sub_outside(): KERNEL32.SetErrorMode MSVCRT.sprintf KERNEL32.Sleep KERNEL32.CreateMutexA NTDLL.RtlGetLastWin32Error KERNEL32.GetModuleHandleA KERNEL32.GetModuleFileNameA MSVCRT._mbscpy MSVCRT.strlen WS2_32.WSAStartup WS2_32.WSACleanup MSVCRT.exit |
sub_40447B(0011): WS2_32.ioctlsocket |
sub_401146(00cc): KERNEL32.SetFileAttributesA KERNEL32.DeleteFileA MSVCRT.strlen |
sub_414600(00db): MSVCRT.atoi MSVCRT.malloc MSVCRT.strncpy MSVCRT.memcpy |
sub_40D53F(0509): MSVCRT.sprintf MSVCRT._mbscat MSVCRT._vsnprintf MSVCRT.strlen "NOTICE %s :" "PRIVMSG %s :" "\r\n" |
sub_4043E9(05b8): MSVCRT._mbscpy "80" |
sub_409DD0(060f): MSVCRT.memcpy MSVCRT.free KERNEL32.LoadLibraryA KERNEL32.GetProcAddress WS2_32.inet_addr WS2_32.gethostbyname MSVCRT.printf WS2_32.gethostbyaddr "ICMP.DLL" "IcmpCreateFile" "IcmpSendEcho" "IcmpCloseHandle" "Could not resolve name" |
sub_41673F(09bb): MSVCRT.fopen MSVCRT.fseek MSVCRT.ftell MSVCRT.fclose "rb" |
sub_40A1A7(0b5b): MSVCRT.malloc MSVCRT.memcpy MSVCRT._mbscpy MSVCRT.atoi KERNEL32.CreateThread MSVCRT.free KERNEL32.CloseHandle |
sub_4093B6(0cc7): MSVCRT.free KERNEL32.IsBadCodePtr "btg" "thread" |
sub_41665C(0cdf): MSVCRT.malloc MSVCRT.atoi MSVCRT.memcpy |
sub_409C7A(0dba): NTDLL.RtlLeaveCriticalSection |
sub_409C6C(0dba): NTDLL.RtlEnterCriticalSection |
sub_4053B1(0dba): WS2_32.closesocket |
sub_40D871(0ed7): MSVCRT._strcmpi MSVCRT.strlen MSVCRT._mbscpy MSVCRT.memset MSVCRT.atoi MSVCRT.sprintf MSVCRT.strcmp KERNEL32.lstrcmp KERNEL32.GetVersionExA MSVCRT.strncpy MSVCRT.strstr MSVCRT._snprintf "PING" "PONG %s" "PONG" "MODE" "PRIVMSG" "SEND" "eggdrop v1.6.16" "433" "UNK" "B" "A" "G" "%c%s%c%c%u%c%u%s%c%c%c" "ERROR" "JOIN" "MODE %s +smntu" "001" "MODE %s +xi" "USERHOST %s" "USERHOST %s" "451" "302" "@" "NICK" "332" "][" "link!link@link PRIVMSG %s :%s" "][" "PRIVMSG" "NOTICE" "*" |
sub_40D4AB(1035): MSVCRT.sprintf MSVCRT._vsnprintf MSVCRT._mbscat MSVCRT.strlen "PRIVMSG %s :" "\r\n" |
sub_40260D(1182): MSVCRT.malloc MSVCRT.strncpy MSVCRT.memcpy |
sub_407ACA(11fc): MSVCRT.strlen MSVCRT._strnicmp |
sub_4020C2(1225): MSVCRT.memcpy MSVCRT.free MSVCRT.strlen MSVCRT._mbscpy WS2_32.getsockname WS2_32.getnameinfo MSVCRT._itoa MSVCRT.fopen MSVCRT.fseek MSVCRT.ftell WS2_32.inet_addr WS2_32.htonl MSVCRT.fclose MSVCRT.clock MSVCRT.fread "rb" "DCC Send %s (%s)" |
sub_409226(1371): KERNEL32.QueryPerformanceCounter KERNEL32.QueryPerformanceFrequency MSVCRT.ceil MSVCRT._ftol KERNEL32.GetTickCount |
sub_40432E(13af): WS2_32.socket |
sub_40732D(1413): MSVCRT.memcpy MSVCRT.free WS2_32.recv MSVCRT.strncmp MSVCRT.memset WS2_32.htons MSVCRT._itoa WS2_32.inet_ntoa KERNEL32.Sleep |
