Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- CPU Disasm
- Address Hex dump Command Comments
- 00401000 05 58BEC8B4 ADD EAX,B4C8BE58 ; hw_native.00401000(guessed Arg1)
- 00401005 D088 BC180390 ROR BYTE PTR DS:[EAX+900318BC],1
- 0040100B 07 POP ES ; Modification of segment register
- 0040100C 40 INC EAX
- 0040100D 64:0803 OR BYTE PTR FS:[EBX],AL
- 00401010 8007 5F ADD BYTE PTR DS:[EDI],5F
- 00401013 A2 BC15DC20 MOV BYTE PTR DS:[20DC15BC],AL
- 00401018 40 INC EAX
- 00401019 05 58BEC565 ADD EAX,65C5BE58
- 0040101E ^ 78 B7 JS SHORT 00400FD7
- 00401020 D083 3F657E8D ROL BYTE PTR DS:[EBX+8D7E653F],1
- 00401026 7F FF JG SHORT 00401027
- 00401028 FF DB FF ; Unknown command
- 00401029 F8 CLC
- 0040102A BC 885C9742 MOV ESP,42975C88 ; Suspicious use of stack pointer
- 0040102F 00FB ADD BL,BH
- 00401031 E0 7C LOOPNZ SHORT 004010AF
- 00401033 1E PUSH DS
- 00401034 60 PUSHAD
- 00401035 40 INC EAX
- 00401036 3F AAS
- 00401037 08BC62 500000 OR BYTE PTR DS:[EDX+0F000050],BH
- 0040103E 07 POP ES ; Modification of segment register
- 0040103F 40 INC EAX
- 00401040 BC 1E81833F MOV ESP,3F83811E ; Suspicious use of stack pointer
- 00401045 081E OR BYTE PTR DS:[ESI],BL
- 00401047 6F OUTS DX,DWORD PTR DS:[ESI] ; I/O command
- 00401048 FF DB FF ; Unknown command
- 00401049 FFF0 PUSH EAX
- 0040104B F4 HLT ; Privileged instruction
- 0040104C ^ 74 97 JE SHORT 00400FE5
- 0040104E 5E POP ESI
- 0040104F 05 F8BC65E5 ADD EAX,E565BCF8
- 00401054 DC20 FSUB QWORD PTR DS:[EAX]
- 00401056 40 INC EAX
- 00401057 05 58BEC515 ADD EAX,15C5BE58
- 0040105C 15 356578B7 ADC EAX,B7786535
- 00401061 D083 3F68B473 ROL BYTE PTR DS:[EBX+73B4683F],1
- 00401067 C8 B443 87 ENTER 43B4,87
- 0040106B 803C78 B5 CMP BYTE PTR DS:[EDI*2+EAX],0B5
- 0040106F 0208 ADD CL,BYTE PTR DS:[EAX]
- 00401071 B5 81 MOV CH,81
- 00401073 C03D 78B48240 SAR BYTE PTR DS:[4082B478],3D ; Shift out of range
- 0040107A F8 CLC
- 0040107B B4 01 MOV AH,1
- 0040107D 803CF8 95 CMP BYTE PTR DS:[EDI*8+EAX],95
- 00401081 5F POP EDI
- 00401082 C8 94DF 88 ENTER 0DF94,88
- 00401086 94 XCHG EAX,ESP
- 00401087 50 PUSH EAX
- 00401088 885C07 41 MOV BYTE PTR DS:[EAX+EDI+41],BL
- 0040108C 98 CWDE
- 0040108D B0 4B MOV AL,4B
- 0040108F 203C75 0E882F AND BYTE PTR DS:[ESI*2+FF2F880E],BH
- 00401096 FFF3 PUSH EBX
- 00401098 B4 50 MOV AH,50
- 0040109A C741 48 B55FC MOV DWORD PTR DS:[ECX+48],63C45FB5
- 004010A1 B7 50 MOV BH,50
- 004010A3 872E XCHG DWORD PTR DS:[ESI],EBP
- 004010A5 73 3C JAE SHORT 004010E3
- 004010A7 05 F5E5B8BE ADD EAX,BEB8E5F5
- 004010AC 55 PUSH EBP
- 004010AD DC20 FSUB QWORD PTR DS:[EAX]
- 004010AF 8008 B4 OR BYTE PTR DS:[EAX],B4
- 004010B2 5F POP EDI
- 004010B3 80FB 70 CMP BL,70
- 004010B6 47 INC EDI
- 004010B7 08B0 48303C7E OR BYTE PTR DS:[EAX+7E3C3048],DH
- 004010BD BE 9558BEC8 MOV ESI,C8BE5895
- 004010C2 B4 D0 MOV AH,0D0
- 004010C4 833D 28BC1663 CMP DWORD PTR DS:[6316BC28],-6F
- 004010CB 17 POP SS ; Modification of segment register
- 004010CC 40 INC EAX
- 004010CD 883C00 MOV BYTE PTR DS:[EAX+EAX],BH
- 004010D0 26:6391 075F8 ARPL WORD PTR ES:[ECX+BC825F07],DX
- 004010D7 183E SBB BYTE PTR DS:[ESI],BH
- 004010D9 0FE5DC PMULHW MM3,MM4
- 004010DC 2040 05 AND BYTE PTR DS:[EAX+5],AL
- 004010DF 58 POP EAX
- 004010E0 BE C5356578 MOV ESI,786535C5
- 004010E5 B7 D0 MOV BH,0D0
- 004010E7 885F F7 MOV BYTE PTR DS:[EDI-9],BL
- 004010EA 45 INC EBP
- 004010EB ^ 78 B5 JS SHORT 004010A2
- 004010ED D0C8 ROR AL,1
- 004010EF 5D POP EBP
- 004010F0 B7 45 MOV BH,45
- 004010F2 05 7E8C6FFF ADD EAX,FF6F8C7E
- 004010F7 FFF5 PUSH EBP
- 004010F9 38BF 0E8BEFFF CMP BYTE PTR DS:[EDI+FFEF8B0E],BH
