Ajang diskusi malware di Indonesia & reverse code engineering.
You are not logged in. Please login or register.
Kenapa pcmav tidak bisa cure files virus VB-Shortcut-4? semua prosedur sudah di lakukan kenapa tidak bisa clean virus VB-Shortcut-4. Berikut ini saya lampirkan ss-nya:
Kenapa pcmav tidak bisa cure files virus VB-Shortcut-4? semua prosedur sudah di lakukan kenapa tidak bisa clean virus VB-Shortcut-4. Berikut ini saya lampirkan ss-nya:
Mungkin bisa gunakan Extension Manger "DeleteOnReboot.dll" atau "SecureDelete.dll" atau gunakan Parameter /FORCE pada PCMAV 6.2 Asgard yang berfungsi untuk Mengizinkan PCMAV untuk memaksa membersihkan file yang terinfeksi.
Last edited by indraramadhan094 (05-01-2012 09:24:12)
@indraramadhan094
Diatas sudah jelas ss-nya bahwa saya sudah menggunakan parameter /FORCE tapi tetap saja pcmav 6.2 tidak bisa cure files. Apa iya mau hapus virus harus menggunakan Extension Manger kan jadi lama prosesnya. Tolong tim pcmav di analisa bug yang satu ini. Terima kasih. 
ya, ada minor bug di signaturenya, sudah diperbaiki dan disertakan pada majalah PC Media 02/2012. Terima kasih atas laporannya.
date/time : 2012-02-02, 06:16:15, 481ms
computer name : RAHMAN-PC
user name : RAHMAN <admin>
registered owner : RAHMAN
operating system : Windows XP Media Center Service Pack 2 build 2600
system language : English
system up time : 4 minutes 17 seconds
program up time : 3 minutes 34 seconds
processors : 4x Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
physical memory : 891/1783 MB (free/total)
free disk space : (C:) 33.32 GB
display mode : 1366x768, 32 bit
process id : $8e4
allocated memory : 94.61 MB
command line : "C:\PCMAV 6.2\PCMAV.exe" /RTP
executable : PCMAV.exe
exec. date/time : 2012-01-29 22:37
version : 6.2.0.0
compiled with : Delphi 2006/07
madExcept version : 3.0n
PCMAV.exe.mad : $000270c8, $32fc3f68, $d01a3045
contact name : MAN
contact email : hpi_rahman@yahoo.co.id
callstack crc : $e46d242e, $5fbc4d76, $5fbc4d76
exception number : 1
exception class : EInvalidOperation
exception message : Cannot make a visible window modal.
main thread ($8e8):
004c378d +071 PCMAV.exe segment%59 public%5894
004a7de7 +02f PCMAV.exe segment%55 public%4938
004bed6e +03a PCMAV.exe segment%59 public%5770
0068d093 +01f PCMAV.exe segment%292 public%13164
004a9a54 +064 PCMAV.exe segment%55 public%5023
004a9ecf +06b PCMAV.exe segment%55 public%5040
004a954f +2bb PCMAV.exe segment%55 public%5016
004ad1d8 +18c PCMAV.exe segment%55 public%5163
004a91dc +024 PCMAV.exe segment%55 public%5012
004ad039 +0a1 PCMAV.exe segment%55 public%5162
004ad400 +3b4 PCMAV.exe segment%55 public%5163
004acc70 +02c PCMAV.exe segment%55 public%5158
004788b4 +014 PCMAV.exe segment%31 public%3553
77533573 +00a USER32.dll DispatchMessageA
004c71fc +0fc PCMAV.exe segment%59 public%6025
004c7236 +00a PCMAV.exe segment%59 public%6027
004c38a3 +187 PCMAV.exe segment%59 public%5894
0068d093 +01f PCMAV.exe segment%292 public%13164
004a9a54 +064 PCMAV.exe segment%55 public%5023
004a9ecf +06b PCMAV.exe segment%55 public%5040
004a954f +2bb PCMAV.exe segment%55 public%5016
004ad1d8 +18c PCMAV.exe segment%55 public%5163
004a91dc +024 PCMAV.exe segment%55 public%5012
004ad039 +0a1 PCMAV.exe segment%55 public%5162
004ad400 +3b4 PCMAV.exe segment%55 public%5163