sub_415AF0(1472): MSVCRT.malloc "Internet explorer password stealer" |
sub_406D90(1503): MSVCRT._mbscpy MSVCRT.strlen MSVCRT.malloc KERNEL32.DeleteFileA KERNEL32.CreateFileA USER32.wsprintfA KERNEL32.WriteFile KERNEL32.CloseHandle ".bat" "@echo off\r\n:deleteagain\r\ndel /A:H /F %s"... "open" |
sub_4088FC(152c): MSVCRT._mbscpy MSVCRT._snprintf MSVCRT.strlen MSVCRT.clock MSVCRT._ftol "80" "GET /%s HTTP/1.0\r\nHost: %s\r\n\r\n" |
sub_41349C(174d): MSVCRT.memcpy MSVCRT.free MSVCRT.memset MSVCRT._mbscpy MSVCRT._strcmpi MSVCRT.sprintf KERNEL32.Sleep MSVCRT.clock MSVCRT.strcmp MSVCRT.malloc |
sub_406B81(1758): KERNEL32.GetWindowsDirectoryA MSVCRT._mbscat KERNEL32.CreateFileA KERNEL32.GetFileTime KERNEL32.CloseHandle KERNEL32.SetFileTime |
sub_4018AF(191b): KERNEL32.Sleep MSVCRT.clock MSVCRT.sprintf |
sub_40E9C9(19ab): MSVCRT.strlen |
sub_4038BA(19c2): WS2_32.WSASetLastError WS2_32.inet_ntoa WS2_32.gethostbyaddr WS2_32.WSAGetLastError MSVCRT.strlen WS2_32.htons MSVCRT._itoa MSVCRT._mbscpy WS2_32.getservbyport "udp" |
sub_4143B0(1a5b): MSVCRT.memcpy MSVCRT.free KERNEL32.Sleep MSVCRT.clock MSVCRT._itoa |
sub_4041B7(1b73): MSVCRT.strncmp |
sub_403FE5(1c3c): MSVCRT.malloc |
sub_4024F3(213d): MSVCRT.atoi MSVCRT.malloc MSVCRT.strncpy MSVCRT.memcpy |
sub_4064BF(2141): MSVCRT.malloc MSVCRT.memcpy |
sub_40538D(215d): WS2_32.shutdown KERNEL32.Sleep |
sub_4087C4(256f): MSVCRT.malloc |
sub_4092A4(29ef): KERNEL32.QueryPerformanceCounter KERNEL32.QueryPerformanceFrequency MSVCRT.ceil MSVCRT._ftol KERNEL32.GetTickCount |
sub_4102AE(2dd6): ADVAPI32.CryptAcquireContextA ADVAPI32.CryptGenRandom ADVAPI32.CryptReleaseContext |
sub_409AD5(2e4e): MSVCRT.memcpy MSVCRT.free KERNEL32.Sleep |
sub_409C36(3457): MSVCRT.memset KERNEL32.InitializeCriticalSectionAndSpinCount KERNEL32.InitializeCriticalSection |
sub_412F07(34bf): MSVCRT.malloc MSVCRT.atoi MSVCRT._itoa |
sub_407F3D(3635): MSVCRT.sprintf |
sub_407E0C(37d0): MSVCRT._itoa MSVCRT.atoi MSVCRT._mbscpy |
sub_40A8AD(3823): MSVCRT.strlen MSVCRT.tolower "abcdef" |
sub_40764D(3944): MSVCRT.memcpy MSVCRT.free MSVCRT.malloc MSVCRT._mbscpy |
sub_404CBB(3da8): MSVCRT.free |
sub_4044F7(3f01): WS2_32.getpeername WS2_32.getnameinfo |
sub_401D39(4162): MSVCRT.strlen KERNEL32.WriteFile |
sub_412E04(4474): MSVCRT.memcpy MSVCRT.free MSVCRT._mbscpy |
sub_416F4E(4529): KERNEL32.LocalFree |
sub_406D47(470b): KERNEL32.GetModuleHandleA KERNEL32.GetModuleFileNameA KERNEL32.SetCurrentDirectoryA |
sub_410649(4781): WS2_32.recv MSVCRT.memcpy MSVCRT.memset |
sub_40422A(484d): MSVCRT.atoi |
sub_416EAF(4878): MSVCRT._CxxThrowException |
sub_40F040(4949): MSVCRT.memmove MSVCRT._lrotr |
