sub_402920(c166):
KERNEL32.GetCurrentProcess
KERNEL32.GetModuleHandleA
KERNEL32.ReadProcessMemory
WS2_32.inet_ntoa
|
sub_41E983(c36e):
NTDLL.RtlEnterCriticalSection
|
sub_410FAD(c39f):
"/"
"<<"
">>"
"&&"
"||"
"!"
"=="
"!="
">="
"<="
|
sub_405664(c679):
KERNEL32.WaitForSingleObject
KERNEL32.ReleaseMutex
|
sub_41E8CE(c70d):
NTDLL.RtlLeaveCriticalSection
|
sub_424A23(c71f):
KERNEL32.GetCPInfo
|
sub_4048C1(c838):
"SOFTWARE\\GNU"
"pprt"
|
sub_41F4D7(c884):
KERNEL32.GetModuleHandleA
KERNEL32.GetProcAddress
KERNEL32.ExitProcess
"mscoree.dll"
"CorExitProcess"
|
sub_4027E5(ca8f):
WS2_32.inet_addr
|
sub_40D864(cb08):
USER32.GetCursorPos
KERNEL32.GetTickCount
|
sub_41E11A(cba9):
NTDLL.RtlUnwind
|
sub_40D9C3(cc69):
ADVAPI32.RegSetValueExA
|
sub_40EDC7(cd5b):
KERNEL32.GetLocaleInfoA
|
sub_4056EB(cdd4):
KERNEL32.WaitForSingleObject
KERNEL32.ReleaseMutex
|
sub_414B20(ce3d):
WS2_32.inet_ntoa
|
sub_4138FB(cf67):
KERNEL32.WaitForSingleObject
KERNEL32.ReleaseMutex
|
sub_40818D(d2f5):
KERNEL32.WaitForSingleObject
KERNEL32.ReleaseMutex
|
sub_425AE2(d361):
KERNEL32.GetCPInfo
KERNEL32.MultiByteToWideChar
KERNEL32.WideCharToMultiByte
|
sub_416B1B(d3c7):
KERNEL32.GetTickCount
|
sub_4153A7(d3d6):
USER32.PeekMessageA
KERNEL32.WaitForSingleObject
WS2_32.WSAWaitForMultipleEvents
WS2_32.WSAGetLastError
KERNEL32.ReleaseMutex
|
sub_420C80(d432):
NTDLL.RtlEnterCriticalSection
|
sub_420CD2(d432):
NTDLL.RtlLeaveCriticalSection
|
sub_408F96(d542):
ADVAPI32.RegCreateKeyExA
ADVAPI32.RegSetValueExA
"SOFTWARE\\GNU\\Data"
"\\"
"S"
|
sub_421FBC(d9a1):
KERNEL32.ReadFile
NTDLL.RtlGetLastWin32Error
|
sub_40DA4A(daee):
ADVAPI32.RegSetValueExA
|
sub_40FD30(dd6b):
"SOFTWARE\\GNU\\Version"
|
sub_40CA30(e0c5):
WS2_32.htons
WS2_32.inet_ntoa
"null"
"null"
|
sub_40EA20(e215):
KERNEL32.WaitForSingleObject
KERNEL32.ReleaseMutex
|
sub_40D743(e33e):
USER32.GetCursorPos
KERNEL32.GetTickCount
|
sub_40E4C6(e42b):
KERNEL32.CreateEventA
|
sub_40547E(e440):
WS2_32.select
WS2_32.__WSAFDIsSet
WS2_32.recv
|
sub_4152DF(e590):
KERNEL32.ResetEvent
|
sub_411377(e5fe):
"P2P"
"Count"
"HTTP"
"Logs"
"AIM"
"MSN"
"Email"
"FTP"
"Socks"
"Firewall"
"Scan"
"Targets"
"Scripts"
"UDP"
"TCP"
"PVAR"
|
sub_407C12(e645):
"HTTP/1.1 200 OK\r\nContent-Length: %d\r\nCo"...
"\r\n"
|
sub_40E5B8(e79d):
KERNEL32.WaitForSingleObject
KERNEL32.ReleaseMutex
|
sub_422242(e7a9):
KERNEL32.WriteFile
NTDLL.RtlGetLastWin32Error
|
sub_4078F0(e883):
KERNEL32.GetTempPathA
KERNEL32.GetTempFileNameA
KERNEL32.DeleteFileA
|
sub_407F57(e8f2):
KERNEL32.WaitForSingleObject
KERNEL32.ReleaseMutex
|
sub_40497E(ea02):
WS2_32.gethostname
IPHLPAPI.GetIpAddrTable
|
sub_426899(eaec):
KERNEL32.IsBadCodePtr
|
sub_416F51(ed9f):
KERNEL32.CloseHandle
KERNEL32.CreateProcessA
KERNEL32.ExitProcess
"mvwatvx.exe"
|
sub_405DAF(ee34):
KERNEL32.SetFilePointer
|
sub_41D732(ee9a):
KERNEL32.ExitThread
KERNEL32.TlsGetValue
KERNEL32.TlsSetValue
KERNEL32.GetCurrentThreadId
|
sub_42037D(ef17):
KERNEL32.TlsAlloc
|
sub_423DB4(ef83):
KERNEL32.GetSystemTimeAsFileTime
KERNEL32.GetCurrentProcessId
KERNEL32.GetCurrentThreadId
KERNEL32.GetTickCount
KERNEL32.QueryPerformanceCounter
|
sub_405123(ef84):
"CCCC"
"`"
|
sub_402382(f014):
KERNEL32.GetModuleFileNameA
KERNEL32.GetFileSize
KERNEL32.GetCurrentProcess
KERNEL32.GetModuleHandleA
KERNEL32.ReadProcessMemory
KERNEL32.VirtualProtect
|
sub_416B68(f0af):
KERNEL32.GetTickCount
|
sub_407EE6(f3ac):
USER32.GetAsyncKeyState
USER32.GetCursorPos
KERNEL32.Sleep
|
sub_40DA94(f419):
ADVAPI32.RegCreateKeyExA
|
sub_415135(f6b8):
KERNEL32.WaitForSingleObject
KERNEL32.CloseHandle
KERNEL32.ReleaseMutex
|
sub_421B9F(f816):
KERNEL32.CreateFileA
KERNEL32.GetFileType
KERNEL32.CloseHandle
NTDLL.RtlGetLastWin32Error
|
sub_4010FE(f955):
KERNEL32.GetVersionExA
KERNEL32.InterlockedExchange
|
sub_4071F6(f9ad):
USER32.GetForegroundWindow
USER32.GetWindowTextW
USER32.EnumChildWindows
|
sub_4098F3(fc56):
KERNEL32.Sleep
|
sub_40DB08(fc8e):
ADVAPI32.RegCloseKey
|
sub_402AC9(fe11):
KERNEL32.GetSystemTime
KERNEL32.HeapDestroy
".rdata"
".data"
"Kernel32.dll"
"Kernel32.dll"
"LoadLibraryA"
"LoadLibraryA"
"GetProcAddress"
"GetProcAddress"
"VirtualProtect"
"VirtualProtect"
|
sub_409538(fe96):
KERNEL32.MultiByteToWideChar
|
sub_41600E(fec7):
KERNEL32.SetEvent
|
sub_40D91D(fedd):
ADVAPI32.RegQueryValueExA
|