004acc70 +02c PCMAV.exe segment%55 public%5158
004788b4 +014 PCMAV.exe segment%31 public%3553
77533573 +00a USER32.dll DispatchMessageA
004c71fc +0fc PCMAV.exe segment%59 public%6025
004c7236 +00a PCMAV.exe segment%59 public%6027
004c7547 +0b3 PCMAV.exe segment%59 public%6032
00692305 +1c9 PCMAV.exe segment%427 public%13315
77871192 +010 kernel32.dll BaseThreadInitThunk
thread $c70 (TgtTimerThread):
779e5e6a +0a ntdll.dll NtWaitForSingleObject
75b71796 +66 KERNELBASE.dll WaitForSingleObjectEx
7786effe +3e kernel32.dll WaitForSingleObjectEx
7786efad +0d kernel32.dll WaitForSingleObject
004d484b +13 PCMAV.exe segment%65 public%6344
004554a3 +2b PCMAV.exe segment%23 public%2362
00477140 +34 PCMAV.exe segment%31 public%3446
004056f4 +28 PCMAV.exe segment%0 public%250
00455385 +0d PCMAV.exe segment%23 public%2360
004553ef +37 PCMAV.exe segment%23 public%2361
77871192 +10 kernel32.dll BaseThreadInitThunk
>> created by main thread ($8e8) at:
00405754 +50 PCMAV.exe segment%0 public%251
thread $c74 (TWndProc): <suspended>
00405754 +50 PCMAV.exe segment%0 public%251
thread $cbc:
779e5e4a +0a ntdll.dll NtWaitForMultipleObjects
77871192 +10 kernel32.dll BaseThreadInitThunk
thread $cc0:
779e570a +00a ntdll.dll NtReadFile
75b7aba7 +059 KERNELBASE.dll ReadFile
7786daf8 +04f kernel32.dll ReadFile
005b7e4d +1e5 PCMAV.exe segment%209 public%10674
00455385 +00d PCMAV.exe segment%23 public%2360
004553ef +037 PCMAV.exe segment%23 public%2361
77871192 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $cb8 at:
77872838 +01b kernel32.dll CreateThread
thread $cc8 (TgtTimerThread):
779e5e6a +0a ntdll.dll NtWaitForSingleObject
75b71796 +66 KERNELBASE.dll WaitForSingleObjectEx
7786effe +3e kernel32.dll WaitForSingleObjectEx
7786efad +0d kernel32.dll WaitForSingleObject
004d484b +13 PCMAV.exe segment%65 public%6344
004554a3 +2b PCMAV.exe segment%23 public%2362
00477140 +34 PCMAV.exe segment%31 public%3446
004056f4 +28 PCMAV.exe segment%0 public%250
00455385 +0d PCMAV.exe segment%23 public%2360
004553ef +37 PCMAV.exe segment%23 public%2361
77871192 +10 kernel32.dll BaseThreadInitThunk
>> created by main thread ($8e8) at:
00405754 +50 PCMAV.exe segment%0 public%251
thread $cf8:
779e5e6a +0a ntdll.dll NtWaitForSingleObject
75b71796 +66 KERNELBASE.dll WaitForSingleObjectEx
7786effe +3e kernel32.dll WaitForSingleObjectEx
00455385 +0d PCMAV.exe segment%23 public%2360
004553ef +37 PCMAV.exe segment%23 public%2361
77871192 +10 kernel32.dll BaseThreadInitThunk
>> created by thread $cf4 at:
77872838 +1b kernel32.dll CreateThread
thread $d04:
779e5e6a +0a ntdll.dll NtWaitForSingleObject
75b71796 +66 KERNELBASE.dll WaitForSingleObjectEx
7786effe +3e kernel32.dll WaitForSingleObjectEx
7786efad +0d kernel32.dll WaitForSingleObject
00455385 +0d PCMAV.exe segment%23 public%2360
004553ef +37 PCMAV.exe segment%23 public%2361
77871192 +10 kernel32.dll BaseThreadInitThunk
>> created by main thread ($8e8) at:
77872838 +1b kernel32.dll CreateThread
thread $d08:
779e4c1a +0a ntdll.dll NtDelayExecution
75b71870 +4f KERNELBASE.dll SleepEx
75b71813 +0a KERNELBASE.dll Sleep
00455385 +0d PCMAV.exe segment%23 public%2360
004553ef +37 PCMAV.exe segment%23 public%2361
77871192 +10 kernel32.dll BaseThreadInitThunk
>> created by thread $d04 at:
77872838 +1b kernel32.dll CreateThread
thread $d0c:
779e5e4a +0a ntdll.dll NtWaitForMultipleObjects
75b7686c +00 KERNELBASE.dll WaitForMultipleObjectsEx
7786f145 +89 kernel32.dll WaitForMultipleObjectsEx
7786f2bd +13 kernel32.dll WaitForMultipleObjects
00455385 +0d PCMAV.exe segment%23 public%2360
004553ef +37 PCMAV.exe segment%23 public%2361
77871192 +10 kernel32.dll BaseThreadInitThunk
>> created by thread $d04 at:
77872838 +1b kernel32.dll CreateThread
thread $d10: <priority:1>
779e57ea +0a ntdll.dll NtRemoveIoCompletion
00455385 +0d PCMAV.exe segment%23 public%2360
004553ef +37 PCMAV.exe segment%23 public%2361
77871192 +10 kernel32.dll BaseThreadInitThunk
>> created by main thread ($8e8) at:
77872838 +1b kernel32.dll CreateThread
thread $d1c (TRegMonitorThread):
779e5e6a +0a ntdll.dll NtWaitForSingleObject
75b71796 +66 KERNELBASE.dll WaitForSingleObjectEx
7786effe +3e kernel32.dll WaitForSingleObjectEx
7786efad +0d kernel32.dll WaitForSingleObject
0067b015 +15 PCMAV.exe segment%289 public%13029
004554a3 +2b PCMAV.exe segment%23 public%2362
00477140 +34 PCMAV.exe segment%31 public%3446
004056f4 +28 PCMAV.exe segment%0 public%250
00455385 +0d PCMAV.exe segment%23 public%2360
004553ef +37 PCMAV.exe segment%23 public%2361
77871192 +10 kernel32.dll BaseThreadInitThunk
>> created by main thread ($8e8) at:
00405754 +50 PCMAV.exe segment%0 public%251
thread $d20 (TRegMonitorThread):
779e5e6a +0a ntdll.dll NtWaitForSingleObject
75b71796 +66 KERNELBASE.dll WaitForSingleObjectEx
7786effe +3e kernel32.dll WaitForSingleObjectEx
7786efad +0d kernel32.dll WaitForSingleObject
0067b015 +15 PCMAV.exe segment%289 public%13029
004554a3 +2b PCMAV.exe segment%23 public%2362
00477140 +34 PCMAV.exe segment%31 public%3446
004056f4 +28 PCMAV.exe segment%0 public%250
00455385 +0d PCMAV.exe segment%23 public%2360
004553ef +37 PCMAV.exe segment%23 public%2361
77871192 +10 kernel32.dll BaseThreadInitThunk
>> created by main thread ($8e8) at:
00405754 +50 PCMAV.exe segment%0 public%251
thread $d28:
779e5e4a +000a ntdll.dll NtWaitForMultipleObjects
75b7686c +0000 KERNELBASE.dll WaitForMultipleObjectsEx
7786f145 +0089 kernel32.dll WaitForMultipleObjectsEx
775390b8 +a43f USER32.dll MsgWaitForMultipleObjectsEx
775359f9 +001a USER32.dll MsgWaitForMultipleObjects
00455385 +000d PCMAV.exe segment%23 public%2360
004553ef +0037 PCMAV.exe segment%23 public%2361
77871192 +0010 kernel32.dll BaseThreadInitThunk
>> created by thread $d18 at:
77872838 +001b kernel32.dll CreateThread
thread $e30:
779e570a +00a ntdll.dll NtReadFile
75b7aba7 +059 KERNELBASE.dll ReadFile
7786daf8 +04f kernel32.dll ReadFile
005b7e4d +1e5 PCMAV.exe segment%209 public%10674
00455385 +00d PCMAV.exe segment%23 public%2360
004553ef +037 PCMAV.exe segment%23 public%2361
77871192 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $d18 at:
77872838 +01b kernel32.dll CreateThread
thread $e34 (TgtTimerThread):
779e5e6a +0a ntdll.dll NtWaitForSingleObject
75b71796 +66 KERNELBASE.dll WaitForSingleObjectEx
7786effe +3e kernel32.dll WaitForSingleObjectEx
7786efad +0d kernel32.dll WaitForSingleObject
004d484b +13 PCMAV.exe segment%65 public%6344
004554a3 +2b PCMAV.exe segment%23 public%2362
00477140 +34 PCMAV.exe segment%31 public%3446
004056f4 +28 PCMAV.exe segment%0 public%250
00455385 +0d PCMAV.exe segment%23 public%2360
004553ef +37 PCMAV.exe segment%23 public%2361
