Size: 363008(354.50 KiB) Operation system: Windows(Server 2003) Architecture: AMD64 Mode: 64-bit Type: GUI Endianness: LE
MD5 : 77bc5d5c49245b9f88fe6bded397108f
SHA256: 358db3f59be3d16cbb21f426c1a1b3ddebc14b5fc9878af03e3140673c10a2df
CloseHandle
ConnectNamedPipe
CreateFileA
CreateNamedPipeA
CreateThread
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
ReadFile
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualProtect
VirtualQuery
WriteFile
358db3f59be3d16cbb21f426c1a1b3ddebc14b5fc9878af03e3140673c10a2df.exe.gzf
358db3f59be3d16cbb21f426c1a1b3ddebc14b5fc9878af03e3140673c10a2df.exe.c
358db3f59be3d16cbb21f426c1a1b3ddebc14b5fc9878af03e3140673c10a2df.exe.html
user defined functions
Ghidra Graph of flow of the program
void InitializeNamedPipeServer(void)
{
DWORD tick_count;
undefined4 pipe_prefix;
undefined8 unused_stack_var;
/* \\\\.\\pipe\\MSSE-<number>-server */
pipe_prefix = (undefined4)((ulonglong)unused_stack_var >> L' ');
tick_count = GetTickCount();
sprintf(&pipe_naame,"%c%c%c%c%c%c%c%c%cMSSE-%d-server",L'\\\\',L'\\\\',L'.',
CONCAT44(pipe_prefix,L'\\\\'),L'p',L'i',L'p',L'e',L'\\\\',tick_count % L'⚪');
CreateThread((LPSECURITY_ATTRIBUTES)0x0,0,(LPTHREAD_START_ROUTINE)&LAB_004016e4,(LPVOID)0x0,0,
(LPDWORD)L'\\0');
ProcessNamePipeData();
return;
tick_count: Stores milliseconds since the system started.pipe_prefix: Holds part of the named pipe's prefix (data type appears to be unconventional).unused_stack_var: An unused variable, possibly from earlier code.\\\\.\\pipe\\MSSE-<number>-server, where <number> is derived from GetTickCount() modulo a constant.&LAB_004016e4, with default security settings.