Skip to main content

Gen.Variant.Buzy.3914_d86dc0768e


Trojan-Dropper.Win32.Agent.bjrmme (Kaspersky), Gen:Variant.Buzy.3914 (B) (Emsisoft), Gen:Variant.Buzy.3914 (AdAware), Trojan.Win32.FlyStudio.FD, Trojan.Win32.Swrort.3.FD, GenericEmailWorm.YR, GenericInjector.YR, TrojanFlyStudio.YR (Lavasoft MAS)Behaviour: Trojan-Dropper, Trojan, Worm, EmailWorm

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

MD5: d86dc0768e0ea415ac0ed66b37efba35

SHA1: 36ccbef104b1cfd82564240eea53aa1cbf54a532

SHA256: 106193fcc48a628bfa05131402c4b4d00d92dc1a4cf3a70d41965e040e670aa5

SSDeep: 49152:LWIgtpkC9jAvP8ZDFTOI2DrLBt6PTHLA3OG0YULrXcJ:lGptjwMDFkdt67LO/fU/sJ

Size: 2879006 bytes

File type: EXE

Platform: WIN32

Entropy: Probably Packed

PEID: UPolyXv05_v6

Company: no certificate found

Created at: 2011-04-04 08:49:22

Analyzed on: WindowsXP SP3 32-bit

Summary: Trojan-Dropper. Trojan program, intended for stealth installation of other malware into user's system.

Dynamic Analysis

Payload

Behaviour Description
EmailWormWorm can send e-mails.


Process activity

The Trojan creates the following process(es):

%original file name%.exe:168

The Trojan injects its code into the following process(es):No processes have been created.

Mutexes

The following mutexes were created/opened:

RasPbFileShimCacheMutex

File activity

No files have been created.

Registry activity

The process %original file name%.exe:168 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

Dropped PE files

There are no dropped PE files.

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

Removals

Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.

Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    %original file name%.exe:168

  2. Delete the original Trojan file.
*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Static Analysis

VersionInfo

Company Name: Copyright (C) 2010 Www.Hookdlq.Com
Product Name: JavaDlq
Product Version: 1.0.0.0
Legal Copyright: Copyright (C) 2010 Www.Hookdlq.Com ????
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 1.0.0.0
File Description: JAVA???
Comments: JAVADLQ
Language: Language Neutral

Company Name: Copyright (C) 2010 Www.Hookdlq.ComProduct Name: JavaDlqProduct Version: 1.0.0.0Legal Copyright: Copyright (C) 2010 Www.Hookdlq.Com ????Legal Trademarks: Original Filename: Internal Name: File Version: 1.0.0.0File Description: JAVA???Comments: JAVADLQLanguage: Language Neutral

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text40969335119338884.49713c86bf2fd3ade530584e297a7d4970604
CODE9379843387683389444.58127e3152f3849cb81408b388a18b7487c9b
.rdata12779528462868463364.679051ca96fc041b1caa7a80ac7bd5439959b
.data2125824207404675843.93279b273bd9bd001e3c529163a89878f9504
DATA233472069260696325.14547b976e89ff5af8a037f285f69212e7ee7
BSS24043522578526112009117bd1c93e17d89f54fa63cc98bd31
.rsrc243302420384204803.19314f2f172594f04d5ec0aa192fa7e9a7db9
.reloc24535041051961054723.440018edd7f98ec3c1d06f3a432cfbe991b07

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Network Activity

URLs

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

Map

The Trojan connects to the servers at the folowing location(s):

Strings from Dumps

%original file name%.exe_168:

.text

.text

`.rdata

`.rdata

@.data

@.data

.rsrc

.rsrc

@.reloc

@.reloc

t%SVh

t%SVh

t$(SSh

t$(SSh

|$D.tm

|$D.tm

~%UVW

~%UVW

u$SShe

u$SShe

kernel32.dll

kernel32.dll

$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)

$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)

oleaut32.dll

oleaut32.dll

EVariantBadIndexError

EVariantBadIndexError

u%CNu

u%CNu

Uh.bO

Uh.bO

MaxKeySize

MaxKeySize

Invalid key size

Invalid key size

%UUUU1E

%UUUU1E

%UUUU3

%UUUU3

5 passes)

5 passes)