sub_401E38(4a2b): MSVCRT.memcpy MSVCRT.free KERNEL32.DeleteFileA MSVCRT.fopen MSVCRT.fclose MSVCRT.clock WS2_32.recv WS2_32.htonl MSVCRT.fwrite MSVCRT.ftell |
sub_406C51(4aab): ADVAPI32.RegCreateKeyExA KERNEL32.GetSystemDirectoryA MSVCRT._mbscat KERNEL32.lstrlen ADVAPI32.RegSetValueExA ADVAPI32.RegDeleteValueA ADVAPI32.RegCloseKey "Software\\Microsoft\\Windows\\CurrentVersi"... |
sub_414052(4fa7): MSVCRT.memcpy MSVCRT.free MSVCRT._mbscpy MSVCRT._mbscat MSVCRT.strlen MSVCRT.sprintf "Exploit statistics - " |
sub_404E1C(510f): WS2_32.select |
sub_40332B(52e1): KERNEL32.GetModuleHandleA KERNEL32.GetModuleFileNameA KERNEL32.ExitProcess "EXCEPTION_OTHER" "EXCEPTION_ACCESS_VIOLATION" "EXCEPTION_BREAKPOINT" "EXCEPTION_ILLEGAL_INSTRUCTION" "EXCEPTION_INT_DIVIDE_BY_ZERO" "EXCEPTION_NONCONTINUABLE_EXCEPTION" "EXCEPTION_STACK_OVERFLOW" "EXCEPTION_FLT" "Restarting" "Continuing" "open" "QUIT :exitting" "QUIT :restarting" "QUIT :restarting" |
sub_40D043(5675): MSVCRT._mbscpy KERNEL32.GetVersionExA MSVCRT.sprintf "PASS %s" "USER %s %s %s :%s" "UNK" "B" "A" "G" "%c%s%c%c%u%c%u%s%c%c%c" |
sub_411BBC(5919): MSVCRT.memcpy MSVCRT.free MSVCRT._itoa "127.0.0.1" |
sub_410422(5969): MSVCRT.clock |
sub_4017AA(5a0a): MSVCRT.strlen MSVCRT.malloc MSVCRT.strncpy "Listing" "Killing" |
sub_414A1E(5a21): MSVCRT.memcpy MSVCRT.free MSVCRT.fopen MSVCRT.fseek MSVCRT.ftell MSVCRT.malloc MSVCRT.fclose MSVCRT.fread MSVCRT.strstr MSVCRT.sscanf KERNEL32.Sleep "rb" "\r\n\r\n[" "\r\nIP=" "\r\nPort=" "\r\nUser=" "\r\nPass=" "[%[^]]]\r\n" "\r\nIP=%127s\r\n" "\r\nPort=%127s\r\n" "\r\nUser=%127s\r\n" "\r\nPass=%127s\r\n" |
sub_410B52(5c32): MSVCRT.memcpy KERNEL32.Sleep MSVCRT.memset |
sub_416711(5c60): MSVCRT.fopen MSVCRT.fclose "rb" |
sub_413FE7(5e87): MSVCRT.malloc MSVCRT.memcpy "Attempting to exploit IP's in list." |
sub_4125DF(5f39): MSVCRT.memcpy |
sub_40A4A4(5f9a): MSVCRT.memcpy MSVCRT.free |
sub_401000(60e1): MSVCRT._mbscpy ADVAPI32.RegOpenKeyExA ADVAPI32.RegEnumValueA ADVAPI32.RegDeleteValueA ADVAPI32.RegCloseKey |
sub_4053DC(60ec): WS2_32.WSASetLastError WS2_32.recv |
sub_407148(629b): KERNEL32.GetModuleHandleA KERNEL32.GetModuleFileNameA KERNEL32.GetSystemDirectoryA MSVCRT._mbscat MSVCRT._strcmpi WS2_32.WSACleanup KERNEL32.ExitProcess "QUIT :%s uninstalled." "Windows DLL Loader" "QUIT :%s uninstalled." |
sub_409763(6316): KERNEL32.CloseHandle MSVCRT.memset |
sub_404FD0(640e): MSVCRT.free |
sub_404D10(64b3): MSVCRT.malloc |
sub_40EF59(6597): MSVCRT.memcpy MSVCRT._lrotl |
sub_4091E2(65f1): MSVCRT.malloc "Driveinfo thread" |
sub_404552(67ed): WS2_32.getsockname WS2_32.htons MSVCRT._itoa |
sub_4097A7(69ab): MSVCRT.atoi MSVCRT._snprintf "*%s*" |
sub_40938F(6a12): MSVCRT.malloc |
