Trojan-Dropper.Win32.Agent.bjrmme (Kaspersky), Gen:Variant.Buzy.3914 (B) (Emsisoft), Gen:Variant.Buzy.3914 (AdAware), Trojan.Win32.FlyStudio.FD, Trojan.Win32.Swrort.3.FD, GenericEmailWorm.YR, GenericInjector.YR, TrojanFlyStudio.YR (Lavasoft MAS)Behaviour: Trojan-Dropper, Trojan, Worm, EmailWorm
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: d86dc0768e0ea415ac0ed66b37efba35
SHA1: 36ccbef104b1cfd82564240eea53aa1cbf54a532
SHA256: 106193fcc48a628bfa05131402c4b4d00d92dc1a4cf3a70d41965e040e670aa5
SSDeep: 49152:LWIgtpkC9jAvP8ZDFTOI2DrLBt6PTHLA3OG0YULrXcJ:lGptjwMDFkdt67LO/fU/sJ
Size: 2879006 bytes
File type: EXE
Platform: WIN32
Entropy: Probably Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2011-04-04 08:49:22
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan-Dropper. Trojan program, intended for stealth installation of other malware into user's system.
Dynamic Analysis
Payload
Behaviour | Description |
---|---|
EmailWorm | Worm can send e-mails. |
Process activity
The Trojan creates the following process(es):
%original file name%.exe:168
The Trojan injects its code into the following process(es):No processes have been created.
Mutexes
The following mutexes were created/opened:
RasPbFileShimCacheMutex
File activity
No files have been created.
Registry activity
The process %original file name%.exe:168 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
Dropped PE files
There are no dropped PE files.
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
%original file name%.exe:168
- Delete the original Trojan file.
Static Analysis
VersionInfo
Company Name: Copyright (C) 2010 Www.Hookdlq.Com
Product Name: JavaDlq
Product Version: 1.0.0.0
Legal Copyright: Copyright (C) 2010 Www.Hookdlq.Com ????
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 1.0.0.0
File Description: JAVA???
Comments: JAVADLQ
Language: Language Neutral
Company Name: Copyright (C) 2010 Www.Hookdlq.ComProduct Name: JavaDlqProduct Version: 1.0.0.0Legal Copyright: Copyright (C) 2010 Www.Hookdlq.Com ????Legal Trademarks: Original Filename: Internal Name: File Version: 1.0.0.0File Description: JAVA???Comments: JAVADLQLanguage: Language Neutral
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 933511 | 933888 | 4.49713 | c86bf2fd3ade530584e297a7d4970604 |
CODE | 937984 | 338768 | 338944 | 4.58127 | e3152f3849cb81408b388a18b7487c9b |
.rdata | 1277952 | 846286 | 846336 | 4.67905 | 1ca96fc041b1caa7a80ac7bd5439959b |
.data | 2125824 | 207404 | 67584 | 3.93279 | b273bd9bd001e3c529163a89878f9504 |
DATA | 2334720 | 69260 | 69632 | 5.14547 | b976e89ff5af8a037f285f69212e7ee7 |
BSS | 2404352 | 25785 | 26112 | 0 | 09117bd1c93e17d89f54fa63cc98bd31 |
.rsrc | 2433024 | 20384 | 20480 | 3.19314 | f2f172594f04d5ec0aa192fa7e9a7db9 |