- 004010FF FFF3 PUSH EBX
- 00401101 BF 0753E2BD MOV EDI,BDE25307
- 00401106 FC CLD
- 00401107 74 50 JE SHORT 00401159
- 00401109 8610 XCHG BYTE PTR DS:[EAX],DL
- 0040110B 0000 ADD BYTE PTR DS:[EAX],AL
- 0040110D 00FB ADD BL,BH
- 0040110F ^ 70 F8 JO SHORT 00401109
- 00401111 BD 10FB7343 MOV EBP,4373FB10
- 00401116 B8 BC6663B4 MOV EAX,B46366BC
- 0040111B D087 20681C2E ROL BYTE PTR DS:[EDI+2E1C6820],1
- 00401121 0F DB 0F ; Unknown command
- 00401122 F0:0006 LOCK ADD BYTE PTR DS:[ESI],AL
- 00401125 63B7 50872050 ARPL WORD PTR DS:[EDI+50208750],SI
- 0040112B 5E POP ESI
- 0040112C 0F DB 0F ; Unknown command
- 0040112D F0:0006 LOCK ADD BYTE PTR DS:[ESI],AL
- 00401130 63BD 0750E668 ARPL WORD PTR SS:[EBP+68E65007],DI
- 00401136 5C POP ESP
- 00401137 97 XCHG EAX,EDI
- 00401138 40 INC EAX
- 00401139 58 POP EAX
- 0040113A 3C 70 CMP AL,70
- 0040113C 2E:BC F33C0EB MOV ESP,B00E3CF3 ; Superfluous segment override prefix
- 00401142 333C04 XOR EDI,DWORD PTR SS:[EAX+ESP]
- 00401145 05 F5E5B5DC ADD EAX,DCB5E5F5
- 0040114A 2080 0558BEC6 AND BYTE PTR DS:[EAX+C6BE5805],AL
- 00401150 4A DEC EDX
- 00401151 1300 ADC EAX,DWORD PTR DS:[EAX]
- 00401153 0000 ADD BYTE PTR DS:[EAX],AL
- 00401155 05 6578B400 ADD EAX,0B47865
- 0040115A C8 B780 C8 ENTER 80B7,0C8
- 0040115E BF 7FF7508F MOV EDI,8F50F77F
- 00401163 F763 0E MUL DWORD PTR DS:[EBX+0E]
- 00401166 874F FF XCHG DWORD PTR DS:[EDI-1],ECX
- 00401169 FF DB FF ; Unknown command
- 0040116A F8 CLC
- 0040116B 5C POP ESP
- 0040116C 07 POP ES ; Modification of segment register
- 0040116D 40 INC EAX
- 0040116E A8 B3 TEST AL,B3
- 00401170 63BF 775EB33C ARPL WORD PTR DS:[EDI+3CB35E77],DI
- 00401176 0E PUSH CS
- 00401177 B0 38 MOV AL,38
- 00401179 B4 61 MOV AH,61
- 0040117B 85F5 TEST EBP,ESI
- 0040117D E5 DC IN EAX,0DC ; I/O command
- 0040117F 2040 05 AND BYTE PTR DS:[EAX+5],AL
- 00401182 58 POP EAX
- 00401183 BE C81EC240 MOV ESI,40C21EC8
- 00401188 40 INC EAX
- 00401189 0008 ADD BYTE PTR DS:[EAX],CL
- 0040118B 37 AAA
- 0040118C D080 05356570 ROL BYTE PTR DS:[EAX+70653505],1
- 00401192 F8 CLC
- 00401193 4D DEC EBP
- 00401194 C050 00 08 RCL BYTE PTR DS:[EAX],8 ; Shift out of range
- 00401198 37 AAA
- 00401199 D100 ROL DWORD PTR DS:[EAX],1
- 0040119B 00F8 ADD AL,BH
- 0040119D 4D DEC EBP
- 0040119E 2050 00 AND BYTE PTR DS:[EAX],DL
- 004011A1 06 PUSH ES
- 004011A2 A6 CMPS BYTE PTR DS:[ESI],BYTE PTR ES:[EDI]
- 004011A3 B5 86 MOV CH,86
- 004011A5 A6 CMPS BYTE PTR DS:[ESI],BYTE PTR ES:[EDI]
- 004011A6 55 PUSH EBP
- 004011A7 96 XCHG EAX,ESI
- 004011A8 A7 CMPS DWORD PTR DS:[ESI],DWORD PTR ES:[ED
- 004011A9 26:68 9458858 PUSH 86855894 ; Superfluous segment override prefix
- 004011AF A6 CMPS BYTE PTR DS:[ESI],BYTE PTR ES:[EDI]
- 004011B0 E5 E6 IN EAX,0E6 ; I/O command
- 004011B2 A6 CMPS BYTE PTR DS:[ESI],BYTE PTR ES:[EDI]
- 004011B3 C5 DB C5 ; Unknown command
- 004011B4 F6A3 36689458 MUL BYTE PTR DS:[EBX+58946836]
- 004011BA C586 A3266894 LDS EAX,FWORD PTR DS:[ESI+946826A3] ; Modification of segment register
- 004011C0 59 POP ECX
- 004011C1 45 INC EBP
- 004011C2 86A2 E5A6A646 XCHG BYTE PTR DS:[EDX+46A6A6E5],AH
- 004011C8 68 9459633C PUSH 3C635994
- 004011CD 06 PUSH ES
- 004011CE 68 94D8A668 PUSH 68A6D894
- 004011D3 94 XCHG EAX,ESP
- 004011D4 D905 9668945A FLD DWORD PTR DS:[5A946896]
- 004011DA 06 PUSH ES
- 004011DB A7 CMPS DWORD PTR DS:[ESI],DWORD PTR ES:[ED
- 004011DC 45 INC EBP
- 004011DD 8668 94 XCHG BYTE PTR DS:[EAX-6C],CH
- 004011E0 5A POP EDX
- 004011E1 633C06 ARPL WORD PTR DS:[EAX+ESI],DI
- 004011E4 68 945B68D4 PUSH D4685B94
- 004011E9 5A POP EDX
- 004011EA 45 INC EBP