1.2.3

1.2.3

DB00735E-CFFB-47E6-B060-BB0D74008B7A

DB00735E-CFFB-47E6-B060-BB0D74008B7A

94-401@163.com

94-401@163.com

advapi32.dll

advapi32.dll

psapi.dll

psapi.dll

ntdll.dll

ntdll.dll

user32.dll

user32.dll

gdi32.dll

gdi32.dll

shlwapi.dll

shlwapi.dll

VERSION.DLL

VERSION.DLL

shell32.dll

shell32.dll

KERNEL32.DLL

KERNEL32.DLL

NTDLL.DLL

NTDLL.DLL

ole32.dll

ole32.dll

atl.dll

atl.dll

urlmon.dll

urlmon.dll

unrar.dll

unrar.dll

wininet.dll

wininet.dll

Kernel32.dll

Kernel32.dll

SetWindowsHookExA

SetWindowsHookExA

GetWindowsDirectoryA

GetWindowsDirectoryA

EnumWindows

EnumWindows

RegOpenKeyA

RegOpenKeyA

RegCloseKey

RegCloseKey

URLDownloadToFileA

URLDownloadToFileA

HttpOpenRequestA

HttpOpenRequestA

HttpSendRequestA

HttpSendRequestA

HttpQueryInfoA

HttpQueryInfoA

H@debug.ini

H@debug.ini

*.wix

*.wix

\krnln.fnr

\krnln.fnr

\Data\NewDragon.wix

\Data\NewDragon.wix

\Data\NewDragon.wil

\Data\NewDragon.wil

\GQInfo.conf

\GQInfo.conf

\GQModule.dat

\GQModule.dat

\shell.fne

\shell.fne

\krnln.fne

\krnln.fne

*.Dat|*.dll|*.key|*.exe

*.Dat|*.dll|*.key|*.exe

\!Game.ini

\!Game.ini

\Data\37000.txt

\Data\37000.txt

mir1.dat

mir1.dat

*.oue

*.oue

\drivers\GamesGuard.dat

\drivers\GamesGuard.dat

\drivers\GamesGuard.dat\

\drivers\GamesGuard.dat\

\drivers\GamesGuard.dat\...\

\drivers\GamesGuard.dat\...\

\drivers\GamesGuardNet.dat

\drivers\GamesGuardNet.dat

\drivers\GamesGuardNet.dat\

\drivers\GamesGuardNet.dat\

\drivers\GamesGuardNet.dat\...\

\drivers\GamesGuardNet.dat\...\

\drivers\GamesGuardNetAAWF.dat

\drivers\GamesGuardNetAAWF.dat

\drivers\GamesGuardNetAAWF.dat\

\drivers\GamesGuardNetAAWF.dat\

\drivers\GamesGuardNetAAWF.dat\...\

\drivers\GamesGuardNetAAWF.dat\...\

Explorer.exe

Explorer.exe

\Data\npc.wil

\Data\npc.wil

.rdata

.rdata

.data

.data

.reloc

.reloc

.aspack

.aspack

.adata

.adata

0tJ.XDK

0tJ.XDK

MSVCRT.dll

MSVCRT.dll

GetProcessHeap

GetProcessHeap

KERNEL32.dll

KERNEL32.dll

RegCreateKeyExA

RegCreateKeyExA

ADVAPI32.dll

ADVAPI32.dll

USER32.dll

USER32.dll

OLEAUT32.dll

OLEAUT32.dll

SkyGuard.dll

SkyGuard.dll

The procedure entry point %s could not be located in the dynamic link library %s

The procedure entry point %s could not be located in the dynamic link library %s

The ordinal %u could not be located in the dynamic link library %s

The ordinal %u could not be located in the dynamic link library %s

msvcrt.dll

msvcrt.dll

\Bass.dll

\Bass.dll

WINMM.dll

WINMM.dll

MSACM32.dll

MSACM32.dll

BASS_GetCPU

BASS_GetCPU

BASS_StreamCreateURL

BASS_StreamCreateURL

BASS.dll

BASS.dll

zVt.IZE;"

zVt.IZE;"

.N.pub

.N.pub

\b.rZ$

\b.rZ$

l.pW/

l.pW/

JKecRt

JKecRt

J%fpS

J%fpS

3%x'=

3%x'=

ÃŽwG

ÃŽwG

5%xUmQ

5%xUmQ

.bA>.IP

.bA>.IP

.ZTYQ

.ZTYQ

.kD85

.kD85

57%C

57%C

127.0.0.1

127.0.0.1

winmm.dll

winmm.dll

131,61,20,0,160

131,61,20,0,160

127.0.0.1

127.0.0.1

ShowInitialMsg

ShowInitialMsg

ServerPort

ServerPort

LoginNo

LoginNo

20100708

20100708

WS2_32.dll

WS2_32.dll

SHLWAPI.dll

SHLWAPI.dll

PSAPI.DLL

PSAPI.DLL

Call.dll

Call.dll

GetCPU_NT

GetCPU_NT

EndSpeedupWindows

EndSpeedupWindows

StartSpeedupWindows

StartSpeedupWindows

wsock32.dll

wsock32.dll

WS2_32.DLL

WS2_32.DLL

0,0,0,0,0

0,0,0,0,0

ws2_32.dll

ws2_32.dll

program internal error number is %d. (0x%Xh)

program internal error number is %d. (0x%Xh)