.reloc | 2453504 | 105196 | 105472 | 3.44001 | 8edd7f98ec3c1d06f3a432cfbe991b07 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_168:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
t%SVh
t%SVh
t$(SSh
t$(SSh
|$D.tm
|$D.tm
~%UVW
~%UVW
u$SShe
u$SShe
kernel32.dll
kernel32.dll
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
oleaut32.dll
oleaut32.dll
EVariantBadIndexError
EVariantBadIndexError
u%CNu
u%CNu
Uh.bO
Uh.bO
MaxKeySize
MaxKeySize
Invalid key size
Invalid key size
%UUUU1E
%UUUU1E
%UUUU3
%UUUU3
5 passes)
5 passes)
1.2.3
1.2.3
DB00735E-CFFB-47E6-B060-BB0D74008B7A
DB00735E-CFFB-47E6-B060-BB0D74008B7A
94-401@163.com
94-401@163.com
advapi32.dll
advapi32.dll
psapi.dll
psapi.dll
ntdll.dll
ntdll.dll
user32.dll
user32.dll
gdi32.dll
gdi32.dll
shlwapi.dll
shlwapi.dll
VERSION.DLL
VERSION.DLL
shell32.dll
shell32.dll
KERNEL32.DLL
KERNEL32.DLL
NTDLL.DLL
NTDLL.DLL
ole32.dll
ole32.dll
atl.dll
atl.dll
urlmon.dll
urlmon.dll
unrar.dll
unrar.dll
wininet.dll
wininet.dll
Kernel32.dll
Kernel32.dll
SetWindowsHookExA
SetWindowsHookExA
GetWindowsDirectoryA
GetWindowsDirectoryA
EnumWindows
EnumWindows
RegOpenKeyA
RegOpenKeyA
RegCloseKey
RegCloseKey
URLDownloadToFileA
URLDownloadToFileA
HttpOpenRequestA
HttpOpenRequestA
HttpSendRequestA
HttpSendRequestA
HttpQueryInfoA
HttpQueryInfoA
H@debug.ini
H@debug.ini
*.wix
*.wix
\krnln.fnr
\krnln.fnr
\Data\NewDragon.wix
\Data\NewDragon.wix
\Data\NewDragon.wil
\Data\NewDragon.wil
\GQInfo.conf
\GQInfo.conf
\GQModule.dat
\GQModule.dat
\shell.fne
\shell.fne
\krnln.fne
\krnln.fne
*.Dat|*.dll|*.key|*.exe
*.Dat|*.dll|*.key|*.exe
\!Game.ini
\!Game.ini
\Data\37000.txt
\Data\37000.txt
mir1.dat
mir1.dat
*.oue
*.oue
\drivers\GamesGuard.dat
\drivers\GamesGuard.dat
\drivers\GamesGuard.dat\
\drivers\GamesGuard.dat\
\drivers\GamesGuard.dat\...\
\drivers\GamesGuard.dat\...\
\drivers\GamesGuardNet.dat
\drivers\GamesGuardNet.dat
\drivers\GamesGuardNet.dat\
\drivers\GamesGuardNet.dat\
\drivers\GamesGuardNet.dat\...\
\drivers\GamesGuardNet.dat\...\
\drivers\GamesGuardNetAAWF.dat
\drivers\GamesGuardNetAAWF.dat
\drivers\GamesGuardNetAAWF.dat\
\drivers\GamesGuardNetAAWF.dat\
\drivers\GamesGuardNetAAWF.dat\...\
\drivers\GamesGuardNetAAWF.dat\...\
Explorer.exe
Explorer.exe
\Data\npc.wil
\Data\npc.wil
.rdata
.rdata
.data
.data
.reloc
.reloc
.aspack
.aspack
.adata
.adata
0tJ.XDK
0tJ.XDK
MSVCRT.dll
MSVCRT.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
RegCreateKeyExA
RegCreateKeyExA
ADVAPI32.dll
ADVAPI32.dll
USER32.dll
USER32.dll
OLEAUT32.dll
OLEAUT32.dll
SkyGuard.dll
SkyGuard.dll
The procedure entry point %s could not be located in the dynamic link library %s
The procedure entry point %s could not be located in the dynamic link library %s
The ordinal %u could not be located in the dynamic link library %s
The ordinal %u could not be located in the dynamic link library %s
msvcrt.dll
msvcrt.dll
\Bass.dll
\Bass.dll
WINMM.dll
WINMM.dll
MSACM32.dll
MSACM32.dll
BASS_GetCPU
BASS_GetCPU
BASS_StreamCreateURL
BASS_StreamCreateURL
BASS.dll
BASS.dll
zVt.IZE;"
zVt.IZE;"
.N.pub
.N.pub
\b.rZ$
\b.rZ$
l.pW/
l.pW/
JKecRt
JKecRt
J%fpS
J%fpS
3%x'=
3%x'=
ÃŽwG
ÃŽwG
5%xUmQ
5%xUmQ
.bA>.IP
.bA>.IP
.ZTYQ
.ZTYQ
.kD85
.kD85
57%C
57%C
127.0.0.1
127.0.0.1
winmm.dll
winmm.dll
131,61,20,0,160
131,61,20,0,160
127.0.0.1
127.0.0.1
ShowInitialMsg
ShowInitialMsg
ServerPort
ServerPort
LoginNo
LoginNo
20100708
20100708
WS2_32.dll
WS2_32.dll
SHLWAPI.dll
SHLWAPI.dll
PSAPI.DLL
PSAPI.DLL
Call.dll
Call.dll
GetCPU_NT
GetCPU_NT
EndSpeedupWindows
EndSpeedupWindows
StartSpeedupWindows
StartSpeedupWindows
wsock32.dll
wsock32.dll
WS2_32.DLL
WS2_32.DLL
0,0,0,0,0
0,0,0,0,0
ws2_32.dll
ws2_32.dll
program internal error number is %d. (0x%Xh)
program internal error number is %d. (0x%Xh)
4_5
4_5
Ev9gxjswKSGNH7DaV/8J46YZuTpbFMnIc0CB5Oydfik1mze3RUloqWQrL2P XthAkey
Ev9gxjswKSGNH7DaV/8J46YZuTpbFMnIc0CB5Oydfik1mze3RUloqWQrL2P XthAkey
Software\Microsoft\Windows\ShellNoRoam\MUICache
Software\Microsoft\Windows\ShellNoRoam\MUICache
Mir.exe
Mir.exe
mirsettings.exe
mirsettings.exe
GameLogin.exe
GameLogin.exe
,0,0,0,0,0
,0,0,0,0,0
00,00,00
00,00,00
\Data\FullScreen.ini
\Data\FullScreen.ini
\Data\Hum.wil
\Data\Hum.wil
\DlqTemp.tmp
\DlqTemp.tmp
wshom.ocx
wshom.ocx
WindowStyle
WindowStyle
Hotkey
Hotkey
Http://
Http://
.rar|
.rar|
\unrar.dll
\unrar.dll
$tnue4.Qb
$tnue4.Qb
&.XBHX
&.XBHX
CryptKeyCa
CryptKeyCa
.IqY%
.IqY%
t%s2>
t%s2>
*1L.aK
*1L.aK
RH%S$
RH%S$
!]H%s
!]H%s
4AEmncs,%UnZA
4AEmncs,%UnZA
?e.SIMULATE_TLS: w
?e.SIMULATE_TLS: w
01234567
01234567
!"#$%&'1* ,-./
!"#$%&'1* ,-./
ADVAPI32.DLL
ADVAPI32.DLL
USER32.DLL
USER32.DLL
RARSetPassword
RARSetPassword
_unrar.dll
_unrar.dll
Data\Magic.wil
Data\Magic.wil
Data\Hum.wil
Data\Hum.wil
usp10.dll
usp10.dll
lpk.dll
lpk.dll
\windows\
\windows\
hXXp://
hXXp://
cA.tmp
cA.tmp
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP/1.1
HTTP/1.1
anonymous@123.com
anonymous@123.com
.exe|.rar|.zip|.gif|.jpg|.mp3|.rm
.exe|.rar|.zip|.gif|.jpg|.mp3|.rm
2007:02:08 00:21:47
2007:02:08 00:21:47
urlTEXT
urlTEXT
MsgeTEXT
MsgeTEXT
HhXXp://ns.adobe.com/xap/1.0/
HhXXp://ns.adobe.com/xap/1.0/
xmlns:xapMM='hXXp://ns.adobe.com/xap/1.0/mm/'>
xmlns:xapMM='hXXp://ns.adobe.com/xap/1.0/mm/'>
adobe:docid:photoshop:2a1d2139-b6c7-11db-acec-9e30b1af2652
adobe:docid:photoshop:2a1d2139-b6c7-11db-acec-9e30b1af2652
2007:02:08 00:22:49
2007:02:08 00:22:49
adobe:docid:photoshop:4e9d50c2-b6c7-11db-acec-9e30b1af2652
adobe:docid:photoshop:4e9d50c2-b6c7-11db-acec-9e30b1af2652
2007:02:08 00:19:48
2007:02:08 00:19:48
adobe:docid:photoshop:d8f3e0ca-b6c6-11db-acec-9e30b1af2652
adobe:docid:photoshop:d8f3e0ca-b6c6-11db-acec-9e30b1af2652
2007:02:08 00:21:01
2007:02:08 00:21:01
adobe:docid:photoshop:2a1d2130-b6c7-11db-acec-9e30b1af2652
adobe:docid:photoshop:2a1d2130-b6c7-11db-acec-9e30b1af2652
2007:02:08 00:20:05
2007:02:08 00:20:05
adobe:docid:photoshop:06fc66c3-b6c7-11db-acec-9e30b1af2652
adobe:docid:photoshop:06fc66c3-b6c7-11db-acec-9e30b1af2652
2007:02:08 00:20:38
2007:02:08 00:20:38
adobe:docid:photoshop:06fc66c7-b6c7-11db-acec-9e30b1af2652
adobe:docid:photoshop:06fc66c7-b6c7-11db-acec-9e30b1af2652
WsJ.ZS
WsJ.ZS
#.XsG
#.XsG
9'i%f
9'i%f
F..Vxb
F..Vxb
2007:02:08 00:30:39
2007:02:08 00:30:39
.IBR
.IBR
adobe:docid:photoshop:86252390-b6c8-11db-acec-9e30b1af2652
adobe:docid:photoshop:86252390-b6c8-11db-acec-9e30b1af2652
(,%DP
(,%DP
2007:02:08 00:31:10
2007:02:08 00:31:10
adobe:docid:photoshop:86252395-b6c8-11db-acec-9e30b1af2652
adobe:docid:photoshop:86252395-b6c8-11db-acec-9e30b1af2652
-S|K.HQmm
-S|K.HQmm
:1975/08/21
:1975/08/21
1976/09/28
1976/09/28
xljsq.dll
xljsq.dll
putao.dll
putao.dll
pttd.dll
pttd.dll
Inject.dll
Inject.dll
pk.dll
pk.dll
speed.dll
speed.dll
inproc.dll
inproc.dll
GearNtKe.dll
GearNtKe.dll
speederDll.dll
speederDll.dll
BYFZCQSJ.dll
BYFZCQSJ.dll
ntport.dll
ntport.dll
JSHJ.dll
JSHJ.dll
cmdok.dll
cmdok.dll
ymwj.dll
ymwj.dll
NTPerf.dll
NTPerf.dll
fiendlib.dll
fiendlib.dll
vipstart.dll
vipstart.dll
csbfw.dll
csbfw.dll
gamedll.dll
gamedll.dll
Woool.dll
Woool.dll
Hero.dll
Hero.dll
speedUp.exe
speedUp.exe
speeder.exe
speeder.exe
socket.dll
socket.dll
Soul.dll
Soul.dll
mydll.dll
mydll.dll
51jx.dll
51jx.dll
fiendlib1014.dll
fiendlib1014.dll
speedext.dll
speedext.dll
BException.dll
BException.dll
stdlib.vbs
stdlib.vbs
babout.dll
babout.dll
ZNTPORT.SYS
ZNTPORT.SYS
cooper.dll
cooper.dll
Dtr.dll
Dtr.dll
Gear9x.dll
Gear9x.dll
oem_sp.dat
oem_sp.dat
activate.dat
activate.dat
zzcsw8.dat
zzcsw8.dat
tjsh.dll
tjsh.dll
jszx.dll
jszx.dll
SSCL.DLL
SSCL.DLL
SSCL.dll
SSCL.dll
iswrab.dll
iswrab.dll
Cqfir.dll
Cqfir.dll
wVVV.dll
wVVV.dll
abcdefgh.dll
abcdefgh.dll
jedy8.dll
jedy8.dll
PORTTALK.SYS
PORTTALK.SYS
PORTTALK.dll
PORTTALK.dll
PORTTALK.vxd
PORTTALK.vxd
js.ucu
js.ucu
51JX.DLL
51JX.DLL
SPEED.DLL
SPEED.DLL
BABOUT.DLL
BABOUT.DLL
BEXCEPTION.DLL
BEXCEPTION.DLL
MYDLL.DLL
MYDLL.DLL
SPDWIN.DLL
SPDWIN.DLL
HOOB.DLL
HOOB.DLL
GEARNTKB.DLL
GEARNTKB.DLL
ABCDEFGH.DLL
ABCDEFGH.DLL
FLY2HELL.DLL
FLY2HELL.DLL
HXCX.DLL
HXCX.DLL
D3DX81AB.DLL
D3DX81AB.DLL
KPIC510.DLL
KPIC510.DLL
IJL11.DLL
IJL11.DLL
TJSH.DLL
TJSH.DLL
ZZCSW8.DAT
ZZCSW8.DAT
ACTIVATE.DAT
ACTIVATE.DAT
OEM_SP.DAT
OEM_SP.DAT
GEAR9X.DLL
GEAR9X.DLL
DTR.DLL
DTR.DLL
COOPER.DLL
COOPER.DLL
INPROC.DLL
INPROC.DLL
SPEEDEXT.DLL
SPEEDEXT.DLL
FIENDLIB1014.DLL
FIENDLIB1014.DLL
SOCKET1231.DLL
SOCKET1231.DLL
GAMEDLL.DLL
GAMEDLL.DLL
VIPSTART.DLL
VIPSTART.DLL
FIENDLIB.DLL
FIENDLIB.DLL
CSBFW.DLL
CSBFW.DLL
NTPERF.DLL
NTPERF.DLL
NTPORT.DLL
NTPORT.DLL
BYFZCQSJ.DLL
BYFZCQSJ.DLL
GSspeed.exe
GSspeed.exe
XP.exe
XP.exe
jsq.exe
jsq.exe
mir2tianji.exe
mir2tianji.exe
js1.ucu
js1.ucu
aspeeder.exe
aspeeder.exe
Hoobsdkf.dll
Hoobsdkf.dll
Gear9xsd.dll
Gear9xsd.dll
02.exe
02.exe
cqx.exe
cqx.exe
GearNT.exe
GearNT.exe
Speeder.exe
Speeder.exe
jack0520.dll
jack0520.dll
Game Cheater ArtMoney v6.08.exe
Game Cheater ArtMoney v6.08.exe
0520.exe
0520.exe
wpe.exe
wpe.exe
52wpe.exe
52wpe.exe
CHKenCap.exe
CHKenCap.exe
un_.exe
un_.exe
AnitGameMon.exe
AnitGameMon.exe
WpeSpy.dll
WpeSpy.dll
wpe pro.exe
wpe pro.exe
wpepro.exe
wpepro.exe
XXXX.DLL
XXXX.DLL
advpn.dll
advpn.dll
syxgj.dll
syxgj.dll
vmware-vmx.exe
vmware-vmx.exe
vmware.exe
vmware.exe
GameWatcher.exe
GameWatcher.exe
Gwken.dll
Gwken.dll
superbwr.dll
superbwr.dll
BL_DLL_2.dll
BL_DLL_2.dll
MIRHAOJIASU.dll
MIRHAOJIASU.dll
|kernel32.dll|3221|6|727792|747792
|kernel32.dll|3221|6|727792|747792
#|DHTObjectW|USER32.dll|2649|10|370928|390928
#|DHTObjectW|USER32.dll|2649|10|370928|390928
#|PtVisible|USER32.dll|6252|9|440560|460560
#|PtVisible|USER32.dll|6252|9|440560|460560
#|$xtZXtU0u|USER32.dll|5236|9|703728|723728
#|$xtZXtU0u|USER32.dll|5236|9|703728|723728
#|wwwwwwww|USER32.dll|3415|20|105502|125502
#|wwwwwwww|USER32.dll|3415|20|105502|125502
#|CreateWindowExA|USER32.dll|6521|15|179358|199358
#|CreateWindowExA|USER32.dll|6521|15|179358|199358
#|ADVAPI32.DLL|USER32.dll|6666|12|134409|154409
#|ADVAPI32.DLL|USER32.dll|6666|12|134409|154409
#|SetDlgItemTextA|USER32.dll|6665|15|92546|112546
#|SetDlgItemTextA|USER32.dll|6665|15|92546|112546
#|yyddy.dll|kernel32.dll|3337|9|195824|215824
#|yyddy.dll|kernel32.dll|3337|9|195824|215824
#|UnrealizeObject|kernel32.dll|3543|15|195824|215824
#|UnrealizeObject|kernel32.dll|3543|15|195824|215824
#|olepro32.dll|kernel32.dll|3329|12|155376|175376
#|olepro32.dll|kernel32.dll|3329|12|155376|175376
#|ShellExecuteA|kernel32.dll|3325|13|107760|127760
#|ShellExecuteA|kernel32.dll|3325|13|107760|127760
#|TOwnerDrawState|kernel32.dll|3434|15|911712|1111712
#|TOwnerDrawState|kernel32.dll|3434|15|911712|1111712
#|W2v7|kernel32.dll|5433|4|1595744|1795744
#|W2v7|kernel32.dll|5433|4|1595744|1795744
#|odComboBoxEdit|kernel32.dll|3457|14|2097504|2297504
#|odComboBoxEdit|kernel32.dll|3457|14|2097504|2297504
#|GetEnhMetaFileBits|kernel32.dll|3121|18|1464892|1664892
#|GetEnhMetaFileBits|kernel32.dll|3121|18|1464892|1664892
#|SysListView32|kernel32.dll|45658|13|141584|161584
#|SysListView32|kernel32.dll|45658|13|141584|161584
#|Failed|kernel32.dll|45662|6|137456|157456
#|Failed|kernel32.dll|45662|6|137456|157456
#|GetFilterState|USER32.dll|8785|14|277028|297028
#|GetFilterState|USER32.dll|8785|14|277028|297028
#|fOPTUQgh|kernel32.dll|32571|8|512230|532230
#|fOPTUQgh|kernel32.dll|32571|8|512230|532230
#|TMeasureItemEvent|USER32.dll|186228|17|1384174|1584174
#|TMeasureItemEvent|USER32.dll|186228|17|1384174|1584174
#|CWYeCgTq|USER32.dll|3235145|8|3200772|3400772
#|CWYeCgTq|USER32.dll|3235145|8|3200772|3400772
#|C4uvlwX|USER32.dll|2432524|7|2364164|2564164
#|C4uvlwX|USER32.dll|2432524|7|2364164|2564164
#|RHmismg|USER32.dll|534045|7|914420|934420
#|RHmismg|USER32.dll|534045|7|914420|934420
#|xu3Nv|USER32.dll|35428|5|1608843|1808843
#|xu3Nv|USER32.dll|35428|5|1608843|1808843
#|C:\WINDuOxS1syjemG|USER32.dll|20733|18|3091145|3291145
#|C:\WINDuOxS1syjemG|USER32.dll|20733|18|3091145|3291145
#|GetFileVersionInfoSizeA|USER32.dll|5010|23|91819|93819
#|GetFileVersionInfoSizeA|USER32.dll|5010|23|91819|93819
#|EVariantOutOfMemoryError|USER32.dll|63943|24|2097504|2297504
#|EVariantOutOfMemoryError|USER32.dll|63943|24|2097504|2297504
#|CreateStreamOnHGlobal|USER32.dll|38973|21|424170|444170
#|CreateStreamOnHGlobal|USER32.dll|38973|21|424170|444170
|kernel32.dll|4612|16|149744|169744
|kernel32.dll|4612|16|149744|169744
#|EnumProcessModules|kernel32.dll|47904|18|133360|153360
#|EnumProcessModules|kernel32.dll|47904|18|133360|153360
|USER32.dll|1128|8|196336|216336
|USER32.dll|1128|8|196336|216336
|USER32.dll|1081|6|455920|475920
|USER32.dll|1081|6|455920|475920
c|kernel32.dll|1056|4|280304|300304
c|kernel32.dll|1056|4|280304|300304
|kernel32.dll|1100|4|112368|132368
|kernel32.dll|1100|4|112368|132368
|kernel32.dll|4569|8|93311|95311
|kernel32.dll|4569|8|93311|95311
#|VQSRV|kernel32.dll|5425|5|27081|29081
#|VQSRV|kernel32.dll|5425|5|27081|29081
q|kernel32.dll|1223|4|222960|242960
q|kernel32.dll|1223|4|222960|242960
z|kernel32.dll|34215|8|751344|771344
z|kernel32.dll|34215|8|751344|771344
|kernel32.dll|7885|6|534997|554997
|kernel32.dll|7885|6|534997|554997
s|kernel32.dll|784215|4|1406816|1606816
s|kernel32.dll|784215|4|1406816|1606816
|kernel32.dll|54344|4|541434|561434
|kernel32.dll|54344|4|541434|561434
t|kernel32.dll|33446|4|1359210|1559210
t|kernel32.dll|33446|4|1359210|1559210
|kernel32.dll|7560|6|27081|29081
|kernel32.dll|7560|6|27081|29081
b|kernel32.dll|8668|4|543929|563929
b|kernel32.dll|8668|4|543929|563929
l|kernel32.dll|78669|4|277045|297045
l|kernel32.dll|78669|4|277045|297045
|kernel32.dll|8762|4|27081|29081
|kernel32.dll|8762|4|27081|29081
#|8SUV|kernel32.dll|242472|4|1103244|1303244
#|8SUV|kernel32.dll|242472|4|1103244|1303244
#|7!GD5b|USER32.dll|313763|6|624880|644880
#|7!GD5b|USER32.dll|313763|6|624880|644880
#|d05d|USER32.dll|2027|4|618224|638224
#|d05d|USER32.dll|2027|4|618224|638224
VVV.msjsq.cn
VVV.msjsq.cn
WWW.CSKYWG.CN
WWW.CSKYWG.CN
64382059
64382059
VVV.hackwl
VVV.hackwl
91006100
91006100
.odY.`s
.odY.`s
1zMm Z}'%x
1zMm Z}'%x
Z"%Uh
Z"%Uh
t:c.Dq
t:c.Dq
a3%c.
a3%c.
^C.ai
^C.ai
Kw.OmO
Kw.OmO
)nI%Fz~b?
)nI%Fz~b?
%Sb%|
%Sb%|
q:%Fg
q:%Fg
.Yq6ug
.Yq6ug
j.Mv\
j.Mv\
ûWa^JFbDr
ûWa^JFbDr
y4.Aa
y4.Aa
bZ"*%UV
bZ"*%UV
j%UUWb"&
j%UUWb"&
RL.rU
RL.rU
*.qy!
*.qy!
2&'*%Uh
2&'*%Uh
I=OC#.ME
I=OC#.ME
SeXEa
SeXEa
F%*.*f
F%*.*f
CNotSupportedException
CNotSupportedException
commctrl_DragListMsg
commctrl_DragListMsg
Afx:%x:%x:%x:%x:%x
Afx:%x:%x:%x:%x:%x
Afx:%x:%x
Afx:%x:%x
COMCTL32.DLL
COMCTL32.DLL
CCmdTarget
CCmdTarget
?#%X.y
?#%X.y
GetProcessWindowStation
GetProcessWindowStation
operator
operator
RASAPI32.dll
RASAPI32.dll
WinExec
WinExec
GetCPInfo
GetCPInfo
GetKeyState
GetKeyState
GetKeyboardType
GetKeyboardType
GetViewportOrgEx
GetViewportOrgEx
GDI32.dll
GDI32.dll
WINSPOOL.DRV
WINSPOOL.DRV
RegOpenKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteKeyA
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
COMCTL32.dll
COMCTL32.dll
InternetCrackUrlA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetCanonicalizeUrlA
WININET.dll
WININET.dll
CreateDialogIndirectParamA
CreateDialogIndirectParamA
UnhookWindowsHookEx
UnhookWindowsHookEx
SetViewportOrgEx
SetViewportOrgEx
OffsetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetViewportExtEx
ScaleViewportExtEx
ScaleViewportExtEx
GetViewportExtEx
GetViewportExtEx
comdlg32.dll
comdlg32.dll
.PAVCException@@
.PAVCException@@
.PAVCNotSupportedException@@
.PAVCNotSupportedException@@
.PAVCFileException@@
.PAVCFileException@@
(*.prn)|*.prn|
(*.prn)|*.prn|
(*.*)|*.*||
(*.*)|*.*||
Shell32.dll
Shell32.dll
Mpr.dll
Mpr.dll
Advapi32.dll
Advapi32.dll
User32.dll
User32.dll
Gdi32.dll
Gdi32.dll
(&07-034/)7 '
(&07-034/)7 '
?? / %d]
?? / %d]
%d / %d]
%d / %d]
: %d]
: %d]
(*.WAV;*.MID)|*.WAV;*.MID|WAV
(*.WAV;*.MID)|*.WAV;*.MID|WAV
(*.WAV)|*.WAV|MIDI
(*.WAV)|*.WAV|MIDI
(*.MID)|*.MID|
(*.MID)|*.MID|
(*.txt)|*.txt|
(*.txt)|*.txt|
(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
(*.JPG)|*.JPG|BMP
(*.JPG)|*.JPG|BMP
(*.BMP)|*.BMP|GIF
(*.BMP)|*.BMP|GIF
(*.GIF)|*.GIF|
(*.GIF)|*.GIF|
(*.ICO)|*.ICO|
(*.ICO)|*.ICO|
(*.CUR)|*.CUR|
(*.CUR)|*.CUR|
%s:%d
%s:%d
windows
windows
out.prn
out.prn
%d.%d
%d.%d
%d / %d
%d / %d
%d/%d
%d/%d
Bogus message code %d
Bogus message code %d
(%d-%d):
(%d-%d):
%ld%c
%ld%c
1.1.3
1.1.3
;3 #>6.&
;3 #>6.&
'2, / 0&7!4-)1#
'2, / 0&7!4-)1#
[%s:%d]
[%s:%d]
Range: bytes=%s-
Range: bytes=%s-
[%s:%d]
[%s:%d]
PASS %s
PASS %s
PASS ******
PASS ******
USER %s
USER %s
E:\dev\e\static_link\static_libs\source\downlib\mystrlib.cpp
E:\dev\e\static_link\static_libs\source\downlib\mystrlib.cpp
SIZE %s
SIZE %s
PORT
PORT
User-Agent: %s
User-Agent: %s
Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)
Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)
Referer: %s
Referer: %s
Host: %s
Host: %s
GET %s HTTP/1.1
GET %s HTTP/1.1
HTTP/1.0
HTTP/1.0
Cookie: %s
Cookie: %s
%d, %s
%d, %s
\\192.168.0.129\TCP\1037
\\192.168.0.129\TCP\1037
NSPlayer/9.0.0.2980; {%s}; Host: %s
NSPlayer/9.0.0.2980; {%s}; Host: %s
rmff_fix_header: assuming data.size=%i
rmff_fix_header: assuming data.size=%i
rmff_fix_header: assuming data.num_packets=%i
rmff_fix_header: assuming data.num_packets=%i
rmff_fix_header: assuming prop.num_packets=%i
rmff_fix_header: assuming prop.num_packets=%i
rmff_fix_header: setting prop.data_offset from %i to %i
rmff_fix_header: setting prop.data_offset from %i to %i
rmff_fix_header: correcting prop.num_streams from %i to %i
rmff_fix_header: correcting prop.num_streams from %i to %i
rmff_fix_header: correcting prop.size from %i to %i
rmff_fix_header: correcting prop.size from %i to %i
%s %s %s
%s %s %s
Session: %s
Session: %s
Cseq: %u
Cseq: %u
%*s %s
%*s %s
%*s %u
%*s %u
CSeq: %u
CSeq: %u
rtsp://%s:%i
rtsp://%s:%i
rtsp://%s:%i/%s
rtsp://%s:%i/%s
ClientID: Linux_2.4_6.0.9.1235_play32_RN01_EN_586
ClientID: Linux_2.4_6.0.9.1235_play32_RN01_EN_586
GUID: 00000000-0000-0000-0000-000000000000
GUID: 00000000-0000-0000-0000-000000000000
[%s:%d]
[%s:%d]
User-Agent: RealMedia Player Version 6.0.9.1235 (linux-2.0-libc6-i386-gcc2.95)
User-Agent: RealMedia Player Version 6.0.9.1235 (linux-2.0-libc6-i386-gcc2.95)
Range: npt=%s-
Range: npt=%s-
%s/streamid=1
%s/streamid=1
%s/streamid=0
%s/streamid=0
Transport: x-pn-tng/tcp;mode=play,rtp/avp/tcp;unicast;mode=play
Transport: x-pn-tng/tcp;mode=play,rtp/avp/tcp;unicast;mode=play
If-Match: %s
If-Match: %s
RealChallenge2: %s, sd=%s
RealChallenge2: %s, sd=%s
Title: %s
Title: %s
Copyright: %s
Copyright: %s
Author: %s
Author: %s
real: Content-length for description too big (> %uMB)!
real: Content-length for description too big (> %uMB)!
Require: com.real.retain-entity-for-setup
Require: com.real.retain-entity-for-setup
SupportsMaximumASMBandwidth: 1
SupportsMaximumASMBandwidth: 1
Bandwidth: %u
Bandwidth: %u
Challenge1: %s
Challenge1: %s
hash output: %x %x %x %x
hash output: %x %x %x %x
hash input: %x %x %x %x
hash input: %x %x %x %x
stream=%u;rule=%u,
stream=%u;rule=%u,
Illegal character '%c' in input.
Illegal character '%c' in input.
%s
%s
Reply-To: %s
Reply-To: %s
From: %s
From: %s
To: %s
To: %s
Subject: %s
Subject: %s
Date: %s
Date: %s
Cc: %s
Cc: %s
%a, %d %b %Y %H:%M:%S
%a, %d %b %Y %H:%M:%S
SMTP
SMTP
.PAVCObject@@
.PAVCObject@@
.PAVCSimpleException@@
.PAVCSimpleException@@
.PAVCMemoryException@@
.PAVCMemoryException@@
.?AVCNotSupportedException@@
.?AVCNotSupportedException@@
.PAVCResourceException@@
.PAVCResourceException@@
.PAVCUserException@@
.PAVCUserException@@
.?AVCCmdTarget@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.?AVCTestCmdUI@@
.PAVCArchiveException@@
.PAVCArchiveException@@
zcÃ
zcÃ
c:\%original file name%.exe
c:\%original file name%.exe
*.yUW
*.yUW
deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly
deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly
inflate 1.2.3 Copyright 1995-2005 Mark Adler
inflate 1.2.3 Copyright 1995-2005 Mark Adler
#include "l.chs\afxres.rc" // Standard components
#include "l.chs\afxres.rc" // Standard components
8ˆ8C8u8
8ˆ8C8u8
3%3X3m3x3
3%3X3m3x3
1 1$1(1,101
1 1$1(1,101
0,1014181
0,1014181
1/2
1/2
5%5S5\5i5{5
5%5S5\5i5{5
6 6$6(6,6064686
6 6$6(6,6064686
: :$:(:,:
: :$:(:,:
2$3@3[3|3
2$3@3[3|3
9-9B9V9a9n9w9}9
9-9B9V9a9n9w9}9
1 1'161=1_1
1 1'161=1_1
7 7$7(7,7
7 7$7(7,7
4"4*424:4
4"4*424:4
0 0$0(0,0004080
0 0$0(0,0004080
:!:%:):-:1:5:
:!:%:):-:1:5:
=#='= =}=
=#='= =}=
77c7v7
77c7v7
9 9$9(9,9094989
9 9$9(9,9094989
; ;$;(;,;4;?;
; ;$;(;,;4;?;
9.19.949.1104
9.19.949.1104
2.4.6
2.4.6
1999-2010
1999-2010
Unrar.dll
Unrar.dll
mscoree.dll
mscoree.dll
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
WUSER32.DLL
WUSER32.DLL
(*.*)
(*.*)
1.0.0.0
1.0.0.0
Copyright (C) 2010 Www.Hookdlq.Com
Copyright (C) 2010 Www.Hookdlq.Com
Copyright (C) 2010 Www.Hookdlq.Com
Copyright (C) 2010 Www.Hookdlq.Com