Analysis Date2014-06-09 22:07:03
MD539d4eb867944bb5f8196adc6c262c6e3
SHA11ef683a5fe80838dd2a4d7b2855526d78d8c09d0

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: fc73c0bac2207598f04cbeed5f985e6f sha1: a72974786e851fe2fbf7f4cc4d87b9f7cccb3f4e size: 39936
Section.rdata md5: 1c678c09d257428552d2fb304dc18f19 sha1: 2a656d3878c628c46694f821d2d5089918e78636 size: 27648
Section.data md5: 2bf73cb04063cf6db0d3e0df5830dd82 sha1: 4739c7c2da158834cce21acc05f545bfe3a21b25 size: 13312
Section.rsrc md5: df119a31c7ec97d08fe6a3543033c594 sha1: d00546437193b23802670ec488255e332777d47e size: 16384
Timestamp2014-05-30 11:26:54
VersionLegalCopyright: Copyright © 2014 Imagine Software Corporation. All rights reserved.
InternalName: Badcatch.exe
FileVersion: 12.1.995.941
CompanyName: Imagine Software
SpecialBuild: Public
Comments: heard: http://www.moneydecimal.com
ProductName: Drawsing Imagine Software ro
FileDescription: Drawsing
OriginalFilename: Badcatch.exe
PackerMicrosoft Visual C++ ?.?
PEhashada887b4d6029b44eacacb9d52d8bcb5a20e7995
IMPhash15e44afa06b8198169551c56fdde14f1
AVArcabit (arcavir)Trojan.GenericKD.1699456
AVAuthentiumW32/Trojan.BHHR-7747
AVGrisoft (avg)Error Scanning File
AVAvira (antivir)TR/Rogue.AD.96096
AVAlwil (avast)Trojan-gen
AVAlwil (avast)Win32:Trojan-gen
AVAd-AwareTrojan.GenericKD.1699456
AVBitDefenderTrojan.GenericKD.1699456
AVBullGuardTrojan.GenericKD.1699456
AVClamAVNo Virus
AVDr. WebTrojan.DownLoad3.33498
AVEmsisoftTrojan.GenericKD.1699456
AVMicroWorld (escan)Trojan.GenericKD.1699456
AVCA (E-Trust Ino)Trojan.GenericKD.1699456
AVFortinetW32/Yakes.EZKZ!tr
AVFrisk (f-prot)W32/Trojan3.INF
AVF-SecureTrojan.GenericKD.1699456
AVIkarusTrojan.Win32.Yakes
AVK7Trojan-Downloader ( 004977f41 )
AVKasperskyTrojan.Win32.Yakes.ezkz
AVMalwareBytesError Scanning File
AVMcafeeGeneric.dx!39D4EB867944
AVMicrosoft Security EssentialsTrojan:Win32/Danglo!gmb
AVNANOTrojan.Win32.Yakes.dafckw
AVEset (nod32)Win32/TrojanDownloader.Small.PSD
AVPadvishError Scanning File
AVCAT (quickheal)Trojan.Agent
AVRisingNo Virus
AV360 SafeNo Virus
AVSUPERAntiSpywareError Scanning File
AVSymantecDownloader
AVTrend MicroTROJ_UPATRE.YYLV
AVTwisterTrojan.Yakes.ezkz.gzdu
AVVirusBlokAda (vba32)No Virus
AVWindows DefenderTrojan:Win32/Danglo!gmb
AVZillya!Trojan.Yakes.Win32.20855

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\AsyncConnectHlp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNScomputermania.co.za
Winsock DNSconquerorz.com
Winsock DNScommunity.onlineautoinsurance.com
Winsock DNScollegeinmaine.com
Winsock DNScompanyhelp.com.br
Winsock DNScoffre-outils.qc.ca
Winsock DNScolonialpropertiesinc.com
Winsock DNScomstockpictures.com
Winsock DNSconqueror-realestate.com
Winsock DNSconsolvobikes.com

Network Details:

DNScoffre-outils.qc.ca
Type: A
69.49.101.57
DNScollegeinmaine.com
Type: A
74.208.182.137
DNScolonialpropertiesinc.com
Type: A
173.201.140.128
DNScommunity.onlineautoinsurance.com
Type: A
72.167.244.58
DNScompanyhelp.com.br
Type: A
82.102.17.213
DNScomputermania.co.za
Type: A
213.133.104.104
DNScomstockpictures.com
Type: A
128.121.234.237
DNSconqueror-realestate.com
Type: A
192.185.182.160
DNSconquerorz.com
Type: A
192.185.48.121
DNSconsolvobikes.com
Type: A
192.163.200.212
HTTP GEThttp://coffre-outils.qc.ca/arsgdvcs1233
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://collegeinmaine.com/dasfgfdfsd769
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://colonialpropertiesinc.com/dsfkfdsfasdf0990
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://community.onlineautoinsurance.com/eafsadsf34
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://companyhelp.com.br/fsdafdhggsdfznm34
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://computermania.co.za/etrsegd12
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://comstockpictures.com/fsdafdhggsdfznm34
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://conqueror-realestate.com/sdfgsszdfd09
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://conquerorz.com/sdfdgf09902
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://consolvobikes.com/sdwetreytr12
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Flows TCP192.168.1.1:1032 ➝ 69.49.101.57:80
Flows TCP192.168.1.1:1033 ➝ 74.208.182.137:80
Flows TCP192.168.1.1:1034 ➝ 173.201.140.128:80
Flows TCP192.168.1.1:1035 ➝ 72.167.244.58:80
Flows TCP192.168.1.1:1036 ➝ 82.102.17.213:80
Flows TCP192.168.1.1:1037 ➝ 213.133.104.104:80
Flows TCP192.168.1.1:1038 ➝ 128.121.234.237:80
Flows TCP192.168.1.1:1039 ➝ 192.185.182.160:80
Flows TCP192.168.1.1:1040 ➝ 192.185.48.121:80
Flows TCP192.168.1.1:1041 ➝ 192.163.200.212:80

Raw Pcap
0x00000000 (00000)   47455420 2f617273 67647663 73313233   GET /arsgdvcs123
0x00000010 (00016)   33204854 54502f31 2e310d0a 41636365   3 HTTP/1.1..Acce
0x00000020 (00032)   70743a20 2a2f2a0d 0a416363 6570742d   pt: */*..Accept-
0x00000030 (00048)   456e636f 64696e67 3a20677a 69702c20   Encoding: gzip, 
0x00000040 (00064)   6465666c 6174650d 0a557365 722d4167   deflate..User-Ag
0x00000050 (00080)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000060 (00096)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000070 (00112)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000080 (00128)   4e542035 2e313b20 5356313b 202e4e45   NT 5.1; SV1; .NE
0x00000090 (00144)   5420434c 5220322e 302e3530 37323729   T CLR 2.0.50727)
0x000000a0 (00160)   0d0a486f 73743a20 636f6666 72652d6f   ..Host: coffre-o
0x000000b0 (00176)   7574696c 732e7163 2e63610d 0a436f6e   utils.qc.ca..Con
0x000000c0 (00192)   6e656374 696f6e3a 204b6565 702d416c   nection: Keep-Al
0x000000d0 (00208)   6976650d 0a0d0a                       ive....

0x00000000 (00000)   47455420 2f646173 66676664 66736437   GET /dasfgfdfsd7
0x00000010 (00016)   36392048 5454502f 312e310d 0a416363   69 HTTP/1.1..Acc
0x00000020 (00032)   6570743a 202a2f2a 0d0a4163 63657074   ept: */*..Accept
0x00000030 (00048)   2d456e63 6f64696e 673a2067 7a69702c   -Encoding: gzip,
0x00000040 (00064)   20646566 6c617465 0d0a5573 65722d41    deflate..User-A
0x00000050 (00080)   67656e74 3a204d6f 7a696c6c 612f342e   gent: Mozilla/4.
0x00000060 (00096)   30202863 6f6d7061 7469626c 653b204d   0 (compatible; M
0x00000070 (00112)   53494520 362e303b 2057696e 646f7773   SIE 6.0; Windows
0x00000080 (00128)   204e5420 352e313b 20535631 3b202e4e    NT 5.1; SV1; .N
0x00000090 (00144)   45542043 4c522032 2e302e35 30373237   ET CLR 2.0.50727
0x000000a0 (00160)   290d0a48 6f73743a 20636f6c 6c656765   )..Host: college
0x000000b0 (00176)   696e6d61 696e652e 636f6d0d 0a436f6e   inmaine.com..Con
0x000000c0 (00192)   6e656374 696f6e3a 204b6565 702d416c   nection: Keep-Al
0x000000d0 (00208)   6976650d 0a0d0a                       ive....