- 004011EB 06 PUSH ES
- 004011EC 68 9758E668 PUSH 68E65897
- 004011F1 97 XCHG EAX,EDI
- 004011F2 D926 FLDENV DS:[ESI]
- 004011F4 68 95598668 PUSH 68865995
- 004011F9 94 XCHG EAX,ESP
- 004011FA D9A6 6897D9C6 FLDENV DS:[ESI+C6D99768]
- 00401200 68 97D9E668 PUSH 68E6D997
- 00401205 97 XCHG EAX,EDI
- 00401206 5A POP EDX
- 00401207 46 INC ESI
- 00401208 68 94DA8668 PUSH 6886DA94
- 0040120D 97 XCHG EAX,EDI
- 0040120E DAA6 6897DAC6 FISUB DWORD PTR DS:[ESI+C6DA9768]
- 00401214 68 955AE668 PUSH 68E65A95
- 00401219 94 XCHG EAX,ESP
- 0040121A DB06 FILD DWORD PTR DS:[ESI]
- 0040121C 68 97DB2668 PUSH 6826DB97
- 00401221 97 XCHG EAX,EDI
- 00401222 DB4E 82 FISTTP DWORD PTR DS:[ESI-7E]
- 00401225 4F DEC EDI
- 00401226 FF DB FF ; Unknown command
- 00401227 FF DB FF ; Unknown command
- 00401228 F8 CLC
- 00401229 BF 88D45885 MOV EDI,8558D488
- 0040122E 0E PUSH CS
- 0040122F 819F FFFFF8BD SBB DWORD PTR DS:[EDI+BDF8FFFF],8F52788C
- 00401239 FF DB FF ; Unknown command
- 0040123A FFF7 PUSH EDI
- 0040123C 93 XCHG EAX,EBX
- 0040123D A3 C078D45C MOV DWORD PTR DS:[5CD478C0],EAX
- 00401242 4C DEC ESP
- 00401243 78 52 JS SHORT 00401297
- 00401245 CF IRETD ; Far jump or call
- 00401246 FF DB FF ; Unknown command
- 00401247 FFF7 PUSH EDI
- 00401249 94 XCHG EAX,ESP
- 0040124A A8 A0 TEST AL,A0
- 0040124C B8 985ECFEF MOV EAX,EFCF5E98
- 00401251 FF DB FF ; Unknown command
- 00401252 F8 CLC
- 00401253 D4 5D AAM 5D
- 00401255 8898 5F0FEFFF MOV BYTE PTR DS:[EAX+FFEF0F5F],BL
- 0040125B F8 CLC
- 0040125C D4 5B AAM 5B
- 0040125E 8898 5F4FEFFF MOV BYTE PTR DS:[EAX+FFEF4F5F],BL
- 00401264 F8 CLC
- 00401265 D4 58 AAM 58
- 00401267 48 DEC EAX
- 00401268 98 CWDE
- 00401269 5F POP EDI
- 0040126A 8F DB 8F ; Unknown command
- 0040126B EF OUT DX,EAX ; I/O command
- 0040126C FF DB FF ; Unknown command
- 0040126D F8 CLC
- 0040126E D4 5D AAM 5D
- 00401270 C8 985F CF ENTER 5F98,0CF
- 00401274 EF OUT DX,EAX ; I/O command
- 00401275 FF DB FF ; Unknown command
- 00401276 F8 CLC
- 00401277 D857 4F FCOM DWORD PTR DS:[EDI+4F]
- 0040127A FF DB FF ; Unknown command
- 0040127B FF DB FF ; Unknown command
- 0040127C F8 CLC
- 0040127D 98 CWDE
- 0040127E 50 PUSH EAX
- 0040127F 0F DB 0F ; Unknown command
- 00401280 FF DB FF ; Unknown command
- 00401281 FF DB FF ; Unknown command
- 00401282 F8 CLC
- 00401283 D4 5D AAM 5D
- 00401285 0C 78 OR AL,78
- 00401287 53 PUSH EBX
- 00401288 0F DB 0F ; Unknown command
- 00401289 FF DB FF ; Unknown command
- 0040128A FF DB FF ; Unknown command
- 0040128B FE DB FE ; Unknown command
- 0040128C E3 88 JECXZ SHORT 00401216
- 0040128E 30CC XOR AH,CL
- 00401290 78 53 JS SHORT 004012E5
- 00401292 4F DEC EDI
- 00401293 FF DB FF ; Unknown command
- 00401294 FFF5 PUSH EBP
- 00401296 76 4E JBE SHORT 004012E6
- 00401298 101C78 ADC BYTE PTR DS:[EDI*2+EAX],BL
- 0040129B 53 PUSH EBX
- 0040129C 8F DB 8F ; Unknown command
- 0040129D FF DB FF ; Unknown command
- 0040129E FFF1 PUSH ECX
- 004012A0 8E4CA0 8C MOV CS,DWORD PTR DS:[EAX-74] ; Invalid segment register
- 004012A4 78 53 JS SHORT 004012F9
- 004012A6 CF IRETD ; Far jump or call
- 004012A7 FF DB FF ; Unknown command
- 004012A8 FF DB FF ; Unknown command
- 004012A9 FE DB FE ; Unknown command
- 004012AA 3C AD CMP AL,0AD
- 004012AC 803C78 54 CMP BYTE PTR DS:[EDI*2+EAX],54
- 004012B0 0F DB 0F ; Unknown command
- 004012B1 FF DB FF ; Unknown command
- 004012B2 FF DB FF ; Unknown command
- 004012B3 F9 STC
- 004012B4 9B WAIT
- 004012B5 04 80 ADD AL,80
- 004012B7 6C INS BYTE PTR ES:[EDI],DX ; I/O command
- 004012B8 78 54 JS SHORT 0040130E
- 004012BA 4F DEC EDI
- 004012BB FF DB FF ; Unknown command
