Finding entry points Branch analysis from position: 0 2 jumps found. (Code = 43) Position 1 = 12, Position 2 = 130 Branch analysis from position: 12 1 jumps found. (Code = 42) Position 1 = 140 Branch analysis from position: 140 1 jumps found. (Code = 62) Position 1 = -2 Branch analysis from position: 130 1 jumps found. (Code = 62) Position 1 = -2 filename: /in/uDTue function name: (null) number of ops: 141 compiled vars: !0 = $ntlmpacket, !1 = $B, !2 = $dLen, !3 = $dOff, !4 = $uLen, !5 = $wLen, !6 = $start, !7 = $end line #* E I O op fetch ext return operands ------------------------------------------------------------------------------------- 2 0 E > INIT_FCALL 'base64_decode' 1 SEND_VAL 'TlRMTVNTUAACAAAADgAOADgAAAAVgoniFvduRcv1%2Fb4AAAAAAAAAAJYAlgBGAAAABgGxHQAAAA9IAE8AUwBUAEkATgBHAAIADgBIAE8AUwBUAEkATgBHAAEAEABIAC0AQQBQAFAANAAyADMABAAWAGgAbwBzAHQAaQBuAGcALgBzAGMAYQADACgAaAAtAGEAcABwADQAMgAzAC4AaABvAHMAdABpAG4AZwAuAHMAYwBhAAUAFgBoAG8AcwB0AGkAbgBnAC4AcwBjAGEABwAIAHdK4ofuN9EBAAAAAA%3D%3D' 2 DO_ICALL $8 3 ASSIGN !0, $8 4 4 INIT_FCALL 'substr' 5 SEND_VAR !0 6 SEND_VAL 8 7 SEND_VAL 8 8 DO_ICALL $10 9 CAST 4 ~11 $10 10 IS_EQUAL ~11, 3 11 > JMPZ ~12, ->130 6 12 > INIT_FCALL 'substr' 13 SEND_VAR !0 14 SEND_VAL 28 15 SEND_VAL 51 16 DO_ICALL $13 17 ASSIGN !1, $13 8 18 INIT_FCALL 'substr' 19 SEND_VAR !1 20 SEND_VAL 0 21 SEND_VAL 0 22 DO_ICALL $15 23 CAST 4 ~16 $15 10 24 INIT_FCALL 'substr' 25 SEND_VAR !1 26 SEND_VAL 1 27 SEND_VAL 1 28 DO_ICALL $17 29 CAST 4 ~18 $17 30 MUL ~19 ~18, 256 31 ADD ~20 ~16, ~19 8 32 ASSIGN !2, ~20 12 33 INIT_FCALL 'substr' 34 SEND_VAR !1 35 SEND_VAL 4 36 SEND_VAL 4 37 DO_ICALL $22 38 CAST 4 ~23 $22 14 39 INIT_FCALL 'substr' 40 SEND_VAR !1 41 SEND_VAL 5 42 SEND_VAL 5 43 DO_ICALL $24 44 CAST 4 ~25 $24 45 MUL ~26 ~25, 256 46 ADD ~27 ~23, ~26 16 47 INIT_FCALL 'substr' 48 SEND_VAR !1 49 SEND_VAL 6 50 SEND_VAL 6 51 DO_ICALL $28 52 CAST 4 ~29 $28 53 MUL ~30 ~29, 65536 54 ADD ~31 ~27, ~30 18 55 INIT_FCALL 'substr' 56 SEND_VAR !1 57 SEND_VAL 7 58 SEND_VAL 7 59 DO_ICALL $32 60 CAST 4 ~33 $32 61 MUL ~34 ~33, 16777216 62 ADD ~35 ~31, ~34 12 63 ASSIGN !3, ~35 20 64 INIT_FCALL 'substr' 65 SEND_VAR !1 66 SEND_VAL 8 67 SEND_VAL 8 68 DO_ICALL $37 69 CAST 4 ~38 $37 22 70 INIT_FCALL 'substr' 71 SEND_VAR !1 72 SEND_VAL 9 73 SEND_VAL 9 74 DO_ICALL $39 75 CAST 4 ~40 $39 76 MUL ~41 ~40, 256 77 ADD ~42 ~38, ~41 20 78 ASSIGN !4, ~42 24 79 INIT_FCALL 'substr' 80 SEND_VAR !1 81 SEND_VAL 16 82 SEND_VAL 16 83 DO_ICALL $44 84 CAST 4 ~45 $44 26 85 INIT_FCALL 'substr' 86 SEND_VAR !1 87 SEND_VAL 17 88 SEND_VAL 17 89 DO_ICALL $46 90 CAST 4 ~47 $46 91 MUL ~48 ~47, 256 92 ADD ~49 ~45, ~48 24 93 ASSIGN !5, ~49 28 94 INIT_FCALL 'substr' 95 SEND_VAR !0 96 SEND_VAR !3 97 ADD ~51 !3, !2 98 SUB ~52 ~51, 1 99 SEND_VAL ~52 100 DO_ICALL $53 101 ADD ~54 'NTLM_Domain', $53 102 ECHO ~54 29 103 INIT_FCALL 'substr' 104 SEND_VAR !0 105 ADD ~55 !3, !2 106 SEND_VAL ~55 107 ADD ~56 !3, !2 108 ADD ~57 ~56, !4 109 SUB ~58 ~57, 1 110 SEND_VAL ~58 111 DO_ICALL $59 112 ADD ~60 'NTLM_User', $59 113 ECHO ~60 30 114 ADD ~61 !3, !2 115 ADD ~62 ~61, !4 116 ASSIGN !6, ~62 31 117 ADD ~64 !3, !2 118 ADD ~65 ~64, !4 119 ADD ~66 ~65, !5 120 SUB ~67 ~66, 1 121 ASSIGN !7, ~67 32 122 INIT_FCALL 'substr' 123 SEND_VAR !0 124 SEND_VAR !6 125 SEND_VAR !7 126 DO_ICALL $69 127 ADD ~70 'NTLM_Workstation', $69 128 ECHO ~70 129 > JMP ->140 35 130 > ECHO '%3A%28' 36 131 INIT_FCALL_BY_NAME 'dump' 132 INIT_FCALL 'substr' 133 SEND_VAR !0 134 SEND_VAL 8 135 SEND_VAL 8 136 DO_ICALL $71 137 SEND_VAR_NO_REF_EX $71 138 DO_FCALL 0 $72 139 ECHO $72 37 140 > > RETURN 1
Generated using Vulcan Logic Dumper, using php 8.0.0