sub_outside():
KERNEL32.ExitProcess
KERNEL32.Sleep
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
KERNEL32.WaitForSingleObject
NTDLL.RtlGetLastWin32Error
KERNEL32.ExitThread
KERNEL32.GetCurrentThreadId
KERNEL32.GetStartupInfoA
KERNEL32.GetProcessHeap
NTDLL.RtlAllocateHeap
KERNEL32.GetVersionExA
NTDLL.RtlFreeHeap
KERNEL32.GetCommandLineA
NTDLL.RtlReAllocateHeap
NTDLL.RtlUnwind
|
sub_418AA7(0130):
KERNEL32.GetCPInfo
KERNEL32.MultiByteToWideChar
KERNEL32.WideCharToMultiByte
|
sub_41A0D7(0635):
KERNEL32.FlushFileBuffers
NTDLL.RtlGetLastWin32Error
|
sub_41ACB3(08d2):
KERNEL32.CreateFileA
"CONOUT$"
|
sub_41715E(08e4):
NTDLL.RtlReAllocateHeap
NTDLL.RtlAllocateHeap
KERNEL32.VirtualAlloc
NTDLL.RtlFreeHeap
|
sub_411EC6(090a):
KERNEL32.GetModuleHandleA
KERNEL32.GetProcAddress
KERNEL32.InterlockedIncrement
"KERNEL32.DLL"
|
sub_4080EE(092e):
WS2_32.WSAStartup
WININET.InternetOpenA
NTDLL.RtlGetLastWin32Error
WININET.InternetCloseHandle
WS2_32.WSACleanup
"Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
|
sub_402509(0bdb):
KERNEL32.InitializeCriticalSection
KERNEL32.CreateEventA
|
sub_41A3FB(0c06):
KERNEL32.GetProcessHeap
NTDLL.RtlAllocateHeap
NTDLL.RtlFreeHeap
KERNEL32.SetEndOfFile
NTDLL.RtlGetLastWin32Error
|
sub_4124E3(0e94):
KERNEL32.ExitProcess
|
sub_4089E6(107e):
"DICT"
"DICT_SP"
" "
"DICT_NL"
"\r\n"
"RAND_NUM"
"0123456789"
"RAND_CHAR_LC"
"abcdefghijklmnopqrstuvwxyz"
"RAND_CHAR_UC"
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"RAND_CHAR_MC"
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLM"...
"abcdefghijklmnopqrstuvwxyz0123456789"
"RECIPIENTS"
|
sub_419D07(11c8):
KERNEL32.SetStdHandle
|
sub_419937(1716):
KERNEL32.LoadLibraryA
KERNEL32.GetProcAddress
USER32.GetProcessWindowStation
USER32.MessageBoxA
"USER32.DLL"
"MessageBoxA"
"GetActiveWindow"
"GetLastActivePopup"
"GetUserObjectInformationA"
"GetProcessWindowStation"
|
sub_40376E(1832):
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
KERNEL32.WaitForSingleObject
KERNEL32.Sleep
"UNINSTALL"
"Uninstalling\n"
"MailBot::onUpdate: trying to return?!"
"IDLE: %d\n"
"Got some emails to return, not waiting\n"...
|
sub_412F1F(1b24):
KERNEL32.GetCPInfo
|
sub_40DBDC(1c1d):
KERNEL32.IsDebuggerPresent
KERNEL32.SetUnhandledExceptionFilter
KERNEL32.UnhandledExceptionFilter
KERNEL32.GetCurrentProcess
KERNEL32.TerminateProcess
|
sub_404B2B(1f02):
KERNEL32.GetVersionExA
KERNEL32.GetModuleHandleA
KERNEL32.GetProcAddress
KERNEL32.GetSystemInfo
USER32.GetSystemMetrics
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegQueryValueExA
ADVAPI32.RegCloseKey
KERNEL32.lstrcmpiA
"UNKNOWN"
"GetNativeSystemInfo"
"kernel32.dll"
"Windows Vista "
"Windows Server \"Longhorn\" "
"Microsoft Windows Server 2003 \"R2\" "
"Microsoft Windows XP Professional x64 E"...
"Microsoft Windows Server 2003, "
"Microsoft Windows XP "
"Microsoft Windows 2000 "
"Microsoft Windows NT "
"Workstation 4.0 "
"Home Edition "
"Professional "
"Datacenter Edition for Itanium-based Sy"...