sub_4083AD(6a7b): MSVCRT.memcpy MSVCRT.free KERNEL32.GlobalMemoryStatus ADVAPI32.GetUserNameA KERNEL32.GetComputerNameA KERNEL32.GetVersionExA ADVAPI32.RegOpenKeyExA ADVAPI32.RegQueryValueExA ADVAPI32.RegCloseKey MSVCRT._snprintf "?" "no SP" "95" "NT" "98" "ME" "2000" "XP" "2003" "Yes" "No" "HARDWARE\\DESCRIPTION\\System\\CentralProc"... "ProcessorNameString" |
sub_41294E(6af9): MSVCRT.memcpy |
sub_41308F(6de7): WS2_32.recv MSVCRT.strstr MSVCRT._strnicmp MSVCRT.sscanf "OPTIONS / HTTP/1.0\r\n\r\n" "Server:" "Microsoft-IIS" "Microsoft-IIS/%u.%u" "Apache" |
sub_414EB0(6e80): MSVCRT.malloc "FlashFXP password stealer" |
sub_4147E5(6ee3): MSVCRT.sscanf "yA36zA48dEhfrvghGRg57h5UlDv3" "yA36zA48dEhfrvghGRg57h5UlDv3" |
sub_408B30(70db): MSVCRT.memcpy MSVCRT.free MSVCRT._mbscpy WS2_32.getaddrinfo WS2_32.getnameinfo WS2_32.freeaddrinfo WININET.InternetGetConnectedStateEx MSVCRT._snprintf "Unknown" "Unknown" "Modem" "LAN" "Yes" "No" "Yes" "No" "Bad" "Avarage" "Good" |
sub_404FE7(7226): MSVCRT.memset WS2_32.getaddrinfo WS2_32.socket WS2_32.connect WS2_32.WSAGetLastError WS2_32.freeaddrinfo |
sub_41417D(726a): MSVCRT.malloc "Listing exploit statistics" |
sub_4142BF(74ca): MSVCRT.atoi MSVCRT.malloc "80" |
sub_4167A0(7643): KERNEL32.DeleteFileA |
sub_412919(767f): WS2_32.recv |
sub_404612(76e6): WS2_32.getaddrinfo WS2_32.getnameinfo MSVCRT._mbscpy WS2_32.freeaddrinfo |
sub_404193(7992): MSVCRT._itoa |
sub_409318(7bc1): KERNEL32.QueryPerformanceCounter KERNEL32.QueryPerformanceFrequency MSVCRT.ceil MSVCRT._ftol KERNEL32.GetTickCount |
sub_40D734(7c17): USER32.FindWindowA "mIRC" |
sub_411DC5(819f): MSVCRT.memcpy MSVCRT.free WS2_32.socket MSVCRT.memset WS2_32.htons WS2_32.inet_addr WS2_32.setsockopt WS2_32.bind MSVCRT.fopen WS2_32.closesocket MSVCRT.fseek MSVCRT.ftell WS2_32.select WS2_32.recvfrom MSVCRT.strlen MSVCRT.strncmp WS2_32.sendto MSVCRT.fread WS2_32.inet_ntoa MSVCRT.fclose "rb" "octet" "octet" "wormride" |
sub_404D9B(81c4): MSVCRT.memcpy |
sub_401D6E(859f): MSVCRT.malloc MSVCRT._mbscat "open" "Remote cmd thread" "\r\n" "Error while executing command." |
sub_401856(8604): KERNEL32.CloseHandle |
sub_4050EA(87ab): MSVCRT.memset WS2_32.getaddrinfo WS2_32.socket WS2_32.connect WS2_32.WSAGetLastError WS2_32.select WS2_32.freeaddrinfo |
sub_40F26E(88cb): MSVCRT.memset |
sub_40A50E(88d5): MSVCRT.malloc MSVCRT._mbscpy MSVCRT.memcpy |
sub_41113B(8dbe): MSVCRT._snprintf MSVCRT.strlen MSVCRT.sscanf MSVCRT.fopen MSVCRT.fseek MSVCRT.ftell MSVCRT.fclose KERNEL32.Sleep "%u,%u,%u,%u,%u,%u" "rb" "150 -\r\n" "rb" "-x 3 2000 fh 1024 Jan 1 0:00 .\r\ndrwxr-x"... "150 -\r\n" "ftp" "221 -\r\n" "231 -\r\n" |