- 004012BC FF DB FF ; Unknown command
- 004012BD F9 STC
- 004012BE 3BA9 403C7854 CMP EBP,DWORD PTR DS:[ECX+54783C40]
- 004012C4 8F DB 8F ; Unknown command
- 004012C5 FF DB FF ; Unknown command
- 004012C6 FF DB FF ; Unknown command
- 004012C7 FE4C7B 90 DEC BYTE PTR DS:[EDI*2+EBX-70]
- 004012CB 4C DEC ESP
- 004012CC 78 54 JS SHORT 00401322
- 004012CE CF IRETD ; Far jump or call
- 004012CF FF DB FF ; Unknown command
- 004012D0 FF DB FF ; Unknown command
- 004012D1 FE48 7B DEC BYTE PTR DS:[EAX+7B]
- 004012D4 804C78 55 0F OR BYTE PTR DS:[EDI*2+EAX+55],0F
- 004012D9 FF DB FF ; Unknown command
- 004012DA FF DB FF ; Unknown command
- 004012DB FA CLI
- 004012DC 92 XCHG EAX,EDX
- 004012DD DD70 1C FSAVE DS:[EAX+1C]
- 004012E0 78 55 JS SHORT 00401337
- 004012E2 4F DEC EDI
- 004012E3 FF DB FF ; Unknown command
- 004012E4 FFF0 PUSH EAX
- 004012E6 5D POP EBP
- 004012E7 13D0 ADC EDX,EAX
- 004012E9 BC 78558FFF MOV ESP,FF8F5578 ; Suspicious use of stack pointer
- 004012EE FFF4 PUSH ESP
- 004012F0 42 INC EDX
- 004012F1 72 30 JB SHORT 00401323
- 004012F3 FC CLD
- 004012F4 78 55 JS SHORT 0040134B
- 004012F6 CF IRETD ; Far jump or call
- 004012F7 FF DB FF ; Unknown command
- 004012F8 FF DB FF ; Unknown command
- 004012F9 FE86 F180DC78 INC BYTE PTR DS:[ESI+78DC80F1]
- 004012FF 56 PUSH ESI
- 00401300 0F DB 0F ; Unknown command
- 00401301 FF DB FF ; Unknown command
- 00401302 FF DB FF ; Unknown command
- 00401303 FB STI
- 00401304 57 PUSH EDI
- 00401305 DA DB DA ; Unknown command
- 00401306 E0 98 LOOPNZ SHORT 004012A0
- 00401308 98 CWDE
- 00401309 50 PUSH EAX
- 0040130A 4F DEC EDI
- 0040130B FF DB FF ; Unknown command
- 0040130C FF DB FF ; Unknown command
- 0040130D F8 CLC
- 0040130E D857 0F FCOM DWORD PTR DS:[EDI+0F]
- 00401311 FF DB FF ; Unknown command
- 00401312 FF DB FF ; Unknown command
- 00401313 F8 CLC
- 00401314 98 CWDE
- 00401315 50 PUSH EAX
- 00401316 8F DB 8F ; Unknown command
- 00401317 FF DB FF ; Unknown command
- 00401318 FF DB FF ; Unknown command
- 00401319 F8 CLC
- 0040131A D4 58 AAM 58
- 0040131C 0898 50CFFFFF OR BYTE PTR DS:[EAX-30B0],BL
- 00401322 F8 CLC
- 00401323 D857 8F FCOM DWORD PTR DS:[EDI-71]
- 00401326 FF DB FF ; Unknown command
- 00401327 FF DB FF ; Unknown command
- 00401328 F8 CLC
- 00401329 98 CWDE
- 0040132A 51 PUSH ECX
- 0040132B 0F DB 0F ; Unknown command
- 0040132C FF DB FF ; Unknown command
- 0040132D FF DB FF ; Unknown command
- 0040132E F8 CLC
- 0040132F D857 CF FCOM DWORD PTR DS:[EDI-31]
- 00401332 FF DB FF ; Unknown command
- 00401333 FF DB FF ; Unknown command
- 00401334 F8 CLC
- 00401335 98 CWDE
- 00401336 51 PUSH ECX
- 00401337 4F DEC EDI
- 00401338 FF DB FF ; Unknown command
- 00401339 FF DB FF ; Unknown command
- 0040133A F8 CLC
- 0040133B D4 5C AAM 5C
- 0040133D 0898 518FFFFF OR BYTE PTR DS:[EAX+FFFF8F51],BL
- 00401343 F8 CLC
- 00401344 D856 CF FCOM DWORD PTR DS:[ESI-31]
- 00401347 FF DB FF ; Unknown command
- 00401348 FF DB FF ; Unknown command
- 00401349 F8 CLC
- 0040134A 98 CWDE
- 0040134B 51 PUSH ECX
- 0040134C CF IRETD ; Far jump or call
- 0040134D FF DB FF ; Unknown command
- 0040134E FF DB FF ; Unknown command
- 0040134F F8 CLC
- 00401350 D4 5B AAM 5B
- 00401352 C8 9852 0F ENTER 5298,0F
- 00401356 FF DB FF ; Unknown command
- 00401357 FF DB FF ; Unknown command
- 00401358 F8 CLC
- 00401359 D4 5E AAM 5E
- 0040135B 0898 524FFFFF OR BYTE PTR DS:[EAX+FFFF4F52],BL
- 00401361 F3:3C 08 REP CMP AL,8 ; Superfluous REPxx prefix
- 00401364 BF 0FFB4B52 MOV EDI,524BFB0F
- 00401369 8F DB 8F ; Unknown command
- 0040136A FF DB FF ; Unknown command
- 0040136B FF DB FF ; Unknown command