77871192 +10 kernel32.dll BaseThreadInitThunk
>> created by thread $d18 at:
00405754 +50 PCMAV.exe segment%0 public%251
thread $e3c:
779e5e7a +0a ntdll.dll NtWaitForWorkViaWorkerFactory
77871192 +10 kernel32.dll BaseThreadInitThunk
thread $a50:
779e5d6a +0a ntdll.dll NtTraceControl
779be9bb +3c ntdll.dll EtwpNotificationThread
77871192 +10 kernel32.dll BaseThreadInitThunk
thread $d5c:
779e5e7a +0a ntdll.dll NtWaitForWorkViaWorkerFactory
77871192 +10 kernel32.dll BaseThreadInitThunk
thread $f94:
779e5e7a +0a ntdll.dll NtWaitForWorkViaWorkerFactory
77871192 +10 kernel32.dll BaseThreadInitThunk
processes:
000 Idle 0 0 0
004 System 0 0 0
0fc smss.exe 0 0 0 normal C:\Windows\system32
18c csrss.exe 0 0 0 normal C:\Windows\system32
1c4 wininit.exe 0 0 0 high C:\Windows\system32
1cc csrss.exe 1 174 78 normal C:\Windows\system32
1fc services.exe 0 0 0 normal C:\Windows\system32
20c lsass.exe 0 0 0 normal C:\Windows\system32
214 lsm.exe 0 0 0 normal C:\Windows\system32
254 winlogon.exe 1 6 0 high C:\Windows\system32
2ac svchost.exe 0 0 0 normal C:\Windows\system32
2f8 svchost.exe 0 0 0 normal C:\Windows\system32
35c MsMpEng.exe 0 0 0 normal C:\Program Files\Microsoft Security Client
388 svchost.exe 0 0 0 normal C:\Windows\System32
3c4 svchost.exe 0 0 0 normal C:\Windows\System32
3ec svchost.exe 0 0 0 normal C:\Windows\system32
444 audiodg.exe 0 0 0
46c svchost.exe 0 0 0 normal C:\Windows\system32
4d0 svchost.exe 0 0 0 normal C:\Windows\system32
56c spoolsv.exe 0 0 0 normal C:\Windows\System32
58c svchost.exe 0 0 0 normal C:\Windows\system32
600 svchost.exe 0 0 0 normal C:\Windows\system32
630 LMS.exe 0 0 0 normal C:\Program Files\Intel\Intel(R) Management Engine Components\LMS
648 NBService.exe 0 0 0 normal C:\Program Files\Nero\Nero8\Nero BackItUp
674 NitroPDFDriverService.exe 0 0 0 normal C:\Program Files\Nitro PDF\Professional
68c NLSSRV32.EXE 0 0 0 normal C:\Windows\system32
6a4 RTPSvc.exe 0 0 0 normal C:\Windows\system32
72c PsiService_2.exe 0 0 0 normal c:\Program Files\Common Files\Protexis\License Service
0a8 taskhost.exe 1 26 21 normal C:\Windows\system32
170 taskeng.exe 1 10 3 normal C:\Windows\system32
460 Dwm.exe 1 16 2 high C:\Windows\system32
5cc svchost.exe 0 0 0 normal C:\Windows\system32
868 NisSrv.exe 0 0 0 normal C:\Program Files\Microsoft Security Client
8e4 PCMAV.exe 1 253 182 below normal C:\PCMAV 6.2
8ec Explorer.EXE 1 457 353 normal C:\Windows
a00 msseces.exe 1 143 59 normal C:\Program Files\Microsoft Security Client
a18 IDMan.exe 1 92 67 normal C:\Program Files\Internet Download Manager
a94 IEMonitor.exe 1 18 16 normal C:\Program Files\Internet Download Manager
b68 svchost.exe 0 0 0 normal C:\Windows\System32
f08 firefox.exe 1 68 40 normal C:\Program Files\Mozilla Firefox
a5c sppsvc.exe 0 0 0 normal C:\Windows\system32
bcc UNS.exe 0 0 0 normal C:\Program Files\Intel\Intel(R) Management Engine Components\UNS
d80 wmiprvse.exe 0 0 0 normal C:\Windows\system32\wbem
dcc TrustedInstaller.exe 0 0 0 normal C:\Windows\servicing
458 wuauclt.exe 1 12 6 normal C:\Windows\system32
cpu registers:
eax = 020ac570
ebx = 02062130
ecx = 020ac570
edx = 004c378d
esi = 004a99f0
edi = 0012f91c
eip = 004c378d
esp = 0012f744
ebp = 0012f7a8
stack dump:
0012f744 8d 37 4c 00 de fa ed 0e - 01 00 00 00 07 00 00 00 .7L.............
