Analysis Date2015-01-22 01:58:13
MD500da9d4af9dc0cbb203e1986988ba4b7
SHA1160bc9fd87eb81705514d111fcc382e57812312b

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 2a6503f79dc83b4c26b38a3de52f9f75 sha1: d5b97ef308e061a3dea0ae5314c2a309dfecec62 size: 233472
Section.rdata md5: e7fa1fa82dcc0b2450c02551c69652a9 sha1: 1472dd301f7cfff5e95afc93ab0f7b4809fe02f7 size: 24576
Section.data md5: 8914630006731c7a9c3d778779880207 sha1: cca06e59e091bd0a5cc61225ed9d37dbe247d34e size: 4096
Section.rsrc md5: a715c1f59b01376992855b33cc66d490 sha1: 0e28ab2f6973de6907d13effacf6bf8e90a32d39 size: 12288
Timestamp2010-05-31 07:19:02
PackerMicrosoft Visual C++ v6.0
PEhash902ef5f3c450bb6e3b1ce5a8b38944bed4bfc3fe
IMPhashd8dc71492587745d6143cf08b4788784
AV360 SafeVirus.Win32.Banito.BV
AVAd-AwareGen:Variant.Unruy.5
AVAlwil (avast)Unruy-T [Trj]
AVArcabit (arcavir)Gen:Variant.Unruy.5
AVAuthentiumW32/Backdoor.K.gen!Eldorado
AVAvira (antivir)W32/Agent.EA
AVBullGuardGen:Variant.Unruy.5
AVCA (E-Trust Ino)Win32/Unruy.WP
AVCAT (quickheal)W32.Agent.EA
AVClamAVno_virus
AVDr. WebBackDoor.Bandito.2703
AVEmsisoftGen:Variant.Unruy.5
AVEset (nod32)Win32/Obfuscated.NEZ
AVFortinetW32/Obfuscated.NEZ!tr
AVFrisk (f-prot)W32/Backdoor.K.gen!Eldorado
AVF-SecureTrojan-Downloader:W32/FakeAlert.NV
AVGrisoft (avg)Downloader.Agent.15.BN
AVIkarusTrojan.Win32.Agent
AVK7Trojan ( 00050a041 )
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesno_virus
AVMcafeeDownloader-BZH.gen.a
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Unruy.I
AVMicroWorld (escan)Gen:Variant.Unruy.5
AVRisingBackdoor.Win32.Gpigeon2010.yt
AVSophosMal/Unruy-D
AVSymantecW32.Unruy.A
AVTrend MicroTROJ_UNRUY.SMKV
AVVirusBlokAda (vba32)BScope.Trojan.TE.01527

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint

Network Details:

DNSns.dns3-domain.com
Type: A
5.34.183.138
Flows UDP192.168.1.1:1031 ➝ 5.34.183.138:53
Flows UDP192.168.1.1:1031 ➝ 5.34.183.138:8000

Raw Pcap

Strings
B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:
B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:B:.
................. !"#$89'()*+,-../01234567
|
..
...
@
`@
.

!1Aa
#+3;CScs
Djjj
								
??1type_info@@UAE@XZ
	4uA8T
7jsj%j\js
9O$tKSV
~(9~$u
_acmdln
AddAtomA
_adjust_fdiv
A\+VFs
.?AVtype_info@@
buffer error
CompareStringA
_controlfp
CopyIcon
CreateDirectoryW
CreateFileA
CreateFileMappingA
CreateIcon
CreateThread
C,u	^]
__CxxFrameHandler
_CxxThrowException
D$0jBP
D$0jmP
D$0jsP
D$0jwP
D$0UjrjuSjpjajCUSjaUjrjCjpja
D$4_^][
D$4jcP
D$4j_P
D$4jsP
D$(8D*
D$8jDP
D$8jIP
D$8jlU
D$8jmji
D$8jrP
D$8jRP
D$8jsP
D$8jSP
D$8jWP
@.data
data error
D$DjcP
D$DjCP
D$DjDP
D$DjFP
D$djGP
D$DjgP
D$DjGP
D$djMP
D$DjOP
D$DjRP
D$djWP
 deflate 1.2.2 Copyright 1995-2004 Jean-loup Gailly 
D$HjCP
D$HjDP
D$hjEP
D$HjFjH
D$hjGP
D$HjGP
D$hjLP
D$HjPP
D$HjSP
D$(jajNUjljijFUjljujdjojMSU
D$(jAjS
D$(jbP
D$`jCP
D$<jCP
D$@jCP
D$`jEP
D$<jFP
D$`jGP
D$<jGP
D$|jGP
D$@jGP
D$\jGP
D$,jhP
D$|jIP
D$,jnP
D$@jOP
D$$jpP
D$`jPP
D$$jrjp
D$(jrP
D$@jRP
D$,jsP
D$(jsP
D$`jSP
D$,jSP
D$<jWP
D$@jWP
D$ljAP
D$ljDP
D$LjDP
D$LjEP
D$LjFP
D$ljGP
D$LjgP
D$LjGP
D$ljLP
D$LjRP
D$LjSP
__dllonexit
D$pjCP
D$PjCP
D$PjFP
D$PjGP
D$PjPP
D$PjSP
D$PjwjojdjnjijWSU
D$pjWP
DrawIconEx
D$$SUV
D$tjcP
D$TjDP
D$TjGP
D$TjTP
D$TjWP
D$(]UjNj2j3jsjsUjcjojrjPP
DVhQPj
D$xjcP
D$xjCP
D$XjCP
D$xjGP
D$XjGP
D$Xjijd
D$XjOP
D$XjRP
D$XjSP
D$XjTP
D$ XPjljaPSPjnPjnjUjo
ewh/?y
_except_handler3
F 9F$uR3
Fdf+Fh
file error
FindAtomA
FindClose
F|jija
F`jnji
F@jojl
F(jpju
F jPSjnUjrjrjujCSU
Fljija
FormatMessageA
FPjAjhSjajPjpjmUjTSU
Ftjijr
F\UjsjojljCjdjnji
Fxf9F|u
GetAtomNameA
GetCurrentDirectoryA
__getmainargs
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetWindowTextA
H*0"ZOW
header crc mismatch
HtRHtDHHt
HtyHtZHt;Ht
IiGM>nw
incompatible version
incorrect data check
incorrect header check
incorrect length check
 inflate 1.2.2 Copyright 1995-2004 Mark Adler 
_initterm
insufficient memory
invalid bit length repeat
invalid block type
invalid code lengths set
invalid distance code
invalid distances set
invalid distance too far back
invalid literal/length code
invalid literal/lengths set
invalid stored block lengths
invalid window size
iswspace
jAjCjDUSja
jajcjiSjijrjCUjvjaU
jAjgjnjojLjwjojdjnjijW
jAjnjojiSjajmjrjojfjnjIUjmjujljojV
jAjnjojiSjajrUjpjOUjlji
jAjnjojiSjpjijrjcjsUjDjrUjvjijrjDSUjG
jajnSjsjojhSU
jAjsjsUjcjojrjPUSja
jAjsUSjujbjijrSSjAUjljijF
jAjwjojdjn
jAjwjojdjnjijW
jAjxjEjyUjKjnUjpjOjg
jAjxjEUjm
jAjyjrjoSjcUjrjijDjmUSjsjyjS
jAjyjrjoSjcUjrjijDjsjwjojdjnjijW
jAjyjrjoSjcUjrjijDUSjaUjr
jAjyUjKjojfjnjIjyjrUjujQ
jASjnUjvjEjn
jASjnUjvjEUSja
jASjxUjTjwjojdjnjijW
jAUjgjajsjsUjM
jAUjgjajsjsUjMjd
jAUjgjajsjsUjMjdjaUjrjhjTS
jAUjgjajsjsUjMS
jAUjljijFSjsjrjijFjd
jAUjljijFSjxUjNjd
jAUjljijFUSja
jAUjljijFUSU
jAUjmjajNjh
jAUjmjajNjhSjajPSjrjojhjS
jAUjmjajNUjljijFUjljujdjojM
jAUjujljajVjmjujnjE
jAUjujljajVUjgUjljijv
jAUSjujcUjxjEjljl
jCjDUjljbjiSjajpjmjojCUSja
jCjDUSU
jcjojrjPjnUjp
jcjojsSU
jcjrjsjr
jdjaUjrjhjTUjdjojCSjijxjE
jdjaUjrjhjTUSja
jdjaUjrjhjTUSjajnjijm
jdjIjsjsUjcjojr
jdjIjsjsUjcjojrjPjdjaUjrjhjT
jdjijujGUSjaUjr
jDj.j2j3j_j2jS
jfSjnji
jijrjPjpjujkjojo
jijWjdjnji
j>jajrjejmjajC
j*j.j*j\js
j>jnjejejrjcjSjtjnji
jLjLjDj.j2j3
jLjLjDj.j2j3jEjL
jLjLjDj.j2j3jIjPjA
jLjLjDj.j2j3jLjEjNjRjE
jLjLjDj.j2j3jPjAjC
jLjLjDj.j2j3jR
jLjLjDj.jIjP
jLjLjDj.jMjM
jLjLjDj.jSjUjLjPjIjD
jLjLjDj.jTjRjCjV
jlSjcjojI
jmjojrjfjv
jnjoji
jnjojiSjcUjSjl
jnjojiSjcUjSjljajcjiSjijrjCjrU
jnjojiSjcUjSjljajcjiSjijrjCUSU
jnjSj2j3jpjlUjhjljojojTUSjaUjr
jnjwjojdS
jnjwjojdSjujhjSjsjujljp
jnUjkjojTjsjsUjcjojrjPjn
jojpjmjojCjpjojtjkjs
jojpjsjijDjpjijd
joSjdjnU
jpjajmSjijBUjljbjiSjajpjmjojCUSjaUjr
jpjmjbj.j}j6YQj1QjBj1j7Qj2j9j2j3jDj-XPjEjAj7jAPj4j8jfj4PjEjBjCj1PQj5jFj4j2j7jFjE
jpjmjbj.j}jAj5jCXPPj6j2j6j9Pj2j4ZRPj-YQj1j5j8j9Qj8jej7RQjFRj2j0QRjDj8j7jAPjBjF
jpjmjc
jpjujnjaUjljC
jpjuSjrjaSjS
jrjajhjCUjdjijWjojTUSjyjBjiS
jrjhjc
jrjhjcjrjr
jrjojrjrjESjsjajL
jrjojrjrjESjsjajLSUjG
jrjpjujr
jrjwjljr
jrUSjnjijojPUjljijF
jsjcjijrSUjMjmUSjsjyjS
jsj%j\js
jsj%js
jsjrUjdjojcjnjEUjgjajmjISUjGjp
jsjsUjcjojrjPSjnUjrjrjujC
jsjsUjcjojrjPUjdjojCSjijxjE
jsjsUjcjojrjPUSjajnjijm
jsjuSjaSjSjnjojiSUjljpjmjojCjdUjuUjujQ
jsjuSjaSjSjnjojiSUjljpjmjojCjdUjuUjujQS
jsSjcUjjjbjOUjljpjiSjljujMjrjojFS
jsSjijBjIjD
jsUjgUjljijvjijrjPjnUjkjojTSjsju
jsUjljujdjojMjsjsUjcjojrjPjm
jwjojdjnji
jwjojdjnjijW
jwjojdjnjijWjpjoSjkjsUjD
jwjojdjnjijWjyjojrS
jxjEjsjwjojdjnjijWS
jyjpjc
jyjTUjvjijrjDSU
jyjyj"j
jyUjKUjsjojljCjgU
KERNEL32.dll
l!;b	F
L\Hf9t\H
[-&LMb#{'
LoadLibraryA
L$\t8;
malloc
memcpy
MFC42.DLL
mj>zjZ
MSVCRT.dll
need dictionary
Npf+F\
_onexit
OpenEventA
OpenEventW
OpenMutexA
OpenThread
O[Richo
OZw3(?
__p__commode
PDSj}j2j2j5XPj6jEj9j8j1j0jAjCZRjFj-YQj4j3j0jAQj1jaPj4QPRj9RQRjBj3j9j3jBPP
__p__fmode
PhSj}j4
PTSjs_
PTSjsj%js
PTWjsj%js
_purecall
PVVVVh
Qj6QjFjCj0jEjFj1jCj1j-XPj8jFj3jBPjdj0j4j4Pj7j7j1QPjBj3Qj3jDj8jBjA
Qkkbal
`.rdata
RemoveDirectoryA
ResetEvent
S$_^]3
__set_app_type
SetConsoleTitleA
SetCurrentDirectoryA
SetFileAttributesW
SetFilePointer
SetPriorityClass
SetTimer
__setusermatherr
SetWindowLongA
SetWindowTextA
ShowCursor
SjajPjgjnjojLSU
SjcUjjjbjOSjcU
SjcUjjjbjOUjljgjnjijSjrjojFS
SjcUjjjbjOUSU
SjcUjn
SjejgjejljijvjijrjPjnjwjojdjtjujhjSjejSP
Sjejxjej.WWjmWP
Sje^VjxVWjsj%P
SjfWjijhjtjtW
Sj}j9j9j1j7j8j3XPj2Pj6j2jFj2j-_Wj6j1jCj9WPjej1j4WPj4j0jFWjDjFj0j4Pj7PjA
Sj\j:jc
SjkjajbWjsj%P
Sjljljdj.jvjnjiWjyWP
SjnjujojCjkjcjijT
SjnUjvjE
SjnUjvjEjljljijKU
SjnUjvjESU
SjnUjvjESUjSU
SjnVjp
Sjojhjsjpja
Sjojijdjujtjsj jljajujsji
Sjpjmjtj.j}j3j1j9j5jDj1j8jBj0XPjEjFjFj-YQjBj6ZRj3j9QjfRj2j4QRPjDj9QRPPPj3PPj5
Sjpjmjtj.j}j3j1j9j5jDj1j8jBj0YQjEjFjFj-XPjBj6ZRj3j9PjfRj2j4PRQjDj9PRQQQj3QQj5
Sjpjmjtj.j}jEj2j7j9jA^Vj7j2Vj4XPj8j1jFj-ZRjFj9PVRjdj8jaPRj1j5jBYQPRQQQj6VPj9jC
Sjpjmjtj.j}jEj2j7j9jAZRj7j2Rj4YQj8j1jFj-XPjFj9QRPjdj8jaQPj1j5jBQPjBjBjBj6RQj9jC
SjpjmVjtWjsj%P
SjrjaSjSjsjujljpjijd
SjrWjdjnjijbWjx
SjsjrjijFj2j3jsjsUjc
Sjtjajdj.j}jCXPj2YQj7QPQjEPj1jDj5j1Vj0j1PjAVjejdjcWVj8WjEjEVjAj9jFPWQjFjF
Sjtjajdj.j}jCXPj2YQj7QPQjEPj1jDj5j1Wj0j1PjAWjejdjcj4Wj8j4jEjEWjAj9jFPj4QjFjF
Sjtjajdj.j}jFjFj0ZRjBjBj3j4YQjCjBj6j3j5j-XPj1j8Rj9PRjcj5QPjAj8j6jCPj9Qj3jDj1QRjA
SjujbjijrSSjAUjljijFSU
SjxjojfWjrjijf
SSSSSS
SSSSSSS
SSSSSSSSS
stream end
stream error
SUjkjcjojsUjs
SUjsjr
SVhp'B
SVj0j6j3
SVjajrjijvja
SVjgjnjajwjgjnjajwjijlja
SVjgjnjijsjijr
SVjpjijzjnjijw
SVjrjajrjnjijw
SVjrjojtjcjojdjqjq
SVjrWjdjnjujhjt
SVjrWjgjnWjsjsWjmVWjvjijlj jsjwjojdjnjijw
SVjrWjrjojljpjxWj jtWjnjrWjtjnji
SVjrWjvjrWjsj jljqjsj jtjfjojsjojrjcjijm
SVjsjsWjrjpjxWj jkjojojljtjujo
SVjsjwjojdjnjijwV
SVWjcjijfjfjoj jtjfjojsjojrjcjijm
SVWjmjajgVjkjnjijljljajbjojljg
SVWVj\js
SWjxWj.jmjijijlja
;T$0sP;t$4sJ
!This program cannot be run in DOS mode.
tJHt'H
TlsAlloc
ToAscii
too many length or distance symbols
ToUnicode
toupper
ts9_ tn9_$ti
UjgjajmjIUjs
UjjjbjOSU
UjljdjnjajHUjs
UjljdjnjajHUSjajcjijl
UjljijFjd
UjljijFjmjojrjFUjgjajmjIjdjajojLjp
UjljijFjojTUjgjajmjIUjvjajSjp
UjljijFUS
Ujmjajnjk
UjmjajnjyjbSjsjojh
UjpjijPUSja
UjzjijljajiSjijn
UjzjijSjsjrUjdjojcjnjEUjgjajmjISUjGjp
UjzjijSUjljijF
unknown compression method
unknown header flags set
USER32.dll
UUUUUUU
UUUUUUUUU
VjnjojcjIj jyjajrjTj jCjNjVjnji
VjpjmWjtVP
vprintf
VWSjnjejp
V_:X1:
W(9W$u
Wjejxjej.
Wjgjejpjjj/jejgjajm
Wj}j2j9Y
Wj*j.j*j\js
Wj*j.j*j\jsj%P
Wj.j.P
Wj>jtjnjejn
WjnjejpjoP
Wjsj%j\js
Wjtjajdj.j}jFjFj0ZRjBjBj3j4YQjCjBj6j3j5j-XPj1j8Rj9PRjcj5QPjAj8j6jCPj9Qj3jDj1QRjA
Wj%Wj%P
w+OQvr
|$ WUSV
WVj\js
WVjYjAjLjPjSjI
_XcptFilter
XPjPjnPjiSUjljpjmPjCPjIUSjaUjr
XPPjDj.j2j3PPjEjH
XPSjcUjSjljajcPSPjrjCUjzPjljaPSPjn
YQj3XPj6j1jCj8j5jDj9j6jBj7WjFjFjBjAWjfj6QQWj2j8Qj9WjAPjFPPjDPj8
YSj}j4_Wj3XPj6j1jCj8j5jDj9j6jBj7j-^VjFjFjBjAVjfj6WWVj2j8Wj9VjAPjFPPjDPj8
YSj}j9j9j1j7j8j3XPj2Pj6j2jFj2j-YQj6j1jCj9QPjej1j4QPj4j0jFQjDjFj0j4Pj7PjA
YSjpjojtjkjsje
YSjsj%j\jsj%P
YSSSSS
YSSSSSS
YSSSSSSS
YUUUUU
YUUUUUU
YUUUUUUU
)\ZEo^m/