- 0040136C F8 CLC
- 0040136D 3F AAS
- 0040136E E0 28 LOOPNZ SHORT 00401398
- 00401370 BC 70F4FC35 MOV ESP,35FCF470 ; Suspicious use of stack pointer
- 00401375 0E PUSH CS
- 00401376 8DDF LEA EBX,EDI ; Illegal use of register
- 00401378 CF IRETD ; Far jump or call
- 00401379 FF DB FF ; Unknown command
- 0040137A F8 CLC
- 0040137B B8 CB5ECFEF MOV EAX,EFCF5ECB
- 00401380 FF DB FF ; Unknown command
- 00401381 F8 CLC
- 00401382 90 NOP
- 00401383 185C00 F8 SBB BYTE PTR DS:[EAX+EAX-8],BL
- 00401387 4E DEC ESI
- 00401388 8030 00 XOR BYTE PTR DS:[EAX],00
- 0040138B 04 68 ADD AL,68
- 0040138D 3F AAS
- 0040138E E0 F7 LOOPNZ SHORT 00401387
- 00401390 CD 43 INT 43
- 00401392 3C 04 CMP AL,4
- 00401394 0898 564FFFFF OR BYTE PTR DS:[EAX+FFFF4F56],BL
- 0040139A F8 CLC
- 0040139B D4 5E AAM 5E
- 0040139D 46 INC ESI
- 0040139E A1 050FF55D MOV EAX,DWORD PTR DS:[5DF50F05]
- 004013A3 86A448 D85A8F XCHG BYTE PTR DS:[ECX*2+EAX+EF8F5AD8],AH
- 004013AA FFF5 PUSH EBP
- 004013AC 0FF55D 86 PMADDWD MM3,QWORD PTR SS:[EBP-7A]
- 004013B0 8CC0 MOV EAX,ES
- 004013B2 2000 AND BYTE PTR DS:[EAX],AL
- 004013B4 08D8 OR AL,BL
- 004013B6 5D POP EBP
- 004013B7 CF IRETD ; Far jump or call
- 004013B8 BF FFFC785A MOV EDI,5A78FCFF
- 004013BD 8F DB 8F ; Unknown command
- 004013BE EF OUT DX,EAX ; I/O command
- 004013BF FFF4 PUSH ESP
- 004013C1 40 INC EAX
- 004013C2 0000 ADD BYTE PTR DS:[EAX],AL
- 004013C4 05 0FF55D88 ADD EAX,885DF50F
- 004013C9 B4 D1 MOV AH,0D1
- 004013CB 033D 2C785DCF ADD EDI,DWORD PTR DS:[CF5D782C]
- 004013D1 BF FFF07000 MOV EDI,70F0FF
- 004013D6 1008 ADC BYTE PTR DS:[EAX],CL
- 004013D8 BF A8B713C0 MOV EDI,C013B7A8
- 004013DD 3F AAS
- 004013DE 10FB ADC BL,BH
- 004013E0 74 61 JZ SHORT 00401443
- 004013E2 48 DEC EAX
- 004013E3 95 XCHG EAX,EBP
- 004013E4 5F POP EDI
- 004013E5 C8 955C C8 ENTER 5C95,0C8
- 004013E9 94 XCHG EAX,ESP
- 004013EA 5C POP ESP
- 004013EB 8399 6A000000 SBB DWORD PTR DS:[ECX+6A],7
- 004013F2 41 INC ECX
- 004013F3 6399 6A400000 ARPL WORD PTR DS:[ECX+406A],BX
- 004013F9 07 POP ES ; Modification of segment register
- 004013FA 40 INC EAX
- 004013FB EF OUT DX,EAX ; I/O command
- 004013FC 64:61 POPAD ; Superfluous segment override prefix
- 004013FE 60 PUSHAD
- 004013FF 17 POP SS ; Modification of segment register
- 00401400 50 PUSH EAX
- 00401401 833D B43895DF CMP DWORD PTR DS:[DF9538B4],-72
- 00401408 B0 58 MOV AL,58
- 0040140A BD A8955F83 MOV EBP,835F95A8
- 0040140F 3C 08 CMP AL,8
- 00401411 95 XCHG EAX,EBP
- 00401412 5D POP EBP
- 00401413 46 INC ESI
- 00401414 6391 10F94C03 ARPL WORD PTR DS:[ECX+34CF910],DX
- 0040141A D4 D5 AAM 0D5
- 0040141C A0 0000F844 MOV AL,BYTE PTR DS:[44F80000]
- 00401421 F0:3000 LOCK XOR BYTE PTR DS:[EAX],AL
- 00401424 033C03 ADD EDI,DWORD PTR DS:[EAX+EBX]
- 00401427 91 XCHG EAX,ECX
- 00401428 60 PUSHAD
- 00401429 F9 STC
- 0040142A 4C DEC ESP
- 0040142B 03D5 ADD EDX,EBP
- 0040142D 04 50 ADD AL,50
- 0040142F 0000 ADD BYTE PTR DS:[EAX],AL
- 00401431 F8 CLC
- 00401432 43 INC EBX
- 00401433 D030 SAL BYTE PTR DS:[EAX],1 ; Undocumented instruction or encoding
- 00401435 0003 ADD BYTE PTR DS:[EBX],AL
- 00401437 3C 06 CMP AL,6
- 00401439 6395 6040F94C ARPL WORD PTR SS:[EBP+4CF94060],DX
- 0040143F 03D4 ADD EDX,ESP
- 00401441 C010 00 RCL BYTE PTR DS:[EAX],0 ; Shift out of range
- 00401444 00F8 ADD AL,BH
- 00401446 42 INC EDX
- 00401447 90 NOP
- 00401448 3000 XOR BYTE PTR DS:[EAX],AL
- 0040144A 08D4 OR AH,DL
- 0040144C 5E POP ESI
- 0040144D 45 INC EBP
- 0040144E 08D8 OR AL,BL
- 00401450 5A POP EDX
- 00401451 8F DB 8F ; Unknown command
- 00401452 EF OUT DX,EAX ; I/O command