4_5

4_5

Ev9gxjswKSGNH7DaV/8J46YZuTpbFMnIc0CB5Oydfik1mze3RUloqWQrL2P XthAkey

Ev9gxjswKSGNH7DaV/8J46YZuTpbFMnIc0CB5Oydfik1mze3RUloqWQrL2P XthAkey

Software\Microsoft\Windows\ShellNoRoam\MUICache

Software\Microsoft\Windows\ShellNoRoam\MUICache

Mir.exe

Mir.exe

mirsettings.exe

mirsettings.exe

GameLogin.exe

GameLogin.exe

,0,0,0,0,0

,0,0,0,0,0

00,00,00

00,00,00

\Data\FullScreen.ini

\Data\FullScreen.ini

\Data\Hum.wil

\Data\Hum.wil

\DlqTemp.tmp

\DlqTemp.tmp

wshom.ocx

wshom.ocx

WindowStyle

WindowStyle

Hotkey

Hotkey

Http://

Http://

.rar|

.rar|

\unrar.dll

\unrar.dll

$tnue4.Qb

$tnue4.Qb

&.XBHX

&.XBHX

CryptKeyCa

CryptKeyCa

.IqY%

.IqY%

t%s2>

t%s2>

*1L.aK

*1L.aK

RH%S$

RH%S$

!]H%s

!]H%s

4AEmncs,%UnZA

4AEmncs,%UnZA

?e.SIMULATE_TLS: w

?e.SIMULATE_TLS: w

01234567

01234567

!"#$%&'1* ,-./

!"#$%&'1* ,-./

ADVAPI32.DLL

ADVAPI32.DLL

USER32.DLL

USER32.DLL

RARSetPassword

RARSetPassword

_unrar.dll

_unrar.dll

Data\Magic.wil

Data\Magic.wil

Data\Hum.wil

Data\Hum.wil

usp10.dll

usp10.dll

lpk.dll

lpk.dll

\windows\

\windows\

hXXp://

hXXp://

cA.tmp

cA.tmp

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)

