i'm not posting the file cuz it contains the aspr envelope, which could possible contain other info. but if you must know here is the unpacked oep:
Quote:
00401000 > 6A 00 PUSH 0
00401002 E8 C1030000 CALL 004013C8
00401007 A3 C0314000 MOV DWORD PTR DS:[4031C0],EAX
0040100C 6A 00 PUSH 0
0040100E 68 2B104000 PUSH 0040102B
00401013 6A 00 PUSH 0
00401015 68 00304000 PUSH 00403000 ; ASCII "MainDialog"
0040101A FF35 C0314000 PUSH DWORD PTR DS:[4031C0]
00401020 E8 73030000 CALL 00401398
00401025 50 PUSH EAX
00401026 E8 97030000 CALL 004013C2 ; JMP to kernel32.ExitProcess
0040102B 55 PUSH EBP
0040102C 8BEC MOV EBP,ESP
0040102E 817D 0C 10010000 CMP DWORD PTR SS:[EBP+C],110
00401035 0F85 8E000000 JNZ 004010C9
0040103B FF75 08 PUSH DWORD PTR SS:[EBP+8]
0040103E 8F05 C4314000 POP DWORD PTR DS:[4031C4]
00401044 51 PUSH ECX
00401045 33C9 XOR ECX,ECX
00401047 51 PUSH ECX
00401048 8D81 28304000 LEA EAX,DWORD PTR DS:[ECX+403028]
0040104E 50 PUSH EAX
0040104F 6A 00 PUSH 0
00401051 68 43010000 PUSH 143
00401056 68 B80B0000 PUSH 0BB8
0040105B FF75 08 PUSH DWORD PTR SS:[EBP+8]
0040105E E8 4D030000 CALL 004013B0
00401063 59 POP ECX
00401064 83C1 05 ADD ECX,5
00401067 81F9 9B000000 CMP ECX,9B
0040106D ^ 75 D8 JNZ SHORT 00401047
0040106F 59 POP ECX
00401070 6A 00 PUSH 0
00401072 6A 00 PUSH 0
00401074 68 4E010000 PUSH 14E
00401079 68 B80B0000 PUSH 0BB8
0040107E FF75 08 PUSH DWORD PTR SS:[EBP+8]
|
I showed the lordpe screenshot to show it running and the size of the process.