0012f754 58 f7 12 00 8d 37 4c 00 - 70 c5 0a 02 30 21 06 02 X....7L.p...0!..
0012f764 f0 99 4a 00 1c f9 12 00 - a8 f7 12 00 74 f7 12 00 ..J.........t...
0012f774 a0 f9 12 00 d0 4f 40 00 - a8 f7 12 00 f0 99 4a 00 .....O@.......J.
0012f784 30 21 06 02 00 00 00 00 - ea 7d 4a 00 1c f9 12 00 0!.......}J.....
0012f794 20 48 06 02 00 00 00 00 - 73 ed 4b 00 f0 99 4a 00 .H......s.K...J.
0012f7a4 60 e2 90 03 b0 f7 12 00 - 99 d0 68 00 10 f9 12 00 `.........h.....
0012f7b4 5a 9a 4a 00 30 21 06 02 - d4 9e 4a 00 08 00 0b 00 Z.J.0!....J.....
0012f7c4 08 00 00 00 0b 00 00 00 - 00 00 00 00 00 00 00 00 ................
0012f7d4 0c 00 00 00 0d 00 00 00 - ec 01 02 00 30 21 06 02 ............0!..
0012f7e4 1c f9 12 00 52 95 4a 00 - ec 01 02 00 d0 f9 12 00 ....R.J.........
0012f7f4 30 21 06 02 e3 62 58 77 - 74 19 83 ca fe ff ff ff 0!...bXwt.......
0012f804 ff ff ff ff 0f 00 00 00 - 00 00 00 00 6c f8 12 00 ............l...
0012f814 c1 1f 8e 74 00 00 00 00 - 00 00 00 00 0f 00 00 00 ...t............
0012f824 00 00 00 00 cc f8 12 00 - 01 00 00 00 00 00 00 00 ................
0012f834 0f 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0012f844 70 f8 12 00 ef 86 53 77 - 74 02 02 00 0f 00 00 00 p.....Swt.......
0012f854 00 00 00 00 00 00 00 00 - 0f 00 00 00 00 00 00 00 ................
0012f864 00 00 00 00 00 00 00 00 - e8 f8 12 00 80 f8 12 00 ................
0012f874 9c f8 12 00 d8 98 58 77 - 96 77 53 77 e8 f8 12 00 ......Xw.wSw....
disassembling:
004c371c public segment%59.public%5894 (PCMAV.exe): ; function entry point
004c371c push ebp
004c371d mov ebp, esp
004c371f add esp, -$20
004c3722 push ebx
004c3723 push esi
004c3724 xor edx, edx
004c3726 mov [ebp-$20], edx
004c3729 mov [ebp-4], eax
004c372c xor eax, eax
004c372e push ebp
004c372f push $4c3a0e ; segment%0.public%227 (PCMAV.exe)
004c3734 push dword ptr fs:[eax]
004c3737 mov fs:[eax], esp
004c373a call -$1d38b ($4a63b4) ; segment%55.public%4850 (PCMAV.exe)
004c373a
004c373f mov eax, [ebp-4]
004c3742 cmp byte ptr [eax+$57], 0
004c3746 jnz loc_4c376c
004c3746
004c3748 mov eax, [ebp-4]
004c374b mov edx, [eax]
004c374d call dword ptr [edx+$50]
004c374d
004c3750 test al, al
004c3752 jz loc_4c376c
004c3752
004c3754 mov eax, [ebp-4]
004c3757 test byte ptr [eax+$358], 8
004c375e jnz loc_4c376c
004c375e
004c3760 mov eax, [ebp-4]
004c3763 cmp byte ptr [eax+$277], 1
004c376a jnz loc_4c378d
004c376a
004c376c loc_4c376c:
004c376c lea edx, [ebp-$20]
004c376f mov eax, [$6a3e14]
004c3774 call -$bba29 ($407d50) ; segment%0.public%388 (PCMAV.exe)
004c3774
004c3779 mov ecx, [ebp-$20]
004c377c mov dl, 1
004c377e mov eax, [$46add8]
004c3783 call -$63668 ($460120) ; segment%26.public%2635 (PCMAV.exe)
004c3783
004c3788 call -$be699 ($4050f4) ; segment%0.public%230 (PCMAV.exe)
004c3788
004c378d loc_4c378d:
004c378d > call -$ba7ae ($408fe4) ; segment%3.public%888 (PCMAV.exe)
004c378d
004c3792 test eax, eax
004c3794 jz loc_4c37a7
004c3794
004c3796 push 0
004c3798 push 0
004c379a push $1f
004c379c call -$ba7bd ($408fe4) ; segment%3.public%888 (PCMAV.exe)
004c379c
004c37a1 push eax
004c37a2 call -$ba3eb ($4093bc) ; segment%3.public%1011 (PCMAV.exe)
004c37a2
004c37a7 loc_4c37a7:
004c37a7 call -$ba428 ($409384) ; segment%3.public%1004 (PCMAV.exe)
004c37a7
004c37ac mov eax, [$6aaeb0]
004c37b1 call +$276a ($4c5f20) ; segment%59.public%5998 (PCMAV.exe)
004c37b1
004c37b6 xor edx, edx
004c37b8 push ebp
004c37b9 push $4c39f1 ; segment%0.public%227 (PCMAV.exe)
004c37be push dword ptr fs:[edx]
004c37c1 mov fs:[edx], esp
004c37c4 mov eax, [ebp-4]
004c37c7 or byte ptr [eax+$358], 8
004c37ce mov eax, [ebp-4]
004c37d1 cmp byte ptr [eax+$330], 0
004c37d8 jnz loc_4c37f8
004c37d8
004c37da mov eax, [$6aaeb0]
004c37df cmp byte ptr [eax+$d4], 0
004c37e6 jz loc_4c37f8
004c37e6
004c37e8 mov eax, [ebp-4]
004c37eb call -$16f98 ($4ac858) ; segment%55.public%5153 (PCMAV.exe)
004c37eb
004c37f0 mov eax, [ebp-4]
004c37f3 call -$137f0 ($4b0008) ; segment%55.public%5291 (PCMAV.exe)
004c37f3
004c37f8 loc_4c37f8:
004c37f8 call -$ba829 ($408fd4) ; segment%3.public%886 (PCMAV.exe)
004c37f8
004c37fd mov [ebp-$1c], eax
004c3800 call -$77a1 ($4bc064) ; segment%59.public%5660 (PCMAV.exe)
004c3800
004c3805 mov [ebp-$10], eax
004c3808 mov eax, [$6aaeb4]
004c380d mov ecx, [eax+$78]
004c3810 mov eax, [$6aaeb4]
004c3815 mov eax, [eax+$7c]
004c3818 xor edx, edx
004c381a call -$55da3 ($46da7c) ; segment%31.public%3072 (PCMAV.exe)
004c381a
004c381f mov eax, [$6aaeb4]
004c3824 mov edx, [ebp-4]
004c3827 mov [eax+$78], edx
004c382a mov eax, [$6aaeb4]
004c382f movzx eax, word ptr [eax+$44]
004c3833 mov [ebp-$12], ax
004c3837 xor edx, edx
004c3839 mov eax, [$6aaeb4]
004c383e call +$1581 ($4c4dc4) ; segment%59.public%5966 (PCMAV.exe)
004c383e
004c3843 mov eax, [$6aaeb4]
004c3848 mov eax, [eax+$48]
004c384b mov [ebp-$18], eax
004c384e xor eax, eax
004c3850 call -$7649 ($4bc20c) ; segment%59.public%5666 (PCMAV.exe)
004c3850
004c3855 mov [ebp-$c], eax
004c3858 xor edx, edx
004c385a push ebp
004c385b push $4c39cf ; segment%0.public%227 (PCMAV.exe)
004c3860 push dword ptr fs:[edx]
004c3863 mov fs:[edx], esp
004c3866 mov eax, [ebp-4]
004c3869 call -$242 ($4c362c) ; segment%59.public%5890 (PCMAV.exe)
004c3869
004c386e xor edx, edx
004c3870 push ebp
004c3871 push $4c392e ; segment%0.public%227 (PCMAV.exe)
004c3876 push dword ptr fs:[edx]
004c3879 mov fs:[edx], esp
004c387c push 0
004c387e push 0
004c3880 push $b000
004c3885 mov eax, [ebp-4]
004c3888 call -$13861 ($4b002c) ; segment%55.public%5292 (PCMAV.exe)
004c3888
004c388d push eax