"Enterprise Edition for Itanium-based Sy"...
"Datacenter x64 Edition "
"Enterprise x64 Edition "
"Standard x64 Edition "
"Datacenter Edition "
"Enterprise Edition "
"Web Edition "
"Standard Edition "
"Datacenter Server "
"Advanced Server "
"Server "
"Server 4.0, Enterprise Edition "
"Server 4.0 "
"SYSTEM\\CurrentControlSet\\Control\\Produc"...
"UNKNOWN"
"ProductType"
"WINNT"
"Workstation "
"LANMANNT"
"Server "
"SERVERNT"
"Advanced Server "
"%d.%d "
"Service Pack 6"
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
"Service Pack 6a (Build %d)"
"%s (Build %d)"
"%s (Build %d)"
"Microsoft Windows 95 "
"OSR2 "
"Microsoft Windows 98 "
"SE "
"Microsoft Windows Millennium Edition"
"Microsoft Win32s"
|
sub_4107BC(2094):
KERNEL32.RaiseException
|
sub_417B49(240f):
KERNEL32.WideCharToMultiByte
NTDLL.RtlGetLastWin32Error
|
sub_402AA0(24d7):
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
KERNEL32.SetEvent
|
sub_416DD7(2585):
NTDLL.RtlAllocateHeap
|
sub_41411B(2759):
KERNEL32.SetUnhandledExceptionFilter
KERNEL32.UnhandledExceptionFilter
|
sub_418D2B(2989):
KERNEL32.CreateFileA
NTDLL.RtlGetLastWin32Error
KERNEL32.GetFileType
KERNEL32.CloseHandle
|
sub_409441(2d66):
"\r\n"
|
sub_4123F6(2daa):
NTDLL.RtlSizeHeap
|
sub_402F64(31d0):
WS2_32.inet_ntoa
DNSAPI.DnsQuery_A
DNSAPI.DnsRecordListFree
"%d.%d.%d.%d.in-addr.arpa"
"Server version %d.%d.%d, my ip %s (%s)\n"...
|
sub_419F16(34be):
NTDLL.RtlLeaveCriticalSection
|
sub_419BDD(364e):
KERNEL32.MultiByteToWideChar
|
sub_40D599(3693):
WS2_32.select
WS2_32.__WSAFDIsSet
|
sub_41A5AF(3aac):
KERNEL32.ReadFile
NTDLL.RtlGetLastWin32Error
KERNEL32.MultiByteToWideChar
|
sub_401A4D(45c6):
KERNEL32.FormatMessageA
KERNEL32.LocalFree
|
sub_401F07(4871):
"list too long"
|
sub_4182BC(48c7):
KERNEL32.InitializeCriticalSection
|
sub_40399B(4af7):
"gmail.com"
|
sub_41250A(4c00):
KERNEL32.TlsFree
|
sub_41844E(4d78):
KERNEL32.GetStringTypeW
NTDLL.RtlGetLastWin32Error
KERNEL32.MultiByteToWideChar
KERNEL32.GetStringTypeA
|
sub_413BDA(4f5e):
NTDLL.RtlLeaveCriticalSection
|
sub_413B88(4f5e):
NTDLL.RtlEnterCriticalSection
|
sub_4133C2(5886):
KERNEL32.InterlockedIncrement
|
sub_40460B(58a4):
KERNEL32.GetWindowsDirectoryA
KERNEL32.FindResourceA
NTDLL.RtlGetLastWin32Error
KERNEL32.SetFileAttributesA
KERNEL32.SizeofResource
KERNEL32.LoadResource
KERNEL32.SetHandleCount
KERNEL32.GetStartupInfoA
KERNEL32.CreateProcessA
KERNEL32.ExitProcess
"Respawning as %s ...\n"
"\\system32\\helpermnew1winc4.exe"
"RT_HELPER"
"FindResource: %$\n"
"wb"
"fopen: (%d) %s\n"
|
sub_403C76(58c1):
"abcdefghijklmnopqrstuvwxyz"
"abcdefghijklmnopqrstuvwxyz"
"abcdefghijklmnopqrstuvwxyz"
"gmail.com"
|
sub_416C79(5be9):
NTDLL.RtlDeleteCriticalSection
|
sub_40D0B0(5f57):
"DATA\r\n"
"SmtpClient::data: connection broken\n"
"\r\n.\r\n"
|
sub_4094C5(6075):
"#$"
"#$"
|
sub_412323(60a0):
KERNEL32.Sleep
|
sub_40BA6E(60f9):
"ServerComm::doCommand: disconnected whi"...
