Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 43) Position 1 = 12, Position 2 = 130
Branch analysis from position: 12
1 jumps found. (Code = 42) Position 1 = 140
Branch analysis from position: 140
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 130
1 jumps found. (Code = 62) Position 1 = -2
filename: /in/uDTue
function name: (null)
number of ops: 141
compiled vars: !0 = $ntlmpacket, !1 = $B, !2 = $dLen, !3 = $dOff, !4 = $uLen, !5 = $wLen, !6 = $start, !7 = $end
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
2 0 E > INIT_FCALL 'base64_decode'
1 SEND_VAL 'TlRMTVNTUAACAAAADgAOADgAAAAVgoniFvduRcv1%2Fb4AAAAAAAAAAJYAlgBGAAAABgGxHQAAAA9IAE8AUwBUAEkATgBHAAIADgBIAE8AUwBUAEkATgBHAAEAEABIAC0AQQBQAFAANAAyADMABAAWAGgAbwBzAHQAaQBuAGcALgBzAGMAYQADACgAaAAtAGEAcABwADQAMgAzAC4AaABvAHMAdABpAG4AZwAuAHMAYwBhAAUAFgBoAG8AcwB0AGkAbgBnAC4AcwBjAGEABwAIAHdK4ofuN9EBAAAAAA%3D%3D'
2 DO_ICALL $8
3 ASSIGN !0, $8
4 4 INIT_FCALL 'substr'
5 SEND_VAR !0
6 SEND_VAL 8
7 SEND_VAL 8
8 DO_ICALL $10
9 CAST 4 ~11 $10
10 IS_EQUAL ~11, 3
11 > JMPZ ~12, ->130
6 12 > INIT_FCALL 'substr'
13 SEND_VAR !0
14 SEND_VAL 28
15 SEND_VAL 51
16 DO_ICALL $13
17 ASSIGN !1, $13
8 18 INIT_FCALL 'substr'
19 SEND_VAR !1
20 SEND_VAL 0
21 SEND_VAL 0
22 DO_ICALL $15
23 CAST 4 ~16 $15
10 24 INIT_FCALL 'substr'
25 SEND_VAR !1
26 SEND_VAL 1
27 SEND_VAL 1
28 DO_ICALL $17
29 CAST 4 ~18 $17
30 MUL ~19 ~18, 256
31 ADD ~20 ~16, ~19
8 32 ASSIGN !2, ~20
12 33 INIT_FCALL 'substr'
34 SEND_VAR !1
35 SEND_VAL 4
36 SEND_VAL 4
37 DO_ICALL $22
38 CAST 4 ~23 $22
14 39 INIT_FCALL 'substr'
40 SEND_VAR !1
41 SEND_VAL 5
42 SEND_VAL 5
43 DO_ICALL $24
44 CAST 4 ~25 $24
45 MUL ~26 ~25, 256
46 ADD ~27 ~23, ~26
16 47 INIT_FCALL 'substr'
48 SEND_VAR !1
49 SEND_VAL 6
50 SEND_VAL 6
51 DO_ICALL $28
52 CAST 4 ~29 $28
53 MUL ~30 ~29, 65536
54 ADD ~31 ~27, ~30
18 55 INIT_FCALL 'substr'
56 SEND_VAR !1
57 SEND_VAL 7
58 SEND_VAL 7
59 DO_ICALL $32
60 CAST 4 ~33 $32
61 MUL ~34 ~33, 16777216
62 ADD ~35 ~31, ~34
12 63 ASSIGN !3, ~35
20 64 INIT_FCALL 'substr'
65 SEND_VAR !1
66 SEND_VAL 8
67 SEND_VAL 8
68 DO_ICALL $37
69 CAST 4 ~38 $37
22 70 INIT_FCALL 'substr'
71 SEND_VAR !1
72 SEND_VAL 9
73 SEND_VAL 9
74 DO_ICALL $39
75 CAST 4 ~40 $39
76 MUL ~41 ~40, 256
77 ADD ~42 ~38, ~41
20 78 ASSIGN !4, ~42
24 79 INIT_FCALL 'substr'
80 SEND_VAR !1
81 SEND_VAL 16
82 SEND_VAL 16
83 DO_ICALL $44
84 CAST 4 ~45 $44
26 85 INIT_FCALL 'substr'
86 SEND_VAR !1
87 SEND_VAL 17
88 SEND_VAL 17
89 DO_ICALL $46
90 CAST 4 ~47 $46
91 MUL ~48 ~47, 256
92 ADD ~49 ~45, ~48
24 93 ASSIGN !5, ~49
28 94 INIT_FCALL 'substr'
95 SEND_VAR !0
96 SEND_VAR !3
97 ADD ~51 !3, !2
98 SUB ~52 ~51, 1
99 SEND_VAL ~52
100 DO_ICALL $53
101 ADD ~54 'NTLM_Domain', $53
102 ECHO ~54
29 103 INIT_FCALL 'substr'
104 SEND_VAR !0
105 ADD ~55 !3, !2
106 SEND_VAL ~55
107 ADD ~56 !3, !2
108 ADD ~57 ~56, !4
109 SUB ~58 ~57, 1
110 SEND_VAL ~58
111 DO_ICALL $59
112 ADD ~60 'NTLM_User', $59
113 ECHO ~60
30 114 ADD ~61 !3, !2
115 ADD ~62 ~61, !4
116 ASSIGN !6, ~62
31 117 ADD ~64 !3, !2
118 ADD ~65 ~64, !4
119 ADD ~66 ~65, !5
120 SUB ~67 ~66, 1
121 ASSIGN !7, ~67
32 122 INIT_FCALL 'substr'
123 SEND_VAR !0
124 SEND_VAR !6
125 SEND_VAR !7
126 DO_ICALL $69
127 ADD ~70 'NTLM_Workstation', $69
128 ECHO ~70
129 > JMP ->140
35 130 > ECHO '%3A%28'
36 131 INIT_FCALL_BY_NAME 'dump'
132 INIT_FCALL 'substr'
133 SEND_VAR !0
134 SEND_VAL 8
135 SEND_VAL 8
136 DO_ICALL $71
137 SEND_VAR_NO_REF_EX $71
138 DO_FCALL 0 $72
139 ECHO $72
37 140 > > RETURN 1
Generated using Vulcan Logic Dumper, using php 8.0.0