Skip to main content

Gen.Variant.Symmi.45193_1cced3bedb


Gen:Variant.Symmi.45193 (B) (Emsisoft), Gen:Variant.Symmi.45193 (AdAware), Trojan.Win32.BHO.FD, GenericEmailWorm.YR (Lavasoft MAS)Behaviour: Trojan, Worm, EmailWorm

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

MD5: 1cced3bedb67aa3f0c25c29b3ee548cc

SHA1: ff4be4534e7aebb781c8321442fc77e15311aaab

SHA256: ae70cdc9ff5eed54795b884da3de4de70a2343ffd67e0e26a9f97b8fc6f57b78

SSDeep: 49152:YnVvmL/kK/vnuX0iky0a9sNJrDuiJbfBk9O2:Ye/9ik95GUBu

Size: 1748277 bytes

File type: EXE

Platform: WIN32

Entropy: Not Packed

PEID: MicrosoftVisualCv71EXE, MicrosoftVisualCv70, UPolyXv05_v6

Company: no certificate found

Created at: 2007-03-19 09:14:11

Analyzed on: WindowsXP SP3 32-bit

Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Dynamic Analysis

Payload

Behaviour Description
EmailWormWorm can send e-mails.


Process activity

The Trojan creates the following process(es):No processes have been created.The Trojan injects its code into the following process(es):

%original file name%.exe:464

Mutexes

The following mutexes were created/opened:No objects were found.

File activity

The process %original file name%.exe:464 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\crossdomain[1].xml (1472 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\crossdomain[1].xml (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{3550C75F-CFFD-4222-B875-0B0B1FE28513}\_extra\wheeeee.swf (69236 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\crossdomain[1].xml (0 bytes)

Registry activity

The process %original file name%.exe:464 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\BRiGHTSTAR\Untitled\V1.0\Settings]
"Options" = "31 00 00 00 46 00 6F 00 73 00 74 00 65 00 72 00"

"crc" = "20 4B 34 C2 47 31 15 25 0C E6 C1 E0 35 C2 55 4C"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "87 BB 5C 92 94 2B 99 85 F7 8A 6D 62 05 FB 30 03"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

Dropped PE files

There are no dropped PE files.

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

Removals

Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.

Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
  2. Delete the original Trojan file.
  3. Delete or disinfect the following files created/modified by the Trojan:

    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\crossdomain[1].xml (1472 bytes)
    %Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\crossdomain[1].xml (11 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\{3550C75F-CFFD-4222-B875-0B0B1FE28513}\_extra\wheeeee.swf (69236 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)

  4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  5. Reboot the computer.
*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Static Analysis

VersionInfo

Company Name: BRiGHTSTAR
Product Name: HD Player
Product Version: 1.0
Legal Copyright:
Legal Trademarks:
Original Filename: Untitled.exe
Internal Name: Untitled
File Version: 1.0
File Description:
Comments:
Language: Russian (Russia)

Company Name: BRiGHTSTARProduct Name: HD Player Product Version: 1.0 Legal Copyright: Legal Trademarks: Original Filename: Untitled.exeInternal Name: UntitledFile Version: 1.0 File Description: Comments: Language: Russian (Russia)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text40967571387577604.620740c7c21bdcb0f9fbcaaff99a35fdd1ab0
.rdata7618561577741597443.844686b146131f2b9dbb4ba44d8e74bd4ce5
.data92160059268245762.881948b1015905deab19b04b0e25c3f2370fe
.rsrc9830401202881228803.55226c7e020c18441a0b29a0ebe5b7485514b
.!rdata11059201351681351680.292147ea6b83e1da96949817025ff711cabc7

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Network Activity

URLs

URL IP
hxxp://cartoonnetwork.com/crossdomain.xml
hxxp://www.cartoonnetwork.com/crossdomain.xml157.166.239.102

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /crossdomain.xml HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.cartoonnetwork.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Wed, 17 Jun 2015 08:38:03 GMT

Content-Type: application/xml

Transfer-Encoding: chunked

Connection: close

Vary: Accept-Encoding

Set-Cookie: CG=UA:07:Kharkov; path=/

Last-Modified: Tue, 22 Jul 2014 15:44:53 GMT

Cache-Control: max-age=600

Expires: Wed, 17 Jun 2015 08:40:44 GMT

X-Cache-Status: HIT

Content-Encoding: gzip

5c0..............Ms.6.....Pu..);n..c;.6.N;.\r.@.BL.4.Jv.}..(...v.(...>.`....O/y6..SJ..........._........<.F.e...I..:..u.........7..w..n..s..s.H.s./..2.I...c.c..._..~.gY.w.3...\..F...p0Z.b.w.a..93Vk...i......).=...WF<.., .|I3n ....Fy....NY....jp.r.....T\....c..I=...3..C..5#...8...2.=)......_...z..43....0...EZ>. .J.[.g..%1.Z?l..D.I...D../....I{Q..]p..8..9X..R..i2....f..8.......g....e.5.^*> a.........v..z\G.z."....r.o.U.7..5.p....A...d....M-f..CT.yR...D"^7d..clwD"V....?:.#......q(........D...%Uf....I@.'Y.(.Nu..1...c.Z...#...i...R4.....;.U...F......eL........C.|.... ......Em.a`.....z.p.[.p..u8..A."..C."T...`HA,...!p....Z....Y...F.(.Y9B..!......!.R.... .C."`....G./..!..Y.....]=..G..C[.....B....K....,8.....).'b..Px8Exr{....Qd.B....b*..p..<q~...'!.!...1.........m......<K.q0..y..b%m.H.p.Det../]..D$...x..-.0..].. ..6...O@..m...#.. ..{)j.h...<..'....*.\..9...V...[Z....,.aw..M.h..&....)..j,,.-.Dj........:)a..e.....A\.L.Y...8..=...E.T i3.C.%.O...me..Z......|.2..nh.<.4.......K..A../ ..t..d..h]...`......... .........E....<...l..j.\.3..........O...,.i..............T?rVZa.V......B.......)q\...u ...PAE.C..3. T[n......n......C..).....$W.N.B[...Q...*z.A.@6 ..f........U.>...3p=.....n...m...S..>...S.|.j.v......>.,....$....)K.h(..f...#......\........vE..<n..G.[U\7..........^.4..ln^. ......q7..%.V..dD"J....S.....%.m..D...dk..H$.p.....U......K.L.#.F...2R..Yb!{"...$y..2N`Zsx..Gx.P ..1Z..s.(.....(..2.. `.....2.......4...%5 .?./"..1o.....qz...v....N..:.#W.'.n....<... 1...:. y......0..

<<< skipped >>>

Map

The Trojan connects to the servers at the folowing location(s):

Strings from Dumps

%original file name%.exe_464:

.text

.text

.rdata

.rdata

.data

.data

.rsrc

.rsrc

u2SSShY

u2SSShY

1SSShY

1SSShY

uDPW

uDPW

SSSSSh

SSSSSh

.PWuF

.PWuF

YYu.VW

YYu.VW

%uWVW

%uWVW

}`uk9U@t%9U(ua9U@t

}`uk9U@t%9U(ua9U@t

.QPWR

.QPWR

.tgPV

.tgPV

FTPjK

FTPjK

FtPj;

FtPj;

C.PjRVj

C.PjRVj

u.VV3

u.VV3

.SSSSSSh|

.SSSSSSh|

HHCTRL.OCX

HHCTRL.OCX

\\.\REGMON

\\.\REGMON

\\.\REGVXD

\\.\REGVXD

1.1.3

1.1.3

SWFKit.BK

SWFKit.BK

kernel32.dll

kernel32.dll

shlwapi.dll

shlwapi.dll

comctl32.dll

comctl32.dll

------%s will be expired on d-d-d------

------%s will be expired on d-d-d------

------%s will be expired after %d days after installed!------

------%s will be expired after %d days after installed!------

f%d_%s

f%d_%s

function f%d_%s() { return _call('%s', arguments);}

function f%d_%s() { return _call('%s', arguments);}

comdlg32.dll

comdlg32.dll

urlmon.dll

urlmon.dll

user32.dll

user32.dll

%sX%d.cab

%sX%d.cab

"%s" /Q /S

"%s" /Q /S

%sX%d.tmp

%sX%d.tmp

Failed to initialize the WIndows Socket!

Failed to initialize the WIndows Socket!

%d%% Free

%d%% Free

Physical memory available to Windows:

Physical memory available to Windows:

%d KB

%d KB

0xX

0xX

SCRNSAVE.EXE

SCRNSAVE.EXE

SYSTEM.INI

SYSTEM.INI

hXXp://VVV.swfbuddy.com

hXXp://VVV.swfbuddy.com

TOPURL

TOPURL

.main

.main

%s\DefaultIcon

%s\DefaultIcon

%s\shell\open\%s

%s\shell\open\%s

windowShape

windowShape

$EKHOTKEY

$EKHOTKEY

$KPDISABLEWINDOWKEYS

$KPDISABLEWINDOWKEYS

hotKey

hotKey

exitKeys

exitKeys

keyPress

keyPress

expiryMsg

expiryMsg

windowSize

windowSize

cmdItems

cmdItems

cmdLine

cmdLine

join

join

%s.%s

%s.%s

%s.%d

%s.%d

msgBox

msgBox

winio.sys

winio.sys

\\.\PhysicalDrive%d

\\.\PhysicalDrive%d

\\.\Scsi%d:

\\.\Scsi%d:

FtpGetFileSize

FtpGetFileSize

FtpRenameFileA

FtpRenameFileA

FtpDeleteFileA

FtpDeleteFileA

FtpRemoveDirectoryA

FtpRemoveDirectoryA

FtpCreateDirectoryA

FtpCreateDirectoryA

FtpSetCurrentDirectoryA

FtpSetCurrentDirectoryA

FtpGetCurrentDirectoryA

FtpGetCurrentDirectoryA

FtpOpenFileA

FtpOpenFileA

FtpFindFirstFileA

FtpFindFirstFileA

wininet.dll

wininet.dll

Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)

Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)

_InetFtp_

_InetFtp_

@F_%u

@F_%u

VVV.swfkit.com

VVV.swfkit.com

onGetUrl

onGetUrl

openFtp

openFtp

getHttpFileHeader

getHttpFileHeader

getHttpFileStatus

getHttpFileStatus

getHttpFileLastModifiedTime

getHttpFileLastModifiedTime

getHttpFileSize

getHttpFileSize

getUrl

getUrl

_FFish_MCI_%d

_FFish_MCI_%d

errorMsg

errorMsg

sendCmdString

sendCmdString

OK %d %s

OK %d %s

%d %s

%d %s

UIDL %d

UIDL %d

TOP %d %d

TOP %d %d

RETR %d

RETR %d

OK %d %d

OK %d %d

%d %d

%d %d

LIST %d

LIST %d

DELE %d

DELE %d

password

password

port

port

RegKey

RegKey

key not found

key not found

deleteKey

deleteKey

getSubkeyNames

getSubkeyNames

\StringFileInfo\X\SpecialBuild

\StringFileInfo\X\SpecialBuild

\StringFileInfo\X\productVersion

\StringFileInfo\X\productVersion

\StringFileInfo\X\ProductName

\StringFileInfo\X\ProductName

\StringFileInfo\X\PrivateBuild

\StringFileInfo\X\PrivateBuild

\StringFileInfo\X\OriginalFilename

\StringFileInfo\X\OriginalFilename

\StringFileInfo\X\LegalTrademarks

\StringFileInfo\X\LegalTrademarks

\StringFileInfo\X\LegalCopyright

\StringFileInfo\X\LegalCopyright

\StringFileInfo\X\InternalName

\StringFileInfo\X\InternalName

\StringFileInfo\X\FileVersion

\StringFileInfo\X\FileVersion

\StringFileInfo\X\FileDescription

\StringFileInfo\X\FileDescription

\StringFileInfo\X\CompanyName

\StringFileInfo\X\CompanyName

\StringFileInfo\X\Comments

\StringFileInfo\X\Comments

Shell32.dll

Shell32.dll

software\microsoft\windows\currentversion

software\microsoft\windows\currentversion

windows

windows

findExecutable

findExecutable

windowStyle

windowStyle

URLShortcut

URLShortcut

> %d.d.d

> %d.d.d

Windows 32s

Windows 32s

Windows 95

Windows 95

Windows ME

Windows ME

Windows 98

Windows 98

Windows NT

Windows NT

Windows 2000

Windows 2000

Windows XP

Windows XP

getWindowsByName

getWindowsByName

windowState

windowState

getExeName

getExeName

processMsg

processMsg

- deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly

- deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly

HttpQueryInfoA

HttpQueryInfoA

HttpSendRequestA

HttpSendRequestA

HttpOpenRequestA

HttpOpenRequestA

InternetCrackUrlA

InternetCrackUrlA

InternetOpenUrlA

InternetOpenUrlA

InternetCanonicalizeUrlA

InternetCanonicalizeUrlA

illegal character '%s%c%c'

illegal character '%s%c%c'

illegal unicode character '%s%c%c%c%c'

illegal unicode character '%s%c%c%c%c'

unterminated %s constant

unterminated %s constant

unknown escape sequence '%c%c'

unknown escape sequence '%c%c'

ECMAScript don't allow line terminators in %s constants

ECMAScript don't allow line terminators in %s constants

syntax error: %s

syntax error: %s

invalid alias name of the imported function

invalid alias name of the imported function

inflate 1.1.3 Copyright 1995-1998 Mark Adler

inflate 1.1.3 Copyright 1995-1998 Mark Adler

dllimport

dllimport

import

import

export

export

?456789:;

?456789:;

!"#$%&'()* ,-./0123

!"#$%&'()* ,-./0123

attachment %d

attachment %d

====_SWFKIT_MAIL_PART_%X.%X.%X_====

====_SWFKIT_MAIL_PART_%X.%X.%X_====

Content-Transfer-Encoding: %s

Content-Transfer-Encoding: %s

Content-Type: %s; charset="%s"

Content-Type: %s; charset="%s"

Content-Type: %s; name="%s"

Content-Type: %s; name="%s"

Content-Disposition: attachment; filename="%s"

Content-Disposition: attachment; filename="%s"

Content-ID:

Content-ID:

--%s--

--%s--

boundary="%s"

boundary="%s"

X-Priority: %d

X-Priority: %d

X-Mailer: SWFKit.FFish

X-Mailer: SWFKit.FFish

Date: %s

Date: %s

Subject: =?%s?B?

Subject: =?%s?B?

Bcc: %s

Bcc: %s

Cc: %s

Cc: %s

Reply-To: %s

Reply-To: %s

To: %s

To: %s

From: %s

From: %s

boundary="%s";

boundary="%s";

login

login

AUTH PLAIN %s

AUTH PLAIN %s

AUTH LOGIN

AUTH LOGIN

%s %s

%s %s

MAIL FROM:

MAIL FROM:

HELO %s

HELO %s

EHLO %s

EHLO %s

can't connect to the smtp server

can't connect to the smtp server

PASS %s

PASS %s

USER %s

USER %s

@F_%d

@F_%d

Reply from %d.%d.%d.%d: bytes=%d time=%dms TTL=%d

Reply from %d.%d.%d.%d: bytes=%d time=%dms TTL=%d

Unkown host %s

Unkown host %s

ICMP.DLL

ICMP.DLL

Reply from %s: bytes=%d time=%dms TTL=%d icmp_seq=%u

Reply from %s: bytes=%d time=%dms TTL=%d icmp_seq=%u

Pinging %s [%s]: with %d bytes of data:

Pinging %s [%s]: with %d bytes of data:

.yMax

.yMax

.xMax

.xMax

.yMin

.yMin

.xMin

.xMin

inetmib1.dll

inetmib1.dll

SYSTEM\CurrentControlSet\Services\VxD\MSTCP

SYSTEM\CurrentControlSet\Services\VxD\MSTCP

SYSTEM\CurrentControlSet\Services\Tcpip\parameters

SYSTEM\CurrentControlSet\Services\Tcpip\parameters

SYSTEM\CurrentControlSet\Services\Tcpip\parameters\Transient

SYSTEM\CurrentControlSet\Services\Tcpip\parameters\Transient

Runtime error: %s

Runtime error: %s

Warning: unknown method "%s"

Warning: unknown method "%s"

Warning: invalid index for operator []

Warning: invalid index for operator []

hook break %d

hook break %d

Warning: can't set property "%s" with a wrong type

Warning: can't set property "%s" with a wrong type

Warning: using undefined property "%s"

Warning: using undefined property "%s"

Warning: using undefined variable "%s"

Warning: using undefined variable "%s"

CNotSupportedException

CNotSupportedException

COMCTL32.DLL

COMCTL32.DLL

Afx:%p:%x:%p:%p:%p

Afx:%p:%x:%p:%p:%p

Afx:%p:%x

Afx:%p:%x

hhctrl.ocx

hhctrl.ocx

commctrl_DragListMsg

commctrl_DragListMsg

CCmdTarget

CCmdTarget

CHotKeyCtrl

CHotKeyCtrl

msctls_hotkey32

msctls_hotkey32

{X-X-X-XX-XXXXXX}

{X-X-X-XX-XXXXXX}

MSWHEEL_ROLLMSG

MSWHEEL_ROLLMSG

File%d

File%d

ntdll.dll

ntdll.dll

Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32

Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32

Software\Microsoft\Windows\CurrentVersion\Policies\Network

Software\Microsoft\Windows\CurrentVersion\Policies\Network

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

%s.dll

%s.dll

CMDIChildWnd

CMDIChildWnd

CMDIFrameWnd

CMDIFrameWnd

oleaut32.dll

oleaut32.dll

olepro32.dll

olepro32.dll

ole32.dll

ole32.dll

mscoree.dll

mscoree.dll

?#%X.y

?#%X.y

Please contact the application's support team for more information.

Please contact the application's support team for more information.

internal state. The program cannot safely continue execution and must

internal state. The program cannot safely continue execution and must

continue execution and must now be terminated.

continue execution and must now be terminated.

portuguese-brazilian

portuguese-brazilian

0123456789

0123456789

right-curly-bracket

right-curly-bracket

left-curly-bracket

left-curly-bracket

OLEAUT32.dll

OLEAUT32.dll

OLEACC.dll

OLEACC.dll

WINMM.dll

WINMM.dll

WSOCK32.dll

WSOCK32.dll

VERSION.dll

VERSION.dll

GetWindowsDirectoryA

GetWindowsDirectoryA

CreatePipe

CreatePipe

GetProcessHeaps

GetProcessHeaps

GetCPInfo

GetCPInfo

KERNEL32.dll

KERNEL32.dll

UnhookWindowsHookEx

UnhookWindowsHookEx

SetWindowsHookExA

SetWindowsHookExA

GetKeyState

GetKeyState

GetKeyNameTextA

GetKeyNameTextA

MapVirtualKeyA

MapVirtualKeyA

EnumThreadWindows

EnumThreadWindows

ExitWindowsEx

ExitWindowsEx

EnumWindows

EnumWindows

EnumChildWindows

EnumChildWindows

CreateDialogIndirectParamA

CreateDialogIndirectParamA

USER32.dll

USER32.dll

GetViewportExtEx

GetViewportExtEx

SetViewportOrgEx

SetViewportOrgEx

OffsetViewportOrgEx

OffsetViewportOrgEx

SetViewportExtEx

SetViewportExtEx

ScaleViewportExtEx

ScaleViewportExtEx

GDI32.dll

GDI32.dll

WINSPOOL.DRV

WINSPOOL.DRV

RegCloseKey

RegCloseKey

RegCreateKeyExA

RegCreateKeyExA

RegOpenKeyExA

RegOpenKeyExA

RegOpenKeyA

RegOpenKeyA

RegEnumKeyExA

RegEnumKeyExA

RegQueryInfoKeyA

RegQueryInfoKeyA

RegDeleteKeyA

RegDeleteKeyA

RegEnumKeyA

RegEnumKeyA

RegCreateKeyA

RegCreateKeyA

ADVAPI32.dll

ADVAPI32.dll

ShellExecuteA

ShellExecuteA

FindExecutableA

FindExecutableA

SHELL32.dll

SHELL32.dll

COMCTL32.dll

COMCTL32.dll

SHLWAPI.dll

SHLWAPI.dll

oledlg.dll

oledlg.dll

.PAVCFileException@@

.PAVCFileException@@

.PAVCObject@@

.PAVCObject@@

.PAVCException@@

.PAVCException@@

.PAVCTopBaseException@@

.PAVCTopBaseException@@

.PAVCZipException@@

.PAVCZipException@@

This executable file was created by an UNREGISTERED copy of SWFKit!

This executable file was created by an UNREGISTERED copy of SWFKit!

.PAVCOleException@@

.PAVCOleException@@

.PAVCSimpleException@@

.PAVCSimpleException@@

.PAVCMemoryException@@

.PAVCMemoryException@@

.PAVCNotSupportedException@@

.PAVCNotSupportedException@@

.?AVCNotSupportedException@@

.?AVCNotSupportedException@@

.?AVCCmdTarget@@

.?AVCCmdTarget@@

.?AVCCmdUI@@

.?AVCCmdUI@@

.?AVCTestCmdUI@@

.?AVCTestCmdUI@@

.PAVCUserException@@

.PAVCUserException@@

.?AVCHotKeyCtrl@@

.?AVCHotKeyCtrl@@

.PAVCArchiveException@@

.PAVCArchiveException@@

.PAVCResourceException@@

.PAVCResourceException@@

.?AVCMDIFrameWnd@@

.?AVCMDIFrameWnd@@

.?AVCMDIChildWnd@@

.?AVCMDIChildWnd@@

.PAVCOleDispatchException@@

.PAVCOleDispatchException@@

zcÁ

zcÁ

c:\documents and settings\"%CurrentUserName%"\local settings\temporary internet files

c:\documents and settings\"%CurrentUserName%"\local settings\temporary internet files

wheeeee.swf

wheeeee.swf

c:\%original file name%.exe

c:\%original file name%.exe

%S

%S

stdole2.tlbWWW

stdole2.tlbWWW

bstrMsgW

bstrMsgW

Created by MIDL version 6.00.0347 at Fri Mar 16 15:27:07 2007

Created by MIDL version 6.00.0347 at Fri Mar 16 15:27:07 2007

%d

%d

%s

%s

%s:%s. See also: %s.

%s:%s. See also: %s.

%s %s d d:d:d GMT% 04d %s%sd B.C.

%s %s d d:d:d GMT% 04d %s%sd B.C.

%s %s d d:d:d GMT% 04d %s%sd

%s %s d d:d:d GMT% 04d %s%sd

%s, d %s d d:d:d GMT B.C.

%s, d %s d d:d:d GMT B.C.

%s, d %s d d:d:d GMT

%s, d %s d d:d:d GMT

x%s.%s

x%s.%s

%s.length

%s.length

[object Inet.Ftp]

[object Inet.Ftp]

[object RegKey]

[object RegKey]

d[object URLShortcut]

d[object URLShortcut]

%s

%s

%s

%s

%s

%s

%s

%s

%s

%s

%s

%s

%s

%s

%s

%s

%s

%s

%s

%s

%s

%s

%s

%s

%s

%s

;/?:@&= $,#

;/?:@&= $,#

accKeyboardShortcut

accKeyboardShortcut

SUPPORT

SUPPORT

Key Press

Key Press

Disable Windows keys

Disable Windows keys

Exit Keys

Exit Keys

HotKey1

HotKey1

Custom Hot Key

Custom Hot Key

%s Registration

%s Registration

Please enter your name, a serial number and a registration code to register %s.

Please enter your name, a serial number and a registration code to register %s.

Enter the World Wide Web location (URL) or specify the local file you would like to open.

Enter the World Wide Web location (URL) or specify the local file you would like to open.

WEBSITE

WEBSITE

Port :

Port :

Prj.Document

Prj.Document

Invalid projector window size!Invalid projector window position5Flash (*.swf,*.spl)|*.swf;*.spl|All Files (*.*)|*.*||

Invalid projector window size!Invalid projector window position5Flash (*.swf,*.spl)|*.swf;*.spl|All Files (*.*)|*.*||

%s has expired!D%s

%s has expired!D%s

Press Register button to register %s, press OK button to exit.

Press Register button to register %s, press OK button to exit.

'This copy of program is licensed to: %s

'This copy of program is licensed to: %s

Serial Number: %s

Serial Number: %s

Replace%Select the entire document

Replace%Select the entire document

All Files (*.*)

All Files (*.*)

No error message is available.'An unsupported operation was attempted.$A required resource was unavailable.

No error message is available.'An unsupported operation was attempted.$A required resource was unavailable.

Page %u

Page %u

Pages %u-%u

Pages %u-%u

Output.prn1Printer Files (*.prn)|*.prn|All Files (*.*)|*.*||

Output.prn1Printer Files (*.prn)|*.prn|All Files (*.*)|*.*||

Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.

Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.

Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else..An unexpected error occurred while reading %1..An unexpected error occurred while writing %1.

Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else..An unexpected error occurred while reading %1..An unexpected error occurred while writing %1.

#Unable to load mail system support.

#Unable to load mail system support.

Access to %1 was denied..An invalid file handle was associated with %1.

Access to %1 was denied..An invalid file handle was associated with %1.

Seek failed on A hardware I/O error was reported while accessing %1.0A sharing violation occurred while accessing %1.0A locking violation occurred while accessing %1.

Seek failed on A hardware I/O error was reported while accessing %1.0A sharing violation occurred while accessing %1.0A locking violation occurred while accessing %1.

Disk full while accessing %1..An attempt was made to access %1 past its end.

Disk full while accessing %1..An attempt was made to access %1 past its end.

No error occurred.-An unknown error occurred while accessing %1./An attempt was made to write to the reading %1..An attempt was made to access %1 past its end.0An attempt was made to read from the writing %1.

No error occurred.-An unknown error occurred while accessing %1./An attempt was made to write to the reading %1..An attempt was made to access %1 past its end.0An attempt was made to read from the writing %1.

Untitled.exe

Untitled.exe