"ServerComm::doCommand: disconnected whi"...
|
sub_4124BD(61ac):
KERNEL32.GetModuleHandleA
KERNEL32.GetProcAddress
KERNEL32.TlsFree
"mscoree.dll"
"CorExitProcess"
|
sub_401156(6317):
KERNEL32.GlobalMemoryStatus
KERNEL32.GetDiskFreeSpaceExA
USER32.GetCursorPos
KERNEL32.GetSystemTime
KERNEL32.GetTickCount
"C:\\"
"%02x"
|
sub_41AB51(65eb):
KERNEL32.SetFilePointer
NTDLL.RtlGetLastWin32Error
|
sub_4123AB(6721):
KERNEL32.Sleep
|
sub_419F38(68c8):
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
|
sub_41720E(6919):
KERNEL32.VirtualAlloc
|
sub_413BFD(6a78):
"UNICODE"
|
sub_40BDCD(6a80):
"ServerComm::readDomains: email does not"...
|
sub_409016(6b94):
"To: "
", "
"\r\nCc: "
", "
"\r\nBcc: "
", "
|
sub_4103C5(6cc3):
KERNEL32.ExitThread
|
sub_4093C0(6d48):
"\r\n"
"\r\n"
|
sub_408593(6dc0):
"_DATE"
"_MY_IP"
"_MY_HOSTNAME"
"_FROM_DOMAIN"
"_SENDER"
"_HELO"
|
sub_40D602(6fba):
WS2_32.select
WS2_32.__WSAFDIsSet
|
sub_412EA5(705a):
KERNEL32.GetOEMCP
KERNEL32.GetACP
|
sub_419B1B(71e5):
KERNEL32.WriteConsoleW
NTDLL.RtlGetLastWin32Error
KERNEL32.GetConsoleOutputCP
KERNEL32.WideCharToMultiByte
KERNEL32.WriteConsoleA
|
sub_4182CC(7249):
KERNEL32.GetModuleHandleA
KERNEL32.GetProcAddress
NTDLL.RtlSetLastWin32Error
"kernel32.dll"
"InitializeCriticalSectionAndSpinCount"
|
sub_40B642(7265):
WS2_32.socket
WS2_32.ntohs
WS2_32.inet_addr
WS2_32.gethostbyname
WS2_32.connect
"ServerComm::connect: cannot create sock"...
"g6.jeiahsdod.net"
"ServerComm::connect: unknown host"
"ServerComm::connect: cannot connect"
|
sub_40A92E(733e):
"invalid map/set iterator"
|
sub_407784(752b):
KERNEL32.Sleep
|
sub_40B9E7(7577):
WS2_32.closesocket
|
sub_40290F(76e3):
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
|
sub_41530F(7887):
KERNEL32.UnhandledExceptionFilter
|
sub_416B2C(7a5e):
KERNEL32.IsDebuggerPresent
KERNEL32.SetUnhandledExceptionFilter
KERNEL32.UnhandledExceptionFilter
KERNEL32.GetCurrentProcess
KERNEL32.TerminateProcess
|
sub_402979(7c24):
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
"MailBot::getMessage: no templates or no"...
|
sub_40CF4A(807c):
"MAIL FROM: <"
">\r\n"
"SmtpClient::mailFrom: connection broken"...
|
sub_40CE97(807c):
"HELO "
"\r\n"
"SmtpClient::helo: connection broken\n"
|
sub_40CFFD(807c):
"RCPT TO: <"
">\r\n"
"SmtpClient::rcptTo: connection broken\n"
|
sub_401065(827b):
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegQueryValueExA
ADVAPI32.RegCloseKey
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
"AltClientId"
|
sub_4178D6(83d5):
KERNEL32.SetFilePointer
NTDLL.RtlGetLastWin32Error
|
sub_40CC9C(87b4):
WS2_32.closesocket
|
sub_412C77(87b5):
KERNEL32.GetCPInfo
|
sub_40D66E(8a1a):
WS2_32.send
WS2_32.WSAGetLastError
|
sub_40583B(8e89):
"0.0.0.0"
|
sub_411E2B(915d):
KERNEL32.TlsGetValue
|
sub_405089(9190):
KERNEL32.CreateMutexA
NTDLL.RtlGetLastWin32Error
KERNEL32.ExitProcess
KERNEL32.WaitForSingleObject
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
KERNEL32.Sleep
"BLAH"
"Running on %s\n"
|
sub_413448(9237):
KERNEL32.InterlockedDecrement
|
sub_40FDF8(931f):
KERNEL32.GetSystemTimeAsFileTime
|
sub_40C10E(954f):
"Config packet has incorrect size"
|
sub_4047AC(95ca):
KERNEL32.GetWindowsDirectoryA
KERNEL32.GetModuleFileNameA
ADVAPI32.RegCreateKeyExA
ADVAPI32.RegSetValueExA
ADVAPI32.RegCloseKey
"\\system32\\mnew1winc4.exe"
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
"mlrnew1c4"
"mlrnew1c4"
|
sub_412136(96d2):
KERNEL32.TlsGetValue
KERNEL32.TlsSetValue
|
sub_401B38(9a8d):
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
|
sub_407C9A(9b4b):
KERNEL32.Sleep
|
sub_403E41(9f54):
WININET.InternetConnectA
NTDLL.RtlGetLastWin32Error
WININET.HttpOpenRequestA
WININET.InternetCloseHandle
WININET.HttpSendRequestA
WININET.HttpQueryInfoA
WININET.InternetReadFile
KERNEL32.Sleep
"cbl.abuseat.org"
"*/*"
"image/gif"
"image/x-bitmap"
"image/jpeg"
"image/pjpeg"
"InternetConnect: %$\n"
"lookup.cgi"
"GET"
"HttpOpenRequest: %$\n"
"Accept-Language: en\r\n"
"Accept-Encoding: gzip, deflate\r\n"
"HttpSendRequest: %$\n"
"RBL server response code: %d\n"
"&submit=Lookup"
"http://cbl.abuseat.org/lookup.cgi"
"GET"
"HttpOpenRequest: %$\n"
"Accept-Language: en\r\n"
"Accept-Encoding: gzip, deflate\r\n"
"HttpSendRequest: %$\n"
"RBL server response code: %d\n"
"was not found"
"Not listed.\n"
"GET"
"Accept-Language: en\r\n"
"Accept-Encoding: gzip, deflate\r\n"
"RBL server response code: %d\n"
"name=\"confirm\" value=\""
"Cannot find confirmation code to remove"...
"Cannot find confirmation code to remove"...
"remove.cgi"
"POST"
"HttpOpenRequest: %$\n"
"Accept-Language: en\r\n"
"Content-Type: application/x-www-form-ur"...
"Accept-Encoding: gzip, deflate\r\n"
"ip="
"&confirm="
"&owner=yes&virus=&proxy=&comments=&canr"...
"HttpSendRequest: %$\n"
"RBL server response code: %d\n"
|
sub_418C8C(a109):
NTDLL.RtlDeleteCriticalSection
|
sub_40CCCC(a6c8):
WS2_32.socket
WS2_32.ioctlsocket
WS2_32.inet_addr
WS2_32.gethostbyname
WS2_32.ntohs
WS2_32.connect
WS2_32.WSAGetLastError
WS2_32.inet_ntoa
"SmtpClient::connect: unknown host: %s\n"
"SmtpClient::connect: cannot connect to "...
|
sub_40F6FC(a7b0):
"Visual C++ CRT: Not enough memory to co"...
"Visual C++ CRT: Not enough memory to co"...
|
sub_41440F(a83e):
KERNEL32.GetConsoleMode
KERNEL32.GetConsoleCP
KERNEL32.WideCharToMultiByte
KERNEL32.WriteFile
NTDLL.RtlGetLastWin32Error
|
sub_41219F(a9bf):
KERNEL32.GetModuleHandleA
KERNEL32.GetProcAddress
KERNEL32.TlsAlloc
KERNEL32.TlsSetValue
KERNEL32.TlsFree
KERNEL32.GetCurrentThreadId
"KERNEL32.DLL"
"FlsAlloc"
"FlsGetValue"
"FlsSetValue"
"FlsFree"
|
sub_40BA00(acd0):
WS2_32.recv
|
sub_40BA37(acd0):
WS2_32.send
|
sub_40D355(ad1b):
WS2_32.recv
WS2_32.WSAGetLastError
"SmtpClient::recvResponse: connection br"...
"%s\n"
|
sub_411069(ad53):
NTDLL.RtlAllocateHeap
|
sub_407E77(ad69):
"No recipients accepted\n"
|
sub_415D79(add8):
KERNEL32.SetUnhandledExceptionFilter
|
sub_40D228(aece):
DNSAPI.DnsQuery_A
DNSAPI.DnsRecordListFree
|
sub_4010E1(aef9):
ADVAPI32.RegCreateKeyExA
ADVAPI32.RegSetValueExA
ADVAPI32.RegCloseKey
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
"AltClientId"
|
sub_409C73(af7d):
"map/set too long"
|
sub_40A5B6(af7d):
"map/set too long"
|
sub_41574E(b143):
KERNEL32.GetModuleFileNameA
"C:\\m_unpacker\\packed.exe"
|
sub_418A60(b2da):
KERNEL32.GetLocaleInfoA
|
sub_4024A7(b382):
KERNEL32.InitializeCriticalSection
|
sub_419D84(b451):
KERNEL32.SetStdHandle
|
sub_4027E7(b51e):
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
|
sub_411E46(b5f9):
KERNEL32.TlsGetValue
KERNEL32.TlsSetValue
|
sub_40D7C3(bc0a):
"invalid string position"
|
sub_40D2A0(bf31):
KERNEL32.GetDateFormatA
KERNEL32.GetTimeFormatA
"ddd',' dd MMM yyyy "
"HH':'mm':'ss "
"%+02.2d%02d"
|
sub_412499(bfcd):
KERNEL32.TlsFree
|
sub_401989(c1ad):
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
|
sub_416DA6(c36e):
NTDLL.RtlEnterCriticalSection
|
sub_415C79(c391):
KERNEL32.GetSystemTimeAsFileTime
KERNEL32.GetCurrentProcessId
KERNEL32.GetCurrentThreadId
KERNEL32.GetTickCount
KERNEL32.QueryPerformanceCounter
|
sub_40ACEC(c4e5):
"invalid map/set iterator"
|
sub_416CCE(c70d):
NTDLL.RtlLeaveCriticalSection
|
sub_41593C(ca1e):
KERNEL32.GetStartupInfoA
KERNEL32.GetFileType
KERNEL32.GetStdHandle
KERNEL32.SetHandleCount
|
sub_4048E7(ca29):
ADVAPI32.RegCreateKeyExA
ADVAPI32.RegDeleteValueA
ADVAPI32.RegCloseKey
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
"mlrnew1c4"
"mlrnew1c4"
"-X"
|
sub_41083D(cba9):
NTDLL.RtlUnwind
|
sub_41422C(cd6e):
KERNEL32.GetModuleFileNameA
KERNEL32.GetStdHandle
KERNEL32.WriteFile
"Runtime Error!\n\nProgram: "
""
"..."
"\n\n"
"Microsoft Visual C++ Runtime Library"
|
sub_415807(ced3):
KERNEL32.GetEnvironmentStringsW
NTDLL.RtlGetLastWin32Error
KERNEL32.WideCharToMultiByte
KERNEL32.FreeEnvironmentStringsW
KERNEL32.GetEnvironmentStringsA
KERNEL32.FreeEnvironmentStringsA
|
sub_412E01(d02f):
KERNEL32.InterlockedDecrement
KERNEL32.InterlockedIncrement
|
sub_4081BF(d1c5):
"."
"\r\n.\r\n"
"."