HTTP/1.1

HTTP/1.1

anonymous@123.com

anonymous@123.com

.exe|.rar|.zip|.gif|.jpg|.mp3|.rm

.exe|.rar|.zip|.gif|.jpg|.mp3|.rm

2007:02:08 00:21:47

2007:02:08 00:21:47

urlTEXT

urlTEXT

MsgeTEXT

MsgeTEXT

HhXXp://ns.adobe.com/xap/1.0/

HhXXp://ns.adobe.com/xap/1.0/

xmlns:xapMM='hXXp://ns.adobe.com/xap/1.0/mm/'>

xmlns:xapMM='hXXp://ns.adobe.com/xap/1.0/mm/'>

adobe:docid:photoshop:2a1d2139-b6c7-11db-acec-9e30b1af2652

adobe:docid:photoshop:2a1d2139-b6c7-11db-acec-9e30b1af2652

2007:02:08 00:22:49

2007:02:08 00:22:49

adobe:docid:photoshop:4e9d50c2-b6c7-11db-acec-9e30b1af2652

adobe:docid:photoshop:4e9d50c2-b6c7-11db-acec-9e30b1af2652

2007:02:08 00:19:48

2007:02:08 00:19:48

adobe:docid:photoshop:d8f3e0ca-b6c6-11db-acec-9e30b1af2652

adobe:docid:photoshop:d8f3e0ca-b6c6-11db-acec-9e30b1af2652

2007:02:08 00:21:01

2007:02:08 00:21:01

adobe:docid:photoshop:2a1d2130-b6c7-11db-acec-9e30b1af2652

adobe:docid:photoshop:2a1d2130-b6c7-11db-acec-9e30b1af2652

2007:02:08 00:20:05

2007:02:08 00:20:05

adobe:docid:photoshop:06fc66c3-b6c7-11db-acec-9e30b1af2652

adobe:docid:photoshop:06fc66c3-b6c7-11db-acec-9e30b1af2652

2007:02:08 00:20:38

2007:02:08 00:20:38

adobe:docid:photoshop:06fc66c7-b6c7-11db-acec-9e30b1af2652

adobe:docid:photoshop:06fc66c7-b6c7-11db-acec-9e30b1af2652

WsJ.ZS

WsJ.ZS

#.XsG

#.XsG

9'i%f

9'i%f

F..Vxb

F..Vxb

2007:02:08 00:30:39

2007:02:08 00:30:39

.IBR

.IBR

adobe:docid:photoshop:86252390-b6c8-11db-acec-9e30b1af2652

adobe:docid:photoshop:86252390-b6c8-11db-acec-9e30b1af2652

(,%DP

(,%DP

2007:02:08 00:31:10

2007:02:08 00:31:10

adobe:docid:photoshop:86252395-b6c8-11db-acec-9e30b1af2652

adobe:docid:photoshop:86252395-b6c8-11db-acec-9e30b1af2652

-S|K.HQmm

-S|K.HQmm

:1975/08/21

:1975/08/21

1976/09/28

1976/09/28

xljsq.dll

xljsq.dll

putao.dll

putao.dll

pttd.dll

pttd.dll

Inject.dll

Inject.dll

pk.dll

pk.dll

speed.dll

speed.dll

inproc.dll

inproc.dll

GearNtKe.dll

GearNtKe.dll

speederDll.dll

speederDll.dll

BYFZCQSJ.dll

BYFZCQSJ.dll

ntport.dll

ntport.dll

JSHJ.dll

JSHJ.dll

cmdok.dll

cmdok.dll

ymwj.dll

ymwj.dll

NTPerf.dll

NTPerf.dll

fiendlib.dll

fiendlib.dll

vipstart.dll

vipstart.dll

csbfw.dll

csbfw.dll

gamedll.dll

gamedll.dll

Woool.dll

Woool.dll

Hero.dll

Hero.dll

speedUp.exe

speedUp.exe

speeder.exe

speeder.exe

socket.dll

socket.dll

Soul.dll

Soul.dll

mydll.dll

mydll.dll

51jx.dll

51jx.dll

fiendlib1014.dll

fiendlib1014.dll

speedext.dll

speedext.dll

BException.dll

BException.dll

stdlib.vbs

stdlib.vbs

babout.dll

babout.dll

ZNTPORT.SYS

ZNTPORT.SYS

cooper.dll

cooper.dll

Dtr.dll

Dtr.dll

Gear9x.dll

Gear9x.dll

oem_sp.dat

oem_sp.dat

activate.dat

activate.dat

zzcsw8.dat

zzcsw8.dat

tjsh.dll

tjsh.dll

jszx.dll

jszx.dll

SSCL.DLL

SSCL.DLL

SSCL.dll

SSCL.dll

iswrab.dll

iswrab.dll

Cqfir.dll

Cqfir.dll

wVVV.dll

wVVV.dll

abcdefgh.dll

abcdefgh.dll

jedy8.dll

jedy8.dll

PORTTALK.SYS

PORTTALK.SYS

PORTTALK.dll

PORTTALK.dll

PORTTALK.vxd

PORTTALK.vxd

js.ucu

js.ucu

51JX.DLL

51JX.DLL

SPEED.DLL

SPEED.DLL

BABOUT.DLL

BABOUT.DLL

BEXCEPTION.DLL

BEXCEPTION.DLL

MYDLL.DLL

MYDLL.DLL

SPDWIN.DLL

SPDWIN.DLL

HOOB.DLL

HOOB.DLL

GEARNTKB.DLL

GEARNTKB.DLL

ABCDEFGH.DLL

ABCDEFGH.DLL

FLY2HELL.DLL

FLY2HELL.DLL

HXCX.DLL

HXCX.DLL

D3DX81AB.DLL

D3DX81AB.DLL

KPIC510.DLL

KPIC510.DLL

IJL11.DLL

IJL11.DLL

TJSH.DLL

TJSH.DLL

ZZCSW8.DAT

ZZCSW8.DAT

ACTIVATE.DAT

ACTIVATE.DAT

OEM_SP.DAT

OEM_SP.DAT

GEAR9X.DLL

GEAR9X.DLL

DTR.DLL

DTR.DLL

COOPER.DLL

COOPER.DLL

INPROC.DLL

INPROC.DLL

SPEEDEXT.DLL

SPEEDEXT.DLL

FIENDLIB1014.DLL

FIENDLIB1014.DLL

SOCKET1231.DLL

SOCKET1231.DLL

GAMEDLL.DLL

GAMEDLL.DLL

VIPSTART.DLL

VIPSTART.DLL

FIENDLIB.DLL

FIENDLIB.DLL

CSBFW.DLL

CSBFW.DLL

NTPERF.DLL

NTPERF.DLL

NTPORT.DLL

NTPORT.DLL

BYFZCQSJ.DLL

BYFZCQSJ.DLL

GSspeed.exe

GSspeed.exe

XP.exe

XP.exe

jsq.exe

jsq.exe

mir2tianji.exe

mir2tianji.exe

js1.ucu

js1.ucu

aspeeder.exe

aspeeder.exe

Hoobsdkf.dll

Hoobsdkf.dll

Gear9xsd.dll

Gear9xsd.dll

02.exe

02.exe

cqx.exe

cqx.exe

GearNT.exe

GearNT.exe

Speeder.exe

Speeder.exe

jack0520.dll

jack0520.dll

Game Cheater ArtMoney v6.08.exe

Game Cheater ArtMoney v6.08.exe

0520.exe

0520.exe

wpe.exe

wpe.exe

52wpe.exe

52wpe.exe

CHKenCap.exe

CHKenCap.exe

un_.exe

un_.exe

AnitGameMon.exe

AnitGameMon.exe

WpeSpy.dll

WpeSpy.dll

wpe pro.exe

wpe pro.exe

wpepro.exe

wpepro.exe

XXXX.DLL

XXXX.DLL

advpn.dll

advpn.dll

syxgj.dll

syxgj.dll

vmware-vmx.exe

vmware-vmx.exe

vmware.exe

vmware.exe

GameWatcher.exe

GameWatcher.exe

Gwken.dll

Gwken.dll

superbwr.dll

superbwr.dll

BL_DLL_2.dll

BL_DLL_2.dll

MIRHAOJIASU.dll

MIRHAOJIASU.dll

|kernel32.dll|3221|6|727792|747792

|kernel32.dll|3221|6|727792|747792

#|DHTObjectW|USER32.dll|2649|10|370928|390928

#|DHTObjectW|USER32.dll|2649|10|370928|390928

#|PtVisible|USER32.dll|6252|9|440560|460560

#|PtVisible|USER32.dll|6252|9|440560|460560

#|$xtZXtU0u|USER32.dll|5236|9|703728|723728

#|$xtZXtU0u|USER32.dll|5236|9|703728|723728

#|wwwwwwww|USER32.dll|3415|20|105502|125502

#|wwwwwwww|USER32.dll|3415|20|105502|125502

#|CreateWindowExA|USER32.dll|6521|15|179358|199358

#|CreateWindowExA|USER32.dll|6521|15|179358|199358

#|ADVAPI32.DLL|USER32.dll|6666|12|134409|154409

#|ADVAPI32.DLL|USER32.dll|6666|12|134409|154409

#|SetDlgItemTextA|USER32.dll|6665|15|92546|112546

#|SetDlgItemTextA|USER32.dll|6665|15|92546|112546

#|yyddy.dll|kernel32.dll|3337|9|195824|215824

#|yyddy.dll|kernel32.dll|3337|9|195824|215824

#|UnrealizeObject|kernel32.dll|3543|15|195824|215824

#|UnrealizeObject|kernel32.dll|3543|15|195824|215824

#|olepro32.dll|kernel32.dll|3329|12|155376|175376

#|olepro32.dll|kernel32.dll|3329|12|155376|175376

#|ShellExecuteA|kernel32.dll|3325|13|107760|127760

#|ShellExecuteA|kernel32.dll|3325|13|107760|127760

#|TOwnerDrawState|kernel32.dll|3434|15|911712|1111712

#|TOwnerDrawState|kernel32.dll|3434|15|911712|1111712

#|W2v7|kernel32.dll|5433|4|1595744|1795744

#|W2v7|kernel32.dll|5433|4|1595744|1795744

#|odComboBoxEdit|kernel32.dll|3457|14|2097504|2297504

#|odComboBoxEdit|kernel32.dll|3457|14|2097504|2297504

#|GetEnhMetaFileBits|kernel32.dll|3121|18|1464892|1664892

#|GetEnhMetaFileBits|kernel32.dll|3121|18|1464892|1664892

#|SysListView32|kernel32.dll|45658|13|141584|161584

#|SysListView32|kernel32.dll|45658|13|141584|161584

#|Failed|kernel32.dll|45662|6|137456|157456

#|Failed|kernel32.dll|45662|6|137456|157456