sub_414EF4(8f0e): MSVCRT.memcpy MSVCRT.free USER32.wsprintfA MSVCRT.strlen KERNEL32.lstrcpy KERNEL32.lstrcmp MSVCRT.strstr KERNEL32.Sleep USER32.IsCharAlphaNumericA KERNEL32.lstrlen KERNEL32.lstrcpyn MSVCRT.memset "%x" "%ws" "220d5cc1" "5e7e8100" ":" ":" ":" "b9819c52" "e161255a" "StringIndex" |
sub_4094E6(8f32): MSVCRT._mbscpy "thread" |
sub_42B421(904d): KERNEL32.LoadLibraryA KERNEL32.GetProcAddress "ole32.dll" "CoInitialize" "CoUninitialize" "mscoree.dll" "CorBindToRuntimeEx" "oleaut32.dll" "wks" |
sub_40CF2F(913e): MSVCRT._mbscpy "6667" |
sub_405F67(9314): MSVCRT.memset MSVCRT.memcpy |
sub_4055E5(93f0): MSVCRT.memcpy MSVCRT.free WS2_32.socket WS2_32.setsockopt MSVCRT.memset MSVCRT.atoi WS2_32.htons WS2_32.inet_addr WS2_32.gethostbyname MSVCRT.sprintf MSVCRT.strlen WS2_32.sendto KERNEL32.Sleep "%u\r\n" "%u.%u.%u.%u:%u\r\n" "%u\r\n" "%u.%u.%u.%u:%u\r\n" "%u\r\n" "%u.%u.%u.%u:%u\r\n" "%u\r\n" "%u.%u.%u.%u:%u\r\n" |
sub_407928(94bd): MSVCRT.memset MSVCRT._mbscpy |
sub_405E45(94e4): MSVCRT.malloc MSVCRT.atoi "LG flooder" |
sub_408E4A(95bf): MSVCRT.malloc |
sub_40CEB0(975e): MSVCRT.malloc "Executing command(s): %s" |
sub_408808(983f): MSVCRT._mbscpy MSVCRT.clock "80" |
sub_42A960(983f): KERNEL32.VirtualAlloc KERNEL32.VirtualFree |
sub_415DFD(9871): MSVCRT.malloc "Listing interesting processes" |
sub_4124A0(987b): MSVCRT.memcpy WS2_32.inet_addr MSVCRT.atoi WS2_32.htons |
sub_404871(9b8d): MSVCRT.memcpy MSVCRT.free |
sub_403260(9c33): MSVCRT.malloc MSVCRT._mbscat |
sub_404F24(9d8c): WS2_32.__WSAFDIsSet |
sub_412BC9(9dde): WS2_32.select WS2_32.shutdown KERNEL32.Sleep |
sub_41331E(9eb7): MSVCRT.memcpy MSVCRT.free MSVCRT._mbscpy MSVCRT._itoa |
sub_40D7E5(9f9d): MSVCRT.strlen |
sub_403588(a1a9): WS2_32.WSASetLastError MSVCRT.malloc MSVCRT.memset MSVCRT.atoi WS2_32.htons MSVCRT.memcpy WS2_32.gethostbyname |
sub_408342(a362): KERNEL32.GetLocaleInfoA MSVCRT._strcmpi |
sub_40D420(a5e3): MSVCRT.sprintf MSVCRT._vsnprintf MSVCRT._mbscat MSVCRT.strlen "NOTICE %s :" "\r\n" |
sub_412D56(a651): WS2_32.shutdown KERNEL32.Sleep |
sub_412720(a6d1): MSVCRT._mbscpy MSVCRT.memcpy |
sub_4048EF(a995): WS2_32.__WSAFDIsSet WS2_32.accept WS2_32.select |
sub_408F2E(ab4d): MSVCRT.memcpy MSVCRT.free KERNEL32.GetDriveTypeA KERNEL32.GetDiskFreeSpaceExA MSVCRT.memset MSVCRT._mbscat USER32.wsprintfA "Drive information - " "removable" "fixed" "remote" "cd-rom" "ramdisk" "unknown" |
sub_401981(ac1d): MSVCRT.memcpy MSVCRT.free MSVCRT.clock KERNEL32.SearchPathA KERNEL32.CreatePipe KERNEL32.GetCurrentProcess KERNEL32.DuplicateHandle MSVCRT.memset KERNEL32.CreateProcessA KERNEL32.CloseHandle KERNEL32.PeekNamedPipe KERNEL32.GetExitCodeProcess KERNEL32.Sleep KERNEL32.ReadFile "cmd.exe" "Could not read data from process." "Cmd.exe process has terminated." |