0x00000000 (00000)   47455420 2f647366 6b666473 66617364   GET /dsfkfdsfasd
0x00000010 (00016)   66303939 30204854 54502f31 2e310d0a   f0990 HTTP/1.1..
0x00000020 (00032)   41636365 70743a20 2a2f2a0d 0a416363   Accept: */*..Acc
0x00000030 (00048)   6570742d 456e636f 64696e67 3a20677a   ept-Encoding: gz
0x00000040 (00064)   69702c20 6465666c 6174650d 0a557365   ip, deflate..Use
0x00000050 (00080)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000060 (00096)   2f342e30 2028636f 6d706174 69626c65   /4.0 (compatible
0x00000070 (00112)   3b204d53 49452036 2e303b20 57696e64   ; MSIE 6.0; Wind
0x00000080 (00128)   6f777320 4e542035 2e313b20 5356313b   ows NT 5.1; SV1;
0x00000090 (00144)   202e4e45 5420434c 5220322e 302e3530    .NET CLR 2.0.50
0x000000a0 (00160)   37323729 0d0a486f 73743a20 636f6c6f   727)..Host: colo
0x000000b0 (00176)   6e69616c 70726f70 65727469 6573696e   nialpropertiesin
0x000000c0 (00192)   632e636f 6d0d0a43 6f6e6e65 6374696f   c.com..Connectio
0x000000d0 (00208)   6e3a204b 6565702d 416c6976 650d0a0d   n: Keep-Alive...
0x000000e0 (00224)   0a                                    .

0x00000000 (00000)   47455420 2f656166 73616473 66333420   GET /eafsadsf34 
0x00000010 (00016)   48545450 2f312e31 0d0a4163 63657074   HTTP/1.1..Accept
0x00000020 (00032)   3a202a2f 2a0d0a41 63636570 742d456e   : */*..Accept-En
0x00000030 (00048)   636f6469 6e673a20 677a6970 2c206465   coding: gzip, de
0x00000040 (00064)   666c6174 650d0a55 7365722d 4167656e   flate..User-Agen
0x00000050 (00080)   743a204d 6f7a696c 6c612f34 2e302028   t: Mozilla/4.0 (
0x00000060 (00096)   636f6d70 61746962 6c653b20 4d534945   compatible; MSIE
0x00000070 (00112)   20362e30 3b205769 6e646f77 73204e54    6.0; Windows NT
0x00000080 (00128)   20352e31 3b205356 313b202e 4e455420    5.1; SV1; .NET 
0x00000090 (00144)   434c5220 322e302e 35303732 37290d0a   CLR 2.0.50727)..
0x000000a0 (00160)   486f7374 3a20636f 6d6d756e 6974792e   Host: community.
0x000000b0 (00176)   6f6e6c69 6e656175 746f696e 73757261   onlineautoinsura
0x000000c0 (00192)   6e63652e 636f6d0d 0a436f6e 6e656374   nce.com..Connect
0x000000d0 (00208)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000e0 (00224)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f667364 61666468 67677364   GET /fsdafdhggsd
0x00000010 (00016)   667a6e6d 33342048 5454502f 312e310d   fznm34 HTTP/1.1.
0x00000020 (00032)   0a416363 6570743a 202a2f2a 0d0a4163   .Accept: */*..Ac
0x00000030 (00048)   63657074 2d456e63 6f64696e 673a2067   cept-Encoding: g
0x00000040 (00064)   7a69702c 20646566 6c617465 0d0a5573   zip, deflate..Us
0x00000050 (00080)   65722d41 67656e74 3a204d6f 7a696c6c   er-Agent: Mozill
0x00000060 (00096)   612f342e 30202863 6f6d7061 7469626c   a/4.0 (compatibl
0x00000070 (00112)   653b204d 53494520 362e303b 2057696e   e; MSIE 6.0; Win
0x00000080 (00128)   646f7773 204e5420 352e313b 20535631   dows NT 5.1; SV1
0x00000090 (00144)   3b202e4e 45542043 4c522032 2e302e35   ; .NET CLR 2.0.5
0x000000a0 (00160)   30373237 290d0a48 6f73743a 20636f6d   0727)..Host: com
0x000000b0 (00176)   70616e79 68656c70 2e636f6d 2e62720d   panyhelp.com.br.
0x000000c0 (00192)   0a436f6e 6e656374 696f6e3a 204b6565   .Connection: Kee
0x000000d0 (00208)   702d416c 6976650d 0a0d0a6c 6976650d   p-Alive....live.
0x000000e0 (00224)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f657472 73656764 31322048   GET /etrsegd12 H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a4163 63657074 2d456e63    */*..Accept-Enc
0x00000030 (00048)   6f64696e 673a2067 7a69702c 20646566   oding: gzip, def
0x00000040 (00064)   6c617465 0d0a5573 65722d41 67656e74   late..User-Agent
0x00000050 (00080)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000060 (00096)   6f6d7061 7469626c 653b204d 53494520   ompatible; MSIE 
0x00000070 (00112)   362e303b 2057696e 646f7773 204e5420   6.0; Windows NT 
0x00000080 (00128)   352e313b 20535631 3b202e4e 45542043   5.1; SV1; .NET C
0x00000090 (00144)   4c522032 2e302e35 30373237 290d0a48   LR 2.0.50727)..H
0x000000a0 (00160)   6f73743a 20636f6d 70757465 726d616e   ost: computerman
0x000000b0 (00176)   69612e63 6f2e7a61 0d0a436f 6e6e6563   ia.co.za..Connec
0x000000c0 (00192)   74696f6e 3a204b65 65702d41 6c697665   tion: Keep-Alive
0x000000d0 (00208)   0d0a0d0a 6976650d 0a0d0a6c 6976650d   ....ive....live.
0x000000e0 (00224)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f667364 61666468 67677364   GET /fsdafdhggsd
0x00000010 (00016)   667a6e6d 33342048 5454502f 312e310d   fznm34 HTTP/1.1.
0x00000020 (00032)   0a416363 6570743a 202a2f2a 0d0a4163   .Accept: */*..Ac
0x00000030 (00048)   63657074 2d456e63 6f64696e 673a2067   cept-Encoding: g
0x00000040 (00064)   7a69702c 20646566 6c617465 0d0a5573   zip, deflate..Us
0x00000050 (00080)   65722d41 67656e74 3a204d6f 7a696c6c   er-Agent: Mozill
0x00000060 (00096)   612f342e 30202863 6f6d7061 7469626c   a/4.0 (compatibl
0x00000070 (00112)   653b204d 53494520 362e303b 2057696e   e; MSIE 6.0; Win
0x00000080 (00128)   646f7773 204e5420 352e313b 20535631   dows NT 5.1; SV1
0x00000090 (00144)   3b202e4e 45542043 4c522032 2e302e35   ; .NET CLR 2.0.5
0x000000a0 (00160)   30373237 290d0a48 6f73743a 20636f6d   0727)..Host: com
0x000000b0 (00176)   73746f63 6b706963 74757265 732e636f   stockpictures.co
0x000000c0 (00192)   6d0d0a43 6f6e6e65 6374696f 6e3a204b   m..Connection: K
0x000000d0 (00208)   6565702d 416c6976 650d0a0d 0a76650d   eep-Alive....ve.
0x000000e0 (00224)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f736466 6773737a 64666430   GET /sdfgsszdfd0
0x00000010 (00016)   39204854 54502f31 2e310d0a 41636365   9 HTTP/1.1..Acce
0x00000020 (00032)   70743a20 2a2f2a0d 0a416363 6570742d   pt: */*..Accept-
0x00000030 (00048)   456e636f 64696e67 3a20677a 69702c20   Encoding: gzip, 
0x00000040 (00064)   6465666c 6174650d 0a557365 722d4167   deflate..User-Ag
0x00000050 (00080)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000060 (00096)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000070 (00112)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000080 (00128)   4e542035 2e313b20 5356313b 202e4e45   NT 5.1; SV1; .NE
0x00000090 (00144)   5420434c 5220322e 302e3530 37323729   T CLR 2.0.50727)
0x000000a0 (00160)   0d0a486f 73743a20 636f6e71 7565726f   ..Host: conquero
0x000000b0 (00176)   722d7265 616c6573 74617465 2e636f6d   r-realestate.com
0x000000c0 (00192)   0d0a436f 6e6e6563 74696f6e 3a204b65   ..Connection: Ke
0x000000d0 (00208)   65702d41 6c697665 0d0a0d0a 0a76650d   ep-Alive.....ve.
0x000000e0 (00224)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f736466 64676630 39393032   GET /sdfdgf09902
0x00000010 (00016)   20485454 502f312e 310d0a41 63636570    HTTP/1.1..Accep
0x00000020 (00032)   743a202a 2f2a0d0a 41636365 70742d45   t: */*..Accept-E
0x00000030 (00048)   6e636f64 696e673a 20677a69 702c2064   ncoding: gzip, d
0x00000040 (00064)   65666c61 74650d0a 55736572 2d416765   eflate..User-Age
0x00000050 (00080)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000060 (00096)   28636f6d 70617469 626c653b 204d5349   (compatible; MSI
0x00000070 (00112)   4520362e 303b2057 696e646f 7773204e   E 6.0; Windows N
0x00000080 (00128)   5420352e 313b2053 56313b20 2e4e4554   T 5.1; SV1; .NET
0x00000090 (00144)   20434c52 20322e30 2e353037 3237290d    CLR 2.0.50727).
0x000000a0 (00160)   0a486f73 743a2063 6f6e7175 65726f72   .Host: conqueror
0x000000b0 (00176)   7a2e636f 6d0d0a43 6f6e6e65 6374696f   z.com..Connectio
0x000000c0 (00192)   6e3a204b 6565702d 416c6976 650d0a0d   n: Keep-Alive...
0x000000d0 (00208)   0a702d41 6c697665 0d0a0d0a 0a76650d   .p-Alive.....ve.
0x000000e0 (00224)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f736477 65747265 79747231   GET /sdwetreytr1
0x00000010 (00016)   32204854 54502f31 2e310d0a 41636365   2 HTTP/1.1..Acce
0x00000020 (00032)   70743a20 2a2f2a0d 0a416363 6570742d   pt: */*..Accept-
0x00000030 (00048)   456e636f 64696e67 3a20677a 69702c20   Encoding: gzip, 
0x00000040 (00064)   6465666c 6174650d 0a557365 722d4167   deflate..User-Ag
0x00000050 (00080)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000060 (00096)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000070 (00112)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000080 (00128)   4e542035 2e313b20 5356313b 202e4e45   NT 5.1; SV1; .NE
0x00000090 (00144)   5420434c 5220322e 302e3530 37323729   T CLR 2.0.50727)
0x000000a0 (00160)   0d0a486f 73743a20 636f6e73 6f6c766f   ..Host: consolvo
0x000000b0 (00176)   62696b65 732e636f 6d0d0a43 6f6e6e65   bikes.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a697665 0d0a0d0a 0a76650d   e....ive.....ve.
0x000000e0 (00224)   0a0d0a                                ...


Strings
CC
.
 
H
040904E4
12.1.995.941
 2014 Imagine Software Corporation. All rights reserved.
Badcatch.exe
Comments
CompanyName
Copyright 
Drawsing
Drawsing Imagine Software ro
FileDescription
FileVersion
                                 H
         (((((                  H
heard: http://www.moneydecimal.com
         h((((                  H
Imagine Software
InternalName
jjjjj
kernel32
LegalCopyright
OriginalFilename
ProductName
Public
shouthad protect gentle
SpecialBuild
StringFileInfo
tie silver ten past
Translation
VarFileInfo
VS_VERSION_INFO
                          
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0A@@Ju
0SSSSS
0WWWWW
3pf+GGV
4~f9.u
9t$<v+V
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
acmDriverAddW
acmDriverClose
acmDriverDetailsW
acmDriverEnum
acmDriverID
acmDriverMessage
acmDriverOpen
acmDriverPriority
acmDriverRemove
acmFilterChooseW
acmFilterDetailsW
acmFilterTagDetailsW
acmFilterTagEnumW
acmFormatChooseW
acmFormatDetailsW
acmFormatEnumW
acmFormatSuggest
acmFormatTagDetailsW
acmFormatTagEnumW
acmStreamMessage
acmStreamOpen
acmStreamPrepareHeader
acmStreamReset
acmStreamSize
acmStreamUnprepareHeader
An application has made an attempt to load the C runtime library incorrectly.
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
.?AVexception@std@@
.?AVlength_error@std@@
.?AVlogic_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
bad allocation
bad exception
 Base Class Array'
 Base Class Descriptor at (
__based(
BBFFf;
__cdecl
 Class Hierarchy Descriptor'
__clrcall
 Complete Object Locator'
`copy constructor closure'
CorExitProcess
- CRT not initialized
@.data
dddd, MMMM dd, yyyy
December
DecodePointer
`default constructor closure'
 delete
 delete[]
DeleteCriticalSection
D$Lv&V
DOMAIN error
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
EncodePointer
EnterCriticalSection
ExitProcess
@@f98u
__fastcall
February
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FreeEnvironmentStringsA
FreeEnvironmentStringsW
Friday
F;t$Pr
F;t$<r
GetACP
GetActiveWindow
GetCommandLineA
GetCommandLineW
GetCPInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceW
GetDriveTypeW
GetEnvironmentStrings
GetEnvironmentStringsW
GetFileTime
GetFileType
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemTimeAsFileTime
GetTickCount
GetUserObjectInformationA
GetVersionExA
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HH:mm:ss
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
invalid string position
IsDebuggerPresent
IsValidCodePage
JanFebMarAprMayJunJulAugSepOctNovDec
January
j@j ^V
kernel32.dll
KERNEL32.dll
KERNEL32.DLL
LCMapStringA
LCMapStringW
LeaveCriticalSection
lniMilTt
LoadLibraryA
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
MessageBoxA
Microsoft Visual C++ Runtime Library
.mixcrt
MM/dd/yy
Monday
MoveFileExW
MSACM32.dll
mscoree.dll
MtAF>Zx
MultiByteToWideChar
 Name="ProductVers" Valu
 new[]
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
October
`omni callsig'
operator
__pascal
`placement delete closure'
`placement delete[] closure'
Please contact the application's support team for more information.
PN |x 
PPPPPPPP
Program: 
<program name unknown>
__ptr64
- pure virtual function call
QQSVWd
QQSVWh
QueryPerformanceCounter
RaiseException
`.rdata
__restrict
RtlUnwind
runtime error 
Runtime Error!
Saturday
`scalar deleting destructor'
September
SetHandleCount
SetLastError
SetSystemTimeAdjustment
SetUnhandledExceptionFilter
SING error
s[S;7|G;w
__stdcall
`string'
string too long
Sunday
SunMonTueWedThuFriSat
t^9(uZ
tD9(u@
TerminateProcess
This application has requested the Runtime to terminate it in an unusual way.
__thiscall
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
Thursday
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
tR99u2
Tuesday
;t$,v-
t+WWVPV
 Type Descriptor'
`typeof'
`udt returning'
- unable to initialize heap
- unable to open console device
__unaligned
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
Unknown exception
UQPXY]Y[
URPQQh
USER32.DLL
`vbase destructor'
`vbtable'
`vcall'
vector<bool> too long
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
vector<T> too long
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
`vftable'
VirtualAlloc
`virtual displacement map'
VirtualFree
VirtualProtect
v	N+D$
Wednesday
WideCharToMultiByte
WriteFile
WS2_32.dll
WSAWaitForMultipleEvents
'(xv;^q
>=Yt/j
YYu-9D$
YYuTVWh