#|GetFilterState|USER32.dll|8785|14|277028|297028

#|GetFilterState|USER32.dll|8785|14|277028|297028

#|fOPTUQgh|kernel32.dll|32571|8|512230|532230

#|fOPTUQgh|kernel32.dll|32571|8|512230|532230

#|TMeasureItemEvent|USER32.dll|186228|17|1384174|1584174

#|TMeasureItemEvent|USER32.dll|186228|17|1384174|1584174

#|CWYeCgTq|USER32.dll|3235145|8|3200772|3400772

#|CWYeCgTq|USER32.dll|3235145|8|3200772|3400772

#|C4uvlwX|USER32.dll|2432524|7|2364164|2564164

#|C4uvlwX|USER32.dll|2432524|7|2364164|2564164

#|RHmismg|USER32.dll|534045|7|914420|934420

#|RHmismg|USER32.dll|534045|7|914420|934420

#|xu3Nv|USER32.dll|35428|5|1608843|1808843

#|xu3Nv|USER32.dll|35428|5|1608843|1808843

#|C:\WINDuOxS1syjemG|USER32.dll|20733|18|3091145|3291145

#|C:\WINDuOxS1syjemG|USER32.dll|20733|18|3091145|3291145

#|GetFileVersionInfoSizeA|USER32.dll|5010|23|91819|93819

#|GetFileVersionInfoSizeA|USER32.dll|5010|23|91819|93819

#|EVariantOutOfMemoryError|USER32.dll|63943|24|2097504|2297504

#|EVariantOutOfMemoryError|USER32.dll|63943|24|2097504|2297504

#|CreateStreamOnHGlobal|USER32.dll|38973|21|424170|444170

#|CreateStreamOnHGlobal|USER32.dll|38973|21|424170|444170

|kernel32.dll|4612|16|149744|169744

|kernel32.dll|4612|16|149744|169744

#|EnumProcessModules|kernel32.dll|47904|18|133360|153360

#|EnumProcessModules|kernel32.dll|47904|18|133360|153360

|USER32.dll|1128|8|196336|216336

|USER32.dll|1128|8|196336|216336

|USER32.dll|1081|6|455920|475920

|USER32.dll|1081|6|455920|475920

c|kernel32.dll|1056|4|280304|300304

c|kernel32.dll|1056|4|280304|300304

|kernel32.dll|1100|4|112368|132368

|kernel32.dll|1100|4|112368|132368

|kernel32.dll|4569|8|93311|95311

|kernel32.dll|4569|8|93311|95311

#|VQSRV|kernel32.dll|5425|5|27081|29081

#|VQSRV|kernel32.dll|5425|5|27081|29081

q|kernel32.dll|1223|4|222960|242960

q|kernel32.dll|1223|4|222960|242960

z|kernel32.dll|34215|8|751344|771344

z|kernel32.dll|34215|8|751344|771344

|kernel32.dll|7885|6|534997|554997

|kernel32.dll|7885|6|534997|554997

s|kernel32.dll|784215|4|1406816|1606816

s|kernel32.dll|784215|4|1406816|1606816

|kernel32.dll|54344|4|541434|561434

|kernel32.dll|54344|4|541434|561434

t|kernel32.dll|33446|4|1359210|1559210

t|kernel32.dll|33446|4|1359210|1559210

|kernel32.dll|7560|6|27081|29081

|kernel32.dll|7560|6|27081|29081

b|kernel32.dll|8668|4|543929|563929

b|kernel32.dll|8668|4|543929|563929

l|kernel32.dll|78669|4|277045|297045

l|kernel32.dll|78669|4|277045|297045

|kernel32.dll|8762|4|27081|29081

|kernel32.dll|8762|4|27081|29081

#|8SUV|kernel32.dll|242472|4|1103244|1303244

#|8SUV|kernel32.dll|242472|4|1103244|1303244

#|7!GD5b|USER32.dll|313763|6|624880|644880

#|7!GD5b|USER32.dll|313763|6|624880|644880

#|d05d|USER32.dll|2027|4|618224|638224

#|d05d|USER32.dll|2027|4|618224|638224

VVV.msjsq.cn

VVV.msjsq.cn

WWW.CSKYWG.CN

WWW.CSKYWG.CN

64382059

64382059

VVV.hackwl

VVV.hackwl

91006100

91006100

.odY.`s

.odY.`s

1zMm Z}'%x

1zMm Z}'%x

Z"%Uh

Z"%Uh

t:c.Dq

t:c.Dq

a3%c.

a3%c.

^C.ai

^C.ai

Kw.OmO

Kw.OmO

)nI%Fz~b?

)nI%Fz~b?

%Sb%|

%Sb%|

q:%Fg

q:%Fg

.Yq6ug

.Yq6ug

j.Mv\

j.Mv\

ûWa^JFbDr

ûWa^JFbDr

y4.Aa

y4.Aa

bZ"*%UV

bZ"*%UV

j%UUWb"&

j%UUWb"&

RL.rU

RL.rU

*.qy!

*.qy!