|
sub_405EBC(d20f):
"list too long"
|
sub_403151(d2a5):
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
KERNEL32.SetEvent
KERNEL32.ResetEvent
"EMAILS\n"
"MailBot::onEmails: got empty bucket\n"
|
sub_417D65(d327):
NTDLL.RtlAllocateHeap
|
sub_413B59(d432):
NTDLL.RtlEnterCriticalSection
|
sub_413BAB(d432):
NTDLL.RtlLeaveCriticalSection
|
sub_4135A3(d5b0):
KERNEL32.LCMapStringW
NTDLL.RtlGetLastWin32Error
KERNEL32.MultiByteToWideChar
KERNEL32.WideCharToMultiByte
KERNEL32.LCMapStringA
|
sub_411E89(d7e5):
KERNEL32.TlsFree
|
sub_4130CA(d858):
KERNEL32.InterlockedDecrement
KERNEL32.InterlockedIncrement
|
sub_4027B2(d893):
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
|
sub_4033DA(daf4):
NTDLL.RtlEnterCriticalSection
KERNEL32.CloseHandle
NTDLL.RtlLeaveCriticalSection
"CONFIG\n"
|
sub_40499E(df93):
KERNEL32.GetWindowsDirectoryA
WININET.InternetOpenUrlA
NTDLL.RtlGetLastWin32Error
WININET.InternetReadFile
WININET.InternetCloseHandle
"Performing update from URL: %s\n"
"\\system32\\updatemnew1winc4.exe"
"wb"
"fopen: (%d) %s\n"
"InternetOpenUrl: %$\n"
|
sub_419E76(e051):
NTDLL.RtlEnterCriticalSection
|
sub_412015(e07f):
KERNEL32.InterlockedDecrement
|
sub_41ACD2(e22c):
KERNEL32.CloseHandle
|
sub_40D6C9(e29d):
NTDLL.RtlEnterCriticalSection
KERNEL32.SetEvent
NTDLL.RtlLeaveCriticalSection
|
sub_417E83(e37e):
NTDLL.RtlAllocateHeap
NTDLL.RtlReAllocateHeap
|
sub_411DBF(e3a2):
KERNEL32.TlsGetValue
KERNEL32.GetModuleHandleA
KERNEL32.GetProcAddress
"KERNEL32.DLL"
|
sub_411D53(e3a2):
KERNEL32.TlsGetValue
KERNEL32.GetModuleHandleA
KERNEL32.GetProcAddress
"KERNEL32.DLL"
|
sub_40BB2D(e3ba):
"ServerComm::getResponse: disconnected w"...
"ServerComm::getResponse: unexpected res"...
"ServerComm::getResponse: insane respons"...
"ServerComm::getResponse: disconnected w"...
"ServerComm::getResponse: bad response -"...
|
sub_415C1F(e479):
KERNEL32.HeapCreate
KERNEL32.HeapDestroy
|
sub_413E9F(e48e):
NTDLL.RtlEnterCriticalSection
|
sub_40260A(e4e1):
KERNEL32.CloseHandle
NTDLL.RtlDeleteCriticalSection
|
sub_402BCF(e7c2):
"succ: %s@%s\n"
"unlk: %s@%s (connection error)\n"
"fail: %s@%s matched string '%s'\n"
"unlk: %s@%s (%s)\n"
|
sub_40313B(ece2):
"PONG\n"
|
sub_40684D(edbf):
"vector too long"
|
sub_411E22(ef17):
KERNEL32.TlsAlloc
|
sub_411F7A(efa1):
NTDLL.RtlGetLastWin32Error
KERNEL32.TlsGetValue
KERNEL32.GetCurrentThreadId
NTDLL.RtlSetLastWin32Error
|
sub_4140EA(f36d):
NTDLL.RtlUnwind
|
sub_40B49B(f4f7):
DNSAPI.DnsQuery_A
DNSAPI.DnsRecordListFree
"nomx: %s@%s\n"
|
sub_4026D0(f5a2):
KERNEL32.ResetEvent
NTDLL.RtlLeaveCriticalSection
KERNEL32.WaitForSingleObject
NTDLL.RtlEnterCriticalSection
|
sub_40CDF4(f5cd):
"\r\n"
"SmtpClient::command: connection broken\n"...
|
sub_412363(f675):
KERNEL32.Sleep
|
sub_403B47(f69b):
"Proxy lock found: %s\n"
"smtp."
"mail."
"No proxy lock found\n"
|
sub_416E4A(f7b2):
KERNEL32.VirtualFree
NTDLL.RtlFreeHeap
|
sub_403A28(f96c):
WS2_32.inet_addr
DNSAPI.DnsQuery_A
WS2_32.inet_ntoa
DNSAPI.DnsRecordListFree
"%d.%d.%d.%d.sbl-xbl.spamhaus.org"
"Strange RBL record %s\n"
"XBL listed.\n"
"SBL listed.\n"
"Not on RBL. Let's rock!\n"
|
sub_40D183(f975):
"QUIT\r\n"
"SmtpClient::quit: connection broken\n"
|
sub_4104BF(fa36):
KERNEL32.CreateThread
NTDLL.RtlGetLastWin32Error
|
sub_414C65(fb55):
KERNEL32.CloseHandle
NTDLL.RtlGetLastWin32Error
|
sub_409358(fb6e):
KERNEL32.GetLocalTime
KERNEL32.GetTimeZoneInformation
|
sub_415D9A(fd09):
KERNEL32.SetUnhandledExceptionFilter
|
sub_407949(fd93):
"No recipients accepted\n"
|