Analysis Date2015-01-22 01:44:53
MD51876bbb5fe5054f35175c6dd6e12bc62
SHA10a9da5d7bd17d49df70160d1175c1365377a9866

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 64767706ff19a3640f3998c2971303e6 sha1: 2f777078fef2e6f1f5c8e17c53c9bf9aba4e4508 size: 245760
Section.rdata md5: 88ee67e84575fe6eeb908281c22b25fa sha1: b359cf460a6023a6b7739eeab19f7fff86a0a635 size: 65536
Section.data md5: c0a066d3c6e18cf19e517aba8b662e63 sha1: caed7b1cf993c35900a107b98e61f48abc82048a size: 16384
Section.rsrc md5: 8e17f59f6e6e3932faa1e2e62cc04482 sha1: 382bce5ba34907ad92eb8c370c00105e55d45d70 size: 36864
Section.text md5: 1b06de9a4a865b6e4c215325b953d238 sha1: 81fc3c8a994439ae8d141db8175c781c4fbe5eff size: 8192
Timestamp2014-09-19 10:32:31
Pdb pathg:\Company\PCProject\DongFang\Trunk\1.0.1.0910\Temp\pdb\Tool.pdb
VersionLegalCopyright: Copyright (C) 2012
InternalName: SrfTool
FileVersion: 1, 0, 1, 0
OriginalFilename: SrfTool.exe
ProductVersion: 1, 0, 1, 0
PEhash131cebf11c76fe44837a18c11eb69d4ba05c00f2
IMPhash89fd48514370202e66a181b8ecd755ad
AV360 SafeVirus.Win32.TuFik.C
AVAd-AwareWin32.Tufik.P
AVAlwil (avast)Tufik:Win32:Tufik
AVArcabit (arcavir)Win32.Tufik.P
AVAuthentiumW32/Tufik.A.gen!Eldorado
AVAvira (antivir)TR/Dldr.Genome.agor
AVBullGuardWin32.Tufik.P
AVCA (E-Trust Ino)Win32/tufik.J
AVCAT (quickheal)W32.Tufik.gen
AVClamAVTrojan.Downloader-98394
AVDr. WebTrojan.DownLoader.4268
AVEmsisoftWin32.Tufik.P
AVEset (nod32)Win32/Tufik.NAA virus
AVFortinetW32/Fujacks.BF!tr
AVFrisk (f-prot)W32/Tufik.A.gen!Eldorado
AVF-SecureWin32.Tufik.P
AVGrisoft (avg)Win32/Tufik.A
AVIkarusVirus.Win32.Tufik
AVK7Trojan-Downloader ( 00132cab1 )
AVKasperskyVirus.Win32.Pioneer.ak
AVMalwareBytesno_virus
AVMcafeeW32/Tufik
AVMicrosoft Security EssentialsVirus:Win32/Tufik.D
AVMicroWorld (escan)Win32.Tufik.P
AVRisingWin32.Tufik.p
AVSophosW32/Tufik-Fam
AVSymantecW32.Tufik.B!inf
AVTrend MicroPE_TUFIK.JK
AVVirusBlokAda (vba32)Virus.Expiro.ad

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates Mutexopen

Network Details:

DNS85773.com
Type: A
8.5.1.46

Raw Pcap

Strings
3..
..
.
.CC
0
 
.
. 
-E-
-0
-0010+-0
0
-0
0
00
...........?- 
0
0
0
0
?Uk......
]..Eu
080403a8
1, 0, 1, 0
1.0.1.0930
%1: %2
%1 contains an invalid path.=%1 could not be opened because there are too many open files.
%1 has a bad format."%1 contained an unexpected object. %1 contains an incorrect schema.
%1 was not found.