- 00401453 FFF5 PUSH EBP
- 00401455 05 2526A045 ADD EAX,45A02625
- 0040145A 25 252FF750 AND EAX,50F72F25
- 0040145F CF IRETD ; Far jump or call
- 00401460 F750 8F NOT DWORD PTR DS:[EAX-71]
- 00401463 F5 CMC
- 00401464 58 POP EAX
- 00401465 48 DEC EAX
- 00401466 5C POP ESP
- 00401467 00F8 ADD AL,BH
- 00401469 4C DEC ESP
- 0040146A 50 PUSH EAX
- 0040146B 2000 AND BYTE PTR DS:[EAX],AL
- 0040146D 08D8 OR AL,BL
- 0040146F 5D POP EBP
- 00401470 CF IRETD ; Far jump or call
- 00401471 BF FFF50FF7 MOV EDI,F70FF5FF
- 00401476 5E POP ESI
- 00401477 8F DB 8F ; Unknown command
- 00401478 F5 CMC
- 00401479 58 POP EAX
- 0040147A 085C00 F8 OR BYTE PTR DS:[EAX+EAX-8],BL
- 0040147E 4B DEC EBX
- 0040147F 0020 ADD BYTE PTR DS:[EAX],AH
- 00401481 0003 ADD BYTE PTR DS:[EBX],AL
- 00401483 3C 05 CMP AL,5
- 00401485 06 PUSH ES
- 00401486 A0 48D45CC5 MOV AL,BYTE PTR DS:[C55CD448]
- 0040148B 08B8 580FCFFF OR BYTE PTR DS:[EAX+FFCF0F58],BH
- 00401491 F8 CLC
- 00401492 3C 00 CMP AL,0
- 00401494 850F TEST DWORD PTR DS:[EDI],ECX
- 00401496 F75E 4F NEG DWORD PTR DS:[ESI+4F]
- 00401499 F9 STC
- 0040149A 57 PUSH EDI
- 0040149B CF IRETD ; Far jump or call
- 0040149C FF DB FF ; Unknown command
- 0040149D FF DB FF ; Unknown command
- 0040149E F8 CLC
- 0040149F 5C POP ESP
- 004014A0 00F8 ADD AL,BH
- 004014A2 48 DEC EAX
- 004014A3 C020 00 SHL BYTE PTR DS:[EAX],0 ; Shift out of range
- 004014A6 08B45C C3B463 OR BYTE PTR SS:[EBX*2+ESP+4763B4C3],DH
- 004014AD 50 PUSH EAX
- 004014AE F5 CMC
- 004014AF 0F DB 0F ; Unknown command
- 004014B0 F75E 4F NEG DWORD PTR DS:[ESI+4F]
- 004014B3 F5 CMC
- 004014B4 5B POP EBX
- 004014B5 885C00 F8 MOV BYTE PTR DS:[EAX+EAX-8],BL
- 004014B9 57 PUSH EDI
- 004014BA 50 PUSH EAX
- 004014BB 2000 AND BYTE PTR DS:[EAX],AL
- 004014BD 06 PUSH ES
- 004014BE A4 MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI]
- 004014BF 06 PUSH ES
- 004014C0 8003 00 ADD BYTE PTR DS:[EBX],0
- 004014C3 000F ADD BYTE PTR DS:[EDI],CL
- 004014C5 F765 03 MUL DWORD PTR SS:[EBP+3]
- 004014C8 3C 05 CMP AL,5
- 004014CA 0FF957 4F PSUBW MM2,QWORD PTR DS:[EDI+4F]
- 004014CE FF DB FF ; Unknown command
- 004014CF FF DB FF ; Unknown command
- 004014D0 F8 CLC
- 004014D1 BF 885FF0F8 MOV EDI,F8F05F88
- 004014D6 45 INC EBP
- 004014D7 8020 00 AND BYTE PTR DS:[EAX],00
- 004014DA 06 PUSH ES
- 004014DB A4 MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI]
- 004014DC 06 PUSH ES
- 004014DD 8003 00 ADD BYTE PTR DS:[EBX],0
- 004014E0 000F ADD BYTE PTR DS:[EDI],CL
- 004014E2 F765 0F MUL DWORD PTR SS:[EBP+0F]
- 004014E5 F763 4F MUL DWORD PTR DS:[EBX+4F]
- 004014E8 F75E 4F NEG DWORD PTR DS:[ESI+4F]
- 004014EB F5 CMC
- 004014EC 5D POP EBP
- 004014ED C8 945F C8 ENTER 5F94,0C8
- 004014F1 5C POP ESP
- 004014F2 07 POP ES ; Modification of segment register
- 004014F3 54 PUSH ESP
- 004014F4 185D B7 SBB BYTE PTR SS:[EBP-49],BL
- 004014F7 51 PUSH ECX
- 004014F8 8F DB 8F ; Unknown command
- 004014F9 F763 4F MUL DWORD PTR DS:[EBX+4F]
- 004014FC F75E 4F NEG DWORD PTR DS:[ESI+4F]
- 004014FF F5 CMC
- 00401500 5B POP EBX
- 00401501 86A406 800300 XCHG BYTE PTR DS:[EAX+ESI+380],AH
- 00401508 0F DB 0F ; Unknown command
- 00401509 F765 0F MUL DWORD PTR SS:[EBP+0F]
- 0040150C F763 4E MUL DWORD PTR DS:[EBX+4E]
- 0040150F B1 46 MOV CL,46
- 00401511 A4 MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI]
- 00401512 06 PUSH ES
- 00401513 8003 00 ADD BYTE PTR DS:[EBX],0
- 00401516 000F ADD BYTE PTR DS:[EDI],CL
- 00401518 F765 03 MUL DWORD PTR SS:[EBP+3]
- 0040151B 3C 0C CMP AL,0C
- 0040151D 74 5D JE SHORT 0040157C
- 0040151F 40 INC EAX
- 00401520 1000 ADC BYTE PTR DS:[EAX],AL
