Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 43) Position 1 = 15, Position 2 = 133
Branch analysis from position: 15
1 jumps found. (Code = 42) Position 1 = 143
Branch analysis from position: 143
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 133
1 jumps found. (Code = 62) Position 1 = -2
filename: /in/5GEd3
function name: (null)
number of ops: 144
compiled vars: !0 = $ntlmpacket, !1 = $B, !2 = $dLen, !3 = $dOff, !4 = $uLen, !5 = $wLen, !6 = $start, !7 = $end
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
2 0 E > INIT_FCALL 'mb_convert_encoding'
1 INIT_FCALL 'base64_decode'
2 SEND_VAL 'TlRMTVNTUAACAAAADgAOADgAAAAVgoniFvduRcv1%2Fb4AAAAAAAAAAJYAlgBGAAAABgGxHQAAAA9IAE8AUwBUAEkATgBHAAIADgBIAE8AUwBUAEkATgBHAAEAEABIAC0AQQBQAFAANAAyADMABAAWAGgAbwBzAHQAaQBuAGcALgBzAGMAYQADACgAaAAtAGEAcABwADQAMgAzAC4AaABvAHMAdABpAG4AZwAuAHMAYwBhAAUAFgBoAG8AcwB0AGkAbgBnAC4AcwBjAGEABwAIAHdK4ofuN9EBAAAAAA%3D%3D'
3 DO_ICALL $8
4 SEND_VAR $8
5 DO_ICALL $9
6 ASSIGN !0, $9
4 7 INIT_FCALL 'substr'
8 SEND_VAR !0
9 SEND_VAL 8
10 SEND_VAL 8
11 DO_ICALL $11
12 CAST 4 ~12 $11
13 IS_EQUAL ~12, 3
14 > JMPZ ~13, ->133
6 15 > INIT_FCALL 'substr'
16 SEND_VAR !0
17 SEND_VAL 28
18 SEND_VAL 51
19 DO_ICALL $14
20 ASSIGN !1, $14
8 21 INIT_FCALL 'substr'
22 SEND_VAR !1
23 SEND_VAL 0
24 SEND_VAL 0
25 DO_ICALL $16
26 CAST 4 ~17 $16
10 27 INIT_FCALL 'substr'
28 SEND_VAR !1
29 SEND_VAL 1
30 SEND_VAL 1
31 DO_ICALL $18
32 CAST 4 ~19 $18
33 MUL ~20 ~19, 256
34 ADD ~21 ~17, ~20
8 35 ASSIGN !2, ~21
12 36 INIT_FCALL 'substr'
37 SEND_VAR !1
38 SEND_VAL 4
39 SEND_VAL 4
40 DO_ICALL $23
41 CAST 4 ~24 $23
14 42 INIT_FCALL 'substr'
43 SEND_VAR !1
44 SEND_VAL 5
45 SEND_VAL 5
46 DO_ICALL $25
47 CAST 4 ~26 $25
48 MUL ~27 ~26, 256
49 ADD ~28 ~24, ~27
16 50 INIT_FCALL 'substr'
51 SEND_VAR !1
52 SEND_VAL 6
53 SEND_VAL 6
54 DO_ICALL $29
55 CAST 4 ~30 $29
56 MUL ~31 ~30, 65536
57 ADD ~32 ~28, ~31
18 58 INIT_FCALL 'substr'
59 SEND_VAR !1
60 SEND_VAL 7
61 SEND_VAL 7
62 DO_ICALL $33
63 CAST 4 ~34 $33
64 MUL ~35 ~34, 16777216
65 ADD ~36 ~32, ~35
12 66 ASSIGN !3, ~36
20 67 INIT_FCALL 'substr'
68 SEND_VAR !1
69 SEND_VAL 8
70 SEND_VAL 8
71 DO_ICALL $38
72 CAST 4 ~39 $38
22 73 INIT_FCALL 'substr'
74 SEND_VAR !1
75 SEND_VAL 9
76 SEND_VAL 9
77 DO_ICALL $40
78 CAST 4 ~41 $40
79 MUL ~42 ~41, 256
80 ADD ~43 ~39, ~42
20 81 ASSIGN !4, ~43
24 82 INIT_FCALL 'substr'
83 SEND_VAR !1
84 SEND_VAL 16
85 SEND_VAL 16
86 DO_ICALL $45
87 CAST 4 ~46 $45
26 88 INIT_FCALL 'substr'
89 SEND_VAR !1
90 SEND_VAL 17
91 SEND_VAL 17
92 DO_ICALL $47
93 CAST 4 ~48 $47
94 MUL ~49 ~48, 256
95 ADD ~50 ~46, ~49
24 96 ASSIGN !5, ~50
28 97 INIT_FCALL 'substr'
98 SEND_VAR !0
99 SEND_VAR !3
100 ADD ~52 !3, !2
101 SUB ~53 ~52, 1
102 SEND_VAL ~53
103 DO_ICALL $54
104 ADD ~55 'NTLM_Domain', $54
105 ECHO ~55
29 106 INIT_FCALL 'substr'
107 SEND_VAR !0
108 ADD ~56 !3, !2
109 SEND_VAL ~56
110 ADD ~57 !3, !2
111 ADD ~58 ~57, !4
112 SUB ~59 ~58, 1
113 SEND_VAL ~59
114 DO_ICALL $60
115 ADD ~61 'NTLM_User', $60
116 ECHO ~61
30 117 ADD ~62 !3, !2
118 ADD ~63 ~62, !4
119 ASSIGN !6, ~63
31 120 ADD ~65 !3, !2
121 ADD ~66 ~65, !4
122 ADD ~67 ~66, !5
123 SUB ~68 ~67, 1
124 ASSIGN !7, ~68
32 125 INIT_FCALL 'substr'
126 SEND_VAR !0
127 SEND_VAR !6
128 SEND_VAR !7
129 DO_ICALL $70
130 ADD ~71 'NTLM_Workstation', $70
131 ECHO ~71
132 > JMP ->143
35 133 > ECHO '%3A%28'
36 134 INIT_FCALL_BY_NAME 'dump'
135 INIT_FCALL 'substr'
136 SEND_VAR !0
137 SEND_VAL 8
138 SEND_VAL 8
139 DO_ICALL $72
140 SEND_VAR_NO_REF_EX $72
141 DO_FCALL 0 $73
142 ECHO $73
37 143 > > RETURN 1
Generated using Vulcan Logic Dumper, using php 8.0.0