UPX1:10521C10 ; BOOL __stdcall DllEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpReserved)
UPX1:10521C10 public DllEntryPoint
UPX1:10521C10 DllEntryPoint:
UPX1:10521C10 80 7C 24 08+ cmp byte ptr [esp+8], 1
UPX1:10521C15 0F 85 E4 01+ jnz loc_10521DFF
UPX1:10521C1B 60 pusha
UPX1:10521C1C BE 00 80 24+ mov esi, offset dword_10248000
UPX1:10521C21 8D BE 00 90+ lea edi, [esi-247000h]
UPX1:10521C27 57 push edi
UPX1:10521C28 83 CD FF or ebp, 0FFFFFFFFh
UPX1:10521C2B EB 0D jmp short loc_10521C3A
UPX1:10521C2D ; ---------------------------------------------------------------------------
UPX1:10521C2D 90 nop
UPX1:10521C2E 90 nop
UPX1:10521C2F 90 nop
UPX1:10521C30
UPX1:10521C30 loc_10521C30: ; CODE XREF: UPX1:loc_10521C41�j
UPX1:10521C30 8A 06 mov al, [esi]
UPX1:10521C32 46 inc esi
UPX1:10521C33 88 07 mov [edi], al
UPX1:10521C35 47 inc edi
UPX1:10521C36
UPX1:10521C36 loc_10521C36: ; CODE XREF: UPX1:10521CEF�j
UPX1:10521C36 ; UPX1:10521D05�j
UPX1:10521C36 01 DB add ebx, ebx
UPX1:10521C38 75 07 jnz short loc_10521C41
UPX1:10521C3A
UPX1:10521C3A loc_10521C3A: ; CODE XREF: UPX1:10521C2B�j
UPX1:10521C3A 8B 1E mov ebx, [esi]
UPX1:10521C3C 83 EE FC sub esi, 0FFFFFFFCh
UPX1:10521C3F 11 DB adc ebx, ebx
UPX1:10521C41
UPX1:10521C41 loc_10521C41: ; CODE XREF: UPX1:10521C38�j
UPX1:10521C41 72 ED jb short loc_10521C30
UPX1:10521C43 B8 01 00 00+ mov eax, 1
UPX1:10521C48
UPX1:10521C48 loc_10521C48: ; CODE XREF: UPX1:10521C72�j
UPX1:10521C48 01 DB add ebx, ebx
UPX1:10521C4A 75 07 jnz short loc_10521C53
UPX1:10521C4C 8B 1E mov ebx, [esi]
UPX1:10521C4E 83 EE FC sub esi, 0FFFFFFFCh
UPX1:10521C51 11 DB adc ebx, ebx
UPX1:10521C53
UPX1:10521C53 loc_10521C53: ; CODE XREF: UPX1:10521C4A�j
UPX1:10521C53 11 C0 adc eax, eax
UPX1:10521C55 01 DB add ebx, ebx
UPX1:10521C57 73 0B jnb short loc_10521C64
UPX1:10521C59 75 28 jnz short loc_10521C83
UPX1:10521C5B 8B 1E mov ebx, [esi]
UPX1:10521C5D 83 EE FC sub esi, 0FFFFFFFCh
UPX1:10521C60 11 DB adc ebx, ebx
UPX1:10521C62 72 1F jb short loc_10521C83
UPX1:10521C64
UPX1:10521C64 loc_10521C64: ; CODE XREF: UPX1:10521C57�j
UPX1:10521C64 48 dec eax
UPX1:10521C65 01 DB add ebx, ebx
UPX1:10521C67 75 07 jnz short loc_10521C70
UPX1:10521C69 8B 1E mov ebx, [esi]
UPX1:10521C6B 83 EE FC sub esi, 0FFFFFFFCh
UPX1:10521C6E 11 DB adc ebx, ebx
UPX1:10521C70
UPX1:10521C70 loc_10521C70: ; CODE XREF: UPX1:10521C67�j
UPX1:10521C70 11 C0 adc eax, eax
UPX1:10521C72 EB D4 jmp short loc_10521C48
UPX1:10521C74 ; ---------------------------------------------------------------------------
UPX1:10521C74
UPX1:10521C74 loc_10521C74: ; CODE XREF: UPX1:loc_10521CA6�j
UPX1:10521C74 ; UPX1:loc_10521CB4�j
UPX1:10521C74 01 DB add ebx, ebx
UPX1:10521C76 75 07 jnz short loc_10521C7F
UPX1:10521C78 8B 1E mov ebx, [esi]
UPX1:10521C7A 83 EE FC sub esi, 0FFFFFFFCh
UPX1:10521C7D 11 DB adc ebx, ebx
UPX1:10521C7F
UPX1:10521C7F loc_10521C7F: ; CODE XREF: UPX1:10521C76�j
UPX1:10521C7F 11 C9 adc ecx, ecx
UPX1:10521C81 EB 52 jmp short loc_10521CD5
UPX1:10521C83 ; ---------------------------------------------------------------------------
UPX1:10521C83
UPX1:10521C83 loc_10521C83: ; CODE XREF: UPX1:10521C59�j
UPX1:10521C83 ; UPX1:10521C62�j
UPX1:10521C83 31 C9 xor ecx, ecx
UPX1:10521C85 83 E8 03 sub eax, 3
UPX1:10521C88 72 11 jb short loc_10521C9B
UPX1:10521C8A C1 E0 08 shl eax, 8
UPX1:10521C8D 8A 06 mov al, [esi]
UPX1:10521C8F 46 inc esi
UPX1:10521C90 83 F0 FF xor eax, 0FFFFFFFFh
UPX1:10521C93 74 75 jz short loc_10521D0A
UPX1:10521C95 D1 F8 sar eax, 1
UPX1:10521C97 89 C5 mov ebp, eax
UPX1:10521C99 EB 0B jmp short loc_10521CA6
UPX1:10521C9B ; ---------------------------------------------------------------------------
UPX1:10521C9B
UPX1:10521C9B loc_10521C9B: ; CODE XREF: UPX1:10521C88�j
UPX1:10521C9B 01 DB add ebx, ebx
UPX1:10521C9D 75 07 jnz short loc_10521CA6
UPX1:10521C9F 8B 1E mov ebx, [esi]
UPX1:10521CA1 83 EE FC sub esi, 0FFFFFFFCh
UPX1:10521CA4 11 DB adc ebx, ebx
UPX1:10521CA6
UPX1:10521CA6 loc_10521CA6: ; CODE XREF: UPX1:10521C99�j
UPX1:10521CA6 ; UPX1:10521C9D�j
UPX1:10521CA6 72 CC jb short loc_10521C74
UPX1:10521CA8 41 inc ecx
UPX1:10521CA9 01 DB add ebx, ebx
UPX1:10521CAB 75 07 jnz short loc_10521CB4
UPX1:10521CAD 8B 1E mov ebx, [esi]
UPX1:10521CAF 83 EE FC sub esi, 0FFFFFFFCh
UPX1:10521CB2 11 DB adc ebx, ebx
UPX1:10521CB4
UPX1:10521CB4 loc_10521CB4: ; CODE XREF: UPX1:10521CAB�j
UPX1:10521CB4 72 BE jb short loc_10521C74
UPX1:10521CB6
UPX1:10521CB6 loc_10521CB6: ; CODE XREF: UPX1:10521CC5�j
UPX1:10521CB6 ; UPX1:10521CD0�j
UPX1:10521CB6 01 DB add ebx, ebx
UPX1:10521CB8 75 07 jnz short loc_10521CC1
UPX1:10521CBA 8B 1E mov ebx, [esi]
UPX1:10521CBC 83 EE FC sub esi, 0FFFFFFFCh
UPX1:10521CBF 11 DB adc ebx, ebx
UPX1:10521CC1
UPX1:10521CC1 loc_10521CC1: ; CODE XREF: UPX1:10521CB8�j
UPX1:10521CC1 11 C9 adc ecx, ecx
UPX1:10521CC3 01 DB add ebx, ebx
UPX1:10521CC5 73 EF jnb short loc_10521CB6
UPX1:10521CC7 75 09 jnz short loc_10521CD2
UPX1:10521CC9 8B 1E mov ebx, [esi]
UPX1:10521CCB 83 EE FC sub esi, 0FFFFFFFCh
UPX1:10521CCE 11 DB adc ebx, ebx
UPX1:10521CD0 73 E4 jnb short loc_10521CB6
UPX1:10521CD2
UPX1:10521CD2 loc_10521CD2: ; CODE XREF: UPX1:10521CC7�j
UPX1:10521CD2 83 C1 02 add ecx, 2
UPX1:10521CD5
UPX1:10521CD5 loc_10521CD5: ; CODE XREF: UPX1:10521C81�j
UPX1:10521CD5 81 FD 00 FB+ cmp ebp, 0FFFFFB00h
UPX1:10521CDB 83 D1 02 adc ecx, 2
UPX1:10521CDE 8D 14 2F lea edx, [edi+ebp]
UPX1:10521CE1 83 FD FC cmp ebp, 0FFFFFFFCh
UPX1:10521CE4 76 0E jbe short loc_10521CF4
UPX1:10521CE6
UPX1:10521CE6 loc_10521CE6: ; CODE XREF: UPX1:10521CED�j
UPX1:10521CE6 8A 02 mov al, [edx]
UPX1:10521CE8 42 inc edx
UPX1:10521CE9 88 07 mov [edi], al
UPX1:10521CEB 47 inc edi
UPX1:10521CEC 49 dec ecx
UPX1:10521CED 75 F7 jnz short loc_10521CE6
UPX1:10521CEF E9 42 FF FF+ jmp loc_10521C36
UPX1:10521CF4 ; ---------------------------------------------------------------------------
UPX1:10521CF4
UPX1:10521CF4 loc_10521CF4: ; CODE XREF: UPX1:10521CE4�j
UPX1:10521CF4 ; UPX1:10521D01�j
UPX1:10521CF4 8B 02 mov eax, [edx]
UPX1:10521CF6 83 C2 04 add edx, 4
UPX1:10521CF9 89 07 mov [edi], eax
UPX1:10521CFB 83 C7 04 add edi, 4
UPX1:10521CFE 83 E9 04 sub ecx, 4
UPX1:10521D01 77 F1 ja short loc_10521CF4
UPX1:10521D03 01 CF add edi, ecx
UPX1:10521D05 E9 2C FF FF+ jmp loc_10521C36
UPX1:10521D0A ; ---------------------------------------------------------------------------
UPX1:10521D0A
UPX1:10521D0A loc_10521D0A: ; CODE XREF: UPX1:10521C93�j
UPX1:10521D0A 5E pop esi
UPX1:10521D0B 89 F7 mov edi, esi
UPX1:10521D0D B9 40 31 01+ mov ecx, 13140h
UPX1:10521D12
UPX1:10521D12 loc_10521D12: ; CODE XREF: UPX1:10521D19�j
UPX1:10521D12 8A 07 mov al, [edi]
UPX1:10521D14 47 inc edi
UPX1:10521D15 2C E8 sub al, 0E8h
UPX1:10521D17
UPX1:10521D17 loc_10521D17: ; CODE XREF: UPX1:10521D35�j
UPX1:10521D17 3C 01 cmp al, 1
UPX1:10521D19 77 F7 ja short loc_10521D12
UPX1:10521D1B 8B 07 mov eax, [edi]
UPX1:10521D1D 8A 5F 04 mov bl, [edi+4]
UPX1:10521D20 86 C4 xchg al, ah
UPX1:10521D22 C1 C0 10 rol eax, 10h
UPX1:10521D25 86 C4 xchg al, ah
UPX1:10521D27 29 F8 sub eax, edi