- 00401522 0005 0FF75E4F ADD BYTE PTR DS:[4F5EF70F],AL
- 00401528 F5 CMC
- 00401529 5D POP EBP
- 0040152A C8 945F C8 ENTER 5F94,0C8
- 0040152E 5C POP ESP
- 0040152F 00F8 ADD AL,BH
- 00401531 4F DEC EDI
- 00401532 D010 RCL BYTE PTR DS:[EAX],1
- 00401534 000F ADD BYTE PTR DS:[EDI],CL
- 00401536 F765 4F MUL DWORD PTR SS:[EBP+4F]
- 00401539 F751 05 NOT DWORD PTR DS:[ECX+5]
- 0040153C ^ 7F F5 JG SHORT 00401533
- 0040153E 5C POP ESP
- 0040153F 43 INC EBX
- 00401540 3C 93 CMP AL,93
- 00401542 3C 08 CMP AL,8
- 00401544 94 XCHG EAX,ESP
- 00401545 DF46 63 FILD WORD PTR DS:[ESI+63]
- 00401548 B4 60 MOV AH,60
- 0040154A 67:32E8 XOR CH,AL ; Superfluous address size prefix
- 0040154D B5 DC MOV CH,0DC
- 0040154F 883C32 MOV BYTE PTR DS:[ESI+EDX],BH
- 00401552 C03D EFF73FC8 SAR BYTE PTR DS:[C83FF7EF],0B0 ; Shift out of range
- 00401559 303451 XOR BYTE PTR DS:[EDX*2+ECX],DH
- 0040155C 05 08B43F80 ADD EAX,803FB408
- 00401561 3C 75 CMP AL,75
- 00401563 0FF55C48 B4 PMADDWD MM3,QWORD PTR DS:[ECX*2+EAX-4C]
- 00401568 DF48 D5 FISTTP WORD PTR DS:[EAX-2B]
- 0040156B B2 80 MOV DL,80
- 0040156D FB STI
- 0040156E 74 60 JE SHORT 004015D0
- 00401570 64:1894DF 43B SBB BYTE PTR FS:[EBX*8+EDI+CD87BC43],DL
- 00401578 C3 RETN
- 00401579 3C 98 CMP AL,98
- 0040157B B5 F3 MOV CH,0F3
- 0040157D C8 B45F C0 ENTER 5FB4,0C0
- 00401581 3D F837DD40 CMP EAX,40DD37F8
- 00401586 089433 40F848 OR BYTE PTR DS:[ESI+EBX+1048F840],DL
- 0040158D 0000 ADD BYTE PTR DS:[EAX],AL
- 0040158F 0837 OR BYTE PTR DS:[EDI],DH
- 00401591 DF80 0747B8B9 FILD WORD PTR DS:[EAX+B9B84707]
- 00401597 3A00 CMP AL,BYTE PTR DS:[EAX]
- 00401599 0000 ADD BYTE PTR DS:[EAX],AL
- 0040159B 003D 7894DF83 ADD BYTE PTR DS:[83DF9478],BH
- 004015A1 98 CWDE
- 004015A2 BA 40000007 MOV EDX,7000040
- 004015A7 66:88B420 483 MOV BYTE PTR DS:[EAX+88803E48],DH ; Superfluous operand size prefix
- 004015AF 94 XCHG EAX,ESP
- 004015B0 DF4A 9F FISTTP WORD PTR DS:[EDX-61]
- 004015B3 EF OUT DX,EAX ; I/O command
- 004015B4 FF DB FF ; Unknown command
- 004015B5 FFF7 PUSH EDI
- 004015B7 64:10FB ADC BL,BH ; Superfluous segment override prefix
- 004015BA ^ 74 C4 JE SHORT 00401580
- 004015BC A0 86685C97 MOV AL,BYTE PTR DS:[975C6886]
- 004015C1 42 INC EDX
- 004015C2 48 DEC EAX
- 004015C3 B4 63 MOV AH,63
- 004015C5 48 DEC EAX
- 004015C6 1E PUSH DS
- 004015C7 1F POP DS ; Modification of segment register
- 004015C8 F0 LOCK ; Two prefixes from the same group
- 004015C9 F0:0000 LOCK ADD BYTE PTR DS:[EAX],AL
- 004015CC 30A2 904398B4 XOR BYTE PTR DS:[EDX+B4984390],AH
- 004015D2 5F POP EDI
- 004015D3 40 INC EAX
- 004015D4 FB STI
- 004015D5 ^ 74 C4 JE SHORT 0040159B
- 004015D7 2088 B433481E AND BYTE PTR DS:[EAX+1E4833B4],CL
- 004015DD 1F POP DS ; Modification of segment register
- 004015DE F0 LOCK ; Two prefixes from the same group
- 004015DF F0:0000 LOCK ADD BYTE PTR DS:[EAX],AL
- 004015E2 30A0 104398B4 XOR BYTE PTR DS:[EAX+B4984310],AH
- 004015E8 2048 B4 AND BYTE PTR DS:[EAX-4C],CL
- 004015EB DF48 3E FISTTP WORD PTR DS:[EAX+3E]
- 004015EE 80841D 1E8894 ADD BYTE PTR SS:[EBX+EBP+DF94881E],43
- 004015F6 BC 872BF8B4 MOV ESP,B4F82B87 ; Suspicious use of stack pointer
- 004015FB DF80 34A04035 FILD WORD PTR DS:[EAX+3540A034]
- 00401601 2043 B8 AND BYTE PTR DS:[EBX-48],AL
- 00401604 BA 40000006 MOV EDX,6000040
- 00401609 A0 0894DF85 MOV AL,BYTE PTR DS:[85DF9408]
- 0040160E 97 XCHG EAX,EDI
- 0040160F 2983 3DB53FF7 SUB DWORD PTR DS:[EBX+F73FB53D],EAX
- 00401615 65:05 7FF75FC ADD EAX,CF5FF77F ; Superfluous segment override prefix
- 0040161B F75E 4F NEG DWORD PTR DS:[ESI+4F]
- 0040161E F5 CMC