004c388e call -$ba4d7 ($4093bc) ; segment%3.public%1011 (PCMAV.exe)
004c388e
004c3893 mov eax, [ebp-4]
004c3896 xor edx, edx
004c3898 mov [eax+$294], edx
004c3896
004c389e loc_4c389e:
004c389e mov eax, [$6aaeb0]
004c38a3 call +$3984 ($4c722c) ; segment%59.public%6027 (PCMAV.exe)
004c38a3
004c38a8 mov eax, [$6aaeb0]
004c38ad cmp byte ptr [eax+$a4], 0
004c38b4 jz loc_4c38c5
004c38b4
004c38b6 mov eax, [ebp-4]
004c38b9 mov dword ptr [eax+$294], 2
004c38c3 jmp loc_4c38d9
004c38c3
004c38c3 ; ---------------------------------------------------------
004c38c3
004c38c5 loc_4c38c5:
004c38c5 mov eax, [ebp-4]
004c38c8 cmp dword ptr [eax+$294], 0
004c38cf jz loc_4c38d9
004c38cf
004c38d1 mov eax, [ebp-4]
004c38d4 call -$34d ($4c358c) ; segment%59.public%5888 (PCMAV.exe)
004c38d4
004c38d9 loc_4c38d9:
004c38d9 mov eax, [ebp-4]
004c38dc mov eax, [eax+$294]
004c38e2 test eax, eax
004c38e4 jz loc_4c389e
004c38e4
004c38e6 mov [ebp-8], eax
004c38e9 push 0
004c38eb push 0
004c38ed push $b001
004c38f2 mov eax, [ebp-4]
004c38f5 call -$138ce ($4b002c) ; segment%55.public%5292 (PCMAV.exe)
004c38f5
004c38fa push eax
004c38fb call -$ba544 ($4093bc) ; segment%3.public%1011 (PCMAV.exe)
004c38fb
004c3900 mov eax, [ebp-4]
004c3903 call -$138dc ($4b002c) ; segment%55.public%5292 (PCMAV.exe)
004c3903
004c3908 mov ebx, eax
004c390a call -$ba93b ($408fd4) ; segment%3.public%886 (PCMAV.exe)
004c390a
004c390f cmp ebx, eax
004c3911 jz loc_4c3918
004c3911
004c3913 xor eax, eax
004c3915 mov [ebp-$1c], eax
004c3913
004c3918 loc_4c3918:
004c3918 xor eax, eax
004c391a pop edx
004c391b pop ecx
004c391c pop ecx
004c391d mov fs:[eax], edx
004c3920 push $4c3935
004c391d
004c3925 loc_4c3925:
004c3925 mov eax, [ebp-4]
004c3928 call -$309 ($4c3624) ; segment%59.public%5889 (PCMAV.exe)
004c3928
004c392d ret
004c392d
004c392d ; ---------------------------------------------------------
004c392d
004c392e jmp -$be9e3 ($404f50) ; segment%0.public%227 (PCMAV.exe)
004c392e
004c3933 jmp loc_4c3925
004c3933
004c3933 ; ---------------------------------------------------------
004c3933
004c3935 xor eax, eax
004c3937 pop edx
004c3938 pop ecx
004c3939 pop ecx
004c393a mov fs:[eax], edx
004c393d push $4c39d9
004c393a
004c3942 loc_4c3942:
004c3942 mov eax, [$6aaeb4]
004c3947 mov eax, [eax+$48]
004c394a cmp eax, [ebp-$18]
004c394d jnz loc_4c395f
004c394d
004c394f movzx edx, word ptr [ebp-$12]
004c3953 mov eax, [$6aaeb4]
004c3958 call +$1467 ($4c4dc4) ; segment%59.public%5966 (PCMAV.exe)
004c3958
004c395d jmp loc_4c396b
004c395d
004c395d ; ---------------------------------------------------------
004c395d
004c395f loc_4c395f:
004c395f xor edx, edx
004c3961 mov eax, [$6aaeb4]
004c3966 call +$1459 ($4c4dc4) ; segment%59.public%5966 (PCMAV.exe)
004c3966
004c396b loc_4c396b:
004c396b mov eax, [ebp-$c]