2&'*%Uh

2&'*%Uh

I=OC#.ME

I=OC#.ME

SeXEa

SeXEa

F%*.*f

F%*.*f

CNotSupportedException

CNotSupportedException

commctrl_DragListMsg

commctrl_DragListMsg

Afx:%x:%x:%x:%x:%x

Afx:%x:%x:%x:%x:%x

Afx:%x:%x

Afx:%x:%x

COMCTL32.DLL

COMCTL32.DLL

CCmdTarget

CCmdTarget

?#%X.y

?#%X.y

GetProcessWindowStation

GetProcessWindowStation

operator

operator

RASAPI32.dll

RASAPI32.dll

WinExec

WinExec

GetCPInfo

GetCPInfo

GetKeyState

GetKeyState

GetKeyboardType

GetKeyboardType

GetViewportOrgEx

GetViewportOrgEx

GDI32.dll

GDI32.dll

WINSPOOL.DRV

WINSPOOL.DRV

RegOpenKeyExA

RegOpenKeyExA

RegDeleteKeyA

RegDeleteKeyA

ShellExecuteA

ShellExecuteA

SHELL32.dll

SHELL32.dll

COMCTL32.dll

COMCTL32.dll

InternetCrackUrlA

InternetCrackUrlA

InternetCanonicalizeUrlA

InternetCanonicalizeUrlA

WININET.dll

WININET.dll

CreateDialogIndirectParamA

CreateDialogIndirectParamA

UnhookWindowsHookEx

UnhookWindowsHookEx

SetViewportOrgEx

SetViewportOrgEx

OffsetViewportOrgEx

OffsetViewportOrgEx

SetViewportExtEx

SetViewportExtEx

ScaleViewportExtEx

ScaleViewportExtEx

GetViewportExtEx

GetViewportExtEx

comdlg32.dll

comdlg32.dll

.PAVCException@@

.PAVCException@@

.PAVCNotSupportedException@@

.PAVCNotSupportedException@@

.PAVCFileException@@

.PAVCFileException@@

(*.prn)|*.prn|

(*.prn)|*.prn|

(*.*)|*.*||

(*.*)|*.*||

Shell32.dll

Shell32.dll

Mpr.dll

Mpr.dll

Advapi32.dll

Advapi32.dll

User32.dll

User32.dll

Gdi32.dll

Gdi32.dll

(&07-034/)7 '

(&07-034/)7 '

?? / %d]

?? / %d]

%d / %d]

%d / %d]

: %d]

: %d]

(*.WAV;*.MID)|*.WAV;*.MID|WAV

(*.WAV;*.MID)|*.WAV;*.MID|WAV

(*.WAV)|*.WAV|MIDI

(*.WAV)|*.WAV|MIDI

(*.MID)|*.MID|

(*.MID)|*.MID|

(*.txt)|*.txt|

(*.txt)|*.txt|

(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG

(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG

(*.JPG)|*.JPG|BMP

(*.JPG)|*.JPG|BMP

(*.BMP)|*.BMP|GIF

(*.BMP)|*.BMP|GIF

(*.GIF)|*.GIF|

(*.GIF)|*.GIF|

(*.ICO)|*.ICO|

(*.ICO)|*.ICO|

(*.CUR)|*.CUR|

(*.CUR)|*.CUR|

%s:%d

%s:%d

windows

windows

out.prn

out.prn

%d.%d

%d.%d

%d / %d

%d / %d

%d/%d

%d/%d

Bogus message code %d

Bogus message code %d

(%d-%d):

(%d-%d):

%ld%c

%ld%c

1.1.3

1.1.3

;3 #>6.&

;3 #>6.&

'2, / 0&7!4-)1#

'2, / 0&7!4-)1#

[%s:%d]

[%s:%d]

Range: bytes=%s-

Range: bytes=%s-

[%s:%d]

[%s:%d]

PASS %s

PASS %s

PASS ******

PASS ******

USER %s

USER %s

E:\dev\e\static_link\static_libs\source\downlib\mystrlib.cpp

E:\dev\e\static_link\static_libs\source\downlib\mystrlib.cpp

SIZE %s

SIZE %s

PORT

PORT

User-Agent: %s

User-Agent: %s

Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)

Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)

Referer: %s

Referer: %s

Host: %s

Host: %s

GET %s HTTP/1.1

GET %s HTTP/1.1

HTTP/1.0

HTTP/1.0

Cookie: %s

Cookie: %s

%d, %s

%d, %s

\\192.168.0.129\TCP\1037

\\192.168.0.129\TCP\1037

NSPlayer/9.0.0.2980; {%s}; Host: %s

NSPlayer/9.0.0.2980; {%s}; Host: %s

rmff_fix_header: assuming data.size=%i

rmff_fix_header: assuming data.size=%i

rmff_fix_header: assuming data.num_packets=%i

rmff_fix_header: assuming data.num_packets=%i

rmff_fix_header: assuming prop.num_packets=%i

rmff_fix_header: assuming prop.num_packets=%i

rmff_fix_header: setting prop.data_offset from %i to %i

rmff_fix_header: setting prop.data_offset from %i to %i

rmff_fix_header: correcting prop.num_streams from %i to %i

rmff_fix_header: correcting prop.num_streams from %i to %i

rmff_fix_header: correcting prop.size from %i to %i

rmff_fix_header: correcting prop.size from %i to %i

%s %s %s

%s %s %s

Session: %s

Session: %s

Cseq: %u

Cseq: %u

%*s %s

%*s %s

%*s %u

%*s %u

CSeq: %u

CSeq: %u

rtsp://%s:%i

rtsp://%s:%i

rtsp://%s:%i/%s

rtsp://%s:%i/%s

ClientID: Linux_2.4_6.0.9.1235_play32_RN01_EN_586

ClientID: Linux_2.4_6.0.9.1235_play32_RN01_EN_586

GUID: 00000000-0000-0000-0000-000000000000

GUID: 00000000-0000-0000-0000-000000000000

[%s:%d]