sub_4127D0(aca4): MSVCRT.strcmp MSVCRT.fopen MSVCRT.fread MSVCRT.fclose "rb" |
sub_40F159(adbe): MSVCRT.memcpy |
sub_40449C(aeb4): WS2_32.getsockname WS2_32.getnameinfo |
sub_415B60(af11): MSVCRT.memcpy MSVCRT.free USER32.GetWindowTextA MSVCRT._strnicmp MSVCRT.strcmp ADVAPI32.RegOpenKeyExA ADVAPI32.RegCloseKey "Unreal3" "World Of Warcraft" "[Conquer]" "SOFTWARE\\Microsoft\\VisualStudio\\6.0\\Set"... "Software\\Valve\\Steam" "Yes" "No" "Yes" "No" "Yes" "No" "Yes" "No" "Yes" "No" |
sub_406643(b583): MSVCRT.atoi KERNEL32.GetCurrentProcessId KERNEL32.OpenProcess KERNEL32.TerminateProcess KERNEL32.CloseHandle |
sub_403DF3(b5a9): MSVCRT.memcpy MSVCRT.free MSVCRT.strlen MSVCRT._mbscpy MSVCRT._mbscat " : USERID : UNIX : " "\r\n" |
sub_413AB0(b5b6): MSVCRT._mbscpy MSVCRT._strcmpi MSVCRT.atoi MSVCRT.malloc MSVCRT.memcpy |
sub_40CA29(b7e9): MSVCRT.strstr MSVCRT.sscanf MSVCRT.atoi MSVCRT._strcmpi ")" "&&" "%32s %16s %32s" "$uptime" "$version" "$free" "$latency" "$firewall" "$ipv6" "$uptime" "$version" "$free" "$latency" "$firewall" "$ipv6" "==" "!=" ">" ">=" "<=" "&&" |
sub_4148CE(b829): ADVAPI32.RegOpenKeyExA ADVAPI32.RegQueryValueExA ADVAPI32.RegCloseKey MSVCRT._mbscpy KERNEL32.GetEnvironmentVariableA MSVCRT._mbscat MSVCRT.fopen KERNEL32.GetDriveTypeA MSVCRT.sprintf "SOFTWARE\\Classes\\Applications\\FlashFXP."... "sites.dat" "ProgramFiles" "\\FlashFXP\\sites.dat" "rb" "%sFlashFXP\\sites.dat" "rb" |
sub_40546E(b8fe): WS2_32.select WS2_32.__WSAFDIsSet |
sub_40806A(b9eb): MSVCRT._mbscpy MSVCRT.sprintf |
sub_40D6CB(ba86): MSVCRT._vsnprintf MSVCRT._mbscat MSVCRT.strlen "\r\n" |
sub_406CF8(ba88): MSVCRT.strlen |
sub_4078A0(bc64): MSVCRT.strlen |
sub_409BF1(bc92): MSVCRT.malloc MSVCRT.free |
sub_410318(bce2): MSVCRT.clock |
sub_4046BC(bcec): MSVCRT.malloc MSVCRT.memset WS2_32.getaddrinfo MSVCRT.free WS2_32.socket WS2_32.setsockopt WS2_32.bind WS2_32.listen WS2_32.freeaddrinfo |
sub_411D68(bd90): MSVCRT.malloc "FTP wormride thread" |
sub_40EC96(be71): MSVCRT.strlen |
sub_415F69(bf55): MSVCRT.memcpy MSVCRT.free WS2_32.socket WS2_32.gethostname WS2_32.gethostbyname WS2_32.closesocket MSVCRT.memset WS2_32.bind WS2_32.WSAIoctl WS2_32.inet_addr MSVCRT.atoi WS2_32.recv MSVCRT.strlen WS2_32.htons WS2_32.inet_ntoa MSVCRT.sprintf KERNEL32.Sleep |
sub_4123F6(bf6b): MSVCRT.malloc "TFTP wormride thread" |
sub_41043F(bfa2): MSVCRT.clock |
sub_410461(bfa2): MSVCRT.clock |
sub_410483(bfa2): MSVCRT.clock |
sub_40E618(c143): MSVCRT._strcmpi MSVCRT.strcmp "302" "PRIVMSG" "NOTICE" |
sub_406041(c2bf): MSVCRT.malloc MSVCRT.realloc MSVCRT.free MSVCRT.memset MSVCRT._mbscpy KERNEL32.OpenProcess KERNEL32.CloseHandle MSVCRT.strncpy MSVCRT.strlen "system" |
sub_40821B(c393): KERNEL32.Sleep |
sub_409CB1(c41b): MSVCRT.printf MSVCRT.memset NTDLL.RtlGetLastWin32Error "Could not get a valid ICMP handle\n" |
sub_409479(c505): MSVCRT.malloc MSVCRT._beginthreadex KERNEL32.CloseHandle MSVCRT.free |
sub_406A23(c753): KERNEL32.GetSystemDirectoryA MSVCRT._mbscat MSVCRT._mbscpy KERNEL32.DeleteFileA MSVCRT.fopen MSVCRT.fwrite MSVCRT.fclose |
sub_406E8E(c805): KERNEL32.GetModuleHandleA KERNEL32.GetModuleFileNameA KERNEL32.GetSystemDirectoryA MSVCRT._mbscat MSVCRT._strcmpi KERNEL32.DeleteFileA KERNEL32.CopyFileA KERNEL32.SetFileAttributesA MSVCRT.memset KERNEL32.CreateProcessA WS2_32.WSACleanup MSVCRT.exit "Windows DLL Loader" |
sub_402A32(c93b): MSVCRT.memcpy MSVCRT.free MSVCRT._mbscpy MSVCRT._strnicmp KERNEL32.CopyFileA NTDLL.RtlGetLastWin32Error MSVCRT.strlen MSVCRT.strstr MSVCRT.clock KERNEL32.DeleteFileA "http://" "80" "ftp://" "21" "anonymous" "anonymous" "tftp://" "69" ":" "/" "open" |
sub_406509(ceef): MSVCRT.atoi MSVCRT.malloc KERNEL32.OpenProcess MSVCRT.free KERNEL32.ReadProcessMemory KERNEL32.CloseHandle |
sub_4098F3(d7a4): MSVCRT.atoi MSVCRT.memset KERNEL32.TerminateThread KERNEL32.CloseHandle MSVCRT._snprintf "*%s*" |
sub_405FA3(d81a): KERNEL32.LoadLibraryA KERNEL32.GetProcAddress "psapi.dll" "EnumProcessModules" "GetModuleFileNameExA" "GetModuleInformation" |
sub_404457(d81b): WS2_32.ioctlsocket |
sub_4077DD(d893): MSVCRT._itoa MSVCRT.malloc MSVCRT._mbscpy MSVCRT.memcpy |
sub_4045B2(db0b): WS2_32.getpeername WS2_32.htons MSVCRT._itoa |
sub_40C93C(dd51): MSVCRT.memcpy MSVCRT.free MSVCRT._snprintf ";" "link!link@link PRIVMSG %s :%s" ";" |
sub_408E8E(e076): KERNEL32.GetDriveTypeA KERNEL32.GetDiskFreeSpaceExA MSVCRT.memset |
sub_402698(e10f): MSVCRT._snprintf MSVCRT.strlen MSVCRT.strstr MSVCRT.sscanf MSVCRT.fopen MSVCRT.fwrite MSVCRT.fclose KERNEL32.DeleteFileA "GET /%s HTTP/1.0\r\nHost: %s\r\n\r\n" "\r\n\r\n" "Content-Length: %u\r\n" |
sub_40637C(e198): MSVCRT.memcpy MSVCRT.free KERNEL32.Sleep |
sub_41102F(e43a): MSVCRT.fopen MSVCRT.fread MSVCRT.fclose "rb" |
sub_406722(e784): MSVCRT._strnicmp MSVCRT.strlen MSVCRT._mbscpy MSVCRT.memcpy ADVAPI32.RegOpenKeyExA MSVCRT.malloc ADVAPI32.RegQueryValueExA MSVCRT.sprintf MSVCRT._mbscat MSVCRT.free ADVAPI32.RegCloseKey "HKCR" "HKCU" "HKLM" "HKUS" |
sub_401244(ecac): MSVCRT.memcpy MSVCRT.free MSVCRT.malloc KERNEL32.GetCurrentProcessId KERNEL32.GetModuleHandleA KERNEL32.GetModuleFileNameA MSVCRT._strcmpi KERNEL32.OpenProcess KERNEL32.ReadProcessMemory KERNEL32.Sleep KERNEL32.TerminateProcess KERNEL32.CloseHandle |