%2\CLSID
%2\DocObject
%2\Insertable
%2\protocol\StdFileEditing\server
%2\protocol\StdFileEditing\verb\0
#32768
%3,%7
%9, %8
accChild
accChildCount
accDefaultAction
accDescription
accDoDefaultAction
Access to %1 was denied..An invalid file handle was associated with %1.<%1 could not be removed because it is the current directory.6%1 could not be created because the directory is full.
accFocus
accHelp
accHelpTopic
accHitTest
accKeyboardShortcut
accLocation
accName
accNavigate
accRole
accSelect
accSelection
accState
accValue
Acombobox
AfxControlBar80su
AfxFrameOrView80su
AfxMDIFrame80su
AfxOldWndProc423
AfxOleControl80su
Afx:%p:%x
Afx:%p:%x:%p:%p:%p
AfxWnd80su
A.INI
All Files (*.*)
AllSkin
ALOC
An unknown error has occurred.$An invalid argument was encountered.
an unnamed file
@Apartment
AppInfo
ASoftware\
BEdit
Both
BRichEdit Text and Objects
Cancel
Cannot find this file.
CfgRootPath
CfgUserPath
Check
.CHM
CLSID\%1
CLSID\%1\AuxUserType\2
CLSID\%1\AuxUserType\3
CLSID\%1\DefaultExtension
CLSID\%1\DefaultIcon
CLSID\%1\DocObject
CLSID\%1\InprocHandler32
CLSID\%1\InProcServer32
CLSID\%1\Insertable
CLSID\%1\LocalServer32
CLSID\%1\MiscStatus
CLSID\%1\Printable
CLSID\%1\ProgID
CLSID\%1\Verb\0
CLSID\%1\Verb\1
@comctl32.dll
@comdlg32.dll
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
commctrl_DragListMsg
Config
Config.ini
Continue running script?
Control Panel\Desktop\ResourceLocale
Copyright (C) 2009
Copyright (C) 2012
Could not start print job.
dataengine32.dll
DBGHELP.DLL
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else..An unexpected error occurred while reading %1..An unexpected error occurred while writing %1.
Dict
Disk full while accessing %1..An attempt was made to access %1 past its end.
Dispatch exception: %1
&Edit
&Edit,0,2
Embedded Object
Embed Source
Failed to launch help.
Failed to open document.
Failed to save document.
FileName
FileNameW
FileVersion
ForceRemove
Free
Globals
                                 H
         (((((                  H
&Help
         h((((                  H
&Hide
.HLP
.ini
InstallPath
Internal application error.
InternalName
Invalid filename.
jjjjj
KERNEL32
kernel32.dll
LegalCopyright
Link Source
Link Source Descriptor
\Local
\LocalLow
Mail system DLL is invalid.!Send Mail failed to send message.
mfcm80u.dll
Mixed
msctls_progress32
MS Shell Dlg
MSWHEEL_ROLLMSG
Native
&New 
NoBackButton
NoClose
NoDrives
NoEntireNetwork
No error message is available.'An unsupported operation was attempted.$A required resource was unavailable.
No error occurred.-An unknown error occurred while accessing %1.
No error occurred.-An unknown error occurred while accessing %1./An attempt was made to write to the reading %1..An attempt was made to access %1 past its end.0An attempt was made to read from the writing %1.
NoFileMru
NoNetConnectDisconnect
NoPlacesBar
NoRecentDocsHistory
NoRemove
NoRun
ntdll.dll
(null)
Object Descriptor
ObjectLink
ole32.dll
Open
&Open,0,2
OpenCharDraw
OpenCharFace
OpenSymbolLib
OpenToolKit
OriginalFilename
Out of memory.
OwnerLink
pixels
Please enter a currency.
Please enter a date.
Please enter a GUID.
Please enter an integer.
Please enter a number.*Please enter an integer between %1 and %2.(Please enter a number between %1 and %2.(Please enter no more than %1 characters.
Please enter a time.
Please select a button.*Please enter an integer between 0 and 255. Please enter a positive integer. Please enter a date and/or time.
Please verify that the correct path and file name are given.
Plugin.dll
PreviewPages
ProductVersion
pSettings
ReBarWindow32
Related.ini
RestrictRun
Rich Text Format
\Roaming
r%s%s
r%s%s.dmp
@RunLoadDataEngine
RunMiNiByServiceAuto
@RunMiNiNewsByServiceAuto
@RunMiNiNewsBySrfAuto
@RunMiNiNewsBySrfHand
@RunMiNiShopBySrfAuto
@RunMiNiShopBySrfHand
@RunPushAppBySrfAuto
RunPushBySrf
RunPushDailyWordBySrfAuto
RunPushDailyWordBySrfHand
@RunRecommendSkinBySrfAuto
RunRecommendSkinBySrfHand
%s - 
Save As
Save changes to %1? Failed to create empty document.
%s.dll
Seek failed on %15A hardware I/O error was reported while accessing %1.0A sharing violation occurred while accessing %1.0A locking violation occurred while accessing %1.
ShanHu
ShanHuIME
ShanHuIME.users
ShanHuInfo.ini
ShanHuInput
SHConfig.exe
Shell_TrayWnd
SHLaunch.dll
SHPlugin.dll
SHPush.dll
SHTool.exe
Skin\
software
SOFTWARE\
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Network
SrfTool
SrfTool.exe
%s\%s\
%s%s\
%s (%s:%d)
%s%s\%s
@StartService
StringFileInfo
System
tDelete
The file is too large to open.
@ToolbarWindow32
Translation
#Unable to load mail system support.
#Unable to read write-only property.#Unable to write read-only property.
Uncheck
Unexpected file format.V%1
Untitled
upmb001.sgshurufa.com
upmb002.sgshurufa.com
upmb003.sgshurufa.com
upmb004.sgshurufa.com
upmb005.sgshurufa.com
upmdp001.sgshurufa.com
upmdp002.sgshurufa.com
upmdp003.sgshurufa.com
upmdp004.sgshurufa.com
upmdp005.sgshurufa.com
UseData
USER32
user32.dll
user.guangsu.cn
UseVestige.ini
VarFileInfo
VS_VERSION_INFO
WnTool
 WnTool
 WnTool(&A)...
WnTool Version 1.0
YaccParent
^(_^[]
                          
        /> 
"+^ +]
0123456789abcdef
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
090808010005Z
0A@@Ju
0SSSSS
0UUUUW
0WWWWW
140919103052Z0#
1#QNAN
1#SNAN
240808010005Z0R1
4~f9.u
5$].@M
8VVVVV
8X-t<^[
9HhStL9L$
9~Htc9~
9nht`SWj
9p t-S
9~Pu	P
9~$~!S
9^@t83
9^@Wt;3
_ 9w$u
AAf91u
AAGGf;
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
ActivateActCtx
AdjustWindowRectEx
ADVAPI32.dll
An application has made an attempt to load the C runtime library incorrectly.
</assembly>
<assemblyIdentity 
        <assemblyIdentity 
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> 
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
.?AUCThreadData@@
August
.?AUIAccessible@@
.?AUIAccessibleProxy@@
.?AUIAtlStringMgr@ATL@@
.?AUIBoundObjectSite@@
.?AUIDispatch@@
.?AUIEnumVOID@@
.?AUIMessageFilter@@
.?AUINotifyDBEvents@@
.?AUIOleClientSite@@
.?AUIOleContainer@@
.?AUIOleControlSite@@
.?AUIOleInPlaceFrame@@
.?AUIOleInPlaceSite@@
.?AUIOleInPlaceSiteEx@@
.?AUIOleInPlaceSiteWindowless@@
.?AUIOleInPlaceUIWindow@@
.?AUIOleWindow@@
.?AUIParseDisplayName@@
.?AUIPropertyNotifySink@@
.?AUIRowsetNotify@@
.?AUISequentialStream@@
.?AUIStream@@
.?AUIUnknown@@
.?AV_AFX_BASE_MODULE_STATE@@
.?AV_AFX_HTMLHELP_STATE@@
.?AVAFX_MODULE_STATE@@
.?AVAFX_MODULE_THREAD_STATE@@
.?AV_AFX_OLE_STATE@@
.?AV_AFX_THREAD_STATE@@
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
.?AVCAccessibleProxy@ATL@@
.?AVCAfxStringMgr@@
.?AVCArchiveException@@
.?AVCArchiveStream@@
.?AV?$CArray@PAUHWND__@@PAU1@@@
.?AV?$CArray@VCVariantBoolPair@@ABV1@@@
.?AVCBitmap@@
.?AVCBrush@@
.?AVCByteArray@@
.?AVCChevronOwnerDrawMenu@@
.?AVCClientDC@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCComCtlWrapper@@
.?AVCCommand@@
.?AVCCommDlgWrapper@@
.?AVCCommonDialog@@
.?AVCComObjectRootBase@ATL@@
.?AV?$CComObjectRootEx@VCComSingleThreadModel@ATL@@@ATL@@
.?AVCControlSiteFactoryMgr@@
.?AVCDataSourceControl@@
.?AVCDC@@
.?AVCDialog@@
.?AVCDllIsolationWrapperBase@@
.?AVCEnumArray@@
.?AVCEnumUnknown@@
.?AVCException@@
.?AVCFile@@
.?AVCFileException@@
.?AVCFixedStringMgr@ATL@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AVCFont@@
.?AVCFrameWnd@@
.?AVCGdiObject@@
.?AVCHandleMap@@
.?AVCImageList@@
.?AVCInvalidArgException@@
.?AV?$CList@PAUHWND__@@PAU1@@@
.?AV?$CList@PAVIControlSiteFactory@@PAV1@@@
.?AVCMainFrame@@
.?AVCMapPtrToPtr@@
.?AVCMemFile@@
.?AVCMemoryException@@
.?AVCMenu@@
.?AV?$CMFCComObject@VCAccessibleProxy@ATL@@@@
.?AVCNoTrackObject@@
.?AVCNotSupportedException@@
.?AVCNullCmd@@
.?AVCObArray@@
.?AVCObject@@
.?AVCOccManager@@
.?AVCOleBusyDialog@@
.?AVCOleControlContainer@@
.?AVCOleControlSite@@
.?AVCOleControlSiteFactory@@
.?AVCOleDialog@@
.?AVCOleDispatchException@@
.?AVCOleException@@
.?AVCOleMessageFilter@@
.?AVCOpenCharDrawCmd@@
.?AVCOpenCharFaceCmd@@
.?AVCOpenSymbolLibCmd@@
.?AVCOpenToolKitCmd@@
.?AVCPaintDC@@
.?AVCPtrArray@@
.?AVCPtrList@@
.?AVCResourceException@@
.?AVCRgn@@
.?AVCRunLoadDataEngineDllCmd@@
.?AVCRunMiNiNewsByServiceAutoCmd@@
.?AVCRunMiNiNewsBySrfAutoCmd@@
.?AVCRunMiNiNewsBySrfHandCmd@@
.?AVCRunMiNiShopBySrfAutoCmd@@
.?AVCRunMiNiShopBySrfHandCmd@@
.?AVCRunPushAppBySrfAutoCmd@@
.?AVCRunPushDailyWordBySrfAutoCmd@@
.?AVCRunPushDailyWordBySrfHandCmd@@
.?AVCRunRecommendSkinBySrfAutoCmd@@
.?AVCRunRecommendSkinBySrfHandCmd@@
.?AVCSimpleException@@
.?AV?$CSimpleStringT@_W$0A@@ATL@@
.?AVCStartServiceCmd@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.?AVCTestCmdUI@@
.?AVCToolApp@@
.?AV?$CTypedPtrArray@VCObArray@@PAVCBitmap@@@@
.?AV?$_CTypedPtrList@VCPtrList@@PAUCOleControlSiteOrWnd@@@@
.?AV?$CTypedPtrList@VCPtrList@@PAUCOleControlSiteOrWnd@@@@
.?AVCUserException@@
.?AVCWinApp@@
.?AVCWindowDC@@
.?AVCWinThread@@
.?AVCWnd@@
.?AVexception@std@@
.?AV?$IAccessibleProxyImpl@VCAccessibleProxy@ATL@@@ATL@@
.?AVIControlSiteFactory@@
.?AVlength_error@std@@
.?AVlogic_error@std@@
.?AV?$MapParameter@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PAVCCommand@@@@
.?AVout_of_range@std@@
.?AVtype_info@@
.?AVXAccessible@CWnd@@
.?AVXAccessibleServer@CWnd@@
.?AVXAmbientProps@COleControlSite@@
.?AVXBoundObjectSite@COleControlSite@@
.?AVXEnumVOID@CEnumArray@@
.?AVXEventSink@COleControlSite@@
.?AVXMessageFilter@COleMessageFilter@@
.?AVXNotifyDBEvents@COleControlSite@@
.?AVXOleClientSite@COleControlSite@@
.?AVXOleContainer@COleControlContainer@@
.?AVXOleControlSite@COleControlSite@@
.?AVXOleIPFrame@COleControlContainer@@
.?AVXOleIPSite@COleControlSite@@
.?AVXPropertyNotifySink@COleControlSite@@
.?AVXRowsetNotify@COleControlSite@@
bad allocation
bad exception
 Base Class Array'
 Base Class Descriptor at (
__based(
@@BBf;
BBFFf;
BeginDeferWindowPos
BeginPaint
BitBlt
BringWindowToTop
CallNextHookEx
CallWindowProcW
CArchiveException
CBitmap
CBrush
CByteArray
CClientDC
CCmdTarget
CControlBar
__cdecl
CDialog
CDockBar
!Certification Authority of WoSign0
CException
CFileException
CFrameWnd
CGdiObject
CharNextW
CharUpperW
CheckMenuItem
CImageList
CInvalidArgException
 Class Hierarchy Descriptor'
ClientToScreen
CloseHandle
ClosePrinter
__clrcall
CLSIDFromProgID
CLSIDFromString
CMainFrame
CMapPtrToPtr
$@CMemFile
CMemoryException
CNotSupportedException
CObArray
CObject
CoFreeUnusedLibraries
CoGetClassObject
COleBusyDialog
COleDialog
COleDispatchException
COleException
COMCTL32.dll
comdlg32.dll
CompareStringA
CompareStringW
 Complete Object Locator'
CONOUT$
ConvertDefaultLocale
CopyAcceleratorTableW
`copy constructor closure'
CopyRect
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
CoRegisterMessageFilter
CoRevokeClassObject
CorExitProcess
CoTaskMemAlloc
CoTaskMemFree
CPaintDC
CPtrArray
CPtrList
CreateActCtxW
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDialogIndirectParamW
CreateDirectoryW
CreateFileA
CreateFileW
CreateFontIndirectW
CreateILockBytesOnHGlobal
CreateMutexW
CreatePatternBrush
CreatePopupMenu
CreateRectRgnIndirect
CreateSolidBrush
CreateStdAccessibleObject
CreateToolhelp32Snapshot
CreateWindowExW
CReBar
CResourceException
- CRT not initialized
CToolBar
CUserException
CWinApp
CWindowDC
CWinThread
."CWV"
@.data
dddd, MMMM dd, yyyy
DeactivateActCtx
December
DecodePointer
`default constructor closure'
DeferWindowPos
DefWindowProcW
 delete
 delete[]
DeleteCriticalSection
DeleteDC
DeleteObject
</dependency> 
<dependency> 
    </dependentAssembly> 
    <dependentAssembly> 
</description> 
<description>
DestroyMenu
DestroyWindow
DispatchMessageW
DISPLAY
DocumentPropertiesW
DOMAIN error
DragFinish
DragQueryFileW
DrawTextExW
DrawTextW
DuplicateHandle
Dw=c:s
Dw=(_D
Dw=d:s
Dw=f:s
Dw=g:s
Dw=h:s
Dw=i:s
Dw=m:s
Dw=`:s
Dw=^:s
Dw=~:s
Dw=|:s
Dw=_:s
Dw=':s
Dw=]:s
Dw={:s
Dw=}:s
Dw=&:s
Dw=	:s
Dw=string too long
Dw=t:s
Dw=u:s
Dw=U:s
Dw=y:s
Dw=z:s
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
EnableMenuItem
EnableWindow
EncodePointer
EndDeferWindowPos
EndDialog
EndPaint
EnterCriticalSection
EnumDisplayDevicesW
EnumDisplayMonitors
EnumResourceLanguagesW
EP+EHj
EqualRect
Escape
Exception thrown in destructor
ExitProcess
ExtSelectClipRgn
ExtTextOutW
F4_]^[
@@f90u
f9580E
F@9^8~%3
@@f98u
__fastcall
FD_^][
+F(_;E
February
F(;F0u
(f@f;F
F(@@;F,v
FileTimeToLocalFileTime
FileTimeToSystemTime
FillRect
FindClose
FindFirstFileW
FindResourceW
FindWindowW
- floating point not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FormatMessageW
F(;^ r
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
FreeResource
Friday
f:\rtm\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
f:\rtm\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
g9n t_;
GAIsProcessorFeaturePresent
g:\Company\PCProject\DongFang\Trunk\1.0.1.0910\Temp\pdb\Tool.pdb
GDI32.dll
GetACP
GetActiveWindow
GetBkColor
GetCapture
GetClassInfoExW
GetClassInfoW
GetClassLongW
GetClassNameW
GetClientRect
GetClipBox
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetCursorPos
GetDesktopWindow
GetDeviceCaps
GetDlgCtrlID
GetDlgItem
GetEnvironmentStrings
GetEnvironmentStringsW
GetFileAttributesW
GetFileSize
GetFileTime
GetFileTitleW
GetFileType
GetFocus
GetForegroundWindow
GetFullPathNameW
GetKeyState
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetMapMode
GetMenu
GetMenuCheckMarkDimensions
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuState
GetMessagePos
GetMessageTime
GetMessageW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetMonitorInfoA
GetMonitorInfoW
GetNextDlgGroupItem
GetNextDlgTabItem
GetObjectW
GetOEMCP
GetParent
GetPixel
GetPrivateProfileStringW
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetPropW
GetRgnBox
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStockObject
GetStringTypeA
GetStringTypeW
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemDefaultUILanguage
GetSystemInfo
GetSystemMetrics
GetSystemTimeAsFileTime
GetTextColor
GetTextExtentPoint32W
GetThreadLocale
GetTickCount
GetTimeZoneInformation
GetTopWindow
GetUserDefaultUILanguage
GetUserObjectInformationA
GetVersion
GetVersionExA
GetViewportExtEx
GetVolumeInformationW
GetWindow
GetWindowDC
GetWindowExtEx
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomW
GlobalFlags
GlobalFree
GlobalGetAtomNameW
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalUnlock
GrayStringW
`h````
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
hhctrl.ocx
`h`hhh
HH:mm:ss
HHtjHtHHt&H
[H<m	.
HtbHt@Ht
HtjHt4H
HtMHt,H
HtmlHelpW
HtpHHt
*http://aia1.wosign.com/ca1-class2-code.cer0
http://crls1.wosign.com/ca1.crl0o
http://ocsp1.wosign.com/ca106
http://www.usertrust.com1
http://www.wosign.com/policy/0
HVtAHtXHuU
identifierBegin:abcdefghijklmnopqrstuvwxyz:identifierEnd
ImageList_Destroy
ImageList_Draw
ImageList_GetImageInfo
InflateRect
InitCommonControls
InitCommonControlsEx
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InsertMenuItemW
I$;N t
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IntersectRect
InvalidateRect
InvalidateRgn
invalid map/set<T> iterator
invalid string position
IsChild
IsDebuggerPresent
IsDialogMessageW
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
JanFebMarAprMayJunJulAugSepOctNovDec
January
j h5gA
j(j ^V
j"^SSSSS
k9~8uDj
KERNEL32
kernel32.dll
KERNEL32.dll
KERNEL32.DLL
Kuinet_ntoa
KuWs2_32
:KuWSAStartup
            language="*" 
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadAcceleratorsW
LoadBitmapW
LoadCursorW
LoadIconW
LoadLibraryA
LoadLibraryW
LoadMenuW
LoadResource
LocalAlloc
LocalFree
LocalReAlloc
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
LockFile
LockResource
@L;ppt
LresultFromObject
lstrcmpA
lstrcmpW
lstrlenA
lstrlenW
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
MapDialogRect
map/set<T> too long
MapWindowPoints
MessageBeep
MessageBoxA
MessageBoxW
MFCM80ReleaseManagedReferences
Microsoft Visual C++ Runtime Library
MiniDumpWriteDump
MM/dd/yy
ModifyMenuW
Monday
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveWindow
mscoree.dll
MulDiv
MultiByteToWideChar
            name="Microsoft.Windows.Common-Controls" 
    name="Microsoft.Windows.Tool"
 new[]
NewInstance
N<+F0+N4
NL;Apt
N,;N0r
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
NotifyWinEvent
November
<n\u"f
(null)
O 9Htu
October
OffsetRect
OffsetViewportOrgEx
ole32.dll
OLEACC.dll
OLEAUT32.dll
oledlg.dll
OleFlushClipboard
OleInitialize
OleIsCurrentClipboard
OleUIBusyW
OleUninitialize
`omni callsig'
OpenPrinterW
operator
O${xrh/tq
__pascal
PathFileExistsW
PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
.PAVCArchiveException@@
.PAVCException@@
.PAVCFileException@@
.PAVCInvalidArgException@@
.PAVCMemoryException@@
.PAVCNotSupportedException@@
.PAVCObject@@
.PAVCOleDispatchException@@
.PAVCOleException@@
.PAVCResourceException@@
.PAVCSimpleException@@
.PAVCUserException@@
PeekMessageW
PhF;t$
`placement delete closure'
`placement delete[] closure'
Please contact the application's support team for more information.
PluginSystemManager
PostMessageW
PostQuitMessage
PostThreadMessageW
PPPPPPPP
PQQQQQ
Process32FirstW
Process32NextW
            processorArchitecture="X86" 
    processorArchitecture="X86" 
Program: 
<program name unknown>
PSSSSS
PtInRect
__ptr64
PtVisible
            publicKeyToken="6595b64144ccf1df" 
- pure virtual function call
PushSystemManager
@PVh3<C
PWVWWW
QQ.exe
QQSUVW
QQSVWd
QQSVWh
QueryPerformanceCounter
RaiseException
`.rdata
ReadFile
RectVisible
Recycler
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyW
RegisterClassW
RegisterClipboardFormatW
RegisterWindowMessageW
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW
RegQueryValueW
RegSetValueExW
ReleaseActCtx
ReleaseCapture
ReleaseDC
ReleaseMutex
RemovePropW
RestoreDC
__restrict
ReuseDDElParam
RtlUnwind
runtime error 
Runtime Error!
S\_^[]
Salt Lake City1
Saturday
SaveDC
`scalar deleting destructor'
ScaleViewportExtEx
ScaleWindowExtEx
ScreenToClient
SelectObject
SendDlgItemMessageA
SendDlgItemMessageW
SendMessageW
September
ServiceManager
SetActiveWindow
SetBkColor
SetBkMode
SetCapture
SetCursor
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetFilePointer
SetFocus
SetForegroundWindow
SetHandleCount
SetLastError
SetMapMode
SetMenu
SetMenuItemBitmaps
SetPropW
SetRect
SetRectEmpty
SetStdHandle
SetTextColor
SetThreadStackGuarantee
SetUnhandledExceptionFilter
SetViewportExtEx
SetViewportOrgEx
SetWindowContextHelpId
SetWindowExtEx
SetWindowLongW
SetWindowPos
SetWindowsHookExW
SetWindowTextW
shell32
SHELL32.dll
SHGetSpecialFolderPathW
SHLWAPI.dll
ShowOwnedPopups
ShowWindow
SING error
SizeofResource
s[S;7|G;w
^SSSSS
__stdcall
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
`string'
Sunday
SunMonTueWedThuFriSat
svLugethostbyname
SVWj(3
SystemParametersInfoA
SystemParametersInfoW
t0WWWWW
t39w u&
?t79^Du2
t79E`t2
t	9APu
t-9HPu
t	9p(u
t^9(uZ
tA9wht<
t	@AA;D$
TabbedTextOutW
tb9} u
tD9(u@
TerminateProcess
.text 
@.text 
TextOutW
The USERTRUST Network1!0
+t HHt
This application has requested the Runtime to terminate it in an unusual way.
__thiscall
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
Thursday
t!hx#D
tj9~8u@j
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
tO9^,tJ
tq9xPu
tQHtEHt9Ht-Huk
tR99u2
TrackPopupMenu
TranslateAcceleratorW
TranslateMessage
t'SShl
<+t(<-t$:
Tuesday
;t$,v-
tV9_ uQ
tW9qttR
t$Wh*d@
t+WWVPV
 Type Descriptor'
`typeof'
            type="win32" 
    type="win32" 
u0j0^VP
U4SSSPQR
>:u8FV
u*9] t
uCloseHandle
uCreateFileA
uCreateFileMappingA
uCreateMutexA
uCreateThread
`udt returning'
u&f!;f;
uFindClose
uFindFirstFileA
uFindNextFileA
uGetDriveTypeA
uGetFileSize
uGetLastError
uGetLocalTime
uGetLogicalDriveStringsA
uGetTempPathA
uGlobalAlloc
uGlobalFree
uLoadLibraryA
ulstrcatA
ulstrcmpA
ulstrcpyA
ulstrlenA
uMapViewOfFile
- unable to initialize heap
- unable to open console device
__unaligned
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
UnhookWindowsHookEx
Unknown exception
UnlockFile
UnpackDDElParam
UnregisterClassA
UnregisterClassW
UpdateWindow
UQPXY]Y[
URLDownloadToFileA
Urlmon
URPQQhl:C
user32
USER32.dll
USER32.DLL
uSetEndOfFile
uSetFilePointer
ushlwapi
uSleep
uStrStrIA
@u';t$
UTN-USERFirst-Object
uUnmapViewOfFile
uWriteFile
ValidateRect
`vbase destructor'
`vbtable'
vc9^0uc
`vcall'
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
    version="1.0.0.0" 
            version="6.0.0.0" 
`vftable'
v|hh4E
VirtualAlloc
`virtual displacement map'
VirtualFree
VirtualProtect
VirtualQuery
v	N+D$
vShellExecuteA
VVVVQVVVj
_VVVVV
VVVVVj
.VVVVVSRSSj
Wednesday
WideCharToMultiByte
WINDOW
WinHelpW
WINSPOOL.DRV
WoSign CA Limited1'0%
WoSign CA Limited1*0(
WoSign Class 2 Code Signing CA
WoSign Class 2 Code Signing CA0
WriteConsoleA
WriteConsoleW
WriteFile
WritePrivateProfileStringW
WriteProcessMemory
wRtlMoveMemory
WtrHHt
WVh3<C
WWWWhd
^WWWWW
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
xppwpp
xpxxxx
Y9>t7j
yFtzm+
>=Yt/j
YYt FF
YYt SVW
YYt\VV
YYu-9D$
YYuTVWh
Zt,Ht$Ht