UPX1:10521D29 80 EB E8 sub bl, 0E8h
UPX1:10521D2C 01 F0 add eax, esi
UPX1:10521D2E 89 07 mov [edi], eax
UPX1:10521D30 83 C7 05 add edi, 5
UPX1:10521D33 88 D8 mov al, bl
UPX1:10521D35 E2 E0 loop loc_10521D17
UPX1:10521D37 8D BE 00 70+ lea edi, [esi+517000h]
UPX1:10521D3D
UPX1:10521D3D loc_10521D3D: ; CODE XREF: UPX1:10521D5F�j
UPX1:10521D3D 8B 07 mov eax, [edi]
UPX1:10521D3F 09 C0 or eax, eax
UPX1:10521D41 74 45 jz short loc_10521D88
UPX1:10521D43 8B 5F 04 mov ebx, [edi+4]
UPX1:10521D46 8D 84 30 3C+ lea eax, [eax+esi+524B3Ch]
UPX1:10521D4D 01 F3 add ebx, esi
UPX1:10521D4F 50 push eax
UPX1:10521D50 83 C7 08 add edi, 8
UPX1:10521D53 FF 96 54 4C+ call dword ptr [esi+524C54h]
UPX1:10521D59 95 xchg eax, ebp
UPX1:10521D5A
UPX1:10521D5A loc_10521D5A: ; CODE XREF: UPX1:10521D80�j
UPX1:10521D5A 8A 07 mov al, [edi]
UPX1:10521D5C 47 inc edi
UPX1:10521D5D 08 C0 or al, al
UPX1:10521D5F 74 DC jz short loc_10521D3D
UPX1:10521D61 89 F9 mov ecx, edi
UPX1:10521D63 79 07 jns short near ptr loc_10521D6B+1
UPX1:10521D65 0F B7 07 movzx eax, word ptr [edi]
UPX1:10521D68 47 inc edi
UPX1:10521D69 50 push eax
UPX1:10521D6A 47 inc edi
UPX1:10521D6B
UPX1:10521D6B loc_10521D6B: ; CODE XREF: UPX1:10521D63�j
UPX1:10521D6B B9 57 48 F2+ mov ecx, 0AEF24857h
UPX1:10521D70 55 push ebp
UPX1:10521D71 FF 96 58 4C+ call dword ptr [esi+524C58h]
UPX1:10521D77 09 C0 or eax, eax
UPX1:10521D79 74 07 jz short loc_10521D82
UPX1:10521D7B 89 03 mov [ebx], eax
UPX1:10521D7D 83 C3 04 add ebx, 4
UPX1:10521D80 EB D8 jmp short loc_10521D5A
UPX1:10521D82 ; ---------------------------------------------------------------------------
UPX1:10521D82
UPX1:10521D82 loc_10521D82: ; CODE XREF: UPX1:10521D79�j
UPX1:10521D82 61 popa
UPX1:10521D83 31 C0 xor eax, eax
UPX1:10521D85 C2 0C 00 retn 0Ch
UPX1:10521D88 ; ---------------------------------------------------------------------------
UPX1:10521D88
UPX1:10521D88 loc_10521D88: ; CODE XREF: UPX1:10521D41�j
UPX1:10521D88 83 C7 04 add edi, 4
UPX1:10521D8B 8D 5E FC lea ebx, [esi-4]
UPX1:10521D8E
UPX1:10521D8E loc_10521D8E: ; CODE XREF: UPX1:10521DAA�j
UPX1:10521D8E 31 C0 xor eax, eax
UPX1:10521D90 8A 07 mov al, [edi]
UPX1:10521D92 47 inc edi
UPX1:10521D93 09 C0 or eax, eax
UPX1:10521D95 74 2B jz short loc_10521DC2
UPX1:10521D97 3C EF cmp al, 0EFh
UPX1:10521D99 77 11 ja short loc_10521DAC
UPX1:10521D9B
UPX1:10521D9B loc_10521D9B: ; CODE XREF: UPX1:10521DB9�j
UPX1:10521D9B ; UPX1:10521DC0�j
UPX1:10521D9B 01 C3 add ebx, eax
UPX1:10521D9D 8B 03 mov eax, [ebx]
UPX1:10521D9F 86 C4 xchg al, ah
UPX1:10521DA1 C1 C0 10 rol eax, 10h
UPX1:10521DA4 86 C4 xchg al, ah
UPX1:10521DA6 01 F0 add eax, esi
UPX1:10521DA8 89 03 mov [ebx], eax
UPX1:10521DAA EB E2 jmp short loc_10521D8E
UPX1:10521DAC ; ---------------------------------------------------------------------------
UPX1:10521DAC
UPX1:10521DAC loc_10521DAC: ; CODE XREF: UPX1:10521D99�j
UPX1:10521DAC 24 0F and al, 0Fh
UPX1:10521DAE C1 E0 10 shl eax, 10h
UPX1:10521DB1 66 8B 07 mov ax, [edi]
UPX1:10521DB4 83 C7 02 add edi, 2
UPX1:10521DB7 09 C0 or eax, eax
UPX1:10521DB9 75 E0 jnz short loc_10521D9B
UPX1:10521DBB 8B 07 mov eax, [edi]
UPX1:10521DBD 83 C7 04 add edi, 4
UPX1:10521DC0 EB D9 jmp short loc_10521D9B
UPX1:10521DC2 ; ---------------------------------------------------------------------------
UPX1:10521DC2
UPX1:10521DC2 loc_10521DC2: ; CODE XREF: UPX1:10521D95�j
UPX1:10521DC2 8B AE 5C 4C+ mov ebp, [esi+524C5Ch]
UPX1:10521DC8 8D BE 00 F0+ lea edi, [esi-1000h]
UPX1:10521DCE BB 00 10 00+ mov ebx, 1000h
UPX1:10521DD3 50 push eax
UPX1:10521DD4 54 push esp
UPX1:10521DD5 6A 04 push 4
UPX1:10521DD7 53 push ebx
UPX1:10521DD8 57 push edi
UPX1:10521DD9 FF D5 call ebp
UPX1:10521DDB 8D 87 1F 02+ lea eax, [edi+21Fh]
UPX1:10521DE1 80 20 7F and byte ptr [eax], 7Fh
UPX1:10521DE4 80 60 28 7F and byte ptr [eax+28h], 7Fh
UPX1:10521DE8 58 pop eax
UPX1:10521DE9 50 push eax
UPX1:10521DEA 54 push esp
UPX1:10521DEB 50 push eax
UPX1:10521DEC 53 push ebx
UPX1:10521DED 57 push edi
UPX1:10521DEE FF D5 call ebp
UPX1:10521DF0 58 pop eax
UPX1:10521DF1 61 popa
UPX1:10521DF2 8D 44 24 80 lea eax, [esp-80h]
UPX1:10521DF6
UPX1:10521DF6 loc_10521DF6: ; CODE XREF: UPX1:10521DFA�j
UPX1:10521DF6 6A 00 push 0
UPX1:10521DF8 39 C4 cmp esp, eax
UPX1:10521DFA 75 FA jnz short loc_10521DF6
UPX1:10521DFC 83 EC 80 sub esp, 0FFFFFF80h
UPX1:10521DFF
UPX1:10521DFF loc_10521DFF: ; CODE XREF: UPX1:10521C15�j
UPX1:10521DFF E9 4C 78 E2+ jmp loc_10349650
UPX1:10521DFF FF ; ---------------------------------------------------------------------------
UPX1:10521E04 00 00 00 00+ align 200h
UPX1:10521E04 00 00 00 00+UPX1 ends
UPX1:10521E04 00 00 00 00+
UPX1:10521E04 00 00 00 00+
UPX1:10521E04 00 00 00 00+ end DllEntryPoint