sub_406AE7(f004): KERNEL32.GetSystemDirectoryA MSVCRT._mbscat MSVCRT._mbscpy MSVCRT.fopen MSVCRT.fclose "rb" |
sub_4141C1(f105): MSVCRT.memcpy MSVCRT.free MSVCRT.clock |
sub_40A9CF(f341): MSVCRT._mbscpy MSVCRT.memcpy USER32.GetForegroundWindow USER32.GetWindowTextA MSVCRT.strlen MSVCRT.strcmp ADVAPI32.RegOpenKeyExA ADVAPI32.RegCloseKey ADVAPI32.RegQueryValueExA MSVCRT.malloc MSVCRT.free MSVCRT.clock KERNEL32.Sleep MSVCRT.atoi MSVCRT._strcmpi KERNEL32.GetModuleHandleA KERNEL32.GetModuleFileNameA KERNEL32.ExitProcess WS2_32.getaddrinfo WS2_32.getnameinfo WS2_32.freeaddrinfo MSVCRT.memcmp MSVCRT.memset WS2_32.htons WS2_32.socket WS2_32.connect WS2_32.send WS2_32.closesocket MSVCRT._strnicmp "ܹϗ؆ܥ" "This build is fully functional" "This build is broken and will not funct"... "It took me %ums." "on" "off" "on" "QUIT :exitting" "open" "QUIT :restarting" "QUIT :changing server" "2002" "9252" "id" "username" |
sub_403BD3(f523): KERNEL32.LoadLibraryA KERNEL32.GetProcAddress "kernel32.dll" "InitializeCriticalSectionAndSpinCount" "netapi32.dll" "NetUseAdd" "NetUseDel" "NetUserEnum" "NetShareEnum" "NetRemoteTOD" "NetApiBufferFree" "NetScheduleJobAdd" "NetAddAlternateComputerName" "mpr.dll" "WNetAddConnection2A" "WNetAddConnection2W" "WNetCancelConnection2A" "WNetCancelConnection2W" "ws2_32.dll" "getaddrinfo" "getnameinfo" "freeaddrinfo" "pstorec.dll" "PStoreCreateInstance" "wininet.dll" "InternetGetConnectedStateExA" |
sub_413CB3(f55e): MSVCRT.memcpy MSVCRT.free MSVCRT.malloc |
sub_4095A4(f614): MSVCRT.free MSVCRT.vsprintf MSVCRT._beginthreadex MSVCRT.memset |
sub_4103F5(f653): MSVCRT.clock |
sub_40D74D(f68e): KERNEL32.CreateFileMappingA KERNEL32.MapViewOfFile MSVCRT.sprintf USER32.SendMessageA KERNEL32.UnmapViewOfFile KERNEL32.CloseHandle "mIRC" |
sub_412A3A(f743): MSVCRT.memcpy MSVCRT.memset WS2_32.shutdown KERNEL32.Sleep |
sub_40A2D2(f744): USER32.wsprintfA MSVCRT.strlen MSVCRT.strcmp KERNEL32.Sleep |
sub_4129CA(f764): MSVCRT._mbscpy "unknown" |
sub_403BBD(f784): MSVCRT.free |
sub_40D366(f7df): KERNEL32.Sleep |
sub_411A09(f84c): MSVCRT.strcmp MSVCRT.sprintf MSVCRT.strlen |
sub_4053BF(f924): WS2_32.send |
start(fbe9): KERNEL32.VirtualAlloc KERNEL32.GetModuleFileNameA USER32.MessageBoxA KERNEL32.ExitProcess KERNEL32.VirtualFree KERNEL32.VirtualProtect KERNEL32.GetModuleHandleA KERNEL32.LoadLibraryExA USER32.wsprintfA KERNEL32.GetProcAddress "Error allocating memory!" "A required .DLL file, %hs, was not foun"... "The %hs file is \nlinked to missing expo"... "The %hs file is \nlinked to missing expo"... "Error bad relocation pointer: *pdw = 0x"... "Unexpected relocation type: *pw = 0x%04"... |
sub_40636E(ffbf): MSVCRT.free |