004c396e call -$76a3 ($4bc2d0) ; segment%59.public%5667 (PCMAV.exe)
004c396e
004c3973 mov eax, [$6aaeb4]
004c3978 mov ebx, [eax+$7c]
004c397b cmp dword ptr [ebx+8], 0
004c397f jle loc_4c39a3
004c397f
004c3981 mov eax, ebx
004c3983 call -$55f90 ($46d9f8) ; segment%31.public%3068 (PCMAV.exe)
004c3983
004c3988 mov esi, eax
004c398a mov eax, [$6aaeb4]
004c398f mov [eax+$78], esi
004c3992 mov edx, esi
004c3994 mov eax, [$6aaeb4]
004c3999 mov eax, [eax+$7c]
004c399c call -$55e05 ($46db9c) ; segment%31.public%3076 (PCMAV.exe)
004c399c
004c39a1 jmp loc_4c39ad
004c39a1
004c39a1 ; ---------------------------------------------------------
004c39a1
004c39a3 loc_4c39a3:
004c39a3 mov eax, [$6aaeb4]
004c39a8 xor edx, edx
004c39aa mov [eax+$78], edx
004c39a8
004c39ad loc_4c39ad:
004c39ad cmp dword ptr [ebp-$1c], 0
004c39b1 jz loc_4c39bc
004c39b1
004c39b3 mov eax, [ebp-$1c]
004c39b6 push eax
004c39b7 call -$ba5d0 ($4093ec) ; segment%3.public%1017 (PCMAV.exe)
004c39b7
004c39bc loc_4c39bc:
004c39bc mov eax, [ebp-$10]
004c39bf call -$7958 ($4bc06c) ; segment%59.public%5661 (PCMAV.exe)
004c39bf
004c39c4 mov eax, [ebp-4]
004c39c7 and byte ptr [eax+$358], -9
004c39ce ret
004c39ce
004c39ce ; ---------------------------------------------------------
004c39ce
004c39cf jmp -$bea84 ($404f50) ; segment%0.public%227 (PCMAV.exe)
004c39cf
004c39d4 jmp loc_4c3942
004c39d4
004c39d4 ; ---------------------------------------------------------
004c39d4
004c39d9 xor eax, eax
004c39db pop edx
004c39dc pop ecx
004c39dd pop ecx
004c39de mov fs:[eax], edx
004c39e1 push $4c39f8
004c39de
004c39e6 loc_4c39e6:
004c39e6 mov eax, [$6aaeb0]
004c39eb call +$255c ($4c5f4c) ; segment%59.public%5999 (PCMAV.exe)
004c39eb
004c39f0 ret
004c39f0
004c39f0 ; ---------------------------------------------------------
004c39f0
004c39f1 jmp -$beaa6 ($404f50) ; segment%0.public%227 (PCMAV.exe)
004c39f1
004c39f6 jmp loc_4c39e6
004c39f6
004c39f6 ; ---------------------------------------------------------
004c39f6
004c39f8 xor eax, eax
004c39fa pop edx
004c39fb pop ecx
004c39fc pop ecx
004c39fd mov fs:[eax], edx
004c3a00 push $4c3a15
004c39fd
004c3a05 loc_4c3a05:
004c3a05 lea eax, [ebp-$20]
004c3a08 call -$be28d ($405780) ; segment%0.public%253 (PCMAV.exe)
004c3a08
004c3a0d ret
004c3a0d
004c3a0d ; ---------------------------------------------------------
004c3a0d
004c3a0e jmp -$beac3 ($404f50) ; segment%0.public%227 (PCMAV.exe)
004c3a0e
004c3a13 jmp loc_4c3a05
004c3a13
004c3a13 ; ---------------------------------------------------------
004c3a13
004c3a15 mov eax, [ebp-8]
004c3a18 pop esi
004c3a19 pop ebx
004c3a1a mov esp, ebp
004c3a1c pop ebp
004c3a1d ret
Last edited by Rahman (02-02-2012 05:24:41)
PC Media © 2010 - 2013. Powered by PunBB.
[ Generated in 0.033 seconds, 8 queries executed ]