- 0040161F 5D POP EBP
- 00401620 085C00 F8 OR BYTE PTR DS:[EAX+EAX-8],BL
- 00401624 40 INC EAX
- 00401625 C010 00 RCL BYTE PTR DS:[EAX],0 ; Shift out of range
- 00401628 08D8 OR AL,BL
- 0040162A 56 PUSH ESI
- 0040162B 8F DB 8F ; Unknown command
- 0040162C FF DB FF ; Unknown command
- 0040162D FFF5 PUSH EBP
- 0040162F 06 PUSH ES
- 00401630 A0 2FF7654F MOV AL,BYTE PTR DS:[4F65F72F]
- 00401635 F75F CF NEG DWORD PTR DS:[EDI-31]
- 00401638 F75E 4F NEG DWORD PTR DS:[ESI+4F]
- 0040163B F5 CMC
- 0040163C 5B POP EBX
- 0040163D C8 5C00 F8 ENTER 5C,0F8
- 00401641 4E DEC ESI
- 00401642 F0:0000 LOCK ADD BYTE PTR DS:[EAX],AL
- 00401645 033C08 ADD EDI,DWORD PTR DS:[ECX+EAX]
- 00401648 95 XCHG EAX,EBP
- 00401649 DF86 63B46067 FILD WORD PTR DS:[ESI+6760B463]
- 0040164F 36:F8 CLC ; Superfluous segment override prefix
- 00401651 B5 DC MOV CH,0DC
- 00401653 883C33 MOV BYTE PTR DS:[ESI+EBX],BH
- 00401656 C03D E8B03A90 SAR BYTE PTR DS:[903AB0E8],0 ; Shift out of range
- 0040165D 0002 ADD BYTE PTR DS:[EDX],AL
- 0040165F 07 POP ES ; Modification of segment register
- 00401660 41 INC ECX
- 00401661 98 CWDE
- 00401662 5C POP ESP
- 00401663 07 POP ES ; Modification of segment register
- 00401664 90 NOP
- 00401665 46 INC ESI
- 00401666 A4 MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI]
- 00401667 0E PUSH CS
- 00401668 B1 72 MOV CL,72
- 0040166A 50 PUSH EAX
- 0040166B 0000 ADD BYTE PTR DS:[EAX],AL
- 0040166D 04 0F ADD AL,0F
- 0040166F ^ 7D 81 JGE SHORT 004015F2
- 00401671 BC 083E0108 MOV ESP,8013E08 ; Suspicious use of stack pointer
- 00401676 3C 01 CMP AL,1
- 00401678 0E PUSH CS
- 00401679 B1 58 MOV CL,58
- 0040167B 5C POP ESP
- 0040167C 07 POP ES ; Modification of segment register
- 0040167D 90 NOP
- 0040167E 56 PUSH ESI
- 0040167F A0 458EB0CA MOV AL,BYTE PTR DS:[CAB08E45]
- 00401684 90 NOP
- 00401685 0000 ADD BYTE PTR DS:[EAX],AL
- 00401687 04 06 ADD AL,6
- 00401689 A0 0580F95C MOV AL,BYTE PTR DS:[5CF98005]
- 0040168E 04 08 ADD AL,8
- 00401690 D8D6 FCOM ST(6)
- 00401692 8F DB 8F ; Unknown command
- 00401693 FF DB FF ; Unknown command
- 00401694 FFF5 PUSH EBP
- 00401696 15 0FF73E48 ADC EAX,483EF70F
- 0040169B B4 3E MOV AH,3E
- 0040169D 80345F C5 XOR BYTE PTR DS:[EBX*2+EDI],C5
- 004016A1 0F DB 0F ; Unknown command
- 004016A2 F75E 4F NEG DWORD PTR DS:[ESI+4F]
- 004016A5 F5 CMC
- 004016A6 5B POP EBX
- 004016A7 C8 5C07 41 ENTER 75C,41
- 004016AB 28B4DF 883C32 SUB BYTE PTR DS:[EBX*8+EDI+80323C88],DH
- 004016B2 FB STI
- 004016B3 74 60 JE SHORT 00401715
- 004016B5 64:1894DF 83B SBB BYTE PTR FS:[EBX*8+EDI+2987BC83],DL
- 004016BD B3 3D MOV BL,3D
- 004016BF B6 80 MOV DH,80
- 004016C1 0800 OR BYTE PTR DS:[EAX],AL
- 004016C3 0005 357FF55C ADD BYTE PTR DS:[5CF57F35],AL
- 004016C9 085C07 46 OR BYTE PTR DS:[EAX+EDI+46],BL
- 004016CD 75 36 JNE SHORT 00401705
- 004016CF A0 48D45FC5 MOV AL,BYTE PTR DS:[C55FD448]
- 004016D4 08B8 580FCFFF OR BYTE PTR DS:[EAX+FFCF0F58],BH
- 004016DA F8 CLC
- 004016DB 3C 00 CMP AL,0
- 004016DD 850F TEST DWORD PTR DS:[EDI],ECX
- 004016DF F75E 4F NEG DWORD PTR DS:[ESI+4F]
- 004016E2 F5 CMC
- 004016E3 5D POP EBP
- 004016E4 085C07 44 OR BYTE PTR DS:[EAX+EDI+44],BL
- 004016E8 C8 B462 80 ENTER 62B4,80
- 004016EC 34 5F XOR AL,5F
- 004016EE C8 9858 CF ENTER 5898,0CF
- 004016F2 CF IRETD ; Far jump or call
- 004016F3 FF DB FF ; Unknown command
- 004016F4 F8 CLC
- 004016F5 D85D CF FCOMP DWORD PTR SS:[EBP-31]
- 004016F8 BF FFF50FF7 MOV EDI,F70FF5FF
- 004016FD 5E POP ESI
- 004016FE 8F DB 8F ; Unknown command
- 004016FF F9 STC
- 00401700 57 PUSH EDI
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement