[crypt3r]

Hello Guys,
i am reversing a malware sample .but getting stucked in a loop below.the line writeen in the bold letter generated random letter like "/2","/lm32" etc to EDX.The thing is that ECX doesnot contains any contents memory ,so only register address will be added

004011F7 > 8BD4 MOV EDX,ESP
004011F9 . 03E1 ADD ESP,ECX
004011FB . 4C DEC ESP
004011FC . 66:8B3C24 MOV DI,WORD PTR [ESP]
00401200 . 8BE2 MOV ESP,EDX
00401202 . 8BD6 MOV EDX,ESI
00401204 . 03D1 ADD EDX,ECX
00401206 . 50 PUSH EAX
00401207 . 03C2 ADD EAX,EDX
00401209 . 2D 01000000 SUB EAX,1
0040120E . 81E7 FFFF0000 AND EDI,0FFFF
00401214 . 52 PUSH EDX
00401215 . 8BD7 MOV EDX,EDI
00401217 . 8810 MOV BYTE PTR [EAX],DL
00401219 . 5A POP EDX
0040121A . 58 POP EAX
0040121B . 49 DEC ECX
0040121C . 83F9 00 CMP ECX,0
0040121F . 0F84 02000000 JE test.00401227
00401225 .^ EB D0 JMP SHORT test.004011F7
i am adding the below screenshots before stepin and afetr stepout.
please let me know what is happening there

[EP_X0FF]

Maybe you will attach file instead?

[Vrtule]

EXC seems to indicate how many loop iterations to execute. It seems not to contain any memory address. I see no write access through EXC (and no write access to EXC itself except that decrement at the end of each loop). I am quite unsure what you'd like to know.

[TSION]

EXC seems to indicate how many loop iterations to execute. It seems not to contain any memory address. I see no write access through EXC (and no write access to EXC itself except that decrements at the end of each loop). I am quite unsure what you'd like to know.

To extend on what was previously stated in Vrtules analysis my best guess from looking at your analysis attempts is that this For-looping algorithm seems to be iterating through some type of C:\Windows\System32 directory, but as of reading this post I am unsure what your goal in understanding this particular algorithm, what you should do to gain an understanding is maybe transform the Asm snippets you are unsure of into Psudeo C-Code/C++ Code, there are many effective tools at doing this. Such as Ida Decompiler(x64/x86) and so on. In the furture you should post more details on the assumptions/insights of your analysis so that we can better answer your questions.