[%s:%d]

User-Agent: RealMedia Player Version 6.0.9.1235 (linux-2.0-libc6-i386-gcc2.95)

User-Agent: RealMedia Player Version 6.0.9.1235 (linux-2.0-libc6-i386-gcc2.95)

Range: npt=%s-

Range: npt=%s-

%s/streamid=1

%s/streamid=1

%s/streamid=0

%s/streamid=0

Transport: x-pn-tng/tcp;mode=play,rtp/avp/tcp;unicast;mode=play

Transport: x-pn-tng/tcp;mode=play,rtp/avp/tcp;unicast;mode=play

If-Match: %s

If-Match: %s

RealChallenge2: %s, sd=%s

RealChallenge2: %s, sd=%s

Title: %s

Title: %s

Copyright: %s

Copyright: %s

Author: %s

Author: %s

real: Content-length for description too big (> %uMB)!

real: Content-length for description too big (> %uMB)!

Require: com.real.retain-entity-for-setup

Require: com.real.retain-entity-for-setup

SupportsMaximumASMBandwidth: 1

SupportsMaximumASMBandwidth: 1

Bandwidth: %u

Bandwidth: %u

Challenge1: %s

Challenge1: %s

hash output: %x %x %x %x

hash output: %x %x %x %x

hash input: %x %x %x %x

hash input: %x %x %x %x

stream=%u;rule=%u,

stream=%u;rule=%u,

Illegal character '%c' in input.

Illegal character '%c' in input.

%s

%s

Reply-To: %s

Reply-To: %s

From: %s

From: %s

To: %s

To: %s

Subject: %s

Subject: %s

Date: %s

Date: %s

Cc: %s

Cc: %s

%a, %d %b %Y %H:%M:%S

%a, %d %b %Y %H:%M:%S

SMTP

SMTP

.PAVCObject@@

.PAVCObject@@

.PAVCSimpleException@@

.PAVCSimpleException@@

.PAVCMemoryException@@

.PAVCMemoryException@@

.?AVCNotSupportedException@@

.?AVCNotSupportedException@@

.PAVCResourceException@@

.PAVCResourceException@@

.PAVCUserException@@

.PAVCUserException@@

.?AVCCmdTarget@@

.?AVCCmdTarget@@

.?AVCCmdUI@@

.?AVCCmdUI@@

.?AVCTestCmdUI@@

.?AVCTestCmdUI@@

.PAVCArchiveException@@

.PAVCArchiveException@@

zcÁ

zcÁ

c:\%original file name%.exe

c:\%original file name%.exe

*.yUW

*.yUW

deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly

deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly

inflate 1.2.3 Copyright 1995-2005 Mark Adler

inflate 1.2.3 Copyright 1995-2005 Mark Adler

#include "l.chs\afxres.rc" // Standard components

#include "l.chs\afxres.rc" // Standard components

8ˆ8C8u8

8ˆ8C8u8

3%3X3m3x3

3%3X3m3x3

1 1$1(1,101

1 1$1(1,101

0,1014181

0,1014181

1/2

1/2

5%5S5\5i5{5

5%5S5\5i5{5

6 6$6(6,6064686

6 6$6(6,6064686

: :$:(:,:

: :$:(:,:

2$3@3[3|3

2$3@3[3|3

9-9B9V9a9n9w9}9

9-9B9V9a9n9w9}9

1 1'161=1_1

1 1'161=1_1

7 7$7(7,7

7 7$7(7,7

4"4*424:4

4"4*424:4

0 0$0(0,0004080

0 0$0(0,0004080

:!:%:):-:1:5:

:!:%:):-:1:5:

=#='= =}=

=#='= =}=

77c7v7

77c7v7

9 9$9(9,9094989

9 9$9(9,9094989

; ;$;(;,;4;?;

; ;$;(;,;4;?;

9.19.949.1104

9.19.949.1104

2.4.6

2.4.6

1999-2010

1999-2010

Unrar.dll

Unrar.dll

mscoree.dll

mscoree.dll

- Attempt to initialize the CRT more than once.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- CRT not initialized

- floating point support not loaded

- floating point support not loaded

WUSER32.DLL

WUSER32.DLL

(*.*)

(*.*)

1.0.0.0

1.0.0.0

Copyright (C) 2010 Www.Hookdlq.Com

Copyright (C) 2010 Www.Hookdlq.Com

Copyright (C) 2010 Www.Hookdlq.Com

Copyright (C) 2010 Www.Hookdlq.Com